Auto sync2gitlab import of sendmail-8.15.2-34.el8.src.rpm
This commit is contained in:
parent
8208c4afef
commit
56a334f5fe
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
/sendmail.8.15.2.tar.gz
|
1
Sendmail-sasl2.conf
Normal file
1
Sendmail-sasl2.conf
Normal file
@ -0,0 +1 @@
|
|||||||
|
pwcheck_method:saslauthd
|
11
sendmail-8.13.0-cyrus.patch
Normal file
11
sendmail-8.13.0-cyrus.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
--- sendmail-8.13.0/cf/mailer/cyrus.m4.cyrus 2004-06-30 11:47:47.116910591 +0200
|
||||||
|
+++ sendmail-8.13.0/cf/mailer/cyrus.m4 2004-06-30 11:49:02.262556546 +0200
|
||||||
|
@@ -36,7 +36,7 @@
|
||||||
|
#
|
||||||
|
|
||||||
|
_DEFIFNOT(`CYRUS_MAILER_FLAGS', `Ah5@/:|')
|
||||||
|
-ifdef(`CYRUS_MAILER_PATH',, `define(`CYRUS_MAILER_PATH', /usr/cyrus/bin/deliver)')
|
||||||
|
+ifdef(`CYRUS_MAILER_PATH',, `define(`CYRUS_MAILER_PATH', /usr/lib/cyrus-imapd/deliver)')
|
||||||
|
ifdef(`CYRUS_MAILER_ARGS',, `define(`CYRUS_MAILER_ARGS', `deliver -e -m $h -- $u')')
|
||||||
|
ifdef(`CYRUS_MAILER_USER',, `define(`CYRUS_MAILER_USER', `cyrus:mail')')
|
||||||
|
_DEFIFNOT(`CYRUS_BB_MAILER_FLAGS', `u')
|
50
sendmail-8.14.3-sharedmilter.patch
Normal file
50
sendmail-8.14.3-sharedmilter.patch
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
diff -up sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4.sharedmilter sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4
|
||||||
|
--- sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4.sharedmilter 2009-01-20 15:19:34.000000000 +0100
|
||||||
|
+++ sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4 2009-01-20 15:19:34.000000000 +0100
|
||||||
|
@@ -15,22 +15,23 @@ divert(-1)
|
||||||
|
divert(0)dnl
|
||||||
|
include(confBUILDTOOLSDIR`/M4/'bldM4_TYPE_DIR`/links.m4')dnl
|
||||||
|
bldLIST_PUSH_ITEM(`bldC_PRODUCTS', bldCURRENT_PRODUCT)dnl
|
||||||
|
-bldPUSH_TARGET(bldCURRENT_PRODUCT`.a')dnl
|
||||||
|
+bldPUSH_TARGET(bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL)dnl
|
||||||
|
bldPUSH_INSTALL_TARGET(`install-'bldCURRENT_PRODUCT)dnl
|
||||||
|
bldPUSH_CLEAN_TARGET(bldCURRENT_PRODUCT`-clean')dnl
|
||||||
|
|
||||||
|
include(confBUILDTOOLSDIR`/M4/'bldM4_TYPE_DIR`/defines.m4')
|
||||||
|
divert(bldTARGETS_SECTION)
|
||||||
|
-bldCURRENT_PRODUCT.a: ${BEFORE} ${bldCURRENT_PRODUCT`OBJS'}
|
||||||
|
- ${AR} ${AROPTS} bldCURRENT_PRODUCT.a ${bldCURRENT_PRODUCT`OBJS'}
|
||||||
|
- ${RANLIB} ${RANLIBOPTS} bldCURRENT_PRODUCT.a
|
||||||
|
+bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL: ${BEFORE} ${bldCURRENT_PRODUCT`OBJS'}
|
||||||
|
+ ${CC} ${CFLAGS} ${LDOPTS_SO} -o bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL `-Wl,'confSONAME`,'bldCURRENT_PRODUCT`.so.'confSOVER ${bldCURRENT_PRODUCT`OBJS'}
|
||||||
|
ifdef(`bldLINK_SOURCES', `bldMAKE_SOURCE_LINKS(bldLINK_SOURCES)')
|
||||||
|
|
||||||
|
-install-`'bldCURRENT_PRODUCT: bldCURRENT_PRODUCT.a
|
||||||
|
+install-`'bldCURRENT_PRODUCT: bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL
|
||||||
|
ifdef(`bldINSTALLABLE', ` ifdef(`confMKDIR', `if [ ! -d ${DESTDIR}${bldINSTALL_DIR`'LIBDIR} ]; then confMKDIR -p ${DESTDIR}${bldINSTALL_DIR`'LIBDIR}; else :; fi ')
|
||||||
|
- ${INSTALL} -c -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} bldCURRENT_PRODUCT.a ${DESTDIR}${LIBDIR}')
|
||||||
|
+ ${LN} ${LNOPTS} bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL ${DESTDIR}${LIBDIR}/bldCURRENT_PRODUCT.so.confSOVER
|
||||||
|
+ ${LN} ${LNOPTS} bldCURRENT_PRODUCT.so.confSOVER ${DESTDIR}${LIBDIR}/bldCURRENT_PRODUCT.so
|
||||||
|
+ ${INSTALL} -c -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} bldCURRENT_PRODUCT.so.confSOVER`.'confSOPLVL ${DESTDIR}${LIBDIR}')
|
||||||
|
|
||||||
|
bldCURRENT_PRODUCT-clean:
|
||||||
|
- rm -f ${OBJS} bldCURRENT_PRODUCT.a ${MANPAGES}
|
||||||
|
+ rm -f ${OBJS} bldCURRENT_PRODUCT.so* ${MANPAGES}
|
||||||
|
|
||||||
|
divert(0)
|
||||||
|
diff -up sendmail-8.14.3/libmilter/Makefile.m4.sharedmilter sendmail-8.14.3/libmilter/Makefile.m4
|
||||||
|
--- sendmail-8.14.3/libmilter/Makefile.m4.sharedmilter 2008-04-08 07:23:44.000000000 +0200
|
||||||
|
+++ sendmail-8.14.3/libmilter/Makefile.m4 2009-01-20 15:26:05.000000000 +0100
|
||||||
|
@@ -9,7 +9,11 @@ define(`confMT', `true')
|
||||||
|
SMSRCDIR=ifdef(`confSMSRCDIR', `confSMSRCDIR', `${SRCDIR}/sendmail')
|
||||||
|
PREPENDDEF(`confINCDIRS', `-I${SMSRCDIR} ')
|
||||||
|
|
||||||
|
-bldPRODUCT_START(`library', `libmilter')
|
||||||
|
+APPENDDEF(`confOPTIMIZE', `-fno-pie -fPIC')
|
||||||
|
+define(`runCtest', `esyscmd(`echo -e "#include <stdio.h>\n#include \"../include/libmilter/mfapi.h\"\nint main(){'$1`;return 0;}" | gcc -x c -I../include -o ctest - && ./ctest && rm -f ctest')')dnl
|
||||||
|
+define(`confSOVER', runCtest(`printf(\"%d.%d\", SM_LM_VRS_MAJOR(SMFI_VERSION), SM_LM_VRS_MINOR(SMFI_VERSION))'))dnl
|
||||||
|
+define(`confSOPLVL', runCtest(`printf(\"%d\", SM_LM_VRS_PLVL(SMFI_VERSION))'))dnl
|
||||||
|
+bldPRODUCT_START(`sharedlibrary', `libmilter')
|
||||||
|
define(`bldINSTALLABLE', `true')
|
||||||
|
define(`LIBMILTER_EXTRAS', `errstring.c strl.c')
|
||||||
|
APPENDDEF(`confENVDEF', `-DNOT_SENDMAIL -Dsm_snprintf=snprintf')
|
182
sendmail-8.14.3-smrsh_paths.patch
Normal file
182
sendmail-8.14.3-smrsh_paths.patch
Normal file
@ -0,0 +1,182 @@
|
|||||||
|
diff -up sendmail-8.14.3/smrsh/README.smrsh_paths sendmail-8.14.3/smrsh/README
|
||||||
|
--- sendmail-8.14.3/smrsh/README.smrsh_paths 2008-02-12 17:40:06.000000000 +0100
|
||||||
|
+++ sendmail-8.14.3/smrsh/README 2008-07-15 14:40:36.000000000 +0200
|
||||||
|
@@ -6,7 +6,7 @@ Software Engineering Institute, Carnegie
|
||||||
|
intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability,
|
||||||
|
and to the software, smrsh.c, written by Eric Allman.
|
||||||
|
|
||||||
|
-
|
||||||
|
+* Modified by Red Hat, Inc., to reflect different paths. *
|
||||||
|
|
||||||
|
The smrsh(8) program is intended as a replacement for /bin/sh in the
|
||||||
|
program mailer definition of sendmail(8). This README file describes
|
||||||
|
@@ -56,15 +56,15 @@ These can be added to the devtools/Site/
|
||||||
|
global M4 macro confENVDEF or the smrsh specific M4 macro
|
||||||
|
conf_smrsh_ENVDEF.
|
||||||
|
|
||||||
|
-As root, install smrsh in /usr/libexec. Using the Build script:
|
||||||
|
+As root, install smrsh in /usr/sbin. Using the Build script:
|
||||||
|
|
||||||
|
host.domain# sh ./Build install
|
||||||
|
|
||||||
|
-For manual installation: install smrsh in the /usr/libexec
|
||||||
|
+For manual installation: install smrsh in the /usr/sbin
|
||||||
|
directory, with mode 511.
|
||||||
|
|
||||||
|
- host.domain# mv smrsh /usr/libexec
|
||||||
|
- host.domain# chmod 511 /usr/libexec/smrsh
|
||||||
|
+ host.domain# mv smrsh /usr/sbin
|
||||||
|
+ host.domain# chmod 511 /usr/sbin/smrsh
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@@ -86,7 +86,7 @@ perl(1), uudecode(1) or the stream edito
|
||||||
|
acceptable commands.
|
||||||
|
|
||||||
|
If your platform doesn't have a default SMRSH_CMDDIR setting, you will
|
||||||
|
-next need to create the directory /usr/adm/sm.bin and populate
|
||||||
|
+next need to create the directory /etc/smrsh and populate
|
||||||
|
it with the programs that your site feels are allowable for sendmail
|
||||||
|
to execute. This directory is explicitly specified in the source
|
||||||
|
code for smrsh, so changing this directory must be accompanied with
|
||||||
|
@@ -95,22 +95,22 @@ a change in smrsh.c.
|
||||||
|
|
||||||
|
You will have to be root to make these modifications.
|
||||||
|
|
||||||
|
-After creating the /usr/adm/sm.bin directory, either copy the programs
|
||||||
|
+After creating the /etc/smrsh directory, either copy the programs
|
||||||
|
to the directory, or establish links to the allowable programs from
|
||||||
|
-/usr/adm/sm.bin. Change the file permissions, so that these programs
|
||||||
|
+/etc/smrsh. Change the file permissions, so that these programs
|
||||||
|
can not be modified by non-root users. If you use links, you should
|
||||||
|
ensure that the target programs are not modifiable.
|
||||||
|
|
||||||
|
To allow the popular vacation(1) program by creating a link in the
|
||||||
|
-/usr/adm/sm.bin directory, you should:
|
||||||
|
+/etc/smrsh directory, you should:
|
||||||
|
|
||||||
|
- host.domain# cd /usr/adm/sm.bin
|
||||||
|
+ host.domain# cd /etc/smrsh
|
||||||
|
host.domain# ln -s /usr/ucb/vacation vacation
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
-After populating the /usr/adm/sm.bin directory, you can now configure
|
||||||
|
+After populating the /etc/smrsh directory, you can now configure
|
||||||
|
sendmail to use the restricted shell. Save the current sendmail.cf
|
||||||
|
file prior to modifying it, as a prudent precaution.
|
||||||
|
|
||||||
|
@@ -125,7 +125,7 @@ help to locate it.
|
||||||
|
|
||||||
|
In order to configure sendmail to use smrsh, you must modify the Mprog
|
||||||
|
definition in the sendmail.cf file, by replacing the /bin/sh specification
|
||||||
|
-with /usr/libexec/smrsh.
|
||||||
|
+with /usr/sbin/smrsh.
|
||||||
|
|
||||||
|
As an example:
|
||||||
|
|
||||||
|
@@ -133,14 +133,14 @@ In most Sun Microsystems' sendmail.cf fi
|
||||||
|
Mprog, P=/bin/sh, F=lsDFMeuP, S=10, R=20, A=sh -c $u
|
||||||
|
|
||||||
|
which should be changed to:
|
||||||
|
-Mprog, P=/usr/libexec/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u
|
||||||
|
- ^^^^^^^^^^^^^^^^^^
|
||||||
|
+Mprog, P=/usr/sbin/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u
|
||||||
|
+ ^^^^^^^^^^^^^^^^
|
||||||
|
|
||||||
|
A more generic line may be:
|
||||||
|
Mprog, P=/bin/sh, F=lsDFM, A=sh -c $u
|
||||||
|
|
||||||
|
and should be changed to;
|
||||||
|
-Mprog, P=/usr/libexec/smrsh, F=lsDFM, A=sh -c $u
|
||||||
|
+Mprog, P=/usr/sbin/smrsh, F=lsDFM, A=sh -c $u
|
||||||
|
|
||||||
|
|
||||||
|
After modifying the Mprog definition in the sendmail.cf file, if a frozen
|
||||||
|
@@ -151,7 +151,7 @@ or /etc/mail directories. The specific
|
||||||
|
a search of the strings(1) output of the sendmail binary.
|
||||||
|
|
||||||
|
In order to create a new frozen configuration, if it is required:
|
||||||
|
- host.domain# /usr/lib/sendmail -bz
|
||||||
|
+ host.domain# /usr/sbin/sendmail -bz
|
||||||
|
|
||||||
|
Now re-start the sendmail process. An example of how to do this on
|
||||||
|
a typical system follows:
|
||||||
|
diff -up sendmail-8.14.3/smrsh/smrsh.8.smrsh_paths sendmail-8.14.3/smrsh/smrsh.8
|
||||||
|
--- sendmail-8.14.3/smrsh/smrsh.8.smrsh_paths 2004-08-06 05:55:35.000000000 +0200
|
||||||
|
+++ sendmail-8.14.3/smrsh/smrsh.8 2008-07-15 14:38:07.000000000 +0200
|
||||||
|
@@ -39,7 +39,7 @@ Briefly,
|
||||||
|
.I smrsh
|
||||||
|
limits programs to be in a single directory,
|
||||||
|
by default
|
||||||
|
-/usr/adm/sm.bin,
|
||||||
|
+/etc/smrsh,
|
||||||
|
allowing the system administrator to choose the set of acceptable commands,
|
||||||
|
and to the shell builtin commands ``exec'', ``exit'', and ``echo''.
|
||||||
|
It also rejects any commands with the characters
|
||||||
|
@@ -56,10 +56,10 @@ so forwarding to ``/usr/ucb/vacation'',
|
||||||
|
and
|
||||||
|
``vacation''
|
||||||
|
all actually forward to
|
||||||
|
-``/usr/adm/sm.bin/vacation''.
|
||||||
|
+``/etc/smrsh/vacation''.
|
||||||
|
.PP
|
||||||
|
System administrators should be conservative about populating
|
||||||
|
-the sm.bin directory.
|
||||||
|
+the /etc/smrsh directory.
|
||||||
|
For example, a reasonable additions is
|
||||||
|
.IR vacation (1),
|
||||||
|
and the like.
|
||||||
|
@@ -68,7 +68,7 @@ never include any shell or shell-like pr
|
||||||
|
(such as
|
||||||
|
.IR perl (1))
|
||||||
|
in the
|
||||||
|
-sm.bin
|
||||||
|
+/etc/smrsh
|
||||||
|
directory.
|
||||||
|
Note that this does not restrict the use of shell or perl scripts
|
||||||
|
in the sm.bin directory (using the ``#!'' syntax);
|
||||||
|
@@ -79,20 +79,7 @@ is a very bad idea.
|
||||||
|
.IR procmail (1)
|
||||||
|
allows users to run arbitrary programs in their
|
||||||
|
.IR procmailrc (5).
|
||||||
|
-.SH COMPILATION
|
||||||
|
-Compilation should be trivial on most systems.
