svn commit: r285373 - in stable/9/contrib/sendmail: . cf cf/cf cf/feature cf/hack cf/m4 contrib doc/op editmap include/sendmail include/sm libmilter libmilter/docs libsm libsmdb makemap src
Gregory Neil Shapiro
gshapiro at FreeBSD.org
Sat Jul 11 03:42:06 UTC 2015
Author: gshapiro
Date: Sat Jul 11 03:42:01 2015
New Revision: 285373
URL: https://svnweb.freebsd.org/changeset/base/285373
Log:
MFC: Merge sendmail 8.15.2
Added:
stable/9/contrib/sendmail/cf/feature/bcc.m4
- copied unchanged from r285229, head/contrib/sendmail/cf/feature/bcc.m4
stable/9/contrib/sendmail/cf/feature/nopercenthack.m4
- copied unchanged from r285229, head/contrib/sendmail/cf/feature/nopercenthack.m4
stable/9/contrib/sendmail/cf/feature/prefixmod.m4
- copied unchanged from r285229, head/contrib/sendmail/cf/feature/prefixmod.m4
stable/9/contrib/sendmail/cf/feature/tls_session_features.m4
- copied unchanged from r285229, head/contrib/sendmail/cf/feature/tls_session_features.m4
stable/9/contrib/sendmail/cf/hack/xconnect.m4
- copied unchanged from r285229, head/contrib/sendmail/cf/hack/xconnect.m4
stable/9/contrib/sendmail/contrib/AuthRealm.p0
- copied unchanged from r285229, head/contrib/sendmail/contrib/AuthRealm.p0
Deleted:
stable/9/contrib/sendmail/libsm/path.c
Modified:
stable/9/contrib/sendmail/CACerts
stable/9/contrib/sendmail/FAQ
stable/9/contrib/sendmail/INSTALL
stable/9/contrib/sendmail/KNOWNBUGS
stable/9/contrib/sendmail/PGPKEYS
stable/9/contrib/sendmail/README
stable/9/contrib/sendmail/RELEASE_NOTES
stable/9/contrib/sendmail/cf/README
stable/9/contrib/sendmail/cf/cf/Makefile
stable/9/contrib/sendmail/cf/cf/submit.cf
stable/9/contrib/sendmail/cf/cf/submit.mc
stable/9/contrib/sendmail/cf/feature/block_bad_helo.m4
stable/9/contrib/sendmail/cf/feature/ldap_routing.m4
stable/9/contrib/sendmail/cf/m4/cfhead.m4
stable/9/contrib/sendmail/cf/m4/proto.m4
stable/9/contrib/sendmail/cf/m4/version.m4
stable/9/contrib/sendmail/doc/op/op.me
stable/9/contrib/sendmail/editmap/editmap.c
stable/9/contrib/sendmail/include/sendmail/sendmail.h
stable/9/contrib/sendmail/include/sm/bdb.h
stable/9/contrib/sendmail/include/sm/cdefs.h
stable/9/contrib/sendmail/include/sm/conf.h
stable/9/contrib/sendmail/include/sm/errstring.h
stable/9/contrib/sendmail/include/sm/fdset.h
stable/9/contrib/sendmail/libmilter/docs/smfi_setsymlist.html
stable/9/contrib/sendmail/libmilter/engine.c
stable/9/contrib/sendmail/libmilter/handler.c
stable/9/contrib/sendmail/libmilter/listener.c
stable/9/contrib/sendmail/libmilter/signal.c
stable/9/contrib/sendmail/libmilter/smfi.c
stable/9/contrib/sendmail/libmilter/worker.c
stable/9/contrib/sendmail/libsm/Makefile.m4
stable/9/contrib/sendmail/libsm/errstring.c
stable/9/contrib/sendmail/libsm/local.h
stable/9/contrib/sendmail/libsm/mbdb.c
stable/9/contrib/sendmail/libsm/refill.c
stable/9/contrib/sendmail/libsm/stdio.c
stable/9/contrib/sendmail/libsm/vfprintf.c
stable/9/contrib/sendmail/libsmdb/smdb.c
stable/9/contrib/sendmail/makemap/makemap.c
stable/9/contrib/sendmail/src/README
stable/9/contrib/sendmail/src/TRACEFLAGS
stable/9/contrib/sendmail/src/TUNING
stable/9/contrib/sendmail/src/bf.c
stable/9/contrib/sendmail/src/collect.c
stable/9/contrib/sendmail/src/conf.c
stable/9/contrib/sendmail/src/daemon.c
stable/9/contrib/sendmail/src/deliver.c
stable/9/contrib/sendmail/src/envelope.c
stable/9/contrib/sendmail/src/err.c
stable/9/contrib/sendmail/src/headers.c
stable/9/contrib/sendmail/src/main.c
stable/9/contrib/sendmail/src/map.c
stable/9/contrib/sendmail/src/mci.c
stable/9/contrib/sendmail/src/milter.c
stable/9/contrib/sendmail/src/parseaddr.c
stable/9/contrib/sendmail/src/queue.c
stable/9/contrib/sendmail/src/readcf.c
stable/9/contrib/sendmail/src/recipient.c
stable/9/contrib/sendmail/src/savemail.c
stable/9/contrib/sendmail/src/sendmail.8
stable/9/contrib/sendmail/src/sendmail.h
stable/9/contrib/sendmail/src/sfsasl.c
stable/9/contrib/sendmail/src/sm_resolve.c
stable/9/contrib/sendmail/src/srvrsmtp.c
stable/9/contrib/sendmail/src/tls.c
stable/9/contrib/sendmail/src/usersmtp.c
stable/9/contrib/sendmail/src/util.c
stable/9/contrib/sendmail/src/version.c
Directory Properties:
stable/9/contrib/sendmail/ (props changed)
Modified: stable/9/contrib/sendmail/CACerts
==============================================================================
--- stable/9/contrib/sendmail/CACerts Sat Jul 11 03:34:57 2015 (r285372)
+++ stable/9/contrib/sendmail/CACerts Sat Jul 11 03:42:01 2015 (r285373)
@@ -10,6 +10,102 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
+ 92:91:67:de:e0:ef:2c:e4
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015 at esmtp.org
+ Validity
+ Not Before: Mar 2 19:15:29 2015 GMT
+ Not After : Mar 1 19:15:29 2018 GMT
+ Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015 at esmtp.org
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:b9:1a:a1:56:ce:cb:16:af:4f:96:ba:2a:70:31:
+ 70:d3:86:6c:7a:46:26:47:42:3f:de:49:57:3e:08:
+ 1e:10:25:bf:06:8f:ca:fd:f4:5e:6a:01:7d:31:4d:
+ 50:88:18:43:71:66:65:42:9c:90:97:0d:95:f2:14:
+ ef:d7:5e:77:ef:7d:b5:49:3f:02:bb:83:20:f7:e6:
+ fc:9a:cd:13:df:60:41:28:8e:39:07:a6:a4:40:98:
+ 15:1e:46:b6:04:2e:f9:ab:32:d1:8b:fe:52:81:f1:
+ d2:e1:c3:cf:bf:ab:40:a7:f0:e4:e5:a2:82:37:30:
+ 8c:10:7d:aa:a8:7c:7e:76:cc:5f:1a:24:d0:8c:94:
+ f6:f2:7f:4a:be:2f:38:67:c0:06:e6:9e:51:ad:55:
+ d0:cb:26:71:cf:f4:af:7d:5a:41:81:16:fb:26:ec:
+ f0:35:01:6e:db:f9:e9:00:d7:d0:89:7b:cf:88:16:
+ 8b:1c:8f:77:1f:5d:ef:70:04:28:76:c5:1b:c6:23:
+ 8d:49:6b:f0:b8:21:56:d6:7d:68:6c:be:21:e3:e6:
+ e3:1d:6f:a5:ea:dc:83:e4:27:b3:6f:5f:1b:3d:33:
+ a1:d5:d3:f0:73:1a:12:eb:d9:95:00:71:59:16:b4:
+ e4:60:38:b2:2e:7f:b7:d4:c5:e9:3f:74:e4:48:38:
+ 29:89
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ B1:69:DB:5E:9B:CE:1A:B4:1D:B2:6A:FC:5A:22:97:B6:24:14:6F:32
+ X509v3 Authority Key Identifier:
+ keyid:B1:69:DB:5E:9B:CE:1A:B4:1D:B2:6A:FC:5A:22:97:B6:24:14:6F:32
+ DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015 at esmtp.org
+ serial:92:91:67:DE:E0:EF:2C:E4
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ X509v3 Subject Alternative Name:
