[src/netbsd-1-5]: src/gnu/dist/sendmail Pull up revisions 1.7-1.9 (requested ...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-1-5]: src/gnu/dist/sendmail Pull up revisions 1.7-1.9 (requested ...
From: he <he%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 07:38:02 +0000
details:   https://anonhg.NetBSD.org/src/rev/127e7460e426
branches:  netbsd-1-5
changeset: 492786:127e7460e426
user:      he <he%NetBSD.org@localhost>
date:      Wed Feb 20 23:11:54 2002 +0000

description:
Pull up revisions 1.7-1.9 (requested by itojun):
  Upgrade to sendmail version 8.11.6.

diffstat:

 gnu/dist/sendmail/cf/README         |   54 +++++++-
 gnu/dist/sendmail/doc/op/op.me      |  107 +++++++++++++---
 gnu/dist/sendmail/sendmail/README   |   62 ++++++++-
 gnu/dist/sendmail/sendmail/map.c    |  228 +++++++++++++++++++++--------------
 gnu/dist/sendmail/sendmail/milter.c |  100 +++++++++++----
 5 files changed, 394 insertions(+), 157 deletions(-)

diffs (truncated from 1489 to 300 lines):

diff -r b1daffc63853 -r 127e7460e426 gnu/dist/sendmail/cf/README
--- a/gnu/dist/sendmail/cf/README       Wed Feb 20 23:11:48 2002 +0000
+++ b/gnu/dist/sendmail/cf/README       Wed Feb 20 23:11:54 2002 +0000
@@ -221,6 +221,11 @@
 `/etc/mail/'.  If you set this macro to a different value, you MUST include
 a trailing slash.
 
+Notice: all filenames used in a .mc (or .cf) file should be absolute
+(starting at the root, i.e., with '/').  Relative filenames most
+likely cause surprises during operations (unless otherwise noted).
+
+
 +--------+
 | OSTYPE |
 +--------+
@@ -428,7 +433,7 @@
 FAX_RELAY      The host that will accept mail to the .FAX pseudo-domain.
                The "fax" mailer overrides this value.
 LOCAL_RELAY    The site that will handle unqualified names -- that
-               is, names with out an @domain extension.
+               is, names without an @domain extension.
                Normally MAIL_HUB is preferred for this function.
                LOCAL_RELAY is mostly useful in conjunction with
                FEATURE(stickyhost) -- see the discussion of
@@ -1087,9 +1092,9 @@
 rbl            This feature is deprecated! Please use dnsbl instead.
                Turns on rejection of hosts found in the Realtime Blackhole
                List.  If an argument is provided it is used as the domain
-               in which blocked hosts are listed; otherwise, the main
-               RBL domain rbl.maps.vix.com is used.  For details, see
-               http://maps.vix.com/rbl/.
+               in which blocked hosts are listed; otherwise, the main RBL
+               domain rbl.maps.vix.com is used (see NOTE below).  For
+               details, see http://maps.vix.com/rbl/.
 
 dnsbl          Turns on rejection of hosts found in an DNS based rejection
                list.  If an argument is provided it is used as the domain
@@ -1102,6 +1107,13 @@
                feature can be included several times to query different DNS
                based rejection lists.
 
+               NOTE: The default DNS blacklist, blackholes.mail-abuse.org,
+               is a service offered by the Mail Abuse Prevention System
+               (MAPS).  As of July 31, 2001, MAPS is a subscription
+               service, so using that network address won't work if you
+               haven't subscribed.  Contact MAPS to subscribe
+               (http://mail-abuse.org/).
+
 loose_relay_check
                Normally, if % addressing is used for a recipient, e.g.
                user%site@othersite, and othersite is in class {R}, the
@@ -1819,9 +1831,17 @@
        FEATURE(`dnsbl')
 
 This will cause sendmail to reject mail from any site in the
-Realtime Blackhole List database.  You can specify an alternative
-RBL domain to check by specifying an argument to the FEATURE.
-The default error message is
+Realtime Blackhole List database.  This default DNS blacklist,
+blackholes.mail-abuse.org, is a service offered by the Mail Abuse
+Prevention System (MAPS).  As of July 31, 2001, MAPS is a subscription
+service, so using that network address won't work if you haven't
+subscribed.  Contact MAPS to subscribe (http://mail-abuse.org/).
+
+You can specify an alternative RBL server to check by specifying an
+argument to the FEATURE.  The default error message is
+
+You can specify an alternative RBL domain to check by specifying an
+argument to the FEATURE.  The default error message is
 
        Mail from $&{client_addr} refused by blackhole site DOMAIN
 
@@ -2013,6 +2033,21 @@
 In this text, cert will be used as an abreviation for X.509 certificate,
 DN is the distinguished name of a cert, and CA is a certification authority.
 
