Import of sendmail version 8.11.0 into vendor branch SENDMAIL with

release tag v8_11_0.

Obtained from: ftp://ftp.sendmail.org/pub/sendmail/

312 files changed, 52126 insertions, 19224 deletions

diff --git a/contrib/sendmail/Build b/contrib/sendmail/Build
new file mode 100755
index 0000000..44e74c5
--- /dev/null
+++ b/contrib/sendmail/Build
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+#	$Id: Build,v 8.3 1999/09/23 21:31:12 ca Exp $
+
+exec make OPTIONS="$*"
diff --git a/contrib/sendmail/FAQ b/contrib/sendmail/FAQ
index b4cb2e6..f8c2e84 100644
--- a/contrib/sendmail/FAQ
+++ b/contrib/sendmail/FAQ
@@ -4,3 +4,5 @@ available at http://www.sendmail.org/faq/ .
 A plain-text version of the questions only, with URLs referring to
 the answers, is posted to comp.mail.sendmail on the 10th and 25th
 of each month.
+
+$Revision: 8.24 $, Last updated $Date: 1999/02/07 03:21:03 $
diff --git a/contrib/sendmail/INSTALL b/contrib/sendmail/INSTALL
new file mode 100644
index 0000000..90c919a
--- /dev/null
+++ b/contrib/sendmail/INSTALL
@@ -0,0 +1,33 @@
+
+			Installing sendmail
+
+Note: as of sendmail 8.9, a new build architecture is in place that allows
+you to use the "Build" shell script in any of the program directories.
+On many environments this will do everything for you, no fuss, no muss.
+
+1. Read all the README files noted in the INTRODUCTION section of the README
+   file in this top-level directory.
+
+2. Create any necessary site configuration build files, as noted in
+   devtools/Site/README.
+
+3. In the sendmail/ directory, run "sh Build" (see sendmail/README for
+   details).
+
+4. Change to the cf/cf/ directory (that's not a typo): Copy whichever .mc
+   file best matches your environment to config.mc, where config can be any
+   name.  Next, tailor it as explained in cf/README.  Then run
+   "sh Build config.cf".
+
+5. Back up your current /etc/mail/sendmail.cf and the sendmail binary (whose
+   location varies from operating system to operating system, but is usually
+   in /usr/sbin or /usr/lib).
+
+6. Install config.cf as /etc/mail/sendmail.cf and install the sendmail binary
+   built in step 3 by cd-ing back to sendmail/ and running "sh Build install".
+
+7. For each of the associated sendmail utilities (makemap, mailstats, etc.),
+   read the README in the utility's directory.  When you are ready to install
+   it, back up your installed version and type "sh Build install".
+
+$Revision: 8.3.16.1 $, Last updated $Date: 2000/05/09 20:20:44 $
diff --git a/contrib/sendmail/KNOWNBUGS b/contrib/sendmail/KNOWNBUGS
index 85409a0..05d0ea1 100644
--- a/contrib/sendmail/KNOWNBUGS
+++ b/contrib/sendmail/KNOWNBUGS
@@ -1,12 +1,12 @@
 
 
 	     K N O W N   B U G S   I N   S E N D M A I L
-			     (for 8.9.0)
+			     (for 8.9.3)
 
 
 The following are bugs or deficiencies in sendmail that I am aware of
 but which have not been fixed in the current release.  You probably
-want to get the most up to date version of this from ftp.sendmail.org	
+want to get the most up to date version of this from ftp.sendmail.org
 in /pub/sendmail/KNOWNBUGS.  For descriptions of bugs that have been
 fixed, see the file RELEASE_NOTES (in the root directory of the sendmail
 distribution).
@@ -35,11 +35,6 @@ This list is not guaranteed to be complete.
   This macro will probably be removed entirely in a future release;
   I don't believe there are any mailers left that require it.
 
-* If you EXPN a list or user that has a program mailer, the output of
-  EXPN will include ``@local.host.name''.  You can't actually mail to
-  this address.  It's not clear what the right behavior is in this
-  circumstance.
-
 * \231 considered harmful.
 
   Header addresses that have the \231 character (and possibly others
@@ -134,10 +129,10 @@ This list is not guaranteed to be complete.
 
 * MIME encoded full name phrases in the From: header
 
-  If a full name phrase includes characters from MustQuoteChars, sendmail  
-  will quote the entire full name phrase. If MustQuoteChars includes  
-  characters which are not special characters according to STD 11 (RFC  
-  822), this quotation can interfere with MIME encoded full name phrases. 
+  If a full name phrase includes characters from MustQuoteChars, sendmail
+  will quote the entire full name phrase. If MustQuoteChars includes
+  characters which are not special characters according to STD 11 (RFC
+  822), this quotation can interfere with MIME encoded full name phrases.
   By default, sendmail includes the single quote character (') in
   MustQuoteChars even though it is not listed as a special character in
   STD 11.
@@ -157,7 +152,7 @@ This list is not guaranteed to be complete.
   In the case where the sender is using su to act as root, the file
   safety checks prevent sendmail from saving the dead.letter file
   because the sender's uid and the current real uid do not match.
-  
+
 * Berkeley DB 2.X race condition with fcntl() locking
 
   There is a race condition for Berkeley DB 2.X databases on
@@ -173,6 +168,9 @@ This list is not guaranteed to be complete.
   you can use makemap to build a map with a new name and then
   "mv" the new db file to replace the old one.
 
+  Sleepycat Software has added code to avoid this race condition to
+  Berkeley DB versions after 2.7.5.
+
 * File open timeouts not available on hard mounted NFS file systems
 
   Since SIGALRM does not interrupt an RPC call for hard mounted
@@ -182,4 +180,22 @@ This list is not guaranteed to be complete.
   local mail delivery and NFS hard mounted home directories should be
   avoided, as attempts to open the forward files could hang.
 
-(Version 8.36, last updated 2/4/1999)
+* Race condition for delivery to setuid files
+
+  Sendmail will deliver to a fail if the file is owned by the DefaultUser
+  or has the setuid bit set.  Unfortunately, some systems clear that bit
+  when a file is modified.  Sendmail compensates by resetting the file mode 
+  back to it's original settings.  Unfortunately, there's still a
+  permission failure race as sendmail checks the permissions before locking 
+  the file.  This is unavoidable as sendmail must verify the file is safe
+  to open before opening it.  A file can not be locked until it is open.
+
+* Potential denial of service attack with AutoRebuildAliases
+
+  There is a potential for a denial of service attack if the
+  AutoRebuildAliases option is set as a user can kill the sendmail process
+  while it is rebuilding the aliases file leaving it in an inconsistent
+  state.  This option and it's use is deprecated and will be removed from a
+  future version of sendmail.
+
+$Revision: 8.43 $, Last updated $Date: 1999/11/17 18:56:09 $
diff --git a/contrib/sendmail/LICENSE b/contrib/sendmail/LICENSE
index d0ff63a..f707865 100644
--- a/contrib/sendmail/LICENSE
+++ b/contrib/sendmail/LICENSE
@@ -1,8 +1,8 @@
 			     SENDMAIL LICENSE
 
 The following license terms and conditions apply, unless a different
-license is obtained from Sendmail, Inc., 1401 Park Avenue, Emeryville, CA
-94608, or by electronic mail at license@sendmail.com.
+license is obtained from Sendmail, Inc., 6425 Christie Ave, Fourth Floor,
+Emeryville, CA 94608, or by electronic mail at license@sendmail.com.
 
 License Terms:
 
@@ -21,13 +21,8 @@ each of the following conditions is met:
        years at the cost of materials and delivery.  Such redistributions
        must allow further use, modification, and redistribution of the Source
        Code under substantially the same terms as this license.  For the
-       purposes of redistribution "Source Code" means the complete source
-       code of sendmail including all modifications.
-
-   Other forms of redistribution are allowed only under a separate royalty-
-   free agreement permitting such redistribution subject to standard
-   commercial terms and conditions.  A copy of such agreement may be
-   obtained from Sendmail, Inc. at the above address.
+       purposes of redistribution "Source Code" means the complete compilable
+       and linkable source code of sendmail including all modifications.
 
 2. Redistributions of source code must retain the copyright notices as they
    appear in each source code file, these license terms, and the
@@ -38,7 +33,7 @@ each of the following conditions is met:
    forth as paragraph 6 below, in the documentation and/or other materials
    provided with the distribution.  For the purposes of binary distribution
    the "Copyright Notice" refers to the following language:
-   "Copyright (c) 1998 Sendmail, Inc.  All rights reserved."
+   "Copyright (c) 1998-2000 Sendmail, Inc.  All rights reserved."
 
 4. Neither the name of Sendmail, Inc. nor the University of California nor
    the names of their contributors may be used to endorse or promote
@@ -64,12 +59,7 @@ each of the following conditions is met:
             disclaimer in the documentation and/or other materials provided
             with the distribution.
 
-      (iii) All advertising materials mentioning features or use of this
-            software must display the following acknowledgement:  "This
-            product includes software developed by the University of
-            California, Berkeley and its contributors."
-
-      (iv)  Neither the name of the University nor the names of its
+      (iii) Neither the name of the University nor the names of its
             contributors may be used to endorse or promote products derived
             from this software without specific prior written permission.
 
@@ -86,4 +76,4 @@ each of the following conditions is met:
    (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
    THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
 
-(Version 8.6, last updated 6/24/1998)
+$Revision: 8.9 $, Last updated $Date: 2000/03/03 19:24:11 $
diff --git a/contrib/sendmail/Makefile b/contrib/sendmail/Makefile
index 98ad6e5..547e46d 100644
--- a/contrib/sendmail/Makefile
+++ b/contrib/sendmail/Makefile
@@ -1,25 +1,40 @@
-#       @(#)Makefile.dist	8.2 (Berkeley) 2/17/1998
+#       $Id: Makefile.dist,v 8.9 1999/09/27 21:39:11 gshapiro Exp $
 
 SHELL= /bin/sh
-SUBDIRS= src mail.local mailstats makemap praliases rmail smrsh
+SUBDIRS= libsmutil libsmdb sendmail mail.local mailstats makemap \
+	 praliases rmail smrsh vacation
 BUILD=   ./Build
 OPTIONS= $(CONFIG) $(FLAGS)
 
-all clean install:: FRC
+all: FRC
+	@for x in $(SUBDIRS); \
+	do \
+		(cd $$x; echo Making $@ in:; pwd; \
+		$(SHELL) $(BUILD) $(OPTIONS)); \
+	done
+
+clean: FRC
+	@for x in $(SUBDIRS); \
+	do \
+		(cd $$x; echo Making $@ in:; pwd; \
+		$(SHELL) $(BUILD) $(OPTIONS) $@); \
+	done
+
+install: FRC
 	@for x in $(SUBDIRS); \
 	do \
 		(cd $$x; echo Making $@ in:; pwd; \
 		$(SHELL) $(BUILD) $(OPTIONS) $@); \
 	done
 
-fresh:: FRC
+fresh: FRC
 	@for x in $(SUBDIRS); \
 	do \
 		(cd $$x; echo Making $@ in:; pwd; \
 		$(SHELL) $(BUILD) $(OPTIONS) -c); \
 	done
 
-$(SUBDIRS):: FRC
+$(SUBDIRS): FRC
 	@cd $@; pwd; \
 	$(SHELL) $(BUILD) $(OPTIONS)
 
diff --git a/contrib/sendmail/PGPKEYS b/contrib/sendmail/PGPKEYS
new file mode 100644
index 0000000..c0db3d7
--- /dev/null
+++ b/contrib/sendmail/PGPKEYS
@@ -0,0 +1,392 @@
+This file contains the PGP keys used to sign the various versions of
+sendmail.  You can add them to your PGP keyring using:
+
+PGP 2.X:   pgp -ka PGPKEYS
+PGP 5.X:   pgpk -a PGPKEYS
+
+Other versions of PGP may require you to separate each key into a
+separate file and add them one at a time.
+
+Type Bits KeyID      Created    Expires    Algorithm       Use
+pub  1024 0x16F4CCE9 1999-06-23 ---------- RSA             Sign & Encrypt
+f16    Fingerprint16 = 18 A4 51 78 CA 72 D4 A7  ED 80 BA 8A C4 98 71 1D
+uid  Sendmail Security <sendmail-security@sendmail.org>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: PGPfreeware 5.0 for non-commercial use
+
+mQCNAzdxaGsAAAEEALq7JPrdyXCm3DdJEKR9miP8/B9vrferOBoNimPFceDEqCpm
+0RiJtnGhUJwt/HZZhiGDWPYTIa7VajfxiEzJ7LZH+/uXgQFVN27fPwoNKCI+7sr3
+FnRs3Xapojn3d3LZSHagTh+VTuG5LxbP/m//sj2Rw1MMPw1b7sApykAW9MzpAAUR
+tDJTZW5kbWFpbCBTZWN1cml0eSA8c2VuZG1haWwtc2VjdXJpdHlAc2VuZG1haWwu
+b3JnPokAlQMFEDdxaGvAKcpAFvTM6QEB1bsD/jj+vTodXqoJphCrBLwFmwymopZp
+/HHu8o8FURlL6jQ6ihCruCw6PxNMzSdgmnOgyXxyRZIVO1pUyWf/RnS/r09tPLlq
+nZxdAPquhB2pkawvFp+Y///lb92SgfbS3/dtSDDAJ8FO+CDUKS5dKuZ6vSDU6ezH
+BDYjhd6pPYVd5hz3iQCVAwUQN3Fv9XxLZ22gDhVjAQH4BQQAuCNG977A4v0xjQi8
+AJsJmlS5mKMqn/Lw+sl1h4yQwF2vzNDdxhNWjZVziK3lUIUPh86u8m5CSdN2BB1Y
+1RawLvyfpl4b9KtyXxF4fh2BYmygJ4iG+WxhpaT5RS0eFvsSefO7/w13bx5U0Z7A
+YfHMt7+CKHm7bAx3l17g3I9aCMCJAJUDBRA3cXDdzx61AyIyegEBAeZmA/4zCJxF
+aathJ0soRJOcyRDzHKbAqlShF+Mx0tzcwbE3hAZrIqJ3TRK2MbrsBNnkFHPuPF0e
+eKr7TQsXOa+ig57wlHsCOc/fd9jLITjSYKxrQuZz3CrNefPKvv6v6Ctc6TT4GwhC
+zHglLC9Bfy9zgbv2wHswRvQBmRlCaERH3HLb1okAlQMFEDd41z8j5GLUv3ukIQEB
+9WcD/iFFF2kfSTyD+IfcLl4WCaYSeD/q/fAplpOOZWnC9PB1x3YrMHn/H8zd3S5B
+05D8+MR/QL8n8/5P+pyHa4VNRbeX8g8E34ocZf48y6FeqGi8qmcTBJDgqUTO5yMu
+t+b57G2pAIzasGcoZDqC3aJnFKwPjGRxnUFJaxlogrbUYCNOiQCVAwUQN3jwKW9S
+k9ijm6ZVAQEtugP/ewRrMCdhCbWsSUOrYn1a/pfN2KiJbhs0YyOyWbU6RvJiSFY1
+0BNAxYTbymHDOn2UhUhCrUpqatmgCuxmUsoH2Y4AAFC/94/oltwDUfnw6muqqn2K
+7AelRBbJ5wUs65pHu8kfzVB5wJh8eDacKFkK0lqgtRQCE0suhqCSFUfvtzuJAJUD
+BRA3fTCCXx7Ib4gMnlUBAWddA/oD0RKLIkLspmJC3ccmkncviMSv0rME4vY0NIfm
+IC0zsYITlU/E6H/CqVmU4Hmr5hmr5GUNNtrVZ0oLH1PUjobmZcTITJZbQSS2nY02
+N6JZT5BSAwQBfUfSMwURISRQBUOfi1kLqYk3f6UTee37/+Ig2kb388T6ClcXCv82
+FrZuwIkAPwMFEDd9MMTU3njYeCkb2BEC7QAAn2sVWl+Q9a+4a34v827M0O6HpMrL
+AJ9bLmUFO/+pyIRb3brK/v1RtERawIkAlQMFEDd9O7oA8tkJ67sbQQEBipcD/2rE
+vofXLeEeujkhI13qbDL5dEqPHY19eboF29xBCY1kR9Xqbu6G4Q8pgIHUDg/TRK+w
+RdBUjQlDspQEhrM3XEtZ+QJalfk2IoV1Z9uuQM8voYPINnpPe7Q/seibHirMdp4f
+J/xLPs3d5gApNtarxwdFOBY3YkHkkoqza1BxmB2YiQA/AwUQN32KFYMCoaE+3wLq
+EQK1IwCfR+jVCbESixyB0XR6zDsGf8n4GPoAoM3OjreUcSFSl/4kgaV8DbPNLTVn
+iQCVAwUQN32XGgD83u1ILnWNAQGa+AP+KUsOgU8tvJwSiulcU/pXS2gS1N6W54B5
+C3JKioPdgH6lKNO1cOoV6c1ZoG7SFlvsHm2DjRherLEwRhBWkmHlyjLpKW6mYXZ/
+MGLrf74UeTG4bKb0R4As8mLG0z2vqlPNtfyt+8SUoQ2JT0MFRc2FGQChxizenGZS
+B7T1MccjIM+JAHUDBRA3fa3dcslC2OpaI3kBAQhhAv9BkSO1zWkxiWc7uLQjO9lf
++YhF9f/SX7/6Od6hKo/YRubK8fcozKXlJ64CJ+iGSMrRIZGXKBIyXyRx5Qed14jK
+fGCYzqGv1IpMHIWJPLxJl5Xyi9jIna8yTc6FRWm8aYCJAD8DBRA3gbAczsKIjL9q
+TKERAhdDAJwKqcVkm9TBCmutXxwVTcffjINlBgCgrMqc6UOHlUtZps33xWZLgZh4
+awiJAJUDBRA3g9C+TCpm+b/C9j0BAaJMBACskZxjnZbvDgm0qdvESy5+jcluxTh5
+fUeHDpnkfOP0AUAe8Ykwt8syWOQZ+3Midez8JqTAu+uvNbUckuR5XL8nMYpN06og
+jg1TCgjLito6IptqYUZgWFvGDCdDgC+m8vw7pUbqh59mDTe0X5Q/x9Cu5JxfhxnX
+TNBQ+pI8lLAmsYkAlQMFEDeD0Jt3HZKuiXLHwQEBMZoD/2FaLFJ03tEAfNQhLmSg
+unWVakXz8udE+pY7IWi6LJGu5iwtIDJ/r0nCrJ6/aqzu9JLpGhfTnhPPCXlz4Nfh
+riRz12cv2Rlg+gI3Y0Fiju5eo5TWnu+qB36vQsv73xpfQ7oCmoVY2ZntQVBaf8dy
+FrAdFBf1y33xWo58zRsg2u2h
+=g1qL
+-----END PGP PUBLIC KEY BLOCK-----
+
+Type Bits KeyID      Created    Expires    Algorithm       Use
+pub  1024 0xA39BA655 1999-01-04 ---------- RSA             Sign & Encrypt
+f16    Fingerprint16 = 25 73 4C 8E 94 B1 E8 EA  EA 9B A4 D6 00 51 C3 71
+uid  Sendmail Signing Key/1999 <sendmail@Sendmail.ORG>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: 2.6.3a
+
+mQCNAzaRMIoAAAEEAMWVJpGkwKWD6GFDUHtV6AUDzwSAXiWc6UinY7EpCLwFdYu9
+Le06VwQt8H9Xtb/2jrXDV61Wu0IDJub6g7PZxWxU8WHVnMX4aBT5WOCBpwFRme3u
+idwCAbHuEJs12FQ3Tf+4CZ3R9uxlAovRaY6g3fJ7gtAc9HAjMW9Sk9ijm6ZVAAUR
+tDFTZW5kbWFpbCBTaWduaW5nIEtleS8xOTk5IDxzZW5kbWFpbEBTZW5kbWFpbC5P
+Ukc+iQCVAwUQNpEwi29Sk9ijm6ZVAQF3LQQAgpuD3UA69w5FjCAfY1iYBsaGJ31V
+1IyFQbo5fAnVo8PMQzioqbsn2U1y1rRkf//gt8T5oVo6Q3e5oWQF/vcruEP2WUSZ
+1BkV7zDWLsa6octYIEt4Rdr6gBxokzP0/Z7Ck0WOfSxEAGXbHZ6NpbcfNdIZAxhZ
+WPqcem3zEwoK/l2JAJUDBRA2kTK271iWZNQy4Z0BAQltA/9b1Xtp6Sqr8LtBAUax
+ziRYYmlIENgkYJGPrF5iB17d1M+aMyJ1IzdjKHaoa2+WpWYhzT7RalcxkrvXZEN7
+hTC5XqsmkGXeg2oiwJPCVTUoJY0goJKiMXI/zYcLGAxTnYr3rUevr+vOQyXPx6Ld
+AUCXcsD8LFQWR9iQTgTOBVSOhYkAlQMFEDaRMloj5GLUv3ukIQEBjh4D/RbqKENF
+51C6DrwE5IJrpIZ227mQwFzu3olcF3v0sOoHv9Iqw0iebEM8D9z2t6XiGNSgfmQy
+EUhQ2gTLfbkz9lSUjUaH+ziN10SXSd0x63n2xqrk9XaG8YCWJOcMe+N5Gh7UGniS
+UD9XQNBLoqnOL1FpScAC3F+KsH4kCKLQD1KJiQCVAwUQNpEwwXxLZ22gDhVjAQEC
+GAP8Cle48mxG5TcrAglAXs25YBLhHK21tnSWrd8j0PdID7+9AKongjZOKxyAnFkZ
+RNXDArmG+FVA0DAJatiFXikqpgyHAM/QKSCSjBEOru3Og+3qV/oFQjAVPfLQbFPb
+6i1TIWzvYTp9L4TlzqUM3OF51Mx07W1S+qCciozA/0GqFGiJAJUDBRA2kTthAPLZ
+Ceu7G0EBARPzBACbuAlTHMobN3Lw3YvsOUgwWHFLqKXLNTu59ozZUL4da/E+Aszj
+MgE8343pV9Nwm/aHGXRNiAEOftrb+DdU1jcaFgwsrWnXK9NmnpAYbMkoOb8Om1Nx
+E/5u0dIxypXO8ziyQIfkElsOVzhPzct9wZKh4qt2uLGcVWXeFnf23VRb4IkAlAMF
+EDaRU60Gfl7Yv7VlaQEB46QD+IGxaViR7rQv6r1sAZJzxC6vMpMK5tgk/47gC6jm
+8STb2DYvz/5KNYTkUDRB/85Uy8jY8jabkalWBNN6z/Cpod9ysSjSOKNBQ+6MMhXc
+qXWKakxZIa0rIVNEYaRTAbVU4J1aXRdh7BtC2nEqf3SQD3c9HDLA3p1W8g8ZyHwr
+QXqJAJUDBRA2kVJAXx7Ib4gMnlUBAX7IA/4mKF8EGahmbNXA8wcH4K2r6LzRLXsE
+f444U7hWQRW1fCxDJz4DOodUO3aENzzWjfxL8BtoosuDTJeKGXoa+5S9bCmtaksm
+86G20UuDx/vt1Ol+hZFW8q+bSS2bsAKLvXZVDnURtDu6nzdNR6Lt61ahsUDo4nLw
+iiKUZeMdE2S+H4kAdQMFEDaRV+is4VzBBNt7HQEBLbMC/2wuZQqaLrLUm5raynph
+rllKT+mQQSTedTACKjnpT4LE65YYGGFDrIMS151lQ1OVvu0DpGzmQ5b9kFNGp0GZ
+giXndPbvmwPpOn4ONmCo/zZFWryNQKuqPn2EN4rPhngjRokAPwMFEDaRbhPU3njY
+eCkb2BECLnMAn3t8IsH2yr+vd+1IWstXMCUwzBZnAKCtq5l+00/EYeH8PXhrhIIS
+9EquTokAdQMFEDaRvApyyULY6lojeQEBQa8DALEmw8SIvCjwo55yu9p26czt/ohn
+D1IdJPepf1H5X+QY99kUpsxb+Csnz5VSfNz7dSJxvhwsB0gJityk/YX8uOcEfvsK
+NsABSN/fcLCnzlwO0SNGDPJc4KHTFXHfVy4SgA==
+=f3oA
+-----END PGP PUBLIC KEY BLOCK-----
+
+Type Bits KeyID      Created    Expires    Algorithm       Use
+pub  1024 0xD432E19D 1998-03-14 ---------- RSA             Sign & Encrypt
+f16    Fingerprint16 = F9 32 40 A1 3B 3A B6 DE  B2 98 6A 70 AF 54 9D 26
+uid  Sendmail Signing Key/1998 <sendmail@Sendmail.ORG>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: PGP for Personal Privacy 5.0
+
+mQCNAzUKkdIAAAEEAKvdxY+iy7eLqxP5StbpZuxYNPWLye98bXA8oKwrEm1vy7Xq
+LBg3uNXjlMtwcNW/r+oFu5A++2R+1qC7w/0867C+52D2zkfGRH3hn9Lh6YaA5uIP
+LPbMGB3Tepbtj/lAtOJb7JKdybF7fkxkEUmwhuA5kAo1rKKWNu9YlmTUMuGdAAUT
+tDFTZW5kbWFpbCBTaWduaW5nIEtleS8xOTk4IDxzZW5kbWFpbEBTZW5kbWFpbC5P
+Ukc+iQCVAwUQNQqUqXxLZ22gDhVjAQHaYQQAiFITCRAEKhLlgjcFlehTDmVMFb92
+1jiclN6377xe+A2zEtq4p3R8IwwiVTGeBzs0Zmnrlo+fAdVFYBjIYCtwKVTwd72U
+v6kxX40CjNkx6q264hUjILOumQ2P85/Aqg7wmnK9vM85CkmhKwu7b1OHsY+EFAlo
+U9CWyVjwSQqzHnaJAJUDBRA1CpJ4I+Ri1L97pCEBAcRtA/0czuj3hK7YiVL3zZaV
+EUnqw30auexjm0D+LhPpsHN7OM3im3z4+/4Pv2O2CH7nZhAsgRN9N+qdf3fCVGHq
+Y/ULkdsxKNbPEjSEWI+dqUWj6EyMSewKvBo7Zvljii6tBsM48ohtkWTo4B1/SuJb
+FM5TgXu2PMTgWHsT2DFb82wb/YkAlQMFEDUKkmfBnB0lEtNGHQEBmCwEALZgc6V1
+mvRL/dqtGwdt38Uuw430cdM1Nk0FlkQsGXVWY49A1yrLAcuPQi8wzx4GS0LhtIeo
+vmrQ91DBaKxvxkboqM4orYf7PB5exSS9RQlTN2ezaf6IT9hVJHtXoYxU51Iny7hp
+r5t8L7od0gue9SNsLWjW9PZH1eKz83/g5VJZiQCVAwUQNQqSVu9YlmTUMuGdAQEv
+nwP9GvBao9wPX0r1aplZgkUItDwWGBbF8qQLgX5rM8b8IAxvHboIp8fbCkzhVxI7
+v0IdYc0u1hrY3YfCNNbELu09JEcvtsl3hhmXnalOxCEdjoMUiHSb5f04sTBNOhD6
+IWQqixDizoVzW5XljHBvgxWJhBus/dPJ6hdZPahioVd0oLiJAJUDBRA1CqZRAPLZ
+Ceu7G0EBAYlJBACumnB7zeAOpuj0y9h0Cgh0DleNWnqpHzTus4lbt3vw/cMpKmXt
+nGxMb4HE9rp6CHuuy3NumH9JHa9lwgb0T6bc0Zbc+LX1j0tKMC4BIsfEbFiOMSXU
+P+meyMUGY67VysVEeTqCgG4FqK7yOhnJsxjwDxJTIlrMoYwSSmsF4/R8Y4kAlQMF
+EDULPLgGfl7Yv7VlaQEBWZ0EALAGPhQbVEPTp2Hfm76ZRWjYJ8iDn98znfsHRYhS
+A/yIXF17eDtSkYU/ANOPNT8g5fOCWKjfLTJX4Al78rbHeGeKS+eO21WQCh8AF7Bv
+vZZWJZ0CyNnO++hzyamsOG1Z5Lrt/WQQPK4Jv5ZyqK3f2nGDufHuyQuIXxsdd+BX
+oqp3iQEVAwUQNQwe/ReiaPz3pQGjAQFowAgAk2fARyp4iyRl89ZZHGY09HpRbwQS
+4jeDIEkBPBpSCBXIELgR7UonSoTwHD0nGHuwgdil5Zjl3PAlQJdo47Sh+hLCMoN/
+mg0aI0vSnOxnnVgIcAigzlEAe03R12frWp32SjXJE1GdeFQWlzkk/6BoujKybvI1
+oRr8OeAb8WzwmUr0c4VITEdb/J5c85yriHIuWpqYWIq5gb7evdj6JTKXly3gFp9R
+bwwd2tjlHYu6O7dHuEsmm4n4iK3rEglILvWIoS4kVV80v6IUE3xgLAVf7tnF5iNc
+nXcA386xUBB17zNvJDiUrciX17TuZsIVvIQnB519NN/ZVr1KpHSbLgMyZokBFQMF
+EDUMH1shtWni44zO8QEBGOEH+gKn6blq8L2AJ7Q2Pcw26Do4J9xlRPFKrDgAgy6y
+U9x509y4BeAZ6yn9RV0iGwhgzbdd57QrUpgcYNKGXSC/tJZZj2h3CZ06m1zaGtJ0
+ig0dN7MU9gqZZMLy9f1EZmCwXeZHXL8t8lUMv8KEoq8+vvghCRvDNUgyQpkwcIOh
+rSu9yJ+OeJ8SpucL0ebJE3MmP2JYmqBCBg3pbr8bWvzjZ2Ny40OiyRnuXFP/jC2f
+ll6oMi8rOpWhjTTuHyrWEG9AxI8xeI5WsEOrJHH6stlmXJM1NtlJQ0D3qCdLn81M
+vitLgTPb/xUepRkFdBhZESG5BPDwT5hm1w7m7yhVohcH8AOJAJUDBRA1C3M0THwE
+EmD/AfUBAbzlA/9nDPPyBD9T1ygEHBsS2ZztO7enSk9DaYmt2jsqQ413UnpbhybR
+zZiuHXpqgG1p5GkYjP2Cw1DtT/dHu2nrD6Mf9j/4QYaRi0sdWLMTKVFPDlT+j1G0
+Ag7/yCMhPv2xr3JOLPppCFiYPkdqRfmKnCWdCtrXmBvu4EiLTj1IXtc1WIkAlQMF
+EDUMLbdfHshviAyeVQEBQOUD/0QsDaDnzgcQHbtvJvDM0x+JYuejbvQEXh6k/cDP
+dLIC8XLZMd0uuAWE12SL1pm6J0q6+csKELascFKyOWTRoNrkWC5m1ltgRuyfXq3z
+Ur9SfL0KlfWFLXRsmGRd5V37u5H9kRjeTRlyiOeAcAMzaLunI9dK8sWet4p03GLy
+GOHQiQCVAwUQNQrIVW2DN4pRurLtAQG7gQP6AxTbsJ3Az+bwEgymYYo7EWADJGoB
+e1r48/0YjocxddhcXJSGL5dRNqY8NURSyvw/dDtjH81mVIbRlZR0QS4D2Jp94Q5/
+mrWyqBW6Ah1EFtihncY3o/g1sxEC0hIj0/CklQmNttxeIGt1rRVyKxHa0tYkDtNW
+w+y5xZQSkE0yin2JAJUDBRA1CrJtdMsnjUUcGpkBAQ11A/4rp8Oy2cVbkrHHIxxM
+2dML/tqNOgOGaB5tEISgtpv9xy1sVuEEA5T6rQJefeC0K00M3Mb3Sy4uumSaX3Io
+yTQr3XD3FZ4Q0n0AWR0ppRBvepqINfn/yeNF7268SDIMstQjlD9GzyCobqrR+VLT
+pxF7wXqyHcLyfqQjRiM9ZNTzAokAlQMFEDUKyAd3HZKuiXLHwQEB0+cEAJ308jCg
+rgWPcSstZH8Q8AoQajdxYMqImoQaqxC8zWjX7BK57pEFLelI3uXqkeEyqIGH0Yqc
+SvHQSSe2vLe3DohfGraCL2VK+b3Dw9IOaff4+ZFlxLVsqNiq13Z6aqRuKJ5uNjhI
+0q9PPBZ8xzOMGfa3cMmW18INJvrVyTu3ENXUiQCVAgUQNQqcZHfUAfkkYu7tAQFr
+tAQA45cSUfYgq3d0RGx3RLUL0H+Bku5xMH2YuRJfpEI/Oc0Z1l/G7AfoR0pTqo9p
+uCu21glCUWm4TvUEaGJjT7q2pmcoLO3LCavNVAZHNTPQvjJgu/Z8+290yR9Ln/f8
+4F1/zcRe4Gakq2weDM+h3gH914vXW7FoGJePc1X+azQ7pYCJARUDBRA1DBz15mc5
+PORZW/UBATL3B/0aknENUHmJ6+axITL1ZODUe/KqFmLRgvCl2g///FtMHlMCUyWy
+q+MkyiHyjbgh1eN6gsCHUSHiROQdXMRRSxZm4FVsjznisjybCqzd93lBQQyKJ6XX
+KWu9SjJq/b6yg83byTgHZRW6kwjmDal97kVyHtV1WZBGDJ+v9nCY2tSvqujtNQbJ
+LWrHp447BSIXBBpMkF/J+cbl7yZLiUN8I1SnLYYttmKOtfD33eL41oKT2LK+j8sI
+kCd4XbcGoMJ+DExDVhFeiwwXWzomvTP42Wv0b8DYI+xeuE+AyARxJ5AVbGUBl4sZ
+qVuNMDZWhc0GLpT10RUeJ5HJVAGIWB2fLIsE
+=ljft
+-----END PGP PUBLIC KEY BLOCK-----
+
+Type Bits KeyID      Created    Expires    Algorithm       Use
+pub  1024 0x12D3461D 1997-05-07 ---------- RSA             Sign & Encrypt
+f16    Fingerprint16 = CA AE F2 94 3B 1D 41 3C  94 7B 72 5F AE 0B 6A 11
+uid  Sendmail Signing Key/1997 <sendmail@Sendmail.ORG>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: PGP for Personal Privacy 5.0
+
+mQCNAzNwqnIAAAEEAL1KqbRgVm9kp9OHLkKGb1tbT8rwEIeeh8KKSKJyDFiV6lZG
+wbEa8OC5vokXvjsJtJvvhMfrG5OYc1Q1sLzPXXBYzenzXFrPaXDO8F9DE8B5VTuy
+yY7g3LVr0VZYfi+ZsNdOFGNLdwLz6a8GHBHdmAn6z+FKjMSbdMGcHSUS00YdAAUR
+tDFTZW5kbWFpbCBTaWduaW5nIEtleS8xOTk3IDxzZW5kbWFpbEBTZW5kbWFpbC5P
+Ukc+iQCVAwUQM3D1KcGcHSUS00YdAQGKTgP9E9r2jv1hB+q5yvJKyTWHiIS8oU5W
+eLzdoFlRJUw74M5WBh0/AkcTMfv0BpCDMxu4zskDJ7L+urFRIsf9op5w6YjdsM15
+AvuCtWqgExRkdoac9WRCFNZ77WPQ4ul018k9EIpurIPaojLs5j2Q0+9vOXrtJmXj
+S72Ol9nQFU/hl46JAHUDBRAzcoIxrOFcwQTbex0BAXvAAv4yS5fkL38pJTUJrijI
+XhaHLV1Rq3XfTdQ2HuMG+rF9nxdBCz3a/YCWJSPvE11sINDTSni43BwbsXWqaxvs
+UKD2fqgXB88zueY7rOt8rqi+PRMZ95QUFTgUP0kAN2+U2SmJAJUDBRAzcYIwAPLZ
+Ceu7G0EBAdysBAClk5f+3LazjkjGZiEVRPBKyUYJDqx0j9phgVkqWRje9ot/ya4z
+N+Zm8e+MGyIk6BfMi1QluMJUqPGY1p/mvLPMkiKhwYXHG3kymto8CMSF415mLxIP
+/6P3SwCyRzJeEcBxKgXlwDwelj2joa1fWZH+rC1ZuZ5FCaiiyKvjSCqb5okAlQMF
+EDNx7IPhx4Y6UUEd4QEBrfED/0tP5eMU4G4CDEAyV6susGl8WUSJCkfGjK8Z22V1
+vM4TLiVLSf7cec5tE6iau8IzumBgRV2kQWOz0+q1VBOStUOJQCGfwC81ou+74eTt
+ThL8m9oJ44Y0JrQpztW7iBqU0KYsAgf95BtArvTqKqG2kLTlBVbjwb6PBqkyzm3C
+6ZbMiQCVAwUQM3Gq0iluPWNaXACpAQFikwQAxYQKEPFIzF/5SyMiktsuNNLMYolh
+UsNEUpU63+Yxhr9ofK7dMZFwaTHaEnCZ/zhjRRA6R+BjBOmnkD/W7fG/i94naJRV
+rMejqJhfZhHYqbMN07yxGdjV47neghSoN4zddZdfLq4gEPD+MN3rVTDnO+xpHzLP
+4jxqAda/0eKSFQyJAHUDBRAzcZsLcslC2OpaI3kBAX9cAv9K9QaxgI8kjyVJkVxY
+KJuYE9PPXgjmQvqx7gS+HFm97ZTROEYhhNek7EFD+XJpVQ62KlQxNUaWe4VnNmZN
+2QQyvRhNvE0bPC+rBKoi6np6Vha0NqWDA80xos3oswpj/+iJAJUDBRAzcRiTBn5e
+2L+1ZWkBAY5YBACLvAw9AoqvMqnUVR4aXSkzK+s5aQG9hDDHac2FWsG66HLhh+Ux
+HI5Cvnke7CF+qglNzDU7HpoIdDFovRgQkfGnB/I7Cy6ax1aRJpLc+JNXkwbDDcZw
+9sXnMMymNl4xn0vUOyrnT2GIwLwFL/t5JIUqovm3mZ2SpL3FxKNWyxgDX4kAlQMF
+EDNw+VVfHshviAyeVQEBrtsD/AtwAvvAduNZMFL9du224fvVZ16of9P5vLVB6tF3
+WKvo39FsFjOLr1xgZn5TWc09i1sVK6swi8O+IgcNLq7CLxRYaXpTjObbphktDVnU
+2uWwc3wHzFA7nNAT9ACEa7gDc1GxFrJQ6QyjJVK4f2n3EyJxc9E1rBIoCSNnmBHh
+vqJViQCVAwUQM3D6ZHcdkq6JcsfBAQGNFQP8CeATNOacSrL+x7JaFf2AlANLwZAo
+G68VE/JMcUgGBCZdo6cptg1uBFgzWaOVq+aQU7AKkwLmbyMvCX04PS0tswnkSl5w
+DTLgSmmOH5elIWWrv5J9MXrlsniIzc1MSokENMOaKIEWuC4yCgE00nBj8q2GfDRh
+J816g1ndGU9zErmJAJUDBRAzcZZKH9vgQ8ZSyXEBAT6zBACDaXRCrBqqCmjIZ/xN
+EQcXQF6VKoDFfMUXSgvRaJP0LRuBmbRuWQRZe+OIGA7vKWtvPti40bm3O4b8rESG
+MMAxARn2PS7VPfOhrRNaVGV/s3NX8GkrPxYD+MuFVHoI3QKiKa/fzxDYMX3rTh6X
+4ISe4cS5O/J6VCEKIjPvoVVFF4kAlQMFEDNxljgoffu9cgNgzQEBEyoD/3Ca0oBU
+AuCJUsrPyFYVr5r9FYOWtvOZ/b8IynIXjxD2Lin9AlX2ijLFDJR0lbDoBVPM4IVt
+4rb/yr9D71LU3plxKn+G9JdFpNK9IWJGqsn8iRmbnoERbbVzvZHVx6qA4qvRTt8s
+TJYN+ueKng42DVvZVZQLWZv9mdDUKH9i7r7/iQCVAwUQM3EH4IY/IR3IPsbJAQG+
+pgP7B8mo+OP0lN6KRK83pje5wctThDHF7OMW9tSKXMqGUMEa8+GWrOrazyT+5R30
+cOHUnz3iNkjHaO2/3jLZ7VZTrewYGD7VSg5d5RW9PMCSm+MaJiHLVWKxS3exHHWK
+b62c3mao1zRz5Oj468cRXnHABNaLt3CmMVvKUpAi3d/W7V2JARUDBRAzcQGwIbVp
+4uOMzvEBAZc6B/0eqipGA88c3bxT0NXZoQtePdVen6Ub3BJiR72E3YA2kZx4Bi1B
+pcJIAw/HhRx9vkc3EmwJkPCn1o1pnYnuMZTgGYH3KAV6WFsT/Yqp0KaHYLzHLCJP
+CVKI29DClbI+LOw3sHWuG9ZHK/y26ue3Bd16dJzs7Wa3ryyqeZGi3gWijHbtVcgA
+laNicb0QuWcMXsNYy2E62kP7tZIRR88cv3KVOlbEB/qEOZ8tYbk5UaI6ccZfIO2c
+Oyo2xakKmw92DyqRdbNKbf6yFZLPYJbGZHsJeI89m+MyU+av7iIhh/ky1mSrZW63
+dPnQvE6sw2BpFS6L3hmtArLHWJKBSm8N3vobiQCVAwUQM3D5Rb3aj9Y/6n39AQGw
+owP+Iu/HfZLks9GdaTXata1YEwC42GJFxB3+8Pgy+ZOimffkF/CFlYWBthD9Zwqb
+NEQanNqQGLOtHgCX4JFLia+FktAX2hy92ciTcSFG9sVsaEHrWnjQRfh4OhqJa/D6
+rtud9sPWjx7TY2s+8BDZxjgNnq+gTCDnhRKvpsLHl9BogAyJAJUDBRAzcPU2I+Ri
+1L97pCEBAYxXA/0cleagkyPhJZoZ2PfqtB3iN9/OcFLZCC4HDTdtpdOundLMTZe3
+WtjCdETnLCXQGOMghdf9fnuU6Em5xPDnXRi+xvMo1/WN+m5n/xfui6qZtUBrZp2D
+35OUFjD6Wr2DGthKb1263P0pbdcCUAZkvqgTHasJfMeSDZR9bAcz77o7YYkAlQMF
+EDUKj4B8S2dtoA4VYwEBHSkEAMOsCwolhlXpbhG1tz35lxdMa/dBCB+JokHvGH5B
+JZNEARGpjlA7Q6oEYGtpTuIwj2lRqgiS7d3M/qCKL0HlrlMDOcBbNdjC6JZuVgnA
+LEG2m+r6YZlLratpkK9rI/SeSpwz2AfmrC89PI+C9Pcysj+EH4hV8WyETjcNA0le
+5UANiQA/AwUQNNg0q1F+HqlP3KvBEQIVngCguFDiBO3ZJR9RN9L0Vmg+/yMX7KMA
+n2tSLsf98uStHSQOzboE0KgghjybiQCVAwUQM8wrnM7nzgldNyzFAQFfGAP8DWSO
+R5ELTdPUugVgB26FStcadMS44is1JWwRT8NkRiewBP1cvVwS3c6zS75qdXNoAz3g
+UklXw90/CeviKHNA1wHOupsMCxwPqy91Uo5SOT49vTOuHZ5HQxY17WfTgFXUUFx7
+RQTB+ga9BpGedHq0Fm5kfvH4L4Fdn1vOpEmsakg=
+=9d88
+-----END PGP PUBLIC KEY BLOCK-----
+
+Type Bits KeyID      Created    Expires    Algorithm       Use
+pub  1024 0xBF7BA421 1995-02-23 ---------- RSA             Sign & Encrypt
+f16    Fingerprint16 = C0 28 E6 7B 13 5B 29 02  6F 7E 43 3A 48 4F 45 29
+uid  Eric P. Allman <eric@Sendmail.ORG>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: PGP for Personal Privacy 5.0
+
+mQCNAy9MzZsAAAEEAK3o3N9W8Ynb47vNtIqUvdjYYl/nEt/hddhumsDNqt/icanP
+7x9VTS1bCfKmAEQ86DSkWRWZmhIpExbcqmuRtixn/RfDHzJ4hU/wAd6kAzUTVIfY
+wLC5NinszKoaqlBWlQkWKW/2GbryLmYIRhIDOKkIBxSgskpShSPkYtS/e6QhAAUR
+tCVFcmljIFAuIEFsbG1hbiA8ZXJpY0BJblJlZmVyZW5jZS5DT00+iQCVAwUQMv+v
+Pr3aj9Y/6n39AQF3hAQApIJUr5W7b1wvi+WVGVc9iWtmKB3U/O7iddjeqeOWCx+P
+6XgD94rkSanFbfCT4Sq8HQNbtTDtBVYFU0SD6GTH5SZ93FUQ6h0OAW5cueHGnfH6
+s+a2N87pPVKxh/brycLvr08to2TvRTbxbebPkF6UWOlurdPI1Ga4kgLZF0Ppwd6J
+AJUDBRAyWFEdXuWsrmbLc90BAaE6BACqO5uGZQ1rLrFxOi9ljDghYmDRLFI0x1ls
+NWh//FAGduRs3N+NemP715N/8vH4n+nY0u0xfPDMi5UklmD1l4EHJlHxNvrXNnQl
+I7gLkkKxvCly/hjbKiMciDtpnUYGa8dgSy/nru6J8QSpOhXbs+UeMsY8xtPYTZqp
+e5fNjWhVJrQjRXJpYyBQLiBBbGxtYW4gPGVyaWNAUmVmZXJlbmNlLkNPTT6JAJUD
+BRAyHkUOgEp1EPeh9ysBAZxGBACWWXNNwG/3fWmGFhDi0eFVSQXbIPK9nOk6/kSM
+5hKqESarPrLsVNapNu5s2BSac4qi6xrrV+4SCEcEkkfESbG/3nXx6ieuxswLim03
+BTHvsceFjjPUN9X+Hny0LEbHbcwACHPq+yGgQ9kEYLmzMM6/9kaIy+56Iy/PbAyT
+ARKGOrQgRXJpYyBQLiBBbGxtYW4gPGVyaWNAVXNlbml4Lk9SRz60IkVyaWMgUC4g
+QWxsbWFuIDxlcmljQFNlbmRtYWlsLk9SRz6JAD8DBRA0qiAaXtpa2zmNWFARAkMb
+AJ9sSKb6Aj1fwF8QyDH5rArzoWOXYgCgj0OcgAVTjMHV1BaAKDvq+dfASKG0JUVy
+aWMgUC4gQWxsbWFuIDxlcmljQENTLkJlcmtlbGV5LkVEVT6JANUDBRAxPmCOSSSp
+RrHt/oUBAVdpBf9fXDKX23m0mI35fy8GkH2n6p+2j+r5fTCsJr0ShtXA1E8BS3XR
+Z9wPPbi925UoT0uBc8bAZhSwMMX19hVKyvo8tjmy3nRhhjfOZKTprjAGHDOQnfce
+UY2URhmM2ELkKioY3jVYnoTSiL5tLXDUfii/frwEG7ZY31LW1YErCKMl4lqlZucK
+XF7n7gijTPebGAYckU2XP1y0n5YZrNq4WQBv+6wgDD4wqtDiyCG1/O2jh7eJ1UDF
+3FvDOEfdcgKoID2JAJUDBRAvbcy3g3t4fqRAn2UBAW2nBACXg7tSyMU+Jj9NBrjg
+DLnYEoKWV0F++dWHqM0WisDOCwU+v51BUP/VJdqEwWc6CdUrbNbTHCVCG/3D0set
+DuvmkxBKpBsljN7gxDTfUEMciCrdtlEh/jJ5YZ1ofSujxIHjYZ6OJg/4x9AgdJ5O
+EsDUvK2fEI3+dFGRYrw2XUOqeokAVQMFEC9SbfUeUtMXXNLGGQEBz58B/AuGcYU/
+mNixrR5QYndJVmarw/0ewfRJMXzYXCn+9TFYy8gul9K6Mu3/zv3Z2BzB92sdsbVC
+rXlcazNrR/gedMGJAJUDBRAvUm2lI+Ri1L97pCEBAdDhA/9YP8KoUDp/YmSekMBU
+4myhSpFsCW5Fs6I07Cwn84Q/hkZ9myG+rGxUltBry2Z7CMcwQABa9D254FjV/BR6
+eVIgADSBIR2U3DSrEgSP0qGdT5yFCrbP5HOge59/b/0CknBlDvBLLD3HW+OrwOaQ
+cF/4gBUnbMJ01gZEY36IFgXsvokAdQMFEC/gXgxqmwnIWCbPjQEBQwIDAJRi8+tW
+be7gQpW5ZSriDbss6J3/dd/WDspD4WnwnoiNMFKzVDVRbZGAMjsSqsLCJSywdIus
+P7eLs0kayCx0ov7UcF/O6N0MYw/jy6NkFtiSND6TqtJ7Pc2SZcjetbpIkA==
+=StEG
+-----END PGP PUBLIC KEY BLOCK-----
+
+Type Bits KeyID      Created    Expires    Algorithm       Use
+sec+ 1024 0xA00E1563 1998-03-07 ---------- RSA             Sign & Encrypt
+f16    Fingerprint16 = 66 39 58 9A 83 5F 52 26  88 E4 59 36 5A 94 D9 48
+uid  Gregory Neil Shapiro <gshapiro@sendmail.org>
+uid  Gregory Neil Shapiro <gshapiro@sendmail.com>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: PGP for Personal Privacy 5.0
+
+mQCNAzUB04kAAAEEANHOOWZH9BdsPi8071kHB49qWAWL7OjoUk2NpItw5D9o/sRa
+jZbBwtvPSjx+/cC1Nka+apIuXGccjBzpu71DJFLxIYEk+MW33bSgymI19utPS1b7
+yHetCa6T3ggBsdSH3+gLbyK0bt+suRxxiAC6719HqHvUxuGWnHxLZ22gDhVjAAUR
+tCxHcmVnb3J5IE5laWwgU2hhcGlybyA8Z3NoYXBpcm9Ac2VuZG1haWwub3JnPokA
+lQMFEDUB04l8S2dtoA4VYwEBL7gEAIcDsmzwlzI5+KYILkeUmoOWeoOunDZ7ZRv9
+KvATWccEJdcdjGk4VPKtAGYWgPJBweLAaeZBHo5+cB/w4Ho+sPavHJoaXqk20u5T
+AtIv/DUKcPcE6MVvOYuWUsnHGuWDeSke/KKA1uRw7KEn8vDlBYktUres8ifHLGy0
+JM+aEs26iQCVAwUQNQnbcr3aj9Y/6n39AQGzkgQAhcwsoDO9Rl2oQSUYZpvcxUHF
+rroqSQFejRRfTCT2a3ejQDckeFTqT2VcLGv+QH+7sQFnRAlJrTWU6U/BoLsf3qnu
+dSijd2DiiCTQ5F88SBQjlRyxvXpQXOWGlmemmkV6kry/px4MaFAyF/35HCo0Rzd9
+S0brLFgrCiTzAS7/wRCJAJUDBRA1Cd2jI+Ri1L97pCEBAYw4BACh5m75gsGcClEX
+LUcxIOaANG2YNSr9r1lmHxcDq0V3Gpv02IauADL1+DX6o3sD+dX+WJxyAM7F8QBC
+up2ZtADL1uxiGz+AarDT4qzXyUeQnB47tkhPTnlcO60srtgkRKNex+lAuzzbWSAT
+vZpS4C90ZJASwMGr+M73V/66cwKA/4kAlQMFEDUVydtfHshviAyeVQEBwUMD/AoR
+E9p0DSgbPpSdojFok7BEe8fHLwJR31fBWetLOk5nsHuAHWBCasO9bmjgG8vls8YS
+iTkoJAMxXN03i1bRNL5X3F5Ex1HzrkjEsn51Fcx4Jyp3blXlf4yOBN2t+2DM8DfR
+vy1yVrvKtZ1TEhjM0zoG1DqjN8zf/hG23t+1rGZ3iQEVAwUQNRXjouNaWM2W6V8r
+AQEHowf/ZTBh0jzRC+oJHb/uewa/vnufEFeWoGZt5U9KZoKooUcZZ82RyZhzJzC2
+/5zQQQI9vY+Gh/bL+o7Eaj8+FlbXN9N31E/BhxTtR/v2FTr0HHn/kXKriG/Wjwpr
+Rj2hF9fu5HTVD0Bp3A/uQ4bUO9xT7edKGtQWgXEN77/xbD+LGrZ8CTFSohA+WIyr
+tgwL214ASBDv8j++V4lpTkzyJSjuFTL019hsjkeE4FvCXbELfvsVX0SOZK9Q45I+
+sgvsAZ0BBpasfaY47WShYGhTvvp2r/Z8xgy2erw4vhKz3jJCVmkK1cmAM0IvhwFn
+LSYfxI/T/1zEUj+56XTMc4C3dltXfYkAlQMFEDUV9Q08YShHTKshIQEBY7cD/2Rw
+Bu6ZJAoJaGKzbBOwEQG2JV3/o5W0Z/Tfy9x3kUDecgqEKN2M0b9zCkzCprotGNhJ
+3KXvva3XL2H9AlJd5aorcmvNSph38rPlP35Tt3xWXMBrB1CNR79WMZU+Wx1TlJMf
+i8EFURUkjD9WXRsn5P9ncPPKBGcCJ3MfA4LQvvvqiQCVAwUQNRZkreTJ6ktPts0d
+AQGsMwP/beohoVn7bcp9kkYW0d3mAlbZyrDzbi6Q+C0lS9s67g4k/QzWLY8vZAYc
+ywC2KDQjoc1mnw1bJ+S6u5WmMTnfrmXs8vUMpmM3no+ZIlk8FB6tdkKcIu3yuAd9
+CFz62uxnekRRCoIFnWadeZSyxOmdxtO99MUaM9D8Ob1fOH6vPWOJAJUDBRA1GUPT
+vFYqkcU0pUkBAXQVA/42rM5+DyOA2VoCCkYa0VgIuA5ECROFnwigcY8mxQx9D/Xv
+30Z0ePR4Bigur/eXqCC0Tt0cy213SUpED38xsXtmchK2lpCH5RlIwbr2SZKNWGSZ
+jGlSCRbLT2xo+WYxvXcUL0q4NYgG5gXG4lXUf8yyuo/MztQlBkPsoO2SLLX3MIkA
+dQMFEDVqLI6s4VzBBNt7HQEB/asC/igF9ebzNWnIlug1gienj8d31znRL1YKcn0h
+e5b5N2XPIXQ3cOBQxlufuHVZKL0Cir5MSozxnEsavqKSGhGQuEnvv6lbYh0/OJgo
+eB40EDPnPGjv6kcexzOB4rUOYr46w4kAlQMFEDVq3TUpbj1jWlwAqQEBqKQEAL9n
+C6RFsBFabbAw0ScsmW9ir/0Zz28pBmxMkUY8RL9Kk6jEkwCa3phztMao3qGajqXd
+iw5hzfAOdY+eWPXq/sqE2f81uU2TaFCsVq++rAcDqxhZ1p47xfGcBtVBTpgAl+9s
+8h33IsggglCumuhBkyCwOBFZ2JiN+BUAv6LbUvBWiQCVAwUQNYgrcJqnRzvJFyx1
+AQGiCgP+LLh7c6FxqVQbgm3qpwgReYryaQQx8sdksX1gZ6jIEC5gYTDh+vHmUJdi
+16I7Pz02e9R2yOsKU6e+zhCTauHtSM0CGYn9OdLx96WpJv6nul/KI8eztyV6Dl4k
+T8rFbuo0qs8Ib9exDmkdRh78Ihbask69R1w/OwLIlKesOiLo04eJAJUDBRA1x/fK
+P2UweumbYhUBAZCzA/0UQ5AB890HbWnvVHP9PdDT8KpIQYg7wm5aStpinY2/jfwA
+zl+kvaAwL6nTsTJiWNLfZj4rLn0JsG8176/lyl4Lk6QLkbGyBD+/u8tD6yL0NzYW
+lLIBwhxL8W8Fw889OKci72b6rrTcQNNEw2eZiSeTGJBQdZ4quDQZOthwtMEEe4kA
+lQMFEDXQKC8offu9cgNgzQEBXYAEAJSZ+CEGKswFmmQqO2t0WaO9SKZxxXtnGe/Z
++M8emTESQecZ5oC4Sc+M9c6YE8jSH5CgDD4R5EHKeWXsVfFMV8wetcjgB9AicCnl
+ki2hVT38Rf+b1go4lbKpPjKf+V32Xs/s/kblZ3SX11aOF7pkQCV2W1ebkZ+Tnim2
+Ec+pwLKytCxHcmVnb3J5IE5laWwgU2hhcGlybyA8Z3NoYXBpcm9Ac2VuZG1haWwu
+Y29tPokAlQMFEDUUq258S2dtoA4VYwEBrTQD/A8sNe02YWwDwQx1sHMoDeCN3hjV
+9lCdWlPa1Aj4Wsw4Jgf3Q1x+n2lmAUtov20tXVxtXohCjC0dNNyGZlIOKOXN/R8g
+6g3KkdAhENarH9Fibw/XaXC/VTnvvv5QQWNT3VGUDp9lMj/rUu8LjrxNwANWcSfU
+5mjUg0d0CFmYTqxqiQCVAwUQNRSr6L3aj9Y/6n39AQH0rAP/U8iMjZuwXGr280uC
+FtEpEkSqlNvxFW+C4K+89jluK2o+6zhUu/N73nJM7HHt7kA40FaH9TJfxnTR3VDR
+KbkpmZ1zPfrkgf+fE/rQgKn8enk8fWCMBdEDTjiCjXIoNNLK1Pyv0/x0yWt+n8kY
+RaS4GV/d5nilK7lFx/uISOZmQ3uJARUDBRA1FePa41pYzZbpXysBAYYMCACIMf6P
+Og0RgQS1QVpFrlUR2zQCEIv/ioWNGdXD43FDWkuyPmOGjOY8jpIYi7I2HBLtpbXR
+WNl00ignGWcMhGzdZqK+K55cyDTIC14vGFc7SUKMcQUOEVfyMtytMYvNr+95EBGM
+qlfUYxhoqfkguC3ZCmZvu2exdGndSXuxDA8d0KcjxDRAuIqfh7gekQTEkILf5Xkf
+nSwsEdFwthW/vAWXYSNNF/L8Q5SXVi35ez0qqMJTa1rSzoRGkBKcxplJZ7YQfnBu
+zp25LaeiF66UT9/6tAggKOfkqD/r7UwfVHYGK86HuzAdfepOv+hIrhouZZiXhkFQ
+4ypAkFgaXj1AOgFTiQCVAwUQNRZkweTJ6ktPts0dAQHMqgP8DwJsWJUP7yELDOxc
+x8Zh2EY78w1J94CTcYQPqF8+xaVpFdAt1tw1P6/KW0kjq2arfMW+xleXRhvchB/l
+8kzjmocDIQx6C7x0rf4rwG7ZxulZgqI1NrB8EnIPzPBBeBP4aKdtGOg8S8585iH4
+zrWpW6Z/KOXQcDGge34pdN7JV9uJAJUDBRA1FmuyPGEoR0yrISEBAcsCBAChTZnQ
+nS6PYAYp8OOB7/0evMSug+0PSGkxEzYZVcr/WUgijfsZ+DfVOYtXwKvuL3O+yUeK
+oP3Uqs9wKMTr8tVIv8geoFYoxLuHD3P4EOYxjOI8Yk9/bNRT4E0NoEJQi58OIzwz
+ORBztEhCFLWz/SCBpoXfMpLmplmxEUcHkj0ryokAlQMFEDUZQ9+8ViqRxTSlSQEB
+mKgD/ibbOd/iRJ+cvaGSzns0hsz4nSFJdn2C09Bz4OPlIF6uslaeG7GR/fm7p8Qg
+PPd5907mvMRStaK+gYLv3h50Nz9ckUvPB3erW/Xy7txCk1idI21b2QaAbmAYQ1r1
+HrFQXogDY/Pblj2pMYXC0sX4efQSbc5OTRr6W6ijqxRXNJQkiQCVAwUQNR+ubCPk
+YtS/e6QhAQHiiwQAl9sGXG/TxwGyacjrgG6wTAz/PYhh+0CGDFjyC0wPXQjE/ICI
+6/kjl6fYNhFQdRNPYhfY48TWk9iqIiInpylk5ieLzJD62yrUlXCZH5xx/MA3PzD5
+xczRO74R+4lVxuI/zGXdQMGm+P0ydzAma3gOhyN+85XzzFy/QOtPMihffLeJAHUD
+BRA1aizMrOFcwQTbex0BAZP8Av0d+FY9zxS1okG2rXQFubkDoBREChWnKMSO+y+F
+Kj2rDExoSt7EXn44DQWd8a3nz45u2Csr/JsntN9zr2OjOA3AUEsXyHmHHjDRQlaj
+a5G7aHDRz4zaCDrxGiIMO5d1AfqJAJUDBRA1auWNKW49Y1pcAKkBActRA/4nLsGd
++N2OAiRhJvCZzLu6xhUEjMHwYJvxtYzcp2R3dFczbtgWKl8BGkeA91Gwm2ESu650
+WOyT5f9GC1T+zSZc8j0voZJOEMBxefrCA4jlwRA51CplYm7nbBaHk1OVER7zUYCB
+olZLkgqCjUA39HvMZ/WhQoIAXpKMpU2zSCtTPYkAlQMFEDWILQyap0c7yRcsdQEB
+TEQEAIElJUWiqoKT9X7TnHHlIHTSDhqVbsQdNjhB9g/hs5Rpl/pgDRCX1o32C2JT
+b1OkjlWMd2RtKFcSCSYTqDKwmnxQfxvo/SgM0Gv3V5dpTlNc35g0gksgJGiozEIO
+/6Hn6GHjrRh4fpRmv8ySHfzeJJq6+JttLy8uRmvywC4FSfp/iQCVAwUQNcf3kD9l
+MHrpm2IVAQGu2AP+MjnlXXhtUH+i1V82j/Az5N+qwWKJbbQK2Qd95oE43BI8ES+8
+0MAuP58oA9XikkcFX6Lqunvv2FRC5hsi+SsSXx67poMsQzk71mqxDR+dY+iCw36O
+BLK2NtITxxAIKQwj79xNqzgsfm3cpti32t+C/kGkYbONonZHz5uhAG+N0jQ=
+=idnw
+-----END PGP PUBLIC KEY BLOCK-----
+
+$Revision: 8.5 $, Last updated $Date: 1999/11/23 19:08:03 $
diff --git a/contrib/sendmail/README b/contrib/sendmail/README
index c7ff734..a05adc0 100644
--- a/contrib/sendmail/README
+++ b/contrib/sendmail/README
@@ -1,25 +1,34 @@
-/*-
- *	@(#)README	8.51 (Berkeley) 1/25/1999
- */
 
 			SENDMAIL RELEASE 8
 
 This directory has the latest sendmail(TM) software from Sendmail, Inc.
-See doc/changes/changes.me for a summary of changes since 5.67.
 
 Report any bugs to sendmail-bugs@sendmail.ORG
 
-There is a web site at http://WWW.Sendmail.ORG -- see that site for
+There is a web site at http://WWW.Sendmail.ORG/ -- see that site for
 the latest updates.
 
-******************************************************************
-**  A new Build architecture is in place that allows you to	**
-**  use the "Build" shell script in any of the program		**
-**  directories.  On many environments this will do everything	**
-**  for you, no fuss, no muss.  See src/README for more details	**
-**  of compilation.  See cf/README for details about building	**
-**  a runtime configuration file.				**
-******************************************************************
++--------------+
+| INTRODUCTION |
++--------------+
+
+0. The vast majority of queries to <sendmail-questions@sendmail.org>
+   are answered in the README files noted below.
+
+1. Read this README file, especially this introduction, and the DIRECTORY
+   PERMISSIONS sections.
+
+2. Read sendmail/README, especially:
+   a. the introduction
+   b. the BUILDING SENDMAIL section
+   c. the relevant part(s) of the OPERATING SYSTEM AND COMPILE QUIRKS section
+
+   You may also find these useful:
+
+   d. devtools/README
+   e. devtools/Site/README
+
+3. Read cf/README.
 
 Sendmail is a trademark of Sendmail, Inc.
 
@@ -30,25 +39,24 @@ Sendmail is a trademark of Sendmail, Inc.
 Sendmail often gets blamed for many problems that are actually the
 result of other problems, such as overly permissive modes on directories.
 For this reason, sendmail checks the modes on system directories and
-files to determine if can have been trusted.  For sendmail to run
-without complaining, you MUST execute the following command:
+files to determine if they can be trusted.  For sendmail to run without
+complaining, you MUST execute the following command:
 
 	chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
 	chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
 
 You will probably have to tweak this for your environment (for example,
 some systems put the spool directory into /usr/spool instead of
-/var/spool and use /etc/mail for aliases file instead of /etc).  If you
-set the RunAsUser option in your sendmail.cf, the /var/spool/mqueue
-directory will have to be owned by the RunAsUser user.  As a general rule,
-after you have compiled sendmail, run the command
+/var/spool).  If you set the RunAsUser option in your sendmail.cf, the
+/var/spool/mqueue directory will have to be owned by the RunAsUser user.
+As a general rule, after you have compiled sendmail, run the command
 
 	sendmail -v -bi
 
 to initialize the alias database.  If it gives messages such as
 
 	WARNING: writable directory /etc
-	WARNING: writable directory /usr/spool/mqueue
+	WARNING: writable directory /var/spool/mqueue
 
 then the directories listed have inappropriate write permissions and
 should be secured to avoid various possible security attacks.
@@ -81,8 +89,8 @@ the items in the file to be marked as safe for file and program
 delivery.
 
 Other files affected by this strengthened security include class
-files (i.e. Fw /etc/sendmail.cw), persistent host status files, and
-the files specified by the ErrorHeader and HelpFile options.  Similar
+files (i.e. Fw /etc/mail/local-host-names), persistent host status files,
+and the files specified by the ErrorHeader and HelpFile options.  Similar
 DontBlameSendmail flags are available for the class, ErrorHeader, and
 HelpFile files.
 
@@ -92,73 +100,22 @@ a "chmod go-w $FILE" on each.  Also, do a "chmod go-w $DIR" for
 each directory in the file's path.
 
 
-+--------------+
-| MANUAL PAGES |
-+--------------+
-
-The sendmail manual pages use contemporary Berkeley troff macros.  If
-your system does not process these manual pages, you can pick up the
-new macros in a BSD Net/2 FTP site (e.g.  on FTP.UU.NET, the files
-/systems/unix/bsd-sources/share/tmac/*).
-
-The strip.sed file is only used in installation.
-
-After installation, edit tmac.doc and tmac.andoc to reflect the
-installation path of the tmac files.  Those files contain pointers to
-/usr/share/tmac/, and those pointers are not changed by the `make
-install` process.  There's also a bug in those files -- make the
-following patch:
-
-*** tmac.an~    Tue Jul 12 14:29:09 1994
---- tmac.an     Fri Jul 15 13:17:54 1994
-***************
-*** 50,55 ****
-  .de TH
-  .rn TH xX
-  .so /usr/share/lib/tmac/tmac.an.old
-! .TH \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8
-  .rm xX
-  ..
---- 50,55 ----
-  .de TH
-  .rn TH xX
-  .so /usr/share/lib/tmac/tmac.an.old
-! .TH "\\$1" "\\$2" "\\$3" "\\$4" "\\$5" "\\$6" "\\$7" "\\$8"
-  .rm xX
-  ..
-
-Rename the existing tmac.an to be tmac.an.old, and rename tmac.andoc
-to be tmac.an.
-
-tmac.an will choose between tmac.an.old, your old macros, or tmac.doc,
-which are the new macros, so that both the new man pages and the
-existing man pages will be translated properly.
-
-I'm also told that the groff distribution from MIT has a tmac.doc
-macro set that is compatible with these macros.
-
-
 +-----------------------+
 | RELATED DOCUMENTATION |
 +-----------------------+
 
 There are other files you should read.  Rooted in this directory are:
 
-  doc/changes/changes.ps
-	Describes changes between Release 5 and Release 8 of sendmail.
-	There are some things that may behave somewhat differently.
-	For example, the rules governing when :include: files will
-	be read have been tightened up for security reasons.
   FAQ
 	Answers to Frequently Asked Questions.
+  INSTALL
+	Installation instructions for building and installing sendmail.
   KNOWNBUGS
-	Known bugs in the current release.  I try to keep this up
-	to date -- get the latest version from FTP.Sendmail.ORG
-	in /ucb/sendmail/KNOWNBUGS.
+	Known bugs in the current release.
   RELEASE_NOTES
 	A detailed description of the changes in each version.  This
 	is quite long, but informative.
-  src/README
+  sendmail/README
 	Details on compiling and installing sendmail.
   cf/README
 	Details on configuring sendmail.
@@ -180,15 +137,8 @@ There are other files you should read.  Rooted in this directory are:
 +--------------+
 
 There are several related RFCs that you may wish to read -- they are
-available via anonymous FTP to several sites, including:
-
-	ftp://nic.ddn.mil/rfc/
-	ftp://nis.nsf.net/documents/rfc/
-	ftp://nisc.jvnc.net/rfc/
-	ftp://venera.isi.edu/in-notes/
-	ftp://wuarchive.wustl.edu/doc/rfc/
-
-For a list of the primary repositories see:
+available via anonymous FTP to several sites.  For a list of the
+primary repositories see:
 
 	http://www.isi.edu/in-notes/rfc-retrieval.txt
 
@@ -233,7 +183,11 @@ Important RFCs for electronic mail are:
 	RFC1894	An Extensible Message Format for Delivery Status
 		Notifications
 	RFC1985	SMTP Service Extension for Remote Message Queue Starting
-	RFC2033 Local Mail Transfer Protocol
+	RFC2033 Local Mail Transfer Protocol (LMTP)
+	RFC2034 SMTP Service Extension for Returning Enhanced Error Codes
+	RFC2476 Message Submission
+	RFC2487 SMTP Service Extension for Secure SMTP over TLS
+	RFC2554 SMTP Service Extension for Authentication
 
 Other standards that may be of interest (but which are less directly
 relevant to sendmail) are:
@@ -246,6 +200,27 @@ MB, MR, or MG DNS resource records, as defined (as experiments) in
 RFC1035.
 
 
++---------+
+| WARNING |
++---------+
+
+Since sendmail 8.11 and later includes hooks to cryptography, the
+following information from OpenSSL applies to sendmail as well.
+
+PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
+SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
+TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
+PARTS OF THE WORLD.  SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR
+COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL
+SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE
+YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT
+AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR
+ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
+
+If you use OpenSSL then make sure you read their README file which
+contains information about patents etc.
+
+
 +-------------------+
 | DATABASE ROUTINES |
 +-------------------+
@@ -263,12 +238,12 @@ you will need to provide that directory when building:
 	Build -I/path/to/include/directory
 
 If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly*
-urged to upgrade to DB version 2, available from http://www.sleepycat.com/.
-Berkeley DB versions 1.85 and 1.86 are known to be broken in various nasty
-ways (see http://www.sleepycat.com/db.185.html), and can cause sendmail
-to dump core.  In addition, the newest versions of gcc and the Solaris
-compilers perform optimizations in those versions that may cause fairly
-random core dumps.
+urged to upgrade to DB version 2 or later, available from
+http://www.sleepycat.com/.  Berkeley DB versions 1.85 and 1.86 are known to
+be broken in various nasty ways (see http://www.sleepycat.com/db.185.html),
+and can cause sendmail to dump core.  In addition, the newest versions of
+gcc and the Solaris compilers perform optimizations in those versions that
+may cause fairly random core dumps.
 
 If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are
 using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h
@@ -285,10 +260,10 @@ If you are using Berkeley DB version 2.3.15 or greater, no changes are
 necessary.
 
 The underlying database file formats changed between Berkeley DB versions
-1.85 and 1.86, and again between DB 1.86 and version 2.0.  If you are
-upgrading from one of those versions, you must recreate your database
-file(s).  Do this by rebuilding all maps with makemap and rebuilding the
-alias file with newaliases.
+1.85 and 1.86, again between DB 1.86 and version 2.0, and finally between
+DB 2.X and 3.X.  If you are upgrading from one of those versions, you must
+recreate your database file(s).  Do this by rebuilding all maps with
+makemap and rebuilding the alias file with newaliases.
 
 
 +--------------------+
@@ -331,17 +306,16 @@ install it.
 +----------------+
 
 Sendmail 8 supports the IDENT protocol, as defined by RFC 1413.
-No ident server is included with this distribution.  I have found
-copies available on:
-
-  ftp.lysator.liu.se		/pub/ident/servers
-  romulus.ucs.uoknor.edu	/networking/ident/servers
-  ftp.cyf-kr.edu.pl		/agh/uciagh/network/ident
+Note that the RFC states a client should wait at least 30 seconds
+for a response.  As of 8.10.0, the default Timeout.ident is 5 seconds
+as many sites have adopted the practice of dropping IDENT queries.
+This has lead to delays processing mail.
 
-If you want to run an IDENT server, I suggest getting a copy from
-one of those sites.  Versions are available for several different
-systems, including Apollo, BSD, NeXT, AIX, TOPS20, and VMS.
+No ident server is included with this distribution.  It is available
+from:
 
+  ftp://ftp.lysator.liu.se/pub/ident/servers/
+  http://sf.www.lysator.liu.se/~pen/pidentd/
 
 +-------------------------+
 | INTEROPERATION PROBLEMS |
@@ -353,6 +327,14 @@ Microsoft Exchange Server 5.0
 	"connection reset" and "I/O error".''  Upgrading Exchange from
 	Version 5.0 to Version 5.5 Service Pack 2 solved this problem.
 
+CommuniGate Pro
+	CommuniGate Pro 3.2.4 does not accept the AUTH= -parameter on
+	the MAIL FROM command if the client is not authenticated.  Use
+
+		define(`confAUTH_OPTIONS', `A')
+
+	in .mc file if you have compiled sendmail with Cyrus SASL
+	and you communicate with CommuniGate Pro servers.
 
 +---------------------+
 | DIRECTORY STRUCTURE |
@@ -368,15 +350,19 @@ contrib		Some contributed tools to help with sendmail.  THESE
 		ARE NOT SUPPORTED by sendmail -- contact the original
 		authors if you have problems.  (This directory is not
 		on the 4.4BSD tape.)
+devtools	Build environment.  See devtools/README.
 doc		Documentation.  If you are getting source, read
 		op.me -- it's long, but worth it.
+include		Include files used by multiple programs in the distribution.
+libsmdb		sendmail database library with support for Berkeley DB 1.X,
+		Berkeley DB 2.X, Berkeley DB 3.X, and NDBM.
+libsmutil	sendmail utility library with functions used by different
+		programs.
 mail.local	The source for the local delivery agent used for 4.4BSD.
 		THIS IS NOT PART OF SENDMAIL! and may not compile
 		everywhere, since it depends on some 4.4-isms.  Warning:
 		it does mailbox locking differently than other systems.
-mailstats	Statistics printing program.  It has the pathname of
-		sendmail.st compiled in, so if you've changed that,
-		beware.
+mailstats	Statistics printing program.
 makemap		A program that creates the keyed maps used by the $( ... $)
 		construct in sendmail.  It is primitive but effective.
 		It takes a very simple input format, so you will probably
@@ -390,10 +376,13 @@ rmail		Source for rmail(8).  This is used as a delivery
 		other non-socket oriented mailers.  Older versions of
 		rmail are probably deficient.  RMAIL IS NOT PART OF
 		SENDMAIL!!!  The 4.4BSD source is included for you to
-		look at or try to port to your system.  I know it doesn't
-		compile on {SunOS, HP-UX, OSF/1, other} (pick one).
+		look at or try to port to your system.  There is no
+		guarantee it will even compile on your operating system.
 smrsh		The "sendmail restricted shell", which can be used as
 		a replacement for /bin/sh in the prog mailer to provide
 		increased security control.  NOT PART OF SENDMAIL!
-src		Source for the sendmail program itself.
+sendmail	Source for the sendmail program itself.
 test		Some test scripts (currently only for compilation aids).
+vacation	Source for the vacation program.  NOT PART OF SENDMAIL!
+
+$Revision: 8.71.4.6 $, Last updated $Date: 2000/06/29 04:18:43 $
diff --git a/contrib/sendmail/RELEASE_NOTES b/contrib/sendmail/RELEASE_NOTES
index e50c3b5..1dea007 100644
--- a/contrib/sendmail/RELEASE_NOTES
+++ b/contrib/sendmail/RELEASE_NOTES
@@ -1,12 +1,1662 @@
 			SENDMAIL RELEASE NOTES
-	     @(#)RELEASE_NOTES	8.9.3.1 (Berkeley) 2/4/1999
+      $Id: RELEASE_NOTES,v 8.561.2.5.2.80 2000/07/19 20:40:57 gshapiro Exp $
 
 
 This listing shows the version of the sendmail binary, the version
 of the sendmail configuration files, the date of release, and a
 summary of the changes in that release.
 
-8.9.3/8.9.3	99/02/04
+8.11.0/8.11.0	2000/07/19
+	SECURITY: If sendmail is installed as a non-root set-user-ID binary
+		(not the normal case), some operating systems will still
+		keep a saved-uid of the effective-uid when sendmail tries
+		to drop all of its privileges.  If sendmail needs to drop
+		these privileges and the operating system doesn't set the
+		saved-uid as well, exit with an error.  Problem noted by
+		Kari Hurtta of the Finnish Meteorological Institute.
+	SECURITY: sendmail depends on snprintf() NUL terminating the string
+		it populates.  It is possible that some broken
+		implementations of snprintf() exist that do not do this.
+		Systems in this category should compile with
+		-DSNPRINTF_IS_BROKEN=1.  Use test/t_snprintf.c to test your
+		system and report broken implementations to
+		sendmail-bugs@sendmail.org and your OS vendor.  Problem
+		noted by Slawomir Piotrowski of TELSAT GP.
+	Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
+		Implementation influenced by the example programs of
+		OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
+	Add new STARTTLS related options CACERTPath, CACERTFile,
+		ClientCertFile, ClientKeyFile, DHParameters, RandFile,
+		ServerCertFile, and ServerKeyFile.  These are documented in
+		cf/README and doc/op/op.*.
+	New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
+		${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
+		${server_name}, and ${server_addr}.  These are documented
+		in cf/README and doc/op/op.*.
+	Add support for the Entropy Gathering Daemon (EGD) for better
+		random data.
+	New DontBlameSendmail option InsufficientEntropy for systems which
+		don't properly seed the PRNG for OpenSSL but want to
+		try to use STARTTLS despite the security problems.
+	Support the security layer in SMTP AUTH for mechanisms which
+		support encryption.  Based on code contributed by Tim
+		Martin of CMU.
+	Add new macro ${auth_ssf} to reflect the SMTP AUTH security
+		strength factor.
+	LDAP's -1 (single match only) flag was not honored if the -z
+		(delimiter) flag was not given.  Problem noted by ST Wong of
+		the Chinese University of Hong Kong.  Fix from Mark Adamson
+		of CMU.
+	Add more protection from accidentally tripping OpenLDAP 1.X's
+		ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
+		Suggested by Kurt Zeilenga of OpenLDAP.
+	Fix the default family selection for DaemonPortOptions.  As
+		documented, unless a family is specified in a
+		DaemonPortOptions option, "inet" is the default.  It is
+		also the default if no DaemonPortOptions value is set.
+		Therefore, IPv6 users should configure additional sockets
+		by adding DaemonPortOptions settings with Family=inet6 if
+		they wish to also listen on IPv6 interfaces.  Problem noted
+		by Jun-ichiro itojun Hagino of the KAME Project.
+	Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
+		the interface information for an outgoing connection.
+		Not doing so was creating a mismatch between the socket
+		family and address used in subsequent connections if the
+		M=b modifier was set in DaemonPortOptions.  Problem noted
+		by John Beck of Sun Microsystems.
+	If DaemonPortOptions modifier M=b is used, determine the socket
+		family based on the IP address.  ${if_family} is no longer
+		persistent (i.e., saved in qf files).  Patch from John Beck
+		of Sun Microsystems.
+	sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
+		macros for both the incoming interface address/family and
+		the outgoing interface address/family.  In order for M=b
+		modifier in DaemonPortOptions to work properly, preserve
+		the incoming information in the queue file for later
+		delivery attempts.
+	Use SMTP error code and enhanced status code from check_relay in
+		responses to commands.  Problem noted by Jeff Wasilko of
+		smoe.org.
+	Add more vigilance in checking for putc() errors on output streams
+		to protect from a bug in Solaris 2.6's putc().  Problem
+		noted by Graeme Hewson of Oracle.
+	The LDAP map -n option (return attribute names only) wasn't working.
+		Problem noted by Ajay Matia.
+	Under certain circumstances, an address could be listed as deferred
+		but would be bounced back to the sender as failed to be
+		delivered when it really should have been queued.  Problem
+		noted by Allan E Johannesen of Worcester Polytechnic Institute.
+	Prevent a segmentation fault in a child SMTP process from getting
+		the SMTP transaction out of sync.  Problem noted by Per
+		Hedeland of Ericsson.
+	Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
+		is defined to avoid a core dump due to incompatibilities
+		between sfio and stdio.  Problem noted by Neil Rickert
+		of Northern Illinois University.
+	Don't log useless envelope ID on initial connection log.  Problem
+		noted by Kari Hurtta of the Finnish Meteorological Institute.
+	Convert the free disk space shown in a control socket status query
+		to kilobyte units.
+	If TryNullMXList is True and there is a temporary DNS failure
+		looking up the hostname, requeue the message for a later
+		attempt.  Problem noted by Ari Heikkinen of Pohjois-Savo
+		Polytechnic.
+	Under the proper circumstances, failed connections would be recorded
+		as "Bad file number" instead of "Connection failed" in the
+		queue file and persistent host status.  Problem noted by
+		Graeme Hewson of Oracle.
+	Avoid getting into an endless loop if a non-hoststat directory exists
+		within the hoststatus directory (e.g., lost+found).
+		Patch from Valdis Kletnieks of Virginia Tech.
+	Make sure Timeout.queuereturn=now returns a bounce message to the
+		sender.  Problem noted by Per Hedeland of Ericsson.
+	If a message data file can't be opened at delivery time, panic and
+		abort the attempt instead of delivering a message that
+		states "<<< No Message Collected >>>".
+	Fixup the GID checking code from 8.10.2 as it was overly
+		restrictive.  Problem noted by Mark G. Thomas of Mark
+		G. Thomas Consulting.
+	Preserve source port number instead of replacing it with the ident
+		port number (113).
+	Document the queue status characters in the mailq man page.
+		Suggested by Ulrich Windl of the Universitat Regensburg.
+	Process queued items in which none of the recipient addresses have
+		host portions (or there are no recipients).  Problem noted
+		by Valdis Kletnieks of Virginia Tech.
+	If a cached LDAP connection is used for multiple maps, make sure
+		only the first to open the connection is allowed to close
+		it so a later map close doesn't break the connection for
+		other maps.  Problem noted by Wolfgang Hottgenroth of UUNET.
+	Netscape's LDAP libraries do not support Kerberos V4
+		authentication.  Patch from Rainer Schoepf of the
+		University of Mainz.
+	Provide workaround for inconsistent handling of data passed
+		via callbacks to Cyrus SASL prior to version 1.5.23.
+	Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile.  Omission
+		noted by Ulrich Windl of the Universitat Regensburg.
+	Portability:
+		Add the ability to read IPv6 interface addresses into class
+			'w' under FreeBSD (and possibly others).  From Jun
+			Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
+		Replace code for finding the number of CPUs on HPUX.
+		NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
+			work properly causing problems if the accept()
+			fails and the socket needs to be reopened.  Patch
+			from Tom Moore of NCR.
+		NetBSD uses a .0 extension of formatted man pages.  From
+			Andrew Brown of Graffiti World Wide, Inc.
+		Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
+			for calls to getipnodebyname().  The Linux
+			implementation is broken so AI_ADDRCONFIG is stripped
+			under Linux.  From John Beck of Sun Microsystems and
+			John Kennedy of Cal State University, Chico.
+	CONFIG: Catch invalid addresses containing a ',' at the wrong place.
+		Patch from Neil Rickert of Northern Illinois University.
+	CONFIG: New variables for the new sendmail options:
+		confCACERT_PATH			CACERTPath
+		confCACERT			CACERTFile
+		confCLIENT_CERT			ClientCertFile
+		confCLIENT_KEY			ClientKeyFile
+		confDH_PARAMETERS		DHParameters
+		confRAND_FILE			RandFile
+		confSERVER_CERT			ServerCertFile
+		confSERVER_KEY			ServerKeyFile
+	CONFIG: Provide basic rulesets for TLS policy control and add new
+		tags to the access database to support these policies.  See
+		cf/README for more information.
+	CONFIG: Add TLS information to the Received: header.
+	CONFIG: Call tls_client ruleset from check_mail in case it wasn't
+		called due to a STARTTLS command.
+	CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
+		instead of temporary.
+	CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
+		the access map and relaying to a domain without using a To:
+		tag.  Problem noted by Mark G. Thomas of Mark G. Thomas
+		Consulting.
+	CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
+		OSTYPE(`linux') and OSTYPE(`mklinux').  From Tim Pierce of
+		RootsWeb.com.
+	CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
+		forwarding to make it as close to the old behavior as
+		possible.  Problem noted by George W. Baltz of the
+		University of Maryland.
+	CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users.  From
+		Wilfredo Sanchez of Apple Computer, Inc.
+	CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
+		ldap_mailhost and ldap_mailroutingaddress to ldapmh and
+		ldapmra as underscores in map names cause problems if
+		underscore is in OperatorChars.  Problem noted by Bob Zeitz
+		of the University of Alberta.
+	CONFIG: Apply blacklist_recipients also to hosts in class {w}.
+		Patch from Michael Tratz of Esosoft Corporation.
+	CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
+	CONTRIB: Add link_hash.sh to create symbolic links to the hash
+		of X.509 certificates.
+	CONTRIB: passwd-to-alias.pl:  More protection from special characters;
+		treat special shells as root aliases; skip entries where the
+		GECOS full name and username match.  From Ulrich Windl of the
+		Universitat Regensburg.
+	CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
+		typo.  Patch from Graeme Hewson of Oracle.
+	CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
+		and sendmail.  Patch from Graeme Hewson of Oracle.
+	CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
+		subroutine Patch from Graeme Hewson of Oracle.
+	CONTRIB: Add movemail.pl (move old mail messages between queues by
+		calling re-mqueue.pl) and movemail.conf (configuration
+		script for movemail.pl).  From Graeme Hewson of Oracle.
+	CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
+		makemap).  From Derek J. Balling of Yahoo,Inc.
+	DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
+		extension modifications (e.g., MAN8EXT) to the installation
+		target.  Patch from James Ralston of Carnegie Mellon
+		University.
+	DEVTOOLS: Add support for SunOS 5.9.
+	DEVTOOLS: New option confLN contains the command used to create
+		links.
+	LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
+		reported.
+	MAIL.LOCAL: DG/UX portability.  Problem noted by Tim Boyer of
+		Denman Tire Corporation.
+	MAIL.LOCAL: Prevent a possible DoS attack when compiled with
+		-DCONTENTLENGTH.  Based on patch from 3APA3A@SECURITY.NNOV.RU.
+	MAILSTATS: Fix usage statement (-p and -o are optional).
+	MAKEMAP: Change man page layout as workaround for problem with nroff
+		and -man on Solaris 7.  Patch from Larry Williamson.
+	RMAIL: AIX 4.3 has snprintf().  Problem noted by David Hayes of
+		Black Diamond Equipment, Limited.
+	RMAIL: Prevent a segmentation fault if the incoming message does not
+		have a From line.
+	VACATION: Read all of the headers before deciding whether or not
+		to respond instead of stopping after finding recipient.
+	Added Files:
+		cf/ostype/darwin.m4
+		contrib/cidrexpand
+		contrib/link_hash.sh
+		contrib/movemail.conf
+		contrib/movemail.pl
+		devtools/OS/SunOS.5.9
+		test/t_snprintf.c
+
+8.10.2/8.10.2	2000/06/07
+	SECURITY: Work around broken Linux setuid() implementation.
+		On Linux, a normal user process has the ability to subvert
+		the setuid() call such that it is impossible for a root
+		process to drop its privileges.  Problem noted by Wojciech
+		Purczynski of elzabsoft.pl.
+	SECURITY: Add more vigilance around set*uid(), setgid(), setgroups(),
+		initgroups(), and chroot() calls.
+	Added Files:
+		test/t_setuid.c
+
+8.10.1/8.10.1	2000/04/06
+	SECURITY: Limit the choice of outgoing (client-side) SMTP
+		Authentication mechanisms to those specified in
+		AuthMechanisms to prevent information leakage.  We do not
+		recommend use of PLAIN for outgoing mail as it sends the
+		password in clear text to possibly untrusted servers.  See
+		cf/README's DefaultAuthInfo section for additional information.
+	Copy the ident argument for openlog() to avoid problems on some
+		OSs.  Based on patch from Rob Bajorek from Webhelp.com.
+	Avoid bogus error message when reporting an alias line as too long.
+	Avoid bogus socket error message if sendmail.cf version level is
+		greater than sendmail binary supported version.  Patch
+		from John Beck of Sun Microsystems.
+	Prevent a malformed ruleset (missing right hand side) from causing
+		a segmentation fault when using address test mode.  Based on
+		patch from John Beck of Sun Microsystems.
+	Prevent memory leak from use of NIS maps and yp_match(3).  Problem
+		noted by Gil Kloepfer of the University of Texas at Austin.
+	Fix queue file permission checks to allow for TrustedUser ownership.
+	Change logging of errors from the trust_auth ruleset to LogLevel 10
+		or higher.
+	Avoid simple password cracking attacks against SMTP AUTH by using
+		exponential delay after too many tries within one connection.
+	Encode an initial empty AUTH challenge as '=', not as empty string.
+	Avoid segmentation fault on EX_SOFTWARE internal error logs.
+		Problem noted by Allan E Johannesen of Worcester
+		Polytechnic Institute.
+	Ensure that a header check which resolves to $#discard actually
+		discards the message.
+	Emit missing value warnings for aliases with no right hand side
+		when newaliases is run instead of only when delivery is
+		attempted to the alias.
+	Remove AuthOptions missing value warning for consistency with other
+		flag options.
+	Portability:
+		SECURITY: Specify a run-time shared library search path for
+			AIX 4.X instead of using the dangerous AIX 4.X
+			linker semantics.  AIX 4.X users should consult
+			sendmail/README for further information.  Problem
+			noted by Valdis Kletnieks of Virginia Tech.
+		Avoid use of strerror(3) call.  Problem noted by Charles
+			Levert of Ecole Polytechnique de Montreal.
+		DGUX requires -lsocket -lnsl and has a non-standard install
+			program.  From Tim Boyer of Denman Tire Corporation.
+		HPUX 11.0 has a broken res_search() function.
+		Updates to devtools/OS/NeXT.3.X, NeXT.4.X, and NEXTSTEP.4.X
+			from J. P. McCann of E I A.
+		Digital UNIX/Compaq Tru64 5.0 now includes snprintf(3).
+			Problem noted by Michael Long of Info Avenue Internet
+			Services, LLC.
+		Modern (post-199912) OpenBSD versions include working
+			strlc{at,py}(3) functions.  From Todd C. Miller of
+			Courtesan Consulting.
+		SINIX doesn't have random(3).  From Gerald Rinske of
+			Siemens Business Services.
+	CONFIG: Change error message about unresolvable sender domain to
+		include the sender address.  Proposed by Wolfgang Rupprecht
+		of WSRCC.
+	CONFIG: Fix usenet mailer calls.
+	CONFIG: If RELAY_MAILER_FLAGS is not defined, use SMTP_MAILER_FLAGS
+		to be backward compatible with 8.9.
+	CONFIG: Change handling of default case @domain for virtusertable
+		to allow for +*@domain to deal with +detail.
+	CONTRIB: Remove converting.sun.configs -- it is obsolete.
+	DEVTOOLS: confUBINMODE was being ignored.  Fix from KITAZIMA, Tuneki
+		of NEC.
+	DEVTOOLS: Add to NCR platform list and include the architecture
+		(i486).  From Tom J. Moore of NCR.
+	DEVTOOLS: SECURITY: Change method of linking with sendmail utility
+		libraries to work around the AIX 4.X and SunOS 4.X linker's
+		overloaded -L option.  Problem noted by Valdis Kletnieks of
+		Virginia Tech.
+	DEVTOOLS: configure.sh was overriding the user's choice for
+		confNROFF.  Problem noted by Glenn A. Malling of Syracuse
+		University.
+	DEVTOOLS: New variables conf_prog_LIB_POST and confBLDVARIANT added
+		for other internal projects but included in the open source
+		release.
+	LIBSMDB: Check for ".db" instead of simply "db" at the end of the
+		map name to determine whether or not to add the extension.
+		This fixes makemap when building the userdb file.  Problem
+		noted by Andrew J Cole of the University of Leeds.
+	LIBSMDB: Allow a database to be opened for updating and created if
+		it doesn't already exist.  Problem noted by Rand Wacker of
+		Sendmail.
+	LIBSMDB: If type is SMDB_TYPE_DEFAULT and both NEWDB and NDBM are
+		available, fall back to NDBM if NEWDB open fails.  This
+		fixes praliases.  Patch	from John Beck of Sun Microsystems.
+	LIBSMUTIL: safefile()'s SFF_NOTEXCL check was being misinterpreted
+		as SFF_NOWRFILES.
+	OP.ME: Clarify some issues regarding mailer flags.  Suggested by
+		Martin Mokrejs of The Charles University and Neil Rickert of
+		Northern Illinois University.
+	PRALIASES: Restore 8.9.X functionality of being able to search for
+		particular keys in a database by specifying the keys on the
+		command line.  Man page updated accordingly.  Patch from
+		John Beck of Sun Microsystems.
+	VACATION: SunOS 4.X portability from Charles Levert of Ecole
+		Polytechnique de Montreal.
+	VACATION: Fix -t option which is ignored but available for
+		compatibility with Sun's version, based on patch from
+		Volker Dobler of Infratest Burke.
+	Added Files:
+		devtools/M4/UNIX/smlib.m4
+		devtools/OS/OSF1.V5.0
+	Deleted Files:
+		contrib/converting.sun.configs
+	Deleted Directories (already done in 8.10.0 but not listed):
+		doc/intro
+		doc/usenix
+		doc/changes
+
+8.10.0/8.10.0	2000/03/01
+	    *************************************************************
+	    * The engineering department at Sendmail, Inc. has suffered *
+	    * the tragic loss of a key member of our engineering team.  *
+	    * Julie Van Bourg was the Vice President of Engineering     *
+	    * at Sendmail, Inc. during the development and deployment   *
+	    * of this release.  It was her vision, dedication, and      *
+	    * support that has made this release a success.  Julie died *
+	    * on October 26, 1999 of cancer.  We have lost a leader, a  *
+	    * coach, and a friend.                                      *
+	    *                                                           *
+	    * This release is dedicated to her memory and to the joy,   *
+	    * strength, ideals, and hope that she brought to all of us. *
+	    * Julie, we miss you!                                       *
+	    *************************************************************
+	SECURITY: The safe file checks now back track through symbolic
+		links to make sure the files can't be compromised due
+		to poor permissions on the parent directories of the
+		symbolic link target.
+	SECURITY: Only root, TrustedUser, and users in class t can rebuild
+		the alias map.  Problem noted by Michal Zalewski of the
+		"Internet for Schools" project (IdS).
+	SECURITY: There is a potential for a denial of service attack if
+		the AutoRebuildAliases option is set as a user can kill the
+		sendmail process while it is rebuilding the aliases file
+		(leaving it in an inconsistent state).  This option and
+		its use is deprecated and will be removed from a future
+		version of sendmail.
+	SECURITY: Make sure all file descriptors (besides stdin, stdout, and
+		stderr) are closed before restarting sendmail.  Problem noted
+		by Michal Zalewski of the "Internet for Schools" project
+		(IdS).
+	Begin using /etc/mail/ for sendmail related files.  This affects
+		a large number of files.  See cf/README for more details.
+	The directory structure of the distribution has changed slightly
+		for easier code sharing among the programs.
+	Support SMTP AUTH (see RFC 2554).  New macros for this purpose
+		are ${auth_authen}, ${auth_type}, and ${auth_author}
+		which hold the client's authentication credentials,
+		the mechanism used for authentication, and the
+		authorization identity (i.e., the AUTH= parameter if
+		supplied).  Based on code contributed by Tim Martin of CMU.
+	On systems which use the Torek stdio library (all of the BSD
+		distributions), use memory-buffered files to reduce
+		file system overhead by not creating temporary files on
+		disk.  Contributed by Exactis.com, Inc.
+	New option DataFileBufferSize to control the maximum size of a
+		memory-buffered data (df) file before a disk-based file is
+		used.  Contributed by Exactis.com, Inc.
+	New option XscriptFileBufferSize to control the maximum size of a
+		memory-buffered transcript (xf) file before a disk-based
+		file is used.  Contributed by Exactis.com, Inc.
+	sendmail implements RFC 2476 (Message Submission), e.g., it can
+		now listen on several different ports.  Use:
+		O DaemonPortOptions=Name=MSA, Port=587, M=E
+		to run a Message Submission Agent (MSA); this is turned
+		on by default in m4-generated .cf files; it can be turned
+		off with FEATURE(`no_default_msa').
+	The 'XUSR' SMTP command is deprecated.  Mail user agents should
+		begin using RFC 2476 Message Submission for initial user
+		message submission.  XUSR may disappear from a future release.
+	The new '-G' (relay (gateway) submission) command line option
+		indicates that the message being submitted from the command
+		line is for relaying, not initial submission.  This means
+		the message will be rejected if the addresses are not fully
+		qualified and no canonicalization will be done.  Future
+		releases may even reject improperly formed messages.
+	The '-U' (initial user submission) command line option is
+		deprecated and may be removed from a future release.
+		Mail user agents should begin using '-G' to indicate that
+		this is a relay submission (the inverse of -U).
+	The next release of sendmail will assume that any message submitted
+		from the command line is an initial user submission and act
+		accordingly.
+	If sendmail doesn't have enough privileges to run a .forward
+		program or deliver to file as the owner of that file, the
+		address is marked as unsafe.  This means if RunAsUser is
+		set, users won't be able to use programs or delivery to
+		files in their .forward files.  Administrators can override
+		this by setting the DontBlameSendmail option to the new
+		setting NonRootSafeAddr.
+	Allow group or world writable directories if the sticky bit is set
+		on the directory and DontBlameSendmail is set to
+		TrustStickyBit.  Based on patch from Chris Metcalf of
+		InCert Software.
+	Prevent logging of unsafe directory paths for non-existent forward
+		files if the new DontWarnForwardFileInUnsafeDirPath bit is
+		set in the DontBlameSendmail option.  Requested by many.
+	New Timeout.control option to limit the total time spent satisfying
+		a control socket request.
+	New Timeout.resolver options for controlling BIND resolver
+		settings:
+		Timeout.resolver.retrans
+			Sets the resolver's retransmission time interval (in
+			seconds).  Sets both Timeout.resolver.retrans.first
+			and Timeout.resolver.retrans.normal.
+		Timeout.resolver.retrans.first
+			Sets the resolver's retransmission time interval (in
+			seconds) for the first attempt to deliver a message.
+		Timeout.resolver.retrans.normal
+			Sets the resolver's retransmission time interval (in
+			seconds) for all resolver lookups except the first
+			delivery attempt.
+		Timeout.resolver.retry
+			Sets the number of times to retransmit a resolver
+			query.  Sets both Timeout.resolver.retry.first
+			and Timeout.resolver.retry.normal.
+		Timeout.resolver.retry.first
+			Sets the number of times to retransmit a resolver
+			query for the first attempt to deliver a message.
+		Timeout.resolver.retry.normal
+			Sets the number of times to retransmit a resolver
+			query for all resolver lookups except the first
+			delivery attempt.
+		Contributed by Exactis.com, Inc.
+	Support multiple queue directories.  To use multiple queues, supply
+		a QueueDirectory option value ending with an asterisk.  For
+		example, /var/spool/mqueue/q* will use all of the
+		directories or symbolic links to directories beginning with
+		'q' in /var/spool/mqueue as queue directories.  Keep in
+		mind, the queue directory structure should not be changed
+		while sendmail is running.  Queue runs create a separate
+		process for running each queue unless the verbose flag is
+		given on a non-daemon queue run.  New items are randomly
+		assigned to a queue.  Contributed by Exactis.com, Inc.
+	Support different directories for qf, df, and xf queue files; if
+		subdirectories or symbolic links to directories of those names
+		exist in the queue directories, they are used for the
+		corresponding queue files.  Keep in mind, the queue
+		directory structure should not be changed while sendmail is
+		running.  Proposed by Mathias Koerber of Singapore
+		Telecommunications Ltd.
+	New queue file naming system which uses a filename guaranteed to be
+		unique for 60 years.  This allows queue IDs to be assigned
+		without fancy file system locking.  Queued items can be
+		moved between queues easily.  Contributed by Exactis.com,
+		Inc.
+	Messages which are undeliverable due to temporary address failures
+		(e.g., DNS failure) will now go to the FallBackMX host, if
+		set.  Contributed by Exactis.com, Inc.
+	New command line option '-L tag' which sets the identifier used for
+		syslog.  Contributed by Exactis.com, Inc.
+	QueueSortOrder=Filename will sort the queue by filename.  This
+		avoids opening and reading each queue file when preparing
+		to run the queue.  Contributed by Exactis.com, Inc.
+	Shared memory counters and microtimers functionality has been
+		donated by Exactis.com, Inc.
+	The SCCS ID tags have been replaced with RCS ID tags.
+	Allow trusted users (those on a T line or in $=t) to set the
+		QueueDirectory (Q) option without an X-Authentication-Warning:
+		being added.  Suggested by Michael K. Sanders.
+	IPv6 support based on patches from John Kennedy of Cal State
+		University, Chico, Motonori Nakamura of Kyoto University,
+		and John Beck of Sun Microsystems.
+	In low-disk space situations, where sendmail would previously refuse
+		connections, still accept them, but only allow ETRN commands.
+		Suggested by Mathias Koerber of Singapore Telecommunications
+		Ltd.
+	The [IPC] builtin mailer now allows delivery to a UNIX domain socket
+		on systems which support them.  This can be used with LMTP
+		local delivery agents which listen on a named socket.  An
+		example mailer might be:
+			Mexecmail, P=[IPC], F=lsDFMmnqSXzA5@/:|, E=\r\n,
+				S=10, R=20/40, T=DNS/RFC822/X-Unix,
+				A=FILE /var/run/lmtpd
+		Code contributed by Lyndon Nerenberg of Messaging Direct.
+	The [TCP] builtin mailer name is now deprecated.  Use [IPC]
+		instead.
+	The first mailer argument in the [IPC] mailer is now checked for a
+		legitimate value.  Possible values are TCP (for TCP/IP
+		connections), IPC (which will be deprecated in a future
+		version), and FILE (for UNIX domain socket delivery).
+	PrivacyOptions=goaway no longer includes the noetrn and the noreceipts
+		flags.
+	PrivacyOptions=nobodyreturn instructs sendmail not to include the
+		body of the original message on delivery status
+		notifications.
+	Don't announce DSN if PrivacyOptions=noreceipts is set.  Problem noted
+		by Dan Bernstein, fix from Robert Harker of Harker Systems.
+	Accept the SMTP RSET command even when rejecting commands due to TCP
+		Wrappers or the check_relay ruleset.  Problem noted by
+		Steve Schweinhart of America Online.
+	Warn if OperatorChars is set multiple times.  OperatorChars should
+		not be set after rulesets are defined.  Suggested by
+		Mitchell Blank Jr of Exec-PC.
+	Do not report temporary failure on delivery to files.  In
+		interactive delivery mode, this would result in two SMTP
+		responses after the DATA command.  Problem noted by
+		Nik Conwell of Boston University.
+	Check file close when mailing to files.  Problem noted by Nik
+		Conwell of Boston University.
+	Avoid a segmentation fault when using the LDAP map.  Patch from
+		Curtis W. Hillegas of Princeton University.
+	Always bind to the LDAP server regardless of whether you are using
+		ldap_open() or ldap_init().  Fix from Raj Kunjithapadam of
+		@Home Network.
+	New ruleset trust_auth to determine whether a given AUTH=
+		parameter of the MAIL command should be trusted.  See SMTP
+		AUTH, cf/README, and doc/op/op.ps.
+	Allow new named config file rules check_vrfy, check_expn, and
+		check_etrn for VRFY, EXPN, and ETRN commands, respectively,
+		similar to check_rcpt etc.
+	Introduce new macros ${rcpt_mailer}, ${rcpt_host}, ${rcpt_addr},
+		${mail_mailer}, ${mail_host}, ${mail_addr} that hold
+		the results of parsing the RCPT and MAIL arguments, i.e.
+		the resolved triplet from $#mailer $@host $:addr.
+		From Kari Hurtta of the Finnish Meteorological Institute.
+	New macro ${client_resolve} which holds the result of the resolve
+		call for ${client_name}: OK, FAIL, FORGED, TEMP.  Proposed
+		by Kari Hurtta of the Finnish Meteorological Institute.
+	New macros ${dsn_notify}, ${dsn_envid}, and ${dsn_ret} that hold
+		the corresponding DSN parameter values.  Proposed by
+		Mathias Herberts.
+	New macro ${msg_size} which holds the value of the SIZE= parameter,
+		i.e., usually the size of the message (in an ESMTP dialogue),
+		before the message has been collected, thereafter it holds
+		the message size as computed by sendmail (and can be used
+		in check_compat).
+	The macro ${deliveryMode} now specifies the current delivery mode
+		sendmail is using instead of the value of the DeliveryMode
+		option.
+	New macro ${ntries} holds the number of delivery attempts.
+	Drop explicit From: if same as what would be generated only if it is
+		a local address.  From Motonori Nakamura of Kyoto University.
+	Write pid to file also if sendmail only processes the queue.
+		Proposed by Roy J. Mongiovi of Georgia Tech.
+	Log "low on disk space" only when necessary.
+	New macro ${load_avg} can be used to check the current load average.
+		Suggested by Scott Gifford of The Internet Ramp.
+	Return-Receipt-To: header implies DSN request if option RrtImpliesDsn
+		is set.
+	Flag -S for maps to specify the character which is substituted
+		for spaces (instead of the default given by O BlankSub).
+	Flag -D for maps: perform no lookup in deferred delivery mode.
+		This flag is set by default for the host map.  Based on a
+		proposal from Ian MacPhedran of the University of Saskatchewan.
+	Open maps only on demand, not at startup.
+	Log warning about unsupported IP address families.
+	New option MaxHeadersLength allows to specify a maximum length
+		of the sum of all headers.  This can be used to prevent
+		a denial-of-service attack.
+	New option MaxMimeHeaderLength which limits the size of MIME
+		headers and parameters within those headers.  This option
+		is intended to protect mail user agents from buffer
+		overflow attacks.
+	Added option MaxAliasRecursion to specify the maximum depth of
+		alias recursion.
+	New flag F=6 for mailers to strip headers to seven bit.
+	Map type syslog to log the key via syslogd.
+	Entries in the alias file can be continued by putting a backslash
+		directly before the newline.
+	New option DeadLetterDrop to define the location of the system-wide
+		dead.letter file, formerly hardcoded to
+		/usr/tmp/dead.letter.  If this option is not set (the
+		default), sendmail will not attempt to save to a
+		system-wide dead.letter file if it can not bounce the mail
+		to the user nor postmaster.  Instead, it will rename the qf
+		file as it has in the past when the dead.letter file
+		could not be opened.
+	New option PidFile to define the location of the pid file.  The
+		value of this option is macro expanded.
+	New option ProcessTitlePrefix specifies a prefix string for the
+		process title shown in 'ps' listings.
+	New macros for use with the PidFile and ProcessTitlePrefix options
+		(along with the already existing macros):
+		${daemon_info}      Daemon information, e.g.
+		                    SMTP+queueing@00:30:00
+		${daemon_addr}	    Daemon address, e.g., 0.0.0.0
+		${daemon_family}    Daemon family, e.g., inet, inet6, etc.
+		${daemon_name}      Daemon name, e.g., MSA.
+		${daemon_port}	    Daemon port, e.g., 25
+		${queue_interval}   Queue run interval, e.g., 00:30:00
+	New macros especially for virtual hosting:
+		${if_name}	hostname of interface of incoming connection.
+		${if_addr}	address of interface of incoming connection.
+		The latter is only set if the interface does not belong to the
+		loopback net.
+	If a message being accepted via a method other than SMTP and
+		would be rejected by a header check, do not send the message.
+		Suggested by Phil Homewood of Mincom Pty Ltd.
+	Don't strip comments for header checks if $>+ is used instead of $>.
+		Provide header value as quoted string in the macro
+		${currHeader} (possibly truncated to MAXNAME).  Suggested by
+		Jan Krueger of Unix-AG of University of Hannover.
+		The length of the header value is stored in ${hdrlen}.
+	H*: allows to specify a default ruleset for header checks.  This
+		ruleset will only be called if the individual header does
+		not have its own ruleset assigned.  Suggested by Jan
+		Krueger of Unix-AG of University of Hannover.
+		The name of the header field stored in ${hdr_name}.
+	Comments (i.e., text within parentheses) in rulesets are not
+		removed if the config file version is greater than or equal
+		to 9.  For example, "R$+ ( 1 )		$@ 1" matches the
+		input "token (1)" but does not match "token".
+	Avoid removing the Content-Transfer-Encoding MIME header on
+		MIME messages.  Problem noted by Sigurbjorn B. Larusson of
+		Multimedia Consumer Services.  Fix from Per Hedeland of
+		Ericsson.
+	Avoid duplicate Content-Transfer-Encoding MIME header on
+		messages with 8-bit text in headers.  Problem noted by
+		Per Steinar Iversen of Oslo College.  Fix from Per Hedeland
+		of Ericsson.
+	Avoid keeping maps locked longer than necessary when re-opening a
+		modified database map file.  Problem noted by Chris Adams
+		of Renaissance Internet Services.
+	Resolving to the $#error mailer with a temporary failure code (e.g.,
+		$#error $@ tempfail $: "400 Temporary failure") will now
+		queue up the message instead of bouncing it.
+	Be more liberal in acceptable responses to an SMTP RSET command as
+		standard does not provide any indication of what to do when
+		something other than 250 is received.  Based on a patch
+		from Steve Schweinhart of America Online.
+	New option TrustedUser allows to specify a user who can own
+		important files instead of root.  This requires HASFCHOWN.
+	Fix USERDB conditional so compiling with NEWDB or HESIOD and
+		setting USERDB=0 works.  Fix from Jorg Zanger of Schock.
+	Fix another instance (similar to one in 8.9.3) of a network failure
+		being mis-logged as "Illegal Seek" instead of whatever
+		really went wrong.  From John Beck of Sun Microsystems.
+	$? tests also whether the macro is non-null.
+	Print an error message if a mailer definition contains an invalid
+		equate name.
+	New mailer equate /= to specify a directory to chroot() into before
+		executing the mailer program.  Suggested by Igor Vinokurov.
+	New mailer equate W= to specify the maximum time to wait for the
+		mailer to return after sending all data to it.
+	Only free memory from the process list when adding a new process
+		into a previously filled slot.  Previously, the memory was
+		freed at removal time.  Since removal can happen in a
+		signal handler, this may leave the memory map in an
+		inconsistent state.  Problem noted by Jeff A. Earickson and
+		David Cooley of Colby College.
+	When using the UserDB @hostname catch-all, do not try to lookup
+		local users in the passwd file.  The UserDB code has
+		already decided the message will be passed to another host
+		for processing.  Fix from Tony Landells of Burdett
+		Buckeridge Young Limited.
+	Support LDAP authorization via either a file containing the
+		password or Kerberos V4 using the new map options
+		'-ddistinguished_name', '-Mmethod', and '-Pfilename'.  The
+		distinguished_name is who to login as.  The method can be
+		one of LDAP_AUTH_NONE, LDAP_AUTH_SIMPLE, or
+		LDAP_AUTH_KRBV4.  The filename is the file containing the
+		secret key for LDAP_AUTH_SIMPLE or the name of the Kerberos
+		ticket file for LDAP_AUTH_KRBV4.  Patch from Booker Bense
+		of Stanford University.
+	The ldapx map has been renamed to ldap.  The use of ldapx is
+		deprecated and will be removed in a future version.
+	If the result of an LDAP search returns a multi-valued attribute
+		and the map has the column delimiter set, it turns that
+		response into a delimiter separated string.  The LDAP map
+		will traverse multiple entries as well.  LDAP alias maps
+		automatically set the column delimiter to the comma.
+		Based on patch from Booker Bense of Stanford University and
+		idea from Philip A. Prindeville of Mirapoint, Inc.
+	Support return of multiple values for a single LDAP lookup.  The
+		values to be returned should be in a comma separated string.
+		For example, `-v "email,emailother"'.  Patch from
+		Curtis W. Hillegas of Princeton University.
+	Allow the use of LDAP for alias maps.
+	If no LDAP attributes are specified in an LDAP map declaration, all
+		attributes found in the match will be returned.
+	Prevent commas in quoted strings in the AliasFile value from
+		breaking up a single entry into multiple entries.  This is
+		needed for LDAP alias file specifications to allow for
+		comma separated key and value strings.
+	Keep connections to LDAP server open instead of opening and closing
+		for each lookup.  To reduce overhead, sendmail will cache
+		connections such that multiple maps which use the same
+		host, port, bind DN, and authentication will only result in
+		a single connection to that host.
+	Put timeout in the proper place for USE_LDAP_INIT.
+	Be more careful about checking for errors and freeing memory on
+		LDAP lookups.
+	Use asynchronous LDAP searches to save memory and network
+		resources.
+	Do not copy LDAP query results if the map's match only flag is set.
+	Increase portability to the Netscape LDAP libraries.
+	Change the parsing of the LDAP filter specification.  '%s' is still
+		replaced with the literal contents of the map lookup key --
+		note that this means a lookup can be done using the LDAP
+		special characters.  The new '%0' token can be used instead
+		of '%s' to encode the key buffer according to RFC 2254.
+		For example, if the LDAP map specification contains '-k
+		"(user=%s)"' and a lookup is done on "*", this would be
+		equivalent to '-k "(user=*)"' -- matching ANY record with a
+		user attribute.  Instead, if the LDAP map specification
+		contains '-k "(user=%0)"' and a lookup is done on "*", this
+		would be equivalent to '-k "(user=\2A)"' -- matching a user
+		with the name "*".
+	New LDAP map flags: "-1" requires a single match to be returned, if
+		more than one is returned, it is equivalent to no records
+		being found; "-r never|always|search|find" sets the LDAP
+		alias dereference option; "-Z size" limits the number of
+		matches to return.
+	New option LDAPDefaultSpec allows a default map specification for
+		LDAP maps.  The value should only contain LDAP specific
+		settings such as "-h host -p port -d bindDN", etc.  The
+		settings will be used for all LDAP maps unless they are
+		specified in the individual map specification ('K'
+		command).  This option should be set before any LDAP maps
+		are defined.
+	Prevent an NDBM alias file opening loop when the NDBM open
+		continually fails.  Fix from Roy J. Mongiovi of Georgia
+		Tech.
+	Reduce memory utilization for smaller symbol table entries.  In
+		particular, class entries get much smaller, which can be
+		important if you have large classes.
+	On network-related temporary failures, record the hostname which
+		gave error in the queued status message.  Requested by
+		Ulrich Windl of the Universitat Regensburg.
+	Add new F=% mailer flag to allow for a store and forward
+		configuration.  Mailers which have this flag will not attempt
+		delivery on initial recipient of a message or on queue runs
+		unless the queued message is selected using one of the
+		-qI/-qR/-qS queue run modifiers or an ETRN request.  Code
+		provided by Philip Guenther of Gustavus Adolphus College.
+	New option ControlSocketName which, when set, creates a daemon
+		control socket.  This socket allows an external program to
+		control and query status from the running sendmail daemon
+		via a named socket, similar to the ctlinnd interface to the
+		INN news server.  Access to this interface is controlled by
+		the UNIX file permissions on the named socket on most UNIX
+		systems (see sendmail/README for more information).  An
+		example control program is provided as contrib/smcontrol.pl.
+	Change the default values of QueueLA from 8 to (8 * numproc) and
+		RefuseLA from 12 to (12 * numproc) where numproc is the
+		number of processors online on the system (if that can be
+		determined).  For single processor machines, this change
+		has no effect.
+	Don't return body of message to postmaster on "Too many hops" bounces.
+		Based on fix from Motonori Nakamura of Kyoto University.
+	Give more detailed DSN descriptions for some cases.  Patch from
+		Motonori Nakamura of Kyoto University.
+	Logging of alias, forward file, and UserDB expansion now happens
+		at LogLevel 11 or higher instead of 10 or higher.
+	Logging of an envelope's complete delivery (the "done" message) now
+		happens at LogLevel 10 or higher instead of 11 or higher.
+	Logging of TCP/IP or UNIX standard input connections now happens at
+		LogLevel 10 or higher.  Previously, only TCP/IP connections
+		were logged, and on at LogLevel 12 or higher.  Setting
+		LogLevel to 10 will now assist users in tracking frequent
+		connection-based denial of service attacks.
+	Log basic information about authenticated connections at LogLevel
+		10 or higher.
+	Log SMTP Authentication mechanism and author when logging the sender
+		information (from= syslog line).
+	Log the DSN code for each recipient if one is available as a new
+		equate (dsn=).
+	Macro expand PostmasterCopy and DoubleBounceAddress options.
+	New "ph" map for performing ph queries in rulesets.  More
+		information is available at
+		http://www-wsg.cso.uiuc.edu/sendmail/patches/.
+		Contributed by Mark Roth of the University of Illinois at
+		Urbana-Champaign.
+	Detect temporary lookup failures in the host map if looking up a
+		bracketed IP address.  Problem noted by Kari Hurtta of the
+		Finnish Meteorological Institute.
+	Do not report a Remote-MTA on local deliveries.  Problem noted by
+		Kari Hurtta of the Finnish Meteorological Institute.
+	When a forward file points to an alias which runs a program, run
+		the program as the default user and the default group, not
+		the forward file user.  This change also assures the
+		:include: directives in aliases are also processed using
+		the default user and group.  Problem noted by Sergiu
+		Popovici of DNT Romania.
+	Prevent attempts to save a dead.letter file for a user with
+		no home directory (/no/such/directory).  Problem noted by
+		Michael Brown of Finnigan FT/MS.
+	Include message delay and number of tries when logging that a
+		message has been completely delivered (LogLevel of 10 or
+		above).  Suggested by Nick Hilliard of Ireland Online.
+	Log the sender of a message even if none of the recipients were
+		accepted.  If some of the recipients were rejected, it is
+		helpful to know the sender of the message.
+	Check the root directory (/) when checking a path for safety.
+		Problem noted by John Beck of Sun Microsystems.
+	Prevent multiple responses to the DATA command if DeliveryMode is
+		interactive and delivering to an alias which resolves to
+		multiple files.
+	Macros in the helpfile are expanded if the helpfile version is 2 or
+		greater (see below); the help function doesn't print the
+		version of sendmail any longer, instead it is placed in
+		the helpfile ($v).  Suggested by Chuck Foster of UUNET
+		PIPEX.  Additionally, comment lines (starting with #) are
+		skipped and a version line (#vers) is introduced.  The
+		helpfile version for 8.10.0 is 2, if no version or an older
+		version is found, a warning is logged.  The '#vers'
+		directive should be placed at the top of the help file.
+	Use fsync() when delivering to a file to guarantee the delivery to
+		disk succeeded.  Suggested by Nick Christenson.
+	If delivery to a file is unsuccessful, truncate the file back to its
+		length before the attempt.
+	If a forward points to a filename for delivery, change to the
+		user's uid before checking permissions on the file.  This
+		allows delivery to files on NFS mounted directories where
+		root is remapped to nobody.  Problem noted by Harald
+		Daeubler of Universitaet Ulm.
+	purgestat and sendmail -bH purge only expired (Timeout.hoststatus)
+		host status files, not all files.
+	Any macros stored in the class $={persistentMacros} will be saved
+		in the queue file for the message and set when delivery
+		is attempted on the queued item.  Suggested by Kyle Jones of
+		Wonderworks Inc.
+	Add support for storing information between rulesets using the new
+		macro map class.  This can be used to store information
+		between queue runs as well using $={persistentMacros}.
+		Based on an idea from Jan Krueger of Unix-AG of University
+		of Hannover.
+	New map class arith to allow for computations in rules.  The
+		operation (+, -, *, /, l (for less than), and =) is given
+		as key.  The two operands are specified as arguments; the
+		lookup returns the result of the computation.  For example,
+		"$(arith l $@ 4 $@ 2 $)" will return "FALSE" and
+		"$(arith + $@ 4 $@ 2 $)" will return "6".
+	Add new syntax for header declarations which decide whether to
+		include the header based on a macro rather than a mailer
+		flag:
+			H?${MyMacro}?X-My-Header: ${MyMacro}
+		This should be used along with $={persistentMacros}.
+		It can be used for adding headers to a message based on
+		the results of check_* and header check rulesets.
+	Allow new named config file rule check_eoh which is called after
+		all of the headers have been collected.  The input to the
+		ruleset the number of headers and the size of all of the
+		headers in bytes separated by $|.  This ruleset along with
+		the macro storage map can be used to correlate information
+		gathered between headers and to check for missing headers.
+		See cf/README or doc/op/op.ps for an example.
+	Change the default for the MeToo option to True to correspond
+		to the clarification in the DRUMS SMTP Update spec.  This
+		option is deprecated and will be removed from a future
+		version.
+	Change the sendmail binary default for SendMimeErrors to True.
+	Change the sendmail binary default for SuperSafe to True.
+	Display ruleset names in debug and address test mode output
+		if referencing a named ruleset.
+	New mailer equate m= which will limit the number of messages
+		delivered per connection on an SMTP or LMTP mailer.
+	Improve QueueSortOrder=Host by reversing the hostname before
+		using it to sort.  Now all the same domains are really run
+		through the queue together.  If they have the same MX host,
+		then they will have a much better opportunity to use the
+		connection cache if available.  This should be a reasonable
+		performance improvement.  Patch from Randall Winchester of
+		the University of Maryland.
+	If a message is rejected by a header check ruleset, log who would
+		have received the message if it had not been rejected.
+	New "now" value for Timeout.queuereturn to bounce entries from the
+		queue immediately.  No delivery attempt is made.
+	Increase sleeping time exponentially after too many "bad" commands
+		up to 4 minutes delay (compare MAX{BAD,NOOP,HELO,VRFY,ETRN}-
+		COMMANDS).
+	New option ClientPortOptions similar to DaemonPortOptions
+		but for outgoing connections.
+	New suboptions for DaemonPortOptions: Name (a name used for
+		error messages and logging) and Modifiers, i.e.
+			a	require authentication
+			b	bind to interface through which mail has
+				been received
+			c	perform hostname canonification
+			f	require fully qualified hostname
+			h	use name of interface for outgoing HELO
+				command
+			C	don't perform hostname canonification
+			E	disallow ETRN (see RFC 2476)
+	New suboption for ClientPortOptions: Modifiers, i.e.
+			h	use name of interface for HELO command
+	The version number for queue files (qf) has been incremented to 4.
+	Log unacceptable HELO/EHLO domain name attempts if LogLevel is set
+		to 10 or higher.  Suggested by Rick Troxel of the National
+		Institutes of Health.
+	If a mailer dies, print the status in decimal instead of octal
+		format.  Suggested by Michael Shapiro of Sun Microsystems.
+	Limit the length of all MX records considered for delivery to 8k.
+	Move message priority from sender to recipient logging.  Suggested by
+		Ulrich Windl of the Universitat Regensburg.
+	Add support for Berkeley DB 3.X.
+	Add fix for Berkeley DB 2.X fcntl() locking race condition.
+		Requires a post-2.7.5 version of Berkeley DB.
+	Support writing traffic log (sendmail -X option) to a FIFO.
+		Patch submitted by Rick Heaton of Network Associates, Inc.
+	Do not ignore Timeout settings in the .cf file when a Timeout
+		sub-options is set on the command line.  Problem noted by
+		Graeme Hewson of Oracle.
+	Randomize equal preference MX records each time delivery is
+		attempted via a new connection to a host instead of once per
+		session.  Suggested by Scott Salvidio of Compaq.
+	Implement enhanced status codes as defined by RFC 2034.
+	Add [hostname] to class w for the names of all interfaces unless
+		DontProbeInterfaces is set. This is useful for sending mails
+		to hosts which have dynamically assigned names.
+	If a message is bounced due to bad MIME conformance, avoid bouncing
+		the bounce for the same reason.  If the body is not 8-bit
+		clean, and EightBitMode isn't set to pass8, the body will
+		not be included in the bounce.  Problem noted by Valdis
+		Kletnieks of Virginia Tech.
+	The timeout for sending a message via SMTP has been changed from
+		'${msgsize} / 16 + (${nrcpts} * 300)' to a timeout which
+		simply checks for progress on sending data every 5 minutes.
+		This will detect the inability to send information quicker
+		and reduce the number of processes simply waiting to
+		timeout.
+	Prevent a segmentation fault on systems which give a partial filled
+		interface address structure when loading the system network
+		interface addresses.  Fix from Reinier Bezuidenhout of
+		Nanoteq.
+	Add a compile-time configuration macro, MAXINTERFACES, which
+		indicates the number of interfaces to read when probing
+		for hostnames and IP addresses for class w ($=w).  The
+		default value is 512.  Based on idea from Reinier
+		Bezuidenhout of Nanoteq.
+	If the RefuseLA option is set to 0, do not reject connections based
+		on load average.
+	Allow ruleset 0 to have a name.  Problem noted by Neil Rickert of
+		Northern Illinois University.
+	Expand the Return-Path: header at delivery time, after "owner-"
+		envelope splitting has occurred.
+	Don't try to sort the queue if there are no entries. Patch from
+		Luke Mewburn from RMIT University.
+	Add a "/quit" command to address test mode.
+	Include the proper sender in the UNIX "From " line and Return-Path:
+		header when undeliverable mail is saved to ~/dead.letter.
+		Problem noted by Kari Hurtta of the Finnish Meteorological
+		Institute.
+	The contents of a class can now be copied to another class using
+		the syntax: "C{Dest} $={Source}".  This would copy all of
+		the items in class $={Source} into the class $={Dest}.
+	Include original envelope's error transcript in bounces created for
+		split (owner-) envelopes to see the original errors when
+		the recipients were added.  Based on fix from Motonori
+		Nakamura of Kyoto University.
+	Show reason for permanent delivery errors directly after the
+		addresses.  From Motonori Nakamura of Kyoto University.
+	Prevent a segmentation fault when bouncing a split-envelope
+		message.  Patch from Motonori Nakamura of Kyoto University.
+	If the specification for the queue run interval (-q###) has a
+		syntax error, consider the error fatal and exit.
+	Pay attention to CheckpointInterval during LMTP delivery.  Problem
+		noted by Motonori Nakamura of Kyoto University.
+	On operating systems which have setlogin(2), use it to set the
+		login name to the RunAsUserName when starting as a daemon.
+		This is for delivery to programs which use getlogin().
+		Based on fix from Motonori Nakamura of Kyoto University.
+	Differentiate between "command not implemented" and "command
+		unrecognized" in the SMTP dialogue.
+	Strip returns from forward and include files.  Problem noted by
+		Allan E Johannesen of Worcester Polytechnic Institute.
+	Prevent a core dump when using 'sendmail -bv' on an address which
+		resolves to the $#error mailer with a temporary failure.
+		Based on fix from Neil Rickert of Northern Illinois
+		University.
+	Prevent multiple deliveries of a message with a "non-local alias"
+		pointing to a local user, if canonicalization fails
+		the message was requeued *and* delivered to the alias.
+	If an invalid ruleset is declared, the ruleset name could be
+		ignored and its rules added to S0.  Instead, ignore the
+		ruleset lines as well.
+	Avoid incorrect Final-Recipient, Action, and X-Actual-Recipient
+		success DSN fields as well as duplicate entries for a
+		single address due to S5 and UserDB processing.  Problems
+		noted by Kari Hurtta of the Finnish Meteorological
+		Institute.
+	Turn off timeouts when exiting sendmail due to an interrupt signal
+		to prevent the timeout from firing during the exit process.
+		Problem noted by Michael Shapiro of Sun Microsystems.
+	Do not append @MyHostName to non-RFC822 addresses output by the EXPN
+		command or on Final-Recipient: and X-Actual-Recipient: DSN
+		headers.  Non-RFC822 addresses include deliveries to
+		programs, file, DECnet, etc.
+	Fix logic for determining if a local user is using -f or -bs to
+		spoof their return address.  Based on idea from Neil Rickert
+		of Northern Illinois University and patch from Per Hedeland
+		of Ericsson.
+	Report the proper UID in the bounce message if an :include: file is
+		owned by a uid that doesn't map to a username and the
+		:include: file contains delivery to a file or program.
+		Problem noted by John Beck of Sun Microsystems.
+	Avoid the attempt of trying to send a second SMTP QUIT command if
+		the remote server responds to the first QUIT with a 4xx
+		response code and drops the connection.  This behavior was
+		noted by Ulrich Windl of the Universitat Regensburg when
+		sendmail was talking to the Mercury 1.43 MTA.
+	If a hostname lookup times out and ServiceSwitchFile is set but the
+		file is not present, the lookup failure would be marked as
+		a permanent failure instead of a temporary failure.  Fix
+		from Russell King of the ARM Linux Project.
+	Handle aliases or forwards which deliver to programs using tabs
+		instead of spaces between arguments.  Problem noted by Randy
+		Wormser.  Fix from Neil Rickert of Northern Illinois
+		University.
+	Allow MaxRecipientsPerMessage option to be set on the command line
+		by normal users (e.g., sendmail won't drop its root
+		privileges) to allow overrides for message submission via
+		'sendmail -bs'.
+	Set the names for help file and statistics file to "helpfile" and
+		"statistics", respectively, if no parameters are given for
+		them in the .cf file.
+	Avoid bogus 'errbody: I/O Error -7' log messages when sending
+		success DSN messages for messages relayed to non-DSN aware
+		systems.  Problem noted by Juergen Georgi of RUS University
+		of Stuttgart and Kyle Tucker of Parexel International.
+	Prevent +detail information from interfering with local delivery to
+		multiple users in the same transaction (F=m).
+	Add H_FORCE flag for the X-Authentication-Warning: header, so it
+		will be added even if one already exists.  Problem noted
+		by Michal Zalewski of Marchew Industries.
+	Stop processing SMTP commands if the SMTP connection is dropped.
+		This prevents a remote system from flooding the connection
+		with commands and then disconnecting.  Previously, the
+		server would process all of the buffered commands.  Problem
+		noted by Michal Zalewski of Marchew Industries.
+	Properly process user-supplied headers beginning with '?'.  Problem
+		noted by Michal Zalewski of Marchew Industries.
+	If multiple header checks resolve to the $#error mailer, use the
+		last permanent (5XX) failure if any exist.  Otherwise, use
+		the last temporary (4XX) failure.
+	RFC 1891 requires "hexchar" in a "xtext" to be upper case.  Patch
+		from Ronald F. Guilmette of Infinite Monkeys & Co.
+	Timeout.ident now defaults to 5 seconds instead of 30 seconds to
+		prevent the now common delays associated with mailing to a
+		site which drops IDENT packets.  Suggested by many.
+	Persistent host status data is not reloaded disk when current data
+		is available in the in-memory cache.  Problem noted by Per
+		Hedeland of Ericsson.
+	mailq displays unprintable characters in addresses as their octal
+		representation and a leading backslash.  This avoids problems
+		with "unprintable" characters.  Problem noted by Michal
+		Zalewski of the "Internet for Schools" project (IdS).
+	The mail line length limit (L= equate) was adding the '!' indicator
+		one character past the limit.  This would cause subsequent
+		hops to break the line again.  The '!' is now placed in
+		the last column of the limit if the line needs to be broken.
+		Problem noted by Joe Pruett of Q7 Enterprises.  Based on fix
+		from Per Hedeland of Ericsson.
+	If a resolver ANY query is larger than the UDP packet size, the
+		resolver will fall back to TCP.  However, some
+		misconfigured firewalls black 53/TCP so the ANY lookup
+		fails whereas an MX or A record might succeed.  Therefore,
+		don't fail on ANY queries.
+	If an SMTP recipient is rejected due to syntax errors in the
+		address, do not send an empty postmaster notification DSN
+		to the postmaster.  Problem noted by Neil Rickert of
+		Northern Illinois University.
+	Allow '_' and '.' in map names when parsing a sequence map
+		specification.  Patch from William Setzer of North Carolina
+		State University.
+	Fix hostname in logging of read timeouts for the QUIT command on
+		cached connections.  Problem noted by Neil Rickert of
+		Northern Illinois University.
+	Use a more descriptive entry to log "null" connections, i.e.,
+		"host did not issue MAIL/EXPN/VRFY/ETRN during connection".
+	Fix a file descriptor leak in ONEX mode.
+	Portability:
+		Reverse signal handling logic such that sigaction(2) with
+			the SA_RESTART flag is the preferred method and the
+			other signal methods are only tried if SA_RESTART
+			is not available.  Problem noted by Allan E
+			Johannesen of Worcester Polytechnic Institute.
+		AIX 4.x supports the sa_len member of struct sockaddr.
+			This allows network interface probing to work
+			properly.  Fix from David Bronder of the
+			University of Iowa.
+		AIX 4.3 has snprintf() support.
+		Use "PPC" as the architecture name when building under
+			AIX.  This will be reflected in the obj.* directory
+			name.
+		Apple Darwin support based on Apple Rhapsody port.
+		Fixed AIX 'make depend' method from Valdis Kletnieks of
+			Virginia Tech.
+		Digital UNIX has uname(2).
+		GNU Hurd updates from Mark Kettenis of the University of
+			Amsterdam.
+		Improved HPUX 11.0 portability.
+		Properly determine the number of CPUs on FreeBSD 2.X,
+			FreeBSD 3.X, HP/UX 10.X and HP/UX 11.X.
+		Remove special IRIX ABI cases from Build script and the OS
+			files.  Use the standard 'cc' options used by SGI
+			in building the operating system.  Users can
+			override the defaults by setting confCC and
+			confLIBSEARCHPATH appropriately.
+		IRIX nsd map support from Bob Mende of SGI.
+		Minor devtools fixes for IRIX from Bob Mende of SGI.
+		Linux patch for IP_SRCROUTE support from Joerg Dorchain
+			of MW EDV & ELECTRONIC.
+		Linux now uses /usr/sbin for confEBINDIR in the build
+			system.  From MATSUURA Takanori of Osaka University.
+		Remove special treatment for Linux PPC in the build
+			system.  From MATSUURA Takanori of Osaka University.
+		Motorolla UNIX SYSTEM V/88 Release 4.0 support from
+			Sergey Rusanov of the Republic of Udmurtia.
+		NCR MP-RAS 3.x includes regular expression support.  From
+			Tom J. Moore of NCR.
+		NEC EWS-UX/V series settings for _PATH_VENDOR_CF and
+			_PATH_SENDMAILPID from Oota Toshiya of
+			NEC Computers Group Planning Division.
+		Minor NetBSD owner/group tweaks from Ayamura Kikuchi, M.D.
+		NEWS-OS 6.X listed SYSLOG_BUFSIZE as 256 in confENVDEF and
+			1024 in conf.h.  Since confENVDEF would be used,
+			use that value in conf.h.
+		Use NeXT's NETINFO to get domain name.  From Gerd Knops of
+			BITart Consulting.
+		Use NeXT's NETINFO for alias and hostname resolution if
+			AUTO_NETINFO_ALIASES and AUTO_NETINFO_HOSTS are
+			defined.  Patch from Wilfredo Sanchez of Apple
+			Computer, Inc.
+		NeXT portability tweaks.  Problems reported by Dragan
+			Milicic of the University of Utah and J. P. McCann
+			of E I A.
+		New compile flag FAST_PID_RECYCLE: set this if your system
+			can reuse the same PID in the same second.
+		New compile flag HASFCHOWN: set this if your OS has
+			fchown(2).
+		New compile flag HASRANDOM: set this to 0 if your OS does
+			not have random(3).  rand() will be used instead.
+		New compile flag HASSRANDOMDEV: set this if your OS has
+			srandomdev(3).
+		New compile flag HASSETLOGIN: set this if your OS has
+			setlogin(2).
+		Replace SINIX and ReliantUNIX support with version
+			specific SINIX files.  From Gerald Rinske of
+			Siemens Business Services.
+		Use the 60-second load average instead of the 5 second load
+			average on Compaq Tru64 UNIX (formerly Digital
+			UNIX).  From Chris Teakle of the University of Qld.
+		Use ANSI C by default for Compaq Tru64 UNIX.  Suggested by
+			Randall Winchester of Swales Aerospace.
+		Correct setgroups() prototype for Compaq Tru64 UNIX.
+			Problem noted by Randall Winchester of Swales
+			Aerospace.
+		Hitachi 3050R/3050RX and 3500 Workstations running
+			HI-UX/WE2 4.02, 6.10 and 7.10 from Motonori
+			NAKAMURA of Kyoto University.
+		New compile flag NO_GETSERVBYNAME: set this to disable
+			use of getservbyname() on systems which can
+			not lookup a service by name over NIS, such as
+			HI-UX.  Patch from Motonori NAKAMURA of Kyoto
+			University.
+		Use devtools/bin/install.sh on SCO 5.x.  Problem noted
+			by Sun Wenbing of the China Engineering and
+			Technology Information Network.
+		make depend didn't work properly on UNIXWARE 4.2.  Problem
+			noted by Ariel Malik of Netology, Ltd.
+		Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX).
+		Set confSTDIO_TYPE to torek for BSD-OS, FreeBSD, NetBSD,
+			and OpenBSD.
+		A recent Compaq Ultrix 4.5 Y2K patch has broken detection
+			of local_hostname_length().  See sendmail/README
+			for more details.  Problem noted by Allan E
+			Johannesen of Worcester Polytechnic Institute.
+	CONFIG: Begin using /etc/mail/ for sendmail related files.  This
+		affects a large number of files.  See cf/README for more
+		details.
+	CONFIG: New macro MAIL_SETTINGS_DIR contains the path (including
+		trailing slash) for the mail settings directory.
+	CONFIG: Increment version number of config file to 9.
+	CONFIG: OSTYPE(`bsdi1.0') and OSTYPE(`bsdi2.0') have been
+		deprecated and may be removed from a future release.
+		BSD/OS users should begin using OSTYPE(`bsdi').
+	CONFIG: OpenBSD 2.4 installs mail.local non-setuid root.  This
+		requires a new OSTYPE(`openbsd').  From Todd C. Miller of
+		Courtesan Consulting.
+	CONFIG: New OSTYPE(`hpux11') for HP/UX 11.X.
+	CONFIG: A syntax error in check_mail would cause fake top-level
+		domains (.BITNET, .DECNET, .FAX, .USENET, and .UUCP) to
+		be improperly rejected as unresolvable.
+	CONFIG: New FEATURE(`dnsbl') takes up to two arguments (name of
+		DNS server, rejection message) and can be included
+		multiple times.
+	CONFIG: New FEATURE(`relay_mail_from') allows relaying if the
+		mail sender is listed as RELAY in the access map (and tagged
+		with From:).
+	CONFIG: Optional tagging of LHS in the access map (Connect:,
+		From:, To:) to enable finer control.
+	CONFIG: New FEATURE(`ldap_routing') implements LDAP address
+		routing.  See cf/README for a complete description of the
+		new functionality.
+	CONFIG: New variables for the new sendmail options:
+		confAUTH_MECHANISMS		AuthMechanisms
+		confAUTH_OPTIONS		AuthOptions
+		confCLIENT_OPTIONS		ClientPortOptions
+		confCONTROL_SOCKET_NAME		ControlSocketName
+		confDEAD_LETTER_DROP		DeadLetterDrop
+		confDEF_AUTH_INFO		DefaultAuthInfo
+		confDF_BUFFER_SIZE		DataFileBufferSize
+		confLDAP_DEFAULT_SPEC		LDAPDefaultSpec
+		confMAX_ALIAS_RECURSION		MaxAliasRecursion
+		confMAX_HEADERS_LENGTH		MaxHeadersLength
+		confMAX_MIME_HEADER_LENGTH	MaxMimeHeaderLength
+		confPID_FILE			PidFile
+		confPROCESS_TITLE_PREFIX	ProcessTitlePrefix
+		confRRT_IMPLIES_DSN		RrtImpliesDsn
+		confTO_CONTROL			Timeout.control
+		confTO_RESOLVER_RETRANS		Timeout.resolver.retrans
+		confTO_RESOLVER_RETRANS_FIRST	Timeout.resolver.retrans.first
+		confTO_RESOLVER_RETRANS_NORMAL	Timeout.resolver.retrans.normal
+		confTO_RESOLVER_RETRY		Timeout.resolver.retry
+		confTO_RESOLVER_RETRY_FIRST	Timeout.resolver.retry.first
+		confTO_RESOLVER_RETRY_NORMAL	Timeout.resolver.retry.normal
+		confTRUSTED_USER		TrustedUser
+		confXF_BUFFER_SIZE		XscriptFileBufferSize
+	CONFIG: confDAEMON_OPTIONS has been replaced by DAEMON_OPTIONS(),
+		which takes the options as argument and can be used
+		multiple times; see cf/README for details.
+	CONFIG: Add a fifth mailer definition to MAILER(`smtp') called
+		"dsmtp".  This mail provides on-demand delivery using the
+		F=% mailer flag described above.  The "dsmtp" mailer
+		definition uses the new DSMTP_MAILER_ARGS which defaults
+		to "IPC $h".
+	CONFIG: New variables LOCAL_MAILER_MAXMSGS, SMTP_MAILER_MAXMSGS,
+		and RELAY_MAILER_MAXMSGS for setting the m= equate for the
+		local, smtp, and relay mailers respectively.
+	CONFIG: New variable LOCAL_MAILER_DSN_DIAGNOSTIC_CODE for setting
+		the DSN Diagnostic-Code type for the local mailer.  The
+		value should be changed with care.
+	CONFIG: FEATURE(`local_lmtp') now sets the DSN Diagnostic-Code type
+		for the local mailer to the proper value of "SMTP".
+	CONFIG: All included maps are no longer optional by default; if
+		there there is a problem with a map, sendmail will
+		complain.
+	CONFIG: Removed root from class E; use EXPOSED_USER(`root')
+		to get the old behavior.  Suggested by Joe Pruett
+		of Q7 Enterprises.
+	CONFIG: MASQUERADE_EXCEPTION() defines hosts/subdomains which
+		will not be masqueraded.  Proposed by Arne Wichmann
+		of MPI Saarbruecken, Griff Miller of PGS Tensor,
+		Jayme Cox of Broderbund Software Inc.
+	CONFIG: A list of exceptions for FEATURE(`nocanonify') can be
+		specified by CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
+		i.e., a list of domains which are passed to $[ ... $]
+		for canonification. Based on an idea from Neil Rickert
+		of Northern Illinois University.
+	CONFIG: If `canonify_hosts' is specified as parameter for
+		FEATURE(`nocanonify') then addresses which have only
+		a hostname, e.g., <user@host>, will be canonified.
+	CONFIG: If FEATURE(`nocanonify') is turned on, a trailing dot is
+		nevertheless added to addresses with more than one component
+		in it.
+	CONFIG: Canonification is no longer attempted for any host or domain
+		in class 'P' ($=P).
+	CONFIG: New class for matching virtusertable entries $={VirtHost} that
+		can be populated by VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE.
+		FEATURE(`virtuser_entire_domain') can be used to apply this
+		class also to entire subdomains.  Hosts in this class are
+		treated as canonical in SCanonify2, i.e., a trailing dot
+		is added.
+	CONFIG: If VIRTUSER_DOMAIN() or VIRTUSER_DOMAIN_FILE() are used,
+		include $={VirtHost} in $=R (hosts allowed to relay).
+	CONFIG: FEATURE(`generics_entire_domain') can be used to apply the
+		genericstable also to subdomains of $=G.
+	CONFIG: Pass "+detail" as %2 for virtusertable lookups.
+		Patch from Noam Freedman from University of Chicago.
+	CONFIG: Pass "+detail" as %1 for genericstable lookups.  Suggested
+		by Raymond S Brand of rsbx.net.
+	CONFIG: Allow @domain in genericstable to override masquerading.
+		Suggested by Owen Duffy from Owen Duffy & Associates.
+	CONFIG: LOCAL_DOMAIN() adds entries to class w.  Suggested by Steve
+		Hubert of University of Washington.
+	CONFIG: OSTYPE(`gnuhurd') has been replaced by OSTYPE(`gnu') as
+		GNU is now the canonical system name.  From Mark
+		Kettenis of the University of Amsterdam.
+	CONFIG: OSTYPE(`unixware7') updates from Larry Rosenman.
+	CONFIG: Do not include '=' in option expansion if there is no value
+		associated with the option.  From Andrew Brown of
+		Graffiti World Wide, Inc.
+	CONFIG: Add MAILER(`qpage') to define a new pager mailer.  Contributed
+		by Philip A. Prindeville of Enteka Enterprise Technology
+		Services.
+	CONFIG: MAILER(`cyrus') was not preserving case for mail folder
+		names.  Problem noted by Randall Winchester of Swales
+		Aerospace.
+	CONFIG: RELAY_MAILER_FLAGS can be used to define additional flags
+		for the relay mailer.  Suggested by Doug Hughes of Auburn
+		University and Brian Candler.
+	CONFIG: LOCAL_MAILER_FLAGS now includes 'P' (Add Return-Path:
+		header) by default.  Suggested by Per Hedeland of Ericsson.
+	CONFIG: Use SMART_HOST for bracketed addresses, e.g., user@[host].
+		Suggested by Kari Hurtta of the Finnish Meteorological
+		Institute.
+	CONFIG: New macro MODIFY_MAILER_FLAGS to tweak *_MAILER_FLAGS;
+		i.e., to set, add, or delete flags.
+	CONFIG: If SMTP AUTH is used then relaying is allowed for any user
+		who authenticated via a "trusted" mechanism, i.e., one that
+		is defined via TRUST_AUTH_MECH(`list of mechanisms').
+	CONFIG: FEATURE(`delay_checks') delays check_mail and check_relay
+		after check_rcpt and allows for exceptions from the checks.
+	CONFIG: Map declarations have been moved into their associated
+		feature files to allow greater flexibility in use of
+		sequence maps.  Suggested by Per Hedeland of Ericsson.
+	CONFIG: New macro LOCAL_MAILER_EOL to override the default end of
+		line string for the local mailer.  Requested by Il Oh of
+		Willamette Industries, Inc.
+	CONFIG: Route addresses are stripped, i.e., <@a,@b,@c:user@d> is
+		converted to <user@d>
+	CONFIG: Reject bogus return address of <@@hostname>, generated by
+		Sun's older, broken configuration files.
+	CONFIG: FEATURE(`nullclient') now provides the full rulesets of a
+		normal configuration, allowing anti-spam checks to be
+		performed.
+	CONFIG: Don't return a permanent error (Relaying denied) if
+		${client_name} can't be resolved just temporarily.
+		Suggested by Kari Hurtta of the Finnish Meteorological
+		Institute.
+	CONFIG: Change numbered rulesets into named (which still can
+		be accessed by their numbers).
+	CONFIG: FEATURE(`nouucp') takes one parameter: reject or nospecial
+		which describes whether to disallow "!" in the local part
+		of an address.
+	CONFIG: Call Local_localaddr from localaddr (S5) which can be used
+		to rewrite an address from a mailer which has the F=5 flag
+		set.  If the ruleset returns a mailer, the appropriate
+		action is taken, otherwise the returned tokens are ignored.
+	CONFIG: cf/ostype/solaris.m4 has been renamed to solaris2.pre5.m4
+		and cf/ostype/solaris2.m4 is now a copy of solaris2.ml.m4.
+		The latter is kept around for backward compatibility.
+	CONFIG: Allow ":D.S.N:" for mailer/virtusertable "error:" entries,
+		where "D.S.N" is an RFC 1893 compliant error code.
+	CONFIG: Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX).
+	CONFIG: Remove second space between username and date in UNIX From_
+		line.  Noted by Allan E Johannesen of Worcester Polytechnic
+		Institute.
+	CONFIG: Make sure all of the mailers have complete T= equates.
+	CONFIG: Extend FEATURE(`local_procmail') so it can now take
+		arguments overriding the mailer program, arguments, and
+		mailer definition flags.  This makes it possible to use
+		other programs such as maildrop for local delivery.
+	CONFIG: Emit warning if FEATURE(`local_lmtp') or
+		FEATURE(`local_procmail') is given after MAILER(`local').
+		Patch from Richard A. Nelson of IBM.
+	CONFIG: Add SMTP Authentication information to Received: header
+		default value (confRECEIVED_HEADER).
+	CONFIG: Remove `l' flag from USENET_MAILER_FLAGS as it is not a
+		local mailer.  Problem noted by Per Hedeland of Ericsson.
+	CONTRIB: Added bounce-resender.pl from Brian R. Gaeke of the
+		University of California at Berkeley.
+	CONTRIB: Added domainmap.m4 from Mark D. Roth of the University of
+		Illinois at Urbana-Champaign.
+	CONTRIB: etrn.pl now recognizes bogus host names.  Patch from
+		Bruce Barnett of GE's R&D Lab.
+	CONTRIB: Patches for re-mqueue.pl by Graeme Hewson of Oracle
+		Corporation UK.
+	CONTRIB: Added qtool.pl to assist in managing the queues.
+	DEVTOOLS: Prevent user environment variables from interfering with
+		the Build scripts.  Problem noted by Ezequiel H. Panepucci of
+		Yale University.
+	DEVTOOLS: 'Build -M' will display the obj.* directory which will
+		be used for building.
+	DEVTOOLS: 'Build -A' will display the architecture that would be
+		used for a fresh build.
+	DEVTOOLS: New variable confRANLIB, set automatically by configure.sh.
+	DEVTOOLS: New variable confRANLIBOPTS for the options to send to
+		ranlib.
+	DEVTOOLS: 'Build -O <path>' will have the object files build in
+		<path>/obj.*.  Suggested by Bryan Costales of Exactis.
+	DEVTOOLS: New variable confNO_MAN_BUILD which will prevent the
+		building of the man pages when defined.  Suggested by Bryan
+		Costales.
+	DEVTOOLS: New variables confNO_HELPFILE_INSTALL and
+		confNO_STATISTICS_INSTALL which will prevent the
+		installation of the sendmail helpfile and statistics file
+		respectively.  Suggested by Bryan Costales.
+	DEVTOOLS: Recognize ReliantUNIX as SINIX.  Patch from Gerald Rinske
+		of Siemens Business Services.
+	DEVTOOLS: New variable confSTDIO_TYPE which defines the type of
+		stdio library.  The new buffered file I/O depends on the
+		Torek stdio library.  This option can be either portable or
+		torek.
+	DEVTOOLS: New variables confSRCADD and confSMSRCADD which
+		correspond to confOBJADD and confSMOBJADD respectively.
+		They should contain the C source files for the object files
+		listed in confOBJADD and confSMOBJADD.  These file names
+		will be passed to the 'make depend' stage of compilation.
+	DEVTOOLS: New program specific variables for each of the programs
+		in the sendmail distribution.  Each has the form
+		`conf_prog_ENVDEF', for example, `conf_sendmail_ENVDEF'.
+		The new variables are conf_prog_ENVDEF, conf_prog_LIBS,
+		conf_prog_SRCADD, and conf_prog_OBJADD.
+	DEVTOOLS: Build system redesign.  This should have little affect on
+		building the distribution, but documentation on the changes
+		are in devtools/README.
+	DEVTOOLS: Don't allow 'Build -f file' if an object directory already
+		exists.  Suggested by Valdis Kletnieks of Virginia Tech.
+	DEVTOOLS: Rename confSRCDIR to confSMSRCDIR since it only identifies
+		the path to the sendmail source directory.  confSRCDIR is a
+		new variable which identifies the root of the source
+		directories for all of the programs in the distribution.
+	DEVTOOLS: confSRCDIR and confSMSRCDIR are now determined at Build
+		time.  They can both still be overridden by setting the m4
+		macro.
+	DEVTOOLS: confSBINGRP now defaults to bin instead of kmem.
+	DEVTOOLS: 'Build -Q prefix' uses devtools/Site/prefix.*.m4 for
+		build configurations, and places objects in obj.prefix.*/.
+		Complains as 'Build -f file' does for existing object
+		directories.  Suggested by Tom Smith of Digital Equipment
+		Corporation.
+	DEVTOOLS: Setting confINSTALL_RAWMAN will install unformatted
+		manual pages in the directory tree specified by
+		confMANROOTMAN.
+	DEVTOOLS: If formatting the manual pages fails, copy in the
+		preformatted pages from the distribution.  The new variable
+		confCOPY specifies the copying program.
+	DEVTOOLS: Defining confFORCE_RMAIL will install rmail without
+		question.  Suggested by Terry Lambert of Whistle
+		Communications.
+	DEVTOOLS: confSTFILE and confHFFILE can be used to change the names
+		of the installed statistics and help files, respectively.
+	DEVTOOLS: Remove spaces in `uname -r` output when determining
+		operating system identity.  Problem noted by Erik
+		Wachtenheim of Dartmouth College.
+	DEVTOOLS: New variable confLIBSEARCHPATH to specify the paths that
+		will be search for the libraries specified in confLIBSEARCH.
+		Defaults to "/lib /usr/lib /usr/shlib".
+	DEVTOOLS: New variables confSTRIP and confSTRIPOPTS for specifying
+		how to strip binaries.  These are used by the new
+		install-strip target.
+	DEVTOOLS: New config file site.post.m4 which is included after
+		the others (if it exists).
+	DEVTOOLS: Change order of LIBS: first product specific libraries
+		then the default ones.
+	MAIL.LOCAL: Will not be installed setuid root.  To use mail.local
+		as local delivery agent without LMTP mode, use
+		MODIFY_MAILER_FLAGS(`LOCAL', `+S')
+		to set the S flag.
+	MAIL.LOCAL: Do not reject addresses which would otherwise be
+		accepted by sendmail.  Suggested by Neil Rickert of
+		Northern Illinois University.
+	MAIL.LOCAL: New -7 option which causes LMTP mode not to advertise
+		8BITMIME in the LHLO response.  Suggested by Kari Hurtta of
+		the Finnish Meteorological Institute.
+	MAIL.LOCAL: Add support for the maillock() routines by defining
+		MAILLOCK when compiling.  Also requires linking with
+		-lmail.  Patch from Neil Rickert of Northern Illinois
+		University.
+	MAIL.LOCAL: Create a Content-Length: header if CONTENTLENGTH is
+		defined when compiling.  Automatically set for Solaris 2.3
+		and later.  Patch from Neil Rickert of Northern Illinois
+		University.
+	MAIL.LOCAL: Move the initialization of the 'notifybiff' address
+		structure to the beginning of the program.  This ensures that
+		the getservbyname() is done before any seteuid to a possibly
+		unauthenticated user.  If you are using NIS+ and secure RPC
+		on a Solaris system, this avoids syslog messages such as,
+		"authdes_refresh: keyserv(1m) is unable to encrypt session
+		key."  Patch from Neil Rickert of Northern Illinois
+		University.
+	MAIL.LOCAL: Support group writable mail spool files when MAILGID is
+		set to the gid to use (-DMAILGID=6) when compiling.
+		Patch from Neil Rickert of Northern Illinois University.
+	MAIL.LOCAL: When a mail message included lines longer than 2046
+		characters (in LMTP mode), mail.local split the incoming
+		line up into 2046-character output lines (excluding the
+		newline).  If an input line was 2047 characters long
+		(excluding CR-LF) and the last character was a '.',
+		mail.local saw it as the end of input, transfered it to the
+		user mailbox and tried to write an `ok' back to sendmail.
+		If the message was much longer, both sendmail and
+		mail.local would deadlock waiting for each other to read
+		what they have written.  Problem noted by Peter Jeremy of
+		Alcatel Australia Limited.
+	MAIL.LOCAL: New option -b to return a permanent error instead of a
+		temporary error if a mailbox exceeds quota.  Suggested by
+		Neil Rickert of Northern Illinois University.
+	MAIL.LOCAL: The creation of a lockfile is subject to a global
+		timeout to avoid starvation.
+	MAIL.LOCAL: Properly parse addresses with multiple quoted
+		local-parts.  Problem noted by Ronald F. Guilmette of
+		Infinite Monkeys & Co.
+	MAIL.LOCAL: NCR MP/RAS 3.X portability from Tom J. Moore of NCR.
+	MAILSTATS: New -p option to invoke program mode in which stats are
+		printed in a machine readable fashion and the stats file
+		is reset.  Patch from Kevin Hildebrand of the University
+		of Maryland.
+	MAKEMAP: If running as root, automatically change the ownership of
+		generated maps to the TrustedUser as specified in the
+		sendmail configuration file.
+	MAKEMAP: New -C option to accept an alternate sendmail
+		configuration file to use for finding the TrustedUser
+		option.
+	MAKEMAP: New -u option to dump (unmap) a database.  Based on
+		code contributed by Roy Mongiovi of Georgia Tech.
+	MAKEMAP: New -e option to allow empty values.  Suggested by Philip
+		A. Prindeville of Enteka Enterprise Technology Services.
+	MAKEMAP: Compile cleanly on 64-bit operating systems.  Problem
+		noted by Gerald Rinske of Siemens Business Services.
+	OP.ME: Correctly document interaction between F=S and U= mailer
+		equates.  Problem noted by Bob Halley of Internet Engines.
+	OP.ME: Fixup Timeout documentation.  From Graeme Hewson of Oracle
+		Corporation UK.
+	OP.ME: The Timeout [r] option was incorrectly listed as "safe"
+		(e.g., sendmail would not drop root privileges if the
+		option was specified on the command line).  Problem noted
+		by Todd C. Miller of Courtesan Consulting.
+	PRALIASES: Handle the hash and btree map specifications for
+		Berkeley DB.  Patch from Brian J. Coan of the
+		Institute for Global Communications.
+	PRALIASES: Read the sendmail.cf file for the location(s) of the
+		alias file(s) if the -f option is not used.  Patch from
+		John Beck of Sun Microsystems.
+	PRALIASES: New -C option to specify an alternate sendmail
+		configuration file to use for finding alias file(s).  Patch
+		from John Beck of Sun Microsystems.
+	SMRSH: allow shell commands echo, exec, and exit.  Allow command
+		lists using || and &&.  Based on patch from Brian J. Coan
+		of the Institute for Global Communications.
+	SMRSH: Update README for the new Build system.  From Tim Pierce
+		of RootsWeb Genealogical Data Cooperative.
+	VACATION: Added vacation auto-responder to sendmail distribution.
+	LIBSMDB: Added abstracted database library.  Works with Berkeley
+		DB 1.85, Berkeley DB 2.X, Berkeley DB 3.X, and NDBM.
+	Changed Files:
+		The Build script in the various program subdirectories are
+			no longer symbolic links.  They are now scripts
+			which execute the actual Build script in
+			devtools/bin.
+		All the manual pages are now written against -man and not
+			-mandoc as they were previously.
+		Add a simple Makefile to every directory so make instead
+			of Build will work (unless parameters are
+			required for Build).
+	New Directories:
+		devtools/M4/UNIX
+		include
+		libmilter
+		libsmdb
+		libsmutil
+		vacation
+	Renamed Directories:
+		BuildTools => devtools
+		src => sendmail
+	Deleted Files:
+		cf/m4/nullrelay.m4
+		devtools/OS/Linux.ppc
+		devtools/OS/ReliantUNIX
+		devtools/OS/SINIX
+		sendmail/ldap_map.h
+	New Files:
+		INSTALL
+		PGPKEYS
+		cf/cf/generic-linux.cf
+		cf/cf/generic-linux.mc
+		cf/feature/delay_checks.m4
+		cf/feature/dnsbl.m4
+		cf/feature/generics_entire_domain.m4
+		cf/feature/no_default_msa.m4
+		cf/feature/relay_mail_from.m4
+		cf/feature/virtuser_entire_domain.m4
+		cf/mailer/qpage.m4
+		cf/ostype/bsdi.m4
+		cf/ostype/hpux11.m4
+		cf/ostype/openbsd.m4
+		contrib/bounce-resender.pl
+		contrib/domainmap.m4
+		contrib/qtool.8
+		contrib/qtool.pl
+		devtools/M4/depend/AIX.m4
+		devtools/M4/list.m4
+		devtools/M4/string.m4
+		devtools/M4/subst_ext.m4
+		devtools/M4/switch.m4
+		devtools/OS/Darwin
+		devtools/OS/GNU
+		devtools/OS/SINIX.5.43
+		devtools/OS/SINIX.5.44
+		devtools/OS/m88k
+		devtools/bin/find_in_path.sh
+		mail.local/Makefile
+		mailstats/Makefile
+		makemap/Makefile
+		praliases/Makefile
+		rmail/Makefile
+		sendmail/Makefile
+		sendmail/bf.h
+		sendmail/bf_portable.c
+		sendmail/bf_portable.h
+		sendmail/bf_torek.c
+		sendmail/bf_torek.h
+		sendmail/shmticklib.c
+		sendmail/statusd_shm.h
+		sendmail/timers.c
+		sendmail/timers.h
+		smrsh/Makefile
+		vacation/Makefile
+	Renamed Files:
+		cf/ostype/gnuhurd.m4 => cf/ostype/gnu.m4
+		sendmail/cdefs.h => include/sendmail/cdefs.h
+		sendmail/sendmail.hf => sendmail/helpfile
+		sendmail/mailstats.h => include/sendmail/mailstats.h
+		sendmail/pathnames.h => include/sendmail/pathnames.h
+		sendmail/safefile.c => libsmutil/safefile.c
+		sendmail/snprintf.c => libsmutil/snprintf.c
+		sendmail/useful.h => include/sendmail/useful.h
+		cf/ostype/solaris2.m4 => cf/ostype/solaris2.pre5.m4
+	Copied Files:
+		cf/ostype/solaris2.ml.m4 => cf/ostype/solaris2.m4
+
+8.9.3/8.9.3	1999/02/04
 	SECURITY: Limit message headers to a maximum of 32K bytes (total
 		of all headers in a single message) to prevent a denial of
 		service attack.  This limit will be configurable in 8.10.
@@ -47,7 +1697,9 @@ summary of the changes in that release.
 		published in the updated SMTP specification from the DRUMS
 		group of the IETF.
 	Portability:
-		AIX 4.2.0.2 ships with a /usr/lib/libbind.a which should
+		AIX 4.2.0 or 4.2.1 may become updated by the fileset
+			bos.rte.net level 4.2.0.2.  This introduces the
+			softlink /usr/lib/libbind.a which should
 			not be used.  It conflicts with the resolver
 			built into libc.a.  "bind" has been removed
 			from the confLIBSEARCH BuildTools variable.
@@ -87,12 +1739,12 @@ summary of the changes in that release.
 	CONFIG: The bestmx_is_local checking done in check_rcpt would
 		cause later checks to fail.  Patch from Paul J Murphy of
 		MIDS Europe.
-	New files:
+	New Files:
 		BuildTools/OS/CRAYTS.10.0.x
 		BuildTools/OS/ReliantUNIX
 		BuildTools/OS/SunOS.5.8
 
-8.9.2/8.9.2	98/12/30
+8.9.2/8.9.2	1998/12/30
 	SECURITY: Remove five second sleep on accepting daemon connections
 		due to an accept() failure.  This sleep could be used
 		for a denial of service attack.
@@ -133,10 +1785,10 @@ summary of the changes in that release.
 		in case the $HFDIR directory does not exist.  Problem
 		noted by Josef Svitak of Montana State University.
 	Close all maps when exiting the process with one exception.
-        	Berkeley DB can use internal shared memory locking for
-        	its memory pool.  Closing a map opened by another process
-        	will interfere with the shared memory and locks of the
-        	parent process leaving things in a bad state.  For
+		Berkeley DB can use internal shared memory locking for
+		its memory pool.  Closing a map opened by another process
+		will interfere with the shared memory and locks of the
+		parent process leaving things in a bad state.  For
 		Berkeley DB, only close the map if the current process
 		is also the one that opened the map, otherwise only close
 		the map file descriptor.  Thanks to Yoseff Francus of
@@ -145,7 +1797,7 @@ summary of the changes in that release.
 	Avoid null pointer dereference on XDEBUG output for SMTP reply
 		failures.  Problem noted by Carlos Canau of EUnet Portugal.
 	On mailq and hoststat listings being piped to another program, such
-		as more, if the pipe closes (i.e. the user quits more),
+		as more, if the pipe closes (i.e., the user quits more),
 		stop sending output and exit.  Patch from Allan E Johannesen
 		of Worcester Polytechnic Institute.
 	In accordance with the documentation, LDAP map lookup failures
@@ -223,7 +1875,7 @@ summary of the changes in that release.
 		there are multiple RBL's available and the MAPS RBL may
 		not be the one in use.  Suggested by Alan Brown of
 		Manawatu Internet Services.
-	CONFIG: Properly strip route addresses (i.e. @host1:user@host2)
+	CONFIG: Properly strip route addresses (i.e., @host1:user@host2)
 		when stripping down a recipient address to check for
 		relaying.  Patch from Claus Assmann of
 		Christian-Albrechts-University of Kiel and Neil W Rickert
@@ -235,7 +1887,7 @@ summary of the changes in that release.
 		Dot Com.
 	CONFIG: Fixed check for deferred delivery mode warning.  Patch
 		from Claus Assmann of Christian-Albrechts-University of
-                Kiel and Per Hedeland of Ericsson.
+		Kiel and Per Hedeland of Ericsson.
 	CONFIG: If a recipient using % addressing is used, e.g.
 		user%site@othersite, and othersite's MX records are now
 		checked for local hosts if FEATURE(relay_based_on_MX) is
@@ -264,11 +1916,11 @@ summary of the changes in that release.
 	New Files:
 		BuildTools/OS/IRIX64.6.5
 		BuildTools/OS/UnixWare.5.i386
-		cf/cf/unixware7.m4
+		cf/ostype/unixware7.m4
 		contrib/smcontrol.pl
 		src/control.c
 
-8.9.1/8.9.1	98/07/02
+8.9.1/8.9.1	1998/07/02
 	If both an OS specific site configuration file and a generic
 		site.config.m4 file existed, only the latter was used
 		instead of both.  Problem noted by Geir Johannessen of
@@ -289,10 +1941,10 @@ summary of the changes in that release.
 	If the check_relay ruleset resolved to the discard mailer, messages
 		were still delivered.  Problem noted by Mirek Luc of NASK.
 	Mail delivery to files would fail with an Operating System Error
-		if sendmail was not running as root, i.e. RunAsUser was set.
+		if sendmail was not running as root, i.e., RunAsUser was set.
 		Problem noted by Leonard N. Zubkoff of Dandelion Digital.
 	Prevent MinQueueAge from interfering from queued items created
-		in the future, i.e. if the system clock was set ahead
+		in the future, i.e., if the system clock was set ahead
 		and then back.  Problem noted by Michael Miller of the
 		University of Natal, Pietermaritzburg.
 	Do not advertise ETRN support in ESTMP EHLO reply if noetrn is
@@ -353,11 +2005,11 @@ summary of the changes in that release.
 	New Files:
 		BuildTools/OS/DomainOS.10.4
 
-8.9.0/8.9.0	98/05/19
+8.9.0/8.9.0	1998/05/19
 	SECURITY: To prevent users from reading files not normally
 		readable, sendmail will no longer open forward, :include:,
 		class, ErrorHeader, or HelpFile files located in unsafe
-		(i.e. group or world writable) directory paths.  Sites
+		(i.e., group or world writable) directory paths.  Sites
 		which need the ability to override security can use the
 		DontBlameSendmail option.  See the README file for more
 		information.
@@ -411,7 +2063,7 @@ summary of the changes in that release.
 		only done if you had magic characters (0x81) to indicate
 		macro expansion.  Now $x will be expanded.  This means that
 		real dollar signs have to be backslash escaped.
-	TCP Wrappers expects "unknown" in the hostname argument if the 
+	TCP Wrappers expects "unknown" in the hostname argument if the
 		reverse DNS lookup for the incoming connection fails.
 		Problem noted by Randy Grimshaw of Syracuse University and
 		Wietse Venema of the Global Security Analysis Lab at
@@ -455,11 +2107,11 @@ summary of the changes in that release.
 		Technical University of Braunschweig.  Patch from Per Hedeland
 		of Ericsson.
 	Print test input in address test mode when input is not from the tty
-		when the -v flag is given (i.e. sendmail -bt -v) to make
+		when the -v flag is given (i.e., sendmail -bt -v) to make
 		output easier to decipher.  Problem noted by Aidan Nichol
 		of Procter & Gamble.
 	The LDAP map -s flag was not properly parsed and the error message
-		given included the remainder of the arguments instead of 
+		given included the remainder of the arguments instead of
 		solely the argument in error.  Problem noted by Aidan Nichol
 		of Procter & Gamble.
 	New DontBlameSendmail option.  This option allows administrators to
@@ -512,7 +2164,7 @@ summary of the changes in that release.
 		a forward (A) DNS lookup on the result of the PTR lookup
 		and compare results.  If they differ or if the PTR lookup
 		fails, &{client_name} will contain the IP address
-		surrounded by square brackets (e.g. [127.0.0.1]).
+		surrounded by square brackets (e.g., [127.0.0.1]).
 	New map flag: -Tx appends "x" to lookups that return temporary failure
 		(i.e, it is like -ax for the temporary failure case, in
 		contrast to the success case).
@@ -534,7 +2186,7 @@ summary of the changes in that release.
 		obeys all of the F= mailer flags such as the MIME
 		7/8 bit conversion flags.  This is useful for defining
 		a mailer which delivers to the same file regardless of the
-		recipient (e.g. 'A=FILE /dev/null' to discard unwanted mail).
+		recipient (e.g., 'A=FILE /dev/null' to discard unwanted mail).
 	Do not assume the identity of a remote connection is root@localhost
 		if the remote connection closes the socket before the
 		remote identity can be queried.
@@ -756,7 +2408,7 @@ summary of the changes in that release.
 		Kari Hurtta of the Finnish Meteorological Institute.
 	CONFIG: .cf files are now stored in the same directory with the
 		.mc files instead of in the obj directory.
-	CONFIG: New options confSINGLE_LINE_FROM_HEADER, 
+	CONFIG: New options confSINGLE_LINE_FROM_HEADER,
 		confALLOW_BOGUS_HELO, and confMUST_QUOTE_CHARS for
 		setting SingleLineFromHeader, AllowBogusHELO, and
 		MustQuoteChars respectively.
@@ -765,7 +2417,7 @@ summary of the changes in that release.
 		status on a per-user basis.  Code donated by John Myers of
 		CMU (now of Netscape).
 	MAIL.LOCAL: HP-UX support from Randall S. Winchester of the
-		University of Maryland.  NOTE: mail.local is not 
+		University of Maryland.  NOTE: mail.local is not
 		compatible with the stock HP-UX mail format.  Be sure to
 		read mail.local/README.
 	MAIL.LOCAL: Prevent other mail delivery agents from stealing a
@@ -875,7 +2527,7 @@ summary of the changes in that release.
 		cf/cf/obj/* => cf/cf/*
 		src/READ_ME => src/README
 
-8.8.8/8.8.8	97/10/24
+8.8.8/8.8.8	1997/10/24
 	If the check_relay ruleset failed, the relay= field was logged
 		incorrectly.  Problem noted by Kari Hurtta of the Finnish
 		Meteorological Institute.
@@ -961,7 +2613,7 @@ summary of the changes in that release.
 		Problem noted by Kari E. Hurtta of the Finnish Meteorological
 		Institute.
 	Make sure non-rebuildable database maps are opened before the
-		rebuildable maps (i.e. alias files) in case the database maps
+		rebuildable maps (i.e., alias files) in case the database maps
 		are needed for verifying the left hand side of the aliases.
 		Problem noted by Lloyd Parkes of Victoria University.
 	Make sure sender RFC822 source route addresses are alias expanded for
@@ -994,7 +2646,7 @@ summary of the changes in that release.
 			chownsafe() to always return 0 even if the OS does
 			not permit file giveaways.  Problem noted by
 			Yasutaka Sumi of The University of Tokyo.
-		IRIX6: Syslog buffer size set to 512 bytes.  Reported by 
+		IRIX6: Syslog buffer size set to 512 bytes.  Reported by
 			Gerald Rinske of Siemens Business Services VAS.
 		Linux: Pad process title with NULLs.  Problem noted by
 			Jon Lewis of Florida Digital Turnpike.
@@ -1014,7 +2666,7 @@ summary of the changes in that release.
 	OP.ME: Document the F=i mailer flag.  Problem noted by Per Hedeland of
 			Ericsson.
 
-8.8.7/8.8.7	97/08/03
+8.8.7/8.8.7	1997/08/03
 	If using Berkeley DB on systems without O_EXLOCK (open a file with
 		an exclusive lock already set -- i.e., almost all systems
 		except 4.4-BSD derived systems), the initial attempt at
@@ -1166,7 +2818,7 @@ summary of the changes in that release.
 	DELETED FILES:
 		Makefile
 
-8.8.6/8.8.6	97/06/14
+8.8.6/8.8.6	1997/06/14
 	    *************************************************************
 	    * The extensive assistance of Gregory Neil Shapiro of WPI	*
 	    * in preparing this release is gratefully appreciated.	*
@@ -1424,7 +3076,7 @@ summary of the changes in that release.
 		MAILER(procmail), but do pass F=Pn9 (include Return-Path:,
 		don't include From_, and convert to 8-bit).  Suggestions
 		from Kimmo Suominen and Roderick Schertler.
-	CONFIG: Domains under $=M (specified with MASQUERADE_DOMAIN) where
+	CONFIG: Domains under $=M (specified with MASQUERADE_DOMAIN) were
 		being masqueraded as though FEATURE(masquerade_entire_domain)
 		was specified, even when it wasn't.
 	MAIL.LOCAL: Solaris 2.6 has snprintf.  From John Beck of SunSoft.
@@ -1469,7 +3121,7 @@ summary of the changes in that release.
 		src/Makefiles/Makefile.IRIX.6.2 =>	Makefile.IRIX.6.x
 		src/Makefiles/Makefile.IRIX64 =>	Makefile.IRIX64.6.0
 
-8.8.5/8.8.5	97/01/21
+8.8.5/8.8.5	1997/01/21
 	SECURITY: Clear out group list during startup.  Without this, sendmail
 		will continue to run with the group permissions of the caller,
 		even if RunAsUser is specified.
@@ -1613,7 +3265,7 @@ summary of the changes in that release.
 		a duplex printer.  From Matthew Black of Cal State University,
 		Long Beach.
 
-8.8.4/8.8.4	96/12/02
+8.8.4/8.8.4	1996/12/02
 	SECURITY: under some circumstances, an attacker could get additional
 		permissions by hard linking to files that were group
 		writable by the attacker.  The solution is to disallow any
@@ -1712,7 +3364,7 @@ summary of the changes in that release.
 	NEW FILES:
 		contrib/etrn.pl
 
-8.8.3/8.8.3	96/11/17
+8.8.3/8.8.3	1996/11/17
 	SECURITY: it was possible to get a root shell by lying to sendmail
 		about argv[0] and then sending it a signal.  Problem noted
 		by Leshka Zakharoff <leshka@leshka.chuvashia.su> on the
@@ -1825,7 +3477,7 @@ summary of the changes in that release.
 		cf/ostype/aix4.m4
 		cf/ostype/mklinux.m4
 
-8.8.2/8.8.2	96/10/18
+8.8.2/8.8.2	1996/10/18
 	SECURITY: fix a botch in the 7-bit MIME patch; the previous patch
 		changed the code but didn't fix the problem.
 	PORTABILITY FIXES:
@@ -1836,7 +3488,7 @@ summary of the changes in that release.
 		from this document.  These flags were F=d, F=j, F=R, and F=9.
 	CONFIG: no changes.
 
-8.8.1/8.8.1	96/10/17
+8.8.1/8.8.1	1996/10/17
 	SECURITY: unset all environment variables that the resolver will
 		examine during queue runs and daemon mode.  Problem noted
 		by Dan Bernstein of the University of Illinois at Chicago.
@@ -1889,7 +3541,7 @@ summary of the changes in that release.
 	MAIL.LOCAL: patches to compile on NEXTSTEP.  From Patrick Nolan
 		of Stanford via Robert La Ferla.
 
-8.8.0/8.8.0	96/09/26
+8.8.0/8.8.0	1996/09/26
 	Under some circumstances, Bcc: headers would not be properly
 		deleted.  Pointed out by Jonathan Kamens of OpenVision.
 	Log a warning if the sendmail daemon is invoked without a full
@@ -2251,7 +3903,7 @@ summary of the changes in that release.
 		framework is gratefully appreciated.
 	New SingleThreadDelivery option (requires HostStatusDirectory to
 		operate).  Avoids letting two sendmails on the local machine
-		open connections to the same remote host at the same time.  
+		open connections to the same remote host at the same time.
 		This reduces load on the other machine, but can cause mail to
 		be delayed (for example, if one sendmail is delivering a huge
 		message, other sendmails won't be able to send even small
@@ -2531,7 +4183,7 @@ summary of the changes in that release.
 		src/Makefiles/Makefile.NeXT =>		Makefile.NeXT.2.x
 		src/Makefiles/Makefile.NEXTSTEP =>	Makefile.NeXT.3.x
 
-8.7.6/8.7.3	96/09/17
+8.7.6/8.7.3	1996/09/17
 	SECURITY: It is possible to force getpwuid to fail when writing the
 		queue file, causing sendmail to fall back to running programs
 		as the default user.  This is not exploitable from off-site.
@@ -2541,7 +4193,7 @@ summary of the changes in that release.
 		a local user to get root.  This is not known to be exploitable
 		from off-site.  The workaround is to disable chfn(1) commands.
 
-8.7.5/8.7.3	96/03/04
+8.7.5/8.7.3	1996/03/04
 	Fix glitch in 8.7.4 when putting certain internal lines; this can
 		in some case cause connections to hang or messages to have
 		extra spaces in odd places.  Patch from Eric Wassenaar;
@@ -2549,14 +4201,14 @@ summary of the changes in that release.
 		Hansen of Stanford University, Dean Gaudet of HotWired,
 		and others.
 
-8.7.4/8.7.3	96/02/18
+8.7.4/8.7.3	1996/02/18
 	SECURITY: In some cases it was still possible for an attacker to
 		insert newlines into a queue file, thus allowing access to
 		any user (except root).
 	CONFIG: no changes -- it is not a bug that the configuration
 		version number is unchanged.
 
-8.7.3/8.7.3	95/12/03
+8.7.3/8.7.3	1995/12/03
 	Fix botch in name server timeout in RCPT code; this problem caused
 		two responses in SMTP, which breaks things horribly.  Fix
 		from Gregory Neil Shapiro of WPI.
@@ -2575,7 +4227,7 @@ summary of the changes in that release.
 	CONFIG: add confHOSTS_FILE m4 variable to set HostsFile option.
 		Deficiency pointed out by Bryan Costales of ICSI.
 
-8.7.2/8.7.2	95/11/19
+8.7.2/8.7.2	1995/11/19
 	REALLY fix the backslash escapes in SmtpGreetingMessage,
 		OperatorChars, and UnixFromLine options.  They were not
 		properly repaired in 8.7.1.
@@ -2719,7 +4371,7 @@ summary of the changes in that release.
 		portability changes for Posix environments (no functional
 		changes).
 
-8.7.1/8.7.1	95/10/01
+8.7.1/8.7.1	1995/10/01
 	Old macros that have become options (SmtpGreetingMessage,
 		OperatorChars, and UnixFromLine) didn't allow backslash
 		escapes in the options, where they previously had.  Bug
@@ -2804,7 +4456,7 @@ summary of the changes in that release.
 		src/Makefiles/Makefile.KSR (omitted from 8.7 by mistake)
 		src/Makefiles/Makefile.UXPDS
 
-8.7/8.7		95/09/16
+8.7/8.7		1995/09/16
 	Fix a problem that could cause sendmail to run out of file
 		descriptors due to a trashed data structure after a
 		vfork.  Fix from Brian Coan of the Institute for
@@ -3182,7 +4834,7 @@ summary of the changes in that release.
 	Add multiple queue timeouts (both return and warning).  These are
 		set by the Precedence: or Priority: header fields to one of
 		three values.  If a Priority: is set and has value "normal",
-		"urgent", or "non-urgent" the corresponding timeouts are 
+		"urgent", or "non-urgent" the corresponding timeouts are
 		used.  If no priority is set, the Precedence: is consulted;
 		if negative, non-urgent timeouts are used; if greater than
 		zero, urgent timeouts are used.  Otherwise, normal timeouts
@@ -3810,7 +5462,7 @@ summary of the changes in that release.
 		and this can create unreplyable addresses.  From Chip
 		Rosenthal of Unicom.
 	CONFIG: add confRECEIVED_HEADER to change the format of the
-		Received: header inserted into all messages. Suggested by
+		Received: header inserted into all messages.  Suggested by
 		Gary Mills of the University of Manitoba.
 	CONFIG: Make "notsticky" the default; use FEATURE(stickyhost)
 		to get the old behavior.  I did this upon observing
@@ -4013,14 +5665,14 @@ summary of the changes in that release.
 		contrib/rcpt-streaming
 		src/Makefiles/Makefile.SunOS.5.x
 
-8.6.13/8.6.12	96/01/25
+8.6.13/8.6.12	1996/01/25
 	SECURITY: In some cases it was still possible for an attacker to
 		insert newlines into a queue file, thus allowing access to
 		any user (except root).
 	CONFIG: no changes -- it is not a bug that the configuration
 		version number is unchanged.
 
-8.6.12/8.6.12	95/03/28
+8.6.12/8.6.12	1995/03/28
 	Fix to IDENT code (it was getting the size of the reply buffer
 		too small, so nothing was ever accepted).  Fix from several
 		people, including Allan Johannesen, Shane Castle of the
@@ -4031,7 +5683,7 @@ summary of the changes in that release.
 		file descriptors on systems that use vfork() rather
 		than fork().
 
-8.6.11/8.6.11	95/03/08
+8.6.11/8.6.11	1995/03/08
 	The ``possible attack'' message would be logged more often
 		than necessary if you are using Pine as a user agent.
 	The wrong host would be reported in the ``possible attack''
@@ -4066,7 +5718,7 @@ summary of the changes in that release.
 	CONFIG: No changes (version number only, to keep it in sync
 		with the binaries).
 
-8.6.10/8.6.10	95/02/10
+8.6.10/8.6.10	1995/02/10
 	SECURITY: Diagnose bogus values to some command line flags that
 		could allow trash to get into headers and qf files.
 	Validate the name of the user returned by the IDENT protocol.
@@ -4110,7 +5762,7 @@ summary of the changes in that release.
 	CONFIG: No changes (version number only, to keep it in sync
 		with the binaries).
 
-8.6.9/8.6.9	94/04/19
+8.6.9/8.6.9	1994/04/19
 	Do all mail delivery completely disconnected from any terminal.
 		This provides consistency with daemon delivery and
 		may have some security implications.
@@ -4232,18 +5884,18 @@ summary of the changes in that release.
 		doc/changes/changes.me
 		doc/changes/changes.ps
 
-8.6.8/8.6.6	94/03/21
+8.6.8/8.6.6	1994/03/21
 	SECURITY: it was possible to read any file as root using the
 		E (error message) option.  Reported by Richard Jones;
 		fixed by Michael Corrigan and Christophe Wolfhugel.
 
-8.6.7/8.6.6	94/03/14
+8.6.7/8.6.6	1994/03/14
 	SECURITY: it was possible to get root access by using weird
 		values to the -d flag.  Thanks to Alain Durand of
 		INRIA for forwarding me the notice from the bugtraq
 		list.
 
-8.6.6/8.6.6	94/03/13
+8.6.6/8.6.6	1994/03/13
 	SECURITY: the ability to give files away on System V-based
 		systems proved dangerous -- don't run as the owner
 		of a :include: file on a system that allows giveaways.
@@ -4475,7 +6127,7 @@ summary of the changes in that release.
 		doc/intro/Makefile
 		doc/usenix/Makefile
 
-8.6.5/8.6.5	94/01/13
+8.6.5/8.6.5	1994/01/13
 	Security fix:  /.forward could be owned by anyone (the test
 		to allow root to own any file was backwards).  From
 		Bob Campbell at U.C. Berkeley.
@@ -4763,7 +6415,7 @@ summary of the changes in that release.
 		makemap/Makefile.dist
 		praliases/Makefile.dist
 
-8.6.4/8.6.4	93/10/31
+8.6.4/8.6.4	1993/10/31
 	Repair core-dump problem (write to read-only memory segment)
 		if you fall back to the return-to-Postmaster case in
 		savemail.  Problem reported by Richard Liu.
@@ -4811,7 +6463,7 @@ summary of the changes in that release.
 	CONFIG: handle <list:;> syntax correctly.  This isn't legal, but
 		it shouldn't fail miserably.  From Motonori Nakamura.
 
-8.6.2/8.6.2	93/10/15
+8.6.2/8.6.2	1993/10/15
 	Put a "successful delivery" message in the transcript for
 		addresses that get return-receipts.
 	Put a prominent "this is only a warning" message in warning
@@ -4857,13 +6509,13 @@ summary of the changes in that release.
 		(from Jon Forrest of UC Berkeley)
 	CONFIG: fix ``mailer:host'' form of UUCP relay naming.
 
-8.6.1/8.6	93/10/08
+8.6.1/8.6	1993/10/08
 	Portability fixes for A/UX and Encore UMAX V.
 	Fix error message handling -- if you had a name server down
 		causing an error during parsing, that message was never
 		propagated to the queue file.
 
-8.6/8.6		93/10/05
+8.6/8.6		1993/10/05
 	Configuration cleanup: make it easier to undo IDENTPROTO in
 		conf.h (other systems have the same bug).
 	If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume
@@ -5067,7 +6719,7 @@ summary of the changes in that release.
 	CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom
 		connections (domain-ized UUCP).
 	CONFIG: fix bug in default maps (-o must be before database file
-		name).  Pointed out by Christophe Wolfhugel.  
+		name).  Pointed out by Christophe Wolfhugel.
 	CONFIG: add FEATURE(nodns) to state that we are not relying on
 		DNS.  This would presumably be used in UUCP islands.
 	CONFIG: add OSTYPE(nextstep) and OSTYPE(linux).
@@ -5094,7 +6746,7 @@ summary of the changes in that release.
 		want to hold it for another release.  Problem noted by
 		Bret Marquis.
 
-8.5/8.5		93/07/23
+8.5/8.5		1993/07/23
 	Serious bug: if you used a command line recipient that was unknown
 		sendmail would not send a return message (it was treating
 		everything as though it had an SMTP-style client that
@@ -5124,7 +6776,7 @@ summary of the changes in that release.
 		the default on SMART_HOST to change from "suucp" to
 		"relay" if you have MAILER(smtp) specified.
 
-8.4/8.4		93/07/22
+8.4/8.4		1993/07/22
 	Add option `w'.  If you receive a message that comes to you because
 		you are the best (lowest preference) target of an MX, and
 		you haven't explicitly recognized the source MX host in
@@ -5275,7 +6927,7 @@ summary of the changes in that release.
 	Changes to cf/sh/makeinfo.sh to make it portable to SVR4
 		environments.  Ugly as sin.
 
-8.3/8.3		93/07/13
+8.3/8.3		1993/07/13
 	Fix setuid problems introduced in 8.2 that caused messages
 		like "Cannot create qfXXXXXX: Invalid argument"
 		or "Cannot reopen dfXXXXXX: Permission denied".  This
@@ -5319,7 +6971,7 @@ summary of the changes in that release.
 		Christophe Wolfhugel.
 	CONFIG: Add OSTYPE(aix3).  From Christophe Wolfhugel.
 
-8.2/8.2		93/07/11
+8.2/8.2		1993/07/11
 	Don't drop out on config file parse errors in -bt mode.
 	On older configuration files, assume option "l" (use Errors-To
 		header) for back compatibility.  NOTE:  this DOES NOT
@@ -5431,7 +7083,7 @@ summary of the changes in that release.
 		first.  This is currently unused in the config files,
 		but could be used in a mailertable entry.
 
-8.1C/8.1B	93/06/27
+8.1C/8.1B	1993/06/27
 	Serious security bug fix: it was possible to read any file on
 		the system, regardless of ownership and permissions.
 	If a subroutine returns a fully qualified address, return it
@@ -5439,1149 +7091,13 @@ summary of the changes in that release.
 		This fixes a problem with mailertable lookups.
 	CONFIG: fix some M4 frotz (concat => CONCAT)
 
-8.1B/8.1A	93/06/12
+8.1B/8.1A	1993/06/12
 	Serious bug fix: pattern matching backup algorithm stepped by
 		two tokens in classes instead of one.  Found by Claus
 		Assmann at University of Kiel, Germany.
 
-8.1A/8.1A	93/06/08
+8.1A/8.1A	1993/06/08
 	Another mailertable fix....
 