|
||||||
|
-You may need to use \-DSMRSH_PATH=\e"\fIpath\fP\e"
|
||||||
|
-to adjust the default search path
|
||||||
|
-(defaults to ``/bin:/usr/bin:/usr/ucb'')
|
||||||
|
-and/or \-DSMRSH_CMDDIR=\e"\fIdir\fP\e"
|
||||||
|
-to change the default program directory
|
||||||
|
-(defaults to ``/usr/adm/sm.bin'').
|
||||||
|
.SH FILES
|
||||||
|
-/usr/adm/sm.bin \- default directory for restricted programs on most OSs
|
||||||
|
-.PP
|
||||||
|
-/var/adm/sm.bin \- directory for restricted programs on HP UX and Solaris
|
||||||
|
-.PP
|
||||||
|
-/usr/libexec/sm.bin \- directory for restricted programs on FreeBSD (>= 3.3) and DragonFly BSD
|
||||||
|
-
|
||||||
|
+/etc/smrsh \- directory for restricted programs
|
||||||
|
.SH SEE ALSO
|
||||||
|
sendmail(8)
|
||||||
|
diff -up sendmail-8.14.3/smrsh/smrsh.c.smrsh_paths sendmail-8.14.3/smrsh/smrsh.c
|
||||||
|
--- sendmail-8.14.3/smrsh/smrsh.c.smrsh_paths 2004-08-06 20:54:22.000000000 +0200
|
||||||
|
+++ sendmail-8.14.3/smrsh/smrsh.c 2008-07-15 14:38:07.000000000 +0200
|
||||||
|
@@ -77,7 +77,7 @@ SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.65 20
|
||||||
|
# ifdef SMRSH_CMDDIR
|
||||||
|
# define CMDDIR SMRSH_CMDDIR
|
||||||
|
# else /* SMRSH_CMDDIR */
|
||||||
|
-# define CMDDIR "/usr/adm/sm.bin"
|
||||||
|
+# define CMDDIR "/etc/smrsh"
|
||||||
|
# endif /* SMRSH_CMDDIR */
|
||||||
|
#endif /* ! CMDDIR */
|
||||||
|
|
||||||
|
@@ -89,7 +89,7 @@ SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.65 20
|
||||||
|
# ifdef SMRSH_PATH
|
||||||
|
# define PATH SMRSH_PATH
|
||||||
|
# else /* SMRSH_PATH */
|
||||||
|
-# define PATH "/bin:/usr/bin:/usr/ucb"
|
||||||
|
+# define PATH "/bin:/usr/bin"
|
||||||
|
# endif /* SMRSH_PATH */
|
||||||
|
#endif /* ! PATH */
|
||||||
|
|
56
sendmail-8.14.4-makemapman.patch
Normal file
56
sendmail-8.14.4-makemapman.patch
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
--- sendmail-8.14.4/cf/cf/Build 1999-03-02 03:37:12.000000000 +0100
|
||||||
|
+++ sendmail-8.14.4/cf/cf/Build.makemapman 2010-01-03 22:49:38.000000000 +0100
|
||||||
|
@@ -18,7 +18,7 @@
|
||||||
|
SMROOT=${SMROOT-../..}
|
||||||
|
BUILDTOOLS=${BUILDTOOLS-$SMROOT/devtools}
|
||||||
|
|
||||||
|
-M4=`sh $BUILDTOOLS/bin/find_m4.sh`
|
||||||
|
+M4=/usr/bin/m4
|
||||||
|
ret=$?
|
||||||
|
if [ $ret -ne 0 ]
|
||||||
|
then
|
||||||
|
--- sendmail-8.14.4/devtools/OS/Linux 2009-01-22 03:15:42.000000000 +0100
|
||||||
|
+++ sendmail-8.14.4/devtools/OS/Linux.makemapman 2010-01-03 22:50:27.000000000 +0100
|
||||||
|
@@ -6,7 +6,7 @@
|
||||||
|
define(`confDEPEND_TYPE', `CC-M')
|
||||||
|
define(`confCCOPTS_SO', `-fPIC')
|
||||||
|
define(`confSM_OS_HEADER', `sm_os_linux')
|
||||||
|
-define(`confMANROOT', `/usr/man/man')
|
||||||
|
+define(`confMANROOT', `/usr/share/man/man')
|
||||||
|
define(`confLIBS', `-ldl')
|
||||||
|
define(`confEBINDIR', `/usr/sbin')
|
||||||
|
APPENDDEF(`confLIBSEARCH', `crypt nsl')
|
||||||
|
@@ -16,6 +16,8 @@
|
||||||
|
define(`confMTLDOPTS', `-lpthread')
|
||||||
|
define(`confLDOPTS_SO', `-shared')
|
||||||
|
define(`confSONAME',`-soname')
|
||||||
|
+define('confSBINGRP', 'mail')
|
||||||
|
+define('confSBINMODE', '6755')
|
||||||
|
|
||||||
|
ifelse(confBLDVARIANT, `DEBUG',
|
||||||
|
dnl Debug build
|
||||||
|
--- sendmail-8.14.4/makemap/makemap.8 2008-05-03 01:07:48.000000000 +0200
|
||||||
|
+++ sendmail-8.14.4/makemap/makemap.8.makemapman 2010-01-03 22:51:04.000000000 +0100
|
||||||
|
@@ -52,12 +52,6 @@
|
||||||
|
parameter.
|
||||||
|
They may be
|
||||||
|
.TP
|
||||||
|
-dbm
|
||||||
|
-DBM format maps.
|
||||||
|
-This requires the
|
||||||
|
-ndbm(3)
|
||||||
|
-library.
|
||||||
|
-.TP
|
||||||
|
btree
|
||||||
|
B-Tree format maps.
|
||||||
|
This requires the new Berkeley DB
|
||||||
|
--- sendmail-8.14.4/rmail/rmail.c 2001-09-18 23:45:29.000000000 +0200
|
||||||
|
+++ sendmail-8.14.4/rmail/rmail.c.makemapman 2010-01-03 22:51:36.000000000 +0100
|
||||||
|
@@ -276,7 +276,6 @@
|
||||||
|
args[i++] = _PATH_SENDMAIL; /* Build sendmail's argument list. */
|
||||||
|
args[i++] = "-G"; /* relay submission */
|
||||||
|
args[i++] = "-oee"; /* No errors, just status. */
|
||||||
|
- args[i++] = "-odq"; /* Queue it, don't try to deliver. */
|
||||||
|
args[i++] = "-oi"; /* Ignore '.' on a line by itself. */
|
||||||
|
|
||||||
|
/* set from system and protocol used */
|
31
sendmail-8.14.8-sasl2-in-etc.patch
Normal file
31
sendmail-8.14.8-sasl2-in-etc.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
diff --git a/sendmail/usersmtp.c b/sendmail/usersmtp.c
|
||||||
|
index c217ffa..e4dadd3 100644
|
||||||
|
--- a/sendmail/usersmtp.c
|
||||||
|
+++ b/sendmail/usersmtp.c
|
||||||
|
@@ -1331,9 +1331,7 @@ safesaslfile(context, file)
|
||||||
|
{
|
||||||
|
long sff;
|
||||||
|
int r;
|
||||||
|
-#if SASL <= 10515
|
||||||
|
size_t len;
|
||||||
|
-#endif /* SASL <= 10515 */
|
||||||
|
char *p;
|
||||||
|
|
||||||
|
if (file == NULL || *file == '\0')
|
||||||
|
@@ -1369,9 +1367,16 @@ safesaslfile(context, file)
|
||||||
|
#endif /* SASL <= 10515 */
|
||||||
|
|
||||||
|
p = (char *) file;
|
||||||
|
+ len = strlen(p);
|
||||||
|
if ((r = safefile(p, RunAsUid, RunAsGid, RunAsUserName, sff,
|
||||||
|
S_IRUSR, NULL)) == 0)
|
||||||
|
return SASL_OK;
|
||||||
|
+#if SASL > 10515
|
||||||
|
+ /* Expect /usr/lib/sasl2/Sendmail.conf to be missing - config now in /etc/sasl2 */
|
||||||
|
+ if (type == SASL_VRFY_CONF && r == ENOENT &&
|
||||||
|
+ len >= 8 && strncmp(p, "/usr/lib", 8) == 0)
|
||||||
|
+ return SASL_CONTINUE;
|
||||||
|
+#endif /* SASL > 10515 */
|
||||||
|
if (LogLevel > (r != ENOENT ? 8 : 10))
|
||||||
|
sm_syslog(LOG_WARNING, NOQID, "error: safesasl(%s) failed: %s",
|
||||||
|
p, sm_errstring(r));
|
13
sendmail-8.14.9-noversion.patch
Normal file
13
sendmail-8.14.9-noversion.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
--- sendmail-8.14.9/sendmail/helpfile 2014-03-06 18:31:31.000000000 +0100
|
||||||
|
+++ sendmail-8.14.9/sendmail/helpfile.noversion 2014-05-21 17:25:29.000000000 +0200
|
||||||
|
@@ -11,9 +11,7 @@
|
||||||
|
cpyr forth in the LICENSE file which can be found at the top level of
|
||||||
|
cpyr the sendmail distribution.
|
||||||
|
cpyr
|
||||||
|
-cpyr $$Id: helpfile,v 8.49 2013-11-22 20:51:55 ca Exp $$
|
||||||
|
-cpyr
|
||||||
|
-smtp This is sendmail version $v
|
||||||
|
+smtp This is sendmail
|
||||||
|
smtp Topics:
|
||||||
|
smtp HELO EHLO MAIL RCPT DATA
|
||||||
|
smtp RSET NOOP QUIT HELP VRFY
|
20
sendmail-8.14.9-pid.patch
Normal file
20
sendmail-8.14.9-pid.patch
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
--- sendmail-8.14.9/cf/cf/submit.mc 2014-03-06 18:31:28.000000000 +0100
|
||||||
|
+++ sendmail-8.14.9/cf/cf/submit.mc.pid 2014-05-21 17:20:14.000000000 +0200
|
||||||
|
@@ -15,12 +15,16 @@
|
||||||
|
#
|
||||||
|
|
||||||
|
divert(0)dnl
|
||||||
|
-VERSIONID(`$Id: submit.mc,v 8.15 2013-11-22 20:51:08 ca Exp $')
|
||||||
|
+sinclude(`/usr/share/sendmail-cf/m4/cf.m4')dnl
|
||||||
|
+VERSIONID(`linux setup')dnl
|
||||||
|
define(`confCF_VERSION', `Submit')dnl
|
||||||
|
define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
|
||||||
|
define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
|
||||||
|
define(`confTIME_ZONE', `USE_TZ')dnl
|
||||||
|
define(`confDONT_INIT_GROUPS', `True')dnl
|
||||||
|
+define(`confPID_FILE', `/run/sm-client.pid')dnl
|
||||||
|
+dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl
|
||||||
|
+FEATURE(`use_ct_file')dnl
|
||||||
|
dnl
|
||||||
|
dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:0:0:0:0:0:0:0:1]
|
||||||
|
FEATURE(`msp', `[127.0.0.1]')dnl
|
11
sendmail-8.14.9-vacation.patch
Normal file
11
sendmail-8.14.9-vacation.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
--- sendmail-8.14.9/vacation/Makefile 2014-03-06 18:31:31.000000000 +0100
|
||||||
|
+++ sendmail-8.14.9/vacation/Makefile.vacation 2014-05-21 17:22:47.000000000 +0200
|
||||||
|
@@ -1,7 +1,7 @@
|
||||||
|
# $Id: Makefile,v 8.5 1999-09-23 22:36:45 ca Exp $
|
||||||
|
|
||||||
|
SHELL= /bin/sh
|
||||||
|
-BUILD= ./Build
|
||||||
|
+BUILD= ./Build -f ../redhat.config.m4
|
||||||
|
OPTIONS= $(CONFIG) $(FLAGS)
|
||||||
|
|
||||||
|
all: FRC
|
126
sendmail-8.15.1-aliases_dir.patch
Normal file
126
sendmail-8.15.1-aliases_dir.patch
Normal file
@ -0,0 +1,126 @@
|
|||||||
|
diff --git a/cf/m4/cfhead.m4 b/cf/m4/cfhead.m4
|
||||||
|
index 714a3ec..3fd6c1c 100644
|
||||||
|
--- a/cf/m4/cfhead.m4
|
||||||
|
+++ b/cf/m4/cfhead.m4
|
||||||
|
@@ -260,7 +260,7 @@ ifdef(`MAIL_SETTINGS_DIR', , `define(`MAIL_SETTINGS_DIR', `/etc/mail/')')
|
||||||
|
define(`DATABASE_MAP_TYPE', `hash')
|
||||||
|
|
||||||
|
# set up default values for options
|
||||||
|
-define(`ALIAS_FILE', `MAIL_SETTINGS_DIR`'aliases')
|
||||||
|
+define(`ALIAS_FILE', `/etc/aliases')
|
||||||
|
define(`confMAILER_NAME', ``MAILER-DAEMON'')
|
||||||
|
define(`confFROM_LINE', `From $g $d')
|
||||||
|
define(`confOPERATORS', `.:%@!^/[]+')
|
||||||
|
diff --git a/sendmail/aliases.0 b/sendmail/aliases.0
|
||||||
|
index cfdbe17..5ea4c28 100644
|
||||||
|
--- a/sendmail/aliases.0
|
||||||
|
+++ b/sendmail/aliases.0
|
||||||
|
@@ -63,7 +63,7 @@ DDEESSCCRRIIPPTTIIOONN
|
||||||
|
the list of users defined in that file.
|
||||||
|
|
||||||
|
This is only the raw data file; the actual aliasing information is
|
||||||
|
- placed into a binary format in the file /etc/mail/aliases.db using the
|
||||||
|
+ placed into a binary format in the file /etc/aliases.db using the
|
||||||
|
program newaliases(1). A newaliases command should be executed each
|
||||||
|
time the aliases file is changed for the change to take effect.
|
||||||
|
|
||||||
|
diff --git a/sendmail/aliases.5 b/sendmail/aliases.5
|
||||||
|
index f09b49c..7b16db2 100644
|
||||||
|
--- a/sendmail/aliases.5
|
||||||
|
+++ b/sendmail/aliases.5
|
||||||
|
@@ -23,7 +23,7 @@ ID
|
||||||
|
aliases used by
|
||||||
|
sendmail.
|
||||||
|
The file resides in
|
||||||
|
-/etc/mail
|
||||||
|
+/etc
|
||||||
|
and
|
||||||
|
is formatted as a series of lines of the form
|
||||||
|
.IP
|
||||||
|
@@ -96,7 +96,7 @@ list of users defined in that file.
|
||||||
|
.PP
|
||||||
|
This is only the raw data file; the actual aliasing information is
|
||||||
|
placed into a binary format in the file
|
||||||
|
-/etc/mail/aliases.db
|
||||||
|
+/etc/aliases.db
|
||||||
|
using the program
|
||||||
|
newaliases(1).
|
||||||
|
A
|
||||||
|
diff --git a/sendmail/newaliases.0 b/sendmail/newaliases.0
|
||||||
|
index c77f401..e2a1670 100644
|
||||||
|
--- a/sendmail/newaliases.0
|
||||||
|
+++ b/sendmail/newaliases.0
|
||||||
|
@@ -10,7 +10,7 @@ SSYYNNOOPPSSIISS
|
||||||
|
|
||||||
|
DDEESSCCRRIIPPTTIIOONN
|
||||||
|
NNeewwaalliiaasseess rebuilds the random access data base for the mail aliases
|
||||||
|
- file /etc/mail/aliases. It must be run each time this file is changed
|
||||||
|
+ file /etc/aliases. It must be run each time this file is changed
|
||||||
|
in order for the change to take effect.
|
||||||
|
|
||||||
|
NNeewwaalliiaasseess is identical to ``sendmail -bi''.
|
||||||
|
@@ -22,7 +22,7 @@ DDEESSCCRRIIPPTTIIOONN
|
||||||
|
sseennddmmaaiill..