+For STARTTLS to be offered by sendmail you need to set at least
+this variables (the file names and paths are just examples):
+
+       define(`confCACERT_PATH', `/etc/mail/certs/')
+       define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
+       define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')
+       define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')
+
+On systems which do not have the compile flag HASURANDOM set (see
+sendmail/README) you also must set confRAND_FILE.
+
+See doc/op/op.{me,ps} for more information about these options,
+esp. the sections ``Certificates for STARTTLS'' and ``PRNG for
+STARTTLS''.
+
 Macros related to STARTTLS are:
 
 ${cert_issuer} holds the DN of the CA (the cert issuer).
@@ -2113,7 +2148,7 @@
 possible that this level is provided by the security layer from a SASL
 algorithm, e.g., DIGEST-MD5.
 
-Example: e-mail send to secure.example.com should only use an encrypted
+Example: e-mail sent to secure.example.com should only use an encrypted
 connection. e-mail received from hosts within the laptop.example.com domain
 should only be accepted if they have been authenticated.
 TLS_Srv:secure.example.com      ENCR:112
@@ -3113,6 +3148,7 @@
 relayed to another MTA.  It will also enforce the normal address syntax
 rules and log error messages.  Additionally, by using the M=a modifier
 you can require authentication before messages are accepted by the MSA.
+Notice: Do NOT use the 'a' modifier on a public accessible MTA!
 Finally, the M=E modifier shown above disables ETRN as required by RFC
 2476.
 
@@ -3277,4 +3313,4 @@
    8   DNS based blacklists
    9   special local rulesets (1 and 2)
 
