diff --git a/contrib/sendmail/CACerts b/contrib/sendmail/CACerts index b74fb7f19179..dee28194ebce 100644 --- a/contrib/sendmail/CACerts +++ b/contrib/sendmail/CACerts @@ -1,4 +1,4 @@ -# $Id: CACerts,v 8.3 2007/06/11 22:04:46 ca Exp $ +# $Id: CACerts,v 8.4 2009/06/26 05:46:10 ca Exp $ # This file contains some CA certificates that are used to sign the # certificates of mail servers of members of the sendmail consortium # who may reply to questions etc sent to sendmail.org. @@ -6,73 +6,6 @@ # a certificate signed by one of these CA certificates. # -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=US, ST=California, L=Berkeley, O=Sendmail Consortium, CN=Certificate Authority/emailAddress=certificates@sendmail.org - Validity - Not Before: Feb 1 21:51:47 2003 GMT - Not After : Jan 31 21:51:47 2008 GMT - Subject: C=US, ST=California, L=Berkeley, O=Sendmail Consortium, CN=Certificate Authority/emailAddress=certificates@sendmail.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:9a:fb:dc:4c:a3:58:21:1b:84:78:0a:53:56:b3: - 8d:84:05:b7:db:dd:d7:81:ea:dd:c1:ab:d4:be:d9: - 2b:12:e0:6d:3a:31:d5:f0:7b:13:fc:d8:da:09:0b: - 71:11:8e:b9:48:c4:ab:ae:f5:9c:4c:e2:04:27:8e: - c8:03:3a:aa:00:8b:46:f2:79:09:ae:65:b2:9a:66: - e7:ac:a9:ea:32:f7:4a:4e:fd:da:41:48:34:5a:9d: - b0:42:ea:55:40:17:27:5e:67:9e:e5:ce:dc:84:6d: - 1d:48:37:23:11:68:9d:a8:d4:58:02:05:ea:88:35: - bd:0d:b6:28:d5:cd:d4:d8:95 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - DE:CD:6E:B8:89:34:06:3D:E9:CD:A7:FE:45:4F:4E:FB:E1:8D:E7:79 - X509v3 Authority Key Identifier: - keyid:DE:CD:6E:B8:89:34:06:3D:E9:CD:A7:FE:45:4F:4E:FB:E1:8D:E7:79 - DirName:/C=US/ST=California/L=Berkeley/O=Sendmail Consortium/CN=Certificate Authority/emailAddress=certificates@sendmail.org - serial:00 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: md5WithRSAEncryption - 66:92:b9:57:17:3b:6a:0e:72:b1:85:29:53:9f:11:68:a0:0d: - 79:43:d0:7c:48:73:b9:71:09:50:08:02:03:0b:28:0c:33:9a: - 00:ac:94:69:4f:bc:0f:45:6b:f5:3a:ca:6a:87:a1:7f:28:f7: - 9a:c4:b6:b0:f3:dc:a3:eb:42:95:9f:99:19:f8:b8:84:6d:f1: - 1d:bc:9f:f0:a0:cc:60:2d:00:6b:17:55:33:16:85:d1:73:e1: - 00:59:89:33:19:c4:2e:29:5a:39:a7:0e:e7:9b:d2:4c:c7:b9: - 7d:6a:3e:b4:00:83:86:d3:16:28:fd:ad:55:65:60:4e:14:02: - 46:d3 ------BEGIN CERTIFICATE----- -MIIDsDCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBnTELMAkGA1UEBhMCVVMx -EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCEJlcmtlbGV5MRwwGgYDVQQK -ExNTZW5kbWFpbCBDb25zb3J0aXVtMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRo -b3JpdHkxKDAmBgkqhkiG9w0BCQEWGWNlcnRpZmljYXRlc0BzZW5kbWFpbC5vcmcw -HhcNMDMwMjAxMjE1MTQ3WhcNMDgwMTMxMjE1MTQ3WjCBnTELMAkGA1UEBhMCVVMx -EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCEJlcmtlbGV5MRwwGgYDVQQK -ExNTZW5kbWFpbCBDb25zb3J0aXVtMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRo -b3JpdHkxKDAmBgkqhkiG9w0BCQEWGWNlcnRpZmljYXRlc0BzZW5kbWFpbC5vcmcw -gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJr73EyjWCEbhHgKU1azjYQFt9vd -14Hq3cGr1L7ZKxLgbTox1fB7E/zY2gkLcRGOuUjEq671nEziBCeOyAM6qgCLRvJ5 -Ca5lsppm56yp6jL3Sk792kFINFqdsELqVUAXJ15nnuXO3IRtHUg3IxFonajUWAIF -6og1vQ22KNXN1NiVAgMBAAGjgf0wgfowHQYDVR0OBBYEFN7NbriJNAY96c2n/kVP -Tvvhjed5MIHKBgNVHSMEgcIwgb+AFN7NbriJNAY96c2n/kVPTvvhjed5oYGjpIGg -MIGdMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMI -QmVya2VsZXkxHDAaBgNVBAoTE1NlbmRtYWlsIENvbnNvcnRpdW0xHjAcBgNVBAMT -FUNlcnRpZmljYXRlIEF1dGhvcml0eTEoMCYGCSqGSIb3DQEJARYZY2VydGlmaWNh -dGVzQHNlbmRtYWlsLm9yZ4IBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUA -A4GBAGaSuVcXO2oOcrGFKVOfEWigDXlD0HxIc7lxCVAIAgMLKAwzmgCslGlPvA9F -a/U6ymqHoX8o95rEtrDz3KPrQpWfmRn4uIRt8R28n/CgzGAtAGsXVTMWhdFz4QBZ -iTMZxC4pWjmnDueb0kzHuX1qPrQAg4bTFij9rVVlYE4UAkbT ------END CERTIFICATE----- - - Certificate: Data: Version: 3 (0x2) @@ -144,93 +77,93 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - fa:7c:2c:80:29:3f:c2:64 + c2:3c:61:67:3b:0a:cc:5e Signature Algorithm: md5WithRSAEncryption - Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2007/emailAddress=ca+ca-rsa2007@esmtp.org + Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2009/emailAddress=ca+ca-rsa2009@esmtp.org Validity - Not Before: May 4 02:07:56 2007 GMT - Not After : May 3 02:07:56 2010 GMT - Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2007/emailAddress=ca+ca-rsa2007@esmtp.org + Not Before: May 14 04:42:18 2009 GMT + Not After : May 13 04:42:18 2012 GMT + Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2009/emailAddress=ca+ca-rsa2009@esmtp.org Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): - 00:b0:28:91:31:af:82:ce:72:ef:36:ab:7d:e9:b1: - f5:77:66:38:4b:38:1f:5f:3d:12:d3:c8:fd:9a:f4: - d4:f6:b8:90:f9:26:5f:29:f7:43:f9:34:ec:65:62: - 01:bb:64:f1:5d:ea:75:04:3d:92:65:60:a2:06:62: - fa:88:ca:d8:20:50:c8:1e:38:53:b5:18:dd:b7:bd: - c7:08:35:4c:d9:dc:c6:97:56:37:b6:65:33:74:5a: - b2:c3:85:08:2b:b7:26:70:ff:38:02:1a:67:6a:d0: - 49:18:10:4b:f8:db:af:06:9c:b1:a8:82:a1:b1:75: - d2:52:9b:53:0c:ca:a7:e3:15:38:79:6d:a1:f5:ef: - 7c:8b:fd:bd:04:78:f9:e8:1e:b9:92:ea:74:d7:45: - 1e:4c:c8:bd:f4:5c:fc:1a:7f:e7:31:c6:ab:cb:78: - c7:4d:2f:b5:72:10:35:27:4a:1a:fa:53:19:f8:a7: - 59:63:eb:e9:15:ab:dc:71:69:8c:42:1c:96:4e:89: - 80:66:c9:9e:21:d5:3d:08:19:74:a5:f5:07:a0:ae: - de:79:af:fd:42:c2:79:7e:8c:f8:39:22:3b:c3:c4: - 58:3b:d0:0d:e6:a9:11:b6:a2:cd:2e:e5:16:66:fd: - 7e:65:33:94:b0:36:80:27:f5:80:76:a9:e5:df:f2: - cf:ef + 00:d5:f8:d3:48:38:75:df:2e:6b:8b:c4:8d:1d:41: + 5e:ad:4b:96:3d:48:c2:dc:e5:ff:61:98:95:32:03: + e9:b6:71:5a:68:31:bc:e1:5c:aa:0e:70:a7:bc:51: + b7:13:6a:78:54:ae:a6:d0:44:49:1b:5e:37:5b:59: + 20:01:47:a7:ec:41:4c:11:79:8c:25:c1:1b:c0:ed: + 85:b2:de:0f:10:9f:e7:b2:a3:c4:f1:fc:85:51:aa: + d6:68:49:51:3e:04:e1:eb:e9:cd:87:1b:d0:9d:97: + 7b:4c:e1:1e:b1:6a:be:01:0a:a9:97:9a:50:89:e3: + 66:06:4c:07:cb:7e:99:70:13:e8:b4:9c:e7:e6:52: + 38:c0:64:90:42:d0:f5:cf:22:46:22:60:e9:34:70: + 1d:e3:d1:13:33:3a:31:ba:13:06:a8:c2:34:90:47: + c5:a1:bd:2d:7d:98:21:70:de:22:d0:13:11:e5:08: + dd:a0:77:0b:df:34:a7:07:55:de:5a:71:f6:6c:9e: + ec:f7:45:75:1f:22:a9:84:06:c6:4f:84:3d:4e:05: + d7:e4:e5:98:41:61:7b:8e:c9:3b:a6:ed:31:80:7d: + fd:fa:f0:dc:b7:07:82:b8:ec:27:20:39:5f:78:95: + f1:0d:93:8d:f9:4d:21:08:fd:72:89:01:ff:2c:a0: + 71:9d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - B2:49:6B:52:45:EE:90:36:D2:79:47:03:33:D9:A0:BA:80:50:DA:1C + A7:61:FA:31:AF:A8:E2:5E:93:B6:84:9E:74:08:A2:76:50:87:69:7C X509v3 Authority Key Identifier: - keyid:B2:49:6B:52:45:EE:90:36:D2:79:47:03:33:D9:A0:BA:80:50:DA:1C - DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=Claus Assmann CA RSA 2007/emailAddress=ca+ca-rsa2007@esmtp.org - serial:FA:7C:2C:80:29:3F:C2:64 + keyid:A7:61:FA:31:AF:A8:E2:5E:93:B6:84:9E:74:08:A2:76:50:87:69:7C + DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=Claus Assmann CA RSA 2009/emailAddress=ca+ca-rsa2009@esmtp.org + serial:C2:3C:61:67:3B:0A:CC:5E X509v3 Basic Constraints: - CA:TRUE + CA:TRUE X509v3 Subject Alternative Name: - email:ca+ca-rsa2007@esmtp.org + email:ca+ca-rsa2009@esmtp.org X509v3 Issuer Alternative Name: - email:ca+ca-rsa2007@esmtp.org + email:ca+ca-rsa2009@esmtp.org Signature Algorithm: md5WithRSAEncryption - 98:98:7c:d3:d0:5b:72:47:15:e6:22:68:bb:78:0e:78:66:e9: - 56:16:d8:bc:9d:5a:dc:27:29:fb:91:2d:6a:21:35:18:56:b4: - 4f:2a:09:c0:08:6f:9a:59:2b:2e:72:9a:fb:50:ba:c7:a9:91: - a0:f9:6c:be:cf:78:42:43:02:70:53:97:ba:6a:e3:da:17:e8: - 1f:c7:3a:5b:e7:bc:eb:e5:24:4c:f5:cf:61:34:1e:20:ed:17: - 63:ef:81:d3:9e:25:fe:cc:05:19:cc:8a:82:c9:4c:3a:b5:6b: - 49:51:76:46:02:aa:60:bb:c4:b9:61:48:33:da:79:8d:46:a3: - 06:20:98:f3:b2:db:3b:ad:c9:1d:0e:97:3d:b7:14:19:d3:7d: - 04:8b:6a:81:e0:11:5b:e1:35:a3:ff:2f:11:86:1c:31:85:7a: - fd:3f:36:ef:99:25:46:2e:b0:cb:43:45:4a:ec:be:d3:3f:a4: - 77:9b:79:cc:ce:92:63:a5:d9:ed:db:a0:9d:5d:7c:d7:80:f6: - c9:41:fb:02:96:8e:fd:f3:da:05:9d:81:a7:25:da:26:35:3b: - a9:0c:8c:f5:a7:5d:48:ec:87:c7:7a:60:51:76:f2:de:9b:14: - 2b:55:8a:43:df:99:19:f3:eb:e7:03:e6:a7:a2:a2:28:dd:d5: - 07:6a:3f:f7 + b3:38:e0:da:a8:07:d8:cc:b8:4d:8c:20:a6:06:2c:f8:27:db: + 8e:28:0f:39:bd:d9:24:c7:9f:e0:4d:d6:b6:63:42:36:0f:d8: + 70:41:e7:9e:a2:24:64:05:ea:85:97:ac:f2:cc:c2:a6:71:bb: + 30:21:c1:c7:c4:54:34:1d:30:09:f0:9b:74:27:93:59:12:4c: + 53:0b:8c:3e:d0:39:ed:4a:d0:d9:66:24:d8:e7:e5:9c:a8:6d: + 5f:56:5d:9a:91:fe:1b:7d:b9:7c:79:9e:1c:b9:71:74:14:f8: + 0c:30:50:f9:b1:22:56:a8:4d:6f:4b:9b:e5:8a:81:33:1b:77: + 75:f6:d8:ce:d4:90:34:86:34:d1:86:75:a9:e1:23:e6:af:c1: + 8e:28:97:47:20:4d:1b:57:09:39:f4:56:01:d2:87:43:3e:29: + f6:c4:5b:7d:8f:9e:bd:ad:36:79:cf:09:70:43:30:21:98:23: + 31:c8:0d:39:ee:77:e1:4a:44:1a:5c:79:2f:6c:ec:8a:3c:db: + 99:a0:11:bc:1a:46:24:51:e7:75:d6:9a:db:ad:dd:55:d4:dd: + ca:81:a0:10:77:96:91:9c:76:30:38:18:f0:82:43:b3:7c:41: + 64:4c:4e:da:66:22:67:cf:b7:d7:10:ba:ed:f4:6d:43:59:00: + d0:82:1e:07 -----BEGIN CERTIFICATE----- -MIIFJzCCBA+gAwIBAgIJAPp8LIApP8JkMA0GCSqGSIb3DQEBBAUAMIGlMQswCQYD +MIIFJzCCBA+gAwIBAgIJAMI8YWc7CsxeMA0GCSqGSIb3DQEBBAUAMIGlMQswCQYD VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIQmVya2VsZXkx FDASBgNVBAoTC0VuZG1haWwgT3JnMQwwCgYDVQQLEwNNVEExIjAgBgNVBAMTGUNs -YXVzIEFzc21hbm4gQ0EgUlNBIDIwMDcxJjAkBgkqhkiG9w0BCQEWF2NhK2NhLXJz -YTIwMDdAZXNtdHAub3JnMB4XDTA3MDUwNDAyMDc1NloXDTEwMDUwMzAyMDc1Nlow +YXVzIEFzc21hbm4gQ0EgUlNBIDIwMDkxJjAkBgkqhkiG9w0BCQEWF2NhK2NhLXJz +YTIwMDlAZXNtdHAub3JnMB4XDTA5MDUxNDA0NDIxOFoXDTEyMDUxMzA0NDIxOFow gaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhC ZXJrZWxleTEUMBIGA1UEChMLRW5kbWFpbCBPcmcxDDAKBgNVBAsTA01UQTEiMCAG -A1UEAxMZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAwNzEmMCQGCSqGSIb3DQEJARYX -Y2ErY2EtcnNhMjAwN0Blc210cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQCwKJExr4LOcu82q33psfV3ZjhLOB9fPRLTyP2a9NT2uJD5Jl8p90P5 -NOxlYgG7ZPFd6nUEPZJlYKIGYvqIytggUMgeOFO1GN23vccINUzZ3MaXVje2ZTN0 -WrLDhQgrtyZw/zgCGmdq0EkYEEv4268GnLGogqGxddJSm1MMyqfjFTh5baH173yL -/b0EePnoHrmS6nTXRR5MyL30XPwaf+cxxqvLeMdNL7VyEDUnShr6Uxn4p1lj6+kV -q9xxaYxCHJZOiYBmyZ4h1T0IGXSl9Qegrt55r/1Cwnl+jPg5IjvDxFg70A3mqRG2 -os0u5RZm/X5lM5SwNoAn9YB2qeXf8s/vAgMBAAGjggFWMIIBUjAdBgNVHQ4EFgQU -sklrUkXukDbSeUcDM9mguoBQ2hwwgdoGA1UdIwSB0jCBz4AUsklrUkXukDbSeUcD -M9mguoBQ2hyhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y +A1UEAxMZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAwOTEmMCQGCSqGSIb3DQEJARYX +Y2ErY2EtcnNhMjAwOUBlc210cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDV+NNIOHXfLmuLxI0dQV6tS5Y9SMLc5f9hmJUyA+m2cVpoMbzhXKoO +cKe8UbcTanhUrqbQREkbXjdbWSABR6fsQUwReYwlwRvA7YWy3g8Qn+eyo8Tx/IVR +qtZoSVE+BOHr6c2HG9Cdl3tM4R6xar4BCqmXmlCJ42YGTAfLfplwE+i0nOfmUjjA +ZJBC0PXPIkYiYOk0cB3j0RMzOjG6EwaowjSQR8WhvS19mCFw3iLQExHlCN2gdwvf +NKcHVd5acfZsnuz3RXUfIqmEBsZPhD1OBdfk5ZhBYXuOyTum7TGAff368Ny3B4K4 +7CcgOV94lfENk435TSEI/XKJAf8soHGdAgMBAAGjggFWMIIBUjAdBgNVHQ4EFgQU +p2H6Ma+o4l6TtoSedAiidlCHaXwwgdoGA1UdIwSB0jCBz4AUp2H6Ma+o4l6TtoSe +dAiidlCHaXyhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y bmlhMREwDwYDVQQHEwhCZXJrZWxleTEUMBIGA1UEChMLRW5kbWFpbCBPcmcxDDAK -BgNVBAsTA01UQTEiMCAGA1UEAxMZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAwNzEm -MCQGCSqGSIb3DQEJARYXY2ErY2EtcnNhMjAwN0Blc210cC5vcmeCCQD6fCyAKT/C -ZDAMBgNVHRMEBTADAQH/MCIGA1UdEQQbMBmBF2NhK2NhLXJzYTIwMDdAZXNtdHAu -b3JnMCIGA1UdEgQbMBmBF2NhK2NhLXJzYTIwMDdAZXNtdHAub3JnMA0GCSqGSIb3 -DQEBBAUAA4IBAQCYmHzT0FtyRxXmImi7eA54ZulWFti8nVrcJyn7kS1qITUYVrRP -KgnACG+aWSsucpr7ULrHqZGg+Wy+z3hCQwJwU5e6auPaF+gfxzpb57zr5SRM9c9h -NB4g7Rdj74HTniX+zAUZzIqCyUw6tWtJUXZGAqpgu8S5YUgz2nmNRqMGIJjzsts7 -rckdDpc9txQZ030Ei2qB4BFb4TWj/y8RhhwxhXr9PzbvmSVGLrDLQ0VK7L7TP6R3 -m3nMzpJjpdnt26CdXXzXgPbJQfsClo7989oFnYGnJdomNTupDIz1p11I7IfHemBR -dvLemxQrVYpD35kZ8+vnA+anoqIo3dUHaj/3 +BgNVBAsTA01UQTEiMCAGA1UEAxMZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAwOTEm +MCQGCSqGSIb3DQEJARYXY2ErY2EtcnNhMjAwOUBlc210cC5vcmeCCQDCPGFnOwrM +XjAMBgNVHRMEBTADAQH/MCIGA1UdEQQbMBmBF2NhK2NhLXJzYTIwMDlAZXNtdHAu +b3JnMCIGA1UdEgQbMBmBF2NhK2NhLXJzYTIwMDlAZXNtdHAub3JnMA0GCSqGSIb3 +DQEBBAUAA4IBAQCzOODaqAfYzLhNjCCmBiz4J9uOKA85vdkkx5/gTda2Y0I2D9hw +QeeeoiRkBeqFl6zyzMKmcbswIcHHxFQ0HTAJ8Jt0J5NZEkxTC4w+0DntStDZZiTY +5+WcqG1fVl2akf4bfbl8eZ4cuXF0FPgMMFD5sSJWqE1vS5vlioEzG3d19tjO1JA0 +hjTRhnWp4SPmr8GOKJdHIE0bVwk59FYB0odDPin2xFt9j569rTZ5zwlwQzAhmCMx +yA057nfhSkQaXHkvbOyKPNuZoBG8GkYkUed11prbrd1V1N3KgaAQd5aRnHYwOBjw +gkOzfEFkTE7aZiJnz7fXELrt9G1DWQDQgh4H -----END CERTIFICATE----- diff --git a/contrib/sendmail/LICENSE b/contrib/sendmail/LICENSE index e8639f5a5a92..2c604033ee30 100644 --- a/contrib/sendmail/LICENSE +++ b/contrib/sendmail/LICENSE @@ -1,7 +1,7 @@ SENDMAIL LICENSE The following license terms and conditions apply, unless a different -license is obtained from Sendmail, Inc., 6425 Christie Ave, Fourth Floor, +license is obtained from Sendmail, Inc., 6475 Christie Ave, Suite 350, Emeryville, CA 94608, USA, or by electronic mail at license@sendmail.com. License Terms: @@ -33,7 +33,7 @@ each of the following conditions is met: forth as paragraph 6 below, in the documentation and/or other materials provided with the distribution. For the purposes of binary distribution the "Copyright Notice" refers to the following language: - "Copyright (c) 1998-2004 Sendmail, Inc. All rights reserved." + "Copyright (c) 1998-2009 Sendmail, Inc. All rights reserved." 4. Neither the name of Sendmail, Inc. nor the University of California nor the names of their contributors may be used to endorse or promote @@ -76,4 +76,4 @@ each of the following conditions is met: (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. -$Revision: 8.13 $, Last updated $Date: 2004/05/11 23:57:57 $ +$Revision: 8.15 $, Last updated $Date: 2009/03/04 19:58:04 $ diff --git a/contrib/sendmail/PGPKEYS b/contrib/sendmail/PGPKEYS index 3f7e9226d968..5f89ed439429 100644 --- a/contrib/sendmail/PGPKEYS +++ b/contrib/sendmail/PGPKEYS @@ -141,6 +141,79 @@ gpExpdV7qPrw9k01j5rod5PjZlG8zV0= =SR28 -----END PGP PUBLIC KEY BLOCK----- +Type Bits KeyID Created Expires Algorithm Use +pub 1024 0xA77F2429 2009-01-01 ---------- RSA Sign & Encrypt +f16 Fingerprint16 = 33 3A 62 61 2C F3 21 AA 4E 87 47 F2 2F 2C 40 4D +uid Sendmail Signing Key/2009 + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.8 (OpenBSD) + +mQCNA0lcVHwAAAEEAM7aXDJHNH3g0oxbsSUjqRiKh47W4srnfEYREj2Q26AXWzXE +BSyfl6QMRLbSVNIiPOWlMPbZWjCx4c1TNsj3TiiklCcievlvbAPVa3kY2hZ6pmyU +czJq4S/mT1lt+uPOCjvKxo8OLQoFuJMTIS+Ya7LVjW7fJD5yrhKJbpunfyQpAAUR +tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDA5IDxzZW5kbWFpbEBTZW5kbWFpbC5P +Ukc+iQCVAwUQSVxUfBKJbpunfyQpAQHirwP+JvK4cBqtw9rxSZ0whmC1N4a2r24f +SH2WDC1zNNeiCHg93udKs3PKLPm688U+WxiaSsrGQXQlGojx7jn1XggTPOG+SteJ +JP/Ea9buJK9KaLaniUm84XxHxa71y3v3+SfhJMpJioY4G6qKqfLZFzmpiwUTvtLR +B9LfWvzvUUHJSTyJAJUDBRBJXFY9wZwdJRLTRh0BAcrBBACYcnhE8cx5eA8WqTR4 +2CVZgxxrIMOrqda+hdpSgsRjUEWRpb5+Es1hfM3OLXqbsywCTUvxeoymVYQr3aSP +sbm+rQ4l6gf7ibpiVZA6vDxh0EfwNYE+aI3AoW03ODoCAaj+utOjGdqzIcec0RpS +zXPI1gWW3sBck95KsiDUYmXYTIkAlQMFEElcVkzvWJZk1DLhnQEByUIEAKOdWew/ +M75xyVbugMGUZnAJrTZPKu9y3V3TLqyET3rGYfLjt6M4R+99j+mkhmi2rOckM9VV +30kvjW9BBarnr13XoMVTtLneoLaVrbMw4aZHRkTdRL14LIj+w1jzEKXDwYylJbGZ +UlmZn7lFkJrLIaBDmQl7GswBJRJvFLQbdzzMiQCVAwUQSVxWVW9Sk9ijm6ZVAQHr +DQP9ECF56TGI8YRPVOzZJzUyOmiMAouRoJ74aWfM8TA2Q8gVtedDc6IHiNzcVjq4 +jOZuMgb1KTPPF/TwWL5MHIFldsMdJ/i0Rml+x4h3Ff+8ZYlJgFBylUmx++nW1rbc +nn9RS/Es+zKsDOnTN5fTFo3br1z2saLnuXNB+SuJmSC8i2CJAJUDBRBJXFZgnBy9 +4uNcVjUBAcdaA/9ur7HbueufNbvr0HoDbhBijagbeqRrzmYtsOtYUfBGEtc5JiNH +r7NIAM66Tog8p9ZZA+qOaGHvujecBOTlokLpPKvcQngOz7c53z3Yop90TnMytUL2 +IExcuCdH4BMy72R5nH5YY5pMqb7pFjcyGDDIM8cxMgbZ3gzvbPDHZMUQ6okAlQMF +EElcVmc4IttHzDdPLQEBJ/0EANME79+Z/BItRKlSgzH52JBGGQZrZi57Pz+hJ+du +K7RgSkhpsXnk1kELvig5TCd2YaDZXoZwUrJLObVKAMI4lpGNTkZlzRRrFXcx4Q14 +YPJ/nay5jkqHvR9neKTsifzdsPVLi9nUDBMtURIQo5yn5AYMloiDzw/HpNGvkk92 +ITqwiQCVAwUQSVxWbolpYrhnjAoDAQHLDgP+L+Od/CoHaVUpsZld1SJKwvelIe1S +wT8SBqppQyDbKw0ZczetUSASt+g8OqJKD88I2no5mjEmHx0lncoKJ06qxpJBIu7A +lbByeE9i8Bn52YKhPGka4AwA3DOm5yR967BncOf/zY65t83hocZL1uKQeHW8wnpR +x3o+RBz2354phxyJAJUDBRBJXFZ2IYPhsTlvB4kBARKHA/sHFkKAvCo5Hto2CJWF +gyBCJUsUuHCaQTkfL4IspkIBjmrsr2KKe0WQUqIlebhhWzVhgYsc8AXZil+pLahC +L9CNQVQpoPKD3mit2+Vsi8254QxQjeYD3jUQT1C6uq6l9IORdIxYah9DNBNHCgwX +PuTMmpU1JQj6haKhGa1kbaQq2IkAlQMFEElcVn3I1e0plfYXcQEB2TYD+wYXb+sU +0vmG51lVWj2BPMvv/lbfzU6KnqXNCD2ra0yu6C83WHNFXEz+JuLYlzLnaKm8DJI/ +SFBZZIxpUaoaFHyGrjbWrDI6oMfvp/dMnJjfibNbmZuVIl2z0TKO98jiJ/+/9e/5 +AtCsSFfyZ6FSTtAHbG1ZOJvhPBub9aELiUCiiQCVAwUQSVxWknCgJE0e+ZJRAQHz +NQP7BYHJwViDWqp9c5DmxM6vHrVq/wsDyPgm52+QpopErCRt2iTpocldHQG/9ZdE +0ENn6PhI49xobh+m0HfoZZ+Cr4LPU7g2ftmEtrxtDN1BYdNQHZLZStUp7A8SsLgL +2IvYSI9iKAmQoWQTAOECDD41o1BOnnM1eraeUyqdmZaFm8iJAJUDBRBJXFaZHnuz +yK+VliUBAVgdBACmbsAKzbNnvfaTCJxqhaJI5uNDCdH7rgoCHEJR4aefPY89Do7b +ixLCyW4wUr7pxqvf/xbEGJHNCG5WnmncXBCnoEVqmHb7J9vQw1o3K6pRPqtTjVBR +VEUUK4xe6ZIOft3FOI5fKAPO5Vc9NlxPDjSJcjR6+B//TpecZ2L9A/Dp+4kAlQMF +EElcVqGXQwEYcJO4QQEBl1YD/AsMu6g/4KiwelIz2rDzm4wzvsQm+cYm47hv2IHV +Fkx5f8mS6um39+4J/FHni7i2bfSuHpRn1RdURR7Gebu7HKYfGTNLNYyKt7U/6VFb +ylDxUTS32sier3GlDrlJrBQ+VDIG4dUaioKoKUXxBhEVzAZrvkYhaiGWIl/K4zz5 +C1qdiQCVAwUQSVxWqdiq8Mr2swcpAQFzwgP9FJOM0MysHIjq/KihatPjerxhud6j +bd1Zo/tIKybvPsJNaeTeR+0IKm+vbAWtYL5oBc2wxgdQAs8tUi5SryK1otMAJ6sj +KNN+QxIp2FEumzReGRo+hCETiusjD9Abbh1L9L7FOkhGhH+m6fBVQIYUytmMFpnQ +qn17I9DVPxpwob+JAJUDBRBJXFa9wCnKQBb0zOkBAd0BA/9yRRB2waP3duE2rYKF +Obsbs3XXOQHEl/rjpIHVmYIqqRSglmlTEXwjKJeCEN9q0PRiazhztEhVJWP8ORRP +fkjlscP25T4A4tMC1F49biMak5MI2ffawVkUVsjIWFF/vFQIqKl4JG8SI/r4Oxep +yaozkowCJX3zZtkEfB2Id1nU9IkAlQMFEElcV0e92o/WP+p9/QEBxQID/R4E3pRI +isTe5RJotQKcsQKo3y+8KkmvfZQ6d3h/n4anq6bs1rRrWKqL6XoM7Nc5teLR3QaW +CVTssPtt3P06WqMm8Ct25iZ8dIyqRN0d0k5dJ6d5Qp4WSCL0TmTQ7wO4q9aCOhGK +YFKCP3i2v8zCOhuqk2pLeOYxl6f912COvmwSiQCVAwUQSVxXVXxLZ22gDhVjAQFU +WAP/TjyHxNVsptLRcFRfMCi9fjkrftbma00pzIaj9d6Ybxt6nMQ8C8TCTrurkXpq +9kGIrFVndsovql8++Y9VsDeh/vLX65mZl8FEVFvbl38+YSYeB44upadibU6uB0iL +zFz6da6gZmm/NENX3UCldIWv35L33EFotQ9GxTn8b0MQnY2JAJUDBRBJXFdl1uCh +/k++Kt0BAQ39BACfVZaig8loIuKosYh5Ydcefe0NZTZOCgPZ+mAzShEeBIN/btA0 ++jMXfu6tEgqUKQnyKCXZcPoZwY9Y0hOqGT2AIkWmZHJ/uKrzXIAcwUTS0TQV1k5x +mHPkZmvr55JDYp/JIbxIZ8QTpTuEzlymow12qMOUhPkL/wOQET9duDMKzokAlQMF +EEli68zPHrUDIjJ6AQEBzacD/RPBzReBSsVar0+B4xEW0i11LKV2Q7gH+y256IDX +3SxML4+GZM9FmEMVhlTbHPOE2rfwFvLrMxCmIqGHjMccJRZpV9OFpXa8z15FRDmJ +U01qOITDcIAiIPgGamifxMOYG4+spaj2sxLGnY/6aowhjh1XNbQPuJ6laNq7bz50 +wzfu +=RCyv +-----END PGP PUBLIC KEY BLOCK----- + Type Bits KeyID Created Expires Algorithm Use pub 1024 0xF6B30729 2008-01-18 ---------- RSA Sign & Encrypt f16 Fingerprint16 = 07 FB 9A F9 F7 94 4B E4 0F 28 D1 8E 23 6F A2 B0 @@ -1792,4 +1865,4 @@ DnF3FZZEzV7oqPwC2jzv/1dD6GFhtgy0cnyoPGUJCyc= =nES8 -----END PGP PUBLIC KEY BLOCK----- -$Revision: 8.26 $, Last updated $Date: 2008/01/22 06:20:27 $ +$Revision: 8.29 $, Last updated $Date: 2009/01/06 05:59:03 $ diff --git a/contrib/sendmail/README b/contrib/sendmail/README index a8db16227a3e..8175b1a879c7 100644 --- a/contrib/sendmail/README +++ b/contrib/sendmail/README @@ -38,6 +38,7 @@ the latest updates. 