+ email:ca+ca-rsa2015 at esmtp.org
+ X509v3 Issuer Alternative Name:
+ email:ca+ca-rsa2015 at esmtp.org
+ Signature Algorithm: sha1WithRSAEncryption
+ 0a:ce:07:39:77:08:c5:3a:00:04:e8:a0:3b:f7:d2:4c:79:02:
+ 23:0b:da:c0:55:39:82:71:0a:0c:83:e2:de:f2:3b:fe:23:bc:
+ 9b:13:34:d1:29:0a:16:3f:01:7d:9f:fb:4b:aa:12:dc:3b:7e:
+ b9:27:7b:ec:0c:3f:c0:d9:f5:d8:a8:a1:9c:1c:3a:2f:40:df:
+ 27:1a:1a:a0:74:00:19:b7:82:0e:f9:45:86:bf:32:da:0e:72:
+ 0a:4c:2c:39:21:63:c3:1f:61:6e:e2:4d:ba:7a:26:1a:15:ce:
+ b1:f6:1a:59:04:70:ed:e8:72:05:4c:fc:84:c6:a5:f4:e2:4a:
+ 40:e4:42:70:87:9a:a7:02:26:3a:47:34:09:e0:7b:88:ca:fb:
+ 99:d9:9b:bb:0c:52:8a:93:d5:59:30:0b:55:42:b4:bb:d2:b1:
+ 49:55:81:a4:70:a0:49:19:f2:4f:61:94:af:e9:d7:62:68:65:
+ 97:67:00:26:b8:9b:b2:2c:d0:2c:83:7d:3e:b3:31:73:b9:55:
+ 49:53:fa:a3:ad:1b:02:67:08:9e:ce:9e:eb:9f:47:0d:6c:95:
+ e9:6c:30:92:c1:94:67:ad:d9:e3:b9:61:ea:a9:72:98:81:3a:
+ 62:80:70:20:9a:3e:c4:1f:6f:bd:b4:00:ec:b1:fe:71:da:91:
+ 15:89:f7:8f
+-----BEGIN CERTIFICATE-----
+MIIFJzCCBA+gAwIBAgIJAJKRZ97g7yzkMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIQmVya2VsZXkx
+FDASBgNVBAoMC0VuZG1haWwgT3JnMQwwCgYDVQQLDANNVEExIjAgBgNVBAMMGUNs
+YXVzIEFzc21hbm4gQ0EgUlNBIDIwMTUxJjAkBgkqhkiG9w0BCQEWF2NhK2NhLXJz
+YTIwMTVAZXNtdHAub3JnMB4XDTE1MDMwMjE5MTUyOVoXDTE4MDMwMTE5MTUyOVow
+gaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhC
+ZXJrZWxleTEUMBIGA1UECgwLRW5kbWFpbCBPcmcxDDAKBgNVBAsMA01UQTEiMCAG
+A1UEAwwZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxNTEmMCQGCSqGSIb3DQEJARYX
+Y2ErY2EtcnNhMjAxNUBlc210cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC5GqFWzssWr0+WuipwMXDThmx6RiZHQj/eSVc+CB4QJb8Gj8r99F5q
+AX0xTVCIGENxZmVCnJCXDZXyFO/XXnfvfbVJPwK7gyD35vyazRPfYEEojjkHpqRA
+mBUeRrYELvmrMtGL/lKB8dLhw8+/q0Cn8OTlooI3MIwQfaqofH52zF8aJNCMlPby
+f0q+LzhnwAbmnlGtVdDLJnHP9K99WkGBFvsm7PA1AW7b+ekA19CJe8+IFoscj3cf
+Xe9wBCh2xRvGI41Ja/C4IVbWfWhsviHj5uMdb6Xq3IPkJ7NvXxs9M6HV0/BzGhLr
+2ZUAcVkWtORgOLIuf7fUxek/dORIOCmJAgMBAAGjggFWMIIBUjAdBgNVHQ4EFgQU
+sWnbXpvOGrQdsmr8WiKXtiQUbzIwgdoGA1UdIwSB0jCBz4AUsWnbXpvOGrQdsmr8
+WiKXtiQUbzKhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9y
+bmlhMREwDwYDVQQHDAhCZXJrZWxleTEUMBIGA1UECgwLRW5kbWFpbCBPcmcxDDAK
+BgNVBAsMA01UQTEiMCAGA1UEAwwZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxNTEm
+MCQGCSqGSIb3DQEJARYXY2ErY2EtcnNhMjAxNUBlc210cC5vcmeCCQCSkWfe4O8s
+5DAMBgNVHRMEBTADAQH/MCIGA1UdEQQbMBmBF2NhK2NhLXJzYTIwMTVAZXNtdHAu
+b3JnMCIGA1UdEgQbMBmBF2NhK2NhLXJzYTIwMTVAZXNtdHAub3JnMA0GCSqGSIb3
+DQEBBQUAA4IBAQAKzgc5dwjFOgAE6KA799JMeQIjC9rAVTmCcQoMg+Le8jv+I7yb
+EzTRKQoWPwF9n/tLqhLcO365J3vsDD/A2fXYqKGcHDovQN8nGhqgdAAZt4IO+UWG
+vzLaDnIKTCw5IWPDH2Fu4k26eiYaFc6x9hpZBHDt6HIFTPyExqX04kpA5EJwh5qn
+AiY6RzQJ4HuIyvuZ2Zu7DFKKk9VZMAtVQrS70rFJVYGkcKBJGfJPYZSv6ddiaGWX
+ZwAmuJuyLNAsg30+szFzuVVJU/qjrRsCZwiezp7rn0cNbJXpbDCSwZRnrdnjuWHq
+qXKYgTpigHAgmj7EH2+9tADssf5x2pEVifeP
+-----END CERTIFICATE-----
+
+
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
f1:41:b3:3d:ba:bd:33:49
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2012/emailAddress=ca+ca-rsa2012 at esmtp.org
Modified: stable/9/contrib/sendmail/FAQ
==============================================================================
--- stable/9/contrib/sendmail/FAQ Sat Jul 11 03:34:57 2015 (r285372)
+++ stable/9/contrib/sendmail/FAQ Sat Jul 11 03:42:01 2015 (r285373)
@@ -1,8 +1,4 @@
The FAQ is no longer maintained with the sendmail release. It is
available at http://www.sendmail.org/faq/ .
-A plain-text version of the questions only, with URLs referring to
-the answers, is posted to comp.mail.sendmail on the 10th and 25th
-of each month.
-
-$Revision: 8.24 $, Last updated $Date: 1999-02-07 03:21:03 $
+$Revision: 8.25 $, Last updated $Date: 2014-01-27 12:49:52 $
Modified: stable/9/contrib/sendmail/INSTALL
==============================================================================
--- stable/9/contrib/sendmail/INSTALL Sat Jul 11 03:34:57 2015 (r285372)
+++ stable/9/contrib/sendmail/INSTALL Sat Jul 11 03:42:01 2015 (r285373)
@@ -28,8 +28,9 @@ sendmail/SECURITY for more installation
/etc/mail/submit.cf. This can be done in the cf/cf by using
"sh ./Build install-cf".
- Please read sendmail/SECURITY before continuing; you have to create a
- new user smmsp and a new group smmsp for the default installation.
+ Please read sendmail/SECURITY before continuing; you may have to create
+ a new user smmsp and a new group smmsp for the default installation
+ if you are updating from a really old version.
Then install the sendmail binary built in step 3 by cd-ing back to
sendmail/ and running "sh ./Build install".
Modified: stable/9/contrib/sendmail/KNOWNBUGS
==============================================================================
--- stable/9/contrib/sendmail/KNOWNBUGS Sat Jul 11 03:34:57 2015 (r285372)
+++ stable/9/contrib/sendmail/KNOWNBUGS Sat Jul 11 03:42:01 2015 (r285373)
@@ -62,9 +62,9 @@ This list is not guaranteed to be comple
libmilter and hence the communication fails. This can be avoided by
increasing the constant MILTER_CHUNK_SIZE in
include/libmilter/mfdef.h and recompiling sendmail, libmilter, and
- all (statically linked) milters (or by using an undocumented compile
- time option: _FFR_MAXDATASIZE; you have to read the source code in
- order to use this properly).
+ all (statically linked) milters (or by using undocumented compile
+ time options: _FFR_MAXDATASIZE/_FFR_MDS_NEGOTIATE; you have to
+ read the source code in order to use these properly).
* Sender addresses whose domain part cause a temporary A record lookup
failure but have a valid MX record will be temporarily rejected in
@@ -102,6 +102,11 @@ Kresolve sequence dnsmx canon
Header addresses that have the \231 character (and possibly others
in the range \201 - \237) behave in odd and usually unexpected ways.
+* AuthRealm for Cyrus SASL may not work as expected. The man page
+ and the actual usage for sasl_server_new() seem to differ.
+ Feedback for the "correct" usage is welcome, a patch to match
+ the description of the man page is in contrib/AuthRealm.p0.
+
* accept() problem on SVR4.