|
||||||
|
|
||||||
|
FFIILLEESS
|
||||||
|
- /etc/mail/aliases The mail aliases file
|
||||||
|
+ /etc/aliases The mail aliases file
|
||||||
|
|
||||||
|
SSEEEE AALLSSOO
|
||||||
|
aliases(5), sendmail(8)
|
||||||
|
diff --git a/sendmail/newaliases.1 b/sendmail/newaliases.1
|
||||||
|
index 59dc0de..9ba8752 100644
|
||||||
|
--- a/sendmail/newaliases.1
|
||||||
|
+++ b/sendmail/newaliases.1
|
||||||
|
@@ -20,7 +20,7 @@ newaliases
|
||||||
|
.SH DESCRIPTION
|
||||||
|
.B Newaliases
|
||||||
|
rebuilds the random access data base for the mail aliases file
|
||||||
|
-/etc/mail/aliases. It must be run each time this file is changed
|
||||||
|
+/etc/aliases. It must be run each time this file is changed
|
||||||
|
in order for the change to take effect.
|
||||||
|
.PP
|
||||||
|
.B Newaliases
|
||||||
|
@@ -40,7 +40,7 @@ puts a special token into the data base that is required by
|
||||||
|
.B sendmail.
|
||||||
|
.SH FILES
|
||||||
|
.TP 2i
|
||||||
|
-/etc/mail/aliases
|
||||||
|
+/etc/aliases
|
||||||
|
The mail aliases file
|
||||||
|
.SH SEE ALSO
|
||||||
|
aliases(5), sendmail(8)
|
||||||
|
diff --git a/sendmail/sendmail.0 b/sendmail/sendmail.0
|
||||||
|
index 515d5f7..8236411 100644
|
||||||
|
--- a/sendmail/sendmail.0
|
||||||
|
+++ b/sendmail/sendmail.0
|
||||||
|
@@ -434,10 +434,10 @@ FFIILLEESS
|
||||||
|
are only approximations.
|
||||||
|
|
||||||
|
|
||||||
|
- /etc/mail/aliases
|
||||||
|
+ /etc/aliases
|
||||||
|
raw data for alias names
|
||||||
|
|
||||||
|
- /etc/mail/aliases.db
|
||||||
|
+ /etc/aliases.db
|
||||||
|
data base of alias names
|
||||||
|
|
||||||
|
/etc/mail/sendmail.cf
|
||||||
|
diff --git a/sendmail/sendmail.8 b/sendmail/sendmail.8
|
||||||
|
index 0356839..1258c26 100644
|
||||||
|
--- a/sendmail/sendmail.8
|
||||||
|
+++ b/sendmail/sendmail.8
|
||||||
|
@@ -711,10 +711,10 @@ Thus,
|
||||||
|
these values are only approximations.
|
||||||
|
.PP
|
||||||
|
.TP
|
||||||
|
- /etc/mail/aliases
|
||||||
|
+ /etc/aliases
|
||||||
|
raw data for alias names
|
||||||
|
.TP
|
||||||
|
- /etc/mail/aliases.db
|
||||||
|
+ /etc/aliases.db
|
||||||
|
data base of alias names
|
||||||
|
.TP
|
||||||
|
/etc/mail/sendmail.cf
|
46
sendmail-8.15.1-dynamic.patch
Normal file
46
sendmail-8.15.1-dynamic.patch
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
--- sendmail-8.14.4/devtools/OS/Linux 2010-01-03 22:55:35.000000000 +0100
|
||||||
|
+++ sendmail-8.14.4/devtools/OS/Linux.dynamic 2010-01-03 22:59:03.000000000 +0100
|
||||||
|
@@ -7,7 +7,7 @@
|
||||||
|
define(`confCCOPTS_SO', `-fPIC')
|
||||||
|
define(`confSM_OS_HEADER', `sm_os_linux')
|
||||||
|
define(`confMANROOT', `/usr/share/man/man')
|
||||||
|
-define(`confLIBS', `-ldl')
|
||||||
|
+define(`confLIBS', `-pie -ldl')
|
||||||
|
define(`confEBINDIR', `/usr/sbin')
|
||||||
|
APPENDDEF(`confLIBSEARCH', `crypt nsl')
|
||||||
|
|
||||||
|
@@ -22,19 +22,19 @@
|
||||||
|
ifelse(confBLDVARIANT, `DEBUG',
|
||||||
|
dnl Debug build
|
||||||
|
`
|
||||||
|
- define(`confOPTIMIZE',`-g -Wall')
|
||||||
|
+ define(`confOPTIMIZE',`-g -Wall -fpie')
|
||||||
|
',
|
||||||
|
dnl Optimized build
|
||||||
|
confBLDVARIANT, `OPTIMIZED',
|
||||||
|
`
|
||||||
|
- define(`confOPTIMIZE',`-O2')
|
||||||
|
+ define(`confOPTIMIZE',`-O2 -fpie')
|
||||||
|
',
|
||||||
|
dnl Purify build
|
||||||
|
confBLDVARIANT, `PURIFY',
|
||||||
|
`
|
||||||
|
- define(`confOPTIMIZE',`-g')
|
||||||
|
+ define(`confOPTIMIZE',`-g -fpie')
|
||||||
|
',
|
||||||
|
dnl default
|
||||||
|
`
|
||||||
|
- define(`confOPTIMIZE',`-O2')
|
||||||
|
+ define(`confOPTIMIZE',`-O2 -fpie')
|
||||||
|
')
|
||||||
|
--- sendmail-8.14.4/libsm/Makefile.m4 2006-08-16 23:06:31.000000000 +0200
|
||||||
|
+++ sendmail-8.14.4/libsm/Makefile.m4.dynamic 2010-01-03 23:01:36.000000000 +0100
|
||||||
|
@@ -6,7 +6,7 @@
|
||||||
|
define(`confREQUIRE_SM_OS_H', `true')
|
||||||
|
PREPENDDEF(`confENVDEF', `confMAPDEF')
|
||||||
|
bldPRODUCT_START(`library', `libsm')
|
||||||
|
-define(`bldSOURCES', ` assert.c debug.c errstring.c exc.c heap.c match.c rpool.c strdup.c strerror.c strl.c clrerr.c fclose.c feof.c ferror.c fflush.c fget.c fpos.c findfp.c flags.c fopen.c fprintf.c fpurge.c fput.c fread.c fscanf.c fseek.c fvwrite.c fwalk.c fwrite.c get.c makebuf.c put.c refill.c rewind.c setvbuf.c smstdio.c snprintf.c sscanf.c stdio.c strio.c ungetc.c vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c wbuf.c wsetup.c string.c stringf.c xtrap.c strto.c test.c strcasecmp.c strrevcmp.c signal.c clock.c config.c shm.c sem.c mbdb.c strexit.c cf.c ldap.c niprop.c mpeix.c memstat.c util.c inet6_ntop.c ')
|
||||||
|
+define(`bldSOURCES', ` assert.c debug.c errstring.c exc.c heap.c match.c rpool.c strdup.c strl.c clrerr.c fclose.c feof.c ferror.c fflush.c fget.c fpos.c findfp.c flags.c fopen.c fprintf.c fpurge.c fput.c fread.c fscanf.c fseek.c fvwrite.c fwalk.c fwrite.c get.c makebuf.c put.c refill.c rewind.c setvbuf.c smstdio.c snprintf.c sscanf.c stdio.c strio.c ungetc.c vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c wbuf.c wsetup.c string.c stringf.c xtrap.c strto.c test.c strcasecmp.c strrevcmp.c signal.c clock.c config.c shm.c sem.c mbdb.c strexit.c cf.c ldap.c niprop.c mpeix.c memstat.c util.c inet6_ntop.c ')
|
||||||
|
bldPRODUCT_END
|
||||||
|
dnl msg.c
|
||||||
|
dnl syslogio.c
|
18
sendmail-8.15.1-manpage.patch
Normal file
18
sendmail-8.15.1-manpage.patch
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
diff --git a/sendmail/sendmail.8 b/sendmail/sendmail.8
|
||||||
|
index 9e0b9af..0356839 100644
|
||||||
|
--- a/sendmail/sendmail.8
|
||||||
|
+++ b/sendmail/sendmail.8
|
||||||
|
@@ -729,13 +729,11 @@ collected statistics
|
||||||
|
/var/spool/mqueue/*
|
||||||
|
temp files
|
||||||
|
.SH SEE ALSO
|
||||||
|
-binmail(1),
|
||||||
|
mail(1),
|
||||||
|
rmail(1),
|
||||||
|
syslog(3),
|
||||||
|
aliases(5),
|
||||||
|
mailaddr(7),
|
||||||
|
-rc(8)
|
||||||
|
.PP
|
||||||
|
DARPA
|
||||||
|
Internet Request For Comments
|
127
sendmail-8.15.2-format-security.patch
Normal file
127
sendmail-8.15.2-format-security.patch
Normal file
@ -0,0 +1,127 @@
|
|||||||
|
diff --git a/sendmail/envelope.c b/sendmail/envelope.c
|
||||||
|
index bae6b00..beb91a1 100644
|
||||||
|
--- a/sendmail/envelope.c
|
||||||
|
+++ b/sendmail/envelope.c
|
||||||
|
@@ -323,7 +323,7 @@ dropenvelope(e, fulldrop, split)
|
||||||
|
|
||||||
|
/* don't free, allocated from e_rpool */
|
||||||
|
e->e_message = sm_rpool_strdup_x(e->e_rpool, buf);
|
||||||
|
- message(buf);
|
||||||
|
+ message("%s", buf);
|
||||||
|
e->e_flags |= EF_CLRQUEUE;
|
||||||
|
}
|
||||||
|
if (msg_timeout == MSG_NOT_BY)
|
||||||
|
@@ -420,7 +420,7 @@ dropenvelope(e, fulldrop, split)
|
||||||
|
/* don't free, allocated from e_rpool */
|
||||||
|
e->e_message = sm_rpool_strdup_x(e->e_rpool,
|
||||||
|
buf);
|
||||||
|
- message(buf);
|
||||||
|
+ message("%s", buf);
|
||||||
|
e->e_flags |= EF_WARNING;
|
||||||
|
}
|
||||||
|
if (msg_timeout == MSG_WARN_BY)
|
||||||
|
diff --git a/sendmail/parseaddr.c b/sendmail/parseaddr.c
|
||||||
|
index 2adb39c..ba99414 100644
|
||||||
|
--- a/sendmail/parseaddr.c
|
||||||
|
+++ b/sendmail/parseaddr.c
|
||||||
|
@@ -218,7 +218,7 @@ parseaddr(addr, a, flags, delim, delimptr, e, isrcpt)
|
||||||
|
msg = "Deferring message until queue run";
|
||||||
|
if (tTd(20, 1))
|
||||||
|
sm_dprintf("parseaddr: queueing message\n");
|
||||||
|
- message(msg);
|
||||||
|
+ message("%s", msg);
|
||||||
|
if (e->e_message == NULL && e->e_sendmode != SM_DEFER)
|
||||||
|
e->e_message = sm_rpool_strdup_x(e->e_rpool, msg);
|
||||||
|
a->q_state = QS_QUEUEUP;
|
||||||
|
diff --git a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c
|
||||||
|
index ba636a8..46c5356 100644
|
||||||
|
--- a/sendmail/srvrsmtp.c
|
||||||
|
+++ b/sendmail/srvrsmtp.c
|
||||||
|
@@ -122,6 +122,26 @@ extern ENVELOPE BlankEnvelope;
|
||||||
|
#define SKIP_SPACE(s) while (isascii(*s) && isspace(*s)) \
|
||||||
|
(s)++
|
||||||
|
|
||||||
|
+static inline void
|
||||||
|
+message1(fmt)
|
||||||
|
+ char *fmt;
|
||||||
|
+{
|
||||||
|
+ if (strchr(fmt, '%') == NULL)
|
||||||
|
+ message(fmt, NULL);
|
||||||
|
+ else
|
||||||
|
+ message("%s", fmt);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static inline void
|
||||||
|
+usrerr1(fmt)
|
||||||
|
+ char *fmt;
|
||||||
|
+{
|
||||||
|
+ if (strchr(fmt, '%') == NULL)
|
||||||
|
+ usrerr(fmt, NULL);
|
||||||
|
+ else
|
||||||
|
+ usrerr("%s", fmt);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
** PARSE_ESMTP_ARGS -- parse EMSTP arguments (for MAIL, RCPT)
|
||||||
|
**
|
||||||
|
@@ -578,13 +598,13 @@ static bool smtp_data __P((SMTP_T *, ENVELOPE *));
|
||||||
|
bool tsave = QuickAbort; \
|
||||||
|
\
|
||||||
|
QuickAbort = false; \
|
||||||
|
- usrerr(response); \
|
||||||
|
+ usrerr1(response); \
|
||||||
|
QuickAbort = tsave; \
|
||||||
|
e->e_sendqueue = NULL; \
|
||||||
|
goto doquit; \
|
||||||
|
} \
|
||||||
|
else \
|
||||||
|
- usrerr(response); \
|
||||||
|
+ usrerr1(response); \
|
||||||
|
break; \
|
||||||
|
\
|
||||||
|
case SMFIR_REJECT: \
|
||||||
|
@@ -931,7 +951,7 @@ smtp(nullserver, d_flags, e)
|
||||||
|
}
|
||||||
|
else if (strncmp(nullserver, "421 ", 4) == 0)
|
||||||
|
{
|
||||||
|
- message(nullserver);
|
||||||
|
+ message1(nullserver);
|
||||||
|
goto doquit;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1849,7 +1869,7 @@ smtp(nullserver, d_flags, e)
|
||||||
|
if (nullserver != NULL)
|
||||||
|
{
|
||||||
|
if (ISSMTPREPLY(nullserver))
|
||||||
|
- usrerr(nullserver);
|
||||||
|
+ usrerr1(nullserver);
|
||||||
|
else
|
||||||
|
usrerr("550 5.0.0 %s",
|
||||||
|
nullserver);
|
||||||
|
@@ -2449,7 +2469,7 @@ smtp(nullserver, d_flags, e)
|
||||||
|
tempfail = true;
|
||||||
|
smtp.sm_milterize = false;
|
||||||
|
if (response != NULL)
|
||||||
|
- usrerr(response);
|
||||||
|
+ usrerr1(response);
|
||||||
|
else
|
||||||
|
message("421 4.7.0 %s closing connection",
|
||||||
|
MyHostName);
|
||||||
|
@@ -3656,7 +3676,7 @@ smtp_data(smtp, e)
|
||||||
|
(void) extenhsc(response + 4, ' ', e->e_enhsc);
|
||||||
|
#endif /* _FFR_MILTER_ENHSC */
|
||||||
|
|
||||||
|
- usrerr(response);
|
||||||
|
+ usrerr1(response);
|
||||||
|
if (strncmp(response, "421 ", 4) == 0
|
||||||
|
|| strncmp(response, "421-", 4) == 0)
|
||||||
|
{
|
||||||
|
@@ -3776,7 +3796,7 @@ smtp_data(smtp, e)
|
||||||
|
if (ISSMTPCODE(response))
|
||||||
|
(void) extenhsc(response + 4, ' ', e->e_enhsc);
|
||||||
|
#endif /* _FFR_MILTER_ENHSC */
|
||||||
|
- usrerr(response);
|
||||||
|
+ usrerr1(response);
|
||||||
|
if (strncmp(response, "421 ", 4) == 0
|
||||||
|
|| strncmp(response, "421-", 4) == 0)
|
||||||
|
rv = false;
|
80
sendmail-8.15.2-libmilter-socket-activation.patch
Normal file
80
sendmail-8.15.2-libmilter-socket-activation.patch
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
Description: systemd-like socket activation support for libmilter
|
||||||
|
Author: Mikhail Gusarov <dottedmag@debian.org
|
||||||
|
diff --git a/libmilter/docs/smfi_setconn.html b/libmilter/docs/smfi_setconn.html
|
||||||
|
index eba7c5b..5b272a0 100644
|
||||||
|
--- a/libmilter/docs/smfi_setconn.html
|
||||||
|
+++ b/libmilter/docs/smfi_setconn.html
|
||||||
|
@@ -43,6 +43,7 @@ Set the socket through which this filter should communicate with sendmail.
|
||||||
|
<LI><CODE>{unix|local}:/path/to/file</CODE> -- A named pipe.
|
||||||
|
<LI><CODE>inet:port@{hostname|ip-address}</CODE> -- An IPV4 socket.
|
||||||
|
<LI><CODE>inet6:port@{hostname|ip-address}</CODE> -- An IPV6 socket.
|
||||||
|
+ <LI><CODE>fd:number</CODE> -- Pre-opened file descriptor.
