diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:46:30 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:46:30 +0000 |
commit | b5896ba9f6047e7031e2bdee0622d543e11a6734 (patch) | |
tree | fd7b460593a2fee1be579bec5697e6d887ea3421 | |
parent | Initial commit. (diff) | |
download | postfix-b5896ba9f6047e7031e2bdee0622d543e11a6734.tar.xz postfix-b5896ba9f6047e7031e2bdee0622d543e11a6734.zip |
Adding upstream version 3.4.23.upstream/3.4.23upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
2132 files changed, 533871 insertions, 0 deletions
diff --git a/.indent.pro b/.indent.pro new file mode 100644 index 0000000..1e56ee0 --- /dev/null +++ b/.indent.pro @@ -0,0 +1,418 @@ +-TABOUNCE +-TADDR_MATCH_LIST +-TADDR_PATTERN +-TALIAS_TOKEN +-TANVIL_CLNT +-TANVIL_LOCAL +-TANVIL_MAX +-TANVIL_REMOTE +-TANVIL_REQ_TABLE +-TARGV +-TASN1_INTEGER +-TASN1_OBJECT +-TATTR_CLNT +-TATTR_OVER_INT +-TATTR_OVER_STR +-TATTR_OVER_TIME +-TATTR_TABLE +-TAUTHORITY_KEYID +-TAUTO_CLNT +-TBH_TABLE +-TBINATTR +-TBINATTR_INFO +-Tbind_props +-TBINHASH +-TBINHASH_INFO +-TBIO +-TBOUNCE_INFO +-TBOUNCE_LOG +-TBOUNCE_LOG_DSN_BUF +-TBOUNCE_LOG_FORGE +-TBOUNCE_LOG_RCPT_BUF +-TBOUNCE_STAT +-TBOUNCE_STR_PARAMETER +-TBOUNCE_TEMPLATE +-TBOUNCE_TEMPLATES +-TBOUNCE_TIME_DIVISOR +-TBOUNCE_TIME_PARAMETER +-TCFG_PARSER +-TCIDR_MATCH +-Tcipher_probe_t +-TCLEANUP_REGION +-TCLEANUP_STAT_DETAIL +-TCLEANUP_STATE +-TCLIENT_LIST +-TCLNT_STREAM +-TCONFIG_BOOL_FN_TABLE +-TCONFIG_BOOL_TABLE +-TCONFIG_INT_FN_TABLE +-TCONFIG_INT_TABLE +-TCONFIG_LONG_FN_TABLE +-TCONFIG_LONG_TABLE +-TCONFIG_NBOOL_FN_TABLE +-TCONFIG_NBOOL_TABLE +-TCONFIG_NCODE_TABLE +-TCONFIG_NINT_FN_TABLE +-TCONFIG_NINT_TABLE +-TCONFIG_RAW_FN_TABLE +-TCONFIG_RAW_TABLE +-TCONFIG_STR_FN_TABLE +-TCONFIG_STR_TABLE +-TCONFIG_TIME_FN_TABLE +-TCONFIG_TIME_TABLE +-TCONST_CHAR_STAR +-TCRYPTO_EX_DATA +-TCTABLE +-TCTABLE_ENTRY +-Td2i_X509_t +-Tdane_digest +-TDB_COMMON_CTX +-TDELIVER_ATTR +-TDELIVERED_HDR_INFO +-TDELIVER_REQUEST +-TDELTA_TIME +-TDICT +-TDICT_CACHE +-TDICT_CACHE_SREQ +-TDICT_CACHE_SREQ_INFO +-TDICT_CACHE_TEST +-TDICT_CDBM +-TDICT_CDBQ +-TDICT_CIDR +-TDICT_CIDR_ENTRY +-TDICT_DB +-TDICT_DBM +-TDICT_DEBUG +-TDICT_ENV +-TDICT_FAIL +-TDICT_FINAL_WRAPPER +-TDICT_HT +-TDICT_INLINE +-TDICT_LDAP +-TDICT_LMDB +-TDICT_MC +-TDICT_MYSQL +-TDICT_NI +-TDICT_NIS +-TDICT_NISPLUS +-TDICT_NODE +-TDICT_OPEN_EXTEND_FN +-TDICT_OPEN_FN +-TDICT_OPEN_INFO +-TDICT_OWNER +-TDICT_PCRE +-TDICT_PCRE_ENGINE +-TDICT_PCRE_EXPAND_CONTEXT +-TDICT_PCRE_IF_RULE +-TDICT_PCRE_MATCH_RULE +-TDICT_PCRE_PRESCAN_CONTEXT +-TDICT_PCRE_REGEXP +-TDICT_PCRE_RULE +-TDICT_PGSQL +-TDICT_PIPE +-TDICT_PROXY +-TDICT_RAND +-TDICT_RANDOM +-TDICT_REGEXP +-TDICT_REGEXP_EXPAND_CONTEXT +-TDICT_REGEXP_IF_RULE +-TDICT_REGEXP_MATCH_RULE +-TDICT_REGEXP_PATTERN +-TDICT_REGEXP_PRESCAN_CONTEXT +-TDICT_REGEXP_RULE +-TDICT_SDBM +-TDICT_SOCKMAP +-TDICT_SOCKMAP_REFC_HANDLE +-TDICT_SQLITE +-TDICT_STATIC +-TDICT_SURROGATE +-TDICT_TCP +-TDICT_TEXT +-TDICT_THASH +-TDICT_UNION +-TDICT_UNIX +-TDICT_WRAPPER +-TDNS_FIXED +-TDNS_REPLY +-TDNS_RR +-TDOMAIN_LIST +-TDSN +-TDSN_BUF +-TDSN_FILTER +-TDSN_SPLIT +-TDSN_STAT +-TDYMAP_INFO +-TEC_GROUP +-TEC_KEY +-TEDIT_FILE +-TEVENT_MASK +-TEVP_PKEY +-TEXPAND_ATTR +-TFILE +-Tfilter_ctx +-TFORWARD_INFO +-Tgeneral_name_stack_t +-THBC_ACTION_CALL_BACKS +-THBC_CALL_BACKS +-THBC_CHECKS +-THBC_MAP_INFO +-THBC_OUTPUT_CALL_BACKS +-THBC_TEST_CONTEXT +-THEADER_OPTS +-THEADER_TOKEN +-THOST +-THTABLE +-THTABLE_INFO +-Tiana_digest +-TINET_ADDR_LIST +-TINET_PROTO_INFO +-TINSTANCE +-TINST_SELECTION +-TINT32_TYPE +-TINT_TABLE +-TINTV +-TJMP_BUF_WRAPPER +-TLDAP +-TLDAP_CONN +-TLDAPMessage +-TLIB_DP +-TLIB_FN +-TLMTP_ATTR +-TLMTP_RESP +-TLMTP_SESSION +-TLMTP_STATE +-TLOCAL_EXP +-TLOCAL_STATE +-TLOGWRITER +-TLONG_NAME_MASK +-TMAC_EXP_CONTEXT +-TMAC_EXP_OP_INFO +-TMAC_HEAD +-TMAC_PARSE +-TMAI_HOSTADDR_STR +-TMAI_HOSTNAME_STR +-TMAIL_ADDR_MAP_TEST +-TMAIL_PRINT +-TMAIL_SCAN +-TMAIL_STREAM +-TMAIL_VERSION +-TMAI_SERVNAME_STR +-TMAI_SERVPORT_STR +-TMAPS +-TMASTER_INT_WATCH +-TMASTER_PROC +-TMASTER_SERV +-TMASTER_STATUS +-TMASTER_STR_WATCH +-TMATCH_LIST +-TMATCH_OPS +-TMBLOCK +-TMBOX +-TMDB_env +-TMDB_txn +-TMDB_val +-TMILTER +-TMILTER8 +-TMILTER_MACROS +-TMILTER_MSG_CONTEXT +-TMILTERS +-TMIME_ENCODING +-TMIME_INFO +-TMIME_STACK +-TMIME_STATE +-TMIME_STATE_DETAIL +-TMIME_TOKEN +-TMKMAP +-TMKMAP_DB +-TMKMAP_DBM +-TMKMAP_OPEN_EXTEND_FN +-TMKMAP_OPEN_FN +-TMKMAP_OPEN_INFO +-TMKMAP_SDBM +-TMSG_STATS +-TMULTI_SERVER +-TMVECT +-TMYSQL +-TMYSQL_NAME +-TMYSQL_RES +-TNAMADR_LIST +-TNAME_ASSIGNMENT +-TNAME_CODE +-TNAME_MASK +-TNBBIO +-Toff_t +-TOPTIONS +-TPCF_DBMS_INFO +-TPCF_EVAL_CTX +-TPCF_MASTER_EDIT_REQ +-TPCF_MASTER_ENT +-TPCF_MASTER_FLD_REQ +-TPCF_PARAM_CTX +-TPCF_PARAM_NODE +-TPCF_PARAM_TABLE +-TPCF_SERVICE_DEF +-TPCF_SERVICE_PATTERN +-TPCF_STRING_NV +-TPEER_NAME +-Tpem_load_state_t +-TPGSQL_NAME +-TPICKUP_INFO +-TPIPE_ATTR +-TPIPE_PARAMS +-TPIPE_STATE +-TPLMYSQL +-TPLPGSQL +-TPOST_MAIL_FCLOSE_STATE +-TPOST_MAIL_STATE +-TPOSTMAP_KEY_STATE +-TPRIVATE_STR_TABLE +-TPSC_CALL_BACK_ENTRY +-TPSC_CLIENT_INFO +-TPSC_DNSBL_HEAD +-TPSC_DNSBL_SCORE +-TPSC_DNSBL_SITE +-TPSC_ENDPT_LOOKUP_INFO +-TPSC_HAPROXY_STATE +-TPSC_SMTPD_COMMAND +-TPSC_STARTTLS +-TPSC_STATE +-TQMGR_ENTRY +-TQMGR_FEEDBACK +-TQMGR_JOB +-TQMGR_MESSAGE +-TQMGR_PEER +-TQMGR_QUEUE +-TQMGR_RCPT +-TQMGR_RCPT_LIST +-TQMGR_RECIPIENT +-TQMGR_SCAN +-TQMGR_TRANSPORT +-TQMQPD_STATE +-TRCPT_BUF +-TRECIPIENT +-TRECIPIENT_LIST +-TREC_TYPE_NAME +-Tregex_t +-Tregmatch_t +-TRES_CONTEXT +-TRESOLVE_REPLY +-TRESPONSE +-TREST_TABLE +-TRWR_CONTEXT +-Tsasl_conn_t +-Tsasl_secret_t +-TSCACHE +-TSCACHE_CLNT +-TSCACHE_MULTI +-TSCACHE_MULTI_DEST +-TSCACHE_MULTI_ENDP +-TSCACHE_MULTI_HEAD +-TSCACHE_SINGLE +-TSCACHE_SINGLE_DEST +-TSCACHE_SINGLE_ENDP +-TSCACHE_SIZE +-TSCAN_DIR +-TSCAN_INFO +-TSCAN_OBJ +-TSESSION +-Tsfsistat +-TSHARED_PATH +-Tsigset_t +-TSINGLE_SERVER +-TSINK_COMMAND +-TSINK_STATE +-Tsize_t +-TSLMDB +-TSMFICTX +-TSM_STATE +-TSMTP_ADDR +-TSMTP_CMD +-TSMTPD_CMD +-TSMTPD_DEFER +-TSMTPD_ENDPT_LOOKUP_INFO +-TSMTPD_POLICY_CLNT +-TSMTPD_PROXY +-TSMTPD_RBL_EXPAND_CONTEXT +-TSMTPD_RBL_STATE +-TSMTPD_RCPTMAP_ST +-TSMTPD_STATE +-TSMTPD_TOKEN +-TSMTPD_XFORWARD_ATTR +-TSMTP_ITERATOR +-TSMTP_RESP +-TSMTP_SASL_AUTH_CACHE +-TSMTP_SESSION +-TSMTP_STATE +-TSMTP_TLS_POLICY +-TSMTP_TLS_SESS +-TSMTP_TLS_SITE_POLICY +-Tsockaddr +-TSOCKADDR_SIZE +-TSPAWN_ATTR +-Tssize_t +-TSSL +-Tssl_cipher_stack_t +-Tssl_comp_stack_t +-TSSL_CTX +-TSSL_SESSION +-TSTATE +-TSTRING_LIST +-TSTRING_TABLE +-TSYS_EXITS_DETAIL +-Ttime_t +-Ttlsa_filter +-TTLS_APPL_STATE +-TTLS_CERTS +-TTLS_CLIENT_INIT_PROPS +-TTLS_CLIENT_START_PROPS +-TTLScontext_t +-TTLS_DANE +-TTLSMGR_SCACHE +-TTLS_CLIENT_PARAMS +-TTLS_PKEYS +-TTLS_PRNG_SEED_INFO +-TTLS_PRNG_SRC +-TTLSP_STATE +-TTLS_ROLE +-TTLS_SCACHE +-TTLS_SCACHE_ENTRY +-TTLS_SERVER_INIT_PROPS +-TTLS_SERVER_START_PROPS +-TTLS_SESS_STATE +-TTLS_TICKET_KEY +-TTLS_TLSA +-TTLS_USAGE +-TTLS_VINFO +-TTOK822 +-TTRANSPORT_INFO +-TTRIGGER_SERVER +-TUSER_ATTR +-TVBUF +-TVSTREAM +-TVSTREAM_POPEN_ARGS +-TVSTRING +-TWAIT_STATUS_T +-TWATCHDOG +-TWATCH_FD +-TX509 +-TX509_EXTENSION +-TX509_NAME +-Tx509_stack_t +-TX509_STORE_CTX +-TX509V3_CTX +-TXSASL_CLIENT +-TXSASL_CLIENT_CREATE_ARGS +-TXSASL_CLIENT_IMPL +-TXSASL_CLIENT_IMPL_INFO +-TXSASL_CYRUS_CB +-TXSASL_CYRUS_CLIENT +-TXSASL_CYRUS_ERROR_INFO +-TXSASL_CYRUS_SERVER +-TXSASL_DCSRV_MECH +-TXSASL_DOVECOT_SERVER +-TXSASL_DOVECOT_SERVER_IMPL +-TXSASL_DOVECOT_SERVER_MECHS +-TXSASL_SERVER +-TXSASL_SERVER_CREATE_ARGS +-TXSASL_SERVER_IMPL +-TXSASL_SERVER_IMPL_INFO diff --git a/.printfck b/.printfck new file mode 100644 index 0000000..66016ed --- /dev/null +++ b/.printfck @@ -0,0 +1,25 @@ +been_here_xt 2 0 +bounce_append 5 0 +cleanup_out_format 1 0 +defer_append 5 0 +mail_command 1 0 +mail_print 1 0 +msg_error 0 0 +msg_fatal 0 0 +msg_info 0 0 +msg_panic 0 0 +msg_warn 0 0 +opened 4 0 +post_mail_fprintf 1 0 +qmgr_message_bounce 2 0 +rec_fprintf 2 0 +sent 4 0 +smtp_cmd 1 0 +smtp_mesg_fail 2 0 +smtp_printf 1 0 +smtp_rcpt_fail 3 0 +smtp_site_fail 2 0 +udp_syslog 1 0 +vstream_fprintf 1 0 +vstream_printf 0 0 +vstring_sprintf 1 0 diff --git a/AAAREADME b/AAAREADME new file mode 100644 index 0000000..7b7a4b6 --- /dev/null +++ b/AAAREADME @@ -0,0 +1,184 @@ +Purpose of this document +======================== + +This document provides a road map of the Postfix mail system source +code distribution. I suggest that you + +- take a few minutes to read this file, + +- review the RELEASE_NOTES file for incompatible changes, + +- and then proceed with the INSTALL instructions. + +Introduction +============ + +This is the public release of the Postfix mail system. Thank you +for your interest in this project. Send me a postcard if you like +it. My postal address is below. + +You must read the LICENSE file, if you didn't do so already. A copy +of the LICENSE must be distributed with every original, modified, +complete, source, or binary copy of this software or parts thereof. +I suggest that you keep a copy of the file in /etc/postfix/LICENSE. + +Purpose of the Postfix mail system +================================== + +Postfix aims to be an alternative to the widely-used sendmail +program. + +Although IBM supported the Postfix development, it abstains from +control over its evolution. The goal is to have Postfix installed +on as many systems as possible. To this end, the software is given +away with no strings attached to it, so that it can evolve with +input from and under control by its users. + +In other words, IBM releases Postfix only once. I will be around +to guide its development for a limited time. + +On-line resources devoted to the Postfix mail system +==================================================== + +Web sites: + + http://www.postfix.org/ current release information + +Mail addresses (PLEASE send questions to the mailing list) + + postfix-users@postfix.org Postfix users mailing list + +In order to subscribe to the mailing list, see http://www.postfix.org/. + +Acknowledgments +=============== + +This release could not have