From owner-svn-src-stable-8@freebsd.org Sat Jul 11 03:46:41 2015 Return-Path: Delivered-To: svn-src-stable-8@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C5402996F87; Sat, 11 Jul 2015 03:46:41 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AAA6FC3B; Sat, 11 Jul 2015 03:46:41 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6B3kfH4096756; Sat, 11 Jul 2015 03:46:41 GMT (envelope-from gshapiro@FreeBSD.org) Received: (from gshapiro@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6B3kbM7096740; Sat, 11 Jul 2015 03:46:37 GMT (envelope-from gshapiro@FreeBSD.org) Message-Id: <201507110346.t6B3kbM7096740@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gshapiro set sender to gshapiro@FreeBSD.org using -f From: Gregory Neil Shapiro Date: Sat, 11 Jul 2015 03:46:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r285374 - in stable/8/contrib/sendmail: . cf cf/cf cf/feature cf/hack cf/m4 contrib doc/op editmap include/sendmail include/sm libmilter libmilter/docs libsm libsmdb makemap src X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2015 03:46:42 -0000 Author: gshapiro Date: Sat Jul 11 03:46:36 2015 New Revision: 285374 URL: https://svnweb.freebsd.org/changeset/base/285374 Log: MFC: Merge sendmail 8.15.2 Added: stable/8/contrib/sendmail/cf/feature/bcc.m4 - copied unchanged from r285229, head/contrib/sendmail/cf/feature/bcc.m4 stable/8/contrib/sendmail/cf/feature/nopercenthack.m4 - copied unchanged from r285229, head/contrib/sendmail/cf/feature/nopercenthack.m4 stable/8/contrib/sendmail/cf/feature/prefixmod.m4 - copied unchanged from r285229, head/contrib/sendmail/cf/feature/prefixmod.m4 stable/8/contrib/sendmail/cf/feature/tls_session_features.m4 - copied unchanged from r285229, head/contrib/sendmail/cf/feature/tls_session_features.m4 stable/8/contrib/sendmail/cf/hack/xconnect.m4 - copied unchanged from r285229, head/contrib/sendmail/cf/hack/xconnect.m4 stable/8/contrib/sendmail/contrib/AuthRealm.p0 - copied unchanged from r285229, head/contrib/sendmail/contrib/AuthRealm.p0 Deleted: stable/8/contrib/sendmail/libsm/path.c Modified: stable/8/contrib/sendmail/CACerts stable/8/contrib/sendmail/FAQ stable/8/contrib/sendmail/INSTALL stable/8/contrib/sendmail/KNOWNBUGS stable/8/contrib/sendmail/PGPKEYS stable/8/contrib/sendmail/README stable/8/contrib/sendmail/RELEASE_NOTES stable/8/contrib/sendmail/cf/README stable/8/contrib/sendmail/cf/cf/Makefile stable/8/contrib/sendmail/cf/cf/submit.cf stable/8/contrib/sendmail/cf/cf/submit.mc stable/8/contrib/sendmail/cf/feature/block_bad_helo.m4 stable/8/contrib/sendmail/cf/feature/ldap_routing.m4 stable/8/contrib/sendmail/cf/m4/cfhead.m4 stable/8/contrib/sendmail/cf/m4/proto.m4 stable/8/contrib/sendmail/cf/m4/version.m4 stable/8/contrib/sendmail/doc/op/op.me stable/8/contrib/sendmail/editmap/editmap.c stable/8/contrib/sendmail/include/sendmail/sendmail.h stable/8/contrib/sendmail/include/sm/bdb.h stable/8/contrib/sendmail/include/sm/cdefs.h stable/8/contrib/sendmail/include/sm/conf.h stable/8/contrib/sendmail/include/sm/errstring.h stable/8/contrib/sendmail/include/sm/fdset.h stable/8/contrib/sendmail/libmilter/docs/smfi_setsymlist.html stable/8/contrib/sendmail/libmilter/engine.c stable/8/contrib/sendmail/libmilter/handler.c stable/8/contrib/sendmail/libmilter/listener.c stable/8/contrib/sendmail/libmilter/signal.c stable/8/contrib/sendmail/libmilter/smfi.c stable/8/contrib/sendmail/libmilter/worker.c stable/8/contrib/sendmail/libsm/Makefile.m4 stable/8/contrib/sendmail/libsm/errstring.c stable/8/contrib/sendmail/libsm/local.h stable/8/contrib/sendmail/libsm/mbdb.c stable/8/contrib/sendmail/libsm/refill.c stable/8/contrib/sendmail/libsm/stdio.c stable/8/contrib/sendmail/libsm/vfprintf.c stable/8/contrib/sendmail/libsmdb/smdb.c stable/8/contrib/sendmail/makemap/makemap.c stable/8/contrib/sendmail/src/README stable/8/contrib/sendmail/src/TRACEFLAGS stable/8/contrib/sendmail/src/TUNING stable/8/contrib/sendmail/src/bf.c stable/8/contrib/sendmail/src/collect.c stable/8/contrib/sendmail/src/conf.c stable/8/contrib/sendmail/src/daemon.c stable/8/contrib/sendmail/src/deliver.c stable/8/contrib/sendmail/src/envelope.c stable/8/contrib/sendmail/src/err.c stable/8/contrib/sendmail/src/headers.c stable/8/contrib/sendmail/src/main.c stable/8/contrib/sendmail/src/map.c stable/8/contrib/sendmail/src/mci.c stable/8/contrib/sendmail/src/milter.c stable/8/contrib/sendmail/src/parseaddr.c stable/8/contrib/sendmail/src/queue.c stable/8/contrib/sendmail/src/readcf.c stable/8/contrib/sendmail/src/recipient.c stable/8/contrib/sendmail/src/savemail.c stable/8/contrib/sendmail/src/sendmail.8 stable/8/contrib/sendmail/src/sendmail.h stable/8/contrib/sendmail/src/sfsasl.c stable/8/contrib/sendmail/src/sm_resolve.c stable/8/contrib/sendmail/src/srvrsmtp.c stable/8/contrib/sendmail/src/tls.c stable/8/contrib/sendmail/src/usersmtp.c stable/8/contrib/sendmail/src/util.c stable/8/contrib/sendmail/src/version.c Directory Properties: stable/8/contrib/sendmail/ (props changed) Modified: stable/8/contrib/sendmail/CACerts ============================================================================== --- stable/8/contrib/sendmail/CACerts Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/CACerts Sat Jul 11 03:46:36 2015 (r285374) @@ -10,6 +10,102 @@ Certificate: Data: Version: 3 (0x2) Serial Number: + 92:91:67:de:e0:ef:2c:e4 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org + Validity + Not Before: Mar 2 19:15:29 2015 GMT + Not After : Mar 1 19:15:29 2018 GMT + Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b9:1a:a1:56:ce:cb:16:af:4f:96:ba:2a:70:31: + 70:d3:86:6c:7a:46:26:47:42:3f:de:49:57:3e:08: + 1e:10:25:bf:06:8f:ca:fd:f4:5e:6a:01:7d:31:4d: + 50:88:18:43:71:66:65:42:9c:90:97:0d:95:f2:14: + ef:d7:5e:77:ef:7d:b5:49:3f:02:bb:83:20:f7:e6: + fc:9a:cd:13:df:60:41:28:8e:39:07:a6:a4:40:98: + 15:1e:46:b6:04:2e:f9:ab:32:d1:8b:fe:52:81:f1: + d2:e1:c3:cf:bf:ab:40:a7:f0:e4:e5:a2:82:37:30: + 8c:10:7d:aa:a8:7c:7e:76:cc:5f:1a:24:d0:8c:94: + f6:f2:7f:4a:be:2f:38:67:c0:06:e6:9e:51:ad:55: + d0:cb:26:71:cf:f4:af:7d:5a:41:81:16:fb:26:ec: + f0:35:01:6e:db:f9:e9:00:d7:d0:89:7b:cf:88:16: + 8b:1c:8f:77:1f:5d:ef:70:04:28:76:c5:1b:c6:23: + 8d:49:6b:f0:b8:21:56:d6:7d:68:6c:be:21:e3:e6: + e3:1d:6f:a5:ea:dc:83:e4:27:b3:6f:5f:1b:3d:33: + a1:d5:d3:f0:73:1a:12:eb:d9:95:00:71:59:16:b4: + e4:60:38:b2:2e:7f:b7:d4:c5:e9:3f:74:e4:48:38: + 29:89 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B1:69:DB:5E:9B:CE:1A:B4:1D:B2:6A:FC:5A:22:97:B6:24:14:6F:32 + X509v3 Authority Key Identifier: + keyid:B1:69:DB:5E:9B:CE:1A:B4:1D:B2:6A:FC:5A:22:97:B6:24:14:6F:32 + DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org + serial:92:91:67:DE:E0:EF:2C:E4 + + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Alternative Name: + email:ca+ca-rsa2015@esmtp.org + X509v3 Issuer Alternative Name: + email:ca+ca-rsa2015@esmtp.org + Signature Algorithm: sha1WithRSAEncryption + 0a:ce:07:39:77:08:c5:3a:00:04:e8:a0:3b:f7:d2:4c:79:02: + 23:0b:da:c0:55:39:82:71:0a:0c:83:e2:de:f2:3b:fe:23:bc: + 9b:13:34:d1:29:0a:16:3f:01:7d:9f:fb:4b:aa:12:dc:3b:7e: + b9:27:7b:ec:0c:3f:c0:d9:f5:d8:a8:a1:9c:1c:3a:2f:40:df: + 27:1a:1a:a0:74:00:19:b7:82:0e:f9:45:86:bf:32:da:0e:72: + 0a:4c:2c:39:21:63:c3:1f:61:6e:e2:4d:ba:7a:26:1a:15:ce: + b1:f6:1a:59:04:70:ed:e8:72:05:4c:fc:84:c6:a5:f4:e2:4a: + 40:e4:42:70:87:9a:a7:02:26:3a:47:34:09:e0:7b:88:ca:fb: + 99:d9:9b:bb:0c:52:8a:93:d5:59:30:0b:55:42:b4:bb:d2:b1: + 49:55:81:a4:70:a0:49:19:f2:4f:61:94:af:e9:d7:62:68:65: + 97:67:00:26:b8:9b:b2:2c:d0:2c:83:7d:3e:b3:31:73:b9:55: + 49:53:fa:a3:ad:1b:02:67:08:9e:ce:9e:eb:9f:47:0d:6c:95: + e9:6c:30:92:c1:94:67:ad:d9:e3:b9:61:ea:a9:72:98:81:3a: + 62:80:70:20:9a:3e:c4:1f:6f:bd:b4:00:ec:b1:fe:71:da:91: + 15:89:f7:8f +-----BEGIN CERTIFICATE----- +MIIFJzCCBA+gAwIBAgIJAJKRZ97g7yzkMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIQmVya2VsZXkx +FDASBgNVBAoMC0VuZG1haWwgT3JnMQwwCgYDVQQLDANNVEExIjAgBgNVBAMMGUNs +YXVzIEFzc21hbm4gQ0EgUlNBIDIwMTUxJjAkBgkqhkiG9w0BCQEWF2NhK2NhLXJz +YTIwMTVAZXNtdHAub3JnMB4XDTE1MDMwMjE5MTUyOVoXDTE4MDMwMTE5MTUyOVow +gaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhC +ZXJrZWxleTEUMBIGA1UECgwLRW5kbWFpbCBPcmcxDDAKBgNVBAsMA01UQTEiMCAG +A1UEAwwZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxNTEmMCQGCSqGSIb3DQEJARYX +Y2ErY2EtcnNhMjAxNUBlc210cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQC5GqFWzssWr0+WuipwMXDThmx6RiZHQj/eSVc+CB4QJb8Gj8r99F5q +AX0xTVCIGENxZmVCnJCXDZXyFO/XXnfvfbVJPwK7gyD35vyazRPfYEEojjkHpqRA +mBUeRrYELvmrMtGL/lKB8dLhw8+/q0Cn8OTlooI3MIwQfaqofH52zF8aJNCMlPby +f0q+LzhnwAbmnlGtVdDLJnHP9K99WkGBFvsm7PA1AW7b+ekA19CJe8+IFoscj3cf +Xe9wBCh2xRvGI41Ja/C4IVbWfWhsviHj5uMdb6Xq3IPkJ7NvXxs9M6HV0/BzGhLr +2ZUAcVkWtORgOLIuf7fUxek/dORIOCmJAgMBAAGjggFWMIIBUjAdBgNVHQ4EFgQU +sWnbXpvOGrQdsmr8WiKXtiQUbzIwgdoGA1UdIwSB0jCBz4AUsWnbXpvOGrQdsmr8 +WiKXtiQUbzKhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9y +bmlhMREwDwYDVQQHDAhCZXJrZWxleTEUMBIGA1UECgwLRW5kbWFpbCBPcmcxDDAK +BgNVBAsMA01UQTEiMCAGA1UEAwwZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxNTEm +MCQGCSqGSIb3DQEJARYXY2ErY2EtcnNhMjAxNUBlc210cC5vcmeCCQCSkWfe4O8s +5DAMBgNVHRMEBTADAQH/MCIGA1UdEQQbMBmBF2NhK2NhLXJzYTIwMTVAZXNtdHAu +b3JnMCIGA1UdEgQbMBmBF2NhK2NhLXJzYTIwMTVAZXNtdHAub3JnMA0GCSqGSIb3 +DQEBBQUAA4IBAQAKzgc5dwjFOgAE6KA799JMeQIjC9rAVTmCcQoMg+Le8jv+I7yb +EzTRKQoWPwF9n/tLqhLcO365J3vsDD/A2fXYqKGcHDovQN8nGhqgdAAZt4IO+UWG +vzLaDnIKTCw5IWPDH2Fu4k26eiYaFc6x9hpZBHDt6HIFTPyExqX04kpA5EJwh5qn +AiY6RzQJ4HuIyvuZ2Zu7DFKKk9VZMAtVQrS70rFJVYGkcKBJGfJPYZSv6ddiaGWX +ZwAmuJuyLNAsg30+szFzuVVJU/qjrRsCZwiezp7rn0cNbJXpbDCSwZRnrdnjuWHq +qXKYgTpigHAgmj7EH2+9tADssf5x2pEVifeP +-----END CERTIFICATE----- + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: f1:41:b3:3d:ba:bd:33:49 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2012/emailAddress=ca+ca-rsa2012@esmtp.org Modified: stable/8/contrib/sendmail/FAQ ============================================================================== --- stable/8/contrib/sendmail/FAQ Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/FAQ Sat Jul 11 03:46:36 2015 (r285374) @@ -1,8 +1,4 @@ The FAQ is no longer maintained with the sendmail release. It is available at http://www.sendmail.org/faq/ . -A plain-text version of the questions only, with URLs referring to -the answers, is posted to comp.mail.sendmail on the 10th and 25th -of each month. - -$Revision: 8.24 $, Last updated $Date: 1999-02-07 03:21:03 $ +$Revision: 8.25 $, Last updated $Date: 2014-01-27 12:49:52 $ Modified: stable/8/contrib/sendmail/INSTALL ============================================================================== --- stable/8/contrib/sendmail/INSTALL Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/INSTALL Sat Jul 11 03:46:36 2015 (r285374) @@ -28,8 +28,9 @@ sendmail/SECURITY for more installation /etc/mail/submit.cf. This can be done in the cf/cf by using "sh ./Build install-cf". - Please read sendmail/SECURITY before continuing; you have to create a - new user smmsp and a new group smmsp for the default installation. + Please read sendmail/SECURITY before continuing; you may have to create + a new user smmsp and a new group smmsp for the default installation + if you are updating from a really old version. Then install the sendmail binary built in step 3 by cd-ing back to sendmail/ and running "sh ./Build install". Modified: stable/8/contrib/sendmail/KNOWNBUGS ============================================================================== --- stable/8/contrib/sendmail/KNOWNBUGS Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/KNOWNBUGS Sat Jul 11 03:46:36 2015 (r285374) @@ -62,9 +62,9 @@ This list is not guaranteed to be comple libmilter and hence the communication fails. This can be avoided by increasing the constant MILTER_CHUNK_SIZE in include/libmilter/mfdef.h and recompiling sendmail, libmilter, and - all (statically linked) milters (or by using an undocumented compile - time option: _FFR_MAXDATASIZE; you have to read the source code in - order to use this properly). + all (statically linked) milters (or by using undocumented compile + time options: _FFR_MAXDATASIZE/_FFR_MDS_NEGOTIATE; you have to + read the source code in order to use these properly). * Sender addresses whose domain part cause a temporary A record lookup failure but have a valid MX record will be temporarily rejected in @@ -102,6 +102,11 @@ Kresolve sequence dnsmx canon Header addresses that have the \231 character (and possibly others in the range \201 - \237) behave in odd and usually unexpected ways. +* AuthRealm for Cyrus SASL may not work as expected. The man page + and the actual usage for sasl_server_new() seem to differ. + Feedback for the "correct" usage is welcome, a patch to match + the description of the man page is in contrib/AuthRealm.p0. + * accept() problem on SVR4. Apparently, the sendmail daemon loop (doing accept()s on the network) @@ -252,7 +257,7 @@ Kresolve sequence dnsmx canon * Race condition for delivery to set-user-ID files - Sendmail will deliver to a fail if the file is owned by the DefaultUser + Sendmail will deliver to a file if the file is owned by the DefaultUser or has the set-user-ID bit set. Unfortunately, some systems clear that bit when a file is modified. Sendmail compensates