|
||||||
|
</UL>
|
||||||
|
</TD></TR>
|
||||||
|
</TABLE>
|
||||||
|
diff --git a/libmilter/listener.c b/libmilter/listener.c
|
||||||
|
index 11d92bb..2ab533d 100644
|
||||||
|
--- a/libmilter/listener.c
|
||||||
|
+++ b/libmilter/listener.c
|
||||||
|
@@ -197,6 +197,11 @@ mi_milteropen(conn, backlog, rmsocket, name)
|
||||||
|
L_socksize = sizeof addr.sin6;
|
||||||
|
}
|
||||||
|
#endif /* NETINET6 */
|
||||||
|
+ else if (strcasecmp(p, "fd") == 0)
|
||||||
|
+ {
|
||||||
|
+ addr.sa.sa_family = AF_UNSPEC;
|
||||||
|
+ L_socksize = sizeof (_SOCK_ADDR);
|
||||||
|
+ }
|
||||||
|
else
|
||||||
|
{
|
||||||
|
smi_log(SMI_LOG_ERR, "%s: unknown socket type %s",
|
||||||
|
@@ -443,7 +448,21 @@ mi_milteropen(conn, backlog, rmsocket, name)
|
||||||
|
}
|
||||||
|
#endif /* NETINET || NETINET6 */
|
||||||
|
|
||||||
|
- sock = socket(addr.sa.sa_family, SOCK_STREAM, 0);
|
||||||
|
+ if (addr.sa.sa_family == AF_UNSPEC)
|
||||||
|
+ {
|
||||||
|
+ char *end;
|
||||||
|
+ sock = strtol(colon, &end, 10);
|
||||||
|
+ if (*end != '\0' || sock < 0)
|
||||||
|
+ {
|
||||||
|
+ smi_log(SMI_LOG_ERR, "%s: expected positive integer as fd, got %s", name, colon);
|
||||||
|
+ return INVALID_SOCKET;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ sock = socket(addr.sa.sa_family, SOCK_STREAM, 0);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (!ValidSocket(sock))
|
||||||
|
{
|
||||||
|
smi_log(SMI_LOG_ERR,
|
||||||
|
@@ -466,6 +485,7 @@ mi_milteropen(conn, backlog, rmsocket, name)
|
||||||
|
#if NETUNIX
|
||||||
|
addr.sa.sa_family != AF_UNIX &&
|
||||||
|
#endif /* NETUNIX */
|
||||||
|
+ addr.sa.sa_family != AF_UNSPEC &&
|
||||||
|
setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *) &sockopt,
|
||||||
|
sizeof(sockopt)) == -1)
|
||||||
|
{
|
||||||
|
@@ -511,7 +531,8 @@ mi_milteropen(conn, backlog, rmsocket, name)
|
||||||
|
}
|
||||||
|
#endif /* NETUNIX */
|
||||||
|
|
||||||
|
- if (bind(sock, &addr.sa, L_socksize) < 0)
|
||||||
|
+ if (addr.sa.sa_family != AF_UNSPEC &&
|
||||||
|
+ bind(sock, &addr.sa, L_socksize) < 0)
|
||||||
|
{
|
||||||
|
smi_log(SMI_LOG_ERR,
|
||||||
|
"%s: Unable to bind to port %s: %s",
|
||||||
|
@@ -818,7 +839,7 @@ mi_listener(conn, dbg, smfi, timeout, backlog)
|
||||||
|
# ifdef BSD4_4_SOCKADDR
|
||||||
|
cliaddr.sa.sa_len == 0 ||
|
||||||
|
# endif /* BSD4_4_SOCKADDR */
|
||||||
|
- cliaddr.sa.sa_family != L_family))
|
||||||
|
+ (L_family != AF_UNSPEC && cliaddr.sa.sa_family != L_family)))
|
||||||
|
{
|
||||||
|
(void) closesocket(connfd);
|
||||||
|
connfd = INVALID_SOCKET;
|
13
sendmail-8.15.2-localdomain.patch
Normal file
13
sendmail-8.15.2-localdomain.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff --git a/cf/m4/proto.m4 b/cf/m4/proto.m4
|
||||||
|
index 696bf36..5a5963b 100644
|
||||||
|
--- a/cf/m4/proto.m4
|
||||||
|
+++ b/cf/m4/proto.m4
|
||||||
|
@@ -1898,6 +1898,8 @@ R<@> < $* @ [IPv6:::1] >
|
||||||
|
$: < ? $&{client_name} > < $1 @ [IPv6:::1] >
|
||||||
|
R<@> < $* @ localhost.$m >
|
||||||
|
$: < ? $&{client_name} > < $1 @ localhost.$m >
|
||||||
|
+R<@> < $* @ localhost.localdomain >
|
||||||
|
+ $: < ? $&{client_name} > < $1 @ localhost.localdomain >
|
||||||
|
ifdef(`_NO_UUCP_', `dnl',
|
||||||
|
`R<@> < $* @ localhost.UUCP >
|
||||||
|
$: < ? $&{client_name} > < $1 @ localhost.UUCP >')
|
20
sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch
Normal file
20
sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
diff --git a/sendmail/tls.c b/sendmail/tls.c
|
||||||
|
index 16cb93f..9338380 100644
|
||||||
|
--- a/sendmail/tls.c
|
||||||
|
+++ b/sendmail/tls.c
|
||||||
|
@@ -1329,13 +1329,8 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
|
||||||
|
}
|
||||||
|
|
||||||
|
#if _FFR_TLS_EC
|
||||||
|
- ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
|
||||||
|
- if (ecdh != NULL)
|
||||||
|
- {
|
||||||
|
- SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE);
|
||||||
|
- SSL_CTX_set_tmp_ecdh(*ctx, ecdh);
|
||||||
|
- EC_KEY_free(ecdh);
|
||||||
|
- }
|
||||||
|
+ SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE);
|
||||||
|
+ SSL_CTX_set_ecdh_auto(*ctx, 1);
|
||||||
|
#endif /* _FFR_TLS_EC */
|
||||||
|
|
||||||
|
}
|
182
sendmail-8.15.2-openssl-1.1.0-fix.patch
Normal file
182
sendmail-8.15.2-openssl-1.1.0-fix.patch
Normal file
@ -0,0 +1,182 @@
|
|||||||
|
--- sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 15:20:59.953546417 +0100
|
||||||
|
+++ sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 17:26:43.868521378 +0100
|
||||||
|
@@ -63,14 +63,28 @@ static unsigned char dh512_g[] =
|
||||||
|
static DH *
|
||||||
|
get_dh512()
|
||||||
|
{
|
||||||
|
- DH *dh = NULL;
|
||||||
|
+ DH *dh;
|
||||||
|
+ BIGNUM *p, *g;
|
||||||
|
|
||||||
|
if ((dh = DH_new()) == NULL)
|
||||||
|
return NULL;
|
||||||
|
- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
|
||||||
|
- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
|
||||||
|
- if ((dh->p == NULL) || (dh->g == NULL))
|
||||||
|
+ p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
|
||||||
|
+ g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
|
||||||
|
+ if (p == NULL || g == NULL)
|
||||||
|
+ {
|
||||||
|
+ BN_free(p);
|
||||||
|
+ BN_free(g);
|
||||||
|
+ DH_free(dh);
|
||||||
|
return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
|
||||||
|
+ DH_set0_pqg(dh, p, NULL, g);
|
||||||
|
+#else
|
||||||
|
+ dh->p = p;
|
||||||
|
+ dh->g = g;
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
return dh;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -117,16 +131,27 @@ get_dh2048()
|
||||||
|
};
|
||||||
|
static unsigned char dh2048_g[]={ 0x02, };
|
||||||
|
DH *dh;
|
||||||
|
+ BIGNUM *p, *g;
|
||||||
|
|
||||||
|
if ((dh=DH_new()) == NULL)
|
||||||
|
return(NULL);
|
||||||
|
- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
|
||||||
|
- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
|
||||||
|
- if ((dh->p == NULL) || (dh->g == NULL))
|
||||||
|
+ p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
|
||||||
|
+ g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
|
||||||
|
+ if (p == NULL || g == NULL)
|
||||||
|
{
|
||||||
|
+ BN_free(p);
|
||||||
|
+ BN_free(g);
|
||||||
|
DH_free(dh);
|
||||||
|
- return(NULL);
|
||||||
|
+ return NULL;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
|
||||||
|
+ DH_set0_pqg(dh, p, NULL, g);
|
||||||
|
+#else
|
||||||
|
+ dh->p = p;
|
||||||
|
+ dh->g = g;
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
return(dh);
|
||||||
|
}
|
||||||
|
# endif /* !NO_DH */
|
||||||
|
@@ -715,6 +740,54 @@ static char server_session_id_context[]
|
||||||
|
# define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 0
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+static RSA *
|
||||||
|
+generate_rsa_key(bits, e)
|
||||||
|
+ int bits;
|
||||||
|
+ unsigned long e;
|
||||||
|
+{
|
||||||
|
+#if OPENSSL_VERSION_NUMBER < 0x00908000L
|
||||||
|
+ return RSA_generate_key(bits, e, NULL, NULL);
|
||||||
|
+#else
|
||||||
|
+ BIGNUM *bne;
|
||||||
|
+ RSA *rsa = NULL;
|
||||||
|
+
|
||||||
|
+ bne = BN_new();
|
||||||
|
+ if (bne && BN_set_word(bne, e) != 1)
|
||||||
|
+ rsa = RSA_new();
|
||||||
|
+ if (rsa && RSA_generate_key_ex(rsa, bits, bne, NULL) != 1)
|
||||||
|
+ {
|
||||||
|
+ RSA_free(rsa);
|
||||||
|
+ rsa = NULL;
|
||||||
|
+ }
|
||||||
|
+ BN_free(bne);
|
||||||
|
+ return rsa;
|
||||||
|
+#endif
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static DSA *
|
||||||
|
+generate_dsa_parameters(bits, seed, seed_len, counter_ret, h_ret)
|
||||||
|
+ int bits;
|
||||||
|
+ unsigned char *seed;
|
||||||
|
+ int seed_len;
|
||||||
|
+ int *counter_ret;
|
||||||
|
+ unsigned long *h_ret;
|
||||||
|
+{
|
||||||
|
+#if OPENSSL_VERSION_NUMBER < 0x00908000L
|
||||||
|
+ return DSA_generate_parameters(bits, seed, seed_len, counter_ret,
|
||||||
|
+ h_ret, NULL, NULL);
|
||||||
|
+#else
|
||||||
|
+ DSA *dsa = DSA_new();
|
||||||
|
+
|
||||||
|
+ if (dsa && DSA_generate_parameters_ex(dsa, bits, seed, seed_len,
|
||||||
|
+ counter_ret, h_ret, NULL) != 1)
|
||||||
|
+ {
|
||||||
|
+ DSA_free(dsa);
|
||||||
|
+ dsa = NULL;
|
||||||
|
+ }
|
||||||
|
+ return dsa;
|
||||||
|
+#endif
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
bool
|
||||||
|
inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam)
|
||||||
|
SSL_CTX **ctx;
|
||||||
|
@@ -926,7 +999,7 @@ inittls(ctx, req, options, srv, certfile
|
||||||
|
{
|
||||||
|
/* get a pointer to the current certificate validation store */
|
||||||
|
store = SSL_CTX_get_cert_store(*ctx); /* does not fail */
|
||||||
|
- crl_file = BIO_new(BIO_s_file_internal());
|
||||||
|
+ crl_file = BIO_new(BIO_s_file());
|
||||||
|
if (crl_file != NULL)
|
||||||
|
{
|
||||||
|
if (BIO_read_filename(crl_file, CRLFile) >= 0)
|
||||||
|
@@ -1003,8 +1076,7 @@ inittls(ctx, req, options, srv, certfile
|
||||||
|
if (bitset(TLS_I_RSA_TMP, req)
|
||||||
|
# if SM_CONF_SHM
|
||||||
|
&& ShmId != SM_SHM_NO_ID &&
|
||||||
|
- (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL,
|
||||||
|
- NULL)) == NULL
|
||||||
|
+ (rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4)) == NULL
|
||||||
|
# else /* SM_CONF_SHM */
|
||||||
|
&& 0 /* no shared memory: no need to generate key now */
|
||||||
|
# endif /* SM_CONF_SHM */
|
||||||
|
@@ -1210,8 +1282,8 @@ inittls(ctx, req, options, srv, certfile
|
||||||
|
sm_dprintf("inittls: Generating %d bit DH parameters\n", bits);
|
||||||
|
|
||||||
|
/* this takes a while! */
|
||||||
|
- dsa = DSA_generate_parameters(bits, NULL, 0, NULL,
|
||||||
|
- NULL, 0, NULL);
|
||||||
|
+ dsa = generate_dsa_parameters(bits, NULL, 0, NULL,
|
||||||
|
+ NULL);
|
||||||
|
dh = DSA_dup_DH(dsa);
|
||||||
|
DSA_free(dsa);
|
||||||
|
}
|
||||||
|
@@ -1747,7 +1819,7 @@ tmp_rsa_key(s, export, keylength)
|
||||||
|
|
||||||
|
if (rsa_tmp != NULL)
|
||||||
|
RSA_free(rsa_tmp);
|
||||||
|
- rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL);
|
||||||
|
+ rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4);
|
||||||
|
if (rsa_tmp == NULL)
|
||||||
|
{
|
||||||
|
if (LogLevel > 0)
|
||||||
|
@@ -1974,11 +2046,20 @@ x509_verify_cb(ok, ctx)
|
||||||
|
{
|
||||||
|
if (LogLevel > 13)
|
||||||
|
tls_verify_log(ok, ctx, "x509");
|
||||||
|
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
|
||||||
|
+ if (X509_STORE_CTX_get_error(ctx) ==
|
||||||
|
+ X509_V_ERR_UNABLE_TO_GET_CRL)
|
||||||
|
+ {
|
||||||
|
+ X509_STORE_CTX_set_error(ctx, 0);
|
||||||
|
+ return 1; /* override it */
|
||||||
|
+ }
|
||||||
|
+#else
|
||||||
|
if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL)
|
||||||
|
{
|
||||||
|
ctx->error = 0;
|
||||||
|
return 1; /* override it */
|
||||||
|
}
|
||||||
|
+#endif
|
||||||
|
}
|
||||||
|
return ok;
|
||||||
|
}
|
246
sendmail-8.15.2-qos.patch
Normal file
246
sendmail-8.15.2-qos.patch
Normal file
@ -0,0 +1,246 @@
|
|||||||
|
diff --git a/cf/cf/submit.mc b/cf/cf/submit.mc
|
||||||
|
index b9dfb16..cb325cc 100644
|
||||||
|
--- a/cf/cf/submit.mc
|
||||||
|
+++ b/cf/cf/submit.mc
|
||||||
|
@@ -22,6 +22,8 @@ define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
|
||||||
|
define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
|
||||||
|
define(`confTIME_ZONE', `USE_TZ')dnl
|
||||||
|
define(`confDONT_INIT_GROUPS', `True')dnl
|
||||||
|
+dnl # If you're operating in a DSCP/RFC-4594 environment with QoS
|
||||||
|
+dnl define(`confINET_QOS', `AF11')dnl
|
||||||
|
define(`confPID_FILE', `/run/sm-client.pid')dnl
|
||||||
|
dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl
|
||||||
|
FEATURE(`use_ct_file')dnl
|
||||||
|
diff --git a/cf/m4/proto.m4 b/cf/m4/proto.m4
|
||||||
|
index 5a5963b..0df3416 100644
|
||||||
|
--- a/cf/m4/proto.m4
|
||||||
|
+++ b/cf/m4/proto.m4
|
||||||
|
@@ -251,6 +251,9 @@ _OPTION(SevenBitInput, `confSEVEN_BIT_INPUT', `False')
|
||||||
|
# 8-bit data handling
|
||||||
|
_OPTION(EightBitMode, `confEIGHT_BIT_HANDLING', `pass8')
|
||||||
|
|
||||||
|
+# DSCP marking of traffic (IP_TOS)
|
||||||
|
+_OPTION(InetQoS, `confINET_QOS', `none')
|
||||||
|
+
|
||||||
|
# wait for alias file rebuild (default units: minutes)
|
||||||
|
_OPTION(AliasWait, `confALIAS_WAIT', `5m')
|
||||||
|
|
||||||
|
diff --git a/sendmail/conf.c b/sendmail/conf.c
|
||||||
|
index cbb9c76..1b55533 100644
|
||||||
|
--- a/sendmail/conf.c
|
||||||
|
+++ b/sendmail/conf.c
|
||||||
|
@@ -6430,6 +6430,10 @@ char *FFRCompileOptions[] =
|
||||||
|
#if _FFR_QF_PARANOIA
|
||||||
|
"_FFR_QF_PARANOIA",
|
||||||
|
#endif
|
||||||
|
+#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
|
||||||
|
+ /* QoS */
|
||||||
|
+ "_FFR_QOS",
|
||||||
|
+#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
|
||||||
|
#if _FFR_QUEUE_GROUP_SORTORDER
|
||||||
|
/* Allow QueueSortOrder per queue group. */
|
||||||
|
/* XXX: Still need to actually use qgrp->qg_sortorder */
|
||||||
|
diff --git a/sendmail/daemon.c b/sendmail/daemon.c
|
||||||
|
index 4288365..86fe319 100644
|
||||||
|
--- a/sendmail/daemon.c
|
||||||
|
+++ b/sendmail/daemon.c
|
||||||
|
@@ -104,6 +104,10 @@ static int NDaemons = 0; /* actual number of daemons */
|
||||||
|
|
||||||
|
static time_t NextDiskSpaceCheck = 0;