Apparently, the sendmail daemon loop (doing accept()s on the network)
@@ -252,7 +257,7 @@ Kresolve sequence dnsmx canon
* Race condition for delivery to set-user-ID files
- Sendmail will deliver to a fail if the file is owned by the DefaultUser
+ Sendmail will deliver to a file if the file is owned by the DefaultUser
or has the set-user-ID bit set. Unfortunately, some systems clear that bit
when a file is modified. Sendmail compensates by resetting the file mode
back to it's original settings. Unfortunately, there's still a
Modified: stable/9/contrib/sendmail/PGPKEYS
==============================================================================
--- stable/9/contrib/sendmail/PGPKEYS Sat Jul 11 03:34:57 2015 (r285372)
+++ stable/9/contrib/sendmail/PGPKEYS Sat Jul 11 03:42:01 2015 (r285373)
@@ -141,6 +141,185 @@ gpExpdV7qPrw9k01j5rod5PjZlG8zV0=
=SR28
-----END PGP PUBLIC KEY BLOCK-----
+
+pub 2048R/0xAAF5B5DE05BDCC53 2015-01-02
+fingerprint: 30BC A747 05FA 4154 5573 1D7B AAF5 B5DE 05BD CC53
+uid Sendmail Signing Key/2015 <sendmail at Sendmail.ORG>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQENBFSl4rQBCADRCzgFSJkzyoOHw9/9L/+G3mzA1fWR7TgCE0WxGX7PDzyLDaUS
+a4XpCDtadjXyr7c5YPo1T7ybxUH39yvUgEHBiPQDssik+bbpOiHL7V0sUDAYfKSq
+YC8/MG42Oj/zd+0WUhnI+RckFYPBNDQ+sZC6ErLDxCYDZMYhG4vhJOGqAKpglNTb
+w4Fdx4LNmL3e4t3z4IEtnzAqeGVxIZm8MGGFhKkb8ufpgh8Jiz4Q6cOis0ZD9K6f
+LvMPRJXSBy9jBtmS2oI2e9Q5LLhmzd1PVyA8jwAlK0QfJLmlRrgRUfHFKhkf+EuW
+tTi592OYCZ9bw7QVSiGVQUK+7VACfM+FQR81ABEBAAG0MVNlbmRtYWlsIFNpZ25p
+bmcgS2V5LzIwMTUgPHNlbmRtYWlsQFNlbmRtYWlsLk9SRz6JATgEEwECACIFAlSl
+4rQCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEKr1td4FvcxTTPMH/29J
+kNmt6EGNo/eLQySB8HTenfJjZaQxwPRhq22kWgr/7WP1BR2411bopyNk4IZ0rcDr
+tnyeJj4UWKJljVuXyTDQPtU8uUlgiOT8QiHEbge7MOzxrn0cy6KIOgKq+vtuxa28
+McaxjENR7XVIDFkesQ7P/yLkcCjlE6jaD4r9OIKpqEVMPs1WUFff+rsgTo7mdcgR
+QowQOgYqNil5awQ5Y2Gol71hZ6oRcpqMwSd6w4dEEx2U8rF8oqJuoxeUTgNCSv0n
+iFtewLznocmxlrxe1mQAeLfRmUAG4LSL6p5wx1lRjJA3gtyWRjY0404jGxkATLG4
+AtK2OkHj8MbrWLP7PKyJARwEEAECAAYFAlSl5AQACgkQYd4R7OJ2OnPHXAf/Y6Rk
+rROF45+SgbsEIiDXQBcBOoO1GKe0nFTc1jfAKUHAQ94fqcDxNeFRA9fNIA2d7XNI
+0Lw6W7X3RcEkF58xytIe/Y+EXDmOt/BUbpch9KIz6J9pqBhPdyHvG+ZeyA3A+TGT
+ZGnnnAxNFtCjt2IID9lzZSLuWhH8+DNC2Vp15NngDTa1VIk17n5iIvi7r3V5cdIE
+MblKLGm+ZaiTeccVLjwMKIUSgrLP87+yF/aaZH2kotuI7f3tD1ycN0sVZJxcFS+c
+GFw7uvOarDBSm0Q/FgfhDUOJLy4w5SqVmgPEIAeogz94q0JXxSSr1XWQBD8X9XwF
+f3+dPXmgMHXLGRWclYkBHAQQAQIABgUCVKXkPAAKCRA9aLJdUgfK08cnB/96BV+v
+xyBx35TPg8eI/WIskdQAIpCQsm6FoO1ejbMzfWn9bImCewOp1UMlowdfQC52Hdp8
+EXnuwCpJ3rtnZctRld5dNM/clbZ+r3lr78wX7hqPUajlvxe+TMpyZbJirLn1f5Ba
+yoysE4oICfzJivPfixZd7oFVr9EkftbatYenl0rgf/0lJTKRDIqNGezeeyfxaKdX
+qd545wqis7PrrXDOrEq815aosG09KQBhIoPgti2us1R95nSm9z6dVCY/nSDOxL+a
+Vyq/XD5KSUqbZVocY+fbR3dNX5haTvawuG0GPvl+YvYb2lW4hhi7Q4aUL7Dd4c9c
+vk5+WAvfJwHtbxrgiQEcBBABAgAGBQJUpeREAAoJEI5a6fvO7vQ7OWUH/2NNxhlI
+JEtvD+Nj2oPGgVQJrlFI1pbzyMCtD+6iy8Lfnp2DK+qKPMjBw96LUqcXC32VFPQr
+17iyZDv26MSb/acmdIfTPpPTwJ6zEmMI8mXradeuoiWxeVHSg7n+D3u0xtikmb9Y
+uRKv0yx43fcL70bqV5DzyXQte0chfRnOiwMrImWdgDekkmxE9udbtgK24rifNVGa
+TBB6eHJAsFVu5Y38hsZLe10bCKyUCqT6Qywfy3RCMpXYeo6fXOk0fKatG2oi3CZp
+LI+AnjmAJ0t2oMkrwUxogkK3LkShJT/aJYIR24eZm0GdzwRHZxXKClGFvdJslIea
+TKHSXNK41eEIfreJARwEEAECAAYFAlSl5EgACgkQOaTHfal4hLAXfwf+M0YmlHd4
+1sfvckYhOYf99n1BGnfQx5RJn+X+EBjGyOfPKMBPQuZIlwAI20T+cFnR3WmgrmlO
+IBG8qVcSDoValzNPcr0V3WGDrT75fYhf5iYj2ZsZDBUqE1VF3dAVUw40x2c1n+98
+7lbq3NtolSPYk07h5rhEhmkjdNcixv/exVCTGVwaT4X9ZHY8heETmF5tsCtPavpr
+i/DjcDQQQ0sQ8um1eX41j2bhrN4MERUC5oadvSULaA2QUoWgCrzVG8zx715Au77N
+jLtfA31hJI0GP/dpSREaYlqA0nwVDR5tz1TyTNwPN1ylxjQmjKXtJwx3jUtlT9Zh
+qxRf+ngYHpWArokBHAQQAQIABgUCVKXkTAAKCRBgTfvyhUEKvl11B/9aYJBEEQZp
+JWAT6HPmQK//i2x4y1euQfaHsjqJALvvPrgiTp/ZE3o6dKHhs+SbawsB57RtootN
+maQr7x2drvBojWhJJdaouAh345qOfZYb0bD9klkr6W+Mjl5T0xWIKFEyIZn0Tcbr
+8ekHgSIx2trL8LduSJou2bdPMh46PORzEpuQQ4IAyV0uRyBdNFOPwTy2OdXs51fr
+M7lp1hJp84+y2a6z3vz3VCs2A9LzlnXKZ6bXljpd5dQfrmrSNXltPKA3jVLkWi8+
+rh9f1rAGsj1e6N1aVF2uJ1Y3u+U0XQ/dwa1vDF3y4KVObxYM9eNGbF4J8lGkUy2a
+gZ1s1X8QzEDUiJwEEAECAAYFAlSl5FAACgkQEolum6d/JCmUSQP+KEz6xSvPSbFP
+Hip4JiX1Wbvd+t3TyL0u9Fv/POwUrFIHVpTkCwOz6jsBH3TdGGiYOP5F8k/US2jU
+3WB0J1mK5Rn3GwLhUGNTEeuaJZCuKE+j3qwMFmDqC/2IxEvlWtrIbTqkgf7cRv/O
+O7VNv+EL0axtsrOcwZlUWe6Lc4571oaInAQQAQIABgUCVKXkUwAKCRDYqvDK9rMH
+KX7xBACUFTBRCmboY/GRTHMZW1DGfcO2vMxwnYKqWomuzi/YonDCWtoTpeMDaAhY
