Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 11 Jul 2015 03:46:37 +0000 (UTC)
From:      Gregory Neil Shapiro <gshapiro@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
Subject:   svn commit: r285374 - in stable/8/contrib/sendmail: . cf cf/cf cf/feature cf/hack cf/m4 contrib doc/op editmap include/sendmail include/sm libmilter libmilter/docs libsm libsmdb makemap src
Message-ID:  <201507110346.t6B3kbM7096740@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: gshapiro
Date: Sat Jul 11 03:46:36 2015
New Revision: 285374
URL: https://svnweb.freebsd.org/changeset/base/285374

Log:
  MFC: Merge sendmail 8.15.2

Added:
  stable/8/contrib/sendmail/cf/feature/bcc.m4
     - copied unchanged from r285229, head/contrib/sendmail/cf/feature/bcc.m4
  stable/8/contrib/sendmail/cf/feature/nopercenthack.m4
     - copied unchanged from r285229, head/contrib/sendmail/cf/feature/nopercenthack.m4
  stable/8/contrib/sendmail/cf/feature/prefixmod.m4
     - copied unchanged from r285229, head/contrib/sendmail/cf/feature/prefixmod.m4
  stable/8/contrib/sendmail/cf/feature/tls_session_features.m4
     - copied unchanged from r285229, head/contrib/sendmail/cf/feature/tls_session_features.m4
  stable/8/contrib/sendmail/cf/hack/xconnect.m4
     - copied unchanged from r285229, head/contrib/sendmail/cf/hack/xconnect.m4
  stable/8/contrib/sendmail/contrib/AuthRealm.p0
     - copied unchanged from r285229, head/contrib/sendmail/contrib/AuthRealm.p0
Deleted:
  stable/8/contrib/sendmail/libsm/path.c
Modified:
  stable/8/contrib/sendmail/CACerts
  stable/8/contrib/sendmail/FAQ
  stable/8/contrib/sendmail/INSTALL
  stable/8/contrib/sendmail/KNOWNBUGS
  stable/8/contrib/sendmail/PGPKEYS
  stable/8/contrib/sendmail/README
  stable/8/contrib/sendmail/RELEASE_NOTES
  stable/8/contrib/sendmail/cf/README
  stable/8/contrib/sendmail/cf/cf/Makefile
  stable/8/contrib/sendmail/cf/cf/submit.cf
  stable/8/contrib/sendmail/cf/cf/submit.mc
  stable/8/contrib/sendmail/cf/feature/block_bad_helo.m4
  stable/8/contrib/sendmail/cf/feature/ldap_routing.m4
  stable/8/contrib/sendmail/cf/m4/cfhead.m4
  stable/8/contrib/sendmail/cf/m4/proto.m4
  stable/8/contrib/sendmail/cf/m4/version.m4
  stable/8/contrib/sendmail/doc/op/op.me
  stable/8/contrib/sendmail/editmap/editmap.c
  stable/8/contrib/sendmail/include/sendmail/sendmail.h
  stable/8/contrib/sendmail/include/sm/bdb.h
  stable/8/contrib/sendmail/include/sm/cdefs.h
  stable/8/contrib/sendmail/include/sm/conf.h
  stable/8/contrib/sendmail/include/sm/errstring.h
  stable/8/contrib/sendmail/include/sm/fdset.h
  stable/8/contrib/sendmail/libmilter/docs/smfi_setsymlist.html
  stable/8/contrib/sendmail/libmilter/engine.c
  stable/8/contrib/sendmail/libmilter/handler.c
  stable/8/contrib/sendmail/libmilter/listener.c
  stable/8/contrib/sendmail/libmilter/signal.c
  stable/8/contrib/sendmail/libmilter/smfi.c
  stable/8/contrib/sendmail/libmilter/worker.c
  stable/8/contrib/sendmail/libsm/Makefile.m4
  stable/8/contrib/sendmail/libsm/errstring.c
  stable/8/contrib/sendmail/libsm/local.h
  stable/8/contrib/sendmail/libsm/mbdb.c
  stable/8/contrib/sendmail/libsm/refill.c
  stable/8/contrib/sendmail/libsm/stdio.c
  stable/8/contrib/sendmail/libsm/vfprintf.c
  stable/8/contrib/sendmail/libsmdb/smdb.c
  stable/8/contrib/sendmail/makemap/makemap.c
  stable/8/contrib/sendmail/src/README
  stable/8/contrib/sendmail/src/TRACEFLAGS
  stable/8/contrib/sendmail/src/TUNING
  stable/8/contrib/sendmail/src/bf.c
  stable/8/contrib/sendmail/src/collect.c
  stable/8/contrib/sendmail/src/conf.c
  stable/8/contrib/sendmail/src/daemon.c
  stable/8/contrib/sendmail/src/deliver.c
  stable/8/contrib/sendmail/src/envelope.c
  stable/8/contrib/sendmail/src/err.c
  stable/8/contrib/sendmail/src/headers.c
  stable/8/contrib/sendmail/src/main.c
  stable/8/contrib/sendmail/src/map.c
  stable/8/contrib/sendmail/src/mci.c
  stable/8/contrib/sendmail/src/milter.c
  stable/8/contrib/sendmail/src/parseaddr.c
  stable/8/contrib/sendmail/src/queue.c
  stable/8/contrib/sendmail/src/readcf.c
  stable/8/contrib/sendmail/src/recipient.c
  stable/8/contrib/sendmail/src/savemail.c
  stable/8/contrib/sendmail/src/sendmail.8
  stable/8/contrib/sendmail/src/sendmail.h
  stable/8/contrib/sendmail/src/sfsasl.c
  stable/8/contrib/sendmail/src/sm_resolve.c
  stable/8/contrib/sendmail/src/srvrsmtp.c
  stable/8/contrib/sendmail/src/tls.c
  stable/8/contrib/sendmail/src/usersmtp.c
  stable/8/contrib/sendmail/src/util.c
  stable/8/contrib/sendmail/src/version.c
Directory Properties:
  stable/8/contrib/sendmail/   (props changed)