|
||||||
|
|
||||||
|
+#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
|
||||||
|
+int InetQoS = 0; /* none by default */
|
||||||
|
+#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
** GETREQUESTS -- open mail IPC port and get requests.
|
||||||
|
**
|
||||||
|
@@ -1139,6 +1143,16 @@ opendaemonsocket(d, firsttime)
|
||||||
|
(void) setsockopt(d->d_socket, SOL_SOCKET,
|
||||||
|
SO_KEEPALIVE, (char *)&on, sizeof(on));
|
||||||
|
|
||||||
|
+#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
|
||||||
|
+ if (InetQoS != 0x00
|
||||||
|
+ && (d->d_addr.sa.sa_family == AF_INET
|
||||||
|
+ || (d->d_addr.sin6.sin6_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(d->d_addr.sin6.sin6_addr.s6_addr32)))) {
|
||||||
|
+ if (setsockopt(d->d_socket, SOL_IP,
|
||||||
|
+ IP_TOS, (char *)&InetQoS, sizeof(InetQoS)) < 0)
|
||||||
|
+ syserr("opendaemonsock: daemon %s: setsockopt(IP_TOS)", d->d_name);
|
||||||
|
+ }
|
||||||
|
+#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
|
||||||
|
+
|
||||||
|
#ifdef SO_RCVBUF
|
||||||
|
if (d->d_tcprcvbufsize > 0)
|
||||||
|
{
|
||||||
|
@@ -2571,6 +2585,16 @@ gothostent:
|
||||||
|
return EX_TEMPFAIL;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
|
||||||
|
+ if (InetQoS != 0x00
|
||||||
|
+ && (family == AF_INET
|
||||||
|
+ || (family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(addr.sin6.sin6_addr.s6_addr32))))
|
||||||
|
+ {
|
||||||
|
+ if (setsockopt(s, SOL_IP, IP_TOS,
|
||||||
|
+ (char *)&InetQoS, sizeof(InetQoS)) < 0)
|
||||||
|
+ syserr("makeconnection: setsockopt(IP_TOS)");
|
||||||
|
+ }
|
||||||
|
+#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
|
||||||
|
#ifdef SO_SNDBUF
|
||||||
|
if (ClientSettings[family].d_tcpsndbufsize > 0)
|
||||||
|
{
|
||||||
|
diff --git a/sendmail/readcf.c b/sendmail/readcf.c
|
||||||
|
index 2b0fbf7..86892f5 100644
|
||||||
|
--- a/sendmail/readcf.c
|
||||||
|
+++ b/sendmail/readcf.c
|
||||||
|
@@ -18,6 +18,7 @@ SM_RCSID("@(#)$Id: readcf.c,v 8.692 2013-11-22 20:51:56 ca Exp $")
|
||||||
|
|
||||||
|
#if NETINET || NETINET6
|
||||||
|
# include <arpa/inet.h>
|
||||||
|
+# include <netinet/ip.h>
|
||||||
|
#endif /* NETINET || NETINET6 */
|
||||||
|
|
||||||
|
|
||||||
|
@@ -2888,8 +2889,8 @@ static struct optioninfo
|
||||||
|
# define O_RCPTTHROTDELAY 0xe6
|
||||||
|
{ "BadRcptThrottleDelay", O_RCPTTHROTDELAY, OI_SAFE },
|
||||||
|
#endif /* _FFR_RCPTTHROTDELAY */
|
||||||
|
-#if 0 && _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
|
||||||
|
-# define O_INETQOS 0xe7 /* reserved for FFR_QOS */
|
||||||
|
+#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
|
||||||
|
+# define O_INETQOS 0xe7
|
||||||
|
{ "InetQoS", O_INETQOS, OI_NONE },
|
||||||
|
#endif
|
||||||
|
#if STARTTLS && _FFR_FIPSMODE
|
||||||
|
@@ -2914,6 +2915,77 @@ static struct optioninfo
|
||||||
|
{ NULL, '\0', OI_NONE }
|
||||||
|
};
|
||||||
|
|
||||||
|
+#ifdef O_INETQOS
|
||||||
|
+static struct qosmap
|
||||||
|
+{
|
||||||
|
+ char *name; /* name of the setting */
|
||||||
|
+ int value; /* corresponding setsockopt() value */
|
||||||
|
+} QoSMap[] = {
|
||||||
|
+#ifdef IPTOS_CLASS_CS0
|
||||||
|
+ { "CS0", IPTOS_CLASS_CS0 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef IPTOS_CLASS_CS1
|
||||||
|
+ { "CS1", IPTOS_CLASS_CS1 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef IPTOS_DSCP_AF11
|
||||||
|
+ { "AF11", IPTOS_DSCP_AF11 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef IPTOS_DSCP_AF12
|
||||||
|
+ { "AF12", IPTOS_DSCP_AF12 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef IPTOS_DSCP_AF13
|
||||||
|
+ { "AF13", IPTOS_DSCP_AF13 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef IPTOS_CLASS_CS2
|
||||||
|
+ { "CS2", IPTOS_CLASS_CS2 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef IPTOS_DSCP_AF21
|
||||||
|
+ { "AF21", IPTOS_DSCP_AF21 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef IPTOS_DSCP_AF22
|
||||||
|
+ { "AF22", IPTOS_DSCP_AF22 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef IPTOS_DSCP_AF23
|
||||||
|
+ { "AF23", IPTOS_DSCP_AF23 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef IPTOS_CLASS_CS3
|
||||||
|
+ { "CS3", IPTOS_CLASS_CS3 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef IPTOS_DSCP_AF31
|
||||||
|
+ { "AF31", IPTOS_DSCP_AF31 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef IPTOS_DSCP_AF32
|
||||||
|
+ { "AF32", IPTOS_DSCP_AF32 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef IPTOS_DSCP_AF33
|
||||||
|
+ { "AF33", IPTOS_DSCP_AF33 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef IPTOS_CLASS_CS4
|
||||||
|
+ { "CS4", IPTOS_CLASS_CS4 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef IPTOS_DSCP_AF41
|
||||||
|
+ { "AF41", IPTOS_DSCP_AF41 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef IPTOS_DSCP_AF42
|
||||||
|
+ { "AF42", IPTOS_DSCP_AF42 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef IPTOS_DSCP_AF43
|
||||||
|
+ { "AF43", IPTOS_DSCP_AF43 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef IPTOS_CLASS_CS5
|
||||||
|
+ { "CS5", IPTOS_CLASS_CS5 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef IPTOS_CLASS_CS6
|
||||||
|
+ { "CS6", IPTOS_CLASS_CS6 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef IPTOS_CLASS_CS7
|
||||||
|
+ { "CS7", IPTOS_CLASS_CS7 },
|
||||||
|
+#endif
|
||||||
|
+ { "none", 0x00 },
|
||||||
|
+ { NULL, 0 }
|
||||||
|
+};
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
# define CANONIFY(val)
|
||||||
|
|
||||||
|
# define SET_OPT_DEFAULT(opt, val) opt = val
|
||||||
|
@@ -4540,6 +4612,33 @@ setoption(opt, val, safe, sticky, e)
|
||||||
|
UseCompressedIPv6Addresses = atobool(val);
|
||||||
|
break;
|
||||||
|
|
||||||
|
+#ifdef O_INETQOS
|
||||||
|
+ case O_INETQOS:
|
||||||
|
+ {
|
||||||
|
+ struct qosmap *qmp;
|
||||||
|
+ InetQoS = -1;
|
||||||
|
+
|
||||||
|
+ for (qmp = QoSMap; qmp->name != NULL; ++qmp) {
|
||||||
|
+ if (!strcmp(val, qmp->name)) {
|
||||||
|
+ InetQoS = qmp->value;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ ** we could allow writing it as a hex value, but
|
||||||
|
+ ** we don't at this time.
|
||||||
|
+ **/
|
||||||
|
+ if (qmp->name == NULL) {
|
||||||
|
+ (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
|
||||||
|
+ "Warning: Option: %s unknown parameter '%s'\n",
|
||||||
|
+ OPTNAME, val);
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
default:
|
||||||
|
if (tTd(37, 1))
|
||||||
|
{
|
||||||
|
diff --git a/sendmail/sendmail.h b/sendmail/sendmail.h
|
||||||
|
index b2d0211..3bcc2e2 100644
|
||||||
|
--- a/sendmail/sendmail.h
|
||||||
|
+++ b/sendmail/sendmail.h
|
||||||
|
@@ -2537,7 +2537,14 @@ EXTERN struct termescape TermEscape; /* terminal escape codes */
|
||||||
|
EXTERN SOCKADDR ConnectOnlyTo; /* override connection address (for testing) */
|
||||||
|
EXTERN SOCKADDR RealHostAddr; /* address of host we are talking to */
|
||||||
|
extern const SM_EXC_TYPE_T EtypeQuickAbort; /* type of a QuickAbort exception */
|
||||||
|
-
|
||||||
|
+#if _FFR_QOS
|
||||||
|
+# if !defined(SOL_IP) && defined(IPPROTO_IP)
|
||||||
|
+# define SOL_IP IPPROTO_IP
|
||||||
|
+# endif
|
||||||
|
+# if defined(SOL_IP) && defined(IP_TOS)
|
||||||
|
+EXTERN int InetQoS; /* QoS mapping */
|
||||||
|
+# endif
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
EXTERN int ConnectionRateWindowSize;
|
||||||
|
#if STARTTLS && USE_OPENSSL_ENGINE
|
249
sendmail-8.15.2-smtp-session-reuse-fix.patch
Normal file
249
sendmail-8.15.2-smtp-session-reuse-fix.patch
Normal file
@ -0,0 +1,249 @@
|
|||||||
|
diff -ru a/sendmail/deliver.c b/sendmail/deliver.c
|
||||||
|
--- a/sendmail/deliver.c 2016-02-29 06:01:55.000000000 -0800
|
||||||
|
+++ b/sendmail/deliver.c 2016-02-29 06:02:06.000000000 -0800
|
||||||
|
@@ -6274,8 +6274,7 @@
|
||||||
|
tlslogerr(LOG_WARNING, "client");
|
||||||
|
}
|
||||||
|
|
||||||
|
- SSL_free(clt_ssl);
|
||||||
|
- clt_ssl = NULL;
|
||||||
|
+ SM_SSL_FREE(clt_ssl);
|
||||||
|
return EX_SOFTWARE;
|
||||||
|
}
|
||||||
|
mci->mci_ssl = clt_ssl;
|
||||||
|
@@ -6287,8 +6286,7 @@
|
||||||
|
return EX_OK;
|
||||||
|
|
||||||
|
/* failure */
|
||||||
|
- SSL_free(clt_ssl);
|
||||||
|
- clt_ssl = NULL;
|
||||||
|
+ SM_SSL_FREE(clt_ssl);
|
||||||
|
return EX_SOFTWARE;
|
||||||
|
}
|
||||||
|
/*
|
||||||
|
@@ -6309,7 +6307,7 @@
|
||||||
|
|
||||||
|
if (!bitset(MCIF_TLSACT, mci->mci_flags))
|
||||||
|
return EX_OK;
|
||||||
|
- r = endtls(mci->mci_ssl, "client");
|
||||||
|
+ r = endtls(&mci->mci_ssl, "client");
|
||||||
|
mci->mci_flags &= ~MCIF_TLSACT;
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
diff -ru a/sendmail/macro.c b/sendmail/macro.c
|
||||||
|
--- a/sendmail/macro.c 2016-02-29 06:01:55.000000000 -0800
|
||||||
|
+++ b/sendmail/macro.c 2016-02-29 06:02:06.000000000 -0800
|
||||||
|
@@ -362,6 +362,33 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
+** MACTABCLEAR -- clear entire macro table
|
||||||
|
+**
|
||||||
|
+** Parameters:
|
||||||
|
+** mac -- Macro table.
|
||||||
|
+**
|
||||||
|
+** Returns:
|
||||||
|
+** none.
|
||||||
|
+**
|
||||||
|
+** Side Effects:
|
||||||
|
+** clears entire mac structure including rpool pointer!
|
||||||
|
+*/
|
||||||
|
+
|
||||||
|
+void
|
||||||
|
+mactabclear(mac)
|
||||||
|
+ MACROS_T *mac;
|
||||||
|
+{
|
||||||
|
+ int i;
|
||||||
|
+
|
||||||
|
+ if (mac->mac_rpool == NULL)
|
||||||
|
+ {
|
||||||
|
+ for (i = 0; i < MAXMACROID; i++)
|
||||||
|
+ SM_FREE_CLR(mac->mac_table[i]);
|
||||||
|
+ }
|
||||||
|
+ memset((char *) mac, '\0', sizeof(*mac));
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
** MACDEFINE -- bind a macro name to a value
|
||||||
|
**
|
||||||
|
** Set a macro to a value, with fancy storage management.
|
||||||
|
diff -ru a/sendmail/mci.c b/sendmail/mci.c
|
||||||
|
--- a/sendmail/mci.c 2016-02-29 06:01:55.000000000 -0800
|
||||||
|
+++ b/sendmail/mci.c 2016-02-29 06:02:06.000000000 -0800
|
||||||
|
@@ -25,6 +25,7 @@
|
||||||
|
int, bool));
|
||||||
|
static bool mci_load_persistent __P((MCI *));
|
||||||
|
static void mci_uncache __P((MCI **, bool));
|
||||||
|
+static void mci_clear __P((MCI *));
|
||||||
|
static int mci_lock_host_statfile __P((MCI *));
|
||||||
|
static int mci_read_persistent __P((SM_FILE_T *, MCI *));
|
||||||
|
|
||||||
|
@@ -253,6 +254,7 @@
|
||||||
|
SM_FREE_CLR(mci->mci_status);
|
||||||
|
SM_FREE_CLR(mci->mci_rstatus);
|
||||||
|
SM_FREE_CLR(mci->mci_heloname);
|
||||||
|
+ mci_clear(mci);
|
||||||
|
if (mci->mci_rpool != NULL)
|
||||||
|
{
|
||||||
|
sm_rpool_free(mci->mci_rpool);
|
||||||
|
@@ -315,6 +317,41 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
+** MCI_CLEAR -- clear mci
|
||||||
|
+**
|
||||||
|
+** Parameters:
|
||||||
|
+** mci -- the connection to clear.
|
||||||
|
+**
|
||||||
|
+** Returns:
|
||||||
|
+** none.
