import sendmail-8.15.2-31.el8

.gitignore

@@ -0,0 +1 @@
+SOURCES/sendmail.8.15.2.tar.gz

.sendmail.metadata

@@ -0,0 +1 @@
+5801d4b06f4e38ef228a5954a44d17636eaa5a16 SOURCES/sendmail.8.15.2.tar.gz

SOURCES/Sendmail-sasl2.conf

@@ -0,0 +1 @@
+pwcheck_method:saslauthd

SOURCES/sendmail-8.13.0-cyrus.patch

@@ -0,0 +1,11 @@
+--- sendmail-8.13.0/cf/mailer/cyrus.m4.cyrus	2004-06-30 11:47:47.116910591 +0200
++++ sendmail-8.13.0/cf/mailer/cyrus.m4	2004-06-30 11:49:02.262556546 +0200
+@@ -36,7 +36,7 @@
+ #
+ 
+ _DEFIFNOT(`CYRUS_MAILER_FLAGS', `Ah5@/:|')
+-ifdef(`CYRUS_MAILER_PATH',, `define(`CYRUS_MAILER_PATH', /usr/cyrus/bin/deliver)')
++ifdef(`CYRUS_MAILER_PATH',, `define(`CYRUS_MAILER_PATH', /usr/lib/cyrus-imapd/deliver)')
+ ifdef(`CYRUS_MAILER_ARGS',, `define(`CYRUS_MAILER_ARGS', `deliver -e -m $h -- $u')')
+ ifdef(`CYRUS_MAILER_USER',, `define(`CYRUS_MAILER_USER', `cyrus:mail')')
+ _DEFIFNOT(`CYRUS_BB_MAILER_FLAGS', `u')

SOURCES/sendmail-8.14.3-sharedmilter.patch

@@ -0,0 +1,50 @@
+diff -up sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4.sharedmilter sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4
+--- sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4.sharedmilter	2009-01-20 15:19:34.000000000 +0100
++++ sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4	2009-01-20 15:19:34.000000000 +0100
+@@ -15,22 +15,23 @@ divert(-1)
+ divert(0)dnl
+ include(confBUILDTOOLSDIR`/M4/'bldM4_TYPE_DIR`/links.m4')dnl
+ bldLIST_PUSH_ITEM(`bldC_PRODUCTS', bldCURRENT_PRODUCT)dnl
+-bldPUSH_TARGET(bldCURRENT_PRODUCT`.a')dnl
++bldPUSH_TARGET(bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL)dnl
+ bldPUSH_INSTALL_TARGET(`install-'bldCURRENT_PRODUCT)dnl
+ bldPUSH_CLEAN_TARGET(bldCURRENT_PRODUCT`-clean')dnl
+ 
+ include(confBUILDTOOLSDIR`/M4/'bldM4_TYPE_DIR`/defines.m4')
+ divert(bldTARGETS_SECTION)
+-bldCURRENT_PRODUCT.a: ${BEFORE} ${bldCURRENT_PRODUCT`OBJS'}
+-	${AR} ${AROPTS} bldCURRENT_PRODUCT.a ${bldCURRENT_PRODUCT`OBJS'}
+-	${RANLIB} ${RANLIBOPTS} bldCURRENT_PRODUCT.a
++bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL: ${BEFORE} ${bldCURRENT_PRODUCT`OBJS'}
++	${CC} ${CFLAGS} ${LDOPTS_SO} -o bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL `-Wl,'confSONAME`,'bldCURRENT_PRODUCT`.so.'confSOVER ${bldCURRENT_PRODUCT`OBJS'}
+ ifdef(`bldLINK_SOURCES', `bldMAKE_SOURCE_LINKS(bldLINK_SOURCES)')
+ 
+-install-`'bldCURRENT_PRODUCT: bldCURRENT_PRODUCT.a
++install-`'bldCURRENT_PRODUCT: bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL
+ ifdef(`bldINSTALLABLE', `	ifdef(`confMKDIR', `if [ ! -d ${DESTDIR}${bldINSTALL_DIR`'LIBDIR} ]; then confMKDIR -p ${DESTDIR}${bldINSTALL_DIR`'LIBDIR}; else :; fi ')
+-	${INSTALL} -c -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} bldCURRENT_PRODUCT.a ${DESTDIR}${LIBDIR}')
++	${LN} ${LNOPTS} bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL ${DESTDIR}${LIBDIR}/bldCURRENT_PRODUCT.so.confSOVER
++	${LN} ${LNOPTS} bldCURRENT_PRODUCT.so.confSOVER ${DESTDIR}${LIBDIR}/bldCURRENT_PRODUCT.so
++	${INSTALL} -c -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} bldCURRENT_PRODUCT.so.confSOVER`.'confSOPLVL ${DESTDIR}${LIBDIR}')
+ 
+ bldCURRENT_PRODUCT-clean:
+-	rm -f ${OBJS} bldCURRENT_PRODUCT.a ${MANPAGES}
++	rm -f ${OBJS} bldCURRENT_PRODUCT.so* ${MANPAGES}
+ 
+ divert(0)
+diff -up sendmail-8.14.3/libmilter/Makefile.m4.sharedmilter sendmail-8.14.3/libmilter/Makefile.m4
+--- sendmail-8.14.3/libmilter/Makefile.m4.sharedmilter	2008-04-08 07:23:44.000000000 +0200
++++ sendmail-8.14.3/libmilter/Makefile.m4	2009-01-20 15:26:05.000000000 +0100
+@@ -9,7 +9,11 @@ define(`confMT', `true')
+ SMSRCDIR=ifdef(`confSMSRCDIR', `confSMSRCDIR', `${SRCDIR}/sendmail')
+ PREPENDDEF(`confINCDIRS', `-I${SMSRCDIR} ')
+ 
+-bldPRODUCT_START(`library', `libmilter')
++APPENDDEF(`confOPTIMIZE', `-fno-pie -fPIC')
++define(`runCtest', `esyscmd(`echo -e "#include <stdio.h>\n#include \"../include/libmilter/mfapi.h\"\nint main(){'$1`;return 0;}" | gcc -x c -I../include -o ctest - && ./ctest && rm -f ctest')')dnl
++define(`confSOVER', runCtest(`printf(\"%d.%d\", SM_LM_VRS_MAJOR(SMFI_VERSION), SM_LM_VRS_MINOR(SMFI_VERSION))'))dnl
++define(`confSOPLVL', runCtest(`printf(\"%d\", SM_LM_VRS_PLVL(SMFI_VERSION))'))dnl
++bldPRODUCT_START(`sharedlibrary', `libmilter')
+ define(`bldINSTALLABLE', `true')
+ define(`LIBMILTER_EXTRAS', `errstring.c strl.c')
+ APPENDDEF(`confENVDEF', `-DNOT_SENDMAIL -Dsm_snprintf=snprintf')

