aboutsummaryrefslogtreecommitdiff
path: root/contrib
diff options
context:
space:
mode:
authorPeter Wemm <peter@FreeBSD.org>2008-08-28 02:25:51 +0000
committerPeter Wemm <peter@FreeBSD.org>2008-08-28 02:25:51 +0000
commiteeb6d312f5927d5030b40751a119c518099ccf4d (patch)
treedaf40952cf309641cc6c7d987989fd2abce2d758 /contrib
parentffb836234b94e17739bac88bfd7f51f5ae49e3bc (diff)
downloadsrc-eeb6d312f5927d5030b40751a119c518099ccf4d.tar.gz
src-eeb6d312f5927d5030b40751a119c518099ccf4d.zip
Stage 1 of sendmail dist tree flattening. contrib/sendmail/contrib
prevents doing this in one pass.
Notes
Notes: svn path=/vendor/sendmail/dist/; revision=182324
Diffstat (limited to 'contrib')
-rw-r--r--contrib/sendmail/CACerts236
-rw-r--r--contrib/sendmail/FAQ8
-rw-r--r--contrib/sendmail/INSTALL46
-rw-r--r--contrib/sendmail/KNOWNBUGS250
-rw-r--r--contrib/sendmail/LICENSE79
-rw-r--r--contrib/sendmail/Makefile49
-rw-r--r--contrib/sendmail/PGPKEYS1732
-rw-r--r--contrib/sendmail/README467
-rw-r--r--contrib/sendmail/RELEASE_NOTES10260
-rw-r--r--contrib/sendmail/cf/README4702
-rw-r--r--contrib/sendmail/cf/cf/Makefile209
-rw-r--r--contrib/sendmail/cf/cf/README34
-rw-r--r--contrib/sendmail/cf/cf/chez.cs.mc34
-rw-r--r--contrib/sendmail/cf/cf/clientproto.mc29
-rw-r--r--contrib/sendmail/cf/cf/cs-hpux10.mc31
-rw-r--r--contrib/sendmail/cf/cf/cs-hpux9.mc31
-rw-r--r--contrib/sendmail/cf/cf/cs-osf1.mc30
-rw-r--r--contrib/sendmail/cf/cf/cs-solaris2.mc30
-rw-r--r--contrib/sendmail/cf/cf/cs-sunos4.1.mc30
-rw-r--r--contrib/sendmail/cf/cf/cs-ultrix4.mc30
-rw-r--r--contrib/sendmail/cf/cf/cyrusproto.mc40
-rw-r--r--contrib/sendmail/cf/cf/generic-bsd4.4.mc28
-rw-r--r--contrib/sendmail/cf/cf/generic-hpux10.mc27
-rw-r--r--contrib/sendmail/cf/cf/generic-hpux9.mc27
-rw-r--r--contrib/sendmail/cf/cf/generic-linux.mc27
-rw-r--r--contrib/sendmail/cf/cf/generic-mpeix.mc25
-rw-r--r--contrib/sendmail/cf/cf/generic-nextstep3.3.mc27
-rw-r--r--contrib/sendmail/cf/cf/generic-osf1.mc27
-rw-r--r--contrib/sendmail/cf/cf/generic-solaris.mc29
-rw-r--r--contrib/sendmail/cf/cf/generic-sunos4.1.mc27
-rw-r--r--contrib/sendmail/cf/cf/generic-ultrix4.mc27
-rw-r--r--contrib/sendmail/cf/cf/huginn.cs.mc43
-rw-r--r--contrib/sendmail/cf/cf/knecht.mc275
-rw-r--r--contrib/sendmail/cf/cf/mail.cs.mc44
-rw-r--r--contrib/sendmail/cf/cf/mail.eecs.mc44
-rw-r--r--contrib/sendmail/cf/cf/mailspool.cs.mc37
-rw-r--r--contrib/sendmail/cf/cf/python.cs.mc42
-rw-r--r--contrib/sendmail/cf/cf/s2k-osf1.mc30
-rw-r--r--contrib/sendmail/cf/cf/s2k-ultrix4.mc30
-rw-r--r--contrib/sendmail/cf/cf/submit.cf1465
-rw-r--r--contrib/sendmail/cf/cf/submit.mc26
-rw-r--r--contrib/sendmail/cf/cf/tcpproto.mc33
-rw-r--r--contrib/sendmail/cf/cf/ucbarpa.mc30
-rw-r--r--contrib/sendmail/cf/cf/ucbvax.mc91
-rw-r--r--contrib/sendmail/cf/cf/uucpproto.mc34
-rw-r--r--contrib/sendmail/cf/cf/vangogh.cs.mc33
-rw-r--r--contrib/sendmail/cf/domain/Berkeley.EDU.m424
-rw-r--r--contrib/sendmail/cf/domain/CS.Berkeley.EDU.m419
-rw-r--r--contrib/sendmail/cf/domain/EECS.Berkeley.EDU.m417
-rw-r--r--contrib/sendmail/cf/domain/S2K.Berkeley.EDU.m417
-rw-r--r--contrib/sendmail/cf/domain/berkeley-only.m419
-rw-r--r--contrib/sendmail/cf/domain/generic.m428
-rw-r--r--contrib/sendmail/cf/feature/accept_unqualified_senders.m416
-rw-r--r--contrib/sendmail/cf/feature/accept_unresolvable_domains.m416
-rw-r--r--contrib/sendmail/cf/feature/access_db.m449
-rw-r--r--contrib/sendmail/cf/feature/allmasquerade.m425
-rw-r--r--contrib/sendmail/cf/feature/always_add_domain.m422
-rw-r--r--contrib/sendmail/cf/feature/authinfo.m422
-rw-r--r--contrib/sendmail/cf/feature/badmx.m422
-rw-r--r--contrib/sendmail/cf/feature/bestmx_is_local.m451
-rw-r--r--contrib/sendmail/cf/feature/bitdomain.m425
-rw-r--r--contrib/sendmail/cf/feature/blacklist_recipients.m419
-rw-r--r--contrib/sendmail/cf/feature/block_bad_helo.m418
-rw-r--r--contrib/sendmail/cf/feature/compat_check.m433
-rw-r--r--contrib/sendmail/cf/feature/conncontrol.m436
-rw-r--r--contrib/sendmail/cf/feature/delay_checks.m425
-rw-r--r--contrib/sendmail/cf/feature/dnsbl.m439
-rw-r--r--contrib/sendmail/cf/feature/domaintable.m425
-rw-r--r--contrib/sendmail/cf/feature/enhdnsbl.m453
-rw-r--r--contrib/sendmail/cf/feature/generics_entire_domain.m416
-rw-r--r--contrib/sendmail/cf/feature/genericstable.m425
-rw-r--r--contrib/sendmail/cf/feature/greet_pause.m444
-rw-r--r--contrib/sendmail/cf/feature/ldap_routing.m446
-rw-r--r--contrib/sendmail/cf/feature/limited_masquerade.m419
-rw-r--r--contrib/sendmail/cf/feature/local_lmtp.m428
-rw-r--r--contrib/sendmail/cf/feature/local_no_masquerade.m418
-rw-r--r--contrib/sendmail/cf/feature/local_procmail.m436
-rw-r--r--contrib/sendmail/cf/feature/lookupdotdomain.m422
-rw-r--r--contrib/sendmail/cf/feature/loose_relay_check.m416
-rw-r--r--contrib/sendmail/cf/feature/mailertable.m425
-rw-r--r--contrib/sendmail/cf/feature/masquerade_entire_domain.m419
-rw-r--r--contrib/sendmail/cf/feature/masquerade_envelope.m419
-rw-r--r--contrib/sendmail/cf/feature/msp.m478
-rw-r--r--contrib/sendmail/cf/feature/mtamark.m433
-rw-r--r--contrib/sendmail/cf/feature/no_default_msa.m416
-rw-r--r--contrib/sendmail/cf/feature/nocanonify.m424
-rw-r--r--contrib/sendmail/cf/feature/notsticky.m421
-rw-r--r--contrib/sendmail/cf/feature/nouucp.m427
-rw-r--r--contrib/sendmail/cf/feature/nullclient.m438
-rw-r--r--contrib/sendmail/cf/feature/preserve_local_plus_detail.m416
-rw-r--r--contrib/sendmail/cf/feature/preserve_luser_host.m420
-rw-r--r--contrib/sendmail/cf/feature/promiscuous_relay.m419
-rw-r--r--contrib/sendmail/cf/feature/queuegroup.m427
-rw-r--r--contrib/sendmail/cf/feature/ratecontrol.m436
-rw-r--r--contrib/sendmail/cf/feature/redirect.m426
-rw-r--r--contrib/sendmail/cf/feature/relay_based_on_MX.m421
-rw-r--r--contrib/sendmail/cf/feature/relay_entire_domain.m416
-rw-r--r--contrib/sendmail/cf/feature/relay_hosts_only.m416
-rw-r--r--contrib/sendmail/cf/feature/relay_local_from.m420
-rw-r--r--contrib/sendmail/cf/feature/relay_mail_from.m423
-rw-r--r--contrib/sendmail/cf/feature/require_rdns.m416
-rw-r--r--contrib/sendmail/cf/feature/smrsh.m426
-rw-r--r--contrib/sendmail/cf/feature/stickyhost.m419
-rw-r--r--contrib/sendmail/cf/feature/use_client_ptr.m421
-rw-r--r--contrib/sendmail/cf/feature/use_ct_file.m424
-rw-r--r--contrib/sendmail/cf/feature/use_cw_file.m425
-rw-r--r--contrib/sendmail/cf/feature/uucpdomain.m425
-rw-r--r--contrib/sendmail/cf/feature/virtuser_entire_domain.m416
-rw-r--r--contrib/sendmail/cf/feature/virtusertable.m425
-rw-r--r--contrib/sendmail/cf/hack/cssubdomain.m423
-rw-r--r--contrib/sendmail/cf/m4/cf.m429
-rw-r--r--contrib/sendmail/cf/m4/cfhead.m4309
-rw-r--r--contrib/sendmail/cf/m4/proto.m43011
-rw-r--r--contrib/sendmail/cf/m4/version.m418
-rw-r--r--contrib/sendmail/cf/mailer/cyrus.m460
-rw-r--r--contrib/sendmail/cf/mailer/cyrusv2.m429
-rw-r--r--contrib/sendmail/cf/mailer/fax.m438
-rw-r--r--contrib/sendmail/cf/mailer/local.m493
-rw-r--r--contrib/sendmail/cf/mailer/mail11.m461
-rw-r--r--contrib/sendmail/cf/mailer/phquery.m432
-rw-r--r--contrib/sendmail/cf/mailer/pop.m434
-rw-r--r--contrib/sendmail/cf/mailer/procmail.m434
-rw-r--r--contrib/sendmail/cf/mailer/qpage.m431
-rw-r--r--contrib/sendmail/cf/mailer/smtp.m4124
-rw-r--r--contrib/sendmail/cf/mailer/usenet.m428
-rw-r--r--contrib/sendmail/cf/mailer/uucp.m4157
-rw-r--r--contrib/sendmail/cf/ostype/a-ux.m421
-rw-r--r--contrib/sendmail/cf/ostype/aix3.m421
-rw-r--r--contrib/sendmail/cf/ostype/aix4.m421
-rw-r--r--contrib/sendmail/cf/ostype/aix5.m418
-rw-r--r--contrib/sendmail/cf/ostype/altos.m427
-rw-r--r--contrib/sendmail/cf/ostype/amdahl-uts.m420
-rw-r--r--contrib/sendmail/cf/ostype/bsd4.3.m418
-rw-r--r--contrib/sendmail/cf/ostype/bsd4.4.m420
-rw-r--r--contrib/sendmail/cf/ostype/bsdi.m417
-rw-r--r--contrib/sendmail/cf/ostype/bsdi1.0.m418
-rw-r--r--contrib/sendmail/cf/ostype/bsdi2.0.m418
-rw-r--r--contrib/sendmail/cf/ostype/darwin.m419
-rw-r--r--contrib/sendmail/cf/ostype/dgux.m421
-rw-r--r--contrib/sendmail/cf/ostype/domainos.m420
-rw-r--r--contrib/sendmail/cf/ostype/dragonfly.m420
-rw-r--r--contrib/sendmail/cf/ostype/dynix3.2.m418
-rw-r--r--contrib/sendmail/cf/ostype/freebsd4.m419
-rw-r--r--contrib/sendmail/cf/ostype/freebsd5.m420
-rw-r--r--contrib/sendmail/cf/ostype/freebsd6.m420
-rw-r--r--contrib/sendmail/cf/ostype/gnu.m421
-rw-r--r--contrib/sendmail/cf/ostype/hpux10.m427
-rw-r--r--contrib/sendmail/cf/ostype/hpux11.m423
-rw-r--r--contrib/sendmail/cf/ostype/hpux9.m427
-rw-r--r--contrib/sendmail/cf/ostype/irix4.m419
-rw-r--r--contrib/sendmail/cf/ostype/irix5.m439
-rw-r--r--contrib/sendmail/cf/ostype/irix6.m439
-rw-r--r--contrib/sendmail/cf/ostype/isc4.1.m425
-rw-r--r--contrib/sendmail/cf/ostype/linux.m420
-rw-r--r--contrib/sendmail/cf/ostype/maxion.m428
-rw-r--r--contrib/sendmail/cf/ostype/mklinux.m424
-rw-r--r--contrib/sendmail/cf/ostype/mpeix.m422
-rw-r--r--contrib/sendmail/cf/ostype/nextstep.m420
-rw-r--r--contrib/sendmail/cf/ostype/openbsd.m417
-rw-r--r--contrib/sendmail/cf/ostype/osf1.m419
-rw-r--r--contrib/sendmail/cf/ostype/powerux.m423
-rw-r--r--contrib/sendmail/cf/ostype/ptx2.m423
-rw-r--r--contrib/sendmail/cf/ostype/qnx.m421
-rw-r--r--contrib/sendmail/cf/ostype/riscos4.5.m420
-rw-r--r--contrib/sendmail/cf/ostype/sco-uw-2.1.m424
-rw-r--r--contrib/sendmail/cf/ostype/sco3.2.m423
-rw-r--r--contrib/sendmail/cf/ostype/sinix.m420
-rw-r--r--contrib/sendmail/cf/ostype/solaris2.m427
-rw-r--r--contrib/sendmail/cf/ostype/solaris2.ml.m427
-rw-r--r--contrib/sendmail/cf/ostype/solaris2.pre5.m426
-rw-r--r--contrib/sendmail/cf/ostype/solaris8.m425
-rw-r--r--contrib/sendmail/cf/ostype/sunos3.5.m418
-rw-r--r--contrib/sendmail/cf/ostype/sunos4.1.m418
-rw-r--r--contrib/sendmail/cf/ostype/svr4.m421
-rw-r--r--contrib/sendmail/cf/ostype/ultrix4.m418
-rw-r--r--contrib/sendmail/cf/ostype/unicos.m422
-rw-r--r--contrib/sendmail/cf/ostype/unicosmk.m422
-rw-r--r--contrib/sendmail/cf/ostype/unicosmp.m427
-rw-r--r--contrib/sendmail/cf/ostype/unixware7.m420
-rw-r--r--contrib/sendmail/cf/ostype/unknown.m420
-rw-r--r--contrib/sendmail/cf/ostype/uxpds.m425
-rw-r--r--contrib/sendmail/cf/sendmail.schema270
-rw-r--r--contrib/sendmail/cf/sh/makeinfo.sh58
-rw-r--r--contrib/sendmail/cf/siteconfig/uucp.cogsci.m46
-rw-r--r--contrib/sendmail/cf/siteconfig/uucp.old.arpa.m44
-rw-r--r--contrib/sendmail/cf/siteconfig/uucp.ucbarpa.m41
-rw-r--r--contrib/sendmail/cf/siteconfig/uucp.ucbvax.m473
-rw-r--r--contrib/sendmail/contrib/README10
-rw-r--r--contrib/sendmail/contrib/bitdomain.c409
-rwxr-xr-xcontrib/sendmail/contrib/bounce-resender.pl282
-rw-r--r--contrib/sendmail/contrib/bsdi.mc191
-rwxr-xr-xcontrib/sendmail/contrib/buildvirtuser216
-rwxr-xr-xcontrib/sendmail/contrib/cidrexpand138
-rw-r--r--contrib/sendmail/contrib/dnsblaccess.m494
-rw-r--r--contrib/sendmail/contrib/domainmap.m4105
-rw-r--r--contrib/sendmail/contrib/doublebounce.pl225
-rw-r--r--contrib/sendmail/contrib/etrn.058
-rwxr-xr-xcontrib/sendmail/contrib/etrn.pl218
-rwxr-xr-xcontrib/sendmail/contrib/expn.pl1360
-rw-r--r--contrib/sendmail/contrib/link_hash.sh36
-rw-r--r--contrib/sendmail/contrib/mail.local.linux205
-rw-r--r--contrib/sendmail/contrib/mailprio557
-rw-r--r--contrib/sendmail/contrib/mh.patch193
-rw-r--r--contrib/sendmail/contrib/mmuegel2079
-rw-r--r--contrib/sendmail/contrib/movemail.conf35
-rwxr-xr-xcontrib/sendmail/contrib/movemail.pl106
-rwxr-xr-xcontrib/sendmail/contrib/passwd-to-alias.pl31
-rw-r--r--contrib/sendmail/contrib/qtool.8228
-rwxr-xr-xcontrib/sendmail/contrib/qtool.pl1324
-rw-r--r--contrib/sendmail/contrib/re-mqueue.pl258
-rw-r--r--contrib/sendmail/contrib/rmail.oldsys.patch108
-rwxr-xr-xcontrib/sendmail/contrib/smcontrol.pl413
-rwxr-xr-xcontrib/sendmail/contrib/socketmapClient.pl67
-rwxr-xr-xcontrib/sendmail/contrib/socketmapServer.pl98
-rw-r--r--contrib/sendmail/doc/op/Makefile39
-rw-r--r--contrib/sendmail/doc/op/README13
-rw-r--r--contrib/sendmail/doc/op/op.me11468
-rw-r--r--contrib/sendmail/editmap/Makefile17
-rw-r--r--contrib/sendmail/editmap/Makefile.m424
-rw-r--r--contrib/sendmail/editmap/editmap.8106
-rw-r--r--contrib/sendmail/editmap/editmap.c422
-rw-r--r--contrib/sendmail/include/libmilter/mfapi.h595
-rw-r--r--contrib/sendmail/include/libmilter/mfdef.h110
-rw-r--r--contrib/sendmail/include/libmilter/milter.h28
-rw-r--r--contrib/sendmail/include/libsmdb/smdb.h360
-rw-r--r--contrib/sendmail/include/sendmail/mailstats.h39
-rw-r--r--contrib/sendmail/include/sendmail/pathnames.h62
-rw-r--r--contrib/sendmail/include/sendmail/sendmail.h135
-rw-r--r--contrib/sendmail/include/sm/assert.h113
-rw-r--r--contrib/sendmail/include/sm/bdb.h47
-rw-r--r--contrib/sendmail/include/sm/bitops.h57
-rw-r--r--contrib/sendmail/include/sm/cdefs.h147
-rw-r--r--contrib/sendmail/include/sm/cf.h29
-rw-r--r--contrib/sendmail/include/sm/clock.h80
-rw-r--r--contrib/sendmail/include/sm/conf.h3015
-rw-r--r--contrib/sendmail/include/sm/config.h187
-rw-r--r--contrib/sendmail/include/sm/debug.h135
-rw-r--r--contrib/sendmail/include/sm/errstring.h86
-rw-r--r--contrib/sendmail/include/sm/exc.h186
-rw-r--r--contrib/sendmail/include/sm/fdset.h25
-rw-r--r--contrib/sendmail/include/sm/gen.h80
-rw-r--r--contrib/sendmail/include/sm/heap.h111
-rw-r--r--contrib/sendmail/include/sm/io.h389
-rw-r--r--contrib/sendmail/include/sm/ldap.h141
-rw-r--r--contrib/sendmail/include/sm/limits.h55
-rw-r--r--contrib/sendmail/include/sm/mbdb.h43
-rw-r--r--contrib/sendmail/include/sm/misc.h19
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_aix.h39
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_dragonfly.h33
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_freebsd.h41
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_hp.h34
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_irix.h55
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_linux.h42
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_mpeix.h34
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_next.h29
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_openbsd.h30
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_openunix.h25
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_osf1.h18
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_qnx.h20
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_sunos.h70
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_ultrix.h18
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_unicos.h19
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_unicosmk.h18
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_unicosmp.h22
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_unixware.h42
-rw-r--r--contrib/sendmail/include/sm/path.h32
-rw-r--r--contrib/sendmail/include/sm/rpool.h189
-rw-r--r--contrib/sendmail/include/sm/sem.h59
-rw-r--r--contrib/sendmail/include/sm/sendmail.h24
-rw-r--r--contrib/sendmail/include/sm/setjmp.h46
-rw-r--r--contrib/sendmail/include/sm/shm.h43
-rw-r--r--contrib/sendmail/include/sm/signal.h81
-rw-r--r--contrib/sendmail/include/sm/string.h113
-rw-r--r--contrib/sendmail/include/sm/sysexits.h109
-rw-r--r--contrib/sendmail/include/sm/tailq.h157
-rw-r--r--contrib/sendmail/include/sm/test.h46
-rw-r--r--contrib/sendmail/include/sm/time.h56
-rw-r--r--contrib/sendmail/include/sm/types.h65
-rw-r--r--contrib/sendmail/include/sm/varargs.h45
-rw-r--r--contrib/sendmail/include/sm/xtrap.h38
-rw-r--r--contrib/sendmail/libmilter/Makefile19
-rw-r--r--contrib/sendmail/libmilter/Makefile.m440
-rw-r--r--contrib/sendmail/libmilter/README234
-rw-r--r--contrib/sendmail/libmilter/comm.c360
-rw-r--r--contrib/sendmail/libmilter/docs/api.html320
-rw-r--r--contrib/sendmail/libmilter/docs/design.html147
-rw-r--r--contrib/sendmail/libmilter/docs/figure1.fig56
-rw-r--r--contrib/sendmail/libmilter/docs/figure1.jpgbin21406 -> 0 bytes
-rw-r--r--contrib/sendmail/libmilter/docs/figure1.ps173
-rw-r--r--contrib/sendmail/libmilter/docs/figure2.fig67
-rw-r--r--contrib/sendmail/libmilter/docs/figure2.jpgbin47947 -> 0 bytes
-rw-r--r--contrib/sendmail/libmilter/docs/figure2.ps242
-rw-r--r--contrib/sendmail/libmilter/docs/index.html92
-rw-r--r--contrib/sendmail/libmilter/docs/installation.html165
-rw-r--r--contrib/sendmail/libmilter/docs/other.html18
-rw-r--r--contrib/sendmail/libmilter/docs/overview.html215
-rw-r--r--contrib/sendmail/libmilter/docs/sample.html537
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_addheader.html126
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_addrcpt.html83
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_addrcpt_par.html88
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_chgfrom.html94
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_chgheader.html120
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_delrcpt.html82
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_getpriv.html62
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_getsymval.html105
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_insheader.html145
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_main.html51
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_opensocket.html78
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_progress.html68
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_quarantine.html73
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_register.html224
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_replacebody.html93
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_setbacklog.html64
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_setconn.html93
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_setdbg.html67
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_setmlreply.html145
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_setpriv.html80
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_setreply.html117
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_setsymlist.html107
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_settimeout.html66
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_stop.html74
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_version.html86
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_abort.html83
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_body.html97
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_close.html81
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_connect.html121
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_data.html89
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_envfrom.html97
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_envrcpt.html97
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_eoh.html56
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_eom.html62
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_header.html111
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_helo.html64
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_negotiate.html277
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_unknown.html84
-rw-r--r--contrib/sendmail/libmilter/engine.c1777
-rw-r--r--contrib/sendmail/libmilter/example.c298
-rw-r--r--contrib/sendmail/libmilter/handler.c67
-rw-r--r--contrib/sendmail/libmilter/libmilter.h334
-rw-r--r--contrib/sendmail/libmilter/listener.c973
-rw-r--r--contrib/sendmail/libmilter/main.c246
-rw-r--r--contrib/sendmail/libmilter/monitor.c227
-rw-r--r--contrib/sendmail/libmilter/signal.c225
-rw-r--r--contrib/sendmail/libmilter/sm_gethost.c148
-rw-r--r--contrib/sendmail/libmilter/smfi.c889
-rw-r--r--contrib/sendmail/libmilter/worker.c792
-rw-r--r--contrib/sendmail/libsm/Makefile19
-rw-r--r--contrib/sendmail/libsm/Makefile.m444
-rw-r--r--contrib/sendmail/libsm/README132
-rw-r--r--contrib/sendmail/libsm/assert.c187
-rw-r--r--contrib/sendmail/libsm/assert.html359
-rw-r--r--contrib/sendmail/libsm/b-strcmp.c152
-rw-r--r--contrib/sendmail/libsm/b-strl.c202
-rw-r--r--contrib/sendmail/libsm/cdefs.html107
-rw-r--r--contrib/sendmail/libsm/cf.c100
-rw-r--r--contrib/sendmail/libsm/clock.c640
-rw-r--r--contrib/sendmail/libsm/clrerr.c39
-rw-r--r--contrib/sendmail/libsm/config.c260
-rw-r--r--contrib/sendmail/libsm/debug.c394
-rw-r--r--contrib/sendmail/libsm/debug.html272
-rw-r--r--contrib/sendmail/libsm/errstring.c283
-rw-r--r--contrib/sendmail/libsm/exc.c651
-rw-r--r--contrib/sendmail/libsm/exc.html757
-rw-r--r--contrib/sendmail/libsm/fclose.c149
-rw-r--r--contrib/sendmail/libsm/feof.c42
-rw-r--r--contrib/sendmail/libsm/ferror.c41
-rw-r--r--contrib/sendmail/libsm/fflush.c152
-rw-r--r--contrib/sendmail/libsm/fget.c110
-rw-r--r--contrib/sendmail/libsm/findfp.c430
-rw-r--r--contrib/sendmail/libsm/flags.c64
-rw-r--r--contrib/sendmail/libsm/fopen.c374
-rw-r--r--contrib/sendmail/libsm/fpos.c153
-rw-r--r--contrib/sendmail/libsm/fprintf.c55
-rw-r--r--contrib/sendmail/libsm/fpurge.c53
-rw-r--r--contrib/sendmail/libsm/fput.c52
-rw-r--r--contrib/sendmail/libsm/fread.c100
-rw-r--r--contrib/sendmail/libsm/fscanf.c55
-rw-r--r--contrib/sendmail/libsm/fseek.c336
-rw-r--r--contrib/sendmail/libsm/fvwrite.c279
-rw-r--r--contrib/sendmail/libsm/fvwrite.h30
-rw-r--r--contrib/sendmail/libsm/fwalk.c61
-rw-r--r--contrib/sendmail/libsm/fwrite.c67
-rw-r--r--contrib/sendmail/libsm/gen.html43
-rw-r--r--contrib/sendmail/libsm/get.c46
-rw-r--r--contrib/sendmail/libsm/glue.h27
-rw-r--r--contrib/sendmail/libsm/heap.c820
-rw-r--r--contrib/sendmail/libsm/heap.html424
-rw-r--r--contrib/sendmail/libsm/index.html174
-rw-r--r--contrib/sendmail/libsm/io.html745
-rw-r--r--contrib/sendmail/libsm/ldap.c1423
-rw-r--r--contrib/sendmail/libsm/local.h296
-rw-r--r--contrib/sendmail/libsm/makebuf.c154
-rw-r--r--contrib/sendmail/libsm/match.c137
-rw-r--r--contrib/sendmail/libsm/mbdb.c774
-rw-r--r--contrib/sendmail/libsm/memstat.c336
-rw-r--r--contrib/sendmail/libsm/mpeix.c646
-rw-r--r--contrib/sendmail/libsm/niprop.c213
-rw-r--r--contrib/sendmail/libsm/path.c15
-rw-r--r--contrib/sendmail/libsm/put.c80
-rw-r--r--contrib/sendmail/libsm/refill.c302
-rw-r--r--contrib/sendmail/libsm/rewind.c44
-rw-r--r--contrib/sendmail/libsm/rpool.c524
-rw-r--r--contrib/sendmail/libsm/rpool.html187
-rw-r--r--contrib/sendmail/libsm/sem.c203
-rw-r--r--contrib/sendmail/libsm/setvbuf.c190
-rw-r--r--contrib/sendmail/libsm/shm.c142
-rw-r--r--contrib/sendmail/libsm/signal.c340
-rw-r--r--contrib/sendmail/libsm/smstdio.c363
-rw-r--r--contrib/sendmail/libsm/snprintf.c87
-rw-r--r--contrib/sendmail/libsm/sscanf.c102
-rw-r--r--contrib/sendmail/libsm/stdio.c519
-rw-r--r--contrib/sendmail/libsm/strcasecmp.c106
-rw-r--r--contrib/sendmail/libsm/strdup.c166
-rw-r--r--contrib/sendmail/libsm/strerror.c60
-rw-r--r--contrib/sendmail/libsm/strexit.c127
-rw-r--r--contrib/sendmail/libsm/string.c56
-rw-r--r--contrib/sendmail/libsm/stringf.c86
-rw-r--r--contrib/sendmail/libsm/strio.c490
-rw-r--r--contrib/sendmail/libsm/strl.c324
-rw-r--r--contrib/sendmail/libsm/strrevcmp.c101
-rw-r--r--contrib/sendmail/libsm/strto.c254
-rw-r--r--contrib/sendmail/libsm/syslogio.c220
-rw-r--r--contrib/sendmail/libsm/t-cf.c46
-rw-r--r--contrib/sendmail/libsm/t-event.c88
-rw-r--r--contrib/sendmail/libsm/t-exc.c145
-rw-r--r--contrib/sendmail/libsm/t-float.c72
-rw-r--r--contrib/sendmail/libsm/t-fopen.c38
-rw-r--r--contrib/sendmail/libsm/t-heap.c64
-rw-r--r--contrib/sendmail/libsm/t-match.c47
-rw-r--r--contrib/sendmail/libsm/t-memstat.c110
-rw-r--r--contrib/sendmail/libsm/t-path.c35
-rw-r--r--contrib/sendmail/libsm/t-qic.c235
-rw-r--r--contrib/sendmail/libsm/t-rpool.c69
-rw-r--r--contrib/sendmail/libsm/t-scanf.c59
-rw-r--r--contrib/sendmail/libsm/t-sem.c346
-rw-r--r--contrib/sendmail/libsm/t-shm.c276
-rw-r--r--contrib/sendmail/libsm/t-smstdio.c75
-rw-r--r--contrib/sendmail/libsm/t-string.c46
-rw-r--r--contrib/sendmail/libsm/t-strio.c33
-rw-r--r--contrib/sendmail/libsm/t-strl.c136
-rw-r--r--contrib/sendmail/libsm/t-strrevcmp.c53
-rw-r--r--contrib/sendmail/libsm/t-types.c103
-rw-r--r--contrib/sendmail/libsm/test.c155
-rw-r--r--contrib/sendmail/libsm/ungetc.c181
-rw-r--r--contrib/sendmail/libsm/util.c250
-rw-r--r--contrib/sendmail/libsm/vasprintf.c104
-rw-r--r--contrib/sendmail/libsm/vfprintf.c1118
-rw-r--r--contrib/sendmail/libsm/vfscanf.c877
-rw-r--r--contrib/sendmail/libsm/vprintf.c39
-rw-r--r--contrib/sendmail/libsm/vsnprintf.c78
-rw-r--r--contrib/sendmail/libsm/wbuf.c88
-rw-r--r--contrib/sendmail/libsm/wsetup.c84
-rw-r--r--contrib/sendmail/libsm/xtrap.c21
-rw-r--r--contrib/sendmail/libsmdb/Makefile17
-rw-r--r--contrib/sendmail/libsmdb/Makefile.m415
-rw-r--r--contrib/sendmail/libsmdb/smdb.c549
-rw-r--r--contrib/sendmail/libsmdb/smdb1.c575
-rw-r--r--contrib/sendmail/libsmdb/smdb2.c698
-rw-r--r--contrib/sendmail/libsmdb/smndbm.c627
-rw-r--r--contrib/sendmail/libsmutil/Makefile17
-rw-r--r--contrib/sendmail/libsmutil/Makefile.m415
-rw-r--r--contrib/sendmail/libsmutil/cf.c76
-rw-r--r--contrib/sendmail/libsmutil/debug.c15
-rw-r--r--contrib/sendmail/libsmutil/err.c63
-rw-r--r--contrib/sendmail/libsmutil/lockfile.c82
-rw-r--r--contrib/sendmail/libsmutil/safefile.c983
-rw-r--r--contrib/sendmail/libsmutil/snprintf.c60
-rw-r--r--contrib/sendmail/mail.local/Makefile19
-rw-r--r--contrib/sendmail/mail.local/Makefile.m436
-rw-r--r--contrib/sendmail/mail.local/README64
-rw-r--r--contrib/sendmail/mail.local/mail.local.8152
-rw-r--r--contrib/sendmail/mail.local/mail.local.c1924
-rw-r--r--contrib/sendmail/mailstats/Makefile17
-rw-r--r--contrib/sendmail/mailstats/Makefile.m424
-rw-r--r--contrib/sendmail/mailstats/mailstats.8118
-rw-r--r--contrib/sendmail/mailstats/mailstats.c368
-rw-r--r--contrib/sendmail/makemap/Makefile17
-rw-r--r--contrib/sendmail/makemap/Makefile.m424
-rw-r--r--contrib/sendmail/makemap/makemap.8172
-rw-r--r--contrib/sendmail/makemap/makemap.c528
-rw-r--r--contrib/sendmail/praliases/Makefile17
-rw-r--r--contrib/sendmail/praliases/Makefile.m425
-rw-r--r--contrib/sendmail/praliases/praliases.857
-rw-r--r--contrib/sendmail/praliases/praliases.c397
-rw-r--r--contrib/sendmail/rmail/Makefile19
-rw-r--r--contrib/sendmail/rmail/Makefile.m438
-rw-r--r--contrib/sendmail/rmail/rmail.861
-rw-r--r--contrib/sendmail/rmail/rmail.c433
-rw-r--r--contrib/sendmail/smrsh/Makefile17
-rw-r--r--contrib/sendmail/smrsh/Makefile.m422
-rw-r--r--contrib/sendmail/smrsh/README166
-rw-r--r--contrib/sendmail/smrsh/smrsh.898
-rw-r--r--contrib/sendmail/smrsh/smrsh.c440
-rw-r--r--contrib/sendmail/src/Makefile19
-rw-r--r--contrib/sendmail/src/Makefile.m4103
-rw-r--r--contrib/sendmail/src/README1850
-rw-r--r--contrib/sendmail/src/SECURITY203
-rw-r--r--contrib/sendmail/src/TRACEFLAGS102
-rw-r--r--contrib/sendmail/src/TUNING230
-rw-r--r--contrib/sendmail/src/alias.c1015
-rw-r--r--contrib/sendmail/src/aliases65
-rw-r--r--contrib/sendmail/src/aliases.5131
-rw-r--r--contrib/sendmail/src/arpadate.c203
-rw-r--r--contrib/sendmail/src/bf.c864
-rw-r--r--contrib/sendmail/src/bf.h32
-rw-r--r--contrib/sendmail/src/collect.c1101
-rw-r--r--contrib/sendmail/src/conf.c6376
-rw-r--r--contrib/sendmail/src/conf.h232
-rw-r--r--contrib/sendmail/src/control.c431
-rw-r--r--contrib/sendmail/src/convtime.c202
-rw-r--r--contrib/sendmail/src/daemon.c4486
-rw-r--r--contrib/sendmail/src/daemon.h62
-rw-r--r--contrib/sendmail/src/deliver.c6258
-rw-r--r--contrib/sendmail/src/domain.c1166
-rw-r--r--contrib/sendmail/src/envelope.c1293
-rw-r--r--contrib/sendmail/src/err.c1158
-rw-r--r--contrib/sendmail/src/headers.c2311
-rw-r--r--contrib/sendmail/src/helpfile137
-rw-r--r--contrib/sendmail/src/macro.c730
-rw-r--r--contrib/sendmail/src/mailq.1135
-rw-r--r--contrib/sendmail/src/main.c4554
-rw-r--r--contrib/sendmail/src/map.c7989
-rw-r--r--contrib/sendmail/src/map.h86
-rw-r--r--contrib/sendmail/src/mci.c1561
-rw-r--r--contrib/sendmail/src/milter.c4736
-rw-r--r--contrib/sendmail/src/mime.c1325
-rw-r--r--contrib/sendmail/src/newaliases.150
-rw-r--r--contrib/sendmail/src/parseaddr.c3360
-rw-r--r--contrib/sendmail/src/queue.c8895
-rw-r--r--contrib/sendmail/src/ratectrl.c534
-rw-r--r--contrib/sendmail/src/readcf.c4564
-rw-r--r--contrib/sendmail/src/recipient.c2072
-rw-r--r--contrib/sendmail/src/sasl.c287
-rw-r--r--contrib/sendmail/src/savemail.c1761
-rw-r--r--contrib/sendmail/src/sendmail.8748
-rw-r--r--contrib/sendmail/src/sendmail.h2656
-rw-r--r--contrib/sendmail/src/sfsasl.c952
-rw-r--r--contrib/sendmail/src/sfsasl.h25
-rw-r--r--contrib/sendmail/src/shmticklib.c78
-rw-r--r--contrib/sendmail/src/sm_resolve.c456
-rw-r--r--contrib/sendmail/src/sm_resolve.h142
-rw-r--r--contrib/sendmail/src/srvrsmtp.c4974
-rw-r--r--contrib/sendmail/src/stab.c475
-rw-r--r--contrib/sendmail/src/stats.c198
-rw-r--r--contrib/sendmail/src/statusd_shm.h44
-rw-r--r--contrib/sendmail/src/sysexits.c167
-rw-r--r--contrib/sendmail/src/timers.c231
-rw-r--r--contrib/sendmail/src/timers.h33
-rw-r--r--contrib/sendmail/src/tls.c1671
-rw-r--r--contrib/sendmail/src/trace.c224
-rw-r--r--contrib/sendmail/src/udb.c1314
-rw-r--r--contrib/sendmail/src/usersmtp.c3318
-rw-r--r--contrib/sendmail/src/util.c2853
-rw-r--r--contrib/sendmail/src/version.c18
-rw-r--r--contrib/sendmail/test/Makefile19
-rw-r--r--contrib/sendmail/test/Makefile.m419
-rw-r--r--contrib/sendmail/test/README27
-rw-r--r--contrib/sendmail/test/Results198
-rw-r--r--contrib/sendmail/test/t_dropgid.c154
-rw-r--r--contrib/sendmail/test/t_exclopen.c113
-rw-r--r--contrib/sendmail/test/t_pathconf.c84
-rw-r--r--contrib/sendmail/test/t_seteuid.c139
-rw-r--r--contrib/sendmail/test/t_setgid.c119
-rw-r--r--contrib/sendmail/test/t_setreuid.c163
-rw-r--r--contrib/sendmail/test/t_setuid.c111
-rw-r--r--contrib/sendmail/test/t_snprintf.c39
-rw-r--r--contrib/sendmail/vacation/Makefile17
-rw-r--r--contrib/sendmail/vacation/Makefile.m423
-rw-r--r--contrib/sendmail/vacation/vacation.1285
-rw-r--r--contrib/sendmail/vacation/vacation.c1180
570 files changed, 0 insertions, 198320 deletions
diff --git a/contrib/sendmail/CACerts b/contrib/sendmail/CACerts
deleted file mode 100644
index b74fb7f19179..000000000000
--- a/contrib/sendmail/CACerts
+++ /dev/null
@@ -1,236 +0,0 @@
-# $Id: CACerts,v 8.3 2007/06/11 22:04:46 ca Exp $
-# This file contains some CA certificates that are used to sign the
-# certificates of mail servers of members of the sendmail consortium
-# who may reply to questions etc sent to sendmail.org.
-# It is useful to allow connections from those MTAs that can present
-# a certificate signed by one of these CA certificates.
-#
-
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 0 (0x0)
- Signature Algorithm: md5WithRSAEncryption
- Issuer: C=US, ST=California, L=Berkeley, O=Sendmail Consortium, CN=Certificate Authority/emailAddress=certificates@sendmail.org
- Validity
- Not Before: Feb 1 21:51:47 2003 GMT
- Not After : Jan 31 21:51:47 2008 GMT
- Subject: C=US, ST=California, L=Berkeley, O=Sendmail Consortium, CN=Certificate Authority/emailAddress=certificates@sendmail.org
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:9a:fb:dc:4c:a3:58:21:1b:84:78:0a:53:56:b3:
- 8d:84:05:b7:db:dd:d7:81:ea:dd:c1:ab:d4:be:d9:
- 2b:12:e0:6d:3a:31:d5:f0:7b:13:fc:d8:da:09:0b:
- 71:11:8e:b9:48:c4:ab:ae:f5:9c:4c:e2:04:27:8e:
- c8:03:3a:aa:00:8b:46:f2:79:09:ae:65:b2:9a:66:
- e7:ac:a9:ea:32:f7:4a:4e:fd:da:41:48:34:5a:9d:
- b0:42:ea:55:40:17:27:5e:67:9e:e5:ce:dc:84:6d:
- 1d:48:37:23:11:68:9d:a8:d4:58:02:05:ea:88:35:
- bd:0d:b6:28:d5:cd:d4:d8:95
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- DE:CD:6E:B8:89:34:06:3D:E9:CD:A7:FE:45:4F:4E:FB:E1:8D:E7:79
- X509v3 Authority Key Identifier:
- keyid:DE:CD:6E:B8:89:34:06:3D:E9:CD:A7:FE:45:4F:4E:FB:E1:8D:E7:79
- DirName:/C=US/ST=California/L=Berkeley/O=Sendmail Consortium/CN=Certificate Authority/emailAddress=certificates@sendmail.org
- serial:00
-
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: md5WithRSAEncryption
- 66:92:b9:57:17:3b:6a:0e:72:b1:85:29:53:9f:11:68:a0:0d:
- 79:43:d0:7c:48:73:b9:71:09:50:08:02:03:0b:28:0c:33:9a:
- 00:ac:94:69:4f:bc:0f:45:6b:f5:3a:ca:6a:87:a1:7f:28:f7:
- 9a:c4:b6:b0:f3:dc:a3:eb:42:95:9f:99:19:f8:b8:84:6d:f1:
- 1d:bc:9f:f0:a0:cc:60:2d:00:6b:17:55:33:16:85:d1:73:e1:
- 00:59:89:33:19:c4:2e:29:5a:39:a7:0e:e7:9b:d2:4c:c7:b9:
- 7d:6a:3e:b4:00:83:86:d3:16:28:fd:ad:55:65:60:4e:14:02:
- 46:d3
------BEGIN CERTIFICATE-----
-MIIDsDCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBnTELMAkGA1UEBhMCVVMx
-EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCEJlcmtlbGV5MRwwGgYDVQQK
-ExNTZW5kbWFpbCBDb25zb3J0aXVtMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRo
-b3JpdHkxKDAmBgkqhkiG9w0BCQEWGWNlcnRpZmljYXRlc0BzZW5kbWFpbC5vcmcw
-HhcNMDMwMjAxMjE1MTQ3WhcNMDgwMTMxMjE1MTQ3WjCBnTELMAkGA1UEBhMCVVMx
-EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCEJlcmtlbGV5MRwwGgYDVQQK
-ExNTZW5kbWFpbCBDb25zb3J0aXVtMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRo
-b3JpdHkxKDAmBgkqhkiG9w0BCQEWGWNlcnRpZmljYXRlc0BzZW5kbWFpbC5vcmcw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJr73EyjWCEbhHgKU1azjYQFt9vd
-14Hq3cGr1L7ZKxLgbTox1fB7E/zY2gkLcRGOuUjEq671nEziBCeOyAM6qgCLRvJ5
-Ca5lsppm56yp6jL3Sk792kFINFqdsELqVUAXJ15nnuXO3IRtHUg3IxFonajUWAIF
-6og1vQ22KNXN1NiVAgMBAAGjgf0wgfowHQYDVR0OBBYEFN7NbriJNAY96c2n/kVP
-Tvvhjed5MIHKBgNVHSMEgcIwgb+AFN7NbriJNAY96c2n/kVPTvvhjed5oYGjpIGg
-MIGdMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMI
-QmVya2VsZXkxHDAaBgNVBAoTE1NlbmRtYWlsIENvbnNvcnRpdW0xHjAcBgNVBAMT
-FUNlcnRpZmljYXRlIEF1dGhvcml0eTEoMCYGCSqGSIb3DQEJARYZY2VydGlmaWNh
-dGVzQHNlbmRtYWlsLm9yZ4IBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUA
-A4GBAGaSuVcXO2oOcrGFKVOfEWigDXlD0HxIc7lxCVAIAgMLKAwzmgCslGlPvA9F
-a/U6ymqHoX8o95rEtrDz3KPrQpWfmRn4uIRt8R28n/CgzGAtAGsXVTMWhdFz4QBZ
-iTMZxC4pWjmnDueb0kzHuX1qPrQAg4bTFij9rVVlYE4UAkbT
------END CERTIFICATE-----
-
-
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 0 (0x0)
- Signature Algorithm: md5WithRSAEncryption
- Issuer: C=US, ST=Illinois, L=De Kalb, O=Northern Illinois University, OU=Computer Science, CN=Neil Rickert/emailAddress=rickert@cs.niu.edu
- Validity
- Not Before: May 12 00:40:50 2000 GMT
- Not After : May 20 00:40:50 2010 GMT
- Subject: C=US, ST=Illinois, L=De Kalb, O=Northern Illinois University, OU=Computer Science, CN=Neil Rickert/emailAddress=rickert@cs.niu.edu
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b1:1b:49:06:ef:3f:44:e0:93:ad:8c:a7:f7:21:
- 7c:87:cb:da:35:f6:4b:a2:fd:8a:a0:07:5b:cc:6a:
- 9b:89:33:fc:24:f5:b1:24:59:5a:25:50:fd:16:d7:
- d4:bc:c7:04:1d:df:90:9b:5e:c3:a8:e9:8b:7d:a3:
- 5d:9a:e9:7f:e5:2b:ea:15:a7:ad:ba:58:26:0a:11:
- 49:4f:da:9a:67:7f:b0:a6:66:f4:27:b6:61:4e:3c:
- c8:3e:a0:2f:6a:b4:0e:15:d6:39:f8:92:60:85:df:
- a6:34:f3:fa:a4:a5:e4:47:49:e7:87:a4:a5:5c:8e:
- 6a:2f:13:76:5f:29:f3:64:73
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- B6:31:78:BB:7E:AA:4D:A1:5D:FD:A2:24:18:C6:90:5A:2D:2F:19:48
- X509v3 Authority Key Identifier:
- keyid:B6:31:78:BB:7E:AA:4D:A1:5D:FD:A2:24:18:C6:90:5A:2D:2F:19:48
- DirName:/C=US/ST=Illinois/L=De Kalb/O=Northern Illinois University/OU=Computer Science/CN=Neil Rickert/emailAddress=rickert@cs.niu.edu
- serial:00
-
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: md5WithRSAEncryption
- 60:69:23:65:97:51:5c:06:a4:42:cb:00:e7:9a:dc:39:70:c3:
- d3:5d:bf:0f:e0:04:54:4d:d9:dc:12:57:12:6c:67:fd:5b:b0:
- 39:63:ea:c4:12:65:51:bb:3d:f1:f7:25:b4:cd:0b:f6:5b:7a:
- 61:25:ad:06:0a:01:55:dc:71:05:29:0d:73:e9:30:51:be:d3:
- e1:b2:89:fc:0f:28:f7:06:75:96:1b:34:75:e0:07:e5:3b:b3:
- 0b:28:24:e5:79:ea:55:39:e7:d2:ee:ec:63:b4:e4:c6:ee:cb:
- 15:d0:c8:eb:3b:4f:36:10:a4:6a:c0:6b:03:e8:29:72:c7:a7:
- 10:00
------BEGIN CERTIFICATE-----
-MIID5TCCA06gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBrjELMAkGA1UEBhMCVVMx
-ETAPBgNVBAgTCElsbGlub2lzMRAwDgYDVQQHEwdEZSBLYWxiMSUwIwYDVQQKExxO
-b3J0aGVybiBJbGxpbm9pcyBVbml2ZXJzaXR5MRkwFwYDVQQLExBDb21wdXRlciBT
-Y2llbmNlMRUwEwYDVQQDEwxOZWlsIFJpY2tlcnQxITAfBgkqhkiG9w0BCQEWEnJp
-Y2tlcnRAY3Mubml1LmVkdTAeFw0wMDA1MTIwMDQwNTBaFw0xMDA1MjAwMDQwNTBa
-MIGuMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0Rl
-IEthbGIxJTAjBgNVBAoTHE5vcnRoZXJuIElsbGlub2lzIFVuaXZlcnNpdHkxGTAX
-BgNVBAsTEENvbXB1dGVyIFNjaWVuY2UxFTATBgNVBAMTDE5laWwgUmlja2VydDEh
-MB8GCSqGSIb3DQEJARYScmlja2VydEBjcy5uaXUuZWR1MIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCxG0kG7z9E4JOtjKf3IXyHy9o19kui/YqgB1vMapuJM/wk
-9bEkWVolUP0W19S8xwQd35CbXsOo6Yt9o12a6X/lK+oVp626WCYKEUlP2ppnf7Cm
-ZvQntmFOPMg+oC9qtA4V1jn4kmCF36Y08/qkpeRHSeeHpKVcjmovE3ZfKfNkcwID
-AQABo4IBDzCCAQswHQYDVR0OBBYEFLYxeLt+qk2hXf2iJBjGkFotLxlIMIHbBgNV
-HSMEgdMwgdCAFLYxeLt+qk2hXf2iJBjGkFotLxlIoYG0pIGxMIGuMQswCQYDVQQG
-EwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0RlIEthbGIxJTAjBgNV
-BAoTHE5vcnRoZXJuIElsbGlub2lzIFVuaXZlcnNpdHkxGTAXBgNVBAsTEENvbXB1
-dGVyIFNjaWVuY2UxFTATBgNVBAMTDE5laWwgUmlja2VydDEhMB8GCSqGSIb3DQEJ
-ARYScmlja2VydEBjcy5uaXUuZWR1ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
-AQEEBQADgYEAYGkjZZdRXAakQssA55rcOXDD012/D+AEVE3Z3BJXEmxn/VuwOWPq
-xBJlUbs98fcltM0L9lt6YSWtBgoBVdxxBSkNc+kwUb7T4bKJ/A8o9wZ1lhs0deAH
-5TuzCygk5XnqVTnn0u7sY7Tkxu7LFdDI6ztPNhCkasBrA+gpcsenEAA=
------END CERTIFICATE-----
-
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- fa:7c:2c:80:29:3f:c2:64
- Signature Algorithm: md5WithRSAEncryption
- Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2007/emailAddress=ca+ca-rsa2007@esmtp.org
- Validity
- Not Before: May 4 02:07:56 2007 GMT
- Not After : May 3 02:07:56 2010 GMT
- Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2007/emailAddress=ca+ca-rsa2007@esmtp.org
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b0:28:91:31:af:82:ce:72:ef:36:ab:7d:e9:b1:
- f5:77:66:38:4b:38:1f:5f:3d:12:d3:c8:fd:9a:f4:
- d4:f6:b8:90:f9:26:5f:29:f7:43:f9:34:ec:65:62:
- 01:bb:64:f1:5d:ea:75:04:3d:92:65:60:a2:06:62:
- fa:88:ca:d8:20:50:c8:1e:38:53:b5:18:dd:b7:bd:
- c7:08:35:4c:d9:dc:c6:97:56:37:b6:65:33:74:5a:
- b2:c3:85:08:2b:b7:26:70:ff:38:02:1a:67:6a:d0:
- 49:18:10:4b:f8:db:af:06:9c:b1:a8:82:a1:b1:75:
- d2:52:9b:53:0c:ca:a7:e3:15:38:79:6d:a1:f5:ef:
- 7c:8b:fd:bd:04:78:f9:e8:1e:b9:92:ea:74:d7:45:
- 1e:4c:c8:bd:f4:5c:fc:1a:7f:e7:31:c6:ab:cb:78:
- c7:4d:2f:b5:72:10:35:27:4a:1a:fa:53:19:f8:a7:
- 59:63:eb:e9:15:ab:dc:71:69:8c:42:1c:96:4e:89:
- 80:66:c9:9e:21:d5:3d:08:19:74:a5:f5:07:a0:ae:
- de:79:af:fd:42:c2:79:7e:8c:f8:39:22:3b:c3:c4:
- 58:3b:d0:0d:e6:a9:11:b6:a2:cd:2e:e5:16:66:fd:
- 7e:65:33:94:b0:36:80:27:f5:80:76:a9:e5:df:f2:
- cf:ef
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- B2:49:6B:52:45:EE:90:36:D2:79:47:03:33:D9:A0:BA:80:50:DA:1C
- X509v3 Authority Key Identifier:
- keyid:B2:49:6B:52:45:EE:90:36:D2:79:47:03:33:D9:A0:BA:80:50:DA:1C
- DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=Claus Assmann CA RSA 2007/emailAddress=ca+ca-rsa2007@esmtp.org
- serial:FA:7C:2C:80:29:3F:C2:64
-
- X509v3 Basic Constraints:
- CA:TRUE
- X509v3 Subject Alternative Name:
- email:ca+ca-rsa2007@esmtp.org
- X509v3 Issuer Alternative Name:
- email:ca+ca-rsa2007@esmtp.org
- Signature Algorithm: md5WithRSAEncryption
- 98:98:7c:d3:d0:5b:72:47:15:e6:22:68:bb:78:0e:78:66:e9:
- 56:16:d8:bc:9d:5a:dc:27:29:fb:91:2d:6a:21:35:18:56:b4:
- 4f:2a:09:c0:08:6f:9a:59:2b:2e:72:9a:fb:50:ba:c7:a9:91:
- a0:f9:6c:be:cf:78:42:43:02:70:53:97:ba:6a:e3:da:17:e8:
- 1f:c7:3a:5b:e7:bc:eb:e5:24:4c:f5:cf:61:34:1e:20:ed:17:
- 63:ef:81:d3:9e:25:fe:cc:05:19:cc:8a:82:c9:4c:3a:b5:6b:
- 49:51:76:46:02:aa:60:bb:c4:b9:61:48:33:da:79:8d:46:a3:
- 06:20:98:f3:b2:db:3b:ad:c9:1d:0e:97:3d:b7:14:19:d3:7d:
- 04:8b:6a:81:e0:11:5b:e1:35:a3:ff:2f:11:86:1c:31:85:7a:
- fd:3f:36:ef:99:25:46:2e:b0:cb:43:45:4a:ec:be:d3:3f:a4:
- 77:9b:79:cc:ce:92:63:a5:d9:ed:db:a0:9d:5d:7c:d7:80:f6:
- c9:41:fb:02:96:8e:fd:f3:da:05:9d:81:a7:25:da:26:35:3b:
- a9:0c:8c:f5:a7:5d:48:ec:87:c7:7a:60:51:76:f2:de:9b:14:
- 2b:55:8a:43:df:99:19:f3:eb:e7:03:e6:a7:a2:a2:28:dd:d5:
- 07:6a:3f:f7
------BEGIN CERTIFICATE-----
-MIIFJzCCBA+gAwIBAgIJAPp8LIApP8JkMA0GCSqGSIb3DQEBBAUAMIGlMQswCQYD
-VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIQmVya2VsZXkx
-FDASBgNVBAoTC0VuZG1haWwgT3JnMQwwCgYDVQQLEwNNVEExIjAgBgNVBAMTGUNs
-YXVzIEFzc21hbm4gQ0EgUlNBIDIwMDcxJjAkBgkqhkiG9w0BCQEWF2NhK2NhLXJz
-YTIwMDdAZXNtdHAub3JnMB4XDTA3MDUwNDAyMDc1NloXDTEwMDUwMzAyMDc1Nlow
-gaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhC
-ZXJrZWxleTEUMBIGA1UEChMLRW5kbWFpbCBPcmcxDDAKBgNVBAsTA01UQTEiMCAG
-A1UEAxMZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAwNzEmMCQGCSqGSIb3DQEJARYX
-Y2ErY2EtcnNhMjAwN0Blc210cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQCwKJExr4LOcu82q33psfV3ZjhLOB9fPRLTyP2a9NT2uJD5Jl8p90P5
-NOxlYgG7ZPFd6nUEPZJlYKIGYvqIytggUMgeOFO1GN23vccINUzZ3MaXVje2ZTN0
-WrLDhQgrtyZw/zgCGmdq0EkYEEv4268GnLGogqGxddJSm1MMyqfjFTh5baH173yL
-/b0EePnoHrmS6nTXRR5MyL30XPwaf+cxxqvLeMdNL7VyEDUnShr6Uxn4p1lj6+kV
-q9xxaYxCHJZOiYBmyZ4h1T0IGXSl9Qegrt55r/1Cwnl+jPg5IjvDxFg70A3mqRG2
-os0u5RZm/X5lM5SwNoAn9YB2qeXf8s/vAgMBAAGjggFWMIIBUjAdBgNVHQ4EFgQU
-sklrUkXukDbSeUcDM9mguoBQ2hwwgdoGA1UdIwSB0jCBz4AUsklrUkXukDbSeUcD
-M9mguoBQ2hyhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y
-bmlhMREwDwYDVQQHEwhCZXJrZWxleTEUMBIGA1UEChMLRW5kbWFpbCBPcmcxDDAK
-BgNVBAsTA01UQTEiMCAGA1UEAxMZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAwNzEm
-MCQGCSqGSIb3DQEJARYXY2ErY2EtcnNhMjAwN0Blc210cC5vcmeCCQD6fCyAKT/C
-ZDAMBgNVHRMEBTADAQH/MCIGA1UdEQQbMBmBF2NhK2NhLXJzYTIwMDdAZXNtdHAu
-b3JnMCIGA1UdEgQbMBmBF2NhK2NhLXJzYTIwMDdAZXNtdHAub3JnMA0GCSqGSIb3
-DQEBBAUAA4IBAQCYmHzT0FtyRxXmImi7eA54ZulWFti8nVrcJyn7kS1qITUYVrRP
-KgnACG+aWSsucpr7ULrHqZGg+Wy+z3hCQwJwU5e6auPaF+gfxzpb57zr5SRM9c9h
-NB4g7Rdj74HTniX+zAUZzIqCyUw6tWtJUXZGAqpgu8S5YUgz2nmNRqMGIJjzsts7
-rckdDpc9txQZ030Ei2qB4BFb4TWj/y8RhhwxhXr9PzbvmSVGLrDLQ0VK7L7TP6R3
-m3nMzpJjpdnt26CdXXzXgPbJQfsClo7989oFnYGnJdomNTupDIz1p11I7IfHemBR
-dvLemxQrVYpD35kZ8+vnA+anoqIo3dUHaj/3
------END CERTIFICATE-----
diff --git a/contrib/sendmail/FAQ b/contrib/sendmail/FAQ
deleted file mode 100644
index f8c2e8409ceb..000000000000
--- a/contrib/sendmail/FAQ
+++ /dev/null
@@ -1,8 +0,0 @@
-The FAQ is no longer maintained with the sendmail release. It is
-available at http://www.sendmail.org/faq/ .
-
-A plain-text version of the questions only, with URLs referring to
-the answers, is posted to comp.mail.sendmail on the 10th and 25th
-of each month.
-
-$Revision: 8.24 $, Last updated $Date: 1999/02/07 03:21:03 $
diff --git a/contrib/sendmail/INSTALL b/contrib/sendmail/INSTALL
deleted file mode 100644
index 4337389fa69a..000000000000
--- a/contrib/sendmail/INSTALL
+++ /dev/null
@@ -1,46 +0,0 @@
-
- Installing sendmail
-
-**Note**: Starting with sendmail 8.12, sendmail is no longer set-user-ID
-root by default. As a result of this, you need to install two .cf files.
-See steps 4 and 6 in this document. We also strongly recommend reading
-sendmail/SECURITY for more installation information.
-
-1. Read all the README files noted in the INTRODUCTION section of the README
- file in this top-level directory.
-
-2. Create any necessary site configuration build files, as noted in
- devtools/Site/README.
-
-3. In the sendmail/ directory, run "sh ./Build" (see sendmail/README for
- details).
-
-4. Change to the cf/cf/ directory (that's not a typo): Copy whichever .mc
- file best matches your environment to sendmail.mc. Next, tailor it
- as explained in cf/README. Then run
- "sh ./Build sendmail.cf".
-
-5. Back up your current /etc/mail/sendmail.cf and the sendmail binary (whose
- location varies from operating system to operating system, but is usually
- in /usr/sbin or /usr/lib).
-
-6. Install sendmail.cf as /etc/mail/sendmail.cf and submit.cf as
- /etc/mail/submit.cf. This can be done in the cf/cf by using
- "sh ./Build install-cf".
-
- Please read sendmail/SECURITY before continuing; you have to create a
- new user smmsp and a new group smmsp for the default installation.
- Then install the sendmail binary built in step 3 by cd-ing back to
- sendmail/ and running "sh ./Build install".
-
-7. For each of the associated sendmail utilities (makemap, mailstats,
- etc.), read the README in the utility's directory if it exists. When
- you are ready to install it, back up your installed version and type
- "sh ./Build install".
-
-8. If you are upgrading from an older version of sendmail and are using any
- database maps, be sure to rebuild them with the new version of makemap,
- in case you are now using a different (and thereby incompatible) version
- of Berkeley DB.
-
-$Revision: 8.16 $, Last updated $Date: 2007/10/03 21:00:28 $
diff --git a/contrib/sendmail/KNOWNBUGS b/contrib/sendmail/KNOWNBUGS
deleted file mode 100644
index 6c7adb11fdf2..000000000000
--- a/contrib/sendmail/KNOWNBUGS
+++ /dev/null
@@ -1,250 +0,0 @@
-
-
- K N O W N B U G S I N S E N D M A I L
-
-
-The following are bugs or deficiencies in sendmail that we are aware of
-but which have not been fixed in the current release. You probably
-want to get the most up to date version of this from ftp.sendmail.org
-in /pub/sendmail/KNOWNBUGS. For descriptions of bugs that have been
-fixed, see the file RELEASE_NOTES (in the root directory of the sendmail
-distribution).
-
-This list is not guaranteed to be complete.
-
-* Delivery to programs that generate too much output may cause problems
-
- If e-mail is delivered to a program which generates too much
- output, then sendmail may issue an error:
-
- timeout waiting for input from local during Draining Input
-
- Make sure that the program does not generate output beyond a
- status message (corresponding to the exit status). This may
- require a wrapper around the actual program to redirect output
- to /dev/null.
-
- Such a problem has been reported for bulk_mailer.
-
-* Null bytes are not handled properly in headers.
-
- Sendmail should handle full binary data. As it stands, it handles
- all values in the body, but not 0x00 in the header. Changing
- this would require a major restructuring of the code -- for
- example, almost no C library support could be used to handle
- strings.
-
-* Header checks are not called if header value is too long or empty.
-
- If the value of a header is longer than 1250 (MAXNAME + MAXATOM - 6)
- characters or it contains a single word longer than 256 (MAXNAME)
- characters then no header check is done even if one is configured for
- the header.
-
-* Header lines which are too long will be split incorrectly.
-
- Header lines which are longer than 2045 characters will be split
- but some characters might be lost. Fix: obey RFC (2)822 and do not
- send lines that are longer than 1000 characters.
-
-* Sender addresses whose domain part cause a temporary A record lookup
- failure but have a valid MX record will be temporarily rejected in
- the default configuration. Solution: fix the DNS at the sender side.
- If that's not easy to achieve, possible workarounds are:
- - add an entry to the access map:
- dom.ain OK
- - (only for advanced users) replace
-
-# Resolve map (to check if a host exists in check_mail)
-Kresolve host -a<OKR> -T<TEMP>
-
- with
-
-# Resolve map (to check if a host exists in check_mail)
-Kcanon host -a<OKR> -T<TEMP>
-Kdnsmx dns -R MX -a<OKR> -T<TEMP>
-Kresolve sequence dnsmx canon
-
-
-* Duplicate error messages.
-
- Sometimes identical, duplicate error messages can be generated. As
- near as I can tell, this is rare and relatively innocuous.
-
-* Misleading error messages.
-
- If an illegal address is specified on the command line together
- with at least one valid address and PostmasterCopy is set, the
- DSN does not contain the illegal address, but only the valid
- address(es).
-
-* \231 considered harmful.
-
- Header addresses that have the \231 character (and possibly others
- in the range \201 - \237) behave in odd and usually unexpected ways.
-
-* accept() problem on SVR4.
-
- Apparently, the sendmail daemon loop (doing accept()s on the network)
- can get into a weird state on SVR4; it starts logging ``SYSERR:
- getrequests: accept: Protocol Error''. The workaround is to kill
- and restart the sendmail daemon. We don't have an SVR4 system at
- Berkeley that carries more than token mail load, so I can't validate
- this. It is likely to be a glitch in the sockets emulation, since
- "Protocol Error" is not possible error code with Berkeley TCP/IP.
-
- I've also had someone report the message ``sendmail: accept:
- SIOCGPGRP failed errno 22'' on an SVR4 system. This message is
- not in the sendmail source code, so I assume it is also a bug
- in the sockets emulation. (Errno 22 is EINVAL "Invalid Argument"
- on all the systems I have available, including Solaris 2.x.)
- Apparently, this problem is due to linking -lc before -lsocket;
- if you are having this problem, check your Makefile.
-
-* accept() problem on Linux.
-
- The accept() in sendmail daemon loop can return ETIMEDOUT. An
- error is reported to syslog:
-
- Jun 9 17:14:12 hostname sendmail[207]: NOQUEUE: SYSERR(root):
- getrequests: accept: Connection timed out
-
- "Connection timed out" is not documented as a valid return from
- accept(2) and this was believed to be a bug in the Linux kernel.
- Later information from the Linux kernel group states that Linux
- 2.0 kernels follow RFC1122 while sendmail follows the original BSD
- (now POSIX 1003.1g draft) specification. The 2.1.X and later kernels
- will follow the POSIX draft.
-
-* Excessive mailing list nesting can run out of file descriptors.
-
- If you have a mailing list that includes lots of other mailing
- lists, each of which has a separate owner, you can run out of
- file descriptors. Each mailing list with a separate owner uses
- one open file descriptor (prior to 8.6.6 it was three open
- file descriptors per list). This is particularly egregious if
- you have your connection cache set to be large.
-
-* Connection caching breaks if you pass the port number as an argument.
-
- If you have a definition such as:
-
- Mport, P=[IPC], F=kmDFMuX, S=11/31, R=21,
- M=2100000, T=DNS/RFC822/SMTP,
- A=IPC [127.0.0.1] $h
-
- (i.e., where $h is the port number instead of the host name) the
- connection caching code will break because it won't notice that
- two messages addressed to different ports should use different
- connections.
-
-* ESMTP SIZE underestimates the size of a message
-
- Sendmail makes no allowance for headers that it adds, nor does it
- account for the SMTP on-the-wire \r\n expansion. It probably doesn't
- allow for 8->7 bit MIME conversions either.
-
-* Client ignores SIZE parameter.
-
- When sendmail acts as client and the server specifies a limit
- for the mail size, sendmail will ignore this and try to send the
- mail anyway. The server will usually reject the MAIL command
- which specifies the size of the message and hence this problem
- is not significant.
-
-* Paths to programs being executed and the mode of program files are
- not checked. Essentially, the RunProgramInUnsafeDirPath and
- RunWritableProgram bits in the DontBlameSendmail option are always
- set. This is not a problem if your system is well managed (that is,
- if binaries and system directories are mode 755 instead of something
- foolish like 777).
-
-* 8-bit data in GECOS field
-
- If the GECOS (personal name) information in the passwd file contains
- 8-bit characters, those characters can be included in the message
- header, which can cause problems when sending SMTP to hosts that
- only accept 7-bit characters.
-
-* 8->7 bit MIME conversion
-
- When sendmail is doing 8->7 bit MIME conversions, and the message
- contains certain MIME body types that cannot be converted to 7-bit,
- sendmail will pass the message as 8-bit.
-
-* 7->8 bit MIME conversion
-
- If a message that is encoded as 7-bit MIME is converted to 8-bit and
- that message when decoded is illegal (e.g., because of long lines or
- illegal characters), sendmail can produce an illegal message.
-
-* MIME encoded full name phrases in the From: header
-
- If a full name phrase includes characters from MustQuoteChars, sendmail
- will quote the entire full name phrase. If MustQuoteChars includes
- characters which are not special characters according to STD 11 (RFC
- 822), this quotation can interfere with MIME encoded full name phrases.
- By default, sendmail includes the single quote character (') in
- MustQuoteChars even though it is not listed as a special character in
- STD 11.
-
-* bestmx map with -z flag truncates the list of MX hosts
-
- A bestmx map configured with the -z flag will truncate the list
- of MX hosts. This prevents creation of strings which are too
- long for ruleset parsing. This can have an adverse effect on the
- relay_based_on_MX feature.
-
-* Saving to ~sender/dead.letter fails if su'ed to root
-
- If ErrorMode is set to print and an error in sending mail occurs,
- the normal action is to print a message to the screen and append
- the message to a dead.letter file in the sender's home directory.
- In the case where the sender is using su to act as root, the file
- safety checks prevent sendmail from saving the dead.letter file
- because the sender's uid and the current real uid do not match.
-
-* Berkeley DB 2.X race condition with fcntl() locking
-
- There is a race condition for Berkeley DB 2.X databases on
- operating systems which use fcntl() style locking, such as
- Solaris. Sendmail locks the map before calling db_open() to
- prevent others from modifying the map while it is being opened.
- Unfortunately, Berkeley DB opens the map, closes it, and then
- reopens it. fcntl() locking drops the lock when any file
- descriptor pointing to the file is closed, even if it is a
- different file descriptor than the one used to initially lock
- the file. As a result there is a possibility that entries in a
- map might not be found during a map rebuild. As a workaround,
- you can use makemap to build a map with a new name and then
- "mv" the new db file to replace the old one.
-
- Sleepycat Software has added code to avoid this race condition to
- Berkeley DB versions after 2.7.5.
-
-* File open timeouts not available on hard mounted NFS file systems
-
- Since SIGALRM does not interrupt an RPC call for hard mounted
- NFS file systems, it is impossible to implement a timeout on a file
- open operation. Therefore, while the NFS server is not responding,
- attempts to open a file on that server will hang. Systems with
- local mail delivery and NFS hard mounted home directories should be
- avoided, as attempts to open the forward files could hang.
-
-* Race condition for delivery to set-user-ID files
-
- Sendmail will deliver to a fail if the file is owned by the DefaultUser
- or has the set-user-ID bit set. Unfortunately, some systems clear that bit
- when a file is modified. Sendmail compensates by resetting the file mode
- back to it's original settings. Unfortunately, there's still a
- permission failure race as sendmail checks the permissions before locking
- the file. This is unavoidable as sendmail must verify the file is safe
- to open before opening it. A file can not be locked until it is open.
-
-* MAIL_HUB always takes precedence over LOCAL_RELAY
-
- Despite the information in the documentation, MAIL_HUB ($H) will always
- be used if set instead of LOCAL_RELAY ($R). This will be fixed in a
- future version.
-
-$Revision: 8.59 $, Last updated $Date: 2007/02/21 23:13:58 $
diff --git a/contrib/sendmail/LICENSE b/contrib/sendmail/LICENSE
deleted file mode 100644
index e8639f5a5a92..000000000000
--- a/contrib/sendmail/LICENSE
+++ /dev/null
@@ -1,79 +0,0 @@
- SENDMAIL LICENSE
-
-The following license terms and conditions apply, unless a different
-license is obtained from Sendmail, Inc., 6425 Christie Ave, Fourth Floor,
-Emeryville, CA 94608, USA, or by electronic mail at license@sendmail.com.
-
-License Terms:
-
-Use, Modification and Redistribution (including distribution of any
-modified or derived work) in source and binary forms is permitted only if
-each of the following conditions is met:
-
-1. Redistributions qualify as "freeware" or "Open Source Software" under
- one of the following terms:
-
- (a) Redistributions are made at no charge beyond the reasonable cost of
- materials and delivery.
-
- (b) Redistributions are accompanied by a copy of the Source Code or by an
- irrevocable offer to provide a copy of the Source Code for up to three
- years at the cost of materials and delivery. Such redistributions
- must allow further use, modification, and redistribution of the Source
- Code under substantially the same terms as this license. For the
- purposes of redistribution "Source Code" means the complete compilable
- and linkable source code of sendmail including all modifications.
-
-2. Redistributions of source code must retain the copyright notices as they
- appear in each source code file, these license terms, and the
- disclaimer/limitation of liability set forth as paragraph 6 below.
-
-3. Redistributions in binary form must reproduce the Copyright Notice,
- these license terms, and the disclaimer/limitation of liability set
- forth as paragraph 6 below, in the documentation and/or other materials
- provided with the distribution. For the purposes of binary distribution
- the "Copyright Notice" refers to the following language:
- "Copyright (c) 1998-2004 Sendmail, Inc. All rights reserved."
-
-4. Neither the name of Sendmail, Inc. nor the University of California nor
- the names of their contributors may be used to endorse or promote
- products derived from this software without specific prior written
- permission. The name "sendmail" is a trademark of Sendmail, Inc.
-
-5. All redistributions must comply with the conditions imposed by the
- University of California on certain embedded code, whose copyright
- notice and conditions for redistribution are as follows:
-
- (a) Copyright (c) 1988, 1993 The Regents of the University of
- California. All rights reserved.
-
- (b) Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
-
- (i) Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-
- (ii) Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials provided
- with the distribution.
-
- (iii) Neither the name of the University nor the names of its
- contributors may be used to endorse or promote products derived
- from this software without specific prior written permission.
-
-6. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY
- SENDMAIL, INC. AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED
- WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN
- NO EVENT SHALL SENDMAIL, INC., THE REGENTS OF THE UNIVERSITY OF
- CALIFORNIA OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-
-$Revision: 8.13 $, Last updated $Date: 2004/05/11 23:57:57 $
diff --git a/contrib/sendmail/Makefile b/contrib/sendmail/Makefile
deleted file mode 100644
index 97b2afc54c50..000000000000
--- a/contrib/sendmail/Makefile
+++ /dev/null
@@ -1,49 +0,0 @@
-# $Id: Makefile.dist,v 8.15 2001/08/23 20:44:39 ca Exp $
-
-SHELL= /bin/sh
-SUBDIRS= libsm libsmutil libsmdb sendmail editmap mail.local \
- mailstats makemap praliases rmail smrsh vacation
-# libmilter: requires pthread
-BUILD= ./Build
-OPTIONS= $(CONFIG) $(FLAGS)
-
-all: FRC
- @for x in $(SUBDIRS); \
- do \
- (cd $$x; echo Making $@ in:; pwd; \
- $(SHELL) $(BUILD) $(OPTIONS)); \
- done
-
-clean: FRC
- @for x in $(SUBDIRS); \
- do \
- (cd $$x; echo Making $@ in:; pwd; \
- $(SHELL) $(BUILD) $(OPTIONS) $@); \
- done
-
-install: FRC
- @for x in $(SUBDIRS); \
- do \
- (cd $$x; echo Making $@ in:; pwd; \
- $(SHELL) $(BUILD) $(OPTIONS) $@); \
- done
-
-install-docs: FRC
- @for x in $(SUBDIRS); \
- do \
- (cd $$x; echo Making $@ in:; pwd; \
- $(SHELL) $(BUILD) $(OPTIONS) $@); \
- done
-
-fresh: FRC
- @for x in $(SUBDIRS); \
- do \
- (cd $$x; echo Making $@ in:; pwd; \
- $(SHELL) $(BUILD) $(OPTIONS) -c); \
- done
-
-$(SUBDIRS): FRC
- @cd $@; pwd; \
- $(SHELL) $(BUILD) $(OPTIONS)
-
-FRC:
diff --git a/contrib/sendmail/PGPKEYS b/contrib/sendmail/PGPKEYS
deleted file mode 100644
index a6d7f5e1403b..000000000000
--- a/contrib/sendmail/PGPKEYS
+++ /dev/null
@@ -1,1732 +0,0 @@
-This file contains the PGP keys used to sign the various versions of
-sendmail. You can add them to your PGP keyring using:
-
-PGP 2.X: pgp -ka PGPKEYS
-PGP 5.X: pgpk -a PGPKEYS
-GPG: gpg --import PGPKEYS
-
-Other versions of PGP may require you to separate each key into a
-separate file and add them one at a time.