4. Read cf/README. Sendmail is a trademark of Sendmail, Inc. +US Patent Numbers 6865671, 6986037. +-----------------------+ | DIRECTORY PERMISSIONS | @@ -464,4 +465,4 @@ sendmail Source for the sendmail program itself. test Some test scripts (currently only for compilation aids). vacation Source for the vacation program. NOT PART OF SENDMAIL! -$Revision: 8.94 $, Last updated $Date: 2008/02/12 16:40:05 $ +$Revision: 8.95 $, Last updated $Date: 2009/04/10 17:49:18 $ diff --git a/contrib/sendmail/RELEASE_NOTES b/contrib/sendmail/RELEASE_NOTES index 0d8ed8663c09..4e1e8f38305f 100644 --- a/contrib/sendmail/RELEASE_NOTES +++ b/contrib/sendmail/RELEASE_NOTES @@ -1,11 +1,96 @@ SENDMAIL RELEASE NOTES - $Id: RELEASE_NOTES,v 8.1926 2008/05/03 03:34:26 ca Exp $ + $Id: RELEASE_NOTES,v 8.1963 2009/12/23 04:43:46 ca Exp $ This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release. +8.14.4/8.14.4 2009/12/30 + SECURITY: Handle bogus certificates containing NUL characters + in CNs by placing a string indicating a bad certificate + in the {cn_subject} or {cn_issuer} macro. Patch inspired + by Matthias Andree's changes for fetchmail. + During the generation of a queue identifier an integer overflow + could occur which might result in bogus characters + being used. Based on patch from John Vannoy of + Pepperdine University. + The value of headers, e.g., Precedence, Content-Type, et.al., + was not processed correctly. Patch from Per Hedeland. + Between 8.11.7 and 8.12.0 the length limitation on a return + path was erroneously reduced from MAXNAME (256) to + MAXSHORTSTR (203). Patch from John Gardiner Myers + of Proofpoint; the problem was also noted by Steve + Hubert of University of Washington. + Prevent a crash when a hostname lookup returns a seemingly + valid result which contains a NULL pointer (this seems + to be happening on some Linux versions). + The process title was missing the current load average when + the MTA was delaying connections due to DelayLA. + Patch from Dick St.Peters of NetHeaven. + Do not reset the number of queue entries in shared memory if + only some of them are processed. + Fix overflow of an internal array when parsing some replies + from a milter. Problem found by Scott Rotondo + of Sun Microsystems. + If STARTTLS is turned off in the server (via M=S) then it + would not be initialized for use in the client either. + Patch from Kazuteru Okahashi of IIJ. + If a Diffie-Hellman cipher is selected for STARTTLS, the + handshake could fail with some TLS implementations + because the prime used by the server is not long enough. + Note: the initialization of the DSA/DH parameters for + the server can take a significant amount of time on slow + machines. This can be turned off by setting DHParameters + to none or a file (see doc/op/op.me). Patch from + Petr Lampa of the Brno University of Technology. + Fix handling of `b' modifier for DaemonPortOptions on little + endian machines for loopback address. Patch from + John Beck of Sun Microsystems. + Fix a potential memory leak in libsmdb/smdb1.c found by parfait. + Based on patch from Jonathan Gray of OpenBSD. + If a milter sets the reply code to "421" during the transfer + of the body, the SMTP server will terminate the SMTP session + with that error to match the behavior of the other callbacks. + Return EX_IOERR (instead of 0) if a mail submission fails due to + missing disk space in the mail queue. Based on patch + from Martin Poole of RedHat. + CONFIG: Using FEATURE(`ldap_routing')'s `nodomain' argument would + cause addresses not found in LDAP to be misparsed. + CONFIG: Using a CN restriction did not work for TLS_Clt as it + referred to a wrong macro. Patch from John Gardiner + Myers of Proofpoint. + CONFIG: The option relaytofulladdress of FEATURE(`access_db') + did not work if FEATURE(`relay_hosts_only') is used too. + Problem noted by Kristian Shaw. + CONFIG: The internal function lower() was broken and hence + strcasecmp() did not work either, which could cause + problems for some FEATURE()s if upper case arguments + were used. Patch from Vesa-Matti J Kari of the + University of Helsinki. + LIBMILTER: Fix internal check whether a milter application + is compiled against the same version of libmilter as + it is linked against (especially useful for dynamic + libraries). + LIBMILTER: Fix memory leak that occurred when smfi_setsymlist() + was used. Based on patch by Dan Lukes. + LIBMILTER: Document the effect of SMFIP_HDR_LEADSPC for filters + which add, insert, or replace headers. From Benjamin + Pineau. + LIBMILTER: Fix error messages which refer to "select()" to be + correct if SM_CONF_POLL is used. Based on patch from + John Nemeth. + LIBSM: Fix handling of LDAP search failures where the error is + carried in the search result itself, such as seen with + OpenLDAP proxy servers. + VACATION: Do not refer to a local variable outside its scope. + Based on patch from Mark Costlow of Southwest Cyberport. + Portability: + Enable HAVE_NANOSLEEP for SunOS 5.11. Patch from + John Beck of Sun Microsystems. + Drop NISPLUS from default SunOS 5.11 map definitions. + Patch from John Beck of Sun Microsystems. + 8.14.3/8.14.3 2008/05/03 During ruleset processing the generation of a key for a map lookup and the parsing of the default value was broken @@ -37,7 +122,7 @@ summary of the changes in that release. Support shared libraries in Darwin 8 and 9. Patch from Chris Behrens of Concentric. Add support for SCO OpenServer 6, patch from Boyd Gerber. - DEVTOOLS: Clarify that confSHAREDLIBDIR requires a trailing path. + DEVTOOLS: Clarify that confSHAREDLIBDIR requires a trailing slash. Added Files: devtools/OS/Darwin.9.x devtools/OS/OSR.i386 diff --git a/contrib/sendmail/cf/README b/contrib/sendmail/cf/README index 43737f60bce6..e3496e927b6e 100644 --- a/contrib/sendmail/cf/README +++ b/contrib/sendmail/cf/README @@ -3142,7 +3142,7 @@ starts with '+' and the items are separated by '++'. Allowed extensions are: CN:name name must match ${cn_subject} -CN ${server_name} must match ${cn_subject} +CN ${client_name}/${server_name} must match ${cn_subject} CS:name name must match ${cert_subject} CI:name name must match ${cert_issuer} @@ -4701,4 +4701,4 @@ M4 DIVERSIONS 8 DNS based blacklists 9 special local rulesets (1 and 2) -$Revision: 8.724 $, Last updated $Date: 2008/02/15 23:05:32 $ +$Revision: 8.727 $, Last updated $Date: 2009/05/07 23:46:17 $ diff --git a/contrib/sendmail/cf/cf/submit.cf b/contrib/sendmail/cf/cf/submit.cf index 11f3820eaa3e..5286c681be03 100644 --- a/contrib/sendmail/cf/cf/submit.cf +++ b/contrib/sendmail/cf/cf/submit.cf @@ -1,5 +1,5 @@ # -# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers. +# Copyright (c) 1998-2004, 2009 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 @@ -16,8 +16,8 @@ ##### ##### SENDMAIL CONFIGURATION FILE ##### -##### built by ca@wiz.smi.sendmail.com on Fri May 2 20:39:00 PDT 2008 -##### in /extra/home/ca/sm-8.14.3/OpenSource/sendmail-8.14.3/cf/cf +##### built by ca@wiz.smi.sendmail.com on Tue Dec 22 20:49:09 PST 2009 +##### in /extra/home/ca/sm-8.14.4/OpenSource/sendmail-8.14.4/cf/cf ##### using ../ as configuration include directory ##### ###################################################################### @@ -27,7 +27,7 @@ ###################################################################### ###################################################################### -##### $Id: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $ ##### +##### $Id: cfhead.m4,v 8.120 2009/01/23 22:39:21 ca Exp $ ##### ##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ ##### ##### $Id: submit.mc,v 8.14 2006/04/05 05:54:41 ca Exp $ ##### ##### $Id: msp.m4,v 1.33 2004/02/09 22:32:38 ca Exp $ ##### @@ -35,7 +35,7 @@ ##### $Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ ##### -##### $Id: proto.m4,v 8.734 2008/01/24 23:42:01 ca Exp $ ##### +##### $Id: proto.m4,v 8.741 2009/12/11 00:04:53 ca Exp $ ##### # level 10 config file format V10/Berkeley @@ -114,7 +114,7 @@ D{MTAHost}[127.0.0.1] # Configuration version number -DZ8.14.3/Submit +DZ8.14.4/Submit ############### @@ -440,6 +440,7 @@ O RunAsUser=smmsp # once the threshold number of recipients have been rejected #O BadRcptThrottle=0 + # shall we get local names from our installed interfaces? O DontProbeInterfaces=True @@ -500,6 +501,7 @@ O PidFile=/var/spool/clientmqueue/sm-client.pid # SMTP STARTTLS server options #O TLSSrvOptions + # Input mail filters #O InputMailFilters diff --git a/contrib/sendmail/cf/feature/ldap_routing.m4 b/contrib/sendmail/cf/feature/ldap_routing.m4 index a474f17fbe4a..227060c20e90 100644 --- a/contrib/sendmail/cf/feature/ldap_routing.m4 +++ b/contrib/sendmail/cf/feature/ldap_routing.m4 @@ -1,6 +1,6 @@ divert(-1) # -# Copyright (c) 1999-2002, 2004, 2007 Sendmail, Inc. and its suppliers. +# Copyright (c) 1999-2002, 2004, 2007, 2009 Sendmail, Inc. and its suppliers. # All rights reserved. # # By using this file, you agree to the terms and conditions set @@ -10,7 +10,7 @@ divert(-1) # divert(0) -VERSIONID(`$Id: ldap_routing.m4,v 8.15 2007/05/01 17:38:25 ca Exp $') +VERSIONID(`$Id: ldap_routing.m4,v 8.17 2009/06/26 21:11:08 ca Exp $') divert(-1) # Check first two arguments. If they aren't set, may need to warn in proto.m4 @@ -35,12 +35,40 @@ ifelse(len(X`'_ARG6_), `1', `define(`_LDAP_ROUTE_MAPTEMP_', `_QUEUE_')', _ARG6_, `tempfail', `define(`_LDAP_ROUTE_MAPTEMP_', `_TEMPFAIL_')', _ARG6_, `queue', `define(`_LDAP_ROUTE_MAPTEMP_', `_QUEUE_')') +define(`_ATMPF_', `')dnl +dnl check whether arg contains -T`'_ATMPF_ +dnl unless it is a sequence map or just LDAP +dnl note: this does not work if ARG1 begins with space(s), however, as +dnl we issue a warning, hopefully the user will fix it... +ifelse(defn(`_ARG1_'), `', `', + defn(`_ARG1_'), `LDAP', `', + `ifelse(index(_ARG1_, `sequence '), `0', `', + `ifelse(index(_ARG1_, _ATMPF_), `-1', + `errprint(`*** WARNING: missing -T'_ATMPF_` in first argument of FEATURE(`ldap_routing') +') + define(`_ABP_', index(_ARG1_, ` ')) + define(`_NARG1_', `substr(_ARG1_, 0, _ABP_) -T'_ATMPF_` substr(_ARG1_, _ABP_)') + ') + ') + ') +ifelse(defn(`_ARG2_'), `', `', + defn(`_ARG2_'), `LDAP', `', + `ifelse(index(_ARG2_, `sequence '), `0', `', + `ifelse(index(_ARG2_, _ATMPF_), `-1', + `errprint(`*** WARNING: missing -T'_ATMPF_` in second argument of FEATURE(`ldap_routing') +') + define(`_ABP_', index(_ARG2_, ` ')) + define(`_NARG2_', `substr(_ARG2_, 0, _ABP_) -T'_ATMPF_` substr(_ARG2_, _ABP_)') + ') + ') + ') + LOCAL_CONFIG # LDAP routing maps Kldapmh ifelse(len(X`'_ARG1_), `1', `ldap -1 -T -v mailHost -k (&(objectClass=inetLocalMailRecipient)(mailLocalAddress=%0))', - `_ARG1_') + defn(`_NARG1_'), `', `_ARG1_', `_NARG1_') Kldapmra ifelse(len(X`'_ARG2_), `1', `ldap -1 -T -v mailRoutingAddress -k (&(objectClass=inetLocalMailRecipient)(mailLocalAddress=%0))', - `_ARG2_') + defn(`_NARG2_'), `', `_ARG2_', `_NARG2_') diff --git a/contrib/sendmail/cf/m4/cfhead.m4 b/contrib/sendmail/cf/m4/cfhead.m4 index dc1d8ba65614..c2d0df7c8e15 100644 --- a/contrib/sendmail/cf/m4/cfhead.m4 +++ b/contrib/sendmail/cf/m4/cfhead.m4 @@ -1,5 +1,5 @@ # -# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers. +# Copyright (c) 1998-2004, 2009 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 @@ -49,7 +49,7 @@ define(`OSTYPE', define(`_ARG_', $2) include(_CF_DIR_`'ostype/$1.m4)POPDIVERT`'') ## helpful functions -define(`lower', `translit(`$1', `ABCDEFGHIJKLMNOPQRSTUVWXYZ', `abcdefghijklmnopqrstuvwx')') +define(`lower', `translit(`$1', `ABCDEFGHIJKLMNOPQRSTUVWXYZ', `abcdefghijklmnopqrstuvwxyz')') define(`strcasecmp', `ifelse(lower($1), lower($2), `1', `0')') ## access to further arguments in FEATURE/HACK define(`_ACC_ARG_1_',`$1') @@ -308,4 +308,4 @@ define(`confMILTER_MACROS_EOM', `{msg_id}') divert(0)dnl -VERSIONID(`$Id: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $') +VERSIONID(`$Id: cfhead.m4,v 8.120 2009/01/23 22:39:21 ca Exp $') diff --git a/contrib/sendmail/cf/m4/proto.m4 b/contrib/sendmail/cf/m4/proto.m4 index 4e314b3e41b9..c021581c3777 100644 --- a/contrib/sendmail/cf/m4/proto.m4 +++ b/contrib/sendmail/cf/m4/proto.m4 @@ -1,6 +1,6 @@ divert(-1) # -# Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers. +# Copyright (c) 1998-2009 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ divert(-1) # divert(0) -VERSIONID(`$Id: proto.m4,v 8.734 2008/01/24 23:42:01 ca Exp $') +VERSIONID(`$Id: proto.m4,v 8.741 2009/12/11 00:04:53 ca Exp $') # level CF_LEVEL config file format V`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley') @@ -580,6 +580,7 @@ _OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', `0') # once the threshold number of recipients have been rejected _OPTION(BadRcptThrottle, `confBAD_RCPT_THROTTLE', `0') + # shall we get local names from our installed interfaces? _OPTION(DontProbeInterfaces, `confDONT_PROBE_INTERFACES', `False') @@ -640,6 +641,7 @@ _OPTION(AuthMaxBits, `confAUTH_MAX_BITS', `') # SMTP STARTTLS server options _OPTION(TLSSrvOptions, `confTLS_SRV_OPTIONS', `') + # Input mail filters _OPTION(InputMailFilters, `confINPUT_MAIL_FILTERS', `') @@ -1509,7 +1511,9 @@ ifdef(`_LDAP_ROUTE_DETAIL_', # try without +detail R<> <> <$+> <$+ + $* @ $+> <> $@ $>LDAPExpand <$1> <$2 @ $4> <+$3>')dnl -ifdef(`_LDAP_ROUTE_NODOMAIN_', `dnl', ` +ifdef(`_LDAP_ROUTE_NODOMAIN_', ` +# pretend we did the @domain lookup +R<> <> <$+> <$+ @ $+> <$*> $: <> <> <$1> <@ $3> <$4>', ` # if still no mailRoutingAddress and no mailHost, # try @domain ifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl @@ -2139,7 +2143,10 @@ R$+ < @ $=w > $@ RELAY ifdef(`_RELAY_HOSTS_ONLY_', `R$+ < @ $=R > $@ RELAY ifdef(`_ACCESS_TABLE_', `dnl -R$+ < @ $+ > $: <$(access To:$2 $: ? $)> <$1 < @ $2 >> +ifdef(`_RELAY_FULL_ADDR_', `dnl +R$+ < @ $+ > $: <$(access To:$1@$2 $: ? $)> <$1 < @ $2 >> +R <$+ < @ $+ >> $: <$(access To:$2 $: ? $)> <$1 < @ $2 >>',` +R$+ < @ $+ > $: <$(access To:$2 $: ? $)> <$1 < @ $2 >>') dnl workspace: > R <$+ < @ $+ >> $: <$(access $2 $: ? $)> <$1 < @ $2 >>',`dnl')', `R$+ < @ $* $=R > $@ RELAY @@ -2691,7 +2698,7 @@ R$* $#$* $#$2 R$* $* $: $1', `dnl') ifdef(`_ACCESS_TABLE_', `dnl dnl store name of other side -R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 +R$* $: $(macro {TLS_Name} $@ $&{client_name} $) $1 dnl ignore second arg for now dnl maybe use it to distinguish permanent/temporary error? dnl if MAIL: permanent (STARTTLS has not been offered) diff --git a/contrib/sendmail/cf/m4/version.m4 b/contrib/sendmail/cf/m4/version.m4 index bd722ac3a89b..5ad5ffb90249 100644 --- a/contrib/sendmail/cf/m4/version.m4 +++ b/contrib/sendmail/cf/m4/version.m4 @@ -1,6 +1,6 @@ divert(-1) # -# Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers. +# Copyright (c) 1998-2009 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 @@ -11,8 +11,8 @@ divert(-1) # the sendmail distribution. # # -VERSIONID(`$Id: version.m4,v 8.195 2008/04/17 17:04:30 ca Exp $') +VERSIONID(`$Id: version.m4,v 8.205 2009/12/23 04:43:09 ca Exp $') # divert(0) # Configuration version number -DZ8.14.3`'ifdef(`confCF_VERSION', `/confCF_VERSION') +DZ8.14.4`'ifdef(`confCF_VERSION', `/confCF_VERSION') diff --git a/contrib/sendmail/contrib/qtool.pl b/contrib/sendmail/contrib/qtool.pl index d6a63ec17eba..f2d33c27b4ad 100755 --- a/contrib/sendmail/contrib/qtool.pl +++ b/contrib/sendmail/contrib/qtool.pl @@ -3,7 +3,7 @@ ## Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. ## All rights reserved. ## -## $Id: qtool.pl,v 8.29 2007/02/16 01:12:08 ca Exp $ +## $Id: qtool.pl,v 8.30 2009/03/04 16:57:30 ca Exp $ ## use strict; use File::Basename; @@ -450,7 +450,7 @@ sub unlock_file ## ## Parameters: ## src_name -- The name of the file to be move. -## dst_nome -- The name of the place to move it to. +## dst_name -- The name of the place to move it to. ## ## Returns: ## error_string -- If undef then no problem. Otherwise it is a @@ -1193,7 +1193,7 @@ sub bounce ## ## This Condition Class checks the modification time of the ## source file and returns true if the file's modification time is -## older than the number of seconds the class was initialzed with. +## older than the number of seconds the class was initialized with. ## package OlderThan; @@ -1286,7 +1286,7 @@ sub check_move ## Eval ## ## Takes a perl expression and evaluates it. The ControlFile object -## for the source QueuedMessage is avaliable through the name '$msg'. +## for the source QueuedMessage is available through the name '$msg'. ## package Eval; diff --git a/contrib/sendmail/contrib/smcontrol.pl b/contrib/sendmail/contrib/smcontrol.pl index 4987460e4d4e..43ae5759132c 100755 --- a/contrib/sendmail/contrib/smcontrol.pl +++ b/contrib/sendmail/contrib/smcontrol.pl @@ -1,4 +1,6 @@ -#!