|
||||||
|
+*/
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+mci_clear(mci)
|
||||||
|
+ MCI *mci;
|
||||||
|
+{
|
||||||
|
+ if (mci == NULL)
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
+ mci->mci_maxsize = 0;
|
||||||
|
+ mci->mci_min_by = 0;
|
||||||
|
+ mci->mci_deliveries = 0;
|
||||||
|
+#if SASL
|
||||||
|
+ if (bitset(MCIF_AUTHACT, mci->mci_flags))
|
||||||
|
+ sasl_dispose(&mci->mci_conn);
|
||||||
|
+#endif
|
||||||
|
+#if STARTTLS
|
||||||
|
+ if (bitset(MCIF_TLSACT, mci->mci_flags) && mci->mci_ssl != NULL)
|
||||||
|
+ SM_SSL_FREE(mci->mci_ssl);
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+ /* which flags to preserve? */
|
||||||
|
+ mci->mci_flags &= MCIF_CACHED;
|
||||||
|
+ mactabclear(&mci->mci_macro);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
** MCI_GET -- get information about a particular host
|
||||||
|
**
|
||||||
|
** Parameters:
|
||||||
|
@@ -419,6 +456,7 @@
|
||||||
|
mci->mci_errno = 0;
|
||||||
|
mci->mci_exitstat = EX_OK;
|
||||||
|
}
|
||||||
|
+ mci_clear(mci);
|
||||||
|
}
|
||||||
|
|
||||||
|
return mci;
|
||||||
|
diff -ru a/sendmail/sendmail.h b/sendmail/sendmail.h
|
||||||
|
--- a/sendmail/sendmail.h 2016-02-29 06:01:55.000000000 -0800
|
||||||
|
+++ b/sendmail/sendmail.h 2016-02-29 06:02:06.000000000 -0800
|
||||||
|
@@ -1186,6 +1186,7 @@
|
||||||
|
#define macid(name) macid_parse(name, NULL)
|
||||||
|
extern char *macname __P((int));
|
||||||
|
extern char *macvalue __P((int, ENVELOPE *));
|
||||||
|
+extern void mactabclear __P((MACROS_T *));
|
||||||
|
extern int rscheck __P((char *, char *, char *, ENVELOPE *, int, int, char *, char *, ADDRESS *, char **));
|
||||||
|
extern int rscap __P((char *, char *, char *, ENVELOPE *, char ***, char *, int));
|
||||||
|
extern void setclass __P((int, char *));
|
||||||
|
@@ -2002,7 +2003,15 @@
|
||||||
|
extern void setclttls __P((bool));
|
||||||
|
extern bool initsrvtls __P((bool));
|
||||||
|
extern int tls_get_info __P((SSL *, bool, char *, MACROS_T *, bool));
|
||||||
|
-extern int endtls __P((SSL *, char *));
|
||||||
|
+#define SM_SSL_FREE(ssl) \
|
||||||
|
+ do { \
|
||||||
|
+ if (ssl != NULL) \
|
||||||
|
+ { \
|
||||||
|
+ SSL_free(ssl); \
|
||||||
|
+ ssl = NULL; \
|
||||||
|
+ } \
|
||||||
|
+ } while (0)
|
||||||
|
+extern int endtls __P((SSL **, char *));
|
||||||
|
extern void tlslogerr __P((int, const char *));
|
||||||
|
|
||||||
|
|
||||||
|
diff -ru a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c
|
||||||
|
--- a/sendmail/srvrsmtp.c 2016-02-29 06:01:55.000000000 -0800
|
||||||
|
+++ b/sendmail/srvrsmtp.c 2016-02-29 06:02:06.000000000 -0800
|
||||||
|
@@ -2122,8 +2122,7 @@
|
||||||
|
if (get_tls_se_options(e, srv_ssl, true) != 0)
|
||||||
|
{
|
||||||
|
message("454 4.3.3 TLS not available: error setting options");
|
||||||
|
- SSL_free(srv_ssl);
|
||||||
|
- srv_ssl = NULL;
|
||||||
|
+ SM_SSL_FREE(srv_ssl);
|
||||||
|
goto tls_done;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -2145,8 +2144,7 @@
|
||||||
|
SSL_set_wfd(srv_ssl, wfd) <= 0)
|
||||||
|
{
|
||||||
|
message("454 4.3.3 TLS not available: error set fd");
|
||||||
|
- SSL_free(srv_ssl);
|
||||||
|
- srv_ssl = NULL;
|
||||||
|
+ SM_SSL_FREE(srv_ssl);
|
||||||
|
goto tls_done;
|
||||||
|
}
|
||||||
|
if (!smtps)
|
||||||
|
@@ -2188,8 +2186,7 @@
|
||||||
|
tlslogerr(LOG_WARNING, "server");
|
||||||
|
}
|
||||||
|
tls_ok_srv = false;
|
||||||
|
- SSL_free(srv_ssl);
|
||||||
|
- srv_ssl = NULL;
|
||||||
|
+ SM_SSL_FREE(srv_ssl);
|
||||||
|
|
||||||
|
/*
|
||||||
|
** according to the next draft of
|
||||||
|
@@ -3416,7 +3413,7 @@
|
||||||
|
/* shutdown TLS connection */
|
||||||
|
if (tls_active)
|
||||||
|
{
|
||||||
|
- (void) endtls(srv_ssl, "server");
|
||||||
|
+ (void) endtls(&srv_ssl, "server");
|
||||||
|
tls_active = false;
|
||||||
|
}
|
||||||
|
#endif /* STARTTLS */
|
||||||
|
diff -ru a/sendmail/tls.c b/sendmail/tls.c
|
||||||
|
--- a/sendmail/tls.c 2016-02-29 06:01:55.000000000 -0800
|
||||||
|
+++ b/sendmail/tls.c 2016-02-29 06:02:06.000000000 -0800
|
||||||
|
@@ -1624,7 +1624,7 @@
|
||||||
|
** ENDTLS -- shutdown secure connection
|
||||||
|
**
|
||||||
|
** Parameters:
|
||||||
|
-** ssl -- SSL connection information.
|
||||||
|
+** pssl -- pointer to TLS session context
|
||||||
|
** side -- server/client (for logging).
|
||||||
|
**
|
||||||
|
** Returns:
|
||||||
|
@@ -1632,12 +1632,16 @@
|
||||||
|
*/
|
||||||
|
|
||||||
|
int
|
||||||
|
-endtls(ssl, side)
|
||||||
|
- SSL *ssl;
|
||||||
|
+endtls(pssl, side)
|
||||||
|
+ SSL **pssl;
|
||||||
|
char *side;
|
||||||
|
{
|
||||||
|
int ret = EX_OK;
|
||||||
|
+ SSL *ssl;
|
||||||
|
|
||||||
|
+ SM_REQUIRE(pssl != NULL);
|
||||||
|
+ ret = EX_OK;
|
||||||
|
+ ssl = *pssl;
|
||||||
|
if (ssl != NULL)
|
||||||
|
{
|
||||||
|
int r;
|
||||||
|
@@ -1703,8 +1707,7 @@
|
||||||
|
ret = EX_SOFTWARE;
|
||||||
|
}
|
||||||
|
# endif /* !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER > 0x0090602fL */
|
||||||
|
- SSL_free(ssl);
|
||||||
|
- ssl = NULL;
|
||||||
|
+ SM_SSL_FREE(*pssl);
|
||||||
|
}
|
||||||
|
return ret;
|
||||||
|
}
|
13
sendmail-8.15.2-switchfile.patch
Normal file
13
sendmail-8.15.2-switchfile.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff --git a/sendmail/conf.c b/sendmail/conf.c
|
||||||
|
index c73334e..cbb9c76 100644
|
||||||
|
--- a/sendmail/conf.c
|
||||||
|
+++ b/sendmail/conf.c
|
||||||
|
@@ -986,7 +986,7 @@ switch_map_find(service, maptype, mapreturn)
|
||||||
|
if (p != NULL)
|
||||||
|
*p = '\0';
|
||||||
|
#ifndef SM_NSSWITCH_DELIMS
|
||||||
|
-# define SM_NSSWITCH_DELIMS " \t"
|
||||||
|
+# define SM_NSSWITCH_DELIMS " \t:"
|
||||||
|
#endif /* SM_NSSWITCH_DELIMS */
|
||||||
|
p = strpbrk(buf, SM_NSSWITCH_DELIMS);
|
||||||
|
if (p != NULL)
|
204
sendmail-8.15.2-tlsfallback.patch
Normal file
204
sendmail-8.15.2-tlsfallback.patch
Normal file
@ -0,0 +1,204 @@
|
|||||||
|
commit 72c678024d5f7b97bae8c20cc3fb2e0299778d5b
|
||||||
|
Author: Tomas Korbar <tkorbar@redhat.com>
|
||||||
|
Date: Mon Sep 7 12:41:05 2020 +0200
|
||||||
|
|
||||||
|
Backport confTLS_FALLBACK_TO_CLEAR Configuration option
|
||||||
|
|
||||||
|
diff --git a/cf/README b/cf/README
|
||||||
|
index 91e69a9..e8941ad 100644
|
||||||
|
--- a/cf/README
|
||||||
|
+++ b/cf/README
|
||||||
|
@@ -4011,6 +4011,10 @@ confUSERDB_SPEC UserDatabaseSpec
|
||||||
|
confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host.
|
||||||
|
confFALLBACK_SMARTHOST FallbackSmartHost
|
||||||
|
[undefined] Fallback smart host.
|
||||||
|
+confTLS_FALLBACK_TO_CLEAR TLSFallbacktoClear
|
||||||
|
+ [undefined] If set, immediately try
|
||||||
|
+ a connection again without STARTTLS
|
||||||
|
+ after a TLS handshake failure.
|
||||||
|
confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX
|
||||||
|
for a host and other arrangements
|
||||||
|
haven't been made, try connecting
|
||||||
|
diff --git a/cf/m4/proto.m4 b/cf/m4/proto.m4
|
||||||
|
index 0df3416..a741d97 100644
|
||||||
|
--- a/cf/m4/proto.m4
|
||||||
|
+++ b/cf/m4/proto.m4
|
||||||
|
@@ -656,6 +656,8 @@ _OPTION(CipherList, `confCIPHER_LIST', `')
|
||||||
|
_OPTION(ServerSSLOptions, `confSERVER_SSL_OPTIONS', `')
|
||||||
|
# client side SSL options
|
||||||
|
_OPTION(ClientSSLOptions, `confCLIENT_SSL_OPTIONS', `')
|
||||||
|
+# TLS: fall back to clear text after handshake failure?
|
||||||
|
+_OPTION(TLSFallbacktoClear, `confTLS_FALLBACK_TO_CLEAR', `')
|
||||||
|
|
||||||
|
# Input mail filters
|
||||||
|
_OPTION(InputMailFilters, `confINPUT_MAIL_FILTERS', `')
|
||||||
|
@@ -2856,6 +2858,7 @@ R<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed"
|
||||||
|
R<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated"
|
||||||
|
R<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested"
|
||||||
|
R<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS"
|
||||||
|
+R<$-:$+><VERIFY $*> <$*> CLEAR $#error $@ $2 $: $1 " STARTTLS disabled locally"
|
||||||
|
dnl some other value for ${verify}
|
||||||
|
R<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4
|
||||||
|
dnl some level of encryption required: get the maximum level (case 2.)
|
||||||
|
diff --git a/doc/op/op.me b/doc/op/op.me
|
||||||
|
index 57e25cd..97d3b9c 100644
|
||||||
|
--- a/doc/op/op.me
|
||||||
|
+++ b/doc/op/op.me
|
||||||
|
@@ -8340,6 +8340,22 @@ PostMilter is useful only when
|
||||||
|
.i sendmail
|
||||||
|
is running as an SMTP server; in all other situations it
|
||||||
|
acts the same as True.
|
||||||
|
+.ip TLSFallbacktoClear
|
||||||
|
+[no short name]
|
||||||
|
+If set,
|
||||||
|
+.i sendmail
|
||||||
|
+immediately tries an outbound connection again without STARTTLS
|
||||||
|
+after a TLS handshake failure.
|
||||||
|
+Note:
|
||||||
|
+this applies to all connections even if TLS specific requirements are set
|
||||||
|
+(see rulesets
|
||||||
|
+.i tls_rcpt
|
||||||
|
+and
|
||||||
|
+.i tls_client
|
||||||
|
+).
|
||||||
|
+Hence such requirements will cause an error on a retry without STARTTLS.
|
||||||
|
+Therefore they should only trigger a temporary failure so the connection
|
||||||
|
+is later on tried again.
