release_notes

早期freebsd实现

			SENDMAIL RELEASE NOTES
	     @(#)RELEASE_NOTES	8.6.9.3 (Berkeley) 4/19/94

This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.

8.6.9/8.6.9	94/04/19
	Do all mail delivery completely disconnected from any terminal.
		This provides consistency with daemon delivery and
		may have some security implications.
	Make sure that malloc doesn't get called with zero size,
		since that fails on some systems.  Reported by Ed
		Hill of the University of Iowa.
	Fix multi-line values for $e (SMTP greeting message).  Reported
		by Mike O'Connor of Ford Motor Company.
	Avoid syserr if no NIS domain name is defined, but the map it
		is trying to open is optional.  From Win Bent of USC.
	Changes for picky compilers from Ed Gould of Digital Equipment.
	Hesiod support for UDB from Todd Miller of the University of
		Colorado.  Use "hesiod" as the service name in the U
		option.
	Fix a problem that failed to set the "authentic" host name (that
		is, the one derived from the socket info) if you called
		sendmail -bs from inetd.  Based on code contributed by
		Todd Miller (this problem was also reported by Guy Helmer
		of Dakota State University).  This also fixes a related
		problem reported by Liudvikas Bukys of the University of
		Rochester.
	Parameterize "nroff -h" in all the Makefiles so people with
		variant versions can use them easily.  Suggested by
		Peter Collinson of Hillside Systems.
	SMTP "MAIL" commands with multiple ESMTP parameters required two
		spaces between parameters instead of one.  Reported by
		Valdis Kletnieks of Virginia Tech.
	Reduce the number of system calls during message collection by
		using global timeouts around the collect() loop.  This
		code was contributed by Eric Wassenaar.
	If the initial hostname name gathering results in a name
		without a dot (usually caused by NIS misconfiguration)
		and BIND is compiled in, directly access DNS to get
		the canonical name.  This should make life easier for
		Solaris systems.  If it still can't be resolved, and
		if the name server is listed as "required", try again
		in 30 seconds.  If that also fails, exit immediately to
		avoid bogus "config error: mail loops back to myself"
		messages.
	Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error
		message to explain how much space was available and
		sound a bit less threatening.  Suggested by Stan Janet
		of the National Institute of Standards and Technology.
	If mail is delivered to an alias that has an owner, deliver any
		requested return-receipt immediately, and strip the
		Return-Receipt-To: header from the subsequent message.
		This prevents a certain class of denial of service
		attack, arguably gives more reasonable semantics, and
		moves things more towards what will probably become a
		network standard.  Suggested by Christopher Davis of
		Kapor Enterprises.
	Add a "noreceipts" privacy flag to turn off all return receipts
		without recompiling.
	Avoid printing ESMTP parameters as part of the error message
		if there are errors during parsing.  This change is
		purely cosmetic.
	Avoid sending out error messages during the collect phase of
		SMTP; there is an MVS mailer from UCLA that gets
		confused by this.  Of course, I think it's their bug....
	Check for the $j macro getting undefined, losing a dot, or getting
		lost from $=w in the daemon before accepting a connection;
		if it is, it dumps state, prints a LOG_ALERT message,
		and drops core for debugging.  This is an attempt to
		track down a bug that I thought was long since gone.
		If you see this, please forward the log fragment to
		sendmail@CS.Berkeley.EDU.
	Change OLD_NEWDB from a #ifdef to a #if so it can be turned off
		with -DOLD_NEWDB=0 on the command line.  From Christophe
		Wolfhugel.
	Instead of trying to truncate the listen queue for the server
		SMTP port when the load average is too high, just close
		the port completely and reopen it later as needed.
		This ensures that the other end gets a quick "connection
		refused" response, and that the connection can be
		recovered later.  In particular, some socket emulations
		seem to get confused if you tweak the listen queue
		size around and can never start listening to connections
		again.  The down side is that someone could start up
		another daemon process in the interim, so you could
		have multiple daemons all not listening to connections;
		this could in turn cause the sendmail.pid file to be
		incorrect.  A better approach might be to accept the
		connection and give a 421 code, but that could break
		other mailers in mysterious ways and have paging behaviour
		implications.
	Fix a glitch in TCP-level debugging that caused flag 16.101 to
		set debugging on the wrong socket.  From Eric Wassenaar.
	When creating a df* temporary file, be sure you truncate any
		existing data in the file -- otherwise system crashes
		and the like could result in extra data being sent.
	DOC: Replace the CHANGES-R5-R8 readme file with a paper in the
		doc directory.  This includes some additional
		information.
	CONFIG: change UUCP rules to never add $U! or $k! on the front
		of recipient envelope addresses.  This should have been
		handled by the $&h trick, but broke if people were
		mixing domainized and UUCP addresses.  They should
		probably have converted all the way over to uucp-uudom
		instead of uucp-{new,old}, but the failure mode was to
		loop the mail, which was bad news.
	Portability fixes:
		Newer BSDI systems (several people).
		Older BSDI systems from Christophe Wolfhugel.
		Intergraph CLIX, from Paul Southworth of CICNet.
		UnixWare, from Evan Champion.
		NetBSD from Adam Glass.
		Solaris from Quentin Campbell of the University of
			Newcastle upon Tyne.
		IRIX from Dean Cookson and Bill Driscoll of Mitre
			Corporation.
		NCR 3000 from Kevin Darcy of Chrysler Corporation.
		SunOS (it has setsid() and setvbuf() calls) from
			Jonathan Kamens of OpenVision Technologies.
		HP-UX from Tor Lillqvist.
	New Files:
		src/Makefile.CLIX
		src/Makefile.NCR3000
		doc/changes/Makefile
		doc/changes/changes.me
		doc/changes/changes.ps