-
-Type Bits KeyID Created Expires Algorithm Use
-pub 1024 0x16F4CCE9 1999-06-23 ---------- RSA Sign & Encrypt
-f16 Fingerprint16 = 18 A4 51 78 CA 72 D4 A7 ED 80 BA 8A C4 98 71 1D
-uid Sendmail Security <sendmail-security@sendmail.org>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.2.4 (Darwin)
-
-mQCNAzdxaGsAAAEEALq7JPrdyXCm3DdJEKR9miP8/B9vrferOBoNimPFceDEqCpm
-0RiJtnGhUJwt/HZZhiGDWPYTIa7VajfxiEzJ7LZH+/uXgQFVN27fPwoNKCI+7sr3
-FnRs3Xapojn3d3LZSHagTh+VTuG5LxbP/m//sj2Rw1MMPw1b7sApykAW9MzpAAUR
-tDJTZW5kbWFpbCBTZWN1cml0eSA8c2VuZG1haWwtc2VjdXJpdHlAc2VuZG1haWwu
-b3JnPokAlQMFEDdxaGvAKcpAFvTM6QEB1bsD/jj+vTodXqoJphCrBLwFmwymopZp
-/HHu8o8FURlL6jQ6ihCruCw6PxNMzSdgmnOgyXxyRZIVO1pUyWf/RnS/r09tPLlq
-nZxdAPquhB2pkawvFp+Y///lb92SgfbS3/dtSDDAJ8FO+CDUKS5dKuZ6vSDU6ezH
-BDYjhd6pPYVd5hz3iQCVAwUQN3Fv9XxLZ22gDhVjAQH4BQQAuCNG977A4v0xjQi8
-AJsJmlS5mKMqn/Lw+sl1h4yQwF2vzNDdxhNWjZVziK3lUIUPh86u8m5CSdN2BB1Y
-1RawLvyfpl4b9KtyXxF4fh2BYmygJ4iG+WxhpaT5RS0eFvsSefO7/w13bx5U0Z7A
-YfHMt7+CKHm7bAx3l17g3I9aCMCJAJUDBRA3cXDdzx61AyIyegEBAeZmA/4zCJxF
-aathJ0soRJOcyRDzHKbAqlShF+Mx0tzcwbE3hAZrIqJ3TRK2MbrsBNnkFHPuPF0e
-eKr7TQsXOa+ig57wlHsCOc/fd9jLITjSYKxrQuZz3CrNefPKvv6v6Ctc6TT4GwhC
-zHglLC9Bfy9zgbv2wHswRvQBmRlCaERH3HLb1okAlQMFEDd41z8j5GLUv3ukIQEB
-9WcD/iFFF2kfSTyD+IfcLl4WCaYSeD/q/fAplpOOZWnC9PB1x3YrMHn/H8zd3S5B
-05D8+MR/QL8n8/5P+pyHa4VNRbeX8g8E34ocZf48y6FeqGi8qmcTBJDgqUTO5yMu
-t+b57G2pAIzasGcoZDqC3aJnFKwPjGRxnUFJaxlogrbUYCNOiQCVAwUQN3jwKW9S
-k9ijm6ZVAQEtugP/ewRrMCdhCbWsSUOrYn1a/pfN2KiJbhs0YyOyWbU6RvJiSFY1
-0BNAxYTbymHDOn2UhUhCrUpqatmgCuxmUsoH2Y4AAFC/94/oltwDUfnw6muqqn2K
-7AelRBbJ5wUs65pHu8kfzVB5wJh8eDacKFkK0lqgtRQCE0suhqCSFUfvtzuJAJUD
-BRA3fTCCXx7Ib4gMnlUBAWddA/oD0RKLIkLspmJC3ccmkncviMSv0rME4vY0NIfm
-IC0zsYITlU/E6H/CqVmU4Hmr5hmr5GUNNtrVZ0oLH1PUjobmZcTITJZbQSS2nY02
-N6JZT5BSAwQBfUfSMwURISRQBUOfi1kLqYk3f6UTee37/+Ig2kb388T6ClcXCv82
-FrZuwIg/AwUQN30wxNTeeNh4KRvYEQLtAACfaxVaX5D1r7hrfi/zbszQ7oekyssA
-n1suZQU7/6nIhFvdusr+/VG0RFrAiQCVAwUQN307ugDy2QnruxtBAQGKlwP/asS+
-h9ct4R66OSEjXepsMvl0So8djX15ugXb3EEJjWRH1epu7obhDymAgdQOD9NEr7BF
-0FSNCUOylASGszdcS1n5AlqV+TYihXVn265Azy+hg8g2ek97tD+x6JseKsx2nh8n
-/Es+zd3mACk21qvHB0U4FjdiQeSSirNrUHGYHZiIPwMFEDd9ihWDAqGhPt8C6hEC
-tSMAn0fo1QmxEoscgdF0esw7Bn/J+Bj6AKDNzo63lHEhUpf+JIGlfA2zzS01Z4kA
-lQMFEDd9lxoA/N7tSC51jQEBmvgD/ilLDoFPLbycEorpXFP6V0toEtTelueAeQty
-SoqD3YB+pSjTtXDqFenNWaBu0hZb7B5tg40YXqyxMEYQVpJh5coy6SlupmF2fzBi
-63++FHkxuGym9EeALPJixtM9r6pTzbX8rfvElKENiU9DBUXNhRkAocYs3pxmUge0
-9THHIyDPiQB1AwUQN32t3XLJQtjqWiN5AQEIYQL/QZEjtc1pMYlnO7i0IzvZX/mI
-RfX/0l+/+jneoSqP2EbmyvH3KMyl5SeuAifohkjK0SGRlygSMl8kceUHndeIynxg
-mM6hr9SKTByFiTy8SZeV8ovYyJ2vMk3OhUVpvGmAiD8DBRA3gbAczsKIjL9qTKER
-AhdDAJwKqcVkm9TBCmutXxwVTcffjINlBgCgrMqc6UOHlUtZps33xWZLgZh4awiJ
-AJUDBRA3g9C+TCpm+b/C9j0BAaJMBACskZxjnZbvDgm0qdvESy5+jcluxTh5fUeH
-DpnkfOP0AUAe8Ykwt8syWOQZ+3Midez8JqTAu+uvNbUckuR5XL8nMYpN06ogjg1T
-CgjLito6IptqYUZgWFvGDCdDgC+m8vw7pUbqh59mDTe0X5Q/x9Cu5JxfhxnXTNBQ
-+pI8lLAmsYkAlQMFEDeD0Jt3HZKuiXLHwQEBMZoD/2FaLFJ03tEAfNQhLmSgunWV
-akXz8udE+pY7IWi6LJGu5iwtIDJ/r0nCrJ6/aqzu9JLpGhfTnhPPCXlz4NfhriRz
-12cv2Rlg+gI3Y0Fiju5eo5TWnu+qB36vQsv73xpfQ7oCmoVY2ZntQVBaf8dyFrAd
-FBf1y33xWo58zRsg2u2hiQCVAwUQN695leHU/BTm0HRxAQGANwQAmIO4anB29bKY
-vm6ulYAm1yAyzTD5TibUnk2Ecne5st4AKGJdSrmaN7i5djxkCfimT6MnAIBRG8y9
-nXW4mCMGjfDkwve800HkrSGy8uWhHs4T8TiY8mZsIgkW5tBWnHfSyOVlc7QUbCDD
-7AzrIO3x9vYIdHMM3LAdnG9PKcLjNN6IRgQQEQIABgUCOCrZQgAKCRA/9E8kOH04
-7XJEAKC7Fzj0Mr7JxxwYEqwVgMhpbmhJkQCg7Sa+dR2qpuhYH80RPvtSEpBS6NWI
-RgQQEQIABgUCOCsObAAKCRDAz2v13mRiHprlAJ9z24xI7kHeunGE41pQ3eb32dSO
-iQCcDBmlk2RVM+ecYTwf5RyT0qyk9lqIRgQQEQIABgUCOCpmUQAKCRDUpU1Ixb5z
-WIjFAJ9lIJTH5y24d7TiWlspj8R49Wz/VQCg+EdEulY4h5A5wk1D8eCs5ar5gbCJ
-AJUDBRA4YClQmAfmW9hLWSEBAb+cA/4mRKQMyimXZDCr+0FPjazysN5/GXR9wK9F
-Q0Gb++nT2Hli/oWQ6F3t1mTLI4vprpiIaFK83HZjRHHU0FEELYL7Lg3F2mirYFNt
-Yx1Ag0jZKc+ernLLXEJK8weM7KMADWz1544eMpfb9PRNdmjRyrzBYVfR+vQ1/OBp
-zwm6aLAtb4kAlQMFEDjKizecHL3i41xWNQEBjYUD/06hAwd2PGvWynmZP6BxUHW1
-iJ5YnJC/Jlr3d7AyM4I0I1twKTDHLiqUoLvqOWPO4qqO1iFNkX6/8kCjqa6ERaBq
-j50vr84knCHc6tin/df+qTR5iOKeLTFkIZVWEHKusVgLN4jNdTUoavxAUgaZxcqv
-W7JzYEMIXJ6WyA+JRLDXiQCVAwUQO1XXe3xLZ22gDhVjAQENbgP9FStaWIfIhNEo
-JTkCgxd8QkJEc/yumlv7Cw46BmDqwZLwV6sE06YPL0jiPIu9Tv8I3HqlKcK6FBOq
-aAvv6ccA7mY6PPIVtk+EZQckSX1ALOcETDNYTOSMVxbq7b0ovvm4sG6D/A28k9b+
-s2ghGKVquYdnn6rEbr8bqmUTwN7RgiqJAJUDBRA7Vdd/1uCh/k++Kt0BAXoYA/9j
-jKJfxi4Km64nHG4PhM5bm+OPoymX3uPkyOYXzHerwGIRmVl29FxG0szDPsO0gK2h
-f3B2WOGxqMpZrzR4DIdNrtC+R3KO+3FJU0F6+T4dqAOhSvIbVQ8Ic3Wf1M69rJq2
-FID4zk6B4ymesNZVK9hoY7RuuMefUZS8cODoxWlz4Yg/AwUQOCo8e/1viMYh0Kcb
-EQJ+/ACfZCL7u2dfVhIfLYqoWqcuuBJeALQAn2pIu6Qg3R0uVJt+gSIH636QM5n/
-iEYEEBECAAYFAjtUu4QACgkQorv7JAz5VvfWuACgmY47eZClnIakMnE2bOaL161Y
-iqYAoI7/PnKgJT+LU/WjXwOZHGsoMXOUiQCVAwUQO1jKrwZ+Xti/tWVpAQEYaAQA
-pM5VPqRJqQ941YdezQ1jjE7nsLOQ6SJPVUeFguvVHWSTDEcPvp0TEKUTFRruwmKx
-yLCR9Ux3Olh0rqXHydT+k6f6++FKzXj/vtHTtNOPIVQisV7K1rDS9Mvj1WdTMJxF
-300EXlUpWtAADiEYqxxIeGJ1FWcxUjRCaqA0WUMFXe2JAJUDBRA8H4S+iWliuGeM
-CgMBAUo4A/0f+n2BvpudIcJVyVBxUZK9EGdDiZSYZWEUaXnvTWbS9FtjLTIWjzmP
-kbz9gnJ+KPcXr/5RpD5XCdCC1rjQ0EpNjWLHnsaTjTDsJ9NGkLPp0lASEdUMK9NW
-tG+CCGCMDo/MHhiw09tH5gzCR1KJTFuDiHiINrk5dS+IHIXzCYYB1ohGBBARAgAG
-BQI77DSdAAoJEL+2fm9BJ4pEGE8AoPniG1xspcy7o94D3yOKlXAq4wVoAKC6sDFu
-ZS2Lja5FbtL4Tl3sl7k7hYhGBBARAgAGBQI79sVoAAoJEPFmQMK+QtymVjgAoIB7
-dEOcSKt2fYJAEtgAiIoVtKHtAJ9S6bqdAT9Xgomd79JN1KPlXRVOJohGBBARAgAG
-BQI8+g9kAAoJEC+cdg2xRYLBiEwAn3S/QfwawMiDcpQm7K7q8BTxmcrQAKDaSfAd
-Zea7tsIsjVpL627gpCf1uIhGBBARAgAGBQI9hM4xAAoJEHrsMNJ+GHnpSWoAoOsf
-gbKx+mCMRbLOEYgAU9DB13qdAJ4zkAaZCijpqqvTi0XjnPMkq7RbpYhGBBIRAgAG
-BQI+W7nOAAoJEDBS/CoUw26Bv5wAnjvZsj0SetF/Jth5uvw+jHDLp1QuAJwKy8ZY
-e1E+7dOU8CQgYD1Zy5nuaohGBBIRAgAGBQI/aaJkAAoJEC27dr+t1MkzoLcAoLEq
-jwJzYeTGbrIfhc4t4/SJnuD2AJ4gIPGnbL6fl9+9TRMlAMHo4xNcVYhGBBMRAgAG
-BQI887P9AAoJEEq61lpJwpzCcmMAoKp4ZauTD+oEBfvXtL/eBSxTA0rKAJ9uADQB
-IiVBWy54UnhJ7F6NSb2R14hGBBARAgAGBQI+9wRgAAoJELghiQKdsrW873oAn15C
-080LnClmIjRoGKppUynk7LqTAJ0RXLkjiepVsgZCW/pXYy6wK5DkeYhGBBARAgAG
-BQI/1fplAAoJEFIY2mCt64GL6UAAn1FrBfweuTEy3p+i+ekJdKf4Je4bAKC8SrPC
-WVEl5Pr+XpuP92f3KxQJtohGBBARAgAGBQI/1ftLAAoJEKTWXDNQN2ZnOuYAn36o
-95rvUoSFIiTVytWm5go8arkYAKC9rUwywbYx49u/rdUtj396kocq9YhGBBARAgAG
-BQJAC08wAAoJEIHC9+viE7aStBkAn2DN85MEaydtxX1S0Sz22Qawre//AJ9NYpd/
-BKPMY3o80IuYy6k+E5e4cIhGBBARAgAGBQJAC09qAAoJEGtw7Nldw/RzMlYAoLeH
-NbcbFnINRaU3vJLp7ieZCUrKAKC/+N6FEM2JNJzkeRsHhOvOn7EXmYhGBBARAgAG
-BQJAkTWOAAoJEKn24r/sjo2pIp4AoISelNVVxuIBl2i3t7ajQaUpruJpAKCGDYPg
-RaGIuII/2fwEGzIpZzYE5IhGBBIRAgAGBQJCNCwxAAoJEFMx5x175C/jTPMAoKFG
-qbOkCtxD3edRmA3PzE+dg39xAKCCgjpb4Y0PXk8Xu9tvaDPZcul93ohGBBMRAgAG
-BQJAC07iAAoJEBhZ0B9ne6HsIlIAn0adP67A4L45/4m8xExRv4Uc6twdAJ9PTE4G
-X3XennlL+6cVXB961V1NL4kCHAQQAQIABgUCQX8prQAKCRCq4+bOZqFEaGUHEACf
-4Om9MDBS9SilmZ22Ssa8WtrUzUL1yOuO3+n/XhvJ5lGjUwi0oW4EcMJFCKZI7DOX
-aN7zlD5akd9N0ZNg8W23xz29nnp6/upeQRQ7ckqDL/+o8DgjwCyQVH+ZzDrBDsip
-PqtVTcogBx07CioJSX1jy7CVnsaZVH111hgghSsLM3S9KrlmwQ8zzN56FbwmDyoG
-Qi3oyH9Xh+1YeCxUM4hS6Gk1wCAFCYx7Y53dDALB0MvsFMSWDflJLhae652rSot3
-jjFzH4FOdKk2/1uSVOKS8YQtLBu/Vf83q/gacdxtkyj7zdUYtSg4OHuR9JVfF+Yx
-g9v+U5PkqVSymLEv523nEoq1LMPtWhPNb5Om/T/5H2N/x+z1jSxTCZajRoMchG0R
-9k9GtcGZQqfUrdC0lztB+03KzZRJvPRUV0m2Ia0fNPUvUlTcLCdk3/brYuxEC13h
-A9qh8dIwWrX60aHanrqmeH2RSEqbnBMn1g9NRvFkV9QbGofCezKAvvRq7vZ1vFC4
-5/X3NqqHm45ISN6MitDJhJOnD+ZoARVAnFpC6pdpAg1+Ld7v1PtEj7rRAVzGOVZr
-U55f3gBIx9Ezdeh6+7HfCFSv1sKkGcYlVvriCswpUrJn5sqaFYYZvjxin1D2kwvT
-aG/4sOQOooHBU+JpdGecir2Jme+ET41NZ7/Q+OuPGIkAlQMFEEQbRB44IttHzDdP
-LQEBlmYEANBwFJxl7HWGdKLSg3PD9rd/UuPsA2iS4EcMk9h1Mz8lm1WwmE9s4mvx
-0DmNtfSHwV/GF3TwfrkvofoqXxU+b0CkNIaHPkCKP+FzFTT1dC5ZBrGBqLi6Izu2
-wDmenjGMCosR9Xv/ss8CQ4L2XF2uCGyVEmel58UHx/StYvjEeL4MiQCVAwUQRBtE
-RSGD4bE5bweJAQEAywP6A0jdCALabHlRXk2mgfdqBKEWn1H8waZLgRjebwzn0lnK
-3a2pSYZOqaDg9x4TNrHi+FZ0RZJC1u+q/nBfQw9Fqr4tavnHXuEagTJhTpzBREIc
-fNEW0vhziJPpd1Cab8ErZKICCEiVu/CFG08M+benCSEAfJN9ZS1ER/mZMvqyY/OJ
-AJUDBRBEG0RRyNXtKZX2F3EBAb47A/9WlKsdMPQuTcekXtiyImUxMIw4isRkEw/o
-Hq7Xo/TiCfa+7CyvfZ26VXa+hdh+GTtUfQeb1QP8Q/S42qfuz5t+geT06phBy1lK
-lIf7zdeptHkEfqzQ1p4/PVul9YChMAzH+qZH6RN6jh0w/aSj28fhw67rHch62fAb
-Xnn0lXBdcokAlQMFEEQbRGdwoCRNHvmSUQEB9CUEALuAxKlHjjo0Cd0Wv+VnhDr5
-+fmR9vNgpvgt3t4qHNcgTVGZza6e+T7gk8daWDP/HhHNa5he7EpNeVK+yu3SCyiI
-Y9p+e+JSx2FnOLqqddG86l3cexFahlNuxfyCnC/2c3yGsLFIKtb3vZClwvyUzfGQ
-rTqPF6sqL4TU7uv0UplNiQCVAwUQRBtEdx57s8ivlZYlAQH0YQQAlsgJ6wcI37au
-F5hG5wHYhxGSv4YNIRWAgYNFIDnk90AsG7XPcuhgyuKVfcAn6jEdVjRLhogpxo+I
-PNOeIV3kiS9LFfLgWGrx7arnrmMPOP/0l32VCum5n06CM2G7D+o7uTAU8qul1nNN
-gpExpdV7qPrw9k01j5rod5PjZlG8zV0=
-=SR28
------END PGP PUBLIC KEY BLOCK-----
-
-Type Bits KeyID Created Expires Algorithm Use
-pub 1024 0x7093B841 2006-12-16 ---------- RSA Sign & Encrypt
-f16 Fingerprint16 = D9 FD C5 6B EE 1E 7A A8 CE 27 D9 B9 55 8B 56 B6
-uid Sendmail Signing Key/2007 <sendmail@Sendmail.ORG>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.5 (OpenBSD)
-
-mQCNA0WDjKsAAAEEAOoLs+uE8cm6SP0S4gvfZrUHd74I9DWSbbiYCwsLoYUm0gcp
-Tp+rTcLBDTrw93cti1vpEAlIz7f/kH+J+OoU0WNAZgBMsSCFZecJvmkrSldCsRJf
-UwBh5FWgDWmb/iNZSAwUpisCa+BGnpKhUkC9g09h7Ss683GApJdDARhwk7hBAAUR
-tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDA3IDxzZW5kbWFpbEBTZW5kbWFpbC5P
-Ukc+iQCVAwUQRYOMq5dDARhwk7hBAQFdSAQAuS8Etdrnf9+50VYoFC66SUsf8MLi
-hvH2k8GeAH11weE/8Aij7eR7MerlnyJ5NJVupVDeqK+q7ToaGlb5hq0ya3rbYgwx
-CpzxWTHfvS4/DWs15ajlR3QHkDRZC5pUBAHO0MqC1YskcbndWkmpMhlExb3YVvC6
-5+RyKUmxqw1Rp96JAJUDBRBFg44uHnuzyK+VliUBAcjWA/4kZeVmOOikqAzGRm3i
-coFOr5BUnhxFWTcO5DtnKSvEBPRaj1b7Xz9O0sfEwrGARDigcH2V4yMSxQLJ9Tyx
-S4xjFryTXYPX3+HPLmU97c8VyDF/ANCgdldVW761hXd4i3JCfHm9LMWQBWz4XQaD
-iz56GHoFwvn/nrGmBi/3K+1+/YkAlQMFEEWDjnC92o/WP+p9/QEBIoQEAKitPCB9
-Lab/vs6QhHEW4UdoPTK8EcgsRQTjx+xZ0/XPC3PiLjTXM7cZk7o+oQrp5PGX1RqM
-RV8bzPtJCNiwCctuYpKuYuGjljw8IhZmVxChH/5ifOo7Bw1cxGMWPGlex9x3Xel1
-P4BGi7cOvGGRasEBs5gjtpq795+tDjexh0MwiQCVAwUQRYOOfnxLZ22gDhVjAQHV
-IAQAhE48oNTvzCPAyFf5EEGOsnZBDazqujZS84eAiFvIQfcDcBHCFOaK4wAKsZa4
-YhuYBxu8bz20Kecqfbfnsqyh4b3iJmXiHiL8gIpUzEBBOKesswlzAd7+6hA3/JqN
-8a6djrSo/+GEC6QExnLk98qTnfrfHNbTk/hk4Pxf9343uziJAJUDBRBFg46u1uCh
-/k++Kt0BAS3ZA/9FxlTjvDfI+ujW/Bj+OoWnwCm2OGiLjuWKoiVZjoz2Msp6ZE6I
-1YbqJOwchBpqaHLNyY8x0eiXLYqbrk2kwST1PCAaGQoizK9ClPyptf2V/LUjyyCi
-ppmRNH0rG+WSKsdof4rXRP8FmMicQAW4cme3n5/bq7Z7yQQ4RvSTCMru4IkAlQMF
-EEWDjsuJaWK4Z4wKAwEBKOMEAIRl9rOD0eDvtDe5Uv7j4lIYGxe8xSRKstLzIl6T
-K9spRcrqJk+6OmZHU6MMzkf44z8CB9VWcmozXFxjV+ZkO4SgyJKLZdRc0KGOB+ua
-HL8q5WGMAJ2bLpmJPVoR0PK1Vf97e1kSOWdvIOfwxe8Y1IqoxnGAJmdQh6IJyBc0
-tF6MiQCVAwUQRYOO/XCgJE0e+ZJRAQHhGwP/az5s1kZ6HoJRqg1v/8DOSZEeWECP
-wBw5mgW5dGfPNZ0/Ot9lOy95jlHMu80/YDmpQ6WqsqpnV1hTmj+hYOSPRTqun72l
-IiPh1l0vLl00kw+LxR7T7jPSWvX2l8SjZ176KIFqj3jZpPvMk2W5cE4sjYpvOxRA
-BhheDkERTnUIY+iJAJUDBRBFg48VwCnKQBb0zOkBAVKaBACEb12dzj1pQDFog8h+
-aN9spewVBI0vrxu/3PPZY0tVZJl3S71TXRVmXLYEgeVi5BL8uDuiM14NylUk0lgT
-bVL/VxPsKf9HJVjdfZSbFjUBxxClTIvayTwtMSebO2AcjCiFbMpp2R6VDc791Fp/
-xvuLVr3plYLSQIL9FcBG2wJR1IkAlQMFEEWDj3PvWJZk1DLhnQEBS80D/j05Rlv3
-98Zt+L0hR0+R3qyuf1cFMNyxU5l4Iaf7qr9JRHltHo7iGE8fCGiX1Z3f5BGL03XA
-r1QLusj7nk41W0K5tr3r33qSMjFWLpcOziLbzEAMDQbX0qJQmqCXT+cafiVpao0u
-MqT84L2rKLQxldQM/fvOWExuioiZPKGyE3YuiQCVAwUQRYOPicGcHSUS00YdAQEU
-PwP/Z4PmlZZIhle8P9Bv4c6pkuFkU6LBjF4bWf5bJ675s9Xyh6YwZ5SfFw0deaDZ
-IPXQJQsjcHvbVGoTOxiQtm7y3ae+0TMDbuZSgFD6Fl/IdIdwP2Ob5yoBr1+q353C
-qyLSEI6mX1P4sQwkI272ndSpHowJpuBv6lPr+sZ2uEFzVQSJAJUDBRBFg4+Qb1KT
-2KObplUBAcTnA/9ueiH0gfV1H+8WOm6vUAcvaJ7aCBJ9gdUjheIEY/KDUH/pkGAg
-3E8NDxojTWe88COlIOSqa61UQThSwrtTIx0oWc0E3Bza0cL2xR4apKfNPGWM1/Tp
-kyoD+WYLoVpomT1MA8dBPYUKNuLVunohVscRwmHuUsz8bTTaE4abEnUmwYkAlQMF
-EEWDj5qcHL3i41xWNQEBOJIEALestUaN+JpQ6JvH2zqBFIXPsBoISVuTP/CNlez0
-LSSg9Oi1anMISRNj6cpu8iYYWJxInL05pDCV5MYySB2SzVT8HgrR+3yUdVFgJGBN
-2RYdfXdFqC/d68/50muZzPo+LIwKX+G33B4y0uMSdmK76UhGNW9rfWdQgce7sBph
-1Z1YiQCVAwUQRYOPqTgi20fMN08tAQE7KAQAtYpp2c7OzXPXNJRbodNihpRq1RXd
-qo1nJ7qVHuLVb663GMfy4TwcXytdzJjXAaMf/Rn50skQ+4YGrbIxXC3UbY9NK3xw
-UzebQlzFrjEtPmS0UVyf8GJl6yQ3xuBYZ4Pe+X2hioBDDFZ+Gjn1DA2IQjoZitE5
-B0c9nlknPcv644SJAJUDBRBFg4+zIYPhsTlvB4kBAefCBADFjYutzx72jDt26otM
-k44ZLD6Szv90TKLtRYM5FNhtw9VKFkg+hSo15WzUHKBsnyqBT8Qq6YKz50Wx2vts
-8g2hJ8+g0A+3YuAgNnDp7h7xGS6Fgc5yGnqC0bG7T7TE/YSLfGz97vC0vbm6S6HG
-9Pg+IwKl9dtoE2fkU/BMU2XO+YkAlQMFEEWDj7rI1e0plfYXcQEBi4EEAJ1tRaXf
-aKj9+hVE9lTRbDukb9dsVtAKHP/rRixumf6+v5SCh4g0FzMURJ3jqlwfj2/rPrq2
-MQh1NwhLjVjaEziDCLGxV/TqpK1Yn0vpjmdsaOe01XOxi2+uy/7uo/ArGqtjHSen
-7TmYODY3aKQR19eVehId4TCR1sLO9GmhnYDjiQCVAwUQRY71+s8etQMiMnoBAQGq
-ygP+NdG19Qz0Tf4F4pBRAZiJdIz9hGEzx/Z7rjQhLgzaaGxOQmv2iG/92Fw9/H+M
-ATmTMfbz5gxpLkBsiULI15tgKQWsFwY/pphRKcL9z4+WeTmUkv+tPxVfRYE3YuUc
-QS/3A3DMIv/mcJYA6fiwsf3omzEU8VCyH0uARSJrwQcdmwCJAJUDBRBFjvsM4dT8
-FObQdHEBAeC5A/98yBTBWjhCYvB2XLbbL9dN0DKtV9oqXKhrPI9BAjRi/IeAi04b
-ktzwUC45TLQXlVB1EK27b2mjNwPFcOtM+IrO00gIf1lNh222lSJUISv5rLnHp02j
-xmyQfblYVQ9iPNiJMWNzID59+ntX+MXO71NwyA7UovMTvCcaFWhTrfGk4okAlQMF
-EEWPCSBfHshviAyeVQEBS3wD/04nsshuG5NkdqgL8+E0RycXqXchIJ9GP+Vu9sxB
-aGAh8qzp6xDh6r7A36JCwuUpZWCOC10z4/+QjMwZBQiLH4+deQk7j7L5LxDAWIs6
-DImewMQsg2zF3XlD/Sz+TjKUA1HMwmDOagrygwpbZRYlhJscov/aUeBmUTmaEsP4
-cETBiEYEEBECAAYFAkWPz+8ACgkQOIoVOB4I2B3ysQCgoPb3snzfJrbqM6T/Y+tu
-YfUd59IAnifkpVQIfhZf1aWIPNYXnlYnpVrZiEYEEBECAAYFAkWPshcACgkQorv7
-JAz5Vve5KACg7oh+VFz6UxqjfkiimQ6l/8uI9msAnRB9DBRE6Ebh9CjV15bvm7Y7
-as8y
-=w7F1
------END PGP PUBLIC KEY BLOCK-----
-
-Type Bits KeyID Created Expires Algorithm Use
-pub 1024 0xAF959625 2005-12-31 ---------- RSA Sign & Encrypt
-f16 Fingerprint16 = E3 F4 97 BC 9F DF 3F 1D 9B 0D DF D5 77 9A C9 79
-uid Sendmail Signing Key/2006 <sendmail@Sendmail.ORG>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.2.4 (Darwin)
-
-mQCNA0O3FKgAAAEEALUfKjFiXc8T2XS4C8N/jJQkProkzyl7mdN0xVKqokMy9/rx
-nbji5dG7WlxyJX3jI9eypZV/d5+KpXljvyC+cBIxhhmsEhVT6AsOkxlg/Y8Gmb5Q
-bn2mAiyeaylvcFeHLjBA+CaMByDms97M6FbiSzdXx6JtLP1Tdx57s8ivlZYlAAUR
-tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDA2IDxzZW5kbWFpbEBTZW5kbWFpbC5P
-Ukc+iQCVAwUQQ7cUqB57s8ivlZYlAQEn6gQApe1I5DhI/Y+fwI8hjx7Ydd8LQ553
-CoBYnvoqrxybSZtOc3D7LHoKIb01R2hx71O282soxjL6N9SGnGQMcVPINXAcJ0Z0
-mTCpUZc+QtItS44R3aqp27q0C8FTt885/pkKT0cQM/9EjWRv3kI+f39gl+MwcA3I
-AV4NJmTpi6ASzmmJAJUDBRBDtxYm71iWZNQy4Z0BAbnQA/wIfK6PT+zTefydUovI
-G3dDLGGxMowpdG5yQwPwkAEIPFlbLhYsk8E9t8sLsLI1briqKaqxZkHo9ggPNkZU
-6Kojwrs7imUZj4AMVL7HDqOlb+jHeYsg3yq/KzKIy3i1fmyUYA/cddSJOp3a0zjy
-IISZ9VPR6/KaOj8cLKTQqZG6tYkAlQMFEEO3FjvBnB0lEtNGHQEBJWgD/RkJuAVQ
-LL0cEe/VBUi4CmW3iGF+mAokJZn750ibVQg25SjDUc0UScxyvSnl8ehu3fjWmsEu
-ckHbzBWkMx/cnCb7xG5Ve1HGgzsBjFpvcQUM07y4JCFOfTOl3WiYP311EKBp2tnL
-2i/kdD1IVITswAEQ7XId1NBIuf4P71v16rj/iQCVAwUQQ7cWRL3aj9Y/6n39AQGO
-uAQApQ5v6HZkgFNKT+SaXJOsqtk+xQQd19QfQQ2U13uaJ0nQ0i4O11WUTM9qfdWF
-utTlDTZKeEdz+Zb67KnuIi8PHyMpBPV1BGvWNqeiEN0Q5TmkxmaXBXTWtGeHoWw4
-Jxaic4LdunSNDIpE0A9zfeaj9YJGX87I3KMf1DQ3h+FCRRWJAJUDBRBDtxZZfEtn
-baAOFWMBAVi/A/0bQQvU747R5bMC0vQLRMVOtq6rDwNPlXoFhzW26AU2Pb+mKCkU
-ugVqjFaAWm2ILxKvkjgDyfw6b62IvEK4rHJbfwH/FeIfi6e0+ye+TpXcCzXkARTm
-FHld0IERIXpaUA6XarNlWfiqaZN0YLpCQH0M29kTFvIfyoUHn9LgvBLe1YkAlQMF
-EEO3Fl9vUpPYo5umVQEBVtwEAIaSvlhM+gIKnlxN/1hpcG9639bLlUTkAt2gtn2w
-4hPDZxMpblkQhcn3JcO9GD0BHNrV5qYBn3bLFwTG2FIoaROS4XyH8GPbEBWGNg9d
-IGm3kLdLTWsRVCtlkLKE74ipiiaN8JhPRGAtFUjcDVSSkGNzw2jBHP0hrQEKga9R
-wElSiQCVAwUQQ7cWepwcveLjXFY1AQFA/AP7BRC5j+Hed/B/RjbsbX3mxk4DprEh
-6IijxC/2XAZbk1e25GspBO9Pbqs/2GufGCFX60Jj1FQJ2+vq8vg7chNNZ5XNEJse
-6GrQtUx2/mEKMtvWGbWGSn53ET+AzmLne/u+f3bIh1OtXXro7w8OUkK9J+ZdG/9V
-J/a0nYTlPUw6o3KJAJUDBRBDtxaE1uCh/k++Kt0BAf14BAC4mGT1gE0aoW8rn7kk
-XJ3an4hThBZVuR2GS+rvwioEsIk2xe4NEFwJPGKmKq+C4vb0OWSiRev5l1fPx13x
-tWDGcm2k3SukDOHB0le6gS0RQx/WHCTe/lRKiQ3w/IuhLmrDfmoOOkDj6KVb5fA0
-x0Uvd4ycXUPSoJcBq7dwNg0f8YkAlQMFEEO3Foo4IttHzDdPLQEB6N0D/3LRqVT4
-Dhw6UmDIre9Tag8EmqTu3R8wFTmmEYDQ+7CxW+ZbJyYEDZp/WU/6xmOE2TSHaFPQ
-lgFEAaN1Cp4N9IXAM2EqeNK3fJOAsv4F5NOXbVtGJhyqG4aDUBZPvr/p123cpiiH
-2yVIvHDkaacX1Tq/kECpKLj4k5D+dQYrUVdCiQCVAwUQQ7cWl4lpYrhnjAoDAQG9
-pQQAg78+p2O+g7qPh1dAMcnQrI1eW3fTntWbadoKPXO5oFr/n+a74Go0D9+8J9Tt
-iW3C11KR3w1q+af5wp+viJfe8YDEwvm5gcmoCxPnwOeSAzdquujnQZRE5lynr6r7
-QzJOFZv457qzndC2P5qSODCkmVC6uAsRxo4Xq/zflzRXmzCJAJUDBRBDtxaeIYPh
-sTlvB4kBAcvhA/9LBX9mskFW9IpA3Y5slRV1G2GFv0DXV79295p8OCKlZhEfk1y+
-JyvT2hdnseD3Id2cyoMlEk57gJBuDrKdjeOLBMIJ2lOKGE6dLAsywSYkyFnngXu7
-6QvoTS0mE+ahJlT9VDz79Jl6W+118cIeYzzt1TP8c1WkWBCJJcvge390BYkAlQMF
-EEO3FqXI1e0plfYXcQEB7W0D/AjxxjEMuS3UedxXI8VQzTB2o3c0o5DdlK2SXgHP
-SFxr9feksucCanCoYfuTWgxm/Ioy7cxtVNZT1dAHfn2MSrGN+2Adoep8E/o6PyiD
-t3pCzowtXFS1wjq1j/MX5SJoDrGl0VT1sQXsWh2uOFaeMfH1w9/r9Zkl1RYXYOEn
-/jkmiQCVAwUQQ7cWunCgJE0e+ZJRAQGTqgQAtdhMXLTw+tBCshX/CdLhrD0byRN5
-omeib2QWmxdi7Djyz1wbDMBhnssM3SHUj/kRiorTnjv7qU8TS4z9r9zXw9U7XjCO
-T/CRepb3siiHzMU4KI5bxdg0ZAsauCVDel5MItT7OlK2Fjv4vCYam/jHGYXe6AEY
-dbARTWInDsFK7VCJAJUDBRBDtxgXwCnKQBb0zOkBAQHXA/47Mvt5oI8f2JbOMLkV
-E14upGU+zXYeWH7j9L4AYRzjl/Lg7tT+LBTjh+HEdl2UIMdYASrC6WbKEbatb4dr
-nu/pxd7/QaeSMV00P9j+Cfa3uIWn6HFUi+TH5fkLwERfkcLHKZ5SshZal9KTbjzv
-uwZsArnsNN0A/d1gUqljdDI/K4kAlQMFEEO7cAXPHrUDIjJ6AQEBYWMEAIJ5g1oG
-cL28orl4J7SxhOMyQODgaPRHusnWTBsa/ufUugVSR0g+3a2Pzyuq9xWqYStHf50N
-hdFx45JtPmkAiWuiBsyycVbBq/ursCeL2SCQPBCcbIfB+4BUbWoU62QA0a+sY5bW
-mitsU1FB2Mxd7QWqIBW4jqwB0nsAVxShRdWliJwEEAECAAYFAkO7mAoACgkQ+IYW
-ZdmHE1gcHAQAkMZ2julBDdx5TeQ3rrFus44snaHiq5exlN1wIJrVIhJzmOcHq5i5
-ysfoKSha0cYf6F+6kTFxNL/Y9mneisg+rWfgRYmHDzNvXcuyAY/g6rwkRoyVN70q
-XhWXdY6nA29E5VH52pKCdjQgpbdyO6JDglLzfq7jVljCuPq8+PXqN+OIRgQQEQIA
-BgUCQ7uYzAAKCRDEsQeYhXlqI6AlAJ48z/+X/bUYIu1yekM+Wa3uN1SgSQCePzZl
-iV3/rvMdwqhHZPfM00GQQxOIRgQQEQIABgUCQ7vkHwAKCRAJp6JK0eWCB903AJ9x
-Jkm4hmDjMy8+ynBwFrnKzmGUgQCdGoOE+xbNHN2kArmTHDvzd80yQAeJAJUDBRJD
-u9CCXx7Ib4gMnlUBAfFkA/wP/qNyveNU4ZyJt+Ft/1xIYV4Gk/FJ4MOfpRlDYaN7
-z2FXCjXtWeoxEJ8hqtWUMBuQHSm5T49Zv7Tb+6jtflscL3E/Kz3nIIr3Tzu1iNIM
-m3dzI37Qdk/7tnP2fp1fO2VbrQC7CtQTYODko6vTUSLap4+NWbidGNQMSEXAFfBK
-2okAlQMFEEO776zh1PwU5tB0cQEBZrEEAMjAS0ahmy5KzFgRMrrI3RkrcKwi+Hnj
-Vuw6UowvW7tUhIkdFuXpd/a2YczU2Enivu7uSJgUD/2KzurD60ahJjSkC/l8xDNs
-v5wvbB+nYCOVDEvL32tvGiyLyT72MpkwT3ECYXFdlwpk2P7bk87tA9isuue0Nqvr
-TlO5vpTGYrPoiEYEEBECAAYFAkO9OlsACgkQorv7JAz5Vve2KACdGpTb2FWBtvXB
-cyIoyLoYGLWwtSYAoLDtcY9f816jYC3awv42YCMLuKuE
-=bh1L
------END PGP PUBLIC KEY BLOCK-----
-
-Type Bits KeyID Created Expires Algorithm Use
-pub 1024 0x1EF99251 2004-12-30 ---------- RSA Sign & Encrypt
-f16 Fingerprint16 = 4B 38 0E 0B 41 E8 FC 79 E9 7E 82 9B 04 23 EC 8A
-uid Sendmail Signing Key/2005 <sendmail@Sendmail.ORG>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.2.4 (Darwin)
-
-mQCNA0HULI4AAAEEAMA3Tq8fneEtiNHeTU/i5YqaoV1g6oq26sZpCPjvdUnC2ebK
-A4GwHv+HHDs/4nDhuRR42f/HRaSt8xzAIaYp9H/gAhY9J9OMTVvohv0vISMJOxNF
-GdcNrBfUupnvkobe/Muizof+d+xT+Clik6Qh902nCOriXkWcRnCgJE0e+ZJRAAUR
-tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDA1IDxzZW5kbWFpbEBTZW5kbWFpbC5P
-Ukc+iQCVAwUQQdQsjnCgJE0e+ZJRAQGUQAP+NzZIG06+vs1qEcZezheGPE4zMf8m
-2v7XqAa5d9Wz9xKyZUwOaY3UXbP1qFpbqq2BQDapFE7nMLi06Z3Dgt7i0jqWWEdr
-bPbFPEejgbujjLHXkDlMOnGs17n0Bvkov/+irTvT3ONVGxypsIc2hA8pRfldCZ90
-BnpOvEVpAX/XDK6JAJUDBRNB1C+MyNXtKZX2F3EBAeGwA/wKTBsoaBTt5YPDIxOc
-d2f0uBlPdMyjmZ5OPLfkJj3wnYSnJWYLPX2JrBydSaE1ZlRXNBn90rqTQgqbmPU+
-r5IIXVf8UWL068yV1+G43PR7btuj7f1NTXOL77r5FfI6v12wnqZdC20W4ZJiLQ3A
-veW00r6jQeVrofaTnY++Fg5cUIkAlQMFE0HUL5zvWJZk1DLhnQEBBi8D/2w0AGLz
-vBlqPWQfZaj3jcEQhoiIGp0HyFPPicS7pM3NSQ3R8itF7AgSgqh37QhbBHV+g0Y9
-wcDsSvZg2WqAil9KZccKbqumt2DyxIrYyHY9Z3FJDBPb7zQEMUN9AoHvr4YTYuhY
-FivXEAjdzpAluSjpbXtUyl7IPCGUiBSSOHF6iQCVAwUTQdQv1m9Sk9ijm6ZVAQFD
-EQQApeIanx771wuf9T6hXxhfK591zKcLjQ4fUT34SbJgqt434lWwv4j7cr4eJ5ni
-g3AJAU4Fa5mR09R4dmGFxEEJNYxVtK71ylmP5vKx+sj6kmBDNvzsIT69juFdtWCE
-ojCRVwlNMl3xJ6tECdy2BdyecE21+f3qFbn8IOLv+ODClZyJAJUDBRNB1C/pnBy9
-4uNcVjUBAerHA/0ceUV3mPPM/41N64oon5bkzy+ZHUrF/35OglT2hbo68u3D5M/s
-XrPbm1FKKlW2zfeQX3j1cSwqsTsrOFPPRmUkR35WX/3G1Nk/2Nbq/n9wJOHDGnn2
-Rz07i5/NIiAvQ0r5WeGH1v1tpXv08sTlvr+BhQ9flQoPG94sys6hUzo7hIkAlQMF
-E0HUMBM4IttHzDdPLQEBgWYEAImlnypvC72A7RIpPUlVasE6KAWTC1KSqF7mNo4w
-zzdrztkONepBT8wZ+PNShWO1ZvK5Dpm6/1B+he9FDVwLyA9oQgDptHDvnQbSSc4P
-NuA4e3F8jabeHKcQaYXODN66roy6IuI8W2kfX8AJTcr+YnJRNljk3ZeLavwzidzI
-+tqMiQCVAwUTQdQwHolpYrhnjAoDAQHu/gP+JaFLkI4L22YZJYckxxuRoP+tM5Y/
-wQvUJO5EhSqAmxUyMY6mAG1TqnHDBD6o++PoAY+ZsjJ9/RherLlWmdUNAnvEln61
-QUYsZA7jZ8RxaejfEAQi2jIKVUanNax86lZayhQFsJNeDMVEVaftdFQGbK45Sxe7
-6IQrNM6yGKjVNbCJAJUDBRNB1DAvIYPhsTlvB4kBASCMBACiwv8V3TxoMgJi5Gse
-IBW26T8R48Hl2x8v09xFWcjl1b2nDo/f8f3GwqgUykmyEZlsBC0tjZIA0iX0SvNT
-uOrTxxi7iAKI0AeVoCthFX3O2FSax2rHMqqO7addL4aOmTDztOEbIn1fheVU8RSc
-vJEhj5HZpQnDdjJ9HADCaK2v8YkAlQMFE0HUMErAKcpAFvTM6QEBFL4D/jAi7xsz
-qM3dmWGT2klGmeOttAZJLJscfsDusdc2WpFQgJqFXOz1jo5r4AhfeHn5jYrqa+V2
-OpOW9BYn5hkkdeghaDYYvewAGLRvzYGK8zQMBnhGYtfWi4DaadWSCbdKUuCKctOC
-GxDQKj0hR419/aC6Om16JYTrqFjpefqeScZqiQCVAwUTQdQwX8GcHSUS00YdAQFE
-CgP/RT2QYuNzLqYa/6JLFHW+fXxydNjumBlEQk87Oc9V4O1VpaYdYrgv7MEAHafZ
-uzRjJbDUW2phB+2kH8fErFPdJpCYwjVS9BvZMUD04UDY7GTxcYR6fUgjF3uzXNcD
-6GDaveh8+xEDACrgM/n/UYy4rG8WVDHQU4q7SrF8ZvtBksGJAJUDBRNB1DB+fEtn
-baAOFWMBASdMBACmoFq4r4cFsB/UTw/vLJJyaiKqicVGVUSm4tWyk0uieY64QvUT
-FieuAa/2cVJ561KBor38kw3w23O8giFzQL+jWPycGPSthwK0o62EaDS2EbvUdrdE
-qP3rJ6BQj6ZtDpQwJT1ZisSUIw6Qu6pYX6VHNFXEQZrR9Kn3jT5l1NU92okAlQMF
-E0HUMIrW4KH+T74q3QEBbMcD/RO9NdesEUG7BOOL5nODyiKQZwcDBG2NwffViNUW
-ul2VYMvO/JGFu0yePNar/exsi85T4gh/ZDDCgpR1HuwkXAu89ErTFpx/Uypjmjag
-aCBGSHRjRZ3Tdua4xzw7tngiKXxgr3k4frZMn8xp0WOwkFp2jBRNmrHvKPa2RN2v
-NRleiQCVAwUTQdTjQM8etQMiMnoBAQHupwP/TDjFRNDqX4oiVqhN2RShKi6OrXVg
-Ek6C5xtBMs0aeXZCsS5hOxAYk9oAPf45ZFcQ5Nyeq+pFnUZOlyi9aM/uJ5z7Tck/
-5tPoKhtu7rDf9z0+kjJ8tVk2rLhS5a1/5CKcLZ6IjeFJnZ69cgmgHfCFDHY48USc
-mQj/mna2duSQgoGIRgQTEQIABgUCQdbPRAAKCRCiu/skDPlW95a2AJ95TApVR+to
-4w0cbwxw5E5TtbCh0ACeOX99Ulbune6K7HbHRAhIBmv/+UeIRgQQEQIABgUCQojJ
-rQAKCRCL2C5vMLlLXDu5AJ96HITaeeoQxCOpwiXhcoAmdL316wCfZ8tyfBhs6a11
-PGTfx0MVGQGG30+IRgQQEQIABgUCQeV+cQAKCRBrcOzZXcP0c9xxAKC/zoCm86F1
-R5NhWIAwiviIKF8+QgCfR/6apFqfmy4+tSTpfPyH383zia6JAhwEEAECAAYFAkHl
-fo8ACgkQquPmzmahRGiazw//cNEkAWlHb19w2Je8KbGZB7GBpyJMjXLcmeTGBtNq
-7IZEF1cqjfdN3NXmrTg8l96V86Hf1klyj8H+PZX8GEahkB77cD6qUmOpFldIrq0O
-piosIfAzwClReh8NOYP5SClP3Ry2keOQAh/W6a5Bi7Bxf8kUDmQ1SabmpgirPXDt
-4lhx31Rv2Y3GfqwjQqToWtNIZ8navR2mOq6ab4EdYAE7BafE/a+rpQJ9HA3fpUYz
-YinJ6C3Pxnua/ldDhjFEtU0MgVdlw9+GcSkpWKefMapgD6Y5FTNWOmtBGnccX0CI
-CuDEl20hLvpumAbnUR/4upQjvdCj36j7rXz337E055K/76rRSwbZlwh7BSRrmhpF
-WYZNuAJGhlyIpk1vC1EJ6OdPaHhOrOqLRqnAWmbo9GZEliCK7aEyFbe73NknWKv6
-NIVluYqDtGyYzj+f8RUU+v6UGgKJ88hb6KrhcW5wvWHftLnm6x4u/dwc2Gj7H/Be
-ah2/MM10W+1kXKVLmNGOryakAthHDN2LYz+JHPPs5DVooUy+GahK7hBJY2SsfT22
-ctGceJUQCSIGNaiYcjIWM4v4K2S4npvnD99iyXvZhHqUkz0+k+Rz0lJ4HhQxvhgR
-EZcS+llunMw6CiOqPNAObu7DTd9NcS1Mv+pNEE2WH4TFwsCokZZ10FqNBwtDZiWx
-m4eIRgQQEQIABgUCQeV+LQAKCRAYWdAfZ3uh7CMvAJ9HC6MVsJXAh9SX+HDeaN+G
-CKjlAQCcC8Lo764I0dEn3t6uF/6xTIrupYGIRgQSEQIABgUCQjQqvAAKCRBTMecd
-e+Qv41IOAJ9FeWHeSoVyBOFZp++wPF+sJipdxwCeP0uZ449pA4jwIAkaTPRNVOJL
-j9mIRgQSEQIABgUCQdm5PQAKCRCgT/sbfcrp0xCVAKDA9UaqZidYEK0djxJGJiIH
-d8rCJQCfR/OXYRtuops92kZK7tfsvec/DFWIRgQSEQIABgUCQdaiaAAKCRDEsQeY
-hXlqI6HKAJ954GDwN6wIPrqQXon+VXGb3RGDqACfUwTFi3LnL2GCqIxjePsrsMxI
-vwOJAJUDBRJB1dhHXx7Ib4gMnlUBASpAA/9+GcUKvOBzCY1ATn2LhCG/FifCh719
-0DhEgBdVgntlIHFXVgMtD1pXXIF2JwQMxiVOO7olbyLSQoILN1n3OwwUGpIaZ1e3
-DBOdG+6m6yML35FCfQzL9HWUwWcSui4vv0t6Cmf6KDR4Y1b8PQWj+Q69Zsbw+xbN
-NhKKxbpbOwQGxIhGBBIRAgAGBQJCqRS/AAoJECCOHPSmTnJ6CjsAn3pMlFLA3PnV
-n9A/xRU/7wk8/+OzAKCOGLu4DaUkm71Uo63LhkgfNyutjYkAlQMFEEHeAd4Gfl7Y
-v7VlaQEB2UUD/0wZWCGGOaNJbHEyWP+bZHFaquJ/gU/wZUlg/YI5N6EqtP3SbXvl
-EImndhWT26Jg1887nnYetHnXpol4F5CZZKydkkmLk0j+3J1IV5yFfUT9yFXK4/i/
-MHvheaD1nUpWAqeriS/kArCMyBTX1ry40d/JiGLE6nT03R81bte3usI2iEYEExEC
-AAYFAkHoAgoACgkQMRmAUc8aTSyB2QCgvIikC015MRxspSahYSiMKpw0VCIAni2w
-3yqj3fFJ7j9BBrr20adsbdsfiEYEEhECAAYFAkHVvlAACgkQCaeiStHlggeZVACe
-M7lmJChu9B1opqv1oHF7qBwprdgAoJGA6Gk5KhljLqh9Whs9/VZQHiIgiEUEEBEC
-AAYFAkHlaPEACgkQsYn2tNI6Qcg0HwCXchbgvBb9od6J9YUTDoOTrnQ3oACfXrss
-El43bc13LTzSTSW++eRPoxqIRgQQEQIABgUCQeV+TwAKCRCBwvfr4hO2kt9rAJoC
-YUsYZpX0v1kxvQD5SHwVNHmWqgCfeEwWNWGjBhZ2WqHaG1OT/HWHyiuJAJUDBRBB
-1cgi4dT8FObQdHEBAW9OA/9lokAoFOu8JMzjZO+9xOmBNMtLTJ54KTKDJuMtXKqJ
-u583Q9szgbaOjEMHcxzGuiLsyNiyIEl3d0vNdFM4FHq5xxSOIWQ9k3IqsdKP5P6u
-G/FbDHdgzvJiu6Silw7L40dBJuRsGRtUrhOBYwl7lWWT6M1F70tT8M67Tlrs1UAe
-Zg==
-=LVEV
------END PGP PUBLIC KEY BLOCK-----
-
-Type Bits KeyID Created Expires Algorithm Use
-pub 1024 0x95F61771 2003-12-10 ---------- RSA Sign & Encrypt
- Key fingerprint = 46 FE 81 99 48 75 30 B1 3E A9 79 43 BB 78 C1 D4
-uid Sendmail Signing Key/2004 <sendmail@Sendmail.ORG>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.2.4 (Darwin)
-
-mQCNAz/XbhgAAAEEANMR0MZRcYSFEWLDwtwdVaRl5K2te70fuZ1EsZxOn1C7XO6G
-udhw0hwJeq7AD0S3Tv8AofH8X8GrNVosfKJwJ+ttq0W9ivjBSm4nzOD+5mYmzsap
-0Uh1Io+Wg8kDf04O+f7PZ1tct44UZlr0F6hL+YE3/+4wpFA4S8jV7SmV9hdxAAUR
-tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDA0IDxzZW5kbWFpbEBTZW5kbWFpbC5P
-Ukc+iQCVAwUQP9duGMjV7SmV9hdxAQGFYAQApMXWH0Okwfeb6OPLv45ngSqzq1Ka
-C3dpuVmd1S5mD85Npgj5B5O/uoHhu57VXRcM7GCeRqbaezzCL3G0jKzI5y52qb4Z
-LJkK4/Pbq1DzbRL6GGV954NR9xR9d0A7MOo05K7NYa6RM+WyIk7KNeHZCKX2V/BZ
-+FVDcCDwmMd0YQmJAJUDBRM/32RP71iWZNQy4Z0BAdYhA/9IcKx9yZ6vOdf+2q8J
-XP+CKYkgTpq3O8s/jNXoqTEJikpj5vrHcaxbP5UAHJlaLbn9Z9zj4V2LrgDJOiT2
-UaCGy+4IfD7t9MgVpMjyKBXMbdV0LII/SESYV1QpzVAaqKR97ScMxCMV5/wS0GxZ
-+UplQOBUlvVfYVci5V6UkWFINokAlQMFEz/fZHJvUpPYo5umVQEBtm8D/iuOVnqW
-mQS7bN2aQp2K/jCLWx3YXG86U7r/urPeeKFRKBI9nF47pyjd84t+utkAM17yCIrS
-8pOdal3nzhRWkqLj3s+hBTeUJ1HR+rNuYHbgusIPkUF+sShEivOEfS8iQo7ZbcrT
-zU/neobWzf9X+ihcT5i5a5F12V6o1PiIq01HiQCVAwUTP99umZwcveLjXFY1AQFU
-hwP9Gf9Pr47nYyXaxb0naxuYEz9EDgzOwHgZ99yRgnkLiMHgLdfpZQWywIEHrG8M
-2py2Bc7+gQgsOT8SuBgHa1II8Y6bH9Xzu89EUoJFF5TlO3vBJlELg+aJehKqk7pW
-TOWkNppP9bcb/JgLci+/wSqiI0acBBe9LL8p0DGb5lyP1yqJAJUDBRM/326oOCLb
-R8w3Ty0BAU5mA/9z8BoeFzoNVEU10+FqLSBEYObq5AQPI8TZgHSE+H6EeGIO/clQ
-d+RMcWMedOWXtajglfx1UhF/fSn1Y/woWlJhNy7ebqBqscKVhTlCNeJHT6yLme1a
-/w3KOxnPleoT66EnyREyxR3O9s09VnKpGGf/g3223+k3VcFpn7qw3a2pQIkAlQMF
-Ez/fbr6JaWK4Z4wKAwEB/84D/3ssrF6teu739smXiRqLZxB+WppHO1yzr+Ylsir3
-RICwU3y9ayUtAIQzkwJ5qC+V8iMTVMSdJiwV2Yg8xBp0CzRXcdqntgRzJQWzWq2r
-HEHhcM8NOVtR0TCbPF8iw4htBAc+rEMOhT001xQ2zPL8k8HXqVrLHh84y5XxZx7J
-xOK6iQCVAwUTP99u0iGD4bE5bweJAQH7OgQAhzzTt7CqBezWb+pCY648W1NSzAgG
-ANUcybCJBaM+olkkO2SA9pSPXEIGfEg8qXh4jJhFmk6OLdeaaPJd084PiG3M3IAt
-B7QHE8DBBcnTPNWsZseTxn1dMZDWDddBGEqplUQivwNF0iAoLHUhySmqwi1PBPQe
-4NZeeLWjAJ6yV4KJAJUDBRM/327uwCnKQBb0zOkBATEzBACxvB0EivpyF6DiY9zs
-LhGkPwoRabteqvvZ3sSCtIxQWpxq3lyX8MgkeSEAUlJL38YGXHhBWbTfEUz8VQHe
-P8obxXBiEj0JxfqnzEmUvnTWF39dYXCQsAXp8+vjS1xYCrtYFMBmUjTg20pNRgzX
-y48UyDM33Zvr/7hsZ0iXGZ6ysYkAlQMFEz/fbxXBnB0lEtNGHQEBasAD/17V89bg
-Cj7Wh35BBB6Hq/eVHDLL1klGJRDX5BGP6v3rKpvercCSZEFlb9JSNVDmSefcTYpC
-NH6oNZux23EmOjTC6ZzDgrcCiADtTkfPotBL23dthLyiwL0yz24SKVqlBadzyNrK
-SDlXiz5pLHmvS0wuexJlHtaB4bRuBo0j5YaziQCVAwUTP99vSXxLZ22gDhVjAQE+
-uwQAqOey4/yVuMHfTVMDpAwWDMJJ1rWoRuiXPdn0lRAQSefu7A/TAe32Gcpm7xXH
-HlvGXEcqxMxXtSIK/TkFlVde9gPaQmRVvt/p77lT8eWkd7Le4vfftl1HGe6TSRVp
-CjP/QOkIYVuL1OcH1ZHZaOEKtGKbiG1TabJNsNJF3/4Go+KJAJUDBRM/329X1uCh
-/k++Kt0BAfwxA/9LDEkvCb9YP++5MQalpKe+CDvPJPf916HNjBF1XqIyh/0Ygy6d
-oYB6AiT9ch/dRc85s67rXeSHclabdcb4CudDAB+7wK7o7EGs/FQbsWlixftdoJ0I
-A+uCCMYc4ZVPBRiY3nEoEQYs05brfTih0iF3Pe0GQtv1PbCX6sy8xCGfiIkAlQMF
-Ez/f8ArPHrUDIjJ6AQEBsc8D+wcjK1zS+AT1QJ23atbNpX++1fhjVK0qF8d3SfH6
-Y5p+2uzWT5PpEfVfMtn5O7U9SUptGt3QUStM8bc1YYqL8XQvN8tO+TimK8PZ8J4n
-z6bp6R6qsbidvo12O4WkhCBQS/b1E0ech+0Yrkp/bpT5L5Mbzv/L4qc1+Qp9Brfw
-1XuaiEYEEBECAAYFAkACLjMACgkQiMunpwt8HzvhzgCeITpqUq5Ts7HQxeoLTyT5
-k5SclRsAn200QVvSoEAHkfM2AsqnK4zn5PD/iEYEEhECAAYFAkAC4YoACgkQorv7
-JAz5VvcTMACgjybvljlMqGtrTy6wMNDJYeBB4ocAoOCaH12bx7YJNmT3E8RQCy5x
-Z5rpiEYEExECAAYFAkBuLL8ACgkQi9gubzC5S1xGvACffF4XiYgKOKQ3t7GCLpPf
-xEGMXTYAoJ3abBhbGO+YHmFScTXYO3HAtQV0iEYEEhECAAYFAkACOI0ACgkQoE/7
-G33K6dPA7wCgk5yo2wUatoZuPruzhlypwmvF0HYAnjdMM4kN0jyUgUQt95lOX7E/
-K9G3iEYEExECAAYFAkACj2wACgkQJLk85YJw6RrI7gCff1Mxq4rHz3lRhmFEinLQ
-P++LdQMAoMVItpk5hX8pSKcZ/E76Gi3wlUpfiEYEEhECAAYFAkACYIoACgkQxLEH
-mIV5aiPmVACeOSDsOjt601csNXlkvoBq9bKu7zgAnj6jObAkNbXB/rOluT8Yj/4I
-RGnjiQCVAwUSQAKb6F8eyG+IDJ5VAQEP6gP9HIAOJGlJ/Lm4PhmsgIJjnUtEtmHc
-n4QD3ERB3RwgJDh5K3Xq+wjnXYvZtKoqoSBwdvp1mEAOg1gJS+4zis7Q0WOnoBNj
-CD3Xpq6OxiY1LrFspL5fH9dY+oX1kMiZGhjPvfauAgS5KfmKGdeG/AwlZR9p1NET
-pUfxKy8SjO/NA7KIRgQSEQIABgUCQB/IlAAKCRDk5U0RmgzamfVNAKCbo4pq7X1j
-rDUK6HjpcDAwKtPgKgCfWLazpsQMbNrZuzoWGj8fN1APKEaIRgQTEQIABgUCQAI9
-NwAKCRBwLeVZtNPXsKHzAJ9oaQL9JqxTb3Pdqjh1YGbUeBeXIACggTyw9xhtIJTB
-LIkSIcotiYmp1TGIRgQSEQIABgUCQAIiGQAKCRAJp6JK0eWCByRYAJ42JQ7xf7zV
-EV7Bav/YeI5XT75YPACfYjdnZdatI98TPa1bww6lk5TYMmiJAJUDBRBAAfcW4dT8
-FObQdHEBAQn9A/wKVRhHHc4iWt261OI9zMjM2DpNgIqhlHZsxQ8uRZTMfkF2Ri9j
-3aBbclxT9ktqHS9c6txg+BD6ETcek2vFDWmGsm/ZnJSiHokgno/yYbMSvKw59tl4
-6VqSDEt6aO4ZdlwDuAljMUE/M5wK3d0JzR0fMdtI3gJ5SSL8D3Lpb9uYIYhGBBAR
-AgAGBQJAC1C/AAoJEIHC9+viE7aSbC4AninGVdeUlR8BiWNKSk5y5jW/kidKAJ9g
-0t4cbWydd1ZrcZWgK/K+oUynk4hGBBARAgAGBQJAC1EAAAoJEGtw7Nldw/RzZ90A
-oLn1YgnHvCYPVJvR9lPahRiv6n4FAKC5hoOZHCOheOOZZv21aDVZf45bXohGBBAR
-AgAGBQJA4IssAAoJEPxVuVR5zJGzclsAoO+uOWSBmj+wWgmDRr1pAL6hUgmhAJwK
-jYaNXwivBn/SuLpi74wFPw4vfYhGBBMRAgAGBQJAC1B0AAoJEBhZ0B9ne6Hs+68A
-n1sUSGThp+SIBGZdi0HpirC6/gvGAJ9KEHjz1PWHnCspxhzjqU2F3674zYkCHAQQ
-AQIABgUCQX8pbQAKCRCq4+bOZqFEaIWID/4kIGmWDh4L4yOAHgnX0/XZdefJ20PS
-BUYPgOHz0SOFtnxbr//L+t2FIcjX0QUDIB2qK5iw41L9hXJkr41GPekJT6f6cLHI
-n87HC6O/fdraPkvoq4xzMEir2sjUWwGqZTwHfRBJ8VF1jcs2x8tTwkjuoyQLxo4+
-jtu9X4YTqX8DI6aYBiZiizS74/4x9qU2HxBPJhd3bAS1hh4cj/vK+C2WSc9IUkJw
-molL9fZJAHVh/lQw65nlJCUox8gPgew+ZYCJqVm+7Mo+isXvzv3YHdliMQ5H4Ovp
-xJo3TCrRjMIlPC0OQSVut4j7YN95Om2L/7wXPf5UPJYiN3ChErIHqkWXt4JYYSCg
-iu/1Y6xLGLQ98XwCcl/8fzzdfd0N+q6vOC/bau/zrbT2eQtwzI8gRqvI6LLnQRyH
-VpfkslmA3NOIrmabEvLjeAmRfSnpkQvz5/Vr1I8Zur4pr4X6EP88eeJBFPiWYlNN
-B5YxPButWtHTZud3E6O7/MmrBTHOLe6WkPnl9LnMydcu4Lv6O4ZYvrauL/EPMwWw
-4yl08f4TwY2aQ20/XCsx8kwMwGPTWY8pyc0Ka+jCJziBF8SsKDWk6VgnZcm5A2sW
-xuB262JP/+n52prf+PmN96Ob7uQPYpX5Pc9xfV+9y7J87Oqc0zIfsfVUyKCNyDeP
-Dhl1CXPwZ/GWUw==
-=Ehw6
------END PGP PUBLIC KEY BLOCK-----
-
-Type Bits KeyID Created Expires Algorithm Use
-pub 1024 0x396F0789 2003-01-15 ---------- RSA Sign & Encrypt
- Key fingerprint = C4 73 DF 4A 97 9C 27 A9 EE 4F B2 BD 55 B5 E0 0F
-uid Sendmail Signing Key/2003 <sendmail@Sendmail.ORG>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.2.4 (Darwin)
-
-mQCNAz4ktksAAAEEAM9Vrk1RpJV8oPwEUPPbqUY14VYc/LY5JQYV8ZU704C4c65D
-L7VRxnO1U2FcJsd8IXz0Dd8xf5r5x3HMj00zEYe4x89gUEBW8bUODL3oH5Ww9064
-2Cxlq7qK3nNPtct4QrXTadg378CJrsgVQ3V/L1Zaj1Tt7J2PByGD4bE5bweJAAUT
-tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDAzIDxzZW5kbWFpbEBTZW5kbWFpbC5P
-Ukc+iQCVAwUQPiS2SyGD4bE5bweJAQHbfAQAixSSHRd464OikvI7cPBkCVG7v/jo
-n3/jc3fbOD3Y2jO+1L5K7SswDh2DwHfSx1BiUvhJutQPLbHv0SmrJwPQwR/DTi2e
-PQV0dCx1rv+ztRjXaE7tLA5XsS8RTiBXfQRNamxUqPVA1hCAl6ulBbZ+uIGG8F6H
-LgRV8jvNqjDxcKyJAJUDBRM+JLd071iWZNQy4Z0BATagBACq7IebGrBRDJtwPcps
-O2K9eb1PPkMg57MYE5OmnNgMnMtVWBnMz+V+7Dg+72Hh+B8AL+0tRLNFxCWCr8Q0
-iW08kzgKA891NyZcvGyYCGr1vbaxGpHcb8wdgLE/2nu5E5poksA1x+Bo+ojJga17
-r5XKiOoSIR3ubyAtm4PrXlo14okAlQMFEz4kt8bBnB0lEtNGHQEBa6oEALajY9IY
-M8zZkuuGNvZvjYKX1wt+TQwobFPOucx8RPT2NENF2jg+tstaansWBEXtFBbJO4Pw
-MkbGrSirdUMjy20SZKZV9SbVUtT3JbZjrD844N7emc97DNZNd5p52FjSX3518U8A
-e8p0K8+L4/o/P0UnEJodz+u6gTDPSlPJwJamiQCVAwUTPiS37m9Sk9ijm6ZVAQH4
-mAP/ZccU08EeDnjwGXAIYXNRTxxdfmlyR1GvCinrDrKBfdoNSzzHkwHIwWsXuMkg
-mEcGeXNlXxBsEJTiBuXbKOyxnjMhxBX02mFgMNyYjcy9Vu7+zXiJSUgSAVlwontm
-083bNqH1yoE+fwF9xWQX3UVMvkQXS1yAKuE457GvflnEkjGJAJUDBRM+JLgFnBy9
-4uNcVjUBAfSZBACZAHhb+RCbihhAvk5LMgNznUkKEU+p002FQpk5+hMSDI+nVwTK
-D/2XdZe1P6hrKxJGWXjp0BXmZAonZB15b8DgdLDyCqTv+RLVPKTnpj+sGsBaq972
-ZU4CiWVeXzxUoqV81lrHrox1kdgJ1vZ6015Xhnk8WdHrFGmB6s/l9ixTqYkAlQMF
-Ez4kuA44IttHzDdPLQEBsbsD/iKHrN0wAUWjxEMWvuH4KhtBgJc2D6B+tU1iMaVc
-Fx9rKPMAgNrufOwMyFd/QaRHwQHPZx64FDlmyUEMiTw3VDNkPuqqjKJ+Cp8Bbzyt
-Xgqnlqv3b2UhVB6hZhiMZAhlR/EqBNdEY6nYy2t8YS9zX0O6tjY+0bNU5uadXkYr
-7D3YiQCVAwUTPiS4GolpYrhnjAoDAQEstQP8C4jFy6PVU9Hu71pVQJ6BemCi2c4M
-WzktX//DPcJOR/rVyDAdxqTMnq8BRRDGwoNgcd3RYEhXriVWxlIqioSVgRPQHRxS
-lLk11k0Hdt0W485XxXDU/1omxdeHWo+tNU0XBNEW3yn5h8SQLpla2ZpBxspKpiMa
-TrlBLymoNi8MzruJAJUDBRM+JLgkfEtnbaAOFWMBATxFA/9XNnyggYxIsdfO2Q2s
-Ea3/G/qLuq6Yh3xFE3dWdWiAglXrrqRaDN07UPI1gSOX+ZLxwxhsBQg0l6+gNQ/A
-RYKzO8e9mHaNSJBHTeb+j/6+ku8KNeAa6RBkWDi0OgMl1uVzc+Mmc08huOS78UJI
-c76tDuFvf86HlIEXLHeKE9xwwIkAlQMFEz4kuD7AKcpAFvTM6QEBAlYEAJ17jgMR
-241DJIiYRp/VSEBOHb6YMqQCX5MQy2nFlg54Sv6cnEbbBh75McM3t11q10pBHqZH
-8Tld6RQIXwmtSRxmORxpitPDl2L5IybqpBj1TzdxwPC6CL4dGJLTDAp3+U9OLdvG
-12GCKplT9viigapaOUdjG188rAYH8yExwNv8iQCVAwUTPiS4ldbgof5PvirdAQF9
-PgP8DrP0iuPCCK09P56ICm6zydYZ3WbU75zquW501Q55Q/GHWyDXS68YlJr5LyBG
-vZqVhxjmtSqM2T0Rmsg/xz443kEwvu5AYRZNIdOwCAuU6hnZJGPIWqZ+e6oAFQK3
-yA0WPZiRKE5lciWqgWlan38jN/JkzwOeUsExJjRmj2AF7cKIRgQTEQIABgUCPiTD
-4gAKCRAkuTzlgnDpGhL/AJ4lmiFuIbCTDVrKsqIFstaTl61xJQCfUgr8vtgH2k0P
-uaywr3gphNB7leCIRgQQEQIABgUCPiTEiAAKCRDBbFIvcyFx1YlRAJ46pZp5CLNT
-sceTb/CUiLy93qSZvwCfbUygbMCNzRc+QomiBlJoWAFFM6KJAJUDBRM+JMV/zx61
-AyIyegEBAbrSA/9vPZfmqlX0MlL2qZACKVfUxO7BYEwnWvknrhJhDm9jE0DTQj8c
-U12mSI8FYnyOZ3UI74s4dBWqv8IrMdzcYt389tC5GBjQoRTUyR9zpwxXjqQ9IG4Z
-x7mtbSAc8U9dIaNBE461MUT1zcq8NtlFTusmAuhoUlrX8GsRbJ6fgHzoXohGBBIR
-AgAGBQI+JMtPAAoJEAmnokrR5YIHzYkAoIxfhY2mgwt8BRAn7x+ldjiAXn28AJ47
-NK20+7vyNIlY/edIEoxlU9FTcIkAlQMFED4k06nh1PwU5tB0cQEB5i8D/RCvipmV
-3rkwNegZvqbRRI5U+zZesjlfD3vFKLCafC7rWB3D7YsWI08EkrOa3D9RrcWNH8Hd
-h5MtmZDrwu5IAUDeBZZ7GAfDTrBMm59KA8dZQUxucAXzuGkUZ2XTEVV0ybzG8atx
-OGl8ukmza7PXXpdkh8zvwIvRcWWlM0zMXdtBiEYEExECAAYFAj4k5mQACgkQcC3l
-WbTT17AxTACfRsOJFoappZnyPNeKB+Le1/m2vW4AoM5ztfURp4hgIoTntkauAOgr
-LYFpiEYEExECAAYFAj4k88YACgkQorv7JAz5Vve3JgCcDgmySU5q81glYvuFgTlP
-n4tV7uIAoJbgCYdiNBsdU3Jid02d0ld/M9v1iEYEEhECAAYFAj4k/78ACgkQoE/7
-G33K6dPgnwCfduyCaoDAVa5fL6jKRlMLRyeNyL4An1De48wO8NHv1mx+wzKbQP+h
-WDIqiQCVAwUQPiUAMADy2QnruxtBAQH+MQP/dJsgNIFj/aNtdrwTXgmSlmNRq++Y
-2MaNUhdT1DhXGmhCS5DY54vroipZ+BpyJUEFJicIhnWdf9W6sxlaDHIbZD+psIhg
-umd7CmEIj1TjWGmNokXsDQ4KQ+ZfhhTfYG13oTSO6HYCt1PixVneUeVO5XT1lios
-fCE7jRHEM7/IyU2JAJUDBRM+JXUvXx7Ib4gMnlUBAaVlA/9CY51e16TSqBUQB7jT
-I119joBrSLAzWOoNRTgNQa59r+DW+Rf+Kl0KDTINObb95N1cCJx/4OqefQn6CvCk
-jyf8qHiL3zjj/ofuN1ebWuFbAxZhcPOZqpz3qzJTSGOCZy0ao6Is3T7sUxDEvub+
-jLW9BU1Z/hRh648syknjJwlr14kAlQMFED4l92JiRmrs0ZfX0QEBd4cEALQ3CnKz
-Ta9/LStigTo/gwCt9piyRTeUUmFf3oOfotybhiduguPEFsGhgahQHnR4ONFGkHp5
-yBFxfKMUwKyqOytvLKMmlC5LIAczIIfiZJHkhWrekbIXvpsz8/iCc8D4Dqf7iyyg
-v0e6BLnL2r8W0ky1+y6WWyZvvlmqUa/yQ9jciEYEEhECAAYFAj4r9z4ACgkQxLEH
-mIV5aiNQKgCgoxZIAyzdSIk5YbSRAmjgbfc2srsAoKfguDpXQp++QL376+SnApCw
-6A/IiEYEEBECAAYFAj+yfqQACgkQ7vRVUBn5/kuKhgCffp/7sfIVTVlNKLqKUxm9
-PKNeBOMAnioXZjbGFsXTVIPX2Y/p4T6Zi3EiiEYEExECAAYFAj5kImEACgkQi9gu
-bzC5S1z9NACfQD6usanzkHgeMgAxg8EQfK3QHrwAnjSIqNta+un2xVIZoicMaiBM
-b9pgiEYEEBECAAYFAj4nwhgACgkQO14FiEE/vMvy2gCfUjuGVRkJdtELhb3j3SX+
-e2JvolQAoKNfvJYD6v/3DgOQFJFVEehRzEd5iEYEEBECAAYFAj5kce8ACgkQX0GF
-pW7qTI5HQgCfa7EluhouinhzGMvfbGKswZebfFoAoJ2IGPnfwLOqUWxFZIv/tE1v
-gj/CiQEVAwUQPoHkLHAwZJyAyUshAQHCrQgAhP+JwDlmBCy/lld8iYZKae4buBvc
-0jAAx8RG9lchEGsctKMGDHGyxJk+JCe20LqEn53CGq9RiZW02xJGsaN9tuHv1Ekh
-cyD3jxhoEoPWinTihgq2VY3qnt+nmjS8ps7+Ov9awIQIaqNuIG/s+fD0K5kYJ7/R
-0RtUdnKCetbGczpeqDgYGsbgovjp9+m0G/xTwlL664xtXR1+1xYxgIqxDozRFXXj
-0vsoB2p2as3aGBWJP5qZYVPEuUbv73mtUEAenP6KM+JLu+t7TDxWDe7K/1paa1UI
-1qAcMERo8N/39WYRQHJryLS1Cl3tFe1erEem4cWlNjyWdPbkYToKk14PGohGBBMR
-AgAGBQI+ZO59AAoJENjDuVLpGrm5/2kAoIK0Y0DKAYw10+8Bd9mIgCcBw1R7AJ9e
-vqWqDcoA6tdcgRoPw+b+ORPDXYhGBBARAgAGBQI+hvCcAAoJEPjp8+GIQvVJEhoA
-n16i0uFYSZoCWgGxZFMav608+x4HAJ0XB0XraMQJToOZAXSpaSWhdXy7pYhGBBAR
-AgAGBQI+9wRgAAoJELghiQKdsrW8eX8AoMuOL/iHpizRjrBEC6IZ9FqgC8IdAKD4
-NVlVY7peK4/vIy41g6deuYTCXIhGBBARAgAGBQI+9wSQAAoJEFIY2mCt64GL9n8A
-nicB4gNl4ziY6HArLJZBcVYpUPlRAJ948hOKxlPeHue9VBxkfz3wK0D9fIhGBBAR
-AgAGBQI/janPAAoJEKTWXDNQN2Znh0UAn2Nsb5LBZywdGIlUtfRyBLA5zvf6AJ0a
-pimLnGjRdZZY4LUFa75D63EeCYhGBBARAgAGBQJABH7NAAoJEIHC9+viE7aSrJMA
-n2WOXw53qZ57aRQV6j5FLLoirW+FAJ4gTGBWeAyWU9qWvD1CGi8SWIost4hGBBAR
-AgAGBQJAC1AqAAoJEGtw7Nldw/RzIiYAn250CHTZPf7KTGvep6n+ESJRcT83AKC8
-GjwcuGUfM1Ukh/BIEEHwHhjS6IhGBBERAgAGBQI+0xpqAAoJELL9knZIGOnVyekA
-nRqtOk0TrmBKjolOKUmp5C1dUCiFAJ9+GeEDAtdhA1ReRKj1osnTQ1I+0YhGBBMR
-AgAGBQI/StFiAAoJEBhZ0B9ne6HsjmkAnjIXl6SvMcKdm0swC8xI9Mup9ovRAJ94
-yDgY6w5RdAC1HsFufiEHZ1Shp4kCHAQQAQIABgUCQX8pjAAKCRCq4+bOZqFEaPGO
-D/9n5I0921vpls/oOoFu8OR/NApHYvYxKmTcv1lH5QazUP2F7F7drXlQ9yjriY2B
-ufjU01bFmR6yskvfZpmsXfPmDzTktZRqGiR4mcxGlDrwW1cKphPWcVLXFoVIax7g
-UEK+wy8PNiv5G6+oy1ukTguwMXeqLbb4qxcDbHTx9GL6Z9E8HR88KdgHtRGZ1L6n
-oKRK4y4nt9PxJzep5RkT4deV1oncr6TS3gvmJCb3+F5gvQueWhZBnCdQHtFb3Y9F
-uEsHI8RxrXENCacpZYpBYKtv/umQbRyVphwO+HUU4bGy1A3rTy9KKkWjycqx1tat
-CH7wz3ebqvZy8sfibhUO9PeDfZ33+e6CrPvqOptGXdyHiHm7QltGhjF3TTjRoGnt
-DWvu8q+F6/GspzUVwbqBH7zbaV9a8h8L9fkyVmgq03+y7NIP1SSQxGLEv/qqBflB
-o/9MachU71OhDp42qCyfXul+NR/4qtYmj81+5zGz6vSWwCJ77VMVFZQIN40rEHnA
-40xl5r9pf3hDZWrj2yg+mChlqcICJAnDfNtYaOve8rMXJ5F22VoWGaAJiAkQdH1W
-ZNSR6KHm3A2ICdH9y0fM14u2NAlZuC0QzqbUotpwSXgDMwm3P4He9CwO7IEp0e1l
-+nbkE3BfxahWNiCSF+RF93kvSoeFf7FenAF4BkBzyP62kw==
-=ZdQs
------END PGP PUBLIC KEY BLOCK-----
-
-Type Bits KeyID Created Expires Algorithm Use
-sec+ 1024 0x678C0A03 2001-12-18 ---------- RSA Sign & Encrypt
-f16 Fingerprint16 = 7B 02 F4 AA FC C0 22 DA 47 3E 2A 9A 9B 35 22 45
-uid Sendmail Signing Key/2002 <sendmail@Sendmail.ORG>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.2.4 (Darwin)
-
-mQCNAzwfgwEAAAEEALejONfYzPrNw5IhjBfjpkj1hCwVGCa91d0Pr9SyMgFdrEam
-v4jWiz80rFoKdm3dr1bDqBhdiq4tH49Rul+RLLEXLyiPiLyRoldl54cPeOUoGafp
-PvcCihSgWM2tFO1saYtf+/oM5/9S/TA+pb4hpXAZE4CfL4e7X4lpYrhnjAoDAAUR
-tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDAyIDxzZW5kbWFpbEBTZW5kbWFpbC5P
-Ukc+iQCVAwUQPB+DAYlpYrhnjAoDAQFKqQP/YG77bGGhCqr8PxSpWSNxDuIPAmX4
-VJdLsIQNUBqI/3noPfTec3553EsXMUvJh/4iiI/+6CYExQi4WQELZDPmfUUWQWUA
-aiv6upSOKOAmuiVO2cjZzNaETswwyabk2rOE0RzmCuzMDCrkbFugoBRofuUjXwq6
-FAnTaM5LkAgprfaJAJUDBRA8H4OufEtnbaAOFWMBAWP3A/9Y4JqmHQtcz0t/kIcE
-ZwGwYd8+kyeo0/0voW07STq/C60hX3eFiegoqO6bqILIaswZ6djnYOMdOYhMtM+f
-VzcMNTyJCRe3KcWvY4xRQMYc+zmwqqxY1cW6F1mWLT6fwZ6hlIRG/A91OfIDbnuh
-WqNFOJR3NNMmC97nB3D36e4vWYkAlQMFEDwfg/jBnB0lEtNGHQEB9+sD/R6kEta/
-JNgmBhnVRheM5+4ijQpz9csP0Y2Ccd5C2BFkURQztRxgldaTRdmzAltjG49ZmgAj
-C15v0S5CunWI2gHNvNzh0odyKD5+FEcU2arz2TEqnEIzoDdAq4B6Qwf48EVBqtOa
-rIY6LoLV2/POFqTZvP2fzdp1kju6KpfMLgeniQCVAwUQPB+EB+9YlmTUMuGdAQEp
-fQP/faSN6UtxXPrEtnqF+9V+pEc77BJO6oa9lpI9Qdbupo1wqNtFH6ZmYhnLPD65
-qAFnyKZU6VW58ulobd5nZqISdTV0CorPJ1I+7zTS4IuZkiDg6/YCTzWdcgs7M7W5
-sI4mnDt4bPdIRvz0ffM8r6WmVQISuI78+9usnZMLGoJn2P+JAJUDBRA8H4Qmb1KT
-2KObplUBAduAA/oDRlld+jlosLu1TDZD9J9srEK7mdT3+HIVohcfkqpAhXXcZrvd
-avKucihNrCa+dj1u03A0xxMPQoeuFQRlL587M1sEtowVGuyMTyiVtut7zsta/eEQ
-nkp0MYTqNftkRxoc7vMx98tqO4Xlfe2mLekV8w7TUQxGVi9JFIBx6ZATUYkAlQMF
-EDwfhDWcHL3i41xWNQEBoGED+gIvGFmUUu7fkdEmaT559dapdxCCEJkV/dUZUrbo
-EmYtllCo0yNxzfBdXVwlBlHFV7fAW+QZRhCQx9TBv0JrNf/AJp4XIo837PmKhoJr
-C5UsbT5SIypBi9Ai8AX4HQrB5SQQMd53efjmsdOITtdM0Cp+/uMUVuO+7oFeEWtW
-MvxaiQCVAwUQPB+ESDgi20fMN08tAQHyUAP/ajusqW//1Z6622HWr8GTVpTua/YG
-H3qGW0ZdXoqnzUNBIc9lksOV62JL91pzfDWaTCqMTEYzT6W94e7n8SYFtbroemxb
-kdSb8DO3C4bOa1w1dJsQfTeRYEuIMVHtjJmqw43J7pNn2HazVcnPf95YkMhGvs4b
-P2zfvyWwhgRCbWOJAJUDBRA8H4SLwCnKQBb0zOkBAddvBACYxaTZc+HsPEMLpoHW
-QIsntukJgdT/onZcTFZiVNmA6bYyQ0VPTiZ27HN7LjHkVgtdyEQceKq4T3iQ670h
-/Pp0gwk4ZDpmA/k2oqgs4aE/C6KDy6nMCGaucJhC9I0/0EFD32skvkQ5fj65oeoC
-2r/coIoA44Jp6ikzGA8i5aXuyIkAlQMFEDwfhK7W4KH+T74q3QEBwXED/1TiGmh1
-lnvOLIyn2lG+HIM4fzjlU4EmEm9we+lTi/zKOz+3w/O+jZKPEeYXvhjFjEbWIYI7
-XGtJQalipU4+Uhwv+bIliwWpYlFs0Roi6L/mN3CKXN8S62TI8RdArRKtPH9OxvGv
-1AXnEM0DRFuvcRVEBkUlnZKEit+8ttu5rIx5iQCVAwUQPB+Igs8etQMiMnoBAQE7
-hwQAtxoIqHHKs2IG8tTiNcjgfReeXovMeGttNua6rd6m2f8hA/UNt3U9houeGEsb
-62iU4ahd3zRRrQyof2ZshLZ6kSNM/5KrRSP2YlpzLSGbXJjuQQdc6rbQItOxo2rz
-lkQ4IlBj1XgYqO67GimlXk5GxpsTLhCFh2dfONxcgj3/P2OJAJUDBRA8H44OI+Ri
-1L97pCEBARSeA/9Ep+EhBQUhnr0lq5PX/35uSfyaSFYVNnJ6KQqgoGJXIsktW47a
-CIlGNireedg6t1TpjC6O4mWLZbromFYX6tq3ItNJopoMEN7kQjG+joWgYeBb5e3u
-qDCThHonW552ev9HNGtCROG6Dvb8gDbjutlcKQMNygJdAdQquLdxAMWeeIkAlQMF
-EDwfjdV3HZKuiXLHwQEBe74EAI8cKrwohEOLVUNRZSCmNpttwPQ1UddzPF0JtFLy
-1CdaQWQpR85jarWCzYGioWWMpKrOHjQC2dzezaXbbaegWgC+NNylcgSuPlbAgexY
-KCHy8zARQQR87XzRFyfSgG3eJaChSpqNxZ38MS81P3BXpLoKeUA7LOyQbLOAK9Dz
-NCSqiEYEEBECAAYFAjwfjfkACgkQ00k+8NKXq46yrgCggAqQ8JF+Fjg79QxaWwIm
-pf91jsMAmwathlgkBg4za7KLtRWk0zheulwpiQCVAwUQPB+OlV8eyG+IDJ5VAQF0
-2QP/YP25VZ4P1EPp47VUusxq0N+pGuNUVrtLS0qQlIfa/Yp16z1y4V5QBdJEs627
-uSc+Ia6f74B9gJYKXquvzSwIe1PYB/zgLuuEpIiaR5OXFQ4FiJ3mz0aI0Aleftst
-lkFjKV90at1TbAV4tQtGE288HuFKYxI6WgO6WAk+TbRjsl+JAJUDBRA8H488pVOS
-weT0SUUBARWQBACcT8qt9igIx4Qe9tLQxWgK5WM+9vCyFbNQXeQf2EoIb7SkhGWa
-8xctG0DHwM/ZHF8KvMAxq3IvzR93690COHdMr5NeEmbRIr4ptiNuTw+E/EM3zmWY
-mTJsydQoCKuMpx3KKAIAojO9zfQ3Jp0vKrTyYZpg+OsrrUu4vGv3Uo4pJYhGBBAR
-AgAGBQI8H5EoAAoJEAJuFNqj63mKkCUAoOlz2//un2X5LHBpQMqliApr9yK/AKDH
-WhmadZB/dNfhqphAPcgJvBVZ84hGBBARAgAGBQI8H5GqAAoJEKK7+yQM+Vb3czEA
-n2OCdDNEGlJt0wwUi37vvNJJXAvtAJ0SAOrKsE+jH0Hq/0Y181nCcjWafokAlQMF
-EDwfnYXh1PwU5tB0cQEBlS0D/jnLmHQtNmKxV/CXWgyHwcfHP5QcbgGYJfLE9SDV
-ARN+VJnFQqXDAPI5qwcdAEOJal8AVs4cnoTwuJm5dnKSjPOPsPEVALFPyX2vLZv3
-M/QF+FMuaUowqAM4HCIqPT+ksd+j4jBSRwGvYI6BeBYIWdmHvrIVkh9Cy6Mzz8+s
-AZ4WiEYEEBECAAYFAjwfnmYACgkQcC3lWbTT17DpKgCg9AfAjRUwSi66dkOQz+JY
-x0o84uoAn37GFkdEINOpqqs5xRXouS8oDO/FiQCVAwUQPCAxAADy2QnruxtBAQER
-RwP9E7NcJd6a0C6LpZONEpdvDRqbHtdPG9tFaaEX1Dd3U46BYxZDgsCzgkaKsV0K
-M+fWyX+gNMu9TlgBSlGP8S71cbGpOW8leg4TgZ+HVQw+hLErsIh67NBSAnzwkJEa
-bK0qeC6nNDWjRqAA6wH3pszwf1QmIH+ajyKoeKOi1VtqCe2IRgQQEQIABgUCPCCB
-EAAKCRDbzEgBadC1vvP6AKCIBs4JI5uc3jpRwpd73Xh+yDCguACfQ4NlT5NKLr09
-94HNAtZb6hzrljOJAJUDBRA8IuosBn5e2L+1ZWkBAW2qA/9QpFIyvrnaE0FAxzic
-yYDXRhv9DV9cEfXzx4A3Wud1X8OFY8L8oQtaxqmhMmh1h+WhxrndZ2VRKpoVt9Uz
-xcVK3UpxSOohYUiKYD+4dna39DjT3bXu2k2eTYYGOuy+GsL4qJmxyK0YJqmIxpQ4
-JYbcl4VykuJxT7y+YuSwuFpoiIhGBBARAgAGBQI8M1lpAAoJEL+2fm9BJ4pEUGsA
-oLQJ0uJwDu23Of5pU4ysFHiq0jhXAKDV9OEqZlHIVOeAj7EHnbe8BL1USIhGBBAR
-AgAGBQI9hM4xAAoJEHrsMNJ+GHnp26sAoO4GxzEI2uTijIndTZg6e1fWq6w3AJ4w
-o4EgaD0+qvvknsDdVZnqZiTKu4hGBBARAgAGBQI9t8krAAoJEJ+qc26EFy0RmysA
-oLE4thJXG+6toTS89svJZR0LO8jBAJ9G+DFp7OaSqxfzBTMG0TUAsBdnGYhGBBAR
-AgAGBQI95qcFAAoJECFzMZDXkQ304zMAnRo8FOW39GbbWgqKorNSVe9u+6oeAKDx
-tOeZHk9J02e1C36NmNcwFhXNl4hGBBARAgAGBQI+D+jAAAoJEL1UBo1/MvNhXagA
-nR8Sl12kfqgwg3d/qDySaw4X+cldAJ9FNeaK9ZNnfIHOez+2pDYk9j/pQIhGBBMR
-AgAGBQI9L9yPAAoJEIvYLm8wuUtcIBQAoJrZL8ErmkFcAybHB/pZI0xL5zGzAJ9C
-S+oAuaNNgV7Lo4RkV3QKvk8F0IhGBBMRAgAGBQI9o0/lAAoJEK/kxkBlwh7EFSMA
-oI7cPlI6hdufiSGe39zEoad9DtStAJ9nXypMUhlIRuMsAfwzTgO8JeZP3ohGBBAR
-AgAGBQI8SYznAAoJEMFkD/uIpvQ2DAwAn20jGQn4rGjVQXK4+tivmfidjTnPAJ4+
-ZpDiDhFJnx07g39g2/1UumNm9ohGBBARAgAGBQI+9wRgAAoJELghiQKdsrW85RcA
-oIRyFTtMGoLdMn6YW2PUf4ikS6zMAJ9A7HGWWGUkWsQrJTUOAvJgGGWDEYhGBBAR
-AgAGBQI+9wSQAAoJEFIY2mCt64GLgdcAn0Dhkkxvlc1XC1ZENuEjnSfnn8ajAKDd
-lTXhE3IrbgFYh3Zllr42FCjkn4hGBBARAgAGBQI/jamjAAoJEKTWXDNQN2ZnQLYA
-oJ+8UtPRlAweLDI/dI+VFUpe6AdBAJ41fl5AMhDdUuvHMA4lLV95i3CjJIhGBBIR
-AgAGBQJCGjKcAAoJEA8Ne4Mg5YjtoAQAoIvQpUF9X4yoHZWEONKNd0xTHg9dAJ9P
-/EKFyOJWbfpUkVFOs0BhLhkspg==
-=lzX6
------END PGP PUBLIC KEY BLOCK-----
-
-Type Bits KeyID Created Expires Algorithm Use
-pub 1024 0xCC374F2D 2000-12-14 ---------- RSA Sign & Encrypt
-f16 Fingerprint16 = 59 AF DC 3E A2 7D 29 56 89 FA 25 70 90 0D 7E C1
-uid Sendmail Signing Key/2001 <sendmail@Sendmail.ORG>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.2.4 (Darwin)
-
-mQCNAzo5SykAAAEEANNKa1jxgODYsmC5w2FJj14JFX3MnF9yt+NblOrqXvjzs8fp
-l4qWCoEOsN6tueeNRAytrGTUFe5M+fJ/ddx9yRKuzjv6WxSeYsWHzXxMD2M6WWyn
-eCK43LhCAd1uuNoYrTdJFnADOrz7YiMu/N8+8IvBhM5ozEH7pzgi20fMN08tAAUR
-tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDAxIDxzZW5kbWFpbEBTZW5kbWFpbC5P
-Ukc+iQCVAwUQOjlLKTgi20fMN08tAQF1YgP7BmBeA8wCY8sNlENCgMbYcgkqrmtO
-aDzCRwALiIDEC63i317iiopRq8wH8ZQcJewvmQDQKWgdZnpJbpAONLR8gzk0t995
-0wKHRgtGtzR8x8RtSXZ9yiC4AjxkLXogaOYtJk+ZXayX1VFCJ0lMoxRsNtTfXyHK
-RN0lMnJwaRPE3FqJAJUDBRA6OU38nBy94uNcVjUBARTzA/9rapch15EjSgZIywSY
-e53l0EfoqsUqKzCSoRGZqv+hJzpRVQ+R+D037pSV07OItK2q0nYGLZqH5ApLgXAG
-/SPlEYPnUzCooijIr/RsLU954lp1HDNuqUZfUs1ukk/f7wHmshsP3LS6zyvqnHR+
-va9fzU3wo5ZRv1ItWIL3b68+uIkAlQMFEDo5TglvUpPYo5umVQEBbqAD/Aj63aIn
-4f6W57E7APvhkP0FhWcrCp9sGu0+EdUP2lnn7KEn02D1hwx4mDLcJcFxikfXXVvh
-+Cfpr54oP0CWNpcpXVssS5CZoYoC8e8W0YoVkvYnxmHFDjnGRzwKDT88FdZYnbiS
-JWxlUkcOs45bOdOTE7pIeBwe9MJK/zCwrbmYiQCVAwUQOjlOGO9YlmTUMuGdAQGy
-YwP/fVIA/Y7SH+MxlALWNHOVOiPF6KdrZxOoB/Ya1G8uNCS5PttePZm/ZSoyVLSX
-QsJG1Xe/3YPXDobuPdRuC+Kpzli6upCHG0jbsH7/m/EPyATxPP6GvpU/eVK1a3el
-8aLl7J0m6NSEh349AbFAzCRhrRl9N/jIPt7rys61ELIMp/GJAJUDBRA6OU4wfEtn
-baAOFWMBAYELBACtu0kG7v4QYs2lJXIpdw7Bwl2/WNyH8mFhrqNgbAE9+Fsh4HAP
-nCBHf3qbjH4/Q3j4QNkDLor2HYIhnW8Hz21At//5/eEm/uJj2vsOjfKFYpGtwf/L
-VHQCQDbNFrxi8pLtwQARNL8M0ONT1rxNg5xyv0/3IWeo9GblkV3hdKO1sYkAlQMF
-EDo5TlnAKcpAFvTM6QEB9s4D/23DDLInFj4NoaO0MI+ZLWo1M8SXd/sWC32IYY+P
-dqABtONUNvVnaz2wSZxb2tKXcuju4DtsMrZFttcEQ6W4zaaGpcg6Hq6UqHGL0UAE
-2tkcJePvkIhJ/FokoEQnoAlj8IdxjK56gCT4Z7OOSmQEcNTcjmH5Z1AZUnTkIImT
-hFRuiQCVAwUQOjlOqNbgof5PvirdAQGzAQP7BtqC0bhCybf+P4ESP7XwSYVuSZvM
-LLrpkA017MQgf5BCHfh6x/r7NxGH4OOTnZwcKQJHJ0NzAxtmWCe3YjxLHMUlfRcK
-MIBQF5UhPTOkCo2XFDNIuQ/Tayj1D3Go1JHSRqfxe8et2U1SZi74JMMo+B7o+utX
-dUNzbv5QbD7yydGJAJUDBRA6OWaRmAfmW9hLWSEBAegOBACgsFNvkidMRX08xGEN
-oX3elJj5Ib/zYYvR7Ui/b27haw9KtuUNct0aRtb+MAb9sXb+0hphDR2W//AxSDgG
-Qh6ZiEO9c0xw74XX7MrSpwcgom4jJLxGN0fEx1YGmMF1LGmmlE8UWC+FJdVVnW8v
-m98v3zEmRaHvDnklGvFsgItw3okAlQMFEDo5anTObntw7cbX6wEBKGUD/0aIxmvb
-kwPlV27sCl6QGy+C3hIJTtz0go6wRh+X0wrP0G5c5OBlg12GqOYP/WlGEs7Qy8GU
-exXFZxF5kBtFgUiHLq5XxWsAv4DVyrtu3wtpFu9P+smKuMQWvUah5x2R5AdsyH2/
-/nn2tMcHqwsgwK/l2cd7ObtfZXoYyH4ZU+3SiQCVAwUQOjrpa88etQMiMnoBAQHp
-JgP9ENhWpB1jv9xrUDy6XCIEdx8hoSVFT/+PaiPhyRwEY1+sW6L68NeTPWnDAcuF
-y95sZlBl6xKIykf5sG0Cb8/Y8HMIIjuiet3nYTd4ehKE6/byOwwVNwe4zu65+kGz
-YT0NF8CaZ2zBFV9wM8JnM+BHshxu1X+4u57oTbenXCNBOmGIRgQQEQIABgUCOjrv
-RgAKCRACbhTao+t5iuX1AJ9EUHSEkOsMJaO5VMVd0SDv9Hu4pgCfYCqfYMnl5qJD
-kkeECdji5LyI6JyJAJUDBRA6O3qFXx7Ib4gMnlUBAQyUBACIxSY0YSZhxfvhIsQs
-PjqiUDQLEyU4EBEUIV3tI4be9jwgqyEc2vwP19iHPoy6UY58mXRdetxZYNbwrBIs
-+wkwgAHc1J7aH9kSqc6ngDgT4CU1knIauY/CEGg2ziOxdLOVlN47GHcZMmsKIxip
-72/00mSe2aOu5vJR7Qdmszm2SYkAlQMFEDo6+r7h1PwU5tB0cQEB870D/10/WrVu
-lthFPbemoks9aNcMqqV3l3BonLpIPKqLeQP6O3NayYDqtFNa4DliSr9SCPUIQ2Wz
-9uCm0V3fy4wOHoXhYek4YxxfHs4qpPPCWbzswGe5n+uOokN/4fAlZzCp5uH0AMST
-ZpwmNAE86w46Y9q1uc5IoaHwlsr9eeDtkYcFiD8DBRA6O5QPzsKIjL9qTKERArsa
-AKD64s8528lhdZBRks1joz1nSJHTJgCfcV62uKYFdbgCq0WBNcyDgqekw3KJAHUD
-BRA6O5cHrOFcwQTbex0BAYr1Av4kZOv17HrZjltkT6hCLzr5XmUsjbZoJHjL2vkO
-eybNYwzQOg2U6Xq325ejMLdHlZ2cR+fZe2qUlsJe2RrLpuQI2a9HLlsl/oDIN8AS
-yOnRtWtPsuLQpwSnzxw0k6qjChmIRgQQEQIABgUCOjuApgAKCRDbzEgBadC1viYI
-AJ90YPSCIMcIhcyzzdqwVSlpIMSp+wCdFZH4YnjW1eFfzfym5tSbxiRVWCaJAJUD
-BRA6POfsAPLZCeu7G0EBAUUoBACQdVkXeAia2QuOD0J0OH5lSILg3xTam1VpJXpj
-70m/kmlzAR71BIgCFTeTsg1IhY/08cLBqEwksv7nLt+1FSxHCNt8o+SLkA24iMIB
-b7JeOHxkP8QZdiBbLSEvEE+4Dak9LaxqlLvw+u+fxCmw9er610OTr5zUq5cbPOpM
-dl91r4kAlQMFEDtV14N8S2dtoA4VYwEBIhkD/jYYYvHbEBiDHPXnjnLuOMu+bxrQ
-h853osuruoR/bYCNu8DiGUFAukjTK9pkaDsAsMfLOZOpWiPn/kN+luE3YT+5+SGG
-R4ui7+dqtyk6Z2sDDQleHl8hSoRxr09/u4K9jQ+kPgfZi5wT4jGYvQe58AE1v7gX
-J4TbIr9uEI9oKYf2iQCVAwUQO1XXh9bgof5PvirdAQE7ngP/YUqHel44yPfoOqgx
-uuqVNMM2gCqOQDCovuKIoSTudO1DU6+bxVoNXV39/dDZQa6eEDCCVQx8OY3DWK7u
-WcxxangOnO4VaJZxC9tBiiOer4RbYoQPMjEkklewAWe542cjBpkamfRyKZklc2HU
-txuBHFtue5vWmH1Xf7ehg90/y9KJAJUDBRA6PTb4Bn5e2L+1ZWkBAXSdBACz4VYH
-W9SJDSoHeUAjNax89Uql1R+NLTqzLkseoNXluUr9RIPscGLAsfYyAs1RZ7V2YnNd
-aFlKhFVeonLymdtO82lk1UJ3gRhAWV2tavvFsWsT03wYMYbsRe4ilQUNiTs4z6PC
-uN8B32VT/dIsBVSR5oyeriFI+BHTFSdVsB23xohGBBARAgAGBQI7VLsdAAoJEKK7
-+yQM+Vb3OkwAnRJPIfGWX8u16iYG4C7r+qjtgRQ+AJ9owLK9AVpET9PcenwgZiwv
-7NM5lokAlQMFEDtp0Poj5GLUv3ukIQEB8wIEAIFDIncAdm7nVZn6SaSp3hE4/c/T
-xloQNT6tOTs5mO5lv/JqEkDiZKc2CiU+ejgRMTNTcP+uhb2oHDgqu64aZ2C4KlYK
-xma6fGmUxSMvMhdJs7FTep+FYp7u+YbP4burf7PWgsrQnSUn7cAREj5K7/Hcuef2
-XUdvXUMSqXRClo61iQEVAwUQO2/01ApZC1ZHD/lLAQFniAf/UQMOfgIsIrW+s2/k
-E5Y+7I1Qd0xKIhBomQOOyABjQOz+C8JPQ5myr9birCK2/q0g9JjvBMy2qkxhUmqf
-/v9JrOfzK6EJ7MNYFqXi0C/QvgTItRbryL4NXHq1MjXjmzCZC0MUy9I1IzTa7M8b
-aurvjVofGIohoCKLkDTO8ueEwVg5RLv2k4lSwgnO8od5SfZGjuvm9soaMx9JBmzp
-mm0wmmiNfdDavx1Gh6A43agJSEgKeZmJtxCVepkspyp0F/LoOM/5hpJhJ1Vc8xZ2
-9gAQW770CjWtIvq23Do3ysDrt/1ZldVkE86OxROfyNwNWMU/vE/Eid4+aGUJC3u3
-t2+AfIhGBBARAgAGBQI7Qys2AAoJEJFoqRmvfNykeksAoIUmqJpAfL6YYeX4sKLB
-fLM1d6+KAJ9FlqjJEiBl8UoeGroen846Zw3i2ohGBBARAgAGBQI7lQW3AAoJEJAt
-vZGMOKkK1fkAn1/++P63hYiCyWo14Nmj/KWvjJQgAKCO65R9yrJFjJaDDF6T0Yr8
-8s2R54hGBBARAgAGBQI7oc/vAAoJELymmQeGwEBXt2UAnRaJwn33WoIbI+lnBuEc
-kplGXhLAAJ4hXCx1Jemn7HXI2EK0sX3T7NtLsIhGBBARAgAGBQI73t7GAAoJEIeo
-vXamM4UaEtEAoLn3FDk/IovqUtcTmslCJV3BPRhFAJwLShkY9zhsTIukXBaLh99A
-kDEPKIhGBBARAgAGBQI77DTJAAoJEL+2fm9BJ4pE/c8AoJd6xTH1hkRo+V287uJf
-xYareEavAJ9Qma49ilWbJKhTAhTBhpnTuTOVE4hGBBARAgAGBQI79sXXAAoJEPFm
-QMK+Qtym//IAnA43baemHDsSrfI1DsVDWZTP+glbAJ9oAN6qMzR86M1RD+GkTVUV
-F2+7KYhGBBARAgAGBQI8OpI+AAoJECQDiafuTpyZIvoAoPAyqTQRhHMLLNd45daR
-f/6MCXd8AKCBc9Zx0k3/q+tlHgicaddIVHDMBIhMBBARAgAMBQI73qoJBQMAUw6A
-AAoJEOM8pwiOYn6kBi4An1Blrn/HWp0f/4k+pisBYSuBsE/9AKCoPfvusuOOY34F
-NC5QCyckD6bGl4hGBBARAgAGBQI7psgNAAoJEMj6RZFuNvzL/lYAoIArRm6OWsCt
-hhr6jKClwc5bquCnAJ9yDDi8EiAGItgxgKJ6oOjBSorLWohGBBARAgAGBQI+9wRg
-AAoJELghiQKdsrW8cJ0AoOYME2dv76+4jOdfgbpglb02gjpxAJ4rJ6fAQpg2+1Wi
-NsWQax0DR1DG4YhGBBARAgAGBQI+9wSQAAoJEFIY2mCt64GL5x4AoLbyhS97/IRT
-uhPIJs3z/cqJRaa4AJ4guC8x4aiJksWdO6Str1/2kJ4JmYhGBBARAgAGBQI/jalx