SOURCES/sendmail-8.14.3-smrsh_paths.patch

@@ -0,0 +1,182 @@
+diff -up sendmail-8.14.3/smrsh/README.smrsh_paths sendmail-8.14.3/smrsh/README
+--- sendmail-8.14.3/smrsh/README.smrsh_paths	2008-02-12 17:40:06.000000000 +0100
++++ sendmail-8.14.3/smrsh/README	2008-07-15 14:40:36.000000000 +0200
+@@ -6,7 +6,7 @@ Software Engineering Institute, Carnegie
+ intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability,
+ and to the software, smrsh.c, written by Eric Allman.
+ 
+-
++* Modified by Red Hat, Inc., to reflect different paths. *
+ 
+ The smrsh(8) program is intended as a replacement for /bin/sh in the
+ program mailer definition of sendmail(8).  This README file describes
+@@ -56,15 +56,15 @@ These can be added to the devtools/Site/
+ global M4 macro confENVDEF or the smrsh specific M4 macro
+ conf_smrsh_ENVDEF.
+ 
+-As root, install smrsh in /usr/libexec.  Using the Build script:
++As root, install smrsh in /usr/sbin.  Using the Build script:
+ 
+ 	host.domain# sh ./Build install
+ 
+-For manual installation: install smrsh in the /usr/libexec
++For manual installation: install smrsh in the /usr/sbin
+ directory, with mode 511.
+ 
+-	host.domain# mv smrsh /usr/libexec
+-	host.domain# chmod 511 /usr/libexec/smrsh
++	host.domain# mv smrsh /usr/sbin
++	host.domain# chmod 511 /usr/sbin/smrsh
+ 
+ 
+ 
+@@ -86,7 +86,7 @@ perl(1), uudecode(1) or the stream edito
+ acceptable commands.
+ 
+ If your platform doesn't have a default SMRSH_CMDDIR setting, you will
+-next need to create the directory /usr/adm/sm.bin and populate
++next need to create the directory /etc/smrsh and populate
+ it with the programs that your site feels are allowable for sendmail
+ to execute.   This directory is explicitly specified in the source
+ code for smrsh, so changing this directory must be accompanied with
+@@ -95,22 +95,22 @@ a change in smrsh.c.
+ 
+ You will have to be root to make these modifications.
+ 
+-After creating the /usr/adm/sm.bin directory, either copy the programs
++After creating the /etc/smrsh directory, either copy the programs
+ to the directory, or establish links to the allowable programs from
+-/usr/adm/sm.bin.  Change the file permissions, so that these programs
++/etc/smrsh.  Change the file permissions, so that these programs
+ can not be modified by non-root users.  If you use links, you should
+ ensure that the target programs are not modifiable.
+ 
+ To allow the popular vacation(1) program by creating a link in the
+-/usr/adm/sm.bin directory, you should:
++/etc/smrsh directory, you should:
+ 
+-	host.domain# cd /usr/adm/sm.bin
++	host.domain# cd /etc/smrsh
+ 	host.domain# ln -s /usr/ucb/vacation vacation
+ 
+ 
+ 
+ 
+-After populating the /usr/adm/sm.bin directory, you can now configure
++After populating the /etc/smrsh directory, you can now configure
+ sendmail to use the restricted shell.  Save the current sendmail.cf
+ file prior to modifying it, as a prudent precaution.
+ 
+@@ -125,7 +125,7 @@ help to locate it.
+ 
+ In order to configure sendmail to use smrsh, you must modify the Mprog
+ definition in the sendmail.cf file, by replacing the /bin/sh specification
+-with /usr/libexec/smrsh.
++with /usr/sbin/smrsh.
+ 
+ As an example:
+ 
+@@ -133,14 +133,14 @@ In most Sun Microsystems' sendmail.cf fi
+ Mprog,	P=/bin/sh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
+ 
+ which should be changed to:
+-Mprog,	P=/usr/libexec/smrsh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
+-          ^^^^^^^^^^^^^^^^^^
++Mprog,	P=/usr/sbin/smrsh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
++         ^^^^^^^^^^^^^^^^
+ 
+ A more generic line may be:
+ Mprog,		P=/bin/sh, F=lsDFM, A=sh -c $u
+ 
+ and should be changed to;
+-Mprog,		P=/usr/libexec/smrsh, F=lsDFM, A=sh -c $u
++Mprog,		P=/usr/sbin/smrsh, F=lsDFM, A=sh -c $u
+ 
+ 
+ After modifying the Mprog definition in the sendmail.cf file, if a frozen
+@@ -151,7 +151,7 @@ or /etc/mail directories.  The specific 
+ a search of the strings(1) output of the sendmail binary.
+ 
+ In order to create a new frozen configuration, if it is required:
+-	host.domain# /usr/lib/sendmail -bz
++	host.domain# /usr/sbin/sendmail -bz
+ 
+ Now re-start the sendmail process.  An example of how to do this on
+ a typical system follows:
+diff -up sendmail-8.14.3/smrsh/smrsh.8.smrsh_paths sendmail-8.14.3/smrsh/smrsh.8
+--- sendmail-8.14.3/smrsh/smrsh.8.smrsh_paths	2004-08-06 05:55:35.000000000 +0200
++++ sendmail-8.14.3/smrsh/smrsh.8	2008-07-15 14:38:07.000000000 +0200
+@@ -39,7 +39,7 @@ Briefly,
+ .I smrsh
+ limits programs to be in a single directory,
+ by default
+-/usr/adm/sm.bin,
++/etc/smrsh,
+ allowing the system administrator to choose the set of acceptable commands,
+ and to the shell builtin commands ``exec'', ``exit'', and ``echo''.
+ It also rejects any commands with the characters
+@@ -56,10 +56,10 @@ so forwarding to ``/usr/ucb/vacation'',
+ and
+ ``vacation''
+ all actually forward to
+-``/usr/adm/sm.bin/vacation''.
++``/etc/smrsh/vacation''.
+ .PP
+ System administrators should be conservative about populating
+-the sm.bin directory.
++the /etc/smrsh directory.
+ For example, a reasonable additions is
+ .IR vacation (1),
+ and the like.
+@@ -68,7 +68,7 @@ never include any shell or shell-like pr
+ (such as
+ .IR perl (1))
+ in the
+-sm.bin
++/etc/smrsh
+ directory.
+ Note that this does not restrict the use of shell or perl scripts
+ in the sm.bin directory (using the ``#!'' syntax);
+@@ -79,20 +79,7 @@ is a very bad idea.
+ .IR procmail (1)
+ allows users to run arbitrary programs in their
+ .IR procmailrc (5).
+-.SH COMPILATION
+-Compilation should be trivial on most systems.
+-You may need to use \-DSMRSH_PATH=\e"\fIpath\fP\e"
+-to adjust the default search path
+-(defaults to ``/bin:/usr/bin:/usr/ucb'')
+-and/or \-DSMRSH_CMDDIR=\e"\fIdir\fP\e"
+-to change the default program directory
+-(defaults to ``/usr/adm/sm.bin'').
+ .SH FILES
+-/usr/adm/sm.bin \- default directory for restricted programs on most OSs
+-.PP
+-/var/adm/sm.bin \- directory for restricted programs on HP UX and Solaris
+-.PP
+-/usr/libexec/sm.bin \- directory for restricted programs on FreeBSD (>= 3.3) and DragonFly BSD
+-
++/etc/smrsh \- directory for restricted programs
+ .SH SEE ALSO
+ sendmail(8)
+diff -up sendmail-8.14.3/smrsh/smrsh.c.smrsh_paths sendmail-8.14.3/smrsh/smrsh.c
+--- sendmail-8.14.3/smrsh/smrsh.c.smrsh_paths	2004-08-06 20:54:22.000000000 +0200
++++ sendmail-8.14.3/smrsh/smrsh.c	2008-07-15 14:38:07.000000000 +0200
+@@ -77,7 +77,7 @@ SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.65 20
+ # ifdef SMRSH_CMDDIR
+ #  define CMDDIR	SMRSH_CMDDIR
+ # else /* SMRSH_CMDDIR */
+-#  define CMDDIR	"/usr/adm/sm.bin"
++#  define CMDDIR	"/etc/smrsh"
+ # endif /* SMRSH_CMDDIR */
+ #endif /* ! CMDDIR */
+ 
+@@ -89,7 +89,7 @@ SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.65 20
+ # ifdef SMRSH_PATH
+ #  define PATH		SMRSH_PATH
+ # else /* SMRSH_PATH */
+-#  define PATH		"/bin:/usr/bin:/usr/ucb"
++#  define PATH		"/bin:/usr/bin"
+ # endif /* SMRSH_PATH */
+ #endif /* ! PATH */
+ 

SOURCES/sendmail-8.14.4-makemapman.patch

@@ -0,0 +1,56 @@
+--- sendmail-8.14.4/cf/cf/Build				1999-03-02 03:37:12.000000000 +0100
++++ sendmail-8.14.4/cf/cf/Build.makemapman		2010-01-03 22:49:38.000000000 +0100
+@@ -18,7 +18,7 @@
+ SMROOT=${SMROOT-../..}
+ BUILDTOOLS=${BUILDTOOLS-$SMROOT/devtools}
+ 
+-M4=`sh $BUILDTOOLS/bin/find_m4.sh`
++M4=/usr/bin/m4
+ ret=$?
+ if [ $ret -ne 0 ]
+ then
+--- sendmail-8.14.4/devtools/OS/Linux			2009-01-22 03:15:42.000000000 +0100
++++ sendmail-8.14.4/devtools/OS/Linux.makemapman	2010-01-03 22:50:27.000000000 +0100
+@@ -6,7 +6,7 @@
+ define(`confDEPEND_TYPE', `CC-M')
+ define(`confCCOPTS_SO', `-fPIC')
+ define(`confSM_OS_HEADER', `sm_os_linux')
+-define(`confMANROOT', `/usr/man/man')
++define(`confMANROOT', `/usr/share/man/man')
+ define(`confLIBS', `-ldl')
+ define(`confEBINDIR', `/usr/sbin')
+ APPENDDEF(`confLIBSEARCH', `crypt nsl')
+@@ -16,6 +16,8 @@
+ define(`confMTLDOPTS', `-lpthread')
+ define(`confLDOPTS_SO', `-shared')
+ define(`confSONAME',`-soname')
++define('confSBINGRP', 'mail')
++define('confSBINMODE', '6755')
+ 
+ ifelse(confBLDVARIANT, `DEBUG',
+ dnl Debug build
+--- sendmail-8.14.4/makemap/makemap.8			2008-05-03 01:07:48.000000000 +0200
++++ sendmail-8.14.4/makemap/makemap.8.makemapman	2010-01-03 22:51:04.000000000 +0100
+@@ -52,12 +52,6 @@
+ parameter.  
+ They may be
+ .TP
+-dbm
+-DBM format maps.  
+-This requires the 
+-ndbm(3) 
+-library.
+-.TP
+ btree
+ B-Tree format maps.  
+ This requires the new Berkeley DB 
+--- sendmail-8.14.4/rmail/rmail.c			2001-09-18 23:45:29.000000000 +0200
++++ sendmail-8.14.4/rmail/rmail.c.makemapman		2010-01-03 22:51:36.000000000 +0100
+@@ -276,7 +276,6 @@
+ 	args[i++] = _PATH_SENDMAIL;	/* Build sendmail's argument list. */
+ 	args[i++] = "-G";		/* relay submission */
+ 	args[i++] = "-oee";		/* No errors, just status. */
+-	args[i++] = "-odq";		/* Queue it, don't try to deliver. */
+ 	args[i++] = "-oi";		/* Ignore '.' on a line by itself. */
+ 
+ 	/* set from system and protocol used */

SOURCES/sendmail-8.14.8-sasl2-in-etc.patch

@@ -0,0 +1,31 @@
+diff --git a/sendmail/usersmtp.c b/sendmail/usersmtp.c
+index c217ffa..e4dadd3 100644
+--- a/sendmail/usersmtp.c
++++ b/sendmail/usersmtp.c
+@@ -1331,9 +1331,7 @@ safesaslfile(context, file)
+ {
+ 	long sff;
+ 	int r;
+-#if SASL <= 10515
+ 	size_t len;
+-#endif /* SASL <= 10515 */
+ 	char *p;
+ 
+ 	if (file == NULL || *file == '\0')
+@@ -1369,9 +1367,16 @@ safesaslfile(context, file)
+ #endif /* SASL <= 10515 */
+ 
+ 	p = (char *) file;
++	len = strlen(p);
+ 	if ((r = safefile(p, RunAsUid, RunAsGid, RunAsUserName, sff,
+ 			  S_IRUSR, NULL)) == 0)
+ 		return SASL_OK;
++#if SASL > 10515
++	/* Expect /usr/lib/sasl2/Sendmail.conf to be missing - config now in /etc/sasl2 */
++	if (type == SASL_VRFY_CONF && r == ENOENT &&
++            len >= 8 && strncmp(p, "/usr/lib", 8) == 0)
++		return SASL_CONTINUE;
++#endif /* SASL > 10515 */
+ 	if (LogLevel > (r != ENOENT ? 8 : 10))
+ 		sm_syslog(LOG_WARNING, NOQID, "error: safesasl(%s) failed: %s",
+ 			  p, sm_errstring(r));

SOURCES/sendmail-8.14.9-noversion.patch

@@ -0,0 +1,13 @@
+--- sendmail-8.14.9/sendmail/helpfile		2014-03-06 18:31:31.000000000 +0100
++++ sendmail-8.14.9/sendmail/helpfile.noversion	2014-05-21 17:25:29.000000000 +0200
+@@ -11,9 +11,7 @@
+ cpyr	forth in the LICENSE file which can be found at the top level of
+ cpyr	the sendmail distribution.
+ cpyr
+-cpyr	$$Id: helpfile,v 8.49 2013-11-22 20:51:55 ca Exp $$
+-cpyr
+-smtp	This is sendmail version $v
++smtp	This is sendmail
+ smtp	Topics:
+ smtp		HELO	EHLO	MAIL	RCPT	DATA
+ smtp		RSET	NOOP	QUIT	HELP	VRFY

SOURCES/sendmail-8.14.9-pid.patch

@@ -0,0 +1,20 @@
+--- sendmail-8.14.9/cf/cf/submit.mc	2014-03-06 18:31:28.000000000 +0100
++++ sendmail-8.14.9/cf/cf/submit.mc.pid	2014-05-21 17:20:14.000000000 +0200
+@@ -15,12 +15,16 @@
+ #
+ 
+ divert(0)dnl
+-VERSIONID(`$Id: submit.mc,v 8.15 2013-11-22 20:51:08 ca Exp $')
++sinclude(`/usr/share/sendmail-cf/m4/cf.m4')dnl
++VERSIONID(`linux setup')dnl
+ define(`confCF_VERSION', `Submit')dnl
+ define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
+ define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
+ define(`confTIME_ZONE', `USE_TZ')dnl
+ define(`confDONT_INIT_GROUPS', `True')dnl
++define(`confPID_FILE', `/run/sm-client.pid')dnl
++dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl
++FEATURE(`use_ct_file')dnl
+ dnl
+ dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:0:0:0:0:0:0:0:1]
+ FEATURE(`msp', `[127.0.0.1]')dnl