-8.1/8.1		93/06/07
+8.1/8.1		1993/06/07
 	4.4BSD freeze.  No semantic changes.
-
-6.65/6.34	93/06/06
-	Fix some lintish problems.
-	Fix some cases where server SMTP behaved poorly when handed bogus
-		input, pointed out by Eric Wassenaar.
-	CONFIG: fix some more (sigh) mailertable bugs -- thanks to
-		Motonori Nakamura of Kyoto University (again).
-
-6.64/6.33	93/06/05
-	Don't send 050 (-v) information after the 250 response to a QUIT
-		command in srvrsmtp -- clients usually close the connection
-		at this point, and it causes bogus error messages.
-	Don't send messages that have errors on input (such as unbalanced
-		parentheses) during SMTP transactions, since a return
-		message has (probably) already been sent.
-	Give better diagnostics on timeouts during network reads, including
-		information similar to the SMTP phase.
-	Fix bug that caused SMTP messages to deliver synchronously; this
-		happened after the DATA 250, and hence caused reading the
-		next command to be delayed.
-	Ignore Errors-To: header unless 'l' (lower case el) header is
-		specified.  The Errors-To: header violates RFC 1123.
-		Errors-To: was only needed to take the place of the
-		envelope sender in the days when most Unix mailers
-		didn't understand about the two kinds of senders.
-	Don't send warning messages in response to automatically generated
-		messages (that is, those From:<>).
-	CONFIG: fix some rather stupid typos in the mailertable code
-		pointed out by Motonori Nakamura of Kyoto University.
-	CONFIG: add confUSE_ERRORS_TO configuration option.
-	CONFIG: if ALWAYS_ADD_DOMAIN is selected, try to use $M
-		(masquerade name) instead of $j.
-	CONFIG: don't add dots to relay names (added in 6.29); it breaks
-		several things, and can be simulated by dot terminating
-		the names of relays.  For example, use:
-			DBbit.net.relay.
-		(note the trailing dot).
-
-6.63/6.32	93/06/01
-	Fix prototypes to eliminate chars in argument lists -- some
-		compilers are pissy about this.
-	Log protocol ($r) and body type if set so we can determine if
-		the adaptive algorithms are working.
-	Pessimize on locking of database files (particularly for NEWDB
-		databases) during opens.  There were problems with
-		processes opening the file while it was rebuilt; since
-		NEWDB caches heavily, the reader opened an empty file,
-		which is an error.  If your system has the ability to
-		lock atomically on open, this works properly; otherwise,
-		there are race conditions.
-	Check mod time on .pag file instead of .dir in NDBM aliases
-		because the .dir file doesn't get updated for small
-		alias files.  From John Gardiner Myers of CMU.
-	More Solaris portability -- it now compiles on Solaris, but
-		hangs up in gethostbyname().
-	Move setting of RES_DEBUG flag before first myhostname() call
-		so we can see name server traffic on that call.
-	Fsync() queue files.
-	Fix a problem that causes -bi to try to rebuild maps other than
-		the alias file(s).
-	Fix a problem that caused udb to reject entries from any but
-		the first database listed.
-	Rearrange doc subdirectory for 4.4BSD release tape.
-	CONFIG: put $r into the Received line.  This was an oversight.
-	CONFIG: fix typo (call to ruleset 99 should have been ruleset 90).
-	CONFIG: move "auxiliary" subroutines to be in ruleset 90-99
-		range -- in the long run, single digit rulesets may
-		become reserved for builtin use by sendmail.
-	CONFIG: fix major problem that causes host aliases (that is,
-		anything in $=w != $j) to not be recognized.  This has
-		been around since 6.30.
-
-6.62/6.31	93/05/28
-	BETA RELEASE
-	Fix recursive syserr (if there is an error printing a syserr
-		message).  This makes the code much less eager to consider
-		a write error as serious.  This also includes some
-		heuristics to be clever about closed connections.
-	Lock NEWDB files during gets.  This requires version 1.5 or later
-		of the db library.  If you have an older version, you
-		can use -DOLD_NEWDB.  This will go away in a few weeks.
-	Fix problem causing aliases that use host maps to get overwritten.
-	Do appropriate byte swapping on port numbers in ident protocol
-		code.  Fix from Allan Johannesen of WPI.
-	Defer opening of map files to the same time as alias files so that
-		the daemon will tend to pick up new versions more promptly.
-	Prototype a bunch more functions.
-	Some Solaris 2.1 changes (still doesn't link though).
-	Try to simplify Makefiles by including more subordinate #defines
-		in conf.h (based on OS type).
-	CONFIG: check for domains if FEATURE(mailertable) is defined.
-		For example, if the host name is "knecht.cs.berkeley.edu"
-		it will search the following mailertable keys:
-			knecht.cs.berkeley.edu
-			.cs.berkeley.edu
-			.berkeley.edu
-			.edu
-		This could be used to replace the special relays for bitnet
-		and similar nets.
-
-6.61/6.30	93/05/24
-	Fix problem that prevented appending dots on canonified host
-		names.  This breaks tons of config files -- very
-		important fix.
-	Fix improper pointer dereference in response to HELO command.
-	Fix core dump if debugging set in map_rewrite.
-	CONFIG: add FEATURE(always_add_domain) to always attach the
-		local domain (only impacts local mail).
-	CONFIG: try to avoid turning names into $j -- although
-		technically a host can only have one "canonical name",
-		it seems to be common practice to have several.
-
-6.60/6.29	93/05/22
-	Major change: merge alias databases with maps.  This expands and
-		changes the map class interface but fixes a bunch of bugs.
-		The important user-visible change is that the file name
-		in a K line now does not include the ".db" extension; this
-		is added automatically.  Also, the -d (NIS domain) flag is
-		missing from the K config line; use @domain instead.
-		When compiling, the *_MAP names are gone -- just compile
-		in NDBM, NEWDB, and/or NIS support.
-	Announce mailer/host/user triple on -bv flag -- from Brian
-		Bullen of Stirling University.
-	Don't send more than one line in response to HELO -- it confuses
-		Pony Express, which then behaves very badly.  However,
-		this change does send two line 220 greetings, with the
-		second line reading "ESMTP spoken here".  The usersmtp
-		module recognizes this and goes into ESMTP mode regardless
-		of the setting of the "a" mailer flag.  Thus, "a" means
-		"always try EHLO".
-	AIX portability changes (thanks to Christophe Wolfhugel of
-		Herve Schauer Consultants (Paris) for providing me with
-		an INSA account for this purpose).  Lightly tested.  Use
-		-D_AIX3.  This probably breaks compatibility with some
-		older systems (e.g., 4.2bsd) but still works on SunOS
-		4.1.2, Ultrix 4.2A, HP-UX 8.07, OSF/1 T1.3, and AIX 3.2.3.
-	Fix a problem causing an error message loop if the output channel
-		is hosed.
-	Add the Makefiles that I use for various environments -- some are
-		Berkeley make versions and some are old make versions.
-		My makefile for the NeXT box has gotten lost, alas!
-	PRALIASES: support for printing NEWDB databases.  From
-		Michael J. Corrigan of U.C. San Diego.
-	CONFIG: don't pass pseudo-domains to $[ ... $] (if you have
-		a wildcard MX it can have weird results).  From
-		Christophe Wolfhugel.
-	CONFIG: dot terminate relay hostnames in S0.  From Christophe
-		Wolfhugel.
-
-6.59/6.28	93/05/13
-	Log version with SMTP daemon startup message.
-	Adjust setproctitle to work on NetBSD and BSD/386.
-	Fix null pointer reference in MX fallback code.
-	A bunch of minor fixes from Eric Wassenaar:
-		If deliver cannot execv the mailer, return EX_OSERR
-			instead of EX_TEMPFAIL (to give better
-			error messages).
-		Consistently malloc e_message.
-		Catch degenerate case of calling returntosender()
-			with an empty returnq.
-		MIME reformatting.
-
-6.58/6.28	93/05/13
-	Fix bug that can cause incorrect verbose display of user smtp
-		messages.
-	Disable SMTP VERB command if PRIV_NOEXPN is set (since this
-		could reveal the same information.
-	Allow failure when reading SMTP greeting message to go on to
-		next MX host.
-	Add "MIME-Version: 1.0" header if using MIME (this was NOT
-		included in RFC 1344, but Bill King of Allan-Bradley
-		Company forwarded me email from Nathaniel Borenstein
-		claiming that it was an inadvertent omission).
-	Don't use Content-Type: X-message-header.  According to John
-		Myers of CMU, many MIME readers will completely ignore
-		the data if they don't recognize it.  Instead, just
-		add a blank line to make it a legal (empty) message.
-	Fix problem causing dots to keep getting appended to cached
-		hostnames.  This can cause buffer overrun conditions.
-		The problem was found by Erik Forsberg of Retix,
-		although I used a different bug fix than he provided.
-	Fix parsing of split header/envelope rewriting specs -- from
-		Eric Forsberg.
-	Fix from Eric Wassenaar to correct To: lists in error messages.
-
-6.57/6.28	93/05/11
-	Fix minor glitch causing extra ctladdrs to be output to queue
-		file.  Just an annoyance.
-	Cache results of name server canonification lookups to avoid
-		backed up queue runs.
-	Major rewrite of alias.c: considerable cleanup, plus sample
-		(untested) support for NIS aliases.  The "A" option
-		can now be a comma separated list (or be repeated) --
-		that is, you can have multiple alias databases.  Each
-		database can have the syntax ``class:file''; if no class
-		is specified, the "implicit" class is assumed.  Implicit
-		searches through a list of compiled in types -- hash,
-		dbm, nis, and stab.  Alias files are searched in the
-		order they are listed.  For example:
-			OAhash:/etc/aliases.local,/etc/aliases
-			OAnis:mail.aliases@my.nis.domain
-		first searches the hash database /etc/aliases.local,
-		then the regular /etc/aliases database, then the NIS
-		map "mail.aliases" in the NIS domain "my.nis.domain".
-	If in Verbose mode (probably from VERB command) run SMTP job
-		in foreground and don't do RCPT optimizations.
-	Add udb :mailsender as equivalent to owner- for regular aliases.
-	Delete option 8; add option 7 that means the opposite.  That is,
-		default to 8-bit mode; a special option is needed to
-		force sendmail into 7 bit mode.
-	Send error messages in encapsulated MIME format.
-	New compile flag "NIS" that turns on NIS alias and NIS map
-		support.
-	Add "j" option to send error messages in MIME (RFC 1341)
-		encapsulated message format per RFC 1344.  The
-		syntax is pretty ugly if you don't have MIME-aware
-		user agents.
-	Clean up message handling (for display in mailq output).
-	New setproctitle implementation for 4.4bsd.
-	Create files (such as ~/dead.letter) using mode FileMode (the
-		F option value) instead of 0666.
-	Fix bug causing output of EXPN command to not be fully qualified.
-		This may cause some problems with UUCP addresses that
-		will require some config file assistance -- specifically,
-		the $: part has to include the host name for this output
-		to make sense.
-	Fix a problem that sometimes diagnosed errors and still sent the
-		message if the header syntax was bad.
-	Fix a bug that caused an error message to be emailed when sendmail
-		was operating in -bv mode.
-	Add "ListenQueueSize" keyword to daemon options option (OO) to
-		set the queue size parameter passed to listen().  You
-		will normally have to tweak your kernel to up this.
-	Strip spaces off of beginning of message-id before logging (in
-		case it was folded across lines).
-	Tweak compile flags in daemon.c -- there were some cases where
-		it wouldn't work without NETINET.
-	Change *file* mailer to output all the usual default headers
-		(From, Date, Message-Id).  It gets used when sending
-		back error messages.
-	CONFIG: explicitly catch and diagnose list:; syntax in ruleset
-		zero -- this is not a valid recipient syntax according
-		to RFC 821.
-	CONFIG: add confMIME_FORMAT_ERRORS to send error messages in
-		MIME format.  Defaults to on.
-	CONFIG: add SMTP_MAILER_FLAGS and UUCP_MAILER_FLAGS to augment
-		the flags for those mailers.
-
-6.56/6.27	93/05/01
-	Fix problem that causes the fallback mail to postmaster
-		(case ESM_POSTMASTER in savemail()) to not look at
-		aliases (ugh).
-	Some more HPUX tweaking (compile flag hpux => __hpux so it
-		still works in ANSI mode).
-	Don't try to flock non-regular files when mailing to a file.
-		In particular, this was a problem if you tried to
-		send to /dev/null.
-	Fix a weird bug that can cause senders to be queued as
-		recipients if the name server is down when the mail
-		is initially sent.  This hack just ignores sender
-		deletion (essentially, it sets the MeToo flag) if there
-		is a TEMPFAIL during processing of the sender address.
-		Obscure.
-	Fix a dangling else problem -- from Brian Bullen from University
-		of Stirling, UK.
-	Add the "b" mailer flag to force a blank line on the end of
-		messages.  Some brilliant versions of /bin/mail insist
-		on this but do not add it themselves.
-	Add the "g" mailer flag to prevent user SMTP from sending
-		"MAIL From:<>".  This is only intended to be a
-		transitional gesture, and should not be used if at
-		all possible.  It appears that Berkeley and IDA
-		config files have always handled this properly; the
-		UK config kit apparently does not.
-	Don't lowercase and then capitalize header field names -- leave
-		them with original capitalization.  Fixes from Bill
-		King of Allen-Bradley Company.
-	Further cleanup and improved reporting of error messages,
-		particularly conditions that cause messages to be
-		requeued for future delivery.
-	Tweak syslog priorities in some cases.
-	CONFIG: clean up route-addr on UUCP addresses.
-
-6.55/6.25	93/04/27
-	HPUX 8.07 compatibility changes in getla() -- I had to make
-		these changes to get it to work at Berkeley, although
-		others seem to have been working before (???).
-	Various patches to XLA code.
-	Fix problem that causes setuid bit on files to be ignored from
-		SMTP or in queue runs.  Problem noted by Jason Ornstein
-		of Under The Wire, Inc.
-	Fix problem that can cause CNAMEs to be ignored.
-	Generalize getmxrr to match local host in $=w instead of a
-		single name passed in.
-	Some cleanup from Eric Wassenaar:
-		Use FileMailer instead of ProgMailer in two places.
-		Eliminate duplicate 8th-bit stripping in commaize.
-		Fix a problem with mis-parsing of backslash escapes
-			under some circumstances.
-	NIS map fix (was always including trailing null character)
-		from Mike Glendinning of Ingres UK.
-	Add "a" mailer flag to try using ESMTP.  It tries the EHLO
-		command and if that fails falls back to regular SMTP.
-		Also parses EHLO option keywords.  If host supports
-		SIZE extension, this is added to the MAIL FROM:
-		command.
-	Extend "b" option to include a second value which is the
-		maximum message size this server is willing to accept.
-		For example, a value of "10/1000000" says that there
-		must be ten blocks free, and sendmail will reject
-		any message larger than one megabyte.
-	Some portability hooks for NeXT (this could be applicable
-		to Mach in general).  You have to create an empty
-		file called "unistd.h" to get it to compile.
-	Adjust config values (MAXLINE, MAXATOM, and PSBUFSIZE) to
-		be more generous.
-	Add X400-Received: to the list of headers tagged with H_TRACE
-		in conf.c.  From Bill King, Allen-Bradley Co.
-
-6.54/6.25	93/04/19
-	Fix problem that caused redefinition of SMTP and QUEUE compile
-		flags.  Pointed out by Jon Forrest of the Sequoia 2000
-		project at Berkeley.
-	Properly handle \! hack -- it was treating host\!user as one
-		token (host!user) instead of three (host, !, user).
-		Fix from Eric Wassenaar of NIKHEF-H.
-	Fix compilation problem in getauthinfo() if IDENTPROTO is off.
-	Turn off DEFNAMES and DNSRCH when getting the hostsignature
-		(i.e., MX records) in level 1 configuration files; this
-		matches the old behavior.  From Motonori Nakamura of
-		Kyoto University.
-	Improve error message printing -- if sent through an alias,
-		error messages include the name of the alias in the
-		message.  Unfortunately, in order to make this work
-		properly in queue runs, this changes the format of the
-		C line in the qf file.  The relatively uselessness of
-		the previous information was pointed out to me by
-		Allan E Johannesen of WPI.
-	Add XLA compile flag to add hooks to Christophe Wolfhugel's
-		extended load average code.  This is still in very early
-		form.  For information regarding the guts of the xla
-		code, contact Christophe.Wolfhugel@grasp.insa-lyon.fr.
-	Additional hooks for detecting tempfails in rewriting rules
-		(that is, in map lookups).
-
-6.53/6.25	93/04/15
-	Properly diagnose ruleset zero returning null (instead of a mailer
-		triple).  From Motonori Nakamura of Kyoto University.
-	More generalization of socket code for other protocols.
-	Shorten timeouts on reverse name lookups -- since they are done
-		during connection establishment, long timeouts here can
-		cause higher level timeouts.  This mainly serves to accept
-		mail from hosts that do not have proper reverse (PTR) DNS
-		records set up.
-	Reset e_statmsg before each mailer invocation to avoid bogus
-		messages in the log.
-	Redefine $r, $s, and $_ in error envelopes so you don't get
-		incorrect cruft in the error message.  Problem noted by
-		Motonori Nakamura of Kyoto University.
-	Fix a problem that can cause failure to return errors to Postmaster
-		in certain cases.  From Motonori Nakamura.
-	Fix a problem that can cause some systems to give duplicate error
-		messages when a bad syntax address such as "<a" is presented
-		to an SMTP server.   It doesn't seem to occur on all
-		machines.  From Motonori Nakamura.
-	Default IDENTPROTO off for Ultrix and HPUX, which apparently have
-		the interesting "feature" that when they receive a "Host
-		unreachable" message they closes all open connections to
-		that host.  However, some firewall gateways send this message
-		if you try to connect to an unauthorized port, such as the
-		IDENT port (113).  Thus, no email can be received from such
-		hosts.  There is some evidence that versions of Ultrix before
-		4.3 do not have this problem.  Thanks to Tom Ivar Helbekkmo
-		for pointing out this behavior to me and to Michael Corrigan
-		of U.C. San Diego for informing me about the HPUX problem.
-	Allow IPC mailers to return a colon-separated list of hosts in the
-		$@ clause; these are searched in order as though they were
-		MX records.
-	When sending an error report, print the list of addresses tagged
-		as bad.  Requested by Allan E Johannesen of WPI.
-	Change map function calls to return a status code.  This gets
-		passed back as the result of rewrite.  Parseaddr marks
-		the address as a QUEUEUP address if the return code is
-		EX_TEMPFAIL.  All this to queue properly if the name
-		server is down.  This code is not well tested.  This code
-		changes the interface to map lookup functions (a fifth
-		parameter, int *statp, is added).  Feature requested by
-		Dan Oscarsson.
-	Don't delete quotes (in the dequote map) if there are spaces in
-		the string, since this would cause them to be replaced by
-		the SpaceSub character.
-	Accept BODY=8BITMIME on SMTP MAIL command.  This isn't advertised
-		because the 8BIT to 7BIT translation doesn't exist yet.
-		This does add a "bodytype" field to both envelope and
-		queue file and a -B command line flag to pass the type in
-		during direct invocations.
-	Discard return error messages only on responses to responses to
-		responses, not on responses to responses.  That is, the
-		algorithm is to try return to sender, then return to
-		postmaster, then discard.  Previously it discarded
-		immediately if the return to sender pass failed.
-	CONFIG: back out change to hide unqualified hostnames behind %-hack.
-		This screws up local aliases and .forward files.
-	CONFIG: add FEATURE(nocanonify) to turn off calls to $[ ... $];
-		some sites only handle completely canonified names.
-		Requested by John Gardiner Myers of CMU.
-	CONFIG: some UUCP code was still included even if FEATURE(nouucp)
-		was specified.
-
-6.52/6.24	93/04/10
-	Clean up some minor glitches on error return messages pointed out
-		by Motonori Nakamura of Kyoto University.
-	Fix reply() to not reset SmtpReplyBuffer on fatal errors; this
-		was supposed to reset SmtpMsg Buffer.  This makes the
-		client side code virtually useless.  Reported by Allan
-		E Johannesen of WPI and Phil Brandenberger of Swarthmore.
-	Better debug messages if fuzzy is disabled, suggested by Allan
-		E Johannesen of WPI.
-	Offset SmtpReplyBuffer by four in usersmtp when checking for
-		loopback.  From Eric Wassenaar.
-	Don't set $s until after runinchild in srvrsmtp -- otherwise
-		it gets cleared.  From Eric Wassenaar.
-	Implement IDA-style $&x for deferred macro expansion.
-	More POSIX compatibility.
-	CONFIG: Hide unqualified hostnames behind %-hack using $s as the
-		actual sender.  This is only done if $r is non-null, that
-		is, if this is not locally submitted mail.
-	CONFIG: Add FEATURE(bitdomain) allowing mapping of BITNET host
-		names to internet domains.  A program contributed by
-		John Gardiner Myers of CMU to create the maps is included
-		in the contrib directory (in the "misc" tar file).
-	CONFIG: Add FEATURE(uucpdomain) for a similar mapping for UUCP
-		hosts.  There is currently no tool to create this map.
-
-6.51/6.23	93/04/04
-	Add D= mailer flag to specify a path of possible working directories
-		in which to execute the mailer.  This is intended for the
-		prog mailer; some shells can get upset if they don't have
-		access to the current directory.
-	Add RFC 1413 (IDENT) protocol support.  This is only very loosely
-		tested.  This adds a $_ macro to be the authenticated
-		info (in ``user@domain [address]'' form) and debug flag
-		9 to trace the protocol.
-	Check for loopbacks in usersmtp instead of srvrsmtp -- there is no
-		reason for a local agent to not be talking to the localhost
-		(although the inverse is not true).
-	Add a few hooks for automated map rebuilding.  This is certainly
-		not done yet.
-	CONFIG: Have prog mailer specify a path of ``D=$z:/'' -- that is,
-		user's home directory then the root.
-	CONFIG: Log RFC 1413 identification in Received: line.
-
-6.50/6.22	93/04/01
-	Fixes to requeueing code to make it compute priority, nrcpts,
-		and the like properly.
-
-6.49/6.22	93/04/01
-	Diagnose incorrect privacy flags.  Suggested by Bryan Costales
-		of ICSI.
-	Some ANSI C fixes.
-	Arrange to quote backslashes as well as other special characters
-		in the phrase part of a route-addr.
-	Some fixes to FallBackMX code suggested by Motonori Nakamura of
-		Kyoto University.
-	More vigorous zeroing of CurHostAddr to avoid logging of bogus
-		host addresses when you are actually just printing
-		information from the MCI structure; problem noted by
-		Michael Corrigan of U.C. San Diego.
-	Don't ignore rest of queue if any job is not runnable.  This can
-		also cause an incorrect job to be lost.  Fix from
-		Eric Wassenaar.
-	Always respond "quickly" to RCPT command; do alias expansion and
-		the like later.  This also means that mail for lists that
-		have errors will be accepted, and an error sent back
-		later.  This is done by instantiating the queue file
-		and then immediately running and requeueing it.
-
-6.48/6.22	93/03/30
-	Fix incorrect diagnosis of infinite loop in ruleset.  Problem noted
-		by several people.
-	Improve information printed when infinite loops are discovered.
-	Zero CurHostAddr to fix erroneous internet addresses in log when no
-		addresses can be bound.  Pointed out by Motonori Nakamura
-		of Kyoto University.
-	"Probe" SMTP connections using RSET instead of NOOP "just in case".
-		Suggested by John Gardiner Myers of CMU.
-	Don't warn about -f if you are setting sender to yourself.
-
-6.47/6.22	93/03/29
-	Fix incompatible call to endmailer in smtpquit which causes core
-		dumps.  Noted by Allan E Johannesen of WPI.
-	HPUX portability changes from Michael J. Corrigan of UC San Diego.
-	Require MAIL before RCPT command in srvrsmtp.c.  This had been
-		intentional from the 821 draft days when the order wasn't
-		clear, but is silly now.
-	Fix bug in nis_magic routine that was initializing parameters
-		incorrectly.  Fix from Takahiro Kanbe of Fuji Xerox
-		Information Systems Co., Ltd.
-	Change default for PrivacyFlags in conf.c to 0 -- since it always
-		"or"s in new values, there was no way to turn off the
-		AuthWarning stuff.
-	Add O option to set SMTP daemon options.
-	Add V option to set fallback MX host.  This always sorts at lower
-		priority than anything it gets from the name server.  It
-		should only be used for environments with very bad network
-		connectivity.  Requested by several people.
-	Log sending info.  It's not clear this is a good idea.
-	CONFIG: fix typo in mailertable code.  Noted by Phil Brandenberger
-		of Swarthmore.
-	CONFIG: add confDAEMON_OPTIONS and confFALLBACK_MX to set options
-		O and V, respectively.
-
-6.46/6.21	93/03/26
-	Fix botch in server SMTP that broke transactions that did not
-		use HELO first (like MH).  Fix from Michael Corrigan
-		of U.C. San Diego.
-	Fall back to other MX records if there is an error anywhere
-		in delivery (actually on MAIL or DATA -- RCPT is harder).
-		Suggested by John Gardiner Myers and Motonori Nakamura.
-	Revert to non-prototypes -- it turns out that our ANSI C
-		compiler is more forgiving than most others about
-		mixing prototyped extern declarations with non-prototyped
-		function definitions.
-	Fix a problem with multi-word class matching pointed out by
-		Neil Rickert.  Given:
-			CX b a.b.c
-			R$+ $=X $+	$: $1 < $2 > $3
-		the input "user@a.b.c" failed instead of being properly
-		rewritten as "user@a.<b>.c".
-	Neil also convinced me that it was correct that $~ should match
-		only one token -- the problem is that it's always possible
-		to add another token, so $~ matches far too eagerly.
-
-6.45/6.21	93/03/25
-	Implement multi-word classes (properly!).
-
-6.44/6.21	93/03/25
-	Add X-Authentication-Warning: headers to clue users into possible
-		attempts to forge mail.  This is on the authwarnings
-		privacy flag, but is the default.  Suggested by Bryan
-		Costales of ICSI.
-	Pass default units for convtime in so they can be more reasonable.
-	Allow config files to always add a new Comments: header (i.e.,
-		they will be added even if an old one already exists).
-		Suggested by Bryan Costales of ICSI.
-	Allow config files to delete an existing Return-Path: header.
-		These should only be added at final delivery.  Suggested
-		by Bryan Costales of ICSI.
-	Some debugging additions.  Suggested by Bryan Costales of ICSI.
-	Clean up logging of Family 0 addresses.  Noted by David Muir
-		Sharnoff and others.
-	Add a "dequote" map class.  This allows config files to strip
-		quotes off of addresses.  Note that this is not a builtin
-		map, just a class -- so you have to define the map
-		using the K line.
-	Fix a bug in the queueup() loop getting a locked tf where in
-		very odd cases it can fall off the bottom and core dump.
-		Of course, it was P{r Emanuelsson who found it....
-	Open a new transcript when splitting an envelope.  Problem found
-		by Allan E Johannesen of WPI.
-	Improved error output in endmailer if the mailer core dumps.
-	CONFIG: Fix typo in UUCP mailer definition.
-	CONFIG: Default several of the new options on: eight bit input,
-		privacy flags set to "authwarnings", and message warning
-		set to 4h.
-	CONFIG: Use dequote map.
-
-6.43/6.20	93/03/23
-	Fix problem with assumption of an sa_len field in a generic
-		sockaddr -- it turns out that most vendors haven't
-		picked up this (very important) fix.
-	Change compilation flags for daemon code -- select one or both
-		of NETINET or NETISO, but don't ever set DAEMON manually.
-	CONFIG: add FEATURE(mailertable) to do IDA-style mailertables.
-
-6.42/6.19	93/03/19
-	Use Postmaster as default fallback return address, not root.
-	POSIX changes for file descriptor handling.
-	Diagnose errors writing new queue file.
-	If you change the owner using an owner- alias, also change the
-		error mode to EM_MAIL so that errors don't get dropped
-		into an inappropriate directory.  Problem noted by
-		Allan E Johannesen of WPI.
-	If you are su'ed to root, send email as who you really are, not
-		as root.  From Brian Kantor of U.C. San Diego.
-	Allow warning messages to be sent after a configurable interval
-		has passed without delivery.  The message is sent only
-		once per envelope.  This changes the format of the qf
-		file to have an F line, and the format of the T option
-		to accept take the format "return/warn" (both intervals).
-	Don't force all local names to lower case -- this was left over
-		from the weird handling of case mapping on aliases.  It
-		is now driven (as expected) by the "u" mailer flag.
-		Problem noted by P{r Emanuelsson.
-	Fix problem that caused headers on returned email to be trashed;
-		they were getting freed, but are still accessible via
-		BlankEnvelope.
-	Fix problem that caused bogus ids to be created on returned
-		mail.
-	Add support for ISO and other non-INET networking.  This is by
-		no means finished yet.  This does assume a lot of other
-		system support, like a version of gethostbyname that
-		returns non-AF_INET addresses.
-	CONFIG: change default on prog mailer to keep upper case in
-		user names (i.e., in the program command line).
-	CONFIG: strip trailing dots off of hosts in uucp mailer before
-		convert to bang format.
-	CONFIG: create new "relay" mailer for $R (LOCAL_RELAY) and $H
-		(MAIL_HUB) delivery that doesn't add local domain.  Note
-		that this violates 821, but is probably "more correct"
-		for what we are trying to do.  Problem pointed out by
-		Michael Graff of Iowa State.
-
-6.41/6.18	93/03/18
-	Clean up unnecessary creates of queue ids (i.e., empty qf files)
-		when not needed, such as when starting up an SMTP
-		connection.
-	Fix problem where split envelopes aren't instantiated in the queue.
-		This is quite a serious bug.
-	Owner- aliases had problems with leading spaces causing a
-		premature delimitation.
-
-6.40/6.18	93/03/18
-	Have ending 250 (after DATA) include the id; suggested by
-		Brian Kantor of UC San Diego.
-	Add logging on envelope splitting.
-	Change queue ids to have one more letter encoding the hour of
-		the day so that during a single day there is a greater
-		likelihood of uniqueness; requested by Brian Kantor.
-
-6.39/6.18	93/03/18
-	Fix minor compile problem if LOCKF is defined.
-	Define size of tobuf in conf.h.  Observed by Toshinari Takahashi
-		of Toshiba.
-	Restore e_sender -- this is equivalent to e_from.q_paddr without
-		decorations such as angle brackets and comments.
-	OSF/1 on Alpha changes from Allan E Johannesen of WPI.
-	CONFIG: fix typo in S3 for list syntax (;: => :;).  Thanks to
-		Christopher Hoover for noting the problem.
-
-6.38/6.17	93/03/17
-	Pass envelope to disconnect to avoid another use of CurEnv, which
-		can apparently end up being null at inopportune times.
-	Log "received from" as "relay=" for consistency (suggested by
-		John Gardiner Myers).
-	Fix major bug in header handling:  if no From: line existed in
-		the header (so sendmail inserts one), and the sender is
-		an alias that has an owner, the From: line shows the
-		owner (as well as the envelope).  Fixed by early binding
-		the headers (which will change debugging output).
-	HPUX portability patches from Michael J. Corrigan of UC San Diego.
-	Some attempts to adapt better to out of open file conditions.
-	Some changes to ctladdr handling in queue files.
-
-6.37/6.17	93/03/16
-	MAJOR CHANGE:  delete e_sender and e_returnpath (why are these
-		different from e_from?) and $< macro.
-	Log correct IP address in relay= field even if the connection
-		times out.
-	Log "received from [RESPONSE]" on EF_RESPONSE messages (from
-		John Gardiner Myers).
-	Fixes to SysExMsg logging (sometimes just got "message: %s"
-		instead of "message: error message"), noted by Eric
-		Wassenaar.  Also reported by Motonori Nakamura.
-	Improvements to MX piggybacking code, from Motonori Nakamura.
-	Fix case where CurHostName points to an auto variable that has
-		been deallocated (from Motonori Nakamura).
-	Fix bug causing newlines to be included in aliases if option
-		"n" (check alias RHS) is set; bug noted by David Muir
-		Sharnoff.
-	Fix problem causing user names that should be mapped to lower
-		case to not be mapped if they are sent during a queue
-		run.  This greatly simplifies the case mapping code.
-		Problem noted by Allan E Johannesen of WPI.
-	Don't do recipient address rewriting in buildaddr.  This
-		improperly did recipient rewriting on sender addresses,
-		and just seems bogus in general -- but the change could
-		break some .cf files.
-	Pass TZ envariable to child processes for System V.
-	CONFIG: allow LOCAL_RULE_1 and LOCAL_RULE_2 if you want to
-		define those rulesets.
-	KNOWN PROBLEM:  I have seen some problems on SunOS that causes
-		the User Data Base to give errors on some addresses.  I
-		have tracked the problem back at least as far as 93.02.15
-		(version 6.22).  Running with debugging on makes it
-		go away, so I conclude that it is referencing uninitialized
-		stack data.  I haven't been able to track this down yet.
-
-6.36/6.16	93/03/08
-	Allow local mailer to specify $@host -- this lets you assign the
-		"foo" part of jgm+foo to $h for passing in to the local
-		mailer.
-	Additional debug printing in getcanonname (show query type).
-	Don't add the e_fromdomain on sender addresses -- this interacts
-		weirdly with the owner- code.
-	Improve delivery logging to not log obvious or meaningless stuff.
-	Include numeric IP address in Received: lines per RFC 1123 section
-		5.2.8.
-	Fixed a bug in checking stat() return value if restrictmailq is
-		set.  Also, check the entire group set instead of just the
-		primary group.  Both from John Gardiner Myers.
-	Don't have usrerr automatically print errno, since this is often
-		misleading.
-	Use transienterror() in makeconnection after connect() fails and
-		in openmailer after execve() fails (from Eric Wassenaar).
-		Also moved transienterror() from util.c to conf.c.
-	Clean up from= logging on response messages.
-	Undo patch allowing prescan to return a null vector -- it breaks
-		too many things.
-	Config: FEATURE(notsticky) lets you use UDB for everything coming
-		in to the machine, even if it is specifically targetted
-		to this machine.  Without it, UDB is bypassed if the user
-		name is fully qualified.
-	Config: fix another minor botch with <> (local mailer wasn't
-		mapping them properly).
-
-6.35/6.15	93/03/05
-	Fix getrealhostname to return null if sinlen <= 0 -- this can
-		occur if stdin is a pipe.
-	Avoid infinite loop in getcanonname if name server return
-		NO_DATA (for example).
-	Config: avoid having C flag qualify list syntax and error syntax.
-
-6.34/6.14	93/03/05
-	Fix logging in deliver to not pass too many parameters to Ultrix
-		versions of syslog.
-	Don't write the pid file until after the daemon has actually
-		opened and conditioned the connection.
-	Consider addresses "different" if their q_uids differ (so that
-		two users forwarding to the same program will be seen
-		as different, rather than the same).
-	Fix problem with bad parameters in main() -- they set ExitStat
-		but don't exit.
-	Fix null pointer references through RealHostName -- painfully
-		discovered by Allan E Johannesen of WPI.
-	Fix bug causing user@@localhost to core dump (yuch).
-	Config: don't put two @host.dom.ain on users in $=E in SMTP
-		mailer.  Also, catch user@ (no host) in ruleset 0.
-
-6.33/6.13	93/03/03
-	Config: add confCW_FILE as the name of the cw configuration file
-		(defaults to /etc/sendmail.cw).  From P{r Emanuelsson.
-	Allow prescan to return a pointer to an empty list -- this is
-		not an error.  Also, clean up error reporting to avoid
-		double errors (prescan reports once, then the caller
-		reports again).
-	Changes to avoid trusting T_ANY queries -- run them, but if you
-		don't get the info you expected, do T_A and T_MX queries
-		anyhow.  This also fixes an oversight where _res.options
-		bits were being ignored.
-	If PRIV_NOVRFY is set, use 252 response code instead of 502 per
-		RFC 1123 section 5.2.3.  It's not 100% clear that this
-		is correct, but it probably works better with stupid
-		mailers that do a VRFY and only check the first digit.
-
-6.32/6.12	93/03/02
-	Fix uninitialized variable "protocol" in smtp code.
-	Include <unistd.h> in sendmail.h -- move towards POSIX/ANSI.
-	Additional hooks for RFC 1427 (ESMTP SIZE extension).  This
-		includes requiring that enoughspace() know the system
-		block size, which will undoubtedly break most ports.
-	Trace flag 19 in use for srvrsmtp.c.
-	Additional logging -- notably the sending mailer name.  This
-		also changes the delivery logging to strict field=value
-		syntax.
-	Fix some problems with messages getting sent even to addresses
-		that had been marked bad -- from Eric Wassenaar.
-	More WIDE changes: accept host name inside [...] as non-MXed
-		host.  This is intended ONLY for use inside firewalled
-		environments, where the MX points at the gateway.
-	Change .cf file conventions so that mapping for <> addresses
-		don't have an @ in them (to avoid confusing the C mailer
-		flag).  Pointed out by Neil Rickert.
-	Config extensions for Sam Leffler's FlexFAX software.
-
-6.31/6.10	93/02/28
-	Fix some more bugs in alias owner code -- there were some weird
-		cases where an error in a non-aliased name would override
-		the return info in an aliased name with an owner.
-	Changes from WIDE Project, forwarded to me by Motonori Nakamura:
-		Log actual delivery host (after MX et al); from
-			yasuhiro@dcl.co.jp.
-		Log daemon startup.
-		Deliver Postmaster copies without a body.
-		Better logging of SMTP senders.
-		Send all program email as daemon even when local.
-	As requested in various forms from many people, accept -qIstring
-		to limit queue runs to jobs with queue-id matching string.
-		Similarly for -qRstring for recipients, -qSstring for
-		senders.
-	Initial hooks for ESMTP support (see RFC 1425).
-	Fixed a syntax error in the UUCP mailer specification that caused
-		core dumps on startup.
-	Check for missing A= or P= arguments in mailer definitions.
-
-6.30/6.10	93/02/27
-	Require FROZENCONFIG compilation flag to include frozen
-		configuration code.  Frozen configuration is really
-		not a very good idea any more, particularly in shared
-		library environments.
-	Do better checking of errno after opens of :include: and .forward
-		files to defer delivery on network and other transient
-		errors.  Suggestion from Craig Everhart.
-	Fix minor botch in read timeout macro processing.
-	Add FEATURE(nouucp) to config files for sites that know absolutely
-		nothing about UUCP.
-	Add built cf files to distribution tape and clarify how to build
-		them if you don't have the Berkeley make.
-	Some sizeof(long) portability changes for the Alpha, from Allan
-		E Johannesen.
-	Add "restrictmailq" privacy flag -- if set, only people in the same
-		group as your queue directory can print the queue.  If you
-		set this, be sure you also restrict access to log files....
-	Fix another bug in owner-list stuff that can cause data files to
-		be "lost".
-	Fix a bug with queue runs that cause forwards to yourself to go
-		into alias/forwarding loops.  I'm still iffy about this
-		fix.
-	Fix from Eric Wassenaar for suppression of return message code.
-
-6.29/6.9	93/02/24
-	Fix yet another problem in alias owner code -- put the wrong return
-		address on the enclosed return-to-sender letter.
-
-6.28/6.9	93/02/24
-	Fix botch in alias owner code that caused it to not operate if the
-		error was detected locally.
-
-6.27/6.9	93/02/24
-	M_LOCAL => M_LOCALMAILER to avoid conflict with Ultrix include
-		file <sys/mount.h>.
-	Miscellaneous bug fixes from Eric Wassenaar:
-		sendmail -bv -t logs the from line even though in verify
-			mode only.
-		sendmail -v can go into queue mode if shouldqueue returns
-			TRUE.
-	Add route-addr pruning per RFC 1123 section 5.3.3.  This can be
-		disabled using the "R" option.
-	Delete (always undocumented) -R flag (save original recipients);
-		there are ways to syslog(3) these now.
-	Clean up SMTP reply codes -- specify them as needed in the code,
-		instead of in conf.c -- this was needed during the NCP to
-		TCP transition, but seems silly now.  This also changes
-		parameters to message and nmessage.
-	Have mailstats read the .cf file to find the sendmail.st file and
-		get text versions of mailer names.  An initial version of
-		this code was provided by Tuominen Keijo (although the
-		comments indicate the good bits were written by "E.V.").
-	Add yet more System V compatibility hacks.
-	Fix bug in VRFY code (assumes everything must be a local user).
-	Allow specification of any of the hard-wired pathnames in the
-		Makefile.
-	Delete concept of "trusted users" -- this really didn't provide
-		any security anyway, and caused some problems.
-	Delete last vestige of support for the word "at" as an equivalent
-		to the character "@".
-	Propagate owner-foo alias information into the envelope sender.
-		Based on code from John Gardiner Myers.  This is a major
-		semantic change -- beware!
-	Allow $@ on LHS to indicate "match zero" -- this is used to match
-		the null expression.
-
-6.26/6.8	93/02/21
-	Don't "lose" queue runs.  Very important fix from (who else?)
-		Eric Wassenaar.
-	Completely reset state on RSET command -- from Eric Wassenaar.
-	Send error messages and return receipts using an envelope sender
-		of <> regardless of the setting of $n.  Rewriting rules
-		can undo this if they feel the necessity, as might be
-		needed for networks that don't understand the syntax.
-		This is permitted by RFC 821 section 3.6 and required by
-		RFC 1123 section 5.3.3.  THIS REQUIRES VERSION 4 CONFIG
-		FILES because the rulesets must be able to parse <>
-		properly.
-	Don't ever send error messages to "<>" -- they will get sent to
-		the local postmaster or dumped in /usr/tmp/dead.letter
-		instead.  Per RFC 1123 section 5.3.3.
-	Explicitly check for email to yourself as a dotted quad.  You
-		have to call $[ [ ... ] $] to get this.
-	Up the message timeout to five days per RFC 1123 section 5.3.1.1.
-	Make all read timeouts individually configurable, as strongly
-		recommended by RFC 1123 section 5.3.2.
-	Use f_bavail (blocks available to regular users) instead of f_bfree
-		(blocks available to superuser) in free block checks.
-	Change $d macro to be the current time, not the origination time,
-		since this is consistent with how it is used now.
-	Generalization of enoughspace from Eric Wassenaar covering
-		SGI, Apollo, HPUX, Ultrix, and SunOS.
-	Ignore process group signals -- some front ends can do this if
-		you kill a window too quickly.  From Eric Wassenaar.
-	Change umask to 022.
-
-6.25/6.8	93/02/20
-	Close all cached connections before calling mailers and after
-		forking for delivery (caused double closes which resulted
-		in false errors).
-	Add FEATURE(redirect) in config files -- this allows you to alias
-		old addresses to a pointer to the new address that will
-		give a 551 error message, but not deliver the mail.
-	Some code changes to make the 551 errors look pretty.
-	Names of M4 program paths in config files have changed -- they
-		are all XXX_MAILER_PATH now, to match XXX_MAILER_FLAGS.
-	Fix a bug in the QSELFREF code having to do with empty .forward
-		files, reported by Eric Wassenaar.
-	Add option "p" (privacy flags); this allows you to tune how
-		picky the SMTP server will be.  This also adds the
-		confPRIVACY_FLAGS M4 macro in the config files.
-	Add option "b" (minimum blocks free).  If there are fewer than
-		this number of blocks free on the filesystem containing
-		the queue directory, the SMTP MAIL command will return
-		a 452 response and ask you to try again later.  This
-		also adds the confMIN_FREE_BLOCKS M4 macro in the config
-		files.
-	Made VRFY just verify (doesn't expand aliases and .forward files);
-		EXPN does full expansion.  RCPT in queue-only mode also
-		doesn't chase aliases and .forward.
-
-6.24/6.7	93/02/19
-	Increase the number of domain search entries in domain.c to allow
-		for the extra "" entry indicating the root domain.
-		Reported by Motonori Nakamura of Kyoto U.
-	Add a "SMART_HOST" in the configs for UUCP-connected sites that
-		want to forward all mail with extra "@"s to that site.
-		Also allows SMART_HOST, LOCAL_RELAY, and MAIL_HUB to
-		be specified as ``mailer:hostname'' to use an alternate
-		mailer.
-	Clarified and updated some wording in the Operations Guide.
-	Add the "c" mailer flag -- this suppresses all comment parts of
-		addresses (requested by John Curran of NEARnet).
-	Have -v print prompts in -bt mode even if stdin is not a terminal
-		(default behavior is to be silent if not reading from
-		a terminal).  Suggested by Bryan Costales, ICSI.
-	Move the metacharacters from C0 space (\001-\037) into C1 space
-		(\201-\237).  This also fixes a bunch of potential bugs
-		with G1 characters (\240-\276) in headers relating to
-		negative numbers passed to isspace() et al.
-	Add YP_LAST_MODIFIED and YP_MASTER_NAME to DBM version of alias
-		database if YPCOMPAT is #defined.  Enhancement from
-		Takahiro Kanbe of Fuji Xerox Information Systems Co., Ltd.
-	Add "list" Precedence (-30); this can be used with old sendmails
-		which will map to precedence 0 (which will return error
-		messages).  Suggested by Stephen R. van den Berg.
-	Many bug fixes from Eric Wassenaar of the National Institute for
-			Nuclear and High-Energy Physics, Amsterdam:
-		Clear timeouts properly on open failures in include().
-		Don't dereference through NULL if no home directory found.
-		Re-establish SIGCHLD signal on System 5 in reapchild().
-		Avoid NULL pointer reference on -pFOO flag.
-		Properly handle backslash escapes in comments.
-		Correctly check reply status on SMTP NOOP command.
-		Properly save SMTP error message if peer gives
-			"Service Shutting Down" message.
-		Avoid writing to the transcript if it couldn't be opened.
-		Signal errors in SMTP children to parent properly.
-	Handle self references in a list more globally (include a
-		QSELFREF bit in the address flags).  This enhancement
-		was suggested by Eric Wassenaar.
-	Use initgroups() in hpux, even though it's System-V based.  The
-		HASINITGROUPS compile flag can set this on other systems.
-		This HPUX behavior was pointed out by Eric Wassenaar.
-
-6.23/6.6	93/02/16
-	Clean up handling of LogLevel to make it easier to figure out
-		what's on what level.
-	Change log levels to have some consistency:
-		1    serious system failures, security problems
-		2    lost communications, protocol failures
-		3    other serious failures
-		4    minor errors
-		5    message collection
-		6    vrfy logging, creation of return-to-sender
-		7    delivery failures
-		8    delivery successes
-		9    delivery tempfails (queue ups)
-		10   database expansion
-		>64  debugging
-	Allow IDA-style separated processing on S= and R= in Mailer
-		definition lines.  Note that rulesets 1 and 2 are
-		still used for both addresses as before.  Bruce Lilly
-		gave a convincing argument that RFC976 insists on
-		this behavior.
-	Added some time zones to arpatounix -- they may not be in the
-		standards, but they are in use.  However, I may delete
-		arpatounix entirely -- there appears to be no reason
-		for it to exist.
-	Change to UUCP mailer (in cf directory) to try to do a saner job.
-		I'm still not certain about this mailer in general.
-
-6.22/6.5	93/02/15
-	Fix bug that prevents saving letters in ~/dead.letter.
-	Don't add angle brackets in VRFY command if angle brackets already
-		exist in the address.
-	Fix bogus error message in udbexpand.
-	Null terminate host buffers in buildaddr (broken in 6.21) --
-		IMPORTANT FIX!!
-
-6.21/6.5	93/02/15
-	Fix another incorrect error message in alias.c, found by Azuma
-		Okamoto.
-	Fix a couple of problems in the more-configurable config files,
-		found by Tom Ivar Helbekkmo.
-	Fix problem with quoted :include: entries.
-	Don't duplicate the filename on verbose printing of .forward and
-		:include: contents.
-	Extend size of prescan buffer (to allow bigger addresses).  Also,
-		detect some buffer overflows.
-	Log user SMTP protocol errors (log level 4).
-
-6.20/6.4	93/02/14
-	Fix another problem in the MCI state machine caused when there
-		were errors generated from the other end to commands
-		other than RCPT.
-
-6.19/6.4	93/02/14
-	Include load average support for DEC Alpha running OSF/1.
-	Fix multiple-response problem with errors in MAIL From: line.
-	Fix SMTP reply codes for invalid address syntaxes (give 501;
-		never give multiple error messages for a single message).
-	Fix problem where a cached connection timeout rejects all
-		later connects to that host.
-	Fix incorrect error message if alias.c is compiled with DBM only.
-	Additional changes to fix nested conditionals (from Bruce Lilly).
-	Recover more gracefully from operating system failures, particularly
-		NULL returns from openmailer (from Noritoshi Demizu,
-		OMRON Corporation).
-	Log forward, alias, and userdb expand operations on log level 10;
-		concept suggested by P{r (Pell) Emanuelsson.
-	Changes for HPUX 8.07 compatibility.
-
-6.18/6.4	93/02/12
-	Allow any config option to be set using an M4 define.
-	Change UNAME compile flag to HASUNAME for IDA compatibility
-		(besides, it's a better name).
-	Note in README that on SunOS it must be linked -Bstatic.
-	Fairly major change in domain.c to handle wildcard MX records
-		more rationally.  NOTE: the "w" option (no wildcard MX
-		records match local domain) has been eliminated.
-	Fix some unset variable references pointed out by Bruce Lilly.
-	Fix host name in process titles when using cached connection.
-
-6.17/6.3	93/01/28
-	Fix System 5 compatibility changes to be compatible with the rest
-		of the world.
-
-6.16/6.3	93/01/28
-	Experimental fix for problem handling errors in the SMTP
-		protocol in conjunction with connection caching.
-	System 5 compatibility changes.
-
-6.15/6.3	93/01/26
-	Fix a bug that causes local mail delivered using -odq to be
-		eliminated as a duplicate (because it matched the
-		ctladdr, now passed in as a C line).  These changes
-		are pretty tricky......
-
-6.14/6.3	93/01/25
-	Add debugging for some MCI errors.
-
-6.13/6.3	93/01/22
-	Fix -e compatibility flag to take a value.
-	Fix a couple of minor compilation warnings on Sun cc.
-	Improve error messages in a few cases to be more self-explanatory.
-
-6.12/6.3	93/01/21
-	Fix yet-another problem with environment handling, pointed out
-		by Yoshitaka Tokugawa and Tom Ivar Helbekkmo.
-	Some heuristics to try to limit resource exhaustion problems
-		if a downstream host has been down for a long time.
-	Fix problem with incorrect host name being logged in "Connection
-		timed out" messages (from Tom Ivar Helbekkmo).
-	Fix some ANSI C problems (from Takahiro Kanbe).
-	Properly log message sender on returned mail during queue run.
-	Count number of recipients properly.
-	Fix a problem in yp map code.
-	Diagnose "message timed out" (from Motonori Nakamura).
-
-6.11/6.3	93/01/20
-	Fix problem with address delimitor inside quotes.
-	Define $k and $=k to be the UUCP name (from the uname call)
-		based on code from Bruce Lilly.
-
-6.10/6.2	93/01/18
-	Implement arpatounix (largely code from Bruce Lilly).
-	Log more info (suggested by John Myers).
-	Allow nested $?...$|...$. (inspired by code from Bruce Lilly of
-		Sony US).
-	POSIX compatibility (noted by Keith Bostic).
-	Handle SMTP MAIL command errors properly (urged by several people,
-		notably John Myers of CMU).
-	Do early diagnosis of .cf errors (notably referencing a RHS
-		substitution that isn't on the LHS).
-	Adjust checkpointing to better handle batched recipients, suggested
-		by John Myers.
-	Fix miscellaneous bugs.
-	(config files:)  Implement MAIL_HUB for all local mail (to handle
-		NFS-mounted directories) as urged by Tom Ivar Helbekkmo
-		of the Norwegian School of Economics.
-
-6.9/6.1 	93/01/13
-	Environment handling simplification/bug fix -- child processes
-		get a minimal, fixed environment.  This avoids different
-		behavior in queue runs.
-	Handle commas inside comments properly.
-	Properly limit large messages submitted in -obq mode.
-
-6.8/6.1		93/01/10
-	Check mtime of thaw file against .cf and sendmail binary, based on
-		code from John Myers.
-
-6.7/6.1		93/01/10
-	MX piggybacking, based on code from John Myers@CMU.
-	Allow checkcompat to return -1 to mean tempfail.
-	Bug fix in m_mno computation.
-
-6.6/6.1		93/01/09
-	Tuning of queueing functions as recommended by John Gardiner Myers.
-	Return mail headers (no body) on messages with negative precedence.
-	Minor other bug fixes.
-
-6.5/6.1		93/01/03
-	Fix botch causing queued headers to have ?XX? prefixes.
-
-6.4/6.1		93/01/02
-	Changes to recognize special mailer types (e.g., file) early.
-
-6.3/6.1		93/01/01
-	Pass timeouts to sfgets.
-	Check for control characters in addresses.
-	Fixed deferred error reporting.
-	Report duplicate aliases.
-	Handle mixed case recursive aliases.
-	Misc bug fixes.
-
-6.2/6.1		92/12/30
-	Put return-receipt-to on a conf.c flag (but don't set it).
-	Fix minor syslog problem.
diff --git a/contrib/sendmail/cf/README b/contrib/sendmail/cf/README
index 392c36d..dc3cebe 100644
--- a/contrib/sendmail/cf/README
+++ b/contrib/sendmail/cf/README
@@ -1,63 +1,26 @@
 
+		SENDMAIL CONFIGURATION FILES
 
-		NEW SENDMAIL CONFIGURATION FILES
-
-		Eric Allman <eric@Sendmail.ORG>
-
-		@(#)README	8.186 (Berkeley) 2/3/1999
-
-
-This document describes the sendmail configuration files being used
-at Berkeley.  These use features in the new (R8) sendmail; they will
-not work on other versions.
-
-These configuration files are probably not as general as previous
-versions, and don't handle as many of the weird cases automagically.
-I was able to simplify them for two reasons.  First, the network
-has become more consistent -- for example, at this point, everyone
-on the internet is supposed to be running a name server, so hacks to
-handle NIC-registered hosts can go away.  Second, I assumed that a
-subdomain would be running SMTP internally -- UUCP is presumed to be
-a long-haul protocol.  I realize that this is not universal, but it
-does describe the vast majority of sites with which I am familiar,
-including those outside the US.
-
-Of course, the downside of this is that if you do live in a weird
-world, things are going to get weirder for you.  I'm sorry about that,
-but at the time we at Berkeley had a problem, and it seemed like the
-right thing to do.
-
-This package requires a post-V7 version of m4; if you are running the
-4.2bsd, SysV.2, or 7th Edition version, I suggest finding a friend with
-a newer version.  You can m4-expand on their system, then run locally.
-SunOS's /usr/5bin/m4 or BSD-Net/2's m4 both work.  GNU m4 version 1.1
-or later also works.  Unfortunately, I'm told that the M4 on BSDI 1.0
+This document describes the sendmail configuration files.  This package
+requires a post-V7 version of m4; if you are running the 4.2bsd, SysV.2, or
+7th Edition version.  SunOS's /usr/5bin/m4 or BSD-Net/2's m4 both work.
+GNU m4 version 1.1 or later also works.  Unfortunately, the M4 on BSDI 1.0
 doesn't work -- you'll have to use a Net/2 or GNU version.  GNU m4 is
-available from ftp://ftp.gnu.org/pub/gnu/m4-1.4.tar.gz (check for
-the latest version).  EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken
-(3.x is fine).  Use GNU m4 on this platform.
-
-IF YOU DON'T HAVE A BERKELEY MAKE, don't despair!  Just run
-"m4 ../m4/cf.m4 foo.mc > foo.cf" -- that should be all you need.
-There is also a fairly crude (but functional) Makefile.dist that works
-on the old version of make.
-
-To get started, you may want to look at tcpproto.mc (for TCP-only
-sites), uucpproto.mc (for UUCP-only sites), and clientproto.mc (for
-clusters of clients using a single mail host).  Others are versions
-that we use at Berkeley, although not all are in current use.  For
-example, ucbvax has gone away, but I've left ucbvax.mc in because
-it demonstrates some interesting techniques.
-
-I'm not pretending that this README describes everything that these
-configuration files can do; clever people can probably tweak them
-to great effect.  But it should get you started.
+available from ftp://ftp.gnu.org/pub/gnu/m4-1.4.tar.gz (check for the
+latset version).  EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x
+is fine).  Use GNU m4 on this platform.
+
+To get started, you may want to look at tcpproto.mc (for TCP-only sites),
+uucpproto.mc (for UUCP-only sites), and clientproto.mc (for clusters of
+clients using a single mail host).  Others are versions previously used at
+Berkeley.  For example, ucbvax has gone away, but ucbvax.mc demonstrates
+some interesting techniques.
 
 *******************************************************************
 ***  BE SURE YOU CUSTOMIZE THESE FILES!  They have some		***
 ***  Berkeley-specific assumptions built in, such as the name	***
-***  of our UUCP-relay.  You'll want to create your own domain	***
-***  description, and use that in place of			***
+***  of their UUCP-relay.  You'll want to create your own	***
+***  domain description, and use that in place of		***
 ***  domain/Berkeley.EDU.m4.					***
 *******************************************************************
 
@@ -72,6 +35,11 @@ You must pre-load "cf.m4":
 
 	m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
 
+Alternatively, you can simply:
+
+	cd ${CFDIR}/cf
+	./Build config.cf
+
 where ${CFDIR} is the root of the cf directory and config.mc is the
 name of your configuration file.  If you are running a version of M4
 that understands the __file__ builtin (versions of GNU m4 >= 0.75 do
@@ -86,7 +54,8 @@ Let's examine a typical .mc file:
 
 	divert(-1)
 	#
-	# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+	# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+	#	All rights reserved.
 	# Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 	# Copyright (c) 1988, 1993
 	#	The Regents of the University of California.  All rights reserved.
@@ -109,17 +78,17 @@ Let's examine a typical .mc file:
 
 The divert(-1) will delete the crud in the resulting output file.
 The copyright notice can be replaced by whatever your lawyers require;
-our lawyers require the one that I've included in my files.  A copyleft
+our lawyers require the one that is included in these files.  A copyleft
 is a copyright by another name.  The divert(0) restores regular output.
 
 	VERSIONID(`<SCCS or RCS version id>')
 
 VERSIONID is a macro that stuffs the version information into the
-resulting file.  We use SCCS; you could use RCS, something else, or
+resulting file.  You could use SCCS, RCS, CVS, something else, or
 omit it completely.  This is not the same as the version id included
 in SMTP greeting messages -- this is defined in m4/version.m4.
 
-	OSTYPE(hpux9)dnl
+	OSTYPE(`hpux9')dnl
 
 You must specify an OSTYPE to properly configure things such as the
 pathname of the help and status files, the flags needed for the local
@@ -127,21 +96,21 @@ mailer, and other important things.  If you omit it, you will get an
 error when you try to build the configuration.  Look at the ostype
 directory for the list of known operating system types.
 
-	DOMAIN(CS.Berkeley.EDU)dnl
+	DOMAIN(`CS.Berkeley.EDU')dnl
 
 This example is specific to the Computer Science Division at Berkeley.
-You can use "DOMAIN(generic)" to get a sufficiently bland definition
+You can use "DOMAIN(`generic')" to get a sufficiently bland definition
 that may well work for you, or you can create a customized domain
 definition appropriate for your environment.
 
-	MAILER(local)
-	MAILER(smtp)
+	MAILER(`local')
+	MAILER(`smtp')
 
-These describe the mailers used at the default CS site site.  The
+These describe the mailers used at the default CS site.  The
 local mailer is always included automatically.  Beware: MAILER
 declarations should always be at the end of the configuration file,
-and MAILER(smtp) should always precede MAILER(uucp).  The general
-rules are that the order should be:
+and MAILER(`smtp') should always precede MAILER(`procmail'), and
+MAILER(`uucp').  The general rules are that the order should be:
 
 	VERSIONID
 	OSTYPE
@@ -149,7 +118,13 @@ rules are that the order should be:
 	FEATURE
 	local macro definitions
 	MAILER
-	LOCAL_RULESET_*
+	LOCAL_RULE_*
+	LOCAL_RULESETS
+
+There are a few exceptions to this rule.  Local macro definitions which
+influence a FEATURE() should be done before that feature.  For example,
+a define(`PROCMAIL_MAILER_PATH', ...) should be done before
+FEATURE(`local_procmail').
 
 
 +----------------------------+
@@ -174,9 +149,9 @@ one normally quotes both values to prevent expansion.  For example,
 One word of warning:  M4 macros are expanded even in lines that appear
 to be comments.  For example, if you have
 
-	# See FEATURE(foo) above
+	# See FEATURE(`foo') above
 
-it will not do what you expect, because the FEATURE(foo) will be
+it will not do what you expect, because the FEATURE(`foo') will be
 expanded.  This also applies to
 
 	# And then define the $X macro to be the return address
@@ -190,10 +165,61 @@ them with directed quotes, `like this'.
 
 sendmail 8.9 has introduced a new configuration directory for sendmail
 related files, /etc/mail.  The new files available for sendmail 8.9 --
-the class 'R' /etc/mail/relay-domains and the access database
-/etc/mail/access -- take advantage of this new directory.  8.9 will
-serve as a transition release.  Beginning with 8.10, all of the files
-will use this directory by default.
+the class {R} /etc/mail/relay-domains and the access database
+/etc/mail/access -- take advantage of this new directory.  Beginning with
+8.10, all files will use this directory by default (some options may be
+set by OSTYPE() files).  This new directory should help to restore
+uniformity to sendmail's file locations.
+
+Below is a table of some of the common changes:
+
+Old filename			New filename
+------------			------------
+/etc/bitdomain			/etc/mail/bitdomain
+/etc/domaintable		/etc/mail/domaintable
+/etc/genericstable		/etc/mail/genericstable
+/etc/uudomain			/etc/mail/uudomain
+/etc/virtusertable		/etc/mail/virtusertable
+/etc/userdb			/etc/mail/userdb
+
+/etc/aliases			/etc/mail/aliases
+/etc/sendmail/aliases		/etc/mail/aliases
+/etc/ucbmail/aliases		/etc/mail/aliases
+/usr/adm/sendmail/aliases	/etc/mail/aliases
+/usr/lib/aliases		/etc/mail/aliases
+/usr/lib/mail/aliases		/etc/mail/aliases
+/usr/ucblib/aliases		/etc/mail/aliases
+
+/etc/sendmail.cw		/etc/mail/local-host-names
+/etc/mail/sendmail.cw		/etc/mail/local-host-names
+/etc/sendmail/sendmail.cw	/etc/mail/local-host-names
+
+/etc/sendmail.ct		/etc/mail/trusted-users
+
+/etc/sendmail.oE		/etc/mail/error-header
+
+/etc/sendmail.hf		/etc/mail/helpfile
+/etc/mail/sendmail.hf		/etc/mail/helpfile
+/usr/ucblib/sendmail.hf		/etc/mail/helpfile
+/etc/ucbmail/sendmail.hf	/etc/mail/helpfile
+/usr/lib/sendmail.hf		/etc/mail/helpfile
+/usr/share/lib/sendmail.hf	/etc/mail/helpfile
+/usr/share/misc/sendmail.hf	/etc/mail/helpfile
+/share/misc/sendmail.hf		/etc/mail/helpfile
+
+/etc/service.switch		/etc/mail/service.switch
+
+/etc/sendmail.st		/etc/mail/statistics
+/etc/mail/sendmail.st		/etc/mail/statistics
+/etc/mailer/sendmail.st		/etc/mail/statistics
+/etc/sendmail/sendmail.st	/etc/mail/statistics
+/usr/lib/sendmail.st		/etc/mail/statistics
+/usr/ucblib/sendmail.st		/etc/mail/statistics
+
+Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR
+to create the pathnames.  The default value of this variable is
+`/etc/mail/'.  If you set this macro to a different value, you MUST include
+a trailing slash.
 
 +--------+
 | OSTYPE |
@@ -215,31 +241,46 @@ empty).  Unfortunately, the list of configuration-supported systems is
 not as broad as the list of source-supported systems, since many of
 the source contributors do not include corresponding ostype files.
 
-ALIAS_FILE		[/etc/aliases] The location of the text version
+ALIAS_FILE		[/etc/mail/aliases] The location of the text version
 			of the alias file(s).  It can be a comma-separated
 			list of names (but be sure you quote values with
 			commas in them -- for example, use
 				define(`ALIAS_FILE', `a,b')
 			to get "a" and "b" both listed as alias files;
 			otherwise the define() primitive only sees "a").
-HELP_FILE		[/usr/lib/sendmail.hf] The name of the file
+HELP_FILE		[/etc/mail/helpfile] The name of the file
 			containing information printed in response to
 			the SMTP HELP command.
 QUEUE_DIR		[/var/spool/mqueue] The directory containing
-			queue files.
-STATUS_FILE		[/etc/sendmail.st] The file containing status
+			queue files.  To use multiple queues, supply
+			a value ending with an asterisk.  For
+			example, /var/spool/mqueue/q* will use all of the
+			directories or symbolic links to directories
+			beginning with 'q' in /var/spool/mqueue as queue
+			directories.  The names 'qf', 'df', and 'xf' are
+			used as specific subdirectories for the corresponding
+			queue file types.
+STATUS_FILE		[/etc/mail/statistics] The file containing status
 			information.
 LOCAL_MAILER_PATH	[/bin/mail] The program used to deliver local mail.
-LOCAL_MAILER_FLAGS	[rmn9] The flags used by the local mailer.  The
-			flags lsDFM are always included.
+LOCAL_MAILER_FLAGS	[Prmn9] The flags used by the local mailer.  The
+			flags lsDFMAw5:/|@q are always included.
 LOCAL_MAILER_ARGS	[mail -d $u] The arguments passed to deliver local
 			mail.
 LOCAL_MAILER_MAX	[undefined] If defined, the maximum size of local
 			mail that you are willing to accept.
+LOCAL_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
+			messages to deliver in a single connection.  Only
+			useful for LMTP local mailers.
 LOCAL_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
 			that ARRIVE from an address that resolves to the
 			local mailer and which are converted to MIME will be
 			labeled with this character set.
+LOCAL_MAILER_EOL	[undefined] If defined, the string to use as the
+			end of line for the local mailer.
+LOCAL_MAILER_DSN_DIAGNOSTIC_CODE
+			[X-Unix] The DSN Diagnostic-Code value for the
+			local mailer.  This should be changed with care.
 LOCAL_SHELL_PATH	[/bin/sh] The shell used to deliver piped email.
 LOCAL_SHELL_FLAGS	[eu9] The flags used by the shell mailer.  The
 			flags lsDFM are always included.
@@ -249,23 +290,35 @@ LOCAL_SHELL_DIR		[$z:/] The directory search path in which the
 			shell should run.
 USENET_MAILER_PATH	[/usr/lib/news/inews] The name of the program
 			used to submit news.
-USENET_MAILER_FLAGS	[rlsDFMmn] The mailer flags for the usenet mailer.
+USENET_MAILER_FLAGS	[rsDFMmn] The mailer flags for the usenet mailer.
 USENET_MAILER_ARGS	[-m -h -n] The command line arguments for the
 			usenet mailer.
 USENET_MAILER_MAX	[100000] The maximum size of messages that will
 			be accepted by the usenet mailer.
 SMTP_MAILER_FLAGS	[undefined] Flags added to SMTP mailer.  Default
-			flags are `mDFMUX' for all SMTP-based mailers; the
-			"esmtp" mailer adds `a' and "smtp8" adds `8'.
+			flags are `mDFMuX' for all SMTP-based mailers; the
+			"esmtp" mailer adds `a'; "smtp8" adds `8'; and
+			"dsmtp" adds `%'.
+RELAY_MAILER_FLAGS	[undefined] Flags added to the relay mailer.  Default
+			flags are `mDFMuX' for all SMTP-based mailers; the
+			relay mailer adds `a8'.  If this is not defined,
+			then SMTP_MAILER_FLAGS is used.
 SMTP_MAILER_MAX		[undefined] The maximum size of messages that will
-			be transported using the smtp, smtp8, or esmtp
+			be transported using the smtp, smtp8, esmtp, or dsmtp
 			mailers.
+SMTP_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
+			messages to deliver in a single connection for the
+			smtp, smtp8, esmtp, or dsmtp mailers.
 SMTP_MAILER_ARGS	[IPC $h] The arguments passed to the smtp mailer.
 			About the only reason you would want to change this
 			would be to change the default port.
 ESMTP_MAILER_ARGS	[IPC $h] The arguments passed to the esmtp mailer.
 SMTP8_MAILER_ARGS	[IPC $h] The arguments passed to the smtp8 mailer.
+DSMTP_MAILER_ARGS	[IPC $h] The arguments passed to the dsmtp mailer.
 RELAY_MAILER_ARGS	[IPC $h] The arguments passed to the relay mailer.
+RELAY_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
+			messages to deliver in a single connection for the
+			relay mailer.
 SMTP_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
 			that ARRIVE from an address that resolves to one of
 			the SMTP mailers and which are converted to MIME will
@@ -289,14 +342,14 @@ FAX_MAILER_ARGS		[mailfax $u $h $f] The arguments passed to the FAX
 FAX_MAILER_MAX		[100000] The maximum size message accepted for
 			transmission by FAX.
 POP_MAILER_PATH		[/usr/lib/mh/spop] The pathname of the POP mailer.
-POP_MAILER_FLAGS	[Penu] Flags added to POP mailer.  Flags "lsDFM"
+POP_MAILER_FLAGS	[Penu] Flags added to POP mailer.  Flags lsDFMq
 			are always added.
 POP_MAILER_ARGS		[pop $u] The arguments passed to the POP mailer.
 PROCMAIL_MAILER_PATH	[/usr/local/bin/procmail] The path to the procmail
 			program.  This is also used by
 			FEATURE(`local_procmail').
 PROCMAIL_MAILER_FLAGS	[SPhnu9] Flags added to Procmail mailer.  Flags
-			``DFM'' are always set.  This is NOT used by
+			DFM are always set.  This is NOT used by
 			FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS
 			instead.
 PROCMAIL_MAILER_ARGS	[procmail -Y -m $h $f $u] The arguments passed to
@@ -311,9 +364,10 @@ MAIL11_MAILER_ARGS	[mail11 $g $x $h $u] Arguments passed to the mail11
 			mailer.
 PH_MAILER_PATH		[/usr/local/etc/phquery] The path to the phquery
 			program.
-PH_MAILER_FLAGS		[ehmu] Flags for the phquery mailer.
+PH_MAILER_FLAGS		[ehmu] Flags for the phquery mailer.  Flags nrDFM
+			are always set.
 PH_MAILER_ARGS		[phquery -- $u] -- arguments to the phquery mailer.
-CYRUS_MAILER_FLAGS	[A5@/:|] The flags used by the cyrus mailer.  The
+CYRUS_MAILER_FLAGS	[Ah5@/:|] The flags used by the cyrus mailer.  The
 			flags lsDFMnPq are always included.
 CYRUS_MAILER_PATH	[/usr/cyrus/bin/deliver] The program used to deliver
 			cyrus mail.
@@ -323,14 +377,34 @@ CYRUS_MAILER_MAX	[undefined] If set, the maximum size message that
 			will be accepted by the cyrus mailer.
 CYRUS_MAILER_USER	[cyrus:mail] The user and group to become when
 			running the cyrus mailer.
-CYRUS_BB_MAILER_FLAGS	[undefined] The flags used by the cyrusbb
-			mailer. The flags lsDFMnP are always included.
+CYRUS_BB_MAILER_FLAGS	[u] The flags used by the cyrusbb mailer.
+			The flags lsDFMnP are always included.
 CYRUS_BB_MAILER_ARGS	[deliver -e -m $u] The arguments passed
 			to deliver cyrusbb mail.
 confEBINDIR		[/usr/libexec] The directory for executables.
 			Currently used for FEATURE(`local_lmtp') and
 			FEATURE(`smrsh').
+QPAGE_MAILER_FLAGS	[mDFMs] The flags used by the qpage mailer.
+QPAGE_MAILER_PATH	[/usr/local/bin/qpage] The program used to deliver
+			qpage mail.
+QPAGE_MAILER_ARGS	[qpage -l0 -m -P$u] The arguments passed
+			to deliver qpage mail.
+QPAGE_MAILER_MAX	[4096] If set, the maximum size message that
+			will be accepted by the qpage mailer.
+
+Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS:
+MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part of
+the macro Name_MAILER_FLAGS and change can be: flags that should
+be used directly (thus overriding the default value), or if it
+starts with `+' (`-') then those flags are added to (removed from)
+the default value.  Example:
 
+	MODIFY_MAILER_FLAGS(`LOCAL', `+e')
+
+will add the flag `e' to LOCAL_MAILER_FLAGS.
+WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS
+unconditionally, i.e., without respecting any definitions in an
+OSTYPE setting.
 
 
 +---------+
@@ -338,7 +412,7 @@ confEBINDIR		[/usr/libexec] The directory for executables.
 +---------+
 
 You will probably want to collect domain-dependent defines into one
-file, referenced by the DOMAIN macro.  For example, our Berkeley
+file, referenced by the DOMAIN macro.  For example, the Berkeley
 domain file includes definitions for several internal distinguished
 hosts:
 
@@ -360,7 +434,9 @@ LOCAL_RELAY	DEPRECATED.  The site that will handle unqualified
 		only works at small sites, and only with some user
 		agents.
 LUSER_RELAY	The site that will handle lusers -- that is, apparently
-		local names that aren't local accounts or aliases.
+		local names that aren't local accounts or aliases.  To
+		specify a local user instead of a site, set this to
+		``local:username''.
 
 Any of these can be either ``mailer:hostname'' (in which case the
 mailer is the internal mailer name, such as ``uucp-new'' and the hostname
@@ -387,10 +463,12 @@ knowledge" into one place.
 
 There are fewer mailers supported in this version than the previous
 version, owing mostly to a simpler world.  As a general rule, put the
-MAILER definitions last in your .mc file, and always put MAILER(smtp)
-before MAILER(uucp) -- several features and definitions will modify
-the definition of mailers, and the smtp mailer modifies the UUCP
-mailer.
+MAILER definitions last in your .mc file, and always put MAILER(`smtp')
+before MAILER(`uucp') and MAILER(`procmail') -- several features and
+definitions will modify the definition of mailers, and the smtp mailer
+modifies the UUCP mailer.  Moreover, MAILER(`cyrus'), MAILER(`pop'),
+MAILER(`phquery'), and MAILER(`usenet') must be defined after
+MAILER(`local').
 
 local		The local and prog mailers.  You will almost always
 		need these; the only exception is if you relay ALL
@@ -401,14 +479,14 @@ smtp		The Simple Mail Transport Protocol mailer.  This does
 		not hide hosts behind a gateway or another other
 		such hack; it assumes a world where everyone is
 		running the name server.  This file actually defines
-		four mailers: "smtp" for regular (old-style) SMTP to
+		five mailers: "smtp" for regular (old-style) SMTP to
 		other servers, "esmtp" for extended SMTP to other
 		servers, "smtp8" to do SMTP to other servers without
 		converting 8-bit data to MIME (essentially, this is
 		your statement that you know the other end is 8-bit
-		clean even if it doesn't say so), and "relay" for
-		transmission to our RELAY_HOST, LUSER_RELAY, or
-		MAILER_HUB.
+		clean even if it doesn't say so), "dsmtp" to do on
+		demand delivery, and "relay" for transmission to the
+		RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
 
 uucp		The Unix-to-Unix Copy Program mailer.  Actually, this
 		defines two mailers, "uucp-old" (a.k.a. "uucp") and
@@ -419,9 +497,9 @@ uucp		The Unix-to-Unix Copy Program mailer.  Actually, this
 		("uucp-dom" and "uucp-uudom") are also defined [warning:
 		you MUST specify MAILER(smtp) before MAILER(uucp)].  When you
 		include the uucp mailer, sendmail looks for all names in
-		the $=U class and sends them to the uucp-old mailer; all
-		names in the $=Y class are sent to uucp-new; and all
-		names in the $=Z class are sent to uucp-uudom.  Note that
+		class {U} and sends them to the uucp-old mailer; all
+		names in class {Y} are sent to uucp-new; and all
+		names in class {Z} are sent to uucp-uudom.  Note that
 		this is a function of what version of rmail runs on
 		the receiving end, and hence may be out of your control.
 		See the section below describing UUCP mailers in more
@@ -474,8 +552,11 @@ cyrus		The cyrus and cyrusbb mailers.  The cyrus mailer delivers to
 		"user+detail@local.host" syntax; it will deliver the mail to
 		the user's "detail" mailbox if the mailbox's ACL permits.
 		The cyrusbb mailer delivers to a system-wide cyrus mailbox
-		if the mailbox's ACL permits.
+		if the mailbox's ACL permits.  The cyrus mailer must be
+		defined after the local mailer.
 
+qpage		A mailer for QuickPage, a pager interface.  See
+		http://www.qpage.org/ for further information.
 
 The local mailer accepts addresses of the form "user+detail", where
 the "+detail" is not used for mailbox matching but is available
@@ -494,53 +575,86 @@ example, the .mc line:
 
 	FEATURE(`use_cw_file')
 
-tells sendmail that you want to have it read an /etc/sendmail.cw
-file to get values for class $=w.  The FEATURE may contain a single
-optional parameter -- for example:
+tells sendmail that you want to have it read an /etc/mail/local-host-names
+file to get values for class {w}.  The FEATURE may contain up to 9
+optional parameters -- for example:
 
 	FEATURE(`mailertable', `dbm /usr/lib/mailertable')
 
 The default database map type for the table features can be set with
- 
+
 	define(`DATABASE_MAP_TYPE', `dbm')
 
 which would set it to use ndbm databases.  The default is the Berkeley DB
 hash database format.  Note that you must still declare a database map type
 if you specify an argument to a FEATURE.  DATABASE_MAP_TYPE is only used
-if no argument is given for the FEATURE.
+if no argument is given for the FEATURE.  It must be specified before any
+feature that uses a map.
 
 Available features are:
 
-use_cw_file	Read the file /etc/sendmail.cw file to get alternate
-		names for this host.  This might be used if you were
-		on a host that MXed for a dynamic set of other
-		hosts.  If the set is static, just including the line
-		"Cw<name1> <name2> ..." (where the names are fully
-		qualified domain names) is probably superior.
-		The actual filename can be overridden by redefining
-		confCW_FILE.
-
-use_ct_file	Read the file /etc/sendmail.ct file to get the names
-		of users that will be ``trusted'', that is, able to
-		set their envelope from address using -f without
-		generating a warning message.
-		The actual filename can be overridden by redefining
-		confCT_FILE.
+use_cw_file	Read the file /etc/mail/local-host-names file to get
+		alternate names for this host.  This might be used if you
+		were on a host that MXed for a dynamic set of other hosts.
+		If the set is static, just including the line "Cw<name1>
+		<name2> ..." (where the names are fully qualified domain
+		names) is probably superior.  The actual filename can be
+		overridden by redefining confCW_FILE.
+
+use_ct_file	Read the file /etc/mail/trusted-users file to get the
+		names of users that will be ``trusted'', that is, able to
+		set their envelope from address using -f without generating
+		a warning message.  The actual filename can be overridden
+		by redefining confCT_FILE.
 
 redirect	Reject all mail addressed to "address.REDIRECT" with
-		a ``551 User not local; please try <address>'' message.
+		a ``551 User has moved; please try <address>'' message.
 		If this is set, you can alias people who have left
 		to their new address with ".REDIRECT" appended.
 
-nouucp		Don't do anything special with UUCP addresses at all.
-
-nocanonify	Don't pass addresses to $[ ... $] for canonification.
-		This would generally only be used by sites that only
-		act as mail gateways or which have user agents that do
-		full canonification themselves.  You may also want to
-		use "define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')" to
-		turn off the usual resolver options that do a similar
-		thing.
+nouucp		Don't route UUCP addresses.  This feature takes one
+		parameter:
+		`reject': reject addresses which have "!" in the local
+			part unless it originates from a system
+			that is allowed to relay.
+		`nospecial': don't do anything special with "!".
+		Warnings: 1. See the NOTICE in the ANTI-SPAM section.
+		2. don't remove "!" from OperatorChars if `reject' is
+		given as parameter.
+
+nocanonify	Don't pass addresses to $[ ... $] for canonification
+		by default.  It can be changed by setting the
+		DaemonPortOptions modifiers (M=).  That is,
+		FEATURE(`nocanonify') will be overridden by setting the
+		'c' flag.  Conversely, if FEATURE(`nocanonify') is not used,
+		it can be emulated by setting the 'C' flag
+		(DaemonPortOptions=Modifiers=C).  This would generally only
+		be used by sites that only act as mail gateways or which have
+		user agents that do full canonification themselves.  You may
+		also want to use
+		"define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
+		the usual resolver options that do a similar thing.
+
+		An exception list for FEATURE(`nocanonify') can be
+		specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
+		i.e., a list of domains which are nevertheless passed to
+		$[ ... $] for canonification.  This is useful to turn on
+		canonification for local domains, e.g., use
+		CANONIFY_DOMAIN(`my.domain my') to canonify addresses
+		which end in "my.domain" or "my".
+		Another way to require canonification in the local
+		domain is CANONIFY_DOMAIN(`$=m').
+
+		A trailing dot is added to addresses with more than
+		one component in it such that other features which
+		expect a trailing dot (e.g., virtusertable) will
+		still work.
+
+		If `canonify_hosts' is specified as parameter, i.e.,
+		FEATURE(`nocanonify', `canonify_hosts'), then
+		addresses which have only a hostname, e.g.,
+		<user@host>, will be canonified (and hopefully fully
+		qualified), too.
 
 stickyhost	If set, email sent to "user@local.host" are marked
 		as "sticky" -- that is, the local addresses aren't
@@ -552,16 +666,18 @@ stickyhost	If set, email sent to "user@local.host" are marked
 		turn this off.
 
 mailertable	Include a "mailer table" which can be used to override
-		routing for particular domains.  The argument of the
-		FEATURE may be the key definition.  If none is specified,
-		the definition used is:
+		routing for particular domains (which are not in class {w},
+		i.e.  local host names).  The argument of the FEATURE may be
+		the key definition.  If none is specified, the definition
+		used is:
 
-			hash -o /etc/mailertable
+			hash /etc/mail/mailertable
 
 		Keys in this database are fully qualified domain names
 		or partial domains preceded by a dot -- for example,
-		"vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU".
-		Values must be of the form:
+		"vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU".  As a
+		special case of the latter, "." matches any domain not
+		covered by other keys.  Values must be of the form:
 			mailer:domain
 		where "mailer" is the internal mailer name, and "domain"
 		is where to send the message.  These maps are not
@@ -573,8 +689,10 @@ mailertable	Include a "mailer table" which can be used to override
 		will forward to the original user in the e-mail address
 		using the local mailer, and
 			error:code message
-		will give an error message with the indicated code and
-		message.
+			error:D.S.N:code message
+		will give an error message with the indicated SMTP reply
+		code and message, where D.S.N is an RFC 1893 compliant
+		error code.
 
 domaintable	Include a "domain table" which can be used to provide
 		domain name mapping.  Use of this should really be
@@ -584,7 +702,7 @@ domaintable	Include a "domain table" which can be used to provide
 		FEATURE may be the key definition.  If none is specified,
 		the definition used is:
 
-			hash -o /etc/domaintable
+			hash /etc/mail/domaintable
 
 		The key in this table is the domain name; the value is
 		the new (fully qualified) domain.  Anything in the
@@ -597,7 +715,7 @@ bitdomain	Look up bitnet hosts in a table to try to turn them into
 		The argument of the FEATURE may be the key definition; if
 		none is specified, the definition used is:
 
-			hash -o /etc/bitdomain.db
+			hash /etc/mail/bitdomain
 
 		Keys are the bitnet hostname; values are the corresponding
 		internet hostname.
@@ -605,7 +723,7 @@ bitdomain	Look up bitnet hosts in a table to try to turn them into
 uucpdomain	Similar feature for UUCP hosts.  The default map definition
 		is:
 
-			hash -o /etc/uudomain.db
+			hash /etc/mail/uudomain
 
 		At the moment there is no automagic tool to build this
 		database.
@@ -631,13 +749,14 @@ allmasquerade	If masquerading is enabled (using MASQUERADE_AS), this
 		local entries.
 
 limited_masquerade
-		Normally, any hosts listed in $=w are masqueraded.  If this
-		feature is given, only the hosts listed in $=M are masqueraded.
-		This is useful if you have several domains with disjoint
-		namespaces hosted on the same machine.
+		Normally, any hosts listed in class {w} are masqueraded.  If
+		this feature is given, only the hosts listed in class {M} (see
+		below:  MASQUERADE_DOMAIN) are masqueraded.  This is useful
+		if you have several domains with disjoint namespaces hosted
+		on the same machine.
 
 masquerade_entire_domain
-		If masquerading is enabled (using MASQUERADE_AS) and 
+		If masquerading is enabled (using MASQUERADE_AS) and
 		MASQUERADE_DOMAIN (see below) is set, this feature will
 		cause addresses to be rewritten such that the masquerading
 		domains are actually entire domains to be hidden.  All
@@ -645,9 +764,9 @@ masquerade_entire_domain
 		to the masquerade name (used in MASQUERADE_AS).  For example,
 		if you have:
 
-			MASQUERADE_AS(masq.com)
-			MASQUERADE_DOMAIN(foo.org)
-			MASQUERADE_DOMAIN(bar.com)
+			MASQUERADE_AS(`masq.com')
+			MASQUERADE_DOMAIN(`foo.org')
+			MASQUERADE_DOMAIN(`bar.com')
 
 		then *foo.org and *bar.com are converted to masq.com.  Without
 		this feature, only foo.org and bar.com are masqueraded.
@@ -655,32 +774,45 @@ masquerade_entire_domain
 		    NOTE: only domains within your jurisdiction and
 		    current hierarchy should be masqueraded using this.
 
-genericstable	This feature will cause certain addresses originating locally
-		(i.e. that are unqualified) or a domain listed in $=G to be
-		looked up in a map and turned into another ("generic") form,
-		which can change both the domain name and the user name.  This
-		is similar to the userdb functionality.  The same types of
-		addresses as for masquerading are looked up, i.e. only header
+genericstable	This feature will cause unqualified addresses (i.e., without
+		a domain) and addresses with a domain listed in class {G}
+		to be looked up in a map and turned into another ("generic")
+		form, which can change both the domain name and the user name.
+		This is similar to the userdb functionality.  The same types of
+		addresses as for masquerading are looked up, i.e., only header
 		sender addresses unless the allmasquerade and/or
 		masquerade_envelope features are given.  Qualified addresses
-		must have the domain part in the list of names given by the
-		by the macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE
-		(analogously to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE,
-		see below).
+		must have the domain part in class {G}; entries can
+		be added to this class by the macros GENERICS_DOMAIN or
+		GENERICS_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
+		MASQUERADE_DOMAIN_FILE, see below).
 
 		The argument of FEATURE(`genericstable') may be the map
 		definition; the default map definition is:
 
-			hash -o /etc/genericstable
+			hash /etc/mail/genericstable
 
-		The key for this table is either the full address or the
-		unqualified username (the former is tried first); the
-		value is the new user address.  If the new user address does
-		not include a domain, it will be qualified in the standard
-		manner, i.e. using $j or the masquerade name.  Note that the
+		The key for this table is either the full address, the domain
+		(with a leading @; the localpart is passed as first argument)
+		or the unqualified username (tried in the order mentioned);
+		the value is the new user address.  If the new user address
+		does not include a domain, it will be qualified in the standard
+		manner, i.e., using $j or the masquerade name.  Note that the
 		address being looked up must be fully qualified.  For local
 		mail, it is necessary to use FEATURE(`always_add_domain')
 		for the addresses to be qualified.
+		The "+detail" of an address is passed as %1, so entries like
+
+			old+*@foo.org	new+%1@example.com
+			gen+*@foo.org	%1@example.com
+
+		and other forms are possible.
+
+generics_entire_domain
+		If the genericstable is enabled and GENERICS_DOMAIN or
+		GENERICS_DOMAIN_FILE is used, this feature will cause
+		addresses to be searched in the map if their domain
+		parts are subdomains of elements in class {G}.
 
 virtusertable	A domain-specific form of aliasing, allowing multiple
 		virtual domains to be hosted on one machine.  For example,
@@ -688,49 +820,83 @@ virtusertable	A domain-specific form of aliasing, allowing multiple
 
 			info@foo.com	foo-info
 			info@bar.com	bar-info
-			@baz.org	jane@elsewhere.net
+			joe@bar.com	error:nouser No such user here
+			jax@bar.com	error:D.S.N:unavailable Address invalid
+			@baz.org	jane@example.net
 
 		then mail addressed to info@foo.com will be sent to the
 		address foo-info, mail addressed to info@bar.com will be
-		delivered to bar-info, and mail addressed to anyone at
-		baz.org will be sent to jane@elsewhere.net.  The username
-		from the original address is passed as %1 allowing:
+		delivered to bar-info, and mail addressed to anyone at baz.org
+		will be sent to jane@example.net, mail to joe@bar.com will
+		be rejected with the specified error message, and mail to
+		jax@bar.com will also have a RFC 1893 compliant error code
+		D.S.N.
+
+		The username from the original address is passed
+		as %1 allowing:
 
-			@foo.org	%1@elsewhere.com
+			@foo.org	%1@example.com
 
-		meaning someone@foo.org will be sent to someone@elsewhere.com.
+		meaning someone@foo.org will be sent to someone@example.com.
+		Additionally, if the local part consists of "user+detail"
+		then "detail" is passed as %2 when a match against user+*
+		is attempted, so entries like
+
+			old+*@foo.org	new+%2@example.com
+			gen+*@foo.org	%2@example.com
+			+*@foo.org	%1+%2@example.com
+
+		and other forms are possible.  Note: to preserve "+detail"
+		for a default case (@domain) +*@domain must be used as
+		exemplified above.
 
 		All the host names on the left hand side (foo.com, bar.com,
-		and baz.org) must be in $=w.  The default map definition is:
+		and baz.org) must be in class {w} or class {VirtHost}, the
+		latter can be defined by the macros VIRTUSER_DOMAIN or
+		VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
+		MASQUERADE_DOMAIN_FILE, see below).  If VIRTUSER_DOMAIN or
+		VIRTUSER_DOMAIN_FILE is used, then the entries of class
+		{VirtHost} are added to class {R}, i.e., relaying is allowed
+		to (and from) those domains.  The default map definition is:
 
-			hash -o /etc/virtusertable
+			hash /etc/mail/virtusertable
 
 		A new definition can be specified as the second argument of
 		the FEATURE macro, such as
 
-			FEATURE(`virtusertable', `dbm -o /etc/mail/virtusers')
+			FEATURE(`virtusertable', `dbm /etc/mail/virtusers')
+
+virtuser_entire_domain
+		If the virtusertable is enabled and VIRTUSER_DOMAIN or
+		VIRTUSER_DOMAIN_FILE is used, this feature will cause
+		addresses to be searched in the map if their domain
+		parts are subdomains of elements in class {VirtHost}.
 
-nodns		We aren't running DNS at our site (for example,
-		we are UUCP-only connected).  It's hard to consider
+ldap_routing	Implement LDAP-based e-mail recipient routing according to
+		the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
+		This provides a method to re-route addresses with a
+		domain portion in class {LDAPRoute} to either a
+		different mail host or a different address.  Hosts can
+		be added to this class using LDAPROUTE_DOMAIN and
+		LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
+		MASQUERADE_DOMAIN_FILE, see below).
+
+		See the LDAP ROUTING section below for more information.
+
+nodns		If you aren't running DNS at your site (for example,
+		you are UUCP-only connected).  It's hard to consider
 		this a "feature", but hey, it had to go somewhere.
 		Actually, as of 8.7 this is a no-op -- remove "dns" from
 		the hosts service switch entry instead.
 
-nullclient	This is a special case -- it creates a stripped down
-		configuration file containing nothing but support for
-		forwarding all mail to a central hub via a local
-		SMTP-based network.  The argument is the name of that
-		hub.
-		
+nullclient	This is a special case -- it creates a configuration file
+		containing nothing but support for forwarding all mail to a
+		central hub via a local SMTP-based network.  The argument
+		is the name of that hub.
+
 		The only other feature that should be used in conjunction
-		with this one is "nocanonify" (this causes addresses to
-		be sent unqualified via the SMTP connection; normally
-		they are qualified with the masquerade name, which
-		defaults to the name of the hub machine).  No mailers
+		with this one is FEATURE(`nocanonify').  No mailers
 		should be defined.  No aliasing or forwarding is done.
-		Also, note that absolutely no anti-spam or anti-relaying
-		is done in a null client configuration.  More information
-		can be found in the ANTI-SPAM CONFIGURATION CONTROL section.
 
 local_lmtp	Use an LMTP capable local mailer.  The argument to this
 		feature is the pathname of an LMTP capable mailer.  By
@@ -739,16 +905,44 @@ local_lmtp	Use an LMTP capable local mailer.  The argument to this
 		LMTP capable.  The path to mail.local is set by the
 		confEBINDIR m4 variable -- making the default
 		LOCAL_MAILER_PATH /usr/libexec/mail.local.
+		WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
+		i.e., without respecting any definitions in an OSTYPE setting.
+
+local_procmail	Use procmail or another delivery agent as the local mailer.
+		The argument to this feature is the pathname of the
+		delivery agent, which defaults to PROCMAIL_MAILER_PATH.
+		Note that this does NOT use PROCMAIL_MAILER_FLAGS or
+		PROCMAIL_MAILER_ARGS for the local mailer; tweak
+		LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
+		specify the appropriate parameters.  When procmail is used,
+		the local mailer can make use of the
+		"user+indicator@local.host" syntax; normally the +indicator
+		is just tossed, but by default it is passed as the -a
+		argument to procmail.
+
+		This feature can take up to three arguments:
 
-local_procmail	Use procmail as the local mailer.  This mailer can
-		make use of the "user+indicator@local.host" syntax;
-		normally the +indicator is just tossed, but by default
-		it is passed as the -a argument to procmail.  The
-		argument to this feature is the pathname of procmail,
-		which defaults to PROCMAIL_MAILER_PATH.  Note that this
-		does NOT use PROCMAIL_MAILER_FLAGS or PROCMAIL_MAILER_ARGS
-		for the local mailer; tweak LOCAL_MAILER_FLAGS and
-		LOCAL_MAILER_ARGS instead.
+		1. Path to the mailer program
+		   [default: /usr/local/bin/procmail]
+		2. Argument vector including name of the program
+		   [default: procmail -Y -a $h -d $u]
+		3. Flags for the mailer [default: SPfhn9]
+
+		Empty arguments cause the defaults to be taken.
+
+		For example, this allows it to use the maildrop
+		(http://www.flounder.net/~mrsam/maildrop/) mailer instead
+		by specifying:
+
+		FEATURE(`local_procmail', `/usr/local/bin/maildrop',
+		 `maildrop -d $u')
+
+		or scanmails using:
+
+		FEATURE(`local_procmail', `/usr/local/bin/scanmails')
+
+		WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
+		i.e.,  without respecting any definitions in an OSTYPE setting.
 
 bestmx_is_local	Accept mail as though locally addressed for any host that
 		lists us as the best possible MX record.  This generates
@@ -772,22 +966,23 @@ smrsh		Use the SendMail Restricted SHell (smrsh) provided
 promiscuous_relay
 		By default, the sendmail configuration files do not permit
 		mail relaying (that is, accepting mail from outside your
-		domain and sending it to another host outside your domain).
-		This option sets your site to allow mail relaying from any
-		site to any site.  In general, it is better to control the
-		relaying more carefully with the access db and the 'R'
-		class ($=R).  Domains can be added to class 'R' by the
-		macros RELAY_DOMAIN or RELAY_DOMAIN_FILE (analogously to
-		MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below).
+		local host (class {w}) and sending it to another host than
+		your local host).  This option sets your site to allow
+		mail relaying from any site to any site.  In almost all
+		cases, it is better to control relaying more carefully
+		with the access map, class {R}, or authentication.  Domains
+		can be added to class {R} by the macros RELAY_DOMAIN or
+		RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
+		MASQUERADE_DOMAIN_FILE, see below).
 
 relay_entire_domain
 		By default, only hosts listed as RELAY in the access db
 		will be allowed to relay.  This option also allows any
-		host in your domain as defined by the 'm' class ($=m).
+		host in your domain as defined by class {m}.
 
 relay_hosts_only
 		By default, names that are listed as RELAY in the access
-		db and class 'R' ($=R) are domain names, not host names.
+		db and class {R} are domain names, not host names.
 		For example, if you specify ``foo.com'', then mail to or
 		from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
 		will all be accepted for relaying.  This feature changes
@@ -808,6 +1003,17 @@ relay_based_on_MX
 		this is a problem, add entries to the access-table or use
 		FEATURE(`loose_relay_check').
 
+relay_mail_from
+		Allows relaying if the mail sender is listed as RELAY in
+		the access map.  If an optional argument `domain' is given,
+		the domain portion of the mail sender is checked too.
+		This should only be used if absolutely necessary as the
+		sender address can be easily forged.  Use of this feature
+		requires the "From:" tag be prepended to the key in the
+		access map; see the discussion of tags and
+		FEATURE(`relay_mail_from') in the section on ANTI-SPAM
+		CONFIGURATION CONTROL.
+
 relay_local_from
 		Allows relaying if the domain portion of the mail sender
 		is a local host.  This should only be used if absolutely
@@ -816,32 +1022,38 @@ relay_local_from
 		from your domain (either directly or via a routed address),
 		and you will go ahead and relay it out to arbitrary hosts
 		on the Internet.
-		
+
 accept_unqualified_senders
 		Normally, MAIL FROM: commands in the SMTP session will be
 		refused if the connection is a network connection and the
 		sender address does not include a domain name.  If your
-		setup sends local mail unqualified (i.e. MAIL FROM: <joe>),
+		setup sends local mail unqualified (i.e., MAIL FROM: <joe>),
 		you will need to use this feature to accept unqualified
-		sender addresses.
-		
+		sender addresses.  Setting the DaemonPortOptions modifier
+		'u' overrides the default behavior, i.e., unqualified
+		addresses are accepted even without this FEATURE.
+		If this FEATURE is not used, the DaemonPortOptions modifier
+		'f' can be used to enforce fully qualified addresses.
+
 accept_unresolvable_domains
 		Normally, MAIL FROM: commands in the SMTP session will be
-		refused if the host part of the argument to MAIL FROM: cannot
-		be located in the host name service (e.g., DNS).  If you are
-		inside a firewall that has only a limited view of the
-		Internet host name space, this could cause problems.  In this
-		case you probably want to use this feature to accept all
-		domains on input, even if they are unresolvable.
+		refused if the host part of the argument to MAIL FROM:
+		cannot be located in the host name service (e.g., an A or
+		MX record in DNS).  If you are inside a firewall that has
+		only a limited view of the Internet host name space, this
+		could cause problems.  In this case you probably want to
+		use this feature to accept all domains on input, even if
+		they are unresolvable.
 
 access_db	Turns on the access database feature.  The access db gives
 		you the ability to allow or refuse to accept mail from
 		specified domains for administrative reasons.  By default,
 		the access database specification is:
 
-			hash -o /etc/mail/access
+			hash /etc/mail/access
 
-		The format of the database is described below.
+		The format of the database is described in the anti-spam
+		configuration control section later in this document.
 
 blacklist_recipients
 		Turns on the ability to block incoming mail for certain
@@ -849,21 +1061,38 @@ blacklist_recipients
 		example, you can block incoming mail to user nobody,
 		host foo.mydomain.com, or guest@bar.mydomain.com.
 		These specifications are put in the access db as
-		described below.
-
-rbl		Turns on rejection of hosts found in the Realtime Blackhole
-		List.  If an argument is provided it is used as the
-                name sever to contact; otherwise, the main RBL server at
-		rbl.maps.vix.com is used.  For details, see
+		described in the anti-spam configuration control section
+		later in this document.
+
+rbl		This feature is deprecated! Please use dnsbl instead.
+		Turns on rejection of hosts found in the Realtime Blackhole
+		List.  If an argument is provided it is used as the domain
+		in which blocked hosts are listed; otherwise, the main
+		RBL domain rbl.maps.vix.com is used.  For details, see
 		http://maps.vix.com/rbl/.
 
+dnsbl		Turns on rejection of hosts found in an DNS based rejection
+		list.  If an argument is provided it is used as the domain
+		in which blocked hosts are listed; otherwise it defaults to
+		rbl.maps.vix.com.  An explanation for an DNS based rejection
+		list can be found http://maps.vix.com/rbl/.  A second argument
+		can be used to change the default error message of
+		Mail from $&{client_addr} refused by blackhole site SERVER
+		where SERVER is replaced by the first argument.  This feature
+		can be included several times to query different DNS based
+		rejection lists.
+
 loose_relay_check
-		Normally, if a recipient using % addressing is used, e.g.
-		user%site@othersite, and othersite is in class 'R', the
+		Normally, if % addressing is used for a recipient, e.g.
+		user%site@othersite, and othersite is in class {R}, the
 		check_rcpt ruleset will strip @othersite and recheck
 		user@site for relaying.  This feature changes that
 		behavior.  It should not be needed for most installations.
 
+no_default_msa	Don't generate the default MSA daemon, i.e.,
+		DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
+		To define a MSA daemon with other parameters, use this
+		FEATURE and introduce new settings via DAEMON_OPTIONS().
 
 +-------+
 | HACKS |
@@ -874,7 +1103,7 @@ they go in the hack subdirectory and are referenced using the HACK
 macro.  These will tend to be site-dependent.  The release
 includes the Berkeley-dependent "cssubdomain" hack (that makes
 sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU;
-this is intended as a short-term aid while we move hosts into
+this is intended as a short-term aid while moving hosts into
 subdomains.
 
 
@@ -894,54 +1123,40 @@ Complex sites will need more local configuration information, such as
 lists of UUCP hosts they speak with directly.  This can get a bit more
 tricky.  For an example of a "complex" site, see cf/ucbvax.mc.
 
-If your host is known by several different names, you need to augment
-the $=w class.  This is a list of names by which you are known, and
-anything sent to an address using a host name in this list will be
-treated as local mail.  You can do this in two ways: either create
-the file /etc/sendmail.cw containing a list of your aliases (one per
-line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add the
-line:
-
-	Cw alias.host.name
-
-at the end of that file.  See the ``vangogh.mc'' file for an example.
-Be sure you use the fully-qualified name of the host, rather than a
-short name.
-
 The SITECONFIG macro allows you to indirectly reference site-dependent
 configuration information stored in the siteconfig subdirectory.  For
 example, the line
 
-	SITECONFIG(uucp.ucbvax, ucbvax, U)
+	SITECONFIG(`uucp.ucbvax', `ucbvax', `U')
 
 reads the file uucp.ucbvax for local connection information.  The
 second parameter is the local name (in this case just "ucbvax" since
 it is locally connected, and hence a UUCP hostname).  The third
 parameter is the name of both a macro to store the local name (in
-this case, $U) and the name of the class (e.g., $=U) in which to store
+this case, {U}) and the name of the class (e.g., {U}) in which to store
 the host information read from the file.  Another SITECONFIG line reads
 
-	SITECONFIG(uucp.ucbarpa, ucbarpa.Berkeley.EDU, W)
+	SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W')
 
 This says that the file uucp.ucbarpa contains the list of UUCP sites
-connected to ucbarpa.Berkeley.EDU.  The $=W class will be used to
+connected to ucbarpa.Berkeley.EDU.  Class {W} will be used to
 store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that
 is, the name of the relay to which the hosts listed in uucp.ucbarpa
-are connected.  [The machine ucbarpa is gone now, but I've left
-this out-of-date configuration file around to demonstrate how you
-might do this.]
+are connected.  [The machine ucbarpa is gone now, but this
+out-of-date configuration file has been left around to demonstrate
+how you might do this.]
 
 Note that the case of SITECONFIG with a third parameter of ``U'' is
 special; the second parameter is assumed to be the UUCP name of the
 local site, rather than the name of a remote site, and the UUCP name
-is entered into $=w (the list of local hostnames) as $U.UUCP.
+is entered into class {w} (the list of local hostnames) as $U.UUCP.
 
 The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing
 more than a sequence of SITE macros describing connectivity.  For
 example:
 
-	SITE(cnmat)
-	SITE(sgi olympus)
+	SITE(`cnmat')
+	SITE(`sgi olympus')
 
 The second example demonstrates that you can use two names on the
 same line; these are usually aliases for the same host (or are at
@@ -990,7 +1205,7 @@ The four mailers are:
     uucp-dom
 	This UUCP mailer keeps everything as domain addresses.
 	Basically, it uses the SMTP mailer rewriting rules.  This mailer
-	is only included if MAILER(smtp) is also specified.
+	is only included if MAILER(`smtp') is also specified.
 
 	Unfortunately, a lot of UUCP mailer transport agents require
 	bangified addresses in the envelope, although you can use
@@ -1004,13 +1219,13 @@ The four mailers are:
 	local hostname, unless there is no host name on the address
 	at all (e.g., "wolf") or the host component is a UUCP host name
 	instead of a domain name ("somehost!wolf" instead of
-	"some.dom.ain!wolf").  This is also included only if MAILER(smtp)
+	"some.dom.ain!wolf").  This is also included only if MAILER(`smtp')
 	is also specified.
 
 Examples:
 
-We are on host grasp.insa-lyon.fr (UUCP host name "grasp").  The
-following summarizes the sender rewriting for various mailers.
+On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
+summarizes the sender rewriting for various mailers.
 
 Mailer          sender		rewriting in the envelope
 ------		------		-------------------------
@@ -1048,8 +1263,8 @@ A common use is to convert old UUCP addresses to SMTP addresses using
 the UUCPSMTP macro.  For example:
 
 	LOCAL_RULE_3
-	UUCPSMTP(decvax,	decvax.dec.com)
-	UUCPSMTP(research,	research.att.com)
+	UUCPSMTP(`decvax',	`decvax.dec.com')
+	UUCPSMTP(`research',	`research.att.com')
 
 will cause addresses of the form "decvax!user" and "research!user"
 to be converted to "user@decvax.dec.com" and "user@research.att.com"
@@ -1077,11 +1292,12 @@ You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
 These rulesets are normally empty.
 
 A similar macro is LOCAL_CONFIG.  This introduces lines added after the
-boilerplate option setting but before rulesets, and can be used to
-declare local database maps or whatever.  For example:
+boilerplate option setting but before rulesets.  Do not declare rulesets in
+the LOCAL_CONFIG section.  It can be used to declare local database maps or
+whatever.  For example:
 
 	LOCAL_CONFIG
-	Khostmap hash /etc/hostmap.db
+	Khostmap hash /etc/mail/hostmap
 	Kyplocal nis -m hosts.byname
 
 
@@ -1091,14 +1307,15 @@ declare local database maps or whatever.  For example:
 
 You can have your host masquerade as another using
 
-	MASQUERADE_AS(host.domain)
+	MASQUERADE_AS(`host.domain')
 
 This causes mail being sent to be labeled as coming from the
 indicated host.domain, rather than $j.  One normally masquerades as
-one of one's own subdomains (for example, it's unlikely that I would
-choose to masquerade as an MIT site).  This behaviour is modified by
-a plethora of FEATUREs; in particular, see masquerade_envelope,
-allmasquerade, limited_masquerade, and masquerade_entire_domain.
+one of one's own subdomains (for example, it's unlikely that
+Berkeley would choose to masquerade as an MIT site).  This
+behaviour is modified by a plethora of FEATUREs; in particular, see
+masquerade_envelope, allmasquerade, limited_masquerade, and
+masquerade_entire_domain.
 
 The masquerade name is not normally canonified, so it is important
 that it be your One True Name, that is, fully qualified and not a
@@ -1106,10 +1323,11 @@ CNAME.  However, if you use a CNAME, the receiving side may canonify
 it for you, so don't think you can cheat CNAME mapping this way.
 
 Normally the only addresses that are masqueraded are those that come
-from this host (that is, are either unqualified or in $=w, the list
-of local domain names).  You can augment this list using
+from this host (that is, are either unqualified or in class {w}, the list
+of local domain names).  You can augment this list, which is realized
+by class {M} using
 
-	MASQUERADE_DOMAIN(otherhost.domain)
+	MASQUERADE_DOMAIN(`otherhost.domain')
 
 The effect of this is that although mail to user@otherhost.domain
 will not be delivered locally, any mail including any user@otherhost.domain
@@ -1118,9 +1336,17 @@ This can be a space-separated list of names.
 
 If these names are in a file, you can use
 
-	MASQUERADE_DOMAIN_FILE(filename)
+	MASQUERADE_DOMAIN_FILE(`filename')
 
-to read the list of names from the indicated file.
+to read the list of names from the indicated file (i.e., to add
+elements to class {M}).
+
+To exempt hosts or subdomains from being masqueraded, you can use
+
+	MASQUERADE_EXCEPTION(`host.domain')
+
+This can come handy if you want to masquerade a whole domain
+except for one (or a few) host(s).
 
 Normally only header addresses are masqueraded.  If you want to
 masquerade the envelope as well, use
@@ -1129,13 +1355,14 @@ masquerade the envelope as well, use
 
 There are always users that need to be "exposed" -- that is, their
 internal site name should be displayed instead of the masquerade name.
-Root is an example.  You can add users to this list using
+Root is an example (which has been "exposed" by default prior to 8.10).
+You can add users to this list using
 
-	EXPOSED_USER(usernames)
+	EXPOSED_USER(`usernames')
 
-This adds users to class E; you could also use something like
+This adds users to class {E}; you could also use something like
 
-	FE/etc/sendmail.cE
+	FE/etc/mail/exposed-users
 
 You can also arrange to relay all unqualified names (that is, names
 without @host) to a relay host.  For example, if you have a central
@@ -1149,11 +1376,11 @@ The ``mailer:'' can be omitted, in which case the mailer defaults to
 because of local aliases.  A common example is root, which may be
 locally aliased.  You can add entries to this list using
 
-	LOCAL_USER(usernames)
+	LOCAL_USER(`usernames')
 
-This adds users to class L; you could also use something like
+This adds users to class {L}; you could also use something like
 
-	FL/etc/sendmail.cL
+	FL/etc/mail/local-users
 
 If you want all incoming mail sent to a centralized hub, as for a
 shared /var/spool/mail scheme, use
@@ -1163,7 +1390,9 @@ shared /var/spool/mail scheme, use
 Again, ``mailer:'' defaults to "relay".  If you define both LOCAL_RELAY
 and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will
 be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
-Names in $=L will be delivered locally, so you MUST have aliases or
+Note: there is a (long standing) bug which keeps this combination from
+working for addresses of the form user+detail.
+Names in class {L} will be delivered locally, so you MUST have aliases or
 .forward files for them.
 
 For example, if you are on machine mastodon.CS.Berkeley.EDU and you have
@@ -1190,7 +1419,9 @@ SMART_HOST as well.  Briefly:
 	LOCAL_RELAY applies to unqualified names (e.g., "eric").
 	MAIL_HUB applies to names qualified with the name of the
 		local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
-	SMART_HOST applies to names qualified with other hosts.
+	SMART_HOST applies to names qualified with other hosts or
+		bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU"
+		or "eric@[127.0.0.1]").
 
 However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
 DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
@@ -1205,6 +1436,124 @@ specified with a terminal dot:
 	      note the trailing dot ---^
 
 
++--------------+
+| LDAP ROUTING |
++--------------+
+
+FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft
+LDAP Schema for Intranet Mail Routing
+(draft-lachman-laser-ldap-mail-routing-01).  This feature enables
+LDAP-based rerouting of a particular address to either a different host
+or a different address.  The LDAP lookup is first attempted on the full
+address (e.g., user@example.com) and then on the domain portion
+(e.g., @example.com).  Be sure to setup your domain for LDAP routing using
+LDAPROUTE_DOMAIN(), e.g.:
+
+	LDAPROUTE_DOMAIN(`example.com')
+
+By default, the feature will use the schemas as specified in the draft
+and will not reject addresses not found by the LDAP lookup.  However,
+this behavior can be changed by giving additional arguments to the FEATURE()
+command:
+
+	FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>)
+
+where <mailHost> is a map definition describing how to lookup an alternative
+mail host for a particular address; <mailRoutingAddress> is a map definition
+describing how to lookup an alternative address for a particular address; and
+the <bounce> argument, if present and not the word "passthru", dictates
+that mail should be bounced if neither a mailHost nor mailRoutingAddress
+is found.
+
+The default <mailHost> map definition is:
+
+	ldap -1 -v mailHost -k (&(objectClass=inetLocalMailRecipient)
+				 (mailLocalAddress=%0))
+
+The default <mailRoutingAddress> map definition is:
+
+	ldap -1 -v mailRoutingAddress -k (&(objectClass=inetLocalMailRecipient)
+					   (mailLocalAddress=%0))
+
+Note that neither includes the LDAP server hostname (-h server) or base DN
+(-b o=org,c=COUNTRY), both necessary for LDAP queries.  It is presumed that
+your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with
+these settings.  If this is not the case, the map definitions should be
+changed as described above.
+
+The following possibilities exist as a result of an LDAP lookup on an
+address:
+
+	mailHost is	mailRoutingAddress is	Results in
+	-----------	---------------------	----------
+	set to a	set			mail delivered to
+	"local" host				mailRoutingAddress
+
+	set to a	not set			delivered to
+	"local" host				original address
+
+	set to a	set			mailRoutingAddress
+	remote host				relayed to mailHost
+
+	set to a	not set			original address
+	remote host				relayed to mailHost
+
+	not set		set			mail delivered to
+						mailRoutingAddress
+
+	not set		not set			delivered to
+						original address *OR*
+						bounced as unknown user
+
+The term "local" host above means the host specified is in class {w}.
+Note that the last case depends on whether the third argument is given
+to the FEATURE() command.  The default is to deliver the message to the
+original address.
+
+The LDAP entries should be set up with an objectClass of
+inetLocalMailRecipient and the address be listed in a mailLocalAddress
+attribute.  If present, there must be only one mailHost attribute and it
+must contain a fully qualified host name as its value.  Similarly, if
+present, there must be only one mailRoutingAddress attribute and it must
+contain an RFC 822 compliant address.  Some example LDAP records (in ldif
+format):
+
+	dn: uid=tom, o=example.com, c=US
+	objectClass: inetLocalMailRecipient
+	mailLocalAddress: tom@example.com
+	mailRoutingAddress: thomas@mailhost.example.com
+
+This would deliver mail for tom@example.com to thomas@mailhost.example.com.
+
+	dn: uid=dick, o=example.com, c=US
+	objectClass: inetLocalMailRecipient
+	mailLocalAddress: dick@example.com
+	mailHost: eng.example.com
+
+This would relay mail for dick@example.com to the same address but redirect
+the mail to MX records listed for the host eng.example.com.
+
+	dn: uid=harry, o=example.com, c=US
+	objectClass: inetLocalMailRecipient
+	mailLocalAddress: harry@example.com
+	mailHost: mktmail.example.com
+	mailRoutingAddress: harry@mkt.example.com
+
+This would relay mail for harry@example.com to the MX records listed for
+the host mktmail.example.com using the new address harry@mkt.example.com
+when talking to that host.
+
+	dn: uid=virtual.example.com, o=example.com, c=US
+	objectClass: inetLocalMailRecipient
+	mailLocalAddress: @virtual.example.com
+	mailHost: server.example.com
+	mailRoutingAddress: virtual@example.com
+
+This would send all mail destined for any username @virtual.example.com to
+the machine server.example.com's MX servers and deliver to the address
+virtual@example.com on that relay machine.
+
+
 +---------------------------------+
 | ANTI-SPAM CONFIGURATION CONTROL |
 +---------------------------------+
@@ -1216,20 +1565,26 @@ The primary anti-spam features available in sendmail are:
 * Access database.
 * Header checks.
 
-Relaying (transmission of messages from a site outside your domain to
-another site outside your domain) is denied by default.  Note that
-this changed in sendmail 8.9; previous versions allowed relaying by
-default.  If you want to revert to the old behaviour, you will need
-to use FEATURE(`promiscuous_relay').  You can allow certain domains to
-relay through your server by adding their domain name or IP address to
-class 'R' ($=R) using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the
-access database (described below).
+Relaying (transmission of messages from a site outside your host (class
+{w}) to another site except yours) is denied by default.  Note that this
+changed in sendmail 8.9; previous versions allowed relaying by default.
+If you really want to revert to the old behaviour, you will need to use
+FEATURE(`promiscuous_relay').  You can allow certain domains to relay
+through your server by adding their domain name or IP address to class
+{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
+(described below).  The file consists (like any other file based class)
+of entries listed on separate lines, e.g.,
+
+	sendmail.org
+	128.32
+	1:2:3:4:5:6:7
+	host.mydomain.com
 
 If you use
 
 	FEATURE(`relay_entire_domain')
 
-then any host in any of your local domains (that is, the $=m class)
+then any host in any of your local domains (that is, class {m})
 will be relayed (that is, you will accept mail either to or from any
 host in your domain).
 
@@ -1253,11 +1608,21 @@ MAIL FROM: <user@domain>) domain which is a local domain.  This a
 dangerous feature as it will allow spammers to spam using your mail
 server by simply specifying a return address of user@your.domain.com.
 It should not be used unless absolutely necessary.
+A slightly better solution is
+
+	FEATURE(`relay_mail_from')
+
+which allows relaying if the mail sender is listed as RELAY in the
+access map.  If an optional argument `domain' is given, the domain
+portion of the mail sender is also checked to allowing relaying.
+This option only works together with the tag From: for the LHS of
+the access map entries (see below: Finer control...).
+
 
 If source routing is used in the recipient address (i.e.
 RCPT TO: <user%site.com@othersite.com>), sendmail will check
 user@site.com for relaying if othersite.com is an allowed relay host
-in either class 'R', class 'm' if FEATURE(`relay_entire_domain') is used,
+in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
 or the access database if FEATURE(`access_db') is used.  To prevent
 the address from being stripped down, use:
 
@@ -1268,10 +1633,22 @@ should only be used for sites which have no control over the addresses
 that they provide a gateway for.  Use this FEATURE with caution as it
 can allow spammers to relay through your server if not setup properly.
 
+NOTICE: It is possible to relay mail through a system which the anti-relay
+rules do not prevent: the case of a system that does use FEATURE(`nouucp',
+`nospecial') (system A) and relays local messages to a mail hub (e.g., via
+LOCAL_RELAY or LUSER_RELAY) (system B).  If system B doesn't use
+FEATURE(`nouucp') at all, addresses of the form
+<example.net!user@local.host> would be relayed to <user@example.net>.
+System A doesn't recognize `!' as an address separator and therefore
+forwards it to the mail hub which in turns relays it because it came from
+a trusted local host.  So if a mailserver allows UUCP (bang-format)
+addresses, all systems from which it allows relaying should do the same
+or reject those addresses.
+
 As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
 an unresolvable domain (i.e., one that DNS, your local name service,
 or special case rules in ruleset 3 cannot locate).  If you want to
-continue to accept such domains, e.g. because you are inside a
+continue to accept such domains, e.g., because you are inside a
 firewall that has only a limited view of the Internet host name space
 (note that you will not be able to return mail to them unless you have
 some "smart host" forwarder), use
@@ -1284,6 +1661,11 @@ want to continue to accept such senders, use
 
 	FEATURE(`accept_unqualified_senders')
 
+Setting the DaemonPortOptions modifier 'u' overrides the default behavior,
+i.e., unqualified addresses are accepted even without this FEATURE.  If
+this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
+to enforce fully qualified addresses.
+
 An ``access'' database can be created to accept or reject mail from
 selected domains.  For example, you may choose to reject all mail
 originating from known spammers.  To enable such a database, use
@@ -1293,7 +1675,7 @@ originating from known spammers.  To enable such a database, use
 The FEATURE macro can accept a second parameter giving the key file
 definition for the database; for example
 
-	FEATURE(`access_db', `hash -o /etc/mail/access')
+	FEATURE(`access_db', `hash /etc/mail/access')
 
 Remember, since /etc/mail/access is a database, after creating the text
 file as described below, you must use makemap to create the database
@@ -1324,33 +1706,57 @@ The value part of the map can contain:
 	REJECT		Reject the sender or recipient with a general
 			purpose message.
 	DISCARD		Discard the message completely using the
-			$#discard mailer.  This only works for sender
-			addresses (i.e., it indicates that you should
-			discard anything received from the indicated
-			domain).
+			$#discard mailer.  For sender addresses it
+			indicates that you should discard anything
+			received from the indicated domain.  If it
+			is used for recipients, it affects only
+			the designated recipients, not the whole
+			message.
 	### any text	where ### is an RFC 821 compliant error code
 			and "any text" is a message to return for
 			the command.
+	ERROR:### any text
+			as above, but useful to mark error messages as such.
+	ERROR:D.S.N:### any text
+			where D.S.N is an RFC 1893 compliant error code
+			and the rest as above.
 
 For example:
 
 	cyberspammer.com	550 We don't accept mail from spammers
 	okay.cyberspammer.com	OK
-	sendmail.org		OK
+	sendmail.org		RELAY
 	128.32			RELAY
+	1:2:3:4:5:6:7		RELAY
+	[127.0.0.3]		OK
+	[1:2:3:4:5:6:7:8]	OK
 
-would accept mail from okay.cyberspammer.com, but would reject mail
-from all other hosts at cyberspammer.com with the indicated message.
-It would allow accept mail from any hosts in the sendmail.org domain,
-and allow relaying for the 128.32.*.* network.  Note, UUCP users may
-need to add hostname.UUCP to the access database or class 'R' ($=R).
-If you also use:
+would accept mail from okay.cyberspammer.com, but would reject mail from
+all other hosts at cyberspammer.com with the indicated message.  It would
+allow relaying mail from and to any hosts in the sendmail.org domain, and
+allow relaying from the 128.32.*.* network and the IPv6 1:2:3:4:5:6:7:*
+network.  The latter two entries are for checks against ${client_name} if
+the IP address doesn't resolve to a hostname (or is considered as "may be
+forged").
+
+Warning: if you change the RFC 821 compliant error code from the default
+value of 550, then you should probably also change the RFC 1893 compliant
+error code to match it.  For example, if you use
+
+	user@example.com	450 mailbox full
+
+the error returned would be "450 4.0.0 mailbox full" which is wrong.
+Use "450 4.2.2 mailbox full" or "ERROR:4.2.2:450 mailbox full"
+instead.
+
+Note, UUCP users may need to add hostname.UUCP to the access database
+or class {R}.  If you also use:
 
 	FEATURE(`relay_hosts_only')
 
 then the above example will allow relaying for sendmail.org, but not
 hosts within the sendmail.org domain.  Note that this will also require
-hosts listed in class 'R' ($=R) to be fully qualified host names.
+hosts listed in class {R} to be fully qualified host names.
 
 You can also use the access database to block sender addresses based on
 the username portion of the address.  For example:
@@ -1368,16 +1774,19 @@ If you use:
 then you can add entries to the map for local users, hosts in your
 domains, or addresses in your domain which should not receive mail:
 
-	badlocaluser		550 Mailbox disabled for this username
+	badlocaluser@		550 Mailbox disabled for this username
 	host.mydomain.com	550 That host does not accept mail
 	user@otherhost.mydomain.com	550 Mailbox disabled for this recipient
 
 This would prevent a recipient of badlocaluser@mydomain.com, any
 user at host.mydomain.com, and the single address
-user@otherhost.mydomain.com from receiving mail.  Enabling this
-feature will keep you from sending mails to all addresses that
-have an error message or REJECT as value part in the access map.
-Taking the example from above:
+user@otherhost.mydomain.com from receiving mail.  Please note: a
+local username must be now tagged with an @ (this is consistent
+with the check of the sender address, and hence it is possible to
+distinguish between hostnames and usernames).  Enabling this feature
+will keep you from sending mails to all addresses that have an
+error message or REJECT as value part in the access map.  Taking
+the example from above:
 
 	spammer@aol.com		REJECT
 	cyberspammer.com	REJECT
@@ -1388,11 +1797,16 @@ There is also a ``Realtime Blackhole List'' run by the MAPS project
 at http://maps.vix.com/.  This is a database maintained in DNS of
 spammers.  To use this database, use
 
-	FEATURE(`rbl')
+	FEATURE(`dnsbl')
 
 This will cause sendmail to reject mail from any site in the
 Realtime Blackhole List database.  You can specify an alternative
-RBL name server to contact by specifying an argument to the FEATURE.
+RBL domain to check by specifying an argument to the FEATURE.
+A second argument can be used to change the default error message
+Mail from $&{client_addr} refused by blackhole site DOMAIN
+where DOMAIN is replaced by the first argument.  This FEATURE can
+be included several times to query different DNS based rejection
+lists, e.g., the dial-up user list (see http://maps.vix.com/dul/).
 
 The features described above make use of the check_relay, check_mail,
 and check_rcpt rulesets.  If you wish to include your own checks,
@@ -1401,15 +1815,15 @@ Local_check_mail, and Local_check_rcpt.  For example if you wanted to
 block senders with all numeric usernames (i.e. 2312343@bigisp.com),
 you would use Local_check_mail and the new regex map:
 
-	LOCAL_CONFIG 
-	Kallnumbers regex -a@MATCH ^[0-9]+$ 
- 
-	LOCAL_RULESETS 
-	SLocal_check_mail 
-	# check address against various regex checks 
+	LOCAL_CONFIG
+	Kallnumbers regex -a@MATCH ^[0-9]+$
+
+	LOCAL_RULESETS
+	SLocal_check_mail
+	# check address against various regex checks
 	R$*				$: $>Parse0 $>3 $1
-	R$+ < @ bigisp.com. > $*	$: $(allnumbers $1 $) 
-	R@MATCH				$#error $: 553 Header Error 
+	R$+ < @ bigisp.com. > $*	$: $(allnumbers $1 $)
+	R@MATCH				$#error $: 553 Header Error
 
 These rules are called with the original arguments of the corresponding
 check_* ruleset.  If the local ruleset returns $#OK, no further checking
@@ -1418,6 +1832,93 @@ local ruleset resolves to a mailer (such as $#error or $#discard), the
 appropriate action is taken.  Otherwise, the results of the local
 rewriting are ignored.
 
+Finer control by using tags for the LHS of the access map
+
+Read this section only if the options listed so far are not sufficient
+for your purposes.  There is now the option to tag entries in the
+access map according to their type.  Three tags are available:
+
+	Connect:	connection information (${client_addr}, ${client_name})
+	From:		sender
+	To:		recipient
+
+If the required item is looked up in a map, it will be tried first
+with the corresponding tag in front, then (as fallback to enable
+backward compatibility) without any tag.  For example,
+
+	From:spammer@some.dom	REJECT
+	To:friend.domain	RELAY
+	Connect:friend.domain	OK
+	Connect:from.domain	RELAY
+	From:good@another.dom	OK
+	From:another.dom	REJECT
+
+This would deny mails from spammer@some.dom but you could still
+send mail to that address even if FEATURE(`blacklist_recipients')
+is enabled.  Your system will allow relaying to friend.domain, but
+not from it (unless enabled by other means).  Connections from that
+domain will be allowed even if it ends up in one of the DNS based
+rejection lists.  Relaying is enabled from from.domain but not to
+it (since relaying is based on the connection information for
+outgoing relaying, the tag Connect: must be used; for incoming
+relaying, which is based on the recipient address, To: must be
+used).  The last two entries allow mails from good@another.dom but
+reject mail from all other addresses with another.dom as domain
+part.
+
+Delay all checks
+
+By using FEATURE(`delay_checks') the rulesets check_mail and check_relay
+will not be called when a client connects or issues a MAIL command,
+respectively.  Instead, those rulesets will be called by the check_rcpt
+ruleset; they will be skipped if a sender has been authenticated using
+a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().
+If check_mail returns an error then the RCPT TO command will be rejected
+with that error.  If it returns some other result starting with $# then
+check_relay will be skipped.  If the sender address (or a part of it) is
+listed in the access map and it has a RHS of OK or RELAY, then check_relay
+will be skipped.  This has an interesting side effect: if your domain is
+my.domain and you have
+
+	my.domain	RELAY
+
+in the access map, then all e-mail with a sender address of
+<user@my.domain> gets through, even if check_relay would reject it
+(e.g., based on the hostname or IP address).  This allows spammers
+to get around DNS based blacklist by faking the sender address.  To
+avoid this problem you have to use tagged entries:
+
+	To:my.domain		RELAY
+	Connect:my.domain	RELAY
+
+if you need those entries at all (class {R} may take care of them).
+ 
+FEATURE(`delay_checks') can take an optional argument:
+
+	FEATURE(`delay_checks', `friend')
+		 enables spamfriend test
+	FEATURE(`delay_checks', `hater')
+		 enables spamhater test
+
+If such an argument is given, the recipient will be looked up in the access
+map (using the tag To:).  If the argument is `friend', then the other
+rulesets will be skipped if the recipient address is found and has RHS
+spamfriend.  If the argument is `hater', then the other rulesets will be
+applied if the recipient address is found and has RHS spamhater.
+
+This allows for simple exceptions from the tests, e.g., by activating
+the spamfriend option and having
+
+	To:abuse@	SPAMFRIEND
+
+in the access map, mail to abuse@localdomain will get through.  It is
+also possible to specify a full address or an address with +detail:
+
+	To:abuse@abuse.my.domain	SPAMFRIEND
+	To:me+abuse@		SPAMFRIEND
+
+
+Header Checks
 
 You can also reject mail on the basis of the contents of headers.
 This is done by adding a ruleset call to the 'H' header definition command
@@ -1431,25 +1932,211 @@ a Message-ID: header:
 	R< $+ @ $+ >		$@ OK
 	R$*			$#error $: 553 Header Error
 
-Users of FEATURE(`nullclient') who desire to use the anti-spam and
-anti-relaying capabilities should replace FEATURE(`nullclient', `mailhub')
-with:
+The alternative format:
 
-	undefine(`ALIAS_FILE')
-	define(`MAIL_HUB', `mailhub')
-	define(`SMART_HOST', `mailhub')
-	define(`confFORWARD_PATH', `')
+	HSubject: $>+CheckSubject
 
-where mailhub is the fully qualified hostname for their mail server.
-The above rules will provide the relaying to the mailhub without local
-alias and forward file expansion.  To match the other behavior of
-FEATURE(`nullclient'), you should also add these lines along with those
-listed above:
+that is, $>+ instead of $>, gives the full Subject: header including
+comments to the ruleset (comments in parentheses () are stripped
+by default).
 
-	MASQUERADE_AS(`mailhub')
-	FEATURE(`allmasquerade')
-	FEATURE(`masquerade_envelope')
+A default ruleset for headers which don't have a specific ruleset
+defined for them can be given by:
+
+	H*: $>CheckHdr
+
+After all of the headers are read, the check_eoh ruleset will be called for
+any final header-related checks.  The ruleset is called with the number of
+headers and the size of all of the headers in bytes separated by $|.  One
+example usage is to reject messages which do not have a Message-Id:
+header.  However, the Message-Id: header is *NOT* a required header and is
+not a guaranteed spam indicator.  This ruleset is an example and should
+probably not be used in production.
+
+	LOCAL_CONFIG
+	Kstorage macro
+
+	LOCAL_RULESETS
+	HMessage-Id: $>CheckMessageId
+
+	SCheckMessageId
+	# Record the presence of the header
+	R$*			$: $(storage {MessageIdCheck} $@ OK $) $1
+	R< $+ @ $+ >		$@ OK
+	R$*			$#error $: 553 Header Error
+
+	Scheck_eoh
+	# Check the macro
+	R$*			$: < $&{MessageIdCheck} >
+	# Clear the macro for the next message
+	R$*			$: $(storage {MessageIdCheck} $) $1
+	# Has a Message-Id: header
+	R< $+ >			$@ OK
+	# Allow missing Message-Id: from local mail
+	R$*			$: < $&{client_name} >
+	R< >			$@ OK
+	R< $=w >		$@ OK
+	# Otherwise, reject the mail
+	R$*			$#error $: 553 Header Error
+
++--------------------------------+
+| STARTTLS                       |
++--------------------------------+
+
+In this text, cert will be used as an abreviation for X.509 certificate,
+DN is the distinguished name of a cert, and CA is a certification authority.
+
+Macros related to STARTTLS are:
+
+${cert_issuer} holds the DN of the CA (the cert issuer).
+${cert_subject} holds the DN of the cert (called the cert subject).
+${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
+	SSLv3, SSLv2.
+${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
+	EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
+${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
+	used for the connection.
+${verify} holds the result of the verification of the presented cert. Possible
+	values are:
+	OK	verification succeeded.
+	NO	no cert presented.
+	FAIL	cert presented but could not be verified, e.g., the signing
+		CA is missing.
+	NONE	STARTTLS has not been performed.
+	TEMP	temporary error occurred.
+	PROTOCOL some protocol error occurred.
+	SOFTWARE STARTTLS handshake failed.
+${server_name}	the name of the server of the current outgoing SMTP
+	connection.
+${server_addr}	the address of the server of the current outgoing SMTP
+	connection.
+
+Relaying
+
+SMTP STARTTLS can allow relaying for senders who have successfully
+authenticated themselves. This is done in the ruleset RelayAuth. If the
+verification of the cert failed (${verify} != OK), relaying is subject to
+the usual rules. Otherwise the DN of the issuer is looked up in the access
+map using the tag CERTISSUER. If the resulting value is RELAY, relaying is
+allowed. If it is SUBJECT, the DN of the cert subject is looked up next in
+the access map. using the tag CERTSUBJECT. If the value is RELAY, relaying
+is allowed.
+
+To make things a bit more flexible (or complicated), the values for
+${cert_issuer} and ${cert_subject} can be optionally modified by regular
+expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
+_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in
+rulesets and map lookups, they are modified as follows: each non-printable
+character and the characters '<', '>', '(', ')', '"', '+' are replaced by
+their HEX value with a leading '+'. For example:
+
+/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email=
+darth+cert@endmail.org
+
+is encoded as:
+
+/C=US/ST=California/O=endmail.org/OU=private/CN=
+Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
+
+(line breaks have been inserted for readability).
+
+Of course it is also possible to write a simple rulesets that allows
+relaying for everyone who can present a cert that can be verified, e.g.,
+
+LOCAL_RULESETS
+SLocal_check_rcpt
+R$*	$: $&{verify}
+ROK	$# OK
+
+Allowing Connections
+
+The rulesets tls_server and tls_client are used to decide whether an SMTP
+connection is accepted (or should continue).
+
+tls_server is called when sendmail acts as client after a STARTTLS command
+(should) have been issued. The parameter is the value of ${verify}.
+
+tls_client is called when sendmail acts as server, after a STARTTLS command
+has been issued, and from check_mail. The parameter is the value of
+${verify} and STARTTLS or MAIL, respectively.
+
+Both rulesets behave the same. If no access map is in use, the connection
+will be accepted unless ${verify} is SOFTWARE, in which case the connection
+is always aborted.  Otherwise, ${client_name} (${server_name}) is looked
+up in the access map using the tag TLS_Srv (or TLS_Clt), which is done
+with the ruleset LookUpDomain. If no entry is found, ${client_addr}
+(${server_addr}) is looked up in the access map (same tag, ruleset
+LookUpAddr). If this doesn't result in an entry either, just the tag is
+looked up in the access map (included the trailing :).  The result of the
+lookups is then used to call the ruleset tls_connection, which checks the
+requirement specified by the RHS in the access map against the actual
+parameters of the current TLS connection, esp. ${verify} and
+${cipher_bits}. Legal RHSs in the access map are:
+
+VERIFY		verification must have succeeded
+VERIFY:bits	verification must have succeeded and ${cipher_bits} must
+		be greater than or equal bits.
+ENCR:bits	${cipher_bits} must be greater than or equal bits.
+
+The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
+or permanent error. The default is a temporary error code (403 4.7.0)
+unless the macro TLS_PERM_ERR is set during generation of the .cf file.
+
+If a certain level of encryption is required, then it might also be
+possible that this level is provided by the security layer from a SASL
+algorithm, e.g., DIGEST-MD5.
+
+Example: e-mail send to secure.example.com should only use an encrypted
+connection. e-mail received from hosts within the laptop.example.com domain
+should only be accepted if they have been authenticated.
+TLS_Srv:secure.example.com      ENCR:112
+TLS_Clt:laptop.example.com      PERM+VERIFY:112
+
+Received: Header
+
+The Received: header reveals whether STARTTLS has been used. It contains an
+extra line:
+
+(using ${tls_version} with cipher ${cipher} (${cipher_bits} bits) verified ${verify})
+
++--------------------------------+
+| SMTP AUTHENTICATION            |
++--------------------------------+
+
+The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be
+used in anti-relay rulesets to allow relaying for those users that
+authenticated themselves.  A very simple example is:
+
+SLocal_check_rcpt
+R$*		$: $&{auth_type}
+R$+		$# OK
+
+which checks whether a user has successfully authenticated using
+any available mechanism.  Depending on the setup of the CYRUS SASL
+library, more sophisticated rulesets might be required, e.g.,
+
+SLocal_check_rcpt
+R$*		$: $&{auth_type} $| $&{auth_authen}
+RDIGEST-MD5 $| $+@$=w	$# OK
+
+to allow relaying for users that authenticated using DIGEST-MD5
+and have an identity in the local domains.
 
+The ruleset Strust_auth is used to determine whether a given AUTH=
+parameter (that is passed to this ruleset) should be trusted.  This
+ruleset may make use of the other ${auth_*} macros.  Only if the
+ruleset resolves to the error mailer, the AUTH= parameter is not
+trusted.  A user supplied ruleset Local_trust_auth can be written
+to modify the default behavior, which only trust the AUTH=
+parameter if it is identical to the authenticated user.
+
+Per default, relaying is allowed for any user who authenticated
+via a "trusted" mechanism, i.e., one that is defined via
+TRUST_AUTH_MECH(`list of mechanisms')
+
+If the selected mechanism provides a security layer the number of
+bits used for the key of the symmetric cipher is stored in the
+macro ${auth_ssf}.
 
 +--------------------------------+
 | ADDING NEW MAILERS OR RULESETS |
@@ -1468,15 +2155,60 @@ LOCAL_RULESETS respectively.  For example:
 	...
 
 
+#if _FFR_MILTER
++---------------------------+
+| ADDING NEW MAILER FILTERS |
++---------------------------+
+
+Sendmail supports mail filters to filter incoming SMTP messages according
+to the "Sendmail Mail Filter API" documentation.  These filters can be
+configured in your mc file using the two commands:
+
+	MAIL_FILTER(`name', `equates')
+	INPUT_MAIL_FILTER(`name', `equates')
+
+The first command, MAIL_FILTER(), simply defines a filter with the given
+name and equates.  For example:
+
+	MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
+
+This creates the equivalent sendmail.cf entry:
+
+	Xarchive, S=local:/var/run/archivesock, F=R
+
+The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER
+but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name
+of the filter such that the filter will actually be called by sendmail.
+
+For example, the two commands:
+
+	INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
+	INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
+
+are equivalent to the three commands:
+
+	MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
+	MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
+	define(`confINPUT_MAIL_FILTERS', `archive, spamcheck')
+
+In general, INPUT_MAIL_FILTER() should be used unless you need to define
+more filters than you want to use for `confINPUT_MAIL_FILTERS'.
+
+Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
+commands will clear the list created by the prior INPUT_MAIL_FILTER()
+commands.
+#endif /* _FFR_MILTER */
+
+
 +-------------------------------+
 | NON-SMTP BASED CONFIGURATIONS |
 +-------------------------------+
 
-These configuration files are designed primarily for use by SMTP-based
-sites.  I don't pretend that they are well tuned for UUCP-only or
+These configuration files are designed primarily for use by
+SMTP-based sites.  They may not be well tuned for UUCP-only or
 UUCP-primarily nodes (the latter is defined as a small local net
-connected to the rest of the world via UUCP).  However, there is one
-hook to handle some special cases.
+connected to the rest of the world via UUCP).  However, there is
+one hook to handle some special cases.
 
 You can define a ``smart host'' that understands a richer address syntax
 using:
@@ -1490,12 +2222,12 @@ If you are on a local SMTP-based net that connects to the outside
 world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
 For example:
 
-	define(`SMART_HOST', `suucp:uunet')
+	define(`SMART_HOST', `uucp-new:uunet')
 	LOCAL_NET_CONFIG
 	R$* < @ $* .$m. > $*	$#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
 
 This will cause all names that end in your domain name ($m) via
-SMTP; anything else will be sent via suucp (smart UUCP) to uunet.
+SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
 If you have FEATURE(`nocanonify'), you may need to omit the dots after
 the $m.  If you are running a local DNS inside your domain which is
 not otherwise connected to the outside world, you probably want to
@@ -1531,6 +2263,24 @@ name.  This is usually done using:
 	define(`confDOMAIN_NAME', `$w.$m')dnl
 
 
++-----------------------------------+
+| ACCEPTING MAIL FOR MULTIPLE NAMES |
++-----------------------------------+
+
+If your host is known by several different names, you need to augment
+class {w}.  This is a list of names by which your host is known, and
+anything sent to an address using a host name in this list will be
+treated as local mail.  You can do this in two ways:  either create the
+file /etc/mail/local-host-names containing a list of your aliases (one per
+line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add
+``LOCAL_DOMAIN(`alias.host.name')''.  Be sure you use the fully-qualified
+name of the host, rather than a short name.
+
+If you want to have different address in different domains, take
+a look at the virtusertable feature, which is also explained at
+http://www.sendmail.org/virtual-hosting.html
+
+
 +--------------------+
 | USING MAILERTABLES |
 +--------------------+
@@ -1540,13 +2290,13 @@ database containing the routing information for various domains.
 For example, a mailertable file in text format might be:
 
 	.my.domain		xnet:%1.my.domain
-	uuhost1.my.domain	suucp:uuhost1
+	uuhost1.my.domain	uucp-new:uuhost1
 	.bitnet			smtp:relay.bit.net
 
-This should normally be stored in /etc/mailertable.  The actual
+This should normally be stored in /etc/mail/mailertable.  The actual
 database version of the mailertable is built using:
 
-	makemap hash /etc/mailertable.db < /etc/mailertable
+	makemap hash /etc/mail/mailertable < /etc/mail/mailertable
 
 The semantics are simple.  Any LHS entry that does not begin with
 a dot matches the full host name indicated.  LHS entries beginning
@@ -1555,10 +2305,13 @@ they can be thought of as having a leading "*" wildcard.  Matching
 is done in order of most-to-least qualified -- for example, even
 though ".my.domain" is listed first in the above example, an entry
 of "uuhost1.my.domain" will match the second entry since it is
-more explicit.
+more explicit.  Note: e-mail to "user@my.domain" does not match
+any entry in the above table. You need to have something like:
+
+	my.domain		esmtp:host.my.domain
 
 The RHS should always be a "mailer:host" pair.  The mailer is the
-configuration name of a mailer (that is, an `M' line in the
+configuration name of a mailer (that is, an {M} line in the
 sendmail.cf file).  The "host" will be the hostname passed to
 that mailer.  In domain-based matches (that is, those with leading
 dots) the "%1" may be used to interpolate the wildcarded part of
@@ -1588,7 +2341,7 @@ again, which would give you an MX loop.
 
 The user database was not originally intended for mapping full names
 to login names (e.g., Eric.Allman => eric), but some people are using
-it that way.  (I would recommend that you set up aliases for this
+it that way.  (it is recommended that you set up aliases for this
 purpose instead -- since you can specify multiple alias files, this
 is fairly easy.)  The intent was to locate the default maildrop at
 a site, but allow you to override this by sending to a specific host.
@@ -1599,20 +2352,18 @@ e-mail sent to Full.Name@local.host.name will be rejected.
 
 To build the internal form of the user database, use:
 
-	makemap btree /usr/data/base.db < /usr/data/base.txt
+	makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
 
-As a general rule, I am adamantly opposed to using full names as
-e-mail addresses, since they are not in any sense unique.  For example,
-the Unix software-development community has two Andy Tannenbaums,
-at least two well-known Peter Deutsches, and at one time Bell Labs
-had two Stephen R. Bournes with offices along the same hallway.
-Which one will be forced to suffer the indignity of being
-Stephen_R_Bourne_2?  The less famous of the two, or the one that
-was hired later?
+As a general rule, it is an extremely bad idea to using full names
+as e-mail addresses, since they are not in any sense unique.  For
+example, the Unix software-development community has at least two
+well-known Peter Deutsches, and at one time Bell Labs had two
+Stephen R. Bournes with offices along the same hallway.  Which one
+will be forced to suffer the indignity of being Stephen_R_Bourne_2?
+The less famous of the two, or the one that was hired later?
 
 Finger should handle full names (and be fuzzy).  Mail should use
-handles, and not be fuzzy.  [Not that I expect anyone to pay any
-attention to my opinions.]
+handles, and not be fuzzy.
 
 
 +--------------------------------+
@@ -1634,11 +2385,6 @@ Plussed users
 	If that is not found, the alias "root+*" will be tried,
 	then "root".
 
-LDAP
-	For notes on use LDAP in sendmail, see
-	http://www.stanford.edu/~bbense/Inst.html
-
-
 
 +----------------+
 | SECURITY NOTES |
@@ -1673,7 +2419,7 @@ for.  In particular:
   files and programs listed in them will be honored).
 
 In general, file giveaways are a mistake -- if you can turn them
-off I recommend you do so.
+off, do so.
 
 
 +--------------------------------+
@@ -1711,38 +2457,44 @@ confDOMAIN_NAME		$j macro	If defined, sets $j.  This should
 					domain name.
 confCF_VERSION		$Z macro	If defined, this is appended to the
 					configuration version name.
-confFROM_HEADER		From:		[$?x$x <$g>$|$g$.] The format of an 
+confFROM_HEADER		From:		[$?x$x <$g>$|$g$.] The format of an
 					internally generated From: address.
 confRECEIVED_HEADER	Received:
 		[$?sfrom $s $.$?_($?s$|from $.$_)
+			$.$?{auth_type}(authenticated)
 			$.by $j ($v/$Z)$?r with $r$. id $i$?u
 			for $u; $|;
 			$.$b]
 					The format of the Received: header
 					in messages passed through this host.
 					It is unwise to try to change this.
-confCW_FILE		Fw class	[/etc/sendmail.cw] Name of file used
-					to get the local additions to the $=w
-					(local host names) class.
-confCT_FILE		Ft class	[/etc/sendmail.ct] Name of file used
-					to get the local additions to the $=t
-					(trusted users) class.
+confCW_FILE		Fw class	[/etc/mail/local-host-names] Name
+					of file used to get the local
+					additions to class {w} (local host
+					names).
+confCT_FILE		Ft class	[/etc/mail/trusted-users] Name of
+					file used to get the local additions
+					to class {t} (trusted users).
 confCR_FILE		FR class	[/etc/mail/relay-domains] Name of
 					file used to get the local additions
-					to the $=R (hosts allowed to relay)
-					class.
+					to class {R} (hosts allowed to relay).
 confTRUSTED_USERS	Ct class	[no default] Names of users to add to
 					the list of trusted users.  This list
 					always includes root, uucp, and daemon.
 					See also FEATURE(`use_ct_file').
+confTRUSTED_USER	TrustedUser	[no default] Trusted user for file
+					ownership and starting the daemon.
+					Not to be confused with
+					confTRUSTED_USERS (see above).
 confSMTP_MAILER		-		[esmtp] The mailer name used when
 					SMTP connectivity is required.
-					One of "smtp", "smtp8", or "esmtp".
+					One of "smtp", "smtp8",
+					"esmtp", or "dsmtp".
 confUUCP_MAILER		-		[uucp-old] The mailer to be used by
 					default for bang-format recipient
 					addresses.  See also discussion of
-					$=U, $=Y, and $=Z in the MAILER(uucp)
-					section.
+					class {U}, class {Y}, and class {Z}
+					in the MAILER(`uucp') section.
 confLOCAL_MAILER	-		[local] The mailer name used when
 					local connectivity is required.
 					Almost always "local".
@@ -1770,7 +2522,7 @@ confMAX_MESSAGE_SIZE	MaxMessageSize	[infinite] The maximum size of messages
 confBLANK_SUB		BlankSub	[.] Blank (space) substitution
 					character.
 confCON_EXPENSIVE	HoldExpensive	[False] Avoid connecting immediately
-					to mailers marked expensive?
+					to mailers marked expensive.
 confCHECKPOINT_INTERVAL	CheckpointInterval
 					[10] Checkpoint queue files every N
 					recipients.
@@ -1778,15 +2530,19 @@ confDELIVERY_MODE	DeliveryMode	[background] Default delivery mode.
 confAUTO_REBUILD	AutoRebuildAliases
 					[False] Automatically rebuild alias
 					file if needed.
+					There is a potential for a denial
+					of service attack if this is set.
+					This option is deprecated and will
+					be removed from a future version.
 confERROR_MODE		ErrorMode	[print] Error message mode.
 confERROR_MESSAGE	ErrorHeader	[undefined] Error message header/file.
 confSAVE_FROM_LINES	SaveFromLine	Save extra leading From_ lines.
 confTEMP_FILE_MODE	TempFileMode	[0600] Temporary file mode.
 confMATCH_GECOS		MatchGECOS	[False] Match GECOS field.
 confMAX_HOP		MaxHopCount	[25] Maximum hop count.
-confIGNORE_DOTS*	IgnoreDots	[False; always False in -bs or -bd mode]
-					Ignore dot as terminator for incoming
-					messages?
+confIGNORE_DOTS*	IgnoreDots	[False; always False in -bs or -bd
+					mode] Ignore dot as terminator for
+					incoming messages?
 confBIND_OPTS		ResolverOptions	[undefined] Default options for DNS
 					resolver.
 confMIME_FORMAT_ERRORS*	SendMimeErrors	[True] Send error messages as MIME-
@@ -1818,14 +2574,16 @@ confSINGLE_THREAD_DELIVERY  SingleThreadDelivery
 					cached but otherwise idle connection
 					to a host will prevent other sendmails
 					from connecting to the other host.
-confUSE_ERRORS_TO*	UserErrorsTo	[False] Use the Errors-To: header to
+confUSE_ERRORS_TO*	UseErrorsTo	[False] Use the Errors-To: header to
 					deliver error messages.  This should
 					not be necessary because of general
 					acceptance of the envelope/header
 					distinction.
 confLOG_LEVEL		LogLevel	[9] Log level.
-confME_TOO		MeToo		[False] Include sender in group
-					expansions.
+confME_TOO		MeToo		[True] Include sender in group
+					expansions.  This option is
+					deprecated and will be removed from
+					a future version.
 confCHECK_ALIASES	CheckAliases	[False] Check RHS of aliases when
 					running newaliases.  Since this does
 					DNS lookups on every address, it can
@@ -1833,8 +2591,9 @@ confCHECK_ALIASES	CheckAliases	[False] Check RHS of aliases when
 					considerably on large alias files.
 confOLD_STYLE_HEADERS*	OldStyleHeaders	[True] Assume that headers without
 					special chars are old style.
-confDAEMON_OPTIONS	DaemonPortOptions
-					[none] SMTP daemon options.
+confCLIENT_OPTIONS	ClientPortOptions
+					[none] Options for outgoing SMTP client
+					connections.
 confPRIVACY_FLAGS	PrivacyOptions	[authwarnings] Privacy flags.
 confCOPY_ERRORS_TO	PostmasterCopy	[undefined] Address for additional
 					copies of all error messages.
@@ -1880,13 +2639,16 @@ confTO_QUIT		Timeout.quit	[2m] The timeout waiting for a response
 					to the QUIT command.
 confTO_MISC		Timeout.misc	[2m] The timeout waiting for a response
 					to other SMTP commands.
-confTO_COMMAND		Timeout.command	[1h] In server SMTP, the timeout waiting
-					for a command to be issued.
-confTO_IDENT		Timeout.ident	[30s] The timeout waiting for a response
-					to an IDENT query.
+confTO_COMMAND		Timeout.command	[1h] In server SMTP, the timeout
+					waiting	for a command to be issued.
+confTO_IDENT		Timeout.ident	[5s] The timeout waiting for a
+					response to an IDENT query.
 confTO_FILEOPEN		Timeout.fileopen
 					[60s] The timeout waiting for a file
 					(e.g., :include: file) to be opened.
+confTO_CONTROL		Timeout.control
+					[2m] The timeout for a complete
+					control socket transaction to complete.
 confTO_QUEUERETURN	Timeout.queuereturn
 					[5d] The timeout before a message is
 					returned as undeliverable.
@@ -1905,7 +2667,8 @@ confTO_QUEUERETURN_NONURGENT
 confTO_QUEUEWARN	Timeout.queuewarn
 					[4h] The timeout before a warning
 					message is sent to the sender telling
-					them that the message has been deferred.
+					them that the message has been
+					deferred.
 confTO_QUEUEWARN_NORMAL	Timeout.queuewarn.normal
 					[undefined] As above, for normal
 					priority messages.
@@ -1923,29 +2686,78 @@ confTO_HOSTSTATUS	Timeout.hoststatus
 					be retried.  This applies both within
 					a single queue run and to persistent
 					information (see below).
+confTO_RESOLVER_RETRANS	Timeout.resolver.retrans
+					[varies] Sets the resolver's
+					retransmition time interval (in
+					seconds).  Sets both
+					Timeout.resolver.retrans.first and
+					Timeout.resolver.retrans.normal.
+confTO_RESOLVER_RETRANS_FIRST  Timeout.resolver.retrans.first
+					[varies] Sets the resolver's
+					retransmition time interval (in
+					seconds) for the first attempt to
+					deliver a message.
+confTO_RESOLVER_RETRANS_NORMAL  Timeout.resolver.retrans.normal
+					[varies] Sets the resolver's
+					retransmition time interval (in
+					seconds) for all resolver lookups
+					except the first delivery attempt.
+confTO_RESOLVER_RETRY	Timeout.resolver.retry
+					[varies] Sets the number of times
+					to retransmit a resolver query.
+					Sets both
+					Timeout.resolver.retry.first and
+					Timeout.resolver.retry.normal.
+confTO_RESOLVER_RETRY_FIRST  Timeout.resolver.retry.first
+					[varies] Sets the number of times
+					to retransmit a resolver query for
+					the first attempt to deliver a
+					message.
+confTO_RESOLVER_RETRY_NORMAL  Timeout.resolver.retry.normal
+					[varies] Sets the number of times
+					to retransmit a resolver query for
+					all resolver lookups except the
+					first delivery attempt.
 confTIME_ZONE		TimeZoneSpec	[USE_SYSTEM] Time zone info -- can be
 					USE_SYSTEM to use the system's idea,
 					USE_TZ to use the user's TZ envariable,
 					or something else to force that value.
 confDEF_USER_ID		DefaultUser	[1:1] Default user id.
 confUSERDB_SPEC		UserDatabaseSpec
-					[undefined] User database specification.
+					[undefined] User database
+					specification.
 confFALLBACK_MX		FallbackMXhost	[undefined] Fallback MX host.
-confTRY_NULL_MX_LIST	TryNullMXList	[False] If we are the best MX for a
-					host and haven't made other
-					arrangements, try connecting to the
-					host directly; normally this would be
-					a config error.
-confQUEUE_LA		QueueLA		[8] Load average at which queue-only
-					function kicks in.
-confREFUSE_LA		RefuseLA	[12] Load average at which incoming
-					SMTP connections are refused.
+confTRY_NULL_MX_LIST	TryNullMXList	[False] If this host is the best MX
+					for a host and other arrangements
+					haven't been made, try connecting
+					to the host directly; normally this
+					would be a config error.
+confQUEUE_LA		QueueLA		[varies] Load average at which
+					queue-only function kicks in.
+					Default values is (8 * numproc)
+					where numproc is the number of
+					processors online (if that can be
+					determined).
+confREFUSE_LA		RefuseLA	[varies] Load average at which
+					incoming SMTP connections are
+					refused.  Default values is (12 *
+					numproc) where numproc is the
+					number of processors online (if
+					that can be determined).
+confMAX_ALIAS_RECURSION	MaxAliasRecursion
+					[10] Maximum depth of alias recursion.
 confMAX_DAEMON_CHILDREN	MaxDaemonChildren
 					[undefined] The maximum number of
 					children the daemon will permit.  After
 					this number, connections will be
 					rejected.  If not set or <= 0, there is
 					no limit.
+confMAX_HEADERS_LENGTH	MaxHeadersLength
+					[undefined] Maximum length of the sum
+					of all headers.
+confMAX_MIME_HEADER_LENGTH  MaxMimeHeaderLength
+					[undefined] Maximum length of
+					certain MIME header field values.
 confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
 					[undefined] The maximum number of
 					connections permitted per second.
@@ -1955,12 +2767,12 @@ confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
 					no limit.
 confWORK_RECIPIENT_FACTOR
 			RecipientFactor	[30000] Cost of each recipient.
-confSEPARATE_PROC	ForkEachJob	[False] Run all deliveries in a separate
-					process.
+confSEPARATE_PROC	ForkEachJob	[False] Run all deliveries in a
+					separate process.
 confWORK_CLASS_FACTOR	ClassFactor	[1800] Priority multiplier for class.
 confWORK_TIME_FACTOR	RetryFactor	[90000] Cost of each delivery attempt.
 confQUEUE_SORT_ORDER	QueueSortOrder	[Priority] Queue sort algorithm:
-					Priority, Host, or Time.
+					Priority, Host, Filename, or Time.
 confMIN_QUEUE_AGE	MinQueueAge	[0] The minimum amount of time a job
 					must sit in the queue between queue
 					runs.  This allows you to set the
@@ -1971,9 +2783,10 @@ confDEF_CHAR_SET	DefaultCharSet	[unknown-8bit] When converting
 					unlabeled 8 bit input to MIME, the
 					character set to use by default.
 confSERVICE_SWITCH_FILE	ServiceSwitchFile
-					[/etc/service.switch] The file to use
-					for the service switch on systems that
-					do not have a system-defined switch.
+					[/etc/mail/service.switch] The file
+					to use for the service switch on
+					systems that do not have a
+					system-defined switch.
 confHOSTS_FILE		HostsFile	[/etc/hosts] The file to use when doing
 					"file" type access of hosts names.
 confDIAL_DELAY		DialDelay	[0s] If a connection fails, wait this
@@ -2010,7 +2823,7 @@ confCOLON_OK_IN_ADDR	ColonOkInAddr	[True unless Configuration Level > 6]
 confMAX_QUEUE_RUN_SIZE	MaxQueueRunSize	[0] If set, limit the maximum size of
 					any given queue run to this number of
 					entries.  Essentially, this will stop
-					reading the queue directory after this
+					reading each queue directory after this
 					number of entries are reached; it does
 					_not_ pick the highest priority jobs,
 					so this should be as large as your
@@ -2030,7 +2843,7 @@ confDONT_EXPAND_CNAMES	DontExpandCnames
 					you may not see any effect until your
 					downstream neighbors stop doing CNAME
 					lookups as well.
-confFROM_LINE		UnixFromLine	[From $g  $d] The From_ line used
+confFROM_LINE		UnixFromLine	[From $g $d] The From_ line used
 					when sending to files or programs.
 confSINGLE_LINE_FROM_HEADER  SingleLineFromHeader
 					[False] From: lines that have
@@ -2067,11 +2880,23 @@ confUNSAFE_GROUP_WRITES	UnsafeGroupWrites
 					and files cannot be directly referenced
 					from such files.  World-writable files
 					are always considered unsafe.
+confCONNECT_ONLY_TO	ConnectOnlyTo	[undefined] override connection
+					address (for testing).
+confCONTROL_SOCKET_NAME	ControlSocketName
+					[undefined] Control socket for daemon
+					management.
 confDOUBLE_BOUNCE_ADDRESS  DoubleBounceAddress
 					[postmaster] If an error occurs when
 					sending an error message, send that
 					"double bounce" error message to this
 					address.
+confDEAD_LETTER_DROP	DeadLetterDrop	[undefined] Filename to save bounce
+					messages which could not be returned
+					to the user or sent to postmaster.
+					If not set, the queue file will
+					be renamed.
+confRRT_IMPLIES_DSN	RrtImpliesDsn	[False] Return-Receipt-To: header
+					implies DSN request.
 confRUN_AS_USER		RunAsUser	[undefined] If set, become this user
 					when reading and delivering mail.
 					Causes all file reads (e.g., .forward
@@ -2091,13 +2916,18 @@ confMAX_RCPTS_PER_MESSAGE  MaxRecipientsPerMessage
 confDONT_PROBE_INTERFACES  DontProbeInterfaces
 					[False] If set, sendmail will _not_
 					insert the names and addresses of any
-					local interfaces into the $=w class
+					local interfaces into class {w}
 					(list of known "equivalent" addresses).
 					If you set this, you must also include
 					some support for these addresses (e.g.,
 					in a mailertable entry) -- otherwise,
 					mail to addresses in this list will
 					bounce with a configuration error.
+confPID_FILE		PidFile		[system dependent] Location of pid
+					file.
+confPROCESS_TITLE_PREFIX  ProcessTitlePrefix
+					[undefined] Prefix string for the
+					process title shown on 'ps' listings.
 confDONT_BLAME_SENDMAIL	DontBlameSendmail
 					[safe] Override sendmail's file
 					safety checks.  This will definitely
@@ -2107,10 +2937,139 @@ confDONT_BLAME_SENDMAIL	DontBlameSendmail
 confREJECT_MSG		-		[550 Access denied] The message
 					given if the access database contains
 					REJECT in the value portion.
+confDF_BUFFER_SIZE	DataFileBufferSize
+					[4096] The maximum size of a
+					memory-buffered data (df) file
+					before a disk-based file is used.
+confXF_BUFFER_SIZE	XScriptFileBufferSize
+					[4096] The maximum size of a
+					memory-buffered transcript (xf)
+					file before a disk-based file is
+					used.
+confAUTH_MECHANISMS	AuthMechanisms	[GSSAPI KERBEROS_V4 DIGEST-MD5
+					CRAM-MD5] List of authentication
+					mechanisms for AUTH (separated by
+					spaces).  The advertised list of
+					authentication mechanisms will be the
+					intersection of this list and the list
+					of available mechanisms as determined
+					by the CYRUS SASL library.
+confDEF_AUTH_INFO	DefaultAuthInfo	[undefined] Filename that contains
+					authentication information for
+					outgoing connections.  This file
+					must contain the user id, the
+					authorization id, the password
+					(plain text), and the realm to use,
+					each on a separate line and must be
+					readable by root (or the trusted
+					user) only.  If no realm is
+					specified, $j is used.
+
+					NOTE: Currently, AuthMechanisms is
+					used to determine the list of
+					mechanisms to use on an outgoing
+					connection.  Sites which require a
+					different list of mechanisms for
+					incoming connections and outgoing
+					connections will have the ability
+					to do this in 8.11 by specifying a
+					list of mechanisms as the fifth
+					line of the DefaultAuthInfo file.
+					If no mechanisms are given in the
+					file, AuthMechanisms is used.  The
+					code for doing so is included as
+					in the sendmail source code but
+					disabled.  It can be enabled by
+					recompiling sendmail with:
+					-D_FFR_DEFAUTHINFO_MECHS
+confAUTH_OPTIONS	AuthOptions	[undefined] If this options is 'A'
+					then the AUTH= parameter for the
+					MAIL FROM command is only issued
+					when authentication succeeded.
+confLDAP_DEFAULT_SPEC	LDAPDefaultSpec	[undefined] Default map
+					specification for LDAP maps.  The
+					value should only contain LDAP
+					specific settings such as "-h host
+					-p port -d bindDN", etc.  The
+					settings will be used for all LDAP
+					maps unless they are specified in
+					the individual map specification
+					('K' command).
+confCACERT_PATH		CACERTPath	[undefined] Path to directory
+					with certs of CAs.
+confCACERT		CACERTFile	[undefined] File containing one CA
+					cert.
+confSERVER_CERT		ServerCertFile	[undefined] File containing the
+					cert of the server, i.e., this cert
+					is used when sendmail acts as
+					server.
+confSERVER_KEY		ServerKeyFile	[undefined] File containing the
+					private key belonging to the server
+					cert.
+confCLIENT_CERT		ClientCertFile	[undefined] File containing the
+					cert of the client, i.e., this cert
+					is used when sendmail acts as
+					client.
+confCLIENT_KEY		ClientKeyFile	[undefined] File containing the
+					private key belonging to the client
+					cert.
+confDH_PARAMETERS	DHParameters	[undefined] File containing the
+					DH parameters.
+confRAND_FILE		RandFile	[undefined] File containing random
+					data or the name of the Unix socket
+					if EGD is used.  STARTTLS requires
+					this option if the compile flag
+					HASURANDOM is not set (see
+					sendmail/README).
 
 See also the description of OSTYPE for some parameters that can be
 tweaked (generally pathnames to mailers).
 
+DaemonPortOptions are a special case since multiple daemons can be
+defined.  This can be done via
+
+	DAEMON_OPTIONS(`field1=value1,field2=value2,...')
+
+If DAEMON_OPTIONS is not used, then the default is
+
+	DAEMON_OPTIONS(`Port=smtp, Name=MTA')
+	DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')
+
+If you use one DAEMON_OPTIONS macro, it will alter the parameters
+of the first of these.  The second will still be defaulted; it
+represents a "Message Submission Agent" (MSA) as defined by RFC
+2476 (see below).  To turn off the default definition for the MSA,
+use FEATURE(`no_default_msa') (see also FEATURES).  If you use
+additional DAEMON_OPTIONS macros, they will add additional daemons.
+
+Example 1:  To change the port for the SMTP listener, while
+still using the MSA default, use
+	DAEMON_OPTIONS(`Port=925, Name=MTA')
+
+Example 2:  To change the port for the MSA daemon, while still
+using the default SMTP port, use
+	FEATURE(`no_default_msa')
+	DAEMON_OPTIONS(`Name=MTA')
+	DAEMON_OPTIONS(`Port=987, Name=MSA, M=E')
+
+Note that if the first of those DAEMON_OPTIONS lines were omitted, then
+there would be no listener on the standard SMTP port.
+
+Example 3: To listen on both IPv4 and IPv6 interfaces, use
+
+	DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
+	DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
+
+A "Message Submission Agent" still uses all of the same rulesets for
+processing the message (and therefore still allows message rejection via
+the check_* rulesets).  In accordance with the RFC, the MSA will ensure
+that all domains in the envelope are fully qualified if the message is
+relayed to another MTA.  It will also enforce the normal address syntax
+rules and log error messages.  Additionally, by using the M=a modifier
+you can require authentication before messages are accepted by the MSA.
+Finally, the M=E modifier shown above disables ETRN as required by RFC
+2476.
+
 
 +-----------+
 | HIERARCHY |
@@ -2151,7 +3110,6 @@ feature		These hold special orthogonal features that you might
 hack		Local hacks.  These can be referenced using the HACK
 		macro.  They shouldn't be of more than voyeuristic
 		interest outside the .Berkeley.EDU domain, but who knows?
-		We've all got our own peccadillos.
 
 siteconfig	Site configuration -- e.g., tables of locally connected
 		UUCP sites.
@@ -2213,7 +3171,7 @@ MACROS
    J
    K
    L	Luser Relay
-   M	Masquerade (who I claim to be)
+   M	Masquerade (who you claim to be)
    N
    O
    P
@@ -2221,10 +3179,10 @@ MACROS
    R	Relay (for unqualified names)
    S	Smart Host
    T
-   U	my UUCP name (if I have a UUCP connection)
-   V	UUCP Relay (class V hosts)
-   W	UUCP Relay (class W hosts)
-   X	UUCP Relay (class X hosts)
+   U	my UUCP name (if you have a UUCP connection)
+   V	UUCP Relay (class {V} hosts)
+   W	UUCP Relay (class {W} hosts)
+   X	UUCP Relay (class {X} hosts)
    Y	UUCP Relay (all other hosts)
    Z	Version number
 
@@ -2236,7 +3194,7 @@ CLASSES
    C
    D
    E	addresses that should not seem to come from $M
-   F	hosts we forward for
+   F	hosts this system forward for
    G	domains that should be looked up in genericstable
    H
    I
@@ -2244,11 +3202,11 @@ CLASSES
    K
    L	addresses that should not be forwarded to $R
    M	domains that should be mapped to $M
-   N
+   N	host/domains that should not be mapped to $M
    O	operators that indicate network operations (cannot be in local names)
    P	top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
    Q
-   R	domains we are willing to relay (pass anti-spam filters)
+   R	domains this system is willing to relay (pass anti-spam filters)
    S
    T
    U	locally connected UUCP hosts
@@ -2270,5 +3228,7 @@ M4 DIVERSIONS
    5	locally interpreted names (overrides $R)
    6	local configuration (at top of file)
    7	mailer definitions
-   8
+   8	DNS based blacklists
    9	special local rulesets (1 and 2)
+
+$Revision: 8.383.2.1.2.15 $, Last updated $Date: 2000/07/19 22:27:29 $
diff --git a/contrib/sendmail/cf/cf/Build b/contrib/sendmail/cf/cf/Build
index 3a91477..77055f2 100755
--- a/contrib/sendmail/cf/cf/Build
+++ b/contrib/sendmail/cf/cf/Build
@@ -1,13 +1,14 @@
 #!/bin/sh
 
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
 # the sendmail distribution.
 #
 #
-#       @(#)Build	8.3 (Berkeley) 5/19/1998
+#       $Id: Build,v 8.7 1999/03/02 02:37:12 peterh Exp $
 #
 
 #
@@ -15,7 +16,7 @@
 #
 
 SMROOT=${SMROOT-../..}
-BUILDTOOLS=${BUILDTOOLS-$SMROOT/BuildTools}
+BUILDTOOLS=${BUILDTOOLS-$SMROOT/devtools}
 
 M4=`sh $BUILDTOOLS/bin/find_m4.sh`
 ret=$?
diff --git a/contrib/sendmail/cf/cf/Makefile b/contrib/sendmail/cf/cf/Makefile
index 7d0f373..1192228 100644
--- a/contrib/sendmail/cf/cf/Makefile
+++ b/contrib/sendmail/cf/cf/Makefile
@@ -1,7 +1,7 @@
 #
 #  Makefile for configuration files.
 #
-#	@(#)Makefile	8.17 (Berkeley) 4/2/1998
+#	$Id: Makefile,v 8.40 2000/02/01 22:07:15 gshapiro Exp $
 #
 
 #
@@ -24,21 +24,28 @@ RM=	rm -f
 	$(M4) ${CFDIR}/m4/cf.m4 $*.mc > $@ || ( $(RM) $@ && exit 1 )
 	$(CHMOD) $(ROMODE) $@
 
-ALL=	generic-bsd4.4.cf generic-hpux9.cf generic-hpux10.cf \
+GENERIC=generic-bsd4.4.cf generic-hpux9.cf generic-hpux10.cf \
+		generic-linux.cf \
 		generic-osf1.cf generic-solaris2.cf \
-		generic-sunos4.1.cf generic-ultrix4.cf \
-	cs-hpux9.cf cs-osf1.cf cs-solaris2.cf \
-		cs-sunos4.1.cf cs-ultrix4.cf \
+		generic-sunos4.1.cf generic-ultrix4.cf
+BERKELEY=cs-hpux9.cf cs-osf1.cf cs-solaris2.cf \
+	cs-sunos4.1.cf cs-ultrix4.cf \
 	s2k-osf1.cf s2k-ultrix4.cf \
 	chez.cs.cf huginn.cs.cf mail.cs.cf mail.eecs.cf mailspool.cs.cf \
-		python.cs.cf ucbarpa.cf ucbvax.cf vangogh.cs.cf knecht.cf
+	python.cs.cf ucbarpa.cf ucbvax.cf vangogh.cs.cf
+OTHER=	knecht.cf
+ALL=	$(GENERIC) $(BERKELEY) $(OTHER)
 
 all: $(ALL)
 
+berkeley: $(BERKELEY)
+generic: $(GENERIC)
+other: $(OTHER)
+
 clean cleandir:
 	$(RM) $(ALL) core
 
-depend install: 
+depend install:
 
 # this is overkill, but....
 M4FILES=\
@@ -56,15 +63,19 @@ M4FILES=\
 	${CFDIR}/feature/bestmx_is_local.m4 \
 	${CFDIR}/feature/bitdomain.m4 \
 	${CFDIR}/feature/blacklist_recipients.m4 \
-	${CFDIR}/feature/loose_relay_check.m4 \
+	${CFDIR}/feature/dnsbl.m4 \
 	${CFDIR}/feature/domaintable.m4 \
+	${CFDIR}/feature/generics_entire_domain.m4 \
 	${CFDIR}/feature/genericstable.m4 \
+	${CFDIR}/feature/ldap_routing.m4 \
 	${CFDIR}/feature/limited_masquerade.m4 \
 	${CFDIR}/feature/local_lmtp.m4 \
 	${CFDIR}/feature/local_procmail.m4 \
+	${CFDIR}/feature/loose_relay_check.m4 \
 	${CFDIR}/feature/mailertable.m4 \
 	${CFDIR}/feature/masquerade_entire_domain.m4 \
 	${CFDIR}/feature/masquerade_envelope.m4 \
+	${CFDIR}/feature/no_default_msa.m4 \
 	${CFDIR}/feature/nocanonify.m4 \
 	${CFDIR}/feature/nodns.m4 \
 	${CFDIR}/feature/notsticky.m4 \
@@ -77,49 +88,57 @@ M4FILES=\
 	${CFDIR}/feature/relay_entire_domain.m4 \
 	${CFDIR}/feature/relay_hosts_only.m4 \
 	${CFDIR}/feature/relay_local_from.m4 \
+	${CFDIR}/feature/relay_mail_from.m4 \
 	${CFDIR}/feature/smrsh.m4 \
 	${CFDIR}/feature/stickyhost.m4 \
 	${CFDIR}/feature/use_ct_file.m4 \
 	${CFDIR}/feature/use_cw_file.m4 \
 	${CFDIR}/feature/uucpdomain.m4 \
+	${CFDIR}/feature/virtuser_entire_domain.m4 \
 	${CFDIR}/feature/virtusertable.m4 \
 	${CFDIR}/hack/cssubdomain.m4 \
 	${CFDIR}/m4/cf.m4 \
 	${CFDIR}/m4/cfhead.m4 \
-	${CFDIR}/m4/nullrelay.m4 \
 	${CFDIR}/m4/proto.m4 \
 	${CFDIR}/m4/version.m4 \
 	${CFDIR}/mailer/cyrus.m4 \
 	${CFDIR}/mailer/fax.m4 \
 	${CFDIR}/mailer/local.m4 \
 	${CFDIR}/mailer/mail11.m4 \
+	${CFDIR}/mailer/phquery.m4 \
 	${CFDIR}/mailer/pop.m4 \
 	${CFDIR}/mailer/procmail.m4 \
+	${CFDIR}/mailer/qpage.m4 \
 	${CFDIR}/mailer/smtp.m4 \
 	${CFDIR}/mailer/usenet.m4 \
 	${CFDIR}/mailer/uucp.m4 \
 	${CFDIR}/ostype/aix2.m4 \
 	${CFDIR}/ostype/aix3.m4 \
+	${CFDIR}/ostype/aix4.m4 \
 	${CFDIR}/ostype/altos.m4 \
 	${CFDIR}/ostype/amdahl-uts.m4 \
 	${CFDIR}/ostype/aux.m4 \
 	${CFDIR}/ostype/bsd4.3.m4 \
 	${CFDIR}/ostype/bsd4.4.m4 \
+	${CFDIR}/ostype/bsdi.m4 \
 	${CFDIR}/ostype/bsdi1.0.m4 \
 	${CFDIR}/ostype/bsdi2.0.m4 \
 	${CFDIR}/ostype/dgux.m4 \
 	${CFDIR}/ostype/domainos.m4 \
 	${CFDIR}/ostype/dynix3.2.m4 \
-	${CFDIR}/ostype/gnuhurd.m4 \
+	${CFDIR}/ostype/gnu.m4 \
 	${CFDIR}/ostype/hpux10.m4 \
+	${CFDIR}/ostype/hpux11.m4 \
 	${CFDIR}/ostype/hpux9.m4 \
 	${CFDIR}/ostype/irix4.m4 \
 	${CFDIR}/ostype/irix5.m4 \
 	${CFDIR}/ostype/irix6.m4 \
+	${CFDIR}/ostype/isc4.1.m4 \
 	${CFDIR}/ostype/linux.m4 \
 	${CFDIR}/ostype/maxion.m4 \
 	${CFDIR}/ostype/mklinux.m4 \
 	${CFDIR}/ostype/nextstep.m4 \
+	${CFDIR}/ostype/openbsd.m4 \
 	${CFDIR}/ostype/osf1.m4 \
 	${CFDIR}/ostype/powerux.m4 \
 	${CFDIR}/ostype/ptx2.m4 \
@@ -127,17 +146,19 @@ M4FILES=\
 	${CFDIR}/ostype/riscos4.5.m4 \
 	${CFDIR}/ostype/sco-uw-2.1.m4 \
 	${CFDIR}/ostype/sco3.2.m4 \
+	${CFDIR}/ostype/sinix.m4 \
 	${CFDIR}/ostype/solaris2.m4 \
 	${CFDIR}/ostype/solaris2.ml.m4 \
+	${CFDIR}/ostype/solaris2.pre5.m4 \
 	${CFDIR}/ostype/sunos3.5.m4 \
 	${CFDIR}/ostype/sunos4.1.m4 \
 	${CFDIR}/ostype/svr4.m4 \
 	${CFDIR}/ostype/ultrix4.m4 \
+	${CFDIR}/ostype/unixware7.m4 \
 	${CFDIR}/ostype/unknown.m4 \
-	${CFDIR}/ostype/uxpds.m4 \
-	${CFDIR}/siteconfig/uucp.cogsci.m4 \
-	${CFDIR}/siteconfig/uucp.old.arpa.m4 \
-	${CFDIR}/siteconfig/uucp.ucbarpa.m4 \
-	${CFDIR}/siteconfig/uucp.ucbvax.m4 \
+	${CFDIR}/ostype/uxpds.m4
 
-$(ALL):  $(M4FILES)
+$(ALL): $(M4FILES)
+$(BERKELEY): $(M4FILES)
+$(GENERIC): $(M4FILES)
+$(OTHER): $(M4FILES)
diff --git a/contrib/sendmail/cf/cf/chez.cs.mc b/contrib/sendmail/cf/cf/chez.cs.mc
index a5334b5..bb335a4 100644
--- a/contrib/sendmail/cf/cf/chez.cs.mc
+++ b/contrib/sendmail/cf/cf/chez.cs.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -23,7 +24,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)chez.cs.mc	8.11 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: chez.cs.mc,v 8.14 1999/02/07 07:25:59 gshapiro Exp $')
 OSTYPE(bsd4.4)dnl
 DOMAIN(CS.Berkeley.EDU)dnl
 define(`LOCAL_RELAY', vangogh.CS.Berkeley.EDU)dnl
diff --git a/contrib/sendmail/cf/cf/clientproto.mc b/contrib/sendmail/cf/cf/clientproto.mc
index b0fd9bd..ecdbddf 100644
--- a/contrib/sendmail/cf/cf/clientproto.mc
+++ b/contrib/sendmail/cf/cf/clientproto.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -19,15 +20,10 @@ divert(-1)
 #  To use this, you MUST use the nullclient feature with the name of
 #  the mail hub as its argument.  You MUST also define an `OSTYPE' to
 #  define the location of the queue directories and the like.
-#  In addition, you MAY select the nocanonify feature.  This causes
-#  addresses to be sent unqualified via the SMTP connection; normally
-#  they are qualifed with the masquerade name, which defaults to the
-#  name of the hub machine.
-#  Other than these, it should never contain any other lines.
 #
 
 divert(0)dnl
-VERSIONID(`@(#)clientproto.mc	8.12 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: clientproto.mc,v 8.16 2000/03/21 21:05:26 ca Exp $')
 
 OSTYPE(unknown)
 FEATURE(nullclient, mailhost.$m)
diff --git a/contrib/sendmail/cf/cf/cs-hpux10.mc b/contrib/sendmail/cf/cf/cs-hpux10.mc
index 0be009c..f384b5f 100644
--- a/contrib/sendmail/cf/cf/cs-hpux10.mc
+++ b/contrib/sendmail/cf/cf/cs-hpux10.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -22,7 +23,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)cs-hpux10.mc	8.10 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: cs-hpux10.mc,v 8.13 1999/02/07 07:26:00 gshapiro Exp $')
 OSTYPE(hpux10)dnl
 DOMAIN(CS.Berkeley.EDU)dnl
 define(`MAIL_HUB', mailspool.CS.Berkeley.EDU)dnl
diff --git a/contrib/sendmail/cf/cf/cs-hpux9.mc b/contrib/sendmail/cf/cf/cs-hpux9.mc
index 9b5edfe..664377e 100644
--- a/contrib/sendmail/cf/cf/cs-hpux9.mc
+++ b/contrib/sendmail/cf/cf/cs-hpux9.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -22,7 +23,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)cs-hpux9.mc	8.11 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: cs-hpux9.mc,v 8.14 1999/02/07 07:26:00 gshapiro Exp $')
 OSTYPE(hpux9)dnl
 DOMAIN(CS.Berkeley.EDU)dnl
 define(`MAIL_HUB', mailspool.CS.Berkeley.EDU)dnl
diff --git a/contrib/sendmail/cf/cf/cs-osf1.mc b/contrib/sendmail/cf/cf/cs-osf1.mc
index 230023c..09d6e49 100644
--- a/contrib/sendmail/cf/cf/cs-osf1.mc
+++ b/contrib/sendmail/cf/cf/cs-osf1.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -22,7 +23,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)cs-osf1.mc	8.10 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: cs-osf1.mc,v 8.13 1999/02/07 07:26:00 gshapiro Exp $')
 OSTYPE(osf1)dnl
 DOMAIN(CS.Berkeley.EDU)dnl
 MAILER(local)dnl
diff --git a/contrib/sendmail/cf/cf/cs-solaris2.mc b/contrib/sendmail/cf/cf/cs-solaris2.mc
index 03fd5e2..c802b50 100644
--- a/contrib/sendmail/cf/cf/cs-solaris2.mc
+++ b/contrib/sendmail/cf/cf/cs-solaris2.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -22,7 +23,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)cs-solaris2.mc	8.9 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: cs-solaris2.mc,v 8.12 1999/02/07 07:26:00 gshapiro Exp $')
 OSTYPE(solaris2)dnl
 DOMAIN(CS.Berkeley.EDU)dnl
 MAILER(local)dnl
diff --git a/contrib/sendmail/cf/cf/cs-sunos4.1.mc b/contrib/sendmail/cf/cf/cs-sunos4.1.mc
index 3913639..6263e11 100644
--- a/contrib/sendmail/cf/cf/cs-sunos4.1.mc
+++ b/contrib/sendmail/cf/cf/cs-sunos4.1.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -22,7 +23,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)cs-sunos4.1.mc	8.10 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: cs-sunos4.1.mc,v 8.13 1999/02/07 07:26:01 gshapiro Exp $')
 OSTYPE(sunos4.1)dnl
 DOMAIN(CS.Berkeley.EDU)dnl
 MAILER(local)dnl
diff --git a/contrib/sendmail/cf/cf/cs-ultrix4.mc b/contrib/sendmail/cf/cf/cs-ultrix4.mc
index a12b989..7669823 100644
--- a/contrib/sendmail/cf/cf/cs-ultrix4.mc
+++ b/contrib/sendmail/cf/cf/cs-ultrix4.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -22,7 +23,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)cs-ultrix4.mc	8.10 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: cs-ultrix4.mc,v 8.13 1999/02/07 07:26:02 gshapiro Exp $')
 OSTYPE(ultrix4)dnl
 DOMAIN(CS.Berkeley.EDU)dnl
 MAILER(local)dnl
diff --git a/contrib/sendmail/cf/cf/cyrusproto.mc b/contrib/sendmail/cf/cf/cyrusproto.mc
index c660898b..8fa00ce 100644
--- a/contrib/sendmail/cf/cf/cyrusproto.mc
+++ b/contrib/sendmail/cf/cf/cyrusproto.mc
@@ -1,17 +1,17 @@
 divert(-1)
 #
 #	(C) Copyright 1995 by Carnegie Mellon University
-# 
+#
 #                      All Rights Reserved
-# 
-# Permission to use, copy, modify, and distribute this software and its 
-# documentation for any purpose and without fee is hereby granted, 
+#
+# Permission to use, copy, modify, and distribute this software and its
+# documentation for any purpose and without fee is hereby granted,
 # provided that the above copyright notice appear in all copies and that
-# both that copyright notice and this permission notice appear in 
+# both that copyright notice and this permission notice appear in
 # supporting documentation, and that the name of CMU not be
 # used in advertising or publicity pertaining to distribution of the
-# software without specific, written prior permission.  
-# 
+# software without specific, written prior permission.
+#
 # CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
 # ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
 # CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
@@ -27,15 +27,14 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)cyrusproto.mc	8.3 (Carnegie Mellon) @(#)cyrusproto.mc	8.3')
+VERSIONID(`$Id: cyrusproto.mc,v 8.7 1999/09/07 14:57:10 ca Exp $')
 define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')
-FEATURE(nouucp)
-FEATURE(nocanonify)
-FEATURE(always_add_domain)
-MAILER(smtp)
-MAILER(cyrus)
-
-define(`confLOCAL_MAILER',`cyrus')
+define(`confLOCAL_MAILER', `cyrus')
+FEATURE(`nocanonify')
+FEATURE(`always_add_domain')
+MAILER(`local')
+MAILER(`smtp')
+MAILER(`cyrus')
 
 LOCAL_RULE_0
 Rbb + $+ < @ $=w . >	$#cyrusbb $: $1
diff --git a/contrib/sendmail/cf/cf/generic-bsd4.4.mc b/contrib/sendmail/cf/cf/generic-bsd4.4.mc
index b097605..18ea8b3 100644
--- a/contrib/sendmail/cf/cf/generic-bsd4.4.mc
+++ b/contrib/sendmail/cf/cf/generic-bsd4.4.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -20,7 +21,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)generic-bsd4.4.mc	8.7 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: generic-bsd4.4.mc,v 8.10 1999/02/07 07:26:02 gshapiro Exp $')
 OSTYPE(bsd4.4)dnl
 DOMAIN(generic)dnl
 MAILER(local)dnl
diff --git a/contrib/sendmail/cf/cf/generic-hpux10.mc b/contrib/sendmail/cf/cf/generic-hpux10.mc
index 2000505..4db6687 100644
--- a/contrib/sendmail/cf/cf/generic-hpux10.mc
+++ b/contrib/sendmail/cf/cf/generic-hpux10.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -19,7 +20,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)generic-hpux10.mc	8.8 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: generic-hpux10.mc,v 8.11 1999/02/07 07:26:02 gshapiro Exp $')
 OSTYPE(hpux10)dnl
 DOMAIN(generic)dnl
 MAILER(local)dnl
diff --git a/contrib/sendmail/cf/cf/generic-hpux9.mc b/contrib/sendmail/cf/cf/generic-hpux9.mc
index 531b4ee..739207c 100644
--- a/contrib/sendmail/cf/cf/generic-hpux9.mc
+++ b/contrib/sendmail/cf/cf/generic-hpux9.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -19,7 +20,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)generic-hpux9.mc	8.8 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: generic-hpux9.mc,v 8.11 1999/02/07 07:26:02 gshapiro Exp $')
 OSTYPE(hpux9)dnl
 DOMAIN(generic)dnl
 MAILER(local)dnl
diff --git a/contrib/sendmail/cf/cf/generic-linux.mc b/contrib/sendmail/cf/cf/generic-linux.mc
new file mode 100644
index 0000000..f86e263
--- /dev/null
+++ b/contrib/sendmail/cf/cf/generic-linux.mc
@@ -0,0 +1,27 @@
+divert(-1)
+#
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+# Copyright (c) 1983 Eric P. Allman.  All rights reserved.
+# Copyright (c) 1988, 1993
+#	The Regents of the University of California.  All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+#
+#  This is a generic configuration file for Linux.
+#  It has support for local and SMTP mail only.  If you want to
+#  customize it, copy it to a name appropriate for your environment
+#  and do the modifications there.
+#
+
+divert(0)dnl
+VERSIONID(`$Id: generic-linux.mc,v 8.1 1999/09/24 22:48:05 gshapiro Exp $')
+OSTYPE(linux)dnl
+DOMAIN(generic)dnl
+MAILER(local)dnl
+MAILER(smtp)dnl
diff --git a/contrib/sendmail/cf/cf/generic-nextstep3.3.mc b/contrib/sendmail/cf/cf/generic-nextstep3.3.mc
index 1511ce7..14b46d3 100644
--- a/contrib/sendmail/cf/cf/generic-nextstep3.3.mc
+++ b/contrib/sendmail/cf/cf/generic-nextstep3.3.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -19,7 +20,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)generic-nextstep3.3.mc	8.7 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: generic-nextstep3.3.mc,v 8.10 1999/02/07 07:26:02 gshapiro Exp $')
 OSTYPE(nextstep)dnl
 DOMAIN(generic)dnl
 MAILER(local)dnl
diff --git a/contrib/sendmail/cf/cf/generic-osf1.mc b/contrib/sendmail/cf/cf/generic-osf1.mc
index 83858d1..9cd4e77 100644
--- a/contrib/sendmail/cf/cf/generic-osf1.mc
+++ b/contrib/sendmail/cf/cf/generic-osf1.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -19,7 +20,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)generic-osf1.mc	8.8 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: generic-osf1.mc,v 8.11 1999/02/07 07:26:02 gshapiro Exp $')
 OSTYPE(osf1)dnl
 DOMAIN(generic)dnl
 MAILER(local)dnl
diff --git a/contrib/sendmail/cf/cf/generic-solaris2.mc b/contrib/sendmail/cf/cf/generic-solaris2.mc
index a696e01..96d9030 100644
--- a/contrib/sendmail/cf/cf/generic-solaris2.mc
+++ b/contrib/sendmail/cf/cf/generic-solaris2.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -19,7 +20,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)generic-solaris2.mc	8.8 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: generic-solaris2.mc,v 8.11 1999/02/07 07:26:03 gshapiro Exp $')
 OSTYPE(solaris2)dnl
 DOMAIN(generic)dnl
 MAILER(local)dnl
diff --git a/contrib/sendmail/cf/cf/generic-sunos4.1.mc b/contrib/sendmail/cf/cf/generic-sunos4.1.mc
index fc0de35..a27d099 100644
--- a/contrib/sendmail/cf/cf/generic-sunos4.1.mc
+++ b/contrib/sendmail/cf/cf/generic-sunos4.1.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -19,7 +20,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)generic-sunos4.1.mc	8.8 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: generic-sunos4.1.mc,v 8.11 1999/02/07 07:26:03 gshapiro Exp $')
 OSTYPE(sunos4.1)dnl
 DOMAIN(generic)dnl
 MAILER(local)dnl
diff --git a/contrib/sendmail/cf/cf/generic-ultrix4.mc b/contrib/sendmail/cf/cf/generic-ultrix4.mc
index 6fed36e..913edb5 100644
--- a/contrib/sendmail/cf/cf/generic-ultrix4.mc
+++ b/contrib/sendmail/cf/cf/generic-ultrix4.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -19,7 +20,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)generic-ultrix4.mc	8.8 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: generic-ultrix4.mc,v 8.11 1999/02/07 07:26:03 gshapiro Exp $')
 OSTYPE(ultrix4)dnl
 DOMAIN(generic)dnl
 MAILER(local)dnl
diff --git a/contrib/sendmail/cf/cf/huginn.cs.mc b/contrib/sendmail/cf/cf/huginn.cs.mc
index a58d121..117a236 100644
--- a/contrib/sendmail/cf/cf/huginn.cs.mc
+++ b/contrib/sendmail/cf/cf/huginn.cs.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -21,7 +22,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)huginn.cs.mc	8.12 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: huginn.cs.mc,v 8.15 1999/02/07 07:26:03 gshapiro Exp $')
 OSTYPE(hpux9)dnl
 DOMAIN(CS.Berkeley.EDU)dnl
 MASQUERADE_AS(CS.Berkeley.EDU)dnl
diff --git a/contrib/sendmail/cf/cf/knecht.mc b/contrib/sendmail/cf/cf/knecht.mc
index 4ba1471..cd467f6 100644
--- a/contrib/sendmail/cf/cf/knecht.mc
+++ b/contrib/sendmail/cf/cf/knecht.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -16,8 +17,8 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)knecht.mc	8.31 (Berkeley) 1/30/1999')
-OSTYPE(bsd4.4)dnl
+VERSIONID(`$Id: knecht.mc,v 8.37 1999/11/19 05:18:12 gshapiro Exp $')
+OSTYPE(bsdi)dnl
 DOMAIN(generic)dnl
 define(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward+$h:$z/.forward')dnl
 define(`confDEF_USER_ID', `mailnull')dnl
@@ -27,10 +28,10 @@ define(`confCOPY_ERRORS_TO', `Postmaster')dnl
 define(`confTO_QUEUEWARN', `8h')dnl
 define(`confTRUSTED_USERS', `www')dnl
 define(`confPRIVACY_FLAGS', ``authwarnings,noexpn,novrfy'')dnl
-FEATURE(virtusertable, `hash /etc/mail/virtusertable')dnl
+FEATURE(virtusertable)dnl
 FEATURE(access_db)dnl
 FEATURE(local_lmtp)dnl
-define(`LOCAL_MAILER_FLAGS', CONCAT(LOCAL_MAILER_FLAGS,P))dnl
+MODIFY_MAILER_FLAGS(`LOCAL', `+P')dnl
 MAILER(local)dnl
 MAILER(smtp)dnl
 
@@ -39,10 +40,9 @@ LOCAL_CONFIG
 #  Regular expression to reject:
 #    * numeric-only localparts from aol.com and msn.com
 #    * localparts starting with a digit from juno.com
-#    * localparts longer than 10 characters from aol.com
 #
 Kcheckaddress regex -a@MATCH
-   ^([0-9]+<@(aol|msn)\.com|[0-9][^<]*<@juno\.com|.{10}[^<]+<@aol\.com)\.?>
+   ^([0-9]+<@(aol|msn)\.com|[0-9][^<]*<@juno\.com)\.?>
 
 #
 #  Names that won't be allowed in a To: line (local-part and domains)
diff --git a/contrib/sendmail/cf/cf/mail.cs.mc b/contrib/sendmail/cf/cf/mail.cs.mc
index 8abd945..6bd7782 100644
--- a/contrib/sendmail/cf/cf/mail.cs.mc
+++ b/contrib/sendmail/cf/cf/mail.cs.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -21,7 +22,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)mail.cs.mc	8.15 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: mail.cs.mc,v 8.18 1999/02/07 07:26:04 gshapiro Exp $')
 OSTYPE(ultrix4)dnl
 DOMAIN(Berkeley.EDU)dnl
 MASQUERADE_AS(CS.Berkeley.EDU)dnl
diff --git a/contrib/sendmail/cf/cf/mail.eecs.mc b/contrib/sendmail/cf/cf/mail.eecs.mc
index 6522141..bf7d408 100644
--- a/contrib/sendmail/cf/cf/mail.eecs.mc
+++ b/contrib/sendmail/cf/cf/mail.eecs.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -21,7 +22,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)mail.eecs.mc	8.15 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: mail.eecs.mc,v 8.18 1999/02/07 07:26:04 gshapiro Exp $')
 OSTYPE(ultrix4)dnl
 DOMAIN(EECS.Berkeley.EDU)dnl
 MASQUERADE_AS(EECS.Berkeley.EDU)dnl
diff --git a/contrib/sendmail/cf/cf/mailspool.cs.mc b/contrib/sendmail/cf/cf/mailspool.cs.mc
index 08dcce6..0414e4c 100644
--- a/contrib/sendmail/cf/cf/mailspool.cs.mc
+++ b/contrib/sendmail/cf/cf/mailspool.cs.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -23,7 +24,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)mailspool.cs.mc	8.9 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: mailspool.cs.mc,v 8.12 1999/02/07 07:26:04 gshapiro Exp $')
 OSTYPE(sunos4.1)dnl
 DOMAIN(CS.Berkeley.EDU)dnl
 MAILER(local)dnl
diff --git a/contrib/sendmail/cf/cf/python.cs.mc b/contrib/sendmail/cf/cf/python.cs.mc
index ddf4fc3..c3b3e0d 100644
--- a/contrib/sendmail/cf/cf/python.cs.mc
+++ b/contrib/sendmail/cf/cf/python.cs.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -23,7 +24,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)python.cs.mc	8.9 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: python.cs.mc,v 8.12 1999/02/07 07:26:04 gshapiro Exp $')
 OSTYPE(bsd4.4)dnl
 DOMAIN(CS.Berkeley.EDU)dnl
 define(`LOCAL_RELAY', vangogh.CS.Berkeley.EDU)dnl
diff --git a/contrib/sendmail/cf/cf/s2k-osf1.mc b/contrib/sendmail/cf/cf/s2k-osf1.mc
index 6f1099a..6ec08fe 100644
--- a/contrib/sendmail/cf/cf/s2k-osf1.mc
+++ b/contrib/sendmail/cf/cf/s2k-osf1.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -22,7 +23,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)s2k-osf1.mc	8.10 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: s2k-osf1.mc,v 8.13 1999/02/07 07:26:04 gshapiro Exp $')
 OSTYPE(osf1)dnl
 DOMAIN(S2K.Berkeley.EDU)dnl
 MAILER(local)dnl
diff --git a/contrib/sendmail/cf/cf/s2k-ultrix4.mc b/contrib/sendmail/cf/cf/s2k-ultrix4.mc
index db8e455..4bf4939 100644
--- a/contrib/sendmail/cf/cf/s2k-ultrix4.mc
+++ b/contrib/sendmail/cf/cf/s2k-ultrix4.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -22,7 +23,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)s2k-ultrix4.mc	8.10 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: s2k-ultrix4.mc,v 8.13 1999/02/07 07:26:04 gshapiro Exp $')
 OSTYPE(ultrix4)dnl
 DOMAIN(S2K.Berkeley.EDU)dnl
 MAILER(local)dnl
diff --git a/contrib/sendmail/cf/cf/tcpproto.mc b/contrib/sendmail/cf/cf/tcpproto.mc
index 692a08f..bdba7ef 100644
--- a/contrib/sendmail/cf/cf/tcpproto.mc
+++ b/contrib/sendmail/cf/cf/tcpproto.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -25,7 +26,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)tcpproto.mc	8.10 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: tcpproto.mc,v 8.13 1999/02/07 07:26:05 gshapiro Exp $')
 OSTYPE(unknown)
 FEATURE(nouucp)
 MAILER(local)
diff --git a/contrib/sendmail/cf/cf/ucbarpa.mc b/contrib/sendmail/cf/cf/ucbarpa.mc
index 40bb6c2..26b2ce0 100644
--- a/contrib/sendmail/cf/cf/ucbarpa.mc
+++ b/contrib/sendmail/cf/cf/ucbarpa.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -20,7 +21,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)ucbarpa.mc	8.9 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: ucbarpa.mc,v 8.12 1999/02/07 07:26:05 gshapiro Exp $')
 DOMAIN(CS.Berkeley.EDU)dnl
 OSTYPE(bsd4.4)dnl
 MAILER(local)dnl
diff --git a/contrib/sendmail/cf/cf/ucbvax.mc b/contrib/sendmail/cf/cf/ucbvax.mc
index 2395f82..235d9aa 100644
--- a/contrib/sendmail/cf/cf/ucbvax.mc
+++ b/contrib/sendmail/cf/cf/ucbvax.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -21,7 +22,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)ucbvax.mc	8.11 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: ucbvax.mc,v 8.14 1999/02/07 07:26:05 gshapiro Exp $')
 OSTYPE(bsd4.3)
 DOMAIN(CS.Berkeley.EDU)
 MASQUERADE_AS(CS.Berkeley.EDU)
diff --git a/contrib/sendmail/cf/cf/uucpproto.mc b/contrib/sendmail/cf/cf/uucpproto.mc
index a547d10..134c8f4 100644
--- a/contrib/sendmail/cf/cf/uucpproto.mc
+++ b/contrib/sendmail/cf/cf/uucpproto.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -25,7 +26,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)uucpproto.mc	8.12 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: uucpproto.mc,v 8.15 1999/02/07 07:26:05 gshapiro Exp $')
 OSTYPE(unknown)
 FEATURE(promiscuous_relay)dnl
 FEATURE(accept_unresolvable_domains)dnl
diff --git a/contrib/sendmail/cf/cf/vangogh.cs.mc b/contrib/sendmail/cf/cf/vangogh.cs.mc
index f60dca7..3fb48e1 100644
--- a/contrib/sendmail/cf/cf/vangogh.cs.mc
+++ b/contrib/sendmail/cf/cf/vangogh.cs.mc
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -22,7 +23,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`@(#)vangogh.cs.mc	8.10 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: vangogh.cs.mc,v 8.13 1999/02/07 07:26:05 gshapiro Exp $')
 DOMAIN(CS.Berkeley.EDU)dnl
 OSTYPE(bsd4.4)dnl
 MAILER(local)dnl
diff --git a/contrib/sendmail/cf/domain/Berkeley.EDU.m4 b/contrib/sendmail/cf/domain/Berkeley.EDU.m4
index 85d5e5b..d0fee24 100644
--- a/contrib/sendmail/cf/domain/Berkeley.EDU.m4
+++ b/contrib/sendmail/cf/domain/Berkeley.EDU.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -11,7 +12,7 @@ divert(-1)
 #
 #
 divert(0)
-VERSIONID(`@(#)Berkeley.EDU.m4	8.14 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: Berkeley.EDU.m4,v 8.17 1999/02/07 07:26:06 gshapiro Exp $')
 DOMAIN(berkeley-only)dnl
 define(`BITNET_RELAY', `bitnet-relay.Berkeley.EDU')dnl
 define(`UUCP_RELAY', `uucp-relay.Berkeley.EDU')dnl
diff --git a/contrib/sendmail/cf/domain/CS.Berkeley.EDU.m4 b/contrib/sendmail/cf/domain/CS.Berkeley.EDU.m4
index 5609ce8..181ced1 100644
--- a/contrib/sendmail/cf/domain/CS.Berkeley.EDU.m4
+++ b/contrib/sendmail/cf/domain/CS.Berkeley.EDU.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -11,7 +12,7 @@ divert(-1)
 #
 #
 divert(0)
-VERSIONID(`@(#)CS.Berkeley.EDU.m4	8.7 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: CS.Berkeley.EDU.m4,v 8.10 1999/02/07 07:26:06 gshapiro Exp $')
 DOMAIN(Berkeley.EDU)dnl
 HACK(cssubdomain)dnl
 define(`confUSERDB_SPEC',
diff --git a/contrib/sendmail/cf/domain/EECS.Berkeley.EDU.m4 b/contrib/sendmail/cf/domain/EECS.Berkeley.EDU.m4
index 095fbc8..41a21ad 100644
--- a/contrib/sendmail/cf/domain/EECS.Berkeley.EDU.m4
+++ b/contrib/sendmail/cf/domain/EECS.Berkeley.EDU.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -11,6 +12,6 @@ divert(-1)
 #
 #
 divert(0)
-VERSIONID(`@(#)EECS.Berkeley.EDU.m4	8.7 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: EECS.Berkeley.EDU.m4,v 8.10 1999/02/07 07:26:06 gshapiro Exp $')
 DOMAIN(Berkeley.EDU)dnl
 MASQUERADE_AS(EECS.Berkeley.EDU)dnl
diff --git a/contrib/sendmail/cf/domain/S2K.Berkeley.EDU.m4 b/contrib/sendmail/cf/domain/S2K.Berkeley.EDU.m4
index a951f8b..9a019ce 100644
--- a/contrib/sendmail/cf/domain/S2K.Berkeley.EDU.m4
+++ b/contrib/sendmail/cf/domain/S2K.Berkeley.EDU.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -11,6 +12,6 @@ divert(-1)
 #
 #
 divert(0)
-VERSIONID(`@(#)S2K.Berkeley.EDU.m4	8.7 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: S2K.Berkeley.EDU.m4,v 8.10 1999/02/07 07:26:06 gshapiro Exp $')
 DOMAIN(CS.Berkeley.EDU)dnl
 MASQUERADE_AS(postgres.Berkeley.EDU)dnl
diff --git a/contrib/sendmail/cf/domain/berkeley-only.m4 b/contrib/sendmail/cf/domain/berkeley-only.m4
index 805bab6..b9a73b9 100644
--- a/contrib/sendmail/cf/domain/berkeley-only.m4
+++ b/contrib/sendmail/cf/domain/berkeley-only.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -11,7 +12,7 @@ divert(-1)
 #
 #
 divert(0)
-VERSIONID(`@(#)unspecified-domain.m4	8.7 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: unspecified-domain.m4,v 8.10 1999/02/07 07:26:07 gshapiro Exp $')
 errprint(`*** ERROR: You are trying to use the Berkeley sample configuration')
 errprint(`	files outside of the Computer Science Division at Berkeley.')
 errprint(`	The configuration (.mc) files must be customized to reference')
diff --git a/contrib/sendmail/cf/domain/generic.m4 b/contrib/sendmail/cf/domain/generic.m4
index 93057d0..caa5a88 100644
--- a/contrib/sendmail/cf/domain/generic.m4
+++ b/contrib/sendmail/cf/domain/generic.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -19,7 +20,9 @@ divert(-1)
 #  files.
 #
 divert(0)
-VERSIONID(`@(#)generic.m4	8.9 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: generic.m4,v 8.15 1999/04/04 00:51:09 ca Exp $')
 define(`confFORWARD_PATH', `$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward')dnl
-FEATURE(redirect)dnl
-FEATURE(use_cw_file)dnl
+define(`confMAX_HEADERS_LENGTH', `32768')dnl
+FEATURE(`redirect')dnl
+FEATURE(`use_cw_file')dnl
+EXPOSED_USER(`root')
diff --git a/contrib/sendmail/cf/feature/accept_unqualified_senders.m4 b/contrib/sendmail/cf/feature/accept_unqualified_senders.m4
index bf1b1e7..4c39884 100644
--- a/contrib/sendmail/cf/feature/accept_unqualified_senders.m4
+++ b/contrib/sendmail/cf/feature/accept_unqualified_senders.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
@@ -9,7 +10,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)accept_unqualified_senders.m4	8.3 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: accept_unqualified_senders.m4,v 8.6 1999/02/07 07:26:07 gshapiro Exp $')
 divert(-1)
 
 define(`_ACCEPT_UNQUALIFIED_SENDERS_', 1)
diff --git a/contrib/sendmail/cf/feature/accept_unresolvable_domains.m4 b/contrib/sendmail/cf/feature/accept_unresolvable_domains.m4
index cbc4747..a54507c 100644
--- a/contrib/sendmail/cf/feature/accept_unresolvable_domains.m4
+++ b/contrib/sendmail/cf/feature/accept_unresolvable_domains.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
@@ -9,7 +10,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)accept_unresolvable_domains.m4	8.7 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: accept_unresolvable_domains.m4,v 8.10 1999/02/07 07:26:07 gshapiro Exp $')
 divert(-1)
 
 define(`_ACCEPT_UNRESOLVABLE_DOMAINS_', 1)
diff --git a/contrib/sendmail/cf/feature/access_db.m4 b/contrib/sendmail/cf/feature/access_db.m4
index 75b5551..14a8fe8 100644
--- a/contrib/sendmail/cf/feature/access_db.m4
+++ b/contrib/sendmail/cf/feature/access_db.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
@@ -9,10 +10,14 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)access_db.m4	8.8 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: access_db.m4,v 8.15 1999/07/22 17:55:34 gshapiro Exp $')
 divert(-1)
 
-define(`ACCESS_TABLE',
-	ifelse(_ARG_, `',
-		DATABASE_MAP_TYPE` -o /etc/mail/access',
-		`_ARG_'))dnl
+define(`_ACCESS_TABLE_', `')
+define(`_TAG_DELIM_', `:')dnl should be in OperatorChars
+
+LOCAL_CONFIG
+# Access list database (for spam stomping)
+Kaccess ifelse(defn(`_ARG_'), `',
+	       DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`access',
+	       `_ARG_')
diff --git a/contrib/sendmail/cf/feature/allmasquerade.m4 b/contrib/sendmail/cf/feature/allmasquerade.m4
index ed622dc..bbb8660 100644
--- a/contrib/sendmail/cf/feature/allmasquerade.m4
+++ b/contrib/sendmail/cf/feature/allmasquerade.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,8 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)allmasquerade.m4	8.7 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: allmasquerade.m4,v 8.11 1999/08/06 01:28:26 gshapiro Exp $')
 divert(-1)
 
-
 define(`_ALL_MASQUERADE_', 1)
diff --git a/contrib/sendmail/cf/feature/always_add_domain.m4 b/contrib/sendmail/cf/feature/always_add_domain.m4
index 69092e3..3ea174b 100644
--- a/contrib/sendmail/cf/feature/always_add_domain.m4
+++ b/contrib/sendmail/cf/feature/always_add_domain.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,7 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)always_add_domain.m4	8.6 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: always_add_domain.m4,v 8.9 1999/02/07 07:26:08 gshapiro Exp $')
 divert(-1)
 
 define(`_ALWAYS_ADD_DOMAIN_', 1)
diff --git a/contrib/sendmail/cf/feature/bestmx_is_local.m4 b/contrib/sendmail/cf/feature/bestmx_is_local.m4
index ec4c81c..22c8723 100644
--- a/contrib/sendmail/cf/feature/bestmx_is_local.m4
+++ b/contrib/sendmail/cf/feature/bestmx_is_local.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,7 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)bestmx_is_local.m4	8.14 (Berkeley) 1/25/1999')
+VERSIONID(`$Id: bestmx_is_local.m4,v 8.24 1999/10/18 21:50:24 ca Exp $')
 divert(-1)
 
 define(_BESTMX_IS_LOCAL_, _ARG_)
@@ -20,7 +21,7 @@ define(_BESTMX_IS_LOCAL_, _ARG_)
 LOCAL_CONFIG
 # turn on bestMX lookup table
 Kbestmx bestmx
-ifelse(_ARG_, `', `dnl',`
+ifelse(defn(`_ARG_'), `', `dnl',`
 # limit bestmx to these domains
 CB`'_ARG_')
 
@@ -37,13 +38,14 @@ LOCAL_NET_CONFIG
 # low to medium traffic hosts.  If you use the limited bestmx
 # by passing in a set of possible domains it will improve things.
 