-AAoJEKTWXDNQN2Zn0xcAn3Z6KT4OMPMNWLF9SCLNrbBDpSzpAKDG+JrrOtdklEyi
-RFljVEUVKZ/GGg==
-=Fv9l
------END PGP PUBLIC KEY BLOCK-----
-
-Type Bits KeyID Created Expires Algorithm Use
-pub 1024 0xE35C5635 1999-12-13 ---------- RSA Sign & Encrypt
-f16 Fingerprint16 = 81 8C 58 EA 7A 9D 7C 1B 09 78 AC 5E EB 99 08 5D
-uid Sendmail Signing Key/2000 <sendmail@Sendmail.ORG>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.2.4 (Darwin)
-
-mQCNAzhVRnYAAAEEALjBKz/mDHemTNA+hNjGcruAJm6Blc9ZIGHPthQWkFt0ca70
-w0U8TBbK/m03WdMvq+PaZAb8EG5uqXctZKwmWIIGB7nRBLLnj42er8XwUfAT8KNJ
-PQ1p9x9zFWZc3byC8ekg8l+CK/hJLFhGTSGjx8nHv+LvPis/mpwcveLjXFY1AAUR
-tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDAwIDxzZW5kbWFpbEBTZW5kbWFpbC5P
-Ukc+iQCVAwUQOFVGdpwcveLjXFY1AQG2vgP/QRG6TqsmJgixf27F2IFgoJLUU+7C
-ZmD1qNT9yL/1JMbE8pnzxOk64w8D47ZiDwr9dp3EzH8EpmV/eIpxLNYV7/Y+W59J
-8+EY2T9mzVmp0YGOMFYt8lLVw6NKqya19adQ80dDzkkmwRHfY514+9+DPbc6TvHR
-jNzo0SuetBiWW+2JAJUDBRA4VUa8b1KT2KObplUBAbtYA/491EG5lsbr09oV0g/e
-RSfxliLj+lCJdQiicwYeqHX5dZeB04yz3wUFovIff8dY01KcITXBL9TtDfarz5Pl
-nelUg5cIlKn7kxCeUP0ggA/tz6Zlg3v/LkoIqsUqrodqscjLPt2JTWPJYWYaVjM9
-fqXiXRXlVcy2urx6uEucvkjYY4kAlQMFEDhVRs3vWJZk1DLhnQEBwoYD/1zxfMMP
-pqj3HV3d9q1esyvZdPACiAH+1CJVmtcIV8TjO5qYulxz2TEtd/JLqdYsgUgf2N8T
-/ClMtfEReSTmVNWIsINAA75P16uIkDYZ8Tmo4XYOf80voeOhWlAwpyLQGIN3GVX+
-gLmC/9Fw2wo0E3LsCrUfXREZQTSXMqIe3YPJiQCVAwUQOFVG8XxLZ22gDhVjAQEA
-SwQAuIEC9CZfKcxAImFBvwqfJYrnKtWPorEV3QtqAN4WaCLFvI8jZJEPJJEf61N9
-aucpO/qj6x/iwu2k92E/T5FRVUiFKzXZb5bWm+qI5c+ynBZq34s+qvAq7Sx0gXxJ
-qimu4ZekACORdeRsILzgRYwGHA45SRONvTY5t9xGoRrsQcuJAJUDBRA4VUm8zx61
-AyIyegEBAczRA/0UjYKC81NSK+a9XNl83ANI/o0TZfqpsjotHl+Gagb3NWQTFe/3
-AjkDovLk24fB7cPEwcj7Y4oX0g61pH3DAyPK+Zo1VbYTPSEU9ljVB042YLz12EMe
-c+eD6k2yC//vVK8BJ6Iefh/gXg7Mb+Dis1YBMg9d+23p901DJi6OeZqJK4kAlQMF
-EDhVTYtuAhsP7LmozwEBBGgEAIVaUCZ3hplEkX5yBBPOccaTV4uioK/8tzahAC9h
-kN8slolrnvj9fQFMFEltDZSzIqn2855JCT8+ZoIdmGsJ6SyIfv2vlunMIsNfZiy1
-jE3jTJ3KEX98fg1h0SBGyzsaMHJd/NzdRiXbmqC/yQOj8eO/RRK3okAPdliVzNx1
-BjpaiQCVAwUQOFVRDAx2JIpOldm1AQFRvQP/RquJhO+TZJI2nZPUiGsjwHVe/WNT
-SQM3nIVyO/mwCFqIPmzywqwn3OsC50S68Bif7PwMToFQKcgNUOwQtZNyp4aico2v
-VLkxjbpAorqdNDkALdwFWziWIHZRZQ1BVEQDXj5sRoHpsQCmNjrYHh8mFYeVcMv/
-QMRebEt4BRQDXgaJAJUDBRA4VVFnXx7Ib4gMnlUBAXANA/9tmgZGCOUtMC2Xwa1W
-iLhYPiq1aSKOuErkalryTUg98qEOQuRxGyunJOZ5cR6ynfJcZwV1N5CXlb7kv1el
-M4iixtcBcytgauH/hgmBOt3oG5jhDoVTaFhFwCXaKOLQJueKeV4AslohDRY4oRhk
-WIVt3oue1nGpNxzSNRIRE3Mgi4g/AwUQOFVRrQSARzl+O0g6EQIU3ACgo47QpRZ6
-Ecy8iSR62/Sz3bXeiOQAoKmnqAyk1FvP3QUfrOgz2exd3cfaiQCVAwUQOFVTLxKm
-NjwVK4clAQGyxwP/f8/V078OiECxTHp7TbgAigCqP48VlfCGPWGQ3pShFGAPQizH
-zX6gNKu6SEGUy+FFwYwQCdSW0eToUFeAhdo49zx1sXJMR3gbDKjQcfVoXGJLcs5y
-zviG7FZokbNZjyjmEcYi1n+wtGGsLm3dHNrzu0xdGoFQ0aYV4lsiRomLhN2JAJUD
-BRA4VVXXAPLZCeu7G0EBAUpSA/9K7n1nDuma2r2+prFhPYkU/Q8GVJGkzh0DqFkx
-+RnNdMtC1QzjFn8JN0x4t3MHiGG5jVkVewDQUbGuZ+nVgFgRAK9KEVAFdp8y0pSC
-iJ/AmN/as6RyD9pbXlmxwmKUzVJeb5UUzQNHUtPedJ4W5zBGGr2Lb21CBO5a2+Mp
-EsNEOYkAlQMFEDhVXhMA/N7tSC51jQEBFrwEAK9ZQQ3soWHviucZ/45UEz/irSKt
-69N2njmqYy2hHtQDWtT175+5y/ej21bVEuPPrR4wJeoISxV8yGqJKiSzMIgQ1T+f
-RUlC/b/xupSSKW8kPgvq/KLEJS3sqIhIgmO9zmZJp5FGK4491roiGsEkCtT4OS+q
-UJ0zvwfhcSAY+gCyiQCVAwUQOFVkNy1ZDtHS0qyNAQFajAP9GoB7sYGZK3duKj/A
-0pvF9M81BglbmxwrZeQD7qJKUGYz2RXFUt33+Fiui9ZYcBpWO3aaYDrQr3zG5fmv
-2gu2wBXYJbDb7MAx4KJwqpLH7hCfwKX+W6OP8oh0QemGvWANqLQcFzN4LCxApfXP
-yfVhbPO0Gsa4V+lZ7EW5yFH8qceJAJUDBRA4VWf6dx2Srolyx8EBAZecBACQXnuL
-xvn2kiXGon3zBoO2bIU95uP6i0/0cQapR2KfYSploXQPfAql6YlTkI+9CITv7xAW
-WVWfcNBPUWRuZKYUC7qj9PUBjE2UlSzqW2z7dEE0HamBbYqD+OAMjxNp0S3jSdWx
-a5qW67fDC/j/US5ECuYKFlljDjy4SzVJ3slWsog/AwUQOFVoXoMCoaE+3wLqEQJb
-MQCeKzgFCHQgkxsu7y5tI65CEAbIG9wAoIQ+xz2QEz7vXRFjfbvoiHrEUHKviQCV
-AwUQOFVrEZgH5lvYS1khAQHztQP9HEJHJojmwUk+5DKJHC2laFeGoKwVHEoLeLHx
-GI2Q9icGv8k3A/0OYjxAb7FPNr7ksTIM50EM0OWv4kOM6N2guKQiXWFi3ex7HzW+
-WBmVvEJNsMAASH2h/KdOOwJHH4OkMqIUhgg4vl7SsmHNGlf6rMnnUja6yMLrfjvA
-UBS9kUyIRgQQEQIABgUCOFV7rgAKCRBBmwi5FiBlLDWSAJ4nAq0EdKIqZ9bXhmaM
-ODm9mIDlDwCcDskeOGPiG8JQXPquafgc/PucTUqJAJUDBRA4VX174dT8FObQdHEB
-ARU5A/9O/D/OGOqH/mn4kZT1qIEh/jBMvTvHov0NhBq1HlPplhe5iZcG8hM9N94z
-P1hZmsYJg4dn+DFw21LVEWQ8y0TbygA4YyxbLq4El40GXAN9/LvVuelY4LucCNoq
-JKUrRR2Pd+PLEvZEcIqeDu0+dVS0uuXptMPqHYD2UMoNbl7q14kBFQMFEDhVYDaD
-yJl8YW+H3QEBuFMH+wRYTwfWgXJDQJ4v7T9zOvkdAVfZs0AgZUPSRKowwcV7rKUa
-zJ9CwmdKUCVBpMPgePYy8x5Wc8tkScvAxlCV+wPhyn/V5cbDdL80QduMLVFWBILN
-wAkviNFPpEdjxZvCpBxG9pQIp/8YI7fRaCkJR5Q5bp++/2VbWa7YHGiWjLVW6T2z
-8dCxAplxC517qzQlo7i4pX34W7qNz0b89+RAgwWJXaFjXPQDv0sTwnRZBwrVq/V9
-TA/LY7qmVspylvu0w64NdtiUqnTa5jS/9BZtFf3eyOezqSIEwRkQC6My/JQxBKvX
-spdbJDnrJxD0D0B2eTWa3MQD7BK+WC1RRkTjvyqJAJUDBRA4Vt0jBn5e2L+1ZWkB
-AekjA/47X/leujEhaUEjj9hMyDY6/8HbgxwNyUd+Sx6i9FK+vhAGq8s07dTty9br
-ozqixmHCGYPyvvVkcsVpeQlEWoXc750hbj5a/Et1m3C1J6vGn979f0do144ZiiVp
-zTCh1LZHH5rALd5tuaNcD5MbOYQeP0vDVcJm2GQzm+IdjGtzP4kBFQMFEDlU6+1R
-idpgCr+sGQEBeVYIAJ1YGxnhVIibC1ucCCAhZH3NlvGmQpmjEXvI9e0EVKfddrli
-+DpArasN0a0xZTZl7Utm7Atql7/LG1JvlT+DpnfTrCqDlvjlqiYd+9050e0scrUi
-DWZDYt1jaWTvH1Hd44WE8RUksWQH9iWW6SPiIFOVzA0cdRRHM5BJ2qU1/rRWWyi+
-+CVTY0pZ3DylbuItNoKFqzaWQQY+oXkI3XS5csG+ea89/n8zNsW257oBNV96PEzt
-AwQh8fAklSe3n8XZdEKVaMvnM9zLGytbdRKgJd6NnXGvOIFaPCKiNklH5Yrt0JeY
-Pp4AlibRmXP0gOaBgf7Naf7GhCZ7i/15pIS0hXqIRgQQEQIABgUCOM+ahwAKCRDf
-1pYxtHF81XfqAJ0SIYFjg2AKnrBhnBhKU0shCw/kRACglz9mEfajFVPi9obylPuc
-G6QRyIKIRgQQEQIABgUCOOIMFgAKCRDmgewkqlkhz57RAKDuZ5RS6cD44X5Y1S2Z
-HALuguo3BQCfWcUnI3qOtjsRlPadeixb/d31omGIRgQQEQIABgUCOVOiMgAKCRA0
-0QUrP30YUb85AKDaU5wZbwb2PTtRp0YZir/jGyxULwCfQf270gjROiMsrE5g9QmV
-yTu21OOIRgQQEQIABgUCP9X7TwAKCRCk1lwzUDdmZyF3AKCiqP3E0WOIB29y/4bn
-NM/crb6x7ACgvtBojMcjmSZT4ErVjhLvJPmS2tKIRgQQEQIABgUCPvcEYAAKCRC4
-IYkCnbK1vCHUAKDTzdZqDKSLs1ziG0JObX8Ew0UbRwCgimxikMeoz/vKXOJGJ6C3
-xg95keGIRgQQEQIABgUCP9X6ZgAKCRBSGNpgreuBi6xGAKDtHnKAwUlNdltYMzYf
-/tsXVdsdUQCdHWZaQyXqjOc46HDAvpUMY79Xr6s=
-=DfZ7
------END PGP PUBLIC KEY BLOCK-----
-
-Type Bits KeyID Created Expires Algorithm Use
-pub 1024 0xA39BA655 1999-01-04 ---------- RSA Sign & Encrypt
-f16 Fingerprint16 = 25 73 4C 8E 94 B1 E8 EA EA 9B A4 D6 00 51 C3 71
-uid Sendmail Signing Key/1999 <sendmail@Sendmail.ORG>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.2.4 (Darwin)
-
-mQCNAzaRMIoAAAEEAMWVJpGkwKWD6GFDUHtV6AUDzwSAXiWc6UinY7EpCLwFdYu9
-Le06VwQt8H9Xtb/2jrXDV61Wu0IDJub6g7PZxWxU8WHVnMX4aBT5WOCBpwFRme3u
-idwCAbHuEJs12FQ3Tf+4CZ3R9uxlAovRaY6g3fJ7gtAc9HAjMW9Sk9ijm6ZVAAUR
-tDFTZW5kbWFpbCBTaWduaW5nIEtleS8xOTk5IDxzZW5kbWFpbEBTZW5kbWFpbC5P
-Ukc+iQCVAwUQNpEwi29Sk9ijm6ZVAQF3LQQAgpuD3UA69w5FjCAfY1iYBsaGJ31V
-1IyFQbo5fAnVo8PMQzioqbsn2U1y1rRkf//gt8T5oVo6Q3e5oWQF/vcruEP2WUSZ
-1BkV7zDWLsa6octYIEt4Rdr6gBxokzP0/Z7Ck0WOfSxEAGXbHZ6NpbcfNdIZAxhZ
-WPqcem3zEwoK/l2JAJUDBRA2kTK271iWZNQy4Z0BAQltA/9b1Xtp6Sqr8LtBAUax
-ziRYYmlIENgkYJGPrF5iB17d1M+aMyJ1IzdjKHaoa2+WpWYhzT7RalcxkrvXZEN7
-hTC5XqsmkGXeg2oiwJPCVTUoJY0goJKiMXI/zYcLGAxTnYr3rUevr+vOQyXPx6Ld
-AUCXcsD8LFQWR9iQTgTOBVSOhYkAlQMFEDaRMloj5GLUv3ukIQEBjh4D/RbqKENF
-51C6DrwE5IJrpIZ227mQwFzu3olcF3v0sOoHv9Iqw0iebEM8D9z2t6XiGNSgfmQy
-EUhQ2gTLfbkz9lSUjUaH+ziN10SXSd0x63n2xqrk9XaG8YCWJOcMe+N5Gh7UGniS
-UD9XQNBLoqnOL1FpScAC3F+KsH4kCKLQD1KJiQCVAwUQNpEwwXxLZ22gDhVjAQEC
-GAP8Cle48mxG5TcrAglAXs25YBLhHK21tnSWrd8j0PdID7+9AKongjZOKxyAnFkZ
-RNXDArmG+FVA0DAJatiFXikqpgyHAM/QKSCSjBEOru3Og+3qV/oFQjAVPfLQbFPb
-6i1TIWzvYTp9L4TlzqUM3OF51Mx07W1S+qCciozA/0GqFGiJAJUDBRA2kTthAPLZ
-Ceu7G0EBARPzBACbuAlTHMobN3Lw3YvsOUgwWHFLqKXLNTu59ozZUL4da/E+Aszj
-MgE8343pV9Nwm/aHGXRNiAEOftrb+DdU1jcaFgwsrWnXK9NmnpAYbMkoOb8Om1Nx
-E/5u0dIxypXO8ziyQIfkElsOVzhPzct9wZKh4qt2uLGcVWXeFnf23VRb4IkAlAMF
-EDaRU60Gfl7Yv7VlaQEB46QD+IGxaViR7rQv6r1sAZJzxC6vMpMK5tgk/47gC6jm
-8STb2DYvz/5KNYTkUDRB/85Uy8jY8jabkalWBNN6z/Cpod9ysSjSOKNBQ+6MMhXc
-qXWKakxZIa0rIVNEYaRTAbVU4J1aXRdh7BtC2nEqf3SQD3c9HDLA3p1W8g8ZyHwr
-QXqJAJUDBRA2kVJAXx7Ib4gMnlUBAX7IA/4mKF8EGahmbNXA8wcH4K2r6LzRLXsE
-f444U7hWQRW1fCxDJz4DOodUO3aENzzWjfxL8BtoosuDTJeKGXoa+5S9bCmtaksm
-86G20UuDx/vt1Ol+hZFW8q+bSS2bsAKLvXZVDnURtDu6nzdNR6Lt61ahsUDo4nLw
-iiKUZeMdE2S+H4kAdQMFEDaRV+is4VzBBNt7HQEBLbMC/2wuZQqaLrLUm5raynph
-rllKT+mQQSTedTACKjnpT4LE65YYGGFDrIMS151lQ1OVvu0DpGzmQ5b9kFNGp0GZ
-giXndPbvmwPpOn4ONmCo/zZFWryNQKuqPn2EN4rPhngjRog/AwUQNpFuE9TeeNh4
-KRvYEQIucwCfe3wiwfbKv6937Uhay1cwJTDMFmcAoK2rmX7TT8Rh4fw9eGuEghL0
-Sq5OiQB1AwUQNpG8CnLJQtjqWiN5AQFBrwMAsSbDxIi8KPCjnnK72nbpzO3+iGcP
-Uh0k96l/Uflf5Bj32RSmzFv4KyfPlVJ83Pt1InG+HCwHSAmK3KT9hfy45wR++wo2
-wAFI399wsKfOXA7RI0YM8lzgodMVcd9XLhKAiQCVAwUQNqjzQs9zyPJiVAEJAQFo
-dQP+Mz9EbM0cv7Gb443rLGeo0WB9CaXSOW5tHfgXWJualdPoFYBwIIqOQUBLgqyT
-qgQLN0R8Bk3QPGQETjHYgBqhIfaJkZfwbyY6wwZZTyzXQn6QTzCzkc4nTA8bRbQs
-qDMrQqBjUZEBihUrxeY2YM1Ly/aUr6+UBjdIPbU9hRcj/QWIPwMFEDd9XZSDAqGh
-Pt8C6hECO0UAoM1r1VbVgpp4oVH0vGKu2IJQnyUSAKD+YomxwnuUu3xDCdL6AURl
-onTfZ4hGBBARAgAGBQI3L4BOAAoJEHlwE/5CaaTy2V0An3tCNkR6qFVPULvo2hxq
-eGhtY1L5AJ0W5u/dd+7S8upDzbfzh7hOQ5NoEYhGBBARAgAGBQI4Em4hAAoJEDrQ
-bg2RZy5OjxAAniHUaEOaOA+O1oYbjSxUf7nJMrl6AKCmkWSriDk4i0KAaveOtSE2
-9DS5pohGBBARAgAGBQI5U6I8AAoJEDTRBSs/fRhRR2gAoIafxUUnWEF05lzy+ETl
-N58c43U9AKCkprsmqzJmRD0W8BldNuUMOElt9IhGBBARAgAGBQI+9wRgAAoJELgh
-iQKdsrW8gG8AoNxWbMkigT4z8ooZSgiPstcpBaIZAKDw01I+jzm7wjnMdch/E6t5
-lCKtm4hGBBARAgAGBQI/1fpoAAoJEFIY2mCt64GLR/wAnjDLofOiQ5cTy2yg2cDo
-+uhUr+w1AJ9+/ZarbSyJZowegsHv3pHNBok694hGBBARAgAGBQI/1ftRAAoJEKTW
-XDNQN2Zn+ZEAnRglo2vBvbh2FKZzofxm9OVRTtRtAKDKvLvi2eA0aJlk0rsZ8W/6
-9wrG5w==
-=ghHr
------END PGP PUBLIC KEY BLOCK-----
-
-Type Bits KeyID Created Expires Algorithm Use
-pub 1024 0xD432E19D 1998-03-14 ---------- RSA Sign & Encrypt
-f16 Fingerprint16 = F9 32 40 A1 3B 3A B6 DE B2 98 6A 70 AF 54 9D 26
-uid Sendmail Signing Key/1998 <sendmail@Sendmail.ORG>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.2.4 (Darwin)
-
-mQCNAzUKkdIAAAEEAKvdxY+iy7eLqxP5StbpZuxYNPWLye98bXA8oKwrEm1vy7Xq
-LBg3uNXjlMtwcNW/r+oFu5A++2R+1qC7w/0867C+52D2zkfGRH3hn9Lh6YaA5uIP
-LPbMGB3Tepbtj/lAtOJb7JKdybF7fkxkEUmwhuA5kAo1rKKWNu9YlmTUMuGdAAUT
-tDFTZW5kbWFpbCBTaWduaW5nIEtleS8xOTk4IDxzZW5kbWFpbEBTZW5kbWFpbC5P
-Ukc+iQCVAwUQNQqUqXxLZ22gDhVjAQHaYQQAiFITCRAEKhLlgjcFlehTDmVMFb92
-1jiclN6377xe+A2zEtq4p3R8IwwiVTGeBzs0Zmnrlo+fAdVFYBjIYCtwKVTwd72U
-v6kxX40CjNkx6q264hUjILOumQ2P85/Aqg7wmnK9vM85CkmhKwu7b1OHsY+EFAlo
-U9CWyVjwSQqzHnaJAJUDBRA1CpJ4I+Ri1L97pCEBAcRtA/0czuj3hK7YiVL3zZaV
-EUnqw30auexjm0D+LhPpsHN7OM3im3z4+/4Pv2O2CH7nZhAsgRN9N+qdf3fCVGHq
-Y/ULkdsxKNbPEjSEWI+dqUWj6EyMSewKvBo7Zvljii6tBsM48ohtkWTo4B1/SuJb
-FM5TgXu2PMTgWHsT2DFb82wb/YkAlQMFEDUKkmfBnB0lEtNGHQEBmCwEALZgc6V1
-mvRL/dqtGwdt38Uuw430cdM1Nk0FlkQsGXVWY49A1yrLAcuPQi8wzx4GS0LhtIeo
-vmrQ91DBaKxvxkboqM4orYf7PB5exSS9RQlTN2ezaf6IT9hVJHtXoYxU51Iny7hp
-r5t8L7od0gue9SNsLWjW9PZH1eKz83/g5VJZiQCVAwUQNQqSVu9YlmTUMuGdAQEv
-nwP9GvBao9wPX0r1aplZgkUItDwWGBbF8qQLgX5rM8b8IAxvHboIp8fbCkzhVxI7
-v0IdYc0u1hrY3YfCNNbELu09JEcvtsl3hhmXnalOxCEdjoMUiHSb5f04sTBNOhD6
-IWQqixDizoVzW5XljHBvgxWJhBus/dPJ6hdZPahioVd0oLiJAJUDBRA1CqZRAPLZ
-Ceu7G0EBAYlJBACumnB7zeAOpuj0y9h0Cgh0DleNWnqpHzTus4lbt3vw/cMpKmXt
-nGxMb4HE9rp6CHuuy3NumH9JHa9lwgb0T6bc0Zbc+LX1j0tKMC4BIsfEbFiOMSXU
-P+meyMUGY67VysVEeTqCgG4FqK7yOhnJsxjwDxJTIlrMoYwSSmsF4/R8Y4kAlQMF
-EDULPLgGfl7Yv7VlaQEBWZ0EALAGPhQbVEPTp2Hfm76ZRWjYJ8iDn98znfsHRYhS
-A/yIXF17eDtSkYU/ANOPNT8g5fOCWKjfLTJX4Al78rbHeGeKS+eO21WQCh8AF7Bv
-vZZWJZ0CyNnO++hzyamsOG1Z5Lrt/WQQPK4Jv5ZyqK3f2nGDufHuyQuIXxsdd+BX
-oqp3iQEVAwUQNQwe/ReiaPz3pQGjAQFowAgAk2fARyp4iyRl89ZZHGY09HpRbwQS
-4jeDIEkBPBpSCBXIELgR7UonSoTwHD0nGHuwgdil5Zjl3PAlQJdo47Sh+hLCMoN/
-mg0aI0vSnOxnnVgIcAigzlEAe03R12frWp32SjXJE1GdeFQWlzkk/6BoujKybvI1
-oRr8OeAb8WzwmUr0c4VITEdb/J5c85yriHIuWpqYWIq5gb7evdj6JTKXly3gFp9R
-bwwd2tjlHYu6O7dHuEsmm4n4iK3rEglILvWIoS4kVV80v6IUE3xgLAVf7tnF5iNc
-nXcA386xUBB17zNvJDiUrciX17TuZsIVvIQnB519NN/ZVr1KpHSbLgMyZokBFQMF
-EDUMH1shtWni44zO8QEBGOEH+gKn6blq8L2AJ7Q2Pcw26Do4J9xlRPFKrDgAgy6y
-U9x509y4BeAZ6yn9RV0iGwhgzbdd57QrUpgcYNKGXSC/tJZZj2h3CZ06m1zaGtJ0
-ig0dN7MU9gqZZMLy9f1EZmCwXeZHXL8t8lUMv8KEoq8+vvghCRvDNUgyQpkwcIOh
-rSu9yJ+OeJ8SpucL0ebJE3MmP2JYmqBCBg3pbr8bWvzjZ2Ny40OiyRnuXFP/jC2f
-ll6oMi8rOpWhjTTuHyrWEG9AxI8xeI5WsEOrJHH6stlmXJM1NtlJQ0D3qCdLn81M
-vitLgTPb/xUepRkFdBhZESG5BPDwT5hm1w7m7yhVohcH8AOJAJUDBRA1C3M0THwE
-EmD/AfUBAbzlA/9nDPPyBD9T1ygEHBsS2ZztO7enSk9DaYmt2jsqQ413UnpbhybR
-zZiuHXpqgG1p5GkYjP2Cw1DtT/dHu2nrD6Mf9j/4QYaRi0sdWLMTKVFPDlT+j1G0
-Ag7/yCMhPv2xr3JOLPppCFiYPkdqRfmKnCWdCtrXmBvu4EiLTj1IXtc1WIkAlQMF
-EDUMLbdfHshviAyeVQEBQOUD/0QsDaDnzgcQHbtvJvDM0x+JYuejbvQEXh6k/cDP
-dLIC8XLZMd0uuAWE12SL1pm6J0q6+csKELascFKyOWTRoNrkWC5m1ltgRuyfXq3z
-Ur9SfL0KlfWFLXRsmGRd5V37u5H9kRjeTRlyiOeAcAMzaLunI9dK8sWet4p03GLy
-GOHQiQCVAwUQNQrIVW2DN4pRurLtAQG7gQP6AxTbsJ3Az+bwEgymYYo7EWADJGoB
-e1r48/0YjocxddhcXJSGL5dRNqY8NURSyvw/dDtjH81mVIbRlZR0QS4D2Jp94Q5/
-mrWyqBW6Ah1EFtihncY3o/g1sxEC0hIj0/CklQmNttxeIGt1rRVyKxHa0tYkDtNW
-w+y5xZQSkE0yin2JAJUDBRA1CrJtdMsnjUUcGpkBAQ11A/4rp8Oy2cVbkrHHIxxM
-2dML/tqNOgOGaB5tEISgtpv9xy1sVuEEA5T6rQJefeC0K00M3Mb3Sy4uumSaX3Io
-yTQr3XD3FZ4Q0n0AWR0ppRBvepqINfn/yeNF7268SDIMstQjlD9GzyCobqrR+VLT
-pxF7wXqyHcLyfqQjRiM9ZNTzAokAlQMFEDUKyAd3HZKuiXLHwQEB0+cEAJ308jCg
-rgWPcSstZH8Q8AoQajdxYMqImoQaqxC8zWjX7BK57pEFLelI3uXqkeEyqIGH0Yqc
-SvHQSSe2vLe3DohfGraCL2VK+b3Dw9IOaff4+ZFlxLVsqNiq13Z6aqRuKJ5uNjhI
-0q9PPBZ8xzOMGfa3cMmW18INJvrVyTu3ENXUiQCVAgUQNQqcZHfUAfkkYu7tAQFr
-tAQA45cSUfYgq3d0RGx3RLUL0H+Bku5xMH2YuRJfpEI/Oc0Z1l/G7AfoR0pTqo9p
-uCu21glCUWm4TvUEaGJjT7q2pmcoLO3LCavNVAZHNTPQvjJgu/Z8+290yR9Ln/f8
-4F1/zcRe4Gakq2weDM+h3gH914vXW7FoGJePc1X+azQ7pYCJARUDBRA1DBz15mc5
-PORZW/UBATL3B/0aknENUHmJ6+axITL1ZODUe/KqFmLRgvCl2g///FtMHlMCUyWy
-q+MkyiHyjbgh1eN6gsCHUSHiROQdXMRRSxZm4FVsjznisjybCqzd93lBQQyKJ6XX
-KWu9SjJq/b6yg83byTgHZRW6kwjmDal97kVyHtV1WZBGDJ+v9nCY2tSvqujtNQbJ
-LWrHp447BSIXBBpMkF/J+cbl7yZLiUN8I1SnLYYttmKOtfD33eL41oKT2LK+j8sI
-kCd4XbcGoMJ+DExDVhFeiwwXWzomvTP42Wv0b8DYI+xeuE+AyARxJ5AVbGUBl4sZ
-qVuNMDZWhc0GLpT10RUeJ5HJVAGIWB2fLIsEiEYEEBECAAYFAjYOsI8ACgkQkKql
-f7AyFqOJ+gCfUIx3JYVnHib7dOfK9XbWXj9P6CoAn0Dd1JFMfXzHz0HODBhkMmJ3
-7zKfiEYEEBECAAYFAjlTojoACgkQNNEFKz99GFEFXQCfR02mflvmFNb8uGlhOvxi
-Nt12kpAAn0uA3cx9aug8PHcqPcezdwPSWYWeiEYEEBECAAYFAj73BGAACgkQuCGJ
-Ap2ytbwliACgtmjNLo38Xv0KZXlU5tx54BQY+t8AnRsFftvOUwMJVA59oKrl3I5c
-I3SmiEYEEBECAAYFAj/V+mQACgkQUhjaYK3rgYsKgQCeIyf51Q8863lVdKLUDzTd
-jSK1rvsAn2ZxBCocmQh4YCvwRz1w4qqNZx04iEYEEBECAAYFAj/V+0sACgkQpNZc
-M1A3Zmf+qQCghIFSHbIMvME4+5Cucw08WL75mvEAmQEclbF5ShaYfcBxx+OZXDhV
-opS3
-=j99z
------END PGP PUBLIC KEY BLOCK-----
-
-Type Bits KeyID Created Expires Algorithm Use
-pub 1024 0x12D3461D 1997-05-07 ---------- RSA Sign & Encrypt
-f16 Fingerprint16 = CA AE F2 94 3B 1D 41 3C 94 7B 72 5F AE 0B 6A 11
-uid Sendmail Signing Key/1997 <sendmail@Sendmail.ORG>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.2.4 (Darwin)
-
-mQCNAzNwqnIAAAEEAL1KqbRgVm9kp9OHLkKGb1tbT8rwEIeeh8KKSKJyDFiV6lZG
-wbEa8OC5vokXvjsJtJvvhMfrG5OYc1Q1sLzPXXBYzenzXFrPaXDO8F9DE8B5VTuy
-yY7g3LVr0VZYfi+ZsNdOFGNLdwLz6a8GHBHdmAn6z+FKjMSbdMGcHSUS00YdAAUR
-tDFTZW5kbWFpbCBTaWduaW5nIEtleS8xOTk3IDxzZW5kbWFpbEBTZW5kbWFpbC5P
-Ukc+iQCVAwUQM3D1KcGcHSUS00YdAQGKTgP9E9r2jv1hB+q5yvJKyTWHiIS8oU5W
-eLzdoFlRJUw74M5WBh0/AkcTMfv0BpCDMxu4zskDJ7L+urFRIsf9op5w6YjdsM15
-AvuCtWqgExRkdoac9WRCFNZ77WPQ4ul018k9EIpurIPaojLs5j2Q0+9vOXrtJmXj
-S72Ol9nQFU/hl46JAHUDBRAzcoIxrOFcwQTbex0BAXvAAv4yS5fkL38pJTUJrijI
-XhaHLV1Rq3XfTdQ2HuMG+rF9nxdBCz3a/YCWJSPvE11sINDTSni43BwbsXWqaxvs
-UKD2fqgXB88zueY7rOt8rqi+PRMZ95QUFTgUP0kAN2+U2SmJAJUDBRAzcYIwAPLZ
-Ceu7G0EBAdysBAClk5f+3LazjkjGZiEVRPBKyUYJDqx0j9phgVkqWRje9ot/ya4z
-N+Zm8e+MGyIk6BfMi1QluMJUqPGY1p/mvLPMkiKhwYXHG3kymto8CMSF415mLxIP
-/6P3SwCyRzJeEcBxKgXlwDwelj2joa1fWZH+rC1ZuZ5FCaiiyKvjSCqb5okAlQMF
-EDNx7IPhx4Y6UUEd4QEBrfED/0tP5eMU4G4CDEAyV6susGl8WUSJCkfGjK8Z22V1
-vM4TLiVLSf7cec5tE6iau8IzumBgRV2kQWOz0+q1VBOStUOJQCGfwC81ou+74eTt
-ThL8m9oJ44Y0JrQpztW7iBqU0KYsAgf95BtArvTqKqG2kLTlBVbjwb6PBqkyzm3C
-6ZbMiQCVAwUQM3Gq0iluPWNaXACpAQFikwQAxYQKEPFIzF/5SyMiktsuNNLMYolh
-UsNEUpU63+Yxhr9ofK7dMZFwaTHaEnCZ/zhjRRA6R+BjBOmnkD/W7fG/i94naJRV
-rMejqJhfZhHYqbMN07yxGdjV47neghSoN4zddZdfLq4gEPD+MN3rVTDnO+xpHzLP
-4jxqAda/0eKSFQyJAHUDBRAzcZsLcslC2OpaI3kBAX9cAv9K9QaxgI8kjyVJkVxY
-KJuYE9PPXgjmQvqx7gS+HFm97ZTROEYhhNek7EFD+XJpVQ62KlQxNUaWe4VnNmZN
-2QQyvRhNvE0bPC+rBKoi6np6Vha0NqWDA80xos3oswpj/+iJAJUDBRAzcRiTBn5e
-2L+1ZWkBAY5YBACLvAw9AoqvMqnUVR4aXSkzK+s5aQG9hDDHac2FWsG66HLhh+Ux
-HI5Cvnke7CF+qglNzDU7HpoIdDFovRgQkfGnB/I7Cy6ax1aRJpLc+JNXkwbDDcZw
-9sXnMMymNl4xn0vUOyrnT2GIwLwFL/t5JIUqovm3mZ2SpL3FxKNWyxgDX4kAlQMF
-EDNw+VVfHshviAyeVQEBrtsD/AtwAvvAduNZMFL9du224fvVZ16of9P5vLVB6tF3
-WKvo39FsFjOLr1xgZn5TWc09i1sVK6swi8O+IgcNLq7CLxRYaXpTjObbphktDVnU
-2uWwc3wHzFA7nNAT9ACEa7gDc1GxFrJQ6QyjJVK4f2n3EyJxc9E1rBIoCSNnmBHh
-vqJViQCVAwUQM3D6ZHcdkq6JcsfBAQGNFQP8CeATNOacSrL+x7JaFf2AlANLwZAo
-G68VE/JMcUgGBCZdo6cptg1uBFgzWaOVq+aQU7AKkwLmbyMvCX04PS0tswnkSl5w
-DTLgSmmOH5elIWWrv5J9MXrlsniIzc1MSokENMOaKIEWuC4yCgE00nBj8q2GfDRh
-J816g1ndGU9zErmJAJUDBRAzcZZKH9vgQ8ZSyXEBAT6zBACDaXRCrBqqCmjIZ/xN
-EQcXQF6VKoDFfMUXSgvRaJP0LRuBmbRuWQRZe+OIGA7vKWtvPti40bm3O4b8rESG
-MMAxARn2PS7VPfOhrRNaVGV/s3NX8GkrPxYD+MuFVHoI3QKiKa/fzxDYMX3rTh6X
-4ISe4cS5O/J6VCEKIjPvoVVFF4kAlQMFEDNxljgoffu9cgNgzQEBEyoD/3Ca0oBU
-AuCJUsrPyFYVr5r9FYOWtvOZ/b8IynIXjxD2Lin9AlX2ijLFDJR0lbDoBVPM4IVt
-4rb/yr9D71LU3plxKn+G9JdFpNK9IWJGqsn8iRmbnoERbbVzvZHVx6qA4qvRTt8s
-TJYN+ueKng42DVvZVZQLWZv9mdDUKH9i7r7/iQCVAwUQM3EH4IY/IR3IPsbJAQG+
-pgP7B8mo+OP0lN6KRK83pje5wctThDHF7OMW9tSKXMqGUMEa8+GWrOrazyT+5R30
-cOHUnz3iNkjHaO2/3jLZ7VZTrewYGD7VSg5d5RW9PMCSm+MaJiHLVWKxS3exHHWK
-b62c3mao1zRz5Oj468cRXnHABNaLt3CmMVvKUpAi3d/W7V2JARUDBRAzcQGwIbVp
-4uOMzvEBAZc6B/0eqipGA88c3bxT0NXZoQtePdVen6Ub3BJiR72E3YA2kZx4Bi1B
-pcJIAw/HhRx9vkc3EmwJkPCn1o1pnYnuMZTgGYH3KAV6WFsT/Yqp0KaHYLzHLCJP
-CVKI29DClbI+LOw3sHWuG9ZHK/y26ue3Bd16dJzs7Wa3ryyqeZGi3gWijHbtVcgA
-laNicb0QuWcMXsNYy2E62kP7tZIRR88cv3KVOlbEB/qEOZ8tYbk5UaI6ccZfIO2c
-Oyo2xakKmw92DyqRdbNKbf6yFZLPYJbGZHsJeI89m+MyU+av7iIhh/ky1mSrZW63
-dPnQvE6sw2BpFS6L3hmtArLHWJKBSm8N3vobiQCVAwUQM3D5Rb3aj9Y/6n39AQGw
-owP+Iu/HfZLks9GdaTXata1YEwC42GJFxB3+8Pgy+ZOimffkF/CFlYWBthD9Zwqb
-NEQanNqQGLOtHgCX4JFLia+FktAX2hy92ciTcSFG9sVsaEHrWnjQRfh4OhqJa/D6
-rtud9sPWjx7TY2s+8BDZxjgNnq+gTCDnhRKvpsLHl9BogAyJAJUDBRAzcPU2I+Ri
-1L97pCEBAYxXA/0cleagkyPhJZoZ2PfqtB3iN9/OcFLZCC4HDTdtpdOundLMTZe3
-WtjCdETnLCXQGOMghdf9fnuU6Em5xPDnXRi+xvMo1/WN+m5n/xfui6qZtUBrZp2D
-35OUFjD6Wr2DGthKb1263P0pbdcCUAZkvqgTHasJfMeSDZR9bAcz77o7YYkAlQMF
-EDUKj4B8S2dtoA4VYwEBHSkEAMOsCwolhlXpbhG1tz35lxdMa/dBCB+JokHvGH5B
-JZNEARGpjlA7Q6oEYGtpTuIwj2lRqgiS7d3M/qCKL0HlrlMDOcBbNdjC6JZuVgnA
-LEG2m+r6YZlLratpkK9rI/SeSpwz2AfmrC89PI+C9Pcysj+EH4hV8WyETjcNA0le
-5UANiD8DBRA02DSrUX4eqU/cq8ERAhWeAKC4UOIE7dklH1E30vRWaD7/IxfsowCf
-a1Iux/3y5K0dJA7NugTQqCCGPJuJAJUDBRAzzCuczufOCV03LMUBAV8YA/wNZI5H
-kQtN09S6BWAHboVK1xp0xLjiKzUlbBFPw2RGJ7AE/Vy9XBLdzrNLvmp1c2gDPeBS
-SVfD3T8J6+Ioc0DXAc66mwwLHA+rL3VSjlI5Pj29M64dnkdDFjXtZ9OAVdRQXHtF
-BMH6Br0GkZ50erQWbmR+8fgvgV2fW86kSaxqSIg/AwUQNPKIn7gZOcVkC104EQLb
-ZwCgyFyGnj8s8Fo8FvLO3zFGOtlEiqAAoKy0AsMQXVFut1EBaSu0QIgf+BikiQCV
-AwUQM/vPi2Vgqaw0+fnVAQGPNwP8DHZCQkRoXD2Z6TuDeqa6Vy0tI6YJ8660Tc2w
-2siBd/F+QuCHHZ7SszyWQZ+Anuy8xaF9V94JoTxA+VFuUByewD1vYKgxa586GLUj
-2dRibUQfoH5FcY9wPQA6eq5OIUYXYtU4JBy8WGRxwjKzis04WNQS7oRgVfPVOLvx
-syefabaIRgQQEQIABgUCOVOiOwAKCRA00QUrP30YUVfeAJ4r6k4vnaLPthfR7FSR
-s3pmXrC6gQCg7jXhrRfNQh2mnQWxUBowCAk/Xo6IRgQQEQIABgUCPvcEYAAKCRC4
-IYkCnbK1vAqMAKCnn3HwbLwS+K+7+DalTQAa06uXUgCcCTZgU3roH3xvPep5stqK
-X4YZEVSIRgQQEQIABgUCP9X6ZQAKCRBSGNpgreuBi5JbAKCxdKVCyh4KNgwaxHNu
-aBteGdu18ACeNXYmxUhQN/ogZuSaBhd/51aBD8SIRgQQEQIABgUCP9X7SwAKCRCk
-1lwzUDdmZ5f2AJ4g86/sZKvZr117lFJsyeCCxmGjCACg9ihcPO3ZXxWtFwrWwOSA
-/g4qSHU=
-=6cVF
------END PGP PUBLIC KEY BLOCK-----
-
-Type Bits KeyID Created Expires Algorithm Use
-pub 1024 0xA0F8AA0C 2006-03-17 ---------- DSA Sign & Encrypt
-f20 Fingerprint20 = 770E 4AC8 8A97 B69E 6E75 0605 1043 2518 A0F8 AA0C
-sub 2048 0x6E613854 2006-03-17 ---------- Diffie-Hellman
-uid Sendmail, Inc. Security Officer <security-officer@sendmail.com>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.2.4 (Darwin)
-
-mQGiBEQbQzgRBAC7QmIW2r0oJ9Ixk1ewPxfwN1CU15k2ORBzRVIcO1UcLm6I5t3Z
-Gorbj22J8xNyY67yQ3pi5O+pffl5LujEKTco3D3sHhHnpz8vIaBiLyVUG3dCHZwU
-FP1jh9l5UqZ+QzXGAi969PMKkVyuWCHvUWNYLG+2RTwj8Ju7+NIzmv9RMwCg5nGw
-ftSHOf/hnfujlcHCLWtV1IsD/3NpxdobEobm+Zlkjk2nH1NtqwMDdnbBbj5U8jku
-LuhwZsvHbzie42JoroT/WI713JU3z1LrcwBYPxQGgVXlsyQi1ilJmd/JCsp9SpFN
-kqbog8zz7lZKD7PwRIduicPlXVft063DbABwTIi7YGv8xFnLt9vIix2gSco766KY
-rjPOA/9dlGIXq2HP6BGqYtZE6A6RwL2ujAXfene8hYLaMg8t52XyHvJDeay3siKy
-EhXt2tn+CyheTzKHXE7WdYGVIZq8OUBoJy/6eaL/paVbzw0SlhCuXNEP6J8SQClA
-rXDAwbl2SODl9T9eVUUbm7bQxdD942qCv+jhvBzAJrrHmZ0KPbQ/U2VuZG1haWws
-IEluYy4gU2VjdXJpdHkgT2ZmaWNlciA8c2VjdXJpdHktb2ZmaWNlckBzZW5kbWFp
-bC5jb20+iGEEExECACEFAkQbQzgCGwMHCwkIBwMCAQQVAggDBBYCAwECHgECF4AA
-CgkQEEMlGKD4qgwt0QCdHD2sFnc1cKILKClUR2Ad3x+OyysAoMTKNOPxq/burquo
-qt0rN8QnPkctiEYEEBECAAYFAkQbS9wACgkQGPUDgCTCeAKDiwCfae3NkBOnjSBa
-6E6ftmrDbzQYC9YAoN2Z8jaq1kM2pXmC0s/QTIIsPc3iiJwEEAECAAYFAkQbS+sA
-CgkQfEtnbaAOFWNKEQQAgIKzIX/EvAj4BaG13i3EYdvcSG0mfYsV4NVIdrDPnV3U
-mgbGBskgjkUyWHlUTJZ/AExcYyuTQNuivkH8pQKsXNUpm020PXvJg7t0/ZKTTv0t
-Xyz2OT3OLKhw1O+qUOOrkxgSpfg7UgQLTbZ0Ol1faP8iSTM5649rAOpqbPi8tneI
-nAQQAQIABgUCRBtL9QAKCRDAKcpAFvTM6cCsA/45MgCAYIr08/GKnFlBTZhAXQ6p
-ZvV4OCdtgMIwcJXJtB2E+HSjOsn9Ismyy9n19Z5j961oGwyfZ/uYoRp1Q5rMEs/s
-DmFyq0TAl3vRoblwuOKtOp2bvGah/TzdkMztMrftErM9MhddQDEIoS3PQ0QkSODR
-Ci/m8eMtGLPX/m+Fu4icBBABAgAGBQJEG0wEAAoJENbgof5PvirdmR0EAJNHIszZ
-ZnGx7jqUB2+tRLCsLctrm8Hpeltc2XkMeT0nx3K8XSDs/cigdQqTHq5oD2P/6Vp9
-e8X2UE/RfEhCDre9ADnSWzqASRtXktDVnFZZHuYnXl1d74bqS5RlWpbQUJ5VjAFu
-ZaB1nhFRcRWuhl8UIqN9OKygtUAgzlR/FfiziEYEEBECAAYFAkQbTBwACgkQIfnF
-vPdqm/XFxgCg8x357MlaxcLbnsbKZFN26nLDBqQAnAxqbkNoRKqF+IRV9aMBz0vS
-t+baiJwEEAECAAYFAkQbTCgACgkQHnuzyK+VliXMAAP+NGQ+3rPnGHUyT02C5K9k
-suqWt+7q0ZWHR3NP66H1XQCqrEUXqmcWtZpd0xTY8XWcyEzYntXje3epQMnA6/52
-ohFNehiGQG4FENsusTzu7+GNdpSqYTPcdUrUp6zOc3o5C30q+Y1tvBtyYlfeQSvH
-3x47Ai8PrnVmHjJCltkGtgiIRgQTEQIABgUCRBtU7QAKCRAxGYBRzxpNLE6WAKCA
-CCj678P/8pn+vG9JpgQWQgV7zgCfQ5409UHS5itySiyQ/atuUOAG0Qi5Ag0ERBtD
-ThAIALL0nX9pRt5NDqi0wk1RIXAGPJCahPJ8h52CgAJUm/FAsmXdCIVHavpDKkHg
-vcF7dixtm+8Jo4vhakQol7XZZgU5BETcSgBjNcwBJhFxAuB+Km/TtiXMK5U+36NG
-SUS5EqR89vBiChth33KMvQZgQ/OfpmWk05lMhI0//o1sX+0QAGTbO9q7RGMf77V4
-CHJxLTU5ZYguSa+ILV9Gg4+KSLGHqk03LROn13K0cTEeWHWKRcoFtLrokmYqDd+F
-qYaATa+SVCeS8PYDQ45R1ZaXJ7N15fRg0XM4pKsY4KAEUH5Y1ZfadPFd0LyDf1vh
-yseogJQpJczvstUARjOQx7yD8J8AAwUH/19Tgj/HYEyBXKX9Awnb3nZWYGap3m25
-iA/bW//uUWKjYrc5oIT/qJ5QMcSBmyOAuclrf/VGSYQIRAOlpXmZQcjdnUuVDliS
-wP77T4duMkfNiNgq8RAnM7cVUEJplbtGI5EapHFO8q88yq2ol8/urZIz5Qc3Va6H
-LelvW1zhFAcp7lJRfuLAWq8Qa6f3Pm2uzScdaQIYrS+vmXXwbOqlygucnI8bBh0L
-YTAjQqsG8YHklvXlrjfEjSas3l5UO45a48DWiSTXGyr5TsevSgfR6yabSHa8nUKO
-gbGF4UU1f1Nn2xaasMRMiZER2uIo2Gs1zPwLleRwwVAjaUOWwRupx/6ISQQYEQIA
-CQUCRBtDTgIbDAAKCRAQQyUYoPiqDP5SAJ4i92Z+F9bPVoX27UZS8xcmFOaxwQCg
-3plWjAkK4jGDVnkcVv2eMGfTP20=
-=Ylc5
------END PGP PUBLIC KEY BLOCK-----
-
-Type Bits KeyID Created Expires Algorithm Use
-pub 1024 0xBF7BA421 1995-02-23 ---------- RSA Sign & Encrypt
-f16 Fingerprint16 = C0 28 E6 7B 13 5B 29 02 6F 7E 43 3A 48 4F 45 29
-uid Eric P. Allman <eric@Sendmail.ORG>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.2.4 (Darwin)
-
-mQCNAy9MzZsAAAEEAK3o3N9W8Ynb47vNtIqUvdjYYl/nEt/hddhumsDNqt/icanP
-7x9VTS1bCfKmAEQ86DSkWRWZmhIpExbcqmuRtixn/RfDHzJ4hU/wAd6kAzUTVIfY
-wLC5NinszKoaqlBWlQkWKW/2GbryLmYIRhIDOKkIBxSgskpShSPkYtS/e6QhAAUR
-tCVFcmljIFAuIEFsbG1hbiA8ZXJpY0BDUy5CZXJrZWxleS5FRFU+iQDVAwUQMT5g
-jkkkqUax7f6FAQFXaQX/X1wyl9t5tJiN+X8vBpB9p+qfto/q+X0wrCa9EobVwNRP
-AUt10WfcDz24vduVKE9LgXPGwGYUsDDF9fYVSsr6PLY5st50YYY3zmSk6a4wBhwz
-kJ33HlGNlEYZjNhC5CoqGN41WJ6E0oi+bS1w1H4ov368BBu2WN9S1tWBKwijJeJa
-pWbnClxe5+4Io0z3mxgGHJFNlz9ctJ+WGazauFkAb/usIAw+MKrQ4sghtfzto4e3
-idVAxdxbwzhH3XICqCA9iQCVAwUQL23Mt4N7eH6kQJ9lAQFtpwQAl4O7UsjFPiY/
-TQa44Ay52BKClldBfvnVh6jNForAzgsFPr+dQVD/1SXahMFnOgnVK2zW0xwlQhv9
-w9LHrQ7r5pMQSqQbJYze4MQ031BDHIgq3bZRIf4yeWGdaH0ro8SB42GejiYP+MfQ
-IHSeThLA1LytnxCN/nRRkWK8Nl1DqnqJAFUDBRAvUm31HlLTF1zSxhkBAc+fAfwL
-hnGFP5jYsa0eUGJ3SVZmq8P9HsH0STF82Fwp/vUxWMvILpfSujLt/8792dgcwfdr
-HbG1Qq15XGsza0f4HnTBiQCVAwUQL1JtpSPkYtS/e6QhAQHQ4QP/WD/CqFA6f2Jk
-npDAVOJsoUqRbAluRbOiNOwsJ/OEP4ZGfZshvqxsVJbQa8tmewjHMEAAWvQ9ueBY
-1fwUenlSIAA0gSEdlNw0qxIEj9KhnU+chQq2z+RzoHuff2/9ApJwZQ7wSyw9x1vj
-q8DmkHBf+IAVJ2zCdNYGRGN+iBYF7L6JAHUDBRAv4F4MapsJyFgmz40BAUMCAwCU
-YvPrVm3u4EKVuWUq4g27LOid/3Xf1g7KQ+Fp8J6IjTBSs1Q1UW2RgDI7EqrCwiUs
-sHSLrD+3i7NJGsgsdKL+1HBfzujdDGMP48ujZBbYkjQ+k6rSez3NkmXI3rW6SJCJ
-AJUDBRAzcuWqH9vgQ8ZSyXEBAXxIA/0VUrS3TdBT5aPgApMImvP8yHH9CGfIjQ42
-48ss99nIr7DVskyq42g5EbUDTQl032iHc9eoEvvOKQ1BUauKGAvg8ZYImhHd20ZL
-vPqGKt7mXJsbq1syG/Zbt4FYzwrVgwToZ1zjvjBnhOXYzjSmmjytZ9A4bLXdqr59
-59iqlrZS7IhGBBARAgAGBQI1B0w6AAoJEOguzwTcZlABtoYAoOduT0nD8TmVetVV
-VfzQtBhpofPQAJ4gD4J5XDyTmG+nsm4ecpKwcdd9eohGBBARAgAGBQI3eQevAAoJ
-EPebODJBSYlfPZ4An1+PwxSKSQ4ZFxPKnaQzk0POEEvnAKC6IxaifUFCbNMq5ejq
-WPXPAR7aBYkAlQMFEDRaMzgmJUFp5Gpj/QEBhhsD/0APxfVCUniRRja4hgJYVqXQ
-L18Uc7BwDetpxDm21+HL3kCj0YpRnU6H0GN2usFdoQit2dejDzbUSKSYDZT2LcW5
-XQ+daMNvan73tWKw9ycMy0Kd7DKLbOS8tvc45Wg5m7x/Zv3rH1e5R+9gHlzSzzXr
-kzhmsMuKTkqqZ+ROE3OuiEYEEBECAAYFAjs8tRIACgkQg2i7WWb7wYx+PACfRs3B
-YsCJhwfvAhsfE9u8v5WNsl0Aniyr/yzPHCHetrcfVG42jaN2azfoiQCVAwUQO1kP
-MAZ+Xti/tWVpAQEtWAQAhFmMzQfxl8zg0xqWwgVC64btvdMFTaQP37olYZbQsyy6
-2Xf2gsuM1U+4dD0dhilGL9qax87X8hmRJki3y756weoZfghku13ueVNJqOD88Ya8
-usXNDS5P/q4lAH9UvFh5IylpksFHf08vsrTLUneVOCvgAREh76PpIHzTjw9bsd2I
-RgQQEQIABgUCPEy0nwAKCRAtu3a/rdTJMy8MAKCmtqbtWoXMp/EZDH+UYZMK43pn
-mQCgnJBlggj1SMV99i+iBb30nMIGrcyIRgQQEQIABgUCO+w2lgAKCRC/tn5vQSeK
-RJFpAJ9YGGDUWZm97XcPos4p4wsE3uhbsQCggs/Z0938yd7jvU39rEKXTvEjZ/2J
-AJUDBRA7WDiezx61AyIyegEBAaiHBACBjdUAiU+Ni/5MHypmXKn9x1t2xmsaBNlA
-vkHvWcGvRImmr9oq7idOMH0OtVpsskCvdJq1x6TO2akdtxtTnEtRJv54sw5OrBVB
-7HULGgQa6QySL6t10fG0BQAULCVbnt6ubrLogwD4ATcYykHpL0SJZyOULmxaDb6g
-IOgxn9gws4hGBBARAgAGBQJAC0r2AAoJEBhZ0B9ne6HsVfAAnROVE/UJSrNLplJl
-LBuazZvvjT3sAJ4vZcunwcus0xq79qGFPJgI4cmmiohGBBARAgAGBQJAC0sfAAoJ
-EIHC9+viE7aSm20An2/cqEmQ+KootRdNNP7l+oHvjVamAJ9T9yBM1QM3cFMOiY1z
-ajQV5XfxOIhGBBARAgAGBQJAC0tSAAoJEGtw7Nldw/Rzd/AAoKSyT5c028xiJ2Li
-W163tN5MiCy9AKDZp10knjSiiIS2/s/zuJDfEvgET4hGBBARAgAGBQJCNb+JAAoJ
-EA+Rlt5uUsKeiPIAn0fxZdmUdo0r/nH3ZeAeW3EXIhx5AJ9k19QpIYEP5AlyGn41
-q7N7KJgyc4hGBBIRAgAGBQJCNC8KAAoJEFMx5x175C/jhrgAnimIvdY94XEoOfm0
-12LfYTd66x1AAJ4ttaySHJJR6C7+WpLahXYyjZhYf4hGBBMRAgAGBQI990Q5AAoJ
-EPuPJWT12mvjuiQAoJ7MdyBGjrEM6yz/FFgpLpyKySWUAJ9ENQMKMr6FQXLPaeME
-8/8XoYCJ1ohGBBMRAgAGBQJC9AUPAAoJEHu7RcYqQ9NMucYAoLfFYRlLsIvmEaRZ
-hRelDMX4wuq/AKDJzv7iF+xpS5ZlT5XHdAJM6KCh2IkAlQMFEDACrUC7EIKQsT90
-BQEBXosD/Apakw5p9sWEP0+vVguPqpp+MwCfGJpWiQKXRbNJTO+a4GtLU+yPXXOC
-7NvlgsgPpfuFbVRjLlrxHNBQKEe8SxQ3uM/On9ojyGj91cI1rXhycIqksIGPyGbG
-84hrtT/PMbau8Eq7yYhaNFae9EfDTAUs+ypPGDhjbKhKBq7E4mtAiQCVAwUTQMyo
-wzfj9F/uZeMhAQGZkAP/Y6HCzk/2Y/5bzje0t7QxohaHxKipoUIrK2FgCUOYuWrx
-YSUfHK8DwzOMh3xzoDvlFcGCnxMl2sgrrgHR6fILobv8gPS763qu63doS3ZwY5hR
-5NbwmQu8IF7S8A0E6QpBa9EciH84T90Jg3U0UFstbxDBdXTCRcsQ2GZ3B170l6uJ
-AhwEEAECAAYFAkF+tc0ACgkQquPmzmahRGhziRAAl0RfoEr9vcHFkGJpoXzn4cIi
-LOrbXcMa34H7WghD66NVNuhracw9CF/rvVvinkoKxfCBkZ/KUZW+fmotyoeDEORZ
-oJVLN1uvqBBSlaEQZzqOVl58ISZvXxZeHpS4CwtgYPz97uNYmukPU0MKxAHqcLDv
-e9Id1coukD+L7NQXHYVbxIIx86wV9kPKXvdESh0KyWZKgRi4K6ZKwhqQXaLKxvNU
-Pz3P2uGyZQf8YSKyES3+3F0lOs8JYWRdahb0/2h8ZecMH8ACcNU57L3f7iEfNF3P
-cfqr8jLn0ulfn7JuMBqDtXM2DDjLYuwuPxcTKwflvwLF4SyN1IgMcjyIHcJBHJZU
-PuUTvGi3opQzfkPSFvQRDnJnPoUwAnxbWO36a7s8Rqw6S6sRM4VjHgm8i7C86vGw
-0HtSzckUL1bWFWgXTmzQt2PKTp88iJUBbMxwxDSjkzr5V/sPYbr+3bmbivTVdhlR
-TW9Sw1qsLe7uVIB9rdF1yJrwXtTKwcowQlHmSwfOSPBRdvghINeNWJ4ZBvKIrqZ0
-RGlnbvg7lhViPLDWSl43XQtD+ZiZyDvJ5UOuNTwxXEMTsgLxNaQTMNZh0s4BypVn
-2J4BYUGIFOLfJvDRY2Dc/sx0oouhqB5U170F6IPpcYM6d9c65WVs1HZ2MrJ9MPLB
-q+1XY+V030LgjiE8qqK0HkVyaWMgQWxsbWFuIDxlcmljQGFsbG1hbi5uYW1lPohG
-BBARAgAGBQJCNb+FAAoJEA+Rlt5uUsKeVQMAoNbRCOQWVERZzCC0I3A82Dar2B4r
-AJwJqIoskfpatcKkN5ar5Tj6xkK5vYhGBBMRAgAGBQJC9AUVAAoJEHu7RcYqQ9NM
-Gv4AoJz+Qkj21ztaZc/BtofhihoQLOUXAKCv2fefjGmx7xt07MSbelv/L3ZFKIkA
-lQMFEz3RK7Ej5GLUv3ukIQEBf+wD/A7BAKI8Jt7ZfG/js6IQibYU4E3C0z+0WB0G
-diJAZKEE8bYGZJTD9xRda9jOSW4q2NTyjTPJfSPYJ1MyM4K+20qSHgrCMRvuAWHs
-/CDKy7ev0VjImB5J5ucFMlc8jghgruJrcQYKNB1mBRDThAxnOLwfu+iU4DjN8nDi
-UHOSRllZiQCVAwUTQMyouzfj9F/uZeMhAQHrygQA2alGdUJiVJ1694wKsA7NXdah
-ea+VCpGgxxMM0mqXEXwHgMRKOjALCrC0o8r/et0qwOwUcduPwRDsVEyBPB8FmSG3
-6Xnr11b/s5gy501Ms7p97Y66fajPi7591BuBsW8YNPvztHAaztaWgsNQ8VOo9MwT
-62cmufuFbszpPJ+f7Y+0IkVyaWMgUC4gQWxsbWFuIDxlcmljQFNlbmRtYWlsLkNP
-TT6IRgQQEQIABgUCQjW/iQAKCRAPkZbeblLCnnrNAKDUOt94rDAqQX2TcvTFHDur
-0vNpnQCfcww7SwwdlBzkSAsYCnpXoLd6Z5qIRgQTEQIABgUCQvQFFQAKCRB7u0XG
-KkPTTJYLAKCWB4W0dNGjUtGW+IgOCt1ipANe1QCgoeyb504WmcyY97mSfIqiECMV
-LqmJAJUDBRA2cfcr5MnqS0+2zR0BAXAuA/9mBEs7R02FaUptY0G6DLiaAQikTJ48
-AOTKYXzIKV4FSkm7rW6htrC+M5K1bun3MekBSUSVymOcRiAnA7hpncbfHBf2INQL
-EU0Xxijf4F6cJMzRYONxPXDTaAROVaYhqzmgzhmLXSv7OBV+G5bzZKjoQAuPKUEe
-R+LIS2LhPMYBKokAlQMFEDtV2CvW4KH+T74q3QEBuIYD/jhUow70mr+OxDnmFUfu
-l77iS8yfWDB9U7aAg0472gsnpwhr9H2PTzDID2veU1tszOmFEILC7KxvaFX++BSl
-p+nqqYoWYqGZmdPHB28zdgiOq4MuLLDDO29r4sDWTo/8xEMl8uM+XBS2yA2O11If
-mjrS6GwlObaFMe0XzRNBcwm+iQCVAwUQO1XYW3xLZ22gDhVjAQH0LQP/fdC+951h
-P6KFtWkJDuWCbercTtg/0vZ5BkWVZxVL8vcF/ca+NNNQZzriG7dT5pC6Zy0ZnFuI
-Cxwps5Xebuio3mr4i+nNDknShCZfsXxWV9dhkdzTQyyVMcYaPhgtCFWqCn2ftHMU
-knwLQ+yyqDRDqsg5NteNHUZnPDbcq8wbSmiJAJUDBRA7V0Bf4dT8FObQdHEBAQ1O
-BADDPj52cMF708Ee12P3GHY+t6k3CK+buq2ga9JC1IfjDoB1MT0XSnazhiTjEykt
-kUY833wjSvGHIajsT/bh48YR3LVQO1UDiqnHwTCCtWLXZuHw425TcZeea24Wofzc
-GYDfTxCeasemU4PzelqUZMEzF1U0uWzMkGnNM7+2COV44okAlQMFEz0ctVoj5GLU
-v3ukIQEBgd0D+waikMQDMYFeZrTQyfijz8ZsWEIAreruUpuNvdM1oHp39W5yBsr+
-eDOFmOG0/Lsm3BOcIzKekgcTK2jFOzTg87OlOeSyzLJFKiK4lJ5Y2WUavbCPSo+M
-FTAYRUxOtjwvaNy0i61wLuB6fZ6aAQn/kVbTZz0/P+hoBUZa5MJg/6kIiQCVAwUT
-QMyoxDfj9F/uZeMhAQFWPQP/dTHQrC6hSXbG4nbbztZxh4sG/HS1EgF8LNSQJfQC
-BqqwKl2a7k9l95i2bi9NVBFjvQRqkrhayVMhG9NxVOQZrUDDKJvvA1khXRIgN8z4
-JPu4lUOJ8HiQ9aLbC8x/rdtCh3UkmyO30Cs/ykkwaE0u/gO7H6f4PB6WMnr0xerd
-H4O0IkVyaWMgUC4gQWxsbWFuIDxlcmljQFNlbmRtYWlsLk9SRz6IPwMFEDSqIBpe
-2lrbOY1YUBECQxsAn2xIpvoCPV/AXxDIMfmsCvOhY5diAKCPQ5yABVOMwdXUFoAo
-O+r518BIoYg/AwUQNQwAQv9OLU/BcyvDEQITMwCgnylcm2XpD+xyDRXmgaZQZ7ze
-JYEAoMpTevluysbysvib2bAhu4w1JMi3iEYEEBECAAYFAj/V6rYACgkQuCGJAp2y
-tbyW7gCg6VaLmEYc7k7V0N9lRNPD/Tn8pXUAnREmdNNhgvyPwGdPc3FjvrR768E0
-iEYEEBECAAYFAj/V+lYACgkQUhjaYK3rgYu+xACghoPcXYc5WO7ujNONIWZy3BdE
-7s8AoJoFQGJiktKiWvGTo9Y7qqyi0piviEYEEBECAAYFAj/V+z8ACgkQpNZcM1A3
-Zmem0gCfVzLYHqM7Cv82e/MEeYRS4rGP6z0AniSqIcRQrUK5y2xUTtr//Hu9MXTF
-iEYEEBECAAYFAkI1v4kACgkQD5GW3m5Swp7fnwCgnlbPPJXa1xoMCyApkIbQ/3Hh
-AocAoKGUZ/+J0e/8WHxn3OPlCeOO0fHNiEYEExECAAYFAkL0BRUACgkQe7tFxipD
-00wGdACfbAOf5Svoefyegn9jVk2s4KZY/pgAnicIj0Q+41plRlbxAPJXK72QbJkz
-iQCVAwUQM4me9iPkYtS/e6QhAQFNvwQAlf1JIVvpn+ayzJhCpdex7b7s3Ercgwic
-3e+22plo9mmkkolxJfyr6qGKR7BJleSksYui2rmnbG6hP+nZR4lUY1BZEmVDkVmV
-UFl1QWq//V4lysKIK2uHjasi6f9ZQ1tzcB10rWebDm2JUeowEv+8vjL7LpfWGTpA
-fQyNGHux/c6JAJUDBRA2cdqc5MnqS0+2zR0BAQIlBACHEDxjVe81AkvGLfRtwQsr
-3+/bQqIbTnzjINSr/9RUAYepV7mNOD8hQGEcihgaEoAudz0LXuN7YXcWXMS7fjU4
-iW0fwaDekZzHY+Eq8BLl1cohWPT4oiNxTK5NTedAKJQ/Y5OH927l4r+oax6A0wGK
-8hvhK9B3hxPsT20dqcfLUIkAlQMFEDtV15V8S2dtoA4VYwEBbToD/1+2lkg6uv9G
-c+RTSwZMIles+grZ1qFAlU8yRwB1rnCabTpGDa9vP279lZtlLM9Ee3BUdMp2aoAn
-uwSMpbDIRM1YDnff4gXJ2Ch6pR/a4kF3qgMrU+b1urWinvD3XirNY2AwEAt+eGqk
-bHbTmScYpe1ONJFYERCen0963+b44l+ziQCVAwUQO1XXntbgof5PvirdAQHoawP+
-ONzw7wlnB5Tm88OHe+Rii0RrIbes5tojKsYHmYNolRzLo6P6Ka+F0Ruidnj7whMS
-RUDRjocXl7zIBIz99tpZXzT92Nte1IWMRI+NjtIpth+HdBwdMP1KDE6hMnVDZyd3
-3diGUfy4SwZGpHHZmB3S2IehAnd2n4+mCls6QRuaEd+JAJUDBRA7Vz7i4dT8FObQ
-dHEBAUpmA/4ns1sCtShblVNm/WVO0zGaguN815GZ1VYKOV7aT7ymA04T/IfD0eph
-Ng4w5WEGB+XJY2iN5KfDUgZMjvm5zjO4vUEKGKpoJGu940B8bt75QajbQU+pYFuq
-dpcLhySBVVVh7kapviyXM9jNuN9kk8BPknef4Y1jJ2h+8r/wg4w7v4kAlQMFEz0c
-tZ4j5GLUv3ukIQEBcNMD+wThB2AOYB7cnl7xWdfxXBDn6zZ9FfezUQy5KtdL4suy
-lLVQ+4RCQBvuvjrgCy3htWJ3KkTCoHui2WjmIaKsI+QweTcOXkZyvu1JFEmSO22C
-TQQBfFAULfpWmk7NYr0FjWaFHmzOQNbFHtL/BL7WbgKedOUTlhJ7PBIY3EDc0Sci
-iQCVAwUTQMyoxDfj9F/uZeMhAQFYWQP/UKjl+nBZsFxIaB8eRahB5QhKMD7VJ2uI
-zrT9uEAQgPq3hohQDo67UDan4PBfWy5Vum3Vb+lX5smaxVqZchI5z9Ii4yWA9Is6
-mHSwO4dNrEaOiWzcu76wbVk8qQYfXVjmo/n56MeYJ/5vaAgosJzQt9KvWykvxXFO
-eom15MJLTQq0I0VyaWMgUC4gQWxsbWFuIDxlcmljQE5lb3BoaWxpYy5DT00+iEYE
-EBECAAYFAkI1v4kACgkQD5GW3m5Swp4LXACg2Wb3e3plOES69yE+yXy5Cj/TvIMA
-n003ajQmlAb6Vt37c+O2K29QhAJriEYEExECAAYFAkL0BRUACgkQe7tFxipD00wB
-2gCgndzGMm6P9f4p5Q1kbdsyhzUpOe0AoKHCy8LGBD/9mJEm6cZQPV/RcdDOiQCV
-AwUTPaHoIyPkYtS/e6QhAQHm/wQAjnLnTDgI9fxz/cNkPGmI5+et58zt7FdsMMSZ
-1C8pxNYqZX/xEAL1anZWpyDbrLKzkx+11xCbvBn1Ot3IAd6jy1PabazbMtU1yHMa
-/zwGYc8E06beYhHMnnhu5y8L7Fqxegc2tQECdNfQTl6QhvtRX1Z8Gl/Xm2nymJ5n
-0dQK8+CJAJUDBRNAzKjEN+P0X+5l4yEBAWYHA/9sPSKzuRpC9MUw6MFc6Kr9aT4t
-VfTo00L6fHOpQX1llpMclYH48g39PN9OtHtvb48IS/l8h8Qb48w54FnqH/ZgOyJ/
-+dcwoCOvTu7mYzMlwJuoV89cg+4wmFFtBipA08ga4kJ8Gfum1U5S5wvQFnV0QPEo
-0Qg0kzeGssNK0n6OoA==
-=pWwn
------END PGP PUBLIC KEY BLOCK-----
-
-Type Bits KeyID Created Expires Algorithm Use
-sec+ 1024 0xA00E1563 1998-03-07 ---------- RSA Sign & Encrypt
-f16 Fingerprint16 = 66 39 58 9A 83 5F 52 26 88 E4 59 36 5A 94 D9 48
-uid Gregory Neil Shapiro <gshapiro@sendmail.org>
-uid Gregory Neil Shapiro <gshapiro@sendmail.com>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.2.4 (Darwin)
-
-mQCNAzUB04kAAAEEANHOOWZH9BdsPi8071kHB49qWAWL7OjoUk2NpItw5D9o/sRa
-jZbBwtvPSjx+/cC1Nka+apIuXGccjBzpu71DJFLxIYEk+MW33bSgymI19utPS1b7
-yHetCa6T3ggBsdSH3+gLbyK0bt+suRxxiAC6719HqHvUxuGWnHxLZ22gDhVjAAUR
-tCxHcmVnb3J5IE5laWwgU2hhcGlybyA8Z3NoYXBpcm9Ac2VuZG1haWwub3JnPokA
-lQMFEDUB04l8S2dtoA4VYwEBL7gEAIcDsmzwlzI5+KYILkeUmoOWeoOunDZ7ZRv9
-KvATWccEJdcdjGk4VPKtAGYWgPJBweLAaeZBHo5+cB/w4Ho+sPavHJoaXqk20u5T
-AtIv/DUKcPcE6MVvOYuWUsnHGuWDeSke/KKA1uRw7KEn8vDlBYktUres8ifHLGy0
-JM+aEs26iQCVAwUQNQnbcr3aj9Y/6n39AQGzkgQAhcwsoDO9Rl2oQSUYZpvcxUHF
-rroqSQFejRRfTCT2a3ejQDckeFTqT2VcLGv+QH+7sQFnRAlJrTWU6U/BoLsf3qnu
-dSijd2DiiCTQ5F88SBQjlRyxvXpQXOWGlmemmkV6kry/px4MaFAyF/35HCo0Rzd9
-S0brLFgrCiTzAS7/wRCJAJUDBRA1Cd2jI+Ri1L97pCEBAYw4BACh5m75gsGcClEX
-LUcxIOaANG2YNSr9r1lmHxcDq0V3Gpv02IauADL1+DX6o3sD+dX+WJxyAM7F8QBC
-up2ZtADL1uxiGz+AarDT4qzXyUeQnB47tkhPTnlcO60srtgkRKNex+lAuzzbWSAT
-vZpS4C90ZJASwMGr+M73V/66cwKA/4kAlQMFEDUVydtfHshviAyeVQEBwUMD/AoR
-E9p0DSgbPpSdojFok7BEe8fHLwJR31fBWetLOk5nsHuAHWBCasO9bmjgG8vls8YS
-iTkoJAMxXN03i1bRNL5X3F5Ex1HzrkjEsn51Fcx4Jyp3blXlf4yOBN2t+2DM8DfR
-vy1yVrvKtZ1TEhjM0zoG1DqjN8zf/hG23t+1rGZ3iQEVAwUQNRXjouNaWM2W6V8r
-AQEHowf/ZTBh0jzRC+oJHb/uewa/vnufEFeWoGZt5U9KZoKooUcZZ82RyZhzJzC2
-/5zQQQI9vY+Gh/bL+o7Eaj8+FlbXN9N31E/BhxTtR/v2FTr0HHn/kXKriG/Wjwpr
-Rj2hF9fu5HTVD0Bp3A/uQ4bUO9xT7edKGtQWgXEN77/xbD+LGrZ8CTFSohA+WIyr
-tgwL214ASBDv8j++V4lpTkzyJSjuFTL019hsjkeE4FvCXbELfvsVX0SOZK9Q45I+
-sgvsAZ0BBpasfaY47WShYGhTvvp2r/Z8xgy2erw4vhKz3jJCVmkK1cmAM0IvhwFn
-LSYfxI/T/1zEUj+56XTMc4C3dltXfYkAlQMFEDUV9Q08YShHTKshIQEBY7cD/2Rw
-Bu6ZJAoJaGKzbBOwEQG2JV3/o5W0Z/Tfy9x3kUDecgqEKN2M0b9zCkzCprotGNhJ
-3KXvva3XL2H9AlJd5aorcmvNSph38rPlP35Tt3xWXMBrB1CNR79WMZU+Wx1TlJMf
-i8EFURUkjD9WXRsn5P9ncPPKBGcCJ3MfA4LQvvvqiQCVAwUQNRZkreTJ6ktPts0d
-AQGsMwP/beohoVn7bcp9kkYW0d3mAlbZyrDzbi6Q+C0lS9s67g4k/QzWLY8vZAYc
-ywC2KDQjoc1mnw1bJ+S6u5WmMTnfrmXs8vUMpmM3no+ZIlk8FB6tdkKcIu3yuAd9
-CFz62uxnekRRCoIFnWadeZSyxOmdxtO99MUaM9D8Ob1fOH6vPWOJAJUDBRA1GUPT
-vFYqkcU0pUkBAXQVA/42rM5+DyOA2VoCCkYa0VgIuA5ECROFnwigcY8mxQx9D/Xv
-30Z0ePR4Bigur/eXqCC0Tt0cy213SUpED38xsXtmchK2lpCH5RlIwbr2SZKNWGSZ
-jGlSCRbLT2xo+WYxvXcUL0q4NYgG5gXG4lXUf8yyuo/MztQlBkPsoO2SLLX3MIkA
-dQMFEDVqLI6s4VzBBNt7HQEB/asC/igF9ebzNWnIlug1gienj8d31znRL1YKcn0h
-e5b5N2XPIXQ3cOBQxlufuHVZKL0Cir5MSozxnEsavqKSGhGQuEnvv6lbYh0/OJgo
-eB40EDPnPGjv6kcexzOB4rUOYr46w4kAlQMFEDVq3TUpbj1jWlwAqQEBqKQEAL9n
-C6RFsBFabbAw0ScsmW9ir/0Zz28pBmxMkUY8RL9Kk6jEkwCa3phztMao3qGajqXd
-iw5hzfAOdY+eWPXq/sqE2f81uU2TaFCsVq++rAcDqxhZ1p47xfGcBtVBTpgAl+9s
-8h33IsggglCumuhBkyCwOBFZ2JiN+BUAv6LbUvBWiQCVAwUQNYgrcJqnRzvJFyx1
-AQGiCgP+LLh7c6FxqVQbgm3qpwgReYryaQQx8sdksX1gZ6jIEC5gYTDh+vHmUJdi
-16I7Pz02e9R2yOsKU6e+zhCTauHtSM0CGYn9OdLx96WpJv6nul/KI8eztyV6Dl4k
-T8rFbuo0qs8Ib9exDmkdRh78Ihbask69R1w/OwLIlKesOiLo04eJAJUDBRA1x/fK
-P2UweumbYhUBAZCzA/0UQ5AB890HbWnvVHP9PdDT8KpIQYg7wm5aStpinY2/jfwA
-zl+kvaAwL6nTsTJiWNLfZj4rLn0JsG8176/lyl4Lk6QLkbGyBD+/u8tD6yL0NzYW
-lLIBwhxL8W8Fw889OKci72b6rrTcQNNEw2eZiSeTGJBQdZ4quDQZOthwtMEEe4kA
-lQMFEDXQKC8offu9cgNgzQEBXYAEAJSZ+CEGKswFmmQqO2t0WaO9SKZxxXtnGe/Z
-+M8emTESQecZ5oC4Sc+M9c6YE8jSH5CgDD4R5EHKeWXsVfFMV8wetcjgB9AicCnl
-ki2hVT38Rf+b1go4lbKpPjKf+V32Xs/s/kblZ3SX11aOF7pkQCV2W1ebkZ+Tnim2
-Ec+pwLKyiQCVAwUQNQnY3AMljPu+uSCxAQFgDwP9HfUvdT2mQq5AXhZ6/ARNemWI
-wHb3OjP/Q9A9uxMnpIXIr42QW/jhQYqau2nkhdqbOBCjvOmRvOt7BGYfjzUJkaCN
-zv5m84Ptxn/HiFYkQUHZO+Y52nZ/eTdtpjWNLkmDtTusfK2v6G5gArMpKv/VhN+6
-5DNWVPOwLucihYGINjeJAJUDBRA2qPJqz3PI8mJUAQkBATVeA/49kg6YZ5NR93/u
-gqXtjbhpdWi/YEpWDHYqdMQIAWaJSum4P9tWA5XoTToqP2bQTIXs8k8Vw4W1h+tz
-ZUI0P+lGVOAyS/MQXVgo6hvKJSq79cHtR8ue++tBD+ng/OUzuHZ2UFAO79EOX4EN
-V/o6dcwQO1qzdZkKiGy8M2hsgPKf1IkAlQMFEDbDNrLPOEYPxdAmiQEBC8ED/210
-XIlOS7wKECMEAtGjSaHzA3T8sOFad0FsolSYr50SUNgq9ZTk+PIMwJ8lhl+EuHvb
-chhyREg1IaSU0Bg1JQIyUZ1LQwY9tb0bnvS6r4bko1j0FU9pKhQ6iRtOrVNlVZpw
-fc+ErvV9R+yHx+aoAhjosAC9fxBSC5R3Kdw+Pdp2iQCVAwUQNvAB7sUtR20Nv5Bt
-AQF67wP/RH9H4fHv9p//009HwP76/3LnxsUDq9kcbYrW0LWkkHC9iRHi5+Lks3z+
-q5spNmiw235CpGxzeiMX476lelOO8Yam1EmCdRxxkopBhMQVcrEuMGER0p6O1qWj
-OnNs89bKgpP79g/LGx3Cz1ZWtZvv5PqQc9cv6z+k1xItRhpaxiaJAJUDBRA2hTtV
-pFCQLAnT5k0BAZtSA/944wg38sIcRu/Odo94mCoIBbjcTQUeA6v2KXCD9tQ8JySR
-eAGlvPEwRNBVx3fICnJQQ6ClmBikJbANstFc4hrK971KOj7zRCS4IB/N4pEfCbeZ
-05d3Mz1iBvEZKtbRtwbrqx6Vxi3JWwsTyPAfz9QR1IofW2SWUq3pnHBROdGKBIkA
-lQMFEDaFO2ny5WVM5g4qbQEBAMwEAIPX4OJqCG+LnbReaFem4hP4IN7MT47B3xXX
-3l/1CMMiVWbbk2/rIdkPuPuayE+w8ypEY/gqMKnlwRFFp01BW4Cod370h5pJkaZt
-44PnVM/NrnsB/Xhgb+IS1vIV4vOhLCZXBlpGAKysOt5hKX3myStNiu0sXXrtvnTv
-OvvKf/ABiQCVAwUQNoU7hbCxcYNNuhCRAQH5LQP/ck50e2ZhJOVhg7poSmSaCer0
-yDcRH8u4Z91ymKvXtXrIXYUjXfetUlDjQ/5AZvuZjejnC6Bjzpcw3Ft3OUdWuR8/
-84qj5IK3cwXAMsUiKTtSJeW9VHSaYinqCQLb0nOV75wkabR+iiIAcNX7uTQZYOog
-HFakhmc/TvxviRh2woqIRgQQEQIABgUCNvCUzQAKCRCKO6sOwF13o2vHAJ96Gl3l
-rG45GZNXYYePHNhIbsCV+ACgrKj35e7VzunNxsWHc4RjTDjmOvGIRgQQEQIABgUC
-NvCXlwAKCRCdqctLsW3isbGvAKDq0Slo3oY74pqi4VUA8TlwaHxLjACgsW1KipwR
-yzhJ8N2FbhISt0g5RMmJAJUDBRA286RwFQW7a+L1ZmkBAVVkA/0bpmeT/tOkLdjV
-IhWUBfDwDJgUR9m7vKhf8tL2r/SpV/tflpbw+5DjX+pa099XADkPCPDVLFyDowLt
-FWUc6dcncBpG9nhqcjOsvyCuKAT7PvijPqZ2LRwiQnzjAlRRSFgPGlnPnzM9/iMe
-zdW08JB9kv9luzbdZgJu9x5hytcd+okAlAMFEDb0TXR3HZKuiXLHwQEBBY0D92xI
-14X3jkT+xs2QH3DU3OczIKbdRvEdoBAgek88xUU25mMXObnYbkc687lS2Fh6gbLV
-vBU5hzU+/R5fdxDfnxm0hENyBJRN+3ZxRCXBOLDEmTTQIAfQArDhmWYHYL64PD2I
-qUp0SHou7fdHsSAp4+YnSWO3o7QaP68c/ZdHraSJAJUDBRA3EnhMDHYkik6V2bUB
-AVowA/9sm58IKKgzxiB9Xq+qC5k7Hh6B7ApkBmw4HO6GdHxu28Iosij2cUsz77cB
-RQSH1Un6XWGtOVwUfjZXAmpi18x26msPTyvLAYacjdFl/OL8+CcDwRLWirydPjU+
-TAop8+0N4qjC3XvpajFU/s/6KmxhLL6u2ipIzCAVGpWevg9SmIkAlQMFEDcSPci5
-3A5J2ODMAQEBixwD/0KVQYiXD0tyHEUqrlHwErIAB+ZYT/2kfx2PkmAc/xbNO9al
-yBz297H29JvrqXyYLBKkd8w3hY5e2TK7kagMkTicXtDvnCqnB/EnyTyHbDkCpV9n
-by8ThZEDxYopfnoENYjASUZvzBwb+QjY0bEaSg8fP2qiRdtrYzVQjvGlQdFziD8D
-BRA3HiUvIOQkY7cMoxURAvLEAJ9MoLW+73pmmP2+RL6psGX043LUVgCgho6nr2q6
-12UdJiAArMIMsnmwC+SJAJUDBRA3VZ82zx61AyIyegEBAb0NA/9SGnzvfNMbF+Ri
-w5URct6Jwg6YCUAYtuoE4S8eRxX93bsjzBot05t8w+FY1uGDSnCSQQ0GRTK2mtbO
-8nQOSwbSHtEBbNy9mfjUnX8tMDHoY6v2laFO1Hq1G6u74cjruQoW5a8fS4Y5BaZx
-AFMYeSnWjmMfkByqSS7vQcHrw+nSd4hGBBARAgAGBQI3fwEDAAoJEGsBYgkJ6xG+
-aQMAn30+AZsc8AMk/L5s5StkQo5+3YTNAKDUSkcMC7DJbipIfQLnk9teS/3x14hG
-BBARAgAGBQI4Em4XAAoJEDrQbg2RZy5OcP0An0H6L08cCmEMpCQdV7fY8twtnuQ3
-AJ0To49TCQpQ6vWS9NBtDuPkgYLjCohGBBARAgAGBQI4OeNpAAoJED/0TyQ4fTjt
-gqAAn1ZhYkiXzr1UlgqNoyR8ElgQm446AJwJebmpAnpkBZAgLeT50Q3VonSvCIhG
-BBARAgAGBQI4KmSTAAoJENSlTUjFvnNYwGYAn0ZIiQevTcP63dNvYy12UqfF7pGm
-AKCYiUztvhVFl/QP7LSnlwUFuJ69MIhGBBARAgAGBQI5ZAX7AAoJEMN1Z4b84RmY
-TY4AoNE83txQ7urSKnMHBljVvLYhslUYAJ9UeeWyBn5MEQRipAmBOFCyWJGBcokA
-lQMFEDnug7Iff6kIA1j8vQEBzH0EAK8wm6LI6oegVCuBdWoOTFJEjtP29BYoebvK
-MirjgatuUaIaxOH+BNJD3aZ6DjVLdyac2gF8gu4hsl23iAABSBO7H4DXa6cEYJ+U
-R3dXXC6LCQHsw26VTvqG3ugSmljtYU2ZqVK1MlhygjNyusrqOtPRcvF80k5MXVk2
-ctBwF2BFiQCVAwUQOfXCbKjOOi0j7CY9AQH/awP+KzR1nOnyBATlshEP3bs40Bzu
-BDOXiUx/S46q62pphA/D4xEdzcPD84bCEZlIgpvBTaQGKL9AXGoMvyZbK9vjiNHn
-5sfBEWgBe+2m52iN7KKZlkMx4l3eG4UonAQUZbHQbIfsOZtnqxi3ZJfbj/kU5qtz
-OywHF2zal22nAb1UxbqIRgQQEQIABgUCOrotxgAKCRADEujDXYzae6EdAJ9S/zWn
-s7wFnaCMtcN1eXc79YHgyQCdFffNTVMfenyZ4u7hUo4RFK+S7u6IRgQQEQIABgUC
-OrpFywAKCRAsbbJ87KtMILU6AKCDQgEueYAMj+hwxuMyaYAhYbvjbwCfWLJoX5fp
-I+GBrbk7NtjhjI4J6fuIRgQQEQIABgUCOrmLFAAKCRDSD9QFytUJxl3GAJ97z/kq
-ZtiT4LkUVMqzPtigENu5vACgkZrpeEUYK7+ASmowQ+kn3FNjNGGIRgQQEQIABgUC
-OrozSgAKCRDa1acZvMEx3uqHAJ0X+14UBto1WQqeu+TZdwoLaMgugwCfc9Y1RCwl
-DpY7PNcwud6/a8cdAXmJAJUDBRA6uluR9u84uPhDcHEBAV0JA/9+SQjQNuMxrTox
-MK18hU+xFvaSFbvQ+ToI6SH6IZqn/i5EcH5w8xndZDyVNUwkBER3aRj0k83YFNNL
-IirdrQeZUidvYIbBFISpL9v9O44FYvB6Nfs3gL6V7pPzZbqvA/6sdUnkWSwpfMkZ
-aK3/BHP9Zy9jgMXjY4RmKGID0XmEIYkAlQMFEDtV13XW4KH+T74q3QEB7+sD/i8p
-hy36SXsqqHMO5UKI3d4KR1zMCxLonKeMh3Q6fBFzWbpS7U6kWQo2xfMs+f/R0009
-UGhGtNL3tCWkINmYu3b+xS4fTfXe0bU+QbwzEkYndigKG0xQVg4A3wIqf+EirMj4
-lC3ufD/+aFN6bwk6Fzrao7CcepJtjD8mgXiAH+mviEYEEBECAAYFAjq6nqoACgkQ
-S9ihXhFq3adNJgCdFrQQOHysyoWZobUH4yoFdDVEcYUAn3M85fzDPftJ5DMpzvvl
-kIr2vzydiEYEEBECAAYFAjq6nhgACgkQaoNFyDTeLy89tACdF3g5owMLD4vz0jjV
-SBitY0EWPysAnRDW1c0KOvZD17bAVZBxQ2eWwVA8iEYEEBECAAYFAjtUufcACgkQ
-orv7JAz5VveHYQCgrUeccfmKd4HZL3U7eY/q+gk4htoAn2PZyw+6pgM+4BhsY4we
-92GVNpuFiQCVAwUQOSdrzuHU/BTm0HRxAQEfGQP+MDXjIvXdVL3t8t6Woj9BctVk
-7Fwn8HICugaYdmrYkqi8v1Za0QcLpJ7vYW6HFfabHmD5JZOP8g6Kg2Nw7/+xUrmk
-/pm3Ha2XZec5PkChK/zp4Riz8uyohCesHSlBfohR6YuSgbWjrwW3JRt0UoU0rt9O
-JpQVMvlp2i8PbLzsfKuJAJUDBRA4VWZtLVkO0dLSrI0BAYi2A/90fMGElNgYFb7Y
-GqSbbWjurq2p3kAfrd9b6wVdGbPckmu66jQu431sYnCgI3DiDV1E34pPv3x0eG3S
-Srlzk+1qb3dEKcGUpy903/IegJLqHDuhuxJOUfUrlIWlUOdF6QM11Rlwlf59s/Rq
-huilK/ZG6umDbjT5gAqsf00L4UZN2okAlQMFEDtqIsaYB+Zb2EtZIQEBSmgD/Rmv
-PSbk/rYDA0M+DwDh6iiWdEJJlFO0tN3m5jstrKRuBztUJqgYrh29LvUqxanHaQQi
-eq+Cj7x6MUyn/hIIUpSf6rBjaEz7GjVuL/k27ooWGladsERkFafq3kE1ulJ43PIe
-SquSVXvt/QkcxtKFaV2M1TkelJ7/Vx6IyXoEe4TuiEYEEBECAAYFAjwRHwMACgkQ
-IgvIgzMMSnWKxQCcC+9T8Gs+o3LSRQL9ZDvAAWkyYoIAoOAGUxXVqBHm/iMGltSO
-R0ByYY/xiEYEEBECAAYFAjq6EWgACgkQD4SEoFpiW2avOwCghBbvmzjWBSFrEjz8
-6xotkCncjOgAoOAs/WG1hqmPxdFP5gQFThyyref/iQCVAwUQO7iKqZRUn1EgN49x
-AQFXxQP/YSzGp2Xz2LLsdpUAehoLZqXZbZqTykncQFAS/w6GVpYayyk4SQXOTOcp
-gVgAGPP2knWQrZad6YmIIWOyUjM4eSIR/XUM/dz07/4lmShJuJFMAuESzc2k/u3d
-/Ks1XlWMpk+Sb7UWXMZeS3mrp8OJt4iBB5oEEmnQy7VDqKl81XSIRgQQEQIABgUC
-OrmRCQAKCRCdtd0xUlm+yXFIAJwOHfmOFrv2oZCmlJVh5XOA6gMsrgCgk8Dq0FbS
-uG77YvYvbvysciIlf7eIRgQQEQIABgUCOyPiKQAKCRAeFaGjj2WOgq0tAJ9JjWvv
-eD5hZ9wMchni95qJDaGpHgCgge2zN+afIPmfTB8W016+oS9A5amIRgQQEQIABgUC
-O+w3bQAKCRC/tn5vQSeKRMh+AJwMdyui1UmkiI+Oz5z66rwM94sayQCg5ksP/oLC
-2Um+3naAtu/s+QUAGteIRgQTEQIABgUCPQen8wAKCRAgFTHVhF3+3ZiyAJ9gB8AK
-WFHNa8Y9R8UjthkTpDOodQCdHGYT+IlIH5Md6BjhwDOylf9dg4aIRgQTEQIABgUC
-PQesugAKCRBdjovp8jga1NyWAJ9F88COz7flGr4V6jojooPuFfmhdACeMeymmpEC
-cknjZcGMSXHq2lWjX9mJAJUDBRM9B7hxtoTxfMEKh00BAeiiA/wKoJFN111VwGLC
-xdHLUKWjF8u0XdXJiW1a+gnMhjYOBXGUkOVpEHXTCSHsZnnnzGAIXTHiGHckwNf1
-RMIEWmJBGXLcGgLBZnn2/GmnYycggZGcZ/77XCN4X0lLIOnIDMeYwmbgOWR2NFls
-QokwCUHq8h+IHwDxYk9MIKEs5Z0gcIhGBBMRAgAGBQI9B9wqAAoJEBj1A4AkwngC
-VdEAoNPqjHVqS0IvHRsLKnrYkeqeFaccAJoDf5sV4WL2KBFdCi7wof6KbL9dG4hG
-BBMRAgAGBQI9B9zsAAoJECH5xbz3apv11UEAoP4etDXLjDr00ytaoSQlDVd59wTK
-AJ9Fjrey9e+fHTjVcSw3OllNI788E4hGBBMRAgAGBQI9B92jAAoJEEbtrfQ1fWX7
-t/8AmwSidgzuP35OIvWg6EX90I2K40WqAJ9Lk6a6p4GrpgTkBOjneKKMxjelmYhG
-BBARAgAGBQI9B6tbAAoJELVSsEN3OQXWCqwAniS19wmrk8si6aMR2GFD4KFiv2hl
-AJ0XfhFxNpHqgsSoENB3VrdaKXpRh4hGBBMRAgAGBQI9CCkXAAoJENjKMXFboFLD
-6xEAnj8wOc6J8TLVTfxex5GTJe4vqnaMAKCOKYR+jOR0mt8GFyAhVaPfYnFs3YhG
-BBARAgAGBQI9t8krAAoJEJ+qc26EFy0RzXYAn3HfFo7qvhADKs5Jv7RlDzAcFuYW
-AJ0WDxU+6IwkQhLOSvlP1RteUGp+tYhGBBMRAgAGBQI+TC8pAAoJEI1Og5a9UkqW
-rZwAnRwKmzooWXTCRrP9GCOYw4IXDzviAJ96l4J9JLtSe+7amY46niXPsPCOmIhG
-BBMRAgAGBQI/HteVAAoJEA0VSkszaizlfVsAn1pwxjrNGg6bMEg74sHeN1sHvgKi
-AJ4mWclV61hr0tbkAKSDybVC2Ydyy4hGBBARAgAGBQI+9wRgAAoJELghiQKdsrW8
-5+gAniOL/7fN28qsAm0gjUsQrfA8Wj/vAJsHS6LCNH5kcOxJl6XbQf60Hy6pMIhG
-BBARAgAGBQI+9wSQAAoJEFIY2mCt64GLrdEAoMJF819q7/BeqggWZY5Ljs0Svp+4
-AKCfwM2fDU+MEemFuPsOw9gl2e7/ZYhGBBARAgAGBQI/1ftRAAoJEKTWXDNQN2Zn
-5SUAn3AnjtKazFCvt300gC/ONSddHjmMAKDXGvP5KzX7MT1lrCKn59gDa8B0Eohz
-BBARAgAzBQJChBp3BYMB4TOAJhpodHRwOi8vd3d3LmNhY2VydC5vcmcvaW5kZXgu
-cGhwP2lkPTEwAAoJENK7DQFl0P1YI18AoJsCg/sw0gEmXUfrYr2MiK/czbptAJ9G
-kTxQSVAZjhXla/iVR/ZJjXR+3YhGBBIRAgAGBQJCNCzqAAoJEFMx5x175C/jgkcA
-n36YbOwCbS+cLFPNTxX6UTq3eYIGAJ9rfz+bzc1E2uOITgD+/a/cGTXycohGBBMR
-AgAGBQJAC0zsAAoJEBhZ0B9ne6HsSxcAn1k8p8GxancHCX/fjPDc3OjREcm7AKCH
-0nUMgDieOO02xjVPbr+3mqfe0ohGBBMRAgAGBQJAC02xAAoJEIHC9+viE7aSBkMA
-ni74G/7rlmiSNOdMtFjvYk+W67uFAJ4xXZ0pVKl6OCGQTjZflGhn6J3gc4hGBBMR
-AgAGBQJAC05UAAoJEGtw7Nldw/RzIrsAn23FM2Ws1i5UaXyv1mTOGRNEqb66AJ97
-uprcGOQYyHEU1oxE1GdgK/1k94hiBBABAgAMBQJBgjKxBQM+ZT4AAAoJEPiFAGex
-HsLOL5sB/3feKat6T2m+zxDKW3soO3q/29BMBsO8vJjuDfgbPnvw4AZao2GiMTzE
-4x6OgCIVtZdiZ9EiDj6GLoq2c2KWkMaJAJUDBRA1zw8pU2npLW1qNDkBAY9YA/43
-6/vWJHs6r0UvDO1cjJ6IN/kLRda1z9DPjSo6ZdyzlfsJzCCDHP0AbM+fvgvKQSMD
-2qvneIAO1xXsRgdcxXqp+3SQNdciWjMOUE5tMy1hTx22T4Sbb+uuhZilpnf6lhIQ
-62PkdhVmvu3TNIIUfnGdgwuo9PfzAucQI+E/huFsRokCHAQQAQIABgUCQX8t7wAK
-CRCq4+bOZqFEaHUgD/9RkV6kTobCLxLCaXSz6iRCaXY5dWHfs98m0ebUjy0lhOxH
-Jluc/4h+FRmbQFHNtHiOKhEkHZOhjk6eSYND9ED2vE6gpK1WhmQeToDSbYNzm2e6
-NzUrjJBa5jqLFG+VP0LEXqDGfVrVIYLnnUBeqeE580vCIE+cxgilBXB0wcOUYYaY
-0CKFSoapGaRboxwWOzjTcdvMv3zRzLUCZD0z8Aj+Bbl5psw4cfgjgj5qL/uzS/vk
-0meMVbGd3HxEfO+8UTTC4GWLqqxa3hxPfE4sWsCLCSyHg8YDY7I3XWp0V85teuMZ
-srfNHL6TTqwJOeoxYv/G14CJd++ZNr6wc0gOqeAQDfGPPP+tsdf7P053Fh1gQHMZ
-cv2vEZmKh8Yn5OqDYvQmU+WRlxExmZPJHZhsNifGMW0eLMcppc+J1/KzRyawNtSh
-cXFoWBgben+8JFPKohVzHUHrbXKaS0N5EVpThmFCDF3wqLhtAjqYq7ViLcQuLlVH
-y8l6W9vJskHvDihyRDrqdhaHIIKk7IFRg9CH5UyfZVF3ZkFNf6VOC9nC6JhVhXqd
-XgnYyiJ8D6HEJyh3Da9kYlgmkIFhoDHLOX2r+GOXbj2ZCKD1P5Tqo/SDDMZQ+pi2
-jHc0l98gAubSiM+54fsLwX/LDgzqVICvnnft07D8ELwSJk272rgWSgtlnuo0ybQs
-R3JlZ29yeSBOZWlsIFNoYXBpcm8gPGdzaGFwaXJvQHNlbmRtYWlsLmNvbT6JAJUD
-BRA1FKtufEtnbaAOFWMBAa00A/wPLDXtNmFsA8EMdbBzKA3gjd4Y1fZQnVpT2tQI
-+FrMOCYH90Ncfp9pZgFLaL9tLV1cbV6IQowtHTTchmZSDijlzf0fIOoNypHQIRDW
-qx/RYm8P12lwv1U5777+UEFjU91RlA6fZTI/61LvC468TcADVnEn1OZo1INHdAhZ
-mE6saokAlQMFEDUUq+i92o/WP+p9/QEB9KwD/1PIjI2bsFxq9vNLghbRKRJEqpTb
-8RVvguCvvPY5bitqPus4VLvze95yTOxx7e5AONBWh/UyX8Z00d1Q0Sm5KZmdcz36
-5IH/nxP60ICp/Hp5PH1gjAXRA044go1yKDTSytT8r9P8dMlrfp/JGEWkuBlf3eZ4
-pSu5Rcf7iEjmZkN7iQEVAwUQNRXj2uNaWM2W6V8rAQGGDAgAiDH+jzoNEYEEtUFa
-Ra5VEds0AhCL/4qFjRnVw+NxQ1pLsj5jhozmPI6SGIuyNhwS7aW10VjZdNIoJxln
-DIRs3WaiviueXMg0yAteLxhXO0lCjHEFDhFX8jLcrTGLza/veRARjKpX1GMYaKn5
-ILgt2Qpmb7tnsXRp3Ul7sQwPHdCnI8Q0QLiKn4e4HpEExJCC3+V5H50sLBHRcLYV
-v7wFl2EjTRfy/EOUl1Yt+Xs9KqjCU2ta0s6ERpASnMaZSWe2EH5wbs6duS2noheu
-lE/f+rQIICjn5Kg/6+1MH1R2BivOh7swHX3qTr/oSK4aLmWYl4ZBUOMqQJBYGl49
-QDoBU4kAlQMFEDUWZMHkyepLT7bNHQEBzKoD/A8CbFiVD+8hCwzsXMfGYdhGO/MN
-SfeAk3GED6hfPsWlaRXQLdbcNT+vyltJI6tmq3zFvsZXl0Yb3IQf5fJM45qHAyEM
-egu8dK3+K8Bu2cbpWYKiNTawfBJyD8zwQXgT+GinbRjoPEvOfOYh+M61qVumfyjl
-0HAxoHt+KXTeyVfbiQCVAwUQNRZrsjxhKEdMqyEhAQHLAgQAoU2Z0J0uj2AGKfDj
-ge/9HrzEroPtD0hpMRM2GVXK/1lIIo37Gfg31TmLV8Cr7i9zvslHiqD91KrPcCjE
-6/LVSL/IHqBWKMS7hw9z+BDmMYziPGJPf2zUU+BNDaBCUIufDiM8MzkQc7RIQhS1
-s/0ggaaF3zKS5qZZsRFHB5I9K8qJAJUDBRA1GUPfvFYqkcU0pUkBAZioA/4m2znf
-4kSfnL2hks57NIbM+J0hSXZ9gtPQc+Dj5SBerrJWnhuxkf35u6fEIDz3efdO5rzE
-UrWivoGC794edDc/XJFLzwd3q1v18u7cQpNYnSNtW9kGgG5gGENa9R6xUF6IA2Pz
-25Y9qTGFwtLF+Hn0Em3OTk0a+luoo6sUVzSUJIkAlQMFEDUfrmwj5GLUv3ukIQEB
-4osEAJfbBlxv08cBsmnI64BusEwM/z2IYftAhgxY8gtMD10IxPyAiOv5I5en2DYR
-UHUTT2IX2OPE1pPYqiIiJ6cpZOYni8yQ+tsq1JVwmR+ccfzANz8w+cXM0Tu+EfuJ
-VcbiP8xl3UDBpvj9MncwJmt4DocjfvOV88xcv0DrTzIoX3y3iQB1AwUQNWoszKzh
-XMEE23sdAQGT/AL9HfhWPc8UtaJBtq10Bbm5A6AURAoVpyjEjvsvhSo9qwxMaEre
-xF5+OA0FnfGt58+ObtgrK/ybJ7Tfc69jozgNwFBLF8h5hx4w0UJWo2uRu2hw0c+M
-2gg68RoiDDuXdQH6iQCVAwUQNWrljSluPWNaXACpAQHLUQP+Jy7BnfjdjgIkYSbw
-mcy7usYVBIzB8GCb8bWM3Kdkd3RXM27YFipfARpHgPdRsJthEruudFjsk+X/RgtU
-/s0mXPI9L6GSThDAcXn6wgOI5cEQOdQqZWJu52wWh5NTlREe81GAgaJWS5IKgo1A
-N/R7zGf1oUKCAF6SjKVNs0grUz2JAJUDBRA1iC0MmqdHO8kXLHUBAUxEBACBJSVF
-oqqCk/V+05xx5SB00g4alW7EHTY4QfYP4bOUaZf6YA0Ql9aN9gtiU29TpI5VjHdk
-bShXEgkmE6gysJp8UH8b6P0oDNBr91eXaU5TXN+YNIJLICRoqMxCDv+h5+hh460Y
-eH6UZr/Mkh383iSauvibbS8vLkZr8sAuBUn6f4kAlQMFEDXH95A/ZTB66ZtiFQEB
-rtgD/jI55V14bVB/otVfNo/wM+TfqsFiiW20CtkHfeaBONwSPBEvvNDALj+fKAPV
-4pJHBV+i6rp779hUQuYbIvkrEl8eu6aDLEM5O9ZqsQ0fnWPogsN+jgSytjbSE8cQ
-CCkMI+/cTas4LH5t3KbYt9rfgv5BpGGzjaJ2R8+boQBvjdI0iQCVAwUQNRbZnwMl
-jPu+uSCxAQGO4gP/REXVFS4pDcwBmmZYIFUAJSw2cNDi47vBh//DhQWGXwzrvTLn
-Q/o5qUYDBjDJsZtb2uPDZJ1lPj8oYhn9fCJGBbea8Bh9jxxQUDEraLd3LcD1FsLz
-gWbYy6yHOxP6OmN45KYzVazy4Pdj+LTKuUlG49wXlJpTu5AA51bzbBEdvXSJAJUD
-BRA2PGmQKkR102trdqEBAWPSBACqoNyF2Eswn+TXnYJJE8xJKBaqsEel8LHyxtO+
-fAFzbUD0812S+aZ4gA9XUZP4CB+lr00Xbx1H1f0xM0m7NJ+HiWK37kYxpythMLqx
-agw1OG4mp5ZADAPUfC8HiMXYeQe815ufzLFd/eG4w91wD4BF0WsTfuy1Sows8UZv
-DAuXQIkAlQMFEDao8lzPc8jyYlQBCQEBDUgD/0WJlIGafmsmUSBmbnyFn76WjE26
-sxfJJJSJn6epEFDSP+km4UVyFdHjj+Ri/Q8HzJHRh+uvRtgfqe/wXrAc1Zhk3Pd4
-lIF9BN72ducE0pXjZz64mrZR6/VOca6aib7UtvGHrmdGSfrRLL9qMfx+e+Ysd1yy
-IUh2JHk3obkIao1qiQCVAwUQNsM4js84Rg/F0CaJAQEwbwQAwiX57DisYMxVEOOk
-RBsAeAUVveyjBEOzNJ6q2bgst39hAu3bZEspXP1EFNX9mm/77gxlYwDh/JBPqmYM
-DJyJfym0nsBQQOaj7OiObDxkpk3ZUGyljvBn7IX00d5IykeoOdP/jilJOCmeuAGX
-veEgs3kDmHYFL9VQkvjgVnJSSEOJAJUDBRA28AINxS1HbQ2/kG0BASGjA/4/OX2S
-Onqu4M/wpYs17rKPOLt0fe1/bMqwzfumu0dbTKUl4dAXWqIDFF1WMlFk0Qx9id89