+NnIchC1mlYteIE94/+ZsoYsZeaR3fe7CN6h/deBu4tW/dQ+TW1ZPF6EuVhoviKgz
+rd3rb+gcS0f0PgSPyg5LGtoMGMD9/gx1NJOTFec83jmBI95Gb4icBBABAgAGBQJU
+peRXAAoJEJdDARhwk7hBAUED/0oyeD2Z4wMQ6IQEprOAWbR+vIRzaThemmCGobRw
+UlM44nUXqKSM1+naLEVz/JzBuKWG00zTz6Su3NesWoFzDDUGYcIJggbOm39Pc+V8
+eXV86An64/v3P6gypJc+q9P+FFGGO884wFmYN634Mi4SDBVFUzffcghueAFcxtzt
+0mH5iJwEEAECAAYFAlSl5FoACgkQHnuzyK+VliVGdwP/fmdK9MdWIzPD/6eYm6JZ
+zbksaGWiqpwgp9IEr/OhSmGkXuwUsP35PFJ8FsJbEV5x/y6pP3UNp6EFRN/116ue
+jp5vVM7nnj2K3V8f85J4dXCRbv+kek+Ufo1Qzm5kgvRuBxX1sXpxFX6yBM0Y6WuV
+gszdbTVNlS04q6bnPFE9L4uInAQQAQIABgUCVKXkXgAKCRBwoCRNHvmSUZ/7A/9W
+yQJrrdrs2SuYtoxov/pL/TVMejbnxsF8Y0dRtM/KiquP57PMQSmLqy4fTRzAMHBv
+XK1aKfewTVfGKLcHIzfMfv2XcPpWfwcyMeZKtcSr25lWl9GJZP221rCok76XYwqk
+BPPp0pjSwdy0Qq4sd3N3ESZmqAMWJ7ouMmlQ7VWReYicBBABAgAGBQJUpeRhAAoJ
+EMjV7SmV9hdxLv0EALX3yjI2KDNG1mo5ctCSYlIlhXHQ6csHuUK9lzj9R1gVEzDU
+0dEZH0+a5UXh5xf8nyTDLytUe8PxTtPit3AOP6TvTJlANULh/3MKS6317RwUe2e0
+OitWbhQAOYfpYAkSdXZACzPacxrefkxmSM3Pq+SYoumZTI2N6AvVu8MeCS0GiJwE
+EAECAAYFAlSl5GQACgkQIYPhsTlvB4mWJgP/XAlvlBityADJkdN+3mp/OtdYzw04
++dBdNtmLqWUiMZg6rPPHUQi7dfBKi95FFe2U8hxSRk8oLzSzmh/M/CP72mxKh4pi
+PbmEkmKHYlNdyfCCNqXdjkBXFAKXAes/4DaBlZwvLjPtrupEaW2eYdU8cSrdeGuv
+1PMLRPxRr3nPCb+InAQQAQIABgUCVKXkaAAKCRCJaWK4Z4wKA3ZVA/4iYD+xrYv0
+8I+0GZJRdEL5f7T97a7Vtf5xSxUhHDww4xC9gs8LzEGWZXoNaZEVl4j+63EnCIbY
+o4g+c4m81D5NWFqeJWhWpcyvejo9hfGM3ZK/XbiF+ZTzznU5YJclGaZ7t8TY8gcx
+GSWxUzxBJQcSEzAKKi286ielMAXocNx10oicBBABAgAGBQJUpeRrAAoJEDgi20fM
+N08tDkwD/2F5j5irsDw+MQyLKpfPv3GRJ5J3ebOPpLQkQ5T34+qeIw4LkcXW9OJA
+ohW47JLb7R8zwAlUoqmmNXtxTM0r0FlTYGPOVEnSEkMqqa3KR68B3jWAGXXdqig9
+yBxYRleawQ4ltnegBn8q7gC4MwnIAZxzK+Y8cM0Rk/FjC9+NhwrviJwEEAECAAYF
+AlSl5G8ACgkQnBy94uNcVjUfvgQAlQijnoE3de1CanB0JqIN+h+XOLOpalFti+B7
+Swc2ZlnlQ9mofYPK5UHlbsiC7/TilD6xm4YEFKim9sOIMi8FNka8+EH+/d1DmS4M
+qVPDssxTG6VOzn7tYOuC9qIw15IpfbHW2bk/YIImwP9nViKCMLIGw+ZgK+uiRQx9
+fT8O1NqInAQQAQIABgUCVKXkcgAKCRBvUpPYo5umVYKeA/9n63K1nF3DNY3Hckvz
+tN8OrPmyCIOh+7t4sc5NHhTK0+BQTv+cgG6ig7K2cdI6VBAovs/c/u7+RrcMhp7l
+45AVnycfKcNaMHKFyMHDk9FZgpRG/bv1zwDxdh+scUc3IekqkSiQ2wTjDQ5Q/BMK
+L5zfOSnTOoltWjpVgsjdM75Ol4icBBABAgAGBQJUpeR2AAoJEO9YlmTUMuGd8R0D
+/3mhriMu/cp3DXHnlDykqLJI1q5K4xCHOWwFYZ8DxW116AVjluJYYW1HmWcJrjK3
+cwuN3FUcsIjafanIJWCsdeZaPAyFEfUBEW0YXIIpBXRw2N7jNtrd5X6Zjptd+zW+
+4dUzvT1pqVtdPHjova3fcGLSmcdZYbddotaGi7xi7kXviJwEEAECAAYFAlSl5HoA
+CgkQwZwdJRLTRh0iwwP/Y/pwp9ttAMuQUz6oH71BTkUrzu9LiI7vhrYxEquFdzCO
+dE4jBNB3LGfwzjhJRtjmQ/gVhjXWWrDYnOXt3gNxb9KzmTHmSDu65cBxX54Un0pZ
++MXjjWOT2l8+GA1lXeICIoZjJL88/zEZAiaH67ch2LEix1fOaJmXJzUSmP1pR3KI
+nAQQAQIABgUCVKXkfgAKCRDAKcpAFvTM6XVwA/9Eb+Dwn2lmEFFo64gj8ocpWzP8
+/sD86PP5KkZ+b/HQnGB3lsQTwsGytDvJfutLDa05sS/HWZ9wXPltX/G3omp/A1G5
+qEKzVSe0vEWedpf9wn82Ll6hzaiS5qX7r0+FpyUjY8arNrze5S4Q6Q2kjl8YduXl
+wG877igRHkGpAtApxYhGBBARAgAGBQJUpeSHAAoJEBj1A4AkwngCRCMAnjHfd5db
+KK6DJxrWVnEbyXs/QJGKAJsErKkiUX55B8k/P3cyzyXIaOujBYicBBABAgAGBQJU
+peSOAAoJEHxLZ22gDhVjCDQD/j7DE5wyhpjHrtf0hsQcaQoVHWZb2JTLZUMRAQyj
+zKMTSs0GslamlxLZmyV1HqkB+41zuJeBQtRV4gjqa5DQmWDRC2mHl7o9A40v4SDa
+O1jmfU5hfJSMecucPyEcfaAG4BIMvBo6TL484uHBi45SN4Ik3f2wc6D1XOluD1vB
+gIwpiJwEEAECAAYFAlSl5JMACgkQ1uCh/k++Kt2s6gP/RNcMKtx4u61vz+Aji/Fa
+H9q03JxQaRgmN1q2AvZQ/NTWTXU7Y5GnH4kW/8rOoUQiR+agJsvTt4ciM+y33pZ/
+ZZLkAuo0uKelEHhdQhtRbSktKBHSgDWbiqaJJIxazeLpxcSgaoM6RW/7aIFdMtEl
+ALAzTACYlTN/nKWWICn8GnGIRgQQEQIABgUCVKXkmAAKCRAh+cW892qb9aWOAKCg
+aznvUX8PIvKPzoHld39xWlJ+FgCg76wrEc1h9IiIgUoqH5NWVCxcHneInAQQAQIA
+BgUCVKXkngAKCRC92o/WP+p9/ancA/0Z4JHZT7NRBMr47zQvSwE4eLpSE5QDGXi7
+RNmOUgZxrxsFWRZLJCVupXDBQVZEhOBRZYqXPw1eDglOU952oj5OjaHsYnSEu7jz
+VUwlp2BxZQ3mnepdUcQz1A3k2cPZ0I6KFP9hP88GU+77nubB7IqRH/Q3QKMgO0eW
+yd5kYugyYYkBHAQQAQIABgUCVKXkpwAKCRC9J20ub8+ohR46CADMEvAns+L+BkVN
+d9INsiR1rONrNRPT6w4dnBeTLaykkuMjc6+7s+UuXm6AMAelI28pG+fJyt/lZAGx
+QLS9zFgREge0lVbOZVeAYeC1YyFsrJE4Lr2quq3fajj23tnsHmCv16znMHrh/E1m
+Udm4145NprijrZn+PsjuVWYV+pxiLpLM0YBdGNwCEMi/KCQ1fcaiAZZWSqLmHIe0
+ubWDdqq8/5JRQ22SEnqP2FT/lfOmKTxMNmE0uEr4+C4fG2nd38BvzpHu9eN/4Nwx
+IwzK5DhbAj+I57+VDncgkNGe1q4QY/5LaZQh/nHIcmX1ln23f9Lxkr6EYYZ1ptq+
+A8buvD+XiQEcBBABAgAGBQJUp+zrAAoJEBCQryClqlvm6AgIAKAR8HY4G9AD2jDb
+ouS4Al4QICagwQ0Y7Rc2/fHyPQEAP714EimakPFVFDbSD6SW569Qtdxr+ggH4wFI
+bzd21pCgIUC6nVoDotIjplMdYkNfq8AODpxn3HTBnNQ7e609xnWxFo/+httKoWok
+fEP9qZk4MJq7lE75iX+wohjLwoF6v0tCB8CrBFJcfKrDvXQSGvKiaEp4g0sEfyXv