-ifelse(_ARG_, `', `dnl
+ifelse(defn(`_ARG_'), `', `dnl
 # unlimited bestmx
 R$* < @ $* > $*			$: $1 < @ $2 @@ $(bestmx $2 $) > $3',
 `dnl
 # limit bestmx to $=B
 R$* < @ $* $=B . > $*		$: $1 < @ $2 $3 . @@ $(bestmx $2 $3 . $) > $4')
-R$* $=O $* < @ $* @@ $=w . > $*	$@ $>97 $1 $2 $3
-R< @ $* @@ $=w . > : $*		$@ $>97 $3
-R$* < @ $* @@ $=w . > $*	$#local $: $1
+R$* $=O $* < @ $* @@ $=w . > $*	$@ $>Recurse $1 $2 $3
+R< @ $* @@ $=w . > : $*		$@ $>Recurse $3
+dnl we cannot use _LOCAL_ here since it is defined too late
+R$* < @ $* @@ $=w . > $*	$@ $>CanonLocal < $1 >
 R$* < @ $* @@ $* > $*		$: $1 < @ $2 > $4
diff --git a/contrib/sendmail/cf/feature/bitdomain.m4 b/contrib/sendmail/cf/feature/bitdomain.m4
index 7f9a181..7ac7304 100644
--- a/contrib/sendmail/cf/feature/bitdomain.m4
+++ b/contrib/sendmail/cf/feature/bitdomain.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,11 +13,13 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)bitdomain.m4	8.14 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: bitdomain.m4,v 8.23 1999/07/22 17:55:34 gshapiro Exp $')
 divert(-1)
 
-define(`BITDOMAIN_TABLE', ifelse(_ARG_, `', 
-				 ifdef(`_USE_ETC_MAIL_',
-				       DATABASE_MAP_TYPE` -o /etc/mail/bitdomain',
-				       DATABASE_MAP_TYPE` -o /etc/bitdomain'),
-				 `_ARG_'))dnl
+define(`_BITDOMAIN_TABLE_', `')
+
+LOCAL_CONFIG
+# BITNET mapping table
+Kbitdomain ifelse(defn(`_ARG_'), `',
+		  DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`bitdomain',
+		  `_ARG_')
diff --git a/contrib/sendmail/cf/feature/blacklist_recipients.m4 b/contrib/sendmail/cf/feature/blacklist_recipients.m4
index e3478d3..d6218d1 100644
--- a/contrib/sendmail/cf/feature/blacklist_recipients.m4
+++ b/contrib/sendmail/cf/feature/blacklist_recipients.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
@@ -9,10 +10,10 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)blacklist_recipients.m4	8.9 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: blacklist_recipients.m4,v 8.13 1999/04/02 02:25:13 gshapiro Exp $')
 divert(-1)
 
-ifdef(`ACCESS_TABLE',
+ifdef(`_ACCESS_TABLE_',
 	`define(`_BLACKLIST_RCPT_', 1)',
 	`errprint(`*** ERROR: FEATURE(blacklist_recipients) requires FEATURE(access_db)
 ')')
diff --git a/contrib/sendmail/cf/feature/delay_checks.m4 b/contrib/sendmail/cf/feature/delay_checks.m4
new file mode 100644
index 0000000..1592525
--- /dev/null
+++ b/contrib/sendmail/cf/feature/delay_checks.m4
@@ -0,0 +1,22 @@
+divert(-1)
+#
+# Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: delay_checks.m4,v 8.7 2000/02/26 01:32:02 gshapiro Exp $')
+divert(-1)
+
+define(`_DELAY_CHECKS_', 1)
+ifelse(defn(`_ARG_'), `',  `',
+	lower(substr(_ARG_,0,1)), `f', `define(`_SPAM_FRIEND_', 1) define(`_SPAM_FH_', 1)',
+	lower(substr(_ARG_,0,1)), `h', `define(`_SPAM_HATER_', 1)  define(`_SPAM_FH_', 1)',
+	`errprint(`*** ERROR: illegal argument _ARG_ for FEATURE(delay_checks)
+')
+	')
diff --git a/contrib/sendmail/cf/feature/dnsbl.m4 b/contrib/sendmail/cf/feature/dnsbl.m4
new file mode 100644
index 0000000..fd3ceee
--- /dev/null
+++ b/contrib/sendmail/cf/feature/dnsbl.m4
@@ -0,0 +1,25 @@
+divert(-1)
+#
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+ifdef(`_DNSBL_R_',`dnl',`dnl
+VERSIONID(`$Id: dnsbl.m4,v 8.18 1999/08/03 04:30:56 gshapiro Exp $')')
+divert(-1)
+define(`_DNSBL_SRV_', `ifelse(len(X`'_ARG_),`1',`rbl.maps.vix.com',_ARG_)')dnl
+define(`_DNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Mail from " $`'&{client_addr} " refused by blackhole site '_DNSBL_SRV_`"',`_ARG2_')')dnl
+divert(8)
+# DNS based IP address spam list _DNSBL_SRV_
+R$*			$: $&{client_addr}
+R::ffff:$-.$-.$-.$-	$: <?> $(host $4.$3.$2.$1._DNSBL_SRV_. $: OK $)
+R$-.$-.$-.$-		$: <?> $(host $4.$3.$2.$1._DNSBL_SRV_. $: OK $)
+R<?>OK			$: OKSOFAR
+R<?>$+			$#error $@ 5.7.1 $: _DNSBL_MSG_
+divert(-1)
diff --git a/contrib/sendmail/cf/feature/domaintable.m4 b/contrib/sendmail/cf/feature/domaintable.m4
index e7303dc..b609ec9 100644
--- a/contrib/sendmail/cf/feature/domaintable.m4
+++ b/contrib/sendmail/cf/feature/domaintable.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,12 +13,13 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)domaintable.m4	8.9 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: domaintable.m4,v 8.17 1999/07/22 17:55:35 gshapiro Exp $')
 divert(-1)
 
-define(`DOMAIN_TABLE', ifelse(_ARG_, `',
-			      ifdef(`_USE_ETC_MAIL_',
-				    DATABASE_MAP_TYPE` -o /etc/mail/domaintable',
-				    DATABASE_MAP_TYPE` -o /etc/domaintable'),
-			      `_ARG_'))dnl
+define(`_DOMAIN_TABLE_', `')
 
+LOCAL_CONFIG
+# Domain table (adding domains)
+Kdomaintable ifelse(defn(`_ARG_'), `',
+		    DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`domaintable',
+		    `_ARG_')
diff --git a/contrib/sendmail/cf/feature/generics_entire_domain.m4 b/contrib/sendmail/cf/feature/generics_entire_domain.m4
new file mode 100644
index 0000000..fab586a
--- /dev/null
+++ b/contrib/sendmail/cf/feature/generics_entire_domain.m4
@@ -0,0 +1,16 @@
+divert(-1)
+#
+# Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: generics_entire_domain.m4,v 8.1 1999/03/16 00:43:05 ca Exp $')
+divert(-1)
+
+define(`_GENERICS_ENTIRE_DOMAIN_', 1)
diff --git a/contrib/sendmail/cf/feature/genericstable.m4 b/contrib/sendmail/cf/feature/genericstable.m4
index 654db5d..9104948 100644
--- a/contrib/sendmail/cf/feature/genericstable.m4
+++ b/contrib/sendmail/cf/feature/genericstable.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,11 +13,13 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)genericstable.m4	8.8 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: genericstable.m4,v 8.16 1999/07/22 17:55:35 gshapiro Exp $')
 divert(-1)
 
-define(`GENERICS_TABLE', ifelse(_ARG_, `',
-				ifdef(`_USE_ETC_MAIL_',
-				      DATABASE_MAP_TYPE` -o /etc/mail/genericstable',
-				      DATABASE_MAP_TYPE` -o /etc/genericstable'),
-				`_ARG_'))dnl
+define(`_GENERICS_TABLE_', `')
+
+LOCAL_CONFIG
+# Generics table (mapping outgoing addresses)
+Kgenerics ifelse(defn(`_ARG_'), `',
+		 DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`genericstable',
+		 `_ARG_')
diff --git a/contrib/sendmail/cf/feature/ldap_routing.m4 b/contrib/sendmail/cf/feature/ldap_routing.m4
new file mode 100644
index 0000000..7ea0c86
--- /dev/null
+++ b/contrib/sendmail/cf/feature/ldap_routing.m4
@@ -0,0 +1,34 @@
+divert(-1)
+#
+# Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: ldap_routing.m4,v 8.5.4.1 2000/07/15 18:05:05 gshapiro Exp $')
+divert(-1)
+
+# Check first two arguments.  If they aren't set, may need to warn in proto.m4
+ifelse(len(X`'_ARG1_), `1', `define(`_LDAP_ROUTING_WARN_', `yes')')
+ifelse(len(X`'_ARG2_), `1', `define(`_LDAP_ROUTING_WARN_', `yes')')
+
+# Check for third argument to indicate how to deal with non-existant
+# LDAP records
+ifelse(len(X`'_ARG3_), `1', `define(`_LDAP_ROUTING_', `_PASS_THROUGH_')',
+       _ARG3_, `passthru', `define(`_LDAP_ROUTING_', `_PASS_THROUGH_')',
+       `define(`_LDAP_ROUTING_', `_MUST_EXIST_')')
+
+LOCAL_CONFIG
+# LDAP routing maps
+Kldapmh ifelse(len(X`'_ARG1_), `1',
+	       `ldap -1 -v mailHost -k (&(objectClass=inetLocalMailRecipient)(mailLocalAddress=%0))',
+	       `_ARG1_')
+
+Kldapmra ifelse(len(X`'_ARG2_), `1',
+		`ldap -1 -v mailRoutingAddress -k (&(objectClass=inetLocalMailRecipient)(mailLocalAddress=%0))',
+		`_ARG2_')
diff --git a/contrib/sendmail/cf/feature/limited_masquerade.m4 b/contrib/sendmail/cf/feature/limited_masquerade.m4
index b036ae1..f86ebd4 100644
--- a/contrib/sendmail/cf/feature/limited_masquerade.m4
+++ b/contrib/sendmail/cf/feature/limited_masquerade.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,7 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)limited_masquerade.m4	8.6 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: limited_masquerade.m4,v 8.9 1999/02/07 07:26:09 gshapiro Exp $')
 divert(-1)
 
 define(`_LIMITED_MASQUERADE_', 1)
diff --git a/contrib/sendmail/cf/feature/local_lmtp.m4 b/contrib/sendmail/cf/feature/local_lmtp.m4
index f328ce5..4b44eab 100644
--- a/contrib/sendmail/cf/feature/local_lmtp.m4
+++ b/contrib/sendmail/cf/feature/local_lmtp.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
@@ -9,12 +10,17 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)local_lmtp.m4	8.5 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: local_lmtp.m4,v 8.15 1999/11/18 05:06:22 ca Exp $')
 divert(-1)
 
+ifdef(`_MAILER_local_',
+	`errprint(`*** FEATURE(local_lmtp) must occur before MAILER(local)
+')')dnl
+
 define(`LOCAL_MAILER_PATH',
-	ifelse(_ARG_, `',
+	ifelse(defn(`_ARG_'), `',
 		ifdef(`confEBINDIR', confEBINDIR, `/usr/libexec')`/mail.local',
 		_ARG_))
-define(`LOCAL_MAILER_FLAGS', `SXfmnz9')
+define(`LOCAL_MAILER_FLAGS', `PSXfmnz9')
 define(`LOCAL_MAILER_ARGS', `mail.local -l')
+define(`LOCAL_MAILER_DSN_DIAGNOSTIC_CODE', `SMTP')
diff --git a/contrib/sendmail/cf/feature/local_procmail.m4 b/contrib/sendmail/cf/feature/local_procmail.m4
index 20618dd..29bb980 100644
--- a/contrib/sendmail/cf/feature/local_procmail.m4
+++ b/contrib/sendmail/cf/feature/local_procmail.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1994 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,14 +13,20 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)local_procmail.m4	8.11 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: local_procmail.m4,v 8.21 1999/11/18 05:06:23 ca Exp $')
 divert(-1)
 
+ifdef(`_MAILER_local_',
+	`errprint(`*** FEATURE(local_procmail) must occur before MAILER(local)
+')')dnl
+
 define(`LOCAL_MAILER_PATH',
-	ifelse(_ARG_, `',
+	ifelse(defn(`_ARG_'), `',
 		ifdef(`PROCMAIL_MAILER_PATH',
 			PROCMAIL_MAILER_PATH,
 			`/usr/local/bin/procmail'),
 		_ARG_))
-define(`LOCAL_MAILER_FLAGS', `SPfhn9')
-define(`LOCAL_MAILER_ARGS', `procmail -Y -a $h -d $u')
+define(`LOCAL_MAILER_ARGS',
+	ifelse(len(X`'_ARG2_), `1', `procmail -Y -a $h -d $u', _ARG2_))
+define(`LOCAL_MAILER_FLAGS',
+	ifelse(len(X`'_ARG3_), `1', `SPfhn9', _ARG3_))
diff --git a/contrib/sendmail/cf/feature/loose_relay_check.m4 b/contrib/sendmail/cf/feature/loose_relay_check.m4
index 988e441..abd1b9c9 100644
--- a/contrib/sendmail/cf/feature/loose_relay_check.m4
+++ b/contrib/sendmail/cf/feature/loose_relay_check.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
@@ -9,7 +10,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)loose_relay_check.m4	8.3 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: loose_relay_check.m4,v 8.6 1999/02/07 07:26:10 gshapiro Exp $')
 divert(-1)
 
 define(`_LOOSE_RELAY_CHECK_', 1)
diff --git a/contrib/sendmail/cf/feature/mailertable.m4 b/contrib/sendmail/cf/feature/mailertable.m4
index 71a41ad..08c1bf6 100644
--- a/contrib/sendmail/cf/feature/mailertable.m4
+++ b/contrib/sendmail/cf/feature/mailertable.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,11 +13,13 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)mailertable.m4	8.10 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: mailertable.m4,v 8.18 1999/07/22 17:55:35 gshapiro Exp $')
 divert(-1)
 
-define(`MAILER_TABLE', ifelse(_ARG_, `',
-			      ifdef(`_USE_ETC_MAIL_',
-				    DATABASE_MAP_TYPE` -o /etc/mail/mailertable',
-				    DATABASE_MAP_TYPE` -o /etc/mailertable'),
-			      `_ARG_'))dnl
+define(`_MAILER_TABLE_', `')
+
+LOCAL_CONFIG
+# Mailer table (overriding domains)
+Kmailertable ifelse(defn(`_ARG_'), `',
+		    DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`mailertable',
+		    `_ARG_')
diff --git a/contrib/sendmail/cf/feature/masquerade_entire_domain.m4 b/contrib/sendmail/cf/feature/masquerade_entire_domain.m4
index 4455b9a..e2bcc65 100644
--- a/contrib/sendmail/cf/feature/masquerade_entire_domain.m4
+++ b/contrib/sendmail/cf/feature/masquerade_entire_domain.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,7 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)masquerade_entire_domain.m4	8.6 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: masquerade_entire_domain.m4,v 8.9 1999/02/07 07:26:10 gshapiro Exp $')
 divert(-1)
 
 define(`_MASQUERADE_ENTIRE_DOMAIN_', 1)
diff --git a/contrib/sendmail/cf/feature/masquerade_envelope.m4 b/contrib/sendmail/cf/feature/masquerade_envelope.m4
index 276c7f4..74d3aa0 100644
--- a/contrib/sendmail/cf/feature/masquerade_envelope.m4
+++ b/contrib/sendmail/cf/feature/masquerade_envelope.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,7 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)masquerade_envelope.m4	8.6 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: masquerade_envelope.m4,v 8.9 1999/02/07 07:26:10 gshapiro Exp $')
 divert(-1)
 
 define(`_MASQUERADE_ENVELOPE_', 1)
diff --git a/contrib/sendmail/cf/feature/no_default_msa.m4 b/contrib/sendmail/cf/feature/no_default_msa.m4
new file mode 100644
index 0000000..3f5752a
--- /dev/null
+++ b/contrib/sendmail/cf/feature/no_default_msa.m4
@@ -0,0 +1,16 @@
+divert(-1)
+#
+# Copyright (c) 1999, 2000 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: no_default_msa.m4,v 8.1 2000/02/01 15:56:30 ca Exp $')
+divert(-1)
+
+define(`_NO_MSA_', `1')
diff --git a/contrib/sendmail/cf/feature/nocanonify.m4 b/contrib/sendmail/cf/feature/nocanonify.m4
index 279a8ea..05baa7a 100644
--- a/contrib/sendmail/cf/feature/nocanonify.m4
+++ b/contrib/sendmail/cf/feature/nocanonify.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,7 +13,12 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)nocanonify.m4	8.6 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: nocanonify.m4,v 8.12 1999/08/28 00:42:01 ca Exp $')
 divert(-1)
 
 define(`_NO_CANONIFY_', 1)
+ifelse(defn(`_ARG_'), `', `',
+	strcasecmp(defn(`_ARG_'), `canonify_hosts'), `1',
+	`define(`_CANONIFY_HOSTS_', 1)',
+	`errprint(`*** ERROR: unknown parameter '"defn(`_ARG_')"` for FEATURE(`nocanonify')
+')')
diff --git a/contrib/sendmail/cf/feature/nodns.m4 b/contrib/sendmail/cf/feature/nodns.m4
index 5d383d5..c5acadf 100644
--- a/contrib/sendmail/cf/feature/nodns.m4
+++ b/contrib/sendmail/cf/feature/nodns.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,10 +13,10 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)nodns.m4	8.9 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: nodns.m4,v 8.14 1999/07/22 17:55:35 gshapiro Exp $')
 divert(-1)
 
 undefine(`confBIND_OPTS')dnl
 errprint(`FEATURE(nodns) is no-op.
-Use ServiceSwitchFile ('ifdef(`confSERVICE_SWITCH_FILE',confSERVICE_SWITCH_FILE,ifdef(`_USE_ETC_MAIL_',`/etc/mail/service.switch',`/etc/service.switch'))`) if your OS does not provide its own instead.
+Use ServiceSwitchFile ('ifdef(`confSERVICE_SWITCH_FILE',confSERVICE_SWITCH_FILE,MAIL_SETTINGS_DIR`service.switch')`) if your OS does not provide its own instead.
 ')
diff --git a/contrib/sendmail/cf/feature/notsticky.m4 b/contrib/sendmail/cf/feature/notsticky.m4
index 5ba6b2f..1cecca5 100644
--- a/contrib/sendmail/cf/feature/notsticky.m4
+++ b/contrib/sendmail/cf/feature/notsticky.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,7 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)notsticky.m4	8.8 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: notsticky.m4,v 8.11 1999/02/07 07:26:11 gshapiro Exp $')
 #
 #  This is now the default.  Use ``FEATURE(stickyhost)'' if you want
 #  the old default behaviour.
diff --git a/contrib/sendmail/cf/feature/nouucp.m4 b/contrib/sendmail/cf/feature/nouucp.m4
index 7cf241f..a031049 100644
--- a/contrib/sendmail/cf/feature/nouucp.m4
+++ b/contrib/sendmail/cf/feature/nouucp.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,7 +13,15 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)nouucp.m4	8.6 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: nouucp.m4,v 8.13 1999/11/24 18:37:07 ca Exp $')
 divert(-1)
 
-define(`_NO_UUCP_', 1)
+ifelse(defn(`_ARG_'), `', 
+	`errprint(`*** ERROR: missing argument for FEATURE(nouucp):
+		use `reject' or `nospecial'. See cf/README.
+')define(`_NO_UUCP_', `e')',
+	substr(_ARG_,0,1), `r', `define(`_NO_UUCP_', `r')',
+	substr(_ARG_,0,1), `n', `define(`_NO_UUCP_', `n')',
+	`errprint(`*** ERROR: illegal argument _ARG_ for FEATURE(nouucp)
+')
+	')
diff --git a/contrib/sendmail/cf/feature/nullclient.m4 b/contrib/sendmail/cf/feature/nullclient.m4
index 99346ae..1354e56 100644
--- a/contrib/sendmail/cf/feature/nullclient.m4
+++ b/contrib/sendmail/cf/feature/nullclient.m4
@@ -1,6 +1,7 @@
-PUSHDIVERT(-1)
+divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -10,11 +11,8 @@ PUSHDIVERT(-1)
 # the sendmail distribution.
 #
 #
-ifdef(`SMTP_MAILER_FLAGS',, `define(`SMTP_MAILER_FLAGS', `')')
-define(_NULL_CLIENT_ONLY_, `1')
-ifelse(_ARG_, `', `errprint(`Feature "nullclient" requires argument')',
-	`define(`MAIL_HUB', _ARG_)')
-POPDIVERT
+ifelse(defn(`_ARG_'), `', `errprint(`Feature "nullclient" requires argument')',
+	`define(`_NULL_CLIENT_', _ARG_)')
 
 #
 #  This is used only for relaying mail from a client to a hub when
@@ -23,28 +21,17 @@ POPDIVERT
 #  sendmail.
 #
 
-VERSIONID(`@(#)nullclient.m4	8.12 (Berkeley) 5/19/1998')
+divert(0)
+VERSIONID(`$Id: nullclient.m4,v 8.21.16.1 2000/05/26 18:08:41 gshapiro Exp $')
+divert(-1)
 
-PUSHDIVERT(6)
-# hub host (to which all mail is sent)
-DH`'ifdef(`MAIL_HUB', MAIL_HUB,
-	`errprint(`MAIL_HUB not defined for nullclient feature')')
-ifdef(`MASQUERADE_NAME',, `define(`MASQUERADE_NAME', MAIL_HUB)')dnl
-
-# route-addr separators
-C: : ,
-POPDIVERT
-PUSHDIVERT(7)
-############################################
-###   Null Client Mailer specification   ###
-############################################
-
-ifdef(`confRELAY_MAILER',,
-	`define(`confRELAY_MAILER', `nullclient')')dnl
-ifdef(`confFROM_HEADER',,
-	`define(`confFROM_HEADER', <$g>)')dnl
-ifdef(`SMTP_MAILER_ARGS',, `define(`SMTP_MAILER_ARGS', `IPC $h')')dnl
-
-Mnullclient,	P=[IPC], F=CONCAT(mDFMuXa, SMTP_MAILER_FLAGS),ifdef(`SMTP_MAILER_MAX', ` M=SMTP_MAILER_MAX,')
-		A=SMTP_MAILER_ARGS
-POPDIVERT
+undefine(`ALIAS_FILE')
+define(`MAIL_HUB', _NULL_CLIENT_)
+define(`SMART_HOST', _NULL_CLIENT_)
+define(`confFORWARD_PATH', `')
+define(`_DEF_LOCAL_MAILER_FLAGS', `lsDFM5q')
+MASQUERADE_AS(_NULL_CLIENT_)
+FEATURE(`allmasquerade')
+FEATURE(`masquerade_envelope')
+MAILER(`local')
+MAILER(`smtp')
diff --git a/contrib/sendmail/cf/feature/promiscuous_relay.m4 b/contrib/sendmail/cf/feature/promiscuous_relay.m4
index cc3dae6..86db75f 100644
--- a/contrib/sendmail/cf/feature/promiscuous_relay.m4
+++ b/contrib/sendmail/cf/feature/promiscuous_relay.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
@@ -9,7 +10,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)promiscuous_relay.m4	8.7 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: promiscuous_relay.m4,v 8.10 1999/02/07 07:26:11 gshapiro Exp $')
 divert(-1)
 
 define(`_PROMISCUOUS_RELAY_', 1)
diff --git a/contrib/sendmail/cf/feature/rbl.m4 b/contrib/sendmail/cf/feature/rbl.m4
index 0284aa3..6e5d159 100644
--- a/contrib/sendmail/cf/feature/rbl.m4
+++ b/contrib/sendmail/cf/feature/rbl.m4
@@ -9,7 +9,10 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)rbl.m4	8.8 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: rbl.m4,v 8.17 1999/04/04 00:51:12 ca Exp $')
 divert(-1)
 
-define(`_RBL_', ifelse(_ARG_, `', `rbl.maps.vix.com', `_ARG_'))dnl
+define(`_RBL_', ifelse(defn(`_ARG_'), `', `rbl.maps.vix.com', `_ARG_'))dnl
+ifelse(defn(`_ARG_'), `', `', `
+errprint(`Warning: FEATURE(`rbl') is deprecated, use FEATURE(`dnsbl') instead
+')')dnl
diff --git a/contrib/sendmail/cf/feature/redirect.m4 b/contrib/sendmail/cf/feature/redirect.m4
index a9b333f..e167865 100644
--- a/contrib/sendmail/cf/feature/redirect.m4
+++ b/contrib/sendmail/cf/feature/redirect.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,17 +13,14 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)redirect.m4	8.10 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: redirect.m4,v 8.15 1999/08/06 01:47:36 gshapiro Exp $')
 divert(-1)
 
-
-PUSHDIVERT(3)
+LOCAL_RULE_0
 # addresses sent to foo@host.REDIRECT will give a 551 error code
 R$* < @ $+ .REDIRECT. >		$: $1 < @ $2 . REDIRECT . > < ${opMode} >
 R$* < @ $+ .REDIRECT. > <i>	$: $1 < @ $2 . REDIRECT. >
-R$* < @ $+ .REDIRECT. > < $- >	$# error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
-POPDIVERT
+R$* < @ $+ .REDIRECT. > < $- >	$#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
 
-PUSHDIVERT(6)
+LOCAL_CONFIG
 CPREDIRECT
-POPDIVERT
diff --git a/contrib/sendmail/cf/feature/relay_based_on_MX.m4 b/contrib/sendmail/cf/feature/relay_based_on_MX.m4
index f19e89b..872680a 100644
--- a/contrib/sendmail/cf/feature/relay_based_on_MX.m4
+++ b/contrib/sendmail/cf/feature/relay_based_on_MX.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
@@ -9,7 +10,12 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)relay_based_on_MX.m4	8.7 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: relay_based_on_MX.m4,v 8.11 1999/04/02 02:25:13 gshapiro Exp $')
 divert(-1)
 
 define(`_RELAY_MX_SERVED_', 1)
+
+LOCAL_CONFIG
+# MX map (to allow relaying to hosts that we MX for)
+Kmxserved bestmx -z: -T<TEMP>
+
diff --git a/contrib/sendmail/cf/feature/relay_entire_domain.m4 b/contrib/sendmail/cf/feature/relay_entire_domain.m4
index c932a70..a720b16 100644
--- a/contrib/sendmail/cf/feature/relay_entire_domain.m4
+++ b/contrib/sendmail/cf/feature/relay_entire_domain.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
@@ -9,7 +10,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)relay_entire_domain.m4	8.7 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: relay_entire_domain.m4,v 8.10 1999/02/07 07:26:12 gshapiro Exp $')
 divert(-1)
 
 define(`_RELAY_ENTIRE_DOMAIN_', 1)
diff --git a/contrib/sendmail/cf/feature/relay_hosts_only.m4 b/contrib/sendmail/cf/feature/relay_hosts_only.m4
index 35f7ab5..867d4ed 100644
--- a/contrib/sendmail/cf/feature/relay_hosts_only.m4
+++ b/contrib/sendmail/cf/feature/relay_hosts_only.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
@@ -9,7 +10,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)relay_hosts_only.m4	8.7 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: relay_hosts_only.m4,v 8.10 1999/02/07 07:26:12 gshapiro Exp $')
 divert(-1)
 
 define(`_RELAY_HOSTS_ONLY_', 1)
diff --git a/contrib/sendmail/cf/feature/relay_local_from.m4 b/contrib/sendmail/cf/feature/relay_local_from.m4
index ab040f6..6e1aa80 100644
--- a/contrib/sendmail/cf/feature/relay_local_from.m4
+++ b/contrib/sendmail/cf/feature/relay_local_from.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
@@ -9,7 +10,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)relay_local_from.m4	8.2 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: relay_local_from.m4,v 8.5 1999/02/07 07:26:12 gshapiro Exp $')
 divert(-1)
 
 define(`_RELAY_LOCAL_FROM_', 1)
diff --git a/contrib/sendmail/cf/feature/relay_mail_from.m4 b/contrib/sendmail/cf/feature/relay_mail_from.m4
new file mode 100644
index 0000000..f66408d
--- /dev/null
+++ b/contrib/sendmail/cf/feature/relay_mail_from.m4
@@ -0,0 +1,20 @@
+divert(-1)
+#
+# Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: relay_mail_from.m4,v 8.2 1999/04/02 02:25:13 gshapiro Exp $')
+divert(-1)
+
+ifdef(`_ACCESS_TABLE_',
+	`define(`_RELAY_DB_FROM_', 1)
+	ifelse(_ARG_,`domain',`define(`_RELAY_DB_FROM_DOMAIN_', 1)')',
+	`errprint(`*** ERROR: FEATURE(relay_mail_from) requires FEATURE(access_db)
+')')
diff --git a/contrib/sendmail/cf/feature/smrsh.m4 b/contrib/sendmail/cf/feature/smrsh.m4
index 3b44fa8..2159ff8 100644
--- a/contrib/sendmail/cf/feature/smrsh.m4
+++ b/contrib/sendmail/cf/feature/smrsh.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,12 +13,14 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)smrsh.m4	8.8 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: smrsh.m4,v 8.14 1999/11/18 05:06:23 ca Exp $')
 divert(-1)
 
 ifdef(`_MAILER_local_',
-	`errprint(`*** FEATURE(smrsh) must occur before MAILER(local)')')dnl
+	`errprint(`*** FEATURE(smrsh) must occur before MAILER(local)
+')')dnl
 define(`LOCAL_SHELL_PATH',
-	ifelse(_ARG_, `',
+	ifelse(defn(`_ARG_'), `',
 		ifdef(`confEBINDIR', confEBINDIR, `/usr/libexec')`/smrsh',
 		_ARG_))
+_DEFIFNOT(`LOCAL_SHELL_ARGS', `smrsh -c $u')
diff --git a/contrib/sendmail/cf/feature/stickyhost.m4 b/contrib/sendmail/cf/feature/stickyhost.m4
index 1d0d1cd..1e95be4 100644
--- a/contrib/sendmail/cf/feature/stickyhost.m4
+++ b/contrib/sendmail/cf/feature/stickyhost.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,7 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)stickyhost.m4	8.6 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: stickyhost.m4,v 8.9 1999/02/07 07:26:13 gshapiro Exp $')
 divert(-1)
 
 define(`_STICKY_LOCAL_DOMAIN_', 1)
diff --git a/contrib/sendmail/cf/feature/use_ct_file.m4 b/contrib/sendmail/cf/feature/use_ct_file.m4
index 924dd06..e87ca62 100644
--- a/contrib/sendmail/cf/feature/use_ct_file.m4
+++ b/contrib/sendmail/cf/feature/use_ct_file.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,7 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)use_ct_file.m4	8.6 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: use_ct_file.m4,v 8.9 1999/02/07 07:26:13 gshapiro Exp $')
 divert(-1)
 
 # if defined, the sendmail.cf will read the /etc/sendmail.ct file
diff --git a/contrib/sendmail/cf/feature/use_cw_file.m4 b/contrib/sendmail/cf/feature/use_cw_file.m4
index 5bbbf7b..c7e1cee 100644
--- a/contrib/sendmail/cf/feature/use_cw_file.m4
+++ b/contrib/sendmail/cf/feature/use_cw_file.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,7 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)use_cw_file.m4	8.6 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: use_cw_file.m4,v 8.9 1999/02/07 07:26:13 gshapiro Exp $')
 divert(-1)
 
 # if defined, the sendmail.cf will read the /etc/sendmail.cw file
diff --git a/contrib/sendmail/cf/feature/uucpdomain.m4 b/contrib/sendmail/cf/feature/uucpdomain.m4
index 0c584aa..cc34032 100644
--- a/contrib/sendmail/cf/feature/uucpdomain.m4
+++ b/contrib/sendmail/cf/feature/uucpdomain.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,11 +13,13 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)uucpdomain.m4	8.14 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: uucpdomain.m4,v 8.22 1999/07/22 17:55:35 gshapiro Exp $')
 divert(-1)
 
-define(`UUDOMAIN_TABLE', ifelse(_ARG_, `',
-				ifdef(`_USE_ETC_MAIL_',
-				      DATABASE_MAP_TYPE` -o /etc/mail/uudomain',
-				      DATABASE_MAP_TYPE` -o /etc/uudomain'),
-				`_ARG_'))dnl
+define(`_UUDOMAIN_TABLE_', `')
+
+LOCAL_CONFIG
+# UUCP domain table
+Kuudomain ifelse(defn(`_ARG_'), `',
+		 DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`uudomain',
+		 `_ARG_')
diff --git a/contrib/sendmail/cf/feature/virtuser_entire_domain.m4 b/contrib/sendmail/cf/feature/virtuser_entire_domain.m4
new file mode 100644
index 0000000..5a1d9f0
--- /dev/null
+++ b/contrib/sendmail/cf/feature/virtuser_entire_domain.m4
@@ -0,0 +1,16 @@
+divert(-1)
+#
+# Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: virtuser_entire_domain.m4,v 8.2 1999/03/16 00:43:05 ca Exp $')
+divert(-1)
+
+define(`_VIRTUSER_ENTIRE_DOMAIN_', 1)
diff --git a/contrib/sendmail/cf/feature/virtusertable.m4 b/contrib/sendmail/cf/feature/virtusertable.m4
index 316f7ea..b1f6028 100644
--- a/contrib/sendmail/cf/feature/virtusertable.m4
+++ b/contrib/sendmail/cf/feature/virtusertable.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,11 +13,13 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)virtusertable.m4	8.8 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: virtusertable.m4,v 8.16 1999/07/22 17:55:36 gshapiro Exp $')
 divert(-1)
 
-define(`VIRTUSER_TABLE', ifelse(_ARG_, `',
-				ifdef(`_USE_ETC_MAIL_',
-				      DATABASE_MAP_TYPE` -o /etc/mail/virtusertable',
-				      DATABASE_MAP_TYPE` -o /etc/virtusertable'),
-				`_ARG_'))dnl
+define(`_VIRTUSER_TABLE_', `')
+
+LOCAL_CONFIG
+# Virtual user table (maps incoming users)
+Kvirtuser ifelse(defn(`_ARG_'), `',
+		 DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`virtusertable',
+		 `_ARG_')
diff --git a/contrib/sendmail/cf/hack/cssubdomain.m4 b/contrib/sendmail/cf/hack/cssubdomain.m4
index 6297d64..9b0e76a2 100644
--- a/contrib/sendmail/cf/hack/cssubdomain.m4
+++ b/contrib/sendmail/cf/hack/cssubdomain.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -11,7 +12,7 @@ divert(-1)
 #
 #
 divert(0)
-VERSIONID(`@(#)cssubdomain.m4	8.6 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: cssubdomain.m4,v 8.9 1999/02/07 07:26:14 gshapiro Exp $')
 
 divert(2)
 # find possible (old & new) versions of our name via short circuit hack
diff --git a/contrib/sendmail/cf/m4/cf.m4 b/contrib/sendmail/cf/m4/cf.m4
index 0b05809..4f5712b 100644
--- a/contrib/sendmail/cf/m4/cf.m4
+++ b/contrib/sendmail/cf/m4/cf.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983, 1995 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -25,4 +26,4 @@ ifdef(`_CF_DIR_', `',
 divert(0)dnl
 ifdef(`OSTYPE', `dnl',
 `include(_CF_DIR_`'m4/cfhead.m4)dnl
-VERSIONID(`@(#)cf.m4	8.29 (Berkeley) 5/19/1998')')
+VERSIONID(`$Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $')')
diff --git a/contrib/sendmail/cf/m4/cfhead.m4 b/contrib/sendmail/cf/m4/cfhead.m4
index 9a5ccd2..a43d1f6 100644
--- a/contrib/sendmail/cf/m4/cfhead.m4
+++ b/contrib/sendmail/cf/m4/cfhead.m4
@@ -1,5 +1,6 @@
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983, 1995 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -15,10 +16,11 @@
 #####
 #####		SENDMAIL CONFIGURATION FILE
 #####
-define(`TEMPFILE', maketemp(/tmp/cfXXXXXX))dnl
+ifdef(`unix', `dnl
+ifdef(`TEMPFILE', `dnl', `define(`TEMPFILE', maketemp(/tmp/cfXXXXXX))dnl
 syscmd(sh _CF_DIR_`'sh/makeinfo.sh _CF_DIR_ > TEMPFILE)dnl
 include(TEMPFILE)dnl
-syscmd(rm -f TEMPFILE)dnl
+syscmd(rm -f TEMPFILE)dnl')', `dnl')
 #####
 ######################################################################
 ######################################################################
@@ -36,16 +38,85 @@ define(`PUSHDIVERT', `pushdef(`__D__', divnum)divert($1)')
 define(`POPDIVERT', `divert(__D__)popdef(`__D__')')
 define(`OSTYPE',
 	`PUSHDIVERT(-1)
-	ifdef(`__OSTYPE__', `errprint(`duplicate OSTYPE'($1))')
+	ifdef(`__OSTYPE__', `errprint(`duplicate OSTYPE'($1)
+)')
 	define(`__OSTYPE__', $1)
 	define(`_ARG_', $2)
 	include(_CF_DIR_`'ostype/$1.m4)POPDIVERT`'')
+## helpful functions
+define(`lower', `translit(`$1', `ABCDEFGHIJKLMNOPQRSTUVWXYZ', `abcdefghijklmnopqrstuvwx')')
+define(`strcasecmp', `ifelse(lower($1), lower($2), `1', `0')')
+## new FEATUREs
+define(`_DNSBL_R_',`')
+## access to further arguments in FEATURE/HACK
+define(`_ACC_ARG_1_',`$1')
+define(`_ACC_ARG_2_',`$2')
+define(`_ACC_ARG_3_',`$3')
+define(`_ACC_ARG_4_',`$4')
+define(`_ACC_ARG_5_',`$5')
+define(`_ACC_ARG_6_',`$6')
+define(`_ACC_ARG_7_',`$7')
+define(`_ACC_ARG_8_',`$8')
+define(`_ACC_ARG_9_',`$9')
+define(`_ARG1_',`_ACC_ARG_1_(_ARGS_)')
+define(`_ARG2_',`_ACC_ARG_2_(_ARGS_)')
+define(`_ARG3_',`_ACC_ARG_3_(_ARGS_)')
+define(`_ARG4_',`_ACC_ARG_4_(_ARGS_)')
+define(`_ARG5_',`_ACC_ARG_5_(_ARGS_)')
+define(`_ARG6_',`_ACC_ARG_6_(_ARGS_)')
+define(`_ARG7_',`_ACC_ARG_7_(_ARGS_)')
+define(`_ARG8_',`_ACC_ARG_8_(_ARGS_)')
+define(`_ARG9_',`_ACC_ARG_9_(_ARGS_)')
+dnl define if not yet defined: if `$1' is not defined it will be `$2'
+define(`_DEFIFNOT',`ifdef(`$1',`',`define(`$1',`$2')')')
+dnl ----------------------------------------
+dnl add a char $2 to a string $1 if it is not there
+define(`_ADDCHAR_',`define(`_I_',`eval(index(`$1',`$2') >= 0)')`'ifelse(_I_,`1',`$1',`$1$2')')
+dnl ----
+dnl delete a char $2 from a string $1 if it is there
+define(`_DELCHAR_',`define(`_IDX_',`index(`$1',`$2')')`'define(`_I_',`eval(_IDX_ >= 0)')`'ifelse(_I_,`1',`substr(`$1',0,_IDX_)`'substr(`$1',eval(_IDX_+1))',`$1')')
+dnl ----
+dnl apply a macro to a whole string by recursion (one char at a time)
+dnl $1: macro
+dnl $2: first argument to macro
+dnl $3: list that is split up into characters
+define(`_AP_',`ifelse(`$3',`',`$2',`_AP_(`$1',$1(`$2',substr(`$3',0,1)),substr(`$3',1))')')
+dnl ----
+dnl MODIFY_MAILER_FLAGS: append tail of $2 to $1_MF_A/D_
+dnl A if head($2) = +
+dnl D if head($2) = -
+dnl $1_MF_ is set otherwise; set _A/D_ to `'
+define(`MODIFY_MAILER_FLAGS',`define(`_hd_',`substr(`$2',0,1)')define(`_tl_',`substr(`$2',1)')`'ifelse(_hd_,`+',`ifdef($1`'_MF_A_, `define($1`'_MF_A_,$1_MF_A_`'_tl_)', `define($1`'_MF_A_, _tl_)')',_hd_,`-',`ifdef($1`'_MF_D_, `define($1`'_MF_D_,$1_MF_D_`'_tl_)', `define($1`'_MF_D_,_tl_)')',`define($1`'_MF_,`$2')define($1`'_MF_A_,`')define($1`'_MF_D_,`')')')
+dnl ----
+dnl actually modify flags:
+dnl $1: flags (strings) to modify
+dnl $2: name of flags (just first part) to modify
+dnl WARNING: the order might be important: if someone adds and delete the
+dnl same characters, he does not deserve any better, does he?
+dnl this could be coded more efficiently... (do not apply the macro if _MF_A/D_ is undefined)
+define(`_MODMF_',`ifdef($2`'_MF_,`$2_MF_',`_AP_(`_ADDCHAR_',_AP_(`_DELCHAR_',$1,ifdef($2`'_MF_D_,`$2_MF_D_',`')),ifdef($2`'_MF_A_,`$2_MF_A_',`'))')')
+dnl usage:
+dnl MODIFY_MAILER_FLAGS(`LOCAL',`+FlaGs')dnl
+dnl in MAILER.m4: _MODMF_(LMF,`LOCAL')
+dnl ----------------------------------------
 define(`MAILER',
-`ifdef(`_MAILER_$1_', `dnl`'',
-`define(`_MAILER_$1_', `')PUSHDIVERT(7)include(_CF_DIR_`'mailer/$1.m4)POPDIVERT`'')')
-define(`DOMAIN', `PUSHDIVERT(-1)define(`_ARG_', $2)include(_CF_DIR_`'domain/$1.m4)POPDIVERT`'')
-define(`FEATURE', `PUSHDIVERT(-1)define(`_ARG_', $2)include(_CF_DIR_`'feature/$1.m4)POPDIVERT`'')
-define(`HACK', `PUSHDIVERT(-1)define(`_ARG_', $2)include(_CF_DIR_`'hack/$1.m4)POPDIVERT`'')
+`define(`_M_N_', `ifelse(`$2', `', `$1', `$2')')dnl
+ifdef(_MAILER_`'_M_N_`'_, `dnl`'',
+`define(_MAILER_`'_M_N_`'_, `')define(`_ARG_', `$2')define(`_ARGS_', `shift($@)')PUSHDIVERT(7)include(_CF_DIR_`'mailer/$1.m4)POPDIVERT`'')')
+define(`DOMAIN', `PUSHDIVERT(-1)define(`_ARG_', `$2')include(_CF_DIR_`'domain/$1.m4)POPDIVERT`'')
+define(`FEATURE', `PUSHDIVERT(-1)define(`_ARG_', `$2')define(`_ARGS_', `shift($@)')include(_CF_DIR_`'feature/$1.m4)POPDIVERT`'')
+define(`HACK', `PUSHDIVERT(-1)define(`_ARG_', `$2')define(`_ARGS_', `shift($@)')include(_CF_DIR_`'hack/$1.m4)POPDIVERT`'')
+define(`_DPO_',`')
+define(`DAEMON_OPTIONS', `define(`_DPO_', defn(`_DPO_')
+O DaemonPortOptions=`$1')')
+define(`_MAIL_FILTERS_', `')
+define(`MAIL_FILTER', `define(`_MAIL_FILTERS_', defn(`_MAIL_FILTERS_')
+X`'$1`, '`$2')')
+define(`INPUT_MAIL_FILTER', `MAIL_FILTER(`$1', `$2')
+ifelse(defn(`confINPUT_MAIL_FILTERS')X, `X',
+`define(`confINPUT_MAIL_FILTERS', $1)',
+`define(`confINPUT_MAIL_FILTERS', defn(`confINPUT_MAIL_FILTERS')`, '`$1')')')
+define(`CF_LEVEL', `9')dnl
 define(`VERSIONID', ``#####  $1  #####'')
 define(`LOCAL_RULE_0', `divert(3)')
 define(`LOCAL_RULE_1',
@@ -54,7 +125,7 @@ define(`LOCAL_RULE_1',
 ###  Ruleset 1 -- Sender Rewriting  ###
 #######################################
 
-S1
+Ssender=1
 ')
 define(`LOCAL_RULE_2',
 `divert(9)dnl
@@ -62,7 +133,7 @@ define(`LOCAL_RULE_2',
 ###  Ruleset 2 -- Recipient Rewriting  ###
 ##########################################
 
-S2
+Srecipient=2
 ')
 define(`LOCAL_RULESETS',
 `divert(9)
@@ -90,30 +161,65 @@ POPDIVERT`'dnl`'')
 define(`MASQUERADE_AS', `define(`MASQUERADE_NAME', $1)')
 define(`MASQUERADE_DOMAIN', `PUSHDIVERT(5)CM$1
 POPDIVERT`'dnl`'')
+define(`MASQUERADE_EXCEPTION', `PUSHDIVERT(5)CN$1
+POPDIVERT`'dnl`'')
 define(`MASQUERADE_DOMAIN_FILE', `PUSHDIVERT(5)FM$1
 POPDIVERT`'dnl`'')
+define(`LOCAL_DOMAIN', `PUSHDIVERT(5)Cw$1
+POPDIVERT`'dnl`'')
+define(`CANONIFY_DOMAIN', `PUSHDIVERT(5)C{Canonify}$1
+POPDIVERT`'dnl`'')
+define(`CANONIFY_DOMAIN_FILE', `PUSHDIVERT(5)F{Canonify}$1
+POPDIVERT`'dnl`'')
 define(`GENERICS_DOMAIN', `PUSHDIVERT(5)CG$1
 POPDIVERT`'dnl`'')
 define(`GENERICS_DOMAIN_FILE', `PUSHDIVERT(5)FG$1
 POPDIVERT`'dnl`'')
+define(`LDAPROUTE_DOMAIN', `PUSHDIVERT(5)C{LDAPRoute}$1
+POPDIVERT`'dnl`'')
+define(`LDAPROUTE_DOMAIN_FILE', `PUSHDIVERT(5)F{LDAPRoute}$1
+POPDIVERT`'dnl`'')
+define(`VIRTUSER_DOMAIN', `PUSHDIVERT(5)C{VirtHost}$1
+define(`_VIRTHOSTS_')
+POPDIVERT`'dnl`'')
+define(`VIRTUSER_DOMAIN_FILE', `PUSHDIVERT(5)F{VirtHost}$1
+define(`_VIRTHOSTS_')
+POPDIVERT`'dnl`'')
 define(`RELAY_DOMAIN', `PUSHDIVERT(5)CR$1
 POPDIVERT`'dnl`'')
 define(`RELAY_DOMAIN_FILE', `PUSHDIVERT(5)FR$1
 POPDIVERT`'dnl`'')
+define(`TRUST_AUTH_MECH', `PUSHDIVERT(5)C{TrustAuthMech}$1
+POPDIVERT`'dnl`'')
 define(`_OPTINS', `ifdef(`$1', `$2$1$3')')
 
+
 m4wrap(`include(_CF_DIR_`m4/proto.m4')')
 
+# default location for files
+ifdef(`MAIL_SETTINGS_DIR', , `define(`MAIL_SETTINGS_DIR', `/etc/mail/')')
+
+# set our default hashed database type
+define(`DATABASE_MAP_TYPE', `hash')
+
 # set up default values for options
-define(`ALIAS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/aliases', `/etc/aliases'))
+define(`ALIAS_FILE', `MAIL_SETTINGS_DIR`'aliases')
 define(`confMAILER_NAME', ``MAILER-DAEMON'')
-define(`confFROM_LINE', `From $g  $d')
+define(`confFROM_LINE', `From $g $d')
 define(`confOPERATORS', `.:%@!^/[]+')
 define(`confSMTP_LOGIN_MSG', `$j Sendmail $v/$Z; $b')
-define(`confRECEIVED_HEADER', `$?sfrom $s $.$?_($?s$|from $.$_)
-	$.by $j ($v/$Z)$?r with $r$. id $i$?u
-	for $u; $|;
+define(`_REC_AUTH_', `$.$?{auth_type}(authenticated')
+define(`_REC_FULL_AUTH_', `$.$?{auth_type}(authenticated as ${auth_authen} $?{auth_author}for ${auth_author} $.with ${auth_type}')
+define(`_REC_HDR_', `$?sfrom $s $.$?_($?s$|from $.$_)')
+define(`_REC_END_', `for $u; $|;
 	$.$b')
+define(`_REC_TLS_', `(using ${tls_version} with cipher ${cipher} (${cipher_bits} bits) verified ${verify})$.$?u')
+define(`_REC_BY_', `$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}')
+define(`confRECEIVED_HEADER', `_REC_HDR_
+	_REC_AUTH_$?{auth_ssf} (${auth_ssf} bits)$.)
+	_REC_BY_
+	_REC_TLS_
+	_REC_END_')
 define(`confSEVEN_BIT_INPUT', `False')
 define(`confEIGHT_BIT_HANDLING', `pass8')
 define(`confALIAS_WAIT', `10')
@@ -133,10 +239,15 @@ define(`confSAFE_QUEUE', `True')
 define(`confTO_QUEUERETURN', `5d')
 define(`confTO_QUEUEWARN', `4h')
 define(`confTIME_ZONE', `USE_SYSTEM')
-define(`confCW_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/local-host-names', `/etc/sendmail.cw'))
+define(`confCW_FILE', `MAIL_SETTINGS_DIR`'local-host-names')
 define(`confMIME_FORMAT_ERRORS', `True')
 define(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward')
-define(`confCR_FILE', `-o /etc/mail/relay-domains')
+define(`confCR_FILE', `-o MAIL_SETTINGS_DIR`'relay-domains')
+define(`confMILTER_MACROS_CONNECT', ``j, _, {daemon_name}, {if_name}, {if_addr}'')
+define(`confMILTER_MACROS_HELO', ``{tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}'')
+define(`confMILTER_MACROS_ENVFROM', ``i, {auth_type}, {auth_authen}, {auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mail_addr}'')
+define(`confMILTER_MACROS_ENVRCPT', ``{rcpt_mailer}, {rcpt_host}, {rcpt_addr}'')
+
 
 divert(0)dnl
-VERSIONID(`@(#)cfhead.m4	8.23 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: cfhead.m4,v 8.76.4.9 2000/07/11 23:50:30 geir Exp $')
diff --git a/contrib/sendmail/cf/m4/proto.m4 b/contrib/sendmail/cf/m4/proto.m4
index 863b42c..04c1197 100644
--- a/contrib/sendmail/cf/m4/proto.m4
+++ b/contrib/sendmail/cf/m4/proto.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983, 1995 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,17 +13,18 @@ divert(-1)
 #
 divert(0)
 
-VERSIONID(`@(#)proto.m4	8.243 (Berkeley) 2/2/1999')
+VERSIONID(`$Id: proto.m4,v 8.446.2.5.2.12 2000/07/19 21:41:19 gshapiro Exp $')
 
 MAILER(local)dnl
 
-# level 8 config file format
-V8/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley')
+# level CF_LEVEL config file format
+V`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley')
 divert(-1)
 
 # do some sanity checking
 ifdef(`__OSTYPE__',,
-	`errprint(`*** ERROR: No system type defined (use OSTYPE macro)')')
+	`errprint(`*** ERROR: No system type defined (use OSTYPE macro)
+')')
 
 # pick our default mailers
 ifdef(`confSMTP_MAILER',, `define(`confSMTP_MAILER', `esmtp')')
@@ -37,16 +39,15 @@ define(`_LOCAL_', `confLOCAL_MAILER')dnl	for readability only
 define(`_RELAY_', `confRELAY_MAILER')dnl	for readability only
 define(`_UUCP_', `confUUCP_MAILER')dnl		for readability only
 
-# set our default hashed database type
-ifdef(`DATABASE_MAP_TYPE',, `define(`DATABASE_MAP_TYPE', `hash')')
-
 # back compatibility with old config files
 ifdef(`confDEF_GROUP_ID',
-	`errprint(`*** confDEF_GROUP_ID is obsolete.')
-	 errprint(`    Use confDEF_USER_ID with a colon in the value instead.')')
+`errprint(`*** confDEF_GROUP_ID is obsolete.
+    Use confDEF_USER_ID with a colon in the value instead.
+')')
 ifdef(`confREAD_TIMEOUT',
-	`errprint(`*** confREAD_TIMEOUT is obsolete.')
-	 errprint(`    Use individual confTO_<timeout> parameters instead.')')
+`errprint(`*** confREAD_TIMEOUT is obsolete.
+    Use individual confTO_<timeout> parameters instead.
+')')
 ifdef(`confMESSAGE_TIMEOUT',
 	`define(`_ARG_', index(confMESSAGE_TIMEOUT, /))
 	 ifelse(_ARG_, -1,
@@ -56,17 +57,36 @@ ifdef(`confMESSAGE_TIMEOUT',
 		 define(`confTO_QUEUEWARN',
 			substr(confMESSAGE_TIMEOUT, eval(_ARG_+1)))')')
 ifdef(`confMIN_FREE_BLOCKS', `ifelse(index(confMIN_FREE_BLOCKS, /), -1,,
-	`errprint(`*** compound confMIN_FREE_BLOCKS is obsolete.')
-	 errprint(`    Use confMAX_MESSAGE_SIZE for the second part of the value.')')')
+`errprint(`*** compound confMIN_FREE_BLOCKS is obsolete.
+    Use confMAX_MESSAGE_SIZE for the second part of the value.
+')')')
+
+
+# Sanity check on ldap_routing feature
+# If the user doesn't specify a new map, they better have given as a
+# default LDAP specification which has the LDAP base (and most likely the host)
+ifdef(`confLDAP_DEFAULT_SPEC',, `ifdef(`_LDAP_ROUTING_WARN_', `errprint(`
+WARNING: Using default FEATURE(ldap_routing) map definition(s)
+without setting confLDAP_DEFAULT_SPEC option.
+')')')dnl
 
 # clean option definitions below....
-define(`_OPTION', `ifdef(`$2', `O $1=$2', `#O $1`'ifelse($3, `',, `=$3')')')dnl
+define(`_OPTION', `ifdef(`$2', `O $1`'ifelse(defn(`$2'), `',, `=$2')', `#O $1`'ifelse(`$3', `',,`=$3')')')dnl
 
+dnl required to "rename" the check_* rulesets...
+define(`_U_',ifdef(`_DELAY_CHECKS_',`',`_'))
+dnl default relaying denied message
+ifdef(`confRELAY_MSG', `', `define(`confRELAY_MSG', `"550 Relaying denied"')')
 divert(0)dnl
 
-# override file safeties - setting this option compromises system security
-# need to set this now for the sake of class files
-_OPTION(DontBlameSendmail, `confDONT_BLAME_SENDMAIL', safe)
+# override file safeties - setting this option compromises system security,
+# addressing the actual file configuration problem is preferred
+# need to set this before any file actions are encountered in the cf file
+_OPTION(DontBlameSendmail, `confDONT_BLAME_SENDMAIL', `safe')
+
+# default LDAP map specification
+# need to set this now before any LDAP maps are defined
+_OPTION(LDAPDefaultSpec, `confLDAP_DEFAULT_SPEC', `-h localhost')
 
 ##################
 #   local info   #
@@ -82,8 +102,6 @@ Fw`'confCW_FILE',
 # ... `define' this only if sendmail cannot automatically determine your domain
 ifdef(`confDOMAIN_NAME', `Dj`'confDOMAIN_NAME', `#Dj$w.Foo.COM')
 
-ifdef(`_NULL_CLIENT_ONLY_', `divert(-1)')dnl
-
 CP.
 
 ifdef(`UUCP_RELAY',
@@ -129,44 +147,13 @@ C..
 # a class with just a left bracket (for identifying domain literals)
 C[[
 
-ifdef(`MAILER_TABLE', `dnl
-# Mailer table (overriding domains)
-Kmailertable MAILER_TABLE',
-`dnl')
-
-ifdef(`DOMAIN_TABLE', `dnl
-# Domain table (adding domains)
-Kdomaintable DOMAIN_TABLE',
-`dnl')
-
-ifdef(`GENERICS_TABLE', `dnl
-# Generics table (mapping outgoing addresses)
-Kgenerics GENERICS_TABLE',
-`dnl')
-
-ifdef(`UUDOMAIN_TABLE', `dnl
-# UUCP domain table
-Kuudomain UUDOMAIN_TABLE',
-`dnl')
-
-ifdef(`BITDOMAIN_TABLE', `dnl
-# BITNET mapping table
-Kbitdomain BITDOMAIN_TABLE',
-`dnl')
-
-ifdef(`VIRTUSER_TABLE', `dnl
-# Virtual user table (maps incoming users)
-Kvirtuser VIRTUSER_TABLE',
-`dnl')
-
-ifdef(`ACCESS_TABLE', `dnl
-# Access list database (for spam stomping)
-Kaccess ACCESS_TABLE',
-`dnl')
-
-ifdef(`_RELAY_MX_SERVED_', `dnl
-# MX map (to allow relaying to hosts that we MX for)
-Kmxserved bestmx -z: -T<TEMP>',
+ifdef(`_ACCESS_TABLE_', `dnl
+# access_db acceptance class
+C{Accept}OK RELAY
+ifdef(`_DELAY_CHECKS_',`dnl
+ifdef(`_BLACKLIST_RCPT_',`dnl
+# possible access_db RHS for spam friends/haters
+C{SpamTag}SPAMFRIEND SPAMHATER')')',
 `dnl')
 
 ifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_',`dnl',`dnl
@@ -178,6 +165,24 @@ ifdef(`confCR_FILE', `dnl
 FR`'confCR_FILE',
 `dnl')
 
+define(`TLS_SRV_TAG', `TLS_Srv')dnl
+define(`TLS_CLT_TAG', `TLS_Clt')dnl
+define(`TLS_TRY_TAG', `Try_TLS')dnl
+define(`TLS_OFF_TAG', `Offer_TLS')dnl
+dnl this may be useful in other contexts too
+ifdef(`_ARITH_MAP_', `', `# arithmetic map
+define(`_ARITH_MAP_', `1')dnl
+Karith arith')
+ifdef(`_ACCESS_TABLE_', `dnl
+# possible values for tls_connect in access map
+C{tls}VERIFY ENCR', `dnl')
+ifdef(`_CERT_REGEX_ISSUER_', `dnl
+# extract relevant part from cert issuer
+KCERTIssuer regex _CERT_REGEX_ISSUER_', `dnl')
+ifdef(`_CERT_REGEX_SUBJECT_', `dnl
+# extract relevant part from cert subject
+KCERTSubject regex _CERT_REGEX_SUBJECT_', `dnl')
+
 # who I send unqualified names to (null means deliver locally)
 DR`'ifdef(`LOCAL_RELAY', LOCAL_RELAY)
 
@@ -189,12 +194,12 @@ Kdequote dequote
 
 divert(0)dnl	# end of nullclient diversion
 # class E: names that should be exposed as from this host, even if we masquerade
-ifdef(`_NULL_CLIENT_ONLY_', `#',
-`# class L: names that should be delivered locally, even if we have a relay
+# class L: names that should be delivered locally, even if we have a relay
 # class M: domains that should be converted to $M
+# class N: domains that should not be converted to $M
 #CL root
-')CE root
 undivert(5)dnl
+ifdef(`_VIRTHOSTS_', `CR$={VirtHost}', `dnl')
 
 # who I masquerade as (null for no masquerading) (see also $=M)
 DM`'ifdef(`MASQUERADE_NAME', MASQUERADE_NAME)
@@ -202,7 +207,7 @@ DM`'ifdef(`MASQUERADE_NAME', MASQUERADE_NAME)
 # my name for error messages
 ifdef(`confMAILER_NAME', `Dn`'confMAILER_NAME', `#DnMAILER-DAEMON')
 
-undivert(6)dnl
+undivert(6)dnl LOCAL_CONFIG
 include(_CF_DIR_`m4/version.m4')
 
 ###############
@@ -210,148 +215,164 @@ include(_CF_DIR_`m4/version.m4')
 ###############
 
 # strip message body to 7 bits on input?
-_OPTION(SevenBitInput, `confSEVEN_BIT_INPUT')
+_OPTION(SevenBitInput, `confSEVEN_BIT_INPUT', `False')
 
 # 8-bit data handling
-_OPTION(EightBitMode, `confEIGHT_BIT_HANDLING', adaptive)
+_OPTION(EightBitMode, `confEIGHT_BIT_HANDLING', `adaptive')
 
-ifdef(`_NULL_CLIENT_ONLY_', `dnl', `
 # wait for alias file rebuild (default units: minutes)
-_OPTION(AliasWait, `confALIAS_WAIT', 5m)
+_OPTION(AliasWait, `confALIAS_WAIT', `5m')
 
 # location of alias file
-_OPTION(AliasFile, `ALIAS_FILE', ifdef(`_USE_ETC_MAIL_', /etc/mail/aliases, /etc/aliases))
-')
+_OPTION(AliasFile, `ALIAS_FILE', `MAIL_SETTINGS_DIR`'aliases')
+
 # minimum number of free blocks on filesystem
-_OPTION(MinFreeBlocks, `confMIN_FREE_BLOCKS', 100)
+_OPTION(MinFreeBlocks, `confMIN_FREE_BLOCKS', `100')
 
 # maximum message size
-_OPTION(MaxMessageSize, `confMAX_MESSAGE_SIZE', 1000000)
+_OPTION(MaxMessageSize, `confMAX_MESSAGE_SIZE', `1000000')
 
 # substitution for space (blank) characters
-_OPTION(BlankSub, `confBLANK_SUB', _)
+_OPTION(BlankSub, `confBLANK_SUB', `_')
 
 # avoid connecting to "expensive" mailers on initial submission?
-_OPTION(HoldExpensive, `confCON_EXPENSIVE')
+_OPTION(HoldExpensive, `confCON_EXPENSIVE', `False')
 
 # checkpoint queue runs after every N successful deliveries
-_OPTION(CheckpointInterval, `confCHECKPOINT_INTERVAL', 10)
+_OPTION(CheckpointInterval, `confCHECKPOINT_INTERVAL', `10')
 
 # default delivery mode
-_OPTION(DeliveryMode, `confDELIVERY_MODE', background)
+_OPTION(DeliveryMode, `confDELIVERY_MODE', `background')
 
 # automatically rebuild the alias database?
-_OPTION(AutoRebuildAliases, `confAUTO_REBUILD')
+# NOTE: There is a potential for a denial of service attack if this is set.
+#       This option is deprecated and will be removed from a future version.
+_OPTION(AutoRebuildAliases, `confAUTO_REBUILD', `False')
 
 # error message header/file
-_OPTION(ErrorHeader, `confERROR_MESSAGE', ifdef(`_USE_ETC_MAIL_', /etc/mail/error-header, /etc/sendmail.oE))
+_OPTION(ErrorHeader, `confERROR_MESSAGE', `MAIL_SETTINGS_DIR`'error-header')
 
 # error mode
-_OPTION(ErrorMode, `confERROR_MODE', print)
+_OPTION(ErrorMode, `confERROR_MODE', `print')
 
 # save Unix-style "From_" lines at top of header?
-_OPTION(SaveFromLine, `confSAVE_FROM_LINES')
+_OPTION(SaveFromLine, `confSAVE_FROM_LINES', `False')
 
 # temporary file mode
-_OPTION(TempFileMode, `confTEMP_FILE_MODE', 0600)
+_OPTION(TempFileMode, `confTEMP_FILE_MODE', `0600')
 
 # match recipients against GECOS field?
-_OPTION(MatchGECOS, `confMATCH_GECOS')
+_OPTION(MatchGECOS, `confMATCH_GECOS', `False')
 
 # maximum hop count
-_OPTION(MaxHopCount, `confMAX_HOP', 17)
+_OPTION(MaxHopCount, `confMAX_HOP', `17')
 
 # location of help file
-O HelpFile=ifdef(`HELP_FILE', HELP_FILE, ifdef(`_USE_ETC_MAIL_', /etc/mail/helpfile, /usr/lib/sendmail.hf))
+O HelpFile=ifdef(`HELP_FILE', HELP_FILE, `MAIL_SETTINGS_DIR`'helpfile')
 
 # ignore dots as terminators in incoming messages?
-_OPTION(IgnoreDots, `confIGNORE_DOTS')
+_OPTION(IgnoreDots, `confIGNORE_DOTS', `False')
 
 # name resolver options
-_OPTION(ResolverOptions, `confBIND_OPTS', +AAONLY)
+_OPTION(ResolverOptions, `confBIND_OPTS', `+AAONLY')
 
 # deliver MIME-encapsulated error messages?
-_OPTION(SendMimeErrors, `confMIME_FORMAT_ERRORS')
+_OPTION(SendMimeErrors, `confMIME_FORMAT_ERRORS', `True')
 
 # Forward file search path
-_OPTION(ForwardPath, `confFORWARD_PATH', /var/forward/$u:$z/.forward.$w:$z/.forward)
+_OPTION(ForwardPath, `confFORWARD_PATH', `/var/forward/$u:$z/.forward.$w:$z/.forward')
 
 # open connection cache size
-_OPTION(ConnectionCacheSize, `confMCI_CACHE_SIZE', 2)
+_OPTION(ConnectionCacheSize, `confMCI_CACHE_SIZE', `2')
 
 # open connection cache timeout
-_OPTION(ConnectionCacheTimeout, `confMCI_CACHE_TIMEOUT', 5m)
+_OPTION(ConnectionCacheTimeout, `confMCI_CACHE_TIMEOUT', `5m')
 
 # persistent host status directory
-_OPTION(HostStatusDirectory, `confHOST_STATUS_DIRECTORY', .hoststat)
+_OPTION(HostStatusDirectory, `confHOST_STATUS_DIRECTORY', `.hoststat')
 
 # single thread deliveries (requires HostStatusDirectory)?
-_OPTION(SingleThreadDelivery, `confSINGLE_THREAD_DELIVERY')
+_OPTION(SingleThreadDelivery, `confSINGLE_THREAD_DELIVERY', `False')
 
 # use Errors-To: header?
-_OPTION(UseErrorsTo, `confUSE_ERRORS_TO')
+_OPTION(UseErrorsTo, `confUSE_ERRORS_TO', `False')
 
 # log level
-_OPTION(LogLevel, `confLOG_LEVEL', 10)
+_OPTION(LogLevel, `confLOG_LEVEL', `10')
 
 # send to me too, even in an alias expansion?
-_OPTION(MeToo, `confME_TOO')
+_OPTION(MeToo, `confME_TOO', `True')
 
 # verify RHS in newaliases?
-_OPTION(CheckAliases, `confCHECK_ALIASES')
+_OPTION(CheckAliases, `confCHECK_ALIASES', `False')
 
 # default messages to old style headers if no special punctuation?
-_OPTION(OldStyleHeaders, `confOLD_STYLE_HEADERS')
+_OPTION(OldStyleHeaders, `confOLD_STYLE_HEADERS', `False')
 
 # SMTP daemon options
-_OPTION(DaemonPortOptions, `confDAEMON_OPTIONS', Port=esmtp)
+ifelse(defn(`confDAEMON_OPTIONS'), `', `dnl',
+`errprint(WARNING: `confDAEMON_OPTIONS' is no longer valid.  See cf/README for more information.
+)'dnl
+`DAEMON_OPTIONS(`confDAEMON_OPTIONS')')
+ifelse(defn(`_DPO_'), `', `O DaemonPortOptions=Name=MTA', `_DPO_')
+ifdef(`_NO_MSA_', `dnl', `O DaemonPortOptions=Port=587, Name=MSA, M=E')
+
+# SMTP client options
+_OPTION(ClientPortOptions, `confCLIENT_OPTIONS', `Address=0.0.0.0')
 
 # privacy flags
-_OPTION(PrivacyOptions, `confPRIVACY_FLAGS', authwarnings)
+_OPTION(PrivacyOptions, `confPRIVACY_FLAGS', `authwarnings')
 
 # who (if anyone) should get extra copies of error messages
-_OPTION(PostMasterCopy, `confCOPY_ERRORS_TO', Postmaster)
+_OPTION(PostmasterCopy, `confCOPY_ERRORS_TO', `Postmaster')
 
 # slope of queue-only function
-_OPTION(QueueFactor, `confQUEUE_FACTOR', 600000)
+_OPTION(QueueFactor, `confQUEUE_FACTOR', `600000')
 
 # queue directory
-O QueueDirectory=ifdef(`QUEUE_DIR', QUEUE_DIR, /var/spool/mqueue)
+O QueueDirectory=ifdef(`QUEUE_DIR', QUEUE_DIR, `/var/spool/mqueue')
 
 # timeouts (many of these)
-_OPTION(Timeout.initial, `confTO_INITIAL', 5m)
-_OPTION(Timeout.connect, `confTO_CONNECT', 5m)
-_OPTION(Timeout.iconnect, `confTO_ICONNECT', 5m)
-_OPTION(Timeout.helo, `confTO_HELO', 5m)
-_OPTION(Timeout.mail, `confTO_MAIL', 10m)
-_OPTION(Timeout.rcpt, `confTO_RCPT', 1h)
-_OPTION(Timeout.datainit, `confTO_DATAINIT', 5m)
-_OPTION(Timeout.datablock, `confTO_DATABLOCK', 1h)
-_OPTION(Timeout.datafinal, `confTO_DATAFINAL', 1h)
-_OPTION(Timeout.rset, `confTO_RSET', 5m)
-_OPTION(Timeout.quit, `confTO_QUIT', 2m)
-_OPTION(Timeout.misc, `confTO_MISC', 2m)
-_OPTION(Timeout.command, `confTO_COMMAND', 1h)
-_OPTION(Timeout.ident, `confTO_IDENT', 30s)
-_OPTION(Timeout.fileopen, `confTO_FILEOPEN', 60s)
-_OPTION(Timeout.queuereturn, `confTO_QUEUERETURN', 5d)
-_OPTION(Timeout.queuereturn.normal, `confTO_QUEUERETURN_NORMAL', 5d)
-_OPTION(Timeout.queuereturn.urgent, `confTO_QUEUERETURN_URGENT', 2d)
-_OPTION(Timeout.queuereturn.non-urgent, `confTO_QUEUERETURN_NONURGENT', 7d)
-_OPTION(Timeout.queuewarn, `confTO_QUEUEWARN', 4h)
-_OPTION(Timeout.queuewarn.normal, `confTO_QUEUEWARN_NORMAL', 4h)
-_OPTION(Timeout.queuewarn.urgent, `confTO_QUEUEWARN_URGENT', 1h)
-_OPTION(Timeout.queuewarn.non-urgent, `confTO_QUEUEWARN_NONURGENT', 12h)
-_OPTION(Timeout.hoststatus, `confTO_HOSTSTATUS', 30m)
+_OPTION(Timeout.initial, `confTO_INITIAL', `5m')
+_OPTION(Timeout.connect, `confTO_CONNECT', `5m')
+_OPTION(Timeout.iconnect, `confTO_ICONNECT', `5m')
+_OPTION(Timeout.helo, `confTO_HELO', `5m')
+_OPTION(Timeout.mail, `confTO_MAIL', `10m')
+_OPTION(Timeout.rcpt, `confTO_RCPT', `1h')
+_OPTION(Timeout.datainit, `confTO_DATAINIT', `5m')
+_OPTION(Timeout.datablock, `confTO_DATABLOCK', `1h')
+_OPTION(Timeout.datafinal, `confTO_DATAFINAL', `1h')
+_OPTION(Timeout.rset, `confTO_RSET', `5m')
+_OPTION(Timeout.quit, `confTO_QUIT', `2m')
+_OPTION(Timeout.misc, `confTO_MISC', `2m')
+_OPTION(Timeout.command, `confTO_COMMAND', `1h')
+_OPTION(Timeout.ident, `confTO_IDENT', `5s')
+_OPTION(Timeout.fileopen, `confTO_FILEOPEN', `60s')
+_OPTION(Timeout.control, `confTO_CONTROL', `2m')
+_OPTION(Timeout.queuereturn, `confTO_QUEUERETURN', `5d')
+_OPTION(Timeout.queuereturn.normal, `confTO_QUEUERETURN_NORMAL', `5d')
+_OPTION(Timeout.queuereturn.urgent, `confTO_QUEUERETURN_URGENT', `2d')
+_OPTION(Timeout.queuereturn.non-urgent, `confTO_QUEUERETURN_NONURGENT', `7d')
+_OPTION(Timeout.queuewarn, `confTO_QUEUEWARN', `4h')
+_OPTION(Timeout.queuewarn.normal, `confTO_QUEUEWARN_NORMAL', `4h')
+_OPTION(Timeout.queuewarn.urgent, `confTO_QUEUEWARN_URGENT', `1h')
+_OPTION(Timeout.queuewarn.non-urgent, `confTO_QUEUEWARN_NONURGENT', `12h')
+_OPTION(Timeout.hoststatus, `confTO_HOSTSTATUS', `30m')
+_OPTION(Timeout.resolver.retrans, `confTO_RESOLVER_RETRANS', `5s')
+_OPTION(Timeout.resolver.retrans.first, `confTO_RESOLVER_RETRANS_FIRST', `5s')
+_OPTION(Timeout.resolver.retrans.normal, `confTO_RESOLVER_RETRANS_NORMAL', `5s')
+_OPTION(Timeout.resolver.retry, `confTO_RESOLVER_RETRY', `4')
+_OPTION(Timeout.resolver.retry.first, `confTO_RESOLVER_RETRY_FIRST', `4')
+_OPTION(Timeout.resolver.retry.normal, `confTO_RESOLVER_RETRY_NORMAL', `4')
 
 # should we not prune routes in route-addr syntax addresses?
-_OPTION(DontPruneRoutes, `confDONT_PRUNE_ROUTES')
+_OPTION(DontPruneRoutes, `confDONT_PRUNE_ROUTES', `False')
 
 # queue up everything before forking?
-_OPTION(SuperSafe, `confSAFE_QUEUE')
+_OPTION(SuperSafe, `confSAFE_QUEUE', `True')
 
 # status file
-O StatusFile=ifdef(`STATUS_FILE', `STATUS_FILE', ifdef(`_USE_ETC_MAIL_', /etc/mail/statistics, /etc/sendmail.st))
+O StatusFile=ifdef(`STATUS_FILE', `STATUS_FILE', `MAIL_SETTINGS_DIR`'statistics')
 
 # time zone handling:
 #  if undefined, use system default
@@ -362,125 +383,185 @@ ifelse(confTIME_ZONE, `USE_SYSTEM', `#O TimeZoneSpec=',
 	`O TimeZoneSpec=confTIME_ZONE')
 
 # default UID (can be username or userid:groupid)
-_OPTION(DefaultUser, `confDEF_USER_ID', mailnull)
+_OPTION(DefaultUser, `confDEF_USER_ID', `mailnull')
 
 # list of locations of user database file (null means no lookup)
-_OPTION(UserDatabaseSpec, `confUSERDB_SPEC', ifdef(`_USE_ETC_MAIL_', /etc/mail/userdb, /etc/userdb))
+_OPTION(UserDatabaseSpec, `confUSERDB_SPEC', `MAIL_SETTINGS_DIR`'userdb')
 
 # fallback MX host
-_OPTION(FallbackMXhost, `confFALLBACK_MX', fall.back.host.net)
+_OPTION(FallbackMXhost, `confFALLBACK_MX', `fall.back.host.net')
 
 # if we are the best MX host for a site, try it directly instead of config err
-_OPTION(TryNullMXList, `confTRY_NULL_MX_LIST')
+_OPTION(TryNullMXList, `confTRY_NULL_MX_LIST', `False')
 
 # load average at which we just queue messages
-_OPTION(QueueLA, `confQUEUE_LA', 8)
+_OPTION(QueueLA, `confQUEUE_LA', `8')
 
 # load average at which we refuse connections
-_OPTION(RefuseLA, `confREFUSE_LA', 12)
+_OPTION(RefuseLA, `confREFUSE_LA', `12')
 
 # maximum number of children we allow at one time
-_OPTION(MaxDaemonChildren, `confMAX_DAEMON_CHILDREN', 12)
+_OPTION(MaxDaemonChildren, `confMAX_DAEMON_CHILDREN', `12')
 
 # maximum number of new connections per second
-_OPTION(ConnectionRateThrottle, `confCONNECTION_RATE_THROTTLE', 3)
+_OPTION(ConnectionRateThrottle, `confCONNECTION_RATE_THROTTLE', `3')
 
 # work recipient factor
-_OPTION(RecipientFactor, `confWORK_RECIPIENT_FACTOR', 30000)
+_OPTION(RecipientFactor, `confWORK_RECIPIENT_FACTOR', `30000')
 
 # deliver each queued job in a separate process?
-_OPTION(ForkEachJob, `confSEPARATE_PROC')
+_OPTION(ForkEachJob, `confSEPARATE_PROC', `False')
 
 # work class factor
-_OPTION(ClassFactor, `confWORK_CLASS_FACTOR', 1800)
+_OPTION(ClassFactor, `confWORK_CLASS_FACTOR', `1800')
 
 # work time factor
-_OPTION(RetryFactor, `confWORK_TIME_FACTOR', 90000)
+_OPTION(RetryFactor, `confWORK_TIME_FACTOR', `90000')
 
 # shall we sort the queue by hostname first?
-_OPTION(QueueSortOrder, `confQUEUE_SORT_ORDER', priority)
+_OPTION(QueueSortOrder, `confQUEUE_SORT_ORDER', `priority')
 
 # minimum time in queue before retry
-_OPTION(MinQueueAge, `confMIN_QUEUE_AGE', 30m)
+_OPTION(MinQueueAge, `confMIN_QUEUE_AGE', `30m')
 
 # default character set
-_OPTION(DefaultCharSet, `confDEF_CHAR_SET', iso-8859-1)
+_OPTION(DefaultCharSet, `confDEF_CHAR_SET', `iso-8859-1')
 
 # service switch file (ignored on Solaris, Ultrix, OSF/1, others)
-_OPTION(ServiceSwitchFile, `confSERVICE_SWITCH_FILE', ifdef(`_USE_ETC_MAIL_', /etc/mail/service.switch, /etc/service.switch))
+_OPTION(ServiceSwitchFile, `confSERVICE_SWITCH_FILE', `MAIL_SETTINGS_DIR`'service.switch')
 
 # hosts file (normally /etc/hosts)
-_OPTION(HostsFile, `confHOSTS_FILE', /etc/hosts)
+_OPTION(HostsFile, `confHOSTS_FILE', `/etc/hosts')
 
 # dialup line delay on connection failure
-_OPTION(DialDelay, `confDIAL_DELAY', 10s)
+_OPTION(DialDelay, `confDIAL_DELAY', `10s')
 
 # action to take if there are no recipients in the message
-_OPTION(NoRecipientAction, `confNO_RCPT_ACTION', add-to-undisclosed)
+_OPTION(NoRecipientAction, `confNO_RCPT_ACTION', `add-to-undisclosed')
 
 # chrooted environment for writing to files
-_OPTION(SafeFileEnvironment, `confSAFE_FILE_ENV', /arch)
+_OPTION(SafeFileEnvironment, `confSAFE_FILE_ENV', `/arch')
 
 # are colons OK in addresses?
-_OPTION(ColonOkInAddr, `confCOLON_OK_IN_ADDR')
+_OPTION(ColonOkInAddr, `confCOLON_OK_IN_ADDR', `True')
 
 # how many jobs can you process in the queue?
-_OPTION(MaxQueueRunSize, `confMAX_QUEUE_RUN_SIZE', 10000)
+_OPTION(MaxQueueRunSize, `confMAX_QUEUE_RUN_SIZE', `10000')
 
 # shall I avoid expanding CNAMEs (violates protocols)?
-_OPTION(DontExpandCnames, `confDONT_EXPAND_CNAMES')
+_OPTION(DontExpandCnames, `confDONT_EXPAND_CNAMES', `False')
 
 # SMTP initial login message (old $e macro)
-_OPTION(SmtpGreetingMessage, `confSMTP_LOGIN_MSG')
+_OPTION(SmtpGreetingMessage, `confSMTP_LOGIN_MSG', `$j Sendmail $v ready at $b')
 
 # UNIX initial From header format (old $l macro)
-_OPTION(UnixFromLine, `confFROM_LINE')
+_OPTION(UnixFromLine, `confFROM_LINE', `From $g $d')
 
 # From: lines that have embedded newlines are unwrapped onto one line
-_OPTION(SingleLineFromHeader, `confSINGLE_LINE_FROM_HEADER', False)
+_OPTION(SingleLineFromHeader, `confSINGLE_LINE_FROM_HEADER', `False')
 
 # Allow HELO SMTP command that does not `include' a host name
-_OPTION(AllowBogusHELO, `confALLOW_BOGUS_HELO', False)
+_OPTION(AllowBogusHELO, `confALLOW_BOGUS_HELO', `False')
 
 # Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
-_OPTION(MustQuoteChars, `confMUST_QUOTE_CHARS', .)
+_OPTION(MustQuoteChars, `confMUST_QUOTE_CHARS', `.')
 
 # delimiter (operator) characters (old $o macro)
-_OPTION(OperatorChars, `confOPERATORS')
+_OPTION(OperatorChars, `confOPERATORS', `.:@[]')
 
 # shall I avoid calling initgroups(3) because of high NIS costs?
-_OPTION(DontInitGroups, `confDONT_INIT_GROUPS')
+_OPTION(DontInitGroups, `confDONT_INIT_GROUPS', `False')
 
 # are group-writable `:include:' and .forward files (un)trustworthy?
-_OPTION(UnsafeGroupWrites, `confUNSAFE_GROUP_WRITES')
+_OPTION(UnsafeGroupWrites, `confUNSAFE_GROUP_WRITES', `True')
 
 # where do errors that occur when sending errors get sent?
-_OPTION(DoubleBounceAddress, `confDOUBLE_BOUNCE_ADDRESS', postmaster)
+_OPTION(DoubleBounceAddress, `confDOUBLE_BOUNCE_ADDRESS', `postmaster')
+
+# where to save bounces if all else fails
+_OPTION(DeadLetterDrop, `confDEAD_LETTER_DROP', `/var/tmp/dead.letter')
 
 # what user id do we assume for the majority of the processing?
-_OPTION(RunAsUser, `confRUN_AS_USER', sendmail)
+_OPTION(RunAsUser, `confRUN_AS_USER', `sendmail')
 
 # maximum number of recipients per SMTP envelope
-_OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', 100)
+_OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', `100')
 
 # shall we get local names from our installed interfaces?
-_OPTION(DontProbeInterfaces, `confDONT_PROBE_INTERFACES')
+_OPTION(DontProbeInterfaces, `confDONT_PROBE_INTERFACES', `False')
 
-ifdef(`confTRUSTED_USER',
-`# Trusted user for file ownership and starting the daemon
-O TrustedUser=confTRUSTED_USER
-')
-ifdef(`confCONTROL_SOCKET_NAME',
-`# Control socket for daemon management
-O ControlSocketName=confCONTROL_SOCKET_NAME
-')
-ifdef(`confMAX_MIME_HEADER_LENGTH',
-`# Maximum MIME header length to protect MUAs
-O MaxMimeHeaderLength=confMAX_MIME_HEADER_LENGTH
-')
-ifdef(`confMAX_HEADERS_LENGTH',
-`# Maximum length of the sum of all headers
-O MaxHeadersLength=confMAX_HEADERS_LENGTH
+# Return-Receipt-To: header implies DSN request
+_OPTION(RrtImpliesDsn, `confRRT_IMPLIES_DSN', `False')
+
+# override connection address (for testing)
+_OPTION(ConnectOnlyTo, `confCONNECT_ONLY_TO', `0.0.0.0')
+
+# Trusted user for file ownership and starting the daemon
+_OPTION(TrustedUser, `confTRUSTED_USER', `root')
+
+# Control socket for daemon management
+_OPTION(ControlSocketName, `confCONTROL_SOCKET_NAME', `/var/spool/mqueue/.control')
+
+# Maximum MIME header length to protect MUAs
+_OPTION(MaxMimeHeaderLength, `confMAX_MIME_HEADER_LENGTH', `0/0')
+
+# Maximum length of the sum of all headers
+_OPTION(MaxHeadersLength, `confMAX_HEADERS_LENGTH', `32768')
+
+# Maximum depth of alias recursion
+_OPTION(MaxAliasRecursion, `confMAX_ALIAS_RECURSION', `10')
+
+# location of pid file
+_OPTION(PidFile, `confPID_FILE', `/var/run/sendmail.pid')
+
+# Prefix string for the process title shown on 'ps' listings
+_OPTION(ProcessTitlePrefix, `confPROCESS_TITLE_PREFIX', `prefix')
+
+# Data file (df) memory-buffer file maximum size
+_OPTION(DataFileBufferSize, `confDF_BUFFER_SIZE', `4096')
+
+# Transcript file (xf) memory-buffer file maximum size
+_OPTION(XscriptFileBufferSize, `confXF_BUFFER_SIZE', `4096')
+
+# list of authentication mechanisms
+_OPTION(AuthMechanisms, `confAUTH_MECHANISMS', `GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5')
+
+# default authentication information for outgoing connections
+_OPTION(DefaultAuthInfo, `confDEF_AUTH_INFO', `MAIL_SETTINGS_DIR`'default-auth-info')
+
+# SMTP AUTH flags
+_OPTION(AuthOptions, `confAUTH_OPTIONS', `')
+
+ifdef(`_FFR_MILTER', `
+# Input mail filters
+_OPTION(InputMailFilters, `confINPUT_MAIL_FILTERS', `')
+
+# Milter options
+_OPTION(Milter.macros.connect, `confMILTER_MACROS_CONNECT', `')
+_OPTION(Milter.macros.helo, `confMILTER_MACROS_HELO', `')
+_OPTION(Milter.macros.envfrom, `confMILTER_MACROS_ENVFROM', `')
+_OPTION(Milter.macros.envrcpt, `confMILTER_MACROS_ENVRCPT', `')')
+
+# CA directory
+_OPTION(CACERTPath, `confCACERT_PATH', `')
+# CA file
+_OPTION(CACERTFile, `confCACERT', `')
+# Server Cert
+_OPTION(ServerCertFile, `confSERVER_CERT', `')
+# Server private key
+_OPTION(ServerKeyFile, `confSERVER_KEY', `')
+# Client Cert
+_OPTION(ClientCertFile, `confCLIENT_CERT', `')
+# Client private key
+_OPTION(ClientKeyFile, `confCLIENT_KEY', `')
+# DHParameters (only required if DSA/DH is used)
+_OPTION(DHParameters, `confDH_PARAMETERS', `')
+# Random data source (required for systems without /dev/urandom under OpenSSL)
+_OPTION(RandFile, `confRAND_FILE', `')
+
+ifdef(`confQUEUE_FILE_MODE',
+`# queue file mode (qf files)
+O QueueFileMode=confQUEUE_FILE_MODE
 ')
 
 ###########################
@@ -498,7 +579,7 @@ Pjunk=-100
 #####################
 
 # this is equivalent to setting class "t"
-ifdef(`_USE_CT_FILE_', `', `#')Ft`'ifdef(`confCT_FILE', confCT_FILE, ifdef(`_USE_ETC_MAIL_', `/etc/mail/trusted-users', `/etc/sendmail.ct'))
+ifdef(`_USE_CT_FILE_', `', `#')Ft`'ifdef(`confCT_FILE', confCT_FILE, `MAIL_SETTINGS_DIR`'trusted-users')
 Troot
 Tdaemon
 ifdef(`_NO_UUCP_', `dnl', `Tuucp')
@@ -520,9 +601,7 @@ H?x?Full-Name: $x
 # H?l?Received-Date: $b
 H?M?Resent-Message-Id: <$t.$i@$j>
 H?M?Message-Id: <$t.$i@$j>
-ifdef(`_NULL_CLIENT_ONLY_',
-	`include(_CF_DIR_`'m4/nullrelay.m4)m4exit',
-	`dnl')
+
 #
 ######################################################################
 ######################################################################
@@ -535,7 +614,7 @@ ifdef(`_NULL_CLIENT_ONLY_',
 ############################################
 ###  Ruleset 3 -- Name Canonicalization  ###
 ############################################
-S3
+Scanonify=3
 
 # handle null input (translate to <@> special case)
 R$@			$@ <@>
@@ -546,7 +625,7 @@ R$* < $* > $* <@>	$: $1 < $2 > $3			unmark <addr>
 R@ $* <@>		$: @ $1				unmark @host:...
 R$* :: $* <@>		$: $1 :: $2			unmark node::addr
 R:`include': $* <@>	$: :`include': $1			unmark :`include':...
-R$* [ $* : $* ] <@>	$: $1 [ $2 : $3 ]		unmark IPv6 addrs
+R$* [ IPv6 $- ] <@>	$: $1 [ IPv6 $2 ]		unmark IPv6 addr
 R$* : $* [ $* ]		$: $1 : $2 [ $3 ] <@>		remark if leading colon
 R$* : $* <@>		$: $2				strip colon if marked
 R$* <@>			$: $1				unmark
@@ -563,71 +642,84 @@ R< $* > $+		   < $1 >			strip excess on right
 R<>			$@ < @ >			MAIL FROM:<> case
 R< $+ >			$: $1				remove housekeeping <>
 
+ifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl
 # make sure <@a,@b,@c:user@d> syntax is easy to parse -- undone later
 R@ $+ , $+		@ $1 : $2			change all "," to ":"
 
 # localize and dispose of route-based addresses
-R@ $+ : $+		$@ $>96 < @$1 > : $2		handle <route-addr>
+R@ $+ : $+		$@ $>Canonify2 < @$1 > : $2	handle <route-addr>
+dnl',`dnl
+# strip route address <@a,@b,@c:user@d> -> <user@d>
+R@ $+ , $+		$2
+R@ $+ : $+		$2
+dnl')
 
 # find focus for list syntax
-R $+ : $* ; @ $+	$@ $>96 $1 : $2 ; < @ $3 >	list syntax
+R $+ : $* ; @ $+	$@ $>Canonify2 $1 : $2 ; < @ $3 >	list syntax
 R $+ : $* ;		$@ $1 : $2;			list syntax
 
 # find focus for @ syntax addresses
 R$+ @ $+		$: $1 < @ $2 >			focus on domain
 R$+ < $+ @ $+ >		$1 $2 < @ $3 >			move gaze right
-R$+ < @ $+ >		$@ $>96 $1 < @ $2 >		already canonical
+R$+ < @ $+ >		$@ $>Canonify2 $1 < @ $2 >	already canonical
 
 # do some sanity checking
 R$* < @ $* : $* > $*	$1 < @ $2 $3 > $4		nix colons in addrs
 
 ifdef(`_NO_UUCP_', `dnl',
 `# convert old-style addresses to a domain-based address
-R$- ! $+		$@ $>96 $2 < @ $1 .UUCP >	resolve uucp names
-R$+ . $- ! $+		$@ $>96 $3 < @ $1 . $2 >		domain uucps
-R$+ ! $+		$@ $>96 $2 < @ $1 .UUCP >	uucp subdomains
+R$- ! $+		$@ $>Canonify2 $2 < @ $1 .UUCP >	resolve uucp names
+R$+ . $- ! $+		$@ $>Canonify2 $3 < @ $1 . $2 >		domain uucps
+R$+ ! $+		$@ $>Canonify2 $2 < @ $1 .UUCP >	uucp subdomains
 ')
 ifdef(`_USE_DECNET_SYNTAX_',
 `# convert node::user addresses into a domain-based address
-R$- :: $+		$@ $>96 $2 < @ $1 .DECNET >	resolve DECnet names
-R$- . $- :: $+		$@ $>96 $3 < @ $1.$2 .DECNET >	numeric DECnet addr
+R$- :: $+		$@ $>Canonify2 $2 < @ $1 .DECNET >	resolve DECnet names
+R$- . $- :: $+		$@ $>Canonify2 $3 < @ $1.$2 .DECNET >	numeric DECnet addr
 ',
 	`dnl')
 # if we have % signs, take the rightmost one
 R$* % $*		$1 @ $2				First make them all @s.
 R$* @ $* @ $*		$1 % $2 @ $3			Undo all but the last.
-R$* @ $*		$@ $>96 $1 < @ $2 >		Insert < > and finish
+R$* @ $*		$@ $>Canonify2 $1 < @ $2 >	Insert < > and finish
 
 # else we must be a local name
-R$*			$@ $>96 $1
+R$*			$@ $>Canonify2 $1
 
 
 ################################################
 ###  Ruleset 96 -- bottom half of ruleset 3  ###
 ################################################
 
-S96
+SCanonify2=96
 
 # handle special cases for local names
 R$* < @ localhost > $*		$: $1 < @ $j . > $2		no domain at all
 R$* < @ localhost . $m > $*	$: $1 < @ $j . > $2		local domain
 ifdef(`_NO_UUCP_', `dnl',
 `R$* < @ localhost . UUCP > $*	$: $1 < @ $j . > $2		.UUCP domain')
+
+# check for IPv6 domain literal (save quoted form)
+R$* < @ [ IPv6 $- ] > $*	$: $2 $| $1 < @@ [ $(dequote $2 $) ] > $3	mark IPv6 addr
+R$- $| $* < @@ $=w > $*		$: $2 < @ $j . > $4		self-literal
+R$- $| $* < @@ [ $+ ] > $*	$@ $2 < @ [ IPv6 $1 ] > $4	canon IP addr
+
+# check for IPv4 domain literal
 R$* < @ [ $+ ] > $*		$: $1 < @@ [ $2 ] > $3		mark [a.b.c.d]
 R$* < @@ $=w > $*		$: $1 < @ $j . > $3		self-literal
 R$* < @@ $+ > $*		$@ $1 < @ $2 > $3		canon IP addr
 
-ifdef(`DOMAIN_TABLE', `dnl
+ifdef(`_DOMAIN_TABLE_', `dnl
 # look up domains in the domain table
 R$* < @ $+ > $* 		$: $1 < @ $(domaintable $2 $) > $3', `dnl')
 
-undivert(2)dnl
+undivert(2)dnl LOCAL_RULE_3
 
-ifdef(`BITDOMAIN_TABLE', `dnl
+ifdef(`_BITDOMAIN_TABLE_', `dnl
 # handle BITNET mapping
 R$* < @ $+ .BITNET > $*		$: $1 < @ $(bitdomain $2 $: $2.BITNET $) > $3', `dnl')
 
-ifdef(`UUDOMAIN_TABLE', `dnl
+ifdef(`_UUDOMAIN_TABLE_', `dnl
 # handle UUCP mapping
 R$* < @ $+ .UUCP > $*		$: $1 < @ $(uudomain $2 $: $2.UUCP $) > $3', `dnl')
 
@@ -652,31 +744,69 @@ ifdef(`_NO_CANONIFY_', `dnl', `dnl
 R$* < @ $+ . UUCP > $*		$: $1 < @ $[ $2 $] . UUCP . > $3
 R$* < @ $+ . . UUCP . > $*	$@ $1 < @ $2 . > $3')
 ')')
-ifdef(`_NO_CANONIFY_', `dnl', `dnl
+# hostnames ending in class P are always canonical
+R$* < @ $* $=P > $*		$: $1 < @ $2 $3 . > $4
+dnl apply the next rule only for hostnames not in class P
+dnl this even works for phrases in class P since . is in class P
+dnl which daemon flags are set?
+R$* < @ $* $~P > $*		$: $&{daemon_flags} $| $1 < @ $2 $3 > $4
+dnl the other rules in this section only apply if the hostname
+dnl does not end in class P hence no further checks are done here
+dnl if this ever changes make sure the lookups are "protected" again!
+ifdef(`_NO_CANONIFY_', `dnl
+dnl do not canonify unless:
+dnl domain ends in class {Canonify} (this does not work if the intersection
+dnl	with class P is non-empty)
+dnl or {daemon_flags} has c set
+# pass to name server to make hostname canonical if in class {Canonify}
+R$* $| $* < @ $* $={Canonify} > $*	$: $2 < @ $[ $3 $4 $] > $5
+# pass to name server to make hostname canonical if requested
+R$* c $* $| $* < @ $* > $*	$: $3 < @ $[ $4 $] > $5
+dnl trailing dot? -> do not apply _CANONIFY_HOSTS_
+R$* $| $* < @ $+ . > $*		$: $2 < @ $3 . > $4
+# add a trailing dot to qualified hostnames so other rules will work
+R$* $| $* < @ $+.$+ > $*	$: $2 < @ $3.$4 . > $5
+ifdef(`_CANONIFY_HOSTS_', `dnl
+dnl this should only apply to unqualified hostnames
+dnl but if a valid character inside an unqualified hostname is an OperatorChar
+dnl then $- does not work.
+# lookup unqualified hostnames
+R$* $| $* < @ $* > $*	$: $2 < @ $[ $3 $] > $4', `dnl')', `dnl
+dnl _NO_CANONIFY_ is not set: canonify unless:
+dnl {daemon_flags} contains CC (do not canonify)
+R$* CC $* $| $*			$: $3
 # pass to name server to make hostname canonical
-R$* < @ $* $~P > $*		$: $1 < @ $[ $2 $3 $] > $4')
+R$* $| $* < @ $* > $*		$: $2 < @ $[ $3 $] > $4')
+dnl remove {daemon_flags} for other cases
+R$* $| $*			$: $2
 
 # local host aliases and pseudo-domains are always canonical
 R$* < @ $=w > $*		$: $1 < @ $2 . > $3
-R$* < @ $j > $*			$: $1 < @ $j . > $2
 ifdef(`_MASQUERADE_ENTIRE_DOMAIN_',
 `R$* < @ $* $=M > $*		$: $1 < @ $2 $3 . > $4',
 `R$* < @ $=M > $*		$: $1 < @ $2 . > $3')
-R$* < @ $* $=P > $*		$: $1 < @ $2 $3 . > $4
+ifdef(`_VIRTUSER_TABLE_', `dnl
+dnl virtual hosts are also canonical
+ifdef(`_VIRTUSER_ENTIRE_DOMAIN_',
+`R$* < @ $* $={VirtHost} > $* 	$: $1 < @ $2 $3 . > $4',
+`R$* < @ $={VirtHost} > $* 	$: $1 < @ $2 . > $3')',
+`dnl')
+dnl remove superfluous dots (maybe repeatedly) which may have been added
+dnl by one of the rules before
 R$* < @ $* . . > $*		$1 < @ $2 . > $3
 
 
 ##################################################
 ###  Ruleset 4 -- Final Output Post-rewriting  ###
 ##################################################
-S4
+Sfinal=4
 
 R$* <@>			$@				handle <> and list:;
 
 # strip trailing dot off possibly canonical name
 R$* < @ $+ . > $*	$1 < @ $2 > $3
 
-# eliminate internal code -- should never get this far!
+# eliminate internal code
 R$* < @ *LOCAL* > $*	$1 < @ $j > $2
 
 # externalize local domain info
@@ -702,20 +832,20 @@ R$+ % $=w @ $=w		$1 @ $2				u%host@host => u@host
 ###		   (used for recursive calls)		   ###
 ##############################################################
 
-S`'97
-R$*			$: $>3 $1
-R$*			$@ $>0 $1
+SRecurse=97
+R$*			$: $>canonify $1
+R$*			$@ $>parse $1
 
 
 ######################################
 ###   Ruleset 0 -- Parse Address   ###
 ######################################
 
-S0
+Sparse=0
 
 R$*			$: $>Parse0 $1		initial parsing
 R<@>			$#_LOCAL_ $: <@>		special case error msgs
-R$*			$: $>98 $1		handle local hacks
+R$*			$: $>ParseLocal $1	handle local hacks
 R$*			$: $>Parse1 $1		final parsing
 
 #
@@ -727,26 +857,28 @@ R$*			$: $>Parse1 $1		final parsing
 
 SParse0
 R<@>			$@ <@>			special case error msgs
-R$* : $* ; <@>		$#error $@ 5.1.3 $: "List:; syntax illegal for recipient addresses"
-#R@ <@ $* >		< @ $1 >		catch "@@host" bogosity
-R<@ $+>			$#error $@ 5.1.3 $: "User address required"
+R$* : $* ; <@>		$#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
+R@ <@ $* >		< @ $1 >		catch "@@host" bogosity
+R<@ $+>			$#error $@ 5.1.3 $: "553 User address required"
 R$*			$: <> $1
 R<> $* < @ [ $+ ] > $*	$1 < @ [ $2 ] > $3
-R<> $* <$* : $* > $*	$#error $@ 5.1.3 $: "Colon illegal in host name part"
+R<> $* <$* : $* > $*	$#error $@ 5.1.3 $: "553 Colon illegal in host name part"
 R<> $*			$1
-R$* < @ . $* > $*	$#error $@ 5.1.2 $: "Invalid host name"
-R$* < @ $* .. $* > $*	$#error $@ 5.1.2 $: "Invalid host name"
+R$* < @ . $* > $*	$#error $@ 5.1.2 $: "553 Invalid host name"
+R$* < @ $* .. $* > $*	$#error $@ 5.1.2 $: "553 Invalid host name"
+dnl comma only allowed before @; this check is not complete
+R$* , $~O $*		$#error $@ 5.1.2 $: "553 Invalid route address"
 
 # now delete the local info -- note $=O to find characters that cause forwarding
-R$* < @ > $*		$@ $>Parse0 $>3 $1		user@ => user
-R< @ $=w . > : $*	$@ $>Parse0 $>3 $2		@here:... -> ...
+R$* < @ > $*		$@ $>Parse0 $>canonify $1	user@ => user
+R< @ $=w . > : $*	$@ $>Parse0 $>canonify $2	@here:... -> ...
 R$- < @ $=w . >		$: $(dequote $1 $) < @ $2 . >	dequote "foo"@here
-R< @ $+ >		$#error $@ 5.1.3 $: "User address required"
-R$* $=O $* < @ $=w . >	$@ $>Parse0 $>3 $1 $2 $3	...@here -> ...
+R< @ $+ >		$#error $@ 5.1.3 $: "553 User address required"
+R$* $=O $* < @ $=w . >	$@ $>Parse0 $>canonify $1 $2 $3	...@here -> ...
 R$- 			$: $(dequote $1 $) < @ *LOCAL* >	dequote "foo"
-R< @ *LOCAL* >		$#error $@ 5.1.3 $: "User address required"
+R< @ *LOCAL* >		$#error $@ 5.1.3 $: "553 User address required"
 R$* $=O $* < @ *LOCAL* >
-			$@ $>Parse0 $>3 $1 $2 $3	...@*LOCAL* -> ...
+			$@ $>Parse0 $>canonify $1 $2 $3	...@*LOCAL* -> ...
 R$* < @ *LOCAL* >	$: $1
 
 #
@@ -754,64 +886,90 @@ R$* < @ *LOCAL* >	$: $1
 #
 
 SParse1
+ifdef(`_LDAP_ROUTING_', `dnl
+# handle LDAP routing for hosts in $={LDAPRoute}
+R$+ < @ $={LDAPRoute} . >	$: $>LDAPExpand <$1 < @ $2 . >> <$1 @ $2>',
+`dnl')
+
+
 ifdef(`_MAILER_smtp_',
 `# handle numeric address spec
-R$* < @ [ $+ ] > $*	$: $>98 $1 < @ [ $2 ] > $3	numeric internet spec
-R$* < @ [ $+ ] > $*	$#_SMTP_ $@ [$2] $: $1 < @ [$2] > $3	still numeric: send',
+dnl there is no check whether this is really an IP number
+R$* < @ [ $+ ] > $*	$: $>ParseLocal $1 < @ [ $2 ] > $3	numeric internet spec
+R$* < @ [ $+ ] > $*	$1 < @ [ $2 ] : $S > $3		Add smart host to path
+R$* < @ [ IPv6 $- ] : > $*
+		$#_SMTP_ $@ [ $(dequote $2 $) ] $: $1 < @ [IPv6 $2 ] > $3	no smarthost: send
+R$* < @ [ $+ ] : > $*	$#_SMTP_ $@ [$2] $: $1 < @ [$2] > $3	no smarthost: send
+R$* < @ [ $+ ] : $- : $*> $*	$#$3 $@ $4 $: $1 < @ [$2] > $5	smarthost with mailer
+R$* < @ [ $+ ] : $+ > $*	$#_SMTP_ $@ $3 $: $1 < @ [$2] > $4	smarthost without mailer',
 	`dnl')
 
-ifdef(`VIRTUSER_TABLE', `dnl
+ifdef(`_VIRTUSER_TABLE_', `dnl
 # handle virtual users
-R$+ < @ $=w . > 	$: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
+R$+			$: <!> $1		Mark for lookup
+ifdef(`_VIRTUSER_ENTIRE_DOMAIN_',
+`R<!> $+ < @ $* $={VirtHost} . > 	$: < $(virtuser $1 @ $2 $3 $@ $1 $: @ $) > $1 < @ $2 $3 . >',
+`R<!> $+ < @ $={VirtHost} . > 	$: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >')
+R<!> $+ < @ $=w . > 	$: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
 R<@> $+ + $* < @ $* . >
-			$: < $(virtuser $1 + * @ $3 $@ $1 $: @ $) > $1 + $2 < @ $3 . >
+			$: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 . >
 R<@> $+ + $* < @ $* . >
 			$: < $(virtuser $1 @ $3 $@ $1 $: @ $) > $1 + $2 < @ $3 . >
+dnl try default entry: @domain
+dnl +*@domain
+R<@> $+ + $+ < @ $+ . >	$: < $(virtuser + * @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 . >
+dnl @domain if +detail exists
+R<@> $+ + $* < @ $+ . >	$: < $(virtuser @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 . >
+dnl without +detail (or no match)
 R<@> $+ < @ $+ . >	$: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
 R<@> $+			$: $1
+R<!> $+			$: $1
+R< error : $-.$-.$- : $+ > $* 	$#error $@ $1.$2.$3 $: $4
 R< error : $- $+ > $* 	$#error $@ $(dequote $1 $) $: $2
-R< $+ > $+ < @ $+ >	$: $>97 $1',
+R< $+ > $+ < @ $+ >	$: $>Recurse $1',
 `dnl')
 
 # short circuit local delivery so forwarded email works
 ifdef(`_MAILER_usenet_', `dnl
-R$+ . USENET < @ $=w . >	$#usenet $: $1		handle usenet specially', `dnl')
+R$+ . USENET < @ $=w . >	$#usenet $@ usenet $: $1	handle usenet specially', `dnl')
 ifdef(`_STICKY_LOCAL_DOMAIN_',
 `R$+ < @ $=w . >		$: < $H > $1 < @ $2 . >		first try hub
-R< $+ > $+ < $+ >	$>95 < $1 > $2 < $3 >		yep ....
+R< $+ > $+ < $+ >	$>MailerToTriple < $1 > $2 < $3 >	yep ....
+dnl $H empty (but @$=w.)
 R< > $+ + $* < $+ >	$#_LOCAL_ $: $1 + $2		plussed name?
 R< > $+ < $+ >		$#_LOCAL_ $: @ $1			nope, local address',
-`R$=L < @ $=w . >	$#_LOCAL_ $: @ $1		special local names
+`R$=L < @ $=w . >	$#_LOCAL_ $: @ $1			special local names
 R$+ < @ $=w . >		$#_LOCAL_ $: $1			regular local name')
 
-ifdef(`MAILER_TABLE', `dnl
+ifdef(`_MAILER_TABLE_', `dnl
 # not local -- try mailer table lookup
 R$* <@ $+ > $*		$: < $2 > $1 < @ $2 > $3	extract host name
 R< $+ . > $*		$: < $1 > $2			strip trailing dot
 R< $+ > $*		$: < $(mailertable $1 $) > $2	lookup
-R< $~[ : $* > $* 	$>95 < $1 : $2 > $3		check -- resolved?
-R< $+ > $*		$: $>90 <$1> $2			try domain',
+dnl it is $~[ instead of $- to avoid matches on IPv6 addresses
+R< $~[ : $* > $* 	$>MailerToTriple < $1 : $2 > $3		check -- resolved?
+R< $+ > $*		$: $>Mailertable <$1> $2		try domain',
 `dnl')
-undivert(4)dnl
+undivert(4)dnl UUCP rules from `MAILER(uucp)'
 
 ifdef(`_NO_UUCP_', `dnl',
 `# resolve remotely connected UUCP links (if any)
 ifdef(`_CLASS_V_',
-`R$* < @ $=V . UUCP . > $*		$: $>95 < $V > $1 <@$2.UUCP.> $3',
+`R$* < @ $=V . UUCP . > $*		$: $>MailerToTriple < $V > $1 <@$2.UUCP.> $3',
 	`dnl')
 ifdef(`_CLASS_W_',
-`R$* < @ $=W . UUCP . > $*		$: $>95 < $W > $1 <@$2.UUCP.> $3',
+`R$* < @ $=W . UUCP . > $*		$: $>MailerToTriple < $W > $1 <@$2.UUCP.> $3',
 	`dnl')
 ifdef(`_CLASS_X_',
-`R$* < @ $=X . UUCP . > $*		$: $>95 < $X > $1 <@$2.UUCP.> $3',
+`R$* < @ $=X . UUCP . > $*		$: $>MailerToTriple < $X > $1 <@$2.UUCP.> $3',
 	`dnl')')
 
 # resolve fake top level domains by forwarding to other hosts
 ifdef(`BITNET_RELAY',
-`R$*<@$+.BITNET.>$*	$: $>95 < $B > $1 <@$2.BITNET.> $3	user@host.BITNET',
+`R$*<@$+.BITNET.>$*	$: $>MailerToTriple < $B > $1 <@$2.BITNET.> $3	user@host.BITNET',
 	`dnl')
 ifdef(`DECNET_RELAY',
-`R$*<@$+.DECNET.>$*	$: $>95 < $C > $1 <@$2.DECNET.> $3	user@host.DECNET',
+`R$*<@$+.DECNET.>$*	$: $>MailerToTriple < $C > $1 <@$2.DECNET.> $3	user@host.DECNET',
 	`dnl')
 ifdef(`_MAILER_pop_',
 `R$+ < @ POP. >		$#pop $: $1			user@POP',
@@ -819,19 +977,19 @@ ifdef(`_MAILER_pop_',
 ifdef(`_MAILER_fax_',
 `R$+ < @ $+ .FAX. >	$#fax $@ $2 $: $1		user@host.FAX',
 `ifdef(`FAX_RELAY',
-`R$*<@$+.FAX.>$*		$: $>95 < $F > $1 <@$2.FAX.> $3	user@host.FAX',
+`R$*<@$+.FAX.>$*		$: $>MailerToTriple < $F > $1 <@$2.FAX.> $3	user@host.FAX',
 	`dnl')')
 
 ifdef(`UUCP_RELAY',
 `# forward non-local UUCP traffic to our UUCP relay
-R$*<@$*.UUCP.>$*		$: $>95 < $Y > $1 <@$2.UUCP.> $3	uucp mail',
+R$*<@$*.UUCP.>$*		$: $>MailerToTriple < $Y > $1 <@$2.UUCP.> $3	uucp mail',
 `ifdef(`_MAILER_uucp_',
 `# forward other UUCP traffic straight to UUCP
 R$* < @ $+ .UUCP. > $*		$#_UUCP_ $@ $2 $: $1 < @ $2 .UUCP. > $3	user@host.UUCP',
 	`dnl')')
 ifdef(`_MAILER_usenet_', `
 # addresses sent to net.group.USENET will get forwarded to a newsgroup
-R$+ . USENET		$#usenet $: $1',
+R$+ . USENET		$#usenet $@ usenet $: $1',
 	`dnl')
 
 ifdef(`_LOCAL_RULES_',
@@ -839,22 +997,26 @@ ifdef(`_LOCAL_RULES_',
 undivert(1)', `dnl')
 
 # pass names that still have a host to a smarthost (if defined)
-R$* < @ $* > $*		$: $>95 < $S > $1 < @ $2 > $3	glue on smarthost name
+R$* < @ $* > $*		$: $>MailerToTriple < $S > $1 < @ $2 > $3	glue on smarthost name
 
 # deal with other remote names
 ifdef(`_MAILER_smtp_',
-`R$* < @$* > $*		$#_SMTP_ $@ $2 $: $1 < @ $2 > $3		user@host.domain',
-`R$* < @$* > $*		$#error $@ 5.1.2 $: "Unrecognized host name " $2')
+`R$* < @$* > $*		$#_SMTP_ $@ $2 $: $1 < @ $2 > $3	user@host.domain',
+`R$* < @$* > $*		$#error $@ 5.1.2 $: "553 Unrecognized host name " $2')
 
 # handle locally delivered names
-R$=L			$#_LOCAL_ $: @ $1			special local names
+R$=L			$#_LOCAL_ $: @ $1		special local names
 R$+			$#_LOCAL_ $: $1			regular local names
 
 ###########################################################################
 ###   Ruleset 5 -- special rewriting after aliases have been expanded   ###
 ###########################################################################
 
-S5
+SLocal_localaddr
+Slocaladdr=5
+R$+			$: $1 $| $>"Local_localaddr" $1
+R$+ $| $#$*		$#$2
+R$+ $| $*		$: $1
 
 # deal with plussed users so aliases work nicely
 R$+ + *			$#_LOCAL_ $@ $&h $: $1
@@ -865,61 +1027,87 @@ R$+			$: <> $1
 
 ifdef(`LUSER_RELAY', `dnl
 # send unrecognized local users to a relay host
-R< > $+ 		$: < $L . > $(user $1 $)	look up user
-R< $* > $+ <> $*	$: < > $2 $3			found; strip $L
-R< $* . > $+		$: < $1 > $2			strip extra dot',
+R< > $+ 		$: < $L > $(user $1 $)		look up user
+R< $* > $+ <>		$: < > $2			found; strip $L',
 `dnl')
 
 # see if we have a relay or a hub
 R< > $+			$: < $H > $1			try hub
 R< > $+			$: < $R > $1			try relay
-R< > $+			$: < > < $1 $&h >		nope, restore +detail
+R< > $+			$: < > < $1 <> $&h >		nope, restore +detail
+R< > < $+ <> + $* >	$: < > < $1 + $2 >		check whether +detail
+R< > < $+ <> $* >	$: < > < $1 >			else discard
 R< > < $+ + $* > $*	   < > < $1 > + $2 $3		find the user part
 R< > < $+ > + $*	$#_LOCAL_ $@ $2 $: @ $1		strip the extra +
 R< > < $+ >		$@ $1				no +detail
 R$+			$: $1 <> $&h			add +detail back in
 R$+ <> + $*		$: $1 + $2			check whether +detail
 R$+ <> $*		$: $1				else discard
-R< local : $* > $*	$: $>95 < local : $1 > $2	no host extension
-R< error : $* > $*	$: $>95 < error : $1 > $2	no host extension
-R< $- : $+ > $+		$: $>95 < $1 : $2 > $3 < @ $2 >
-R< $+ > $+		$@ $>95 < $1 > $2 < @ $1 >
+R< local : $* > $*	$: $>MailerToTriple < local : $1 > $2	no host extension
+R< error : $* > $*	$: $>MailerToTriple < error : $1 > $2	no host extension
+R< $- : $+ > $+		$: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
+R< $+ > $+		$@ $>MailerToTriple < $1 > $2 < @ $1 >
 
-ifdef(`MAILER_TABLE', `dnl
+ifdef(`_MAILER_TABLE_', `dnl
 ###################################################################
 ###  Ruleset 90 -- try domain part of mailertable entry 	###
+dnl input: LeftPartOfDomain <RightPartOfDomain> FullAddress
 ###################################################################
 
-S90
+SMailertable=90
+dnl shift and check
+dnl %2 is not documented in cf/README
 R$* <$- . $+ > $*	$: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4
-R$* <$~[ : $* > $*	$>95 < $2 : $3 > $4		check -- resolved?
-R$* < . $+ > $* 	$@ $>90 $1 . <$2> $3		no -- strip & try again
+dnl it is $~[ instead of $- to avoid matches on IPv6 addresses
+R$* <$~[ : $* > $*	$>MailerToTriple < $2 : $3 > $4		check -- resolved?
+R$* < . $+ > $* 	$@ $>Mailertable $1 . <$2> $3		no -- strip & try again
+dnl is $2 always empty?
 R$* < $* > $*		$: < $(mailertable . $@ $1$2 $) > $3	try "."
-R< $~[ : $* > $*	$>95 < $1 : $2 > $3		"." found?
+R< $~[ : $* > $*	$>MailerToTriple < $1 : $2 > $3		"." found?
+dnl return full address
 R< $* > $*		$@ $2				no mailertable match',
 `dnl')
 
 ###################################################################
 ###  Ruleset 95 -- canonify mailer:[user@]host syntax to triple	###
+dnl input: in general: <[mailer:]host> lp<@domain>rest
+dnl	<> address				-> address
+dnl	<error:d.s.n:text>			-> error
+dnl	<error:text>				-> error
+dnl	<mailer:user@host> lp<@domain>rest	-> mailer host user
+dnl	<mailer:host> address			-> mailer host address
+dnl	<localdomain> address			-> address
+dnl	<[IPv6 number]> address			-> relay number address
+dnl	<host> address				-> relay host address
 ###################################################################
 
-S95
+SMailerToTriple=95
 R< > $*				$@ $1			strip off null relay
+R< error : $-.$-.$- : $+ > $* 	$#error $@ $1.$2.$3 $: $4
 R< error : $- $+ > $*		$#error $@ $(dequote $1 $) $: $2
 R< local : $* > $*		$>CanonLocal < $1 > $2
 R< $- : $+ @ $+ > $*<$*>$*	$# $1 $@ $3 $: $2<@$3>	use literal user
 R< $- : $+ > $*			$# $1 $@ $2 $: $3	try qualified mailer
 R< $=w > $*			$@ $2			delete local host
+R< [ IPv6 $+ ] > $*		$#_RELAY_ $@ $(dequote $1 $) $: $2	use unqualified mailer
 R< $+ > $*			$#_RELAY_ $@ $1 $: $2	use unqualified mailer
 
 ###################################################################
 ###  Ruleset CanonLocal -- canonify local: syntax		###
+dnl input: <user> address
+dnl <x> <@host> : rest			-> Recurse rest
+dnl <x> p1 $=O p2 <@host>		-> Recurse p1 $=O p2
+dnl <> user <@host> rest		-> local user@host user
+dnl <> user				-> local user user
+dnl <user@host> lp <@domain> rest	-> <user> lp <@host> [cont]
+dnl <user> lp <@host> rest		-> local lp@host user
+dnl <user> lp				-> local lp user
 ###################################################################
 
 SCanonLocal
 # strip local host from routed addresses
-R< $* > < @ $+ > : $+		$@ $>97 $3
-R< $* > $+ $=O $+ < @ $+ >	$@ $>97 $2 $3 $4
+R< $* > < @ $+ > : $+		$@ $>Recurse $3
+R< $* > $+ $=O $+ < @ $+ >	$@ $>Recurse $2 $3 $4
 
 # strip trailing dot from any host name that may appear
 R< $* > $* < @ $* . >		$: < $1 > $2 < @ $3 >
@@ -939,21 +1127,42 @@ R< $+ > $* 			$#_LOCAL_ $@ $2    $: $1
 ###  Ruleset 93 -- convert header names to masqueraded form	###
 ###################################################################
 
-S93
+SMasqHdr=93
 
-ifdef(`GENERICS_TABLE', `dnl
+ifdef(`_GENERICS_TABLE_', `dnl
 # handle generics database
 ifdef(`_GENERICS_ENTIRE_DOMAIN_',
+dnl if generics should be applied add a @ as mark
 `R$+ < @ $* $=G . >	$: < $1@$2$3 > $1 < @ $2$3 . > @	mark',
 `R$+ < @ $=G . >	$: < $1@$2 > $1 < @ $2 . > @	mark')
 R$+ < @ *LOCAL* >	$: < $1@$j > $1 < @ *LOCAL* > @	mark
-R< $+ > $+ < $* > @	$: < $(generics $1 $: $) > $2 < $3 >
+dnl workspace: either user<@domain> or <user@domain> user <@domain> @
+dnl ignore the first case for now
+dnl if it has the mark lookup full address
+R< $+ > $+ < $* > @	$: < $(generics $1 $: @ $1 $) > $2 < $3 >
+dnl workspace: ... or <match|@user@domain> user <@domain>
+dnl no match, try user+detail@domain
+R<@$+ + $* @ $+> $+ < @ $+ >
+		$: < $(generics $1+*@$3 $@ $2 $:@$1 + $2@$3 $) >  $4 < @ $5 >
+R<@$+ + $* @ $+> $+ < @ $+ >
+		$: < $(generics $1@$3 $: $) > $4 < @ $5 >
+dnl no match, remove mark
+R<@$+ > $+ < @ $+ >	$: < > $2 < @ $3 >
+dnl no match, try @domain for exceptions
+R< > $+ < @ $+ . >	$: < $(generics @$2 $@ $1 $: $) > $1 < @ $2 . >
+dnl workspace: ... or <match> user <@domain>
+dnl no match, try local part
 R< > $+ < @ $+ > 	$: < $(generics $1 $: $) > $1 < @ $2 >
-R< $* @ $* > $* < $* >	$@ $>3 $1 @ $2			found qualified
-R< $+ > $* < $* >	$: $>3 $1 @ *LOCAL*		found unqualified
+R< > $+ + $* < @ $+ > 	$: < $(generics $1+* $@ $2 $: $) > $1 + $2 < @ $3 >
+R< > $+ + $* < @ $+ > 	$: < $(generics $1 $: $) > $1 + $2 < @ $3 >
+R< $* @ $* > $* < $* >	$@ $>canonify $1 @ $2		found qualified
+R< $+ > $* < $* >	$: $>canonify $1 @ *LOCAL*	found unqualified
 R< > $*			$: $1				not found',
 `dnl')
 
+# do not masquerade anything in class N
+R$* < @ $* $=N . >	$@ $1 < @ $2 $3 . >
+
 # special case the users that should be exposed
 R$=E < @ *LOCAL* >	$@ $1 < @ $j . >		leave exposed
 ifdef(`_MASQUERADE_ENTIRE_DOMAIN_',
@@ -976,34 +1185,95 @@ R$* < @ $+ @ $+ > $*	$: $1 < @ $3 . > $4		$M is not null
 ###  Ruleset 94 -- convert envelope names to masqueraded form	###
 ###################################################################
 
-S94
+SMasqEnv=94
 ifdef(`_MASQUERADE_ENVELOPE_',
-`R$+			$@ $>93 $1',
+`R$+			$@ $>MasqHdr $1',
 `R$* < @ *LOCAL* > $*	$: $1 < @ $j . > $2')
 
 ###################################################################
 ###  Ruleset 98 -- local part of ruleset zero (can be null)	###
 ###################################################################
 
-S98
-undivert(3)dnl
+SParseLocal=98
+undivert(3)dnl LOCAL_RULE_0
+
+ifdef(`_LDAP_ROUTING_', `dnl
+SLDAPExpand
+# do the LDAP lookups
+R<$+><$+>		$: <$(ldapmra $2 $: $)> <$(ldapmh $2 $: $)> <$1> <$2>
+
+# if mailRoutingAddress and local or non-existant mailHost,
+# return the new mailRoutingAddress
+R< $+ > < $=w > < $+ > < $+ >	$@ $>Parse0 $>canonify $1
+R< $+ > <  > < $+ > < $+ >	$@ $>Parse0 $>canonify $1
+
+# if mailRoutingAddress and non-local mailHost,
+# relay to mailHost with new mailRoutingAddress
+R< $+ > < $+ > < $+ > < $+ >	$#_RELAY_ $@ $2 $: $>canonify $1
 
-ifelse(substr(confDELIVERY_MODE,0,1), `d', `errprint(`WARNING: Antispam rules not available in deferred delivery mode.')')
-ifdef(`ACCESS_TABLE', `dnl
+# if no mailRoutingAddress and local mailHost,
+# return original address
+R< > < $=w > <$+> <$+>		$@ $2
+
+# if no mailRoutingAddress and non-local mailHost,
+# relay to mailHost with original address
+R< > < $+ > <$+> <$+>		$#_RELAY_ $@ $1 $: $2
+
+# if no mailRoutingAddress and no mailHost,
+# try @domain
+R< > < > <$+> <$+ @ $+>		$@ $>LDAPExpand <$1> <@ $3>
+
+# if no mailRoutingAddress and no mailHost and this was a domain attempt,
+ifelse(_LDAP_ROUTING_, `_MUST_EXIST_', `dnl
+# user does not exist
+R< > < > <$+> <@ $+>		$#error $@ nouser $: "550 User unknown"',
+`dnl
+# return the original address
+R< > < > <$+> <@ $+>		$@ $1')',
+`dnl')
+
+ifelse(substr(confDELIVERY_MODE,0,1), `d', `errprint(`WARNING: Antispam rules not available in deferred delivery mode.
+')')
+ifdef(`_ACCESS_TABLE_', `dnl
 ######################################################################
 ###  LookUpDomain -- search for domain in access database
 ###
 ###	Parameters:
 ###		<$1> -- key (domain name)
 ###		<$2> -- default (what to return if not found in db)
+dnl			must not be empty
 ###		<$3> -- passthru (additional data passed unchanged through)
+###		<$4> -- mark (must be <(!|+) single-token>)
+###			! does lookup only with tag
+###			+ does lookup with and without tag
+dnl returns:		<default> <passthru>
+dnl 			<result> <passthru>
 ######################################################################
 
 SLookUpDomain
-R<$+> <$+> <$*>		$: < $(access $1 $: ? $) > <$1> <$2> <$3>
-R<?> <$+.$+> <$+> <$*>	$@ $>LookUpDomain <$2> <$3> <$4>
-R<?> <$+> <$+> <$*>	$@ <$2> <$3>
-R<$*> <$+> <$+> <$*>	$@ <$1> <$4>
+dnl remove IPv6 mark and dequote address
+dnl it is a bit ugly because it is checked on each "iteration"
+R<[IPv6 $-]> <$+> <$*> <$*>	$: <[$(dequote $1 $)]> <$2> <$3> <$4>
+dnl workspace <key> <default> <passthru> <mark>
+dnl lookup with tag (in front, no delimiter here)
+R<$*> <$+> <$*> <$- $->		$: < $(access $5`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3> <$4 $5>
+dnl workspace <result-of-lookup|?> <key> <default> <passthru> <mark>
+ifdef(`_FFR_LOOKUPDOTDOMAIN', `dnl omit first component: lookup .rest
+R<?> <$+.$+> <$+> <$*> <$- $->	$: < $(access $5`'_TAG_DELIM_`'.$2 $: ? $) > <$1.$2> <$3> <$4> <$5 $6>', `dnl')
+dnl lookup without tag?
+R<?> <$+> <$+> <$*> <+ $*>	$: < $(access $1 $: ? $) > <$1> <$2> <$3> <+ $4>
+ifdef(`_FFR_LOOKUPDOTDOMAIN', `dnl omit first component: lookup .rest
+R<?> <$+.$+> <$+> <$*> <+ $*>	$: < $(access .$2 $: ? $) > <$1.$2> <$3> <$4> <+ $5>', `dnl')
+dnl lookup IP address (no check is done whether it is an IP number!)
+R<?> <[$+.$-]> <$+> <$*> <$*>	$@ $>LookUpDomain <[$1]> <$3> <$4> <$5>
+dnl lookup IPv6 address
+R<?> <[$+:$-]> <$+> <$*> <$*>	$: $>LookUpDomain <[$1]> <$3> <$4> <$5>
+dnl not found, but subdomain: try again
+R<?> <$+.$+> <$+> <$*> <$*>	$@ $>LookUpDomain <$2> <$3> <$4> <$5>
+dnl not found, no subdomain: return default
+R<?> <$+> <$+> <$*> <$*>	$@ <$2> <$3>
+dnl return result of lookup
+R<$*> <$+> <$+> <$*> <$*>	$@ <$1> <$4>
 
 ######################################################################
 ###  LookUpAddress -- search for host address in access database
@@ -1011,14 +1281,28 @@ R<$*> <$+> <$+> <$*>	$@ <$1> <$4>
 ###	Parameters:
 ###		<$1> -- key (dot quadded host address)
 ###		<$2> -- default (what to return if not found in db)
+dnl			must not be empty
 ###		<$3> -- passthru (additional data passed through)
+###		<$4> -- mark (must be <(!|+) single-token>)
+###			! does lookup only with tag
+###			+ does lookup with and without tag
+dnl	returns:	<default> <passthru>
+dnl			<result> <passthru>
 ######################################################################
 
 SLookUpAddress
-R<$+> <$+> <$*>		$: < $(access $1 $: ? $) > <$1> <$2> <$3>
-R<?> <$+.$-> <$+> <$*>	$@ $>LookUpAddress <$1> <$3> <$4>
-R<?> <$+> <$+> <$*>	$@ <$2> <$3>
-R<$*> <$+> <$+> <$*>	$@ <$1> <$4>',
+dnl lookup with tag
+R<$+> <$+> <$*> <$- $+>		$: < $(access $5`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3> <$4 $5>
+dnl lookup without tag
+R<?> <$+> <$+> <$*> <+ $+>	$: < $(access $1 $: ? $) > <$1> <$2> <$3> <+ $4>
+dnl no match; IPv6: remove last part
+R<?> <$+:$-> <$+> <$*> <$*>	$@ $>LookUpAddress <$1> <$3> <$4> <$5>
+dnl no match; IPv4: remove last part
+R<?> <$+.$-> <$+> <$*> <$*>	$@ $>LookUpAddress <$1> <$3> <$4> <$5>
+dnl no match: return default
+R<?> <$+> <$+> <$*> <$*>	$@ <$2> <$3>
+dnl match: return result
+R<$*> <$+> <$+> <$*> <$*>	$@ <$1> <$4>',
 `dnl')
 
 ######################################################################
@@ -1031,13 +1315,17 @@ R<$*> <$+> <$+> <$*>	$@ <$1> <$4>',
 ###
 ###	Returns:
 ###		parsed address, not in source route form
+dnl		user%host%host<@domain>
+dnl		host!user<@domain>
 ######################################################################
 
 SCanonAddr
-R$*			$: $>Parse0 $>3 $1	make domain canonical
+R$*			$: $>Parse0 $>canonify $1	make domain canonical
+ifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl
 R< @ $+ > : $* @ $*	< @ $1 > : $2 % $3	change @ to % in src route
 R$* < @ $+ > : $* : $*	$3 $1 < @ $2 > : $4	change to % hack.
 R$* < @ $+ > : $*	$3 $1 < @ $2 >
+dnl')
 
 ######################################################################
 ###  ParseRecipient --	Strip off hosts in $=R as well as possibly
@@ -1052,42 +1340,56 @@ R$* < @ $+ > : $*	$3 $1 < @ $2 >
 ######################################################################
 
 SParseRecipient
+dnl mark and canonify address
 R$*				$: <?> $>CanonAddr $1
+dnl workspace: <?> localpart<@domain[.]>
 R<?> $* < @ $* . >		<?> $1 < @ $2 >			strip trailing dots
+dnl workspace: <?> localpart<@domain>
 R<?> $- < @ $* >		$: <?> $(dequote $1 $) < @ $2 >	dequote local part
 
 # if no $=O character, no host in the user portion, we are done
 R<?> $* $=O $* < @ $* >		$: <NO> $1 $2 $3 < @ $4>
+dnl no $=O in localpart: return
 R<?> $*				$@ $1
 
+dnl workspace: <?> localpart<@domain>, where localpart contains $=O
+dnl mark everything which has an "authorized" domain with <RELAY>
 ifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl
 # if we relay, check username portion for user%host so host can be checked also
 R<NO> $* < @ $* $=m >		$: <RELAY> $1 < @ $2 $3 >', `dnl')
 
 ifdef(`_RELAY_MX_SERVED_', `dnl
+dnl do "we" ($=w) act as backup MX server for the destination domain?
 R<NO> $* < @ $+ >		$: <MX> < : $(mxserved $2 $) : > < $1 < @$2 > >
 R<MX> < : $* <TEMP> : > $*	$#error $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1
+dnl yes: mark it as <RELAY>
 R<MX> < $* : $=w. : $* > < $+ >	$: <RELAY> $4
+dnl no: put old <NO> mark back
 R<MX> < : $* : > < $+ >		$: <NO> $2', `dnl')
 
+dnl workspace: <(NO|RELAY)> localpart<@domain>, where localpart contains $=O
+dnl if mark is <NO> then change it to <RELAY> if domain is "authorized"
 ifdef(`_RELAY_HOSTS_ONLY_',
 `R<NO> $* < @ $=R >		$: <RELAY> $1 < @ $2 >
-ifdef(`ACCESS_TABLE', `dnl
+ifdef(`_ACCESS_TABLE_', `dnl
+R<NO> $* < @ $+ >		$: <$(access To:$2 $: NO $)> $1 < @ $2 >
 R<NO> $* < @ $+ >		$: <$(access $2 $: NO $)> $1 < @ $2 >',`dnl')',
 `R<NO> $* < @ $* $=R >		$: <RELAY> $1 < @ $2 $3 >
-ifdef(`ACCESS_TABLE', `dnl
-R<NO> $* < @ $+ >		$: $>LookUpDomain <$2> <NO> <$1 < @ $2 >>
+ifdef(`_ACCESS_TABLE_', `dnl
+R<NO> $* < @ $+ >		$: $>LookUpDomain <$2> <NO> <$1 < @ $2 >> <+To>
 R<$+> <$+>			$: <$1> $2',`dnl')')
 
+
 R<RELAY> $* < @ $* >		$@ $>ParseRecipient $1
 R<$-> $*			$@ $2
 
+
 ######################################################################
 ###  check_relay -- check hostname/address on SMTP startup
 ######################################################################
 
 SLocal_check_relay
-Scheck_relay
+Scheck`'_U_`'relay
 R$*			$: $1 $| $>"Local_check_relay" $1
 R$* $| $* $| $#$*	$#$3
 R$* $| $* $| $*		$@ $>"Basic_check_relay" $1 $| $2
@@ -1098,30 +1400,35 @@ R$*			$: < ${deliveryMode} > $1
 R< d > $*		$@ deferred
 R< $* > $*		$: $2
 
-ifdef(`ACCESS_TABLE', `dnl
-R$+ $| $+		$: $>LookUpDomain < $1 > <?> < $2 >
-R<?> < $+ >		$: $>LookUpAddress < $1 > <?> < $1 >
-R<?> < $+ >		$: $1
-R<OK> < $* >		$@ OK
-R<RELAY> < $* >		$@ RELAY
-R<REJECT> $*		$#error $@ 5.7.1 $: "ifdef(`confREJECT_MSG', `confREJECT_MSG', `550 Access denied')"
+ifdef(`_ACCESS_TABLE_', `dnl
+R$+ $| $+		$: $>LookUpDomain < $1 > <?> < $2 > <+Connect>
+R<?> <$+>		$: $>LookUpAddress < $1 > <?> < $1 > <+Connect>	no: another lookup
+R<?> < $+ >		$: $1					found nothing
+R<$={Accept}> < $* >	$@ $1
+R<REJECT> $*		$#error ifdef(`confREJECT_MSG', `$: "confREJECT_MSG"', `$@ 5.7.1 $: "550 Access denied"')
 R<DISCARD> $*		$#discard $: discard
-R<$+> $*		$#error $@ 5.7.1 $: $1', `dnl')
-
-ifdef(`_RBL_', `dnl
-# DNS based IP address spam lists
+dnl error tag
+R<ERROR:$-.$-.$-:$+> $*		$#error $@ $1.$2.$3 $: $4
+R<ERROR:$+> $*		$#error $: $1
+dnl generic error from access map
+R<$+> $*		$#error $: $1', `dnl')
+
+ifdef(`_RBL_',`dnl
+# DNS based IP address spam list
 R$*			$: $&{client_addr}
-R$-.$-.$-.$-		$: $(host $4.$3.$2.$1._RBL_. $: OK $)
-ROK			$@ OK
-R$+			$#error $@ 5.7.1 $: "Mail from " $&{client_addr} " refused by blackhole site _RBL_"',
+R::ffff:$-.$-.$-.$-	$: <?> $(host $4.$3.$2.$1._RBL_. $: OK $)
+R$-.$-.$-.$-		$: <?> $(host $4.$3.$2.$1._RBL_. $: OK $)
+R<?>OK			$: OKSOFAR
+R<?>$+			$#error $@ 5.7.1 $: "550 Mail from " $&{client_addr} " refused by blackhole site _RBL_"',
 `dnl')
+undivert(8)
 
 ######################################################################
 ###  check_mail -- check SMTP ``MAIL FROM:'' command argument
 ######################################################################
 
 SLocal_check_mail
-Scheck_mail
+Scheck`'_U_`'mail
 R$*			$: $1 $| $>"Local_check_mail" $1
 R$* $| $#$*		$#$2
 R$* $| $*		$@ $>"Basic_check_mail" $1
@@ -1132,63 +1439,124 @@ R$*			$: < ${deliveryMode} > $1
 R< d > $*		$@ deferred
 R< $* > $*		$: $2
 
-R<>			$@ <OK>
-R$*			$: <?> $>CanonAddr $1
-R<?> $* < @ $+ . >	<?> $1 < @ $2 >			strip trailing dots
-# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
-R<?> $* < $* $=P > $*	$: <OK> $1 < @ $2 $3 > $4
-ifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_',
-`R<?> $* < @ $+ > $*	$: <OK> $1 < @ $2 > $3		... unresolvable OK',
-`R<?> $* < @ $+ > $*	$: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 > $3
-R<? $* <$->> $* < @ $+ > $*
-			$: <$2> $3 < @ $4 > $5')
+# authenticated?
+dnl done first: we can require authentication for every mail transaction
+dnl workspace: address as given by MAIL FROM: (sender)
+R$*			$: $1 $| $>"tls_client" $&{verify} $| MAIL
+R$* $| $#$+		$#$2
+dnl undo damage: remove result of tls_client call
+R$* $| $*		$: $1
 
+dnl workspace: address as given by MAIL FROM:
+R<>			$@ <OK>			we MUST accept <> (RFC 1123)
 ifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl
+dnl do some additional checks
+dnl no user@host
+dnl no user@localhost (if nonlocal sender)
+dnl this is a pretty simple canonification, it will not catch every case
+dnl just make sure the address has <> around it (which is required by
+dnl the RFC anyway, maybe we should complain if they are missing...)
+dnl dirty trick: if it is user@host, just add a dot: user@host. this will
+dnl not be modified by host lookups.
+R$+			$: <?> $1
+R<?><$+>		$: <@> <$1>
+R<?>$+			$: <@> <$1>
+dnl workspace: <@> <address>
+dnl prepend daemon_flags
+R$*			$: $&{daemon_flags} $| $1
+dnl workspace: ${daemon_flags} $| <@> <address>
+dnl do not allow these at all or only from local systems?
+R$* f $* $| <@> < $* @ $- >	$: < ? $&{client_name} > < $3 @ $4 >
+dnl accept unqualified sender: change mark to avoid test
+R$* u $* $| <@> < $* >	$: <?> < $3 >
+dnl workspace: ${daemon_flags} $| <@> <address>
+dnl        or:                    <? ${client_name} > <address>
+dnl        or:                    <?> <address>
+dnl remove daemon_flags
+R$* $| $*		$: $2
 # handle case of @localhost on address
-R<$+> $* < @localhost >	$: < ? $&{client_name} > <$1> $2 < @localhost >
-R<$+> $* < @localhost.$m >
-			$: < ? $&{client_name} > <$1> $2 < @localhost.$m >
+R<@> < $* @ localhost >	$: < ? $&{client_name} > < $1 @ localhost >
+R<@> < $* @ [127.0.0.1] >
+			$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
+R<@> < $* @ localhost.$m >
+			$: < ? $&{client_name} > < $1 @ localhost.$m >
 ifdef(`_NO_UUCP_', `dnl',
-`R<$+> $* < @localhost.UUCP >
-			$: < ? $&{client_name} > <$1> $2 < @localhost.UUCP >')
-R<? $=w> <$+> $*	<?> <$2> $3
-R<? $+> <$+> $*		$#error $@ 5.5.4 $: "553 Real domain name required"
-R<?> <$+> $*		$: <$1> $2')
-
-ifdef(`ACCESS_TABLE', `dnl
-# lookup localpart (user@)
-R<$+> $* < @ $+ > $*	$: <USER $(access $2@ $: ? $) > <$1> $2 < @ $3 > $4
-# no match, try full address (user@domain rest)
-R<USER ?> <$+> $* < @ $* > $*
-			$: <USER $(access $2@$3$4 $: ? $) > <$1> $2 < @ $3 > $4
-# no match, try address (user@domain)
-R<USER ?> <$+> $+ < @ $+ > $*
-			$: <USER $(access $2@$3 $: ? $) > <$1> $2 < @ $3 > $4
-# no match, try (sub)domain (domain)
-R<USER ?> <$+> $* < @ $+ > $*
-			$: $>LookUpDomain <$3> <$1> <>
-# check unqualified user in access database
-R<?> $*			$: <USER $(access $1@ $: ? $) > <?> $1
+`R<@> < $* @ localhost.UUCP >
+			$: < ? $&{client_name} > < $1 @ localhost.UUCP >')
+dnl workspace: < ? $&{client_name} > <user@localhost|host>
+dnl	or:    <@> <address>
+dnl	or:    <?> <address>	(thanks to u in ${daemon_flags})
+R<@> $*			$: $1			no localhost as domain
+dnl workspace: < ? $&{client_name} > <user@localhost|host>
+dnl	or:    <address>
+dnl	or:    <?> <address>	(thanks to u in ${daemon_flags})
+R<? $=w> $*		$: $2			local client: ok
+R<? $+> <$+>		$#error $@ 5.5.4 $: "553 Real domain name required"
+dnl remove <?> (happens only if ${client_name} == "" or u in ${daemon_flags})
+R<?> $*			$: $1')
+dnl workspace: address (or <address>)
+R$*			$: <?> $>CanonAddr $1		canonify sender address and mark it
+dnl workspace: <?> CanonicalAddress (i.e. address in canonical form localpart<@host>)
+dnl there is nothing behind the <@host> so no trailing $* needed
+R<?> $* < @ $+ . >	<?> $1 < @ $2 >			strip trailing dots
+# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
+R<?> $* < @ $* $=P >	$: <OK> $1 < @ $2 $3 >
+dnl workspace <mark> CanonicalAddress	where mark is ? or OK
+ifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_',
+`R<?> $* < @ $+ >	$: <OK> $1 < @ $2 >		... unresolvable OK',
+`R<?> $* < @ $+ >	$: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
+R<? $* <$->> $* < @ $+ >
+			$: <$2> $3 < @ $4 >')
+dnl workspace <mark> CanonicalAddress	where mark is ?, OK, PERM, TEMP
+dnl mark is ? iff the address is user (wo @domain)
+
+ifdef(`_ACCESS_TABLE_', `dnl
+# check sender address: user@address, user@, address
+dnl should we remove +ext from user?
+dnl workspace: <mark> CanonicalAddress where mark is: ?, OK, PERM, TEMP
+R<$+> $+ < @ $* >	$: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <H:$3>
+R<$+> $+		$: @<$1> <$2> $| <U:$2@>
+dnl workspace: @<mark> <CanonicalAddress> $| <@type:address> ....
+dnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>>
+dnl will only return user<@domain when "reversing" the args
+R@ <$+> <$*> $| <$+>	$: <@> <$1> <$2> $| $>SearchList <+From> $| <$3> <>
+dnl workspace: <@><mark> <CanonicalAddress> $| <result>
+R<@> <$+> <$*> $| <$*>	$: <$3> <$1> <$2>		reverse result
+dnl workspace: <result> <mark> <CanonicalAddress>
 # retransform for further use
-R<USER $+> <$+> $*	$: <$1> $3',
-`dnl')
+dnl required form:
+dnl <ResultOfLookup|mark> CanonicalAddress
+R<?> <$+> <$*>		$: <$1> $2	no match
+R<$+> <$+> <$*>		$: <$1> $3	relevant result, keep it', `dnl')
+dnl workspace <ResultOfLookup|mark> CanonicalAddress
+dnl mark is ? iff the address is user (wo @domain)
 
 ifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl
 # handle case of no @domain on address
+dnl prepend daemon_flags
+R<?> $*			$: $&{daemon_flags} $| <?> $1
+dnl accept unqualified sender: change mark to avoid test
+R$* u $* $| <?> $*	$: <OK> $3
+dnl remove daemon_flags
+R$* $| $*		$: $2
 R<?> $*			$: < ? $&{client_name} > $1
 R<?> $*			$@ <OK>				...local unqualed ok
 R<? $+> $*		$#error $@ 5.5.4 $: "553 Domain name required"
 							...remote is not')
 # check results
-R<?> $*			$@ <OK>
+R<?> $*			$: @ $1		mark address: nothing known about it
 R<OK> $*		$@ <OK>
-R<TEMP> $*		$#error $@ 4.1.8 $: "451 Sender domain must resolve"
-R<PERM> $*		$#error $@ 5.1.8 $: "501 Sender domain must exist"
-ifdef(`ACCESS_TABLE', `dnl
-R<RELAY> $*		$@ <RELAY>
+R<TEMP> $*		$#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
+R<PERM> $*		$#error $@ 5.1.8 $: "501 Domain of sender address " $&f " does not exist"
+ifdef(`_ACCESS_TABLE_', `dnl
+R<$={Accept}> $*	$# $1
 R<DISCARD> $*		$#discard $: discard
-R<REJECT> $*		$#error $@ 5.7.1 $: "ifdef(`confREJECT_MSG', `confREJECT_MSG', `550 Access denied')"
-R<$+> $*		$#error $@ 5.7.1 $: $1		error from access db',
+R<REJECT> $*		$#error ifdef(`confREJECT_MSG', `$: "confREJECT_MSG"', `$@ 5.7.1 $: "550 Access denied"')
+dnl error tag
+R<ERROR:$-.$-.$-:$+> $*		$#error $@ $1.$2.$3 $: $4
+R<ERROR:$+> $*		$#error $: $1
+dnl generic error from access map
+R<$+> $*		$#error $: $1		error from access db',
 `dnl')
 
 ######################################################################
@@ -1196,7 +1564,7 @@ R<$+> $*		$#error $@ 5.7.1 $: $1		error from access db',
 ######################################################################
 
 SLocal_check_rcpt
-Scheck_rcpt
+Scheck`'_U_`'rcpt
 R$*			$: $1 $| $>"Local_check_rcpt" $1
 R$* $| $#$*		$#$2
 R$* $| $*		$@ $>"Basic_check_rcpt" $1
@@ -1207,6 +1575,22 @@ R$*			$: < ${deliveryMode} > $1
 R< d > $*		$@ deferred
 R< $* > $*		$: $2
 
+ifdef(`_REQUIRE_QUAL_RCPT_', `dnl
+# require qualified recipient?
+R$+			$: <?> $1
+R<?><$+>		$: <@> <$1>
+R<?>$+			$: <@> <$1>
+dnl prepend daemon_flags
+R$*			$: $&{daemon_flags} $| $1
+dnl workspace: ${daemon_flags} $| <@> <address>
+dnl do not allow these at all or only from local systems?
+R$* r $* $| <@> < $* @ $- >	$: < ? $&{client_name} > < $3 @ $4 >
+R<?> < $* >		$: <$1>
+R<? $=w> < $* >		$: <$1>
+R<? $+> <$+>		$#error $@ 5.5.4 $: "553 Domain name required"
+dnl remove daemon_flags for other cases
+R$* $| <@> $*		$: $2', `dnl')
+
 ifdef(`_LOOSE_RELAY_CHECK_',`dnl
 R$*			$: $>CanonAddr $1
 R$* < @ $* . >		$1 < @ $2 >			strip trailing dots',
@@ -1219,49 +1603,89 @@ R$* < @ $* > $*			$: $1 < @ $2 @@ $(bestmx $2 $) > $3',
 `dnl
 # limit bestmx to $=B
 R$* < @ $* $=B > $*		$: $1 < @ $2 $3 @@ $(bestmx $2 $3 $) > $4')
-R$* $=O $* < @ $* @@ $=w . > $*	$@ $>Basic_check_rcpt $1 $2 $3
+R$* $=O $* < @ $* @@ $=w . > $*	$@ $>"Basic_check_rcpt" $1 $2 $3
 R$* < @ $* @@ $=w . > $*	$: $1 < @ $3 > $4
 R$* < @ $* @@ $* > $*		$: $1 < @ $2 > $4')
 
 ifdef(`_BLACKLIST_RCPT_',`dnl
-ifdef(`ACCESS_TABLE', `dnl
+ifdef(`_ACCESS_TABLE_', `dnl
 # blacklist local users or any host from receiving mail
 R$*			$: <?> $1
-R<?> $+ < @ $=w >	$: <> <USER $1> <FULL $1@$2> <HOST $2> <$1 < @ $2 >>
-R<?> $+ < @ $* >	$: <> <FULL $1@$2> <HOST $2> <$1 < @ $2 >>
-R<?> $+			$: <> <USER $1> <$1>
-R<> <USER $+> $*	$: <$(access $1 $: $)> $2
-R<> <FULL $+> $*	$: <$(access $1 $: $)> $2
-R<OK> <FULL $+> $*	$: <$(access $1 $: $)> $2
-R<> <HOST $+> $*	$: <$(access $1 $: $)> $2
-R<OK> <HOST $+> $*	$: <$(access $1 $: $)> $2
-R<> <$*>		$: $1
-R<OK> <$*>		$: $1
-R<RELAY> <$*>		$: $1
+dnl user is now tagged with @ to be consistent with check_mail
+dnl and to distinguish users from hosts (com would be host, com@ would be user)
+R<?> $+ < @ $=w >	$: <> <$1 < @ $2 >> $| <F:$1@$2> <U:$1@> <H:$2>
+R<?> $+ < @ $* >	$: <> <$1 < @ $2 >> $| <F:$1@$2> <H:$2>
+R<?> $+			$: <> <$1> $| <U:$1@>
+dnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>>
+dnl will only return user<@domain when "reversing" the args
+R<> <$*> $| <$+>	$: <@> <$1> $| $>SearchList <+To> $| <$2> <>
+R<@> <$*> $| <$*>	$: <$2> <$1>		reverse result
+R<?> <$*>		$: @ $1		mark address as no match
+R<$={Accept}> <$*>	$: @ $2		mark address as no match
+ifdef(`_DELAY_CHECKS_',`dnl
+dnl we have to filter these because otherwise they would be interpreted
+dnl as generic error message...
+dnl error messages should be "tagged" by prefixing them with error: !
+dnl that would make a lot of things easier.
+dnl maybe we should stop checks already here (if SPAM_xyx)?
+R<$={SpamTag}> <$*>	$: @ $2		mark address as no match')
 R<REJECT> $*		$#error $@ 5.2.1 $: "550 Mailbox disabled for this recipient"
-R<$+> $*		$#error $@ 5.2.1 $: $1			error from access db', `dnl')', `dnl')
-
-ifdef(`_PROMISCUOUS_RELAY_', `dnl', `dnl
+R<DISCARD> $*		$#discard $: discard
+dnl error tag
+R<ERROR:$-.$-.$-:$+> $*		$#error $@ $1.$2.$3 $: $4
+R<ERROR:$+> $*		$#error $: $1
+dnl generic error from access map
+R<$+> $*		$#error $: $1		error from access db
+R@ $*			$1		remove mark', `dnl')', `dnl')
+
+ifdef(`_PROMISCUOUS_RELAY_', `divert(-1)')
+# authenticated?
+dnl do this unconditionally? this requires to manage CAs carefully
+dnl just because someone has a CERT signed by a "trusted" CA
+dnl does not mean we want to allow relaying for her,
+dnl either use a subroutine or provide something more sophisticated
+dnl this could for example check the DN (maybe an access map lookup)
+R$*		$: $1 $| $>RelayAuth $1 $| $&{verify}	client authenticated?
+R$* $| $# $+		$# $2				error/ok?
+R$* $| $*		$: $1				no
+
+# authenticated by a trusted mechanism?
+R$*			$: $1 $| $&{auth_type}
+dnl empty ${auth_type}?
+R$* $|			$: $1
+dnl mechanism ${auth_type} accepted?
+dnl use $# to override further tests (delay_checks): see check_rcpt below
+R$* $| $={TrustAuthMech}	$# RELAYAUTH
+dnl undo addition of ${auth_type}
+R$* $| $*		$: $1
+dnl workspace: localpart<@domain>
+ifelse(defn(`_NO_UUCP_'), `r',
+`R$* ! $* < @ $* >	$: <REMOTE> $2 < @ BANG_PATH >', `dnl')
 # anything terminating locally is ok
 ifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl
-R$+ < @ $* $=m >	$@ OK', `dnl')
-R$+ < @ $=w >		$@ OK
+R$+ < @ $* $=m >	$@ RELAYTO', `dnl')
+R$+ < @ $=w >		$@ RELAYTO
 ifdef(`_RELAY_HOSTS_ONLY_',
-`R$+ < @ $=R >		$@ OK
-ifdef(`ACCESS_TABLE', `dnl
-R$+ < @ $* >		$: <$(access $2 $: ? $)> <$1 < @ $2 >>',`dnl')',
-`R$+ < @ $* $=R >	$@ OK
-ifdef(`ACCESS_TABLE', `dnl
-R$+ < @ $* >		$: $>LookUpDomain <$2> <?> <$1 < @ $2 >>',`dnl')')
-ifdef(`ACCESS_TABLE', `dnl
-R<RELAY> $*		$@ RELAY
+`R$+ < @ $=R >		$@ RELAYTO
+ifdef(`_ACCESS_TABLE_', `dnl
+R$+ < @ $+ >		$: <$(access To:$2 $: ? $)> <$1 < @ $2 >>
+dnl workspace: <Result-of-lookup | ?> <localpart<@domain>>
+R<?> <$+ < @ $+ >>	$: <$(access $2 $: ? $)> <$1 < @ $2 >>',`dnl')',
+`R$+ < @ $* $=R >	$@ RELAYTO
+ifdef(`_ACCESS_TABLE_', `dnl
+R$+ < @ $+ >		$: $>LookUpDomain <$2> <?> <$1 < @ $2 >> <+To>',`dnl')')
+ifdef(`_ACCESS_TABLE_', `dnl
+dnl workspace: <Result-of-lookup | ?> <localpart<@domain>>
+R<RELAY> $*		$@ RELAYTO
 R<$*> <$*>		$: $2',`dnl')
 
+
 ifdef(`_RELAY_MX_SERVED_', `dnl
 # allow relaying for hosts which we MX serve
-R$+ < @ $* >		$: < : $(mxserved $2 $) : > $1 < @ $2 >
+R$+ < @ $+ >		$: < : $(mxserved $2 $) : > $1 < @ $2 >
+dnl this must not necessarily happen if the client is checked first...
 R< : $* <TEMP> : > $*	$#error $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1
-R<$* : $=w . : $*> $*	$@ OK
+R<$* : $=w . : $*> $*	$@ RELAYTO
 R< : $* : > $*		$: $2',
 `dnl')
 
@@ -1269,55 +1693,374 @@ R< : $* : > $*		$: $2',
 R$*			$: <?> $1
 R<?> $* < @ $+ >	$: <REMOTE> $1 < @ $2 >
 # local user is ok
-R<?> $+			$@ OK
+dnl is it really? the standard requires user@domain, not just user
+dnl but we should accept it anyway (maybe making it an option:
+dnl RequireFQDN ?)
+dnl postmaster must be accepted without domain (DRUMS)
+ifdef(`_REQUIRE_QUAL_RCPT_', `dnl
+R<?> postmaster		$@ TOPOSTMASTER
+# require qualified recipient?
+dnl prepend daemon_flags
+R<?> $+			$: $&{daemon_flags} $| <?> $1
+dnl workspace: ${daemon_flags} $| <?> localpart
+dnl do not allow these at all or only from local systems?
+dnl r flag? add client_name
+R$* r $* $| <?> $+	$: < ? $&{client_name} > <?> $3
+dnl no r flag: relay to local user (only local part)
+# no qualified recipient required
+R$* $| <?> $+		$@ RELAYTOLOCAL
+dnl client_name is empty
+R<?> <?> $+		$@ RELAYTOLOCAL
+dnl client_name is local
+R<? $=w> <?> $+		$@ RELAYTOLOCAL
+dnl client_name is not local
+R<? $+> $+		$#error $@ 5.5.4 $: "553 Domain name required"', `dnl
+dnl no qualified recipient required
+R<?> $+			$@ RELAYTOLOCAL')
+dnl it is a remote user: remove mark and then check client
 R<$+> $*		$: $2
+dnl currently the recipient address is not used below
 
 # anything originating locally is ok
+# check IP address
+R$*			$: $&{client_addr}
+R$@			$@ RELAYFROM		originated locally
+R0			$@ RELAYFROM		originated locally
+R$=R $*			$@ RELAYFROM		relayable IP address
+ifdef(`_ACCESS_TABLE_', `dnl
+R$*			$: $>LookUpAddress <$1> <?> <$1> <+Connect>
+R<RELAY> $* 		$@ RELAYFROM		relayable IP address
+R<$*> <$*>		$: $2', `dnl')
+R$*			$: [ $1 ]		put brackets around it...
+R$=w			$@ RELAYFROM		... and see if it is local
+
+ifdef(`_RELAY_DB_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl
+ifdef(`_RELAY_LOCAL_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl
+ifdef(`_RELAY_MAIL_FROM_', `dnl
+dnl input: {client_addr} or something "broken"
+dnl just throw the input away; we do not need it.
+# check whether FROM is allowed to use system as relay
+R$*			$: <?> $>CanonAddr $&f
+ifdef(`_RELAY_LOCAL_FROM_', `dnl
+# check whether local FROM is ok
+R<?> $+ < @ $=w . >	$@ RELAYFROMMAIL	FROM local', `dnl')
+ifdef(`_RELAY_DB_FROM_', `dnl
+R<?> $+ < @ $+ . >	<?> $1 < @ $2 >		remove trailing dot
+R<?> $+ < @ $+ >	$: $1 < @ $2 > $| $>SearchList <! From> $| <F:$1@$2> ifdef(`_RELAY_DB_FROM_DOMAIN_', `<H:$2>') <>
+R$* <RELAY>		$@ RELAYFROMMAIL	RELAY FROM sender ok', `dnl
+ifdef(`_RELAY_DB_FROM_DOMAIN_', `errprint(`*** ERROR: _RELAY_DB_FROM_DOMAIN_ requires _RELAY_DB_FROM_
+')',
+`dnl')
+dnl')', `dnl')
+
+# check client name: first: did it resolve?
+dnl input: ignored
+R$*			$: < $&{client_resolve} >
+R<TEMP>			$#error $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
+R<FORGED>		$#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
+R<FAIL>			$#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
+dnl ${client_resolve} should be OK, so go ahead
 R$*			$: <?> $&{client_name}
-# check if bracketed IP address (forward lookup != reverse lookup)
-R<?> [$+]		$: <BAD> [$1]
 # pass to name server to make hostname canonical
-R<?> $* $~P 		$: <?> $[ $1 $2 $]
-R<$-> $*		$: $2
-R$* .			$1				strip trailing dots
-R$@			$@ OK
+R<?> $* $~P 		$:<?>  $[ $1 $2 $]
+R$* .			$1			strip trailing dots
+dnl should not be necessary since it has been done for client_addr already
+R<?>			$@ RELAYFROM
 ifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl
-R$* $=m			$@ OK', `dnl')
-R$=w			$@ OK
+R<?> $* $=m		$@ RELAYFROM', `dnl')
+R<?> $=w		$@ RELAYFROM
 ifdef(`_RELAY_HOSTS_ONLY_',
-`R$=R			$@ OK
-ifdef(`ACCESS_TABLE', `dnl
-R$*			$: <$(access $1 $: ? $)> <$1>',`dnl')',
-`R$* $=R			$@ OK
-ifdef(`ACCESS_TABLE', `dnl
-R$*			$: $>LookUpDomain <$1> <?> <$1>',`dnl')')
-ifdef(`ACCESS_TABLE', `dnl
-R<RELAY> $*		$@ RELAY
+`R<?> $=R		$@ RELAYFROM
+ifdef(`_ACCESS_TABLE_', `dnl
+R<?> $*			$: <$(access Connect:$1 $: ? $)> <$1>
+R<?> <$*>		$: <$(access $1 $: ? $)> <$1>',`dnl')',
+`R<?> $* $=R			$@ RELAYFROM
+ifdef(`_ACCESS_TABLE_', `dnl
+R<?> $*			$: $>LookUpDomain <$1> <?> <$1> <+Connect>',`dnl')')
+ifdef(`_ACCESS_TABLE_', `dnl
+R<RELAY> $*		$@ RELAYFROM
 R<$*> <$*>		$: $2',`dnl')
 
-# check IP address
-R$*			$: $&{client_addr}
-R$@			$@ OK			originated locally
-R0			$@ OK			originated locally
-R$=R $*			$@ OK			relayable IP address
-ifdef(`ACCESS_TABLE', `dnl
-R$*			$: $>LookUpAddress <$1> <?> <$1>
-R<RELAY> $* 		$@ RELAY		relayable IP address
-R<$*> <$*>		$: $2', `dnl')
-R$*			$: [ $1 ]		put brackets around it...
-R$=w			$@ OK			... and see if it is local
-
-ifdef(`_RELAY_LOCAL_FROM_', `dnl
-# anything with a local FROM is ok
-R$*			$: $1 $| $>CanonAddr $&f
-R$* $| $+ < @ $=w . >	$@ OK			FROM local
+# anything else is bogus
+R$*			$#error $@ 5.7.1 $: confRELAY_MSG
+divert(0)
+ifdef(`_DELAY_CHECKS_',`dnl
+# turn a canonical address in the form user<@domain>
+# qualify unqual. addresses with $j
+dnl it might have been only user (without <@domain>)
+SFullAddr
+R$* <@ $+ . >		$1 <@ $2 >
+R$* <@ $* >		$@ $1 <@ $2 >
+R$+			$@ $1 <@ $j >
+
+# call all necessary rulesets
+Scheck_rcpt
+dnl this test should be in the Basic_check_rcpt ruleset
+dnl which is the correct DSN code?
+# R$@			$#error $@ 5.1.3 $: "553 Recipient address required"
+R$+			$: $1 $| $>checkrcpt $1
+dnl now we can simply stop checks by returning "$# xyz" instead of just "ok"
+R$+ $| $#$*		$#$2
+R$+ $| $*		$: <?> $>FullAddr $>CanonAddr $1
+ifdef(`_SPAM_FH_',
+`dnl lookup user@ and user@address
+ifdef(`_ACCESS_TABLE_', `',
+`errprint(`*** ERROR: FEATURE(`delay_checks', `argument') requires FEATURE(`access_db')
+')')dnl
+dnl one of the next two rules is supposed to match
+dnl this code has been copied from BLACKLIST... etc
+dnl and simplified by omitting some < >.
+R<?> $+ < @ $=w >	$: <> $1 < @ $2 > $| <F: $1@$2 > <U: $1@>
+R<?> $+ < @ $* >	$: <> $1 < @ $2 > $| <F: $1@$2 >
+dnl R<?>		$@ something_is_very_wrong_here
+# lookup the addresses only with To tag
+R<> $* $| <$+>		$: <@> $1 $| $>SearchList <!To> $| <$2> <>
+R<@> $* $| $*		$: $2 $1		reverse result
+dnl', `dnl')
+ifdef(`_SPAM_FRIEND_',
+`# is the recipient a spam friend?
+ifdef(`_SPAM_HATER_',
+	`errprint(`*** ERROR: define either SpamHater or SpamFriend
+')', `dnl')
+R<SPAMFRIEND> $+	$@ SPAMFRIEND
+R<$*> $+		$: $2',
+`dnl')
+ifdef(`_SPAM_HATER_',
+`# is the recipient no spam hater?
+R<SPAMHATER> $+		$: $1			spam hater: continue checks
+R<$*> $+		$@ NOSPAMHATER		everyone else: stop
+dnl',`dnl')
+dnl run further checks: check_mail
+dnl should we "clean up" $&f?
+R$*			$: $1 $| $>checkmail <$&f>
+R$* $| $#$*		$#$2
+dnl run further checks: check_relay
+R$*			$: $1 $| $>checkrelay $&{client_name} $| $&{client_addr}
+R$* $| $#$*		$#$2
 R$* $| $*		$: $1
 ', `dnl')
+ifdef(`_ACCESS_TABLE_', `dnl
+######################################################################
+###  SearchList: search a list of items in the access map
+###	Parameters:
+###		<exact tag> $| <mark:address> <mark:address> ... <>
+dnl	maybe we should have a @ (again) in front of the mark to
+dnl	avoid errorneous matches (with error messages?)
+dnl	if we can make sure that tag is always a single token
+dnl	then we can omit the delimiter $|, otherwise we need it
+dnl	to avoid errorneous matchs (first rule: H: if there
+dnl	is that mark somewhere in the list, it will be taken).
+dnl	moreover, we can do some tricks to enforce lookup with
+dnl	the tag only, e.g.:
+###	where "exact" is either "+" or "!":
+###	<+ TAG>	lookup with and w/o tag
+###	<! TAG>	lookup with tag
+dnl	Warning: + and ! should be in OperatorChars (otherwise there must be
+dnl		a blank between them and the tag.
+###	possible values for "mark" are:
+###		H: recursive host lookup (LookUpDomain)
+dnl		A: recursive address lookup (LookUpAddress) [not yet required]
+###		E: exact lookup, no modifications
+###		F: full lookup, try user+ext@domain and user@domain
+###		U: user lookup, try user+ext and user (input must have trailing @)
+###	return: <RHS of lookup> or <?> (not found)
+######################################################################
 
-# anything else is bogus
-R$*			$#error $@ 5.7.1 $: "550 Relaying denied"')
+# class with valid marks for SearchList
+dnl if A is activated: add it
+C{src}E F H U
+SSearchList
+# mark H: lookup domain
+R<$+> $| <H:$+> <$*>		$: <$1> $| <@> $>LookUpDomain <$2> <?> <$3> <$1>
+R<$+> $| <@> <$+> <$*>		$: <$1> $| <$2> <$3>
+dnl A: NOT YET REQUIRED
+dnl R<$+> $| <A:$+> <$*>	$: <$1> $| <@> $>LookUpAddress <$2> <?> <$3> <$1>
+dnl R<$+> $| <@> <$+> <$*>	$: <$1> $| <$2> <$3>
+dnl lookup of the item with tag
+dnl this applies to F: U: E:
+R<$- $-> $| <$={src}:$+> <$*>	$: <$1 $2> $| <$(access $2`'_TAG_DELIM_`'$4 $: $3:$4 $)> <$5>
+dnl no match, try without tag
+R<+ $-> $| <$={src}:$+> <$*>	$: <+ $1> $| <$(access $3 $: $2:$3 $)> <$4>
+dnl do we really have to distinguish these cases?
+dnl probably yes, there might be a + in the domain part (is that allowed?)
+dnl user+detail lookups: should it be:
+dnl user+detail, user+*, user; just like aliases?
+R<$- $-> $| <F:$* + $*@$+> <$*>	$: <$1 $2> $| <$(access $2`'_TAG_DELIM_`'$3@$5 $: F:$3 + $4@$5$)> <$6>
+R<+ $-> $| <F:$* + $*@$+> <$*>	$: <+ $1> $| <$(access $2@$4 $: F:$2 + $3@$4$)> <$5>
+dnl user lookups are always with trailing @
+dnl do not remove the @ from the lookup:
+dnl it is part of the +detail@ which is omitted for the lookup
+R<$- $-> $| <U:$* + $*> <$*>	$: <$1 $2> $| <$(access $2`'_TAG_DELIM_`'$3@ $: U:$3 + $4$)> <$5>
+dnl no match, try without tag
+R<+ $-> $| <U:$* + $*> <$*>	$: <+ $1> $| <$(access $2@ $: U:$2 + $3$)> <$4>
+dnl no match, try rest of list
+R<$+> $| <$={src}:$+> <$+>	$@ $>SearchList <$1> $| <$4>
+dnl no match, list empty: return failure
+R<$+> $| <$={src}:$+> <>	$@ <?>
+dnl got result, return it
+R<$+> $| <$+> <$*>		$@ <$2>
+dnl return result from recursive invocation
+R<$+> $| <$+>			$@ <$2>', `dnl')
+
+# is user trusted to authenticate as someone else?
+dnl AUTH= parameter from MAIL command
+Strust_auth
+R$*			$: $&{auth_type} $| $1
+# required by RFC 2554 section 4.
+R$@ $| $*		$#error $@ 5.7.1 $: "550 not authenticated"
+dnl seems to be useful...
+R$* $| $&{auth_authen}		$@ identical
+R$* $| <$&{auth_authen}>	$@ identical
+dnl call user supplied code
+R$* $| $*		$: $1 $| $>"Local_trust_auth" $1
+R$* $| $#$*		$#$2
+dnl default: error
+R$*			$#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
+
+dnl empty ruleset definition so it can be called
+SLocal_trust_auth
+
+ifdef(`_FFR_TLS_O_T', `dnl
+Soffer_tls
+R$*		$: $>LookUpDomain <$&{client_name}> <?> <> <! TLS_OFF_TAG>
+R<?>$*		$: $>LookUpAddress <$&{client_addr}> <?> <> <! TLS_OFF_TAG>
+R<?>$*		$: <$(access TLS_OFF_TAG: $: ? $)>
+R<?>$*		$@ OK
+R<NO> <>	$#error $@ 5.7.1 $: "550 do not offer TLS for " $&{client_name} " ["$&{client_addr}"]"
+
+Stry_tls
+R$*		$: $>LookUpDomain <$&{server_name}> <?> <> <! TLS_TRY_TAG>
+R<?>$*		$: $>LookUpAddress <$&{server_addr}> <?> <> <! TLS_TRY_TAG>
+R<?>$*		$: <$(access TLS_TRY_TAG: $: ? $)>
+R<?>$*		$@ OK
+R<NO> <>	$#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"
+')dnl
 
-undivert(9)dnl
+# is connection with client "good" enough? (done in server)
+# input: ${verify} $| (MAIL|STARTTLS)
+dnl MAIL: called from check_mail
+dnl STARTTLS: called from smtp() after STARTTLS has been accepted
+Stls_client
+ifdef(`_ACCESS_TABLE_', `dnl
+dnl ignore second arg for now
+dnl maybe use it to distinguish permanent/temporary error?
+dnl if MAIL: permanent (STARTTLS has not been offered)
+dnl if STARTTLS: temporary (offered but maybe failed)
+R$* $| $*	$: $1 $| $>LookUpDomain <$&{client_name}> <?> <> <! TLS_CLT_TAG>
+R$* $| <?>$*	$: $1 $| $>LookUpAddress <$&{client_addr}> <?> <> <! TLS_CLT_TAG>
+dnl do a default lookup: just TLS_CLT_TAG
+R$* $| <?>$*	$: $1 $| <$(access TLS_CLT_TAG`'_TAG_DELIM_ $: ? $)>
+R$*		$@ $>"tls_connection" $1', `dnl
+R$* $| $*	$@ $>"tls_connection" $1')
+
+# is connection with server "good" enough? (done in client)
+dnl i.e. has the server been authenticated and is encryption active?
+dnl called from deliver() after STARTTLS command
+# input: ${verify}
+Stls_server
+ifdef(`_ACCESS_TABLE_', `dnl
+R$*		$: $1 $| $>LookUpDomain <$&{server_name}> <?> <> <! TLS_SRV_TAG>
+R$* $| <?>$*	$: $1 $| $>LookUpAddress <$&{server_addr}> <?> <> <! TLS_SRV_TAG>
+dnl do a default lookup: just TLS_SRV_TAG
+R$* $| <?>$*	$: $1 $| <$(access TLS_SRV_TAG`'_TAG_DELIM_ $: ? $)>
+R$*		$@ $>"tls_connection" $1', `dnl
+R$*		$@ $>"tls_connection" $1')
+
+Stls_connection
+ifdef(`_ACCESS_TABLE_', `dnl
+dnl common ruleset for tls_{client|server}
+dnl input: $&{verify} $| <ResultOfLookup> [<>]
+dnl remove optional <>
+R$* $| <$*>$*			$: $1 $| <$2>
+dnl permanent or temporary error?
+R$* $| <PERM + $={tls} $*>	$: $1 $| <503:5.7.0> <$2 $3>
+R$* $| <TEMP + $={tls} $*>	$: $1 $| <403:4.7.0> <$2 $3>
+dnl default case depends on TLS_PERM_ERR
+R$* $| <$={tls} $*>		$: $1 $| <ifdef(`TLS_PERM_ERR', `503:5.7.0', `403:4.7.0')> <$2 $3>
+dnl deal with TLS handshake failures: abort
+RSOFTWARE $| <$-:$+> $* 	$#error $@ $2 $: $1 " TLS handshake failed."
+dnl no <reply:dns> i.e. not requirements in the access map
+dnl use default error
+RSOFTWARE $| $* 		$#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake failed."
+R$* $| <$*> <VERIFY>		$: <$2> <VERIFY> $1
+R$* $| <$*> <$={tls}:$->$*	$: <$2> <$3:$4> $1
+dnl some other value in access map: accept
+dnl this also allows to override the default case (if used)
+R$* $| $*			$@ OK
+# authentication required: give appropriate error
+# other side did authenticate (via STARTTLS)
+dnl workspace: <SMTP:ESC> <{VERIFY,ENCR}[:BITS]> ${verify}
+dnl only verification required and it succeeded
+R<$*><VERIFY> OK		$@ OK
+dnl verification required + some level of encryption
+R<$*><VERIFY:$-> OK		$: <$1> <REQ:$2>
+dnl just some level of encryption required
+R<$*><ENCR:$-> $*		$: <$1> <REQ:$2>
+dnl verification required but ${verify} is not set
+R<$-:$+><VERIFY $*>		$#error $@ $2 $: $1 " authentication required"
+R<$-:$+><VERIFY $*> FAIL	$#error $@ $2 $: $1 " authentication failed"
+R<$-:$+><VERIFY $*> NO		$#error $@ $2 $: $1 " not authenticated"
+R<$-:$+><VERIFY $*> NONE	$#error $@ $2 $: $1 " other side does not support STARTTLS"
+dnl some other value for ${verify}
+R<$-:$+><VERIFY $*> $+		$#error $@ $2 $: $1 " authentication failure " $4
+dnl some level of encryption required: get the maximum level
+R<$*><REQ:$->			$: <$1> <REQ:$2> $>max $&{cipher_bits} : $&{auth_ssf}
+dnl compare required bits with actual bits
+R<$*><REQ:$-> $-		$: <$1> <$2:$3> $(arith l $@ $3 $@ $2 $)
+R<$-:$+><$-:$-> TRUE		$#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
+
+Smax
+dnl compute the max of two values separated by :
+R:		$: 0
+R:$-		$: $1
+R$-:		$: $1
+R$-:$-		$: $(arith l $@ $1 $@ $2 $) : $1 : $2
+RTRUE:$-:$-	$: $2
+R$-:$-:$-	$: $2',
+`dnl use default error
+dnl deal with TLS handshake failures: abort
+RSOFTWARE	$#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake."')
+
+SRelayAuth
+# authenticated?
+dnl we do not allow relaying for anyone who can present a cert
+dnl signed by a "trusted" CA. For example, even if we put verisigns
+dnl CA in CERTPath so we can authenticate users, we do not allow
+dnl them to abuse our server (they might be easier to get hold of,
+dnl but anyway).
+dnl so here is the trick: if the verification succeeded
+dnl we look up the cert issuer in the access map
+dnl (maybe after extracting a part with a regular expression)
+dnl if this returns RELAY we relay without further questions
+dnl if it returns SUBJECT we perform a similar check on the
+dnl cert subject.
+R$* $| OK		$: $1
+R$* $| $*		$@ NO		not authenticated
+ifdef(`_ACCESS_TABLE_', `dnl
+ifdef(`_CERT_REGEX_ISSUER_', `dnl
+R$*			$: $1 $| $(CERTIssuer $&{cert_issuer} $)',
+`R$*			$: $1 $| $&{cert_issuer}')
+R$* $| $+		$: $1 $| $(access CERTISSUER:$2 $)
+dnl use $# to stop further checks (delay_check)
+R$* $| RELAY		$# RELAYCERTISSUER
+ifdef(`_CERT_REGEX_SUBJECT_', `dnl
+R$* $| SUBJECT		$: $1 $| <@> $(CERTSubject $&{cert_subject} $)',
+`R$* $| SUBJECT		$: $1 $| <@> $&{cert_subject}')
+R$* $| <@> $+		$: $1 $| <@> $(access CERTSUBJECT:$&{cert_subject} $)
+R$* $| <@> RELAY	$# RELAYCERTSUBJECT
+R$* $| $*		$: $1', `dnl')
+
+undivert(9)dnl LOCAL_RULESETS
+ifdef(`_FFR_MILTER', `
+#
+######################################################################
+######################################################################
+#####
+`#####			MAIL FILTER DEFINITIONS'
+#####
+######################################################################
+######################################################################
+_MAIL_FILTERS_')
 #
 ######################################################################
 ######################################################################
@@ -1326,4 +2069,4 @@ undivert(9)dnl
 #####
 ######################################################################
 ######################################################################
-undivert(7)dnl
+undivert(7)dnl MAILER_DEFINITIONS
diff --git a/contrib/sendmail/cf/m4/version.m4 b/contrib/sendmail/cf/m4/version.m4
index 416488c..4025272 100644
--- a/contrib/sendmail/cf/m4/version.m4
+++ b/contrib/sendmail/cf/m4/version.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -10,8 +11,8 @@ divert(-1)
 # the sendmail distribution.
 #
 #
-VERSIONID(`@(#)version.m4	8.9.3.1 (Berkeley) 2/4/1999')
+VERSIONID(`$Id: version.m4,v 8.39.4.10 2000/07/19 20:40:59 gshapiro Exp $')
 #
 divert(0)
 # Configuration version number
-DZ8.9.3`'ifdef(`confCF_VERSION', `/confCF_VERSION')
+DZ8.11.0`'ifdef(`confCF_VERSION', `/confCF_VERSION')
diff --git a/contrib/sendmail/cf/mailer/cyrus.m4 b/contrib/sendmail/cf/mailer/cyrus.m4
index 567025f..a6afa4a 100644
--- a/contrib/sendmail/cf/mailer/cyrus.m4
+++ b/contrib/sendmail/cf/mailer/cyrus.m4
@@ -1,6 +1,7 @@
 PUSHDIVERT(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
@@ -12,17 +13,17 @@ PUSHDIVERT(-1)
 #
 #***************************************************************************
 #	(C) Copyright 1995 by Carnegie Mellon University
-# 
+#
 #                      All Rights Reserved
-# 
-# Permission to use, copy, modify, and distribute this software and its 
-# documentation for any purpose and without fee is hereby granted, 
+#
+# Permission to use, copy, modify, and distribute this software and its
+# documentation for any purpose and without fee is hereby granted,
 # provided that the above copyright notice appear in all copies and that
-# both that copyright notice and this permission notice appear in 
+# both that copyright notice and this permission notice appear in
 # supporting documentation, and that the name of CMU not be
 # used in advertising or publicity pertaining to distribution of the
-# software without specific, written prior permission.  
-# 
+# software without specific, written prior permission.
+#
 # CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
 # ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
 # CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
@@ -32,13 +33,16 @@ PUSHDIVERT(-1)
 # SOFTWARE.
 #
 #	Contributed to Berkeley by John Gardiner Myers <jgm+@CMU.EDU>.
-# 
+#
+
+ifdef(`_MAILER_local_', `',
+	`errprint(`*** MAILER(`local') must appear before MAILER(`cyrus')')')dnl
 