SOURCES/sendmail-8.14.9-vacation.patch

@@ -0,0 +1,11 @@
+--- sendmail-8.14.9/vacation/Makefile		2014-03-06 18:31:31.000000000 +0100
++++ sendmail-8.14.9/vacation/Makefile.vacation	2014-05-21 17:22:47.000000000 +0200
+@@ -1,7 +1,7 @@
+ #       $Id: Makefile,v 8.5 1999-09-23 22:36:45 ca Exp $
+ 
+ SHELL= /bin/sh
+-BUILD=   ./Build
++BUILD=   ./Build -f ../redhat.config.m4
+ OPTIONS= $(CONFIG) $(FLAGS)
+ 
+ all: FRC

SOURCES/sendmail-8.15.1-aliases_dir.patch

@@ -0,0 +1,126 @@
+diff --git a/cf/m4/cfhead.m4 b/cf/m4/cfhead.m4
+index 714a3ec..3fd6c1c 100644
+--- a/cf/m4/cfhead.m4
++++ b/cf/m4/cfhead.m4
+@@ -260,7 +260,7 @@ ifdef(`MAIL_SETTINGS_DIR', , `define(`MAIL_SETTINGS_DIR', `/etc/mail/')')
+ define(`DATABASE_MAP_TYPE', `hash')
+ 
+ # set up default values for options
+-define(`ALIAS_FILE', `MAIL_SETTINGS_DIR`'aliases')
++define(`ALIAS_FILE', `/etc/aliases')
+ define(`confMAILER_NAME', ``MAILER-DAEMON'')
+ define(`confFROM_LINE', `From $g $d')
+ define(`confOPERATORS', `.:%@!^/[]+')
+diff --git a/sendmail/aliases.0 b/sendmail/aliases.0
+index cfdbe17..5ea4c28 100644
+--- a/sendmail/aliases.0
++++ b/sendmail/aliases.0
+@@ -63,7 +63,7 @@ DDEESSCCRRIIPPTTIIOONN
+        the list of users defined in that file.
+ 
+        This  is  only  the  raw  data file; the actual aliasing information is
+-       placed into a binary format in the file /etc/mail/aliases.db using  the
++       placed into a binary format in the file /etc/aliases.db using  the
+        program  newaliases(1).   A  newaliases command should be executed each
+        time the aliases file is changed for the change to take effect.
+ 
+diff --git a/sendmail/aliases.5 b/sendmail/aliases.5
+index f09b49c..7b16db2 100644
+--- a/sendmail/aliases.5
++++ b/sendmail/aliases.5
+@@ -23,7 +23,7 @@ ID
+ aliases used by 
+ sendmail.
+ The file resides in 
+-/etc/mail 
++/etc
+ and 
+ is formatted as a series of lines of the form
+ .IP
+@@ -96,7 +96,7 @@ list of users defined in that file.
+ .PP
+ This is only the raw data file; the actual aliasing information is
+ placed into a binary format in the file 
+-/etc/mail/aliases.db
++/etc/aliases.db
+ using the program 
+ newaliases(1).  
+ A 
+diff --git a/sendmail/newaliases.0 b/sendmail/newaliases.0
+index c77f401..e2a1670 100644
+--- a/sendmail/newaliases.0
++++ b/sendmail/newaliases.0
+@@ -10,7 +10,7 @@ SSYYNNOOPPSSIISS
+ 
+ DDEESSCCRRIIPPTTIIOONN
+        NNeewwaalliiaasseess  rebuilds  the  random access data base for the mail aliases
+-       file /etc/mail/aliases.  It must be run each time this file is  changed
++       file /etc/aliases.  It must be run each time this file is  changed
+        in order for the change to take effect.
+ 
+        NNeewwaalliiaasseess is identical to ``sendmail -bi''.
+@@ -22,7 +22,7 @@ DDEESSCCRRIIPPTTIIOONN
+        sseennddmmaaiill..
+ 
+ FFIILLEESS
+-       /etc/mail/aliases   The mail aliases file
++       /etc/aliases   The mail aliases file
+ 
+ SSEEEE AALLSSOO
+        aliases(5), sendmail(8)
+diff --git a/sendmail/newaliases.1 b/sendmail/newaliases.1
+index 59dc0de..9ba8752 100644
+--- a/sendmail/newaliases.1
++++ b/sendmail/newaliases.1
+@@ -20,7 +20,7 @@ newaliases
+ .SH DESCRIPTION
+ .B Newaliases
+ rebuilds the random access data base for the mail aliases file
+-/etc/mail/aliases.  It must be run each time this file is changed
++/etc/aliases.  It must be run each time this file is changed
+ in order for the change to take effect.
+ .PP
+ .B Newaliases
+@@ -40,7 +40,7 @@ puts a special token into the data base that is required by
+ .B sendmail.
+ .SH FILES
+ .TP 2i
+-/etc/mail/aliases
++/etc/aliases
+ The mail aliases file
+ .SH SEE ALSO
+ aliases(5), sendmail(8)
+diff --git a/sendmail/sendmail.0 b/sendmail/sendmail.0
+index 515d5f7..8236411 100644
+--- a/sendmail/sendmail.0
++++ b/sendmail/sendmail.0
+@@ -434,10 +434,10 @@ FFIILLEESS
+        are only approximations.
+ 
+ 
+-        /etc/mail/aliases
++        /etc/aliases
+               raw data for alias names
+ 
+-        /etc/mail/aliases.db
++        /etc/aliases.db
+               data base of alias names
+ 
+         /etc/mail/sendmail.cf
+diff --git a/sendmail/sendmail.8 b/sendmail/sendmail.8
+index 0356839..1258c26 100644
+--- a/sendmail/sendmail.8
++++ b/sendmail/sendmail.8
+@@ -711,10 +711,10 @@ Thus,
+ these values are only approximations.
+ .PP
+ .TP
+- /etc/mail/aliases
++ /etc/aliases
+ raw data for alias names
+ .TP
+- /etc/mail/aliases.db
++ /etc/aliases.db
+ data base of alias names
+ .TP
+  /etc/mail/sendmail.cf

SOURCES/sendmail-8.15.1-dynamic.patch

@@ -0,0 +1,46 @@
+--- sendmail-8.14.4/devtools/OS/Linux		2010-01-03 22:55:35.000000000 +0100
++++ sendmail-8.14.4/devtools/OS/Linux.dynamic	2010-01-03 22:59:03.000000000 +0100
+@@ -7,7 +7,7 @@
+ define(`confCCOPTS_SO', `-fPIC')
+ define(`confSM_OS_HEADER', `sm_os_linux')
+ define(`confMANROOT', `/usr/share/man/man')
+-define(`confLIBS', `-ldl')
++define(`confLIBS', `-pie -ldl')
+ define(`confEBINDIR', `/usr/sbin')
+ APPENDDEF(`confLIBSEARCH', `crypt nsl')
+ 
+@@ -22,19 +22,19 @@
+ ifelse(confBLDVARIANT, `DEBUG',
+ dnl Debug build
+ `
+-	define(`confOPTIMIZE',`-g -Wall')
++	define(`confOPTIMIZE',`-g -Wall -fpie')
+ ',
+ dnl Optimized build
+ confBLDVARIANT, `OPTIMIZED',
+ `
+-	define(`confOPTIMIZE',`-O2')
++	define(`confOPTIMIZE',`-O2 -fpie')
+ ',
+ dnl Purify build
+ confBLDVARIANT, `PURIFY',
+ `
+-	define(`confOPTIMIZE',`-g')
++	define(`confOPTIMIZE',`-g -fpie')
+ ',
+ dnl default
+ `
+-	define(`confOPTIMIZE',`-O2')
++	define(`confOPTIMIZE',`-O2 -fpie')
+ ')
+--- sendmail-8.14.4/libsm/Makefile.m4		2006-08-16 23:06:31.000000000 +0200
++++ sendmail-8.14.4/libsm/Makefile.m4.dynamic	2010-01-03 23:01:36.000000000 +0100
+@@ -6,7 +6,7 @@
+ define(`confREQUIRE_SM_OS_H', `true')
+ PREPENDDEF(`confENVDEF', `confMAPDEF')
+ bldPRODUCT_START(`library', `libsm')
+-define(`bldSOURCES', ` assert.c debug.c errstring.c exc.c heap.c match.c rpool.c strdup.c strerror.c strl.c clrerr.c fclose.c feof.c ferror.c fflush.c fget.c fpos.c findfp.c flags.c fopen.c fprintf.c fpurge.c fput.c fread.c fscanf.c fseek.c fvwrite.c fwalk.c fwrite.c get.c makebuf.c put.c refill.c rewind.c setvbuf.c smstdio.c snprintf.c sscanf.c stdio.c strio.c ungetc.c vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c wbuf.c wsetup.c string.c stringf.c xtrap.c strto.c test.c strcasecmp.c strrevcmp.c signal.c clock.c config.c shm.c sem.c mbdb.c strexit.c cf.c ldap.c niprop.c mpeix.c memstat.c util.c inet6_ntop.c ')
++define(`bldSOURCES', ` assert.c debug.c errstring.c exc.c heap.c match.c rpool.c strdup.c strl.c clrerr.c fclose.c feof.c ferror.c fflush.c fget.c fpos.c findfp.c flags.c fopen.c fprintf.c fpurge.c fput.c fread.c fscanf.c fseek.c fvwrite.c fwalk.c fwrite.c get.c makebuf.c put.c refill.c rewind.c setvbuf.c smstdio.c snprintf.c sscanf.c stdio.c strio.c ungetc.c vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c wbuf.c wsetup.c string.c stringf.c xtrap.c strto.c test.c strcasecmp.c strrevcmp.c signal.c clock.c config.c shm.c sem.c mbdb.c strexit.c cf.c ldap.c niprop.c mpeix.c memstat.c util.c inet6_ntop.c ')
+ bldPRODUCT_END
+ dnl msg.c
+ dnl syslogio.c

SOURCES/sendmail-8.15.1-manpage.patch

@@ -0,0 +1,18 @@
+diff --git a/sendmail/sendmail.8 b/sendmail/sendmail.8
+index 9e0b9af..0356839 100644
+--- a/sendmail/sendmail.8
++++ b/sendmail/sendmail.8
+@@ -729,13 +729,11 @@ collected statistics
+  /var/spool/mqueue/*
+ temp files
+ .SH SEE ALSO
+-binmail(1),
+ mail(1),
+ rmail(1),
+ syslog(3),
+ aliases(5),
+ mailaddr(7),
+-rc(8)
+ .PP
+ DARPA 
+ Internet Request For Comments

