Commit ba87e25c authored by Gregory Neil Shapiro's avatar Gregory Neil Shapiro
Browse files

Import sendmail 8.15.1

parent 4a67213f
The FAQ is no longer maintained with the sendmail release. It is
available at http://www.sendmail.org/faq/ .
A plain-text version of the questions only, with URLs referring to
the answers, is posted to comp.mail.sendmail on the 10th and 25th
of each month.
$Revision: 8.24 $, Last updated $Date: 1999-02-07 03:21:03 $
$Revision: 8.25 $, Last updated $Date: 2014-01-27 12:49:52 $
......@@ -28,8 +28,9 @@ sendmail/SECURITY for more installation information.
/etc/mail/submit.cf. This can be done in the cf/cf by using
"sh ./Build install-cf".
Please read sendmail/SECURITY before continuing; you have to create a
new user smmsp and a new group smmsp for the default installation.
Please read sendmail/SECURITY before continuing; you may have to create
a new user smmsp and a new group smmsp for the default installation
if you are updating from a really old version.
Then install the sendmail binary built in step 3 by cd-ing back to
sendmail/ and running "sh ./Build install".
......
......@@ -62,9 +62,9 @@ This list is not guaranteed to be complete.
libmilter and hence the communication fails. This can be avoided by
increasing the constant MILTER_CHUNK_SIZE in
include/libmilter/mfdef.h and recompiling sendmail, libmilter, and
all (statically linked) milters (or by using an undocumented compile
time option: _FFR_MAXDATASIZE; you have to read the source code in
order to use this properly).
all (statically linked) milters (or by using undocumented compile
time options: _FFR_MAXDATASIZE/_FFR_MDS_NEGOTIATE; you have to
read the source code in order to use these properly).
* Sender addresses whose domain part cause a temporary A record lookup
failure but have a valid MX record will be temporarily rejected in
......@@ -102,6 +102,11 @@ Kresolve sequence dnsmx canon
Header addresses that have the \231 character (and possibly others
in the range \201 - \237) behave in odd and usually unexpected ways.
* AuthRealm for Cyrus SASL may not work as expected. The man page
and the actual usage for sasl_server_new() seem to differ.
Feedback for the "correct" usage is welcome, a patch to match
the description of the man page is in contrib/AuthRealm.p0.
* accept() problem on SVR4.
Apparently, the sendmail daemon loop (doing accept()s on the network)
......@@ -252,7 +257,7 @@ Kresolve sequence dnsmx canon
* Race condition for delivery to set-user-ID files
Sendmail will deliver to a fail if the file is owned by the DefaultUser
Sendmail will deliver to a file if the file is owned by the DefaultUser
or has the set-user-ID bit set. Unfortunately, some systems clear that bit
when a file is modified. Sendmail compensates by resetting the file mode
back to it's original settings. Unfortunately, there's still a
......
......@@ -211,29 +211,11 @@ There are other files you should read. Rooted in this directory are:
+--------------+
There are several related RFCs that you may wish to read -- they are
available via anonymous FTP to several sites. For a list of the
primary repositories see:
http://www.isi.edu/in-notes/rfc-retrieval.txt
They are also online at:
available from several sites, see
http://www.rfc-editor.org/
http://www.ietf.org/
They can also be retrieved via electronic mail by sending
email to one of:
mail-server@nisc.sri.com
Put "send rfcNNN" in message body
nis-info@nis.nsf.net
Put "send RFCnnn.TXT-1" in message body
sendrfc@jvnc.net
Put "RFCnnn" as Subject: line
For further instructions see:
http://www.isi.edu/in-notes/rfc-editor/rfc-info
Important RFCs for electronic mail are:
RFC821 SMTP protocol
......
......@@ -5,6 +5,124 @@ This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.
 
8.15.1/8.15.1 2014/12/06
SECURITY: Properly set the close-on-exec flag for file descriptors
(except stdin, stdout, and stderr) before executing mailers.
If header rewriting fails due to a temporary map lookup failure,
queue the mail for later retry instead of sending it
without rewriting the header. Note: this is done
while the mail is being sent and hence the transaction
is aborted, which only works for SMTP/LMTP mailers
hence the handling of temporary map failures is
suppressed for other mailers. SMTP/LMTP servers may
complain about aborted transactions when this problem
occurs.
See also "DNS Lookups" in sendmail/TUNING.