happened without the input from a team +of competent alpha testers. Their names appear in numerous places +in the HISTORY file. I appreciate the input from my colleagues at +the IBM Global Security Analysis Laboratory: Paul Karger, Dave +Safford, Douglas Schales, and Leendert van Doorn. I also appreciate +the support by Charles Palmer under whose leadership I began this +project, and who had the privilege to name the software, twice. + +Postcards +========= + +If you wish to express your appreciation for the Postfix software, +you are welcome to send a postcard to: + + Wietse Venema + Google + 111 8th Avenue, 4th floor + New York, NY 10011 + USA + +Roadmap of the Postfix source distribution +========================================== + +The RELEASE_NOTES file describes new features, and lists incompatible +changes with respect to previous Postfix versions. + +The INSTALL file provides a step-by-step guide for building and +installing Postfix on many popular UNIX platforms. + +The COMPATIBILITY file lists features that Postfix does or does +not yet implement, and how well it works with other software. + +The HISTORY file gives a detailed log of changes to the software. + +Point your browser at html/index.html for Postfix documentation +and for hyperlinked versions of Postfix manual pages. Expect +to see updated versions on-line at http://www.postfix.org/ + +Point your MANPATH environment variable at the `man' directory (use +an absolute path) for UNIX-style on-line manual pages. These pages +are also available through the HTML interface, which allows you to +navigate faster. + +The PORTING file discusses how to go about porting Postfix to other +UNIX platforms. + +Documentation: + + README_FILES/ Instructions for specific Postfix features + html/ HTML format + man/ UNIX on-line manual page format + +Example files: + + conf/ configuration files, run-time scripts + examples/ chroot environments, virtual domains + +Library routines: + + src/dns/ DNS client library + src/global/ Postfix-specific support routines + src/milter/ Postfix Milter (mail filter) client + src/tls/ TLS client and server support + src/util/ General-purpose support routines + src/xsasl/ SASL plug-in API + +Command-line utilities: + + src/postalias/ Alias database management + src/postcat/ List Postfix queue file + src/postconf/ Configuration utility + src/postdrop/ Postfix mail submission program + src/postfix/ Postfix administrative interface + src/postkick/ Postfix IPC for shell scripts + src/postlock/ Postfix locking for shell scripts + src/postlog/ Postfix logging for shell scripts + src/postmap/ Postfix lookup table management + src/postmulti/ Postfix multi-instance manager + src/postqueue/ Postfix queue control program + src/postsuper/ Postfix house keeping program + src/sendmail/ Sendmail compatibility interface + +Postfix daemons: + + src/anvil/ Connection count/rate limiter + src/bounce/ Bounce or defer mail + src/cleanup/ Canonicalize and enqueue mail + src/discard/ Trivial discard mailer + src/dnsblog/ DNS agent for postscreen + src/error/ Trivial error mailer + src/flush/ Support for ETRN, sendmail -qI, sendmail -qR + src/local/ Local delivery + src/master/ Postfix resident superserver + src/oqmgr/ Old queue manager + src/pickup/ Local pickup + src/pipe/ Pipe delivery + src/postlogd/ Syslog alternative, logs to file or stdout + src/postscreen/ Zombie blocker + src/proxymap/ Table lookup proxy agent + src/qmgr/ Queue manager + src/qmqpd/ QMQPD server + src/scache/ Postfix SMTP session cache + src/showq/ List Postfix queue status + src/smtp/ SMTP and LMTP client + src/smtpd/ SMTP server + src/spawn/ Run non-Postfix server + src/tlsmgr/ TLS session keys and random pool + src/tlsproxy/ TLS proxy for postscreen and outbound connection reuse + src/trivial-rewrite/ Address rewriting and resolving + src/verify/ address verification service + src/virtual/ virtual mailbox-only delivery agent + +Test programs: + + src/fsstone/ Measure file system overhead + src/posttls-finger/ Postfix SMTP/LMTP TLS probe utility + src/smtpstone/ SMTP and QMQP server torture test + +Miscellaneous: + + auxiliary/ Auxiliary software etc. + bin/ Postfix command executables + conf/ Configuration files, run-time scripts + include/ Include files + implementation-notes/ Background information + lib/ Object libraries + libexec/ Postfix daemon executables + mantools/ Documentation utilities + proto/ Documentation source diff --git a/COMPATIBILITY b/COMPATIBILITY new file mode 100644 index 0000000..d5da652 --- /dev/null +++ b/COMPATIBILITY @@ -0,0 +1,73 @@ +.forward yes (empty files; can enable/disable mail to /file or |command) +/usr/mail yes (compile time option) +/usr/spool/mail yes (compile time option) +/var/mail yes (compile time option) +/var/spool/mail yes (compile time option) +:include: yes (mail to /file and |command is off by default) +address probing yes (optional persistent database) +aliases yes (can enable/disable mail to /file or |command) +bare newlines yes (but will send CRLF) +blacklisting yes (client name/addr; helo hostname; mail from; rcpt to) +connection caching yes (SMTP shared cache; LMTP shared cache) +content filter yes (before and after queue, internal and external) +db tables yes (compile time option) +dbm tables yes (compile time option) +delivered-to yes (configurable with prepend_delivered_header) +dsn yes +enhanced status codes yes +errors-to: no (removed with Postfix 2.2) +esmtp yes +etrn support yes (per-destination log for authorized destinations only) +fcntl locking yes (runtime configurable) +flock locking yes (runtime configurable) +genericstable yes (Postfix 2.2 generic(5) table) +greylist yes (delegated policy script) +home mailbox yes +ident lookup no +ipv6 yes (compatibility for ipv4-only systems) +ldap tables yes (contributed) +lmtp support yes (client only) +luser relay yes +m4 config no +mail to command yes (configurable for .forward, aliases, :include:) +mail to file yes (configurable for .forward, aliases, :include:) +maildir yes (in home, system mailspool, /file/name/ alias) +mailertable yes (it's called transport) +mailq yes +majordomo yes (edit approve script to delete /^delivered-to:/i) +milter yes (except body replacement) +mime yes (including 8bit to quoted-printable conversion) +mysql tables yes (contributed) +netinfo tables yes (contributed) +newaliases yes (main alias database only) +nis tables yes +nis+ tables yes (contributed) +no <> in smtp yes (most common address forms) +pgsql tables yes (contributed) +pipeline option yes (SMTP server and client; LMTP client) +pop/imap no +qmqp server yes (with verp support) +rbl support yes +return-receipt: no (use DSN NOTIFY=SUCCESS) +rhsbl support yes +sasl support yes (compile time option) +sendmail -bt no +sendmail -bv yes (sends delivery report via email) +sendmail -q yes +sendmail -qRxxx yes (for domains specified in fast_flush_domains) +sendmail -qSxxx no +sendmail -qtime ignored +sendmail -v yes (sends delivery report via email) +sendmail.cf no (uses table-driven address rewriting) +size option yes, server and client +smarthost yes (specify relayhost in main.cf) +spf yes (delegated policy script) +starttls yes (compile time option) +tcp wrapper no (use built-in blacklist facility) +user+extension yes (also: .forward+extension) +user-extension yes (also: .forward-extension) +user.lock yes (runtime configurable) +uucp support yes (sends user@domain recipients) +verp support yes (delimiters are configurable) +virtual domains yes (via local delivery agent and via dedicated delivery agent) +year 2000 safe yes diff --git a/COPYRIGHT b/COPYRIGHT new file mode 100644 index 0000000..beb9c97 --- /dev/null +++ b/COPYRIGHT @@ -0,0 +1,35 @@ +Included for the use of the fix_strcasecmp.c module which works +around a Solaris problem. + +/* + * Copyright (c) 1987, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ @@ -0,0 +1,24724 @@ +In addition to the names listed below, the following people provided +useful inputs on many occasions: Paul D. Robertson, Simon J. Mudd. +Apologies for any names omitted. + +19980105 + + The compiled-in default value for resolve_smtp_sender was + wrong (from the days that it was a boolean), causing smtpd + to dump core when the variable was not set in main.cf. + + The INSTALL instructions now have separate sections for + the three basic ways of running vmailer. + + The INSTALL instructions now have discusses how to deal + with chrooted processes. + + Ported to RedHat 5.0. My, these people have re-organized + their include files quite a bit, haven't they. + +19980106 + + On RedHat Linux 4.2/5.0, when a FIFO listener opens the + FIFO with mode O_RDONLY, the FIFO remains forever readable + after the writer has closed it. Workaround: open the FIFO + mode O_RDWR. + + Test program: util/fifo_rdonly_bug.c + + Unfortunately, the above fix triggers a bug on BSD/OS 3.1 + where opening the FIFO mode O_RDWR causes select() to claim + that the FIFO is readable even before any data is written + to it, causing read() to block or to fail. + + Test program: util/fifo_rdwr_bug.c + + printfck (check arguments of printf-like function calls) + found a missing argument in local/command.c + + Miscellaneous Makefile cleanups that I didn't finish before + the first alpha release. + +19980107 + + Sometimes the DNS will claim that a domain does not exist, + when in fact it does. Thus, it is a bad idea to reject mail + from apparently non-existent domains. I have changed the + smtpd so that it produces a soft error responses when a + resolve_smtp_sender test fails with HOST_NOT_FOUND. Note: + by default, this test is still disabled. + + The DB and DBM read routines will now automagically figure + out if (key, value) pairs were written including a terminating + null byte or not. The DB and DBM write routines will use + this result to determine how to write, and will fall back + to per-system defaults otherwise. + + Renamed the README to MUSINGS, and wrote up a README that + reflects the