-ifdef(`CYRUS_MAILER_FLAGS',, `define(`CYRUS_MAILER_FLAGS', `A5@/:|')')
+_DEFIFNOT(`CYRUS_MAILER_FLAGS', `Ah5@/:|')
 ifdef(`CYRUS_MAILER_PATH',, `define(`CYRUS_MAILER_PATH', /usr/cyrus/bin/deliver)')
 ifdef(`CYRUS_MAILER_ARGS',, `define(`CYRUS_MAILER_ARGS', `deliver -e -m $h -- $u')')
 ifdef(`CYRUS_MAILER_USER',, `define(`CYRUS_MAILER_USER', `cyrus:mail')')
-ifdef(`CYRUS_BB_MAILER_FLAGS',, `define(`CYRUS_BB_MAILER_FLAGS', `')')
+_DEFIFNOT(`CYRUS_BB_MAILER_FLAGS', `u')
 ifdef(`CYRUS_BB_MAILER_ARGS',, `define(`CYRUS_BB_MAILER_ARGS', `deliver -e -m $u')')
 
 POPDIVERT
@@ -47,12 +51,12 @@ POPDIVERT
 ###   Cyrus Mailer specification               ###
 ##################################################
 
-VERSIONID(`@(#)cyrus.m4	8.9 (Carnegie Mellon) 5/19/1998')
+VERSIONID(`$Id: cyrus.m4,v 8.21 1999/10/18 04:57:52 gshapiro Exp $ (Carnegie Mellon)')
 
-Mcyrus,		P=CYRUS_MAILER_PATH, F=CONCAT(`lsDFMnPq', CYRUS_MAILER_FLAGS), S=10, R=20/40, T=X-Unix,
-		ifdef(`CYRUS_MAILER_MAX', `M=CYRUS_MAILER_MAX, ')U=CYRUS_MAILER_USER,
+Mcyrus,		P=CYRUS_MAILER_PATH, F=_MODMF_(CONCAT(`lsDFMnPq', CYRUS_MAILER_FLAGS), `CYRUS'), S=EnvFromL, R=EnvToL/HdrToL,
+		ifdef(`CYRUS_MAILER_MAX', `M=CYRUS_MAILER_MAX, ')U=CYRUS_MAILER_USER, T=DNS/RFC822/X-Unix,
 		A=CYRUS_MAILER_ARGS
 
-Mcyrusbb,	P=CYRUS_MAILER_PATH, F=CONCAT(`lsDFMnP', CYRUS_BB_MAILER_FLAGS), S=10, R=20/40, T=X-Unix,
-		ifdef(`CYRUS_MAILER_MAX', `M=CYRUS_MAILER_MAX, ')U=CYRUS_MAILER_USER,
+Mcyrusbb,	P=CYRUS_MAILER_PATH, F=_MODMF_(CONCAT(`lsDFMnP', CYRUS_BB_MAILER_FLAGS), `CYRUS'), S=EnvFromL, R=EnvToL/HdrToL,
+		ifdef(`CYRUS_MAILER_MAX', `M=CYRUS_MAILER_MAX, ')U=CYRUS_MAILER_USER, T=DNS/RFC822/X-Unix,
 		A=CYRUS_BB_MAILER_ARGS
diff --git a/contrib/sendmail/cf/mailer/fax.m4 b/contrib/sendmail/cf/mailer/fax.m4
index 3ee94bd..63c6931 100644
--- a/contrib/sendmail/cf/mailer/fax.m4
+++ b/contrib/sendmail/cf/mailer/fax.m4
@@ -1,6 +1,7 @@
 PUSHDIVERT(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -26,9 +27,10 @@ POPDIVERT
 ###   FAX Mailer specification   ###
 ####################################
 
-VERSIONID(`@(#)fax.m4	8.11 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: fax.m4,v 8.15 1999/10/18 04:57:53 gshapiro Exp $')
 
-Mfax,		P=FAX_MAILER_PATH, F=DFMhu, S=14, R=24, M=FAX_MAILER_MAX, T=X-Phone/X-FAX/X-Unix,
+Mfax,		P=FAX_MAILER_PATH, F=DFMhu, S=14, R=24,
+		M=FAX_MAILER_MAX, T=X-Phone/X-FAX/X-Unix,
 		A=FAX_MAILER_ARGS
 
 LOCAL_CONFIG
diff --git a/contrib/sendmail/cf/mailer/local.m4 b/contrib/sendmail/cf/mailer/local.m4
index 6b4b679..6b14b19 100644
--- a/contrib/sendmail/cf/mailer/local.m4
+++ b/contrib/sendmail/cf/mailer/local.m4
@@ -1,6 +1,7 @@
 PUSHDIVERT(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -10,10 +11,13 @@ PUSHDIVERT(-1)
 # the sendmail distribution.
 #
 #
-ifdef(`LOCAL_MAILER_FLAGS',, `define(`LOCAL_MAILER_FLAGS', `rmn9')')
+_DEFIFNOT(`_DEF_LOCAL_MAILER_FLAGS', `lsDFMAw5:/|@q')
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `Prmn9')
 ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', /bin/mail)')
 ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `mail -d $u')')
-ifdef(`LOCAL_SHELL_FLAGS',, `define(`LOCAL_SHELL_FLAGS', `eu9')')
+ifdef(`LOCAL_MAILER_DSN_DIAGNOSTIC_CODE',, `define(`LOCAL_MAILER_DSN_DIAGNOSTIC_CODE', `X-Unix')')
+_DEFIFNOT(`_DEF_LOCAL_SHELL_FLAGS', `lsDFMoq')
+_DEFIFNOT(`LOCAL_SHELL_FLAGS', `eu9')
 ifdef(`LOCAL_SHELL_PATH',, `define(`LOCAL_SHELL_PATH', /bin/sh)')
 ifdef(`LOCAL_SHELL_ARGS',, `define(`LOCAL_SHELL_ARGS', `sh -c $u')')
 ifdef(`LOCAL_SHELL_DIR',, `define(`LOCAL_SHELL_DIR', `$z:/')')
@@ -23,52 +27,59 @@ POPDIVERT
 ###   Local and Program Mailer specification   ###
 ##################################################
 
-VERSIONID(`@(#)local.m4	8.30 (Berkeley) 6/30/1998')
-
-Mlocal,		P=LOCAL_MAILER_PATH, F=CONCAT(`lsDFMAw5:/|@q', LOCAL_MAILER_FLAGS), S=10/30, R=20/40,
-		_OPTINS(`LOCAL_MAILER_MAX', `M=', `, ')_OPTINS(`LOCAL_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/X-Unix,
-		A=LOCAL_MAILER_ARGS
-Mprog,		P=LOCAL_SHELL_PATH, F=CONCAT(`lsDFMoq', LOCAL_SHELL_FLAGS), S=10/30, R=20/40, D=LOCAL_SHELL_DIR,
-		_OPTINS(`LOCAL_MAILER_MAX', `M=', `, ')T=X-Unix,
-		A=LOCAL_SHELL_ARGS
+VERSIONID(`$Id: local.m4,v 8.50.16.1 2000/06/12 18:25:40 gshapiro Exp $')
 
 #
 #  Envelope sender rewriting
 #
-S10
+SEnvFromL=10
 R<@>			$n			errors to mailer-daemon
 R@ <@ $*>		$n			temporarily bypass Sun bogosity
-R$+			$: $>50 $1		add local domain if needed
-R$*			$: $>94 $1		do masquerading
+R$+			$: $>AddDomain $1	add local domain if needed
+R$*			$: $>MasqEnv $1		do masquerading
 
 #
 #  Envelope recipient rewriting
 #
-S20
+SEnvToL=20
 R$+ < @ $* >		$: $1			strip host part
+ifdef(`_FFR_ADDR_TYPE', `dnl
+ifdef(`confUSERDB_SPEC', `dnl',
+`dnl Do not forget to bump V9 to V10 before removing _FFR_ADDR_TYPE check
+R$+ + $*		$: < $&{addr_type} > $1 + $2	mark with addr type
+R<e s> $+ + $*		$: $1			remove +detail for sender
+R< $* > $+		$: $2			else remove mark')', `dnl')
 
 #
 #  Header sender rewriting
 #
-S30
+SHdrFromL=30
 R<@>			$n			errors to mailer-daemon
 R@ <@ $*>		$n			temporarily bypass Sun bogosity
-R$+			$: $>50 $1		add local domain if needed
-R$*			$: $>93 $1		do masquerading
+R$+			$: $>AddDomain $1	add local domain if needed
+R$*			$: $>MasqHdr $1		do masquerading
 
 #
 #  Header recipient rewriting
 #
-S40
-R$+			$: $>50 $1		add local domain if needed
-ifdef(`_ALL_MASQUERADE_', `dnl
-R$*			$: $>93 $1		do all-masquerading', `dnl')
+SHdrToL=40
+R$+			$: $>AddDomain $1	add local domain if needed
+ifdef(`_ALL_MASQUERADE_',
+`R$*			$: $>MasqHdr $1		do all-masquerading',
+`R$* < @ *LOCAL* > $*	$: $1 < @ $j . > $2')
 
 #
 #  Common code to add local domain name (only if always-add-domain)
 #
-S50
+SAddDomain=50
 ifdef(`_ALWAYS_ADD_DOMAIN_', `dnl
-R$* < @ $* > $* 	$@ $1 < @ $2 > $3		already fully qualified
-R$+			$@ $1 < @ *LOCAL* >		add local qualification',
+R$* < @ $* > $* 	$@ $1 < @ $2 > $3	already fully qualified
+R$+			$@ $1 < @ *LOCAL* >	add local qualification',
 `dnl')
+
+Mlocal,		P=LOCAL_MAILER_PATH, F=_MODMF_(CONCAT(_DEF_LOCAL_MAILER_FLAGS, LOCAL_MAILER_FLAGS), `LOCAL'), S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,_OPTINS(`LOCAL_MAILER_EOL', ` E=', `, ')
+		_OPTINS(`LOCAL_MAILER_MAX', `M=', `, ')_OPTINS(`LOCAL_MAILER_MAXMSGS', `m=', `, ')_OPTINS(`LOCAL_MAILER_MAXRCPTS', `r=', `, ')_OPTINS(`LOCAL_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/LOCAL_MAILER_DSN_DIAGNOSTIC_CODE,
+		A=LOCAL_MAILER_ARGS
+Mprog,		P=LOCAL_SHELL_PATH, F=CONCAT(_DEF_LOCAL_SHELL_FLAGS, LOCAL_SHELL_FLAGS), S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=LOCAL_SHELL_DIR,
+		_OPTINS(`LOCAL_MAILER_MAX', `M=', `, ')T=X-Unix/X-Unix/X-Unix,
+		A=LOCAL_SHELL_ARGS
diff --git a/contrib/sendmail/cf/mailer/mail11.m4 b/contrib/sendmail/cf/mailer/mail11.m4
index 222b53f..d60a063 100644
--- a/contrib/sendmail/cf/mailer/mail11.m4
+++ b/contrib/sendmail/cf/mailer/mail11.m4
@@ -1,6 +1,7 @@
 PUSHDIVERT(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
@@ -13,13 +14,13 @@ PUSHDIVERT(-1)
 #
 # This mailer is only useful if you have DECNET and the
 # mail11 program - gatekeeper.dec.com:/pub/DEC/gwtools.
-# 
+#
 # For local delivery of DECNET style addresses to the local
 # DECNET node, you will need feature(use_cw_file) and put
 # your DECNET nodename in in the cw file.
 #
 ifdef(`MAIL11_MAILER_PATH',, `define(`MAIL11_MAILER_PATH', /usr/etc/mail11)')
-ifdef(`MAIL11_MAILER_FLAGS',, `define(`MAIL11_MAILER_FLAGS', nsFx)')
+_DEFIFNOT(`MAIL11_MAILER_FLAGS', `nsFx')
 ifdef(`MAIL11_MAILER_ARGS',, `define(`MAIL11_MAILER_ARGS', mail11 $g $x $h $u)')
 define(`_USE_DECNET_SYNTAX_')
 define(`_LOCAL_', ifdef(`confLOCAL_MAILER', confLOCAL_MAILER, `local'))
@@ -40,19 +41,20 @@ POPDIVERT
 ###   UTK-MAIL11 Mailer specification   ###
 ###########################################
 
-VERSIONID(`@(#)mail11.m4	8.8 (Berkeley) 5/19/1998')
-
-Mmail11, P=MAIL11_MAILER_PATH, F=MAIL11_MAILER_FLAGS, S=15, R=25,
-	A=MAIL11_MAILER_ARGS
+VERSIONID(`$Id: mail11.m4,v 8.19 1999/10/18 04:57:54 gshapiro Exp $')
 
-S15
+SMail11From=15
 R$+			$: $>25 $1		preprocess
 R$w :: $+		$@ $w :: $1		ready to go
 
-S25
+SMail11To=25
 R$+ < @ $- .UUCP >	$: $2 ! $1		back to old style
 R$+ < @ $- .DECNET >	$: $2 :: $1		convert to DECnet style
 R$+ < @ $- .LOCAL >	$: $2 :: $1		convert to DECnet style
 R$+ < @ $=w. >		$: $2 :: $1		convert to DECnet style
 R$=w :: $+		$2			strip local names
 R$+ :: $+		$@ $1 :: $2		already qualified
+
+Mmail11, P=MAIL11_MAILER_PATH, F=_MODMF_(MAIL11_MAILER_FLAGS, `MAIL11'), S=Mail11From, R=Mail11To,
+	T=DNS/X-DECnet/X-Unix,
+	A=MAIL11_MAILER_ARGS
diff --git a/contrib/sendmail/cf/mailer/phquery.m4 b/contrib/sendmail/cf/mailer/phquery.m4
index 3e0891a..09032e4 100644
--- a/contrib/sendmail/cf/mailer/phquery.m4
+++ b/contrib/sendmail/cf/mailer/phquery.m4
@@ -1,6 +1,7 @@
 PUSHDIVERT(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -13,8 +14,11 @@ PUSHDIVERT(-1)
 #  Contributed by Kimmo Suominen <kim@tac.nyc.ny.us>.
 #
 
+ifdef(`_MAILER_local_', `',
+	`errprint(`*** MAILER(`local') must appear before MAILER(`phquery')')')dnl
+
 ifdef(`PH_MAILER_PATH',, `define(`PH_MAILER_PATH', /usr/local/etc/phquery)')
-ifdef(`PH_MAILER_FLAGS',, `define(`PH_MAILER_FLAGS', `ehmu')')
+_DEFIFNOT(`PH_MAILER_FLAGS', `ehmu')
 ifdef(`PH_MAILER_ARGS',, `define(`PH_MAILER_ARGS', `phquery -- $u')')
 
 POPDIVERT
@@ -23,7 +27,8 @@ POPDIVERT
 ###   PH Mailer specification   ###
 ####################################
 
-VERSIONID(`@(#)phquery.m4	8.6 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: phquery.m4,v 8.15 1999/10/18 04:57:54 gshapiro Exp $')
 
-Mph,		P=PH_MAILER_PATH, F=CONCAT(`nrDFM', PH_MAILER_FLAGS), S=10, R=20/40,
+Mph,		P=PH_MAILER_PATH, F=_MODMF_(CONCAT(`nrDFM', PH_MAILER_FLAGS), `PH'), S=EnvFromL, R=EnvToL/HdrToL,
+		T=DNS/RFC822/X-Unix,
 		A=PH_MAILER_ARGS
diff --git a/contrib/sendmail/cf/mailer/pop.m4 b/contrib/sendmail/cf/mailer/pop.m4
index 0acea7d..a7b373d 100644
--- a/contrib/sendmail/cf/mailer/pop.m4
+++ b/contrib/sendmail/cf/mailer/pop.m4
@@ -1,6 +1,7 @@
 PUSHDIVERT(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -11,8 +12,11 @@ PUSHDIVERT(-1)
 #
 #
 
+ifdef(`_MAILER_local_', `',
+	`errprint(`*** MAILER(`local') must appear before MAILER(`pop')')')dnl
+
 ifdef(`POP_MAILER_PATH',, `define(`POP_MAILER_PATH', /usr/lib/mh/spop)')
-ifdef(`POP_MAILER_FLAGS',, `define(`POP_MAILER_FLAGS', `Penu')')
+_DEFIFNOT(`POP_MAILER_FLAGS', `Penu')
 ifdef(`POP_MAILER_ARGS',, `define(`POP_MAILER_ARGS', `pop $u')')
 
 POPDIVERT
@@ -21,9 +25,10 @@ POPDIVERT
 ###   POP Mailer specification   ###
 ####################################
 
-VERSIONID(`@(#)pop.m4	8.11 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: pop.m4,v 8.20 1999/10/18 04:57:54 gshapiro Exp $')
 
-Mpop,		P=POP_MAILER_PATH, F=CONCAT(`lsDFMq', POP_MAILER_FLAGS), S=10, R=20/40, T=DNS/RFC822/X-Unix,
+Mpop,		P=POP_MAILER_PATH, F=_MODMF_(CONCAT(`lsDFMq', POP_MAILER_FLAGS), `POP'), S=EnvFromL, R=EnvToL/HdrToL,
+		T=DNS/RFC822/X-Unix,
 		A=POP_MAILER_ARGS
 
 LOCAL_CONFIG
diff --git a/contrib/sendmail/cf/mailer/procmail.m4 b/contrib/sendmail/cf/mailer/procmail.m4
index 38b6d20..8589f3a 100644
--- a/contrib/sendmail/cf/mailer/procmail.m4
+++ b/contrib/sendmail/cf/mailer/procmail.m4
@@ -1,6 +1,7 @@
 PUSHDIVERT(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -11,12 +12,14 @@ PUSHDIVERT(-1)
 #
 #
 
+ifdef(`_MAILER_smtp_', `',
+	`errprint(`*** MAILER(`smtp') must appear before MAILER(`procmail')')')dnl
+
 ifdef(`PROCMAIL_MAILER_PATH',,
 	`ifdef(`PROCMAIL_PATH',
 		`define(`PROCMAIL_MAILER_PATH', PROCMAIL_PATH)',
 		`define(`PROCMAIL_MAILER_PATH', /usr/local/bin/procmail)')')
-ifdef(`PROCMAIL_MAILER_FLAGS',,
-	`define(`PROCMAIL_MAILER_FLAGS', `SPhnu9')')
+_DEFIFNOT(`PROCMAIL_MAILER_FLAGS', `SPhnu9')
 ifdef(`PROCMAIL_MAILER_ARGS',,
 	`define(`PROCMAIL_MAILER_ARGS', `procmail -Y -m $h $f $u')')
 
@@ -26,7 +29,8 @@ POPDIVERT
 ###   PROCMAIL Mailer specification   ###
 ##################*****##################
 
-VERSIONID(`@(#)procmail.m4	8.11 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: procmail.m4,v 8.20 1999/10/18 04:57:54 gshapiro Exp $')
 
-Mprocmail,	P=PROCMAIL_MAILER_PATH, F=CONCAT(`DFM', PROCMAIL_MAILER_FLAGS), S=11/31, R=21/31, T=DNS/RFC822/X-Unix,
-		ifdef(`PROCMAIL_MAILER_MAX', `M=PROCMAIL_MAILER_MAX, ')A=PROCMAIL_MAILER_ARGS
+Mprocmail,	P=PROCMAIL_MAILER_PATH, F=_MODMF_(CONCAT(`DFM', PROCMAIL_MAILER_FLAGS), `PROCMAIL'), S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
+		ifdef(`PROCMAIL_MAILER_MAX', `M=PROCMAIL_MAILER_MAX, ')T=DNS/RFC822/X-Unix,
+		A=PROCMAIL_MAILER_ARGS
diff --git a/contrib/sendmail/cf/mailer/qpage.m4 b/contrib/sendmail/cf/mailer/qpage.m4
new file mode 100644
index 0000000..31521d5
--- /dev/null
+++ b/contrib/sendmail/cf/mailer/qpage.m4
@@ -0,0 +1,30 @@
+PUSHDIVERT(-1)
+#
+# Copyright (C) 1997, Philip A. Prindeville and Enteka Enterprise Technology
+#				Services
+#
+# Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+# Tested with QuickPage version 3.2
+#
+ifdef(`QPAGE_MAILER_PATH', `', `define(`QPAGE_MAILER_PATH', `/usr/local/bin/qpage')')
+_DEFIFNOT(`QPAGE_MAILER_FLAGS', `mDFMs')
+ifdef(`QPAGE_MAILER_ARGS', `', `define(`QPAGE_MAILER_ARGS', `qpage -l0 -m -P$u')')
+ifdef(`QPAGE_MAILER_MAX', `', `define(`QPAGE_MAILER_MAX', `4096')')
+
+POPDIVERT
+
+######################################
+###   QPAGE Mailer specification   ###
+######################################
+
+VERSIONID(`$Id: qpage.m4,v 8.9 1999/11/16 03:33:04 gshapiro Exp $')
+
+Mqpage, P=QPAGE_MAILER_PATH, F=_MODMF_(QPAGE_MAILER_FLAGS, `QPAGE'),
+	M=QPAGE_MAILER_MAX,  T=DNS/RFC822/X-Unix,
+	A=QPAGE_MAILER_ARGS
diff --git a/contrib/sendmail/cf/mailer/smtp.m4 b/contrib/sendmail/cf/mailer/smtp.m4
index 7545597..dd601ec 100644
--- a/contrib/sendmail/cf/mailer/smtp.m4
+++ b/contrib/sendmail/cf/mailer/smtp.m4
@@ -1,6 +1,7 @@
 PUSHDIVERT(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -10,70 +11,32 @@ PUSHDIVERT(-1)
 # the sendmail distribution.
 #
 #
-ifdef(`SMTP_MAILER_FLAGS',, `define(`SMTP_MAILER_FLAGS', `')')
-ifdef(`SMTP_MAILER_ARGS',, `define(`SMTP_MAILER_ARGS', `IPC $h')')
-ifdef(`ESMTP_MAILER_ARGS',, `define(`ESMTP_MAILER_ARGS', `IPC $h')')
-ifdef(`SMTP8_MAILER_ARGS',, `define(`SMTP8_MAILER_ARGS', `IPC $h')')
-ifdef(`RELAY_MAILER_ARGS',, `define(`RELAY_MAILER_ARGS', `IPC $h')')
-ifdef(`_MAILER_uucp_',
-	`errprint(`*** MAILER(smtp) must appear before MAILER(uucp)')')dnl
+_DEFIFNOT(`_DEF_SMTP_MAILER_FLAGS', `mDFMuX')
+_DEFIFNOT(`SMTP_MAILER_FLAGS',`')
+_DEFIFNOT(`RELAY_MAILER_FLAGS', `SMTP_MAILER_FLAGS')
+ifdef(`SMTP_MAILER_ARGS',, `define(`SMTP_MAILER_ARGS', `TCP $h')')
+ifdef(`ESMTP_MAILER_ARGS',, `define(`ESMTP_MAILER_ARGS', `TCP $h')')
+ifdef(`SMTP8_MAILER_ARGS',, `define(`SMTP8_MAILER_ARGS', `TCP $h')')
+ifdef(`DSMTP_MAILER_ARGS',, `define(`DSMTP_MAILER_ARGS', `TCP $h')')
+ifdef(`RELAY_MAILER_ARGS',, `define(`RELAY_MAILER_ARGS', `TCP $h')')
 POPDIVERT
 #####################################
 ###   SMTP Mailer specification   ###
 #####################################
 
-VERSIONID(`@(#)smtp.m4	8.38 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: smtp.m4,v 8.56.2.1.2.2 2000/07/18 15:31:24 gshapiro Exp $')
 
-Msmtp,		P=[IPC], F=CONCAT(mDFMuX, SMTP_MAILER_FLAGS), S=11/31, R=ifdef(`_ALL_MASQUERADE_', `21/31', `21'), E=\r\n, L=990,
-		_OPTINS(`SMTP_MAILER_MAX', `M=', `, ')_OPTINS(`SMTP_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/SMTP,
-		A=SMTP_MAILER_ARGS
-Mesmtp,		P=[IPC], F=CONCAT(mDFMuXa, SMTP_MAILER_FLAGS), S=11/31, R=ifdef(`_ALL_MASQUERADE_', `21/31', `21'), E=\r\n, L=990,
-		_OPTINS(`SMTP_MAILER_MAX', `M=', `, ')_OPTINS(`SMTP_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/SMTP,
-		A=ESMTP_MAILER_ARGS
-Msmtp8,		P=[IPC], F=CONCAT(mDFMuX8, SMTP_MAILER_FLAGS), S=11/31, R=ifdef(`_ALL_MASQUERADE_', `21/31', `21'), E=\r\n, L=990,
-		_OPTINS(`SMTP_MAILER_MAX', `M=', `, ')_OPTINS(`SMTP_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/SMTP,
-		A=SMTP8_MAILER_ARGS
-Mrelay,		P=[IPC], F=CONCAT(mDFMuXa8, SMTP_MAILER_FLAGS), S=11/31, R=ifdef(`_ALL_MASQUERADE_', `61/71', `61'), E=\r\n, L=2040,
-		_OPTINS(`RELAY_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/SMTP,
-		A=RELAY_MAILER_ARGS
-
-#
-#  envelope sender rewriting
 #
-S11
-R$+			$: $>51 $1			sender/recipient common
-R$* :; <@>		$@				list:; special case
-R$*			$: $>61 $1			qualify unqual'ed names
-R$+			$: $>94 $1			do masquerading
-
-
-#
-#  envelope recipient rewriting --
-#  also header recipient if not masquerading recipients
-#
-S21
-R$+			$: $>51 $1			sender/recipient common
-R$+			$: $>61 $1			qualify unqual'ed names
-
-
-#
-#  header sender and masquerading header recipient rewriting
+#  common sender and masquerading recipient rewriting
 #
-S31
-R$+			$: $>51 $1			sender/recipient common
-R:; <@>			$@				list:; special case
-
-# do special header rewriting
-R$* <@> $*		$@ $1 <@> $2			pass null host through
-R< @ $* > $*		$@ < @ $1 > $2			pass route-addr through
-R$*			$: $>61 $1			qualify unqual'ed names
-R$+			$: $>93 $1			do masquerading
-
+SMasqSMTP=61
+R$* < @ $* > $*		$@ $1 < @ $2 > $3		already fully qualified
+R$+			$@ $1 < @ *LOCAL* >		add local qualification
 
 #
 #  convert pseudo-domain addresses to real domain addresses
 #
-S51
+SPseudoToReal=51
 
 # pass <route-addr>s through
 R< @ $+ > $*		$@ < @ $1 > $2			resolve <route-addr>
@@ -98,18 +61,57 @@ R$+ < @ >		$: $1 < @ *LOCAL* >		if no UUCP_RELAY')
 
 
 #
-#  common sender and masquerading recipient rewriting
+#  envelope sender rewriting
 #
-S61
+SEnvFromSMTP=11
+R$+			$: $>PseudoToReal $1		sender/recipient common
+R$* :; <@>		$@				list:; special case
+R$*			$: $>MasqSMTP $1		qualify unqual'ed names
+R$+			$: $>MasqEnv $1			do masquerading
 
-R$* < @ $* > $*		$@ $1 < @ $2 > $3		already fully qualified
-R$+			$@ $1 < @ *LOCAL* >		add local qualification
+
+#
+#  envelope recipient rewriting --
+#  also header recipient if not masquerading recipients
+#
+SEnvToSMTP=21
+R$+			$: $>PseudoToReal $1		sender/recipient common
+R$+			$: $>MasqSMTP $1		qualify unqual'ed names
+R$* < @ *LOCAL* > $*	$: $1 < @ $j . > $2
+
+#
+#  header sender and masquerading header recipient rewriting
+#
+SHdrFromSMTP=31
+R$+			$: $>PseudoToReal $1		sender/recipient common
+R:; <@>			$@				list:; special case
+
+# do special header rewriting
+R$* <@> $*		$@ $1 <@> $2			pass null host through
+R< @ $* > $*		$@ < @ $1 > $2			pass route-addr through
+R$*			$: $>MasqSMTP $1		qualify unqual'ed names
+R$+			$: $>MasqHdr $1			do masquerading
 
 
 #
 #  relay mailer header masquerading recipient rewriting
 #
-S71
+SMasqRelay=71
+R$+			$: $>MasqSMTP $1
+R$+			$: $>MasqHdr $1
 
-R$+			$: $>61 $1
-R$+			$: $>93 $1
+Msmtp,		P=[IPC], F=_MODMF_(CONCAT(_DEF_SMTP_MAILER_FLAGS, SMTP_MAILER_FLAGS), `SMTP'), S=EnvFromSMTP/HdrFromSMTP, R=ifdef(`_ALL_MASQUERADE_', `EnvToSMTP/HdrFromSMTP', `EnvToSMTP'), E=\r\n, L=990,
+		_OPTINS(`SMTP_MAILER_MAX', `M=', `, ')_OPTINS(`SMTP_MAILER_MAXMSGS', `m=', `, ')_OPTINS(`SMTP_MAILER_MAXRCPTS', `r=', `, ')_OPTINS(`SMTP_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/SMTP,
+		A=SMTP_MAILER_ARGS
+Mesmtp,		P=[IPC], F=CONCAT(_DEF_SMTP_MAILER_FLAGS, `a', SMTP_MAILER_FLAGS), S=EnvFromSMTP/HdrFromSMTP, R=ifdef(`_ALL_MASQUERADE_', `EnvToSMTP/HdrFromSMTP', `EnvToSMTP'), E=\r\n, L=990,
+		_OPTINS(`SMTP_MAILER_MAX', `M=', `, ')_OPTINS(`SMTP_MAILER_MAXMSGS', `m=', `, ')_OPTINS(`SMTP_MAILER_MAXRCPTS', `r=', `, ')_OPTINS(`SMTP_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/SMTP,
+		A=ESMTP_MAILER_ARGS
+Msmtp8,		P=[IPC], F=CONCAT(_DEF_SMTP_MAILER_FLAGS, `8', SMTP_MAILER_FLAGS), S=EnvFromSMTP/HdrFromSMTP, R=ifdef(`_ALL_MASQUERADE_', `EnvToSMTP/HdrFromSMTP', `EnvToSMTP'), E=\r\n, L=990,
+		_OPTINS(`SMTP_MAILER_MAX', `M=', `, ')_OPTINS(`SMTP_MAILER_MAXMSGS', `m=', `, ')_OPTINS(`SMTP_MAILER_MAXRCPTS', `r=', `, ')_OPTINS(`SMTP_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/SMTP,
+		A=SMTP8_MAILER_ARGS
+Mdsmtp,		P=[IPC], F=CONCAT(_DEF_SMTP_MAILER_FLAGS, `a%', SMTP_MAILER_FLAGS), S=EnvFromSMTP/HdrFromSMTP, R=ifdef(`_ALL_MASQUERADE_', `EnvToSMTP/HdrFromSMTP', `EnvToSMTP'), E=\r\n, L=990,
+		_OPTINS(`SMTP_MAILER_MAX', `M=', `, ')_OPTINS(`SMTP_MAILER_MAXMSGS', `m=', `, ')_OPTINS(`SMTP_MAILER_MAXRCPTS', `r=', `, ')_OPTINS(`SMTP_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/SMTP,
+		A=DSMTP_MAILER_ARGS
+Mrelay,		P=[IPC], F=CONCAT(_DEF_SMTP_MAILER_FLAGS, `a8', RELAY_MAILER_FLAGS), S=EnvFromSMTP/HdrFromSMTP, R=ifdef(`_ALL_MASQUERADE_', `MasqSMTP/MasqRelay', `MasqSMTP'), E=\r\n, L=2040,
+		_OPTINS(`RELAY_MAILER_CHARSET', `C=', `, ')_OPTINS(`RELAY_MAILER_MAXMSGS', `m=', `, ')_OPTINS(`SMTP_MAILER_MAXRCPTS', `r=', `, ')T=DNS/RFC822/SMTP,
+		A=RELAY_MAILER_ARGS
diff --git a/contrib/sendmail/cf/mailer/usenet.m4 b/contrib/sendmail/cf/mailer/usenet.m4
index 1535751..770eb30 100644
--- a/contrib/sendmail/cf/mailer/usenet.m4
+++ b/contrib/sendmail/cf/mailer/usenet.m4
@@ -1,6 +1,7 @@
 PUSHDIVERT(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -11,16 +12,19 @@ PUSHDIVERT(-1)
 #
 #
 
+ifdef(`_MAILER_local_', `',
+	`errprint(`*** MAILER(`local') must appear before MAILER(`usenet')')')dnl
+
 ifdef(`USENET_MAILER_PATH',, `define(`USENET_MAILER_PATH', /usr/lib/news/inews)')
-ifdef(`USENET_MAILER_FLAGS',, `define(`USENET_MAILER_FLAGS', `rlsDFMmn')')
+_DEFIFNOT(`USENET_MAILER_FLAGS', `rsDFMmn')
 ifdef(`USENET_MAILER_ARGS',, `define(`USENET_MAILER_ARGS', `inews -m -h -n')')
 POPDIVERT
 ####################################
 ###  USENET Mailer specification ###
 ####################################
 
-VERSIONID(`@(#)usenet.m4	8.10 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: usenet.m4,v 8.19 1999/11/16 03:33:04 gshapiro Exp $')
 
-Musenet,	P=USENET_MAILER_PATH, F=USENET_MAILER_FLAGS, S=10, R=20,
+Musenet,	P=USENET_MAILER_PATH, F=_MODMF_(USENET_MAILER_FLAGS, `USENET'), S=EnvFromL, R=EnvToL,
 		_OPTINS(`USENET_MAILER_MAX', `M=', `, ')T=X-Usenet/X-Usenet/X-Unix,
 		A=USENET_MAILER_ARGS $u
diff --git a/contrib/sendmail/cf/mailer/uucp.m4 b/contrib/sendmail/cf/mailer/uucp.m4
index badd307..dd915c3 100644
--- a/contrib/sendmail/cf/mailer/uucp.m4
+++ b/contrib/sendmail/cf/mailer/uucp.m4
@@ -1,6 +1,7 @@
 PUSHDIVERT(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -10,10 +11,12 @@ PUSHDIVERT(-1)
 # the sendmail distribution.
 #
 #
+ifdef(`_MAILER_smtp_', `',
+	`errprint(`*** MAILER(`smtp') must appear before MAILER(`uucp')')')dnl
 
 ifdef(`UUCP_MAILER_PATH',, `define(`UUCP_MAILER_PATH', /usr/bin/uux)')
 ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gC $h!rmail ($u)')')
-ifdef(`UUCP_MAILER_FLAGS',, `define(`UUCP_MAILER_FLAGS', `')')
+_DEFIFNOT(`UUCP_MAILER_FLAGS', `')
 ifdef(`UUCP_MAILER_MAX',,
 	`define(`UUCP_MAILER_MAX',
 		`ifdef(`UUCP_MAX_SIZE', `UUCP_MAX_SIZE', 100000)')')
@@ -22,45 +25,12 @@ POPDIVERT
 ###   UUCP Mailer specification   ###
 #####################################
 
-VERSIONID(`@(#)uucp.m4	8.30 (Berkeley) 5/19/1998')
-
-#
-#  There are innumerable variations on the UUCP mailer.  It really
-#  is rather absurd.
-#
-
-# old UUCP mailer (two names)
-Muucp,		P=UUCP_MAILER_PATH, F=CONCAT(DFMhuUd, UUCP_MAILER_FLAGS), S=12, R=22/42, M=UUCP_MAILER_MAX,
-		_OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,
-		A=UUCP_MAILER_ARGS
-Muucp-old,	P=UUCP_MAILER_PATH, F=CONCAT(DFMhuUd, UUCP_MAILER_FLAGS), S=12, R=22/42, M=UUCP_MAILER_MAX,
-		_OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,
-		A=UUCP_MAILER_ARGS
-
-# smart UUCP mailer (handles multiple addresses) (two names)
-Msuucp,		P=UUCP_MAILER_PATH, F=CONCAT(mDFMhuUd, UUCP_MAILER_FLAGS), S=12, R=22/42, M=UUCP_MAILER_MAX,
-		_OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,
-		A=UUCP_MAILER_ARGS
-Muucp-new,	P=UUCP_MAILER_PATH, F=CONCAT(mDFMhuUd, UUCP_MAILER_FLAGS), S=12, R=22/42, M=UUCP_MAILER_MAX,
-		_OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,
-		A=UUCP_MAILER_ARGS
-
-ifdef(`_MAILER_smtp_',
-`# domain-ized UUCP mailer
-Muucp-dom,	P=UUCP_MAILER_PATH, F=CONCAT(mDFMhud, UUCP_MAILER_FLAGS), S=52/31, R=ifdef(`_ALL_MASQUERADE_', `21/31', `21'), M=UUCP_MAILER_MAX,
-		_OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,
-		A=UUCP_MAILER_ARGS
-
-# domain-ized UUCP mailer with UUCP-style sender envelope
-Muucp-uudom,	P=UUCP_MAILER_PATH, F=CONCAT(mDFMhud, UUCP_MAILER_FLAGS), S=72/31, R=ifdef(`_ALL_MASQUERADE_', `21/31', `21'), M=UUCP_MAILER_MAX,
-		_OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,
-		A=UUCP_MAILER_ARGS')
-
+VERSIONID(`$Id: uucp.m4,v 8.38 1999/10/18 04:57:55 gshapiro Exp $')
 
 #
 #  envelope and header sender rewriting
 #
-S12
+SFromU=12
 
 # handle error address as a special case
 R<@>				$n			errors to mailer-daemon
@@ -82,7 +52,7 @@ R! $+				$: $k ! $1		in case $U undefined
 #
 #  envelope recipient rewriting
 #
-S22
+SEnvToU=22
 
 # list:; should disappear
 R:; <@>				$@
@@ -97,7 +67,7 @@ R$* < @ $+ >			$2 ! $1			convert to UUCP format
 #
 #  header recipient rewriting
 #
-S42
+SHdrToU=42
 
 # list:; syntax should disappear
 R:; <@>				$@
@@ -118,24 +88,24 @@ ifdef(`_MAILER_smtp_',
 `#
 #  envelope sender rewriting for uucp-dom mailer
 #
-S52
+SEnvFromUD=52
 
 # handle error address as a special case
 R<@>				$n			errors to mailer-daemon
 
 # pass everything to standard SMTP mailer rewriting
-R$*				$@ $>11 $1
+R$*				$@ $>EnvFromSMTP $1
 
 #
 #  envelope sender rewriting for uucp-uudom mailer
 #
-S72
+SEnvFromUUD=72
 
 # handle error address as a special case
 R<@>				$n			errors to mailer-daemon
 
 # do standard SMTP mailer rewriting
-R$*				$: $>11 $1
+R$*				$: $>EnvFromSMTP $1
 
 R$* < @ $* . > $*		$1 < @ $2 > $3		strip trailing dots
 R<@ $- . UUCP > : $+		$@ $1 ! $2		convert to UUCP format
@@ -150,3 +120,37 @@ R$* < @ $=Z . UUCP. > $*	$#uucp-uudom $@ $2 $: $1 < @ $2 .UUCP. > $3
 R$* < @ $=Y . UUCP. > $*	$#uucp-new $@ $2 $: $1 < @ $2 .UUCP. > $3
 R$* < @ $=U . UUCP. > $*	$#uucp-old $@ $2 $: $1 < @ $2 .UUCP. > $3
 POPDIVERT
+
+#
+#  There are innumerable variations on the UUCP mailer.  It really
+#  is rather absurd.
+#
+
+# old UUCP mailer (two names)
+Muucp,		P=UUCP_MAILER_PATH, F=_MODMF_(CONCAT(`DFMhuUd', UUCP_MAILER_FLAGS), `UUCP'), S=FromU, R=EnvToU/HdrToU,
+		M=UUCP_MAILER_MAX, _OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,
+		A=UUCP_MAILER_ARGS
+Muucp-old,	P=UUCP_MAILER_PATH, F=_MODMF_(CONCAT(`DFMhuUd', UUCP_MAILER_FLAGS), `UUCP'), S=FromU, R=EnvToU/HdrToU,
+		M=UUCP_MAILER_MAX, _OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,
+		A=UUCP_MAILER_ARGS
+
+# smart UUCP mailer (handles multiple addresses) (two names)
+Msuucp,		P=UUCP_MAILER_PATH, F=_MODMF_(CONCAT(`mDFMhuUd', UUCP_MAILER_FLAGS), `UUCP'), S=FromU, R=EnvToU/HdrToU,
+		 M=UUCP_MAILER_MAX, _OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,
+		A=UUCP_MAILER_ARGS
+Muucp-new,	P=UUCP_MAILER_PATH, F=_MODMF_(CONCAT(`mDFMhuUd', UUCP_MAILER_FLAGS), `UUCP'), S=FromU, R=EnvToU/HdrToU,
+		M=UUCP_MAILER_MAX, _OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,
+		A=UUCP_MAILER_ARGS
+
+ifdef(`_MAILER_smtp_',
+`# domain-ized UUCP mailer
+Muucp-dom,	P=UUCP_MAILER_PATH, F=_MODMF_(CONCAT(`mDFMhud', UUCP_MAILER_FLAGS), `UUCP'), S=EnvFromUD/HdrFromSMTP, R=ifdef(`_ALL_MASQUERADE_', `EnvToSMTP/HdrFromSMTP', `EnvToSMTP'),
+		M=UUCP_MAILER_MAX, _OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,
+		A=UUCP_MAILER_ARGS
+
+# domain-ized UUCP mailer with UUCP-style sender envelope
+Muucp-uudom,	P=UUCP_MAILER_PATH, F=_MODMF_(CONCAT(`mDFMhud', UUCP_MAILER_FLAGS), `UUCP'), S=EnvFromUUD/HdrFromSMTP, R=ifdef(`_ALL_MASQUERADE_', `EnvToSMTP/HdrFromSMTP', `EnvToSMTP'),
+		M=UUCP_MAILER_MAX, _OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,
+		A=UUCP_MAILER_ARGS')
+
+
diff --git a/contrib/sendmail/cf/ostype/aix2.m4 b/contrib/sendmail/cf/ostype/aix2.m4
index 2bda79c..fba191d 100644
--- a/contrib/sendmail/cf/ostype/aix2.m4
+++ b/contrib/sendmail/cf/ostype/aix2.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1995 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,9 +13,9 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)aix2.m4	8.8 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: aix2.m4,v 8.12 1999/04/12 17:34:36 ca Exp $')
 define(`LOCAL_MAILER_PATH', /bin/bellmail)dnl
 define(`LOCAL_MAILER_ARGS', mail $u)dnl
-define(`LOCAL_MAILER_FLAGS', `mn9')dnl
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `mn9')dnl
 define(`confEBINDIR', `/usr/lib')dnl
 define(`confTIME_ZONE', `USE_TZ')dnl
diff --git a/contrib/sendmail/cf/ostype/aix3.m4 b/contrib/sendmail/cf/ostype/aix3.m4
index fb74d9e..4376f67 100644
--- a/contrib/sendmail/cf/ostype/aix3.m4
+++ b/contrib/sendmail/cf/ostype/aix3.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,9 +13,9 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)aix3.m4	8.12 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: aix3.m4,v 8.16 1999/04/12 17:34:36 ca Exp $')
 ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', /bin/bellmail)')dnl
 ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', mail $u)')dnl
-ifdef(`LOCAL_MAILER_FLAGS',, `define(`LOCAL_MAILER_FLAGS', `mn9')')dnl
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `mn9')dnl
 define(`confEBINDIR', `/usr/lib')dnl
 define(`confTIME_ZONE', `USE_TZ')dnl
diff --git a/contrib/sendmail/cf/ostype/aix4.m4 b/contrib/sendmail/cf/ostype/aix4.m4
index 24ff001..8e0b9d4 100644
--- a/contrib/sendmail/cf/ostype/aix4.m4
+++ b/contrib/sendmail/cf/ostype/aix4.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1996 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,9 +13,9 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)aix4.m4	8.7 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: aix4.m4,v 8.11 1999/04/12 17:34:37 ca Exp $')
 ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', /bin/bellmail)')dnl
 ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', mail -F $g $u)')dnl
-ifdef(`LOCAL_MAILER_FLAGS',, `define(`LOCAL_MAILER_FLAGS', `mn9')')dnl
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `mn9')dnl
 define(`confEBINDIR', `/usr/lib')dnl
 define(`confTIME_ZONE', `USE_TZ')dnl
diff --git a/contrib/sendmail/cf/ostype/altos.m4 b/contrib/sendmail/cf/ostype/altos.m4
index 4dcefa9..1cffe1e 100644
--- a/contrib/sendmail/cf/ostype/altos.m4
+++ b/contrib/sendmail/cf/ostype/altos.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1996 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -14,14 +15,12 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)altos.m4	8.10 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: altos.m4,v 8.15 1999/04/24 05:37:40 gshapiro Exp $')
 
-define(`ALIAS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/aliases', `/usr/lib/mail/aliases'))dnl
 ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /usr/spool/mqueue)')dnl
-ifdef(`STATUS_FILE',, `define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/usr/lib/sendmail.st'))')dnl
 ifdef(`UUCP_MAILER_PATH',, `define(`UUCP_MAILER_PATH', /usr/bin/uux)')dnl
 ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', /usr/bin/lmail)')dnl
-ifdef(`LOCAL_MAILER_FLAGS',, `define(`LOCAL_MAILER_FLAGS', mPuhCE9)')dnl
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `mPuhCE9')dnl
 ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `lmail $u')')dnl
 ifdef(`LOCAL_SHELL_FLAGS',, `define(`LOCAL_SHELL_FLAGS', Peu)')dnl
 ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g $h!rmail ($u)')')dnl
diff --git a/contrib/sendmail/cf/ostype/amdahl-uts.m4 b/contrib/sendmail/cf/ostype/amdahl-uts.m4
index 84d47cd..edd3a5d 100644
--- a/contrib/sendmail/cf/ostype/amdahl-uts.m4
+++ b/contrib/sendmail/cf/ostype/amdahl-uts.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,12 +13,8 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)amdahl-uts.m4	8.11 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: amdahl-uts.m4,v 8.16 1999/04/24 05:37:40 gshapiro Exp $')
 divert(-1)
 
-define(`ALIAS_FILE', /etc/mail/aliases)
-ifdef(`HELP_FILE',, `define(`HELP_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/helpfile', `/etc/mail/sendmail.hf'))')
-ifdef(`STATUS_FILE',, `define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/usr/lib/sendmail.st'))')
-ifdef(`LOCAL_MAILER_FLAGS',, `define(`LOCAL_MAILER_FLAGS', `fSn9')')
-define(`confCW_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/local-host-names', `/etc/mail/sendmail.cw'))
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `fSn9')
 define(`confEBINDIR', `/usr/lib')dnl
diff --git a/contrib/sendmail/cf/ostype/aux.m4 b/contrib/sendmail/cf/ostype/aux.m4
index 8038cb5..ff7f19a 100644
--- a/contrib/sendmail/cf/ostype/aux.m4
+++ b/contrib/sendmail/cf/ostype/aux.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,11 +13,9 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)aux.m4	8.11 (Berkeley) 10/6/1998')
-define(`ALIAS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/aliases', `/usr/lib/aliases'))dnl
+VERSIONID(`$Id: aux.m4,v 8.16 1999/04/24 05:37:40 gshapiro Exp $')
 ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /usr/spool/mqueue)')dnl
-ifdef(`STATUS_FILE',, `define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/usr/lib/sendmail.st'))')dnl
 ifdef(`UUCP_MAILER_PATH',, `define(`UUCP_MAILER_PATH', /usr/bin/uux)')dnl
-ifdef(`LOCAL_MAILER_FLAGS',, `define(`LOCAL_MAILER_FLAGS', mn9)')dnl
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `mn9')dnl
 ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `mail -d -r $f $u')')dnl
 define(`confEBINDIR', `/usr/lib')dnl
diff --git a/contrib/sendmail/cf/ostype/bsd4.3.m4 b/contrib/sendmail/cf/ostype/bsd4.3.m4
index d0f3f8a..044f205 100644
--- a/contrib/sendmail/cf/ostype/bsd4.3.m4
+++ b/contrib/sendmail/cf/ostype/bsd4.3.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,6 +13,6 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)bsd4.3.m4	8.9 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: bsd4.3.m4,v 8.12 1999/02/07 07:26:18 gshapiro Exp $')
 ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /usr/spool/mqueue)')dnl
 ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -z -a$g $h!rmail ($u)')')dnl
diff --git a/contrib/sendmail/cf/ostype/bsd4.4.m4 b/contrib/sendmail/cf/ostype/bsd4.4.m4
index 514bce8..3f7b089 100644
--- a/contrib/sendmail/cf/ostype/bsd4.4.m4
+++ b/contrib/sendmail/cf/ostype/bsd4.4.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -13,8 +14,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)bsd4.4.m4	8.10 (Berkeley) 10/6/1998')
-ifdef(`HELP_FILE',, `define(`HELP_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/helpfile', `/usr/share/misc/sendmail.hf'))')dnl
-ifdef(`STATUS_FILE',, `define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/var/log/sendmail.st'))')dnl
+VERSIONID(`$Id: bsd4.4.m4,v 8.14 1999/04/24 05:37:40 gshapiro Exp $')
+ifdef(`STATUS_FILE',, `define(`STATUS_FILE', `/var/log/sendmail.st')')dnl
 ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', /usr/libexec/mail.local)')dnl
 ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -z -a$g $h!rmail ($u)')')dnl
diff --git a/contrib/sendmail/cf/ostype/bsdi.m4 b/contrib/sendmail/cf/ostype/bsdi.m4
new file mode 100644
index 0000000..35679bc
--- /dev/null
+++ b/contrib/sendmail/cf/ostype/bsdi.m4
@@ -0,0 +1,17 @@
+divert(-1)
+#
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+# Copyright (c) 1983 Eric P. Allman.  All rights reserved.
+# Copyright (c) 1988, 1993
+#	The Regents of the University of California.  All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: bsdi.m4,v 8.1 1999/11/19 05:18:13 gshapiro Exp $')
+include(_CF_DIR_`'ostype/bsd4.4.m4)dnl
diff --git a/contrib/sendmail/cf/ostype/bsdi1.0.m4 b/contrib/sendmail/cf/ostype/bsdi1.0.m4
index 08bd2a5..b806a37 100644
--- a/contrib/sendmail/cf/ostype/bsdi1.0.m4
+++ b/contrib/sendmail/cf/ostype/bsdi1.0.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,5 +13,6 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)bsdi1.0.m4	8.7 (Berkeley) 5/19/1998')dnl
-include(_CF_DIR_`'ostype/bsd4.4.m4)dnl
+VERSIONID(`$Id: bsdi1.0.m4,v 8.11 1999/11/19 05:18:14 gshapiro Exp $')
+errprint(`NOTE: OSTYPE(bsdi1.0) is deprecated.  Use OSTYPE(bsdi) instead.')
+include(_CF_DIR_`'ostype/bsdi.m4)dnl
diff --git a/contrib/sendmail/cf/ostype/bsdi2.0.m4 b/contrib/sendmail/cf/ostype/bsdi2.0.m4
index 6883eb0..493406f 100644
--- a/contrib/sendmail/cf/ostype/bsdi2.0.m4
+++ b/contrib/sendmail/cf/ostype/bsdi2.0.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,5 +13,6 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)bsdi2.0.m4	8.6 (Berkeley) 5/19/1998')dnl
-include(_CF_DIR_`'ostype/bsd4.4.m4)dnl
+VERSIONID(`$Id: bsdi2.0.m4,v 8.10 1999/11/19 05:18:14 gshapiro Exp $')
+errprint(`NOTE: OSTYPE(bsdi2.0) is deprecated.  Use OSTYPE(bsdi) instead.')
+include(_CF_DIR_`'ostype/bsdi.m4)dnl
diff --git a/contrib/sendmail/cf/ostype/darwin.m4 b/contrib/sendmail/cf/ostype/darwin.m4
new file mode 100644
index 0000000..c5fffe0
--- /dev/null
+++ b/contrib/sendmail/cf/ostype/darwin.m4
@@ -0,0 +1,17 @@
+divert(-1)
+#
+# Copyright (c) 2000 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+#
+
+divert(0)
+VERSIONID(`$Id: darwin.m4,v 8.1.2.1 2000/06/15 06:37:04 gshapiro Exp $')
+ifdef(`STATUS_FILE',, `define(`STATUS_FILE', `/var/log/sendmail.st')')dnl
+ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', /usr/libexec/mail.local)')dnl
+ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -z -a$g $h!rmail ($u)')')dnl
diff --git a/contrib/sendmail/cf/ostype/dgux.m4 b/contrib/sendmail/cf/ostype/dgux.m4
index 2f25cd8..335aeda 100644
--- a/contrib/sendmail/cf/ostype/dgux.m4
+++ b/contrib/sendmail/cf/ostype/dgux.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,8 +13,8 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)dgux.m4	8.10 (Berkeley) 5/19/1998')
-ifdef(`LOCAL_MAILER_FLAGS',, `define(`LOCAL_MAILER_FLAGS', m9)')dnl
+VERSIONID(`$Id: dgux.m4,v 8.14 1999/04/12 17:34:37 ca Exp $')
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `m9')dnl
 define(`confTIME_ZONE', `USE_TZ')dnl
 define(`confEBINDIR', `/usr/lib')dnl
 LOCAL_CONFIG
diff --git a/contrib/sendmail/cf/ostype/domainos.m4 b/contrib/sendmail/cf/ostype/domainos.m4
index 9f4ea92..759459d 100644
--- a/contrib/sendmail/cf/ostype/domainos.m4
+++ b/contrib/sendmail/cf/ostype/domainos.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,10 +13,8 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)domainos.m4	8.10 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: domainos.m4,v 8.14 1999/04/24 05:37:40 gshapiro Exp $')
 divert(-1)
 
-define(`ALIAS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/aliases', `/usr/lib/aliases'))
-ifdef(`STATUS_FILE',, `define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/usr/lib/sendmail.st'))')
 ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /usr/spool/mqueue)')
 define(`confEBINDIR', `/usr/lib')dnl
diff --git a/contrib/sendmail/cf/ostype/dynix3.2.m4 b/contrib/sendmail/cf/ostype/dynix3.2.m4
index 3836446..e072953 100644
--- a/contrib/sendmail/cf/ostype/dynix3.2.m4
+++ b/contrib/sendmail/cf/ostype/dynix3.2.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,7 +13,6 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)dynix3.2.m4	8.10 (Berkeley) 10/6/1998')
-define(`ALIAS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/aliases', `/usr/lib/aliases'))dnl
+VERSIONID(`$Id: dynix3.2.m4,v 8.14 1999/04/24 05:37:41 gshapiro Exp $')
 ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /usr/spool/mqueue)')dnl
 define(`confEBINDIR', `/usr/lib')dnl
diff --git a/contrib/sendmail/cf/ostype/gnu.m4 b/contrib/sendmail/cf/ostype/gnu.m4
new file mode 100644
index 0000000..39e8171
--- /dev/null
+++ b/contrib/sendmail/cf/ostype/gnu.m4
@@ -0,0 +1,21 @@
+divert(-1)
+#
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+# Copyright (c) 1997 Eric P. Allman.  All rights reserved.
+# Copyright (c) 1988, 1993
+#	The Regents of the University of California.  All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+#
+
+divert(0)
+VERSIONID(`$Id: gnu.m4,v 8.13 1999/04/24 05:37:41 gshapiro Exp $')
+ifdef(`STATUS_FILE',, `define(`STATUS_FILE', `/var/log/sendmail.st')')dnl
+ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', /libexec/mail.local)')dnl
+ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `mail $u')')dnl
+define(`confEBINDIR', `/libexec')dnl
diff --git a/contrib/sendmail/cf/ostype/hpux10.m4 b/contrib/sendmail/cf/ostype/hpux10.m4
index d349b54..290c0c6 100644
--- a/contrib/sendmail/cf/ostype/hpux10.m4
+++ b/contrib/sendmail/cf/ostype/hpux10.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,14 +13,11 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)hpux10.m4	8.14 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: hpux10.m4,v 8.19 1999/04/24 05:37:41 gshapiro Exp $')
 
 ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /var/spool/mqueue)')dnl
-define(`ALIAS_FILE', /etc/mail/aliases)dnl
-ifdef(`STATUS_FILE',, `define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/etc/mail/sendmail.st'))')dnl
-ifdef(`HELP_FILE',, `define(`HELP_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/helpfile', `/usr/share/lib/sendmail.hf'))')dnl
 ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', /usr/bin/rmail)')dnl
-ifdef(`LOCAL_MAILER_FLAGS',, `define(`LOCAL_MAILER_FLAGS', `m9')')dnl
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `m9')dnl
 ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `rmail -d $u')')dnl
 ifdef(`LOCAL_SHELL_PATH',, `define(`LOCAL_SHELL_PATH', /usr/bin/sh)')dnl
 ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gC $h!rmail ($u)')')dnl
diff --git a/contrib/sendmail/cf/ostype/hpux11.m4 b/contrib/sendmail/cf/ostype/hpux11.m4
new file mode 100644
index 0000000..94e2e98
--- /dev/null
+++ b/contrib/sendmail/cf/ostype/hpux11.m4
@@ -0,0 +1,23 @@
+divert(-1)
+#
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+# Copyright (c) 1983 Eric P. Allman.  All rights reserved.
+# Copyright (c) 1988, 1993
+#	The Regents of the University of California.  All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: hpux11.m4,v 8.1 1999/11/19 05:22:59 gshapiro Exp $')
+
+ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', /usr/bin/rmail)')dnl
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `m9')dnl
+ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `rmail -d $u')')dnl
+ifdef(`LOCAL_SHELL_PATH',, `define(`LOCAL_SHELL_PATH', /usr/bin/sh)')dnl
+ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gC $h!rmail ($u)')')dnl
+define(`confTIME_ZONE', `USE_TZ')dnl
diff --git a/contrib/sendmail/cf/ostype/hpux9.m4 b/contrib/sendmail/cf/ostype/hpux9.m4
index 55f1b97..902d39a 100644
--- a/contrib/sendmail/cf/ostype/hpux9.m4
+++ b/contrib/sendmail/cf/ostype/hpux9.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,13 +13,11 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)hpux9.m4	8.19 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: hpux9.m4,v 8.24 1999/04/24 05:37:41 gshapiro Exp $')
 
 ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /usr/spool/mqueue)')dnl
-define(`ALIAS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/aliases', `/usr/lib/aliases'))dnl
-ifdef(`STATUS_FILE',, `define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/usr/lib/sendmail.st'))')dnl
 ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', `/bin/rmail')')dnl
-ifdef(`LOCAL_MAILER_FLAGS',, `define(`LOCAL_MAILER_FLAGS', `m9')')dnl
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `m9')dnl
 ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `rmail -d $u')')dnl
 ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gC $h!rmail ($u)')')dnl
 define(`confTIME_ZONE', `USE_TZ')dnl
diff --git a/contrib/sendmail/cf/ostype/irix4.m4 b/contrib/sendmail/cf/ostype/irix4.m4
index aea6e9e..f966458 100644
--- a/contrib/sendmail/cf/ostype/irix4.m4
+++ b/contrib/sendmail/cf/ostype/irix4.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,9 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)irix4.m4	8.14 (Berkeley) 10/6/1998')
-ifdef(`LOCAL_MAILER_FLAGS',, `define(`LOCAL_MAILER_FLAGS', Ehm9)')dnl
+VERSIONID(`$Id: irix4.m4,v 8.19 1999/04/24 05:37:41 gshapiro Exp $')
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `Ehm9')dnl
 ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /usr/spool/mqueue)')dnl
-define(`ALIAS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/aliases', `/usr/lib/aliases'))dnl
-ifdef(`STATUS_FILE',, `define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/usr/lib/sendmail.st'))')dnl
 define(`confEBINDIR', `/usr/lib')dnl
diff --git a/contrib/sendmail/cf/ostype/irix5.m4 b/contrib/sendmail/cf/ostype/irix5.m4
index 426f002..dda4bf4 100644
--- a/contrib/sendmail/cf/ostype/irix5.m4
+++ b/contrib/sendmail/cf/ostype/irix5.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1995 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -28,13 +29,11 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)irix5.m4	8.11 (Berkeley) 10/6/1998')
-ifdef(`LOCAL_MAILER_FLAGS',, `define(`LOCAL_MAILER_FLAGS', Ehmu9)')dnl
+VERSIONID(`$Id: irix5.m4,v 8.16 1999/04/24 05:37:41 gshapiro Exp $')
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `Ehmu9')dnl
 ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `mail -s -d $u')')dnl
 ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /var/spool/mqueue)')dnl
-define(`ALIAS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/aliases', `/etc/aliases'))dnl
-ifdef(`STATUS_FILE',, `define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/var/sendmail.st'))')dnl
-ifdef(`HELP_FILE',, `define(`HELP_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/helpfile', `/etc/sendmail.hf'))')dnl
+ifdef(`STATUS_FILE',, `define(`STATUS_FILE', `/var/sendmail.st')')dnl
 define(`confDEF_USER_ID', `998:998')dnl
 define(`confTIME_ZONE', USE_TZ)dnl
 define(`confEBINDIR', `/usr/lib')dnl
diff --git a/contrib/sendmail/cf/ostype/irix6.m4 b/contrib/sendmail/cf/ostype/irix6.m4
index d419202..839e387 100644
--- a/contrib/sendmail/cf/ostype/irix6.m4
+++ b/contrib/sendmail/cf/ostype/irix6.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1995 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -16,7 +17,7 @@ divert(-1)
 #
 # Notes:
 # - SGI's /etc/sendmail.cf defines also 'u' for local mailer flags -- you
-#   perhaps don't want it.
+#   perhaps don't want it.  They have begun removing this flag in IRIX 6.5.
 # - Perhaps is should also add define(`LOCAL_MAILER_CHARSET', iso-8859-1)
 #   put some Asian sites may prefer otherwise -- or perhaps not.
 # - SGI's /etc/sendmail.cf seems use: A=mail -s -d $u
@@ -28,13 +29,11 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)irix6.m4	8.8 (Berkeley) 10/6/1998')
-ifdef(`LOCAL_MAILER_FLAGS',, `define(`LOCAL_MAILER_FLAGS', Ehmu9)')dnl
+VERSIONID(`$Id: irix6.m4,v 8.14 1999/08/05 20:35:55 gshapiro Exp $')
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `Ehmu9')dnl
 ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `mail -s -d $u')')dnl
 ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /var/spool/mqueue)')dnl
-define(`ALIAS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/aliases', `/etc/aliases'))dnl
-ifdef(`STATUS_FILE',, `define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/var/sendmail.st'))')dnl
-ifdef(`HELP_FILE',, `define(`HELP_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/helpfile', `/etc/sendmail.hf'))')dnl
+ifdef(`STATUS_FILE',, `define(`STATUS_FILE', `/var/sendmail.st')')dnl
 define(`confDEF_USER_ID', `998:998')dnl
 define(`confTIME_ZONE', USE_TZ)dnl
 define(`confEBINDIR', `/usr/lib')dnl
diff --git a/contrib/sendmail/cf/ostype/isc4.1.m4 b/contrib/sendmail/cf/ostype/isc4.1.m4
index 629835b..a124643 100644
--- a/contrib/sendmail/cf/ostype/isc4.1.m4
+++ b/contrib/sendmail/cf/ostype/isc4.1.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -13,14 +14,11 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)isc4.1.m4	8.11 (Berkeley) 10/6/1998')
-define(`ALIAS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/aliases', `/usr/lib/aliases'))dnl
-ifdef(`HELP_FILE',, `define(`HELP_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/helpfile', `/usr/lib/sendmail.hf'))')dnl
+VERSIONID(`$Id: isc4.1.m4,v 8.16 1999/04/24 05:37:42 gshapiro Exp $')
 ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `lmail -s $u')')dnl
-ifdef(`LOCAL_MAILER_FLAGS',, `define(`LOCAL_MAILER_FLAGS', `humS9')')dnl
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `humS9')dnl
 ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', /bin/lmail)')dnl
 ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /usr/spool/mqueue)')dnl
-ifdef(`STATUS_FILE',, `define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/usr/lib/sendmail.st'))')dnl
 ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -gC $h!rmail ($u)')')dnl
 ifdef(`UUCP_MAILER_PATH',, `define(`UUCP_MAILER_PATH', /usr/bin/uux)')dnl
 define(`confTIME_ZONE', `USE_TZ')dnl
diff --git a/contrib/sendmail/cf/ostype/linux.m4 b/contrib/sendmail/cf/ostype/linux.m4
index e1f7a92..b2dccf0 100644
--- a/contrib/sendmail/cf/ostype/linux.m4
+++ b/contrib/sendmail/cf/ostype/linux.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,5 +13,8 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)linux.m4	8.7 (Berkeley) 5/19/1998')
-define(`LOCAL_MAILER_PATH', /bin/mail.local)dnl
+VERSIONID(`$Id: linux.m4,v 8.11.16.1 2000/05/09 18:48:58 gshapiro Exp $')
+define(`confEBINDIR', `/usr/sbin')
+ifdef(`PROCMAIL_MAILER_PATH',,
+	define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail'))
+FEATURE(local_procmail)
diff --git a/contrib/sendmail/cf/ostype/maxion.m4 b/contrib/sendmail/cf/ostype/maxion.m4
index a8ecfd0..6f9a48e 100644
--- a/contrib/sendmail/cf/ostype/maxion.m4
+++ b/contrib/sendmail/cf/ostype/maxion.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1996 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -15,14 +16,11 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)maxion.m4	8.11 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: maxion.m4,v 8.17 1999/10/21 00:31:39 gshapiro Exp $')
 
-define(`ALIAS_FILE',        ifdef(`_USE_ETC_MAIL_', `/etc/mail/aliases', `/etc/ucbmail/aliases'))dnl
-define(`HELP_FILE',         ifdef(`_USE_ETC_MAIL_', `/etc/mail/helpfile', `/etc/ucbmail/sendmail.hf'))dnl
 define(`QUEUE_DIR',         `/var/spool/mqueue')dnl
-define(`STATUS_FILE',       ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/var/adm/log/sendmail.st'))dnl
+define(`STATUS_FILE',       `/var/adm/log/sendmail.st')dnl
 define(`LOCAL_MAILER_PATH', `/usr/bin/mail')dnl
-define(`LOCAL_MAILER_FLAGS',`rmn9')dnl
 define(`LOCAL_SHELL_FLAGS', `ehuP')dnl
 define(`LOCAL_MAILER_ARGS', `mail $u')dnl
 define(`UUCP_MAILER_ARGS',  `uux - -r -a$g -gmedium $h!rmail ($u)')dnl
diff --git a/contrib/sendmail/cf/ostype/mklinux.m4 b/contrib/sendmail/cf/ostype/mklinux.m4
index abcdbae..12c6f8bf 100644
--- a/contrib/sendmail/cf/ostype/mklinux.m4
+++ b/contrib/sendmail/cf/ostype/mklinux.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -14,9 +15,10 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)mklinux.m4	8.8 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: mklinux.m4,v 8.14.4.1 2000/05/09 18:48:58 gshapiro Exp $')
+define(`confEBINDIR', `/usr/sbin')
 ifdef(`STATUS_FILE',,
-	`define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/var/log/sendmail.st'))')
+	`define(`STATUS_FILE', `/var/log/sendmail.st')')
 ifdef(`PROCMAIL_MAILER_PATH',,
-	define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail'))
+	`define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')')
 FEATURE(local_procmail)
diff --git a/contrib/sendmail/cf/ostype/nextstep.m4 b/contrib/sendmail/cf/ostype/nextstep.m4
index ebe6957..0c52893 100644
--- a/contrib/sendmail/cf/ostype/nextstep.m4
+++ b/contrib/sendmail/cf/ostype/nextstep.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,13 +13,8 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)nextstep.m4	8.15 (Berkeley) 10/6/1998')
-define(`ALIAS_FILE', /etc/sendmail/aliases)dnl
-define(`confCW_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/local-host-names', `/etc/sendmail/sendmail.cw'))dnl
-ifdef(`HELP_FILE',, `define(`HELP_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/helpfile', `/usr/lib/sendmail.hf'))')dnl
-ifdef(`STATUS_FILE',, `define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/etc/sendmail/sendmail.st'))')dnl
+VERSIONID(`$Id: nextstep.m4,v 8.21 1999/10/21 00:31:40 gshapiro Exp $')
 ifdef(`UUCP_MAILER_PATH',, `define(`UUCP_MAILER_PATH', /usr/bin/uux)')dnl
 ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /usr/spool/mqueue)')dnl
-ifdef(`LOCAL_MAILER_FLAGS',, `define(`LOCAL_MAILER_FLAGS', `rmnP9')')dnl
 ifdef(`LOCAL_SHELL_FLAGS',, `define(`LOCAL_SHELL_FLAGS', `euP')')dnl
 define(`confEBINDIR', `/usr/lib')dnl
diff --git a/contrib/sendmail/cf/ostype/openbsd.m4 b/contrib/sendmail/cf/ostype/openbsd.m4
new file mode 100644
index 0000000..aaeb615
--- /dev/null
+++ b/contrib/sendmail/cf/ostype/openbsd.m4
@@ -0,0 +1,17 @@
+divert(-1)
+#
+# Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: openbsd.m4,v 8.3 1999/04/24 05:37:42 gshapiro Exp $')
+ifdef(`STATUS_FILE',, `define(`STATUS_FILE', `/var/log/sendmail.st')')dnl
+ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', /usr/libexec/mail.local)')dnl
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `rmn9S')dnl
+ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -z -a$g $h!rmail ($u)')')dnl
diff --git a/contrib/sendmail/cf/ostype/osf1.m4 b/contrib/sendmail/cf/ostype/osf1.m4
index 7fcf1cf..dd13963 100644
--- a/contrib/sendmail/cf/ostype/osf1.m4
+++ b/contrib/sendmail/cf/ostype/osf1.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,8 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)osf1.m4	8.11 (Berkeley) 10/6/1998')
-define(`ALIAS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/aliases', `/usr/adm/sendmail/aliases'))dnl
-ifdef(`STATUS_FILE',, `define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/usr/adm/sendmail/sendmail.st'))')dnl
-ifdef(`HELP_FILE',, `define(`HELP_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/helpfile', `/usr/share/lib/sendmail.hf'))')dnl
+VERSIONID(`$Id: osf1.m4,v 8.16 1999/10/11 18:45:43 gshapiro Exp $')
+ifdef(`STATUS_FILE',, `define(`STATUS_FILE', `/usr/adm/sendmail/sendmail.st')')dnl
 define(`confDEF_USER_ID', `daemon')
+define(`confEBINDIR', `/usr/lbin')dnl
diff --git a/contrib/sendmail/cf/ostype/powerux.m4 b/contrib/sendmail/cf/ostype/powerux.m4
index 068bd8e..4646fe3 100644
--- a/contrib/sendmail/cf/ostype/powerux.m4
+++ b/contrib/sendmail/cf/ostype/powerux.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,13 +13,10 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)powerux.m4	8.8 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: powerux.m4,v 8.13 1999/04/24 05:37:43 gshapiro Exp $')
 
-define(`ALIAS_FILE', /etc/mail/aliases)dnl
-ifdef(`HELP_FILE',,`define(`HELP_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/helpfile', `/etc/mail/sendmail.hf'))')dnl
-ifdef(`STATUS_FILE',,`define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/etc/mail/sendmail.st'))')dnl
 define(`LOCAL_MAILER_PATH', `/usr/bin/rmail')dnl
-define(`LOCAL_MAILER_FLAGS', `mn9')dnl
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `mn9')dnl
 define(`LOCAL_MAILER_ARGS', `rmail $u')dnl
 define(`LOCAL_SHELL_FLAGS', `ehuP')dnl
 define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gmedium $h!rmail ($u)')dnl
diff --git a/contrib/sendmail/cf/ostype/ptx2.m4 b/contrib/sendmail/cf/ostype/ptx2.m4
index d564ead..84e8396 100644
--- a/contrib/sendmail/cf/ostype/ptx2.m4
+++ b/contrib/sendmail/cf/ostype/ptx2.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1994 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1994
 #	The Regents of the University of California.  All rights reserved.
@@ -14,12 +15,9 @@ divert(-1)
 # Support for DYNIX/ptx 2.x.
 
 divert(0)
-VERSIONID(`@(#)ptx2.m4	8.12 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: ptx2.m4,v 8.17 1999/04/24 05:37:43 gshapiro Exp $')
 ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /usr/spool/mqueue)')dnl
-define(`ALIAS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/aliases', `/usr/lib/aliases'))dnl
-ifdef(`HELP_FILE',,`define(`HELP_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/helpfile', `/usr/lib/sendmail.hf'))')dnl
-ifdef(`STATUS_FILE',,`define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/usr/lib/sendmail.st'))')dnl
 define(`LOCAL_MAILER_PATH', `/bin/mail')dnl
-define(`LOCAL_MAILER_FLAGS', `fmn9')dnl
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `fmn9')dnl
 define(`LOCAL_SHELL_FLAGS', `eu')dnl
 define(`confEBINDIR', `/usr/lib')dnl
diff --git a/contrib/sendmail/cf/ostype/qnx.m4 b/contrib/sendmail/cf/ostype/qnx.m4
index 91ed669..5fb3b08 100644
--- a/contrib/sendmail/cf/ostype/qnx.m4
+++ b/contrib/sendmail/cf/ostype/qnx.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1997 Eric P. Allman.  All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
@@ -12,10 +13,9 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)qnx.m4	8.8 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: qnx.m4,v 8.13 1999/04/24 05:37:43 gshapiro Exp $')
 define(`QUEUE_DIR', /usr/spool/mqueue)dnl
-define(`HELP_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/helpfile', `/etc/sendmail.hf'))dnl
 define(`LOCAL_MAILER_ARGS', `mail $u')dnl
-define(`LOCAL_MAILER_FLAGS', `Sh')dnl
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `Sh')dnl
 define(`LOCAL_MAILER_PATH', /usr/bin/mailx)dnl
 define(`UUCP_MAILER_ARGS', `uux - -r -z -a$f $h!rmail ($u)')dnl
diff --git a/contrib/sendmail/cf/ostype/riscos4.5.m4 b/contrib/sendmail/cf/ostype/riscos4.5.m4
index c44a180..f806938 100644
--- a/contrib/sendmail/cf/ostype/riscos4.5.m4
+++ b/contrib/sendmail/cf/ostype/riscos4.5.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,10 +13,8 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)riscos4.5.m4	8.11 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: riscos4.5.m4,v 8.15 1999/04/24 05:37:43 gshapiro Exp $')
 
 ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `rmail -d $u')')dnl
-define(`ALIAS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/aliases', `/usr/lib/aliases'))dnl
 ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', `/usr/spool/mqueue')')dnl
-ifdef(`HELP_FILE',, `define(`HELP_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/helpfile', `/usr/lib/sendmail.hf'))')dnl
 define(`confEBINDIR', `/usr/lib')dnl
diff --git a/contrib/sendmail/cf/ostype/sco-uw-2.1.m4 b/contrib/sendmail/cf/ostype/sco-uw-2.1.m4
index 0de9bae..8fe1b84 100644
--- a/contrib/sendmail/cf/ostype/sco-uw-2.1.m4
+++ b/contrib/sendmail/cf/ostype/sco-uw-2.1.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
@@ -12,13 +13,10 @@ divert(-1)
 #	Contributed by Christopher Durham <chrisdu@SCO.COM> of SCO.
 #
 divert(0)
-VERSIONID(`@(#)sco-uw-2.1.m4	8.8 (Berkeley) 1/25/1999')
+VERSIONID(`$Id: sco-uw-2.1.m4,v 8.13 1999/04/24 05:37:43 gshapiro Exp $')
 
-define(`ALIAS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/aliases', `/usr/lib/mail/aliases'))dnl
-ifdef(`HELP_FILE',,`define(`HELP_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/helpfile', `/usr/ucblib/sendmail.hf'))')dnl
-ifdef(`STATUS_FILE',,`define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/usr/ucblib/sendmail.st'))')dnl
 define(`LOCAL_MAILER_PATH', `/usr/bin/rmail')dnl
-define(`LOCAL_MAILER_FLAGS', `fhCEn9')dnl
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `fhCEn9')dnl
 define(`LOCAL_SHELL_FLAGS', `ehuP')dnl
 define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gmedium $h!rmail ($u)')dnl
 define(`LOCAL_MAILER_ARGS',`rmail $u')dnl
diff --git a/contrib/sendmail/cf/ostype/sco3.2.m4 b/contrib/sendmail/cf/ostype/sco3.2.m4
index 135fefa..89ac637 100644
--- a/contrib/sendmail/cf/ostype/sco3.2.m4
+++ b/contrib/sendmail/cf/ostype/sco3.2.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,13 +13,11 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)sco3.2.m4	8.11 (Berkeley) 10/6/1998')
-define(`ALIAS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/aliases', `/usr/lib/mail/aliases'))dnl
+VERSIONID(`$Id: sco3.2.m4,v 8.16 1999/04/24 05:37:43 gshapiro Exp $')
 ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /usr/spool/mqueue)')dnl
-ifdef(`STATUS_FILE',, `define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/usr/lib/sendmail.st'))')dnl
 ifdef(`UUCP_MAILER_PATH',, `define(`UUCP_MAILER_PATH', /usr/bin/uux)')dnl
 ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', /usr/bin/lmail)')dnl
-ifdef(`LOCAL_MAILER_FLAGS',, `define(`LOCAL_MAILER_FLAGS', PuhCE9)')dnl
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `PuhCE9')dnl
 ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `lmail $u')')dnl
 ifdef(`LOCAL_SHELL_FLAGS',, `define(`LOCAL_SHELL_FLAGS', Peu)')dnl
 define(`confEBINDIR', `/usr/lib')dnl
diff --git a/contrib/sendmail/cf/ostype/sinix.m4 b/contrib/sendmail/cf/ostype/sinix.m4
index 37d12d4..bcd6b31 100644
--- a/contrib/sendmail/cf/ostype/sinix.m4
+++ b/contrib/sendmail/cf/ostype/sinix.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1996 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,10 +13,8 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)sinix.m4	8.9 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: sinix.m4,v 8.13 1999/04/24 05:37:43 gshapiro Exp $')
 ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /var/spool/mqueue)')dnl
-define(`ALIAS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/aliases', `/etc/aliases'))dnl
 define(`LOCAL_MAILER_PATH', `/bin/mail.local')dnl
-ifdef(`STATUS_FILE',, `define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/var/sendmail.st'))')dnl
-ifdef(`HELP_FILE',, `define(`HELP_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/helpfile', `/etc/sendmail.hf'))')dnl
+ifdef(`STATUS_FILE',, `define(`STATUS_FILE', `/var/sendmail.st')')dnl
 define(`confEBINDIR', `/usr/ucblib')dnl
diff --git a/contrib/sendmail/cf/ostype/solaris2.m4 b/contrib/sendmail/cf/ostype/solaris2.m4
index 5a0e2a9..6cf1484 100644
--- a/contrib/sendmail/cf/ostype/solaris2.m4
+++ b/contrib/sendmail/cf/ostype/solaris2.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -10,16 +11,17 @@ divert(-1)
 # the sendmail distribution.
 #
 #
+#	This ostype file is suitable for use on Solaris 2.x systems that
+#	have mail.local installed.  It is my understanding that this is
+#	standard as of Solaris 2.5.
+#
 
 divert(0)
-VERSIONID(`@(#)solaris2.m4	8.16 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: solaris2.m4,v 8.22 1999/09/24 21:43:53 ca Exp $')
 divert(-1)
 
-define(`ALIAS_FILE', /etc/mail/aliases)
-ifdef(`HELP_FILE',, `define(`HELP_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/helpfile', `/etc/mail/sendmail.hf'))')
-ifdef(`STATUS_FILE',, `define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/etc/mail/sendmail.st'))')
-ifdef(`LOCAL_MAILER_FLAGS',, `define(`LOCAL_MAILER_FLAGS', `SnE9')')
-ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `mail -f $g -d $u')')
+ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', `/usr/lib/mail.local')')
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `fSmn9')
+ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `mail.local -d $u')')
 ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g $h!rmail ($u)')')
-define(`confCW_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/local-host-names', `/etc/mail/sendmail.cw'))
 define(`confEBINDIR', `/usr/lib')dnl
diff --git a/contrib/sendmail/cf/ostype/solaris2.ml.m4 b/contrib/sendmail/cf/ostype/solaris2.ml.m4
index f99cebb..72cb729 100644
--- a/contrib/sendmail/cf/ostype/solaris2.ml.m4
+++ b/contrib/sendmail/cf/ostype/solaris2.ml.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -16,15 +17,11 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)solaris2.ml.m4	8.9 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: solaris2.ml.m4,v 8.14 1999/04/24 05:37:44 gshapiro Exp $')
 divert(-1)
 
-define(`ALIAS_FILE', /etc/mail/aliases)
-ifdef(`HELP_FILE',, `define(`HELP_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/helpfile', `/etc/mail/sendmail.hf'))')
-ifdef(`STATUS_FILE',, `define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/etc/mail/sendmail.st'))')
 ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', `/usr/lib/mail.local')')
-ifdef(`LOCAL_MAILER_FLAGS',, `define(`LOCAL_MAILER_FLAGS', `fSmn9')')
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `fSmn9')
 ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `mail.local -d $u')')
 ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g $h!rmail ($u)')')
-define(`confCW_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/local-host-names', `/etc/mail/sendmail.cw'))
 define(`confEBINDIR', `/usr/lib')dnl
diff --git a/contrib/sendmail/cf/ostype/solaris2.pre5.m4 b/contrib/sendmail/cf/ostype/solaris2.pre5.m4
new file mode 100644
index 0000000..c30dda6
--- /dev/null
+++ b/contrib/sendmail/cf/ostype/solaris2.pre5.m4
@@ -0,0 +1,26 @@
+divert(-1)
+#
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+# Copyright (c) 1983 Eric P. Allman.  All rights reserved.
+# Copyright (c) 1988, 1993
+#	The Regents of the University of California.  All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+#	This ostype file is suitable for use on Solaris 2.x systems that
+#	use mail as local mailer which are usually version before 2.5.
+#
+
+
+divert(0)
+VERSIONID(`$Id: solaris2.pre5.m4,v 8.1 1999/09/25 08:17:44 ca Exp $')
+divert(-1)
+
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `SnE9')
+ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `mail -f $g -d $u')')
+ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g $h!rmail ($u)')')
+define(`confEBINDIR', `/usr/lib')dnl
diff --git a/contrib/sendmail/cf/ostype/sunos3.5.m4 b/contrib/sendmail/cf/ostype/sunos3.5.m4
index aeda272..d1d776e 100644
--- a/contrib/sendmail/cf/ostype/sunos3.5.m4
+++ b/contrib/sendmail/cf/ostype/sunos3.5.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,6 +13,6 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)sunos3.5.m4	8.7 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: sunos3.5.m4,v 8.10 1999/02/07 07:26:23 gshapiro Exp $')
 
 define(`confEBINDIR', `/usr/lib')dnl
diff --git a/contrib/sendmail/cf/ostype/sunos4.1.m4 b/contrib/sendmail/cf/ostype/sunos4.1.m4
index 78648da..1e821ff 100644
--- a/contrib/sendmail/cf/ostype/sunos4.1.m4
+++ b/contrib/sendmail/cf/ostype/sunos4.1.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,6 +13,6 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)sunos4.1.m4	8.7 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: sunos4.1.m4,v 8.10 1999/02/07 07:26:24 gshapiro Exp $')
 
 define(`confEBINDIR', `/usr/lib')dnl
diff --git a/contrib/sendmail/cf/ostype/svr4.m4 b/contrib/sendmail/cf/ostype/svr4.m4
index d0de278..3f7706b 100644
--- a/contrib/sendmail/cf/ostype/svr4.m4
+++ b/contrib/sendmail/cf/ostype/svr4.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,13 +13,9 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)svr4.m4	8.11 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: svr4.m4,v 8.17 1999/10/21 00:31:41 gshapiro Exp $')
 
-define(`ALIAS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/aliases', `/usr/ucblib/aliases'))dnl
-ifdef(`HELP_FILE',,`define(`HELP_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/helpfile', `/usr/ucblib/sendmail.hf'))')dnl
-ifdef(`STATUS_FILE',,`define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/usr/ucblib/sendmail.st'))')dnl
 define(`LOCAL_MAILER_PATH', `/usr/ucblib/binmail')dnl
-define(`LOCAL_MAILER_FLAGS', `rmn9')dnl
 define(`LOCAL_SHELL_FLAGS', `ehuP')dnl
 define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gmedium $h!rmail ($u)')dnl
 define(`confEBINDIR', `/usr/ucblib')dnl
diff --git a/contrib/sendmail/cf/ostype/ultrix4.m4 b/contrib/sendmail/cf/ostype/ultrix4.m4
index d10518a..128c61a 100644
--- a/contrib/sendmail/cf/ostype/ultrix4.m4
+++ b/contrib/sendmail/cf/ostype/ultrix4.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,6 +13,6 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)ultrix4.m4	8.8 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: ultrix4.m4,v 8.11 1999/02/07 07:26:24 gshapiro Exp $')
 
 define(`confEBINDIR', `/usr/lib')dnl
diff --git a/contrib/sendmail/cf/ostype/unixware7.m4 b/contrib/sendmail/cf/ostype/unixware7.m4
index a787307..d42f8ab 100644
--- a/contrib/sendmail/cf/ostype/unixware7.m4
+++ b/contrib/sendmail/cf/ostype/unixware7.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
@@ -9,9 +10,11 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)unixware7.m4	8.2 (Berkeley) 1/25/1999')
-define(`ALIAS_FILE', `/etc/mail/aliases')dnl
-ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /usr/spool/mqueue)')dnl
-ifdef(`STATUS_FILE',, `define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/etc/mailer/sendmail.st'))')dnl
+VERSIONID(`$Id: unixware7.m4,v 8.8 2000/02/26 01:32:04 gshapiro Exp $')
+ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /var/spool/mqueue)')dnl
 define(`confEBINDIR', `/usr/lib')dnl
 define(`confTIME_ZONE', `USE_TZ')dnl
+ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', /etc/mail/slocal)')dnl
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `Puho9')dnl
+ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `slocal -user $u')')dnl
+ifdef(`LOCAL_SHELL_FLAGS',, `define(`LOCAL_SHELL_FLAGS', Peu)')dnl
diff --git a/contrib/sendmail/cf/ostype/unknown.m4 b/contrib/sendmail/cf/ostype/unknown.m4
index 629c31b..2d5734c 100644
--- a/contrib/sendmail/cf/ostype/unknown.m4
+++ b/contrib/sendmail/cf/ostype/unknown.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -12,7 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)unknown.m4	8.6 (Berkeley) 5/19/1998')
+VERSIONID(`$Id: unknown.m4,v 8.9 1999/02/07 07:26:24 gshapiro Exp $')
 errprint(`*** ERROR: You have not specified a valid operating system type.')
 errprint(`	Use the OSTYPE macro to select a valid system type.  This')
 errprint(`	is necessary in order to get the proper pathnames and flags')
diff --git a/contrib/sendmail/cf/ostype/uxpds.m4 b/contrib/sendmail/cf/ostype/uxpds.m4
index 0f1d908..1ba0346 100644
--- a/contrib/sendmail/cf/ostype/uxpds.m4
+++ b/contrib/sendmail/cf/ostype/uxpds.m4
@@ -1,6 +1,7 @@
 divert(-1)
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -15,14 +16,10 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)uxpds.m4	8.10 (Berkeley) 10/6/1998')
+VERSIONID(`$Id: uxpds.m4,v 8.16 1999/10/21 00:31:42 gshapiro Exp $')
 
 define(`confDEF_GROUP_ID', `6')
-define(`ALIAS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/aliases', `/usr/ucblib/aliases'))dnl
-ifdef(`HELP_FILE',,`define(`HELP_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/helpfile', `/usr/ucblib/sendmail.hf'))')dnl
-ifdef(`STATUS_FILE',,`define(`STATUS_FILE', ifdef(`_USE_ETC_MAIL_', `/etc/mail/statistics', `/usr/ucblib/sendmail.st'))')dnl
 define(`LOCAL_MAILER_PATH', `/usr/ucblib/binmail')dnl
-define(`LOCAL_MAILER_FLAGS', `rmn9')dnl
 define(`LOCAL_SHELL_FLAGS', `ehuP')dnl
 define(`UUCP_MAILER_ARGS', `uux - -r -a$f -gmedium $h!rmail ($u)')dnl
 define(`confEBINDIR', `/usr/ucblib')dnl
diff --git a/contrib/sendmail/cf/sh/makeinfo.sh b/contrib/sendmail/cf/sh/makeinfo.sh
index c8621f4..d38fd52 100644
--- a/contrib/sendmail/cf/sh/makeinfo.sh
+++ b/contrib/sendmail/cf/sh/makeinfo.sh
@@ -1,6 +1,7 @@
 #!/bin/sh
 #
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
@@ -10,7 +11,7 @@
 # the sendmail distribution.
 #
 #
-#	@(#)makeinfo.sh	8.11 (Berkeley) 5/19/1998
+#	$Id: makeinfo.sh,v 8.14 1999/02/07 07:26:25 gshapiro Exp $
 #
 
 usewhoami=0
diff --git a/contrib/sendmail/contrib/README b/contrib/sendmail/contrib/README
index dcf5c8f..1098f48 100644
--- a/contrib/sendmail/contrib/README
+++ b/contrib/sendmail/contrib/README
@@ -5,6 +5,6 @@ for assistance.
 Some of these are patches to sendmail itself.  You may need to take
 care -- some of the patches may be out of date with the latest release
 of sendmail.  Also, the previous comment applies -- patches belong to
-the original author, not to me.
+the original author, not to us.
 
-Eric Allman, 26 May 1993
+$Revision: 8.2 $, Last updated $Date: 1999/09/24 05:46:47 $
diff --git a/contrib/sendmail/contrib/bitdomain.c b/contrib/sendmail/contrib/bitdomain.c
index 52d6d21..0b7073d 100644
--- a/contrib/sendmail/contrib/bitdomain.c
+++ b/contrib/sendmail/contrib/bitdomain.c
@@ -9,11 +9,11 @@
  * Change directory to "netinfo" and get the file internet.listing
  * The file is updated monthly.
  *
- * Feed the output of this program to "makemap hash /etc/bitdomain.db"
+ * Feed the output of this program to "makemap hash /etc/mail/bitdomain.db"
  * to create the table used by the "FEATURE(bitdomain)" config file macro.
  * If your sendmail does not have the db library compiled in, you can instead
- * use "makemap dbm /etc/bitdomain" and
- * "FEATURE(bitdomain,`dbm -o /etc/bitdomain')"
+ * use "makemap dbm /etc/mail/bitdomain" and
+ * "FEATURE(bitdomain,`dbm -o /etc/mail/bitdomain')"
  *
  * The bitdomain table should be rebuilt monthly.
  */
@@ -51,7 +51,7 @@ char **argv;
 {
     int opt;
 
-    while ((opt = getopt(argc, argv, "o:")) != EOF) {
+    while ((opt = getopt(argc, argv, "o:")) != -1) {
 	switch (opt) {
 	case 'o':
 	    if (!freopen(optarg, "w", stdout)) {
@@ -187,7 +187,7 @@ char *domainlen;
 	    case NO_DATA:
 		err = "registered in DNS, but not mailable";
 		break;
-		
+
 	    default:
 		err = "unknown nameserver error";
 		break;
@@ -210,7 +210,7 @@ valhost(host, hbsize)
 	int hbsize;
 {
 	register u_char *eom, *ap;
-	register int n; 
+	register int n;
 	HEADER *hp;
 	querybuf answer;
 	int ancount, qdcount;
@@ -406,4 +406,4 @@ finish()
 	}
     }
 }
-	    
+
diff --git a/contrib/sendmail/contrib/bounce-resender.pl b/contrib/sendmail/contrib/bounce-resender.pl
new file mode 100755
index 0000000..9253cdd
--- /dev/null
+++ b/contrib/sendmail/contrib/bounce-resender.pl
@@ -0,0 +1,282 @@
+#!/usr/local/bin/perl -w
+#
+# bounce-resender: constructs mail queue from bounce spool for
+#  subsequent reprocessing by sendmail
+#
+# usage: given a mail spool full of (only) bounced mail called "bounces":
+#        # mkdir -m0700 bqueue; cd bqueue && bounce-resender < ../bounces
+#        # cd ..
+#        # chown -R root bqueue; chmod 600 bqueue/*
+#        # /usr/lib/sendmail -bp -oQ`pwd`/bqueue | more   # does it look OK?
+#        # /usr/lib/sendmail -q -oQ`pwd`/bqueue -oT99d &  # run the queue
+#
+# ** also read messages at end! **
+#
+# Brian R. Gaeke <brg@EECS.Berkeley.EDU> Thu Feb 18 13:40:10 PST 1999
+#
+#############################################################################
+# This script has NO WARRANTY, NO BUG FIXES, and NO SUPPORT.  You will
+# need to modify it for your site and for your operating system, unless
+# you are in the EECS Instructional group at UC Berkeley. (Search forward
+# for two occurrences of "FIXME".)
+#
+
+$state = "MSG_START";
+$ctr = 0;
+$lineno = 0;
+$getnrl = 0;
+$nrl = "";
+$uname = "PhilOS";  # You don't want to change this here.
+$myname = $0;
+$myname =~ s,.*/([^/]*),$1,;
+
+chomp($hostname = `hostname`);
+chomp($uname = `uname`);
+
+# FIXME: Define the functions "major" and "minor" for your OS.
+if ($uname eq "SunOS") {
+	# from h2ph < /usr/include/sys/sysmacros.h on 
+	# SunOS torus.CS.Berkeley.EDU 5.6 Generic_105182-11 i86pc i386 i86pc
+    eval 'sub O_BITSMINOR () {8;}' unless defined(&O_BITSMINOR);
+    eval 'sub O_MAXMAJ () {0x7f;}' unless defined(&O_MAXMAJ);
+    eval 'sub O_MAXMIN () {0xff;}' unless defined(&O_MAXMIN);
+	eval 'sub major {
+	    local($x) = @_;
+	    eval "((($x) >>  &O_BITSMINOR)   &O_MAXMAJ)";
+	}' unless defined(&major);
+	eval 'sub minor {
+	    local($x) = @_;
+	    eval "(($x)   &O_MAXMIN)";
+	}' unless defined(&minor);
+} else {
+	die "How do you calculate major and minor device numbers on $uname?\n";
+}
+
+sub ignorance { $ignored{$state}++; }
+
+sub unmunge {
+	my($addr) = @_;
+	$addr =~ s/_FNORD_/ /g;
+	# remove (Real Name)
+	$addr =~ s/^(.*)\([^\)]*\)(.*)$/$1$2/
+		if $addr =~ /^.*\([^\)]*\).*$/;
+	# extract <user@host> if it appears
+	$addr =~ s/^.*<([^>]*)>.*$/$1/
+		if $addr =~ /^.*<[^>]*>.*$/;
+	# strip leading, trailing blanks
+	$addr =~ s/^\s*(.*)\s*/$1/;
+	# nuke local domain
+    # FIXME: Add a regular expression for your local domain here.
+	$addr =~
+	 s/@(cory|po|pasteur|torus|parker|cochise|franklin).(ee)?cs.berkeley.edu//i;
+	return $addr;
+}
+
+print STDERR "$0: running on $hostname ($uname)\n";
+
+open(INPUT,$ARGV[0]) || die "$ARGV[0]: $!\n";
+
+sub working { 
+	my($now);
+	$now = localtime;
+	print STDERR "$myname: Working... $now\n";
+}
+
+&working();
+
+while (! eof INPUT) {
+	# get a new line
+	if ($state eq "IN_MESSAGE_HEADER") {
+		# handle multi-line headers
+		if ($nrl ne "" || $getnrl != 0) {
+			$_ = $nrl;
+			$getnrl = 0;
+			$nrl = "";
+		} else {
+			$_ = <INPUT>; $lineno++;
+		}
+		unless ($_ =~ /^\s*$/) {
+			while ($nrl eq "") {
+				$nrl = <INPUT>; $lineno++;
+				if ($nrl =~ /^\s+[^\s].*$/) { # continuation line
+					chomp($_);
+					$_ .= "_FNORD_" . $nrl;
+					$nrl = "";
+				} elsif ($nrl =~ /^\s*$/) { # end of headers
+					$getnrl++;
+					last;
+				}
+			}
+		}
+	} else {
+		# normal single line
+		if ($nrl ne "") {
+			$_ = $nrl; $nrl = "";
+		} else {
+			$_ = <INPUT>; $lineno++;
+		}
+	}
+
+	if ($state eq "WAIT_FOR_FROM") {
+		if (/^From \S+.*$/) {
+			$state = "MSG_START";
+		} else {
+			&ignorance();
+		}
+	} elsif ($state eq "MSG_START") {
+		if (/^\s+boundary=\"([^\"]*)\".*$/) {
+			$boundary = $1;
+			$state = "GOT_BOUNDARY";
+			$ctr++;
+		} else {
+			&ignorance();
+		}
+	} elsif ($state eq "GOT_BOUNDARY") {
+		if (/^--$boundary/) {
+			$next = <INPUT>; $lineno++;
+			if ($next =~ /^Content-Type: message\/rfc822/) {
+				$hour = (localtime)[2];
+				$char = chr(ord("A") + $hour);
+				$ident = sprintf("%sAA%05d",$char,99999 - $ctr);
+				$qf = "qf$ident";
+				$df = "df$ident";
+				@rcpt = ();
+				open(MSGHDR,">$qf") || die "Can't write to $qf: $!\n";
+				open(MSGBODY,">$df") || die "Can't write to $df: $!\n";
+				chmod(0600, $qf, $df);
+				$state = "IN_MESSAGE_HEADER";
+				$header = $body = "";
+				$messageid = "bounce-resender-$ctr";
+				$fromline = "MAILER-DAEMON";
+				$ctencod = "7BIT";
+				# skip a bit, brother maynard (boundary is separated from
+				#  the header by a blank line)
+				$next = <INPUT>; $lineno++;
+				unless ($next =~ /^\s*$/) {
+					print MSGHDR $next;
+				}
+			}
+		} else {
+			&ignorance();
+		}
+
+		$next = $char = $hour = undef;
+	} elsif ($state eq "IN_MESSAGE_HEADER") {
+		if (!(/^--$boundary/ || /^\s*$/)) {
+			if (/^Message-[iI][dD]:\s+<([^@]+)@[^>]*>.*$/) {
+				$messageid = $1;
+			} elsif (/^From:\s+(.*)$/) {
+				$fromline = $sender = $1;
+				$fromline = unmunge($fromline);
+			} elsif (/^Content-[Tt]ransfer-[Ee]ncoding:\s+(.*)$/) {
+				$ctencod = $1;
+			} elsif (/^(To|[Cc][Cc]):\s+(.*)$/) {
+				$toaddrs = $2;
+				foreach $toaddr (split(/,/,$toaddrs)) {
+					$toaddr = unmunge($toaddr);
+					push(@rcpt,$toaddr);
+				}
+			}
+			$headerline = $_; 
+			# escape special chars
+			# (Perhaps not. It doesn't seem to be necessary (yet)).
+            #$headerline =~ s/([\(\)<>@,;:\\".\[\]])/\\$1/g;
+			# purely heuristic ;-)
+            $headerline =~ s/Return-Path:/?P?Return-Path:/g;
+			# save H-line to write to qf, later
+			$header .= "H$headerline";
+
+			$headerline = $toaddr = $toaddrs = undef;
+		} elsif (/^\s*$/) {
+			# write to qf
+			($dev, $ino) = (stat($df))[0 .. 1];
+			($maj, $min) = (major($dev), minor($dev));
+			$time = time();
+			print MSGHDR "V2\n";
+			print MSGHDR "B$ctencod\n";
+			print MSGHDR "S$sender\n";
+			print MSGHDR "I$maj/$min/$ino\n";
+			print MSGHDR "K$time\n";
+			print MSGHDR "T$time\n";
+			print MSGHDR "D$df\n";
+			print MSGHDR "N1\n";
+			print MSGHDR "MDeferred: manually-requeued bounced message\n";
+			foreach $r (@rcpt) {
+				print MSGHDR "RP:$r\n";
+			}
+			$header =~ s/_FNORD_/\n/g;
+			print MSGHDR $header;
+			print MSGHDR "HMessage-ID: <$messageid@$hostname>\n"
+				if ($messageid =~ /bounce-resender/);
+			print MSGHDR ".\n";
+			close MSGHDR;
+
+			# jump to state waiting for message body
+			$state = "IN_MESSAGE_BODY";
+
+			$dev = $ino = $maj = $min = $r = $time = undef;
+		} elsif (/^--$boundary/) {
+			# signal an error
+			print "$myname: Header without message! Line $lineno qf $qf\n";
+
+			# write to qf anyway (SAME AS ABOVE, SHOULD BE A PROCEDURE)
+			($dev, $ino) = (stat($df))[0 .. 1];
+			($maj, $min) = (major($dev), minor($dev));
+			$time = time();
+			print MSGHDR "V2\n";
+			print MSGHDR "B$ctencod\n";
+			print MSGHDR "S$sender\n";
+			print MSGHDR "I$maj/$min/$ino\n";
+			print MSGHDR "K$time\n";
+			print MSGHDR "T$time\n";
+			print MSGHDR "D$df\n";
+			print MSGHDR "N1\n";
+			print MSGHDR "MDeferred: manually-requeued bounced message\n";
+			foreach $r (@rcpt) {
+				print MSGHDR "RP:$r\n";
+			}
+			$header =~ s/_FNORD_/\n/g;
+			print MSGHDR $header;
+			print MSGHDR "HMessage-ID: <$messageid@$hostname>\n"
+				if ($messageid =~ /bounce-resender/);
+			print MSGHDR ".\n";
+			close MSGHDR;
+
+			# jump to state waiting for next bounce message
+			$state = "WAIT_FOR_FROM";
+
+			$dev = $ino = $maj = $min = $r = $time = undef;
+		} else {
+			# never got here
+			&ignorance();
+		}
+	} elsif ($state eq "IN_MESSAGE_BODY") {
+		if (/^--$boundary/) {
+			print MSGBODY $body;
+			close MSGBODY;
+			$state = "WAIT_FOR_FROM";
+		} else {
+			$body .= $_;
+		}
+	}
+	if ($lineno % 1900 == 0) { &working(); }
+}
+
+close INPUT;
+
+foreach $x (keys %ignored) {
+	print STDERR
+		"$myname: ignored $ignored{$x} lines of bounce spool in state $x\n";
+}
+print STDERR
+	"$myname: processed $lineno lines of input and wrote $ctr messages\n";
+print STDERR
+	"$myname: remember to chown the queue files to root before running:\n";
+chomp($pwd = `pwd`);
+print STDERR "$myname:      # sendmail -q -oQ$pwd -oT99d &\n";
+
+print STDERR "$myname: to test the newly generated queue:\n";
+print STDERR "$myname:      # sendmail -bp -oQ$pwd | more\n";
+
+exit 0;
+
diff --git a/contrib/sendmail/contrib/bsdi.mc b/contrib/sendmail/contrib/bsdi.mc
index 231a7bc..5175a34 100644
--- a/contrib/sendmail/contrib/bsdi.mc
+++ b/contrib/sendmail/contrib/bsdi.mc
@@ -35,7 +35,7 @@ and examples describing most of the common things people need to setup.
 # See /usr/share/sendmail/README for help in building a configuration file.
 #
 include(`../m4/cf.m4')
-VERSIONID(`@(#)$Id$')
+VERSIONID(`@(#)$Id: bsdi.mc,v 8.1 1999/02/06 18:44:08 gshapiro Exp $')
 
 dnl # Specify your OS type below
 OSTYPE(`bsd4.4')
diff --git a/contrib/sendmail/contrib/cidrexpand b/contrib/sendmail/contrib/cidrexpand
new file mode 100755
index 0000000..b61fc2e
--- /dev/null
+++ b/contrib/sendmail/contrib/cidrexpand
@@ -0,0 +1,137 @@
+#!/usr/local/bin/perl -w
+
+# v 0.2-very-very-beta
+#
+# 17 July 2000 Derek J. Balling (dredd@megacity.org)
+#
+# The $SENDMAIL flag tells the code to lump networks in sendmail format
+# if applicable. If this flag is disabled, cidrexpand will literally create
+# a single line for each entry, which may or may not be what you want. :)
+# makes for a rather large hash table...
+#
+# Acts as a preparser on /etc/mail/access_db to allow you to use address/bit
+# notation. Caveat: the address portion MUST be the start address or your
+# results will NOT be what what you want.
+#
+#
+# usage:
+#  cidrexpand < /etc/mail/access | makemap hash /etc/mail/access
+#
+#
+# Report bugs to: dredd@megacity.org
+#
+
+my $spaceregex = '\s+';
+
+while (my $arg = shift @ARGV)
+{
+     if ($arg eq '-t')
+     {
+	$spaceregex = shift;
+     }
+}
+
+use strict;
+
+my $SENDMAIL = 1;
+
+while (<>)
+{
+     my ($left,$right,$space);
+
+     if (! /^(\d+\.){3}\d+\/\d\d?$spaceregex.*/ )
+     {
+	print;
+     }
+     else
+     {
+	($left,$space,$right) = /^((?:\d+\.){3}\d+\/\d\d?)($spaceregex)(.*)$/;
+
+	my @new_lefts = expand_network($left);
+	foreach my $nl (@new_lefts)
+	{
+	    print "$nl$space$right\n";
+	}
+
+     }
+}
+    
+sub expand_network
+{
+     my ($network,$mask) = split /\//, shift;
+     my @diffs = calc_changes($network,$mask);
+     my ($first,$second,$third,$fourth) = split /\./, $network;
+
+     my @rc = ();
+
+     for my $f ($first..($first+$diffs[0]))
+     {
+	if ( ( $SENDMAIL ) and ($diffs[1] == 255))
+	{
+	    push @rc, "$f";
+	}
+	else
+	{
+	    for my $s ($second..($second+$diffs[1]))
+	    {
+		if ( ($SENDMAIL) and ($diffs[2] == 255) )
+		{
+		    push @rc,"$f\.$s";
+		}
+		else
+		{
+		    for my $t ($third..($third+$diffs[2]))
+		    {
+			if ( ($SENDMAIL) and ($diffs[3] == 255))
+			{
+			    push @rc, "$f\.$s\.$t";
+			}
+			else
+			{
+			    for my $fr ($fourth..($fourth+$diffs[3]))
+			    {
+				push @rc, "$f\.$s\.$t\.$fr";
+			    }
+			}
+		    }
+		}
+	    }
+	}
+     }
+     return @rc;
+}
+
+sub calc_changes
+{
+     my ($network,$mask) = @_;
+    
+     my @octs = split /\./, $network;
+    
+     my ($first,$second,$third,$fourth) = (0,0,0,0);
+    
+     my $power = 32 - $mask;
+    
+     if ($mask > 24)
+     {
+	$fourth = 2**$power - 1;
+     }
+     elsif ($mask > 16)
+     {
+	$fourth = 255;
+	$third = 2**($power-8) - 1;
+     }
+     elsif ($mask > 8)
+     {
+	$fourth = 255;
+	$third  = 255;
+	$second = 2**($power-16) - 1;
+     }
+     elsif ($mask > 0)
+     {
+	$fourth = 255;
+	$third = 255;
+	$second = 255;
+	$first = 2**($power-24) - 1;
+     }
+     return ($first,$second,$third,$fourth);
+}
diff --git a/contrib/sendmail/contrib/domainmap.m4 b/contrib/sendmail/contrib/domainmap.m4
new file mode 100644
index 0000000..31d284c
--- /dev/null
+++ b/contrib/sendmail/contrib/domainmap.m4
@@ -0,0 +1,90 @@
+divert(-1)changequote(<<, >>)<<
+-----------------------------------------------------------------------------
+
+                     FEATURE(domainmap) Macro
+                                       
+   The existing virtusertable feature distributed with sendmail is a good
+   basic approach to virtual hosting, but it is missing a few key
+   features:
+
+    1. Ability to have a different map for each domain.
+    2. Ability to perform virtual hosting for domains which are not in $=w.
+    3. Ability to use a centralized network-accessible database (such as
+       PH) which is keyed on username alone (as opposed to the
+       fully-qualified email address).
+
+   The FEATURE(domainmap) macro neatly solves these problems.
+   
+   The basic syntax of the macro is:
+        FEATURE(domainmap, `domain.com', `map definition ...')dnl
+
+   To illustrate how it works, here is an example:
+        FEATURE(domainmap, `foo.com', `dbm -o /etc/mail/foo-users')dnl
+
+   In this example, mail sent to user@foo.com will be rewritten by the
+   domainmap. The username will be looked up in the DBM map
+   /etc/mail/foo-users, which looks like this:
+        jsmith  johnsmith@mailbox.foo.com
+        jdoe    janedoe@sandbox.bar.com
+
+   So mail sent to jsmith@foo.com will be relayed to
+   johnsmith@mailbox.foo.com, and mail sent to jdoe@foo.com will be
+   relayed to janedoe@sandbox.bar.com.
+   
+   The FEATURE(domainmap) Macro supports the user+detail syntax by
+   stripping off the +detail portion before the domainmap lookup and
+   tacking it back on to the result. Using the example above, mail sent
+   to jsmith+sometext@foo.com will be rewritten as
+   johnsmith+sometext@mailbox.foo.com.
+   
+   If one of the elements in the $=w class (i.e., "local" delivery hosts)
+   is a domain specified in a FEATURE(domainmap) entry, you need to use
+   the LOCAL_USER(username) macro to specify the list of users for whom
+   domainmap lookups should not be done.
+
+   To use this macro, simply copy this file into the cf/feature directory
+   in the sendmail source tree.  For more information, please see the
+   following URL:
+
+      http://www-wsg.cso.uiuc.edu/sendmail/patches/domainmap.html
+
+   Feedback is welcome.
+
+                                             Mark D. Roth <roth@uiuc.edu>
+
+-----------------------------------------------------------------------------
+>>changequote(`, ')undivert(-1)divert
+
+ifdef(`_DOMAIN_MAP_',`',`dnl
+LOCAL_RULE_0
+# do mapping for domains where applicable
+R$* $=O $* <@ $={MappedDomain} .>	$@ $>97 $1 $2 $3	Strip extraneous routing
+R$+ <@ $={MappedDomain} .>		$>DomainMapLookup $1 <@ $2 .>	domain mapping
+
+LOCAL_RULESETS
+###########################################################################
+###   Ruleset DomainMapLookup -- special rewriting for mapped domains   ###
+###########################################################################
+
+SDomainMapLookup
+R $=L <@ $=w .>		$@ $1 <@ $2 .>		weed out local users, in case
+#						Cw contains a mapped domain
+R $+ <@ $+ .>		$1 <@ $2 >		strip trailing dot
+R $+ <@ $+ . $+ >	$1 <@ $(dequote $2 "_" $3 $) >
+#						change "." to "_"
+R $+ <@ $+ >		$: $1 <@ $(dequote "domain_" $2 $) >
+#						prepend "domain_"
+R $+ + $+ <@ $*>	$1 <@ $3 > <+> $2	handle user+list syntax
+R $+ <@ $* > $*		$( $2 $1 $: <ERROR> $) $3
+#						do actual domain map lookup
+R <ERROR> $*		$#error $@ 5.1.1 $: "550 email address lookup in domain map failed"
+R $* <TEMP> $*		$#error $@ 4.3.0 $: "450 domain map temporarily unavailable"
+R $+ @ $+ <+> $+	$1 + $3 @ $2		reset original user+list
+R $+ <+> $*		$1			paranoid check - remove <+>
+R $+ @ $+ .		$1 @ $2			strip trailing dot
+R $+ @ $+		$@ $>97 $1 @ $2		recanonify
+define(`_DOMAIN_MAP_',`1')')
+
+LOCAL_CONFIG
+C{MappedDomain} _ARG_
+K `domain_'translit(_ARG_, `.', `_') _ARG2_ -T<TEMP>
diff --git a/contrib/sendmail/contrib/etrn.pl b/contrib/sendmail/contrib/etrn.pl
index 1e2cba9..2dfb58d 100755
--- a/contrib/sendmail/contrib/etrn.pl
+++ b/contrib/sendmail/contrib/etrn.pl
@@ -15,7 +15,7 @@ $sockaddr = 'S n a4 x8';
 # 	must have 'hostname' program.
 
 #############################################################################
-#  Copyright (c) 1996 John T. Beck <john@beck.org>
+#  Copyright (c) 1996-2000 John T. Beck <john@beck.org>
 #  All rights reserved.
 #
 #  Redistribution and use in source and binary forms, with or without
@@ -60,7 +60,7 @@ $0 = "$av0 - running hostname";
 chop($name = `hostname || uname -n`);
 
 $0 = "$av0 - lookup host FQDN and IP addr";
-($hostname,$aliases,$type,$len,$thisaddr) = gethostbyname($name);
+($hostname,$aliases,$type,$len,undef) = gethostbyname($name);
 
 $0 = "$av0 - parsing args";
 $usage = "Usage: $av0 [-wd] host [args]";
@@ -71,12 +71,13 @@ $server = shift(@ARGV);
 @hosts = @ARGV;
 die $usage unless $server;
 @cwfiles = ();
+$alarm_action = "";
 
 if (!@hosts) {
 	push(@hosts,$hostname);
 
 	$0 = "$av0 - parsing sendmail.cf";
-	open(CF, "</etc/sendmail.cf") || die "open /etc/sendmail.cf: $!";
+	open(CF, "</etc/mail/sendmail.cf") || die "open /etc/mail/sendmail.cf: $!";
 	while (<CF>){
 		if (/^Fw.*$/){			# look for a line starting with "Fw"
 			$cwfile = $_;
@@ -125,6 +126,7 @@ $0 = "$av0 - building local socket";
 $0 = "$av0 - gethostbyname($server)";
 
 ($name,$aliases,$type,$len,$thataddr) = gethostbyname($server);
+(!defined($name)) && die "gethostbyname failed, unknown host $server";
 				
 # get a connection
 $0 = "$av0 - socket to $server";
@@ -132,22 +134,24 @@ $that = pack($sockaddr, &AF_INET, $port, $thataddr);
 socket(S, &AF_INET, &SOCK_STREAM, $proto)
 	|| die "socket: $!";
 $0 = "$av0 - connect to $server";
-print "debug = $debug server = $server\n" if $debug > 8;
+print "debug = $debug server = $server\n" if (defined($debug) && $debug > 8);
+&alarm("connect to $server");
 if (! connect(S, $that)) {
-	$0 = "$av0 - $server: could not connect: $!\n";
+	die "cannot connect to $server: $!\n";
 }
+alarm(0);
 select((select(S),$| = 1)[0]); # don't buffer output to S
 
 # read the greeting
 $0 = "$av0 - talking to $server";
-&alarm("greeting with $server",'');
+&alarm("greeting with $server");
 while(<S>) {
 	alarm(0);
 	print if $watch;
 	if (/^(\d+)([- ])/) {
 		if ($1 != 220) {
 			$0 = "$av0 - bad numeric response from $server";
-			&alarm("giving up after bad response from $server",'');
+			&alarm("giving up after bad response from $server");
 			&read_response($2,$watch);
 			alarm(0);
 			print STDERR "$server: NOT 220 greeting: $_"
@@ -160,13 +164,13 @@ while(<S>) {
 			if ($debug || $watch);
 		close(S);
 	}
-	&alarm("greeting with $server",'');
+	&alarm("greeting with $server");
 }
 alarm(0);
 	
 # if this causes problems, remove it
 $0 = "$av0 - sending helo to $server";
-&alarm("sending ehlo to $server","");
+&alarm("sending ehlo to $server");
 &ps("ehlo $hostname");
 $etrn_support = 0;
 while(<S>) {
@@ -180,7 +184,7 @@ alarm(0);
 
 if ($etrn_support){
 	print "ETRN supported\n" if ($debug);
-	&alarm("sending etrn to $server",'');
+	&alarm("sending etrn to $server");
 	while (@hosts) {
 		$server = shift(@hosts);
 		&ps("etrn $server");
@@ -194,7 +198,7 @@ if ($etrn_support){
 	print "\nETRN not supported\n\n"
 }
 
-&alarm("sending 'quit' to $server",'');
+&alarm("sending 'quit' to $server");
 $0 = "$av0 - sending 'quit' to $server";
 &ps("quit");
 while(<S>) {
@@ -217,14 +221,25 @@ sub ps
 
 sub alarm
 {
-	local($alarm_action,$alarm_redirect,$alarm_user) = @_;
-	alarm(3600);
+	($alarm_action) = @_;
+	alarm(10);
 	$SIG{ALRM} = 'handle_alarm';
 }
 
 sub handle_alarm
 {
-	&giveup($alarm_redirect,"Timed out during $alarm_action",$alarm_user);
+	&giveup($alarm_action);
+}
+
+sub giveup
+{
+	local($reason) = @_;
+	local($pk,$file,$line);
+	($pk, $file, $line) = caller;
+
+	$0 = "$av0 - giving up on $server: $reason";
+	print "Timed out during $reason\n" if $debug;
+	exit(1);
 }
 
 # read the rest of the current smtp daemon's response (and toss it away)
@@ -241,9 +256,9 @@ sub read_response
 	return @resp;
 }
 # to pass perl -w:
-@tp;
-$flag_a;
-$flag_d;
+my $x;
+$x=$opt_d;
+$x=$opt_w;
 &handle_alarm;
 ################### BEGIN PERL/TROFF TRANSITION 
 .00 ;	
@@ -300,7 +315,7 @@ it is possible to eliminate bugs.
 .SH ENVIRONMENT
 No enviroment variables are used.
 .SH FILES
-.B /etc/sendmail.cf
+.B /etc/mail/sendmail.cf
 .SH SEE ALSO
 .BR sendmail (8),
 RFC 1985.
diff --git a/contrib/sendmail/contrib/expn.pl b/contrib/sendmail/contrib/expn.pl
index 57f8515..dd777e6 100755
--- a/contrib/sendmail/contrib/expn.pl
+++ b/contrib/sendmail/contrib/expn.pl
@@ -12,7 +12,7 @@ use IO::Socket;
 # system requirements:
 # 	must have 'nslookup' and 'hostname' programs.
 
-# $Header: /home/muir/bin/RCS/expn,v 3.11 1997/09/10 08:14:02 muir Exp muir $
+# $OrigHeader: /home/muir/bin/RCS/expn,v 3.11 1997/09/10 08:14:02 muir Exp muir $
 
 # TODO:
 #	less magic should apply to command-line addresses
diff --git a/contrib/sendmail/contrib/link_hash.sh b/contrib/sendmail/contrib/link_hash.sh
new file mode 100644
index 0000000..e07104d
--- /dev/null
+++ b/contrib/sendmail/contrib/link_hash.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+##
+## Copyright (c) 2000 Sendmail, Inc. and its suppliers.
+##       All rights reserved.
+##
+## $Id: link_hash.sh,v 1.1.2.1 2000/04/25 00:10:47 ca Exp $
+##
+#
+# ln a certificate to its hash
+#
+SSL=openssl
+if test $# -ge 1
+then
+  for i in $@
+  do
+  C=$i.pem
+  test -f $C || C=$i
+  if test -f $C
+  then
+    H=`$SSL x509 -noout -hash < $C`.0
+    if test -h $H -o -f $H
+    then
+      echo link $H to $C exists
+    else
+      ln -s $C $H
+    fi
+  else
+    echo "$0: cannot open $C"
+    exit 2
+  fi
+  done
+else
+  echo "$0: missing name"
+  exit 1
+fi
+exit 0
diff --git a/contrib/sendmail/contrib/movemail.conf b/contrib/sendmail/contrib/movemail.conf
new file mode 100644
index 0000000..17009b8
--- /dev/null
+++ b/contrib/sendmail/contrib/movemail.conf
@@ -0,0 +1,35 @@
+# Configuration script for movemail.pl
+
+my $minutes = 60;
+my $hours = 3600;
+
+# Queue directories first..last
+
+@queues = qw(
+	/var/spool/mqueue/q1
+	/var/spool/mqueue/q2
+	/var/spool/mqueue/q3
+);
+
+# Base of subqueue name (optional).
+# If used, queue directories are $queues[n]/$subqbase*
+# Separate qf/df/xf directories are not supported.
+
+$subqbase = "subq";
+
+# Age of mail when moved.  Each element of the array must be greater than the
+# previous element.
+
+@ages = (
+	30*$minutes,	# q1 to q2
+	6*$hours	# q2 to q3
+);
+
+# Location of script to move the mail
+
+$remqueue = "/usr/local/bin/re-mqueue.pl";
+
+# Lock file to prevent more than one instance running (optional)
+# Useful when running from cron
+
+$lockfile = "/var/spool/mqueue/movemail.lock";
diff --git a/contrib/sendmail/contrib/movemail.pl b/contrib/sendmail/contrib/movemail.pl
new file mode 100755
index 0000000..86bcb20
--- /dev/null
+++ b/contrib/sendmail/contrib/movemail.pl
@@ -0,0 +1,106 @@
+#!/usr/bin/perl -w
+#
+# Move old mail messages between queues by calling re-mqueue.pl.
+#
+# movemail.pl [config-script]
+#
+# Default config script is /usr/local/etc/movemail.conf.
+#
+# Graeme Hewson <graeme.hewson@oracle.com>, June 2000
+#
+
+use strict;
+
+# Load external program as subroutine to avoid
+# compilation overhead on each call
+
+sub loadsub {
+    my $fn = shift
+    	or die "Filename not specified";
+    my $len = (stat($fn))[7]
+    	or die "Can't stat $fn: $!";
+    open PROG, "< $fn"
+    	or die "Can't open $fn: $!";
+    my $prog;
+    read PROG, $prog, $len
+    	or die "Can't read $fn: $!";
+    close PROG;
+    eval join "",
+	'return sub { my @ARGV = @_; $0 = $fn; no strict;',
+    	"$prog",
+	'};';
+}
+
+my $progname = $0;
+my $lastage = -1;
+my $LOCK_EX = 2;
+my $LOCK_NB = 4;
+
+# Load and eval config script
+
+my $conffile = shift || "/usr/local/etc/movemail.conf";
+my $len = (stat($conffile))[7]
+    or die "Can't stat $conffile: $!";
+open CONF, "< $conffile"
+    or die "Can't open $conffile: $!";
+my $conf;
+read CONF, $conf, $len
+    or die "Can't read $conffile: $!";
+close CONF;
+use vars qw(@queues $subqbase @ages $remqueue $lockfile);
+eval $conf;
+
+if ($#queues < 1) {
+    print "$progname: there must be at least two queues\n";
+    exit 1;
+}
+
+if ($#ages != ($#queues - 1)) {
+    print "$progname: wrong number of ages (should be one less than number of queues)\n";
+    exit 1;
+}
+
+# Get lock or exit quietly.  Useful when running from cron.
+
+if ($lockfile) {
+    open LOCK, ">>$lockfile"
+	or die "Can't open lock file: $!";
+    unless (flock LOCK, $LOCK_EX|$LOCK_NB) {
+	close LOCK;
+	exit 0;
+    }
+}
+
+my $remsub = loadsub($remqueue);
+
+# Go through directories in reverse order so as to check spool files only once
+
+for (my $n = $#queues - 1; $n >= 0; $n--) {
+    unless ($ages[$n] =~ /^\d+$/) {
+	print "$progname: invalid number $ages[$n] in ages array\n";
+	exit 1;
+    }
+    unless ($lastage < 0 || $ages[$n] < $lastage) {
+	print "$progname: age $lastage is not > previous value $ages[$n]\n";
+	exit 1;
+    }
+    $lastage = $ages[$n];
+    if ($subqbase) {
+	my $subdir;
+	opendir(DIR, $queues[$n])
+	    or die "Can't open $queues[$n]: $!";
+	foreach $subdir ( grep { /^$subqbase/ } readdir DIR) {
+	    &$remsub("$queues[$n]/$subdir", "$queues[$n+1]/$subdir",
+		$ages[$n]);
+	}
+	closedir(DIR);
+    } else {
+	# Not using subdirectories
+	&$remsub($queues[$n], $queues[$n+1], $ages[$n]);
+    }
+}
+
+if ($lockfile) {
+    unlink $lockfile;
+    close LOCK;
+}
diff --git a/contrib/sendmail/contrib/passwd-to-alias.pl b/contrib/sendmail/contrib/passwd-to-alias.pl
index 05a51b9..24bb7a1 100755
--- a/contrib/sendmail/contrib/passwd-to-alias.pl
+++ b/contrib/sendmail/contrib/passwd-to-alias.pl
@@ -8,22 +8,23 @@
 
 print "# Generated from passwd by $0\n";
 
+$wordpat = '([a-zA-Z]+?[a-zA-Z0-9-]*)?[a-zA-Z0-9]';	# 'DB2'
 while (@a = getpwent) {
     ($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell) = @a;
 
     ($fullname = $gcos) =~ s/,.*$//;
 
-    if (!-d $dir || !-x $shell) {
-	print "$name: root\n";
+    if (!-d $dir || !-x $shell || $shell =~ m!/bin/(false|true)$!) {
+	print "$name: root\n";				# handle pseudo user
     }
 
     $fullname =~ s/\.*[ _]+\.*/./g;
-    $fullname =~ tr [åäöÅÄÖé] [aaoAAOe];  # <hakan@af.lu.se> 1997-06-15
-    if ($fullname =~ /^[a-zA-Z][a-zA-Z-]+(\.[a-zA-Z][a-zA-Z-]+)+$/) {  
-#   if ($fullname =~ /^[a-zA-Z]+(\.[a-zA-Z]+)+$/) {    # Kari E. Hurtta
+    $fullname =~ tr [åäéöüÅÄÖÜ] [aaeouAAOU];  # <hakan@af.lu.se> 1997-06-15
+    next if (!$fullname || lc($fullname) eq $name);	# avoid nonsense
+    if ($fullname =~ /^$wordpat(\.$wordpat)*$/o) {	# Ulrich Windl
 	print "$fullname: $name\n";
     } else {
-	print "# $fullname: $name\n";
+	print "# $fullname: $name\n";			# avoid strange names
     }
 };
 
diff --git a/contrib/sendmail/contrib/qtool.8 b/contrib/sendmail/contrib/qtool.8
new file mode 100644
index 0000000..4d0f1c4
--- /dev/null
+++ b/contrib/sendmail/contrib/qtool.8
@@ -0,0 +1,206 @@
+.\" Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+.\"	 All rights reserved.
+.\"
+.\" By using this file, you agree to the terms and conditions set
+.\" forth in the LICENSE file which can be found at the top level of
+.\" the sendmail distribution.
+.\"
+.\"
+.\"     $Id: qtool.8,v 8.9 1999/08/26 00:04:10 cying Exp $
+.\"
+.TH QTOOL 8 "July 12, 1999"
+.SH NAME
+.B qtool
+\- manipulate sendmail queues
+.SH SYNOPSIS
+.B qtool.pl
+.RB [options] 
+target_directory source [source ...]
+.PP
+.B qtool.pl [-d/-b]
+.RB [options]
+source [source ...]
+.SH DESCRIPTION
+.B Qtool
+moves the queue files used by sendmail between queues. It uses the same
+locking mechanism as sendmail so can be safely used while sendmail is
+running.
+.PP
+With no options,
+.B qtool
+will move any queue files as specified by \fIsource\fP into 
+\fItarget_directory\fP. \fISource\fP can be either an individual 
+queue control file, a queue file id, or a queue directory.
+.PP
+If the -d option is specified, qtool will delete the messages specified by
+source instead of moving them.
+.PP
+If the -b option is specified, the selected messages will be bounced by
+running sendmail with the -OTimeout.queuereturn=now option.
+.SS Options
+.TP  
+\fB\-b\fP
+Bounce all of the messages specified by source. The messages will be bounced
+immediately. No attempt will be made to deliver the messages.
+.TP
+\fB\-d\fP
+Delete all of the messages specified by source.
+.TP  
+\fB\-e\fP \fIperl_expression\fP
+Evalute \fIperl_expression\fP for each queue file as specified 
+by \fIsource\fP. If \fIperl_expression\fP evaluates to true, then that 
+queue file is moved. See below for more detail on \fIperl_expression\fP.
+.TP 
+\fB\-s\fP \fIseconds\fP
+Move only the queue files specified by \fIsource\fP that have a
+modification time older than \fIseconds\fP.
+.SS Perl Expressions
+You can use any valid perl expression. Inside the expression you have
+access to a hash that contains many of the fields in the control file as
+well as some other data about that queued message. The hash is called
+\fI%msg\fP. If a field has multiple values (e.g. 'Recipient'), it will be
+returned as an array, otherwise it will be returned as a scalar. Through
+\fI%msg\fP, you can access the following variables:
+.TP
+\fBauth\fP
+AUTH= parameter.
+.TP
+\fBbody_type\fP
+Body type (\fB8BITMIME\fP, \fB7BIT\fP, or undefined).
+.TP
+\fBbody_last_mod_time\fP
+The last time the body was modified since the epoch in seconds.
+.TP
+\fBbody_size\fP
+The size of the body file in bytes.
+.TP
+\fBcharset\fP
+Character set (for future use).
+.TP
+\fBcontent-length\fP
+Content-Length: header value (Solaris sendmail only).
+.TP
+\fBcontrolling_user\fP
+The controlling user.
+.TP
+\fBcontrol_last_mod_time\fP
+The last time the body was modified since the epoch in seconds.
+.TP
+\fBcontrol_size\fP
+The size of the control file in bytes.
+.TP
+\fBcreation_time\fP
+The time when the control file was created.
+.TP
+\fBdata_file_name\fP
+The data file name (deprecated).
+.TP
+\fBenvid\fP
+Original envelope id form ESMTP.
+.TP
+\fBerror_recipient\fP
+The error recipient (deprecated).
+.TP
+\fBflags\fP
+Array of characters that can be the following values:
+.PD 0
+.RS +8
+.TP 8
+w
+warning message has been sent
+.TP 8
+r
+This is an error respone or DSN
+.TP 8
+8
+has 8 bit data in body
+.TP 8
+b
+delete Bcc: headers
+.TP 8
+d
+envelope has DSN RET= parameter
+.TP 8
+n
+don't return body
+.PD
+.RE
+.TP
+\fBheaders\fP
+This is a Perl hash where the keys are rfc822 field names and the values
+are rfc822 field values. If a field has only one value it will be returned
+as a string. If a field has more than one value (e.g. 'Received') it will
+be returned as a list of strings.
+.TP
+\fBinode_number\fP
+The inode number for the data (body) file.
+.TP
+\fBnext_delivery_time\fP
+Earliest time of next delivery attempt.
+.TP
+\fBnum_delivery_attempts\fP
+Number of delivery attempts that have been made.
+.TP
+\fBmacro\fP
+Defined macro.
+.TP
+\fBmessage\fP
+Envelope status message.
+.TP
+\fBoriginal_recipient\fP
+Original recipient (ORCPT= parameter).
+.TP
+\fBpriority\fP
+Adjusted priority of message.
+.TP
+\fBrecipient\fP
+Array of character flags followed by colon and recipient name. Flags:
+.PD 0
+.RS +8
+.TP 8
+N
+Has NOTIFY= parameter.
+.TP 8
+S
+Success DSN requested.
+.TP 8
+F
+Failure DSN requested.
+.TP 8
+D
+Delay DSN requested.
+.TP 8
+P
+Primary address (not the result of alias/forward expansion).
+.PD
+.RE
+.TP
+\fBsender\fP
+Sender
+.TP
+\fBversion\fP
+Version of control file.
+.SH EXAMPLES
+.TP
+\fBqtool.pl q2 q1\fP
+Moves all of the queue files in queue q1 to queue q2.
+.TP
+\fBqtool.pl q2 q1/d6CLQh100847\fP
+Moves the message with id d6CLQh100847 in queue q1 to queue q2.
+.TP
+\fBqtool.pl q2 q1/qfd6CLQh100847\fP
+Moves the message with id d6CLQh100847 in queue q1 to queue q2.
+.TP
+\fBqtool.pl q2 q1/dfd6CLQh100847\fP
+Moves the message with id d6CLQh100847 in queue q1 to queue q2.
+.TP
+\fBqtool.pl -e '$msg{num_delivery_attempts} == 3' /q2 /q1\fP
+Moves all of the queue files that have had three attempted deliveries from
+queue q1 to queue q2.
+.SH SEE ALSO
+sendmail(8)
+.SH HISTORY
+The
+.B qtool
+command appeared in 
+sendmail 8.10.
diff --git a/contrib/sendmail/contrib/qtool.pl b/contrib/sendmail/contrib/qtool.pl
new file mode 100755
index 0000000..0219fb5
--- /dev/null
+++ b/contrib/sendmail/contrib/qtool.pl
@@ -0,0 +1,1190 @@
+#!/usr/bin/env perl
+##
+## Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+##       All rights reserved.
+##
+## $Id: qtool.pl,v 8.15.16.1 2000/04/25 03:44:31 gshapiro Exp $
+##
+use strict;
+use File::Basename;
+use File::Copy;
+use File::Spec;
+use Fcntl qw(:flock :DEFAULT);
+use Getopt::Std;
+
+##
+## QTOOL
+##	This program is for moving files between sendmail queues. It is
+## pretty similar to just moving the files manually, but it locks the files
+## the same way sendmail does to prevent problems. 
+##
+## 	The syntax is the reverse of mv (ie. the target argument comes
+## first). This lets you pick the files you want to move using find and
+## xargs.
+##
+## 	Since you cannot delete queues while sendmail is running, QTOOL
+## assumes that when you specify a directory as a source, you mean that you
+## want all of the queue files within that directory moved, not the 
+## directory itself.
+##
+##	There is a mechanism for adding conditionals for moving the files.
+## Just create an Object with a check_move(source, dest) method and add it 
+## to the $conditions object. See the handling of the '-s' option for an
+## example.
+##
+
+##
+## OPTION NOTES
+##
+## The -e option:
+##	The -e option takes any valid perl expression and evaluates it
+##	using the eval() function. Inside the expression the variable 
+##	'$msg' is bound to the ControlFile object for the current source
+##	queue message. This lets you check for any value in the message
+##	headers or the control file. Here's an example:
+##
+##      ./qtool.pl -e '$msg->{num_delivery_attempts} >= 2' /q1 /q2
+##
+##	This would move any queue files whose number of delivery attempts
+##	is greater than or equal to 2 from the queue 'q2' to the queue 'q1'.
+##
+##	See the function ControlFile::parse for a list of available
+##	variables.
+##
+
+my %opts;
+my %sources;
+my $dst_name;
+my $destination;
+my $source_name;
+my $source;
+my $result;
+my $action;
+my $new_condition;
+my $conditions = new Compound();
+
+Getopt::Std::getopts('bde:s:', \%opts);
+
+sub move_action
+{
+	my $source = shift;
+	my $destination = shift;
+
+	$result = $destination->add($source);
+	if ($result)
+	{
+		print("$result.\n");
+	}
+}
+
+sub delete_action
+{
+	my $source = shift;
+
+	return $source->delete();
+}
+
+sub bounce_action
+{
+	my $source = shift;
+
+	return $source->bounce();
+}
+
+$action = \&move_action;
+if (defined $opts{d})
+{
+	$action = \&delete_action;
+}
+elsif (defined $opts{b})
+{
+	$action = \&bounce_action;
+}
+
+if (defined $opts{s})
+{
+	$new_condition = new OlderThan($opts{s});
+	$conditions->add($new_condition);
+}
+
+if (defined $opts{e})
+{
+	$new_condition = new Eval($opts{e});
+	$conditions->add($new_condition);
+}
+
+if ($action == \&move_action)
+{
+	$dst_name = shift(@ARGV);
+	if (!-d $dst_name)
+	{
+		print("The destination '$dst_name' must be an existing " .
+		      "directory.\n");
+		usage();
+		exit;
+	}
+	$destination = new Queue($dst_name);
+}
+
+while (@ARGV)
+{
+	$source_name = shift(@ARGV);
+	$result = add_source(\%sources, $source_name);
+	if ($result)
+	{
+		print("$result.\n");
+	}
+}
+
+if (keys(%sources) == 0)
+{
+	print("You must at least specify at least one source.\n");
+	usage();
+	exit;
+}
+
+while (($source_name, $source) = each(%sources))
+{
+	$result = $conditions->check_move($source, $destination);
+	if ($result)
+	{
+		$result = &{$action}($source, $destination);
+		if ($result)
+		{
+			print("$result\n");
+		}
+	}
+}
+
+sub usage
+{
+	print("Usage: $0 [options] directory source ...\n");
+	print("       $0 [-d|-b] source ...\n");
+	print("options:\n");
+	print("    -b                   Bounce the messages specified by source.\n");
+	print("    -d                   Delete the messages specified by source.\n");
+	print("    -e [perl expression] Move only messages for which perl expression returns true.\n");
+	print("    -s [seconds]         Move only messages older than seconds.\n");
+}
+
+##
+## ADD_SOURCE -- Adds a source to the source hash.
+##
+##	Determines whether source is a file, directory, or id. Then it 
+##	creates a QueuedMessage or Queue for that source and adds it to the
+##	list.
+##
+##	Parameters:
+##		sources -- A hash that contains all of the sources.
+##		source_name -- The name of the source to add
+##
+##	Returns:
+##		error_string -- Undef if ok. Error string otherwise.
+##
+##	Notes:
+##		If a new source comes in with the same ID as a previous 
+##		source, the previous source gets overwritten in the sources
+##		hash. This lets the user specify things like * and it still
+##		works nicely.
+##
+
+sub add_source
+{
+	my $sources = shift;
+	my $source_name = shift;
+	my $source_base_name;
+	my $source_dir_name;
+	my $data_dir_name;
+	my $source_id;
+	my $source_prefix;
+	my $queued_message;
+	my $queue;
+	my $result;
+
+	($source_base_name, $source_dir_name) = File::Basename::fileparse($source_name);
+	$data_dir_name = $source_dir_name;
+
+	$source_prefix = substr($source_base_name, 0, 2);
+	if (!-d $source_name && $source_prefix ne 'qf' && 
+	    $source_prefix ne 'df')
+	{
+		$source_base_name = "qf$source_base_name";
+		$source_name = File::Spec->catfile("$source_dir_name", 
+						   "$source_base_name");
+	}
+	$source_id = substr($source_base_name, 2);
+
+	if (!-e $source_name)
+	{
+		$source_name = File::Spec->catfile("$source_dir_name", "qf",
+						   "qf$source_id");
+		if (!-e $source_name)
+		{
+			return "'$source_name' does not exist";
+		}
+		$data_dir_name = File::Spec->catfile("$source_dir_name", "df");
+		$source_dir_name = File::Spec->catfile("$source_dir_name", 
+						       "qf");
+	}
+
+	if (-f $source_name)
+	{
+		$queued_message = new QueuedMessage($source_dir_name, 
+						    $source_id,
+						    $data_dir_name);
+		$sources->{$source_id} = $queued_message;
+		return undef;
+	}
+
+	if (!-d $source_name)
+	{
+		return "'$source_name' is not a plain file or a directory";
+	}
+
+	$queue = new Queue($source_name);
+	$result = $queue->read();
+	if ($result)
+	{
+		return $result;
+	}
+
+	while (($source_id, $queued_message) = each(%{$queue->{files}}))
+	{
+		$sources->{$source_id} = $queued_message;
+	}
+
+	return undef;
+}
+
+##
+## LOCK_FILE -- Opens and then locks a file.
+##
+## 	Opens a file for read/write and uses flock to obtain a lock on the
+##	file. The flock is Perl's flock which defaults to flock on systems
+##	that support it. On systems without flock it falls back to fcntl
+##	locking.
+##
+##	Parameters:
+##		file_name -- The name of the file to open and lock.
+##
+##	Returns:
+##		(file_handle, error_string) -- If everything works then
+##			file_handle is a reference to a file handle and
+##			error_string is undef. If there is a problem then 
+##			file_handle is undef and error_string is a string
+##			explaining the problem.
+##
+
+sub lock_file
+{
+	my $file_name = shift;
+	my $result;
+
+	$result = sysopen(FILE_TO_LOCK, $file_name, Fcntl::O_RDWR);
+	if (!$result)
+	{
+		return (undef, "Unable to open '$file_name': $!");
+	}
+
+	$result = flock(FILE_TO_LOCK, Fcntl::LOCK_EX | Fcntl::LOCK_NB);
+	if (!$result)
+	{
+		return (undef, "Could not obtain lock on '$file_name': $!");
+	}
+
+	return (\*FILE_TO_LOCK, undef);
+}
+
+##
+## UNLOCK_FILE -- Unlocks a file.
+##
+## 	Unlocks a file using Perl's flock.
+##
+##	Parameters:
+##		file -- A file handle.
+##
+##	Returns:
+##		error_string -- If undef then no problem. Otherwise it is a 
+##			string that explains problem.
+##
+
+sub unlock_file
+{
+	my $file = shift;
+	my $result;
+
+	$result = flock($file, Fcntl::LOCK_UN);
+	if (!$result)
+	{
+		return "Unlock failed on '$result': $!";
+	}
+
+	return undef;
+}
+
+##
+## MOVE_FILE -- Moves a file.
+##
+##	Moves a file.
+##
+##	Parameters:
+##		src_name -- The name of the file to be move.
+##		dst_nome -- The name of the place to move it to.
+##
+##	Returns:
+##		error_string -- If undef then no problem. Otherwise it is a 
+##			string that explains problem.
+##
+
+sub move_file
+{
+	my $src_name = shift;
+	my $dst_name = shift;
+	my $result;
+
+	$result = File::Copy::move($src_name, $dst_name);
+	if (!$result)
+	{
+		return "File move from '$src_name' to '$dst_name' failed: $!";
+	}
+
+	return undef;
+}
+
+
+##
+## CONTROL_FILE - Represents a sendmail queue control file.
+##
+##	This object represents represents a sendmail queue control file.
+##	It can parse and lock its file.
+##
+
+
+package ControlFile;
+
+sub new
+{
+	my $this = shift;
+	my $class = ref($this) || $this;
+	my $self = {};
+	bless $self, $class;
+	$self->initialize(@_);
+	return $self;
+}
+
+sub initialize
+{
+	my $self = shift;
+	my $queue_dir = shift;
+	$self->{id} = shift;
+
+	$self->{file_name} = $queue_dir . '/qf' . $self->{id};
+	$self->{headers} = {};
+}
+
+##
+## PARSE - Parses the control file.
+##
+##	Parses the control file. It just sticks each entry into a hash.
+##	If a key has more than one entry, then it points to a list of
+##	entries.
+##
+
+sub parse
+{
+	my $self = shift;
+	if ($self->{parsed})
+	{
+		return;
+	}
+	my %parse_table = 
+	(
+		'A' => 'auth',
+		'B' => 'body_type',
+		'C' => 'controlling_user',
+		'D' => 'data_file_name',
+		'E' => 'error_recipient',
+		'F' => 'flags',
+		'H' => 'parse_header',
+		'I' => 'inode_number',
+		'K' => 'next_delivery_time',
+		'L' => 'content-length',
+		'M' => 'message',
+		'N' => 'num_delivery_attempts',
+		'P' => 'priority',
+		'Q' => 'original_recipient',
+		'R' => 'recipient',
+		'S' => 'sender',
+		'T' => 'creation_time',
+		'V' => 'version',
+		'X' => 'charset',
+		'Z' => 'envid',
+		'$' => 'macro'
+	);
+	my $line;
+	my $line_type;
+	my $line_value;
+	my $member_name;
+	my $member;
+	my $last_type;
+
+	open(CONTROL_FILE, "$self->{file_name}");
+	while ($line = <CONTROL_FILE>)
+	{
+		$line_type = substr($line, 0, 1);
+		if ($line_type eq "\t" && $last_type eq 'H')
+		{
+			$line_type = 'H';
+			$line_value = $line;
+		}
+		else
+		{
+			$line_value = substr($line, 1);
+		}
+		$member_name = $parse_table{$line_type};
+		$last_type = $line_type;
+		if (!$member_name)
+		{
+			$member_name = 'unknown';
+		}
+		if ($self->can($member_name))
+		{
+			$self->$member_name($line_value);
+		}
+		$member = $self->{$member_name};
+		if (!$member)
+		{
+			$self->{$member_name} = $line_value;
+			next;
+		}
+		if (ref($member) eq 'ARRAY')
+		{
+			push(@{$member}, $line_value);
+			next;
+		}
+		$self->{$member_name} = [$member, $line_value];
+	}
+	close(CONTROL_FILE);
+
+	$self->{parsed} = 1;
+}
+
+sub parse_header
+{
+	my $self = shift;
+	my $line = shift;
+	my $headers = $self->{headers};
+	my $last_header = $self->{last_header};
+	my $header_name;
+	my $header_value;
+	my $first_char;
+
+	$first_char = substr($line, 0, 1);
+	if ($first_char eq "?")
+	{
+		$line = substr($line, 3);
+	}
+	elsif ($first_char eq "\t")
+	{
+	 	if (ref($headers->{$last_header}) eq 'ARRAY')
+		{
+			$headers->{$last_header}[-1] = 
+				$headers->{$last_header}[-1] .  $line;
+		}
+		else
+		{
+			$headers->{$last_header} = $headers->{$last_header} . 
+						   $line;
+		}
+		return;
+	}
+	($header_name, $header_value) = split(/:/, $line, 2);
+	$self->{last_header} = $header_name;
+	if (exists $headers->{$header_name})
+	{
+		$headers->{$header_name} = [$headers->{$header_name}, 
+					    $header_value];
+	}
+	else
+	{
+		$headers->{$header_name} = $header_value;
+	}
+}
+
+sub is_locked
+{
+	my $self = shift;
+
+	return (defined $self->{lock_handle});
+}
+
+sub lock
+{
+	my $self = shift;
+	my $lock_handle;
+	my $result;
+
+	if ($self->is_locked())
+	{
+		# Already locked
+		return undef;
+	}
+
+	($lock_handle, $result) = ::lock_file($self->{file_name});
+	if (!$lock_handle)
+	{
+		return $result;
+	}
+
+	$self->{lock_handle} = $lock_handle;
+
+	return undef;
+}
+
+sub unlock
+{
+	my $self = shift;
+	my $result;
+
+	if (!$self->is_locked())
+	{
+		# Not locked
+		return undef;
+	}
+
+	$result = ::unlock_file($self->{lock_handle});
+
+	$self->{lock_handle} = undef;
+
+	return $result;
+}
+
+sub do_stat
+{
+	my $self = shift;
+	my $result;
+	my @result;
+
+	$result = open(QUEUE_FILE, $self->{file_name});
+	if (!$result)
+	{
+		return "Unable to open '$self->{file_name}': $!";
+	}
+	@result = stat(QUEUE_FILE);
+	if (!@result)
+	{
+		return "Unable to stat '$self->{file_name}': $!";
+	}
+	$self->{control_size} = $result[7];
+	$self->{control_last_mod_time} = $result[9];
+}
+
+sub DESTROY
+{
+	my $self = shift;
+
+	$self->unlock();
+}
+
+sub delete
+{
+	my $self = shift;
+	my $result;
+
+	$result = unlink($self->{file_name});
+	if (!$result)
+	{
+		return "Unable to delete $self->{file_name}: $!";
+	}
+	return undef;
+}
+
+
+##
+## DATA_FILE - Represents a sendmail queue data file.
+##
+##	This object represents represents a sendmail queue data file.
+##	It is really just a place-holder.
+##
+
+package DataFile;
+
+sub new
+{
+	my $this = shift;
+	my $class = ref($this) || $this;
+	my $self = {};
+	bless $self, $class;
+	$self->initialize(@_);
+	return $self;
+}
+
+sub initialize
+{
+	my $self = shift;
+	my $queue_dir = shift;
+	$self->{id} = shift;
+
+	$self->{file_name} = $queue_dir . '/df' . $self->{id};
+}
+
+sub do_stat
+{
+	my $self = shift;
+	my $result;
+	my @result;
+
+	$result = open(QUEUE_FILE, $self->{file_name});
+	if (!$result)
+	{
+		return "Unable to open '$self->{file_name}': $!";
+	}
+	@result = stat(QUEUE_FILE);
+	if (!@result)
+	{
+		return "Unable to stat '$self->{file_name}': $!";
+	}
+	$self->{body_size} = $result[7];
+	$self->{body_last_mod_time} = $result[9];
+}
+
+sub delete
+{
+	my $self = shift;
+	my $result;
+
+	$result = unlink($self->{file_name});
+	if (!$result)
+	{
+		return "Unable to delete $self->{file_name}: $!";
+	}
+	return undef;
+}
+
+
+##
+## QUEUED_MESSAGE - Represents a queued sendmail message.
+##
+##	This keeps track of the files that make up a queued sendmail 
+##	message.
+##	Currently it has 'control_file' and 'data_file' as members.
+##
+##	You can tie it to a fetch only hash using tie. You need to
+##	pass a reference to a QueuedMessage as the third argument
+##	to tie.
+##
+
+package QueuedMessage;
+
+sub new
+{
+	my $this = shift;
+	my $class = ref($this) || $this;
+	my $self = {};
+	bless $self, $class;
+	$self->initialize(@_);
+	return $self;
+}
+
+sub initialize
+{
+	my $self = shift;
+	my $queue_dir = shift;
+	my $id = shift;
+	my $data_dir = shift;
+
+	$self->{id} = $id;
+	$self->{control_file} = new ControlFile($queue_dir, $id);
+	if ($data_dir)
+	{
+		$self->{data_file} = new DataFile($data_dir, $id);
+	}
+	else
+	{
+		$self->{data_file} = new DataFile($queue_dir, $id);
+	}
+}
+
+sub last_modified_time
+{
+	my $self = shift;
+	my @result;
+	@result = stat($self->{data_file}->{file_name});
+	return $result[9];
+}
+
+sub TIEHASH
+{
+	my $this = shift;
+	my $class = ref($this) || $this;
+	my $self = shift;
+	return $self;
+}
+
+sub FETCH
+{
+	my $self = shift;
+	my $key = shift;
+
+	if (exists $self->{control_file}->{$key})
+	{
+		return $self->{control_file}->{$key};
+	}
+	if (exists $self->{data_file}->{$key})
+	{
+		return $self->{data_file}->{$key};
+	}
+
+	return undef;
+}
+
+sub lock
+{
+	my $self = shift;
+
+	return $self->{control_file}->lock();
+}
+
+sub unlock
+{
+	my $self = shift;
+
+	return $self->{control_file}->unlock();
+}
+
+sub move
+{
+	my $self = shift;
+	my $destination = shift;
+	my $df_dest;
+	my $qf_dest;
+	my $result;
+
+	$result = $self->lock();
+	if ($result)
+	{
+		return $result;
+	}
+
+	$qf_dest = File::Spec->catfile($destination, "qf");
+	if (-d $qf_dest)
+	{
+		$df_dest = File::Spec->catfile($destination, "df");
+		if (!-d $df_dest)
+		{
+			$df_dest = $destination;
+		}
+	}
+	else
+	{
+		$qf_dest = $destination;
+		$df_dest = $destination;
+	}
+
+	if (-e File::Spec->catfile($qf_dest, "qf$self->{id}"))
+	{
+		$result = "There is already a queued message with id '$self->{id}' in '$destination'";
+	}
+
+	if (!$result)
+	{
+		$result = ::move_file($self->{data_file}->{file_name}, 
+				      $df_dest);
+	}
+
+	if (!$result)
+	{
+		$result = ::move_file($self->{control_file}->{file_name}, 
+				      $qf_dest);
+	}
+
+	$self->unlock();
+
+	return $result;
+}
+
+sub parse
+{
+	my $self = shift;
+
+	return $self->{control_file}->parse();
+}
+
+sub do_stat
+{
+	my $self = shift;
+
+	$self->{control_file}->do_stat();
+	$self->{data_file}->do_stat();
+}
+
+sub setup_vars
+{
+	my $self = shift;
+
+	$self->parse();
+	$self->do_stat();
+}
+
+sub delete
+{
+	my $self = shift;
+	my $result;
+
+	$result = $self->{control_file}->delete();
+	if ($result)
+	{
+		return $result;
+	}
+	$result = $self->{data_file}->delete();
+	if ($result)
+	{
+		return $result;
+	}
+
+	return undef;
+}
+
+sub bounce
+{
+	my $self = shift;
+	my $command;
+
+	$command = "sendmail -qI$self->{id} -O Timeout.queuereturn=now";
+#	print("$command\n");
+	system($command);
+}
+
+##
+## QUEUE - Represents a queued sendmail queue.
+##
+##	This manages all of the messages in a queue.
+##
+
+package Queue;
+
+sub new
+{
+	my $this = shift;
+	my $class = ref($this) || $this;
+	my $self = {};
+	bless $self, $class;
+	$self->initialize(@_);
+	return $self;
+}
+
+sub initialize
+{
+	my $self = shift;
+
+	$self->{queue_dir} = shift;
+	$self->{files} = {};
+}
+
+##
+## READ - Loads the queue with all of the objects that reside in it.
+##
+##	This reads the queue's directory and creates QueuedMessage objects
+## 	for every file in the queue that starts with 'qf'.
+##
+
+sub read
+{
+	my $self = shift;
+	my @control_files;
+	my $queued_message;
+	my $file_name;
+	my $id;
+	my $result;
+	my $control_dir;
+	my $data_dir;
+
+	$control_dir = File::Spec->catfile($self->{queue_dir}, 'qf');
+
+	if (-e $control_dir)
+	{
+		$data_dir = File::Spec->catfile($self->{queue_dir}, 'df');
+		if (!-e $data_dir)
+		{
+			$data_dir = $self->{queue_dir};
+		}
+	}
+	else
+	{
+		$data_dir = $self->{queue_dir};
+		$control_dir = $self->{queue_dir};
+	}
+
+	$result = opendir(QUEUE_DIR, $control_dir);
+	if (!$result)
+	{
+		return "Unable to open directory '$control_dir'";
+	}
+
+	@control_files = grep { /^qf.*/ && -f "$control_dir/$_" } readdir(QUEUE_DIR);
+	closedir(QUEUE_DIR);
+	foreach $file_name (@control_files)
+	{
+		$id = substr($file_name, 2);
+		$queued_message = new QueuedMessage($control_dir, $id, 
+						    $data_dir);
+		$self->{files}->{$id} = $queued_message;
+	}
+
+	return undef;
+}
+
+
+##
+## ADD_QUEUED_MESSAGE - Adds a QueuedMessage to this Queue.
+##
+##	Adds the QueuedMessage object to the hash and moves the files
+##	associated with the QueuedMessage to this Queue's directory.
+##
+
+sub add_queued_message
+{
+	my $self = shift;
+	my $queued_message = shift;
+	my $result;
+
+	$result = $queued_message->move($self->{queue_dir});
+	if ($result)
+	{
+		return $result;
+	}
+
+	$self->{files}->{$queued_message->{id}} = $queued_message;
+
+	return $result;
+}
+
+##
+## ADD_QUEUE - Adds another Queue's QueuedMessages to this Queue.
+##
+##	Adds all of the QueuedMessage objects in the passed in queue
+##	to this queue.
+##
+
+sub add_queue
+{
+	my $self = shift;
+	my $queue = shift;
+	my $id;
+	my $queued_message;
+	my $result;
+
+	while (($id, $queued_message) = each %{$queue->{files}})
+	{
+		$result = $self->add_queued_message($queued_message);
+		if ($result)
+		{
+			print("$result.\n");
+		}
+	}
+}
+
+##
+## ADD - Adds an item to this queue.
+##
+##	Adds either a Queue or a QueuedMessage to this Queue.
+##
+
+sub add
+{
+	my $self = shift;
+	my $source = shift;
+	my $type_name;
+	my $result;
+
+	$type_name = ref($source);
+
+	if ($type_name eq "QueuedMessage")
+	{
+		return $self->add_queued_message($source);
+	}
+
+	if ($type_name eq "Queue")
+	{
+		return $self->add_queue($source);
+	}
+
+	return "Queue does not know how to add a '$type_name'"
+}
+
+sub delete
+{
+	my $self = shift;
+	my $id;
+	my $queued_message;
+
+	while (($id, $queued_message) = each %{$self->{files}})
+	{
+		$result = $queued_message->delete();
+		if ($result)
+		{
+			print("$result.\n");
+		}
+	}
+}
+
+sub bounce
+{
+	my $self = shift;
+	my $id;
+	my $queued_message;
+
+	while (($id, $queued_message) = each %{$self->{files}})
+	{
+		$result = $queued_message->bounce();
+		if ($result)
+		{
+			print("$result.\n");
+		}
+	}
+}
+
+##
+## Condition Class
+##
+## 	This next section is for any class that has an interface called 
+##	check_move(source, dest). Each class represents some condition to
+##	check for to determine whether we should move the file from 
+##	source to dest.
+##
+
+
+##
+## OlderThan
+##
+##	This Condition Class checks the modification time of the
+##	source file and returns true if the file's modification time is
+##	older than the number of seconds the class was initialzed with.
+##
+
+package OlderThan;
+
+sub new
+{
+	my $this = shift;
+	my $class = ref($this) || $this;
+	my $self = {};
+	bless $self, $class;
+	$self->initialize(@_);
+	return $self;
+}
+
+sub initialize
+{
+	my $self = shift;
+
+	$self->{age_in_seconds} = shift;
+}
+
+sub check_move
+{
+	my $self = shift;
+	my $source = shift;
+
+	if ((time() - $source->last_modified_time()) > $self->{age_in_seconds})
+	{
+		return 1;
+	}
+
+	return 0;
+}
+
+##
+## Compound
+##
+##	Takes a list of Move Condition Classes. Check_move returns true
+##	if every Condition Class in the list's check_move function returns
+##	true.
+##
+
+package Compound;
+
+sub new
+{
+	my $this = shift;
+	my $class = ref($this) || $this;
+	my $self = {};
+	bless $self, $class;
+	$self->initialize(@_);
+	return $self;
+}
+
+sub initialize
+{
+	my $self = shift;
+
+	$self->{condition_list} = [];
+}
+
+sub add
+{
+	my $self = shift;
+	my $new_condition = shift;
+
+	push(@{$self->{condition_list}}, $new_condition);
+}
+
+sub check_move
+{
+	my $self = shift;
+	my $source = shift;
+	my $dest = shift;
+	my $condition;
+	my $result;
+
+	foreach $condition (@{$self->{condition_list}})
+	{
+		if (!$condition->check_move($source, $dest))
+		{
+			return 0;
+		}
+	}
+	
+	return 1;
+}
+
+##
+## Eval
+##
+##	Takes a perl expression and evaluates it. The ControlFile object
+##	for the source QueuedMessage is avaliable through the name '$msg'.
+##
+
+package Eval;
+
+sub new
+{
+	my $this = shift;
+	my $class = ref($this) || $this;
+	my $self = {};
+	bless $self, $class;
+	$self->initialize(@_);
+	return $self;
+}
+
+sub initialize
+{
+	my $self = shift;
+
+	$self->{expression} = shift;
+}
+
+sub check_move
+{
+	my $self = shift;
+	my $source = shift;
+	my $dest = shift;
+	my $result;
+	my %msg;
+
+	$source->setup_vars();
+	tie(%msg, 'QueuedMessage', $source);
+	$result = eval($self->{expression});
+
+	return $result;
+}
diff --git a/contrib/sendmail/contrib/re-mqueue.pl b/contrib/sendmail/contrib/re-mqueue.pl
index 61aef43..9f8d819 100644
--- a/contrib/sendmail/contrib/re-mqueue.pl
+++ b/contrib/sendmail/contrib/re-mqueue.pl
@@ -84,9 +84,28 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# @(#)$Id: re-mqueue,v 1.3 1995/05/25 18:14:53 p-pomes Exp $
+# @(#)$OrigId: re-mqueue,v 1.3 1995/05/25 18:14:53 p-pomes Exp $
+#
+# Updated by Graeme Hewson <ghewson@uk.oracle.com> May 1999
+#
+#	'use Sys::Syslog' for Perl 5
+#	Move transcript (xf) files if they exist
+#	Allow zero-length df files (empty message body)
+#	Preserve $! for error messages
+#
+# Updated by Graeme Hewson <ghewson@uk.oracle.com> April 2000
+#
+#	Improve handling of race between re-mqueue and sendmail
+#
+# Updated by Graeme Hewson <graeme.hewson@oracle.com> June 2000
+#
+#	Don't exit(0) at end so can be called as subroutine
+#
+# NB This program can't handle separate qf/df/xf subdirectories
+# as introduced in sendmail 8.10.0.
+#
 
-require "syslog.pl";
+use Sys::Syslog;
 
 $LOCK_EX = 2;
 $LOCK_NB = 4;
@@ -126,19 +145,19 @@ $now = time();
 while ($dfile = pop(@dfiles)) {
     print "Checking $dfile\n" if ($debug);
     ($qfile = $dfile) =~ s/^d/q/;
+    ($xfile = $dfile) =~ s/^d/x/;
     ($mfile = $dfile) =~ s/^df//;
-    if (! -e $dfile || -z $dfile) {
-	print "$dfile is gone or zero bytes - skipping\n" if ($debug);
-	next;
-    }
     if (! -e $qfile || -z $qfile) {
 	print "$qfile is gone or zero bytes - skipping\n" if ($debug);
 	next;
     }
 
-    $mtime = $now;
     ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,
      $atime,$mtime,$ctime,$blksize,$blocks) = stat($dfile);
+    if (! defined $mtime) {
+	print "$dfile is gone - skipping\n" if ($debug);
+	next;
+    }
 
     # Compare timestamps
     if (($mtime + $age) > $now) {
@@ -155,6 +174,10 @@ while ($dfile = pop(@dfiles)) {
 	print "$queueb/$qfile already exists - skipping\n" if ($debug);
 	next;
     }
+    if (-e "$queueB/$xfile") {
+	print "$queueb/$xfile already exists - skipping\n" if ($debug);
+	next;
+    }
 
     # Try and lock qf* file
     unless (open(QF, ">>$qfile")) {
@@ -169,35 +192,67 @@ while ($dfile = pop(@dfiles)) {
     }
     print "$qfile now flock()ed\n" if ($debug);
 
+    # Check df* file again in case sendmail got in
+    if (! -e $dfile) {
+	print "$mfile sent - skipping\n" if ($debug);
+	# qf* file created by ourselves at open? (Almost certainly)
+	if (-z $qfile) {
+	   unlink($qfile);
+	}
+	close(QF);
+	next;
+    }
+
     # Show time!  Do the link()s
     if (link("$dfile", "$queueB/$dfile") == 0) {
-	&syslog('err', 'link(%s, %s/%s): %m', $dfile, $queueB, $dfile);
-	print STDERR "$0: link($dfile, $queueB/$dfile): $!\n";
+	$bang = $!;
+	&syslog('err', 'link(%s, %s/%s): %s', $dfile, $queueB, $dfile, $bang);
+	print STDERR "$0: link($dfile, $queueB/$dfile): $bang\n";
 	exit (1);
     }
     if (link("$qfile", "$queueB/$qfile") == 0) {
-	&syslog('err', 'link(%s, %s/%s): %m', $qfile, $queueB, $qfile);
-	print STDERR "$0: link($qfile, $queueB/$qfile): $!\n";
+	$bang = $!;
+	&syslog('err', 'link(%s, %s/%s): %s', $qfile, $queueB, $qfile, $bang);
+	print STDERR "$0: link($qfile, $queueB/$qfile): $bang\n";
 	unlink("$queueB/$dfile");
 	exit (1);
     }
+    if (-e "$xfile") {
+	if (link("$xfile", "$queueB/$xfile") == 0) {
+	    $bang = $!;
+	    &syslog('err', 'link(%s, %s/%s): %s', $xfile, $queueB, $xfile, $bang);
+	    print STDERR "$0: link($xfile, $queueB/$xfile): $bang\n";
+	    unlink("$queueB/$dfile");
+	    unlink("$queueB/$qfile");
+	    exit (1);
+	}
+    }
 
     # Links created successfully.  Unlink the original files, release the
     # lock, and close the file.
     print "links ok\n" if ($debug);
     if (unlink($qfile) == 0) {
-	&syslog('err', 'unlink(%s): %m', $qfile);
-	print STDERR "$0: unlink($qfile): $!\n";
+	$bang = $!;
+	&syslog('err', 'unlink(%s): %s', $qfile, $bang);
+	print STDERR "$0: unlink($qfile): $bang\n";
 	exit (1);
     }
     if (unlink($dfile) == 0) {
-	&syslog('err', 'unlink(%s): %m', $dfile);
-	print STDERR "$0: unlink($dfile): $!\n";
+	$bang = $!;
+	&syslog('err', 'unlink(%s): %s', $dfile, $bang);
+	print STDERR "$0: unlink($dfile): $bang\n";
 	exit (1);
     }
+    if (-e "$xfile") {
+	if (unlink($xfile) == 0) {
+	    $bang = $!;
+	    &syslog('err', 'unlink(%s): %s', $xfile, $bang);
+	    print STDERR "$0: unlink($xfile): $bang\n";
+	    exit (1);
+	}
+    }
     flock(QF, $LOCK_UN);
     close(QF);
     &syslog('info', '%s moved to %s', $mfile, $queueB);
     print "Done with $dfile $qfile\n\n" if ($debug);
 }
-exit 0;
diff --git a/contrib/sendmail/contrib/smcontrol.pl b/contrib/sendmail/contrib/smcontrol.pl
index b5ef1f8..3ecfee1 100755
--- a/contrib/sendmail/contrib/smcontrol.pl
+++ b/contrib/sendmail/contrib/smcontrol.pl
@@ -21,7 +21,7 @@ sub get_controlname
 	my $cn = undef;
 	my $qd = undef;
  
-	open(CF, "</etc/sendmail.cf") or return $cn;
+	open(CF, "</etc/mail/sendmail.cf") or return $cn;
 	while (<CF>)
 	{
 		chomp;
@@ -162,7 +162,7 @@ sub munge_status
 	my $cooked = "";
 	my $daemonStatus = "";
 
-	if ($raw =~ /^(\d+)\/(\d+)$/mg)
+	if ($raw =~ /^(\d+)\/(\d+)\/(\d+)\/(\d+)/mg)
 	{
 		$cooked .= "Current number of children: $1";
 		if ($2 > 0)
@@ -170,6 +170,8 @@ sub munge_status
 			$cooked .= " (maximum $2)";
 		}
 		$cooked .= "\n";
+		$cooked .= "QueueDir free disk space (in blocks): $3\n";
+		$cooked .= "Load average: $4\n";
 	}
 	while ($raw =~ /^(\d+) (.*)$/mg)
 	{
diff --git a/contrib/sendmail/doc/op/Makefile b/contrib/sendmail/doc/op/Makefile
index 0d86e91..3819f18 100644
--- a/contrib/sendmail/doc/op/Makefile
+++ b/contrib/sendmail/doc/op/Makefile
@@ -1,13 +1,23 @@
-#	@(#)Makefile	8.2 (Berkeley) 2/28/1994
+#	$Id: Makefile,v 8.7 2000/02/01 08:21:47 gshapiro Exp $
 
 DIR=	smm/08.sendmailop
 SRCS=	op.me
+OBJS=	op.ps
 MACROS=	-me
+ROFF_CMD=	groff
+PIC_CMD=	pic
+EQN_CMD=	eqn
+PIC=		${PIC_CMD} -C
+EQN=		${EQN_CMD} -C -Tps
+ROFF=		${ROFF_CMD} -Tps -mps ${MACROS}
 
-all: op.ps
+all: ${OBJS}
 
-op.ps: ${SRCS}
-	rm -f ${.TARGET}
-	${PIC} ${SRCS} | ${EQN} | ${ROFF} > ${.TARGET}
+${OBJS}: ${SRCS}
+	rm -f $@
+	${PIC} ${SRCS} | ${EQN} | ${ROFF} > $@
 