Incompatible Change: Use uncompressed IPv6 addresses by default,
i.e., they will not contain "::". For example,
instead of ::1 it will be 0:0:0:0:0:0:0:1. This
permits a zero subnet to have a more specific match,
such as different map entries for IPv6:0:0 vs IPv6:0.
This change requires that configuration data
(including maps, files, classes, custom ruleset,
etc) must use the same format, so make certain such
configuration data is updated before using 8.15.
As a very simple check search for patterns like
'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. If necessary,
the prior format can be retained by compiling with:
APPENDDEF(`conf_sendmail_ENVDEF', `-DIPV6_FULL=0')
in your devtools/Site/site.config.m4 file.
If debugging is turned on (-d0.14) also print the OpenSSL
versions, both build time and run time
(provided STARTTLS is compiled in).
If a connection to the MTA is dropped by the client before its
hostname can be validated, treat it as "may be forged",
so that the unvalidated hostname is not passed to a
milter in xxfi_connect().
Add a timeout for communication with socket map servers
which can be specified using the -d option.
Add a compile time option HESIOD_ALLOW_NUMERIC_LOGIN to allow
numeric logins even if HESIOD is enabled.
The new option CertFingerprintAlgorithm specifies the finger-
print algorithm (digest) to use for the presented cert.
If the option is not set, md5 is used and the macro
{cert_md5} contains the cert fingerprint.
However, if the option is set, the specified algorithm
(e.g., sha1) is used and the macro {cert_fp} contains
the cert fingerprint.
That is, as long as the option is not set, the behaviour
does not change, but otherwise, {cert_md5} is superseded
by {cert_fp} even if you set CertFingerprintAlgorithm
to md5.
The options ServerSSLOptions and ClientSSLOptions can be used
to set SSL options for the server and client side
respectively. See SSL_CTX_set_options(3) for a list.
Note: this change turns on SSL_OP_NO_SSLv2 and
SSL_OP_NO_TICKET for the client. See doc/op/op.me
for details.
The option CipherList sets the list of ciphers for STARTTLS.
See ciphers(1) for possible values.
Do not log "STARTTLS: internal error: tls_verify_cb: ssl == NULL"
if a CRLFfile is in use (and LogLevel is 14 or higher.)
Store a more specific TLS protocol version in ${tls_version}
instead of a generic one, e.g., TLSv1 instead of
TLSv1/SSLv3.
Properly set {client_port} value on little endian machines.
Patch from Kelsey Cummings of Sonic.net.
Per RFC 3848, indicate in the Received: header whether SSL or
SMTP AUTH was negotiated by setting the protocol clause
to ESMTPS, ESMTPA, or ESMTPSA instead of ESMTP.
If the 'C' flag is listed as TLSSrvOptions the requirement for the
TLS server to have a cert is removed. This only works
under very specific circumstances and should only be used
if the consequences are understood, e.g., clients
may not work with a server using this.
The options ClientCertFile, ClientKeyFile, ServerCertFile, and
ServerKeyFile can take a second file name, which must be
separated from the first with a comma (note: do not use
any spaces) to set up a second cert/key pair. This can
be used to have certs of different types, e.g., RSA
and DSA.
A new map type "arpa" is available to reverse an IP (IPv4 or IPv6)
address. It returns the string for the PTR lookup, but
without trailing {ip6,in-addr}.arpa.
New operation mode 'C' just checks the configuration file, e.g.,
sendmail -C new.cf -bC
will perform a basic syntax/consistency check of new.cf.
The mailer flag 'I' is deprecated and will be removed in a
future version.
Allow local (not just TCP) socket connections to the server, e.g.,
O DaemonPortOptions=Family=local, Addr=/var/mta/server.sock
can be used.
If the new option MaxQueueAge is set to a value greater than zero,
entries in the queue will be retried during a queue run
only if the individual retry time has been reached which
is doubled for each attempt. The maximum retry time is
limited by the specified value.
New DontBlameSendmail option GroupReadableDefaultAuthInfoFile
to relax requirement for DefaultAuthInfo file.
Reset timeout after receiving a message to appropriate value if
STARTTLS is in use. Based on patch by Kelsey Cummings
of Sonic.net.
Report correct error messages from the LDAP library for a range of
small negative return values covering those used by OpenLDAP.
Fix compilation with Berkeley DB 5.0 and 6.0. Patch from
Allan E Johannesen of Worcester Polytechnic Institute.