current status of the software. + + Added -d (don't disconnect) and -c (show running counter) + option to te smtp-source test program. These tools are + great torture tests for the mail software, and for the + system that it runs on. + + Turned down the process_limit parameter (# of parallel smtp + clients or servers) to avoid unpleasant surprises. You can + crank up the process_limit parameter in main.cf. + +19980111 + + Feature: when run by the superuser, mailq now shows the + mail queue even when the mail system is down. To this end, + mailq (sendmail -bp) runs the showq program directly instead + of connecting to the UNIX-domain service socket, and drops + privileges etc. as usual. + +19980119 + + Bugfix: Edwin Kremer spotted an oversight in the negated + host matching code (for name or address patterns prefixed + by !). + + Bugfix: upon receipt of a SIGHUP signal, the master now + disconnects from its child processes, so that the current + generation of child processes commits suicide, and so that + the next generation of child processes will use the new + configuration settings. + + Bugfix: the smtp server now skips the sender DNS domain + lookup test for foo@[address] + + Bugfix: don't append the local domain to foo@[address] + +19980120 + + Bugfix: old low-priority bug in some list walk code that + caused the master to drop core when a service was turned + off in master.cf. + + Robustness: the mail system should be able to start up and + to accept local postings even while the naming service is + down. For this reason, the mail system no longer uses + gethostbyname() to look up its own machine name. Sites + that use short hostnames will have to specify their FQDN + in main.cf (this will eventually be done by the system + installation/configuration procedure). Should the config + language support backticks so one can say `domainname`? + What about $name stuff between the backtics? + + Security: the master now creates FIFOs and UNIX-domain + sockets as the mail owner instead of as root, for better + protection against subverted mail systems. chmod() is + susceptible to race conditions. fchmod(), although safer, + often does not work on sockets. + + Portability: anticipate that all major UNIXes will create + UNIX-domain sockets with permissions modified by the process + umask (required by POSIX). For this reason, we always + chmod() UNIX-domain sockets, unless the system allows us + to use the safer fchmod() instead. + + Portability: the semi-resident servers now properly handle + EWOULDBLOCK returns from accept() in addition to EGAIN + (on some systems, EAGAIN and EWOULDBLOCK have different + values). + + Bugfix: the semi-resident servers now properly handle EINTR + returns From accept(). + + Bugfix: Edwin Kremer found that mynetworks() would compute + (32 - mask) instead of mask. + +19980121 + + Feature: /etc/vmailer/relocated is used by the local delivery + program and specifies what mail should be bounced with a + "user has moved to XXX" message. The main.cf configuration + parameter is "relocated_maps". Just like the "virtual_maps" + config parameter, this feature is off by default, and the + parameter can have values such as "files" or "files, nis" + (on hosts equipped with NIS). + +19980123 + + Cleanup: virtual domain support moved from the queue manager + to the resolve service, where it belongs. + + Feature: /etc/vmailer/canonical is used by the rewrite + service for all addresses, and maps a canonical address + (user@domain) to another address. Typical use is to generate + Firstname.Lastname@domain addresses, or to clean up dirty + addresses from non-RFC 822 mail systems. The main.cf + configuration parameter is "canonical_maps". Just like + the "virtual_maps" config parameter, this feature is off + by default, and the parameter can have values such as + "files" or "files, nis" (on hosts equipped with NIS). + +19980124 + + HPUX10 port and many little fixes from Pieter Schoenmakers. + + Bugfix: isolated an old mysterious bug that could make the + master deaf for new connections while no child process was + running. A typical result was that no pickup daemon would + be started after the previous one had terminated voluntarily. + + Bugfix: the NIS lookup code did not mystrdup() the NIS map + name and would access free()d memory. + +19980125 + + Bugfix: the vstream routines would sometimes ignore flushing + errors. The error would still be reported by vstream_fclose() + and vstream_ferror(). + + Feature: time limit on delivery to shell commands. Config + parameter: command_time_limit. Default value: 100 sec. The + idea is to prevent one bad .forward file or alias file + entry from slowly using up all local delivery process slots. + +19980126 + + Code cleanup: in preparation for SMTP extensions such as + SIZE, allow an extended SMTP command to have a variable + number of options. + +19980127 + + Bugfix: moved canonical map lookups away from the rewriting + module to the cleanup service, so that canonical map lookups + do not interfere with address rewriting on behalf of other + programs. Back to an older trivial-rewrite program version. + + Bugfix: moved virtual map lookups away from the resolver + back to the queue manager, so that virtual domain lookup + does not interfere with address resolution on behalf of + other programs. Back to an older qmgr program version. + +19980131 + + Feature: integrated and adapted Guido van Rooij's SIZE + option (RFC 1870), carefully avoiding potential problems + due to overflow (by multiplying large numbers) or unsigned + underflow (by subtracting numbers). + + Code cleanup: cleaned up the code that parses the server + response to the HELO/EHLO command, so that we can more + reliably recognize what options a server supports. + +19980201 + + Portability: integrated the IRIX 6 port by Oved Ben-Aroya. + + Portability: the software now figures out by itself if a + server should open its FIFO read-write or read-only, to + avoid getting stuck with a FIFO that stays readable forever. + + Bugfix: the cleanup service would terminate with a fatal + vstream_fseek() error when the queue file was too large. + + Bugfix: the cleanup service could be killed by a signal + when the queue file became too large. + +19980203 + + Portability: some systems have statfs(), some have statvfs(), + and the relevant include files are in a different place on + almost every system. + + Portability: the makedefs script now nukes the -O compiler + flag when building on AIX with IBM's own compiler... + +19980204 + + Portability: HP-UX 9.x support by Pieter Schoenmakers. + + Portability: added SYSV-style ulimit() file size limit + support for HP-UX 9.x. + + Portability: added some #includes that appeared to be + missing according to the Digital UNIX cc compiler. + + Bugfix: sys_defs.h now correctly specifies NIS support for + LINUX2, HPUX9 and HPUX10. + + Security: fixed a file descriptor leak in the local delivery + agent that could give shell commands access to the VMailer + IPC streams. This should not cause a vulnerability, given + the design and implementation of the mailer, but it would + be like asking for trouble. + + Bugfix: the sendmail -B (body type) option did not take a + value. + +19980205 + + Bugfix (SUNOS5): should not have deleted the SVID_GETTOD + definition from util/sys_defs.h. + + Bugfix (HPUX9): forgot to specify whether to use statfs() + or statvfs(). + + Bugfix (HPUX9): don't try to raise the file size ulimit. + + Bugfix (HPUX9): must specify file size limit in 512-blocks. + +19980207 + + Robustness: the master process now raises the file size + limit when it is started with a limit that is less than + VMailer's file size limit. File: util/file_limit.c. + + Security: the dns lookup routines now screen all result + names with valid_hostname(). Bad names are treated as + transient errors. + + Feature: qmail compatibility: when the home_mailbox parameter + is set, mail is delivered to ~/$home_mailbox instead of to + /var[/spool]/mail/username. This hopefully makes it easier + to lure people away from qmail :-) + + Robustness: several testers by accident configured relayhost + the same as myhostname. The programs now explicitly check + for this mistake. + + Bugfix: deliver_request_read() would free unallocated memory + when it received an incomplete delivery request from the + queue manager. + + Robustness: local_destination_concurrency=1 prevents parallel + delivery to the same user (with possibly disastrous effects + when that user has an expensive pipeline in the .forward + or procmail config file). Each transport can have its own + XXX_destination_concurrency parameter, to limit the number + of simultaneous deliveries to the same destination. + +19980208 + + Robustness: added "slow open" mode, to gradually increase + the number of simultaneous connections to the same site as + long as delivery succeeds, and to gradually decrease the + number of connections while delivery fails. Brad Knowles + provided the inspiration to do this. + + This also solves the "thundering herd" problem (making a + bunch of connections to a dead host when it was time to + retry that host). Let's see when other mailers fix this. + + Feature: Added $smtpd_banner and $mail_version, for those + who want to show the world what software version they are + running. + + Bugfix: vmailer-script now properly labels each syslog + entry. + +19980210 + + Portability: merged in NEXTSTEP 3 port from Pieter Schoenmakers + + Bugfix: the local delivery program now checks that a + destination is a regular file before locking it. + +19980211 + + Robustness: the local delivery agent sets HOME, LOGNAME, + and SHELL when delivering to a user shell command. PATH is + always set, and TZ is passed through if it is set. + +19980212 + + Feature: mailq (sendmail -bp) now also lists the maildrop + queue (with mail that hasn't been picked up yet). + +19980213 + + Feature: the smtpd now says: 502 HELP not implemented. This + should impress the heck