From nobody Wed Feb 1 03:27:21 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P66mV0Bffz3btlP; Wed, 1 Feb 2023 03:27:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P66mT6lBtz4PNj; Wed, 1 Feb 2023 03:27:21 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675222041; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yiOSSUzKmplf5ecp0CmeqWiAIlKhs5lcwDHsJYN4yy4=; b=MUQ2lae1M2j4wZL91lEOFF3XwPQ2RfXux6Q5pCsd6O0l6jIh3pmXZLjRWcpQl6dq7VwbkP DXa1HPehE+VGqfz8TvST53r7zjlqlgBYd7POyr8xgVYlWNH/3MBMs+mSgwk0cUuDoD9cdy 2aUSvoc47p9wpuD1FsFrIgT9YoG9LnCRAPEWr00VR0nMQY8ObiXqqkri7MlnDGa4E7q+hT sWus6zufHM6xEx7F56HbfUqYIRkdPQz5pyb+CZgE0RsqzAJY549odK/DGbapx/NohgJ+NE 3uGqmnbKaZLeqar0rq8XxtEfmTmW0krdFWunF/q7w+05FeVp6SsdMc0qkBE68g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675222041; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yiOSSUzKmplf5ecp0CmeqWiAIlKhs5lcwDHsJYN4yy4=; b=NUp3nC/bc9BUmCy7ghjKnE/DKauqDgtmyK0RgxEJ+O7b6aSdloXKexOVpYNHb2eJ6zGbdJ k5DJ+6vqtyYa+RtJkDpKLpV9hjjqjUEvgApcfJdAufRDVClRrvcPP9EE+bG7w4trKY2iFi IH2x/5xp05ELCQFimi7i8XTaXPoh1pJITgUIAIz5XfHQVhdxV84eLiQDphSEInJPlJOwoR z/5z1d8MQ8oFEovpNWW4t1bLYkZWmDMwPtkv9tU5oBaEKB2rTZbhjl1AyiB9c4zLSJuFxE OBLpNt5jjhNB0iyJdfyhMdkw2laVrZ8CCaYKDCPn9jADcWcn64xf+mdYqbDgCw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675222041; a=rsa-sha256; cv=none; b=AIBinVyOHO6xmkjM3NP+DzhRirEw0LSxF9iLNVfz599bdO1IzOLB1t0LnaYsFNMk2rEzqx kAWNY+XSMJe0VUD7c/uv81yKypcJD1mZaeZeUcpuN8NGfbEVvn5BEBlYXVA/GOkkyLKGoE z8SP+lE6Z2eZTAY72Zqu5bQy8unQUMkkRmV/YxQtequt284yF6zA4e/3APM893GDYUaxKB hzvTQ4fqImnhXbJW2AZBInC9HE7cdYGzoiU/ympwTDcdj0AAGRk0zzQ20d7QaKcTcCeEDw GmtLg2DJV7nORbtT5npItcubIgy8WNvJB1xRiOEXCHhgkYEPTu/XsBsucIkNyg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4P66mT5WS0z1D9G; Wed, 1 Feb 2023 03:27:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 3113RLZh051202; Wed, 1 Feb 2023 03:27:21 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 3113RLcX051201; Wed, 1 Feb 2023 03:27:21 GMT (envelope-from git) Date: Wed, 1 Feb 2023 03:27:21 GMT Message-Id: <202302010327.3113RLcX051201@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Gregory Neil Shapiro Subject: git: 08ca3eb6db2e - stable/12 - MFC: Merge commit '28fbd2825d216dafca4d991ad96d05b312f4f9a3' List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gshapiro X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: 08ca3eb6db2e04b38e9786d9d787e6a36074ac35 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by gshapiro: URL: https://cgit.FreeBSD.org/src/commit/?id=08ca3eb6db2e04b38e9786d9d787e6a36074ac35 commit 08ca3eb6db2e04b38e9786d9d787e6a36074ac35 Author: Gregory Neil Shapiro AuthorDate: 2023-01-15 21:20:22 +0000 Commit: Gregory Neil Shapiro CommitDate: 2023-02-01 03:19:44 +0000 MFC: Merge commit '28fbd2825d216dafca4d991ad96d05b312f4f9a3' Merge vendor sendmail 8.17.1 into HEAD (cherry picked from commit 2fb4f839f3fc72ce2bab12f9ba4760f97f73e97f) --- contrib/sendmail/CACerts | 148 ++--- contrib/sendmail/KNOWNBUGS | 8 + contrib/sendmail/Makefile | 16 +- contrib/sendmail/PGPKEYS | 177 +++++- contrib/sendmail/README | 5 - contrib/sendmail/RELEASE_NOTES | 139 ++++- contrib/sendmail/cf/README | 79 ++- contrib/sendmail/cf/cf/Makefile | 29 +- contrib/sendmail/cf/cf/submit.cf | 39 +- contrib/sendmail/cf/cf/submit.mc | 3 + contrib/sendmail/cf/feature/check_cert_altnames.m4 | 2 +- contrib/sendmail/cf/feature/check_other.m4 | 46 ++ contrib/sendmail/cf/feature/delay_checks.m4 | 2 +- contrib/sendmail/cf/feature/dnsbl.m4 | 2 +- contrib/sendmail/cf/feature/enhdnsbl.m4 | 2 +- contrib/sendmail/cf/feature/nopercenthack.m4 | 2 +- contrib/sendmail/cf/feature/nouucp.m4 | 2 +- contrib/sendmail/cf/feature/sts.m4 | 19 + contrib/sendmail/cf/m4/cfhead.m4 | 8 +- contrib/sendmail/cf/m4/proto.m4 | 338 +++++++++-- contrib/sendmail/cf/m4/version.m4 | 2 +- contrib/sendmail/cf/mailer/local.m4 | 2 +- contrib/sendmail/contrib/AuthRealm.p0 | 17 +- contrib/sendmail/contrib/cidrexpand | 77 ++- contrib/sendmail/contrib/doublebounce.pl | 0 contrib/sendmail/contrib/link_hash.sh | 0 contrib/sendmail/contrib/re-mqueue.pl | 0 contrib/sendmail/doc/op/op.me | 216 ++++++- contrib/sendmail/editmap/editmap.8 | 22 +- contrib/sendmail/editmap/editmap.c | 13 +- contrib/sendmail/include/libmilter/mfapi.h | 2 +- contrib/sendmail/include/libsmdb/smdb.h | 6 +- contrib/sendmail/include/sendmail/pathnames.h | 2 +- contrib/sendmail/include/sm/bdb.h | 4 +- contrib/sendmail/include/sm/conf.h | 1 + contrib/sendmail/include/sm/gen.h | 12 + contrib/sendmail/include/sm/ixlen.h | 43 ++ contrib/sendmail/include/sm/notify.h | 5 +- contrib/sendmail/include/sm/os/sm_os_freebsd.h | 5 + contrib/sendmail/include/sm/os/sm_os_openbsd.h | 20 +- contrib/sendmail/include/sm/rpool.h | 10 +- contrib/sendmail/include/sm/sem.h | 2 +- contrib/sendmail/include/sm/sendmail.h | 24 +- contrib/sendmail/include/sm/shm.h | 2 +- contrib/sendmail/include/sm/sysexits.h | 4 + contrib/sendmail/include/sm/time.h | 2 - contrib/sendmail/libmilter/docs/overview.html | 3 +- .../sendmail/libmilter/docs/smfi_setmlreply.html | 24 +- contrib/sendmail/libmilter/engine.c | 48 +- contrib/sendmail/libmilter/listener.c | 26 +- contrib/sendmail/libmilter/sm_gethost.c | 4 +- contrib/sendmail/libsm/Makefile.m4 | 12 +- contrib/sendmail/libsm/cf.c | 3 +- contrib/sendmail/libsm/clock.c | 79 +-- contrib/sendmail/libsm/config.c | 4 +- contrib/sendmail/libsm/heap.c | 27 +- contrib/sendmail/libsm/ilenx.c | 40 ++ contrib/sendmail/libsm/ldap.c | 66 +-- contrib/sendmail/libsm/lowercase.c | 162 ++++++ contrib/sendmail/libsm/makebuf.c | 2 +- contrib/sendmail/libsm/mbdb.c | 54 +- contrib/sendmail/libsm/memstat.c | 4 +- contrib/sendmail/libsm/niprop.c | 20 +- contrib/sendmail/libsm/notify.c | 65 ++- contrib/sendmail/libsm/refill.c | 2 +- contrib/sendmail/libsm/rpool.c | 29 +- contrib/sendmail/libsm/sem.c | 16 +- contrib/sendmail/libsm/shm.c | 8 +- contrib/sendmail/libsm/signal.c | 76 +-- contrib/sendmail/libsm/strcaseeq.c | 114 ++++ contrib/sendmail/libsm/string.c | 3 - contrib/sendmail/libsm/stringf.c | 2 +- contrib/sendmail/libsm/t-ixlen.c | 105 ++++ contrib/sendmail/libsm/t-ixlen.sh | 41 ++ contrib/sendmail/libsm/t-notify.c | 128 ++-- contrib/sendmail/libsm/t-qic.c | 31 +- contrib/sendmail/libsm/t-sem.c | 9 +- contrib/sendmail/libsm/t-shm.c | 1 + contrib/sendmail/libsm/t-str2prt.c | 64 ++ contrib/sendmail/libsm/t-streq.c | 77 +++ contrib/sendmail/libsm/t-streq.sh | 29 + contrib/sendmail/libsm/utf8_valid.c | 104 ++++ contrib/sendmail/libsm/util.c | 60 +- contrib/sendmail/libsm/uxtext_unquote.c | 204 +++++++ contrib/sendmail/libsm/vasprintf.c | 2 +- contrib/sendmail/libsm/vfprintf.c | 7 +- contrib/sendmail/libsm/vprintf.c | 2 +- contrib/sendmail/libsm/vsnprintf.c | 2 +- contrib/sendmail/libsm/xleni.c | 43 ++ contrib/sendmail/libsmdb/smcdb.c | 21 +- contrib/sendmail/libsmdb/smdb2.c | 10 +- contrib/sendmail/libsmutil/Makefile.m4 | 6 + contrib/sendmail/libsmutil/cf.c | 3 + contrib/sendmail/libsmutil/safefile.c | 60 +- contrib/sendmail/libsmutil/t-lockfile-0.sh | 70 +++ contrib/sendmail/libsmutil/t-lockfile.c | 351 +++++++++++ contrib/sendmail/libsmutil/t-maplock-0.sh | 111 ++++ contrib/sendmail/mail.local/mail.local.c | 114 ++-- contrib/sendmail/mailstats/mailstats.8 | 26 +- contrib/sendmail/makemap/makemap.c | 69 ++- contrib/sendmail/praliases/praliases.8 | 6 +- contrib/sendmail/praliases/praliases.c | 7 +- contrib/sendmail/rmail/rmail.8 | 30 +- contrib/sendmail/smrsh/smrsh.c | 4 +- contrib/sendmail/src/README | 68 ++- contrib/sendmail/src/TRACEFLAGS | 8 + contrib/sendmail/src/alias.c | 76 ++- contrib/sendmail/src/aliases.5 | 66 +-- contrib/sendmail/src/collect.c | 9 +- contrib/sendmail/src/conf.c | 596 ++++++++++--------- contrib/sendmail/src/conf.h | 4 +- contrib/sendmail/src/control.c | 23 +- contrib/sendmail/src/convtime.c | 3 +- contrib/sendmail/src/daemon.c | 131 ++++- contrib/sendmail/src/deliver.c | 529 +++++++++++++---- contrib/sendmail/src/domain.c | 106 +++- contrib/sendmail/src/envelope.c | 57 +- contrib/sendmail/src/err.c | 77 ++- contrib/sendmail/src/headers.c | 183 ++++-- contrib/sendmail/src/helpfile | 8 +- contrib/sendmail/src/macro.c | 22 +- contrib/sendmail/src/mailq.1 | 36 +- contrib/sendmail/src/main.c | 278 ++++++--- contrib/sendmail/src/map.c | 643 ++++++++++++--------- contrib/sendmail/src/mci.c | 14 +- contrib/sendmail/src/milter.c | 96 +-- contrib/sendmail/src/mime.c | 27 +- contrib/sendmail/src/parseaddr.c | 111 ++-- contrib/sendmail/src/queue.c | 562 +++++++++++------- contrib/sendmail/src/ratectrl.c | 18 +- contrib/sendmail/src/readcf.c | 502 ++++++++++------ contrib/sendmail/src/recipient.c | 67 ++- contrib/sendmail/src/savemail.c | 48 +- contrib/sendmail/src/sendmail.8 | 359 ++++++------ contrib/sendmail/src/sendmail.h | 188 ++++-- contrib/sendmail/src/sfsasl.c | 34 +- contrib/sendmail/src/sm_resolve.c | 148 +++-- contrib/sendmail/src/sm_resolve.h | 1 - contrib/sendmail/src/srvrsmtp.c | 408 +++++++++---- contrib/sendmail/src/stab.c | 25 +- contrib/sendmail/src/stats.c | 2 +- contrib/sendmail/src/tls.c | 54 +- contrib/sendmail/src/tls.h | 29 +- contrib/sendmail/src/tlsh.c | 11 +- contrib/sendmail/src/trace.c | 2 +- contrib/sendmail/src/udb.c | 32 +- contrib/sendmail/src/usersmtp.c | 347 +++++++---- contrib/sendmail/src/util.c | 232 ++++++-- contrib/sendmail/src/version.c | 2 +- contrib/sendmail/test/t_dropgid.c | 17 +- contrib/sendmail/test/t_exclopen.c | 5 +- contrib/sendmail/test/t_pathconf.c | 6 +- contrib/sendmail/test/t_seteuid.c | 5 +- contrib/sendmail/test/t_setgid.c | 15 +- contrib/sendmail/test/t_setreuid.c | 5 +- contrib/sendmail/test/t_setuid.c | 3 +- contrib/sendmail/test/t_snprintf.c | 2 +- contrib/sendmail/vacation/vacation.1 | 10 +- contrib/sendmail/vacation/vacation.c | 17 +- 159 files changed, 7657 insertions(+), 2919 deletions(-) diff --git a/contrib/sendmail/CACerts b/contrib/sendmail/CACerts index 630707555657..5e3b5ee084c7 100644 --- a/contrib/sendmail/CACerts +++ b/contrib/sendmail/CACerts @@ -1,7 +1,7 @@ # This file contains some CA certificates that are used to sign the # certificates of mail servers of members of the sendmail consortium -# who may reply to questions etc sent to sendmail.org. -# It is useful to allow connections from those MTAs that can present +# who may reply to questions etc sent to support.sendmail.org. +# It is useful to allow connections from those MTAs which can present # a certificate signed by one of these CA certificates. # @@ -9,92 +9,92 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - 81:9d:41:0f:40:55:ac:4a - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=CA/emailAddress=ca+ca-rsa2018@esmtp.org + 92:a1:3b:d3:90:0b:ea:a7 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=CA/emailAddress=ca+ca-rsa2021@esmtp.org Validity - Not Before: Feb 27 02:30:55 2018 GMT - Not After : Feb 26 02:30:55 2021 GMT - Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=CA/emailAddress=ca+ca-rsa2018@esmtp.org + Not Before: Feb 25 17:44:02 2021 GMT + Not After : Feb 25 17:44:02 2024 GMT + Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=CA/emailAddress=ca+ca-rsa2021@esmtp.org Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:b8:a3:8d:79:28:c1:1f:9c:11:74:43:26:e1:3b: - cc:14:87:5b:6b:64:4c:ed:79:1b:7f:2a:03:d0:7b: - ef:9e:88:b0:64:36:ee:58:ef:fd:d9:c7:20:b3:71: - e9:6d:1e:a7:bc:c1:7c:3b:fe:2a:e4:16:2f:bc:d6: - 2c:f5:98:f9:c4:21:1c:ca:c3:7e:57:89:c8:a9:2f: - da:6b:9b:52:d6:c9:9d:98:97:6d:08:7c:a6:37:4e: - d4:26:bb:db:73:b0:38:ef:7d:1e:dd:8e:dd:8e:17: - 2f:a0:3d:a9:0e:4d:f0:2b:b8:14:23:33:ad:c8:a0: - e5:9d:0f:27:ad:83:a2:78:90:05:ec:29:06:91:07: - 45:6c:5f:ba:8e:1d:f1:d7:1b:2d:f9:99:ba:2e:27: - e1:03:7d:e9:d2:54:35:cc:39:79:07:83:d8:93:9b: - d6:ef:72:ab:d4:63:8e:6b:f7:00:66:5f:77:e8:b6: - bc:de:5f:8c:d0:ce:1a:c4:db:03:9d:e4:ee:0a:ec: - 77:c5:f2:30:69:7e:70:12:e5:c2:4a:28:3f:e7:19: - eb:af:41:fb:e6:a6:1d:b5:fd:2b:99:03:f5:20:90: - 38:73:bd:43:70:da:cf:1f:34:5d:ab:17:4b:73:cf: - f9:3d:e1:a2:79:14:de:d8:40:85:82:c4:5a:84:82: - 32:f1 + 00:cc:8c:39:bd:cf:55:4f:66:2a:78:c7:65:47:81: + dd:d1:3f:08:12:4b:87:40:48:95:5c:24:52:65:a1: + 82:1c:f4:90:a1:7c:f7:27:8f:02:e5:cb:ac:89:ae: + b8:25:4e:26:da:14:20:07:29:a4:59:03:61:b4:44: + ae:45:55:b4:72:7d:66:9a:88:de:59:bf:6f:31:23: + 06:29:ab:c2:b9:a0:6c:6a:5d:d0:ac:e6:b8:ac:8a: + 6f:5e:bb:f3:19:b5:8d:e1:df:2e:d1:7f:1a:bc:2c: + 13:10:65:46:7f:68:c7:60:49:c6:30:4e:a0:24:ed: + d4:a8:27:cf:b2:d0:c5:7c:96:47:82:b6:f1:17:0a: + 5a:35:82:0b:85:0f:17:71:a9:bd:3a:4c:e6:32:95: + 3e:68:f7:3d:f5:04:33:16:19:1e:4c:0a:04:c3:1f: + 9e:ba:db:e2:0d:29:c8:3f:29:cf:47:cb:11:db:d2: + cd:d0:26:2f:35:eb:7d:a2:60:18:e7:7b:a2:43:15: + 59:d7:ea:9d:38:60:f1:48:df:57:54:df:8a:50:b9: + e3:5c:72:82:51:b7:05:78:c2:14:08:71:71:1c:06: + 44:4a:85:73:08:a8:49:50:b2:d2:fb:da:a2:a5:5a: + 36:49:a8:4b:38:56:f6:67:0f:12:34:39:cc:fb:9c: + bd:d3 Exponent: 65537 (0x10001) X509v3 extensions: - X509v3 Subject Key Identifier: - 42:37:75:E7:8F:12:CF:D9:EB:21:22:7D:8A:E8:49:21:FD:E2:3A:3A - X509v3 Authority Key Identifier: - keyid:42:37:75:E7:8F:12:CF:D9:EB:21:22:7D:8A:E8:49:21:FD:E2:3A:3A - DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=CA/emailAddress=ca+ca-rsa2018@esmtp.org - serial:81:9D:41:0F:40:55:AC:4A - X509v3 Basic Constraints: + X509v3 Subject Key Identifier: + 86:F0:F9:7A:CD:66:A9:16:CC:A3:26:08:3D:B3:B2:42:C2:E5:A9:13 + X509v3 Authority Key Identifier: + keyid:86:F0:F9:7A:CD:66:A9:16:CC:A3:26:08:3D:B3:B2:42:C2:E5:A9:13 + DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=CA/emailAddress=ca+ca-rsa2021@esmtp.org + serial:92:A1:3B:D3:90:0B:EA:A7 + X509v3 Basic Constraints: CA:TRUE - X509v3 Subject Alternative Name: - email:ca+ca-rsa2018@esmtp.org - X509v3 Issuer Alternative Name: - email:ca+ca-rsa2018@esmtp.org - Signature Algorithm: sha1WithRSAEncryption - 0b:4c:e5:c2:ed:0a:e5:7b:95:29:22:d4:8f:5f:cb:1b:b1:e3: - 4c:fc:90:e7:2e:97:87:87:a2:63:0d:6d:4d:f0:1f:0d:84:11: - dc:df:b7:fa:c3:c6:2e:07:e9:a0:e9:a6:9f:54:17:ad:1a:d0: - 36:be:31:cc:a5:85:a0:45:4a:87:45:80:7e:de:ea:97:68:e0: - 2b:09:5d:9a:31:6f:f5:78:22:c5:66:2a:99:70:9e:6d:c4:ab: - f6:90:01:70:53:07:66:6c:a6:b5:ce:4b:36:05:83:87:0c:a7: - e0:1e:34:d0:5e:76:a4:20:71:cd:9d:c1:ae:82:27:e0:6f:16: - 57:74:e7:63:9f:d0:3d:72:91:6d:97:a4:82:23:84:dd:6e:0d: - da:43:00:a7:ce:2f:f8:79:04:67:6a:e5:b0:ab:30:d8:f1:90: - 10:43:3b:09:77:27:34:a4:d4:c0:25:4e:21:32:a3:ab:60:1c: - 9d:6e:e2:65:39:51:7f:cd:9f:88:3a:7e:f4:38:af:7b:5b:a7: - bb:7b:70:97:21:59:fc:5c:55:a1:db:74:0a:37:1e:33:97:5f: - 70:32:98:b3:d9:99:4e:08:3c:de:01:82:17:9b:49:d7:fa:c9: - 45:8d:93:cc:42:d6:36:f2:39:3a:47:28:3f:6f:6a:e5:23:f3: - 5c:d4:a3:1b + X509v3 Subject Alternative Name: + email:ca+ca-rsa2021@esmtp.org + X509v3 Issuer Alternative Name: + email:ca+ca-rsa2021@esmtp.org + Signature Algorithm: sha256WithRSAEncryption + 41:14:09:49:01:5f:51:ff:20:7b:c2:41:79:9d:11:3c:7c:48: + d6:43:d4:c6:0d:55:e6:76:bb:2c:c7:fb:dd:10:53:79:30:1a: + 35:64:2c:d0:64:b6:5a:fd:a9:d3:e3:09:8c:7d:22:81:b7:71: + a6:7d:bf:80:24:79:24:c1:61:6d:54:ab:14:4b:5a:54:cb:75: + 47:2e:e5:51:6f:cb:91:b6:a7:e8:aa:8d:78:c5:7e:05:56:3b: + 31:02:bd:0c:e4:af:78:27:7d:6d:bf:fd:0f:0d:2a:00:1d:cc: + a2:34:4d:a3:9e:70:45:89:56:2d:d2:35:ee:26:ea:0f:9d:fc: + c0:2c:64:f6:55:af:de:e0:72:64:e2:20:8f:e2:f2:e9:e2:6c: + 3a:0c:45:23:dd:80:57:25:fa:18:bb:25:f8:7e:3c:3b:a7:ef: + 40:f0:ba:6f:ce:b1:eb:f9:14:03:04:34:3d:e0:43:a6:8d:95: + d0:a4:dc:df:e4:79:ce:8d:e2:1e:30:ff:55:0c:e6:9d:e4:1d: + 62:cc:a5:4f:9a:6f:c0:b4:1f:05:7c:a7:c7:b1:72:58:98:ad: + 2f:f9:8a:41:0c:48:d5:78:ad:af:eb:ff:59:0b:4a:99:26:5b: + e8:8c:e3:e5:6b:01:d9:a0:db:a2:1b:d8:8e:f1:82:38:58:ba: + 8c:11:65:36 -----BEGIN CERTIFICATE----- -MIIE4jCCA8qgAwIBAgIJAIGdQQ9AVaxKMA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD +MIIE4jCCA8qgAwIBAgIJAJKhO9OQC+qnMA0GCSqGSIb3DQEBCwUAMIGOMQswCQYD VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIQmVya2VsZXkx FDASBgNVBAoMC0VuZG1haWwgT3JnMQwwCgYDVQQLDANNVEExCzAJBgNVBAMMAkNB -MSYwJAYJKoZIhvcNAQkBFhdjYStjYS1yc2EyMDE4QGVzbXRwLm9yZzAeFw0xODAy -MjcwMjMwNTVaFw0yMTAyMjYwMjMwNTVaMIGOMQswCQYDVQQGEwJVUzETMBEGA1UE +MSYwJAYJKoZIhvcNAQkBFhdjYStjYS1yc2EyMDIxQGVzbXRwLm9yZzAeFw0yMTAy +MjUxNzQ0MDJaFw0yNDAyMjUxNzQ0MDJaMIGOMQswCQYDVQQGEwJVUzETMBEGA1UE CAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIQmVya2VsZXkxFDASBgNVBAoMC0VuZG1h aWwgT3JnMQwwCgYDVQQLDANNVEExCzAJBgNVBAMMAkNBMSYwJAYJKoZIhvcNAQkB -FhdjYStjYS1yc2EyMDE4QGVzbXRwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBALijjXkowR+cEXRDJuE7zBSHW2tkTO15G38qA9B7756IsGQ27ljv -/dnHILNx6W0ep7zBfDv+KuQWL7zWLPWY+cQhHMrDfleJyKkv2mubUtbJnZiXbQh8 -pjdO1Ca723OwOO99Ht2O3Y4XL6A9qQ5N8Cu4FCMzrcig5Z0PJ62DoniQBewpBpEH -RWxfuo4d8dcbLfmZui4n4QN96dJUNcw5eQeD2JOb1u9yq9Rjjmv3AGZfd+i2vN5f -jNDOGsTbA53k7grsd8XyMGl+cBLlwkooP+cZ669B++amHbX9K5kD9SCQOHO9Q3Da -zx80XasXS3PP+T3honkU3thAhYLEWoSCMvECAwEAAaOCAT8wggE7MB0GA1UdDgQW -BBRCN3XnjxLP2eshIn2K6Ekh/eI6OjCBwwYDVR0jBIG7MIG4gBRCN3XnjxLP2esh -In2K6Ekh/eI6OqGBlKSBkTCBjjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlm +FhdjYStjYS1yc2EyMDIxQGVzbXRwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMyMOb3PVU9mKnjHZUeB3dE/CBJLh0BIlVwkUmWhghz0kKF89yeP +AuXLrImuuCVOJtoUIAcppFkDYbRErkVVtHJ9ZpqI3lm/bzEjBimrwrmgbGpd0Kzm +uKyKb1678xm1jeHfLtF/GrwsExBlRn9ox2BJxjBOoCTt1Kgnz7LQxXyWR4K28RcK +WjWCC4UPF3GpvTpM5jKVPmj3PfUEMxYZHkwKBMMfnrrb4g0pyD8pz0fLEdvSzdAm +LzXrfaJgGOd7okMVWdfqnThg8UjfV1TfilC541xyglG3BXjCFAhxcRwGREqFcwio +SVCy0vvaoqVaNkmoSzhW9mcPEjQ5zPucvdMCAwEAAaOCAT8wggE7MB0GA1UdDgQW +BBSG8Pl6zWapFsyjJgg9s7JCwuWpEzCBwwYDVR0jBIG7MIG4gBSG8Pl6zWapFsyj +Jgg9s7JCwuWpE6GBlKSBkTCBjjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlm b3JuaWExETAPBgNVBAcMCEJlcmtlbGV5MRQwEgYDVQQKDAtFbmRtYWlsIE9yZzEM MAoGA1UECwwDTVRBMQswCQYDVQQDDAJDQTEmMCQGCSqGSIb3DQEJARYXY2ErY2Et -cnNhMjAxOEBlc210cC5vcmeCCQCBnUEPQFWsSjAMBgNVHRMEBTADAQH/MCIGA1Ud -EQQbMBmBF2NhK2NhLXJzYTIwMThAZXNtdHAub3JnMCIGA1UdEgQbMBmBF2NhK2Nh -LXJzYTIwMThAZXNtdHAub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQALTOXC7Qrle5Up -ItSPX8sbseNM/JDnLpeHh6JjDW1N8B8NhBHc37f6w8YuB+mg6aafVBetGtA2vjHM -pYWgRUqHRYB+3uqXaOArCV2aMW/1eCLFZiqZcJ5txKv2kAFwUwdmbKa1zks2BYOH -DKfgHjTQXnakIHHNncGugifgbxZXdOdjn9A9cpFtl6SCI4Tdbg3aQwCnzi/4eQRn -auWwqzDY8ZAQQzsJdyc0pNTAJU4hMqOrYBydbuJlOVF/zZ+IOn70OK97W6e7e3CX -IVn8XFWh23QKNx4zl19wMpiz2ZlOCDzeAYIXm0nX+slFjZPMQtY28jk6Ryg/b2rl -I/Nc1KMb +cnNhMjAyMUBlc210cC5vcmeCCQCSoTvTkAvqpzAMBgNVHRMEBTADAQH/MCIGA1Ud +EQQbMBmBF2NhK2NhLXJzYTIwMjFAZXNtdHAub3JnMCIGA1UdEgQbMBmBF2NhK2Nh +LXJzYTIwMjFAZXNtdHAub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQBBFAlJAV9R/yB7 +wkF5nRE8fEjWQ9TGDVXmdrssx/vdEFN5MBo1ZCzQZLZa/anT4wmMfSKBt3Gmfb+A +JHkkwWFtVKsUS1pUy3VHLuVRb8uRtqfoqo14xX4FVjsxAr0M5K94J31tv/0PDSoA +HcyiNE2jnnBFiVYt0jXuJuoPnfzALGT2Va/e4HJk4iCP4vLp4mw6DEUj3YBXJfoY +uyX4fjw7p+9A8LpvzrHr+RQDBDQ94EOmjZXQpNzf5HnOjeIeMP9VDOad5B1izKVP +mm/AtB8FfKfHsXJYmK0v+YpBDEjVeK2v6/9ZC0qZJlvojOPlawHZoNuiG9iO8YI4 +WLqMEWU2 -----END CERTIFICATE----- diff --git a/contrib/sendmail/KNOWNBUGS b/contrib/sendmail/KNOWNBUGS index d3c0a2ff416d..b44f931af585 100644 --- a/contrib/sendmail/KNOWNBUGS +++ b/contrib/sendmail/KNOWNBUGS @@ -20,6 +20,14 @@ This list is not guaranteed to be complete. then it will be truncated which may result in a syntactically invalid address. +* Berkeley DB map locking problem with fcntl(). + + For Linux the default is to use fcntl() for file locking. However, + this does not work with Berkeley DB 5.x and probably later. + Switching to flock(), i.e., compile with -DHASFLOCK fixes this + (however, the have been problems with flock() on some Linux + versions). Alternatively, use CDB or an earlier BDB version. + * Delivery to programs that generate too much output may cause problems If e-mail is delivered to a program which generates too much diff --git a/contrib/sendmail/Makefile b/contrib/sendmail/Makefile index daf20f288f8b..1cb6b56d6a3b 100644 --- a/contrib/sendmail/Makefile +++ b/contrib/sendmail/Makefile @@ -10,8 +10,8 @@ OPTIONS= $(CONFIG) $(FLAGS) all: FRC @for x in $(SUBDIRS); \ do \ - (cd $$x; echo Making $@ in:; pwd; \ - $(SHELL) $(BUILD) $(OPTIONS)); \ + (cd $$x && echo Making $@ in: && pwd && \ + $(SHELL) $(BUILD) $(OPTIONS)) || exit; \ done clean: FRC @@ -24,22 +24,22 @@ clean: FRC install: FRC @for x in $(SUBDIRS); \ do \ - (cd $$x; echo Making $@ in:; pwd; \ - $(SHELL) $(BUILD) $(OPTIONS) $@); \ + (cd $$x && echo Making $@ in: && pwd && \ + $(SHELL) $(BUILD) $(OPTIONS) $@) || exit; \ done install-docs: FRC @for x in $(SUBDIRS); \ do \ - (cd $$x; echo Making $@ in:; pwd; \ - $(SHELL) $(BUILD) $(OPTIONS) $@); \ + (cd $$x && echo Making $@ in: && pwd && \ + $(SHELL) $(BUILD) $(OPTIONS) $@) || exit; \ done fresh: FRC @for x in $(SUBDIRS); \ do \ - (cd $$x; echo Making $@ in:; pwd; \ - $(SHELL) $(BUILD) $(OPTIONS) -c); \ + (cd $$x && echo Making $@ in: && pwd && \ + $(SHELL) $(BUILD) $(OPTIONS) -c) || exit; \ done $(SUBDIRS): FRC diff --git a/contrib/sendmail/PGPKEYS b/contrib/sendmail/PGPKEYS index 03476f63a5ed..0d0b0d5a766c 100644 --- a/contrib/sendmail/PGPKEYS +++ b/contrib/sendmail/PGPKEYS @@ -188,6 +188,182 @@ mk6wxhyuojEHuR7it6IU5BP8vaAGrL1jb1c2EeAe+pdJwpAb1Aq6MU6uWqOGup8t -----END PGP PUBLIC KEY BLOCK----- +pub 4096R/4BEE1BEE 2021-01-24 + Key fingerprint = F4CE 2263 2102 53D6 A9F9 79B0 4C66 EA8D 4BEE 1BEE +uid Sendmail Signing Key/2021 +sub 4096R/A9C0321B 2021-01-24 + +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGANHTwBEACw6b3NmDyyB6uPll+h+pyOmQrbX+up2S007yTXhj2EnYiriLcL +MdMspVLXl/wtABtfTZ9Lf3v3FuNwHZsVdSZWCFmwlWPptsRrF0VWwYBzxgH6QIUK +Qx9sFAD+KVD/9Cfl7YXeu5lZrNn3D8FoQB480jJJRaxshXcB6y9QCyKHeCZx/3Ct +1TE/tlFOgGoKJzNADOimH5SeEZ2gHhB6WB/yKLQYWS8EAvTlGdgZVo6VY6Ar35cd +3Z9TCQxS8YDsA0p6zENCJ4QgiwolmgZHa4R3/9jObxhVrIpCKCUN+rSdmKDotugP +GPDyZ0rZRAaRlyqt3rYKVAztkLTU6TbDNLmDpw3CQv3Tpbb2TT39ySmruVVJLA1C +DYQrh8f35ic0mDwYxKA5KIPZNj9vcReVrwxPDAV5to4n/ZjNNfnqxRiiq4+IzGZ4 +dTlwh4pECps0WdqphLAoTotFcdvYg8cfHMBULdIGqciAGfu7G0yqvlxt4nRe1k8D +60yAwDtqgO3ThtiTzuYkHZAUmAYOBYPF4e/X/zicWoL+whirV6AELnmv6lft5TaW +UfXbcx0njY/QPa1iy3g8qkQcY8durY9OVYnA5X4von1vMC4naEEf/cFsdDBl+nZG +/XxBHr1QX5/P7egbnnF9qMqry856oPE8bjv1KBqZ52UxmGRl14k8gKcfowARAQAB +tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDIxIDxzZW5kbWFpbEBTZW5kbWFpbC5P +Ukc+iQJVBBMBCgA/FiEE9M4iYyECU9ap+XmwTGbqjUvuG+4FAmANHTwCGwMLCwkN +CAoMBwsEAwIGFQoJCAsDBRYCAwEAAh4BAheAAAoJEExm6o1L7hvuZlcP/1ipTzk+ +UT36bM/DbeBHaGhQ4yOSg0iiHzu+bzzP3jZslG7rlLgzowEPk7plDlnVbY6MUeXQ +4hO7keoAn5Cskg8jsrh+kpWYlNTPPKFdjgcuWbUEVAoRIprq1kEVqcG2ai0t1iaH +CmrUwFRqCCEPoHKg1U2GKcKafFaxOZwM27kV6yTLM5sYFVsoSh+bJ7sa9hymdwrf +/d1Rh5E+MHJatn3TXGh06aPkVGozyufTXipsxzd5VaBjLDTYbMFkiOt9MC9Sx2IS +BO5Ws2tOlNslGiAeXQG8EaJB4xrvhOi4i99nBA5TYWVdOAwfJGUZ+X4hItMwlCIg +4TaJcYHQ7GASELGSGA7azd2JeqbEskiCdabWF8aSbUxA68HRCOjAAUk5afxqEc5J +BVfT1QmWAPK5cNQTojbd7msrlGXmcSQyFBUDSzoeQNFhpmDpAXCLnGt0vcwbqTik +Ft+2vJ9nbSczKHkxmN1hudpVdsUNfgGi7p4VzyQq/OzYFVeMXrBBt6aLyATjCoY9 +b7chMDyJBFLEk47U0qQe2VhexI8Fk9Z8wFTPF97gb3rSk5pAfIbCZ9eDcIZuR5eD +yDDd23vxsMJK0haD/nZ6gQNqBeCg+zDE8g4T9zCdOtavLuqwOqPUZDnNdke9cA0m +6GSo2MccibyMdqijETcDOPOC47hrIu68QE54iQEzBBABCgAdFiEEsICXn00EPhnQ +WjacYp747gyLgzMFAmANHmsACgkQYp747gyLgzP1zgf/QJi9+sMvoNVks4+lU4xW +9fy4C7+fAO96dJtSO5jSn+9M/C55UmU0kWz8XEU88XCVyChLmpSb+Y+2sf5XhWEY ++KDLUHgqiT6NItozXKVggNFMsxkzDi7mzdkCIevTlcGbQSxai7hbKwZzGPb/OzUK +pRtLl6hTV5wLlsit41EAwILnRmmn6Iix6SPaCx0YvAIKBiy7CSiJyhPbGEKAeEx9 +OTZ9ce0iQWxaCGNgXv22HPvJ7V3VwmfZBJnHcY0ooxEjz/Ky9kHXc+3yHznlATXs +pzOMH0z+zmHldvIBz0djgVlhn2TRkKSSTaGd4kbLKLmci4Ax/il5noR1hZ82aVhl +TokBMwQQAQoAHRYhBLF1lkRTA13O3XvpGWBN+/KFQQq+BQJgDR6pAAoJEGBN+/KF +QQq+4OAH/RpvOktec2Y0AvzWjHorXWmPLi9xEMIuj2GVVVsg+eXP2CDpYuEOVYLP +8VCWpObXADj+w0DIOMcyqUbMPxkps+CPXjTRc/qED3FLvGNTfNQMe5hDTbbs/tw2 +FtfI9Jzlwsmhcfg5ZxnQKDCPGPQufN9AbQHWc4VIEwhQRc9T/cfBhioWUwrtkgPT +BBTPnJp/nA10Rn+ycURA+BLdlhAFwuTYBH7nWHkDJUGLHFIat2RhHRakZNhcMrhE +cXBrg5ONK9qJYtJXzlHiQhM6NP2RPVvYCzLlqkT13SqvLsPMSncyKlIlUuQZqdcE +QOwGRgp2jkZeRYVBYfFzfIpu5gxVQYOJATMEEAEKAB0WIQRYcmIYqRNADeZgNgE5 +pMd9qXiEsAUCYA0esAAKCRA5pMd9qXiEsAB0CAChpLMwocSQ6hpY7nfVl6wAb3SP +9C2Dwr89YxzqBYS7i3b/0pB4t1c4cg0vC72DeOIUwuAwUOq6NVgPYnh/NpovWouP +HN/3WrI013yGkNZIYz3fb8w2+pk0FFndU121pn3IbVYyMxegyHyN+F5NKZCfsTu+ +imlqje26ecBPuz4wcVqYyl/jnR/MU54uMhQW8q0lxCMS67uta0wd2EaTXNxq17Lp +Z48pNOBiAXxZnXaP996T+7whtLBr9isgeZyeizenjupX69bllRVbwuO8uboTsisC +LlUbOLzdvTjuSrAQAzNaAfVjNsxzEvLcxxKaPKPG1ubrHT50k3zpB/Ixi+oliQEz +BBABCgAdFiEEynqPOaJBn/+wqasnjlrp+87u9DsFAmANHrcACgkQjlrp+87u9DtA +kQf/SLAdxTmR/l95WdeOgvxINcV5ADxCkpO1iJeLp440uddscRrrfHdibEngfAA+ +ARwPv2/jhJgInCOQe+4lmsd+4NtKtanXiRZai1MXCxcF5VLTOMs8Vl7EUMAL5JWG +IlvmT4/H7Zhji64KpDFkwEjsE8SdZ6HJokJMFSq+YYBgvnsu/GDSfDpb/HtdM845 +pjxHJ+r93KPRepncLedgyDsQpzzRIgUJNhuC+UGtRp+3qRf1eWSkO6qbyL8DtFfW +WwX1gG099nr8m9Gj+R8zH6HTnWWuFnUyDTHdTN7/25vZ9eoAgjIx0I3g+O02l42B +G5HeOuLSMdUoqqvOq8313wvWSIkBMwQQAQoAHRYhBLh9RWmG8ZSEB+XMtD1osl1S +B8rTBQJgDR69AAoJED1osl1SB8rThsMH/0JcgLmhr3K4t0cxt94u6UN1pVQZDrgG +uMEDpOxW4nPMwN3SkWMM3K7zw0TiGkksyFifRi7zY1BqRilJOGyLkyB3zCY76hKV +SuLx3U4B6eyrAY8gsPownOdY8FJB3o27uXhPX17qLWOl83/GQMoyRfmmwkBnL4hc +puJcPT4bOt3OhDK7bs1vGabS9L3HuX0lUIcp8VKquJHXgS+xIr/lMBk5Jit1Qx/p +VjqmL2qIxTMubmKxU5RxsCZygdV92kBLzYqZ3JO6LOPCwD1a4fZRlwAW2hpC2gtW +KHK1/QZBSgJGjJUgXGV3fYYR3WH5qmTCAWu2HEloLRSdzdHLldWCsUOJATMEEAEK +AB0WIQRJ9qi+hHM5SVGRbzth3hHs4nY6cwUCYA0ewgAKCRBh3hHs4nY6c4ygB/44 +pigG2UoBQNZq7R9ajbU5nRkl9mVCZ4dEqY6i3QJs5tGew+r774jMouL/sBTXMnvS +zD1XgJevJYnQq5U/08zvYDvqrhm4yTkbgg9UqhD9UI8M/XgN0DtbFT6EU/N92lO4 +2xWBMTyAwjVl9JPPjhMoUsGVScZ8pjplJZlgJNuy8GVu6vUoW8j1Gw0jIPKJ0ufy +20uc4jLuKVmxjj7Z5NsFnWJtiFFq/TknppOQZ8KvZjVzrH6EIOmCJfCnuSATiVsb +YJzMAjshhG+fJsm24loUjmDDAzy4Nwf18IJb+wSe1oFCSAz3euhIAIxBFkihA8wk +G4QmCnvdbPfYy4WIMDNEiQEzBBABCgAdFiEEMLynRwX6QVRVcx17qvW13gW9zFMF +AmANHsgACgkQqvW13gW9zFNuYggAwSZ7y+qCvdvFu6LD4qvk/phRF5VINZIHfl1k +aOVQWA+DZaDM8lRsvn2lxGFksaPzK9ZXd5QnF3QTlOkEsCILE1tmL7Myob27PaGV +4mQXjY9bUXe/Ulj4VbHlWjkt5wpwGj9bRuxnn/RKKRNCpknzqv8VTCMVwUyCF4xE +P0BGFXiyPV+PTNN2GwV5l46zn1FWzTlSgbAxjwQBh43RMuBWG320w+YEysJMs4y9 +k0f3i16hO4G/MiD4WRIaohqjBN6ii/sksYf6mgsZieUlAeQPnovi8pScq6s2cYzJ +krZNxX6PCNQFTLs1GvLh6IQgypN9Lxxu4FW82wKQMS9yIKkIMokBMwQQAQoAHRYh +BA9clq7I5p6cjlQuXG1M0ZQp+wPeBQJgDR7SAAoJEG1M0ZQp+wPeFfcH+wUQdI/R +eMuLByF9cjdC0AfnOXD46azyt7Lgyzdi5OK8xAMmfTGH0iYGGv3pNfcbTxblJ868 +PPjUc2arF6CkLZ5hIQ6dUBmmxG+YOecOZF4jO6Z0WFi1XqxRomhy0m9TNQ931I88 +VRpd0/XepnvJc1lTOiTmxKTFex7mKqzTNBeXlNkVOXpM4aCq4AejEgnEzr5imfyF +P2qyITbyGpWrnTKtg4ASYWVU+JAZ3/eZIl/0pNuD0/C9MGRmS2yGM82KKMYrRV3X +QNAdg6LPi8MicUZWlcVYqR/7jEkJeppUpM46EtEo5YoXQR9UflSdu1xjpBzgU56d +MjXtTE5ROtVDl42JAjMEEAEKAB0WIQQ8ih6Of0TK3hFP7UZLyb2ma/cmrQUCYA0e +2AAKCRBLyb2ma/cmrdDSD/92AidTGYuf+D3SbIOBhQttWp3SvnOj5UuqgXtHrmuq +vbhawUAAby+CL0hMOqYk/Z30N/Sr+OQmNyH+Q1C4nuoq4KOINBuaKpcioQai/Jre +TthuVzeFDk33bQd+IQ4n0WXnVWg0DlpIhDDtZyA2Qqj4nPPsnjuw+Y62VuXFahr1 +ci+8sVns9VZJyVKPzGAKo/4rKjRlAqqVTlh5/RvMJ01TvWwSXSg1+yM08e/zaOCz +tuIfZAjDZNqXKIU+3xlKKvQGnNxUB+Bxn6ZaXW/YCzf/uabYfy2i4GIBhyj3dRSH +zbDSg0b/l0zJDIi6qzTzXZFEQr5AFu3CZeLR8maRU/1olCFR2aE29XoAtEF+SyPh +eI8ZhXqL2ccJqStD37TMsUmemTgBkH1Rig3eelRDeaZ6oh5UjuKcg7IpdmyYdRNE +5KO3afHdhM6C/CXoh689273ddasvdYcGCIYku6AjiNjcr4sNbGdmqDNc/6emHqp4 +WxyKfc5AuqZpmbEVhIYG1PTmldJl78EZBYoLjea6fai+6LH3c75p85lUWbfcpq7s +QczweRPz/X+YMnNpCo8+psngSBIjDiJF7JFrVCFPyH8zFbva/TWCZ3Cf8Z4GLm0d +e1gBJfFeXaQHHL2qaX5FXiYqwL2cjmr09lV3hWmQC9bA4q7Z/q2BEjZtZuPJn/qZ +NIkCMwQQAQoAHRYhBKaHPSSk1tYoSuQqdfBgWf1dx8w/BQJgDR7dAAoJEPBgWf1d +x8w/SdkP/1uvi7L2ZVvq564VXA+5YFNq+BvzMDYkf/8RaAAFFUVbblQQBjlHN8nA +ViZZepOJOmba639e8E/uXsXF5z0l7Y1XEiuU6xofjmX8i9Px3MG5G1mXQGgaozW7 +fimU81f5DlLFv3W9lrZ1iQdpfZQYpBMdE6PuBl4wvElHPB6rVTxBIigjVsQceXMV +b64RttDSX84glqv15rTrPQLPg5duX+YzMOVKyH7tWuuOsPuWaUZejNieX7UubA4s +E1pnpH0OBpw/d8r0Rte9ZifmSavfPygaLC3w5ihXKwPLVikhOIF7PgsVaRRBzJQL +pw7BTt+nGOZIQofW1TM8gOPPrbWzwyCnPEMzjyM6g46zsW8FRxTq8/qRXwB7dg9v +wZRVSX4+Dzuuvyt/p3p8OX5nhv2UrqXSeZx5gcWrof+td7X8lGj4j/kvFI6lotqL ++DTf4ndH8OyVjVL3Kzdc6e1+F/odgjurPW20GiNasLFpRz7aNUTtoSMc1zHi7tmW +EB0HMrCvdTwUuDOHVcebaR0xOPVcPcJhLoJDDQPRCFC93RvWL8qf5XPXwxYu9+tk +Kx22lFNJqnQeYH6s0QqJowcGwchpM23JlAyQ4y8qCb8Rng4V2KvmonWO5iadM+/9 +sNFmf7APUzeCMP0LGO+YLKgf3aPe2lQZOF3nQXpQ7iSDW33C45QpiQIzBBABCgAd +FiEEUKMDCY6i3XvL7iraCeAfoDwMUE4FAmANHuMACgkQCeAfoDwMUE47RxAAsbz1 +94m0hNMFUkzXc947B9qozcQMQJRhKsouBaMMwR+F1RgLH0oSAhYESsl+o8ngsyTo +AKYAP5p/N/wMzSZY0/B1XoQkTJT7HCX6G1gBKr6C5US4wL4Y2xQtBBVipAONK21p +RiSVUcvtOVfdUTSd2NNBUcVq9NCnWjtawu+8Z8fwJYa74gy8u9QQi9QjNPcupz63 +PKzB8WG1NjEI6Jx1TkZbGLoyXDQ/J7lfnoqGQoqIXMJjQHiDuNV8gIaPo2isHx6H +VOXYm+kx3mG/3cpTlWS1yfehHPrRYg/CB6joHYUUu9oe8HI1C8GF/4VxRsW6bfaZ +6rByBoPiCIb39xTLyCASXrXZ3n5wJ2blSCN3GPRxOcrNKQRgfNiXEc2jZtVA6sKU +a5DvvHYvIBqD6M9E8hPd5EomOW7t8zNCaFCvqWOanMmJmCqSlgSavZqEMOyTvcOM +ARyjZBseIIQZxwcfiKfJyI17adP/0fRdB5ypUUGaLPcbdh7JWJHzEbplGPj9VHrX ++xBN9fk2l8iXwPxD85C7lvup4SX+HEav3ofIJSrL47yC0DDrmia/JS3U/omD4raL +yfLSoVu0Qf6G6Z1MSLV1sfaMLNWssuwKYx2wHEsjRoURlWuQVR78KuCE8x+GZQ++ +Qa75Wuf0h6myzktUkfvddz6oW5W2yfVbAkuFR+yJAjMEEAEKAB0WIQSt/bcJ/h6m +guWFWXHVgyEO9RRxpwUCYA0e6AAKCRDVgyEO9RRxp277EACTAyRqNIaZPaSMAdw/ +AcYNX+/0G5+3m2+baSEPjcJUYOdwqQeUFAFZ3Sf9H4cm4zfNafQ0AjWUm9NYpwt8 +YKhN78dOpFaNdER43SAjVGmJb7Vs/yEX4EQZ3j7uRtypwAm6tehdo8kiKtMr774H +DZHGUp7NYdbBnCwiQWHFcwcK1ZWdgIY4Nw61pK5/iDl0ZIOZDXPgZWutB3ULNwBg +2PHBLOJaSvzl9jhC7Zjgpus6dEiTU/Ij6dKX+U0X9Hh5c2O3FQ08UwBffTBjTZTm +ThXGN8RN3a3cuBlpP5rTArU412yV4/+GkDPP/hv9iAgRAhwXomskyoC1Wq7I/1O1 +Ipzac19walDjLDvIBEVZmzi7YODEMU0F/EobW6+aByp9/cBGlBBn2Ppy+RQRevHm +Lf6jpvHcmdSEMvIDXDDJfUHVYfcpVnZJ3LfPE1kfdOhOKpCju8ZF9OPHUokhjKRM +frKLWOD2rxNQmqrfhvVsh8NSBNNaL9NkwnwevGo4ap2PaKwA2gxzZrMSrH3au9jE +K9+pnE94hdhRRfKINNME5r2Uo5Rcs6OIiuDM1wCmrIT2f4n0imXJoTiA/jwHWFAK +27EPnxXWZkbjR/oiIm5vaKqB9NbZDVtTw/4H7+pQ3E47THD+KY718FVUuV3cnOtM +MdoRGDkrd8ZS/I6ze7pOnCJy4IkBMwQQAQoAHRYhBK0g4aqLQTZwpkJS2L0nbS5v +z6iFBQJgDR7wAAoJEL0nbS5vz6iFz58IAIJRgMKRz4cOUy5iIPvtswXMb9tFR37U +PyLGJR1CbclXwUxTe6brN+8kWGka/g40qoG0Wr6GgQheYBjmV1CvXwOvZv83/FkK +GkGUZDjNhbfSXlrBMUczUEk3d6w2h8XHOoHozmWgf7fJk06MIJAwEt4ENK3Bfm+k +CCrCJuma8WzccyBLyU2iMLS14w7GOxJVyV37L8XcwmhysNyCpF0TVLPlPeGrvHO3 +hsw+lJZiZeXKUrU2hnzoM29A71PmkLVUYLN1JzvASwWCVsMfIO5T/bUzSLBysuEU +msqRL+vJQvzNDJs9gVrAtCnfZRQFHRYVYHsqqayhsj3/mk7x9a8Q6ZCJAjMEEAEK +AB0WIQQpbJTb0CgCRb/Tkdd7UpZI7oVyZAUCYA0e+AAKCRB7UpZI7oVyZKXLD/96 +55HOR12CYECMhU33Y5fqs10tYTdyoJjjStp+t2oApyaswr+DQPs6UVFUJWgMy478 +ro2DqW9kYHZeX0BumiQ5zrCeyBQYU+RUUNH7MU0pzdGuYWiL9PXqHNacuzV8GrIs +r4NFB1SJ66nbaKRMdJJnnfvtnJyHPfJ2VloxizYLNYptKUVbcP0j5ahXPbhy6Cyy +qlsAK28/gSRhDOqdq4/mKcNrc656bsmOqoaOl5po1N0sGStYQCuFWKjawujG5ZvF +x4hbwJUSU5gOFrBZgm2cYjypIO/GQz6CYbhGt77qV7f7hzo9qwA6UeIqrECvr83W +Jtp4e+FnjVQ6AfSwLI8oOPRa6DvJDdU+EGYPaWLbXnmq1fMu1nNn9SfHtkR+uDlN +GiQJk9EZSz30msacuEXZlXiypA2zTQFYAvtBZmYR4qjBX0qHImqmukjZZFhJ0sxR +LXE66HgvdxMTbYCVCWJY6u21yXF0O0a+nEvx0v1doux1247jzGXwyQTKXZsUZhv1 +qLv8igtMaJkSLZz1E1U703PdsMhU9jH6RKlwkW3KI/2NHEsxw7nDuhS6ez0UIM6O +sur53HCnDcA7k9eUaa+Sm0yCBeccZ9zmUgG2K3cFKdpQlljyt4WJTsKDrK4AkAHR +FjAJ0wOvv4apnz5LYNobKc/oTbjJacbTczB2lwGe17kCDQRgDR08ARAA9XG4WjRg +7cOfk6ur3Tj0TsmoiZ5jDKQ+ObZqk2aeIk5WutraEFe0OkI46F4oEbIwLB8rChHX +uVq18EM1mDD99tM3xTUoSm6BCdQeNx0Hh6enLZK49LBSMqTn3Fd9PNLL/QBABYWc +wgrazwxOlTrLOpX+XcgvRuxK36CisNr5i7Ocuc7EIuUurF6YoSaaxDT9XZHpuSSV +AI//sH+GmeBVgIs6f+8MSGe5R4g3aiyYqykwMtgSVgKqxi6Bo5UD8HeXpEAIgtNT +2gOxLgvar6vwlbTFamv+vy4C2RXY+7paEjGnlwI4nJrIWh0c1z3qIvAkEzhN88/J +fVCtjtKFjPAhGf48LxnRnURGb9anyexrRTPkGcmxx7/sxGMe/M31lpHOVKUZduWV +83/9/7NpSWU0BRmWyzK9CzQC/97Vb8JJhZG3N7RmTZgiO1GKAWFAKgd6X6oo6O/V +n5zngHY3jfKkb+wlcVa76IIDv3dc3JIENkmghfvuzdrx2IIqK+NSrBzp7OeTtgJE +vR5yTysS6wdlihY5zJgIBJh+GAy7lA8gzB3MhZe/qPSvnmK3ZTb1RnM5y5ySMZsU +mZnUVqjqjgUbY7NdXRpPeYLzwzzsvT+vlQX4P7LjGaienI6EP+AO7v2Ei+zv1NMI +jkXPPNtPwp01B3M09nYihjDnM/dviPF8J1sAEQEAAYkCNgQYAQoAIBYhBPTOImMh +AlPWqfl5sExm6o1L7hvuBQJgDR08AhsMAAoJEExm6o1L7hvuW6gP/iTNEyA96lc6 +3WxvkrpqiyZN4vdDwWv9FoEuZohlOCwQZpQy8wZlbtmjYcKAz1mRF3uBqZRvgzu4 +7ggzny8lF0m93PnyroRO5O6I8lT95HWH5+7mcoYpbDY1XII+QbP+Xdxi2mkUXqkY +3TRcp9VzwWyQb/0sgGch7ZOnd7bK12Q8wd2YmkCq5dQ8BXxFbnom6VoRpHnu1AsU +6ZKYbK5ogKXUoBxYKRqX6vMxMjALd/yJFKZwrCWkOxj0ipXCgHOlqbqgi5wH/gRu +qGkMYJ6fAnVcEdyfK5IRrtMB/3ZHlIDFXyEIA+K0AxpqE098KwnemOjrSYZV8Ek5 +48tVsKlmqqgJ1QkacR54OLw9CjNm0bXX1iqMfR89NfdIWqfyq732vqKb7UDfcjOK +IV4VP4sS8rBNrlzGpnkCOejE6YqxqwUt9ggtk9Q3SjqTrPTDZ3hExjcigchwnG5m +rZzBKYo7vQxoK+Y6Kx+BZHo2tUloURtsgqW7mLrfbY68Vbm4O1Ev5mjWA4bmOTrD +ivZF0HKBAdHG0B8JolpbSmoPVB0V9UAQvbb/amMK1zo36/cDrSZ9fid3Pbwyuupg +058rgvZPvBknm6p+k1mGb9XBGJlJaOR9Q0cmKobZhVmnSuCkRBJdLixHRvzcfygi +ra/bqVWSpZTlHZ0xT9seCUSs1urxGw9Z +=3HCo +-----END PGP PUBLIC KEY BLOCK----- + + pub rsa4096/0xD583210EF51471A7 2020-04-08 [SC] Key fingerprint = ADFD B709 FE1E A682 E585 5971 D583 210E F514 71A7 uid [ full ] Sendmail Signing Key/2020 @@ -3715,4 +3891,3 @@ Nq5nZ04BGHdVToZvUf2ABdQnWx94uOCRJp2bLJiEepNtaL2OPqe2EQVF7ia2Y0PT q8WNeh9erYZriQ== =VuMX -----END PGP PUBLIC KEY BLOCK----- - diff --git a/contrib/sendmail/README b/contrib/sendmail/README index 5b11d025b866..50cbce25e169 100644 --- a/contrib/sendmail/README +++ b/contrib/sendmail/README @@ -371,11 +371,6 @@ for a response. As of 8.10.0, the default Timeout.ident is 5 seconds as many sites have adopted the practice of dropping IDENT queries. This has lead to delays processing mail. -No ident server is included with this distribution. It is available -from: - - ftp://ftp.lysator.liu.se/pub/ident/servers/ - http://sf.www.lysator.liu.se/~pen/pidentd/ +-------------------------+ | INTEROPERATION PROBLEMS | diff --git a/contrib/sendmail/RELEASE_NOTES b/contrib/sendmail/RELEASE_NOTES index 6a0f0c52f844..d8186f05e0f4 100644 --- a/contrib/sendmail/RELEASE_NOTES +++ b/contrib/sendmail/RELEASE_NOTES @@ -5,6 +5,121 @@ This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release. +8.17.1/8.17.1 2021/08/17 + Deprecation notice: due to compatibility problems with some + third party code, we plan to finally switch from K&R + to ANSI C. If you are using sendmail on a system + which does not have a compiler for ANSI C contact us + with details as soon as possible so we can determine + how to proceed. + Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533) + is available when using the compile time option USE_EAI + (see also devtools/Site/site.config.m4.sample for other + required settings) and the cf option SMTPUTF8. + If a mail submission via the command line requires + the use of SMTPUTF8, e.g., because a header uses UTF-8 + encoding, but the addresses on the command line are all + ASCII, then the new option -U must be used, and + the cf option SMTPUTF8 must be set in submit.cf. + Please test and provide feedback. + Experimental support for SMTP MTA Strict Transport Security + (MTA-STS, see RFC 8461) is available when using + - the compile time option _FFR_MTA_STS (which requires + STARTTLS, MAP_REGEX, SOCKETMAP, and _FFR_TLS_ALTNAMES), + - FEATURE(sts), which implicitly sets the cf option + StrictTransportSecurity, + - postfix-mta-sts-resolver, see + https://github.com/Snawoot/postfix-mta-sts-resolver.git + New ruleset check_other which is called for all unknown SMTP + commands in the server and for commands which do not + have specific rulesets, e.g., NOOP and VERB. + New ruleset clt_features which can be used to select features + in the SMTP client per server. Currently only two + flags are available: D/M to disable DANE/MTA-STS, + respectively. + Avoid leaking session macros for an envelope between + delivery attempts to different servers. This problem + could have affected check_compat. + Avoid leaking actual SMTP replies between delivery attempts + to different servers which could cause bogus logging + of reply= entries. + Change default SMTP reply code for STARTTLS related problems + from 403 to 454 to better match the RFCs. + Fix a theoretical buffer overflow when encountering an + unknown/unsupported socket address family on an + operating system