Modified: stable/8/contrib/sendmail/CACerts
==============================================================================
--- stable/8/contrib/sendmail/CACerts	Sat Jul 11 03:42:01 2015	(r285373)
+++ stable/8/contrib/sendmail/CACerts	Sat Jul 11 03:46:36 2015	(r285374)
@@ -10,6 +10,102 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
+            92:91:67:de:e0:ef:2c:e4
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org
+        Validity
+            Not Before: Mar  2 19:15:29 2015 GMT
+            Not After : Mar  1 19:15:29 2018 GMT
+        Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b9:1a:a1:56:ce:cb:16:af:4f:96:ba:2a:70:31:
+                    70:d3:86:6c:7a:46:26:47:42:3f:de:49:57:3e:08:
+                    1e:10:25:bf:06:8f:ca:fd:f4:5e:6a:01:7d:31:4d:
+                    50:88:18:43:71:66:65:42:9c:90:97:0d:95:f2:14:
+                    ef:d7:5e:77:ef:7d:b5:49:3f:02:bb:83:20:f7:e6:
+                    fc:9a:cd:13:df:60:41:28:8e:39:07:a6:a4:40:98:
+                    15:1e:46:b6:04:2e:f9:ab:32:d1:8b:fe:52:81:f1:
+                    d2:e1:c3:cf:bf:ab:40:a7:f0:e4:e5:a2:82:37:30:
+                    8c:10:7d:aa:a8:7c:7e:76:cc:5f:1a:24:d0:8c:94:
+                    f6:f2:7f:4a:be:2f:38:67:c0:06:e6:9e:51:ad:55:
+                    d0:cb:26:71:cf:f4:af:7d:5a:41:81:16:fb:26:ec:
+                    f0:35:01:6e:db:f9:e9:00:d7:d0:89:7b:cf:88:16:
+                    8b:1c:8f:77:1f:5d:ef:70:04:28:76:c5:1b:c6:23:
+                    8d:49:6b:f0:b8:21:56:d6:7d:68:6c:be:21:e3:e6:
+                    e3:1d:6f:a5:ea:dc:83:e4:27:b3:6f:5f:1b:3d:33:
+                    a1:d5:d3:f0:73:1a:12:eb:d9:95:00:71:59:16:b4:
+                    e4:60:38:b2:2e:7f:b7:d4:c5:e9:3f:74:e4:48:38:
+                    29:89
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                B1:69:DB:5E:9B:CE:1A:B4:1D:B2:6A:FC:5A:22:97:B6:24:14:6F:32
+            X509v3 Authority Key Identifier: 
+                keyid:B1:69:DB:5E:9B:CE:1A:B4:1D:B2:6A:FC:5A:22:97:B6:24:14:6F:32
+                DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org
+                serial:92:91:67:DE:E0:EF:2C:E4
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Subject Alternative Name: 
+                email:ca+ca-rsa2015@esmtp.org
+            X509v3 Issuer Alternative Name: 
+                email:ca+ca-rsa2015@esmtp.org
+    Signature Algorithm: sha1WithRSAEncryption
+         0a:ce:07:39:77:08:c5:3a:00:04:e8:a0:3b:f7:d2:4c:79:02:
+         23:0b:da:c0:55:39:82:71:0a:0c:83:e2:de:f2:3b:fe:23:bc:
+         9b:13:34:d1:29:0a:16:3f:01:7d:9f:fb:4b:aa:12:dc:3b:7e:
+         b9:27:7b:ec:0c:3f:c0:d9:f5:d8:a8:a1:9c:1c:3a:2f:40:df:
+         27:1a:1a:a0:74:00:19:b7:82:0e:f9:45:86:bf:32:da:0e:72:
+         0a:4c:2c:39:21:63:c3:1f:61:6e:e2:4d:ba:7a:26:1a:15:ce:
+         b1:f6:1a:59:04:70:ed:e8:72:05:4c:fc:84:c6:a5:f4:e2:4a:
+         40:e4:42:70:87:9a:a7:02:26:3a:47:34:09:e0:7b:88:ca:fb:
+         99:d9:9b:bb:0c:52:8a:93:d5:59:30:0b:55:42:b4:bb:d2:b1:
+         49:55:81:a4:70:a0:49:19:f2:4f:61:94:af:e9:d7:62:68:65:
+         97:67:00:26:b8:9b:b2:2c:d0:2c:83:7d:3e:b3:31:73:b9:55:
+         49:53:fa:a3:ad:1b:02:67:08:9e:ce:9e:eb:9f:47:0d:6c:95:
+         e9:6c:30:92:c1:94:67:ad:d9:e3:b9:61:ea:a9:72:98:81:3a:
+         62:80:70:20:9a:3e:c4:1f:6f:bd:b4:00:ec:b1:fe:71:da:91:
+         15:89:f7:8f
+-----BEGIN CERTIFICATE-----
+MIIFJzCCBA+gAwIBAgIJAJKRZ97g7yzkMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIQmVya2VsZXkx
+FDASBgNVBAoMC0VuZG1haWwgT3JnMQwwCgYDVQQLDANNVEExIjAgBgNVBAMMGUNs
+YXVzIEFzc21hbm4gQ0EgUlNBIDIwMTUxJjAkBgkqhkiG9w0BCQEWF2NhK2NhLXJz
+YTIwMTVAZXNtdHAub3JnMB4XDTE1MDMwMjE5MTUyOVoXDTE4MDMwMTE5MTUyOVow
+gaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhC
+ZXJrZWxleTEUMBIGA1UECgwLRW5kbWFpbCBPcmcxDDAKBgNVBAsMA01UQTEiMCAG
+A1UEAwwZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxNTEmMCQGCSqGSIb3DQEJARYX
+Y2ErY2EtcnNhMjAxNUBlc210cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC5GqFWzssWr0+WuipwMXDThmx6RiZHQj/eSVc+CB4QJb8Gj8r99F5q
+AX0xTVCIGENxZmVCnJCXDZXyFO/XXnfvfbVJPwK7gyD35vyazRPfYEEojjkHpqRA
+mBUeRrYELvmrMtGL/lKB8dLhw8+/q0Cn8OTlooI3MIwQfaqofH52zF8aJNCMlPby
+f0q+LzhnwAbmnlGtVdDLJnHP9K99WkGBFvsm7PA1AW7b+ekA19CJe8+IFoscj3cf
+Xe9wBCh2xRvGI41Ja/C4IVbWfWhsviHj5uMdb6Xq3IPkJ7NvXxs9M6HV0/BzGhLr
+2ZUAcVkWtORgOLIuf7fUxek/dORIOCmJAgMBAAGjggFWMIIBUjAdBgNVHQ4EFgQU
+sWnbXpvOGrQdsmr8WiKXtiQUbzIwgdoGA1UdIwSB0jCBz4AUsWnbXpvOGrQdsmr8
+WiKXtiQUbzKhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9y
+bmlhMREwDwYDVQQHDAhCZXJrZWxleTEUMBIGA1UECgwLRW5kbWFpbCBPcmcxDDAK
+BgNVBAsMA01UQTEiMCAGA1UEAwwZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxNTEm
+MCQGCSqGSIb3DQEJARYXY2ErY2EtcnNhMjAxNUBlc210cC5vcmeCCQCSkWfe4O8s
+5DAMBgNVHRMEBTADAQH/MCIGA1UdEQQbMBmBF2NhK2NhLXJzYTIwMTVAZXNtdHAu
+b3JnMCIGA1UdEgQbMBmBF2NhK2NhLXJzYTIwMTVAZXNtdHAub3JnMA0GCSqGSIb3
+DQEBBQUAA4IBAQAKzgc5dwjFOgAE6KA799JMeQIjC9rAVTmCcQoMg+Le8jv+I7yb
+EzTRKQoWPwF9n/tLqhLcO365J3vsDD/A2fXYqKGcHDovQN8nGhqgdAAZt4IO+UWG
+vzLaDnIKTCw5IWPDH2Fu4k26eiYaFc6x9hpZBHDt6HIFTPyExqX04kpA5EJwh5qn
+AiY6RzQJ4HuIyvuZ2Zu7DFKKk9VZMAtVQrS70rFJVYGkcKBJGfJPYZSv6ddiaGWX
+ZwAmuJuyLNAsg30+szFzuVVJU/qjrRsCZwiezp7rn0cNbJXpbDCSwZRnrdnjuWHq
+qXKYgTpigHAgmj7EH2+9tADssf5x2pEVifeP
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
             f1:41:b3:3d:ba:bd:33:49
         Signature Algorithm: sha1WithRSAEncryption
         Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2012/emailAddress=ca+ca-rsa2012@esmtp.org

Modified: stable/8/contrib/sendmail/FAQ
==============================================================================
--- stable/8/contrib/sendmail/FAQ	Sat Jul 11 03:42:01 2015	(r285373)
+++ stable/8/contrib/sendmail/FAQ	Sat Jul 11 03:46:36 2015	(r285374)
@@ -1,8 +1,4 @@
 The FAQ is no longer maintained with the sendmail release.  It is
 available at http://www.sendmail.org/faq/ .
 
-A plain-text version of the questions only, with URLs referring to
-the answers, is posted to comp.mail.sendmail on the 10th and 25th
-of each month.
-
-$Revision: 8.24 $, Last updated $Date: 1999-02-07 03:21:03 $
+$Revision: 8.25 $, Last updated $Date: 2014-01-27 12:49:52 $

Modified: stable/8/contrib/sendmail/INSTALL
==============================================================================
--- stable/8/contrib/sendmail/INSTALL	Sat Jul 11 03:42:01 2015	(r285373)
+++ stable/8/contrib/sendmail/INSTALL	Sat Jul 11 03:46:36 2015	(r285374)
@@ -28,8 +28,9 @@ sendmail/SECURITY for more installation 
    /etc/mail/submit.cf.  This can be done in the cf/cf by using
    "sh ./Build install-cf".
 
-   Please read sendmail/SECURITY before continuing; you have to create a
-   new user smmsp and a new group smmsp for the default installation.
+   Please read sendmail/SECURITY before continuing; you may have to create
+   a new user smmsp and a new group smmsp for the default installation
+   if you are updating from a really old version.
    Then install the sendmail binary built in step 3 by cd-ing back to
    sendmail/ and running "sh ./Build install".
 

Modified: stable/8/contrib/sendmail/KNOWNBUGS
==============================================================================
--- stable/8/contrib/sendmail/KNOWNBUGS	Sat Jul 11 03:42:01 2015	(r285373)
+++ stable/8/contrib/sendmail/KNOWNBUGS	Sat Jul 11 03:46:36 2015	(r285374)
@@ -62,9 +62,9 @@ This list is not guaranteed to be comple
   libmilter and hence the communication fails.  This can be avoided by
   increasing the constant MILTER_CHUNK_SIZE in
   include/libmilter/mfdef.h and recompiling sendmail, libmilter, and
-  all (statically linked) milters (or by using an undocumented compile
-  time option:  _FFR_MAXDATASIZE; you have to read the source code in
-  order to use this properly).
+  all (statically linked) milters (or by using undocumented compile
+  time options: _FFR_MAXDATASIZE/_FFR_MDS_NEGOTIATE; you have to
+  read the source code in order to use these properly).
 
 * Sender addresses whose domain part cause a temporary A record lookup
   failure but have a valid MX record will be temporarily rejected in
@@ -102,6 +102,11 @@ Kresolve sequence dnsmx canon
   Header addresses that have the \231 character (and possibly others
   in the range \201 - \237) behave in odd and usually unexpected ways.
 
+* AuthRealm for Cyrus SASL may not work as expected. The man page
+  and the actual usage for sasl_server_new() seem to differ.
+  Feedback for the "correct" usage is welcome, a patch to match
+  the description of the man page is in contrib/AuthRealm.p0.
+
 * accept() problem on SVR4.
 