out of the competition :-) + +19980214 + + Feature: local delivery to configurable system-wide command + (e.g. procmail) avoids the need for per-user ~/.forward + shell commands. Config parameter: mailbox_command. + +19980215 + + Performance: avoid running a shell when a command contains + no shell magic characters or built-in shell commands. This + speeds up delivery to all commands. File: util/exec_command.c. + + Bugfix: the local delivery agent, after reading EOF from + a child process, now sends SIGKILL only when the child does + not terminate within a limited amount of time. This avoids + some problems with procmail. File: util/timed_wait.c. + +19980217 + + Portability: folded in NetInfo support from Pieter + Schoenmakers. + +19980218 + + Feature: new vmlock command to run a command while keeping + an exclusive lock on a mailbox. + + Feature: with "recipient_delimiter = +", mail for local + address "user+foo" is delivered to "foo", with a "Delivered-To: + user+foo@domain" message header. Files: qmgr/qmgr_message.c, + local/recipient.c. This must be the cheapest feature. + +19980219 + + Code cleanup: moved error handling into functions that + should always succeed (non_blocking(), close_on_exec()). + +19980223 + + Bugfix: null pointer bug in the cleanup program after + processing a From: header with no mail address (or with + only a comment). + +19980226 + + Robustness: now detects when getpwnam() returns a name that + differs from the requested name. + + Feature: Added %p support to the vbuf_print formatting + module. + + Code cleanup: revamped the alias/include/.forward loop + detection and duplicate suppression code in the local + delivery agent. This must be the fourth iteration, and + again the code has been simplified. + +19980228 + + Robustness: don't treat anything starting with whitespace + as a header record. Instead, explicitly test for leading + whitespace where we permit it. Files: global/is_header.c, + bounce/bounce_flush_service.c, local/delivered.c. + +19980301 + + Compatibility: the sendmail program now accepts the -N + command-line option (delivery status notification) but + ignores it entirely, just like many other sendmail options. + + Bugfix: dns_lookup.c was too conservative with buffer sizes + and would incorrectly report "malformed name server reply". + +19980302 + + Bugfix: the local delivery agent was not null-byte clean. + +19980307 + + Feature: integrated Pieter Schoenmaker's code for transport + lookup tables that list (transport, nexthop) by destination. + +19980309 + + Bugfix: delivery agents no longer rename corrupt queue + files, because programs might fall over each other doing + so. Instead, when a delivery agent detects queue file + corruption, it chmods the queue file, simulates a soft + error, and lets the queue manager take care of the problem. + + Bugfix: the SMTP server implemented VRFY incorrectly. + + Feature: first shot at a pipe mailer, which can be used to + extend VMailer with external mail transports such as UUCP + (provided that the remote site understands domain addressing, + because VMailer version 1 does not rewrite addresses). + + Cleanup: extended the master/child interface so that the + service name (from master.cf) is passed on to the child. + The pipe mailer needs the service name so it can look up + service-specific configuration parameters (privilege level, + recipient limit, time limit, and so on). + +19980310-12 + + Cleanup: factored out the pipe_command() code, so it can + be shared between pipe mailer and local delivery agent. + +19980314 + + Compatibility: the sendmail program now parses each + command-line recipient as if it were an RFC 822 message + header; some MUAs specify comma-separated recipients in a + command-line argument; and some MUAs even specify "word + word <address>" forms as command-line arguments. + +19980315 + + Bugfix: VMailer's queue processing randomization wasn't + adequate for unloaded systems with small backlogs. + + Bugfix: smtpd now uses double-buffered stream I/O to prevent + loss of input sent ahead of responses. + +19980316 + + Bugfix: the smtpd anti-relay code didn't treat all hosts + listed in $mydestinations as local, so it would accept mail + only for hosts listed in $relay_domains (default: my own + domain). + + Bugfix: smtpd now replies with 502 when given an unknown + command. + +19980318 + + Cleanup: resolve/rewrite clients now automatically disconnect + after a configurable amount of idle time (ipc_idle). + +19980322 + + Tolerance: VRFY now permits user@domain, even though the + RFC requires that special characters such as @ be escaped. + +19980325 + + Bugfix: a recipient delimiter of "-" could interfere with + special addresses such as owner-xxx or double-bounce. + + Tolerance: the SMTP client now permits blank lines in SMTP + server responses. + + Tolerance: the SMTP client now falls back to SMTP when it + apparently mistook an SMTP server as ESMTP capable. + + Bugfix: eliminated strtok() calls in favor of mystrtok(). + Symptom: master.cf parsing would break if $inet_interfaces + was more than one word. + +19980328 + + Bugfix: user->addr patterns in canonical and virtual tables + matched only $myorigin, not hosts listed in $mydestination + or addresses listed in $inet_interfaces. The man pages + were wrong too. File: global/addr_match.c. + +19980401 + + Robustness: FIFO file permissions now default to 0622. On + some systems, opening a FIFO read-only could deafen the + pickup daemon. Only the listener end (which is opened as + root) needs read access anyway, so there should not be a + loss of functionality by making FIFOs non-readable for + non-mail processes. + +19980402 + + Compatibility: sendmail -I and -c options added. + +19980403 + + Feature: virtual lookups are now recursive. File: + qmgr/qmgr_message.c + +19980405 + + Implemented sendmail -bs (stand-alone) mode. This mode runs + as the user and therefore deposits into the maildrop queue. + +19980406 + + The pickup service now removes malformed maildrop files. + +19980407 + + The pickup service now guards against maildrop files with + time stamps dated into the future. + +19980408 + + Bugfix: in the canonical and virtual maps, foo->address + would match foo@$myorigin only. This has been fixed to also + match hosts listed in main.cf:$mydestination and the + addresses listed in main.cf:$inet_interfaces. + + Bugfix: added double buffering support to the VMailer SMTP + server. This makes the SMTP server robust against SMTP + clients that talk ahead of time, and should have been in + there from day one. + +19980409 + + Bugfix: the VMailer SMTP client now recognizes its own + hostname in the SMTP greeting banner only when that name + appears as the first word on the first line. + +19980410 + + Feature: smtpd now logs the local queue ID along with the + client name/address, and pickup now logs the local queue + ID along with the message owner. + + Bugfix: still didn't do virtual/canonical lookups right + (code used the non-case-folded key instead of the case + folded one). + +19980418 + + Bugfix: the SMTP server did not flush the "250 OK queued + as XXXX" message from the SMTP conversation history. + +19980419 + + Bugfix: qmgr would not notice that a malformed message has + multiple senders, and would leak memory (Tom Ptacek). + +19980421 + + Portability: in the mantools scripts, the expr pattern no + longer has ^ at the beginning, and the scripts now use the + expand program instead of my own detab utility. + +19980425 + + NetBSD 1.x patch by Soren S. Jorvang. + +19980511 + + Feature: the SMTP server now logs the protocol (SMTP or + ESMTP) as part of the Received: header. + + Feature: smtpd now logs the last command when a session is + aborted due to timeout, unexpected EOF, or too many client + errors. + +19980514 + + Bugfix: the queue manager did not update the counter for + in-core message structures, so the in-core message limit + had no effect. This can be bad when you have a large backlog + with many messages eligible for delivery. + + Robustness: the queue manager now also limits the total + number of in-core recipient structures, so that it won't + use excessive amounts of memory on sites that have large + mailing lists. + +19980518 + + Bugfix: the SMTP client did not notice that the DNS client + received a truncated response. As a result, a backup MX + host could incorrectly claim that it was the best MX host + and declare a mailer loop. + + Added start_msg/stop_msg entries to the vmailer startup + script, for easy installation. + + Cleanup: VMailer databases are now explicitly specified as + type:name, for example, hash:/etc/aliases or nis:mail.aliases, + instead of implicitly as "files", "nis" and so on. Test + program: util/dict_open. This change allowed me to + eliminate a lot of redundant code from mkmap_xxx.c, and + from everything that does map lookups. + +19980525 + + Bugfix: local/dotforward.c compared the result of opening + a user's ~/.forward against the wrong error value. + +19980526 + + Bugfix: the smtpd VRFY command could look at free()d memory. + + Robustness: the smtpd program had a fixed limit on the + number of token structures. The code now dynamically + allocates token structures. + + Bugfix: the queue manager still used the deprecated parameter + name xxx_deliver_concurrency for concurrency control, but + the documentation talks about the preferred parameter name + xxx_destination_concurrency. Fix: try xxx_destination_concurrency + first, then fall back to xxx_deliver_concurrency. + +19980621-19980702 + + Cleanup: the string read routines now report the last + character read or VSTREAM_EOF. This change is necessary + for the implementation of the long SMTP line bugfix. + + Bugfix: the smtp server exited the DATA command prematurely + when the client sent long lines. Reason: the smtp server + did not remember that it broke long lines, so that '.' + could appear to be the first character on a line when in + fact it wasn't. + + Bugfix: the queue manager made lots of stupid errors while + reading $qmgr_message_recipient_limit chunks of recipients + from a queue file. This code has been restructured. + +19980706 + + Performance: the cleanup program now always adds return-receipt + and errors-to records to a queue file, so that the queue + manager does not have to plow through huge lists of + recipients. + + Robustness: the initial destination concurrency now defaults + to 2, so that one bad message or one bad connection does + not stop all mail to a site. The configuration parameter + is called initial_destination_concurrency. + + Performance: the per-message recipient limit is now enforced + by the queue manager instead of by the transport. Thus, a + large list of recipients for the same site is now mapped + onto several delivery requests which can be handled in + parallel, instead of being mapped onto one delivery request + that is sent to limited numbers of recipients, one group + after the other. + +19980707 + + Cleanup: the queue manager now does an additional recipient + sort after the recipients have been resolved, so that the + code can do better aggregation of recipients by next hop + destination. + + Feature: lines in the master.cf file can now be continued + in the same manner as lines in the main.cf file, i.e. by + starting the next line with whitespace. + + Feature: the smtp client now warns that a message may be + delivered multiple times when the response to "." is not + received (the problem described in RFC 1047). + + Cleanup: when the queue manager changes its little mind + after contacting a delivery agent (for example, it decides + to skip the host because a transport or host goes bad), + the delivery agent no longer complains about premature EOF. + File: global/deliver_request.c + +19980709 + + Bugfix: when breaking long lines, the SMTP client did not + escape leading dots in secondary etc. line fragments. Fix: + don't break lines. This change makes VMailer line-length + transparent. Files: global/smtp_stream.c, smtp/smtp_proto.c. + +19980712 + + Cleanup: the queue manager to deliver agent protocol now + distinguishes between domain-specific soft errors and + recipient-specific soft errors. Result: many soft errors + with SMTP delivery no longer affect other mail the same + domain. + +19980713 + + Feature: the file modification time stamp of deferred queue + files is set to the nearest wakeup time of their recipient + hosts, or if delivery was deferred due to a non-host problem, + the time stamp is set into the future by the configurable + minimal backoff time. + + Bugfix: the SMTP client and the MAILQ command would report + as message size the total queue file size. That would + grossly overestimate the size of a message with many + recipients. + + Bugfix: the 19980709 fix screwed up locally-posted mail + that didn't end in newline. + +19980714 + + Robustness: the makedefs script now defaults to no optimization + when compiling for purify. + +19980715 + + Robustness: the makedefs script now defaults to no optimization + when compiling with gcc 2.8, until this compiler is known + to be OK. + + Workaround: when sending multiple messages over the same + SMTP connection, some SMTP servers need an RSET command + before the second etc. MAIL FROM command. The VMailer SMTP + client now sends a redundant RSET command just in case. + + The queue manager now logs explicitly when delivery is + deferred because of a "dead" message transport. + +19980716 + + Feature: mailq and mail bounces now finally report why mail + was deferred (the reason was logged to the syslog file + only). Changes were made to the bounce service (generalized + to be usable for defer logs), showq service (to show reasons) + and the queue manager. + + As a result the defer directory (with one log per deferred + message) may contain many files; also, this directory is + accessed each time a message is let into the active queue, + in order to delete its old defer log. This means that hashed + directories are now a must. + +19980718-20 + + Feature: configurable timeout for establishing smtp + connections. Parameter: smtp_connect_timeout (default 0, + which means use the timeout as wired into the kernel). + Inspired by code from Lamont Jones. For a clean but far + from trivial implementation, see util/timed_connect.c + + Cleaned up the interfaces that implement read/write deadlines. + Instead of returning -2, the routines now set errno to + ETIMEDOUT; the readable/writable tests are now separate. + +19980722 + + Feature: the default indexed file type (hash, btree, dbm) + is now configurable with the "database_type" parameter. + The default value for this parameter is system specific. + + Feature: selectively turn on verbose logging for hosts that + match the patterns specified via the "debug_peer_list" + config parameter. Syntax is like the "bad_smtp_clients" + parameter (see global/peer_list.c). The verbose logging + level is specified with "debug_peer_level" (default 2). + + Security: the local delivery agent no longer delivers to + files that have execute permission enabled. + +19980723 + + Workarounds for Solaris 2.x UNIX-domain sockets: they lose + data when you close them immediately after writing to them. + This could screw up the delivery agent to queue manager + protocol. + +19980724 + + Cleanup: spent most of the day cleaning up queue manager + code that defers mail when a site or transport dies, and + fixed a few obscure problems in the process. + +19980726 + + Feature: the admin can now configure what classes of problems + result in mail to the postmaster. Configuration parameter: + "notify_classes". Default is backwards compatible: bounce, + policy, protocol, resource, and software. + +19980726-28 + + Feature: the admin can now configure what smtp server access + control restrictions must be applied, and in what order. + Configuration parameters: smtpd_client_restrictions, + smtpd_helo_restrictions, smtpd_mail_restrictions and + smtpd_rcpt_restrictions. Defaults are intended to be + backwards compatible. The bad_senders and bad_clients lists + are gone and have become db (dbm, nis, etc) maps. Files: + smtpd/smtpd_check.c, config/main.cf. + +19980729-31 + + Feature: hashed queues. Rewrote parts of the mail queue + API. Configuration parameters: "hash_queue_names" specifies + what queue directories will be hashed (default: the defer + log directory), "hash_queue_depth" specifies the number of + subdirectories used for hashing (default 2). + +19980802 + + Bugfix: the pipe mailer should expand command-line arguments + with $recipient once for every recipient (producing one + command-line argument per recipient), instead of replacing + $recipient by of all recipients (i.e. producing only one + command-line argument). This is required for compatibility + with programs that expect to be run from sendmail, such as + uux. Thanks to Ollivier Robert for helping me to get this + right. + + Code cleanup: for the above, cleaned up the macro expansion + code in dict.c and factored out the parsing into a separate + module, mac_parse.c. + +19980803 + + "|command" and /file/name destinations in alias databases + are now executed with the privileges of the database owner + (unless root or vmailer). Thus, with: "alias_maps = + hash:/etc/aliases, hash:/home/majordomo/aliases", and with + /home/majordomo/aliases* owned by the majordomo account, + you no longer need the majordomo set-uid wrapper program, + and you no longer need root privileges in order to install + a new mailing list. + +19980804 + + Added support for the real-time blackhole list. Example: + "client_restrictions = permit_mynetworks, reject_maps_rbl" + + All SMTP server "reject" status codes are now configurable: + unknown_client_reject_code, mynetworks_reject_code, + invalid_hostname_reject_code, unknown_hostname_reject_code, + unknown_address_reject_code, relay_domains_reject_code, + access_map_reject_code, maps_rbl_reject_code. Default values + are documented in the smtpd/smtpd_check.c man page. + +19980806-8 + + Code cleanup: after eye balling line-by line diffs, started + deleting code that duplicated functionality because it was + at the wrong abstraction level (smtp_trouble.c), moved + functionality that was in the wrong place (dictionary + reference counts in maps.c instead of dict.c), simplified + code that was too complex (password-file structure cache) + and fixed some code that was just wrong. + +19980808 + + Robustness: the number of queue manager in-core structures + for dead hosts is limited; the limit scales with the limit + on the number of in-core recipient structures. The idea is + to not run out of memory under conditions of stress. + +19980809 + + Feature: mail to files and commands can now be restricted + by class: alias, forward file or include file. The default + restrictions are: "allow_mail_to_files = alias, forward" + and allow_mail_to_commands = alias, forward". The idea is + to protect against buggy mailing list managers that allow + intruders to subscribe /file/name or "|command". + +19980810-12 + + Cleanup: deleted a couple hundred lines of code from the + local delivery agent. It will never be a great program; + sendmail compatibility is asking a severe toll. + +19980814 + + Cleanup: made the program shut up about some benign error + conditions that were reported by Daniel Eisenbud. + +19980814-7 + + Documentation: made a start of HTML docs that describe all + configuration parameters. + + Feature: while documenting things, added smtpd_helo_required. + +19980817 + + Bugfix: at startup the queue manager now updates the time + stamps of active queue files some time into the future. + This eliminates duplicate deliveries after "vmailer reload". + + Bugfix: the local delivery agent now applies the recipient + delimiter after looking in the alias database, instead of + before. + + Documentation bugfixes by Matt Shibla, Tom Limoncelli, + Eilon Gishri. + +19980819 + + GLIBC fixes from