Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
Update to sendmail 8.17.2: some feature updates and a bunch of bug fixes.
pkgsrc changes:
- remove some backported patches now included upstream
- rename blacklistd option to blacklist to match defaults/mk.conf
- accept old opiton blacklistd
- add new smtputf8 option to enable SMTP SMTPUTF8 protocol option
SENDMAIL RELEASE NOTES
This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.
8.17.2/8.17.2 2023/06/03
Make sure DANE checks (if enabled) are performed even if
CACertPath or CACertFile are not set or unusable.
Note: if the code to set up TLS in the client fails, then
{verify} will be set to TEMP but DANE requirements
will be ignored, i.e., by default mail will be sent
without STARTTLS. This can be changed via a
LOCAL_TLS_SERVER ruleset.
Pass server name to clt_features ruleset instead of client
name to account for limitations in macro availability
described below in CONFIG section. This may break
custom clt_features rulesets which expect to receive
the client name as input.
Fix a regression introduced in 8.17.1: aliases file which
contain continuation lines caused parsing errors.
Add an FFR (for future release) compile time option _FFR_LOG_STAGE
to log the protocol stage as stage= for some errors during
delivery attempts to make troubleshooting simpler. This
new logging may be enabled in a future release.
When EAI is enabled, milters also got the arguments of MAIL/RCPT
commands in argv[0] for xxfi_envfrom()/xxfi_envrcpt()
callbacks instead of just the mail address.
Problem reported by Dilyan Palauzo.
When EAI is enabled, mailq prints UTF-8 addresses as such
if SMTPUTF8 was used.
When EAI is enabled, the $h macro is now in the correct format.
Previously this could cause wrong values for relay=
in log entries and the mailer argument vector.
When the compile time option USE_EAI is enabled, vacation could
fail to respond when it should. Problem reported by
Alex Hautequest.
When EAI was enabled, header truncation might not have been
logged even when it happened. Problem reported by
Werner Wiethege.
Handle a possible change in an upcoming release of Cyrus-SASL
(2.1.28) by changing the definition of an internal flag.
Patch from Dilyan Palauzo.
Avoid an assertion failure when an smtps connection is made
to the server and a milter is unavailable.
Problem reported by Dilyan Palauzo.
Fixed some spelling errors in documentation and comments,
based on a codespell report by Jens Schleusener
of fossies.org.
The result of try_tls is now logged using status= instead
of reject=.
If tls_rcpt rejected the delivery of a recipient then a bogus
dsn= entry might have been logged under some circumstances.
If a server replied with 421 to a RCPT command then a bogus reply=
might have been logged.
When quoting the value for ${currHeader} avoid causing a syntax
error (Unbalanced '"') when truncating a header value
which is too long. Problem reported by Werner Wiethege.
Reduce the performance impact of a change introduced in
8.12.9: the default for MaxMimeHeaderLength was
set to 2048/1024. Problem reported by Tabata
Shintaro of Internet Initiative Japan Inc.
CONFIG: The default clt_features ruleset tried to access
${server_name} and ${server_addr} which are not set
when the ruleset is invoked. Only the server name
is available which is passed as an argument.
CONFIG: Properly quote host variable to prevent cf build
breakage when a hostname contains 'dnl'. Problem
reported by Maxim Shalomikhin of Kaspersky.
DEVTOOLS: Add configure.sh support for BSD's mandoc as an
alternative man page formatting tool.
DOC: Document that USAGE is a possible value for {verify}.
LIBMILTER: The macros for the EOH and EOM callbacks are
sent in reverse order which means accessing macros
in the EOM callback got the macro for the EOH
callback. Store those macros in the expected order
in libmilter. Note: this does not affect sendmail
because the macros for both callbacks are the same
because the message is sent to libmilter after it
is completely read by sendmail. Fix and problem
report from David Buergin.
Portability:
Make use of IN_LOOPBACK, if defined, to determine if
using a loopback address. Patch from Mike Karels of
FreeBSD.
On Linux use gethostbyname2(3) if glibc 2.19 or newer
is used to avoid potential problems with IPv6 lookups.
Patch from Werner Wiethege.
Add support for Darwin 21 and Darwin 22.
Solaris 12 has been renamed to Solaris 11.4, hence
adapt a condition for sigwait(2) taking one argument.
Patch from John Beck.