CONFIG: FEATURE(`nopercenthack') takes one parameter: reject or
nospecial which describes whether to disallow "%" in the
local part of an address.
DEVTOOLS: Fix regression in auto-detection of libraries when only
shared libraries are available. Problem reported by
Bryan Costales.
LIBMILTER: Mark communication socket as close-on-exec in case
a user's filter starts other applications.
Based on patch from Paul Howarth.
Portability:
SunOS 5.12 has changed the API for sigwait(2) to conform
with XPG7. Based on patch from Roger Faulkner of Oracle.
Deleted Files:
libsm/path.c
8.14.9/8.14.9 2014/05/21
SECURITY: Properly set the close-on-exec flag for file descriptors
(except stdin, stdout, and stderr) before executing mailers.
......@@ -681,7 +799,7 @@ summary of the changes in that release.
LIBMILTER: The "hostname" argument of the xxfi_connect() callback
previously was the equivalent of {client_ptr}. However,
this did not match the documentation of the function, hence
it has been changed to {client_name}. See doc/op/op.*
it has been changed to {client_name}. See doc/op/op.me
about these macros.
 
8.13.7/8.13.7 2006/06/14
......@@ -3509,11 +3627,11 @@ summary of the changes in that release.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
cf/README and doc/op/op.me.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
in cf/README and doc/op/op.me.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
......
......@@ -397,6 +397,10 @@ SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
that ARRIVE from an address that resolves to one of
the SMTP mailers and which are converted to MIME will
be labeled with this character set.
RELAY_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
that ARRIVE from an address that resolves to the
relay mailers and which are converted to MIME will
be labeled with this character set.
SMTP_MAILER_LL [990] The maximum line length for SMTP mailers
(except the relay mailer).
RELAY_MAILER_LL [2040] The maximum line length for the relay mailer.
......@@ -743,6 +747,16 @@ nouucp Don't route UUCP addresses. This feature takes one
2. don't remove "!" from OperatorChars if `reject' is
given as parameter.
nopercenthack Don't treat % as routing character. This feature takes one
parameter:
`reject': reject addresses which have % in the local
part unless it originates from a system
that is allowed to relay.
`nospecial': don't do anything special with %.
Warnings: 1. See the notice in the anti-spam section.
2. Don't remove % from OperatorChars if `reject' is
given as parameter.
nocanonify Don't pass addresses to $[ ... $] for canonification
by default, i.e., host/domain names are considered canonical,
except for unqualified names, which must not be used in this
......@@ -2442,17 +2456,19 @@ should only be used for sites which have no control over the addresses
that they provide a gateway for. Use this FEATURE with caution as it
can allow spammers to relay through your server if not setup properly.
NOTICE: It is possible to relay mail through a system which the anti-relay
rules do not prevent: the case of a system that does use FEATURE(`nouucp',
`nospecial') (system A) and relays local messages to a mail hub (e.g., via
LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use
FEATURE(`nouucp') at all, addresses of the form
<example.net!user@local.host> would be relayed to <user@example.net>.
System A doesn't recognize `!' as an address separator and therefore
forwards it to the mail hub which in turns relays it because it came from
a trusted local host. So if a mailserver allows UUCP (bang-format)
addresses, all systems from which it allows relaying should do the same
or reject those addresses.
NOTICE: It is possible to relay mail through a system which the
anti-relay rules do not prevent: the case of a system that does use
FEATURE(`nouucp', `nospecial') / FEATURE(`nopercenthack', `nospecial')
(system A) and relays local messages to a mail hub (e.g., via
LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use the
same feature (nouucp / nopercenthack) at all, addresses of the form
<example.net!user@local.host> / <user%example.net@local.host>
would be relayed to <user@example.net>.
System A doesn't recognize `!' / `%' as an address separator and
therefore forwards it to the mail hub which in turns relays it
because it came from a trusted local host. So if a mailserver
allows UUCP (bang-format) / %-hack addresses, all systems from which
it allows relaying should do the same or reject those addresses.