Myrdraal. + + Bugfix: applied showq buffer reallocation workaround in + the wrong place. + + Bugfix: can't use shorts in varargs lists. SunOS 4 has + short uid_t and gid_t. pipe_command() would complain. + + Bugfix: can't use signed char in ctype macros. All ctype + arguments are now casted to unsigned char. Thanks, Casper + Dik. + +19980820 + + Bugfix: save the alias lookup result before looking up the + owner. The previous alpha release did this right. + + Cleanup: mail_trigger() no longer complains when the trigger + FIFO or socket is unavailable. This change is necessary to + shut up the sendmail mail posting program, so that it can + be used on mail clients that mount their maildrop via NFS. + + Experiment: pickup and pipe now run as vmailer most of the + time, and switch to user privileges only temporarily. + Files: util/set_eugid.c global/pipe_command.c pipe/pipe.c + pickup/pickup.c. Is this more secure/ What about someone + manipulating such a process while not root? It still has + ruid == 0. + +19980822 + + Portability: with GNU make, commands such as "(false;true)" + and "while :; do false; done" don't fail. Workaround: use + "set -e" all over the place. Problem found by Jeff Wolfe. + + Feature: "check_XXX_access maptype:mapname" (XXX = client, + helo, sender, recipient). Now you can make recipient and + other SPAM restrictions dependent on client or sender access + tables lookup results. + +19980823 + + Bugfix: smtpd access table lookup keys were case sensitive. + + Added "permit" and "reject" operators. These are useful at + the end of SPAM restriction lists (smtpd_XXX_restrictions). + + Added a first implementation of the permit_mx_backup SPAM + restriction. This permits mail relaying to any domain that + lists this mail system as an MX host (including mail for + the local machine). Thanks to Ollivier Robert for useful + discussions. + +19980824 + + Bugfix: transport table lookup keys were case sensitive. + +19980825 + + Portability: sa_len is some ugly #define on some SGI systems, + so we must rename identifiers (file util/connect.c). + + Bugfix: uucp delivery errors are now sent to the sender. + Thanks, Mark Delany. + + Bugfix: the pipe delivery agent now replaces empty sender + by the mailer daemon address. Mark Delany, again. + + Portability: GNU getopt looks at all command-line arguments. + Fix: insert -- into the pipe/uucp definition in master.cf. + + Bugfix: the smtp server command tokenizer silently discarded + the [] around [text], so that HELO [x.x.x.x] was read as + if the client had sent: HELO x.x.x.x. Thanks, Peter Bivesand. + + Bugfix: the HELO unknown hostname/bad hostname restrictions + would have treated [text] as a domain name anyway. + + Bugfix: the $local_duplicate_filter_limit value was not + picked up by the local delivery agent. This means the local + delivery agent could run out of memory on large mailing + list deliveries. + +19980826 + + Performance: mkmap/mkalias now run with the same speed as + sendmail. VMailer now uses a 4096-entry cache with 1 Mbyte + of memory for DB lookups. File: util/dict_db.c. + +19980902 + + Robustness: the reject_unknown_hostname restriction for + HELO/EHLO hostnames will now permit names that have an MX + record instead of an A record. + +19980903 + + Feature: appending @$myorigin to an unqualified address is + configurable with the boolean append_at_myorigin parameter + (default: yes). + + Feature: appending .$mydomain to user@host is configurable + with the boolean append_dot_mydomain parameter (default: + yes). + + Feature: site!user is rewritten to user@site, under control + of the boolean parameter swap_bangpath (default: yes). + + Feature: permit a naked IP address in HELO commands (i.e. + an address without the enclosing [] as required by the + RFC), by specifying "permit_naked_ip_address" as one of + the restrictions in the "smtpd_helo_restrictions" config + parameter. + +19980904 + + Code cleanup: when an SMTP client aborts a session after + sending MAIL FROM, the cleanup service no longer warns that + it is "skipping further client input". Files: cleanup/*.c. + Thanks, Daniel Eisenbud, for prodding. + + Code cleanup: when an SMTP server disconnects in the middle + of a session, don't try to send QUIT over the non-existing + connection. Files: global/smtp_stream.c, smtp/smtp.c. + Thanks, Daniel Eisenbud, for prodding, again. + + Code cleanup: the VMailer version number has moved from + mail_params.h (which is included by lots of modules) to a + separate file global/mail_version.h, so that a version + change no longer results in massive recompilation. + + Bugfix: Errors-To was flagged as a sender address, so the + address never was picked up. + + Code cleanup: support for Errors-To: headers completed. + +19980905 + + Feature: per-message exponential delivery backoff, by + looking at the amount of time a message has been queued. + Thanks, Mark Delany. + +19980906 + + Code cleanup: ripped out the per-host exponential backoff + code. It was broken by 19980818. It was probably a bad idea + anyway, because it required per-host, in-core, state kept + by the queue manager. All we do now is to keep state for + $minimal_backoff_time seconds, but only for a limited number + of hosts. Daniel Eisenbud spotted the problem. + + Lost feature: the SMTP session transcripts now show who + said what. This feature was inadvertently dropped during + development. Thanks, Daniel Eisenbud, for reminding. + + Documentation: the hard-coded rewriting process of the + trivial-rewrite program is described in html/rewrite.html. + + Feature: the local delivery agent now does alias lookups + before and after chopping off the recipient subaddress. + This allows you to forward user-anything to another user, + without losing the ability to redirect specific user-foo + addresses. + +19980909 + + Feature: the smtp client now logs a warning that a server + sends a greeting banner with the client's hostname, which + could imply a mailer loop. + +19980910 + + Feature: separate canonical maps for sender and recipient + address rewriting, so that you can rewrite an ugly sender + address and still forward mail to that same ugly address + without creating a mailer loop. Files: cleanup_envelope.c, + cleanup_message.c, cleanup_rewrite.c. + +19980911 + + Feature: virtual maps now support multiple addresses on + the right-hand side. In the case of virtual domains this + can eliminate the need for address expansion via local + aliases, making virtual domains much easier to administer. + This required that I moved the virtual table lookups from + the queue manager to the cleanup service, so that every + recipient has an on-disk status record. Files: qmgr.c, + qmgr_message.c, cleanup_envelope.c, cleanup_rewrite.c, + cleanup_virtual.c. + + Feature: sendmail/mailq/newaliases pass on the -v flag to + the program that they end up running, to make debugging a + little easier. + +19980914 + + Bugfix: some anti-spam measures didn't recognize some + addresses as local and would do too much work. File: + smtpd_check.c. + + Bugfix: the smtp sender/recipient table lookup restriction + destroyed global data, so that other restrictions could + break. File: smtpd_check.c. + + Bugfix: after vmailer reload, single-threaded servers could + exit before flushing unwritten data to the client. Example: + cleanup would exit before acking success to pickup, so the + message would be delivered twice. Bug reported by Brian + Candler. + + Cleanup: removed spurious error output from vmailer-script. + Reported by Brian Candler. + + Tolerance: ignore non-numeric SMTP server responses. There's + lot of brain damage out there on the net. + +19980915 + + Feature: the smtp-sink benchmark tool now announces itself + with a neutral name so that it can be run on the same + machine as VMailer, without causing Postfix to complain + about a mailer loop. + + Robustness: on LINUX, vmailer-script now does chattr +S to + force synchronous directory updates. Fix developed with + Chris Wedgwood. + +19980916 + + Bugfix: when transforming an RFC 822 address to external + form, there is no need to quote " characters in comments. + This didn't break anything, it just looked ugly. File: + global/tok822_parse.c + +19980917 + + Workaround: with deliveries to /file/name, use fsync() and + ftruncate() only on regular files. File: local/file.c + + Workaround: the plumbing code in master_spawn.c didn't + check if it was dup2()/close()ing a descriptor to itself + then closing it. Will have to redo the plumbing later. + +19980918 + + Workaround: on multiprocessor Solaris machines, one-second + rollover appears to happen on different CPUs at slightly + different times. Made the queue manager more tolerant for + such things. Problem reported by Daniel Eisenbud. + + Workaround: in preparation for deployment with a network-shared + maildrop directory. make pickup more tolerant against clock + drift between clients and servers. + +19980921 + + New vstream_popen() module that opens a two-way channel + across a socketpair-based pipe. This module isn't being + used yet; it is here only to complete the vstream code. + +19980922 + + Code cleanup: the xxx_server_main() interface for master + child processes now uses a name-value argument list instead + of an ugly and inflexible data structure. + + Bugfix: moved the test if a non-interactive process is run + by hand, so that the "don't do this" error message can be + printed to stderr before any significant processing. + + Bugfix: smtpd now can talk to unix-domain sockets without + bailing out on a peer lookup problem. Files: smtpd/smtpd.c, + util/peer_name.c. + + Safety: by default, the postmaster is no longer informed + of protocol problems, policy violations or bounces. + + Safety: the SMTP server now sleeps before sending a [45]xx + error response, in order to prevent clients from hammering + the server with a connect/error/disconnect loop. Parameter: + smtpd_error_sleep_time (default: 5). + + Feature: the logging facility