From owner-svn-src-all@FreeBSD.ORG Fri Dec 12 04:10:54 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C57BF20D; Fri, 12 Dec 2014 04:10:54 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AE1668B6; Fri, 12 Dec 2014 04:10:54 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sBC4AsvM080014; Fri, 12 Dec 2014 04:10:54 GMT (envelope-from gshapiro@FreeBSD.org) Received: (from gshapiro@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sBC4AoXA079991; Fri, 12 Dec 2014 04:10:50 GMT (envelope-from gshapiro@FreeBSD.org) Message-Id: <201412120410.sBC4AoXA079991@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: gshapiro set sender to gshapiro@FreeBSD.org using -f From: Gregory Neil Shapiro Date: Fri, 12 Dec 2014 04:10:50 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r275719 - in vendor/sendmail/dist: . cf cf/cf cf/feature cf/hack cf/m4 contrib devtools/bin doc/op editmap include/sendmail include/sm libmilter libsm libsmdb src X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2014 04:10:54 -0000 Author: gshapiro Date: Fri Dec 12 04:10:50 2014 New Revision: 275719 URL: https://svnweb.freebsd.org/changeset/base/275719 Log: Import sendmail 8.15.1 Added: vendor/sendmail/dist/cf/feature/bcc.m4 (contents, props changed) vendor/sendmail/dist/cf/feature/nopercenthack.m4 (contents, props changed) vendor/sendmail/dist/cf/feature/prefixmod.m4 (contents, props changed) vendor/sendmail/dist/cf/hack/xconnect.m4 (contents, props changed) vendor/sendmail/dist/contrib/AuthRealm.p0 (contents, props changed) Deleted: vendor/sendmail/dist/libsm/path.c Modified: vendor/sendmail/dist/FAQ vendor/sendmail/dist/INSTALL vendor/sendmail/dist/KNOWNBUGS vendor/sendmail/dist/README vendor/sendmail/dist/RELEASE_NOTES vendor/sendmail/dist/cf/README vendor/sendmail/dist/cf/cf/generic-bsd4.4.cf vendor/sendmail/dist/cf/cf/generic-hpux10.cf vendor/sendmail/dist/cf/cf/generic-hpux9.cf vendor/sendmail/dist/cf/cf/generic-linux.cf vendor/sendmail/dist/cf/cf/generic-mpeix.cf vendor/sendmail/dist/cf/cf/generic-nextstep3.3.cf vendor/sendmail/dist/cf/cf/generic-osf1.cf vendor/sendmail/dist/cf/cf/generic-solaris.cf vendor/sendmail/dist/cf/cf/generic-sunos4.1.cf vendor/sendmail/dist/cf/cf/generic-ultrix4.cf vendor/sendmail/dist/cf/cf/submit.cf vendor/sendmail/dist/cf/feature/ldap_routing.m4 vendor/sendmail/dist/cf/m4/proto.m4 vendor/sendmail/dist/cf/m4/version.m4 vendor/sendmail/dist/devtools/bin/Build vendor/sendmail/dist/doc/op/op.me vendor/sendmail/dist/doc/op/op.ps vendor/sendmail/dist/editmap/editmap.c vendor/sendmail/dist/include/sendmail/sendmail.h vendor/sendmail/dist/include/sm/bdb.h vendor/sendmail/dist/include/sm/cdefs.h vendor/sendmail/dist/include/sm/conf.h vendor/sendmail/dist/include/sm/errstring.h vendor/sendmail/dist/include/sm/fdset.h vendor/sendmail/dist/libmilter/engine.c vendor/sendmail/dist/libmilter/handler.c vendor/sendmail/dist/libmilter/listener.c vendor/sendmail/dist/libmilter/signal.c vendor/sendmail/dist/libmilter/worker.c vendor/sendmail/dist/libsm/Makefile.m4 vendor/sendmail/dist/libsm/errstring.c vendor/sendmail/dist/libsm/local.h vendor/sendmail/dist/libsm/mbdb.c vendor/sendmail/dist/libsm/refill.c vendor/sendmail/dist/libsm/stdio.c vendor/sendmail/dist/libsm/vfprintf.c vendor/sendmail/dist/libsmdb/smdb.c vendor/sendmail/dist/src/README vendor/sendmail/dist/src/TRACEFLAGS vendor/sendmail/dist/src/TUNING vendor/sendmail/dist/src/bf.c vendor/sendmail/dist/src/collect.c vendor/sendmail/dist/src/conf.c vendor/sendmail/dist/src/daemon.c vendor/sendmail/dist/src/deliver.c vendor/sendmail/dist/src/envelope.c vendor/sendmail/dist/src/err.c vendor/sendmail/dist/src/headers.c vendor/sendmail/dist/src/main.c vendor/sendmail/dist/src/map.c vendor/sendmail/dist/src/mci.c vendor/sendmail/dist/src/milter.c vendor/sendmail/dist/src/parseaddr.c vendor/sendmail/dist/src/queue.c vendor/sendmail/dist/src/readcf.c vendor/sendmail/dist/src/recipient.c vendor/sendmail/dist/src/savemail.c vendor/sendmail/dist/src/sendmail.0 vendor/sendmail/dist/src/sendmail.8 vendor/sendmail/dist/src/sendmail.h vendor/sendmail/dist/src/sfsasl.c vendor/sendmail/dist/src/sm_resolve.c vendor/sendmail/dist/src/srvrsmtp.c vendor/sendmail/dist/src/tls.c vendor/sendmail/dist/src/usersmtp.c vendor/sendmail/dist/src/util.c vendor/sendmail/dist/src/version.c Modified: vendor/sendmail/dist/FAQ ============================================================================== --- vendor/sendmail/dist/FAQ Fri Dec 12 03:58:51 2014 (r275718) +++ vendor/sendmail/dist/FAQ Fri Dec 12 04:10:50 2014 (r275719) @@ -1,8 +1,4 @@ The FAQ is no longer maintained with the sendmail release. It is available at http://www.sendmail.org/faq/ . -A plain-text version of the questions only, with URLs referring to -the answers, is posted to comp.mail.sendmail on the 10th and 25th -of each month. - -$Revision: 8.24 $, Last updated $Date: 1999-02-07 03:21:03 $ +$Revision: 8.25 $, Last updated $Date: 2014-01-27 12:49:52 $ Modified: vendor/sendmail/dist/INSTALL ============================================================================== --- vendor/sendmail/dist/INSTALL Fri Dec 12 03:58:51 2014 (r275718) +++ vendor/sendmail/dist/INSTALL