SOURCES/sendmail-8.15.2-format-security.patch

@@ -0,0 +1,127 @@
+diff --git a/sendmail/envelope.c b/sendmail/envelope.c
+index bae6b00..beb91a1 100644
+--- a/sendmail/envelope.c
++++ b/sendmail/envelope.c
+@@ -323,7 +323,7 @@ dropenvelope(e, fulldrop, split)
+ 
+ 			/* don't free, allocated from e_rpool */
+ 			e->e_message = sm_rpool_strdup_x(e->e_rpool, buf);
+-			message(buf);
++			message("%s", buf);
+ 			e->e_flags |= EF_CLRQUEUE;
+ 		}
+ 		if (msg_timeout == MSG_NOT_BY)
+@@ -420,7 +420,7 @@ dropenvelope(e, fulldrop, split)
+ 				/* don't free, allocated from e_rpool */
+ 				e->e_message = sm_rpool_strdup_x(e->e_rpool,
+ 								 buf);
+-				message(buf);
++				message("%s", buf);
+ 				e->e_flags |= EF_WARNING;
+ 			}
+ 			if (msg_timeout == MSG_WARN_BY)
+diff --git a/sendmail/parseaddr.c b/sendmail/parseaddr.c
+index 2adb39c..ba99414 100644
+--- a/sendmail/parseaddr.c
++++ b/sendmail/parseaddr.c
+@@ -218,7 +218,7 @@ parseaddr(addr, a, flags, delim, delimptr, e, isrcpt)
+ 			msg = "Deferring message until queue run";
+ 		if (tTd(20, 1))
+ 			sm_dprintf("parseaddr: queueing message\n");
+-		message(msg);
++		message("%s", msg);
+ 		if (e->e_message == NULL && e->e_sendmode != SM_DEFER)
+ 			e->e_message = sm_rpool_strdup_x(e->e_rpool, msg);
+ 		a->q_state = QS_QUEUEUP;
+diff --git a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c
+index ba636a8..46c5356 100644
+--- a/sendmail/srvrsmtp.c
++++ b/sendmail/srvrsmtp.c
+@@ -122,6 +122,26 @@ extern ENVELOPE	BlankEnvelope;
+ #define SKIP_SPACE(s)	while (isascii(*s) && isspace(*s))	\
+ 				(s)++
+ 
++static inline void
++message1(fmt)
++	char *fmt;
++{
++	if (strchr(fmt, '%') == NULL)
++		message(fmt, NULL);
++	else
++		message("%s", fmt);
++}
++
++static inline void
++usrerr1(fmt)
++	char *fmt;
++{
++	if (strchr(fmt, '%') == NULL)
++		usrerr(fmt, NULL);
++	else
++		usrerr("%s", fmt);
++}
++
+ /*
+ **  PARSE_ESMTP_ARGS -- parse EMSTP arguments (for MAIL, RCPT)
+ **
+@@ -578,13 +598,13 @@ static bool	smtp_data __P((SMTP_T *, ENVELOPE *));
+ 				bool tsave = QuickAbort;		\
+ 									\
+ 				QuickAbort = false;			\
+-				usrerr(response);			\
++				usrerr1(response);			\
+ 				QuickAbort = tsave;			\
+ 				e->e_sendqueue = NULL;			\
+ 				goto doquit;				\
+ 			}						\
+ 			else						\
+-				usrerr(response);			\
++				usrerr1(response);			\
+ 			break;						\
+ 									\
+ 		  case SMFIR_REJECT:					\
+@@ -931,7 +951,7 @@ smtp(nullserver, d_flags, e)
+ 	}
+ 	else if (strncmp(nullserver, "421 ", 4) == 0)
+ 	{
+-		message(nullserver);
++		message1(nullserver);
+ 		goto doquit;
+ 	}
+ 
+@@ -1849,7 +1869,7 @@ smtp(nullserver, d_flags, e)
+ 				if (nullserver != NULL)
+ 				{
+ 					if (ISSMTPREPLY(nullserver))
+-						usrerr(nullserver);
++						usrerr1(nullserver);
+ 					else
+ 						usrerr("550 5.0.0 %s",
+ 						       nullserver);
+@@ -2449,7 +2469,7 @@ smtp(nullserver, d_flags, e)
+ 					tempfail = true;
+ 					smtp.sm_milterize = false;
+ 					if (response != NULL)
+-						usrerr(response);
++						usrerr1(response);
+ 					else
+ 						message("421 4.7.0 %s closing connection",
+ 							MyHostName);
+@@ -3656,7 +3676,7 @@ smtp_data(smtp, e)
+ 				(void) extenhsc(response + 4, ' ', e->e_enhsc);
+ #endif /* _FFR_MILTER_ENHSC */
+ 
+-			usrerr(response);
++			usrerr1(response);
+ 			if (strncmp(response, "421 ", 4) == 0
+ 			    || strncmp(response, "421-", 4) == 0)
+ 			{
+@@ -3776,7 +3796,7 @@ smtp_data(smtp, e)
+ 			if (ISSMTPCODE(response))
+ 				(void) extenhsc(response + 4, ' ', e->e_enhsc);
+ #endif /* _FFR_MILTER_ENHSC */
+-			usrerr(response);
++			usrerr1(response);
+ 			if (strncmp(response, "421 ", 4) == 0
+ 			    || strncmp(response, "421-", 4) == 0)
+ 				rv = false;

SOURCES/sendmail-8.15.2-libmilter-socket-activation.patch

@@ -0,0 +1,80 @@
+Description: systemd-like socket activation support for libmilter
+Author: Mikhail Gusarov <dottedmag@debian.org
+diff --git a/libmilter/docs/smfi_setconn.html b/libmilter/docs/smfi_setconn.html
+index eba7c5b..5b272a0 100644
+--- a/libmilter/docs/smfi_setconn.html
++++ b/libmilter/docs/smfi_setconn.html
+@@ -43,6 +43,7 @@ Set the socket through which this filter should communicate with sendmail.
+ 	<LI><CODE>{unix|local}:/path/to/file</CODE> -- A named pipe.
+ 	<LI><CODE>inet:port@{hostname|ip-address}</CODE> -- An IPV4 socket.
+ 	<LI><CODE>inet6:port@{hostname|ip-address}</CODE> -- An IPV6 socket.
++	<LI><CODE>fd:number</CODE> -- Pre-opened file descriptor.
+ 	</UL>
+ 	</TD></TR>
+     </TABLE>
+diff --git a/libmilter/listener.c b/libmilter/listener.c
+index 11d92bb..2ab533d 100644
+--- a/libmilter/listener.c
++++ b/libmilter/listener.c
+@@ -197,6 +197,11 @@ mi_milteropen(conn, backlog, rmsocket, name)
+ 			L_socksize = sizeof addr.sin6;
+ 		}
+ #endif /* NETINET6 */
++		else if (strcasecmp(p, "fd") == 0)
++		{
++			addr.sa.sa_family = AF_UNSPEC;
++			L_socksize = sizeof (_SOCK_ADDR);
++		}
+ 		else
+ 		{
+ 			smi_log(SMI_LOG_ERR, "%s: unknown socket type %s",
+@@ -443,7 +448,21 @@ mi_milteropen(conn, backlog, rmsocket, name)
+ 	}
+ #endif /* NETINET || NETINET6 */
+ 
+-	sock = socket(addr.sa.sa_family, SOCK_STREAM, 0);
++	if (addr.sa.sa_family == AF_UNSPEC)
++	{
++		char *end;
++		sock = strtol(colon, &end, 10);
++		if (*end != '\0' || sock < 0)
++		{
++			smi_log(SMI_LOG_ERR, "%s: expected positive integer as fd, got %s", name, colon);
++			return INVALID_SOCKET;
++		}
++	}
++	else
++	{
++		sock = socket(addr.sa.sa_family, SOCK_STREAM, 0);
++	}
++
+ 	if (!ValidSocket(sock))
+ 	{
+ 		smi_log(SMI_LOG_ERR,
+@@ -466,6 +485,7 @@ mi_milteropen(conn, backlog, rmsocket, name)
+ #if NETUNIX
+ 	    addr.sa.sa_family != AF_UNIX &&
+ #endif /* NETUNIX */
++	    addr.sa.sa_family != AF_UNSPEC &&
+ 	    setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *) &sockopt,
+ 		       sizeof(sockopt)) == -1)
+ 	{
+@@ -511,7 +531,8 @@ mi_milteropen(conn, backlog, rmsocket, name)
+ 	}
+ #endif /* NETUNIX */
+ 
+-	if (bind(sock, &addr.sa, L_socksize) < 0)
++	if (addr.sa.sa_family != AF_UNSPEC &&
++	    bind(sock, &addr.sa, L_socksize) < 0)
+ 	{
+ 		smi_log(SMI_LOG_ERR,
+ 			"%s: Unable to bind to port %s: %s",
+@@ -818,7 +839,7 @@ mi_listener(conn, dbg, smfi, timeout, backlog)
+ # ifdef BSD4_4_SOCKADDR
+ 		     cliaddr.sa.sa_len == 0 ||
+ # endif /* BSD4_4_SOCKADDR */
+-		     cliaddr.sa.sa_family != L_family))
++		     (L_family != AF_UNSPEC && cliaddr.sa.sa_family != L_family)))
+ 		{
+ 			(void) closesocket(connfd);
+ 			connfd = INVALID_SOCKET;

SOURCES/sendmail-8.15.2-localdomain.patch

@@ -0,0 +1,13 @@
+diff --git a/cf/m4/proto.m4 b/cf/m4/proto.m4
+index 696bf36..5a5963b 100644
+--- a/cf/m4/proto.m4
++++ b/cf/m4/proto.m4
+@@ -1898,6 +1898,8 @@ R<@> < $* @ [IPv6:::1] >
+ 			$: < ? $&{client_name} > < $1 @ [IPv6:::1] >
+ R<@> < $* @ localhost.$m >
+ 			$: < ? $&{client_name} > < $1 @ localhost.$m >
++R<@> < $* @ localhost.localdomain >
++			$: < ? $&{client_name} > < $1 @ localhost.localdomain >
+ ifdef(`_NO_UUCP_', `dnl',
+ `R<@> < $* @ localhost.UUCP >
+ 			$: < ? $&{client_name} > < $1 @ localhost.UUCP >')

SOURCES/sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch

@@ -0,0 +1,20 @@
+diff --git a/sendmail/tls.c b/sendmail/tls.c
+index 16cb93f..9338380 100644
+--- a/sendmail/tls.c
++++ b/sendmail/tls.c
+@@ -1329,13 +1329,8 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
+ 		}
+ 
+ #if _FFR_TLS_EC
+-		ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+-		if (ecdh != NULL)
+-		{
+-			SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE);
+-			SSL_CTX_set_tmp_ecdh(*ctx, ecdh);
+-			EC_KEY_free(ecdh);
+-		}
++		SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE);
++		SSL_CTX_set_ecdh_auto(*ctx, 1);
+ #endif /* _FFR_TLS_EC */
+ 
+ 	}