/usr/local/bin/perl -w +#!/usr/bin/perl -w + +# $Id: smcontrol.pl,v 8.8 2008/07/21 21:31:43 ca Exp $ use strict; use Getopt::Std; diff --git a/contrib/sendmail/doc/op/op.me b/contrib/sendmail/doc/op/op.me index 74c2d6679a41..be0781024366 100644 --- a/contrib/sendmail/doc/op/op.me +++ b/contrib/sendmail/doc/op/op.me @@ -9,7 +9,7 @@ .\" the sendmail distribution. .\" .\" -.\" $Id: op.me,v 8.741 2007/06/22 23:08:59 ca Exp $ +.\" $Id: op.me,v 8.745 2009/12/13 04:12:46 ca Exp $ .\" .\" eqn op.me | pic | troff -me .\" @@ -90,13 +90,14 @@ Sendmail, Inc. .de Ve Version \\$2 .. -.Ve $Revision: 8.741 $ +.Ve $Revision: 8.745 $ .rm Ve .sp For Sendmail Version 8.14 .)l .(f Sendmail is a trademark of Sendmail, Inc. +US Patent Numbers 6865671, 6986037. .)f .sp 2 .pp @@ -4952,9 +4953,21 @@ as "(may be forged)". .ip ${cn_issuer} The CN (common name) of the CA that signed the presented certificate (STARTTLS only). +Note: if the CN cannot be extracted properly it will be replaced by +one of these strings based on the encountered error: +.(b +.ta 25n +BadCertificateContainsNUL CN contains a NUL character +BadCertificateTooLong CN is too long +BadCertificateUnknown CN could not be extracted +.)b +In the last case, some other (unspecific) error occurred. .ip ${cn_subject} The CN (common name) of the presented certificate (STARTTLS only). +See +.b ${cn_issuer} +for possible replacements. .ip ${currHeader} Header value as quoted string (possibly truncated to @@ -5130,7 +5143,7 @@ The total number of incoming connections over the time interval specified by ConnectionRateWindowSize. .ip ${verify} The result of the verification of the presented cert; -only defined after STARTTLS has been used. +only defined after STARTTLS has been used (or attempted). Possible values are: .(b .ta 13n @@ -6710,10 +6723,25 @@ CRL checking requires at least OpenSSL version 0.9.7. Note: if a CRLFile is specified but the file is unusable, STARTTLS is disabled. .ip DHParameters -File with DH parameters for STARTTLS. +Possible values are: +.(b +.ta 1i +5 use 512 bit prime +1 use 1024 bit prime +none do not use Diffie-Hellman +NAME load prime from file +.)b This is only required if a ciphersuite containing DSA/DH is used. -This is only for people with a good knowledge of TLS, all others -can ignore this option. +If ``5'' is selected, then precomputed, fixed primes are used. +This is the default for the client side. +If ``1'' is selected, then prime values are computed during startup. +This is the default for the server side. +Note: this operation can take a significant amount of time on a +slow machine (several seconds), but it is only done once at startup. +If ``none'' is selected, then TLS ciphersuites containing DSA/DH +cannot be used. +If a file name is specified (which must be an absolute path), +then the primes are read from it. .ip DaemonPortOptions=\fIoptions\fP [O] Set server SMTP options. @@ -11435,7 +11463,7 @@ replace it with a blank sheet for double-sided output. .\".sz 10 .\"Eric Allman .\".sp -.\"Version $Revision: 8.741 $ +.\"Version $Revision: 8.745 $ .\".ce 0 .bp 3 .ce diff --git a/contrib/sendmail/include/libmilter/mfapi.h b/contrib/sendmail/include/libmilter/mfapi.h index 7d7fb1d99f57..8e3a17328615 100644 --- a/contrib/sendmail/include/libmilter/mfapi.h +++ b/contrib/sendmail/include/libmilter/mfapi.h @@ -7,7 +7,7 @@ * the sendmail distribution. * * - * $Id: mfapi.h,v 8.78 2008/02/27 22:30:34 ca Exp $ + * $Id: mfapi.h,v 8.80 2009/11/06 00:57:08 ca Exp $ */ /* @@ -18,7 +18,14 @@ # define _LIBMILTER_MFAPI_H 1 #ifndef SMFI_VERSION -# define SMFI_VERSION 0x01000001 /* libmilter version number */ +# if _FFR_MDS_NEGOTIATE +# define SMFI_VERSION 0x01000002 /* libmilter version number */ + + /* first libmilter version that has MDS support */ +# define SMFI_VERSION_MDS 0x01000002 +# else /* _FFR_MDS_NEGOTIATE */ +# define SMFI_VERSION 0x01000001 /* libmilter version number */ +# endif /* _FFR_MDS_NEGOTIATE */ #endif /* ! SMFI_VERSION */ #define SM_LM_VRS_MAJOR(v) (((v) & 0x7f000000) >> 24) @@ -163,9 +170,7 @@ LIBMILTER_API int smfi_setdbg __P((int)); LIBMILTER_API int smfi_settimeout __P((int)); LIBMILTER_API int smfi_setconn __P((char *)); LIBMILTER_API int smfi_stop __P((void)); -#if _FFR_MAXDATASIZE LIBMILTER_API size_t smfi_setmaxdatasize __P((size_t)); -#endif /* _FFR_MAXDATASIZE */ LIBMILTER_API int smfi_version __P((unsigned int *, unsigned int *, unsigned int *)); /* diff --git a/contrib/sendmail/include/libmilter/mfdef.h b/contrib/sendmail/include/libmilter/mfdef.h index 674856707de4..f42ec026cc92 100644 --- a/contrib/sendmail/include/libmilter/mfdef.h +++ b/contrib/sendmail/include/libmilter/mfdef.h @@ -7,7 +7,7 @@ * the sendmail distribution. * * - * $Id: mfdef.h,v 8.38 2007/03/27 18:53:48 ca Exp $ + * $Id: mfdef.h,v 8.39 2009/11/06 00:57:08 ca Exp $ */ /* @@ -27,6 +27,12 @@ #define MILTER_CHUNK_SIZE 65535 /* body chunk size */ #define MILTER_MAX_DATA_SIZE 65535 /* default milter command data limit */ +#if _FFR_MDS_NEGOTIATE +# define MILTER_MDS_64K ((64 * 1024) - 1) +# define MILTER_MDS_256K ((256 * 1024) - 1) +# define MILTER_MDS_1M ((1024 * 1024) - 1) +#endif /* _FFR_MDS_NEGOTIATE */ + /* These apply to SMFIF_* flags */ #define SMFI_V1_ACTS 0x0000000FL /* The actions of V1 filter */ #define SMFI_V2_ACTS 0x0000003FL /* The actions of V2 filter */ @@ -100,6 +106,9 @@ #define SMFIP_NR_EOH 0x00040000L /* No reply for eoh */ #define SMFIP_NR_BODY 0x00080000L /* No reply for body chunk */ #define SMFIP_HDR_LEADSPC 0x00100000L /* header value leading space */ +#define SMFIP_MDS_256K 0x10000000L /* MILTER_MAX_DATA_SIZE=256K */ +#define SMFIP_MDS_1M 0x20000000L /* MILTER_MAX_DATA_SIZE=1M */ +/* #define SMFIP_ 0x40000000L reserved: see SMFI_INTERNAL*/ #define SMFI_V1_PROT 0x0000003FL /* The protocol of V1 filter */ #define SMFI_V2_PROT 0x0000007FL /* The protocol of V2 filter */ @@ -107,4 +116,11 @@ /* all defined protocol bits */ #define SMFI_CURR_PROT 0x001FFFFFL +/* internal flags: only used between MTA and libmilter */ +#define SMFI_INTERNAL 0x70000000L + +#if _FFR_MILTER_CHECK +# define SMFIP_TEST 0x80000000L +#endif /* _FFR_MILTER_CHECK */ + #endif /* !_LIBMILTER_MFDEF_H */ diff --git a/contrib/sendmail/include/sm/conf.h b/contrib/sendmail/include/sm/conf.h index 13b3b50cafc3..5b1875426af2 100644 --- a/contrib/sendmail/include/sm/conf.h +++ b/contrib/sendmail/include/sm/conf.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -10,7 +10,7 @@ * the sendmail distribution. * * - * $Id: conf.h,v 1.134 2007/09/24 23:05:37 ca Exp $ + * $Id: conf.h,v 1.139 2009/06/16 23:41:32 ca Exp $ */ /* @@ -460,6 +460,7 @@ typedef int pid_t; # endif /* SOLARIS >= 21000 || (SOLARIS < 10000 && SOLARIS >= 210) */ # if SOLARIS >= 21100 || (SOLARIS < 10000 && SOLARIS >= 211) # define GETLDAPALIASBYNAME_VERSION 2 /* changed in S11 */ +# define HAVE_NANOSLEEP 1 /* moved from librt to libc in S11 */ # endif /* SOLARIS >= 21100 || (SOLARIS < 10000 && SOLARIS >= 211) */ # ifndef HASGETUSERSHELL # define HASGETUSERSHELL 0 /* getusershell(3) causes core dumps pre-2.7 */ @@ -1021,6 +1022,10 @@ extern unsigned int sleepX __P((unsigned int seconds)); # define SMRSH_PATH "/bin:/usr/bin" # endif /* ! SMRSH_PATH */ # endif /* __FreeBSD_version >= 330000 */ +# if __FreeBSD_version >= 430000 /* 4.3.0-release and later */ +# define SOCKADDR_LEN_T socklen_t /* e.g., arg#3 to accept, getsockname */ +# define SOCKOPT_LEN_T socklen_t /* arg#5 to getsockopt */ +# endif /* __FreeBSD_version >= 430000 */ # define USESYSCTL 1 /* use sysctl(3) for getting ncpus */ # include # endif /* __FreeBSD__ >= 2 */ @@ -2800,6 +2805,20 @@ struct utsname # define MAXHOSTNAMELEN 256 # endif /* !defined(MAXHOSTNAMELEN) && !defined(_SCO_unix_) && !defined(NonStop_UX_BXX) && !defined(ALTOS_SYSTEM_V) */ + +# if _FFR_LINUX_MHNL && defined(__linux__) && MAXHOSTNAMELEN < 255 + /* + ** override Linux wierdness: a FQHN can be 255 chars long + ** SUSv3 requires HOST_NAME_MAX ("Maximum length of a host + ** name (not including the terminating null) as returned from the + ** gethostname() function.") to be at least 255. c.f.: + ** http://www.opengroup.org/onlinepubs/009695399 + ** but Linux defines that to 64 too. + */ +# undef MAXHOSTNAMELEN +# define MAXHOSTNAMELEN 256 +# endif /* _FFR_LINUX_MHNL && defined(__linux__) && MAXHOSTNAMELEN < 255 */ + # if !defined(SIGCHLD) && defined(SIGCLD) # define SIGCHLD SIGCLD # endif /* !defined(SIGCHLD) && defined(SIGCLD) */ diff --git a/contrib/sendmail/include/sm/ldap.h b/contrib/sendmail/include/sm/ldap.h index fc9a325feef9..b0a9cc058044 100644 --- a/contrib/sendmail/include/sm/ldap.h +++ b/contrib/sendmail/include/sm/ldap.h @@ -6,7 +6,7 @@ * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * - * $Id: ldap.h,v 1.33 2007/10/10 00:06:44 ca Exp $ + * $Id: ldap.h,v 1.34 2008/11/17 21:02:54 ca Exp $ */ #ifndef SM_LDAP_H @@ -92,7 +92,7 @@ struct sm_ldap_struct char ldap_attrsep; # if _FFR_LDAP_NETWORK_TIMEOUT - struct timeval ldap_networktmo; + int ldap_networktmo; # endif /* _FFR_LDAP_NETWORK_TIMEOUT */ /* Linked list of maps sharing the same LDAP binding */ diff --git a/contrib/sendmail/include/sm/sem.h b/contrib/sendmail/include/sm/sem.h index 7b691a43adc5..3ac0bc61cc3c 100644 --- a/contrib/sendmail/include/sm/sem.h +++ b/contrib/sendmail/include/sm/sem.h @@ -1,12 +1,12 @@ /* - * Copyright (c) 2000-2001, 2005 Sendmail, Inc. and its suppliers. + * Copyright (c) 2000-2001, 2005, 2008 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * - * $Id: sem.h,v 1.9 2005/02/17 22:08:58 ca Exp $ + * $Id: sem.h,v 1.10 2008/05/30 16:26:39 ca Exp $ */ #ifndef SM_SEM_H @@ -47,6 +47,7 @@ extern int sm_sem_stop __P((int)); extern int sm_sem_acq __P((int, int, int)); extern int sm_sem_rel __P((int, int, int)); extern int sm_sem_get __P((int, int)); +extern int sm_semsetowner __P((int, uid_t, gid_t, mode_t)); # else /* SM_CONF_SEM > 0 */ # define sm_sem_start(key, nsem, semflg, owner) 0 diff --git a/contrib/sendmail/libmilter/Makefile.m4 b/contrib/sendmail/libmilter/Makefile.m4 index 929ec7519ef7..bc9bc66d6711 100644 --- a/contrib/sendmail/libmilter/Makefile.m4 +++ b/contrib/sendmail/libmilter/Makefile.m4 @@ -1,4 +1,4 @@ -dnl $Id: Makefile.m4,v 8.80 2008/04/08 05:23:44 ca Exp $ +dnl $Id: Makefile.m4,v 8.85 2009/11/24 21:59:33 ca Exp $ include(confBUILDTOOLSDIR`/M4/switch.m4') dnl only required for compilation of EXTRAS diff --git a/contrib/sendmail/libmilter/comm.c b/contrib/sendmail/libmilter/comm.c index a7a44dffa7bd..e04681c8d0ba 100644 --- a/contrib/sendmail/libmilter/comm.c +++ b/contrib/sendmail/libmilter/comm.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2004 Sendmail, Inc. and its suppliers. + * Copyright (c) 1999-2004, 2009 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -9,7 +9,7 @@ */ #include -SM_RCSID("@(#)$Id: comm.c,v 8.67 2006/11/02 17:54:44 ca Exp $") +SM_RCSID("@(#)$Id: comm.c,v 8.70 2009/12/16 16:33:48 ca Exp $") #include "libmilter.h" #include @@ -18,7 +18,6 @@ SM_RCSID("@(#)$Id: comm.c,v 8.67 2006/11/02 17:54:44 ca Exp $") static ssize_t retry_writev __P((socket_t, struct iovec *, int, struct timeval *)); static size_t Maxdatasize = MILTER_MAX_DATA_SIZE; -#if _FFR_MAXDATASIZE /* ** SMFI_SETMAXDATASIZE -- set limit for milter data read/write. ** @@ -39,7 +38,6 @@ smfi_setmaxdatasize(sz) Maxdatasize = sz; return old; } -#endif /* _FFR_MAXDATASIZE */ /* ** MI_RD_CMD -- read a command @@ -122,8 +120,8 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name) else if (ret < 0) { smi_log(SMI_LOG_ERR, - "%s: mi_rd_cmd: select returned %d: %s", - name, ret, sm_errstring(errno)); + "%s: mi_rd_cmd: %s() returned %d: %s", + name, MI_POLLSELECT, ret, sm_errstring(errno)); *cmd = SMFIC_RECVERR; return NULL; } @@ -214,8 +212,8 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name) if (ret < 0) { smi_log(SMI_LOG_ERR, - "%s: mi_rd_cmd: select returned %d: %s", - name, ret, sm_errstring(save_errno)); + "%s: mi_rd_cmd: %s() returned %d: %s", + name, MI_POLLSELECT, ret, sm_errstring(save_errno)); *cmd = SMFIC_RECVERR; return NULL; } @@ -326,7 +324,7 @@ mi_wr_cmd(sd, timeout, cmd, buf, len) char *buf; size_t len; { - size_t sl, i; + size_t sl; ssize_t l; mi_int32 nl; int iovcnt; @@ -339,7 +337,6 @@ mi_wr_cmd(sd, timeout, cmd, buf, len) nl = htonl(len + 1); /* add 1 for the cmd char */ (void) memcpy(data, (void *) &nl, MILTER_LEN_BYTES); data[MILTER_LEN_BYTES] = (char) cmd; - i = 0; sl = MILTER_LEN_BYTES + 1; /* set up the vector for the size / command */ diff --git a/contrib/sendmail/libmilter/docs/api.html b/contrib/sendmail/libmilter/docs/api.html index 4214df4dd87a..578e0ca686af 100644 --- a/contrib/sendmail/libmilter/docs/api.html +++ b/contrib/sendmail/libmilter/docs/api.html @@ -2,7 +2,7 @@ Milter API

Milter API

@@ -80,7 +80,9 @@ The following functions change a message's contents and attributes. They may only be called in xxfi_eom. All of these functions may invoke additional communication with the MTA. They will return either MI_SUCCESS or MI_FAILURE to indicate the status of -the operation. +the operation. Message data (senders, recipients, headers, body chunks) +passed to these functions via parameters is copied and does not need to be +preserved (i.e., allocated memory can be freed).

A filter must have set the appropriate flag (listed below) in the @@ -310,7 +312,7 @@ for a protocol stage.


-Copyright (c) 2000, 2003, 2006 Sendmail, Inc. and its suppliers. +Copyright (c) 2000, 2003, 2006, 2009 Sendmail, Inc. and its suppliers. All rights reserved.
By using this file, you agree to the terms and conditions set diff --git a/contrib/sendmail/libmilter/docs/overview.html b/contrib/sendmail/libmilter/docs/overview.html index b7e80dfdbed7..5c6f21ce4ce1 100644 --- a/contrib/sendmail/libmilter/docs/overview.html +++ b/contrib/sendmail/libmilter/docs/overview.html @@ -4,7 +4,7 @@

Technical Overview

@@ -60,7 +60,9 @@ returns to MESSAGE. For each of N connections { For each filter - process connection/helo (xxfi_connect, xxfi_helo) + process connection (xxfi_connect) + For each filter + process helo/ehlo (xxfi_helo) MESSAGE:For each message in this connection (sequentially) { For each filter diff --git a/contrib/sendmail/libmilter/docs/smfi_addheader.html b/contrib/sendmail/libmilter/docs/smfi_addheader.html index d068f9fdb934..460b4caf7cf1 100644 --- a/contrib/sendmail/libmilter/docs/smfi_addheader.html +++ b/contrib/sendmail/libmilter/docs/smfi_addheader.html @@ -2,7 +2,7 @@ smfi_addheader

smfi_addheader

@@ -90,7 +90,11 @@ To change a header's current value, use the MTA will add this automatically. It is the filter writer's responsibility to ensure that no standards are violated. -
  • The MTA adds a leading space to an added header value. +
  • The MTA adds a leading space to an added header value unless + the flag +SMFIP_HDR_LEADSPC + is set, in which case the milter + must include any desired leading spaces itself. @@ -116,7 +120,7 @@ To change a header's current value, use
    -Copyright (c) 2000-2003, 2006 Sendmail, Inc. and its suppliers. +Copyright (c) 2000-2003, 2006, 2009 Sendmail, Inc. and its suppliers. All rights reserved.
    By using this file, you agree to the terms and conditions set diff --git a/contrib/sendmail/libmilter/docs/smfi_chgheader.html b/contrib/sendmail/libmilter/docs/smfi_chgheader.html index 0701a3671aaf..517b5ba4c1c8 100644 --- a/contrib/sendmail/libmilter/docs/smfi_chgheader.html +++ b/contrib/sendmail/libmilter/docs/smfi_chgheader.html @@ -2,7 +2,7 @@ smfi_chgheader

    smfi_chgheader

    @@ -85,6 +85,11 @@ Otherwise, it returns MI_SUCCESS. carriage return (ASCII 0x0d); the MTA will add this automatically. It is the filter writer's responsibility to ensure that no standards are violated. +
  • The MTA adds a leading space to a header value unless + the flag +SMFIP_HDR_LEADSPC + is set, in which case the milter + must include any desired leading spaces itself. @@ -110,7 +115,7 @@ Otherwise, it returns MI_SUCCESS.
    -Copyright (c) 2000-2003 Sendmail, Inc. and its suppliers. +Copyright (c) 2000-2003, 2009 Sendmail, Inc. and its suppliers. All rights reserved.
    By using this file, you agree to the terms and conditions set diff --git a/contrib/sendmail/libmilter/docs/smfi_insheader.html b/contrib/sendmail/libmilter/docs/smfi_insheader.html index a4ba77f33d4f..5962e61afea1 100644 --- a/contrib/sendmail/libmilter/docs/smfi_insheader.html +++ b/contrib/sendmail/libmilter/docs/smfi_insheader.html @@ -2,7 +2,7 @@ smfi_insheader

    smfi_insheader

    @@ -111,6 +111,11 @@ Otherwise, it returns MI_SUCCESS. the MTA will add this automatically. It is the filter writer's responsibility to ensure that no standards are violated. +
  • The MTA adds a leading space to an inserted header value unless + the flag +SMFIP_HDR_LEADSPC + is set, in which case the milter + must include any desired leading spaces itself. @@ -135,7 +140,7 @@ Otherwise, it returns MI_SUCCESS.