Fri Dec 12 04:10:50 2014 (r275719) @@ -28,8 +28,9 @@ sendmail/SECURITY for more installation /etc/mail/submit.cf. This can be done in the cf/cf by using "sh ./Build install-cf". - Please read sendmail/SECURITY before continuing; you have to create a - new user smmsp and a new group smmsp for the default installation. + Please read sendmail/SECURITY before continuing; you may have to create + a new user smmsp and a new group smmsp for the default installation + if you are updating from a really old version. Then install the sendmail binary built in step 3 by cd-ing back to sendmail/ and running "sh ./Build install". Modified: vendor/sendmail/dist/KNOWNBUGS ============================================================================== --- vendor/sendmail/dist/KNOWNBUGS Fri Dec 12 03:58:51 2014 (r275718) +++ vendor/sendmail/dist/KNOWNBUGS Fri Dec 12 04:10:50 2014 (r275719) @@ -62,9 +62,9 @@ This list is not guaranteed to be comple libmilter and hence the communication fails. This can be avoided by increasing the constant MILTER_CHUNK_SIZE in include/libmilter/mfdef.h and recompiling sendmail, libmilter, and - all (statically linked) milters (or by using an undocumented compile - time option: _FFR_MAXDATASIZE; you have to read the source code in - order to use this properly). + all (statically linked) milters (or by using undocumented compile + time options: _FFR_MAXDATASIZE/_FFR_MDS_NEGOTIATE; you have to + read the source code in order to use these properly). * Sender addresses whose domain part cause a temporary A record lookup failure but have a valid MX record will be temporarily rejected in @@ -102,6 +102,11 @@ Kresolve sequence dnsmx canon Header addresses that have the \231 character (and possibly others in the range \201 - \237) behave in odd and usually unexpected ways. +* AuthRealm for Cyrus SASL may not work as expected. The man page + and the actual usage for sasl_server_new() seem to differ. + Feedback for the "correct" usage is welcome, a patch to match + the description of the man page is in contrib/AuthRealm.p0. + * accept() problem on SVR4. Apparently, the sendmail daemon loop (doing accept()s on the network) @@ -252,7 +257,7 @@ Kresolve sequence dnsmx canon * Race condition for delivery to set-user-ID files - Sendmail will deliver to a fail if the file is owned by the DefaultUser + Sendmail will deliver to a file if the file is owned by the DefaultUser or has the set-user-ID bit set. Unfortunately, some systems clear that bit when a file is modified. Sendmail compensates by resetting the file mode back to it's original settings. Unfortunately, there's still a Modified: vendor/sendmail/dist/README ============================================================================== --- vendor/sendmail/dist/README Fri Dec 12 03:58:51 2014 (r275718) +++ vendor/sendmail/dist/README Fri Dec 12 04:10:50 2014 (r275719) @@ -211,29 +211,11 @@ There are other files you should read. +--------------+ There are several related RFCs that you may wish to read -- they are -available via anonymous FTP to several sites. For a list of the -primary repositories see: - - http://www.isi.edu/in-notes/rfc-retrieval.txt - -They are also online at: +available from several sites, see + http://www.rfc-editor.org/ http://www.ietf.org/ -They can also be retrieved via electronic mail by sending -email to one of: - - mail-server@nisc.sri.com - Put "send rfcNNN" in message body - nis-info@nis.nsf.net - Put "send RFCnnn.TXT-1" in message body - sendrfc@jvnc.net - Put "RFCnnn" as Subject: line - -For further instructions see: - - http://www.isi.edu/in-notes/rfc-editor/rfc-info - Important RFCs for electronic mail are: RFC821 SMTP protocol Modified: vendor/sendmail/dist/RELEASE_NOTES ============================================================================== --- vendor/sendmail/dist/RELEASE_NOTES Fri Dec 12 03:58:51 2014 (r275718) +++ vendor/sendmail/dist/RELEASE_NOTES Fri Dec 12 04:10:50 2014 (r275719) @@ -5,6 +5,124 @@ This listing shows the version of the se of the sendmail configuration files, the date of release, and a summary of the changes in that release. +8.15.1/8.15.1 2014/12/06 + SECURITY: Properly set the close-on-exec flag for file descriptors + (except stdin, stdout, and stderr) before executing mailers. + If header rewriting fails due to a temporary map lookup failure, + queue the mail for later retry instead of sending it + without rewriting the header. Note: this is done + while the mail is being sent and hence the transaction + is aborted, which only works for SMTP/LMTP mailers + hence the handling of temporary map failures is + suppressed for other mailers. SMTP/LMTP servers may + complain about aborted transactions when this problem + occurs. + See also "DNS Lookups" in sendmail/TUNING. + Incompatible Change: Use uncompressed IPv6 addresses by default, + i.e., they will not contain "::". For example, + instead of ::1 it will be 0:0:0:0:0:0:0:1. This + permits a zero subnet to have a more specific match, + such as different map entries for IPv6:0:0 vs IPv6:0. + This change requires that configuration data + (including maps, files, classes, custom