SOURCES/sendmail-8.15.2-openssl-1.1.0-fix.patch

@@ -0,0 +1,182 @@
+--- sendmail-8.15.2.orig/sendmail/tls.c	2016-12-01 15:20:59.953546417 +0100
++++ sendmail-8.15.2.orig/sendmail/tls.c	2016-12-01 17:26:43.868521378 +0100
+@@ -63,14 +63,28 @@ static unsigned char dh512_g[] =
+ static DH *
+ get_dh512()
+ {
+-	DH *dh = NULL;
++	DH *dh;
++	BIGNUM *p, *g;
+ 
+ 	if ((dh = DH_new()) == NULL)
+ 		return NULL;
+-	dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+-	dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+-	if ((dh->p == NULL) || (dh->g == NULL))
++	p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
++	g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
++	if (p == NULL || g == NULL)
++	{
++		BN_free(p);
++		BN_free(g);
++		DH_free(dh);
+ 		return NULL;
++	}
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++	DH_set0_pqg(dh, p, NULL, g);
++#else
++	dh->p = p;
++	dh->g = g;
++#endif
++
+ 	return dh;
+ }
+ 
+@@ -117,16 +131,27 @@ get_dh2048()
+ 		};
+ 	static unsigned char dh2048_g[]={ 0x02, };
+ 	DH *dh;
++	BIGNUM *p, *g;
+ 
+ 	if ((dh=DH_new()) == NULL)
+ 		return(NULL);
+-	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+-	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+-	if ((dh->p == NULL) || (dh->g == NULL))
++	p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
++	g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
++	if (p == NULL || g == NULL)
+ 	{
++		BN_free(p);
++		BN_free(g);
+ 		DH_free(dh);
+-		return(NULL);
++		return NULL;
+ 	}
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++	DH_set0_pqg(dh, p, NULL, g);
++#else
++	dh->p = p;
++	dh->g = g;
++#endif
++
+ 	return(dh);
+ }
+ # endif /* !NO_DH */
+@@ -715,6 +740,54 @@ static char server_session_id_context[]
+ # define SM_SSL_OP_TLS_BLOCK_PADDING_BUG	0
+ #endif
+ 
++static RSA *
++generate_rsa_key(bits, e)
++	int bits;
++	unsigned long e;
++{
++#if OPENSSL_VERSION_NUMBER < 0x00908000L
++	return RSA_generate_key(bits, e, NULL, NULL);
++#else
++	BIGNUM *bne;
++	RSA *rsa = NULL;
++
++	bne = BN_new();
++	if (bne && BN_set_word(bne, e) != 1)
++		rsa = RSA_new();
++	if (rsa && RSA_generate_key_ex(rsa, bits, bne, NULL) != 1)
++	{
++		RSA_free(rsa);
++		rsa = NULL;
++	}
++	BN_free(bne);
++	return rsa;
++#endif
++}
++
++static DSA *
++generate_dsa_parameters(bits, seed, seed_len, counter_ret, h_ret)
++	int bits;
++	unsigned char *seed;
++	int seed_len;
++	int *counter_ret;
++	unsigned long *h_ret;
++{
++#if OPENSSL_VERSION_NUMBER < 0x00908000L
++	return DSA_generate_parameters(bits, seed, seed_len, counter_ret,
++			               h_ret, NULL, NULL);
++#else
++	DSA *dsa = DSA_new();
++
++	if (dsa && DSA_generate_parameters_ex(dsa, bits, seed, seed_len,
++				              counter_ret, h_ret, NULL) != 1)
++	{
++		DSA_free(dsa);
++		dsa = NULL;
++	}
++	return dsa;
++#endif
++}
++
+ bool
+ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam)
+ 	SSL_CTX **ctx;
+@@ -926,7 +999,7 @@ inittls(ctx, req, options, srv, certfile
+ 	{
+ 		/* get a pointer to the current certificate validation store */
+ 		store = SSL_CTX_get_cert_store(*ctx);	/* does not fail */
+-		crl_file = BIO_new(BIO_s_file_internal());
++		crl_file = BIO_new(BIO_s_file());
+ 		if (crl_file != NULL)
+ 		{
+ 			if (BIO_read_filename(crl_file, CRLFile) >= 0)
+@@ -1003,8 +1076,7 @@ inittls(ctx, req, options, srv, certfile
+ 	if (bitset(TLS_I_RSA_TMP, req)
+ #  if SM_CONF_SHM
+ 	    && ShmId != SM_SHM_NO_ID &&
+-	    (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL,
+-					NULL)) == NULL
++	    (rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4)) == NULL
+ #  else /* SM_CONF_SHM */
+ 	    && 0	/* no shared memory: no need to generate key now */
+ #  endif /* SM_CONF_SHM */
+@@ -1210,8 +1282,8 @@ inittls(ctx, req, options, srv, certfile
+ 				sm_dprintf("inittls: Generating %d bit DH parameters\n", bits);
+ 
+ 			/* this takes a while! */
+-			dsa = DSA_generate_parameters(bits, NULL, 0, NULL,
+-						      NULL, 0, NULL);
++			dsa = generate_dsa_parameters(bits, NULL, 0, NULL,
++						      NULL);
+ 			dh = DSA_dup_DH(dsa);
+ 			DSA_free(dsa);
+ 		}
+@@ -1747,7 +1819,7 @@ tmp_rsa_key(s, export, keylength)
+ 
+ 	if (rsa_tmp != NULL)
+ 		RSA_free(rsa_tmp);
+-	rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL);
++	rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4);
+ 	if (rsa_tmp == NULL)
+ 	{
+ 		if (LogLevel > 0)
+@@ -1974,11 +2046,20 @@ x509_verify_cb(ok, ctx)
+ 	{
+ 		if (LogLevel > 13)
+ 			tls_verify_log(ok, ctx, "x509");
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++		if (X509_STORE_CTX_get_error(ctx) ==
++		    X509_V_ERR_UNABLE_TO_GET_CRL)
++		{
++			X509_STORE_CTX_set_error(ctx, 0);
++			return 1;	/* override it */
++		}
++#else
+ 		if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL)
+ 		{
+ 			ctx->error = 0;
+ 			return 1;	/* override it */
+ 		}
++#endif
+ 	}
+ 	return ok;
+ }