   Apparently, the sendmail daemon loop (doing accept()s on the network)
@@ -252,7 +257,7 @@ Kresolve sequence dnsmx canon
 
 * Race condition for delivery to set-user-ID files
 
-  Sendmail will deliver to a fail if the file is owned by the DefaultUser
+  Sendmail will deliver to a file if the file is owned by the DefaultUser
   or has the set-user-ID bit set.  Unfortunately, some systems clear that bit
   when a file is modified.  Sendmail compensates by resetting the file mode
   back to it's original settings.  Unfortunately, there's still a

Modified: stable/8/contrib/sendmail/PGPKEYS
==============================================================================
--- stable/8/contrib/sendmail/PGPKEYS	Sat Jul 11 03:42:01 2015	(r285373)
+++ stable/8/contrib/sendmail/PGPKEYS	Sat Jul 11 03:46:36 2015	(r285374)
@@ -141,6 +141,185 @@ gpExpdV7qPrw9k01j5rod5PjZlG8zV0=
 =SR28
 -----END PGP PUBLIC KEY BLOCK-----
 
+
+pub   2048R/0xAAF5B5DE05BDCC53 2015-01-02
+fingerprint: 30BC A747 05FA 4154 5573  1D7B AAF5 B5DE 05BD CC53
+uid  Sendmail Signing Key/2015 <sendmail@Sendmail.ORG>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQENBFSl4rQBCADRCzgFSJkzyoOHw9/9L/+G3mzA1fWR7TgCE0WxGX7PDzyLDaUS
+a4XpCDtadjXyr7c5YPo1T7ybxUH39yvUgEHBiPQDssik+bbpOiHL7V0sUDAYfKSq
+YC8/MG42Oj/zd+0WUhnI+RckFYPBNDQ+sZC6ErLDxCYDZMYhG4vhJOGqAKpglNTb
+w4Fdx4LNmL3e4t3z4IEtnzAqeGVxIZm8MGGFhKkb8ufpgh8Jiz4Q6cOis0ZD9K6f
+LvMPRJXSBy9jBtmS2oI2e9Q5LLhmzd1PVyA8jwAlK0QfJLmlRrgRUfHFKhkf+EuW
+tTi592OYCZ9bw7QVSiGVQUK+7VACfM+FQR81ABEBAAG0MVNlbmRtYWlsIFNpZ25p
+bmcgS2V5LzIwMTUgPHNlbmRtYWlsQFNlbmRtYWlsLk9SRz6JATgEEwECACIFAlSl
+4rQCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEKr1td4FvcxTTPMH/29J
+kNmt6EGNo/eLQySB8HTenfJjZaQxwPRhq22kWgr/7WP1BR2411bopyNk4IZ0rcDr
+tnyeJj4UWKJljVuXyTDQPtU8uUlgiOT8QiHEbge7MOzxrn0cy6KIOgKq+vtuxa28
+McaxjENR7XVIDFkesQ7P/yLkcCjlE6jaD4r9OIKpqEVMPs1WUFff+rsgTo7mdcgR
+QowQOgYqNil5awQ5Y2Gol71hZ6oRcpqMwSd6w4dEEx2U8rF8oqJuoxeUTgNCSv0n
+iFtewLznocmxlrxe1mQAeLfRmUAG4LSL6p5wx1lRjJA3gtyWRjY0404jGxkATLG4
+AtK2OkHj8MbrWLP7PKyJARwEEAECAAYFAlSl5AQACgkQYd4R7OJ2OnPHXAf/Y6Rk
+rROF45+SgbsEIiDXQBcBOoO1GKe0nFTc1jfAKUHAQ94fqcDxNeFRA9fNIA2d7XNI
+0Lw6W7X3RcEkF58xytIe/Y+EXDmOt/BUbpch9KIz6J9pqBhPdyHvG+ZeyA3A+TGT
+ZGnnnAxNFtCjt2IID9lzZSLuWhH8+DNC2Vp15NngDTa1VIk17n5iIvi7r3V5cdIE
+MblKLGm+ZaiTeccVLjwMKIUSgrLP87+yF/aaZH2kotuI7f3tD1ycN0sVZJxcFS+c
+GFw7uvOarDBSm0Q/FgfhDUOJLy4w5SqVmgPEIAeogz94q0JXxSSr1XWQBD8X9XwF
+f3+dPXmgMHXLGRWclYkBHAQQAQIABgUCVKXkPAAKCRA9aLJdUgfK08cnB/96BV+v
+xyBx35TPg8eI/WIskdQAIpCQsm6FoO1ejbMzfWn9bImCewOp1UMlowdfQC52Hdp8
+EXnuwCpJ3rtnZctRld5dNM/clbZ+r3lr78wX7hqPUajlvxe+TMpyZbJirLn1f5Ba
+yoysE4oICfzJivPfixZd7oFVr9EkftbatYenl0rgf/0lJTKRDIqNGezeeyfxaKdX
+qd545wqis7PrrXDOrEq815aosG09KQBhIoPgti2us1R95nSm9z6dVCY/nSDOxL+a
+Vyq/XD5KSUqbZVocY+fbR3dNX5haTvawuG0GPvl+YvYb2lW4hhi7Q4aUL7Dd4c9c
+vk5+WAvfJwHtbxrgiQEcBBABAgAGBQJUpeREAAoJEI5a6fvO7vQ7OWUH/2NNxhlI
+JEtvD+Nj2oPGgVQJrlFI1pbzyMCtD+6iy8Lfnp2DK+qKPMjBw96LUqcXC32VFPQr
+17iyZDv26MSb/acmdIfTPpPTwJ6zEmMI8mXradeuoiWxeVHSg7n+D3u0xtikmb9Y
+uRKv0yx43fcL70bqV5DzyXQte0chfRnOiwMrImWdgDekkmxE9udbtgK24rifNVGa
+TBB6eHJAsFVu5Y38hsZLe10bCKyUCqT6Qywfy3RCMpXYeo6fXOk0fKatG2oi3CZp
+LI+AnjmAJ0t2oMkrwUxogkK3LkShJT/aJYIR24eZm0GdzwRHZxXKClGFvdJslIea
+TKHSXNK41eEIfreJARwEEAECAAYFAlSl5EgACgkQOaTHfal4hLAXfwf+M0YmlHd4
+1sfvckYhOYf99n1BGnfQx5RJn+X+EBjGyOfPKMBPQuZIlwAI20T+cFnR3WmgrmlO
+IBG8qVcSDoValzNPcr0V3WGDrT75fYhf5iYj2ZsZDBUqE1VF3dAVUw40x2c1n+98
+7lbq3NtolSPYk07h5rhEhmkjdNcixv/exVCTGVwaT4X9ZHY8heETmF5tsCtPavpr
+i/DjcDQQQ0sQ8um1eX41j2bhrN4MERUC5oadvSULaA2QUoWgCrzVG8zx715Au77N
+jLtfA31hJI0GP/dpSREaYlqA0nwVDR5tz1TyTNwPN1ylxjQmjKXtJwx3jUtlT9Zh
+qxRf+ngYHpWArokBHAQQAQIABgUCVKXkTAAKCRBgTfvyhUEKvl11B/9aYJBEEQZp
+JWAT6HPmQK//i2x4y1euQfaHsjqJALvvPrgiTp/ZE3o6dKHhs+SbawsB57RtootN
+maQr7x2drvBojWhJJdaouAh345qOfZYb0bD9klkr6W+Mjl5T0xWIKFEyIZn0Tcbr
+8ekHgSIx2trL8LduSJou2bdPMh46PORzEpuQQ4IAyV0uRyBdNFOPwTy2OdXs51fr
+M7lp1hJp84+y2a6z3vz3VCs2A9LzlnXKZ6bXljpd5dQfrmrSNXltPKA3jVLkWi8+
+rh9f1rAGsj1e6N1aVF2uJ1Y3u+U0XQ/dwa1vDF3y4KVObxYM9eNGbF4J8lGkUy2a
+gZ1s1X8QzEDUiJwEEAECAAYFAlSl5FAACgkQEolum6d/JCmUSQP+KEz6xSvPSbFP
+Hip4JiX1Wbvd+t3TyL0u9Fv/POwUrFIHVpTkCwOz6jsBH3TdGGiYOP5F8k/US2jU
+3WB0J1mK5Rn3GwLhUGNTEeuaJZCuKE+j3qwMFmDqC/2IxEvlWtrIbTqkgf7cRv/O
+O7VNv+EL0axtsrOcwZlUWe6Lc4571oaInAQQAQIABgUCVKXkUwAKCRDYqvDK9rMH
+KX7xBACUFTBRCmboY/GRTHMZW1DGfcO2vMxwnYKqWomuzi/YonDCWtoTpeMDaAhY
+NnIchC1mlYteIE94/+ZsoYsZeaR3fe7CN6h/deBu4tW/dQ+TW1ZPF6EuVhoviKgz
+rd3rb+gcS0f0PgSPyg5LGtoMGMD9/gx1NJOTFec83jmBI95Gb4icBBABAgAGBQJU
+peRXAAoJEJdDARhwk7hBAUED/0oyeD2Z4wMQ6IQEprOAWbR+vIRzaThemmCGobRw
+UlM44nUXqKSM1+naLEVz/JzBuKWG00zTz6Su3NesWoFzDDUGYcIJggbOm39Pc+V8
+eXV86An64/v3P6gypJc+q9P+FFGGO884wFmYN634Mi4SDBVFUzffcghueAFcxtzt
+0mH5iJwEEAECAAYFAlSl5FoACgkQHnuzyK+VliVGdwP/fmdK9MdWIzPD/6eYm6JZ
+zbksaGWiqpwgp9IEr/OhSmGkXuwUsP35PFJ8FsJbEV5x/y6pP3UNp6EFRN/116ue
+jp5vVM7nnj2K3V8f85J4dXCRbv+kek+Ufo1Qzm5kgvRuBxX1sXpxFX6yBM0Y6WuV
+gszdbTVNlS04q6bnPFE9L4uInAQQAQIABgUCVKXkXgAKCRBwoCRNHvmSUZ/7A/9W
+yQJrrdrs2SuYtoxov/pL/TVMejbnxsF8Y0dRtM/KiquP57PMQSmLqy4fTRzAMHBv
+XK1aKfewTVfGKLcHIzfMfv2XcPpWfwcyMeZKtcSr25lWl9GJZP221rCok76XYwqk
+BPPp0pjSwdy0Qq4sd3N3ESZmqAMWJ7ouMmlQ7VWReYicBBABAgAGBQJUpeRhAAoJ
+EMjV7SmV9hdxLv0EALX3yjI2KDNG1mo5ctCSYlIlhXHQ6csHuUK9lzj9R1gVEzDU
+0dEZH0+a5UXh5xf8nyTDLytUe8PxTtPit3AOP6TvTJlANULh/3MKS6317RwUe2e0
+OitWbhQAOYfpYAkSdXZACzPacxrefkxmSM3Pq+SYoumZTI2N6AvVu8MeCS0GiJwE
+EAECAAYFAlSl5GQACgkQIYPhsTlvB4mWJgP/XAlvlBityADJkdN+3mp/OtdYzw04
++dBdNtmLqWUiMZg6rPPHUQi7dfBKi95FFe2U8hxSRk8oLzSzmh/M/CP72mxKh4pi
+PbmEkmKHYlNdyfCCNqXdjkBXFAKXAes/4DaBlZwvLjPtrupEaW2eYdU8cSrdeGuv
+1PMLRPxRr3nPCb+InAQQAQIABgUCVKXkaAAKCRCJaWK4Z4wKA3ZVA/4iYD+xrYv0
+8I+0GZJRdEL5f7T97a7Vtf5xSxUhHDww4xC9gs8LzEGWZXoNaZEVl4j+63EnCIbY
+o4g+c4m81D5NWFqeJWhWpcyvejo9hfGM3ZK/XbiF+ZTzznU5YJclGaZ7t8TY8gcx
+GSWxUzxBJQcSEzAKKi286ielMAXocNx10oicBBABAgAGBQJUpeRrAAoJEDgi20fM
+N08tDkwD/2F5j5irsDw+MQyLKpfPv3GRJ5J3ebOPpLQkQ5T34+qeIw4LkcXW9OJA
+ohW47JLb7R8zwAlUoqmmNXtxTM0r0FlTYGPOVEnSEkMqqa3KR68B3jWAGXXdqig9
+yBxYRleawQ4ltnegBn8q7gC4MwnIAZxzK+Y8cM0Rk/FjC9+NhwrviJwEEAECAAYF
+AlSl5G8ACgkQnBy94uNcVjUfvgQAlQijnoE3de1CanB0JqIN+h+XOLOpalFti+B7
+Swc2ZlnlQ9mofYPK5UHlbsiC7/TilD6xm4YEFKim9sOIMi8FNka8+EH+/d1DmS4M
+qVPDssxTG6VOzn7tYOuC9qIw15IpfbHW2bk/YIImwP9nViKCMLIGw+ZgK+uiRQx9
+fT8O1NqInAQQAQIABgUCVKXkcgAKCRBvUpPYo5umVYKeA/9n63K1nF3DNY3Hckvz