by resetting the file mode back to it's original settings. Unfortunately, there's still a Modified: stable/8/contrib/sendmail/PGPKEYS ============================================================================== --- stable/8/contrib/sendmail/PGPKEYS Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/PGPKEYS Sat Jul 11 03:46:36 2015 (r285374) @@ -141,6 +141,185 @@ gpExpdV7qPrw9k01j5rod5PjZlG8zV0= =SR28 -----END PGP PUBLIC KEY BLOCK----- + +pub 2048R/0xAAF5B5DE05BDCC53 2015-01-02 +fingerprint: 30BC A747 05FA 4154 5573 1D7B AAF5 B5DE 05BD CC53 +uid Sendmail Signing Key/2015 + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQENBFSl4rQBCADRCzgFSJkzyoOHw9/9L/+G3mzA1fWR7TgCE0WxGX7PDzyLDaUS +a4XpCDtadjXyr7c5YPo1T7ybxUH39yvUgEHBiPQDssik+bbpOiHL7V0sUDAYfKSq +YC8/MG42Oj/zd+0WUhnI+RckFYPBNDQ+sZC6ErLDxCYDZMYhG4vhJOGqAKpglNTb +w4Fdx4LNmL3e4t3z4IEtnzAqeGVxIZm8MGGFhKkb8ufpgh8Jiz4Q6cOis0ZD9K6f +LvMPRJXSBy9jBtmS2oI2e9Q5LLhmzd1PVyA8jwAlK0QfJLmlRrgRUfHFKhkf+EuW +tTi592OYCZ9bw7QVSiGVQUK+7VACfM+FQR81ABEBAAG0MVNlbmRtYWlsIFNpZ25p +bmcgS2V5LzIwMTUgPHNlbmRtYWlsQFNlbmRtYWlsLk9SRz6JATgEEwECACIFAlSl +4rQCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEKr1td4FvcxTTPMH/29J +kNmt6EGNo/eLQySB8HTenfJjZaQxwPRhq22kWgr/7WP1BR2411bopyNk4IZ0rcDr +tnyeJj4UWKJljVuXyTDQPtU8uUlgiOT8QiHEbge7MOzxrn0cy6KIOgKq+vtuxa28 +McaxjENR7XVIDFkesQ7P/yLkcCjlE6jaD4r9OIKpqEVMPs1WUFff+rsgTo7mdcgR +QowQOgYqNil5awQ5Y2Gol71hZ6oRcpqMwSd6w4dEEx2U8rF8oqJuoxeUTgNCSv0n +iFtewLznocmxlrxe1mQAeLfRmUAG4LSL6p5wx1lRjJA3gtyWRjY0404jGxkATLG4 +AtK2OkHj8MbrWLP7PKyJARwEEAECAAYFAlSl5AQACgkQYd4R7OJ2OnPHXAf/Y6Rk +rROF45+SgbsEIiDXQBcBOoO1GKe0nFTc1jfAKUHAQ94fqcDxNeFRA9fNIA2d7XNI +0Lw6W7X3RcEkF58xytIe/Y+EXDmOt/BUbpch9KIz6J9pqBhPdyHvG+ZeyA3A+TGT +ZGnnnAxNFtCjt2IID9lzZSLuWhH8+DNC2Vp15NngDTa1VIk17n5iIvi7r3V5cdIE +MblKLGm+ZaiTeccVLjwMKIUSgrLP87+yF/aaZH2kotuI7f3tD1ycN0sVZJxcFS+c +GFw7uvOarDBSm0Q/FgfhDUOJLy4w5SqVmgPEIAeogz94q0JXxSSr1XWQBD8X9XwF +f3+dPXmgMHXLGRWclYkBHAQQAQIABgUCVKXkPAAKCRA9aLJdUgfK08cnB/96BV+v +xyBx35TPg8eI/WIskdQAIpCQsm6FoO1ejbMzfWn9bImCewOp1UMlowdfQC52Hdp8 +EXnuwCpJ3rtnZctRld5dNM/clbZ+r3lr78wX7hqPUajlvxe+TMpyZbJirLn1f5Ba +yoysE4oICfzJivPfixZd7oFVr9EkftbatYenl0rgf/0lJTKRDIqNGezeeyfxaKdX +qd545wqis7PrrXDOrEq815aosG09KQBhIoPgti2us1R95nSm9z6dVCY/nSDOxL+a +Vyq/XD5KSUqbZVocY+fbR3dNX5haTvawuG0GPvl+YvYb2lW4hhi7Q4aUL7Dd4c9c +vk5+WAvfJwHtbxrgiQEcBBABAgAGBQJUpeREAAoJEI5a6fvO7vQ7OWUH/2NNxhlI +JEtvD+Nj2oPGgVQJrlFI1pbzyMCtD+6iy8Lfnp2DK+qKPMjBw96LUqcXC32VFPQr +17iyZDv26MSb/acmdIfTPpPTwJ6zEmMI8mXradeuoiWxeVHSg7n+D3u0xtikmb9Y +uRKv0yx43fcL70bqV5DzyXQte0chfRnOiwMrImWdgDekkmxE9udbtgK24rifNVGa +TBB6eHJAsFVu5Y38hsZLe10bCKyUCqT6Qywfy3RCMpXYeo6fXOk0fKatG2oi3CZp +LI+AnjmAJ0t2oMkrwUxogkK3LkShJT/aJYIR24eZm0GdzwRHZxXKClGFvdJslIea +TKHSXNK41eEIfreJARwEEAECAAYFAlSl5EgACgkQOaTHfal4hLAXfwf+M0YmlHd4 +1sfvckYhOYf99n1BGnfQx5RJn+X+EBjGyOfPKMBPQuZIlwAI20T+cFnR3WmgrmlO +IBG8qVcSDoValzNPcr0V3WGDrT75fYhf5iYj2ZsZDBUqE1VF3dAVUw40x2c1n+98 +7lbq3NtolSPYk07h5rhEhmkjdNcixv/exVCTGVwaT4X9ZHY8heETmF5tsCtPavpr +i/DjcDQQQ0sQ8um1eX41j2bhrN4MERUC5oadvSULaA2QUoWgCrzVG8zx715Au77N +jLtfA31hJI0GP/dpSREaYlqA0nwVDR5tz1TyTNwPN1ylxjQmjKXtJwx3jUtlT9Zh +qxRf+ngYHpWArokBHAQQAQIABgUCVKXkTAAKCRBgTfvyhUEKvl11B/9aYJBEEQZp +JWAT6HPmQK//i2x4y1euQfaHsjqJALvvPrgiTp/ZE3o6dKHhs+SbawsB57RtootN +maQr7x2drvBojWhJJdaouAh345qOfZYb0bD9klkr6W+Mjl5T0xWIKFEyIZn0Tcbr +8ekHgSIx2trL8LduSJou2bdPMh46PORzEpuQQ4IAyV0uRyBdNFOPwTy2OdXs51fr +M7lp1hJp84+y2a6z3vz3VCs2A9LzlnXKZ6bXljpd5dQfrmrSNXltPKA3jVLkWi8+ +rh9f1rAGsj1e6N1aVF2uJ1Y3u+U0XQ/dwa1vDF3y4KVObxYM9eNGbF4J8lGkUy2a +gZ1s1X8QzEDUiJwEEAECAAYFAlSl5FAACgkQEolum6d/JCmUSQP+KEz6xSvPSbFP +Hip4JiX1Wbvd+t3TyL0u9Fv/POwUrFIHVpTkCwOz6jsBH3TdGGiYOP5F8k/US2jU +3WB0J1mK5Rn3GwLhUGNTEeuaJZCuKE+j3qwMFmDqC/2IxEvlWtrIbTqkgf7cRv/O +O7VNv+EL0axtsrOcwZlUWe6Lc4571oaInAQQAQIABgUCVKXkUwAKCRDYqvDK9rMH +KX7xBACUFTBRCmboY/GRTHMZW1DGfcO2vMxwnYKqWomuzi/YonDCWtoTpeMDaAhY +NnIchC1mlYteIE94/+ZsoYsZeaR3fe7CN6h/deBu4tW/dQ+TW1ZPF6EuVhoviKgz +rd3rb+gcS0f0PgSPyg5LGtoMGMD9/gx1NJOTFec83jmBI95Gb4icBBABAgAGBQJU +peRXAAoJEJdDARhwk7hBAUED/0oyeD2Z4wMQ6IQEprOAWbR+vIRzaThemmCGobRw +UlM44nUXqKSM1+naLEVz/JzBuKWG00zTz6Su3NesWoFzDDUGYcIJggbOm39Pc+V8 +eXV86An64/v3P6gypJc+q9P+FFGGO884wFmYN634Mi4SDBVFUzffcghueAFcxtzt +0mH5iJwEEAECAAYFAlSl5FoACgkQHnuzyK+VliVGdwP/fmdK9MdWIzPD/6eYm6JZ +zbksaGWiqpwgp9IEr/OhSmGkXuwUsP35PFJ8FsJbEV5x/y6pP3UNp6EFRN/116ue +jp5vVM7nnj2K3V8f85J4dXCRbv+kek+Ufo1Qzm5kgvRuBxX1sXpxFX6yBM0Y6WuV +gszdbTVNlS04q6bnPFE9L4uInAQQAQIABgUCVKXkXgAKCRBwoCRNHvmSUZ/7A/9W +yQJrrdrs2SuYtoxov/pL/TVMejbnxsF8Y0dRtM/KiquP57PMQSmLqy4fTRzAMHBv +XK1aKfewTVfGKLcHIzfMfv2XcPpWfwcyMeZKtcSr25lWl9GJZP221rCok76XYwqk +BPPp0pjSwdy0Qq4sd3N3ESZmqAMWJ7ouMmlQ7VWReYicBBABAgAGBQJUpeRhAAoJ +EMjV7SmV9hdxLv0EALX3yjI2KDNG1mo5ctCSYlIlhXHQ6csHuUK9lzj9R1gVEzDU +0dEZH0+a5UXh5xf8nyTDLytUe8PxTtPit3AOP6TvTJlANULh/3MKS6317RwUe2e0 +OitWbhQAOYfpYAkSdXZACzPacxrefkxmSM3Pq+SYoumZTI2N6AvVu8MeCS0GiJwE +EAECAAYFAlSl5GQACgkQIYPhsTlvB4mWJgP/XAlvlBityADJkdN+3mp/OtdYzw04 ++dBdNtmLqWUiMZg6rPPHUQi7dfBKi95FFe2U8hxSRk8oLzSzmh/M/CP72mxKh4pi +PbmEkmKHYlNdyfCCNqXdjkBXFAKXAes/4DaBlZwvLjPtrupEaW2eYdU8cSrdeGuv +1PMLRPxRr3nPCb+InAQQAQIABgUCVKXkaAAKCRCJaWK4Z4wKA3ZVA/4iYD+xrYv0 +8I+0GZJRdEL5f7T97a7Vtf5xSxUhHDww4xC9gs8LzEGWZXoNaZEVl4j+63EnCIbY +o4g+c4m81D5NWFqeJWhWpcyvejo9hfGM3ZK/XbiF+ZTzznU5YJclGaZ7t8TY8gcx +GSWxUzxBJQcSEzAKKi286ielMAXocNx10oicBBABAgAGBQJUpeRrAAoJEDgi20fM +N08tDkwD/2F5j5irsDw+MQyLKpfPv3GRJ5J3ebOPpLQkQ5T34+qeIw4LkcXW9OJA +ohW47JLb7R8zwAlUoqmmNXtxTM0r0FlTYGPOVEnSEkMqqa3KR68B3jWAGXXdqig9 +yBxYRleawQ4ltnegBn8q7gC4MwnIAZxzK+Y8cM0Rk/FjC9+NhwrviJwEEAECAAYF +AlSl5G8ACgkQnBy94uNcVjUfvgQAlQijnoE3de1CanB0JqIN+h+XOLOpalFti+B7 +Swc2ZlnlQ9mofYPK5UHlbsiC7/TilD6xm4YEFKim9sOIMi8FNka8+EH+/d1DmS4M +qVPDssxTG6VOzn7tYOuC9qIw15IpfbHW2bk/YIImwP9nViKCMLIGw+ZgK+uiRQx9 +fT8O1NqInAQQAQIABgUCVKXkcgAKCRBvUpPYo5umVYKeA/9n63K1nF3DNY3Hckvz +tN8OrPmyCIOh+7t4sc5NHhTK0+BQTv+cgG6ig7K2cdI6VBAovs/c/u7+RrcMhp7l +45AVnycfKcNaMHKFyMHDk9FZgpRG/bv1zwDxdh+scUc3IekqkSiQ2wTjDQ5Q/BMK +L5zfOSnTOoltWjpVgsjdM75Ol4icBBABAgAGBQJUpeR2AAoJEO9YlmTUMuGd8R0D +/3mhriMu/cp3DXHnlDykqLJI1q5K4xCHOWwFYZ8DxW116AVjluJYYW1HmWcJrjK3 +cwuN3FUcsIjafanIJWCsdeZaPAyFEfUBEW0YXIIpBXRw2N7jNtrd5X6Zjptd+zW+ +4dUzvT1pqVtdPHjova3fcGLSmcdZYbddotaGi7xi7kXviJwEEAECAAYFAlSl5HoA +CgkQwZwdJRLTRh0iwwP/Y/pwp9ttAMuQUz6oH71BTkUrzu9LiI7vhrYxEquFdzCO +dE4jBNB3LGfwzjhJRtjmQ/gVhjXWWrDYnOXt3gNxb9KzmTHmSDu65cBxX54Un0pZ ++MXjjWOT2l8+GA1lXeICIoZjJL88/zEZAiaH67ch2LEix1fOaJmXJzUSmP1pR3KI +nAQQAQIABgUCVKXkfgAKCRDAKcpAFvTM6XVwA/9Eb+Dwn2lmEFFo64gj8ocpWzP8 +/sD86PP5KkZ+b/HQnGB3lsQTwsGytDvJfutLDa05sS/HWZ9wXPltX/G3omp/A1G5 +qEKzVSe0vEWedpf9wn82Ll6hzaiS5qX7r0+FpyUjY8arNrze5S4Q6Q2kjl8YduXl +wG877igRHkGpAtApxYhGBBARAgAGBQJUpeSHAAoJEBj1A4AkwngCRCMAnjHfd5db +KK6DJxrWVnEbyXs/QJGKAJsErKkiUX55B8k/P3cyzyXIaOujBYicBBABAgAGBQJU +peSOAAoJEHxLZ22gDhVjCDQD/j7DE5wyhpjHrtf0hsQcaQoVHWZb2JTLZUMRAQyj +zKMTSs0GslamlxLZmyV1HqkB+41zuJeBQtRV4gjqa5DQmWDRC2mHl7o9A40v4SDa +O1jmfU5hfJSMecucPyEcfaAG4BIMvBo6TL484uHBi45SN4Ik3f2wc6D1XOluD1vB +gIwpiJwEEAECAAYFAlSl5JMACgkQ1uCh/k++Kt2s6gP/RNcMKtx4u61vz+Aji/Fa +H9q03JxQaRgmN1q2AvZQ/NTWTXU7Y5GnH4kW/8rOoUQiR+agJsvTt4ciM+y33pZ/ +ZZLkAuo0uKelEHhdQhtRbSktKBHSgDWbiqaJJIxazeLpxcSgaoM6RW/7aIFdMtEl +ALAzTACYlTN/nKWWICn8GnGIRgQQEQIABgUCVKXkmAAKCRAh+cW892qb9aWOAKCg +aznvUX8PIvKPzoHld39xWlJ+FgCg76wrEc1h9IiIgUoqH5NWVCxcHneInAQQAQIA +BgUCVKXkngAKCRC92o/WP+p9/ancA/0Z4JHZT7NRBMr47zQvSwE4eLpSE5QDGXi7 +RNmOUgZxrxsFWRZLJCVupXDBQVZEhOBRZYqXPw1eDglOU952oj5OjaHsYnSEu7jz +VUwlp2BxZQ3mnepdUcQz1A3k2cPZ0I6KFP9hP88GU+77nubB7IqRH/Q3QKMgO0eW +yd5kYugyYYkBHAQQAQIABgUCVKXkpwAKCRC9J20ub8+ohR46CADMEvAns+L+BkVN +d9INsiR1rONrNRPT6w4dnBeTLaykkuMjc6+7s+UuXm6AMAelI28pG+fJyt/lZAGx +QLS9zFgREge0lVbOZVeAYeC1YyFsrJE4Lr2quq3fajj23tnsHmCv16znMHrh/E1m +Udm4145NprijrZn+PsjuVWYV+pxiLpLM0YBdGNwCEMi/KCQ1fcaiAZZWSqLmHIe0 +ubWDdqq8/5JRQ22SEnqP2FT/lfOmKTxMNmE0uEr4+C4fG2nd38BvzpHu9eN/4Nwx +IwzK5DhbAj+I57+VDncgkNGe1q4QY/5LaZQh/nHIcmX1ln23f9Lxkr6EYYZ1ptq+ +A8buvD+XiQEcBBABAgAGBQJUp+zrAAoJEBCQryClqlvm6AgIAKAR8HY4G9AD2jDb +ouS4Al4QICagwQ0Y7Rc2/fHyPQEAP714EimakPFVFDbSD6SW569Qtdxr+ggH4wFI +bzd21pCgIUC6nVoDotIjplMdYkNfq8AODpxn3HTBnNQ7e609xnWxFo/+httKoWok +fEP9qZk4MJq7lE75iX+wohjLwoF6v0tCB8CrBFJcfKrDvXQSGvKiaEp4g0sEfyXv +gL6X0xKMflupofdnFLJliV0WqGhBOGUghPdLsA02E3e1utj6WABmudMytRxWB8is +SWGaywaEKLSdCgi+XlQVypKeWNMbZZZcftVZ91r4iNTAkw4cv5Wea+YnngfurGCq +J/jUq7aJAiIEEgEKAAwFAlSn7r4FgweGH4AACgkQZhs61tgqu9C9Aw/+JMTXzwni +NPwBxkbcNWbnWODVEElmDloHNpr3z+ryF1XNgbiOY8dn7uwRnPoeCDhIDwvNkK+x +h4xmjH0970v1ltbzcZv0wnK6UeHQssqN9NGsXM9rbodYRIam4yxbwd1ddOC9QZFM +ToRVWiqCzGOVYL50a24OYKClGjm4ncRznXJrNwYMEjxQ3j5FOkXIn0096z3szWCY +6yDpPzOsl2TPwdjMKZWoMEDh/SvY3AxAXo1XqDCj2/+C8dDwO7kn+QAl3fUGmkI6 +dUHCAJm/WtSyvINdphzhZ1ZdkPhqDUKcR0JTX03QJ6bnu5vmmOncWm2NA7rP74fq +KE9XzT808xP0GBwR1co7Eq+/751j2TA33JSlt/hIgi5aEWc4laCingJ02yaW8tUS +DCoVNITaXcF/B47hjBgovQk8TOTsQ0nkSYvOoh05OYBmzl17G57QuPx1stRJ29QA +VLGem1v1mXAuNdHH0kNE+/Rv0A2vGqauLx9ba84RfbXMM4SJw8CjhX6OxhAM8xoU +tO6T56XZS8qLtWLkNQNZNdNlAo6tYk/cTrjdX1M63nYjoVbuc0nic6Wp+dQk/DEb +wsiIpFoisvMK6EH49v70/c9Gtg6rk5z2yBHMZsjo2Y0TheTKwKIUEz0MuTncH8jD +yB/NtQkrbiBdEqRJUoKKUtS0B4cUYTUyd+SJAhwEEAEKAAYFAlSn8agACgkQ8Ar2 +6sJF0gs2yA//cgc+g1wPRFzJeQGv5UFR3TCAMtS+/bzY3UU/eG2Jmbv2qwPbn+kx +RH5dYlZ72VHXEggBaEweCBrBWsweX5dGEMNDLNlI9ArAjjhBAZFFUQKj55EzIZpp +YTbvgxOD2ENKU2HfeQYCGFYZr3L2DXQ1k0U7VnaElBQV3o88CMi7bIsQq2aWk+c6 +Cy15UVr0niVLm95EUZM4yYm2gOGJXUeaGIExSBtiwuzvAiDEGaqfPGAi1ePkNmLJ +3UzYfgiQumSh1kDVlQkCc8UQiF6ckEma618cmmaHs5vZvHsTX5O2/qPkLpXunA/7 +5yM/Jde8a5VbNGWyZ4rmstlWR5rPd7r3uP85miHn7Arait3aGo8RQeAHzOdTvMqS +n3oCotQlOvBhOo7qA8oYQVlU0+77gOfZZeEXDZG13lU95ptFhdsGstIQH67jPQ6z +TpVnd28ip92ysrwvxPhOzO74yKcYoKtzwLctcvptlKTkrFMHP3wJwqbaSfJGK4JE +rjT8WnnWyHY465nTDN9AKkoH4WQNozniWX8OkF3CpPj7ow8roFXlPOxXH4QsaQu3 +Kk31APn/A925d4xyYuWYHZ7A/FzsHafFHPMoG3iwZyuFhfl1UXVvEd8w9mEcxXoh +2iCy87TdpesG0GDzSmWwEYEPkg20BD2+vdc0EekALDjAGM+lfBxN67KIRgQQEQIA +BgUCVKgM0gAKCRAJp6JK0eWCB94UAJ98O6S6r1hFnCLrbU3GeqrA4DCtBQCfcza/ +WoVLc3/+bOf1jzjJ/eJ20IyJAiIEEwEKAAwFAlSoCRMFgweGH4AACgkQhS2G+DXA +JIrWURAAvgl1LkqB9pRPViK1U+xa3b5zt0O/fLbov59aLhA4uPJ10BgaKptflLim +aE2EsS4Mnk0DQgGEBjlywJ5Ft3aMk3vbRz7lDE3zQ3oWa7+N4fcG7WWsAxmh0NtX +Ak7orN6rQcyGgWgpF7wOau79i4VO7oLHKeS7QNs7X59CW+k64TAJabxi74PRoVMz +843qWPjsuFIYM7n/nF0vdECwhSE8zUgcYG2n5CdA0Lq7XRE+II11VOT2XEXFMyR/ +Qh2m7l+jy12MEzHQfGC1HYBo/Zi/MRIN53Rd2LLJWQdMxz/BDiuSxZhKVeCRe7gT +Mc2k3VrmfViBoaUE0zqMbx0j29XUbNQNU3afE8MOBkmyd6AQjoswBEsgU9uyCJYD +Jq3V1stwSVBm9G7X/l8GFlPawLg/uM9gTYb2JYUYPlphTAwVcL469rKQNMhPj2ww +zT7NzjwFb9XrmyiIrqH5z2ieG+LRjajOPVPwBsqZ3gOA+z9QkU1lRYEJOTlEYCkv +8oA6ZeFm31S4JoeogbCDaMiqDszkFtYGBUgGEbnHoCgXi7aINSb17VZ8LTzpD4V9 +vGdFVuE3vJf2POMERP+buLV8OiG38cBJXb+JVSC+pkpm+32nY0UR5ccDPwAC3cGq +SbI6ftKlQeaYp3UEncFUaB8NNZings3jzRexPjzUzo0vhRkkIs2InAQQAQIABgUC +VKg5iQAKCRBfHshviAyeVbEVBACL9Vve0dF0UqO+DN4PzrTOx2JzRw7ujhcrZ6I/ +TCXjANGLWUheylRWhvxMojvbhZEg2835+9l6tpD7BVnrfkBE+LYIKFTusye+WYre +dAaHFpuN6XfmsXmhXaSodhH9gKS+oftYX61qUmiE7L98nvINNBMnFVkptCQVDl8o +GWiMRYhGBBMRAgAGBQJUqBAmAAoJEMSxB5iFeWojCtoAoLa2/SUyfC5EiKdvEbap +49v6XPyxAJ9mPvhe75aTOU7uWoa+c0wn6fXIcrkBDQRUpeK0AQgA7ctg3cJD4eTw +j4sQ94AtSYjwT+Yp7r2s6h4cHUge6AMZy9ixtyg87JnviRFob2zeo2JFDAwtl7Zs +GHo+py/mJwfQKmUsXUmQqgHJFXDiiux+4+dYOXZyVYKP5bTV0JVlKjRjSWNnh7Bv +yZNUZlrLz5ZKF1NAYKJAw4fx3TFbC4K3hvDwHQW3croPQYq0wNq6as956LHYjUOB +Q5K0uy4TXY2EcIyAy253UX9MAFgacuP1jf3ITEVZpcebzl+gcaB54gXqOfmgQQP5 +PmQDyb96ZxFsKa5UfsS3Kh0PeERa5TDlgiw55O55pUSGKKfYfOXvqpJ/ZKYl+ado +wgsmbq09UwARAQABiQEfBBgBAgAJBQJUpeK0AhsMAAoJEKr1td4FvcxTNO0IAJ2b +V48mulcdCS8G3t8qRHlEXGbxgYBQRa500M9fdgRyIWBxubP7r6/nLFDGiIpdUVmT +g9F3r1JsyK6Q7+VUp9XLirj/gT1kwxXT/UHHIQO8ObtPbfFtqISaBjaklTOUPCud ++nOpzRIfct6CZM0xAVIoqm4kaRFaWefxRiyeosDQ7tCD4lDRwxNJE2deE1WmOeN1 +YCJHa8QaewJXtUvqMq6pRmTlzSn+5/w3gV3XVF+CHjGD/COeSm7CGazLmlypN4n8 +ib9eRg0K2rAqKfUbn+aFwmqSBhBcw/UhOoXnteNQvd9KNdKiHERJEI3qZ2rLAlYf +uYT6oSAR9rPSpsZpyTI= +=Jib4 +-----END PGP PUBLIC KEY BLOCK----- + + Type Bits KeyID Created Expires Algorithm Use pub 2048 E2763A73 2014-01-02 ------- RSA Sign & Encrypt fingerprint: 49F6 A8BE 8473 3949 5191 6F3B 61DE 11EC E276 3A73 @@ -2613,4 +2792,3 @@ DnF3FZZEzV7oqPwC2jzv/1dD6GFhtgy0cnyoPGUJ =nES8 -----END PGP PUBLIC KEY BLOCK----- -$Revision: 8.46 $, Last updated $Date: 2014-01-18 00:20:24 $ Modified: stable/8/contrib/sendmail/README ============================================================================== --- stable/8/contrib/sendmail/README Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/README Sat Jul 11 03:46:36 2015 (r285374) @@ -211,29 +211,11 @@ There are other files you should read. +--------------+ There are several related RFCs that you may wish to read -- they are -available via anonymous FTP to several sites. For a list of the -primary repositories see: - - http://www.isi.edu/in-notes/rfc-retrieval.txt - -They are also online at: +available from several sites, see + http://www.rfc-editor.org/ http://www.ietf.org/ -They can also be retrieved via electronic mail by sending -email to one of: - - mail-server@nisc.sri.com - Put "send rfcNNN" in message body - nis-info@nis.nsf.net - Put "send RFCnnn.TXT-1" in message body - sendrfc@jvnc.net - Put "RFCnnn" as Subject: line - -For further instructions see: - - http://www.isi.edu/in-notes/rfc-editor/rfc-info - Important RFCs for electronic mail are: RFC821 SMTP protocol Modified: stable/8/contrib/sendmail/RELEASE_NOTES ============================================================================== --- stable/8/contrib/sendmail/RELEASE_NOTES Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/RELEASE_NOTES Sat Jul 11 03:46:36 2015 (r285374) @@ -5,6 +5,165 @@ This listing shows the version of the se of the sendmail configuration files, the date of release, and a summary of the changes in that release. +8.15.2/8.15.2 2015/07/03 + If FEATURE(`nopercenthack') is used then some bogus input triggered + a recursion which was caught and logged as + SYSERR: rewrite: excessive recursion (max 50) ... + Fix based on patch from Ondrej Holas. + DHParameters now by default uses an included 2048 bit prime. + The value 'none' previously caused a log entry claiming + there was an error "cannot read or set DH parameters". + Also note that this option applies to the server side only. + The U= mailer field didn't accept group names containing hyphens, + underbars, or periods. Based on patch from David Gwynne + of the University of Queensland. + CONFIG: Allow connections from IPv6:0:0:0:0:0:0:0:1 to relay again. + Patch from Lars-Johan Liman of Netnod Internet Exchange. + CONFIG: New option UseCompressedIPv6Addresses to select between + compressed and uncompressed IPv6 addresses. The default + value depends on the compile-time option IPV6_FULL: + For 1 the default is False, for 0 it is True, thus + preserving the current behaviour. Based on patch from + John Beck of Oracle. + CONFIG: Account for IPv6 localhost addresses in + FEATURE(`block_bad_helo'). Suggested by Andrey Chernov + from FreeBSD and Robert Scheck from the Fedora Project. + CONFIG: Account for IPv6 localhost addresses in check_mail ruleset. + LIBMILTER: Deal with more invalid protocol data to avoid potential + crashes. Problem noted by Dimitri Kirchner. + LIBMILTER: Allow a milter to specify an empty macro list ("", not + NULL) in smfi_setsymlist() so no macro is sent for the + selected stage. + MAKEMAP: A change to check TrustedUser in fewer cases which was + made in 2013 caused a potential regression when makemap + was run as root (which should not be done anyway). + Note: sendmail often contains options "For Future Releases" + (prefix _FFR_) which might be enabled in a subsequent + version or might simply be removed as they turned out not + to be really useful. These features are usually not + documented but if they are, then the required (FFR) + options are listed in + - doc/op/op.* for rulesets and macros, + - cf/README for mc/cf options. + +8.15.1/8.15.1 2014/12/06 + SECURITY: Properly set the close-on-exec flag for file descriptors + (except stdin, stdout, and stderr) before executing mailers. + If header rewriting fails due to a temporary map lookup failure, + queue the mail for later retry instead of sending it + without rewriting the header. Note: this is done + while the mail is being sent and hence the transaction + is aborted, which only works for SMTP/LMTP mailers + hence the handling of temporary map failures is + suppressed for other mailers. SMTP/LMTP servers may + complain about aborted transactions when this problem + occurs. + See also "DNS Lookups" in sendmail/TUNING. + Incompatible Change: Use uncompressed IPv6 addresses by default, + i.e., they will not contain "::". For example, + instead of ::1 it will be 0:0:0:0:0:0:0:1. This + permits a zero subnet to have a more specific match, + such as different map entries for IPv6:0:0 vs IPv6:0. + This change requires that configuration data + (including maps, files, classes, custom ruleset, + etc) must use the same format, so make certain such + configuration data is updated before using 8.15. + As a very simple check search for patterns like + 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. If necessary, + the prior format can be retained by compiling with: + APPENDDEF(`conf_sendmail_ENVDEF', `-DIPV6_FULL=0') + in your devtools/Site/site.config.m4 file. + If debugging is turned on (-d0.14) also print the OpenSSL + versions, both build time and run time + (provided STARTTLS is compiled in). + If a connection to the MTA is dropped by the client before its + hostname can be validated, treat it as "may be forged", + so that the unvalidated hostname is not passed to a + milter in xxfi_connect(). + Add a timeout for communication with socket map servers + which can be specified using the -d option. + Add a compile time option HESIOD_ALLOW_NUMERIC_LOGIN to allow + numeric logins even if HESIOD is enabled. + The new option CertFingerprintAlgorithm specifies the finger- + print algorithm (digest) to use for the presented cert. + If the option is not set, md5 is used and the macro + {cert_md5} contains the cert fingerprint. + However, if the option is set, the specified algorithm + (e.g., sha1) is used and the macro {cert_fp} contains + the cert fingerprint. + That is, as long as the option is not set, the behaviour + does not change, but otherwise, {cert_md5} is superseded + by {cert_fp} even if you set CertFingerprintAlgorithm + to md5. + The options ServerSSLOptions and ClientSSLOptions can be used + to set SSL options for the server and client side + respectively. See SSL_CTX_set_options(3) for a list. + Note: this change turns on SSL_OP_NO_SSLv2 and + SSL_OP_NO_TICKET for the client. See doc/op/op.me + for details. + The option CipherList sets the list of ciphers for STARTTLS. + See ciphers(1) for possible values. + Do not log "STARTTLS: internal error: tls_verify_cb: ssl == NULL" + if a CRLFfile is in use (and LogLevel is 14 or higher.) + Store a more specific TLS protocol version in ${tls_version} + instead of a generic one, e.g., TLSv1 instead of + TLSv1/SSLv3. + Properly set {client_port} value on little endian machines. + Patch from Kelsey Cummings of Sonic.net. + Per RFC 3848, indicate in the Received: header whether SSL or + SMTP AUTH was negotiated by setting the protocol clause + to ESMTPS, ESMTPA, or ESMTPSA instead of ESMTP. + If the 'C' flag is listed as TLSSrvOptions the requirement for the + TLS server to have a cert is removed. This only works + under very specific circumstances and should only be used + if the consequences are understood, e.g., clients + may not work with a server using this. + The options ClientCertFile, ClientKeyFile, ServerCertFile, and + ServerKeyFile can take a second file name, which must be + separated from the first with a comma (note: do not use + any spaces) to set up a second cert/key pair. This can + be used to have certs of different types, e.g., RSA + and DSA. + A new map type "arpa" is available to reverse an IP (IPv4 or IPv6) + address. It returns the string for the PTR