-AcLDKz/lD95O9djYTRpw65obytWKNA32Tvn6k0TKM8nlW8GOjvo34JCO7rkW9Swe
-sewp71YcqxCASg198Vcd4JbTVxdbGZO6sxL+uIkAlQMFEDaFO1WkUJAsCdPmTQEB
-wxIEAJcZyacu/eg3bX9EBD8cj7R2UorZyhC6eaWiFvwTu0NO6yUlmFeF0R0dYgPp
-YwMEAzbviJKFlLwH1GbevH+Q0+aCBIJttkxUP4Mzlfq4wBh5u22YqKl/N3dKXBqV
-TyPMnLjNeMXDpEc5rXeHFoZOgIoumj0Rx5qk93LbN3a2VavaiQCVAwUQNoU7afLl
-ZUzmDiptAQEwQgQAkEs3DVDOR6Ge8lt2u9oDRj/G8lfPjrTKYBqid9PdD6+pXFTw
-Sm289IjIW7UW/iBTrr/LVmsiYd1G7e86/ps3bpuGlBzEiNbYqC5mbrfmKFdAIZc5
-RnQKpL3vNz7mQWUxXj/nT73aluUTyb3Hg2aFVNUaNZ34sAB2zjxZzk3v49GJAJUD
-BRA2hTuFsLFxg026EJEBAZ3dBACMv9QR7DzAcN5GZhWCnaE9DFUcg5+hCPhrIcCI
-5YqZAx1MAE8pVTtBQoFImELkBrs0rJnVhDIqmgkVApRmT6ecF5SD9IPpm/iympgL
-SuKBOP3s2d0V848P8BPrFS4kQ2eq7uWh0iENPTRQVenA6ZUZ2yMwI+oKxkKMFrvT
-0HnZyIkAlQMFEDbzpJ0VBbtr4vVmaQEBbFoD/RmGIsUhBh6Gx9R8o7SYwwdDb0ry
-6v/624ihcFMiLgI6T2D0zB2ol0XTbYYyUZFa2XkoTjq40fWOqA7DIor+MkQpDrxB
-pNPlRktoe94YPyx+M6b+O9yhx3U/8W+UP2ABgXR85NUCDxDTnsKmxJDkkinJ3rGA
-/Vv+fl5wdw3YVAgKiQCVAwUQNxJ38gx2JIpOldm1AQEeFgQAmK75xIhzb84Qfh9O
-LiFlHG38Ej2xnWgeqmO5VjL/JVYKyUTM6hzO5vQ/WhuSm7dDd1db4aN0Um/ySvmT
-oaI1Ct4UQfuenUmhWCEpdVPteDHBsvfzPCTMp9ezdR9kCXzri/YmpbtG8d32Q2FR
-/pEphCz9Y+R62IfHzBroe8qZpZuJAJUDBRA3Ej3hudwOSdjgzAEBAV0xA/4ru7K9
-M9wahHN9w2522CU8F0IL4PXeMtESANxyLnjNXF1MJiRAL3yGaAEPwNp6cPzJ5ogx
-BQGWSdHnP6htzsTZFRRrkFkzzYVh2WdVDV3P9+x6v7C1Gx21xpNkrmlQkbwyhlxP
-SOJVJdj3e6B7+L4Ttqjz3nafaWBGEuUL642bSIkAlQMFEDdUXQ/PHrUDIjJ6AQEB
-Y08D/0SXXMzYt2EESh/kzd1O3SO3Jpcn3O8+6Ggr7hm13mM+GxqjoBlbH04FtNP1
-01FdZWe4ti3V7R/JT+MY/Mpr6SuHqb9JcVFlDnzuvD57GqAcNcw9CAEwDMtBoGOd
-o7TPzUhykW9BXr2Nv7EUo/t5Q57bKKDjC116+S63Ej1uh8jriEYEEBECAAYFAjd+
-/lIACgkQawFiCQnrEb4BdwCff7heOPbXdtoqEJBL2U4zxWkgmfUAnRHdMmpcQiNs
-iBA6CwArw65vgqVziD8DBRA4Id1XRRnWk29yqT8RAnveAJ0YzBmJ3QcpKw2pDy7f
-FlmW9010kwCgjTFfi9g4oM/q2wCcKLO2sw761kWJAJUDBRA59cJzqM46LSPsJj0B
-AWF8A/9/UFdyqewGR2sHRpyqRmNvfGfUbxOO86csB+4XFZ2cimc0Sod9N+gNT7W9
-GFH6QHhZqF/uDkZm7zInb2AtCuj31T5Q6EgCNkv9x5PE8IxwH2FFNLby/cZrf+ve
-s5Uavp/Wkb9uY5GaAZgC7gq2KMMlFucHBTKAD3/mXJSIZv/zbIhGBBARAgAGBQI6
-uYsaAAoJENIP1AXK1QnGSm8Ani03N1EJszyqDX7RstHomoQxp1o3AJ4oEHSYTWwz
-ZYbJFQKZ/1fcutFBUIkAlQMFEDq6W5T27zi4+ENwcQEBRngD/0wkW9qleK7VAuVB
-f39bDy6Ff79GfZEuV8vEHHuc0q4kajM8ZZ7oC7NBwm+N9rTz7YWmF6ZiqE11zDUv
-ydnkNyz6fTR80tD0aUA8LAOvhWLdBRac90NeCKXAuBRVOD0CQWXzLYBiWcJOKAfN
-K4vZukVdyTpXerAKY15f6KNejHNCiQCVAwUQO1XYO9bgof5PvirdAQFiVwP/UoUN
-zGm7AL2CugIIRuAXYGZY/GX3OgZwNwAw0ckNajm+lPjHnA0VP/+8EaT/XWlfoLAe
-q9lhUq6oQZNvuU+zw2/muY34jokGTq1Tvft7UHxfiNuS6U0693wbNh2++ziWSx6T
-9JZ5v0EcGgIX3A4AmV5dQCv6h+yuY5UyrMIV9KCIRgQQEQIABgUCOrqerAAKCRBL
-2KFeEWrdpybyAJ46GW57+Hjq8YIO2sk04o2F/T0zogCg0KlVWRC/HddImQF+kkvp
-wsLJRzyIRgQQEQIABgUCOrqeGgAKCRBqg0XINN4vL7iuAJ9AErWJU78dUK7lGZIf
-64HKpONLegCfcfd5rLM7PMZR4oW8yN5h3pGsVByIRgQQEQIABgUCO1S5+wAKCRCi
-u/skDPlW93b1AJ4zsWpNxu4GoRERovK2JZHA+LE2AQCeNTkbmTBLayBo8XUs4ZfI
-fxK0SEWJAJUDBRA7V0WQ4dT8FObQdHEBASViBACx2nb4Hbl58MTqLf/txnAcG8bl
-9pIGfS17BF+J8vyi0HhiEi/NaNzEQtvWVG7ZsEAosAUg4DloNzf1uKJCk2cktxbM
-htUTz6dCF+sqMpVtcFYs0oaHW+5UjbIj1Rvz8oGyE5+2swTdDnUaTfUxskRY53Ju
-M4HJSbnbedH1OFzuqokAlQMFEDtZEEMGfl7Yv7VlaQEBcxEEAJ4I41zohad49XTz
-jOlU0TKPhDL4Xpe0riQQdAniKzB57IILSBRXOejXGjEVOwcZQP5Naj3WBnI1cxyb
-qJPKxL5olNi47xfhxf59LgWLByO8NSgk2bYApyOxGVCD3+ftfg/02B6KPs8sQ7x1
-z76H1ERRn7r90nBmYO4c7Aq7PI8TiEYEEBECAAYFAjwRHwUACgkQIgvIgzMMSnVB
-1ACdF2mIpA38PvfqS4FXxlqVnVdhnl0AnA+xFPyj14WS5IorJCS1qCxmd3M0iEYE
-EBECAAYFAjsj4iwACgkQHhWho49ljoIRugCfRkwThbWMldAOp1Lgtez+7bwxx2gA
-oIOZIhQGDH/toEBG5csUH0FzWXD3iEYEEBECAAYFAjvsN3IACgkQv7Z+b0EnikRL
-nQCdHzq6KDoeb22oKb0hZY58yDPvoHIAoL2CvjMWh/yL/9iL87yoozP9XU3SiEYE
-ExECAAYFAj0Hp/UACgkQIBUx1YRd/t3nUwCfSqOgkUdx1dh6Yztl42pEtcz+H/wA
-nj4UkKFkISvZDPLoYkj0lSBy3N5jiEYEExECAAYFAj0HrLwACgkQXY6L6fI4GtQR
-dgCfQJEKqq2eDiIE6Z/l2KZF8YtWsHgAoL04I6SS8/7yVZDFcwqbrZKBb/nQiQCV
-AwUTPQe4dbaE8XzBCodNAQEhAAP+MPRqolmwo0kdrdYCi862RchI2txhhotI3dZz
-6npVsxy5Ilbr7fOS6hbn1ORKg0cPpOt3mxDan6cJD3bFrFPXcMYaq9gSF+PkHeyN
-HO50o/e40T8IuS1mbLQeRVPIo66HIVM/PW0njy0as+r53a/EUQwSKpK+O2yYxZ/v
-3HM1YUCIRgQTEQIABgUCPQfcLQAKCRAY9QOAJMJ4AmDcAJ9c7hQ+SGFYpsfGrlDD
-UWWrKInMvwCgnme05M5csK3gCJR6WGVnr6JHlSuIRgQTEQIABgUCPQfc7gAKCRAh
-+cW892qb9dDGAKCHJldAMb4TVYHcB3woq4AFUGg9GQCeJxuPrqWyLOl93dnj9LiL
-16iDDieIRgQTEQIABgUCPQfdvgAKCRBG7a30NX1l+9AmAKCrC01ev05bLOQe9xQf
-tkgTsAJLVACfT4RGoxQiP9bSVXXc2DPnGyk9mbmIRgQQEQIABgUCPQerYQAKCRC1
-UrBDdzkF1j9oAJ90ewyqESUjUSNfxx67nRf7Bf/iwQCfRxsgP/H5kNxxO6zdvDmF
-P0CnaAuIRgQTEQIABgUCPQgpGgAKCRDYyjFxW6BSwxvcAKCcciX5v/zG9JJK+l2c
-aSg4299xCwCgyBxtWKCGX5DyU10MXMdULz4RYnGIRgQTEQIABgUCPx7XmwAKCRAN
-FUpLM2os5bUTAJ9P7VepCWX8qVaOQR/n955a9r91RwCfRssn6/is7V1qVV7Ee3NO
-c76RRAiIcwQQEQIAMwUCQoQadwWDAeEzgCYaaHR0cDovL3d3dy5jYWNlcnQub3Jn
-L2luZGV4LnBocD9pZD0xMAAKCRDSuw0BZdD9WDroAJ9AKRizGzwsKagEtLw7SkKx
-R4A0IACfRXvXahL3rLXXJH4daIRTFLoOfouIRgQSEQIABgUCQjQs5QAKCRBTMecd
-e+Qv43TBAJ4gvecTZP53Enhw5LKxe3Yn2NaUJACgg5dM2hEtHtA2APVewU+PifZi
-Bq2IRgQTEQIABgUCQAtM5AAKCRAYWdAfZ3uh7DMDAJ0fWKmQ0pzgBjv7f51mn9yw
-H9XsLgCeKNXyDfFPROiUezxSq8z6G1NgFTWIRgQTEQIABgUCQAtNqAAKCRCBwvfr
-4hO2kquOAJ9PuYi3o9pazwVWcaNaVXkyWgeT7ACcDPr/KVgw26+RZc5bhFYQwxSV
-On+IRgQTEQIABgUCQAtORwAKCRBrcOzZXcP0c/99AKC0s00mJCxM578qEFD0NoQ3
-QNYcMwCfQLVGqxtIdLpok/wzbw5rzcShIE+JAhwEEAECAAYFAkF/LeUACgkQquPm
-zmahRGgFdg/+OBnbqk6PQlWXqm9aKDpyqtToEwYDPzueWuvIM+OzFuz+B8En7RK1
-IMwcsKUj0VzLgNtX81xoJd+c/1JOIxQrJOtLbPKAk6ToNX8fXr8MqeHuTCvyYGWQ
-NChCyIfmvBrwIHjxWpeAEaJNzTC0y8vXEpOcveownXqV1XmcOD/BDFYky4/F7xAU
-Cf98WAwTpAq6vGclgvfDqOjB67V+ZXw5EqRDRwha9vjsI6P2Tc8CSWGh25IfmhIp
-TjP58AiFdKuO1Uh91XEU4t/ETOGMHnw3lQuIBCyj9o5p3N/nd4J8Re1lOs2qhhOg
-kubrNsrRw0oaenGbJZclALBd7vdYq5kM85sQfr2QbLNYXtXKsQerjNpMfkLjZXMn
-+6Le+MR28vAAoIoEBB3H4sqO99bLaPB4E6cdHKMnFJhlnNiaXJJKNrAD1dU0mwz2
-uxoNeYEu/MTdRYBZZdEEsmbORHOSbvamGAl/eUQA85K5QGXz0hArgZ9HRkY41Wrh
-tPEhTPhQIbX7CAZb0R+KV73wZjelEV9hpPz2IyHb2V5gJJOhdrXOLzdEJacMllHY
-p9fUmfxDnIsaJW72va6WxdDGIdI7FtFtv6ued4ACgzc4T7w2u24MVpD36gDWWC7W
-ThUt9uNU6kU29eAHZEBI4WheX5e2wu1BxgjVAn1LqiPRyPK3jr9kzy4=
-=eOEB
------END PGP PUBLIC KEY BLOCK-----
-
-Type Bits KeyID Created Expires Algorithm Use
-pub 1024 0x22327A01 1999-05-30 ---------- RSA Sign & Encrypt
-f16 Fingerprint16 = 03 3D 49 6D E4 D9 D6 01 F8 9D B0 3A 3D 68 6A 86
-uid Claus Assmann (PGP2) <ca+pgp2@Sendmail.ORG>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.2.4 (Darwin)
-
-mQCNAzdQxmkAAAEEAL9u1z33O6eZtDdHyhLP58+gXXxXnUR11rZ5jccPp5NkgXa7
-Mg1B4E8CNrs0WeRlXe9Yiyd3sgtS9oIYGhpw2YXs+CDoX5QYl9spiYeDN9lxox3g
-XGdVYtxChCOOnD0iLxbsgO485zkAR/xcyC2z8RpOYzf2sTSgf88etQMiMnoBAAUR
-tCtDbGF1cyBBc3NtYW5uIChQR1AyKSA8Y2ErcGdwMkBTZW5kbWFpbC5PUkc+iQCV
-AwUQN1DHlabmDSw+b5glAQEgBgQAjHLOkeHu9yg/6iefhesoCz/w4kgETjcuxa4m
-Chun2ELJqtn6oi3Xd3LBNCttSDj09u1rVLK2YlWKtV6gB3FAU5KD6JtkGenN/2mx
-KAczz/zfj4eT6STHIBxTUe408T/0oQex6Y//U3nD69KMCtb4Zg8YxJPEAfwHQNep
-ABwni/mJAJUDBRA3UMd8z3PI8mJUAQkBAWNTA/4s8blaNZ/U+zVHhEIVzM03QXr4
-3hoc8s4zZyQ1CNPJaPaZvFUn7QoiQOUyWMGk04BEecbi/ByKxhISS4Fu2ONOUcK2
-AlPcpMeBDU2GItE3JFY84UGl9EPQ7F5ZN53X2YgRvtTPxk4gEc9CU+cuz2KkAy3j
-u7bnC4upiIl28Vlr44kAlQMFEDdQxmrPHrUDIjJ6AQEBg28EAJL58R2EIDh+UIzb
-7WGfzmzeBxUFYvh+OSaIKZl/M25IZjF6lR+RugzAPlZjlhodzvk2Hrulp6jXHelp
-Fnd5XcWZbLWfSl+C+T1zdE8bnIKxWPKbvHyjvxE6URWbf1gY9qNCeGQ4IqKyRYLS
-xqwi/jGPN72lgC7+Ias8I9ACKBttiQCVAwUQN1WXf3xLZ22gDhVjAQELWwQAn1HI
-NXHF9DZWi/WCzHvgtEYn8yrGBXfQWjZWIvJTBBaIZv/aAqNhtZrwdtXvoNVGg/+V
-DFFL4PmHsKcLGFh8REIP7wOl+N99DsQDDJEwPBYS3aXNypz4wtC+iHF6qLeMapv2
-gZK7xrn9Bckg3CS+bQxEKC/tWWr8y2r0+C5djQ2JAJUDBRA3VKawechJ6GUP6GkB
-AeYfA/4yqbrPQ23kk31Pl3b0RID2MkyB/Ib4fpe5URYDx37Y+fQIGbXI11NqqKDH
-5TiO3WlvwscbCFEYS3Gu2/6WiJZ4Bn6oU34umAS0UwbNxNbeUUWYxce+u/Tkqt7v
-7/NRY01uBvWdB15uIS7fenCFBokV9FpTfCHa093H3vjd70dOtIkAlQMFEDdgM49u
-AhsP7LmozwEBH68D/iFfvhk1mzRg324gqWlqR9xxlFWvcKO5QF8hcNnuu27cUSET
-8tRnt3dSQOil6HSV+yM+ZSG+q8476Q2yC+B/tntdtCyNdJCXlsaXAOmIp2WC8Nki
-n8ia0dw7PYxhoPeYG79mVMOcy5HPfbkd6fr4TYTb4xbVehE4O+dIuCA/QQpviQCV
-AwUQO1XXU9bgof5PvirdAQH2AAP/YxBriSGcc3VMPN33UdAEV+5s+sSqQRNy1RmR
-qe51F1fiMMRutqpUgfsMUj2ckUgPiMeDxF69mUN1ls5egnptUVoM3APOlAMned5K
-/5vyTrP3smgJJ0NvLj2pf3ScLoRp7bKe66eY1WQLSgykTIkjoyRtX9Wo3Ou3PovY
-5shrpDKJAJUDBRA5J2t94dT8FObQdHEBARsfA/9/ilJBvkT52/+b5ylmw0OBExi1
-BYmoPwXVbA0slhrX5deIN5QobE5Zc7lydUfBa/CI/4KsqFcHH97pYEXxTw25/iuo
-eoJ2PVvBDfWVLKbCAkZlX23zq4kiv2boJO6wtKNEUhvaPY0E2pMoDONi6R/NurQ0
-pApPjBLLOXA5YdFwDIhGBBARAgAGBQI7VK6OAAoJEKK7+yQM+Vb3zZYAoJCqpiXc
-+k3SD7Qrgk5cCyYnf70rAKCk0SNyD7KauCUCjULUNc42TjIbGIkAlQMFEDtYywsG
-fl7Yv7VlaQEBMfgEAIi1anL/NDvkNSU1memJ5rrnOdFVVs0KPMrqON5bvT4nZ54m
-j4FvftCY2AmQasS6AVsUnFbx11HpEvFVGs8dVfrvAeNy6RiRhlLKQJOncmECalfh
-SIXqPke2iCW6+zdG1T/gS5T9T9/Lf2c9FQf0FjURAi3ynDA2RBLA5FDsI8v3iEYE
-EBECAAYFAjvsNnUACgkQv7Z+b0EnikT5AwCgz/MKoVVRzKZrQqBUfaR1fRZEk/UA
-oMfykSYtxU2vtTn/apyZ+pOuLHRNiEYEEBECAAYFAj23ySsACgkQn6pzboQXLRHC
-lwCfZamY7M1fQX/9f6wQGq5sKi9EHkYAmwaDRCa9o4rHVjogkl4XVBp48jq2iEYE
-EBECAAYFAj73BGEACgkQuCGJAp2ytbwo8wCfZOFd6B+62j/dAIzQ1FIdhcAFJfoA
-nA/Pp6NUFLzo5mfbdxwqcLYwfDSLiEYEEBECAAYFAj/V+mQACgkQUhjaYK3rgYu4
-wgCgteBhYhYRwtKbmpu8cH7mqpPoypMAoKPPA0id1LpOsvbFuzspwMYET/lhiEYE
-EBECAAYFAj/V+0sACgkQpNZcM1A3ZmehNQCgv3iGcnVQrzG2y2AdooU3WzukoSMA
-oMk4mNBNs50XMJaxUEL0A5DHTXGviEYEEBECAAYFAkALSVUACgkQGFnQH2d7oewC
-6gCfcpu1YGWFRnCrwNWRQAJA/AKR/Y0An1ZOpTKjhGKTX7Pc4sBDWULr6/AEiEYE
-EBECAAYFAkALSYUACgkQgcL36+ITtpLEOgCeKB+Ms1jRlAG0jOa6pszx7AqmB4cA
-niO2Ewctj86NRPQ1ihvosesJD9+QiEYEEBECAAYFAkALScoACgkQa3Ds2V3D9HNq
-SgCeIXXFJIevu3l/mVOQ1EHAJQpxJMsAn03ESc9ps6rITIjUT+8QtXSbMu2qiEYE
-EhECAAYFAkI0Lo4ACgkQUzHnHXvkL+OtSwCcCnP+FkbPwoOaLnaRZmpGrboGIocA
-n25jiOYVuqz9nQhdwBxycwBx4MDniEYEExECAAYFAj6IR3gACgkQ2MO5UukaubkY
-6ACcDolFeHT3Gr9tnkmsOgTNk3RapusAniFhht4QVOYPmyXlMk2XzHzuzLEuiGIE
-EAECAAwFAkGCMuMFAz5lPgAACgkQ+IUAZ7Eews4XxwH/eKhCQL0kShEQjr1aMtwX
-RpEKed88kbC+KXLr4Jnly96l9qNMO7WL+bhPfa2JYQHUeNf2u3YeJF+JaHmvzKFL
-sokAlQMFEDtpzf0j5GLUv3ukIQEB2C8D/0sFqS90GMEyPKVtrFgjq+ARQ2Ko/otc
-/OIIndguYjv3G+bdRpVynEk/Dedt/RRn/M1jAC2IKQDawSB9c6lY8UKkAEhD0nwd
-I+w2qnGpiHsGm2UhsYGwp+BRp1HKPtpriyvwyMRtyrgf2H3v5g2TsR+VXbEZ9fhf
-gCszm+1aGukziQCVAwUQO2ojRpgH5lvYS1khAQHBHwQAvGlE1z+C6G385T5lSFF9
-MNW1qXmpzQ7xtGLYHJSo+xCRQbKYk6Ewm8hcH6Qi9GQnNH2zGU1E5zwJUPEQN7dO
-xKNAn8+57gl4KyG2qDpeeAwu1VHSyi7bTo7WEw1tOm3oAK93F/AjsHrFc5oKhM8H
-jJ4I911BawgT7wUSSMyyRPaJAhwEEAECAAYFAkF+tPsACgkQquPmzmahRGiOCA//
-ZcA0aE7UTcR1kduVRMtqZejIXviujY8SEAyk2F+hymP1esphc1vnw1RksuNPXswA
-XeZtSiUESwKcr4z3gaYUPaH8G5acQ5eT5zNzWTVXFR/1Ys6uetNxLTFITjzf+4kE
-uaODW++NIrYBWVs54cA2ZqyDWijG+d3dbhtBbmtNIYnA/P8qgaC5x3f06fgtPaZP
-gUTend1s0uUez7LrHXx4J1Hftz/UnfNaGidbQtlSB2eQdi1ejrhiAFtmcVykGibK
-/N5QdsroJu551BBl6yl9Q/ymdf7fHgcFLuxDjqiB9Sd3SsY7i4M6EzN8tC4XnOgQ
-EbLQU8YcY//ZgYYJG6BFZBW9GUp52SZMOsrLj6I5DQSPBuejoJrCsCAeJ5kaV+li
-pKW4sUVGmVWYuo2PQ+FqsUBhI5vei2sTMAWO0v65revDoaL86i9UtwIZ5iToID0w
-PE86SUpypUC/sqrDdRBjG+JO3GWR+/UNdm7OzyxryhCEq/KY7yN8bjB7T8DjCRCo
-7PTucFo2QCfagwpdf1VPuvIaesLy25R/9K8+tAVrAOllCqP8pA20d2GJGGbC99GF
-xsagVq0PL8eq1KeeWO8LRC6R4LU//Gee8fWO27Xi/1h/vlh0SJUYppCeM6I7hfsx
-DnF3FZZEzV7oqPwC2jzv/1dD6GFhtgy0cnyoPGUJCyc=
-=nES8
------END PGP PUBLIC KEY BLOCK-----
-
-$Revision: 8.25 $, Last updated $Date: 2007/01/02 22:38:08 $
diff --git a/contrib/sendmail/README b/contrib/sendmail/README
deleted file mode 100644
index b0c25e5b74b3..000000000000
--- a/contrib/sendmail/README
+++ /dev/null
@@ -1,467 +0,0 @@
-
- SENDMAIL RELEASE 8
-
-This directory has the latest sendmail(TM) software from Sendmail, Inc.
-
-Report any bugs to sendmail-bugs-YYYY@support.sendmail.org
-where YYYY is the current year, e.g., 2005.
-
-There is a web site at http://www.sendmail.org/ -- see that site for
-the latest updates.
-
-+--------------+
-| INTRODUCTION |
-+--------------+
-
-0. The vast majority of queries about sendmail are answered in the
- README files noted below.
-
-1. Read this README file, especially this introduction, and the DIRECTORY
- PERMISSIONS sections.
-
-2. Read the INSTALL file in this directory.
-
-3. Read sendmail/README, especially:
- a. the introduction
- b. the BUILDING SENDMAIL section
- c. the relevant part(s) of the OPERATING SYSTEM AND COMPILE QUIRKS section
-
- You may also find these useful:
-
- d. sendmail/SECURITY
- e. devtools/README
- f. devtools/Site/README
- g. libmilter/README
- h. mail.local/README
- i. smrsh/README
-
-4. Read cf/README.
-
-Sendmail is a trademark of Sendmail, Inc.
-
-+-----------------------+
-| DIRECTORY PERMISSIONS |
-+-----------------------+
-
-Sendmail often gets blamed for many problems that are actually the
-result of other problems, such as overly permissive modes on directories.
-For this reason, sendmail checks the modes on system directories and
-files to determine if they can be trusted. For sendmail to run without
-complaining, you MUST execute the following command:
-
- chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
- chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
-
-You will probably have to tweak this for your environment (for example,
-some systems put the spool directory into /usr/spool instead of
-/var/spool). If you set the RunAsUser option in your sendmail.cf, the
-/var/spool/mqueue directory will have to be owned by the RunAsUser user.
-As a general rule, after you have compiled sendmail, run the command
-
- sendmail -v -bi
-
-to initialize the alias database. If it gives messages such as
-
- WARNING: writable directory /etc
- WARNING: writable directory /var/spool/mqueue
-
-then the directories listed have inappropriate write permissions and
-should be secured to avoid various possible security attacks.
-
-Beginning with sendmail 8.9, these checks have become more strict to
-prevent users from being able to access files they would normally not
-be able to read. In particular, .forward and :include: files in unsafe
-directory paths (directory paths which are group or world writable) will
-no longer be allowed. This would mean that if user joe's home directory
-was writable by group staff, sendmail would not use his .forward file.
-This behavior can be altered, at the expense of system security, by
-setting the DontBlameSendmail option. For example, to allow .forward
-files in group writable directories:
-
- O DontBlameSendmail=forwardfileingroupwritabledirpath
-
-Or to allow them in both group and world writable directories:
-
- O DontBlameSendmail=forwardfileinunsafedirpath
-
-Items from these unsafe .forward and :include: files will be marked
-as unsafe addresses -- the items can not be deliveries to files or
-programs. This behavior can also be altered via DontBlameSendmail:
-
- O DontBlameSendmail=forwardfileinunsafedirpath,
- forwardfileinunsafedirpathsafe
-
-The first flag allows the .forward file to be read, the second allows
-the items in the file to be marked as safe for file and program
-delivery.
-
-Other files affected by this strengthened security include class
-files (i.e., Fw /etc/mail/local-host-names), persistent host status files,
-and the files specified by the ErrorHeader and HelpFile options. Similar
-DontBlameSendmail flags are available for the class, ErrorHeader, and
-HelpFile files.
-
-If you have an unsafe configuration of .forward and :include:
-files, you can make it safe by finding all such files, and doing
-a "chmod go-w $FILE" on each. Also, do a "chmod go-w $DIR" for
-each directory in the file's path.
-
-
-+--------------------------+
-| FILE AND MAP PERMISSIONS |
-+--------------------------+
-
-Any application which uses either flock() or fcntl() style locking or
-other APIs that use one of these locking methods (such as open() with
-O_EXLOCK and O_SHLOCK) on files readable by other local untrusted users
-may be susceptible to local denial of service attacks.
-
-File locking is used throughout sendmail for a variety of files
-including aliases, maps, statistics, and the pid file. Any user who
-can open one of these files can prevent sendmail or it's associated
-utilities, e.g., makemap or newaliases, from operating properly. This
-can also affect sendmail's ability to update status files such as
-statistics files. For system which use flock() for file locking, a
-user's ability to obtain an exclusive lock prevents other sendmail
-processes from reading certain files such as alias or map databases.
-
-A workaround for this problem is to protect all sendmail files such
-that they can't be opened by untrusted users. As long as users can
-not open a file, they can not lock it. Since queue files should
-already have restricted permissions, the only files that need
-adjustment are alias, map, statistics, and pid files. These files
-should be owned by root or the trusted user specified in the
-TrustedUser option. Changing the permissions to be only readable and
-writable by that user is sufficient to avoid the denial of service.
-For example, depending on the paths you use, these commands would be
-used:
-
- chmod 0640 /etc/mail/aliases /etc/mail/aliases.{db,pag,dir}
- chmod 0640 /etc/mail/*.{db,pag,dir}
- chmod 0640 /etc/mail/statistics /var/log/sendmail.st
- chmod 0600 /var/run/sendmail.pid /etc/mail/sendmail.pid
-
-If the permissions 0640 are used, be sure that only trusted users belong
-to the group assigned to those files. Otherwise, files should not even
-be group readable. As of sendmail 8.12.4, the permissions shown above
-are the default permissions for newly created files.
-
-Note that the denial of service on the plain text aliases file
-(/etc/mail/aliases) only prevents newaliases from rebuilding the
-aliases file. The same is true for the database files on systems which
-use fcntl() style locking. Since it does not interfere with normal
-operations, sites may chose to leave these files readable. Also, it is
-not necessary to protect the text files associated with map databases
-as makemap does not lock those files.
-
-
-+-----------------------+
-| RELATED DOCUMENTATION |
-+-----------------------+
-
-There are other files you should read. Rooted in this directory are:
-
- FAQ
- The FAQ (frequently answered questions) is no longer maintained
- with the sendmail release. It is available at
- http://www.sendmail.org/faq/ . The file FAQ is a reminder of
- this and a pointer to the web page.
- INSTALL
- Installation instructions for building and installing sendmail.
- KNOWNBUGS
- Known bugs in the current release.
- RELEASE_NOTES
- A detailed description of the changes in each version. This
- is quite long, but informative.
- sendmail/README
- Details on compiling and installing sendmail.
- cf/README
- Details on configuring sendmail.
- doc/op/op.me
- The sendmail Installation & Operations Guide. In addition
- to the shipped PostScript version, plain text and PDF versions
- can be generating using (assuming the required conversion software
- is installed on your system, see doc/op/Makefile):
-
- cd doc/op && make op.txt op.pdf
-
- Be warned: on some systems calling make in doc/op/ will cause
- errors due to nroff/groff problems. Known problems are:
- - running this off on systems with an old version of -me, you
- need to add the following macro to the macros:
-
- .de sm
- \s-1\\$1\\s0\\$2
- ..
-
- This sets a word in a smaller pointsize.
-
- - with new groff versions (1.18 seems affected)
-
- GROFF_NO_SGR=1
-
- needs to be set, e.g., in doc/op/Makefile:
-
- ROFF_CMD= GROFF_NO_SGR=1 groff
-
-
-+--------------+
-| RELATED RFCS |
-+--------------+
-
-There are several related RFCs that you may wish to read -- they are
-available via anonymous FTP to several sites. For a list of the
-primary repositories see:
-
- http://www.isi.edu/in-notes/rfc-retrieval.txt
-
-They are also online at:
-
- http://www.ietf.org/
-
-They can also be retrieved via electronic mail by sending
-email to one of:
-
- mail-server@nisc.sri.com
- Put "send rfcNNN" in message body
- nis-info@nis.nsf.net
- Put "send RFCnnn.TXT-1" in message body
- sendrfc@jvnc.net
- Put "RFCnnn" as Subject: line
-
-For further instructions see:
-
- http://www.isi.edu/in-notes/rfc-editor/rfc-info
-
-Important RFCs for electronic mail are:
-
- RFC821 SMTP protocol
- RFC822 Mail header format
- RFC974 MX routing
- RFC976 UUCP mail format
- RFC1123 Host requirements (modifies 821, 822, and 974)
- RFC1344 Implications of MIME for Internet Mail Gateways
- RFC1413 Identification server
- RFC1428 Transition of Internet Mail from Just-Send-8 to
- 8-bit SMTP/MIME
- RFC1652 SMTP Service Extension for 8bit-MIMEtransport
- RFC1869 SMTP Service Extensions (ESMTP spec)
- RFC1870 SMTP Service Extension for Message Size Declaration
- RFC1891 SMTP Service Extension for Delivery Status Notifications
- RFC1892 Multipart/Report Content Type for the Reporting of
- Mail System Administrative Messages
- RFC1893 Enhanced Mail System Status Codes
- RFC1894 An Extensible Message Format for Delivery Status
- Notifications
- RFC1985 SMTP Service Extension for Remote Message Queue Starting
- RFC2033 Local Mail Transfer Protocol (LMTP)
- RFC2034 SMTP Service Extension for Returning Enhanced Error Codes
- RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One:
- Format of Internet Message Bodies
- RFC2476 Message Submission
- RFC2487 SMTP Service Extension for Secure SMTP over TLS
- RFC2554 SMTP Service Extension for Authentication
- RFC2821 Simple Mail Transfer Protocol
- RFC2822 Internet Message Format
- RFC2852 Deliver By SMTP Service Extension
- RFC2920 SMTP Service Extension for Command Pipelining
-
-Other standards that may be of interest (but which are less directly
-relevant to sendmail) are:
-
- RFC987 Mapping between RFC822 and X.400
- RFC1049 Content-Type header field (extension to RFC822)
-
-Warning to AIX users: this version of sendmail does not implement
-MB, MR, or MG DNS resource records, as defined (as experiments) in
-RFC1035.
-
-
-+---------+
-| WARNING |
-+---------+
-
-Since sendmail 8.11 and later includes hooks to cryptography, the
-following information from OpenSSL applies to sendmail as well.
-
-PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
-SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
-TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
-PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR
-COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL
-SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE
-YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT
-AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR
-ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
-
-If you use OpenSSL then make sure you read their README file which
-contains information about patents etc.
-
-
-+-------------------+
-| DATABASE ROUTINES |
-+-------------------+
-
-IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT ****
-use the version that was on the Net2 tape -- it has a number of
-nefarious bugs that were bad enough when I got them; you shouldn't have
-to go through the same thing. Instead, get a new version via the web at
-http://www.sleepycat.com/. This software is highly recommended; it gets
-rid of several stupid limits, it's much faster, and the interface is
-nicer to animals and plants. If the Berkeley DB include files
-are installed in a location other than those which your compiler searches,
-you will need to provide that directory when building:
-
- Build -I/path/to/include/directory
-
-If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly*
-urged to upgrade to DB version 2 or later, available from
-http://www.sleepycat.com/. Berkeley DB versions 1.85 and 1.86 are known to
-be broken in various nasty ways (see http://www.sleepycat.com/db.185.html),
-and can cause sendmail to dump core. In addition, the newest versions of
-gcc and the Solaris compilers perform optimizations in those versions that
-may cause fairly random core dumps.
-
-If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are
-using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h
-and ndbm.o from the DB library after building it. You should also apply
-all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site
-(see http://www.sleepycat.com/db.185.html), as they fix some of the known
-problems.
-
-If you are using a version of Berkeley DB 2 previous to 2.3.15, and you
-are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o
-from the DB library after building it. No other changes are necessary.
-
-If you are using Berkeley DB version 2.3.15 or greater, no changes are
-necessary.
-
-The underlying database file formats changed between Berkeley DB versions
-1.85 and 1.86, again between DB 1.86 and version 2.0, and finally between
-DB 2.X and 3.X. If you are upgrading from one of those versions, you must
-recreate your database file(s). Do this by rebuilding all maps with
-makemap and rebuilding the alias file with newaliases.
-
-
-+--------------------+
-| HOST NAME SERVICES |
-+--------------------+
-
-If you are using NIS or /etc/hosts, it is critical that you
-list the long (fully qualified) name somewhere (preferably first) in
-the /etc/hosts file used to build the NIS database. For example, the
-line should read
-
- 128.32.149.68 mastodon.CS.Berkeley.EDU mastodon
-
-**** NOT ****
-
- 128.32.149.68 mastodon
-
-If you do not include the long name, sendmail will complain loudly
-about ``unable to qualify my own domain name (mastodon) -- using
-short name'' and conclude that your canonical name is the short
-version and use that in messages. The name "mastodon" doesn't mean
-much outside of Berkeley, and so this creates incorrect and unreplyable
-messages.
-
-
-+-------------+
-| USE WITH MH |
-+-------------+
-
-This version of sendmail notices and reports certain kinds of SMTP
-protocol violations that were ignored by older versions. If you
-are running MH you may wish to install the patch in contrib/mh.patch
-that will prevent these warning reports. This patch also works
-with the old version of sendmail, so it's safe to go ahead and
-install it.
-
-
-+----------------+
-| USE WITH IDENT |
-+----------------+
-
-Sendmail 8 supports the IDENT protocol, as defined by RFC 1413.
-Note that the RFC states a client should wait at least 30 seconds
-for a response. As of 8.10.0, the default Timeout.ident is 5 seconds
-as many sites have adopted the practice of dropping IDENT queries.
-This has lead to delays processing mail.
-
-No ident server is included with this distribution. It is available
-from:
-
- ftp://ftp.lysator.liu.se/pub/ident/servers/
- http://sf.www.lysator.liu.se/~pen/pidentd/
-
-+-------------------------+
-| INTEROPERATION PROBLEMS |
-+-------------------------+
-
-Microsoft Exchange Server 5.0
- We have had a report that ``about 7% of messages from Sendmail
- to Exchange were not being delivered with status messages of
- "connection reset" and "I/O error".'' Upgrading Exchange from
- Version 5.0 to Version 5.5 Service Pack 2 solved this problem.
-
-CommuniGate Pro
- CommuniGate Pro 3.2.4 does not accept the AUTH= -parameter on
- the MAIL FROM command if the client is not authenticated. Use
-
- define(`confAUTH_OPTIONS', `A')
-
- in .mc file if you have compiled sendmail with Cyrus SASL
- and you communicate with CommuniGate Pro servers.
-
-+---------------------+
-| DIRECTORY STRUCTURE |
-+---------------------+
-
-The structure of this directory tree is:
-
-cf Source for sendmail configuration files. These are
- different than what you've seen before. They are a
- fairly dramatic rewrite, requiring the new sendmail
- (since they use new features).
-contrib Some contributed tools to help with sendmail. THESE
- ARE NOT SUPPORTED by sendmail -- contact the original
- authors if you have problems. (This directory is not
- on the 4.4BSD tape.)
-devtools Build environment. See devtools/README.
-doc Documentation. If you are getting source, read
- op.me -- it's long, but worth it.
-editmap A program to edit and query maps that have been created
- with makemap, e.g., adding and deleting entries.
-include Include files used by multiple programs in the distribution.
-libsmdb sendmail database library with support for Berkeley DB 1.X,
- Berkeley DB 2.X, Berkeley DB 3.X, and NDBM.
-libsmutil sendmail utility library with functions used by different
- programs.
-mail.local The source for the local delivery agent used for 4.4BSD.
- THIS IS NOT PART OF SENDMAIL! and may not compile
- everywhere, since it depends on some 4.4-isms. Warning:
- it does mailbox locking differently than other systems.
-mailstats Statistics printing program.
-makemap A program that creates the keyed maps used by the $( ... $)
- construct in sendmail. It is primitive but effective.
- It takes a very simple input format, so you will probably
- expect to preprocess must human-convenient formats
- using sed scripts before this program will like them.
- But it should be functionally complete.
-praliases A program to print the DBM or NEWDB version of the
- aliases file.
-rmail Source for rmail(8). This is used as a delivery
- agent for for UUCP, and could presumably be used by
- other non-socket oriented mailers. Older versions of
- rmail are probably deficient. RMAIL IS NOT PART OF
- SENDMAIL!!! The 4.4BSD source is included for you to
- look at or try to port to your system. There is no
- guarantee it will even compile on your operating system.
-smrsh The "sendmail restricted shell", which can be used as
- a replacement for /bin/sh in the prog mailer to provide
- increased security control. NOT PART OF SENDMAIL!
-sendmail Source for the sendmail program itself.
-test Some test scripts (currently only for compilation aids).
-vacation Source for the vacation program. NOT PART OF SENDMAIL!
-
-$Revision: 8.93 $, Last updated $Date: 2005/09/16 20:08:50 $
diff --git a/contrib/sendmail/RELEASE_NOTES b/contrib/sendmail/RELEASE_NOTES
deleted file mode 100644
index 8a0b51c3441f..000000000000
--- a/contrib/sendmail/RELEASE_NOTES
+++ /dev/null
@@ -1,10260 +0,0 @@
- SENDMAIL RELEASE NOTES
- $Id: RELEASE_NOTES,v 8.1909 2007/10/31 16:04:13 ca Exp $
-
-
-This listing shows the version of the sendmail binary, the version
-of the sendmail configuration files, the date of release, and a
-summary of the changes in that release.
-
-8.14.2/8.14.2 2007/11/01
- If a message was queued and it contained 8 bit characters in
- a From: or To: header, then those characters could be
- "mistaken" for internal control characters during a queue
- run and trigger various consistency checks. Problem
- noted by Neil Rickert of Northern Illinois University.
- If MaxMimeHeaderLength is set to a value greater than 0 (which
- it is by default) then even if the Linelimit parameter
- is 0, sendmail corrupted in the non-transfer-encoding
- case every MAXLINE-1 characters. Patch from John Gardiner
- Myers of Proofpoint.
- Setting the suboption DeliveryMode for DaemonPortOptions did not
- work in earlier 8.14 versions.
- Note: DeliveryMode=interactive is silently converted to
- background if a milter can reject or delete a recipient.
- Prior to 8.14 this happened only if milter could delete
- recipients.
- ClientRate should trigger when the limit was exceeded (as
- documented), not when it was reached. Patch from
- John Beck of Sun Microsystems.
- Force a queue run for -qGqueuegroup even if no runners are
- specified (R=0) and forking (F=f) is requested.
- When multiple results are requested for a DNS map lookup
- (-z and -Z), return only those that are relevant for
- the query (not also those in the "additional section".)
- If the message transfer time to sendmail (when acting as server)
- exceeds Timeout.queuewarn or Timeout.queuereturn and
- the message is refused (by a milter), sendmail previously
- created a delivery status notification (DSN). Patch
- from Doug Heath of The Hertz Corporation.
- A code change in Cyrus-SASL 2.1.22 for sasl_decode64() requires
- the MTA to deal with some input (i.e., "=") itself.
- Problem noted by Eliot Lear.
- sendmail counted a delivery as successful if PIPELINING is
- compiled in but not offered by the server and the
- delivery failed temporarily. Patch from Werner Wiethege.
- If getting the result of an LDAP query times out then close the
- map so it will be reopened on the next lookup. This
- should help "failover" configurations that specify more
- than one LDAP server.
- If check_compat returns $#discard then a "savemail panic" could
- be triggered under some circumstances (e.g., requiring
- a system which does not have the compile time flag
- HASFLOCK set). Based on patch by Motonori Nakamura
- of National Institute of Informatics, Japan.
- If a milter rejected a recipient, the count for nrcpts= in the
- logfile entry might have been wrong. Problem found by
- Petra Humann of TU Dresden.
- If a milter invoked smfi_chgfrom() where ESMTP arguments are not
- NULL, the message body was lost. Patch from Motonori
- Nakamura of National Institute of Informatics, Japan.
- sendmail(8) had a bogus space in -qGname. Patch from Peng Haitao.
- CONTRIB: buildvirtuser: Preserve ownership and permissions when
- replacing files.
- CONTRIB: buildvirtuser: Skip dot-files (e.g., .cvsignore) when
- reading the /etc/mail/virtusers/ directory.
- CONTRIB: buildvirtuser: Emit warnings instead of exiting where
- appropriate.
- LIBMILTER: Fix ABI backwards compatibility so milters compiled
- against an older libmilter.so shared library can use an
- 8.14 libmilter.so shared library.
- LIBMILTER: smfi_version() did not properly extract the patchlevel
- from the version number, however, the returned value was
- correct for the current libmilter version.
-
-8.14.1/8.14.1 2007/04/03
- Even though a milter rejects a recipient the MTA will still keep
- it in its list of recipients and deliver to it if the
- transaction is accepted. This is a regression introduced
- in 8.14.0 due to the change for SMFIP_RCPT_REJ. Bug
- found by Andy Fiddaman.
- The new DaemonPortOptions which begin with a lower case character
- could not be set in 8.14.0.
- If a server shut down the connection in response to a STARTTLS
- command, sendmail would log a misleading error message
- due to an internal inconsistency. Problem found by
- Werner Wiethege.
- Document how some sendmail.cf options change the behavior of mailq.
- Noted by Paul Menchini of the North Carolina School of
- Science and Mathematics.
- CONFIG: Add confSOFT_BOUNCE m4 option for setting SoftBounce.
- CONFIG: 8.14.0's RELEASE_NOTES failed to mention the addition
- of the confMAX_NOOP_COMMANDS and confSHARED_MEMORY_KEY_FILE
- m4 options for setting MaxNOOPCommands and
- SharedMemoryKeyFile.
- CONFIG: Add confMILTER_MACROS_EOH and confMILTER_MACROS_DATA m4
- options for setting Milter.macros.eoh and Milter.macros.data.
- CONTRIB: Use flock() and fcntl() in qtool.pl if necessary.
- Patch from Daniel Carroll of Mesa State College.
- LIBMILTER: Make sure an unknown command does not affect the
- currently available macros. Problem found by Andy Fiddaman.
- LIBMILTER: The MTA did not offer SMFIF_SETSYMLIST during option
- negotiation. Problem reported by Bryan Costales.
- LIBMILTER: Fix several minor errors in the documentation.
- Patches from Bryan Costales.
- PORTABILITY FIXES:
- AIX 5.{1,2}: libsm/util.c failed to compile due to
- redefinition of several macros, e.g., SIG_ERR.
- Patch from Jim Pirzyk with assistance by Bob
- Booth, University of Illinois at Urbana-Champaign.
- Add support for QNX.6. Patch from Sean Boudreau of QNX
- Software Systems.
- New Files:
- devtools/M4/depend/QNX6.m4
- devtools/OS/QNX.6.x
- include/sm/os/sm_os_qnx.h
-
- New Files added in 8.14.0, but not shown in the release notes entry:
- libmilter/docs/smfi_chgfrom.html
- libmilter/docs/smfi_version.html
-
-8.14.0/8.14.0 2007/01/31
- Header field values are now 8 bit clean. Notes:
- - header field names are still restricted to 7 bit.
- - RFC 2822 allows only 7 bit (US-ASCII) characters in
- headers.
- Preserve spaces after the colon in a header. Previously, any
- number of spaces after the colon would be changed to
- exactly one space.
- In some cases of deeply nested aliases/forwarding, mail can
- be silently lost. Moreover, the MaxAliasRecursion
- limit may be reached too early, e.g., the counter
- may be off by a factor of 4 in case of a sequence of
- .forward files that refer to others. Patch from
- Motonori Nakamura of Kyoto University.
- Fix a regression in 8.13.8: if InputMailFilters is set then
- "sendmail -bs" can trigger an assertion because the
- hostname of the client is undefined. It is now set
- to "localhost" for the xxfi_connect() callback.
- Avoid referencing a freed variable during cleanup when terminating.
- Problem reported and diagnosed by Joe Maimon.
- New option HeloName to set the name for the HELO/EHLO command.
- Patch from Nik Clayton.
- New option SoftBounce to issue temporary errors (4xy) instead of
- permanent errors (5xy). This can be useful for testing.
- New suboptions for DaemonPortOptions to set them individually
- per daemon socket:
- DeliveryMode DeliveryMode
- refuseLA RefuseLA
- delayLA DelayLA
- queueLA QueueLA
- children MaxDaemonChildren
- New option -K for LDAP maps to replace %1 through %9 in the
- lookup key with the LDAP escaped contents of the
- arguments specified in the map lookup. Loosely based
- on patch from Wolfgang Hottgenroth.
- Log the time after which a greet_pause delay triggered. Patch
- from Nik Clayton.
- If a client is rejected via TCP wrapper or some other check
- performed by validate_connection() (in conf.c) then do
- not also invoke greet_pause. Problem noted by Jim Pirzyk
- of the University of Illinois at Urbana-Champaign.
- If a client terminates the SMTP connection during a pause
- introduced by greet_pause, then a misleading message
- was logged previously. Problem noted by Vernon Schryver
- et.al., patch from Matej Vela.
- New command "mstat" for control socket to provide "machine
- readable" status.
- New named config file rule check_eom which is called at the end
- of a message, its parameter is the size of the message.
- If the macro {addr_type} indicates that the current address
- is a header address it also distinguishes between
- recipient and sender addresses (as it is done for
- envelope addresses).
- When a macro is set in check_relay, then its value is accessible
- by all transactions in the same SMTP session.
- Increase size of key for ldap lookups to 1024 (MAXKEY).
- New option MaxNOOPCommands to override default of 20 for the
- number of "useless" commands before the SMTP server will
- slow down responding.
- New option SharedMemoryKeyFile: if shared memory support is
- enabled, the MTA can be asked to select a shared memory
- key itself by setting SharedMemoryKey to -1 and specifying
- a file where to store the selected key.
- Try to deal with open HTTP proxies that are used to send spam
- by recognizing some commands from them. If the first command
- from the client is GET, POST, CONNECT, or USER, then the
- connection is terminated immediately.
- New PrivacyOptions noactualrecipient to avoid putting
- X-Actual-Recipient lines in DSNs revealing the actual
- account that addresses map to. Patch from Dan Harkless.
- New options B, z, and Z for DNS maps:
- -B: specify a domain that is always appended to queries.
- -z: specify the delimiter at which to cut off the result of
- a query if it is too long.
- -Z: specify the maximum number of entries to be concatenated
- to form the result of a lookup.
- New target "check" in the Makefile of libsm: instead of running tests
- implicitly while building libsm, they must be explicitly
- started by using "make check".
- Fixed some inconsistent checks for NULL pointers that have been
- reported by the SATURN tool which has been developed by
- Isil Dillig and Thomas Dillig of Stanford University.
- Fix a potential race condition caused by a signal handler for
- terminated child processes. Problem noted by David F. Skoll.
- When a milter deleted a recipient, that recipient could cause a
- queue group selection. This has been disabled as it was not
- intended.
- New operator 'r' for the arith map to return a random number.
- Patch from Motonori Nakamura of Kyoto University.
- New compile time option MILTER_NO_NAGLE to turn off the Nagle
- algorithm for communication with libmilter ("cork" on Linux),
- which may improve the communication performance on some
- operating systems. Patch from John Gardiner Myers of
- Proofpoint.
- If sendmail received input that contained a CR without subsequent LF
- (thus violating RFC 2821 (2.3.7)), it could previously
- generate an additional blank line in the output as the last
- line.
- Restarting persistent queue runners by sending a HUP signal to
- the "queue control process" (QCP) works now.
- Increase the length of an input line to 12288 to deal with
- really long lines during SMTP AUTH negotiations.
- Problem noted by Werner Wiethege.
- If ARPANET mode (-ba) was selected STARTTLS would fail (due to
- a missing initialization call for that case). Problem
- noted by Neil Rickert of Northern Illinois University.
- If sendmail is linked against a library that initializes Cyrus-SASL
- before sendmail did it (such as libnss-ldap), then SMTP AUTH
- could fail for the sendmail client. A patch by Moritz Both
- works around the API design flaw of Cyrus-SASLv2.
- CONFIG: Make it possible to unset the StatusFile option by
- undefining STATUS_FILE. By not setting StatusFile,
- the MTA will not attempt to open a statistics file on
- each delivery.
- CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP
- clients whose IP address does not have proper reverse DNS.
- Contributed by Neil Rickert of Northern Illinois University
- and John Beck of Sun Microsystems.
- CONFIG: New FEATURE(`block_bad_helo') to reject messages from SMTP
- clients which provide a HELO/EHLO argument which is either
- unqualified, or is one of our own names (i.e., the server
- name instead of the client name). Contributed by Neil
- Rickert of Northern Illinois University and John Beck of
- Sun Microsystems.
- CONFIG: New FEATURE(`badmx') to reject envelope sender addresses
- (MAIL) whose domain part resolves to a "bad" MX record.
- Based on contribution from William Dell Wisner.
- CONFIG: New macros SMTP_MAILER_LL and RELAY_MAILER_LL to override
- the maximum line length of the smtp mailers.
- CONFIG: New option `relaytofulladdress' for FEATURE(`access_db')
- to allow entries in the access map to be of the form
- To:user@example.com RELAY
- CONFIG: New subsuboptions eoh and data to specify the list of
- macros a milter should receive at those stages in the
- SMTP dialogue.
- CONFIG: New option confHELO_NAME for HeloName to set the name
- for the HELO/EHLO command.
- CONFIG: dnsbl and enhdnsbl can now also discard or quarantine
- messages by using those values as second argument.
- Patches from Nelson Fung.
- CONTRIB: cidrexpand uses a hash symbol as comment character and
- ignores everything after it unless it is in quotes or
- preceeded by a backslash.
- DEVTOOLS: New macro confMKDIR: if set to a program that creates
- directories, then it used for "make install" to create
- the required installation directories.
- DEVTOOLS: New macro confCCLINK to specify the linker to use for
- executables (defaults to confCC).
- LIBMILTER: A new version of the milter API has been created that
- has several changes which are listed below and documented
- in the webpages reachable via libmilter/docs/index.html.
- LIBMILTER: The meaning of the version macro SMFI_VERSION has been
- changed. It now refers only to the version of libmilter,
- not to the protocol version (which is used only internally,
- it is not user/milter-programmer visible). Additionally,
- a version function smfi_version() has been introduced such
- that a milter program can check the libmilter version also
- at runtime which is useful if a shared library is used.
- LIBMILTER: A new callback xxfi_negotiate() can be used to
- dynamically (i.e., at runtime) determine the available
- protocol actions and features of the MTA and also to
- specify which of these a milter wants to use. This allows
- for more flexibility than hardcoding these flags in the
- xxfi_flags field of the smfiDesc structure.
- LIBMILTER: A new callback xxfi_data() is available so milters
- can act on the DATA command.
- LIBMILTER: A new callback xxfi_unknown() is available so milters
- can receive also unknown SMTP commands.
- LIBMILTER: A new return code SMFIS_NOREPLY has been added which
- can be used by the xxfi_header() callback provided the
- milter requested the SMFIP_NOHREPL protocol action.
- LIBMILTER: The new return code SMFIS_SKIP can be used in the
- xxfi_body() callback to skip over further body chunks
- and directly advance to the xxfi_eom() callback. This
- is useful if a milter can make a decision based on the
- body chunks it already received without reading the entire
- rest of the body and the milter wants to invoke functions
- that are only available from the xxfi_eom() callback.
- LIBMILTER: A new function smfi_addrcpt_par() can be used to add
- new recipients including ESMTP parameters.
- LIBMILTER: A new function smfi_chgfrom() can be used to change the
- envelope sender including ESMTP parameters.
- LIBMILTER: A milter can now request to be informed about rejected
- recipients (RCPT) too. This requires to set the protocol
- flag SMFIP_RCPT_REJ during option negotiation. Whether
- a RCPT has been rejected can be checked by comparing the
- value of the macro {rcpt_mailer} with "error".
- LIBMILTER: A milter can now override the list of macros that it
- wants to receive from the MTA for each protocol step
- by invoking the function smfi_setsymlist() during option
- negotiation.
- LIBMILTER: A milter can receive header field values with all
- leading spaces by requesting the SMFIP_HDR_LEADSPC
- protocol action. Also, if the flag is set then the MTA
- does not add a leading space to headers that are added,
- inserted, or replaced.
- LIBMILTER: If a milter sets the reply code to "421" for the HELO
- callback, the SMTP server will terminate the SMTP session
- with that error to match the behavior of all other callbacks.
- New Files:
- cf/feature/badmx.m4
- cf/feature/block_bad_helo.m4
- cf/feature/require_rdns.m4
- devtools/M4/UNIX/check.m4
- include/sm/misc.h
- include/sm/sendmail.h
- include/sm/tailq.h
- libmilter/docs/smfi_addrcpt_par.html
- libmilter/docs/smfi_setsymlist.html
- libmilter/docs/xxfi_data.html
- libmilter/docs/xxfi_negotiate.html
- libmilter/docs/xxfi_unknown.html
- libmilter/example.c
- libmilter/monitor.c
- libmilter/worker.c
- libsm/memstat.c
- libsm/t-memstat.c
- libsm/t-qic.c
- libsm/util.c
- sendmail/daemon.h
- sendmail/map.h
-
-8.13.8/8.13.8 2006/08/09
- Fix a regression in 8.13.7: if shared memory is activated, then
- the server can erroneously report that there is
- insufficient disk space. Additionally make sure that
- an internal variable is set properly to avoid those
- misleading errors. Based on patch from Steve Hubert
- of University of Washington.
- Fix a regression in 8.13.7: the PidFile could be removed after
- the process that forks the daemon exited, i.e., if
- sendmail -bd is invoked. Problem reported by Kan Sasaki
- of Fusion Communications Corp. and Werner Wiethege.
- Avoid opening qf files if QueueSortOrder is "none". Patch from
- David F. Skoll.
- Avoid a crash when finishing due to referencing a freed variable.
- Problem reported and diagnosed by Moritz Jodeit.
- CONTRIB: cidrexpand now deals with /0 by issuing the entire IPv4
- range (0..255).
- LIBMILTER: The "hostname" argument of the xxfi_connect() callback
- previously was the equivalent of {client_ptr}. However,
- this did not match the documentation of the function, hence
- it has been changed to {client_name}. See doc/op/op.*
- about these macros.
-
-8.13.7/8.13.7 2006/06/14
- A malformed MIME structure with many parts can cause sendmail to
- crash while trying to send a mail due to a stack overflow,
- e.g., if the stack size is limited (ulimit -s). This
- happens because the recursion of the function mime8to7()
- was not restricted. The function is called for MIME 8 to
- 7 bit conversion and also to enforce MaxMimeHeaderLength.
- To work around this problem, recursive calls are limited to
- a depth of MAXMIMENESTING (20); message content after this
- limit is treated as opaque and is not checked further.
- Problem noted by Frank Sheiness.
- The changes to the I/O layer in 8.13.6 caused a regression for
- SASL mechanisms that use the security layer, e.g.,
- DIGEST-MD5. Problem noted by Robert Stampfli.
- If a timeout occurs while reading a message (during the DATA phase)
- a df file might have been left behind in the queue.