+gL6X0xKMflupofdnFLJliV0WqGhBOGUghPdLsA02E3e1utj6WABmudMytRxWB8is
+SWGaywaEKLSdCgi+XlQVypKeWNMbZZZcftVZ91r4iNTAkw4cv5Wea+YnngfurGCq
+J/jUq7aJAiIEEgEKAAwFAlSn7r4FgweGH4AACgkQZhs61tgqu9C9Aw/+JMTXzwni
+NPwBxkbcNWbnWODVEElmDloHNpr3z+ryF1XNgbiOY8dn7uwRnPoeCDhIDwvNkK+x
+h4xmjH0970v1ltbzcZv0wnK6UeHQssqN9NGsXM9rbodYRIam4yxbwd1ddOC9QZFM
+ToRVWiqCzGOVYL50a24OYKClGjm4ncRznXJrNwYMEjxQ3j5FOkXIn0096z3szWCY
+6yDpPzOsl2TPwdjMKZWoMEDh/SvY3AxAXo1XqDCj2/+C8dDwO7kn+QAl3fUGmkI6
+dUHCAJm/WtSyvINdphzhZ1ZdkPhqDUKcR0JTX03QJ6bnu5vmmOncWm2NA7rP74fq
+KE9XzT808xP0GBwR1co7Eq+/751j2TA33JSlt/hIgi5aEWc4laCingJ02yaW8tUS
+DCoVNITaXcF/B47hjBgovQk8TOTsQ0nkSYvOoh05OYBmzl17G57QuPx1stRJ29QA
+VLGem1v1mXAuNdHH0kNE+/Rv0A2vGqauLx9ba84RfbXMM4SJw8CjhX6OxhAM8xoU
+tO6T56XZS8qLtWLkNQNZNdNlAo6tYk/cTrjdX1M63nYjoVbuc0nic6Wp+dQk/DEb
+wsiIpFoisvMK6EH49v70/c9Gtg6rk5z2yBHMZsjo2Y0TheTKwKIUEz0MuTncH8jD
+yB/NtQkrbiBdEqRJUoKKUtS0B4cUYTUyd+SJAhwEEAEKAAYFAlSn8agACgkQ8Ar2
+6sJF0gs2yA//cgc+g1wPRFzJeQGv5UFR3TCAMtS+/bzY3UU/eG2Jmbv2qwPbn+kx
+RH5dYlZ72VHXEggBaEweCBrBWsweX5dGEMNDLNlI9ArAjjhBAZFFUQKj55EzIZpp
+YTbvgxOD2ENKU2HfeQYCGFYZr3L2DXQ1k0U7VnaElBQV3o88CMi7bIsQq2aWk+c6
+Cy15UVr0niVLm95EUZM4yYm2gOGJXUeaGIExSBtiwuzvAiDEGaqfPGAi1ePkNmLJ
+3UzYfgiQumSh1kDVlQkCc8UQiF6ckEma618cmmaHs5vZvHsTX5O2/qPkLpXunA/7
+5yM/Jde8a5VbNGWyZ4rmstlWR5rPd7r3uP85miHn7Arait3aGo8RQeAHzOdTvMqS
+n3oCotQlOvBhOo7qA8oYQVlU0+77gOfZZeEXDZG13lU95ptFhdsGstIQH67jPQ6z
+TpVnd28ip92ysrwvxPhOzO74yKcYoKtzwLctcvptlKTkrFMHP3wJwqbaSfJGK4JE
+rjT8WnnWyHY465nTDN9AKkoH4WQNozniWX8OkF3CpPj7ow8roFXlPOxXH4QsaQu3
+Kk31APn/A925d4xyYuWYHZ7A/FzsHafFHPMoG3iwZyuFhfl1UXVvEd8w9mEcxXoh
+2iCy87TdpesG0GDzSmWwEYEPkg20BD2+vdc0EekALDjAGM+lfBxN67KIRgQQEQIA
+BgUCVKgM0gAKCRAJp6JK0eWCB94UAJ98O6S6r1hFnCLrbU3GeqrA4DCtBQCfcza/
+WoVLc3/+bOf1jzjJ/eJ20IyJAiIEEwEKAAwFAlSoCRMFgweGH4AACgkQhS2G+DXA
+JIrWURAAvgl1LkqB9pRPViK1U+xa3b5zt0O/fLbov59aLhA4uPJ10BgaKptflLim
+aE2EsS4Mnk0DQgGEBjlywJ5Ft3aMk3vbRz7lDE3zQ3oWa7+N4fcG7WWsAxmh0NtX
+Ak7orN6rQcyGgWgpF7wOau79i4VO7oLHKeS7QNs7X59CW+k64TAJabxi74PRoVMz
+843qWPjsuFIYM7n/nF0vdECwhSE8zUgcYG2n5CdA0Lq7XRE+II11VOT2XEXFMyR/
+Qh2m7l+jy12MEzHQfGC1HYBo/Zi/MRIN53Rd2LLJWQdMxz/BDiuSxZhKVeCRe7gT
+Mc2k3VrmfViBoaUE0zqMbx0j29XUbNQNU3afE8MOBkmyd6AQjoswBEsgU9uyCJYD
+Jq3V1stwSVBm9G7X/l8GFlPawLg/uM9gTYb2JYUYPlphTAwVcL469rKQNMhPj2ww
+zT7NzjwFb9XrmyiIrqH5z2ieG+LRjajOPVPwBsqZ3gOA+z9QkU1lRYEJOTlEYCkv
+8oA6ZeFm31S4JoeogbCDaMiqDszkFtYGBUgGEbnHoCgXi7aINSb17VZ8LTzpD4V9
+vGdFVuE3vJf2POMERP+buLV8OiG38cBJXb+JVSC+pkpm+32nY0UR5ccDPwAC3cGq
+SbI6ftKlQeaYp3UEncFUaB8NNZings3jzRexPjzUzo0vhRkkIs2InAQQAQIABgUC
+VKg5iQAKCRBfHshviAyeVbEVBACL9Vve0dF0UqO+DN4PzrTOx2JzRw7ujhcrZ6I/
+TCXjANGLWUheylRWhvxMojvbhZEg2835+9l6tpD7BVnrfkBE+LYIKFTusye+WYre
+dAaHFpuN6XfmsXmhXaSodhH9gKS+oftYX61qUmiE7L98nvINNBMnFVkptCQVDl8o
+GWiMRYhGBBMRAgAGBQJUqBAmAAoJEMSxB5iFeWojCtoAoLa2/SUyfC5EiKdvEbap
+49v6XPyxAJ9mPvhe75aTOU7uWoa+c0wn6fXIcrkBDQRUpeK0AQgA7ctg3cJD4eTw
+j4sQ94AtSYjwT+Yp7r2s6h4cHUge6AMZy9ixtyg87JnviRFob2zeo2JFDAwtl7Zs
+GHo+py/mJwfQKmUsXUmQqgHJFXDiiux+4+dYOXZyVYKP5bTV0JVlKjRjSWNnh7Bv
+yZNUZlrLz5ZKF1NAYKJAw4fx3TFbC4K3hvDwHQW3croPQYq0wNq6as956LHYjUOB
+Q5K0uy4TXY2EcIyAy253UX9MAFgacuP1jf3ITEVZpcebzl+gcaB54gXqOfmgQQP5
+PmQDyb96ZxFsKa5UfsS3Kh0PeERa5TDlgiw55O55pUSGKKfYfOXvqpJ/ZKYl+ado
+wgsmbq09UwARAQABiQEfBBgBAgAJBQJUpeK0AhsMAAoJEKr1td4FvcxTNO0IAJ2b
+V48mulcdCS8G3t8qRHlEXGbxgYBQRa500M9fdgRyIWBxubP7r6/nLFDGiIpdUVmT
+g9F3r1JsyK6Q7+VUp9XLirj/gT1kwxXT/UHHIQO8ObtPbfFtqISaBjaklTOUPCud
++nOpzRIfct6CZM0xAVIoqm4kaRFaWefxRiyeosDQ7tCD4lDRwxNJE2deE1WmOeN1
+YCJHa8QaewJXtUvqMq6pRmTlzSn+5/w3gV3XVF+CHjGD/COeSm7CGazLmlypN4n8
+ib9eRg0K2rAqKfUbn+aFwmqSBhBcw/UhOoXnteNQvd9KNdKiHERJEI3qZ2rLAlYf
+uYT6oSAR9rPSpsZpyTI=
+=Jib4
+-----END PGP PUBLIC KEY BLOCK-----
+
+
Type Bits KeyID Created Expires Algorithm Use
pub 2048 E2763A73 2014-01-02 ------- RSA Sign & Encrypt
fingerprint: 49F6 A8BE 8473 3949 5191 6F3B 61DE 11EC E276 3A73
@@ -2613,4 +2792,3 @@ DnF3FZZEzV7oqPwC2jzv/1dD6GFhtgy0cnyoPGUJ
=nES8
-----END PGP PUBLIC KEY BLOCK-----
-$Revision: 8.46 $, Last updated $Date: 2014-01-18 00:20:24 $
Modified: stable/9/contrib/sendmail/README
==============================================================================
--- stable/9/contrib/sendmail/README Sat Jul 11 03:34:57 2015 (r285372)
+++ stable/9/contrib/sendmail/README Sat Jul 11 03:42:01 2015 (r285373)
@@ -211,29 +211,11 @@ There are other files you should read.