+tN8OrPmyCIOh+7t4sc5NHhTK0+BQTv+cgG6ig7K2cdI6VBAovs/c/u7+RrcMhp7l
+45AVnycfKcNaMHKFyMHDk9FZgpRG/bv1zwDxdh+scUc3IekqkSiQ2wTjDQ5Q/BMK
+L5zfOSnTOoltWjpVgsjdM75Ol4icBBABAgAGBQJUpeR2AAoJEO9YlmTUMuGd8R0D
+/3mhriMu/cp3DXHnlDykqLJI1q5K4xCHOWwFYZ8DxW116AVjluJYYW1HmWcJrjK3
+cwuN3FUcsIjafanIJWCsdeZaPAyFEfUBEW0YXIIpBXRw2N7jNtrd5X6Zjptd+zW+
+4dUzvT1pqVtdPHjova3fcGLSmcdZYbddotaGi7xi7kXviJwEEAECAAYFAlSl5HoA
+CgkQwZwdJRLTRh0iwwP/Y/pwp9ttAMuQUz6oH71BTkUrzu9LiI7vhrYxEquFdzCO
+dE4jBNB3LGfwzjhJRtjmQ/gVhjXWWrDYnOXt3gNxb9KzmTHmSDu65cBxX54Un0pZ
++MXjjWOT2l8+GA1lXeICIoZjJL88/zEZAiaH67ch2LEix1fOaJmXJzUSmP1pR3KI
+nAQQAQIABgUCVKXkfgAKCRDAKcpAFvTM6XVwA/9Eb+Dwn2lmEFFo64gj8ocpWzP8
+/sD86PP5KkZ+b/HQnGB3lsQTwsGytDvJfutLDa05sS/HWZ9wXPltX/G3omp/A1G5
+qEKzVSe0vEWedpf9wn82Ll6hzaiS5qX7r0+FpyUjY8arNrze5S4Q6Q2kjl8YduXl
+wG877igRHkGpAtApxYhGBBARAgAGBQJUpeSHAAoJEBj1A4AkwngCRCMAnjHfd5db
+KK6DJxrWVnEbyXs/QJGKAJsErKkiUX55B8k/P3cyzyXIaOujBYicBBABAgAGBQJU
+peSOAAoJEHxLZ22gDhVjCDQD/j7DE5wyhpjHrtf0hsQcaQoVHWZb2JTLZUMRAQyj
+zKMTSs0GslamlxLZmyV1HqkB+41zuJeBQtRV4gjqa5DQmWDRC2mHl7o9A40v4SDa
+O1jmfU5hfJSMecucPyEcfaAG4BIMvBo6TL484uHBi45SN4Ik3f2wc6D1XOluD1vB
+gIwpiJwEEAECAAYFAlSl5JMACgkQ1uCh/k++Kt2s6gP/RNcMKtx4u61vz+Aji/Fa
+H9q03JxQaRgmN1q2AvZQ/NTWTXU7Y5GnH4kW/8rOoUQiR+agJsvTt4ciM+y33pZ/
+ZZLkAuo0uKelEHhdQhtRbSktKBHSgDWbiqaJJIxazeLpxcSgaoM6RW/7aIFdMtEl
+ALAzTACYlTN/nKWWICn8GnGIRgQQEQIABgUCVKXkmAAKCRAh+cW892qb9aWOAKCg
+aznvUX8PIvKPzoHld39xWlJ+FgCg76wrEc1h9IiIgUoqH5NWVCxcHneInAQQAQIA
+BgUCVKXkngAKCRC92o/WP+p9/ancA/0Z4JHZT7NRBMr47zQvSwE4eLpSE5QDGXi7
+RNmOUgZxrxsFWRZLJCVupXDBQVZEhOBRZYqXPw1eDglOU952oj5OjaHsYnSEu7jz
+VUwlp2BxZQ3mnepdUcQz1A3k2cPZ0I6KFP9hP88GU+77nubB7IqRH/Q3QKMgO0eW
+yd5kYugyYYkBHAQQAQIABgUCVKXkpwAKCRC9J20ub8+ohR46CADMEvAns+L+BkVN
+d9INsiR1rONrNRPT6w4dnBeTLaykkuMjc6+7s+UuXm6AMAelI28pG+fJyt/lZAGx
+QLS9zFgREge0lVbOZVeAYeC1YyFsrJE4Lr2quq3fajj23tnsHmCv16znMHrh/E1m
+Udm4145NprijrZn+PsjuVWYV+pxiLpLM0YBdGNwCEMi/KCQ1fcaiAZZWSqLmHIe0
+ubWDdqq8/5JRQ22SEnqP2FT/lfOmKTxMNmE0uEr4+C4fG2nd38BvzpHu9eN/4Nwx
+IwzK5DhbAj+I57+VDncgkNGe1q4QY/5LaZQh/nHIcmX1ln23f9Lxkr6EYYZ1ptq+
+A8buvD+XiQEcBBABAgAGBQJUp+zrAAoJEBCQryClqlvm6AgIAKAR8HY4G9AD2jDb
+ouS4Al4QICagwQ0Y7Rc2/fHyPQEAP714EimakPFVFDbSD6SW569Qtdxr+ggH4wFI
+bzd21pCgIUC6nVoDotIjplMdYkNfq8AODpxn3HTBnNQ7e609xnWxFo/+httKoWok
+fEP9qZk4MJq7lE75iX+wohjLwoF6v0tCB8CrBFJcfKrDvXQSGvKiaEp4g0sEfyXv
+gL6X0xKMflupofdnFLJliV0WqGhBOGUghPdLsA02E3e1utj6WABmudMytRxWB8is
+SWGaywaEKLSdCgi+XlQVypKeWNMbZZZcftVZ91r4iNTAkw4cv5Wea+YnngfurGCq
+J/jUq7aJAiIEEgEKAAwFAlSn7r4FgweGH4AACgkQZhs61tgqu9C9Aw/+JMTXzwni
+NPwBxkbcNWbnWODVEElmDloHNpr3z+ryF1XNgbiOY8dn7uwRnPoeCDhIDwvNkK+x
+h4xmjH0970v1ltbzcZv0wnK6UeHQssqN9NGsXM9rbodYRIam4yxbwd1ddOC9QZFM
+ToRVWiqCzGOVYL50a24OYKClGjm4ncRznXJrNwYMEjxQ3j5FOkXIn0096z3szWCY
+6yDpPzOsl2TPwdjMKZWoMEDh/SvY3AxAXo1XqDCj2/+C8dDwO7kn+QAl3fUGmkI6
+dUHCAJm/WtSyvINdphzhZ1ZdkPhqDUKcR0JTX03QJ6bnu5vmmOncWm2NA7rP74fq
+KE9XzT808xP0GBwR1co7Eq+/751j2TA33JSlt/hIgi5aEWc4laCingJ02yaW8tUS
+DCoVNITaXcF/B47hjBgovQk8TOTsQ0nkSYvOoh05OYBmzl17G57QuPx1stRJ29QA
+VLGem1v1mXAuNdHH0kNE+/Rv0A2vGqauLx9ba84RfbXMM4SJw8CjhX6OxhAM8xoU
+tO6T56XZS8qLtWLkNQNZNdNlAo6tYk/cTrjdX1M63nYjoVbuc0nic6Wp+dQk/DEb
+wsiIpFoisvMK6EH49v70/c9Gtg6rk5z2yBHMZsjo2Y0TheTKwKIUEz0MuTncH8jD
+yB/NtQkrbiBdEqRJUoKKUtS0B4cUYTUyd+SJAhwEEAEKAAYFAlSn8agACgkQ8Ar2
+6sJF0gs2yA//cgc+g1wPRFzJeQGv5UFR3TCAMtS+/bzY3UU/eG2Jmbv2qwPbn+kx
+RH5dYlZ72VHXEggBaEweCBrBWsweX5dGEMNDLNlI9ArAjjhBAZFFUQKj55EzIZpp
+YTbvgxOD2ENKU2HfeQYCGFYZr3L2DXQ1k0U7VnaElBQV3o88CMi7bIsQq2aWk+c6
+Cy15UVr0niVLm95EUZM4yYm2gOGJXUeaGIExSBtiwuzvAiDEGaqfPGAi1ePkNmLJ
+3UzYfgiQumSh1kDVlQkCc8UQiF6ckEma618cmmaHs5vZvHsTX5O2/qPkLpXunA/7
+5yM/Jde8a5VbNGWyZ4rmstlWR5rPd7r3uP85miHn7Arait3aGo8RQeAHzOdTvMqS
+n3oCotQlOvBhOo7qA8oYQVlU0+77gOfZZeEXDZG13lU95ptFhdsGstIQH67jPQ6z
+TpVnd28ip92ysrwvxPhOzO74yKcYoKtzwLctcvptlKTkrFMHP3wJwqbaSfJGK4JE
+rjT8WnnWyHY465nTDN9AKkoH4WQNozniWX8OkF3CpPj7ow8roFXlPOxXH4QsaQu3
+Kk31APn/A925d4xyYuWYHZ7A/FzsHafFHPMoG3iwZyuFhfl1UXVvEd8w9mEcxXoh
+2iCy87TdpesG0GDzSmWwEYEPkg20BD2+vdc0EekALDjAGM+lfBxN67KIRgQQEQIA
+BgUCVKgM0gAKCRAJp6JK0eWCB94UAJ98O6S6r1hFnCLrbU3GeqrA4DCtBQCfcza/
+WoVLc3/+bOf1jzjJ/eJ20IyJAiIEEwEKAAwFAlSoCRMFgweGH4AACgkQhS2G+DXA
+JIrWURAAvgl1LkqB9pRPViK1U+xa3b5zt0O/fLbov59aLhA4uPJ10BgaKptflLim
+aE2EsS4Mnk0DQgGEBjlywJ5Ft3aMk3vbRz7lDE3zQ3oWa7+N4fcG7WWsAxmh0NtX
+Ak7orN6rQcyGgWgpF7wOau79i4VO7oLHKeS7QNs7X59CW+k64TAJabxi74PRoVMz
+843qWPjsuFIYM7n/nF0vdECwhSE8zUgcYG2n5CdA0Lq7XRE+II11VOT2XEXFMyR/
+Qh2m7l+jy12MEzHQfGC1HYBo/Zi/MRIN53Rd2LLJWQdMxz/BDiuSxZhKVeCRe7gT
+Mc2k3VrmfViBoaUE0zqMbx0j29XUbNQNU3afE8MOBkmyd6AQjoswBEsgU9uyCJYD
+Jq3V1stwSVBm9G7X/l8GFlPawLg/uM9gTYb2JYUYPlphTAwVcL469rKQNMhPj2ww
+zT7NzjwFb9XrmyiIrqH5z2ieG+LRjajOPVPwBsqZ3gOA+z9QkU1lRYEJOTlEYCkv
+8oA6ZeFm31S4JoeogbCDaMiqDszkFtYGBUgGEbnHoCgXi7aINSb17VZ8LTzpD4V9
+vGdFVuE3vJf2POMERP+buLV8OiG38cBJXb+JVSC+pkpm+32nY0UR5ccDPwAC3cGq
+SbI6ftKlQeaYp3UEncFUaB8NNZings3jzRexPjzUzo0vhRkkIs2InAQQAQIABgUC
+VKg5iQAKCRBfHshviAyeVbEVBACL9Vve0dF0UqO+DN4PzrTOx2JzRw7ujhcrZ6I/
+TCXjANGLWUheylRWhvxMojvbhZEg2835+9l6tpD7BVnrfkBE+LYIKFTusye+WYre
+dAaHFpuN6XfmsXmhXaSodhH9gKS+oftYX61qUmiE7L98nvINNBMnFVkptCQVDl8o
+GWiMRYhGBBMRAgAGBQJUqBAmAAoJEMSxB5iFeWojCtoAoLa2/SUyfC5EiKdvEbap
+49v6XPyxAJ9mPvhe75aTOU7uWoa+c0wn6fXIcrkBDQRUpeK0AQgA7ctg3cJD4eTw
+j4sQ94AtSYjwT+Yp7r2s6h4cHUge6AMZy9ixtyg87JnviRFob2zeo2JFDAwtl7Zs
+GHo+py/mJwfQKmUsXUmQqgHJFXDiiux+4+dYOXZyVYKP5bTV0JVlKjRjSWNnh7Bv
+yZNUZlrLz5ZKF1NAYKJAw4fx3TFbC4K3hvDwHQW3croPQYq0wNq6as956LHYjUOB
+Q5K0uy4TXY2EcIyAy253UX9MAFgacuP1jf3ITEVZpcebzl+gcaB54gXqOfmgQQP5
+PmQDyb96ZxFsKa5UfsS3Kh0PeERa5TDlgiw55O55pUSGKKfYfOXvqpJ/ZKYl+ado
+wgsmbq09UwARAQABiQEfBBgBAgAJBQJUpeK0AhsMAAoJEKr1td4FvcxTNO0IAJ2b
+V48mulcdCS8G3t8qRHlEXGbxgYBQRa500M9fdgRyIWBxubP7r6/nLFDGiIpdUVmT
+g9F3r1JsyK6Q7+VUp9XLirj/gT1kwxXT/UHHIQO8ObtPbfFtqISaBjaklTOUPCud
++nOpzRIfct6CZM0xAVIoqm4kaRFaWefxRiyeosDQ7tCD4lDRwxNJE2deE1WmOeN1
+YCJHa8QaewJXtUvqMq6pRmTlzSn+5/w3gV3XVF+CHjGD/COeSm7CGazLmlypN4n8
+ib9eRg0K2rAqKfUbn+aFwmqSBhBcw/UhOoXnteNQvd9KNdKiHERJEI3qZ2rLAlYf
+uYT6oSAR9rPSpsZpyTI=
+=Jib4
+-----END PGP PUBLIC KEY BLOCK-----
+
+
 Type Bits KeyID      Created    Expires    Algorithm       Use
 pub  2048 E2763A73   2014-01-02 -------    RSA             Sign & Encrypt
 fingerprint: 49F6 A8BE 8473 3949 5191  6F3B 61DE 11EC E276 3A73
@@ -2613,4 +2792,3 @@ DnF3FZZEzV7oqPwC2jzv/1dD6GFhtgy0cnyoPGUJ
 =nES8
 -----END PGP PUBLIC KEY BLOCK-----
 