SOURCES/sendmail-8.15.2-qos.patch

@@ -0,0 +1,246 @@
+diff --git a/cf/cf/submit.mc b/cf/cf/submit.mc
+index b9dfb16..cb325cc 100644
+--- a/cf/cf/submit.mc
++++ b/cf/cf/submit.mc
+@@ -22,6 +22,8 @@ define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
+ define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
+ define(`confTIME_ZONE', `USE_TZ')dnl
+ define(`confDONT_INIT_GROUPS', `True')dnl
++dnl # If you're operating in a DSCP/RFC-4594 environment with QoS
++dnl define(`confINET_QOS', `AF11')dnl
+ define(`confPID_FILE', `/run/sm-client.pid')dnl
+ dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl
+ FEATURE(`use_ct_file')dnl
+diff --git a/cf/m4/proto.m4 b/cf/m4/proto.m4
+index 5a5963b..0df3416 100644
+--- a/cf/m4/proto.m4
++++ b/cf/m4/proto.m4
+@@ -251,6 +251,9 @@ _OPTION(SevenBitInput, `confSEVEN_BIT_INPUT', `False')
+ # 8-bit data handling
+ _OPTION(EightBitMode, `confEIGHT_BIT_HANDLING', `pass8')
+ 
++# DSCP marking of traffic (IP_TOS)
++_OPTION(InetQoS, `confINET_QOS', `none')
++
+ # wait for alias file rebuild (default units: minutes)
+ _OPTION(AliasWait, `confALIAS_WAIT', `5m')
+ 
+diff --git a/sendmail/conf.c b/sendmail/conf.c
+index cbb9c76..1b55533 100644
+--- a/sendmail/conf.c
++++ b/sendmail/conf.c
+@@ -6430,6 +6430,10 @@ char	*FFRCompileOptions[] =
+ #if _FFR_QF_PARANOIA
+ 	"_FFR_QF_PARANOIA",
+ #endif
++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
++	/* QoS */
++	"_FFR_QOS",
++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
+ #if _FFR_QUEUE_GROUP_SORTORDER
+ 	/* Allow QueueSortOrder per queue group. */
+ /* XXX: Still need to actually use qgrp->qg_sortorder */
+diff --git a/sendmail/daemon.c b/sendmail/daemon.c
+index 4288365..86fe319 100644
+--- a/sendmail/daemon.c
++++ b/sendmail/daemon.c
+@@ -104,6 +104,10 @@ static int	NDaemons = 0;			/* actual number of daemons */
+ 
+ static time_t	NextDiskSpaceCheck = 0;
+ 
++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
++int		InetQoS = 0;			/* none by default */
++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
++
+ /*
+ **  GETREQUESTS -- open mail IPC port and get requests.
+ **
+@@ -1139,6 +1143,16 @@ opendaemonsocket(d, firsttime)
+ 			(void) setsockopt(d->d_socket, SOL_SOCKET,
+ 					  SO_KEEPALIVE, (char *)&on, sizeof(on));
+ 
++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
++			if (InetQoS != 0x00
++			 && (d->d_addr.sa.sa_family == AF_INET
++			  || (d->d_addr.sin6.sin6_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(d->d_addr.sin6.sin6_addr.s6_addr32)))) {
++				if (setsockopt(d->d_socket, SOL_IP,
++						  IP_TOS, (char *)&InetQoS, sizeof(InetQoS)) < 0)
++					syserr("opendaemonsock: daemon %s: setsockopt(IP_TOS)", d->d_name);
++			}
++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
++
+ #ifdef SO_RCVBUF
+ 			if (d->d_tcprcvbufsize > 0)
+ 			{
+@@ -2571,6 +2585,16 @@ gothostent:
+ 			return EX_TEMPFAIL;
+ 		}
+ 
++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
++		if (InetQoS != 0x00
++		 && (family == AF_INET
++		  || (family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(addr.sin6.sin6_addr.s6_addr32))))
++		{
++			if (setsockopt(s, SOL_IP, IP_TOS,
++					  (char *)&InetQoS, sizeof(InetQoS)) < 0)
++				syserr("makeconnection: setsockopt(IP_TOS)");
++		}
++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
+ #ifdef SO_SNDBUF
+ 		if (ClientSettings[family].d_tcpsndbufsize > 0)
+ 		{
+diff --git a/sendmail/readcf.c b/sendmail/readcf.c
+index 2b0fbf7..86892f5 100644
+--- a/sendmail/readcf.c
++++ b/sendmail/readcf.c
+@@ -18,6 +18,7 @@ SM_RCSID("@(#)$Id: readcf.c,v 8.692 2013-11-22 20:51:56 ca Exp $")
+ 
+ #if NETINET || NETINET6
+ # include <arpa/inet.h>
++# include <netinet/ip.h>
+ #endif /* NETINET || NETINET6 */
+ 
+ 
+@@ -2888,8 +2889,8 @@ static struct optioninfo
+ # define O_RCPTTHROTDELAY	0xe6
+ 	{ "BadRcptThrottleDelay",	O_RCPTTHROTDELAY,	OI_SAFE	},
+ #endif /* _FFR_RCPTTHROTDELAY */
+-#if 0 && _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
+-# define O_INETQOS	0xe7	/* reserved for FFR_QOS */
++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
++# define O_INETQOS		0xe7
+ 	{ "InetQoS",			O_INETQOS,	OI_NONE },
+ #endif
+ #if STARTTLS && _FFR_FIPSMODE
+@@ -2914,6 +2915,77 @@ static struct optioninfo
+ 	{ NULL,				'\0',		OI_NONE	}
+ };
+ 
++#ifdef O_INETQOS
++static struct qosmap
++{
++	char	*name;		/* name of the setting */
++	int	value;		/* corresponding setsockopt() value */
++} QoSMap[] = {
++#ifdef IPTOS_CLASS_CS0
++	{ "CS0",	IPTOS_CLASS_CS0 },
++#endif
++#ifdef IPTOS_CLASS_CS1
++	{ "CS1",	IPTOS_CLASS_CS1 },
++#endif
++#ifdef IPTOS_DSCP_AF11
++	{ "AF11",	IPTOS_DSCP_AF11 },
++#endif
++#ifdef IPTOS_DSCP_AF12
++	{ "AF12",	IPTOS_DSCP_AF12 },
++#endif
++#ifdef IPTOS_DSCP_AF13
++	{ "AF13",	IPTOS_DSCP_AF13 },
++#endif
++#ifdef IPTOS_CLASS_CS2
++	{ "CS2",	IPTOS_CLASS_CS2 },
++#endif
++#ifdef IPTOS_DSCP_AF21
++	{ "AF21",	IPTOS_DSCP_AF21 },
++#endif
++#ifdef IPTOS_DSCP_AF22
++	{ "AF22",	IPTOS_DSCP_AF22 },
++#endif
++#ifdef IPTOS_DSCP_AF23
++	{ "AF23",	IPTOS_DSCP_AF23 },
++#endif
++#ifdef IPTOS_CLASS_CS3
++	{ "CS3",	IPTOS_CLASS_CS3 },
++#endif
++#ifdef IPTOS_DSCP_AF31
++	{ "AF31",	IPTOS_DSCP_AF31 },
++#endif
++#ifdef IPTOS_DSCP_AF32
++	{ "AF32",	IPTOS_DSCP_AF32 },
++#endif
++#ifdef IPTOS_DSCP_AF33
++	{ "AF33",	IPTOS_DSCP_AF33 },
++#endif
++#ifdef IPTOS_CLASS_CS4
++	{ "CS4",	IPTOS_CLASS_CS4 },
++#endif
++#ifdef IPTOS_DSCP_AF41
++	{ "AF41",	IPTOS_DSCP_AF41 },
++#endif
++#ifdef IPTOS_DSCP_AF42
++	{ "AF42",	IPTOS_DSCP_AF42 },
++#endif
++#ifdef IPTOS_DSCP_AF43
++	{ "AF43",	IPTOS_DSCP_AF43 },
++#endif
++#ifdef IPTOS_CLASS_CS5
++	{ "CS5",	IPTOS_CLASS_CS5 },
++#endif
++#ifdef IPTOS_CLASS_CS6
++	{ "CS6",	IPTOS_CLASS_CS6 },
++#endif
++#ifdef IPTOS_CLASS_CS7
++	{ "CS7",	IPTOS_CLASS_CS7 },
++#endif
++	{ "none",	0x00 },
++	{ NULL,		0    }
++};
++#endif
++
+ # define CANONIFY(val)
+ 
+ # define SET_OPT_DEFAULT(opt, val)	opt = val
+@@ -4540,6 +4612,33 @@ setoption(opt, val, safe, sticky, e)
+ 		UseCompressedIPv6Addresses = atobool(val);
+ 		break;
+ 
++#ifdef O_INETQOS
++	  case O_INETQOS:
++		{
++			struct qosmap *qmp;
++			InetQoS = -1;
++
++			for (qmp = QoSMap; qmp->name != NULL; ++qmp) {
++				if (!strcmp(val, qmp->name)) {
++					InetQoS = qmp->value;
++					break;
++				}
++			}
++
++			/*
++			** we could allow writing it as a hex value, but
++			** we don't at this time.
++			**/
++			if (qmp->name == NULL) {
++				(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
++						     "Warning: Option: %s unknown parameter '%s'\n",
++						     OPTNAME, val);
++				break;
++			}
++			break;
++		}
++#endif
++
+ 	  default:
+ 		if (tTd(37, 1))
+ 		{
+diff --git a/sendmail/sendmail.h b/sendmail/sendmail.h
+index b2d0211..3bcc2e2 100644
+--- a/sendmail/sendmail.h
++++ b/sendmail/sendmail.h
+@@ -2537,7 +2537,14 @@ EXTERN struct termescape	TermEscape;	/* terminal escape codes */
+ EXTERN SOCKADDR	ConnectOnlyTo;	/* override connection address (for testing) */
+ EXTERN SOCKADDR RealHostAddr;	/* address of host we are talking to */
+ extern const SM_EXC_TYPE_T EtypeQuickAbort; /* type of a QuickAbort exception */
+-
++#if _FFR_QOS
++# if !defined(SOL_IP) && defined(IPPROTO_IP)
++#  define SOL_IP IPPROTO_IP
++# endif
++# if defined(SOL_IP) && defined(IP_TOS)
++EXTERN int	InetQoS;	/* QoS mapping */
++# endif
++#endif
+ 
+ EXTERN int ConnectionRateWindowSize;
+ #if STARTTLS && USE_OPENSSL_ENGINE

SOURCES/sendmail-8.15.2-smtp-session-reuse-fix.patch

@@ -0,0 +1,249 @@
+diff -ru a/sendmail/deliver.c b/sendmail/deliver.c
+--- a/sendmail/deliver.c	2016-02-29 06:01:55.000000000 -0800
++++ b/sendmail/deliver.c	2016-02-29 06:02:06.000000000 -0800
+@@ -6274,8 +6274,7 @@
+ 				tlslogerr(LOG_WARNING, "client");
+ 		}
+ 
+-		SSL_free(clt_ssl);
+-		clt_ssl = NULL;
++		SM_SSL_FREE(clt_ssl);
+ 		return EX_SOFTWARE;
+ 	}
+ 	mci->mci_ssl = clt_ssl;
+@@ -6287,8 +6286,7 @@
+ 		return EX_OK;
+ 
+ 	/* failure */
+-	SSL_free(clt_ssl);
+-	clt_ssl = NULL;
++	SM_SSL_FREE(clt_ssl);
+ 	return EX_SOFTWARE;
+ }
+ /*
+@@ -6309,7 +6307,7 @@
+ 
+ 	if (!bitset(MCIF_TLSACT, mci->mci_flags))
+ 		return EX_OK;
+-	r = endtls(mci->mci_ssl, "client");
++	r = endtls(&mci->mci_ssl, "client");
+ 	mci->mci_flags &= ~MCIF_TLSACT;
+ 	return r;
+ }
+diff -ru a/sendmail/macro.c b/sendmail/macro.c
+--- a/sendmail/macro.c	2016-02-29 06:01:55.000000000 -0800
++++ b/sendmail/macro.c	2016-02-29 06:02:06.000000000 -0800
+@@ -362,6 +362,33 @@
+ }
+ 
+ /*
++**  MACTABCLEAR -- clear entire macro table
++**
++**	Parameters:
++**		mac -- Macro table.
++**
++**	Returns:
++**		none.
++**
++**	Side Effects:
++**		clears entire mac structure including rpool pointer!
++*/
++
++void
++mactabclear(mac)
++	MACROS_T *mac;
++{
++	int i;
++
++	if (mac->mac_rpool == NULL)
++	{
++		for (i = 0; i < MAXMACROID; i++)
++	    		SM_FREE_CLR(mac->mac_table[i]);
++	}
++	memset((char *) mac, '\0', sizeof(*mac));
++}
++
++/*
+ **  MACDEFINE -- bind a macro name to a value
+ **
+ **	Set a macro to a value, with fancy storage management.
+diff -ru a/sendmail/mci.c b/sendmail/mci.c
+--- a/sendmail/mci.c	2016-02-29 06:01:55.000000000 -0800
++++ b/sendmail/mci.c	2016-02-29 06:02:06.000000000 -0800
+@@ -25,6 +25,7 @@
+ 						  int, bool));
+ static bool	mci_load_persistent __P((MCI *));
+ static void	mci_uncache __P((MCI **, bool));
++static void	mci_clear __P((MCI *));
+ static int	mci_lock_host_statfile __P((MCI *));
+ static int	mci_read_persistent __P((SM_FILE_T *, MCI *));
+ 
+@@ -253,6 +254,7 @@
+ 	SM_FREE_CLR(mci->mci_status);
+ 	SM_FREE_CLR(mci->mci_rstatus);
+ 	SM_FREE_CLR(mci->mci_heloname);
++ 	mci_clear(mci);
+ 	if (mci->mci_rpool != NULL)
+ 	{
+ 		sm_rpool_free(mci->mci_rpool);
+@@ -315,6 +317,41 @@
+ }
+ 
+ /*
++**  MCI_CLEAR -- clear mci
++**
++**	Parameters:
++**		mci -- the connection to clear.
++**
++**	Returns:
++**		none.
++*/
++
++static void
++mci_clear(mci)
++	MCI *mci;
++{
++	if (mci == NULL)
++		return;
++
++	mci->mci_maxsize = 0;
++	mci->mci_min_by = 0;
++	mci->mci_deliveries = 0;
++#if SASL
++	if (bitset(MCIF_AUTHACT, mci->mci_flags))
++		sasl_dispose(&mci->mci_conn);
++#endif
++#if STARTTLS
++	if (bitset(MCIF_TLSACT, mci->mci_flags) && mci->mci_ssl != NULL)
++		SM_SSL_FREE(mci->mci_ssl);
++#endif
++
++	/* which flags to preserve? */
++	mci->mci_flags &= MCIF_CACHED;
++	mactabclear(&mci->mci_macro);
++}
++
++
++/*
+ **  MCI_GET -- get information about a particular host
+ **
+ **	Parameters:
+@@ -419,6 +456,7 @@
+ 			mci->mci_errno = 0;
+ 			mci->mci_exitstat = EX_OK;
+ 		}
++	 	mci_clear(mci);
+ 	}
+ 
+ 	return mci;
+diff -ru a/sendmail/sendmail.h b/sendmail/sendmail.h
+--- a/sendmail/sendmail.h	2016-02-29 06:01:55.000000000 -0800
++++ b/sendmail/sendmail.h	2016-02-29 06:02:06.000000000 -0800
+@@ -1186,6 +1186,7 @@
+ #define macid(name)  macid_parse(name, NULL)
+ extern char	*macname __P((int));
+ extern char	*macvalue __P((int, ENVELOPE *));
++extern void	mactabclear __P((MACROS_T *));
+ extern int	rscheck __P((char *, char *, char *, ENVELOPE *, int, int, char *, char *, ADDRESS *, char **));
+ extern int	rscap __P((char *, char *, char *, ENVELOPE *, char ***, char *, int));
+ extern void	setclass __P((int, char *));
+@@ -2002,7 +2003,15 @@
+ extern void	setclttls __P((bool));
+ extern bool	initsrvtls __P((bool));
+ extern int	tls_get_info __P((SSL *, bool, char *, MACROS_T *, bool));
+-extern int	endtls __P((SSL *, char *));
++#define SM_SSL_FREE(ssl)			\
++	do {					\
++		if (ssl != NULL)		\
++		{				\
++			SSL_free(ssl);		\
++			ssl = NULL;		\
++		}				\
++	} while (0)
++extern int	endtls __P((SSL **, char *));
+ extern void	tlslogerr __P((int, const char *));
+ 
+ 
+diff -ru a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c
+--- a/sendmail/srvrsmtp.c	2016-02-29 06:01:55.000000000 -0800
++++ b/sendmail/srvrsmtp.c	2016-02-29 06:02:06.000000000 -0800
+@@ -2122,8 +2122,7 @@
+ 			if (get_tls_se_options(e, srv_ssl, true) != 0)
+ 			{
+ 				message("454 4.3.3 TLS not available: error setting options");
+-				SSL_free(srv_ssl);
+-				srv_ssl = NULL;
++				SM_SSL_FREE(srv_ssl);
+ 				goto tls_done;
+ 			}
+ 
+@@ -2145,8 +2144,7 @@
+ 			    SSL_set_wfd(srv_ssl, wfd) <= 0)
+ 			{
+ 				message("454 4.3.3 TLS not available: error set fd");
+-				SSL_free(srv_ssl);
+-				srv_ssl = NULL;
++				SM_SSL_FREE(srv_ssl);
+ 				goto tls_done;
+ 			}
+ 			if (!smtps)
+@@ -2188,8 +2186,7 @@
+ 						tlslogerr(LOG_WARNING, "server");
+ 				}
+ 				tls_ok_srv = false;
+-				SSL_free(srv_ssl);
+-				srv_ssl = NULL;
++				SM_SSL_FREE(srv_ssl);
+ 
+ 				/*
+ 				**  according to the next draft of
+@@ -3416,7 +3413,7 @@
+ 			/* shutdown TLS connection */
+ 			if (tls_active)
+ 			{
+-				(void) endtls(srv_ssl, "server");
++				(void) endtls(&srv_ssl, "server");
+ 				tls_active = false;
+ 			}
+ #endif /* STARTTLS */
+diff -ru a/sendmail/tls.c b/sendmail/tls.c
+--- a/sendmail/tls.c	2016-02-29 06:01:55.000000000 -0800
++++ b/sendmail/tls.c	2016-02-29 06:02:06.000000000 -0800
+@@ -1624,7 +1624,7 @@
+ **  ENDTLS -- shutdown secure connection
+ **
+ **	Parameters:
+-**		ssl -- SSL connection information.
++**		pssl -- pointer to TLS session context
+ **		side -- server/client (for logging).
+ **
+ **	Returns:
+@@ -1632,12 +1632,16 @@
+ */
+ 
+ int
+-endtls(ssl, side)
+-	SSL *ssl;
++endtls(pssl, side)
++	SSL **pssl;
+ 	char *side;
+ {
+ 	int ret = EX_OK;
++	SSL *ssl;
+ 
++	SM_REQUIRE(pssl != NULL);
++ 	ret = EX_OK;
++	ssl = *pssl;
+ 	if (ssl != NULL)
+ 	{
+ 		int r;
+@@ -1703,8 +1707,7 @@
+ 			ret = EX_SOFTWARE;
+ 		}
+ # endif /* !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER > 0x0090602fL */
+-		SSL_free(ssl);
+-		ssl = NULL;
++		SM_SSL_FREE(*pssl);
+ 	}
+ 	return ret;
+ }