ruleset, + etc) must use the same format, so make certain such + configuration data is updated before using 8.15. + As a very simple check search for patterns like + 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. If necessary, + the prior format can be retained by compiling with: + APPENDDEF(`conf_sendmail_ENVDEF', `-DIPV6_FULL=0') + in your devtools/Site/site.config.m4 file. + If debugging is turned on (-d0.14) also print the OpenSSL + versions, both build time and run time + (provided STARTTLS is compiled in). + If a connection to the MTA is dropped by the client before its + hostname can be validated, treat it as "may be forged", + so that the unvalidated hostname is not passed to a + milter in xxfi_connect(). + Add a timeout for communication with socket map servers + which can be specified using the -d option. + Add a compile time option HESIOD_ALLOW_NUMERIC_LOGIN to allow + numeric logins even if HESIOD is enabled. + The new option CertFingerprintAlgorithm specifies the finger- + print algorithm (digest) to use for the presented cert. + If the option is not set, md5 is used and the macro + {cert_md5} contains the cert fingerprint. + However, if the option is set, the specified algorithm + (e.g., sha1) is used and the macro {cert_fp} contains + the cert fingerprint. + That is, as long as the option is not set, the behaviour + does not change, but otherwise, {cert_md5} is superseded + by {cert_fp} even if you set CertFingerprintAlgorithm + to md5. + The options ServerSSLOptions and ClientSSLOptions can be used + to set SSL options for the server and client side + respectively. See SSL_CTX_set_options(3) for a list. + Note: this change turns on SSL_OP_NO_SSLv2 and + SSL_OP_NO_TICKET for the client. See doc/op/op.me + for details. + The option CipherList sets the list of ciphers for STARTTLS. + See ciphers(1) for possible values. + Do not log "STARTTLS: internal error: tls_verify_cb: ssl == NULL" + if a CRLFfile is in use (and LogLevel is 14 or higher.) + Store a more specific TLS protocol version in ${tls_version} + instead of a generic one, e.g., TLSv1 instead of + TLSv1/SSLv3. + Properly set {client_port} value on little endian machines. + Patch from Kelsey Cummings of Sonic.net. + Per RFC 3848, indicate in the Received: header whether SSL or + SMTP AUTH was negotiated by setting the protocol clause + to ESMTPS, ESMTPA, or ESMTPSA instead of ESMTP. + If the 'C' flag is listed as TLSSrvOptions the requirement for the + TLS server to have a cert is removed. This only works + under very specific circumstances and should only be used + if the consequences are understood, e.g., clients + may not work with a server using this. + The options ClientCertFile, ClientKeyFile, ServerCertFile, and + ServerKeyFile can take a second file name, which must be + separated from the first with a comma (note: do not use + any spaces) to set up a second cert/key pair. This can + be used to have certs of different types, e.g., RSA + and DSA. + A new map type "arpa" is available to reverse an IP (IPv4 or IPv6) + address. It returns the string for the PTR lookup, but + without trailing {ip6,in-addr}.arpa. + New operation mode 'C' just checks the configuration file, e.g., + sendmail -C new.cf -bC + will perform a basic syntax/consistency check of new.cf. + The mailer flag 'I' is deprecated and will be removed in a + future version. + Allow local (not just TCP) socket connections to the server, e.g., + O DaemonPortOptions=Family=local, Addr=/var/mta/server.sock + can be used. + If the new option MaxQueueAge is set to a value greater than zero, + entries in the queue will be retried during a queue run + only if the individual retry time has been reached which + is doubled for each attempt. The maximum retry time is + limited by the specified value. + New DontBlameSendmail option GroupReadableDefaultAuthInfoFile + to relax requirement for DefaultAuthInfo file. + Reset timeout after receiving a message to appropriate value if + STARTTLS is in use. Based on patch by Kelsey Cummings + of Sonic.net. + Report correct error messages from the LDAP library for a range of + small negative return values covering those used by OpenLDAP. + Fix compilation with Berkeley DB 5.0 and 6.0. Patch from + Allan E Johannesen of Worcester Polytechnic Institute. + CONFIG: FEATURE(`nopercenthack') takes one parameter: reject or + nospecial which describes whether to disallow "%" in the + local part of an address. + DEVTOOLS: Fix regression in auto-detection of libraries when only + shared libraries are available. Problem reported by + Bryan Costales. + LIBMILTER: Mark communication socket as close-on-exec in case + a user's filter starts other applications. + Based on patch from Paul Howarth. + Portability: + SunOS 5.12 has changed the API for sigwait(2) to conform + with XPG7. Based on patch from Roger Faulkner of Oracle. + Deleted Files: + libsm/path.c + 8.14.9/8.14.9 2014/05/21 SECURITY: Properly set the close-on-exec flag for file descriptors (except stdin, stdout, and stderr) before executing mailers. @@ -681,7 +799,7 @@ summary of the changes in that release. LIBMILTER: The "hostname" argument of the xxfi_connect() callback previously was the equivalent of {client_ptr}. However, this did not match the documentation of the function, hence - it has been changed to {client_name}. See doc/op/op.