New Files:
devtools/M4/UNIX/sharedlib.m4
devtools/OS/Darwin.21.x
devtools/OS/Darwin.22.x
sendmail/sched.c
libsm/notify.h
8.17.1/8.17.1 2021/08/17
Deprecation notice: due to compatibility problems with some
third party code, we plan to finally switch from K&R
to ANSI C. If you are using sendmail on a system
which does not have a compiler for ANSI C contact us
with details as soon as possible so we can determine
how to proceed.
Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533)
is available when using the compile time option USE_EAI
(see also devtools/Site/site.config.m4.sample for other
required settings) and the cf option SMTPUTF8.
If a mail submission via the command line requires
the use of SMTPUTF8, e.g., because a header uses UTF-8
encoding, but the addresses on the command line are all
ASCII, then the new option -U must be used, and
the cf option SMTPUTF8 must be set in submit.cf.
Please test and provide feedback.
Experimental support for SMTP MTA Strict Transport Security
(MTA-STS, see RFC 8461) is available when using
- the compile time option _FFR_MTA_STS (which requires
STARTTLS, MAP_REGEX, SOCKETMAP, and _FFR_TLS_ALTNAMES),
- FEATURE(sts), which implicitly sets the cf option
StrictTransportSecurity,
- postfix-mta-sts-resolver, see
https://github.com/Snawoot/postfix-mta-sts-resolver.git
New ruleset check_other which is called for all unknown SMTP
commands in the server and for commands which do not
have specific rulesets, e.g., NOOP and VERB.
New ruleset clt_features which can be used to select features
in the SMTP client per server. Currently only two
flags are available: D/M to disable DANE/MTA-STS,
respectively.
New compile time option NO_EOH_FIELDS to disable the special
meaning of the headers Message: and Text: to denote the
end of the message header.
Avoid leaking session macros for an envelope between
delivery attempts to different servers. This problem
could have affected check_compat.
Avoid leaking actual SMTP replies between delivery attempts
to different servers which could cause bogus logging
of reply= entries.
Change default SMTP reply code for STARTTLS related problems
from 403 to 454 to better match the RFCs.
Fix a theoretical buffer overflow when encountering an
unknown/unsupported socket address family on an
operating system where sa_data is larger than 30
(the standard is 14). Based on patch by Toomas Soome.
Several potential memory leaks and other similar problems
(mostly in error handling code) have been fixed.
Problems reported by Tomas Korbar of RedHat.
Previously the commands GET, POST, CONNECT, or USER terminate
a connection immediately only if sent as first command.
Now this is also done if any of these is sent directly
after STARTTLS or if the 'h' option is set via
srv_features.
CDB map locking has been changed so a sendmail process which
does have a CDB map open does not block an in-place
update of the map by makemap. The simple workaround
for that problem in earlier versions is to create
the map under a different name and then move it
into place.
On some systems the rejection of a RCPT by a milter could
silently fail.
CONFIG: New FEATURE(`check_other') to provide a default
check_other ruleset.
CONFIG: FEATURE(`tls_failures') is deprecated and will be
removed in future versions because it has a fundamental
problem: it is message oriented but STARTTLS is
session oriented. For example, having multiple
RCPTs in one envelope for different destinations,
with different temporary errors, does not work
properly, as the persistent macro applies to all
RCPTs and hence implicitly to all destinations (servers).
The option TLSFallbacktoClear should be used if needed.
CONTRIB: AuthRealm.p0 has been modified for 8.16.1 by Anne Bennett.
CONTRIB: Added cidrexpand -O option for suppressing duplicates from
a CIDR expansion that overlaps a later entry and -S option
for skipping comments exactly like makemap does.
MAIL.LOCAL: Enhance some error messages to simplify
troubleshooting.
Portability:
Add support for Darwin 19 & 20.
Use proper FreeBSD version define to allow for cross
compiling. Fix from Brooks Davis of the FreeBSD
project.
NOTE: File locking using fcntl() does not interoperate
with Berkeley DB 5.x (and probably later). Use
CDB, flock() (-DHASFLOCK), or an earlier Berkeley
DB version. Problem noted by Harald Hannelius.
New Files:
cf/feature/check_other.m4
cf/feature/sts.m4
devtools/OS/Darwin.19.x
devtools/OS/Darwin.20.x
include/sm/ixlen.h
libsm/ilenx.c
libsm/lowercase.c
libsm/strcaseeq.c
libsm/t-ixlen.c
libsm/t-ixlen.sh
libsm/t-streq.c
libsm/t-streq.sh
libsm/utf8_valid.c
libsm/uxtext_unquote.c
libsm/xleni.c
libsmutil/t-lockfile.c
libsmutil/t-lockfile-0.sh
libsmutil/t-maplock-0.sh