where sa_data is larger than 30 + (the standard is 14). Based on patch by Toomas Soome. + Several potential memory leaks and other similar problems + (mostly in error handling code) have been fixed. + Problems reported by Tomas Korbar of RedHat. + Previously the commands GET, POST, CONNECT, or USER terminate + a connection immediately only if sent as first command. + Now this is also done if any of these is sent directly + after STARTTLS or if the 'h' option is set via + srv_features. + CDB map locking has been changed so a sendmail process which + does have a CDB map open does not block an in-place + update of the map by makemap. The simple workaround + for that problem in earlier versions is to create + the map under a different name and then move it + into place. + On some systems the rejection of a RCPT by a milter could + silently fail. + CONFIG: New FEATURE(`check_other') to provide a default + check_other ruleset. + CONFIG: FEATURE(`tls_failures') is deprecated and will be + removed in future versions because it has a fundamental + problem: it is message oriented but STARTTLS is + session oriented. For example, having multiple + RCPTs in one envelope for different destinations, + with different temporary errors, does not work + properly, as the persistent macro applies to all + RCPTs and hence implicitly to all destinations (servers). + The option TLSFallbacktoClear should be used if needed. + MAIL.LOCAL: Enhance some error messages to simplify + troubleshooting. + Portability: + Add support for Darwin 19 & 20. + NOTE: File locking using fcntl() does not interoperate + with Berkeley DB 5.x (and probably later). Use + CDB, flock() (-DHASFLOCK), or an earlier Berkeley + DB version. Problem noted by Harald Hannelius. + New Files: + cf/feature/check_other.m4 + cf/feature/sts.m4 + devtools/OS/Darwin.19.x + devtools/OS/Darwin.20.x + include/sm/ixlen.h + libsm/ilenx.c + libsm/lowercase.c + libsm/strcaseeq.c + libsm/t-ixlen.c + libsm/t-ixlen.sh + libsm/t-streq.c + libsm/t-streq.sh + libsm/utf8_valid.c + libsm/uxtext_unquote.c + libsm/xleni.c + libsmutil/t-lockfile.c + libsmutil/t-lockfile-0.sh + libsmutil/t-maplock-0.sh + +8.16.2/8.16.2 202X/XX/XX + New compile time option NO_EOH_FIELDS to disable the special + meaning of the headers Message: and Text: to denote the + end of the message header. + CONTRIB: AuthRealm.p0 has been modified for 8.16.1 by Anne Bennett. + CONTRIB: Added cidrexpand -O option for suppressing duplicates from + a CIDR expansion that overlaps a later entry and -S option + for skipping comments exactly like makemap does. + Portability: + Add support for Darwin 19 (Mac OS X 10.15). + Use proper FreeBSD version define to allow for cross + compiling. Fix from Brooks Davis of the FreeBSD + project. + New Files: + devtools/OS/Darwin.19.x + 8.16.1/8.16.1 2020/07/05 SECURITY: If sendmail tried to reuse an SMTP session which had already been closed by the server, then the connection @@ -114,14 +229,22 @@ summary of the changes in that release. changes in sys/sem.h On Linux set MAXHOSTNAMELEN (the maximum length of a FQHN) to 256 if it is less than that value. - Added Files: + New Files: cf/feature/blocklist_recipients.m4 + cf/feature/check_cert_altnames.m4 cf/feature/tls_failures.m4 devtools/OS/Darwin.14.x devtools/OS/Darwin.15.x devtools/OS/Darwin.16.x + devtools/OS/Darwin.17.x + devtools/OS/Darwin.18.x + include/sm/notify.h + libsm/notify.c + libsm/t-notify.c libsmdb/smcdb.c sendmail/ratectrl.h + sendmail/tls.h + sendmail/tlsh.c 8.15.2/8.15.2 2015/07/03 If FEATURE(`nopercenthack') is used then some bogus input triggered @@ -335,7 +458,7 @@ summary of the changes in that release. On Linux use socklen_t as the type for the 3rd argument for getsockname/getpeername if the glibc version is at least 2.1. - Added Files: + New Files: devtools/OS/Darwin.12.x devtools/OS/Darwin.13.x @@ -416,7 +539,7 @@ summary of the changes in that release. Add support for Darwin 11.x (Mac OS X 10.7). Add support for SunOS 5.12 (aka Solaris 12). Patch from John Beck of Oracle. - Added Files: + New Files: devtools/OS/Darwin.11.x devtools/OS/SunOS.5.12 @@ -601,7 +724,7 @@ summary of the changes in that release. Chris Behrens of Concentric. Add support for SCO OpenServer 6, patch from Boyd Gerber. DEVTOOLS: Clarify that confSHAREDLIBDIR requires a trailing slash. - Added Files: + New Files: devtools/OS/Darwin.9.x devtools/OS/OSR.i386 @@ -1825,7 +1948,7 @@ summary of the changes in that release. Use strerror(3) on Linux. If this causes a problem on your Linux distribution, compile with -DHASSTRERROR=0 and tell sendmail.org about it. - Added Files: + New Files: devtools/OS/AIX.5.2 8.12.9/8.12.9 2003/03/29 @@ -3987,7 +4110,7 @@ summary of the changes in that release. have a From line. VACATION: Read all of the headers before deciding whether or not to respond instead of stopping after finding recipient. - Added Files: + New Files: cf/ostype/darwin.m4 contrib/cidrexpand contrib/link_hash.sh @@ -4004,7 +4127,7 @@ summary of the changes in that release. Purczynski of elzabsoft.pl. SECURITY: Add more vigilance around set*uid(), setgid(), setgroups(), initgroups(), and chroot() calls. - Added Files: + New Files: test/t_setuid.c 8.10.1/8.10.1 2000/04/06 @@ -4109,7 +4232,7 @@ summary of the changes in that release. VACATION: Fix -t option which is ignored but available for compatibility with Sun's version, based on patch from Volker Dobler of Infratest Burke. - Added Files: + New Files: devtools/M4/UNIX/smlib.m4 devtools/OS/OSF1.V5.0 Deleted Files: diff --git a/contrib/sendmail/cf/README b/contrib/sendmail/cf/README index 983aa2821a1a..cfabe5eefe45 100644 --- a/contrib/sendmail/cf/README +++ b/contrib/sendmail/cf/README @@ -1120,9 +1120,8 @@ local_procmail Use procmail or another delivery agent as the local mailer. setreuid() call, you may need to add -f $f to the procmail argument vector to pass the proper