* + it has been changed to {client_name}. See doc/op/op.me about these macros. 8.13.7/8.13.7 2006/06/14 @@ -3509,11 +3627,11 @@ summary of the changes in that release. Add new STARTTLS related options CACERTPath, CACERTFile, ClientCertFile, ClientKeyFile, DHParameters, RandFile, ServerCertFile, and ServerKeyFile. These are documented in - cf/README and doc/op/op.*. + cf/README and doc/op/op.me. New STARTTLS related macros: ${cert_issuer}, ${cert_subject}, ${tls_version}, ${cipher}, ${cipher_bits}, ${verify}, ${server_name}, and ${server_addr}. These are documented - in cf/README and doc/op/op.*. + in cf/README and doc/op/op.me. Add support for the Entropy Gathering Daemon (EGD) for better random data. New DontBlameSendmail option InsufficientEntropy for systems which Modified: vendor/sendmail/dist/cf/README ============================================================================== --- vendor/sendmail/dist/cf/README Fri Dec 12 03:58:51 2014 (r275718) +++ vendor/sendmail/dist/cf/README Fri Dec 12 04:10:50 2014 (r275719) @@ -397,6 +397,10 @@ SMTP_MAILER_CHARSET [undefined] If defin that ARRIVE from an address that resolves to one of the SMTP mailers and which are converted to MIME will be labeled with this character set. +RELAY_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data + that ARRIVE from an address that resolves to the + relay mailers and which are converted to MIME will + be labeled with this character set. SMTP_MAILER_LL [990] The maximum line length for SMTP mailers (except the relay mailer). RELAY_MAILER_LL [2040] The maximum line length for the relay mailer. @@ -743,6 +747,16 @@ nouucp Don't route UUCP addresses. Thi 2. don't remove "!" from OperatorChars if `reject' is given as parameter. +nopercenthack Don't treat % as routing character. This feature takes one + parameter: + `reject': reject addresses which have % in the local + part unless it originates from a system + that is allowed to relay. + `nospecial': don't do anything special with %. + Warnings: 1. See the notice in the anti-spam section. + 2. Don't remove % from OperatorChars if `reject' is + given as parameter. + nocanonify Don't pass addresses to $[ ... $] for canonification by default, i.e., host/domain names are considered canonical, except for unqualified names, which must not be used in this @@ -2442,17 +2456,19 @@ should only be used for sites which have that they provide a gateway for. Use this FEATURE with caution as it can allow spammers to relay through your server if not setup properly. -NOTICE: It is possible to relay mail through a system which the anti-relay -rules do not prevent: the case of a system that does use FEATURE(`nouucp', -`nospecial') (system A) and relays local messages to a mail hub (e.g., via -LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use -FEATURE(`nouucp') at all, addresses of the form - would be relayed to . -System A doesn't recognize `!' as an address separator and therefore -forwards it to the mail hub which in turns relays it because it came from -a trusted local host. So if a mailserver allows UUCP (bang-format) -addresses, all systems from which it allows relaying should do the same -or reject those addresses. +NOTICE: It is possible to relay mail through a system which the +anti-relay rules do not prevent: the case of a system that does use +FEATURE(`nouucp', `nospecial') / FEATURE(`nopercenthack', `nospecial') +(system A) and relays local messages to a mail hub (e.g., via +LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use the +same feature (nouucp / nopercenthack) at all, addresses of the form + / +would be relayed to . +System A doesn't recognize `!' / `%' as an address separator and +therefore forwards it to the mail hub which in turns relays it +because it came from a trusted local host. So if a mailserver +allows UUCP (bang-format) / %-hack addresses, all systems from which +it allows relaying should do the same or reject those addresses. As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has an unresolvable domain (i.e., one that DNS, your local name service, @@ -3990,6 +4006,13 @@ confWORK_TIME_FACTOR RetryFactor [90000] confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: Priority, Host, Filename, Random, Modification, or Time. +confMAX_QUEUE_AGE MaxQueueAge [undefined] If set to a value greater + than zero, entries in the queue + will be retried during a queue run + only if the individual retry time + has been reached which is doubled + for each attempt. The maximum retry + time is limited by the specified value. confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job must sit in the queue between queue runs. This allows you to set the @@ -4208,7 +4231,7 @@ confAUTH_MECHANISMS AuthMechanisms [GSSA confAUTH_REALM AuthRealm [undefined] The authentication realm that is passed to the Cyrus SASL library. If no realm is specified, - $j is used. + $j is used. See