is compile-time configurable + (e.g., make makefiles "CCARGS=-DLOG_FACILITY=LOG_LOCAL1"). + +19980923 + + Bugfix: changed virtual/canonical map search order from + (user@domain, @domain, user) to (user@domain, user, @domain) + so the search order is most specific to least specific. + File: global/addr_map.c, lots of documentation. + + Bugfix: after the change of 19980910, cleanup_message + extracted recipients from Reply-To: etc. headers. Found + by Lamont Jones. + +19980925 + + Bugfix: the change in virtual/canonical map search order + broke @domain entries; they would never be looked up if + the address matched $myorigin or $mydestinations. Found by + Chip Christian who now regrets asking for the change. + + Bugfix: cleanup initialized an error mask incorrectly, so + that it would keep writing to a file larger than the queue + file size limit, and so it would treat the error as a + recoverable one instead of sending a bounce. Thanks, Pieter + Schoenmakers. + + Bugfix: the "queue file cleanup on fatal error" action was + no longer enabled in the sendmail mail posting agent. + + Feature: the sendmail mail posting program now returns + EX_UNAVAILABLE when the size of the input exceeds the queue + file size limit. NB THIS CHANGE HAS BEEN WITHDRAWN. + +19980926 + + Code cleanup: the dotlock file locking routine is no longer + derived from Eric Allman's 4.3BSD port of mail.local. + + Code cleanup: the retry strategy of the file locking routines + dot_lockfile() and deliver_flock() is now configurable + (deliver_flock_attempts, deliver_flock_delay, deliver_flock_stale). + + Code cleanup: the master.pid lock file is now created with + symlink paranoia, and is properly locked so that PID rollover + will not cause false matches. + + Bugfix: the vbuf_print() formatting engine did not know + about the '+' format specifier. + + Cleanup: replaced unnecessary instances of stdio calls by + vstream ones. + +19980929-19981002 + + Compatibility: added support for "sendmail -q". This required + a change to the queue manager trigger protocol, and a code + reorganization of the way queue scans were done. The queue + manager socket now has become public. + +19981002 + + SMTPD now logs "lost connection after end-of-message" + instead of "lost connection after DATA". + +19981005 + + More bullet proofing: timeouts on all triggers. + +19981006 + + Bugfix: make the number of cleanup processes unlimited, in + order to avoid deadlock. The number of instances needed is + one per smtp/pickup process, and an indeterminate number + per local delivery agent. Thanks, Thanks, David Miller and + Terry Lorrah for cleueing me in. + + Bugfix: "sendmail -t" extracted recipients weren't subjected + to virtual mapping. Daniel Eisenbud strikes again. + +19981007 + + Compatibility: if the first input line ends in CRLF, the + sendmail posting agent will treat all CRLF as LF. Otherwise, + CRLF is left alone. This is a compromise between sendmail + compatibility (all lines end in CRLF) and binary transparency + (some, but not all, lines contain CRLF). + +19981008 + + Robustness: stop recursive virtual expansion when the + left-hand side appears in its own expansion. + +19981009 + + Portability: trigger servers such as pickup and qmgr can + now use either FIFOs or UNIX-domain sockets; hopefully at + least one of them works properly. Trigger clients were + already capable of using either form of local IPC. + +19981011 + + Feature: masquerading. Strip subdomains from domains listed + in $masquerade_domains. Exception: envelope recipients are + left alone, in order to not screw up routing. + +19981015 + + Code cleanup: moved the recipient duplicate filter from + the user-level sendmail posting agent to the semi-resident + cleanup service, so that the filter operates on the output + from address canonicalization and of virtual expansion, + instead of operating on their inputs. + +19981016 + + Bugfix: after kill()ing a bunch of child processes, wait() + sometimes fails before all children have been reaped, and + must be called again, or the master will SIGSEGV later. + Problem reported by Scott Cotton. + + Workaround: don't log a complaint when an SMTP client goes + away without sending QUIT. + +19981018 + + Workaround: Solaris 2.5 ioctl SIOCGIFCONF returns a hard + error (EINVAL) when the result buffer is not large enough. + This can happen on systems with many real or virtual + interfaces. File: util/inet_addr_local.c. Problem reported + by Scott Cotton. + + Workaround: the optional HELO/EHLO hostname syntax check + now allows a single trailing dot. + + Workaround: with UNIX-domain sockets, LINUX connect() blocks + until the server calls accept(). File: qmgr/qmgr_transport.c. + Terry Lorrah and Scott Cotton provided the necessary + evidence. + +19981020 + + Robustness: recursive canonical mapping terminates when + the result stops changing. + + Code cleanup: reorganized the address rewriting and mapping + code in the cleanup service, to make it easier to implement + the previous enhancement. + +19981022 + + Code cleanup: more general queue scanning programming + interface, in preparation for hashed queues. File: + qmgr/qmgr_scan.c. + + Bugfix: a non-FIFO server with a process limit of 1 has a + too short listen queue. Until now this was not a problem + because only FIFO servers had a process limit of 1, and + FIFOs have no listen queue. Fix: always configure a listen + queue of proc_limit or more. File: master/master_listen.c. + +19981023 + + Feature: by popular request, mail delay is logged when + delivering, bouncing or deferring mail. + +19981024 + + Cleanup: double-bounce mail is now absorbed by the queue + manager, instead of the local delivery agent, so that the + mail system will not go mad when no local delivery agent + is configured. + +19981025 + + Cleanup: moved the relocated table from the local delivery + agent to the queue manager, so that the table can also be + used for virtual addresses. + + Code reorg: in order for the queue manager to absorb + recipients, the queue file has to stay open until all + recipients have been assigned to a destination queue. + +19981026 + + vmlogger command, so that vmailer-script logging becomes + consistent with the rest of the VMailer system. + + Code reorg: logger interface now can handle multiple output + handlers (e.g. syslog and stderr stream). + + Bugfix: a first line starting with whitespace is no longer + treated as an extension of our own Received: header. Files: + smtpd/smtpd.c, pickup/pickup.c. + +19981027 + + Bugfix: the bang-path swapping code went into a loop on an + address consisting of just a single !. Eilon Gishri had + the privilege of finding this one. + + Workaround: the non-blocking UNIX-domain socket connect is + now enabled only on systems that need it. It may cause + kernel trouble on Solaris 2.x. + + Bugfix: the resolver didn't implement bangpath swapping, + so that mail for site!user@mydomain would be delivered to + a local user named "site!user". + +19981028 + + Cleanup: a VSTREAM can now use different file descriptors + for reading and writing. This was necessary to prevent + "sendmail -bs" and showq from writing to stdin. Eilon Gishri + observed the problem. + +19981029 + + The RFC 822 address manipulation routines no longer give + special attention to 8-bit data. Files: global/tok822_parse.c, + global/quote_822_local.c. + + Bugfix: host:port and other non-domain stuff is no longer + allowed in mail addresses. File: qmgr/qmgr_message.c. + + Workaround: LINUX accept() wakes up before the three-way + handshake is complete, so it can fail with ECONNRESET. + Files: master/single_server.c, master/multi_server.c. + + Feature: when delivering to user+foo, try ~user/.forward+foo + before trying ~user/.forward. + + Bugfix: smtpd in "sendmail -bs" (stand-alone) mode didn't + clean up when terminated by a signal. + + Bugfix: smtpd in "sendmail -bs" (stand-alone) mode should + not try to enforce spam controls because it cannot access + the address rewriting machinery. + + Cleanup: the percent hack (user%domain -> user@domain) is + now configurable (allow_percent_hack, default: yes). + + Bugfix: daemons in -S (stand-alone) mode didn't change + directory to the queue. This was no problem with daemons + run by the sendmail compatibility program. + +19981030 + + Feature: when virtual/canonical/relocated lookup fails for + an address that contains the optional recipient delimiter + (e.g., user+foo@domain), the search is done again with the + unextended address (e.g., user@domain). File: global/addr_find.c. + + Code reorg: the address searching is now implemented by a + separate module global/addr_find.c, so that the same code + can be used for both (non-mapping) relocated table lookups + and for canonical and virtual mapping. The actual mapping + is still done in the global/addr_map.c module. + + Robustness: the SMTP client now skips hosts that don't send + greeting banner text. File: smtp/smtp_connect.c + + Feature: preliminary support to disable delivered-to. This + is desirable for mailing list managers that don't want to + advertise internal aliases. + + Generic support: when the recipient_feature_delimiter + configuration parameter is set, the local delivery agent + uses it to split the recipient localpart into fields. Any + field that has a known name such as "nodelivered" enables + the corresponding delivery feature. + +19981031 + + Code reorg: address splitting on recipient delimiter is + now centralized in global/split_addr.c, which knows about + all reserved names that should never be split. + + Robustness: when a request for an internal service cannot + be satisfied because the master has terminated, terminate + instead of trying to reach the service every 30 seconds. + + Safety: the local delivery agent now runs as vmailer most + of the time, just like pickup and pipe. Files: local/local.c, + local/mailbox.c + +19981101 + + Compatibility: the tokenizer for alias/forward/etc. + expansion now updates