    -Copyright (c) 2004, 2006 Sendmail, Inc. and its suppliers. +Copyright (c) 2004, 2006, 2009 Sendmail, Inc. and its suppliers. All rights reserved.
    By using this file, you agree to the terms and conditions set diff --git a/contrib/sendmail/libmilter/engine.c b/contrib/sendmail/libmilter/engine.c index 9002a0bab96f..a2d3e1e3f3fa 100644 --- a/contrib/sendmail/libmilter/engine.c +++ b/contrib/sendmail/libmilter/engine.c @@ -9,7 +9,7 @@ */ #include -SM_RCSID("@(#)$Id: engine.c,v 8.162 2008/02/27 01:34:14 ca Exp $") +SM_RCSID("@(#)$Id: engine.c,v 8.166 2009/11/06 00:57:07 ca Exp $") #include "libmilter.h" @@ -113,6 +113,7 @@ static void fix_stm __P((SMFICTX_PTR)); static bool trans_ok __P((int, int)); static char **dec_argv __P((char *, size_t)); static int dec_arg2 __P((char *, size_t, char **, char **)); +static void mi_clr_symlist __P((SMFICTX_PTR)); #if _FFR_WORKERS_POOL static bool mi_rd_socket_ready __P((int)); @@ -757,6 +758,69 @@ mi_clr_macros(ctx, m) } } +/* +** MI_CLR_SYMLIST -- clear list of macros +** +** Parameters: +** ctx -- context structure +** +** Returns: +** None. +*/ + +static void +mi_clr_symlist(ctx) + SMFICTX *ctx; +{ + int i; + + SM_ASSERT(ctx != NULL); + for (i = SMFIM_FIRST; i <= SMFIM_LAST; i++) + { + if (ctx->ctx_mac_list[i] != NULL) + { + free(ctx->ctx_mac_list[i]); + ctx->ctx_mac_list[i] = NULL; + } + } +} + +/* +** MI_CLR_CTX -- clear context +** +** Parameters: +** ctx -- context structure +** +** Returns: +** None. +*/ + +void +mi_clr_ctx(ctx) + SMFICTX *ctx; +{ + SM_ASSERT(ctx != NULL); + if (ValidSocket(ctx->ctx_sd)) + { + (void) closesocket(ctx->ctx_sd); + ctx->ctx_sd = INVALID_SOCKET; + } + if (ctx->ctx_reply != NULL) + { + free(ctx->ctx_reply); + ctx->ctx_reply = NULL; + } + if (ctx->ctx_privdata != NULL) + { + smi_log(SMI_LOG_WARN, + "%s: private data not NULL", + ctx->ctx_smfi->xxfi_name); + } + mi_clr_macros(ctx, 0); + mi_clr_symlist(ctx); + free(ctx); +} + /* ** ST_OPTIONNEG -- negotiate options ** @@ -771,8 +835,11 @@ static int st_optionneg(g) genarg *g; { - mi_int32 i, v, fake_pflags; + mi_int32 i, v, fake_pflags, internal_pflags; SMFICTX_PTR ctx; +#if _FFR_MILTER_CHECK + bool testmode = false; +#endif /* _FFR_MILTER_CHECK */ int (*fi_negotiate) __P((SMFICTX *, unsigned long, unsigned long, unsigned long, unsigned long, @@ -826,6 +893,7 @@ st_optionneg(g) v = SMFI_V1_ACTS; ctx->ctx_mta_aflags = v; /* MTA action flags */ + internal_pflags = 0; (void) memcpy((void *) &i, (void *) &(g->a_buf[MILTER_LEN_BYTES * 2]), MILTER_LEN_BYTES); v = ntohl(i); @@ -833,7 +901,51 @@ st_optionneg(g) /* no flags? set to default value for V1 protocol */ if (v == 0) v = SMFI_V1_PROT; - ctx->ctx_mta_pflags = v; /* MTA protocol flags */ +#if _FFR_MDS_NEGOTIATE + else if (ctx->ctx_smfi->xxfi_version >= SMFI_VERSION_MDS) + { + /* + ** Allow changing the size only if milter is compiled + ** against a version that supports this. + ** If a milter is dynamically linked against a newer + ** libmilter version, we don't want to "surprise" + ** it with a larger buffer as it may rely on it + ** even though it is not documented as a limit. + */ + + if (bitset(SMFIP_MDS_1M, v)) + { + internal_pflags |= SMFIP_MDS_1M; + (void) smfi_setmaxdatasize(MILTER_MDS_1M); + } + else if (bitset(SMFIP_MDS_256K, v)) + { + internal_pflags |= SMFIP_MDS_256K; + (void) smfi_setmaxdatasize(MILTER_MDS_256K); + } + } +# if 0 + /* don't log this for now... */ + else if (ctx->ctx_smfi->xxfi_version < SMFI_VERSION_MDS && + bitset(SMFIP_MDS_1M|SMFIP_MDS_256K, v)) + { + smi_log(SMI_LOG_WARN, + "%s: st_optionneg[%ld]: milter version=%X, trying flags=%X", + ctx->ctx_smfi->xxfi_name, + (long) ctx->ctx_id, ctx->ctx_smfi->xxfi_version, v); + } +# endif /* 0 */ +#endif /* _FFR_MDS_NEGOTIATE */ + + /* + ** MTA protocol flags. + ** We pass the internal flags to the milter as "read only", + ** i.e., a milter can read them so it knows which size + ** will be used, but any changes by a milter will be ignored + ** (see below, search for SMFI_INTERNAL). + */ + + ctx->ctx_mta_pflags = (v & ~SMFI_INTERNAL) | internal_pflags; /* ** Copy flags from milter struct into libmilter context; @@ -880,6 +992,12 @@ st_optionneg(g) 0, 0, &m_aflags, &m_pflags, &m_f2, &m_f3); +#if _FFR_MILTER_CHECK + testmode = bitset(SMFIP_TEST, m_pflags); + if (testmode) + m_pflags &= ~SMFIP_TEST; +#endif /* _FFR_MILTER_CHECK */ + /* ** Types of protocol flags (pflags): ** 1. do NOT send protocol step X @@ -1011,6 +1129,25 @@ st_optionneg(g) , ctx->ctx_mta_aflags, ctx->ctx_mta_pflags , ctx->ctx_aflags, ctx->ctx_pflags); +#if _FFR_MILTER_CHECK + if (ctx->ctx_dbg > 3) + sm_dprintf("[%ld] milter_negotiate:" + " testmode=%d, pflags2mta=%X, internal_pflags=%X\n" + , (long) ctx->ctx_id, testmode + , ctx->ctx_pflags2mta, internal_pflags); + + /* in test mode: take flags without further modifications */ + if (!testmode) + /* Warning: check statement below! */ +#endif /* _FFR_MILTER_CHECK */ + + /* + ** Remove the internal flags that might have been set by a milter + ** and set only those determined above. + */ + + ctx->ctx_pflags2mta = (ctx->ctx_pflags2mta & ~SMFI_INTERNAL) + | internal_pflags; return _SMFIS_OPTIONS; } diff --git a/contrib/sendmail/libmilter/example.c b/contrib/sendmail/libmilter/example.c index 5a09f1da9735..cef4b0f33aa2 100644 --- a/contrib/sendmail/libmilter/example.c +++ b/contrib/sendmail/libmilter/example.c @@ -6,7 +6,7 @@ * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * - * $Id: example.c,v 8.3 2006/12/20 21:22:34 ca Exp $ + * $Id: example.c,v 8.4 2008/07/22 15:12:47 ca Exp $ */ /* @@ -252,7 +252,7 @@ struct smfiDesc smfilter = mlfi_close, /* connection cleanup */ mlfi_unknown, /* unknown/unimplemented SMTP commands */ mlfi_data, /* DATA command filter */ - mlfi_negotiate /* option negotation at connection startup */ + mlfi_negotiate /* option negotiation at connection startup */ }; int diff --git a/contrib/sendmail/libmilter/handler.c b/contrib/sendmail/libmilter/handler.c index 5fd4b2630a91..2c34f1f05dba 100644 --- a/contrib/sendmail/libmilter/handler.c +++ b/contrib/sendmail/libmilter/handler.c @@ -9,7 +9,7 @@ */ #include -SM_RCSID("@(#)$Id: handler.c,v 8.38 2006/11/02 02:38:22 ca Exp $") +SM_RCSID("@(#)$Id: handler.c,v 8.39 2008/11/25 01:14:16 ca Exp $") #include "libmilter.h" @@ -43,24 +43,7 @@ mi_handle_session(ctx) ret = MI_FAILURE; else ret = mi_engine(ctx); - if (ValidSocket(ctx->ctx_sd)) - { - (void) closesocket(ctx->ctx_sd); - ctx->ctx_sd = INVALID_SOCKET; - } - if (ctx->ctx_reply != NULL) - { - free(ctx->ctx_reply); - ctx->ctx_reply = NULL; - } - if (ctx->ctx_privdata != NULL) - { - smi_log(SMI_LOG_WARN, - "%s: private data not NULL", - ctx->ctx_smfi->xxfi_name); - } - mi_clr_macros(ctx, 0); - free(ctx); + mi_clr_ctx(ctx); ctx = NULL; return ret; } diff --git a/contrib/sendmail/libmilter/libmilter.h b/contrib/sendmail/libmilter/libmilter.h index 5a1240974924..5824151da37c 100644 --- a/contrib/sendmail/libmilter/libmilter.h +++ b/contrib/sendmail/libmilter/libmilter.h @@ -19,7 +19,7 @@ #ifdef _DEFINE # define EXTERN # define INIT(x) = x -SM_IDSTR(MilterlId, "@(#)$Id: libmilter.h,v 8.74 2006/12/19 18:19:52 ca Exp $") +SM_IDSTR(MilterlId, "@(#)$Id: libmilter.h,v 8.77 2008/11/25 18:28:18 ca Exp $") #else /* _DEFINE */ # define EXTERN extern # define INIT(x) @@ -282,6 +282,7 @@ extern int mi_handle_session __P((SMFICTX_PTR)); extern int mi_engine __P((SMFICTX_PTR)); extern int mi_listener __P((char *, int, smfiDesc_ptr, time_t, int)); extern void mi_clr_macros __P((SMFICTX_PTR, int)); +extern void mi_clr_ctx __P((SMFICTX_PTR)); extern int mi_stop __P((void)); extern int mi_control_startup __P((char *)); extern void mi_stop_milters __P((int)); diff --git a/contrib/sendmail/libmilter/listener.c b/contrib/sendmail/libmilter/listener.c index 6e68ae55d4a1..48c552fddd4d 100644 --- a/contrib/sendmail/libmilter/listener.c +++ b/contrib/sendmail/libmilter/listener.c @@ -9,7 +9,7 @@ */ #include -SM_RCSID("@(#)$Id: listener.c,v 8.124 2007/04/23 22:22:50 ca Exp $") +SM_RCSID("@(#)$Id: listener.c,v 8.126 2009/12/16 16:40:23 ca Exp $") /* ** listener.c -- threaded network listener @@ -777,8 +777,9 @@ mi_listener(conn, dbg, smfi, timeout, backlog) continue; scnt++; smi_log(SMI_LOG_ERR, - "%s: select() failed (%s), %s", - smfi->xxfi_name, sm_errstring(save_errno), + "%s: %s() failed (%s), %s", + smfi->xxfi_name, MI_POLLSELECT, + sm_errstring(save_errno), scnt >= MAX_FAILS_S ? "abort" : "try again"); MI_SLEEP(scnt); if (scnt >= MAX_FAILS_S) diff --git a/contrib/sendmail/libmilter/main.c b/contrib/sendmail/libmilter/main.c index 2da9a824a666..d6e727959dcc 100644 --- a/contrib/sendmail/libmilter/main.c +++ b/contrib/sendmail/libmilter/main.c @@ -9,7 +9,7 @@ */ #include -SM_RCSID("@(#)$Id: main.c,v 8.83 2007/04/23 22:22:50 ca Exp $") +SM_RCSID("@(#)$Id: main.c,v 8.84 2008/09/02 05:37:06 ca Exp $") #define _DEFINE 1 #include "libmilter.h" diff --git a/contrib/sendmail/libmilter/worker.c b/contrib/sendmail/libmilter/worker.c index fd4b66ec741d..28d404fa3a21 100644 --- a/contrib/sendmail/libmilter/worker.c +++ b/contrib/sendmail/libmilter/worker.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003-2004, 2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 2003-2004, 2007, 2009 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -11,7 +11,7 @@ */ #include -SM_RCSID("@(#)$Id: worker.c,v 8.10 2007/12/03 22:06:05 ca Exp $") +SM_RCSID("@(#)$Id: worker.c,v 8.17 2009/06/15 15:34:54 ca Exp $") #include "libmilter.h" @@ -210,23 +210,7 @@ mi_close_session(ctx) SM_ASSERT(ctx != NULL); (void) mi_list_del_ctx(ctx); - if (ValidSocket(ctx->ctx_sd)) - { - (void) closesocket(ctx->ctx_sd); - ctx->ctx_sd = INVALID_SOCKET; - } - if (ctx->ctx_reply != NULL) - { - free(ctx->ctx_reply); - ctx->ctx_reply = NULL; - } - if (ctx->ctx_privdata != NULL) - { - smi_log(SMI_LOG_WARN, "%s: private data not NULL", - ctx->ctx_smfi->xxfi_name); - } - mi_clr_macros(ctx, 0); - free(ctx); + mi_clr_ctx(ctx); return MI_SUCCESS; } @@ -259,7 +243,7 @@ mi_pool_controller_init() if (pipe(Tskmgr.tm_p) != 0) { smi_log(SMI_LOG_ERR, "can't create event pipe: %s", - sm_errstring(r)); + sm_errstring(errno)); return MI_FAILURE; } @@ -328,6 +312,7 @@ mi_pool_controller(arg) int dim_pfd = 0; bool rebuild_set = true; int pcnt = 0; /* error count for poll() failures */ + time_t lastcheck; Tskmgr.tm_tid = sthread_get_id(); if (pthread_detach(Tskmgr.tm_tid) != 0) @@ -345,12 +330,12 @@ mi_pool_controller(arg) } dim_pfd = PFD_STEP; + lastcheck = time(NULL); for (;;) { SMFICTX_PTR ctx; int nfd, rfd, i; time_t now; - time_t lastcheck; POOL_LEV_DPRINTF(4, ("Let's %s again...", WAITFN)); @@ -364,20 +349,20 @@ mi_pool_controller(arg) /* check for timed out sessions? */ if (lastcheck + DT_CHECK_OLD_SESSIONS < now) { - SM_TAILQ_FOREACH(ctx, &WRK_CTX_HEAD, ctx_link) + ctx = SM_TAILQ_FIRST(&WRK_CTX_HEAD); + while (ctx != SM_TAILQ_END(&WRK_CTX_HEAD)) { + SMFICTX_PTR ctx_nxt; + + ctx_nxt = SM_TAILQ_NEXT(ctx, ctx_link); if (ctx->ctx_wstate == WKST_WAITING) { if (ctx->ctx_wait == 0) - { ctx->ctx_wait = now; - continue; - } - - /* if session timed out, close it */ - if (ctx->ctx_wait + OLD_SESSION_TIMEOUT - < now) + else if (ctx->ctx_wait + OLD_SESSION_TIMEOUT + < now) { + /* if session timed out, close it */ sfsistat (*fi_close) __P((SMFICTX *)); POOL_LEV_DPRINTF(4, @@ -389,10 +374,9 @@ mi_pool_controller(arg) (void) (*fi_close)(ctx); mi_close_session(ctx); - ctx = SM_TAILQ_FIRST(&WRK_CTX_HEAD); - continue; } } + ctx = ctx_nxt; } lastcheck = now; } @@ -465,6 +449,7 @@ mi_pool_controller(arg) } } } + rebuild_set = false; } TASKMGR_UNLOCK(); diff --git a/contrib/sendmail/libsm/debug.c b/contrib/sendmail/libsm/debug.c index f9281fd5e710..ea9cd846ace5 100644 --- a/contrib/sendmail/libsm/debug.c +++ b/contrib/sendmail/libsm/debug.c @@ -8,7 +8,7 @@ */ #include -SM_RCSID("@(#)$Id: debug.c,v 1.30 2004/08/03 20:10:26 ca Exp $") +SM_RCSID("@(#)$Id: debug.c,v 1.32 2009/09/20 05:38:46 ca Exp $") /* ** libsm debugging and tracing @@ -17,6 +17,10 @@ SM_RCSID("@(#)$Id: debug.c,v 1.30 2004/08/03 20:10:26 ca Exp $") #include #include +#if _FFR_DEBUG_PID_TIME +#include +#include +#endif /* _FFR_DEBUG_PID_TIME */ #include #include #include @@ -112,6 +116,11 @@ sm_debug_close() ** none. */ +#if _FFR_DEBUG_PID_TIME +SM_DEBUG_T SmDBGPidTime = SM_DEBUG_INITIALIZER("sm_trace_pid_time", + "@(#)$Debug: sm_trace_pid_time - print pid and time in debug $"); +#endif /* _FFR_DEBUG_PID_TIME */ + void #if SM_VA_STD sm_dprintf(char *fmt, ...) @@ -125,6 +134,26 @@ sm_dprintf(fmt, va_alist) if (SmDebugOutput == NULL) return; +#if _FFR_DEBUG_PID_TIME + /* note: this is ugly if the output isn't a full line! */ + if (sm_debug_active(&SmDBGPidTime, 1)) + { + static char str[32] = "[1900-00-00/00:00:00] "; + struct tm *tmp; + time_t currt; + + currt = time((time_t *)0); + tmp = localtime(&currt); + snprintf(str, sizeof(str), "[%d-%02d-%02d/%02d:%02d:%02d] ", + 1900 + tmp->tm_year, /* HACK */ + tmp->tm_mon + 1, + tmp->tm_mday, + tmp->tm_hour, tmp->tm_min, tmp->tm_sec); + sm_io_fprintf(SmDebugOutput, SmDebugOutput->f_timeout, + "%ld: %s ", (long) getpid(), str); + } +#endif /* _FFR_DEBUG_PID_TIME */ + SM_VA_START(ap, fmt); sm_io_vfprintf(SmDebugOutput, SmDebugOutput->f_timeout, fmt, ap); SM_VA_END(ap); diff --git a/contrib/sendmail/libsm/ldap.c b/contrib/sendmail/libsm/ldap.c index 252e5475378d..7ee57fcbb689 100644 --- a/contrib/sendmail/libsm/ldap.c +++ b/contrib/sendmail/libsm/ldap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 2001-2009 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -11,7 +11,7 @@ #define LDAP_DEPRECATED 1 #include -SM_RCSID("@(#)$Id: ldap.c,v 1.80 2007/10/12 00:19:44 ca Exp $") +SM_RCSID("@(#)$Id: ldap.c,v 1.83 2009/06/19 22:02:26 guenther Exp $") #if LDAPMAP # include @@ -1099,7 +1099,21 @@ sm_ldap_results(lmap, msgid, flags, delim, rpool, result, if (ret == 0) save_errno = ETIMEDOUT; else - save_errno = sm_ldap_geterrno(lmap->ldap_ld); + { + int rc; + + /* + ** We may have gotten an LDAP_RES_SEARCH_RESULT response + ** with an error inside it, so we have to extract that + ** with ldap_parse_result(). This can happen when talking + ** to an LDAP proxy whose backend has gone down. + */ + + save_errno = ldap_parse_result(lmap->ldap_ld, lmap->ldap_res, + &rc, NULL, NULL, NULL, NULL, 0); + if (save_errno == LDAP_SUCCESS) + save_errno = rc; + } if (save_errno != LDAP_SUCCESS) { statp = EX_TEMPFAIL; @@ -1370,9 +1384,16 @@ sm_ldap_setopts(ld, lmap) ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &lmap->ldap_sizelimit); ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &lmap->ldap_timelimit); -# if _FFR_LDAP_NETWORK_TIMEOUT && defined(LDAP_OPT_NETWORK_TIMEOUT) - ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &lmap->ldap_networktmo); -# endif /* _FFR_LDAP_NETWORK_TIMEOUT && defined(LDAP_OPT_NETWORK_TIMEOUT) */ +# if _FFR_LDAP_NETWORK_TIMEOUT && defined(LDAP_OPT_NETWORK_TIMEOUT) + if (lmap->ldap_networktmo > 0) + { + struct timeval tmo; + + tmo.tv_sec = lmap->ldap_networktmo; + tmo.tv_usec = 0; + ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tmo); + } +# endif /* _FFR_LDAP_NETWORK_TIMEOUT && defined(LDAP_OPT_NETWORK_TIMEOUT) */ # ifdef LDAP_OPT_RESTART ldap_set_option(ld, LDAP_OPT_RESTART, LDAP_OPT_ON); # endif /* LDAP_OPT_RESTART */ diff --git a/contrib/sendmail/libsm/mbdb.c b/contrib/sendmail/libsm/mbdb.c index ad0e7ccbd13f..3bb514df5164 100644 --- a/contrib/sendmail/libsm/mbdb.c +++ b/contrib/sendmail/libsm/mbdb.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001-2002 Sendmail, Inc. and its suppliers. + * Copyright (c) 2001-2003,2009 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -8,7 +8,7 @@ */ #include -SM_RCSID("@(#)$Id: mbdb.c,v 1.40 2003/12/10 03:19:07 gshapiro Exp $") +SM_RCSID("@(#)$Id: mbdb.c,v 1.41 2009/06/19 22:02:26 guenther Exp $") #include @@ -564,7 +564,20 @@ mbdb_ldap_lookup(name, user) entry = ldap_first_entry(LDAPLMAP.ldap_ld, LDAPLMAP.ldap_res); if (entry == NULL) { - save_errno = sm_ldap_geterrno(LDAPLMAP.ldap_ld); + int rc; + + /* + ** We may have gotten an LDAP_RES_SEARCH_RESULT response + ** with an error inside it, so we have to extract that + ** with ldap_parse_result(). This can happen when talking + ** to an LDAP proxy whose backend has gone down. + */ + + save_errno = ldap_parse_result(LDAPLMAP.ldap_ld, + LDAPLMAP.ldap_res, &rc, NULL, + NULL, NULL, NULL, 0); + if (save_errno == LDAP_SUCCESS) + save_errno = rc; if (save_errno == LDAP_SUCCESS) { errno = ENOENT; diff --git a/contrib/sendmail/libsm/sem.c b/contrib/sendmail/libsm/sem.c index 89394cbee4dd..83a54e32e1e0 100644 --- a/contrib/sendmail/libsm/sem.c +++ b/contrib/sendmail/libsm/sem.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001, 2005 Sendmail, Inc. and its suppliers. + * Copyright (c) 2000-2001, 2005, 2008 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -8,11 +8,12 @@ */ #include -SM_RCSID("@(#)$Id: sem.c,v 1.13 2005/08/12 20:39:59 ca Exp $") +SM_RCSID("@(#)$Id: sem.c,v 1.14 2008/05/30 16:26:38 ca Exp $") #if SM_CONF_SEM # include # include +# include # include # include # include @@ -200,4 +201,45 @@ sm_sem_get(semid, semnum) return -1; return semval; } + +/* +** SM_SEMSETOWNER -- set owner/group/mode of semaphores. +** +** Parameters: +** semid -- id for semaphores. +** uid -- uid to use +** gid -- gid to use +** mode -- mode to use +** +** Returns: +** 0 on success. +** < 0 on failure. +*/ + +int +sm_semsetowner(semid, uid, gid, mode) + int semid; + uid_t uid; + gid_t gid; + mode_t mode; +{ + int r; + struct semid_ds semidds; + union semun { + int val; + struct semid_ds *buf; + ushort *array; + } arg; + + memset(&semidds, 0, sizeof(semidds)); + arg.buf = &semidds; + if ((r = semctl(semid, 1, IPC_STAT, arg)) < 0) + return r; + semidds.sem_perm.uid = uid; + semidds.sem_perm.gid = gid; + semidds.sem_perm.mode = mode; + if ((r = semctl(semid, 1, IPC_SET, arg)) < 0) + return r; + return 0; +} #endif /* SM_CONF_SEM */ diff --git a/contrib/sendmail/libsm/t-sem.c b/contrib/sendmail/libsm/t-sem.c index 24d056365fab..662b4f6d43cd 100644 --- a/contrib/sendmail/libsm/t-sem.c +++ b/contrib/sendmail/libsm/t-sem.