-$Revision: 8.46 $, Last updated $Date: 2014-01-18 00:20:24 $

Modified: stable/8/contrib/sendmail/README
==============================================================================
--- stable/8/contrib/sendmail/README	Sat Jul 11 03:42:01 2015	(r285373)
+++ stable/8/contrib/sendmail/README	Sat Jul 11 03:46:36 2015	(r285374)
@@ -211,29 +211,11 @@ There are other files you should read.  
 +--------------+
 
 There are several related RFCs that you may wish to read -- they are
-available via anonymous FTP to several sites.  For a list of the
-primary repositories see:
-
-	http://www.isi.edu/in-notes/rfc-retrieval.txt
-
-They are also online at:
+available from several sites, see
 
+	http://www.rfc-editor.org/
 	http://www.ietf.org/
 
-They can also be retrieved via electronic mail by sending
-email to one of:
-
-	mail-server@nisc.sri.com
-		Put "send rfcNNN" in message body
-	nis-info@nis.nsf.net
-		Put "send RFCnnn.TXT-1" in message body
-	sendrfc@jvnc.net
-		Put "RFCnnn" as Subject: line
-
-For further instructions see:
-
-	http://www.isi.edu/in-notes/rfc-editor/rfc-info
-
 Important RFCs for electronic mail are:
 
 	RFC821	SMTP protocol

Modified: stable/8/contrib/sendmail/RELEASE_NOTES
==============================================================================
--- stable/8/contrib/sendmail/RELEASE_NOTES	Sat Jul 11 03:42:01 2015	(r285373)
+++ stable/8/contrib/sendmail/RELEASE_NOTES	Sat Jul 11 03:46:36 2015	(r285374)
@@ -5,6 +5,165 @@ This listing shows the version of the se
 of the sendmail configuration files, the date of release, and a
 summary of the changes in that release.
 