8.6.8/8.6.6	94/03/21
	SECURITY: it was possible to read any file as root using the
		E (error message) option.  Reported by Richard Jones;
		fixed by Michael Corrigan and Christophe Wolfhugel.

8.6.7/8.6.6	94/03/14
	SECURITY: it was possible to get root access by using wierd
		values to the -d flag.  Thanks to Alain Durand of
		INRIA for forwarding me the notice from the bugtraq
		list.

8.6.6/8.6.6	94/03/13
	SECURITY: the ability to give files away on System V-based
		systems proved dangerous -- don't run as the owner
		of a :include: file on a system that allows giveaways.
		Unfortunately, this also applies to determining a
		valid shell.
	IMPORTANT: Previous versions weren't expiring old connections
		in the connection cache for a long time under some
		circumstances.  This could result in resource exhaustion,
		both at your end and at the other end.  This checks the
		connections for timeouts much more frequently.  From
		Doug Anderson of NCSC.
	Fix a glitch that snuck in that caused programs to be run as
		the sender instead of the recipient if the mail was
		from a local user to another local user.  From
		Motonori Nakamura of Kyoto University.
	Fix "wildcard" on /etc/shell matching -- instead of looking
		for "*", look for "/SENDMAIL/ANY/SHELL/".  From
		Bryan Costales of ICSI.
	Change the method used to declare the "statfs" availability;
		instead of HASSTATFS and/or HASUSTAT with a ton of
		tweaking in conf.c, there is a single #define called
		SFS_TYPE which takes on one of six values (SFS_NONE
		for no statfs availability, SFS_USTAT for the ustat(2)
		syscall, SFS_4ARGS for a four argument statfs(2) call,
		and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument
		statfs(2) call with the declarations in <sys/vfs.h>,
		<sys/mount.h>, or <sys/statfs.h> respectively).
	Fix glitch in NetInfo support that could return garbage if
		there was no "/locations/sendmail" property.  From
		David Meyer of the University of Virginia.
	Change HASFLOCK from defined/not-defined to a 0/1 definition
		to allow Linux to turn it off even though it is a
		BSD-like system.
	Allow setting of "ident" timeout to zero to turn off the ident
		protocol entirely.
	Make 7-bit stripping local to a connection (instead of to a
		mailer); this allows you to specify that SMTP is a
		7-bit channel, but revert to 8-bit should it advertise
		that it supports 8BITMIME.  You still have to specify
		mailer flag 7 to get this stripping at all.
	Improve makesendmail script so it handles more cases automatically.
	Tighten up restrictions on taking ownership of :include: files
		to avoid problems on systems that allow you to give away
		files.
	Fix a problem that made it impossible to rebuild the alias
		file if it was on a read-only file system.  From
		Harry Edmon of the University of Washington.
	Improve MX randomization function.  From John Gardiner Myers
		of CMU.
	Fix a minor glitch causing a bogus message to be printed (used
		%s instead of %d in a printf string for the line number)
		when a bad queue file was read.  From Harry Edmon.
	Allow $s to remain NULL on locally generated mail.  I'm not
		sure this is necessary, but a lot of people have complained
		about it, and there is a legitimate question as to whether
		"localhost" is legal as an 822-style domain.
	Fix a problem with very short line lengths (mailer L= flag) in
		headers.  This causes a leading space to be added onto
		continuation lines (including in the body!), and also