-.include <bsd.doc.mk>
+clean:
+	rm -f ${OBJS}
+
+install: ${OBJS}
diff --git a/contrib/sendmail/doc/op/op.me b/contrib/sendmail/doc/op/op.me
index e9c2e5c..af76f12 100644
--- a/contrib/sendmail/doc/op/op.me
+++ b/contrib/sendmail/doc/op/op.me
@@ -1,4 +1,5 @@
-.\" Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+.\" Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+.\"	All rights reserved.
 .\" Copyright (c) 1983, 1995 Eric P. Allman.  All rights reserved.
 .\" Copyright (c) 1983, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -8,7 +9,7 @@
 .\" the sendmail distribution.
 .\"
 .\"
-.\"	@(#)op.me	8.135 (Berkeley) 1/16/1999
+.\"	$Id: op.me,v 8.317.4.25 2000/07/19 18:42:01 ca Exp $
 .\"
 .\" eqn op.me | pic | troff -me
 .eh 'SMM:08-%''Sendmail Installation and Operation Guide'
@@ -39,6 +40,10 @@
 .sz 12
 .sp
 .b "INSTALLATION AND OPERATION GUIDE"
+.(f
+.b DISCLAIMER:
+This documentation is under modification.
+.)f
 .sz 10
 .sp
 .r
@@ -46,9 +51,13 @@ Eric Allman
 Sendmail, Inc.
 eric@Sendmail.COM
 .sp
-Version 8.135
+.de Ve
+Version \\$2
+..
+.Ve $Revision: 8.317.4.25 $
+.rm Ve
 .sp
-For Sendmail Version 8.9
+For Sendmail Version 8.11
 .)l
 .(f
 Sendmail is a trademark of Sendmail, Inc.
@@ -83,6 +92,7 @@ incrementally.
 is based on
 RFC821 (Simple Mail Transport Protocol),
 RFC822 (Internet Mail Headers Format),
+RFC974 (MX routing),
 RFC1123 (Internet Host Requirements),
 RFC2045 (MIME),
 RFC1869 (SMTP Service Extensions),
@@ -93,8 +103,12 @@ RFC1892 (Multipart/Report),
 RFC1893 (Mail System Status Codes),
 RFC1894 (Delivery Status Notifications),
 RFC1985 (SMTP Service Extension for Remote Message Queue Starting),
+RFC2033 (Local Message Transmission Protocol),
+RFC2034 (SMTP Service Extension for Returning Enhanced Error Codes),
+RFC2476 (Message Submission),
+RFC2487 (SMTP Service Extension for Secure SMTP over TLS),
 and
-RFC2033 (Local Message Transmission Protocol).
+RFC2554 (SMTP Service Extension for Authentication).
 However, since
 .i sendmail
 is designed to work in a wider world,
@@ -135,16 +149,6 @@ describes configuration that can be done at compile time.
 The appendixes give a brief
 but detailed explanation of a number of features
 not described in the rest of the paper.
-.pp
-.\"XXX
-.b DISCLAIMER:
-This documentation is under modification.
-.bp
-.rs
-.sp |4i
-.ce 2
-This page intentionally left blank;
-replace it with a blank sheet for double-sided output.
 .bp 7
 .sh 1 "BASIC INSTALLATION"
 .pp
@@ -188,12 +192,12 @@ you should probably skip to section 1.2.
 All
 .i sendmail
 source is in the
-.i src
+.i sendmail
 subdirectory.
 To compile sendmail,
 .q cd
 into the
-.i src
+.i sendmail
 directory and type
 .(b
 \&./Build
@@ -221,7 +225,6 @@ A list of directories to search for include files.
 Set an environment variable to an indicated
 .i value
 before compiling.
-This is normally used to set an ABI on Irix.
 .ip "\-c"
 Create a new
 .i obj.*
@@ -237,7 +240,7 @@ of the files
 and
 .i $BUILDTOOLS/Site/site.config.m4 ,
 where $BUILDTOOLS is normally
-.i \&../BuildTools
+.i \&../devtools
 and $oscf is the same name as used on the
 .i obj.*
 directory.
@@ -256,7 +259,8 @@ program.
 .\"XXX
 .pp
 (This section is not yet complete.
-For now, see the file BuildTools/README for details.)
+For now, see the file devtools/README for details.)
+See sendmail/README for various compilation flags that can be set.
 .sh 3 "Tweaking the Makefile"
 .pp
 .\" .b "XXX This should all be in the Site Configuration File section."
@@ -436,7 +440,7 @@ An example feature is
 use_cw_file
 (which tells
 .i sendmail
-to read an /etc/sendmail.cw file on startup
+to read an /etc/mail/local-host-names file on startup
 to find the set of local names).
 .ip hack
 Local hacks, referenced using the
@@ -553,21 +557,19 @@ this creates a security hole that is not actually related to
 .i sendmail .
 Other important directories that should have restrictive ownerships
 and permissions are
-/bin, /usr/bin, /etc, /usr/etc, /lib, and /usr/lib.
+/bin, /usr/bin, /etc, /etc/mail, /usr/etc, /lib, and /usr/lib.
 .)f
-.sh 3 "/etc/sendmail.cf"
+.sh 3 "/etc/mail/sendmail.cf"
 .pp
 This is the configuration file for
 .i sendmail \**.
 .(f
 \**Actually, the pathname varies depending on the operating system;
-/etc is the preferred directory.
+/etc/mail is the preferred directory.
 Some older systems install it in
 .b /usr/lib/sendmail.cf ,
 and I've also seen it in
-.b /usr/ucblib
-and
-.b /etc/mail .
+.b /usr/ucblib .
 If you want to move this file,
 add -D_PATH_SENDMAILCF=\e"/file/name\e"
 to the flags passed to the C compiler.
@@ -608,7 +610,7 @@ for your system.
 .pp
 The
 .i hoststat
-command should just be a link to 
+command should just be a link to
 .i sendmail ,
 in a fashion similar to
 .i newaliases .
@@ -640,6 +642,23 @@ is defined in the
 option of the
 .i sendmail.cf
 file.
+To use multiple queues,
+supply a value ending with an asterisk.
+For example,
+.i /var/spool/mqueue/q*
+will use all of the directories or symbolic links to directories
+beginning with `q' in
+.i /var/spool/mqueue
+as queue directories.
+Do not change the queue directory structure
+while sendmail is running.
+.pp
+If these directories have subdirectories or symbolic links to directories
+named `qf', `df', and `xf', then these will be used for the different
+queue file types.
+That is, the data files are stored in the `df' subdirectory,
+the transcript files are stored in the `xf' subdirectory, and
+all others are stored in the `qf' subdirectory.
 .sh 3 "/var/spool/mqueue/.hoststat"
 .pp
 This is a typical value for the
@@ -649,18 +668,18 @@ containing one file per host
 that this sendmail has chatted with recently.
 It is normally a subdirectory of
 .i mqueue .
-.sh 3 "/etc/aliases*"
+.sh 3 "/etc/mail/aliases*"
 .pp
 The system aliases are held in
-.q /etc/aliases .
+.q /etc/mail/aliases .
 A sample is given in
-.q lib/aliases
+.q sendmail/aliases
 which includes some aliases which
 .i must
 be defined:
 .(b
-cp lib/aliases /etc/aliases
-.i "edit /etc/aliases"
+cp lib/aliases /etc/mail/aliases
+.i "edit /etc/mail/aliases"
 .)b
 You should extend this file with any aliases that are apropos to your system.
 .pp
@@ -668,11 +687,11 @@ Normally
 .i sendmail
 looks at a database version of the files,
 stored either in
-.q /etc/aliases.dir
+.q /etc/mail/aliases.dir
 and
-.q /etc/aliases.pag
+.q /etc/mail/aliases.pag
 or
-.q /etc/aliases.db
+.q /etc/mail/aliases.db
 depending on which database package you are using.
 The actual path of this file
 is defined in the
@@ -702,7 +721,7 @@ or on a System-V-based system
 in one of the startup files, typically
 .q /etc/init.d/sendmail :
 .(b
-if [ \-f /usr/\*(SD/sendmail \-a \-f /etc/sendmail.cf ]; then
+if [ \-f /usr/\*(SD/sendmail \-a \-f /etc/mail/sendmail.cf ]; then
 	(cd /var/spool/mqueue; rm \-f [lnx]f*)
 	/usr/\*(SD/sendmail \-bd \-q30m &
 	echo \-n ' sendmail' >/dev/console
@@ -788,15 +807,15 @@ that supports Berkeley TCP/IP,
 do not include the
 .b \-bd
 flag.
-.sh 3 "/usr/lib/sendmail.hf"
+.sh 3 "/etc/mail/helpfile"
 .pp
 This is the help file used by the SMTP
 .b HELP
 command.
 It should be copied from
-.q lib/sendmail.hf :
+.q sendmail/helpfile :
 .(b
-cp lib/sendmail.hf /usr/lib
+cp sendmail/helpfile /etc/mail/helpfile
 .)b
 The actual path of this file
 is defined in the
@@ -804,15 +823,15 @@ is defined in the
 option of the
 .i sendmail.cf
 file.
-.sh 3 "/etc/sendmail.st"
+.sh 3 "/etc/mail/statistics"
 .pp
 If you wish to collect statistics
 about your mail traffic,
 you should create the file
-.q /etc/sendmail.st :
+.q /etc/mail/statistics :
 .(b
-cp /dev/null /etc/sendmail.st
-chmod 644 /etc/sendmail.st
+cp /dev/null /etc/mail/statistics
+chmod 644 /etc/mail/statistics
 .)b
 This file does not grow.
 It is printed with the program
@@ -996,6 +1015,11 @@ and the sender and recipients.
 .i Sendmail
 should run the queue automatically
 at intervals.
+When using multiple queues,
+a separate process will be created to
+run each of the queues
+unless the queue run is initiated by a user
+with the verbose flag.
 The algorithm is to read and sort the queue,
 and then to attempt to process all jobs in order.
 When it attempts to run the job,
@@ -1069,13 +1093,13 @@ rmdir /var/spool/omqueue
 .pp
 .i Sendmail
 stores a large amount of information about each remote system it
-has connected to in memory. It is now possible to preserve some 
+has connected to in memory. It is now possible to preserve some
 of this information on disk as well, by using the
 .b HostStatusDirectory
 option, so that it may be shared between several invocations of
 .i sendmail .
 This allows mail to be queued immediately or skipped during a queue run if
-there has been a recent failure in connecting to a remote machine. 
+there has been a recent failure in connecting to a remote machine.
 .pp
 Additionally enabling
 .b SingleThreadDelivery
@@ -1098,7 +1122,7 @@ this way jobs that are skipped because another
 is talking to the same host will be tried again quickly
 rather than being delayed for a long time.
 .pp
-The disk based host information is stored in a subdirectory of the 
+The disk based host information is stored in a subdirectory of the
 .b mqueue
 directory called
 .b \&.hoststat \**.
@@ -1109,7 +1133,7 @@ option;
 it can, of course, go anywhere you like in your filesystem.
 .)f
 Removing this directory and its subdirectories has an effect similar to
-the 
+the
 .i purgestat
 command and is completely safe.
 The information in these directories can
@@ -1121,7 +1145,7 @@ An asterisk in the left most column indicates that a
 .i sendmail
 process currently has the host locked for mail delivery.
 .pp
-The disk based connection information is treated the same way as memory based 
+The disk based connection information is treated the same way as memory based
 connection information for the purpose of timeouts.
 By default, information about host failures is valid for 30 minutes.
 This can be adjusted with
@@ -1130,9 +1154,9 @@ the
 option.
 .pp
 The connection information stored on disk may be purged at any time
-with the 
+with the
 .i purgestat
-command or by invoking sendmail with the 
+command or by invoking sendmail with the
 .b \-bH
 switch.
 The connection information may be viewed with the
@@ -1205,7 +1229,7 @@ which must resolve to a
 {\c
 .i mailer ,
 .i host ,
-.i user }
+.i address }
 triple.
 If the flags selected by the
 .i mailer
@@ -1213,7 +1237,7 @@ include the
 .b A
 (aliasable) flag,
 the
-.i user
+.i address
 part of the triple is looked up as the key
 (i.e., the left hand side)
 into the alias database.
@@ -1227,7 +1251,7 @@ are similarly expanded.
 The alias database exists in two forms.
 One is a text form,
 maintained in the file
-.i /etc/aliases.
+.i /etc/mail/aliases.
 The aliases are of the form
 .(b
 name: name1, name2, ...
@@ -1246,7 +1270,8 @@ will permit aliasing;
 this is normally limited to the local mailer.
 .)f
 Aliases may be continued by starting any continuation lines
-with a space or a tab.
+with a space or a tab or by putting a backslash directly before
+the newline.
 Blank lines and lines beginning with a sharp sign
 (\c
 .q # )
@@ -1261,12 +1286,12 @@ package does not work.
 .)f
 or the Berkeley DB library.
 This form is in the file
-.i /etc/aliases.db
+.i /etc/mail/aliases.db
 (if using NEWDB)
 or
-.i /etc/aliases.dir
+.i /etc/mail/aliases.dir
 and
-.i /etc/aliases.pag
+.i /etc/mail/aliases.pag
 (if using NDBM).
 This is the form that
 .i sendmail
@@ -1287,14 +1312,14 @@ will be used as the name of the file for a ``files'' entry
 in the aliases switch.
 For example, if the configuration file contains
 .(b
-O AliasFile=/etc/aliases
+O AliasFile=/etc/mail/aliases
 .)b
 and the service switch contains
 .(b
 aliases	nis files nisplus
 .)b
 then aliases will first be searched in the NIS database,
-then in /etc/aliases,
+then in /etc/mail/aliases,
 then in the NIS+ database.
 .pp
 You can also use
@@ -1302,10 +1327,10 @@ You can also use
 alias files.
 For example, the specification:
 .(b
-O AliasFile=/etc/aliases
+O AliasFile=/etc/mail/aliases
 O AliasFile=nis:mail.aliases@my.nis.domain
 .)b
-will first search the /etc/aliases file
+will first search the /etc/mail/aliases file
 and then the map named
 .q mail.aliases
 in
@@ -1554,10 +1579,18 @@ and is deprecated.
 The Precedence: header can be used as a crude control of message priority.
 It tweaks the sort order in the queue
 and can be configured to change the message timeout values.
+The precedence of a message also controls how
+delivery status notifications (DSNs)
+are processed for that message.
 .sh 2 "IDENT Protocol Support"
 .pp
 .i Sendmail
 supports the IDENT protocol as defined in RFC 1413.
+Note that the RFC states
+a client should wait at least 30 seconds for a response.
+The default Timeout.ident is 5 seconds
+as many sites have adopted the practice of dropping IDENT queries.
+This has lead to delays processing mail.
 Although this enhances identification
 of the author of an email message
 by doing a ``call back'' to the originating system to include
@@ -1733,7 +1766,10 @@ For example,
 .)b
 For a complete list of the available debug flags
 you will have to look at the code
-(they are too dynamic to keep this documentation up to date).
+and the
+.i TRACEFLAGS
+file in the sendmail distribution
+(they are too dynamic to keep this document up to date).
 .sh 2 "Changing the Values of Options"
 .pp
 Options can be overridden using the
@@ -1775,7 +1811,7 @@ flag; for example,
 uses the configuration file
 .i test.cf
 instead of the default
-.i /etc/sendmail.cf.
+.i /etc/mail/sendmail.cf.
 If the
 .b \-C
 flag has no value
@@ -1925,7 +1961,7 @@ This information may be flushed with the command:
 sendmail \-bH
 .)b
 Flushing the information prevents new
-.i sendmail 
+.i sendmail
 processes from loading it,
 but does not prevent existing processes from using the status information
 that they already have.
@@ -1996,6 +2032,9 @@ flag
 specifies how often a sub-daemon will run the queue.
 This is typically set to between fifteen minutes
 and one hour.
+If not set,
+or set to zero,
+the queue will not be run automatically.
 RFC 1123 section 5.3.1.1 recommends that this be at least 30 minutes.
 .sh 3 "Read timeouts"
 .pp
@@ -2048,7 +2087,7 @@ that takes a long time to expand
 .ip datainit\(dg
 The wait for a reply from a DATA command
 [5m, 2m].
-.ip datablock\(dg
+.ip datablock\(dg\(dd
 The wait for reading a data block
 (that is, the body of the message).
 [1h, 3m].
@@ -2073,29 +2112,75 @@ The wait for a reply from a QUIT command
 The wait for a reply from miscellaneous (but short) commands
 such as NOOP (no-operation) and VERB (go into verbose mode).
 [2m, unspecified].
-.ip command\(dg
+.ip command\(dg\(dd
 In server SMTP,
 the time to wait for another command.
 [1h, 5m].
-.ip ident
+.ip ident\(dd
 The timeout waiting for a reply to an IDENT query
 [30s\**, unspecified].
 .(f
 \**On some systems the default is zero to turn the protocol off entirely.
 .)f
-.ip fileopen
+.ip fileopen\(dd
 The timeout for opening .forward and :include: files [60s, none].
-.ip hoststatus
+.ip control\(dd
+The timeout for a complete control socket transaction to complete [2m, none].
+.ip hoststatus\(dd
 How long status information about a host
 (e.g., host down)
 will be cached before it is considered stale
 [30m, unspecified].
+.ip resolver.retrans
+The resolver's
+retransmission time interval
+(in seconds)
+[varies].
+Sets both
+.i Timeout.resolver.retrans.first
+and
+.i Timeout.resolver.retrans.normal .
+.ip resolver.retrans.first
+The resolver's
+retransmission time interval
+(in seconds)
+for the first attempt to
+deliver a message
+[varies].
+.ip resolver.retrans.normal
+The resolver's
+retransmission time interval
+(in seconds)
+for all resolver lookups
+except the first delivery attempt
+[varies].
+.ip resolver.retry
+The number of times
+to retransmit a resolver query.
+Sets both
+.i Timeout.resolver.retry.first
+and
+.i Timeout.resolver.retry.normal
+[varies].
+.ip resolver.retry.first
+The number of times
+to retransmit a resolver query
+for the first attempt
+to deliver a message
+[varies].
+.ip resolver.retry.normal
+The number of times
+to retransmit a resolver query
+for all resolver lookups
+ except the first delivery attempt
+[varies].
 .lp
 For compatibility with old configuration files,
 if no
 .i suboption
 is specified,
-all the timeouts marked with \(dg are set to the indicated value.
+all the timeouts marked with a dagger (\(dg) are set to the indicated value.
+All but those marked with a double dagger (\(dd) apply to client SMTP.
 .pp
 Many of the RFC 1123 minimum values
 may well be too short.
@@ -2151,6 +2236,34 @@ options in the configuration file
 .b T
 option).
 .pp
+If the message is submitted using the
+.sm NOTIFY
+.sm SMTP
+extension,
+warning messages will only be sent if
+.sm NOTIFY=DELAY
+is specified.
+The queuereturn and queuewarn timeouts
+can be further qualified with a tag based on the Precedence: field
+in the message;
+they must be one of
+.q urgent
+(indicating a positive non-zero precedence)
+.q normal
+(indicating a zero precedence), or
+.q non-urgent
+(indicating negative precedences).
+For example, setting
+.q Timeout.queuewarn.urgent=1h
+sets the warning timeout for urgent messages only
+to one hour.
+The default if no precedence is indicated
+is to set the timeout for all precedences.
+The value "now" can be used for
+-O Timeout.queuereturn
+to return entries immediately during a queue run,
+e.g., to bounce messages independent of their time in the queue.
+.pp
 Since these options are global,
 and since you can not know
 .i "a priori"
@@ -2410,7 +2523,8 @@ Successful deliveries and alias database rebuilds.
 Messages being deferred
 (due to a host being down, etc.).
 .ip 10
-Database expansion (alias, forward, and userdb lookups).
+Database expansion (alias, forward, and userdb lookups)
+and authentication information.
 .ip 11
 NIS errors and end of job processing.
 .ip 12
@@ -2491,13 +2605,16 @@ and make
 setuid to that)
 which will fix the privacy problems
 but not the functionality issues.
+It also introduces problems on some operating systems
+if sendmail needs to give up the setuid special privileges.
 Also, this isn't a guarantee of security:
 for example,
 root occasionally sends mail,
 and the daemon often runs as root.
 Note however that
 .i sendmail
-must run as root in order to create the SMTP listener socket.
+must run as root or the trusted user in order to create the SMTP listener
+socket.
 .pp
 A middle ground is to make
 .i sendmail
@@ -2526,6 +2643,17 @@ alias files,
 :include: files,
 and external databases)
 must be readable by that user.
+Also, since sendmail will not be able to change it's uid,
+delivery to programs or files will be marked as unsafe, 
+e.g., undeliverable,
+in
+.i \&.forward ,
+aliases,
+and :include: files.
+Administrators can override this by setting the
+.b DontBlameSendmail
+option to the setting
+.b NonRootSafeAddr .
 .b RunAsUser
 is probably best suited for firewall configurations
 that don't have regular user logins.
@@ -2553,9 +2681,9 @@ In the descriptions that follow,
 means a directory that is writable by anyone other than the owner.
 The values are:
 .nr ii 0.5i
-.ip Safe 
+.ip Safe
 No special handling.
-.ip AssumeSafeChown 
+.ip AssumeSafeChown
 Assume that the
 .i chown
 system call is restricted to root.
@@ -2566,12 +2694,16 @@ often cannot assume that a given file was created by the owner,
 particularly when it is in a writable directory.
 You can set this flag if you know that file giveaway is restricted
 on your system.
-.ip ClassFileInUnsafeDirPath 
+.ip ClassFileInUnsafeDirPath
 When reading class files (using the
 .b F
 line in the configuration file),
 allow files that are in unsafe directories.
-.ip ErrorHeaderInUnsafeDirPath 
+.ip DontWarnForwardFileInUnsafeDirPath
+Prevent logging of
+unsafe directory path warnings
+for non-existent forward files.
+.ip ErrorHeaderInUnsafeDirPath
 Allow the file named in the
 .b ErrorHeader
 option to be in an unsafe directory.
@@ -2580,7 +2712,7 @@ Change the definition of
 .q "unsafe directory"
 to consider group-writable directories to be safe.
 World-writable directories are always unsafe.
-.ip GroupWritableForwardFileSafe 
+.ip GroupWritableForwardFileSafe
 Accept group-writable
 .i \&.forward
 files.
@@ -2588,7 +2720,7 @@ files.
 Accept group-writable
 .i :include:
 files.
-.ip GroupWritableAliasFile 
+.ip GroupWritableAliasFile
 Allow group-writable alias files.
 .ip HelpFileInUnsafeDirPath
 Allow the file named in the
@@ -2622,6 +2754,9 @@ Allow a
 .i :include:
 file that is in an unsafe directory to include references
 to program and files.
+.ip InsufficientEntropy
+Try to use STARTTLS even if the PRNG for OpenSSL is not properly seeded
+despite the security problems.
 .ip MapInUnsafeDirPath
 Allow maps (e.g.,
 .i hash ,
@@ -2663,6 +2798,14 @@ Allow writes to maps that are symbolic links.
 Allow the status file to be a hard link.
 .ip WriteStatsToSymLink
 Allow the status file to be a symbolic link.
+.ip TrustStickyBit
+Allow group or world writable directories
+if the sticky bit is set on the directory.
+Do not set this on systems which do not honor
+the sticky bit on directories.
+.ip NonRootSafeAddr
+Do not mark file and program deliveries as unsafe
+if sendmail is not running with root privileges.
 .sh 2 "Connection Caching"
 .pp
 When processing the queue,
@@ -2720,7 +2863,7 @@ then your system is probably configured properly already.
 Otherwise,
 .i sendmail
 will consult the file
-.b /etc/service.switch ,
+.b /etc/mail/service.switch ,
 which should be created.
 .i Sendmail
 only uses two entries:
@@ -2944,27 +3087,21 @@ The flags are detailed in section
 5.6.
 .sh 2 "Send to Me Too"
 .pp
-Normally,
+Beginning with version 8.10,
 .i sendmail
-deletes the (envelope) sender from any list expansions.
+includes by default the (envelope) sender in any list expansions.
 For example, if
 .q matt
 sends to a list that contains
 .q matt
-as one of the members he won't get a copy of the message.
+as one of the members he will get a copy of the message.
 If the
-.b \-m
-(me too)
-command line flag, or if the
 .b MeToo
-(\c
-.b m )
-option is set in the configuration file,
-this behaviour is suppressed.
-Some sites like to run the
-.sm SMTP
-daemon with
-.b \-m .
+option is set to
+.sm FALSE
+(in the configuration file or via the command line),
+this behavior is changed, i.e.,
+the (envelope) sender is excluded in list expansions.
 .sh 1 "THE WHOLE SCOOP ON THE CONFIGURATION FILE"
 .pp
 This section describes the configuration file
@@ -3048,6 +3185,10 @@ Macro expansions of the form
 .b $ \c
 .i x
 are performed when the configuration file is read.
+A literal
+.b $
+can be included using
+.b $$ .
 Expansions of the form
 .b $& \c
 .i x
@@ -3414,7 +3555,7 @@ Ruleset zero
 is applied after ruleset three
 to addresses that are going to actually specify recipients.
 It must resolve to a
-.i "{mailer, host, user}"
+.i "{mailer, host, address}"
 triple.
 The
 .i mailer
@@ -3457,15 +3598,20 @@ falling off the end or returning normally is an accept,
 and resolving to
 .b $#error
 is a reject.
-Many of these can also resolve to the special mailer
+Many of these can also resolve to the special mailer name
 .b $#discard ;
 this accepts the message as though it were successful
 but then discards it without delivery.
+Note,
+this mailer can not be chosen as a mailer in ruleset 0.
 .sh 4 "check_relay"
 .pp
 The
 .i check_relay
-ruleset is called after a connection is accepted.
+ruleset is called after a connection is accepted by the daemon.
+It is not called when sendmail is started using the
+.b \-bs
+option.
 It is passed
 .(b
 client.host.name $| client.host.address
@@ -3505,6 +3651,122 @@ It can accept or reject mail transfer between these two addresses
 much like the
 .i checkcompat()
 function.
+.sh 4 "check_eoh"
+.pp
+The
+.i check_eoh
+ruleset is passed
+.(b
+number-of-headers $| size-of-headers
+.)b
+where
+.b $|
+is a metacharacter separating the numbers.
+These numbers can be used for size comparisons with the
+.b arith
+map.
+The ruleset is triggered after
+all of the headers have been read.
+It can be used to correlate information gathered
+from those headers using the
+.b macro
+storage map.
+One possible use is to check for a missing header.
+For example:
+.(b
+.ta 1.5i
+Kstorage macro
+HMessage-Id: $>CheckMessageId
+
+SCheckMessageId
+# Record the presence of the header
+R$*			$: $(storage {MessageIdCheck} $@ OK $) $1
+R< $+ @ $+ >		$@ OK
+R$*			$#error $: 553 Header Error
+
+Scheck_eoh
+# Check the macro
+R$*			$: < $&{MessageIdCheck} >
+# Clear the macro for the next message
+R$*			$: $(storage {MessageIdCheck} $) $1
+# Has a Message-Id: header
+R< $+ >			$@ OK
+# Allow missing Message-Id: from local mail
+R$*			$: < $&{client_name} >
+R< >			$@ OK
+R< $=w >		$@ OK
+# Otherwise, reject the mail
+R$*			$#error $: 553 Header Error
+.)b
+Keep in mind the Message-Id: header is not a required header and
+is not a guaranteed spam indicator.
+This ruleset is an example and
+should probably not be used in production.
+.sh 4 "check_etrn"
+.pp
+The
+.i check_etrn
+ruleset is passed the parameter of the
+.sm "SMTP ETRN"
+command.
+It can accept or reject the command.
+.sh 4 "check_expn"
+.pp
+The
+.i check_expn
+ruleset is passed the user name parameter of the
+.sm "SMTP EXPN"
+command.
+It can accept or reject the address.
+.sh 4 "check_vrfy"
+.pp
+The
+.i check_vrfy
+ruleset is passed the user name parameter of the
+.sm "SMTP VRFY"
+command.
+It can accept or reject the command.
+.sh 4 "trust_auth"
+.pp
+The
+.i trust_auth
+ruleset is passed the AUTH= parameter of the
+.sm "SMTP MAIL"
+command.
+It is used to determine whether this value should be
+trusted. In order to make this decision, the ruleset
+may make use of the various
+.b ${auth_*}
+macros.
+If the ruleset does resolve to the
+.q error
+mailer the AUTH= parameter is not trusted and hence
+not passed on to the next relay.
+.sh 4 "tls_client"
+.pp
+The
+.i tls_client
+ruleset is called when sendmail acts as server, after a STARTTLS command
+has been issued, and from
+.i check_mail.
+The parameter is the value of
+.b ${verify}
+and STARTTLS or MAIL, respectively.
+If the ruleset does resolve to the
+.q error
+mailer, the appropriate error code is returned to the client.
+.sh 4 "tls_server"
+.pp
+The
+.i tls_server
+ruleset is called when sendmail acts as client after a STARTTLS command
+(should) have been issued.
+The parameter is the value of
+.b ${verify} .
+If the ruleset does resolve to the
+.q error
+mailer, the connection is aborted
+(treated as non-deliverable with a permanent or temporary error).
 .sh 3 "IPC mailers"
 .pp
 Some special processing occurs
@@ -3516,7 +3778,7 @@ listed as the Path in the
 configuration line.
 The host name passed after
 .q $@
-has MX expansion performed;
+has MX expansion performed if not delivering via a named socket;
 this looks the name up in DNS to find alternate delivery sites.
 .pp
 The host name can also be provided as a dotted quad in square brackets;
@@ -3610,7 +3872,7 @@ This interpolates
 .i text1
 if the macro
 .b $x
-is set,
+is set and non-null,
 and
 .i text2
 otherwise.
@@ -3708,7 +3970,7 @@ The format of the UNIX from line.
 Unless you have changed the UNIX mailbox format,
 you should not change the default,
 which is
-.q "From $g  $d" .
+.q "From $g $d" .
 .ip $m
 The domain part of the \fIgethostname\fP return value.
 Under normal circumstances,
@@ -3792,10 +4054,34 @@ The full name of the sender.
 The home directory of the recipient.
 .ip $_
 The validated sender address.
+.ip ${auth_authen}
+The client's authentication credentials as determined by authentication
+(only set if successful).
+.ip ${auth_author}
+The authorization identity, i.e. the AUTH= parameter of the
+.sm "SMTP MAIL"
+command if supplied.
+.ip ${auth_type}
+The mechanism used for authentication
+(only set if successful).
+.ip ${auth_ssf}
+The keylength (in bits) of the symmetric encryption algorithm
+used for the security layer of a SASL mechanism.
 .ip ${bodytype}
 The message body type
 (7BIT or 8BITMIME),
 as determined from the envelope.
+.ip ${cert_issuer}
+The DN (distinguished name) of the CA (certificate authority)
+that signed the presented certificate (the cert issuer).
+.ip ${cert_subject}
+The DN of the presented certificate (called the cert subject).
+.ip ${cipher}
+The cipher suite used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
+EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
+.ip ${cipher_bits}
+The keylength (in bits) of the symmetric encryption algorithm
+used for a TLS connection.
 .ip ${client_addr}
 The IP address of the SMTP client.
 Defined in the SMTP server only.
@@ -3803,22 +4089,159 @@ Defined in the SMTP server only.
 The host name of the SMTP client.
 This may be the client's bracketed IP address
 in the form [ nnn.nnn.nnn.nnn ] if the client's
-IP address is not resolvable.
+IP address is not resolvable, or if the resolved
+name doesn't match ${client_name}.
 Defined in the SMTP server only.
 .ip ${client_port}
 The port number of the SMTP client.
 Defined in the SMTP server only.
+.ip ${client_resolve}
+Holds the result of the resolve call for
+.b ${client_name}
+: OK, FAIL, FORGED, TEMP.
+Defined in the SMTP server only.
+.ip ${currHeader}
+Header value as quoted string
+(possibly truncated to
+.b MAXNAME ).
+.ip ${daemon_addr}
+The IP address the daemon is listening on for connections.
+Unless
+.b DaemonPortOptions
+is set, this will be
+.q 0.0.0.0 .
+.ip ${daemon_family}
+The network family
+if the daemon is accepting network connections.
+Possible values include
+.q inet ,
+.q inet6 ,
+.q iso ,
+.q ns ,
+.q x.25
+.ip ${daemon_flags}
+The flags for the daemon as specified by the
+Modifier= part of
+.b DaemonPortOptions
+whereby the flags are separated from each other by spaces,
+and upper case flags are doubled.
+That is,
+Modifier=Ea
+will be represented as
+"EE a" in
+.b ${daemon_flags} ,
+which is required for testing the flags in rulesets.
+.ip ${daemon_info}
+Some information about a daemon as a text string.
+For example,
+.q SMTP+queueing@00:30:00 .
+.ip ${daemon_name}
+The name of the daemon from
+.b DaemonPortOptions
+Name= suboption.
+If this suboption is not set,
+"Daemon#",
+where # is the daemon number,
+is used.
+.ip ${daemon_port}
+The port the daemon is accepting connection on.
+Unless
+.b DaemonPortOptions
+is set, this will most likely be
+.q 25 .
+.ip ${deliveryMode}
+The current delivery mode sendmail is using.
+It is initially set to the value of the
+.b DeliveryMode
+option.
 .ip ${envid}
 The envelope id passed to sendmail as part of the envelope.
+.ip ${hdrlen}
+The length of the header value which is stored in
+${currHeader} (before possible truncation).
+If this value is greater than or equal
+.b MAXNAME
+the header has been truncated.
+.ip ${hdr_name}
+The name of the header field for which the current header
+check ruleset has been called.
+This is useful for a default header check ruleset to get
+the name of the header.
+.ip ${if_addr}
+The IP address of the interface of an incoming connection
+unless it is in the loopback net.
+.ip ${if_name}
+The name of the interface of an incoming connection.
+This macro can be used for
+SmtpGreetingMessage and HReceived for virtual hosting.
+For example:
+O SmtpGreetingMessage=$?{if_name}${if_name}$|$j$. Sendmail $v/$Z; $b
+.ip ${mail_addr}
+The address part of the resolved triple of the address given for the
+.sm "SMTP MAIL"
+command.
+Defined in the SMTP server only.
+.ip ${mail_host}
+The host from the resolved triple of the address given for the
+.sm "SMTP MAIL"
+command.
+Defined in the SMTP server only.
+.ip ${mail_mailer}
+The mailer from the resolved triple of the address given for the
+.sm "SMTP MAIL"
+command.
+Defined in the SMTP server only.
+.ip ${ntries}
+The number of delivery attempts.
 .ip ${opMode}
 The current operation mode (from the
 .b \-b
 flag).
-.ip ${deliveryMode}
-The current delivery mode
-(from the
-.b DeliveryMode
-option).
+.ip ${queue_interval}
+The queue run interval given by the
+.b \-q
+flag.
+For example,
+.b \-q30m
+would set
+.b ${queue_interval}
+to
+.q 00:30:00 .
+.ip ${rcpt_addr}
+The address part of the resolved triple of the address given for the
+.sm "SMTP RCPT"
+command.
+Defined in the SMTP server only.
+.ip ${rcpt_host}
+The host from the resolved triple of the address given for the
+.sm "SMTP RCPT"
+command.
+Defined in the SMTP server only.
+.ip ${rcpt_mailer}
+The mailer from the resolved triple of the address given for the
+.sm "SMTP RCPT"
+command.
+Defined in the SMTP server only.
+.ip ${server_addr}
+The address of the server of the current outgoing SMTP connection.
+.ip ${server_name}
+The name of the server of the current outgoing SMTP connection.
+.ip ${tls_version}
+The TLS/SSL version used for the connection, e.g., TLSv1, SSLv3, SSLv2.
+.ip ${verify}
+The result of the verification of the presented cert.
+Possible values are:
+.(b
+.ta 9n
+OK	verification succeeded.
+NO	no cert presented.
+FAIL	cert presented but could not be verified,
+	e.g., the signing CA is missing.
+NONE	STARTTLS has not been performed.
+TEMP	temporary error occurred.
+PROTOCOL some protocol error occurred.
+SOFTWARE STARTTLS handshake failed.
+.)b
 .pp
 There are three types of dates that can be used.
 The
@@ -4063,6 +4486,17 @@ The syntax is:
 The first form defines the class
 .i c
 to match any of the named words.
+If
+.i phrase1
+or
+.i phrase2
+is another class,
+e.g.,
+.i $=S ,
+the contents of class
+.i S
+are added to class
+.i c .
 It is permissible to split them among multiple lines;
 for example, the two forms:
 .(b
@@ -4079,6 +4513,15 @@ reads the elements of the class
 .i c
 from the named
 .i file .
+Each element should be listed on a separate line.
+To specify an optional file, use ``-o'' between the class
+name and the file name, e.g.,
+.(b
+Fc -o /path/to/file
+.)b
+If the file can't be used,
+.i sendmail
+will not complain but silently ignore it.
 .pp
 Elements of classes can be accessed in rules using
 .b $=
@@ -4170,6 +4613,9 @@ If you want to read trusted users from a file, use
 set to be the set of all names
 this host is known by.
 This can be used to match local hostnames.
+.ip $={persistentMacros}
+set to the macros would should be saved across queue runs.
+Care should be taken when adding macro names to this class.
 .pp
 .i Sendmail
 can be compiled to allow a
@@ -4214,12 +4660,15 @@ Recipient	Rewriting set(s) for recipient addresses
 Argv	An argument vector to pass to this mailer
 Eol	The end-of-line string for this mailer
 Maxsize	The maximum message length to this mailer
+maxmessages	The maximum message deliveries per connection
 Linelimit	The maximum line length in the message body
 Directory	The working directory for the mailer
 Userid	The default user and group id to run as
 Nice	The nice(2) increment for the mailer
 Charset	The default character set for 8-bit characters
-Type	The MTS type information (used for error messages)
+Type	Type information for DSN diagnostics
+Wait	The maximum time to wait for the mailer
+/	The root directory for the mailer
 .)b
 Only the first character of the field name is checked.
 .pp
@@ -4290,6 +4739,8 @@ However, it doesn't really work reliably.
 Do not include angle brackets around route-address syntax addresses.
 This is useful on mailers that are going to pass addresses to a shell
 that might interpret angle brackets as I/O redirection.
+However, it does not protect against other shell metacharacters.
+Therefore, passing addresses to a shell should not be considered secure.
 .ip D\(dg
 This mailer wants a
 .q Date:
@@ -4298,6 +4749,8 @@ header line.
 This mailer is expensive to connect to,
 so try to avoid connecting normally;
 any necessary connection will occur during a queue run.
+See also option
+.b HoldExpensive .
 .ip E
 Escape lines beginning with
 .q From\0
@@ -4335,6 +4788,7 @@ error messages will be sent as from the MAILER-DAEMON
 macro).
 .ip h
 Upper case should be preserved in host names
+(the $@ portion of the mailer triplet resolved from ruleset 0)
 for this mailer.
 .ip i
 Do User Database rewriting on envelope sender address.
@@ -4388,6 +4842,8 @@ macro occurs in the
 part of the mailer definition,
 that field will be repeated as necessary
 for all qualifying users.
+Removing this flag can defeat duplicate supression on a remote site
+as each recipient is sent in a separate transaction.
 .ip M\(dg
 This mailer wants a
 .q Message-Id:
@@ -4407,7 +4863,7 @@ or as
 .b u
 option)
 when delivering network mail.
-The normal behaviour is required by most local mailers,
+The normal behavior is required by most local mailers,
 which will not allow the envelope sender address
 to be set unless the mailer is running as daemon.
 This flag is ignored if the
@@ -4458,11 +4914,12 @@ This could be used to avoid forged addresses.
 If the
 .b U=
 field is also specified,
-this flag causes the user id to always be set to that user and group
-(instead of leaving it as root).
+this flag causes the effective user id to be set to that user.
 .ip u
 Upper case should be preserved in user names
 for this mailer.
+Standards require preservation of case in the local part of addresses,
+except for those address for which your system accepts responsibility.
 .ip U
 This mailer wants UUCP-style
 .q From
@@ -4511,6 +4968,8 @@ Useful if you have IBM mainframes on site.
 If no aliases are found for this address,
 pass the address through ruleset 5 for possible alternate resolution.
 This is intended to forward the mail to an alternate delivery spot.
+.ip 6
+Strip headers to seven bits.
 .ip 7
 Strip all output to seven bits.
 This is the default if the
@@ -4553,6 +5012,12 @@ if they do, convert them to the
 mailer.
 .ip @
 Look up addresses in the user database.
+.ip %
+Do not attempt delivery on initial recipient of a message
+or on queue runs
+unless the queued message is selected
+using one of the -qI/-qR/-qS queue run modifiers
+or an ETRN request.
 .pp
 Configuration files prior to level 6
 assume the `A', `w', `5', `:', `|', `/', and `@' options
@@ -4587,6 +5052,8 @@ The mailer with the special name
 .q discard
 causes any mail sent to it to be discarded
 but otherwise treated as though it were successfully delivered.
+This mailer can not be used in ruleset 0,
+only in the various address checking rulesets.
 .pp
 The mailer named
 .q local
@@ -4642,7 +5109,8 @@ option (q.v.).
 If the
 .b S
 mailer flag is also specified,
-this is the user and group to run as in all circumstances.
+this user and group will be set as the
+effective uid and gid for the process.
 This may be given as
 .i user:group
 to set both the user and group id;
@@ -4691,6 +5159,20 @@ or begin with
 .q X\- .
 The default is
 .q dns/rfc822/smtp .
+.pp
+The m= field specifies the maximum number of messages to attempt to deliver 
+on a single SMTP or LMTP connection.
+.pp
+The /= field specifies a new root directory for the mailer.  The path is
+macro expanded and then passed to the
+.q chroot
+system call.  The root directory is changed before the Directory field is
+consulted or the uid is changed.
+.pp
+The Wait= field specifies the maximum time to wait for the
+mailer to return after sending all data to it.
+This applies to mailers that have been forked by
+.i sendmail .
 .sh 2 "H \*- Define Header"
 .pp
 The format of the header lines that
@@ -4699,12 +5181,29 @@ inserts into the message
 are defined by the
 .b H
 line.
-The syntax of this line is:
+The syntax of this line is one of the following:
+.(b F
+.b H \c
+.i hname \c
+.b :
+.i htemplate
+.)b
 .(b F
 .b H [\c
 .b ? \c
 .i mflags \c
-.b ? ]\c
+.b ? \c
+.b ]\c
+.i hname \c
+.b :
+.i htemplate
+.)b
+.(b F
+.b H [\c
+.b ? \c
+.i ${macro} \c
+.b ? \c
+.b ]\c
 .i hname \c
 .b :
 .i htemplate
@@ -4721,9 +5220,19 @@ are specified,
 at least one of the specified flags
 must be stated in the mailer definition
 for this header to be automatically output.
+If a
+.i ${macro}
+(surrounded by question marks)
+is specified,
+the header will be automatically output
+if the macro is set.
+The macro may be set using any of the normal methods,
+including using the
+.b macro
+storage map in a ruleset.
 If one of these headers is in the input
 it is reflected to the output
-regardless of these flags.
+regardless of these flags or macros.
 .pp
 Some headers have special semantics
 that will be described later.
@@ -4735,6 +5244,10 @@ To enable validation, use:
 .i Header \c
 .b ": $>" \c
 .i Ruleset
+.b H \c
+.i Header \c
+.b ": $>+" \c
+.i Ruleset
 .)b
 The indicated
 .i Ruleset
@@ -4750,7 +5263,10 @@ to discard the message
 rulesets).
 The header is treated as a structured field,
 that is,
-comments (in parentheses) are deleted before processing.
+comments (in parentheses) are deleted before processing,
+unless the second form
+.b $>+
+is used.
 .pp
 For example, the configuration lines:
 .(b
@@ -4767,6 +5283,21 @@ Message-Id: <>
 Message-Id: some text
 Message-Id: <legal text@domain> extra crud
 .)b
+A default ruleset that is called for headers which don't have a
+specific ruleset defined for them can be specified by:
+.(b
+.b H \c
+.i * \c
+.b ": $>" \c
+.i Ruleset
+.)b
+or
+.(b
+.b H \c
+.i * \c
+.b ": $>+" \c
+.i Ruleset
+.)b
 .sh 2 "O \*- Set Option"
 .pp
 There are a number of
@@ -4879,23 +5410,47 @@ If set, allow HELO SMTP commands that don't include a host name.
 Setting this violates RFC 1123 section 5.2.5,
 but is necessary to interoperate with several SMTP clients.
 If there is a value, it is still checked for legitimacy.
+.ip AuthMechanisms
+[no short name]
+List of authentication mechanisms for AUTH (separated by spaces).
+The advertised list of authentication mechanisms will be the
+intersection of this list and the list of available mechanisms as
+determined by the Cyrus SASL library.
+.ip AuthOptions
+[no short name]
+When to use the AUTH= parameter for the MAIL FROM command;
+.(b
+.ta 1i
+A Only when authentication succeeded.
+.)b
+The default is to try whenever SMTP AUTH is available.
 .ip AutoRebuildAliases
 [D]
 If set,
 rebuild the alias database if necessary and possible.
+The rebuild will happen the next time an alias is looked up.
 If this option is not set,
 .i sendmail
 will never rebuild the alias database
 unless explicitly requested
 using
 .b \-bi .
-Not recommended \(em can cause thrashing.
+.b NOTE :
+There is a potential for a denial of service attack if this is set.
+This option is deprecated and
+will be removed from a future version.
 .ip BlankSub=\fIc\fP
 [B]
 Set the blank substitution character to
 .i c .
 Unquoted spaces in addresses are replaced by this character.
 Defaults to space (i.e., no change is made).
+.ip CACERTPath
+[no short name]
+Path to directory with certificates of CAs.
+.ip CACERTFile
+[no short name]
+File containing one CA certificate.
 .ip CheckAliases
 [n]
 Validate the RHS of aliases when rebuilding the alias database.
@@ -4921,6 +5476,42 @@ lines in the configuration file)
 and subtracted from the priority.
 Thus, messages with a higher Priority: will be favored.
 Defaults to 1800.
+.ip ClientCertFile
+[no short name]
+File containing the certificate of the client, i.e., this certificate
+is used when sendmail acts as client.
+.ip ClientPortOptions=\fIoptions\fP
+[O]
+Set client SMTP options.
+The options are
+.i key=value
+pairs separated by commas.
+Known keys are:
+.(b
+.ta 1i
+Port	Name/number of source port for connection (defaults to any free port)
+Addr	Address mask (defaults INADDR_ANY)
+Family	Address family (defaults to INET)
+SndBufSize	Size of TCP send buffer
+RcvBufSize	Size of TCP receive buffer
+Modifier	Options (flags) for the daemon
+.)b
+The
+.i Addr ess
+mask may be a numeric address in dot notation
+or a network name.
+.i Modifier
+can be the following character:
+.(b
+.ta 1i
+h	use name of interface for HELO command
+.)b
+If ``h'' is set, the name corresponding to the outgoing interface
+address (whether chosen via the Connection parameter or
+the default) is used for the HELO/EHLO command.
+.ip ClientKeyFile
+[no short name]
+File containing the private key belonging to the client certificate.
 .ip ColonOkInAddr
 [no short name]
 If set, colons are acceptable in e-mail addresses
@@ -4970,6 +5561,10 @@ The point of this option is to be a good network neighbor
 and avoid using up excessive resources
 on the other end.
 The default is five minutes.
+.ip ConnectOnlyTo=\fIaddress\fP
+[no short name]
+This can be used to
+override the connection address (for testing purposes).
 .ip ConnectionRateThrottle=\fIN\fP
 [no short name]
 If set to a positive value,
@@ -4979,26 +5574,118 @@ incoming daemon connections in a one second period.
 This is intended to flatten out peaks
 and allow the load average checking to cut in.
 Defaults to zero (no limits).
+.ip ControlSocketName=\fIname\fP
+[no short name]
+Name of the control socket for daemon management.
+A running
+.i sendmail
+daemon can be controlled through this named socket.
+Available commands are:
+.i help,
+.i restart,
+.i shutdown,
+and
+.i status.
+The
+.i status
+command returns the current number of daemon children,
+the maximum number of daemon children,
+the free disk space (in blocks) of the queue directory,
+and the load average of the machine expressed as an integer.
+If not set, no control socket will be available.
+Solaris and pre-4.4BSD kernel users should see the note in sendmail/README .
+.ip DHParameters
+File with DH parameters for STARTTLS.
+This is only required if DSA/DH is used.
 .ip DaemonPortOptions=\fIoptions\fP
 [O]
 Set server SMTP options.
+Each instance of DaemonPortOptions leads to an additional incoming socket.
 The options are
 .i key=value
 pairs.
 Known keys are:
 .(b
 .ta 1i
+Name	User-definable name for the daemon (defaults to "Daemon#")
 Port	Name/number of listening port (defaults to "smtp")
 Addr	Address mask (defaults INADDR_ANY)
 Family	Address family (defaults to INET)
 Listen	Size of listen queue (defaults to 10)
+Modifier	Options (flags) for the daemon
 SndBufSize	Size of TCP send buffer
 RcvBufSize	Size of TCP receive buffer
 .)b
 The
+.i Name
+field is used for error messages and logging.
+The
 .i Addr ess
 mask may be a numeric address in dot notation
 or a network name.
+The 
+.i Family
+key defaults to INET (IPv4).
+IPv6 users who wish to also accept IPv6 connections
+should add additional Family=inet6 DaemonPortOptions lines.
+.i Modifier
+can be a sequence (without any delimiters)
+of the following characters:
+.(b
+.ta 1i
+a	always require authentication
+b	bind to interface through which mail has been received
+c	perform hostname canonification (.cf)
+f	require fully qualified hostname (.cf)
+u	allow unqualified addresses (.cf)
+C	don't perform hostname canonification
+E	disallow ETRN (see RFC 2476)
+.)b
+That is, one way to specify a message submission agent (MSA) that
+always requires authentication is:
+.(b
+O DaemonPortOptions=Name=MSA, Port=587, M=Ea
+.)b
+The modifiers that are marked with "(.cf)" have only
+effect in the standard configuration file, in which
+they are available via
+.b ${daemon_flags} .
+The flags ``c'' and ``C'' can change the default for
+hostname canonification in the
+.i sendmail.cf
+file.
+See the relevant documentation for
+.sm FEATURE(nocanonify) .
+The modifier ``f'' disallows addresses of the form
+.b user@host
+unless they are submitted directly.
+The flag ``u'' allows unqualified sender addresses.
+``b'' forces sendmail to bind to the interface
+through which the e-mail has been
+received for the outgoing connection.
+.b WARNING:
+Use ``b''
+only if outgoing mail can be routed through the incoming connection's
+interface to its destination. No attempt is made to catch problems due to a
+misconfiguration of this parameter, use it only for virtual hosting
+where each virtual interface can connect to every possible location.
+This will also override possible settings via
+.b ClientPortOptions.
+Note,
+.i sendmail
+will listen on a new socket
+for each occurence of the DaemonPortOptions option
+in a configuration file.
+.ip DefaultAuthInfo
+[no short name]
+Filename that contains default authentication information for outgoing
+connections. This file must contain the user id, the authorization id,
+the password (plain text), and the realm to use
+on separate lines and must be readable by
+root (or the trusted user) only.
+If no realm is specified,
+.b $j 
+is used.
 .ip DefaultCharSet=\fIcharset\fP
 [no short name]
 When a message that has 8-bit characters but is not in MIME format
@@ -5011,13 +5698,33 @@ If that is not set, the value of this option is used.
 If this option is not set, the value
 .q unknown-8bit
 is used.
+.ip DataFileBufferSize=\fIthreshold\fP
+[no short name]
+Set the
+.i threshold ,
+in bytes,
+before a memory-based
+queue data file
+becomes disk-based.
+The default is 4096 bytes.
+.ip DeadLetterDrop=\fIfile\fP
+[no short name]
+Defines the location of the system-wide dead.letter file,
+formerly hardcoded to /usr/tmp/dead.letter.
+If this option is not set (the default),
+sendmail will not attempt to save to a system-wide dead.letter file
+in the event
+it can not bounce the mail to the user or postmaster.
+Instead, it will rename the qf file
+as it has in the past
+when the dead.letter file could not be opened.
 .ip DefaultUser=\fIuser:group\fP
 [u]
 Set the default userid for mailers to
 .i user:group .
 If
 .i group
-is omitted and 
+is omitted and
 .i user
 is a user name
 (as opposed to a numeric user id)
@@ -5093,6 +5800,7 @@ The arguments are individual options that turn off checking:
 Safe
 AssumeSafeChown
 ClassFileInUnsafeDirPath
+DontWarnForwardFileInUnsafeDirPath
 ErrorHeaderInUnsafeDirPath
 FileDeliveryToHardLink
 FileDeliveryToSymLink
@@ -5107,6 +5815,7 @@ HelpFileinUnsafeDirPath
 IncludeFileInUnsafeDirPath
 IncludeFileInUnsafeDirPathSafe
 IncludeFileIngroupWritableDirPath
+InsufficientEntropy
 LinkedAliasFileInWritableDir
 LinkedClassFileInWritableDir
 LinkedForwardFileInWritableDir
@@ -5114,8 +5823,10 @@ LinkedIncludeFileInWritableDir
 LinkedMapInWritableDir
 LinkedServiceSwitchFileInWritableDir
 MapInUnsafeDirPath
+NonRootSafeAddr
 RunProgramInUnsafeDirPath
 RunWritableProgram
+TrustStickyBit
 WorldWritableAliasFile
 WriteMapToHardLink
 WriteMapToSymLink
@@ -5142,7 +5853,7 @@ If this option is set, the protocols are ignored and the
 .q wrong
 thing is done.
 However, the IETF is moving toward changing this standard,
-so the behaviour may become acceptable.
+so the behavior may become acceptable.
 Please note that hosts downstream may still rewrite the address
 to be the true canonical name however.
 .ip DontInitGroups
@@ -5206,6 +5917,8 @@ because it is an error
 that occurs when trying to send another error
 .q bounce )
 to the indicated address.
+The address is macro expanded
+at the time of delivery.
 If not set, defaults to
 .q postmaster .
 .ip EightBitMode=\fIaction\fP
@@ -5258,7 +5971,7 @@ containing a message (this is the recommended setting).
 Otherwise, it is a literal message.
 The error file might contain the name, email address, and/or phone number
 of a local postmaster who could provide assistance
-in to end users.
+to end users.
 If the option is missing or null,
 or if it names a file which does not exist or which is not readable,
 no message is printed.
@@ -5283,6 +5996,9 @@ If specified, the
 acts like a very low priority MX
 on every host.
 This is intended to be used by sites with poor network connectivity.
+Messages which are undeliverable due to temporary address failures
+(e.g., DNS failure)
+also go to the FallBackMX host.
 .ip ForkEachJob
 [Y]
 If set,
@@ -5312,6 +6028,7 @@ and then in
 [H]
 Specify the help file
 for SMTP.
+If no file name is specified, "helpfile" is used.
 .ip HoldExpensive
 [c]
 If an outgoing mailer is marked as being expensive,
@@ -5360,6 +6077,15 @@ A suggested value for sites desiring persistent host status is
 Ignore dots in incoming messages.
 This is always disabled (that is, dots are always accepted)
 when reading SMTP mail.
+.ip LDAPDefaultSpec=\fIspec\fP
+[no short name]
+Sets a default map specification for LDAP maps.
+The value should only contain LDAP specific settings
+such as
+.q "-h host -p port -d bindDN" .
+The settings will be used for all LDAP maps
+unless the individual map specification overrides a setting.
+This option should be set before any LDAP maps are defined.
 .ip LogLevel=\fIn\fP
 [L]
 Set the log level to
@@ -5388,16 +6114,24 @@ for a matching entry in the GECOS field.
 This also requires that MATCHGECOS
 be turned on during compilation.
 This option is not recommended.
+.ip MaxAliasRecursion=\fIN\fP
+[no short name]
+The maximum depth of alias recursion (default: 10).
 .ip MaxDaemonChildren=\fIN\fP
 [no short name]
 If set,
 .i sendmail
 will refuse connections when it has more than
 .i N
-children processing incoming mail.
+children processing incoming mail or automatic queue runs.
 This does not limit the number of outgoing connections.
 If not set, there is no limit to the number of children --
 that is, the system load averaging controls this.
+.ip MaxHeadersLength=\fIN\fP
+[no short name]
+The maximum length of the sum of all headers.
+This can be used to prevent a denial of service attack.
+The default is no limit.
 .ip MaxHopCount=\fIN\fP
 [h]
 The maximum hop count.
@@ -5405,18 +6139,27 @@ Messages that have been processed more than
 .i N
 times are assumed to be in a loop and are rejected.
 Defaults to 25.
-.ip MaxHostStatAge=\fIage\fP
-[no short name]
-Not yet implemented.
-This option specifies how long host status information will be retained.
-For example, if a host is found to be down,
-connections to that host will not be retried for this interval.
-The units default to minutes.
 .ip MaxMessageSize=\fIN\fP
 [no short name]
 Specify the maximum message size
 to be advertised in the ESMTP EHLO response.
 Messages larger than this will be rejected.
+.ip MaxMimeHeaderLength=\fIN[/M]\fP
+[no short name]
+Sets the maximum length of certain MIME header field values
+to
+.i N
+characters.
+For some of these headers which take parameters,
+the maximum length of each parameter is set to
+.i M
+if specified.  If
+.i /M
+is not specified, one half of
+.i N
+will be used.
+By default,
+these values are 0, meaning no checks are done.
 .ip MaxQueueRunSize=\fIN\fP
 [no short name]
 The maximum number of jobs that will be processed
@@ -5443,6 +6186,8 @@ If not set, there is no limit on the number of recipients per envelope.
 [m]
 Send to me too,
 even if I am in an alias expansion.
+This option is deprecated
+and will be removed from a future version.
 .ip MinFreeBlocks=\fIN\fP
 [b]
 Insist on at least
@@ -5524,16 +6269,28 @@ If not set, OperatorChars defaults to
 additionally, the characters
 .q (\|)\|<\|>\|,\|;
 are always operators.
+Note that OperatorChars must be set in the
+configuration file before any rulesets.
+.ip PidFile=\fIfilename\fP
+[no short name]
+Filename of the pid file.
+(default is _PATH_SENDMAILPID).
+The
+.i filename
+is macro-expanded before it is opened.
 .ip PostmasterCopy=\fIpostmaster\fP
 [P]
 If set,
 copies of error messages will be sent to the named
 .i postmaster .
 Only the header of the failed message is sent.
+Errors resulting from messages with a negative precedence will not be sent.
 Since most errors are user problems,
 this is probably not a good idea on large sites,
 and arguably contains all sorts of privacy violations,
 but it seems to be popular with certain operating systems vendors.
+The address is macro expanded
+at the time of delivery.
 Defaults to no postmaster copies.
 .ip PrivacyOptions=\fI\|opt,opt,...\fP
 [p]
@@ -5550,7 +6307,7 @@ can be selected from:
 public	Allow open access
 needmailhelo	Insist on HELO or EHLO command before MAIL
 needexpnhelo	Insist on HELO or EHLO command before EXPN
-noexpn	Disallow EXPN entirely
+noexpn	Disallow EXPN entirely, implies noverb.
 needvrfyhelo	Insist on HELO or EHLO command before VRFY
 novrfy	Disallow VRFY entirely
 noetrn	Disallow ETRN entirely
@@ -5558,6 +6315,7 @@ noverb	Disallow VERB entirely
 restrictmailq	Restrict mailq command
 restrictqrun	Restrict \-q command line flag
 noreceipts	Don't return success DSNs\**
+nobodyreturn	Don't return the body of a message with DSNs
 goaway	Disallow essentially all SMTP status queries
 authwarnings	Put X-Authentication-Warning: headers in messages
 .)b
@@ -5565,18 +6323,18 @@ authwarnings	Put X-Authentication-Warning: headers in messages
 \**N.B.:
 the
 .b noreceipts
-flag causes
-.i sendmail
-to violate RFC 1891,
-which requires that return receipts be provided
-if Delivery Status Notifications are supported.
+flag turns off support for RFC 1891
+(Delivery Status Notification).
 .)f
 The
 .q goaway
 pseudo-flag sets all flags except
-.q restrictmailq
+.q noreceipts ,
+.q restrictmailq ,
+.q restrictqrun ,
+.q noetrn ,
 and
-.q restrictqrun .
+.q nobodyreturn .
 If mailq is restricted,
 only people in the same group as the queue directory
 can print the queue.
@@ -5586,11 +6344,29 @@ can run the queue.
 Authentication Warnings add warnings about various conditions
 that may indicate attempts to spoof the mail system,
 such as using an non-standard queue directory.
+.ip ProcessTitlePrefix=\fIstring\fP
+[no short name]
+Prefix the process title shown on 'ps' listings with
+.i string .
+The
+.i string
+will be macro processed.
 .ip QueueDirectory=\fIdir\fP
 [Q]
 Use the named
 .i dir
 as the queue directory.
+To use multiple queues, supply a value ending with an asterisk.
+For example,
+.i /var/spool/mqueue/q*
+will use all of the directories or symbolic links to directories
+beginning with
+.i q
+in
+.i /var/spool/mqueue
+as queue directories.
+Do not change the queue directory structure
+while sendmail is running.
 .ip QueueFactor=\fIfactor\fP
 [q]
 Use
@@ -5611,7 +6387,9 @@ When the system load average exceeds
 .i LA ,
 just queue messages
 (i.e., don't try to send them).
-Defaults to 8.
+Defaults to 8 multiplied by
+the number of processors online on the system
+(if that can be determined).
 .ip QueueSortOrder=\fIalgorithm\fP
 [no short name]
 Sets the
@@ -5621,6 +6399,8 @@ Only the first character of the value is used.
 Legal values are
 .q host
 (to order by the name of the first host name of the first recipient),
+.q filename
+(to order by the name of the queue file name),
 .q time
 (to order by the submission time),
 and
@@ -5631,6 +6411,9 @@ but may tend to process low priority messages
 that go to a single host
 over high priority messages that go to several hosts;
 it probably shouldn't be used on slow network links.
+Filename ordering saves the overhead of
+reading all of the queued items
+before starting the queue run.
 Time ordering is almost always a bad idea,
 since it allows large, bulk mail to go out
 before smaller, personal mail,
@@ -5643,6 +6426,13 @@ A synonym for
 Use that form instead of the
 .q QueueTimeout
 form.
+.ip RandFile
+[no short name]
+Name of file containing random data or the name of the Unix socket
+if EGD is used.
+A (required) prefix "egd:" or "file:" specifies the type.
+STARTTLS requires this filename if the compile flag HASURANDOM is not set
+(see sendmail/README).
 .ip ResolverOptions=\fIoptions\fP
 [I]
 Set resolver options.
@@ -5683,6 +6473,13 @@ if the
 method is listed in the service switch entry for the
 .q hosts
 service.
+.ip RrtImpliesDsn
+[R]
+If this option is set, a
+.q Return-Receipt-To:
+header causes the request of a DSN, which is sent to
+the envelope sender as required by RFC1891,
+not to the address given in the header.
 .ip RunAsUser=\fIuser\fP
 [no short name]
 The
@@ -5711,11 +6508,14 @@ However, this means that all
 and
 .q :include:
 files must be readable by the indicated
-.i user ,
-and on systems that don't support the saved uid bit properly,
-all files to be written must be writable by
+.i user 
+and all files to be written must be writable by
 .i user
-and all programs will be executed by
+Also, all file and program deliveries will be marked unsafe
+unless the option
+.b DontBlameSendmail=NonRootAddrSafe
+is set,
+in which case the delivery will be done as
 .i user .
 It is also incompatible with the
 .b SafeFileEnvironment
@@ -5741,7 +6541,9 @@ Defaults to 30000.
 When the system load average exceeds
 .i LA ,
 refuse incoming SMTP connections.
-Defaults to 12.
+Defaults to 12 multiplied by
+the number of processors online on the system
+(if that can be determined).
 .ip RetryFactor=\fIfact\fP
 [Z]
 The
@@ -5785,7 +6587,7 @@ Unix-style
 lines at the front of headers.
 Normally they are assumed redundant
 and discarded.
-.ip SendMIMEErrors
+.ip SendMimeErrors
 [j]
 If set, send error messages in MIME format
 (see RFC2045 and RFC1344 for details).
@@ -5794,6 +6596,13 @@ If disabled,
 will not return the DSN keyword in response to an EHLO
 and will not do Delivery Status Notification processing as described in
 RFC1891.
+.ip ServerCertFile
+[no short name]
+File containing the certificate of the server, i.e., this certificate
+is used when sendmail acts as server.
+.ip ServerKeyFile
+[no short name]
+File containing the private key belonging to the server certificate.
 .ip ServiceSwitchFile=\fIfilename\fP
 [no short name]
 If your host operating system has a service switch abstraction
@@ -5821,14 +6630,15 @@ or
 (with the caveat that the appropriate support
 must be compiled in
 before the service can be referenced).
-If ServiceSwitchFile is not specified, it defaults to /etc/service.switch.
+If ServiceSwitchFile is not specified, it defaults to
+/etc/mail/service.switch.
 If that file does not exist, the default switch is:
 .(b
 aliases	files
 hosts	dns nis files
 .)b
 The default file is
-.q /etc/service.switch .
+.q /etc/mail/service.switch .
 .ip SevenBitInput
 [7]
 Strip input to seven bits for compatibility with old systems.
@@ -5874,6 +6684,7 @@ Defaults to
 [S]
 Log summary statistics in the named
 .i file .
+If no file name is specified, "statistics" is used.
 If not set,
 no summary statistics are saved.
 This file does not grow in size.
@@ -5901,54 +6712,10 @@ Defaults to 0600.
 .ip Timeout.\fItype\fP=\|\fItimeout\fP
 [r; subsumes old T option as well]
 Set timeout values.
-The actual timeout is indicated by the
-.i type .
-The recognized timeouts and their default values, and their
-minimum values specified in RFC 1123 section 5.3.2 are:
-.(b
-.ta \w'datafinal'u+3n
-initial	wait for initial greeting message [5m, 5m]
-helo	reply to HELO or EHLO command [5m, none]
-mail	reply to MAIL command [10m, 5m]
-rcpt	reply to RCPT command [1h, 5m]
-datainit	reply to DATA command [5m, 2m]
-datablock	data block read [1h, 3m]
-datafinal	reply to final ``.'' in data [1h, 10m]
-rset	reply to RSET command [5m, none]
-quit	reply to QUIT command [2m, none]
-misc	reply to NOOP and VERB commands [2m, none]
-ident	IDENT protocol timeout [30s, none]
-fileopen\(dg	timeout on opening .forward and :include: files [60s, none]
-command\(dg	command read [1h, 5m]
-queuereturn\(dg	how long until a message is returned [5d, 5d]
-queuewarn\(dg	how long until a warning is sent [none, none]
-hoststatus\(dg	how long until host status is ``stale'' [30m, none]
-.)b
-All but those marked with a dagger (\(dg)
-apply to client SMTP.
-If the message is submitted using the
-.sm NOTIFY
-.sm SMTP
-extension,
-warning messages will only be sent if
-.sm NOTIFY=DELAY
-is specified.
-The queuereturn and queuewarn timeouts
-can be further qualified with a tag based on the Precedence: field
-in the message;
-they must be one of
-.q urgent
-(indicating a positive non-zero precedence)
-.q normal
-(indicating a zero precedence), or
-.q non-urgent
-(indicating negative precedences).
-For example, setting
-.q Timeout.queuewarn.urgent=1h
-sets the warning timeout for urgent messages only
-to one hour.
-The default if no precedence is indicated
-is to set the timeout for all precedences.
+For more information,
+see section
+.\" XREF
+4.1.
 .ip TimeZoneSpec=\fItzinfo\fP
 [t]
 Set the local time zone info to
@@ -5959,6 +6726,17 @@ Actually, if this is not set,
 the TZ environment variable is cleared (so the system default is used);
 if set but null, the user's TZ variable is used,
 and if set and non-null the TZ variable is set to this value.
+.ip TrustedUser=\fIuser\fP
+[no short name]
+The
+.i user
+parameter may be a user name
+(looked up in
+.i /etc/passwd )
+or a numeric user id.
+Trusted user for file ownership and starting the daemon.  If set, generated
+alias databases and the control socket (if configured) will automatically
+be owned by this user.
 .ip TryNullMXList
 [w]
 If this system is the
@@ -6016,16 +6794,6 @@ This option is disrecommended and deprecated.
 .ip UserDatabaseSpec=\fIudbspec\fP
 [U]
 The user database specification.
-.ip UserSubmission
-[no short name]
-This is an initial submission directly from a Mail User Agent.
-This can be set in the configuration file if you have
-MUAs that don't pass the
-.b \-U
-flag or use the
-XUSR
-ESMTP extension,
-but some relayed mail may get inappropriately rewritten if you do.
 .ip Verbose
 [v]
 Run in verbose mode.
@@ -6048,6 +6816,15 @@ should
 .i never
 be set in the configuration file;
 it is intended for command line use only.
+.ip XscriptFileBufferSize=\fIthreshold\fP
+[no short name]
+Set the
+.i threshold ,
+in bytes,
+before a memory-based
+queue transcript file
+becomes disk-based.
+The default is 4096 bytes.
 .lp
 All options can be specified on the command line using the
 \-O or \-o flag,
@@ -6055,20 +6832,34 @@ but most will cause
 .i sendmail
 to relinquish its setuid permissions.
 The options that will not cause this are
+SevenBitInput [7],
+EightBitMode [8], 
 MinFreeBlocks [b],
+CheckpointInterval [C],
 DeliveryMode [d],
 ErrorMode [e],
 IgnoreDots [i],
+SendMimeErrors [j],
 LogLevel [L],
 MeToo [m],
 OldStyleHeaders [o],
 PrivacyOptions [p],
-Timeouts [r],
 SuperSafe [s],
 Verbose [v],
-CheckpointInterval [C],
+QueueSortOrder,
+MinQueueAge,
+DefaultCharSet,
+Dial Delay,
+NoRecipientAction,
+ColonOkInAddr,
+MaxQueueRunSize,
+SingleLineFromHeader,
 and
-SevenBitInput [7].
+AllowBogusHELO.
+Actually, PrivacyOptions [p] given on the command line
+are added to those already specified in the
+.i sendmail.cf
+file, i.e., they can't be reset.
 Also, M (define macro) when defining the r or s macros
 is also considered
 .q safe .
@@ -6139,8 +6930,8 @@ on the files.
 For example,
 as of this writing
 version 8 config files
-(specifically, 8.9)
-used version level 8 configurations.
+(specifically, 8.10)
+used version level 9 configurations.
 .pp
 .q Old
 configuration files are defined as version level one.
@@ -6166,7 +6957,7 @@ to indicate that the name is already canonical.
 Local names that are not aliases
 are passed through a new distinguished ruleset five;
 this can be used to append a local relay.
-This behaviour can be prevented by resolving the local name
+This behavior can be prevented by resolving the local name
 with an initial `@'.
 That is, something that resolves to a local mailer and a user name of
 .q vikki
@@ -6219,7 +7010,7 @@ used new option names to replace old macros
 (\c
 .b $e
 became
-.b SmtpGreeetingMessage ,
+.b SmtpGreetingMessage ,
 .b $l
 became
 .b UnixFromLine ,
@@ -6239,6 +7030,10 @@ Version level eight configuration files allow
 .b $#
 on the left hand side of ruleset lines.
 .pp
+Version level nine configuration files allow
+parentheses in rulesets, i.e. they are not treated
+as comments and hence removed.
+.pp
 The
 .b V
 line may have an optional
@@ -6395,16 +7190,28 @@ Hesiod lookups.
 must be compiled with
 .b HESIOD
 defined.
-.ip ldapx
+.ip ldap
 LDAP X500 directory lookups.
-.i Sendmail 
+.i Sendmail
 must be compiled with
 .b LDAPMAP
 defined.
 The map supports most of the standard arguments
 and most of the command line arguments of the
 .i ldapsearch
-program. 
+program.
+Note that,
+by default,
+if a single query matches multiple values,
+only the first value will be returned
+unless the 
+.b \-z
+(value separator)
+map flag is set.
+Also, the
+.b \-1
+map flag will treat a multiple value return
+as if there were no matches.
 .ip netinfo
 NeXT NetInfo lookups.
 .i Sendmail
@@ -6422,6 +7229,17 @@ and
 .b \-z
 (field delimiter)
 flags.
+.ip ph
+PH query map.
+Contributed and supported by
+Mark Roth, roth@uiuc.edu.
+For more information,
+consult the web site
+.q http://www-wsg.cso.uiuc.edu/sendmail/sendmail-phmap/ .
+.ip nsd
+nsd map for IRIX 6.5 and later.
+Contributed and supported by Bob Mende of SGI,
+mende@sgi.com.
 .ip stab
 Internal symbol table lookups.
 Used internally for aliasing.
@@ -6469,6 +7287,10 @@ then a lookup against
 first does a lookup in map1.
 If that is found, it returns immediately.
 Otherwise, the same key is used for map2.
+.ip syslog
+the key is logged via
+.i syslogd \|(8).
+The lookup returns the empty string.
 .ip switch
 Much like the
 .q sequence
@@ -6548,6 +7370,7 @@ flag.  The flags available for the map are
 -a	append string to key
 -m	match only, do not
 	replace/discard value
+-D	perform no lookup in deferred delivery mode.
 .)b
 The
 .b \-s
@@ -6556,6 +7379,14 @@ to select the substrings in the result of the lookup.  For example,
 .(b
 -s1,3,4
 .)b
+Notes: to match a
+.b $ 
+in a string,
+\\$$
+must be used.
+If the pattern contains spaces, they must be replaced
+with the blank substitution character, unless it is
+space itself.
 .ip program
 The arguments on the
 .b K
@@ -6568,6 +7399,48 @@ The first line of standard output is returned as the value of the lookup.
 This has many potential security problems,
 and has terrible performance;
 it should be used only when absolutely necessary.
+.ip macro
+Set or clear a macro value.
+To set a macro,
+pass the value as the first argument in the map lookup.
+To clear a macro,
+do not pass an argument in the map lookup.
+The map always returns the empty string.
+Example of typical usage include:
+.(b
+Kstorage macro
+
+\&...
+
+# set macro ${MyMacro} to the ruleset match
+R$+	$: $(storage {MyMacro} $@ $1 $) $1
+# set macro ${MyMacro} to an empty string
+R$*	$: $(storage {MyMacro} $@ $) $1		
+# clear macro ${MyMacro}
+R$\-	$: $(storage {MyMacro} $) $1		
+.)b
+.ip arith
+Perform simple arithmetic operations.
+The operation is given as key, currently +, -, *, /,
+l (for less than), and = are supported.
+The two operands are given as arguments.
+The lookup returns the result of the computation,
+i.e.
+.sm TRUE
+or
+.sm FALSE
+for comparisons, integer values otherwise.
+All options which are possible for maps are ignored.
+A simple example is:
+.(b
+Kcomp arith
+
+\&...
+
+Scheck_etrn
+R$*	$: $(comp l $@ $&{load_avg} $@ 7 $) $1
+RFALSE	$# error \&...
+.)b
 .pp
 Most of these accept as arguments the same optional flags
 and a filename
@@ -6647,15 +7520,18 @@ and the default is still taken if the match fails.
 .ip "\-k\fIkeycol\fP"
 The key column name (for NIS+) or number
 (for text lookups).
-For LDAP maps this is a filter string
-passed to printf with a %s where the string to be
-.q "mapped"
-is inserted. 
+For LDAP maps this is an LDAP filter string
+in which %s is replaced with the literal contents of the lookup key
+and %0 is replaced with the LDAP escaped contents of the lookup key
+according to RFC2254.
 .ip "\-v\fIvalcol\fP"
 The value column name (for NIS+) or number
 (for text lookups).
-For LDAP maps this is the name of the
-attribute to be returned.
+For LDAP maps this is the name of one or more
+attributes to be returned;
+multiple attributes can be separated by commas.
+If not specified, all attributes found in the match
+will be returned.
 .ip "\-z\fIdelim\fP"
 The column delimiter (for text lookups).
 It can be a single character or one of the special strings
@@ -6664,7 +7540,12 @@ or
 .q \|\et
 to indicate newline or tab respectively.
 If omitted entirely,
-the column separator is any sequence of whitespace.
+the column separator is any sequence of white space.
+For LDAP maps this is the separator character
+to combine multiple values
+into a single return string.
+If not set,
+the LDAP lookup will only return the first match found.
 .ip "\-t"
 Normally, when a map attempts to do a lookup
 and the server fails
@@ -6677,7 +7558,7 @@ the same as an entry not being found in the map),
 the message being processed is queued for future processing.
 The
 .b \-t
-flag turns off this behaviour,
+flag turns off this behavior,
 letting the temporary failure (server down)
 act as though it were a permanent failure (entry not found).
 It is particularly useful for DNS lookups,
@@ -6687,12 +7568,24 @@ However, care must be taken to ensure that you don't bounce mail
 that would be resolved correctly if you tried again.
 A common strategy is to forward such mail
 to another, possibly better connected, mail server.
+.ip "\-D"
+Perform no lookup in deferred delivery mode.
+This flag is set by default for the
+.i host
+map.
+.ip "\-S\fIspacesub\fP
+The character to use to replace space characters
+after a successful map lookup (esp. useful for regex
+and syslog maps).
 .ip "\-s\fIspacesub\fP
 For the dequote map only,
 the character to use to replace space characters
 after a successful dequote.
 .ip "\-q"
 Don't dequote the key before lookup.
+.ip "\-L\fIlevel\fP
+For the syslog map only, it specifies the level
+to use for the syslog call.
 .ip "\-A"
 When rebuilding an alias file,
 the
@@ -6712,6 +7605,47 @@ in the presence of the
 .b \-A
 flag.
 .pp
+The following additional flags are present in the ldap map only:
+.ip "\-R"
+Do not auto chase referrals.  sendmail must be compiled with
+.b \-DLDAP_REFERRALS
+to use this flag.
+.ip "\-n"
+Retrieve attribute names only.
+.ip "\-r\fIderef\fP"
+Set the alias dereference option to one of never, always, search, or find.
+.ip "\-s\fIscope\fP"
+Set search scope to one of base, one (one level), or sub (subtree).
+.ip "\-h\fIhost\fP"
+LDAP server hostname.
+.ip "\-b\fIbase\fP"
+LDAP search base.
+.ip "\-p\fIport\fP"
+LDAP service port.
+.ip "\-l\fItimelimit\fP"
+Time limit for LDAP queries.
+.ip "\-Z\fIsizelimit\fP"
+Size (number of matches) limit for LDAP queries.
+.ip "\-d\fIdistinguished_name\fP"
+The distinguished name to use to login to the LDAP server.
+.ip "\-M\fImethod\fP"
+The method to authenticate to the LDAP server.
+Should be one of
+.b LDAP_AUTH_NONE ,
+.b LDAP_AUTH_SIMPLE ,
+or
+.b LDAP_AUTH_KRBV4 .
+.ip "\-P\fIpasswordfile\fP"
+The file containing the secret key for the
+.b LDAP_AUTH_SIMPLE
+authentication method
+or the name of the Kerberos ticket file for
+.b LDAP_AUTH_KRBV4 .
+.ip "\-1"
+Force LDAP searches to only succeed if a single match is found.
+If multiple values are found,
+the search is treated as if no match was found.
+.pp
 The
 .i dbm
 map appends the strings
@@ -6727,7 +7661,7 @@ maps append
 .q \&.db .
 For example, the map specification
 .(b
-Kuucp dbm \-o \-N /usr/lib/uucpmap
+Kuucp dbm \-o \-N /etc/mail/uucpmap
 .)b
 specifies an optional map named
 .q uucp
@@ -6735,7 +7669,7 @@ of class
 .q dbm ;
 it always has null bytes at the end of every string,
 and the data is located in
-/usr/lib/uucpmap.{dir,pag}.
+/etc/mail/uucpmap.{dir,pag}.
 .pp
 The program
 .i makemap (8)
@@ -6758,14 +7692,7 @@ The
 daemon does not have to be restarted to read the new maps
 as long as you change them in place;
 file locking is used so that the maps won't be read
-while they are being updated.\**
-.(f
-\**That is, don't create new maps and then use
-.i mv (1)
-to move them into place.
-Since the maps are already open
-the new maps will never be seen.
-.)f
+while they are being updated.
 .pp
 New classes can be added in the routine
 .b setupmaps
@@ -6898,8 +7825,9 @@ but people not listed in the database use the local hostname.
 .sh 3 "Creating the database\**"
 .(f
 \**These instructions are known to be incomplete.
-A future version of the user database is planned
-including things such as finger service \*- and good documentation.
+Other features are available which provide similar functionality,
+e.g., virtual hosting and mapping local addresses into a
+generic form as explained in cf/README.
 .)f
 .pp
 The user database is built from a text file
@@ -6916,16 +7844,16 @@ eric:maildrop
 .)b
 This file is normally installed in a system directory;
 for example, it might be called
-.i /etc/userdb .
+.i /etc/mail/userdb .
 To make the database version of the map, run the program:
 .(b
-makemap btree /etc/userdb.db < /etc/userdb
+makemap btree /etc/mail/userdb < /etc/mail/userdb
 .)b
 Then create a config file that uses this.
 For example, using the V8 M4 configuration, include the
 following line in your .mc file:
 .(b
-define(\`confUSERDB_SPEC\', /etc/userdb.db)
+define(\`confUSERDB_SPEC\', /etc/mail/userdb.db)
 .)b
 .sh 1 "OTHER CONFIGURATION"
 .pp
@@ -6938,7 +7866,7 @@ In most cases this should be unnecessary
 unless you are porting
 .i sendmail
 to a new environment.
-.sh 2 "Parameters in BuildTools/OS/$oscf"
+.sh 2 "Parameters in devtools/OS/$oscf"
 .pp
 These parameters are intended to describe the compilation environment,
 not site policy,
@@ -6978,9 +7906,30 @@ Compile in support for NetInfo (NeXT stations).
 .ip LDAPMAP
 Compile in support for LDAP X500 queries.
 Requires libldap and liblber
-from the Umich LDAP 3.2 or 3.3 release. 
+from the Umich LDAP 3.2 or 3.3 release
+or equivalent libraries for other LDAP libraries
+such as OpenLDAP.
 .ip HESIOD
 Compile in support for Hesiod.
+.ip MAP_NSD
+Compile in support for IRIX NSD lookups.
+.ip MAP_REGEX
+Compile in support for regular expression matching.
+.ip PH_MAP
+Compile in support for ph lookups.
+.ip SASL
+Compile in support for SASL,
+a required component for SMTP Authentication support.
+.ip STARTTLS
+Compile in support for STARTTLS.
+.ip EGD
+Compile in support for the "Entropy Gathering Daemon"
+to provide better random data for TLS.
+.ip SFIO
+Compile in support for sfio, which is required to enable encryption,
+e.g., STARTTLS.
+.ip TCPWRAPPERS
+Compile in support for TCP Wrappers.
 .ip _PATH_SENDMAILCF
 The pathname of the sendmail.cf file.
 .ip _PATH_SENDMAILPID
@@ -6991,9 +7940,9 @@ such as
 .q _AIX3
 and
 .q _SCO_unix_ .
-See the src/README
+See the sendmail/README
 file for the latest scoop on these flags.
-.sh 2 "Parameters in src/conf.h"
+.sh 2 "Parameters in sendmail/conf.h"
 .pp
 Parameters and compilation options
 are defined in conf.h.
@@ -7006,7 +7955,7 @@ are their default value.
 .pp
 This document is not the best source of information
 for compilation flags in conf.h \(em
-see src/README or src/conf.h itself.
+see sendmail/README or sendmail/conf.h itself.
 .nr ii 1.2i
 .ip "MAXLINE [2048]"
 The maximum line length of any input line.
@@ -7020,7 +7969,7 @@ must fit within this limit.
 .ip "MAXNAME [256]"
 The maximum length of any name,
 such as a host or a user name.
-.ip "MAXPV [40]"
+.ip "MAXPV [256]"
 The maximum number of parameters to any mailer.
 This limits the number of recipients that may be passed in one transaction.
 It can be set to any arbitrary number above about 10,
@@ -7028,7 +7977,7 @@ since
 .i sendmail
 will break up a delivery into smaller batches as needed.
 A higher number may reduce load on your system, however.
-.ip "MAXATOM [100]"
+.ip "MAXATOM [1000]"
 The maximum number of atoms
 (tokens)
 in a single address.
@@ -7074,6 +8023,11 @@ additional arguments will be ignored.
 The maximum depth to which MIME messages may be nested
 (that is, nested Message or Multipart documents;
 this does not limit the number of components in a single Multipart document).
+.ip "MAXDAEMONS [10]"
+The maximum number of sockets sendmail will open for accepting connections
+on different ports.
+.ip "MAXMACNAMELEN [25]"
+The maximum length of a macro name.
 .lp
 A number of other compilation options exist.
 These specify whether or not specific code should be compiled in.
@@ -7091,10 +8045,18 @@ this old usage is now incorrect.
 Defaults on;
 turn it off in the Makefile
 if your system doesn't support the Internet protocols.
+.ip NETINET6\(dg
+If set,
+support for IPv6 networking is compiled in.
+It must be separately enabled by adding DaemonPortOptions settings.
 .ip NETISO\(dg
 If set,
 support for ISO protocol networking is compiled in
 (it may be appropriate to #define this in the Makefile instead of conf.h).
+.ip NETUNIX\(dg
+If set,
+support for UNIX domain sockets is compiled in.
+This is used for control socket support.
 .ip LOG
 If set,
 the
@@ -7190,6 +8152,9 @@ system call.
 Set this if you have the
 .i haswaitpid (2)
 system call.
+.ip FAST_PID_RECYCLE
+Set this if your system can possibly
+reuse the same pid in the same second of time.
 .ip SFS_TYPE
 The mechanism that can be used to get file system capacity information.
 The values can be one of
@@ -7253,7 +8218,7 @@ usually
 .q _avenrun
 or
 .q avenrun ).
-.sh 2 "Configuration in src/conf.c"
+.sh 2 "Configuration in sendmail/conf.c"
 .pp
 The following changes can be made in conf.c.
 .sh 3 "Built-in Header Semantics"
@@ -7632,7 +8597,7 @@ global variable
 bool
 refuseconnections()
 {
-	return (CurrentLA >= RefuseLA);
+	return (RefuseLA > 0 && CurrentLA >= RefuseLA);
 }
 .)b
 A more clever implementation
@@ -7649,10 +8614,10 @@ you may need to add some new tweaks.\**
 \**If you do, please send updates to
 sendmail@Sendmail.ORG.
 .)f
-.sh 2 "Configuration in src/daemon.c"
+.sh 2 "Configuration in sendmail/daemon.c"
 .pp
 The file
-.i src/daemon.c
+.i sendmail/daemon.c
 contains a number of routines that are dependent
 on the local networking environment.
 The version supplied assumes you have BSD style sockets.
@@ -7666,6 +8631,84 @@ if you wanted to generalize
 .b $]
 lookups.
 We now recommend that you create a new keyed map instead.
+.sh 2 "Certificates for STARTTLS"
+.pp
+In this section we assume that
+.i sendmail
+has been compiled with support for STARTTLS.
+When acting as a server,
+.i sendmail
+requires X.509 certificates to support STARTTLS:
+one as certificate for the server (ServerCertFile)
+at least one root CA (CACERTFile),
+i.e., a certificate that is used to sign other certificates,
+and a path to a directory which contains other CAs (CACERTPath).
+The file specified via
+CACERTFile
+can contain several certificates of CAs.
+The DNs of these certificates are sent
+to the client during the TLS handshake (as part of the
+CertificateRequest) as the list of acceptable CAs.
+An X.509 certificate is also required for authentication in client mode
+(ClientCertFile), however,
+.i sendmail
+will always use STARTTLS when offered by a server.
+The client and server certificates can be identical.
+Certificates can be obtained from a certificate authority
+or created with the help of OpenSSL.
+The required format for certificates and private keys is PEM.
+To allow for automatic startup of sendmail, private keys
+(ServerKeyFile, ClientKeyFile)
+must be stored unencrypted.
+The keys are only protected by the permissions of the file system.
+Never make a private key available to a third party.
+.sh 2 "PRNG for STARTTLS"
+.pp
+STARTTLS requires a strong pseudo random number generator (PRNG)
+to operate properly.
+Depending on the TLS library you use, it may be required to explicitly
+initialize the PRNG with random data.
+OpenSSL makes use of
+.b /dev/urandom(4)
+if available (this corresponds to the compile flag HASURANDOM).
+On systems which lack this support, a random file must be specified in the
+.i sendmail.cf
+file using the option RandFile.
+It is
+.b strongly
+advised to use the "Entropy Gathering Daemon" EGD
+from Brian Warner on those systems to provide useful random data.
+In this case,
+.i sendmail 
+must be compiled with the flag EGD, and the
+RandFile option must point to the EGD socket.
+If neither
+.b /dev/urandom(4)
+nor EGD are available, you have to make sure
+that useful random data is available all the time in RandFile.
+If the file hasn't been modified in the last 10 minutes before
+it is supposed to be used by
+.i sendmail 
+the content is considered obsolete.
+One method for generating this file is:
+.(b
+openssl rand -out /etc/mail/randfile -rand \c
+.i /path/to/file:... \c
+256
+.)b
+See the OpenSSL documentation for more information.
+In this case, the PRNG for TLS is only
+seeded with other random data if the
+.b DontBlameSendmail
+option
+.b InsufficientEntropy
+is set.
+This is most likely not sufficient for certain actions, e.g.,
+generation of (temporary) keys.
+.pp
+Please see the OpenSSL documentation or other sources
+for further information about certificates, their creation and their usage,
+the importance of a good PRNG, and other aspects of TLS.
 .sh 1 "ACKNOWLEDGEMENTS"
 .pp
 I've worked on
@@ -7689,7 +8732,7 @@ I was inspired to start working on things again.
 Bryan was also available to bounce ideas off of.
 .pp
 Gregory Neil Shapiro
-of Worchester Polytechnic Institute
+of Worcester Polytechnic Institute
 has become instrumental in all phases of
 .i sendmail
 support and development,
@@ -7700,8 +8743,9 @@ Many, many people contributed chunks of code and ideas to
 .i sendmail .
 It has proven to be a group network effort.
 Version 8 in particular was a group project.
-The following people made notable contributions:
+The following people and organizations made notable contributions:
 .(l
+Claus Assmann
 John Beck, Hewlett-Packard & Sun Microsystems
 Keith Bostic, CSRG, University of California, Berkeley
 Andrew Cheng, Sun Microsystems
@@ -7728,6 +8772,7 @@ Eric Schnoebelen, Convex Computer Corp.
 Eric Wassenaar, National Institute for Nuclear and High Energy Physics, Amsterdam
 Randall Winchester, University of Maryland
 Christophe Wolfhugel, Pasteur Institute & Herve Schauer Consultants (Paris)
+Exactis.com, Inc.
 .)l
 I apologize for anyone I have omitted, misspelled, misattributed, or
 otherwise missed.
@@ -7764,6 +8809,8 @@ t	Run in test mode
 v	Just verify addresses, don't collect or deliver
 i	Initialize the alias database
 p	Print the mail queue
+h	Print the persistent host status database
+H	Purge expired entries from the persistent host status database
 .)b
 .(f
 \(dgDeprecated.
@@ -7778,11 +8825,23 @@ when this flag is specified.
 .ip \-d\fIlevel\fP
 Set debugging level.
 .ip "\-f\ \fIaddr\fP"
-The sender's machine address is
+The envelope sender address is set to
 .i addr .
+This address may also be used in the From: header
+if that header is missing during initial submission.
+The envelope sender address is used as the recipient
+for delivery status notifications
+and may also appear in a Return-Path: header.
 .ip \-F\ \fIname\fP
 Sets the full name of this user to
 .i name .
+.ip \-G
+When accepting messages via the command line,
+indicate that they are for relay (gateway) submission.
+sendmail may complain about syntactically invalid messages,
+e.g., unqualified host names,
+rather than fixing them when this flag is set.
+sendmail will not do any canonicalization in this mode.
 .ip "\-h\ \fIcnt\fP"
 Sets the
 .q "hop count"
@@ -7799,6 +8858,16 @@ MAXHOP
 (currently 30)
 .i sendmail
 throws away the message with an error.
+.ip "\-L \fItag\fP"
+Sets the identifier used for syslog.
+Note that this identifier is set
+as early as possible.
+However, 
+.i sendmail
+may be used
+if problems arise
+before the command line arguments
+are processed.
 .ip \-n
 Don't do aliasing or forwarding.
 .ip "\-N \fInotifications\fP"
@@ -7894,6 +8963,9 @@ for headers only or
 for headers plus body.
 This is a request only;
 the other end is not required to honor the parameter.
+If
+.q HDRS
+is specified local bounces also return only the headers.
 .ip \-t
 Read the header for
 .q To: ,
@@ -7908,8 +8980,10 @@ Any addresses in the argument vector will be deleted
 from the send list.
 .ip "\-U"
 Indicate that this is an initial User Agent submission.
-In future releases, sendmail may complain about syntactically invalid messages
-rather than fixing them when this flag is not set.
+This flag is deprecated.
+Future releases will ignore this flag and
+assume all submissions from the command line are
+initial submissions.
 .ip "\-V envid"
 The indicated
 .i envid
@@ -7931,6 +9005,14 @@ the f option
 may be specified as the
 .b \-s
 flag.
+The DSN related options
+.q "\-N" ,
+.q "\-R" ,
+and
+.q "\-V"
+have no effects on
+.i sendmail
+running as daemon.
 .+c "QUEUE FILE FORMATS"
 .pp
 This appendix describes the format of the queue files.
@@ -7942,21 +9024,63 @@ file, usually
 .i /var/spool/mqueue
 or
 .i /usr/spool/mqueue .
+The individual qf, df, and xf files
+may be stored in separate 
+.i qf/ ,
+.i df/ ,
+and
+.i xf/
+subdirectories
+if they are present in the queue directory.
+.pp
+To use multiple queues,
+supply a value ending with an asterisk.
+For example,
+.i /var/spool/mqueue/q*
+will use all of the directories or symbolic links to directories
+beginning with `q' in
+.i /var/spool/mqueue
+as queue directories.
+New messages will be randomly placed
+into one of the queues.
+Do not change the queue directory structure
+while sendmail is running.
 .pp
 All queue files have the name
-\fIx\fP\|\fBf\fP\fIAAA99999\fP
+\fIx\fP\|\fBf\fP\fIYMDhmsNPPPPP\fP
 where
-.i AAA99999
+.i YMDhmsNPPPPP
 is the
 .i id
 for this message
 and the
 .i x
 is a type.
-The first letter of the id encodes the hour of the day
-that the message was received by the system
-(with A being the hour between midnight and 1:00AM).
+The individual letters in the
+.i id
+are:
+.nr ii 0.5i
+.ip Y
+Encoded year
+.ip M
+Encoded month
+.ip D
+Encoded day
+.ip h
+Encoded hour
+.ip m
+Encoded minute
+.ip s
+Encoded second
+.ip N
+Envelope number
+.ip PPPPP
+First five digits of the process ID
+.pp
 All files with the same id collectively define one message.
+If memory-buffered files are available,
+some of these files may never appear
+on disk.
 .pp
 The types are:
 .nr ii 0.5i
@@ -7992,6 +9116,12 @@ used to allow new
 binaries to read queue files created by older versions.
 Defaults to version zero.
 Must be the first line of the file if present.
+For 8.10 the version number is 4.
+.ip A
+The information given by the AUTH= parameter of the
+.q "MAIL FROM:"
+command or $f@$j
+if sendmail has been called directly.
 .ip H
 A header definition.
 There may be any number of these lines.
@@ -8089,9 +9219,6 @@ Legal values are
 .q 7BIT
 and
 .q 8BITMIME .
-.ip O
-The original MTS value (from the ESMTP transaction).
-For Deliver Status Notifications only.
 .ip Z
 The original envelope id (from the ESMTP transaction).
 For Deliver Status Notifications only.
@@ -8162,14 +9289,14 @@ This program is equivalent to using the
 .b \-bp
 flag to
 .i sendmail .
-.ip /etc/sendmail.cf
+.ip /etc/mail/sendmail.cf
 The configuration file,
 in textual form.
-.ip /usr/lib/sendmail.hf
+.ip /etc/mail/helpfile
 The SMTP help file.
-.ip /etc/sendmail.st
+.ip /etc/mail/statistics
 A statistics file; need not be present.
-.ip /etc/sendmail.pid
+.ip /etc/mail/sendmail.pid
 Created in daemon mode;
 it contains the process id of the current SMTP daemon.
 If you use this in scripts;
@@ -8178,18 +9305,18 @@ the second line contains the command line used to invoke the daemon,
 and later versions of
 .i sendmail
 may add more information to subsequent lines.
-.ip /etc/aliases
+.ip /etc/mail/aliases
 The textual version of the alias file.
-.ip /etc/aliases.db
+.ip /etc/mail/aliases.db
 The alias file in
 .i hash \|(3)
 format.
-.ip /etc/aliases.{pag,dir}
+.ip /etc/mail/aliases.{pag,dir}
 The alias file in
 .i ndbm \|(3)
 format.
 .ip /var/spool/mqueue
-The directory in which the mail queue
+The directory in which the mail queue(s)
 and temporary files reside.
 .ip /var/spool/mqueue/qf*
 Control (queue) files for messages.
@@ -8224,7 +9351,7 @@ replace it with a blank sheet for double-sided output.
 .\".sz 10
 .\"Eric Allman
 .\".sp
-.\"Version 8.135
+.\"Version $Revision: 8.317.4.25 $
 .\".ce 0
 .bp 3
 .ce
diff --git a/contrib/sendmail/include/libmilter/mfapi.h b/contrib/sendmail/include/libmilter/mfapi.h
new file mode 100644
index 0000000..5c04fe4
--- /dev/null
+++ b/contrib/sendmail/include/libmilter/mfapi.h
@@ -0,0 +1,408 @@
+/*
+ * Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ *
+ *	$Id: mfapi.h,v 8.13.4.11 2000/07/11 21:45:56 geir Exp $
+ */
+
+/*
+**  MFAPI.H -- Global definitions for mail filter library and mail filters.
+*/
+
+#ifndef _LIBMILTER_MFAPI_H
+# define _LIBMILTER_MFAPI_H	1
+
+# define LIBMILTER_API		extern
+
+
+# include <sys/types.h>
+
+#ifndef _SOCK_ADDR
+# include <sys/socket.h>
+# define _SOCK_ADDR	struct sockaddr
+#endif /* ! _SOCK_ADDR */
+
+/*
+**  libmilter functions return one of the following to indicate
+**  success/failure:
+*/
+
+#define MI_SUCCESS	0
+#define MI_FAILURE	(-1)
+
+/* "forward" declarations */
+typedef struct smfi_str SMFICTX;
+typedef struct smfi_str *SMFICTX_PTR;
+
+typedef struct smfiDesc smfiDesc_str;
+typedef struct smfiDesc	*smfiDesc_ptr;
+
+#define SMFI_VERSION	2		/* version number */
+
+/*
+**  What the filter might do -- values to be ORed together for
+**  smfiDesc.xxfi_flags.
+*/
+
+#define SMFIF_ADDHDRS	0x00000001L	/* filter may add headers */
+#define SMFIF_CHGBODY	0x00000002L	/* filter may replace body */
+#define SMFIF_MODBODY	SMFIF_CHGBODY	/* backwards compatible */
+#define SMFIF_ADDRCPT	0x00000004L	/* filter may add recipients */
+#define SMFIF_DELRCPT	0x00000008L	/* filter may delete recipients */
+#define SMFIF_CHGHDRS	0x00000010L	/* filter may change/delete headers */
+
+#define SMFI_V1_ACTS	0x0000000FL	/* The actions of V1 filter */
+#define SMFI_V2_ACTS	0x0000001FL	/* The actions of V2 filter */
+#define SMFI_CURR_ACTS	SMFI_V2_ACTS	/* The current version */
+
+/*
+**  Type which callbacks should return to indicate message status.
+**  This may take on one of the SMFIS_* values listed below.
+*/
+
+typedef int	sfsistat;
+
+/*
+**  structure describing one milter
+*/
+
+#if defined(__linux__) && defined(__GNUC__) && defined(__cplusplus) && __GNUC_MINOR__ >= 8
+# define SM__P(X)	__PMT(X)
+#else /* __linux__ && __GNUC__ && __cplusplus && _GNUC_MINOR__ >= 8 */
+# define SM__P(X)	__P(X)
+#endif /* __linux__ && __GNUC__ && __cplusplus && _GNUC_MINOR__ >= 8 */
+
+/* Some platforms don't define __P -- do it for them here: */
+#ifndef __P
+# ifdef __STDC__
+#  define __P(X) X
+# else /* __STDC__ */
+#  define __P(X) ()
+# endif /* __STDC__ */
+#endif /* __P */
+
+struct smfiDesc
+{
+	char		*xxfi_name;	/* filter name */
+	int		xxfi_version;	/* version code -- do not change */
+	u_long		xxfi_flags;	/* flags */
+
+	/* connection info filter */
+	sfsistat	(*xxfi_connect) SM__P((SMFICTX *, char *, _SOCK_ADDR *));
+
+	/* SMTP HELO command filter */
+	sfsistat	(*xxfi_helo) SM__P((SMFICTX *, char *));
+
+	/* envelope sender filter */
+	sfsistat	(*xxfi_envfrom) SM__P((SMFICTX *, char **));
+
+	/* envelope recipient filter */
+	sfsistat	(*xxfi_envrcpt) SM__P((SMFICTX *, char **));
+
+	/* header filter */
+	sfsistat	(*xxfi_header) SM__P((SMFICTX *, char *, char *));
+
+	/* end of header */
+	sfsistat	(*xxfi_eoh) SM__P((SMFICTX *));
+
+	/* body block */
+	sfsistat	(*xxfi_body) SM__P((SMFICTX *, u_char *, size_t));
+
+	/* end of message */
+	sfsistat	(*xxfi_eom) SM__P((SMFICTX *));
+
+	/* message aborted */
+	sfsistat	(*xxfi_abort) SM__P((SMFICTX *));
+
+	/* connection cleanup */
+	sfsistat	(*xxfi_close) SM__P((SMFICTX *));
+};
+
+LIBMILTER_API int smfi_register __P((struct smfiDesc));
+LIBMILTER_API int smfi_main __P((void));
+LIBMILTER_API int smfi_setdbg __P((int));
+LIBMILTER_API int smfi_settimeout __P((int));
+LIBMILTER_API int smfi_setconn __P((char *));
+
+/*
+**  Continue processing message/connection.
+*/
+
+#define SMFIS_CONTINUE	0
+
+/*
+**  Reject the message/connection.
+**  No further routines will be called for this message
+**  (or connection, if returned from a connection-oriented routine).
+*/
+
+#define SMFIS_REJECT	1
+
+/*
+**  Accept the message,
+**  but silently discard the message.
+**  No further routines will be called for this message.
+**  This is only meaningful from message-oriented routines.
+*/
+
+#define SMFIS_DISCARD	2
+
+/*
+**  Accept the message/connection.
+**  No further routines will be called for this message
+**  (or connection, if returned from a connection-oriented routine;
+**  in this case, it causes all messages on this connection
+**  to be accepted without filtering).
+*/
+
+#define SMFIS_ACCEPT	3
+
+/*
+**  Return a temporary failure, i.e.,
+**  the corresponding SMTP command will return a 4xx status code.
+**  In some cases this may prevent further routines from
+**  being called on this message or connection,
+**  although in other cases (e.g., when processing an envelope
+**  recipient) processing of the message will continue.
+*/
+
+#define SMFIS_TEMPFAIL	4
+
+#if 0
+/*
+**  Filter Routine Details
+*/
+
+/* connection info filter */
+extern sfsistat	xxfi_connect __P((SMFICTX *, char *, _SOCK_ADDR *));
+
+/*
+**  xxfi_connect(ctx, hostname, hostaddr) Invoked on each connection
+**
+**	char *hostname; Host domain name, as determined by a reverse lookup
+**		on the host address.
+**	_SOCK_ADDR *hostaddr; Host address, as determined by a getpeername
+**		call on the SMTP socket.
+*/
+
+/* SMTP HELO command filter */
+extern sfsistat	xxfi_helo __P((SMFICTX *, char *));
+
+/*
+**  xxfi_helo(ctx, helohost) Invoked on SMTP HELO/EHLO command
+**
+**	char *helohost; Value passed to HELO/EHLO command, which should be
+**		the domain name of the sending host (but is, in practice,
+**		anything the sending host wants to send).
+*/
+
+/* envelope sender filter */
+extern sfsistat	xxfi_envfrom __P((SMFICTX *, char **));
+
+/*
+**  xxfi_envfrom(ctx, argv) Invoked on envelope from
+**
+**	char **argv; Null-terminated SMTP command arguments;
+**		argv[0] is guaranteed to be the sender address.
+**		Later arguments are the ESMTP arguments.
+*/
+
+/* envelope recipient filter */
+extern sfsistat	xxfi_envrcpt __P((SMFICTX *, char **));
+
+/*
+**  xxfi_envrcpt(ctx, argv) Invoked on each envelope recipient
+**
+**	char **argv; Null-terminated SMTP command arguments;
+**		argv[0] is guaranteed to be the recipient address.
+**		Later arguments are the ESMTP arguments.
+*/
+
+/* header filter */
+extern sfsistat	xxfi_header __P((SMFICTX *, char *, char *));
+
+/*
+**  xxfi_header(ctx, headerf, headerv) Invoked on each message header. The
+**  content of the header may have folded white space (that is, multiple
+**  lines with following white space) included.
+**
+**	char *headerf; Header field name
+**	char *headerv; Header field value
+*/
+
+/* end of header */
+extern sfsistat	xxfi_eoh __P((SMFICTX *));
+
+/*
+**  xxfi_eoh(ctx) Invoked at end of header
+*/
+
+/* body block */
+extern sfsistat	xxfi_body __P((SMFICTX *, u_char *, size_t));
+
+/*
+**  xxfi_body(ctx, bodyp, bodylen) Invoked for each body chunk. There may
+**  be multiple body chunks passed to the filter. End-of-lines are
+**  represented as received from SMTP (normally Carriage-Return/Line-Feed).
+**
+**	u_char *bodyp; Pointer to body data
+**	size_t bodylen; Length of body data
+*/
+
+/* end of message */
+extern sfsistat	xxfi_eom __P((SMFICTX *));
+
+/*
+**  xxfi_eom(ctx) Invoked at end of message. This routine can perform
+**  special operations such as modifying the message header, body, or
+**  envelope.
+*/
+
+/* message aborted */
+extern sfsistat	xxfi_abort __P((SMFICTX *));
+
+/*
+**  xxfi_abort(ctx) Invoked if message is aborted outside of the control of
+**  the filter, for example, if the SMTP sender issues an RSET command. If
+**  xxfi_abort is called, xxfi_eom will not be called and vice versa.
+*/
+
+/* connection cleanup */
+extern sfsistat	xxfi_close __P((SMFICTX *));
+
+/*
+**  xxfi_close(ctx) Invoked at end of the connection. This is called on
+**  close even if the previous mail transaction was aborted.
+*/
+#endif /* 0 */
+
+/*
+**  Additional information is passed in to the vendor filter routines using
+**  symbols. Symbols correspond closely to sendmail macros. The symbols
+**  defined depend on the context. The value of a symbol is accessed using:
+*/
+
+/* Return the value of a symbol. */
+LIBMILTER_API char * smfi_getsymval __P((SMFICTX *, char *));
+
+/*
+**  Return the value of a symbol.
+**
+**	SMFICTX *ctx; Opaque context structure
+**	char *symname; The name of the symbol to access.
+*/
+
+/*
+**  Vendor filter routines that want to pass additional information back to
+**  the MTA for use in SMTP replies may call smfi_setreply before returning.
+*/
+
+LIBMILTER_API int smfi_setreply __P((SMFICTX *, char *, char *, char *));
+
+/*
+**  Set the specific reply code to be used in response to the active
+**  command. If not specified, a generic reply code is used.
+**
+**	SMFICTX *ctx; Opaque context structure
+**	char *rcode; The three-digit (RFC 821) SMTP reply code to be
+**		returned, e.g., ``551''.
+**	char *xcode; The extended (RFC 2034) reply code, e.g., ``5.7.6''.
+**	char *message; The text part of the SMTP reply.
+*/
+
+/*
+**  The xxfi_eom routine is called at the end of a message (essentially,
+**  after the final DATA dot). This routine can call some special routines
+**  to modify the envelope, header, or body of the message before the
+**  message is enqueued. These routines must not be called from any vendor
+**  routine other than xxfi_eom.
+*/
+
+LIBMILTER_API int smfi_addheader __P((SMFICTX *, char *, char *));
+
+/*
+**  Add a header to the message. This header is not passed to other
+**  filters. It is not checked for standards compliance; the mail filter
+**  must ensure that no protocols are violated as a result of adding this
+**  header.
+**
+**	SMFICTX *ctx; Opaque context structure
+**	char *headerf; Header field name
+**	char *headerv; Header field value
+*/
+
+LIBMILTER_API int smfi_chgheader __P((SMFICTX *, char *, int, char *));
+
+/*
+**  Change/delete a header in the message.  It is not checked for standards
+**  compliance; the mail filter must ensure that no protocols are violated
+**  as a result of adding this header.
+**
+**	SMFICTX *ctx; Opaque context structure
+**	char *headerf; Header field name
+**	int index; The Nth occurence of header field name
+**	char *headerv; New header field value (empty for delete header)
+*/
+
+LIBMILTER_API int smfi_addrcpt __P((SMFICTX *, char *));
+
+/*
+**  Add a recipient to the envelope
+**
+**	SMFICTX *ctx; Opaque context structure
+**	char *rcpt; Recipient to be added
+*/
+
+LIBMILTER_API int smfi_delrcpt __P((SMFICTX *, char *));
+
+/*
+**  Delete a recipient from the envelope
+**
+**	SMFICTX *ctx; Opaque context structure
+**	char *rcpt; Envelope recipient to be deleted. This should be in
+**		exactly the form passed to xxfi_envrcpt or the address may
+**		not be deleted.
+*/
+
+LIBMILTER_API int smfi_replacebody __P((SMFICTX *, u_char *, int));
+
+/*
+**  Replace the body of the message. This routine may be called multiple
+**  times if the body is longer than convenient to send in one call. End of
+**  line should be represented as Carriage-Return/Line Feed.
+**
+**	char *bodyp; Pointer to block of body information to insert
+**	int bodylen; Length of data pointed at by bodyp
+*/
+
+/*
+**  If the message is aborted (for example, if the SMTP sender sends the
+**  envelope but then does a QUIT or RSET before the data is sent),
+**  xxfi_abort is called. This can be used to reset state.
+*/
+
+
+/*
+**  Connection-private data (specific to an SMTP connection) can be
+**  allocated using the smfi_setpriv routine; routines can access private
+**  data using smfi_getpriv.
+*/
+
+LIBMILTER_API int smfi_setpriv __P((SMFICTX *, void *));
+
+/*
+**  Set the private data pointer
+**
+**	SMFICTX *ctx; Opaque context structure
+**	void *privatedata; Pointer to private data area
+*/
+
+LIBMILTER_API void *smfi_getpriv __P((SMFICTX *));
+
+
+#endif /* !_LIBMILTER_MFAPI_H */
diff --git a/contrib/sendmail/include/libmilter/milter.h b/contrib/sendmail/include/libmilter/milter.h
new file mode 100644
index 0000000..569a37c
--- /dev/null
+++ b/contrib/sendmail/include/libmilter/milter.h
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ *
+ *	$Id: milter.h,v 8.24.16.6 2000/06/08 22:13:39 gshapiro Exp $
+ */
+
+/*
+**  MILTER.H -- Global definitions for mail filter and MTA.
+*/
+
+#ifndef _LIBMILTER_MILTER_H
+# define _LIBMILTER_MILTER_H	1
+
+#include "libmilter/mfapi.h"
+#include "sendmail.h"
+
+/* Shared protocol constants */
+# define MILTER_LEN_BYTES	4	/* length of 32 bit integer in bytes */
+# define MILTER_OPTLEN	(MILTER_LEN_BYTES * 3) /* length of options */
+# define MILTER_CHUNK_SIZE	65535	/* body chunk size */
+
+/* address families */
+# define SMFIA_UNKNOWN		'U'	/* unknown */
+# define SMFIA_UNIX		'L'	/* unix/local */
+# define SMFIA_INET		'4'	/* inet */
+# define SMFIA_INET6		'6'	/* inet6 */
+
+/* commands: don't use anything smaller than ' ' */
+# define SMFIC_ABORT		'A'	/* Abort */
+# define SMFIC_BODY		'B'	/* Body chunk */
+# define SMFIC_CONNECT		'C'	/* Connection information */
+# define SMFIC_MACRO		'D'	/* Define macro */
+# define SMFIC_BODYEOB		'E'	/* final body chunk (End) */
+# define SMFIC_HELO		'H'	/* HELO/EHLO */
+# define SMFIC_HEADER		'L'	/* Header */
+# define SMFIC_MAIL		'M'	/* MAIL from */
+# define SMFIC_EOH		'N'	/* EOH */
+# define SMFIC_OPTNEG		'O'	/* Option negotiation */
+# define SMFIC_QUIT		'Q'	/* QUIT */
+# define SMFIC_RCPT		'R'	/* RCPT to */
+
+/* actions (replies) */
+# define SMFIR_ADDRCPT		'+'	/* add recipient */
+# define SMFIR_DELRCPT		'-'	/* remove recipient */
+# define SMFIR_ACCEPT		'a'	/* accept */
+# define SMFIR_REPLBODY		'b'	/* replace body (chunk) */
+# define SMFIR_CONTINUE		'c'	/* continue */
+# define SMFIR_DISCARD		'd'	/* discard */
+# define SMFIR_CHGHEADER	'm'	/* change header */
+# define SMFIR_PROGRESS		'p'	/* progress */
+# define SMFIR_REJECT		'r'	/* reject */
+# define SMFIR_TEMPFAIL		't'	/* tempfail */
+# define SMFIR_ADDHEADER	'h'	/* add header */
+# define SMFIR_REPLYCODE	'y'	/* reply code etc */
+
+/* What the MTA can send/filter wants in protocol */
+# define SMFIP_NOCONNECT 0x00000001L	/* MTA should not send connect info */
+# define SMFIP_NOHELO	0x00000002L	/* MTA should not send HELO info */
+# define SMFIP_NOMAIL	0x00000004L	/* MTA should not send MAIL info */
+# define SMFIP_NORCPT	0x00000008L	/* MTA should not send RCPT info */
+# define SMFIP_NOBODY	0x00000010L	/* MTA should not send body */
+# define SMFIP_NOHDRS	0x00000020L	/* MTA should not send headers */
+# define SMFIP_NOEOH	0x00000040L	/* MTA should not send EOH */
+
+# define SMFI_V1_PROT	0x0000003FL	/* The protocol of V1 filter */
+# define SMFI_V2_PROT	0x0000007FL	/* The protocol of V2 filter */
+# define SMFI_CURR_PROT	SMFI_V2_PROT	/* The current version */
+
+/* socket and thread portability */
+# include <pthread.h>
+typedef pthread_t sthread_t;
+typedef int	socket_t;
+
+# define MAX_MACROS_ENTRIES	4	/* max size of macro pointer array */
+
+/*
+**  context for milter
+**  implementation hint:
+**  macros are stored in mac_buf[] as sequence of:
+**  macro_name \0 macro_value
+**  (just as read from the MTA)
+**  mac_ptr is a list of pointers into mac_buf to the beginning of each
+**  entry, i.e., macro_name, macro_value, ...
+*/
+
+struct smfi_str
+{
+	sthread_t	ctx_id;		/* thread id */
+	socket_t	ctx_sd;		/* socket descriptor */
+	int		ctx_dbg;	/* debug level */
+	time_t		ctx_timeout;	/* timeout */
+	int		ctx_state;	/* state */
+	smfiDesc_ptr	ctx_smfi;	/* filter description */
+	u_long		ctx_pflags;	/* protocol flags */
+	char		**ctx_mac_ptr[MAX_MACROS_ENTRIES];
+	char		*ctx_mac_buf[MAX_MACROS_ENTRIES];
+	char		*ctx_reply;	/* reply code */
+	void		*ctx_privdata;	/* private data */
+};
+
+#endif /* !_LIBMILTER_MILTER_H */
diff --git a/contrib/sendmail/include/libsmdb/smdb.h b/contrib/sendmail/include/libsmdb/smdb.h
new file mode 100644
index 0000000..dfe07fd
--- /dev/null
+++ b/contrib/sendmail/include/libsmdb/smdb.h
@@ -0,0 +1,379 @@
+/*
+** Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+**	All rights reserved.
+**
+** By using this file, you agree to the terms and conditions set
+** forth in the LICENSE file which can be found at the top level of
+** the sendmail distribution.
+**
+** $Id: smdb.h,v 8.29.2.1 2000/04/08 20:40:42 ca Exp $
+*/
+
+#ifndef _SMDB_H_
+# define _SMDB_H_
+
+# include <sys/types.h>
+# include <sys/stat.h>
+# ifndef __P
+#  include "sendmail/cdefs.h"
+# endif /* __P */
+
+# ifndef NDBM
+#  ifndef NEWDB
+ERROR	NDBM or NEWDB must be defined.
+#  endif /* ! NEWDB */
+# endif /* ! NDBM */
+
+# ifdef NDBM
+#  include <ndbm.h>
+# endif /* NDBM */
+
+# ifdef NEWDB
+#  include <db.h>
+#  ifndef DB_VERSION_MAJOR
+#   define DB_VERSION_MAJOR 1
+#  endif /* ! DB_VERSION_MAJOR */
+# endif /* NEWDB */
+
+/*
+** Some size constants
+*/
+#define SMDB_MAX_USER_NAME_LEN	1024
+#define SMDB_MAX_NAME_LEN	1024
+
+/*
+** This file defines the abstraction for database lookups. It is pretty
+** much a copy of the db2 interface with the exception that every function
+** returns 0 on success and non-zero on failure. The non-zero return code
+** is meaningful.
+**
+** I'm going to put the function comments in this file since the interface
+** MUST be the same for all inheritors of this interface.
+*/
+
+typedef struct database_struct SMDB_DATABASE;
+typedef struct cursor_struct SMDB_CURSOR;
+typedef union database_entity_union SMDB_DBENT;
+
+
+/*
+** DB_CLOSE_FUNC -- close the database
+**
+**	Parameters:
+**		db -- The database to close.
+**
+**	Returns:
+**		0 - Success, otherwise errno.
+**
+*/
+typedef int (*db_close_func) __P((SMDB_DATABASE *db));
+
+
+
+/*
+** DB_DEL_FUNC -- removes a key and data pair from the database
+**
+**	Parameters:
+**		db -- The database to close.
+**		key -- The key to remove.
+**		flags -- delete options. There are currently no defined
+**			 flags for delete.
+**
+**	Returns:
+**		0 - Success, otherwise errno.
+**
+*/
+typedef int (*db_del_func) __P((SMDB_DATABASE *db,
+			   SMDB_DBENT *key, u_int flags));
+
+
+
+/*
+** DB_FD_FUNC -- Returns a pointer to a file used for the database.
+**
+**	Parameters:
+**		db -- The database to close.
+**		fd -- A pointer to store the returned fd in.
+**
+**	Returns:
+**		0 - Success, otherwise errno.
+**
+*/
+typedef int (*db_fd_func) __P((SMDB_DATABASE *db, int* fd));
+
+
+
+/*
+** DB_GET_FUNC -- Gets the data associated with a key.
+**
+**	Parameters:
+**		db -- The database to close.
+**		key -- The key to access.
+**		data -- A place to store the returned data.
+**		flags -- get options. There are currently no defined
+**			 flags for get.
+**
+**	Returns:
+**		0 - Success, otherwise errno.
+**
+*/
+typedef int (*db_get_func) __P((SMDB_DATABASE *db,
+			   SMDB_DBENT *key,
+			   SMDB_DBENT *data, u_int flags));
+
+
+
+/*
+** DB_PUT_FUNC -- Sets some data according to the key.
+**
+**	Parameters:
+**		db -- The database to close.
+**		key -- The key to use.
+**		data -- The data to store.
+**		flags -- put options:
+**			SMDBF_NO_OVERWRITE - Return an error if key alread
+**					     exists.
+**			SMDBF_ALLOW_DUP - Allow duplicates in btree maps.
+**
+**	Returns:
+**		0 - Success, otherwise errno.
+**
+*/
+typedef int (*db_put_func) __P((SMDB_DATABASE *db,
+			   SMDB_DBENT *key,
+			   SMDB_DBENT *data, u_int flags));
+
+
+/*
+** DB_SYNC_FUNC -- Flush any cached information to disk.
+**
+**	Parameters:
+**		db -- The database to sync.
+**		flags -- sync options:
+**
+**	Returns:
+**		0 - Success, otherwise errno.
+**
+*/
+typedef int (*db_sync_func) __P((SMDB_DATABASE *db, u_int flags));
+
+
+/*
+** DB_SET_OWNER_FUNC -- Set the owner and group of the database files.
+**
+**	Parameters:
+**		db -- The database to set.
+**		uid -- The UID for the new owner (-1 for no change)
+**		gid -- The GID for the new owner (-1 for no change)
+**
+**	Returns:
+**		0 - Success, otherwise errno.
+**
+*/
+typedef int (*db_set_owner_func) __P((SMDB_DATABASE *db, uid_t uid,
+				 gid_t gid));
+
+
+/*
+** DB_CURSOR -- Obtain a cursor for sequential access
+**
+**	Parameters:
+**		db -- The database to use.
+**		cursor -- The address of a cursor pointer.
+**		flags -- sync options:
+**
+**	Returns:
+**		0 - Success, otherwise errno.
+**
+*/
+typedef int (*db_cursor_func) __P((SMDB_DATABASE *db,
+			      SMDB_CURSOR **cursor, u_int flags));
+
+
+struct database_struct
+{
+	db_close_func		smdb_close;
+	db_del_func		smdb_del;
+	db_fd_func		smdb_fd;
+	db_get_func		smdb_get;
+	db_put_func		smdb_put;
+	db_sync_func		smdb_sync;
+	db_set_owner_func	smdb_set_owner;
+	db_cursor_func		smdb_cursor;
+	void			*smdb_impl;
+};
+
+
+
+/*
+** DB_CURSOR_CLOSE -- Close a cursor
+**
+**	Parameters:
+**		cursor -- The cursor to close.
+**
+**	Returns:
+**		0 - Success, otherwise errno.
+**
+*/
+typedef int (*db_cursor_close_func) __P((SMDB_CURSOR *cursor));
+
+
+/*
+** DB_CURSOR_DEL -- Delete the key/value pair of this cursor
+**
+**	Parameters:
+**		cursor -- The cursor.
+**		flags -- flags
+**
+**	Returns:
+**		0 - Success, otherwise errno.
+**
+*/
+typedef int (*db_cursor_del_func) __P((SMDB_CURSOR *cursor, u_int flags));
+
+
+/*
+** DB_CURSOR_GET -- Get the key/value of this cursor.
+**
+**	Parameters:
+**		cursor -- The cursor.
+**		key -- The current key.
+**		value -- The current value
+**		flags -- flags
+**
+**	Returns:
+**		0 - Success, otherwise errno.
+**		SMDBE_LAST_ENTRY - This is a success condition that
+**				   gets returned when the end of the
+**				   database is hit.
+**
+*/
+typedef int (*db_cursor_get_func) __P((SMDB_CURSOR *cursor,
+				  SMDB_DBENT *key,
+				  SMDB_DBENT *data,
+				  u_int flags));
+
+/*
+** Flags for DB_CURSOR_GET
+*/
+#define SMDB_CURSOR_GET_FIRST	0
+#define SMDB_CURSOR_GET_LAST	1
+#define SMDB_CURSOR_GET_NEXT	2
+#define SMDB_CURSOR_GET_RANGE	3
+
+
+/*
+** DB_CURSOR_PUT -- Put the key/value at this cursor.
+**
+**	Parameters:
+**		cursor -- The cursor.
+**		key -- The current key.
+**		value -- The current value
+**		flags -- flags
+**
+**	Returns:
+**		0 - Success, otherwise errno.
+**
+*/
+typedef int (*db_cursor_put_func) __P((SMDB_CURSOR *cursor,
+				  SMDB_DBENT *key,
+				  SMDB_DBENT *data,
+				  u_int flags));
+
+
+
+struct cursor_struct
+{
+	db_cursor_close_func	smdbc_close;
+	db_cursor_del_func	smdbc_del;
+	db_cursor_get_func	smdbc_get;
+	db_cursor_put_func	smdbc_put;
+	void			*smdbc_impl;
+};
+
+
+struct database_params_struct
+{
+	u_int	smdbp_num_elements;
+	u_int	smdbp_cache_size;
+	bool	smdbp_allow_dup;
+};
+
+typedef struct database_params_struct SMDB_DBPARAMS;
+
+struct database_user_struct
+{
+	uid_t	smdbu_id;
+	gid_t	smdbu_group_id;
+	char	smdbu_name[SMDB_MAX_USER_NAME_LEN];
+};
+
+typedef struct database_user_struct SMDB_USER_INFO;
+
+union database_entity_union
+{
+# ifdef NDBM
+	datum	dbm;
+# endif /* NDBM */
+# ifdef NEWDB
+	DBT	db;
+# endif /* NEWDB */
+	struct
+	{
+		char	*data;
+		size_t	size;
+	} data;
+};
+
+
+typedef char *SMDB_DBTYPE;
+typedef u_int SMDB_FLAG;
+
+/*
+** These are types of databases.
+*/
+
+# define SMDB_TYPE_DEFAULT	NULL
+# define SMDB_TYPE_DEFAULT_LEN	0
+# define SMDB_TYPE_HASH		"hash"
+# define SMDB_TYPE_HASH_LEN	5
+# define SMDB_TYPE_BTREE	"btree"
+# define SMDB_TYPE_BTREE_LEN	6
+# define SMDB_TYPE_NDBM		"dbm"
+# define SMDB_TYPE_NDBM_LEN	4
+
+/*
+** These are flags
+*/
+/* Flags for put */
+# define SMDBF_NO_OVERWRITE	0x00000001
+# define SMDBF_ALLOW_DUP	0x00000002
+
+
+extern SMDB_DATABASE	*smdb_malloc_database __P((void));
+extern void		smdb_free_database __P((SMDB_DATABASE *));
+extern int		smdb_open_database __P((SMDB_DATABASE **, char *, int,
+						int, long, SMDB_DBTYPE,
+						SMDB_USER_INFO *,
+						SMDB_DBPARAMS *));
+# ifdef NEWDB
+extern int		smdb_db_open __P((SMDB_DATABASE **, char *, int, int,
+					  long, SMDB_DBTYPE, SMDB_USER_INFO *,
+					  SMDB_DBPARAMS *));
+# endif /* NEWDB */
+# ifdef NDBM
+extern int		smdb_ndbm_open __P((SMDB_DATABASE **, char *, int, int,
+					    long, SMDB_DBTYPE,
+					    SMDB_USER_INFO *,
+					    SMDB_DBPARAMS *));
+# endif /* NDBM */
+extern int		smdb_add_extension __P((char *, int, char *, char *));
+extern int		smdb_setup_file __P((char *, char *, int, long,
+					     SMDB_USER_INFO *, struct stat *));
+extern int		smdb_lock_file __P((int *, char *, int, long, char *));
+extern int		smdb_unlock_file __P((int));
+extern int		smdb_filechanged __P((char *, char *, int,
+					      struct stat *));
+extern void		smdb_print_available_types __P((void));
+extern char		*smdb_db_definition __P((SMDB_DBTYPE));
+#endif /* ! _SMDB_H_ */
diff --git a/contrib/sendmail/include/sendmail/cdefs.h b/contrib/sendmail/include/sendmail/cdefs.h
new file mode 100644
index 0000000..bd7285bc
--- /dev/null
+++ b/contrib/sendmail/include/sendmail/cdefs.h
@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ *	$Id: cdefs.h,v 8.5 1999/06/02 22:32:17 gshapiro Exp $
+ *	@(#)cdefs.h	8.8 (Berkeley) 1/9/95
+ */
+
+#ifndef _CDEFS_H_
+# define	_CDEFS_H_
+
+# if defined(__cplusplus)
+#  define	__BEGIN_DECLS	extern "C" {
+#  define	__END_DECLS	};
+# else /* defined(__cplusplus) */
+#  define	__BEGIN_DECLS
+#  define	__END_DECLS
+# endif /* defined(__cplusplus) */
+
+/*
+ * The __CONCAT macro is used to concatenate parts of symbol names, e.g.
+ * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo.
+ * The __CONCAT macro is a bit tricky -- make sure you don't put spaces
+ * in between its arguments.  __CONCAT can also concatenate double-quoted
+ * strings produced by the __STRING macro, but this only works with ANSI C.
+ */
+# if defined(__STDC__) || defined(__cplusplus)
+#  define	__P(protos)	protos		/* full-blown ANSI C */
+#  ifndef __CONCAT
+#   define	__CONCAT(x,y)	x ## y
+#  endif /* ! __CONCAT */
+#  define	__STRING(x)	#x
+
+#  ifndef __const
+#   define	__const		const		/* define reserved names to standard */
+#  endif /* ! __const */
+#  define	__signed	signed
+#  define	__volatile	volatile
+#  if defined(__cplusplus)
+#   define	__inline	inline		/* convert to C++ keyword */
+#  else /* defined(__cplusplus) */
+#   ifndef __GNUC__
+#    define	__inline			/* delete GCC keyword */
+#   endif /* ! __GNUC__ */
+#  endif /* defined(__cplusplus) */
+
+# else /* defined(__STDC__) || defined(__cplusplus) */
+#  define	__P(protos)	()		/* traditional C preprocessor */
+#  ifndef __CONCAT
+#   define	__CONCAT(x,y)	x/**/y
+#  endif /* ! __CONCAT */
+#  define	__STRING(x)	"x"
+
+#  ifndef __GNUC__
+#   define	__const				/* delete pseudo-ANSI C keywords */
+#   define	__inline
+#   define	__signed
+#   define	__volatile
+/*
+ * In non-ANSI C environments, new programs will want ANSI-only C keywords
+ * deleted from the program and old programs will want them left alone.
+ * When using a compiler other than gcc, programs using the ANSI C keywords
+ * const, inline etc. as normal identifiers should define -DNO_ANSI_KEYWORDS.
+ * When using "gcc -traditional", we assume that this is the intent; if
+ * __GNUC__ is defined but __STDC__ is not, we leave the new keywords alone.
+ */
+#   ifndef NO_ANSI_KEYWORDS
+#    define	const				/* delete ANSI C keywords */
+#    define	inline
+#    define	signed
+#    define	volatile
+#   endif /* ! NO_ANSI_KEYWORDS */
+#  endif /* ! __GNUC__ */
+# endif /* defined(__STDC__) || defined(__cplusplus) */
+
+/*
+ * GCC1 and some versions of GCC2 declare dead (non-returning) and
+ * pure (no side effects) functions using "volatile" and "const";
+ * unfortunately, these then cause warnings under "-ansi -pedantic".
+ * GCC2 uses a new, peculiar __attribute__((attrs)) style.  All of
+ * these work for GNU C++ (modulo a slight glitch in the C++ grammar
+ * in the distribution version of 2.5.5).
+ */
+# if !defined(__GNUC__) || __GNUC__ < 2 || \
+	(__GNUC__ == 2 && __GNUC_MINOR__ < 5)
+#  define	__attribute__(x)	/* delete __attribute__ if non-gcc or gcc1 */
+#  if defined(__GNUC__) && !defined(__STRICT_ANSI__)
+#   define	__dead		__volatile
+#   define	__pure		__const
+#  endif /* defined(__GNUC__) && !defined(__STRICT_ANSI__) */
+# endif /* !defined(__GNUC__) || __GNUC__ < 2 || \ */
+
+/* Delete pseudo-keywords wherever they are not available or needed. */
+# ifndef __dead
+#  define	__dead
+#  define	__pure
+# endif /* ! __dead */
+
+#endif /* ! _CDEFS_H_ */
diff --git a/contrib/sendmail/include/sendmail/errstring.h b/contrib/sendmail/include/sendmail/errstring.h
new file mode 100644
index 0000000..b3b2480
--- /dev/null
+++ b/contrib/sendmail/include/sendmail/errstring.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ *
+ *	$Id: errstring.h,v 8.6.4.1 2000/05/26 18:24:13 geir Exp $
+ */
+
+/*
+**  ERRSTRING.H -- Error codes.
+*/
+
+#include <errno.h>
+
+extern int	errno;
+
+/*
+**  These are used in a few cases where we need some special
+**  error codes, but where the system doesn't provide something
+**  reasonable.  They are printed in errstring.
+*/
+
+#ifndef E_PSEUDOBASE
+# define E_PSEUDOBASE	256
+#endif /* ! E_PSEUDOBASE */
+
+#define E_SM_OPENTIMEOUT (E_PSEUDOBASE + 0)	/* Timeout on file open */
+#define E_SM_NOSLINK	(E_PSEUDOBASE + 1)	/* Symbolic links not allowed */
+#define E_SM_NOHLINK	(E_PSEUDOBASE + 2)	/* Hard links not allowed */
+#define E_SM_REGONLY	(E_PSEUDOBASE + 3)	/* Regular files only */
+#define E_SM_ISEXEC	(E_PSEUDOBASE + 4)	/* Executable files not allowed */
+#define E_SM_WWDIR	(E_PSEUDOBASE + 5)	/* World writable directory */
+#define E_SM_GWDIR	(E_PSEUDOBASE + 6)	/* Group writable directory */
+#define E_SM_FILECHANGE (E_PSEUDOBASE + 7)	/* File changed after open */
+#define E_SM_WWFILE	(E_PSEUDOBASE + 8)	/* World writable file */
+#define E_SM_GWFILE	(E_PSEUDOBASE + 9)	/* Group writable file */
+#define E_SM_GRFILE	(E_PSEUDOBASE + 10)	/* g readable file */
+#define E_SM_WRFILE	(E_PSEUDOBASE + 11)	/* o readable file */
+#define E_DNSBASE	(E_PSEUDOBASE + 20)	/* base for DNS h_errno */
+#define E_SMDBBASE	(E_PSEUDOBASE + 40)	/* base for libsmdb errors */
+#define E_LDAPBASE	(E_PSEUDOBASE + 70)	/* base for LDAP errors */
+
+/* libsmdb */
+#define SMDBE_OK			0
+#define SMDBE_MALLOC			(E_SMDBBASE + 1)
+#define SMDBE_GDBM_IS_BAD		(E_SMDBBASE + 2)
+#define SMDBE_UNSUPPORTED		(E_SMDBBASE + 3)
+#define SMDBE_DUPLICATE			(E_SMDBBASE + 4)
+#define SMDBE_BAD_OPEN			(E_SMDBBASE + 5)
+#define SMDBE_NOT_FOUND			(E_SMDBBASE + 6)
+#define SMDBE_UNKNOWN_DB_TYPE		(E_SMDBBASE + 7)
+#define SMDBE_UNSUPPORTED_DB_TYPE	(E_SMDBBASE + 8)
+#define SMDBE_INCOMPLETE		(E_SMDBBASE + 9)
+#define SMDBE_KEY_EMPTY			(E_SMDBBASE + 10)
+#define SMDBE_KEY_EXIST			(E_SMDBBASE + 11)
+#define SMDBE_LOCK_DEADLOCK		(E_SMDBBASE + 12)
+#define SMDBE_LOCK_NOT_GRANTED		(E_SMDBBASE + 13)
+#define SMDBE_LOCK_NOT_HELD		(E_SMDBBASE + 14)
+#define SMDBE_RUN_RECOVERY		(E_SMDBBASE + 15)
+#define SMDBE_IO_ERROR			(E_SMDBBASE + 16)
+#define SMDBE_READ_ONLY			(E_SMDBBASE + 17)
+#define SMDBE_DB_NAME_TOO_LONG 		(E_SMDBBASE + 18)
+#define SMDBE_INVALID_PARAMETER 	(E_SMDBBASE + 19)
+#define SMDBE_ONLY_SUPPORTS_ONE_CURSOR	(E_SMDBBASE + 20)
+#define SMDBE_NOT_A_VALID_CURSOR	(E_SMDBBASE + 21)
+#define SMDBE_LAST_ENTRY		(E_SMDBBASE + 22)
+#define SMDBE_OLD_VERSION		(E_SMDBBASE + 23)
+
+extern const char	*errstring __P((int));
diff --git a/contrib/sendmail/include/sendmail/mailstats.h b/contrib/sendmail/include/sendmail/mailstats.h
new file mode 100644
index 0000000..830061d
--- /dev/null
+++ b/contrib/sendmail/include/sendmail/mailstats.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ * Copyright (c) 1983 Eric P. Allman.  All rights reserved.
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ *
+ *	$Id: mailstats.h,v 8.13 1999/05/22 02:29:10 ca Exp $
+ */
+
+#define STAT_VERSION	3
+#define STAT_MAGIC	0x1B1DE
+
+/*
+**  Statistics structure.
+*/
+
+struct statistics
+{
+	int	stat_magic;		/* magic number */
+	int	stat_version;		/* stat file version */
+	time_t	stat_itime;		/* file initialization time */
+	short	stat_size;		/* size of this structure */
+	long	stat_cf;		/* # from connections */
+	long	stat_ct;		/* # to connections */
+	long	stat_cr;		/* # rejected connections */
+	long	stat_nf[MAXMAILERS];	/* # msgs from each mailer */
+	long	stat_bf[MAXMAILERS];	/* kbytes from each mailer */
+	long	stat_nt[MAXMAILERS];	/* # msgs to each mailer */
+	long	stat_bt[MAXMAILERS];	/* kbytes to each mailer */
+	long	stat_nr[MAXMAILERS];	/* # rejects by each mailer */
+	long	stat_nd[MAXMAILERS];	/* # discards by each mailer */
+};
diff --git a/contrib/sendmail/include/sendmail/pathnames.h b/contrib/sendmail/include/sendmail/pathnames.h
new file mode 100644
index 0000000..20b0f19
--- /dev/null
+++ b/contrib/sendmail/include/sendmail/pathnames.h
@@ -0,0 +1,36 @@
+/*-
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ * Copyright (c) 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ *
+ *	$Id: pathnames.h,v 8.16.8.5 2000/06/09 18:16:13 geir Exp $
+ */
+
+
+# ifndef _PATH_SENDMAILCF
+#  if defined(USE_VENDOR_CF_PATH) && defined(_PATH_VENDOR_CF)
+#   define _PATH_SENDMAILCF	_PATH_VENDOR_CF
+#  else /* defined(USE_VENDOR_CF_PATH) && defined(_PATH_VENDOR_CF) */
+#   define _PATH_SENDMAILCF	"/etc/mail/sendmail.cf"
+#  endif /* defined(USE_VENDOR_CF_PATH) && defined(_PATH_VENDOR_CF) */
+# endif /* ! _PATH_SENDMAILCF */
+
+# ifndef _PATH_SENDMAILPID
+#  ifdef BSD4_4
+#   define _PATH_SENDMAILPID	"/var/run/sendmail.pid"
+#  else /* BSD4_4 */
+#   define _PATH_SENDMAILPID	"/etc/mail/sendmail.pid"
+#  endif /* BSD4_4 */
+# endif /* ! _PATH_SENDMAILPID */
+
+# ifndef _PATH_HOSTS
+#  define _PATH_HOSTS		"/etc/hosts"
+# endif /* ! _PATH_HOSTS */
+
+
diff --git a/contrib/sendmail/include/sendmail/sendmail.h b/contrib/sendmail/include/sendmail/sendmail.h
new file mode 100644
index 0000000..bbc62d7
--- /dev/null
+++ b/contrib/sendmail/include/sendmail/sendmail.h
@@ -0,0 +1,177 @@
+/*
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ *
+ *	$Id: sendmail.h,v 8.34.4.4 2000/07/15 17:35:17 gshapiro Exp $
+ */
+
+/*
+**  SENDMAIL.H -- Global definitions for sendmail.
+*/
+
+#if SFIO
+# include <sfio/stdio.h>
+#else /* SFIO */
+# include <stdio.h>
+#endif /* SFIO */
+#include <string.h>
+#include "conf.h"
+#include "sendmail/errstring.h"
+#include "sendmail/useful.h"
+
+
+/**********************************************************************
+**  Table sizes, etc....
+**	There shouldn't be much need to change these....
+**********************************************************************/
+#ifndef MAXMAILERS
+# define MAXMAILERS	25	/* maximum mailers known to system */
+#endif /* ! MAXMAILERS */
+
+/*
+**  Data structure for bit maps.
+**
+**	Each bit in this map can be referenced by an ascii character.
+**	This is 256 possible bits, or 32 8-bit bytes.
+*/
+
+#define BITMAPBITS	256	/* number of bits in a bit map */
+#define BYTEBITS	8	/* number of bits in a byte */
+#define BITMAPBYTES	(BITMAPBITS / BYTEBITS)	/* number of bytes in bit map */
+
+/* internal macros */
+#define _BITWORD(bit)	((bit) / (BYTEBITS * sizeof (int)))
+#define _BITBIT(bit)	((unsigned int)1 << ((bit) % (BYTEBITS * sizeof (int))))
+
+typedef unsigned int	BITMAP256[BITMAPBYTES / sizeof (int)];
+
+/* test bit number N */
+#define bitnset(bit, map)	((map)[_BITWORD(bit)] & _BITBIT(bit))
+
+/* set bit number N */
+#define setbitn(bit, map)	(map)[_BITWORD(bit)] |= _BITBIT(bit)
+
+/* clear bit number N */
+#define clrbitn(bit, map)	(map)[_BITWORD(bit)] &= ~_BITBIT(bit)
+
+/* clear an entire bit map */
+#define clrbitmap(map)		memset((char *) map, '\0', BITMAPBYTES)
+
+
+/*
+**  Utility macros
+*/
+
+/* return number of bytes left in a buffer */
+#define SPACELEFT(buf, ptr)	(sizeof buf - ((ptr) - buf))
+/*
+**  Flags passed to safefile/safedirpath.
+*/
+
+#define SFF_ANYFILE	0L		/* no special restrictions */
+#define SFF_MUSTOWN	0x00000001L	/* user must own this file */
+#define SFF_NOSLINK	0x00000002L	/* file cannot be a symbolic link */
+#define SFF_ROOTOK	0x00000004L	/* ok for root to own this file */
+#define SFF_RUNASREALUID 0x00000008L	/* if no ctladdr, run as real uid */
+#define SFF_NOPATHCHECK	0x00000010L	/* don't bother checking dir path */
+#define SFF_SETUIDOK	0x00000020L	/* setuid files are ok */
+#define SFF_CREAT	0x00000040L	/* ok to create file if necessary */
+#define SFF_REGONLY	0x00000080L	/* regular files only */
+#define SFF_SAFEDIRPATH	0x00000100L	/* no writable directories allowed */
+#define SFF_NOHLINK	0x00000200L	/* file cannot have hard links */
+#define SFF_NOWLINK	0x00000400L	/* links only in non-writable dirs */
+#define SFF_NOGWFILES	0x00000800L	/* disallow world writable files */
+#define SFF_NOWWFILES	0x00001000L	/* disallow group writable files */
+#define SFF_OPENASROOT	0x00002000L	/* open as root instead of real user */
+#define SFF_NOLOCK	0x00004000L	/* don't lock the file */
+#define SFF_NOGRFILES	0x00008000L	/* disallow g readable files */
+#define SFF_NOWRFILES	0x00010000L	/* disallow o readable files */
+#define SFF_NOTEXCL	0x00020000L	/* creates don't need to be exclusive */
+#define SFF_EXECOK	0x00040000L	/* executable files are ok (E_SM_ISEXEC) */
+#define SFF_NORFILES	(SFF_NOGRFILES|SFF_NOWRFILES)
+
+/* pseudo-flags */
+#define SFF_NOLINK	(SFF_NOHLINK|SFF_NOSLINK)
+
+/* functions */
+extern int	safefile __P((char *, UID_T, GID_T, char *, long, int, struct stat *));
+extern int	safedirpath __P((char *, UID_T, GID_T, char *, long, int, int));
+extern int	safeopen __P((char *, int, int, long));
+extern FILE	*safefopen __P((char *, int, int, long));
+extern int	dfopen __P((char *, int, int, long));
+extern bool	filechanged __P((char *, int, struct stat *));
+
+/*
+**  DontBlameSendmail options
+**
+**	Hopefully nobody uses these.
+*/
+#define DBS_SAFE					0
+#define DBS_ASSUMESAFECHOWN				1
+#define DBS_GROUPWRITABLEDIRPATHSAFE			2
+#define DBS_GROUPWRITABLEFORWARDFILESAFE		3
+#define DBS_GROUPWRITABLEINCLUDEFILESAFE		4
+#define DBS_GROUPWRITABLEALIASFILE			5
+#define DBS_WORLDWRITABLEALIASFILE			6
+#define DBS_FORWARDFILEINUNSAFEDIRPATH			7
+#define DBS_MAPINUNSAFEDIRPATH				8
+#define DBS_LINKEDALIASFILEINWRITABLEDIR		9
+#define DBS_LINKEDCLASSFILEINWRITABLEDIR		10
+#define DBS_LINKEDFORWARDFILEINWRITABLEDIR		11
+#define DBS_LINKEDINCLUDEFILEINWRITABLEDIR		12
+#define DBS_LINKEDMAPINWRITABLEDIR			13
+#define DBS_LINKEDSERVICESWITCHFILEINWRITABLEDIR	14
+#define DBS_FILEDELIVERYTOHARDLINK			15
+#define DBS_FILEDELIVERYTOSYMLINK			16
+#define DBS_WRITEMAPTOHARDLINK				17
+#define DBS_WRITEMAPTOSYMLINK				18
+#define DBS_WRITESTATSTOHARDLINK			19
+#define DBS_WRITESTATSTOSYMLINK				20
+#define DBS_FORWARDFILEINGROUPWRITABLEDIRPATH		21
+#define DBS_INCLUDEFILEINGROUPWRITABLEDIRPATH		22
+#define DBS_CLASSFILEINUNSAFEDIRPATH			23
+#define DBS_ERRORHEADERINUNSAFEDIRPATH			24
+#define DBS_HELPFILEINUNSAFEDIRPATH			25
+#define DBS_FORWARDFILEINUNSAFEDIRPATHSAFE		26
+#define DBS_INCLUDEFILEINUNSAFEDIRPATHSAFE		27
+#define DBS_RUNPROGRAMINUNSAFEDIRPATH			28 /* Not used yet */
+#define DBS_RUNWRITABLEPROGRAM				29
+#define DBS_INCLUDEFILEINUNSAFEDIRPATH			30
+#define DBS_NONROOTSAFEADDR				31
+#define DBS_TRUSTSTICKYBIT				32
+#define DBS_DONTWARNFORWARDFILEINUNSAFEDIRPATH		33
+#define DBS_INSUFFICIENTENTROPY				34
+#if _FFR_UNSAFE_SASL
+#define DBS_GROUPREADABLESASLFILE			35
+#endif /* _FFR_UNSAFE_SASL */
+
+/* struct defining such things */
+struct dbsval
+{
+	char	*dbs_name;	/* name of DontBlameSendmail flag */
+	u_char	dbs_flag;	/* numeric level */
+};
+
+#if _FFR_DPRINTF
+extern void	dprintf __P((const char *, ...));
+extern int	dflush __P((void));
+#else /* _FFR_DPRINTF */
+#define dprintf		printf
+#define dflush()	fflush(stdout)
+#endif /* _FFR_DPRINTF */
+
+extern int	sm_snprintf __P((char *, size_t, const char *, ...));
+extern int	sm_vsnprintf __P((char *, size_t, const char *, va_list));
+extern char	*quad_to_string __P((QUAD_T));
+
+extern size_t	strlcpy __P((char *, const char *, size_t));
+extern size_t	strlcat __P((char *, const char *, size_t));
+
diff --git a/contrib/sendmail/include/sendmail/useful.h b/contrib/sendmail/include/sendmail/useful.h
new file mode 100644
index 0000000..55ba407
--- /dev/null
+++ b/contrib/sendmail/include/sendmail/useful.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ * Copyright (c) 1995-1997 Eric P. Allman.  All rights reserved.
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ *
+ *	$Id: useful.h,v 8.18 1999/07/13 15:05:57 ca Exp $
+ */
+
+#ifndef _USEFUL_H
+# define _USEFUL_H
+
+# include <sys/types.h>
+
+/* support for bool type */
+typedef int	bool;
+# ifndef TRUE
+#  define TRUE	1
+#  define FALSE	0
+# endif /* ! TRUE */
+
+# ifndef NULL
+#  define NULL	0
+# endif /* ! NULL */
+
+/* bit hacking */
+# define bitset(bit, word)	(((word) & (bit)) != 0)
+
+/* some simple functions */
+# ifndef max
+#  define max(a, b)	((a) > (b) ? (a) : (b))
+#  define min(a, b)	((a) < (b) ? (a) : (b))
+# endif /* ! max */
+
+/* assertions */
+# ifndef NASSERT
+#  define ASSERT(expr, msg, parm)\
+	if (!(expr))\
+	{\
+		fprintf(stderr, "assertion botch: %s:%d: ", __FILE__, __LINE__);\
+		fprintf(stderr, msg, parm);\
+	}
+# else /* ! NASSERT */
+#  define ASSERT(expr, msg, parm)
+# endif /* ! NASSERT */
+
+/* sccs id's */
+# ifndef lint
+#  ifdef __STDC__
+#   define SCCSID(arg)	static char SccsId[] = #arg;
+#  else /* __STDC__ */
+#   define SCCSID(arg)	static char SccsId[] = "arg";
+#  endif /* __STDC__ */
+# else /* ! lint */
+#  define SCCSID(arg)
+# endif /* ! lint */
+#endif /* ! _USEFUL_H */
diff --git a/contrib/sendmail/libmilter/Build b/contrib/sendmail/libmilter/Build
new file mode 100755
index 0000000..09dd262
--- /dev/null
+++ b/contrib/sendmail/libmilter/Build
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+#	$Id: Build,v 8.3 2000/01/20 21:51:50 geir Exp $
+
+exec ../devtools/bin/Build $*
diff --git a/contrib/sendmail/libmilter/Makefile b/contrib/sendmail/libmilter/Makefile
new file mode 100644
index 0000000..04277eb
--- /dev/null
+++ b/contrib/sendmail/libmilter/Makefile
@@ -0,0 +1,17 @@
+#       $Id: Makefile,v 8.1 1999/11/04 00:03:40 ca Exp $
+
+SHELL= /bin/sh
+BUILD=   ./Build
+OPTIONS= $(CONFIG) $(FLAGS)
+
+all: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+clean: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+install: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+
+fresh: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) -c
+
+FRC:
diff --git a/contrib/sendmail/libmilter/Makefile.m4 b/contrib/sendmail/libmilter/Makefile.m4
new file mode 100644
index 0000000..9ac7760
--- /dev/null
+++ b/contrib/sendmail/libmilter/Makefile.m4
@@ -0,0 +1,15 @@
+include(confBUILDTOOLSDIR`/M4/switch.m4')
+
+define(`confMT', `true')
+
+# sendmail dir
+SMSRCDIR=	ifdef(`confSMSRCDIR', `confSMSRCDIR', `${SRCDIR}/sendmail')
+PREPENDDEF(`confINCDIRS', `-I${SMSRCDIR} ')
+
+bldPRODUCT_START(`library', `libmilter')
+define(`bldSOURCES', `main.c engine.c listener.c handler.c comm.c smfi.c signal.c sm_gethost.c ')
+bldPUSH_SMLIB(`smutil')
+bldPRODUCT_END
+APPENDDEF(`confENVDEF', `-DNOT_SENDMAIL')
+
+bldFINISH
diff --git a/contrib/sendmail/libmilter/README b/contrib/sendmail/libmilter/README
new file mode 100644
index 0000000..7166b40
--- /dev/null
+++ b/contrib/sendmail/libmilter/README
@@ -0,0 +1,408 @@
+This directory contains the source files for libmilter.
+
+The sendmail Mail Filter API (Milter) is designed to allow third-party
+programs access to mail messages as they are being processed in order to
+filter meta-information and content.
+
+This README file describes the steps needed to compile and run a filter,
+through reference to a sample filter which is attached at the end of this
+file.  It is necessary to first build libmilter.a, which can be done by
+issuing the './Build' command in SRCDIR/libmilter .
+
+NOTE: Both libmilter and the callouts in sendmail are marked as an FFR (For
+Future Release).  If you intend to use them in 8.10.X, you must compiled
+both libmilter and sendmail with -D_FFR_MILTER defined.  You can do this by
+adding the following to your devtools/Site/site.config.m4 file:
+
+	dnl Milter
+	APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_MILTER=1')
+	APPENDDEF(`conf_libmilter_ENVDEF', `-D_FFR_MILTER=1') 
+
+You will also need to define _FFR_MILTER when building your .cf file using
+m4.
+
++-------------------+
+| BUILDING A FILTER |
++-------------------+
+
+The following command presumes that the sample code from the end of this
+README is saved to a file named 'sample.c' and built in the local platform-
+specific build subdirectory (SRCDIR/obj.*/libmilter).
+
+	cc -I../../sendmail -I../../include -o sample sample.c libmilter.a ../libsmutil/libsmutil.a -pthread
+
+It is recommended that you build your filters in a location outside of
+the sendmail source tree.  Modify the compiler include references (-I)
+and the library locations accordingly.  Also, some operating systems may
+require additional libraries.  For example, SunOS 5.X requires '-lresolv
+-lsocket -lnsl'.  Depending on your OS you may need a library instead
+of the option -pthread, e.g., -lpthread.
+
+Filters must be thread-safe!  Many operating systems now provide support for
+POSIX threads in the standard C libraries.  The compiler flag to link with
+threading support differs according to the compiler and linker used.  Check
+the Makefile in your appropriate obj.*/libmilter build subdirectory if you
+are unsure of the local flag used.
+
+
++----------------------------------------+
+| SPECIFYING FILTERS IN SENDMAIL CONFIGS |
++----------------------------------------+
+
+Filters are specified with a key letter ``X'' (for ``eXternal'').
+
+For example:
+
+	Xfilter1, S=local:/var/run/f1.sock, F=R
+	Xfilter2, S=inet6:999@localhost, F=T, T=S:1s;R:1s;E:5m
+	Xfilter3, S=inet:3333@localhost
+
+specifies three filters.  Filters can be specified in your .mc file using
+the following:
+
+	INPUT_MAIL_FILTER(`filter1', `S=local:/var/run/f1.sock, F=R')
+	INPUT_MAIL_FILTER(`filter2', `S=inet6:999@localhost, F=T, T=S:1s;R:1s;E:5m')
+	INPUT_MAIL_FILTER(`filter3', `S=inet:3333@localhost')
+
+The first attaches to a Unix-domain socket in the /var/run directory; the
+second uses an IPv6 socket on port 999 of localhost, and the third uses an
+IPv4 socket on port 3333 of localhost.  The current flags (F=) are:
+
+	R		Reject connection if filter unavailable
+	T		Temporary fail connection if filter unavailable
+
+Finally, you can override the default timeouts used by sendmail when
+talking to the filters using the T= equate.  There are three fields inside
+of the T= equate:
+
+Letter          Meaning
+  S             Timeout for sending information from the MTA to a filter
+  R             Timeout for reading reply from the filter
+  E             Overall timeout between sending end-of-message to filter
+                and waiting for the final acknowledgment
+
+Note the separator between each is a ';' as a ',' already separates equates
+and therefore can't separate timeouts.  The default values (if not set in the config) are:
+
+T=S:10s;R:10s;E:5m
+
+where 's' is seconds and 'm' is minutes.
+
+Actual sequencing is handled by the InputMailFilters option which is set
+automatically according to the order of the INPUT_MAIL_FILTER commands
+in your .mc file.  Alternatively, you can reset its value by setting
+confINPUT_MAIL_FILTERS in your .mc file.  This options causes the three
+filters to be called in the same order they were specified.  It allows
+for possible future filtering on output (although this is not intended
+for this release).
+
+Also note that a filter can be defined without adding it to the input
+filter list by using MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your
+.mc file.
+
+To test sendmail with the sample filter, the following might be added (in
+the appropriate locations) to your .mc file:
+
+	INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock')
+
+
++------------------+
+| TESTING A FILTER |
++------------------+
+
+Once you have compiled a filter, modified your .mc file and restarted
+the sendmail process, you will want to test that the filter performs as
+intended.
+
+The sample filter takes one argument -p, which indicates the local port
+on which to create a listening socket for the filter.  Maintaining
+consistency with the suggested options for sendmail.cf, this would be the
+UNIX domain socket located in /var/run/f1.sock.
+
+	% ./sample -p local:/var/run/f1.sock
+
+If the sample filter returns immediately to a command line, there was either
+an error with your command or a problem creating the specified socket.
+Further logging can be captured through the syslogd daemon.  Using the
+'netstat -a' command can ensure that your filter process is listening on
+the appropriate local socket.
+
+Email messages must be injected via SMTP to be filtered.  There are two
+simple means of doing this; either using the 'sendmail -bs' command, or
+by telnetting to port 25 of the machine configured for milter.  Once
+connected via one of these options, the session can be continued through
+the use of standard SMTP commands.
+
+% sendmail -bs
+220 test.sendmail.com ESMTP Sendmail 8.10.0.Beta8/8.10.0.Beta8; Mon, 6 Dec 1999 19:34:23 -0800 (PST)
+HELO localhost
+250 test.sendmail.com Hello testy@localhost, pleased to meet you
+MAIL From:<testy>
+250 2.1.0 <testy>... Sender ok
+RCPT To:<root>
+250 2.1.5 <root>... Recipient ok
+DATA
+354 Enter mail, end with "." on a line by itself
+From: testy@test.sendmail.com
+To: root@test.sendmail.com
+Subject: testing sample filter
+
+Sample body
+.
+250 2.0.0 dB73Zxi25236 Message accepted for delivery
+QUIT
+221 2.0.0 test.sendmail.com closing connection
+
+In the above example, the lines beginning with numbers are output by the
+mail server, and those without are your input.  If everything is working
+properly, you will find a file in /tmp by the name of msg.XXXXXXXX (where
+the Xs represent any combination of letters and numbers).  This file should
+contain the message body and headers from the test email entered above.
+
+If the sample filter did not log your test email, there are a number of
+methods to narrow down the source of the problem.  Check your system
+logs written by syslogd and see if there are any pertinent lines.  You
+may need to reconfigure syslogd to capture all relevant data.  Additionally,
+the logging level of sendmail can be raised with the LogLevel option.
+See the sendmail(8) manual page for more information.
+
+
++--------------------------+
+| SOURCE FOR SAMPLE FILTER |
++--------------------------+
+
+/* A trivial filter that logs all email to a file. */
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sysexits.h>
+#include <unistd.h>
+
+#include "libmilter/mfapi.h"
+
+typedef int bool;
+
+#ifndef FALSE
+# define FALSE	0
+#endif /* ! FALSE*/
+#ifndef TRUE
+# define TRUE	1
+#endif /* ! TRUE*/
+
+struct mlfiPriv
+{
+	char	*mlfi_fname;
+	FILE	*mlfi_fp;
+};
+
+#define MLFIPRIV	((struct mlfiPriv *) smfi_getpriv(ctx))
+
+extern sfsistat	 mlfi_cleanup(SMFICTX *, bool);
+
+sfsistat
+mlfi_envfrom(ctx, envfrom)
+	SMFICTX *ctx;
+	char **envfrom;
+{
+	struct mlfiPriv *priv;
+	int fd;
+
+	/* allocate some private memory */
+	priv = malloc(sizeof *priv);
+	if (priv == NULL)
+	{
+		/* can't accept this message right now */
+		return SMFIS_TEMPFAIL;
+	}
+	memset(priv, '\0', sizeof *priv);
+
+	/* open a file to store this message */
+	priv->mlfi_fname = strdup("/tmp/msg.XXXXXXXX");
+	if (priv->mlfi_fname == NULL)
+	{
+		free(priv);
+		return SMFIS_TEMPFAIL;
+	}
+	if ((fd = mkstemp(priv->mlfi_fname)) < 0 ||
+	    (priv->mlfi_fp = fdopen(fd, "w+")) == NULL)
+	{
+		free(priv->mlfi_fname);
+		free(priv);
+		return SMFIS_TEMPFAIL;
+	}
+
+	/* save the private data */
+	smfi_setpriv(ctx, priv);
+
+	/* continue processing */
+	return SMFIS_CONTINUE;
+}
+
+sfsistat
+mlfi_header(ctx, headerf, headerv)
+	SMFICTX *ctx;
+	char *headerf;
+	char *headerv;
+{
+	/* write the header to the log file */
+	fprintf(MLFIPRIV->mlfi_fp, "%s: %s\r\n", headerf, headerv);
+
+	/* continue processing */
+	return SMFIS_CONTINUE;
+}
+
+sfsistat
+mlfi_eoh(ctx)
+	SMFICTX *ctx;
+{
+	/* output the blank line between the header and the body */
+	fprintf(MLFIPRIV->mlfi_fp, "\r\n");
+
+	/* continue processing */
+	return SMFIS_CONTINUE;
+}
+
+sfsistat
+mlfi_body(ctx, bodyp, bodylen)
+	SMFICTX *ctx;
+	u_char *bodyp;
+	size_t bodylen;
+{
+	/* output body block to log file */
+	if (fwrite(bodyp, bodylen, 1, MLFIPRIV->mlfi_fp) <= 0)
+	{
+		/* write failed */
+		(void) mlfi_cleanup(ctx, FALSE);
+		return SMFIS_TEMPFAIL;
+	}
+
+	/* continue processing */
+	return SMFIS_CONTINUE;
+}
+
+sfsistat
+mlfi_eom(ctx)
+	SMFICTX *ctx;
+{
+	return mlfi_cleanup(ctx, TRUE);
+}
+
+sfsistat
+mlfi_close(ctx)
+	SMFICTX *ctx;
+{
+	return SMFIS_ACCEPT;
+}
+
+sfsistat
+mlfi_abort(ctx)
+	SMFICTX *ctx;
+{
+	return mlfi_cleanup(ctx, FALSE);
+}
+
+sfsistat
+mlfi_cleanup(ctx, ok)
+	SMFICTX *ctx;
+	bool ok;
+{
+	sfsistat rstat = SMFIS_CONTINUE;
+	struct mlfiPriv *priv = MLFIPRIV;
+	char *p;
+	char host[512];
+	char hbuf[1024];
+
+	if (priv == NULL)
+		return rstat;
+
+	/* close the archive file */
+	if (priv->mlfi_fp != NULL && fclose(priv->mlfi_fp) == EOF)
+	{
+		/* failed; we have to wait until later */
+		rstat = SMFIS_TEMPFAIL;
+		(void) unlink(priv->mlfi_fname);
+	}
+	else if (ok)
+	{
+		/* add a header to the message announcing our presence */
+		if (gethostname(host, sizeof host) < 0)
+			strlcpy(host, "localhost", sizeof host);
+		p = strrchr(priv->mlfi_fname, '/');
+		if (p == NULL)
+			p = priv->mlfi_fname;
+		else
+			p++;
+		snprintf(hbuf, sizeof hbuf, "%s@%s", p, host);
+		smfi_addheader(ctx, "X-Archived", hbuf);
+	}
+	else
+	{
+		/* message was aborted -- delete the archive file */
+		(void) unlink(priv->mlfi_fname);
+	}
+
+	/* release private memory */
+	free(priv->mlfi_fname);
+	free(priv);
+	smfi_setpriv(ctx, NULL);
+
+	/* return status */
+	return rstat;
+}
+
+struct smfiDesc smfilter =
+{
+	"SampleFilter",	/* filter name */
+	SMFI_VERSION,	/* version code -- do not change */
+	SMFIF_ADDHDRS,	/* flags */
+	NULL,		/* connection info filter */
+	NULL,		/* SMTP HELO command filter */
+	mlfi_envfrom,	/* envelope sender filter */
+	NULL,		/* envelope recipient filter */
+	mlfi_header,	/* header filter */
+	mlfi_eoh,	/* end of header */
+	mlfi_body,	/* body block filter */
+	mlfi_eom,	/* end of message */
+	mlfi_abort,	/* message aborted */
+	mlfi_close	/* connection cleanup */
+};
+
+
+int
+main(argc, argv)
+	int argc;
+	char *argv[];
+{
+	int c;
+	const char *args = "p:";
+
+	/* Process command line options */
+	while ((c = getopt(argc, argv, args)) != -1)
+	{
+		switch (c)
+		{
+		  case 'p':
+			if (optarg == NULL || *optarg == '\0')
+			{
+				(void) fprintf(stderr, "Illegal conn: %s\n",
+					       optarg);
+				exit(EX_USAGE);
+			}
+			(void) smfi_setconn(optarg);
+			break;
+
+		}
+	}
+	if (smfi_register(smfilter) == MI_FAILURE)
+	{
+		fprintf(stderr, "smfi_register failed\n");
+		exit(EX_UNAVAILABLE);
+	}
+	return smfi_main();
+}
+
+/* eof */
+
+$Revision: 8.9.2.1.2.8 $, Last updated $Date: 2000/07/18 15:43:26 $
diff --git a/contrib/sendmail/libmilter/comm.c b/contrib/sendmail/libmilter/comm.c
new file mode 100644
index 0000000..765b024
--- /dev/null
+++ b/contrib/sendmail/libmilter/comm.c
@@ -0,0 +1,261 @@
+/*
+ *  Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: comm.c,v 8.30.4.3 2000/06/12 14:53:01 ca Exp $";
+#endif /* ! lint */
+
+#if _FFR_MILTER
+#include "libmilter.h"
+
+#define FD_Z	FD_ZERO(&readset);	\
+		FD_SET((u_int) sd, &readset);	\
+		FD_ZERO(&excset);	\
+		FD_SET((u_int) sd, &excset)
+
+/*
+**  MI_RD_CMD -- read a command
+**
+**	Parameters:
+**		sd -- socket descriptor
+**		timeout -- maximum time to wait
+**		cmd -- single character command read from sd
+**		rlen -- pointer to length of result
+**		name -- name of milter
+**
+**	Returns:
+**		buffer with rest of command
+**		(malloc()ed here, should be free()d)
+**		hack: encode error in cmd
+*/
+
+char *
+mi_rd_cmd(sd, timeout, cmd, rlen, name)
+	socket_t sd;
+	struct timeval *timeout;
+	char *cmd;
+	size_t *rlen;
+	char *name;
+{
+	ssize_t len;
+	mi_int32 expl;
+	ssize_t i;
+	fd_set readset, excset;
+	int ret;
+	int save_errno;
+	char *buf;
+	char data[MILTER_LEN_BYTES + 1];
+
+	*cmd = '\0';
+	*rlen = 0;
+	if (sd >= FD_SETSIZE)
+	{
+		smi_log(SMI_LOG_ERR, "%s: fd %d is larger than FD_SETSIZE %d",
+			name, sd, FD_SETSIZE);
+		*cmd = SMFIC_SELECT;
+		return NULL;
+	}
+	FD_Z;
+	i = 0;
+	while ((ret = select(sd + 1, &readset, NULL, &excset, timeout)) >= 1)
+	{
+		if (FD_ISSET(sd, &excset))
+		{
+			*cmd = SMFIC_SELECT;
+			return NULL;
+		}
+		if ((len = read(sd, data + i, sizeof data - i)) < 0)
+		{
+			smi_log(SMI_LOG_ERR,
+				"%s, mi_rd_cmd: read returned %d: %s",
+				name, len, strerror(errno));
+			*cmd = SMFIC_RECVERR;
+			return NULL;
+		}
+		if (len == 0)
+		{
+			*cmd = SMFIC_EOF;
+			return NULL;
+		}
+		if (len >= (ssize_t) sizeof data - i)
+			break;
+		i += len;
+		FD_Z;
+	}
+	if (ret == 0)
+	{
+		*cmd = SMFIC_TIMEOUT;
+		return NULL;
+	}
+	else if (ret < 0)
+	{
+		smi_log(SMI_LOG_ERR,
+			"%s: mi_rd_cmd: select returned %d: %s",
+			name, ret, strerror(errno));
+		*cmd = SMFIC_RECVERR;
+		return NULL;
+	}
+
+	*cmd = data[MILTER_LEN_BYTES];
+	data[MILTER_LEN_BYTES] = '\0';
+	(void) memcpy((void *) &expl, (void *) &(data[0]), MILTER_LEN_BYTES);
+	expl = ntohl(expl) - 1;
+	if (expl <= 0)
+		return NULL;
+	if (expl > MILTER_CHUNK_SIZE)
+	{
+		*cmd = SMFIC_TOOBIG;
+		return NULL;
+	}
+	buf = malloc(expl);
+	if (buf == NULL)
+	{
+		*cmd = SMFIC_MALLOC;
+		return NULL;
+	}
+
+	i = 0;
+	FD_Z;
+	while ((ret = select(sd + 1, &readset, NULL, &excset, timeout)) == 1)
+	{
+		if (FD_ISSET(sd, &excset))
+		{
+			*cmd = SMFIC_SELECT;
+			free(buf);
+			return NULL;
+		}
+		if ((len = read(sd, buf + i, expl - i)) < 0)
+		{
+			smi_log(SMI_LOG_ERR,
+				"%s: mi_rd_cmd: read returned %d: %s",
+				name, len, strerror(errno));
+			ret = -1;
+			break;
+		}
+		if (len == 0)
+		{
+			*cmd = SMFIC_EOF;
+			free(buf);
+			return NULL;
+		}
+		if (len > expl - i)
+		{
+			*cmd = SMFIC_RECVERR;
+			free(buf);
+			return NULL;
+		}
+		if (len >= expl - i)
+		{
+			*rlen = expl;
+			return buf;
+		}
+		i += len;
+		FD_Z;
+	}
+
+	save_errno = errno;
+	free(buf);
+
+	/* select returned 0 (timeout) or < 0 (error) */
+	if (ret == 0)
+	{
+		*cmd = SMFIC_TIMEOUT;
+		return NULL;
+	}
+	if (ret < 0)
+	{
+		smi_log(SMI_LOG_ERR,
+			"%s: mi_rd_cmd: select returned %d: %s",
+			name, ret, strerror(save_errno));
+		*cmd = SMFIC_RECVERR;
+		return NULL;
+	}
+	*cmd = SMFIC_UNKNERR;
+	return NULL;
+}
+/*
+**  MI_WR_CMD -- write a cmd to sd
+**
+**	Parameters:
+**		sd -- socket descriptor
+**		timeout -- maximum time to wait (currently unused)
+**		cmd -- single character command to write
+**		buf -- buffer with further data
+**		len -- length of buffer (without cmd!)
+**
+**	Returns:
+**		MI_SUCCESS/MI_FAILURE
+*/
+
+int
+mi_wr_cmd(sd, timeout, cmd, buf, len)
+	socket_t sd;
+	struct timeval *timeout;
+	int cmd;
+	char *buf;
+	size_t len;
+{
+	size_t sl, i;
+	ssize_t l;
+	mi_int32 nl;
+	int ret;
+	fd_set wrtset;
+	char data[MILTER_LEN_BYTES + 1];
+
+	if (len > MILTER_CHUNK_SIZE)
+		return MI_FAILURE;
+	nl = htonl(len + 1);	/* add 1 for the cmd char */
+	(void) memcpy(data, (void *) &nl, MILTER_LEN_BYTES);
+	data[MILTER_LEN_BYTES] = (char) cmd;
+	i = 0;
+	sl = MILTER_LEN_BYTES + 1;
+
+	do {
+		FD_ZERO(&wrtset);
+		FD_SET((u_int) sd, &wrtset);
+		if ((ret = select(sd + 1, NULL, &wrtset, NULL, timeout)) == 0)
+			return MI_FAILURE;
+	} while (ret < 0 && errno == EINTR);
+	if (ret < 0)
+		return MI_FAILURE;
+
+	/* use writev() instead to send the whole stuff at once? */
+	while ((l = write(sd, (void *) (data + i), sl - i)) < (ssize_t) sl)
+	{
+		if (l < 0)
+			return MI_FAILURE;
+		i += l;
+		sl -= l;
+	}
+
+	if (len > 0 && buf == NULL)
+		return MI_FAILURE;
+	if (len == 0 || buf == NULL)
+		return MI_SUCCESS;
+	i = 0;
+	sl = len;
+	do {
+		FD_ZERO(&wrtset);
+		FD_SET((u_int) sd, &wrtset);
+		if ((ret = select(sd + 1, NULL, &wrtset, NULL, timeout)) == 0)
+			return MI_FAILURE;
+	} while (ret < 0 && errno == EINTR);
+	if (ret < 0)
+		return MI_FAILURE;
+	while ((l = write(sd, (void *) (buf + i), sl - i)) < (ssize_t) sl)
+	{
+		if (l < 0)
+			return MI_FAILURE;
+		i += l;
+		sl -= l;
+	}
+	return MI_SUCCESS;
+}
+#endif /* _FFR_MILTER */
diff --git a/contrib/sendmail/libmilter/engine.c b/contrib/sendmail/libmilter/engine.c
new file mode 100644
index 0000000..ca2da4c
--- /dev/null
+++ b/contrib/sendmail/libmilter/engine.c
@@ -0,0 +1,1117 @@
+/*
+ *  Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: engine.c,v 8.67.4.12 2000/07/14 06:16:57 msk Exp $";
+#endif /* ! lint */
+
+#if _FFR_MILTER
+#include "libmilter.h"
+#include "sendmail/useful.h"
+
+#if NETINET || NETINET6
+# include <arpa/inet.h>
+#endif /* NETINET || NETINET6 */
+
+/* generic argument for functions in the command table */
+struct arg_struct
+{
+	size_t		a_len;		/* length of buffer */
+	char		*a_buf;		/* argument string */
+	int		a_idx;		/* index for macro array */
+	SMFICTX_PTR	a_ctx;		/* context */
+};
+
+typedef struct arg_struct genarg;
+
+/* structure for commands received from MTA */
+struct cmdfct_t
+{
+	char	cm_cmd;				/* command */
+	int	cm_argt;			/* type of arguments expected */
+	int	cm_next;			/* next state */
+	int	cm_todo;			/* what to do next */
+	int	cm_macros;			/* index for macros */
+	int	(*cm_fct) __P((genarg *));	/* function to execute */
+};
+
+typedef struct cmdfct_t cmdfct;
+
+/* possible values for cm_argt */
+#define	CM_ARG0	0	/* no args */
+#define	CM_ARG1	1	/* one arg (string) */
+#define	CM_ARG2	2	/* two args (strings) */
+#define	CM_ARGA	4	/* one string and _SOCK_ADDR */
+#define	CM_ARGO	5	/* two integers */
+#define	CM_ARGV	8	/* \0 separated list of args, NULL-terminated */
+#define	CM_ARGN	9	/* \0 separated list of args (strings) */
+
+/* possible values for cm_todo */
+#define	CT_CONT		0x0000	/* continue reading commands */
+#define	CT_IGNO		0x0001	/* continue even when error  */
+
+/* not needed right now, done via return code instead */
+#define	CT_KEEP		0x0004	/* keep buffer (contains symbols) */
+#define	CT_END		0x0008	/* start replying */
+
+/* index in macro array: macros only for these commands */
+#define	CI_NONE	(-1)
+#define	CI_CONN	0
+#define	CI_HELO	1
+#define	CI_MAIL	2
+#define	CI_RCPT	3
+#if CI_RCPT >= MAX_MACROS_ENTRIES
+ERROR: do not compile with CI_RCPT >= MAX_MACROS_ENTRIES
+#endif
+
+/* function prototypes */
+static int	st_abortfct __P((genarg *));
+static int	st_macros __P((genarg *));
+static int	st_optionneg __P((genarg *));
+static int	st_bodychunk __P((genarg *));
+static int	st_connectinfo __P((genarg *));
+static int	st_bodyend __P((genarg *));
+static int	st_helo __P((genarg *));
+static int	st_header __P((genarg *));
+static int	st_sender __P((genarg *));
+static int	st_rcpt __P((genarg *));
+static int	st_eoh __P((genarg *));
+static int	st_quit __P((genarg *));
+static int	sendreply __P((sfsistat, socket_t, struct timeval *, SMFICTX_PTR));
+static void	fix_stm __P((SMFICTX_PTR));
+static bool	trans_ok __P((int, int));
+static char	**dec_argv __P((char *, size_t));
+static int	dec_arg2 __P((char *, size_t, char **, char **));
+
+/* states */
+#define ST_NONE	(-1)
+#define ST_INIT	0	/* initial state */
+#define ST_OPTS	1	/* option negotiation */
+#define ST_CONN	2	/* connection info */
+#define ST_HELO	3	/* helo */
+#define ST_MAIL	4	/* mail from */
+#define ST_RCPT	5	/* rcpt to */
+#define ST_HDRS	6	/* headers */
+#define ST_EOHS	7	/* end of headers */
+#define ST_BODY	8	/* body */
+#define ST_ENDM	9	/* end of message */
+#define ST_QUIT	10	/* quit */
+#define ST_ABRT	11	/* abort */
+#define ST_LAST	ST_ABRT
+#define ST_SKIP	15	/* not a state but required for the state table */
+
+/* in a mail transaction? must be before eom according to spec. */
+#define ST_IN_MAIL(st)	((st) >= ST_MAIL && (st) < ST_ENDM)
+
+/*
+**  set of next states
+**  each state (ST_*) corresponds to bit in an int value (1 << state)
+**  each state has a set of allowed transitions ('or' of bits of states)
+**  so a state transition is valid if the mask of the next state
+**  is set in the NX_* value
+**  this function is coded in trans_ok(), see below.
+*/
+#define MASK(x)	(0x0001 << (x))	/* generate a bit "mask" for a state */
+#define NX_INIT	(MASK(ST_OPTS))
+#define NX_OPTS	(MASK(ST_CONN))
+#define NX_CONN	(MASK(ST_HELO) | MASK(ST_MAIL))
+#define NX_HELO	(MASK(ST_MAIL))
+#define NX_MAIL	(MASK(ST_RCPT) | MASK(ST_ABRT))
+#define NX_RCPT	(MASK(ST_HDRS) | MASK(ST_EOHS) | MASK(ST_RCPT) | MASK(ST_ABRT))
+#define NX_HDRS	(MASK(ST_EOHS) | MASK(ST_HDRS) | MASK(ST_ABRT))
+#define NX_EOHS	(MASK(ST_BODY) | MASK(ST_ENDM) | MASK(ST_ABRT))
+#define NX_BODY	(MASK(ST_ENDM) | MASK(ST_BODY) | MASK(ST_ABRT))
+#define NX_ENDM	(MASK(ST_QUIT) | MASK(ST_MAIL))
+#define NX_QUIT	0
+#define NX_ABRT	0
+#define NX_SKIP MASK(ST_SKIP)
+
+static int next_states[] =
+{
+	NX_INIT,
+	NX_OPTS,
+	NX_CONN,
+	NX_HELO,
+	NX_MAIL,
+	NX_RCPT,
+	NX_HDRS,
+	NX_EOHS,
+	NX_BODY,
+	NX_ENDM,
+	NX_QUIT,
+	NX_ABRT
+};
+
+/* commands received by milter */
+static cmdfct cmds[] =
+{
+{SMFIC_ABORT,	CM_ARG0, ST_ABRT,  CT_CONT,	CI_NONE, st_abortfct	},
+{SMFIC_MACRO,	CM_ARGV, ST_NONE,  CT_KEEP,	CI_NONE, st_macros	},
+{SMFIC_BODY,	CM_ARG1, ST_BODY,  CT_CONT,	CI_NONE, st_bodychunk	},
+{SMFIC_CONNECT,	CM_ARG2, ST_CONN,  CT_CONT,	CI_CONN, st_connectinfo	},
+{SMFIC_BODYEOB,	CM_ARG1, ST_ENDM,  CT_CONT,	CI_NONE, st_bodyend	},
+{SMFIC_HELO,	CM_ARG1, ST_HELO,  CT_CONT,	CI_HELO, st_helo	},
+{SMFIC_HEADER,	CM_ARG2, ST_HDRS,  CT_CONT,	CI_NONE, st_header	},
+{SMFIC_MAIL,	CM_ARGV, ST_MAIL,  CT_CONT,	CI_MAIL, st_sender	},
+{SMFIC_OPTNEG,	CM_ARGO, ST_OPTS,  CT_CONT,	CI_NONE, st_optionneg	},
+{SMFIC_EOH,	CM_ARG0, ST_EOHS,  CT_CONT,	CI_NONE, st_eoh		},
+{SMFIC_QUIT,	CM_ARG0, ST_QUIT,  CT_END,	CI_NONE, st_quit	},
+{SMFIC_RCPT,	CM_ARGV, ST_RCPT,  CT_IGNO,	CI_RCPT, st_rcpt	}
+};
+
+/* additional (internal) reply codes */
+#define _SMFIS_KEEP	20
+#define _SMFIS_ABORT	21
+#define _SMFIS_OPTIONS	22
+#define _SMFIS_NOREPLY	23
+#define _SMFIS_FAIL	(-1)
+
+/*
+**  MI_ENGINE -- receive commands and process them
+**
+**	Parameters:
+**		ctx -- context structure
+**
+**	Returns:
+**		MI_FAILURE/MI_SUCCESS
+*/
+int
+mi_engine(ctx)
+	SMFICTX_PTR ctx;
+{
+	size_t len;
+	int i;
+	socket_t sd;
+	int ret = MI_SUCCESS;
+	int ncmds = sizeof(cmds) / sizeof(cmdfct);
+	int curstate = ST_INIT;
+	int newstate;
+	bool call_abort;
+	sfsistat r;
+	char cmd;
+	char *buf = NULL;
+	genarg arg;
+	struct timeval timeout;
+	int (*f) __P((genarg *));
+	sfsistat (*fi_abort) __P((SMFICTX *));
+	sfsistat (*fi_close) __P((SMFICTX *));
+
+	arg.a_ctx = ctx;
+	sd = ctx->ctx_sd;
+	fi_abort = ctx->ctx_smfi->xxfi_abort;
+	mi_clr_macros(ctx, 0);
+	fix_stm(ctx);
+	do {
+		/* call abort only if in a mail transaction */
+		call_abort = ST_IN_MAIL(curstate);
+		timeout.tv_sec = ctx->ctx_timeout;
+		timeout.tv_usec = 0;
+		if (mi_stop() == MILTER_ABRT)
+		{
+			if (ctx->ctx_dbg > 3)
+				dprintf("[%d] milter_abort\n",
+					(int) ctx->ctx_id);
+			ret = MI_FAILURE;
+			break;
+		}
+		if ((buf = mi_rd_cmd(sd, &timeout, &cmd, &len,
+				     ctx->ctx_smfi->xxfi_name)) == NULL &&
+		    cmd < SMFIC_VALIDCMD)
+		{
+			if (ctx->ctx_dbg > 5)
+				dprintf("[%d] error (%x)\n",
+					(int) ctx->ctx_id, (int) cmd);
+
+			/*
+			**  eof is currently treated as failure ->
+			**  abort() instead of close(), otherwise use:
+			**  if (cmd != SMFIC_EOF)
+			*/
+
+			ret = MI_FAILURE;
+			break;
+		}
+		if (ctx->ctx_dbg > 4)
+			dprintf("[%d] got cmd '%c' len %d\n",
+				(int) ctx->ctx_id, cmd, len);
+		for (i = 0; i < ncmds; i++)
+		{
+			if (cmd == cmds[i].cm_cmd)
+				break;
+		}
+		if (i >= ncmds)
+		{
+			/* unknown command */
+			if (ctx->ctx_dbg > 1)
+				dprintf("[%d] cmd '%c' unknown\n",
+					(int) ctx->ctx_id, cmd);
+			ret = MI_FAILURE;
+			break;
+		}
+		if ((f = cmds[i].cm_fct) == NULL)
+		{
+			/* stop for now */
+			if (ctx->ctx_dbg > 1)
+				dprintf("[%d] cmd '%c' not impl\n",
+					(int) ctx->ctx_id, cmd);
+			ret = MI_FAILURE;
+			break;
+		}
+
+		/* is new state ok? */
+		newstate = cmds[i].cm_next;
+		if (ctx->ctx_dbg > 5)
+			dprintf("[%d] cur %x new %x nextmask %x\n",
+				(int) ctx->ctx_id,
+				curstate, newstate, next_states[curstate]);
+
+		if (newstate != ST_NONE && !trans_ok(curstate, newstate))
+		{
+			if (ctx->ctx_dbg > 1)
+				dprintf("[%d] abort: cur %d (%x) new %d (%x) next %x\n",
+					(int) ctx->ctx_id,
+					curstate, MASK(curstate),
+					newstate, MASK(newstate),
+					next_states[curstate]);
+
+			/* call abort only if in a mail transaction */
+			if (fi_abort != NULL && call_abort)
+				(void) (*fi_abort)(ctx);
+
+			/*
+			**  try to reach the new state from HELO
+			**  if it can't be reached, ignore the command.
+			*/
+
+			curstate = ST_HELO;
+			if (!trans_ok(curstate, newstate))
+				continue;
+		}
+		arg.a_len = len;
+		arg.a_buf = buf;
+		if (newstate != ST_NONE)
+		{
+			curstate = newstate;
+			ctx->ctx_state = curstate;
+		}
+		arg.a_idx = cmds[i].cm_macros;
+
+		/* call function to deal with command */
+		r = (*f)(&arg);
+		if (r != _SMFIS_KEEP && buf != NULL)
+		{
+			free(buf);
+			buf = NULL;
+		}
+		if (sendreply(r, sd, &timeout, ctx) != MI_SUCCESS)
+		{
+			ret = MI_FAILURE;
+			break;
+		}
+
+		call_abort = ST_IN_MAIL(curstate);
+		if (r == SMFIS_ACCEPT)
+		{
+			/* accept mail, no further actions taken */
+			curstate = ST_HELO;
+		}
+		else if (r == SMFIS_REJECT || r == SMFIS_DISCARD ||
+			 r ==  SMFIS_TEMPFAIL)
+		{
+			/*
+			**  further actions depend on current state
+			**  if the IGNO bit is set: "ignore" the error,
+			**  i.e., stay in the current state
+			*/
+			if (!bitset(CT_IGNO, cmds[i].cm_todo))
+				curstate = ST_HELO;
+		}
+		else if (r == _SMFIS_ABORT)
+		{
+			if (ctx->ctx_dbg > 5)
+				dprintf("[%d] function returned abort\n",
+					(int) ctx->ctx_id);
+			ret = MI_FAILURE;
+			break;
+		}
+	} while (!bitset(CT_END, cmds[i].cm_todo));
+
+	if (ret != MI_SUCCESS)
+	{
+		/* call abort only if in a mail transaction */
+		if (fi_abort != NULL && call_abort)
+			(void) (*fi_abort)(ctx);
+	}
+
+	/* close must always be called */
+	if ((fi_close = ctx->ctx_smfi->xxfi_close) != NULL)
+		(void) (*fi_close)(ctx);
+	if (buf != NULL)
+		free(buf);
+	mi_clr_macros(ctx, 0);
+	return ret;
+}
+/*
+**  SENDREPLY -- send a reply to the MTA
+**
+**	Parameters:
+**		r -- reply code
+**		sd -- socket descriptor
+**		timeout_ptr -- (ptr to) timeout to use for sending
+**		ctx -- context structure
+**
+**	Returns:
+**		MI_SUCCESS/MI_FAILURE
+*/
+
+static int
+sendreply(r, sd, timeout_ptr, ctx)
+	sfsistat r;
+	socket_t sd;
+	struct timeval *timeout_ptr;
+	SMFICTX_PTR ctx;
+{
+	int ret = MI_SUCCESS;
+
+	switch(r)
+	{
+	  case SMFIS_CONTINUE:
+		ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_CONTINUE, NULL, 0);
+		break;
+	  case SMFIS_TEMPFAIL:
+	  case SMFIS_REJECT:
+		if (ctx->ctx_reply != NULL)
+		{
+			ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_REPLYCODE,
+					ctx->ctx_reply,
+					strlen(ctx->ctx_reply) + 1);
+			free(ctx->ctx_reply);
+			ctx->ctx_reply = NULL;
+		}
+		else
+		{
+			ret = mi_wr_cmd(sd, timeout_ptr, r == SMFIS_REJECT ?
+					SMFIR_REJECT : SMFIR_TEMPFAIL, NULL, 0);
+		}
+		break;
+	  case SMFIS_DISCARD:
+		ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_DISCARD, NULL, 0);
+		break;
+	  case SMFIS_ACCEPT:
+		ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_ACCEPT, NULL, 0);
+		break;
+	  case _SMFIS_OPTIONS:
+		{
+			char buf[MILTER_OPTLEN];
+			mi_int32 v;
+
+			v = htonl(ctx->ctx_smfi->xxfi_version);
+			(void) memcpy(&(buf[0]), (void *) &v, MILTER_LEN_BYTES);
+			v = htonl(ctx->ctx_smfi->xxfi_flags);
+			(void) memcpy(&(buf[MILTER_LEN_BYTES]), (void *) &v,
+				      MILTER_LEN_BYTES);
+			v = htonl(ctx->ctx_pflags);
+			(void) memcpy(&(buf[MILTER_LEN_BYTES * 2]), (void *) &v,
+				      MILTER_LEN_BYTES);
+			ret = mi_wr_cmd(sd, timeout_ptr, SMFIC_OPTNEG, buf,
+				       MILTER_OPTLEN);
+		}
+		break;
+	  default:	/* don't send a reply */
+		break;
+	}
+	return ret;
+}
+
+/*
+**  CLR_MACROS -- clear set of macros starting from a given index
+**
+**	Parameters:
+**		ctx -- context structure
+**		m -- index from which to clear all macros
+**
+**	Returns:
+**		None.
+*/
+void
+mi_clr_macros(ctx, m)
+	SMFICTX_PTR ctx;
+	int m;
+{
+	int i;
+
+	for (i = m; i < MAX_MACROS_ENTRIES; i++)
+	{
+		if (ctx->ctx_mac_ptr[i] != NULL)
+		{
+			free(ctx->ctx_mac_ptr[i]);
+			ctx->ctx_mac_ptr[i] = NULL;
+		}
+		if (ctx->ctx_mac_buf[i] != NULL)
+		{
+			free(ctx->ctx_mac_buf[i]);
+			ctx->ctx_mac_buf[i] = NULL;
+		}
+	}
+}
+/*
+**  ST_OPTIONNEG -- negotiate options
+**
+**	Parameters:
+**		g -- generic argument structure
+**
+**	Returns:
+**		abort/send options/continue
+*/
+
+static int
+st_optionneg(g)
+	genarg *g;
+{
+	mi_int32 i, v;
+
+	if (g == NULL || g->a_ctx->ctx_smfi == NULL)
+		return SMFIS_CONTINUE;
+	mi_clr_macros(g->a_ctx, g->a_idx + 1);
+
+	/* check for minimum length */
+	if (g->a_len < MILTER_OPTLEN)
+	{
+		smi_log(SMI_LOG_ERR,
+			"%s: st_optionneg[%d]: len too short %d < %d",
+			g->a_ctx->ctx_smfi->xxfi_name,
+			(int) g->a_ctx->ctx_id, g->a_len,
+			MILTER_OPTLEN);
+		return _SMFIS_ABORT;
+	}
+
+	(void) memcpy((void *) &i, (void *) &(g->a_buf[0]),
+		      MILTER_LEN_BYTES);
+	v = ntohl(i);
+	if (v < g->a_ctx->ctx_smfi->xxfi_version)
+	{
+		/* hard failure for now! */
+		smi_log(SMI_LOG_ERR,
+			"%s: st_optionneg[%d]: version mismatch MTA: %d < milter: %d",
+			g->a_ctx->ctx_smfi->xxfi_name,
+			(int) g->a_ctx->ctx_id, (int) v,
+			g->a_ctx->ctx_smfi->xxfi_version);
+		return _SMFIS_ABORT;
+	}
+
+	(void) memcpy((void *) &i, (void *) &(g->a_buf[MILTER_LEN_BYTES]),
+		      MILTER_LEN_BYTES);
+	v = ntohl(i);
+
+	/* no flags? set to default value for V1 actions */
+	if (v == 0)
+		v = SMFI_V1_ACTS;
+	i = g->a_ctx->ctx_smfi->xxfi_flags;
+	if ((v & i) != i)
+	{
+		smi_log(SMI_LOG_ERR,
+			"%s: st_optionneg[%d]: 0x%x does not fulfill action requirements 0x%x",
+			g->a_ctx->ctx_smfi->xxfi_name,
+			(int) g->a_ctx->ctx_id, v, i);
+		return _SMFIS_ABORT;
+	}
+
+	(void) memcpy((void *) &i, (void *) &(g->a_buf[MILTER_LEN_BYTES * 2]),
+		      MILTER_LEN_BYTES);
+	v = ntohl(i);
+
+	/* no flags? set to default value for V1 protocol */
+	if (v == 0)
+		v = SMFI_V1_PROT;
+	i = g->a_ctx->ctx_pflags;
+	if ((v & i) != i)
+	{
+		smi_log(SMI_LOG_ERR,
+			"%s: st_optionneg[%d]: 0x%x does not fulfill protocol requirements 0x%x",
+			g->a_ctx->ctx_smfi->xxfi_name,
+			(int) g->a_ctx->ctx_id, v, i);
+		return _SMFIS_ABORT;
+	}
+
+	return _SMFIS_OPTIONS;
+}
+/*
+**  ST_CONNECTINFO -- receive connection information
+**
+**	Parameters:
+**		g -- generic argument structure
+**
+**	Returns:
+**		continue or filter-specified value
+*/
+
+static int
+st_connectinfo(g)
+	genarg *g;
+{
+	size_t l;
+	size_t i;
+	char *s, family;
+	u_short port = 0;
+	_SOCK_ADDR sockaddr;
+	sfsistat (*fi_connect) __P((SMFICTX *, char *, _SOCK_ADDR *));
+
+	if (g == NULL)
+		return _SMFIS_ABORT;
+	mi_clr_macros(g->a_ctx, g->a_idx + 1);
+	if (g->a_ctx->ctx_smfi == NULL ||
+	    (fi_connect = g->a_ctx->ctx_smfi->xxfi_connect) == NULL)
+		return SMFIS_CONTINUE;
+
+	s = g->a_buf;
+	i = 0;
+	l = g->a_len;
+	while (s[i] != '\0' && i <= l)
+		++i;
+	if (i >= l)
+		return _SMFIS_ABORT;
+
+	/* Move past trailing \0 in host string */
+	i++;
+	family = s[i++];
+	memset(&sockaddr, '\0', sizeof sockaddr);
+	if (family != SMFIA_UNKNOWN)
+	{
+		(void) memcpy((void *) &port, (void *) (s + i),
+			      sizeof port);
+		port = ntohs(port);
+		if ((i += sizeof port) >= l)
+		{
+			smi_log(SMI_LOG_ERR,
+				"%s: connect[%d]: wrong len %d >= %d",
+				g->a_ctx->ctx_smfi->xxfi_name,
+				(int) g->a_ctx->ctx_id, i, l);
+			return _SMFIS_ABORT;
+		}
+# if NETINET
+		if (family == SMFIA_INET)
+		{
+			if (inet_aton(s + i, (struct in_addr *) &sockaddr.sin.sin_addr)
+			    == INADDR_NONE)
+			{
+				smi_log(SMI_LOG_ERR,
+					"%s: connect[%d]: inet_aton failed",
+					g->a_ctx->ctx_smfi->xxfi_name,
+					(int) g->a_ctx->ctx_id);
+				return _SMFIS_ABORT;
+			}
+			sockaddr.sa.sa_family = AF_INET;
+			if (port > 0)
+				sockaddr.sin.sin_port = port;
+		}
+		else
+# endif /* NETINET */
+# if NETINET6
+		if (family == SMFIA_INET6)
+		{
+			if (inet_pton(AF_INET6, s + i,
+				      &sockaddr.sin6.sin6_addr) != 1)
+			{
+				smi_log(SMI_LOG_ERR,
+					"%s: connect[%d]: inet_pton failed",
+					g->a_ctx->ctx_smfi->xxfi_name,
+					(int) g->a_ctx->ctx_id);
+				return _SMFIS_ABORT;
+			}
+			sockaddr.sa.sa_family = AF_INET6;
+			if (port > 0)
+				sockaddr.sin6.sin6_port = port;
+		}
+		else
+# endif /* NETINET6 */
+# if NETUNIX
+		if (family == SMFIA_UNIX)
+		{
+			if (strlcpy(sockaddr.sunix.sun_path, s + i,
+			    sizeof sockaddr.sunix.sun_path) >=
+			    sizeof sockaddr.sunix.sun_path)
+			{
+				smi_log(SMI_LOG_ERR,
+					"%s: connect[%d]: path too long",
+					g->a_ctx->ctx_smfi->xxfi_name,
+					(int) g->a_ctx->ctx_id);
+				return _SMFIS_ABORT;
+			}
+			sockaddr.sunix.sun_family = AF_UNIX;
+		}
+		else
+# endif /* NETUNIX */
+		{
+			smi_log(SMI_LOG_ERR,
+				"%s: connect[%d]: unknown family %d",
+				g->a_ctx->ctx_smfi->xxfi_name,
+				(int) g->a_ctx->ctx_id, family);
+			return _SMFIS_ABORT;
+		}
+	}
+	return (*fi_connect)(g->a_ctx, g->a_buf,
+			     family != SMFIA_UNKNOWN ? &sockaddr : NULL);
+}
+/*
+**  ST_EOH -- end of headers
+**
+**	Parameters:
+**		g -- generic argument structure
+**
+**	Returns:
+**		continue or filter-specified value
+*/
+
+static int
+st_eoh(g)
+	genarg *g;
+{
+	sfsistat (*fi_eoh) __P((SMFICTX *));
+
+	if (g == NULL)
+		return _SMFIS_ABORT;
+	if (g->a_ctx->ctx_smfi != NULL &&
+	    (fi_eoh = g->a_ctx->ctx_smfi->xxfi_eoh) != NULL)
+		return (*fi_eoh)(g->a_ctx);
+	return SMFIS_CONTINUE;
+}
+/*
+**  ST_HELO -- helo/ehlo command
+**
+**	Parameters:
+**		g -- generic argument structure
+**
+**	Returns:
+**		continue or filter-specified value
+*/
+static int
+st_helo(g)
+	genarg *g;
+{
+	sfsistat (*fi_helo) __P((SMFICTX *, char *));
+
+	if (g == NULL)
+		return _SMFIS_ABORT;
+	mi_clr_macros(g->a_ctx, g->a_idx + 1);
+	if (g->a_ctx->ctx_smfi != NULL &&
+	    (fi_helo = g->a_ctx->ctx_smfi->xxfi_helo) != NULL)
+		return (*fi_helo)(g->a_ctx, g->a_buf);
+	return SMFIS_CONTINUE;
+}
+/*
+**  ST_HEADER -- header line
+**
+**	Parameters:
+**		g -- generic argument structure
+**
+**	Returns:
+**		continue or filter-specified value
+*/
+
+static int
+st_header(g)
+	genarg *g;
+{
+	char *hf, *hv;
+	sfsistat (*fi_header) __P((SMFICTX *, char *, char *));
+
+	if (g == NULL)
+		return _SMFIS_ABORT;
+	if (g->a_ctx->ctx_smfi == NULL ||
+	    (fi_header = g->a_ctx->ctx_smfi->xxfi_header) == NULL)
+		return SMFIS_CONTINUE;
+	if (dec_arg2(g->a_buf, g->a_len, &hf, &hv) == MI_SUCCESS)
+		return (*fi_header)(g->a_ctx, hf, hv);
+	else
+		return _SMFIS_ABORT;
+}
+
+#define ARGV_FCT(lf, rf, idx) \
+	char **argv;	\
+	sfsistat (*lf) __P((SMFICTX *, char **));	\
+	int r;	\
+	\
+	if (g == NULL)	\
+		return _SMFIS_ABORT;	\
+	mi_clr_macros(g->a_ctx, g->a_idx + 1);	\
+	if (g->a_ctx->ctx_smfi == NULL ||	\
+	    (lf = g->a_ctx->ctx_smfi->rf) == NULL)	\
+		return SMFIS_CONTINUE;	\
+	if ((argv = dec_argv(g->a_buf, g->a_len)) == NULL)	\
+		return _SMFIS_ABORT;	\
+	r = (*lf)(g->a_ctx, argv);	\
+	free(argv);	\
+	return r;
+
+/*
+**  ST_SENDER -- MAIL FROM command
+**
+**	Parameters:
+**		g -- generic argument structure
+**
+**	Returns:
+**		continue or filter-specified value
+*/
+
+static int
+st_sender(g)
+	genarg *g;
+{
+	ARGV_FCT(fi_envfrom, xxfi_envfrom, CI_MAIL)
+}
+/*
+**  ST_RCPT -- RCPT TO command
+**
+**	Parameters:
+**		g -- generic argument structure
+**
+**	Returns:
+**		continue or filter-specified value
+*/
+
+static int
+st_rcpt(g)
+	genarg *g;
+{
+	ARGV_FCT(fi_envrcpt, xxfi_envrcpt, CI_RCPT)
+}
+/*
+**  ST_MACROS -- deal with macros received from the MTA
+**
+**	Parameters:
+**		g -- generic argument structure
+**
+**	Returns:
+**		continue/keep
+**
+**	Side effects:
+**		set pointer in macro array to current values.
+*/
+
+static int
+st_macros(g)
+	genarg *g;
+{
+	int i;
+	char **argv;
+
+	if (g == NULL || g->a_len < 1)
+		return _SMFIS_FAIL;
+	if ((argv = dec_argv(g->a_buf + 1, g->a_len - 1)) == NULL)
+		return _SMFIS_FAIL;
+	switch(g->a_buf[0])
+	{
+	  case SMFIC_CONNECT:
+		i = CI_CONN;
+		break;
+	  case SMFIC_HELO:
+		i = CI_HELO;
+		break;
+	  case SMFIC_MAIL:
+		i = CI_MAIL;
+		break;
+	  case SMFIC_RCPT:
+		i = CI_RCPT;
+		break;
+	  default:
+		free(argv);
+		return _SMFIS_FAIL;
+	}
+	if (g->a_ctx->ctx_mac_ptr[i] != NULL)
+		free(g->a_ctx->ctx_mac_ptr[i]);
+	if (g->a_ctx->ctx_mac_buf[i] != NULL)
+		free(g->a_ctx->ctx_mac_buf[i]);
+	g->a_ctx->ctx_mac_ptr[i] = argv;
+	g->a_ctx->ctx_mac_buf[i] = g->a_buf;
+	return _SMFIS_KEEP;
+}
+/*
+**  ST_QUIT -- quit command
+**
+**	Parameters:
+**		g -- generic argument structure
+**
+**	Returns:
+**		noreply
+*/
+
+static int
+st_quit(g)
+	genarg *g;
+{
+	return _SMFIS_NOREPLY;
+}
+/*
+**  ST_BODYCHUNK -- deal with a piece of the mail body
+**
+**	Parameters:
+**		g -- generic argument structure
+**
+**	Returns:
+**		continue or filter-specified value
+*/
+
+static int
+st_bodychunk(g)
+	genarg *g;
+{
+	sfsistat (*fi_body) __P((SMFICTX *, u_char *, size_t));
+
+	if (g == NULL)
+		return _SMFIS_ABORT;
+	if (g->a_ctx->ctx_smfi != NULL &&
+	    (fi_body = g->a_ctx->ctx_smfi->xxfi_body) != NULL)
+		return (*fi_body)(g->a_ctx, (u_char *)g->a_buf, g->a_len);
+	return SMFIS_CONTINUE;
+}
+/*
+**  ST_BODYEND -- deal with the last piece of the mail body
+**
+**	Parameters:
+**		g -- generic argument structure
+**
+**	Returns:
+**		continue or filter-specified value
+**
+**	Side effects:
+**		sends a reply for the body part (if non-empty).
+*/
+
+static int
+st_bodyend(g)
+	genarg *g;
+{
+	sfsistat r;
+	sfsistat (*fi_body) __P((SMFICTX *, u_char *, size_t));
+	sfsistat (*fi_eom) __P((SMFICTX *));
+
+	if (g == NULL)
+		return _SMFIS_ABORT;
+	r = SMFIS_CONTINUE;
+	if (g->a_ctx->ctx_smfi != NULL)
+	{
+		if ((fi_body = g->a_ctx->ctx_smfi->xxfi_body) != NULL &&
+		    g->a_len > 0)
+		{
+			socket_t sd;
+			struct timeval timeout;
+
+			timeout.tv_sec = g->a_ctx->ctx_timeout;
+			timeout.tv_usec = 0;
+			sd = g->a_ctx->ctx_sd;
+			r = (*fi_body)(g->a_ctx, (u_char *)g->a_buf, g->a_len);
+			if (r != SMFIS_CONTINUE &&
+			    sendreply(r, sd, &timeout, g->a_ctx) != MI_SUCCESS)
+				return _SMFIS_ABORT;
+		}
+	}
+	if (r == SMFIS_CONTINUE &&
+	    (fi_eom = g->a_ctx->ctx_smfi->xxfi_eom) != NULL)
+		return (*fi_eom)(g->a_ctx);
+	return r;
+}
+/*
+**  ST_ABORTFCT -- deal with aborts
+**
+**	Parameters:
+**		g -- generic argument structure
+**
+**	Returns:
+**		abort or filter-specified value
+*/
+
+static int
+st_abortfct(g)
+	genarg *g;
+{
+	sfsistat (*fi_abort) __P((SMFICTX *));
+
+	if (g == NULL)
+		return _SMFIS_ABORT;
+	if (g != NULL && g->a_ctx->ctx_smfi != NULL &&
+	    (fi_abort = g->a_ctx->ctx_smfi->xxfi_abort) != NULL)
+		(void) (*fi_abort)(g->a_ctx);
+	return _SMFIS_NOREPLY;
+}
+/*
+**  TRANS_OK -- is the state transition ok?
+**
+**	Parameters:
+**		old -- old state
+**		new -- new state
+**
+**	Returns:
+**		state transition ok
+*/
+
+static bool
+trans_ok(old, new)
+	int old, new;
+{
+	int s, n;
+
+	s = old;
+	do {
+		/* is this state transition allowed? */
+		if ((MASK(new) & next_states[s]) != 0)
+			return TRUE;
+
+		/*
+		**  no: try next state;
+		**  this works since the relevant states are ordered
+		**  strict sequentially
+		*/
+		n = s + 1;
+
+		/*
+		**  can we actually "skip" this state?
+		**  see fix_stm() which sets this bit for those
+		**  states which the filter program is not interested in
+		*/
+		if (bitset(NX_SKIP, next_states[n]))
+			s = n;
+		else
+			return FALSE;
+	} while (s <= ST_LAST);
+	return FALSE;
+}
+/*
+**  FIX_STM -- add "skip" bits to the state transition table
+**
+**	Parameters:
+**		ctx -- context structure
+**
+**	Returns:
+**		None.
+**
+**	Side effects:
+**		may change state transition table.
+*/
+
+static void
+fix_stm(ctx)
+	SMFICTX_PTR ctx;
+{
+	u_long fl;
+
+	if (ctx == NULL || ctx->ctx_smfi == NULL)
+		return;
+	fl = ctx->ctx_pflags;
+	if (bitset(SMFIP_NOCONNECT, fl))
+		next_states[ST_CONN] |= NX_SKIP;
+	if (bitset(SMFIP_NOHELO, fl))
+		next_states[ST_HELO] |= NX_SKIP;
+	if (bitset(SMFIP_NOMAIL, fl))
+		next_states[ST_MAIL] |= NX_SKIP;
+	if (bitset(SMFIP_NORCPT, fl))
+		next_states[ST_RCPT] |= NX_SKIP;
+	if (bitset(SMFIP_NOHDRS, fl))
+		next_states[ST_HDRS] |= NX_SKIP;
+	if (bitset(SMFIP_NOEOH, fl))
+		next_states[ST_EOHS] |= NX_SKIP;
+	if (bitset(SMFIP_NOBODY, fl))
+		next_states[ST_BODY] |= NX_SKIP;
+}
+/*
+**  DEC_ARGV -- split a buffer into a list of strings, NULL terminated
+**
+**	Parameters:
+**		buf -- buffer with several strings
+**		len -- length of buffer
+**
+**	Returns:
+**		array of pointers to the individual strings
+*/
+
+static char **
+dec_argv(buf, len)
+	char *buf;
+	size_t len;
+{
+	char **s;
+	size_t i;
+	int elem, nelem;
+
+	nelem = 0;
+	for (i = 0; i < len; i++)
+	{
+		if (buf[i] == '\0')
+			++nelem;
+	}
+	if (nelem == 0)
+		return NULL;
+
+	/* last entry is only for the name */
+	s = (char **)malloc((nelem + 1) * (sizeof *s));
+	if (s == NULL)
+		return NULL;
+	s[0] = buf;
+	for (i = 0, elem = 0; i < len && elem < nelem; i++)
+	{
+		if (buf[i] == '\0')
+			s[++elem] = &(buf[i + 1]);
+	}
+
+	/* overwrite last entry */
+	s[elem] = NULL;
+	return s;
+}
+/*
+**  DEC_ARG2 -- split a buffer into two strings
+**
+**	Parameters:
+**		buf -- buffer with two strings
+**		len -- length of buffer
+**		s1,s2 -- pointer to result strings
+**
+**	Returns:
+**		MI_FAILURE/MI_SUCCESS
+*/
+
+static int
+dec_arg2(buf, len, s1, s2)
+	char *buf;
+	size_t len;
+	char **s1;
+	char **s2;
+{
+	size_t i;
+
+	*s1 = buf;
+	for (i = 1; i < len && buf[i] != '\0'; i++)
+		continue;
+	if (i >= len - 1)
+		return MI_FAILURE;
+	*s2 = buf + i + 1;
+	return MI_SUCCESS;
+}
+/*
+**  SENDOK -- is it ok for the filter to send stuff to the MTA?
+**
+**	Parameters:
+**		ctx -- context structure
+**		flag -- flag to check
+**
+**	Returns:
+**		sending allowed (in current state)
+*/
+
+bool
+mi_sendok(ctx, flag)
+	SMFICTX_PTR ctx;
+	int flag;
+{
+	if (ctx == NULL || ctx->ctx_smfi == NULL)
+		return FALSE;
+	if (flag != 0 && !bitset(flag, ctx->ctx_smfi->xxfi_flags))
+		return FALSE;
+	return ctx->ctx_state == ST_ENDM;
+}
+#endif /* _FFR_MILTER */
diff --git a/contrib/sendmail/libmilter/handler.c b/contrib/sendmail/libmilter/handler.c
new file mode 100644
index 0000000..f6e75e9
--- /dev/null
+++ b/contrib/sendmail/libmilter/handler.c
@@ -0,0 +1,61 @@
+/*
+ *  Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: handler.c,v 8.19.4.2 2000/07/14 06:16:57 msk Exp $";
+#endif /* ! lint */
+
+#if _FFR_MILTER
+#include "libmilter.h"
+
+
+/*
+**  HANDLE_SESSION -- Handle a connected session in its own context
+**
+**	Parameters:
+**		ctx -- context structure
+**
+**	Returns:
+**		MI_SUCCESS/MI_FAILURE
+*/
+
+int
+mi_handle_session(ctx)
+	SMFICTX_PTR ctx;
+{
+	int ret;
+
+	if (ctx == NULL)
+		return MI_FAILURE;
+	ctx->ctx_id = (sthread_t) sthread_get_id();
+
+	/*
+	**  detach so resources are free when the thread returns
+	**  if we ever "wait" for threads, this call must be removed
+	*/
+	if (pthread_detach(ctx->ctx_id) != 0)
+		return MI_FAILURE;
+	ret = mi_engine(ctx);
+	if (ValidSocket(ctx->ctx_sd))
+		(void) close(ctx->ctx_sd);
+	if (ctx->ctx_reply != NULL)
+		free(ctx->ctx_reply);
+	if (ctx->ctx_privdata != NULL)
+	{
+		smi_log(SMI_LOG_WARN,
+			"%s: private data not NULL",
+			ctx->ctx_smfi->xxfi_name);
+	}
+	mi_clr_macros(ctx, 0);
+	free(ctx);
+	ctx = NULL;
+	return ret;
+}
+#endif /* _FFR_MILTER */
diff --git a/contrib/sendmail/libmilter/libmilter.h b/contrib/sendmail/libmilter/libmilter.h
new file mode 100644
index 0000000..a675ac6
--- /dev/null
+++ b/contrib/sendmail/libmilter/libmilter.h
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ */
+
+/*
+**  LIBMILTER.H -- include file for mail filter library functions
+*/
+
+#ifndef _LIBMILTER_H
+# define _LIBMILTER_H	1
+#ifdef _DEFINE
+# define EXTERN
+# define INIT(x)	= x
+# ifndef lint
+static char MilterlId[] = "@(#)$Id: libmilter.h,v 8.3.6.4 2000/06/09 07:12:13 gshapiro Exp $";
+# endif /* ! lint */
+#else /* _DEFINE */
+# define EXTERN extern
+# define INIT(x)
+#endif /* _DEFINE */
+
+
+#define NOT_SENDMAIL	1
+#define _SOCK_ADDR	union bigsockaddr
+#include "sendmail.h"
+
+#include "libmilter/milter.h"
+
+#ifndef __P
+# include "sendmail/cdefs.h"
+#endif /* ! __P */
+#include "sendmail/useful.h"
+
+# define ValidSocket(sd)	((sd) >= 0)
+
+# define thread_create(ptid,wr,arg) pthread_create(ptid, NULL, wr, arg)
+# define sthread_get_id()	pthread_self()
+
+#include <sys/time.h>
+
+/* version info */
+#define MILTER_PRODUCT_NAME	"libmilter"
+#define MILTER_VERSION		100
+
+/* some defaults */
+#define MI_TIMEOUT	1800		/* default timeout for read/write */
+#define MI_CHK_TIME	5		/* checking whether to terminate */
+
+/* maximum number of repeated failures in mi_listener() */
+#define MAX_FAILS_M	16	/* malloc() */
+#define MAX_FAILS_T	16	/* thread creation */
+
+/* internal "commands", i.e., error codes */
+#define SMFIC_TIMEOUT	((char) 1)	/* timeout */
+#define SMFIC_SELECT	((char) 2)	/* select error */
+#define SMFIC_MALLOC	((char) 3)	/* malloc error */
+#define SMFIC_RECVERR	((char) 4)	/* recv() error */
+#define SMFIC_EOF	((char) 5)	/* eof */
+#define SMFIC_UNKNERR	((char) 6)	/* unknown error */
+#define SMFIC_TOOBIG	((char) 7)	/* body chunk too big */
+#define SMFIC_VALIDCMD	' '		/* first valid command */
+
+/* hack */
+#define smi_log		syslog
+#define milter_ret	int
+#define SMI_LOG_ERR	LOG_ERR
+#define SMI_LOG_FATAL	LOG_ERR
+#define SMI_LOG_WARN	LOG_WARNING
+#define SMI_LOG_INFO	LOG_INFO
+#define SMI_LOG_DEBUG	LOG_DEBUG
+
+#define MI_INVALID_SOCKET	(-1)
+
+/* stop? */
+#define MILTER_CONT	0
+#define MILTER_STOP	1
+#define MILTER_ABRT	2
+
+/* functions */
+extern int	mi_handle_session __P((SMFICTX_PTR));
+extern int	mi_engine __P((SMFICTX_PTR));
+extern int	mi_listener __P((char *, int, smfiDesc_ptr, time_t));
+extern void	mi_clr_macros __P((SMFICTX_PTR, int));
+extern int	mi_stop __P((void));
+extern int	mi_control_startup __P((char *));
+extern void	mi_stop_milters __P((int));
+extern void	mi_clean_signals __P((void));
+extern struct hostent *mi_gethostbyname __P((char *, int));
+
+/* communication functions */
+extern char	*mi_rd_cmd __P((socket_t, struct timeval *, char *, size_t *, char *));
+extern int	mi_wr_cmd __P((socket_t, struct timeval *, int, char *, size_t));
+extern bool	mi_sendok __P((SMFICTX_PTR, int));
+
+#endif /* !_LIBMILTER_H */
diff --git a/contrib/sendmail/libmilter/listener.c b/contrib/sendmail/libmilter/listener.c
new file mode 100644
index 0000000..a88258c
--- /dev/null
+++ b/contrib/sendmail/libmilter/listener.c
@@ -0,0 +1,581 @@
+/*
+ *  Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: listener.c,v 8.38.2.1.2.7 2000/05/25 21:44:26 gshapiro Exp $";
+#endif /* ! lint */
+
+#if _FFR_MILTER
+/*
+**  listener.c -- threaded network listener
+*/
+
+#include "libmilter.h"
+
+
+# if NETINET || NETINET6
+#  include <arpa/inet.h>
+# endif /* NETINET || NETINET6 */
+/*
+**  MI_MILTEROPEN -- setup socket to listen on
+**
+**	Parameters:
+**		conn -- connection description
+**		backlog -- listen backlog
+**		socksize -- socksize of created socket
+**
+**	Returns:
+**		socket upon success, error code otherwise.
+*/
+
+static int
+mi_milteropen(conn, backlog, socksize, name)
+	char *conn;
+	int backlog;
+	SOCKADDR_LEN_T *socksize;
+	char *name;
+{
+	int sock = 0;
+	int sockopt = 1;
+	char *p;
+	char *colon;
+	char *at;
+	struct hostent *hp = NULL;
+	SOCKADDR addr;
+
+	if (conn == NULL || conn[0] == '\0')
+	{
+		smi_log(SMI_LOG_ERR, "%s: empty or missing socket information",
+			name);
+		return MI_INVALID_SOCKET;
+	}
+	(void) memset(&addr, '\0', sizeof addr);
+
+	/* protocol:filename or protocol:port@host */
+	p = conn;
+	colon = strchr(p, ':');
+	if (colon != NULL)
+	{
+		*colon = '\0';
+
+ 		if (*p == '\0')
+		{
+#if NETUNIX
+			/* default to AF_UNIX */
+ 			addr.sa.sa_family = AF_UNIX;
+			*socksize = sizeof (struct sockaddr_un);
+#else /* NETUNIX */
+# if NETINET
+			/* default to AF_INET */
+			addr.sa.sa_family = AF_INET;
+			*socksize = sizeof addr.sin;
+# else /* NETINET */
+#  if NETINET6
+			/* default to AF_INET6 */
+			addr.sa.sa_family = AF_INET6;
+			*socksize = sizeof addr.sin6;
+#  else /* NETINET6 */
+			/* no protocols available */
+			smi_log(SMI_LOG_ERR,
+				"%s: no valid socket protocols available",
+				name);
+			return MI_INVALID_SOCKET;
+#  endif /* NETINET6 */
+# endif /* NETINET */
+#endif /* NETUNIX */
+		}
+#if NETUNIX
+		else if (strcasecmp(p, "unix") == 0 ||
+			 strcasecmp(p, "local") == 0)
+		{
+			addr.sa.sa_family = AF_UNIX;
+			*socksize = sizeof (struct sockaddr_un);
+		}
+#endif /* NETUNIX */
+#if NETINET
+		else if (strcasecmp(p, "inet") == 0)
+		{
+			addr.sa.sa_family = AF_INET;
+			*socksize = sizeof addr.sin;
+		}
+#endif /* NETINET */
+#if NETINET6
+		else if (strcasecmp(p, "inet6") == 0)
+		{
+			addr.sa.sa_family = AF_INET6;
+			*socksize = sizeof addr.sin6;
+		}
+#endif /* NETINET6 */
+		else
+		{
+			smi_log(SMI_LOG_ERR, "%s: unknown socket type %s",
+				name, p);
+			return MI_INVALID_SOCKET;
+		}
+		*colon++ = ':';
+	}
+	else
+	{
+		colon = p;
+#if NETUNIX
+		/* default to AF_UNIX */
+ 		addr.sa.sa_family = AF_UNIX;
+		*socksize = sizeof (struct sockaddr_un);
+#else /* NETUNIX */
+# if NETINET
+		/* default to AF_INET */
+		addr.sa.sa_family = AF_INET;
+		*socksize = sizeof addr.sin;
+# else /* NETINET */
+#  if NETINET6
+		/* default to AF_INET6 */
+		addr.sa.sa_family = AF_INET6;
+		*socksize = sizeof addr.sin6;
+#  else /* NETINET6 */
+		smi_log(SMI_LOG_ERR, "%s: unknown socket type %s",
+			name, p);
+		return MI_INVALID_SOCKET;
+#  endif /* NETINET6 */
+# endif /* NETINET */
+#endif /* NETUNIX */
+	}
+
+#if NETUNIX
+	if (addr.sa.sa_family == AF_UNIX)
+	{
+# if 0
+		long sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_CREAT|SFF_MUSTOWN;
+# endif /* 0 */
+
+		at = colon;
+		if (strlcpy(addr.sunix.sun_path, colon,
+			    sizeof addr.sunix.sun_path) >=
+		    sizeof addr.sunix.sun_path)
+		{
+			errno = EINVAL;
+			smi_log(SMI_LOG_ERR, "%s: UNIX socket name %s too long",
+				name, colon);
+			return MI_INVALID_SOCKET;
+		}
+# if 0
+		errno = safefile(colon, RunAsUid, RunAsGid, RunAsUserName, sff,
+				 S_IRUSR|S_IWUSR, NULL);
+
+		/* if not safe, don't create */
+		if (errno != 0)
+		{
+			smi_log(SMI_LOG_ERR,
+				"%s: UNIX socket name %s unsafe",
+				name, colon);
+			return MI_INVALID_SOCKET;
+		}
+# endif /* 0 */
+
+	}
+#endif /* NETUNIX */
+
+#if NETINET || NETINET6
+	if (
+# if NETINET
+	    addr.sa.sa_family == AF_INET
+# endif /* NETINET */
+# if NETINET && NETINET6
+	    ||
+# endif /* NETINET && NETINET6 */
+# if NETINET6
+	    addr.sa.sa_family == AF_INET6
+# endif /* NETINET6 */
+	   )
+	{
+		u_short port;
+
+		/* Parse port@host */
+		at = strchr(colon, '@');
+		if (at == NULL)
+		{
+			switch (addr.sa.sa_family)
+			{
+# if NETINET
+			  case AF_INET:
+				addr.sin.sin_addr.s_addr = INADDR_ANY;
+				break;
+# endif /* NETINET */
+
+# if NETINET6
+			  case AF_INET6:
+				addr.sin6.sin6_addr = in6addr_any;
+				break;
+# endif /* NETINET6 */
+			}
+		}
+		else
+			*at = '\0';
+
+		if (isascii(*colon) && isdigit(*colon))
+			port = htons((u_short) atoi(colon));
+		else
+		{
+# ifdef NO_GETSERVBYNAME
+			smi_log(SMI_LOG_ERR, "%s: invalid port number %s",
+				name, colon);
+			return MI_INVALID_SOCKET;
+# else /* NO_GETSERVBYNAME */
+			register struct servent *sp;
+
+			sp = getservbyname(colon, "tcp");
+			if (sp == NULL)
+			{
+				smi_log(SMI_LOG_ERR,
+					"%s: unknown port name %s",
+					name, colon);
+				return MI_INVALID_SOCKET;
+			}
+			port = sp->s_port;
+# endif /* NO_GETSERVBYNAME */
+		}
+		if (at != NULL)
+		{
+			*at++ = '@';
+			if (*at == '[')
+			{
+				char *end;
+
+				end = strchr(at, ']');
+				if (end != NULL)
+				{
+					bool found = FALSE;
+# if NETINET
+					unsigned long hid = INADDR_NONE;
+# endif /* NETINET */
+# if NETINET6
+					struct sockaddr_in6 hid6;
+# endif /* NETINET6 */
+
+					*end = '\0';
+# if NETINET
+					if (addr.sa.sa_family == AF_INET &&
+					    (hid = inet_addr(&at[1])) !=
+					    INADDR_NONE)
+					{
+						addr.sin.sin_addr.s_addr = hid;
+						addr.sin.sin_port = port;
+						found = TRUE;
+					}
+# endif /* NETINET */
+# if NETINET6
+					(void) memset(&hid6, '\0', sizeof hid6);
+					if (addr.sa.sa_family == AF_INET6 &&
+					    inet_pton(AF_INET6, &at[1],
+						      &hid6.sin6_addr) == 1)
+					{
+						addr.sin6.sin6_addr = hid6.sin6_addr;
+						addr.sin6.sin6_port = port;
+						found = TRUE;
+					}
+# endif /* NETINET6 */
+					*end = ']';
+					if (!found)
+					{
+						smi_log(SMI_LOG_ERR,
+							"%s: Invalid numeric domain spec \"%s\"",
+							name, at);
+						return MI_INVALID_SOCKET;
+					}
+				}
+				else
+				{
+					smi_log(SMI_LOG_ERR,
+						"%s: Invalid numeric domain spec \"%s\"",
+						name, at);
+					return MI_INVALID_SOCKET;
+				}
+			}
+			else
+			{
+				hp = mi_gethostbyname(at, addr.sa.sa_family);
+				if (hp == NULL)
+				{
+					smi_log(SMI_LOG_ERR,
+						"%s: Unknown host name %s",
+						name, at);
+					return MI_INVALID_SOCKET;
+				}
+				addr.sa.sa_family = hp->h_addrtype;
+				switch (hp->h_addrtype)
+				{
+# if NETINET
+				  case AF_INET:
+					memmove(&addr.sin.sin_addr,
+						hp->h_addr,
+						INADDRSZ);
+					addr.sin.sin_port = port;
+					break;
+# endif /* NETINET */
+
+# if NETINET6
+				  case AF_INET6:
+					memmove(&addr.sin6.sin6_addr,
+						hp->h_addr,
+						IN6ADDRSZ);
+					addr.sin6.sin6_port = port;
+					break;
+# endif /* NETINET6 */
+
+				  default:
+					smi_log(SMI_LOG_ERR,
+						"%s: Unknown protocol for %s (%d)",
+						name, at, hp->h_addrtype);
+					return MI_INVALID_SOCKET;
+				}
+			}
+		}
+		else
+		{
+			switch (addr.sa.sa_family)
+			{
+# if NETINET
+			  case AF_INET:
+				addr.sin.sin_port = port;
+				break;
+# endif /* NETINET */
+# if NETINET6
+			  case AF_INET6:
+				addr.sin6.sin6_port = port;
+				break;
+# endif /* NETINET6 */
+			}
+		}
+	}
+#endif /* NETINET || NETINET6 */
+
+	sock = socket(addr.sa.sa_family, SOCK_STREAM, 0);
+	if (!ValidSocket(sock))
+	{
+		smi_log(SMI_LOG_ERR,
+			"%s: Unable to create new socket: %s",
+			name, strerror(errno));
+		return MI_INVALID_SOCKET;
+	}
+
+	if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *) &sockopt,
+		       sizeof(sockopt)) == -1)
+	{
+		smi_log(SMI_LOG_ERR,
+			"%s: Unable to setsockopt: %s", name, strerror(errno));
+		(void) close(sock);
+		return MI_INVALID_SOCKET;
+	}
+
+	if (bind(sock, &addr.sa, *socksize) < 0)
+	{
+		smi_log(SMI_LOG_ERR,
+			"%s: Unable to bind to port %s: %s",
+			name, conn, strerror(errno));
+		(void) close(sock);
+		return MI_INVALID_SOCKET;
+	}
+
+	if (listen(sock, backlog) < 0)
+	{
+		smi_log(SMI_LOG_ERR,
+			"%s: listen call failed: %s", name, strerror(errno));
+		(void) close(sock);
+		return MI_INVALID_SOCKET;
+	}
+
+	return sock;
+}
+/*
+**  MI_THREAD_HANDLE_WRAPPER -- small wrapper to handle session
+**
+**	Parameters:
+**		arg -- argument to pass to mi_handle_session()
+**
+**	Returns:
+**		results from mi_handle_session()
+*/
+
+void *
+mi_thread_handle_wrapper(arg)
+	void *arg;
+{
+	return (void *) mi_handle_session(arg);
+}
+
+/*
+**  MI_MILTER_LISTENER -- Generic listener harness
+**
+**	Open up listen port
+**	Wait for connections
+**
+**	Parameters:
+**		conn -- connection description
+**		dbg -- debug level
+**		smfi -- filter structure to use
+**		timeout -- timeout for reads/writes
+**
+**	Returns:
+**		MI_SUCCESS -- Exited normally
+**			   (session finished or we were told to exit)
+**		MI_FAILURE -- Network initialization failed.
+*/
+
+int
+mi_listener(conn, dbg, smfi, timeout)
+	char *conn;
+	int dbg;
+	smfiDesc_ptr smfi;
+	time_t timeout;
+{
+	int connfd = -1;
+	int listenfd = -1;
+	int sockopt = 1;
+	int r;
+	int ret = MI_SUCCESS;
+	int cnt_m = 0;
+	int cnt_t = 0;
+	sthread_t thread_id;
+	_SOCK_ADDR cliaddr;
+	SOCKADDR_LEN_T socksize;
+	SOCKADDR_LEN_T clilen;
+	SMFICTX_PTR ctx;
+	fd_set readset, excset;
+	struct timeval chktime;
+
+	if (dbg > 0)
+		smi_log(SMI_LOG_DEBUG,
+			"%s: Opening listen socket on conn %s",
+			smfi->xxfi_name, conn);
+	if ((listenfd = mi_milteropen(conn, SOMAXCONN, &socksize,
+				      smfi->xxfi_name)) < 0)
+	{
+		smi_log(SMI_LOG_FATAL,
+			"%s: Unable to create listening socket on conn %s",
+			smfi->xxfi_name, conn);
+		return MI_FAILURE;
+	}
+	clilen = socksize;
+	if (listenfd >= FD_SETSIZE)
+	{
+		smi_log(SMI_LOG_ERR, "%s: fd %d is larger than FD_SETSIZE %d",
+			smfi->xxfi_name, listenfd, FD_SETSIZE);
+		return MI_FAILURE;
+	}
+
+	while (mi_stop() == MILTER_CONT)
+	{
+		/* select on interface ports */
+		FD_ZERO(&readset);
+		FD_SET((u_int) listenfd, &readset);
+		FD_ZERO(&excset);
+		FD_SET((u_int) listenfd, &excset);
+		chktime.tv_sec = MI_CHK_TIME;
+		chktime.tv_usec = 0;
+		r = select(listenfd + 1, &readset, NULL, &excset, &chktime);
+		if (r == 0)		/* timeout */
+			continue;	/* just check mi_stop() */
+		if (r < 0)
+		{
+			if (errno == EINTR)
+				continue;
+			ret = MI_FAILURE;
+			break;
+		}
+		if (!FD_ISSET(listenfd, &readset))
+		{
+			/* some error: just stop for now... */
+			ret = MI_FAILURE;
+			break;
+		}
+
+		connfd = accept(listenfd, (struct sockaddr *) &cliaddr,
+				&clilen);
+
+		if (connfd < 0)
+		{
+			smi_log(SMI_LOG_ERR,
+				"%s: accept() returned invalid socket",
+				smfi->xxfi_name);
+			continue;
+		}
+
+		if (setsockopt(connfd, SOL_SOCKET, SO_KEEPALIVE,
+				(void *) &sockopt, sizeof sockopt) < 0)
+		{
+			smi_log(SMI_LOG_WARN, "%s: setsockopt() failed",
+				smfi->xxfi_name);
+			/* XXX: continue? */
+		}
+		if ((ctx = (SMFICTX_PTR) malloc(sizeof *ctx)) == NULL)
+		{
+			(void) close(connfd);
+			smi_log(SMI_LOG_ERR, "%s: malloc(ctx) failed",
+				smfi->xxfi_name);
+			sleep(++cnt_m);
+			if (cnt_m >= MAX_FAILS_M)
+			{
+				ret = MI_FAILURE;
+				break;
+			}
+			continue;
+		}
+		cnt_m = 0;
+		memset(ctx, '\0', sizeof *ctx);
+		ctx->ctx_sd = connfd;
+		ctx->ctx_dbg = dbg;
+		ctx->ctx_timeout = timeout;
+		ctx->ctx_smfi = smfi;
+#if 0
+		if (smfi->xxfi_eoh == NULL)
+		if (smfi->xxfi_eom == NULL)
+		if (smfi->xxfi_abort == NULL)
+		if (smfi->xxfi_close == NULL)
+#endif /* 0 */
+		if (smfi->xxfi_connect == NULL)
+			ctx->ctx_pflags |= SMFIP_NOCONNECT;
+		if (smfi->xxfi_helo == NULL)
+			ctx->ctx_pflags |= SMFIP_NOHELO;
+		if (smfi->xxfi_envfrom == NULL)
+			ctx->ctx_pflags |= SMFIP_NOMAIL;
+		if (smfi->xxfi_envrcpt == NULL)
+			ctx->ctx_pflags |= SMFIP_NORCPT;
+		if (smfi->xxfi_header == NULL)
+			ctx->ctx_pflags |= SMFIP_NOHDRS;
+		if (smfi->xxfi_eoh == NULL)
+			ctx->ctx_pflags |= SMFIP_NOEOH;
+		if (smfi->xxfi_body == NULL)
+			ctx->ctx_pflags |= SMFIP_NOBODY;
+
+		if ((r = thread_create(&thread_id,
+					mi_thread_handle_wrapper,
+					(void *) ctx)) != MI_SUCCESS)
+		{
+			smi_log(SMI_LOG_ERR,
+				"%s: thread_create() failed: %d",
+				smfi->xxfi_name,  r);
+			sleep(++cnt_t);
+			(void) close(connfd);
+			free(ctx);
+			if (cnt_t >= MAX_FAILS_T)
+			{
+				ret = MI_FAILURE;
+				break;
+			}
+			continue;
+		}
+		cnt_t = 0;
+	}
+	if (ret != MI_SUCCESS)
+		mi_stop_milters(MILTER_ABRT);
+	if (listenfd >= 0)
+		(void) close(listenfd);
+	return ret;
+}
+#endif /* _FFR_MILTER */
diff --git a/contrib/sendmail/libmilter/main.c b/contrib/sendmail/libmilter/main.c
new file mode 100644
index 0000000..3233ba1
--- /dev/null
+++ b/contrib/sendmail/libmilter/main.c
@@ -0,0 +1,132 @@
+/*
+ *  Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: main.c,v 8.34.4.5 2000/07/14 06:16:57 msk Exp $";
+#endif /* ! lint */
+
+#if _FFR_MILTER
+#define _DEFINE	1
+#include "libmilter.h"
+#include <fcntl.h>
+#include <sys/stat.h>
+
+
+static smfiDesc_ptr smfi = NULL;
+
+/*
+**  SMFI_REGISTER -- register a filter description
+**
+**	Parameters:
+**		smfilter -- description of filter to register
+**
+**	Returns:
+**		MI_SUCCESS/MI_FAILURE
+*/
+
+int
+smfi_register(smfilter)
+	smfiDesc_str smfilter;
+{
+	size_t len;
+
+	if (smfi == NULL)
+	{
+		smfi = (smfiDesc_ptr) malloc(sizeof *smfi);
+		if (smfi == NULL)
+			return MI_FAILURE;
+	}
+	(void)memcpy(smfi, &smfilter, sizeof *smfi);
+	if (smfilter.xxfi_name == NULL)
+		smfilter.xxfi_name = "Unknown";
+
+	len = strlen(smfilter.xxfi_name) + 1;
+	smfi->xxfi_name = (char *) malloc(len);
+	if (smfi->xxfi_name == NULL)
+		return MI_FAILURE;
+	(void) strlcpy(smfi->xxfi_name, smfilter.xxfi_name, len);
+
+	/* compare milter version with hard coded version */
+	if (smfi->xxfi_version != SMFI_VERSION)
+	{
+		/* hard failure for now! */
+		smi_log(SMI_LOG_ERR,
+			"%s: smfi_register: version mismatch application: %d != milter: %d",
+			smfi->xxfi_name, smfi->xxfi_version,
+			(int) SMFI_VERSION);
+		return MI_FAILURE;
+	}
+
+	return MI_SUCCESS;
+}
+
+static int dbg = 0;
+static char *conn = NULL;
+static int timeout = MI_TIMEOUT;
+
+int
+smfi_setdbg(odbg)
+	int odbg;
+{
+	dbg = odbg;
+	return MI_SUCCESS;
+}
+
+int
+smfi_settimeout(otimeout)
+	int otimeout;
+{
+	timeout = otimeout;
+	return MI_SUCCESS;
+}
+
+int
+smfi_setconn(oconn)
+	char *oconn;
+{
+	size_t l;
+
+	if (oconn == NULL || *oconn == '\0')
+		return MI_FAILURE;
+	l = strlen(oconn) + 1;
+	if ((conn = (char *) malloc(l)) == NULL)
+		return MI_FAILURE;
+	if (strlcpy(conn, oconn, l) >= l)
+		return MI_FAILURE;
+	return MI_SUCCESS;
+}
+
+int
+smfi_main()
+{
+	signal(SIGPIPE, SIG_IGN);
+	if (conn == NULL)
+	{
+		smi_log(SMI_LOG_FATAL, "%s: missing connection information",
+			smfi->xxfi_name);
+		return MI_FAILURE;
+	}
+
+	(void) atexit(mi_clean_signals);
+	if (mi_control_startup(smfi->xxfi_name) != MI_SUCCESS)
+	{
+		smi_log(SMI_LOG_FATAL,
+			"%s: Couldn't start signal thread",
+			smfi->xxfi_name);
+		return MI_FAILURE;
+	}
+
+	/* Startup the listener */
+	if (mi_listener(conn, dbg, smfi, timeout) != MI_SUCCESS)
+		return MI_FAILURE;
+
+	return MI_SUCCESS;
+}
+#endif /* _FFR_MILTER */
diff --git a/contrib/sendmail/libmilter/signal.c b/contrib/sendmail/libmilter/signal.c
new file mode 100644
index 0000000..c57c313
--- /dev/null
+++ b/contrib/sendmail/libmilter/signal.c
@@ -0,0 +1,219 @@
+/*
+ *  Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: signal.c,v 8.10.4.4 2000/07/14 06:16:57 msk Exp $";
+#endif /* ! lint */
+
+#if _FFR_MILTER
+#include "libmilter.h"
+
+typedef pthread_mutex_t smutex_t;
+#define smutex_init(mp)		(pthread_mutex_init(mp, NULL) == 0)
+#define smutex_destroy(mp)	(pthread_mutex_destroy(mp) == 0)
+#define smutex_lock(mp)		(pthread_mutex_lock(mp) == 0)
+#define smutex_unlock(mp)	(pthread_mutex_unlock(mp) == 0)
+#define smutex_trylock(mp)	(pthread_mutex_trylock(mp) == 0)
+
+/*
+** thread to handle signals
+*/
+
+static smutex_t M_Mutex;
+
+static int MilterStop = MILTER_CONT;
+
+/*
+**  MI_STOP -- return value of MilterStop
+**
+**	Parameters:
+**		none.
+**
+**	Returns:
+**		value of MilterStop
+*/
+
+int
+mi_stop()
+{
+	return MilterStop;
+}
+/*
+**  MI_STOP_MILTERS -- set value of MilterStop
+**
+**	Parameters:
+**		v -- new value for MilterStop.
+**
+**	Returns:
+**		none.
+*/
+
+void
+mi_stop_milters(v)
+	int v;
+{
+	(void) smutex_lock(&M_Mutex);
+	if (MilterStop < v)
+		MilterStop = v;
+	(void) smutex_unlock(&M_Mutex);
+}
+/*
+**  MI_CLEAN_SIGNALS -- clean up signal handler thread
+**
+**	Parameters:
+**		none.
+**
+**	Returns:
+**		none.
+*/
+
+void
+mi_clean_signals()
+{
+	(void) smutex_destroy(&M_Mutex);
+}
+/*
+**  MI_SIGNAL_THREAD -- thread to deal with signals
+**
+**	Parameters:
+**		name -- name of milter
+**
+**	Returns:
+**		NULL
+*/
+
+static void *
+mi_signal_thread(name)
+	void *name;
+{
+	int sig, errs;
+	sigset_t set;
+
+	sigemptyset(&set);
+	sigaddset(&set, SIGHUP);
+	sigaddset(&set, SIGTERM);
+
+	/* Handle Ctrl-C gracefully for debugging */
+	sigaddset(&set, SIGINT);
+	errs = 0;
+
+	while (TRUE)
+	{
+		sig = 0;
+#ifdef SOLARIS
+		if ((sig = sigwait(&set)) < 0)
+#else /* SOLARIS */
+		if (sigwait(&set, &sig) != 0)
+#endif /* SOLARIS */
+		{
+			smi_log(SMI_LOG_ERR,
+				"%s: sigwait returned error: %s",
+				(char *)name, strerror(errno));
+			if (++errs > MAX_FAILS_T)
+			{
+				mi_stop_milters(MILTER_ABRT);
+				return NULL;
+			}
+			continue;
+		}
+		errs = 0;
+
+		switch (sig)
+		{
+		  case SIGHUP:
+		  case SIGTERM:
+			mi_stop_milters(MILTER_STOP);
+			return NULL;
+		  case SIGINT:
+			mi_stop_milters(MILTER_ABRT);
+			return NULL;
+		  default:
+			smi_log(SMI_LOG_ERR,
+				"%s: sigwait returned unmasked signal: %d",
+				(char *)name, sig);
+			break;
+		}
+	}
+}
+/*
+**  MI_SPAWN_SIGNAL_THREAD -- spawn thread to handle signals
+**
+**	Parameters:
+**		name -- name of milter
+**
+**	Returns:
+**		MI_SUCCESS/MI_FAILURE
+*/
+
+static int
+mi_spawn_signal_thread(name)
+	char *name;
+{
+	sthread_t tid;
+	sigset_t set;
+
+	/* Mask HUP and KILL signals */
+	sigemptyset(&set);
+	sigaddset(&set, SIGHUP);
+	sigaddset(&set, SIGTERM);
+	sigaddset(&set, SIGINT);
+
+	if (pthread_sigmask(SIG_BLOCK, &set, NULL) != 0)
+	{
+		smi_log(SMI_LOG_ERR,
+			"%s: Couldn't mask HUP and KILL signals", name);
+		return MI_FAILURE;
+	}
+	if (thread_create(&tid, mi_signal_thread,
+			  (void *)name) != MI_SUCCESS)
+	{
+		smi_log(SMI_LOG_ERR,
+			"%s: Couldn't start signal thread", name);
+		return MI_FAILURE;
+	}
+	return MI_SUCCESS;
+}
+/*
+**  MI_CONTROL_STARTUP -- startup for thread to handle signals
+**
+**	Parameters:
+**		name -- name of milter
+**
+**	Returns:
+**		MI_SUCCESS/MI_FAILURE
+*/
+
+int
+mi_control_startup(name)
+	char *name;
+{
+
+	if (!smutex_init(&M_Mutex))
+	{
+		smi_log(SMI_LOG_ERR,
+			"%s: Couldn't initialize control pipe mutex", name);
+		return MI_FAILURE;
+	}
+
+	/*
+	**  spawn_signal_thread must happen before other threads are spawned
+	**  off so that it can mask the right signals and other threads
+	**  will inherit that mask.
+	*/
+	if (mi_spawn_signal_thread(name) == MI_FAILURE)
+	{
+		smi_log(SMI_LOG_ERR,
+			"%s: Couldn't spawn signal thread", name);
+		(void) smutex_destroy(&M_Mutex);
+		return MI_FAILURE;
+	}
+	return MI_SUCCESS;
+}
+#endif /* _FFR_MILTER */
diff --git a/contrib/sendmail/libmilter/sm_gethost.c b/contrib/sendmail/libmilter/sm_gethost.c
new file mode 100644
index 0000000..fc45d28
--- /dev/null
+++ b/contrib/sendmail/libmilter/sm_gethost.c
@@ -0,0 +1,99 @@
+/*
+ *  Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: sm_gethost.c,v 8.7 2000/01/20 21:51:52 geir Exp $";
+#endif /* ! lint */
+
+#if _FFR_MILTER
+#include <sendmail.h>
+#if NETINET || NETINET6
+# include <arpa/inet.h>
+#endif /* NETINET || NETINET6 */
+
+/*
+**  MI_GETHOSTBY{NAME,ADDR} -- compatibility routines for gethostbyXXX
+**
+**	Some operating systems have wierd problems with the gethostbyXXX
+**	routines.  For example, Solaris versions at least through 2.3
+**	don't properly deliver a canonical h_name field.  This tries to
+**	work around these problems.
+**
+**	Support IPv6 as well as IPv4.
+*/
+
+#if NETINET6 && NEEDSGETIPNODE && __RES < 19990909
+
+# ifndef AI_V4MAPPED
+#  define AI_V4MAPPED	0	/* dummy */
+# endif /* ! AI_V4MAPPED */
+# ifndef AI_ALL
+#  define AI_ALL	0	/* dummy */
+# endif /* ! AI_ALL */
+
+static struct hostent *
+mi_getipnodebyname(name, family, flags, err)
+	char *name;
+	int family;
+	int flags;
+	int *err;
+{
+	bool resv6 = TRUE;
+	struct hostent *h;
+
+	if (family == AF_INET6)
+	{
+		/* From RFC2133, section 6.1 */
+		resv6 = bitset(RES_USE_INET6, _res.options);
+		_res.options |= RES_USE_INET6;
+	}
+	h_errno = 0;
+	h = gethostbyname(name);
+	*err = h_errno;
+	if (family == AF_INET6 && !resv6)
+		_res.options &= ~RES_USE_INET6;
+	return h;
+}
+#endif /* NEEDSGETIPNODE && NETINET6 && __RES < 19990909 */
+
+struct hostent *
+mi_gethostbyname(name, family)
+	char *name;
+	int family;
+{
+	struct hostent *h = NULL;
+#if (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4))
+# if SOLARIS == 20300 || SOLARIS == 203
+	static struct hostent hp;
+	static char buf[1000];
+	extern struct hostent *_switch_gethostbyname_r();
+
+	h = _switch_gethostbyname_r(name, &hp, buf, sizeof(buf), &h_errno);
+# else /* SOLARIS == 20300 || SOLARIS == 203 */
+	extern struct hostent *__switch_gethostbyname();
+
+	h = __switch_gethostbyname(name);
+# endif /* SOLARIS == 20300 || SOLARIS == 203 */
+#else /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4)) */
+# if NETINET6
+	int err;
+# endif /* NETINET6 */
+
+# if NETINET6
+	h = mi_getipnodebyname(name, family, AI_V4MAPPED|AI_ALL, &err);
+	h_errno = err;
+# else /* NETINET6 */
+	h = gethostbyname(name);
+# endif /* NETINET6 */
+
+#endif /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4)) */
+	return h;
+}
+#endif /* _FFR_MILTER */
diff --git a/contrib/sendmail/libmilter/smfi.c b/contrib/sendmail/libmilter/smfi.c
new file mode 100644
index 0000000..e034aa8
--- /dev/null
+++ b/contrib/sendmail/libmilter/smfi.c
@@ -0,0 +1,400 @@
+/*
+ *  Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: smfi.c,v 8.28.4.6 2000/06/28 23:48:56 gshapiro Exp $";
+#endif /* ! lint */
+
+#if _FFR_MILTER
+#include "libmilter.h"
+#include "sendmail/useful.h"
+
+/*
+**  SMFI_ADDHEADER -- send a new header to the MTA
+**
+**	Parameters:
+**		ctx -- Opaque context structure
+**		headerf -- Header field name
+**		headerv -- Header field value
+**
+**	Returns:
+**		MI_SUCCESS/MI_FAILURE
+*/
+
+int
+smfi_addheader(ctx, headerf, headerv)
+	SMFICTX *ctx;
+	char *headerf;
+	char *headerv;
+{
+	/* do we want to copy the stuff or have a special mi_wr_cmd call? */
+	size_t len, l1, l2;
+	int r;
+	char *buf;
+	struct timeval timeout;
+
+	if (headerf == NULL || *headerf == '\0' || headerv == NULL)
+		return MI_FAILURE;
+	if (!mi_sendok(ctx, SMFIF_ADDHDRS))
+		return MI_FAILURE;
+	timeout.tv_sec = ctx->ctx_timeout;
+	timeout.tv_usec = 0;
+	l1 = strlen(headerf);
+	l2 = strlen(headerv);
+	len = l1 + l2 + 2;
+	buf = malloc(len);
+	if (buf == NULL)
+		return MI_FAILURE;
+	(void) memcpy(buf, headerf, l1 + 1);
+	(void) memcpy(buf + l1 + 1, headerv, l2 + 1);
+	r = mi_wr_cmd(ctx->ctx_sd, &timeout, SMFIR_ADDHEADER, buf, len);
+	free(buf);
+	return r;
+}
+
+/*
+**  SMFI_CHGHEADER -- send a changed header to the MTA
+**
+**	Parameters:
+**		ctx -- Opaque context structure
+**		headerf -- Header field name
+**		hdridx -- Header index value
+**		headerv -- Header field value
+**
+**	Returns:
+**		MI_SUCCESS/MI_FAILURE
+*/
+
+int
+smfi_chgheader(ctx, headerf, hdridx, headerv)
+	SMFICTX *ctx;
+	char *headerf;
+	mi_int32 hdridx;
+	char *headerv;
+{
+	/* do we want to copy the stuff or have a special mi_wr_cmd call? */
+	size_t len, l1, l2;
+	int r;
+	mi_int32 v;
+	char *buf;
+	struct timeval timeout;
+
+	if (headerf == NULL || *headerf == '\0')
+		return MI_FAILURE;
+	if (hdridx < 0)
+		return MI_FAILURE;
+	if (!mi_sendok(ctx, SMFIF_CHGHDRS))
+		return MI_FAILURE;
+	timeout.tv_sec = ctx->ctx_timeout;
+	timeout.tv_usec = 0;
+	if (headerv == NULL)
+		headerv = "";
+	l1 = strlen(headerf);
+	l2 = strlen(headerv);
+	len = l1 + l2 + 2 + MILTER_LEN_BYTES;
+	buf = malloc(len);
+	if (buf == NULL)
+		return MI_FAILURE;
+	v = htonl(hdridx);
+	(void) memcpy(&(buf[0]), (void *) &v, MILTER_LEN_BYTES);
+	(void) memcpy(buf + MILTER_LEN_BYTES, headerf, l1 + 1);
+	(void) memcpy(buf + MILTER_LEN_BYTES + l1 + 1, headerv, l2 + 1);
+	r = mi_wr_cmd(ctx->ctx_sd, &timeout, SMFIR_CHGHEADER, buf, len);
+	free(buf);
+	return r;
+}
+/*
+**  SMFI_ADDRCPT -- send an additional recipient to the MTA
+**
+**	Parameters:
+**		ctx -- Opaque context structure
+**		rcpt -- recipient address
+**
+**	Returns:
+**		MI_SUCCESS/MI_FAILURE
+*/
+
+int
+smfi_addrcpt(ctx, rcpt)
+	SMFICTX *ctx;
+	char *rcpt;
+{
+	size_t len;
+	struct timeval timeout;
+
+	if (rcpt == NULL || *rcpt == '\0')
+		return MI_FAILURE;
+	if (!mi_sendok(ctx, SMFIF_ADDRCPT))
+		return MI_FAILURE;
+	timeout.tv_sec = ctx->ctx_timeout;
+	timeout.tv_usec = 0;
+	len = strlen(rcpt) + 1;
+	return mi_wr_cmd(ctx->ctx_sd, &timeout, SMFIR_ADDRCPT, rcpt, len);
+}
+/*
+**  SMFI_DELRCPT -- send a recipient to be removed to the MTA
+**
+**	Parameters:
+**		ctx -- Opaque context structure
+**		rcpt -- recipient address
+**
+**	Returns:
+**		MI_SUCCESS/MI_FAILURE
+*/
+
+int
+smfi_delrcpt(ctx, rcpt)
+	SMFICTX *ctx;
+	char *rcpt;
+{
+	size_t len;
+	struct timeval timeout;
+
+	if (rcpt == NULL || *rcpt == '\0')
+		return MI_FAILURE;
+	if (!mi_sendok(ctx, SMFIF_DELRCPT))
+		return MI_FAILURE;
+	timeout.tv_sec = ctx->ctx_timeout;
+	timeout.tv_usec = 0;
+	len = strlen(rcpt) + 1;
+	return mi_wr_cmd(ctx->ctx_sd, &timeout, SMFIR_DELRCPT, rcpt, len);
+}
+/*
+**  SMFI_REPLACEBODY -- send a body chunk to the MTA
+**
+**	Parameters:
+**		ctx -- Opaque context structure
+**		bodyp -- body chunk
+**		bodylen -- length of body chunk
+**
+**	Returns:
+**		MI_SUCCESS/MI_FAILURE
+*/
+
+int
+smfi_replacebody(ctx, bodyp, bodylen)
+	SMFICTX *ctx;
+	u_char *bodyp;
+	int bodylen;
+{
+	int len, off, r;
+	struct timeval timeout;
+
+	if (bodyp == NULL && bodylen > 0)
+		return MI_FAILURE;
+	if (!mi_sendok(ctx, SMFIF_CHGBODY))
+		return MI_FAILURE;
+	timeout.tv_sec = ctx->ctx_timeout;
+	timeout.tv_usec = 0;
+
+	/* split body chunk if necessary */
+	off = 0;
+	while (bodylen > 0)
+	{
+		len = (bodylen >= MILTER_CHUNK_SIZE) ? MILTER_CHUNK_SIZE :
+						       bodylen;
+		if ((r = mi_wr_cmd(ctx->ctx_sd, &timeout, SMFIR_REPLBODY,
+				(char *) (bodyp + off), len)) != MI_SUCCESS)
+			return r;
+		off += len;
+		bodylen -= len;
+	}
+	return MI_SUCCESS;
+}
+/*
+**  MYISENHSC -- check whether a string contains an enhanced status code
+**
+**	Parameters:
+**		s -- string with possible enhanced status code.
+**		delim -- delim for enhanced status code.
+**
+**	Returns:
+**		0  -- no enhanced status code.
+**		>4 -- length of enhanced status code.
+**
+**	Side Effects:
+**		none.
+*/
+static int
+myisenhsc(s, delim)
+	const char *s;
+	int delim;
+{
+	int l, h;
+
+	if (s == NULL)
+		return 0;
+	if (!((*s == '2' || *s == '4' || *s == '5') && s[1] == '.'))
+		return 0;
+	h = 0;
+	l = 2;
+	while (h < 3 && isascii(s[l + h]) && isdigit(s[l + h]))
+		++h;
+	if (h == 0 || s[l + h] != '.')
+		return 0;
+	l += h + 1;
+	h = 0;
+	while (h < 3 && isascii(s[l + h]) && isdigit(s[l + h]))
+		++h;
+	if (h == 0 || s[l + h] != delim)
+		return 0;
+	return l + h;
+}
+/*
+**  SMFI_SETREPLY -- set the reply code for the next reply to the MTA
+**
+**	Parameters:
+**		ctx -- Opaque context structure
+**		rcode -- The three-digit (RFC 821) SMTP reply code.
+**		xcode -- The extended (RFC 2034) reply code.
+**		message -- The text part of the SMTP reply.
+**
+**	Returns:
+**		MI_SUCCESS/MI_FAILURE
+*/
+
+int
+smfi_setreply(ctx, rcode, xcode, message)
+	SMFICTX *ctx;
+	char *rcode;
+	char *xcode;
+	char *message;
+{
+	size_t len, l1, l2, l3;
+	char *buf;
+
+	if (rcode == NULL || ctx == NULL)
+		return MI_FAILURE;
+	l1 = strlen(rcode) + 1;
+	if (l1 != 4)
+		return MI_FAILURE;
+	if ((rcode[0] != '4' && rcode[0] != '5') ||
+	    !isascii(rcode[1]) || !isdigit(rcode[1]) ||
+	    !isascii(rcode[2]) || !isdigit(rcode[2]))
+		return MI_FAILURE;
+	l2 = xcode == NULL ? 1 : strlen(xcode) + 1;
+	if (xcode != NULL && !myisenhsc(xcode, '\0'))
+		return MI_FAILURE;
+	l3 = message == NULL ? 1 : strlen(message) + 1;
+	len = l1 + l2 + l3;
+	buf = malloc(len);
+	if (buf == NULL)
+		return MI_FAILURE;		/* oops */
+	(void) snprintf(buf, len, "%s %s %s", rcode,
+			xcode == NULL ? "" : xcode,
+			message == NULL ? "" : message);
+	if (ctx->ctx_reply != NULL)
+		free(ctx->ctx_reply);
+	ctx->ctx_reply = buf;
+	return MI_SUCCESS;
+}
+/*
+**  SMFI_SETPRIV -- set private data
+**
+**	Parameters:
+**		ctx -- Opaque context structure
+**		privatedata -- pointer to private data
+**
+**	Returns:
+**		MI_SUCCESS/MI_FAILURE
+*/
+
+int
+smfi_setpriv(ctx, privatedata)
+	SMFICTX *ctx;
+	void *privatedata;
+{
+	if (ctx == NULL)
+		return MI_FAILURE;
+	ctx->ctx_privdata = privatedata;
+	return MI_SUCCESS;
+}
+/*
+**  SMFI_GETPRIV -- get private data
+**
+**	Parameters:
+**		ctx -- Opaque context structure
+**
+**	Returns:
+**		pointer to private data
+*/
+
+void *
+smfi_getpriv(ctx)
+	SMFICTX *ctx;
+{
+	if (ctx == NULL)
+		return NULL;
+	return ctx->ctx_privdata;
+}
+/*
+**  SMFI_GETSYMVAL -- get the value of a macro
+**
+**	See explanation in mfapi.h about layout of the structures.
+**
+**	Parameters:
+**		ctx -- Opaque context structure
+**		symname -- name of macro
+**
+**	Returns:
+**		value of macro (NULL in case of failure)
+*/
+
+char *
+smfi_getsymval(ctx, symname)
+	SMFICTX *ctx;
+	char *symname;
+{
+	int i;
+	char **s;
+	char one[2];
+	char braces[4];
+
+	if (ctx == NULL || symname == NULL || *symname == '\0')
+		return NULL;
+
+	if (strlen(symname) == 3 && symname[0] == '{' && symname[2] == '}')
+	{
+		one[0] = symname[1];
+		one[1] = '\0';
+	}
+	else
+		one[0] = '\0';
+	if (strlen(symname) == 1)
+	{
+		braces[0] = '{';
+		braces[1] = *symname;
+		braces[2] = '}';
+		braces[3] = '\0';
+	}
+	else
+		braces[0] = '\0';
+
+	/* search backwards through the macro array */
+	for (i = MAX_MACROS_ENTRIES - 1 ; i >= 0; --i)
+	{
+		if ((s = ctx->ctx_mac_ptr[i]) == NULL ||
+		    ctx->ctx_mac_buf[i] == NULL)
+			continue;
+		while (s != NULL && *s != NULL)
+		{
+			if (strcmp(*s, symname) == 0)
+				return *++s;
+			if (one[0] != '\0' && strcmp(*s, one) == 0)
+				return *++s;
+			if (braces[0] != '\0' && strcmp(*s, braces) == 0)
+				return *++s;
+			++s;	/* skip over macro value */
+			++s;	/* points to next macro name */
+		}
+	}
+	return NULL;
+}
+#endif /* _FFR_MILTER */
diff --git a/contrib/sendmail/libsmdb/Build b/contrib/sendmail/libsmdb/Build
new file mode 100755
index 0000000..014c45c
--- /dev/null
+++ b/contrib/sendmail/libsmdb/Build
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+#	$Id: Build,v 8.2.2.1 2000/04/10 06:41:07 gshapiro Exp $
+
+exec sh ../devtools/bin/Build $*
diff --git a/contrib/sendmail/libsmdb/Makefile b/contrib/sendmail/libsmdb/Makefile
new file mode 100644
index 0000000..0422ed5
--- /dev/null
+++ b/contrib/sendmail/libsmdb/Makefile
@@ -0,0 +1,17 @@
+#       $Id: Makefile,v 8.2 1999/09/23 22:36:29 ca Exp $
+
+SHELL= /bin/sh
+BUILD=   ./Build
+OPTIONS= $(CONFIG) $(FLAGS)
+
+all: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+clean: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+install: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+
+fresh: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) -c
+
+FRC:
diff --git a/contrib/sendmail/libsmdb/Makefile.m4 b/contrib/sendmail/libsmdb/Makefile.m4
new file mode 100644
index 0000000..f24c0a0
--- /dev/null
+++ b/contrib/sendmail/libsmdb/Makefile.m4
@@ -0,0 +1,13 @@
+include(confBUILDTOOLSDIR`/M4/switch.m4')
+
+# sendmail dir
+SMSRCDIR=	ifdef(`confSMSRCDIR', `confSMSRCDIR', `${SRCDIR}/sendmail')
+PREPENDDEF(`confENVDEF', `confMAPDEF')
+PREPENDDEF(`confINCDIRS', `-I${SMSRCDIR} ')
+
+bldPRODUCT_START(`library', `libsmdb')
+define(`bldSOURCES', `smdb.c smdb1.c smdb2.c smndbm.c ')
+APPENDDEF(`confENVDEF', `-DNOT_SENDMAIL')
+bldPRODUCT_END
+
+bldFINISH
diff --git a/contrib/sendmail/libsmdb/smdb.c b/contrib/sendmail/libsmdb/smdb.c
new file mode 100644
index 0000000..ee563a1
--- /dev/null
+++ b/contrib/sendmail/libsmdb/smdb.c
@@ -0,0 +1,412 @@
+/*
+** Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+**	All rights reserved.
+**
+** By using this file, you agree to the terms and conditions set
+** forth in the LICENSE file which can be found at the top level of
+** the sendmail distribution.
+*/
+
+#ifndef lint
+static char id[] = "@(#)$Id: smdb.c,v 8.37.4.1 2000/05/25 18:56:09 gshapiro Exp $";
+#endif /* ! lint */
+
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+#include <sendmail/sendmail.h>
+#include <libsmdb/smdb.h>
+
+/*
+** SMDB_MALLOC_DATABASE -- Allocates a database structure.
+**
+**	Parameters:
+**		None
+**
+**	Returns:
+**		An pointer to an allocated SMDB_DATABASE structure or
+**		NULL if it couldn't allocate the memory.
+*/
+
+SMDB_DATABASE *
+smdb_malloc_database()
+{
+	SMDB_DATABASE *db;
+
+	db = (SMDB_DATABASE *) malloc(sizeof(SMDB_DATABASE));
+
+	if (db != NULL)
+		memset(db, '\0', sizeof(SMDB_DATABASE));
+
+	return db;
+}
+
+
+/*
+** SMDB_FREE_DATABASE -- Unallocates a database structure.
+**
+**	Parameters:
+**		database -- a SMDB_DATABASE pointer to deallocate.
+**
+**	Returns:
+**		None
+*/
+
+void
+smdb_free_database(database)
+	SMDB_DATABASE *database;
+{
+	if (database != NULL)
+		free(database);
+}
+
+
+/*
+** SMDB_OPEN_DATABASE -- Opens a database.
+**
+**	This opens a database. If type is SMDB_DEFAULT it tries to
+**	use a DB1 or DB2 hash. If that isn't available, it will try
+**	to use NDBM. If a specific type is given it will try to open
+**	a database of that type.
+**
+**	Parameters:
+**		database -- An pointer to a SMDB_DATABASE pointer where the
+**			   opened database will be stored. This should
+**			   be unallocated.
+**		db_name -- The name of the database to open. Do not include
+**			  the file name extension.
+**		mode -- The mode to set on the database file or files.
+**		mode_mask -- Mode bits that must match on an opened database.
+**		sff -- Flags to safefile.
+**		type -- The type of database to open. Supported types
+**		       vary depending on what was compiled in.
+**		user_info -- Information on the user to use for file
+**			    permissions.
+**		params -- Params specific to the database being opened.
+**			 Only supports some DB hash options right now
+**			 (see smdb_db_open() for details).
+**
+**	Returns:
+**		SMDBE_OK -- Success.
+**		Anything else is an error. Look up more info about the
+**		error in the comments for the specific open() used.
+*/
+
+int
+smdb_open_database(database, db_name, mode, mode_mask, sff, type, user_info,
+		   params)
+	SMDB_DATABASE **database;
+	char *db_name;
+	int mode;
+	int mode_mask;
+	long sff;
+	SMDB_DBTYPE type;
+	SMDB_USER_INFO *user_info;
+	SMDB_DBPARAMS *params;
+{
+	int result;
+	bool type_was_default = FALSE;
+
+	if (type == SMDB_TYPE_DEFAULT)
+	{
+		type_was_default = TRUE;
+#ifdef NEWDB
+		type = SMDB_TYPE_HASH;
+#else /* NEWDB */
+# ifdef NDBM
+		type = SMDB_TYPE_NDBM;
+# endif /* NDBM */
+#endif /* NEWDB */
+	}
+
+	if (type == SMDB_TYPE_DEFAULT)
+		return SMDBE_UNKNOWN_DB_TYPE;
+
+	if ((strncmp(type, SMDB_TYPE_HASH, SMDB_TYPE_HASH_LEN) == 0) ||
+	    (strncmp(type, SMDB_TYPE_BTREE, SMDB_TYPE_BTREE_LEN) == 0))
+	{
+#ifdef NEWDB
+		result = smdb_db_open(database, db_name, mode, mode_mask, sff,
+				      type, user_info, params);
+# ifdef NDBM
+		if (result == ENOENT && type_was_default)
+			type = SMDB_TYPE_NDBM;
+		else
+# endif /* NDBM */
+			return result;
+#else /* NEWDB */
+		return SMDBE_UNSUPPORTED_DB_TYPE;
+#endif /* NEWDB */
+	}
+
+	if (strncmp(type, SMDB_TYPE_NDBM, SMDB_TYPE_NDBM_LEN) == 0)
+	{
+#ifdef NDBM
+		result = smdb_ndbm_open(database, db_name, mode, mode_mask,
+					sff, type, user_info, params);
+		return result;
+#else /* NDBM */
+		return SMDBE_UNSUPPORTED_DB_TYPE;
+#endif /* NDBM */
+	}
+
+	return SMDBE_UNKNOWN_DB_TYPE;
+}
+
+/*
+** SMDB_ADD_EXTENSION -- Adds an extension to a file name.
+**
+**	Just adds a . followed by a string to a db_name if there
+**	is room and the db_name does not already have that extension.
+**
+**	Parameters:
+**		full_name -- The final file name.
+**		max_full_name_len -- The max length for full_name.
+**		db_name -- The name of the db.
+**		extension -- The extension to add.
+**
+**	Returns:
+**		SMDBE_OK -- Success.
+**		Anything else is an error. Look up more info about the
+**		error in the comments for the specific open() used.
+*/
+
+int
+smdb_add_extension(full_name, max_full_name_len, db_name, extension)
+	char *full_name;
+	int max_full_name_len;
+	char *db_name;
+	char *extension;
+{
+	int extension_len;
+	int db_name_len;
+
+	if (full_name == NULL || db_name == NULL || extension == NULL)
+		return SMDBE_INVALID_PARAMETER;
+
+	extension_len = strlen(extension);
+	db_name_len = strlen(db_name);
+
+	if (extension_len + db_name_len + 2 > max_full_name_len)
+		return SMDBE_DB_NAME_TOO_LONG;
+
+	if (db_name_len < extension_len + 1 ||
+	    db_name[db_name_len - extension_len - 1] != '.' ||
+	    strcmp(&db_name[db_name_len - extension_len], extension) != 0)
+		snprintf(full_name, max_full_name_len, "%s.%s", db_name,
+			 extension);
+	else
+		(void) strlcpy(full_name, db_name, max_full_name_len);
+
+	return SMDBE_OK;
+}
+
+/*
+**  SMDB_LOCK_FILE -- Locks the database file.
+**
+**	Locks the actual database file.
+**
+**	Parameters:
+**		lock_fd -- The resulting descriptor for the locked file.
+**		db_name -- The name of the database without extension.
+**		mode -- The open mode.
+**		sff -- Flags to safefile.
+**		extension -- The extension for the file.
+**
+**	Returns:
+**		SMDBE_OK -- Success, otherwise errno.
+*/
+
+int
+smdb_lock_file(lock_fd, db_name, mode, sff, extension)
+	int *lock_fd;
+	char *db_name;
+	int mode;
+	long sff;
+	char *extension;
+{
+	int result;
+	char file_name[SMDB_MAX_NAME_LEN];
+
+	result = smdb_add_extension(file_name, SMDB_MAX_NAME_LEN, db_name,
+				    extension);
+	if (result != SMDBE_OK)
+		return result;
+
+	*lock_fd = safeopen(file_name, mode & ~O_TRUNC, 0644, sff);
+	if (*lock_fd < 0)
+		return errno;
+
+	return SMDBE_OK;
+}
+
+/*
+**  SMDB_UNLOCK_FILE -- Unlocks a file
+**
+**	Unlocks a file.
+**
+**	Parameters:
+**		lock_fd -- The descriptor for the locked file.
+**
+**	Returns:
+**		SMDBE_OK -- Success, otherwise errno.
+*/
+
+int
+smdb_unlock_file(lock_fd)
+	int lock_fd;
+{
+	int result;
+
+	result = close(lock_fd);
+	if (result != 0)
+		return errno;
+
+	return SMDBE_OK;
+}
+
+/*
+**  SMDB_SETUP_FILE -- Gets db file ready for use.
+**
+**	Makes sure permissions on file are safe and creates it if it
+**	doesn't exist.
+**
+**	Parameters:
+**		db_name -- The name of the database without extension.
+**		extension -- The extension.
+**		sff -- Flags to safefile.
+**		mode_mask -- Mode bits that must match.
+**		user_info -- Information on the user to use for file
+**			    permissions.
+**		stat_info -- A place to put the stat info for the file.
+**	Returns:
+**		SMDBE_OK -- Success, otherwise errno.
+*/
+
+int
+smdb_setup_file(db_name, extension, mode_mask, sff, user_info, stat_info)
+	char *db_name;
+	char *extension;
+	int mode_mask;
+	long sff;
+	SMDB_USER_INFO *user_info;
+	struct stat *stat_info;
+{
+	int st;
+	int result;
+	char db_file_name[SMDB_MAX_NAME_LEN];
+
+	result = smdb_add_extension(db_file_name, SMDB_MAX_NAME_LEN, db_name,
+				    extension);
+	if (result != SMDBE_OK)
+		return result;
+
+	st = safefile(db_file_name, user_info->smdbu_id,
+		      user_info->smdbu_group_id, user_info->smdbu_name,
+		      sff, mode_mask, stat_info);
+	if (st != 0)
+		return st;
+
+	return SMDBE_OK;
+}
+
+/*
+**  SMDB_FILECHANGED -- Checks to see if a file changed.
+**
+**	Compares the passed in stat_info with a current stat on
+**	the passed in file descriptor. Check filechanged for
+**	return values.
+**
+**	Parameters:
+**		db_name -- The name of the database without extension.
+**		extension -- The extension.
+**		db_fd -- A file descriptor for the database file.
+**		stat_info -- An old stat_info.
+**	Returns:
+**		SMDBE_OK -- Success, otherwise errno.
+*/
+
+int
+smdb_filechanged(db_name, extension, db_fd, stat_info)
+	char *db_name;
+	char *extension;
+	int db_fd;
+	struct stat *stat_info;
+{
+	int result;
+	char db_file_name[SMDB_MAX_NAME_LEN];
+
+	result = smdb_add_extension(db_file_name, SMDB_MAX_NAME_LEN, db_name,
+				    extension);
+	if (result != SMDBE_OK)
+		return result;
+
+	result = filechanged(db_file_name, db_fd, stat_info);
+
+	return result;
+}
+/*
+** SMDB_PRINT_AVAILABLE_TYPES -- Prints the names of the available types.
+**
+**	Parameters:
+**		None
+**
+**	Returns:
+**		None
+*/
+
+void
+smdb_print_available_types()
+{
+#ifdef NDBM
+	printf("dbm\n");
+#endif /* NDBM */
+#ifdef NEWDB
+	printf("hash\n");
+	printf("btree\n");
+#endif /* NEWDB */
+}
+/*
+** SMDB_DB_DEFINITION -- Given a database type, return database definition
+**
+**	Reads though a structure making an association with the database
+**	type and the required cpp define from sendmail/README.
+**	List size is dynamic and must be NULL terminated.
+**
+**	Parameters:
+**		type -- The name of the database type.
+**
+**	Returns:
+**		definition for type, otherwise NULL.
+*/
+
+typedef struct
+{
+	SMDB_DBTYPE type;
+	char *dbdef;
+} dbtype;
+
+static dbtype DatabaseDefs[] =
+{
+	{ SMDB_TYPE_HASH,	"NEWDB" },
+	{ SMDB_TYPE_BTREE,	"NEWDB" },
+	{ SMDB_TYPE_NDBM,	"NDBM"	},
+	{ NULL,			"OOPS"	}
+};
+
+char *
+smdb_db_definition(type)
+	SMDB_DBTYPE type;
+{
+	dbtype *ptr = DatabaseDefs;
+
+	while (ptr != NULL && ptr->type != NULL)
+	{
+		if (strcmp(type, ptr->type) == 0)
+			return ptr->dbdef;
+		ptr++;
+	}
+	return NULL;
+}
diff --git a/contrib/sendmail/libsmdb/smdb1.c b/contrib/sendmail/libsmdb/smdb1.c
new file mode 100644
index 0000000..59b11e5
--- /dev/null
+++ b/contrib/sendmail/libsmdb/smdb1.c
@@ -0,0 +1,507 @@
+/*
+** Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+**	All rights reserved.
+**
+** By using this file, you agree to the terms and conditions set
+** forth in the LICENSE file which can be found at the top level of
+** the sendmail distribution.
+*/
+
+#ifndef lint
+static char id[] = "@(#)$Id: smdb1.c,v 8.43 2000/03/17 07:32:43 gshapiro Exp $";
+#endif /* ! lint */
+
+#include <unistd.h>
+#include <stdlib.h>
+#include <fcntl.h>
+
+#include <sendmail/sendmail.h>
+#include <libsmdb/smdb.h>
+
+#if (DB_VERSION_MAJOR == 1)
+
+# define SMDB1_FILE_EXTENSION "db"
+
+struct smdb_db1_struct
+{
+	DB	*smdb1_db;
+	int	smdb1_lock_fd;
+	bool	smdb1_cursor_in_use;
+};
+typedef struct smdb_db1_struct SMDB_DB1_DATABASE;
+
+struct smdb_db1_cursor
+{
+	SMDB_DB1_DATABASE	*db;
+};
+typedef struct smdb_db1_cursor SMDB_DB1_CURSOR;
+
+/*
+**  SMDB_TYPE_TO_DB1_TYPE -- Translates smdb database type to db1 type.
+**
+**	Parameters:
+**		type -- The type to translate.
+**
+**	Returns:
+**		The DB1 type that corresponsds to the passed in SMDB type.
+**		Returns -1 if there is no equivalent type.
+**
+*/
+
+DBTYPE
+smdb_type_to_db1_type(type)
+	SMDB_DBTYPE type;
+{
+	if (type == SMDB_TYPE_DEFAULT)
+		return DB_HASH;
+
+	if (strncmp(type, SMDB_TYPE_HASH, SMDB_TYPE_HASH_LEN) == 0)
+		return DB_HASH;
+
+	if (strncmp(type, SMDB_TYPE_BTREE, SMDB_TYPE_BTREE_LEN) == 0)
+		return DB_BTREE;
+
+	/* Should never get here thanks to test in smdb_db_open() */
+	return DB_HASH;
+}
+
+
+/*
+**  SMDB_PUT_FLAGS_TO_DB1_FLAGS -- Translates smdb put flags to db1 put flags.
+**
+**	Parameters:
+**		flags -- The flags to translate.
+**
+**	Returns:
+**		The db1 flags that are equivalent to the smdb flags.
+**
+**	Notes:
+**		Any invalid flags are ignored.
+**
+*/
+
+u_int
+smdb_put_flags_to_db1_flags(flags)
+	SMDB_FLAG flags;
+{
+	int return_flags;
+
+	return_flags = 0;
+
+	if (bitset(SMDBF_NO_OVERWRITE, flags))
+		return_flags |= R_NOOVERWRITE;
+
+	return return_flags;
+}
+
+/*
+**  SMDB_CURSOR_GET_FLAGS_TO_SMDB1
+**
+**	Parameters:
+**		flags -- The flags to translate.
+**
+**	Returns:
+**		The db1 flags that are equivalent to the smdb flags.
+**
+**	Notes:
+**		Returns -1 if we don't support the flag.
+**
+*/
+
+int
+smdb_cursor_get_flags_to_smdb1(flags)
+	SMDB_FLAG flags;
+{
+	switch(flags)
+	{
+		case SMDB_CURSOR_GET_FIRST:
+			return R_FIRST;
+
+		case SMDB_CURSOR_GET_LAST:
+			return R_LAST;
+
+		case SMDB_CURSOR_GET_NEXT:
+			return R_NEXT;
+
+		case SMDB_CURSOR_GET_RANGE:
+			return R_CURSOR;
+
+		default:
+			return -1;
+	}
+}
+
+SMDB_DB1_DATABASE *
+smdb1_malloc_database()
+{
+	SMDB_DB1_DATABASE *db1;
+
+	db1 = (SMDB_DB1_DATABASE *) malloc(sizeof(SMDB_DB1_DATABASE));
+
+	if (db1 != NULL)
+	{
+		db1->smdb1_lock_fd = -1;
+		db1->smdb1_cursor_in_use = FALSE;
+	}
+
+	return db1;
+}
+
+/*
+** The rest of these function correspond to the interface laid out
+** in smdb.h.
+*/
+
+int
+smdb1_close(database)
+	SMDB_DATABASE *database;
+{
+	SMDB_DB1_DATABASE *db1 = (SMDB_DB1_DATABASE *) database->smdb_impl;
+	DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db;
+
+	if (db1->smdb1_lock_fd != -1)
+		(void) close(db1->smdb1_lock_fd);
+
+	free(db1);
+	database->smdb_impl = NULL;
+
+	return db->close(db);
+}
+
+int
+smdb1_del(database, key, flags)
+	SMDB_DATABASE *database;
+	SMDB_DBENT *key;
+	u_int flags;
+{
+	DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db;
+
+	return db->del(db, &key->db, flags);
+}
+
+int
+smdb1_fd(database, fd)
+	SMDB_DATABASE *database;
+	int *fd;
+{
+	DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db;
+
+	*fd = db->fd(db);
+	if (*fd == -1)
+		return errno;
+
+	return SMDBE_OK;
+}
+
+int
+smdb1_get(database, key, data, flags)
+	SMDB_DATABASE *database;
+	SMDB_DBENT *key;
+	SMDB_DBENT *data;
+	u_int flags;
+{
+	int result;
+	DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db;
+
+	result = db->get(db, &key->db, &data->db, flags);
+	if (result != 0)
+	{
+		if (result == 1)
+			return SMDBE_NOT_FOUND;
+		return errno;
+	}
+	return SMDBE_OK;
+}
+
+int
+smdb1_put(database, key, data, flags)
+	SMDB_DATABASE *database;
+	SMDB_DBENT *key;
+	SMDB_DBENT *data;
+	u_int flags;
+{
+	DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db;
+
+	return db->put(db, &key->db, &data->db,
+			    smdb_put_flags_to_db1_flags(flags));
+}
+
+int
+smdb1_set_owner(database, uid, gid)
+	SMDB_DATABASE *database;
+	uid_t uid;
+	gid_t gid;
+{
+# if HASFCHOWN
+	int fd;
+	int result;
+	DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db;
+
+	fd = db->fd(db);
+	if (fd == -1)
+		return errno;
+
+	result = fchown(fd, uid, gid);
+	if (result < 0)
+		return errno;
+# endif /* HASFCHOWN */
+
+	return SMDBE_OK;
+}
+
+int
+smdb1_sync(database, flags)
+	SMDB_DATABASE *database;
+	u_int flags;
+{
+	DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db;
+
+	return db->sync(db, flags);
+}
+
+int
+smdb1_cursor_close(cursor)
+	SMDB_CURSOR *cursor;
+{
+	SMDB_DB1_CURSOR *db1_cursor = (SMDB_DB1_CURSOR *) cursor->smdbc_impl;
+	SMDB_DB1_DATABASE *db1 = db1_cursor->db;
+
+	if (!db1->smdb1_cursor_in_use)
+		return SMDBE_NOT_A_VALID_CURSOR;
+
+	db1->smdb1_cursor_in_use = FALSE;
+	free(cursor);
+
+	return SMDBE_OK;
+}
+
+int
+smdb1_cursor_del(cursor, flags)
+	SMDB_CURSOR *cursor;
+	u_int flags;
+{
+	SMDB_DB1_CURSOR *db1_cursor = (SMDB_DB1_CURSOR *) cursor->smdbc_impl;
+	SMDB_DB1_DATABASE *db1 = db1_cursor->db;
+	DB *db = db1->smdb1_db;
+
+	return db->del(db, NULL, R_CURSOR);
+}
+
+int
+smdb1_cursor_get(cursor, key, value, flags)
+	SMDB_CURSOR *cursor;
+	SMDB_DBENT *key;
+	SMDB_DBENT *value;
+	SMDB_FLAG flags;
+{
+	int db1_flags;
+	int result;
+	SMDB_DB1_CURSOR *db1_cursor = (SMDB_DB1_CURSOR *) cursor->smdbc_impl;
+	SMDB_DB1_DATABASE *db1 = db1_cursor->db;
+	DB *db = db1->smdb1_db;
+
+	db1_flags = smdb_cursor_get_flags_to_smdb1(flags);
+	result = db->seq(db, &key->db, &value->db, db1_flags);
+	if (result == -1)
+		return errno;
+	if (result == 1)
+		return SMDBE_LAST_ENTRY;
+	return SMDBE_OK;
+}
+
+int
+smdb1_cursor_put(cursor, key, value, flags)
+	SMDB_CURSOR *cursor;
+	SMDB_DBENT *key;
+	SMDB_DBENT *value;
+	SMDB_FLAG flags;
+{
+	SMDB_DB1_CURSOR *db1_cursor = (SMDB_DB1_CURSOR *) cursor->smdbc_impl;
+	SMDB_DB1_DATABASE *db1 = db1_cursor->db;
+	DB *db = db1->smdb1_db;
+
+	return db->put(db, &key->db, &value->db, R_CURSOR);
+}
+
+int
+smdb1_cursor(database, cursor, flags)
+	SMDB_DATABASE *database;
+	SMDB_CURSOR **cursor;
+	u_int flags;
+{
+	SMDB_DB1_DATABASE *db1 = (SMDB_DB1_DATABASE *) database->smdb_impl;
+	SMDB_CURSOR *cur;
+	SMDB_DB1_CURSOR *db1_cursor;
+
+	if (db1->smdb1_cursor_in_use)
+		return SMDBE_ONLY_SUPPORTS_ONE_CURSOR;
+
+	db1->smdb1_cursor_in_use = TRUE;
+	db1_cursor = (SMDB_DB1_CURSOR *) malloc(sizeof(SMDB_DB1_CURSOR));
+	db1_cursor->db = db1;
+
+	cur = (SMDB_CURSOR *) malloc(sizeof(SMDB_CURSOR));
+
+	if (cur == NULL)
+		return SMDBE_MALLOC;
+
+	cur->smdbc_impl = db1_cursor;
+	cur->smdbc_close = smdb1_cursor_close;
+	cur->smdbc_del = smdb1_cursor_del;
+	cur->smdbc_get = smdb1_cursor_get;
+	cur->smdbc_put = smdb1_cursor_put;
+	*cursor = cur;
+
+	return SMDBE_OK;
+}
+
+/*
+**  SMDB_DB_OPEN -- Opens a db1 database.
+**
+**	Parameters:
+**		database -- An unallocated database pointer to a pointer.
+**		db_name -- The name of the database without extension.
+**		mode -- File permisions on the database if created.
+**		mode_mask -- Mode bits that must match on an existing database.
+**		sff -- Flags for safefile.
+**		type -- The type of database to open
+**			See smdb_type_to_db1_type for valid types.
+**		user_info -- Information on the user to use for file
+**			    permissions.
+**		db_params --
+**			An SMDB_DBPARAMS struct including params. These
+**			are processed according to the type of the
+**			database. Currently supported params (only for
+**			HASH type) are:
+**			   num_elements
+**			   cache_size
+**
+**	Returns:
+**		SMDBE_OK -- Success, otherwise errno.
+*/
+
+int
+smdb_db_open(database, db_name, mode, mode_mask, sff, type, user_info,
+	     db_params)
+	SMDB_DATABASE **database;
+	char *db_name;
+	int mode;
+	int mode_mask;
+	long sff;
+	SMDB_DBTYPE type;
+	SMDB_USER_INFO *user_info;
+	SMDB_DBPARAMS *db_params;
+{
+	int db_fd;
+	int lock_fd;
+	int result;
+	void *params;
+	SMDB_DATABASE *smdb_db;
+	SMDB_DB1_DATABASE *db1;
+	DB *db;
+	HASHINFO hash_info;
+	BTREEINFO btree_info;
+	DBTYPE db_type;
+	struct stat stat_info;
+	char db_file_name[SMDB_MAX_NAME_LEN];
+
+	if (type == NULL ||
+	    (strncmp(SMDB_TYPE_HASH, type, SMDB_TYPE_HASH_LEN) != 0 &&
+	     strncmp(SMDB_TYPE_BTREE, type, SMDB_TYPE_BTREE_LEN) != 0))
+		return SMDBE_UNKNOWN_DB_TYPE;
+
+	result = smdb_add_extension(db_file_name, SMDB_MAX_NAME_LEN,
+				    db_name, SMDB1_FILE_EXTENSION);
+	if (result != SMDBE_OK)
+		return result;
+
+	result = smdb_setup_file(db_name, SMDB1_FILE_EXTENSION, mode_mask,
+				 sff, user_info, &stat_info);
+	if (result != SMDBE_OK)
+		return result;
+
+	lock_fd = -1;
+# if O_EXLOCK
+	mode |= O_EXLOCK;
+# else /* O_EXLOCK */
+	result = smdb_lock_file(&lock_fd, db_name, mode, sff,
+				SMDB1_FILE_EXTENSION);
+	if (result != SMDBE_OK)
+		return result;
+# endif /* O_EXLOCK */
+
+	*database = NULL;
+
+	smdb_db = smdb_malloc_database();
+	db1 = smdb1_malloc_database();
+	if (smdb_db == NULL || db1 == NULL)
+		return SMDBE_MALLOC;
+	db1->smdb1_lock_fd = lock_fd;
+
+	params = NULL;
+	if (db_params != NULL &&
+	    (strncmp(SMDB_TYPE_HASH, type, SMDB_TYPE_HASH_LEN) == 0))
+	{
+		memset(&hash_info, '\0', sizeof hash_info);
+		hash_info.nelem = db_params->smdbp_num_elements;
+		hash_info.cachesize = db_params->smdbp_cache_size;
+		params = &hash_info;
+	}
+
+	if (db_params != NULL &&
+	    (strncmp(SMDB_TYPE_BTREE, type, SMDB_TYPE_BTREE_LEN) == 0))
+	{
+		memset(&btree_info, '\0', sizeof btree_info);
+		btree_info.cachesize = db_params->smdbp_cache_size;
+		if (db_params->smdbp_allow_dup)
+			btree_info.flags |= R_DUP;
+		params = &btree_info;
+	}
+
+	db_type = smdb_type_to_db1_type(type);
+	db = dbopen(db_file_name, mode, 0644, db_type, params);
+	if (db != NULL)
+	{
+		db_fd = db->fd(db);
+		result = smdb_filechanged(db_name, SMDB1_FILE_EXTENSION, db_fd,
+					  &stat_info);
+	}
+	else
+	{
+		if (errno == 0)
+			result = SMDBE_BAD_OPEN;
+		else
+			result = errno;
+	}
+
+	if (result == SMDBE_OK)
+	{
+		/* Everything is ok. Setup driver */
+		db1->smdb1_db = db;
+
+		smdb_db->smdb_close = smdb1_close;
+		smdb_db->smdb_del = smdb1_del;
+		smdb_db->smdb_fd = smdb1_fd;
+		smdb_db->smdb_get = smdb1_get;
+		smdb_db->smdb_put = smdb1_put;
+		smdb_db->smdb_set_owner = smdb1_set_owner;
+		smdb_db->smdb_sync = smdb1_sync;
+		smdb_db->smdb_cursor = smdb1_cursor;
+		smdb_db->smdb_impl = db1;
+
+		*database = smdb_db;
+		return SMDBE_OK;
+	}
+
+	if (db != NULL)
+		(void) db->close(db);
+
+	/* Error opening database */
+	(void) smdb_unlock_file(db1->smdb1_lock_fd);
+	free(db1);
+	smdb_free_database(smdb_db);
+
+	return result;
+}
+
+#endif /* (DB_VERSION_MAJOR == 1) */
diff --git a/contrib/sendmail/libsmdb/smdb2.c b/contrib/sendmail/libsmdb/smdb2.c
new file mode 100644
index 0000000..aa9395b
--- /dev/null
+++ b/contrib/sendmail/libsmdb/smdb2.c
@@ -0,0 +1,646 @@
+/*
+** Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+**	All rights reserved.
+**
+** By using this file, you agree to the terms and conditions set
+** forth in the LICENSE file which can be found at the top level of
+** the sendmail distribution.
+*/
+
+#ifndef lint
+static char id[] = "@(#)$Id: smdb2.c,v 8.53.2.1.2.1 2000/05/25 18:56:10 gshapiro Exp $";
+#endif /* ! lint */
+
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+#include <sendmail/sendmail.h>
+#include <libsmdb/smdb.h>
+
+#if (DB_VERSION_MAJOR >= 2)
+
+# define SMDB2_FILE_EXTENSION "db"
+
+struct smdb_db2_database
+{
+	DB	*smdb2_db;
+	int	smdb2_lock_fd;
+};
+typedef struct smdb_db2_database SMDB_DB2_DATABASE;
+
+/*
+**  SMDB_TYPE_TO_DB2_TYPE -- Translates smdb database type to db2 type.
+**
+**	Parameters:
+**		type -- The type to translate.
+**
+**	Returns:
+**		The DB2 type that corresponsds to the passed in SMDB type.
+**		Returns -1 if there is no equivalent type.
+**
+*/
+
+DBTYPE
+smdb_type_to_db2_type(type)
+	SMDB_DBTYPE type;
+{
+	if (type == SMDB_TYPE_DEFAULT)
+		return DB_HASH;
+
+	if (strncmp(type, SMDB_TYPE_HASH, SMDB_TYPE_HASH_LEN) == 0)
+		return DB_HASH;
+
+	if (strncmp(type, SMDB_TYPE_BTREE, SMDB_TYPE_BTREE_LEN) == 0)
+		return DB_BTREE;
+
+	return DB_UNKNOWN;
+}
+
+
+/*
+**  DB2_ERROR_TO_SMDB -- Translates db2 errors to smdbe errors
+**
+**	Parameters:
+**		error -- The error to translate.
+**
+**	Returns:
+**		The SMDBE error corresponding to the db2 error.
+**		If we don't have a corresponding error, it returs errno.
+**
+*/
+
+int
+db2_error_to_smdb(error)
+	int error;
+{
+	int result;
+
+	switch (error)
+	{
+# ifdef DB_INCOMPLETE
+		case DB_INCOMPLETE:
+			result = SMDBE_INCOMPLETE;
+			break;
+# endif /* DB_INCOMPLETE */
+
+# ifdef DB_NOTFOUND
+		case DB_NOTFOUND:
+			result = SMDBE_NOT_FOUND;
+			break;
+# endif /* DB_NOTFOUND */
+
+# ifdef DB_KEYEMPTY
+		case DB_KEYEMPTY:
+			result = SMDBE_KEY_EMPTY;
+			break;
+# endif /* DB_KEYEMPTY */
+
+# ifdef DB_KEYEXIST
+		case DB_KEYEXIST:
+			result = SMDBE_KEY_EXIST;
+			break;
+# endif /* DB_KEYEXIST */
+
+# ifdef DB_LOCK_DEADLOCK
+		case DB_LOCK_DEADLOCK:
+			result = SMDBE_LOCK_DEADLOCK;
+			break;
+# endif /* DB_LOCK_DEADLOCK */
+
+# ifdef DB_LOCK_NOTGRANTED
+		case DB_LOCK_NOTGRANTED:
+			result = SMDBE_LOCK_NOT_GRANTED;
+			break;
+# endif /* DB_LOCK_NOTGRANTED */
+
+# ifdef DB_LOCK_NOTHELD
+		case DB_LOCK_NOTHELD:
+			result = SMDBE_LOCK_NOT_HELD;
+			break;
+# endif /* DB_LOCK_NOTHELD */
+
+# ifdef DB_RUNRECOVERY
+		case DB_RUNRECOVERY:
+			result = SMDBE_RUN_RECOVERY;
+			break;
+# endif /* DB_RUNRECOVERY */
+
+# ifdef DB_OLD_VERSION
+		case DB_OLD_VERSION:
+			result = SMDBE_OLD_VERSION;
+			break;
+# endif /* DB_OLD_VERSION */
+
+		case 0:
+			result = SMDBE_OK;
+			break;
+
+		default:
+			result = error;
+	}
+	return result;
+}
+
+/*
+**  SMDB_PUT_FLAGS_TO_DB2_FLAGS -- Translates smdb put flags to db2 put flags.
+**
+**	Parameters:
+**		flags -- The flags to translate.
+**
+**	Returns:
+**		The db2 flags that are equivalent to the smdb flags.
+**
+**	Notes:
+**		Any invalid flags are ignored.
+**
+*/
+
+u_int
+smdb_put_flags_to_db2_flags(flags)
+	SMDB_FLAG flags;
+{
+	int return_flags;
+
+	return_flags = 0;
+
+	if (bitset(SMDBF_NO_OVERWRITE, flags))
+		return_flags |= DB_NOOVERWRITE;
+
+	return return_flags;
+}
+
+/*
+**  SMDB_CURSOR_GET_FLAGS_TO_DB2 -- Translates smdb cursor get flags to db2
+**	getflags.
+**
+**	Parameters:
+**		flags -- The flags to translate.
+**
+**	Returns:
+**		The db2 flags that are equivalent to the smdb flags.
+**
+**	Notes:
+**		-1 is returned if flag is unknown.
+**
+*/
+
+int
+smdb_cursor_get_flags_to_db2(flags)
+	SMDB_FLAG flags;
+{
+	switch (flags)
+	{
+		case SMDB_CURSOR_GET_FIRST:
+			return DB_FIRST;
+
+		case SMDB_CURSOR_GET_LAST:
+			return DB_LAST;
+
+		case SMDB_CURSOR_GET_NEXT:
+			return DB_NEXT;
+
+		case SMDB_CURSOR_GET_RANGE:
+			return DB_SET_RANGE;
+
+		default:
+			return -1;
+	}
+}
+
+SMDB_DB2_DATABASE *
+smdb2_malloc_database()
+{
+	SMDB_DB2_DATABASE *db2;
+
+	db2 = (SMDB_DB2_DATABASE *) malloc(sizeof(SMDB_DB2_DATABASE));
+	if (db2 != NULL)
+		db2->smdb2_lock_fd = -1;
+
+	return db2;
+}
+
+
+/*
+** Except for smdb_db_open, the rest of these function correspond to the
+** interface laid out in smdb.h.
+*/
+
+int
+smdb2_close(database)
+	SMDB_DATABASE *database;
+{
+	SMDB_DB2_DATABASE *db2 = (SMDB_DB2_DATABASE *) database->smdb_impl;
+	DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db;
+
+	if (db2->smdb2_lock_fd != -1)
+		close(db2->smdb2_lock_fd);
+
+	free(db2);
+	database->smdb_impl = NULL;
+
+	return db2_error_to_smdb(db->close(db, 0));
+}
+
+int
+smdb2_del(database, key, flags)
+	SMDB_DATABASE *database;
+	SMDB_DBENT *key;
+	u_int flags;
+{
+	DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db;
+
+	return db2_error_to_smdb(db->del(db, NULL, &key->db, flags));
+}
+
+int
+smdb2_fd(database, fd)
+	SMDB_DATABASE *database;
+	int *fd;
+{
+	DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db;
+
+	return db2_error_to_smdb(db->fd(db, fd));
+}
+
+int
+smdb2_get(database, key, data, flags)
+	SMDB_DATABASE *database;
+	SMDB_DBENT *key;
+	SMDB_DBENT *data;
+	u_int flags;
+{
+	DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db;
+
+	return db2_error_to_smdb(db->get(db, NULL, &key->db, &data->db, flags));
+}
+
+int
+smdb2_put(database, key, data, flags)
+	SMDB_DATABASE *database;
+	SMDB_DBENT *key;
+	SMDB_DBENT *data;
+	u_int flags;
+{
+	DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db;
+
+	return db2_error_to_smdb(db->put(db, NULL, &key->db, &data->db,
+					 smdb_put_flags_to_db2_flags(flags)));
+}
+
+
+int
+smdb2_set_owner(database, uid, gid)
+	SMDB_DATABASE *database;
+	uid_t uid;
+	gid_t gid;
+{
+# if HASFCHOWN
+	int fd;
+	int result;
+	DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db;
+
+	result = db->fd(db, &fd);
+	if (result != 0)
+		return result;
+
+	result = fchown(fd, uid, gid);
+	if (result < 0)
+		return errno;
+# endif /* HASFCHOWN */
+
+	return SMDBE_OK;
+}
+
+int
+smdb2_sync(database, flags)
+	SMDB_DATABASE *database;
+	u_int flags;
+{
+	DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db;
+
+	return db2_error_to_smdb(db->sync(db, flags));
+}
+
+int
+smdb2_cursor_close(cursor)
+	SMDB_CURSOR *cursor;
+{
+	DBC *dbc = (DBC *) cursor->smdbc_impl;
+
+	return db2_error_to_smdb(dbc->c_close(dbc));
+}
+
+int
+smdb2_cursor_del(cursor, flags)
+	SMDB_CURSOR *cursor;
+	SMDB_FLAG flags;
+{
+	DBC *dbc = (DBC *) cursor->smdbc_impl;
+
+	return db2_error_to_smdb(dbc->c_del(dbc, 0));
+}
+
+int
+smdb2_cursor_get(cursor, key, value, flags)
+	SMDB_CURSOR *cursor;
+	SMDB_DBENT *key;
+	SMDB_DBENT *value;
+	SMDB_FLAG flags;
+{
+	int db2_flags;
+	int result;
+	DBC *dbc = (DBC *) cursor->smdbc_impl;
+
+	db2_flags = smdb_cursor_get_flags_to_db2(flags);
+	result = dbc->c_get(dbc, &key->db, &value->db, db2_flags);
+	if (result == DB_NOTFOUND)
+		return SMDBE_LAST_ENTRY;
+	return db2_error_to_smdb(result);
+}
+
+int
+smdb2_cursor_put(cursor, key, value, flags)
+	SMDB_CURSOR *cursor;
+	SMDB_DBENT *key;
+	SMDB_DBENT *value;
+	SMDB_FLAG flags;
+{
+	DBC *dbc = (DBC *) cursor->smdbc_impl;
+
+	return db2_error_to_smdb(dbc->c_put(dbc, &key->db, &value->db, 0));
+}
+
+int
+smdb2_cursor(database, cursor, flags)
+	SMDB_DATABASE *database;
+	SMDB_CURSOR **cursor;
+	SMDB_FLAG flags;
+{
+	int result;
+	DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db;
+	DBC *db2_cursor;
+
+# if DB_VERSION_MAJOR > 2 || DB_VERSION_MINOR >= 6
+	result = db->cursor(db, NULL, &db2_cursor, 0);
+# else /* DB_VERSION_MAJOR > 2 || DB_VERSION_MINOR >= 6 */
+	result = db->cursor(db, NULL, &db2_cursor);
+# endif /* DB_VERSION_MAJOR > 2 || DB_VERSION_MINOR >= 6 */
+	if (result != 0)
+		return db2_error_to_smdb(result);
+
+	*cursor = (SMDB_CURSOR *) malloc(sizeof(SMDB_CURSOR));
+	if (*cursor == NULL)
+		return SMDBE_MALLOC;
+
+	(*cursor)->smdbc_close = smdb2_cursor_close;
+	(*cursor)->smdbc_del = smdb2_cursor_del;
+	(*cursor)->smdbc_get = smdb2_cursor_get;
+	(*cursor)->smdbc_put = smdb2_cursor_put;
+	(*cursor)->smdbc_impl = db2_cursor;
+
+	return SMDBE_OK;
+}
+
+# if DB_VERSION_MAJOR == 2
+static int
+smdb_db_open_internal(db_name, db_type, db_flags, db_params, db)
+	char *db_name;
+	DBTYPE db_type;
+	int db_flags;
+	SMDB_DBPARAMS *db_params;
+	DB **db;
+{
+	void *params;
+	DB_INFO db_info;
+
+	params = NULL;
+	memset(&db_info, '\0', sizeof db_info);
+	if (db_params != NULL)
+	{
+		db_info.db_cachesize = db_params->smdbp_cache_size;
+		if (db_type == DB_HASH)
+			db_info.h_nelem = db_params->smdbp_num_elements;
+		if (db_params->smdbp_allow_dup)
+			db_info.flags |= DB_DUP;
+		params = &db_info;
+	}
+	return db_open(db_name, db_type, db_flags, 0644, NULL, params, db);
+}
+# endif /* DB_VERSION_MAJOR == 2 */
+
+# if DB_VERSION_MAJOR > 2
+static int
+smdb_db_open_internal(db_name, db_type, db_flags, db_params, db)
+	char *db_name;
+	DBTYPE db_type;
+	int db_flags;
+	SMDB_DBPARAMS *db_params;
+	DB **db;
+{
+	int result;
+
+	result = db_create(db, NULL, 0);
+	if (result != 0 || *db == NULL)
+		return result;
+
+	if (db_params != NULL)
+	{
+		result = (*db)->set_cachesize(*db, 0,
+					      db_params->smdbp_cache_size, 0);
+		if (result != 0)
+		{
+			(void) (*db)->close((*db), 0);
+			*db = NULL;
+			return db2_error_to_smdb(result);
+		}
+		if (db_type == DB_HASH)
+		{
+			result = (*db)->set_h_nelem(*db, db_params->smdbp_num_elements);
+			if (result != 0)
+			{
+				(void) (*db)->close(*db, 0);
+				*db = NULL;
+				return db2_error_to_smdb(result);
+			}
+		}
+		if (db_params->smdbp_allow_dup)
+		{
+			result = (*db)->set_flags(*db, DB_DUP);
+			if (result != 0)
+			{
+				(void) (*db)->close(*db, 0);
+				*db = NULL;
+				return db2_error_to_smdb(result);
+			}
+		}
+	}
+
+	result = (*db)->open(*db, db_name, NULL, db_type, db_flags, 0644);
+	if (result != 0)
+	{
+		(void) (*db)->close(*db, 0);
+		*db = NULL;
+	}
+	return db2_error_to_smdb(result);
+}
+# endif /* DB_VERSION_MAJOR > 2 */
+/*
+**  SMDB_DB_OPEN -- Opens a db database.
+**
+**	Parameters:
+**		database -- An unallocated database pointer to a pointer.
+**		db_name -- The name of the database without extension.
+**		mode -- File permisions for a created database.
+**		mode_mask -- Mode bits that must match on an opened database.
+**		sff -- Flags for safefile.
+**		type -- The type of database to open
+**			See smdb_type_to_db2_type for valid types.
+**		user_info -- User information for file permissions.
+**		db_params --
+**			An SMDB_DBPARAMS struct including params. These
+**			are processed according to the type of the
+**			database. Currently supported params (only for
+**			HASH type) are:
+**			   num_elements
+**			   cache_size
+**
+**	Returns:
+**		SMDBE_OK -- Success, other errno:
+**		SMDBE_MALLOC -- Cannot allocate memory.
+**		SMDBE_BAD_OPEN -- db_open didn't return an error, but
+**				 somehow the DB pointer is NULL.
+**		Anything else: translated error from db2
+*/
+
+int
+smdb_db_open(database, db_name, mode, mode_mask, sff, type, user_info, db_params)
+	SMDB_DATABASE **database;
+	char *db_name;
+	int mode;
+	int mode_mask;
+	long sff;
+	SMDB_DBTYPE type;
+	SMDB_USER_INFO *user_info;
+	SMDB_DBPARAMS *db_params;
+{
+	bool lockcreated = FALSE;
+	int result;
+	int db_flags;
+	int lock_fd;
+	int db_fd;
+	SMDB_DATABASE *smdb_db;
+	SMDB_DB2_DATABASE *db2;
+	DB *db;
+	DBTYPE db_type;
+	struct stat stat_info;
+	char db_file_name[SMDB_MAX_NAME_LEN];
+
+	*database = NULL;
+
+	result = smdb_add_extension(db_file_name, SMDB_MAX_NAME_LEN,
+				    db_name, SMDB2_FILE_EXTENSION);
+	if (result != SMDBE_OK)
+		return result;
+
+	result = smdb_setup_file(db_name, SMDB2_FILE_EXTENSION,
+				 mode_mask, sff, user_info, &stat_info);
+	if (result != SMDBE_OK)
+		return result;
+
+	lock_fd = -1;
+
+	if (stat_info.st_mode == ST_MODE_NOFILE &&
+	    bitset(mode, O_CREAT))
+		lockcreated = TRUE;
+
+	result = smdb_lock_file(&lock_fd, db_name, mode, sff,
+				SMDB2_FILE_EXTENSION);
+	if (result != SMDBE_OK)
+		return result;
+
+	if (lockcreated)
+	{
+		mode |= O_TRUNC;
+		mode &= ~(O_CREAT|O_EXCL);
+	}
+
+	smdb_db = smdb_malloc_database();
+	if (smdb_db == NULL)
+		return SMDBE_MALLOC;
+
+	db2 = smdb2_malloc_database();
+	if (db2 == NULL)
+		return SMDBE_MALLOC;
+
+	db2->smdb2_lock_fd = lock_fd;
+
+	db_type = smdb_type_to_db2_type(type);
+
+	db = NULL;
+
+	db_flags = 0;
+	if (bitset(O_CREAT, mode))
+		db_flags |= DB_CREATE;
+	if (bitset(O_TRUNC, mode))
+		db_flags |= DB_TRUNCATE;
+	if (mode == O_RDONLY)
+		db_flags |= DB_RDONLY;
+# if !HASFLOCK && defined(DB_FCNTL_LOCKING)
+	db_flags |= DB_FCNTL_LOCKING;
+# endif /* !HASFLOCK && defined(DB_FCNTL_LOCKING) */
+
+	result = smdb_db_open_internal(db_file_name, db_type,
+				       db_flags, db_params, &db);
+
+	if (result == 0 && db != NULL)
+	{
+		result = db->fd(db, &db_fd);
+		if (result == 0)
+			result = SMDBE_OK;
+	}
+	else
+	{
+		/* Try and narrow down on the problem */
+		if (result != 0)
+			result = db2_error_to_smdb(result);
+		else
+			result = SMDBE_BAD_OPEN;
+	}
+
+	if (result == SMDBE_OK)
+		result = smdb_filechanged(db_name, SMDB2_FILE_EXTENSION, db_fd,
+					  &stat_info);
+
+	if (result == SMDBE_OK)
+	{
+		/* Everything is ok. Setup driver */
+		db2->smdb2_db = db;
+
+		smdb_db->smdb_close = smdb2_close;
+		smdb_db->smdb_del = smdb2_del;
+		smdb_db->smdb_fd = smdb2_fd;
+		smdb_db->smdb_get = smdb2_get;
+		smdb_db->smdb_put = smdb2_put;
+		smdb_db->smdb_set_owner = smdb2_set_owner;
+		smdb_db->smdb_sync = smdb2_sync;
+		smdb_db->smdb_cursor = smdb2_cursor;
+		smdb_db->smdb_impl = db2;
+
+		*database = smdb_db;
+
+		return SMDBE_OK;
+	}
+
+	if (db != NULL)
+		db->close(db, 0);
+
+	smdb_unlock_file(db2->smdb2_lock_fd);
+	free(db2);
+	smdb_free_database(smdb_db);
+
+	return result;
+}
+
+#endif /* (DB_VERSION_MAJOR >= 2) */
diff --git a/contrib/sendmail/libsmdb/smndbm.c b/contrib/sendmail/libsmdb/smndbm.c
new file mode 100644
index 0000000..f5bf388
--- /dev/null
+++ b/contrib/sendmail/libsmdb/smndbm.c
@@ -0,0 +1,579 @@
+/*
+** Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+**	All rights reserved.
+**
+** By using this file, you agree to the terms and conditions set
+** forth in the LICENSE file which can be found at the top level of
+** the sendmail distribution.
+*/
+
+#ifndef lint
+static char id[] = "@(#)$Id: smndbm.c,v 8.40 2000/03/19 05:03:30 ca Exp $";
+#endif /* ! lint */
+
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <sendmail/sendmail.h>
+#include <libsmdb/smdb.h>
+
+#ifdef NDBM
+
+# define SMNDB_DIR_FILE_EXTENSION "dir"
+# define SMNDB_PAG_FILE_EXTENSION "pag"
+
+struct smdb_dbm_database_struct
+{
+	DBM	*smndbm_dbm;
+	int	smndbm_lock_fd;
+	bool	smndbm_cursor_in_use;
+};
+typedef struct smdb_dbm_database_struct SMDB_DBM_DATABASE;
+
+struct smdb_dbm_cursor_struct
+{
+	SMDB_DBM_DATABASE	*smndbmc_db;
+	datum			smndbmc_current_key;
+};
+typedef struct smdb_dbm_cursor_struct SMDB_DBM_CURSOR;
+
+/*
+**  SMDB_PUT_FLAGS_TO_NDBM_FLAGS -- Translates smdb put flags to ndbm put flags.
+**
+**	Parameters:
+**		flags -- The flags to translate.
+**
+**	Returns:
+**		The ndbm flags that are equivalent to the smdb flags.
+**
+**	Notes:
+**		Any invalid flags are ignored.
+**
+*/
+
+int
+smdb_put_flags_to_ndbm_flags(flags)
+	SMDB_FLAG flags;
+{
+	int return_flags;
+
+	return_flags = 0;
+	if (bitset(SMDBF_NO_OVERWRITE, flags))
+		return_flags = DBM_INSERT;
+	else
+		return_flags = DBM_REPLACE;
+
+	return return_flags;
+}
+
+/*
+**  smdbm_malloc_database -- Create and initialize SMDB_DBM_DATABASE
+**
+**	Parameters:
+**		None
+**
+**	Returns:
+**		A pointer to an allocated SMDB_DBM_DATABASE or NULL
+**
+*/
+
+SMDB_DBM_DATABASE *
+smdbm_malloc_database()
+{
+	SMDB_DBM_DATABASE *db;
+
+	db = (SMDB_DBM_DATABASE *) malloc(sizeof(SMDB_DBM_DATABASE));
+	if (db != NULL)
+	{
+		db->smndbm_dbm = NULL;
+		db->smndbm_lock_fd = -1;
+		db->smndbm_cursor_in_use = FALSE;
+	}
+
+	return db;
+}
+
+/*
+** Except for smdb_ndbm_open, the rest of these function correspond to the
+** interface laid out in smdb.h.
+*/
+
+int
+smdbm_close(database)
+	SMDB_DATABASE *database;
+{
+	SMDB_DBM_DATABASE *db = (SMDB_DBM_DATABASE *) database->smdb_impl;
+	DBM *dbm = ((SMDB_DBM_DATABASE *) database->smdb_impl)->smndbm_dbm;
+
+	dbm_close(dbm);
+	if (db->smndbm_lock_fd != -1)
+		close(db->smndbm_lock_fd);
+
+	free(db);
+	database->smdb_impl = NULL;
+
+	return SMDBE_OK;
+}
+
+int
+smdbm_del(database, key, flags)
+	SMDB_DATABASE *database;
+	SMDB_DBENT *key;
+	u_int flags;
+{
+	int result;
+	DBM *dbm = ((SMDB_DBM_DATABASE *) database->smdb_impl)->smndbm_dbm;
+
+	errno = 0;
+	result = dbm_delete(dbm, key->dbm);
+	if (result != 0)
+	{
+		int save_errno = errno;
+
+		if (dbm_error(dbm))
+			return SMDBE_IO_ERROR;
+
+		if (save_errno != 0)
+			return save_errno;
+
+		return SMDBE_NOT_FOUND;
+	}
+	return SMDBE_OK;
+}
+
+int
+smdbm_fd(database, fd)
+	SMDB_DATABASE *database;
+	int *fd;
+{
+	DBM *dbm = ((SMDB_DBM_DATABASE *) database->smdb_impl)->smndbm_dbm;
+
+	*fd = dbm_dirfno(dbm);
+	if (*fd <= 0)
+		return EINVAL;
+
+	return SMDBE_OK;
+}
+
+int
+smdbm_get(database, key, data, flags)
+	SMDB_DATABASE *database;
+	SMDB_DBENT *key;
+	SMDB_DBENT *data;
+	u_int flags;
+{
+	DBM *dbm = ((SMDB_DBM_DATABASE *) database->smdb_impl)->smndbm_dbm;
+
+	errno = 0;
+	data->dbm = dbm_fetch(dbm, key->dbm);
+	if (data->dbm.dptr == NULL)
+	{
+		int save_errno = errno;
+
+		if (dbm_error(dbm))
+			return SMDBE_IO_ERROR;
+
+		if (save_errno != 0)
+			return save_errno;
+
+		return SMDBE_NOT_FOUND;
+	}
+
+	return SMDBE_OK;
+}
+
+int
+smdbm_put(database, key, data, flags)
+	SMDB_DATABASE *database;
+	SMDB_DBENT *key;
+	SMDB_DBENT *data;
+	u_int flags;
+{
+	int result;
+	int save_errno;
+	DBM *dbm = ((SMDB_DBM_DATABASE *) database->smdb_impl)->smndbm_dbm;
+
+	errno = 0;
+	result = dbm_store(dbm, key->dbm, data->dbm,
+			   smdb_put_flags_to_ndbm_flags(flags));
+	switch (result)
+	{
+	  case 1:
+		return SMDBE_DUPLICATE;
+
+	  case 0:
+		return SMDBE_OK;
+
+	  default:
+		save_errno = errno;
+
+		if (dbm_error(dbm))
+			return SMDBE_IO_ERROR;
+
+		if (save_errno != 0)
+			return save_errno;
+
+		return SMDBE_IO_ERROR;
+	}
+	/* NOTREACHED */
+}
+
+int
+smndbm_set_owner(database, uid, gid)
+	SMDB_DATABASE *database;
+	uid_t uid;
+	gid_t gid;
+{
+# if HASFCHOWN
+	int fd;
+	int result;
+	DBM *dbm = ((SMDB_DBM_DATABASE *) database->smdb_impl)->smndbm_dbm;
+
+	fd = dbm_dirfno(dbm);
+	if (fd <= 0)
+		return EINVAL;
+
+	result = fchown(fd, uid, gid);
+	if (result < 0)
+		return errno;
+
+	fd = dbm_pagfno(dbm);
+	if (fd <= 0)
+		return EINVAL;
+
+	result = fchown(fd, uid, gid);
+	if (result < 0)
+		return errno;
+# endif /* HASFCHOWN */
+
+	return SMDBE_OK;
+}
+
+int
+smdbm_sync(database, flags)
+	SMDB_DATABASE *database;
+	u_int flags;
+{
+	return SMDBE_UNSUPPORTED;
+}
+
+int
+smdbm_cursor_close(cursor)
+	SMDB_CURSOR *cursor;
+{
+	SMDB_DBM_CURSOR *dbm_cursor = (SMDB_DBM_CURSOR *) cursor->smdbc_impl;
+	SMDB_DBM_DATABASE *db = dbm_cursor->smndbmc_db;
+
+	if (!db->smndbm_cursor_in_use)
+		return SMDBE_NOT_A_VALID_CURSOR;
+
+	db->smndbm_cursor_in_use = FALSE;
+	free(dbm_cursor);
+	free(cursor);
+
+	return SMDBE_OK;
+}
+
+int
+smdbm_cursor_del(cursor, flags)
+	SMDB_CURSOR *cursor;
+	u_int flags;
+{
+	int result;
+	SMDB_DBM_CURSOR *dbm_cursor = (SMDB_DBM_CURSOR *) cursor->smdbc_impl;
+	SMDB_DBM_DATABASE *db = dbm_cursor->smndbmc_db;
+	DBM *dbm = db->smndbm_dbm;
+
+	errno = 0;
+	result = dbm_delete(dbm, dbm_cursor->smndbmc_current_key);
+	if (result != 0)
+	{
+		int save_errno = errno;
+
+		if (dbm_error(dbm))
+			return SMDBE_IO_ERROR;
+
+		if (save_errno != 0)
+			return save_errno;
+
+		return SMDBE_NOT_FOUND;
+	}
+	return SMDBE_OK;
+}
+
+int
+smdbm_cursor_get(cursor, key, value, flags)
+	SMDB_CURSOR *cursor;
+	SMDB_DBENT *key;
+	SMDB_DBENT *value;
+	SMDB_FLAG flags;
+{
+	SMDB_DBM_CURSOR *dbm_cursor = (SMDB_DBM_CURSOR *) cursor->smdbc_impl;
+	SMDB_DBM_DATABASE *db = dbm_cursor->smndbmc_db;
+	DBM *dbm = db->smndbm_dbm;
+
+	if (flags == SMDB_CURSOR_GET_RANGE)
+		return SMDBE_UNSUPPORTED;
+
+	if (dbm_cursor->smndbmc_current_key.dptr == NULL)
+	{
+		dbm_cursor->smndbmc_current_key = dbm_firstkey(dbm);
+		if (dbm_cursor->smndbmc_current_key.dptr == NULL)
+		{
+			if (dbm_error(dbm))
+				return SMDBE_IO_ERROR;
+			return SMDBE_LAST_ENTRY;
+		}
+	}
+	else
+	{
+		dbm_cursor->smndbmc_current_key = dbm_nextkey(dbm);
+		if (dbm_cursor->smndbmc_current_key.dptr == NULL)
+		{
+			if (dbm_error(dbm))
+				return SMDBE_IO_ERROR;
+			return SMDBE_LAST_ENTRY;
+		}
+	}
+
+	errno = 0;
+	value->dbm = dbm_fetch(dbm, dbm_cursor->smndbmc_current_key);
+	if (value->dbm.dptr == NULL)
+	{
+		int save_errno = errno;
+
+		if (dbm_error(dbm))
+			return SMDBE_IO_ERROR;
+
+		if (save_errno != 0)
+			return save_errno;
+
+		return SMDBE_NOT_FOUND;
+	}
+	key->dbm = dbm_cursor->smndbmc_current_key;
+
+	return SMDBE_OK;
+}
+
+int
+smdbm_cursor_put(cursor, key, value, flags)
+	SMDB_CURSOR *cursor;
+	SMDB_DBENT *key;
+	SMDB_DBENT *value;
+	SMDB_FLAG flags;
+{
+	int result;
+	int save_errno;
+	SMDB_DBM_CURSOR *dbm_cursor = (SMDB_DBM_CURSOR *) cursor->smdbc_impl;
+	SMDB_DBM_DATABASE *db = dbm_cursor->smndbmc_db;
+	DBM *dbm = db->smndbm_dbm;
+
+	errno = 0;
+	result = dbm_store(dbm, dbm_cursor->smndbmc_current_key, value->dbm,
+			   smdb_put_flags_to_ndbm_flags(flags));
+	switch (result)
+	{
+	  case 1:
+		return SMDBE_DUPLICATE;
+
+	  case 0:
+		return SMDBE_OK;
+
+	  default:
+		save_errno = errno;
+
+		if (dbm_error(dbm))
+			return SMDBE_IO_ERROR;
+
+		if (save_errno != 0)
+			return save_errno;
+
+		return SMDBE_IO_ERROR;
+	}
+	/* NOTREACHED */
+}
+
+int
+smdbm_cursor(database, cursor, flags)
+	SMDB_DATABASE *database;
+	SMDB_CURSOR **cursor;
+	SMDB_FLAG flags;
+{
+	SMDB_DBM_DATABASE *db = (SMDB_DBM_DATABASE *) database->smdb_impl;
+	SMDB_CURSOR *cur;
+	SMDB_DBM_CURSOR *dbm_cursor;
+
+	if (db->smndbm_cursor_in_use)
+		return SMDBE_ONLY_SUPPORTS_ONE_CURSOR;
+
+	db->smndbm_cursor_in_use = TRUE;
+	dbm_cursor = (SMDB_DBM_CURSOR *) malloc(sizeof(SMDB_DBM_CURSOR));
+	dbm_cursor->smndbmc_db = db;
+	dbm_cursor->smndbmc_current_key.dptr = NULL;
+	dbm_cursor->smndbmc_current_key.dsize = 0;
+
+	cur = (SMDB_CURSOR*) malloc(sizeof(SMDB_CURSOR));
+	if (cur == NULL)
+		return SMDBE_MALLOC;
+
+	cur->smdbc_impl = dbm_cursor;
+	cur->smdbc_close = smdbm_cursor_close;
+	cur->smdbc_del = smdbm_cursor_del;
+	cur->smdbc_get = smdbm_cursor_get;
+	cur->smdbc_put = smdbm_cursor_put;
+	*cursor = cur;
+
+	return SMDBE_OK;
+}
+
+/*
+**  SMDB_NDBM_OPEN -- Opens a ndbm database.
+**
+**	Parameters:
+**		database -- An unallocated database pointer to a pointer.
+**		db_name -- The name of the database without extension.
+**		mode -- File permisions on a created database.
+**		mode_mask -- Mode bits that much match on an opened database.
+**		sff -- Flags to safefile.
+**		type -- The type of database to open.
+**			Only SMDB_NDBM is supported.
+**		user_info -- Information on the user to use for file
+**			    permissions.
+**		db_params --
+**			No params are supported.
+**
+**	Returns:
+**		SMDBE_OK -- Success, otherwise errno:
+**		SMDBE_MALLOC -- Cannot allocate memory.
+**		SMDBE_UNSUPPORTED -- The type is not supported.
+**		SMDBE_GDBM_IS_BAD -- We have detected GDBM and we don't
+**				    like it.
+**		SMDBE_BAD_OPEN -- dbm_open failed and errno was not set.
+**		Anything else: errno
+*/
+
+int
+smdb_ndbm_open(database, db_name, mode, mode_mask, sff, type, user_info,
+	       db_params)
+	SMDB_DATABASE **database;
+	char *db_name;
+	int mode;
+	int mode_mask;
+	long sff;
+	SMDB_DBTYPE type;
+	SMDB_USER_INFO *user_info;
+	SMDB_DBPARAMS *db_params;
+{
+	int result;
+	int lock_fd;
+	SMDB_DATABASE *smdb_db;
+	SMDB_DBM_DATABASE *db;
+	DBM *dbm = NULL;
+	struct stat dir_stat_info;
+	struct stat pag_stat_info;
+
+	result = SMDBE_OK;
+	*database = NULL;
+
+	if (type == NULL)
+		return SMDBE_UNKNOWN_DB_TYPE;
+
+	result = smdb_setup_file(db_name, SMNDB_DIR_FILE_EXTENSION, mode_mask,
+				 sff, user_info, &dir_stat_info);
+	if (result != SMDBE_OK)
+		return result;
+
+	result = smdb_setup_file(db_name, SMNDB_PAG_FILE_EXTENSION, mode_mask,
+				 sff, user_info, &pag_stat_info);
+	if (result != SMDBE_OK)
+		return result;
+
+	lock_fd = -1;
+# if O_EXLOCK
+	mode |= O_EXLOCK;
+# else /* O_EXLOCK */
+	result = smdb_lock_file(&lock_fd, db_name, mode, sff,
+				SMNDB_DIR_FILE_EXTENSION);
+	if (result != SMDBE_OK)
+		return result;
+# endif /* O_EXLOCK */
+
+	smdb_db = smdb_malloc_database();
+	if (smdb_db == NULL)
+		result = SMDBE_MALLOC;
+
+	db = smdbm_malloc_database();
+	if (db == NULL)
+		result = SMDBE_MALLOC;
+
+	/* Try to open database */
+	if (result == SMDBE_OK)
+	{
+		db->smndbm_lock_fd = lock_fd;
+
+		errno = 0;
+		dbm = dbm_open(db_name, mode, 0644);
+		if (dbm == NULL)
+		{
+			if (errno == 0)
+				result = SMDBE_BAD_OPEN;
+			else
+				result = errno;
+		}
+		db->smndbm_dbm = dbm;
+	}
+
+	/* Check for GDBM */
+	if (result == SMDBE_OK)
+	{
+		if (dbm_dirfno(dbm) == dbm_pagfno(dbm))
+			result = SMDBE_GDBM_IS_BAD;
+	}
+
+	/* Check for filechanged */
+	if (result == SMDBE_OK)
+	{
+		result = smdb_filechanged(db_name, SMNDB_DIR_FILE_EXTENSION,
+					  dbm_dirfno(dbm), &dir_stat_info);
+		if (result == SMDBE_OK)
+		{
+			result = smdb_filechanged(db_name,
+						  SMNDB_PAG_FILE_EXTENSION,
+						  dbm_pagfno(dbm),
+						  &pag_stat_info);
+		}
+	}
+
+	/* XXX Got to get fchown stuff in here */
+
+	/* Setup driver if everything is ok */
+	if (result == SMDBE_OK)
+	{
+		*database = smdb_db;
+
+		smdb_db->smdb_close = smdbm_close;
+		smdb_db->smdb_del = smdbm_del;
+		smdb_db->smdb_fd = smdbm_fd;
+		smdb_db->smdb_get = smdbm_get;
+		smdb_db->smdb_put = smdbm_put;
+		smdb_db->smdb_set_owner = smndbm_set_owner;
+		smdb_db->smdb_sync = smdbm_sync;
+		smdb_db->smdb_cursor = smdbm_cursor;
+
+		smdb_db->smdb_impl = db;
+
+		return SMDBE_OK;
+	}
+
+	/* If we're here, something bad happened, clean up */
+	if (dbm != NULL)
+		dbm_close(dbm);
+
+	smdb_unlock_file(db->smndbm_lock_fd);
+	free(db);
+	smdb_free_database(smdb_db);
+
+	return result;
+}
+#endif /* NDBM */
diff --git a/contrib/sendmail/libsmutil/Build b/contrib/sendmail/libsmutil/Build
new file mode 100755
index 0000000..014c45c
--- /dev/null
+++ b/contrib/sendmail/libsmutil/Build
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+#	$Id: Build,v 8.2.2.1 2000/04/10 06:41:07 gshapiro Exp $
+
+exec sh ../devtools/bin/Build $*
diff --git a/contrib/sendmail/libsmutil/Makefile b/contrib/sendmail/libsmutil/Makefile
new file mode 100644
index 0000000..2de3231
--- /dev/null
+++ b/contrib/sendmail/libsmutil/Makefile
@@ -0,0 +1,17 @@
+#       $Id: Makefile,v 8.2 1999/09/23 22:36:32 ca Exp $
+
+SHELL= /bin/sh
+BUILD=   ./Build
+OPTIONS= $(CONFIG) $(FLAGS)
+
+all: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+clean: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+install: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+
+fresh: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) -c
+
+FRC:
diff --git a/contrib/sendmail/libsmutil/Makefile.m4 b/contrib/sendmail/libsmutil/Makefile.m4
new file mode 100644
index 0000000..93a344c
--- /dev/null
+++ b/contrib/sendmail/libsmutil/Makefile.m4
@@ -0,0 +1,13 @@
+include(confBUILDTOOLSDIR`/M4/switch.m4')
+
+# sendmail dir
+SMSRCDIR=	ifdef(`confSMSRCDIR', `confSMSRCDIR', `${SRCDIR}/sendmail')
+PREPENDDEF(`confENVDEF', `confMAPDEF')
+PREPENDDEF(`confINCDIRS', `-I${SMSRCDIR} ')
+
+bldPRODUCT_START(`library', `libsmutil')
+define(`bldSOURCES', `debug.c errstring.c lockfile.c safefile.c snprintf.c strl.c ')
+APPENDDEF(`confENVDEF', `-DNOT_SENDMAIL')
+bldPRODUCT_END
+
+bldFINISH
diff --git a/contrib/sendmail/libsmutil/debug.c b/contrib/sendmail/libsmutil/debug.c
new file mode 100644
index 0000000..bc32b66
--- /dev/null
+++ b/contrib/sendmail/libsmutil/debug.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: debug.c,v 8.2 1999/07/26 04:04:09 gshapiro Exp $";
+#endif /* ! lint */
+
+#include <sendmail.h>
+
+u_char	tTdvect[100];	/* trace vector */
+
+#if _FFR_DPRINTF_
+void
+/*VARARGS1*/
+#ifdef __STDC__
+dprintf(const char *fmt, ...)
+#else /* __STDC__ */
+dprintf(fmt, va_alist)
+	const char *fmt;
+	va_dcl
+#endif /* __STDC__ */
+{
+	VA_LOCAL_DECL;
+
+	(void) vfprintf(stdout, fmt, ap);
+}
+
+int
+dflush()
+{
+	return fflush(stdout);
+}
+#endif /* _FFR_DPRINTF_ */
diff --git a/contrib/sendmail/libsmutil/errstring.c b/contrib/sendmail/libsmutil/errstring.c
new file mode 100644
index 0000000..c851532
--- /dev/null
+++ b/contrib/sendmail/libsmutil/errstring.c
@@ -0,0 +1,206 @@
+/*
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: errstring.c,v 8.8.4.1 2000/05/26 18:16:28 geir Exp $";
+#endif /* ! lint */
+
+#include <sendmail.h>
+
+/*
+**  ERRSTRING -- return string description of error code
+**
+**	Parameters:
+**		errnum -- the error number to translate
+**
+**	Returns:
+**		A string description of errnum.
+**
+**	Side Effects:
+**		none.
+*/
+
+const char *
+errstring(errnum)
+	int errnum;
+{
+#if !HASSTRERROR && !defined(ERRLIST_PREDEFINED)
+	extern char *sys_errlist[];
+	extern int sys_nerr;
+#endif /* !HASSTRERROR && !defined(ERRLIST_PREDEFINED) */
+
+	/*
+	**  Handle special network error codes.
+	**
+	**	These are 4.2/4.3bsd specific; they should be in daemon.c.
+	*/
+
+	switch (errnum)
+	{
+	  case EPERM:
+		/* SunOS gives "Not owner" -- this is the POSIX message */
+		return "Operation not permitted";
+
+	/*
+	**  Error messages used internally in sendmail.
+	*/
+
+	  case E_SM_OPENTIMEOUT:
+		return "Timeout on file open";
+
+	  case E_SM_NOSLINK:
+		return "Symbolic links not allowed";
+
+	  case E_SM_NOHLINK:
+		return "Hard links not allowed";
+
+	  case E_SM_REGONLY:
+		return "Regular files only";
+
+	  case E_SM_ISEXEC:
+		return "Executable files not allowed";
+
+	  case E_SM_WWDIR:
+		return "World writable directory";
+
+	  case E_SM_GWDIR:
+		return "Group writable directory";
+
+	  case E_SM_FILECHANGE:
+		return "File changed after open";
+
+	  case E_SM_WWFILE:
+		return "World writable file";
+
+	  case E_SM_GWFILE:
+		return "Group writable file";
+
+	  case E_SM_GRFILE:
+		return "Group readable file";
+
+	  case E_SM_WRFILE:
+		return "World readable file";
+
+	/*
+	**  DNS error messages.
+	*/
+
+#if NAMED_BIND
+	  case HOST_NOT_FOUND + E_DNSBASE:
+		return "Name server: host not found";
+
+	  case TRY_AGAIN + E_DNSBASE:
+		return "Name server: host name lookup failure";
+
+	  case NO_RECOVERY + E_DNSBASE:
+		return "Name server: non-recoverable error";
+
+	  case NO_DATA + E_DNSBASE:
+		return "Name server: no data known";
+#endif /* NAMED_BIND */
+
+	/*
+	**  libsmdb error messages.
+	*/
+
+	  case SMDBE_MALLOC:
+		return "Memory allocation failed";
+
+	  case SMDBE_GDBM_IS_BAD:
+		return "GDBM is not supported";
+
+	  case SMDBE_UNSUPPORTED:
+		return "Unsupported action";
+
+	  case SMDBE_DUPLICATE:
+		return "Key already exists";
+
+	  case SMDBE_BAD_OPEN:
+		return "Database open failed";
+
+	  case SMDBE_NOT_FOUND:
+		return "Key not found";
+
+	  case SMDBE_UNKNOWN_DB_TYPE:
+		return "Unknown database type";
+
+	  case SMDBE_UNSUPPORTED_DB_TYPE:
+		return "Support for database type not compiled into this program";
+
+	  case SMDBE_INCOMPLETE:
+		return "DB sync did not finish";
+
+	  case SMDBE_KEY_EMPTY:
+		return "Key is empty";
+
+	  case SMDBE_KEY_EXIST:
+		return "Key already exists";
+
+	  case SMDBE_LOCK_DEADLOCK:
+		return "Locker killed to resolve deadlock";
+
+	  case SMDBE_LOCK_NOT_GRANTED:
+		return "Lock unavailable";
+
+	  case SMDBE_LOCK_NOT_HELD:
+		return "Lock not held by locker";
+
+	  case SMDBE_RUN_RECOVERY:
+		return "Database panic, run recovery";
+
+	  case SMDBE_IO_ERROR:
+		return "I/O error";
+
+	  case SMDBE_READ_ONLY:
+		return "Database opened read-only";
+
+	  case SMDBE_DB_NAME_TOO_LONG:
+		return "Name too long";
+
+	  case SMDBE_INVALID_PARAMETER:
+		return "Invalid parameter";
+
+	  case SMDBE_ONLY_SUPPORTS_ONE_CURSOR:
+		return "Only one cursor allowed";
+
+	  case SMDBE_NOT_A_VALID_CURSOR:
+		return "Invalid cursor";
+
+	  case SMDBE_OLD_VERSION:
+		return "Berkeley DB file is an old version, recreate it";
+	}
+
+	/*
+	**  LDAP error messages.
+	*/
+
+#ifdef LDAPMAP
+	if (errnum >= E_LDAPBASE)
+		return ldap_err2string(errnum - E_LDAPBASE);
+#endif /* LDAPMAP */
+
+#if HASSTRERROR
+	return strerror(errnum);
+#else /* HASSTRERROR */
+	if (errnum > 0 && errnum < sys_nerr)
+		return sys_errlist[errnum];
+	else
+	{
+		static char buf[MAXLINE];
+
+		(void) snprintf(buf, sizeof buf, "Error %d", errnum);
+		return buf;
+	}
+#endif /* HASSTRERROR */
+}
+
diff --git a/contrib/sendmail/libsmutil/lockfile.c b/contrib/sendmail/libsmutil/lockfile.c
new file mode 100644
index 0000000..78fbc20
--- /dev/null
+++ b/contrib/sendmail/libsmutil/lockfile.c
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: lockfile.c,v 8.3 1999/08/31 15:38:27 ca Exp $";
+#endif /* ! lint */
+
+#include <sendmail.h>
+
+/*
+**  LOCKFILE -- lock a file using flock or (shudder) fcntl locking
+**
+**	Parameters:
+**		fd -- the file descriptor of the file.
+**		filename -- the file name (for error messages). [unused]
+**		ext -- the filename extension. [unused]
+**		type -- type of the lock.  Bits can be:
+**			LOCK_EX -- exclusive lock.
+**			LOCK_NB -- non-blocking.
+**
+**	Returns:
+**		TRUE if the lock was acquired.
+**		FALSE otherwise.
+*/
+
+bool
+lockfile(fd, filename, ext, type)
+	int fd;
+	char *filename;
+	char *ext;
+	int type;
+{
+#if !HASFLOCK
+	int action;
+	struct flock lfd;
+	extern int errno;
+
+	memset(&lfd, '\0', sizeof lfd);
+	if (bitset(LOCK_UN, type))
+		lfd.l_type = F_UNLCK;
+	else if (bitset(LOCK_EX, type))
+		lfd.l_type = F_WRLCK;
+	else
+		lfd.l_type = F_RDLCK;
+	if (bitset(LOCK_NB, type))
+		action = F_SETLK;
+	else
+		action = F_SETLKW;
+
+	if (fcntl(fd, action, &lfd) >= 0)
+		return TRUE;
+
+	/*
+	**  On SunOS, if you are testing using -oQ/tmp/mqueue or
+	**  -oA/tmp/aliases or anything like that, and /tmp is mounted
+	**  as type "tmp" (that is, served from swap space), the
+	**  previous fcntl will fail with "Invalid argument" errors.
+	**  Since this is fairly common during testing, we will assume
+	**  that this indicates that the lock is successfully grabbed.
+	*/
+
+	if (errno == EINVAL)
+		return TRUE;
+
+#else /* !HASFLOCK */
+
+	if (flock(fd, type) >= 0)
+		return TRUE;
+
+#endif /* !HASFLOCK */
+
+	return FALSE;
+}
diff --git a/contrib/sendmail/libsmutil/safefile.c b/contrib/sendmail/libsmutil/safefile.c
new file mode 100644
index 0000000..cbb88df
--- /dev/null
+++ b/contrib/sendmail/libsmutil/safefile.c
@@ -0,0 +1,949 @@
+/*
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: safefile.c,v 8.81.4.5 2000/07/17 22:33:37 ca Exp $";
+#endif /* ! lint */
+
+#include <sendmail.h>
+
+
+/*
+**  SAFEFILE -- return 0 if a file exists and is safe for a user.
+**
+**	Parameters:
+**		fn -- filename to check.
+**		uid -- user id to compare against.
+**		gid -- group id to compare against.
+**		user -- user name to compare against (used for group
+**			sets).
+**		flags -- modifiers:
+**			SFF_MUSTOWN -- "uid" must own this file.
+**			SFF_NOSLINK -- file cannot be a symbolic link.
+**		mode -- mode bits that must match.
+**		st -- if set, points to a stat structure that will
+**			get the stat info for the file.
+**
+**	Returns:
+**		0 if fn exists, is owned by uid, and matches mode.
+**		An errno otherwise.  The actual errno is cleared.
+**
+**	Side Effects:
+**		none.
+*/
+
+int
+safefile(fn, uid, gid, user, flags, mode, st)
+	char *fn;
+	UID_T uid;
+	GID_T gid;
+	char *user;
+	long flags;
+	int mode;
+	struct stat *st;
+{
+	register char *p;
+	register struct group *gr = NULL;
+	int file_errno = 0;
+	bool checkpath;
+	struct stat stbuf;
+	struct stat fstbuf;
+	char fbuf[MAXPATHLEN + 1];
+
+	if (tTd(44, 4))
+		dprintf("safefile(%s, uid=%d, gid=%d, flags=%lx, mode=%o):\n",
+			fn, (int) uid, (int) gid, flags, mode);
+	errno = 0;
+	if (st == NULL)
+		st = &fstbuf;
+	if (strlcpy(fbuf, fn, sizeof fbuf) >= sizeof fbuf)
+	{
+		if (tTd(44, 4))
+			dprintf("\tpathname too long\n");
+		return ENAMETOOLONG;
+	}
+	fn = fbuf;
+
+	/* ignore SFF_SAFEDIRPATH if we are debugging */
+	if (RealUid != 0 && RunAsUid == RealUid)
+		flags &= ~SFF_SAFEDIRPATH;
+
+	/* first check to see if the file exists at all */
+# if HASLSTAT
+	if ((bitset(SFF_NOSLINK, flags) ? lstat(fn, st)
+					: stat(fn, st)) < 0)
+# else /* HASLSTAT */
+	if (stat(fn, st) < 0)
+# endif /* HASLSTAT */
+	{
+		file_errno = errno;
+	}
+	else if (bitset(SFF_SETUIDOK, flags) &&
+		 !bitset(S_IXUSR|S_IXGRP|S_IXOTH, st->st_mode) &&
+		 S_ISREG(st->st_mode))
+	{
+		/*
+		**  If final file is setuid, run as the owner of that
+		**  file.  Gotta be careful not to reveal anything too
+		**  soon here!
+		*/
+
+# ifdef SUID_ROOT_FILES_OK
+		if (bitset(S_ISUID, st->st_mode))
+# else /* SUID_ROOT_FILES_OK */
+		if (bitset(S_ISUID, st->st_mode) && st->st_uid != 0 &&
+		    st->st_uid != TrustedUid)
+# endif /* SUID_ROOT_FILES_OK */
+		{
+			uid = st->st_uid;
+			user = NULL;
+		}
+# ifdef SUID_ROOT_FILES_OK
+		if (bitset(S_ISGID, st->st_mode))
+# else /* SUID_ROOT_FILES_OK */
+		if (bitset(S_ISGID, st->st_mode) && st->st_gid != 0)
+# endif /* SUID_ROOT_FILES_OK */
+			gid = st->st_gid;
+	}
+
+	checkpath = !bitset(SFF_NOPATHCHECK, flags) ||
+		    (uid == 0 && !bitset(SFF_ROOTOK|SFF_OPENASROOT, flags));
+	if (bitset(SFF_NOWLINK, flags) && !bitset(SFF_SAFEDIRPATH, flags))
+	{
+		int ret;
+
+		/* check the directory */
+		p = strrchr(fn, '/');
+		if (p == NULL)
+		{
+			ret = safedirpath(".", uid, gid, user,
+					  flags|SFF_SAFEDIRPATH, 0, 0);
+		}
+		else
+		{
+			*p = '\0';
+			ret = safedirpath(fn, uid, gid, user,
+					  flags|SFF_SAFEDIRPATH, 0, 0);
+			*p = '/';
+		}
+		if (ret == 0)
+		{
+			/* directory is safe */
+			checkpath = FALSE;
+		}
+		else
+		{
+# if HASLSTAT
+			/* Need lstat() information if called stat() before */
+			if (!bitset(SFF_NOSLINK, flags) && lstat(fn, st) < 0)
+			{
+				ret = errno;
+				if (tTd(44, 4))
+					dprintf("\t%s\n", errstring(ret));
+				return ret;
+			}
+# endif /* HASLSTAT */
+			/* directory is writable: disallow links */
+			flags |= SFF_NOLINK;
+		}
+	}
+
+	if (checkpath)
+	{
+		int ret;
+
+		p = strrchr(fn, '/');
+		if (p == NULL)
+		{
+			ret = safedirpath(".", uid, gid, user, flags, 0, 0);
+		}
+		else
+		{
+			*p = '\0';
+			ret = safedirpath(fn, uid, gid, user, flags, 0, 0);
+			*p = '/';
+		}
+		if (ret != 0)
+			return ret;
+	}
+
+	/*
+	**  If the target file doesn't exist, check the directory to
+	**  ensure that it is writable by this user.
+	*/
+
+	if (file_errno != 0)
+	{
+		int ret = file_errno;
+		char *dir = fn;
+
+		if (tTd(44, 4))
+			dprintf("\t%s\n", errstring(ret));
+
+		errno = 0;
+		if (!bitset(SFF_CREAT, flags) || file_errno != ENOENT)
+			return ret;
+
+		/* check to see if legal to create the file */
+		p = strrchr(dir, '/');
+		if (p == NULL)
+			dir = ".";
+		else if (p == dir)
+			dir = "/";
+		else
+			*p = '\0';
+		if (stat(dir, &stbuf) >= 0)
+		{
+			int md = S_IWRITE|S_IEXEC;
+
+			if (stbuf.st_uid == uid)
+				/* EMPTY */
+				;
+			else if (uid == 0 && stbuf.st_uid == TrustedUid)
+				/* EMPTY */
+				;
+			else
+			{
+				md >>= 3;
+				if (stbuf.st_gid == gid)
+					/* EMPTY */
+					;
+# ifndef NO_GROUP_SET
+				else if (user != NULL && !DontInitGroups &&
+					 ((gr != NULL &&
+					   gr->gr_gid == stbuf.st_gid) ||
+					  (gr = getgrgid(stbuf.st_gid)) != NULL))
+				{
+					register char **gp;
+
+					for (gp = gr->gr_mem; *gp != NULL; gp++)
+						if (strcmp(*gp, user) == 0)
+							break;
+					if (*gp == NULL)
+						md >>= 3;
+				}
+# endif /* ! NO_GROUP_SET */
+				else
+					md >>= 3;
+			}
+			if ((stbuf.st_mode & md) != md)
+				errno = EACCES;
+		}
+		ret = errno;
+		if (tTd(44, 4))
+			dprintf("\t[final dir %s uid %d mode %lo] %s\n",
+				dir, (int) stbuf.st_uid, (u_long) stbuf.st_mode,
+				errstring(ret));
+		if (p != NULL)
+			*p = '/';
+		st->st_mode = ST_MODE_NOFILE;
+		return ret;
+	}
+
+# ifdef S_ISLNK
+	if (bitset(SFF_NOSLINK, flags) && S_ISLNK(st->st_mode))
+	{
+		if (tTd(44, 4))
+			dprintf("\t[slink mode %lo]\tE_SM_NOSLINK\n",
+				(u_long) st->st_mode);
+		return E_SM_NOSLINK;
+	}
+# endif /* S_ISLNK */
+	if (bitset(SFF_REGONLY, flags) && !S_ISREG(st->st_mode))
+	{
+		if (tTd(44, 4))
+			dprintf("\t[non-reg mode %lo]\tE_SM_REGONLY\n",
+				(u_long) st->st_mode);
+		return E_SM_REGONLY;
+	}
+	if (bitset(SFF_NOGWFILES, flags) &&
+	    bitset(S_IWGRP, st->st_mode))
+	{
+		if (tTd(44, 4))
+			dprintf("\t[write bits %lo]\tE_SM_GWFILE\n",
+				(u_long) st->st_mode);
+		return E_SM_GWFILE;
+	}
+	if (bitset(SFF_NOWWFILES, flags) &&
+	    bitset(S_IWOTH, st->st_mode))
+	{
+		if (tTd(44, 4))
+			dprintf("\t[write bits %lo]\tE_SM_WWFILE\n",
+				(u_long) st->st_mode);
+		return E_SM_WWFILE;
+	}
+	if (bitset(SFF_NOGRFILES, flags) && bitset(S_IRGRP, st->st_mode))
+	{
+		if (tTd(44, 4))
+			dprintf("\t[read bits %lo]\tE_SM_GRFILE\n",
+				(u_long) st->st_mode);
+		return E_SM_GRFILE;
+	}
+	if (bitset(SFF_NOWRFILES, flags) && bitset(S_IROTH, st->st_mode))
+	{
+		if (tTd(44, 4))
+			dprintf("\t[read bits %lo]\tE_SM_WRFILE\n",
+				(u_long) st->st_mode);
+		return E_SM_WRFILE;
+	}
+	if (!bitset(SFF_EXECOK, flags) &&
+	    bitset(S_IWUSR|S_IWGRP|S_IWOTH, mode) &&
+	    bitset(S_IXUSR|S_IXGRP|S_IXOTH, st->st_mode))
+	{
+		if (tTd(44, 4))
+			dprintf("\t[exec bits %lo]\tE_SM_ISEXEC]\n",
+				(u_long) st->st_mode);
+		return E_SM_ISEXEC;
+	}
+	if (bitset(SFF_NOHLINK, flags) && st->st_nlink != 1)
+	{
+		if (tTd(44, 4))
+			dprintf("\t[link count %d]\tE_SM_NOHLINK\n",
+				(int) st->st_nlink);
+		return E_SM_NOHLINK;
+	}
+
+	if (uid == 0 && bitset(SFF_OPENASROOT, flags))
+		/* EMPTY */
+		;
+	else if (uid == 0 && !bitset(SFF_ROOTOK, flags))
+		mode >>= 6;
+	else if (st->st_uid == uid)
+		/* EMPTY */
+		;
+	else if (uid == 0 && st->st_uid == TrustedUid)
+		/* EMPTY */
+		;
+	else
+	{
+		mode >>= 3;
+		if (st->st_gid == gid)
+			/* EMPTY */
+			;
+# ifndef NO_GROUP_SET
+		else if (user != NULL && !DontInitGroups &&
+			 ((gr != NULL && gr->gr_gid == st->st_gid) ||
+			  (gr = getgrgid(st->st_gid)) != NULL))
+		{
+			register char **gp;
+
+			for (gp = gr->gr_mem; *gp != NULL; gp++)
+				if (strcmp(*gp, user) == 0)
+					break;
+			if (*gp == NULL)
+				mode >>= 3;
+		}
+# endif /* ! NO_GROUP_SET */
+		else
+			mode >>= 3;
+	}
+	if (tTd(44, 4))
+		dprintf("\t[uid %d, nlink %d, stat %lo, mode %lo] ",
+			(int) st->st_uid, (int) st->st_nlink,
+			(u_long) st->st_mode, (u_long) mode);
+	if ((st->st_uid == uid || st->st_uid == 0 ||
+	     st->st_uid == TrustedUid ||
+	     !bitset(SFF_MUSTOWN, flags)) &&
+	    (st->st_mode & mode) == mode)
+	{
+		if (tTd(44, 4))
+			dprintf("\tOK\n");
+		return 0;
+	}
+	if (tTd(44, 4))
+		dprintf("\tEACCES\n");
+	return EACCES;
+}
+/*
+**  SAFEDIRPATH -- check to make sure a path to a directory is safe
+**
+**	Safe means not writable and owned by the right folks.
+**
+**	Parameters:
+**		fn -- filename to check.
+**		uid -- user id to compare against.
+**		gid -- group id to compare against.
+**		user -- user name to compare against (used for group
+**			sets).
+**		flags -- modifiers:
+**			SFF_ROOTOK -- ok to use root permissions to open.
+**			SFF_SAFEDIRPATH -- writable directories are considered
+**				to be fatal errors.
+**		level -- symlink recursive level.
+**		offset -- offset into fn to start checking from.
+**
+**	Returns:
+**		0 -- if the directory path is "safe".
+**		else -- an error number associated with the path.
+*/
+
+int
+safedirpath(fn, uid, gid, user, flags, level, offset)
+	char *fn;
+	UID_T uid;
+	GID_T gid;
+	char *user;
+	long flags;
+	int level;
+	int offset;
+{
+	int ret = 0;
+	int mode = S_IWOTH;
+	char save = '\0';
+	char *saveptr = NULL;
+	char *p, *enddir;
+	register struct group *gr = NULL;
+	char s[MAXLINKPATHLEN + 1];
+	struct stat stbuf;
+
+	/* make sure we aren't in a symlink loop */
+	if (level > MAXSYMLINKS)
+		return ELOOP;
+
+	/* special case root directory */
+	if (*fn == '\0')
+		fn = "/";
+
+	if (tTd(44, 4))
+		dprintf("safedirpath(%s, uid=%ld, gid=%ld, flags=%lx, level=%d, offset=%d):\n",
+			fn, (long) uid, (long) gid, flags, level, offset);
+
+	if (!bitnset(DBS_GROUPWRITABLEDIRPATHSAFE, DontBlameSendmail))
+		mode |= S_IWGRP;
+
+	/* Make a modifiable copy of the filename */
+	if (strlcpy(s, fn, sizeof s) >= sizeof s)
+		return EINVAL;
+
+	p = s + offset;
+	while (p != NULL)
+	{
+		/* put back character */
+		if (saveptr != NULL)
+		{
+			*saveptr = save;
+			saveptr = NULL;
+			p++;
+		}
+
+		if (*p == '\0')
+			break;
+
+		p = strchr(p, '/');
+
+		/* Special case for root directory */
+		if (p == s)
+		{
+			save = *(p + 1);
+			saveptr = p + 1;
+			*(p + 1) = '\0';
+		}
+		else if (p != NULL)
+		{
+			save = *p;
+			saveptr = p;
+			*p = '\0';
+		}
+
+		/* Heuristic: . and .. have already been checked */
+		enddir = strrchr(s, '/');
+		if (enddir != NULL &&
+		    (strcmp(enddir, "/..") == 0 ||
+		     strcmp(enddir, "/.") == 0))
+			continue;
+
+		if (tTd(44, 20))
+			dprintf("\t[dir %s]\n", s);
+
+# if HASLSTAT
+		ret = lstat(s, &stbuf);
+# else /* HASLSTAT */
+		ret = stat(s, &stbuf);
+# endif /* HASLSTAT */
+		if (ret < 0)
+		{
+			ret = errno;
+			break;
+		}
+
+# ifdef S_ISLNK
+		/* Follow symlinks */
+		if (S_ISLNK(stbuf.st_mode))
+		{
+			char *target;
+			char buf[MAXPATHLEN + 1];
+
+			memset(buf, '\0', sizeof buf);
+			if (readlink(s, buf, sizeof buf) < 0)
+			{
+				ret = errno;
+				break;
+			}
+
+			offset = 0;
+			if (*buf == '/')
+			{
+				target = buf;
+
+				/* If path is the same, avoid rechecks */
+				while (s[offset] == buf[offset] &&
+				       s[offset] != '\0')
+					offset++;
+
+				if (s[offset] == '\0' && buf[offset] == '\0')
+				{
+					/* strings match, symlink loop */
+					return ELOOP;
+				}
+
+				/* back off from the mismatch */
+				if (offset > 0)
+					offset--;
+
+				/* Make sure we are at a directory break */
+				if (offset > 0 &&
+				    s[offset] != '/' &&
+				    s[offset] != '\0')
+				{
+					while (buf[offset] != '/' &&
+					       offset > 0)
+						offset--;
+				}
+				if (offset > 0 &&
+				    s[offset] == '/' &&
+				    buf[offset] == '/')
+				{
+					/* Include the trailing slash */
+					offset++;
+				}
+			}
+			else
+			{
+				char *sptr;
+				char fullbuf[MAXLINKPATHLEN + 1];
+
+				sptr = strrchr(s, '/');
+				if (sptr != NULL)
+				{
+					*sptr = '\0';
+					offset = sptr + 1 - s;
+					if ((strlen(s) + 1 +
+					     strlen(buf) + 1) > sizeof fullbuf)
+					{
+						ret = EINVAL;
+						break;
+					}
+					snprintf(fullbuf, sizeof fullbuf,
+						 "%s/%s", s, buf);
+					*sptr = '/';
+				}
+				else
+				{
+					if (strlen(buf) + 1 > sizeof fullbuf)
+					{
+						ret = EINVAL;
+						break;
+					}
+					(void) strlcpy(fullbuf, buf,
+						       sizeof fullbuf);
+				}
+				target = fullbuf;
+			}
+			ret = safedirpath(target, uid, gid, user, flags,
+					  level + 1, offset);
+			if (ret != 0)
+				break;
+
+			/* Don't check permissions on the link file itself */
+			continue;
+		}
+#endif /* S_ISLNK */
+
+		if ((uid == 0 || bitset(SFF_SAFEDIRPATH, flags)) &&
+#ifdef S_ISVTX
+		    !(bitnset(DBS_TRUSTSTICKYBIT, DontBlameSendmail) &&
+		      bitset(S_ISVTX, stbuf.st_mode)) &&
+#endif /* S_ISVTX */
+		    bitset(mode, stbuf.st_mode))
+		{
+			if (tTd(44, 4))
+				dprintf("\t[dir %s] mode %lo ",
+					s, (u_long) stbuf.st_mode);
+			if (bitset(SFF_SAFEDIRPATH, flags))
+			{
+				if (bitset(S_IWOTH, stbuf.st_mode))
+					ret = E_SM_WWDIR;
+				else
+					ret = E_SM_GWDIR;
+				if (tTd(44, 4))
+					dprintf("FATAL\n");
+				break;
+			}
+			if (tTd(44, 4))
+				dprintf("WARNING\n");
+			if (Verbose > 1)
+				message("051 WARNING: %s writable directory %s",
+					bitset(S_IWOTH, stbuf.st_mode)
+					   ? "World"
+					   : "Group",
+					s);
+		}
+		if (uid == 0 && !bitset(SFF_ROOTOK|SFF_OPENASROOT, flags))
+		{
+			if (bitset(S_IXOTH, stbuf.st_mode))
+				continue;
+			ret = EACCES;
+			break;
+		}
+
+		/*
+		**  Let OS determine access to file if we are not
+		**  running as a privileged user.  This allows ACLs
+		**  to work.  Also, if opening as root, assume we can
+		**  scan the directory.
+		*/
+		if (geteuid() != 0 || bitset(SFF_OPENASROOT, flags))
+			continue;
+
+		if (stbuf.st_uid == uid &&
+		    bitset(S_IXUSR, stbuf.st_mode))
+			continue;
+		if (stbuf.st_gid == gid &&
+		    bitset(S_IXGRP, stbuf.st_mode))
+			continue;
+# ifndef NO_GROUP_SET
+		if (user != NULL && !DontInitGroups &&
+		    ((gr != NULL && gr->gr_gid == stbuf.st_gid) ||
+		     (gr = getgrgid(stbuf.st_gid)) != NULL))
+		{
+			register char **gp;
+
+			for (gp = gr->gr_mem; gp != NULL && *gp != NULL; gp++)
+				if (strcmp(*gp, user) == 0)
+					break;
+			if (gp != NULL && *gp != NULL &&
+			    bitset(S_IXGRP, stbuf.st_mode))
+				continue;
+		}
+# endif /* ! NO_GROUP_SET */
+		if (!bitset(S_IXOTH, stbuf.st_mode))
+		{
+			ret = EACCES;
+			break;
+		}
+	}
+	if (tTd(44, 4))
+		dprintf("\t[dir %s] %s\n", fn,
+			ret == 0 ? "OK" : errstring(ret));
+	return ret;
+}
+/*
+**  SAFEOPEN -- do a file open with extra checking
+**
+**	Parameters:
+**		fn -- the file name to open.
+**		omode -- the open-style mode flags.
+**		cmode -- the create-style mode flags.
+**		sff -- safefile flags.
+**
+**	Returns:
+**		Same as open.
+*/
+
+#ifndef O_ACCMODE
+# define O_ACCMODE	(O_RDONLY|O_WRONLY|O_RDWR)
+#endif /* ! O_ACCMODE */
+
+int
+safeopen(fn, omode, cmode, sff)
+	char *fn;
+	int omode;
+	int cmode;
+	long sff;
+{
+	int rval;
+	int fd;
+	int smode;
+	struct stat stb;
+
+	if (tTd(44, 10))
+		printf("safeopen: fn=%s, omode=%x, cmode=%x, sff=%lx\n",
+		       fn, omode, cmode, sff);
+
+	if (bitset(O_CREAT, omode))
+		sff |= SFF_CREAT;
+	omode &= ~O_CREAT;
+	smode = 0;
+	switch (omode & O_ACCMODE)
+	{
+	  case O_RDONLY:
+		smode = S_IREAD;
+		break;
+
+	  case O_WRONLY:
+		smode = S_IWRITE;
+		break;
+
+	  case O_RDWR:
+		smode = S_IREAD|S_IWRITE;
+		break;
+
+	  default:
+		smode = 0;
+		break;
+	}
+	if (bitset(SFF_OPENASROOT, sff))
+		rval = safefile(fn, RunAsUid, RunAsGid, RunAsUserName,
+				sff, smode, &stb);
+	else
+		rval = safefile(fn, RealUid, RealGid, RealUserName,
+				sff, smode, &stb);
+	if (rval != 0)
+	{
+		errno = rval;
+		return -1;
+	}
+	if (stb.st_mode == ST_MODE_NOFILE && bitset(SFF_CREAT, sff))
+		omode |= O_CREAT | (bitset(SFF_NOTEXCL, sff) ? 0 : O_EXCL);
+	else if (bitset(SFF_CREAT, sff) && bitset(O_EXCL, omode))
+	{
+		/* The file exists so an exclusive create would fail */
+		errno = EEXIST;
+		return -1;
+	}
+
+	fd = dfopen(fn, omode, cmode, sff);
+	if (fd < 0)
+		return fd;
+	if (filechanged(fn, fd, &stb))
+	{
+		syserr("554 5.3.0 cannot open: file %s changed after open", fn);
+		(void) close(fd);
+		errno = E_SM_FILECHANGE;
+		return -1;
+	}
+	return fd;
+}
+/*
+**  SAFEFOPEN -- do a file open with extra checking
+**
+**	Parameters:
+**		fn -- the file name to open.
+**		omode -- the open-style mode flags.
+**		cmode -- the create-style mode flags.
+**		sff -- safefile flags.
+**
+**	Returns:
+**		Same as fopen.
+*/
+
+FILE *
+safefopen(fn, omode, cmode, sff)
+	char *fn;
+	int omode;
+	int cmode;
+	long sff;
+{
+	int fd;
+	int save_errno;
+	FILE *fp;
+	char *fmode;
+
+	switch (omode & O_ACCMODE)
+	{
+	  case O_RDONLY:
+		fmode = "r";
+		break;
+
+	  case O_WRONLY:
+		if (bitset(O_APPEND, omode))
+			fmode = "a";
+		else
+			fmode = "w";
+		break;
+
+	  case O_RDWR:
+		if (bitset(O_TRUNC, omode))
+			fmode = "w+";
+		else if (bitset(O_APPEND, omode))
+			fmode = "a+";
+		else
+			fmode = "r+";
+		break;
+
+	  default:
+		syserr("554 5.3.5 safefopen: unknown omode %o", omode);
+		fmode = "x";
+	}
+	fd = safeopen(fn, omode, cmode, sff);
+	if (fd < 0)
+	{
+		save_errno = errno;
+		if (tTd(44, 10))
+			dprintf("safefopen: safeopen failed: %s\n",
+				errstring(errno));
+		errno = save_errno;
+		return NULL;
+	}
+	fp = fdopen(fd, fmode);
+	if (fp != NULL)
+		return fp;
+
+	save_errno = errno;
+	if (tTd(44, 10))
+	{
+		dprintf("safefopen: fdopen(%s, %s) failed: omode=%x, sff=%lx, err=%s\n",
+			fn, fmode, omode, sff, errstring(errno));
+	}
+	(void) close(fd);
+	errno = save_errno;
+	return NULL;
+}
+/*
+**  FILECHANGED -- check to see if file changed after being opened
+**
+**	Parameters:
+**		fn -- pathname of file to check.
+**		fd -- file descriptor to check.
+**		stb -- stat structure from before open.
+**
+**	Returns:
+**		TRUE -- if a problem was detected.
+**		FALSE -- if this file is still the same.
+*/
+
+bool
+filechanged(fn, fd, stb)
+	char *fn;
+	int fd;
+	struct stat *stb;
+{
+	struct stat sta;
+
+	if (stb->st_mode == ST_MODE_NOFILE)
+	{
+# if HASLSTAT && BOGUS_O_EXCL
+		/* only necessary if exclusive open follows symbolic links */
+		if (lstat(fn, stb) < 0 || stb->st_nlink != 1)
+			return TRUE;
+# else /* HASLSTAT && BOGUS_O_EXCL */
+		return FALSE;
+# endif /* HASLSTAT && BOGUS_O_EXCL */
+	}
+	if (fstat(fd, &sta) < 0)
+		return TRUE;
+
+	if (sta.st_nlink != stb->st_nlink ||
+	    sta.st_dev != stb->st_dev ||
+	    sta.st_ino != stb->st_ino ||
+# if HAS_ST_GEN && 0		/* AFS returns garbage in st_gen */
+	    sta.st_gen != stb->st_gen ||
+# endif /* HAS_ST_GEN && 0 */
+	    sta.st_uid != stb->st_uid ||
+	    sta.st_gid != stb->st_gid)
+	{
+		if (tTd(44, 8))
+		{
+			dprintf("File changed after opening:\n");
+			dprintf(" nlink	= %ld/%ld\n",
+				(long) stb->st_nlink, (long) sta.st_nlink);
+			dprintf(" dev	= %ld/%ld\n",
+				(long) stb->st_dev, (long) sta.st_dev);
+			if (sizeof sta.st_ino > sizeof (long))
+			{
+				dprintf(" ino	= %s/",
+					quad_to_string(stb->st_ino));
+				dprintf("%s\n",
+					quad_to_string(sta.st_ino));
+			}
+			else
+				dprintf(" ino	= %lu/%lu\n",
+					(unsigned long) stb->st_ino,
+					(unsigned long) sta.st_ino);
+# if HAS_ST_GEN
+			dprintf(" gen	= %ld/%ld\n",
+				(long) stb->st_gen, (long) sta.st_gen);
+# endif /* HAS_ST_GEN */
+			dprintf(" uid	= %ld/%ld\n",
+				(long) stb->st_uid, (long) sta.st_uid);
+			dprintf(" gid	= %ld/%ld\n",
+				(long) stb->st_gid, (long) sta.st_gid);
+		}
+		return TRUE;
+	}
+
+	return FALSE;
+}
+/*
+**  DFOPEN -- determined file open
+**
+**	This routine has the semantics of open, except that it will
+**	keep trying a few times to make this happen.  The idea is that
+**	on very loaded systems, we may run out of resources (inodes,
+**	whatever), so this tries to get around it.
+*/
+
+int
+dfopen(filename, omode, cmode, sff)
+	char *filename;
+	int omode;
+	int cmode;
+	long sff;
+{
+	register int tries;
+	int fd = -1;
+	struct stat st;
+
+	for (tries = 0; tries < 10; tries++)
+	{
+		(void) sleep((unsigned) (10 * tries));
+		errno = 0;
+		fd = open(filename, omode, cmode);
+		if (fd >= 0)
+			break;
+		switch (errno)
+		{
+		  case ENFILE:		/* system file table full */
+		  case EINTR:		/* interrupted syscall */
+#ifdef ETXTBSY
+		  case ETXTBSY:		/* Apollo: net file locked */
+#endif /* ETXTBSY */
+			continue;
+		}
+		break;
+	}
+	if (!bitset(SFF_NOLOCK, sff) &&
+	    fd >= 0 &&
+	    fstat(fd, &st) >= 0 &&
+	    S_ISREG(st.st_mode))
+	{
+		int locktype;
+
+		/* lock the file to avoid accidental conflicts */
+		if ((omode & O_ACCMODE) != O_RDONLY)
+			locktype = LOCK_EX;
+		else
+			locktype = LOCK_SH;
+		if (!lockfile(fd, filename, NULL, locktype))
+		{
+			int save_errno = errno;
+
+			(void) close(fd);
+			fd = -1;
+			errno = save_errno;
+		}
+		else
+			errno = 0;
+	}
+	return fd;
+}
diff --git a/contrib/sendmail/libsmutil/snprintf.c b/contrib/sendmail/libsmutil/snprintf.c
new file mode 100644
index 0000000..297fbe8
--- /dev/null
+++ b/contrib/sendmail/libsmutil/snprintf.c
@@ -0,0 +1,430 @@
+/*
+ * Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ * Copyright (c) 1997 Eric P. Allman.  All rights reserved.
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: snprintf.c,v 8.27.16.1 2000/07/15 17:35:18 gshapiro Exp $";
+#endif /* ! lint */
+
+#include <sendmail.h>
+
+/*
+**  SNPRINTF, VSNPRINT -- counted versions of printf
+**
+**	These versions have been grabbed off the net.  They have been
+**	cleaned up to compile properly and support for .precision and
+**	%lx has been added.
+*/
+
+/**************************************************************
+ * Original:
+ * Patrick Powell Tue Apr 11 09:48:21 PDT 1995
+ * A bombproof version of doprnt (sm_dopr) included.
+ * Sigh.  This sort of thing is always nasty do deal with.  Note that
+ * the version here does not include floating point...
+ *
+ * snprintf() is used instead of sprintf() as it does limit checks
+ * for string length.  This covers a nasty loophole.
+ *
+ * The other functions are there to prevent NULL pointers from
+ * causing nast effects.
+ **************************************************************/
+
+/*static char _id[] = "$OrigId: snprintf.c,v 1.2 1995/10/09 11:19:47 roberto Exp $";*/
+void	sm_dopr();
+char	*DoprEnd;
+int	SnprfOverflow;
+
+#if !HASSNPRINTF && !SNPRINTF_IS_BROKEN
+# define sm_snprintf	snprintf
+# ifndef luna2
+#  define sm_vsnprintf	vsnprintf
+extern int	vsnprintf __P((char *, size_t, const char *, va_list));
+# endif /* ! luna2 */
+#endif /* !HASSNPRINTF && !SNPRINTF_IS_BROKEN */
+
+/* VARARGS3 */
+int
+# ifdef __STDC__
+sm_snprintf(char *str, size_t count, const char *fmt, ...)
+# else /* __STDC__ */
+sm_snprintf(str, count, fmt, va_alist)
+	char *str;
+	size_t count;
+	const char *fmt;
+	va_dcl
+# endif /* __STDC__ */
+{
+	int len;
+	VA_LOCAL_DECL
+
+	VA_START(fmt);
+	len = sm_vsnprintf(str, count, fmt, ap);
+	VA_END;
+	return len;
+}
+
+int
+sm_vsnprintf(str, count, fmt, args)
+	char *str;
+	size_t count;
+	const char *fmt;
+	va_list args;
+{
+	str[0] = 0;
+	DoprEnd = str + count - 1;
+	SnprfOverflow = 0;
+	sm_dopr( str, fmt, args );
+	if (count > 0)
+		DoprEnd[0] = 0;
+	if (SnprfOverflow && tTd(57, 2))
+		dprintf("\nvsnprintf overflow, len = %ld, str = %s",
+			(long) count, shortenstring(str, MAXSHORTSTR));
+	return strlen(str);
+}
+
+/*
+ * sm_dopr(): poor man's version of doprintf
+ */
+
+void fmtstr __P((char *value, int ljust, int len, int zpad, int maxwidth));
+void fmtnum __P((long value, int base, int dosign, int ljust, int len, int zpad));
+void dostr __P(( char * , int ));
+char *output;
+void dopr_outch __P(( int c ));
+int	SyslogErrno;
+
+void
+sm_dopr( buffer, format, args )
+       char *buffer;
+       const char *format;
+       va_list args;
+{
+       int ch;
+       long value;
+       int longflag  = 0;
+       int pointflag = 0;
+       int maxwidth  = 0;
+       char *strvalue;
+       int ljust;
+       int len;
+       int zpad;
+#if !HASSTRERROR && !defined(ERRLIST_PREDEFINED)
+	extern char *sys_errlist[];
+	extern int sys_nerr;
+#endif /* !HASSTRERROR && !defined(ERRLIST_PREDEFINED) */
+
+
+       output = buffer;
+       while( (ch = *format++) != '\0' ){
+	       switch( ch ){
+	       case '%':
+		       ljust = len = zpad = maxwidth = 0;
+		       longflag = pointflag = 0;
+	       nextch:
+		       ch = *format++;
+		       switch( ch ){
+		       case 0:
+			       dostr( "**end of format**" , 0);
+			       return;
+		       case '-': ljust = 1; goto nextch;
+		       case '0': /* set zero padding if len not set */
+			       if(len==0 && !pointflag) zpad = '0';
+				/* FALLTHROUGH */
+		       case '1': case '2': case '3':
+		       case '4': case '5': case '6':
+		       case '7': case '8': case '9':
+			       if (pointflag)
+				 maxwidth = maxwidth*10 + ch - '0';
+			       else
+				 len = len*10 + ch - '0';
+			       goto nextch;
+		       case '*':
+			       if (pointflag)
+				 maxwidth = va_arg( args, int );
+			       else
+				 len = va_arg( args, int );
+			       goto nextch;
+		       case '.': pointflag = 1; goto nextch;
+		       case 'l': longflag = 1; goto nextch;
+		       case 'u': case 'U':
+			       /*fmtnum(value,base,dosign,ljust,len,zpad) */
+			       if( longflag ){
+				       value = va_arg( args, long );
+			       } else {
+				       value = va_arg( args, int );
+			       }
+			       fmtnum( value, 10,0, ljust, len, zpad ); break;
+		       case 'o': case 'O':
+			       /*fmtnum(value,base,dosign,ljust,len,zpad) */
+			       if( longflag ){
+				       value = va_arg( args, long );
+			       } else {
+				       value = va_arg( args, int );
+			       }
+			       fmtnum( value, 8,0, ljust, len, zpad ); break;
+		       case 'd': case 'D':
+			       if( longflag ){
+				       value = va_arg( args, long );
+			       } else {
+				       value = va_arg( args, int );
+			       }
+			       fmtnum( value, 10,1, ljust, len, zpad ); break;
+		       case 'x':
+			       if( longflag ){
+				       value = va_arg( args, long );
+			       } else {
+				       value = va_arg( args, int );
+			       }
+			       fmtnum( value, 16,0, ljust, len, zpad ); break;
+		       case 'X':
+			       if( longflag ){
+				       value = va_arg( args, long );
+			       } else {
+				       value = va_arg( args, int );
+			       }
+			       fmtnum( value,-16,0, ljust, len, zpad ); break;
+		       case 's':
+			       strvalue = va_arg( args, char *);
+			       if (maxwidth > 0 || !pointflag) {
+				 if (pointflag && len > maxwidth)
+				   len = maxwidth; /* Adjust padding */
+				 fmtstr( strvalue,ljust,len,zpad, maxwidth);
+			       }
+			       break;
+		       case 'c':
+			       ch = va_arg( args, int );
+			       dopr_outch( ch ); break;
+		       case 'm':
+#if HASSTRERROR
+			       dostr(strerror(SyslogErrno), 0);
+#else /* HASSTRERROR */
+			       if (SyslogErrno < 0 || SyslogErrno >= sys_nerr)
+			       {
+				   dostr("Error ", 0);
+				   fmtnum(SyslogErrno, 10, 0, 0, 0, 0);
+			       }
+			       else
+				   dostr((char *)sys_errlist[SyslogErrno], 0);
+#endif /* HASSTRERROR */
+			       break;
+
+		       case '%': dopr_outch( ch ); continue;
+		       default:
+			       dostr(  "???????" , 0);
+		       }
+		       break;
+	       default:
+		       dopr_outch( ch );
+		       break;
+	       }
+       }
+       *output = 0;
+}
+
+void
+fmtstr(  value, ljust, len, zpad, maxwidth )
+       char *value;
+       int ljust, len, zpad, maxwidth;
+{
+       int padlen, strleng;     /* amount to pad */
+
+       if( value == 0 ){
+	       value = "<NULL>";
+       }
+       for( strleng = 0; value[strleng]; ++ strleng ); /* strlen */
+       if (strleng > maxwidth && maxwidth)
+	 strleng = maxwidth;
+       padlen = len - strleng;
+       if( padlen < 0 ) padlen = 0;
+       if( ljust ) padlen = -padlen;
+       while( padlen > 0 ) {
+	       dopr_outch( ' ' );
+	       --padlen;
+       }
+       dostr( value, maxwidth );
+       while( padlen < 0 ) {
+	       dopr_outch( ' ' );
+	       ++padlen;
+       }
+}
+
+void
+fmtnum(  value, base, dosign, ljust, len, zpad )
+       long value;
+       int base, dosign, ljust, len, zpad;
+{
+       int signvalue = 0;
+       unsigned long uvalue;
+       char convert[20];
+       int place = 0;
+       int padlen = 0; /* amount to pad */
+       int caps = 0;
+
+       /* DEBUGP(("value 0x%x, base %d, dosign %d, ljust %d, len %d, zpad %d\n",
+	       value, base, dosign, ljust, len, zpad )); */
+       uvalue = value;
+       if( dosign ){
+	       if( value < 0 ) {
+		       signvalue = '-';
+		       uvalue = -value;
+	       }
+       }
+       if( base < 0 ){
+	       caps = 1;
+	       base = -base;
+       }
+       do{
+	       convert[place++] =
+		       (caps? "0123456789ABCDEF":"0123456789abcdef")
+			[uvalue % (unsigned)base  ];
+	       uvalue = (uvalue / (unsigned)base );
+       }while(uvalue);
+       convert[place] = 0;
+       padlen = len - place;
+       if( padlen < 0 ) padlen = 0;
+       if( ljust ) padlen = -padlen;
+       /* DEBUGP(( "str '%s', place %d, sign %c, padlen %d\n",
+	       convert,place,signvalue,padlen)); */
+       if( zpad && padlen > 0 ){
+	       if( signvalue ){
+		       dopr_outch( signvalue );
+		       --padlen;
+		       signvalue = 0;
+	       }
+	       while( padlen > 0 ){
+		       dopr_outch( zpad );
+		       --padlen;
+	       }
+       }
+       while( padlen > 0 ) {
+	       dopr_outch( ' ' );
+	       --padlen;
+       }
+       if( signvalue ) dopr_outch( signvalue );
+       while( place > 0 ) dopr_outch( convert[--place] );
+       while( padlen < 0 ){
+	       dopr_outch( ' ' );
+	       ++padlen;
+       }
+}
+
+void
+dostr( str , cut)
+     char *str;
+     int cut;
+{
+  if (cut) {
+    while(*str && cut-- > 0) dopr_outch(*str++);
+  } else {
+    while(*str) dopr_outch(*str++);
+  }
+}
+
+void
+dopr_outch( c )
+       int c;
+{
+#if 0
+       if( iscntrl(c) && c != '\n' && c != '\t' ){
+	       c = '@' + (c & 0x1F);
+	       if( DoprEnd == 0 || output < DoprEnd )
+		       *output++ = '^';
+       }
+#endif /* 0 */
+       if( DoprEnd == 0 || output < DoprEnd )
+	       *output++ = c;
+       else
+		SnprfOverflow++;
+}
+
+/*
+**  QUAD_TO_STRING -- Convert a quad type to a string.
+**
+**	Convert a quad type to a string.  This must be done
+**	separately as %lld/%qd are not supported by snprint()
+**	and adding support would slow down systems which only
+**	emulate the data type.
+**
+**	Parameters:
+**		value -- number to convert to a string.
+**
+**	Returns:
+**		pointer to a string.
+*/
+
+char *
+quad_to_string(value)
+	QUAD_T value;
+{
+	char *formatstr;
+	static char buf[64];
+
+	/*
+	**  Use sprintf() instead of snprintf() since snprintf()
+	**  does not support %qu or %llu.  The buffer is large enough
+	**  to hold the string so there is no danger of buffer
+	**  overflow.
+	*/
+
+#if NEED_PERCENTQ
+	formatstr = "%qu";
+#else /* NEED_PERCENTQ */
+	formatstr = "%llu";
+#endif /* NEED_PERCENTQ */
+	sprintf(buf, formatstr, value);
+	return buf;
+}
+/*
+**  SHORTENSTRING -- return short version of a string
+**
+**	If the string is already short, just return it.  If it is too
+**	long, return the head and tail of the string.
+**
+**	Parameters:
+**		s -- the string to shorten.
+**		m -- the max length of the string (strlen()).
+**
+**	Returns:
+**		Either s or a short version of s.
+*/
+
+char *
+shortenstring(s, m)
+	register const char *s;
+	int m;
+{
+	int l;
+	static char buf[MAXSHORTSTR + 1];
+
+	l = strlen(s);
+	if (l < m)
+		return (char *) s;
+	if (m > MAXSHORTSTR)
+		m = MAXSHORTSTR;
+	else if (m < 10)
+	{
+		if (m < 5)
+		{
+			(void) strlcpy(buf, s, m + 1);
+			return buf;
+		}
+		(void) strlcpy(buf, s, m - 2);
+		(void) strlcat(buf, "...", sizeof buf);
+		return buf;
+	}
+	m = (m - 3) / 2;
+	(void) strlcpy(buf, s, m + 1);
+	(void) strlcat(buf, "...", sizeof buf);
+	(void) strlcat(buf, s + l - m, sizeof buf);
+	return buf;
+}
diff --git a/contrib/sendmail/libsmutil/strl.c b/contrib/sendmail/libsmutil/strl.c
new file mode 100644
index 0000000..b0a7662
--- /dev/null
+++ b/contrib/sendmail/libsmutil/strl.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: strl.c,v 8.5.14.1 2000/05/12 20:46:17 ca Exp $";
+#endif /* ! lint */
+
+#include <sendmail.h>
+
+#if !HASSTRL
+/*
+**  strlcpy -- copy string obeying length and '\0' terminate it
+**
+**		terminates with '\0' if len > 0
+**
+**	Parameters:
+**		dst -- "destination" string.
+**		src -- "from" string.
+**		len -- length of space available in "destination" string.
+**
+**	Returns:
+**		total length of the string tried to create (=strlen(src))
+**		if this is greater than len then an overflow would have
+**		occurred.
+*/
+
+size_t
+strlcpy(dst, src, len)
+	register char *dst;
+	register const char *src;
+	size_t len;
+{
+	register size_t i;
+
+	if (len-- <= 0)
+		return strlen(src);
+	for (i = 0; i < len && (dst[i] = src[i]) != 0; i++)
+		continue;
+	dst[i] = '\0';
+	if (src[i] == '\0')
+		return i;
+	else
+		return i + strlen(src + i);
+}
+/*
+**  strlcat -- catenate strings obeying length and '\0' terminate it
+**
+**		strlcat will append at most len - strlen(dst) - 1 chars.
+**		terminates with '\0' if len > 0
+**
+**	Parameters:
+**		dst -- "destination" string.
+**		src -- "from" string.
+**		len -- max. length of "destination" string.
+**
+**	Returns:
+**		total length of the string tried to create
+**		(= initial length of dst + length of src)
+**		if this is greater than len then an overflow would have
+**		occurred.
+*/
+
+size_t
+strlcat(dst, src, len)
+	register char *dst;
+	register const char *src;
+	size_t len;
+{
+	register size_t i, j, o;
+
+	o = strlen(dst);
+	if (len < o + 1)
+		return o + strlen(src);
+	len -= o + 1;
+	for (i = 0, j = o; i < len && (dst[j] = src[i]) != 0; i++, j++)
+		continue;
+	dst[j] = '\0';
+	if (src[i] == '\0')
+		return j;
+	else
+		return j + strlen(src + i);
+}
+
+#endif /* !HASSTRL */
diff --git a/contrib/sendmail/mail.local/Build b/contrib/sendmail/mail.local/Build
index ab8a49d..65ccd71 100755
--- a/contrib/sendmail/mail.local/Build
+++ b/contrib/sendmail/mail.local/Build
@@ -1,513 +1,13 @@
 #!/bin/sh
 