+8.15.2/8.15.2	2015/07/03
+	If FEATURE(`nopercenthack') is used then some bogus input triggered
+		a recursion which was caught and logged as
+		SYSERR: rewrite: excessive recursion (max 50) ...
+		Fix based on patch from Ondrej Holas.
+	DHParameters now by default uses an included 2048 bit prime.
+		The value 'none' previously caused a log entry claiming
+		there was an error "cannot read or set DH parameters".
+		Also note that this option applies to the server side only.
+	The U= mailer field didn't accept group names containing hyphens,
+		underbars, or periods.  Based on patch from David Gwynne
+		of the University of Queensland.
+	CONFIG: Allow connections from IPv6:0:0:0:0:0:0:0:1 to relay again.
+		Patch from Lars-Johan Liman of Netnod Internet Exchange.
+	CONFIG: New option UseCompressedIPv6Addresses to select between
+		compressed and uncompressed IPv6 addresses.  The default
+		value depends on the compile-time option IPV6_FULL:
+		For 1 the default is False, for 0 it is True, thus
+		preserving the current behaviour.  Based on patch from
+		John Beck of Oracle.
+	CONFIG: Account for IPv6 localhost addresses in
+		FEATURE(`block_bad_helo').  Suggested by Andrey Chernov
+		from FreeBSD and Robert Scheck from the Fedora Project.
+	CONFIG: Account for IPv6 localhost addresses in check_mail ruleset.
+	LIBMILTER: Deal with more invalid protocol data to avoid potential
+		crashes.  Problem noted by Dimitri Kirchner.
+	LIBMILTER: Allow a milter to specify an empty macro list ("", not
+		NULL) in smfi_setsymlist() so no macro is sent for the
+		selected stage.
+	MAKEMAP: A change to check TrustedUser in fewer cases which was
+		made in 2013 caused a potential regression when makemap
+		was run as root (which should not be done anyway).
+	Note: sendmail often contains options "For Future Releases"
+		(prefix _FFR_) which might be enabled in a subsequent
+		version or might simply be removed as they turned out not
+		to be really useful.  These features are usually not
+		documented but if they are, then the required (FFR)
+		options are listed in
+		- doc/op/op.* for rulesets and macros,
+		- cf/README for mc/cf options.
+
+8.15.1/8.15.1	2014/12/06
+	SECURITY: Properly set the close-on-exec flag for file descriptors
+		(except stdin, stdout, and stderr) before executing mailers.
+	If header rewriting fails due to a temporary map lookup failure,
+		queue the mail for later retry instead of sending it
+		without rewriting the header.  Note: this is done
+		while the mail is being sent and hence the transaction
+		is aborted, which only works for SMTP/LMTP mailers
+		hence the handling of temporary map failures is
+		suppressed for other mailers. SMTP/LMTP servers may
+		complain about aborted transactions when this problem
+		occurs.
+		See also "DNS Lookups" in sendmail/TUNING.
+	Incompatible Change: Use uncompressed IPv6 addresses by default,
+		i.e., they will not contain "::".  For example,
+		instead of ::1 it will be 0:0:0:0:0:0:0:1.  This
+		permits a zero subnet to have a more specific match,
+		such as different map entries for IPv6:0:0 vs IPv6:0.
+		This change requires that configuration data
+		(including maps, files, classes, custom ruleset,
+		etc) must use the same format, so make certain such
+		configuration data is updated before using 8.15.
+		As a very simple check search for patterns like
+		'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. If necessary,
+		the prior format can be retained by compiling with:
+		APPENDDEF(`conf_sendmail_ENVDEF', `-DIPV6_FULL=0')
+		in your devtools/Site/site.config.m4 file.
+	If debugging is turned on (-d0.14) also print the OpenSSL
+		versions, both build time and run time
+		(provided STARTTLS is compiled in).
+	If a connection to the MTA is dropped by the client before its
+		hostname can be validated, treat it as "may be forged",
+		so that the unvalidated hostname is not passed to a
+		milter in xxfi_connect().
+	Add a timeout for communication with socket map servers
+		which can be specified using the -d option.
+	Add a compile time option HESIOD_ALLOW_NUMERIC_LOGIN to allow
+		numeric logins even if HESIOD is enabled.
+	The new option CertFingerprintAlgorithm specifies the finger-
+		print algorithm (digest) to use for the presented cert.
+		If the option is not set, md5 is used and the macro
+		{cert_md5} contains the cert fingerprint.
+		However, if the option is set, the specified algorithm
+		(e.g., sha1) is used and the macro {cert_fp} contains
+		the cert fingerprint.
+		That is, as long as the option is not set, the behaviour
+		does not change, but otherwise, {cert_md5} is superseded
+		by {cert_fp} even if you set CertFingerprintAlgorithm
+		to md5.
+	The options ServerSSLOptions and ClientSSLOptions can be used
+		to set SSL options for the server and client side
+		respectively. See SSL_CTX_set_options(3) for a list.
+		Note: this change turns on SSL_OP_NO_SSLv2 and
+		SSL_OP_NO_TICKET for the client. See doc/op/op.me
+		for details.
+	The option CipherList sets the list of ciphers for STARTTLS.
+		See ciphers(1) for possible values.
+	Do not log "STARTTLS: internal error: tls_verify_cb: ssl == NULL"
+		if a CRLFfile is in use (and LogLevel is 14 or higher.)
+	Store a more specific TLS protocol version in ${tls_version}
+		instead of a generic one, e.g., TLSv1 instead of
+		TLSv1/SSLv3.
+	Properly set {client_port} value on little endian machines.
+		Patch from Kelsey Cummings of Sonic.net.
+	Per RFC 3848, indicate in the Received: header whether SSL or
+		SMTP AUTH was negotiated by setting the protocol clause
+		to ESMTPS, ESMTPA, or ESMTPSA instead of ESMTP.
+	If the 'C' flag is listed as TLSSrvOptions the requirement for the
+		TLS server to have a cert is removed.  This only works
+		under very specific circumstances and should only be used
+		if the consequences are understood, e.g., clients
+		may not work with a server using this.
+	The options ClientCertFile, ClientKeyFile, ServerCertFile, and
+		ServerKeyFile can take a second file name, which must be
+		separated from the first with a comma (note: do not use
+		any spaces) to set up a second cert/key pair. This can
+		be used to have certs of different types, e.g., RSA
+		and DSA.
+	A new map type "arpa" is available to reverse an IP (IPv4 or IPv6)
+		address. It returns the string for the PTR lookup, but
+		without trailing {ip6,in-addr}.arpa.
+	New operation mode  'C' just checks the configuration file, e.g.,
+		sendmail -C new.cf -bC
+		will perform a basic syntax/consistency check of new.cf.
+	The mailer flag 'I' is deprecated and will be removed in a
+		future version.
+	Allow local (not just TCP) socket connections to the server, e.g.,
+		O DaemonPortOptions=Family=local, Addr=/var/mta/server.sock
+		can be used.
+	If the new option MaxQueueAge is set to a value greater than zero,
+		entries in the queue will be retried during a queue run
+		only if the individual retry time has been reached which
+		is doubled for each attempt.  The maximum retry time is
+		limited by the specified value.
+	New DontBlameSendmail option GroupReadableDefaultAuthInfoFile
+		to relax requirement for DefaultAuthInfo file.
+	Reset timeout after receiving a message to appropriate value if
+		STARTTLS is in use.  Based on patch by Kelsey Cummings
+		of Sonic.net.
+	Report correct error messages from the LDAP library for a range of
+		small negative return values covering those used by OpenLDAP.
+	Fix compilation with Berkeley DB 5.0 and 6.0.  Patch from
+		Allan E Johannesen of Worcester Polytechnic Institute.
+	CONFIG: FEATURE(`nopercenthack') takes one parameter: reject or
+		nospecial which describes whether to disallow "%" in the
+		local part of an address.
+	DEVTOOLS: Fix regression in auto-detection of libraries when only
+		shared libraries are available.  Problem reported by
+		Bryan Costales.
+	LIBMILTER: Mark communication socket as close-on-exec in case
+		a user's filter starts other applications.
+		Based on patch from Paul Howarth.
+	Portability:
+		SunOS 5.12 has changed the API for sigwait(2) to conform
+		with XPG7.  Based on patch from Roger Faulkner of Oracle.
+	Deleted Files:
+		libsm/path.c
+
 8.14.9/8.14.9	2014/05/21
 	SECURITY: Properly set the close-on-exec flag for file descriptors
 		(except stdin, stdout, and stderr) before executing mailers.
@@ -681,7 +840,7 @@ summary of the changes in that release.
 	LIBMILTER: The "hostname" argument of the xxfi_connect() callback
 		previously was the equivalent of {client_ptr}.  However,
 		this did not match the documentation of the function, hence
-		it has been changed to {client_name}.  See doc/op/op.*
+		it has been changed to {client_name}.  See doc/op/op.me
 		about these macros.
 