|
||||||
|
.ip TLSSrvOptions
|
||||||
|
[no short name]
|
||||||
|
List of options for SMTP STARTTLS for the server
|
||||||
|
diff --git a/sendmail/deliver.c b/sendmail/deliver.c
|
||||||
|
index 8027a50..af42e8f 100644
|
||||||
|
--- a/sendmail/deliver.c
|
||||||
|
+++ b/sendmail/deliver.c
|
||||||
|
@@ -1334,6 +1334,10 @@ deliver(e, firstto)
|
||||||
|
char *pv[MAXPV + 1];
|
||||||
|
char buf[MAXNAME + 1];
|
||||||
|
char cbuf[MAXPATHLEN];
|
||||||
|
+#if STARTTLS
|
||||||
|
+ /* 0: try TLS, 1: try without TLS again, >1: don't try again */
|
||||||
|
+ int tlsstate;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
errno = 0;
|
||||||
|
SM_REQUIRE(firstto != NULL); /* same as to */
|
||||||
|
@@ -1349,7 +1353,9 @@ deliver(e, firstto)
|
||||||
|
e->e_statmsg = NULL;
|
||||||
|
SmtpError[0] = '\0';
|
||||||
|
xstart = curtime();
|
||||||
|
-
|
||||||
|
+#if STARTTLS
|
||||||
|
+ tlsstate = 0;
|
||||||
|
+#endif
|
||||||
|
if (tTd(10, 1))
|
||||||
|
sm_dprintf("\n--deliver, id=%s, mailer=%s, host=`%s', first user=`%s'\n",
|
||||||
|
e->e_id, m->m_name, host, to->q_user);
|
||||||
|
@@ -2073,6 +2079,9 @@ tryhost:
|
||||||
|
hostnum++;
|
||||||
|
if (endp != NULL)
|
||||||
|
*endp = sep;
|
||||||
|
+#if STARTTLS
|
||||||
|
+ tlsstate = 0;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
one_last_try:
|
||||||
|
/* see if we already know that this host is fried */
|
||||||
|
@@ -2960,6 +2969,8 @@ reconnect: /* after switching to an encrypted connection */
|
||||||
|
usetls = bitset(MCIF_TLS, mci->mci_flags);
|
||||||
|
if (usetls)
|
||||||
|
usetls = !iscltflgset(e, D_NOTLS);
|
||||||
|
+ if (usetls)
|
||||||
|
+ usetls = tlsstate == 0;
|
||||||
|
|
||||||
|
host = macvalue(macid("{server_name}"), e);
|
||||||
|
if (usetls)
|
||||||
|
@@ -3025,8 +3036,11 @@ reconnect: /* after switching to an encrypted connection */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
+ {
|
||||||
|
+ p = tlsstate == 0 ? "NONE": "CLEAR";
|
||||||
|
macdefine(&e->e_macro, A_PERM,
|
||||||
|
- macid("{verify}"), "NONE");
|
||||||
|
+ macid("{verify}"), p);
|
||||||
|
+ }
|
||||||
|
olderrors = Errors;
|
||||||
|
QuickAbort = false;
|
||||||
|
SuprErrs = true;
|
||||||
|
@@ -3077,6 +3091,10 @@ reconnect: /* after switching to an encrypted connection */
|
||||||
|
}
|
||||||
|
mci->mci_flags &= ~MCIF_TLSACT;
|
||||||
|
(void) endmailer(mci, e, pv);
|
||||||
|
+ if (TLSFallbacktoClear)
|
||||||
|
+ {
|
||||||
|
+ ++tlsstate;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
@@ -3119,6 +3137,27 @@ reconnect: /* after switching to an encrypted connection */
|
||||||
|
mci_clr_extensions(mci);
|
||||||
|
goto reconnect;
|
||||||
|
}
|
||||||
|
+ if (tlsstate == 1)
|
||||||
|
+ {
|
||||||
|
+ if (tTd(11, 1))
|
||||||
|
+ {
|
||||||
|
+ sm_syslog(LOG_DEBUG, NOQID,
|
||||||
|
+ "STARTTLS=client, relay=%.100s, tlsstate=%d, status=trying_again",
|
||||||
|
+ mci->mci_host, tlsstate);
|
||||||
|
+ mci_dump(NULL, mci, true);
|
||||||
|
+ }
|
||||||
|
+ ++tlsstate;
|
||||||
|
+ /*
|
||||||
|
+ ** Fake the status so a new connection is
|
||||||
|
+ ** tried, otherwise the TLS error will
|
||||||
|
+ ** "persist" during this delivery attempt.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ mci->mci_errno = 0;
|
||||||
|
+ rcode = EX_OK;
|
||||||
|
+ mci_setstat(mci, rcode, NULL, NULL);
|
||||||
|
+ goto one_last_try;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
# endif /* STARTTLS */
|
||||||
|
# if SASL
|
||||||
|
diff --git a/sendmail/readcf.c b/sendmail/readcf.c
|
||||||
|
index 86892f5..82660f4 100644
|
||||||
|
--- a/sendmail/readcf.c
|
||||||
|
+++ b/sendmail/readcf.c
|
||||||
|
@@ -2911,7 +2911,10 @@ static struct optioninfo
|
||||||
|
#endif
|
||||||
|
#define O_USECOMPRESSEDIPV6ADDRESSES 0xec
|
||||||
|
{ "UseCompressedIPv6Addresses", O_USECOMPRESSEDIPV6ADDRESSES, OI_NONE },
|
||||||
|
-
|
||||||
|
+#if STARTTLS
|
||||||
|
+# define O_TLSFB2CLEAR 0xef
|
||||||
|
+ { "TLSFallbacktoClear", O_TLSFB2CLEAR, OI_NONE },
|
||||||
|
+#endif
|
||||||
|
{ NULL, '\0', OI_NONE }
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -4305,6 +4308,9 @@ setoption(opt, val, safe, sticky, e)
|
||||||
|
#endif /* SASL */
|
||||||
|
|
||||||
|
#if STARTTLS
|
||||||
|
+ case O_TLSFB2CLEAR:
|
||||||
|
+ TLSFallbacktoClear = atobool(val);
|
||||||
|
+ break;
|
||||||
|
case O_SRVCERTFILE:
|
||||||
|
SET_STRING_EXP(SrvCertFile);
|
||||||
|
case O_SRVKEYFILE:
|
||||||
|
diff --git a/sendmail/sendmail.h b/sendmail/sendmail.h
|
||||||
|
index 441399c..9be1e76 100644
|
||||||
|
--- a/sendmail/sendmail.h
|
||||||
|
+++ b/sendmail/sendmail.h
|
||||||
|
@@ -2032,6 +2032,7 @@ EXTERN char *CRLPath; /* path to CRLs (dir. with hashes) */
|
||||||
|
#endif /* _FFR_CRLPATH */
|
||||||
|
EXTERN unsigned long TLS_Srv_Opts; /* TLS server options */
|
||||||
|
EXTERN unsigned long Srv_SSL_Options, Clt_SSL_Options; /* SSL options */
|
||||||
|
+EXTERN bool TLSFallbacktoClear;
|
||||||
|
#endif /* STARTTLS */
|
||||||
|
|
||||||
|
/*
|
149
sendmail-8.16.0.29-fix-covscan-issues.patch
Normal file
149
sendmail-8.16.0.29-fix-covscan-issues.patch
Normal file
@ -0,0 +1,149 @@
|
|||||||
|
diff --git a/include/sm/varargs.h b/include/sm/varargs.h
|
||||||
|
index 612858d..2609630 100644
|
||||||
|
--- a/include/sm/varargs.h
|
||||||
|
+++ b/include/sm/varargs.h
|
||||||
|
@@ -32,6 +32,11 @@
|
||||||
|
# define SM_VA_COPY(dst, src) __va_copy((dst), (src))
|
||||||
|
# else
|
||||||
|
# define SM_VA_COPY(dst, src) memcpy(&(dst), &(src), sizeof((dst)))
|
||||||
|
+# define SM_VA_END_COPY(ap) do { } while (0)
|
||||||
|
+# endif
|
||||||
|
+
|
||||||
|
+# ifndef SM_VA_END_COPY
|
||||||
|
+# define SM_VA_END_COPY(ap) va_end(ap)
|
||||||
|
# endif
|
||||||
|
|
||||||
|
/*
|
||||||
|
diff --git a/libsm/vfprintf.c b/libsm/vfprintf.c
|
||||||
|
index 87c353c..c99d4e5 100644
|
||||||
|
--- a/libsm/vfprintf.c
|
||||||
|
+++ b/libsm/vfprintf.c
|
||||||
|
@@ -782,6 +782,7 @@ number: if ((dprec = prec) >= 0)
|
||||||
|
done:
|
||||||
|
FLUSH();
|
||||||
|
error:
|
||||||
|
+ SM_VA_END_COPY(orgap);
|
||||||
|
if ((argtable != NULL) && (argtable != statargtable))
|
||||||
|
sm_free(argtable);
|
||||||
|
return sm_error(fp) ? SM_IO_EOF : ret;
|
||||||
|
diff --git a/sendmail/milter.c b/sendmail/milter.c
|
||||||
|
index 462efd2..af6dc66 100644
|
||||||
|
--- a/sendmail/milter.c
|
||||||
|
+++ b/sendmail/milter.c
|
||||||
|
@@ -2437,8 +2437,7 @@ milter_negotiate(m, e, milters)
|
||||||
|
sm_syslog(LOG_ERR, e->e_id,
|
||||||
|
"Milter (%s): negotiate: returned %c instead of %c",
|
||||||
|
m->mf_name, rcmd, SMFIC_OPTNEG);
|
||||||
|
- if (response != NULL)
|
||||||
|
- sm_free(response); /* XXX */
|
||||||
|
+ SM_FREE(response);
|
||||||
|
milter_error(m, e);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
@@ -2453,8 +2452,7 @@ milter_negotiate(m, e, milters)
|
||||||
|
sm_syslog(LOG_ERR, e->e_id,
|
||||||
|
"Milter (%s): negotiate: did not return valid info",
|
||||||
|
m->mf_name);
|
||||||
|
- if (response != NULL)
|
||||||
|
- sm_free(response); /* XXX */
|
||||||
|
+ SM_FREE(response);
|
||||||
|
milter_error(m, e);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
@@ -2472,8 +2470,7 @@ milter_negotiate(m, e, milters)
|
||||||
|
sm_syslog(LOG_ERR, e->e_id,
|
||||||
|
"Milter (%s): negotiate: did not return enough info",
|
||||||
|
m->mf_name);
|
||||||
|
- if (response != NULL)
|
||||||
|
- sm_free(response); /* XXX */
|
||||||
|
+ SM_FREE(response);
|
||||||
|
milter_error(m, e);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
@@ -2589,11 +2586,11 @@ milter_negotiate(m, e, milters)
|
||||||
|
if (tTd(64, 5))
|
||||||
|
sm_dprintf("milter_negotiate(%s): received: version %u, fflags 0x%x, pflags 0x%x\n",
|
||||||
|
m->mf_name, m->mf_fvers, m->mf_fflags, m->mf_pflags);
|
||||||
|
+ SM_FREE(response);
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
error:
|
||||||
|
- if (response != NULL)
|
||||||
|
- sm_free(response); /* XXX */
|
||||||
|
+ SM_FREE(response);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -3230,6 +3227,7 @@ milter_changeheader(m, response, rlen, e)
|
||||||
|
addheader(newstr(field), mh_value, H_USER, e,
|
||||||
|
!bitset(SMFIP_HDR_LEADSPC, m->mf_pflags));
|
||||||
|
}
|
||||||
|
+ SM_FREE(mh_value);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -3438,6 +3436,8 @@ milter_chgfrom(response, rlen, e)
|
||||||
|
{
|
||||||
|
if (tTd(64, 10))
|
||||||
|
sm_dprintf("didn't follow protocol argc=%d\n", argc);
|
||||||
|
+ if (argv != NULL)
|
||||||
|
+ free(argv);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -3456,6 +3456,7 @@ milter_chgfrom(response, rlen, e)
|
||||||
|
mail_esmtp_args);
|
||||||
|
}
|
||||||
|
Errors = olderrors;
|
||||||
|
+ free(argv);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -3503,6 +3504,8 @@ milter_addrcpt_par(response, rlen, e)
|
||||||
|
{
|
||||||
|
if (tTd(64, 10))
|
||||||
|
sm_dprintf("didn't follow protocol argc=%d\n", argc);
|
||||||
|
+ if (argv != NULL)
|
||||||
|
+ free(argv);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
olderrors = Errors;
|
||||||
|
@@ -3527,6 +3530,7 @@ milter_addrcpt_par(response, rlen, e)
|
||||||
|
}
|
||||||
|
|
||||||
|
Errors = olderrors;
|
||||||
|
+ free(argv);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/sendmail/queue.c b/sendmail/queue.c
|
||||||
|
index 503f296..c9153c8 100644
|
||||||
|
--- a/sendmail/queue.c
|
||||||
|
+++ b/sendmail/queue.c
|
||||||
|
@@ -8590,6 +8590,7 @@ split_by_recipient(e)
|
||||||
|
if (split_within_queue(ee) == SM_SPLIT_FAIL)
|
||||||
|
{
|
||||||
|
e->e_sibling = firstsibling;
|
||||||
|
+ SM_FREE(lsplits);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
ee->e_flags |= EF_SPLIT;
|
||||||
|
@@ -8604,8 +8605,7 @@ split_by_recipient(e)
|
||||||
|
if (p == NULL)
|
||||||
|
{
|
||||||
|
/* let's try to get this done */
|
||||||
|
- sm_free(lsplits);
|
||||||
|
- lsplits = NULL;
|
||||||
|
+ SM_FREE(lsplits);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
lsplits = p;
|
||||||
|
@@ -8627,7 +8627,7 @@ split_by_recipient(e)
|
||||||
|
{
|
||||||
|
sm_syslog(LOG_NOTICE, e->e_id, "split: count=%d, id%s=%s",
|
||||||
|
n - 1, n > 2 ? "s" : "", lsplits);
|
||||||
|
- sm_free(lsplits);
|
||||||
|
+ SM_FREE(lsplits);
|
||||||
|
}
|
||||||
|
split = split_within_queue(e) != SM_SPLIT_FAIL;
|
||||||
|
if (split)
|
12
sendmail-etc-mail-access
Normal file
12
sendmail-etc-mail-access
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
# Check the /usr/share/doc/sendmail/README.cf file for a description
|
||||||
|
# of the format of this file. (search for access_db in that file)
|
||||||
|
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
|
||||||
|
# package.
|
||||||
|
#
|
||||||
|
# If you want to use AuthInfo with "M:PLAIN LOGIN", make sure to have the
|
||||||
|
# cyrus-sasl-plain package installed.
|
||||||
|
#
|
||||||
|
# By default we allow relaying from localhost...
|
||||||
|
Connect:localhost.localdomain RELAY
|
||||||
|
Connect:localhost RELAY
|
||||||
|
Connect:127.0.0.1 RELAY
|
4
sendmail-etc-mail-domaintable
Normal file
4
sendmail-etc-mail-domaintable
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
# The "domain table" can be used to provide domain name mapping.
|
||||||
|
# Use of this should really be limited to your own domains.
|
||||||
|
# It may be useful if you change names (e.g., your company
|
||||||
|
# changes names from oldname.com to newname.com)
|
1
sendmail-etc-mail-local-host-names
Normal file
1
sendmail-etc-mail-local-host-names
Normal file
@ -0,0 +1 @@
|
|||||||
|
# local-host-names - include all aliases for your machine here.
|
30
sendmail-etc-mail-mailertable
Normal file
30
sendmail-etc-mail-mailertable
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
# The "mailer table" can be used to override routing for particular domains
|
||||||
|
# (which are not in class {w}, i.e. local host names).
|
||||||
|
#
|
||||||
|
# hash /etc/mail/mailertable
|
||||||
|
#
|
||||||
|
# Keys in this database are fully qualified domain names or partial domains
|
||||||
|
# preceded by a dot -- for example, "vangogh.CS.Berkeley.EDU" or
|
||||||
|
# ".CS.Berkeley.EDU". As a special case of the latter, "." matches any domain
|
||||||
|
# not covered by other keys. Values must be of the form:
|
||||||
|
#
|
||||||
|
# mailer:domain
|
||||||
|
#
|
||||||
|
# where "mailer" is the internal mailer name, and "domain" is where to send
|
||||||
|
# the message. These maps are not reflected into the message header. As a
|
||||||
|
# special case, the forms:
|
||||||
|
#
|
||||||
|
# local:user
|
||||||
|
#
|
||||||
|
# will forward to the indicated user using the local mailer,
|
||||||
|
#
|
||||||
|
# local:
|
||||||
|
#
|
||||||
|
# will forward to the original user in the e-mail address using the local
|
||||||
|
# mailer, and
|
||||||
|
#
|
||||||
|
# error:code message
|
||||||
|
# error:D.S.N:code message
|
||||||
|
#
|
||||||
|
# will give an error message with the indicated SMTP reply code and message,
|
||||||
|
# where D.S.N is an RFC 1893 compliant error code.
|
2
sendmail-etc-mail-trusted-users
Normal file
2
sendmail-etc-mail-trusted-users
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
# trusted-users - users that can send mail as others without a warning
|
||||||
|
# apache, mailman, majordomo, uucp, are good candidates
|
41
sendmail-etc-mail-virtusertable
Normal file
41
sendmail-etc-mail-virtusertable
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
# A domain-specific form of aliasing, allowing multiple virtual domains to be
|
||||||
|
# hosted on one machine.
|
||||||
|
#
|
||||||
|
# info@foo.com foo-info
|
||||||
|
# info@bar.com bar-info
|
||||||
|
# joe@bar.com error:nouser 550 No such user here
|
||||||
|
# jax@bar.com error:5.7.0:550 Address invalid
|
||||||
|
# @baz.org jane@example.net
|
||||||
|
#
|
||||||
|
# then mail addressed to info@foo.com will be sent to the address foo-info,
|
||||||
|
# mail addressed to info@bar.com will be delivered to bar-info, and mail
|
||||||
|
# addressed to anyone at baz.org will be sent to jane@example.net, mail to
|
||||||
|
# joe@bar.com will be rejected with the specified error message, and mail to
|
||||||
|
# jax@bar.com will also have a RFC 1893 compliant error code 5.7.0.
|
||||||
|
#
|
||||||
|
# The username from the original address is passed as %1 allowing:
|
||||||
|
#
|
||||||
|
# @foo.org %1@example.com
|
||||||
|
#
|
||||||
|
# Additionally, if the local part consists of "user+detail" then "detail" is
|
||||||
|
# passed as %2 and "+detail" is passed as %3 when a match against user+* is
|
||||||
|
# attempted, so entries like
|
||||||
|
#
|
||||||
|
# old+*@foo.org new+%2@example.com
|
||||||
|
# gen+*@foo.org %2@example.com
|
||||||
|
# +*@foo.org %1%3@example.com
|
||||||
|
# X++@foo.org Z%3@example.com
|
||||||
|
# @bar.org %1%3
|
||||||
|
#
|
||||||
|
# Note: to preserve "+detail" for a default case (@domain) %1%3 must be used
|
||||||
|
# as RHS. There are two wildcards after "+": "+" matches only a non-empty
|
||||||
|
# detail, "*" matches also empty details, e.g., user+@foo.org matches#
|
||||||
|
# +*@foo.org but not ++@foo.org. This can be used to ensure that the
|
||||||
|
# parameters %2 and %3 are not empty.
|
||||||
|
#
|
||||||
|
# All the host names on the left hand side (foo.com, bar.com, and baz.org)
|
||||||
|
# must be in class {w} or class {VirtHost}. The latter can be defined by the
|
||||||
|
# macros VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE (analogously to
|
||||||
|
# MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE). If VIRTUSER_DOMAIN or
|
||||||
|
# VIRTUSER_DOMAIN_FILE is used, then the entries of class {VirtHost} are
|
||||||
|
# added to class {R}, i.e., relaying is allowed to (and from) those domains.
|
181
sendmail-redhat.mc
Normal file
181
sendmail-redhat.mc
Normal file
@ -0,0 +1,181 @@
|
|||||||
|
divert(-1)dnl
|
||||||
|
dnl #
|
||||||
|
dnl # This is the sendmail macro config file for m4. If you make changes to
|
||||||
|
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
|
||||||
|
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
|
||||||
|
dnl # installed and then performing a
|
||||||
|
dnl #
|
||||||
|
dnl # /etc/mail/make
|
||||||
|
dnl #
|
||||||
|
include(`@@PATH@@/m4/cf.m4')dnl
|
||||||
|
VERSIONID(`setup for linux')dnl
|
||||||
|
OSTYPE(`linux')dnl
|
||||||
|
dnl #
|
||||||
|
dnl # Do not advertize sendmail version.