KNOWNBUGS. confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains authentication information for outgoing connections. This file must @@ -4241,6 +4264,14 @@ confTLS_SRV_OPTIONS TLSSrvOptions If thi verification is performed, i.e., the server doesn't ask for a certificate. +confSERVER_SSL_OPTIONS ServerSSLOptions [undefined] SSL related + options for server side. See + SSL_CTX_set_options(3) for a list. +confCLIENT_SSL_OPTIONS ClientSSLOptions [undefined] SSL related + options for client side. See + SSL_CTX_set_options(3) for a list. +confCIPHER_LIST CipherList [undefined] Cipher list for TLS. + See ciphers(1) for possible values. confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map specification for LDAP maps. The value should only contain LDAP @@ -4281,6 +4312,10 @@ confRAND_FILE RandFile [undefined] File requires this option if the compile flag HASURANDOM is not set (see sendmail/README). +confCERT_FINGERPRINT_ALGORITHM CertFingerprintAlgorithm + [undefined] The fingerprint algorithm + (digest) to use for the presented + cert. confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of queue runners is set the given value (nice(3)). Modified: vendor/sendmail/dist/cf/cf/generic-bsd4.4.cf ============================================================================== --- vendor/sendmail/dist/cf/cf/generic-bsd4.4.cf Fri Dec 12 03:58:51 2014 (r275718) +++ vendor/sendmail/dist/cf/cf/generic-bsd4.4.cf Fri Dec 12 04:10:50 2014 (r275719) @@ -16,8 +16,8 @@ ##### ##### SENDMAIL CONFIGURATION FILE ##### -##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:51 PDT 2014 -##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf +##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014 +##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf ##### using ../ as configuration include directory ##### ###################################################################### @@ -122,7 +122,7 @@ DnMAILER-DAEMON CPREDIRECT # Configuration version number -DZ8.14.9 +DZ8.15.1 ############### @@ -259,6 +259,9 @@ O PrivacyOptions=authwarnings # minimum time in queue before retry #O MinQueueAge=30m +# maximum time in queue before retry (if > 0; only for exponential delay) +#O MaxQueueAge + # how many jobs can you process in the queue? #O MaxQueueRunSize=0 @@ -509,6 +512,12 @@ O MaxHeadersLength=32768 # SMTP STARTTLS server options #O TLSSrvOptions +# SSL cipherlist +#O CipherList +# server side SSL options +#O ServerSSLOptions +# client side SSL options +#O ClientSSLOptions # Input mail filters #O InputMailFilters @@ -532,6 +541,8 @@ O MaxHeadersLength=32768 #O DHParameters # Random data source (required for systems without /dev/urandom under OpenSSL) #O RandFile +# fingerprint algorithm (digest) to use for the presented cert +#O CertFingerprintAlgorithm # Maximum number of "useless" commands before slowing down #O MaxNOOPCommands=20 @@ -539,6 +550,8 @@ O MaxHeadersLength=32768 # Name to use for EHLO (defaults to $j) #O HeloName + + ############################ # QUEUE GROUP DEFINITIONS # ############################ @@ -651,6 +664,7 @@ R$* % $* $1 @ $2 First make them all R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish + # else we must be a local name R$* $@ $>Canonify2 $1 @@ -783,6 +797,7 @@ R$* $=O $* < @ *LOCAL* > $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... R$* < @ *LOCAL* > $: $1 + # # Parse1 -- the bottom half of ruleset 0. # @@ -820,6 +835,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ R$=L $#local $: @ $1 special local names R$+ $#local $: $1 regular local names + + ########################################################################### ### Ruleset 5 -- special rewriting after aliases have been expanded ### ########################################################################### Modified: vendor/sendmail/dist/cf/cf/generic-hpux10.cf ============================================================================== --- vendor/sendmail/dist/cf/cf/generic-hpux10.cf Fri Dec 12 03:58:51 2014 (r275718) +++ vendor/sendmail/dist/cf/cf/generic-hpux10.cf Fri Dec 12 04:10:50 2014 (r275719) @@ -16,8 +16,8 @@ ##### ##### SENDMAIL CONFIGURATION FILE ##### -##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:51 PDT 2014 -##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf +##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014 +##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf ##### using ../ as configuration include directory ##### ###################################################################### @@ -123,7 +123,7 @@ DnMAILER-DAEMON CPREDIRECT # Configuration version number -DZ8.14.9 +DZ8.15.1 ############### @@ -260,6 +260,9 @@ O PrivacyOptions=authwarnings # minimum time in queue before retry #O MinQueueAge=30m +# maximum time in queue before retry (if > 0; only for exponential delay) +#O MaxQueueAge + # how many jobs can you process in the queue? #O MaxQueueRunSize=0 @@ -510,6 +513,12 @@ O MaxHeadersLength=32768 # SMTP STARTTLS server options #O TLSSrvOptions +# SSL cipherlist +#O CipherList +# server side SSL options +#O ServerSSLOptions +# client side SSL options +#O ClientSSLOptions # Input mail filters #O InputMailFilters @@ -533,6 +542,8 @@ O MaxHeadersLength=32768 #O DHParameters # Random data source (required for systems without /dev/urandom under OpenSSL) #O RandFile +# fingerprint algorithm (digest) to use for the presented cert +#O CertFingerprintAlgorithm # Maximum number of "useless" commands before slowing down #O MaxNOOPCommands=20 @@ -540,6 +551,8 @@ O MaxHeadersLength=32768 # Name to use for EHLO (defaults to $j) #O HeloName + + ############################ # QUEUE GROUP DEFINITIONS # ############################ @@ -652,6 +665,7 @@ R$* % $* $1 @ $2 First make them all R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish + # else we must be a local name R$* $@ $>Canonify2 $1 @@ -784,6 +798,7 @@ R$* $=O $* < @ *LOCAL* > $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... R$* < @ *LOCAL* > $: $1 + # # Parse1 -- the bottom half of ruleset 0. # @@ -821,6 +836,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ R$=L $#local $: @ $1 special local names R$+ $#local $: $1 regular local names + + ########################################################################### ### Ruleset 5 -- special rewriting after aliases have been expanded ### ########################################################################### Modified: vendor/sendmail/dist/cf/cf/generic-hpux9.cf ============================================================================== --- vendor/sendmail/dist/cf/cf/generic-hpux9.cf Fri Dec 12 03:58:51 2014 (r275718) +++ vendor/sendmail/dist/cf/cf/generic-hpux9.cf Fri Dec 12 04:10:50 2014 (r275719) @@ -16,8 +16,8 @@ ##### ##### SENDMAIL CONFIGURATION FILE ##### -##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:51 PDT 2014 -##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf +##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014 +##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf ##### using ../ as configuration include directory ##### ###################################################################### @@ -123,7 +123,7 @@ DnMAILER-DAEMON CPREDIRECT # Configuration version number -DZ8.14.9 +DZ8.15.1 ############### @@ -260,6 +260,9 @@ O PrivacyOptions=authwarnings # minimum time in queue before retry #O MinQueueAge=30m +# maximum time in queue before retry (if > 0; only for exponential delay) +#O MaxQueueAge + # how many jobs can you process in the queue? #O MaxQueueRunSize=0 @@ -510,6 +513,12 @@ O MaxHeadersLength=32768 # SMTP STARTTLS server options #O TLSSrvOptions +# SSL cipherlist +#O CipherList +# server side SSL options +#O ServerSSLOptions +# client side SSL options +#O ClientSSLOptions # Input mail filters #O InputMailFilters @@ -533,6 +542,8 @@ O MaxHeadersLength=32768 #O DHParameters # Random data source (required for systems without /dev/urandom under OpenSSL) #O RandFile +# fingerprint algorithm (digest) to use for the presented cert +#O CertFingerprintAlgorithm # Maximum number of "useless" commands before slowing down #O MaxNOOPCommands=20 @@ -540,6 +551,8 @@ O MaxHeadersLength=32768 # Name to use for EHLO (defaults to $j) #O HeloName + + ############################ # QUEUE GROUP DEFINITIONS # ############################ @@ -652,6 +665,7 @@ R$* % $* $1 @ $2 First make them all R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish + # else we must be a local name R$* $@ $>Canonify2 $1 @@ -784,6 +798,7 @@ R$* $=O $* < @ *LOCAL* > $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... R$* < @ *LOCAL* > $: $1 + # # Parse1 -- the bottom half of ruleset 0. # @@ -821,6 +836,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ R$=L $#local $: @ $1 special local names R$+ $#local $: $1 regular local names + + ########################################################################### ### Ruleset 5 -- special rewriting after aliases have been expanded ### ########################################################################### Modified: vendor/sendmail/dist/cf/cf/generic-linux.cf ============================================================================== --- vendor/sendmail/dist/cf/cf/generic-linux.cf Fri Dec 12 03:58:51 2014 (r275718) +++ vendor/sendmail/dist/cf/cf/generic-linux.cf Fri Dec 12 04:10:50 2014 (r275719) @@ -16,8 +16,8 @@ ##### ##### SENDMAIL CONFIGURATION FILE ##### -##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:51 PDT 2014 -##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf +##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014 +##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf ##### using ../ as configuration include directory ##### ###################################################################### @@ -127,7 +127,7 @@ DnMAILER-DAEMON CPREDIRECT # Configuration version number -DZ8.14.9 +DZ8.15.1 ############### @@ -264,6 +264,9 @@ O PrivacyOptions=authwarnings # minimum time in queue before retry #O MinQueueAge=30m +# maximum time in queue before retry (if > 0; only for exponential delay) +#O MaxQueueAge + # how many jobs can you process in the queue? #O MaxQueueRunSize=0 @@ -514,6 +517,12 @@ O MaxHeadersLength=32768 # SMTP STARTTLS server options #O TLSSrvOptions +# SSL cipherlist +#O CipherList +# server side SSL options +#O ServerSSLOptions +# client side SSL options +#O ClientSSLOptions # Input mail filters #O InputMailFilters @@ -537,6 +546,8 @@ O MaxHeadersLength=32768 #O DHParameters # Random data source (required for systems without /dev/urandom under OpenSSL) #O RandFile +# fingerprint algorithm (digest) to use for the presented cert +#O CertFingerprintAlgorithm # Maximum number of "useless" commands before slowing down #O MaxNOOPCommands=20 @@ -544,6 +555,8 @@ O MaxHeadersLength=32768 # Name to use for EHLO (defaults to $j) #O HeloName + + ############################ # QUEUE GROUP DEFINITIONS # ############################ @@ -656,6 +669,7 @@ R$* % $* $1 @ $2 First make them all R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish + # else we must be a local name R$* $@ $>Canonify2 $1 @@ -788,6 +802,7 @@ R$* $=O $* < @ *LOCAL* > $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... R$* < @ *LOCAL* > $: $1 + # # Parse1 -- the bottom half of ruleset 0. # @@ -825,6 +840,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ R$=L $#local $: @ $1 special local names R$+ $#local $: $1 regular local names + + ########################################################################### ### Ruleset 5 -- special rewriting after aliases have been expanded ### ########################################################################### Modified: vendor/sendmail/dist/cf/cf/generic-mpeix.cf ============================================================================== --- vendor/sendmail/dist/cf/cf/generic-mpeix.cf Fri Dec 12 03:58:51 2014 (r275718) +++ vendor/sendmail/dist/cf/cf/generic-mpeix.cf Fri Dec 12 04:10:50 2014 (r275719) @@ -16,8 +16,8 @@ ##### ##### SENDMAIL CONFIGURATION FILE ##### -##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:51 PDT 2014 -##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf +##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014 +##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf ##### using ../ as configuration include directory ##### ###################################################################### @@ -123,7 +123,7 @@ DnMAILER-DAEMON CPREDIRECT # Configuration version number -DZ8.14.9 +DZ8.15.1 ############### @@ -260,6 +260,9 @@ O PrivacyOptions=authwarnings # minimum time in queue before retry #O MinQueueAge=30m +# maximum time in queue before retry (if > 0; only for exponential delay) +#O MaxQueueAge + # how many jobs can you process in the queue? #O MaxQueueRunSize=0 @@ -510,6 +513,12 @@ O MaxHeadersLength=32768 # SMTP STARTTLS server options #O TLSSrvOptions +# SSL cipherlist +#O CipherList +# server side SSL options +#O ServerSSLOptions +# client side SSL options +#O ClientSSLOptions # Input mail filters #O InputMailFilters @@ -533,6 +542,8 @@ O MaxHeadersLength=32768 #O DHParameters # Random data source (required for systems without /dev/urandom under OpenSSL) #O RandFile +# fingerprint algorithm (digest) to use for the presented cert +#O CertFingerprintAlgorithm # Maximum number of "useless" commands before slowing down #O MaxNOOPCommands=20 @@ -540,6 +551,8 @@ O MaxHeadersLength=32768 # Name to use for EHLO (defaults to $j) #O HeloName + + ############################ # QUEUE GROUP DEFINITIONS # ############################ @@ -652,6 +665,7 @@ R$* % $* $1 @ $2 First make them all R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish + # else we must be a local name R$* $@ $>Canonify2 $1 @@ -784,6 +798,7 @@ R$* $=O $* < @ *LOCAL* > $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... R$* < @ *LOCAL* > $: $1 + # # Parse1 -- the bottom half of ruleset 0. # @@ -821,6 +836,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ R$=L $#local $: @ $1 special local names R$+ $#local $: $1 regular local names + + ########################################################################### ### Ruleset 5 -- special rewriting after aliases have been expanded ### ########################################################################### Modified: vendor/sendmail/dist/cf/cf/generic-nextstep3.3.cf ============================================================================== --- vendor/sendmail/dist/cf/cf/generic-nextstep3.3.cf Fri Dec 12 03:58:51 2014 (r275718) +++ vendor/sendmail/dist/cf/cf/generic-nextstep3.3.cf Fri Dec 12 04:10:50 2014 (r275719) @@ -16,8 +16,8 @@ ##### ##### SENDMAIL CONFIGURATION FILE ##### -##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:51 PDT 2014 -##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf +##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014 +##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf ##### using ../ as configuration include directory ##### ###################################################################### @@ -122,7 +122,7 @@ DnMAILER-DAEMON CPREDIRECT # Configuration version number -DZ8.14.9 +DZ8.15.1 ############### @@ -259,6 +259,9 @@ O PrivacyOptions=authwarnings # minimum time in queue before retry #O MinQueueAge=30m +# maximum time in queue before retry (if > 0; only for exponential delay) +#O MaxQueueAge + # how many jobs can you process in the queue? #O MaxQueueRunSize=0 @@ -509,6 +512,12 @@ O MaxHeadersLength=32768 # SMTP STARTTLS server options #O TLSSrvOptions +# SSL cipherlist +#O CipherList +# server side SSL options +#O ServerSSLOptions +# client side SSL options +#O ClientSSLOptions # Input mail filters #O InputMailFilters @@ -532,6 +541,8 @@ O MaxHeadersLength=32768 #O DHParameters # Random data source (required for systems without /dev/urandom under OpenSSL) #O RandFile +# fingerprint algorithm (digest) to use for the presented cert +#O CertFingerprintAlgorithm # Maximum number of "useless" commands before slowing down #O MaxNOOPCommands=20 @@ -539,6 +550,8 @@ O MaxHeadersLength=32768 # Name to use for EHLO (defaults to $j) #O HeloName + + ############################ # QUEUE GROUP DEFINITIONS # ############################ @@ -651,6 +664,7 @@ R$* % $* $1 @ $2 First make them all R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish + # else we must be a local name R$* $@ $>Canonify2 $1 @@ -783,6 +797,7 @@ R$* $=O $* < @ *LOCAL* > $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... R$* < @ *LOCAL* > $: $1 + # # Parse1 -- the bottom half of ruleset 0. # @@ -820,6 +835,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ R$=L $#local $: @ $1 special local names R$+ $#local $: $1 regular local names + + ########################################################################### ### Ruleset 5 -- special rewriting after aliases have been expanded ### ########################################################################### Modified: vendor/sendmail/dist/cf/cf/generic-osf1.cf ============================================================================== --- vendor/sendmail/dist/cf/cf/generic-osf1.cf Fri Dec 12 03:58:51 2014 (r275718) +++ vendor/sendmail/dist/cf/cf/generic-osf1.cf Fri Dec 12 04:10:50 2014 (r275719) @@ -16,8 +16,8 @@ ##### ##### SENDMAIL CONFIGURATION FILE ##### -##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:52 PDT 2014 -##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf +##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014 +##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf ##### using ../ as configuration include directory ##### ###################################################################### @@ -123,7 +123,7 @@ DnMAILER-DAEMON CPREDIRECT # Configuration version number -DZ8.14.9 +DZ8.15.1 ############### @@ -260,6 +260,9 @@ O PrivacyOptions=authwarnings # minimum time in queue before retry #O MinQueueAge=30m +# maximum time in queue before retry (if > 0; only for exponential delay) +#O MaxQueueAge + # how many jobs can you process in the queue? #O MaxQueueRunSize=0 @@ -510,6 +513,12 @@ O MaxHeadersLength=32768 # SMTP STARTTLS server options #O TLSSrvOptions +# SSL cipherlist +#O CipherList +# server side SSL options +#O ServerSSLOptions +# client side SSL options +#O ClientSSLOptions # Input mail filters #O InputMailFilters @@ -533,6 +542,8 @@ O MaxHeadersLength=32768 #O DHParameters # Random data source (required for systems without /dev/urandom under OpenSSL) #O RandFile +# fingerprint algorithm (digest) to use for the presented cert +#O CertFingerprintAlgorithm # Maximum number of "useless" commands before slowing down #O MaxNOOPCommands=20 @@ -540,6 +551,8 @@ O MaxHeadersLength=32768 # Name to use for EHLO (defaults to $j) #O HeloName + + ############################ # QUEUE GROUP DEFINITIONS # ############################ @@ -652,6 +665,7 @@ R$* % $* $1 @ $2 First make them all R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish + # else we must be a local name R$* $@ $>Canonify2 $1 @@ -784,6 +798,7 @@ R$* $=O $* < @ *LOCAL* > $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... R$* < @ *LOCAL* > $: $1 + # # Parse1 -- the bottom half of ruleset 0. # @@ -821,6 +836,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ R$=L $#local $: @ $1 special local names R$+ $#local $: $1 regular local names + + ########################################################################### ### Ruleset 5 -- special rewriting after aliases have been expanded ### ########################################################################### Modified: vendor/sendmail/dist/cf/cf/generic-solaris.cf ============================================================================== --- vendor/sendmail/dist/cf/cf/generic-solaris.cf Fri Dec 12 03:58:51 2014 (r275718) +++ vendor/sendmail/dist/cf/cf/generic-solaris.cf Fri Dec 12 04:10:50 2014 (r275719) @@ -16,8 +16,8 @@ ##### ##### SENDMAIL CONFIGURATION FILE ##### -##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:52 PDT 2014 -##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf +##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014 +##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf ##### using ../ as configuration include directory ##### ###################################################################### @@ -122,7 +122,7 @@ DnMAILER-DAEMON CPREDIRECT # Configuration version number -DZ8.14.9 +DZ8.15.1 ############### @@ -259,6 +259,9 @@ O PrivacyOptions=authwarnings # minimum time in queue before retry #O MinQueueAge=30m +# maximum time in queue before retry (if > 0; only for exponential delay) +#O MaxQueueAge *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***