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
-# Copyright (c) 1993, 1996-1997 Eric P. Allman.  All rights reserved.
-# Copyright (c) 1993
-#	The Regents of the University of California.  All rights reserved.
+# Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
 # the sendmail distribution.
 #
 #
-#       @(#)Build	8.93 (Berkeley) 6/24/98
-#
-
-#
-#  A quick-and-dirty script to compile sendmail and related programs
-#  in the presence of multiple architectures.  To use, just use
-#  "sh Build".
-#
-
-trap "rm -f $obj/.settings$$; exit" 1 2 3 15
-
-cflag=""
-mflag=""
-sflag=""
-makeargs=""
-libdirs=""
-incdirs=""
-libsrch=""
-siteconfig=""
-EX_USAGE=64
-EX_NOINPUT=66
-EX_UNAVAILABLE=69
-
-while [ ! -z "$1" ]
-do
-	case $1
-	in
-	  -c)	# clean out existing $obj tree
-		cflag=1
-		shift
-		;;
-
-	  -m)	# show Makefile name only
-		mflag=1
-		shift
-		;;
-
-	  -E*)	# environment variables to pass into Build
-		arg=`echo $1 | sed 's/^-E//'`
-		if [ -z "$arg" ]
-		then
-		    shift   # move to argument
-		    arg=$1
-		fi
-		if [ -z "$arg" ]
-		then
-			echo "Empty -E flag" >&2
-			exit $EX_USAGE
-		else
-			case $arg
-			in
-			  *=*)	# check format
-				eval $arg
-				export `echo $arg | sed 's;=.*;;'`
-				;;
-			  *)	# bad format
-				echo "Bad format for -E argument ($arg)" >&2
-				exit $EX_USAGE
-				;;
-			esac
-			shift
-		fi
-		;;
-
-	  -L*)	# set up LIBDIRS
-		libdirs="$libdirs $1"
-		shift
-		;;
-
-	  -I*)	# set up INCDIRS
-		incdirs="$incdirs $1"
-		shift
-		;;
-
-	  -f*)	# select site config file
-		arg=`echo $1 | sed 's/^-f//'`
-		if [ -z "$arg" ]
-		then
-		    shift   # move to argument
-		    arg=$1
-		fi
-		if [ "$siteconfig" ]
-		then
-			echo "Only one -f flag allowed" >&2
-			exit $EX_USAGE
-		else
-			siteconfig=$arg
-			if [ -z "$siteconfig" ]
-			then
-				echo "Missing argument for -f flag" >&2
-				exit $EX_USAGE
-			elif [ ! -f "$siteconfig" ]
-			then
-				echo "${siteconfig}: File not found"
-				exit $EX_NOINPUT
-			else
-				shift	# move past argument
-			fi
-		fi
-		;;
-
-	  -S)	# skip auto-configure
-		sflag="-s"
-		shift
-		;;
-
-	  *)	# pass argument to make
-		makeargs="$makeargs \"$1\""
-		shift
-		;;
-	esac
-done
-
-#
-#  Do heuristic guesses !ONLY! for machines that do not have uname
-#
-if [ -d /NextApps -a ! -f /bin/uname -a ! -f /usr/bin/uname ]
-then
-	# probably a NeXT box
-	arch=`hostinfo | sed -n 's/.*Processor type: \([^ ]*\).*/\1/p'`
-	os=NeXT
-	rel=`hostinfo | sed -n 's/.*NeXT Mach \([0-9\.]*\).*/\1/p'`
-elif [ -f /usr/sony/bin/machine -a -f /etc/osversion ]
-then
-	# probably a Sony NEWS 4.x
-	os=NEWS-OS
-	rel=`awk '{ print $3}' /etc/osversion`
-	arch=`/usr/sony/bin/machine`
-elif [ -d /usr/omron -a -f /bin/luna ]
-then
-	# probably a Omron LUNA
-	os=LUNA
-	if [ -f /bin/luna1 ] && /bin/luna1
-	then
-		rel=unios-b
-		arch=luna1
-	elif [ -f /bin/luna2 ] && /bin/luna2
-	then
-		rel=Mach
-		arch=luna2
-	elif [ -f /bin/luna88k ] && /bin/luna88k
-	then
-		rel=Mach
-		arch=luna88k
-	fi
-elif [ -d /usr/apollo -a -d \`node_data ]
-then
-	# probably a Apollo/DOMAIN
-	os=DomainOS
-	arch=$ISP
-	rel=`/usr/apollo/bin/bldt | grep Domain | awk '{ print $4 }' | sed -e 's/,//g'`
-fi
-
-if [ ! "$arch" -a ! "$os" -a ! "$rel" ]
-then
-	arch=`uname -m | sed -e 's/ //g'`
-	os=`uname -s | sed -e 's/\//-/g' -e 's/ //g'`
-	rel=`uname -r | sed -e 's/(/-/g' -e 's/)//g'`
-fi
-
-#
-#  Tweak the values we have already got.  PLEASE LIMIT THESE to
-#  tweaks that are absolutely necessary because your system uname
-#  routine doesn't return something sufficiently unique.  Don't do
-#  it just because you don't like the name that is returned.  You
-#  can combine the architecture name with the os name to create a
-#  unique Makefile name.
-#
-
-# tweak machine architecture
-case $arch
-in
-  sun4*)	arch=sun4;;
-
-  9000/*)	arch=`echo $arch | sed -e 's/9000.//' -e 's/..$/xx/'`;;
-
-  DS/907000)	arch=ds90;;
-
-  NILE*)	arch=NILE
-		os=`uname -v`;;
-esac
-
-# tweak operating system type and release
-node=`uname -n | sed -e 's/\//-/g' -e 's/ //g'`
-if [ "$os" = "$node" -a "$arch" = "i386" -a "$rel" = 3.2 -a "`uname -v`" = 2 ]
-then
-	# old versions of SCO UNIX set uname -s the same as uname -n
-	os=SCO_SV
-fi
-if [ "$rel" = 4.0 ]
-then
-	case $arch in
-	  3[34]??|3[34]??,*)
-		if [ -d /usr/sadm/sysadm/add-ons/WIN-TCP ]
-		then
-			os=NCR.MP-RAS.2.x
-		elif [ -d /usr/sadm/sysadm/add-ons/inet ]
-		then
-			os=NCR.MP-RAS.3.x
-		fi
-		;;
-	esac
-fi
-
-case $os
-in
-  DYNIX-ptx)	os=PTX;;
-  Paragon*)	os=Paragon;;
-  HP-UX)	rel=`echo $rel | sed -e 's/^[^.]*\.0*//'`;;
-  AIX)		rela=$rel
-		rel=`uname -v`
-		case $rel in
-		  2)	arch=""
-			;;
-		  4)	if [ "$rela" = "3" ]
-			then
-				arch=$rela
-			fi
-			;;
-		esac
-		rel=$rel.$rela
-		;;
-  BSD-386)	os=BSD-OS;;
-  SCO_SV)	os=SCO; rel=`uname -X | sed -n 's/Release = 3.2v//p'`;;
-  UNIX_System_V) if [ "$arch" = "ds90" ]
-		then
-			os="UXPDS"
-			rel=`uname -v | sed -e 's/\(V.*\)L.*/\1/'`
-		fi;;
-  SINIX-?)	os=SINIX;;
-  DomainOS)	case $rel in
-		  10.4*)	rel=10.4;;
-		esac
-		;;
-esac
-
-# get "base part" of operating system release
-rroot=`echo $rel | sed -e 's/\.[^.]*$//'`
-rbase=`echo $rel | sed -e 's/\..*//'`
-if [ "$rroot" = "$rbase" ]
-then
-	rroot=$rel
-fi
-
-# heuristic tweaks to clean up names -- PLEASE LIMIT THESE!
-if [ "$os" = "unix" ]
-then
-	# might be Altos System V
-	case $rel
-	in
-	  5.3*)		os=Altos;;
-	esac
-elif [ -r /unix -a -r /usr/lib/libseq.a -a -r /lib/cpp ]
-then
-	# might be a DYNIX/ptx 2.x system, which has a broken uname
-	if strings /lib/cpp | grep _SEQUENT_ > /dev/null
-	then
-		os=PTX
-	fi
-elif [ -d /usr/nec ]
-then
-	# NEC machine -- what is it running?
-	if [ "$os" = "UNIX_System_V" ]
-	then
-		os=EWS-UX_V
-	elif [ "$os" = "UNIX_SV" ]
-	then
-		os=UX4800
-	fi
-elif [ "$arch" = "mips" ]
-then
-	case $rel
-	in
-	  4_*)
-		if [ `uname -v` = "UMIPS" ]
-		then
-			os=RISCos
-		fi;;
-	esac
-fi
-
-# see if there is a "user suffix" specified
-if [ "${SENDMAIL_SUFFIX-}x" = "x" ]
-then
-	sfx=""
-else
-	sfx=".${SENDMAIL_SUFFIX}"
-fi
-
-echo "Configuration: os=$os, rel=$rel, rbase=$rbase, rroot=$rroot, arch=$arch, sfx=$sfx"
-
-
-SMROOT=${SMROOT-..}
-BUILDTOOLS=${BUILDTOOLS-$SMROOT/BuildTools}
-export SMROOT BUILDTOOLS
-
-# see if we are in a Build-able directory
-if [ ! -f Makefile.m4 ]; then
-	echo "Makefile.m4 not found.  Build can only be run from a source directory."
-	exit $EX_UNAVAILABLE
-fi
-
-# now try to find a reasonable object directory
-if [ -r obj.$os.$rel.$arch$sfx ]; then
-	obj=obj.$os.$rel.$arch$sfx
-elif [ -r obj.$os.$rroot.$arch$sfx ]; then
-	obj=obj.$os.$rroot.$arch$sfx
-elif [ -r obj.$os.$rbase.x.$arch$sfx ]; then
-	obj=obj.$os.$rbase.x.$arch$sfx
-elif [ -r obj.$os.$rel$sfx ]; then
-	obj=obj.$os.$rel$sfx
-elif [ -r obj.$os.$rbase.x$sfx ]; then
-	obj=obj.$os.$rbase.x$sfx
-elif [ -r obj.$os.$arch$sfx ]; then
-	obj=obj.$os.$arch$sfx
-elif [ -r obj.$rel.$arch$sfx ]; then
-	obj=obj.$rel.$arch$sfx
-elif [ -r obj.$rbase.x.$arch$sfx ]; then
-	obj=obj.$rbase.x.$arch$sfx
-elif [ -r obj.$os$sfx ]; then
-	obj=obj.$os$sfx
-elif [ -r obj.$arch$sfx ]; then
-	obj=obj.$arch$sfx
-elif [ -r obj.$rel$sfx ]; then
-	obj=obj.$rel$sfx
-elif [ -r obj$sfx ]; then
-	obj=obj$sfx
-fi
-if [ -z "$obj" -o "$cflag" ]
-then
-	if [ -n "$obj" ]
-	then
-		echo "Clearing out existing $obj tree"
-		rm -rf $obj
-	else
-		# no existing obj directory -- try to create one if Makefile found
-		obj=obj.$os.$rel.$arch$sfx
-	fi
-	if [ -r $BUILDTOOLS/OS/$os.$rel.$arch$sfx ]; then
-		oscf=$os.$rel.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rel.$arch ]; then
-		oscf=$os.$rel.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot.$arch$sfx ]; then
-		oscf=$os.$rroot.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot.$arch ]; then
-		oscf=$os.$rroot.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x.$arch$sfx ]; then
-		oscf=$os.$rbase.x.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x.$arch ]; then
-		oscf=$os.$rbase.x.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rel$sfx ]; then
-		oscf=$os.$rel$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rel ]; then
-		oscf=$os.$rel
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot$sfx ]; then
-		oscf=$os.$rroot$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot ]; then
-		oscf=$os.$rroot
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x$sfx ]; then
-		oscf=$os.$rbase.x$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x ]; then
-		oscf=$os.$rbase.x
-	elif [ -r $BUILDTOOLS/OS/$os.$arch$sfx ]; then
-		oscf=$os.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$arch ]; then
-		oscf=$os.$arch
-	elif [ -r $BUILDTOOLS/OS/$rel.$arch$sfx ]; then
-		oscf=$rel.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rel.$arch ]; then
-		oscf=$rel.$arch
-	elif [ -r $BUILDTOOLS/OS/$rroot.$arch$sfx ]; then
-		oscf=$rroot.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rroot.$arch ]; then
-		oscf=$rroot.$arch
-	elif [ -r $BUILDTOOLS/OS/$rbase.x.$arch$sfx ]; then
-		oscf=$rbase.x.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rbase.x.$arch ]; then
-		oscf=$rbase.x.$arch
-	elif [ -r $BUILDTOOLS/OS/$os$sfx ]; then
-		oscf=$os$sfx
-	elif [ -r $BUILDTOOLS/OS/$os ]; then
-		oscf=$os
-	elif [ -r $BUILDTOOLS/OS/$arch$sfx ]; then
-		oscf=$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$arch ]; then
-		oscf=$arch
-	elif [ -r $BUILDTOOLS/OS/$rel$sfx ]; then
-		oscf=$rel$sfx
-	elif [ -r $BUILDTOOLS/OS/$rel ]; then
-		oscf=$rel
-	elif [ -r $BUILDTOOLS/OS/$rel$sfx ]; then
-		oscf=$rel$sfx
-	else
-		echo "Cannot determine how to support $arch.$os.$rel" >&2
-		exit $EX_UNAVAILABLE
-	fi
-	M4=`sh $BUILDTOOLS/bin/find_m4.sh`
-	ret=$?
-	if [ $ret -ne 0 ]
-	then
-		exit $ret
-	fi
-	echo "Using M4=$M4"
-	export M4
-	if [ "$mflag" ]
-	then
-		echo "Will run in virgin $obj using $BUILDTOOLS/OS/$oscf"
-		exit 0
-	fi
-	if [ "$ABI" ]
-	then
-		echo "Using ABI $ABI"
-	fi
-	echo "Creating $obj using $BUILDTOOLS/OS/$oscf"
-	mkdir $obj
-	(cd $obj; ln -s ../*.[ch158] .)
-	if [ -f sendmail.hf ]
-	then
-		(cd $obj; ln -s ../sendmail.hf .)
-	fi
-
-	rm -f $obj/.settings$$
-	echo 'divert(-1)' > $obj/.settings$$
-	cat $BUILDTOOLS/M4/header.m4 >> $obj/.settings$$
-	if [ "$ABI" ]
-	then
-		echo "define(\`confABI', \`$ABI')" >> $obj/.settings$$
-	fi
-	cat $BUILDTOOLS/OS/$oscf >> $obj/.settings$$
-
-	if [ -z "$siteconfig" ]
-	then
-		# none specified, use defaults
-		if [ -f $BUILDTOOLS/Site/site.$oscf$sfx.m4 ]
-		then
-			siteconfig=$BUILDTOOLS/Site/site.$oscf$sfx.m4
-		elif [ -f $BUILDTOOLS/Site/site.$oscf.m4 ]
-		then
-			siteconfig=$BUILDTOOLS/Site/site.$oscf.m4
-		fi
-		if [ -f $BUILDTOOLS/Site/site.config.m4 ]
-		then
-			siteconfig="$BUILDTOOLS/Site/site.config.m4 $siteconfig"
-		fi
-	fi
-	if [ ! -z "$siteconfig" ]
-	then
-		echo "Including $siteconfig"
-		cat $siteconfig >> $obj/.settings$$
-	fi
-	if [ "$libdirs" ]
-	then
-		echo "define(\`confLIBDIRS', confLIBDIRS \`\`$libdirs'')" >> $obj/.settings$$
-	fi
-	if [ "$incdirs" ]
-	then
-		echo "define(\`confINCDIRS', confINCDIRS \`\`$incdirs'')" >> $obj/.settings$$
-	fi
-	echo 'divert(0)dnl' >> $obj/.settings$$
-	libdirs=`(cat $obj/.settings$$; echo "_SRIDBIL_= confLIBDIRS" ) | \
-		sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
-		grep "^_SRIDBIL_=" | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_SRIDBIL_=//"`
-	libsrch=`(cat $obj/.settings$$; echo "_HCRSBIL_= confLIBSEARCH" ) | \
-		sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
-		grep "^_HCRSBIL_=" | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_HCRSBIL_=//"`
-	echo 'divert(-1)' >> $obj/.settings$$
-	LIBDIRS="$libdirs" LIBSRCH="$libsrch" SITECONFIG="$siteconfig" sh $BUILDTOOLS/bin/configure.sh $sflag $oscf >> $obj/.settings$$
-	echo 'divert(0)dnl' >> $obj/.settings$$
-	sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' $obj/.settings$$ | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - Makefile.m4 | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' > $obj/Makefile
-	if [ $? -ne 0 -o ! -s $obj/Makefile ]
-	then
-		echo "ERROR: ${M4} failed; You may need a newer version of M4, at least as new as System V or GNU" 1>&2
-		rm -rf $obj
-		exit $EX_UNAVAILABLE
-	fi
-	rm -f $obj/.settings$$
-	echo "Making dependencies in $obj"
-	(cd $obj; ${MAKE-make} depend)
-fi
-
-if [ "$mflag" ]
-then
-	makefile=`ls -l $obj/Makefile | sed 's/.* //'`
-	if [ -z "$makefile" ]
-	then
-		echo "ERROR: $obj exists but has no Makefile" >&2
-		exit $EX_NOINPUT
-	fi
-	echo "Will run in existing $obj using $makefile"
-	exit 0
-fi
+#	$Id: Build,v 8.4 1999/03/02 02:32:28 peterh Exp $
 
-echo "Making in $obj"
-cd $obj
-eval exec ${MAKE-make} $makeargs
+exec ../devtools/bin/Build $*
diff --git a/contrib/sendmail/mail.local/Makefile b/contrib/sendmail/mail.local/Makefile
new file mode 100644
index 0000000..b560a30
--- /dev/null
+++ b/contrib/sendmail/mail.local/Makefile
@@ -0,0 +1,19 @@
+#       $Id: Makefile,v 8.5 1999/10/05 16:39:32 ca Exp $
+
+SHELL= /bin/sh
+BUILD=   ./Build
+OPTIONS= $(CONFIG) $(FLAGS)
+
+all: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+clean: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+install: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+force-install: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+
+fresh: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) -c
+
+FRC:
diff --git a/contrib/sendmail/mail.local/Makefile.m4 b/contrib/sendmail/mail.local/Makefile.m4
index bf9a155e..f5344f8 100644
--- a/contrib/sendmail/mail.local/Makefile.m4
+++ b/contrib/sendmail/mail.local/Makefile.m4
@@ -1,106 +1,29 @@
-#
-#  This Makefile is designed to work on the old "make" program.
-#
-#	@(#)Makefile.m4	8.22	(Berkeley)	7/12/1998
-#
+include(confBUILDTOOLSDIR`/M4/switch.m4')
 
-# C compiler
-CC=	confCC
+bldPRODUCT_START(`executable', `mail.local')
+define(`bldNO_INSTALL')
+define(`bldSOURCES', `mail.local.c ')
+bldPUSH_SMLIB(`smutil')
+PREPENDDEF(`confENVDEF', `confMAPDEF')
+bldPRODUCT_END
 
-# Shell
-SHELL=	confSHELL
-
-# use O=-O (usual) or O=-g (debugging)
-O=	ifdef(`confOPTIMIZE', `confOPTIMIZE', `-O')
-
-# location of sendmail source directory
-SRCDIR=	ifdef(`confSRCDIR', `confSRCDIR', `../../src')
-
-# environment definitions (e.g., -D_AIX3)
-ENVDEF= -DNOT_SENDMAIL ifdef(`confENVDEF', `confENVDEF')
-
-# see also conf.h for additional compilation flags
-
-# include directories
-INCDIRS=-I${SRCDIR} confINCDIRS
-
-# loader options
-LDOPTS=	ifdef(`confLDOPTS', `confLDOPTS')
-
-# library directories
-LIBDIRS=confLIBDIRS
-
-# libraries required on your system
-LIBS=	ifdef(`confLIBS', `confLIBS')
-
-# location of mail.local binary (usually /usr/sbin or /usr/etc)
-EBINDIR=${DESTDIR}ifdef(`confEBINDIR', `confEBINDIR', `/usr/libexec')
-
-# additional .o files needed
-OBJADD=	ifdef(`confOBJADD', `confOBJADD')
-
-undivert(1)
-
-###################  end of user configuration flags  ######################
-
-BUILDBIN=confBUILDBIN
-COPTS=	-I. ${INCDIRS} ${ENVDEF}
-CFLAGS=	$O ${COPTS}
-
-BEFORE=	snprintf.c confBEFORE
-OBJS=	mail.local.o snprintf.o ${OBJADD}
-
-NROFF=	ifdef(`confNROFF', `confNROFF', `groff -Tascii')
-MANDOC=	ifdef(`confMANDOC', `confMANDOC', `-mandoc')
-
-INSTALL=ifdef(`confINSTALL', `confINSTALL', `install')
-BINOWN=	ifdef(`confSBINOWN', `confSBINOWN', `root')
-BINGRP=	ifdef(`confSBINGRP', `confSBINGRP', `bin')
-BINMODE=ifdef(`confSBINMODE', `confSBINMODE', `4555')
-
-MANOWN=	ifdef(`confMANOWN', `confMANOWN', `bin')
-MANGRP=	ifdef(`confMANGRP', `confMANGRP', `bin')
-MANMODE=ifdef(`confMANMODE', `confMANMODE', `444')
-
-MANROOT=${DESTDIR}ifdef(`confMANROOT', `confMANROOT', `/usr/share/man/cat')
-MAN8=	${MANROOT}ifdef(`confMAN8', `confMAN8', `8')
-MAN8EXT=ifdef(`confMAN8EXT', `confMAN8EXT', `8')
-MAN8SRC=ifdef(`confMAN8SRC', `confMAN8SRC', `0')
-
-ALL=	mail.local mail.local.${MAN8SRC}
-
-all: ${ALL}
-
-mail.local: ${BEFORE} ${OBJS}
-	${CC} -o mail.local ${LDOPTS} ${OBJS} ${LIBDIRS} ${LIBS}
-
-snprintf.c: ${SRCDIR}/snprintf.c
-	-ln -s ${SRCDIR}/snprintf.c snprintf.c
-
-undivert(3)
-
-mail.local.${MAN8SRC}: mail.local.8
-	${NROFF} ${MANDOC} mail.local.8 > mail.local.${MAN8SRC}
+bldPRODUCT_START(`manpage', `mail.local')
+define(`bldSOURCES', `mail.local.8')
+bldPRODUCT_END
 
+divert(bldTARGETS_SECTION)
 install:
 	@echo "NOTE: This version of mail.local is not suited for some operating"
 	@echo "      systems such as HP-UX and Solaris.  Please consult the"
 	@echo "      README file in the mail.local directory.  You can force"
-	@echo "      the install using '${MAKE} force-install'."
+	@echo "      the install using 'Build force-install'."
 
-force-install: install-mail.local install-docs
+force-install: install-mail.local ifdef(`confNO_MAN_BUILD',, `install-docs')
 
 install-mail.local: mail.local
-	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} mail.local ${EBINDIR}
+	${INSTALL} -c -o ${UBINOWN} -g ${UBINGRP} -m ${UBINMODE} mail.local ${DESTDIR}${EBINDIR}
+divert
 
-install-docs: mail.local.${MAN8SRC}
-ifdef(`confNO_MAN_INSTALL', `dnl',
-`	${INSTALL} -c -o ${MANOWN} -g ${MANGRP} -m ${MANMODE} mail.local.${MAN8SRC} ${MAN8}/mail.local.${MAN8EXT}')
+bldFINISH
 
-clean:
-	rm -f ${OBJS} mail.local mail.local.${MAN8SRC}
 
-################  Dependency scripts
-include(confBUILDTOOLSDIR/M4/depend/ifdef(`confDEPEND_TYPE', `confDEPEND_TYPE', 
-`generic').m4)dnl
-################  End of dependency scripts
diff --git a/contrib/sendmail/mail.local/README b/contrib/sendmail/mail.local/README
index 5da44bbf..56dac40 100644
--- a/contrib/sendmail/mail.local/README
+++ b/contrib/sendmail/mail.local/README
@@ -1,12 +1,39 @@
-#       @(#)README	8.1 (Berkeley) 2/17/1998
-
 This directory contains the source files for mail.local.
 
 This is not intended to be used on *stock* System V derived systems such as
 Solaris or HP-UX, since they use a totally different approach to mailboxes
 (essentially, they have a setgid program rather than setuid, and they rely
-on the ability to "give away"  files to do their work). 
+on the ability to "give away"  files to do their work).
 