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001, 2005-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 2000-2001, 2005-2008 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -8,7 +8,7 @@ */ #include -SM_RCSID("@(#)$Id: t-sem.c,v 1.16 2007/03/21 23:22:10 ca Exp $") +SM_RCSID("@(#)$Id: t-sem.c,v 1.17 2008/05/30 16:26:38 ca Exp $") #include @@ -127,6 +127,20 @@ sem_cleanup(sig) exit(EX_UNAVAILABLE); } +static int +drop_priv(uid, gid) + uid_t uid; + gid_t gid; +{ + int r; + + r = setgid(gid); + if (r != 0) + return r; + r = setuid(uid); + return r; +} + /* ** SEMTEST -- test of semaphores ** @@ -141,12 +155,23 @@ sem_cleanup(sig) # define MAX_CNT 10 static int -semtest(owner) +semtest(owner, uid, gid) int owner; + uid_t uid; + gid_t gid; { int semid, r; int cnt = 0; + if (!owner && uid != 0) + { + r = drop_priv(uid, gid); + if (r < 0) + { + perror("drop_priv child failed"); + return -1; + } + } semid = sm_sem_start(T_SM_SEM_KEY, 1, 0, owner); if (semid < 0) { @@ -156,6 +181,22 @@ semtest(owner) if (owner) { + if (uid != 0) + { + r = sm_semsetowner(semid, uid, gid, 0660); + if (r < 0) + { + perror("sm_semsetowner failed"); + return -1; + } + r = drop_priv(uid, gid); + if (r < 0) + { + perror("drop_priv owner failed"); + return -1; + } + } + /* just in case someone kills the program... */ semid_c = semid; (void) sm_signal(SIGHUP, sem_cleanup); @@ -281,18 +322,31 @@ main(argc, argv) { bool interactive = false; bool owner = false; - int ch; - int r = 0; + int ch, r; + uid_t uid; + gid_t gid; -# define OPTIONS "io" + uid = 0; + gid = 0; + r = 0; + +# define OPTIONS "iog:u:" while ((ch = getopt(argc, argv, OPTIONS)) != -1) { switch ((char) ch) { + case 'g': + gid = (gid_t)strtoul(optarg, 0, 0); + break; + case 'i': interactive = true; break; + case 'u': + uid = (uid_t)strtoul(optarg, 0, 0); + break; + case 'o': owner = true; break; @@ -323,11 +377,11 @@ main(argc, argv) { /* give the parent the chance to setup data */ sleep(1); - r = semtest(false); + r = semtest(false, uid, gid); } else { - r = semtest(true); + r = semtest(true, uid, gid); } SM_TEST(r == 0); return sm_test_end(); diff --git a/contrib/sendmail/libsmdb/smdb1.c b/contrib/sendmail/libsmdb/smdb1.c index e45de7c7f8f8..842d4b2ecab7 100644 --- a/contrib/sendmail/libsmdb/smdb1.c +++ b/contrib/sendmail/libsmdb/smdb1.c @@ -1,5 +1,5 @@ /* -** Copyright (c) 1999-2002 Sendmail, Inc. and its suppliers. +** Copyright (c) 1999-2002, 2004, 2009 Sendmail, Inc. and its suppliers. ** All rights reserved. ** ** By using this file, you agree to the terms and conditions set @@ -8,7 +8,7 @@ */ #include -SM_RCSID("@(#)$Id: smdb1.c,v 8.59 2004/08/03 20:58:39 ca Exp $") +SM_RCSID("@(#)$Id: smdb1.c,v 8.62 2009/11/12 23:04:18 ca Exp $") #include #include @@ -397,15 +397,19 @@ smdb1_cursor(database, cursor, flags) if (db1->smdb1_cursor_in_use) return SMDBE_ONLY_SUPPORTS_ONE_CURSOR; - db1->smdb1_cursor_in_use = true; db1_cursor = (SMDB_DB1_CURSOR *) malloc(sizeof(SMDB_DB1_CURSOR)); - db1_cursor->db = db1; - - cur = (SMDB_CURSOR *) malloc(sizeof(SMDB_CURSOR)); - - if (cur == NULL) + if (db1_cursor == NULL) return SMDBE_MALLOC; + cur = (SMDB_CURSOR *) malloc(sizeof(SMDB_CURSOR)); + if (cur == NULL) + { + free(db1_cursor); + return SMDBE_MALLOC; + } + + db1->smdb1_cursor_in_use = true; + db1_cursor->db = db1; cur->smdbc_impl = db1_cursor; cur->smdbc_close = smdb1_cursor_close; cur->smdbc_del = smdb1_cursor_del; @@ -502,7 +506,12 @@ smdb_db_open(database, db_name, mode, mode_mask, sff, type, user_info, smdb_db = smdb_malloc_database(); db1 = smdb1_malloc_database(); if (smdb_db == NULL || db1 == NULL) + { + (void) smdb_unlock_file(lock_fd); + smdb_free_database(smdb_db); + free(db1); return SMDBE_MALLOC; + } db1->smdb1_lock_fd = lock_fd; params = NULL; diff --git a/contrib/sendmail/libsmdb/smdb2.c b/contrib/sendmail/libsmdb/smdb2.c index be07d636b47f..15806619ee58 100644 --- a/contrib/sendmail/libsmdb/smdb2.c +++ b/contrib/sendmail/libsmdb/smdb2.c @@ -1,5 +1,5 @@ /* -** Copyright (c) 1999-2003 Sendmail, Inc. and its suppliers. +** Copyright (c) 1999-2003, 2009 Sendmail, Inc. and its suppliers. ** All rights reserved. ** ** By using this file, you agree to the terms and conditions set @@ -8,7 +8,7 @@ */ #include -SM_RCSID("@(#)$Id: smdb2.c,v 8.79 2003/06/13 21:33:11 ca Exp $") +SM_RCSID("@(#)$Id: smdb2.c,v 8.80 2009/11/12 23:07:49 ca Exp $") #include #include @@ -620,12 +620,13 @@ smdb_db_open(database, db_name, mode, mode_mask, sff, type, user_info, db_params } smdb_db = smdb_malloc_database(); - if (smdb_db == NULL) - return SMDBE_MALLOC; - db2 = smdb2_malloc_database(); - if (db2 == NULL) + if (db2 == NULL || smdb_db == NULL) + { + smdb_unlock_file(lock_fd); + smdb_free_database(smdb_db); /* ok to be NULL */ return SMDBE_MALLOC; + } db2->smdb2_lock_fd = lock_fd; diff --git a/contrib/sendmail/libsmutil/safefile.c b/contrib/sendmail/libsmutil/safefile.c index 8488534280e3..f299e1053556 100644 --- a/contrib/sendmail/libsmutil/safefile.c +++ b/contrib/sendmail/libsmutil/safefile.c @@ -15,7 +15,7 @@ #include #include -SM_RCSID("@(#)$Id: safefile.c,v 8.128 2004/09/30 18:15:49 ca Exp $") +SM_RCSID("@(#)$Id: safefile.c,v 8.129 2008/08/04 18:07:04 gshapiro Exp $") /* @@ -699,7 +699,6 @@ safeopen(fn, omode, cmode, sff) if (bitset(O_CREAT, omode)) sff |= SFF_CREAT; omode &= ~O_CREAT; - smode = 0; switch (omode & O_ACCMODE) { case O_RDONLY: diff --git a/contrib/sendmail/praliases/praliases.8 b/contrib/sendmail/praliases/praliases.8 index 2c78cacff533..1f11014f41c6 100644 --- a/contrib/sendmail/praliases/praliases.8 +++ b/contrib/sendmail/praliases/praliases.8 @@ -1,4 +1,4 @@ -.\" Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. +.\" Copyright (c) 1998-2000, 2008 Sendmail, Inc. and its suppliers. .\" All rights reserved. .\" .\" By using this file, you agree to the terms and conditions set @@ -6,9 +6,9 @@ .\" the sendmail distribution. .\" .\" -.\" $Id: praliases.8,v 8.17 2000/12/15 19:53:45 gshapiro Exp $ +.\" $Id: praliases.8,v 8.19 2008/07/10 20:13:10 ca Exp $ .\" -.TH PRALIASES 8 "$Date: 2000/12/15 19:53:45 $" +.TH PRALIASES 8 "$Date: 2008/07/10 20:13:10 $" .SH NAME praliases \- display system mail aliases @@ -30,12 +30,12 @@ The special internal @:@ alias will be displayed if present. .PP The options are as follows: .TP -.B \-C +.BI "\-C " file Read the specified sendmail configuration file instead of the default .B sendmail configuration file. .TP -.B \-f +.BI "\-f " file Read the specified file instead of the configured .B sendmail system aliases file(s). diff --git a/contrib/sendmail/praliases/praliases.c b/contrib/sendmail/praliases/praliases.c index 984981ff77a9..d0ee54e37a07 100644 --- a/contrib/sendmail/praliases/praliases.c +++ b/contrib/sendmail/praliases/praliases.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2001, 2008 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -20,7 +20,7 @@ SM_IDSTR(copyright, Copyright (c) 1988, 1993\n\ The Regents of the University of California. All rights reserved.\n") -SM_IDSTR(id, "@(#)$Id: praliases.c,v 8.94 2007/05/11 18:50:36 ca Exp $") +SM_IDSTR(id, "@(#)$Id: praliases.c,v 8.96 2008/07/10 20:13:10 ca Exp $") #include #include @@ -99,7 +99,8 @@ main(argc, argv) case '?': default: (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, - "usage: praliases [-C cffile] [-f aliasfile]\n"); + "usage: praliases [-C cffile] [-f aliasfile]" + " [key ...]\n"); exit(EX_USAGE); } } diff --git a/contrib/sendmail/src/Makefile.m4 b/contrib/sendmail/src/Makefile.m4 index fd015b4937a3..0fa337467d49 100644 --- a/contrib/sendmail/src/Makefile.m4 +++ b/contrib/sendmail/src/Makefile.m4 @@ -1,4 +1,4 @@ -dnl $Id: Makefile.m4,v 8.115 2008/03/27 16:13:33 ca Exp $ +dnl $Id: Makefile.m4,v 8.121 2009/12/15 22:39:23 ca Exp $ include(confBUILDTOOLSDIR`/M4/switch.m4') define(`confREQUIRE_LIBSM', `true') diff --git a/contrib/sendmail/src/README b/contrib/sendmail/src/README index 34313fc8506c..9c4628ffede4 100644 --- a/contrib/sendmail/src/README +++ b/contrib/sendmail/src/README @@ -9,7 +9,7 @@ # the sendmail distribution. # # -# $Id: README,v 8.391 2008/02/12 16:38:21 ca Exp $ +# $Id: README,v 8.392 2009/04/10 17:49:19 gshapiro Exp $ # This directory contains the source files for sendmail(TM). @@ -32,6 +32,7 @@ For detailed instructions, please read the document ../doc/op/op.me: cd ../doc/op ; make op.ps op.txt Sendmail is a trademark of Sendmail, Inc. +US Patent Numbers 6865671, 6986037. +-------------------+ @@ -1847,4 +1848,4 @@ util.c Some general purpose routines used by sendmail. version.c The version number and information about this version of sendmail. -(Version $Revision: 8.391 $, last update $Date: 2008/02/12 16:38:21 $ ) +(Version $Revision: 8.392 $, last update $Date: 2009/04/10 17:49:19 $ ) diff --git a/contrib/sendmail/src/TRACEFLAGS b/contrib/sendmail/src/TRACEFLAGS index a6249fd2c477..6fdfdd97df1d 100644 --- a/contrib/sendmail/src/TRACEFLAGS +++ b/contrib/sendmail/src/TRACEFLAGS @@ -1,4 +1,4 @@ -# $Id: TRACEFLAGS,v 8.47 2006/09/11 22:36:32 ca Exp $ +# $Id: TRACEFLAGS,v 8.48 2008/11/03 21:09:26 gshapiro Exp $ 0, 4 main.c main canonical name, UUCP node name, a.k.a.s 0, 15 main.c main print configuration 0, 44 util.c printav print address of each string @@ -86,6 +86,7 @@ 70 queue.c quarantining 71,>99 milter.c quarantine on errors 73 queue.c shared memory updates +74,>99 map.c LDAP map defer 80 content length 81 sun remote mode 83 collect.c timeout diff --git a/contrib/sendmail/src/collect.c b/contrib/sendmail/src/collect.c index 0a2cdaba83eb..f5d72477c510 100644 --- a/contrib/sendmail/src/collect.c +++ b/contrib/sendmail/src/collect.c @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: collect.c,v 8.282 2008/01/31 18:48:29 ca Exp $") +SM_RCSID("@(#)$Id: collect.c,v 8.284 2008/08/06 05:26:24 ca Exp $") static void eatfrom __P((char *volatile, ENVELOPE *)); static void collect_doheader __P((ENVELOPE *)); @@ -847,6 +847,9 @@ readerr: } /* Log collection information. */ + if (tTd(92, 2)) + sm_dprintf("collect: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n", + e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel); if (bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4) { logsender(e, e->e_msgid); diff --git a/contrib/sendmail/src/conf.c b/contrib/sendmail/src/conf.c index bf9705712c44..8d8f9ed6b147 100644 --- a/contrib/sendmail/src/conf.c +++ b/contrib/sendmail/src/conf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: conf.c,v 8.1141 2008/04/14 02:09:35 ca Exp $") +SM_RCSID("@(#)$Id: conf.c,v 8.1153 2009/12/18 17:25:12 ca Exp $") #include #include @@ -392,6 +392,9 @@ setdefaults(e) #if REQUIRES_DIR_FSYNC RequiresDirfsync = true; #endif /* REQUIRES_DIR_FSYNC */ +#if _FFR_RCPTTHROTDELAY + BadRcptThrottleDelay = 1; +#endif /* _FFR_RCPTTHROTDELAY */ ConnectionRateWindowSize = 60; setupmaps(); setupqueues(); @@ -782,7 +785,7 @@ inithostmaps() else if (strcmp(maptype[i], "ldap") == 0 && stab("aliases.ldap", ST_MAP, ST_FIND) == NULL) { - (void) strlcpy(buf, "aliases.ldap ldap -b . -h localhost -k mail=%0 -v mailgroup", + (void) sm_strlcpy(buf, "aliases.ldap ldap -b . -h localhost -k mail=%0 -v mailgroup", sizeof buf); (void) makemapentry(buf); } @@ -968,7 +971,10 @@ switch_map_find(service, maptype, mapreturn) p = strpbrk(buf, "#\n"); if (p != NULL) *p = '\0'; - p = strpbrk(buf, " \t"); +#ifndef SM_NSSWITCH_DELIMS +# define SM_NSSWITCH_DELIMS " \t" +#endif /* SM_NSSWITCH_DELIMS */ + p = strpbrk(buf, SM_NSSWITCH_DELIMS); if (p != NULL) *p++ = '\0'; if (buf[0] == '\0') @@ -981,7 +987,7 @@ switch_map_find(service, maptype, mapreturn) buf); continue; } - while (isspace(*p)) + while (isascii(*p) && isspace(*p)) p++; if (*p == '\0') continue; @@ -1007,7 +1013,7 @@ switch_map_find(service, maptype, mapreturn) if (p == NULL) break; *p++ = '\0'; - while (isspace(*p)) + while (isascii(*p) && isspace(*p)) p++; } if (svcno < MAXMAPSTACK) @@ -2282,7 +2288,8 @@ refuseconnections(e, dn, active) # define MIN_DELAY_LOG 90 /* wait before logging this again */ # define D_MSG_LA "delaying connections on daemon %s: load average=%d >= %d" /* sleep to flatten out connection load */ - sm_setproctitle(true, e, D_MSG_LA, Daemons[dn].d_name, limit); + sm_setproctitle(true, e, D_MSG_LA, Daemons[dn].d_name, + CurrentLA, limit); if (LogLevel > 8 && (now = curtime()) > log_delay) { sm_syslog(LOG_INFO, NOQID, D_MSG_LA, @@ -3374,6 +3381,10 @@ enoughdiskspace(msize, e) { int i; +#if _FFR_TESTS + if (tTd(4, 101)) + return false; +#endif /* _FFR_TESTS */ if (MinBlocksFree <= 0 && msize <= 0) { if (tTd(4, 80)) @@ -4074,7 +4085,7 @@ strtol(nptr, endptr, base) */ do { c = *s++; - } while (isspace(c)); + } while (isascii(c) && isspace(c)); if (c == '-') { neg = 1; c = *s++; @@ -4110,9 +4121,9 @@ strtol(nptr, endptr, base) cutlim = cutoff % (unsigned long) base; cutoff /= (unsigned long) base; for (acc = 0, any = 0;; c = *s++) { - if (isdigit(c)) + if (isascii(c) && isdigit(c)) c -= '0'; - else if (isalpha(c)) + else if (isascii(c) && isalpha(c)) c -= isupper(c) ? 'A' - 10 : 'a' - 10; else break; @@ -6043,6 +6054,10 @@ char *FFRCompileOptions[] = /* Deal with MTAs that send a reply during the DATA phase. */ "_FFR_CATCH_BROKEN_MTAS", #endif /* _FFR_CATCH_BROKEN_MTAS */ +#if _FFR_CHECKCONFIG + /* New OpMode to check the configuration file */ + "_FFR_CHECKCONFIG", +#endif /* _FFR_CHECKCONFIG */ #if _FFR_CHK_QUEUE /* Stricter checks about queue directory permissions. */ "_FFR_CHK_QUEUE", @@ -6117,6 +6132,10 @@ char *FFRCompileOptions[] = /* EightBitAddrOK: allow 8-bit e-mail addresses */ "_FFR_EIGHT_BIT_ADDR_OK", #endif /* _FFR_EIGHT_BIT_ADDR_OK */ +#if _FFR_EXPDELAY + /* exponential queue delay */ + "_FFR_EXPDELAY", +#endif /* _FFR_EXPDELAY */ #if _FFR_EXTRA_MAP_CHECK /* perform extra checks on $( $) in R lines */ "_FFR_EXTRA_MAP_CHECK", @@ -6175,10 +6194,17 @@ char *FFRCompileOptions[] = /* Ignore extensions offered in response to HELO */ "_FFR_IGNORE_EXT_ON_HELO", #endif /* _FFR_IGNORE_EXT_ON_HELO */ +#if _FFR_LINUX_MHNL + /* Set MAXHOSTNAMELEN to 256 (Linux) */ + "_FFR_LINUX_MHNL", +#endif /* _FFR_LINUX_MHNL */ #if _FFR_LOCAL_DAEMON /* Local daemon mode (-bl) which only accepts loopback connections */ "_FFR_LOCAL_DAEMON", #endif /* _FFR_LOCAL_DAEMON */ +#if _FFR_MAIL_MACRO + "_FFR_MAIL_MACRO", +#endif /* _FFR_MAIL_MACRO */ #if _FFR_MAXDATASIZE /* ** It is possible that a header is larger than MILTER_CHUNK_SIZE, @@ -6199,6 +6225,10 @@ char *FFRCompileOptions[] = /* Limit sleep(2) time in libsm/clock.c */ "_FFR_MAX_SLEEP_TIME", #endif /* _FFR_MAX_SLEEP_TIME */ +#if _FFR_MDS_NEGOTIATE + /* MaxDataSize negotation with libmilter */ + "_FFR_MDS_NEGOTIATE", +#endif /* _FFR_MDS_NEGOTIATE */ #if _FFR_MEMSTAT /* Check free memory */ "_FFR_MEMSTAT", @@ -6232,6 +6262,10 @@ char *FFRCompileOptions[] = "_FFR_MILTER_CHECK_REJECTIONS_TOO", #endif /* _FFR_MILTER_CHECK_REJECTIONS_TOO */ +#if _FFR_MILTER_ENHSC + /* extract enhanced status code from milter replies for dsn= logging */ + "_FFR_MILTER_ENHSC", +#endif /* _FFR_MILTER_ENHSC */ #if _FFR_MIME7TO8_OLD /* Old mime7to8 code, the new is broken for at least one example. */ "_FFR_MIME7TO8_OLD", @@ -6285,6 +6319,10 @@ char *FFRCompileOptions[] = /* Debug output for the queue scheduler. */ "_FFR_QUEUE_SCHED_DBG", #endif /* _FFR_QUEUE_SCHED_DBG */ +#if _FFR_RCPTTHROTDELAY + /* configurable delay for BadRcptThrottle */ + "_FFR_RCPTTHROTDELAY" +#endif /* _FFR_RCPTTHROTDELAY */ #if _FFR_REDIRECTEMPTY /* ** envelope <> can't be sent to mailing lists, only owner- @@ -6361,6 +6399,10 @@ char *FFRCompileOptions[] = /* SuperSafe per DaemonPortOptions: 'T' (better letter?) */ "_FFR_SS_PER_DAEMON", #endif /* _FFR_SS_PER_DAEMON */ +#if _FFR_TESTS + /* enable some test code */ + "_FFR_TESTS", +#endif /* _FFR_TESTS */ #if _FFR_TIMERS /* Donated code (unused). */ "_FFR_TIMERS", diff --git a/contrib/sendmail/src/conf.h b/contrib/sendmail/src/conf.h index f1386c4b61f6..dff37ff99fee 100644 --- a/contrib/sendmail/src/conf.h +++ b/contrib/sendmail/src/conf.h @@ -10,7 +10,7 @@ * the sendmail distribution. * * - * $Id: conf.h,v 8.574 2006/11/29 00:36:06 ca Exp $ + * $Id: conf.h,v 8.575 2009/03/25 20:04:00 ca Exp $ */ /* @@ -123,9 +123,18 @@ struct rusage; /* forward declaration to get gcc to shut up in wait.h */ #define DATA_PROGRESS_TIMEOUT 300 /* how often to check DATA progress */ #define ENHSCLEN 10 /* max len of enhanced status code */ #define DEFAULT_MAX_RCPT 100 /* max number of RCPTs per envelope */ -#define MAXQUEUEGROUPS 50 /* max # of queue groups */ +#ifndef MAXQUEUEGROUPS +# define MAXQUEUEGROUPS 50 /* max # of queue groups */ /* must be less than BITMAPBITS for DoQueueRun */ -#define MAXWORKGROUPS 50 /* max # of work groups */ +#endif /* MAXQUEUEGROUPS */ +#if MAXQUEUEGROUPS >= BITMAPBITS + ERROR _MAXQUEUEGROUPS must be less than _BITMAPBITS +#endif /* MAXQUEUEGROUPS >= BITMAPBITS */ + +#ifndef MAXWORKGROUPS +# define MAXWORKGROUPS 50 /* max # of work groups */ +#endif /* MAXWORKGROUPS */ + #define MAXFILESYS BITMAPBITS /* max # of queue file systems * must be <= BITMAPBITS */ #ifndef FILESYS_UPDATE_INTERVAL diff --git a/contrib/sendmail/src/daemon.c b/contrib/sendmail/src/daemon.c index 06a36c7e6487..983ad2fe3ede 100644 --- a/contrib/sendmail/src/daemon.c +++ b/contrib/sendmail/src/daemon.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2007, 2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -14,7 +14,7 @@ #include #include "map.h" -SM_RCSID("@(#)$Id: daemon.c,v 8.680 2008/02/14 00:20:26 ca Exp $") +SM_RCSID("@(#)$Id: daemon.c,v 8.683 2009/12/18 01:12:40 ca Exp $") #if defined(SOCK_STREAM) || defined(__GNU_LIBRARY__) # define USE_SOCK_STREAM 1 @@ -199,7 +199,7 @@ getrequests(e) if (tTd(15, 1)) { for (idx = 0; idx < NDaemons; idx++) - sm_dprintf("getrequests: daemon %s: %d\n", + sm_dprintf("getrequests: daemon %s: socket %d\n", Daemons[idx].d_name, Daemons[idx].d_socket); } @@ -2161,7 +2161,8 @@ makeconnection(host, port, mci, e, enough) case AF_INET: clt_addr.sin.sin_addr.s_addr = inet_addr(p); if (clt_addr.sin.sin_addr.s_addr != INADDR_NONE && - clt_addr.sin.sin_addr.s_addr != INADDR_LOOPBACK) + clt_addr.sin.sin_addr.s_addr != + htonl(INADDR_LOOPBACK)) { clt_bind = true; socksize = sizeof(struct sockaddr_in); @@ -2342,7 +2343,7 @@ makeconnection(host, port, mci, e, enough) } } gothostent: - if (hp == NULL) + if (hp == NULL || hp->h_addr == NULL) { #if NAMED_BIND /* check for name server timeouts */ diff --git a/contrib/sendmail/src/deliver.c b/contrib/sendmail/src/deliver.c index ed60e47a3c96..0322c956ef2b 100644 --- a/contrib/sendmail/src/deliver.c +++ b/contrib/sendmail/src/deliver.