lookup, but + without trailing {ip6,in-addr}.arpa. + New operation mode 'C' just checks the configuration file, e.g., + sendmail -C new.cf -bC + will perform a basic syntax/consistency check of new.cf. + The mailer flag 'I' is deprecated and will be removed in a + future version. + Allow local (not just TCP) socket connections to the server, e.g., + O DaemonPortOptions=Family=local, Addr=/var/mta/server.sock + can be used. + If the new option MaxQueueAge is set to a value greater than zero, + entries in the queue will be retried during a queue run + only if the individual retry time has been reached which + is doubled for each attempt. The maximum retry time is + limited by the specified value. + New DontBlameSendmail option GroupReadableDefaultAuthInfoFile + to relax requirement for DefaultAuthInfo file. + Reset timeout after receiving a message to appropriate value if + STARTTLS is in use. Based on patch by Kelsey Cummings + of Sonic.net. + Report correct error messages from the LDAP library for a range of + small negative return values covering those used by OpenLDAP. + Fix compilation with Berkeley DB 5.0 and 6.0. Patch from + Allan E Johannesen of Worcester Polytechnic Institute. + CONFIG: FEATURE(`nopercenthack') takes one parameter: reject or + nospecial which describes whether to disallow "%" in the + local part of an address. + DEVTOOLS: Fix regression in auto-detection of libraries when only + shared libraries are available. Problem reported by + Bryan Costales. + LIBMILTER: Mark communication socket as close-on-exec in case + a user's filter starts other applications. + Based on patch from Paul Howarth. + Portability: + SunOS 5.12 has changed the API for sigwait(2) to conform + with XPG7. Based on patch from Roger Faulkner of Oracle. + Deleted Files: + libsm/path.c + 8.14.9/8.14.9 2014/05/21 SECURITY: Properly set the close-on-exec flag for file descriptors (except stdin, stdout, and stderr) before executing mailers. @@ -681,7 +840,7 @@ summary of the changes in that release. LIBMILTER: The "hostname" argument of the xxfi_connect() callback previously was the equivalent of {client_ptr}. However, this did not match the documentation of the function, hence - it has been changed to {client_name}. See doc/op/op.* + it has been changed to {client_name}. See doc/op/op.me about these macros. 8.13.7/8.13.7 2006/06/14 @@ -3509,11 +3668,11 @@ summary of the changes in that release. Add new STARTTLS related options CACERTPath, CACERTFile, ClientCertFile, ClientKeyFile, DHParameters, RandFile, ServerCertFile, and ServerKeyFile. These are documented in - cf/README and doc/op/op.*. + cf/README and doc/op/op.me. New STARTTLS related macros: ${cert_issuer}, ${cert_subject}, ${tls_version}, ${cipher}, ${cipher_bits}, ${verify}, ${server_name}, and ${server_addr}. These are documented - in cf/README and doc/op/op.*. + in cf/README and doc/op/op.me. Add support for the Entropy Gathering Daemon (EGD) for better random data. New DontBlameSendmail option InsufficientEntropy for systems which Modified: stable/8/contrib/sendmail/cf/README ============================================================================== --- stable/8/contrib/sendmail/cf/README Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/cf/README Sat Jul 11 03:46:36 2015 (r285374) @@ -158,6 +158,26 @@ FEATURE(`local_procmail'). ******************************************************************* +Note: +Some rulesets, features, and options are only useful if the sendmail +binary has been compiled with the appropriate options, e.g., the +ruleset tls_server is only invoked if sendmail has been compiled +with STARTTLS. This is usually obvious from the context and hence +not further specified here. +There are also so called "For Future Releases" (FFR) compile time +options which might be included in a subsequent version or might +simply be removed as they turned out not to be really useful. +These are generally not documented but if they are, then the required +compile time options are listed in doc/op/op.* for rulesets and +macros, and for mc/cf specific options they are usually listed here. +In addition to compile time options for the sendmail binary, there +can also be FFRs for mc/cf which in general can be enabled when the +configuration file is generated by defining them at the top of your +.mc file: + +define(`_FFR_NAME_HERE', 1) + + +----------------------------+ | A BRIEF INTRODUCTION TO M4 | +----------------------------+ @@ -397,6 +417,10 @@ SMTP_MAILER_CHARSET [undefined] If defin that ARRIVE from an address that resolves to one of the SMTP mailers and which are converted to MIME will be labeled with this character set. +RELAY_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data + that ARRIVE from an address that resolves to the + relay mailers and which are converted to MIME will + be labeled with this character set. SMTP_MAILER_LL [990] The maximum line length for SMTP mailers (except the relay mailer). RELAY_MAILER_LL [2040] The maximum line length for the relay mailer. @@ -743,6 +767,16 @@ nouucp Don't route UUCP addresses. Thi 2. don't remove "!" from OperatorChars if `reject' is given as parameter. +nopercenthack Don't treat % as routing character. This feature takes one + parameter: + `reject': reject addresses which have % in the local + part unless it originates from a system + that is allowed to relay. + `nospecial': don't do anything special with %. + Warnings: 1. See the notice in the anti-spam section. + 2. Don't remove % from OperatorChars if `reject' is + given as parameter. + nocanonify Don't pass addresses to $[ ... $] for canonification by default, i.e., host/domain names are considered canonical, except for unqualified names, which must not be used in this @@ -1441,7 +1475,7 @@ msp Defines config file for Message Sub by default. If you have a machine with IPv6 only, change it to - FEATURE(`msp', `[IPv6:::1]') + FEATURE(`msp', `[IPv6:0:0:0:0:0:0:0:1]') If you want to continue using '[localhost]', (the behavior up to 8.12.6), use @@ -1499,8 +1533,12 @@ block_bad_helo Reject messages from SMTP - connections from IP addresses in class $={R}. Currently access_db lookups can not be used to (selectively) disable this test, moreover, + FEATURE(`delay_checks') - is required. + + is required. Note, the block_bad_helo feature automatically + adds the IPv6 and IPv4 localhost IP addresses to $={w} (local + host names) and $={R} (relay permitted). require_rdns Reject mail from connecting SMTP clients without proper rDNS (reverse DNS), functional gethostbyaddr() resolution. @@ -2442,17 +2480,19 @@ should only be used for sites which have that they provide a gateway for. Use this FEATURE with caution as it can allow spammers to relay through your server if not setup properly. -NOTICE: It is possible to relay mail through a system which the anti-relay -rules do not prevent: the case of a system that does use FEATURE(`nouucp', -`nospecial') (system A) and relays local messages to a mail hub (e.g., via -LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use -FEATURE(`nouucp') at all, addresses of the form - would be relayed to . -System A doesn't recognize `!' as an address separator and therefore -forwards it to the mail hub which in turns relays it because it came from -a trusted local host. So if a mailserver allows UUCP (bang-format) -addresses, all systems from which it allows relaying should do the same -or reject those addresses. +NOTICE: It is possible to relay mail through a system which the +anti-relay rules do not prevent: the case of a system that does use +FEATURE(`nouucp', `nospecial') / FEATURE(`nopercenthack', `nospecial') +(system A) and relays local messages to a mail hub (e.g., via +LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use the +same feature (nouucp / nopercenthack) at all, addresses of the form + / +would be relayed to . +System A doesn't recognize `!' / `%' as an address separator and +therefore forwards it to the mail hub which in turns relays it +because it came from a trusted local host. So if a mailserver +allows UUCP (bang-format) / %-hack addresses, all systems from which +it allows relaying should do the same or reject those addresses. As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has an unresolvable domain (i.e., one that DNS, your local name service, @@ -3160,17 +3200,49 @@ TLS_Clt:laptop.example.com PERM+VER TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org -Disabling STARTTLS And Setting SMTP Server Features ---------------------------------------------------- +TLS Options per Session +----------------------- By default STARTTLS is used whenever possible. However, there are -some broken MTAs that don't properly implement STARTTLS. To be able -to send to (or receive from) those MTAs, the ruleset try_tls -(srv_features) can be used that work together with the access map. -Entries for the access map must be tagged with Try_TLS (Srv_Features) -and refer to the hostname or IP address of the connecting system. -A default case can be specified by using just the tag. For example, -the following entries in the access map: +MTAs with STARTTLS interoperability issues. To be able to send to +(or receive from) those MTAs several features are available: + +1) Various TLS options be be set per IP/domain. +2) STARTTLS can be turned off for specific IP addresses/domains. + +About 1): the rulesets tls_srv_features and tls_clt_features can +be used to return a (semicolon separated) list of TLS related +options: + +- Options: compare {Server,Client}SSLOptions. +- CipherList: same as the global option. +- CertFile, KeyFile: {Server,Client}{Cert,Key}File + +If FEATURE(`tls_session_features') is used, then default rulesets +are activated which look up entries in the access map with the tags +TLS_Srv_features and TLS_Clt_features, respectively. +For example, these entries: + + TLS_Srv_features:10.0.2.4 CipherList=MEDIUM+aRSA; + TLS_Clt_features:10.1.0.1 Options=SSL_OP_NO_TLSv1_2; CipherList=ALL:-EXPORT + +specify a cipherlist with MEDIUM strength ciphers that use RSA +certificates only for the client with the IP address 10.0.2.4, +and turn off TLSv1.2 when connecting to the server with the IP +address 10.1.0.1 as well as setting a specific cipherlist. +If FEATURE(`tls_session_features') is not used the user can provide +their own rulesets which must return the appropriate data. +If the rulesets are not defined or do not return a value, the +default TLS options are not modified. +(These rulesets require the sendmail binary to be built with +_FFR_TLS_SE_OPTS enabled.) + +About 2): the ruleset try_tls (srv_features) can be used that work +together with the access map. Entries for the access map must be +tagged with Try_TLS (Srv_Features) and refer to the hostname or IP +address of the connecting system. A default case can be specified +by using just the tag. For example, the following entries in the +access map: Try_TLS:broken.server NO Srv_Features:my.domain v @@ -3756,6 +3828,12 @@ confSINGLE_THREAD_DELIVERY SingleThread cached but otherwise idle connection to a host will prevent other sendmails from connecting to the other host. +confUSE_COMPRESSED_IPV6_ADDRESSES + UseCompressedIPv6Addresses + [undefined] If set, use the compressed + form of IPv6 addresses, such as + IPV6:::1, instead of the uncompressed + form, such as IPv6:0:0:0:0:0:0:0:1. confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to deliver error messages. This should not be necessary because of general @@ -3990,6 +4068,13 @@ confWORK_TIME_FACTOR RetryFactor [90000] confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: Priority, Host, Filename, Random, Modification, or Time. +confMAX_QUEUE_AGE MaxQueueAge [undefined] If set to a value greater + than zero, entries in the queue + will be retried during a queue run + only if the individual retry time + has been reached which is doubled + for each attempt. The maximum retry + time is limited by the specified value. confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job must sit in the queue between queue runs. This allows you to set the @@ -4208,7 +4293,7 @@ confAUTH_MECHANISMS AuthMechanisms [GSSA confAUTH_REALM AuthRealm [undefined] The authentication realm that is passed to the Cyrus SASL library. If no realm is specified, - $j is used. + $j is used. See KNOWNBUGS. confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains authentication information for outgoing connections. This file must @@ -4241,6 +4326,14 @@ confTLS_SRV_OPTIONS TLSSrvOptions If thi verification is performed, i.e., the server doesn't ask for a certificate. +confSERVER_SSL_OPTIONS ServerSSLOptions [undefined] SSL related + options for server side. See + SSL_CTX_set_options(3) for a list. +confCLIENT_SSL_OPTIONS ClientSSLOptions [undefined] SSL related + options for client side. See + SSL_CTX_set_options(3) for a list. +confCIPHER_LIST CipherList [undefined] Cipher list for TLS. + See ciphers(1) for possible values. confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map specification for LDAP maps. The value should only contain LDAP @@ -4250,10 +4343,11 @@ confLDAP_DEFAULT_SPEC LDAPDefaultSpec [u maps