 If you choose to run *this* mail.local on these systems then you may also
 need to replace the existing MUAs, as well as IMAP and POP servers, with
 ones that are compatible with the BSD interface.  You have been warned!
+
+For systems with maillock() support, compile with -DMAILLOCK and link with
+-lmail to use the maillock() routines.  This can be accomplished in your
+site.config.m4 file with:
+
+	APPENDDEF(`conf_mail_local_ENVDEF', `-DMAILLOCK')
+	APPENDDEF(`conf_mail_local_LIBS', `-lmail')
+
+Defining CONTENTLENGTH (-DCONTENTLENGTH) will build a mail.local which
+outputs a Content-Length: header.  Solaris 2.3 and later will automatically
+include Content-Length: support.  This can be accomplished in your
+site.config.m4 file with:
+
+	APPENDDEF(`conf_mail_local_ENVDEF', `-DCONTENTLENGTH')
+
+Defining MAILGID to a 'gid' (-DMAILGID=6) will cause mailboxes to be
+written group writable and with group 'gid'.  This can be accomplished in
+your site.config.m4 file with:
+
+	APPENDDEF(`conf_mail_local_ENVDEF', `-DMAILGID=6')
+
+mail.local will not be installed setuid root. To use it as local
+delivery agent without LMTP mode, use:
+
+	 MODIFY_MAILER_FLAGS(`LOCAL', `+S')
+
+in the .mc file.
+
+$Revision: 8.8 $, Last updated $Date: 1999/09/10 01:49:41 $
diff --git a/contrib/sendmail/mail.local/mail.local.8 b/contrib/sendmail/mail.local/mail.local.8
index 05f11ed..40f4641 100644
--- a/contrib/sendmail/mail.local/mail.local.8
+++ b/contrib/sendmail/mail.local/mail.local.8
@@ -1,4 +1,5 @@
-.\" Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+.\" Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+.\"	 All rights reserved.
 .\" Copyright (c) 1990, 1993
 .\"	The Regents of the University of California.  All rights reserved.
 .\"
@@ -7,34 +8,46 @@
 .\" the sendmail distribution.
 .\"
 .\"
-.\"	@(#)mail.local.8	8.7 (Berkeley) 5/19/1998
+.\"	$Id: mail.local.8,v 8.14 1999/08/26 15:49:20 ca Exp $
 .\"
-.Dd May 19, 1998
-.Dt MAIL.LOCAL 8
-.Os
-.Sh NAME
-.Nm mail.local
-.Nd store mail in a mailbox
-.Sh SYNOPSIS
-.Nm mail.local
-.Op Fl f Ar from
-.Ar user ...
-.Sh DESCRIPTION
-.Nm Mail.local
+.TH MAIL.LOCAL 8 "$Date: 1999/08/26 15:49:20 $"
+.SH NAME
+.B mail.local
+\- store mail in a mailbox
+.SH SYNOPSIS
+.B mail.local
+.RB [ \-7 "] [" \-d "] [" \-l "] [" \-f 
+.IR from "] " "user ..."
+.SH DESCRIPTION
+.B Mail.local
 reads the standard input up to an end-of-file and appends it to each
-.Ar user's
-.Pa mail
-file.
-The
-.Ar user
+.I user's
+.B mail 
+file.  The
+.I user
 must be a valid user name.
-.Pp
+.PP
 The options are as follows:
-.Bl -tag -width xxxfrom
-.It Fl f Ar from
+.TP 1i
+.B \-7
+Do not advertise 8BITMIME support in LMTP mode.
+.TP 
+.B \-b
+Return a permanent error instead of a temporary error
+if a mailbox exceeds quota.
+.TP 
+.B \-d
+Specify this is a delivery (for backward compatibility).
+.TP 
+.BI \-f " from"
 Specify the sender's name.
-.El
-.Pp
+.TP
+.B \-l
+Turn on LMTP mode.
+.TP 
+.BI \-r " from"
+Specify the sender's name (for backward compatibility).
+.PP
 Individual mail messages in the mailbox are delimited by an empty
 line followed by a line beginning with the string ``From ''.
 A line containing the string ``From '', the sender's name and a time stamp
@@ -45,48 +58,49 @@ which could be mistaken for a ``From '' delimiter line
 (that is,
 a line beginning with the five characters
 ``From '' following a blank line).
-.Pp
+.PP
 The mail files are exclusively locked with 
-.Xr flock 2
-while mail is appended,
+flock(2) 
+while mail is appended, 
 and a
-.Pa user.lock
-file also is created while the mailbox is locked
+.B user.lock
+file also is created while the mailbox is locked 
 for compatibility with older MUAs.
-.Pp
-If the ``biff'' service is returned by
-.Xr getservbyname 3 ,
+.PP
+If the ``biff'' service is returned by 
+getservbyname(3), 
 the biff server is notified of delivered mail.
-.Pp
+.PP
 The
-.Nm mail.local
+.B mail.local
 utility exits 0 on success, and >0 if an error occurs.
-.Sh ENVIRONMENT
-.Bl -tag -width indent
-.It Ev TZ
+.SH ENVIRONMENT
+.IP TZ
 Used to set the appropriate time zone on the timestamp.
-.El
-.Sh FILES
-.Bl -tag -width /tmp/local.XXXXXX -compact
-.It Pa /tmp/local.XXXXXX
+.SH FILES
+.PD 0.2v
+.TP 2.2i
+/tmp/local.XXXXXX
 temporary files
-.It Pa /var/mail/user
+.TP
+/var/mail/user
 user's mailbox directory
-.It Pa /var/mail/user.lock
+.TP 
+/var/mail/user.lock
 lock file for a user's mailbox
-.El
-.Sh SEE ALSO
-.Xr mail 1 ,
-.Xr xsend 1 ,
-.Xr flock 2 ,
-.Xr getservbyname 3 ,
-.Xr comsat 8 ,
-.Xr sendmail 8
-.Sh HISTORY
+.PD
+.SH SEE ALSO
+mail(1), 
+xsend(1), 
+flock(2), 
+getservbyname(3), 
+comsat(8), 
+sendmail(8)
+.SH HISTORY
 A superset of
-.Nm mail.local
+.B mail.local
 (handling mailbox reading as well as mail delivery)
-appeared in
-.At v7 .
+appeared in 
+Version 7 AT&T UNIX 
 as the program
-.Nm mail .
+.BR mail .
diff --git a/contrib/sendmail/mail.local/mail.local.c b/contrib/sendmail/mail.local/mail.local.c
index abe1a19..1b9562b 100644
--- a/contrib/sendmail/mail.local/mail.local.c
+++ b/contrib/sendmail/mail.local/mail.local.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1990, 1993, 1994
  *	The Regents of the University of California.  All rights reserved.
  *
@@ -11,31 +12,35 @@
 
 #ifndef lint
 static char copyright[] =
-"@(#) Copyright (c) 1990, 1993, 1994\n\
+"@(#) Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.\n\
+	All rights reserved.\n\
+     Copyright (c) 1990, 1993, 1994\n\
 	The Regents of the University of California.  All rights reserved.\n";
-#endif /* not lint */
+#endif /* ! lint */
 
 #ifndef lint
-static char sccsid[] = "@(#)mail.local.c	8.83 (Berkeley) 12/17/1998";
-#endif /* not lint */
+static char id[] = "@(#)$Id: mail.local.c,v 8.143.4.13 2000/07/18 05:41:38 gshapiro Exp $";
+#endif /* ! lint */
 
 /*
- * This is not intended to work on System V derived systems
- * such as Solaris or HP-UX, since they use a totally different
- * approach to mailboxes (essentially, they have a setgid program
- * rather than setuid, and they rely on the ability to "give away"
- * files to do their work).  IT IS NOT A BUG that this doesn't
- * work on such architectures.
- */
+**  This is not intended to work on System V derived systems
+**  such as Solaris or HP-UX, since they use a totally different
+**  approach to mailboxes (essentially, they have a setgid program
+**  rather than setuid, and they rely on the ability to "give away"
+**  files to do their work).  IT IS NOT A BUG that this doesn't
+**  work on such architectures.
+*/
+
 
+#include <sys/types.h>
 #include <sys/param.h>
 #include <sys/stat.h>
 #include <sys/socket.h>
 #include <sys/file.h>
 
 #include <netinet/in.h>
+#include <arpa/nameser.h>
 
-#include <errno.h>
 #include <fcntl.h>
 #include <netdb.h>
 #include <pwd.h>
@@ -47,73 +52,100 @@ static char sccsid[] = "@(#)mail.local.c	8.83 (Berkeley) 12/17/1998";
 #include <unistd.h>
 #ifdef EX_OK
 # undef EX_OK		/* unistd.h may have another use for this */
-#endif
+#endif /* EX_OK */
 #include <sysexits.h>
 #include <ctype.h>
 
+#ifndef __P
+# include "sendmail/cdefs.h"
+#endif /* ! __P */
+#include "sendmail/useful.h"
+
+extern size_t	strlcpy __P((char *, const char *, size_t));
+extern size_t	strlcat __P((char *, const char *, size_t));
+
+#if defined(BSD4_4) || defined(__osf__) || defined(__GNU_LIBRARY__) || defined(IRIX64) || defined(IRIX5) || defined(IRIX6)
+# ifndef HASSTRERROR
+#  define HASSTRERROR	1
+# endif /* ! HASSTRERROR */
+#endif /* defined(BSD4_4) || defined(__osf__) || defined(__GNU_LIBRARY__) ||
+	  defined(IRIX64) || defined(IRIX5) || defined(IRIX6) */
+
+#include "sendmail/errstring.h"
+
+
+#ifndef LOCKTO_RM
+# define LOCKTO_RM	300	/* timeout for stale lockfile removal */
+#endif /* LOCKTO_RM */
+#ifndef LOCKTO_GLOB
+# define LOCKTO_GLOB	400	/* global timeout for lockfile creation */
+#endif /* LOCKTO_GLOB */
+
 #ifdef __STDC__
-#include <stdarg.h>
-#else
-#include <varargs.h>
-#endif
+# include <stdarg.h>
+# define REALLOC(ptr, size)	realloc(ptr, size)
+#else /* __STDC__ */
+# include <varargs.h>
+/* define a realloc() which works for NULL pointers */
+# define REALLOC(ptr, size)	(((ptr) == NULL) ? malloc(size) : realloc(ptr, size))
+#endif /* __STDC__ */
 
 #if (defined(sun) && defined(__svr4__)) || defined(__SVR4)
 # define USE_LOCKF	1
 # define USE_SETEUID	1
-# define _PATH_MAILDIR	"/var/mail"
-#endif
+#  define _PATH_MAILDIR	"/var/mail"
+#endif /* (defined(sun) && defined(__svr4__)) || defined(__SVR4) */
 
-#if (defined(sun) && !defined(__svr4__)) && !defined(__SVR4)
-# ifdef __dead
-#  undef __dead
-#  define __dead
-# endif
-#endif
+#ifdef NCR_MP_RAS3
+# define USE_LOCKF	1
+# define HASSNPRINTF	1
+#  define _PATH_MAILDIR	"/var/mail"
+#endif /* NCR_MP_RAS3 */
 
 #if defined(_AIX)
 # define USE_LOCKF	1
 # define USE_SETEUID	1
 # define USE_VSYSLOG	0
-#endif
+#endif /* defined(_AIX) */
 
 #if defined(__hpux)
 # define USE_LOCKF	1
 # define USE_SETRESUID	1
 # define USE_VSYSLOG	0
-# ifdef __dead
-#  undef __dead
-#  define __dead
-# endif
-#endif
+#endif /* defined(__hpux) */
+
+#ifdef DGUX
+# define HASSNPRINTF	1
+# define USE_LOCKF	1
+# define USE_VSYSLOG	0
+#endif /* DGUX */
 
 #if defined(_CRAY)
 # if !defined(MAXPATHLEN)
 #  define MAXPATHLEN PATHSIZE
-# endif
+# endif /* !defined(MAXPATHLEN) */
 # define USE_VSYSLOG   0
-# define _PATH_MAILDIR	"/usr/spool/mail"
-#endif
+#  define _PATH_MAILDIR	"/usr/spool/mail"
+#endif /* defined(_CRAY) */
 
 #if defined(ultrix)
 # define USE_VSYSLOG	0
-#endif
+#endif /* defined(ultrix) */
 
 #if defined(__osf__)
 # define USE_VSYSLOG	0
-#endif
+#endif /* defined(__osf__) */
 
 #if defined(NeXT) && !defined(__APPLE__)
 # include <libc.h>
-# define _PATH_MAILDIR	"/usr/spool/mail"
-# define __dead		/* empty */
+#  define _PATH_MAILDIR	"/usr/spool/mail"
 # define S_IRUSR	S_IREAD
 # define S_IWUSR	S_IWRITE
-#endif
+#endif /* defined(NeXT) && !defined(__APPLE__) */
 
 #if defined(IRIX64) || defined(IRIX5) || defined(IRIX6)
-# include <paths.h>
-# define HASSTRERROR	1	/* has strerror(3) */
-#endif
+#  include <paths.h>
+#endif /* defined(IRIX64) || defined(IRIX5) || defined(IRIX6) */
 
 /*
  * If you don't have flock, you could try using lockf instead.
@@ -121,118 +153,124 @@ static char sccsid[] = "@(#)mail.local.c	8.83 (Berkeley) 12/17/1998";
 
 #ifdef USE_LOCKF
 # define flock(a, b)	lockf(a, b, 0)
+# ifdef LOCK_EX
+#  undef LOCK_EX
+# endif /* LOCK_EX */
 # define LOCK_EX	F_LOCK
-#endif
+#endif /* USE_LOCKF */
 
 #ifndef USE_VSYSLOG
 # define USE_VSYSLOG	1
-#endif
+#endif /* ! USE_VSYSLOG */
 
 #ifndef LOCK_EX
 # include <sys/file.h>
-#endif
+#endif /* ! LOCK_EX */
 
 #if defined(BSD4_4) || defined(__GLIBC__)
-# include "pathnames.h"
-#endif
-
-#ifndef __P
-# ifdef __STDC__
-#  define __P(protos)	protos
-# else
-#  define __P(protos)	()
-#  define const
-# endif
-#endif
-#ifndef __dead
-# if defined(__GNUC__) && (__GNUC__ < 2 || __GNUC_MINOR__ < 5) && !defined(__STRICT_ANSI__)
-#  define __dead	__volatile
-# else
-#  define __dead
-# endif
-#endif
+#  include <paths.h>
+# define _PATH_LOCTMP	"/tmp/local.XXXXXX"
+#endif /* defined(BSD4_4) || defined(__GLIBC__) */
 
 #ifdef BSD4_4
 # define HAS_ST_GEN	1
-#else
+#else /* BSD4_4 */
 # ifndef _BSD_VA_LIST_
 #  define _BSD_VA_LIST_	va_list
-# endif
-#endif
+# endif /* ! _BSD_VA_LIST_ */
+#endif /* BSD4_4 */
 
 #if defined(BSD4_4) || defined(linux)
 # define HASSNPRINTF	1
-#else
+#else /* defined(BSD4_4) || defined(linux) */
 # ifndef ultrix
 extern FILE	*fdopen __P((int, const char *));
-# endif
-#endif
+# endif /* ! ultrix */
+#endif /* defined(BSD4_4) || defined(linux) */
+
+#if SOLARIS >= 20300 || (SOLARIS < 10000 && SOLARIS >= 203)
+# define CONTENTLENGTH	1	/* Needs the Content-Length header */
+#endif /* SOLARIS >= 20300 || (SOLARIS < 10000 && SOLARIS >= 203) */
 
 #if SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206)
 # define HASSNPRINTF	1		/* has snprintf starting in 2.6 */
-#endif
+#endif /* SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206) */
+
+#ifdef HPUX11
+# define HASSNPRINTF	1		/* has snprintf starting in 2.6 */
+#endif /* HPUX11 */
+
+#if _AIX4 >= 40300
+# define HASSNPRINTF	1		/* has snprintf starting in 4.3 */
+#endif /* _AIX4 >= 40300 */
 
 #if !HASSNPRINTF
 extern int	snprintf __P((char *, size_t, const char *, ...));
 # ifndef _CRAY
 extern int	vsnprintf __P((char *, size_t, const char *, ...));
-# endif
-#endif
-
-#if defined(BSD4_4) || defined(__osf__) || defined(__GNU_LIBRARY__)
-# ifndef HASSTRERROR
-#  define HASSTRERROR	1
-# endif
-#endif
-
-#if !HASSTRERROR
-extern char	*strerror __P((int));
-#endif
+# endif /* ! _CRAY */
+#endif /* !HASSNPRINTF */
 
 /*
- * If you don't have setreuid, and you have saved uids, and you have
- * a seteuid() call that doesn't try to emulate using setuid(), then
- * you can try defining USE_SETEUID.
- */
+**  If you don't have setreuid, and you have saved uids, and you have
+**  a seteuid() call that doesn't try to emulate using setuid(), then
+**  you can try defining USE_SETEUID.
+*/
 #ifdef USE_SETEUID
 # define setreuid(r, e)		seteuid(e)
-#endif
+#endif /* USE_SETEUID */
 
 /*
- * And of course on hpux you have setresuid()
- */
+**  And of course on hpux you have setresuid()
+*/
 #ifdef USE_SETRESUID
 # define setreuid(r, e)		setresuid(-1, e, -1)
-#endif
+#endif /* USE_SETRESUID */
 
 #ifndef _PATH_LOCTMP
 # define _PATH_LOCTMP	"/tmp/local.XXXXXX"
-#endif
-#ifndef _PATH_MAILDIR
-# define _PATH_MAILDIR	"/var/spool/mail"
-#endif
+#endif /* ! _PATH_LOCTMP */
+# ifndef _PATH_MAILDIR
+#  define _PATH_MAILDIR	"/var/spool/mail"
+# endif /* ! _PATH_MAILDIR */
 
 #ifndef S_ISREG
 # define S_ISREG(mode)	(((mode) & _S_IFMT) == S_IFREG)
-#endif
+#endif /* ! S_ISREG */
+
+#ifdef MAILLOCK
+# include <maillock.h>
+#endif /* MAILLOCK */
+
+#ifndef INADDRSZ
+# define INADDRSZ	4		/* size of an IPv4 address in bytes */
+#endif /* ! INADDRSZ */
 
 #ifndef MAILER_DAEMON
 # define MAILER_DAEMON	"MAILER-DAEMON"
-#endif
-
-int	eval = EX_OK;			/* sysexits.h error value. */
-int	lmtpmode = 0;
-u_char	tTdvect[100];
-
-void		deliver __P((int, char *));
-void		e_to_sys __P((int));
-void		notifybiff __P((char *));
-int		store __P((char *, int));
-void		usage __P((void));
-void		vwarn __P((const char *, _BSD_VA_LIST_));
-void		lockmbox __P((char *));
-void		unlockmbox __P((void));
-void		mailerr __P((const char *, const char *, ...));
+#endif /* ! MAILER_DAEMON */
+
+#ifdef CONTENTLENGTH
+char	ContentHdr[40] = "Content-Length: ";
+off_t	HeaderLength;
+off_t	BodyLength;
+#endif /* CONTENTLENGTH */
+
+bool	EightBitMime = TRUE;		/* advertise 8BITMIME in LMTP */
+int	ExitVal = EX_OK;		/* sysexits.h error value. */
+bool	LMTPMode = FALSE;
+bool	bouncequota = FALSE;		/* permanent error when over quota */
+
+void	deliver __P((int, char *, bool));
+int	e_to_sys __P((int));
+void	notifybiff __P((char *));
+int	store __P((char *, int));
+void	usage __P((void));
+void	vwarn __P((const char *, _BSD_VA_LIST_));
+int	lockmbox __P((char *));
+void	unlockmbox __P((void));
+void	mailerr __P((const char *, const char *, ...));
+
 
 int
 main(argc, argv)
@@ -245,7 +283,8 @@ main(argc, argv)
 	char *from;
 	extern char *optarg;
 	extern int optind;
-	extern void dolmtp __P((void));
+	extern void dolmtp __P((bool));
+
 
 	/* make sure we have some open file descriptors */
 	for (fd = 10; fd < 30; fd++)
@@ -254,71 +293,94 @@ main(argc, argv)
 	/* use a reasonable umask */
 	(void) umask(0077);
 
-#ifdef LOG_MAIL
+# ifdef LOG_MAIL
 	openlog("mail.local", 0, LOG_MAIL);
-#else
+# else /* LOG_MAIL */
 	openlog("mail.local", 0);
-#endif
+# endif /* LOG_MAIL */
 
 	from = NULL;
-	while ((ch = getopt(argc, argv, "df:r:l")) != EOF)
-		switch(ch) {
-		case 'd':		/* Backward compatible. */
+	while ((ch = getopt(argc, argv, "7bdf:r:l")) != -1)
+	{
+		switch(ch)
+		{
+		  case '7':		/* Do not advertise 8BITMIME */
+			EightBitMime = FALSE;
+			break;
+
+		  case 'b':		/* bounce mail when over quota. */
+			bouncequota = TRUE;
+			break;
+
+		  case 'd':		/* Backward compatible. */
 			break;
-		case 'f':
-		case 'r':		/* Backward compatible. */
-			if (from != NULL) {
+
+		  case 'f':
+		  case 'r':		/* Backward compatible. */
+			if (from != NULL)
+			{
 				mailerr(NULL, "multiple -f options");
 				usage();
 			}
 			from = optarg;
 			break;
-		case 'l':
-			lmtpmode++;
+
+		  case 'l':
+			LMTPMode = TRUE;
 			break;
-		case '?':
-		default:
+
+		  case '?':
+		  default:
 			usage();
 		}
+	}
 	argc -= optind;
 	argv += optind;
 
-	if (lmtpmode)
-		dolmtp();
+	/* initialize biff structures */
+	notifybiff(NULL);
+
+	if (LMTPMode)
+		dolmtp(bouncequota);
 
-	if (!*argv)
+	if (*argv == '\0')
 		usage();
 
 	/*
-	 * If from not specified, use the name from getlogin() if the
-	 * uid matches, otherwise, use the name from the password file
-	 * corresponding to the uid.
-	 */
+	**  If from not specified, use the name from getlogin() if the
+	**  uid matches, otherwise, use the name from the password file
+	**  corresponding to the uid.
+	*/
 	uid = getuid();
-	if (!from && (!(from = getlogin()) ||
-	    !(pw = getpwnam(from)) || pw->pw_uid != uid))
-		from = (pw = getpwuid(uid)) ? pw->pw_name : "???";
+
+	if (from == NULL && ((from = getlogin()) == NULL ||
+			     (pw = getpwnam(from)) == NULL ||
+			     pw->pw_uid != uid))
+		from = (pw = getpwuid(uid)) != NULL ? pw->pw_name : "???";
 
 	/*
-	 * There is no way to distinguish the error status of one delivery
-	 * from the rest of the deliveries.  So, if we failed hard on one
-	 * or more deliveries, but had no failures on any of the others, we
-	 * return a hard failure.  If we failed temporarily on one or more
-	 * deliveries, we return a temporary failure regardless of the other
-	 * failures.  This results in the delivery being reattempted later
-	 * at the expense of repeated failures and multiple deliveries.
-	 */
+	**  There is no way to distinguish the error status of one delivery
+	**  from the rest of the deliveries.  So, if we failed hard on one
+	**  or more deliveries, but had no failures on any of the others, we
+	**  return a hard failure.  If we failed temporarily on one or more
+	**  deliveries, we return a temporary failure regardless of the other
+	**  failures.  This results in the delivery being reattempted later
+	**  at the expense of repeated failures and multiple deliveries.
+	*/
 	for (fd = store(from, 0); *argv; ++argv)
-		deliver(fd, *argv);
-	exit(eval);
+		deliver(fd, *argv, bouncequota);
+	exit(ExitVal);
+	/* NOTREACHED */
+	return ExitVal;
 }
 
 char *
-parseaddr(s)
+parseaddr(s, rcpt)
 	char *s;
+	bool rcpt;
 {
 	char *p;
-	int len;
+	int l;
 
 	if (*s++ != '<')
 		return NULL;
@@ -326,94 +388,79 @@ parseaddr(s)
 	p = s;
 
 	/* at-domain-list */
-	while (*p == '@') {
+	while (*p == '@')
+	{
 		p++;
-		if (*p == '[') {
-			p++;
-			while (isascii(*p) &&
-			       (isalnum(*p) || *p == '.' ||
-				*p == '-' || *p == ':'))
-				p++;
-			if (*p++ != ']')
-				return NULL;
-		} else {
-			while ((isascii(*p) && isalnum(*p)) ||
-			       strchr(".-_", *p))
-				p++;
-		}
-		if (*p == ',' && p[1] == '@')
+		while (*p != ',' && *p != ':' && *p != '\0')
 			p++;
-		else if (*p == ':' && p[1] != '@')
-			p++;
-		else
+		if (*p == '\0')
 			return NULL;
+
+		/* Skip over , or : */
+		p++;
 	}
 
 	s = p;
 
 	/* local-part */
-	if (*p == '\"') {
-		p++;
-		while (*p && *p != '\"') {
-			if (*p == '\\') {
-				if (!*++p)
-					return NULL;
-			}
-			p++;
-		}
-		if (!*p++)
-			return NULL;
-	} else {
-		while (*p && *p != '@' && *p != '>') {
-			if (*p == '\\') {
-				if (!*++p)
-					return NULL;
-			} else {
-			if (*p <= ' ' || (*p & 128) ||
-			    strchr("<>()[]\\,;:\"", *p))
+	while (*p != '\0' && *p != '@' && *p != '>')
+	{
+		if (*p == '\\')
+		{
+			if (*++p == '\0')
 				return NULL;
-			}
+		}
+		else if (*p == '\"')
+		{
 			p++;
+			while (*p != '\0' && *p != '\"')
+			{
+				if (*p == '\\')
+				{
+					if (*++p == '\0')
+						return NULL;
+				}
+				p++;
+			}
+			if (*p == '\0' || *(p + 1) == '\0')
+				return NULL;
 		}
+		/* +detail ? */
+		if (*p == '+' && rcpt)
+			*p = '\0';
+		p++;
 	}
 
 	/* @domain */
-	if (*p == '@') {
-		p++;
-		if (*p == '[') {
+	if (*p == '@')
+	{
+		if (rcpt)
+			*p++ = '\0';
+		while (*p != '\0' && *p != '>')
 			p++;
-			while (isascii(*p) &&
-			       (isalnum(*p) || *p == '.' ||
-				*p == '-' || *p == ':'))
-				p++;
-			if (*p++ != ']')
-				return NULL;
-		} else {
-			while ((isascii(*p) && isalnum(*p)) ||
-			       strchr(".-_", *p))
-				p++;
-		}
 	}
 
-	if (*p++ != '>')
+	if (*p != '>')
 		return NULL;
-	if (*p && *p != ' ')
+	else
+		*p = '\0';
+	p++;
+
+	if (*p != '\0' && *p != ' ')
 		return NULL;
-	len = p - s - 1;
-	if (*s == '\0' || len <= 0)
-	{
+
+	if (*s == '\0')
 		s = MAILER_DAEMON;
-		len = strlen(s);
-	}
 
-	p = malloc(len + 1);
-	if (p == NULL) {
+	l = strlen(s) + 1;
+	p = malloc(l);
+	if (p == NULL)
+	{
 		printf("421 4.3.0 memory exhausted\r\n");
 		exit(EX_TEMPFAIL);
 	}
 
-	strncpy(p, s, len);
-	p[len] = '\0';
+	(void) strlcpy(p, s, l);
 	return p;
 }
 
@@ -421,50 +468,51 @@ char *
 process_recipient(addr)
 	char *addr;
 {
-	if (getpwnam(addr) == NULL) {
+	if (getpwnam(addr) == NULL)
 		return "550 5.1.1 user unknown";
-	}
-
 	return NULL;
 }
 
-
 #define RCPT_GROW	30
 
 void
-dolmtp()
+dolmtp(bouncequota)
+	bool bouncequota;
 {
 	char *return_path = NULL;
 	char **rcpt_addr = NULL;
 	int rcpt_num = 0;
 	int rcpt_alloc = 0;
-	char myhostname[1024];
-	char buf[4096];
+	bool gotlhlo = FALSE;
 	char *err;
 	int msgfd;
 	char *p;
 	int i;
+	char myhostname[1024];
+	char buf[4096];
 
-	gethostname(myhostname, sizeof myhostname - 1);
+	(void) gethostname(myhostname, sizeof myhostname - 1);
 
 	printf("220 %s LMTP ready\r\n", myhostname);
-	for (;;) {
-		fflush(stdout);
-		if (fgets(buf, sizeof(buf)-1, stdin) == NULL) {
+	for (;;)
+	{
+		(void) fflush(stdout);
+		if (fgets(buf, sizeof(buf) - 1, stdin) == NULL)
 			exit(EX_OK);
-		}
 		p = buf + strlen(buf) - 1;
 		if (p >= buf && *p == '\n')
 			*p-- = '\0';
 		if (p >= buf && *p == '\r')
 			*p-- = '\0';
 
-		switch (buf[0]) {
-
-		case 'd':
-		case 'D':
-			if (strcasecmp(buf, "data") == 0) {
-				if (rcpt_num == 0) {
+		switch (buf[0])
+		{
+		  case 'd':
+		  case 'D':
+			if (strcasecmp(buf, "data") == 0)
+			{
+				if (rcpt_num == 0)
+				{
 					printf("503 5.5.1 No recipients\r\n");
 					continue;
 				}
@@ -472,35 +520,56 @@ dolmtp()
 				if (msgfd == -1)
 					continue;
 
-				for (i = 0; i < rcpt_num; i++) {
+				for (i = 0; i < rcpt_num; i++)
+				{
 					p = strchr(rcpt_addr[i], '+');
 					if (p != NULL)
 						*p++ = '\0';
-					deliver(msgfd, rcpt_addr[i]);
+					deliver(msgfd, rcpt_addr[i], bouncequota);
 				}
-				close(msgfd);
+				(void) close(msgfd);
 				goto rset;
 			}
 			goto syntaxerr;
+			/* NOTREACHED */
+			break;
 
-		case 'l':
-		case 'L':
-			if (strncasecmp(buf, "lhlo ", 5) == 0) {
-				printf("250-%s\r\n250-8BITMIME\r\n250-ENHANCEDSTATUSCODES\r\n250 PIPELINING\r\n",
-					   myhostname);
+		  case 'l':
+		  case 'L':
+			if (strncasecmp(buf, "lhlo ", 5) == 0)
+			{
+				/* check for duplicate per RFC 1651 4.2 */
+				if (gotlhlo)
+				{
+					printf("503 %s Duplicate LHLO\r\n",
+					       myhostname);
+					continue;
+				}
+				gotlhlo = TRUE;
+				printf("250-%s\r\n", myhostname);
+				if (EightBitMime)
+					printf("250-8BITMIME\r\n");
+				printf("250-ENHANCEDSTATUSCODES\r\n");
+				printf("250 PIPELINING\r\n");
 				continue;
 			}
 			goto syntaxerr;
+			/* NOTREACHED */
+			break;
 
-		case 'm':
-		case 'M':
-			if (strncasecmp(buf, "mail ", 5) == 0) {
-				if (return_path != NULL) {
+		  case 'm':
+		  case 'M':
+			if (strncasecmp(buf, "mail ", 5) == 0)
+			{
+				if (return_path != NULL)
+				{
 					printf("503 5.5.1 Nested MAIL command\r\n");
 					continue;
 				}
 				if (strncasecmp(buf+5, "from:", 5) != 0 ||
-				    ((return_path = parseaddr(buf+10)) == NULL)) {
+				    ((return_path = parseaddr(buf + 10,
+							      FALSE)) == NULL))
+				{
 					printf("501 5.5.4 Syntax error in parameters\r\n");
 					continue;
 				}
@@ -508,46 +577,62 @@ dolmtp()
 				continue;
 			}
 			goto syntaxerr;
+			/* NOTREACHED */
+			break;
 
-		case 'n':
-		case 'N':
-			if (strcasecmp(buf, "noop") == 0) {
+		  case 'n':
+		  case 'N':
+			if (strcasecmp(buf, "noop") == 0)
+			{
 				printf("250 2.0.0 ok\r\n");
 				continue;
 			}
 			goto syntaxerr;
+			/* NOTREACHED */
+			break;
 
-		case 'q':
-		case 'Q':
-			if (strcasecmp(buf, "quit") == 0) {
+		  case 'q':
+		  case 'Q':
+			if (strcasecmp(buf, "quit") == 0)
+			{
 				printf("221 2.0.0 bye\r\n");
 				exit(EX_OK);
 			}
 			goto syntaxerr;
+			/* NOTREACHED */
+			break;
 
-		case 'r':
-		case 'R':
-			if (strncasecmp(buf, "rcpt ", 5) == 0) {
-				if (return_path == NULL) {
+		  case 'r':
+		  case 'R':
+			if (strncasecmp(buf, "rcpt ", 5) == 0)
+			{
+				if (return_path == NULL)
+				{
 					printf("503 5.5.1 Need MAIL command\r\n");
 					continue;
 				}
-				if (rcpt_num >= rcpt_alloc) {
+				if (rcpt_num >= rcpt_alloc)
+				{
 					rcpt_alloc += RCPT_GROW;
 					rcpt_addr = (char **)
-						realloc((char *)rcpt_addr,
-							rcpt_alloc * sizeof(char **));
-					if (rcpt_addr == NULL) {
+						REALLOC((char *)rcpt_addr,
+							rcpt_alloc *
+							sizeof(char **));
+					if (rcpt_addr == NULL)
+					{
 						printf("421 4.3.0 memory exhausted\r\n");
 						exit(EX_TEMPFAIL);
 					}
 				}
-				if (strncasecmp(buf+5, "to:", 3) != 0 ||
-				    ((rcpt_addr[rcpt_num] = parseaddr(buf+8)) == NULL)) {
+				if (strncasecmp(buf + 5, "to:", 3) != 0 ||
+				    ((rcpt_addr[rcpt_num] = parseaddr(buf + 8,
+								      TRUE)) == NULL))
+				{
 					printf("501 5.5.4 Syntax error in parameters\r\n");
 					continue;
 				}
-				if ((err = process_recipient(rcpt_addr[rcpt_num])) != NULL) {
+				if ((err = process_recipient(rcpt_addr[rcpt_num])) != NULL)
+				{
 					printf("%s\r\n", err);
 					continue;
 				}
@@ -555,32 +640,39 @@ dolmtp()
 				printf("250 2.1.5 ok\r\n");
 				continue;
 			}
-			else if (strcasecmp(buf, "rset") == 0) {
+			else if (strcasecmp(buf, "rset") == 0)
+			{
 				printf("250 2.0.0 ok\r\n");
 
-  rset:
-				while (rcpt_num) {
+rset:
+				while (rcpt_num)
 					free(rcpt_addr[--rcpt_num]);
-				}
 				if (return_path != NULL)
 					free(return_path);
 				return_path = NULL;
 				continue;
 			}
 			goto syntaxerr;
+			/* NOTREACHED */
+			break;
 
-		case 'v':
-		case 'V':
-			if (strncasecmp(buf, "vrfy ", 5) == 0) {
+		  case 'v':
+		  case 'V':
+			if (strncasecmp(buf, "vrfy ", 5) == 0)
+			{
 				printf("252 2.3.3 try RCPT to attempt delivery\r\n");
 				continue;
 			}
 			goto syntaxerr;
+			/* NOTREACHED */
+			break;
 
-		default:
+		  default:
   syntaxerr:
 			printf("500 5.5.2 Syntax error\r\n");
 			continue;
+			/* NOTREACHED */
+			break;
 		}
 	}
 }
@@ -592,134 +684,258 @@ store(from, lmtprcpts)
 {
 	FILE *fp = NULL;
 	time_t tval;
-	int fd, eline;
+	bool eline;
+	bool fullline = TRUE;	/* current line is terminated */
+	bool prevfl;		/* previous line was terminated */
 	char line[2048];
+	int fd;
 	char tmpbuf[sizeof _PATH_LOCTMP + 1];
 
-	strcpy(tmpbuf, _PATH_LOCTMP);
-	if ((fd = mkstemp(tmpbuf)) == -1 || (fp = fdopen(fd, "w+")) == NULL) {
-		if (lmtprcpts) {
+	(void) umask(0077);
+	(void) strlcpy(tmpbuf, _PATH_LOCTMP, sizeof tmpbuf);
+	if ((fd = mkstemp(tmpbuf)) == -1 || (fp = fdopen(fd, "w+")) == NULL)
+	{
+		if (lmtprcpts)
+		{
 			printf("451 4.3.0 unable to open temporary file\r\n");
 			return -1;
-		} else {
+		}
+		else
+		{
 			mailerr("451 4.3.0", "unable to open temporary file");
-			exit(eval);
+			exit(ExitVal);
 		}
 	}
-	(void)unlink(tmpbuf);
+	(void) unlink(tmpbuf);
 
-	if (lmtpmode) {
+	if (LMTPMode)
+	{
 		printf("354 go ahead\r\n");
-		fflush(stdout);
+		(void) fflush(stdout);
 	}
 
-	(void)time(&tval);
-	(void)fprintf(fp, "From %s %s", from, ctime(&tval));
+	(void) time(&tval);
+	(void) fprintf(fp, "From %s %s", from, ctime(&tval));
+
+#ifdef CONTENTLENGTH
+	HeaderLength = 0;
+	BodyLength = -1;
+#endif /* CONTENTLENGTH */
 
 	line[0] = '\0';
-	for (eline = 1; fgets(line, sizeof(line), stdin);) {
-		size_t line_len = strlen(line);
+	eline = TRUE;
+	while (fgets(line, sizeof(line), stdin) != (char *)NULL)
+	{
+		size_t line_len = 0;
+		int peek;
 
-		if (line_len >= 2 &&
-		    line[line_len - 2] == '\r' &&
-		    line[line_len - 1] == '\n') {
-			strcpy(line + line_len - 2, "\n");
-		}
-		if (lmtprcpts && line[0] == '.') {
-			char *src = line + 1, *dest = line;
+		prevfl = fullline;	/* preserve state of previous line */
+		while (line[line_len] != '\n' && line_len < sizeof(line) - 2)
+			line_len++;
+		line_len++;
 
-			if (line[1] == '\n')
+		/* Check for dot-stuffing */
+		if (prevfl && lmtprcpts && line[0] == '.')
+		{
+			if (line[1] == '\n' ||
+			    (line[1] == '\r' && line[2] == '\n'))
 				goto lmtpdot;
-			while (*src != '\0')
-				*dest++ = *src++;
-			*dest = '\0';
+			memcpy(line, line + 1, line_len);
+			line_len--;
+		}
+
+		/* Check to see if we have the full line from fgets() */
+		fullline = FALSE;
+		if (line_len > 0)
+		{
+			if (line[line_len - 1] == '\n')
+			{
+				if (line_len >= 2 &&
+				    line[line_len - 2] == '\r')
+				{
+					line[line_len - 2] = '\n';
+					line[line_len - 1] = '\0';
+					line_len--;
+				}
+				fullline = TRUE;
+			}
+			else if (line[line_len - 1] == '\r')
+			{
+				/* Did we just miss the CRLF? */
+				peek = fgetc(stdin);
+				if (peek == '\n')
+				{
+					line[line_len - 1] = '\n';
+					fullline = TRUE;
+				}
+				else
+					(void) ungetc(peek, stdin);
+			}
+		}
+		else
+			fullline = TRUE;
+
+#ifdef CONTENTLENGTH
+		if (prevfl && line[0] == '\n' && HeaderLength == 0)
+		{
+			eline = FALSE;
+			HeaderLength = ftell(fp);
+			if (HeaderLength <= 0)
+			{
+				/*
+				**  shouldn't happen, unless ftell() is
+				**  badly broken
+				*/
+
+				HeaderLength = -1;
+			}
 		}
-		if (line[0] == '\n')
-			eline = 1;
-		else {
+#else /* CONTENTLENGTH */
+		if (prevfl && line[0] == '\n')
+			eline = TRUE;
+#endif /* CONTENTLENGTH */
+		else
+		{
 			if (eline && line[0] == 'F' &&
 			    !memcmp(line, "From ", 5))
 				(void)putc('>', fp);
-			eline = 0;
+			eline = FALSE;
+#ifdef CONTENTLENGTH
+			/* discard existing "Content-Length:" headers */
+			if (prevfl && HeaderLength == 0 &&
+			    (line[0] == 'C' || line[0] == 'c') &&
+			    strncasecmp(line, ContentHdr, 15) == 0)
+			{
+				/*
+				**  be paranoid: clear the line
+				**  so no "wrong matches" may occur later
+				*/
+				line[0] = '\0';
+				continue;
+			}
+#endif /* CONTENTLENGTH */
+
 		}
-		(void)fprintf(fp, "%s", line);
-		if (ferror(fp)) {
-			if (lmtprcpts) {
-				while (lmtprcpts--) {
+		(void) fwrite(line, sizeof(char), line_len, fp);
+		if (ferror(fp))
+		{
+			if (lmtprcpts)
+			{
+				while (lmtprcpts--)
 					printf("451 4.3.0 temporary file write error\r\n");
-				}
-				fclose(fp);
+				(void) fclose(fp);
 				return -1;
-			} else {
+			}
+			else
+			{
 				mailerr("451 4.3.0",
 					"temporary file write error");
-				fclose(fp);
-				exit(eval);
+				(void) fclose(fp);
+				exit(ExitVal);
 			}
 		}
 	}
 
-	if (lmtprcpts) {
+	if (lmtprcpts)
+	{
 		/* Got a premature EOF -- toss message and exit */
 		exit(EX_OK);
 	}
 
 	/* If message not newline terminated, need an extra. */
 	if (strchr(line, '\n') == NULL)
-		(void)putc('\n', fp);
+		(void) putc('\n', fp);
 
   lmtpdot:
 
+#ifdef CONTENTLENGTH
+	BodyLength = ftell(fp);
+	if (HeaderLength == 0 && BodyLength > 0)	/* empty body */
+	{
+		HeaderLength = BodyLength;
+		BodyLength = 0;
+	}
+	else
+		BodyLength = BodyLength - HeaderLength - 1 ;
+
+	if (HeaderLength > 0 && BodyLength >= 0)
+	{
+		extern char *quad_to_string();
+
+		if (sizeof BodyLength > sizeof(long))
+			snprintf(line, sizeof line, "%s\n",
+				 quad_to_string(BodyLength));
+		else
+			snprintf(line, sizeof line, "%ld\n", (long) BodyLength);
+		strlcpy(&ContentHdr[16], line, sizeof(ContentHdr) - 16);
+	}
+	else
+		BodyLength = -1;	/* Something is wrong here */
+#endif /* CONTENTLENGTH */
+
 	/* Output a newline; note, empty messages are allowed. */
-	(void)putc('\n', fp);
+	(void) putc('\n', fp);
 
-	if (fflush(fp) == EOF || ferror(fp)) {
-		if (lmtprcpts) {
-			while (lmtprcpts--) {
+	if (fflush(fp) == EOF || ferror(fp) != 0)
+	{
+		if (lmtprcpts)
+		{
+			while (lmtprcpts--)
 				printf("451 4.3.0 temporary file write error\r\n");
-			}
-			fclose(fp);
+			(void) fclose(fp);
 			return -1;
-		} else {
+		}
+		else
+		{
 			mailerr("451 4.3.0", "temporary file write error");
-			fclose(fp);
-			exit(eval);
+			(void) fclose(fp);
+			exit(ExitVal);
 		}
 	}
-	return (fd);
+	return fd;
 }
 
 void
-deliver(fd, name)
+deliver(fd, name, bouncequota)
 	int fd;
 	char *name;
+	bool bouncequota;
 {
-	struct stat fsb, sb;
+	struct stat fsb;
+	struct stat sb;
 	struct passwd *pw;
-	int mbfd, nr, nw, off;
+	char path[MAXPATHLEN];
+	int mbfd, nr = 0, nw, off;
 	char *p;
-	char biffmsg[100], buf[8*1024], path[MAXPATHLEN];
 	off_t curoff;
+#ifdef CONTENTLENGTH
+	off_t headerbytes;
+	int readamount;
+#endif /* CONTENTLENGTH */
+	char biffmsg[100], buf[8*1024];
 	extern char *quad_to_string();
 
+
 	/*
-	 * Disallow delivery to unknown names -- special mailboxes can be
-	 * handled in the sendmail aliases file.
-	 */
-	if ((pw = getpwnam(name)) == NULL) {
-		if (eval != EX_TEMPFAIL)
-			eval = EX_UNAVAILABLE;
-		if (lmtpmode) {
-			if (eval == EX_TEMPFAIL) {
+	**  Disallow delivery to unknown names -- special mailboxes can be
+	**  handled in the sendmail aliases file.
+	*/
+	if ((pw = getpwnam(name)) == NULL)
+	{
+		if (ExitVal != EX_TEMPFAIL)
+			ExitVal = EX_UNAVAILABLE;
+		if (LMTPMode)
+		{
+			if (ExitVal == EX_TEMPFAIL)
 				printf("451 4.3.0 cannot lookup name: %s\r\n", name);
-			} else {
+			else
 				printf("550 5.1.1 unknown name: %s\r\n", name);
-			}
 		}
-		else {
+		else
+		{
 			char *errcode = NULL;
 
-			if (eval == EX_TEMPFAIL)
+			if (ExitVal == EX_TEMPFAIL)
 				errcode = "451 4.3.0";
 			else
 				errcode = "550 5.1.1";
@@ -730,12 +946,12 @@ deliver(fd, name)
 	endpwent();
 
 	/*
-	 * Keep name reasonably short to avoid buffer overruns.
-	 *	This isn't necessary on BSD because of the proper
-	 *	definition of snprintf(), but it can cause problems
-	 *	on other systems.
-	 * Also, clear out any bogus characters.
-	 */
+	**  Keep name reasonably short to avoid buffer overruns.
+	**	This isn't necessary on BSD because of the proper
+	**	definition of snprintf(), but it can cause problems
+	**	on other systems.
+	**  Also, clear out any bogus characters.
+	*/
 
 	if (strlen(name) > 40)
 		name[40] = '\0';
@@ -747,85 +963,135 @@ deliver(fd, name)
 			*p = '.';
 	}
 
-	(void)snprintf(path, sizeof(path), "%s/%s", _PATH_MAILDIR, name);
+
+	(void) snprintf(path, sizeof(path), "%s/%s", _PATH_MAILDIR, name);
+
 
 	/*
-	 * If the mailbox is linked or a symlink, fail.  There's an obvious
-	 * race here, that the file was replaced with a symbolic link after
-	 * the lstat returned, but before the open.  We attempt to detect
-	 * this by comparing the original stat information and information
-	 * returned by an fstat of the file descriptor returned by the open.
-	 *
-	 * NB: this is a symptom of a larger problem, that the mail spooling
-	 * directory is writeable by the wrong users.  If that directory is
-	 * writeable, system security is compromised for other reasons, and
-	 * it cannot be fixed here.
-	 *
-	 * If we created the mailbox, set the owner/group.  If that fails,
-	 * just return.  Another process may have already opened it, so we
-	 * can't unlink it.  Historically, binmail set the owner/group at
-	 * each mail delivery.  We no longer do this, assuming that if the
-	 * ownership or permissions were changed there was a reason.
-	 *
-	 * XXX
-	 * open(2) should support flock'ing the file.
-	 */
+	**  If the mailbox is linked or a symlink, fail.  There's an obvious
+	**  race here, that the file was replaced with a symbolic link after
+	**  the lstat returned, but before the open.  We attempt to detect
+	**  this by comparing the original stat information and information
+	**  returned by an fstat of the file descriptor returned by the open.
+	**
+	**  NB: this is a symptom of a larger problem, that the mail spooling
+	**  directory is writeable by the wrong users.  If that directory is
+	**  writeable, system security is compromised for other reasons, and
+	**  it cannot be fixed here.
+	**
+	**  If we created the mailbox, set the owner/group.  If that fails,
+	**  just return.  Another process may have already opened it, so we
+	**  can't unlink it.  Historically, binmail set the owner/group at
+	**  each mail delivery.  We no longer do this, assuming that if the
+	**  ownership or permissions were changed there was a reason.
+	**
+	**  XXX
+	**  open(2) should support flock'ing the file.
+	*/
+
 tryagain:
-	lockmbox(path);
-	if (lstat(path, &sb) < 0) {
-		mbfd = open(path,
-			O_APPEND|O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
+#ifdef MAILLOCK
+	p = name;
+#else /* MAILLOCK */
+	p = path;
+#endif /* MAILLOCK */
+	if ((off = lockmbox(p)) != 0)
+	{
+		if (off == EX_TEMPFAIL || e_to_sys(off) == EX_TEMPFAIL)
+		{
+			ExitVal = EX_TEMPFAIL;
+			mailerr("451 4.3.0",
+				"lockmailbox %s failed; error code %d %s",
+				p, off, errno > 0 ? errstring(errno) : "");
+		}
+		else
+		{
+			mailerr("551 5.3.0",
+				"lockmailbox %s failed; error code %d %s",
+				p, off, errno > 0 ? errstring(errno) : "");
+		}
+		return;
+	}
+
+	if (lstat(path, &sb) < 0)
+	{
+		int save_errno;
+		int mode = S_IRUSR|S_IWUSR;
+		gid_t gid = pw->pw_gid;
+
+#ifdef MAILGID
+		(void) umask(0007);
+		gid = MAILGID;
+		mode |= S_IRGRP|S_IWGRP;
+#endif /* MAILGID */
+
+		mbfd = open(path, O_APPEND|O_CREAT|O_EXCL|O_WRONLY, mode);
+
+		save_errno = errno;
+
 		if (lstat(path, &sb) < 0)
 		{
-			eval = EX_CANTCREAT;
+			ExitVal = EX_CANTCREAT;
 			mailerr("550 5.2.0",
 				"%s: lstat: file changed after open", path);
 			goto err1;
 		}
 		else
 			sb.st_uid = pw->pw_uid;
-		if (mbfd == -1) {
-			if (errno == EEXIST)
+		if (mbfd == -1)
+		{
+			if (save_errno == EEXIST)
 				goto tryagain;
-		} else if (fchown(mbfd, pw->pw_uid, pw->pw_gid)) {
+		}
+		else if (fchown(mbfd, pw->pw_uid, gid) < 0)
+		{
 			mailerr("451 4.3.0", "chown %u.%u: %s",
-				pw->pw_uid, pw->pw_gid, name);
+				pw->pw_uid, gid, name);
 			goto err1;
 		}
-	} else if (sb.st_nlink != 1 || !S_ISREG(sb.st_mode)) {
+	}
+	else if (sb.st_nlink != 1 || !S_ISREG(sb.st_mode))
+	{
 		mailerr("550 5.2.0", "%s: irregular file", path);
 		goto err0;
-	} else if (sb.st_uid != pw->pw_uid) {
-		eval = EX_CANTCREAT;
+	}
+	else if (sb.st_uid != pw->pw_uid)
+	{
+		ExitVal = EX_CANTCREAT;
 		mailerr("550 5.2.0", "%s: wrong ownership (%d)",
-				path, sb.st_uid);
+			path, sb.st_uid);
 		goto err0;
-	} else {
-		mbfd = open(path, O_APPEND|O_WRONLY, 0);
 	}
+	else
+		mbfd = open(path, O_APPEND|O_WRONLY, 0);
 
-	if (mbfd == -1) {
-		mailerr("450 4.2.0", "%s: %s", path, strerror(errno));
+	if (mbfd == -1)
+	{
+		mailerr("450 4.2.0", "%s: %s", path, errstring(errno));
 		goto err0;
-	} else if (fstat(mbfd, &fsb) < 0 ||
-	    fsb.st_nlink != 1 ||
-	    sb.st_nlink != 1 ||
-	    !S_ISREG(fsb.st_mode) ||
-	    sb.st_dev != fsb.st_dev ||
-	    sb.st_ino != fsb.st_ino ||
+	}
+	else if (fstat(mbfd, &fsb) < 0 ||
+		 fsb.st_nlink != 1 ||
+		 sb.st_nlink != 1 ||
+		 !S_ISREG(fsb.st_mode) ||
+		 sb.st_dev != fsb.st_dev ||
+		 sb.st_ino != fsb.st_ino ||
 #if HAS_ST_GEN && 0		/* AFS returns random values for st_gen */
-	    sb.st_gen != fsb.st_gen ||
-#endif
-	    sb.st_uid != fsb.st_uid) {
-		eval = EX_TEMPFAIL;
+		 sb.st_gen != fsb.st_gen ||
+#endif /* HAS_ST_GEN && 0 */
+		 sb.st_uid != fsb.st_uid)
+	{
+		ExitVal = EX_TEMPFAIL;
 		mailerr("550 5.2.0", "%s: fstat: file changed after open",
 			path);
 		goto err1;
 	}
 
+
 	/* Wait until we can get a lock on the file. */
-	if (flock(mbfd, LOCK_EX)) {
-		mailerr("450 4.2.0", "%s: %s", path, strerror(errno));
+	if (flock(mbfd, LOCK_EX) < 0)
+	{
+		mailerr("450 4.2.0", "%s: %s", path, errstring(errno));
 		goto err1;
 	}
 
@@ -836,196 +1102,317 @@ tryagain:
 			       name, quad_to_string(curoff));
 	else
 		(void)snprintf(biffmsg, sizeof(biffmsg), "%s@%ld\n",
-			       name, curoff);
+			       name, (long) curoff);
 
 	/* Copy the message into the file. */
-	if (lseek(fd, (off_t)0, SEEK_SET) == (off_t)-1) {
+	if (lseek(fd, (off_t)0, SEEK_SET) == (off_t)-1)
+	{
 		mailerr("450 4.2.0", "temporary file: %s",
-			strerror(errno));
+			errstring(errno));
 		goto err1;
 	}
-	if (setreuid(0, pw->pw_uid) < 0) {
+	if (setreuid(0, pw->pw_uid) < 0)
+	{
 		mailerr("450 4.2.0", "setreuid(0, %d): %s (r=%d, e=%d)",
-		     pw->pw_uid, strerror(errno), getuid(), geteuid());
+		     pw->pw_uid, errstring(errno), getuid(), geteuid());
 		goto err1;
 	}
 #ifdef DEBUG
-	printf("new euid = %d\n", geteuid());
-#endif
+	fprintf(stderr, "new euid = %d\n", geteuid());
+#endif /* DEBUG */
+#ifdef CONTENTLENGTH
+	headerbytes = (BodyLength >= 0) ? HeaderLength : -1 ;
+	for (;;)
+	{
+		if (headerbytes == 0)
+		{
+			snprintf(buf, sizeof buf, "%s", ContentHdr);
+			nr = strlen(buf);
+			headerbytes = -1;
+			readamount = 0;
+		}
+		else if (headerbytes > sizeof(buf) || headerbytes < 0)
+			readamount = sizeof(buf);
+		else
+			readamount = headerbytes;
+		if (readamount != 0)
+			nr = read(fd, buf, readamount);
+		if (nr <= 0)
+			break;
+		if (headerbytes > 0)
+			headerbytes -= nr ;
+
+#else /* CONTENTLENGTH */
 	while ((nr = read(fd, buf, sizeof(buf))) > 0)
+	{
+#endif /* CONTENTLENGTH */
 		for (off = 0; off < nr; off += nw)
-			if ((nw = write(mbfd, buf + off, nr - off)) < 0) {
+		{
+			if ((nw = write(mbfd, buf + off, nr - off)) < 0)
+			{
+#ifdef EDQUOT
+				if (errno == EDQUOT && bouncequota)
+					mailerr("552 5.2.2", "%s: %s",
+						path, errstring(errno));
+				else
+#endif /* EDQUOT */
 				mailerr("450 4.2.0", "%s: %s",
-					path, strerror(errno));
+					path, errstring(errno));
 				goto err3;
 			}
-	if (nr < 0) {
+		}
+	}
+	if (nr < 0)
+	{
 		mailerr("450 4.2.0", "temporary file: %s",
-			strerror(errno));
+			errstring(errno));
 		goto err3;
 	}
 
 	/* Flush to disk, don't wait for update. */
-	if (fsync(mbfd)) {
-		mailerr("450 4.2.0", "%s: %s", path, strerror(errno));
+	if (fsync(mbfd) < 0)
+	{
+		mailerr("450 4.2.0", "%s: %s", path, errstring(errno));
 err3:
-		if (setreuid(0, 0) < 0) {
+		if (setreuid(0, 0) < 0)
+		{
 #if 0
 			/* already printed an error above for this recipient */
-			e_to_sys(errno);
+			(void) e_to_sys(errno);
 			mailerr("450 4.2.0", "setreuid(0, 0): %s",
-				strerror(errno));
-#endif
+				errstring(errno));
+#endif /* 0 */
 		}
 #ifdef DEBUG
-		printf("reset euid = %d\n", geteuid());
-#endif
-		(void)ftruncate(mbfd, curoff);
-err1:		(void)close(mbfd);
+		fprintf(stderr, "reset euid = %d\n", geteuid());
+#endif /* DEBUG */
+		(void) ftruncate(mbfd, curoff);
+err1:		(void) close(mbfd);
 err0:		unlockmbox();
 		return;
 	}
 
 	/* Close and check -- NFS doesn't write until the close. */
-	if (close(mbfd)) {
-		mailerr("450 4.2.0", "%s: %s", path, strerror(errno));
-		truncate(path, curoff);
-	} else
+	if (close(mbfd))
+	{
+#ifdef EDQUOT
+		if (errno == EDQUOT && bouncequota)
+			mailerr("552 5.2.2", "%s: %s", path, errstring(errno));
+		else
+#endif /* EDQUOT */
+		mailerr("450 4.2.0", "%s: %s", path, errstring(errno));
+		(void) truncate(path, curoff);
+	}
+	else
 		notifybiff(biffmsg);
 
-	if (setreuid(0, 0) < 0) {
+	if (setreuid(0, 0) < 0)
+	{
 		mailerr("450 4.2.0", "setreuid(0, 0): %s",
-			strerror(errno));
+			errstring(errno));
 		goto err0;
 	}
 #ifdef DEBUG
-	printf("reset euid = %d\n", geteuid());
-#endif
+	fprintf(stderr, "reset euid = %d\n", geteuid());
+#endif /* DEBUG */
 	unlockmbox();
-	if (lmtpmode) {
+	if (LMTPMode)
 		printf("250 2.1.5 %s OK\r\n", name);
-	}
 }
 
 /*
- * user.lock files are necessary for compatibility with other
- * systems, e.g., when the mail spool file is NFS exported.
- * Alas, mailbox locking is more than just a local matter.
- * EPA 11/94.
- */
+**  user.lock files are necessary for compatibility with other
+**  systems, e.g., when the mail spool file is NFS exported.
+**  Alas, mailbox locking is more than just a local matter.
+**  EPA 11/94.
+*/
 
-char	lockname[MAXPATHLEN];
-int	locked = 0;
+bool	Locked = FALSE;
+
+#ifdef MAILLOCK
+int
+lockmbox(name)
+	char *name;
+{
+	int r;
+
+	if (Locked)
+		return 0;
+	if ((r = maillock(name, 15)) == L_SUCCESS)
+	{
+		Locked = TRUE;
+		return 0;
+	}
+	switch (r)
+	{
+	  case L_TMPLOCK:	/* Can't create tmp file */
+	  case L_TMPWRITE:	/* Can't write pid into lockfile */
+	  case L_MAXTRYS:	/* Failed after retrycnt attempts */
+		errno = 0;
+		r = EX_TEMPFAIL;
+		break;
+	  case L_ERROR:		/* Check errno for reason */
+		r = errno;
+		break;
+	  default:		/* other permanent errors */
+		errno = 0;
+		r = EX_UNAVAILABLE;
+		break;
+	}
+	return r;
+}
 
 void
+unlockmbox()
+{
+	if (Locked)
+		mailunlock();
+	Locked = FALSE;
+}
+#else /* MAILLOCK */
+
+char	LockName[MAXPATHLEN];
+
+int
 lockmbox(path)
 	char *path;
 {
 	int statfailed = 0;
-
-	if (locked)
-		return;
-	if (strlen(path) + 6 > sizeof lockname)
-		return;
-	snprintf(lockname, sizeof lockname, "%s.lock", path);
-	for (;; sleep(5)) {
+	time_t start;
+
+	if (Locked)
+		return 0;
+	if (strlen(path) + 6 > sizeof LockName)
+		return EX_SOFTWARE;
+	(void) snprintf(LockName, sizeof LockName, "%s.lock", path);
+	(void) time(&start);
+	for (; ; sleep(5))
+	{
 		int fd;
 		struct stat st;
 		time_t now;
 
-		fd = open(lockname, O_WRONLY|O_EXCL|O_CREAT, 0);
-		if (fd >= 0) {
+		/* global timeout */
+		(void) time(&now);
+		if (now > start + LOCKTO_GLOB)
+		{
+			errno = 0;
+			return EX_TEMPFAIL;
+		}
+		fd = open(LockName, O_WRONLY|O_EXCL|O_CREAT, 0);
+		if (fd >= 0)
+		{
 			/* defeat lock checking programs which test pid */
-			write(fd, "0", 2);
-			locked = 1;
-			close(fd);
-			return;
+			(void) write(fd, "0", 2);
+			Locked = TRUE;
+			(void) close(fd);
+			return 0;
 		}
-		if (stat(lockname, &st) < 0) {
+		if (stat(LockName, &st) < 0)
+		{
 			if (statfailed++ > 5)
-				return;
+			{
+				errno = 0;
+				return EX_TEMPFAIL;
+			}
 			continue;
 		}
 		statfailed = 0;
-		time(&now);
-		if (now < st.st_ctime + 300)
+		(void) time(&now);
+		if (now < st.st_ctime + LOCKTO_RM)
 			continue;
-		unlink(lockname);
+
+		/* try to remove stale lockfile */
+		if (unlink(LockName) < 0)
+			return errno;
 	}
 }
 
 void
 unlockmbox()
 {
-	if (!locked)
+	if (!Locked)
 		return;
-	unlink(lockname);
-	locked = 0;
+	(void) unlink(LockName);
+	Locked = FALSE;
 }
+#endif /* MAILLOCK */
 
 void
 notifybiff(msg)
 	char *msg;
 {
-	static struct sockaddr_in addr;
+	static bool initialized = FALSE;
 	static int f = -1;
 	struct hostent *hp;
 	struct servent *sp;
 	int len;
+	static struct sockaddr_in addr;
+
+	if (!initialized)
+	{
+		initialized = TRUE;
 
-	if (addr.sin_family == 0) {
 		/* Be silent if biff service not available. */
-		if ((sp = getservbyname("biff", "udp")) == NULL)
-			return;
-		if ((hp = gethostbyname("localhost")) == NULL) {
+		if ((sp = getservbyname("biff", "udp")) == NULL ||
+		    (hp = gethostbyname("localhost")) == NULL ||
+		    hp->h_length != INADDRSZ)
 			return;
-		}
+
 		addr.sin_family = hp->h_addrtype;
-		memcpy(&addr.sin_addr, hp->h_addr, hp->h_length);
+		memcpy(&addr.sin_addr, hp->h_addr, INADDRSZ);
 		addr.sin_port = sp->s_port;
 	}
-	if (f < 0 && (f = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
+
+	/* No message, just return */
+	if (msg == NULL)
+		return;
+
+	/* Couldn't initialize addr struct */
+	if (addr.sin_family == AF_UNSPEC)
+		return;
+
+	if (f < 0 && (f = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
 		return;
-	}
 	len = strlen(msg) + 1;
-	(void) sendto(f, msg, len, 0, (struct sockaddr *)&addr, sizeof(addr));
+	(void) sendto(f, msg, len, 0, (struct sockaddr *) &addr, sizeof(addr));
 }
 
 void
 usage()
 {
-	eval = EX_USAGE;
+	ExitVal = EX_USAGE;
 	mailerr(NULL, "usage: mail.local [-l] [-f from] user ...");
-	exit(eval);
+	exit(ExitVal);
 }
 
 void
 #ifdef __STDC__
 mailerr(const char *hdr, const char *fmt, ...)
-#else
+#else /* __STDC__ */
 mailerr(hdr, fmt, va_alist)
 	const char *hdr;
 	const char *fmt;
 	va_dcl
-#endif
+#endif /* __STDC__ */
 {
 	va_list ap;
 
 #ifdef __STDC__
 	va_start(ap, fmt);
-#else
+#else /* __STDC__ */
 	va_start(ap);
-#endif
-	if (lmtpmode)
+#endif /* __STDC__ */
+	if (LMTPMode)
 	{
 		if (hdr != NULL)
 			printf("%s ", hdr);
-		vprintf(fmt, ap);
-		printf("\r\n");
+		(void) vprintf(fmt, ap);
+		(void) printf("\r\n");
 	}
 	else
 	{
-		e_to_sys(errno);
+		(void) e_to_sys(errno);
 		vwarn(fmt, ap);
 	}
 }
@@ -1036,142 +1423,133 @@ vwarn(fmt, ap)
 	_BSD_VA_LIST_ ap;
 {
 	/*
-	 * Log the message to stderr.
-	 *
-	 * Don't use LOG_PERROR as an openlog() flag to do this,
-	 * it's not portable enough.
-	 */
-	if (eval != EX_USAGE)
-		(void)fprintf(stderr, "mail.local: ");
-	(void)vfprintf(stderr, fmt, ap);
-	(void)fprintf(stderr, "\n");
+	**  Log the message to stderr.
+	**
+	**  Don't use LOG_PERROR as an openlog() flag to do this,
+	**  it's not portable enough.
+	*/
+
+	if (ExitVal != EX_USAGE)
+		(void) fprintf(stderr, "mail.local: ");
+	(void) vfprintf(stderr, fmt, ap);
+	(void) fprintf(stderr, "\n");
 
 #if USE_VSYSLOG
 	/* Log the message to syslog. */
 	vsyslog(LOG_ERR, fmt, ap);
-#else
+#else /* USE_VSYSLOG */
 	{
 		char fmtbuf[10240];
 
 		(void) vsnprintf(fmtbuf, sizeof fmtbuf, fmt, ap);
 		syslog(LOG_ERR, "%s", fmtbuf);
 	}
-#endif
+#endif /* USE_VSYSLOG */
 }
 
 /*
  * e_to_sys --
  *	Guess which errno's are temporary.  Gag me.
  */
-void
+int
 e_to_sys(num)
 	int num;
 {
 	/* Temporary failures override hard errors. */
-	if (eval == EX_TEMPFAIL)
-		return;
+	if (ExitVal == EX_TEMPFAIL)
+		return ExitVal;
 
-	switch(num) {		/* Hopefully temporary errors. */
-#ifdef EAGAIN
-	case EAGAIN:		/* Resource temporarily unavailable */
-#endif
+	switch (num)		/* Hopefully temporary errors. */
+	{
 #ifdef EDQUOT
-	case EDQUOT:		/* Disc quota exceeded */
-#endif
+	  case EDQUOT:		/* Disc quota exceeded */
+		if (bouncequota)
+		{
+			ExitVal = EX_UNAVAILABLE;
+			break;
+		}
+		/* FALLTHROUGH */
+#endif /* EDQUOT */
+#ifdef EAGAIN
+	  case EAGAIN:		/* Resource temporarily unavailable */
+#endif /* EAGAIN */
 #ifdef EBUSY
-	case EBUSY:		/* Device busy */
-#endif
+	  case EBUSY:		/* Device busy */
+#endif /* EBUSY */
 #ifdef EPROCLIM
-	case EPROCLIM:		/* Too many processes */
-#endif
+	  case EPROCLIM:	/* Too many processes */
+#endif /* EPROCLIM */
 #ifdef EUSERS
-	case EUSERS:		/* Too many users */
-#endif
+	  case EUSERS:		/* Too many users */
+#endif /* EUSERS */
 #ifdef ECONNABORTED
-	case ECONNABORTED:	/* Software caused connection abort */
-#endif
+	  case ECONNABORTED:	/* Software caused connection abort */
+#endif /* ECONNABORTED */
 #ifdef ECONNREFUSED
-	case ECONNREFUSED:	/* Connection refused */
-#endif
+	  case ECONNREFUSED:	/* Connection refused */
+#endif /* ECONNREFUSED */
 #ifdef ECONNRESET
-	case ECONNRESET:	/* Connection reset by peer */
-#endif
+	  case ECONNRESET:	/* Connection reset by peer */
+#endif /* ECONNRESET */
 #ifdef EDEADLK
-	case EDEADLK:		/* Resource deadlock avoided */
-#endif
+	  case EDEADLK:		/* Resource deadlock avoided */
+#endif /* EDEADLK */
 #ifdef EFBIG
-	case EFBIG:		/* File too large */
-#endif
+	  case EFBIG:		/* File too large */
+#endif /* EFBIG */
 #ifdef EHOSTDOWN
-	case EHOSTDOWN:		/* Host is down */
-#endif
+	  case EHOSTDOWN:	/* Host is down */
+#endif /* EHOSTDOWN */
 #ifdef EHOSTUNREACH
-	case EHOSTUNREACH:	/* No route to host */
-#endif
+	  case EHOSTUNREACH:	/* No route to host */
+#endif /* EHOSTUNREACH */
 #ifdef EMFILE
-	case EMFILE:		/* Too many open files */
-#endif
+	  case EMFILE:		/* Too many open files */
+#endif /* EMFILE */
 #ifdef ENETDOWN
-	case ENETDOWN:		/* Network is down */
-#endif
+	  case ENETDOWN:	/* Network is down */
+#endif /* ENETDOWN */
 #ifdef ENETRESET
-	case ENETRESET:		/* Network dropped connection on reset */
-#endif
+	  case ENETRESET:	/* Network dropped connection on reset */
+#endif /* ENETRESET */
 #ifdef ENETUNREACH
-	case ENETUNREACH:	/* Network is unreachable */
-#endif
+	  case ENETUNREACH:	/* Network is unreachable */
+#endif /* ENETUNREACH */
 #ifdef ENFILE
-	case ENFILE:		/* Too many open files in system */
-#endif
+	  case ENFILE:		/* Too many open files in system */
+#endif /* ENFILE */
 #ifdef ENOBUFS
-	case ENOBUFS:		/* No buffer space available */
-#endif
+	  case ENOBUFS:		/* No buffer space available */
+#endif /* ENOBUFS */
 #ifdef ENOMEM
-	case ENOMEM:		/* Cannot allocate memory */
-#endif
+	  case ENOMEM:		/* Cannot allocate memory */
+#endif /* ENOMEM */
 #ifdef ENOSPC
-	case ENOSPC:		/* No space left on device */
-#endif
+	  case ENOSPC:		/* No space left on device */
+#endif /* ENOSPC */
 #ifdef EROFS
-	case EROFS:		/* Read-only file system */
-#endif
+	  case EROFS:		/* Read-only file system */
+#endif /* EROFS */
 #ifdef ESTALE
-	case ESTALE:		/* Stale NFS file handle */
-#endif
+	  case ESTALE:		/* Stale NFS file handle */
+#endif /* ESTALE */
 #ifdef ETIMEDOUT
-	case ETIMEDOUT:		/* Connection timed out */
-#endif
+	  case ETIMEDOUT:	/* Connection timed out */
+#endif /* ETIMEDOUT */
 #if defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN && EWOULDBLOCK != EDEADLK
-	case EWOULDBLOCK:	/* Operation would block. */
-#endif
-		eval = EX_TEMPFAIL;
+	  case EWOULDBLOCK:	/* Operation would block. */
+#endif /* defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN && EWOULDBLOCK != EDEADLK */
+		ExitVal = EX_TEMPFAIL;
 		break;
-	default:
-		eval = EX_UNAVAILABLE;
+
+	  default:
+		ExitVal = EX_UNAVAILABLE;
 		break;
 	}
+	return ExitVal;
 }
 
-#if !HASSTRERROR
-
-char *
-strerror(eno)
-	int eno;
-{
-	extern int sys_nerr;
-	extern char *sys_errlist[];
-	static char ebuf[60];
-
-	if (eno >= 0 && eno < sys_nerr)
-		return sys_errlist[eno];
-	(void) sprintf(ebuf, "Error %d", eno);
-	return ebuf;
-}
-
-#endif /* !HASSTRERROR */
-
 #if defined(ultrix) || defined(_CRAY)
-
 /*
  * Copyright (c) 1987, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -1205,16 +1583,16 @@ strerror(eno)
  * SUCH DAMAGE.
  */
 
-#if defined(LIBC_SCCS) && !defined(lint)
+# if defined(LIBC_SCCS) && !defined(lint)
 static char sccsid[] = "@(#)mktemp.c	8.1 (Berkeley) 6/4/93";
-#endif /* LIBC_SCCS and not lint */
+# endif /* defined(LIBC_SCCS) && !defined(lint) */
 
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <stdio.h>
-#include <ctype.h>
+# include <sys/types.h>
+# include <sys/stat.h>
+# include <fcntl.h>
+# include <errno.h>
+# include <stdio.h>
+# include <ctype.h>
 
 static int _gettemp();
 
@@ -1226,14 +1604,14 @@ mkstemp(path)
 	return (_gettemp(path, &fd) ? fd : -1);
 }
 
-/*
+# if 0
 char *
 mktemp(path)
 	char *path;
 {
 	return(_gettemp(path, (int *)NULL) ? path : (char *)NULL);
 }
-*/
+# endif /* 0 */
 
 static
 _gettemp(path, doopen)
@@ -1247,7 +1625,8 @@ _gettemp(path, doopen)
 
 	pid = getpid();
 	for (trv = path; *trv; ++trv);		/* extra X's get set to 0's */
-	while (*--trv == 'X') {
+	while (*--trv == 'X')
+	{
 		*trv = (pid % 10) + '0';
 		pid /= 10;
 	}
@@ -1256,14 +1635,17 @@ _gettemp(path, doopen)
 	 * check the target directory; if you have six X's and it
 	 * doesn't exist this runs for a *very* long time.
 	 */
-	for (start = trv + 1;; --trv) {
+	for (start = trv + 1;; --trv)
+	{
 		if (trv <= path)
 			break;
-		if (*trv == '/') {
+		if (*trv == '/')
+		{
 			*trv = '\0';
 			if (stat(path, &sbuf) < 0)
 				return(0);
-			if (!S_ISDIR(sbuf.st_mode)) {
+			if (!S_ISDIR(sbuf.st_mode))
+			{
 				errno = ENOTDIR;
 				return(0);
 			}
@@ -1272,8 +1654,10 @@ _gettemp(path, doopen)
 		}
 	}
 
-	for (;;) {
-		if (doopen) {
+	for (;;)
+	{
+		if (doopen)
+		{
 			if ((*doopen =
 			    open(path, O_CREAT|O_EXCL|O_RDWR, 0600)) >= 0)
 				return(1);
@@ -1284,12 +1668,14 @@ _gettemp(path, doopen)
 			return(errno == ENOENT ? 1 : 0);
 
 		/* tricky little algorithm for backward compatibility */
-		for (trv = start;;) {
+		for (trv = start;;)
+		{
 			if (!*trv)
 				return(0);
 			if (*trv == 'z')
 				*trv++ = 'a';
-			else {
+			else
+			{
 				if (isascii(*trv) && isdigit(*trv))
 					*trv = 'a';
 				else
@@ -1298,7 +1684,6 @@ _gettemp(path, doopen)
 			}
 		}
 	}
-	/*NOTREACHED*/
+	/* NOTREACHED */
 }
-
-#endif /* ultrix */
+#endif /* defined(ultrix) || defined(_CRAY) */
diff --git a/contrib/sendmail/mailstats/Build b/contrib/sendmail/mailstats/Build
index ab8a49d..3c8e03f 100755
--- a/contrib/sendmail/mailstats/Build
+++ b/contrib/sendmail/mailstats/Build
@@ -1,513 +1,13 @@
 #!/bin/sh
 
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
-# Copyright (c) 1993, 1996-1997 Eric P. Allman.  All rights reserved.
-# Copyright (c) 1993
-#	The Regents of the University of California.  All rights reserved.
+# Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
 # the sendmail distribution.
 #
 #
-#       @(#)Build	8.93 (Berkeley) 6/24/98
-#
-
-#
-#  A quick-and-dirty script to compile sendmail and related programs
-#  in the presence of multiple architectures.  To use, just use
-#  "sh Build".
-#
-
-trap "rm -f $obj/.settings$$; exit" 1 2 3 15
-
-cflag=""
-mflag=""
-sflag=""
-makeargs=""
-libdirs=""
-incdirs=""
-libsrch=""
-siteconfig=""
-EX_USAGE=64
-EX_NOINPUT=66
-EX_UNAVAILABLE=69
-
-while [ ! -z "$1" ]
-do
-	case $1
-	in
-	  -c)	# clean out existing $obj tree
-		cflag=1
-		shift
-		;;
-
-	  -m)	# show Makefile name only
-		mflag=1
-		shift
-		;;
-
-	  -E*)	# environment variables to pass into Build
-		arg=`echo $1 | sed 's/^-E//'`
-		if [ -z "$arg" ]
-		then
-		    shift   # move to argument
-		    arg=$1
-		fi
-		if [ -z "$arg" ]
-		then
-			echo "Empty -E flag" >&2
-			exit $EX_USAGE
-		else
-			case $arg
-			in
-			  *=*)	# check format
-				eval $arg
-				export `echo $arg | sed 's;=.*;;'`
-				;;
-			  *)	# bad format
-				echo "Bad format for -E argument ($arg)" >&2
-				exit $EX_USAGE
-				;;
-			esac
-			shift
-		fi
-		;;
-
-	  -L*)	# set up LIBDIRS
-		libdirs="$libdirs $1"
-		shift
-		;;
-
-	  -I*)	# set up INCDIRS
-		incdirs="$incdirs $1"
-		shift
-		;;
-
-	  -f*)	# select site config file
-		arg=`echo $1 | sed 's/^-f//'`
-		if [ -z "$arg" ]
-		then
-		    shift   # move to argument
-		    arg=$1
-		fi
-		if [ "$siteconfig" ]
-		then
-			echo "Only one -f flag allowed" >&2
-			exit $EX_USAGE
-		else
-			siteconfig=$arg
-			if [ -z "$siteconfig" ]
-			then
-				echo "Missing argument for -f flag" >&2
-				exit $EX_USAGE
-			elif [ ! -f "$siteconfig" ]
-			then
-				echo "${siteconfig}: File not found"
-				exit $EX_NOINPUT
-			else
-				shift	# move past argument
-			fi
-		fi
-		;;
-
-	  -S)	# skip auto-configure
-		sflag="-s"
-		shift
-		;;
-
-	  *)	# pass argument to make
-		makeargs="$makeargs \"$1\""
-		shift
-		;;
-	esac
-done
-
-#
-#  Do heuristic guesses !ONLY! for machines that do not have uname
-#
-if [ -d /NextApps -a ! -f /bin/uname -a ! -f /usr/bin/uname ]
-then
-	# probably a NeXT box
-	arch=`hostinfo | sed -n 's/.*Processor type: \([^ ]*\).*/\1/p'`
-	os=NeXT
-	rel=`hostinfo | sed -n 's/.*NeXT Mach \([0-9\.]*\).*/\1/p'`
-elif [ -f /usr/sony/bin/machine -a -f /etc/osversion ]
-then
-	# probably a Sony NEWS 4.x
-	os=NEWS-OS
-	rel=`awk '{ print $3}' /etc/osversion`
-	arch=`/usr/sony/bin/machine`
-elif [ -d /usr/omron -a -f /bin/luna ]
-then
-	# probably a Omron LUNA
-	os=LUNA
-	if [ -f /bin/luna1 ] && /bin/luna1
-	then
-		rel=unios-b
-		arch=luna1
-	elif [ -f /bin/luna2 ] && /bin/luna2
-	then
-		rel=Mach
-		arch=luna2
-	elif [ -f /bin/luna88k ] && /bin/luna88k
-	then
-		rel=Mach
-		arch=luna88k
-	fi
-elif [ -d /usr/apollo -a -d \`node_data ]
-then
-	# probably a Apollo/DOMAIN
-	os=DomainOS
-	arch=$ISP
-	rel=`/usr/apollo/bin/bldt | grep Domain | awk '{ print $4 }' | sed -e 's/,//g'`
-fi
-
-if [ ! "$arch" -a ! "$os" -a ! "$rel" ]
-then
-	arch=`uname -m | sed -e 's/ //g'`
-	os=`uname -s | sed -e 's/\//-/g' -e 's/ //g'`
-	rel=`uname -r | sed -e 's/(/-/g' -e 's/)//g'`
-fi
-
-#
-#  Tweak the values we have already got.  PLEASE LIMIT THESE to
-#  tweaks that are absolutely necessary because your system uname
-#  routine doesn't return something sufficiently unique.  Don't do
-#  it just because you don't like the name that is returned.  You
-#  can combine the architecture name with the os name to create a
-#  unique Makefile name.
-#
-
-# tweak machine architecture
-case $arch
-in
-  sun4*)	arch=sun4;;
-
-  9000/*)	arch=`echo $arch | sed -e 's/9000.//' -e 's/..$/xx/'`;;
-
-  DS/907000)	arch=ds90;;
-
-  NILE*)	arch=NILE
-		os=`uname -v`;;
-esac
-
-# tweak operating system type and release
-node=`uname -n | sed -e 's/\//-/g' -e 's/ //g'`
-if [ "$os" = "$node" -a "$arch" = "i386" -a "$rel" = 3.2 -a "`uname -v`" = 2 ]
-then
-	# old versions of SCO UNIX set uname -s the same as uname -n
-	os=SCO_SV
-fi
-if [ "$rel" = 4.0 ]
-then
-	case $arch in
-	  3[34]??|3[34]??,*)
-		if [ -d /usr/sadm/sysadm/add-ons/WIN-TCP ]
-		then
-			os=NCR.MP-RAS.2.x
-		elif [ -d /usr/sadm/sysadm/add-ons/inet ]
-		then
-			os=NCR.MP-RAS.3.x
-		fi
-		;;
-	esac
-fi
-
-case $os
-in
-  DYNIX-ptx)	os=PTX;;
-  Paragon*)	os=Paragon;;
-  HP-UX)	rel=`echo $rel | sed -e 's/^[^.]*\.0*//'`;;
-  AIX)		rela=$rel
-		rel=`uname -v`
-		case $rel in
-		  2)	arch=""
-			;;
-		  4)	if [ "$rela" = "3" ]
-			then
-				arch=$rela
-			fi
-			;;
-		esac
-		rel=$rel.$rela
-		;;
-  BSD-386)	os=BSD-OS;;
-  SCO_SV)	os=SCO; rel=`uname -X | sed -n 's/Release = 3.2v//p'`;;
-  UNIX_System_V) if [ "$arch" = "ds90" ]
-		then
-			os="UXPDS"
-			rel=`uname -v | sed -e 's/\(V.*\)L.*/\1/'`
-		fi;;
-  SINIX-?)	os=SINIX;;
-  DomainOS)	case $rel in
-		  10.4*)	rel=10.4;;
-		esac
-		;;
-esac
-
-# get "base part" of operating system release
-rroot=`echo $rel | sed -e 's/\.[^.]*$//'`
-rbase=`echo $rel | sed -e 's/\..*//'`
-if [ "$rroot" = "$rbase" ]
-then
-	rroot=$rel
-fi
-
-# heuristic tweaks to clean up names -- PLEASE LIMIT THESE!
-if [ "$os" = "unix" ]
-then
-	# might be Altos System V
-	case $rel
-	in
-	  5.3*)		os=Altos;;
-	esac
-elif [ -r /unix -a -r /usr/lib/libseq.a -a -r /lib/cpp ]
-then
-	# might be a DYNIX/ptx 2.x system, which has a broken uname
-	if strings /lib/cpp | grep _SEQUENT_ > /dev/null
-	then
-		os=PTX
-	fi
-elif [ -d /usr/nec ]
-then
-	# NEC machine -- what is it running?
-	if [ "$os" = "UNIX_System_V" ]
-	then
-		os=EWS-UX_V
-	elif [ "$os" = "UNIX_SV" ]
-	then
-		os=UX4800
-	fi
-elif [ "$arch" = "mips" ]
-then
-	case $rel
-	in
-	  4_*)
-		if [ `uname -v` = "UMIPS" ]
-		then
-			os=RISCos
-		fi;;
-	esac
-fi
-
-# see if there is a "user suffix" specified
-if [ "${SENDMAIL_SUFFIX-}x" = "x" ]
-then
-	sfx=""
-else
-	sfx=".${SENDMAIL_SUFFIX}"
-fi
-
-echo "Configuration: os=$os, rel=$rel, rbase=$rbase, rroot=$rroot, arch=$arch, sfx=$sfx"
-
-
-SMROOT=${SMROOT-..}
-BUILDTOOLS=${BUILDTOOLS-$SMROOT/BuildTools}
-export SMROOT BUILDTOOLS
-
-# see if we are in a Build-able directory
-if [ ! -f Makefile.m4 ]; then
-	echo "Makefile.m4 not found.  Build can only be run from a source directory."
-	exit $EX_UNAVAILABLE
-fi
-
-# now try to find a reasonable object directory
-if [ -r obj.$os.$rel.$arch$sfx ]; then
-	obj=obj.$os.$rel.$arch$sfx
-elif [ -r obj.$os.$rroot.$arch$sfx ]; then
-	obj=obj.$os.$rroot.$arch$sfx
-elif [ -r obj.$os.$rbase.x.$arch$sfx ]; then
-	obj=obj.$os.$rbase.x.$arch$sfx
-elif [ -r obj.$os.$rel$sfx ]; then
-	obj=obj.$os.$rel$sfx
-elif [ -r obj.$os.$rbase.x$sfx ]; then
-	obj=obj.$os.$rbase.x$sfx
-elif [ -r obj.$os.$arch$sfx ]; then
-	obj=obj.$os.$arch$sfx
-elif [ -r obj.$rel.$arch$sfx ]; then
-	obj=obj.$rel.$arch$sfx
-elif [ -r obj.$rbase.x.$arch$sfx ]; then
-	obj=obj.$rbase.x.$arch$sfx
-elif [ -r obj.$os$sfx ]; then
-	obj=obj.$os$sfx
-elif [ -r obj.$arch$sfx ]; then
-	obj=obj.$arch$sfx
-elif [ -r obj.$rel$sfx ]; then
-	obj=obj.$rel$sfx
-elif [ -r obj$sfx ]; then
-	obj=obj$sfx
-fi
-if [ -z "$obj" -o "$cflag" ]
-then
-	if [ -n "$obj" ]
-	then
-		echo "Clearing out existing $obj tree"
-		rm -rf $obj
-	else
-		# no existing obj directory -- try to create one if Makefile found
-		obj=obj.$os.$rel.$arch$sfx
-	fi
-	if [ -r $BUILDTOOLS/OS/$os.$rel.$arch$sfx ]; then
-		oscf=$os.$rel.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rel.$arch ]; then
-		oscf=$os.$rel.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot.$arch$sfx ]; then
-		oscf=$os.$rroot.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot.$arch ]; then
-		oscf=$os.$rroot.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x.$arch$sfx ]; then
-		oscf=$os.$rbase.x.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x.$arch ]; then
-		oscf=$os.$rbase.x.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rel$sfx ]; then
-		oscf=$os.$rel$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rel ]; then
-		oscf=$os.$rel
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot$sfx ]; then
-		oscf=$os.$rroot$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot ]; then
-		oscf=$os.$rroot
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x$sfx ]; then
-		oscf=$os.$rbase.x$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x ]; then
-		oscf=$os.$rbase.x
-	elif [ -r $BUILDTOOLS/OS/$os.$arch$sfx ]; then
-		oscf=$os.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$arch ]; then
-		oscf=$os.$arch
-	elif [ -r $BUILDTOOLS/OS/$rel.$arch$sfx ]; then
-		oscf=$rel.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rel.$arch ]; then
-		oscf=$rel.$arch
-	elif [ -r $BUILDTOOLS/OS/$rroot.$arch$sfx ]; then
-		oscf=$rroot.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rroot.$arch ]; then
-		oscf=$rroot.$arch
-	elif [ -r $BUILDTOOLS/OS/$rbase.x.$arch$sfx ]; then
-		oscf=$rbase.x.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rbase.x.$arch ]; then
-		oscf=$rbase.x.$arch
-	elif [ -r $BUILDTOOLS/OS/$os$sfx ]; then
-		oscf=$os$sfx
-	elif [ -r $BUILDTOOLS/OS/$os ]; then
-		oscf=$os
-	elif [ -r $BUILDTOOLS/OS/$arch$sfx ]; then
-		oscf=$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$arch ]; then
-		oscf=$arch
-	elif [ -r $BUILDTOOLS/OS/$rel$sfx ]; then
-		oscf=$rel$sfx
-	elif [ -r $BUILDTOOLS/OS/$rel ]; then
-		oscf=$rel
-	elif [ -r $BUILDTOOLS/OS/$rel$sfx ]; then
-		oscf=$rel$sfx
-	else
-		echo "Cannot determine how to support $arch.$os.$rel" >&2
-		exit $EX_UNAVAILABLE
-	fi
-	M4=`sh $BUILDTOOLS/bin/find_m4.sh`
-	ret=$?
-	if [ $ret -ne 0 ]
-	then
-		exit $ret
-	fi
-	echo "Using M4=$M4"
-	export M4
-	if [ "$mflag" ]
-	then
-		echo "Will run in virgin $obj using $BUILDTOOLS/OS/$oscf"
-		exit 0
-	fi
-	if [ "$ABI" ]
-	then
-		echo "Using ABI $ABI"
-	fi
-	echo "Creating $obj using $BUILDTOOLS/OS/$oscf"
-	mkdir $obj
-	(cd $obj; ln -s ../*.[ch158] .)
-	if [ -f sendmail.hf ]
-	then
-		(cd $obj; ln -s ../sendmail.hf .)
-	fi
-
-	rm -f $obj/.settings$$
-	echo 'divert(-1)' > $obj/.settings$$
-	cat $BUILDTOOLS/M4/header.m4 >> $obj/.settings$$
-	if [ "$ABI" ]
-	then
-		echo "define(\`confABI', \`$ABI')" >> $obj/.settings$$
-	fi
-	cat $BUILDTOOLS/OS/$oscf >> $obj/.settings$$
-
-	if [ -z "$siteconfig" ]
-	then
-		# none specified, use defaults
-		if [ -f $BUILDTOOLS/Site/site.$oscf$sfx.m4 ]
-		then
-			siteconfig=$BUILDTOOLS/Site/site.$oscf$sfx.m4
-		elif [ -f $BUILDTOOLS/Site/site.$oscf.m4 ]
-		then
-			siteconfig=$BUILDTOOLS/Site/site.$oscf.m4
-		fi
-		if [ -f $BUILDTOOLS/Site/site.config.m4 ]
-		then
-			siteconfig="$BUILDTOOLS/Site/site.config.m4 $siteconfig"
-		fi
-	fi
-	if [ ! -z "$siteconfig" ]
-	then
-		echo "Including $siteconfig"
-		cat $siteconfig >> $obj/.settings$$
-	fi
-	if [ "$libdirs" ]
-	then
-		echo "define(\`confLIBDIRS', confLIBDIRS \`\`$libdirs'')" >> $obj/.settings$$
-	fi
-	if [ "$incdirs" ]
-	then
-		echo "define(\`confINCDIRS', confINCDIRS \`\`$incdirs'')" >> $obj/.settings$$
-	fi
-	echo 'divert(0)dnl' >> $obj/.settings$$
-	libdirs=`(cat $obj/.settings$$; echo "_SRIDBIL_= confLIBDIRS" ) | \
-		sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
-		grep "^_SRIDBIL_=" | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_SRIDBIL_=//"`
-	libsrch=`(cat $obj/.settings$$; echo "_HCRSBIL_= confLIBSEARCH" ) | \
-		sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
-		grep "^_HCRSBIL_=" | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_HCRSBIL_=//"`
-	echo 'divert(-1)' >> $obj/.settings$$
-	LIBDIRS="$libdirs" LIBSRCH="$libsrch" SITECONFIG="$siteconfig" sh $BUILDTOOLS/bin/configure.sh $sflag $oscf >> $obj/.settings$$
-	echo 'divert(0)dnl' >> $obj/.settings$$
-	sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' $obj/.settings$$ | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - Makefile.m4 | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' > $obj/Makefile
-	if [ $? -ne 0 -o ! -s $obj/Makefile ]
-	then
-		echo "ERROR: ${M4} failed; You may need a newer version of M4, at least as new as System V or GNU" 1>&2
-		rm -rf $obj
-		exit $EX_UNAVAILABLE
-	fi
-	rm -f $obj/.settings$$
-	echo "Making dependencies in $obj"
-	(cd $obj; ${MAKE-make} depend)
-fi
-
-if [ "$mflag" ]
-then
-	makefile=`ls -l $obj/Makefile | sed 's/.* //'`
-	if [ -z "$makefile" ]
-	then
-		echo "ERROR: $obj exists but has no Makefile" >&2
-		exit $EX_NOINPUT
-	fi
-	echo "Will run in existing $obj using $makefile"
-	exit 0
-fi
+#	$Id: Build,v 8.4 1999/03/02 02:33:27 peterh Exp $
 
-echo "Making in $obj"
-cd $obj
-eval exec ${MAKE-make} $makeargs
+exec ../devtools/bin/Build $*
diff --git a/contrib/sendmail/mailstats/Makefile b/contrib/sendmail/mailstats/Makefile
new file mode 100644
index 0000000..6dbcb62
--- /dev/null
+++ b/contrib/sendmail/mailstats/Makefile
@@ -0,0 +1,17 @@
+#       $Id: Makefile,v 8.5 1999/09/23 22:36:36 ca Exp $
+
+SHELL= /bin/sh
+BUILD=   ./Build
+OPTIONS= $(CONFIG) $(FLAGS)
+
+all: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+clean: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+install: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+
+fresh: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) -c
+
+FRC:
diff --git a/contrib/sendmail/mailstats/Makefile.m4 b/contrib/sendmail/mailstats/Makefile.m4
index 2de9904..5a9259d 100644
--- a/contrib/sendmail/mailstats/Makefile.m4
+++ b/contrib/sendmail/mailstats/Makefile.m4
@@ -1,97 +1,20 @@
-#
-#  This Makefile is designed to work on the old "make" program.
-#
-#	@(#)Makefile.m4	8.15	(Berkeley)	7/12/1998
-#
+include(confBUILDTOOLSDIR`/M4/switch.m4')
 
-# C compiler
-CC=	confCC
+# sendmail dir
+SMSRCDIR=	ifdef(`confSMSRCDIR', `confSMSRCDIR', `${SRCDIR}/sendmail')
+PREPENDDEF(`confENVDEF', `confMAPDEF')
+PREPENDDEF(`confINCDIRS', `-I${SMSRCDIR} ')
 
-# Shell
-SHELL=	confSHELL
+bldPRODUCT_START(`executable', `mailstats')
+define(`bldINSTALL_DIR', `S')
+define(`bldSOURCES', `mailstats.c ')
+bldPUSH_SMLIB(`smutil')
+APPENDDEF(`confENVDEF', `-DNOT_SENDMAIL')
+bldPRODUCT_END
 
-# use O=-O (usual) or O=-g (debugging)
-O=	ifdef(`confOPTIMIZE', `confOPTIMIZE', `-O')
+bldPRODUCT_START(`manpage', `mailstats')
+define(`bldSOURCES', `mailstats.8')
+bldPRODUCT_END
 
-# location of sendmail source directory
-SRCDIR=	ifdef(`confSRCDIR', `confSRCDIR', `../../src')
+bldFINISH
 
-# environment definitions (e.g., -D_AIX3)
-ENVDEF=	ifdef(`confENVDEF', `confENVDEF')
-
-# see also conf.h for additional compilation flags
-
-# include directories
-INCDIRS=-I${SRCDIR} confINCDIRS
-
-# loader options
-LDOPTS=	ifdef(`confLDOPTS', `confLDOPTS')
-
-# library directories
-LIBDIRS=confLIBDIRS
-
-# libraries required on your system
-LIBS=	ifdef(`confLIBS', `confLIBS')
-
-# location of mailstats binary (usually /usr/sbin or /usr/etc)
-SBINDIR=${DESTDIR}ifdef(`confSBINDIR', `confSBINDIR', `/usr/sbin')
-
-# additional .o files needed
-OBJADD=	ifdef(`confOBJADD', `confOBJADD')
-
-undivert(1)
-
-###################  end of user configuration flags  ######################
-
-BUILDBIN=confBUILDBIN
-COPTS=	-I. ${INCDIRS} ${ENVDEF}
-CFLAGS=	$O ${COPTS}
-
-BEFORE= confBEFORE
-OBJS=	mailstats.o ${OBJADD}
-
-NROFF=	ifdef(`confNROFF', `confNROFF', `groff -Tascii')
-MANDOC=	ifdef(`confMANDOC', `confMANDOC', `-mandoc')
-
-INSTALL=ifdef(`confINSTALL', `confINSTALL', `install')
-BINOWN=	ifdef(`confUBINOWN', `confUBINOWN', `bin')
-BINGRP=	ifdef(`confUBINGRP', `confUBINGRP', `bin')
-BINMODE=ifdef(`confUBINMODE', `confUBINMODE', `555')
-
-MANOWN=	ifdef(`confMANOWN', `confMANOWN', `bin')
-MANGRP=	ifdef(`confMANGRP', `confMANGRP', `bin')
-MANMODE=ifdef(`confMANMODE', `confMANMODE', `444')
-
-MANROOT=${DESTDIR}ifdef(`confMANROOT', `confMANROOT', `/usr/share/man/cat')
-MAN8=	${MANROOT}ifdef(`confMAN8', `confMAN8', `8')
-MAN8EXT=ifdef(`confMAN8EXT', `confMAN8EXT', `8')
-MAN8SRC=ifdef(`confMAN8SRC', `confMAN8SRC', `0')
-
-ALL=	mailstats mailstats.${MAN8SRC}
-
-all: ${ALL}
-
-mailstats: ${BEFORE} ${OBJS}
-	${CC} -o mailstats ${LDOPTS} ${OBJS} ${LIBDIRS} ${LIBS}
-
-undivert(3)
-
-mailstats.${MAN8SRC}: mailstats.8
-	${NROFF} ${MANDOC} mailstats.8 > mailstats.${MAN8SRC}
-
-install: install-mailstats install-docs
-
-install-mailstats: mailstats
-	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} mailstats ${SBINDIR}
-
-install-docs: mailstats.${MAN8SRC}
-ifdef(`confNO_MAN_INSTALL', `dnl',
-`	${INSTALL} -c -o ${MANOWN} -g ${MANGRP} -m ${MANMODE} mailstats.${MAN8SRC} ${MAN8}/mailstats.${MAN8EXT}')
-
-clean:
-	rm -f ${OBJS} mailstats mailstats.${MAN8SRC}
-
-################  Dependency scripts
-include(confBUILDTOOLSDIR/M4/depend/ifdef(`confDEPEND_TYPE', `confDEPEND_TYPE',
-`generic').m4)dnl
-################  End of dependency scripts
diff --git a/contrib/sendmail/mailstats/mailstats.8 b/contrib/sendmail/mailstats/mailstats.8
index be2203d..2fab81d 100644
--- a/contrib/sendmail/mailstats/mailstats.8
+++ b/contrib/sendmail/mailstats/mailstats.8
@@ -1,100 +1,107 @@
-.\" Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+.\" Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+.\"	 All rights reserved.
 .\"
 .\" By using this file, you agree to the terms and conditions set
 .\" forth in the LICENSE file which can be found at the top level of
 .\" the sendmail distribution.
 .\"
 .\"
-.\"	@(#)mailstats.8	8.8 (Berkeley) 11/13/1998
+.\"	$Id: mailstats.8,v 8.17 2000/03/11 20:18:21 gshapiro Exp $
 .\"
-.Dd April 25, 1996
-.Dt MAILSTATS 1
-.Os BSD 3
-.Sh NAME
-.Nm mailstats
-.Nd display mail statistics
-.Sh SYNOPSIS
-.Nm mailstats
-.Op Fl o
-.if \nP .Op Fl p
-.Op Fl C Ar cffile
-.Op Fl f Ar stfile
-.Sh DESCRIPTION
+.TH MAILSTATS 1 "April 25, 1996"
+.SH NAME
+.B mailstats
+\- display mail statistics
+.SH SYNOPSIS
+.B mailstats
+.RB [ \-o "] [" \-p ]
+.RB [ \-C 
+.IR cffile ]
+.RB [ \-f
+.IR stfile ]
+.SH DESCRIPTION
 The
-.Nm mailstats
+.B mailstats
 utility displays the current mail statistics.
-.Pp
+.PP
 First, the time at which statistics started being kept is displayed,
-in the format specified by
-.Xr ctime 3 .
-Then,
-the statistics for each mailer are displayed on a single line,
-each with the following whitespace separated fields:
-.Pp
-.Bl -tag -width 10n -offset indent -compact
-.It Sy M
+in the format specified by 
+ctime(3).  
+Then, 
+the statistics for each mailer are displayed on a single line, 
+each with the following white space separated fields:
+.sp
+.RS
+.PD 0.2v
+.TP 1.2i
+.B M
 The mailer number.
-.It Sy msgsfr
+.TP 
+.B msgsfr
 Number of messages from the mailer.
-.It Sy bytes_from
+.TP
+.B bytes_from
 Kbytes from the mailer.
-.It Sy msgsto
+.TP
+.B msgsto
 Number of messages to the mailer.
-.It Sy bytes_to
+.TP
+.B bytes_to
 Kbytes to the mailer.
-.It Sy msgsrej
+.TP
+.B msgsrej
 Number of messages rejected.
-.It Sy msgsdis
+.TP
+.B msgsdis
 Number of messages discarded.
-.It Sy Mailer
+.TP
+.B Mailer
 The name of the mailer.
-.El
-.Pp
-After this display, a line totaling the values for all of the mailers
-is displayed,
-separated from the previous information by a line containing only equals
-.Pq Dq \&=
+.PD
+.RE
+.PP
+After this display, a line totaling the values for all of the mailers 
+is displayed (preceeded with a ``T''),
+separated from the previous information by a line containing only equals 
+(``='') 
 characters.
-.Pp
+Another line preceeded with a ``C'' lists the number of connections.
+.PP
 The options are as follows:
-.Bl -tag -width Ds
-.It Fl C
+.TP 
+.B \-C
 Read the specified file instead of the default
-.Nm sendmail
-.Dq cf
-file.
-.It Fl f
+.B sendmail
+``cf'' file.
+.TP
+.B \-f
 Read the specified statistics file instead of the statistics file
 specified in the
-.Nm sendmail
-.Dq cf
-file.
-.if \nP \
-\{
-.It Fl p
+.B sendmail 
+``cf'' file.
+.TP 
+.B \-p
 Output information in program-readable mode and clear statistics.
-.\}
-.It Fl o
+.TP
+.B \-o
 Don't display the name of the mailer in the output.
-.El
-.Pp
+.PP
 The
-.Nm mailstats
+.B mailstats
 utility exits 0 on success, and >0 if an error occurs.
-.Sh FILES
-.Bl -tag -width /var/log/sendmail.stXX -compact
-.ie \nP .It Pa /etc/mail/sendmail.cf
-.el .It Pa /etc/sendmail.cf
+.SH FILES
+.PD 0.2v
+.TP 2.5i
+/etc/mail/sendmail.cf
 The default
-.Nm sendmail
-.Dq cf
-file.
-.ie \nP .It Pa /etc/mail/statistics
-.el .It Pa /var/log/sendmail.st
+.B sendmail
+``cf'' file.
+.TP
+/etc/mail/statistics
 The default
-.Nm sendmail
+.B sendmail
 statistics file.
-.El
-.Sh SEE ALSO
-.Xr mailq 1 ,
-.Xr sendmail 8
+.PD
+.SH SEE ALSO
+mailq(1), 
+sendmail(8)
diff --git a/contrib/sendmail/mailstats/mailstats.c b/contrib/sendmail/mailstats/mailstats.c
index 56e9357..b655727 100644
--- a/contrib/sendmail/mailstats/mailstats.c
+++ b/contrib/sendmail/mailstats/mailstats.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -13,33 +14,43 @@
 
 #ifndef lint
 static char copyright[] =
-"@(#) Copyright (c) 1988, 1993\n\
+"@(#) Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.\n\
+	All rights reserved.\n\
+     Copyright (c) 1988, 1993\n\
 	The Regents of the University of California.  All rights reserved.\n";
-#endif /* not lint */
+#endif /* ! lint */
 
 #ifndef lint
-static char sccsid[] = "@(#)mailstats.c	8.29 (Berkeley) 1/25/1999";
-#endif /* not lint */
+static char id[] = "@(#)$Id: mailstats.c,v 8.53.16.10 2000/07/18 05:51:15 gshapiro Exp $";
+#endif /* ! lint */
+
+#include <unistd.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+#include <time.h>
+#ifdef EX_OK
+# undef EX_OK		/* unistd.h may have another use for this */
+#endif /* EX_OK */
+#include <sysexits.h>
+
+#include <sendmail/sendmail.h>
+#include <sendmail/mailstats.h>
+#include <sendmail/pathnames.h>
 
-#ifndef NOT_SENDMAIL
-# define NOT_SENDMAIL
-#endif
-#include <sendmail.h>
-#include <mailstats.h>
-#include <pathnames.h>
 
 #define MNAMELEN	20	/* max length of mailer name */
 
+
 int
 main(argc, argv)
 	int argc;
 	char **argv;
 {
-	extern char *optarg;
-	extern int optind;
-	struct statistics stat;
 	register int i;
 	int mno;
+	int save_errno;
 	int ch, fd;
 	char *sfile;
 	char *cfile;
@@ -48,17 +59,21 @@ main(argc, argv)
 	bool progmode;
 	long frmsgs = 0, frbytes = 0, tomsgs = 0, tobytes = 0, rejmsgs = 0;
 	long dismsgs = 0;
-	char mtable[MAXMAILERS][MNAMELEN+1];
+	time_t now;
+	char mtable[MAXMAILERS][MNAMELEN + 1];
 	char sfilebuf[MAXLINE];
 	char buf[MAXLINE];
-	time_t now;
+	struct statistics stats;
 	extern char *ctime();
+	extern char *optarg;
+	extern int optind;
+
 
 	cfile = _PATH_SENDMAILCF;
 	sfile = NULL;
 	mnames = TRUE;
 	progmode = FALSE;
-	while ((ch = getopt(argc, argv, "C:f:op")) != EOF)
+	while ((ch = getopt(argc, argv, "C:f:op")) != -1)
 	{
 		switch (ch)
 		{
@@ -74,22 +89,15 @@ main(argc, argv)
 			mnames = FALSE;
 			break;
 
-#if _FFR_MAILSTATS_PROGMODE
 		  case 'p':
 			progmode = TRUE;
 			break;
-#endif
 
 		  case '?':
 		  default:
   usage:
-#if _FFR_MAILSTATS_PROGMODE
-			fputs("usage: mailstats [-C cffile] [-f stfile] -o -p\n",
-				stderr);
-#else
-			fputs("usage: mailstats [-C cffile] [-f stfile] -o \n",
-				stderr);
-#endif
+			(void) fputs("usage: mailstats [-C cffile] [-f stfile] [-o] [-p]\n",
+				     stderr);
 			exit(EX_USAGE);
 		}
 	}
@@ -101,15 +109,17 @@ main(argc, argv)
 
 	if ((cfp = fopen(cfile, "r")) == NULL)
 	{
+		save_errno = errno;
 		fprintf(stderr, "mailstats: ");
+		errno = save_errno;
 		perror(cfile);
 		exit(EX_NOINPUT);
 	}
 
 	mno = 0;
-	(void) strcpy(mtable[mno++], "prog");
-	(void) strcpy(mtable[mno++], "*file*");
-	(void) strcpy(mtable[mno++], "*include*");
+	(void) strlcpy(mtable[mno++], "prog", MNAMELEN + 1);
+	(void) strlcpy(mtable[mno++], "*file*", MNAMELEN + 1);
+	(void) strlcpy(mtable[mno++], "*include*", MNAMELEN + 1);
 
 	while (fgets(buf, sizeof(buf), cfp) != NULL)
 	{
@@ -141,14 +151,14 @@ main(argc, argv)
 			}
 
 			/* this is the S or StatusFile option -- save it */
-			if (strlen(b) >= sizeof sfilebuf)
+			if (strlcpy(sfilebuf, b, sizeof sfilebuf) >=
+			    sizeof sfilebuf)
 			{
 				fprintf(stderr,
 					"StatusFile filename too long: %.30s...\n",
 					b);
 				exit(EX_CONFIG);
 			}
-			strcpy(sfilebuf, b);
 			b = strchr(sfilebuf, '#');
 			if (b == NULL)
 				b = strchr(sfilebuf, '\n');
@@ -172,7 +182,7 @@ main(argc, argv)
 			exit(EX_SOFTWARE);
 		}
 		m = mtable[mno];
-		s = m + MNAMELEN;		/* is [MNAMELEN+1] */
+		s = m + MNAMELEN;		/* is [MNAMELEN + 1] */
 		while (*b != ',' && !(isascii(*b) && isspace(*b)) &&
 		       *b != '\0' && m < s)
 			*m++ = *b++;
@@ -195,66 +205,70 @@ main(argc, argv)
 		exit (EX_OSFILE);
 	}
 
-	if ((fd = open(sfile, O_RDONLY)) < 0 ||
-	    (i = read(fd, &stat, sizeof stat)) < 0)
+	fd = open(sfile, O_RDONLY);
+	if ((fd < 0) || (i = read(fd, &stats, sizeof stats)) < 0)
 	{
-		fputs("mailstats: ", stderr);
+		save_errno = errno;
+		(void) fputs("mailstats: ", stderr);
+		errno = save_errno;
 		perror(sfile);
 		exit(EX_NOINPUT);
 	}
 	if (i == 0)
 	{
-		sleep(1);
-		if ((i = read(fd, &stat, sizeof stat)) < 0)
+		(void) sleep(1);
+		if ((i = read(fd, &stats, sizeof stats)) < 0)
 		{
-			fputs("mailstats: ", stderr);
+			save_errno = errno;
+			(void) fputs("mailstats: ", stderr);
+			errno = save_errno;
 			perror(sfile);
 			exit(EX_NOINPUT);
 		}
 		else if (i == 0)
 		{
-			bzero((ARBPTR_T) &stat, sizeof stat);
-			(void) time(&stat.stat_itime);
+			memset((ARBPTR_T) &stats, '\0', sizeof stats);
+			(void) time(&stats.stat_itime);
 		}
 	}
 	if (i != 0)
 	{
-		if (stat.stat_magic != STAT_MAGIC)
+		if (stats.stat_magic != STAT_MAGIC)
 		{
 			fprintf(stderr,
 				"mailstats: incorrect magic number in %s\n",
 				sfile);
 			exit(EX_OSERR);
 		}
-		else if (stat.stat_version != STAT_VERSION)
+		else if (stats.stat_version != STAT_VERSION)
 		{
 			fprintf(stderr,
-				"mailstats version (%d) incompatible with %s version(%d)\n",
-				STAT_VERSION, sfile, stat.stat_version);
+				"mailstats version (%d) incompatible with %s version (%d)\n",
+				STAT_VERSION, sfile, stats.stat_version);
 			exit(EX_OSERR);
 		}
-		else if (i != sizeof stat || stat.stat_size != sizeof(stat))
+		else if (i != sizeof stats || stats.stat_size != sizeof(stats))
 		{
-			fputs("mailstats: file size changed.\n", stderr);
+			(void) fputs("mailstats: file size changed.\n", stderr);
 			exit(EX_OSERR);
 		}
 	}
 
 	if (progmode)
 	{
-		time(&now);
-		printf("%ld %ld\n", (long) stat.stat_itime, (long) now);
+		(void) time(&now);
+		printf("%ld %ld\n", (long) stats.stat_itime, (long) now);
 	}
 	else
 	{
-		printf("Statistics from %s", ctime(&stat.stat_itime));
+		printf("Statistics from %s", ctime(&stats.stat_itime));
 		printf(" M   msgsfr  bytes_from   msgsto    bytes_to  msgsrej msgsdis%s\n",
 			mnames ? "  Mailer" : "");
 	}
 	for (i = 0; i < MAXMAILERS; i++)
 	{
-		if (stat.stat_nf[i] || stat.stat_nt[i] ||
-		    stat.stat_nr[i] || stat.stat_nd[i])
+		if (stats.stat_nf[i] || stats.stat_nt[i] ||
+		    stats.stat_nr[i] || stats.stat_nd[i])
 		{
 			char *format;
 
@@ -263,34 +277,40 @@ main(argc, argv)
 			else
 				format = "%2d %8ld %10ldK %8ld %10ldK   %6ld  %6ld";
 			printf(format, i,
-			    stat.stat_nf[i], stat.stat_bf[i],
-			    stat.stat_nt[i], stat.stat_bt[i],
-			    stat.stat_nr[i], stat.stat_nd[i]);
+			    stats.stat_nf[i], stats.stat_bf[i],
+			    stats.stat_nt[i], stats.stat_bt[i],
+			    stats.stat_nr[i], stats.stat_nd[i]);
 			if (mnames)
 				printf("  %s", mtable[i]);
 			printf("\n");
-			frmsgs += stat.stat_nf[i];
-			frbytes += stat.stat_bf[i];
-			tomsgs += stat.stat_nt[i];
-			tobytes += stat.stat_bt[i];
-			rejmsgs += stat.stat_nr[i];
-			dismsgs += stat.stat_nd[i];
+			frmsgs += stats.stat_nf[i];
+			frbytes += stats.stat_bf[i];
+			tomsgs += stats.stat_nt[i];
+			tobytes += stats.stat_bt[i];
+			rejmsgs += stats.stat_nr[i];
+			dismsgs += stats.stat_nd[i];
 		}
 	}
 	if (progmode)
 	{
 		printf(" T %8ld %10ld %8ld %10ld   %6ld  %6ld\n",
 		       frmsgs, frbytes, tomsgs, tobytes, rejmsgs, dismsgs);
-		close(fd);
+		printf(" C %8ld %8ld %6ld\n",
+		       stats.stat_cf, stats.stat_ct, stats.stat_cr);
+		(void) close(fd);
 		fd = open(sfile, O_RDWR | O_TRUNC);
 		if (fd >= 0)
-			close(fd);
+			(void) close(fd);
 	}
 	else
 	{
 		printf("=============================================================\n");
 		printf(" T %8ld %10ldK %8ld %10ldK   %6ld  %6ld\n",
 			frmsgs, frbytes, tomsgs, tobytes, rejmsgs, dismsgs);
+		printf(" C %8ld %10s  %8ld %10s    %6ld\n",
+		       stats.stat_cf, "", stats.stat_ct, "", stats.stat_cr);
 	}
 	exit(EX_OK);
+	/* NOTREACHED */
+	return EX_OK;
 }
diff --git a/contrib/sendmail/makemap/Build b/contrib/sendmail/makemap/Build
index ab8a49d..3bb6e85 100755
--- a/contrib/sendmail/makemap/Build
+++ b/contrib/sendmail/makemap/Build
@@ -1,513 +1,13 @@
 #!/bin/sh
 
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
-# Copyright (c) 1993, 1996-1997 Eric P. Allman.  All rights reserved.
-# Copyright (c) 1993
-#	The Regents of the University of California.  All rights reserved.
+# Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
 # the sendmail distribution.
 #
 #
-#       @(#)Build	8.93 (Berkeley) 6/24/98
-#
-
-#
-#  A quick-and-dirty script to compile sendmail and related programs
-#  in the presence of multiple architectures.  To use, just use
-#  "sh Build".
-#
-
-trap "rm -f $obj/.settings$$; exit" 1 2 3 15
-
-cflag=""
-mflag=""
-sflag=""
-makeargs=""
-libdirs=""
-incdirs=""
-libsrch=""
-siteconfig=""
-EX_USAGE=64
-EX_NOINPUT=66
-EX_UNAVAILABLE=69
-
-while [ ! -z "$1" ]
-do
-	case $1
-	in
-	  -c)	# clean out existing $obj tree
-		cflag=1
-		shift
-		;;
-
-	  -m)	# show Makefile name only
-		mflag=1
-		shift
-		;;
-
-	  -E*)	# environment variables to pass into Build
-		arg=`echo $1 | sed 's/^-E//'`
-		if [ -z "$arg" ]
-		then
-		    shift   # move to argument
-		    arg=$1
-		fi
-		if [ -z "$arg" ]
-		then
-			echo "Empty -E flag" >&2
-			exit $EX_USAGE
-		else
-			case $arg
-			in
-			  *=*)	# check format
-				eval $arg
-				export `echo $arg | sed 's;=.*;;'`
-				;;
-			  *)	# bad format
-				echo "Bad format for -E argument ($arg)" >&2
-				exit $EX_USAGE
-				;;
-			esac
-			shift
-		fi
-		;;
-
-	  -L*)	# set up LIBDIRS
-		libdirs="$libdirs $1"
-		shift
-		;;
-
-	  -I*)	# set up INCDIRS
-		incdirs="$incdirs $1"
-		shift
-		;;
-
-	  -f*)	# select site config file
-		arg=`echo $1 | sed 's/^-f//'`
-		if [ -z "$arg" ]
-		then
-		    shift   # move to argument
-		    arg=$1
-		fi
-		if [ "$siteconfig" ]
-		then
-			echo "Only one -f flag allowed" >&2
-			exit $EX_USAGE
-		else
-			siteconfig=$arg
-			if [ -z "$siteconfig" ]
-			then
-				echo "Missing argument for -f flag" >&2
-				exit $EX_USAGE
-			elif [ ! -f "$siteconfig" ]
-			then
-				echo "${siteconfig}: File not found"
-				exit $EX_NOINPUT
-			else
-				shift	# move past argument
-			fi
-		fi
-		;;
-
-	  -S)	# skip auto-configure
-		sflag="-s"
-		shift
-		;;
-
-	  *)	# pass argument to make
-		makeargs="$makeargs \"$1\""
-		shift
-		;;
-	esac
-done
-
-#
-#  Do heuristic guesses !ONLY! for machines that do not have uname
-#
-if [ -d /NextApps -a ! -f /bin/uname -a ! -f /usr/bin/uname ]
-then
-	# probably a NeXT box
-	arch=`hostinfo | sed -n 's/.*Processor type: \([^ ]*\).*/\1/p'`
-	os=NeXT
-	rel=`hostinfo | sed -n 's/.*NeXT Mach \([0-9\.]*\).*/\1/p'`
-elif [ -f /usr/sony/bin/machine -a -f /etc/osversion ]
-then
-	# probably a Sony NEWS 4.x
-	os=NEWS-OS
-	rel=`awk '{ print $3}' /etc/osversion`
-	arch=`/usr/sony/bin/machine`
-elif [ -d /usr/omron -a -f /bin/luna ]
-then
-	# probably a Omron LUNA
-	os=LUNA
-	if [ -f /bin/luna1 ] && /bin/luna1
-	then
-		rel=unios-b
-		arch=luna1
-	elif [ -f /bin/luna2 ] && /bin/luna2
-	then
-		rel=Mach
-		arch=luna2
-	elif [ -f /bin/luna88k ] && /bin/luna88k
-	then
-		rel=Mach
-		arch=luna88k
-	fi
-elif [ -d /usr/apollo -a -d \`node_data ]
-then
-	# probably a Apollo/DOMAIN
-	os=DomainOS
-	arch=$ISP
-	rel=`/usr/apollo/bin/bldt | grep Domain | awk '{ print $4 }' | sed -e 's/,//g'`
-fi
-
-if [ ! "$arch" -a ! "$os" -a ! "$rel" ]
-then
-	arch=`uname -m | sed -e 's/ //g'`
-	os=`uname -s | sed -e 's/\//-/g' -e 's/ //g'`
-	rel=`uname -r | sed -e 's/(/-/g' -e 's/)//g'`
-fi
-
-#
-#  Tweak the values we have already got.  PLEASE LIMIT THESE to
-#  tweaks that are absolutely necessary because your system uname
-#  routine doesn't return something sufficiently unique.  Don't do
-#  it just because you don't like the name that is returned.  You
-#  can combine the architecture name with the os name to create a
-#  unique Makefile name.
-#
-
-# tweak machine architecture
-case $arch
-in
-  sun4*)	arch=sun4;;
-
-  9000/*)	arch=`echo $arch | sed -e 's/9000.//' -e 's/..$/xx/'`;;
-
-  DS/907000)	arch=ds90;;
-
-  NILE*)	arch=NILE
-		os=`uname -v`;;
-esac
-
-# tweak operating system type and release
-node=`uname -n | sed -e 's/\//-/g' -e 's/ //g'`
-if [ "$os" = "$node" -a "$arch" = "i386" -a "$rel" = 3.2 -a "`uname -v`" = 2 ]
-then
-	# old versions of SCO UNIX set uname -s the same as uname -n
-	os=SCO_SV
-fi
-if [ "$rel" = 4.0 ]
-then
-	case $arch in
-	  3[34]??|3[34]??,*)
-		if [ -d /usr/sadm/sysadm/add-ons/WIN-TCP ]
-		then
-			os=NCR.MP-RAS.2.x
-		elif [ -d /usr/sadm/sysadm/add-ons/inet ]
-		then
-			os=NCR.MP-RAS.3.x
-		fi
-		;;
-	esac
-fi
-
-case $os
-in
-  DYNIX-ptx)	os=PTX;;
-  Paragon*)	os=Paragon;;
-  HP-UX)	rel=`echo $rel | sed -e 's/^[^.]*\.0*//'`;;
-  AIX)		rela=$rel
-		rel=`uname -v`
-		case $rel in
-		  2)	arch=""
-			;;
-		  4)	if [ "$rela" = "3" ]
-			then
-				arch=$rela
-			fi
-			;;
-		esac
-		rel=$rel.$rela
-		;;
-  BSD-386)	os=BSD-OS;;
-  SCO_SV)	os=SCO; rel=`uname -X | sed -n 's/Release = 3.2v//p'`;;
-  UNIX_System_V) if [ "$arch" = "ds90" ]
-		then
-			os="UXPDS"
-			rel=`uname -v | sed -e 's/\(V.*\)L.*/\1/'`
-		fi;;
-  SINIX-?)	os=SINIX;;
-  DomainOS)	case $rel in
-		  10.4*)	rel=10.4;;
-		esac
-		;;
-esac
-
-# get "base part" of operating system release
-rroot=`echo $rel | sed -e 's/\.[^.]*$//'`
-rbase=`echo $rel | sed -e 's/\..*//'`
-if [ "$rroot" = "$rbase" ]
-then
-	rroot=$rel
-fi
-
-# heuristic tweaks to clean up names -- PLEASE LIMIT THESE!
-if [ "$os" = "unix" ]
-then
-	# might be Altos System V
-	case $rel
-	in
-	  5.3*)		os=Altos;;
-	esac
-elif [ -r /unix -a -r /usr/lib/libseq.a -a -r /lib/cpp ]
-then
-	# might be a DYNIX/ptx 2.x system, which has a broken uname
-	if strings /lib/cpp | grep _SEQUENT_ > /dev/null
-	then
-		os=PTX
-	fi
-elif [ -d /usr/nec ]
-then
-	# NEC machine -- what is it running?
-	if [ "$os" = "UNIX_System_V" ]
-	then
-		os=EWS-UX_V
-	elif [ "$os" = "UNIX_SV" ]
-	then
-		os=UX4800
-	fi
-elif [ "$arch" = "mips" ]
-then
-	case $rel
-	in
-	  4_*)
-		if [ `uname -v` = "UMIPS" ]
-		then
-			os=RISCos
-		fi;;
-	esac
-fi
-
-# see if there is a "user suffix" specified
-if [ "${SENDMAIL_SUFFIX-}x" = "x" ]
-then
-	sfx=""
-else
-	sfx=".${SENDMAIL_SUFFIX}"
-fi
-
-echo "Configuration: os=$os, rel=$rel, rbase=$rbase, rroot=$rroot, arch=$arch, sfx=$sfx"
-
-
-SMROOT=${SMROOT-..}
-BUILDTOOLS=${BUILDTOOLS-$SMROOT/BuildTools}
-export SMROOT BUILDTOOLS
-
-# see if we are in a Build-able directory
-if [ ! -f Makefile.m4 ]; then
-	echo "Makefile.m4 not found.  Build can only be run from a source directory."
-	exit $EX_UNAVAILABLE
-fi
-
-# now try to find a reasonable object directory
-if [ -r obj.$os.$rel.$arch$sfx ]; then
-	obj=obj.$os.$rel.$arch$sfx
-elif [ -r obj.$os.$rroot.$arch$sfx ]; then
-	obj=obj.$os.$rroot.$arch$sfx
-elif [ -r obj.$os.$rbase.x.$arch$sfx ]; then
-	obj=obj.$os.$rbase.x.$arch$sfx
-elif [ -r obj.$os.$rel$sfx ]; then
-	obj=obj.$os.$rel$sfx
-elif [ -r obj.$os.$rbase.x$sfx ]; then
-	obj=obj.$os.$rbase.x$sfx
-elif [ -r obj.$os.$arch$sfx ]; then
-	obj=obj.$os.$arch$sfx
-elif [ -r obj.$rel.$arch$sfx ]; then
-	obj=obj.$rel.$arch$sfx
-elif [ -r obj.$rbase.x.$arch$sfx ]; then
-	obj=obj.$rbase.x.$arch$sfx
-elif [ -r obj.$os$sfx ]; then
-	obj=obj.$os$sfx
-elif [ -r obj.$arch$sfx ]; then
-	obj=obj.$arch$sfx
-elif [ -r obj.$rel$sfx ]; then
-	obj=obj.$rel$sfx
-elif [ -r obj$sfx ]; then
-	obj=obj$sfx
-fi
-if [ -z "$obj" -o "$cflag" ]
-then
-	if [ -n "$obj" ]
-	then
-		echo "Clearing out existing $obj tree"
-		rm -rf $obj
-	else
-		# no existing obj directory -- try to create one if Makefile found
-		obj=obj.$os.$rel.$arch$sfx
-	fi
-	if [ -r $BUILDTOOLS/OS/$os.$rel.$arch$sfx ]; then
-		oscf=$os.$rel.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rel.$arch ]; then
-		oscf=$os.$rel.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot.$arch$sfx ]; then
-		oscf=$os.$rroot.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot.$arch ]; then
-		oscf=$os.$rroot.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x.$arch$sfx ]; then
-		oscf=$os.$rbase.x.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x.$arch ]; then
-		oscf=$os.$rbase.x.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rel$sfx ]; then
-		oscf=$os.$rel$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rel ]; then
-		oscf=$os.$rel
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot$sfx ]; then
-		oscf=$os.$rroot$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot ]; then
-		oscf=$os.$rroot
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x$sfx ]; then
-		oscf=$os.$rbase.x$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x ]; then
-		oscf=$os.$rbase.x
-	elif [ -r $BUILDTOOLS/OS/$os.$arch$sfx ]; then
-		oscf=$os.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$arch ]; then
-		oscf=$os.$arch
-	elif [ -r $BUILDTOOLS/OS/$rel.$arch$sfx ]; then
-		oscf=$rel.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rel.$arch ]; then
-		oscf=$rel.$arch
-	elif [ -r $BUILDTOOLS/OS/$rroot.$arch$sfx ]; then
-		oscf=$rroot.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rroot.$arch ]; then
-		oscf=$rroot.$arch
-	elif [ -r $BUILDTOOLS/OS/$rbase.x.$arch$sfx ]; then
-		oscf=$rbase.x.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rbase.x.$arch ]; then
-		oscf=$rbase.x.$arch
-	elif [ -r $BUILDTOOLS/OS/$os$sfx ]; then
-		oscf=$os$sfx
-	elif [ -r $BUILDTOOLS/OS/$os ]; then
-		oscf=$os
-	elif [ -r $BUILDTOOLS/OS/$arch$sfx ]; then
-		oscf=$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$arch ]; then
-		oscf=$arch
-	elif [ -r $BUILDTOOLS/OS/$rel$sfx ]; then
-		oscf=$rel$sfx
-	elif [ -r $BUILDTOOLS/OS/$rel ]; then
-		oscf=$rel
-	elif [ -r $BUILDTOOLS/OS/$rel$sfx ]; then
-		oscf=$rel$sfx
-	else
-		echo "Cannot determine how to support $arch.$os.$rel" >&2
-		exit $EX_UNAVAILABLE
-	fi
-	M4=`sh $BUILDTOOLS/bin/find_m4.sh`
-	ret=$?
-	if [ $ret -ne 0 ]
-	then
-		exit $ret
-	fi
-	echo "Using M4=$M4"
-	export M4
-	if [ "$mflag" ]
-	then
-		echo "Will run in virgin $obj using $BUILDTOOLS/OS/$oscf"
-		exit 0
-	fi
-	if [ "$ABI" ]
-	then
-		echo "Using ABI $ABI"
-	fi
-	echo "Creating $obj using $BUILDTOOLS/OS/$oscf"
-	mkdir $obj
-	(cd $obj; ln -s ../*.[ch158] .)
-	if [ -f sendmail.hf ]
-	then
-		(cd $obj; ln -s ../sendmail.hf .)
-	fi
-
-	rm -f $obj/.settings$$
-	echo 'divert(-1)' > $obj/.settings$$
-	cat $BUILDTOOLS/M4/header.m4 >> $obj/.settings$$
-	if [ "$ABI" ]
-	then
-		echo "define(\`confABI', \`$ABI')" >> $obj/.settings$$
-	fi
-	cat $BUILDTOOLS/OS/$oscf >> $obj/.settings$$
-
-	if [ -z "$siteconfig" ]
-	then
-		# none specified, use defaults
-		if [ -f $BUILDTOOLS/Site/site.$oscf$sfx.m4 ]
-		then
-			siteconfig=$BUILDTOOLS/Site/site.$oscf$sfx.m4
-		elif [ -f $BUILDTOOLS/Site/site.$oscf.m4 ]
-		then
-			siteconfig=$BUILDTOOLS/Site/site.$oscf.m4
-		fi
-		if [ -f $BUILDTOOLS/Site/site.config.m4 ]
-		then
-			siteconfig="$BUILDTOOLS/Site/site.config.m4 $siteconfig"
-		fi
-	fi
-	if [ ! -z "$siteconfig" ]
-	then
-		echo "Including $siteconfig"
-		cat $siteconfig >> $obj/.settings$$
-	fi
-	if [ "$libdirs" ]
-	then
-		echo "define(\`confLIBDIRS', confLIBDIRS \`\`$libdirs'')" >> $obj/.settings$$
-	fi
-	if [ "$incdirs" ]
-	then
-		echo "define(\`confINCDIRS', confINCDIRS \`\`$incdirs'')" >> $obj/.settings$$
-	fi
-	echo 'divert(0)dnl' >> $obj/.settings$$
-	libdirs=`(cat $obj/.settings$$; echo "_SRIDBIL_= confLIBDIRS" ) | \
-		sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
-		grep "^_SRIDBIL_=" | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_SRIDBIL_=//"`
-	libsrch=`(cat $obj/.settings$$; echo "_HCRSBIL_= confLIBSEARCH" ) | \
-		sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
-		grep "^_HCRSBIL_=" | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_HCRSBIL_=//"`
-	echo 'divert(-1)' >> $obj/.settings$$
-	LIBDIRS="$libdirs" LIBSRCH="$libsrch" SITECONFIG="$siteconfig" sh $BUILDTOOLS/bin/configure.sh $sflag $oscf >> $obj/.settings$$
-	echo 'divert(0)dnl' >> $obj/.settings$$
-	sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' $obj/.settings$$ | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - Makefile.m4 | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' > $obj/Makefile
-	if [ $? -ne 0 -o ! -s $obj/Makefile ]
-	then
-		echo "ERROR: ${M4} failed; You may need a newer version of M4, at least as new as System V or GNU" 1>&2
-		rm -rf $obj
-		exit $EX_UNAVAILABLE
-	fi
-	rm -f $obj/.settings$$
-	echo "Making dependencies in $obj"
-	(cd $obj; ${MAKE-make} depend)
-fi
-
-if [ "$mflag" ]
-then
-	makefile=`ls -l $obj/Makefile | sed 's/.* //'`
-	if [ -z "$makefile" ]
-	then
-		echo "ERROR: $obj exists but has no Makefile" >&2
-		exit $EX_NOINPUT
-	fi
-	echo "Will run in existing $obj using $makefile"
-	exit 0
-fi
+#	$Id: Build,v 8.4 1999/03/02 02:33:50 peterh Exp $
 
-echo "Making in $obj"
-cd $obj
-eval exec ${MAKE-make} $makeargs
+exec ../devtools/bin/Build $*
diff --git a/contrib/sendmail/makemap/Makefile b/contrib/sendmail/makemap/Makefile
new file mode 100644
index 0000000..a6960c1
--- /dev/null
+++ b/contrib/sendmail/makemap/Makefile
@@ -0,0 +1,17 @@
+#       $Id: Makefile,v 8.7 1999/09/23 22:36:37 ca Exp $
+
+SHELL= /bin/sh
+BUILD=   ./Build
+OPTIONS= $(CONFIG) $(FLAGS)
+
+all: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+clean: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+install: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+
+fresh: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) -c
+
+FRC:
diff --git a/contrib/sendmail/makemap/Makefile.m4 b/contrib/sendmail/makemap/Makefile.m4
index 983ffdf..4077239 100644
--- a/contrib/sendmail/makemap/Makefile.m4
+++ b/contrib/sendmail/makemap/Makefile.m4
@@ -1,110 +1,20 @@
-#
-#  This Makefile is designed to work on the old "make" program.
-#
-#	@(#)Makefile.m4	8.21	(Berkeley)	7/12/1998
-#
-
-# C compiler
-CC=	confCC
-
-# Shell
-SHELL=	confSHELL
-
-# use O=-O (usual) or O=-g (debugging)
-O=	ifdef(`confOPTIMIZE', `confOPTIMIZE', `-O')
-
-# location of sendmail source directory
-SRCDIR=	ifdef(`confSRCDIR', `confSRCDIR', `../../src')
-
-# define the database mechanisms available for map & alias lookups:
-#	-DNDBM -- use new DBM
-#	-DNEWDB -- use new Berkeley DB
-# The really old (V7) DBM library is no longer supported.
-#
-MAPDEF=	ifdef(`confMAPDEF', `confMAPDEF')
-
-# environment definitions (e.g., -D_AIX3)
-ENVDEF= -DNOT_SENDMAIL ifdef(`confENVDEF', `confENVDEF')
-
-# see also conf.h for additional compilation flags
-
-# include directories
-INCDIRS=-I${SRCDIR} confINCDIRS
-
-# loader options
-LDOPTS=	ifdef(`confLDOPTS', `confLDOPTS')
-
-# library directories
-LIBDIRS=confLIBDIRS
-
-# libraries required on your system
-LIBS=	ifdef(`confLIBS', `confLIBS')
-
-# location of makemap binary (usually /usr/sbin or /usr/etc)
-SBINDIR=${DESTDIR}ifdef(`confSBINDIR', `confSBINDIR', `/usr/sbin')
-
-# additional .o files needed
-OBJADD=	ifdef(`confOBJADD', `confOBJADD')
-
-undivert(1)
-
-###################  end of user configuration flags  ######################
-
-BUILDBIN=confBUILDBIN
-COPTS=	-I. ${INCDIRS} ${MAPDEF} ${ENVDEF}
-CFLAGS=	$O ${COPTS}
-
-BEFORE=	confBEFORE safefile.c snprintf.c
-OBJS=	makemap.o safefile.o snprintf.o ${OBJADD}
-
-NROFF=	ifdef(`confNROFF', `confNROFF', `groff -Tascii')
-MANDOC=	ifdef(`confMANDOC', `confMANDOC', `-mandoc')
-
-INSTALL=ifdef(`confINSTALL', `confINSTALL', `install')
-BINOWN=	ifdef(`confUBINOWN', `confUBINOWN', `bin')
-BINGRP=	ifdef(`confUBINGRP', `confUBINGRP', `bin')
-BINMODE=ifdef(`confUBINMODE', `confUBINMODE', `555')
-
-MANOWN=	ifdef(`confMANOWN', `confMANOWN', `bin')
-MANGRP=	ifdef(`confMANGRP', `confMANGRP', `bin')
-MANMODE=ifdef(`confMANMODE', `confMANMODE', `444')
-
-MANROOT=${DESTDIR}ifdef(`confMANROOT', `confMANROOT', `/usr/share/man/cat')
-MAN8=	${MANROOT}ifdef(`confMAN8', `confMAN8', `8')
-MAN8EXT=ifdef(`confMAN8EXT', `confMAN8EXT', `8')
-MAN8SRC=ifdef(`confMAN8SRC', `confMAN8SRC', `0')
-
-ALL=	makemap makemap.${MAN8SRC}
-
-all: ${ALL}
-
-makemap: ${BEFORE} ${OBJS}
-	${CC} -o makemap ${LDOPTS} ${OBJS} ${LIBDIRS} ${LIBS}
-
-safefile.c: ${SRCDIR}/safefile.c
-	-ln -s ${SRCDIR}/safefile.c safefile.c
-
-snprintf.c: ${SRCDIR}/snprintf.c
-	-ln -s ${SRCDIR}/snprintf.c snprintf.c
-
-undivert(3)
-
-makemap.${MAN8SRC}: makemap.8
-	${NROFF} ${MANDOC} makemap.8 > makemap.${MAN8SRC}
-
-install: install-makemap install-docs
-
-install-makemap: makemap
-	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} makemap ${SBINDIR}
-
-install-docs: makemap.${MAN8SRC}
-ifdef(`confNO_MAN_INSTALL', `dnl',
-`	${INSTALL} -c -o ${MANOWN} -g ${MANGRP} -m ${MANMODE} makemap.${MAN8SRC} ${MAN8}/makemap.${MAN8EXT}')
-
-clean:
-	rm -f ${OBJS} makemap makemap.${MAN8SRC}
-
-################  Dependency scripts
-include(confBUILDTOOLSDIR/M4/depend/ifdef(`confDEPEND_TYPE', `confDEPEND_TYPE', 
-`generic').m4)dnl
-################  End of dependency scripts
+include(confBUILDTOOLSDIR`/M4/switch.m4')
+
+# sendmail dir
+SMSRCDIR=	ifdef(`confSMSRCDIR', `confSMSRCDIR', `${SRCDIR}/sendmail')
+PREPENDDEF(`confENVDEF', `confMAPDEF')
+PREPENDDEF(`confINCDIRS', `-I${SMSRCDIR} ')
+
+bldPRODUCT_START(`executable', `makemap')
+define(`bldSOURCES', `makemap.c ')
+define(`bldINSTALL_DIR', `S')
+bldPUSH_SMLIB(`smutil')
+bldPUSH_SMLIB(`smdb')
+APPENDDEF(`confENVDEF', `-DNOT_SENDMAIL')
+bldPRODUCT_END
+
+bldPRODUCT_START(`manpage', `makemap')
+define(`bldSOURCES', `makemap.8')
+bldPRODUCT_END
+
+bldFINISH
diff --git a/contrib/sendmail/makemap/makemap.8 b/contrib/sendmail/makemap/makemap.8
index 81f53a8..9f72208 100644
--- a/contrib/sendmail/makemap/makemap.8
+++ b/contrib/sendmail/makemap/makemap.8
@@ -1,4 +1,5 @@
-.\" Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+.\" Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+.\"	 All rights reserved.
 .\" Copyright (c) 1988, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
 .\"
@@ -7,121 +8,144 @@
 .\" the sendmail distribution.
 .\"
 .\"
-.\"     @(#)makemap.8	8.12 (Berkeley) 11/13/1998
+.\"     $Id: makemap.8,v 8.21.16.1 2000/05/10 20:31:35 ca Exp $
 .\"
-.Dd November 16, 1992
-.Dt MAKEMAP 8
-.Os BSD 4.4
-.Sh NAME
-.Nm makemap
-.Nd create database maps for sendmail
-.Sh SYNOPSIS
-.Nm
-.Op Fl N
-.if \nP .Op Fl c Ar cachesize
-.Op Fl d
-.Op Fl f
-.if \nP .Op Fl l
-.Op Fl o
-.Op Fl r
-.Op Fl s
-.Op Fl v
-.Ar maptype
-.Ar mapname
-.Sh DESCRIPTION
-.Nm
+.TH MAKEMAP 8 "November 16, 1992"
+.SH NAME
+.B makemap
+\- create database maps for sendmail
+.SH SYNOPSIS
+.B makemap
+.RB [ \-C
+.IR file ]
+.RB [ \-N ]
+.RB [ \-c
+.IR cachesize ]
+.RB [ \-d ]
+.RB [ \-e ]
+.RB [ \-f ]
+.RB [ \-l ]
+.RB [ \-o ]
+.RB [ \-r ]
+.RB [ \-s ]
+.RB [ \-u ]
+.RB [ \-v ]
+.I 
+maptype mapnam
+.SH DESCRIPTION
+.B Makemap
 creates the database maps used by the keyed map lookups in
-.Xr sendmail 8 .
+sendmail(8).  
 It reads input from the standard input
 and outputs them to the indicated
-.Ar mapname .
-.Pp
+.I mapname.
+.PP
 Depending on how it is compiled,
-.Nm
-handles up to three different database formats,
+.B makemap
+handles up to three different database formats, 
 selected using the
-.Ar maptype
-parameter.
+.I maptype
+parameter.  
 They may be
-.Bl -tag -width Fl
-.It Li dbm
-DBM format maps.
-This requires the
-.Xr ndbm 3
+.TP
+dbm
+DBM format maps.  
+This requires the 
+ndbm(3) 
 library.
-.It Li btree
-B-Tree format maps.
-This requires the new Berkeley DB
+.TP
+btree
+B-Tree format maps.  
+This requires the new Berkeley DB 
 library.
-.It Li hash
-Hash format maps.
-This also requires the Berkeley DB
+.TP
+hash
+Hash format maps.  
+This also requires the Berkeley DB 
 library.
-.El
-.Pp
+.PP
 In all cases,
-.Nm
-reads lines from the standard input consisting of two
-words separated by white space.
-The first is the database key,
-the second is the value.
-The value may contain
-``%\fIn\fP''
-strings to indicated parameter substitution.
-Literal percents should be doubled
+.B makemap
+reads lines from the standard input consisting of two 
+words separated by white space.  
+The first is the database key, 
+the second is the value.  
+The value may contain 
+``%\fIn\fP'' 
+strings to indicate parameter substitution.  
+Literal percents should be doubled 
 (``%%'').
 Blank lines and lines beginning with ``#'' are ignored.
-.Ss Flags
-.Bl -tag -width Fl
-.It Fl N
-Include the null byte that terminates strings
-in the map.
-This must match the \-N flag in the sendmail.cf
+.PP
+If the
+.I TrustedUser
+option is set in the sendmail configuration file and
+.B makemap
+is invoked as root, the generated files will be owned by 
+the specified
+.IR TrustedUser.
+.SS Flags
+.TP  
+.B \-C
+Use the specified sendmail configuration file for 
+looking up the TrustedUser option.
+.TP 
+.B \-N
+Include the null byte that terminates strings 
+in the map.  
+This must match the \-N flag in the sendmail.cf 
 ``K'' line.
-.if \nP \
-\{\
-.It Fl c
+.TP
+.B \-c
 Use the specified hash and B-Tree cache size.
-.\}
-.It Fl d
-Allow duplicate keys in the map.
-This is only allowed on B-Tree format maps.
-If two identical keys are read,
+.TP
+.B \-d
+Allow duplicate keys in the map.  
+This is only allowed on B-Tree format maps.  
+If two identical keys are read, 
 they will both be inserted into the map.
-.It Fl f
-Normally all upper case letters in the key
-are folded to lower case.
-This flag disables that behaviour.
-This is intended to mesh with the
-\-f flag in the
-\fBK\fP
-line in sendmail.cf.
+.TP
+.B \-e
+Allow empty value (right hand side).
+.TP
+.B \-f
+Normally all upper case letters in the key 
+are folded to lower case.  
+This flag disables that behaviour.  
+This is intended to mesh with the 
+\-f flag in the 
+.B K 
+line in sendmail.cf.  
 The value is never case folded.
-.if \nP \
-\{\
-.It Fl l
+.TP
+.B \-l
 List supported map types.
-.\}
-.It Fl o
-Append to an old file.
+.TP
+.B \-o
+Append to an old file.  
 This allows you to augment an existing file.
-.It Fl r
-Allow replacement of existing keys.
+.TP
+.B \-r
+Allow replacement of existing keys.  
 Normally
-.Nm
-complains if you repeat a key,
+.B makemap
+complains if you repeat a key, 
 and does not do the insert.
-.It Fl s
-Ignore safety checks on maps being created.
-This includes checking for hard or symbolic
+.TP
+.B \-s
+Ignore safety checks on maps being created.  
+This includes checking for hard or symbolic 
 links in world writable directories.
-.It Fl v
+.TP
+.B \-u
+dump (unmap) the content of the database to standard output.
+.TP
+.B \-v
 Verbosely print what it is doing.
-.El
-.Sh SEE ALSO
-.Xr sendmail 8
-.Sh HISTORY
+.SH SEE ALSO
+sendmail(8)
+.SH HISTORY
 The
-.Nm
-command appeared in
-.Bx 4.4 .
+.B makemap
+command appeared in 
+4.4BSD.
diff --git a/contrib/sendmail/makemap/makemap.c b/contrib/sendmail/makemap/makemap.c
index aaaba32..13a397e 100644
--- a/contrib/sendmail/makemap/makemap.c
+++ b/contrib/sendmail/makemap/makemap.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1992 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1992, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,44 +12,33 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)makemap.c	8.71 (Berkeley) 11/29/1998";
-#endif /* not lint */
+static char copyright[] =
+"@(#) Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.\n\
+	All rights reserved.\n\
+     Copyright (c) 1992 Eric P. Allman.  All rights reserved.\n\
+     Copyright (c) 1992, 1993\n\
+	The Regents of the University of California.  All rights reserved.\n";
+#endif /* ! lint */
+
+#ifndef lint
+static char id[] = "@(#)$Id: makemap.c,v 8.135.4.10 2000/07/18 05:41:39 gshapiro Exp $";
+#endif /* ! lint */
+
 
 #include <sys/types.h>
-#include <sys/errno.h>
 #ifndef ISC_UNIX
 # include <sys/file.h>
-#endif
-#include "sendmail.h"
-#include "pathnames.h"
-
-#ifdef NDBM
-# include <ndbm.h>
-#endif
-
-#ifdef NEWDB
-# include <db.h>
-# ifndef DB_VERSION_MAJOR
-#  define DB_VERSION_MAJOR 1
-# endif
-#endif
-
-enum type { T_DBM, T_BTREE, T_HASH, T_ERR, T_UNKNOWN };
-
-union dbent
-{
-#ifdef NDBM
-	datum	dbm;
-#endif
-#ifdef NEWDB
-	DBT	db;
-#endif
-	struct
-	{
-		char	*data;
-		size_t	size;
-	} xx;
-};
+#endif /* ! ISC_UNIX */
+#include <ctype.h>
+#include <stdlib.h>
+#include <unistd.h>
+#ifdef EX_OK
+# undef EX_OK		/* unistd.h may have another use for this */
+#endif /* EX_OK */
+#include <sysexits.h>
+#include <sendmail/sendmail.h>
+#include <sendmail/pathnames.h>
+#include <libsmdb/smdb.h>
 
 uid_t	RealUid;
 gid_t	RealGid;
@@ -58,11 +48,32 @@ uid_t	RunAsGid;
 char	*RunAsUserName;
 int	Verbose = 2;
 bool	DontInitGroups = FALSE;
-long	DontBlameSendmail = DBS_SAFE;
-u_char	tTdvect[100];
 uid_t	TrustedUid = 0;
+BITMAP256 DontBlameSendmail;
 
 #define BUFSIZE		1024
+#if _FFR_DELIM
+# define ISSEP(c) ((sep == '\0' && isascii(c) && isspace(c)) || (c) == sep)
+#else /* _FFR_DELIM */
+# define ISSEP(c) (isascii(c) && isspace(c))
+#endif /* _FFR_DELIM */
+
+
+static void
+usage(progname)
+	char *progname;
+{
+	fprintf(stderr,
+		"Usage: %s [-C cffile] [-N] [-c cachesize] [-d] [-e] [-f] [-l] [-o] [-r] [-s] %s[-u] [-v] type mapname\n",
+		progname,
+#if _FFR_DELIM
+		"[-t  delimiter] "
+#else /* _FFR_DELIM */
+		""
+#endif /* _FFR_DELIM */
+		);
+	exit(EX_USAGE);
+}
 
 int
 main(argc, argv)
@@ -74,86 +85,66 @@ main(argc, argv)
 	bool inclnull = FALSE;
 	bool notrunc = FALSE;
 	bool allowreplace = FALSE;
-	bool allowdups = FALSE;
+	bool allowempty = FALSE;
 	bool verbose = FALSE;
 	bool foldcase = TRUE;
+	bool unmake = FALSE;
+#if _FFR_DELIM
+	char sep = '\0';
+#endif /* _FFR_DELIM */
 	int exitstat;
 	int opt;
 	char *typename = NULL;
 	char *mapname = NULL;
-	char *ext = NULL;
 	int lineno;
 	int st;
 	int mode;
+	int smode;
 	int putflags = 0;
-#ifdef NEWDB
-	long dbcachesize = 1024 * 1024;
-#endif
-	enum type type;
-#if !O_EXLOCK
-	int fd;
-#endif
-	int sff = SFF_ROOTOK|SFF_REGONLY;
+	long sff = SFF_ROOTOK|SFF_REGONLY;
 	struct passwd *pw;
-	union
-	{
-#ifdef NDBM
-		DBM	*dbm;
-#endif
-#ifdef NEWDB
-		DB	*db;
-#endif
-		void	*dbx;
-	} dbp;
-	union dbent key, val;
-#ifdef NEWDB
-# if DB_VERSION_MAJOR < 2
-	BTREEINFO bti;
-	HASHINFO hinfo;
-# else
-	DB_INFO dbinfo;
-# endif
-#endif
+	SMDB_DATABASE *database;
+	SMDB_CURSOR *cursor;
+	SMDB_DBENT db_key, db_val;
+	SMDB_DBPARAMS params;
+	SMDB_USER_INFO user_info;
 	char ibuf[BUFSIZE];
-	char fbuf[MAXNAME];
-	char dbuf[MAXNAME];
-#ifdef NDBM
-	char pbuf[MAXNAME];
-#endif
-#if _FFR_TRUSTED_USER
+#if HASFCHOWN
 	FILE *cfp;
 	char buf[MAXLINE];
-#endif
+#endif /* HASFCHOWN */
 	static char rnamebuf[MAXNAME];	/* holds RealUserName */
-	struct stat std;
-#ifdef NDBM
-	struct stat stp;
-#endif
 	extern char *optarg;
 	extern int optind;
 
-	progname = argv[0];
+	memset(&params, '\0', sizeof params);
+	params.smdbp_cache_size = 1024 * 1024;
+
+	progname = strrchr(argv[0], '/');
+	if (progname != NULL)
+		progname++;
+	else
+		progname = argv[0];
 	cfile = _PATH_SENDMAILCF;
 
+	clrbitmap(DontBlameSendmail);
 	RunAsUid = RealUid = getuid();
 	RunAsGid = RealGid = getgid();
 	pw = getpwuid(RealUid);
 	if (pw != NULL)
-	{
-		if (strlen(pw->pw_name) > MAXNAME - 1)
-			pw->pw_name[MAXNAME] = 0;
-		sprintf(rnamebuf, "%s", pw->pw_name);
-	}
+		(void) strlcpy(rnamebuf, pw->pw_name, sizeof rnamebuf);
 	else
-		sprintf(rnamebuf, "Unknown UID %d", (int) RealUid);
+		(void) snprintf(rnamebuf, sizeof rnamebuf, "Unknown UID %d",
+				(int) RealUid);
 	RunAsUserName = RealUserName = rnamebuf;
+	user_info.smdbu_id = RunAsUid;
+	user_info.smdbu_group_id = RunAsGid;
+	(void) strlcpy(user_info.smdbu_name, RunAsUserName,
+		       SMDB_MAX_USER_NAME_LEN);
 
-#if _FFR_NEW_MAKEMAP_FLAGS
-#define OPTIONS		"C:Nc:dflorsv"
-#else
-#define OPTIONS		"C:Ndforsv"
-#endif
-	while ((opt = getopt(argc, argv, OPTIONS)) != EOF)
+
+#define OPTIONS		"C:Nc:t:deflorsuv"
+	while ((opt = getopt(argc, argv, OPTIONS)) != -1)
 	{
 		switch (opt)
 		{
@@ -165,34 +156,26 @@ main(argc, argv)
 			inclnull = TRUE;
 			break;
 
-#if _FFR_NEW_MAKEMAP_FLAGS
 		  case 'c':
-# ifdef NEWDB
-			dbcachesize = atol(optarg);
-# endif
+			params.smdbp_cache_size = atol(optarg);
 			break;
-#endif
 
 		  case 'd':
-			allowdups = TRUE;
+			params.smdbp_allow_dup = TRUE;
+			break;
+
+		  case 'e':
+			allowempty = TRUE;
 			break;
 
 		  case 'f':
 			foldcase = FALSE;
 			break;
 
-#if _FFR_NEW_MAKEMAP_FLAGS
 		  case 'l':
-# ifdef NDBM
-			printf("dbm\n");
-# endif
-# ifdef NEWDB
-			printf("hash\n");
-			printf("btree\n");
-# endif
+			smdb_print_available_types();
 			exit(EX_OK);
 			break;
-#endif
 
 		  case 'o':
 			notrunc = TRUE;
@@ -203,7 +186,25 @@ main(argc, argv)
 			break;
 
 		  case 's':
-			DontBlameSendmail |= DBS_MAPINUNSAFEDIRPATH|DBS_WRITEMAPTOHARDLINK|DBS_WRITEMAPTOSYMLINK|DBS_LINKEDMAPINWRITABLEDIR;
+			setbitn(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail);
+			setbitn(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail);
+			setbitn(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail);
+			setbitn(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail);
+			break;
+
+#if _FFR_DELIM
+		  case 't':
+			if (optarg == NULL || *optarg == '\0')
+			{
+				fprintf(stderr, "Invalid separator\n");
+				break;
+			}
+			sep = *optarg;
+			break;
+#endif /* _FFR_DELIM */
+
+		  case 'u':
+			unmake = TRUE;
 			break;
 
 		  case 'v':
@@ -211,51 +212,36 @@ main(argc, argv)
 			break;
 
 		  default:
-			type = T_ERR;
-			break;
+			usage(progname);
+			/* NOTREACHED */
 		}
 	}
 
-	if (!bitset(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail))
+	if (!bitnset(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail))
 		sff |= SFF_NOSLINK;
-        if (!bitset(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail))
+	if (!bitnset(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail))
 		sff |= SFF_NOHLINK;
-	if (!bitset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail))
+	if (!bitnset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail))
 		sff |= SFF_NOWLINK;
 
 	argc -= optind;
 	argv += optind;
 	if (argc != 2)
-		type = T_ERR;
+	{
+		usage(progname);
+		/* NOTREACHED */
+	}
 	else
 	{
 		typename = argv[0];
 		mapname = argv[1];
-		ext = NULL;
-
-		if (strcmp(typename, "dbm") == 0)
-		{
-			type = T_DBM;
-		}
-		else if (strcmp(typename, "btree") == 0)
-		{
-			type = T_BTREE;
-			ext = ".db";
-		}
-		else if (strcmp(typename, "hash") == 0)
-		{
-			type = T_HASH;
-			ext = ".db";
-		}
-		else
-			type = T_UNKNOWN;
 	}
 
-#if _FFR_TRUSTED_USER
+#if HASFCHOWN
+	/* Find TrustedUser value in sendmail.cf */
 	if ((cfp = fopen(cfile, "r")) == NULL)
 	{
-		fprintf(stderr, "mailstats: ");
-		perror(cfile);
+		fprintf(stderr, "makemap: %s: %s", cfile, errstring(errno));
 		exit(EX_NOINPUT);
 	}
 	while (fgets(buf, sizeof(buf), cfp) != NULL)
@@ -281,8 +267,6 @@ main(argc, argv)
 					TrustedUid = atoi(b);
 				else
 				{
-					register struct passwd *pw;
-					
 					TrustedUid = 0;
 					pw = getpwnam(b);
 					if (pw == NULL)
@@ -291,15 +275,17 @@ main(argc, argv)
 					else
 						TrustedUid = pw->pw_uid;
 				}
-				
+
 # ifdef UID_MAX
 				if (TrustedUid > UID_MAX)
 				{
-					syserr("TrustedUser: uid value (%ld) > UID_MAX (%ld)",
-					       TrustedUid, UID_MAX);
+					fprintf(stderr,
+						"TrustedUser: uid value (%ld) > UID_MAX (%ld)",
+						(long) TrustedUid,
+						(long) UID_MAX);
 					TrustedUid = 0;
 				}
-# endif
+# endif /* UID_MAX */
 				break;
 			}
 
@@ -309,470 +295,187 @@ main(argc, argv)
 		}
 	}
 	(void) fclose(cfp);
-#endif
-	switch (type)
+#endif /* HASFCHOWN */
+
+	if (!params.smdbp_allow_dup && !allowreplace)
+		putflags = SMDBF_NO_OVERWRITE;
+
+	if (unmake)
 	{
-	  case T_ERR:
-#if _FFR_NEW_MAKEMAP_FLAGS
-		fprintf(stderr,
-			"Usage: %s [-N] [-c cachesize] [-d] [-f] [-l] [-o] [-r] [-s] [-v] type mapname\n",
-			progname);
-#else
-		fprintf(stderr, "Usage: %s [-N] [-d] [-f] [-o] [-r] [-s] [-v] type mapname\n", progname);
-#endif
-		exit(EX_USAGE);
-
-	  case T_UNKNOWN:
-		fprintf(stderr, "%s: Unknown database type %s\n",
-			progname, typename);
-		exit(EX_USAGE);
-
-#ifndef NDBM
-	  case T_DBM:
-#endif
-#ifndef NEWDB
-	  case T_BTREE:
-	  case T_HASH:
-#endif
-		fprintf(stderr, "%s: Type %s not supported in this version\n",
-			progname, typename);
-		exit(EX_UNAVAILABLE);
-
-#ifdef NEWDB
-	  case T_BTREE:
-# if DB_VERSION_MAJOR < 2
-		bzero(&bti, sizeof bti);
-# else
-		bzero(&dbinfo, sizeof dbinfo);
-# endif
-		if (allowdups)
-		{
-# if DB_VERSION_MAJOR < 2
-			bti.flags |= R_DUP;
-# else
-			dbinfo.flags |= DB_DUP;
-# endif
-		}
-		if (allowdups || allowreplace)
-			putflags = 0;
-		else
-		{
-# if DB_VERSION_MAJOR < 2
-			putflags = R_NOOVERWRITE;
-# else
-			putflags = DB_NOOVERWRITE;
-# endif
-		}
-		break;
-
-	  case T_HASH:
-# if DB_VERSION_MAJOR < 2
-		bzero(&hinfo, sizeof hinfo);
-# else
-		bzero(&dbinfo, sizeof dbinfo);
-# endif
-		if (allowreplace)
-			putflags = 0;
-		else
-		{
-# if DB_VERSION_MAJOR < 2
-			putflags = R_NOOVERWRITE;
-# else
-			putflags = DB_NOOVERWRITE;
-# endif
-		}
-		break;
-#endif
-#ifdef NDBM
-	  case T_DBM:
-		if (allowdups)
+		mode = O_RDONLY;
+		smode = S_IRUSR;
+	}
+	else
+	{
+		mode = O_RDWR;
+		if (!notrunc)
 		{
-			fprintf(stderr, "%s: Type %s does not support -d (allow dups)\n",
-				progname, typename);
-			exit(EX_UNAVAILABLE);
+			mode |= O_CREAT|O_TRUNC;
+			sff |= SFF_CREAT;
 		}
-		if (allowreplace)
-			putflags = DBM_REPLACE;
-		else
-			putflags = DBM_INSERT;
-		break;
-#endif
+		smode = S_IWUSR;
 	}
 
-	/*
-	**  Adjust file names.
-	*/
+	params.smdbp_num_elements = 4096;
 
-	if (ext != NULL)
+	errno = smdb_open_database(&database, mapname, mode, smode, sff,
+				   typename, &user_info, &params);
+	if (errno != SMDBE_OK)
 	{
-		int el, fl;
+		char *hint;
 
-		el = strlen(ext);
-		fl = strlen(mapname);
-		if (el + fl + 1 >= sizeof fbuf)
-		{
-			fprintf(stderr, "%s: file name too long", mapname);
-			exit(EX_USAGE);
-		}
-		if (fl < el || strcmp(&mapname[fl - el], ext) != 0)
-		{
-			strcpy(fbuf, mapname);
-			strcat(fbuf, ext);
-			mapname = fbuf;
-		}
+		if (errno == SMDBE_UNSUPPORTED_DB_TYPE &&
+		    (hint = smdb_db_definition(typename)) != NULL)
+			fprintf(stderr,
+				"%s: Need to recompile with -D%s for %s support\n",
+				progname, hint, typename);
+		else
+			fprintf(stderr,
+				"%s: error opening type %s map %s: %s\n",
+				progname, typename, mapname, errstring(errno));
+		exit(EX_CANTCREAT);
 	}
 
-	if (!notrunc)
-		sff |= SFF_CREAT;
-	switch (type)
+	(void) database->smdb_sync(database, 0);
+
+	if (geteuid() == 0 && TrustedUid != 0)
 	{
-#ifdef NEWDB
-	  case T_BTREE:
-	  case T_HASH:
-		if (strlen(mapname) >= sizeof dbuf)
-		{
-			fprintf(stderr,
-				"%s: map name too long\n", mapname);
-			exit(EX_USAGE);
-		}
-		strcpy(dbuf, mapname);
-		if ((st = safefile(dbuf, RealUid, RealGid, RealUserName,
-				   sff, S_IWUSR, &std)) != 0)
-		{
-			fprintf(stderr,
-				"%s: could not create: %s\n",
-				dbuf, errstring(st));
-			exit(EX_CANTCREAT);
-		}
-		break;
-#endif
-#ifdef NDBM
-	  case T_DBM:
-		if (strlen(mapname) + 5 > sizeof dbuf)
-		{
-			fprintf(stderr,
-				"%s: map name too long\n", mapname);
-			exit(EX_USAGE);
-		}
-		sprintf(dbuf, "%s.dir", mapname);
-		if ((st = safefile(dbuf, RealUid, RealGid, RealUserName,
-			   sff, S_IWUSR, &std)) != 0)
-		{
-			fprintf(stderr,
-				"%s: could not create: %s\n",
-				dbuf, errstring(st));
-			exit(EX_CANTCREAT);
-		}
-		sprintf(pbuf, "%s.pag", mapname);
-		if ((st = safefile(pbuf, RealUid, RealGid, RealUserName,
-			   sff, S_IWUSR, &stp)) != 0)
+		errno = database->smdb_set_owner(database, TrustedUid, -1);
+		if (errno != SMDBE_OK)
 		{
 			fprintf(stderr,
-				"%s: could not create: %s\n",
-				pbuf, errstring(st));
-			exit(EX_CANTCREAT);
+				"WARNING: ownership change on %s failed %s",
+				mapname, errstring(errno));
 		}
-		break;
-#endif
-	  default:
-		fprintf(stderr,
-			"%s: internal error: type %d\n",
-			progname,
-			type);
-		exit(EX_SOFTWARE);
 	}
 
 	/*
-	**  Create the database.
+	**  Copy the data
 	*/
 
-	mode = O_RDWR;
-	if (!notrunc)
-		mode |= O_CREAT|O_TRUNC;
-#if O_EXLOCK
-	mode |= O_EXLOCK;
-#else
-	/* pre-lock the database */
-	fd = safeopen(dbuf, mode & ~O_TRUNC, 0644, sff);
-	if (fd < 0)
-	{
-		fprintf(stderr, "%s: cannot create type %s map %s\n",
-			progname, typename, mapname);
-		exit(EX_CANTCREAT);
-	}
-#endif
-	switch (type)
+	exitstat = EX_OK;
+	if (unmake)
 	{
-#ifdef NDBM
-	  case T_DBM:
-		dbp.dbm = dbm_open(mapname, mode, 0644);
-		if (dbp.dbm != NULL &&
-		    dbm_dirfno(dbp.dbm) == dbm_pagfno(dbp.dbm))
-		{
-			fprintf(stderr, "dbm map %s: cannot run with GDBM\n",
-				mapname);
-			dbm_close(dbp.dbm);
-			exit(EX_CONFIG);
-		}
-		if (dbp.dbm != NULL &&
-		    (filechanged(dbuf, dbm_dirfno(dbp.dbm), &std) ||
-		     filechanged(pbuf, dbm_pagfno(dbp.dbm), &stp)))
+		bool stop;
+		errno = database->smdb_cursor(database, &cursor, 0);
+		if (errno != SMDBE_OK)
 		{
+
 			fprintf(stderr,
-				"dbm map %s: file changed after open\n",
-				mapname);
-			dbm_close(dbp.dbm);
-			exit(EX_CANTCREAT);
+				"%s: cannot make cursor for type %s map %s\n",
+				progname, typename, mapname);
+			exit(EX_SOFTWARE);
 		}
-#if _FFR_TRUSTED_USER
-		if (geteuid() == 0 && TrustedUid != 0)
+
+		memset(&db_key, '\0', sizeof db_key);
+		memset(&db_val, '\0', sizeof db_val);
+
+		for (stop = FALSE, lineno = 0; !stop; lineno++)
 		{
-			if (fchown(dbm_dirfno(dbp.dbm), TrustedUid, -1) < 0 ||
-			    fchown(dbm_pagfno(dbp.dbm), TrustedUid, -1) < 0)
+			errno = cursor->smdbc_get(cursor, &db_key, &db_val,
+						  SMDB_CURSOR_GET_NEXT);
+			if (errno != SMDBE_OK)
 			{
-				fprintf(stderr,
-					"WARNING: ownership change on %s failed: %s",
-					mapname, errstring(errno));
+				stop = TRUE;
 			}
+			if (!stop)
+				printf("%.*s\t%.*s\n",
+				       (int) db_key.data.size,
+				       (char *) db_key.data.data,
+				       (int) db_val.data.size,
+				       (char *)db_val.data.data);
+
 		}
-#endif
-
-		break;
-#endif
-
-#ifdef NEWDB
-	  case T_HASH:
-		/* tweak some parameters for performance */
-# if DB_VERSION_MAJOR < 2
-		hinfo.nelem = 4096;
-		hinfo.cachesize = dbcachesize;
-# else
-		dbinfo.h_nelem = 4096;
-		dbinfo.db_cachesize = dbcachesize;
-# endif
-		
-# if DB_VERSION_MAJOR < 2
-		dbp.db = dbopen(mapname, mode, 0644, DB_HASH, &hinfo);
-# else
-		{
-			int flags = 0;
-			
-			if (bitset(O_CREAT, mode))
-				flags |= DB_CREATE;
-			if (bitset(O_TRUNC, mode))
-				flags |= DB_TRUNCATE;
-			
-			dbp.db = NULL;
-			errno = db_open(mapname, DB_HASH, flags, 0644,
-					NULL, &dbinfo, &dbp.db);
-		}
-# endif
-		if (dbp.db != NULL)
+		(void) cursor->smdbc_close(cursor);
+	}
+	else
+	{
+		lineno = 0;
+		while (fgets(ibuf, sizeof ibuf, stdin) != NULL)
 		{
-			int fd;
-			
-# if DB_VERSION_MAJOR < 2
-			fd = dbp.db->fd(dbp.db);
-# else
-			fd = -1;
-			errno = dbp.db->fd(dbp.db, &fd);
-# endif
-			if (filechanged(dbuf, fd, &std))
+			register char *p;
+
+			lineno++;
+
+			/*
+			**  Parse the line.
+			*/
+
+			p = strchr(ibuf, '\n');
+			if (p != NULL)
+				*p = '\0';
+			else if (!feof(stdin))
 			{
 				fprintf(stderr,
-					"db map %s: file changed after open\n",
-					mapname);
-# if DB_VERSION_MAJOR < 2
-				dbp.db->close(dbp.db);
-# else
-				errno = dbp.db->close(dbp.db, 0);
-# endif
-				exit(EX_CANTCREAT);
+					"%s: %s: line %d: line too long (%ld bytes max)\n",
+					progname, mapname, lineno, (long) sizeof ibuf);
+				exitstat = EX_DATAERR;
+				continue;
 			}
-			(void) (*dbp.db->sync)(dbp.db, 0);
-#if _FFR_TRUSTED_USER
-			if (geteuid() == 0 && TrustedUid != 0)
+
+			if (ibuf[0] == '\0' || ibuf[0] == '#')
+				continue;
+			if (
+#if _FFR_DELIM
+			    sep == '\0' &&
+#endif /* _FFR_DELIM */
+			    isascii(ibuf[0]) && isspace(ibuf[0]))
 			{
-				if (fchown(fd, TrustedUid, -1) < 0)
-				{
-					fprintf(stderr,
-						"WARNING: ownership change on %s failed: %s",
-						mapname, errstring(errno));
-				}
+				fprintf(stderr,
+					"%s: %s: line %d: syntax error (leading space)\n",
+					progname, mapname, lineno);
+				exitstat = EX_DATAERR;
+				continue;
 			}
-#endif
-		}
-		break;
-
-	  case T_BTREE:
-		/* tweak some parameters for performance */
-# if DB_VERSION_MAJOR < 2
-		bti.cachesize = dbcachesize;
-# else
-		dbinfo.db_cachesize = dbcachesize;
-# endif
-
-# if DB_VERSION_MAJOR < 2
-		dbp.db = dbopen(mapname, mode, 0644, DB_BTREE, &bti);
-# else
-		{
-			int flags = 0;
-			
-			if (bitset(O_CREAT, mode))
-				flags |= DB_CREATE;
-			if (bitset(O_TRUNC, mode))
-				flags |= DB_TRUNCATE;
-			
-			dbp.db = NULL;
-			errno = db_open(mapname, DB_BTREE, flags, 0644,
-					NULL, &dbinfo, &dbp.db);
-		}
-# endif
-		if (dbp.db != NULL)
-		{
-			int fd;
-			
-# if DB_VERSION_MAJOR < 2
-			fd = dbp.db->fd(dbp.db);
-# else
-			fd = -1;
-			errno = dbp.db->fd(dbp.db, &fd);
-# endif
-			if (filechanged(dbuf, fd, &std))
+
+			memset(&db_key, '\0', sizeof db_key);
+			memset(&db_val, '\0', sizeof db_val);
+			db_key.data.data = ibuf;
+
+			for (p = ibuf; *p != '\0' && !(ISSEP(*p)); p++)
 			{
-				fprintf(stderr,
-					"db map %s: file changed after open\n",
-					mapname);
-# if DB_VERSION_MAJOR < 2
-				dbp.db->close(dbp.db);
-# else
-				errno = dbp.db->close(dbp.db, 0);
-# endif
-				exit(EX_CANTCREAT);
+				if (foldcase && isascii(*p) && isupper(*p))
+					*p = tolower(*p);
 			}
-			(void) (*dbp.db->sync)(dbp.db, 0);
-#if _FFR_TRUSTED_USER
-			if (geteuid() == 0 && TrustedUid != 0)
+			db_key.data.size = p - ibuf;
+			if (inclnull)
+				db_key.data.size++;
+
+			if (*p != '\0')
+				*p++ = '\0';
+			while (ISSEP(*p))
+				p++;
+			if (!allowempty && *p == '\0')
 			{
-				if (fchown(fd, TrustedUid, -1) < 0)
-				{
-					fprintf(stderr,
-						"WARNING: ownership change on %s failed: %s",
-						mapname, errstring(errno));
-				}
+				fprintf(stderr,
+					"%s: %s: line %d: no RHS for LHS %s\n",
+					progname, mapname, lineno,
+					(char *) db_key.data.data);
+				exitstat = EX_DATAERR;
+				continue;
 			}
-#endif
-		}
-		break;
-#endif
-
-	  default:
-		fprintf(stderr, "%s: internal error: type %d\n",
-			progname, type);
-		exit(EX_SOFTWARE);
-	}
-
-	if (dbp.dbx == NULL)
-	{
-		fprintf(stderr, "%s: cannot open type %s map %s\n",
-			progname, typename, mapname);
-		exit(EX_CANTCREAT);
-	}
-
-	/*
-	**  Copy the data
-	*/
-
-	lineno = 0;
-	exitstat = EX_OK;
-	while (fgets(ibuf, sizeof ibuf, stdin) != NULL)
-	{
-		register char *p;
 
-		lineno++;
+			db_val.data.data = p;
+			db_val.data.size = strlen(p);
+			if (inclnull)
+				db_val.data.size++;
 
-		/*
-		**  Parse the line.
-		*/
+			/*
+			**  Do the database insert.
+			*/
 
-		p = strchr(ibuf, '\n');
-		if (p != NULL)
-			*p = '\0';
-		else if (!feof(stdin))
-		{
-			fprintf(stderr, "%s: %s: line %d: line too long (%ld bytes max)\n",
-				progname, mapname, lineno, (long) sizeof ibuf);
-			continue;
-		}
-			
-		if (ibuf[0] == '\0' || ibuf[0] == '#')
-			continue;
-		if (isascii(ibuf[0]) && isspace(ibuf[0]))
-		{
-			fprintf(stderr, "%s: %s: line %d: syntax error (leading space)\n",
-				progname, mapname, lineno);
-			continue;
-		}
-#ifdef NEWDB
-		if (type == T_HASH || type == T_BTREE)
-		{
-			bzero(&key.db, sizeof key.db);
-			bzero(&val.db, sizeof val.db);
-		}
-#endif
-
-		key.xx.data = ibuf;
-		for (p = ibuf; *p != '\0' && !(isascii(*p) && isspace(*p)); p++)
-		{
-			if (foldcase && isascii(*p) && isupper(*p))
-				*p = tolower(*p);
-		}
-		key.xx.size = p - key.xx.data;
-		if (inclnull)
-			key.xx.size++;
-		if (*p != '\0')
-			*p++ = '\0';
-		while (isascii(*p) && isspace(*p))
-			p++;
-		if (*p == '\0')
-		{
-			fprintf(stderr, "%s: %s: line %d: no RHS for LHS %s\n",
-				progname, mapname, lineno, key.xx.data);
-			continue;
-		}
-		val.xx.data = p;
-		val.xx.size = strlen(p);
-		if (inclnull)
-			val.xx.size++;
-
-		/*
-		**  Do the database insert.
-		*/
-
-		if (verbose)
-		{
-			printf("key=`%s', val=`%s'\n", key.xx.data, val.xx.data);
-		}
+			if (verbose)
+			{
+				printf("key=`%s', val=`%s'\n",
+				       (char *) db_key.data.data,
+				       (char *) db_val.data.data);
+			}
 
-		switch (type)
-		{
-#ifdef NDBM
-		  case T_DBM:
-			st = dbm_store(dbp.dbm, key.dbm, val.dbm, putflags);
-			break;
-#endif
-
-#ifdef NEWDB
-		  case T_BTREE:
-		  case T_HASH:
-# if DB_VERSION_MAJOR < 2
-			st = (*dbp.db->put)(dbp.db, &key.db, &val.db, putflags);
-# else
-			errno = (*dbp.db->put)(dbp.db, NULL, &key.db,
-					       &val.db, putflags);
+			errno = database->smdb_put(database, &db_key, &db_val,
+						   putflags);
 			switch (errno)
 			{
-			  case DB_KEYEXIST:
+			  case SMDBE_KEY_EXIST:
 				st = 1;
 				break;
 
@@ -784,25 +487,24 @@ main(argc, argv)
 				st = -1;
 				break;
 			}
-# endif
-			break;
-#endif
-		  default:
-			break;
-		}
 
-		if (st < 0)
-		{
-			fprintf(stderr, "%s: %s: line %d: key %s: put error\n",
-				progname, mapname, lineno, key.xx.data);
-			perror(mapname);
-			exitstat = EX_IOERR;
-		}
-		else if (st > 0)
-		{
-			fprintf(stderr,
-				"%s: %s: line %d: key %s: duplicate key\n",
-				progname, mapname, lineno, key.xx.data);
+			if (st < 0)
+			{
+				fprintf(stderr,
+					"%s: %s: line %d: key %s: put error: %s\n",
+					progname, mapname, lineno,
+					(char *) db_key.data.data,
+					errstring(errno));
+				exitstat = EX_IOERR;
+			}
+			else if (st > 0)
+			{
+				fprintf(stderr,
+					"%s: %s: line %d: key %s: duplicate key\n",
+					progname, mapname,
+					lineno, (char *) db_key.data.data);
+				exitstat = EX_DATAERR;
+			}
 		}
 	}
 
@@ -810,114 +512,29 @@ main(argc, argv)
 	**  Now close the database.
 	*/
 
-	switch (type)
+	errno = database->smdb_close(database);
+	if (errno != SMDBE_OK)
 	{
-#ifdef NDBM
-	  case T_DBM:
-		dbm_close(dbp.dbm);
-		break;
-#endif
-
-#ifdef NEWDB
-	  case T_HASH:
-	  case T_BTREE:
-# if DB_VERSION_MAJOR < 2
-		if ((*dbp.db->close)(dbp.db) < 0)
-# else
-		if ((errno = (*dbp.db->close)(dbp.db, 0)) != 0)
-# endif
-		{
-			fprintf(stderr, "%s: %s: error on close\n",
-				progname, mapname);
-			perror(mapname);
-			exitstat = EX_IOERR;
-		}
-#endif
-	  default:
-		break;
+		fprintf(stderr, "%s: close(%s): %s\n",
+			progname, mapname, errstring(errno));
+		exitstat = EX_IOERR;
 	}
+	smdb_free_database(database);
 
-#if !O_EXLOCK
-	/* release locks */
-	close(fd);
-#endif
-
-	exit (exitstat);
-}
-/*
-**  LOCKFILE -- lock a file using flock or (shudder) fcntl locking
-**
-**	Parameters:
-**		fd -- the file descriptor of the file.
-**		filename -- the file name (for error messages).
-**		ext -- the filename extension.
-**		type -- type of the lock.  Bits can be:
-**			LOCK_EX -- exclusive lock.
-**			LOCK_NB -- non-blocking.
-**
-**	Returns:
-**		TRUE if the lock was acquired.
-**		FALSE otherwise.
-*/
-
-bool
-lockfile(fd, filename, ext, type)
-	int fd;
-	char *filename;
-	char *ext;
-	int type;
-{
-# if !HASFLOCK
-	int action;
-	struct flock lfd;
-	extern int errno;
-
-	bzero(&lfd, sizeof lfd);
-	if (bitset(LOCK_UN, type))
-		lfd.l_type = F_UNLCK;
-	else if (bitset(LOCK_EX, type))
-		lfd.l_type = F_WRLCK;
-	else
-		lfd.l_type = F_RDLCK;
-	if (bitset(LOCK_NB, type))
-		action = F_SETLK;
-	else
-		action = F_SETLKW;
-
-	if (fcntl(fd, action, &lfd) >= 0)
-		return TRUE;
-
-	/*
-	**  On SunOS, if you are testing using -oQ/tmp/mqueue or
-	**  -oA/tmp/aliases or anything like that, and /tmp is mounted
-	**  as type "tmp" (that is, served from swap space), the
-	**  previous fcntl will fail with "Invalid argument" errors.
-	**  Since this is fairly common during testing, we will assume
-	**  that this indicates that the lock is successfully grabbed.
-	*/
-
-	if (errno == EINVAL)
-		return TRUE;
-
-# else	/* HASFLOCK */
-
-	if (flock(fd, type) >= 0)
-		return TRUE;
-
-# endif
-
-	return FALSE;
+	exit(exitstat);
+	/* NOTREACHED */
+	return exitstat;
 }
 
 /*VARARGS1*/
 void
 #ifdef __STDC__
 message(const char *msg, ...)
-#else
+#else /* __STDC__ */
 message(msg, va_alist)
 	const char *msg;
 	va_dcl
-#endif
+#endif /* __STDC__ */
 {
 	const char *m;
 	VA_LOCAL_DECL
@@ -928,20 +545,20 @@ message(msg, va_alist)
 	    isascii(m[2]) && isdigit(m[2]) && m[3] == ' ')
 		m += 4;
 	VA_START(msg);
-	vfprintf(stderr, m, ap);
+	(void) vfprintf(stderr, m, ap);
 	VA_END;
-	fprintf(stderr, "\n");
+	(void) fprintf(stderr, "\n");
 }
 
 /*VARARGS1*/
 void
 #ifdef __STDC__
 syserr(const char *msg, ...)
-#else
+#else /* __STDC__ */
 syserr(msg, va_alist)
 	const char *msg;
 	va_dcl
-#endif
+#endif /* __STDC__ */
 {
 	const char *m;
 	VA_LOCAL_DECL
@@ -952,65 +569,7 @@ syserr(msg, va_alist)
 	    isascii(m[2]) && isdigit(m[2]) && m[3] == ' ')
 		m += 4;
 	VA_START(msg);
-	vfprintf(stderr, m, ap);
+	(void) vfprintf(stderr, m, ap);
 	VA_END;
-	fprintf(stderr, "\n");
-}
-
-const char *
-errstring(err)
-	int err;
-{
-#if !HASSTRERROR
-	static char errstr[64];
-# if !defined(ERRLIST_PREDEFINED)
-	extern char *sys_errlist[];
-	extern int sys_nerr;
-# endif
-#endif
-
-	/* handle pseudo-errors internal to sendmail */
-	switch (err)
-	{
-	  case E_SM_OPENTIMEOUT:
-		return "Timeout on file open";
-
-	  case E_SM_NOSLINK:
-		return "Symbolic links not allowed";
-
-	  case E_SM_NOHLINK:
-		return "Hard links not allowed";
-
-	  case E_SM_REGONLY:
-		return "Regular files only";
-
-	  case E_SM_ISEXEC:
-		return "Executable files not allowed";
-
-	  case E_SM_WWDIR:
-		return "World writable directory";
-
-	  case E_SM_GWDIR:
-		return "Group writable directory";
-
-	  case E_SM_FILECHANGE:
-		return "File changed after open";
-
-	  case E_SM_WWFILE:
-		return "World writable file";
-
-	  case E_SM_GWFILE:
-		return "Group writable file";
-	}
-
-#if HASSTRERROR
-	return strerror(err);
-#else
-	if (err < 0 || err >= sys_nerr)
-	{
-		sprintf(errstr, "Error %d", err);
-		return errstr;
-	}
-	return sys_errlist[err];
-#endif
+	(void) fprintf(stderr, "\n");
 }
diff --git a/contrib/sendmail/praliases/Build b/contrib/sendmail/praliases/Build
index ab8a49d..543779c 100755
--- a/contrib/sendmail/praliases/Build
+++ b/contrib/sendmail/praliases/Build
@@ -1,513 +1,13 @@
 #!/bin/sh
 
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
-# Copyright (c) 1993, 1996-1997 Eric P. Allman.  All rights reserved.
-# Copyright (c) 1993
-#	The Regents of the University of California.  All rights reserved.
+# Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
 # the sendmail distribution.
 #
 #
-#       @(#)Build	8.93 (Berkeley) 6/24/98
-#
-
-#
-#  A quick-and-dirty script to compile sendmail and related programs
-#  in the presence of multiple architectures.  To use, just use
-#  "sh Build".
-#
-
-trap "rm -f $obj/.settings$$; exit" 1 2 3 15
-
-cflag=""
-mflag=""
-sflag=""
-makeargs=""
-libdirs=""
-incdirs=""
-libsrch=""
-siteconfig=""
-EX_USAGE=64
-EX_NOINPUT=66
-EX_UNAVAILABLE=69
-
-while [ ! -z "$1" ]
-do
-	case $1
-	in
-	  -c)	# clean out existing $obj tree
-		cflag=1
-		shift
-		;;
-
-	  -m)	# show Makefile name only
-		mflag=1
-		shift
-		;;
-
-	  -E*)	# environment variables to pass into Build
-		arg=`echo $1 | sed 's/^-E//'`
-		if [ -z "$arg" ]
-		then
-		    shift   # move to argument
-		    arg=$1
-		fi
-		if [ -z "$arg" ]
-		then
-			echo "Empty -E flag" >&2
-			exit $EX_USAGE
-		else
-			case $arg
-			in
-			  *=*)	# check format
-				eval $arg
-				export `echo $arg | sed 's;=.*;;'`
-				;;
-			  *)	# bad format
-				echo "Bad format for -E argument ($arg)" >&2
-				exit $EX_USAGE
-				;;
-			esac
-			shift
-		fi
-		;;
-
-	  -L*)	# set up LIBDIRS
-		libdirs="$libdirs $1"
-		shift
-		;;
-
-	  -I*)	# set up INCDIRS
-		incdirs="$incdirs $1"
-		shift
-		;;
-
-	  -f*)	# select site config file
-		arg=`echo $1 | sed 's/^-f//'`
-		if [ -z "$arg" ]
-		then
-		    shift   # move to argument
-		    arg=$1
-		fi
-		if [ "$siteconfig" ]
-		then
-			echo "Only one -f flag allowed" >&2
-			exit $EX_USAGE
-		else
-			siteconfig=$arg
-			if [ -z "$siteconfig" ]
-			then
-				echo "Missing argument for -f flag" >&2
-				exit $EX_USAGE
-			elif [ ! -f "$siteconfig" ]
-			then
-				echo "${siteconfig}: File not found"
-				exit $EX_NOINPUT
-			else
-				shift	# move past argument
-			fi
-		fi
-		;;
-
-	  -S)	# skip auto-configure
-		sflag="-s"
-		shift
-		;;
-
-	  *)	# pass argument to make
-		makeargs="$makeargs \"$1\""
-		shift
-		;;
-	esac
-done
-
-#
-#  Do heuristic guesses !ONLY! for machines that do not have uname
-#
-if [ -d /NextApps -a ! -f /bin/uname -a ! -f /usr/bin/uname ]
-then
-	# probably a NeXT box
-	arch=`hostinfo | sed -n 's/.*Processor type: \([^ ]*\).*/\1/p'`
-	os=NeXT
-	rel=`hostinfo | sed -n 's/.*NeXT Mach \([0-9\.]*\).*/\1/p'`
-elif [ -f /usr/sony/bin/machine -a -f /etc/osversion ]
-then
-	# probably a Sony NEWS 4.x
-	os=NEWS-OS
-	rel=`awk '{ print $3}' /etc/osversion`
-	arch=`/usr/sony/bin/machine`
-elif [ -d /usr/omron -a -f /bin/luna ]
-then
-	# probably a Omron LUNA
-	os=LUNA
-	if [ -f /bin/luna1 ] && /bin/luna1
-	then
-		rel=unios-b
-		arch=luna1
-	elif [ -f /bin/luna2 ] && /bin/luna2
-	then
-		rel=Mach
-		arch=luna2
-	elif [ -f /bin/luna88k ] && /bin/luna88k
-	then
-		rel=Mach
-		arch=luna88k
-	fi
-elif [ -d /usr/apollo -a -d \`node_data ]
-then
-	# probably a Apollo/DOMAIN
-	os=DomainOS
-	arch=$ISP
-	rel=`/usr/apollo/bin/bldt | grep Domain | awk '{ print $4 }' | sed -e 's/,//g'`
-fi
-
-if [ ! "$arch" -a ! "$os" -a ! "$rel" ]
-then
-	arch=`uname -m | sed -e 's/ //g'`
-	os=`uname -s | sed -e 's/\//-/g' -e 's/ //g'`
-	rel=`uname -r | sed -e 's/(/-/g' -e 's/)//g'`
-fi
-
-#
-#  Tweak the values we have already got.  PLEASE LIMIT THESE to
-#  tweaks that are absolutely necessary because your system uname
-#  routine doesn't return something sufficiently unique.  Don't do
-#  it just because you don't like the name that is returned.  You
-#  can combine the architecture name with the os name to create a
-#  unique Makefile name.
-#
-
-# tweak machine architecture
-case $arch
-in
-  sun4*)	arch=sun4;;
-
-  9000/*)	arch=`echo $arch | sed -e 's/9000.//' -e 's/..$/xx/'`;;
-
-  DS/907000)	arch=ds90;;
-
-  NILE*)	arch=NILE
-		os=`uname -v`;;
-esac
-
-# tweak operating system type and release
-node=`uname -n | sed -e 's/\//-/g' -e 's/ //g'`
-if [ "$os" = "$node" -a "$arch" = "i386" -a "$rel" = 3.2 -a "`uname -v`" = 2 ]
-then
-	# old versions of SCO UNIX set uname -s the same as uname -n
-	os=SCO_SV
-fi
-if [ "$rel" = 4.0 ]
-then
-	case $arch in
-	  3[34]??|3[34]??,*)
-		if [ -d /usr/sadm/sysadm/add-ons/WIN-TCP ]
-		then
-			os=NCR.MP-RAS.2.x
-		elif [ -d /usr/sadm/sysadm/add-ons/inet ]
-		then
-			os=NCR.MP-RAS.3.x
-		fi
-		;;
-	esac
-fi
-
-case $os
-in
-  DYNIX-ptx)	os=PTX;;
-  Paragon*)	os=Paragon;;
-  HP-UX)	rel=`echo $rel | sed -e 's/^[^.]*\.0*//'`;;
-  AIX)		rela=$rel
-		rel=`uname -v`
-		case $rel in
-		  2)	arch=""
-			;;
-		  4)	if [ "$rela" = "3" ]
-			then
-				arch=$rela
-			fi
-			;;
-		esac
-		rel=$rel.$rela
-		;;
-  BSD-386)	os=BSD-OS;;
-  SCO_SV)	os=SCO; rel=`uname -X | sed -n 's/Release = 3.2v//p'`;;
-  UNIX_System_V) if [ "$arch" = "ds90" ]
-		then
-			os="UXPDS"
-			rel=`uname -v | sed -e 's/\(V.*\)L.*/\1/'`
-		fi;;
-  SINIX-?)	os=SINIX;;
-  DomainOS)	case $rel in
-		  10.4*)	rel=10.4;;
-		esac
-		;;
-esac
-
-# get "base part" of operating system release
-rroot=`echo $rel | sed -e 's/\.[^.]*$//'`
-rbase=`echo $rel | sed -e 's/\..*//'`
-if [ "$rroot" = "$rbase" ]
-then
-	rroot=$rel
-fi
-
-# heuristic tweaks to clean up names -- PLEASE LIMIT THESE!
-if [ "$os" = "unix" ]
-then
-	# might be Altos System V
-	case $rel
-	in
-	  5.3*)		os=Altos;;
-	esac
-elif [ -r /unix -a -r /usr/lib/libseq.a -a -r /lib/cpp ]
-then
-	# might be a DYNIX/ptx 2.x system, which has a broken uname
-	if strings /lib/cpp | grep _SEQUENT_ > /dev/null
-	then
-		os=PTX
-	fi
-elif [ -d /usr/nec ]
-then
-	# NEC machine -- what is it running?
-	if [ "$os" = "UNIX_System_V" ]
-	then
-		os=EWS-UX_V
-	elif [ "$os" = "UNIX_SV" ]
-	then
-		os=UX4800
-	fi
-elif [ "$arch" = "mips" ]
-then
-	case $rel
-	in
-	  4_*)
-		if [ `uname -v` = "UMIPS" ]
-		then
-			os=RISCos
-		fi;;
-	esac
-fi
-
-# see if there is a "user suffix" specified
-if [ "${SENDMAIL_SUFFIX-}x" = "x" ]
-then
-	sfx=""
-else
-	sfx=".${SENDMAIL_SUFFIX}"
-fi
-
-echo "Configuration: os=$os, rel=$rel, rbase=$rbase, rroot=$rroot, arch=$arch, sfx=$sfx"
-
-
-SMROOT=${SMROOT-..}
-BUILDTOOLS=${BUILDTOOLS-$SMROOT/BuildTools}
-export SMROOT BUILDTOOLS
-
-# see if we are in a Build-able directory
-if [ ! -f Makefile.m4 ]; then
-	echo "Makefile.m4 not found.  Build can only be run from a source directory."
-	exit $EX_UNAVAILABLE
-fi
-
-# now try to find a reasonable object directory
-if [ -r obj.$os.$rel.$arch$sfx ]; then
-	obj=obj.$os.$rel.$arch$sfx
-elif [ -r obj.$os.$rroot.$arch$sfx ]; then
-	obj=obj.$os.$rroot.$arch$sfx
-elif [ -r obj.$os.$rbase.x.$arch$sfx ]; then
-	obj=obj.$os.$rbase.x.$arch$sfx
-elif [ -r obj.$os.$rel$sfx ]; then
-	obj=obj.$os.$rel$sfx
-elif [ -r obj.$os.$rbase.x$sfx ]; then
-	obj=obj.$os.$rbase.x$sfx
-elif [ -r obj.$os.$arch$sfx ]; then
-	obj=obj.$os.$arch$sfx
-elif [ -r obj.$rel.$arch$sfx ]; then
-	obj=obj.$rel.$arch$sfx
-elif [ -r obj.$rbase.x.$arch$sfx ]; then
-	obj=obj.$rbase.x.$arch$sfx
-elif [ -r obj.$os$sfx ]; then
-	obj=obj.$os$sfx
-elif [ -r obj.$arch$sfx ]; then
-	obj=obj.$arch$sfx
-elif [ -r obj.$rel$sfx ]; then
-	obj=obj.$rel$sfx
-elif [ -r obj$sfx ]; then
-	obj=obj$sfx
-fi
-if [ -z "$obj" -o "$cflag" ]
-then
-	if [ -n "$obj" ]
-	then
-		echo "Clearing out existing $obj tree"
-		rm -rf $obj
-	else
-		# no existing obj directory -- try to create one if Makefile found
-		obj=obj.$os.$rel.$arch$sfx
-	fi
-	if [ -r $BUILDTOOLS/OS/$os.$rel.$arch$sfx ]; then
-		oscf=$os.$rel.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rel.$arch ]; then
-		oscf=$os.$rel.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot.$arch$sfx ]; then
-		oscf=$os.$rroot.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot.$arch ]; then
-		oscf=$os.$rroot.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x.$arch$sfx ]; then
-		oscf=$os.$rbase.x.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x.$arch ]; then
-		oscf=$os.$rbase.x.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rel$sfx ]; then
-		oscf=$os.$rel$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rel ]; then
-		oscf=$os.$rel
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot$sfx ]; then
-		oscf=$os.$rroot$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot ]; then
-		oscf=$os.$rroot
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x$sfx ]; then
-		oscf=$os.$rbase.x$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x ]; then
-		oscf=$os.$rbase.x
-	elif [ -r $BUILDTOOLS/OS/$os.$arch$sfx ]; then
-		oscf=$os.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$arch ]; then
-		oscf=$os.$arch
-	elif [ -r $BUILDTOOLS/OS/$rel.$arch$sfx ]; then
-		oscf=$rel.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rel.$arch ]; then
-		oscf=$rel.$arch
-	elif [ -r $BUILDTOOLS/OS/$rroot.$arch$sfx ]; then
-		oscf=$rroot.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rroot.$arch ]; then
-		oscf=$rroot.$arch
-	elif [ -r $BUILDTOOLS/OS/$rbase.x.$arch$sfx ]; then
-		oscf=$rbase.x.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rbase.x.$arch ]; then
-		oscf=$rbase.x.$arch
-	elif [ -r $BUILDTOOLS/OS/$os$sfx ]; then
-		oscf=$os$sfx
-	elif [ -r $BUILDTOOLS/OS/$os ]; then
-		oscf=$os
-	elif [ -r $BUILDTOOLS/OS/$arch$sfx ]; then
-		oscf=$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$arch ]; then
-		oscf=$arch
-	elif [ -r $BUILDTOOLS/OS/$rel$sfx ]; then
-		oscf=$rel$sfx
-	elif [ -r $BUILDTOOLS/OS/$rel ]; then
-		oscf=$rel
-	elif [ -r $BUILDTOOLS/OS/$rel$sfx ]; then
-		oscf=$rel$sfx
-	else
-		echo "Cannot determine how to support $arch.$os.$rel" >&2
-		exit $EX_UNAVAILABLE
-	fi
-	M4=`sh $BUILDTOOLS/bin/find_m4.sh`
-	ret=$?
-	if [ $ret -ne 0 ]
-	then
-		exit $ret
-	fi
-	echo "Using M4=$M4"
-	export M4
-	if [ "$mflag" ]
-	then
-		echo "Will run in virgin $obj using $BUILDTOOLS/OS/$oscf"
-		exit 0
-	fi
-	if [ "$ABI" ]
-	then
-		echo "Using ABI $ABI"
-	fi
-	echo "Creating $obj using $BUILDTOOLS/OS/$oscf"
-	mkdir $obj
-	(cd $obj; ln -s ../*.[ch158] .)
-	if [ -f sendmail.hf ]
-	then
-		(cd $obj; ln -s ../sendmail.hf .)
-	fi
-
-	rm -f $obj/.settings$$
-	echo 'divert(-1)' > $obj/.settings$$
-	cat $BUILDTOOLS/M4/header.m4 >> $obj/.settings$$
-	if [ "$ABI" ]
-	then
-		echo "define(\`confABI', \`$ABI')" >> $obj/.settings$$
-	fi
-	cat $BUILDTOOLS/OS/$oscf >> $obj/.settings$$
-
-	if [ -z "$siteconfig" ]
-	then
-		# none specified, use defaults
-		if [ -f $BUILDTOOLS/Site/site.$oscf$sfx.m4 ]
-		then
-			siteconfig=$BUILDTOOLS/Site/site.$oscf$sfx.m4
-		elif [ -f $BUILDTOOLS/Site/site.$oscf.m4 ]
-		then
-			siteconfig=$BUILDTOOLS/Site/site.$oscf.m4
-		fi
-		if [ -f $BUILDTOOLS/Site/site.config.m4 ]
-		then
-			siteconfig="$BUILDTOOLS/Site/site.config.m4 $siteconfig"
-		fi
-	fi
-	if [ ! -z "$siteconfig" ]
-	then
-		echo "Including $siteconfig"
-		cat $siteconfig >> $obj/.settings$$
-	fi
-	if [ "$libdirs" ]
-	then
-		echo "define(\`confLIBDIRS', confLIBDIRS \`\`$libdirs'')" >> $obj/.settings$$
-	fi
-	if [ "$incdirs" ]
-	then
-		echo "define(\`confINCDIRS', confINCDIRS \`\`$incdirs'')" >> $obj/.settings$$
-	fi
-	echo 'divert(0)dnl' >> $obj/.settings$$
-	libdirs=`(cat $obj/.settings$$; echo "_SRIDBIL_= confLIBDIRS" ) | \
-		sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
-		grep "^_SRIDBIL_=" | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_SRIDBIL_=//"`
-	libsrch=`(cat $obj/.settings$$; echo "_HCRSBIL_= confLIBSEARCH" ) | \
-		sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
-		grep "^_HCRSBIL_=" | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_HCRSBIL_=//"`
-	echo 'divert(-1)' >> $obj/.settings$$
-	LIBDIRS="$libdirs" LIBSRCH="$libsrch" SITECONFIG="$siteconfig" sh $BUILDTOOLS/bin/configure.sh $sflag $oscf >> $obj/.settings$$
-	echo 'divert(0)dnl' >> $obj/.settings$$
-	sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' $obj/.settings$$ | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - Makefile.m4 | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' > $obj/Makefile
-	if [ $? -ne 0 -o ! -s $obj/Makefile ]
-	then
-		echo "ERROR: ${M4} failed; You may need a newer version of M4, at least as new as System V or GNU" 1>&2
-		rm -rf $obj
-		exit $EX_UNAVAILABLE
-	fi
-	rm -f $obj/.settings$$
-	echo "Making dependencies in $obj"
-	(cd $obj; ${MAKE-make} depend)
-fi
-
-if [ "$mflag" ]
-then
-	makefile=`ls -l $obj/Makefile | sed 's/.* //'`
-	if [ -z "$makefile" ]
-	then
-		echo "ERROR: $obj exists but has no Makefile" >&2
-		exit $EX_NOINPUT
-	fi
-	echo "Will run in existing $obj using $makefile"
-	exit 0
-fi
+#	$Id: Build,v 8.4 1999/03/02 02:34:32 peterh Exp $
 