+--------------+
There are several related RFCs that you may wish to read -- they are
-available via anonymous FTP to several sites. For a list of the
-primary repositories see:
-
- http://www.isi.edu/in-notes/rfc-retrieval.txt
-
-They are also online at:
+available from several sites, see
+ http://www.rfc-editor.org/
http://www.ietf.org/
-They can also be retrieved via electronic mail by sending
-email to one of:
-
- mail-server at nisc.sri.com
- Put "send rfcNNN" in message body
- nis-info at nis.nsf.net
- Put "send RFCnnn.TXT-1" in message body
- sendrfc at jvnc.net
- Put "RFCnnn" as Subject: line
-
-For further instructions see:
-
- http://www.isi.edu/in-notes/rfc-editor/rfc-info
-
Important RFCs for electronic mail are:
RFC821 SMTP protocol
Modified: stable/9/contrib/sendmail/RELEASE_NOTES
==============================================================================
--- stable/9/contrib/sendmail/RELEASE_NOTES Sat Jul 11 03:34:57 2015 (r285372)
+++ stable/9/contrib/sendmail/RELEASE_NOTES Sat Jul 11 03:42:01 2015 (r285373)
@@ -5,6 +5,165 @@ This listing shows the version of the se
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.
+8.15.2/8.15.2 2015/07/03
+ If FEATURE(`nopercenthack') is used then some bogus input triggered
+ a recursion which was caught and logged as
+ SYSERR: rewrite: excessive recursion (max 50) ...
+ Fix based on patch from Ondrej Holas.
+ DHParameters now by default uses an included 2048 bit prime.
+ The value 'none' previously caused a log entry claiming
+ there was an error "cannot read or set DH parameters".
+ Also note that this option applies to the server side only.
+ The U= mailer field didn't accept group names containing hyphens,
+ underbars, or periods. Based on patch from David Gwynne
+ of the University of Queensland.
+ CONFIG: Allow connections from IPv6:0:0:0:0:0:0:0:1 to relay again.
+ Patch from Lars-Johan Liman of Netnod Internet Exchange.
+ CONFIG: New option UseCompressedIPv6Addresses to select between
+ compressed and uncompressed IPv6 addresses. The default
+ value depends on the compile-time option IPV6_FULL:
+ For 1 the default is False, for 0 it is True, thus
+ preserving the current behaviour. Based on patch from
+ John Beck of Oracle.
+ CONFIG: Account for IPv6 localhost addresses in
+ FEATURE(`block_bad_helo'). Suggested by Andrey Chernov
+ from FreeBSD and Robert Scheck from the Fedora Project.
+ CONFIG: Account for IPv6 localhost addresses in check_mail ruleset.
+ LIBMILTER: Deal with more invalid protocol data to avoid potential
+ crashes. Problem noted by Dimitri Kirchner.
+ LIBMILTER: Allow a milter to specify an empty macro list ("", not
+ NULL) in smfi_setsymlist() so no macro is sent for the
+ selected stage.
+ MAKEMAP: A change to check TrustedUser in fewer cases which was
+ made in 2013 caused a potential regression when makemap
+ was run as root (which should not be done anyway).
+ Note: sendmail often contains options "For Future Releases"
+ (prefix _FFR_) which might be enabled in a subsequent
+ version or might simply be removed as they turned out not
+ to be really useful. These features are usually not
+ documented but if they are, then the required (FFR)
+ options are listed in
+ - doc/op/op.* for rulesets and macros,
+ - cf/README for mc/cf options.
+
+8.15.1/8.15.1 2014/12/06
+ SECURITY: Properly set the close-on-exec flag for file descriptors
+ (except stdin, stdout, and stderr) before executing mailers.
+ If header rewriting fails due to a temporary map lookup failure,
+ queue the mail for later retry instead of sending it
+ without rewriting the header. Note: this is done
+ while the mail is being sent and hence the transaction
+ is aborted, which only works for SMTP/LMTP mailers
+ hence the handling of temporary map failures is
+ suppressed for other mailers. SMTP/LMTP servers may
+ complain about aborted transactions when this problem
+ occurs.
+ See also "DNS Lookups" in sendmail/TUNING.
+ Incompatible Change: Use uncompressed IPv6 addresses by default,
+ i.e., they will not contain "::". For example,
+ instead of ::1 it will be 0:0:0:0:0:0:0:1. This
+ permits a zero subnet to have a more specific match,
+ such as different map entries for IPv6:0:0 vs IPv6:0.
+ This change requires that configuration data
+ (including maps, files, classes, custom ruleset,
+ etc) must use the same format, so make certain such
+ configuration data is updated before using 8.15.
+ As a very simple check search for patterns like
+ 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. If necessary,
+ the prior format can be retained by compiling with:
+ APPENDDEF(`conf_sendmail_ENVDEF', `-DIPV6_FULL=0')
+ in your devtools/Site/site.config.m4 file.
+ If debugging is turned on (-d0.14) also print the OpenSSL
+ versions, both build time and run time
+ (provided STARTTLS is compiled in).
+ If a connection to the MTA is dropped by the client before its
+ hostname can be validated, treat it as "may be forged",
+ so that the unvalidated hostname is not passed to a
+ milter in xxfi_connect().
+ Add a timeout for communication with socket map servers
+ which can be specified using the -d option.
+ Add a compile time option HESIOD_ALLOW_NUMERIC_LOGIN to allow
+ numeric logins even if HESIOD is enabled.
+ The new option CertFingerprintAlgorithm specifies the finger-
+ print algorithm (digest) to use for the presented cert.
+ If the option is not set, md5 is used and the macro
+ {cert_md5} contains the cert fingerprint.
+ However, if the option is set, the specified algorithm
+ (e.g., sha1) is used and the macro {cert_fp} contains
+ the cert fingerprint.
+ That is, as long as the option is not set, the behaviour
+ does not change, but otherwise, {cert_md5} is superseded
+ by {cert_fp} even if you set CertFingerprintAlgorithm
+ to md5.
+ The options ServerSSLOptions and ClientSSLOptions can be used
+ to set SSL options for the server and client side
+ respectively. See SSL_CTX_set_options(3) for a list.
+ Note: this change turns on SSL_OP_NO_SSLv2 and
+ SSL_OP_NO_TICKET for the client. See doc/op/op.me
+ for details.
+ The option CipherList sets the list of ciphers for STARTTLS.
+ See ciphers(1) for possible values.
+ Do not log "STARTTLS: internal error: tls_verify_cb: ssl == NULL"
+ if a CRLFfile is in use (and LogLevel is 14 or higher.)
+ Store a more specific TLS protocol version in ${tls_version}
+ instead of a generic one, e.g., TLSv1 instead of
+ TLSv1/SSLv3.
+ Properly set {client_port} value on little endian machines.
+ Patch from Kelsey Cummings of Sonic.net.
+ Per RFC 3848, indicate in the Received: header whether SSL or
+ SMTP AUTH was negotiated by setting the protocol clause
+ to ESMTPS, ESMTPA, or ESMTPSA instead of ESMTP.
+ If the 'C' flag is listed as TLSSrvOptions the requirement for the
+ TLS server to have a cert is removed. This only works
+ under very specific circumstances and should only be used
+ if the consequences are understood, e.g., clients
+ may not work with a server using this.
+ The options ClientCertFile, ClientKeyFile, ServerCertFile, and
+ ServerKeyFile can take a second file name, which must be
+ separated from the first with a comma (note: do not use
+ any spaces) to set up a second cert/key pair. This can
+ be used to have certs of different types, e.g., RSA
+ and DSA.
+ A new map type "arpa" is available to reverse an IP (IPv4 or IPv6)
+ address. It returns the string for the PTR lookup, but
+ without trailing {ip6,in-addr}.arpa.
+ New operation mode 'C' just checks the configuration file, e.g.,
+ sendmail -C new.cf -bC
+ will perform a basic syntax/consistency check of new.cf.
+ The mailer flag 'I' is deprecated and will be removed in a
+ future version.
+ Allow local (not just TCP) socket connections to the server, e.g.,
+ O DaemonPortOptions=Family=local, Addr=/var/mta/server.sock
+ can be used.
+ If the new option MaxQueueAge is set to a value greater than zero,
+ entries in the queue will be retried during a queue run
+ only if the individual retry time has been reached which
+ is doubled for each attempt. The maximum retry time is
+ limited by the specified value.
+ New DontBlameSendmail option GroupReadableDefaultAuthInfoFile
+ to relax requirement for DefaultAuthInfo file.
+ Reset timeout after receiving a message to appropriate value if
+ STARTTLS is in use. Based on patch by Kelsey Cummings
+ of Sonic.net.
+ Report correct error messages from the LDAP library for a range of
+ small negative return values covering those used by OpenLDAP.
+ Fix compilation with Berkeley DB 5.0 and 6.0. Patch from
+ Allan E Johannesen of Worcester Polytechnic Institute.