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -14,7 +14,7 @@ #include #include -SM_RCSID("@(#)$Id: deliver.c,v 8.1015 2007/10/17 21:35:30 ca Exp $") +SM_RCSID("@(#)$Id: deliver.c,v 8.1020 2009/12/18 17:08:01 ca Exp $") #if HASSETUSERCONTEXT # include @@ -575,12 +575,12 @@ sendall(e, mode) #endif /* HASFLOCK */ if (e->e_nrcpts > 0) e->e_flags |= EF_INQUEUE; - dropenvelope(e, splitenv != NULL, true); + (void) dropenvelope(e, splitenv != NULL, true); for (ee = splitenv; ee != NULL; ee = ee->e_sibling) { if (ee->e_nrcpts > 0) ee->e_flags |= EF_INQUEUE; - dropenvelope(ee, false, true); + (void) dropenvelope(ee, false, true); } return; @@ -602,7 +602,7 @@ sendall(e, mode) /* now drop the envelope in the parent */ e->e_flags |= EF_INQUEUE; - dropenvelope(e, splitenv != NULL, false); + (void) dropenvelope(e, splitenv != NULL, false); /* arrange to reacquire lock after fork */ e->e_id = qid; @@ -615,7 +615,7 @@ sendall(e, mode) /* drop envelope in parent */ ee->e_flags |= EF_INQUEUE; - dropenvelope(ee, false, false); + (void) dropenvelope(ee, false, false); /* and save qid for reacquisition */ ee->e_id = qid; @@ -762,14 +762,14 @@ sendall(e, mode) } sendenvelope(e, mode); - dropenvelope(e, true, true); + (void) dropenvelope(e, true, true); for (ee = splitenv; ee != NULL; ee = ee->e_sibling) { CurEnv = ee; if (mode != SM_VERIFY) openxscript(ee); sendenvelope(ee, mode); - dropenvelope(ee, true, true); + (void) dropenvelope(ee, true, true); } CurEnv = e; @@ -1391,7 +1391,7 @@ deliver(e, firstto) else p = e->e_from.q_paddr; rpath = remotename(p, m, RF_SENDERADDR|RF_CANONICAL, &rcode, e); - if (strlen(rpath) > MAXSHORTSTR) + if (strlen(rpath) > MAXNAME) { rpath = shortenstring(rpath, MAXSHORTSTR); @@ -2978,7 +2978,7 @@ reconnect: /* after switching to an encrypted connection */ char *s; /* - ** TLS negotation failed, what to do? + ** TLS negotiation failed, what to do? ** fall back to unencrypted connection ** or abort? How to decide? ** set a macro and call a ruleset. @@ -3021,7 +3021,7 @@ reconnect: /* after switching to an encrypted connection */ /* ** rcode == EX_SOFTWARE is special: - ** the TLS negotation failed + ** the TLS negotiation failed ** we have to drop the connection no matter what ** However, we call tls_server to give it the chance ** to log the problem and return an appropriate @@ -6075,8 +6075,9 @@ initclttls(tls_ok) return false; if (clt_ctx != NULL) return true; /* already done */ - tls_ok_clt = inittls(&clt_ctx, TLS_I_CLT, false, CltCertFile, - CltKeyFile, CACertPath, CACertFile, DHParams); + tls_ok_clt = inittls(&clt_ctx, TLS_I_CLT, Clt_SSL_Options, false, + CltCertFile, CltKeyFile, + CACertPath, CACertFile, DHParams); return tls_ok_clt; } @@ -6108,6 +6109,16 @@ starttls(m, mci, e) if (clt_ctx == NULL && !initclttls(true)) return EX_TEMPFAIL; + +# if USE_OPENSSL_ENGINE + if (!SSL_set_engine(NULL)) + { + sm_syslog(LOG_ERR, NOQID, + "STARTTLS=client, SSL_set_engine=failed"); + return EX_TEMPFAIL; + } +# endif /* USE_OPENSSL_ENGINE */ + smtpmessage("STARTTLS", m, mci); /* get the reply */ diff --git a/contrib/sendmail/src/envelope.c b/contrib/sendmail/src/envelope.c index 641c621a416c..022c3ca8b2d6 100644 --- a/contrib/sendmail/src/envelope.c +++ b/contrib/sendmail/src/envelope.c @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: envelope.c,v 8.305 2008/03/31 16:32:13 ca Exp $") +SM_RCSID("@(#)$Id: envelope.c,v 8.310 2009/12/18 17:08:01 ca Exp $") /* ** CLRSESSENVELOPE -- clear session oriented data in an envelope @@ -163,14 +163,14 @@ newenvelope(e, parent, rpool) ** split -- if true, split by recipient if message is queued up ** ** Returns: -** none. +** EX_* status (currently: 0: success, EX_IOERR on panic) ** ** Side Effects: ** housekeeping necessary to dispose of an envelope. ** Unlocks this queue file. */ -void +int dropenvelope(e, fulldrop, split) register ENVELOPE *e; bool fulldrop; @@ -209,12 +209,15 @@ dropenvelope(e, fulldrop, split) /* we must have an id to remove disk files */ if (id == NULL) - return; + return EX_OK; /* if verify-only mode, we can skip most of this */ if (OpMode == MD_VERIFY) goto simpledrop; + if (tTd(92, 2)) + sm_dprintf("dropenvelope: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n", + e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel); if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) logsender(e, NULL); e->e_flags &= ~EF_LOGSENDER; @@ -618,7 +621,11 @@ simpledrop: } e->e_id = NULL; e->e_flags &= ~EF_HAS_DF; + if (panic) + return EX_IOERR; + return EX_OK; } + /* ** CLEARENVELOPE -- clear an envelope without unlocking ** @@ -714,6 +721,9 @@ clearenvelope(e, fullclear, rpool) bh = bh->h_link; nhp = &(*nhp)->h_link; } +#if _FFR_MILTER_ENHSC + e->e_enhsc[0] = '\0'; +#endif /* _FFR_MILTER_ENHSC */ } /* ** INITSYS -- initialize instantiation of system diff --git a/contrib/sendmail/src/headers.c b/contrib/sendmail/src/headers.c index 8e70fed7618e..c4bdc8770025 100644 --- a/contrib/sendmail/src/headers.c +++ b/contrib/sendmail/src/headers.c @@ -14,7 +14,7 @@ #include #include -SM_RCSID("@(#)$Id: headers.c,v 8.312 2007/06/19 18:52:11 ca Exp $") +SM_RCSID("@(#)$Id: headers.c,v 8.317 2008/08/27 20:11:55 gshapiro Exp $") static HDR *allocheader __P((char *, char *, int, SM_RPOOL_T *, bool)); static size_t fix_mime_header __P((HDR *, ENVELOPE *)); @@ -715,7 +715,16 @@ hvalue(field, header) { if (!bitset(H_DEFAULT, h->h_flags) && sm_strcasecmp(h->h_field, field) == 0) - return h->h_value; + { + char *s; + + s = h->h_value; + if (s == NULL) + return NULL; + while (isascii(*s) && isspace(*s)) + s++; + return s; + } } return NULL; } @@ -1065,6 +1074,10 @@ eatheader(e, full, log) ** Log collection information. */ + if (tTd(92, 2)) + sm_dprintf("eatheader: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d, log=%d\n", + e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel, + log); if (log && bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4) { logsender(e, e->e_msgid); diff --git a/contrib/sendmail/src/main.c b/contrib/sendmail/src/main.c index d68d5b590d6b..1bbb070dace6 100644 --- a/contrib/sendmail/src/main.c +++ b/contrib/sendmail/src/main.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2006, 2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2006, 2008, 2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -26,7 +26,7 @@ SM_UNUSED(static char copyright[]) = The Regents of the University of California. All rights reserved.\n"; #endif /* ! lint */ -SM_RCSID("@(#)$Id: main.c,v 8.967 2008/03/31 16:32:13 ca Exp $") +SM_RCSID("@(#)$Id: main.c,v 8.971 2009/12/18 17:08:01 ca Exp $") #if NETINET || NETINET6 @@ -129,7 +129,7 @@ int SyslogPrefixLen; /* estimated length of syslog prefix */ { \ if (extraprivs && \ OpMode != MD_DELIVER && OpMode != MD_SMTP && \ - OpMode != MD_ARPAFTP && \ + OpMode != MD_ARPAFTP && OpMode != MD_CHECKCONFIG && \ OpMode != MD_VERIFY && OpMode != MD_TEST) \ { \ (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, \ @@ -401,6 +401,9 @@ main(argc, argv, envp) case MD_HOSTSTAT: case MD_PURGESTAT: case MD_ARPAFTP: +#if _FFR_CHECKCONFIG + case MD_CHECKCONFIG: +#endif /* _FFR_CHECKCONFIG */ OpMode = j; break; @@ -1192,7 +1195,7 @@ main(argc, argv, envp) } /* if we've had errors so far, exit now */ - if ((ExitStat != EX_OK && OpMode != MD_TEST) || + if ((ExitStat != EX_OK && OpMode != MD_TEST && OpMode != MD_CHECKCONFIG) || ExitStat == EX_OSERR) { finis(false, true, ExitStat); @@ -1566,6 +1569,7 @@ main(argc, argv, envp) break; case MD_TEST: + case MD_CHECKCONFIG: case MD_PRINT: case MD_PRINTNQE: case MD_FREEZE: @@ -1626,6 +1630,9 @@ main(argc, argv, envp) case MD_TEST: /* don't have persistent host status in test mode */ HostStatDir = NULL; + /* FALLTHROUGH */ + + case MD_CHECKCONFIG: if (Verbose == 0) Verbose = 2; BlankEnvelope.e_errormode = EM_PRINT; @@ -1933,8 +1940,8 @@ main(argc, argv, envp) } } - /* if we've had errors so far, exit now */ - if (ExitStat != EX_OK && OpMode != MD_TEST) + /* if checking config or have had errors so far, exit now */ + if (OpMode == MD_CHECKCONFIG || (ExitStat != EX_OK && OpMode != MD_TEST)) { finis(false, true, ExitStat); /* NOTREACHED */ @@ -1958,7 +1965,7 @@ main(argc, argv, envp) case MD_PRINT: /* print the queue */ HoldErrs = false; - dropenvelope(&BlankEnvelope, true, false); + (void) dropenvelope(&BlankEnvelope, true, false); (void) sm_signal(SIGPIPE, sigpipe); if (qgrp != NOQGRP) { @@ -1981,7 +1988,7 @@ main(argc, argv, envp) case MD_PRINTNQE: /* print number of entries in queue */ - dropenvelope(&BlankEnvelope, true, false); + (void) dropenvelope(&BlankEnvelope, true, false); (void) sm_signal(SIGPIPE, sigpipe); printnqe(smioout, NULL); finis(false, true, EX_OK); @@ -2133,8 +2140,8 @@ main(argc, argv, envp) else if (OpMode == MD_DAEMON || OpMode == MD_FGDAEMON || OpMode == MD_SMTP) { - /* check whether STARTTLS is turned off for the server */ - if (chkdaemonmodifiers(D_NOTLS)) + /* check whether STARTTLS is turned off */ + if (chkdaemonmodifiers(D_NOTLS) && chkclientmodifiers(D_NOTLS)) tls_ok = false; } else /* other modes don't need STARTTLS */ @@ -2530,7 +2537,7 @@ main(argc, argv, envp) } } } - dropenvelope(&MainEnvelope, true, false); + (void) dropenvelope(&MainEnvelope, true, false); #if STARTTLS /* init TLS for server, ignore result for now */ @@ -2952,7 +2959,11 @@ finis(drop, cleanup, exitstat) { if (CurEnv->e_id != NULL) { - dropenvelope(CurEnv, true, false); + int r; + + r = dropenvelope(CurEnv, true, false); + if (exitstat == EX_OK) + exitstat = r; sm_rpool_free(CurEnv->e_rpool); CurEnv->e_rpool = NULL; diff --git a/contrib/sendmail/src/map.c b/contrib/sendmail/src/map.c index 4248fd90f519..be88685babd9 100644 --- a/contrib/sendmail/src/map.c +++ b/contrib/sendmail/src/map.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1992, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1992, 1993 @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: map.c,v 8.699 2007/10/10 00:06:45 ca Exp $") +SM_RCSID("@(#)$Id: map.c,v 8.705 2009/08/11 22:22:40 ca Exp $") #if LDAPMAP # include @@ -730,7 +730,7 @@ getcanonname(host, hbsize, trymx, pttl) int mapno; bool found = false; bool got_tempfail = false; - auto int status; + auto int status = EX_UNAVAILABLE; char *maptype[MAXMAPSTACK]; short mapreturn[MAXMAPACTIONS]; #if defined(SUN_EXTENSIONS) && defined(SUN_INIT_DOMAIN) @@ -1710,7 +1710,7 @@ lockdbm: { map->map_mflags |= MF_OPEN; map->map_pid = CurrentPid; - if ((omode && O_ACCMODE) == O_RDWR) + if ((omode & O_ACCMODE) == O_RDWR) map->map_mflags |= MF_WRITABLE; goto lockdbm; } @@ -2359,7 +2359,7 @@ db_map_lookup(map, name, av, statp) { map->map_mflags |= MF_OPEN; map->map_pid = CurrentPid; - if ((omode && O_ACCMODE) == O_RDWR) + if ((omode & O_ACCMODE) == O_RDWR) map->map_mflags |= MF_WRITABLE; db = (DB *) map->map_db2; goto lockdb; @@ -3415,6 +3415,18 @@ ldapmap_open(map, mode) else id = "localhost"; + if (tTd(74, 104)) + { + extern MAPCLASS NullMapClass; + + /* debug mode: don't actually open an LDAP connection */ + map->map_orgclass = map->map_class; + map->map_class = &NullMapClass; + map->map_mflags |= MF_OPEN; + map->map_pid = CurrentPid; + return true; + } + /* No connection yet, connect */ if (!sm_ldap_start(map->map_mname, lmap)) { @@ -3514,12 +3526,12 @@ sunet_id_hash(str) p_last = p; while (*p != '\0') { - if (islower(*p) || isdigit(*p)) + if (isascii(*p) && (islower(*p) || isdigit(*p))) { *p_last = *p; p_last++; } - else if (isupper(*p)) + else if (isascii(*p) && isupper(*p)) { *p_last = tolower(*p); p_last++; @@ -3967,6 +3979,10 @@ ldapmap_parseargs(map, args) map->map_coldelim = ' '; } +# if _FFR_LDAP_NETWORK_TIMEOUT + lmap->ldap_networktmo = 120; +# endif /* _FFR_LDAP_NETWORK_TIMEOUT */ + for (;;) { while (isascii(*p) && isspace(*p)) @@ -4066,7 +4082,7 @@ ldapmap_parseargs(map, args) case 'c': /* network (connect) timeout */ while (isascii(*++p) && isspace(*p)) continue; - lmap->ldap_networktmo.tv_sec = atoi(p); + lmap->ldap_networktmo = atoi(p); break; # endif /* _FFR_LDAP_NETWORK_TIMEOUT */ @@ -6687,6 +6703,13 @@ null_map_store(map, key, val) return; } +MAPCLASS NullMapClass = +{ + "null-map", NULL, 0, + NULL, null_map_lookup, null_map_store, + null_map_open, null_map_close, +}; + /* ** BOGUS stubs */ @@ -7325,7 +7348,8 @@ arith_map_lookup(map, name, av, statp) if (LogLevel > 10) sm_syslog(LOG_WARNING, NOQID, "arith_map: unknown operator %c", - isprint(*name) ? *name : '?'); + (isascii(*name) && isprint(*name)) ? + *name : '?'); return NULL; } if (boolres) diff --git a/contrib/sendmail/src/milter.c b/contrib/sendmail/src/milter.c index 816c7bf7d4ac..773dfa8f9c6d 100644 --- a/contrib/sendmail/src/milter.c +++ b/contrib/sendmail/src/milter.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2006 Sendmail, Inc. and its suppliers. + * Copyright (c) 1999-2009 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -10,7 +10,7 @@ #include -SM_RCSID("@(#)$Id: milter.c,v 8.269 2007/06/06 17:26:12 ca Exp $") +SM_RCSID("@(#)$Id: milter.c,v 8.277 2009/11/06 00:57:06 ca Exp $") #if MILTER # include @@ -514,7 +514,6 @@ milter_write(m, cmd, buf, len, to, e, where) ENVELOPE *e; const char *where; { - time_t writestart = (time_t) 0; ssize_t sl, i; int num_vectors; mi_int32 nl; @@ -532,12 +531,16 @@ milter_write(m, cmd, buf, len, to, e, where) if (len < 0 || len > MilterMaxDataSize) { if (tTd(64, 5)) - sm_dprintf("milter_write(%s): length %ld out of range\n", - m->mf_name, (long) len); + { + sm_dprintf("milter_write(%s): length %ld out of range, cmd=%c\n", + m->mf_name, (long) len, command); + sm_dprintf("milter_write(%s): buf=%s\n", + m->mf_name, str2prt(buf)); + } if (MilterLogLevel > 0) sm_syslog(LOG_ERR, e->e_id, - "milter_write(%s): length %ld out of range", - m->mf_name, (long) len); + "milter_write(%s): length %ld out of range, cmd=%c", + m->mf_name, (long) len, command); milter_error(m, e); return NULL; } @@ -594,10 +597,7 @@ milter_write(m, cmd, buf, len, to, e, where) } if (to > 0) - { - writestart = curtime(); MILTER_TIMEOUT("write", to, true, started, where); - } /* write the vector(s) */ i = writev(m->mf_sock, vector, num_vectors); @@ -1572,10 +1572,10 @@ static struct milteropt # define MO_LOGLEVEL 0x07 { "loglevel", MO_LOGLEVEL }, -# if _FFR_MAXDATASIZE +# if _FFR_MAXDATASIZE || _FFR_MDS_NEGOTIATE # define MO_MAXDATASIZE 0x08 { "maxdatasize", MO_MAXDATASIZE }, -# endif /* _FFR_MAXDATASIZE */ +# endif /* _FFR_MAXDATASIZE || _FFR_MDS_NEGOTIATE */ { NULL, (unsigned char)-1 }, }; @@ -1631,11 +1631,29 @@ milter_set_option(name, val, sticky) MilterLogLevel = atoi(val); break; -#if _FFR_MAXDATASIZE +# if _FFR_MAXDATASIZE || _FFR_MDS_NEGOTIATE case MO_MAXDATASIZE: +# if _FFR_MDS_NEGOTIATE MilterMaxDataSize = (size_t)atol(val); + if (MilterMaxDataSize != MILTER_MDS_64K && + MilterMaxDataSize != MILTER_MDS_256K && + MilterMaxDataSize != MILTER_MDS_1M) + { + sm_syslog(LOG_WARNING, NOQID, + "WARNING: Milter.%s=%d, allowed are only %d, %d, and %d", + name, MilterMaxDataSize, + MILTER_MDS_64K, MILTER_MDS_256K, + MILTER_MDS_1M); + if (MilterMaxDataSize < MILTER_MDS_64K) + MilterMaxDataSize = MILTER_MDS_64K; + else if (MilterMaxDataSize < MILTER_MDS_256K) + MilterMaxDataSize = MILTER_MDS_256K; + else + MilterMaxDataSize = MILTER_MDS_1M; + } +# endif /* _FFR_MDS_NEGOTIATE */ break; -#endif /* _FFR_MAXDATASIZE */ +# endif /* _FFR_MAXDATASIZE || _FFR_MDS_NEGOTIATE */ case MO_MACROS_CONNECT: if (macros == NULL) @@ -2411,6 +2429,12 @@ milter_negotiate(m, e, milters) mta_prot_flags = SMFI_CURR_PROT; mta_actions = SMFI_CURR_ACTS; #endif /* _FFR_MILTER_CHECK */ +#if _FFR_MDS_NEGOTIATE + if (MilterMaxDataSize == MILTER_MDS_256K) + mta_prot_flags |= SMFIP_MDS_256K; + else if (MilterMaxDataSize == MILTER_MDS_1M) + mta_prot_flags |= SMFIP_MDS_1M; +#endif /* _FFR_MDS_NEGOTIATE */ fvers = htonl(mta_prot_vers); pflags = htonl(mta_prot_flags); @@ -2525,6 +2549,39 @@ milter_negotiate(m, e, milters) goto error; } +#if _FFR_MDS_NEGOTIATE + /* use a table instead of sequence? */ + if (bitset(SMFIP_MDS_1M, m->mf_pflags)) + { + if (MilterMaxDataSize != MILTER_MDS_1M) + { + /* this should not happen... */ + sm_syslog(LOG_WARNING, NOQID, + "WARNING: Milter.maxdatasize: configured=%d, set by libmilter=%d", + MilterMaxDataSize, MILTER_MDS_1M); + MilterMaxDataSize = MILTER_MDS_1M; + } + } + else if (bitset(SMFIP_MDS_256K, m->mf_pflags)) + { + if (MilterMaxDataSize != MILTER_MDS_256K) + { + sm_syslog(LOG_WARNING, NOQID, + "WARNING: Milter.maxdatasize: configured=%d, set by libmilter=%d", + MilterMaxDataSize, MILTER_MDS_256K); + MilterMaxDataSize = MILTER_MDS_256K; + } + } + else if (MilterMaxDataSize != MILTER_MDS_64K) + { + sm_syslog(LOG_WARNING, NOQID, + "WARNING: Milter.maxdatasize: configured=%d, set by libmilter=%d", + MilterMaxDataSize, MILTER_MDS_64K); + MilterMaxDataSize = MILTER_MDS_64K; + } + m->mf_pflags &= ~SMFI_INTERNAL; +#endif /* _FFR_MDS_NEGOTIATE */ + /* check for protocol feature mismatch */ if ((m->mf_pflags & mta_prot_flags) != m->mf_pflags) { @@ -2976,7 +3033,7 @@ milter_addheader(m, response, rlen, e) h->h_value = mh_value; else { - h->h_value = addleadingspace (mh_value, e->e_rpool); + h->h_value = addleadingspace(mh_value, e->e_rpool); SM_FREE(mh_value); } h->h_flags |= H_USER; @@ -3277,7 +3334,7 @@ milter_changeheader(m, response, rlen, e) h->h_value = mh_value; else { - h->h_value = addleadingspace (mh_value, e->e_rpool); + h->h_value = addleadingspace(mh_value, e->e_rpool); SM_FREE(mh_value); } h->h_flags |= H_USER; @@ -3330,7 +3387,7 @@ milter_split_response(response, rlen, pargc) return NULL; /* last entry is only for the name */ - s = (char **)malloc(nelem * (sizeof(*s))); + s = (char **)malloc((nelem + 1) * (sizeof(*s))); if (s == NULL) return NULL; s[0] = response; @@ -3813,7 +3870,7 @@ milter_init(e, state, milters) m->mf_sock < 0 ? "open" : "negotiate"); - /* if negotation failure, close socket */ + /* if negotiation failure, close socket */ milter_error(m, e); MILTER_CHECK_ERROR(true, continue); continue; @@ -4383,7 +4440,7 @@ milter_data(e, state) response = milter_read(m, &rcmd, &rlen, m->mf_timeout[SMFTO_READ], e, - "body"); + "eom"); if (m->mf_state == SMFS_ERROR) break; diff --git a/contrib/sendmail/src/queue.c b/contrib/sendmail/src/queue.c index d4c6369d0e6a..194f5250d663 100644 --- a/contrib/sendmail/src/queue.c +++ b/contrib/sendmail/src/queue.