- This was another side effect of the changes to the I/O
- layer made in 8.13.6.
- Several minor problems have been fixed that were found by a
- Coverity scan of sendmail 8 as part of the NetBSD
- distribution. See http://scan.coverity.com/
- Note: the scan generated also a lot of "false positives",
- e.g., "error" reports about situations that cannot happen.
- Most of those code places are marked with lint(1) comments
- like NOTREACHED, but Coverity does not understand those.
- Hence an explicit assertion has been added in some cases
- to avoid those false positives.
- If the start of the sendmail daemon fails due to a configuration
- error then in some cases shared memory segments or pid
- files were not removed.
- If DSN support is disabled via access_db, then related ESMTP
- parameters for MAIL and RCPT should be rejected. Problem
- reported by Akihiro Sagawa.
- Enabling zlib compression in OpenSSL 0.9.8[ab] breaks the padding
- bug work-around. Hence if sendmail is linked against
- either of these versions and compression is available,
- the padding bug work-around is turned off. Based on
- patch from Victor Duchovni of Morgan Stanley.
- CONFIG: FEATURE(`dnsbl') and FEATURE(`enhdnsbl') used
- blackholes.mail-abuse.org as default domain for lookups,
- however, that list is no longer available. To avoid
- further problems, no default value is available anymore,
- but an argument must be specified.
- Portability:
- Fix compilation on OSF/1 for sfsasl.c. Patch from
- Pieter Bowman of the University of Utah.
-
-8.13.6/8.13.6 2006/03/22
- SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
- and client side of sendmail with timeouts in the libsm I/O
- layer and fix problems in that code. Also fix handling of
- a buffer in sm_syslog() which could have been used as an
- attack vector to exploit the unsafe handling of
- setjmp(3)/longjmp(3) in combination with signals.
- Problem detected by Mark Dowd of ISS X-Force.
- Handle theoretical integer overflows that could triggered if
- the server accepted headers larger than the maximum
- (signed) integer value. This is prevented in the default
- configuration by restricting the size of a header, and on
- most machines memory allocations would fail before reaching
- those values. Problems found by Phil Brass of ISS.
- If a server returns 421 for an RSET command when trying to start
- another transaction in a session while sending mail, do
- not trigger an internal consistency check. Problem found
- by Allan E Johannesen of Worcester Polytechnic Institute.
- If a server returns a 5xy error code (other than 501) in response
- to a STARTTLS command despite the fact that it advertised
- STARTTLS and that the code is not valid according to RFC
- 2487 treat it nevertheless as a permanent failure instead
- of a protocol error (which has been changed to a
- temporary error in 8.13.5). Problem reported by Jeff
- A. Earickson of Colby College.
- Clear SMTP state after a HELO/EHLO command. Patch from John
- Myers of Proofpoint.
- Observe MinQueueAge option when gathering entries from the queue
- for sorting etc instead of waiting until the entries are
- processed. Patch from Brian Fundakowski Feldman.
- Set up TLS session cache to properly handle clients that try to
- resume a stored TLS session.
- Properly count the number of (direct) child processes such that
- a configured value (MaxDaemonChildren) is not exceeded.
- Based on patch from Attila Bruncsak.
- LIBMILTER: Remove superfluous backslash in macro definition
- (libmilter.h). Based on patch from Mike Kupfer of
- Sun Microsystems.
- LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets.
- This generates an error message from libmilter on
- Solaris, though other systems appear to just discard the
- request silently.
- LIBMILTER: Deal with sigwait(2) implementations that return
- -1 and set errno instead of returning an error code
- directly. Patch from Chris Adams of HiWAAY Informations
- Services.
- Portability:
- Fix compilation checks for closefrom(3) and statvfs(2)
- in NetBSD. Problem noted by S. Moonesamy, patch from
- Andrew Brown.
-
-8.13.5/8.13.5 2005/09/16
- Store the filesystem identifier of the df/ subdirectory (if it
- exists) in an internal structure instead of the base
- directory. This structure is used decide whether there
- is enough free disk space when selecting a queue, hence
- without this change queue selection could fail if a df/
- subdirectory exists and is on a different filesystem
- than the base directory.
- Use the queue index of the df file (instead of the qf file) for
- checking whether a link(2) operation can be used to split
- an envelope across queue groups. Problem found by
- Werner Wiethege.
- If the list of items in the queue is larger than the maximum
- number of items to process, sort the queue first and
- then cut the list off instead of the other way around.
- Patch from Matej Vela of Rudjer Boskovic Institute.
- Fix helpfile to show full entry for ETRN. Problem noted by
- Penelope Fudd, patch from Neil Rickert of Northern Illinois
- University.
- FallbackSmartHost should also be tried on temporary errors.
- From John Beck of Sun Microsystems.
- When a server responds with 421 to the STARTTLS command then treat
- it as a temporary error, not as protocol error. Problem
- noted by Andrey J. Melnikoff.
- Properly define two functions in libsm as static because their
- prototype used static too. Patch from Peter Klein.
- Fix syntax errors in helpfile for MAIL and RCPT commands.
- LIBMILTER: When smfi_replacebody() is called with bodylen equals
- zero then do not silently ignore that call. Patch from
- Gurusamy Sarathy of Active State.
- LIBMILTER: Recognize "421" also in a multi-line reply to terminate
- the SMTP session with that error. Fix from Brian Kantor.
- Portability: New option HASSNPRINTF which can be set if the OS
- has a properly working snprintf(3) to get rid
- of the last two (safe) sprintf(3) calls in the
- source code.
- Add support for AIX 5.3.
- Add support for SunOS 5.11 (aka Solaris 11).
- Add support for Darwin 8.x. Patch from Lyndon Nerenberg.
- OpenBSD 3.7 has removed support for NETISO.
- CONFIG: Add OSTYPE(freebsd6) for FreeBSD 6.X.
- Set DontBlameSendmail to AssumeSafeChown and
- GroupWritableDirPathSafe for OSTYPE(darwin).
- Patch from Lyndon Nerenberg.
- Some features still used 4.7.1 as enhanced status code which
- was supposed to be eliminated in 8.13.0 because some
- broken systems misinterpret it as a permanent error.
- Patch from Matej Vela of Rudjer Boskovic Institute.
- Some default values in a generated cf file did not match
- the defaults in the sendmail binary. Problem noted
- by Mike Pechkin.
- New Files:
- cf/ostype/freebsd6.m4
- devtools/OS/AIX.5.3
- devtools/OS/Darwin.8.x
- devtools/OS/SunOS.5.11
- include/sm/time.h
-
-8.13.4/8.13.4 2005/03/27
- The bug fixes in 8.13.3 for connection handling uncovered a
- different error which could result in connections that
- stay in CLOSE_WAIT state due to a variable that was not
- properly initialized. Problem noted by Michael Sims.
- Deal with empty hostnames in hostsignature(). This bug could lead
- to an endless loop when doing LMTP deliveries to another
- host. Problem first reported by Martin Lathoud and
- tracked down by Gael Roualland.
- Make sure return parameters are initialized in getmxrr(). Problem
- found by Gael Roualland using valgrind.
- If shared memory is used and the RunAsUser option is set, then the
- owner and group of the shared memory segment is set to
- the ids specified RunAsUser and the access mode is set
- to 0660 to allow for updates by sendmail processes.
- The number of queue entries that is (optionally) kept in shared
- memory was wrong in some cases, e.g., envelope splitting
- and bounce generation.
- Undo a change made in 8.13.0 to silently truncate long strings
- in address rewriting because the message can be triggered
- for header checks where long strings are legitimate.
- Problem reported by Mary Verge DeSisto, and tracked
- down with the help of John Beck of Sun Microsystems.
- The internal stab map did not obey the -m flag. Patch from
- Rob McMahon of Warwick University, England.
- The socket map did not obey the -f flag. Problem noted by
- Dan Ringdahl, forwarded by Andrzej Filip.
- The addition of LDAP recursion in 8.13.0 broke enforcement of
- the LDAP map -1 argument which tells the MTA to only
- return success if and only if a single LDAP match is found.
- Add additional error checks in the MTA for milter communication
- to avoid a possible segmentation fault. Based on patch
- by Joe Maimon.
- Do not trigger an assertion if X509_digest() returns success but
- does not assign a value to its output parameter. Based
- on patch by Brian Kantor.
- Add more checks when resetting internal AUTH data (applies only
- to Cyrus SASL version 2). Otherwise an SMTP session might
- be dropped after an AUTH failure.
- Portability:
- Add LA_LONGLONG as valid LA_TYPE type for systems that use
- "long long" to read load average data, e.g.,
- AIX 5.1 in 32 bit mode. Note: this has to be set
- "by hand", it is not (yet) automatically detected.
- Problem noted by Burak Bilen.
- Use socklen_t for accept(), etc. on AIX 5.x. This should
- fix problems when compiling in 64 bit mode.
- Problem first reported by Harry Meiert of
- University of Bremen.
- New Files:
- include/sm/sem.h
- libsm/sem.c
- libsm/t-sem.c
-
-8.13.3/8.13.3 2005/01/11
- Enhance handling of I/O errors, especially EOF, when STARTTLS
- is active.
- Make sure a connection is not reused after it has been closed
- due to a 421 error. Problem found by Allan E Johannesen
- of Worcester Polytechnic Institute.
- Avoid triggering an assertion when sendmail is interrupted while
- closing a connection. Problem found by Allan E Johannesen
- of Worcester Polytechnic Institute.
- Regression: a change in 8.13.2 caused sendmail not to try the
- next MX host (or FallbackMXhost if configured) when, at
- connection open, the current server returns a 4xy or 5xy
- SMTP reply code. Problem noted by Mark Tranchant.
-
-8.13.2/8.13.2 2004/12/15
- Do not split the first header even if it exceeds the internal
- buffer size. Previously a part of such a header would
- end up in the body of the message. Problem noted by
- Simple Nomad of BindView.
- Do not complain about "cataddr: string too long" when checking
- headers that do not contain RFC 2822 addresses.
- Problem noted by Rich Graves of Brandeis University.
- If a server returns a 421 reply to the RSET command between
- message deliveries, do not attempt to deliver any more
- messages on that connection. This prevents bogus "Bad
- file number" recipient status. Problem noted by
- Allan E Johannesen of Worcester Polytechnic Institute.
- Allow trailing white space in EHLO command as recommended by RFC
- 2821. Problem noted by Ralph Santagato of SBC Services.
- Deal with clients which use AUTH but negotiate a smaller buffer size
- for data exchanges than the value used by sendmail, e.g.,
- Cyrus IMAP lmtp server. Based on patch by Jamie Clark.
- When passing ESMTP arguments for RCPT to a milter, do not cut
- them off at a comma. Problem noted by Krzysztof Oledzki.
- Add more logging to milter change header functions to
- complement existing logging. Based on patch from
- Gurusamy Sarathy of Active State.
- Include <lber.h> in include/sm/config.h when LDAPMAP is defined.
- Patch from Edgar Hoch of the University of Stuttgart.
- Fix DNS lookup if IPv6 is enabled when converting an IP address
- to a hostname for use with SASL. Problem noted by Ken Jones;
- patch from Hajimu UMEMOTO.
- CONFIG: For consistency enable MODIFY_MAILER_FLAGS for the prog
- mailer. Patch from John Beck of Sun Microsystems.
- LIBMILTER: It was possible that xxfi_abort() was called after
- xxfi_eom() for a message if some timeouts were triggered.
- Patch from Alexey Kravchuk.
- LIBMILTER: Slightly rearrange mutex use in listener.c to allow
- different threads to call smfi_opensocket() and smfi_main().
- Patch from Jordan Ritter of Cloudmark.
- MAIL.LOCAL: Properly terminate MBDB before exiting. Problem
- noted by Nelson Fung.
- MAIL.LOCAL: make strip-mail.local used a wrong path to access
- mail.local. Problem noted by William Park.
- VACATION: Properly terminate MBDB before exiting. Problem noted
- by Nelson Fung.
- Portability:
- Add support for DragonFly BSD.
- New Files:
- cf/ostype/dragonfly.m4
- devtools/OS/DragonFly
- include/sm/os/sm_os_dragonfly.h
- Deleted Files:
- libsm/vsscanf.c
-
-8.13.1/8.13.1 2004/07/30
- Using the default AliasFile ldap: specification would cause the
- objectClasses of the LDAP response to be included in the
- alias expansion. Problem noted by Brenden Conte of
- Rensselaer Polytechnic Institute.
- Fix support for a fallback smart host for system where DNS is
- (partially) available. From John Beck of Sun Microsystems.
- Fix SuperSafe=PostMilter behavior when a milter replaces a body
- but the data file is not yet stored on disk because it is
- smaller than the size of the memory buffer. Problem noted
- by David Russell.
- Fix certificate revocation list support; if a CRL was specified
- but the other side presented a cert that was signed by
- a different (trusted) CA than the one which issued the CRL,
- verification would always fail. Problem noted by Al Smith.
- Run mailer programs as the RunAsUser when RunAsUser is set and
- the F=S mailer flag is set without a U= mailer equate.
- Problem noted by John Gardiner Myers of Proofpoint.
- ${nbadrcpts} was off by one if BadRcptThrottle is zero.
- Patch from Sung-hoon Choi of DreamWiz Inc.
- CONFIG: Emit a warning if FEATURE(`access_db') is used after
- FEATURE(`greet_pause') because then the latter will not
- use the access map. Note: if no default value is given
- for FEATURE(`greet_pause') then it issues an error if
- FEATURE(`access_db') is not specified before it.
- Problem noted by Alexander Dalloz of University of
- Bielefeld.
- CONFIG: Invoke ruleset Local_greet_pause if FEATURE(`greet_pause')
- is used to give more flexibility for local changes.
- Portability:
- Fix a 64 bit problem in the socket map code. Problem
- noted by Geoff Adams.
- NetBSD 2.0F has closefrom(3). Patch from Andrew Brown.
- NetBSD can use sysctl(3) to get the number of CPUs in
- a system. Patch from Andrew Brown.
- Add a README file in doc/op/ to explain potential
- incompatibilities with various *roff related
- tools. Problem tracked down by Per Hedeland.
- New Files:
- doc/op/README
-
-8.13.0/8.13.0 2004/06/20
- Do not include AUTH data in a bounce to avoid leaking confidential
- information. See also cf/README about MSP and the section
- "Providing SMTP AUTH Data when sendmail acts as Client".
- Problem noted by Neil Rickert of Northern Illinois
- University.
- Fix compilation error in libsm/clock.c for -D_FFR_SLEEP_USE_SELECT=n
- and -DSM_CONF_SETITIMER=0. Problem noted by Juergen Georgi
- of RUS University of Stuttgart.
- Fix bug in conversion from 8bit to quoted-printable. Problem found
- by Christof Haerens, patch from Per Hedeland.
- Add support for LDAP recursion based on types given to attribute
- specifications in an LDAP map definition. This allows
- LDAP queries to return a new query, a DN, or an LDAP
- URL which will in turn be queried. See the ``LDAP
- Recursion'' section of doc/op/op.me for more information.
- Based on patch from Andrew Baucom.
- Extend the default LDAP specifications for AliasFile
- (O AliasFile=ldap:) and file classes (F{X}@LDAP) to
- include support for LDAP recursion via new attributes.
- See ``USING LDAP FOR ALIASES, MAPS, and CLASSES'' section
- of cf/README for more information.
- New option for LDAP maps: the -w option allows you to specify the
- LDAP API/protocol version to use. The default depends on
- the LDAP library.
- New option for LDAP maps: the -H option allows you to specify an
- LDAP URI instead of specifying the LDAP server via -h host
- and -p port. This also allows for the use of LDAP over
- SSL and connections via named sockets if your LDAP
- library supports it.
- New compile time flag SM_CONF_LDAP_INITIALIZE: set this if
- ldap_initialize(3) is available (and LDAPMAP is set).
- If MaxDaemonChildren is set and a command is repeated too often
- during a SMTP session then terminate it just like it is
- done for too many bad SMTP commands.
- Basic connection rate control support has been added: the daemon
- maintains the number of incoming connections per client
- IP address and total in the macros {client_rate} and
- {total_rate}, respectively. These macros can be used
- in the cf file to impose connection rate limits.
- A new option ConnectionRateWindowSize (default: 60s)
- determines the length of the interval for which the
- number of connections is stored. Based on patch from
- Jose Marcio Martins da Cruz, Ecole des Mines de Paris.
- Add optional protection from open proxies and SMTP slammers which
- send SMTP traffic without waiting for the SMTP greeting.
- If enabled by the new ruleset greet_pause (see
- FEATURE(`greet_pause')), sendmail will wait the specified
- amount of time before sending the initial 220 SMTP
- greeting. If any traffic is received before then, a 554
- SMTP response is sent and all SMTP commands are rejected
- during that connection.
- If 32 NOOP (or unknown/bad) commands are issued by a client the SMTP
- server could sleep for a very long time. Fix based on
- patch from Tadashi Kobayashi of IIJ.
- Fix a potential memory leak in persistent queue runners if the
- number of entries in the queue exceeds the limit of jobs.
- Problem noted by Steve Hubert of University of Washington.
- Do not use 4.7.1 as enhanced status code because some broken systems
- misinterpret it as a permanent error.
- New value for SuperSafe: PostMilter which will delay fsync() until
- all milters accepted the mail. This can increase
- performance if many mails are rejected by milters due to
- body scans. Based on patch from David F. Skoll.
- New macro {msg_id} which contains the value of the Message-Id:
- header, whether provided by the client or generated by
- sendmail.
- New macro {client_connections} which contains the number of open
- connections in the SMTP server for the client IP address.
- Based on patch from Jose Marcio Martins da Cruz, Ecole des
- Mines de Paris.
- sendmail will now remove its pidfile when it exits. This was done
- to prevent confusion caused by running sendmail stop
- scripts two or more times, where the second and subsequent
- runs would report misleading error messages about sendmail's
- pid no longer existing. See section 1.3.15 of doc/op/op.me
- for a discussion of the implications of this, including
- how to correct broken scripts which may have depended on
- the old behavior. From John Beck of Sun Microsystems.
- Support per-daemon input filter lists which override the default
- filter list specified in InputMailFilters. The filters
- can be listed in the I= equate of DaemonPortOptions.
- Do not add all domain prefixes of the hostname to class 'w'. If
- your configuration relies on this behavior, you have to
- add those names to class 'w' yourself. Problem noted
- by Sander Eerkes.
- Support message quarantining in the mail queue. Quarantined
- messages are not run on normal queue displays or runs
- unless specifically requested with -qQ. Quarantined queue
- files are named with an hf prefix instead of a qf prefix.
- The -q command line option now can specify which queue to display
- or run. -qQ operates on quarantined queue items. -qL
- operates on lost queue items.
- Restricted mail queue runs and displays can be done based on the
- quarantined reason using -qQtext to run or display
- quarantined items if the quarantine reason contains the
- given text. Similarly, -q!Qtext will run or display
- quarantined items which do not have the given text in the
- quarantine reason.
- Items in the queue can be quarantined or unquarantined using the
- new -Q option. See doc/op/op.me for more information.
- When displaying the quarantine mailq with 'mailq -qQ', the
- quarantine reason is shown in a new line prefixed by
- "QUARANTINE:".
- A new error code for the $#error mailer, $@ quarantine, can be used
- to quarantine messages in check_* (except check_compat) and
- header check rulesets. The $: of the mailer triplet will
- be used for the quarantine reason.
- Add a new quarantine count to the mailstats collected.
- Add a new macro ${quarantine} which is the quarantine reason for a
- message if it is quarantined.
- New map type "socket" for a trivial query protocol over UNIX domain
- or TCP sockets (requires compile time option SOCKETMAP).
- See sendmail/README and doc/op/op.me for details as well as
- socketmapServer.pl and socketmapClient.pl in contrib.
- Code donated by Bastiaan Bakker of LifeLine Networks.
- Define new macro ${client_ptr} which holds the result of the PTR
- lookup for the client IP address. Note: this is the same
- as ${client_name} if and only if ${client_resolve} is OK.
- Add a new macro ${nbadrcpts} which contains the number of bad
- recipients received so far in a transaction.
- Call check_relay with the value of ${client_name} to deal with bogus
- DNS entries. See also FEATURE(`use_client_ptr'). Problem
- noted by Kai Schlichting.
- Treat Delivery-Receipt-To: headers the same as Return-Receipt-To:
- headers (turn them into DSNs). Delivery-Receipt-To: is
- apparently used by SIMS (Sun Internet Mail System).
- Enable connection caching for LPC mailers. Patch from Christophe
- Wolfhugel of France Telecom Oleane.
- Do not silently truncate long strings in address rewriting.
- Add support for Cyrus SASL version 2. From Kenneth Murchison of
- Oceana Matrix Ltd.
- Add a new AuthOption=m flag to require the use of mechanisms which
- support mutual authentication. From Kenneth Murchison of
- Oceana Matrix Ltd.
- Fix logging of TLS related problems (introduced in 8.12.11).
- The macros {auth_author} and {auth_authen} are stored in xtext
- format just like the STARTTLS related macros to avoid
- problems with parsing them. Problem noted by Pierangelo
- Masarati of SysNet s.n.c.
- New option AuthRealm to set the authentication realm that is
- passed to the Cyrus SASL library. Patch from Gary Mills
- of the University of Manitoba.
- Enable AUTH mechanism EXTERNAL if STARTTLS verification was
- successful, otherwise relaying would be allowed if
- EXTERNAL is listed in TRUST_AUTH_MECH() and STARTTLS
- is active.
- Add basic support for certificate revocation lists. Note: if a
- CRLFile is specified but the file is unusable, STARTTLS
- is disabled. Based on patch by Ralf Hornik.
- Enable workaround for inconsistent Cyrus SASLv1 API for mechanisms
- DIGEST-MD5 and LOGIN.
- Write pid to file also if sendmail only acts as persistent queue
- runner. Proposed by Gary Mills of the University of Manitoba.
- Keep daemon pid file(s) locked so other daemons don't try to
- overwrite each other's pid files.
- Increase maximum length of logfile fields for {cert_subject} and
- {cert_issuer} from 128 to 256. Requested by Christophe
- Wolfhugel of France Telecom.
- Log the TLS verification message on the STARTTLS= log line at
- LogLevel 12 or higher.
- If the MSP is invoked with the verbose option (-v) then it will
- try to use the SMTP command VERB to propagate this option
- to the MTA which in turn will show the delivery just like
- it was done before the default 8.12 separation of MSP and
- MTA. Based on patch by Per Hedeland.
- If a daemon is refusing connections for longer than the time specified
- by the new option RejectLogInterval (default: 3 hours) due
- to high load, log this information. Patch from John Beck
- of Sun Microsystems.
- Remove the ability for non-trusted users to raise the value of
- CheckpointInterval on the command line.
- New mailer flag 'B' to strip leading backslashes, which is a
- subset of the functionality of the 's' flag.
- New mailer flag 'W' to ignore long term host status information.
- Patch from Juergen Georgi of RUS University of Stuttgart.
- Enable generic mail filter API (milter) by default. To turn
- it off, add -DMILTER=0 to the compile time options.
- An internal SMTP session discard flag was lost after an RSET/HELO/EHLO
- causing subsequent messages to be sent instead of being
- discarded. This also caused milter callbacks to be called
- out of order after the SMTP session was reset.
- New option RequiresDirfsync to turn off the compile time flag
- REQUIRES_DIR_FSYNC at runtime. See sendmail/README for
- further information.
- New command line option -D logfile to send debug output to
- the indicated log file instead of stdout.
- Add Timeout.queuereturn.dsn and Timeout.queuewarn.dsn to control
- queue return and warning times for delivery status
- notifications.
- New queue sort order option: 'n'one for not sorting the queue entries
- at all.
- Several more return values for ruleset srv_features have been added
- to enable/disable certain features in the server per
- connection. See doc/op/op.me for details.
- Support for SMTP over SSL (smtps), activated by Modifier=s
- for DaemonPortOptions.
- Continue with DNS lookups on ECONNREFUSED and TRY_AGAIN when
- trying to canonify hostnames. Suggested by Neil Rickert
- of Northern Illinois University.
- Add support for a fallback smart host (option FallbackSmartHost) to
- be tried as a last resort after all other fallbacks. This
- is designed for sites with partial DNS (e.g., an accurate
- view of inside the company, but an incomplete view of
- outside). From John Beck of Sun Microsystems.
- Enable timeout for STARTTLS even if client does not start the TLS
- handshake. Based on patch by Andrey J. Melnikoff.
- Remove deprecated -v option for PH map, use -k instead. Patch from
- Mark Roth of the University of Illinois at Urbana-Champaign.
- libphclient is version 1.2.x by default, if version 1.1.x is required
- then compile with -DNPH_VERSION=10100. Patch from Mark Roth
- of the University of Illinois at Urbana-Champaign.
- Add Milter.macros.eom, allowing macros to be sent to milter
- applications for use in the xxfi_eom() callback.
- New macro {time} which contains the output of the time(3) function,
- i.e., the number of seconds since 0 hours, 0 minutes,
- 0 seconds, January 1, 1970, Coordinated Universal Time (UTC).
- If check_relay sets the reply code to "421" the SMTP server will
- terminate the SMTP session with a 421 error message.
- Get rid of dead code that tried to access the environment variable
- HOSTALIASES.
- Deprecate the use of ErrorMode=write. To enable this in 8.13
- compile with -DUSE_TTYPATH=1.
- Header check rulesets using $>+ (do not strip comments) will get
- the header value passed in without balancing quotes,
- parentheses, and angle brackets. Based on patch from
- Oleg Bulyzhin.
- Do not complain and fix up unbalanced quotes, parentheses, and
- angle brackets when reading in rulesets. This allows
- rules to be written for header checks to catch strings
- that contain quotes, parentheses, and/or angle brackets.
- Based on patch from Oleg Bulyzhin.
- Do not close socket when accept(2) in the daemon encounters
- some temporary errors like ECONNABORTED.
- Added list of CA certificates that are used by members of the
- sendmail consortium, see CACerts.
- Portability:
- Two new compile options have been added:
- HASCLOSEFROM System has closefrom(3).
- HASFDWALK System has fdwalk(3).
- Based on patch from John Beck of Sun Microsystems.
- The Linux kernel version 2.4 series has a broken flock() so
- change to using fcntl() locking until they can fix
- it. Be sure to update other sendmail related
- programs to match locking techniques.
- New compile time option NEEDINTERRNO which should be set
- if <errno.h> does not declare errno itself.
- Support for UNICOS/mk and UNICOS/mp added, some changes for
- UNICOS. Patches contributed by Aaron Davis and
- Brian Ginsbach, Cray Inc., and Manu Mahonen of
- Center for Scientific Computing.
- Add support for Darwin 7.0/Mac OS X 10.3 (a.k.a. Panther).
- Extend support to Darwin 7.x/Mac OS X 10.3 (a.k.a. Panther).
- Remove path from compiler definition for Interix because
- Interix 3.0 and 3.5 put gcc in different locations.
- Also use <sys/mkdev.h> to get the correct
- major()/minor() definitions. Based on feedback
- from Mark Funkenhauser.
- CONFIG: Add support for LDAP recursion to the default LDAP searches
- for maps via new attributes. See the ``USING LDAP FOR
- ALIASES, MAPS, and CLASSES'' section of cf/README and
- cf/sendmail.schema for more information.
- CONFIG: Make sure confTRUSTED_USER is valid even if confRUN_AS_USER
- is of the form "user:group" when used for submit.mc.
- Problem noted by Carsten P. Gehrke, patch from Neil Rickert
- of Northern Illinois University.
- CONFIG: Add a new access DB value of QUARANTINE:reason which
- instructs the check_* (except check_compat) to quarantine
- the message using the given reason.
- CONFIG: Use "dns -R A" as map type for dnsbl (just as for enhdnsbl)
- instead of "host" to avoid problem with looking up other
- DNS records than just A.
- CONFIG: New option confCONNECTION_RATE_WINDOW_SIZE to define the
- length of the interval for which the number of incoming
- connections is maintained.
- CONFIG: New FEATURE(`ratecontrol') to set the limits for connection
- rate control for individual hosts or nets.
- CONFIG: New FEATURE(`conncontrol') to set the limits for the
- number of open SMTP connections for individual hosts or nets.
- CONFIG: New FEATURE(`greet_pause') enables open proxy and SMTP
- slamming protection described above. The feature can
- take an argument specifying the milliseconds to wait and/or
- use the access database to look the pause time based on
- client hostname, domain, IP address, or subnet.
- CONFIG: New FEATURE(`use_client_ptr') to have check_relay use
- $&{client_ptr} as its first argument. This is useful for
- rejections based on the unverified hostname of client,
- which turns on the same behavior as in earlier sendmail
- versions when delay_checks was not in use. See also entry
- above about check_relay being invoked with ${client_name}.
- CONFIG: New option confREJECT_LOG_INTERVAL to specify the log
- interval when refusing connections for this long.
- CONFIG: Remove quotes around usage of confREJECT_MSG; in some cases
- this requires a change in a mc file. Requested by
- Ted Roberts of Electronic Data Systems.
- CONFIG: New option confAUTH_REALM to set the authentication realm
- that is passed to the Cyrus SASL library. Patch from
- Gary Mills of the University of Manitoba.
- CONFIG: Rename the (internal) classes {tls}/{src} to {Tls}/{Src}
- to follow the naming conventions.
- CONFIG: Add a third optional argument to local_lmtp to specify
- the A= argument.
- CONFIG: Remove the f flag from the default mailer flags of
- local_lmtp.
- CONFIG: New option confREQUIRES_DIR_FSYNC to turn off the compile
- time flag REQUIRES_DIR_FSYNC at runtime.
- CONFIG: New LOCAL_UUCP macro to insert rules into the generated
- cf file at the same place where MAILER(`uucp') inserts
- its rules.
- CONFIG: New options confTO_QUEUERETURN_DSN and confTO_QUEUEWARN_DSN
- to control queue return and warning times for delivery
- status notifications.
- CONFIG: New option confFALLBACK_SMARTHOST to define FallbackSmartHost.
- CONFIG: Add the mc file which has been used to create the cf
- file to the end of the cf file when using make in cf/cf/.
- Patch from Richard Rognlie.
- CONFIG: FEATURE(nodns) has been removed, it was a no-op since 8.9.
- Use ServiceSwitchFile to turn off DNS lookups, see
- doc/op/op.me.
- CONFIG: New option confMILTER_MACROS_EOM (sendmail Milter.macros.eom
- option) defines macros to be sent to milter applications for
- use in the xxfi_eom() callback.
- CONFIG: New option confCRL to specify file which contains
- certificate revocations lists.
- CONFIG: Add a new value (sendertoo) for the third argument to
- FEATURE(`ldap_routing') which will reject the SMTP
- MAIL From: command if the sender address doesn't exist
- in LDAP. See cf/README for more information.
- CONFIG: Add a fifth argument to FEATURE(`ldap_routing') which
- instructs the rulesets on whether or not to do a domain
- lookup if a full address lookup doesn't match. See cf/README
- for more information.
- CONFIG: Add a sixth argument to FEATURE(`ldap_routing') which
- instructs the rulesets on whether or not to queue the mail
- or give an SMTP temporary error if the LDAP server can't be
- reached. See cf/README for more information. Based on
- patch from Billy Ray Miller of Caterpillar.
- CONFIG: Experimental support for MTAMark, see cf/README for details.
- CONFIG: New option confMESSAGEID_HEADER to define a different
- Message-Id: header format. Patch from Bastiaan Bakker
- of LifeLine Networks.
- CONTRIB: New version of cidrexpand which uses Net::CIDR. From
- Derek J. Balling.
- CONTRIB: oldbind.compat.c has been removed due to security problems.
- Found by code inspection done by Reasoning, Inc.
- DEVTOOLS: Add an example file for devtools/Site/, contributed
- by Neil Rickert of Northern Illinois University.
- LIBMILTER: Add new function smfi_quarantine() which allows the
- filter's EOM routine to quarantine the current message.
- Filters which use this function must include the
- SMFIF_QUARANTINE flag in the registered smfiDesc structure.
- LIBMILTER: If a milter sets the reply code to "421", the SMTP server
- will terminate the SMTP session with that error.
- LIBMILTER: Upon filter shutdown, libmilter will not remove a
- named socket in the file system if it is running as root.
- LIBMILTER: Add new function smfi_progress() which allows the filter
- to notify the MTA that an EOM operation is still in progress,
- resetting the timeout.
- LIBMILTER: Add new function smfi_opensocket() which allows the filter
- to attempt to establish the interface socket, and detect
- failure to do so before calling smfi_main().
- LIBMILTER: Add new function smfi_setmlreply() which allows the
- filter to return a multi-line SMTP reply.
- LIBMILTER: Deal with more temporary errors in accept() by ignoring
- them instead of stopping after too many occurred.
- Suggested by James Carlson of Sun Microsystems.
- LIBMILTER: Fix a descriptor leak in the sample program found in
- docs/sample.html. Reported by Dmitry Adamushko.
- LIBMILTER: The sample program also needs to use SMFIF_ADDRCPT.
- Reported by Carl Byington of 510 Software Group.
- LIBMILTER: Document smfi_stop() and smfi_setdbg(). Patches
- from Bryan Costales.
- LIBMILTER: New compile time option SM_CONF_POLL; define this if
- poll(2) should be used instead of select(2).
- LIBMILTER: New function smfi_insheader() and related protocol
- amendments to support header insertion operations.
- MAIL.LOCAL: Add support for hashed mail directories, see
- mail.local/README. Contributed by Chris Adams of HiWAAY
- Informations Services.
- MAILSTATS: Display quarantine message counts.
- MAKEMAP: Add new flag -D to specify the comment character to use
- instead of '#'.
- VACATION: Add new flag -j to auto-respond to messages regardless of
- whether or not the recipient is listed in the To: or Cc:
- headers.
- VACATION: Add new flag -R to specify the envelope sender address
- for the auto-response message.
- New Files:
- CACerts
- cf/feature/conncontrol.m4
- cf/feature/greet_pause.m4
- cf/feature/mtamark.m4
- cf/feature/ratecontrol.m4
- cf/feature/use_client_ptr.m4
- cf/ostype/unicos.m4
- cf/ostype/unicosmk.m4
- cf/ostype/unicosmp.m4
- contrib/socketmapClient.pl
- contrib/socketmapServer.pl
- devtools/OS/Darwin.7.0
- devtools/OS/UNICOS-mk
- devtools/OS/UNICOS-mp
- devtools/Site/site.config.m4.sample
- include/sm/os/sm_os_unicos.h
- include/sm/os/sm_os_unicosmk.h
- include/sm/os/sm_os_unicosmp.h
- libmilter/docs/smfi_insheader.html
- libmilter/docs/smfi_progress.html
- libmilter/docs/smfi_quarantine.html
- libmilter/docs/smfi_setdbg.html
- libmilter/docs/smfi_setmlreply.html
- libmilter/docs/smfi_stop.html
- sendmail/ratectrl.c
- Deleted Files:
- cf/feature/nodns.m4
- contrib/oldbind.compat.c
- devtools/OS/CRAYT3E.2.0.x
- devtools/OS/CRAYTS.10.0.x
- libsm/vsprintf.c
- Renamed Files:
- devtools/OS/Darwin.7.0 => devtools/OS/Darwin.7.x
-
-8.12.11/8.12.11 2004/01/18
- Use QueueFileMode when opening qf files. This error was a
- regression in 8.12.10. Problem detected and diagnosed
- Lech Szychowski of the Polish Power Grid Company.
- Properly count the number of queue runners in a work group and
- make sure the total limit of MaxQueueChildren is not
- exceeded. Based on patch from Takayuki Yoshizawa of
- Techfirm, Inc.
- Take care of systems that can generate time values where the
- seconds can exceed the usual range of 0 to 59.
- Problem noted by Randy Diffenderfer of EDS.
- Avoid regeneration of identical queue identifiers by processes
- whose process id is the same as that of the initial
- sendmail process that was used to start the daemon.
- Problem noted by Randy Diffenderfer of EDS.
- When a milter invokes smfi_delrcpt() compare the supplied
- recipient address also against the printable addresses
- of the current list to deal with rewritten addresses.
- Based on patch from Sean Hanson of The Asylum.
- BadRcptThrottle now also works for addresses which return the
- error mailer, e.g., virtusertable entries with the
- right hand side error:. Patch from Per Hedeland.
- Fix printing of 8 bit characters as octals in log messages.
- Based on patch by Andrey J. Melnikoff.
- Undo change of algorithm for MIME 7-bit base64 encoding to 8-bit
- text that has been introduced in 8.12.3. There are some
- examples where the new code fails, but the old code works.
- To get the 8.12.3-8.12.10 version, compile sendmail with
- -DMIME7TO8_OLD=0. If you have an example of improper
- 7 to 8 bit conversion please send it to us.
- Return normal error code for unknown SMTP commands instead of
- the one specified by check_relay or a milter for a
- connection. Problem noted by Andrzej Filip.
- Some ident responses contain data after the terminating CRLF which
- causes sendmail to log "POSSIBLE ATTACK...newline in string".
- To avoid this everything after LF is ignored.
- If the operating system supports O_EXLOCK and HASFLOCK is set
- then a possible race condition for creating qf files
- can be avoided. Note: the race condition does not
- exist within sendmail, but between sendmail and an
- external application that accesses qf files.
- Log the proper options name for TLS related mising files for
- the CACertPath, CACertFile, and DHParameters options.
- Do not split an envelope if it will be discarded, otherwise df
- files could be left behind. Problem found by Wolfgang
- Breyha.
- The use of the environment variables HOME and HOSTALIASES has been
- deprecated and will be removed in version 8.13. This only
- effects configuration which preserve those variable via the
- 'E' command in the cf file as sendmail clears out its entire
- environment.
- Portability:
- Add support for Darwin 7.0/Mac OS X 10.3 (a.k.a. Panther).
- Solaris 10 has unsetenv(), patch from Craig Mohrman of
- Sun Microsystems.
- LIBMILTER: Add extra checks in case a broken MTA sends bogus data
- to libmilter. Based on code review by Rob Grzywinski.
- SMRSH: Properly assemble commands that contain '&&' or '||'.
- Problem noted by Eric Lee of Talking Heads.
- New Files:
- devtools/OS/Darwin.7.0
-
-8.12.10/8.12.10 2003/09/24 (Released: 2003/09/17)
- SECURITY: Fix a buffer overflow in address parsing. Problem
- detected by Michal Zalewski, patch from Todd C. Miller
- of Courtesan Consulting.
- Fix a potential buffer overflow in ruleset parsing. This problem
- is not exploitable in the default sendmail configuration;
- only if non-standard rulesets recipient (2), final (4), or
- mailer-specific envelope recipients rulesets are used then
- a problem may occur. Problem noted by Timo Sirainen.
- Accept 0 (and 0/0) as valid input for set MaxMimeHeaderLength.
- Problem noted by Thomas Schulz.
- Add several checks to avoid (theoretical) buffer over/underflows.
- Properly count message size when performing 7->8 or 8->7 bit MIME
- conversions. Problem noted by Werner Wiethege.
- Properly compute message priority based on size of entire message,
- not just header. Problem noted by Axel Holscher.
- Reset SevenBitInput to its configured value between SMTP
- transactions for broken clients which do not properly
- announce 8 bit data. Problem noted by Stefan Roehrich.
- Set {addr_type} during queue runs when processing recipients.
- Based on patch from Arne Jansen.
- Better error handling in case of (very unlikely) queue-id conflicts.
- Perform better error recovery for address parsing, e.g., when
- encountering a comment that is too long. Problem noted by
- Tanel Kokk, Union Bank of Estonia.
- Add ':' to the allowed character list for bogus HELO/EHLO
- checking. It is used for IPv6 domain literals. Patch from
- Iwaizako Takahiro of FreeBit Co., Ltd.
- Reset SASL connection context after a failed authentication attempt.
- Based on patch from Rob Siemborski of CMU.
- Check Berkeley DB compile time version against run time version
- to make sure they match.
- Do not attempt AAAA (IPv6) DNS lookups if IPv6 is not enabled
- in the kernel.
- When a milter adds recipients and one of them causes an error,
- do not ignore the other recipients. Problem noted by
- Bart Duchesne.
- CONFIG: Use specified SMTP error code in mailertable entries which
- lack a DSN, i.e., "error:### Text". Problem noted by
- Craig Hunt.
- CONFIG: Call Local_trust_auth with the correct argument. Patch
- from Jerome Borsboom.
- CONTRIB: Better handling of temporary filenames for doublebounce.pl
- and expn.pl to avoid file overwrites, etc. Patches from
- Richard A. Nelson of Debian and Paul Szabo.
- MAIL.LOCAL: Fix obscure race condition that could lead to an
- improper mailbox truncation if close() fails after the
- mailbox is fsync()'ed and a new message is delivered
- after the close() and before the truncate().
- MAIL.LOCAL: If mail delivery fails, do not leave behind a
- stale lockfile (which is ignored after the lock timeout).
- Patch from Oleg Bulyzhin of Cronyx Plus LLC.
- Portability:
- Port for AIX 5.2. Thanks to Steve Hubert of University
- of Washington for providing access to a computer
- with AIX 5.2.
- setreuid(2) works on OpenBSD 3.3. Patch from
- Todd C. Miller of Courtesan Consulting.
- Allow for custom definition of SMRSH_CMDDIR and SMRSH_PATH
- on all operating systems. Patch from Robert Harker
- of Harker Systems.
- Use strerror(3) on Linux. If this causes a problem on
- your Linux distribution, compile with
- -DHASSTRERROR=0 and tell sendmail.org about it.
- Added Files:
- devtools/OS/AIX.5.2
-
-8.12.9/8.12.9 2003/03/29
- SECURITY: Fix a buffer overflow in address parsing due to
- a char to int conversion problem which is potentially
- remotely exploitable. Problem found by Michal Zalewski.
- Note: an MTA that is not patched might be vulnerable to
- data that it receives from untrusted sources, which
- includes DNS.
- To provide partial protection to internal, unpatched sendmail MTAs,
- 8.12.9 changes by default (char)0xff to (char)0x7f in
- headers etc. To turn off this conversion compile with
- -DALLOW_255 or use the command line option -d82.101.
- To provide partial protection for internal, unpatched MTAs that may be
- performing 7->8 or 8->7 bit MIME conversions, the default
- for MaxMimeHeaderLength has been changed to 2048/1024.
- Note: this does have a performance impact, and it only
- protects against frontal attacks from the outside.
- To disable the checks and return to pre-8.12.9 defaults,
- set MaxMimeHeaderLength to 0/0.
- Do not complain about -ba when submitting mail. Problem noted
- by Derek Wueppelmann.
- Fix compilation with Berkeley DB 1.85 on systems that do not
- have flock(2). Problem noted by Andy Harper of Kings
- College London.
- Properly initialize data structure for dns maps to avoid various
- errors, e.g., looping processes. Problem noted by
- Maurice Makaay of InterNLnet B.V.
- CONFIG: Prevent multiple application of rule to add smart host.
- Patch from Andrzej Filip.
- CONFIG: Fix queue group declaration in MAILER(`usenet').
- CONTRIB: buildvirtuser: New option -t builds the virtusertable
- text file instead of the database map.
- Portability:
- Revert wrong change made in 8.12.7 and actually use the
- builtin getopt() version in sendmail on Linux.
- This can be overridden by using -DSM_CONF_GETOPT=0
- in which case the OS supplied version will be used.
-
-8.12.8/8.12.8 2003/02/11
- SECURITY: Fix a remote buffer overflow in header parsing by
- dropping sender and recipient header comments if the
- comments are too long. Problem noted by Mark Dowd
- of ISS X-Force.
- Fix a potential non-exploitable buffer overflow in parsing the
- .cf queue settings and potential buffer underflow in
- parsing ident responses. Problem noted by Yichen Xie of
- Stanford University Compilation Group.
- Fix ETRN #queuegroup command: actually start a queue run for
- the selected queue group. Problem noted by Jos Vos.
- If MaxMimeHeaderLength is set and a malformed MIME header is fixed,
- log the fixup as "Fixed MIME header" instead of "Truncated
- MIME header". Problem noted by Ian J Hart.
- CONFIG: Fix regression bug in proto.m4 that caused a bogus
- error message: "FEATURE() should be before MAILER()".
- MAIL.LOCAL: Be more explicit in some error cases, i.e., whether
- a mailbox has more than one link or whether it is not
- a regular file. Patch from John Beck of Sun Microsystems.
-
-8.12.7/8.12.7 2002/12/29
- Properly clean up macros to avoid persistence of session data
- across various connections. This could cause session
- oriented restrictions, e.g., STARTTLS requirements,
- to erroneously allow a connection. Problem noted
- by Tim Maletic of Priority Health.
- Do not lookup MX records when sorting the MSP queue. The MSP
- only needs to relay all mail to the MTA. Problem found
- by Gary Mills of the University of Manitoba.
- Do not restrict the length of connection information to 100
- characters in some logging statements. Problem noted by
- Erik Parker.
- When converting an enhanced status code to an exit status, use
- EX_CONFIG if the first digit is not 2, 4, or 5 or if *.1.5
- is used.
- Reset macro $x when receiving another MAIL command. Problem
- noted by Vlado Potisk of Wigro s.r.o.
- Don't bother setting the permissions on the build area statistics
- file, the proper permissions will be put on the file at
- install time. This fixes installation over NFS for some
- users. Problem noted by Martin J. Dellwo of 3-Dimensional
- Pharmaceuticals, Inc.
- Fix problem of decoding SASLv2 encrypted data. Problem noted by
- Alex Deiter of Mobile TeleSystems, Komi Republic.
- Log milter socket open errors at MilterLogLevel 1 or higher instead
- of 11 or higher.
- Print early system errors to the console instead of silently
- exiting. Problem noted by James Jong of IBM.
- Do not process a queue group if Runners is set to 0, regardless
- of whether F=f or sendmail is run in verbose mode (-v).
- The use of -qGname will still force queue group "name"
- to be run even if Runners=0.
- Change the level for logging the fact that a daemon is refusing
- connections due to high load from LOG_INFO to LOG_NOTICE.
- Patch from John Beck of Sun Microsystems.
- Use location information for submit.cf from NetInfo
- (/locations/sendmail/submit.cf) if available.
- Re-enable ForkEachJob which was lost in 8.12.0. Problem noted by
- Neil Rickert of Northern Illinois University.
- Make behavior of /canon in debug mode consistent with usage in
- rulesets. Patch from Shigeno Kazutaka of IIJ.
- Fix a potential memory leak in envelope splitting. Problem noted
- by John Majikes of IBM.
- Do not try to share an mailbox database LDAP connection across
- different processes. Problem noted by Randy Kunkee.
- Fix logging for undelivered recipients when the SMTP connection
- times out during message collection. Problem noted by Neil
- Rickert of Northern Illinois University.
- Avoid problems with QueueSortOrder=random due to problems with
- qsort() on Solaris (and maybe some other operating systems).
- Problem noted by Stephan Schulz of Gruner+Jahr..
- If -f "" is specified, set the sender address to "<>". Problem
- noted by Matthias Andree.
- Fix formatting problem of footnotes for plain text output on some
- versions of tmac. Patch from Per Hedeland.
- Portability:
- Berkeley DB 4.1 support (requires at least 4.1.25).
- Some getopt(3) implementations in GNU/Linux are broken
- and pass a NULL pointer to an option which requires
- an argument, hence the builtin version of
- sendmail is used instead. This can be overridden
- by using -DSM_CONF_GETOPT=0. Problem noted by
- Vlado Potisk of Wigro s.r.o.
- Support for nph-1.2.0 from Mark D. Roth of the University
- of Illinois at Urbana-Champaign.
- Support for FreeBSD 5.0's MAC labeling from Robert Watson
- of the TrustedBSD Project.
- Support for reading the number of processors on an IRIX
- system from Michel Bourget of SGI.
- Support for UnixWare 7.1 based on input from Larry Rosenman.
- Interix support from Nedelcho Stanev of Atlantic Sky
- Corporation.
- Update Mac OS X/Darwin portability from Wilfredo Sanchez.
- CONFIG: Enforce tls_client restrictions even if delay_checks
- is used. Problem noted by Malte Starostik.
- CONFIG: Deal with an empty hostname created via bogus
- DNS entries to get around access restrictions.
- Problem noted by Kai Schlichting.
- CONFIG: Use FEATURE(`msp', `[127.0.0.1]') in submit.mc by default
- to avoid problems with hostname resolution for localhost
- which on many systems does not resolve to 127.0.0.1 (or
- ::1 for IPv6). If you do not use IPv4 but only IPv6 then
- you need to change submit.mc accordingly, see the comment
- in the file itself.
- CONFIG: Set confDONT_INIT_GROUPS to True in submit.mc to avoid
- error messages from initgroups(3) on AIX 4.3 when sending
- mail to non-existing users. Problem noted by Mark Roth of
- the University of Illinois at Urbana-Champaign.
- CONFIG: Allow local_procmail to override local_lmtp settings.
- CONFIG: Always allow connections from 127.0.0.1 or IPv6:::1 to
- relay.
- CONTRIB: cidrexpand: Deal with the prefix tags that may be included
- in access_db.
- CONTRIB: New version of doublebounce.pl contributed by Leo Bicknell.
- LIBMILTER: On Solaris libmilter may get into an endless loop if
- an error in the communication from/to the MTA occurs.
- Patch from Gurusamy Sarathy of Active State.
- LIBMILTER: Ignore EINTR from sigwait(3) which may happen on Tru64.
- Patch from from Jose Marcio Martins da Cruz of Ecole
- Nationale Superieure des Mines de Paris.
- MAIL.LOCAL: Fix a truncation race condition if the close() on
- the mailbox fails. Problem noted by Tomoko Fukuzawa of
- Sun Microsystems.
- MAIL.LOCAL: Fix a potential file descriptor leak if mkstemp(3)
- fails. Patch from John Beck of Sun Microsystems.
- SMRSH: SECURITY: Only allow regular files or symbolic links to be
- used for a command. Problem noted by David Endler of
- iDEFENSE, Inc.
- New Files:
- devtools/OS/Interix
- include/sm/bdb.h
-
-8.12.6/8.12.6 2002/08/26
- Do not add the FallbackMXhost (or its MX records) to the list
- returned by the bestmx map when -z is used as option.
- Otherwise sendmail may act as an open relay if FallbackMXhost
- and FEATURE(`relay_based_on_MX') are used together.
- Problem noted by Alexander Ignatyev.
- Properly split owner- mailing list messages when SuperSafe is set
- to interactive. Problem noted by Todd C. Miller of
- Courtesan Consulting.
- Make sure that an envelope is queued in the selected queue group
- even if some recipients are deleted or invalid. Problem
- found by Chris Adams of HiWAAY Informations Services.
- Do not send a bounce message if a message is completely collected
- from the SMTP client. Problem noted by Kari Hurtta of the
- Finnish Meteorological Institute.
- Provide an 'install-submit-st' target for sendmail/Makefile to
- install the MSP statistics file using the file named in the
- confMSP_STFILE devtools variable. Requested by Jeff
- Earickson of Colby College.
- Queue up mail with a temporary error if setusercontext() fails
- during a delivery attempt. Patch from Todd C. Miller of
- Courtesan Consulting.
- Fix handling of base64 encoded client authentication data for
- SMTP AUTH. Patch from Elena Slobodnik of life medien GmbH.
- Set the OpenLDAP option LDAP_OPT_RESTART so the client libraries
- restart interrupted system calls. Problem noted by Luiz
- Henrique Duma of BSIOne.
- Prevent a segmentation fault if a program passed a NULL envp using
- execve().
- Document a problem with the counting of queue runners that may
- cause delays if MaxQueueChildren is set too low. Problem
- noted by Ian Duplisse of Cable Television Laboratories, Inc.
- If discarding a message based on a recipient, don't try to look up
- the recipient in the mailbox database if F=w is set. This
- allows users to discard bogus recipients when dealing with
- spammers without tipping them off. Problem noted by Neil
- Rickert of Northern Illinois University.
- If applying a header check to a header with unstructured data,
- e.g., Subject:, then do not run syntax checks that are
- supposed for addresses on the header content.
- Count messages rejected/discarded via the check_data ruleset.
- Portability:
- Fix compilation on systems which do not allow simple
- copying of the variable argument va_list. Based on
- fix from Scott Walters.
- Fix NSD map open bug. From Michel Bourget of SGI.
- Add some additional IRIX shells to the default shell
- list. From Michel Bourget of SGI.
- Fix compilation issues on Mac OS X 10.2 (Darwin 6.0).
- NETISO support has been dropped.
- CONFIG: There was a seemingly minor change in 8.12.4 with respect
- to handling entries of IP nets/addresses with RHS REJECT.
- These would be rejected in check_rcpt instead of only
- being activated in check_relay. This change has been made to
- avoid potential bogus temporary rejection of relay attempts
- "450 4.7.1 Relaying temporarily denied. Cannot resolve PTR
- record for ..." if delay_checks is enabled. However, this
- modification causes a change of behavior if an IP net/address
- is listed in the access map with REJECT and a host/domain
- name is listed with OK or RELAY, hence it has been reversed
- such that the behavior of 8.12.3 is restored. The original
- change was made on request of Neil Rickert of Northern
- Illinois University, the side effect has been found by
- Stefaan Van Hoornick.
- CONFIG: Make sure delay_checks works even for sender addresses
- using the local hostname ($j) or domains in class {P}.
- Based on patch from Neil Rickert of Northern Illinois
- University.
- CONFIG: Fix temporary error handling for LDAP Routing lookups.
- Fix from Andrzej Filip.
- CONTRIB: New version of etrn.pl script and external man page
- (etrn.0) from John Beck of Sun Microsystems.
- LIBMILTER: Protect a free(3) operation from being called with a
- NULL pointer. Problem noted by Andrey J. Melnikoff.
- LIBMILTER: Protect against more interrupted select() calls. Based
- on patch from Jose Marcio Martins da Cruz of Ecole Nationale
- Superieure des Mines de Paris.
- New Files:
- contrib/etrn.0
-
-8.12.5/8.12.5 2002/06/25
- SECURITY: The DNS map can cause a buffer overflow if the user
- specifies a dns map using TXT records in the configuration
- file and a rogue DNS server is queried. None of the
- sendmail supplied configuration files use this option hence
- they are not vulnerable. Problem noted independently by
- Joost Pol of PINE Internet and Anton Rang of Sun Microsystems.
- Unprintable characters in responses from DNS servers for the DNS
- map type are changed to 'X' to avoid potential problems
- with rogue DNS servers.
- Require a suboption when setting the Milter option. Problem noted
- by Bryan Costales.
- Do not silently overwrite command line settings for
- DirectSubmissionModifiers. Problem noted by Bryan
- Costales.
- Prevent a segmentation fault when clearing the event list by
- turning off alarms before checking if event list is
- empty. Problem noted by Allan E Johannesen of Worcester
- Polytechnic Institute.
- Close a potential race condition in transitioning a memory buffered
- file onto disk. From Janani Devarajan of Sun Microsystems.
- Portability:
- Include paths.h on Linux systems running glibc 2.0 or later
- to get the definition for _PATH_SENDMAIL, used by
- rmail and vacation. Problem noted by Kevin
- A. McGrail of Peregrine Hardware.
- NOTE: Linux appears to have broken flock() again. Unless
- the bug is fixed before sendmail 8.13 is shipped,
- 8.13 will change the default locking method to
- fcntl() for Linux kernel 2.4 and later. You may
- want to do this in 8.12 by compiling with
- -DHASFLOCK=0. Be sure to update other sendmail
- related programs to match locking techniques.
-
-8.12.4/8.12.4 2002/06/03
- SECURITY: Inherent limitations in the UNIX file locking model
- can leave systems open to a local denial of service
- attack. Be sure to read the "FILE AND MAP PERMISSIONS"
- section of the top level README for more information.
- Problem noted by lumpy.
- Use TempFileMode (defaults to 0600) for the permissions of PidFile
- instead of 0644.
- Change the default file permissions for new alias database files
- from 0644 to 0640. This can be overridden at compile time
- by setting the DBMMODE macro.
- Fix a potential core dump problem if the environment variable
- NAME is set. Problem noted by Beth A. Chaney of
- Purdue University.
- Expand macros before passing them to libmilter. Problem noted
- by Jose Marcio Martins da Cruz of Ecole Nationale
- Superieure des Mines de Paris.
- Rewind the df (message body) before truncating it when libmilter
- replaces the body of a message. Problem noted by Gisle Aas
- of Active State.
- Change SMTP reply code for AUTH failure from 500 to 535 and the
- initial zero-length response to "=" per RFC 2554. Patches
- from Kenneth Murchison of Oceana Matrix Ltd.
- Do not try to fix broken message/rfc822 MIME attachments by
- inserting a MIME-Version: header when MaxMimeHeaderLength
- is set and no 8 to 7 bit conversion is needed. Based on
- patch from Rehor Petr of ICZ (Czech Republic).
- Do not log "did not issue MAIL/EXPN/VRFY/ETRN" if the connection
- is rejected anyway. Noted by Chris Loelke.
- Mention the submission mail queue in the mailq man page. Requested
- by Bill Fenner of AT&T.
- Set ${msg_size} macro when reading a message from the command line
- or the queue.
- Detach from shared memory before dropping privileges back to
- user who started sendmail.
- If AllowBogusHELO is set to false (default) then also complain if
- the argument to HELO/EHLO contains white space. Suggested
- by Seva Gluschenko of Cronyx Plus.
- Allow symbolicly linked forward files in writable directory paths
- if both ForwardFileInUnsafeDirPath and
- LinkedForwardFileInWritableDir DontBlameSendmail options
- are set. Problem noted by Werner Spirk of
- Leibniz-Rechenzentrum Munich.
- Portability:
- Operating systems that lack the ftruncate() call will not
- be able to use Milter's body replacement feature.
- This only affects Altos, Maxion, and MPE/iX.
- Digital UNIX 5.0 has changed flock() semantics to be
- non-compliant. Problem noted by Martin Mokrejs of
- Charles University in Prague.
- The sparc64 port of FreeBSD 5.0 now supports shared
- memory.
- CONFIG: FEATURE(`preserve_luser_host') needs the macro map.
- Problem noted by Andrzej Filip.
- CONFIG: Using 'local:' as a mailertable value with
- FEATURE(`preserve_luser_host') and LUSER_RELAY caused mail
- to be misaddressed. Problem noted by Andrzej Filip.
- CONFIG: Provide a workaround for DNS based rejection lists that
- fail for AAAA queries. Problem noted by Chris Boyd.
- CONFIG: Accept the machine's hostname as resolvable when checking
- the sender address. This allows locally submitted mail to
- be accepted if the machine isn't connected to a nameserver
- and doesn't have an /etc/hosts entry for itself. Problem
- noted by Robert Watson of the TrustedBSD Project.
- CONFIG: Use deferred expansion for checking the ${deliveryMode}
- macro in case the SMTP VERB command is used. Problem
- noted by Bryan Costales.
- CONFIG: Avoid a duplicate '@domain' virtusertable lookup if no
- matches are found. Fix from Andrzej Filip.
- CONFIG: Fix wording in default dnsbl rejection message. Suggested
- by Lou Katz of Metron Computerware, Ltd.
- CONFIG: Add mailer cyrusv2 for Cyrus V2. Contributed by
- Kenneth Murchison of Oceana Matrix Ltd.
- CONTRIB: Fix wording in default dnsblaccess rejection message to
- match dnsbl change.
- DEVTOOLS: Add new option for access mode of statistics file,
- confSTMODE, which specifies the permissions when initially
- installing the sendmail statistics file.
- LIBMILTER: Mark the listening socket as close-on-exec in case
- a user's filter starts other applications.
- LIBSM: Allow the MBDB initialize, lookup, and/or terminate
- functions in SmMbdbTypes to be set to NULL.
- MAKEMAP: Change the default file permissions for new databases from
- 0644 to 0640. This can be overridden at compile time
- by setting the DBMMODE macro.
- SMRSH: Fix man page bug: replace SMRSH_CMDBIN with SMRSH_CMDDIR.
- Problem noted by Dave Alden of Ohio State University.
- VACATION: When listing the vacation database (-l), don't show
- bogus timestamps for excluded (-x) addresses. Problem
- noted by Bryan Costales.
- New Files:
- cf/mailer/cyrusv2.m4
-
-8.12.3/8.12.3 2002/04/05
- NOTICE: In general queue files should not be moved if queue groups
- are used. In previous versions this could cause mail
- not to be delivered if a queue file is repeatedly moved
- by an external process whenever sendmail moved it back
- into the right place. Some precautions have been taken
- to avoid moving queue files if not really necessary.
- sendmail may use links to refer to queue files and it
- may store the path of data files in queue files. Hence
- queue files should not be moved unless those internals
- are understood and the integrity of the files is not
- compromised. Problem noted by Anne Bennett of Concordia
- University.
- If an error mail is created, and the mail is split across different
- queue directories, and SuperSafe is off, then write the mail
- to disk before splitting it, otherwise an assertion is
- triggered. Problem tracked down by Henning Schmiedehausen
- of INTERMETA.
- Fix possible race condition that could cause sendmail to forget
- running queues. Problem noted by Jeff Wasilko of smoe.org.
- Handle bogus qf files better without triggering assertions.
- Problem noted by Guy Feltin.
- Protect against interrupted select() call when enforcing Milter
- read and write timeouts. Patch from Gurusamy Sarathy of
- ActiveState.
- Matching queue IDs with -qI should be case sensitive. Problem
- noted by Anne Bennett of Concordia University.
- If privileges have been dropped, don't try to change group ID to
- the RunAsUser group. Problem noted by Neil Rickert of
- Northern Illinois University.
- Fix SafeFileEnvironment path munging when the specified path
- contains a trailing slash. Based on patch from Dirk Meyer
- of Dinoex.
- Do not limit sendmail command line length to SM_ARG_MAX (usually
- 4096). Problem noted by Allan E Johannesen of Worcester
- Polytechnic Institute.
- Clear full name of sender for each new envelope to avoid bogus data
- if several mails are sent in one session and some of them
- do not have a From: header. Problem noted by Bas Haakman.
- Change timeout check such that cached information about a connection
- will be immediately invalid if ConnectionCacheTimeout is zero.
- Based on patch from David Burns of Portland State University.
- Properly count message size for mailstats during mail collection.
- Problem noted by Werner Wiethege.
- Log complete response from LMTP delivery agent on failure. Based on
- patch from Motonori Nakamura of Kyoto University.
- Provide workaround for getopt() implementations that do not catch
- missing arguments.
- Fix the message size calculation if the message body is replaced by
- a milter filter and buffered file I/O is being used.
- Problem noted by Sergey Akhapkin of Dr.Web.
- Do not honor SIGUSR1 requests if running with extra privileges.
- Problem noted by Werner Wiethege.
- Prevent a file descriptor leak on mail delivery if the initial
- connect fails and DialDelay is set. Patch from Servaas
- Vandenberghe of Katholieke Universiteit Leuven.
- Properly deal with a case where sendmail is called by root running
- a set-user-ID (non-root) program. Problem noted by Jon
- Lusky of ISS Atlanta.
- Avoid leaving behind stray transcript (xf) files if multiple queue
- directories are used and mail is sent to a mailing list
- which has an owner- alias. Problem noted by Anne Bennett
- of Concordia University.
- Fix class map parsing code if optional key is specified. Problem
- found by Mario Nigrovic.
- The SMTP daemon no longer tries to fix up improperly dot-stuffed
- incoming messages. A leading dot is always stripped by the
- SMTP receiver regardless of whether or not it is followed by
- another dot. Problem noted by Jordan Ritter of darkridge.com.
- Fix corruption when doing automatic MIME 7-bit quoted-printable or
- base64 encoding to 8-bit text. Problem noted by Mark
- Elvers.
- Correct the statistics gathered for total number of connections.
- Instead of being the exact same number as the total number
- of messages (T line in mailstats) it now represents the
- total number of TCP connections.
- Be more explicit about syntax errors in addresses, especially
- non-ASCII characters, and properly create DSNs if necessary.
- Problem noted by Leena Heino of the University of Tampere.
- Prevent small timeouts from being lost on slow machines if itimers
- are used. Problem noted by Suresh Ramasubramanian.
- Prevent a race condition on child cleanup for delivery to files.
- Problem noted by Fletcher Mattox of the University of
- Texas.
- Change the SMTP error code for temporary map failures from 421
- to 451.
- Do not assume that realloc(NULL, size) works on all OS (this was
- only done in one place: queue group creation). Based on
- patch by Bryan Costales.
- Initialize Timeout.iconnect in the code to prevent randomly short
- timeouts. Problem noted by Bradley Watts of AT&T Canada.
- Do not try to send a second SMTP QUIT command if the remote
- responds to a MAIL command with a 421 reply or on I/O
- errors. By doing so, the host was marked as having a
- temporary problem and other mail destined for that host was
- queued for the next queue run. Problem noted by Fletcher
- Mattox of the University of Texas, Allan E Johannesen of
- Worcester Polytechnic Institute, Larry Greenfield of CMU,
- and Neil Rickert of Northern Illinois University.
- Ignore error replies from the SMTP QUIT command (including servers
- which drop the connection instead of responding to the
- command).
- Portability:
- Check LDAP_API_VERSION to determine if ldap_memfree() is
- available.
- Define HPUX10 when building on HP-UX 10.X. That platform
- now gets the proper _PATH_SENDMAIL and SMRSH_CMDDIR
- settings. Patch from Elias Halldor Agustsson of
- Skyrr.
- Fix dependency building on Mac OS X and Darwin. Problem
- noted by John Beck.
- Preliminary support for the sparc64 port of FreeBSD 5.0.
- Add /sbin/sh as an acceptable user shell on HP-UX. From
- Rajesh Somasund of Hewlett-Packard.
- CONFIG: Add FEATURE(`authinfo') to allow a separate database for
- SMTP AUTH information. This feature was actually added in
- 8.12.0 but a release note was not included.
- CONFIG: Do not bounce mail if FEATURE(`ldap_routing')'s bounce
- parameter is set and the LDAP lookup returns a temporary
- error.
- CONFIG: Honor FEATURE(`relay_hosts_only') when using
- FEATURE(`relay_mail_from', `domain'). Problem noted by
- Krzysztof Oledzki.
- CONFIG: FEATURE(`msp') now disables any type of alias
- initialization as aliases are not needed for the MSP.
- CONFIG: Allow users to override RELAY_MAILER_ARGS when FEATURE(`msp')
- is in use. Patch from Andrzej Filip.
- CONFIG: FEATURE(`msp') uses `[localhost]' as default instead of
- `localhost' and turns on MX lookups for the SMTP mailers.
- This will only have an effect if a parameter is specified,
- i.e., an MX lookup will be performed on the hostname unless
- it is embedded in square brackets. Problem noted by
- Theo Van Dinter of Collective Technologies.
- CONFIG: Set confTIME_ZONE to USE_TZ in submit.mc (TimeZoneSpec= in
- submit.cf) to use $TZ for time stamps. This is a compromise
- to allow for the proper time zone on systems where the
- default results in misleading time stamps. That is, syslog
- time stamps and Date headers on submitted mail will use the
- user's $TZ setting. Problem noted by Mark Roth of the
- University of Illinois at Urbana-Champaign, solution proposed
- by Neil Rickert of Northern Illinois University.
- CONFIG: Mac OS X (Darwin) ships with mail.local as non-set-user-ID
- binary. Adjust local mailer flags accordingly. Problem
- noted by John Beck.
- CONTRIB: Add a warning to qtool.pl to not move queue files around
- if queue groups are used.
- CONTRIB: buildvirtuser: Add -f option to force rebuild.
- CONTRIB: smcontrol.pl: Add -f option to specify control socket.
- CONTRIB: smcontrol.pl: Add support for 'memdump' command.
- Suggested by Bryan Costales.
- DEVTOOLS: Add dependency generation for test programs.
- LIBMILTER: Remove conversion of port number for the socket
- structure that is passed to xxfi_connect(). Notice:
- this fix requires that sendmail and libmilter both have
- this change; mixing versions may lead to wrong port
- values depending on the endianness of the involved systems.
- Problem noted by Gisle Aas of ActiveState.
- LIBMILTER: If smfi_setreply() sets a custom reply code of '4XX' but
- SMFI_REJECT is returned, ignore the custom reply. Do the
- same if '5XX' is used and SMFI_TEMPFAIL is returned.
- LIBMILTER: Install include files in ${INCLUDEDIR}/libmilter/ as
- required by mfapi.h. Problem noted by Jose Marcio Martins
- da Cruz of Ecole Nationale Superieure des Mines de Paris.
- LIBSM: Add SM_CONF_LDAP_MEMFREE as a configuration define. Set
- this to 1 if your LDAP client libraries include
- ldap_memfree().
- LIBSMDB: Avoid a file creation race condition for Berkeley DB 1.X
- and NDBM on systems with the O_EXLOCK open(2) flag.
- SMRSH: Fix compilation problem on some operating systems. Problem
- noted by Christian Krackowizer of schuler technodat GmbH.
- VACATION: Allow root to operate on user vacation databases. Based
- on patch from Greg Couch of the University of California,
- San Francisco.
- VACATION: Don't ignore -C option. Based on patch by Bryan Costales.
- VACATION: Clarify option usage in the man page. Problem noted by
- Joe Barbish.
- New Files:
- libmilter/docs/smfi_setbacklog.html
-
-8.12.2/8.12.2 2002/01/13
- Don't complain too much if stdin, stdout, or stderr are missing
- at startup, only log an error message.
- Fix potential problem if an unknown operation mode (character
- following -b) has been specified.
- Prevent purgestat from looping even if someone changes the
- permissions or owner of hoststatus files. Problem noted
- by Kari Hurtta of the Finnish Meteorological Institute.
- Properly record dropped connections in persistent host status.
- Problem noted by Ulrich Windl of the Universitat
- Regensburg.
- Remove newlines from recipients read via sendmail -t to prevent
- SMTP protocol errors when sending the RCPT command.
- Problem noted by William D. Colburn of the New Mexico
- Institute of Mining and Technology.
- Only log milter body replacements once instead of for each body
- chunk sent by a filter. Problem noted by Kari Hurtta of
- the Finnish Meteorological Institute.
- In 8.12.0 and 8.12.1, the headers were mistakenly not included in
- the message size calculation. Problem noted by Kari Hurtta
- of the Finnish Meteorological Institute.
- Since 8.12 no longer forks at the SMTP MAIL command, the daemon
- needs to collect children status to avoid zombie processes.
- Problem noted by Chris Adams of HiWAAY Informations Services.
- Shut down "nullserver" and ETRN-only connections after 25 bad
- commands are issued. This makes it consistent with normal
- SMTP connections.
- Avoid duplicate logging of milter rejections. Problem noted by
- William D. Colburn of the New Mexico Institute of Mining
- and Technology.
- Error and delay DSNs were being sent to postmaster instead of the
- message sender if the sender had used a deprecated RFC822
- source route. Problem noted by Kari Hurtta of the Finnish
- Meteorological Institute.
- Fix FallbackMXhost behavior for temporary errors during address
- parsing. Problem noted by Jorg Bielak from Coastal Web
- Online.
- For systems on which stat(2) does not return a value for st_blksize
- that is the "optimal blocksize for I/O" three new compile
- time flags are available: SM_IO_MAX_BUF_FILE, SM_IO_MIN_BUF,
- and SM_IO_MAX_BUF, which define an upper limit for
- regular files, and a lower and upper limit for other file
- types, respectively.
- Fix a potential deadlock if two events are supposed to occur at
- exactly the same time. Problem noted by Valdis Kletnieks
- of Virginia Tech.
- Perform envelope splitting for aliases listed directly in the
- alias file, not just for include/.forward files.
- Problem noted by John Beck of Sun Microsystems.
- Allow selection of queue group for mailq using -qGgroup.
- Based on patch by John Beck of Sun Microsystems.
- Make sure cached LDAP connections used my multiple maps in the same
- process are closed. Patch from Taso N. Devetzis.
- If running as root, allow reading of class files in protected
- directories. Patch from Alexander Talos of the University
- of Vienna.
- Correct a few LDAP related memory leaks. Patch from David Powell
- of Sun Microsystems.
- Allow specification of an empty realm via the authinfo ruleset.
- This is necessary to interoperate as an SMTP AUTH client
- with servers that do not support realms when using
- CRAM-MD5. Problem noted by Bjoern Voigt of TU Berlin.
- Avoid a potential information leak if AUTH PLAIN is used and the
- server gets stuck while processing that command. Problem
- noted by Chris Adams from HiWAAY Informations Services.
- In addition to printing errors when parsing recipients during
- command line invocations log them to make it simpler
- to understand possible DSNs to postmaster.
- Do not use FallbackMXhost on mailers which have the F=0 flag set.
- Allow local mailers (F=l) to specify a host for TCP connections
- instead of forcing localhost.
- Obey ${DESTDIR} for installation of the client mail queue and
- submit.cf. Patch from Peter 'Luna' Runestig.
- Re-enable support for -M option which was broken in 8.12.1. Problem
- noted by Neil Rickert of Northern Illinois University.
- If a remote server violates the SMTP standard by unexpectedly
- dropping the connection during an SMTP transaction, stop
- sending commands. This prevents bogus "Bad file number"
- recipient status. Problem noted by Allan E Johannesen of
- Worcester Polytechnic Institute.
- Do not use a size estimate of 100 for postmaster bounces, it's
- almost always too small; do not guess the size at all.
- New VENDOR_DEC for Compaq/DEC. Requested by James Seagraves of
- Compaq Computer Corp.
- Fix DaemonPortOptions IPv6 address parsing such that ::1 works
- properly. Problem noted by Valdis Kletnieks of Virginia
- Tech.
- Portability:
- Fix IPv6 network interface probing on HP-UX 11.X. Based on
- patch provided by HP.
- Mac OS X (aka Darwin) has a broken setreuid() call, but a
- working seteuid() call. From Daniel J. Luke.
- Use proper type for a 32-bit integer on SINIX. From Ganu
- Sachin of Siemens.
- Set SM_IO_MIN_BUF (4K) and SM_IO_MAX_BUF (8K) for HP-UX.
- Reduce optimization from +O3 to +O2 on HP-UX 11. This
- fixes a problem that caused additional bogus
- characters to be written to the qf file. Problem
- noted by Tapani Tarvainen.
- Set LDA_USE_LOCKF by default for UnixWare. Problem noted
- by Boyd Lynn Gerber.
- Add support for HP MPE/iX. See sendmail/README for port
- information. From Mark Bixby of Hewlett-Packard.
- New portability defines HASNICE, HASRRESVPORT, USE_ENVIRON,
- USE_DOUBLE_FORK, and NEEDLINK. See sendmail/README
- for more information. From Mark Bixby of
- Hewlett-Packard.
- If an OS doesn't have a method of finding free disk space
- (SFS_NONE), lie and say there is plenty of space.
- From Mark Bixby of Hewlett-Packard.
- Add support for AIX 5.1. From Valdis Kletnieks of
- Virginia Tech.
- Fix man page location for NeXTSTEP. From Hisanori Gogota
- of the NTT/InterCommunication Center.
- Do not assume that strerror() always returns a string.
- Problem noted by John Beck of Sun Microsystems.
- CONFIG: Add OSTYPE(freebsd5) for FreeBSD 5.X, which has removed
- UUCP from the base operating system. From Mark Murray of
- FreeBSD Services, Ltd.
- CONFIG: Add OSTYPE(mpeix) and a generic .mc file for HP MPE/iX
- systems. From Mark Bixby of Hewlett-Packard.
- CONFIG: Add support for selecting a queue group for all mailers.
- Based on proposal by Stephen L. Ulmer of the University of
- Florida.
- CONFIG: Fix error reporting for compat_check.m4. Problem noted by
- Altin Waldmann.
- CONFIG: Do not override user selections for confRUN_AS_USER and
- confTRUSTED_USER in FEATURE(msp). From Mark Bixby of
- Hewlett-Packard.
- LIBMILTER: Fix bug that prevented the removal of a socket after
- libmilter terminated. Problem reported by Andrey V. Pevnev
- of MSFU.
- LIBMILTER: Fix configuration error that required libsm for linking.
- Problem noted by Kari Hurtta of the Finnish Meteorological
- Institute.
- LIBMILTER: Portability fix for OpenUNIX. Patch from Larry Rosenman.
- LIBMILTER: Fix a theoretical memory leak and a possible attempt
- to free memory twice.
- LIBSM: Fix a potential segmentation violation in the I/O library.
- Problem found and analyzed by John Beck and Tim Haley
- of Sun Microsystems.
- LIBSM: Do not clear the LDAP configuration information when
- terminating the mailbox database connection in the LDAP
- example code. Problem noted by Nikos Voutsinas of the
- University of Athens.
- New Files:
- cf/cf/generic-mpeix.cf
- cf/cf/generic-mpeix.mc
- cf/ostype/freebsd5.m4
- cf/ostype/mpeix.m4
- devtools/OS/AIX.5.1
- devtools/OS/MPE-iX
- include/sm/os/sm_os_mpeix.h
- libsm/mpeix.c
-
-8.12.1/8.12.1 2001/10/01
- SECURITY: Check whether dropping group privileges actually succeeded
- to avoid possible compromises of the mail system by
- supplying bogus data. Add configuration options for
- different set*gid() calls to reset saved gid. Problem
- found by Michal Zalewski.
- PRIVACY: Prevent information leakage when sendmail has extra
- privileges by disabling debugging (command line -d flag)
- during queue runs and disabling ETRN when sendmail -bs is
- used. Suggested by Michal Zalewski.
- Avoid memory corruption problems resulting from bogus .cf files.
- Problem found by Michal Zalewski.
- Set the ${server_addr} macro to name of mailer when doing LMTP
- delivery. LMTP systems may offer SMTP Authentication or
- STARTTLS causing sendmail to use this macro in rulesets.
- If debugging is turned on (-d0.10) print not just the default
- values for configuration file and pid file but also the
- selected values. Problem noted by Brad Chapman.
- Continue dealing with broken nameservers by ignoring SERVFAIL
- errors returned on T_AAAA (IPv6) lookups at delivery time
- if ResolverOptions=WorkAroundBrokenAAAA is set. Previously
- this only applied to hostname canonification. Problem
- noted by Bill Fenner of AT&T Research.
- Ignore comments in NIS host records when trying to find the
- canonical name for a host.
- When sendmail has extra privileges, limit mail submission command
- line flags (i.e., -G, -h, -F, etc.) to mail submission
- operating modes (i.e., -bm, -bs, -bv, etc.). Idea based on
- suggestion from Michal Zalewski.
- Portability:
- AIX: Use `oslevel` if available to determine OS version.
- `uname` does not given complete information.
- Problem noted by Keith Neufeld of the Cessna
- Aircraft Company.
- OpenUNIX: Use lockf() for LDA delivery (affects mail.local).
- Problem noticed by Boyd Lynn Gerber of ZENEX.
- Avoid compiler warnings by not using pointers to pass
- integers. Problem noted by Todd C. Miller of
- Courtesan Consulting.
- CONFIG: Add restrictqrun to PrivacyOptions for the MSP to minimize
- problems with potential misconfigurations.
- CONFIG: Fix comment showing default value of MaxHopCount. Problem
- noted by Greg Robinson of the Defence Science and
- Technology Organisation of Australia.
- CONFIG: dnsbl: If an argument specifies an error message in case
- of temporary lookup failures for DNS based blacklists
- then use it.
- LIBMILTER: Install mfdef.h, required by mfapi.h. Problem noted by
- Richard A. Nelson of Debian.
- LIBMILTER: Add __P definition for OS that lack it. Problem noted
- by Chris Adams from HiWAAY Informations Services.
- LIBSMDB: Fix a lock race condition that affects makemap, praliases,
- and vacation.
- MAKEMAP: Avoid going beyond the end of an input line if it does
- not contain a value for a key. Based on patch from
- Mark Bixby from Hewlett-Packard.
- New Files:
- test/Build
- test/Makefile
- test/Makefile.m4
- test/README
- test/t_dropgid.c
- test/t_setgid.c
- Deleted Files:
- include/sm/stdio.h
- include/sm/sysstat.h
-
-8.12.0/8.12.0 2001/09/08
- *NOTICE*: The default installation of sendmail does not use
- set-user-ID root anymore. You need to create a new user and
- a new group before installing sendmail (both called smmsp by
- default). The installation process tries to install
- /etc/mail/submit.cf and creates /var/spool/clientmqueue by
- default. Please see sendmail/SECURITY for details.
- SECURITY: Check for group and world writable forward and :include:
- files. These checks can be turned off if absolutely
- necessary using the DontBlameSendmail option and the new
- flags:
- GroupWritableForwardFile
- WorldWritableForwardFile
- GroupWritableIncludeFile
- WorldWritableIncludeFile
- Problem noted by Slawek Zak of Politechnika Warszawska,
- SECURITY: Drop privileges when using address test mode. Suggested
- by Michal Zalewski of the "Internet for Schools" project
- (IdS).
- Fixed problem of a global variable being used for a timeout jump
- point where the variable could become overused for more than
- one timeout concurrently. This erroneous behavior resulted in
- a corrupted stack causing a core dump. The timeout is now
- handled via libsm. Problem noted by Michael Shapiro,
- John Beck, and Carl Smith of Sun Microsystems.
- If sendmail is set-group-ID then that group ID is used for permission
- checks (group ID of RunAsUser). This allows use of a
- set-group-ID sendmail binary for initial message submission
- and no set-user-ID root sendmail is needed. For details
- see sendmail/SECURITY.
- Log a warning if a non-trusted user changes the syslog label.
- Based on notice from Bryan Costales of SL3D, Inc.
- If sendmail is called for initial delivery, try to use submit.cf
- with a fallback of sendmail.cf as configuration file. See
- sendmail/SECURITY.
- New configuration file option UseMSP to allow group writable queue
- files if the group is the same as that of a set-group-ID
- sendmail binary. See sendmail/SECURITY.
- The .cf file is chosen based on the operation mode. For -bm (default),
- -bs, and -t it is submit.cf if it exists for all others it
- is sendmail.cf (to be backward compatible). This selection
- can be changed by the new option -Ac or -Am (alternative .cf
- file: client or mta). See sendmail/SECURITY.
- The SMTP server no longer forks on each MAIL command. The ONEX
- command has been removed.
- Implement SMTP PIPELINING per RFC 2920. It can be turned off
- at compile time or per host (ruleset).
- New option MailboxDatabase specifies the type of mailbox database
- used to look up local mail recipients; the default value
- is "pw", which means to use getpwnam(). New mailbox database
- types can be added by adding custom code to libsm/mbdb.c.
- Queue file names are now 15 characters long, rather than 14 characters
- long, to accomodate envelope splitting. File systems with
- a 14 character file name length limit are no longer
- supported.
- Recipient list used for delivery now gets internally ordered by
- hostsignature (character string version of MX RR). This orders
- recipients for the same MX RR's together meaning smaller
- portions of the list need to be scanned (instead of the whole
- list) each delivery() pass to determine piggybacking. The
- significance of the change is better the larger the recipient
- list. Hostsignature is now created during recipient list
- creation rather than just before delivery.
- Enhancements for more opportunistic piggybacking. Previous
- piggybacking (called coincidental) extended to coattail
- piggybacking. Rather than complete MX RR matching
- (coincidental) piggybacking is done if just the lowest value
- preference matches (coattail).
- If sendmail receives a temporary error on a RCPT TO: command, it will
- try other MX hosts if available.
- DefaultAuthInfo can contain a list of mechanisms to be used for
- outgoing (client-side) SMTP Authentication.
- New modifier 'A' for DaemonPortOptions/ClientPortOptions to disable
- AUTH (overrides 'a' modifier in DaemonPortOptions). Based
- on patch from Lyndon Nerenberg of Messaging Direct.
- Enable AUTH mechanism EXTERNAL if STARTTLS is used.
- A new ruleset authinfo can be used to return client side
- authentication information for AUTH instead of DefaultAuthInfo.
- Therefore the DefaultAuthInfo option is deprecated and will be
- removed in future versions.
- Accept any SMTP continuation code 3xy for AUTH even though RFC 2554
- requires 334. Mercury 1.48 is a known offender.
- Add new option AuthMaxBits to limit the overall encryption strength
- for the security layer in SMTP AUTH (SASL). See
- doc/op/op.me for details.
- Introduce new STARTTLS related macros {cn_issuer}, {cn_subject},
- {cert_md5} which hold the CN (common name) of the CA that
- signed the presented certificate, the CN and the MD5 hash
- of the presented certificate, respectively.
- New ruleset try_tls to decide whether to try (as client) STARTTLS.
- New ruleset srv_features to enable/disable certain features in the
- server per connection. See doc/op/op.me for details.
- New ruleset tls_rcpt to decide whether to send e-mail to a particular
- recipient; useful to decide whether a conection is secure
- enough on a per recipient basis.
- New option TLSSrvOptions to modify some aspects of the server
- for STARTTLS.
- If no certificate has been requested, the macro {verify} has the
- value "NOT".
- New M=S modifier for ClientPortOptions/DaemonPortOptions to turn off
- using/offering STARTTLS when delivering/receiving e-mail.
- Macro expand filenames/directories for certs and keys in the .cf file.
- Proposed by Neil Rickert of Northern Illinois University.
- Generate an ephemeral RSA key for a STARTTLS connection only if
- really required. This change results in a noticable
- performance gains on most machines. Moreover, if shared
- memory is in use, reuse the key several times.
- Add queue groups which can be used to group queue directories with
- the same behavior together. See doc/op/op.me for details.
- If the new option FastSplit (defaults to one) has a value greater
- than zero, it suppresses the MX lookups on addresses when they
- are initially sorted which may result in faster envelope
- splitting. If the mail is submitted directly from the
- command line, then the value also limits the number of
- processes to deliver the envelopes; if more envelopes are
- created they are only queued up and must be taken care of
- by a queue run.
- The check for 'enough disk space' now pays attention to which file
- system each queue directory resides in.
- All queue runners can be cleanly terminated via SIGTERM to parent.
- New option QueueFileMode for the default permissions of queue files.
- Add parallel queue runner code. Allows multiple queue runners per work
- group (one or more queues in a multi-queue environment
- collected together) to process the same work list at the
- same time.
- Option MaxQueueChildren added to limit the number of concurrently
- active queue runner processes.
- New option MaxRunnersPerQueue to specify the maximum number of queue
- runners per queue group.
- Queue member selection by substring pattern matching now allows
- the pattern to be negated. For -qI, -qR and -qS it is
- permissible for -q!I, -q!R and -q!S to mean remove members
- of the queue that match during processing.
- New -qp[time] option is similar to -qtime, except that instead of
- periodically forking a child to process the queue, a single
- child is forked for each queue that sleeps between queue
- runs. A SIGHUP signal can be sent to restart this
- persistent queue runner.
- The SIGHUP signal now restarts a timed queue run process (i.e., a
- sendmail process which only runs the queue at an interval:
- sendmail -q15m).
- New option NiceQueueRun to set the priority of queue runners.
- Proposed by Thom O'Connor.
- sendmail will run the queue(s) in the background when invoked with -q
- unless the new -qf option or -v is used.
- QueueSortOrder=Random sorts the queue randomly, which is useful if
- several queue runners are started by hand to avoid contention.
- QueueSortOrder=Modification sorts the queue by the modification time
- of the qf file (older entries first).
- Support Deliver By SMTP Service Extension (RFC 2852) which allows
- a client to specify an amount of time within which an e-mail
- should be delivered. New option DeliverByMin added to set the
- minimum amount of time or disable the extension.
- Non-printable characters (ASCII: 0-31, 127) in mailbox addresses are
- not allowed unless escaped or quoted.
- Add support for a generic DNS map. Based on a patch contributed
- by Leif Johansson of Stockholm University, which was based on
- work by Assar Westerlund of Swedish Institute of Computer
- Science, Kista, and Johan Danielsson of Royal Institute of
- Technology, Stockholm, Sweden.
- MX records will be looked up for FallBackMXhost. To use the old
- behavior (no MX lookups), put the name in square brackets.
- Proposed by Thom O'Connor.
- Use shared memory to store free space of filesystems that are used
- for queues, if shared memory is available and if a key is set
- via SharedMemoryKey. This minimizes the number of system
- calls to check the available space. See doc/op/op.me for
- details.