As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
an unresolvable domain (i.e., one that DNS, your local name service,
......@@ -3990,6 +4006,13 @@ confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt.
confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm:
Priority, Host, Filename, Random,
Modification, or Time.
confMAX_QUEUE_AGE MaxQueueAge [undefined] If set to a value greater
than zero, entries in the queue
will be retried during a queue run
only if the individual retry time
has been reached which is doubled
for each attempt. The maximum retry
time is limited by the specified value.
confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job
must sit in the queue between queue
runs. This allows you to set the
......@@ -4208,7 +4231,7 @@ confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5
confAUTH_REALM AuthRealm [undefined] The authentication realm
that is passed to the Cyrus SASL
library. If no realm is specified,
$j is used.
$j is used. See KNOWNBUGS.
confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains
authentication information for
outgoing connections. This file must
......@@ -4241,6 +4264,14 @@ confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client
verification is performed, i.e.,
the server doesn't ask for a
certificate.
confSERVER_SSL_OPTIONS ServerSSLOptions [undefined] SSL related
options for server side. See
SSL_CTX_set_options(3) for a list.
confCLIENT_SSL_OPTIONS ClientSSLOptions [undefined] SSL related
options for client side. See
SSL_CTX_set_options(3) for a list.
confCIPHER_LIST CipherList [undefined] Cipher list for TLS.
See ciphers(1) for possible values.
confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map
specification for LDAP maps. The
value should only contain LDAP
......@@ -4281,6 +4312,10 @@ confRAND_FILE RandFile [undefined] File containing random
requires this option if the compile
flag HASURANDOM is not set (see
sendmail/README).
confCERT_FINGERPRINT_ALGORITHM CertFingerprintAlgorithm
[undefined] The fingerprint algorithm
(digest) to use for the presented
cert.
confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of
queue runners is set the given value
(nice(3)).
......
......@@ -16,8 +16,8 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:51 PDT 2014
##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf
##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014
##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
......@@ -122,7 +122,7 @@ DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
DZ8.14.9
DZ8.15.1
###############
......@@ -259,6 +259,9 @@ O PrivacyOptions=authwarnings
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
......@@ -509,6 +512,12 @@ O MaxHeadersLength=32768
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
# Input mail filters
#O InputMailFilters
......@@ -532,6 +541,8 @@ O MaxHeadersLength=32768
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
......@@ -539,6 +550,8 @@ O MaxHeadersLength=32768
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
......@@ -651,6 +664,7 @@ R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
......@@ -783,6 +797,7 @@ R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
......@@ -820,6 +835,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################
......
......@@ -16,8 +16,8 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:51 PDT 2014
##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf
##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014
##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
......@@ -123,7 +123,7 @@ DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
DZ8.14.9
DZ8.15.1
###############
......@@ -260,6 +260,9 @@ O PrivacyOptions=authwarnings
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
......@@ -510,6 +513,12 @@ O MaxHeadersLength=32768
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
# Input mail filters
#O InputMailFilters
......@@ -533,6 +542,8 @@ O MaxHeadersLength=32768
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
......@@ -540,6 +551,8 @@ O MaxHeadersLength=32768
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
......@@ -652,6 +665,7 @@ R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
......@@ -784,6 +798,7 @@ R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
......@@ -821,6 +836,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################
......
......@@ -16,8 +16,8 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:51 PDT 2014
##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf
##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014
##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
......@@ -123,7 +123,7 @@ DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
DZ8.14.9
DZ8.15.1
###############
......@@ -260,6 +260,9 @@ O PrivacyOptions=authwarnings
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
......@@ -510,6 +513,12 @@ O MaxHeadersLength=32768
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
# Input mail filters
#O InputMailFilters
......@@ -533,6 +542,8 @@ O MaxHeadersLength=32768
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
......@@ -540,6 +551,8 @@ O MaxHeadersLength=32768
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
......@@ -652,6 +665,7 @@ R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
......@@ -784,6 +798,7 @@ R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
......@@ -821,6 +836,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################
......
......@@ -16,8 +16,8 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:51 PDT 2014
##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf
##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014
##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
......@@ -127,7 +127,7 @@ DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
DZ8.14.9
DZ8.15.1
###############
......@@ -264,6 +264,9 @@ O PrivacyOptions=authwarnings
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
......@@ -514,6 +517,12 @@ O MaxHeadersLength=32768
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
# Input mail filters
#O InputMailFilters
......@@ -537,6 +546,8 @@ O MaxHeadersLength=32768
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
......@@ -544,6 +555,8 @@ O MaxHeadersLength=32768
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
......@@ -656,6 +669,7 @@ R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
......@@ -788,6 +802,7 @@ R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
......@@ -825,6 +840,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names