-Revision: 8.383.2.1.2.42, Last updated Date: 2001/02/15 23:40:10
+Revision: 8.383.2.1.2.49, Last updated Date: 2001/08/14 15:25:36
diff -r b1daffc63853 -r 127e7460e426 gnu/dist/sendmail/doc/op/op.me
--- a/gnu/dist/sendmail/doc/op/op.me    Wed Feb 20 23:11:48 2002 +0000
+++ b/gnu/dist/sendmail/doc/op/op.me    Wed Feb 20 23:11:54 2002 +0000
@@ -9,9 +9,43 @@
 .\" the sendmail distribution.
 .\"
 .\"
-.\"    Id: op.me,v 8.317.4.56 2001/02/15 23:38:16 ca Exp
+.\"    Id: op.me,v 8.317.4.71 2001/08/14 15:26:00 ca Exp
 .\"
 .\" eqn op.me | pic | troff -me
+.\"
+.\" Define \(sc if not defined (for text output)
+.\"
+.if !c \(sc .char \(sc S
+.\"
+.\" Define \(dg as "*" for text output and create a new .DG macro
+.\" which describes the symbol.
+.\"
+.ie !c \(dg \{\
+.char \(dg *
+.de DG
+an asterick
+..
+.\}
+.el \{\
+.de DG
+a dagger
+..
+.\}
+.\"
+.\" Define \(dd as "#" for text output and create a new .DD macro
+.\" which describes the symbol.
+.\"
+.ie !c \(dd \{\
+.char \(dd #
+.de DD
+a pound sign
+..
+.\}
+.el \{\
+.de DD
+a double dagger
+..
+.\}
 .eh 'SMM:08-%''Sendmail Installation and Operation Guide'
 .oh 'Sendmail Installation and Operation Guide''SMM:08-%'
 .\" SD is lib if sendmail is installed in /usr/lib, sbin if in /usr/sbin
@@ -53,7 +87,7 @@
 .de Ve
 Version \\$2
 ..
-.Ve Revision: 8.317.4.56
+.Ve Revision: 8.317.4.71
 .rm Ve
 .sp
 For Sendmail Version 8.11
@@ -2189,8 +2223,12 @@
 if no
 .i suboption
 is specified,
-all the timeouts marked with a dagger (\(dg) are set to the indicated value.
-All but those marked with a double dagger (\(dd) apply to client SMTP.
+all the timeouts marked with
+.DG
+(\(dg) are set to the indicated value.
+All but those marked with
+.DD
+(\(dd) apply to client SMTP.
 .pp
 Many of the RFC 1123 minimum values
 may well be too short.
@@ -2413,7 +2451,7 @@
 .b QueueLA
 option
 plus one
-exceeds the priority of the message \(em
+is less than the priority of the message \(em
 that is, the message is queued iff:
 .EQ
 pri > { bold QueueFactor } over { LA - { bold QueueLA } + 1 }
@@ -2455,7 +2493,7 @@
 i      deliver interactively (synchronously)
 b      deliver in background (asynchronously)
 q      queue only (don't deliver)
-d      defer delvery attempts (don't deliver)
+d      defer delivery attempts (don't deliver)
 .)b
 There are tradeoffs.
 Mode
@@ -3357,13 +3395,14 @@
 .b $#
 syntax should
 .i only
-be used in ruleset zero
-or a subroutine of ruleset zero.
+be used in ruleset zero,
+a subroutine of ruleset zero,
+or rulesets that return decisions (e.g., check_rcpt).
 It causes evaluation of the ruleset to terminate immediately,
 and signals to
 .i sendmail
 that the address has completely resolved.
-The complete syntax is:
+The complete syntax for ruleset 0 is:
 .(b
 \fB$#\fP\fImailer\fP \fB$@\fP\fIhost\fP \fB$:\fP\fIuser\fP
 .)b
@@ -5299,7 +5338,7 @@
 ${hdr_name} and ${currHeader}.
 The header is treated as a structured field,
 that is,
-comments (in parentheses) are deleted before processing,
+text in parentheses is deleted before processing,
 unless the second form
 .b $>+
 is used.
@@ -5498,6 +5537,8 @@
 .ip CACERTPath
 [no short name]
 Path to directory with certificates of CAs.
+This directory directory must contain the hashes of each CA certificate
+as filenames (or as links to them).
 .ip CACERTFile
 [no short name]
 File containing one CA certificate.
@@ -5700,6 +5741,12 @@
 effect in the standard configuration file, in which
 they are available via
 .b ${daemon_flags} .
+Notice: Do
+.b not
+use the ``a'' modifier on a public accessible MTA!
+It should only be used for a MSA that is accessed by authorized
+users for initial mail submission.
+Users must authenticate to use a MSA which has this option turned on.
 The flags ``c'' and ``C'' can change the default for
 hostname canonification in the
 .i sendmail.cf
@@ -6394,7 +6441,7 @@
 can run the queue.
 Authentication Warnings add warnings about various conditions
 that may indicate attempts to spoof the mail system,
-such as using an non-standard queue directory.
+such as using a non-standard queue directory.
 .ip ProcessTitlePrefix=\fIstring\fP
 [no short name]
 Prefix the process title shown on 'ps' listings with
@@ -6435,7 +6482,15 @@
 .ip QueueLA=\fILA\fP
 [x]
 When the system load average exceeds
-.i LA ,
+.i LA
+and the
+.b QueueFactor
+(\c
+.b q )
+option divided by the difference in the current load average and the
+.b QueueLA
+option plus one
+is less than the priority of the message, 
 just queue messages
 (i.e., don't try to send them).
 Defaults to 8 multiplied by
@@ -6757,7 +6812,10 @@
 be set.
 .ip TempFileMode=\fImode\fP
 [F]
-The file mode for queue files.
+The file mode for queue files, files to which
+.i sendmail
+delivers directly, and files in the
+.b HostStatusDirectory .
 It is interpreted in octal by default.
 Defaults to 0600.
 .ip Timeout.\fItype\fP=\|\fItimeout\fP
@@ -6825,13 +6883,13 @@
 (very unlikely).
 .ip UnsafeGroupWrites
 [no short name]
-If set,
+If set (default),
Prev by Date: [src/netbsd-1-5]: src/gnu/dist/sendmail Pull up revision 1.5 (requested by it...
Next by Date: [src/netbsd-1-5]: src/gnu/dist/sendmail Pull up revision 1.6 (requested by it...
Previous by Thread: [src/netbsd-1-5]: src/gnu/dist/sendmail Pull up revision 1.5 (requested by it...
Next by Thread: [src/netbsd-1-5]: src/gnu/dist/sendmail Pull up revision 1.6 (requested by it...
Indexes:
Home | Main Index | Thread Index | Old Index