 8.13.7/8.13.7	2006/06/14
@@ -3509,11 +3668,11 @@ summary of the changes in that release.
 	Add new STARTTLS related options CACERTPath, CACERTFile,
 		ClientCertFile, ClientKeyFile, DHParameters, RandFile,
 		ServerCertFile, and ServerKeyFile.  These are documented in
-		cf/README and doc/op/op.*.
+		cf/README and doc/op/op.me.
 	New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
 		${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
 		${server_name}, and ${server_addr}.  These are documented
-		in cf/README and doc/op/op.*.
+		in cf/README and doc/op/op.me.
 	Add support for the Entropy Gathering Daemon (EGD) for better
 		random data.
 	New DontBlameSendmail option InsufficientEntropy for systems which

Modified: stable/8/contrib/sendmail/cf/README
==============================================================================
--- stable/8/contrib/sendmail/cf/README	Sat Jul 11 03:42:01 2015	(r285373)
+++ stable/8/contrib/sendmail/cf/README	Sat Jul 11 03:46:36 2015	(r285374)
@@ -158,6 +158,26 @@ FEATURE(`local_procmail').
 *******************************************************************
 
 
+Note:
+Some rulesets, features, and options are only useful if the sendmail
+binary has been compiled with the appropriate options, e.g., the
+ruleset tls_server is only invoked if sendmail has been compiled
+with STARTTLS. This is usually obvious from the context and hence
+not further specified here.
+There are also so called "For Future Releases" (FFR) compile time
+options which might be included in a subsequent version or might
+simply be removed as they turned out not to be really useful.
+These are generally not documented but if they are, then the required
+compile time options are listed in doc/op/op.* for rulesets and
+macros, and for mc/cf specific options they are usually listed here.
+In addition to compile time options for the sendmail binary, there
+can also be FFRs for mc/cf which in general can be enabled when the
+configuration file is generated by defining them at the top of your
+.mc file:
+
+define(`_FFR_NAME_HERE', 1)
+
+
 +----------------------------+
 | A BRIEF INTRODUCTION TO M4 |
 +----------------------------+
@@ -397,6 +417,10 @@ SMTP_MAILER_CHARSET	[undefined] If defin
 			that ARRIVE from an address that resolves to one of
 			the SMTP mailers and which are converted to MIME will
 			be labeled with this character set.
+RELAY_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
+			that ARRIVE from an address that resolves to the
+			relay mailers and which are converted to MIME will
+			be labeled with this character set.
 SMTP_MAILER_LL		[990] The maximum line length for SMTP mailers
 			(except the relay mailer).
 RELAY_MAILER_LL		[2040] The maximum line length for the relay mailer.
@@ -743,6 +767,16 @@ nouucp		Don't route UUCP addresses.  Thi
 		2. don't remove "!" from OperatorChars if `reject' is
 		given as parameter.
 
+nopercenthack	Don't treat % as routing character.  This feature takes one
+		parameter:
+		`reject': reject addresses which have % in the local
+			part unless it originates from a system
+			that is allowed to relay.
+		`nospecial': don't do anything special with %.
+		Warnings: 1. See the notice in the anti-spam section.
+		2. Don't remove % from OperatorChars if `reject' is
+		given as parameter.
+
 nocanonify	Don't pass addresses to $[ ... $] for canonification
 		by default, i.e., host/domain names are considered canonical,
 		except for unqualified names, which must not be used in this
@@ -1441,7 +1475,7 @@ msp		Defines config file for Message Sub
 		by default.  If you have a machine with IPv6 only,
 		change it to
 
-			FEATURE(`msp', `[IPv6:::1]')
+			FEATURE(`msp', `[IPv6:0:0:0:0:0:0:0:1]')
 
 		If you want to continue using '[localhost]', (the behavior
 		up to 8.12.6), use
@@ -1499,8 +1533,12 @@ block_bad_helo	Reject messages from SMTP
 		- connections from IP addresses in class $={R}.
 		Currently access_db lookups can not be used to
 		(selectively) disable this test, moreover,
+
 		FEATURE(`delay_checks')
-		is required.
+
+		is required.  Note, the block_bad_helo feature automatically
+		adds the IPv6 and IPv4 localhost IP addresses to $={w} (local
+		host names) and $={R} (relay permitted).
 
 require_rdns	Reject mail from connecting SMTP clients without proper
 		rDNS (reverse DNS), functional gethostbyaddr() resolution.
@@ -2442,17 +2480,19 @@ should only be used for sites which have
 that they provide a gateway for.  Use this FEATURE with caution as it
 can allow spammers to relay through your server if not setup properly.
 
-NOTICE: It is possible to relay mail through a system which the anti-relay
-rules do not prevent: the case of a system that does use FEATURE(`nouucp',
-`nospecial') (system A) and relays local messages to a mail hub (e.g., via
-LOCAL_RELAY or LUSER_RELAY) (system B).  If system B doesn't use
-FEATURE(`nouucp') at all, addresses of the form
-<example.net!user@local.host> would be relayed to <user@example.net>.
-System A doesn't recognize `!' as an address separator and therefore
-forwards it to the mail hub which in turns relays it because it came from
-a trusted local host.  So if a mailserver allows UUCP (bang-format)
-addresses, all systems from which it allows relaying should do the same
-or reject those addresses.
+NOTICE: It is possible to relay mail through a system which the
+anti-relay rules do not prevent: the case of a system that does use
+FEATURE(`nouucp', `nospecial') / FEATURE(`nopercenthack', `nospecial')
+(system A) and relays local messages to a mail hub (e.g., via
+LOCAL_RELAY or LUSER_RELAY) (system B).  If system B doesn't use the
+same feature (nouucp / nopercenthack) at all, addresses of the form
+<example.net!user@local.host> / <user%example.net@local.host>
+would be relayed to <user@example.net>.
+System A doesn't recognize `!' / `%' as an address separator and
+therefore forwards it to the mail hub which in turns relays it
+because it came from a trusted local host.  So if a mailserver
+allows UUCP (bang-format) / %-hack addresses, all systems from which
+it allows relaying should do the same or reject those addresses.
 
 As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
 an unresolvable domain (i.e., one that DNS, your local name service,
@@ -3160,17 +3200,49 @@ TLS_Clt:laptop.example.com      PERM+VER
 TLS_Rcpt:darth@endmail.org	ENCR:112+CN:smtp.endmail.org
 
 
-Disabling STARTTLS And Setting SMTP Server Features
----------------------------------------------------
+TLS Options per Session
+-----------------------
 
 By default STARTTLS is used whenever possible.  However, there are
-some broken MTAs that don't properly implement STARTTLS.  To be able
-to send to (or receive from) those MTAs, the ruleset try_tls
-(srv_features) can be used that work together with the access map.
-Entries for the access map must be tagged with Try_TLS (Srv_Features)
-and refer to the hostname or IP address of the connecting system.
-A default case can be specified by using just the tag.  For example,
-the following entries in the access map:
+MTAs with STARTTLS interoperability issues.  To be able to send to
+(or receive from) those MTAs several features are available:
+
+1) Various TLS options be be set per IP/domain.
+2) STARTTLS can be turned off for specific IP addresses/domains.
+
+About 1): the rulesets tls_srv_features and tls_clt_features can
+be used to return a (semicolon separated) list of TLS related
+options:
+
+- Options: compare {Server,Client}SSLOptions.
+- CipherList: same as the global option.
+- CertFile, KeyFile: {Server,Client}{Cert,Key}File
+
+If FEATURE(`tls_session_features') is used, then default rulesets
+are activated which look up entries in the access map with the tags
+TLS_Srv_features and TLS_Clt_features, respectively.
+For example, these entries:
+
+	TLS_Srv_features:10.0.2.4	CipherList=MEDIUM+aRSA;
+	TLS_Clt_features:10.1.0.1	Options=SSL_OP_NO_TLSv1_2; CipherList=ALL:-EXPORT
+
+specify a cipherlist with MEDIUM strength ciphers that use RSA
+certificates only for the client with the IP address 10.0.2.4,
+and turn off TLSv1.2 when connecting to the server with the IP
+address 10.1.0.1 as well as setting a specific cipherlist.
+If FEATURE(`tls_session_features') is not used the user can provide
+their own rulesets which must return the appropriate data.
+If the rulesets are not defined or do not return a value, the
+default TLS options are not modified.
+(These rulesets require the sendmail binary to be built with
+_FFR_TLS_SE_OPTS enabled.)
+
+About 2): the ruleset try_tls (srv_features) can be used that work
+together with the access map.  Entries for the access map must be
+tagged with Try_TLS (Srv_Features) and refer to the hostname or IP
+address of the connecting system.  A default case can be specified
+by using just the tag.  For example, the following entries in the
+access map:
 
 	Try_TLS:broken.server	NO
 	Srv_Features:my.domain	v
@@ -3756,6 +3828,12 @@ confSINGLE_THREAD_DELIVERY  SingleThread
 					cached but otherwise idle connection
 					to a host will prevent other sendmails
 					from connecting to the other host.
+confUSE_COMPRESSED_IPV6_ADDRESSES
+			UseCompressedIPv6Addresses
+					[undefined] If set, use the compressed
+					form of IPv6 addresses, such as
+					IPV6:::1, instead of the uncompressed
+					form, such as IPv6:0:0:0:0:0:0:0:1.
 confUSE_ERRORS_TO*	UseErrorsTo	[False] Use the Errors-To: header to
 					deliver error messages.  This should
 					not be necessary because of general
@@ -3990,6 +4068,13 @@ confWORK_TIME_FACTOR	RetryFactor	[90000]
 confQUEUE_SORT_ORDER	QueueSortOrder	[Priority] Queue sort algorithm:
 					Priority, Host, Filename, Random,
 					Modification, or Time.
+confMAX_QUEUE_AGE	MaxQueueAge	[undefined] If set to a value greater
+					than zero, entries in the queue
+					will be retried during a queue run
+					only if the individual retry time
+					has been reached which is doubled
+					for each attempt.  The maximum retry
+					time is limited by the specified value.
 confMIN_QUEUE_AGE	MinQueueAge	[0] The minimum amount of time a job
 					must sit in the queue between queue
 					runs.  This allows you to set the
@@ -4208,7 +4293,7 @@ confAUTH_MECHANISMS	AuthMechanisms	[GSSA
 confAUTH_REALM		AuthRealm	[undefined] The authentication realm
 					that is passed to the Cyrus SASL
 					library.  If no realm is specified,
-					$j is used.
+					$j is used.  See KNOWNBUGS.
 confDEF_AUTH_INFO	DefaultAuthInfo	[undefined] Name of file that contains
 					authentication information for
 					outgoing connections.  This file must
@@ -4241,6 +4326,14 @@ confTLS_SRV_OPTIONS	TLSSrvOptions	If thi
 					verification is performed, i.e.,
 					the server doesn't ask for a
 					certificate.
+confSERVER_SSL_OPTIONS	ServerSSLOptions	[undefined] SSL related
+					options for server side.  See
+					SSL_CTX_set_options(3) for a list.
+confCLIENT_SSL_OPTIONS	ClientSSLOptions	[undefined] SSL related
+					options for client side. See
+					SSL_CTX_set_options(3) for a list.
+confCIPHER_LIST		CipherList	[undefined] Cipher list for TLS.
+					See ciphers(1) for possible values.
 confLDAP_DEFAULT_SPEC	LDAPDefaultSpec	[undefined] Default map
 					specification for LDAP maps.  The
 					value should only contain LDAP
@@ -4250,10 +4343,11 @@ confLDAP_DEFAULT_SPEC	LDAPDefaultSpec	[u
 					maps unless they are specified in
 					the individual map specification
 					('K' command).
-confCACERT_PATH		CACertPath	[undefined] Path to directory
-					with certs of CAs.
-confCACERT		CACertFile	[undefined] File containing one CA
-					cert.
+confCACERT_PATH		CACertPath	[undefined] Path to directory with
+					certificates of CAs which must contain
+					their hashes as filenames or links.
+confCACERT		CACertFile	[undefined] File containing at least
+					one CA certificate.
 confSERVER_CERT		ServerCertFile	[undefined] File containing the
 					cert of the server, i.e., this cert
 					is used when sendmail acts as
@@ -4281,6 +4375,10 @@ confRAND_FILE		RandFile	[undefined] File
 					requires this option if the compile
 					flag HASURANDOM is not set (see
 					sendmail/README).
+confCERT_FINGERPRINT_ALGORITHM	CertFingerprintAlgorithm
+					[undefined] The fingerprint algorithm
+					(digest) to use for the presented
+					cert.
 confNICE_QUEUE_RUN	NiceQueueRun	[undefined]  If set, the priority of
 					queue runners is set the given value
 					(nice(3)).