+ CONFIG: FEATURE(`nopercenthack') takes one parameter: reject or
+ nospecial which describes whether to disallow "%" in the
+ local part of an address.
+ DEVTOOLS: Fix regression in auto-detection of libraries when only
+ shared libraries are available. Problem reported by
+ Bryan Costales.
+ LIBMILTER: Mark communication socket as close-on-exec in case
+ a user's filter starts other applications.
+ Based on patch from Paul Howarth.
+ Portability:
+ SunOS 5.12 has changed the API for sigwait(2) to conform
+ with XPG7. Based on patch from Roger Faulkner of Oracle.
+ Deleted Files:
+ libsm/path.c
+
8.14.9/8.14.9 2014/05/21
SECURITY: Properly set the close-on-exec flag for file descriptors
(except stdin, stdout, and stderr) before executing mailers.
@@ -681,7 +840,7 @@ summary of the changes in that release.
LIBMILTER: The "hostname" argument of the xxfi_connect() callback
previously was the equivalent of {client_ptr}. However,
this did not match the documentation of the function, hence
- it has been changed to {client_name}. See doc/op/op.*
+ it has been changed to {client_name}. See doc/op/op.me
about these macros.
8.13.7/8.13.7 2006/06/14
@@ -3509,11 +3668,11 @@ summary of the changes in that release.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
- cf/README and doc/op/op.*.
+ cf/README and doc/op/op.me.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
- in cf/README and doc/op/op.*.
+ in cf/README and doc/op/op.me.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
Modified: stable/9/contrib/sendmail/cf/README
==============================================================================
--- stable/9/contrib/sendmail/cf/README Sat Jul 11 03:34:57 2015 (r285372)
+++ stable/9/contrib/sendmail/cf/README Sat Jul 11 03:42:01 2015 (r285373)
@@ -158,6 +158,26 @@ FEATURE(`local_procmail').
*******************************************************************
+Note:
+Some rulesets, features, and options are only useful if the sendmail
+binary has been compiled with the appropriate options, e.g., the
+ruleset tls_server is only invoked if sendmail has been compiled
+with STARTTLS. This is usually obvious from the context and hence
+not further specified here.
+There are also so called "For Future Releases" (FFR) compile time
+options which might be included in a subsequent version or might
+simply be removed as they turned out not to be really useful.
+These are generally not documented but if they are, then the required
+compile time options are listed in doc/op/op.* for rulesets and
+macros, and for mc/cf specific options they are usually listed here.
+In addition to compile time options for the sendmail binary, there
+can also be FFRs for mc/cf which in general can be enabled when the
+configuration file is generated by defining them at the top of your
+.mc file:
+
+define(`_FFR_NAME_HERE', 1)
+
+
+----------------------------+
| A BRIEF INTRODUCTION TO M4 |
+----------------------------+
@@ -397,6 +417,10 @@ SMTP_MAILER_CHARSET [undefined] If defin
that ARRIVE from an address that resolves to one of
the SMTP mailers and which are converted to MIME will
be labeled with this character set.
+RELAY_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
+ that ARRIVE from an address that resolves to the
+ relay mailers and which are converted to MIME will
+ be labeled with this character set.
SMTP_MAILER_LL [990] The maximum line length for SMTP mailers
(except the relay mailer).
RELAY_MAILER_LL [2040] The maximum line length for the relay mailer.
@@ -743,6 +767,16 @@ nouucp Don't route UUCP addresses. Thi
2. don't remove "!" from OperatorChars if `reject' is
given as parameter.
+nopercenthack Don't treat % as routing character. This feature takes one
+ parameter:
+ `reject': reject addresses which have % in the local
+ part unless it originates from a system
+ that is allowed to relay.
+ `nospecial': don't do anything special with %.
+ Warnings: 1. See the notice in the anti-spam section.
+ 2. Don't remove % from OperatorChars if `reject' is
+ given as parameter.
+
nocanonify Don't pass addresses to $[ ... $] for canonification
by default, i.e., host/domain names are considered canonical,
except for unqualified names, which must not be used in this
@@ -1441,7 +1475,7 @@ msp Defines config file for Message Sub
by default. If you have a machine with IPv6 only,
change it to
- FEATURE(`msp', `[IPv6:::1]')
+ FEATURE(`msp', `[IPv6:0:0:0:0:0:0:0:1]')
If you want to continue using '[localhost]', (the behavior
up to 8.12.6), use
@@ -1499,8 +1533,12 @@ block_bad_helo Reject messages from SMTP
- connections from IP addresses in class $={R}.
Currently access_db lookups can not be used to
(selectively) disable this test, moreover,
+
FEATURE(`delay_checks')
- is required.
+
+ is required. Note, the block_bad_helo feature automatically
+ adds the IPv6 and IPv4 localhost IP addresses to $={w} (local
+ host names) and $={R} (relay permitted).
require_rdns Reject mail from connecting SMTP clients without proper
rDNS (reverse DNS), functional gethostbyaddr() resolution.
@@ -2442,17 +2480,19 @@ should only be used for sites which have
that they provide a gateway for. Use this FEATURE with caution as it
can allow spammers to relay through your server if not setup properly.
-NOTICE: It is possible to relay mail through a system which the anti-relay
-rules do not prevent: the case of a system that does use FEATURE(`nouucp',
-`nospecial') (system A) and relays local messages to a mail hub (e.g., via
-LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use
-FEATURE(`nouucp') at all, addresses of the form
-<example.net!user at local.host> would be relayed to <user at example.net>.
-System A doesn't recognize `!' as an address separator and therefore
-forwards it to the mail hub which in turns relays it because it came from
-a trusted local host. So if a mailserver allows UUCP (bang-format)
-addresses, all systems from which it allows relaying should do the same
-or reject those addresses.
+NOTICE: It is possible to relay mail through a system which the
+anti-relay rules do not prevent: the case of a system that does use
+FEATURE(`nouucp', `nospecial') / FEATURE(`nopercenthack', `nospecial')
+(system A) and relays local messages to a mail hub (e.g., via
+LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use the
+same feature (nouucp / nopercenthack) at all, addresses of the form
+<example.net!user at local.host> / <user%example.net at local.host>
+would be relayed to <user at example.net>.
+System A doesn't recognize `!' / `%' as an address separator and
+therefore forwards it to the mail hub which in turns relays it
+because it came from a trusted local host. So if a mailserver
+allows UUCP (bang-format) / %-hack addresses, all systems from which
+it allows relaying should do the same or reject those addresses.
As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
an unresolvable domain (i.e., one that DNS, your local name service,
@@ -3160,17 +3200,49 @@ TLS_Clt:laptop.example.com PERM+VER
TLS_Rcpt:darth at endmail.org ENCR:112+CN:smtp.endmail.org
-Disabling STARTTLS And Setting SMTP Server Features
----------------------------------------------------
+TLS Options per Session
+-----------------------
By default STARTTLS is used whenever possible. However, there are
-some broken MTAs that don't properly implement STARTTLS. To be able
-to send to (or receive from) those MTAs, the ruleset try_tls
-(srv_features) can be used that work together with the access map.
-Entries for the access map must be tagged with Try_TLS (Srv_Features)
-and refer to the hostname or IP address of the connecting system.
-A default case can be specified by using just the tag. For example,
-the following entries in the access map:
+MTAs with STARTTLS interoperability issues. To be able to send to
+(or receive from) those MTAs several features are available:
+
+1) Various TLS options be be set per IP/domain.
+2) STARTTLS can be turned off for specific IP addresses/domains.
+
+About 1): the rulesets tls_srv_features and tls_clt_features can
+be used to return a (semicolon separated) list of TLS related
+options:
+
+- Options: compare {Server,Client}SSLOptions.
+- CipherList: same as the global option.
+- CertFile, KeyFile: {Server,Client}{Cert,Key}File
+
+If FEATURE(`tls_session_features') is used, then default rulesets
+are activated which look up entries in the access map with the tags
+TLS_Srv_features and TLS_Clt_features, respectively.
+For example, these entries:
+
+ TLS_Srv_features:10.0.2.4 CipherList=MEDIUM+aRSA;
+ TLS_Clt_features:10.1.0.1 Options=SSL_OP_NO_TLSv1_2; CipherList=ALL:-EXPORT
+
+specify a cipherlist with MEDIUM strength ciphers that use RSA
+certificates only for the client with the IP address 10.0.2.4,
+and turn off TLSv1.2 when connecting to the server with the IP
+address 10.1.0.1 as well as setting a specific cipherlist.
+If FEATURE(`tls_session_features') is not used the user can provide
+their own rulesets which must return the appropriate data.
+If the rulesets are not defined or do not return a value, the
+default TLS options are not modified.
+(These rulesets require the sendmail binary to be built with
+_FFR_TLS_SE_OPTS enabled.)
+
+About 2): the ruleset try_tls (srv_features) can be used that work
+together with the access map. Entries for the access map must be
+tagged with Try_TLS (Srv_Features) and refer to the hostname or IP
+address of the connecting system. A default case can be specified
+by using just the tag. For example, the following entries in the
+access map:
Try_TLS:broken.server NO
Srv_Features:my.domain v
@@ -3756,6 +3828,12 @@ confSINGLE_THREAD_DELIVERY SingleThread
cached but otherwise idle connection
to a host will prevent other sendmails
from connecting to the other host.