		tries to wrap headers containing addresses (From:, To:,
		etc) intelligently at the shorter line lengths.  Problem
		Reported by Lars-Johan Liman of SUNET Operations Center.
	Log the real user name when logging syserrs, since these can have
		security implications.  Suggested by several people.
	Fix address logging of cached connections -- it used to always
		log the numeric address as zero.  This is a somewhat
		bogus implementation in that it does an extra system
		call, but it should be an inexpensive one.  Fix from
		Motonori Nakamura.
	Tighten up handling of short syslog buffers even more -- there
		were cases where the outgoing relay= name was too long
		to share a line with delay= and mailer= logging.
	Limit the overhead on split envelopes to one open file descriptor
		per envelope -- previously the overhead was three
		descriptors.  This was in response to a problem reported
		by P{r (Pell) Emanuelsson.
	Fixes to better handle the case of unexpected connection closes;
		this redirects the output to the transcript so the info
		is not lost.  From Eric Wassenaar.
	Fix potential string overrun if you macro evaluate a string that
		has a naked $ at the end.  Problem noted by James Matheson
		<jmrm@eng.cam.ac.uk>.
	Make default error number on $#error messages 553 (``Requested
		action not taken: mailbox name not allowed'') instead of
		501 (``Syntax error in parameters or arguments'') to
		avoid bogus "protocol error" messages.
	Strip off any existing trailing dot on names during $[ ... $]
		lookup.  This prevents it from ending up with two dots
		on the end of dot terminated names.  From Wesley Craig
		of the University of Michigan and Bryan Costales of ICSI.
	Clean up file class reading so that the debugging information is
		more informative.  It hadn't been using setclass, so you
		didn't see the class items being added.
	Avoid core dump if you are running a version of sendmail where
		NIS is compiled in, and you specify an NIS map, but
		NIS is not running.  Fix from John Oleynick of
		Rutgers.
	Diagnose bizarre case where res_search returns a failure value,
		but sets h_errno to a success value.
	Make sure that "too many hops" messages are considered important
		enough to send an error to the Postmaster (that is, the
		address specified in the P option).  This fix should
		help problems that cause the df file to be left around
		sometimes -- unfortunately, I can't seem to reproduce
		the problem myself.
	Avoid core dump (null pointer reference) on EXPN command; this
		only occurred if your log level was set to 10 or higher
		and the target account was an alias or had a .forward file.
		Problem noted by Janne Himanka.
	Avoid "denial of service" attacks by someone who is flooding your
		SMTP port with bad commands by shutting the connection
		after 25 bad commands are issued.  From Kyle Jones of
		UUNET.
	Fix core dump on error messages with very long "to" buffers;
		fmtmsg overflows the message buffer.  Fixed by trimming
		the to address to 203 characters.  Problem reported by
		John Oleynick.
	Fix configuration for HASFLOCK -- there were some spots where
		a #ifndef was incorrectly #ifdef.  Pointed out by
		George Baltz of the University of Maryland.
	Fix a typo in savemail() that could cause the error message To:
		lists to be incorrect in some places.  From Motonori
		Nakamura.
	Fix a glitch that can cause duplicate error messages on split
		envelopes where an address on one of the lists has a