Modified: stable/8/contrib/sendmail/cf/cf/Makefile
==============================================================================
--- stable/8/contrib/sendmail/cf/cf/Makefile	Sat Jul 11 03:42:01 2015	(r285373)
+++ stable/8/contrib/sendmail/cf/cf/Makefile	Sat Jul 11 03:46:36 2015	(r285374)
@@ -100,6 +100,7 @@ M4FILES=\
 	${CFDIR}/feature/access_db.m4 \
 	${CFDIR}/feature/allmasquerade.m4 \
 	${CFDIR}/feature/always_add_domain.m4 \
+	${CFDIR}/feature/bcc.m4 \
 	${CFDIR}/feature/bestmx_is_local.m4 \
 	${CFDIR}/feature/bitdomain.m4 \
 	${CFDIR}/feature/blacklist_recipients.m4 \
@@ -118,9 +119,11 @@ M4FILES=\
 	${CFDIR}/feature/masquerade_envelope.m4 \
 	${CFDIR}/feature/no_default_msa.m4 \
 	${CFDIR}/feature/nocanonify.m4 \
+	${CFDIR}/feature/nopercenthack.m4 \
 	${CFDIR}/feature/notsticky.m4 \
 	${CFDIR}/feature/nouucp.m4 \
 	${CFDIR}/feature/nullclient.m4 \
+	${CFDIR}/feature/prefixmod.m4 \
 	${CFDIR}/feature/promiscuous_relay.m4 \
 	${CFDIR}/feature/redirect.m4 \
 	${CFDIR}/feature/ratecontrol.m4 \
@@ -131,12 +134,14 @@ M4FILES=\
 	${CFDIR}/feature/relay_mail_from.m4 \
 	${CFDIR}/feature/smrsh.m4 \
 	${CFDIR}/feature/stickyhost.m4 \
+	${CFDIR}/feature/tls_session_features.m4 \
 	${CFDIR}/feature/use_ct_file.m4 \
 	${CFDIR}/feature/use_cw_file.m4 \
 	${CFDIR}/feature/uucpdomain.m4 \
 	${CFDIR}/feature/virtuser_entire_domain.m4 \
 	${CFDIR}/feature/virtusertable.m4 \
 	${CFDIR}/hack/cssubdomain.m4 \
+	${CFDIR}/hack/xconnect.m4 \
 	${CFDIR}/m4/cf.m4 \
 	${CFDIR}/m4/cfhead.m4 \
 	${CFDIR}/m4/proto.m4 \

Modified: stable/8/contrib/sendmail/cf/cf/submit.cf
==============================================================================
--- stable/8/contrib/sendmail/cf/cf/submit.cf	Sat Jul 11 03:42:01 2015	(r285373)
+++ stable/8/contrib/sendmail/cf/cf/submit.cf	Sat Jul 11 03:46:36 2015	(r285374)
@@ -16,8 +16,8 @@
 #####
 #####		SENDMAIL CONFIGURATION FILE
 #####
-##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:52 PDT 2014
-##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf
+##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015
+##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf
 ##### using ../ as configuration include directory
 #####
 ######################################################################
@@ -114,7 +114,7 @@ D{MTAHost}[127.0.0.1]
 
 
 # Configuration version number
-DZ8.14.9/Submit
+DZ8.15.2/Submit
 
 
 ###############
@@ -202,6 +202,9 @@ O ConnectionCacheTimeout=5m
 # use Errors-To: header?
 O UseErrorsTo=False
 
+# use compressed IPv6 address format?
+#O UseCompressedIPv6Addresses
+
 # log level
 O LogLevel=9
 
@@ -251,6 +254,9 @@ O PrivacyOptions=goaway,noetrn,restrictq
 # minimum time in queue before retry
 #O MinQueueAge=30m
 
+# maximum time in queue before retry (if > 0; only for exponential delay)
+#O MaxQueueAge
+
 # how many jobs can you process in the queue?
 #O MaxQueueRunSize=0
 
@@ -501,6 +507,12 @@ O PidFile=/var/spool/clientmqueue/sm-cli
 # SMTP STARTTLS server options
 #O TLSSrvOptions
 
+# SSL cipherlist
+#O CipherList
+# server side SSL options
+#O ServerSSLOptions
+# client side SSL options
+#O ClientSSLOptions
 
 # Input mail filters
 #O InputMailFilters
@@ -524,6 +536,8 @@ O PidFile=/var/spool/clientmqueue/sm-cli
 #O DHParameters
 # Random data source (required for systems without /dev/urandom under OpenSSL)
 #O RandFile
+# fingerprint algorithm (digest) to use for the presented cert
+#O CertFingerprintAlgorithm
 
 # Maximum number of "useless" commands before slowing down
 #O MaxNOOPCommands=20
@@ -531,6 +545,8 @@ O PidFile=/var/spool/clientmqueue/sm-cli
 # Name to use for EHLO (defaults to $j)
 #O HeloName
 
+
+
 ############################
 # QUEUE GROUP DEFINITIONS  #
 ############################
@@ -645,6 +661,7 @@ R$- . $- :: $+		$@ $>Canonify2 $3 < @ $1
 # if we have % signs, take the rightmost one
 R$* % $*		$1 @ $2				First make them all @s.
 R$* @ $* @ $*		$1 % $2 @ $3			Undo all but the last.
+
 R$* @ $*		$@ $>Canonify2 $1 < @ $2 >	Insert < > and finish
 
 # else we must be a local name
@@ -781,6 +798,7 @@ R$* $=O $* < @ *LOCAL* >
 			$@ $>Parse0 $>canonify $1 $2 $3	...@*LOCAL* -> ...
 R$* < @ *LOCAL* >	$: $1
 
+
 #
 #  Parse1 -- the bottom half of ruleset 0.
 #
@@ -818,6 +836,8 @@ R$* < @$* > $*		$#esmtp $@ $2 $: $1 < @ 
 R$=L			$#local $: @ $1		special local names
 R$+			$#local $: $1			regular local names
 
+
+
 ###########################################################################
 ###   Ruleset 5 -- special rewriting after aliases have been expanded   ###
 ###########################################################################
@@ -1027,6 +1047,10 @@ R$* $| $*		$: $2
 R<@> < $* @ localhost >	$: < ? $&{client_name} > < $1 @ localhost >
 R<@> < $* @ [127.0.0.1] >
 			$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
+R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] >
+			$: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] >
+R<@> < $* @ [IPv6:::1] >
+			$: < ? $&{client_name} > < $1 @ [IPv6:::1] >
 R<@> < $* @ localhost.$m >
 			$: < ? $&{client_name} > < $1 @ localhost.$m >
 R<@> < $* @ localhost.UUCP >
@@ -1141,6 +1165,7 @@ R$*			$: $&{client_addr}
 R$@			$@ RELAY		originated locally
 R0			$@ RELAY		originated locally
 R127.0.0.1		$@ RELAY		originated locally
+RIPv6:0:0:0:0:0:0:0:1	$@ RELAY		originated locally
 RIPv6:::1		$@ RELAY		originated locally
 R$=R $*			$@ RELAY		relayable IP address
 R$*			$: [ $1 ]		put brackets around it...
@@ -1245,6 +1270,8 @@ STLS_connection
 RSOFTWARE	$#error $@ 4.7.0 $: "403 TLS handshake."
 
 
+
+
 ######################################################################
 ###  RelayTLS: allow relaying based on TLS authentication
 ###
@@ -1442,7 +1469,7 @@ Mrelay,		P=[IPC], F=mDFMuXa8k, S=EnvFrom
 ### submit.mc ###
 # divert(-1)
 # #

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507110346.t6B3kbM7096740>