+confUSE_COMPRESSED_IPV6_ADDRESSES
+ UseCompressedIPv6Addresses
+ [undefined] If set, use the compressed
+ form of IPv6 addresses, such as
+ IPV6:::1, instead of the uncompressed
+ form, such as IPv6:0:0:0:0:0:0:0:1.
confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to
deliver error messages. This should
not be necessary because of general
@@ -3990,6 +4068,13 @@ confWORK_TIME_FACTOR RetryFactor [90000]
confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm:
Priority, Host, Filename, Random,
Modification, or Time.
+confMAX_QUEUE_AGE MaxQueueAge [undefined] If set to a value greater
+ than zero, entries in the queue
+ will be retried during a queue run
+ only if the individual retry time
+ has been reached which is doubled
+ for each attempt. The maximum retry
+ time is limited by the specified value.
confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job
must sit in the queue between queue
runs. This allows you to set the
@@ -4208,7 +4293,7 @@ confAUTH_MECHANISMS AuthMechanisms [GSSA
confAUTH_REALM AuthRealm [undefined] The authentication realm
that is passed to the Cyrus SASL
library. If no realm is specified,
- $j is used.
+ $j is used. See KNOWNBUGS.
confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains
authentication information for
outgoing connections. This file must
@@ -4241,6 +4326,14 @@ confTLS_SRV_OPTIONS TLSSrvOptions If thi
verification is performed, i.e.,
the server doesn't ask for a
certificate.
+confSERVER_SSL_OPTIONS ServerSSLOptions [undefined] SSL related
+ options for server side. See
+ SSL_CTX_set_options(3) for a list.
+confCLIENT_SSL_OPTIONS ClientSSLOptions [undefined] SSL related
+ options for client side. See
+ SSL_CTX_set_options(3) for a list.
+confCIPHER_LIST CipherList [undefined] Cipher list for TLS.
+ See ciphers(1) for possible values.
confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map
specification for LDAP maps. The
value should only contain LDAP
@@ -4250,10 +4343,11 @@ confLDAP_DEFAULT_SPEC LDAPDefaultSpec [u
maps unless they are specified in
the individual map specification
('K' command).
-confCACERT_PATH CACertPath [undefined] Path to directory
- with certs of CAs.
-confCACERT CACertFile [undefined] File containing one CA
- cert.
+confCACERT_PATH CACertPath [undefined] Path to directory with
+ certificates of CAs which must contain
+ their hashes as filenames or links.
+confCACERT CACertFile [undefined] File containing at least
+ one CA certificate.
confSERVER_CERT ServerCertFile [undefined] File containing the
cert of the server, i.e., this cert
is used when sendmail acts as
@@ -4281,6 +4375,10 @@ confRAND_FILE RandFile [undefined] File
requires this option if the compile
flag HASURANDOM is not set (see
sendmail/README).
+confCERT_FINGERPRINT_ALGORITHM CertFingerprintAlgorithm
+ [undefined] The fingerprint algorithm
+ (digest) to use for the presented
+ cert.
confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of
queue runners is set the given value
(nice(3)).
Modified: stable/9/contrib/sendmail/cf/cf/Makefile
==============================================================================
--- stable/9/contrib/sendmail/cf/cf/Makefile Sat Jul 11 03:34:57 2015 (r285372)
+++ stable/9/contrib/sendmail/cf/cf/Makefile Sat Jul 11 03:42:01 2015 (r285373)
@@ -100,6 +100,7 @@ M4FILES=\
${CFDIR}/feature/access_db.m4 \
${CFDIR}/feature/allmasquerade.m4 \
${CFDIR}/feature/always_add_domain.m4 \
+ ${CFDIR}/feature/bcc.m4 \
${CFDIR}/feature/bestmx_is_local.m4 \
${CFDIR}/feature/bitdomain.m4 \
${CFDIR}/feature/blacklist_recipients.m4 \
@@ -118,9 +119,11 @@ M4FILES=\
${CFDIR}/feature/masquerade_envelope.m4 \
${CFDIR}/feature/no_default_msa.m4 \
${CFDIR}/feature/nocanonify.m4 \
+ ${CFDIR}/feature/nopercenthack.m4 \
${CFDIR}/feature/notsticky.m4 \
${CFDIR}/feature/nouucp.m4 \
${CFDIR}/feature/nullclient.m4 \
+ ${CFDIR}/feature/prefixmod.m4 \
${CFDIR}/feature/promiscuous_relay.m4 \
${CFDIR}/feature/redirect.m4 \
${CFDIR}/feature/ratecontrol.m4 \
@@ -131,12 +134,14 @@ M4FILES=\
${CFDIR}/feature/relay_mail_from.m4 \
${CFDIR}/feature/smrsh.m4 \
${CFDIR}/feature/stickyhost.m4 \
+ ${CFDIR}/feature/tls_session_features.m4 \
${CFDIR}/feature/use_ct_file.m4 \
${CFDIR}/feature/use_cw_file.m4 \
${CFDIR}/feature/uucpdomain.m4 \
${CFDIR}/feature/virtuser_entire_domain.m4 \
${CFDIR}/feature/virtusertable.m4 \
${CFDIR}/hack/cssubdomain.m4 \
+ ${CFDIR}/hack/xconnect.m4 \
${CFDIR}/m4/cf.m4 \
${CFDIR}/m4/cfhead.m4 \
${CFDIR}/m4/proto.m4 \
Modified: stable/9/contrib/sendmail/cf/cf/submit.cf
==============================================================================
--- stable/9/contrib/sendmail/cf/cf/submit.cf Sat Jul 11 03:34:57 2015 (r285372)
+++ stable/9/contrib/sendmail/cf/cf/submit.cf Sat Jul 11 03:42:01 2015 (r285373)
@@ -16,8 +16,8 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
-##### built by ca at lab.smi.sendmail.com on Tue May 20 12:12:52 PDT 2014
-##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf
+##### built by ca at sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015
+##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
@@ -114,7 +114,7 @@ D{MTAHost}[127.0.0.1]
# Configuration version number
-DZ8.14.9/Submit
+DZ8.15.2/Submit
###############
@@ -202,6 +202,9 @@ O ConnectionCacheTimeout=5m
# use Errors-To: header?
O UseErrorsTo=False
+# use compressed IPv6 address format?
+#O UseCompressedIPv6Addresses
+
# log level
O LogLevel=9
@@ -251,6 +254,9 @@ O PrivacyOptions=goaway,noetrn,restrictq
# minimum time in queue before retry
#O MinQueueAge=30m
+# maximum time in queue before retry (if > 0; only for exponential delay)
+#O MaxQueueAge
+
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
@@ -501,6 +507,12 @@ O PidFile=/var/spool/clientmqueue/sm-cli
# SMTP STARTTLS server options
#O TLSSrvOptions
+# SSL cipherlist
+#O CipherList
+# server side SSL options
+#O ServerSSLOptions
+# client side SSL options
+#O ClientSSLOptions
# Input mail filters
#O InputMailFilters
@@ -524,6 +536,8 @@ O PidFile=/var/spool/clientmqueue/sm-cli
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
+# fingerprint algorithm (digest) to use for the presented cert
+#O CertFingerprintAlgorithm
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
@@ -531,6 +545,8 @@ O PidFile=/var/spool/clientmqueue/sm-cli
# Name to use for EHLO (defaults to $j)
#O HeloName
+
+
############################
# QUEUE GROUP DEFINITIONS #
############################
@@ -645,6 +661,7 @@ R$- . $- :: $+ $@ $>Canonify2 $3 < @ $1
# if we have % signs, take the rightmost one
R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
+
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
@@ -781,6 +798,7 @@ R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
+
#
# Parse1 -- the bottom half of ruleset 0.
#
@@ -818,6 +836,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
+
+
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################
@@ -1027,6 +1047,10 @@ R$* $| $* $: $2
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
R<@> < $* @ [127.0.0.1] >
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
+R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] >
+ $: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] >
+R<@> < $* @ [IPv6:::1] >
+ $: < ? $&{client_name} > < $1 @ [IPv6:::1] >
R<@> < $* @ localhost.$m >
$: < ? $&{client_name} > < $1 @ localhost.$m >
R<@> < $* @ localhost.UUCP >
@@ -1141,6 +1165,7 @@ R$* $: $&{client_addr}
R$@ $@ RELAY originated locally
R0 $@ RELAY originated locally
R127.0.0.1 $@ RELAY originated locally
+RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally
RIPv6:::1 $@ RELAY originated locally
R$=R $* $@ RELAY relayable IP address
R$* $: [ $1 ] put brackets around it...
@@ -1245,6 +1270,8 @@ STLS_connection
RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
+
+
######################################################################
### RelayTLS: allow relaying based on TLS authentication
###
@@ -1442,7 +1469,7 @@ Mrelay, P=[IPC], F=mDFMuXa8k, S=EnvFrom
### submit.mc ###
# divert(-1)
# #
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list