|
||||||
|
dnl #
|
||||||
|
dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl
|
||||||
|
dnl #
|
||||||
|
dnl # default logging level is 9, you might want to set it higher to
|
||||||
|
dnl # debug the configuration
|
||||||
|
dnl #
|
||||||
|
dnl define(`confLOG_LEVEL', `9')dnl
|
||||||
|
dnl #
|
||||||
|
dnl # Uncomment and edit the following line if your outgoing mail needs to
|
||||||
|
dnl # be sent out through an external mail server:
|
||||||
|
dnl #
|
||||||
|
dnl define(`SMART_HOST', `smtp.your.provider')dnl
|
||||||
|
dnl #
|
||||||
|
define(`confDEF_USER_ID', ``8:12'')dnl
|
||||||
|
dnl define(`confAUTO_REBUILD')dnl
|
||||||
|
define(`confTO_CONNECT', `1m')dnl
|
||||||
|
define(`confTRY_NULL_MX_LIST', `True')dnl
|
||||||
|
define(`confDONT_PROBE_INTERFACES', `True')dnl
|
||||||
|
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
|
||||||
|
define(`ALIAS_FILE', `/etc/aliases')dnl
|
||||||
|
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
|
||||||
|
define(`UUCP_MAILER_MAX', `2000000')dnl
|
||||||
|
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
|
||||||
|
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
|
||||||
|
define(`confAUTH_OPTIONS', `A')dnl
|
||||||
|
dnl #
|
||||||
|
dnl # The following allows relaying if the user authenticates, and disallows
|
||||||
|
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
|
||||||
|
dnl #
|
||||||
|
dnl define(`confAUTH_OPTIONS', `A p')dnl
|
||||||
|
dnl #
|
||||||
|
dnl # which realm to use in SASL database (sasldb2)
|
||||||
|
dnl #
|
||||||
|
define(`confAUTH_REALM', `mail')dnl
|
||||||
|
dnl #
|
||||||
|
dnl # PLAIN is the preferred plaintext authentication method and used by
|
||||||
|
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
|
||||||
|
dnl # use LOGIN. Other mechanisms should be used if the connection is not
|
||||||
|
dnl # guaranteed secure.
|
||||||
|
dnl # Please remember that saslauthd needs to be running for AUTH.
|
||||||
|
dnl #
|
||||||
|
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
|
||||||
|
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
|
||||||
|
dnl #
|
||||||
|
dnl # Basic sendmail TLS configuration with self-signed certificate for
|
||||||
|
dnl # inbound SMTP (and also opportunistic TLS for outbound SMTP).
|
||||||
|
dnl #
|
||||||
|
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
|
||||||
|
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
|
||||||
|
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
|
||||||
|
define(`confSERVER_KEY', `/etc/pki/tls/private/sendmail.key')dnl
|
||||||
|
define(`confTLS_SRV_OPTIONS', `V')dnl
|
||||||
|
dnl #
|
||||||
|
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
|
||||||
|
dnl # slapd, which requires the file to be readble by group ldap
|
||||||
|
dnl #
|
||||||
|
dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl
|
||||||
|
dnl #
|
||||||
|
dnl define(`confTO_QUEUEWARN', `4h')dnl
|
||||||
|
dnl define(`confTO_QUEUERETURN', `5d')dnl
|
||||||
|
dnl define(`confQUEUE_LA', `12')dnl
|
||||||
|
dnl define(`confREFUSE_LA', `18')dnl
|
||||||
|
define(`confTO_IDENT', `0')dnl
|
||||||
|
dnl # If you're operating in a DSCP/RFC-4594 environment with QoS
|
||||||
|
dnl define(`confINET_QOS', `AF11')dnl
|
||||||
|
dnl FEATURE(delay_checks)dnl
|
||||||
|
FEATURE(`no_default_msa', `dnl')dnl
|
||||||
|
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
|
||||||
|
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
|
||||||
|
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
|
||||||
|
FEATURE(redirect)dnl
|
||||||
|
FEATURE(always_add_domain)dnl
|
||||||
|
FEATURE(use_cw_file)dnl
|
||||||
|
FEATURE(use_ct_file)dnl
|
||||||
|
dnl #
|
||||||
|
dnl # The following limits the number of processes sendmail can fork to accept
|
||||||
|
dnl # incoming messages or process its message queues to 20.) sendmail refuses
|
||||||
|
dnl # to accept connections once it has reached its quota of child processes.
|
||||||
|
dnl #
|
||||||
|
dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl
|
||||||
|
dnl #
|
||||||
|
dnl # Limits the number of new connections per second. This caps the overhead
|
||||||
|
dnl # incurred due to forking new sendmail processes. May be useful against
|
||||||
|
dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address
|
||||||
|
dnl # limit would be useful but is not available as an option at this writing.)
|
||||||
|
dnl #
|
||||||
|
dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl
|
||||||
|
dnl #
|
||||||
|
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
|
||||||
|
dnl #
|
||||||
|
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
|
||||||
|
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
|
||||||
|
FEATURE(`blacklist_recipients')dnl
|
||||||
|
EXPOSED_USER(`root')dnl
|
||||||
|
dnl #
|
||||||
|
dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment
|
||||||
|
dnl # the following 2 definitions and activate below in the MAILER section the
|
||||||
|
dnl # cyrusv2 mailer.
|
||||||
|
dnl #
|
||||||
|
dnl define(`confLOCAL_MAILER', `cyrusv2')dnl
|
||||||
|
dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
|
||||||
|
dnl #
|
||||||
|
dnl # The following causes sendmail to only listen on the IPv4 loopback address
|
||||||
|
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
|
||||||
|
dnl # address restriction to accept email from the internet or intranet.
|
||||||
|
dnl #
|
||||||
|
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
|
||||||
|
dnl #
|
||||||
|
dnl # The following causes sendmail to additionally listen to port 587 for
|
||||||
|
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
|
||||||
|
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
|
||||||
|
dnl # this useful.
|
||||||
|
dnl #
|
||||||
|
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
|
||||||
|
dnl #
|
||||||
|
dnl # The following causes sendmail to additionally listen to port 465, but
|
||||||
|
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
|
||||||
|
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
|
||||||
|
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
|
||||||
|
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
|
||||||
|
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
|
||||||
|
dnl #
|
||||||
|
dnl # For this to work your OpenSSL certificates must be configured.
|
||||||
|
dnl #
|
||||||
|
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
|
||||||
|
dnl #
|
||||||
|
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
|
||||||
|
dnl # device. Remove the loopback address restriction listen to the network.
|
||||||
|
dnl #
|
||||||
|
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
|
||||||
|
dnl #
|
||||||
|
dnl # enable both ipv6 and ipv4 in sendmail:
|
||||||
|
dnl #
|
||||||
|
dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')
|
||||||
|
dnl #
|
||||||
|
dnl # We strongly recommend not accepting unresolvable domains if you want to
|
||||||
|
dnl # protect yourself from spam. However, the laptop and users on computers
|
||||||
|
dnl # that do not have 24x7 DNS do need this.
|
||||||
|
dnl #
|
||||||
|
FEATURE(`accept_unresolvable_domains')dnl
|
||||||
|
dnl #
|
||||||
|
dnl FEATURE(`relay_based_on_MX')dnl
|
||||||
|
dnl #
|
||||||
|
dnl # Also accept email sent to "localhost.localdomain" as local email.
|
||||||
|
dnl #
|
||||||
|
LOCAL_DOMAIN(`localhost.localdomain')dnl
|
||||||
|
dnl #
|
||||||
|
dnl # The following example makes mail from this host and any additional
|
||||||
|
dnl # specified domains appear to be sent from mydomain.com
|
||||||
|
dnl #
|
||||||
|
dnl MASQUERADE_AS(`mydomain.com')dnl
|
||||||
|
dnl #
|
||||||
|
dnl # masquerade not just the headers, but the envelope as well
|
||||||
|
dnl #
|
||||||
|
dnl FEATURE(masquerade_envelope)dnl
|
||||||
|
dnl #
|
||||||
|
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
|
||||||
|
dnl #
|
||||||
|
dnl FEATURE(masquerade_entire_domain)dnl
|
||||||
|
dnl #
|
||||||
|
dnl MASQUERADE_DOMAIN(localhost)dnl
|
||||||
|
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
|
||||||
|
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
|
||||||
|
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
|
||||||
|
MAILER(smtp)dnl
|
||||||
|
MAILER(procmail)dnl
|
||||||
|
dnl MAILER(cyrusv2)dnl
|
8
sendmail.etc-mail-Makefile
Normal file
8
sendmail.etc-mail-Makefile
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
# Pass everything to the make script
|
||||||
|
|
||||||
|
all:
|
||||||
|
%: force
|
||||||
|
@./make $@
|
||||||
|
force:;
|
||||||
|
|
||||||
|
$(MAKEFILE_LIST):;
|
129
sendmail.etc-mail-make
Normal file
129
sendmail.etc-mail-make
Normal file
@ -0,0 +1,129 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# Generate db and cf files if necessary. This used to be handled by
|
||||||
|
# /etc/mail/Makefile.
|
||||||
|
|
||||||
|
teste() {
|
||||||
|
if ! test -e "$1"; then
|
||||||
|
echo "$1 doesn't exist"
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
makedb() {
|
||||||
|
teste "${1%.db}"
|
||||||
|
|
||||||
|
if [ -z "$SM_FORCE_DBREBUILD" ]; then
|
||||||
|
test "${1%.db}" -nt "$1" || return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$1" = userdb.db ]; then
|
||||||
|
makemap btree "$1" < "${1%.db}"
|
||||||
|
else
|
||||||
|
makemap hash "$1" < "${1%.db}"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
makealiasesdb() {
|
||||||
|
uptodate=1
|
||||||
|
|
||||||
|
if [ -z "$SM_FORCE_DBREBUILD" ]; then
|
||||||
|
files=$(grep '^O AliasFile=' sendmail.cf |
|
||||||
|
while read a; do echo ${a#*=}; done)
|
||||||
|
|
||||||
|
for a in $files; do
|
||||||
|
if [ "$a" = /etc/aliases ]; then
|
||||||
|
# /etc/aliases.db may be used by other MTA, make sure nothing
|
||||||
|
# has touched it since our last newaliases call
|
||||||
|
test "$a" -nt "${a}.db" ||
|
||||||
|
test aliasesdb-stamp -nt "${a}.db" ||
|
||||||
|
test aliasesdb-stamp -ot "${a}.db" || continue
|
||||||
|
else
|
||||||
|
test "$a" -nt "${a}.db" || continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
uptodate=0
|
||||||
|
break
|
||||||
|
done
|
||||||
|
else
|
||||||
|
uptodate=0
|
||||||
|
fi
|
||||||
|
|
||||||
|
[ $uptodate = 1 ] && return 0
|
||||||
|
|
||||||
|
# check if alternatives is configured to sendmail
|
||||||
|
if [ "$(readlink -e /usr/bin/newaliases)" = /usr/sbin/sendmail.sendmail ]
|
||||||
|
then
|
||||||
|
/usr/bin/newaliases > /dev/null
|
||||||
|
touch -r /etc/aliases.db aliasesdb-stamp 2> /dev/null
|
||||||
|
else
|
||||||
|
rm -f aliasesdb-stamp
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
makecf() {
|
||||||
|
mc=${1%.cf}.mc
|
||||||
|
|
||||||
|
teste "$mc"
|
||||||
|
|
||||||
|
if [ -z "$SM_FORCE_CFREBUILD" ]; then
|
||||||
|
test "$mc" -nt "$1" || return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test -f /usr/share/sendmail-cf/m4/cf.m4; then
|
||||||
|
umask 022
|
||||||
|
[ -e "$1" ] && mv -f "$1" "$1".bak
|
||||||
|
m4 "$mc" > "$1"
|
||||||
|
else
|
||||||
|
echo "WARNING: '$mc' is modified. Please install package sendmail-cf to update your configuration."
|
||||||
|
exit 15
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
makeall() {
|
||||||
|
# These could be used by sendmail, but are not part of the default install.
|
||||||
|
# To use them you will have to generate your own sendmail.cf with
|
||||||
|
# FEATURE('whatever')
|
||||||
|
test -f bitdomain && makedb bitdomain.db
|
||||||
|
test -f uudomain && makedb uudomain.db
|
||||||
|
test -f genericstable && makedb genericstable.db
|
||||||
|
test -f userdb && makedb userdb.db
|
||||||
|
test -f authinfo && makedb authinfo.db
|
||||||
|
|
||||||
|
makedb virtusertable.db
|
||||||
|
makedb access.db
|
||||||
|
makedb domaintable.db
|
||||||
|
makedb mailertable.db
|
||||||
|
|
||||||
|
makecf sendmail.cf
|
||||||
|
makecf submit.cf
|
||||||
|
}
|
||||||
|
|
||||||
|
cd /etc/mail || exit 1
|
||||||
|
|
||||||
|
[ $# -eq 0 ] && makeall
|
||||||
|
|
||||||
|
for target; do
|
||||||
|
case "$target" in
|
||||||
|
*.db)
|
||||||
|
makedb "$target"
|
||||||
|
;;
|
||||||
|
*.cf)
|
||||||
|
makecf "$target"
|
||||||
|
;;
|
||||||
|
all)
|
||||||
|
makeall
|
||||||
|
;;
|
||||||
|
aliases)
|
||||||
|
makealiasesdb
|
||||||
|
;;
|
||||||
|
clean)
|
||||||
|
rm -f *.db *~ aliasesdb-stamp
|
||||||
|
;;
|
||||||
|
start|stop|restart)
|
||||||
|
service sendmail "$target"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Don't know how to make $target"
|
||||||
|
exit 2
|
||||||
|
esac
|
||||||
|
done
|
7
sendmail.nm-dispatcher
Normal file
7
sendmail.nm-dispatcher
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
case "$2" in
|
||||||
|
up|down|vpn-up|vpn-down)
|
||||||
|
/bin/systemctl --no-block try-restart sendmail.service || :
|
||||||
|
;;
|
||||||
|
esac
|
3
sendmail.pam
Normal file
3
sendmail.pam
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
#%PAM-1.0
|
||||||
|
auth include password-auth
|
||||||
|
account include password-auth
|
19
sendmail.service
Normal file
19
sendmail.service
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Sendmail Mail Transport Agent
|
||||||
|
After=syslog.target network.target
|
||||||
|
Conflicts=postfix.service exim.service
|
||||||
|
Wants=sm-client.service
|
||||||
|
StartLimitIntervalSec=0
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=forking
|
||||||
|
PIDFile=/run/sendmail.pid
|
||||||
|
Environment=SENDMAIL_OPTS=-q1h
|
||||||
|
EnvironmentFile=-/etc/sysconfig/sendmail
|
||||||
|
ExecStartPre=-/etc/mail/make
|
||||||
|
ExecStartPre=-/etc/mail/make aliases
|
||||||
|
ExecStart=/usr/sbin/sendmail -bd $SENDMAIL_OPTS $SENDMAIL_OPTARG
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
Also=sm-client.service
|
2012
sendmail.spec
Normal file
2012
sendmail.spec
Normal file
File diff suppressed because it is too large
Load Diff
1
sendmail.sysconfig
Normal file
1
sendmail.sysconfig
Normal file
@ -0,0 +1 @@
|
|||||||
|
SENDMAIL_OPTS="-q1h"
|
20
sm-client.service
Normal file
20
sm-client.service
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Sendmail Mail Transport Client
|
||||||
|
After=syslog.target network.target sendmail.service
|
||||||
|
Conflicts=postfix.service exim.service
|
||||||
|
BindTo=sendmail.service
|
||||||
|
StartLimitIntervalSec=0
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=forking
|
||||||
|
PIDFile=/run/sm-client.pid
|
||||||
|
Environment=SENDMAIL_OPTS=-q1h
|
||||||
|
EnvironmentFile=-/etc/sysconfig/sendmail
|
||||||
|
ExecStartPre=/bin/touch /run/sm-client.pid
|
||||||
|
ExecStartPre=/bin/chown smmsp:smmsp /run/sm-client.pid
|
||||||
|
ExecStartPre=-/sbin/restorecon /run/sm-client.pid
|
||||||
|
ExecStartPre=-/etc/mail/make
|
||||||
|
ExecStart=/usr/sbin/sendmail -L sm-msp-queue -Ac $SENDMAIL_OPTS $SENDMAIL_OPTARG
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
Loading…
Reference in New Issue
Block a user