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -14,7 +14,7 @@ #include #include -SM_RCSID("@(#)$Id: queue.c,v 8.977 2008/02/15 23:19:58 ca Exp $") +SM_RCSID("@(#)$Id: queue.c,v 8.987 2009/12/18 17:08:01 ca Exp $") #include @@ -134,7 +134,7 @@ static const char EmptyString[] = ""; static void grow_wlist __P((int, int)); static int multiqueue_cache __P((char *, int, QUEUEGRP *, int, unsigned int *)); -static int gatherq __P((int, int, bool, bool *, bool *)); +static int gatherq __P((int, int, bool, bool *, bool *, int *)); static int sortq __P((int)); static void printctladdr __P((ADDRESS *, SM_FILE_T *)); static bool readqf __P((ENVELOPE *, bool)); @@ -2106,7 +2106,7 @@ run_work_group(wgrp, flags) for (i = 0; i < Queue[qgrp]->qg_numqueues; i++) { - h = gatherq(qgrp, qdir, false, &full, &more); + (void) gatherq(qgrp, qdir, false, &full, &more, &h); #if SM_CONF_SHM if (ShmId != SM_SHM_NO_ID) QSHM_ENTRIES(Queue[qgrp]->qg_qpaths[qdir].qp_idx) = h; @@ -2450,6 +2450,7 @@ runqueueevent(ignore) ** full -- (optional) to be set 'true' if WorkList is full ** more -- (optional) to be set 'true' if there are still more ** messages in this queue not added to WorkList +** pnentries -- (optional) total nuber of entries in queue ** ** Returns: ** The number of request in the queue (not necessarily @@ -2472,25 +2473,26 @@ static int WorkListSize = 0; /* current max size of WorkList */ static int WorkListCount = 0; /* # of work items in WorkList */ static int -gatherq(qgrp, qdir, doall, full, more) +gatherq(qgrp, qdir, doall, full, more, pnentries) int qgrp; int qdir; bool doall; bool *full; bool *more; + int *pnentries; { register struct dirent *d; register WORK *w; register char *p; DIR *f; - int i, num_ent; - int wn; + int i, num_ent, wn, nentries; QUEUE_CHAR *check; char qd[MAXPATHLEN]; char qf[MAXPATHLEN]; wn = WorkListCount - 1; num_ent = 0; + nentries = 0; if (qdir == NOQDIR) (void) sm_strlcpy(qd, ".", sizeof(qd)); else @@ -2600,6 +2602,7 @@ gatherq(qgrp, qdir, doall, full, more) continue; } + ++nentries; check = QueueLimitId; while (check != NULL) { @@ -2855,6 +2858,21 @@ gatherq(qgrp, qdir, doall, full, more) break; case 'K': +#if _FFR_EXPDELAY + if (MaxQueueAge > 0) + { + time_t lasttry, delay; + + lasttry = (time_t) atol(&lbuf[1]); + delay = MIN(lasttry - w->w_ctime, + MaxQueueAge); + age = curtime() - lasttry; + if (age < delay) + w->w_tooyoung = true; + break; + } +#endif /* _FFR_EXPDELAY */ + age = curtime() - (time_t) atol(&lbuf[1]); if (age >= 0 && MinQueueAge > 0 && age < MinQueueAge) @@ -2900,6 +2918,8 @@ gatherq(qgrp, qdir, doall, full, more) *full = (wn >= MaxQueueRun && MaxQueueRun > 0) || (WorkList == NULL && wn > 0); + if (pnentries != NULL) + *pnentries = nentries; return i; } /* @@ -3331,8 +3351,8 @@ workcmpf4(a, b) ** WORKCMPF5 -- compare based on assigned random number ** ** Parameters: -** a -- the first argument (ignored). -** b -- the second argument (ignored). +** a -- the first argument. +** b -- the second argument. ** ** Returns: ** randomly 1/-1 @@ -3682,7 +3702,7 @@ dowork(qgrp, qdir, id, forkflag, requeueflag, e) finis(true, true, ExitStat); else { - dropenvelope(e, true, false); + (void) dropenvelope(e, true, false); sm_rpool_free(rpool); e->e_rpool = NULL; } @@ -3859,7 +3879,7 @@ doworklist(el, forkflag, requeueflag) /* do the delivery */ sendall(&e, SM_DELIVER); - dropenvelope(&e, true, false); + (void) dropenvelope(&e, true, false); } else { @@ -4834,7 +4854,7 @@ print_single_queue(qgrp, qdir) ** Read and order the queue. */ - nrequests = gatherq(qgrp, qdir, true, NULL, NULL); + nrequests = gatherq(qgrp, qdir, true, NULL, NULL, NULL); (void) sortq(Queue[qgrp]->qg_maxlist); /* @@ -5332,31 +5352,31 @@ static const char QueueIdChars[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh */ # define queuenextid() CurrentPid - +#define QIC_LEN_SQR (QIC_LEN * QIC_LEN) void assign_queueid(e) register ENVELOPE *e; { pid_t pid = queuenextid(); - static int cX = 0; - static long random_offset; + static unsigned int cX = 0; + static unsigned int random_offset; struct tm *tm; char idbuf[MAXQFNAME - 2]; - int seq; + unsigned int seq; if (e->e_id != NULL) return; /* see if we need to get a new base time/pid */ - if (cX >= QIC_LEN * QIC_LEN || LastQueueTime == 0 || - LastQueuePid != pid) + if (cX >= QIC_LEN_SQR || LastQueueTime == 0 || LastQueuePid != pid) { time_t then = LastQueueTime; /* if the first time through, pick a random offset */ if (LastQueueTime == 0) - random_offset = get_random(); + random_offset = ((unsigned int)get_random()) + % QIC_LEN_SQR; while ((LastQueueTime = curtime()) == then && LastQueuePid == pid) @@ -5368,16 +5388,16 @@ assign_queueid(e) } /* - ** Generate a new sequence number between 0 and QIC_LEN*QIC_LEN-1. - ** This lets us generate up to QIC_LEN*QIC_LEN unique queue ids + ** Generate a new sequence number between 0 and QIC_LEN_SQR-1. + ** This lets us generate up to QIC_LEN_SQR unique queue ids ** per second, per process. With envelope splitting, ** a single message can consume many queue ids. */ - seq = (int)((cX + random_offset) % (QIC_LEN * QIC_LEN)); + seq = (cX + random_offset) % QIC_LEN_SQR; ++cX; if (tTd(7, 50)) - sm_dprintf("assign_queueid: random_offset = %ld (%d)\n", + sm_dprintf("assign_queueid: random_offset=%u (%u)\n", random_offset, seq); tm = gmtime(&LastQueueTime); @@ -5430,6 +5450,7 @@ sync_queue_time() { #if FAST_PID_RECYCLE if (OpMode != MD_TEST && + OpMode != MD_CHECKCONFIG && OpMode != MD_VERIFY && LastQueueTime > 0 && LastQueuePid == CurrentPid && @@ -5740,6 +5761,10 @@ pickqdir(qg, fsize, e) else qdir = get_rand_mod(qg->qg_numqueues); +#if _FFR_TESTS + if (tTd(4, 101)) + return NOQDIR; +#endif /* _FFR_TESTS */ if (MinBlocksFree <= 0 && fsize <= 0) return qdir; @@ -6600,6 +6625,16 @@ init_sem(owner) (long) SemKey, SemId, sm_errstring(-SemId)); return; } + if (owner && RunAsUid != 0) + { + int r; + + r = sm_semsetowner(SemId, RunAsUid, RunAsGid, 0660); + if (r != 0) + sm_syslog(LOG_ERR, NOQID, + "key=%ld, sm_semsetowner=%d, RunAsUid=%d, RunAsGid=%d", + (long) SemKey, r, RunAsUid, RunAsGid); + } #endif /* SM_CONF_SEM */ #endif /* _FFR_USE_SEM_LOCKING */ return; @@ -8826,7 +8861,7 @@ quarantine_queue(reason, qgrplimit) if (StopRequest) stop_sendmail(); - nrequests = gatherq(qgrp, qdir, true, NULL, NULL); + nrequests = gatherq(qgrp, qdir, true, NULL, NULL, NULL); /* first see if there is anything */ if (nrequests <= 0) diff --git a/contrib/sendmail/src/ratectrl.c b/contrib/sendmail/src/ratectrl.c index 8b95b3753df0..773955a6db0f 100644 --- a/contrib/sendmail/src/ratectrl.c +++ b/contrib/sendmail/src/ratectrl.c @@ -45,7 +45,7 @@ */ #include -SM_RCSID("@(#)$Id: ratectrl.c,v 8.12 2008/02/11 22:56:05 ca Exp $") +SM_RCSID("@(#)$Id: ratectrl.c,v 8.13 2009/05/05 23:19:34 ca Exp $") /* ** stuff included - given some warnings (inet_ntoa) @@ -69,9 +69,6 @@ SM_RCSID("@(#)$Id: ratectrl.c,v 8.12 2008/02/11 22:56:05 ca Exp $") /* forward declarations */ static int client_rate __P((time_t, SOCKADDR *, bool)); static int total_rate __P((time_t, bool)); -#if 0 -static int sockaddrcmp __P((SOCKADDR *, SOCKADDR *)); -#endif /* 0 */ /* ** CONNECTION_RATE_CHECK - updates connection history data @@ -485,50 +482,3 @@ total_rate(now, update) return cnt; } - -#if 0 -/* -** SOCKADDRCMP - compare two SOCKADDR structures -** this function may be used to compare SOCKADDR -** structures when using bsearch and qsort functions -** in the same way we do with strcmp -** -** Parameters: -** a, b - addresses -** -** Returns: -** 1 if a > b -** -1 if a < b -** 0 if a = b -** -** OBS: This call isn't used at the moment, it will -** be used when code will be extended to work with IPV6 -*/ - -static int -sockaddrcmp(a, b) - SOCKADDR *a; - SOCKADDR *b; -{ - if (a->sa.sa_family > b->sa.sa_family) - return 1; - if (a->sa.sa_family < b->sa.sa_family) - return -1; - - switch (a->sa.sa_family) - { - case AF_INET: - if (a->sin.sin_addr.s_addr > b->sin.sin_addr.s_addr) - return 1; - if (a->sin.sin_addr.s_addr < b->sin.sin_addr.s_addr) - return -1; - return 0; - break; - - case AF_INET6: - /* TO BE DONE */ - break; - } - return 0; -} -#endif /* 0 */ diff --git a/contrib/sendmail/src/readcf.c b/contrib/sendmail/src/readcf.c index 445df9e10686..c6d48a8cfea6 100644 --- a/contrib/sendmail/src/readcf.c +++ b/contrib/sendmail/src/readcf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2006, 2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2006, 2008, 2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -14,7 +14,7 @@ #include #include -SM_RCSID("@(#)$Id: readcf.c,v 8.666 2008/02/14 17:25:14 ca Exp $") +SM_RCSID("@(#)$Id: readcf.c,v 8.674 2009/10/26 17:47:00 ca Exp $") #if NETINET || NETINET6 # include @@ -113,6 +113,9 @@ readcf(cfname, safe, e) FileName = cfname; LineNumber = 0; +#if STARTTLS + Srv_SSL_Options = Clt_SSL_Options = SSL_OP_ALL; +#endif /* STARTTLS */ if (DontLockReadFiles) sff |= SFF_NOLOCK; cf = safefopen(cfname, O_RDONLY, 0444, sff); @@ -136,7 +139,7 @@ readcf(cfname, safe, e) if (OpMode != MD_TEST && bitset(S_IWGRP|S_IWOTH, statb.st_mode)) { - if (OpMode == MD_DAEMON || OpMode == MD_INITALIAS) + if (OpMode == MD_DAEMON || OpMode == MD_INITALIAS || OpMode == MD_CHECKCONFIG) (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, "%s: WARNING: dangerous write permissions\n", FileName); @@ -462,7 +465,7 @@ readcf(cfname, safe, e) rwp = RewriteRules[ruleset]; if (rwp != NULL) { - if (OpMode == MD_TEST) + if (OpMode == MD_TEST || OpMode == MD_CHECKCONFIG) (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "WARNING: Ruleset %s has multiple definitions\n", @@ -534,7 +537,6 @@ readcf(cfname, safe, e) p++; while (isascii(*p) && isspace(*p)) p++; - file = p; } else optional = false; @@ -2255,10 +2257,101 @@ static struct optioninfo # define O_RCPTSHUTDG 0xe2 { "BadRcptShutdownGood", O_RCPTSHUTDG, OI_SAFE }, #endif /* _FFR_BADRCPT_SHUTDOWN */ +#if STARTTLS && _FFR_TLS_1 +# define O_SRV_SSL_OPTIONS 0xe3 + { "ServerSSLOptions", O_SRV_SSL_OPTIONS, OI_NONE }, +# define O_CLT_SSL_OPTIONS 0xe4 + { "ClientSSLOptions", O_CLT_SSL_OPTIONS, OI_NONE }, +#endif /* STARTTLS && _FFR_TLS_1 */ +#if _FFR_EXPDELAY +# define O_MAX_QUEUE_AGE 0xe5 + { "MaxQueueAge", O_MAX_QUEUE_AGE, OI_NONE }, +#endif /* _FFR_EXPDELAY */ +#if _FFR_RCPTTHROTDELAY +# define O_RCPTTHROTDELAY 0xe6 + { "BadRcptThrottleDelay", O_RCPTTHROTDELAY, OI_SAFE }, +#endif /* _FFR_RCPTTHROTDELAY */ { NULL, '\0', OI_NONE } }; +#if STARTTLS && _FFR_TLS_1 +static struct ssl_options +{ + const char *sslopt_name; /* name of the flag */ + long sslopt_bits; /* bits to set/clear */ +} SSL_Option[] = +{ +/* these are turned on by default */ +#ifdef SSL_OP_MICROSOFT_SESS_ID_BUG + { "SSL_OP_MICROSOFT_SESS_ID_BUG", SSL_OP_MICROSOFT_SESS_ID_BUG }, +#endif /* SSL_OP_MICROSOFT_SESS_ID_BUG */ +#ifdef SSL_OP_NETSCAPE_CHALLENGE_BUG + { "SSL_OP_NETSCAPE_CHALLENGE_BUG", SSL_OP_NETSCAPE_CHALLENGE_BUG }, +#endif /* SSL_OP_NETSCAPE_CHALLENGE_BUG */ +#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + { "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG }, +#endif /* SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG */ +#ifdef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG + { "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG }, +#endif /* SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG */ +#ifdef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER + { "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER }, +#endif /* SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER */ +#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING + { "SSL_OP_MSIE_SSLV2_RSA_PADDING", SSL_OP_MSIE_SSLV2_RSA_PADDING }, +#endif /* SSL_OP_MSIE_SSLV2_RSA_PADDING */ +#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG + { "SSL_OP_SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG }, +#endif /* SSL_OP_SSLEAY_080_CLIENT_DH_BUG */ +#ifdef SSL_OP_TLS_D5_BUG + { "SSL_OP_TLS_D5_BUG", SSL_OP_TLS_D5_BUG }, +#endif /* SSL_OP_TLS_D5_BUG */ +#ifdef SSL_OP_TLS_BLOCK_PADDING_BUG + { "SSL_OP_TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG }, +#endif /* SSL_OP_TLS_BLOCK_PADDING_BUG */ +#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + { "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS }, +#endif /* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */ + { "SSL_OP_ALL", SSL_OP_ALL }, +#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + { "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION }, +#endif /* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION */ +#ifdef SSL_OP_EPHEMERAL_RSA + { "SSL_OP_EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA }, +#endif /* SSL_OP_EPHEMERAL_RSA */ +#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE + { "SSL_OP_CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE }, +#endif /* SSL_OP_CIPHER_SERVER_PREFERENCE */ +#ifdef SSL_OP_TLS_ROLLBACK_BUG + { "SSL_OP_TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG }, +#endif /* SSL_OP_TLS_ROLLBACK_BUG */ +#ifdef SSL_OP_NO_SSLv2 + { "SSL_OP_NO_SSLv2", SSL_OP_NO_SSLv2 }, +#endif /* SSL_OP_NO_SSLv2 */ +#ifdef SSL_OP_NO_SSLv3 + { "SSL_OP_NO_SSLv3", SSL_OP_NO_SSLv3 }, +#endif /* SSL_OP_NO_SSLv3 */ +#ifdef SSL_OP_NO_TLSv1 + { "SSL_OP_NO_TLSv1", SSL_OP_NO_TLSv1 }, +#endif /* SSL_OP_NO_TLSv1 */ +#ifdef SSL_OP_PKCS1_CHECK_1 + { "SSL_OP_PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1 }, +#endif /* SSL_OP_PKCS1_CHECK_1 */ +#ifdef SSL_OP_PKCS1_CHECK_2 + { "SSL_OP_PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2 }, +#endif /* SSL_OP_PKCS1_CHECK_2 */ +#ifdef SSL_OP_NETSCAPE_CA_DN_BUG + { "SSL_OP_NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG }, +#endif /* SSL_OP_NETSCAPE_CA_DN_BUG */ +#ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG + { "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG }, +#endif /* SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG */ + { NULL, 0 } +}; +#endif /* STARTTLS && _FFR_TLS_1 */ + + # define CANONIFY(val) # define SET_OPT_DEFAULT(opt, val) opt = val @@ -2299,6 +2392,9 @@ setoption(opt, val, safe, sticky, e) char *newval; char exbuf[MAXLINE]; #endif /* STARTTLS || SM_CONF_SHM */ +#if STARTTLS && _FFR_TLS_1 + long *pssloptions = NULL; +#endif /* STARTTLS && _FFR_TLS_1 */ errno = 0; if (opt == ' ') @@ -2995,6 +3091,12 @@ setoption(opt, val, safe, sticky, e) MinQueueAge = convtime(val, 'm'); break; +#if _FFR_EXPDELAY + case O_MAX_QUEUE_AGE: + MaxQueueAge = convtime(val, 'm'); + break; +#endif /* _FFR_EXPDELAY */ + case O_DEFCHARSET: /* default character set for mimefying */ DefaultCharSet = newstr(denlstring(val, true, true)); break; @@ -3317,6 +3419,12 @@ setoption(opt, val, safe, sticky, e) BadRcptThrottle = atoi(val); break; +#if _FFR_RCPTTHROTDELAY + case O_RCPTTHROTDELAY: + BadRcptThrottleDelay = atoi(val); + break; +#endif /* _FFR_RCPTTHROTDELAY */ + case O_DEADLETTER: CANONIFY(val); PSTRSET(DeadLetterDrop, val); @@ -3578,7 +3686,51 @@ setoption(opt, val, safe, sticky, e) SET_STRING_EXP(DHParams5); case O_CIPHERLIST: SET_STRING_EXP(CipherList); + case O_SRV_SSL_OPTIONS: + pssloptions = &Srv_SSL_Options; + case O_CLT_SSL_OPTIONS: + if (pssloptions == NULL) + pssloptions = &Clt_SSL_Options; + for (p = val; *p != 0; ) + { + bool clearmode; + char *q; + struct ssl_options *sslopts; + + while (*p == ' ') + p++; + if (*p == '\0') + break; + clearmode = false; + if (*p == '-' || *p == '+') + clearmode = *p++ == '-'; + q = p; + while (*p != '\0' && !(isascii(*p) && isspace(*p))) + p++; + if (*p != '\0') + *p++ = '\0'; + for (sslopts = SSL_Option; + sslopts->sslopt_name != NULL; sslopts++) + { + if (sm_strcasecmp(q, sslopts->sslopt_name) == 0) + break; + } + if (sslopts->sslopt_name == NULL) + { + errno = 0; + syserr("readcf: %s option value %s unrecognized", + o->o_name, q); + } + else if (clearmode) + *pssloptions &= ~sslopts->sslopt_bits; + else + *pssloptions |= sslopts->sslopt_bits; + } + pssloptions = NULL; + break; + # endif /* _FFR_TLS_1 */ + case O_CRLFILE: # if OPENSSL_VERSION_NUMBER > 0x00907000L SET_STRING_EXP(CRLFile); @@ -4026,8 +4178,7 @@ strtorwset(p, endp, stabmode) char *q = NULL; q = p; - while (*p != '\0' && isascii(*p) && - (isalnum(*p) || *p == '_')) + while (*p != '\0' && isascii(*p) && (isalnum(*p) || *p == '_')) p++; if (q == p || !(isascii(*q) && isalpha(*q))) { diff --git a/contrib/sendmail/src/savemail.c b/contrib/sendmail/src/savemail.c index cf72e8d497ef..4178245cc5a3 100644 --- a/contrib/sendmail/src/savemail.c +++ b/contrib/sendmail/src/savemail.c @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: savemail.c,v 8.313 2006/11/29 00:20:41 ca Exp $") +SM_RCSID("@(#)$Id: savemail.c,v 8.314 2009/12/18 17:08:01 ca Exp $") static bool errbody __P((MCI *, ENVELOPE *, char *)); static bool pruneroute __P((char *)); @@ -705,7 +705,7 @@ returntosender(msg, returnq, flags, e) sendall(ee, SM_DELIVER); /* restore state */ - dropenvelope(ee, true, false); + (void) dropenvelope(ee, true, false); sm_rpool_free(ee->e_rpool); CurEnv = oldcur; returndepth--; diff --git a/contrib/sendmail/src/sendmail.8 b/contrib/sendmail/src/sendmail.8 index 540d55480ae1..e5ce9aeef9de 100644 --- a/contrib/sendmail/src/sendmail.8 +++ b/contrib/sendmail/src/sendmail.8 @@ -9,9 +9,9 @@ .\" the sendmail distribution. .\" .\" -.\" $Id: sendmail.8,v 8.58 2007/08/02 05:42:33 ca Exp $ +.\" $Id: sendmail.8,v 8.59 2009/04/10 17:49:19 gshapiro Exp $ .\" -.TH SENDMAIL 8 "$Date: 2007/08/02 05:42:33 $" +.TH SENDMAIL 8 "$Date: 2009/04/10 17:49:19 $" .SH NAME sendmail \- an electronic mail transport agent @@ -741,6 +741,8 @@ Internet Request For Comments No. 8, SMM. .PP http://www.sendmail.org/ +.PP +US Patent Numbers 6865671, 6986037. .SH HISTORY The .B sendmail diff --git a/contrib/sendmail/src/sendmail.h b/contrib/sendmail/src/sendmail.h index b6b231d844ef..b170c2bbb3d7 100644 --- a/contrib/sendmail/src/sendmail.h +++ b/contrib/sendmail/src/sendmail.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -52,7 +52,7 @@ #ifdef _DEFINE # ifndef lint -SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 8.1059 2008/02/15 23:19:58 ca Exp $"; +SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 8.1068 2009/12/18 17:08:01 ca Exp $"; # endif /* ! lint */ #endif /* _DEFINE */ @@ -607,7 +607,7 @@ extern bool filesys_free __P((long)); ERROR: change SASL_SEC_MASK_ notify sendmail.org! # endif /* SASL_SEC_NOPLAINTEXT & SASL_SEC_MASK) == 0 ... */ # endif /* SASL >= 20101 */ -# define MAXOUTLEN 8192 /* length of output buffer */ +# define MAXOUTLEN 8192 /* length of output buffer, should be 2^n */ /* functions */ extern char *intersect __P((char *, char *, SM_RPOOL_T *)); @@ -931,6 +931,10 @@ struct envelope int e_dlvr_flag; /* deliver by flag */ SM_RPOOL_T *e_rpool; /* resource pool for this envelope */ unsigned int e_features; /* server features */ +#if _FFR_MILTER_ENHSC +#define ENHSC_LEN 11 + char e_enhsc[ENHSC_LEN]; /* enhanced status code */ +#endif /* _FFR_MILTER_ENHSC */ }; /* values for e_flags */ @@ -982,7 +986,7 @@ extern ENVELOPE BlankEnvelope; /* functions */ extern void clearenvelope __P((ENVELOPE *, bool, SM_RPOOL_T *)); -extern void dropenvelope __P((ENVELOPE *, bool, bool)); +extern int dropenvelope __P((ENVELOPE *, bool, bool)); extern ENVELOPE *newenvelope __P((ENVELOPE *, ENVELOPE *, SM_RPOOL_T *)); extern void clrsessenvelope __P((ENVELOPE *)); extern void printenvflags __P((ENVELOPE *)); @@ -1561,6 +1565,7 @@ extern void stabapply __P((void (*)(STAB *, int), int)); #define MD_HOSTSTAT 'h' /* print persistent host stat info */ #define MD_PURGESTAT 'H' /* purge persistent host stat info */ #define MD_QUEUERUN 'q' /* queue run */ +#define MD_CHECKCONFIG 'C' /* check configuration file */ #if _FFR_LOCAL_DAEMON EXTERN bool LocalDaemon; @@ -1880,7 +1885,7 @@ struct termescape /* functions */ extern bool init_tls_library __P((void)); -extern bool inittls __P((SSL_CTX **, unsigned long, bool, char *, char *, char *, char *, char *)); +extern bool inittls __P((SSL_CTX **, unsigned long, long, bool, char *, char *, char *, char *, char *)); extern bool initclttls __P((bool)); extern void setclttls __P((bool)); extern bool initsrvtls __P((bool)); @@ -1906,6 +1911,7 @@ EXTERN char *CRLFile; /* file CRLs */ EXTERN char *CRLPath; /* path to CRLs (dir. with hashes) */ #endif /* _FFR_CRLPATH */ EXTERN unsigned long TLS_Srv_Opts; /* TLS server options */ +EXTERN long Srv_SSL_Options, Clt_SSL_Options; /* SSL options */ #endif /* STARTTLS */ /* @@ -1986,6 +1992,9 @@ EXTERN int QueueFileMode; /* mode on files in mail queue */ EXTERN int QueueMode; /* which queue items to act upon */ EXTERN int QueueSortOrder; /* queue sorting order algorithm */ EXTERN time_t MinQueueAge; /* min delivery interval */ +#if _FFR_EXPDELAY +EXTERN time_t MaxQueueAge; /* max delivery interval */ +#endif /* _FFR_EXPDELAY */ EXTERN time_t QueueIntvl; /* intervals between running the queue */ EXTERN char *QueueDir; /* location of queue directory */ EXTERN QUEUE_CHAR *QueueLimitId; /* limit queue run to id */ @@ -2235,11 +2244,16 @@ EXTERN bool UseNameServer; /* using DNS -- interpret h_errno & MX RRs */ EXTERN char InetMode; /* default network for daemon mode */ EXTERN char OpMode; /* operation mode, see below */ EXTERN char SpaceSub; /* substitution for */ -EXTERN int BadRcptThrottle; /* Throttle