- If shared memory is compiled in the option -bP can be used to print
- the number of entries in the queue(s).
- Enable generic mail filter API (milter). See libmilter/README
- and the usual documentation for details.
- Remove AutoRebuildAliases option, deprecated since 8.10.
- Remove '-U' (initial user submission) command line option as
- announced in 8.10.
- Remove support for non-standard SMTP command XUSR. Use an MSA instead.
- New macro {addr_type} which contains whether the current address is
- an envelope sender or recipient address. Suggested by
- Neil Rickert of Northern Illinois University.
- Two new options for host maps: -d (retransmission timeout),
- -r (number of retries).
- New option for LDAP maps: the -V<sep> allows you to specify a
- separator such that a lookup can return both an attribute
- and value separated by the given separator.
- Add new operators '%', '|', '&' (modulo, binary or, binary and)
- to map class arith.
- If DoubleBounceAddress expands to an empty string, ``double bounces''
- (errors that occur when sending an error message) are dropped.
- New DontBlameSendmail options GroupReadableSASLDBFile and
- GroupWritableSASLDBFile to relax requirements for sasldb files.
- New DontBlameSendmail options GroupReadableKeyFile to relax
- requirements for files containing secret keys. This is
- necessary for the MSP if client authentification is used.
- Properly handle quoted filenames for class files (to allow for
- filenames with spaces).
- Honor the resolver option RES_NOALIASES when canonifying hostnames.
- Add macros to avoid the reuse of {if_addr} etc:
- {if_name_out} hostname of interface of outgoing connection.
- {if_addr_out} address of interface of outgoing connection.
- {if_family_out} family of interface of outgoing connection.
- The latter two are only set if the interface does not belong
- to the loopback net.
- Add macro {nrcpts} which holds the number of (validated) recipients.
- DialDelay option applies only to mailers with flag 'Z'. Patch from
- Juergen Georgi of RUS University of Stuttgart.
- New Timeout.lhlo,auth,starttls options to limit the time waiting for
- an answer to the LMTP LHLO, SMTP AUTH or STARTTLS command.
- New Timeout.aconnect option to limit the overall waiting time for
- all connections for a single delivery attempt to succeed.
- Limit the rate recipients in the SMTP envelope are accepted once
- a threshold number of recipients has been rejected (option
- BadRcptThrottle). From Gregory A Lundberg of the WU-FTPD
- Development Group.
- New option DelayLA to delay connections if the load averages
- exceeds the specified value. The default of 0 does not
- change the previous behavior. A value greater than 0
- will cause sendmail to sleep for one second on most
- SMTP commands and before accepting connections if that
- load average is exceeded.
- Use a dynamic (instead of fixed-size) buffer for the list of
- recipients that are sent during a connection to a mailer.
- This also introduces a new mailer field 'r' which defines
- the maximum number of recipients (defaults to 100).
- Based on patch by Motonori Nakamura of Kyoto University.
- Add new F=1 mailer flag to disable sending of null characters ('\0').
- Add new F=2 mailer flag to disable use of ESMTP, using SMTP instead.
- The deprecated [TCP] builtin mailer pathname (P=) is gone. Use [IPC]
- instead.
- IPC is no longer available as first mailer argument (A=) for [IPC]
- builtin mailer pathnames. Use TCP instead.
- PH map code updated to use the new libphclient API instead of the
- old libqiapi library. Contributed by Mark Roth of the
- University of Illinois at Urbana-Champaign.
- New option DirectSubmissionModifiers to define {daemon_flags}
- for direct (command line) submissions.
- New M=O modifier for DaemonPortOptions to ignore the socket in
- case of failures. Based on patch by Jun-ichiro itojun
- Hagino of the KAME Project.
- Add Disposition-Notification-To: (RFC 2298) to the list of headers
- whose content is rewritten similar to Reply-To:.
- Proposed by Andrzej Filip.
- Use STARTTLS/AUTH=server/client for logging incoming/outgoing
- STARTTLS/AUTH connections; log incoming connections at level
- 9 or higher. Use AUTH/STARTTLS instead of SASL/TLS for SMTP
- AUTH/STARTTLS related logfile entries.
- Convert unprintable characters (and backslash) into octal or C format
- before logging.
- Log recipients if no message is transferred but QUIT/RSET is given
- (at LogLevel 9/10 or higher).
- Log discarded recipients at LogLevel 10 or higher.
- Do not log "did not issue MAIL/EXPN/VRFY/ETRN" for connections
- in which most commands are rejected due to check_relay or
- TCP Wrappers if the host tries one of those commands anyway.
- Change logging format for cloned envelopes to be similar to that for
- DSNs ("old id: new id: clone"). Suggested by Ulrich Windl
- of the Universitat Regensburg.
- Added libsm, a C library of general purpose abstractions including
- assertions, tracing and debugging with named debug categories,
- exception handling, malloc debugging, resource pools,
- portability abstractions, and an extensible buffered I/O
- package. It will at some point replace libsmutil.
- See libsm/index.html for details.
- Fixed most memory leaks in sendmail which were previously taken
- care of by fork() and exit().
- Use new sm_io*() functions in place of stdio calls. Allows for
- more consistent portablity amongst different platforms
- new and old (from new libsm).
- Common I/O pkg means just one buffering method needed instead of two
- ('bf_portable' and 'bf_torek' now just 'bf').
- Sfio no longer needed as SASL/TLS code uses sm_io*() API's.
- New possible value 'interactive' for SuperSafe which can be used
- together with DeliveryMode=interactive is to avoid some disk
- synchronizations calls.
- Add per-recipient status information to mailq -v output.
- T_ANY queries are no longer used by sendmail.
- When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS"
- too (see include/sm/cdefs.h for more info).
- sendmail -d now has general support for named debug categories.
- See libsm/debug.html and section 3.4 of doc/op/op.me
- for details.
- Eliminate the "postmaster warning" DSNs on address parsing errors
- such as unbalanced angle brackets or parentheses. The DSNs
- generated by this condition were illegal (not RFC conform).
- Problem noted by Ulrich Windl of the Universitaet Regensburg.
- Do not issue a DSN if the ruleset localaddr resolves to the $#error
- mailer and the recipient has hence been rejected during the
- SMTP dialogue. Problem reported by Larry Greenfield of CMU.
- Deal with a case of multiple deliveries on misconfigured systems
- that do not have postmaster defined. If an email was sent
- from an address to which a DSN cannot be returned and
- in which at least one recipient address is non-deliverable,
- then that email had been delivered in each queue run.
- Problem reported by Matteo HCE Valsasna of Universita
- degli Studi dell'Insubria.
- The compilation options SMTP, DAEMON, and QUEUE have been removed,
- i.e., the corresponding code is always compiled in now.
- Log the command line in daemon/queue-run mode at LogLevel 10 and
- higher. Suggested by Robert Harker of Harker Systems.
- New ResolverOptions setting: WorkAroundBrokenAAAA. When
- attempting to canonify a hostname, some broken nameservers
- will return SERVFAIL (a temporary failure) on T_AAAA (IPv6)
- lookups. If you want to excuse this behavior, use this new
- flag. Suggested by Chris Foote of SE Network Access and
- Mark Roth of the University of Illinois at
- Urbana-Champaign.
- Free the memory allocated by getipnodeby{addr,name}(). Problem
- noted by Joy Latten of IBM.
- ConnectionRateThrottle limits the number of connections per second
- to each daemon individually, not the overall number of
- connections.
- Specifying only "ldap:" as an AliasFile specification will force
- sendmail to use a default alias schema as outlined in the
- ``USING LDAP FOR ALIASES, MAPS, and CLASSES'' section of
- cf/README.
- Add a new syntax for the 'F' (file class) sendmail.cf command. If
- the first character after the class name is not a '/' or a
- '|' and it contains an '@' (e.g., F{X}key@class:spec), the
- rest of the line will be parsed as a map lookup. This
- allows classes to be filled via a map lookup. See op.me
- for more syntax information. Specifically, this can be
- used for commands such as VIRTUSER_DOMAIN_FILE() to read
- the list of domains via LDAP (see the ``USING LDAP FOR
- ALIASES, MAPS, and CLASSES'' section of cf/README for an
- example).
- The new macro ${sendmailMTACluster} determines the LDAP cluster for
- the default schema used in the above two items.
- Unless DontBlameSendmail=RunProgramInUnsafeDirPath is set, log a
- warning if a program being run from a mailer or file class
- (e.g., F|/path/to/prog) is in an unsafe directory path.
- Unless DontBlameSendmail=RunWritableProgram is set, log a warning
- if a program being run from a mailer or file class
- (e.g., F|/path/to/prog) is group or world writable.
- Loopback interfaces (e.g., "lo0") are now probed for class {w}
- hostnames. Setting DontProbeInterfaces to "loopback"
- (without quotes) will disable this and return to the
- pre-8.12 behavior of only probing non-loopback interfaces.
- Suggested by Bryan Stansell of GNAC.
- In accordance with RFC 2821 section 4.1.4, accept multiple
- HELO/EHLO commands.
- Multiple ClientPortOptions settings are now allowed, one for each
- possible protocol family which may be used for outgoing
- connections. Restrictions placed on one family only affect
- outgoing connections on that particular family. Because of
- this change, the ${client_flags} macro is not set until the
- connection is established. Based on patch from Motonori
- Nakamura of Kyoto University.
- PrivacyOptions=restrictexpand instructs sendmail to drop privileges
- when the -bv option is given by users who are neither root
- nor the TrustedUser so users can not read private aliases,
- forwards, or :include: files. It also will override the -v
- (verbose) command line option.
- If the M=b modifier is set in DaemonPortOptions and the interface
- address can't be used for the outgoing connection, fall
- back to the settings in ClientPortOptions (if set).
- Problem noted by John Beck of Sun Microsystems.
- New named config file rule check_data for DATA command (input:
- number of recipients). Based on patch from Mark Roth of
- the University of Illinois at Urbana-Champaign.
- Add support for ETRN queue selection per RFC 1985. The queue group
- can be specified using the '#' option character. For
- example, 'ETRN #queuegroup'.
- If an LDAP server times out or becomes unavailable, close the
- current connection and reopen to get to one of the fallback
- servers. Patch from Paul Hilchey of the University of
- British Columbia.
- Make default error number on $#error messages 550 instead of 501
- because 501 is not allowed on all commands.
- The .cf file option UnsafeGroupWrites is deprecated, it should be
- replaced with the settings GroupWritableForwardFileSafe
- and GroupWritableIncludeFileSafe in DontBlameSendmail
- if required.
- The deprecated ldapx map class has been removed. Use the ldap map
- class instead.
- Any IPv6 addresses used in configuration should be prefixed by the
- "IPv6:" tag to identify the address properly. For example,
- if you want to add the IPv6 address [2002:c0a8:51d2::23f4] to
- class {w}, you would need to add [IPv6:2002:c0a8:51d2::23f4].
- Change the $&{opMode} macro if the operation mode changes while the
- MTA is running. For example, during a queue run.
- Add "use_inet6" as a new ResolverOptions flag to control the
- RES_USE_INET6 resolver option. Based on patch from Rick
- Nelson of IBM.
- The maximum number of commands before the MTA slows down when too
- many "light weight" commands have been received are now
- configurable during compile time. The current values and
- their defaults are:
- MAXBADCOMMANDS 25 unknown commands
- MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR
- MAXHELOCOMMANDS 3 HELO, EHLO
- MAXVRFYCOMMANDS 6 VRFY, EXPN
- MAXETRNCOMMANDS 8 ETRN
- Setting a value to 0 disables the check. Patch from Bryan
- Costales of SL3D, Inc.
- The header syntax H?${MyMacro}?X-My-Header: now not only checks if
- ${MyMacro} is defined but also that it is not empty.
- Properly quote usernames with special characters if they are used
- in headers. Problem noted by Kari Hurtta of the Finnish
- Meteorological Institute.
- Be sure to include the proper Final-Recipient: DSN header in bounce
- messages for messages for mailing list expanded addresses
- which are not delivered on the initial attempt.
- Do not treat errors as sticky when doing delivery via LMTP after
- the final dot has been sent to avoid affecting future
- deliveries. Problem reported by Larry Greenfield of CMU.
- New compile time flag REQUIRES_DIR_FSYNC which turns on support for
- file systems that require to call fsync() for a directory
- if the meta-data in it has been changed. This should be
- set at least for ReiserFS; it is enabled by default for Linux.
- See sendmail/README for further information.
- Avoid file locking deadlock when updating the statistics file if
- sendmail is signaled to terminate. Problem noted by
- Christophe Wolfhugel of France Telecom.
- Set the $c macro (hop count) as it is being set instead of when the
- envelope is initialized. Problem noted by Kari Hurtta of
- the Finnish Meteorological Institute.
- Properly count recipients for DeliveryMode defer and queue. Fix
- from Peter A. Friend of EarthLink.
- Treat invalid hesiod lookups as permanent errors instead of
- temporary errors. Problem noted by Russell McOrmond of
- flora.ca.
- Portability:
- Remove support for AIX 2, which supports only 14 character
- filenames and is outdated anyway. Suggested by
- Valdis Kletnieks of Virginia Tech.
- Change several settings for Irix 6: remove confSBINDIR,
- i.e., use default /usr/sbin, change owner/group
- of man pages and user-executable to root/sys, set
- optimization limit to 0 (unlimited). Based on patch
- from Ayamura Kikuchi, M.D, and proposal from Kari
- Hurtta of the Finnish Meteorological Institute.
- Do not assume LDAP support is installed by default under
- Solaris 8 and later.
- Add support for OpenUNIX.
- CONFIG: Increment version number of config file to 10.
- CONFIG: Add an install target and a README file in cf/cf.
- CONFIG: Don't accept addresses of the form a@b@, a@b@c, a@[b]c, etc.
- CONFIG: Reject empty recipient addresses (in check_rcpt).
- CONFIG: The access map uses an option of -T<TMPF> to deal with
- temporary lookup failures.
- CONFIG: New value for access map: SKIP, which causes the default
- action to be taken by aborting the search for domain names
- or IP nets.
- CONFIG: check_rcpt can deal with TEMPFAIL for either recipient or
- relay address as long as the other part allows the email
- to get through.
- CONFIG: Entries for virtusertable can make use of a third parameter
- "%3" which contains "+detail" of a wildcard match, i.e., an
- entry like user+*@domain. This allows handling of details by
- using %1%3 as the RHS. Additionally, a "+" wildcard has been
- introduced to match only non-empty details of addresses.
- CONFIG: Numbers for rulesets used by MAILERs have been removed
- and hence there is no required order within the MAILER
- section anymore except for MAILER(`uucp') which must come
- after MAILER(`smtp') if uucp-dom and uucp-uudom are used.
- CONFIG: Hosts listed in the generics domain class {G}
- (GENERICS_DOMAIN() and GENERICS_DOMAIN_FILE()) are treated
- as canonical. Suggested by Per Hedeland of Ericsson.
- CONFIG: If FEATURE(`delay_checks') is used, make sure that a lookup
- in the access map which returns OK or RELAY actually
- terminates check_* ruleset checking.
- CONFIG: New tag TLS_Rcpt: for access map to be used by ruleset
- tls_rcpt, see cf/README for details.
- CONFIG: Change format of Received: header line which reveals whether
- STARTTLS has been used to "(version=${tls_version}
- cipher=${cipher} bits=${cipher_bits} verify=${verify})".
- CONFIG: Use "Spam:" as tag for lookups for FEATURE(`delay_checks')
- options friends/haters instead of "To:" and enable
- specification of whole domains instead of just users.
- Notice: this change is not backward compatible.
- Suggested by Chris Adams from HiWAAY Informations Services.
- CONFIG: Allow for local extensions for most new rulesets, see
- cf/README for details.
- CONFIG: New FEATURE(`lookupdotdomain') to lookup also .domain in
- the access map. Proposed by Randall Winchester of the
- University of Maryland.
- CONFIG: New FEATURE(`local_no_masquerade') to avoid masquerading for
- the local mailer. Proposed by Ingo Brueckl of Wupper Online.
- CONFIG: confRELAY_MSG/confREJECT_MSG can override the default
- messages for an unauthorized relaying attempt/for access
- map entries with RHS REJECT, respectively.
- CONFIG: FEATURE(`always_add_domain') takes an optional argument
- to specify another domain to be added instead of the local one.
- Suggested by Richard H. Gumpertz of Computer Problem
- Solving.
- CONFIG: confAUTH_OPTIONS allows setting of Cyrus-SASL specific
- options, see doc/op/op.me for details.
- CONFIG: confAUTH_MAX_BITS sets the maximum encryption strength for
- the security layer in SMTP AUTH (SASL).
- CONFIG: If Local_localaddr resolves to $#ok, localaddr is terminated
- immediately.
- CONFIG: FEATURE(`enhdnsbl') is an enhanced version of dnsbl which
- allows checking of the return values of the DNS lookups.
- See cf/README for details.
- CONFIG: FEATURE(`dnsbl') allows now to specify the behavior for
- temporary lookup failures.
- CONFIG: New option confDELIVER_BY_MIN to specify minimum time for
- Deliver By (RFC 2852) or to turn off the extension.
- CONFIG: New option confSHARED_MEMORY_KEY to set the key for shared
- memory use.
- CONFIG: New FEATURE(`compat_check') to look up a key consisting
- of the sender and the recipient address delimited by the
- string "<@>", e.g., sender@sdomain<@>recipient@rdomain,
- in the access map. Based on code contributed by Mathias
- Koerber of Singapore Telecommunications Ltd.
- CONFIG: Add EXPOSED_USER_FILE() command to allow an exposed user
- file. Suggested by John Beck of Sun Microsystems.
- CONFIG: Don't use MAILER-DAEMON for error messages delivered
- via LMTP. Problem reported by Larry Greenfield of CMU.
- CONFIG: New FEATURE(`preserve_luser_host') to preserve the name of
- the recipient host if LUSER_RELAY is used.
- CONFIG: New FEATURE(`preserve_local_plus_detail') to preserve the
- +detail portion of the address when passing address to
- local delivery agent. Disables alias and .forward +detail
- stripping. Only use if LDA supports this.
- CONFIG: Removed deprecated FEATURE(`rbl').
- CONFIG: Add LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE()
- which allow you to specify 'equivalent' hosts for LDAP
- Routing lookups. Equivalent hostnames are replaced by the
- masquerade domain name for lookups. See cf/README for
- additional details.
- CONFIG: Add a fourth argument to FEATURE(`ldap_routing') which
- instructs the rulesets on what to do if the address being
- looked up has +detail information. See cf/README for more
- information.
- CONFIG: When chosing a new destination via LDAP Routing, also look
- up the new routing address/host in the mailertable. Based
- on patch from Don Badrak of the United States Census Bureau.
- CONFIG: Do not reject the SMTP Mail from: command if LDAP Routing
- is in use and the bounce option is enabled. Only reject
- recipients as user unknown.
- CONFIG: Provide LDAP support for the remaining database map
- features. See the ``USING LDAP FOR ALIASES AND MAPS''
- section of cf/README for more information.
- CONFIG: Add confLDAP_CLUSTER which defines the ${sendmailMTACluster}
- macro used for LDAP searches as described above in ``USING
- LDAP FOR ALIASES, MAPS, AND CLASSES''.
- CONFIG: confCLIENT_OPTIONS has been replaced by CLIENT_OPTIONS(),
- which takes the options as argument and can be used
- multiple times; see cf/README for details.
- CONFIG: Add configuration macros for new options:
- confBAD_RCPT_THROTTLE BadRcptThrottle
- confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers
- confMAILBOX_DATABASE MailboxDatabase
- confMAX_QUEUE_CHILDREN MaxQueueChildren
- confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue
- confNICE_QUEUE_RUN NiceQueueRun
- confQUEUE_FILE_MODE QueueFileMode
- confFAST_SPLIT FastSplit
- confTLS_SRV_OPTIONS TLSSrvOptions
- See above (and related documentation) for further information.
- CONFIG: Add configuration variables for new timeout options:
- confTO_ACONNECT Timeout.aconnect
- confTO_AUTH Timeout.auth
- confTO_LHLO Timeout.lhlo
- confTO_STARTTLS Timeout.starttls
- CONFIG: Add configuration macros for mail filter API:
- confINPUT_MAIL_FILTERS InputMailFilters
- confMILTER_LOG_LEVEL Milter.LogLevel
- confMILTER_MACROS_CONNECT Milter.macros.connect
- confMILTER_MACROS_HELO Milter.macros.helo
- confMILTER_MACROS_ENVFROM Milter.macros.envfrom
- confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt
- Mail filters can be defined via INPUT_MAIL_FILTER() and
- MAIL_FILTER(). See libmilter/README, cf/README, and
- doc/op/op.me for details.
- CONFIG: Add support for accepting temporarily unresolvable domains.
- See cf/README for details. Based on patch by Motonori
- Nakamura of Kyoto University.
- CONFIG: confDEQUOTE_OPTS can be used to specify options for the
- dequote map.
- CONFIG: New macro QUEUE_GROUP() to define queue groups.
- CONFIG: New FEATURE(`queuegroup') to select a queue group based
- on the full e-mail address or the domain of the recipient.
- CONFIG: Any IPv6 addresses used in configuration should be prefixed
- by the "IPv6:" tag to identify the address properly. For
- example, if you want to use the IPv6 address
- 2002:c0a8:51d2::23f4 in the access database, you would need
- to use IPv6:2002:c0a8:51d2::23f4 on the left hand side.
- This affects the access database as well as the
- relay-domains and local-host-names files.
- CONFIG: OSTYPE(aux) has been renamed to OSTYPE(a-ux).
- CONFIG: Avoid expansion of m4 keywords in SMART_HOST.
- CONFIG: Add MASQUERADE_EXCEPTION_FILE() for reading masquerading
- exceptions from a file. Suggested by Trey Breckenridge of
- Mississippi State University.
- CONFIG: Add LOCAL_USER_FILE() for reading local users
- (LOCAL_USER() -- $={L}) entries from a file.
- CONTRIB: dnsblaccess.m4 is a further enhanced version of enhdnsbl.m4
- which allows to lookup error codes in the access map.
- Contributed by Neil Rickert of Northern Illinois University.
- DEVTOOLS: Add new options for installation of include and library
- files: confINCGRP, confINCMODE, confINCOWN, confLIBGRP,
- confLIBMODE, confLIBOWN.
- DEVTOOLS: Add new option confDONT_INSTALL_CATMAN to turn off
- installation of the the formatted man pages on operating
- systems which don't include cat directories.
- EDITMAP: New program for editing maps as supplement to makemap.
- MAIL.LOCAL: Mail.local now uses the libsm mbdb package to look up
- local mail recipients. New option -D mbdb specifies the
- mailbox database type.
- MAIL.LOCAL: New option "-h filename" which instructs mail.local to
- deliver the mail to the named file in the user's home
- directory instead of the system mail spool area. Based on
- patch from Doug Hardie of the Los Angeles Free-Net.
- MAILSTATS: New command line option -P which acts the same as -p but
- doesn't truncate the statistics file.
- MAKEMAP: Add new option -t to specify a different delimiter
- instead of white space.
- RMAIL: Invoke sendmail with '-G' to indicate this is a gateway
- submission. Problem noted by Kari Hurtta of the Finnish
- Meteorological Institute.
- SMRSH: Use the vendor supplied directory on FreeBSD 3.3 and later.
- VACATION: Change Auto-Submitted: header value from auto-generated to
- auto-replied. From Kenneth Murchison of Oceana Matrix Ltd.
- VACATION: New option -d to send error/debug messages to stdout
- instead of syslog.
- VACATION: New option -U which prevents the attempt to lookup login
- in the password file. The -f and -m options must be used
- to specify the database and message file since there is no
- home directory for the default settings for these options.
- VACATION: Vacation now uses the libsm mbdb package to look up
- local mail recipients; it reads the MailboxDatabase option
- from the sendmail.cf file. New option -C cffile which
- specifies the path of the sendmail.cf file.
- New Directories:
- libmilter/docs
- New Files:
- cf/cf/README
- cf/cf/submit.cf
- cf/cf/submit.mc
- cf/feature/authinfo.m4
- cf/feature/compat_check.m4
- cf/feature/enhdnsbl.m4
- cf/feature/msp.m4
- cf/feature/local_no_masquerade.m4
- cf/feature/lookupdotdomain.m4
- cf/feature/preserve_luser_host.m4
- cf/feature/preserve_local_plus_detail.m4
- cf/feature/queuegroup.m4
- cf/sendmail.schema
- contrib/dnsblaccess.m4
- devtools/M4/UNIX/sm-test.m4
- devtools/OS/OpenUNIX.5.i386
- editmap/*
- include/sm/*
- libsm/*
- libsmutil/cf.c
- libsmutil/err.c
- sendmail/SECURITY
- sendmail/TUNING
- sendmail/bf.c
- sendmail/bf.h
- sendmail/sasl.c
- sendmail/sm_resolve.c
- sendmail/sm_resolve.h
- sendmail/tls.c
- Deleted Files:
- cf/feature/rbl.m4
- cf/ostype/aix2.m4
- devtools/OS/AIX.2
- include/sendmail/cdefs.h
- include/sendmail/errstring.h
- include/sendmail/useful.h
- libsmutil/errstring.c
- sendmail/bf_portable.c
- sendmail/bf_portable.h
- sendmail/bf_torek.c
- sendmail/bf_torek.h
- sendmail/clock.c
- Renamed Files:
- cf/cf/generic-solaris2.mc => cf/cf/generic-solaris.mc
- cf/cf/generic-solaris2.cf => cf/cf/generic-solaris.cf
- cf/ostype/aux.m4 => cf/ostype/a-ux.m4
-
-8.11.7/8.11.7 2003/03/29
- SECURITY: Fix a remote buffer overflow in header parsing by
- dropping sender and recipient header comments if the
- comments are too long. Problem noted by Mark Dowd
- of ISS X-Force.
- SECURITY: Fix a buffer overflow in address parsing due to
- a char to int conversion problem which is potentially
- remotely exploitable. Problem found by Michal Zalewski.
- Note: an MTA that is not patched might be vulnerable to
- data that it receives from untrusted sources, which
- includes DNS.
- To provide partial protection to internal, unpatched sendmail MTAs,
- 8.11.7 changes by default (char)0xff to (char)0x7f in
- headers etc. To turn off this conversion compile with
- -DALLOW_255 or use the command line option -d82.101.
- To provide partial protection for internal, unpatched MTAs that may be
- performing 7->8 or 8->7 bit MIME conversions, the default
- for MaxMimeHeaderLength has been changed to 2048/1024.
- Note: this does have a performance impact, and it only
- protects against frontal attacks from the outside.
- To disable the checks and return to pre-8.11.7 defaults,
- set MaxMimeHeaderLength to 0/0.
- Properly clean up macros to avoid persistence of session data
- across various connections. This could cause session
- oriented restrictions, e.g., STARTTLS requirements,
- to erroneously allow a connection. Problem noted
- by Tim Maletic of Priority Health.
- Ignore comments in NIS host records when trying to find the
- canonical name for a host.
- Fix a memory leak when closing Hesiod maps.
- Set ${msg_size} macro when reading a message from the command line
- or the queue.
- Prevent a segmentation fault when clearing the event list by
- turning off alarms before checking if event list is
- empty. Problem noted by Allan E Johannesen of Worcester
- Polytechnic Institute.
- Fix a potential core dump problem if the environment variable
- NAME is set. Problem noted by Beth A. Chaney of
- Purdue University.
- Prevent a race condition on child cleanup for delivery to files.
- Problem noted by Fletcher Mattox of the University of
- Texas.
- CONFIG: Do not bounce mail if FEATURE(`ldap_routing')'s bounce
- parameter is set and the LDAP lookup returns a temporary
- error.
- CONFIG: Fix a syntax error in the try_tls ruleset if
- FEATURE(`access_db') is not enabled.
- LIBSMDB: Fix a lock race condition that affects makemap, praliases,
- and vacation.
- LIBSMDB: Avoid a file creation race condition for Berkeley DB 1.X
- and NDBM on systems with the O_EXLOCK open(2) flag.
- MAKEMAP: Avoid going beyond the end of an input line if it does
- not contain a value for a key. Based on patch from
- Mark Bixby from Hewlett-Packard.
- MAIL.LOCAL: Fix a truncation race condition if the close() on
- the mailbox fails. Problem noted by Tomoko Fukuzawa of
- Sun Microsystems.
- SMRSH: SECURITY: Only allow regular files or symbolic links to be
- used for a command. Problem noted by David Endler of
- iDEFENSE, Inc.
-
-8.11.6/8.11.6 2001/08/20
- SECURITY: Fix a possible memory access violation when specifying
- out-of-bounds debug parameters. Problem detected by
- Cade Cairns of SecurityFocus.
- Avoid leaking recipient information in unrelated DSNs. This could
- happen if a connection is aborted, several mails had been
- scheduled for delivery via that connection, and the timeout
- is reached such that several DSNs are sent next. Problem
- noted by Dileepan Moorkanat of Hewlett-Packard.
- Fix a possible segmentation violation when specifying too many
- wildcard operators in a rule. Problem detected by
- Werner Wiethege.
- Avoid a segmentation fault on non-matching Hesiod lookups. Problem
- noted by Russell McOrmond of flora.ca
-
-8.11.5/8.11.5 2001/07/31
- Fix a possible race condition when sending a HUP signal to restart
- the daemon. This could terminate the current process without
- starting a new daemon. Problem reported by Wolfgang Breyha
- of SE Netway Communications.
- Only apply MaxHeadersLength when receiving a message via SMTP or
- the command line. Problem noted by Andrey J. Melnikoff.
- When finding the system's local hostname on an IPv6-enabled system
- which doesn't have any IPv6 interface addresses, fall back
- to looking up only IPv4 addresses. Problem noted by Tim
- Bosserman of EarthLink.
- When commands were being rejected due to check_relay or TCP
- Wrappers, the ETRN command was not giving a response.
- Incoming IPv4 connections on a Family=inet6 daemon (using
- IPv4-mapped addresses) were incorrectly labeled as "may be
- forged". Problem noted by Per Steinar Iversen of Oslo
- University College.
- Shutdown address test mode cleanly on SIGTERM. Problem noted by
- Greg King of the OAO Corporation.
- Restore the original real uid (changed in main() to prevent
- out of band signals) before invoking a delivery agent.
- Some delivery agents use this for the "From " envelope
- "header". Problem noted by Leslie Carroll of the
- University at Albany.
- Mark closed file descriptors properly to avoid reuse. Problem
- noted by Jeff Bronson of J.D. Bronson, Inc.
- Setting Timeout options on the command line will also override
- their sub-suboptions in the .cf file, e.g., -O
- Timeout.queuereturn=2d will set all queuereturn timeouts
- to 2 days. Problem noted by Roger B.A. Klorese.
- Portability:
- BSD/OS has a broken setreuid() implementation. Problem
- noted by Vernon Schryver of Rhyolite Software.
- BSD/OS has /dev/urandom(4) (as of version 4.1/199910 ?).
- Noted by Vernon Schryver of Rhyolite Software.
- BSD/OS has fchown(2). Noted by Dave Yadallee of Netline
- 2000 Internet Solutions Inc.
- Solaris 2.X and later have strerror(3). From Sebastian
- Hagedorn of Cologne University.
- CONFIG: Fix parsing for IPv6 domain literals in addresses
- (user@[IPv6:address]). Problem noted by Liyuan Zhou.
-
-8.11.4/8.11.4 2001/05/28
- Clean up signal handling routines to reduce the chances of heap
- corruption and other potential race conditions.
- Terminating and restarting the daemon may not be
- instantaneous due to this change. Also, non-root users can
- no longer send out-of-band signals. Problem reported by
- Michal Zalewski of BindView.
- If LogLevel is greater than 9 and SASL fails to negotiate an
- encryption layer, avoid core dump logging the encryption
- strength. Problem noted by Miroslav Zubcic of Crol.
- If a server offers "AUTH=" and "AUTH " and the list of mechanisms is
- different in those two lines, sendmail might not have
- recognized (and used) all of the offered mechanisms.
- Fix an IP address lookup problem on Solaris 2.0 - 2.3. Patch
- from Kenji Miyake.
- This time, really don't use the .. directory when expanding
- QueueDirectory wildcards.
- If a process is interrupted while closing a map, don't try to close
- the same map again while exiting.
- Allow local mailers (F=l) to contact remote hosts (e.g., via
- LMTP). Problem noted by Norbert Klasen of the University
- of Tuebingen.
- If Timeout.QueueReturn was set to a value less the time it took
- to write a new queue file (e.g., 0 seconds), the bounce
- message would be lost. Problem noted by Lorraine L Goff of
- Oklahoma State University.
- Pass map argument vector into map rewriting engine for the regex
- and prog map types. Problem noted by Stephen Gildea of
- InTouch Systems, Inc.
- When closing an LDAP map due to a temporary error, close all of the
- other LDAP maps which share the original map's connection
- to the LDAP server. Patch from Victor Duchovni of
- Morgan Stanley.
- To detect changes of NDBM aliases files check the timestamp of the
- .pag file instead of the .dir file. Problem noted by Neil
- Rickert of Northern Illinois University.
- Don't treat temporary hesiod lookup failures as permanent. Patch
- from Werner Wiethege.
- If ClientPortOptions is set, make sure to create the outgoing socket
- with the family set in that option. Patch from Sean Farley.
- Avoid a segmentation fault trying to dereference a NULL pointer
- when logging a MaxHopCount exceeded error with an empty
- recipient list. Problem noted by Chris Adams of HiWAAY
- Internet Services.
- Fix DSN for "Too many hops" bounces. Problem noticed by Ulrich
- Windl of the Universitaet Regensburg.
- Fix DSN for "mail loops back to me" bounces. Problem noticed by
- Kari Hurtta of the Finnish Meteorological Institute.
- Portability:
- OpenBSD has a broken setreuid() implementation.
- CONFIG: Undo change from 8.11.1: change 501 SMTP reply code back
- to 553 since it is allowed by DRUMS.
- CONFIG: Add OSTYPE(freebsd4) for FreeBSD 4.X.
- DEVTOOLS: install.sh did not properly handle paths in the source
- file name argument. Noted by Kari Hurtta of the Finnish
- Meteorological Institute.
- DEVTOOLS: Add FAST_PID_RECYCLE to compile time options for OpenBSD
- since it generates random process ids.
- PRALIASES: Add back adaptive algorithm to deal with different endings
- of entries in the database (with/without trailing '\0').
- Patch from John Beck of Sun Microsystems.
- New Files:
- cf/ostype/freebsd4.m4
-
-8.11.3/8.11.3 2001/02/27
- Prevent a segmentation fault when a bogus value was used in the
- LDAPDefaultSpec option's -r, -s, or -M flags and if a bogus
- option was used. Problem noted by Allan E Johannesen of
- Worcester Polytechnic Institute.
- Prevent "token too long" message by shortening {currHeader} which
- could be too long if the last copied character was a quote.
- Problem detected by Jan Krueger of digitalanswers
- communications consulting gmbh.
- Additional IPv6 check for unspecified addresses. Patch from
- Jun-ichiro itojun Hagino of the KAME Project.
- Do not ignore the ClientPortOptions setting if DaemonPortOptions
- Modifier=b (bind to same interface) is set and the
- connection came in from the command line.
- Do not bind to the loopback address if DaemonPortOptions
- Modifier=b (bind to same interface) is set. Patch from
- John Beck of Sun Microsystems.
- Properly deal with open failures on non-optional maps used in
- check_* rulesets by returning a temporary failure.
- Buffered file I/O files were not being properly fsync'ed to disk
- when they were committed.
- Properly encode '=' for the AUTH= parameter of the MAIL command.
- Problem noted by Hadmut Danisch.
- Under certain circumstances the macro {server_name} could be set
- to the wrong hostname (of a previous connection), which may
- cause some rulesets to return wrong results. This would
- usually cause mail to be queued up and delivered later on.
- Ignore F=z (LMTP) mailer flag if $u is given in the mailer A=
- equate. Problem noted by Motonori Nakamura of Kyoto
- University.
- Work around broken accept() implementations which only partially
- fill in the peer address if the socket is closed before
- accept() completes.
- Return an SMTP "421" temporary failure if the data file can't be
- opened where the "354" reply would normally be given.
- Prevent a CPU loop in trying to expand a macro which doesn't exist
- in a queue run. Problem noted by Gordon Lack of Glaxo
- Wellcome.
- If delivering via a program and that program exits with EX_TEMPFAIL,
- note that fact for the mailq display instead of just showing
- "Deferred". Problem noted by Motonori Nakamura of Kyoto
- University.
- If doing canonification via /etc/hosts, try both the fully
- qualified hostname as well as the first portion of the
- hostname. Problem noted by David Bremner of the
- University of New Brunswick.
- Portability:
- Fix a compilation problem for mail.local and rmail if SFIO
- is in use. Problem noted by Auteria Wally
- Winzer Jr. of Champion Nutrition.
- IPv6 changes for platforms using KAME. Patch from
- Jun-ichiro itojun Hagino of the KAME Project.
- OpenBSD 2.7 and higher has srandomdev(3). OpenBSD 2.8 and
- higher has BSDI-style login classes. Patch from
- Todd C. Miller of Courtesan Consulting.
- Unixware 7.1.1 doesn't allow h_errno to be set directly if
- sendmail is being compiled with -kthread. Problem
- noted by Orion Poplawski of CQG, Inc.
- CONTRIB: buildvirtuser: Substitute current domain for $DOMAIN and
- current left hand side for $LHS in virtuser files.
- DEVTOOLS: Do not pass make targets to recursive Build invocations.
- Problem noted by Jeff Bronson of J.D. Bronson, Inc.
- MAIL.LOCAL: In LMTP mode, do not return errors regarding problems
- storing the temporary message file until after the remote
- side has sent the final DATA termination dot. Problem
- noted by Allan E Johannesen of Worcester Polytechnic
- Institute.
- MAIL.LOCAL: If LMTP mode is set, give a temporary error if users
- are also specified on the command line. Patch from
- Motonori Nakamura of Kyoto University.
- PRALIASES: Skip over AliasFile specifications which aren't based on
- database files (i.e., only show dbm, hash, and btree).
- Renamed Files:
- devtools/OS/OSF1.V5.0 => devtools/OS/OSF1.V5.x
-
-8.11.2/8.11.2 2000/12/29
- Prevent a segmentation fault when trying to set a class in
- address test mode due to a negative array index. Audit
- other array indexing. This bug is not believed to be
- exploitable. Noted by Michal Zalewski of the "Internet for
- Schools" project (IdS).
- Add an FFR (for future release) to drop privileges when using
- address test mode. This will be turned on in 8.12. It can
- be enabled by compiling with:
- APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TESTMODE_DROP_PRIVS')
- in your devtools/Site/site.config.m4 file. Suggested by
- Michal Zalewski of the "Internet for Schools" project (IdS).
- Fix potential problem with Cyrus-SASL security layer which may have
- caused I/O errors, especially for mechanism DIGEST-MD5.
- When QueueSortOrder was set to host, sendmail might not read
- enough of the queue file to determine the host, making the
- sort sub-optimal. Problem noted by Jeff Earickson of
- Colby College.
- Don't issue DSNs for addresses which use the NOTIFY parameter (per
- RFC 1891) but don't have FAILURE as value.
- Initialize Cyrus-SASL library before the SMTP daemon is started.
- This implies that every change to SASL related files requires
- a restart of the daemon, e.g., Sendmail.conf, new SASL
- mechanisms (in form of shared libraries).
- Properly set the STARTTLS related macros during a queue run for
- a cached connection. Bug reported by Michael Kellen of
- NxNetworks, Inc.
- Log the server name in relay= for ruleset tls_server instead of the
- client name.
- Include original length of bad field/header when reporting
- MaxMimeHeaderLength problems. Requested by Ulrich Windl of
- the Universitat Regensburg.
- Fix delivery to set-user-ID files that are expanded from aliases in
- DeliveryMode queue. Problem noted by Ric Anderson of the
- University of Arizona.
- Fix LDAP map -m (match only) flag. Problem noted by Jeff Giuliano
- of Collective Technologies.
- Avoid using a negative argument for sleep() calls when delaying answers
- to EXPN/VRFY commands on systems which respond very slowly.
- Problem noted by Mikolaj J. Habryn of Optus Internet
- Engineering.
- Make sure the F=u flag is set in the default prog mailer
- definition. Problem noted by Kari Hurtta of the Finnish
- Meteorological Institute.
- Fix IPv6 check for unspecified addresses. Patch from
- Jun-ichiro itojun Hagino of the KAME Project.
- Fix return values for IRIX nsd map. From Kari Hurtta of the Finnish
- Meteorological Institute.
- Fix parsing of DaemonPortOptions and ClientPortOptions. Read all
- of the parameters to find Family= setting before trying to
- interpret Addr= and Port=. Problem noted by Valdis
- Kletnieks of Virginia Tech.
- When delivering to a file directly from an alias, do not call
- initgroups(); instead use the DefaultUser group information.
- Problem noted by Marc Schaefer of ALPHANET NF.
- RunAsUser now overrides the ownership of the control socket, if
- created. Otherwise, sendmail can not remove it upon
- close. Problem noted by Werner Wiethege.
- Fix ConnectionRateThrottle counting as the option is the number of
- overall connections, not the number of connections per
- socket. A future version may change this to per socket
- counting.
- Portability:
- Clean up libsmdb so it functions properly on platforms
- where sizeof(u_int32_t) != sizeof(size_t). Problem
- noted by Rein Tollevik of Basefarm AS.
- Fix man page formatting for compatibility with Solaris'
- whatis. From Stephen Gildea of InTouch Systems, Inc.
- UnixWare 7 includes snprintf() support. From Larry
- Rosenman.
- IPv6 changes for platforms using KAME. Patch from
- Jun-ichiro itojun Hagino of the KAME Project.
- Avoid a typedef compile conflict with Berkeley DB 3.X and
- Solaris 2.5 or earlier. Problem noted by Bob Hughes
- of Pacific Access.
- Add preliminary support for AIX 5. Contributed by
- Valdis Kletnieks of Virginia Tech.
- Solaris 9 load average support from Andrew Tucker of Sun
- Microsystems.
- CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r')
- is used. Problem noted by Phil Homewood of Asia Online,
- patch from Neil Rickert of Northern Illinois University.
- CONFIG: Change the default DNS based blacklist server for
- FEATURE(`dnsbl') to blackholes.mail-abuse.org.
- CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e.,
- implicitly assume canonical host names.
- CONFIG: Deal with "::" in IPv6 addresses for access_db. Based on
- patch by Motonori Nakamura of Kyoto University.
- CONFIG: New OSTYPE(`aix5') contributed by Valdis Kletnieks of
- Virginia Tech.
- CONFIG: Pass the illegal header form <list:;> through untouched
- instead of making it worse. Problem noted by Motonori
- Nakamura of Kyoto University.
- CONTRIB: Added buildvirtuser (see `perldoc contrib/buildvirtuser`).
- CONTRIB: qtool.pl: An empty queue is not an error. Problem noted
- by Jan Krueger of digitalanswers communications consulting
- gmbh.
- CONTRIB: domainmap.m4: Handle domains with '-' in them. From Mark
- Roth of the University of Illinois at Urbana-Champaign.
- DEVTOOLS: Change the internal devtools OS, REL, and ARCH m4
- variables into bldOS, bldREL, and bldARCH to prevent
- namespace collisions. Problem noted by Motonori Nakamura
- of Kyoto University.
- RMAIL: Undo the 8.11.1 change to use -G when calling sendmail. It
- causes some changes in behavior and may break rmail for
- installations where sendmail is actually a wrapper to
- another MTA. The change will re-appear in a future
- version.
- SMRSH: Use the vendor supplied directory on HPUX 10.X, HPUX 11.X,
- and SunOS 5.8. Requested by Jeff A. Earickson of Colby
- College and John Beck of Sun Microsystems.
- VACATION: Fix pattern matching for addresses to ignore.
- VACATION: Don't reply to addresses of the form owner-*
- or *-owner.
- New Files:
- cf/ostype/aix5.m4
- contrib/buildvirtuser
- devtools/OS/AIX.5.0
-
-8.11.1/8.11.1 2000/09/27
- Fix SMTP EXPN command output if the address expands to a single
- name. Fix from John Beck of Sun Microsystems.
- Don't try STARTTLS in the client if the PRNG has not been properly
- seeded. This problem only occurs on systems without
- /dev/urandom. Problem detected by Jan Krueger of
- digitalanswers communications consulting gmbh and
- Neil Rickert of Northern Illinois University.
- Don't use the . and .. directories when expanding QueueDirectory
- wildcards.
- Do not try to cache LDAP connections across processes as a parent
- process may close the connection before the child process
- has completed. Problem noted by Lai Yiu Fai of the Hong
- Kong University of Science and Technology and Wolfgang
- Hottgenroth of UUNET.
- Use Timeout.fileopen to limit the amount of time spent trying to
- read the LDAP secret from a file.
- Prevent SIGTERM from removing a command line submitted item after
- the user submits the message and before the first delivery
- attempt completes. Problem noted by Max France of AlphaNet.
- Fix from Neil Rickert of Northern Illinois University.
- Deal correctly with MaxMessageSize restriction if message size is
- greater than 2^31. Problem noted by Tim "Darth Dice" Bosserman
- of EarthLink.
- Turn off queue checkpointing if CheckpointInterval is set to zero.
- Treat an empty home directory (from getpw*() or $HOME) as
- non-existent instead of treating it as /. Problem noted by
- Todd C. Miller of Courtesan Consulting.
- Don't drop duplicate headers when reading a queued item. Problem
- noted by Motonori Nakamura of Kyoto University.
- Avoid bogus error text when logging the savemail panic "cannot
- save rejected email anywhere". Problem noted by Marc G.
- Fournier of Acadia University.
- If an LDAP search fails because the LDAP server went down, close
- the map so subsequent searches reopen the map. If there are
- multiple LDAP servers, the down server will be skipped and
- one of the others may be able to take over.
- Set the ${load_avg} macro to the current load average, not the
- previous load average query result.
- If a non-optional map used in a check_* ruleset can't be opened,
- return a temporary failure to the remote SMTP client
- instead of ignoring the map. Problem noted by Allan E
- Johannesen of Worcester Polytechnic Institute.
- Avoid a race condition when queuing up split envelopes by saving
- the split envelopes before the original envelope.
- Fix a bug in the PH_MAP code which caused mail to bounce instead of
- defer if the PH server could not be contacted. From Mark
- Roth of the University of Illinois at Urbana-Champaign.
- Prevent QueueSortOrder=Filename from interfering with -qR, -qS, and
- ETRN. Problem noted by Erik R. Leo of SoVerNet.
- Change error code for unrecognized parameters to the SMTP MAIL and
- RCPT commands from 501 to 555 per RFC 1869. Problem
- reported to Postfix by Robert Norris of Monash University.
- Prevent overwriting the argument of -B on certain OS. Problem
- noted by Matteo Gelosa of I.NET S.p.A.
- Use the proper routine for freeing memory with Netscape's LDAP
- client libraries. Patch from Paul Hilchey of the
- University of British Columbia.
- Portability:
- Move the NETINET6 define to devtools/OS/SunOS.5.{8,9}
- instead of defining it in conf.h so users can
- override the setting. Suggested by
- Henrik Nordstrom of Ericsson.
- On HP-UX 10.X and 11.X, use /usr/sbin/sendmail instead of
- /usr/lib/sendmail for rmail and vacation. From
- Jeff A. Earickson of Colby College.
- On HP-UX 11.X, use /usr/sbin instead of /usr/libexec (which
- does not exist). From Jeff A. Earickson of Colby
- College.
- Avoid using the UCB subsystem on NCR MP-RAS 3.x. From
- Tom Moore of NCR.
- NeXT 3.X and 4.X installs man pages in /usr/man. From
- Hisanori Gogota of NTT/InterCommunicationCenter.
- Solaris 8 and later include /var/run. The default PID file
- location is now /var/run/sendmail.pid. From John
- Beck of Sun Microsystems.
- SFIO includes snprintf() for those operating systems
- which do not. From Todd C. Miller of Courtesan
- Consulting.
- CONFIG: Use the result of _CERT_REGEX_SUBJECT_ not {cert_subject}.
- Problem noted by Kaspar Brand of futureLab AG.
- CONFIG: Change 553 SMTP reply code to 501 to avoid problems with
- errors in the MAIL address.
- CONFIG: Fix FEATURE(nouucp) usage in example .mc files. Problem
- noted by Ron Jarrell of Virginia Tech.
- CONFIG: Add support for Solaris 8 (and later) as OSTYPE(solaris8).
- Contributed by John Beck of Sun Microsystems.
- CONFIG: Set confFROM_HEADER such that the mail hub can possibly add
- GECOS information for an address. This more closely
- matches pre-8.10 nullclient behavior. From Per Hedeland of
- Ericsson.
- CONFIG: Fix MODIFY_MAILER_FLAGS(): apply the flag modifications for
- SMTP to all *smtp* mailers and those for RELAY to the relay
- mailer as described in cf/README.
- MAIL.LOCAL: Open the mailbox as the recipient not root so quotas
- are obeyed. Problem noted by Damian Kuczynski of NIK.
- MAKEMAP: Do not change a map's owner to the TrustedUser if using
- makemap to 'unmake' the map.
- RMAIL: Avoid overflowing the list of recipients being passed to
- sendmail.
- RMAIL: Invoke sendmail with '-G' to indicate this is a gateway
- submission. Problem noted by Kari Hurtta of the Finnish
- Meteorological Institute.
- VACATION: Read the complete message to avoid "broken pipe" signals.
- VACATION: Do not cut off vacation.msg files which have a single
- dot as the only character on the line.
- New Files:
- cf/ostype/solaris8.m4
-
-8.11.0/8.11.0 2000/07/19
- SECURITY: If sendmail is installed as a non-root set-user-ID binary
- (not the normal case), some operating systems will still
- keep a saved-uid of the effective-uid when sendmail tries
- to drop all of its privileges. If sendmail needs to drop
- these privileges and the operating system doesn't set the
- saved-uid as well, exit with an error. Problem noted by
- Kari Hurtta of the Finnish Meteorological Institute.
- SECURITY: sendmail depends on snprintf() NUL terminating the string
- it populates. It is possible that some broken
- implementations of snprintf() exist that do not do this.
- Systems in this category should compile with
- -DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
- system and report broken implementations to
- sendmail-bugs@sendmail.org and your OS vendor. Problem
- noted by Slawomir Piotrowski of TELSAT GP.
- Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
- Implementation influenced by the example programs of
- OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
- Add new STARTTLS related options CACERTPath, CACERTFile,
- ClientCertFile, ClientKeyFile, DHParameters, RandFile,
- ServerCertFile, and ServerKeyFile. These are documented in
- cf/README and doc/op/op.*.
- New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
- ${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
- ${server_name}, and ${server_addr}. These are documented
- in cf/README and doc/op/op.*.
- Add support for the Entropy Gathering Daemon (EGD) for better
- random data.
- New DontBlameSendmail option InsufficientEntropy for systems which
- don't properly seed the PRNG for OpenSSL but want to
- try to use STARTTLS despite the security problems.
- Support the security layer in SMTP AUTH for mechanisms which
- support encryption. Based on code contributed by Tim
- Martin of CMU.
- Add new macro ${auth_ssf} to reflect the SMTP AUTH security
- strength factor.
- LDAP's -1 (single match only) flag was not honored if the -z
- (delimiter) flag was not given. Problem noted by ST Wong of
- the Chinese University of Hong Kong. Fix from Mark Adamson
- of CMU.
- Add more protection from accidentally tripping OpenLDAP 1.X's
- ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
- Suggested by Kurt Zeilenga of OpenLDAP.
- Fix the default family selection for DaemonPortOptions. As
- documented, unless a family is specified in a
- DaemonPortOptions option, "inet" is the default. It is
- also the default if no DaemonPortOptions value is set.
- Therefore, IPv6 users should configure additional sockets
- by adding DaemonPortOptions settings with Family=inet6 if
- they wish to also listen on IPv6 interfaces. Problem noted
- by Jun-ichiro itojun Hagino of the KAME Project.
- Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
- the interface information for an outgoing connection.
- Not doing so was creating a mismatch between the socket
- family and address used in subsequent connections if the
- M=b modifier was set in DaemonPortOptions. Problem noted
- by John Beck of Sun Microsystems.
- If DaemonPortOptions modifier M=b is used, determine the socket
- family based on the IP address. ${if_family} is no longer
- persistent (i.e., saved in qf files). Patch from John Beck
- of Sun Microsystems.
- sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
- macros for both the incoming interface address/family and
- the outgoing interface address/family. In order for M=b
- modifier in DaemonPortOptions to work properly, preserve
- the incoming information in the queue file for later
- delivery attempts.
- Use SMTP error code and enhanced status code from check_relay in
- responses to commands. Problem noted by Jeff Wasilko of
- smoe.org.
- Add more vigilance in checking for putc() errors on output streams
- to protect from a bug in Solaris 2.6's putc(). Problem
- noted by Graeme Hewson of Oracle.
- The LDAP map -n option (return attribute names only) wasn't working.
- Problem noted by Ajay Matia.
- Under certain circumstances, an address could be listed as deferred
- but would be bounced back to the sender as failed to be
- delivered when it really should have been queued. Problem
- noted by Allan E Johannesen of Worcester Polytechnic Institute.
- Prevent a segmentation fault in a child SMTP process from getting
- the SMTP transaction out of sync. Problem noted by Per
- Hedeland of Ericsson.
- Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
- is defined to avoid a core dump due to incompatibilities
- between sfio and stdio. Problem noted by Neil Rickert
- of Northern Illinois University.
- Don't log useless envelope ID on initial connection log. Problem
- noted by Kari Hurtta of the Finnish Meteorological Institute.
- Convert the free disk space shown in a control socket status query
- to kilobyte units.
- If TryNullMXList is True and there is a temporary DNS failure
- looking up the hostname, requeue the message for a later
- attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
- Polytechnic.
- Under the proper circumstances, failed connections would be recorded
- as "Bad file number" instead of "Connection failed" in the
- queue file and persistent host status. Problem noted by
- Graeme Hewson of Oracle.
- Avoid getting into an endless loop if a non-hoststat directory exists
- within the hoststatus directory (e.g., lost+found).
- Patch from Valdis Kletnieks of Virginia Tech.
- Make sure Timeout.queuereturn=now returns a bounce message to the
- sender. Problem noted by Per Hedeland of Ericsson.
- If a message data file can't be opened at delivery time, panic and
- abort the attempt instead of delivering a message that
- states "<<< No Message Collected >>>".
- Fixup the GID checking code from 8.10.2 as it was overly
- restrictive. Problem noted by Mark G. Thomas of Mark
- G. Thomas Consulting.
- Preserve source port number instead of replacing it with the ident
- port number (113).
- Document the queue status characters in the mailq man page.
- Suggested by Ulrich Windl of the Universitat Regensburg.
- Process queued items in which none of the recipient addresses have
- host portions (or there are no recipients). Problem noted
- by Valdis Kletnieks of Virginia Tech.
- If a cached LDAP connection is used for multiple maps, make sure
- only the first to open the connection is allowed to close
- it so a later map close doesn't break the connection for
- other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
- Netscape's LDAP libraries do not support Kerberos V4
- authentication. Patch from Rainer Schoepf of the
- University of Mainz.
- Provide workaround for inconsistent handling of data passed
- via callbacks to Cyrus SASL prior to version 1.5.23.
- Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
- noted by Ulrich Windl of the Universitat Regensburg.
- Portability:
- Add the ability to read IPv6 interface addresses into class
- 'w' under FreeBSD (and possibly others). From Jun
- Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
- Replace code for finding the number of CPUs on HPUX.
- NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
- work properly causing problems if the accept()
- fails and the socket needs to be reopened. Patch
- from Tom Moore of NCR.
- NetBSD uses a .0 extension of formatted man pages. From
- Andrew Brown of Crossbar Security.
- Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
- for calls to getipnodebyname(). The Linux
- implementation is broken so AI_ADDRCONFIG is stripped
- under Linux. From John Beck of Sun Microsystems and
- John Kennedy of Cal State University, Chico.
- CONFIG: Catch invalid addresses containing a ',' at the wrong place.
- Patch from Neil Rickert of Northern Illinois University.
- CONFIG: New variables for the new sendmail options:
- confCACERT_PATH CACERTPath
- confCACERT CACERTFile
- confCLIENT_CERT ClientCertFile
- confCLIENT_KEY ClientKeyFile
- confDH_PARAMETERS DHParameters
- confRAND_FILE RandFile
- confSERVER_CERT ServerCertFile
- confSERVER_KEY ServerKeyFile
- CONFIG: Provide basic rulesets for TLS policy control and add new
- tags to the access database to support these policies. See
- cf/README for more information.
- CONFIG: Add TLS information to the Received: header.
- CONFIG: Call tls_client ruleset from check_mail in case it wasn't
- called due to a STARTTLS command.
- CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
- instead of temporary.
- CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
- the access map and relaying to a domain without using a To:
- tag. Problem noted by Mark G. Thomas of Mark G. Thomas
- Consulting.
- CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
- OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
- RootsWeb.com.
- CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
- forwarding to make it as close to the old behavior as
- possible. Problem noted by George W. Baltz of the
- University of Maryland.
- CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
- Wilfredo Sanchez of Apple Computer, Inc.
- CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
- ldap_mailhost and ldap_mailroutingaddress to ldapmh and
- ldapmra as underscores in map names cause problems if
- underscore is in OperatorChars. Problem noted by Bob Zeitz
- of the University of Alberta.
- CONFIG: Apply blacklist_recipients also to hosts in class {w}.
- Patch from Michael Tratz of Esosoft Corporation.
- CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
- CONTRIB: Add link_hash.sh to create symbolic links to the hash
- of X.509 certificates.
- CONTRIB: passwd-to-alias.pl: More protection from special characters;
- treat special shells as root aliases; skip entries where the
- GECOS full name and username match. From Ulrich Windl of the
- Universitat Regensburg.
- CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
- typo. Patch from Graeme Hewson of Oracle.
- CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
- and sendmail. Patch from Graeme Hewson of Oracle.
- CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
- subroutine Patch from Graeme Hewson of Oracle.
- CONTRIB: Add movemail.pl (move old mail messages between queues by
- calling re-mqueue.pl) and movemail.conf (configuration
- script for movemail.pl). From Graeme Hewson of Oracle.
- CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
- makemap). From Derek J. Balling of Yahoo,Inc.
- DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
- extension modifications (e.g., MAN8EXT) to the installation
- target. Patch from James Ralston of Carnegie Mellon
- University.
- DEVTOOLS: Add support for SunOS 5.9.
- DEVTOOLS: New option confLN contains the command used to create
- links.
- LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
- reported.
- MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
- Denman Tire Corporation.
- MAIL.LOCAL: Prevent a possible DoS attack when compiled with
- -DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
- MAILSTATS: Fix usage statement (-p and -o are optional).
- MAKEMAP: Change man page layout as workaround for problem with nroff
- and -man on Solaris 7. Patch from Larry Williamson.
- RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
- Black Diamond Equipment, Limited.
- RMAIL: Prevent a segmentation fault if the incoming message does not
- have a From line.
- VACATION: Read all of the headers before deciding whether or not
- to respond instead of stopping after finding recipient.
- Added Files:
- cf/ostype/darwin.m4
- contrib/cidrexpand
- contrib/link_hash.sh
- contrib/movemail.conf
- contrib/movemail.pl
- devtools/OS/SunOS.5.9
- test/t_snprintf.c
-
-8.10.2/8.10.2 2000/06/07
- SECURITY: Work around broken Linux setuid() implementation.
- On Linux, a normal user process has the ability to subvert
- the setuid() call such that it is impossible for a root
- process to drop its privileges. Problem noted by Wojciech
- Purczynski of elzabsoft.pl.
- SECURITY: Add more vigilance around set*uid(), setgid(), setgroups(),
- initgroups(), and chroot() calls.
- Added Files:
- test/t_setuid.c
-
-8.10.1/8.10.1 2000/04/06
- SECURITY: Limit the choice of outgoing (client-side) SMTP
- Authentication mechanisms to those specified in
- AuthMechanisms to prevent information leakage. We do not
- recommend use of PLAIN for outgoing mail as it sends the
- password in clear text to possibly untrusted servers. See
- cf/README's DefaultAuthInfo section for additional information.
- Copy the ident argument for openlog() to avoid problems on some
- OSs. Based on patch from Rob Bajorek from Webhelp.com.
- Avoid bogus error message when reporting an alias line as too long.
- Avoid bogus socket error message if sendmail.cf version level is
- greater than sendmail binary supported version. Patch
- from John Beck of Sun Microsystems.
- Prevent a malformed ruleset (missing right hand side) from causing
- a segmentation fault when using address test mode. Based on
- patch from John Beck of Sun Microsystems.
- Prevent memory leak from use of NIS maps and yp_match(3). Problem
- noted by Gil Kloepfer of the University of Texas at Austin.
- Fix queue file permission checks to allow for TrustedUser ownership.
- Change logging of errors from the trust_auth ruleset to LogLevel 10
- or higher.
- Avoid simple password cracking attacks against SMTP AUTH by using
- exponential delay after too many tries within one connection.
- Encode an initial empty AUTH challenge as '=', not as empty string.
- Avoid segmentation fault on EX_SOFTWARE internal error logs.
- Problem noted by Allan E Johannesen of Worcester
- Polytechnic Institute.
- Ensure that a header check which resolves to $#discard actually
- discards the message.
- Emit missing value warnings for aliases with no right hand side
- when newaliases is run instead of only when delivery is
- attempted to the alias.
- Remove AuthOptions missing value warning for consistency with other
- flag options.
- Portability:
- SECURITY: Specify a run-time shared library search path for
- AIX 4.X instead of using the dangerous AIX 4.X
- linker semantics. AIX 4.X users should consult
- sendmail/README for further information. Problem
- noted by Valdis Kletnieks of Virginia Tech.
- Avoid use of strerror(3) call. Problem noted by Charles
- Levert of Ecole Polytechnique de Montreal.
- DGUX requires -lsocket -lnsl and has a non-standard install
- program. From Tim Boyer of Denman Tire Corporation.
- HPUX 11.0 has a broken res_search() function.
- Updates to devtools/OS/NeXT.3.X, NeXT.4.X, and NEXTSTEP.4.X
- from J. P. McCann of E I A.
- Digital UNIX/Compaq Tru64 5.0 now includes snprintf(3).
- Problem noted by Michael Long of Info Avenue Internet
- Services, LLC.
- Modern (post-199912) OpenBSD versions include working
- strlc{at,py}(3) functions. From Todd C. Miller of
- Courtesan Consulting.
- SINIX doesn't have random(3). From Gerald Rinske of
- Siemens Business Services.
- CONFIG: Change error message about unresolvable sender domain to
- include the sender address. Proposed by Wolfgang Rupprecht
- of WSRCC.
- CONFIG: Fix usenet mailer calls.
- CONFIG: If RELAY_MAILER_FLAGS is not defined, use SMTP_MAILER_FLAGS
- to be backward compatible with 8.9.
- CONFIG: Change handling of default case @domain for virtusertable
- to allow for +*@domain to deal with +detail.
- CONTRIB: Remove converting.sun.configs -- it is obsolete.
- DEVTOOLS: confUBINMODE was being ignored. Fix from KITAZIMA, Tuneki
- of NEC.
- DEVTOOLS: Add to NCR platform list and include the architecture
- (i486). From Tom J. Moore of NCR.
- DEVTOOLS: SECURITY: Change method of linking with sendmail utility
- libraries to work around the AIX 4.X and SunOS 4.X linker's
- overloaded -L option. Problem noted by Valdis Kletnieks of
- Virginia Tech.
- DEVTOOLS: configure.sh was overriding the user's choice for
- confNROFF. Problem noted by Glenn A. Malling of Syracuse
- University.
- DEVTOOLS: New variables conf_prog_LIB_POST and confBLDVARIANT added
- for other internal projects but included in the open source
- release.
- LIBSMDB: Check for ".db" instead of simply "db" at the end of the
- map name to determine whether or not to add the extension.
- This fixes makemap when building the userdb file. Problem
- noted by Andrew J Cole of the University of Leeds.
- LIBSMDB: Allow a database to be opened for updating and created if
- it doesn't already exist. Problem noted by Rand Wacker of
- Sendmail.
- LIBSMDB: If type is SMDB_TYPE_DEFAULT and both NEWDB and NDBM are
- available, fall back to NDBM if NEWDB open fails. This
- fixes praliases. Patch from John Beck of Sun Microsystems.
- LIBSMUTIL: safefile()'s SFF_NOTEXCL check was being misinterpreted
- as SFF_NOWRFILES.
- OP.ME: Clarify some issues regarding mailer flags. Suggested by
- Martin Mokrejs of The Charles University and Neil Rickert of
- Northern Illinois University.
- PRALIASES: Restore 8.9.X functionality of being able to search for
- particular keys in a database by specifying the keys on the
- command line. Man page updated accordingly. Patch from
- John Beck of Sun Microsystems.
- VACATION: SunOS 4.X portability from Charles Levert of Ecole
- Polytechnique de Montreal.
- VACATION: Fix -t option which is ignored but available for
- compatibility with Sun's version, based on patch from
- Volker Dobler of Infratest Burke.
- Added Files:
- devtools/M4/UNIX/smlib.m4
- devtools/OS/OSF1.V5.0
- Deleted Files:
- contrib/converting.sun.configs
- Deleted Directories (already done in 8.10.0 but not listed):
- doc/intro
- doc/usenix
- doc/changes
-
-8.10.0/8.10.0 2000/03/01
- *************************************************************
- * The engineering department at Sendmail, Inc. has suffered *
- * the tragic loss of a key member of our engineering team. *
- * Julie Van Bourg was the Vice President of Engineering *
- * at Sendmail, Inc. during the development and deployment *
- * of this release. It was her vision, dedication, and *
- * support that has made this release a success. Julie died *
- * on October 26, 1999 of cancer. We have lost a leader, a *
- * coach, and a friend. *
- * *
- * This release is dedicated to her memory and to the joy, *
- * strength, ideals, and hope that she brought to all of us. *
- * Julie, we miss you! *
- *************************************************************
- SECURITY: The safe file checks now back track through symbolic
- links to make sure the files can't be compromised due
- to poor permissions on the parent directories of the
- symbolic link target.
- SECURITY: Only root, TrustedUser, and users in class t can rebuild
- the alias map. Problem noted by Michal Zalewski of the
- "Internet for Schools" project (IdS).
- SECURITY: There is a potential for a denial of service attack if
- the AutoRebuildAliases option is set as a user can kill the
- sendmail process while it is rebuilding the aliases file
- (leaving it in an inconsistent state). This option and
- its use is deprecated and will be removed from a future
- version of sendmail.
- SECURITY: Make sure all file descriptors (besides stdin, stdout, and
- stderr) are closed before restarting sendmail. Problem noted
- by Michal Zalewski of the "Internet for Schools" project
- (IdS).
- Begin using /etc/mail/ for sendmail related files. This affects
- a large number of files. See cf/README for more details.
- The directory structure of the distribution has changed slightly
- for easier code sharing among the programs.
- Support SMTP AUTH (see RFC 2554). New macros for this purpose
- are ${auth_authen}, ${auth_type}, and ${auth_author}
- which hold the client's authentication credentials,
- the mechanism used for authentication, and the
- authorization identity (i.e., the AUTH= parameter if
- supplied). Based on code contributed by Tim Martin of CMU.
- On systems which use the Torek stdio library (all of the BSD
- distributions), use memory-buffered files to reduce
- file system overhead by not creating temporary files on
- disk. Contributed by Exactis.com, Inc.
- New option DataFileBufferSize to control the maximum size of a
- memory-buffered data (df) file before a disk-based file is
- used. Contributed by Exactis.com, Inc.
- New option XscriptFileBufferSize to control the maximum size of a
- memory-buffered transcript (xf) file before a disk-based
- file is used. Contributed by Exactis.com, Inc.
- sendmail implements RFC 2476 (Message Submission), e.g., it can
- now listen on several different ports. Use:
- O DaemonPortOptions=Name=MSA, Port=587, M=E
- to run a Message Submission Agent (MSA); this is turned
- on by default in m4-generated .cf files; it can be turned
- off with FEATURE(`no_default_msa').
- The 'XUSR' SMTP command is deprecated. Mail user agents should
- begin using RFC 2476 Message Submission for initial user
- message submission. XUSR may disappear from a future release.
- The new '-G' (relay (gateway) submission) command line option
- indicates that the message being submitted from the command
- line is for relaying, not initial submission. This means
- the message will be rejected if the addresses are not fully
- qualified and no canonicalization will be done. Future
- releases may even reject improperly formed messages.
- The '-U' (initial user submission) command line option is
- deprecated and may be removed from a future release.
- Mail user agents should begin using '-G' to indicate that
- this is a relay submission (the inverse of -U).
- The next release of sendmail will assume that any message submitted
- from the command line is an initial user submission and act
- accordingly.
- If sendmail doesn't have enough privileges to run a .forward
- program or deliver to file as the owner of that file, the
- address is marked as unsafe. This means if RunAsUser is
- set, users won't be able to use programs or delivery to
- files in their .forward files. Administrators can override
- this by setting the DontBlameSendmail option to the new
- setting NonRootSafeAddr.
- Allow group or world writable directories if the sticky bit is set
- on the directory and DontBlameSendmail is set to
- TrustStickyBit. Based on patch from Chris Metcalf of
- InCert Software.
- Prevent logging of unsafe directory paths for non-existent forward
- files if the new DontWarnForwardFileInUnsafeDirPath bit is
- set in the DontBlameSendmail option. Requested by many.
- New Timeout.control option to limit the total time spent satisfying
- a control socket request.
- New Timeout.resolver options for controlling BIND resolver
- settings:
- Timeout.resolver.retrans
- Sets the resolver's retransmission time interval (in
- seconds). Sets both Timeout.resolver.retrans.first
- and Timeout.resolver.retrans.normal.
- Timeout.resolver.retrans.first
- Sets the resolver's retransmission time interval (in
- seconds) for the first attempt to deliver a message.
- Timeout.resolver.retrans.normal
- Sets the resolver's retransmission time interval (in
- seconds) for all resolver lookups except the first
- delivery attempt.
- Timeout.resolver.retry
- Sets the number of times to retransmit a resolver
- query. Sets both Timeout.resolver.retry.first
- and Timeout.resolver.retry.normal.
- Timeout.resolver.retry.first
- Sets the number of times to retransmit a resolver
- query for the first attempt to deliver a message.
- Timeout.resolver.retry.normal
- Sets the number of times to retransmit a resolver
- query for all resolver lookups except the first
- delivery attempt.
- Contributed by Exactis.com, Inc.
- Support multiple queue directories. To use multiple queues, supply
- a QueueDirectory option value ending with an asterisk. For
- example, /var/spool/mqueue/q* will use all of the
- directories or symbolic links to directories beginning with
- 'q' in /var/spool/mqueue as queue directories. Keep in
- mind, the queue directory structure should not be changed
- while sendmail is running. Queue runs create a separate
- process for running each queue unless the verbose flag is
- given on a non-daemon queue run. New items are randomly
- assigned to a queue. Contributed by Exactis.com, Inc.
- Support different directories for qf, df, and xf queue files; if
- subdirectories or symbolic links to directories of those names
- exist in the queue directories, they are used for the
- corresponding queue files. Keep in mind, the queue
- directory structure should not be changed while sendmail is
- running. Proposed by Mathias Koerber of Singapore
- Telecommunications Ltd.
- New queue file naming system which uses a filename guaranteed to be
- unique for 60 years. This allows queue IDs to be assigned
- without fancy file system locking. Queued items can be
- moved between queues easily. Contributed by Exactis.com,
- Inc.
- Messages which are undeliverable due to temporary address failures
- (e.g., DNS failure) will now go to the FallBackMX host, if
- set. Contributed by Exactis.com, Inc.
- New command line option '-L tag' which sets the identifier used for
- syslog. Contributed by Exactis.com, Inc.
- QueueSortOrder=Filename will sort the queue by filename. This
- avoids opening and reading each queue file when preparing
- to run the queue. Contributed by Exactis.com, Inc.
- Shared memory counters and microtimers functionality has been
- donated by Exactis.com, Inc.
- The SCCS ID tags have been replaced with RCS ID tags.
- Allow trusted users (those on a T line or in $=t) to set the
- QueueDirectory (Q) option without an X-Authentication-Warning:
- being added. Suggested by Michael K. Sanders.
- IPv6 support based on patches from John Kennedy of Cal State
- University, Chico, Motonori Nakamura of Kyoto University,
- and John Beck of Sun Microsystems.
- In low-disk space situations, where sendmail would previously refuse
- connections, still accept them, but only allow ETRN commands.
- Suggested by Mathias Koerber of Singapore Telecommunications
- Ltd.
- The [IPC] builtin mailer now allows delivery to a UNIX domain socket
- on systems which support them. This can be used with LMTP
- local delivery agents which listen on a named socket. An
- example mailer might be:
- Mexecmail, P=[IPC], F=lsDFMmnqSXzA5@/:|, E=\r\n,
- S=10, R=20/40, T=DNS/RFC822/X-Unix,
- A=FILE /var/run/lmtpd
- Code contributed by Lyndon Nerenberg of Messaging Direct.
- The [TCP] builtin mailer name is now deprecated. Use [IPC]
- instead.
- The first mailer argument in the [IPC] mailer is now checked for a
- legitimate value. Possible values are TCP (for TCP/IP
- connections), IPC (which will be deprecated in a future
- version), and FILE (for UNIX domain socket delivery).
- PrivacyOptions=goaway no longer includes the noetrn and the noreceipts
- flags.
- PrivacyOptions=nobodyreturn instructs sendmail not to include the
- body of the original message on delivery status
- notifications.
- Don't announce DSN if PrivacyOptions=noreceipts is set. Problem noted
- by Dan Bernstein, fix from Robert Harker of Harker Systems.
- Accept the SMTP RSET command even when rejecting commands due to TCP
- Wrappers or the check_relay ruleset. Problem noted by
- Steve Schweinhart of America Online.
- Warn if OperatorChars is set multiple times. OperatorChars should
- not be set after rulesets are defined. Suggested by
- Mitchell Blank Jr of Exec-PC.
- Do not report temporary failure on delivery to files. In
- interactive delivery mode, this would result in two SMTP
- responses after the DATA command. Problem noted by
- Nik Conwell of Boston University.
- Check file close when mailing to files. Problem noted by Nik
- Conwell of Boston University.
- Avoid a segmentation fault when using the LDAP map. Patch from
- Curtis W. Hillegas of Princeton University.
- Always bind to the LDAP server regardless of whether you are using
- ldap_open() or ldap_init(). Fix from Raj Kunjithapadam of
- @Home Network.
- New ruleset trust_auth to determine whether a given AUTH=
- parameter of the MAIL command should be trusted. See SMTP
- AUTH, cf/README, and doc/op/op.ps.
- Allow new named config file rules check_vrfy, check_expn, and
- check_etrn for VRFY, EXPN, and ETRN commands, respectively,
- similar to check_rcpt etc.
- Introduce new macros ${rcpt_mailer}, ${rcpt_host}, ${rcpt_addr},
- ${mail_mailer}, ${mail_host}, ${mail_addr} that hold
- the results of parsing the RCPT and MAIL arguments, i.e.
- the resolved triplet from $#mailer $@host $:addr.
- From Kari Hurtta of the Finnish Meteorological Institute.
- New macro ${client_resolve} which holds the result of the resolve
- call for ${client_name}: OK, FAIL, FORGED, TEMP. Proposed
- by Kari Hurtta of the Finnish Meteorological Institute.
- New macros ${dsn_notify}, ${dsn_envid}, and ${dsn_ret} that hold
- the corresponding DSN parameter values. Proposed by
- Mathias Herberts.
- New macro ${msg_size} which holds the value of the SIZE= parameter,
- i.e., usually the size of the message (in an ESMTP dialogue),
- before the message has been collected, thereafter it holds
- the message size as computed by sendmail (and can be used
- in check_compat).
- The macro ${deliveryMode} now specifies the current delivery mode
- sendmail is using instead of the value of the DeliveryMode
- option.
- New macro ${ntries} holds the number of delivery attempts.
- Drop explicit From: if same as what would be generated only if it is
- a local address. From Motonori Nakamura of Kyoto University.
- Write pid to file also if sendmail only processes the queue.
- Proposed by Roy J. Mongiovi of Georgia Tech.
- Log "low on disk space" only when necessary.
- New macro ${load_avg} can be used to check the current load average.
- Suggested by Scott Gifford of The Internet Ramp.
- Return-Receipt-To: header implies DSN request if option RrtImpliesDsn
- is set.
- Flag -S for maps to specify the character which is substituted
- for spaces (instead of the default given by O BlankSub).
- Flag -D for maps: perform no lookup in deferred delivery mode.
- This flag is set by default for the host map. Based on a
- proposal from Ian MacPhedran of the University of Saskatchewan.
- Open maps only on demand, not at startup.
- Log warning about unsupported IP address families.
- New option MaxHeadersLength allows to specify a maximum length
- of the sum of all headers. This can be used to prevent
- a denial-of-service attack.
- New option MaxMimeHeaderLength which limits the size of MIME
- headers and parameters within those headers. This option
- is intended to protect mail user agents from buffer
- overflow attacks.
- Added option MaxAliasRecursion to specify the maximum depth of
- alias recursion.
- New flag F=6 for mailers to strip headers to seven bit.
- Map type syslog to log the key via syslogd.
- Entries in the alias file can be continued by putting a backslash
- directly before the newline.
- New option DeadLetterDrop to define the location of the system-wide
- dead.letter file, formerly hardcoded to
- /usr/tmp/dead.letter. If this option is not set (the
- default), sendmail will not attempt to save to a
- system-wide dead.letter file if it can not bounce the mail
- to the user nor postmaster. Instead, it will rename the qf
- file as it has in the past when the dead.letter file
- could not be opened.
- New option PidFile to define the location of the pid file. The
- value of this option is macro expanded.
- New option ProcessTitlePrefix specifies a prefix string for the
- process title shown in 'ps' listings.
- New macros for use with the PidFile and ProcessTitlePrefix options
- (along with the already existing macros):
- ${daemon_info} Daemon information, e.g.
- SMTP+queueing@00:30:00
- ${daemon_addr} Daemon address, e.g., 0.0.0.0
- ${daemon_family} Daemon family, e.g., inet, inet6, etc.
- ${daemon_name} Daemon name, e.g., MSA.
- ${daemon_port} Daemon port, e.g., 25
- ${queue_interval} Queue run interval, e.g., 00:30:00
- New macros especially for virtual hosting:
- ${if_name} hostname of interface of incoming connection.
- ${if_addr} address of interface of incoming connection.
- The latter is only set if the interface does not belong to the
- loopback net.
- If a message being accepted via a method other than SMTP and
- would be rejected by a header check, do not send the message.
- Suggested by Phil Homewood of Mincom Pty Ltd.
- Don't strip comments for header checks if $>+ is used instead of $>.
- Provide header value as quoted string in the macro
- ${currHeader} (possibly truncated to MAXNAME). Suggested by
- Jan Krueger of Unix-AG of University of Hannover.
- The length of the header value is stored in ${hdrlen}.
- H*: allows to specify a default ruleset for header checks. This
- ruleset will only be called if the individual header does
- not have its own ruleset assigned. Suggested by Jan
- Krueger of Unix-AG of University of Hannover.
- The name of the header field stored in ${hdr_name}.
- Comments (i.e., text within parentheses) in rulesets are not
- removed if the config file version is greater than or equal
- to 9. For example, "R$+ ( 1 ) $@ 1" matches the
- input "token (1)" but does not match "token".
- Avoid removing the Content-Transfer-Encoding MIME header on
- MIME messages. Problem noted by Sigurbjorn B. Larusson of
- Multimedia Consumer Services. Fix from Per Hedeland of
- Ericsson.
- Avoid duplicate Content-Transfer-Encoding MIME header on
- messages with 8-bit text in headers. Problem noted by
- Per Steinar Iversen of Oslo College. Fix from Per Hedeland
- of Ericsson.
- Avoid keeping maps locked longer than necessary when re-opening a
- modified database map file. Problem noted by Chris Adams
- of Renaissance Internet Services.
- Resolving to the $#error mailer with a temporary failure code (e.g.,
- $#error $@ tempfail $: "400 Temporary failure") will now
- queue up the message instead of bouncing it.
- Be more liberal in acceptable responses to an SMTP RSET command as
- standard does not provide any indication of what to do when
- something other than 250 is received. Based on a patch
- from Steve Schweinhart of America Online.
- New option TrustedUser allows to specify a user who can own
- important files instead of root. This requires HASFCHOWN.
- Fix USERDB conditional so compiling with NEWDB or HESIOD and
- setting USERDB=0 works. Fix from Jorg Zanger of Schock.
- Fix another instance (similar to one in 8.9.3) of a network failure
- being mis-logged as "Illegal Seek" instead of whatever
- really went wrong. From John Beck of Sun Microsystems.
- $? tests also whether the macro is non-null.
- Print an error message if a mailer definition contains an invalid
- equate name.
- New mailer equate /= to specify a directory to chroot() into before
- executing the mailer program. Suggested by Igor Vinokurov.
- New mailer equate W= to specify the maximum time to wait for the
- mailer to return after sending all data to it.
- Only free memory from the process list when adding a new process
- into a previously filled slot. Previously, the memory was
- freed at removal time. Since removal can happen in a
- signal handler, this may leave the memory map in an
- inconsistent state. Problem noted by Jeff A. Earickson and
- David Cooley of Colby College.
- When using the UserDB @hostname catch-all, do not try to lookup
- local users in the passwd file. The UserDB code has
- already decided the message will be passed to another host
- for processing. Fix from Tony Landells of Burdett
- Buckeridge Young Limited.
- Support LDAP authorization via either a file containing the
- password or Kerberos V4 using the new map options
- '-ddistinguished_name', '-Mmethod', and '-Pfilename'. The
- distinguished_name is who to login as. The method can be
- one of LDAP_AUTH_NONE, LDAP_AUTH_SIMPLE, or
- LDAP_AUTH_KRBV4. The filename is the file containing the
- secret key for LDAP_AUTH_SIMPLE or the name of the Kerberos
- ticket file for LDAP_AUTH_KRBV4. Patch from Booker Bense
- of Stanford University.
- The ldapx map has been renamed to ldap. The use of ldapx is
- deprecated and will be removed in a future version.
- If the result of an LDAP search returns a multi-valued attribute
- and the map has the column delimiter set, it turns that
- response into a delimiter separated string. The LDAP map
- will traverse multiple entries as well. LDAP alias maps
- automatically set the column delimiter to the comma.
- Based on patch from Booker Bense of Stanford University and
- idea from Philip A. Prindeville of Mirapoint, Inc.
- Support return of multiple values for a single LDAP lookup. The
- values to be returned should be in a comma separated string.
- For example, `-v "email,emailother"'. Patch from
- Curtis W. Hillegas of Princeton University.
- Allow the use of LDAP for alias maps.
- If no LDAP attributes are specified in an LDAP map declaration, all
- attributes found in the match will be returned.
- Prevent commas in quoted strings in the AliasFile value from
- breaking up a single entry into multiple entries. This is
- needed for LDAP alias file specifications to allow for
- comma separated key and value strings.
- Keep connections to LDAP server open instead of opening and closing
- for each lookup. To reduce overhead, sendmail will cache
- connections such that multiple maps which use the same
- host, port, bind DN, and authentication will only result in
- a single connection to that host.
- Put timeout in the proper place for USE_LDAP_INIT.
- Be more careful about checking for errors and freeing memory on
- LDAP lookups.
- Use asynchronous LDAP searches to save memory and network
- resources.
- Do not copy LDAP query results if the map's match only flag is set.
- Increase portability to the Netscape LDAP libraries.
- Change the parsing of the LDAP filter specification. '%s' is still
- replaced with the literal contents of the map lookup key --
- note that this means a lookup can be done using the LDAP
- special characters. The new '%0' token can be used instead
- of '%s' to encode the key buffer according to RFC 2254.
- For example, if the LDAP map specification contains '-k
- "(user=%s)"' and a lookup is done on "*", this would be
- equivalent to '-k "(user=*)"' -- matching ANY record with a
- user attribute. Instead, if the LDAP map specification
- contains '-k "(user=%0)"' and a lookup is done on "*", this
- would be equivalent to '-k "(user=\2A)"' -- matching a user
- with the name "*".
- New LDAP map flags: "-1" requires a single match to be returned, if
- more than one is returned, it is equivalent to no records
- being found; "-r never|always|search|find" sets the LDAP
- alias dereference option; "-Z size" limits the number of
- matches to return.
- New option LDAPDefaultSpec allows a default map specification for
- LDAP maps. The value should only contain LDAP specific
- settings such as "-h host -p port -d bindDN", etc. The
- settings will be used for all LDAP maps unless they are
- specified in the individual map specification ('K'
- command). This option should be set before any LDAP maps
- are defined.
- Prevent an NDBM alias file opening loop when the NDBM open
- continually fails. Fix from Roy J. Mongiovi of Georgia
- Tech.
- Reduce memory utilization for smaller symbol table entries. In
- particular, class entries get much smaller, which can be
- important if you have large classes.
- On network-related temporary failures, record the hostname which
- gave error in the queued status message. Requested by
- Ulrich Windl of the Universitat Regensburg.
- Add new F=% mailer flag to allow for a store and forward
- configuration. Mailers which have this flag will not attempt
- delivery on initial receipt of a message or on queue runs
- unless the queued message is selected using one of the
- -qI/-qR/-qS queue run modifiers or an ETRN request. Code
- provided by Philip Guenther of Gustavus Adolphus College.
- New option ControlSocketName which, when set, creates a daemon
- control socket. This socket allows an external program to
- control and query status from the running sendmail daemon
- via a named socket, similar to the ctlinnd interface to the
- INN news server. Access to this interface is controlled by
- the UNIX file permissions on the named socket on most UNIX
- systems (see sendmail/README for more information). An
- example control program is provided as contrib/smcontrol.pl.
- Change the default values of QueueLA from 8 to (8 * numproc) and
- RefuseLA from 12 to (12 * numproc) where numproc is the
- number of processors online on the system (if that can be
- determined). For single processor machines, this change
- has no effect.
- Don't return body of message to postmaster on "Too many hops" bounces.
- Based on fix from Motonori Nakamura of Kyoto University.
- Give more detailed DSN descriptions for some cases. Patch from
- Motonori Nakamura of Kyoto University.
- Logging of alias, forward file, and UserDB expansion now happens
- at LogLevel 11 or higher instead of 10 or higher.
- Logging of an envelope's complete delivery (the "done" message) now
- happens at LogLevel 10 or higher instead of 11 or higher.
- Logging of TCP/IP or UNIX standard input connections now happens at
- LogLevel 10 or higher. Previously, only TCP/IP connections
- were logged, and on at LogLevel 12 or higher. Setting
- LogLevel to 10 will now assist users in tracking frequent
- connection-based denial of service attacks.
- Log basic information about authenticated connections at LogLevel
- 10 or higher.
- Log SMTP Authentication mechanism and author when logging the sender
- information (from= syslog line).
- Log the DSN code for each recipient if one is available as a new
- equate (dsn=).
- Macro expand PostmasterCopy and DoubleBounceAddress options.
- New "ph" map for performing ph queries in rulesets, see
- sendmail/README for details. Contributed by Mark Roth
- of the University of Illinois at Urbana-Champaign.
- Detect temporary lookup failures in the host map if looking up a
- bracketed IP address. Problem noted by Kari Hurtta of the
- Finnish Meteorological Institute.
- Do not report a Remote-MTA on local deliveries. Problem noted by
- Kari Hurtta of the Finnish Meteorological Institute.
- When a forward file points to an alias which runs a program, run
- the program as the default user and the default group, not
- the forward file user. This change also assures the
- :include: directives in aliases are also processed using
- the default user and group. Problem noted by Sergiu
- Popovici of DNT Romania.
- Prevent attempts to save a dead.letter file for a user with
- no home directory (/no/such/directory). Problem noted by
- Michael Brown of Finnigan FT/MS.