sender to procmail. - For example, this allows it to use the maildrop - (http://www.flounder.net/~mrsam/maildrop/) mailer instead - by specifying: + For example, this allows it to use the maildrop mailer + instead by specifying: FEATURE(`local_procmail', `/usr/local/bin/maildrop', `maildrop -d $u') @@ -1132,7 +1131,7 @@ local_procmail Use procmail or another delivery agent as the local mailer. FEATURE(`local_procmail', `/usr/local/bin/scanmails') WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, - i.e., without respecting any definitions in an OSTYPE setting. + i.e., without respecting any definitions in an OSTYPE setting. bestmx_is_local Accept mail as though locally addressed for any host that lists us as the best possible MX record. This generates @@ -1267,6 +1266,12 @@ delay_checks The rulesets check_mail and check_relay will not be called section. Note: this feature is incompatible to the versions in 8.10 and 8.11. +check_other Enable a default check_other ruleset which terminates + an SMTP session when it encounters a command which matches + a regular expression given as argument. If no argument + is given, then the default (to match potential headers) is: + ^[[:print:]]+ *: + use_client_ptr If this feature is enabled then check_relay will override its first argument with $&{client_ptr}. This is useful for rejections based on the unverified hostname of client, @@ -1578,9 +1583,9 @@ require_rdns Reject mail from connecting SMTP clients without proper Entries such as Connect:1.2.3.4 OK - Connect:1.2 RELAY - will allowlist IP address 1.2.3.4, so that the rDNS - blocking does apply to that IP address + Connect:1.3 RELAY + will allowlist IP address 1.2.3.4 and IP net 1.3.* + so that the rDNS blocking does apply not to those IPs. Entries such as Connect:1.2.3.4 REJECT @@ -1603,6 +1608,14 @@ badmx Reject envelope sender addresses (MAIL) whose domain part has been compiled with the options MAP_REGEX and DNSMAP. +sts Experimental support for Strict Transport Security + (MTA-STS, see RFC 8461). It sets the option + StrictTransportSecurity and takes one optional + argument: the socket map specification to access + postfix-mta-sts-resolver (see feature/sts.m4 + for the default value). + For more information see doc/op/op.me. + +-------+ | HACKS | +-------+ @@ -2581,7 +2594,7 @@ top level domain TLD, 192.168.212.* network, and the IPv6 address 2002:c0a8:02c7::/48. Entries in the access map should be tagged according to their type. -Three tags are available: +These tags are applicable: Connect: connection information (${client_addr}, ${client_name}) From: envelope sender @@ -2818,7 +2831,7 @@ regex map: # check address against various regex checks R$* $: $>Parse0 $>3 $1 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $) - R@MATCH $#error $: 553 Header Error + R@MATCH $#error $: 553 Address Error These rules are called with the original arguments of the corresponding check_* ruleset. If the local ruleset returns $#OK, no further checking @@ -3081,8 +3094,8 @@ Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org (line breaks have been inserted for readability). -The macros which are subject to this encoding are ${cert_subject}, -${cert_issuer}, ${cn_subject}, and ${cn_issuer}. +The macros which are subject to this encoding are ${cert_subject}, +${cert_issuer}, ${cn_subject}, and ${cn_issuer}. Examples: @@ -3223,13 +3236,13 @@ options: - CertFile, KeyFile: {Server,Client}{Cert,Key}File - Flags: see doc/op/op.me for details. -If FEATURE(`tls_session_features') is used, then default rulesets -are activated which look up entries in the access map with the tags -TLS_Srv_features and TLS_Clt_features, respectively. -For example, these entries: +If FEATURE(`tls_session_features') and FEATURE(`access_db') are +used, then default rulesets are activated which look up entries in +the access map with the tags TLS_Srv_features and TLS_Clt_features, +respectively. For example, these entries: - TLS_Srv_features:10.0.2.4 CipherList=MEDIUM+aRSA; - TLS_Clt_features:10.1.0.1 Options=SSL_OP_NO_TLSv1_2; CipherList=ALL:-EXPORT +TLS_Srv_features:10.0.2.4 CipherList=MEDIUM+aRSA; +TLS_Clt_features:10.1.0.1 Options=SSL_OP_NO_TLSv1_2; CipherList=ALL:-EXPORT specify a cipherlist with MEDIUM strength ciphers that use RSA certificates only for the client with the IP address 10.0.2.4, @@ -3240,21 +3253,23 @@ their own rulesets which must return the appropriate data. If the rulesets are not defined or do not return a value, the default TLS options are not modified. -About 2): the ruleset try_tls (srv_features) can be used together -with the access map. Entries for the access map must be tagged -with Try_TLS (Srv_Features) and refer to the hostname or IP address -of the connecting system. A default case can be specified by using -just the tag. For example, the following entries in the access map: +About 2): the rulesets try_tls, srv_features, and clt_features can +be used together with the access map. Entries for the access map +must be tagged with Try_TLS, Srv_Features, Clt_Features and refer +to the hostname or IP address of the connecting system. A default +case can be specified by using just the tag. For example, the +following entries in the access map: Try_TLS:broken.server NO Srv_Features:my.domain v Srv_Features: V + Clt_Features:broken.sts M will turn off STARTTLS when sending to broken.server (or any host -in that domain), and request a client certificate during the TLS -handshake only for hosts in my.domain. The valid entries on the RHS -for Srv_Features are listed in the Sendmail Installation and -Operations Guide. +in that domain), request a client certificate during the TLS handshake +only for hosts in my.domain, and disable MTA-STS for broken.sts. +The valid entries on the RHS for Srv_Features and Clt_Features are +listed in the Sendmail Installation and Operations Guide. *** 21876 LINES SKIPPED ***