SOURCES/sendmail-8.15.2-switchfile.patch

@@ -0,0 +1,13 @@
+diff --git a/sendmail/conf.c b/sendmail/conf.c
+index c73334e..cbb9c76 100644
+--- a/sendmail/conf.c
++++ b/sendmail/conf.c
+@@ -986,7 +986,7 @@ switch_map_find(service, maptype, mapreturn)
+ 				if (p != NULL)
+ 					*p = '\0';
+ #ifndef SM_NSSWITCH_DELIMS
+-# define SM_NSSWITCH_DELIMS	" \t"
++# define SM_NSSWITCH_DELIMS	" \t:"
+ #endif /* SM_NSSWITCH_DELIMS */
+ 				p = strpbrk(buf, SM_NSSWITCH_DELIMS);
+ 				if (p != NULL)

SOURCES/sendmail-etc-mail-access

@@ -0,0 +1,12 @@
+# Check the /usr/share/doc/sendmail/README.cf file for a description
+# of the format of this file. (search for access_db in that file)
+# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
+# package.
+#
+# If you want to use AuthInfo with "M:PLAIN LOGIN", make sure to have the 
+# cyrus-sasl-plain package installed.
+#
+# By default we allow relaying from localhost...
+Connect:localhost.localdomain		RELAY
+Connect:localhost			RELAY
+Connect:127.0.0.1			RELAY

SOURCES/sendmail-etc-mail-domaintable

@@ -0,0 +1,4 @@
+# The "domain table" can be used to provide domain name mapping.
+# Use of this should really be limited to your own domains.
+# It may be useful if you change names (e.g., your company
+# changes names from oldname.com to newname.com)

SOURCES/sendmail-etc-mail-local-host-names

@@ -0,0 +1 @@
+# local-host-names - include all aliases for your machine here.

SOURCES/sendmail-etc-mail-mailertable

@@ -0,0 +1,30 @@
+# The "mailer table" can be used to override routing for particular domains
+# (which are not in class {w}, i.e. local host names).
+#
+# hash /etc/mail/mailertable
+#
+# Keys in this database are fully qualified domain names or partial domains
+# preceded by a dot -- for example, "vangogh.CS.Berkeley.EDU" or
+# ".CS.Berkeley.EDU". As a special case of the latter, "." matches any domain
+# not covered by other keys. Values must be of the form:
+#
+# mailer:domain
+#
+# where "mailer" is the internal mailer name, and "domain" is where to send
+# the message. These maps are not reflected into the message header. As a
+# special case, the forms:
+#
+# local:user
+#
+# will forward to the indicated user using the local mailer,
+#
+# local:
+#
+# will forward to the original user in the e-mail address using the local
+# mailer, and
+#
+# error:code message
+# error:D.S.N:code message
+#
+# will give an error message with the indicated SMTP reply code and message,
+# where D.S.N is an RFC 1893 compliant error code. 

SOURCES/sendmail-etc-mail-trusted-users

@@ -0,0 +1,2 @@
+# trusted-users - users that can send mail as others without a warning
+# apache, mailman, majordomo, uucp, are good candidates

SOURCES/sendmail-etc-mail-virtusertable

@@ -0,0 +1,41 @@
+# A domain-specific form of aliasing, allowing multiple virtual domains to be
+# hosted on one machine.
+#
+# info@foo.com	foo-info
+# info@bar.com	bar-info
+# joe@bar.com	error:nouser 550 No such user here
+# jax@bar.com	error:5.7.0:550 Address invalid
+# @baz.org	jane@example.net
+#
+# then mail addressed to info@foo.com will be sent to the address foo-info,
+# mail addressed to info@bar.com will be delivered to bar-info, and mail
+# addressed to anyone at baz.org  will be sent to jane@example.net, mail to
+# joe@bar.com will be rejected with the specified error message, and mail to
+# jax@bar.com will also have a RFC 1893  compliant error code 5.7.0.
+#
+# The username from the original address is passed as %1 allowing:
+#
+# @foo.org	%1@example.com
+#
+# Additionally, if the local part consists of "user+detail" then "detail" is
+# passed as %2 and "+detail" is passed as %3  when a match against user+* is
+# attempted, so entries like
+#
+# old+*@foo.org	new+%2@example.com
+# gen+*@foo.org	%2@example.com
+# +*@foo.org	%1%3@example.com
+# X++@foo.org	Z%3@example.com
+# @bar.org	%1%3
+#
+# Note: to preserve "+detail" for a default case (@domain) %1%3 must be used
+# as RHS. There are two wildcards after "+": "+" matches only a non-empty
+# detail, "*" matches also empty details, e.g., user+@foo.org  matches#
+# +*@foo.org but not ++@foo.org. This can be used to ensure that the
+# parameters %2 and %3 are not empty.
+#
+# All the host names on the left hand side (foo.com, bar.com, and baz.org)
+# must be in class {w} or class {VirtHost}. The latter can be defined by the
+# macros VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE (analogously to
+# MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE). If VIRTUSER_DOMAIN or
+# VIRTUSER_DOMAIN_FILE is used, then the entries of class {VirtHost} are
+# added to class {R}, i.e., relaying is allowed to (and from) those domains.