unless they are specified in the individual map specification ('K' command). -confCACERT_PATH CACertPath [undefined] Path to directory - with certs of CAs. -confCACERT CACertFile [undefined] File containing one CA - cert. +confCACERT_PATH CACertPath [undefined] Path to directory with + certificates of CAs which must contain + their hashes as filenames or links. +confCACERT CACertFile [undefined] File containing at least + one CA certificate. confSERVER_CERT ServerCertFile [undefined] File containing the cert of the server, i.e., this cert is used when sendmail acts as @@ -4281,6 +4375,10 @@ confRAND_FILE RandFile [undefined] File requires this option if the compile flag HASURANDOM is not set (see sendmail/README). +confCERT_FINGERPRINT_ALGORITHM CertFingerprintAlgorithm + [undefined] The fingerprint algorithm + (digest) to use for the presented + cert. confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of queue runners is set the given value (nice(3)). Modified: stable/8/contrib/sendmail/cf/cf/Makefile ============================================================================== --- stable/8/contrib/sendmail/cf/cf/Makefile Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/cf/cf/Makefile Sat Jul 11 03:46:36 2015 (r285374) @@ -100,6 +100,7 @@ M4FILES=\ ${CFDIR}/feature/access_db.m4 \ ${CFDIR}/feature/allmasquerade.m4 \ ${CFDIR}/feature/always_add_domain.m4 \ + ${CFDIR}/feature/bcc.m4 \ ${CFDIR}/feature/bestmx_is_local.m4 \ ${CFDIR}/feature/bitdomain.m4 \ ${CFDIR}/feature/blacklist_recipients.m4 \ @@ -118,9 +119,11 @@ M4FILES=\ ${CFDIR}/feature/masquerade_envelope.m4 \ ${CFDIR}/feature/no_default_msa.m4 \ ${CFDIR}/feature/nocanonify.m4 \ + ${CFDIR}/feature/nopercenthack.m4 \ ${CFDIR}/feature/notsticky.m4 \ ${CFDIR}/feature/nouucp.m4 \ ${CFDIR}/feature/nullclient.m4 \ + ${CFDIR}/feature/prefixmod.m4 \ ${CFDIR}/feature/promiscuous_relay.m4 \ ${CFDIR}/feature/redirect.m4 \ ${CFDIR}/feature/ratecontrol.m4 \ @@ -131,12 +134,14 @@ M4FILES=\ ${CFDIR}/feature/relay_mail_from.m4 \ ${CFDIR}/feature/smrsh.m4 \ ${CFDIR}/feature/stickyhost.m4 \ + ${CFDIR}/feature/tls_session_features.m4 \ ${CFDIR}/feature/use_ct_file.m4 \ ${CFDIR}/feature/use_cw_file.m4 \ ${CFDIR}/feature/uucpdomain.m4 \ ${CFDIR}/feature/virtuser_entire_domain.m4 \ ${CFDIR}/feature/virtusertable.m4 \ ${CFDIR}/hack/cssubdomain.m4 \ + ${CFDIR}/hack/xconnect.m4 \ ${CFDIR}/m4/cf.m4 \ ${CFDIR}/m4/cfhead.m4 \ ${CFDIR}/m4/proto.m4 \ Modified: stable/8/contrib/sendmail/cf/cf/submit.cf ============================================================================== --- stable/8/contrib/sendmail/cf/cf/submit.cf Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/cf/cf/submit.cf Sat Jul 11 03:46:36 2015 (r285374) @@ -16,8 +16,8 @@ ##### ##### SENDMAIL CONFIGURATION FILE ##### -##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:52 PDT 2014 -##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf +##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015 +##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf ##### using ../ as configuration include directory ##### ###################################################################### @@ -114,7 +114,7 @@ D{MTAHost}[127.0.0.1] # Configuration version number -DZ8.14.9/Submit +DZ8.15.2/Submit ############### @@ -202,6 +202,9 @@ O ConnectionCacheTimeout=5m # use Errors-To: header? O UseErrorsTo=False +# use compressed IPv6 address format? +#O UseCompressedIPv6Addresses + # log level O LogLevel=9 @@ -251,6 +254,9 @@ O PrivacyOptions=goaway,noetrn,restrictq # minimum time in queue before retry #O MinQueueAge=30m +# maximum time in queue before retry (if > 0; only for exponential delay) +#O MaxQueueAge + # how many jobs can you process in the queue? #O MaxQueueRunSize=0 @@ -501,6 +507,12 @@ O PidFile=/var/spool/clientmqueue/sm-cli # SMTP STARTTLS server options #O TLSSrvOptions +# SSL cipherlist +#O CipherList +# server side SSL options +#O ServerSSLOptions +# client side SSL options +#O ClientSSLOptions # Input mail filters #O InputMailFilters @@ -524,6 +536,8 @@ O PidFile=/var/spool/clientmqueue/sm-cli #O DHParameters # Random data source (required for systems without /dev/urandom under OpenSSL) #O RandFile +# fingerprint algorithm (digest) to use for the presented cert +#O CertFingerprintAlgorithm # Maximum number of "useless" commands before slowing down #O MaxNOOPCommands=20 @@ -531,6 +545,8 @@ O PidFile=/var/spool/clientmqueue/sm-cli # Name to use for EHLO (defaults to $j) #O HeloName + + ############################ # QUEUE GROUP DEFINITIONS # ############################ @@ -645,6 +661,7 @@ R$- . $- :: $+ $@ $>Canonify2 $3 < @ $1 # if we have % signs, take the rightmost one R$* % $* $1 @ $2 First make them all @s. R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. + R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish # else we must be a local name @@ -781,6 +798,7 @@ R$* $=O $* < @ *LOCAL* > $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... R$* < @ *LOCAL* > $: $1 + # # Parse1 -- the bottom half of ruleset 0. # @@ -818,6 +836,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ R$=L $#local $: @ $1 special local names R$+ $#local $: $1 regular local names + + ########################################################################### ### Ruleset 5 -- special rewriting after aliases have been expanded ### ########################################################################### @@ -1027,6 +1047,10 @@ R$* $| $* $: $2 R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost > R<@> < $* @ [127.0.0.1] > $: < ? $&{client_name} > < $1 @ [127.0.0.1] > +R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] > + $: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] > +R<@> < $* @ [IPv6:::1] > + $: < ? $&{client_name} > < $1 @ [IPv6:::1] > R<@> < $* @ localhost.$m > $: < ? $&{client_name} > < $1 @ localhost.$m > R<@> < $* @ localhost.UUCP > @@ -1141,6 +1165,7 @@ R$* $: $&{client_addr} R$@ $@ RELAY originated locally R0 $@ RELAY originated locally R127.0.0.1 $@ RELAY originated locally +RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally RIPv6:::1 $@ RELAY originated locally R$=R $* $@ RELAY relayable IP address R$* $: [ $1 ] put brackets around it... @@ -1245,6 +1270,8 @@ STLS_connection RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake." + + ###################################################################### ### RelayTLS: allow relaying based on TLS authentication ### @@ -1442,7 +1469,7 @@ Mrelay, P=[IPC], F=mDFMuXa8k, S=EnvFrom ### submit.mc ### # divert(-1) # # *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***