rejected RCPTs per SMTP message */ #if _FFR_BADRCPT_SHUTDOWN EXTERN int BadRcptShutdown; /* Shutdown connection for rejected RCPTs */ EXTERN int BadRcptShutdownGood; /* above even when there are good RCPTs */ #endif /* _FFR_BADRCPT_SHUTDOWN */ +EXTERN int BadRcptThrottle; /* Throttle rejected RCPTs per SMTP message */ +#if _FFR_RCPTTHROTDELAY +EXTERN unsigned int BadRcptThrottleDelay; /* delay for BadRcptThrottle */ +#else +# define BadRcptThrottleDelay 1 +#endif /* _FFR_RCPTTHROTDELAY */ EXTERN int CheckpointInterval; /* queue file checkpoint interval */ EXTERN int ConfigLevel; /* config file level */ EXTERN int ConnRateThrottle; /* throttle for SMTP connection rate */ diff --git a/contrib/sendmail/src/sfsasl.c b/contrib/sendmail/src/sfsasl.c index 67e919f34df3..cad16db1686a 100644 --- a/contrib/sendmail/src/sfsasl.c +++ b/contrib/sendmail/src/sfsasl.c @@ -9,7 +9,7 @@ */ #include -SM_RCSID("@(#)$Id: sfsasl.c,v 8.117 2008/01/31 18:48:29 ca Exp $") +SM_RCSID("@(#)$Id: sfsasl.c,v 8.118 2008/07/22 15:12:48 ca Exp $") #include #include #include @@ -296,7 +296,7 @@ sasl_write(fp, buf, size) /* ** Fetch the maximum input buffer size for sasl_encode(). ** This can be less than the size set in attemptauth() - ** due to a negotation with the other side, e.g., + ** due to a negotiation with the other side, e.g., ** Cyrus IMAP lmtp program sets maxbuf=4096, ** digestmd5 substracts 25 and hence we'll get 4071 ** instead of 8192 (MAXOUTLEN). diff --git a/contrib/sendmail/src/srvrsmtp.c b/contrib/sendmail/src/srvrsmtp.c index fffcd0d37ab7..49016e4572b5 100644 --- a/contrib/sendmail/src/srvrsmtp.c +++ b/contrib/sendmail/src/srvrsmtp.c @@ -17,7 +17,7 @@ # include #endif /* MILTER */ -SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.975 2008/03/31 16:32:13 ca Exp $") +SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.989 2009/12/18 17:08:01 ca Exp $") #include #include @@ -479,6 +479,9 @@ do \ e->e_sendqueue = NULL; \ e->e_flags |= EF_CLRQUEUE; \ \ + if (tTd(92, 2)) \ + sm_dprintf("CLEAR_STATE: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n",\ + e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel);\ if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) \ logsender(e, NULL); \ e->e_flags &= ~EF_LOGSENDER; \ @@ -486,7 +489,7 @@ do \ /* clean up a bit */ \ smtp.sm_gotmail = false; \ SuprErrs = true; \ - dropenvelope(e, true, false); \ + (void) dropenvelope(e, true, false); \ sm_rpool_free(e->e_rpool); \ e = newenvelope(e, CurEnv, sm_rpool_new_x(NULL)); \ CurEnv = e; \ @@ -906,6 +909,16 @@ smtp(nullserver, d_flags, e) #endif /* SASL */ #if STARTTLS +# if USE_OPENSSL_ENGINE + if (tls_ok_srv && bitset(SRV_OFFER_TLS, features) && + !SSL_set_engine(NULL)) + { + sm_syslog(LOG_ERR, NOQID, + "STARTTLS=server, SSL_set_engine=failed"); + tls_ok_srv = false; + } +# endif /* USE_OPENSSL_ENGINE */ + set_tls_rd_tmo(TimeOuts.to_nextcommand); #endif /* STARTTLS */ @@ -1272,7 +1285,8 @@ smtp(nullserver, d_flags, e) { if (++np_log < 3) sm_syslog(LOG_INFO, NOQID, - "unauthorized PIPELINING, sleeping"); + "unauthorized PIPELINING, sleeping, relay=%.100s", + CurSmtpClient); sleep(1); } @@ -1447,8 +1461,9 @@ smtp(nullserver, d_flags, e) message("454 4.5.4 Internal error: unable to encode64"); if (LogLevel > 5) sm_syslog(LOG_WARNING, e->e_id, - "AUTH encode64 error [%d for \"%s\"]", - result, out); + "AUTH encode64 error [%d for \"%s\"], relay=%.100s", + result, out, + CurSmtpClient); /* start over? */ authenticating = SASL_NOT_AUTH; } @@ -1469,16 +1484,17 @@ smtp(nullserver, d_flags, e) message("535 5.7.0 authentication failed"); if (LogLevel > 9) sm_syslog(LOG_WARNING, e->e_id, - "AUTH failure (%s): %s (%d) %s", + "AUTH failure (%s): %s (%d) %s, relay=%.100s", auth_type, sasl_errstring(result, NULL, NULL), result, # if SASL >= 20000 - sasl_errdetail(conn)); + sasl_errdetail(conn), # else /* SASL >= 20000 */ - errstr == NULL ? "" : errstr); + errstr == NULL ? "" : errstr, # endif /* SASL >= 20000 */ + CurSmtpClient); RESET_SASLCONN; authenticating = SASL_NOT_AUTH; } @@ -1700,8 +1716,9 @@ smtp(nullserver, d_flags, e) q); if (LogLevel > 5) sm_syslog(LOG_WARNING, e->e_id, - "AUTH decode64 error [%d for \"%s\"]", - result, q); + "AUTH decode64 error [%d for \"%s\"], relay=%.100s", + result, q, + CurSmtpClient); /* start over? */ authenticating = SASL_NOT_AUTH; # if SASL >= 20000 @@ -1734,16 +1751,17 @@ smtp(nullserver, d_flags, e) message("535 5.7.0 authentication failed"); if (LogLevel > 9) sm_syslog(LOG_ERR, e->e_id, - "AUTH failure (%s): %s (%d) %s", + "AUTH failure (%s): %s (%d) %s, relay=%.100s", p, sasl_errstring(result, NULL, NULL), result, # if SASL >= 20000 - sasl_errdetail(conn)); + sasl_errdetail(conn), # else /* SASL >= 20000 */ - errstr); + errstr, # endif /* SASL >= 20000 */ + CurSmtpClient); RESET_SASLCONN; break; } @@ -1893,8 +1911,9 @@ smtp(nullserver, d_flags, e) if (LogLevel > 5) { sm_syslog(LOG_WARNING, NOQID, - "STARTTLS=server, error: accept failed=%d, SSL_error=%d, errno=%d, retry=%d", - r, ssl_err, errno, i); + "STARTTLS=server, error: accept failed=%d, SSL_error=%d, errno=%d, retry=%d, relay=%.100s", + r, ssl_err, errno, i, + CurSmtpClient); if (LogLevel > 8) tlslogerr("server"); } @@ -2532,7 +2551,7 @@ smtp(nullserver, d_flags, e) #if _FFR_BADRCPT_SHUTDOWN /* ** hack to deal with hack, see below: - ** n_badrcpts is increased is limit is reached. + ** n_badrcpts is increased if limit is reached. */ n_badrcpts_adj = (BadRcptThrottle > 0 && @@ -2576,12 +2595,12 @@ smtp(nullserver, d_flags, e) /* ** Don't use exponential backoff for now. - ** Some servers will open more connections + ** Some systems will open more connections ** and actually overload the receiver even ** more. */ - (void) sleep(1); + (void) sleep(BadRcptThrottleDelay); } if (!smtp.sm_gotmail) { @@ -3147,6 +3166,11 @@ doquit: milter_quit(e); #endif /* MILTER */ + if (tTd(92, 2)) + sm_dprintf("QUIT: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n", + e->e_id, + bitset(EF_LOGSENDER, e->e_flags), + LogLevel); if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) logsender(e, NULL); e->e_flags &= ~EF_LOGSENDER; @@ -3358,6 +3382,11 @@ smtp_data(smtp, e) response); LogUsrErrs = false; } +#if _FFR_MILTER_ENHSC + if (ISSMTPCODE(response)) + (void) extenhsc(response + 4, ' ', e->e_enhsc); +#endif /* _FFR_MILTER_ENHSC */ + usrerr(response); if (strncmp(response, "421 ", 4) == 0 || strncmp(response, "421-", 4) == 0) @@ -3374,6 +3403,10 @@ smtp_data(smtp, e) "Milter: cmd=data, reject=550 5.7.1 Command rejected"); LogUsrErrs = false; } +#if _FFR_MILTER_ENHSC + (void) sm_strlcpy(e->e_enhsc, "5.7.1", + sizeof(e->e_enhsc)); +#endif /* _FFR_MILTER_ENHSC */ usrerr("550 5.7.1 Command rejected"); return true; @@ -3392,6 +3425,9 @@ smtp_data(smtp, e) MSG_TEMPFAIL); LogUsrErrs = false; } +#if _FFR_MILTER_ENHSC + (void) extenhsc(MSG_TEMPFAIL + 4, ' ', e->e_enhsc); +#endif /* _FFR_MILTER_ENHSC */ usrerr(MSG_TEMPFAIL); return true; @@ -3467,7 +3503,14 @@ smtp_data(smtp, e) "Milter: data, reject=%s", response); milteraccept = false; +#if _FFR_MILTER_ENHSC + if (ISSMTPCODE(response)) + (void) extenhsc(response + 4, ' ', e->e_enhsc); +#endif /* _FFR_MILTER_ENHSC */ usrerr(response); + if (strncmp(response, "421 ", 4) == 0 + || strncmp(response, "421-", 4) == 0) + rv = false; break; case SMFIR_REJECT: @@ -3492,6 +3535,9 @@ smtp_data(smtp, e) "Milter: data, reject=%s", MSG_TEMPFAIL); milteraccept = false; +#if _FFR_MILTER_ENHSC + (void) extenhsc(MSG_TEMPFAIL + 4, ' ', e->e_enhsc); +#endif /* _FFR_MILTER_ENHSC */ usrerr(MSG_TEMPFAIL); break; @@ -3782,6 +3828,9 @@ smtp_data(smtp, e) } abortmessage: + if (tTd(92, 2)) + sm_dprintf("abortmessage: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n", + e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel); if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) logsender(e, NULL); e->e_flags &= ~EF_LOGSENDER; @@ -3795,7 +3844,7 @@ smtp_data(smtp, e) */ if (aborting || bitset(EF_DISCARD, e->e_flags)) - dropenvelope(e, true, false); + (void) dropenvelope(e, true, false); else { for (ee = e; ee != NULL; ee = ee->e_sibling) @@ -3804,11 +3853,11 @@ smtp_data(smtp, e) QueueMode != QM_QUARANTINE && ee->e_quarmsg != NULL) { - dropenvelope(ee, true, false); + (void) dropenvelope(ee, true, false); continue; } if (WILL_BE_QUEUED(ee->e_sendmode)) - dropenvelope(ee, true, false); + (void) dropenvelope(ee, true, false); } } @@ -3870,8 +3919,13 @@ logundelrcpts(e, msg, level, all) if (!QS_IS_UNDELIVERED(a->q_state) && !all) continue; e->e_to = a->q_paddr; - logdelivery(NULL, NULL, a->q_status, msg, NULL, - (time_t) 0, e); + logdelivery(NULL, NULL, +#if _FFR_MILTER_ENHSC + (a->q_status == NULL && e->e_enhsc[0] != '\0') + ? e->e_enhsc : +#endif /* _FFR_MILTER_ENHSC */ + a->q_status, + msg, NULL, (time_t) 0, e); } e->e_to = NULL; } @@ -4692,8 +4746,9 @@ initsrvtls(tls_ok) return false; /* do NOT remove assignment */ - tls_ok_srv = inittls(&srv_ctx, TLS_Srv_Opts, true, SrvCertFile, - SrvKeyFile, CACertPath, CACertFile, DHParams); + tls_ok_srv = inittls(&srv_ctx, TLS_Srv_Opts, Srv_SSL_Options, true, + SrvCertFile, SrvKeyFile, + CACertPath, CACertFile, DHParams); return tls_ok_srv; } #endif /* STARTTLS */ diff --git a/contrib/sendmail/src/tls.c b/contrib/sendmail/src/tls.c index 1a213cab68ee..70319944950c 100644 --- a/contrib/sendmail/src/tls.c +++ b/contrib/sendmail/src/tls.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2006 Sendmail, Inc. and its suppliers. + * Copyright (c) 2000-2006, 2008, 2009 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -10,7 +10,7 @@ #include -SM_RCSID("@(#)$Id: tls.c,v 8.107 2006/10/12 21:35:11 ca Exp $") +SM_RCSID("@(#)$Id: tls.c,v 8.114 2009/08/10 15:11:09 ca Exp $") #if STARTTLS # include @@ -486,6 +486,7 @@ tls_safe_f(var, sff, srv) ** Parameters: ** ctx -- pointer to context ** req -- requirements for initialization (see sendmail.h) +** options -- options ** srv -- server side? ** certfile -- filename of certificate ** keyfile -- filename of private key @@ -514,9 +515,10 @@ static char server_session_id_context[] = "sendmail8"; #endif bool -inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) +inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) SSL_CTX **ctx; unsigned long req; + long options; bool srv; char *certfile, *keyfile, *cacertpath, *cacertfile, *dhparam; { @@ -525,7 +527,7 @@ inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) # endif /* !NO_DH */ int r; bool ok; - long sff, status, options; + long sff, status; char *who; # if _FFR_TLS_1 char *cf2, *kf2; @@ -643,7 +645,10 @@ inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) } } if (dhparam == NULL) + { dhparam = srv ? "1" : "5"; + req |= (srv ? TLS_I_DH1024 : TLS_I_DH512); + } else if (*dhparam == '/') { TLS_OK_F(dhparam, "DHParameters", @@ -913,7 +918,6 @@ inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) /* SSL_CTX_set_quiet_shutdown(*ctx, 1); violation of standard? */ - options = SSL_OP_ALL; /* bug compatibility? */ #if SM_SSL_OP_TLS_BLOCK_PADDING_BUG /* @@ -1196,23 +1200,62 @@ tls_get_info(ssl, srv, host, mac, certreq) if (cert != NULL) { unsigned int n; + X509_NAME *subj, *issuer; unsigned char md[EVP_MAX_MD_SIZE]; char buf[MAXNAME]; - X509_NAME_oneline(X509_get_subject_name(cert), - buf, sizeof(buf)); + subj = X509_get_subject_name(cert); + issuer = X509_get_issuer_name(cert); + X509_NAME_oneline(subj, buf, sizeof(buf)); macdefine(mac, A_TEMP, macid("{cert_subject}"), xtextify(buf, "<>\")")); - X509_NAME_oneline(X509_get_issuer_name(cert), - buf, sizeof(buf)); + X509_NAME_oneline(issuer, buf, sizeof(buf)); macdefine(mac, A_TEMP, macid("{cert_issuer}"), xtextify(buf, "<>\")")); - X509_NAME_get_text_by_NID(X509_get_subject_name(cert), - NID_commonName, buf, sizeof(buf)); + +#define CHECK_X509_NAME(which) \ + do { \ + if (r == -1) \ + { \ + sm_strlcpy(buf, "BadCertificateUnknown", sizeof(buf)); \ + if (LogLevel > 7) \ + sm_syslog(LOG_INFO, NOQID, \ + "STARTTLS=%s, relay=%.100s, field=%s, status=failed to extract CN", \ + who, \ + host == NULL ? "local" : host, \ + which); \ + } \ + else if ((size_t)r >= sizeof(buf) - 1) \ + { \ + sm_strlcpy(buf, "BadCertificateTooLong", sizeof(buf)); \ + if (LogLevel > 7) \ + sm_syslog(LOG_INFO, NOQID, \ + "STARTTLS=%s, relay=%.100s, field=%s, status=CN too long", \ + who, \ + host == NULL ? "local" : host, \ + which); \ + } \ + else if ((size_t)r > strlen(buf)) \ + { \ + sm_strlcpy(buf, "BadCertificateContainsNUL", \ + sizeof(buf)); \ + if (LogLevel > 7) \ + sm_syslog(LOG_INFO, NOQID, \ + "STARTTLS=%s, relay=%.100s, field=%s, status=CN contains NUL", \ + who, \ + host == NULL ? "local" : host, \ + which); \ + } \ + } while (0) + + r = X509_NAME_get_text_by_NID(subj, NID_commonName, buf, + sizeof buf); + CHECK_X509_NAME("cn_subject"); macdefine(mac, A_TEMP, macid("{cn_subject}"), xtextify(buf, "<>\")")); - X509_NAME_get_text_by_NID(X509_get_issuer_name(cert), - NID_commonName, buf, sizeof(buf)); + r = X509_NAME_get_text_by_NID(issuer, NID_commonName, buf, + sizeof buf); + CHECK_X509_NAME("cn_issuer"); macdefine(mac, A_TEMP, macid("{cn_issuer}"), xtextify(buf, "<>\")")); n = 0; @@ -1596,14 +1639,19 @@ tls_verify_cb(ctx, unused) { int ok; + /* + ** man SSL_CTX_set_cert_verify_callback(): + ** callback should return 1 to indicate verification success + ** and 0 to indicate verification failure. + */ + ok = X509_verify_cert(ctx); - if (ok == 0) + if (ok <= 0) { if (LogLevel > 13) return tls_verify_log(ok, ctx, "TLS"); - return 1; /* override it */ } - return ok; + return 1; } /* ** TLSLOGERR -- log the errors from the TLS error stack diff --git a/contrib/sendmail/src/usersmtp.c b/contrib/sendmail/src/usersmtp.c index b29495c3ae7f..23278b0b59d7 100644 --- a/contrib/sendmail/src/usersmtp.c +++ b/contrib/sendmail/src/usersmtp.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2006, 2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2006, 2008, 2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: usersmtp.c,v 8.472 2008/01/31 18:48:29 ca Exp $") +SM_RCSID("@(#)$Id: usersmtp.c,v 8.473 2009/06/17 17:26:51 ca Exp $") #include @@ -1568,7 +1568,9 @@ attemptauth(m, mci, e, sai) sasl_interact_t *client_interact = NULL; char *mechusing; sasl_security_properties_t ssp; - char in64[MAXOUTLEN]; + + /* MUST NOT be a multiple of 4: bug in some sasl_encode64() versions */ + char in64[MAXOUTLEN + 1]; #if NETINET || (NETINET6 && SASL >= 20000) extern SOCKADDR CurHostAddr; #endif /* NETINET || (NETINET6 && SASL >= 20000) */ @@ -1770,7 +1772,8 @@ attemptauth(m, mci, e, sai) } else { - saslresult = sasl_encode64(out, outlen, in64, MAXOUTLEN, NULL); + saslresult = sasl_encode64(out, outlen, in64, sizeof(in64), + NULL); if (saslresult != SASL_OK) /* internal error */ { if (LogLevel > 8) @@ -1837,7 +1840,7 @@ attemptauth(m, mci, e, sai) if (outlen > 0) { saslresult = sasl_encode64(out, outlen, in64, - MAXOUTLEN, NULL); + sizeof(in64), NULL); if (saslresult != SASL_OK) { /* give an error reply to the other side! */ diff --git a/contrib/sendmail/src/util.c b/contrib/sendmail/src/util.c index dab596130500..ab491fbfe52b 100644 --- a/contrib/sendmail/src/util.c +++ b/contrib/sendmail/src/util.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2007, 2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: util.c,v 8.414 2007/11/02 17:30:38 ca Exp $") +SM_RCSID("@(#)$Id: util.c,v 8.416 2009/12/18 17:05:26 ca Exp $") #include #include @@ -868,7 +868,7 @@ xputs(fp, s) c &= 0177; } printchar: - if (isprint(c)) + if (isascii(c) && isprint(c)) { (void) sm_io_putc(fp, SM_TIME_DEFAULT, c); continue; @@ -895,7 +895,7 @@ xputs(fp, s) TermEscape.te_rv_on); shiftout = true; } - if (isprint(c)) + if (isascii(c) && isprint(c)) { (void) sm_io_putc(fp, SM_TIME_DEFAULT, '\\'); (void) sm_io_putc(fp, SM_TIME_DEFAULT, c); diff --git a/contrib/sendmail/src/version.c b/contrib/sendmail/src/version.c index 3e5ee8e6fdcc..cb94d0f2c574 100644 --- a/contrib/sendmail/src/version.c +++ b/contrib/sendmail/src/version.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,6 +13,6 @@ #include -SM_RCSID("@(#)$Id: version.c,v 8.208 2008/04/17 17:04:30 ca Exp $") +SM_RCSID("@(#)$Id: version.c,v 8.218 2009/12/23 04:43:09 ca Exp $") -char Version[] = "8.14.3"; +char Version[] = "8.14.4"; diff --git a/contrib/sendmail/vacation/vacation.c b/contrib/sendmail/vacation/vacation.c index 10712b8ed8b0..2ead0b86cbee 100644 --- a/contrib/sendmail/vacation/vacation.c +++ b/contrib/sendmail/vacation/vacation.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2002 Sendmail, Inc. and its suppliers. + * Copyright (c) 1999-2002, 2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1987, 1993 * The Regents of the University of California. All rights reserved. @@ -14,13 +14,13 @@ #include SM_IDSTR(copyright, -"@(#) Copyright (c) 1999-2001 Sendmail, Inc. and its suppliers.\n\ +"@(#) Copyright (c) 1999-2002, 2009 Sendmail, Inc. and its suppliers.\n\ All rights reserved.\n\ Copyright (c) 1983, 1987, 1993\n\ The Regents of the University of California. All rights reserved.\n\ Copyright (c) 1983 Eric P. Allman. All rights reserved.\n") -SM_IDSTR(id, "@(#)$Id: vacation.c,v 8.144 2007/05/11 18:50:36 ca Exp $") +SM_IDSTR(id, "@(#)$Id: vacation.c,v 8.146 2009/08/07 21:28:39 ca Exp $") #include @@ -153,7 +153,7 @@ main(argc, argv) char *dbfilename = NULL; char *msgfilename = NULL; char *cfpath = NULL; - char *name; + char *name = NULL; char *returnaddr = NULL; SMDB_USER_INFO user_info; static char rnamebuf[MAXNAME]; @@ -299,7 +299,7 @@ main(argc, argv) "vacation: no such user uid %u.\n", getuid()); EXITM(EX_NOUSER); } - name = pw->pw_name; + name = strdup(pw->pw_name); user_info.smdbu_id = pw->pw_uid; user_info.smdbu_group_id = pw->pw_gid; (void) sm_strlcpy(user_info.smdbu_name, pw->pw_name, @@ -314,7 +314,7 @@ main(argc, argv) } else if (runasuser) { - name = *argv; + name = strdup(*argv); if (dbfilename == NULL || msgfilename == NULL) { msglog(LOG_NOTICE, @@ -358,7 +358,7 @@ main(argc, argv) sm_strexit(err)); EXITM(err); } - name = user.mbdb_name; + name = strdup(user.mbdb_name); if (chdir(user.mbdb_homedir) != 0) { msglog(LOG_NOTICE, @@ -371,6 +371,12 @@ main(argc, argv) (void) sm_strlcpy(user_info.smdbu_name, user.mbdb_name, SMDB_MAX_USER_NAME_LEN); } + if (name == NULL) + { + msglog(LOG_ERR, + "vacation: can't allocate memory for username.\n"); + EXITM(EX_OSERR); + } if (dbfilename == NULL) dbfilename = VDB; @@ -1032,6 +1038,14 @@ sendmessage(myname, msgfn, sender) (void *) &(pvect[1]), SM_IO_WRONLY, NULL)) != NULL) { +#if _FFR_VAC_WAIT4SM +# ifdef WAITUNION + union wait st; +# else /* WAITUNION */ + auto int st; +# endif /* WAITUNION */ +#endif /* _FFR_VAC_WAIT4SM */ + (void) sm_io_fprintf(sfp, SM_TIME_DEFAULT, "To: %s\n", From); (void) sm_io_fprintf(sfp, SM_TIME_DEFAULT, "Auto-Submitted: auto-replied\n"); @@ -1039,6 +1053,9 @@ sendmessage(myname, msgfn, sender) (void) sm_io_fputs(sfp, SM_TIME_DEFAULT, buf); (void) sm_io_close(mfp, SM_TIME_DEFAULT); (void) sm_io_close(sfp, SM_TIME_DEFAULT); +#if _FFR_VAC_WAIT4SM + (void) wait(&st); +#endif /* _FFR_VAC_WAIT4SM */ } else {