- Include message delay and number of tries when logging that a
- message has been completely delivered (LogLevel of 10 or
- above). Suggested by Nick Hilliard of Ireland Online.
- Log the sender of a message even if none of the recipients were
- accepted. If some of the recipients were rejected, it is
- helpful to know the sender of the message.
- Check the root directory (/) when checking a path for safety.
- Problem noted by John Beck of Sun Microsystems.
- Prevent multiple responses to the DATA command if DeliveryMode is
- interactive and delivering to an alias which resolves to
- multiple files.
- Macros in the helpfile are expanded if the helpfile version is 2 or
- greater (see below); the help function doesn't print the
- version of sendmail any longer, instead it is placed in
- the helpfile ($v). Suggested by Chuck Foster of UUNET
- PIPEX. Additionally, comment lines (starting with #) are
- skipped and a version line (#vers) is introduced. The
- helpfile version for 8.10.0 is 2, if no version or an older
- version is found, a warning is logged. The '#vers'
- directive should be placed at the top of the help file.
- Use fsync() when delivering to a file to guarantee the delivery to
- disk succeeded. Suggested by Nick Christenson.
- If delivery to a file is unsuccessful, truncate the file back to its
- length before the attempt.
- If a forward points to a filename for delivery, change to the
- user's uid before checking permissions on the file. This
- allows delivery to files on NFS mounted directories where
- root is remapped to nobody. Problem noted by Harald
- Daeubler of Universitaet Ulm.
- purgestat and sendmail -bH purge only expired (Timeout.hoststatus)
- host status files, not all files.
- Any macros stored in the class $={persistentMacros} will be saved
- in the queue file for the message and set when delivery
- is attempted on the queued item. Suggested by Kyle Jones of
- Wonderworks Inc.
- Add support for storing information between rulesets using the new
- macro map class. This can be used to store information
- between queue runs as well using $={persistentMacros}.
- Based on an idea from Jan Krueger of Unix-AG of University
- of Hannover.
- New map class arith to allow for computations in rules. The
- operation (+, -, *, /, l (for less than), and =) is given
- as key. The two operands are specified as arguments; the
- lookup returns the result of the computation. For example,
- "$(arith l $@ 4 $@ 2 $)" will return "FALSE" and
- "$(arith + $@ 4 $@ 2 $)" will return "6".
- Add new syntax for header declarations which decide whether to
- include the header based on a macro rather than a mailer
- flag:
- H?${MyMacro}?X-My-Header: ${MyMacro}
- This should be used along with $={persistentMacros}.
- It can be used for adding headers to a message based on
- the results of check_* and header check rulesets.
- Allow new named config file rule check_eoh which is called after
- all of the headers have been collected. The input to the
- ruleset the number of headers and the size of all of the
- headers in bytes separated by $|. This ruleset along with
- the macro storage map can be used to correlate information
- gathered between headers and to check for missing headers.
- See cf/README or doc/op/op.ps for an example.
- Change the default for the MeToo option to True to correspond
- to the clarification in the DRUMS SMTP Update spec. This
- option is deprecated and will be removed from a future
- version.
- Change the sendmail binary default for SendMimeErrors to True.
- Change the sendmail binary default for SuperSafe to True.
- Display ruleset names in debug and address test mode output
- if referencing a named ruleset.
- New mailer equate m= which will limit the number of messages
- delivered per connection on an SMTP or LMTP mailer.
- Improve QueueSortOrder=Host by reversing the hostname before
- using it to sort. Now all the same domains are really run
- through the queue together. If they have the same MX host,
- then they will have a much better opportunity to use the
- connection cache if available. This should be a reasonable
- performance improvement. Patch from Randall Winchester of
- the University of Maryland.
- If a message is rejected by a header check ruleset, log who would
- have received the message if it had not been rejected.
- New "now" value for Timeout.queuereturn to bounce entries from the
- queue immediately. No delivery attempt is made.
- Increase sleeping time exponentially after too many "bad" commands
- up to 4 minutes delay (compare MAX{BAD,NOOP,HELO,VRFY,ETRN}-
- COMMANDS).
- New option ClientPortOptions similar to DaemonPortOptions
- but for outgoing connections.
- New suboptions for DaemonPortOptions: Name (a name used for
- error messages and logging) and Modifiers, i.e.
- a require authentication
- b bind to interface through which mail has
- been received
- c perform hostname canonification
- f require fully qualified hostname
- h use name of interface for outgoing HELO
- command
- C don't perform hostname canonification
- E disallow ETRN (see RFC 2476)
- New suboption for ClientPortOptions: Modifiers, i.e.
- h use name of interface for HELO command
- The version number for queue files (qf) has been incremented to 4.
- Log unacceptable HELO/EHLO domain name attempts if LogLevel is set
- to 10 or higher. Suggested by Rick Troxel of the National
- Institutes of Health.
- If a mailer dies, print the status in decimal instead of octal
- format. Suggested by Michael Shapiro of Sun Microsystems.
- Limit the length of all MX records considered for delivery to 8k.
- Move message priority from sender to recipient logging. Suggested by
- Ulrich Windl of the Universitat Regensburg.
- Add support for Berkeley DB 3.X.
- Add fix for Berkeley DB 2.X fcntl() locking race condition.
- Requires a post-2.7.5 version of Berkeley DB.
- Support writing traffic log (sendmail -X option) to a FIFO.
- Patch submitted by Rick Heaton of Network Associates, Inc.
- Do not ignore Timeout settings in the .cf file when a Timeout
- sub-options is set on the command line. Problem noted by
- Graeme Hewson of Oracle.
- Randomize equal preference MX records each time delivery is
- attempted via a new connection to a host instead of once per
- session. Suggested by Scott Salvidio of Compaq.
- Implement enhanced status codes as defined by RFC 2034.
- Add [hostname] to class w for the names of all interfaces unless
- DontProbeInterfaces is set. This is useful for sending mails
- to hosts which have dynamically assigned names.
- If a message is bounced due to bad MIME conformance, avoid bouncing
- the bounce for the same reason. If the body is not 8-bit
- clean, and EightBitMode isn't set to pass8, the body will
- not be included in the bounce. Problem noted by Valdis
- Kletnieks of Virginia Tech.
- The timeout for sending a message via SMTP has been changed from
- '${msgsize} / 16 + (${nrcpts} * 300)' to a timeout which
- simply checks for progress on sending data every 5 minutes.
- This will detect the inability to send information quicker
- and reduce the number of processes simply waiting to
- timeout.
- Prevent a segmentation fault on systems which give a partial filled
- interface address structure when loading the system network
- interface addresses. Fix from Reinier Bezuidenhout of
- Nanoteq.
- Add a compile-time configuration macro, MAXINTERFACES, which
- indicates the number of interfaces to read when probing
- for hostnames and IP addresses for class w ($=w). The
- default value is 512. Based on idea from Reinier
- Bezuidenhout of Nanoteq.
- If the RefuseLA option is set to 0, do not reject connections based
- on load average.
- Allow ruleset 0 to have a name. Problem noted by Neil Rickert of
- Northern Illinois University.
- Expand the Return-Path: header at delivery time, after "owner-"
- envelope splitting has occurred.
- Don't try to sort the queue if there are no entries. Patch from
- Luke Mewburn from RMIT University.
- Add a "/quit" command to address test mode.
- Include the proper sender in the UNIX "From " line and Return-Path:
- header when undeliverable mail is saved to ~/dead.letter.
- Problem noted by Kari Hurtta of the Finnish Meteorological
- Institute.
- The contents of a class can now be copied to another class using
- the syntax: "C{Dest} $={Source}". This would copy all of
- the items in class $={Source} into the class $={Dest}.
- Include original envelope's error transcript in bounces created for
- split (owner-) envelopes to see the original errors when
- the recipients were added. Based on fix from Motonori
- Nakamura of Kyoto University.
- Show reason for permanent delivery errors directly after the
- addresses. From Motonori Nakamura of Kyoto University.
- Prevent a segmentation fault when bouncing a split-envelope
- message. Patch from Motonori Nakamura of Kyoto University.
- If the specification for the queue run interval (-q###) has a
- syntax error, consider the error fatal and exit.
- Pay attention to CheckpointInterval during LMTP delivery. Problem
- noted by Motonori Nakamura of Kyoto University.
- On operating systems which have setlogin(2), use it to set the
- login name to the RunAsUserName when starting as a daemon.
- This is for delivery to programs which use getlogin().
- Based on fix from Motonori Nakamura of Kyoto University.
- Differentiate between "command not implemented" and "command
- unrecognized" in the SMTP dialogue.
- Strip returns from forward and include files. Problem noted by
- Allan E Johannesen of Worcester Polytechnic Institute.
- Prevent a core dump when using 'sendmail -bv' on an address which
- resolves to the $#error mailer with a temporary failure.
- Based on fix from Neil Rickert of Northern Illinois
- University.
- Prevent multiple deliveries of a message with a "non-local alias"
- pointing to a local user, if canonicalization fails
- the message was requeued *and* delivered to the alias.
- If an invalid ruleset is declared, the ruleset name could be
- ignored and its rules added to S0. Instead, ignore the
- ruleset lines as well.
- Avoid incorrect Final-Recipient, Action, and X-Actual-Recipient
- success DSN fields as well as duplicate entries for a
- single address due to S5 and UserDB processing. Problems
- noted by Kari Hurtta of the Finnish Meteorological
- Institute.
- Turn off timeouts when exiting sendmail due to an interrupt signal
- to prevent the timeout from firing during the exit process.
- Problem noted by Michael Shapiro of Sun Microsystems.
- Do not append @MyHostName to non-RFC822 addresses output by the EXPN
- command or on Final-Recipient: and X-Actual-Recipient: DSN
- headers. Non-RFC822 addresses include deliveries to
- programs, file, DECnet, etc.
- Fix logic for determining if a local user is using -f or -bs to
- spoof their return address. Based on idea from Neil Rickert
- of Northern Illinois University and patch from Per Hedeland
- of Ericsson.
- Report the proper UID in the bounce message if an :include: file is
- owned by a uid that doesn't map to a username and the
- :include: file contains delivery to a file or program.
- Problem noted by John Beck of Sun Microsystems.
- Avoid the attempt of trying to send a second SMTP QUIT command if
- the remote server responds to the first QUIT with a 4xx
- response code and drops the connection. This behavior was
- noted by Ulrich Windl of the Universitat Regensburg when
- sendmail was talking to the Mercury 1.43 MTA.
- If a hostname lookup times out and ServiceSwitchFile is set but the
- file is not present, the lookup failure would be marked as
- a permanent failure instead of a temporary failure. Fix
- from Russell King of the ARM Linux Project.
- Handle aliases or forwards which deliver to programs using tabs
- instead of spaces between arguments. Problem noted by Randy
- Wormser. Fix from Neil Rickert of Northern Illinois
- University.
- Allow MaxRecipientsPerMessage option to be set on the command line
- by normal users (e.g., sendmail won't drop its root
- privileges) to allow overrides for message submission via
- 'sendmail -bs'.
- Set the names for help file and statistics file to "helpfile" and
- "statistics", respectively, if no parameters are given for
- them in the .cf file.
- Avoid bogus 'errbody: I/O Error -7' log messages when sending
- success DSN messages for messages relayed to non-DSN aware
- systems. Problem noted by Juergen Georgi of RUS University
- of Stuttgart and Kyle Tucker of Parexel International.
- Prevent +detail information from interfering with local delivery to
- multiple users in the same transaction (F=m).
- Add H_FORCE flag for the X-Authentication-Warning: header, so it
- will be added even if one already exists. Problem noted
- by Michal Zalewski of Marchew Industries.
- Stop processing SMTP commands if the SMTP connection is dropped.
- This prevents a remote system from flooding the connection
- with commands and then disconnecting. Previously, the
- server would process all of the buffered commands. Problem
- noted by Michal Zalewski of Marchew Industries.
- Properly process user-supplied headers beginning with '?'. Problem
- noted by Michal Zalewski of Marchew Industries.
- If multiple header checks resolve to the $#error mailer, use the
- last permanent (5XX) failure if any exist. Otherwise, use
- the last temporary (4XX) failure.
- RFC 1891 requires "hexchar" in a "xtext" to be upper case. Patch
- from Ronald F. Guilmette of Infinite Monkeys & Co.
- Timeout.ident now defaults to 5 seconds instead of 30 seconds to
- prevent the now common delays associated with mailing to a
- site which drops IDENT packets. Suggested by many.
- Persistent host status data is not reloaded disk when current data
- is available in the in-memory cache. Problem noted by Per
- Hedeland of Ericsson.
- mailq displays unprintable characters in addresses as their octal
- representation and a leading backslash. This avoids problems
- with "unprintable" characters. Problem noted by Michal
- Zalewski of the "Internet for Schools" project (IdS).
- The mail line length limit (L= equate) was adding the '!' indicator
- one character past the limit. This would cause subsequent
- hops to break the line again. The '!' is now placed in
- the last column of the limit if the line needs to be broken.
- Problem noted by Joe Pruett of Q7 Enterprises. Based on fix
- from Per Hedeland of Ericsson.
- If a resolver ANY query is larger than the UDP packet size, the
- resolver will fall back to TCP. However, some
- misconfigured firewalls black 53/TCP so the ANY lookup
- fails whereas an MX or A record might succeed. Therefore,
- don't fail on ANY queries.
- If an SMTP recipient is rejected due to syntax errors in the
- address, do not send an empty postmaster notification DSN
- to the postmaster. Problem noted by Neil Rickert of
- Northern Illinois University.
- Allow '_' and '.' in map names when parsing a sequence map
- specification. Patch from William Setzer of North Carolina
- State University.
- Fix hostname in logging of read timeouts for the QUIT command on
- cached connections. Problem noted by Neil Rickert of
- Northern Illinois University.
- Use a more descriptive entry to log "null" connections, i.e.,
- "host did not issue MAIL/EXPN/VRFY/ETRN during connection".
- Fix a file descriptor leak in ONEX mode.
- Portability:
- Reverse signal handling logic such that sigaction(2) with
- the SA_RESTART flag is the preferred method and the
- other signal methods are only tried if SA_RESTART
- is not available. Problem noted by Allan E
- Johannesen of Worcester Polytechnic Institute.
- AIX 4.x supports the sa_len member of struct sockaddr.
- This allows network interface probing to work
- properly. Fix from David Bronder of the
- University of Iowa.
- AIX 4.3 has snprintf() support.
- Use "PPC" as the architecture name when building under
- AIX. This will be reflected in the obj.* directory
- name.
- Apple Darwin support based on Apple Rhapsody port.
- Fixed AIX 'make depend' method from Valdis Kletnieks of
- Virginia Tech.
- Digital UNIX has uname(2).
- GNU Hurd updates from Mark Kettenis of the University of
- Amsterdam.
- Improved HPUX 11.0 portability.
- Properly determine the number of CPUs on FreeBSD 2.X,
- FreeBSD 3.X, HP/UX 10.X and HP/UX 11.X.
- Remove special IRIX ABI cases from Build script and the OS
- files. Use the standard 'cc' options used by SGI
- in building the operating system. Users can
- override the defaults by setting confCC and
- confLIBSEARCHPATH appropriately.
- IRIX nsd map support from Bob Mende of SGI.
- Minor devtools fixes for IRIX from Bob Mende of SGI.
- Linux patch for IP_SRCROUTE support from Joerg Dorchain
- of MW EDV & ELECTRONIC.
- Linux now uses /usr/sbin for confEBINDIR in the build
- system. From MATSUURA Takanori of Osaka University.
- Remove special treatment for Linux PPC in the build
- system. From MATSUURA Takanori of Osaka University.
- Motorolla UNIX SYSTEM V/88 Release 4.0 support from
- Sergey Rusanov of the Republic of Udmurtia.
- NCR MP-RAS 3.x includes regular expression support. From
- Tom J. Moore of NCR.
- NEC EWS-UX/V series settings for _PATH_VENDOR_CF and
- _PATH_SENDMAILPID from Oota Toshiya of
- NEC Computers Group Planning Division.
- Minor NetBSD owner/group tweaks from Ayamura Kikuchi, M.D.
- NEWS-OS 6.X listed SYSLOG_BUFSIZE as 256 in confENVDEF and
- 1024 in conf.h. Since confENVDEF would be used,
- use that value in conf.h.
- Use NeXT's NETINFO to get domain name. From Gerd Knops of
- BITart Consulting.
- Use NeXT's NETINFO for alias and hostname resolution if
- AUTO_NETINFO_ALIASES and AUTO_NETINFO_HOSTS are
- defined. Patch from Wilfredo Sanchez of Apple
- Computer, Inc.
- NeXT portability tweaks. Problems reported by Dragan
- Milicic of the University of Utah and J. P. McCann
- of E I A.
- New compile flag FAST_PID_RECYCLE: set this if your system
- can reuse the same PID in the same second.
- New compile flag HASFCHOWN: set this if your OS has
- fchown(2).
- New compile flag HASRANDOM: set this to 0 if your OS does
- not have random(3). rand() will be used instead.
- New compile flag HASSRANDOMDEV: set this if your OS has
- srandomdev(3).
- New compile flag HASSETLOGIN: set this if your OS has
- setlogin(2).
- Replace SINIX and ReliantUNIX support with version
- specific SINIX files. From Gerald Rinske of
- Siemens Business Services.
- Use the 60-second load average instead of the 5 second load
- average on Compaq Tru64 UNIX (formerly Digital
- UNIX). From Chris Teakle of the University of Qld.
- Use ANSI C by default for Compaq Tru64 UNIX. Suggested by
- Randall Winchester of Swales Aerospace.
- Correct setgroups() prototype for Compaq Tru64 UNIX.
- Problem noted by Randall Winchester of Swales
- Aerospace.
- Hitachi 3050R/3050RX and 3500 Workstations running
- HI-UX/WE2 4.02, 6.10 and 7.10 from Motonori
- NAKAMURA of Kyoto University.
- New compile flag NO_GETSERVBYNAME: set this to disable
- use of getservbyname() on systems which can
- not lookup a service by name over NIS, such as
- HI-UX. Patch from Motonori NAKAMURA of Kyoto
- University.
- Use devtools/bin/install.sh on SCO 5.x. Problem noted
- by Sun Wenbing of the China Engineering and
- Technology Information Network.
- make depend didn't work properly on UNIXWARE 4.2. Problem
- noted by Ariel Malik of Netology, Ltd.
- Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX).
- Set confSTDIO_TYPE to torek for BSD-OS, FreeBSD, NetBSD,
- and OpenBSD.
- A recent Compaq Ultrix 4.5 Y2K patch has broken detection
- of local_hostname_length(). See sendmail/README
- for more details. Problem noted by Allan E
- Johannesen of Worcester Polytechnic Institute.
- CONFIG: Begin using /etc/mail/ for sendmail related files. This
- affects a large number of files. See cf/README for more
- details.
- CONFIG: New macro MAIL_SETTINGS_DIR contains the path (including
- trailing slash) for the mail settings directory.
- CONFIG: Increment version number of config file to 9.
- CONFIG: OSTYPE(`bsdi1.0') and OSTYPE(`bsdi2.0') have been
- deprecated and may be removed from a future release.
- BSD/OS users should begin using OSTYPE(`bsdi').
- CONFIG: OpenBSD 2.4 installs mail.local non-set-user-ID root. This
- requires a new OSTYPE(`openbsd'). From Todd C. Miller of
- Courtesan Consulting.
- CONFIG: New OSTYPE(`hpux11') for HP/UX 11.X.
- CONFIG: A syntax error in check_mail would cause fake top-level
- domains (.BITNET, .DECNET, .FAX, .USENET, and .UUCP) to
- be improperly rejected as unresolvable.
- CONFIG: New FEATURE(`dnsbl') takes up to two arguments (name of
- DNS server, rejection message) and can be included
- multiple times.
- CONFIG: New FEATURE(`relay_mail_from') allows relaying if the
- mail sender is listed as RELAY in the access map (and tagged
- with From:).
- CONFIG: Optional tagging of LHS in the access map (Connect:,
- From:, To:) to enable finer control.
- CONFIG: New FEATURE(`ldap_routing') implements LDAP address
- routing. See cf/README for a complete description of the
- new functionality.
- CONFIG: New variables for the new sendmail options:
- confAUTH_MECHANISMS AuthMechanisms
- confAUTH_OPTIONS AuthOptions
- confCLIENT_OPTIONS ClientPortOptions
- confCONTROL_SOCKET_NAME ControlSocketName
- confDEAD_LETTER_DROP DeadLetterDrop
- confDEF_AUTH_INFO DefaultAuthInfo
- confDF_BUFFER_SIZE DataFileBufferSize
- confLDAP_DEFAULT_SPEC LDAPDefaultSpec
- confMAX_ALIAS_RECURSION MaxAliasRecursion
- confMAX_HEADERS_LENGTH MaxHeadersLength
- confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength
- confPID_FILE PidFile
- confPROCESS_TITLE_PREFIX ProcessTitlePrefix
- confRRT_IMPLIES_DSN RrtImpliesDsn
- confTO_CONTROL Timeout.control
- confTO_RESOLVER_RETRANS Timeout.resolver.retrans
- confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first
- confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal
- confTO_RESOLVER_RETRY Timeout.resolver.retry
- confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first
- confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal
- confTRUSTED_USER TrustedUser
- confXF_BUFFER_SIZE XscriptFileBufferSize
- CONFIG: confDAEMON_OPTIONS has been replaced by DAEMON_OPTIONS(),
- which takes the options as argument and can be used
- multiple times; see cf/README for details.
- CONFIG: Add a fifth mailer definition to MAILER(`smtp') called
- "dsmtp". This mail provides on-demand delivery using the
- F=% mailer flag described above. The "dsmtp" mailer
- definition uses the new DSMTP_MAILER_ARGS which defaults
- to "IPC $h".
- CONFIG: New variables LOCAL_MAILER_MAXMSGS, SMTP_MAILER_MAXMSGS,
- and RELAY_MAILER_MAXMSGS for setting the m= equate for the
- local, smtp, and relay mailers respectively.
- CONFIG: New variable LOCAL_MAILER_DSN_DIAGNOSTIC_CODE for setting
- the DSN Diagnostic-Code type for the local mailer. The
- value should be changed with care.
- CONFIG: FEATURE(`local_lmtp') now sets the DSN Diagnostic-Code type
- for the local mailer to the proper value of "SMTP".
- CONFIG: All included maps are no longer optional by default; if
- there there is a problem with a map, sendmail will
- complain.
- CONFIG: Removed root from class E; use EXPOSED_USER(`root')
- to get the old behavior. Suggested by Joe Pruett
- of Q7 Enterprises.
- CONFIG: MASQUERADE_EXCEPTION() defines hosts/subdomains which
- will not be masqueraded. Proposed by Arne Wichmann
- of MPI Saarbruecken, Griff Miller of PGS Tensor,
- Jayme Cox of Broderbund Software Inc.
- CONFIG: A list of exceptions for FEATURE(`nocanonify') can be
- specified by CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
- i.e., a list of domains which are passed to $[ ... $]
- for canonification. Based on an idea from Neil Rickert
- of Northern Illinois University.
- CONFIG: If `canonify_hosts' is specified as parameter for
- FEATURE(`nocanonify') then addresses which have only
- a hostname, e.g., <user@host>, will be canonified.
- CONFIG: If FEATURE(`nocanonify') is turned on, a trailing dot is
- nevertheless added to addresses with more than one component
- in it.
- CONFIG: Canonification is no longer attempted for any host or domain
- in class 'P' ($=P).
- CONFIG: New class for matching virtusertable entries $={VirtHost} that
- can be populated by VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE.
- FEATURE(`virtuser_entire_domain') can be used to apply this
- class also to entire subdomains. Hosts in this class are
- treated as canonical in SCanonify2, i.e., a trailing dot
- is added.
- CONFIG: If VIRTUSER_DOMAIN() or VIRTUSER_DOMAIN_FILE() are used,
- include $={VirtHost} in $=R (hosts allowed to relay).
- CONFIG: FEATURE(`generics_entire_domain') can be used to apply the
- genericstable also to subdomains of $=G.
- CONFIG: Pass "+detail" as %2 for virtusertable lookups.
- Patch from Noam Freedman from University of Chicago.
- CONFIG: Pass "+detail" as %1 for genericstable lookups. Suggested
- by Raymond S Brand of rsbx.net.
- CONFIG: Allow @domain in genericstable to override masquerading.
- Suggested by Owen Duffy from Owen Duffy & Associates.
- CONFIG: LOCAL_DOMAIN() adds entries to class w. Suggested by Steve
- Hubert of University of Washington.
- CONFIG: OSTYPE(`gnuhurd') has been replaced by OSTYPE(`gnu') as
- GNU is now the canonical system name. From Mark
- Kettenis of the University of Amsterdam.
- CONFIG: OSTYPE(`unixware7') updates from Larry Rosenman.
- CONFIG: Do not include '=' in option expansion if there is no value
- associated with the option. From Andrew Brown of
- Graffiti World Wide, Inc.
- CONFIG: Add MAILER(`qpage') to define a new pager mailer. Contributed
- by Philip A. Prindeville of Enteka Enterprise Technology
- Services.
- CONFIG: MAILER(`cyrus') was not preserving case for mail folder
- names. Problem noted by Randall Winchester of Swales
- Aerospace.
- CONFIG: RELAY_MAILER_FLAGS can be used to define additional flags
- for the relay mailer. Suggested by Doug Hughes of Auburn
- University and Brian Candler.
- CONFIG: LOCAL_MAILER_FLAGS now includes 'P' (Add Return-Path:
- header) by default. Suggested by Per Hedeland of Ericsson.
- CONFIG: Use SMART_HOST for bracketed addresses, e.g., user@[host].
- Suggested by Kari Hurtta of the Finnish Meteorological
- Institute.
- CONFIG: New macro MODIFY_MAILER_FLAGS to tweak *_MAILER_FLAGS;
- i.e., to set, add, or delete flags.
- CONFIG: If SMTP AUTH is used then relaying is allowed for any user
- who authenticated via a "trusted" mechanism, i.e., one that
- is defined via TRUST_AUTH_MECH(`list of mechanisms').
- CONFIG: FEATURE(`delay_checks') delays check_mail and check_relay
- after check_rcpt and allows for exceptions from the checks.
- CONFIG: Map declarations have been moved into their associated
- feature files to allow greater flexibility in use of
- sequence maps. Suggested by Per Hedeland of Ericsson.
- CONFIG: New macro LOCAL_MAILER_EOL to override the default end of
- line string for the local mailer. Requested by Il Oh of
- Willamette Industries, Inc.
- CONFIG: Route addresses are stripped, i.e., <@a,@b,@c:user@d> is
- converted to <user@d>
- CONFIG: Reject bogus return address of <@@hostname>, generated by
- Sun's older, broken configuration files.
- CONFIG: FEATURE(`nullclient') now provides the full rulesets of a
- normal configuration, allowing anti-spam checks to be
- performed.
- CONFIG: Don't return a permanent error (Relaying denied) if
- ${client_name} can't be resolved just temporarily.
- Suggested by Kari Hurtta of the Finnish Meteorological
- Institute.
- CONFIG: Change numbered rulesets into named (which still can
- be accessed by their numbers).
- CONFIG: FEATURE(`nouucp') takes one parameter: reject or nospecial
- which describes whether to disallow "!" in the local part
- of an address.
- CONFIG: Call Local_localaddr from localaddr (S5) which can be used
- to rewrite an address from a mailer which has the F=5 flag
- set. If the ruleset returns a mailer, the appropriate
- action is taken, otherwise the returned tokens are ignored.
- CONFIG: cf/ostype/solaris.m4 has been renamed to solaris2.pre5.m4
- and cf/ostype/solaris2.m4 is now a copy of solaris2.ml.m4.
- The latter is kept around for backward compatibility.
- CONFIG: Allow ":D.S.N:" for mailer/virtusertable "error:" entries,
- where "D.S.N" is an RFC 1893 compliant error code.
- CONFIG: Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX).
- CONFIG: Remove second space between username and date in UNIX From_
- line. Noted by Allan E Johannesen of Worcester Polytechnic
- Institute.
- CONFIG: Make sure all of the mailers have complete T= equates.
- CONFIG: Extend FEATURE(`local_procmail') so it can now take
- arguments overriding the mailer program, arguments, and
- mailer definition flags. This makes it possible to use
- other programs such as maildrop for local delivery.
- CONFIG: Emit warning if FEATURE(`local_lmtp') or
- FEATURE(`local_procmail') is given after MAILER(`local').
- Patch from Richard A. Nelson of IBM.
- CONFIG: Add SMTP Authentication information to Received: header
- default value (confRECEIVED_HEADER).
- CONFIG: Remove `l' flag from USENET_MAILER_FLAGS as it is not a
- local mailer. Problem noted by Per Hedeland of Ericsson.
- CONTRIB: Added bounce-resender.pl from Brian R. Gaeke of the
- University of California at Berkeley.
- CONTRIB: Added domainmap.m4 from Mark D. Roth of the University of
- Illinois at Urbana-Champaign.
- CONTRIB: etrn.pl now recognizes bogus host names. Patch from
- Bruce Barnett of GE's R&D Lab.
- CONTRIB: Patches for re-mqueue.pl by Graeme Hewson of Oracle
- Corporation UK.
- CONTRIB: Added qtool.pl to assist in managing the queues.
- DEVTOOLS: Prevent user environment variables from interfering with
- the Build scripts. Problem noted by Ezequiel H. Panepucci of
- Yale University.
- DEVTOOLS: 'Build -M' will display the obj.* directory which will
- be used for building.
- DEVTOOLS: 'Build -A' will display the architecture that would be
- used for a fresh build.
- DEVTOOLS: New variable confRANLIB, set automatically by configure.sh.
- DEVTOOLS: New variable confRANLIBOPTS for the options to send to
- ranlib.
- DEVTOOLS: 'Build -O <path>' will have the object files build in
- <path>/obj.*. Suggested by Bryan Costales of Exactis.
- DEVTOOLS: New variable confNO_MAN_BUILD which will prevent the
- building of the man pages when defined. Suggested by Bryan
- Costales.
- DEVTOOLS: New variables confNO_HELPFILE_INSTALL and
- confNO_STATISTICS_INSTALL which will prevent the
- installation of the sendmail helpfile and statistics file
- respectively. Suggested by Bryan Costales.
- DEVTOOLS: Recognize ReliantUNIX as SINIX. Patch from Gerald Rinske
- of Siemens Business Services.
- DEVTOOLS: New variable confSTDIO_TYPE which defines the type of
- stdio library. The new buffered file I/O depends on the
- Torek stdio library. This option can be either portable or
- torek.
- DEVTOOLS: New variables confSRCADD and confSMSRCADD which
- correspond to confOBJADD and confSMOBJADD respectively.
- They should contain the C source files for the object files
- listed in confOBJADD and confSMOBJADD. These file names
- will be passed to the 'make depend' stage of compilation.
- DEVTOOLS: New program specific variables for each of the programs
- in the sendmail distribution. Each has the form
- `conf_prog_ENVDEF', for example, `conf_sendmail_ENVDEF'.
- The new variables are conf_prog_ENVDEF, conf_prog_LIBS,
- conf_prog_SRCADD, and conf_prog_OBJADD.
- DEVTOOLS: Build system redesign. This should have little affect on
- building the distribution, but documentation on the changes
- are in devtools/README.
- DEVTOOLS: Don't allow 'Build -f file' if an object directory already
- exists. Suggested by Valdis Kletnieks of Virginia Tech.
- DEVTOOLS: Rename confSRCDIR to confSMSRCDIR since it only identifies
- the path to the sendmail source directory. confSRCDIR is a
- new variable which identifies the root of the source
- directories for all of the programs in the distribution.
- DEVTOOLS: confSRCDIR and confSMSRCDIR are now determined at Build
- time. They can both still be overridden by setting the m4
- macro.
- DEVTOOLS: confSBINGRP now defaults to bin instead of kmem.
- DEVTOOLS: 'Build -Q prefix' uses devtools/Site/prefix.*.m4 for
- build configurations, and places objects in obj.prefix.*/.
- Complains as 'Build -f file' does for existing object
- directories. Suggested by Tom Smith of Digital Equipment
- Corporation.
- DEVTOOLS: Setting confINSTALL_RAWMAN will install unformatted
- manual pages in the directory tree specified by
- confMANROOTMAN.
- DEVTOOLS: If formatting the manual pages fails, copy in the
- preformatted pages from the distribution. The new variable
- confCOPY specifies the copying program.
- DEVTOOLS: Defining confFORCE_RMAIL will install rmail without
- question. Suggested by Terry Lambert of Whistle
- Communications.
- DEVTOOLS: confSTFILE and confHFFILE can be used to change the names
- of the installed statistics and help files, respectively.
- DEVTOOLS: Remove spaces in `uname -r` output when determining
- operating system identity. Problem noted by Erik
- Wachtenheim of Dartmouth College.
- DEVTOOLS: New variable confLIBSEARCHPATH to specify the paths that
- will be search for the libraries specified in confLIBSEARCH.
- Defaults to "/lib /usr/lib /usr/shlib".
- DEVTOOLS: New variables confSTRIP and confSTRIPOPTS for specifying
- how to strip binaries. These are used by the new
- install-strip target.
- DEVTOOLS: New config file site.post.m4 which is included after
- the others (if it exists).
- DEVTOOLS: Change order of LIBS: first product specific libraries
- then the default ones.
- MAIL.LOCAL: Will not be installed set-user-ID root. To use mail.local
- as local delivery agent without LMTP mode, use
- MODIFY_MAILER_FLAGS(`LOCAL', `+S')
- to set the S flag.
- MAIL.LOCAL: Do not reject addresses which would otherwise be
- accepted by sendmail. Suggested by Neil Rickert of
- Northern Illinois University.
- MAIL.LOCAL: New -7 option which causes LMTP mode not to advertise
- 8BITMIME in the LHLO response. Suggested by Kari Hurtta of
- the Finnish Meteorological Institute.
- MAIL.LOCAL: Add support for the maillock() routines by defining
- MAILLOCK when compiling. Also requires linking with
- -lmail. Patch from Neil Rickert of Northern Illinois
- University.
- MAIL.LOCAL: Create a Content-Length: header if CONTENTLENGTH is
- defined when compiling. Automatically set for Solaris 2.3
- and later. Patch from Neil Rickert of Northern Illinois
- University.
- MAIL.LOCAL: Move the initialization of the 'notifybiff' address
- structure to the beginning of the program. This ensures that
- the getservbyname() is done before any seteuid to a possibly
- unauthenticated user. If you are using NIS+ and secure RPC
- on a Solaris system, this avoids syslog messages such as,
- "authdes_refresh: keyserv(1m) is unable to encrypt session
- key." Patch from Neil Rickert of Northern Illinois
- University.
- MAIL.LOCAL: Support group writable mail spool files when MAILGID is
- set to the gid to use (-DMAILGID=6) when compiling.
- Patch from Neil Rickert of Northern Illinois University.
- MAIL.LOCAL: When a mail message included lines longer than 2046
- characters (in LMTP mode), mail.local split the incoming
- line up into 2046-character output lines (excluding the
- newline). If an input line was 2047 characters long
- (excluding CR-LF) and the last character was a '.',
- mail.local saw it as the end of input, transfered it to the
- user mailbox and tried to write an `ok' back to sendmail.
- If the message was much longer, both sendmail and
- mail.local would deadlock waiting for each other to read
- what they have written. Problem noted by Peter Jeremy of
- Alcatel Australia Limited.
- MAIL.LOCAL: New option -b to return a permanent error instead of a
- temporary error if a mailbox exceeds quota. Suggested by
- Neil Rickert of Northern Illinois University.
- MAIL.LOCAL: The creation of a lockfile is subject to a global
- timeout to avoid starvation.
- MAIL.LOCAL: Properly parse addresses with multiple quoted
- local-parts. Problem noted by Ronald F. Guilmette of
- Infinite Monkeys & Co.
- MAIL.LOCAL: NCR MP/RAS 3.X portability from Tom J. Moore of NCR.
- MAILSTATS: New -p option to invoke program mode in which stats are
- printed in a machine readable fashion and the stats file
- is reset. Patch from Kevin Hildebrand of the University
- of Maryland.
- MAKEMAP: If running as root, automatically change the ownership of
- generated maps to the TrustedUser as specified in the
- sendmail configuration file.
- MAKEMAP: New -C option to accept an alternate sendmail
- configuration file to use for finding the TrustedUser
- option.
- MAKEMAP: New -u option to dump (unmap) a database. Based on
- code contributed by Roy Mongiovi of Georgia Tech.
- MAKEMAP: New -e option to allow empty values. Suggested by Philip
- A. Prindeville of Enteka Enterprise Technology Services.
- MAKEMAP: Compile cleanly on 64-bit operating systems. Problem
- noted by Gerald Rinske of Siemens Business Services.
- OP.ME: Correctly document interaction between F=S and U= mailer
- equates. Problem noted by Bob Halley of Internet Engines.
- OP.ME: Fixup Timeout documentation. From Graeme Hewson of Oracle
- Corporation UK.
- OP.ME: The Timeout [r] option was incorrectly listed as "safe"
- (e.g., sendmail would not drop root privileges if the
- option was specified on the command line). Problem noted
- by Todd C. Miller of Courtesan Consulting.
- PRALIASES: Handle the hash and btree map specifications for
- Berkeley DB. Patch from Brian J. Coan of the
- Institute for Global Communications.
- PRALIASES: Read the sendmail.cf file for the location(s) of the
- alias file(s) if the -f option is not used. Patch from
- John Beck of Sun Microsystems.
- PRALIASES: New -C option to specify an alternate sendmail
- configuration file to use for finding alias file(s). Patch
- from John Beck of Sun Microsystems.
- SMRSH: allow shell commands echo, exec, and exit. Allow command
- lists using || and &&. Based on patch from Brian J. Coan
- of the Institute for Global Communications.
- SMRSH: Update README for the new Build system. From Tim Pierce
- of RootsWeb Genealogical Data Cooperative.
- VACATION: Added vacation auto-responder to sendmail distribution.
- LIBSMDB: Added abstracted database library. Works with Berkeley
- DB 1.85, Berkeley DB 2.X, Berkeley DB 3.X, and NDBM.
- Changed Files:
- The Build script in the various program subdirectories are
- no longer symbolic links. They are now scripts
- which execute the actual Build script in
- devtools/bin.
- All the manual pages are now written against -man and not
- -mandoc as they were previously.
- Add a simple Makefile to every directory so make instead
- of Build will work (unless parameters are
- required for Build).
- New Directories:
- devtools/M4/UNIX
- include
- libmilter
- libsmdb
- libsmutil
- vacation
- Renamed Directories:
- BuildTools => devtools
- src => sendmail
- Deleted Files:
- cf/m4/nullrelay.m4
- devtools/OS/Linux.ppc
- devtools/OS/ReliantUNIX
- devtools/OS/SINIX
- sendmail/ldap_map.h
- New Files:
- INSTALL
- PGPKEYS
- cf/cf/generic-linux.cf
- cf/cf/generic-linux.mc
- cf/feature/delay_checks.m4
- cf/feature/dnsbl.m4
- cf/feature/generics_entire_domain.m4
- cf/feature/no_default_msa.m4
- cf/feature/relay_mail_from.m4
- cf/feature/virtuser_entire_domain.m4
- cf/mailer/qpage.m4
- cf/ostype/bsdi.m4
- cf/ostype/hpux11.m4
- cf/ostype/openbsd.m4
- contrib/bounce-resender.pl
- contrib/domainmap.m4
- contrib/qtool.8
- contrib/qtool.pl
- devtools/M4/depend/AIX.m4
- devtools/M4/list.m4
- devtools/M4/string.m4
- devtools/M4/subst_ext.m4
- devtools/M4/switch.m4
- devtools/OS/Darwin
- devtools/OS/GNU
- devtools/OS/SINIX.5.43
- devtools/OS/SINIX.5.44
- devtools/OS/m88k
- devtools/bin/find_in_path.sh
- mail.local/Makefile
- mailstats/Makefile
- makemap/Makefile
- praliases/Makefile
- rmail/Makefile
- sendmail/Makefile
- sendmail/bf.h
- sendmail/bf_portable.c
- sendmail/bf_portable.h
- sendmail/bf_torek.c
- sendmail/bf_torek.h
- sendmail/shmticklib.c
- sendmail/statusd_shm.h
- sendmail/timers.c
- sendmail/timers.h
- smrsh/Makefile
- vacation/Makefile
- Renamed Files:
- cf/ostype/gnuhurd.m4 => cf/ostype/gnu.m4
- sendmail/cdefs.h => include/sendmail/cdefs.h
- sendmail/sendmail.hf => sendmail/helpfile
- sendmail/mailstats.h => include/sendmail/mailstats.h
- sendmail/pathnames.h => include/sendmail/pathnames.h
- sendmail/safefile.c => libsmutil/safefile.c
- sendmail/snprintf.c => libsmutil/snprintf.c
- sendmail/useful.h => include/sendmail/useful.h
- cf/ostype/solaris2.m4 => cf/ostype/solaris2.pre5.m4
- Copied Files:
- cf/ostype/solaris2.ml.m4 => cf/ostype/solaris2.m4
-
-8.9.3/8.9.3 1999/02/04
- SECURITY: Limit message headers to a maximum of 32K bytes (total
- of all headers in a single message) to prevent a denial of
- service attack. This limit will be configurable in 8.10.
- Problem noted by Michal Zalewski of the "Internet for
- Schools" project (IdS).
- Prevent segmentation fault on an LDAP lookup if the LDAP map
- was closed due to an earlier failure. Problem noted by
- Jeff Wasilko of smoe.org. Fix from Booker Bense of
- Stanford University and Per Hedeland of Ericsson.
- Preserve the order of the MIME headers in multipart messages
- when performing the MIME header length check. This
- will allow PGP signatures to function properly. Problem
- noted by Lars Hecking of University College, Cork, Ireland.
- If ruleset 5 rewrote the local address to an :include: directive,
- the delivery would fail with an "aliasing/forwarding loop
- broken" error. Problem noted by Eric C Hagberg of Morgan
- Stanley. Fix from Per Hedeland of Ericsson.
- Allow -T to work for bestmx maps. Fix from Aaron Schrab of
- ExecPC Internet Systems.
- During the transfer of a message in an SMTP transaction, if a
- TCP timeout occurs, the message would be properly queued
- for later retry but the failure would be logged as
- "Illegal Seek" instead of a timeout. Problem noted by
- Piotr Kucharski of the Warsaw School of Economics (SGH)
- and Carles Xavier Munyoz Baldo of CTV Internet.
- Prevent multiple deliveries on a self-referencing alias if the
- F=w mailer flag is not set. Problem noted by Murray S.
- Kucherawy of Concentric Network Corporation and Per
- Hedeland of Ericsson.
- Do not strip empty headers but if there is no value and a
- default is defined in sendmail.cf, use the default.
- Problem noted by Philip Guenther of Gustavus Adolphus
- College and Christopher McCrory of Netus, Inc.
- Don't inherit information about the sender (notably the full name)
- in SMTP (-bs) mode, since this might be called from inetd.
- Accept any 3xx reply code in response to DATA command instead of
- requiring 354. This change will match the wording to be
- published in the updated SMTP specification from the DRUMS
- group of the IETF.
- Portability:
- AIX 4.2.0 or 4.2.1 may become updated by the fileset
- bos.rte.net level 4.2.0.2. This introduces the
- softlink /usr/lib/libbind.a which should
- not be used. It conflicts with the resolver
- built into libc.a. "bind" has been removed
- from the confLIBSEARCH BuildTools variable.
- Users who have installed BIND 8.X will have
- to add it back in their site.config.m4 file.
- Problem noted by Ole Holm Nielsen of the
- Technical University of Denmark.
- CRAY TS 10.0.x from Sven Nielsen of San Diego
- Supercomputer Center.
- Improved LDAP version 3 integration based on input
- from Kurt D. Zeilenga of the OpenLDAP Foundation,
- John Beck of Sun Microsystems, and Booker Bense
- of Stanford University.
- Linux doesn't have a standard way to get the timezone
- between different releases. Back out the
- change in 8.9.2 and don't attempt to derive
- a timezone. Problem reported by Igor S. Livshits
- of the University of Illinois at Urbana-Champaign
- and Michael Dickens of Tetranet Communications.
- Reliant UNIX, the new name for SINIX, from Gert-Jan Looy
- of Siemens/SNI.
- SunOS 5.8 from John Beck of Sun Microsystems.
- CONFIG: SCO UnixWare 2.1 and 7.0 need TZ to get the proper
- timezone. Problem noted by Petr Lampa of Technical
- University of Brno.
- CONFIG: Handle <@bestmx-host:user@otherhost> addressing properly
- when using FEATURE(bestmx_is_local). Patch from Neil W.
- Rickert of Northern Illinois University.
- CONFIG: Properly handle source routed and %-hack addresses on
- hosts which the mailertable remaps to local:. Patch from
- Neil W. Rickert of Northern Illinois University.
- CONFIG: Internal fixup of mailertable local: map value. Patch from
- Larry Parmelee of Cornell University.
- CONFIG: Only add back +detail from host portion of mailer triplet
- on local mailer triplets if it was originally +detail.
- Patch from Neil W. Rickert of Northern Illinois University.
- CONFIG: The bestmx_is_local checking done in check_rcpt would
- cause later checks to fail. Patch from Paul J Murphy of
- MIDS Europe.
- New Files:
- BuildTools/OS/CRAYTS.10.0.x
- BuildTools/OS/ReliantUNIX
- BuildTools/OS/SunOS.5.8
-
-8.9.2/8.9.2 1998/12/30
- SECURITY: Remove five second sleep on accepting daemon connections
- due to an accept() failure. This sleep could be used
- for a denial of service attack.
- Do not silently ignore queue files with names which are too long.
- Patch from Bryan Costales of InfoBeat, Inc.
- Do not store failures closing an SMTP session in persistent
- host status. Reported by Graeme Hewson of Oracle
- Corporation UK.
- Allow symbolic link forward files if they are in safe directories.
- Problem noted by Andreas Schott of the Max Planck Society.
- Missing columns in a text map could cause a segmentation fault.
- Fix from David Lee of the University of Durham.
- Note that for 8.9.X, PrivacyOptions=goaway also includes the
- noetrn flag. This is scheduled to change in a future
- version of sendmail. Problem noted by Theo Van Dinter of
- Chrysalis Symbolic Designa and Alan Brown of Manawatu
- Internet Services.
- When trying to do host canonification in a Wildcard MX
- environment, try an MX lookup of the hostname without the
- default domain appended. Problem noted by Olaf Seibert of
- Polderland Language & Speech Technology.
- Reject SMTP RCPT To: commands with only comments (i.e.
- 'RCPT TO: (comment)'. Problem noted by Earle Ake of
- Hassler Communication Systems Technology, Inc.
- Handle any number of %s in the LDAP filter spec. Patch from
- Per Hedeland of Ericsson.
- Clear ldapx open timeouts even if the map open failed to prevent
- a segmentation fault. Patch from Wayne Knowles of the
- National Institute of Water & Atmospheric Research Ltd.
- Do not syslog envelope clone messages when using address
- verification (-bv). Problem noted by Kari Hurtta of the
- Finnish Meteorological Institute.
- Continue to perform queue runs while in daemon mode even if the
- daemon is rejecting connections due to a disk full
- condition. Problem noted by JR Oldroyd of TerraNet
- Internet Services.
- Include full filename on installation of the sendmail.hf file
- in case the $HFDIR directory does not exist. Problem
- noted by Josef Svitak of Montana State University.
- Close all maps when exiting the process with one exception.
- Berkeley DB can use internal shared memory locking for
- its memory pool. Closing a map opened by another process
- will interfere with the shared memory and locks of the
- parent process leaving things in a bad state. For
- Berkeley DB, only close the map if the current process
- is also the one that opened the map, otherwise only close
- the map file descriptor. Thanks to Yoseff Francus of
- Collective Technologies for volunteering his system for
- extended testing.
- Avoid null pointer dereference on XDEBUG output for SMTP reply
- failures. Problem noted by Carlos Canau of EUnet Portugal.
- On mailq and hoststat listings being piped to another program, such
- as more, if the pipe closes (i.e., the user quits more),
- stop sending output and exit. Patch from Allan E Johannesen
- of Worcester Polytechnic Institute.
- In accordance with the documentation, LDAP map lookup failures
- are now considered temporary failures instead of permanent
- failures unless the -t flag is used in the map definition.
- Problem noted by Booker Bense of Stanford University and
- Eric C. Hagberg of Morgan Stanley.
- Fix by one error reporting on long alias names. Problem noted by
- H. Paul Hammann of the Missouri Research and Education
- Network.
- Fix DontBlameSendmail=IncludeFileInUnsafeDirPath behavior. Problem
- noted by Barry S. Finkel of Argonne National Laboratory.
- When automatically converting from 8 bit to quoted printable MIME,
- be careful not to miss a multi-part boundary if that
- boundary is preceded by a boundary-like line. Problem
- noted by Andreas Raschle of Ansid Inc. Fix from
- Kari Hurtta of the Finnish Meteorological Institute.
- Avoid bogus reporting of "LMTP tobuf overflow" when the buffer
- has enough space for the additional address. Problem
- noted by Steve Cliffe of the University of Wollongong.
- Fix DontBlameSendmail=FileDeliveryToSymlink behavior. Problem
- noted by Alex Vorobiev of Swarthmore College.
- If the check_compat ruleset resolves to the $#discard mailer,
- discard the current recipient. Unlike check_relay,
- check_mail, and check_rcpt, the entire envelope is not
- discarded. Problem noted by RZ D. Rahlfs. Fix from
- Claus Assmann of Christian-Albrechts-University of Kiel.
- Avoid segmentation fault when reading ServiceSwitchFile files with
- bogus formatting. Patch from Kari Hurtta of the Finnish
- Meteorological Institute.
- Support Berkeley DB 2.6.4 API change.
- OP.ME: Pages weren't properly output on duplexed printers. Fix
- from Matthew Black of CSU Long Beach.
- Portability:
- Apple Rhapsody from Wilfredo Sanchez of Apple Computer, Inc.
- Avoid a clash with IRIX 6.2 getopt.h and the UserDatabase
- option structure. Problem noted by Ashley M.
- Kirchner of Photo Craft Laboratories, Inc.
- Break out IP address to hostname translation for
- reading network interface addresses into
- class 'w'. Patch from John Kennedy of
- Cal State University, Chico.
- AIX 4.x use -qstrict with -O3 to prevent the optimized
- from changing the semantics of the compiled
- program. From Simon Travaglia of the
- University of Waikato, New Zealand.
- FreeBSD 2.2.2 and later support setusercontext(). From
- Peter Wemm of DIALix.
- FreeBSD 3.x fix from Peter Wemm of DIALix.
- IRIX 5.x has a syslog buffer size of 512 bytes. From
- Nao NINOMIYA of Utsunomiya University.
- IRIX 6.5 64-bit Build support.
- LDAP Version 3 support from John Beck and Ravi Iyer
- of Sun Microsystems.
- Linux does not implement seteuid() properly. From
- John Kennedy of Cal State University, Chico.
- Linux timezone type was set improperly. From Takeshi Itoh
- of Bits Co., Ltd.
- NCR MP-RAS 3.x needs -lresolv for confLIBS. From
- Tom J. Moore of NCR.
- NeXT 4.x correction to man page path. From J. P. McCann
- of E I A.
- System V Rel 5.x (a.k.a UnixWare7 w/o BSD-Compatibility Libs)
- from Paul Gampe of the Asia Pacific Network
- Information Center.
- ULTRIX now requires an optimization limit of 970 from
- Allan E Johannesen of Worcester Polytechnic
- Institute.
- Fix extern declaration for sm_dopr(). Fix from Henk
- van Oers of Algemeen Nederlands Persbureau.
- CONFIG: Catch @hostname,user@anotherhost.domain as relaying.
- Problem noted by Mark Rogov of AirMedia, Inc. Fix from
- Claus Assmann of Christian-Albrechts-University of Kiel.
- CONFIG: Do not refer to http://maps.vix.com/ on RBL rejections as
- there are multiple RBL's available and the MAPS RBL may
- not be the one in use. Suggested by Alan Brown of
- Manawatu Internet Services.
- CONFIG: Properly strip route addresses (i.e., @host1:user@host2)
- when stripping down a recipient address to check for
- relaying. Patch from Claus Assmann of
- Christian-Albrechts-University of Kiel and Neil W Rickert
- of Northern Illinois University.
- CONFIG: Allow the access database to override RBL lookups. Patch
- from Claus Assmann of Christian-Albrechts-University of
- Kiel.
- CONFIG: UnixWare 7 support from Phillip P. Porch of The Porch
- Dot Com.
- CONFIG: Fixed check for deferred delivery mode warning. Patch
- from Claus Assmann of Christian-Albrechts-University of
- Kiel and Per Hedeland of Ericsson.
- CONFIG: If a recipient using % addressing is used, e.g.
- user%site@othersite, and othersite's MX records are now
- checked for local hosts if FEATURE(relay_based_on_MX) is
- used. Problem noted by Alexander Litvin of Lucky Net Ltd.
- Patch from Alexander Litvin of Lucky Net Ltd and
- Claus Assmann of Christian-Albrechts-University of Kiel.
- MAIL.LOCAL: Prevent warning messages from appearing in the LMTP
- stream. Do not allow more than one response per recipient.
- MAIL.LOCAL: Handle routed addresses properly when using LMTP. Fix
- from John Beck of Sun Microsystems.
- MAIL.LOCAL: Properly check for CRLF when using LMTP. Fix from
- John Beck of Sun Microsystems.
- MAIL.LOCAL: Substitute MAILER-DAEMON for the LMTP empty sender in
- the envelope From header.
- MAIL.LOCAL: Accept underscores in hostnames in LMTP mode.
- Problem noted by Glenn A. Malling of Syracuse University.
- MAILSTATS: Document msgsrej and msgsdis fields in the man page.
- Problem noted by Richard Wong of Princeton University.
- MAKEMAP: Build group list so group writable files are allowed with
- the -s flag. Problem noted by Curt Sampson of Internet
- Portal Services, Inc.
- PRALIASES: Automatically handle alias files created without the
- NULL byte at the end of the key. Patch from John Beck of
- Sun Microsystems.
- PRALIASES: Support Berkeley DB 2.6.4 API change.
- New Files:
- BuildTools/OS/IRIX64.6.5
- BuildTools/OS/UnixWare.5.i386
- cf/ostype/unixware7.m4
- contrib/smcontrol.pl
- src/control.c
-
-8.9.1/8.9.1 1998/07/02
- If both an OS specific site configuration file and a generic
- site.config.m4 file existed, only the latter was used
- instead of both. Problem noted by Geir Johannessen of
- the Norwegian University of Science and Technology.
- Fix segmentation fault while converting 8 bit to 7 bit MIME
- multipart messages by trying to write to an unopened
- file descriptor. Fix from Kari Hurtta of the Finnish
- Meteorological Institute.
- Do not assume Message: and Text: headers indicate the end of
- the header area when parsing MIME headers. Problem noted
- by Kari Hurtta of the Finnish Meteorological Institute.
- Setting the confMAN#SRC Build variable would only effect the
- installation commands. The man pages would still be
- built with .0 extensions. Problem noted by Bryan
- Costales of InfoBeat, Inc.
- Installation of manual pages didn't honor the DESTDIR environment
- variable. Problem noted by Bryan Costales of InfoBeat, Inc.
- If the check_relay ruleset resolved to the discard mailer, messages
- were still delivered. Problem noted by Mirek Luc of NASK.
- Mail delivery to files would fail with an Operating System Error
- if sendmail was not running as root, i.e., RunAsUser was set.
- Problem noted by Leonard N. Zubkoff of Dandelion Digital.
- Prevent MinQueueAge from interfering from queued items created
- in the future, i.e., if the system clock was set ahead
- and then back. Problem noted by Michael Miller of the
- University of Natal, Pietermaritzburg.
- Do not advertise ETRN support in ESTMP EHLO reply if noetrn is
- set in the PrivacyOptions option. Fix from Ted Rule of
- Flextech TV.
- Log invalid persistent host status file lines instead of
- bouncing the message. Problem noted by David Lindes of
- DaveLtd Enterprises.
- Move creation of empty sendmail.st file from installation to
- compilation. Installation may be done from a read-only
- mount. Fix from Bryan Costales of InfoBeat, Inc. and Ric
- Anderson of the Oasis Research Center, Inc.
- Enforce the maximum number of User Database entries limit. Problem
- noted by Gary Buchanan of Credence Systems Inc.
- Allow dead.letter files in root's home directory. Problem noted
- by Anna Ullman of Sun Microsystems.
- Program deliveries in forward files could be marked unsafe if
- any directory listed in the ForwardPath option did not
- exist. Problem noted by Jorg Bielak of Coastal Web Online.
- Do not trust the length of the address structure returned by
- gethostbyname(). Problem noted by Chris Evans of Oxford
- University.
- If the SIZE= MAIL From: ESMTP parameter is too large, use the
- 5.3.4 DSN status code instead of 5.2.2. Similarly, for
- non-local deliveries, if the message is larger than the
- mailer maximum message size, use 5.3.4 instead of 5.2.3.
- Suggested by Antony Bowesman of
- Fujitsu/TeaWARE Mail/MIME System.
- Portability:
- Fix the check for an IP address reverse lookup for
- use in $&{client_name} on 64 bit platforms.
- From Gilles Gallot of Institut for Development
- and Resources in Intensive Scientific computing.
- BSD-OS uses .0 for man page extensions. From Jeff Polk
- of BSDI.
- DomainOS detection for Build. Also, version 10.4 and later
- ship a unistd.h. Fixes from Takanobu Ishimura of
- PICT Inc.
- NeXT 4.x uses /usr/lib/man/cat for its man pages. From
- J. P. McCann of E I A.
- SCO 4.X and 5.X include NDBM support. From Vlado Potisk
- of TEMPEST, Ltd.
- CONFIG: Do not pass spoofed PTR results through resolver for
- qualification. Problem noted by Michiel Boland of
- Digital Valley Internet Professionals; fix from
- Kari Hurtta of the Finnish Meteorological Institute.
- CONFIG: Do not try to resolve non-DNS hostnames such as UUCP,
- BITNET, and DECNET addresses for resolvable senders.
- Problem noted by Alexander Litvin of Lucky Net Ltd.
- CONFIG: Work around Sun's broken configuration which sends bounce
- messages as coming from @@hostname instead of <>. LMTP
- would not accept @@hostname.
- OP.ME: Corrections to complex sendmail startup script from Rick
- Troxel of the National Institutes of Health.
- RMAIL: Do not install rmail by default, require 'make force-install'
- as this rmail isn't the same as others. Suggested by
- Kari Hurtta of the Finnish Meteorological Institute.
- New Files:
- BuildTools/OS/DomainOS.10.4
-
-8.9.0/8.9.0 1998/05/19
- SECURITY: To prevent users from reading files not normally
- readable, sendmail will no longer open forward, :include:,
- class, ErrorHeader, or HelpFile files located in unsafe
- (i.e., group or world writable) directory paths. Sites
- which need the ability to override security can use the
- DontBlameSendmail option. See the README file for more
- information.
- SECURITY: Problems can occur on poorly managed systems, specifically,
- if maps or alias files are in world writable directories.
- This fixes the change added to 8.8.6 to prevent links in these
- world writable directories.
- SECURITY: Make sure ServiceSwitchFile option file is not a link if
- it is in a world writable directory.
- SECURITY: Never pass a tty to a mailer -- if a mailer can get at the
- tty it may be able to push bytes back to the senders input.
- Unfortunately this breaks -v mode. Problem noted by
- Wietse Venema of the Global Security Analysis Lab at
- IBM T.J. Watson Research.
- SECURITY: Empty group list if DontInitGroups is set to true to
- prevent program deliveries from picking up extra group
- privileges. Problem reported by Wolfgang Ley of DFN-CERT.
- SECURITY: The default value for DefaultUser is now set to the uid and
- gid of the first existing user mailnull, sendmail, or daemon
- that has a non-zero uid. If none of these exist, sendmail
- reverts back to the old behavior of using uid 1 and gid 1.
- This is a security problem for Linux which has chosen that
- uid and gid for user bin instead of daemon. If DefaultUser
- is set in the configuration file, that value overrides this
- default.
- SECURITY: Since 8.8.7, the check for non-set-user-ID binaries
- interfered with setting an alternate group id for the
- RunAsUser option. Problem noted by Randall Winchester of
- the University of Maryland.
- Add support for Berkeley DB 2.X. Based on patch from John Kennedy
- of Cal State University, Chico.
- Remove support for OLD_NEWDB (pre-1.5 version of Berkeley DB). Users
- which previously defined OLD_NEWDB=1 must now upgrade to the
- current version of Berkeley DB.
- Added support for regular expressions using the new map class regex.
- From Jan Krueger of Unix-AG of University of Hannover.
- Support for BIND 8.1.1's hesiod for hesiod maps and hesiod
- UserDatabases from Randall Winchester of the University
- of Maryland.
- Allow any shell for user shell on program deliveries on V1
- configurations for backwards compatibility on machines which
- do not have getusershell(). Fix from John Beck of Sun
- Microsystems.
- On operating systems which change the process title by reusing the
- argument vector memory, sendmail could corrupt memory if the
- last argument was either "-q" or "-d". Problem noted by
- Frank Langbein of the University of Stuttgart.
- Support Local Mail Transfer Protocol (LMTP) between sendmail and
- mail.local on the F=z flag.
- Macro-expand the contents of the ErrMsgFile. Previously this was
- only done if you had magic characters (0x81) to indicate
- macro expansion. Now $x will be expanded. This means that
- real dollar signs have to be backslash escaped.
- TCP Wrappers expects "unknown" in the hostname argument if the
- reverse DNS lookup for the incoming connection fails.
- Problem noted by Randy Grimshaw of Syracuse University and
- Wietse Venema of the Global Security Analysis Lab at
- IBM T.J. Watson Research.
- DSN success bounces generated from an invocation of sendmail -t
- would be sent to both the sender and MAILER-DAEMON.
- Problem noted by Claus Assmann of
- Christian-Albrechts-University of Kiel.
- Avoid "Error 0" messages on delivery mailers which exit with a
- valid exit value such as EX_NOPERM. Fix from Andreas Luik
- of ISA Informationssysteme GmbH.
- Tokenize $&x expansions on right hand side of rules. This eliminates
- the need to use tricks like $(dequote "" $&{client_name} $)
- to cause the ${client_name} macro to be properly tokenized.
- Add the MaxRecipientsPerMessage option: this limits the number of
- recipients that will be accepted in a single SMTP
- transaction. After this number is reached, sendmail
- starts returning "452 Too many recipients" to all RCPT
- commands. This can be used to limit the number of recipients
- per envelope (in particular, to discourage use of the server
- for spamming). Note: a better approach is to restrict
- relaying entirely.
- Fixed pointer initialization for LDAP lmap struct, fixed -s option
- to ldapx map and added timeout for ldap_open call to
- avoid hanging sendmail in the event of hung LDAP servers.
- Patch from Booker Bense of Stanford University.
- Allow multiple -qI, -qR, or -qS queue run limiters. For example,
- '-qRfoo -qRbar' would deliver mail to recipients with foo or
- bar in their address. Patch from Allan E Johannesen of
- Worcester Polytechnic Institute.
- The bestmx map will now return a list of the MX servers for a host if
- passed a column delimiter via the -z map flag. This can be
- used to check if the server is an MX server for the recipient
- of a message. This can be used to help prevent relaying.
- Patch from Mitchell Blank Jr of Exec-PC.
- Mark failures for the *file* mailer and return bounce messages to the
- sender for those failures.
- Prevent bogus syslog timestamps on errors in sendmail.cf by
- preserving the TZ environment variable until TimeZoneSpec
- has been determined. Problem noted by Ralf Hildebrandt of
- Technical University of Braunschweig. Patch from Per Hedeland
- of Ericsson.
- Print test input in address test mode when input is not from the tty
- when the -v flag is given (i.e., sendmail -bt -v) to make
- output easier to decipher. Problem noted by Aidan Nichol
- of Procter & Gamble.
- The LDAP map -s flag was not properly parsed and the error message
- given included the remainder of the arguments instead of
- solely the argument in error. Problem noted by Aidan Nichol
- of Procter & Gamble.
- New DontBlameSendmail option. This option allows administrators to
- bypass some of sendmail's file security checks at the expense
- of system security. This should only be used if you are
- absolutely sure you know the consequences. The available
- DontBlameSendmail options are:
- Safe
- AssumeSafeChown
- ClassFileInUnsafeDirPath
- ErrorHeaderInUnsafeDirPath
- GroupWritableDirPathSafe
- GroupWritableForwardFileSafe
- GroupWritableIncludeFileSafe
- GroupWritableAliasFile
- HelpFileinUnsafeDirPath
- WorldWritableAliasFile
- ForwardFileInGroupWritableDirPath
- IncludeFileInGroupWritableDirPath
- ForwardFileInUnsafeDirPath
- IncludeFileInUnsafeDirPath
- ForwardFileInUnsafeDirPathSafe
- IncludeFileInUnsafeDirPathSafe
- MapInUnsafeDirPath
- LinkedAliasFileInWritableDir
- LinkedClassFileInWritableDir
- LinkedForwardFileInWritableDir
- LinkedIncludeFileInWritableDir
- LinkedMapInWritableDir
- LinkedServiceSwitchFileInWritableDir
- FileDeliveryToHardLink
- FileDeliveryToSymLink
- WriteMapToHardLink
- WriteMapToSymLink
- WriteStatsToHardLink
- WriteStatsToSymLink
- RunProgramInUnsafeDirPath
- RunWritableProgram
- New DontProbeInterfaces option to turn off the inclusion of all the
- interface names in $=w on startup. In particular, if you
- have lots of virtual interfaces, this option will speed up
- startup. However, unless you make other arrangements, mail
- sent to those addresses will be bounced.
- Automatically create alias databases if they don't exist and
- AutoRebuildAliases is set.
- Add PrivacyOptions=noetrn flag to disable the SMTP ETRN command.
- Suggested by Christophe Wolfhugel of the Institut Pasteur.
- Add PrivacyOptions=noverb flag to disable the SMTP VERB command.
- When determining the client host name ($&{client_name} macro), do
- a forward (A) DNS lookup on the result of the PTR lookup
- and compare results. If they differ or if the PTR lookup
- fails, &{client_name} will contain the IP address
- surrounded by square brackets (e.g., [127.0.0.1]).
- New map flag: -Tx appends "x" to lookups that return temporary failure
- (i.e, it is like -ax for the temporary failure case, in
- contrast to the success case).
- New syntax to do limited checking of header syntax. A config line
- of the form:
- HHeader: $>Ruleset
- causes the indicated Ruleset to be invoked on the Header
- when read. This ruleset works like the check_* rulesets --
- that is, it can reject mail on the basis of the contents.
- Limit the size of the HELO/EHLO parameter to prevent spammers
- from hiding their connection information in Received:
- headers.
- When SingleThreadDelivery is active, deliveries to locked hosts
- are skipped. This will cause the delivering process to
- try the next MX host or queue the message if no other MX
- hosts are available. Suggested by Alexander Litvin.
- The [FILE] mailer type now delivers to the file specified in the
- A= equate of the mailer definition instead of $u. It also
- obeys all of the F= mailer flags such as the MIME
- 7/8 bit conversion flags. This is useful for defining
- a mailer which delivers to the same file regardless of the
- recipient (e.g., 'A=FILE /dev/null' to discard unwanted mail).
- Do not assume the identity of a remote connection is root@localhost
- if the remote connection closes the socket before the
- remote identity can be queried.
- Change semantics of the F=S mailer flag back to 8.7.5 behavior.
- Some mailers, including procmail, require that the real
- uid is left unchanged by sendmail. Problem noted by Per
- Hedeland of Ericsson.
- No longer is the src/obj*/Makefile selected from a large list -- it
- is now generated using the information in BuildTools/OS/ --
- some of the details are determined dynamically via
- BuildTools/bin/configure.sh.
- The other programs in the sendmail distribution -- mail.local,
- mailstats, makemap, praliases, rmail, and smrsh -- now use
- the new Build method which creates an operating system
- specific Makefile using the information in BuildTools.
- Make 4xx reply codes to the SMTP MAIL command be non-sticky (i.e.,
- a failure on one message won't affect future messages to the
- same host). This is necessary if the remote host sends
- a 451 error if the domain of the sender does not resolve
- as is common in anti-spam configurations. Problem noted
- by Mitchell Blank Jr of Exec-PC.
- New "discard" mailer for check_* rulesets and header checking
- rulesets. If one of the above rulesets resolves to the
- $#discard mailer, the commands will be accepted but the
- message will be completely discarded after it is accepting.
- This means that even if only one of the recipients
- resolves to the $#discard mailer, none of the recipients
- will receive the mail. Suggested by Brian Kantor.
- All but the last cloned envelope of a split envelope were queued
- instead of being delivered. Problem noted by John Caruso
- of CNET: The Computer Network.
- Fix deadlock situation in persistent host status file locking.
- Syslog an error if a user forward file could not be read due to
- an error. Patch from John Beck of Sun Microsystems.
- Use the first name returned on machine lookups when canonifying a
- hostname via NetInfo. Patch from Timm Wetzel of GWDG.
- Clear the $&{client_addr}, $&{client_name}, and $&{client_port}
- macros when delivering a bounce message to prevent
- rejection by a check_compat ruleset which uses these macros.
- Problem noted by Jens Hamisch of AgiX Internetservices GmbH.
- If the check_relay ruleset resolves to the the error mailer, the
- error in the $: portion of the resolved triplet is used
- in the rejection message given to the remote machine.
- Suggested by Scott Gifford of The Internet Ramp.
- Set the $&{client_addr}, $&{client_name}, and $&{client_port} macros
- before calling the check_relay ruleset. Suggested by Scott
- Gifford of The Internet Ramp.
- Sendmail would get a segmentation fault if a mailer exited with an
- exit code of 79. Problem noted by Aaron Schrab of ExecPC
- Internet. Fix from Christophe Wolfhugel of the Pasteur
- Institute.
- Separate snprintf/vsnprintf routines into separate file for use by
- mail.local.
- Allow multiple map lookups on right hand side, e.g.,
- R$* $( host $1 $) $| $( passwd $1 $). Patch from
- Christophe Wolfhugel of the Pasteur Institute.
- Properly generate success DSN messages if requested for aliases
- which have owner- aliases. Problem noted by Kari Hurtta
- of the Finnish Meteorological Institute.
- Properly display delayed-expansion macros ($&{macroname}) in
- address test mode (-bt). Problem noted by Bryan Costales
- of InfoBeat, Inc.
- -qR could sometimes match names incorrectly. Problem noted by
- Lutz Euler of Lavielle EDV Systemberatung GmbH & Co.
- Include a magic number and version in the StatusFile for the
- mailstats command.
- Record the number of rejected and discarded messages in the
- StatusFile for display by the mailstats command. Patch
- from Randall Winchester of the University of Maryland.
- IDENT returns where the OSTYPE field equals "OTHER" now list the
- user portion as IDENT:username@site instead of
- username@site to differentiate the two. Suggested by
- Kari Hurtta of the Finnish Meteorological Institute.
- Enforce timeout for LDAP queries. Patch from Per Hedeland of
- Ericsson.
- Change persistent host status filename substitution so '/' is
- replaced by ':' instead of '|' to avoid clashes. Also
- avoid clashes with hostnames with leading dots. Fix from
- Mitchell Blank Jr. of Exec-PC.
- If the system lock table is full, only attempt to create a new
- queue entry five times before giving up. Previously, it
- was attempted indefinitely which could cause the partition
- to run out of inodes. Problem noted by Suzie Weigand of
- Stratus Computer, Inc.
- In verbose mode, warn if the sendmail.cf version is less than the
- currently supported version.
- Sorting for QueueSortOrder=host is now case insensitive. Patch
- from Randall S. Winchester of the University of Maryland.
- Properly quote a full name passed via the -F command line option,
- the Full-Name: header, or the NAME environment variable if
- it contains characters which must be quoted. Problem noted
- by Kari Hurtta of the Finnish Meteorological Institute.
- Avoid possible race condition that unlocked a mail job before
- releasing the transcript file on systems that use flock(2).
- In some cases, this might result in a "Transcript Unavailable"
- message in error bounces.
- Accept SMTP replies which contain only a reply code and no
- accompanying text. Problem noted by Fernando Fraticelli of
- Digital Equipment Corporation.
- Portability:
- AIX 4.1 uses int for SOCKADDR_LEN_T from Motonori Nakamura
- of Kyoto University.
- AIX 4.2 requires <userpw.h> before <usersec.h>. Patch from
- Randall S. Winchester of the University of
- Maryland.
- AIX 4.3 from Valdis Kletnieks of Virginia Tech CNS.
- CRAY T3E from Manu Mahonen of Center for Scientific Computing
- in Finland.
- Digital UNIX now uses statvfs for determining free
- disk space. Patch from Randall S. Winchester of
- the University of Maryland.
- HP-UX 11.x from Richard Allen of Opin Kerfi HF and
- Regis McEwen of Progress Software Corporation.
- IRIX 64 bit fixes from Kari Hurtta of the Finnish
- Meteorological Institute.
- IRIX 6.2 configuration fix for mail.local from Michael Kyle
- of CIC/Advanced Computing Laboratory.
- IRIX 6.5 from Thomas H Jones II of SGI.
- IRIX 6.X load average code from Bob Mende of SGI.
- QNX from Glen McCready <glen@qnx.com>.
- SCO 4.2 and 5.x use /usr/bin instead of /usr/ucb for links
- to sendmail. Install with group bin instead of kmem
- as kmem does not exist. From Guillermo Freige of
- Gobernacion de la Pcia de Buenos Aires and Paul
- Fischer of BTG, Inc.
- SunOS 4.X does not include memmove(). Patch from
- Per Hedeland of Ericsson.
- SunOS 5.7 includes getloadavg() function for determining
- load average. Patch from John Beck of Sun
- Microsystems.
- CONFIG: Increment version number of config file.
- CONFIG: add DATABASE_MAP_TYPE to set the default type of database
- map for the various maps. The default is hash. Patch from
- Robert Harker of Harker Systems.
- CONFIG: new confEBINDIR m4 variable for defining the executable
- directory for certain programs.
- CONFIG: new FEATURE(local_lmtp) to use the new LMTP support for
- local mail delivery. By the default, /usr/libexec/mail.local
- is used. This is expected to be the mail.local shipped
- with 8.9 which is LMTP capable. The path is based on the
- new confEBINDIR m4 variable.
- CONFIG: Use confEBINDIR in determining path to smrsh for
- FEATURE(smrsh). Note that this changes the default from
- /usr/local/etc/smrsh to /usr/libexec/smrsh. To obtain the
- old path for smrsh, use FEATURE(smrsh, /usr/local/etc/smrsh).
- CONFIG: DOMAIN(generic) changes the default confFORWARD_PATH to
- include $z/.forward.$w+$h and $z/.forward+$h which allow
- the user to setup different .forward files for
- user+detail addressing.
- CONFIG: add confMAX_RCPTS_PER_MESSAGE, confDONT_PROBE_INTERFACES,
- and confDONT_BLAME_SENDMAIL to set MaxRecipientsPerMessage,
- DontProbeInterfaces, and DontBlameSendmail options.
- CONFIG: by default do not allow relaying (that is, accepting mail
- from outside your domain and sending it to another host
- outside your domain).
- CONFIG: new FEATURE(promiscuous_relay) to allow mail relaying from
- any site to any site.
- CONFIG: new FEATURE(relay_entire_domain) allows any host in your
- domain as defined by the 'm' class ($=m) to relay.
- CONFIG: new FEATURE(relay_based_on_MX) to allow relaying based on
- the MX records of the host portion of an incoming recipient.
- CONFIG: new FEATURE(access_db) which turns on the access database
- feature. This database gives you the ability to allow
- or refuse to accept mail from specified domains for
- administrative reasons. By default, names that are listed
- as "OK" in the access db are domain names, not host names.
- CONFIG: new confCR_FILE m4 variable for defining the name of the file
- used for class 'R'. Defaults to /etc/mail/relay-domains.
- CONFIG: new command RELAY_DOMAIN(domain) and RELAY_DOMAIN_FILE(file)
- to add items to class 'R' ($=R) for hosts allowed to relay.
- CONFIG: new FEATURE(relay_hosts_only) to change the behavior
- of FEATURE(access_db) and class 'R' to lookup individual
- host names only.
- CONFIG: new FEATURE(loose_relay_check). Normally, if a recipient
- using % addressing is used, e.g. user%site@othersite,
- and othersite is in class 'R', the check_rcpt ruleset
- will strip @othersite and recheck user@site for relaying.
- This feature changes that behavior. It should not be
- needed for most installations.
- CONFIG: new FEATURE(relay_local_from) to allow relaying if the
- domain portion of the mail sender is a local host. This
- should only be used if absolutely necessary as it opens
- a window for spammers. Patch from Randall S. Winchester of
- the University of Maryland.
- CONFIG: new FEATURE(blacklist_recipients) turns on the ability to
- block incoming mail destined for certain recipient
- usernames, hostnames, or addresses.
- CONFIG: By default, MAIL FROM: commands in the SMTP session will be
- refused if the host part of the argument to MAIL FROM: cannot
- be located in the host name service (e.g., DNS).
- CONFIG: new FEATURE(accept_unresolvable_domains) accepts
- unresolvable hostnames in MAIL FROM: SMTP commands.
- CONFIG: new FEATURE(accept_unqualified_senders) accepts
- MAIL FROM: senders which do not include a domain.
- CONFIG: new FEATURE(rbl) Turns on rejection of hosts found in the
- Realtime Blackhole List. You can specify the RBL name
- server to contact by specifying it as an optional argument.
- The default is rbl.maps.vix.com. For details, see
- http://maps.vix.com/rbl/.
- CONFIG: Call Local_check_relay, Local_check_mail, and
- Local_check_rcpt from check_relay, check_mail, and
- check_rcpt. Users with local rulesets should place the
- rules using LOCAL_RULESETS. If a Local_check_* ruleset
- returns $#OK, the message is accepted. If the ruleset
- returns a mailer, the appropriate action is taken, else
- the return of the ruleset is ignored.
- CONFIG: CYRUS_MAILER_FLAGS now includes the /:| mailer flags by
- default to support file, :include:, and program deliveries.
- CONFIG: Remove the default for confDEF_USER_ID so the binary can
- pick the proper default value. See the SECURITY note
- above for more information.
- CONFIG: FEATURE(nodns) now warns the user that the feature is a
- no-op. Patch from Kari Hurtta of the Finnish
- Meteorological Institute.
- CONFIG: OSTYPE(osf1) now sets DefaultUserID (confDEF_USER_ID) to
- daemon since DEC's /bin/mail will drop the envelope
- sender if run as mailnull. See the Digital UNIX section
- of src/README for more information. Problem noted by
- Kari Hurtta of the Finnish Meteorological Institute.
- CONFIG: .cf files are now stored in the same directory with the
- .mc files instead of in the obj directory.
- CONFIG: New options confSINGLE_LINE_FROM_HEADER,
- confALLOW_BOGUS_HELO, and confMUST_QUOTE_CHARS for
- setting SingleLineFromHeader, AllowBogusHELO, and
- MustQuoteChars respectively.
- MAIL.LOCAL: support -l flag to run LMTP on stdin/stdout. This
- SMTP-like protocol allows detailed reporting of delivery
- status on a per-user basis. Code donated by John Myers of
- CMU (now of Netscape).
- MAIL.LOCAL: HP-UX support from Randall S. Winchester of the
- University of Maryland. NOTE: mail.local is not
- compatible with the stock HP-UX mail format. Be sure to
- read mail.local/README.
- MAIL.LOCAL: Prevent other mail delivery agents from stealing a
- mailbox lock. Patch from Randall S. Winchester of the
- University of Maryland.
- MAIL.LOCAL: glibc portability from John Kennedy of Cal State
- University, Chico.
- MAIL.LOCAL: IRIX portability from Kari Hurtta of the Finnish
- Meteorological Institute.
- MAILSTATS: Display the number of rejected and discarded messages
- in the StatusFile. Patch from Randall Winchester of the
- University of Maryland.
- MAKEMAP: New -s flag to ignore safety checks on database map files
- such as linked files in world writable directories.
- MAKEMAP: Add support for Berkeley DB 2.X. Remove OLD_NEWDB support.
- PRALIASES: Add support for Berkeley DB 2.X.
- PRALIASES: Do not automatically include NDBM support. Problem
- noted by Ralf Hildebrandt of the Technical University of
- Braunschweig.
- RMAIL: Improve portability for other platforms. Patches from
- Randall S. Winchester of the University of Maryland and
- Kari Hurtta of the Finnish Meteorological Institute.
- Changed Files:
- src/Makefiles/Makefile.* files have been modified to use
- the new build mechanism and are now BuildTools/OS/*.
- src/makesendmail changed to symbolic link to src/Build.
- New Files:
- BuildTools/M4/header.m4
- BuildTools/M4/depend/BSD.m4
- BuildTools/M4/depend/CC-M.m4
- BuildTools/M4/depend/NCR.m4
- BuildTools/M4/depend/Solaris.m4
- BuildTools/M4/depend/X11.m4
- BuildTools/M4/depend/generic.m4
- BuildTools/OS/AIX.4.2
- BuildTools/OS/AIX.4.x
- BuildTools/OS/CRAYT3E.2.0.x
- BuildTools/OS/HP-UX.11.x
- BuildTools/OS/IRIX.6.5
- BuildTools/OS/NEXTSTEP.4.x
- BuildTools/OS/NeXT.4.x
- BuildTools/OS/NetBSD.8.3
- BuildTools/OS/QNX
- BuildTools/OS/SunOS.5.7
- BuildTools/OS/dcosx.1.x.NILE
- BuildTools/README
- BuildTools/Site/README
- BuildTools/bin/Build
- BuildTools/bin/configure.sh
- BuildTools/bin/find_m4.sh
- BuildTools/bin/install.sh
- Makefile
- cf/cf/Build
- cf/cf/generic-hpux10.cf
- cf/feature/accept_unqualified_senders.m4
- cf/feature/accept_unresolvable_domains.m4
- cf/feature/access_db.m4
- cf/feature/blacklist_recipients.m4
- cf/feature/loose_relay_check.m4
- cf/feature/local_lmtp.m4
- cf/feature/promiscuous_relay.m4
- cf/feature/rbl.m4
- cf/feature/relay_based_on_MX.m4
- cf/feature/relay_entire_domain.m4
- cf/feature/relay_hosts_only.m4
- cf/feature/relay_local_from.m4
- cf/ostype/qnx.m4
- contrib/doublebounce.pl
- mail.local/Build
- mail.local/Makefile.m4
- mail.local/README
- mailstats/Build
- mailstats/Makefile.m4
- makemap/Build
- makemap/Makefile.m4
- praliases/Build
- praliases/Makefile.m4
- rmail/Build
- rmail/Makefile.m4
- rmail/rmail.0
- smrsh/Build
- smrsh/Makefile.m4
- src/Build
- src/Makefile.m4
- src/snprintf.c
- Deleted Files:
- cf/cf/Makefile (replaced by Makefile.dist)
- mail.local/Makefile
- mail.local/Makefile.dist
- mailstats/Makefile
- mailstats/Makefile.dist
- makemap/Makefile
- makemap/Makefile.dist
- praliases/Makefile
- praliases/Makefile.dist
- rmail/Makefile
- smrsh/Makefile
- smrsh/Makefile.dist
- src/Makefile
- src/Makefiles/Makefile.AIX.4 (split into AIX.4.x and AIX.4.2)
- src/Makefiles/Makefile.SMP_DC.OSx.NILE
- (renamed BuildTools/OS/dcosx.1.x.NILE)
- src/Makefiles/Makefile.Utah (obsolete platform)
- Renamed Files:
- READ_ME => README
- cf/cf/Makefile.dist => Makefile
- cf/cf/obj/* => cf/cf/*
- src/READ_ME => src/README
-
-8.8.8/8.8.8 1997/10/24
- If the check_relay ruleset failed, the relay= field was logged
- incorrectly. Problem noted by Kari Hurtta of the Finnish
- Meteorological Institute.
- If /usr/tmp/dead.letter already existed, sendmail could not
- add additional bounces to it. Problem noted by Thomas J.
- Arseneault of SRI International.
- If an SMTP mailer used a non-standard port number for the outgoing
- connection, it would be displayed incorrectly in verbose mode.
- Problem noted by John Kennedy of Cal State University, Chico.
- Log the ETRN parameter specified by the client before altering them
- to internal form. Suggested by Bob Kupiec of GES-Verio.
- EXPN and VRFY SMTP commands on malformed addresses were logging as
- User unknown with bogus delay= values. Change them to log
- the same as compliant addresses. Problem noted by Kari E.
- Hurtta of the Finnish Meteorological Institute.
- Ignore the debug resolver option unless using sendmail debug trace
- option for resolver. Problem noted by Greg Nichols of Wind
- River Systems.
- If SingleThreadDelivery was enabled and the remote server returned a
- protocol error on the DATA command, the connection would be
- closed but the persistent host status file would not be
- unlocked so other sendmail processes could not deliver to
- that host. Problem noted by Peter Wemm of DIALix.
- If queueing up a message due to an expensive mailer, don't increment
- the number of delivery attempts or set the last delivery
- attempt time so the message will be delivered on the next
- queue run regardless of MinQueueAge. Problem noted by
- Brian J. Coan of the Institute for Global Communications.
- Authentication warnings of "Processed from queue _directory_" and
- "Processed by _username_ with -C _filename_" would be logged
- with the incorrect timestamp. Problem noted by Kari E. Hurtta
- of the Finnish Meteorological Institute.
- Use a better heuristic for detecting GDBM.
- Log null connections on dropped connections. Problem noted by
- Jon Lewis of Florida Digital Turnpike.
- If class dbm maps are rebuilt, sendmail will now detect this and
- reopen the map. Previously, they could give stale
- results during a single message processing (but would
- recover when the next message was received). Fix from
- Joe Pruett of Q7 Enterprises.
- Do not log failures such as "User unknown" on -bv or SMTP VRFY
- requests. Problem noted by Kari E. Hurtta of the
- Finnish Meteorological Institute.
- Do not send a bounce message back to the sender regarding bad
- recipients if the SMTP connection is dropped before the
- message is accepted. Problem noted by Kari E. Hurtta of the
- Finnish Meteorological Institute.
- Use "localhost" instead of "[UNIX: localhost]" when connecting to
- sendmail via a UNIX pipe. This will allow rulesets using
- $&{client_name} to process without sending the string through
- dequote. Problem noted by Alan Barrett of Internet Africa.
- A combination of deferred delivery mode, a double bounce situation,
- and the inability to save a bounce message to
- /var/tmp/dead.letter would cause sendmail to send a bounce
- to postmaster but not remove the offending envelope from the
- queue causing it to create a new bounce message each time the
- queue was run. Problem noted by Brad Doctor of Net Daemons
- Associates.
- Remove newlines from hostname information returned via DNS. There are
- no known security implications of newlines in hostnames as
- sendmail filters newlines in all vital areas; however, this
- could cause confusing error messages.
- Starting with sendmail 8.8.6, mail sent with the '-t' option would be
- rejected if any of the specified addresses were bad. This
- behavior was modified to only reject the bad addresses and not
- the entire message. Problem noted by Jozsef Hollosi of
- SuperNet, Inc.
- Use Timeout.fileopen when delivering mail to a file. Suggested by
- Bryan Costales of InfoBeat, Inc.
- Display the proper Final-Recipient on DSN messages for non-SMTP
- mailers. Problem noted by Kari E. Hurtta of the
- Finnish Meteorological Institute.
- An error in calculating the available space in the list of addresses
- for logging deliveries could cause an address to be silently
- dropped.
- Include the initial user environment if sendmail is restarted via
- a HUP signal. This will give room for the process title.
- Problem noted by Jon Lewis of Florida Digital Turnpike.
- Mail could be delivered without a body if the machine does not
- support flock locking and runs out of processes during
- delivery. Fix from Chuck Lever of the University of Michigan.