an optional counter with the number + of destinations found; If no destinations is found in a + .forward file, deliver to the mailbox instead. Thanks, + Daniel Eisenbud, for showing the way to go. + + Robustness: the pickup daemon should always include a + posting-time record, even when the sendmail posting agent + didn't. However, just like before, user-provided posting + times will be ignored. Ollivier Robert found this one. + + Robustness: duplicate entries in aliases or maps now cause + a warning instead of a fatal error (and an incomplete file). + + Robustness: mkmap now prints a warning when an entry is in + "key: value" format, which is the format expected for alias + databases, not for maps. + + Portability: on LINUX, prepend "+" to the getopt() options + string so that getopt() will stop at the first non-option + argument. Suggestion by Marco d'Itri. + +19981103 + + Cleaned up the set_eugid() and open_as() implementations, + and added stat_as() and fstat_as() so that the local delivery + agent would look up include files and .forward files with + the right privileges. + +19981104 + + Bugfix: the :include: routine now stat()s/open()s files + included by root-owned aliases as root, not as nobody. + + Bugfix: the master crashed when a service with wakeup timer + was disabled or renamed. Fix: eliminate some pathological + coupling between process management and wakeup management. + + Feature: partial implementation of ETRN (causes a full + deferred queue scan). Thanks Lamont Jones for reminding me + that things can be useful already before they are perfect. + + Cleanup: simplified the SMTPD tokenizer. + + Bugfix: sendmail -bs didn't properly notify the mail system + of new mail. + + Compatibility: the MAIL FROM and RCPT TO commands now accept + the most common address forms without enclosing <>. The <> + is still needed for addresses that contain a "string", an + [address], or a colon (:). + +19981105 + + Bugfix: "master -t" would claim that the master runs when + in fact the pid directory does not exist, causing trouble + with first time startup (reported by several). + + Portability: added a sane_accept() module that maps all + beneficial accept() error results to EAGAIN. According to + private communication with Alan Cox, Linux 2.0.x accept() + can return a variety of error conditions, so we play safe + and allow for any error that may happen because SYN+ACK + could not be sent. + + Portability: NETBSD1 uses dotlock files (Perry Metzger). + + Bugfix: the local delivery agent did not canonicalize + owner-foo sender addresses, so that local users would see + owner-foo instead of owner-foo@$myorigin (Perry Metzger). + + OPENSTEP4 support, similar to NEXTSTEP3 (Gerben Wierda). + +19981106 + + Portability: the master startup would take a long time on + AIX because AIX has a very large per-process open file + limit. Fix is to check the status of only the first couple + hundred file descriptors instead. File: master/master.c. + + Bugfix: mail to user@[net.work.addr.ess] was broken because + of a reversed test. File: qmgr/qmgr_message.c. + +19981107 + + Compatibility: don't clobber the envelope sender address + when an alias has no owner-foo alias (problem diagnosed by + Christophe Kalt). + + Bugfix: mail to local users in include files would be + delivered directly if the alias didn't have an owner-foo + alias, and if the alias database and include file were + owned by root. + + Feature: with user+foo addresses, any +foo address extension + that is not explicitly matched in canonical, virtual or + alias databases is propagated to the table lookup result. + +19981108 + + Bugfix: minor memory leak in the user+foo table lookup + code. + + Configurability: specify virtual.domain in the virtual map, + and mail for unknown@virtual.domain will bounce automatically. + The $relay_domains default value now includes $virtual_maps, + so the SMTP server will accept mail for the domain. Marco + d'Itri put me on the right track. + + Configurability: The mydestinations configuration parameter + now accepts /file/name expressions and type:name lookup + tables. + + Code cleanup: in order to make the previous two enhancements + possible, revised the string/host/address matching engine + so it can handle any mixture of strings, /file/name patterns + and type:name lookup tables. Files: util/match_{list,ops}.c, + global/{domain,namadr,string}_list.c. + +19981110 + + Code cleanup: replaced remaining isxxx() calls by ISXXX(). + +19981111 + + Bugfix: the "bounce unknown virtual user" code was in the + wrong place. Problem tackled with help of Chip Christian. + + Portability: reportedly, Solaris 2.5.1 can hang waiting + for a UNIX-domain connection to be accepted, so it gets + the same workaround that was designed for LINUX. Problem + reported by Scott Cotton. + +19981112 + + Management: "vmailer stop" now allows delivery agents to + finish what they are doing, like "vmailer reload". + + Management; "vmailer abort" causes immediate termination. + + Workaround: zombie processes pile up with HP-UX. Reason: + select() does not return upon SIGCHLD when SA_RESTART is + specified to sigaction(). Workaround: shorten the select() + timer to 10 seconds, #ifdef BRAINDEAD_SELECT_RESTARTS. + Thanks, Lamont Jones. + +19981117 + + Rename: VMailer is now Postfix. Sigh. + +19981118 + + Cleanup: generalized the safe_open() routine so that it is + no longer limited to mailbox files, lock files, etc. + + Bugfix (found during code review): vstream*printf() could + run off the end of a stream buffer after an I/O error, + because vbuf_print() ignored the result from VBUF_SPACE(). + + Bugfix (found during code review): resolve_local() could + clobber its argument, but the docs didn't say so. + +19981121 + + Cleanup: the is_header() routine now allows 8-bit data in + header labels. + +19981123 + + Bugfix (found during code review): the mail_queue_enter() + path argument wasn't optional. File: global/mail_queue.c + +19981124 + + Cleanup: eliminated redundant tests for a zero result from + vstream_fdopen(). Unlike the stdio fdopen() routine, the + vstream_fdopen() routine either succeeds or never returns. + + Bugfix: the queue manager now looks at the clock before + examining a file time stamp, to avoid spurious complaints + about time warps on busy machines. File: qmgr/qmgr_active.c. + +19981125 + + Compatibility: allow trailing dot at the end of user@domain. + Address canonicalization now strips it off. Issue brought + forward by Eilon Gishri. File: trivial-rewrite/rewrite.c. + + Robustness: changed DNS lookup order of MAIL FROM etc. + domains from MX then A to A then MX, just in case the MX + lookup fails with a server error. + + Renamed vmcat, vmlock, vmlogger, vmtrigger to postcat, + postlock, postlog, postkick. Also renamed mkmap and mkalias + to postmap and postalias. + +19981126 + + Workaround: Lamont Jones found a way for HP-UX to terminate + select() after SIGCHLD. The code is #ifdef USE_SIG_RETURN. + Files: util/sys_defs.h, master/master_sig.c. + + Bugfix: the Delivered-To: loop detection code had stopped + working, when long ago the is_header() routine was changed. + File: local/delivered.c. + +19981128 + + Bugfix: postcat opened queue files read-write, where only + read access was needed. File: postcat/postcat.c. + +19981129 + + Safety: added a sleep(1) to all fatal and panic exits. + File: util/msg.c. + +19981201 + + Robustness: postcat now insists that a file starts with a + time record. + + Consistency: added "-c config_dir" command-line options + where appropriate. + +19981202 + + Man pages, on-line version. + +19981203 + + Man pages, html version; overview documentation. + +19981206 + + Sendmail silently accepted the unsupported -qRsite and + -qSsite options. It now prints an error message and + terminates. + + Separated the contributed tree from the IBM code; moved + the LDAP and NEXTSTEP/OPENSTEP code to the contributed + source tree because obviously I didn't write it. + +19981206-9 + + Had to write a postconf configuration utility in order to + reliably find out about all configuration parameters and + their defaults. + + Documentation bugfixes by Matt Shibla, Scott Drassinower, + Greg A. Woods. + +19981209 + + On machines with short hostnames, postconf -d cored while + reporting a fatal error. It should not report that error + in the first place. Thanks, Eilon Gishri. + + Changed the FAQ entry about rejecting mail for *.my.domain + on a firewall. Chip Christian was right, I was wrong. + +19981214 + + Portability: with GNU getopt, optind is not initially 1, + breaking an assumption in sendmail/sendmail.c. Liviu Daia. + + Annoyance: on non-networked systems, don't warn that only + one network interface was found. File: global/inet_addr_local.c. + Reported by several. + + Bugfix: on non-networked systems, the smtp client assumed + that it was running in virtual host mode, and would bind + to the loopback interface. File smtp/smtp_connect.c. Liviu + Daia, again. + +19981220 + + Robustness: when looking up an A or MX record, do not give + up when the A query fails because of a server error. File + dns/dns_lookup.c. Reported by Scott Drassinower. + +19981221 + + Bugfix: "bounce mail for non-existent virtual user" didn't + work when a non-default relay host was configured in main.cf + or in the transport table. File: qmgr/qmgr_message.c. + + Bugfix: the maildrop directory should not be world-readable. + Files: conf/postfix-script, showq/showq.c. + + Documentation: fixed several omissions and errors. + + Documentation: removed references to the broken recipient + feature delimiter configuration parameter. + + Bugfix: write mailbox file as the recipient, so that file + quota work as expected. + + Bugfix: pickup would die when it tried to remove a non-file + in the maildrop directory (Jeff Wolfe). + +19981222 + + Sendmail no longer logs the queue ID when it is unable to + notify the pickup daemon. This is a late addition to the + "unreadable maildrop queue |