SOURCES/sendmail-redhat.mc

@@ -0,0 +1,181 @@
+divert(-1)dnl
+dnl #
+dnl # This is the sendmail macro config file for m4. If you make changes to
+dnl # /etc/mail/sendmail.mc, you will need to regenerate the
+dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
+dnl # installed and then performing a
+dnl #
+dnl #     /etc/mail/make
+dnl #
+include(`@@PATH@@/m4/cf.m4')dnl
+VERSIONID(`setup for linux')dnl
+OSTYPE(`linux')dnl
+dnl #
+dnl # Do not advertize sendmail version.
+dnl #
+dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl
+dnl #
+dnl # default logging level is 9, you might want to set it higher to
+dnl # debug the configuration
+dnl #
+dnl define(`confLOG_LEVEL', `9')dnl
+dnl #
+dnl # Uncomment and edit the following line if your outgoing mail needs to
+dnl # be sent out through an external mail server:
+dnl #
+dnl define(`SMART_HOST', `smtp.your.provider')dnl
+dnl #
+define(`confDEF_USER_ID', ``8:12'')dnl
+dnl define(`confAUTO_REBUILD')dnl
+define(`confTO_CONNECT', `1m')dnl
+define(`confTRY_NULL_MX_LIST', `True')dnl
+define(`confDONT_PROBE_INTERFACES', `True')dnl
+define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
+define(`ALIAS_FILE', `/etc/aliases')dnl
+define(`STATUS_FILE', `/var/log/mail/statistics')dnl
+define(`UUCP_MAILER_MAX', `2000000')dnl
+define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
+define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
+define(`confAUTH_OPTIONS', `A')dnl
+dnl #
+dnl # The following allows relaying if the user authenticates, and disallows
+dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
+dnl #
+dnl define(`confAUTH_OPTIONS', `A p')dnl
+dnl #
+dnl # which realm to use in SASL database (sasldb2)
+dnl #
+define(`confAUTH_REALM', `mail')dnl
+dnl # 
+dnl # PLAIN is the preferred plaintext authentication method and used by
+dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
+dnl # use LOGIN. Other mechanisms should be used if the connection is not
+dnl # guaranteed secure.
+dnl # Please remember that saslauthd needs to be running for AUTH. 
+dnl #
+dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
+dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
+dnl #
+dnl # Basic sendmail TLS configuration with self-signed certificate for
+dnl # inbound SMTP (and also opportunistic TLS for outbound SMTP).
+dnl #
+define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
+define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
+define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
+define(`confSERVER_KEY', `/etc/pki/tls/private/sendmail.key')dnl
+define(`confTLS_SRV_OPTIONS', `V')dnl
+dnl #
+dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
+dnl # slapd, which requires the file to be readble by group ldap
+dnl #
+dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl
+dnl #
+dnl define(`confTO_QUEUEWARN', `4h')dnl
+dnl define(`confTO_QUEUERETURN', `5d')dnl
+dnl define(`confQUEUE_LA', `12')dnl
+dnl define(`confREFUSE_LA', `18')dnl
+define(`confTO_IDENT', `0')dnl
+dnl # If you're operating in a DSCP/RFC-4594 environment with QoS
+dnl define(`confINET_QOS', `AF11')dnl
+dnl FEATURE(delay_checks)dnl
+FEATURE(`no_default_msa', `dnl')dnl
+FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
+FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
+FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
+FEATURE(redirect)dnl
+FEATURE(always_add_domain)dnl
+FEATURE(use_cw_file)dnl
+FEATURE(use_ct_file)dnl
+dnl #
+dnl # The following limits the number of processes sendmail can fork to accept 
+dnl # incoming messages or process its message queues to 20.) sendmail refuses 
+dnl # to accept connections once it has reached its quota of child processes.
+dnl #
+dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl
+dnl #
+dnl # Limits the number of new connections per second. This caps the overhead 
+dnl # incurred due to forking new sendmail processes. May be useful against 
+dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address 
+dnl # limit would be useful but is not available as an option at this writing.)
+dnl #
+dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl
+dnl #
+dnl # The -t option will retry delivery if e.g. the user runs over his quota.
+dnl #
+FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
+FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
+FEATURE(`blacklist_recipients')dnl
+EXPOSED_USER(`root')dnl
+dnl #
+dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment
+dnl # the following 2 definitions and activate below in the MAILER section the
+dnl # cyrusv2 mailer.
+dnl #
+dnl define(`confLOCAL_MAILER', `cyrusv2')dnl
+dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
+dnl #
+dnl # The following causes sendmail to only listen on the IPv4 loopback address
+dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
+dnl # address restriction to accept email from the internet or intranet.
+dnl #
+DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
+dnl #
+dnl # The following causes sendmail to additionally listen to port 587 for
+dnl # mail from MUAs that authenticate. Roaming users who can't reach their
+dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
+dnl # this useful.
+dnl #
+dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
+dnl #
+dnl # The following causes sendmail to additionally listen to port 465, but
+dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
+dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
+dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
+dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
+dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
+dnl #
+dnl # For this to work your OpenSSL certificates must be configured.
+dnl #
+dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
+dnl #
+dnl # The following causes sendmail to additionally listen on the IPv6 loopback
+dnl # device. Remove the loopback address restriction listen to the network.
+dnl #
+dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
+dnl #
+dnl # enable both ipv6 and ipv4 in sendmail:
+dnl #
+dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')
+dnl #
+dnl # We strongly recommend not accepting unresolvable domains if you want to
+dnl # protect yourself from spam. However, the laptop and users on computers
+dnl # that do not have 24x7 DNS do need this.
+dnl #
+FEATURE(`accept_unresolvable_domains')dnl
+dnl #
+dnl FEATURE(`relay_based_on_MX')dnl
+dnl # 
+dnl # Also accept email sent to "localhost.localdomain" as local email.
+dnl # 
+LOCAL_DOMAIN(`localhost.localdomain')dnl
+dnl #
+dnl # The following example makes mail from this host and any additional
+dnl # specified domains appear to be sent from mydomain.com
+dnl #
+dnl MASQUERADE_AS(`mydomain.com')dnl
+dnl #
+dnl # masquerade not just the headers, but the envelope as well
+dnl #
+dnl FEATURE(masquerade_envelope)dnl
+dnl #
+dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
+dnl #
+dnl FEATURE(masquerade_entire_domain)dnl
+dnl #
+dnl MASQUERADE_DOMAIN(localhost)dnl
+dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
+dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
+dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
+MAILER(smtp)dnl
+MAILER(procmail)dnl
+dnl MAILER(cyrusv2)dnl

SOURCES/sendmail.etc-mail-Makefile

@@ -0,0 +1,8 @@
+# Pass everything to the make script
+
+all:
+%: force
+	@./make $@
+force:;
+
+$(MAKEFILE_LIST):;

SOURCES/sendmail.etc-mail-make

@@ -0,0 +1,129 @@
+#!/bin/sh
+# Generate db and cf files if necessary. This used to be handled by
+# /etc/mail/Makefile.
+
+teste() {
+  if ! test -e "$1"; then
+    echo "$1 doesn't exist"
+    exit 2
+  fi
+}
+
+makedb() {
+  teste "${1%.db}"
+
+  if [ -z "$SM_FORCE_DBREBUILD" ]; then
+    test "${1%.db}" -nt "$1" || return 0
+  fi
+
+  if [ "$1" = userdb.db ]; then
+    makemap btree "$1" < "${1%.db}"
+  else
+    makemap hash "$1" < "${1%.db}"
+  fi
+}
+
+makealiasesdb() {
+  uptodate=1
+
+  if [ -z "$SM_FORCE_DBREBUILD" ]; then
+    files=$(grep '^O AliasFile=' sendmail.cf |
+      while read a; do echo ${a#*=}; done)
+
+    for a in $files; do
+      if [ "$a" = /etc/aliases ]; then
+        # /etc/aliases.db may be used by other MTA, make sure nothing
+        # has touched it since our last newaliases call
+        test "$a" -nt "${a}.db" ||
+          test aliasesdb-stamp -nt "${a}.db" ||
+          test aliasesdb-stamp -ot "${a}.db" || continue
+      else
+        test "$a" -nt "${a}.db" || continue
+      fi
+
+      uptodate=0
+      break
+    done
+  else
+    uptodate=0
+  fi
+
+  [ $uptodate = 1 ] && return 0
+
+  # check if alternatives is configured to sendmail
+  if [ "$(readlink -e /usr/bin/newaliases)" = /usr/sbin/sendmail.sendmail ]
+  then
+    /usr/bin/newaliases > /dev/null
+    touch -r /etc/aliases.db aliasesdb-stamp 2> /dev/null
+  else
+    rm -f aliasesdb-stamp
+  fi
+}
+
+makecf() {
+  mc=${1%.cf}.mc
+
+  teste "$mc"
+
+  if [ -z "$SM_FORCE_CFREBUILD" ]; then
+    test "$mc" -nt "$1" || return 0
+  fi
+
+  if test -f /usr/share/sendmail-cf/m4/cf.m4; then
+    umask 022
+    [ -e "$1" ] && mv -f "$1" "$1".bak
+    m4 "$mc" > "$1"
+  else
+    echo "WARNING: '$mc' is modified. Please install package sendmail-cf to update your configuration."
+    exit 15
+  fi
+}
+
+makeall() {
+  # These could be used by sendmail, but are not part of the default install.
+  # To use them you will have to generate your own sendmail.cf with
+  # FEATURE('whatever')
+  test -f bitdomain && makedb bitdomain.db
+  test -f uudomain && makedb uudomain.db
+  test -f genericstable && makedb genericstable.db
+  test -f userdb && makedb userdb.db
+  test -f authinfo && makedb authinfo.db
+
+  makedb virtusertable.db
+  makedb access.db
+  makedb domaintable.db
+  makedb mailertable.db
+
+  makecf sendmail.cf
+  makecf submit.cf
+}
+
+cd /etc/mail || exit 1
+
+[ $# -eq 0 ] && makeall
+
+for target; do
+  case "$target" in
+    *.db)
+      makedb "$target"
+      ;;
+    *.cf)
+      makecf "$target"
+      ;;
+    all)
+      makeall
+      ;;
+    aliases)
+      makealiasesdb
+      ;;
+    clean)
+      rm -f *.db *~ aliasesdb-stamp
+      ;;
+    start|stop|restart)
+      service sendmail "$target"
+      ;;
+    *)
+      echo "Don't know how to make $target"
+      exit 2
+  esac
+done

SOURCES/sendmail.nm-dispatcher

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+case "$2" in
+	up|down|vpn-up|vpn-down)
+		/bin/systemctl --no-block try-restart sendmail.service || :
+		;;
+esac

SOURCES/sendmail.pam

@@ -0,0 +1,3 @@
+#%PAM-1.0
+auth       include	password-auth
+account    include	password-auth

SOURCES/sendmail.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=Sendmail Mail Transport Agent
+After=syslog.target network.target
+Conflicts=postfix.service exim.service
+Wants=sm-client.service
+StartLimitIntervalSec=0
+
+[Service]
+Type=forking
+PIDFile=/run/sendmail.pid
+Environment=SENDMAIL_OPTS=-q1h
+EnvironmentFile=-/etc/sysconfig/sendmail
+ExecStartPre=-/etc/mail/make
+ExecStartPre=-/etc/mail/make aliases
+ExecStart=/usr/sbin/sendmail -bd $SENDMAIL_OPTS $SENDMAIL_OPTARG
+
+[Install]
+WantedBy=multi-user.target
+Also=sm-client.service

SOURCES/sendmail.sysconfig

@@ -0,0 +1 @@
+SENDMAIL_OPTS="-q1h"

SOURCES/sm-client.service

@@ -0,0 +1,20 @@
+[Unit]
+Description=Sendmail Mail Transport Client
+After=syslog.target network.target sendmail.service
+Conflicts=postfix.service exim.service
+BindTo=sendmail.service
+StartLimitIntervalSec=0
+
+[Service]
+Type=forking
+PIDFile=/run/sm-client.pid
+Environment=SENDMAIL_OPTS=-q1h
+EnvironmentFile=-/etc/sysconfig/sendmail
+ExecStartPre=/bin/touch /run/sm-client.pid
+ExecStartPre=/bin/chown smmsp:smmsp /run/sm-client.pid
+ExecStartPre=-/sbin/restorecon /run/sm-client.pid
+ExecStartPre=-/etc/mail/make
+ExecStart=/usr/sbin/sendmail -L sm-msp-queue -Ac $SENDMAIL_OPTS $SENDMAIL_OPTARG
+
+[Install]
+WantedBy=multi-user.target