- Drop recipient address from 251 and 551 SMTP responses per RFC 821.
- Problem noted by Kari E. Hurtta of the Finnish Meteorological
- Institute.
- Make sure non-rebuildable database maps are opened before the
- rebuildable maps (i.e., alias files) in case the database maps
- are needed for verifying the left hand side of the aliases.
- Problem noted by Lloyd Parkes of Victoria University.
- Make sure sender RFC822 source route addresses are alias expanded for
- bounce messages. Problem noted by Juergen Georgi of
- RUS University of Stuttgart.
- Minor lint fixes.
- Return a temporary error instead of a permanent error if an LDAP map
- search returns an error. This will allow sequenced maps which
- use other LDAP servers to be checked. Fix from Booker Bense
- of Stanford University.
- When automatically converting from quoted printable to 8bit text do
- not pad bare linefeeds with a space. Problem noted by Theo
- Nolte of the University of Technology Aachen, Germany.
- Portability:
- Non-standard C compilers may have had a problem compiling
- conf.c due to a standard C external declaration of
- setproctitle(). Problem noted by Ted Roberts of
- Electronic Data Systems.
- AUX: has a broken O_EXCL implementation. Reported by Jim
- Jagielski of jaguNET Access Services.
- BSD/OS: didn't compile if HASSETUSERCONTEXT was defined.
- Digital UNIX: Digital UNIX (and possibly others) moves
- loader environment variables into the loader memory
- area. If one of these environment variables (such as
- LD_LIBRARY_PATH) was the last environment variable,
- an invalid memory address would be used by the process
- title routine causing memory corruption. Problem
- noted by Sam Hartman of Mesa Internet Systems.
- GNU libc: uses an enum for _PC_CHOWN_RESTRICTED which caused
- chownsafe() to always return 0 even if the OS does
- not permit file giveaways. Problem noted by
- Yasutaka Sumi of The University of Tokyo.
- IRIX6: Syslog buffer size set to 512 bytes. Reported by
- Gerald Rinske of Siemens Business Services VAS.
- Linux: Pad process title with NULLs. Problem noted by
- Jon Lewis of Florida Digital Turnpike.
- SCO OpenServer 5.0: SIOCGIFCONF ioctl call returns an
- incorrect value for the number of interfaces.
- Problem noted by Chris Loelke of JetStream Internet
- Services.
- SINIX: Update for Makefile and syslog buffer size from Gerald
- Rinske of Siemens Business Services VAS.
- Solaris: Make sure HASGETUSERSHELL setting for SunOS is not
- used on a Solaris machine. Problem noted by
- Stephen Ma of Jtec Pty Limited.
- CONFIG: SINIX: Update from Gerald Rinske of Siemens Business
- Services VAS.
- MAKEMAP: Use a better heuristic for detecting GDBM.
- CONTRIB: expn.pl: Updated version from the author, David Muir Sharnoff.
- OP.ME: Document the F=i mailer flag. Problem noted by Per Hedeland of
- Ericsson.
-
-8.8.7/8.8.7 1997/08/03
- If using Berkeley DB on systems without O_EXLOCK (open a file with
- an exclusive lock already set -- i.e., almost all systems
- except 4.4-BSD derived systems), the initial attempt at
- rebuilding aliases file if the database didn't already
- exist would fail. Patch from Raymund Will of LST Software
- GmbH.
- Bogus incoming SMTP commands would reset the SMTP conversation.
- Problem noted by Fredrik Jönsson of the Royal Institute
- of Technology, Stockholm.
- Since TCP Wrappers includes setenv(), unsetenv(), and putenv(),
- some environments could give "multiple definitions" for these
- routines during compilation. If using TCP Wrappers, assume
- that these routines are included as though they were in the
- C library. Patch from Robert La Ferla.
- When a NEWDB database map was rebuilt at the same time it was being
- used by a queue run, the maps could be left locked for the
- duration of the queue run, causing other processes to hang.
- Problem noted by Kendall Libby of Shore.NET.
- In some cases, NoRecipientAction=add-bcc was being ignored, so the
- mail was passed on without any recipient header. This could
- cause problems downstream. Problem noted by Xander Jansen
- of SURFnet ExpertiseCentrum.
- Give error when GDBM is used with sendmail. GDBM's locking and
- linking of the .dir and .pag files interferes with sendmail's
- locking and security checks. Problems noted by Fyodor
- Yarochkin of the Kyrgyz Republic FreeNet.
- Don't fsync qf files if SuperSafe option is not set.
- Avoid extra calls to gethostbyname for addresses for which a
- gethostbyaddr found no value. Also, ignore any returns
- from gethostbyaddr that look like a dotted quad.
- If PTR lookup fails when looking up an SMTP peer, don't tag it as
- "may be forged", since at the network level we pretty much
- have to assume that the information is good.
- In some cases, errors during an SMTP session could leave files
- open or locked.
- Better handling of missing file descriptors (0, 1, 2) on startup.
- Better handling of non-set-user-ID binaries -- avoids certain obnoxious
- errors during testing.
- Errors in file locking of NEWDB maps had the incorrect file name
- printed in the error message.
- If the AllowBogusHELO option were set and an EHLO with a bad or
- missing parameter were issued, the EHLO behaved like a HELO.
- Load limiting never kicked in for incoming SMTP transactions if the
- DeliveryMode=background and any recipient was an alias or
- had a .forward file. From Nik Conwell of Boston University.
- On some non-Posix systems, the decision of whether chown(2) permits
- file giveaway was undefined. From Tetsu Ushijima of the
- Tokyo Institute of Technology.
- Fix race condition that could cause the body of a message to be
- lost (so only the header was delivered). This only occurs
- on systems that do not use flock(2), and only when a queue
- runner runs during a critical section in another message
- delivery. Based on a patch from Steve Schweinhart of
- Results Computing.
- If a qf file was found in a mail queue directory that had a problem
- (wrong ownership, bad format, etc.) and the file name was
- exactly MAXQFNAME bytes long, then instead of being tried
- once, it would be tried on every queue run. Problem noted
- by Bryan Costales of Mercury Mail.
- If the system supports an st_gen field in the status structure,
- include it when reporting that a file has changed after open.
- This adds a new compile flag, HAS_ST_GEN (0/1 option).
- This out to be checked as well as reported, since it is
- theoretically possible for an attacker to remove a file after
- it is opened and replace it with another file that has the
- same i-number, but some filesystems (notably AFS) return
- garbage in this field, and hence always look like the file
- has changed. As a practical matter this is not a security
- problem, since the files can be neither hard nor soft links,
- and on no filesystem (that I am aware of) is it possible to
- have two files on the same filesystem with the same i-number
- simultaneously.
- Delete the root Makefile from the distribution -- it is only for
- use internally, and does not work at customer sites.
- Fix botch that caused the second MAIL FROM: command in a single
- transaction to clear the entire transaction. Problem
- noted by John Kennedy of Cal State University, Chico.
- Work properly on machines that have _PATH_VARTMP defined without
- a trailing slash. (And a pox on vendors that decide to
- ignore the established conventions!) Problem noted by
- Gregory Neil Shapiro of WPI.
- Internal changes to make it easier to add another protocol family
- (intended for IPv6). Patches are from John Kennedy of
- CSU Chico.
- In certain cases, 7->8 bit MIME decoding of Base64 text could leave
- an extra space at the beginning of some lines. Problem
- noted by Charles Karney of Princeton University; fix based
- on a patch from Christophe Wolfhugel.
- Portability:
- Allow _PATH_VENDOR_CF to be set in Makefile for consistency
- with the _Sendmail_ book, 2nd edition. Note that
- the book is actually wrong: _PATH_SENDMAILCF should
- be used instead.
- AIX 3.x: Include <sys/select.h>. Patch from Gene Rackow
- of Argonne National Laboratory.
- OpenBSD from from Paul DuBois of the University of Wisconsin.
- RISC/os 4.0 from Paul DuBois of the University of Wisconsin.
- SunOS: Include <memory.h> to fix warning from util.c. From
- James Aldridge of EUnet Ltd.
- Solaris: Change STDIR (location of status file) to /etc/mail
- in Makefiles.
- Linux, Dynix, UNICOS: Remove -DNDBM and -lgdbm from
- Makefiles. Use NEWDB on Linux instead.
- NCR MP-RAS 3.x with STREAMware TCP/IP: SIOCGIFNUM ioctl
- exists but behaves differently than other OSes.
- Add SIOCGIFNUM_IS_BROKEN compile flag to get
- around the problem. Problem noted by Tom Moore of
- NCR Corp.
- HP-UX 9.x: fix compile warnings for old select API. Problem
- noted by Tom Smith of Digital Equipment Corp.
- UnixWare 2.x: compile warnings on offsetof macro. Problem
- noted by Tom Good of the Community Access Information
- Resource Network
- SCO 4.2: compile problems caused by a change in the type of
- the "length" parameters passed to accept, getpeername,
- getsockname, and getsockopt. Adds new compile flags
- SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. Problem reported
- by Tom Good of St. Vincent's North Richmond Community
- Mental Health Center Residential Services.
- AIX 4: Use size_t for SOCKADDR_SIZE_T and SOCKOPT_SIZE_T.
- Suggested by Brett Hogden of Rochester Gas & Electric
- Corp.
- Linux: avoid compile problem for versions of <setjmp.h> that
- #define both setjmp and longjmp. Problem pointed out
- by J.R. Oldroyd of TerraNet.
- CONFIG: SCO UnixWare 2.1: Support for OSTYPE(sco-uw-2.1)
- from Christopher Durham of SCO.
- CONFIG: NEXTSTEP: define confCW_FILE to
- /etc/sendmail/sendmail.cw to match the usual
- configuration. Patch from Dennis Glatting of
- PlainTalk.
- CONFIG: MAILER(fax) called a program that hasn't existed for a long
- time. Convert to use the HylaFAX 4.0 conventions. Suggested
- by Harry Styron.
- CONFIG: Improve sample anti-spam rulesets in cf/cf/knecht.mc. These
- are the rulesets in use on sendmail.org.
- MAKEMAP: give error on GDBM files.
- MAIL.LOCAL: Make error messages a bit more explicit, for example,
- telling more details on what actually changed when "file
- changed after open".
- CONTRIB: etrn.pl: Ignore comments in Fw files. Support multiple Fw
- files.
- CONTRIB: passwd-to-alias.pl: Handle 8 bit characters and '-'.
- NEW FILES:
- src/Makefiles/Makefile.OpenBSD
- src/Makefiles/Makefile.RISCos.4_0
- test/t_exclopen.c
- cf/ostype/sco-uw-2.1.m4
- DELETED FILES:
- Makefile
-
-8.8.6/8.8.6 1997/06/14
- *************************************************************
- * The extensive assistance of Gregory Neil Shapiro of WPI *
- * in preparing this release is gratefully appreciated. *
- * Sun Microsystems has also provided resources toward *
- * continued sendmail development. *
- *************************************************************
- SECURITY: A few systems allow an open with the O_EXCL|O_CREAT open
- mode bits set to create a file that is a symbolic link that
- points nowhere. This makes it possible to create a root
- owned file in an arbitrary directory by inserting the symlink
- into a writable directory after the initial lstat(2) check
- determined that the file did not exist. The only verified
- example of a system having these odd semantics for O_EXCL
- and symbolic links was HP-UX prior to version 9.07. Most
- systems do not have the problem, since a exclusive create
- of a file disallows symbolic links. Systems that have been
- verified to NOT have the problem include AIX 3.x, *BSD,
- DEC OSF/1, HP-UX 9.07 and higher, Linux, SunOS, Solaris,
- and Ultrix. This is a potential exposure on systems that
- have this bug and which do not have a MAILER-DAEMON alias
- pointing at a legitimate account, since this will cause old
- mail to be dropped in /var/tmp/dead.letter.
- SECURITY: Problems can occur on poorly managed systems, specifically,
- if maps or alias files are in world writable directories.
- If your system has alias maps in writable directories, it
- is potentially possible for an attacker to replace the .db
- (or .dir and .pag) files by symbolic links pointing at
- another database; this can be used either to expose
- information (e.g., by pointing an alias file at /etc/spwd.db
- and probing for accounts), or as a denial-of-service attack
- (by trashing the password database). The fix disallows
- symbolic links entirely when rebuilding alias files or on
- maps that are in writable directories, and always warns on
- writable directories; 8.9 will probably consider writable
- directories to be fatal errors. This does not represent an
- exposure on systems that have alias files in unwritable
- system directories.
- SECURITY: disallow .forward or :include: files that are links (hard
- or soft) if the parent directory (or any directory in the
- path) is writable by anyone other than the owner. This is
- similar to the previous case for user files. This change
- should not affect most systems, but is necessary to prevent
- an attacker who can write the directory from pointing such
- files at other files that are readable only by the owner.
- SECURITY: Tighten safechown rules: many systems will say that they
- have a safe (restricted to root) chown even on files that
- are mounted from another system that allows owners to give
- away files. The new rules are very strict, trusting file
- ownership only in those few cases where the system has
- been verified to be at least as paranoid as necessary.
- However, it is possible to relax the rules to partially
- trust the ownership if the directory path is not world or
- group writable. This might allow someone who has a legitimate
- :include: file (referenced directly from /etc/aliases) to
- become another non-root user if the :include: file is in a
- non-writable directory on an NFS-mounted filesystem where
- the local system says that giveaway is denied but it is
- actually permitted. I believe this to be a very small set
- of cases. If in doubt, do not point :include: aliases at
- NFS-mounted filesystems.
- SECURITY: When setting a numeric group id using the RunAsUser option
- (e.g., "O RunAsUser=10:20", the group id would not be set.
- Implicit group ids (e.g., "O RunAsUser=mailnull") or alpha
- group ids (e.g., "O RunAsUser=mailuser:mailgrp") worked fine.
- The user id was still set properly. Problem noted by Uli
- Pralle of the Technical University of Berlin.
- Save the initial gid set for use when checking for if the
- PrivacyOptions=restrictmailq option is set. Problem reported
- by Wolfgang Ley of DFN-CERT.
- Make 55x reply codes to the SMTP DATA-"." be non-sticky (i.e., a
- failure on one message won't affect future messages to the
- same host).
- IP source route printing had an "off by one" error that would
- affect any options that came after the route option. Patch
- from Theo de Raadt.
- The "Message is too large" error didn't successfully bounce the error
- back to the sender. Problem reported by Stephen More of
- PSI; patch from Gregory Neil Shapiro of WPI.
- Change SMTP status code 553 to map into Extended code 5.1.0 (instead
- of 5.1.3); it apparently gets used in multiple ways.
- Suggested by John Myers of Portola Communications.
- Fix possible extra null byte generated during collection if errors
- occur at the beginning of the stream. Patch contributed by
- Andrey A. Chernov and Gregory Neil Shapiro.
- Code changes to avoid possible reentrant call of malloc/free within
- a signal handler. Problem noted by John Beck of Sun
- Microsystems.
- Move map initialization to be earlier so that check_relay ruleset
- will have the latest version of the map data. Problem noted
- by Paul Forgey of Metainfo; patch from Gregory Neil Shapiro.
- If there are fatal errors during the collection phase (e.g., message
- too large) don't send the bogus message.
- Avoid "cannot open xfAAA00000" messages when sending to aliases that
- have errors and have owner- aliases. Problem noted by Michael
- Barber of MTU; fix from Gregory Neil Shapiro of WPI.
- Avoid null pointer dereference on illegal Boundary= parameters in
- multipart/mixed Content-Type: header. Problem noted by
- Richard Muirden of RMIT University.
- Always print error messages during newaliases (-bi) even if the
- ErrorMode is not set to "print". Fix from Gregory Neil
- Shapiro.
- Test mode could core dump if you did a /map lookup in an optional map
- that could not be opened. Based on a fix from John Beck of
- Sun Microsystems.
- If DNS is misconfigured so that the last MX record tried points to
- a host that does not have an A record, but other MX records
- pointed to something reasonable, don't bounce the message
- with a "host unknown" error. Note that this should really
- be fixed in the zone file for the domain. Problem noted by
- Joe Rhett of Navigist, Inc.
- If a map fails (e.g., DNS times out) on all recipient addresses, mark
- the message as having been tried; otherwise the next queue
- run will not realize that this is a second attempt and will
- retry immediately. Problem noted by Bryan Costales of
- Mercury Mail.
- If the clock is set backwards, and a MinQueueAge is set, no jobs
- will be run until the later setting of the clock is reached.
- "Problem" (I use the term loosely) noted by Eric Hagberg of
- Morgan Stanley.
- If the load average rises above the cutoff threshold (above which
- sendmail will not process the queue at all) during a queue
- run, abort the queue run immediately. Problem noted by
- Bryan Costales of Mercury Mail.
- The variable queue processing algorithm (based on the message size,
- number of recipients, message precedence, and job age) was
- non-functional -- either the entire queue was processed or
- none of the queue was processed. The updated algorithm
- does no queue run if a single recipient zero size job will
- not be run.
- If there is a fatal ("panic") message that will cause sendmail to
- die immediately, never hold the error message for future
- printing.
- Force ErrorMode=print in -bt mode so that all errors are printed
- regardless of the setting of the ErrorMode option in the
- configuration file. Patch from Gregory Neil Shapiro.
- New compile flag HASSTRERROR says that this OS has the strerror(3)
- routine available in one of the libraries. Use it in conf.h.
- The -m (match only) flag now works on host class maps.
- If class hash or btree maps are rebuilt, sendmail will now detect
- this and reopen the map. Previously, they could give
- erroneous results during a single message processing
- (but would recover when the next message was received).
- Don't delete zero length queue files when doing queue runs until the
- files are at least ten minutes old. This avoids a potential
- race condition: the creator creates the qf file, getting back
- a file descriptor. The queue runner locks it and deletes it
- because it is zero length. The creator then writes the
- descriptor that is now for a disconnected file, and the
- job goes away. Based on a suggestion by Bryan Costales.
- When determining the "validated" host name ($_ macro), do a forward
- (A) DNS lookup on the result of the PTR lookup and compare
- results. If they differ or if the PTR lookup fails, tag the
- address as "may be forged".
- Log null connections (i.e., hosts that connect but do not do any
- substantive activity on the connection before disconnecting;
- "substantive" is defined to be MAIL, EXPN, VRFY, or ETRN.
- Always permit "writes" to /dev/null regardless of the link count.
- This is safe because /dev/null is special cased, and no open
- or write is ever actually attempted. Patch from Villy Kruse
- of TwinCom.
- If a message cannot be sent because of a 552 (exceeded storage
- allocation) response to the MAIL FROM:<>, and a SIZE= parameter
- was given, don't return the body in the bounce, since there
- is a very good chance that the message will double-bounce.
- Fix possible line truncation if a quoted-printable had an =00 escape
- in the body. Problem noted by Charles Karney of the Princeton
- Plasma Physics Laboratory.
- Notify flags (e.g., -NSUCCESS) were lost on user+detail addresses.
- Problem noted by Kari Hurtta of the Finnish Meteorological
- Institute.
- The MaxDaemonChildren option wasn't applying to queue runs as
- documented. Note that this increases the potential denial
- of service problems with this option: an attacker can
- connect many times, and thereby lock out queue runs as well
- as incoming connections. If you use this option, you should
- run the "sendmail -bd" and "sendmail -q30m" jobs separately
- to avoid this attack. Failure to limit noted by Matthew
- Dillon of BEST Internet Communications.
- Always give a message in newaliases if alias files cannot be
- opened instead of failing silently. Suggested by Gregory
- Neil Shapiro. This change makes the code match the O'Reilly
- book (2nd edition).
- Some older versions of the resolver could return with h_errno == -1
- if no name server could be reached, causing mail to bounce
- instead of queueing. Treat this like TRY_AGAIN. Fix from
- John Beck of SunSoft.
- If a :include: file is owned by a user that does not have an entry
- in the passwd file, sendmail could dereference a null pointer.
- Problem noted by Satish Mynam of Sun Microsystems.
- Take precautions to make sure that the SMTP protocol cannot get out
- of sync if (for example) an alias file cannot be opened.
- Fix a possible race condition that can cause a SIGALRM to come in
- immediately after a SIGHUP, causing the new sendmail to die.
- Avoid possible hang on SVr3 systems when doing child reaping. Patch
- from Villy Kruse of TwinCom.
- Ignore improperly formatted SMTP reply codes. Previously these were
- partially processed, which could cause confusing error
- returns.
- Fix possible bogus pointer dereference when doing ldapx map lookups
- on some architectures.
- Portability:
- A/UX: from Jim Jagielski of NASA/GSFC.
- glibc: SOCK_STREAM was changed from a #define to an enum,
- thus breaking #ifdef SOCK_STREAM. Only option seems
- to be to assume SOCK_STREAM if __GNU_LIBRARY__ is
- defined. Problem reported by A Sun of the University
- of Washington.
- Solaris: use SIOCGIFNUM to get the number of interfaces on
- the system rather than guessing at compile time.
- Patch contributed by John Beck of Sun Microsystems.
- Intel Paragon: from Wendy Lin of Purdue University.
- GNU Hurd: from Miles Bader of the GNU project.
- RISC/os 4.50 from Harlan Stenn of PFCS Corporation.
- ISC Unix: wait never returns if SIGCLD signals are blocked.
- Unfortunately releasing them opens a race condition,
- but there appears to be no fix for this. Patch from
- Gregory Neil Shapiro.
- BIND 8.1 for IPv6 compatibility from John Kennedy.
- Solaris: a bug in strcasecmp caused characters with the
- high order bit set to apparently randomly match
- letters -- for example, $| (0233) matches "i" and "I".
- Problem noted by John Gregson of the University of
- Cambridge.
- IRIX 6.x: make Makefile.IRIX.6.2 apply to all 6.x. From
- Kari Hurtta.
- IRIX 6.x: Create Makefiles for systems that claim to be
- IRIX64 but are 6.2 or higher (so use the regular
- IRIX Makefile).
- IRIX 6.x: Fix load average computation on 64 bit kernels.
- Problem noted by Eric Hagberg of Morgan Stanley.
- CONFIG: Some canonification was still done for UUCP-like addresses
- even if FEATURE(nocanonify) was set. Problem pointed out by
- Brian Candler.
- CONFIG: In some cases UUCP mailers wouldn't properly recognize all
- local names as local. Problem noted by Jeff Polk of BSDI;
- fix provided by Gregory Neil Shapiro.
- CONFIG: The "local:user" syntax entries in mailertables and other
- "mailer:user" syntax locations returned an incorrect value
- for the $h macro. Problem noted by Gregory Neil Shapiro.
- CONFIG: Retain "+detail" information when forwarding mail to a
- MAIL_HUB, LUSER_RELAY, or LOCAL_RELAY. Patch from Philip
- Guenther of Gustavus Adolphus College.
- CONFIG: Make sure user+detail works for FEATURE(virtusertable);
- rules are the same as for aliasing. Based on a patch from
- Gregory Neil Shapiro.
- CONFIG: Break up parsing rules into several pieces; this should
- have no functional change in this release, but makes it
- possible to have better anti-spam rulesets in the future.
- CONFIG: Disallow double dots in host names to avoid having the
- HostStatusDirectory store status under the wrong name.
- In some cases this can be used as a denial-of-service attack.
- Problem noted by Ron Jarrell of Virginia Tech, patch from
- Gregory Neil Shapiro.
- CONFIG: Don't use F=m (multiple recipients per invocation) for
- MAILER(procmail), but do pass F=Pn9 (include Return-Path:,
- don't include From_, and convert to 8-bit). Suggestions
- from Kimmo Suominen and Roderick Schertler.
- CONFIG: Domains under $=M (specified with MASQUERADE_DOMAIN) were
- being masqueraded as though FEATURE(masquerade_entire_domain)
- was specified, even when it wasn't.
- MAIL.LOCAL: Solaris 2.6 has snprintf. From John Beck of SunSoft.
- MAIL.LOCAL: SECURITY: check to make sure that an attacker doesn't
- "slip in" a symbolic link between the lstat(2) call and the
- exclusive open. This is only a problem on System V derived
- systems that allow an exclusive create on files that are
- symbolic links pointing nowhere.
- MAIL.LOCAL: If the final mailbox close() failed, the user id was
- not reset back to root, which on some systems would cause
- later mailboxes to fail. Also, any partial message would
- not be truncated, which could result in repeated deliveries.
- Problem noted by Bruce Evans via Peter Wemm (FreeBSD
- developers).
- MAKEMAP: Handle cases where O_EXLOCK is #defined to be 0. A similar
- change to the sendmail map code was made in 8.8.3. Problem
- noted by Gregory Neil Shapiro.
- MAKEMAP: Give warnings on file problems such as map files that are
- symbolic links; although makemap is not set-user-ID root, it is
- often run as root and hence has the potential for the same
- sorts of problems as alias rebuilds.
- MAKEMAP: Change compilation so that it will link properly on
- NEXTSTEP.
- CONTRIB: etrn.pl: search for Cw as well as Fw lines in sendmail.cf.
- Accept an optional list of arguments following the server
- name for the ETRN arguments to use (instead of $=w). Other
- miscellaneous bug fixes. From Christian von Roques via
- John Beck of Sun Microsystems.
- CONTRIB: Add passwd-to-alias.pl, contributed by Kari Hurtta. This
- Perl script converts GECOS information in the /etc/passwd
- file into aliases, allowing for faster access to full name
- lookups; it is also clever about adding aliases (to root)
- for system accounts.
- NEW FILES:
- src/safefile.c
- cf/ostype/gnuhurd.m4
- cf/ostype/irix6.m4
- contrib/passwd-to-alias.pl
- src/Makefiles/Makefile.IRIX64.6.1
- src/Makefiles/Makefile.IRIX64.6.x
- RENAMED FILES:
- src/Makefiles/Makefile.IRIX.6.2 => Makefile.IRIX.6.x
- src/Makefiles/Makefile.IRIX64 => Makefile.IRIX64.6.0
-
-8.8.5/8.8.5 1997/01/21
- SECURITY: Clear out group list during startup. Without this, sendmail
- will continue to run with the group permissions of the caller,
- even if RunAsUser is specified.
- SECURITY: Make purgestat (-bH) be root-only. This is not in response
- to any known attack, but it's best to be conservative.
- Suggested by Peter Wemm of DIALix.
- SECURITY: Fix buffer overrun problem in MIME code that has possible
- security implications. Patch from Alex Garthwaite of the
- University of Pennsylvania.
- Use of a -f flag with a phrase attached (e.g., "-f 'Full Name <addr>'")
- would truncate the address after "Full". Although the -f
- syntax is incorrect (since it is in the envelope, it
- shouldn't have comments and full names), the failure mode
- was unnecessarily awful.
- Fix a possible null pointer dereference when converting 8-bit data
- to a 7-bit format. Problem noted by Jim Hutchins of
- Sandia National Labs and David James of British Telecom.
- Clear out stale state that affected F=9 on SMTP mailers in queue
- runs. Although this really shouldn't be used (F=9 is for
- final delivery only, and using it on an SMTP mailer makes
- it possible for a message to be converted from 8->7->8->7
- bits several times), it shouldn't have failed with a syserr.
- Problem noted by Eric Hagberg of Morgan Stanley.
- _Really_ fix the multiple :maildrop code in the user database
- module. Patch from Roy Mongiovi of Georgia Tech.
- Let F lines in the configuration file actually read root-only
- files if the configuration file is safe. Based on a
- patch from Keith Reynolds of SCO.
- ETRN followed by QUIT would hold the connection open until the queue
- run completed. Problem noted by Truck Lewis of TDK
- Semiconductor Corp.
- It turns out that despite the documentation, the TCP wrappers library
- does _not_ log rejected connections. Do the logging ourselves.
- Problem noted by Fletcher Mattox of the University of Texas
- at Austin.
- If sendmail finds a qf file in its queue directory that is an unknown
- version (e.g., when backing out to an old version), the
- error is reported on every queue run. Change it to only
- give the error once (and rename the qf => Qf). Patch from
- William A. Gianopoulos of Raytheon Company.
- Start a new session when doing background delivery; currently it
- ignored signals but didn't start a new signal, that caused
- some problems if a background process tried to send mail
- under certain circumstances. Problem noted by Eric Hagberg
- of Morgan Stanley; fix from Kari Hurtta.
- Simplify test for skipping a queue run to just check if the current
- load average is >= the queueing load average. Previously
- the check factored in some other parameters that caused it
- to essentially never skip the queue run. Patch from Bryan
- Costales.
- If the SMTP server is running in "nullserver" mode (that is, it is
- rejecting all commands), start sleeping after MAXBADCOMMAND
- (25) commands; this helps prevent a bad guy from putting
- you into a tight loop as a denial-of-service attack. Based
- on an e-mail conversation with Brad Knowles of AOL.
- Slow down when too many "light weight" commands have been issued;
- this helps prevent a class of denial-of-service attacks.
- The current values and defaults are:
- MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR
- MAXHELOCOMMANDS 3 HELO, EHLO
- MAXVRFYCOMMANDS 6 VRFY, EXPN
- MAXETRNCOMMANDS 8 ETRN
- These will probably be configurable in a future release.
- On systems that have uid_t typedefed to be an unsigned short, programs
- that had the F=S flag and no U= equate would be invoked with
- the real uid set to 65535 rather than being left unchanged.
- In some cases, NOTIFY=NEVER was not being honored. Problem noted
- by Steve Hubert of the University of Washington, Seattle.
- Mail that was Quoted-Printable encoded and had a soft line break on
- the last line (i.e., an incomplete continuation) had the last
- line dropped. Since this appears to be illegal it isn't
- clear what to do with it, but flushing the last line seems
- to be a better "fail soft" approach. Based on a patch from
- Eric Hagberg.
- If AllowBogusHELO and PrivacyOptions=needmailhelo are both set, a
- bogus HELO command still causes the "Polite people say HELO
- first" error message. Problem pointed out by Chris Thomas
- of UCLA; patch from John Beck of SunSoft.
- Handle "sendmail -bp -qSfoobar" properly if restrictqrun is set
- in PrivacyOptions. The -q shouldn't turn this command off.
- Problem noted by Murray Kucherawy of Pacific Bell Internet;
- based on a patch from Gregory Neil Shapiro of WPI.
- Don't consider SMTP reply codes 452 or 552 (exceeded storage allocation)
- in a DATA transaction to be sticky; these can occur because
- a message is too large, and smaller messages should still go
- through. Problem noted by Matt Dillon of Best Internet
- Communications.
- In some cases bounces were saved in /var/tmp/dead.letter even if they
- had been successfully delivered to the envelope sender.
- Problem noted Eric Hagberg of Morgan Stanley; solution from
- Gregory Neil Shapiro of WPI.
- Give better diagnostics on long alias lines. Based on code contributed
- by Patrick Gosling of the University of Cambridge.
- Increase the number of virtual interfaces that will be probed for
- alternate names. Problem noted by Amy Rich of Shore.Net.
- PORTABILITY:
- UXP/DS V20L10 for Fujitsu DS/90: Makefile patches from
- Toshiaki Nomura of Fujitsu Limited.
- SunOS with LDAP support: compile problems with struct timeval.
- Patch from Nick Cuccia of TCSI Corporation.
- SCO: from Keith Reynolds of SCO.
- Solaris: kstat load average computation wasn't being used.
- Fixes from Michael Ju. Tokarev of Telecom Service, JSC
- (Moscow).
- OpenBSD: from Jason Downs of teeny.org.
- Altos System V: from Tim Rice.
- Solaris 2.5: from Alan Perry of SunSoft.
- Solaris 2.6: from John Beck of SunSoft.
- Harris Nighthawk PowerUX (mh6000 box): from Bob Miorelli
- of Pratt & Whitney <miorelli@pweh.com>.
- CONFIG: It seems that I hadn't gotten the Received: line syntax
- _just_right_ yet. Tweak it again. I'll omit the names
- of the "contributors" (quantity two) in this one case.
- As of now, NO MORE DISCUSSION about the syntax of the
- Received: line.
- CONFIG: Although FEATURE(nullclient) uses EXPOSED_USER (class $=E),
- it never inserts that class into the output file. Fix it
- so it will honor EXPOSED_USER but will _not_ include root
- automatically in this class. Problem noted by Ronan KERYELL
- of Centre de Recherche en Informatique de l'École Nationale
- Supérieure des Mines de Paris (CRI-ENSMP).
- CONFIG: Clean up handling of "local:" syntax in relay specifications
- such as LUSER_RELAY. This change permits the following
- syntaxes: ``local:'' will send to the same user on the
- local machine (e.g., in a mailertable entry for "host",
- ``local:'' will cause an address addressed to user@host to
- go to user on the local machone). ``local:user'' will send
- to the named user on the local machine. ``local:user@host''
- is equivalent to ``local:user'' (the host is ignored). In
- all cases, the original user@host is passed in $@ (i.e., the
- detail information). Inspired by a report from Michael Fuhr.
- CONFIG: Strip quotes from the first word of an "error:" host
- indication. This lets you set (for example) the LUSER_RELAY
- to be ``error:\"5.1.1\" Your Message Here''. Note the use
- of the \" so that the resulting string is properly quoted.
- Problem noted by Gregory Neil Shapiro of WPI.
- OP.ME: documentation was inconsistent about whether sendmail did a
- NOOP or a RSET to probe the connection (it does a RSET).
- Inconsistency noted by Deeran Peethamparam.
- OP.ME: insert additional blank pages so it will print properly on
- a duplex printer. From Matthew Black of Cal State University,
- Long Beach.
-
-8.8.4/8.8.4 1996/12/02
- SECURITY: under some circumstances, an attacker could get additional
- permissions by hard linking to files that were group
- writable by the attacker. The solution is to disallow any
- files that have hard links -- this will affect .forward,
- :include:, and output files. Problem noted by Terry
- Kyriacopoulos of Interlog Internet Services. As a
- workaround, set UnsafeGroupWrites -- always a good idea.
- SECURITY: the TryNullMXList (w) option should not be safe -- if it
- is, it is possible to do a denial-of-service attack on
- MX hosts that rely on the use of the null MX list. There
- is no danger if you have this option turned off (the default).
- Problem noted by Dan Bernstein. Also, make the DontInitGroups
- unsafe. I know of no specific attack against this, although
- a denial-of-service attack is probably possible, but in theory
- you should not be able to safely tweak anything that affects
- the permissions that are used when mail is delivered.
- Purgestat could go into an infinite loop if one of the host status
- directories somehow became empty. Problem noted by Roy
- Mongiovi of Georgia Tech.
- Processes got "lost" when counting children due to a race condition.
- This caused "proc_list_probe: lost pid" messages to be logged.
- Problem noted by several people.
- On systems with System V SIGCLD child signal semantics (notably AIX
- and HP-UX), mail transactions would print the message "451
- SMTP-MAIL: lost child: No child processes". Problem noted
- by several people.
- Miscellaneous compiler warnings on picky compilers (or when setting
- gcc to high warning levels). From Tom Moore of NCR Corp.
- SMTP protocol errors, and most errors on MAIL FROM: lines should
- not be persistent between runs, since they are based on the
- message rather than the host. Problem noted by Matt Dillon
- of Best Internet Communications.
- The F=7 flag was ignored on SMTP mailers. Problem noted by Tom Moore
- of NCR (a.k.a., AT&T Global Information Solutions).
- Avoid the possibility of having a child daemon run to completion
- (including closing the SMTP socket) before the parent has
- had a chance to close the socket; this can cause the parent
- to hang for a long time waiting for the socket to drain.
- Patch from Don Lewis of TDK Semiconductor.
- If the fork() failed in a queue run, the queue runners would not be
- rescheduled (so queue runs would stop). Patch from Don Lewis.
- Some error conditions in ETRN could cause output without an SMTP
- status code. Problem noted by Don Lewis.
- Multiple :maildrop addresses in the user database didn't work properly.
- Patch from Roy Mongiovi of Georgia Tech.
- Add ".db" automatically onto any user database spec that does not
- already have it; this is for consistency with makemap, the
- K line, and the documentation. Inconsistency pointed out
- by Roy Mongiovi.
- Allow sendmail to be properly called in nohup mode. Patch from
- Kyle Jones of UUNET.
- Change ETRN to ignore but still update host status files; previously
- it would ignore them and not save the updated status, which
- caused stale information to be maintained. Based on a patch
- from Christopher Davis of Kapor Enterprises Inc. Also, have
- ETRN ignore the MinQueueAge option.
- Patch long term host status to recover more gracefully from an empty
- host status file condition. Patch from NAKAMURA Motonori
- of Kyoto University.
- Several patches to signal handling code to fix potential race
- conditions from Don Lewis.
- Make it possible to compile with -DDAEMON=0 (previously it had some
- compile errors). This turns DAEMON, QUEUE, and SMTP into
- 0/1 compilation flags. Note that DAEMON is an obsolete
- compile flag; use NETINET instead. Solution based on a
- patch from Bryan Costales.
- PORTABILITY FIXES:
- AIX4: getpwnam() and getpwuid() do a sequential scan of the
- /etc/security/passwd file when called as root. This
- is very slow on some systems. To speed it up, use the
- (undocumented) _getpw{nam,uid}_shadow() routines.
- Patch from Chris Thomas of UCLA/OAC Systems Group.
- SCO 5.x: include -lprot in the Makefile. Patch from Bill
- Glicker of Burrelle's Information Service.
- NEWS-OS 4.x: need a definition for MODE_T to compile. Patch
- from Makoto MATSUSHITA of Osaka University.
- SunOS 4.0.3: compile problems. Patches from Andrew Cole of
- Leeds University and SASABE Tetsuro of the University
- of Tokyo.
- DG/UX 5.4.4.11 from Brian J. Murrell of InterLinx Support
- Services, Inc.
- Domain/OS from Don (Truck) Lewis of TDK Semiconductor Corp.
- I believe this to have only been a problem if you
- compiled with -DUSE_VENDOR_CF_PATH -- another reason
- to stick with /etc/sendmail.cf as your One True Path.
- Digital UNIX (OSF/1 on Alpha) load average computation from
- Martin Laubach of the Technischen Universität Wien.
- CONFIG: change default Received: line to be multiple lines rather
- than one long one. By popular demand.
- MAIL.LOCAL: warnings weren't being logged on some systems. Patch
- from Jerome Berkman of U.C. Berkeley.
- MAKEMAP: be sure to zero hinfo to avoid cruft that can cause runs
- to take a very long time. Problem noted by Yoshiro YONEYA
- of NTT Software Corporation.
- CONTRIB: add etrn.pl, contributed by John Beck.
- NEW FILES:
- contrib/etrn.pl
-
-8.8.3/8.8.3 1996/11/17
- SECURITY: it was possible to get a root shell by lying to sendmail
- about argv[0] and then sending it a signal. Problem noted
- by Leshka Zakharoff <leshka@leshka.chuvashia.su> on the
- best-of-security list.
- Log sendmail binary version number in "Warning: .cf version level
- (%d) exceeds program functionality (%d) message" -- this
- should make it clearer to people that they are running
- the wrong binary.
- Fix a problem that occurs when you open an SMTP connection and then
- do one or more ETRN commands followed by a MAIL command; at
- the end of the DATA phase sendmail would incorrectly report
- "451 SMTP-MAIL: lost child: No child processes". Problem
- noted by Eric Bishop of Virginia Tech.
- When doing text-based host canonification (typically /etc/hosts
- lookup), a null host name would match any /etc/hosts entry
- with space at the end of the line. Problem noted by Steve
- Hubert of the University of Washington, Seattle.
- 7 to 8 bit BASE64 MIME conversions could duplicate bits of text.
- Problem reported by Tom Smith of Digital Equipment Corp.
- Increase the size of the DNS answer buffer -- the standard UDP packet
- size PACKETSZ (512) is not sufficient for some nameserver
- answers containing very many resource records. The resolver
- may also switch to TCP and retry if it detects UDP packet
- overflow. Also, allow for the fact that the resolver
- routines res_query and res_search return the size of the
- *un*truncated answer in case the supplied answer buffer it
- not big enough to accommodate the entire answer. Patch from
- Eric Wassenaar.
- Improvements to MaxDaemonChildren code. If you think you have too
- many children, probe the ones you have to verify that they
- are still around. Suggested by Jared Mauch of CICnet, Inc.
- Also, do this probe before growing the vector of children
- pids; this previously caused the vector to grow indefinitely
- due to a race condition. Problem reported by Kyle Jones of
- UUNET.
- On some architectures, <db.h> (from the Berkeley DB library) defines
- O_EXLOCK to zero; this fools the map compilation code into
- thinking that it can avoid race conditions by locking on open.
- Change it to check for O_EXLOCK non-zero. Problem noted by
- Leif Erlingsson of Data Lege.
- Always call res_init() on startup (if compiled in, of course) to
- allow the sendmail.cf file to tweak resolver flags; without
- it, flag tweaks in ResolverOptions are ignored. Patch from
- Andrew Sun of Merrill Lynch.
- Improvements to host status printing code. Suggested by Steve Hubert
- of the University of Washington, Seattle.
- Change MinQueueAge option processing to do the check for the job age
- when reading the queue file, rather than at the end; this
- avoids parsing the addresses, which can do DNS lookups.
- Problem noted by John Beck of InReference, Inc.
- When MIME was being 7->8 bit decoded, "From " lines weren't being
- properly escaped. Problem noted by Peter Nilsson of the
- University of Linkoping.
- In some cases, sendmail would retain root permissions during queue
- runs even if RunAsUser was set. Problem noted by Mark
- Thomas of Mark G. Thomas Consulting.
- If the F=l flag was set on an SMTP mailer to indicate that it is
- actually local delivery, and NOTIFY=SUCCESS is specified in
- the envelope, and the receiving SMTP server speaks DSN, then
- the DSN would be both generated locally and propagated to the
- other end.
- The U= mailer field didn't correctly extract the group id if the
- user id was numeric. Problem noted by Kenneth Herron of
- MCI Telecommunications Communications.
- If a message exceeded the fixed maximum size on input, the body of
- the message was included in the bounce. Note that this did
- not occur if it exceeded the maximum _output_ size. Problem
- reported by Kyle Jones of UUNET.
- PORTABILITY FIXES:
- AIX4: 4.1 doesn't have a working setreuid(2); change the
- AIX4 defines to use seteuid(2) instead, which
- works on 4.1 as well as 4.2. Problem noted by
- Håkan Lindholm of interAF, Sweden.
- AIX4: use tzname[] vector to determine time zone name.
- Patch from NAKAMURA Motonori of Kyoto University.
- MkLinux: add Makefile.Linux.ppc and OSTYPE(mklinux) support.
- Contributed by Paul DuBois <dubois@primate.wisc.edu>.
- Solaris: kstat(3k) support for retrieving the load average.
- This adds the LA_KSTAT definition for LA_TYPE.
- The outline of the implementation was contributed
- by Michael Tokarev of Telecom Service, JSC, Moscow.
- HP-UX 10.0 gripes about the (perfectly legal!) forward
- declaration of struct rusage at the top of conf.h;
- change it to only be included if you are using gcc,
- which is apparently the only compiler that requires
- it in the first place. Problem noted by Jeff
- Earickson of Colby College.
- IRIX: don't default to using gcc. IRIX is a civilized
- operating system that comes with a decent compiler
- by default. Problem noted by Barry Bouwsma and
- Kari Hurtta.
- CONFIG: specify F=9 as default in FEATURE(local_procmail) for
- consistency with other local mailers. Inconsistency
- pointed out by Teddy Hogeborn <teddy@fukt.hk-r.se>.
- CONFIG: if the "limited best mx" feature is used (to reduce DNS
- overhead) as part of the bestmx_is_local feature, the
- domain part was dropped from the name. Patch from Steve
- Hubert of the University of Washington, Seattle.
- CONFIG: catch addresses of the form "user@.dom.ain"; these could
- end up being translated to the null host name, which would
- return any entry in /etc/hosts that had a space at the end
- of the line. Problem noted by Steve Hubert of the
- University of Washington, Seattle.
- CONFIG: add OSTYPE(aix4). From Michael Sofka of Rensselaer
- Polytechnic Institute.
- MAKEMAP: tweak hash and btree parameters for better performance.
- Patch from Matt Dillon of Best Internet Communications.
- NEW FILES:
- src/Makefiles/Makefile.Linux.ppc
- cf/ostype/aix4.m4
- cf/ostype/mklinux.m4
-
-8.8.2/8.8.2 1996/10/18
- SECURITY: fix a botch in the 7-bit MIME patch; the previous patch
- changed the code but didn't fix the problem.
- PORTABILITY FIXES:
- Solaris: Don't use the system getusershell(3); it can
- apparently corrupt the heap in some circumstances.
- Problem found by Ken Pizzini of Spry, Inc.
- OP.ME: document several mailer flags that were accidentally omitted
- from this document. These flags were F=d, F=j, F=R, and F=9.
- CONFIG: no changes.
-
-8.8.1/8.8.1 1996/10/17
- SECURITY: unset all environment variables that the resolver will
- examine during queue runs and daemon mode. Problem noted
- by Dan Bernstein of the University of Illinois at Chicago.
- SECURITY: in some cases an illegal 7-bit MIME-encoded text/plain
- message could overflow a buffer if it was converted back
- to 8 bits. This caused core dumps and has the potential
- for a remote attack. Problem first noted by Gregory Shapiro
- of WPI.
- Avoid duplicate deliveries of error messages on systems that don't
- have flock(2) support. Patch from Motonori Nakamura of
- Kyoto University.
- Ignore null FallBackMX (V) options. If this option is null (as
- opposed to undefined) it can cause "null signature" syserrs
- on illegal host names.
- If a Base64 encoded text/plain message has no trailing newline in
- the encoded text, conversion back to 8 bits will drop the
- final line. Problem noted by Pierre David.
- If running with a RunAsUser, sendmail would give bogus "cannot
- setuid" (or seteuid, or setreuid) messages on some systems.
- Problem pointed out by Jordan Mendelson of Web Services, Inc.
- Always print error messages in -bv mode -- previously, -bv would
- be absolutely silent on errors if the error mode was sent
- to (say) mail-back. Problem noted by Kyle Jones of UUNET.
- If -qI/R/S is set (or the ETRN command is used), ignore all long
- term host status. This is necessary because it is common
- to do this when you know a host has just come back up.
- Disallow duplicate HELO/EHLO commands as required by RFC 1651 section
- 4.2. Excessive permissiveness noted by Lee Flight of the
- University of Leicester.
- If a service (such as NIS) is specified as the last entry in the
- service switch, but that service is not compiled in, sendmail
- would return a temporary failure when an entry was not found
- in the map. This caused the message to be queued instead of
- bouncing immediately. Problem noted by Harry Edmon of the
- University of Washington.
- PORTABILITY FIXES:
- Solaris 2.3 had compilation problems in conf.c. Several
- people pointed this out.
- NetBSD from Charles Hannum of MIT.
- AIX4 improvements based on info from Steve Bauer of South
- Dakota School of Mines & Technology.
- CONFIG: ``error:code message'' syntax was broken in virtusertable.
- Patch from Gil Kloepfer Jr.
- CONFIG: if FEATURE(nocanonify) was specified, hosts in $=M (set
- using MASQUERADE_DOMAIN) were not masqueraded unless they
- were also in $=w. Problem noted by Zoltan Basti of
- Softec.
- MAIL.LOCAL: patches to compile and link cleanly on AIX. Based
- on a patch from Eric Hagberg of Morgan Stanley.
- MAIL.LOCAL: patches to compile on NEXTSTEP. From Patrick Nolan
- of Stanford via Robert La Ferla.
-
-8.8.0/8.8.0 1996/09/26
- Under some circumstances, Bcc: headers would not be properly
- deleted. Pointed out by Jonathan Kamens of OpenVision.
- Log a warning if the sendmail daemon is invoked without a full
- pathname, which prevents "kill -1" from working. I was
- urged to put this in by Andrey A. Chernov of DEMOS (Russia).
- Fix small buffer overflow. Since the data in this buffer was not
- read externally, there was no security problem (and in fact
- probably wouldn't really overflow on most compilers). Pointed
- out by KIZU takashi of Osaka University.
- Fix problem causing domain literals such as [1.2.3.4] to be ignored
- if a FallbackMXHost was specified in the configuration file
- -- all mail would be sent to the fallback even if the original
- host was accessible. Pointed out by Munenari Hirayama of
- NSC (Japan).
- A message that didn't terminate with a newline would (sometimes) not
- have the trailing "." added properly in the SMTP dialogue,
- causing SMTP to hang. Patch from Per Hedeland of Ericsson.
- The DaemonPortOptions suboption to bind to a particular address was
- incorrect and nonfunctional due to a misunderstanding of the
- semantics of binding on a passive socket. Patch from
- NIIBE Yutaka of Mitsubishi Research Institute.
- Increase the number of MX hosts for a single name to 100 to better
- handle the truly huge service providers such as AOL, which
- has 13 at the moment (and climbing). In order to avoid
- trashing memory, the buffer for all names has only been
- slightly increased in size, to 12.8K from 10.2K -- this means
- that if a single name had 100 MX records, the average size
- of those records could not exceed 128 bytes. Requested by
- Brad Knowles of America On Line.
- Restore use of IDENT returns where the OSTYPE field equals "OTHER".
- Urged by Dan Bernstein of U.C. Berkeley.
- Print q_statdate and q_specificity in address structure debugging
- printout.
- Expand MCI structure flag bits for debugging output.
- Support IPv6-style domain literals, which can have colons between
- square braces.
- Log open file descriptors for the "cannot dup" messages in deliver();
- this is an attempt to track down a bug that one person seems
- to be having (it may be a Solaris bug!).
- DSN NOTIFY parameters were not properly propagated across queue runs;
- this caused the NOTIFY info to sometimes be lost. Problem
- pointed out by Claus Assmann of the
- Christian-Albrechts-University of Kiel.
- The statistics gathered in the sendmail.st file were too high; in
- some cases failures (e.g., user unknown or temporary failure)
- would count as a delivery as far as the statistics were
- concerned. Problem noted by Tom Moore of AT&T GIS.
- Systems that don't have flock() would not send split envelopes in
- the initial run. Problem pointed out by Leonard Zubkoff of
- Dandelion Digital.
- Move buffer overflow checking -- these primarily involve distrusting
- results that may come from NIS and DNS.
- 4.4-BSD-derived systems, including FreeBSD, NetBSD, and BSD/OS didn't
- include <paths.h> and hence had the wrong pathnames for a few
- things like /var/tmp. Reported by Matthew Green.
- Conditions were reversed for the Priority: header, resulting in all
- values being interpreted as non-urgent except for non-urgent,
- which was interpreted as normal. Patch from Bryan Costales.
- The -o (optional) flag was being ignored on hash and btree maps
- since 8.7.2. Fix from Bryan Costales.
- Content-Types listed in class "q" will always be encoded as
- Quoted-Printable (or more accurately, will never be encoded
- as base64). The class can have primary types (e.g., "text")
- or full types (e.g., "text/plain"). Based on a suggestion by
- Marius Olafsson of the University of Iceland.
- Define ${envid} to be the original envelope id (from the ESMTP DSN
- dialogue) so it can be passed to programs in mailers.
- Define ${bodytype} to be the body type (from the -B flag or the
- BODY= ESMTP parameter) so it can be passed to programs in
- mailers.
- Cause the VRFY command to return 252 instead of 250 unless the F=q
- flag is set in the mailer descriptor. Suggested by John
- Myers of CMU.
- Implement ESMTP ETRN command to flush the queue for a specific host.
- The command takes a host name; data for that host is
- immediately (and asynchronously) flushed. Because this shares
- the -qR implementation, other hosts may be attempted, but
- there should be no security implications. Implementation
- from John Beck of InReference, Inc. See RFC 1985 for details.
- Add three new command line flags to pass in DSN parameters: -V envid
- (equivalent to ENVID=envid on the MAIL command), -R ret
- (equivalent to RET=ret on the MAIL command), and -Nnotify
- (equivalent to NOTIFY=notify on the RCPT command). Note
- that the -N flag applies to all recipients; there is no way
- to specify per-address notifications on the command line,
- nor is there an equivalent for the ORCPT= per-address
- parameter.
- Restore LogLevel option to be safe (it can only be increased);
- apparently I went into paranoid mode between 8.6 and 8.7
- and made it unsafe. Pointed out by Dabe Murphy of the
- University of Maryland.
- New logging on log level 15: all SMTP traffic. Patches from
- Andrew Gross of San Diego Supercomputer Center.
- NetInfo property value searching code wasn't stopping when it found
- a match. This was causing the wrong values to be found (and
- had a memory leak). Found by Bastian Schleuter of TU-Berlin.
- Add new F=0 (zero) mailer flag to turn off MX lookups. It was pointed
- out by Bill Wisner of Electronics for Imaging that you can't
- use the bracket address form for the MAIL_HUB macro, since
- that causes the brackets to remain in the envelope recipient
- address used for delivery. The simple fix (stripping off the
- brackets in the config file) breaks the use of IP literal
- addresses. This flag will solve that problem.
- Add MustQuoteChars option. This is a list of characters that must
- be quoted if they are found in the phrase part of an address
- (that is, the full name part). The characters @,;:\()[] are
- always in this list and cannot be removed. The default is
- this list plus . and ' to match RFC 822.
- Add AllowBogusHELO option; if set, sendmail will allow HELO commands
- that do not include a host name for back compatibility with
- some stupid SMTP clients. Setting this violates RFC 1123
- section 5.2.5.
- Add MaxDaemonChildren option; if this is set, sendmail will start
- rejecting connections if it has more than this many
- outstanding children accepting mail. Note that you may
- see more processes than this because of outgoing mail; this
- is for incoming connections only.
- Add ConnectionRateThrottle option. If set to a positive value, the
- number of incoming SMTP connections that will be permitted
- in a single second is limited to this number. Connections are
- not refused during this time, just deferred. The intent is to
- flatten out demand so that load average limiting can kick in.
- It is less radical than MaxDaemonChildren, which will stop
- accepting connections even if all the connections are idle
- (e.g., due to connection caching).
- Add Timeout.hoststatus option. This interval (defaulting to 30m)
- specifies how long cached information about the state of a
- host will be kept before they are considered stale and the
- host is retried. If you are using persistent host status
- (i.e., the HostStatusDirectory option is set) this will apply
- between runs; otherwise, it applies only within a single queue
- run and hence is useful only for hosts that have large queues
- that take a very long time to run.
- Add SingleLineFromHeader option. If set, From: headers are coerced
- into being a single line even if they had newlines in them
- when read. This is to get around a botch in Lotus Notes.
- Text class maps were totally broken -- if you ever retrieved the last
- item in a table it would be truncated. Problem noted by
- Gregory Neil Shapiro of WPI.
- Extend the lines printed by the mailq command (== the -bp flag) when
- -v is given to 120 characters; this allows more information
- to be displayed. Suggested by Gregory Neil Shapiro of WPI.
- Allow macro definitions (`D' lines) with unquoted commas; previously
- this was treated as end-of-input. Problem noted by Bryan
- Costales.
- The RET= envelope parameter (used for DSNs) wasn't properly written
- to the queue file. Fix from John Hughes of Atlantic
- Technologies, Inc.
- Close /var/tmp/dead.letter after a successful write -- otherwise
- if this happens in a queue run it can cause nasty delays.
- Problem noted by Mark Horton of AT&T.
- If userdb entries pointed to userdb entries, and there were multiple
- values for a given key, the database cursor would get
- trashed by the recursive call. Problem noted by Roy Mongiovi
- of Georgia Tech. Fixed by reading all the values and creating
- a comma-separated list; thus, the -v output will be somewhat
- different for this case.
- Fix buffer allocation problem with Hesiod-based userdb maps when
- HES_GETMAILHOST is defined. Based on a patch by Betty Lee
- of Stanford University.
- When envelopes were split due to aliases with owner- aliases, and
- there was some error on one of the lists, more than one of
- the owners would get the message. Problem pointed out by
- Roy Mongiovi of Georgia Tech.
- Detect excessive recursion in macro expansions, e.g., $X defined
- in terms of $Y which is defined in terms of $X. Problem
- noted by Bryan Costales; patch from Eric Wassenaar.
- When using F=U to get "ugly UUCP" From_ lines, a buffer could in
- some cases get trashed causing bogus From_ lines. Fix from
- Kyle Jones of UUNET.
- When doing load average initialization, if the nlist call for avenrun
- failed, the second and subsequent lookups wouldn't notice
- that fact causing bogus load averages to be returned. Noted
- by Casper Dik of Sun Holland.
- Fix problem with incompatibility with some versions of inet_aton that
- have changed the return value to unsigned, so a check for an
- error return of -1 doesn't work. Use INADDR_NONE instead.
- This could cause mail to addresses such as [foo.com] to bounce
- or get dropped. Problem noted by Christophe Wolfhugel of the
- Pasteur Institute.
- DSNs were inconsistent if a failure occurred during the DATA phase
- rather than the RCPT phase: the Action: would be correct, but
- the detailed status information would be wrong. Problem noted
- by Bob Snyder of General Electric Company.
- Add -U command line flag and the XUSR ESMTP extension, both indicating
- that this is the initial MUA->MTA submission. The flag current
- does nothing, but in future releases (when MUAs start using
- these flags) it will probably turn on things like DNS
- canonification.
- Default end-of-line string (E= specification on mailer [M] lines)
- to \r\n on SMTP mailers. Default remains \n on non-SMTP
- mailers.
- Change the internal definition for the *file* and *include* mailers
- to have $u in the argument vectors so that they aren't
- misinterpreted as SMTP mailers and thus use \r\n line
- termination. This will affect anyone who has redefined
- either of these in their configuration file.
- Don't assume that IDENT servers close the connection after a query;
- responses can be newline terminated. From Terry Kennedy of
- St. Peter's College.
- Avoid core dumps on erroneous configuration files that have
- $#mailer with nothing following. From Bryan Costales.
- Avoid null pointer dereference with high debug values in unlockqueue.
- Fix from Randy Martin of Clemson University.
- Fix possible buffer overrun when expanding very large macros. Fix
- from Kyle Jones of UUNET.
- After 25 EXPN or VRFY commands, start pausing for a second before
- processing each one. This avoids a certain form of denial
- of service attack. Potential attack pointed out by Bryan
- Costales.
- Allow new named (not numbered!) config file rules to do validity
- checking on SMTP arguments: check_mail for MAIL commands and
- check_rcpt for RCPT commands. These rulesets can do anything
- they want; their result is ignored unless they resolve to the
- $#error mailer, in which case the indicated message is printed
- and the command is rejected. Similarly, the check_compat
- ruleset is called before delivery with "from_addr $| to_addr"
- (the $| is a meta-symbol used to separate the two addresses);
- it can give a "this sender can't send to this recipient"
- notification. Note that this patch allows $| to stand alone
- in rulesets.
- Define new macros ${client_name}, ${client_addr}, and ${client_port}
- that have the name, IP address, and port number (respectively)
- of the SMTP client (that is, the entity at the other end of
- the connection. These can be used in (e.g.) check_rcpt to
- verify that someone isn't trying to relay mail through your
- host inappropriately. Be sure to use the deferred evaluation
- form, for example $&{client_name}, to avoid having these bound
- when sendmail reads the configuration file.
- Add new config file rule check_relay to check the incoming connection
- information. Like check_compat, it is passed the host name
- and host address separated by $| and can reject connections
- on that basis.
- Allow IDA-style recursive function calls. Code contributed by Mark
- Lovell and Paul Vixie.
- Eliminate the "No ! in UUCP From address!" message" -- instead, create
- a virtual UUCP address using either a domain address or the $k
- macro. Based on code contributed by Mark Lovell and Paul
- Vixie.
- Add Stanford LDAP map. Requires special libraries that are not
- included with sendmail. Contributed by Booker C. Bense
- <bbense@networking.stanford.edu>; contact him for support.
- See also the src/READ_ME file.
- Allow -dANSI to turn on ANSI escape sequences in debug output; this
- puts metasymbols (e.g., $+) in reverse video. Really useful
- only for debugging deep bits of code where it is important to
- distinguish between the single-character metasymbol $+ and the
- two characters $, +.
- Changed ruleset 89 (executed in dumpstate()) to a named ruleset,
- debug_dumpstate.
- Add new UnsafeGroupWrites option; if set, .forward and :include:
- files that are group writable are considered "unsafe" -- that
- is, programs and files referenced from such files are not
- valid recipients.
- Delete bogosity test for FallBackMX host; this prevented it to be a
- name that was not in DNS or was a domain-literal. Problem
- noted by Tom May.
- Change the introduction to error messages to more clearly delineate
- permanent from temporary failures; if both existed in a
- single message it could be confusing. Suggested by John
- Beck of InReference, Inc.
- The IngoreDot (i) option didn't work for lines that were terminated
- with CRLF. Problem noted by Ted Stockwell of Secure
- Computing Corporation.
- Add a heuristic to improve the handling of unbalanced `<' signs in
- message headers. Problem reported by Matt Dillon of Best
- Internet Communications.
- Check for bogus characters in the 0200-0237 range; since these are
- used internally, very strange errors can occur if those
- characters appear in headers. Problem noted by Anders Gertz
- of Lysator.
- Implement 7 -> 8 bit MIME conversions. This only takes place if the
- recipient mailer has the F=9 flag set, and only works on
- text/plain body types. Code contributed by Marius Olafsson
- of the University of Iceland.
- Special case "postmaster" name so that it is always treated as lower
- case in alias files regardless of configuration settings;
- this prevents some potential problems where "Postmaster" or
- "POSTMASTER" might not match "postmaster". In most cases
- this change is a no-op.
- The -o map flag was ignored for text maps. Problem noted by Bryan
- Costales.
- The -a map flag was ignored for dequote maps. Problem noted by
- Bryan Costales.
- Fix core dump when a lookup of a class "prog" map returns no
- response. Patch from Bryan Costales.
- Log instances where sendmail is deferring or rejecting connections
- on LogLevel 14. Suggested by Kyle Jones of UUNET.
- Include port number in process title for network daemons. Suggested
- by Kyle Jones of UUNET.
- Send ``double bounces'' (errors that occur when sending an error
- message) to the address indicated in the DoubleBounceAddress
- option (default: postmaster). Previously they were always
- sent to postmaster. Suggested by Kyle Jones of UUNET.
- Add new mode, -bD, that acts like -bd in all respects except that
- it runs in foreground. This is useful for using with a
- wrapper that "watches" system services. Suggested by Kyle
- Jones of UUNET.
- Fix botch in spacing around (parenthesized) comments in addresses
- when the comment comes before the address. Patch from
- Motonori Nakamura of Kyoto University.
- Use the prefix "Postmaster notify" on the Subject: lines of messages
- that are being bounced to postmaster, rather than "Returned
- mail". This permits the person who is postmaster more
- easily determine what messages are to their role as
- postmaster versus bounces to mail they actually sent. Based
- on a suggestion by Motonori Nakamura.
- Add new value "time" for QueueSortOrder option; this causes the queue
- to be sorted strictly by the time of submission. Note that
- this can cause very bad behavior over slow lines (because
- large jobs will tend to delay small jobs) and on nodes with
- heavy traffic (because old things in the queue for hosts that
- are down delay processing of new jobs). Also, this does not
- guarantee that jobs will be delivered in submission order
- unless you also set DeliveryMode=queue. In general, it should
- probably only be used on the command line, and only in
- conjunction with -qRhost.domain. In fact, there are very few
- cases where it should be used at all. Based on an
- implementation by Motonori Nakamura.
- If a map lookup in ruleset 5 returns tempfail, queue the message in
- the same manner as other rulesets. Previously a temporary
- failure in ruleset 5 was ignored. Patch from Booker Bense
- of Stanford University.
- Don't proceed to the next MX host if an SMTP MAIL command returns a
- 5yz (permanent failure) code. The next MX host will still be
- tried if the connection cannot be opened in the first place
- or if the MAIL command returns a 4yz (temporary failure) code.
- (It's hard to know what to do here, since neither RFC 974 nor
- RFC 1123 specify when to proceed to the next MX host.)
- Suggested by Jonathan Kamens of OpenVision, Inc.
- Add new "-t" flag for map definitions (the "K" line in the .cf file).
- This causes map lookups that get a temporary failure (e.g.,
- name server failure) to _not_ defer the delivery of the
- message. This should only be used if your configuration file
- is prepared to do something sensible in this case. Based on
- an idea by Gregory Shapiro of WPI.
- Fix problem finding network interface addresses. Patch from
- Motonori Nakamura.
- Don't reject qf entries that are not owned by your effective uid if
- you are not running set-user-ID; this makes management of
- certain kinds of firewall setups difficult. Patch
- suggested by Eamonn Coleman of Qualcomm.
- Add persistent host status. This keeps the information normally
- maintained within a single queue run in disk files that are
- shared between sendmail instances. The HostStatusDirectory
- is the directory in which the information is maintained. If
- not set, persistent host status is turned off. If not a full
- pathname, it is relative to the queue directory. A common
- value is ".hoststat".
- There are also two new operation modes:
- * -bh prints the status of hosts that have had recent
- connections.
- * -bH purges the host statuses. No attempt is made to save
- recent status information.
- This feature was originally written by Paul Vixie of Vixie
- Enterprises for KJS and adapted for V8 by Mark Lovell of
- Bigrock Consulting. Paul's funding of Mark and Mark's patience
- with my insistence that things fit cleanly into the V8
- framework is gratefully appreciated.
- New SingleThreadDelivery option (requires HostStatusDirectory to
- operate). Avoids letting two sendmails on the local machine
- open connections to the same remote host at the same time.
- This reduces load on the other machine, but can cause mail to
- be delayed (for example, if one sendmail is delivering a huge
- message, other sendmails won't be able to send even small
- messages). Also, it requires another file descriptor (for the
- lock file) per connection, so you may have to reduce
- ConnectionCacheSize to avoid running out of per-process
- file descriptors. Based on the persistent host status code
- contributed by Paul Vixie and Mark Lovell.
- Allow sending to non-simple files (e.g., /dev/null) even if the
- SafeFileEnvironment option is set. Problem noted by Bryan
- Costales.
- The -qR flag mistakenly matched flags in the "R" line of the queue
- file. Problem noted by Bryan Costales.
- If a job was aborted using the interrupt signal (e.g., control-C from
- the keyboard), on some occasions an empty df file would be
- left around; these would collect in the queue directory.
- Problem noted by Bryan Costales.
- Change the makesendmail script to enhance the search for Makefiles
- based on release number. For example, on SunOS 5.5.1, it will
- search for Makefile.SunOS.5.5.1, Makefile.SunOS.5.5, and then
- Makefile.SunOS.5.x (in addition to the other rules, e.g.,
- adding $arch). Problem noted by Jason Mastaler of Atlanta
- Webmasters.
- When creating maps using "newaliases", always map the keys to lower
- case when creating the map unless the -f flag is specified on
- the map itself. Previously this was done based on the F=u
- flag in the local mailer, which meant you could create aliases
- that you could never access. Problem noted by Bob Wu of DEC.
- When a job was read from the queue, the bits causing notification on
- failure or delay were always set. This caused those
- notifications to be sent even if NOTIFY=NEVER had been
- specified. Problem noted by Steve Hubert of the University
- of Washington, Seattle.
- Add new configurable routine validate_connection (in conf.c). This
- lets you decide if you are willing to accept traffic from
- this host. If it returns FALSE, all SMTP commands will return
- "550 Access denied". -DTCPWRAPPERS will include support for
- TCP wrappers; you will need to add -lwrap to the link line.
- (See src/READ_ME for details.)
- Don't include the "THIS IS A WARNING MESSAGE ONLY" banner on postmaster
- bounces. Some people seemed to think that this could be
- confusing (even though it is true). Suggested by Motonori
- Nakamura.
- Add new RunAsUser option; this causes sendmail to do a setuid to that
- user early in processing to avoid potential security problems.
- However, this means that all .forward and :include: files must
- be readable by that user, and all files to be written must be
- writable by that user and all programs will be executed by that
- user. It is also incompatible with the SafeFileEnvironment
- option. In other words, it may not actually add much to
- security. However, it should be useful on firewalls and other
- places where users don't have accounts and the aliases file is
- well constrained.
- Add Timeout.iconnect. This is like Timeout.connect except it is used
- only on the first attempt to delivery to an address. It could
- be set to be lower than Timeout.connect on the principle that
- the mail should go through quickly to responsive hosts; less
- responsive hosts get to wait for the next queue run.
- Fix a problem on Solaris that occasionally causes programs
- (such as vacation) to hang with their standard input connected
- to a UDP port. It also created some signal handling problems.
- The problems turned out to be an interaction between vfork(2)
- and some of the libraries, particularly NIS/NIS+. I am
- indebted to Tor Egge <tegge@idt.ntnu.no> for this fix.
- Change user class map to do the same matching that actual delivery
- will do instead of just a /etc/passwd lookup. This adds
- fuzzy matching to the user map. Patch from Dan Oscarsson.
- The Timeout.* options are not safe -- they can be used to create a
- denial-of-service attack. Problem noted by Christophe
- Wolfhugel.
- Don't send PostmasterCopy messages in the event of a "delayed"
- notification. Suggested by Barry Bouwsma.
- Don't advertise "VERB" ESMTP extension if the "noexpn" privacy
- option is set, since this disables VERB mode. Suggested
- by John Hawkinson of MIT.
- Complain if the QueueDirectory (Q) option is not set. Problem noted
- by Motonori Nakamura of Kyoto University.
- Only queue messages on transient .forward open failures if there
- were no successful opens. The previous behavior caused it
- to queue even if a "fall back" .forward was found. Problem
- noted by Ann-Kian Yeo of the Dept. of Information Systems
- and Computer Science (DISCS), NUS, Singapore.
- Don't do 8->7 bit conversions when bouncing a MIME message that
- is bouncing because of a MIME error during 8->7 bit conversion;
- the encapsulated message will bounce again, causing a loop.
- Problem noted by Steve Hubert of the University of Washington.
- Create xf (transcript) files using the TempFileMode option value
- instead of 0644. Suggested by Ann-Kian Yeo of the
- National University of Singapore.
- Print errors if setgid/setuid/etc. fail during delivery. This helps
- detect cases where DefaultUid is set to something that the
- system can't cope with.
- PORTABILITY FIXES:
- Support for AIX/RS 2.2.1 from Mark Whetzel of Western
- Atlas International.
- Patches for Intel Paragon OSF/1 1.3 from Leo Bicknell
- <bicknell@ufp.org>.
- On DEC OSF/1 3.2 and earlier, the MatchGECOS code would only
- work on the first recipient of a message due to a
- bug in the getpwent family. If this is something you
- use, you can define DEC_OSF_BROKEN_GETPWENT=1 for a
- workaround. From Maximum Entropy of Sanford C.
- Bernstein and Associates.
- FreeBSD 1.1.5.1 uname -r returns a string containing
- parentheses, which breaks makesendmail. Reported
- by Piero Serini <piero@strider.ibenet.it>.
- Sequent DYNIX/ptx 4.0.2 patches from Jack Woolley of
- Systems and Computer Technology Corporation.
- Solaris 2.x: omit the UUCP grade parameter (-g flag) because
- it is system-dependent. Problem noted by J.J. Bailey
- of Bailey Computer Consulting.
- Pyramid NILE running DC/OSx support from Earle F. Ake of
- Hassler Communication Systems Technology, Inc.
- HP-UX 10.x compile glitches, reported by Anne Brink of the
- U.S. Army and James Byrne of Harte & Lyne Limited.
- NetBSD from Matthew Green of the NetBSD crew.
- SCO 5.x from Keith Reynolds of SCO.
- IRIX 6.2 from Robert Tarrall of the University of
- Colorado and Kari Hurtta of the Finnish Meteorological
- Institute.
- UXP/DS (Fujitsu/ICL DS/90 series) support from Diego R.
- Lopez, CICA (Seville).
- NCR SVR4 MP-RAS 3.x support from Tom Moore of NCR.
- PTX 3.2.0 from Kenneth Stailey of the US Department of Labor
- Employment Standards Administration.
- Altos System V (5.3.1) from Tim Rice of Multitalents.
- Concurrent Systems Corporation Maxion from Donald R. Laster
- Jr.
- NetInfo maps (improved debugging and multi-valued aliases)
- from Adrian Steinmann of Steinmann Consulting.
- ConvexOS 11.5 (including SecureWare C2 and the Share Scheduler)
- from Eric Schnoebelen of Convex.
- Linux 2.0 mail.local patches from Horst von Brand.
- NEXTSTEP 3.x compilation from Robert La Ferla.
- NEXTSTEP 3.x code changes from Allan J. Nathanson of NeXT.
- Solaris 2.5 configuration fixes for mail.local by Jim Davis
- of the University of Arizona.
- Solaris 2.5 has a working setreuid. Noted by David Linn of
- Vanderbilt University.
- Solaris changes for praliases, makemap, mailstats, and smrsh.
- Previously you had to add -DSOLARIS in Makefile.dist;
- this auto-detects. Based on a patch from Randall
- Winchester of the University of Maryland.
- CONFIG: add generic-nextstep3.3.mc file. Contributed by
- Robert La Ferla of Hot Software.
- CONFIG: allow mailertables to resolve to ``error:code message''
- (where "code" is an exit status) on domains (previously
- worked only on hosts). Patch from Cor Bosman of Xs4all
- Foundation.
- CONFIG: hooks for IPv6-style domain literals.
- CONFIG: predefine ALIAS_FILE and change the prototype file so that
- if it is undefined the AliasFile option is never set; this
- should be transparent for most everyone. Suggested by John
- Myers of CMU.
- CONFIG: add FEATURE(limited_masquerade). Without this feature, any
- domain listed in $=w is masqueraded. With it, only those
- domains listed in a MASQUERADE_DOMAIN macro are masqueraded.
- CONFIG: add FEATURE(masquerade_entire_domain). This causes
- masquerading specified by MASQUERADE_DOMAIN to apply to all
- hosts under those domains as well as the domain headers
- themselves. For example, if a configuration had
- MASQUERADE_DOMAIN(foo.com), then without this feature only
- foo.com would be masqueraded; with it, *.foo.com would be
- masqueraded as well. Based on an implementation by Richard
- (Pug) Bainter of U. Texas.
- CONFIG: add FEATURE(genericstable) to do a more general rewriting of
- outgoing addresses. Defaults to ``hash -o /etc/genericstable''.
- Keys are user names; values are outgoing mail addresses. Yes,
- this does overlap with the user database, and figuring out
- just when to use which one may be tricky. Based on code
- contributed by Richard (Pug) Bainter of U. Texas with updates
- from Per Hedeland of Ericsson.
- CONFIG: add FEATURE(virtusertable) to do generalized rewriting of
- incoming addresses. Defaults to ``hash -o /etc/virtusertable''.
- Keys are either fully qualified addresses or just the host
- part (with the @ sign). For example, a table containing:
- info@foo.com foo-info
- info@bar.com bar-info
- @baz.org jane@elsewhere.net
- would send all mail destined for info@foo.com to foo-info
- (which is presumably an alias), mail addressed to info@bar.com
- to bar-info, and anything addressed to anyone at baz.org will
- be sent to jane@elsewhere.net. The names foo.com, bar.com,
- and baz.org must all be in $=w. Based on discussions with
- a great many people.
- CONFIG: add nullclient configurations to define SMTP_MAILER_FLAGS.
- Suggested by Richard Bainter.
- CONFIG: add FAX_MAILER_ARGS to tweak the arguments passed to the
- "fax" mailer.
- CONFIG: allow mailertable entries to resolve to local:user; this
- passes the original user@host in to procmail-style local
- mailers as the "detail" information to allow them to do
- additional clever processing. From Joe Pruett of
- Teleport Corporation. Delivery to the original user can
- be done by specifying "local:" (with nothing after the colon).
- CONFIG: allow any context that takes "mailer:domain" to also take
- "mailer:user@domain" to force mailing to the given user;
- "local:user" can also be used to do local delivery. This
- applies on *_RELAY and in the mailertable entries. Based
- on a suggestion by Ribert Kiessling of Easynet.
- CONFIG: Allow FEATURE(bestmx_is_local) to take an argument that
- limits the possible domains; this reduces the number of DNS
- lookups required to support this feature. For example,
- FEATURE(bestmx_is_local, my.site.com) limits the lookups
- to domains under my.site.com. Code contributed by Anthony
- Thyssen <anthony@cit.gu.edu.au>.
- CONFIG: LOCAL_RULESETS introduces any locally defined rulesets,
- such as the check_rcpt ruleset. Suggested by Gregory Shapiro
- of WPI.
- CONFIG: MAILER_DEFINITIONS introduces any mailer definitions, in the
- event you have to define local mailers. Suggested by
- Gregory Shapiro of WPI.
- CONFIG: fix cases where a three- (or more-) stage route-addr could
- be misinterpreted as a list:...; syntax. Based on a patch by
- Vlado Potisk <Vlado_Potisk@tempest.sk>.
- CONFIG: Fix masquerading of UUCP addresses when the UUCP relay is
- remotely connected. The address host!user was being
- converted to host!user@thishost instead of host!user@uurelay.
- Problem noted by William Gianopoulos of Raytheon Company.
- CONFIG: add confTO_ICONNECT to set Timeout.iconnect.
- CONFIG: change FEATURE(redirect) message from "User not local" to
- "User has moved"; the former wording was confusing if the
- new address is still on the local host. Based on a suggestion
- by Andreas Luik.
- CONFIG: add support in FEATURE(nullclient) for $=E (exposed users).
- However, the class is not pre-initialized to contain root.
- Suggested by Gregory Neil Shapiro.
- CONTRIB: Remove XLA code at the request of the author, Christophe
- Wolfhugel.
- CONTRIB: Add re-mqueue.pl, contributed by Paul Pomes of Qualcomm.
- MAIL.LOCAL: make it possible to compile mail.local on Solaris. Note
- well: this produces a slightly different mailbox format (no
- Content-Length: headers), file ownerships and modes are
- different (not owned by group mail; mode 600 instead of 660),
- and the local mailer flags will have to be tweaked (make them
- match bsd4.4) in order to use this mailer. Patches from Paul
- Hammann of the Missouri Research and Education Network.
- MAIL.LOCAL: in some cases it could return EX_OK even though there
- was a delivery error, such as if the ownership on the file
- was wrong or the mode changed between the initial stat and
- the open. Problem reported by William Colburn of the New
- Mexico Institute of Mining and Technology.
- MAILSTATS: handle zero length files more reliably. Patch from Bryan
- Costales.
- MAILSTATS: add man page contributed by Keith Bostic of BSDI.
- MAKEMAP: The -d flag (to allow duplicate keys) to a btree map wasn't
- honored. Fix from Michael Scott Shappe.
- PRALIASES: add man page contributed by Keith Bostic of BSDI.
- NEW FILES:
- src/Makefiles/Makefile.AIX.2
- src/Makefiles/Makefile.IRIX.6.2
- src/Makefiles/Makefile.maxion
- src/Makefiles/Makefile.NCR.MP-RAS.3.x
- src/Makefiles/Makefile.SCO.5.x
- src/Makefiles/Makefile.UXPDSV20
- mailstats/mailstats.8
- praliases/praliases.8
- cf/cf/generic-nextstep3.3.mc
- cf/feature/genericstable.m4
- cf/feature/limited_masquerade.m4
- cf/feature/masquerade_entire_domain.m4
- cf/feature/virtusertable.m4
- cf/ostype/aix2.m4
- cf/ostype/altos.m4
- cf/ostype/maxion.m4
- cf/ostype/solaris2.ml.m4
- cf/ostype/uxpds.m4
- contrib/re-mqueue.pl
- DELETED FILES:
- src/Makefiles/Makefile.Solaris
- contrib/xla/README
- contrib/xla/xla.c
- RENAMED FILES:
- src/Makefiles/Makefile.NCR3000 => Makefile.NCR.MP-RAS.2.x
- src/Makefiles/Makefile.SCO.3.2v4.2 => Makefile.SCO.4.2
- src/Makefiles/Makefile.UXPDS => Makefile.UXPDSV10
- src/Makefiles/Makefile.NeXT => Makefile.NeXT.2.x
- src/Makefiles/Makefile.NEXTSTEP => Makefile.NeXT.3.x
-
-8.7.6/8.7.3 1996/09/17
- SECURITY: It is possible to force getpwuid to fail when writing the
- queue file, causing sendmail to fall back to running programs
- as the default user. This is not exploitable from off-site.
- Workarounds include using a unique user for the DefaultUser
- (old u & g options) and using smrsh as the local shell.
- SECURITY: fix some buffer overruns; in at least one case this allows
- a local user to get root. This is not known to be exploitable
- from off-site. The workaround is to disable chfn(1) commands.
-
-8.7.5/8.7.3 1996/03/04
- Fix glitch in 8.7.4 when putting certain internal lines; this can
- in some case cause connections to hang or messages to have
- extra spaces in odd places. Patch from Eric Wassenaar;
- reports from Eric Hall of Chiron Corporation, Stephen
- Hansen of Stanford University, Dean Gaudet of HotWired,
- and others.
-
-8.7.4/8.7.3 1996/02/18
- SECURITY: In some cases it was still possible for an attacker to
- insert newlines into a queue file, thus allowing access to
- any user (except root).
- CONFIG: no changes -- it is not a bug that the configuration
- version number is unchanged.
-
-8.7.3/8.7.3 1995/12/03
- Fix botch in name server timeout in RCPT code; this problem caused
- two responses in SMTP, which breaks things horribly. Fix
- from Gregory Neil Shapiro of WPI.
- Verify that L= value on M lines cannot be negative, which could cause
- negative array subscripting. Not a security problem since
- this has to be in the config file, but it could have caused
- core dumps. Pointed out by Bryan Costales.
- Fix -d21 debug output for long macro names. Pointed out by Bryan
- Costales.
- PORTABILITY FIXES:
- SCO doesn't have ftruncate. From Bill Aten of Computerizers.
- IBM's version of arpa/nameser.h defaults to the wrong byte
- order. Tweak it to work properly. Based on fixes
- from Fletcher Mattox of UTexas and Betty Lee of
- Stanford University.
- CONFIG: add confHOSTS_FILE m4 variable to set HostsFile option.
- Deficiency pointed out by Bryan Costales of ICSI.
-
-8.7.2/8.7.2 1995/11/19
- REALLY fix the backslash escapes in SmtpGreetingMessage,
- OperatorChars, and UnixFromLine options. They were not
- properly repaired in 8.7.1.
- Completely delete the Bcc: header if and only if there are other
- valid recipient headers (To:, Cc: or Apparently-To:, the
- last being a historic botch, of course). If Bcc: is the
- only recipient header in the message, its value is tossed,
- but the header name is kept. The old behavior (always keep
- the header name and toss the value) allowed primary recipients
- to see that a Bcc: went to _someone_.
- Include queue id on ``Authentication-Warning: <host>: <user> set
- sender to <address> using -f'' syslog messages. Suggested
- by Kari Hurtta.
- If a sequence or switch map lookup entry gets a tempfail but then
- continues on to another map type, but the name is not found,
- return a temporary failure from the sequence or switch map.
- For example, if hosts search ``dns files'' and DNS fails
- with a tempfail, the hosts map will go on and search files,
- but if it fails the whole thing should be a tempfail, not
- a permanent (host unknown) failure, even though that is the
- failure in the hosts.files map. This error caused hard
- bounces when it should have requeued.
- Aliases to files such as /users/bar/foo/inbox, with /users/bar/foo
- owned by bar mode 700 and inbox being set-user-ID bar stopped
- working properly due to excessive paranoia. Pointed out by
- John Hawkinson of Panix.
- An SMTP RCPT command referencing a host that gave a nameserver
- timeout would return a 451 command (8.6 accepted it and
- queued it locally). Revert to the 8.6 behavior in order
- to simplify queue management for clustered systems. Suggested
- by Gregory Neil Shapiro of WPI. The same problem could break
- MH, which assumes that the SMTP session will succeed (tsk, tsk
- -- mail gets lost!); this was pointed out by Stuart Pook of
- Infobiogen.
- Fix possible buffer overflow in munchstring(). This was not a security
- problem because you couldn't specify any argument to this
- without first giving up root privileges, but it is still a
- good idea to avoid future problems. Problem noted by John
- Hawkinson and Sam Hartman of MIT.
- ``452 Out of disk space for temp file'' messages weren't being
- printed. Fix from David Perlin of Nanosoft.
- Don't advertise the ESMTP DSN extension if the SendMimeErrors option
- is not set, since this is required to get the actual DSNs
- created. Problem pointed out by John Gardiner Myers of CMU.
- Log permission problems that cause .forward and :include: files to
- be untrusted or ignored on log level 12 and higher. Suggested
- by Randy Martin of Clemson University.
- Allow user ids in U= clauses of M lines to have hyphens and
- underscores.
- Fix overcounting of recipients -- only happened when sending to an
- alias. Pointed out by Mark Andrews of SGI and Jack Woolley
- of Systems and Computer Technology Corporation.
- If a message is sent to an address that fails, the error message that
- is returned could show some extraneous "success" information
- included even if the user did not request success notification,
- which was confusing. Pointed out by Allan Johannesen of WPI.
- Config files that had no AliasFile definition were defaulting to
- using /etc/aliases; this caused problems with nullclient
- configurations. Change it back to the 8.6 semantics of
- having no local alias file unless it is declared. Problem
- noted by Charles Karney of Princeton University.
- Fix compile problem if NOTUNIX is defined. Pointed out by Bryan
- Costales of ICSI.
- Map lookups of class "userdb" maps were always case sensitive; they
- should be controlled by the -f flag like other maps. Pointed
- out by Bjart Kvarme <bjart.kvarme@usit.uio.no>.
- Fix problem that caused some addresses to be passed through ruleset 5
- even when they were tagged as "sticky" by prefixing the
- address with an "@". Patch from Thomas Dwyer III of Michigan
- Technological University.
- When converting a message to Quoted-Printable, prevent any lines with
- dots alone on a line by themselves. This is because of the
- preponderance of broken mailers that still get this wrong.
- Code contributed by Per Hedeland of Ericsson.
- Fix F{macro}/file construct -- it previously did nothing. Pointed
- out by Bjart Kvarme of USIT/UiO (Norway).
- Announce whether a cached connection is SMTP or ESMTP (in -v mode).
- Requested by Allan Johannesen.
- Delete check for text format of alias files -- it should be legal
- to have the database format of the alias files without the
- text version. Problem pointed out by Joe Rhett of Navigist,
- Inc.
- If "Ot" was specified with no value, the TZ variable was not properly
- imported from the environment. Pointed out by Frank Crawford
- <frank@ansto.gov.au>.
- Some architectures core dumped on "program" maps that didn't have
- extra arguments. Patch from Booker C. Bense of Stanford
- University.
- Queue run processes would re-spawn daemons when given a SIGHUP; only
- the parent should do this. Fix from Brian Coan of the
- Association for Progressive Communications.
- If MinQueueAge was set and a message was considered but not run
- during a queue run and the Timeout.queuereturn interval was
- reached, a "timed out" error message would be returned that
- didn't include the failed address (and claimed to be a warning
- even though it was fatal). The fix is to not return such
- messages until they are actually tried, i.e., in the next
- MinQueueAge interval. Problem noted by Rein Tollevik of
- SINTEF RUNIT, Oslo.
- Add HES_GETMAILHOST compile flag to support MIT Hesiod distributions
- that have the hes_getmailhost() routine. DEC Hesiod
- distributions do not have this routine. Based on a patch
- from Betty Lee of Stanford University.
- Extensive cleanups to map open code to handle a locking race condition
- in ndbm, hash, and btree format database files on some (most
- non-4.4-BSD based) OS architectures. This should solve the
- occasional "user unknown" problem during alias rebuilds that
- has plagued me for quite some time. Based on a patch from
- Thomas Dwyer III of Michigan Technological University.
- PORTABILITY FIXES:
- Solaris: Change location of newaliases and mailq from
- /usr/ucb to /usr/bin to match Sun settings. From
- James B. Davis of TCI.
- DomainOS: Makefile.DomainOS doesn't require -ldbm. From
- Don Lewis of Silicon Systems.
- HP-UX 10: rename Makefile.HP-UX.10 => Makefile.HP-UX.10.x
- so that the makesendmail script will find it. Pointed
- out by Richard Allen of the University of Iceland.
- Also, use -Aa -D_HPUX_SOUR