-echo "Making in $obj"
-cd $obj
-eval exec ${MAKE-make} $makeargs
+exec ../devtools/bin/Build $*
diff --git a/contrib/sendmail/praliases/Makefile b/contrib/sendmail/praliases/Makefile
new file mode 100644
index 0000000..6b6db70
--- /dev/null
+++ b/contrib/sendmail/praliases/Makefile
@@ -0,0 +1,17 @@
+#       $Id: Makefile,v 8.5 1999/09/23 22:36:39 ca Exp $
+
+SHELL= /bin/sh
+BUILD=   ./Build
+OPTIONS= $(CONFIG) $(FLAGS)
+
+all: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+clean: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+install: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+
+fresh: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) -c
+
+FRC:
diff --git a/contrib/sendmail/praliases/Makefile.m4 b/contrib/sendmail/praliases/Makefile.m4
index 7e78412..670c2cc 100644
--- a/contrib/sendmail/praliases/Makefile.m4
+++ b/contrib/sendmail/praliases/Makefile.m4
@@ -1,104 +1,21 @@
-#
-#  This Makefile is designed to work on the old "make" program.
-#
-#	@(#)Makefile.m4	8.16	(Berkeley)	7/12/1998
-#
+include(confBUILDTOOLSDIR`/M4/switch.m4')
 
-# C compiler
-CC=	confCC
+# sendmail dir
+SMSRCDIR=	ifdef(`confSMSRCDIR', `confSMSRCDIR', `${SRCDIR}/sendmail')
+PREPENDDEF(`confENVDEF', `confMAPDEF')
+PREPENDDEF(`confINCDIRS', `-I${SMSRCDIR} ')
 
-# Shell
-SHELL=	confSHELL
+bldPRODUCT_START(`executable', `praliases')
+define(`bldINSTALL_DIR', `S')
+define(`bldSOURCES', `praliases.c ')
+bldPUSH_SMLIB(`smutil')
+bldPUSH_SMLIB(`smdb')
+APPENDDEF(`confENVDEF', `-DNOT_SENDMAIL')
+bldPRODUCT_END
 
-# use O=-O (usual) or O=-g (debugging)
-O=	ifdef(`confOPTIMIZE', `confOPTIMIZE', `-O')
+bldPRODUCT_START(`manpage', `praliases')
+define(`bldSOURCES', `praliases.8')
+bldPRODUCT_END
 
-# location of sendmail source directory
-SRCDIR=	ifdef(`confSRCDIR', `confSRCDIR', `../../src')
+bldFINISH
 
-# define the database mechanisms available for map & alias lookups:
-#	-DNDBM -- use new DBM
-#	-DNEWDB -- use new Berkeley DB
-# The really old (V7) DBM library is no longer supported.
-#
-MAPDEF=	ifdef(`confMAPDEF', `confMAPDEF')
-
-# environment definitions (e.g., -D_AIX3)
-ENVDEF=	ifdef(`confENVDEF', `confENVDEF')
-
-# see also conf.h for additional compilation flags
-
-# include directories
-INCDIRS=-I${SRCDIR} confINCDIRS
-
-# loader options
-LDOPTS=	ifdef(`confLDOPTS', `confLDOPTS')
-
-# library directories
-LIBDIRS=confLIBDIRS
-
-# libraries required on your system
-LIBS=	ifdef(`confLIBS', `confLIBS')
-
-# location of praliases binary (usually /usr/sbin or /usr/etc)
-SBINDIR=${DESTDIR}ifdef(`confSBINDIR', `confSBINDIR', `/usr/sbin')
-
-# additional .o files needed
-OBJADD=	ifdef(`confOBJADD', `confOBJADD')
-
-undivert(1)
-
-###################  end of user configuration flags  ######################
-
-BUILDBIN=confBUILDBIN
-COPTS=	-I. ${INCDIRS} ${MAPDEF} ${ENVDEF}
-CFLAGS=	$O ${COPTS}
-
-BEFORE= confBEFORE
-OBJS=	praliases.o ${OBJADD}
-
-NROFF=	ifdef(`confNROFF', `confNROFF', `groff -Tascii')
-MANDOC=	ifdef(`confMANDOC', `confMANDOC', `-mandoc')
-
-INSTALL=ifdef(`confINSTALL', `confINSTALL', `install')
-BINOWN=	ifdef(`confUBINOWN', `confUBINOWN', `bin')
-BINGRP=	ifdef(`confUBINGRP', `confUBINGRP', `bin')
-BINMODE=ifdef(`confUBINMODE', `confUBINMODE', `555')
-
-MANOWN=	ifdef(`confMANOWN', `confMANOWN', `bin')
-MANGRP=	ifdef(`confMANGRP', `confMANGRP', `bin')
-MANMODE=ifdef(`confMANMODE', `confMANMODE', `444')
-
-MANROOT=${DESTDIR}ifdef(`confMANROOT', `confMANROOT', `/usr/share/man/cat')
-MAN8=	${MANROOT}ifdef(`confMAN8', `confMAN8', `8')
-MAN8EXT=ifdef(`confMAN8EXT', `confMAN8EXT', `8')
-MAN8SRC=ifdef(`confMAN8SRC', `confMAN8SRC', `0')
-
-ALL=	praliases praliases.${MAN8SRC}
-
-all: ${ALL}
-
-praliases: ${BEFORE} ${OBJS}
-	${CC} -o praliases ${LDOPTS} ${OBJS} ${LIBDIRS} ${LIBS}
-
-undivert(3)
-
-praliases.${MAN8SRC}: praliases.8
-	${NROFF} ${MANDOC} praliases.8 > praliases.${MAN8SRC}
-
-install: install-praliases install-docs
-
-install-praliases: praliases
-	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} praliases ${SBINDIR}
-
-install-docs: praliases.${MAN8SRC}
-ifdef(`confNO_MAN_INSTALL', `dnl',
-`	${INSTALL} -c -o ${MANOWN} -g ${MANGRP} -m ${MANMODE} praliases.${MAN8SRC} ${MAN8}/praliases.${MAN8EXT}')
-
-clean:
-	rm -f ${OBJS} praliases praliases.${MAN8SRC}
-
-################  Dependency scripts
-include(confBUILDTOOLSDIR/M4/depend/ifdef(`confDEPEND_TYPE', `confDEPEND_TYPE',
-`generic').m4)dnl
-################  End of dependency scripts
diff --git a/contrib/sendmail/praliases/praliases.8 b/contrib/sendmail/praliases/praliases.8
index 0833701..0a63a79 100644
--- a/contrib/sendmail/praliases/praliases.8
+++ b/contrib/sendmail/praliases/praliases.8
@@ -1,49 +1,57 @@
-.\" Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+.\" Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+.\"	 All rights reserved.
 .\"
 .\" By using this file, you agree to the terms and conditions set
 .\" forth in the LICENSE file which can be found at the top level of
 .\" the sendmail distribution.
 .\"
 .\"
-.\"	@(#)praliases.8	8.5 (Berkeley) 5/19/1998
+.\"	$Id: praliases.8,v 8.15 2000/04/06 16:47:24 ca Exp $
 .\"
-.Dd April 25, 1996
-.Dt PRALIASES 1
-.Os BSD 3
-.Sh NAME
-.Nm praliases
-.Nd display system mail aliases
-.Sh SYNOPSIS
-.Nm praliases
-.Op Fl f Ar file
-.Sh DESCRIPTION
+.TH PRALIASES 8 "April 25, 1996"
+.SH NAME
+.B praliases
+\- display system mail aliases
+.SH SYNOPSIS
+.B praliases
+.RB [ \-C
+.IR file ]
+.RB [ \-f
+.IR file ]
+.RB [\c
+.IR key
+.IR ... ]
+.SH DESCRIPTION
 The
-.Nm praliases
-utility displays the current system aliases,
+.B praliases
+utility displays the current system aliases, 
 one per line, in no particular order.
-.Pp
+The special internal @:@ alias will be displayed if present.
+.PP
 The options are as follows:
-.Bl -tag -width Ds
-.It Fl f
-Read the specified file instead of the default
-.Nm sendmail
-system aliases file.
-.El
-.Pp
+.TP
+.B \-C
+Read the specified sendmail configuration file instead of the default
+.B sendmail
+configuration file.
+.TP 
+.B \-f
+Read the specified file instead of the configured
+.B sendmail
+system aliases file(s).
+.PP
+If one or more keys are specified on the command line,
+only entries which match those keys are displayed.
+.PP
 The
-.Nm praliases
+.B praliases
 utility exits 0 on success, and >0 if an error occurs.
-.Sh FILES
-.Bl -tag -width /var/log/sendmail.stXX -compact
-.It Pa /etc/aliases
+.SH FILES
+.TP 2.5i
+/etc/mail/sendmail.cf
 The default
-.Nm sendmail
-system aliases file.
-.It Pa /etc/aliases.db
-The database version of the
-.Pa /etc/aliases
-file.
-.El
-.Sh SEE ALSO
-.Xr mailq 1 ,
-.Xr sendmail 8
+.B sendmail
+configuration file.
+.SH SEE ALSO
+mailq(1), 
+sendmail(8)
diff --git a/contrib/sendmail/praliases/praliases.c b/contrib/sendmail/praliases/praliases.c
index 3935191..4c6c4d6 100644
--- a/contrib/sendmail/praliases/praliases.c
+++ b/contrib/sendmail/praliases/praliases.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -12,74 +13,84 @@
 
 #ifndef lint
 static char copyright[] =
-"@(#) Copyright (c) 1988, 1993\n\
+"@(#) Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.\n\
+	All rights reserved.\n\
+     Copyright (c) 1983 Eric P. Allman.  All rights reserved.\n\
+     Copyright (c) 1988, 1993\n\
 	The Regents of the University of California.  All rights reserved.\n";
-#endif /* not lint */
+#endif /* ! lint */
 
 #ifndef lint
-static char sccsid[] = "@(#)praliases.c	8.21 (Berkeley) 12/27/1998";
-#endif /* not lint */
+static char id[] = "@(#)$Id: praliases.c,v 8.59.4.10 2000/07/18 05:41:39 gshapiro Exp $";
+#endif /* ! lint */
+
+#include <sys/types.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <unistd.h>
+#ifdef EX_OK
+# undef EX_OK		/* unistd.h may have another use for this */
+#endif /* EX_OK */
+#include <sysexits.h>
 
-#if !defined(NDBM) && !defined(NEWDB)
-  ERROR README:	You must define one of NDBM or NEWDB in order to compile
-  ERROR README:	praliases.
-#endif
 
-#ifdef NDBM
-# include <ndbm.h>
-#endif
 #ifndef NOT_SENDMAIL
 # define NOT_SENDMAIL
-#endif
-#include <sendmail.h>
-#include <pathnames.h>
-#ifdef NEWDB
-# include <db.h>
-# ifndef DB_VERSION_MAJOR
-#  define DB_VERSION_MAJOR 1
-# endif
-#endif
-
-#if defined(IRIX64) || defined(IRIX5) || defined(IRIX6) || \
-    defined(BSD4_4) || defined(__osf__) || defined(__GNU_LIBRARY__)
-# ifndef HASSTRERROR
-#  define HASSTRERROR	1	/* has strerror(3) */
-# endif
-#endif
-
-#if !HASSTRERROR
-extern char	*strerror __P((int));
-#endif
+#endif /* ! NOT_SENDMAIL */
+#include <sendmail/sendmail.h>
+#include <sendmail/pathnames.h>
+#include <libsmdb/smdb.h>
 
 static void praliases __P((char *, int, char **));
-#ifdef NDBM
-static void praliases_dbm __P((char *, int, char **));
-#endif
+
+uid_t	RealUid;
+gid_t	RealGid;
+char	*RealUserName;
+uid_t	RunAsUid;
+uid_t	RunAsGid;
+char	*RunAsUserName;
+int	Verbose = 2;
+bool	DontInitGroups = FALSE;
+uid_t	TrustedUid = 0;
+BITMAP256 DontBlameSendmail;
+
+extern void	syserr __P((const char *, ...));
+
 
 int
 main(argc, argv)
 	int argc;
 	char **argv;
 {
-	extern char *optarg;
-	extern int optind;
 	char *cfile;
-#if _FFR_GRAB_ALIASFILE_OPTION
 	char *filename = NULL;
-#else
-	char *filename = "/etc/aliases";
-#endif
 	FILE *cfp;
 	int ch;
 	char afilebuf[MAXLINE];
 	char buf[MAXLINE];
+	struct passwd *pw;
+	static char rnamebuf[MAXNAME];
+	extern char *optarg;
+	extern int optind;
+
+
+	clrbitmap(DontBlameSendmail);
+	RunAsUid = RealUid = getuid();
+	RunAsGid = RealGid = getgid();
+	pw = getpwuid(RealUid);
+	if (pw != NULL)
+	{
+		if (strlen(pw->pw_name) > MAXNAME - 1)
+			pw->pw_name[MAXNAME] = 0;
+		snprintf(rnamebuf, sizeof rnamebuf, "%s", pw->pw_name);
+	}
+	else
+		(void) snprintf(rnamebuf, sizeof rnamebuf, "Unknown UID %d",
+				(int) RealUid);
+	RunAsUserName = RealUserName = rnamebuf;
 
 	cfile = _PATH_SENDMAILCF;
-#if _FFR_GRAB_ALIASFILE_OPTION
-	while ((ch = getopt(argc, argv, "C:f:")) != EOF)
-#else
-	while ((ch = getopt(argc, argv, "f:")) != EOF)
-#endif
+	while ((ch = getopt(argc, argv, "C:f:")) != -1)
 	{
 		switch ((char)ch) {
 		case 'C':
@@ -91,11 +102,7 @@ main(argc, argv)
 		case '?':
 		default:
 			(void)fprintf(stderr,
-#if _FFR_GRAB_ALIASFILE_OPTION
-				"usage: praliases [-C cffile] [-f aliasfile]\n");
-#else
-				"usage: praliases [-f aliasfile]\n");
-#endif
+				      "usage: praliases [-C cffile] [-f aliasfile]\n");
 			exit(EX_USAGE);
 		}
 	}
@@ -110,8 +117,8 @@ main(argc, argv)
 
 	if ((cfp = fopen(cfile, "r")) == NULL)
 	{
-		fprintf(stderr, "praliases: ");
-		perror(cfile);
+		fprintf(stderr, "praliases: %s: %s\n",
+			cfile, errstring(errno));
 		exit(EX_NOINPUT);
 	}
 
@@ -119,6 +126,10 @@ main(argc, argv)
 	{
 		register char *b, *p;
 
+		b = strchr(buf, '\n');
+		if (b != NULL)
+			*b = '\0';
+
 		b = buf;
 		switch (*b++)
 		{
@@ -140,15 +151,15 @@ main(argc, argv)
 			}
 
 			/* this is the A or AliasFile option -- save it */
-			if (strlen(b) >= sizeof afilebuf)
+			if (strlcpy(afilebuf, b, sizeof afilebuf) >=
+			    sizeof afilebuf)
 			{
 				fprintf(stderr,
-					"AliasFile filename too long: %.30s...\n",
+					"praliases: AliasFile filename too long: %.30s\n",
 					b);
 				(void) fclose(cfp);
 				exit(EX_CONFIG);
 			}
-			strcpy(afilebuf, b);
 			b = afilebuf;
 
 			for (p = b; p != NULL; )
@@ -160,12 +171,50 @@ main(argc, argv)
 				b = p;
 
 				p = strpbrk(p, " ,/");
+
 				/* find end of spec */
 				if (p != NULL)
-					p = strpbrk(p, ",\n");
+				{
+					bool quoted = FALSE;
+
+					for (; *p != '\0'; p++)
+					{
+						/*
+						**  Don't break into a quoted
+						**  string.
+						*/
+
+						if (*p == '"')
+							quoted = !quoted;
+						else if (*p == ',' && !quoted)
+							break;
+					}
+
+					/* No more alias specs follow */
+					if (*p == '\0')
+					{
+						/* chop trailing whitespace */
+						while (isascii(*p) &&
+						       isspace(*p) &&
+						       p > b)
+							p--;
+						*p = '\0';
+						p = NULL;
+					}
+				}
+
 				if (p != NULL)
-					*p++ = '\0';
+				{
+					char *e = p - 1;
 
+					/* chop trailing whitespace */
+					while (isascii(*e) &&
+					       isspace(*e) &&
+					       e > b)
+						e--;
+					*++e = '\0';
+					*p++ = '\0';
+				}
 				praliases(b, argc, argv);
 			}
 
@@ -175,196 +224,192 @@ main(argc, argv)
 	}
 	(void) fclose(cfp);
 	exit(EX_OK);
+	/* NOTREACHED */
+	return EX_OK;
 }
 
 static void
 praliases(filename, argc, argv)
 	char *filename;
-	int  argc;
+	int argc;
 	char **argv;
 {
-#ifdef NEWDB
-	DB *db;
-	DBT newdbkey, newdbcontent;
-	char buf[MAXNAME];
-#endif
-	char *class;
-
-	class = strchr(filename, ':');
-	if (class != NULL)
+	int result;
+	char *colon;
+	char *db_name;
+	char *db_type;
+	SMDB_DATABASE *database = NULL;
+	SMDB_CURSOR *cursor = NULL;
+	SMDB_DBENT db_key, db_value;
+	SMDB_DBPARAMS params;
+	SMDB_USER_INFO user_info;
+
+	colon = strchr(filename, ':');
+	if (colon == NULL)
 	{
-		if (strncasecmp(filename, "dbm:", 4) == 0)
-		{
-#ifdef NDBM
-			praliases_dbm(class + 1, argc, argv);
-			return;
-#else
-			fprintf(stderr, "class dbm not available\n");
-			exit(EX_DATAERR);
-#endif
-		}
-		filename = class + 1;
+		db_name = filename;
+		db_type = SMDB_TYPE_DEFAULT;
 	}
-#ifdef NEWDB
-	if (strlen(filename) + 4 >= sizeof buf)
+	else
 	{
-		fprintf(stderr, "Alias filename too long: %.30s...\n", filename);
-		exit(EX_USAGE);
+		*colon = '\0';
+		db_name = colon + 1;
+		db_type = filename;
 	}
-	(void) strcpy(buf, filename);
-	(void) strcat(buf, ".db");
-# if DB_VERSION_MAJOR < 2
-	db = dbopen(buf, O_RDONLY, 0444, DB_HASH, NULL);
-# else
-	db = NULL;
-	errno = db_open(buf, DB_HASH, DB_RDONLY, 0444, NULL, NULL, &db);
-# endif
-	if (db != NULL)
+
+	/* clean off arguments */
+	for (;;)
 	{
-		if (!argc)
-		{
-# if DB_VERSION_MAJOR > 1
-			DBC *dbc;
-# endif
-			bzero(&newdbkey, sizeof newdbkey);
-			bzero(&newdbcontent, sizeof newdbcontent);
-
-# if DB_VERSION_MAJOR < 2
-			while(!db->seq(db, &newdbkey, &newdbcontent, R_NEXT))
-# else
-#  if DB_VERSION_MAJOR > 2 || DB_VERSION_MINOR >=6
-			if ((errno = db->cursor(db, NULL, &dbc, 0)) == 0)
-#  else
-			if ((errno = db->cursor(db, NULL, &dbc)) == 0)
-#  endif
-			{
-				while ((errno = dbc->c_get(dbc, &newdbkey,
-							   &newdbcontent,
-							   DB_NEXT)) == 0)
-# endif
-				printf("%.*s:%.*s\n",
-					(int) newdbkey.size,
-					(char *) newdbkey.data,
-					(int) newdbcontent.size,
-					(char *) newdbcontent.data);
-# if DB_VERSION_MAJOR > 1
-				(void) dbc->c_close(dbc);
-			}
-			else
-			{
-				fprintf(stderr,
-					"praliases: %s: Could not set cursor: %s\n",
-					buf, strerror(errno));
-				errno = db->close(db, 0);
-				exit(EX_DATAERR);
-			}
-# endif
-		}
-		else for (; *argv; ++argv)
-		{
-			bzero(&newdbkey, sizeof newdbkey);
-			bzero(&newdbcontent, sizeof newdbcontent);
-			newdbkey.data = *argv;
-			newdbkey.size = strlen(*argv) + 1;
-# if DB_VERSION_MAJOR < 2
-			if (!db->get(db, &newdbkey, &newdbcontent, 0))
-# else
-			if ((errno = db->get(db, NULL, &newdbkey,
-					     &newdbcontent, 0)) == 0)
-# endif
-				printf("%s:%.*s\n", (char *) newdbkey.data,
-					(int) newdbcontent.size,
-					(char *) newdbcontent.data);
-			else
-				printf("%s: No such key\n",
-					(char *) newdbkey.data);
-		}
-# if DB_VERSION_MAJOR < 2
-		(void)db->close(db);
-# else
-		errno = db->close(db, 0);
-# endif
+		while (isascii(*db_name) && isspace(*db_name))
+			db_name++;
+		if (*db_name != '-')
+			break;
+		while (*db_name != '\0' &&
+		       !(isascii(*db_name) && isspace(*db_name)))
+			db_name++;
 	}
-	else
+
+	if (*db_name == '\0' || (db_type != NULL && *db_type == '\0'))
 	{
-#endif
-#ifdef NDBM
-		praliases_dbm(filename, argc, argv);
-#endif
-#ifdef NEWDB
+		if (colon != NULL)
+			*colon = ':';
+		fprintf(stderr,	"praliases: illegal alias specification: %s\n",
+			filename);
+		goto fatal;
 	}
-#endif
-}
 
-#ifdef NDBM
-static void
-praliases_dbm(filename, argc, argv)
-	char *filename;
-	int  argc;
-	char **argv;
-{
-	DBM *dbp;
-	datum content, key;
+	memset(&params, '\0', sizeof params);
+	params.smdbp_cache_size = 1024 * 1024;
 
-	if ((dbp = dbm_open(filename, O_RDONLY, 0)) == NULL)
+	user_info.smdbu_id = RunAsUid;
+	user_info.smdbu_group_id = RunAsGid;
+	strlcpy(user_info.smdbu_name, RunAsUserName, SMDB_MAX_USER_NAME_LEN);
+
+	result = smdb_open_database(&database, db_name, O_RDONLY, 0,
+				    SFF_ROOTOK, db_type, &user_info, &params);
+	if (result != SMDBE_OK)
 	{
-		(void)fprintf(stderr,
-		    "praliases: %s: %s\n", filename, strerror(errno));
-		exit(EX_OSFILE);
+		fprintf(stderr, "praliases: %s: open: %s\n",
+			db_name, errstring(result));
+		goto fatal;
 	}
-	if (!argc)
+
+	if (argc == 0)
 	{
-		for (key = dbm_firstkey(dbp);
-		    key.dptr != NULL; key = dbm_nextkey(dbp))
+		memset(&db_key, '\0', sizeof db_key);
+		memset(&db_value, '\0', sizeof db_value);
+
+		result = database->smdb_cursor(database, &cursor, 0);
+		if (result != SMDBE_OK)
+		{
+			fprintf(stderr, "praliases: %s: set cursor: %s\n",
+				db_name, errstring(result));
+			goto fatal;
+		}
+
+		while ((result = cursor->smdbc_get(cursor, &db_key, &db_value,
+						   SMDB_CURSOR_GET_NEXT)) ==
+						   SMDBE_OK)
+		{
+#if 0
+			/* skip magic @:@ entry */
+			if (db_key.data.size == 2 &&
+			    db_key.data.data[0] == '@' &&
+			    db_key.data.data[1] == '\0' &&
+			    db_value.data.size == 2 &&
+			    db_value.data.data[0] == '@' &&
+			    db_value.data.data[1] == '\0')
+				continue;
+#endif /* 0 */
+
+			printf("%.*s:%.*s\n",
+			       (int) db_key.data.size,
+			       (char *) db_key.data.data,
+			       (int) db_value.data.size,
+			       (char *) db_value.data.data);
+		}
+
+		if (result != SMDBE_OK && result != SMDBE_LAST_ENTRY)
 		{
-			content = dbm_fetch(dbp, key);
-			(void)printf("%.*s:%.*s\n",
-				(int) key.dsize, key.dptr,
-				(int) content.dsize, content.dptr);
+			fprintf(stderr,
+				"praliases: %s: get value at cursor: %s\n",
+				db_name, errstring(result));
+			goto fatal;
 		}
 	}
-	else
+	else for (; *argv != NULL; ++argv)
 	{
-		for (; *argv; ++argv)
+		memset(&db_key, '\0', sizeof db_key);
+		memset(&db_value, '\0', sizeof db_value);
+		db_key.data.data = *argv;
+		db_key.data.size = strlen(*argv) + 1;
+		if (database->smdb_get(database, &db_key,
+				       &db_value, 0) == SMDBE_OK)
 		{
-			/*
-			**  Use the sendmail adaptive algorithm of trying
-			**  the key first without, then if needed with,
-			**  the terminating NULL byte.
-			*/
-			key.dptr = *argv;
-			key.dsize = strlen(*argv);
-			content = dbm_fetch(dbp, key);
-			if (content.dptr == NULL)
-			{
-				key.dsize++;
-				content = dbm_fetch(dbp, key);
-			}
-			if (content.dptr != NULL)
-				(void)printf("%s:%.*s\n", key.dptr,
-					(int) content.dsize, content.dptr);
-			else
-				(void)printf("%s: No such key\n", key.dptr);
+			printf("%.*s:%.*s\n",
+			       (int) db_key.data.size,
+			       (char *) db_key.data.data,
+			       (int) db_value.data.size,
+			       (char *) db_value.data.data);
 		}
+		else
+			printf("%s: No such key\n", (char *) db_key.data.data);
 	}
-	dbm_close(dbp);
-}
-#endif
 
-#if !HASSTRERROR
+ fatal:
+	if (cursor != NULL)
+		(void) cursor->smdbc_close(cursor);
+	if (database != NULL)
+		(void) database->smdb_close(database);
+	if (colon != NULL)
+		*colon = ':';
+	return;
+}
 
-char *
-strerror(eno)
-	int eno;
+/*VARARGS1*/
+void
+#ifdef __STDC__
+message(const char *msg, ...)
+#else /* __STDC__ */
+message(msg, va_alist)
+	const char *msg;
+	va_dcl
+#endif /* __STDC__ */
 {
-	extern int sys_nerr;
-	extern char *sys_errlist[];
-	static char ebuf[60];
-
-	if (eno >= 0 && eno < sys_nerr)
-		return sys_errlist[eno];
-	(void) sprintf(ebuf, "Error %d", eno);
-	return ebuf;
+	const char *m;
+	VA_LOCAL_DECL
+
+	m = msg;
+	if (isascii(m[0]) && isdigit(m[0]) &&
+	    isascii(m[1]) && isdigit(m[1]) &&
+	    isascii(m[2]) && isdigit(m[2]) && m[3] == ' ')
+		m += 4;
+	VA_START(msg);
+	(void) vfprintf(stderr, m, ap);
+	VA_END;
+	(void) fprintf(stderr, "\n");
 }
 
-#endif /* !HASSTRERROR */
+/*VARARGS1*/
+void
+#ifdef __STDC__
+syserr(const char *msg, ...)
+#else /* __STDC__ */
+syserr(msg, va_alist)
+	const char *msg;
+	va_dcl
+#endif /* __STDC__ */
+{
+	const char *m;
+	VA_LOCAL_DECL
+
+	m = msg;
+	if (isascii(m[0]) && isdigit(m[0]) &&
+	    isascii(m[1]) && isdigit(m[1]) &&
+	    isascii(m[2]) && isdigit(m[2]) && m[3] == ' ')
+		m += 4;
+	VA_START(msg);
+	(void) vfprintf(stderr, m, ap);
+	VA_END;
+	(void) fprintf(stderr, "\n");
+}
diff --git a/contrib/sendmail/rmail/Build b/contrib/sendmail/rmail/Build
index ab8a49d..ffc3997 100755
--- a/contrib/sendmail/rmail/Build
+++ b/contrib/sendmail/rmail/Build
@@ -1,513 +1,13 @@
 #!/bin/sh
 
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
-# Copyright (c) 1993, 1996-1997 Eric P. Allman.  All rights reserved.
-# Copyright (c) 1993
-#	The Regents of the University of California.  All rights reserved.
+# Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
 # the sendmail distribution.
 #
 #
-#       @(#)Build	8.93 (Berkeley) 6/24/98
-#
-
-#
-#  A quick-and-dirty script to compile sendmail and related programs
-#  in the presence of multiple architectures.  To use, just use
-#  "sh Build".
-#
-
-trap "rm -f $obj/.settings$$; exit" 1 2 3 15
-
-cflag=""
-mflag=""
-sflag=""
-makeargs=""
-libdirs=""
-incdirs=""
-libsrch=""
-siteconfig=""
-EX_USAGE=64
-EX_NOINPUT=66
-EX_UNAVAILABLE=69
-
-while [ ! -z "$1" ]
-do
-	case $1
-	in
-	  -c)	# clean out existing $obj tree
-		cflag=1
-		shift
-		;;
-
-	  -m)	# show Makefile name only
-		mflag=1
-		shift
-		;;
-
-	  -E*)	# environment variables to pass into Build
-		arg=`echo $1 | sed 's/^-E//'`
-		if [ -z "$arg" ]
-		then
-		    shift   # move to argument
-		    arg=$1
-		fi
-		if [ -z "$arg" ]
-		then
-			echo "Empty -E flag" >&2
-			exit $EX_USAGE
-		else
-			case $arg
-			in
-			  *=*)	# check format
-				eval $arg
-				export `echo $arg | sed 's;=.*;;'`
-				;;
-			  *)	# bad format
-				echo "Bad format for -E argument ($arg)" >&2
-				exit $EX_USAGE
-				;;
-			esac
-			shift
-		fi
-		;;
-
-	  -L*)	# set up LIBDIRS
-		libdirs="$libdirs $1"
-		shift
-		;;
-
-	  -I*)	# set up INCDIRS
-		incdirs="$incdirs $1"
-		shift
-		;;
-
-	  -f*)	# select site config file
-		arg=`echo $1 | sed 's/^-f//'`
-		if [ -z "$arg" ]
-		then
-		    shift   # move to argument
-		    arg=$1
-		fi
-		if [ "$siteconfig" ]
-		then
-			echo "Only one -f flag allowed" >&2
-			exit $EX_USAGE
-		else
-			siteconfig=$arg
-			if [ -z "$siteconfig" ]
-			then
-				echo "Missing argument for -f flag" >&2
-				exit $EX_USAGE
-			elif [ ! -f "$siteconfig" ]
-			then
-				echo "${siteconfig}: File not found"
-				exit $EX_NOINPUT
-			else
-				shift	# move past argument
-			fi
-		fi
-		;;
-
-	  -S)	# skip auto-configure
-		sflag="-s"
-		shift
-		;;
-
-	  *)	# pass argument to make
-		makeargs="$makeargs \"$1\""
-		shift
-		;;
-	esac
-done
-
-#
-#  Do heuristic guesses !ONLY! for machines that do not have uname
-#
-if [ -d /NextApps -a ! -f /bin/uname -a ! -f /usr/bin/uname ]
-then
-	# probably a NeXT box
-	arch=`hostinfo | sed -n 's/.*Processor type: \([^ ]*\).*/\1/p'`
-	os=NeXT
-	rel=`hostinfo | sed -n 's/.*NeXT Mach \([0-9\.]*\).*/\1/p'`
-elif [ -f /usr/sony/bin/machine -a -f /etc/osversion ]
-then
-	# probably a Sony NEWS 4.x
-	os=NEWS-OS
-	rel=`awk '{ print $3}' /etc/osversion`
-	arch=`/usr/sony/bin/machine`
-elif [ -d /usr/omron -a -f /bin/luna ]
-then
-	# probably a Omron LUNA
-	os=LUNA
-	if [ -f /bin/luna1 ] && /bin/luna1
-	then
-		rel=unios-b
-		arch=luna1
-	elif [ -f /bin/luna2 ] && /bin/luna2
-	then
-		rel=Mach
-		arch=luna2
-	elif [ -f /bin/luna88k ] && /bin/luna88k
-	then
-		rel=Mach
-		arch=luna88k
-	fi
-elif [ -d /usr/apollo -a -d \`node_data ]
-then
-	# probably a Apollo/DOMAIN
-	os=DomainOS
-	arch=$ISP
-	rel=`/usr/apollo/bin/bldt | grep Domain | awk '{ print $4 }' | sed -e 's/,//g'`
-fi
-
-if [ ! "$arch" -a ! "$os" -a ! "$rel" ]
-then
-	arch=`uname -m | sed -e 's/ //g'`
-	os=`uname -s | sed -e 's/\//-/g' -e 's/ //g'`
-	rel=`uname -r | sed -e 's/(/-/g' -e 's/)//g'`
-fi
-
-#
-#  Tweak the values we have already got.  PLEASE LIMIT THESE to
-#  tweaks that are absolutely necessary because your system uname
-#  routine doesn't return something sufficiently unique.  Don't do
-#  it just because you don't like the name that is returned.  You
-#  can combine the architecture name with the os name to create a
-#  unique Makefile name.
-#
-
-# tweak machine architecture
-case $arch
-in
-  sun4*)	arch=sun4;;
-
-  9000/*)	arch=`echo $arch | sed -e 's/9000.//' -e 's/..$/xx/'`;;
-
-  DS/907000)	arch=ds90;;
-
-  NILE*)	arch=NILE
-		os=`uname -v`;;
-esac
-
-# tweak operating system type and release
-node=`uname -n | sed -e 's/\//-/g' -e 's/ //g'`
-if [ "$os" = "$node" -a "$arch" = "i386" -a "$rel" = 3.2 -a "`uname -v`" = 2 ]
-then
-	# old versions of SCO UNIX set uname -s the same as uname -n
-	os=SCO_SV
-fi
-if [ "$rel" = 4.0 ]
-then
-	case $arch in
-	  3[34]??|3[34]??,*)
-		if [ -d /usr/sadm/sysadm/add-ons/WIN-TCP ]
-		then
-			os=NCR.MP-RAS.2.x
-		elif [ -d /usr/sadm/sysadm/add-ons/inet ]
-		then
-			os=NCR.MP-RAS.3.x
-		fi
-		;;
-	esac
-fi
-
-case $os
-in
-  DYNIX-ptx)	os=PTX;;
-  Paragon*)	os=Paragon;;
-  HP-UX)	rel=`echo $rel | sed -e 's/^[^.]*\.0*//'`;;
-  AIX)		rela=$rel
-		rel=`uname -v`
-		case $rel in
-		  2)	arch=""
-			;;
-		  4)	if [ "$rela" = "3" ]
-			then
-				arch=$rela
-			fi
-			;;
-		esac
-		rel=$rel.$rela
-		;;
-  BSD-386)	os=BSD-OS;;
-  SCO_SV)	os=SCO; rel=`uname -X | sed -n 's/Release = 3.2v//p'`;;
-  UNIX_System_V) if [ "$arch" = "ds90" ]
-		then
-			os="UXPDS"
-			rel=`uname -v | sed -e 's/\(V.*\)L.*/\1/'`
-		fi;;
-  SINIX-?)	os=SINIX;;
-  DomainOS)	case $rel in
-		  10.4*)	rel=10.4;;
-		esac
-		;;
-esac
-
-# get "base part" of operating system release
-rroot=`echo $rel | sed -e 's/\.[^.]*$//'`
-rbase=`echo $rel | sed -e 's/\..*//'`
-if [ "$rroot" = "$rbase" ]
-then
-	rroot=$rel
-fi
-
-# heuristic tweaks to clean up names -- PLEASE LIMIT THESE!
-if [ "$os" = "unix" ]
-then
-	# might be Altos System V
-	case $rel
-	in
-	  5.3*)		os=Altos;;
-	esac
-elif [ -r /unix -a -r /usr/lib/libseq.a -a -r /lib/cpp ]
-then
-	# might be a DYNIX/ptx 2.x system, which has a broken uname
-	if strings /lib/cpp | grep _SEQUENT_ > /dev/null
-	then
-		os=PTX
-	fi
-elif [ -d /usr/nec ]
-then
-	# NEC machine -- what is it running?
-	if [ "$os" = "UNIX_System_V" ]
-	then
-		os=EWS-UX_V
-	elif [ "$os" = "UNIX_SV" ]
-	then
-		os=UX4800
-	fi
-elif [ "$arch" = "mips" ]
-then
-	case $rel
-	in
-	  4_*)
-		if [ `uname -v` = "UMIPS" ]
-		then
-			os=RISCos
-		fi;;
-	esac
-fi
-
-# see if there is a "user suffix" specified
-if [ "${SENDMAIL_SUFFIX-}x" = "x" ]
-then
-	sfx=""
-else
-	sfx=".${SENDMAIL_SUFFIX}"
-fi
-
-echo "Configuration: os=$os, rel=$rel, rbase=$rbase, rroot=$rroot, arch=$arch, sfx=$sfx"
-
-
-SMROOT=${SMROOT-..}
-BUILDTOOLS=${BUILDTOOLS-$SMROOT/BuildTools}
-export SMROOT BUILDTOOLS
-
-# see if we are in a Build-able directory
-if [ ! -f Makefile.m4 ]; then
-	echo "Makefile.m4 not found.  Build can only be run from a source directory."
-	exit $EX_UNAVAILABLE
-fi
-
-# now try to find a reasonable object directory
-if [ -r obj.$os.$rel.$arch$sfx ]; then
-	obj=obj.$os.$rel.$arch$sfx
-elif [ -r obj.$os.$rroot.$arch$sfx ]; then
-	obj=obj.$os.$rroot.$arch$sfx
-elif [ -r obj.$os.$rbase.x.$arch$sfx ]; then
-	obj=obj.$os.$rbase.x.$arch$sfx
-elif [ -r obj.$os.$rel$sfx ]; then
-	obj=obj.$os.$rel$sfx
-elif [ -r obj.$os.$rbase.x$sfx ]; then
-	obj=obj.$os.$rbase.x$sfx
-elif [ -r obj.$os.$arch$sfx ]; then
-	obj=obj.$os.$arch$sfx
-elif [ -r obj.$rel.$arch$sfx ]; then
-	obj=obj.$rel.$arch$sfx
-elif [ -r obj.$rbase.x.$arch$sfx ]; then
-	obj=obj.$rbase.x.$arch$sfx
-elif [ -r obj.$os$sfx ]; then
-	obj=obj.$os$sfx
-elif [ -r obj.$arch$sfx ]; then
-	obj=obj.$arch$sfx
-elif [ -r obj.$rel$sfx ]; then
-	obj=obj.$rel$sfx
-elif [ -r obj$sfx ]; then
-	obj=obj$sfx
-fi
-if [ -z "$obj" -o "$cflag" ]
-then
-	if [ -n "$obj" ]
-	then
-		echo "Clearing out existing $obj tree"
-		rm -rf $obj
-	else
-		# no existing obj directory -- try to create one if Makefile found
-		obj=obj.$os.$rel.$arch$sfx
-	fi
-	if [ -r $BUILDTOOLS/OS/$os.$rel.$arch$sfx ]; then
-		oscf=$os.$rel.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rel.$arch ]; then
-		oscf=$os.$rel.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot.$arch$sfx ]; then
-		oscf=$os.$rroot.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot.$arch ]; then
-		oscf=$os.$rroot.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x.$arch$sfx ]; then
-		oscf=$os.$rbase.x.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x.$arch ]; then
-		oscf=$os.$rbase.x.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rel$sfx ]; then
-		oscf=$os.$rel$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rel ]; then
-		oscf=$os.$rel
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot$sfx ]; then
-		oscf=$os.$rroot$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot ]; then
-		oscf=$os.$rroot
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x$sfx ]; then
-		oscf=$os.$rbase.x$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x ]; then
-		oscf=$os.$rbase.x
-	elif [ -r $BUILDTOOLS/OS/$os.$arch$sfx ]; then
-		oscf=$os.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$arch ]; then
-		oscf=$os.$arch
-	elif [ -r $BUILDTOOLS/OS/$rel.$arch$sfx ]; then
-		oscf=$rel.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rel.$arch ]; then
-		oscf=$rel.$arch
-	elif [ -r $BUILDTOOLS/OS/$rroot.$arch$sfx ]; then
-		oscf=$rroot.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rroot.$arch ]; then
-		oscf=$rroot.$arch
-	elif [ -r $BUILDTOOLS/OS/$rbase.x.$arch$sfx ]; then
-		oscf=$rbase.x.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rbase.x.$arch ]; then
-		oscf=$rbase.x.$arch
-	elif [ -r $BUILDTOOLS/OS/$os$sfx ]; then
-		oscf=$os$sfx
-	elif [ -r $BUILDTOOLS/OS/$os ]; then
-		oscf=$os
-	elif [ -r $BUILDTOOLS/OS/$arch$sfx ]; then
-		oscf=$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$arch ]; then
-		oscf=$arch
-	elif [ -r $BUILDTOOLS/OS/$rel$sfx ]; then
-		oscf=$rel$sfx
-	elif [ -r $BUILDTOOLS/OS/$rel ]; then
-		oscf=$rel
-	elif [ -r $BUILDTOOLS/OS/$rel$sfx ]; then
-		oscf=$rel$sfx
-	else
-		echo "Cannot determine how to support $arch.$os.$rel" >&2
-		exit $EX_UNAVAILABLE
-	fi
-	M4=`sh $BUILDTOOLS/bin/find_m4.sh`
-	ret=$?
-	if [ $ret -ne 0 ]
-	then
-		exit $ret
-	fi
-	echo "Using M4=$M4"
-	export M4
-	if [ "$mflag" ]
-	then
-		echo "Will run in virgin $obj using $BUILDTOOLS/OS/$oscf"
-		exit 0
-	fi
-	if [ "$ABI" ]
-	then
-		echo "Using ABI $ABI"
-	fi
-	echo "Creating $obj using $BUILDTOOLS/OS/$oscf"
-	mkdir $obj
-	(cd $obj; ln -s ../*.[ch158] .)
-	if [ -f sendmail.hf ]
-	then
-		(cd $obj; ln -s ../sendmail.hf .)
-	fi
-
-	rm -f $obj/.settings$$
-	echo 'divert(-1)' > $obj/.settings$$
-	cat $BUILDTOOLS/M4/header.m4 >> $obj/.settings$$
-	if [ "$ABI" ]
-	then
-		echo "define(\`confABI', \`$ABI')" >> $obj/.settings$$
-	fi
-	cat $BUILDTOOLS/OS/$oscf >> $obj/.settings$$
-
-	if [ -z "$siteconfig" ]
-	then
-		# none specified, use defaults
-		if [ -f $BUILDTOOLS/Site/site.$oscf$sfx.m4 ]
-		then
-			siteconfig=$BUILDTOOLS/Site/site.$oscf$sfx.m4
-		elif [ -f $BUILDTOOLS/Site/site.$oscf.m4 ]
-		then
-			siteconfig=$BUILDTOOLS/Site/site.$oscf.m4
-		fi
-		if [ -f $BUILDTOOLS/Site/site.config.m4 ]
-		then
-			siteconfig="$BUILDTOOLS/Site/site.config.m4 $siteconfig"
-		fi
-	fi
-	if [ ! -z "$siteconfig" ]
-	then
-		echo "Including $siteconfig"
-		cat $siteconfig >> $obj/.settings$$
-	fi
-	if [ "$libdirs" ]
-	then
-		echo "define(\`confLIBDIRS', confLIBDIRS \`\`$libdirs'')" >> $obj/.settings$$
-	fi
-	if [ "$incdirs" ]
-	then
-		echo "define(\`confINCDIRS', confINCDIRS \`\`$incdirs'')" >> $obj/.settings$$
-	fi
-	echo 'divert(0)dnl' >> $obj/.settings$$
-	libdirs=`(cat $obj/.settings$$; echo "_SRIDBIL_= confLIBDIRS" ) | \
-		sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
-		grep "^_SRIDBIL_=" | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_SRIDBIL_=//"`
-	libsrch=`(cat $obj/.settings$$; echo "_HCRSBIL_= confLIBSEARCH" ) | \
-		sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
-		grep "^_HCRSBIL_=" | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_HCRSBIL_=//"`
-	echo 'divert(-1)' >> $obj/.settings$$
-	LIBDIRS="$libdirs" LIBSRCH="$libsrch" SITECONFIG="$siteconfig" sh $BUILDTOOLS/bin/configure.sh $sflag $oscf >> $obj/.settings$$
-	echo 'divert(0)dnl' >> $obj/.settings$$
-	sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' $obj/.settings$$ | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - Makefile.m4 | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' > $obj/Makefile
-	if [ $? -ne 0 -o ! -s $obj/Makefile ]
-	then
-		echo "ERROR: ${M4} failed; You may need a newer version of M4, at least as new as System V or GNU" 1>&2
-		rm -rf $obj
-		exit $EX_UNAVAILABLE
-	fi
-	rm -f $obj/.settings$$
-	echo "Making dependencies in $obj"
-	(cd $obj; ${MAKE-make} depend)
-fi
-
-if [ "$mflag" ]
-then
-	makefile=`ls -l $obj/Makefile | sed 's/.* //'`
-	if [ -z "$makefile" ]
-	then
-		echo "ERROR: $obj exists but has no Makefile" >&2
-		exit $EX_NOINPUT
-	fi
-	echo "Will run in existing $obj using $makefile"
-	exit 0
-fi
+#	$Id: Build,v 8.4 1999/03/02 02:34:45 peterh Exp $
 
-echo "Making in $obj"
-cd $obj
-eval exec ${MAKE-make} $makeargs
+exec ../devtools/bin/Build $*
diff --git a/contrib/sendmail/rmail/Makefile b/contrib/sendmail/rmail/Makefile
new file mode 100644
index 0000000..2934322
--- /dev/null
+++ b/contrib/sendmail/rmail/Makefile
@@ -0,0 +1,19 @@
+#       $Id: Makefile,v 8.5 1999/10/05 16:39:19 ca Exp $
+
+SHELL= /bin/sh
+BUILD=   ./Build
+OPTIONS= $(CONFIG) $(FLAGS)
+
+all: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+clean: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+install: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+force-install: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+
+fresh: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) -c
+
+FRC:
diff --git a/contrib/sendmail/rmail/Makefile.m4 b/contrib/sendmail/rmail/Makefile.m4
index 9f2d87b..0c42c6b 100644
--- a/contrib/sendmail/rmail/Makefile.m4
+++ b/contrib/sendmail/rmail/Makefile.m4
@@ -1,105 +1,32 @@
-#
-#  This Makefile is designed to work on the old "make" program.
-#
-#	@(#)Makefile.m4	8.17	(Berkeley)	7/12/1998
-#
+include(confBUILDTOOLSDIR`/M4/switch.m4')
 
-# C compiler
-CC=	confCC
+PREPENDDEF(`confENVDEF', `confMAPDEF')
 
-# Shell
-SHELL=	confSHELL
+bldPRODUCT_START(`executable', `rmail')
+define(`bldNO_INSTALL')
+define(`bldSOURCES', `rmail.c ')
+bldPUSH_SMLIB(`smutil')
+bldPRODUCT_END
 
-# use O=-O (usual) or O=-g (debugging)
-O=	ifdef(`confOPTIMIZE', `confOPTIMIZE', `-O')
+bldPRODUCT_START(`manpage', `rmail')
+define(`bldSOURCES', `rmail.8')
+bldPRODUCT_END
 
-# location of sendmail source directory
-SRCDIR=	ifdef(`confSRCDIR', `confSRCDIR', `../../src')
+RMAIL=ifdef(`confFORCE_RMAIL', `force-install', `defeat-install')
 
-# environment definitions (e.g., -D_AIX3)
-ENVDEF=	ifdef(`confENVDEF', `confENVDEF')
+divert(bldTARGETS_SECTION)
+install: ${RMAIL}
 
-# see also conf.h for additional compilation flags
-
-# include directories
-INCDIRS=-I${SRCDIR} confINCDIRS
-
-# loader options
-LDOPTS=	ifdef(`confLDOPTS', `confLDOPTS')
-
-# library directories
-LIBDIRS=confLIBDIRS
-
-# libraries required on your system
-LIBS=	ifdef(`confLIBS', `confLIBS')
-
-# location of rmail binary (usually /usr/sbin or /usr/etc)
-UBINDIR=${DESTDIR}ifdef(`confUBINDIR', `confUBINDIR', `/usr/bin')
-
-# additional .o files needed
-OBJADD=	ifdef(`confOBJADD', `confOBJADD')
-
-undivert(1)
-
-###################  end of user configuration flags  ######################
-
-BUILDBIN=confBUILDBIN
-COPTS=	-I. ${INCDIRS} ${ENVDEF}
-CFLAGS=	$O ${COPTS}
-
-BEFORE= snprintf.c confBEFORE
-OBJS=	rmail.o snprintf.o ${OBJADD}
-
-NROFF=	ifdef(`confNROFF', `confNROFF', `groff -Tascii')
-MANDOC=	ifdef(`confMANDOC', `confMANDOC', `-mandoc')
-
-INSTALL=ifdef(`confINSTALL', `confINSTALL', `install')
-BINOWN=	ifdef(`confUBINOWN', `confUBINOWN', `bin')
-BINGRP=	ifdef(`confUBINGRP', `confUBINGRP', `bin')
-BINMODE=ifdef(`confUBINMODE', `confUBINMODE', `555')
-
-MANOWN=	ifdef(`confMANOWN', `confMANOWN', `bin')
-MANGRP=	ifdef(`confMANGRP', `confMANGRP', `bin')
-MANMODE=ifdef(`confMANMODE', `confMANMODE', `444')
-
-MANROOT=${DESTDIR}ifdef(`confMANROOT', `confMANROOT', `/usr/share/man/cat')
-MAN8=	${MANROOT}ifdef(`confMAN8', `confMAN8', `8')
-MAN8EXT=ifdef(`confMAN8EXT', `confMAN8EXT', `8')
-MAN8SRC=ifdef(`confMAN8SRC', `confMAN8SRC', `0')
-
-ALL=	rmail rmail.${MAN8SRC}
-
-all: ${ALL}
-
-rmail: ${BEFORE} ${OBJS}
-	${CC} -o rmail ${LDOPTS} ${OBJS} ${LIBDIRS} ${LIBS}
-
-snprintf.c: ${SRCDIR}/snprintf.c
-	-ln -s ${SRCDIR}/snprintf.c snprintf.c
-
-undivert(3)
-
-rmail.${MAN8SRC}: rmail.8
-	${NROFF} ${MANDOC} rmail.8 > rmail.${MAN8SRC}
-
-install:
+defeat-install:
 	@echo "NOTE: This version of rmail is not suited for some operating"
 	@echo "      systems.  You can force the install using"
-	@echo "      '${MAKE} force-install'."
+	@echo "      'Build force-install'."
 
-force-install: install-rmail install-docs
+force-install: install-rmail ifdef(`confNO_MAN_BUILD',, `install-docs')
 
 install-rmail: rmail
-	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} rmail ${UBINDIR}
-
-install-docs: rmail.${MAN8SRC}
-ifdef(`confNO_MAN_INSTALL', `dnl',
-`	${INSTALL} -c -o ${MANOWN} -g ${MANGRP} -m ${MANMODE} rmail.${MAN8SRC} ${MAN8}/rmail.${MAN8EXT}')
+	${INSTALL} -c -o ${UBINOWN} -g ${UBINGRP} -m ${UBINMODE} rmail ${DESTDIR}${UBINDIR}
+divert
 
-clean:
-	rm -f ${OBJS} rmail rmail.${MAN8SRC}
+bldFINISH
 
-################  Dependency scripts
-include(confBUILDTOOLSDIR/M4/depend/ifdef(`confDEPEND_TYPE', `confDEPEND_TYPE',
-`generic').m4)dnl
-################  End of dependency scripts
diff --git a/contrib/sendmail/rmail/rmail.8 b/contrib/sendmail/rmail/rmail.8
index 9f6ee26..c53e693 100644
--- a/contrib/sendmail/rmail/rmail.8
+++ b/contrib/sendmail/rmail/rmail.8
@@ -1,4 +1,5 @@
-.\" Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+.\" Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+.\"	 All rights reserved.
 .\" Copyright (c) 1983, 1990
 .\"	The Regents of the University of California.  All rights reserved.
 .\"
@@ -7,43 +8,42 @@
 .\" the sendmail distribution.
 .\"
 .\"
-.\"	@(#)rmail.8	6.14 (Berkeley) 5/19/1998
+.\"	$Id: rmail.8,v 8.1 1999/06/22 20:41:33 tony Exp $
 .\"
-.Dd May 19, 1998
-.Dt RMAIL 8
-.Os BSD 4.2
-.Sh NAME
-.Nm rmail
-.Nd handle remote mail received via uucp
-.Sh SYNOPSIS
-.Nm rmail
-.Ar user ...
-.Sh DESCRIPTION
-.Nm Rmail
-interprets incoming mail received via
-.Xr uucp 1 ,
-collapsing ``From'' lines in the form generated
-by
-.Xr mail.local 8
-into a single line of the form ``return-path!sender'',
-and passing the processed mail on to
-.Xr sendmail  8  .
-.Pp
-.Nm Rmail
-is explicitly designed for use with
-.Xr uucp
-and
-.Xr sendmail  .
-.Sh SEE ALSO
-.Xr uucp 1 ,
-.Xr mail.local 8 ,
-.Xr sendmail 8
-.Sh HISTORY
+.TH RMAIL 8 "$Date: 1999/06/22 20:41:33 $"
+.SH NAME
+.B rmail
+\- handle remote mail received via uucp
+.SH SYNOPSIS
+.B rmail
+.I 
+user ...
+.SH DESCRIPTION
+.B Rmail
+interprets incoming mail received via 
+uucp(1), 
+collapsing ``From'' lines in the form generated 
+by 
+mail.local(8) 
+into a single line of the form ``return-path!sender'', 
+and passing the processed mail on to 
+sendmail(8).
+.PP
+.B Rmail
+is explicitly designed for use with 
+uucp 
+and 
+sendmail.
+.SH SEE ALSO
+uucp(1), 
+mail.local(8), 
+sendmail(8)
+.SH HISTORY
 The
-.Nm rmail
-program appeared in
-.Bx 4.2 .
-.Sh BUGS
-.Nm Rmail
-should not reside in
-.Pa /bin .
+.B rmail
+program appeared in 
+4.2BSD.
+.SH BUGS
+.B Rmail
+should not reside in 
+/bin.
diff --git a/contrib/sendmail/rmail/rmail.c b/contrib/sendmail/rmail/rmail.c
index f3f5cf6..b04ea3f 100644
--- a/contrib/sendmail/rmail/rmail.c
+++ b/contrib/sendmail/rmail/rmail.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
  *
@@ -11,20 +12,22 @@
 
 #ifndef lint
 static char copyright[] =
-"@(#) Copyright (c) 1988, 1993\n\
+"@(#) Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.\n\
+	All rights reserved.\n\
+     Copyright (c) 1988, 1993\n\
 	The Regents of the University of California.  All rights reserved.\n";
-#endif /* not lint */
+#endif /* ! lint */
 
 #ifndef lint
-static char sccsid[] = "@(#)rmail.c	8.18 (Berkeley) 10/23/1998";
-#endif /* not lint */
+static char id[] = "@(#)$Id: rmail.c,v 8.39.4.5 2000/07/18 05:55:29 gshapiro Exp $";
+#endif /* ! lint */
 
 /*
  * RMAIL -- UUCP mail server.
  *
  * This program reads the >From ... remote from ... lines that UUCP is so
  * fond of and turns them into something reasonable.  It then execs sendmail
- * with various options built from these lines. 
+ * with various options built from these lines.
  *
  * The expected syntax is:
  *
@@ -43,6 +46,8 @@ static char sccsid[] = "@(#)rmail.c	8.18 (Berkeley) 10/23/1998";
  * The err(3) routine is included here deliberately to make this code
  * a bit more portable.
  */
+
+#include <sys/types.h>
 #include <sys/param.h>
 #include <sys/stat.h>
 #include <sys/wait.h>
@@ -52,66 +57,74 @@ static char sccsid[] = "@(#)rmail.c	8.18 (Berkeley) 10/23/1998";
 #ifdef BSD4_4
 # define FORK vfork
 # include <paths.h>
-#else
+#else /* BSD4_4 */
 # define FORK fork
 # ifndef _PATH_SENDMAIL
 #  define _PATH_SENDMAIL "/usr/lib/sendmail"
-# endif
-#endif
+# endif /* ! _PATH_SENDMAIL */
+#endif /* BSD4_4 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 #ifdef EX_OK
 # undef EX_OK		/* unistd.h may have another use for this */
-#endif
+#endif /* EX_OK */
 #include <sysexits.h>
 
 #ifndef MAX
 # define MAX(a, b)	((a) < (b) ? (b) : (a))
-#endif
+#endif /* ! MAX */
 
 #ifndef __P
 # ifdef __STDC__
 #  define __P(protos)	protos
-# else
+# else /* __STDC__ */
 #  define __P(protos)	()
 #  define const
-# endif
-#endif
+# endif /* __STDC__ */
+#endif /* ! __P */
 
-#if defined(BSD4_4) || defined(linux) || SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206)
-# define HASSNPRINTF	1
-#endif
+#ifndef STDIN_FILENO
+# define STDIN_FILENO	0
+#endif /* ! STDIN_FILENO */
 
-#if defined(IRIX64) || defined(IRIX5) || defined(IRIX6) || \
-    defined(BSD4_4) || defined(__osf__) || defined(__GNU_LIBRARY__)
-# ifndef HASSTRERROR
-#  define HASSTRERROR	1	/* has strerror(3) */
-# endif
-#endif
-
-#if !HASSTRERROR
-extern char	*strerror __P((int));
-#endif
+#if defined(BSD4_4) || defined(linux) || SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206) || _AIX4 >= 40300
+# define HASSNPRINTF	1
+#endif /* defined(BSD4_4) || defined(linux) || SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206) || _AIX4 >= 40300 */
 
 #if defined(sun) && !defined(BSD) && !defined(SOLARIS) && !defined(__svr4__) && !defined(__SVR4)
-#  define memmove(d, s, l)	(bcopy((s), (d), (l)))
-#endif
+# define memmove(d, s, l)	(bcopy((s), (d), (l)))
+#endif /* defined(sun) && !defined(BSD) && !defined(SOLARIS) && !defined(__svr4__) && !defined(__SVR4) */
 
 #if !HASSNPRINTF
 extern int	snprintf __P((char *, size_t, const char *, ...));
 #endif /* !HASSNPRINTF */
 
-u_char	tTdvect[100];
+#if defined(BSD4_4) || defined(__osf__) || defined(__GNU_LIBRARY__) || defined(IRIX64) || defined(IRIX5) || defined(IRIX6)
+# ifndef HASSTRERROR
+#  define HASSTRERROR	1
+# endif /* ! HASSTRERROR */
+#endif /* defined(BSD4_4) || defined(__osf__) || defined(__GNU_LIBRARY__) ||
+	  defined(IRIX64) || defined(IRIX5) || defined(IRIX6) */
+
+#if defined(SUNOS403) || defined(NeXT) || (defined(MACH) && defined(i386) && !defined(__GNU__)) || defined(oldBSD43) || defined(MORE_BSD) || defined(umipsbsd) || defined(ALTOS_SYSTEM_V) || defined(RISCOS) || defined(_AUX_SOURCE) || defined(UMAXV) || defined(titan) || defined(UNIXWARE) || defined(sony_news) || defined(luna) || defined(nec_ews_svr4) || defined(_nec_ews_svr4) || defined(__MAXION__)
+# undef WIFEXITED
+# undef WEXITSTATUS
+# define WIFEXITED(st)		(((st) & 0377) == 0)
+# define WEXITSTATUS(st)	(((st) >> 8) & 0377)
+#endif /* defined(SUNOS403) || defined(NeXT) || (defined(MACH) && defined(i386) && !defined(__GNU__)) || defined(oldBSD43) || defined(MORE_BSD) || defined(umipsbsd) || defined(ALTOS_SYSTEM_V) || defined(RISCOS) || defined(_AUX_SOURCE) || defined(UMAXV) || defined(titan) || defined(UNIXWARE) || defined(sony_news) || defined(luna) || defined(nec_ews_svr4) || defined(_nec_ews_svr4) || defined(__MAXION__) */
+
 
-void err __P((int, const char *, ...));
-void usage __P((void));
-char *xalloc __P((int));
+#include "sendmail/errstring.h"
+
+static void err __P((int, const char *, ...));
+static void usage __P((void));
+static char *xalloc __P((int));
 
 #define newstr(s)	strcpy(xalloc(strlen(s) + 1), s)
 
-char *
+static char *
 xalloc(sz)
 	register int sz;
 {
@@ -132,31 +145,37 @@ main(argc, argv)
 	int argc;
 	char *argv[];
 {
-	extern char *optarg;
-	extern int errno, optind;
-	FILE *fp;
-	struct stat sb;
+	int ch, debug, i, pdes[2], pid, status;
 	size_t fplen = 0, fptlen = 0, len;
 	off_t offset;
-	int ch, debug, i, pdes[2], pid, status;
+	FILE *fp;
 	char *addrp = NULL, *domain, *p, *t;
 	char *from_path, *from_sys, *from_user;
 	char *args[100], buf[2048], lbuf[2048];
+	struct stat sb;
+	extern char *optarg;
+	extern int optind;
 
 	debug = 0;
 	domain = "UUCP";		/* Default "domain". */
-	while ((ch = getopt(argc, argv, "D:T")) != EOF)
-		switch (ch) {
-		case 'T':
+	while ((ch = getopt(argc, argv, "D:T")) != -1)
+	{
+		switch (ch)
+		{
+		  case 'T':
 			debug = 1;
 			break;
-		case 'D':
+
+		  case 'D':
 			domain = optarg;
 			break;
-		case '?':
-		default:
+
+		  case '?':
+		  default:
 			usage();
 		}
+	}
+
 	argc -= optind;
 	argv += optind;
 
@@ -164,11 +183,11 @@ main(argc, argv)
 		usage();
 
 	from_path = from_sys = from_user = NULL;
-	for (offset = 0;;) {
-
+	for (offset = 0; ; )
+	{
 		/* Get and nul-terminate the line. */
 		if (fgets(lbuf, sizeof(lbuf), stdin) == NULL)
-			exit (EX_DATAERR);
+			exit(EX_DATAERR);
 		if ((p = strchr(lbuf, '\n')) == NULL)
 			err(EX_DATAERR, "line too long");
 		*p = '\0';
@@ -181,32 +200,40 @@ main(argc, argv)
 		else if (offset == 0)
 			err(EX_DATAERR,
 			    "missing or empty From line: %s", lbuf);
-		else {
+		else
+		{
 			*p = '\n';
 			break;
 		}
 
-		if (*addrp == '\0')
+		if (addrp == NULL || *addrp == '\0')
 			err(EX_DATAERR, "corrupted From line: %s", lbuf);
 
 		/* Use the "remote from" if it exists. */
-		for (p = addrp; (p = strchr(p + 1, 'r')) != NULL;)
-			if (!strncmp(p, "remote from ", 12)) {
-				for (t = p += 12;
-				     *t && !(isascii(*t) && isspace(*t)); ++t);
+		for (p = addrp; (p = strchr(p + 1, 'r')) != NULL; )
+		{
+			if (!strncmp(p, "remote from ", 12))
+			{
+				for (t = p += 12; *t != '\0'; ++t)
+				{
+					if (isascii(*t) && isspace(*t))
+						break;
+				}
 				*t = '\0';
 				if (debug)
-					(void)fprintf(stderr,
-					    "remote from: %s\n", p);
+					fprintf(stderr, "remote from: %s\n", p);
 				break;
 			}
+		}
 
 		/* Else use the string up to the last bang. */
-		if (p == NULL) {
+		if (p == NULL)
+		{
 			if (*addrp == '!')
-				err(EX_DATAERR,
-				    "bang starts address: %s", addrp);
-			else if ((t = strrchr(addrp, '!')) != NULL) {
+				err(EX_DATAERR, "bang starts address: %s",
+				    addrp);
+			else if ((t = strrchr(addrp, '!')) != NULL)
+			{
 				*t = '\0';
 				p = addrp;
 				addrp = t + 1;
@@ -214,34 +241,43 @@ main(argc, argv)
 					err(EX_DATAERR,
 					    "corrupted From line: %s", lbuf);
 				if (debug)
-					(void)fprintf(stderr, "bang: %s\n", p);
+					fprintf(stderr, "bang: %s\n", p);
 			}
 		}
+
 		/* 'p' now points to any system string from this line. */
-		if (p != NULL) {
+		if (p != NULL)
+		{
 			/* Nul terminate it as necessary. */
-			for (t = p; *t && !(isascii(*t) && isspace(*t)); ++t);
+			for (t = p; *t != '\0'; ++t)
+			{
+				if (isascii(*t) && isspace(*t))
+					break;
+			}
 			*t = '\0';
 
 			/* If the first system, copy to the from_sys string. */
-			if (from_sys == NULL) {
+			if (from_sys == NULL)
+			{
 				from_sys = newstr(p);
 				if (debug)
-					(void)fprintf(stderr,
-					    "from_sys: %s\n", from_sys);
+					fprintf(stderr, "from_sys: %s\n",
+						from_sys);
 			}
 
 			/* Concatenate to the path string. */
 			len = t - p;
-			if (from_path == NULL) {
+			if (from_path == NULL)
+			{
 				fplen = 0;
 				if ((from_path = malloc(fptlen = 256)) == NULL)
 					err(EX_TEMPFAIL, NULL);
 			}
-			if (fplen + len + 2 > fptlen) {
+			if (fplen + len + 2 > fptlen)
+			{
 				fptlen += MAX(fplen + len + 2, 256);
-				if ((from_path =
-				    realloc(from_path, fptlen)) == NULL)
+				if ((from_path = realloc(from_path,
+							 fptlen)) == NULL)
 					err(EX_TEMPFAIL, NULL);
 			}
 			memmove(from_path + fplen, p, len);
@@ -251,7 +287,11 @@ main(argc, argv)
 		}
 
 		/* Save off from user's address; the last one wins. */
-		for (p = addrp; *p && !(isascii(*p) && isspace(*p)); ++p);
+		for (p = addrp; *p != '\0'; ++p)
+		{
+			if (isascii(*p) && isspace(*p))
+				break;
+		}
 		*p = '\0';
 		if (*addrp == '\0')
 			addrp = "<>";
@@ -259,11 +299,11 @@ main(argc, argv)
 			free(from_user);
 		from_user = newstr(addrp);
 
-		if (debug) {
+		if (debug)
+		{
 			if (from_path != NULL)
-				(void)fprintf(stderr,
-				    "from_path: %s\n", from_path);
-			(void)fprintf(stderr, "from_user: %s\n", from_user);
+				fprintf(stderr, "from_path: %s\n", from_path);
+			fprintf(stderr, "from_user: %s\n", from_user);
 		}
 
 		if (offset != -1)
@@ -278,86 +318,99 @@ main(argc, argv)
 
 	/* set from system and protocol used */
 	if (from_sys == NULL)
-		(void)snprintf(buf, sizeof(buf), "-p%s", domain);
+		snprintf(buf, sizeof(buf), "-p%s", domain);
 	else if (strchr(from_sys, '.') == NULL)
-		(void)snprintf(buf, sizeof(buf), "-p%s:%s.%s",
+		snprintf(buf, sizeof(buf), "-p%s:%s.%s",
 			domain, from_sys, domain);
 	else
-		(void)snprintf(buf, sizeof(buf), "-p%s:%s", domain, from_sys);
+		snprintf(buf, sizeof(buf), "-p%s:%s", domain, from_sys);
 	args[i++] = newstr(buf);
 
-					/* Set name of ``from'' person. */
-	(void)snprintf(buf, sizeof(buf), "-f%s%s",
-	    from_path ? from_path : "", from_user);
+	/* Set name of ``from'' person. */
+	snprintf(buf, sizeof(buf), "-f%s%s",
+		 from_path ? from_path : "", from_user);
 	args[i++] = newstr(buf);
 
 	/*
-	 * Don't copy arguments beginning with - as they will be
-	 * passed to sendmail and could be interpreted as flags.
-	 * To prevent confusion of sendmail wrap < and > around
-	 * the address (helps to pass addrs like @gw1,@gw2:aa@bb)
-	 */
-	while (*argv) {
+	**  Don't copy arguments beginning with - as they will be
+	**  passed to sendmail and could be interpreted as flags.
+	**  To prevent confusion of sendmail wrap < and > around
+	**  the address (helps to pass addrs like @gw1,@gw2:aa@bb)
+	*/
+
+	while (*argv)
+	{
 		if (**argv == '-')
 			err(EX_USAGE, "dash precedes argument: %s", *argv);
+
 		if (strchr(*argv, ',') == NULL || strchr(*argv, '<') != NULL)
 			args[i++] = *argv;
-		else {
-			if ((args[i] = malloc(strlen(*argv) + 3)) == NULL)
+		else
+		{
+			len = strlen(*argv) + 3;
+			if ((args[i] = malloc(len)) == NULL)
 				err(EX_TEMPFAIL, "Cannot malloc");
-			sprintf (args [i++], "<%s>", *argv);
+			snprintf(args[i++], len, "<%s>", *argv);
 		}
 		argv++;
-	} 
+	}
 	args[i] = 0;
 
-	if (debug) {
-		(void)fprintf(stderr, "Sendmail arguments:\n");
+	if (debug)
+	{
+		fprintf(stderr, "Sendmail arguments:\n");
 		for (i = 0; args[i]; i++)
-			(void)fprintf(stderr, "\t%s\n", args[i]);
+			fprintf(stderr, "\t%s\n", args[i]);
 	}
 
 	/*
-	 * If called with a regular file as standard input, seek to the right
-	 * position in the file and just exec sendmail.  Could probably skip
-	 * skip the stat, but it's not unreasonable to believe that a failed
-	 * seek will cause future reads to fail.
-	 */
-	if (!fstat(STDIN_FILENO, &sb) && S_ISREG(sb.st_mode)) {
+	**  If called with a regular file as standard input, seek to the right
+	**  position in the file and just exec sendmail.  Could probably skip
+	**  skip the stat, but it's not unreasonable to believe that a failed
+	**  seek will cause future reads to fail.
+	*/
+
+	if (!fstat(STDIN_FILENO, &sb) && S_ISREG(sb.st_mode))
+	{
 		if (lseek(STDIN_FILENO, offset, SEEK_SET) != offset)
 			err(EX_TEMPFAIL, "stdin seek");
-		execv(_PATH_SENDMAIL, args);
+		(void) execv(_PATH_SENDMAIL, args);
 		err(EX_OSERR, "%s", _PATH_SENDMAIL);
 	}
 
 	if (pipe(pdes) < 0)
 		err(EX_OSERR, NULL);
 
-	switch (pid = FORK()) {
-	case -1:				/* Err. */
+	switch (pid = FORK())
+	{
+	  case -1:				/* Err. */
 		err(EX_OSERR, NULL);
-	case 0:					/* Child. */
-		if (pdes[0] != STDIN_FILENO) {
-			(void)dup2(pdes[0], STDIN_FILENO);
-			(void)close(pdes[0]);
+		/* NOTREACHED */
+
+	  case 0:				/* Child. */
+		if (pdes[0] != STDIN_FILENO)
+		{
+			(void) dup2(pdes[0], STDIN_FILENO);
+			(void) close(pdes[0]);
 		}
-		(void)close(pdes[1]);
-		execv(_PATH_SENDMAIL, args);
+		(void) close(pdes[1]);
+		(void) execv(_PATH_SENDMAIL, args);
 		_exit(127);
 		/* NOTREACHED */
 	}
 
 	if ((fp = fdopen(pdes[1], "w")) == NULL)
 		err(EX_OSERR, NULL);
-	(void)close(pdes[0]);
+	(void) close(pdes[0]);
 
 	/* Copy the file down the pipe. */
-	do {
-		(void)fprintf(fp, "%s", lbuf);
+	do
+	{
+		(void) fprintf(fp, "%s", lbuf);
 	} while (fgets(lbuf, sizeof(lbuf), stdin) != NULL);
 
 	if (ferror(stdin))
-		err(EX_TEMPFAIL, "stdin: %s", strerror(errno));
+		err(EX_TEMPFAIL, "stdin: %s", errstring(errno));
 
 	if (fclose(fp))
 		err(EX_OSERR, NULL);
@@ -366,65 +419,48 @@ main(argc, argv)
 		err(EX_OSERR, "%s", _PATH_SENDMAIL);
 
 	if (!WIFEXITED(status))
-		err(EX_OSERR,
-		    "%s: did not terminate normally", _PATH_SENDMAIL);
+		err(EX_OSERR, "%s: did not terminate normally", _PATH_SENDMAIL);
 
 	if (WEXITSTATUS(status))
 		err(status, "%s: terminated with %d (non-zero) status",
 		    _PATH_SENDMAIL, WEXITSTATUS(status));
 	exit(EX_OK);
+	/* NOTREACHED */
+	return EX_OK;
 }
 
-void
+static void
 usage()
 {
-	(void)fprintf(stderr, "usage: rmail [-T] [-D domain] user ...\n");
+	(void) fprintf(stderr, "usage: rmail [-T] [-D domain] user ...\n");
 	exit(EX_USAGE);
 }
 
 #ifdef __STDC__
-#include <stdarg.h>
-#else
-#include <varargs.h>
-#endif
+# include <stdarg.h>
+#else /* __STDC__ */
+# include <varargs.h>
+#endif /* __STDC__ */
 
-void
+static void
 #ifdef __STDC__
 err(int eval, const char *fmt, ...)
-#else
+#else /* __STDC__ */
 err(eval, fmt, va_alist)
 	int eval;
 	const char *fmt;
 	va_dcl
-#endif
+#endif /* __STDC__ */
 {
 	va_list ap;
-#if __STDC__
+#ifdef __STDC__
 	va_start(ap, fmt);
-#else
+#else /* __STDC__ */
 	va_start(ap);
-#endif
-	(void)fprintf(stderr, "rmail: ");
-	(void)vfprintf(stderr, fmt, ap);
+#endif /* __STDC__ */
+	(void) fprintf(stderr, "rmail: ");
+	(void) vfprintf(stderr, fmt, ap);
 	va_end(ap);
-	(void)fprintf(stderr, "\n");
+	(void) fprintf(stderr, "\n");
 	exit(eval);
 }
-
-#if !HASSTRERROR
-
-char *
-strerror(eno)
-	int eno;
-{
-	extern int sys_nerr;
-	extern char *sys_errlist[];
-	static char ebuf[60];
-
-	if (eno >= 0 && eno < sys_nerr)
-		return sys_errlist[eno];
-	(void) sprintf(ebuf, "Error %d", eno);
-	return ebuf;
-}
-
-#endif /* !HASSTRERROR */
diff --git a/contrib/sendmail/smrsh/Build b/contrib/sendmail/smrsh/Build
index ab8a49d..c402815 100755
--- a/contrib/sendmail/smrsh/Build
+++ b/contrib/sendmail/smrsh/Build
@@ -1,513 +1,13 @@
 #!/bin/sh
 
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
-# Copyright (c) 1993, 1996-1997 Eric P. Allman.  All rights reserved.
-# Copyright (c) 1993
-#	The Regents of the University of California.  All rights reserved.
+# Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
 # the sendmail distribution.
 #
 #
-#       @(#)Build	8.93 (Berkeley) 6/24/98
-#
-
-#
-#  A quick-and-dirty script to compile sendmail and related programs
-#  in the presence of multiple architectures.  To use, just use
-#  "sh Build".
-#
-
-trap "rm -f $obj/.settings$$; exit" 1 2 3 15
-
-cflag=""
-mflag=""
-sflag=""
-makeargs=""
-libdirs=""
-incdirs=""
-libsrch=""
-siteconfig=""
-EX_USAGE=64
-EX_NOINPUT=66
-EX_UNAVAILABLE=69
-
-while [ ! -z "$1" ]
-do
-	case $1
-	in
-	  -c)	# clean out existing $obj tree
-		cflag=1
-		shift
-		;;
-
-	  -m)	# show Makefile name only
-		mflag=1
-		shift
-		;;
-
-	  -E*)	# environment variables to pass into Build
-		arg=`echo $1 | sed 's/^-E//'`
-		if [ -z "$arg" ]
-		then
-		    shift   # move to argument
-		    arg=$1
-		fi
-		if [ -z "$arg" ]
-		then
-			echo "Empty -E flag" >&2
-			exit $EX_USAGE
-		else
-			case $arg
-			in
-			  *=*)	# check format
-				eval $arg
-				export `echo $arg | sed 's;=.*;;'`
-				;;
-			  *)	# bad format
-				echo "Bad format for -E argument ($arg)" >&2
-				exit $EX_USAGE
-				;;
-			esac
-			shift
-		fi
-		;;
-
-	  -L*)	# set up LIBDIRS
-		libdirs="$libdirs $1"
-		shift
-		;;
-
-	  -I*)	# set up INCDIRS
-		incdirs="$incdirs $1"
-		shift
-		;;
-
-	  -f*)	# select site config file
-		arg=`echo $1 | sed 's/^-f//'`
-		if [ -z "$arg" ]
-		then
-		    shift   # move to argument
-		    arg=$1
-		fi
-		if [ "$siteconfig" ]
-		then
-			echo "Only one -f flag allowed" >&2
-			exit $EX_USAGE
-		else
-			siteconfig=$arg
-			if [ -z "$siteconfig" ]
-			then
-				echo "Missing argument for -f flag" >&2
-				exit $EX_USAGE
-			elif [ ! -f "$siteconfig" ]
-			then
-				echo "${siteconfig}: File not found"
-				exit $EX_NOINPUT
-			else
-				shift	# move past argument
-			fi
-		fi
-		;;
-
-	  -S)	# skip auto-configure
-		sflag="-s"
-		shift
-		;;
-
-	  *)	# pass argument to make
-		makeargs="$makeargs \"$1\""
-		shift
-		;;
-	esac
-done
-
-#
-#  Do heuristic guesses !ONLY! for machines that do not have uname
-#
-if [ -d /NextApps -a ! -f /bin/uname -a ! -f /usr/bin/uname ]
-then
-	# probably a NeXT box
-	arch=`hostinfo | sed -n 's/.*Processor type: \([^ ]*\).*/\1/p'`
-	os=NeXT
-	rel=`hostinfo | sed -n 's/.*NeXT Mach \([0-9\.]*\).*/\1/p'`
-elif [ -f /usr/sony/bin/machine -a -f /etc/osversion ]
-then
-	# probably a Sony NEWS 4.x
-	os=NEWS-OS
-	rel=`awk '{ print $3}' /etc/osversion`
-	arch=`/usr/sony/bin/machine`
-elif [ -d /usr/omron -a -f /bin/luna ]
-then
-	# probably a Omron LUNA
-	os=LUNA
-	if [ -f /bin/luna1 ] && /bin/luna1
-	then
-		rel=unios-b
-		arch=luna1
-	elif [ -f /bin/luna2 ] && /bin/luna2
-	then
-		rel=Mach
-		arch=luna2
-	elif [ -f /bin/luna88k ] && /bin/luna88k
-	then
-		rel=Mach
-		arch=luna88k
-	fi
-elif [ -d /usr/apollo -a -d \`node_data ]
-then
-	# probably a Apollo/DOMAIN
-	os=DomainOS
-	arch=$ISP
-	rel=`/usr/apollo/bin/bldt | grep Domain | awk '{ print $4 }' | sed -e 's/,//g'`
-fi
-
-if [ ! "$arch" -a ! "$os" -a ! "$rel" ]
-then
-	arch=`uname -m | sed -e 's/ //g'`
-	os=`uname -s | sed -e 's/\//-/g' -e 's/ //g'`
-	rel=`uname -r | sed -e 's/(/-/g' -e 's/)//g'`
-fi
-
-#
-#  Tweak the values we have already got.  PLEASE LIMIT THESE to
-#  tweaks that are absolutely necessary because your system uname
-#  routine doesn't return something sufficiently unique.  Don't do
-#  it just because you don't like the name that is returned.  You
-#  can combine the architecture name with the os name to create a
-#  unique Makefile name.
-#
-
-# tweak machine architecture
-case $arch
-in
-  sun4*)	arch=sun4;;
-
-  9000/*)	arch=`echo $arch | sed -e 's/9000.//' -e 's/..$/xx/'`;;
-
-  DS/907000)	arch=ds90;;
-
-  NILE*)	arch=NILE
-		os=`uname -v`;;
-esac
-
-# tweak operating system type and release
-node=`uname -n | sed -e 's/\//-/g' -e 's/ //g'`
-if [ "$os" = "$node" -a "$arch" = "i386" -a "$rel" = 3.2 -a "`uname -v`" = 2 ]
-then
-	# old versions of SCO UNIX set uname -s the same as uname -n
-	os=SCO_SV
-fi
-if [ "$rel" = 4.0 ]
-then
-	case $arch in
-	  3[34]??|3[34]??,*)
-		if [ -d /usr/sadm/sysadm/add-ons/WIN-TCP ]
-		then
-			os=NCR.MP-RAS.2.x
-		elif [ -d /usr/sadm/sysadm/add-ons/inet ]
-		then
-			os=NCR.MP-RAS.3.x
-		fi
-		;;
-	esac
-fi
-
-case $os
-in
-  DYNIX-ptx)	os=PTX;;
-  Paragon*)	os=Paragon;;
-  HP-UX)	rel=`echo $rel | sed -e 's/^[^.]*\.0*//'`;;
-  AIX)		rela=$rel
-		rel=`uname -v`
-		case $rel in
-		  2)	arch=""
-			;;
-		  4)	if [ "$rela" = "3" ]
-			then
-				arch=$rela
-			fi
-			;;
-		esac
-		rel=$rel.$rela
-		;;
-  BSD-386)	os=BSD-OS;;
-  SCO_SV)	os=SCO; rel=`uname -X | sed -n 's/Release = 3.2v//p'`;;
-  UNIX_System_V) if [ "$arch" = "ds90" ]
-		then
-			os="UXPDS"
-			rel=`uname -v | sed -e 's/\(V.*\)L.*/\1/'`
-		fi;;
-  SINIX-?)	os=SINIX;;
-  DomainOS)	case $rel in
-		  10.4*)	rel=10.4;;
-		esac
-		;;
-esac
-
-# get "base part" of operating system release
-rroot=`echo $rel | sed -e 's/\.[^.]*$//'`
-rbase=`echo $rel | sed -e 's/\..*//'`
-if [ "$rroot" = "$rbase" ]
-then
-	rroot=$rel
-fi
-
-# heuristic tweaks to clean up names -- PLEASE LIMIT THESE!
-if [ "$os" = "unix" ]
-then
-	# might be Altos System V
-	case $rel
-	in
-	  5.3*)		os=Altos;;
-	esac
-elif [ -r /unix -a -r /usr/lib/libseq.a -a -r /lib/cpp ]
-then
-	# might be a DYNIX/ptx 2.x system, which has a broken uname
-	if strings /lib/cpp | grep _SEQUENT_ > /dev/null
-	then
-		os=PTX
-	fi
-elif [ -d /usr/nec ]
-then
-	# NEC machine -- what is it running?
-	if [ "$os" = "UNIX_System_V" ]
-	then
-		os=EWS-UX_V
-	elif [ "$os" = "UNIX_SV" ]
-	then
-		os=UX4800
-	fi
-elif [ "$arch" = "mips" ]
-then
-	case $rel
-	in
-	  4_*)
-		if [ `uname -v` = "UMIPS" ]
-		then
-			os=RISCos
-		fi;;
-	esac
-fi
-
-# see if there is a "user suffix" specified
-if [ "${SENDMAIL_SUFFIX-}x" = "x" ]
-then
-	sfx=""
-else
-	sfx=".${SENDMAIL_SUFFIX}"
-fi
-
-echo "Configuration: os=$os, rel=$rel, rbase=$rbase, rroot=$rroot, arch=$arch, sfx=$sfx"
-
-
-SMROOT=${SMROOT-..}
-BUILDTOOLS=${BUILDTOOLS-$SMROOT/BuildTools}
-export SMROOT BUILDTOOLS
-
-# see if we are in a Build-able directory
-if [ ! -f Makefile.m4 ]; then
-	echo "Makefile.m4 not found.  Build can only be run from a source directory."
-	exit $EX_UNAVAILABLE
-fi
-
-# now try to find a reasonable object directory
-if [ -r obj.$os.$rel.$arch$sfx ]; then
-	obj=obj.$os.$rel.$arch$sfx
-elif [ -r obj.$os.$rroot.$arch$sfx ]; then
-	obj=obj.$os.$rroot.$arch$sfx
-elif [ -r obj.$os.$rbase.x.$arch$sfx ]; then
-	obj=obj.$os.$rbase.x.$arch$sfx
-elif [ -r obj.$os.$rel$sfx ]; then
-	obj=obj.$os.$rel$sfx
-elif [ -r obj.$os.$rbase.x$sfx ]; then
-	obj=obj.$os.$rbase.x$sfx
-elif [ -r obj.$os.$arch$sfx ]; then
-	obj=obj.$os.$arch$sfx
-elif [ -r obj.$rel.$arch$sfx ]; then
-	obj=obj.$rel.$arch$sfx
-elif [ -r obj.$rbase.x.$arch$sfx ]; then
-	obj=obj.$rbase.x.$arch$sfx
-elif [ -r obj.$os$sfx ]; then
-	obj=obj.$os$sfx
-elif [ -r obj.$arch$sfx ]; then
-	obj=obj.$arch$sfx
-elif [ -r obj.$rel$sfx ]; then
-	obj=obj.$rel$sfx
-elif [ -r obj$sfx ]; then
-	obj=obj$sfx
-fi
-if [ -z "$obj" -o "$cflag" ]
-then
-	if [ -n "$obj" ]
-	then
-		echo "Clearing out existing $obj tree"
-		rm -rf $obj
-	else
-		# no existing obj directory -- try to create one if Makefile found
-		obj=obj.$os.$rel.$arch$sfx
-	fi
-	if [ -r $BUILDTOOLS/OS/$os.$rel.$arch$sfx ]; then
-		oscf=$os.$rel.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rel.$arch ]; then
-		oscf=$os.$rel.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot.$arch$sfx ]; then
-		oscf=$os.$rroot.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot.$arch ]; then
-		oscf=$os.$rroot.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x.$arch$sfx ]; then
-		oscf=$os.$rbase.x.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x.$arch ]; then
-		oscf=$os.$rbase.x.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rel$sfx ]; then
-		oscf=$os.$rel$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rel ]; then
-		oscf=$os.$rel
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot$sfx ]; then
-		oscf=$os.$rroot$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot ]; then
-		oscf=$os.$rroot
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x$sfx ]; then
-		oscf=$os.$rbase.x$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x ]; then
-		oscf=$os.$rbase.x
-	elif [ -r $BUILDTOOLS/OS/$os.$arch$sfx ]; then
-		oscf=$os.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$arch ]; then
-		oscf=$os.$arch
-	elif [ -r $BUILDTOOLS/OS/$rel.$arch$sfx ]; then
-		oscf=$rel.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rel.$arch ]; then
-		oscf=$rel.$arch
-	elif [ -r $BUILDTOOLS/OS/$rroot.$arch$sfx ]; then
-		oscf=$rroot.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rroot.$arch ]; then
-		oscf=$rroot.$arch
-	elif [ -r $BUILDTOOLS/OS/$rbase.x.$arch$sfx ]; then
-		oscf=$rbase.x.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rbase.x.$arch ]; then
-		oscf=$rbase.x.$arch
-	elif [ -r $BUILDTOOLS/OS/$os$sfx ]; then
-		oscf=$os$sfx
-	elif [ -r $BUILDTOOLS/OS/$os ]; then
-		oscf=$os
-	elif [ -r $BUILDTOOLS/OS/$arch$sfx ]; then
-		oscf=$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$arch ]; then
-		oscf=$arch
-	elif [ -r $BUILDTOOLS/OS/$rel$sfx ]; then
-		oscf=$rel$sfx
-	elif [ -r $BUILDTOOLS/OS/$rel ]; then
-		oscf=$rel
-	elif [ -r $BUILDTOOLS/OS/$rel$sfx ]; then
-		oscf=$rel$sfx
-	else
-		echo "Cannot determine how to support $arch.$os.$rel" >&2
-		exit $EX_UNAVAILABLE
-	fi
-	M4=`sh $BUILDTOOLS/bin/find_m4.sh`
-	ret=$?
-	if [ $ret -ne 0 ]
-	then
-		exit $ret
-	fi
-	echo "Using M4=$M4"
-	export M4
-	if [ "$mflag" ]
-	then
-		echo "Will run in virgin $obj using $BUILDTOOLS/OS/$oscf"
-		exit 0
-	fi
-	if [ "$ABI" ]
-	then
-		echo "Using ABI $ABI"
-	fi
-	echo "Creating $obj using $BUILDTOOLS/OS/$oscf"
-	mkdir $obj
-	(cd $obj; ln -s ../*.[ch158] .)
-	if [ -f sendmail.hf ]
-	then
-		(cd $obj; ln -s ../sendmail.hf .)
-	fi
-
-	rm -f $obj/.settings$$
-	echo 'divert(-1)' > $obj/.settings$$
-	cat $BUILDTOOLS/M4/header.m4 >> $obj/.settings$$
-	if [ "$ABI" ]
-	then
-		echo "define(\`confABI', \`$ABI')" >> $obj/.settings$$
-	fi
-	cat $BUILDTOOLS/OS/$oscf >> $obj/.settings$$
-
-	if [ -z "$siteconfig" ]
-	then
-		# none specified, use defaults
-		if [ -f $BUILDTOOLS/Site/site.$oscf$sfx.m4 ]
-		then
-			siteconfig=$BUILDTOOLS/Site/site.$oscf$sfx.m4
-		elif [ -f $BUILDTOOLS/Site/site.$oscf.m4 ]
-		then
-			siteconfig=$BUILDTOOLS/Site/site.$oscf.m4
-		fi
-		if [ -f $BUILDTOOLS/Site/site.config.m4 ]
-		then
-			siteconfig="$BUILDTOOLS/Site/site.config.m4 $siteconfig"
-		fi
-	fi
-	if [ ! -z "$siteconfig" ]
-	then
-		echo "Including $siteconfig"
-		cat $siteconfig >> $obj/.settings$$
-	fi
-	if [ "$libdirs" ]
-	then
-		echo "define(\`confLIBDIRS', confLIBDIRS \`\`$libdirs'')" >> $obj/.settings$$
-	fi
-	if [ "$incdirs" ]
-	then
-		echo "define(\`confINCDIRS', confINCDIRS \`\`$incdirs'')" >> $obj/.settings$$
-	fi
-	echo 'divert(0)dnl' >> $obj/.settings$$
-	libdirs=`(cat $obj/.settings$$; echo "_SRIDBIL_= confLIBDIRS" ) | \
-		sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
-		grep "^_SRIDBIL_=" | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_SRIDBIL_=//"`
-	libsrch=`(cat $obj/.settings$$; echo "_HCRSBIL_= confLIBSEARCH" ) | \
-		sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
-		grep "^_HCRSBIL_=" | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_HCRSBIL_=//"`
-	echo 'divert(-1)' >> $obj/.settings$$
-	LIBDIRS="$libdirs" LIBSRCH="$libsrch" SITECONFIG="$siteconfig" sh $BUILDTOOLS/bin/configure.sh $sflag $oscf >> $obj/.settings$$
-	echo 'divert(0)dnl' >> $obj/.settings$$
-	sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' $obj/.settings$$ | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - Makefile.m4 | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' > $obj/Makefile
-	if [ $? -ne 0 -o ! -s $obj/Makefile ]
-	then
-		echo "ERROR: ${M4} failed; You may need a newer version of M4, at least as new as System V or GNU" 1>&2
-		rm -rf $obj
-		exit $EX_UNAVAILABLE
-	fi
-	rm -f $obj/.settings$$
-	echo "Making dependencies in $obj"
-	(cd $obj; ${MAKE-make} depend)
-fi
-
-if [ "$mflag" ]
-then
-	makefile=`ls -l $obj/Makefile | sed 's/.* //'`
-	if [ -z "$makefile" ]
-	then
-		echo "ERROR: $obj exists but has no Makefile" >&2
-		exit $EX_NOINPUT
-	fi
-	echo "Will run in existing $obj using $makefile"
-	exit 0
-fi
+#	$Id: Build,v 8.4 1999/03/02 02:34:57 peterh Exp $
 
-echo "Making in $obj"
-cd $obj
-eval exec ${MAKE-make} $makeargs
+exec ../devtools/bin/Build $*
diff --git a/contrib/sendmail/smrsh/Makefile b/contrib/sendmail/smrsh/Makefile
new file mode 100644
index 0000000..a9c4af7
--- /dev/null
+++ b/contrib/sendmail/smrsh/Makefile
@@ -0,0 +1,17 @@
+#       $Id: Makefile,v 8.5 1999/09/23 22:36:43 ca Exp $
+
+SHELL= /bin/sh
+BUILD=   ./Build
+OPTIONS= $(CONFIG) $(FLAGS)
+
+all: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+clean: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+install: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+
+fresh: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) -c
+
+FRC:
diff --git a/contrib/sendmail/smrsh/Makefile.m4 b/contrib/sendmail/smrsh/Makefile.m4
index 5cae3f0..7e4718f 100644
--- a/contrib/sendmail/smrsh/Makefile.m4
+++ b/contrib/sendmail/smrsh/Makefile.m4
@@ -1,96 +1,18 @@
-#
-#  This Makefile is designed to work on the old "make" program.
-#
-#	@(#)Makefile.m4	8.14	(Berkeley)	7/12/1998
-#
+include(confBUILDTOOLSDIR`/M4/switch.m4')
 
-# C compiler
-CC=	confCC
+# sendmail dir
+SMSRCDIR=	ifdef(`confSMSRCDIR', `confSMSRCDIR', `${SRCDIR}/sendmail')
+PREPENDDEF(`confENVDEF', `confMAPDEF')
+PREPENDDEF(`confINCDIRS', `-I${SMSRCDIR} ')
 
-# Shell
-SHELL=	confSHELL
+bldPRODUCT_START(`executable', `smrsh')
+define(`bldINSTALL_DIR', `E')
+define(`bldSOURCES', `smrsh.c ')
+bldPUSH_SMLIB(`smutil')
+bldPRODUCT_END
 
-# use O=-O (usual) or O=-g (debugging)
-O=	ifdef(`confOPTIMIZE', `confOPTIMIZE', `-O')
+bldPRODUCT_START(`manpage', `smrsh')
+define(`bldSOURCES', `smrsh.8')
+bldPRODUCT_END
 
-# location of sendmail source directory
-SRCDIR=	ifdef(`confSRCDIR', `confSRCDIR', `../../src')
-
-# environment definitions (e.g., -D_AIX3)
-ENVDEF=	ifdef(`confENVDEF', `confENVDEF')
-
-# include directories
-INCDIRS=-I${SRCDIR} confINCDIRS
-
-# loader options
-LDOPTS=	ifdef(`confLDOPTS', `confLDOPTS')
-
-# library directories
-LIBDIRS=confLIBDIRS
-
-# libraries required on your system
-LIBS=	ifdef(`confLIBS', `confLIBS')
-
-# location of smrsh binary (usually /usr/libexec or /usr/etc)
-EBINDIR=${DESTDIR}ifdef(`confEBINDIR', `confEBINDIR', `/usr/libexec')
-
-# additional .o files needed
-OBJADD=	ifdef(`confOBJADD', `confOBJADD')
-
-undivert(1)
-
-###################  end of user configuration flags  ######################
-
-BUILDBIN=confBUILDBIN
-COPTS=	-I. ${INCDIRS} ${ENVDEF}
-CFLAGS=	$O ${COPTS}
-
-BEFORE= confBEFORE
-OBJS=	smrsh.o ${OBJADD}
-
-# Which *roff program has -mandoc support
-NROFF=	ifdef(`confNROFF', `confNROFF', `groff -Tascii')
-MANDOC=	ifdef(`confMANDOC', `confMANDOC', `-mandoc')
-
-INSTALL=ifdef(`confINSTALL', `confINSTALL', `install')
-BINOWN=	ifdef(`confUBINOWN', `confUBINOWN', `bin')
-BINGRP=	ifdef(`confUBINGRP', `confUBINGRP', `bin')
-BINMODE=ifdef(`confUBINMODE', `confUBINMODE', `555')
-
-MANOWN=	ifdef(`confMANOWN', `confMANOWN', `bin')
-MANGRP=	ifdef(`confMANGRP', `confMANGRP', `bin')
-MANMODE=ifdef(`confMANMODE', `confMANMODE', `444')
-
-MANROOT=${DESTDIR}ifdef(`confMANROOT', `confMANROOT', `/usr/share/man/cat')
-MAN8=	${MANROOT}ifdef(`confMAN8', `confMAN8', `8')
-MAN8EXT=ifdef(`confMAN8EXT', `confMAN8EXT', `8')
-MAN8SRC=ifdef(`confMAN8SRC', `confMAN8SRC', `0')
-
-ALL=	smrsh smrsh.${MAN8SRC}
-
-all: ${ALL}
-
-smrsh: ${BEFORE} ${OBJS}
-	${CC} -o smrsh ${LDOPTS} ${OBJS} ${LIBDIRS} ${LIBS}
-
-undivert(3)
-
-smrsh.${MAN8SRC}: smrsh.8
-	${NROFF} ${MANDOC} smrsh.8 > smrsh.${MAN8SRC}
-
-install: install-smrsh install-docs
-
-install-smrsh: smrsh
-	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} smrsh ${EBINDIR}
-
-install-docs: smrsh.${MAN8SRC}
-ifdef(`confNO_MAN_INSTALL', `dnl',
-`	${INSTALL} -c -o ${MANOWN} -g ${MANGRP} -m ${MANMODE} smrsh.${MAN8SRC} ${MAN8}/smrsh.${MAN8EXT}')
-
-clean:
-	rm -f ${OBJS} smrsh smrsh.${MAN8SRC}
-
-################  Dependency scripts
-include(confBUILDTOOLSDIR/M4/depend/ifdef(`confDEPEND_TYPE', `confDEPEND_TYPE',
-`generic').m4)dnl
-################  End of dependency scripts
+bldFINISH
diff --git a/contrib/sendmail/smrsh/README b/contrib/sendmail/smrsh/README
index fa4e2de..1e048c6 100644
--- a/contrib/sendmail/smrsh/README
+++ b/contrib/sendmail/smrsh/README
@@ -1,13 +1,8 @@
 
-
-
 README  smrsh - sendmail restricted shell.
 
-	@(#)README	8.2	11/11/1995
-
-
 This README file is provided as a courtesy of the CERT Coordination Center,
-Software Engineering Institute, Carnegie Mellon University.  This file is 
+Software Engineering Institute, Carnegie Mellon University.  This file is
 intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability,
 and to the software, smrsh.c, written by Eric Allman.
 
@@ -23,52 +18,65 @@ programs.  When used in conjunction with sendmail, smrsh effectively
 limits sendmail's scope of program execution to only those programs
 specified in smrsh's configuration.
 
-smrsh has been written with portability in mind, and uses traditional 
+smrsh has been written with portability in mind, and uses traditional
 Unix library utilities.  As such, smrsh should compile on most
 Unix C compilers.
 
+smrsh should build on most systems with the enclosed Build script:
 
+	host.domain% sh Build
 
-To compile smrsh.c, use the following command:
+To compile smrsh.c by hand, use the following command:
 
-host.domain% cc -o smrsh smrsh.c
+	host.domain% cc -o smrsh smrsh.c
 
 For machines that provide dynamic linking, it is advisable to compile
 smrsh without dynamic linking.  As an example with the Sun Microsystems
 compiler, you should compile with the -Bstatic option.
 
-host.domain% cc -Bstatic -o smrsh smrsh.c
+	host.domain% cc -Bstatic -o smrsh smrsh.c
+		or
+	host.domain% sh Build LDOPTS=-Bstatic
+
+With gcc, the GNU C compiler, use the -static option.
+
+	host.domain% cc -static -o smrsh smrsh.c
+		or
+	host.domain% sh Build LDOPTS=-static
 
 
-Choose a directory that smrsh will reside in.  We will use the traditional 
-/usr/local/etc directory for the remainder of this document.
 
-As root, install smrsh in /usr/local/etc directory, with mode 511.
+As root, install smrsh in /usr/libexec.  Using the Build script:
 
-host.domain# mv smrsh /usr/local/etc
-host.domain# chmod 511 /usr/local/etc/smrsh
+	host.domain# sh Build install
+
+For manual installation: install smrsh in the /usr/libexec
+directory, with mode 511.
+
+	host.domain# mv smrsh /usr/libexec
+	host.domain# chmod 511 /usr/libexec/smrsh
 
 
 
 Next, determine the list of commands that smrsh should allow sendmail
 to run.  This list of allowable commands can be determined by:
 
-   1.  examining your /etc/aliases file, to indicate what commands 
-       are being used by the system. 
+   1.  examining your /etc/mail/aliases file, to indicate what commands
+       are being used by the system.
 
-   2.  surveying your host's .forward files, to determine what 
-       commands users have specified.  
+   2.  surveying your host's .forward files, to determine what
+       commands users have specified.
 
-See the man page for aliases(5) if you are unfamiliar with the format of 
-these specifications. Additionally, you should include in the list, 
+See the man page for aliases(5) if you are unfamiliar with the format of
+these specifications. Additionally, you should include in the list,
 popular commands such as /usr/ucb/vacation.
 
 You should NOT include interpreter programs such as sh(1), csh(1),
-perl(1), uudecode(1) or the stream editor sed(1) in your list of 
+perl(1), uudecode(1) or the stream editor sed(1) in your list of
 acceptable commands.
 
 
-You will next need to create the directory /usr/adm/sm.bin and populate 
+You will next need to create the directory /usr/adm/sm.bin and populate
 it with the programs that your site feels are allowable for sendmail
 to execute.   This directory is explicitly specified in the source
 code for smrsh, so changing this directory must be accompanied with
@@ -83,11 +91,11 @@ to the directory, or establish links to the allowable programs from
 can not be modified by non-root users.  If you use links, you should
 ensure that the target programs are not modifiable.
 
-To allow the popular vacation(1) program by creating a link in the 
+To allow the popular vacation(1) program by creating a link in the
 /usr/adm/sm.bin directory, you should:
 
-host.domain# cd /usr/adm/sm.bin
-host.domain# ln -s /usr/ucb/vacation vacation
+	host.domain# cd /usr/adm/sm.bin
+	host.domain# ln -s /usr/ucb/vacation vacation
 
 
 
@@ -96,18 +104,18 @@ After populating the /usr/adm/sm.bin directory, you can now configure
 sendmail to use the restricted shell.  Save the current sendmail.cf
 file prior to modifying it, as a prudent precaution.
 
-Typically, the program mailer is defined by a single line in the 
+Typically, the program mailer is defined by a single line in the
 sendmail configuration file, sendmail.cf.  This file is traditionally
-found in the /etc, /usr/lib or /etc/mail directories, depending on 
+found in the /etc, /usr/lib or /etc/mail directories, depending on
 the UNIX vendor.
 
 If you are unsure of the location of the actual sendmail configuration
 file, a search of the strings(1) output of the sendmail binary, will
 help to locate it.
 
-In order to configure sendmail to use smrsh, you must modify the Mprog 
-definition in the sendmail.cf file, by replacing the /bin/sh specification 
-with /usr/local/etc/smrsh.
+In order to configure sendmail to use smrsh, you must modify the Mprog
+definition in the sendmail.cf file, by replacing the /bin/sh specification
+with /usr/libexec/smrsh.
 
 As an example:
 
@@ -115,17 +123,17 @@ In most Sun Microsystems' sendmail.cf files, the line is:
 Mprog,	P=/bin/sh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
 
 which should be changed to:
-Mprog,	P=/usr/local/etc/smrsh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
-          ^^^^^^^^^^^^^^^^^^^^
+Mprog,	P=/usr/libexec/smrsh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
+          ^^^^^^^^^^^^^^^^^^
 
 A more generic line may be:
 Mprog,		P=/bin/sh, F=lsDFM, A=sh -c $u
 
 and should be changed to;
-Mprog,		P=/usr/local/etc/smrsh, F=lsDFM, A=sh -c $u
+Mprog,		P=/usr/libexec/smrsh, F=lsDFM, A=sh -c $u
 
 
-After modifying the Mprog definition in the sendmail.cf file, if a frozen 
+After modifying the Mprog definition in the sendmail.cf file, if a frozen
 configuration file is being used, it is essential to create a new one.
 You can determine if you need a frozen configuration by discovering
 if a sendmail.fc file currently exists in either the /etc/, /usr/lib,
@@ -133,12 +141,16 @@ or /etc/mail directories.  The specific location can be determined using
 a search of the strings(1) output of the sendmail binary.
 
 In order to create a new frozen configuration, if it is required:
-host.domain# /usr/lib/sendmail -bz
+	host.domain# /usr/lib/sendmail -bz
 
-Now re-start the sendmail process.  An example of how to do this on 
+Now re-start the sendmail process.  An example of how to do this on
 a typical system follows:
- 
-host.domain# /usr/bin/ps aux | /usr/bin/grep sendmail
-root 130  0.0  0.0  168    0 ?  IW   Oct  2  0:10 /usr/lib/sendmail -bd -q
-host.domain# /bin/kill -9 130
-host.domain# /usr/lib/sendmail -bd -q30m
+
+	host.domain# cat /var/run/sendmail.pid
+	130
+	/usr/sbin/sendmail -bd -q30m
+	host.domain# /bin/kill -15 130
+	host.domain# /usr/sbin/sendmail -bd -q30m
+
+
+$Revision: 8.6 $, Last updated $Date: 1999/04/28 01:09:51 $
diff --git a/contrib/sendmail/smrsh/smrsh.8 b/contrib/sendmail/smrsh/smrsh.8
index af08fc4..ebb3841 100644
--- a/contrib/sendmail/smrsh/smrsh.8
+++ b/contrib/sendmail/smrsh/smrsh.8
@@ -1,4 +1,5 @@
-.\" Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+.\" Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+.\"	 All rights reserved.
 .\" Copyright (c) 1993 Eric P. Allman.  All rights reserved.
 .\" Copyright (c) 1993
 .\"     The Regents of the University of California.  All rights reserved.
@@ -8,7 +9,7 @@
 .\" the sendmail distribution.
 .\"
 .\"
-.\"     @(#)smrsh.8	8.7 (Berkeley) 5/19/1998
+.\"     $Id: smrsh.8,v 8.11 1999/06/09 16:51:07 ca Exp $
 .\"
 .TH SMRSH 8 11/02/93
 .SH NAME
@@ -38,11 +39,14 @@ Briefly,
 .I smrsh
 limits programs to be in the directory
 /usr/adm/sm.bin,
-allowing the system administrator to choose the set of acceptable commands.
+allowing the system administrator to choose the set of acceptable commands,
+and to the shell builtin commands ``exec'', ``exit'', and ``echo''.
 It also rejects any commands with the characters
-`\`', `<', `>', `|', `;', `&', `$', `(', `)', `\er' (carriage return),
+`\`', `<', `>', `;', `$', `(', `)', `\er' (carriage return),
 or `\en' (newline)
 on the command line to prevent ``end run'' attacks.
+It allows ``||'' and ``&&'' to enable commands like:
+``"|exec /usr/local/bin/procmail -f- /etc/procmailrcs/user || exit 75"''
 .PP
 Initial pathnames on programs are stripped,
 so forwarding to ``/usr/ucb/vacation'',
diff --git a/contrib/sendmail/smrsh/smrsh.c b/contrib/sendmail/smrsh/smrsh.c
index d4af285..be48ab1 100644
--- a/contrib/sendmail/smrsh/smrsh.c
+++ b/contrib/sendmail/smrsh/smrsh.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1993 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,8 +12,17 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)smrsh.c	8.11 (Berkeley) 5/19/1998";
-#endif /* not lint */
+static char copyright[] =
+"@(#) Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.\n\
+	All rights reserved.\n\
+     Copyright (c) 1993 Eric P. Allman.  All rights reserved.\n\
+     Copyright (c) 1993\n\
+	The Regents of the University of California.  All rights reserved.\n";
+#endif /* ! lint */
+
+#ifndef lint
+static char id[] = "@(#)$Id: smrsh.c,v 8.31.4.4 2000/05/25 21:44:29 gshapiro Exp $";
+#endif /* ! lint */
 
 /*
 **  SMRSH -- sendmail restricted shell
@@ -29,15 +39,15 @@ static char sccsid[] = "@(#)smrsh.c	8.11 (Berkeley) 5/19/1998";
 **
 **	Leading pathnames are stripped from program names so that
 **	existing .forward files that reference things like
-**	"/usr/ucb/vacation" will continue to work.
+**	"/usr/bin/vacation" will continue to work.
 **
 **	The following characters are completely illegal:
-**		<  >  |  ^  ;  &  $  `  (  ) \n \r
+**		<  >  ^  &  `  (  ) \n \r
+**	The following characters are sometimes illegal:
+**		|  &
 **	This is more restrictive than strictly necessary.
 **
-**	To use this, edit /etc/sendmail.cf, search for ^Mprog, and
-**	change P=/bin/sh to P=/usr/local/etc/smrsh, where this compiled
-**	binary is installed /usr/local/etc/smrsh.
+**	To use this, add FEATURE(`smrsh') to your .mc file.
 **
 **	This can be used on any version of sendmail.
 **
@@ -49,17 +59,23 @@ static char sccsid[] = "@(#)smrsh.c	8.11 (Berkeley) 5/19/1998";
 #include <sys/file.h>
 #include <string.h>
 #include <ctype.h>
+#include <errno.h>
 #ifdef EX_OK
 # undef EX_OK
-#endif
+#endif /* EX_OK */
 #include <sysexits.h>
 #include <syslog.h>
 #include <stdlib.h>
 
+#ifndef TRUE
+# define TRUE	1
+# define FALSE	0
+#endif /* ! TRUE */
+
 /* directory in which all commands must reside */
 #ifndef CMDDIR
 # define CMDDIR		"/usr/adm/sm.bin"
-#endif
+#endif /* ! CMDDIR */
 
 /* characters disallowed in the shell "-c" argument */
 #define SPECIALS	"<|>^();&`$\r\n"
@@ -67,7 +83,56 @@ static char sccsid[] = "@(#)smrsh.c	8.11 (Berkeley) 5/19/1998";
 /* default search path */
 #ifndef PATH
 # define PATH		"/bin:/usr/bin:/usr/ucb"
-#endif
+#endif /* ! PATH */
+
+#ifndef __P
+# include "sendmail/cdefs.h"
+#endif /* ! __P */
+
+extern size_t	strlcpy __P((char *, const char *, size_t));
+extern size_t	strlcat __P((char *, const char *, size_t));
+
+char newcmdbuf[1000];
+char *prg, *par;
+
+/*
+**  ADDCMD -- add a string to newcmdbuf, check for overflow
+**
+**    Parameters:
+**	s -- string to add
+**	cmd -- it's a command: prepend CMDDIR/
+**	len -- length of string to add
+**
+**    Side Effects:
+**	changes newcmdbuf or exits with a failure.
+**
+*/
+
+void
+addcmd(s, cmd, len)
+	char *s;
+	int cmd;
+	int len;
+{
+	if (s == NULL || *s == '\0')
+		return;
+
+	if (sizeof newcmdbuf - strlen(newcmdbuf) <=
+	    len + (cmd ? (strlen(CMDDIR) + 1) : 0))
+	{
+		fprintf(stderr, "%s: command too long: %s\n", prg, par);
+#ifndef DEBUG
+		syslog(LOG_WARNING, "command too long: %.40s", par);
+#endif /* ! DEBUG */
+		exit(EX_UNAVAILABLE);
+	}
+	if (cmd)
+	{
+		(void) strlcat(newcmdbuf, CMDDIR, sizeof newcmdbuf);
+		(void) strlcat(newcmdbuf, "/", sizeof newcmdbuf);
+	}
+	(void) strlcat(newcmdbuf, s, sizeof newcmdbuf);
+}
 
 int
 main(argc, argv)
@@ -76,20 +141,26 @@ main(argc, argv)
 {
 	register char *p;
 	register char *q;
+	register char *r;
 	register char *cmd;
 	int i;
+	int isexec;
+	int save_errno;
 	char *newenv[2];
 	char cmdbuf[1000];
 	char pathbuf[1000];
+	char specialbuf[32];
 
-#ifndef LOG_MAIL
+#ifndef DEBUG
+# ifndef LOG_MAIL
 	openlog("smrsh", 0);
-#else
+# else /* ! LOG_MAIL */
 	openlog("smrsh", LOG_ODELAY|LOG_CONS, LOG_MAIL);
-#endif
+# endif /* ! LOG_MAIL */
+#endif /* ! DEBUG */
 
-	strcpy(pathbuf, "PATH=");
-	strcat(pathbuf, PATH);
+	(void) strlcpy(pathbuf, "PATH=", sizeof pathbuf);
+	(void) strlcat(pathbuf, PATH, sizeof pathbuf);
 	newenv[0] = pathbuf;
 	newenv[1] = NULL;
 
@@ -97,10 +168,15 @@ main(argc, argv)
 	**  Do basic argv usage checking
 	*/
 
+	prg = argv[0];
+	par = argv[2];
+
 	if (argc != 3 || strcmp(argv[1], "-c") != 0)
 	{
-		fprintf(stderr, "Usage: %s -c command\n", argv[0]);
+		fprintf(stderr, "Usage: %s -c command\n", prg);
+#ifndef DEBUG
 		syslog(LOG_ERR, "usage");
+#endif /* ! DEBUG */
 		exit(EX_USAGE);
 	}
 
@@ -111,103 +187,193 @@ main(argc, argv)
 	**  the address to 7 bits before checking.
 	*/
 
-	strcpy(cmdbuf, SPECIALS);
-	for (p = cmdbuf; *p != '\0'; p++)
-		*p |= '\200';
-	strcat(cmdbuf, SPECIALS);
-	p = strpbrk(argv[2], cmdbuf);
-	if (p != NULL)
+	if (strlen(SPECIALS) * 2 >= sizeof specialbuf)
 	{
-		fprintf(stderr, "%s: cannot use %c in command\n",
-			argv[0], *p);
-		syslog(LOG_CRIT, "uid %d: attempt to use %c in command: %s",
-			getuid(), *p, argv[2]);
+#ifndef DEBUG
+		syslog(LOG_ERR, "too many specials: %.40s", SPECIALS);
+#endif /* ! DEBUG */
 		exit(EX_UNAVAILABLE);
 	}
+	(void) strlcpy(specialbuf, SPECIALS, sizeof specialbuf);
+	for (p = specialbuf; *p != '\0'; p++)
+		*p |= '\200';
+	(void) strlcat(specialbuf, SPECIALS, sizeof specialbuf);
 
 	/*
 	**  Do a quick sanity check on command line length.
 	*/
 
-	i = strlen(argv[2]);
-	if (i > (sizeof cmdbuf - sizeof CMDDIR - 2))
+	i = strlen(par);
+	if (i > (sizeof newcmdbuf - sizeof CMDDIR - 2))
 	{
-		fprintf(stderr, "%s: command too long: %s\n", argv[0], argv[2]);
-		syslog(LOG_WARNING, "command too long: %.40s", argv[2]);
+		fprintf(stderr, "%s: command too long: %s\n", prg, par);
+#ifndef DEBUG
+		syslog(LOG_WARNING, "command too long: %.40s", par);
+#endif /* ! DEBUG */
 		exit(EX_UNAVAILABLE);
 	}
 
-	/*
-	**  Strip off a leading pathname on the command name.  For
-	**  example, change /usr/ucb/vacation to vacation.
-	*/
-
-	/* strip leading spaces */
-	for (q = argv[2]; *q != '\0' && isascii(*q) && isspace(*q); )
-		q++;
+	q = par;
+	newcmdbuf[0] = '\0';
+	isexec = FALSE;
 
-	/* find the end of the command name */
-	p = strpbrk(q, " \t");
-	if (p == NULL)
-		cmd = &q[strlen(q)];
-	else
+	while (*q)
 	{
-		*p = '\0';
-		cmd = p;
-	}
+		/*
+		**  Strip off a leading pathname on the command name.  For
+		**  example, change /usr/ucb/vacation to vacation.
+		*/
 
-	/* search backwards for last / (allow for 0200 bit) */
-	while (cmd > q)
-	{
-		if ((*--cmd & 0177) == '/')
+		/* strip leading spaces */
+		while (*q != '\0' && isascii(*q) && isspace(*q))
+			q++;
+		if (*q == '\0')
 		{
-			cmd++;
+			if (isexec)
+			{
+				fprintf(stderr, "%s: missing command to exec\n",
+					prg);
+#ifndef DEBUG
+				syslog(LOG_CRIT, "uid %d: missing command to exec", getuid());
+#endif /* ! DEBUG */
+				exit(EX_UNAVAILABLE);
+			}
 			break;
 		}
-	}
-
-	/* cmd now points at final component of path name */
 
-	/*
-	**  Check to see if the command name is legal.
-	*/
+		/* find the end of the command name */
+		p = strpbrk(q, " \t");
+		if (p == NULL)
+			cmd = &q[strlen(q)];
+		else
+		{
+			*p = '\0';
+			cmd = p;
+		}
+		/* search backwards for last / (allow for 0200 bit) */
+		while (cmd > q)
+		{
+			if ((*--cmd & 0177) == '/')
+			{
+				cmd++;
+				break;
+			}
+		}
+		/* cmd now points at final component of path name */
 
-	(void) strcpy(cmdbuf, CMDDIR);
-	(void) strcat(cmdbuf, "/");
-	(void) strcat(cmdbuf, cmd);
+		/* allow a few shell builtins */
+		if (strcmp(q, "exec") == 0 && p != NULL)
+		{
+			addcmd("exec ", FALSE, strlen("exec "));
+			/* test _next_ arg */
+			q = ++p;
+			isexec = TRUE;
+			continue;
+		}
+		else if (strcmp(q, "exit") == 0 || strcmp(q, "echo") == 0)
+		{
+			addcmd(cmd, FALSE, strlen(cmd));
+			/* test following chars */
+		}
+		else
+		{
+			/*
+			**  Check to see if the command name is legal.
+			*/
+			(void) strlcpy(cmdbuf, CMDDIR, sizeof cmdbuf);
+			(void) strlcat(cmdbuf, "/", sizeof cmdbuf);
+			(void) strlcat(cmdbuf, cmd, sizeof cmdbuf);
 #ifdef DEBUG
-	printf("Trying %s\n", cmdbuf);
-#endif
-	if (access(cmdbuf, X_OK) < 0)
-	{
-		/* oops....  crack attack possiblity */
-		fprintf(stderr, "%s: %s not available for sendmail programs\n",
-			argv[0], cmd);
+			printf("Trying %s\n", cmdbuf);
+#endif /* DEBUG */
+			if (access(cmdbuf, X_OK) < 0)
+			{
+				/* oops....  crack attack possiblity */
+				fprintf(stderr,
+					"%s: %s not available for sendmail programs\n",
+					prg, cmd);
+				if (p != NULL)
+					*p = ' ';
+#ifndef DEBUG
+				syslog(LOG_CRIT, "uid %d: attempt to use %s",
+				       getuid(), cmd);
+#endif /* ! DEBUG */
+				exit(EX_UNAVAILABLE);
+			}
+
+			/*
+			**  Create the actual shell input.
+			*/
+
+			addcmd(cmd, TRUE, strlen(cmd));
+		}
+		isexec = FALSE;
+
 		if (p != NULL)
 			*p = ' ';
-		syslog(LOG_CRIT, "uid %d: attempt to use %s", getuid(), cmd);
-		exit(EX_UNAVAILABLE);
-	}
-	if (p != NULL)
-		*p = ' ';
+		else
+			break;
 
-	/*
-	**  Create the actual shell input.
-	*/
+		r = strpbrk(p, specialbuf);
+		if (r == NULL) {
+			addcmd(p, FALSE, strlen(p));
+			break;
+		}
+#if ALLOWSEMI
+		if (*r == ';') {
+			addcmd(p, FALSE,  r - p + 1);
+			q = r + 1;
+			continue;
+		}
+#endif /* ALLOWSEMI */
+		if ((*r == '&' && *(r + 1) == '&') ||
+		    (*r == '|' && *(r + 1) == '|'))
+		{
+			addcmd(p, FALSE,  r - p + 2);
+			q = r + 2;
+			continue;
+		}
 
-	strcpy(cmdbuf, CMDDIR);
-	strcat(cmdbuf, "/");
-	strcat(cmdbuf, cmd);
+		fprintf(stderr, "%s: cannot use %c in command\n", prg, *r);
+#ifndef DEBUG
+		syslog(LOG_CRIT, "uid %d: attempt to use %c in command: %s",
+			getuid(), *r, par);
+#endif /* ! DEBUG */
+		exit(EX_UNAVAILABLE);
+	}		/* end of while *q */
+	if (isexec)
+	{
+		fprintf(stderr, "%s: missing command to exec\n", prg);
+#ifndef DEBUG
+		syslog(LOG_CRIT, "uid %d: missing command to exec", getuid());
+#endif /* ! DEBUG */
+		exit(EX_UNAVAILABLE);
+	}
+	/* make sure we created something */
+	if (newcmdbuf[0] == '\0')
+	{
+		fprintf(stderr, "Usage: %s -c command\n", prg);
+#ifndef DEBUG
+		syslog(LOG_ERR, "usage");
+#endif /* ! DEBUG */
+		exit(EX_USAGE);
+	}
 
 	/*
 	**  Now invoke the shell
 	*/
 
 #ifdef DEBUG
-	printf("%s\n", cmdbuf);
-#endif
-	execle("/bin/sh", "/bin/sh", "-c", cmdbuf, NULL, newenv);
+	printf("%s\n", newcmdbuf);
+#endif /* DEBUG */
+	(void) execle("/bin/sh", "/bin/sh", "-c", newcmdbuf, NULL, newenv);
+	save_errno = errno;
+#ifndef DEBUG
 	syslog(LOG_CRIT, "Cannot exec /bin/sh: %m");
+#endif /* ! DEBUG */
+	errno = save_errno;
 	perror("/bin/sh");
 	exit(EX_OSFILE);
+	/* NOTREACHED */
+	return EX_OSFILE;
 }
diff --git a/contrib/sendmail/src/Build b/contrib/sendmail/src/Build
index ab8a49d..72db61a 100755
--- a/contrib/sendmail/src/Build
+++ b/contrib/sendmail/src/Build
@@ -1,513 +1,13 @@
 #!/bin/sh
 
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
-# Copyright (c) 1993, 1996-1997 Eric P. Allman.  All rights reserved.
-# Copyright (c) 1993
-#	The Regents of the University of California.  All rights reserved.
+# Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
 # the sendmail distribution.
 #
 #
-#       @(#)Build	8.93 (Berkeley) 6/24/98
-#
-
-#
-#  A quick-and-dirty script to compile sendmail and related programs
-#  in the presence of multiple architectures.  To use, just use
-#  "sh Build".
-#
-
-trap "rm -f $obj/.settings$$; exit" 1 2 3 15
-
-cflag=""
-mflag=""
-sflag=""
-makeargs=""
-libdirs=""
-incdirs=""
-libsrch=""
-siteconfig=""
-EX_USAGE=64
-EX_NOINPUT=66
-EX_UNAVAILABLE=69
-
-while [ ! -z "$1" ]
-do
-	case $1
-	in
-	  -c)	# clean out existing $obj tree
-		cflag=1
-		shift
-		;;
-
-	  -m)	# show Makefile name only
-		mflag=1
-		shift
-		;;
-
-	  -E*)	# environment variables to pass into Build
-		arg=`echo $1 | sed 's/^-E//'`
-		if [ -z "$arg" ]
-		then
-		    shift   # move to argument
-		    arg=$1
-		fi
-		if [ -z "$arg" ]
-		then
-			echo "Empty -E flag" >&2
-			exit $EX_USAGE
-		else
-			case $arg
-			in
-			  *=*)	# check format
-				eval $arg
-				export `echo $arg | sed 's;=.*;;'`
-				;;
-			  *)	# bad format
-				echo "Bad format for -E argument ($arg)" >&2
-				exit $EX_USAGE
-				;;
-			esac
-			shift
-		fi
-		;;
-
-	  -L*)	# set up LIBDIRS
-		libdirs="$libdirs $1"
-		shift
-		;;
-
-	  -I*)	# set up INCDIRS
-		incdirs="$incdirs $1"
-		shift
-		;;
-
-	  -f*)	# select site config file
-		arg=`echo $1 | sed 's/^-f//'`
-		if [ -z "$arg" ]
-		then
-		    shift   # move to argument
-		    arg=$1
-		fi
-		if [ "$siteconfig" ]
-		then
-			echo "Only one -f flag allowed" >&2
-			exit $EX_USAGE
-		else
-			siteconfig=$arg
-			if [ -z "$siteconfig" ]
-			then
-				echo "Missing argument for -f flag" >&2
-				exit $EX_USAGE
-			elif [ ! -f "$siteconfig" ]
-			then
-				echo "${siteconfig}: File not found"
-				exit $EX_NOINPUT
-			else
-				shift	# move past argument
-			fi
-		fi
-		;;
-
-	  -S)	# skip auto-configure
-		sflag="-s"
-		shift
-		;;
-
-	  *)	# pass argument to make
-		makeargs="$makeargs \"$1\""
-		shift
-		;;
-	esac
-done
-
-#
-#  Do heuristic guesses !ONLY! for machines that do not have uname
-#
-if [ -d /NextApps -a ! -f /bin/uname -a ! -f /usr/bin/uname ]
-then
-	# probably a NeXT box
-	arch=`hostinfo | sed -n 's/.*Processor type: \([^ ]*\).*/\1/p'`
-	os=NeXT
-	rel=`hostinfo | sed -n 's/.*NeXT Mach \([0-9\.]*\).*/\1/p'`
-elif [ -f /usr/sony/bin/machine -a -f /etc/osversion ]
-then
-	# probably a Sony NEWS 4.x
-	os=NEWS-OS
-	rel=`awk '{ print $3}' /etc/osversion`
-	arch=`/usr/sony/bin/machine`
-elif [ -d /usr/omron -a -f /bin/luna ]
-then
-	# probably a Omron LUNA
-	os=LUNA
-	if [ -f /bin/luna1 ] && /bin/luna1
-	then
-		rel=unios-b
-		arch=luna1
-	elif [ -f /bin/luna2 ] && /bin/luna2
-	then
-		rel=Mach
-		arch=luna2
-	elif [ -f /bin/luna88k ] && /bin/luna88k
-	then
-		rel=Mach
-		arch=luna88k
-	fi
-elif [ -d /usr/apollo -a -d \`node_data ]
-then
-	# probably a Apollo/DOMAIN
-	os=DomainOS
-	arch=$ISP
-	rel=`/usr/apollo/bin/bldt | grep Domain | awk '{ print $4 }' | sed -e 's/,//g'`
-fi
-
-if [ ! "$arch" -a ! "$os" -a ! "$rel" ]
-then
-	arch=`uname -m | sed -e 's/ //g'`
-	os=`uname -s | sed -e 's/\//-/g' -e 's/ //g'`
-	rel=`uname -r | sed -e 's/(/-/g' -e 's/)//g'`
-fi
-
-#
-#  Tweak the values we have already got.  PLEASE LIMIT THESE to
-#  tweaks that are absolutely necessary because your system uname
-#  routine doesn't return something sufficiently unique.  Don't do
-#  it just because you don't like the name that is returned.  You
-#  can combine the architecture name with the os name to create a
-#  unique Makefile name.
-#
-
-# tweak machine architecture
-case $arch
-in
-  sun4*)	arch=sun4;;
-
-  9000/*)	arch=`echo $arch | sed -e 's/9000.//' -e 's/..$/xx/'`;;
-
-  DS/907000)	arch=ds90;;
-
-  NILE*)	arch=NILE
-		os=`uname -v`;;
-esac
-
-# tweak operating system type and release
-node=`uname -n | sed -e 's/\//-/g' -e 's/ //g'`
-if [ "$os" = "$node" -a "$arch" = "i386" -a "$rel" = 3.2 -a "`uname -v`" = 2 ]
-then
-	# old versions of SCO UNIX set uname -s the same as uname -n
-	os=SCO_SV
-fi
-if [ "$rel" = 4.0 ]
-then
-	case $arch in
-	  3[34]??|3[34]??,*)
-		if [ -d /usr/sadm/sysadm/add-ons/WIN-TCP ]
-		then
-			os=NCR.MP-RAS.2.x
-		elif [ -d /usr/sadm/sysadm/add-ons/inet ]
-		then
-			os=NCR.MP-RAS.3.x
-		fi
-		;;
-	esac
-fi
-
-case $os
-in
-  DYNIX-ptx)	os=PTX;;
-  Paragon*)	os=Paragon;;
-  HP-UX)	rel=`echo $rel | sed -e 's/^[^.]*\.0*//'`;;
-  AIX)		rela=$rel
-		rel=`uname -v`
-		case $rel in
-		  2)	arch=""
-			;;
-		  4)	if [ "$rela" = "3" ]
-			then
-				arch=$rela
-			fi
-			;;
-		esac
-		rel=$rel.$rela
-		;;
-  BSD-386)	os=BSD-OS;;
-  SCO_SV)	os=SCO; rel=`uname -X | sed -n 's/Release = 3.2v//p'`;;
-  UNIX_System_V) if [ "$arch" = "ds90" ]
-		then
-			os="UXPDS"
-			rel=`uname -v | sed -e 's/\(V.*\)L.*/\1/'`
-		fi;;
-  SINIX-?)	os=SINIX;;
-  DomainOS)	case $rel in
-		  10.4*)	rel=10.4;;
-		esac
-		;;
-esac
-
-# get "base part" of operating system release
-rroot=`echo $rel | sed -e 's/\.[^.]*$//'`
-rbase=`echo $rel | sed -e 's/\..*//'`
-if [ "$rroot" = "$rbase" ]
-then
-	rroot=$rel
-fi
-
-# heuristic tweaks to clean up names -- PLEASE LIMIT THESE!
-if [ "$os" = "unix" ]
-then
-	# might be Altos System V
-	case $rel
-	in
-	  5.3*)		os=Altos;;
-	esac
-elif [ -r /unix -a -r /usr/lib/libseq.a -a -r /lib/cpp ]
-then
-	# might be a DYNIX/ptx 2.x system, which has a broken uname
-	if strings /lib/cpp | grep _SEQUENT_ > /dev/null
-	then
-		os=PTX
-	fi
-elif [ -d /usr/nec ]
-then
-	# NEC machine -- what is it running?
-	if [ "$os" = "UNIX_System_V" ]
-	then
-		os=EWS-UX_V
-	elif [ "$os" = "UNIX_SV" ]
-	then
-		os=UX4800
-	fi
-elif [ "$arch" = "mips" ]
-then
-	case $rel
-	in
-	  4_*)
-		if [ `uname -v` = "UMIPS" ]
-		then
-			os=RISCos
-		fi;;
-	esac
-fi
-
-# see if there is a "user suffix" specified
-if [ "${SENDMAIL_SUFFIX-}x" = "x" ]
-then
-	sfx=""
-else
-	sfx=".${SENDMAIL_SUFFIX}"
-fi
-
-echo "Configuration: os=$os, rel=$rel, rbase=$rbase, rroot=$rroot, arch=$arch, sfx=$sfx"
-
-
-SMROOT=${SMROOT-..}
-BUILDTOOLS=${BUILDTOOLS-$SMROOT/BuildTools}
-export SMROOT BUILDTOOLS
-
-# see if we are in a Build-able directory
-if [ ! -f Makefile.m4 ]; then
-	echo "Makefile.m4 not found.  Build can only be run from a source directory."
-	exit $EX_UNAVAILABLE
-fi
-
-# now try to find a reasonable object directory
-if [ -r obj.$os.$rel.$arch$sfx ]; then
-	obj=obj.$os.$rel.$arch$sfx
-elif [ -r obj.$os.$rroot.$arch$sfx ]; then
-	obj=obj.$os.$rroot.$arch$sfx
-elif [ -r obj.$os.$rbase.x.$arch$sfx ]; then
-	obj=obj.$os.$rbase.x.$arch$sfx
-elif [ -r obj.$os.$rel$sfx ]; then
-	obj=obj.$os.$rel$sfx
-elif [ -r obj.$os.$rbase.x$sfx ]; then
-	obj=obj.$os.$rbase.x$sfx
-elif [ -r obj.$os.$arch$sfx ]; then
-	obj=obj.$os.$arch$sfx
-elif [ -r obj.$rel.$arch$sfx ]; then
-	obj=obj.$rel.$arch$sfx
-elif [ -r obj.$rbase.x.$arch$sfx ]; then
-	obj=obj.$rbase.x.$arch$sfx
-elif [ -r obj.$os$sfx ]; then
-	obj=obj.$os$sfx
-elif [ -r obj.$arch$sfx ]; then
-	obj=obj.$arch$sfx
-elif [ -r obj.$rel$sfx ]; then
-	obj=obj.$rel$sfx
-elif [ -r obj$sfx ]; then
-	obj=obj$sfx
-fi
-if [ -z "$obj" -o "$cflag" ]
-then
-	if [ -n "$obj" ]
-	then
-		echo "Clearing out existing $obj tree"
-		rm -rf $obj
-	else
-		# no existing obj directory -- try to create one if Makefile found
-		obj=obj.$os.$rel.$arch$sfx
-	fi
-	if [ -r $BUILDTOOLS/OS/$os.$rel.$arch$sfx ]; then
-		oscf=$os.$rel.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rel.$arch ]; then
-		oscf=$os.$rel.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot.$arch$sfx ]; then
-		oscf=$os.$rroot.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot.$arch ]; then
-		oscf=$os.$rroot.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x.$arch$sfx ]; then
-		oscf=$os.$rbase.x.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x.$arch ]; then
-		oscf=$os.$rbase.x.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rel$sfx ]; then
-		oscf=$os.$rel$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rel ]; then
-		oscf=$os.$rel
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot$sfx ]; then
-		oscf=$os.$rroot$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot ]; then
-		oscf=$os.$rroot
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x$sfx ]; then
-		oscf=$os.$rbase.x$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x ]; then
-		oscf=$os.$rbase.x
-	elif [ -r $BUILDTOOLS/OS/$os.$arch$sfx ]; then
-		oscf=$os.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$arch ]; then
-		oscf=$os.$arch
-	elif [ -r $BUILDTOOLS/OS/$rel.$arch$sfx ]; then
-		oscf=$rel.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rel.$arch ]; then
-		oscf=$rel.$arch
-	elif [ -r $BUILDTOOLS/OS/$rroot.$arch$sfx ]; then
-		oscf=$rroot.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rroot.$arch ]; then
-		oscf=$rroot.$arch
-	elif [ -r $BUILDTOOLS/OS/$rbase.x.$arch$sfx ]; then
-		oscf=$rbase.x.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rbase.x.$arch ]; then
-		oscf=$rbase.x.$arch
-	elif [ -r $BUILDTOOLS/OS/$os$sfx ]; then
-		oscf=$os$sfx
-	elif [ -r $BUILDTOOLS/OS/$os ]; then
-		oscf=$os
-	elif [ -r $BUILDTOOLS/OS/$arch$sfx ]; then
-		oscf=$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$arch ]; then
-		oscf=$arch
-	elif [ -r $BUILDTOOLS/OS/$rel$sfx ]; then
-		oscf=$rel$sfx
-	elif [ -r $BUILDTOOLS/OS/$rel ]; then
-		oscf=$rel
-	elif [ -r $BUILDTOOLS/OS/$rel$sfx ]; then
-		oscf=$rel$sfx
-	else
-		echo "Cannot determine how to support $arch.$os.$rel" >&2
-		exit $EX_UNAVAILABLE
-	fi
-	M4=`sh $BUILDTOOLS/bin/find_m4.sh`
-	ret=$?
-	if [ $ret -ne 0 ]
-	then
-		exit $ret
-	fi
-	echo "Using M4=$M4"
-	export M4
-	if [ "$mflag" ]
-	then
-		echo "Will run in virgin $obj using $BUILDTOOLS/OS/$oscf"
-		exit 0
-	fi
-	if [ "$ABI" ]
-	then
-		echo "Using ABI $ABI"
-	fi
-	echo "Creating $obj using $BUILDTOOLS/OS/$oscf"
-	mkdir $obj
-	(cd $obj; ln -s ../*.[ch158] .)
-	if [ -f sendmail.hf ]
-	then
-		(cd $obj; ln -s ../sendmail.hf .)
-	fi
-
-	rm -f $obj/.settings$$
-	echo 'divert(-1)' > $obj/.settings$$
-	cat $BUILDTOOLS/M4/header.m4 >> $obj/.settings$$
-	if [ "$ABI" ]
-	then
-		echo "define(\`confABI', \`$ABI')" >> $obj/.settings$$
-	fi
-	cat $BUILDTOOLS/OS/$oscf >> $obj/.settings$$
-
-	if [ -z "$siteconfig" ]
-	then
-		# none specified, use defaults
-		if [ -f $BUILDTOOLS/Site/site.$oscf$sfx.m4 ]
-		then
-			siteconfig=$BUILDTOOLS/Site/site.$oscf$sfx.m4
-		elif [ -f $BUILDTOOLS/Site/site.$oscf.m4 ]
-		then
-			siteconfig=$BUILDTOOLS/Site/site.$oscf.m4
-		fi
-		if [ -f $BUILDTOOLS/Site/site.config.m4 ]
-		then
-			siteconfig="$BUILDTOOLS/Site/site.config.m4 $siteconfig"
-		fi
-	fi
-	if [ ! -z "$siteconfig" ]
-	then
-		echo "Including $siteconfig"
-		cat $siteconfig >> $obj/.settings$$
-	fi
-	if [ "$libdirs" ]
-	then
-		echo "define(\`confLIBDIRS', confLIBDIRS \`\`$libdirs'')" >> $obj/.settings$$
-	fi
-	if [ "$incdirs" ]
-	then
-		echo "define(\`confINCDIRS', confINCDIRS \`\`$incdirs'')" >> $obj/.settings$$
-	fi
-	echo 'divert(0)dnl' >> $obj/.settings$$
-	libdirs=`(cat $obj/.settings$$; echo "_SRIDBIL_= confLIBDIRS" ) | \
-		sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
-		grep "^_SRIDBIL_=" | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_SRIDBIL_=//"`
-	libsrch=`(cat $obj/.settings$$; echo "_HCRSBIL_= confLIBSEARCH" ) | \
-		sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
-		grep "^_HCRSBIL_=" | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_HCRSBIL_=//"`
-	echo 'divert(-1)' >> $obj/.settings$$
-	LIBDIRS="$libdirs" LIBSRCH="$libsrch" SITECONFIG="$siteconfig" sh $BUILDTOOLS/bin/configure.sh $sflag $oscf >> $obj/.settings$$
-	echo 'divert(0)dnl' >> $obj/.settings$$
-	sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' $obj/.settings$$ | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - Makefile.m4 | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' > $obj/Makefile
-	if [ $? -ne 0 -o ! -s $obj/Makefile ]
-	then
-		echo "ERROR: ${M4} failed; You may need a newer version of M4, at least as new as System V or GNU" 1>&2
-		rm -rf $obj
-		exit $EX_UNAVAILABLE
-	fi
-	rm -f $obj/.settings$$
-	echo "Making dependencies in $obj"
-	(cd $obj; ${MAKE-make} depend)
-fi
-
-if [ "$mflag" ]
-then
-	makefile=`ls -l $obj/Makefile | sed 's/.* //'`
-	if [ -z "$makefile" ]
-	then
-		echo "ERROR: $obj exists but has no Makefile" >&2
-		exit $EX_NOINPUT
-	fi
-	echo "Will run in existing $obj using $makefile"
-	exit 0
-fi
+#	$Id: Build,v 8.5.2.1 2000/04/10 06:41:07 gshapiro Exp $
 
-echo "Making in $obj"
-cd $obj
-eval exec ${MAKE-make} $makeargs
+exec sh ../devtools/bin/Build $*
diff --git a/contrib/sendmail/src/Makefile b/contrib/sendmail/src/Makefile
new file mode 100644
index 0000000..c86bbf5
--- /dev/null
+++ b/contrib/sendmail/src/Makefile
@@ -0,0 +1,17 @@
+#       $Id: Makefile,v 8.11 1999/09/23 22:36:42 ca Exp $
+
+SHELL= /bin/sh
+BUILD=   ./Build
+OPTIONS= $(CONFIG) $(FLAGS)
+
+all: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+clean: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+install: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+
+fresh: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) -c
+
+FRC:
diff --git a/contrib/sendmail/src/Makefile.m4 b/contrib/sendmail/src/Makefile.m4
index d88d35b..c59701b 100644
--- a/contrib/sendmail/src/Makefile.m4
+++ b/contrib/sendmail/src/Makefile.m4
@@ -1,152 +1,53 @@
-#
-#  This Makefile is designed to work on any reasonably current version of
-#  "make" program.
-#
-#	@(#)Makefile.m4	8.26 (Berkeley) 1/23/1999
-#
+include(confBUILDTOOLSDIR`/M4/switch.m4')
 
-# C compiler
-CC=	confCC
+bldPRODUCT_START(`executable', `sendmail')
+define(`bldBIN_TYPE', `S')
+define(`bldINSTALL_DIR', `')
+define(`bldSOURCES', `main.c alias.c arpadate.c bf_'ifdef(`confSTDIO_TYPE', `confSTDIO_TYPE', `portable')`.c clock.c collect.c conf.c control.c convtime.c daemon.c deliver.c domain.c envelope.c err.c headers.c macro.c map.c mci.c milter.c mime.c parseaddr.c queue.c readcf.c recipient.c savemail.c sfsasl.c shmticklib.c srvrsmtp.c stab.c stats.c sysexits.c timers.c trace.c udb.c usersmtp.c util.c version.c ')
+PREPENDDEF(`confENVDEF', `confMAPDEF')
+bldPUSH_SMLIB(`smutil')
 
-# Shell
-SHELL=	confSHELL
+define(`bldTARGET_LINKS', ifdef(`confLINKS', `confLINKS',
+`${DESTDIR}${UBINDIR}/newaliases ${DESTDIR}${UBINDIR}/mailq ${DESTDIR}${UBINDIR}/hoststat ${DESTDIR}${UBINDIR}/purgestat')
+)dnl
 
-# use O=-O (usual) or O=-g (debugging)
-O=	ifdef(`confOPTIMIZE', `confOPTIMIZE', `-O')
+# location of sendmail statistics file (usually /etc/mail/ or /var/log)
+STDIR= ifdef(`confSTDIR', `confSTDIR', `/etc/mail')
 
-# location of sendmail source directory
-SRCDIR=	.
+# full path to installed statistics file (usually ${STDIR}/statistics)
+STFILE= ${STDIR}/ifdef(`confSTFILE', `confSTFILE', `statistics')
 
-# define the database mechanisms available for map & alias lookups:
-#	-DNDBM -- use new DBM
-#	-DNEWDB -- use new Berkeley DB
-#	-DNIS -- include NIS support
-# The really old (V7) DBM library is no longer supported.
-# See README for a description of how these flags interact.
-#
-MAPDEF=	ifdef(`confMAPDEF', `confMAPDEF')
+# location of sendmail helpfile file (usually /etc/mail)
+HFDIR= ifdef(`confHFDIR', `confHFDIR', `/etc/mail')
 
-# environment definitions (e.g., -D_AIX3)
-ENVDEF=	ifdef(`confENVDEF', `confENVDEF')
+# full path to installed help file (usually ${HFDIR}/helpfile)
+HFFILE= ${HFDIR}/ifdef(`confHFFILE', `confHFFILE', `helpfile')
 
-# see also conf.h for additional compilation flags
+ifdef(`confSMSRCADD', `APPENDDEF(`confSRCADD', `confSMSRCADD')')
+ifdef(`confSMOBJADD', `APPENDDEF(`confOBJADD', `confSMOBJADD')')
 
-# include directories
-INCDIRS=confINCDIRS
+bldPUSH_TARGET(`statistics')
+divert(bldTARGETS_SECTION)
+statistics:
+	${CP} /dev/null statistics
 
-# loader options
-LDOPTS=	ifdef(`confLDOPTS', `confLDOPTS')
+divert(0)
 
-# library directories
-LIBDIRS=confLIBDIRS
+ifdef(`confNO_HELPFILE_INSTALL',, `bldPUSH_INSTALL_TARGET(`install-hf')')
+ifdef(`confNO_STATISTICS_INSTALL',, `bldPUSH_INSTALL_TARGET(`install-st')')
+divert(bldTARGETS_SECTION)
+install-hf:
+	if [ ! -d ${DESTDIR}${HFDIR} ]; then mkdir -p ${DESTDIR}${HFDIR}; fi
+	${INSTALL} -c -o ${UBINOWN} -g ${UBINGRP} -m 444 helpfile ${DESTDIR}${HFFILE}
 
-# libraries required on your system
-#  delete -l44bsd if you are not running BIND 4.9.x
-LIBS=	ifdef(`confLIBS', `confLIBS')
+install-st: statistics
+	if [ ! -d ${DESTDIR}${STDIR} ]; then mkdir -p ${DESTDIR}${STDIR}; fi
+	${INSTALL} -c -o ${SBINOWN} -g ${UBINGRP} -m 644 statistics ${DESTDIR}${STFILE}
+divert(0)
+bldPRODUCT_END
 
-# location of sendmail binary (usually /usr/sbin or /usr/lib)
-BINDIR=	${DESTDIR}ifdef(`confMBINDIR', `confMBINDIR', `/usr/sbin')
+bldPRODUCT_START(`manpage', `sendmail')
+define(`bldSOURCES', `sendmail.8 aliases.5 mailq.1 newaliases.1')
+bldPRODUCT_END
 
-# location of "user" binaries (usually /usr/bin or /usr/ucb)
-UBINDIR=${DESTDIR}ifdef(`confUBINDIR', `confUBINDIR', `/usr/bin')
-
-# location of sendmail.st file (usually /var/log or /usr/lib)
-STDIR=	${DESTDIR}ifdef(`confSTDIR', `confSTDIR', `/var/log')
-
-# location of sendmail.hf file (usually /usr/share/misc or /usr/lib)
-HFDIR=	${DESTDIR}ifdef(`confHFDIR', `confHFDIR', `/usr/share/misc')
-
-# additional .o files needed
-OBJADD=	ifdef(`confOBJADD', `confOBJADD') ifdef(`confSMOBJADD', `confSMOBJADD')
-
-undivert(1)
-
-###################  end of user configuration flags  ######################
-
-BUILDBIN=confBUILDBIN
-COPTS=	-I. ${INCDIRS} ${MAPDEF} ${ENVDEF}
-CFLAGS=	$O ${COPTS}
-
-BEFORE= confBEFORE
-OBJS=	alias.o arpadate.o clock.o collect.o conf.o control.o convtime.o \
-	daemon.o deliver.o domain.o envelope.o err.o headers.o macro.o \
-	main.o map.o mci.o mime.o parseaddr.o queue.o readcf.o recipient.o \
-	safefile.o savemail.o snprintf.o srvrsmtp.o stab.o stats.o \
-	sysexits.o trace.o udb.o usersmtp.o util.o version.o ${OBJADD}
-
-LINKS=	ifdef(`confLINKS', `confLINKS',
-	`${UBINDIR}/newaliases \
-	${UBINDIR}/mailq \
-	${UBINDIR}/hoststat \
-	${UBINDIR}/purgestat')
-
-NROFF=	ifdef(`confNROFF', `confNROFF', `groff -Tascii')
-MANDOC=	ifdef(`confMANDOC', `confMANDOC', `-mandoc')
-
-INSTALL=ifdef(`confINSTALL', `confINSTALL', `install')
-BINOWN=	ifdef(`confSBINOWN', `confSBINOWN', `root')
-BINGRP=	ifdef(`confSBINGRP', `confSBINGRP', `kmem')
-BINMODE=ifdef(`confSBINMODE', `confSBINMODE', `4555')
-
-MANOWN=	ifdef(`confMANOWN', `confMANOWN', `bin')
-MANGRP=	ifdef(`confMANGRP', `confMANGRP', `bin')
-MANMODE=ifdef(`confMANMODE', `confMANMODE', `444')
-
-MANROOT=${DESTDIR}ifdef(`confMANROOT', `confMANROOT', `/usr/share/man/cat')
-MAN1=	${MANROOT}ifdef(`confMAN1', `confMAN1', `1')
-MAN1EXT=ifdef(`confMAN1EXT', `confMAN1EXT', `1')
-MAN1SRC=ifdef(`confMAN1SRC', `confMAN1SRC', `0')
-MAN5=	${MANROOT}ifdef(`confMAN5', `confMAN5', `5')
-MAN5EXT=ifdef(`confMAN5EXT', `confMAN5EXT', `5')
-MAN5SRC=ifdef(`confMAN5SRC', `confMAN5SRC', `0')
-MAN8=	${MANROOT}ifdef(`confMAN8', `confMAN8', `8')
-MAN8EXT=ifdef(`confMAN8EXT', `confMAN8EXT', `8')
-MAN8SRC=ifdef(`confMAN8SRC', `confMAN8SRC', `0')
-
-ALL=	sendmail sendmail.st aliases.${MAN5SRC} mailq.${MAN1SRC} newaliases.${MAN1SRC} sendmail.${MAN8SRC}
-
-all: ${ALL}
-
-sendmail: ${BEFORE} ${OBJS}
-	${CC} -o sendmail ${LDOPTS} ${LIBDIRS} ${OBJS} ${LIBS}
-
-undivert(3)
-
-sendmail.st:
-	cp /dev/null sendmail.st
-
-aliases.${MAN5SRC}: aliases.5
-	${NROFF} ${MANDOC} aliases.5 > aliases.${MAN5SRC}
-
-mailq.${MAN1SRC}: mailq.1
-	${NROFF} ${MANDOC} mailq.1 > mailq.${MAN1SRC}
-
-newaliases.${MAN1SRC}: newaliases.1
-	${NROFF} ${MANDOC} newaliases.1 > newaliases.${MAN1SRC}
-
-sendmail.${MAN8SRC}: sendmail.8
-	${NROFF} ${MANDOC} sendmail.8 > sendmail.${MAN8SRC}
-
-install: install-sendmail install-docs
-
-install-sendmail: sendmail
-	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} sendmail ${BINDIR}
-	for i in ${LINKS}; do rm -f $$i; ln -s ${BINDIR}/sendmail $$i; done
-	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 444 sendmail.hf \
-	    ${HFDIR}/sendmail.hf
-	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 sendmail.st \
-	    ${STDIR}/sendmail.st
-
-install-docs: aliases.${MAN5SRC} mailq.${MAN1SRC} newaliases.${MAN1SRC} sendmail.${MAN8SRC}
-ifdef(`confNO_MAN_INSTALL', `dnl',
-`	${INSTALL} -c -o ${MANOWN} -g ${MANGRP} -m ${MANMODE} sendmail.${MAN8SRC} ${MAN8}/sendmail.${MAN8EXT}
-	${INSTALL} -c -o ${MANOWN} -g ${MANGRP} -m ${MANMODE} aliases.${MAN5SRC} ${MAN5}/aliases.${MAN5EXT}
-	${INSTALL} -c -o ${MANOWN} -g ${MANGRP} -m ${MANMODE} mailq.${MAN1SRC} ${MAN1}/mailq.${MAN1EXT}
-	${INSTALL} -c -o ${MANOWN} -g ${MANGRP} -m ${MANMODE} newaliases.${MAN1SRC} ${MAN1}/newaliases.${MAN1EXT}')
-
-clean:
-	rm -f ${OBJS} sendmail aliases.${MAN5SRC} mailq.${MAN1SRC} newaliases.${MAN1SRC} sendmail.${MAN8SRC}
-
-################  Dependency scripts
-include(confBUILDTOOLSDIR/M4/depend/ifdef(`confDEPEND_TYPE', `confDEPEND_TYPE', `generic').m4)dnl
-################  End of dependency scripts
+bldFINISH
diff --git a/contrib/sendmail/src/README b/contrib/sendmail/src/README
index 7106e8c..0f9285c 100644
--- a/contrib/sendmail/src/README
+++ b/contrib/sendmail/src/README
@@ -1,4 +1,5 @@
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988
 #	The Regents of the University of California.  All rights reserved.
@@ -8,7 +9,7 @@
 # the sendmail distribution.
 #
 #
-#	@(#)README	8.211 (Berkeley) 2/2/1999
+#	$Id: README,v 8.263.2.1.2.19 2000/07/15 17:35:18 gshapiro Exp $
 #
 
 This directory contains the source files for sendmail(TM).
@@ -16,7 +17,7 @@ This directory contains the source files for sendmail(TM).
 *********************
 !! DO NOT USE MAKE !!  in this directory to compile sendmail --
 *********************  instead, use the "Build" script located in
-the src directory.  It will build an appropriate Makefile, and
+the sendmail directory.  It will build an appropriate Makefile, and
 create an appropriate obj.* subdirectory so that multiplatform
 support works easily.
 
@@ -70,7 +71,7 @@ confLIBS	-l flags for selecting libraries during linking
 confLDOPTS	other ld(1) linker options
 
 Others can be found by examining Makefile.m4.  Please read
-../BuildTools/README for more information about the site.config.m4
+../devtools/README for more information about the site.config.m4
 file.
 
 You can recompile from scratch using the -c flag with the Build
@@ -78,7 +79,7 @@ command.  This removes the existing compilation directory for the
 current platform and builds a new one.
 
 Porting to a new Unix-based system should be a matter of creating
-an appropriate configuration file in the BuildTools/OS/ directory.
+an appropriate configuration file in the devtools/OS/ directory.
 
 
 
@@ -103,7 +104,7 @@ NEWDB		The new Berkeley DB package.  Some systems (e.g., BSD/OS and
 		running BSD/386 1.x, you will need to upgrade the included
 		Berkeley DB library to a current version.  NEWDB is included
 		automatically if the Build script can find a library named
-		libdb.a.
+		libdb.a or libdb.so.
 NDBM		The older NDBM implementation -- the very old V7 DBM
 		implementation is no longer supported.
 NIS		Network Information Services.  To use this you must have
@@ -114,13 +115,16 @@ HESIOD		Support for Hesiod (from the DEC/Athena distribution).  You
 		must already have Hesiod support on your system for this to
 		work.  You may be able to get this to work with the MIT/Athena
 		version of Hesiod, but that's likely to be a lot of work.
-LDAPMAP		Lightweight Directory Lookup Protocol support.  You will
-		have to install the UMich or OpenLDAP ldap and lber
-		libraries to use this flag.
+LDAPMAP		Lightweight Directory Access Protocol support.  You will
+		have to install the UMich or OpenLDAP
+		(http://www.openldap.org/) ldap and lber libraries to use
+		this flag.
 MAP_REGEX	Regular Expression support.  You will need to use an
 		operating system which comes with the POSIX regex()
 		routines or install a regexp library such as libregex from
 		the Free Software Foundation.
+PH_MAP		PH map support.  You will need the qi PH package.
+MAP_NSD		nsd map support (IRIX 6.5 and later).
 
 >>>  NOTE WELL for NEWDB support: If you want to get ndbm support, for
 >>>  Berkeley DB versions under 2.0, it is CRITICAL that you remove
@@ -182,7 +186,7 @@ Wherever possible, I try to make sendmail pull in the correct
 compilation options needed to compile on various environments based on
 automatically defined symbols.  Some machines don't seem to have useful
 symbols available, requiring that a compilation flag be defined in
-the Makefile; see the Buildtools/OS subdirectory for the supported
+the Makefile; see the devtools/OS subdirectory for the supported
 architectures.
 
 If you are a system to which sendmail has already been ported you
@@ -199,6 +203,8 @@ SYS5SIGNALS	Use System V signal semantics -- the signal handler
 SYS5SETPGRP	Use System V setpgrp() semantics.  Implied by SYSTEM5.
 HASFCHMOD	Define this to one if you have the fchmod(2) system call.
 		This improves security.
+HASFCHOWN	Define this to one if you have the fchown(2) system call.
+		This is required for the TrustedUser option.
 HASFLOCK	Set this if you prefer to use the flock(2) system call
 		rather than using fcntl-based locking.  Fcntl locking
 		has some semantic gotchas, but many vendor systems
@@ -260,7 +266,10 @@ HASGETDTABLESIZE
 		Define this if you have the getdtablesize(2) syscall.
 HAS_ST_GEN	Define this to 1 if your system has the st_gen field in
 		the stat structure (see stat(2)).
-USESTRERROR	Define this if you have the libc strerror function (which
+HASSRANDOMDEV	Define this if your system has the srandomdev(3) function
+		call.
+HASURANDOMDEV	Define this if your system has /dev/urandom(4).
+HASSTRERROR	Define this if you have the libc strerror(3) function (which
 		should be declared in <errno.h>), and it should be used
 		instead of sys_errlist.
 NEEDGETOPT	Define this if you need a reimplementation of getopt(3).
@@ -439,8 +448,17 @@ SIOCGIFNUM_IS_BROKEN
 NEED_PERCENTQ	Set this if your system doesn't support the printf
 		format strings %lld or %llu.  If this is set, %qd and
 		%qu are used instead.
-
-
+FAST_PID_RECYCLE
+		Set this if your system can reuse the same PID in the same
+		second.
+SO_REUSEADDR_IS_BROKEN
+		Set this if your system has a setsockopt() SO_REUSEADDR
+		flag but doesn't pay attention to it when trying to bind a
+		socket to a recently closed port.
+SNPRINTF_IS_BROKEN
+		Set this if your system has an snprintf() implementation
+		which does not NUL terminate the string being filled in.
+		Use test/t_snprintf.c to test your system.
 
 +-----------------------+
 | COMPILE-TIME FEATURES |
@@ -468,6 +486,9 @@ HESIOD		Define this to get Hesiod support for aliases and maps.
 		Normally defined in the Makefile.
 NETINFO		Define this to get NeXT NetInfo support for aliases and maps.
 		Normally defined in the Makefile.
+LDAPMAP		Define this to get LDAP support for maps.
+PH_MAP		Define this to get PH support for maps.
+MAP_NSD		Define this to get nsd support for maps.
 USERDB		Define this to 1 to include support for the User Information
 		Database.  Implied by NEWDB or HESIOD.  You can use
 		-DUSERDB=0 to explicitly turn it off.
@@ -477,7 +498,7 @@ IDENTPROTO	Define this as 1 to get IDENT (RFC 1413) protocol support.
 		implementation.  You can define it to be 0 to explicitly
 		turn off IDENT protocol support.  If defined off, the code
 		is actually still compiled in, but it defaults off; you
-		can turn it on by setting the IDENT timeout to 30s in the
+		can turn it on by setting the IDENT timeout in the
 		configuration file.
 IP_SRCROUTE	Define this to 1 to get IP source routing information
 		displayed in the Received: header.  This is assumed on
@@ -493,10 +514,16 @@ LOG		Set this to get syslog(3) support.  Defined by default
 		in conf.h.  You want this if at all possible.
 NETINET		Set this to get TCP/IP support.  Defined by default
 		in conf.h.  You probably want this.
+NETINET6	Set this to get IPv6 support.  Other configuration may
+		be needed in conf.h for your particular operating system.
+		Also, DaemonPortOptions must be set appropriately for
+		sendmail to accept IPv6 connections.
 NETISO		Define this to get ISO networking support.
 NETUNIX		Define this to get Unix domain networking support.  Defined
 		by default.  A few bizarre systems (SCO, ISC, Altos) don't
 		support this networking domain.
+NETNS		Define this to get NS networking support.
+NETX25		Define this to get X.25 networking support.
 SMTP		Define this to get the SMTP code.  Implied by NETINET
 		or NETISO.
 NAMED_BIND	If non-zero, include DNS (name daemon) support, including
@@ -536,6 +563,37 @@ SHARE_V1	Support for the fair share scheduler, version 1.  Setting to
 		1 causes final delivery to be done using the recipients
 		resource limitations.  So far as I know, this is only
 		supported on ConvexOS.
+SASL		Enables SMTP AUTH (RFC 2554). This requires the Cyrus SASL
+		library (ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/).  Please
+		install at least version 1.5.13.  See below for further
+		information: SASL COMPILATION AND CONFIGURATION.  If your
+		SASL library is older than 1.5.10, you have to set this
+		to its version number using a simple conversion:  a.b.c
+		-> c + b*100 + a*10000, e.g. for 1.5.9 define SASL=10509.
+		Note: Using an older version than 1.5.5 of Cyrus SASL is
+		not supported. Starting with version 1.5.10, setting SASL=1
+		is sufficient. Any value other than 1 (or 0) will be
+		compared with the actual version found and if there is a
+		mismatch, compilation will fail.
+EGD		Define this if your system has EGD installed, see
+		http://www.lothar.com/tech/crypto/ . It should be used to
+		seed the PRNG for STARTTLS if HASURANDOMDEV is not defined.
+STARTTLS	Enables SMTP STARTTLS (RFC 2487). This requires OpenSSL
+		(http://www.OpenSSL.org/) and sfio (see below).
+		See STARTTLS COMPILATION AND CONFIGURATION for further
+		information.
+TLS_NO_RSA	Turn off support for RSA algorithms in STARTTLS.
+SFIO		Uses sfio instead of stdio. sfio is available from AT&T
+		(http://www.research.att.com/sw/tools/sfio/).  If this
+		compile flag is set, confSTDIO_TYPE must be set to portable.
+		This compile flag is necessary for STARTTLS; it also
+		enables the security layer of SASL.  The sfio include file
+		stdio.h must be installed in a subdirectory called sfio,
+		i.e., if you install sfio in /usr/local, stdio.h should
+		be in /usr/local/include/sfio, and libsfio.a should be in
+		/usr/local/lib.  Notice: you may run into problems if
+		you use sfio2000 (the body of a message is lost).  Use
+		sfio1999 instead.
 
 
 +---------------------+
@@ -570,6 +628,70 @@ wildcard MX records that match your domain.  ANYTHING ELSE WILL GIVE
 YOU HEADACHES!
 
 
++----------------------------------------+
+| STARTTLS COMPILATION AND CONFIGURATION |
++----------------------------------------+
+
+Please read the docs accompanying the OpenSSL library and sfio.
+You have to compile and install both libraries before you can compile
+sendmail.  See devtools/README how to set the correct compile time
+parameters; you should at least set the following variables:
+
+define(`confSTDIO_TYPE', `portable')
+APPENDDEF(`confENVDEF', `-DSFIO')
+APPENDDEF(`confLIBS', `-lsfio')
+APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS')
+APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')
+
+Configuration information can be found in doc/op/op.me (required
+certificates) and cf/README (how to tell sendmail about certificates).
+
+To perform an initial test, connect to your sendmail daemon
+(telnet localhost 25) and issue a EHLO localhost and see whether
+250-STARTTLS
+is in the response.  If it isn't, run the daemon with
+-O LogLevel=14
+and try again.  Then take a look at the logfile and see whether
+there are any problems listed about permissions (unsafe files)
+or the validity of X.509 certificates.
+
+Note: sfio must be used in all libraries with which sendmail exchanges
+file pointers. That is, libsmutil must be compiled with sfio, which
+is accomplished by the above config parameters. Another example is
+PH map support.  This does not apply to the usual libraries, e.g.,
+OpenSSL, Berkeley DB, Cyrus SASL.
+
+Further information can be found via:
+http://www.sendmail.org/tips/
+
+
++------------------------------------+
+| SASL COMPILATION AND CONFIGURATION |
++------------------------------------+
+
+Please read the docs accompanying the library (INSTALL and README).
+If you use Berkeley DB for Cyrus SASL then you must compile sendmail
+with the same version of Berkeley DB.
+
+You have to select and install authentication mechanisms and tell
+sendmail where to find the sasl library and the include files (see
+devtools/README for the parameters to set). Setup the required
+users and passwords as explained in the SASL documentation.  See
+also cf/README for authentication related options (esp. DefaultAuthInfo
+if you want authentication between MTAs).
+
+To perform an initial test, connect to your sendmail daemon
+(telnet localhost 25) and issue a EHLO localhost and see whether
+250-AUTH ....
+is in the response.  If it isn't, run the daemon with
+-O LogLevel=14
+and try again.  Then take a look at the logfile and see whether
+there are any security related problems listed (unsafe files).
+
+Further information can be found via:
+http://www.sendmail.org/tips/
+
+
 +-------------------------------------+
 | OPERATING SYSTEM AND COMPILE QUIRKS |
 +-------------------------------------+
@@ -609,7 +731,7 @@ Configuration file location
 	Up to 8.6, sendmail tried to find the sendmail.cf file in the same
 	place as the vendors had put it, even when this was obviously
 	stupid.  As of 8.7, sendmail ALWAYS looks for /etc/sendmail.cf.
-	Beginning with 8.10, sendmail will use /etc/mail/sendmail.cf.
+	Beginning with 8.10, sendmail uses /etc/mail/sendmail.cf.
 	You can get sendmail to use the stupid vendor .cf location by
 	adding -DUSE_VENDOR_CF_PATH during compilation, but this may break
 	support programs and scripts that need to find sendmail.cf.  You
@@ -617,6 +739,22 @@ Configuration file location
 	vendor location rather than changing the location in the sendmail
 	binary.
 
+	NETINFO systems use NETINFO to determine the location of
+	sendmail.cf. The full path to sendmail.cf is stored as the value of
+	the "sendmail.cf" property in the "/locations/sendmail"
+	subdirectory of NETINFO. Set the value of this property to
+	"/etc/mail/sendmail.cf" (without the quotes) to use this new
+	default location for Sendmail 8.10.0 and higher.
+
+ControlSocket permissions
+	Paraphrased from BIND 8.2.1's README:
+
+	Solaris and other pre-4.4BSD kernels do not respect ownership or
+	protections on UNIX-domain sockets.  The short term fix for this is to
+	override the default path and put such control sockets into root-
+	owned directories which do not permit non-root to r/w/x through them.
+	The long term fix is for all kernels to upgrade to 4.4BSD semantics.
+
 SunOS 4.x (Solaris 1.x)
 	You may have to use -lresolv on SunOS.  However, beware that
 	this links in a new version of gethostbyname that does not
@@ -647,6 +785,11 @@ SunOS 4.x (Solaris 1.x)
 	and it should work.  This info is thanks to Brian Bartholomew
 	<bb@math.ufl.edu> of I-Kinetics, Inc.
 
+	NOTE: The SunOS 4.X linker uses library paths specified during
+	compilation using -L for run-time shared library searches.
+	Therefore, it is vital that relative and unsafe directory paths not
+	be used when compiling sendmail.
+
 SunOS 4.0.2 (Sun 386i)
 	Date: Fri, 25 Aug 1995 11:13:58 +0200 (MET DST)
 	From: teus@oce.nl
@@ -656,7 +799,7 @@ SunOS 4.0.2 (Sun 386i)
 	* Don't use /usr/5bin in your PATH, but make /usr/5bin/uname
 	  available as "uname" command.
 	* Use the defines "-DBSD4_3 -DNAMED_BIND=0" in
-	  BuildTools/OS/SunOS.4.0, which is selected via the "uname" command.
+	  devtools/OS/SunOS.4.0, which is selected via the "uname" command.
 	I recommend to make available the db-library on the system first
 	(and change the Makefile to use this library).
 	Note that the sendmail.cf and aliases files are found in /etc.
@@ -688,44 +831,6 @@ Solaris 2.x (SunOS 5.x)
 	make sure /opt/SUNWspro/bin/cc is used instead of /usr/ucb/cc
 	(or it might complain about tm_zone).
 
-	To the best of my knowledge, Solaris does not have the
-	gethostbyname problem described above.  However, it does
-	have another one:
-
-	From a correspondent:
-
-	   For solaris 2.2, I have
-
-		hosts:      files dns
-
-	   in /etc/nsswitch.conf and /etc/hosts has to have the fully
-	   qualified host name. I think "files" has to be before "dns"
-	   in /etc/nsswitch.conf during bootup.
-
-	From another correspondent:
-
-	   When running sendmail under Solaris, the gethostbyname()
-	   hack in conf.c which should perform proper canonicalization
-	   of host names could fail.  Result: the host name is not
-	   canonicalized despite the hack, and you'll have to define $j
-	   and $m in sendmail.cf somewhere.
-
-	   The reason could be that /etc/nsswitch.conf is improperly
-	   configured (at least from sendmail's point of view).  For
-	   example, the line
-
-		hosts:      files nisplus dns
-
-	   will make gethostbyname() look in /etc/hosts first, then ask
-	   nisplus, then dns.  However, if /etc/hosts does not contain
-	   the full canonicalized hostname, then no amount of
-	   gethostbyname()s will work.
-
-	   Solution (or rather, a workaround): Ask nisplus first, then
-	   dns, then local files:
-
-		hosts:      nisplus dns [NOTFOUND=return] files
-
 	The Solaris "syslog" function is apparently limited to something
 	about 90 characters because of a kernel limitation.  If you have
 	source code, you can probably up this number.  You can get patches
@@ -777,12 +882,6 @@ Solaris 2.4 (SunOS 5.4)
 	>>
 	>> here, path 2 would be the first used.
 
-Solaris 2.6 (SunOS 5.6)
-	If you built sendmail 8.8.1 through 8.8.4 inclusive on a Solaris 2.5
-	system, that binary will not run on Solaris 2.6, due to problems with
-	incompatible snprintf(3s) calls.  This problem is fixed in sendmail
-	8.8.5.
-
 Solaris 2.5.1 (SunOS 5.5.1) and 2.6 (SunOS 5.6)
 	Apparently Solaris 2.5.1 patch 103663-01 installs a new
 	/usr/include/resolv.h file that defines the __P macro without
@@ -803,19 +902,43 @@ Solaris 2.5.1 (SunOS 5.5.1) and 2.6 (SunOS 5.6)
 	Sun is aware of the problem (Sun bug ID 4081053) and it will be fixed
 	in Solaris 2.7.
 
+Solaris 7 (SunOS 5.7)
+	Solaris 7 includes LDAP libraries but the implementation was
+	lacking a few things.  The following settings can be placed in
+	devtools/Site/site.SunOS.5.7.m4 if you plan on using those
+	libraries.
+
+	APPENDDEF(`confMAPDEF', `-DLDAPMAP')
+	APPENDDEF(`confENVDEF', `-DLDAP_VERSION_MAX=3')
+	APPENDDEF(`confLIBS', `-lldap')
+
+	Also, Sun's patch 107555 is needed to prevent a crash in the call
+	to ldap_set_option for LDAP_OPT_REFERRALS in ldapmap_setopts if
+	LDAP support is compiled in sendmail.
+
 Ultrix
 	By default, the IDENT protocol is turned off on Ultrix.  If you
 	are running Ultrix 4.4 or later, or if you have included patch
 	CXO-8919 for Ultrix 4.2 or 4.3 to fix the TCP problem, you can turn
-	IDENT on in the configuration file by setting the "ident" timeout
-	to 30 seconds.
+	IDENT on in the configuration file by setting the "ident" timeout.
+
+	The Ultrix 4.5 Y2K patch (ULTV45-022-1) has changed the resolver
+	included in libc.a.  Unfortunately, the __RES symbol hasn't changed
+	and therefore, sendmail can no longer automatically detect the
+	newer version.  If you get a compiler error:
+
+	/lib/libc.a(gethostent.o): local_hostname_length: multiply defined
+
+	Then rebuild with this in devtools/Site/site.ULTRIX.m4:
+
+	APPENDDEF(`conf_sendmail_ENVDEF', `-DNEEDLOCAL_HOSTNAME_LENGTH=0')
 
 Digital UNIX (formerly DEC OSF/1)
 	If you are compiling on OSF/1 (DEC Alpha), you must use
 	-L/usr/shlib (otherwise it core dumps on startup).  You may also
 	need -mld to get the nlist() function, although some versions
 	apparently don't need this.
-	
+
 	Also, the enclosed makefile removed /usr/sbin/smtpd; if you need
 	it, just create the link to the sendmail binary.
 
@@ -886,13 +1009,13 @@ IRIX
 	http://reality.sgi.com/ariel/freeware/#db .
 
 IRIX 6.x
-	It is important that on IRIX 6.x you give used ABI in command
-	line of Build, otherwise configuration script does not work
-	correctly, e.g.,
-
-		sh Build -E ABI=-n32
+	If you are using XFS filesystem, avoid using the -32 ABI switch to
+	the cc compiler if possible.
 
-	If you are using XFS filesystem, avoid using ABI=-32 if possible.
+IRIX 6.4
+	The IRIX 6.5.4 version of /bin/m4 does not work properly with
+	sendmail.  Either install fw_m4.sw.m4 off the Freeware_May99 CD and
+	use /usr/freeware/bin/m4 or install and use GNU m4.
 
 NeXT or NEXTSTEP
 	NEXTSTEP 3.3 and earlier ship with the old DBM library.  Also,
@@ -904,7 +1027,7 @@ NeXT or NEXTSTEP
 		#include <sys/dir.h>
 		#define dirent	direct
 
-	(BuildTools/OS/NeXT should try to do both of these for you.)
+	(devtools/OS/NeXT should try to do both of these for you.)
 
 	Apparently, there is a bug in getservbyname on Nextstep 3.0
 	that causes it to fail under some circumstances with the
@@ -915,8 +1038,6 @@ NeXT or NEXTSTEP
 
 	in your .cf file.
 
-	You may have to use -DNeXT.
-
 BSDI (BSD/386) 1.0, NetBSD 0.9, FreeBSD 1.0
 	The "m4" from BSDI won't handle the config files properly.
 	I haven't had a chance to test this myself.
@@ -926,18 +1047,18 @@ BSDI (BSD/386) 1.0, NetBSD 0.9, FreeBSD 1.0
 	recently posted in comp.os.386bsd.bugs (and maybe others).
 	NetBSD-current includes the PD-M4 (as stated in the NetBSD file
 	CHANGES).
-	
+
 	FreeBSD 1.0 RELEASE has uname(2) now. Use -DUSEUNAME in order to
-	use it (look into BuildTools/OS/FreeBSD). NetBSD-current may have
+	use it (look into devtools/OS/FreeBSD). NetBSD-current may have
 	it too but it has not been verified.
 
 	The latest version of Berkeley DB uses a different naming
 	scheme than the version that is supplied with your release.  This
 	means you will be able to use the current version of Berkeley DB
 	with sendmail as long you use the new db.h when compiling
-	sendmail and link it against the new libdb.a.  You should probably
-	keep the original db.h in /usr/include and the new db.h in
-	/usr/local/include.
+	sendmail and link it against the new libdb.a or libdb.so.  You
+	should probably keep the original db.h in /usr/include and the
+	new db.h in /usr/local/include.
 
 4.3BSD
 	If you are running a "virgin" version of 4.3BSD, you'll have
@@ -949,7 +1070,7 @@ BSDI (BSD/386) 1.0, NetBSD 0.9, FreeBSD 1.0
 	determined to continue to use your old, buggy version (or as
 	a shortcut to get sendmail working -- I'm sure you have the
 	best intentions to port a modern version of BIND), you can
-	copy ../contrib/oldbind.compat.c into src and add
+	copy ../contrib/oldbind.compat.c into sendmail and add
 	oldbind.compat.o to OBJADD in the Makefile.
 
 A/UX
@@ -994,7 +1115,7 @@ SCO Unix
 	/etc/named.boot.
 		- sigh -
 
-	According to SCO, the m4 which ships with UnixWare 2.1.2 is broken.	
+	According to SCO, the m4 which ships with UnixWare 2.1.2 is broken.
 	We recommend installing GNU m4 before attempting to build sendmail.
 
 DG/UX
@@ -1016,7 +1137,7 @@ Apollo DomainOS
 		#include <sys/dir.h>
 		#define dirent	direct
 
-	(BuildTools/OS/DomainOS will attempt to do both of these for you.)
+	(devtools/OS/DomainOS will attempt to do both of these for you.)
 
 HP-UX 8.00
 	Date: Mon, 24 Jan 1994 13:25:45 +0200
@@ -1084,6 +1205,46 @@ Linux
 	implementation in the Linux 2.2.0 kernel and poll()-aware versions
 	of glib (at least up to 2.0.111).
 
+	Some pre-glibc distributions of Linux include a syslog.h that does
+	not work properly with SFIO.  You can fix this by adding
+	"#include <syslog.h>" to the SFIO version of stdio.h as the very
+	first line.
+
+AIX 4.X
+	The AIX 4.X linker uses library paths specified during compilation
+	using -L for run-time shared library searches.  Therefore, it is
+	vital that relative and unsafe directory paths not be using when
+	compiling sendmail.  Because of this danger, by default, compiles
+	on AIX use the -blibpath option to limit shared libraries to
+	/usr/lib and /lib.  If you need to allow more directories, such as
+	/usr/local/lib, modify your devtools/Site/site.AIX.4.2.m4,
+	site.AIX.4.3.m4, and/or site.AIX.4.x.m4 file(s) and set confLDOPTS
+	approriately.  For example:
+
+	define(`confLDOPTS', `-blibpath:/usr/lib:/lib:/usr/local/lib')
+
+	Be sure to only add (safe) system directories.
+
+	The AIX version of GNU ld also exhibits this problem.  If you are
+	using that version, instead of -blibpath, use its -rpath option.
+	For example:
+
+	gcc -Wl,-rpath /usr/lib -Wl,-rpath /lib -Wl,-rpath /usr/local/lib
+
+AIX 4.3.3
+	From: Valdis.Kletnieks@vt.edu
+	Date: Sun, 02 Jul 2000 03:58:02 -0400
+
+	Under AIX 4.3.3, after applying bos.adt.include 4.3.3.12 to close the
+	BIND 8.2.2 security holes, you can no lonber build with  -DNETINET6
+	because they changed the value of __RES in resolv.h but failed to
+	actually provide the API changes that the change implied.
+
+	Workarounds:
+	1) Compile without -DNETINET6
+	2) Build against a real Bind 8.2.2 include/lib tree
+	3) Wait for IBM to fix it
+
 AIX 4.2
 	The AIX m4 implements a different mechanism for ifdef which is
 	inconsistent with other versions of m4.  Therefore, it will not
@@ -1113,7 +1274,7 @@ AIX 2.2.1
 	Date: Mon Dec  4 14:14:56 CST 1995
 	From: Mark Whetzel <markw@antimatr.houston.tx.us>
 	Subject: Porting sendmail 8.7.2 to AIX V2 on the RT.
-	
+
 	This version of sendmail does not support MB, MG, and MR resource
 	records, which are supported by AIX sendmail.
 
@@ -1140,28 +1301,24 @@ AIX 2.2.1
 	that will return that information.  The 'LA_SUBR' define
 	will handle this for AIX V2 on the RT.
 
-	Note: You will have to change BuildTools/OS/AIX.2 to correctly
+	Note: You will have to change devtools/OS/AIX.2 to correctly
 	point to the locatons of the updated BIND source tree and
 	the location of the 'newdb' tree and library location.
-	You will also have to change BuildTools/OS/AIX.2 to know
+	You will also have to change devtools/OS/AIX.2 to know
 	about the location of the 'getloadavg' routine if you use
 	the LA_SUBR define.
 
-	
-	Manual pages will format correctly if given the mandoc macros
-	and used with nroff.  I have not tried groff.
-
 RISC/os
 	RISC/os from MIPS is a merged AT&T/Berkeley system.  When you
 	compile on that platform you will get duplicate definitions
 	on many files.  You can ignore these.
 
 System V Release 4 Based Systems
-	There is a single BuildTools OS that is intended for all SVR4-based
-	systems (built from BuildTools/OS/SVR4).  It defines __svr4__,
+	There is a single devtools OS that is intended for all SVR4-based
+	systems (built from devtools/OS/SVR4).  It defines __svr4__,
 	which is predefined by some compilers.  If your compiler already
 	defines this compile variable, you can delete the definition from
-	the generated Makefile or create a BuildTools/Site/site.config.m4
+	the generated Makefile or create a devtools/Site/site.config.m4
 	file.
 
 	It's been tested on Dell Issue 2.2.
@@ -1234,11 +1391,11 @@ UnixWare
 	According to Larry Rosenman <ler@lerami.lerctr.org>:
 
 		UnixWare 2.1.[23]'s m4 chokes (not obviously) when
-		processing the 8.9.0 cf files. 
- 
+		processing the 8.9.0 cf files.
+
 		I had a LOCAL_RULE_0 that wound up AFTER the
 		SBasic_check_rcpt rules using the SCO supplied M4.
-		GNU M4 works fine. 
+		GNU M4 works fine.
 
 UNICOS 8.0.3.4
 	Some people have reported that the -O flag on UNICOS can cause
@@ -1262,6 +1419,20 @@ BIND 4.9.2 and Ultrix
 
 	during the link stage.
 
+BIND 8.X
+	BIND 8.X returns HOST_NOT_FOUND instead of TRY_AGAIN on temporary
+	DNS failures when trying to find the hostname associated with an IP
+	address (gethostbyaddr()).  This can cause problems as
+	$&{client_name} based lookups in class R ($=R) and the access
+	database won't succeed.
+
+	This will be fixed in BIND 8.2.1.  For earlier versions, this can
+	be fixed by making "dns" the last name service queried for host
+	resolution in /etc/irs.conf:
+
+		hosts local continue
+		hosts dns
+
 strtoul
 	Some compilers (notably gcc) claim to be ANSI C but do not
 	include the ANSI-required routine "strtoul".  If your compiler
@@ -1290,39 +1461,16 @@ Listproc 6.0c
 	cause it to use "HELO hostname" (which Z-mail apparently requires
 	as well. :)
 
-LDAP
-	LDAP was provided by Booker Bense <bbense+ldap@stanford.edu> of
-	Stanford University.  From Booker:
-
-	  - The patch attached to this message implements an Ldap map class.
-	    Currently we are using this at stanford to support campus-wide
-	    email addressing. More information can be found at
-	    http://www.stanford.edu/~bbense/Inst.html.
-
-	  - Currently we are using the ldap map as follows:
-
-		Kluser ldapx
-		    -h"localhost borax.stanford.edu borate.stanford.edu boron.stanford.edu"
-		    -k"mailacceptinggeneralid=%s" -v maildrop
+OpenSSL
+	OpenSSL versions prior to 0.9.6 use a macro named Free which
+	conflicts with existing macro names on some platforms, such as
+	AIX.
 
-	    and in Rule set S5
-
-		# Now attempt to lookup in luser (ldap map)
-		R< $L > $+		$: < $L > $( luser $1 $)
-		R< $*  > $+ @ $+	$: < $3 > $2		Rewrite if forward
-
-	  - The map definition supports most of the standard Map args plus most
-	    of the command line options of ldapsearch. The software is currently
-	    limited to only accepting the first entry returned. It expects that
-	    the map defines an ldap filter that returns at most 1 valid entry.
-	    It requires the ldap and lber libraries from the Umich Ldap3.2
-	    release.
-
-	    The software has been in production on Solaris.2.5.1 at Stanford
-	    for over 2 years.
-
-	The LDAP map supports both the UMich LDAP 3.2 and 3.3 libraries as
-	well as the OpenLDAP (http://www.openldap.org/) libraries.
+PH
+	PH support is provided by Mark Roth <roth@uiuc.edu>.  The map is
+	described at http://www-wsg.cso.uiuc.edu/sendmail/patches/ .
+	Please contact Mark Roth for support and questions regarding the
+	map.
 
 TCP Wrappers
 	If you are using -DTCPWRAPPERS to get TCP Wrappers support you will
@@ -1331,9 +1479,7 @@ TCP Wrappers
 	(make sure that INCDIRS and LIBDIRS point to where the tcpd.h and
 	libwrap.a can be found).
 
-	TCP Wrappers is available on ftp.win.tue.nl in /pub/security;
-	grab tcp_wrappers_<VER>.tar.gz (where <VER> is the highest
-	numbered version).
+	TCP Wrappers is available at ftp://ftp.porcupine.org/pub/security/.
 
 	If you have alternate MX sites for your site, be sure that all of
 	your MX sites reject the same set of hosts.  If not, a bad guy whom
@@ -1347,28 +1493,24 @@ Regular Expressions (MAP_REGEX)
 
 	or sendmail gives an error about a regular expression with:
 
-		pattern-compile-error: : Operation not applicable 
+		pattern-compile-error: : Operation not applicable
 
 	Your libc does not include a running version of POSIX-regex. Use
-	librx or regex.o from the GNU Free Software Foundation,  
-	ftp://ftp.gnu.org/pub/gnu/rx-?.?.tar.gz or 
-	ftp://ftp.gnu.org/pub/gnu/regex-?.?.tar.gz. 
-	You can also use the regex-lib by Henry Spencer, 
-	ftp://ftp.funet.fi/pub/languages/C/spencer/regex.shar.gz  
-	Make sure, your compiler reads regex.h from the distribution,  
-	not from /usr/include, otherwise sendmail will dump a core. 
+	librx or regex.o from the GNU Free Software Foundation,
+	ftp://ftp.gnu.org/pub/gnu/rx-?.?.tar.gz or
+	ftp://ftp.gnu.org/pub/gnu/regex-?.?.tar.gz.
+	You can also use the regex-lib by Henry Spencer,
+	ftp://ftp.funet.fi/pub/languages/C/spencer/regex.shar.gz
+	Make sure, your compiler reads regex.h from the distribution,
+	not from /usr/include, otherwise sendmail will dump a core.
 
 
 +--------------+
 | MANUAL PAGES |
 +--------------+
 
-The manual pages have been written against the -mandoc macros
-instead of the -man macros.  The latest version of groff has them
-included.  You can also get a copy from FTP.UU.NET in the directory
-/systems/unix/bsd-sources/share/tmac.  groff is available from
-ftp.gnu.org in the /pub/gnu directory.
-
+The manual pages have been written against the -man macros, and
+should format correctly with any reasonable *roff.
 
 +-----------------+
 | DEBUGGING HOOKS |
@@ -1402,13 +1544,22 @@ A typical formulation of ruleset 89 would be:
 
 The following list describes the files in this directory:
 
+Build		Shell script for building sendmail.
+Makefile	A convenience for calling ./Build.
 Makefile.m4	A template for constructing a makefile based on the
-		information in the BuildTools directory.
+		information in the devtools directory.
 README		This file.
 TRACEFLAGS	My own personal list of the trace flags -- not guaranteed
 		to be particularly up to date.
 alias.c		Does name aliasing in all forms.
+aliases.5	Man page describing the format of the aliases file.
 arpadate.c	A subroutine which creates ARPANET standard dates.
+bf.h		Buffered file I/O function declarations.
+bf_portable.c	Stub routines for systems lacking the Torek stdio library.
+bf_portable.h	Data structure and function declarations for bf_portable.c.
+bf_torek.c	Routines to implement memory-buffered file system using
+		hooks provided by Torek stdio library.
+bf_torek.h	Data structure and function declarations for bf_torek.c.
 clock.c		Routines to implement real-time oriented functions
 		in sendmail -- e.g., timeouts.
 collect.c	The routine that actually reads the mail into a temp
@@ -1425,40 +1576,47 @@ daemon.c	Routines to implement daemon mode.  This version is
 deliver.c	Routines to deliver mail.
 domain.c	Routines that interface with DNS (the Domain Name
 		System).
-err.c		Routines to print error messages.
 envelope.c	Routines to manipulate the envelope structure.
+err.c		Routines to print error messages.
 headers.c	Routines to process message headers.
+helpfile	An example helpfile for the SMTP HELP command and -bt mode.
 macro.c		The macro expander.  This is used internally to
 		insert information from the configuration file.
+mailq.1		Man page for the mailq command.
 main.c		The main routine to sendmail.  This file also
 		contains some miscellaneous routines.
+makesendmail	A convenience for calling ./Build.
 map.c		Support for database maps.
 mci.c		Routines that handle mail connection information caching.
+milter.c	MTA portions of the mail filter API.
 mime.c		MIME conversion routines.
+newaliases.1	Man page for the newaliases command.
 parseaddr.c	The routines which do address parsing.
 queue.c		Routines to implement message queueing.
 readcf.c	The routine that reads the configuration file and
 		translates it to internal form.
 recipient.c	Routines that manipulate the recipient list.
-safefile.c	Routines to do careful checking of file modes and permissions
-		when opening or creating files.
 savemail.c	Routines which save the letter on processing errors.
+sendmail.8	Man page for the sendmail command.
 sendmail.h	Main header file for sendmail.
-snprintf.c	Routines to manipulate strings but prevent buffer overflows.
+sfsasl.c	I/O interface between SASL/TLS and the MTA using SFIO.
+sfsasl.h	Header file for sfsasl.c.
+shmticklib.c	Routines for shared memory counters.
 srvrsmtp.c	Routines to implement server SMTP.
 stab.c		Routines to manage the symbol table.
 stats.c		Routines to collect and post the statistics.
+statusd_shm.h	Data structure and function declarations for shmticklib.c.
 sysexits.c	List of error messages associated with error codes
 		in sysexits.h.
+sysexits.h	List of error codes for systems that lack their own.
+timers.c	Routines to provide microtimers.
+timers.h	Data structure and function declarations for timers.h.
 trace.c		The trace package.  These routines allow setting and
 		testing of trace flags with a high granularity.
 udb.c		The user database interface module.
 usersmtp.c	Routines to implement user SMTP.
 util.c		Some general purpose routines used by sendmail.
 version.c	The version number and information about this
-		version of sendmail.  Theoretically, this gets
-		modified on every change.
-
-Eric Allman
+		version of sendmail.
 
-(Version 8.211, last update 2/2/1999 15:28:18)
+(Version $Revision: 8.263.2.1.2.19 $, last update $Date: 2000/07/15 17:35:18 $ )
diff --git a/contrib/sendmail/src/TRACEFLAGS b/contrib/sendmail/src/TRACEFLAGS
index 04b9b3c..b48e75d 100644
--- a/contrib/sendmail/src/TRACEFLAGS
+++ b/contrib/sendmail/src/TRACEFLAGS
@@ -1,4 +1,4 @@
-#	@(#)TRACEFLAGS	8.21 (Berkeley) 4/27/1998
+#	$Id: TRACEFLAGS,v 8.29 1999/11/04 23:31:02 gshapiro Exp $
 0, 1	main.c		main	skip background fork
 0, 4	main.c		main	canonical name, UUCP node name, a.k.a.s
 0, 15	main.c		main	print configuration
@@ -23,7 +23,7 @@
 16	daemon.c	makeconnection
 17	deliver.c	hostsignature
 17	domain.c	mxrand
-18	usersmtp.c	reply, smtpmessage, smtpinit, smtpmailfrom
+18	usersmtp.c	reply, smtpmessage, smtpinit, smtpmailfrom, smtpdata
 19	srvrsmtp.c	smtp
 20	parseaddr.c	parseaddr
 21	parseaddr.c	rewrite
@@ -47,7 +47,7 @@
 35	macro.c		expand, define
 36	stab.c		stab
 37	readcf.c	(many)
-38	map.c		initmaps
+38	map.c		initmaps, setupmaps (bogus map)
 39	map.c		map_rewrite
 40	queue.c		queueup, orderq, dowork
 41	queue.c		orderq
@@ -69,11 +69,17 @@
 55	conf.c		lockfile
 56	mci.c		persistent host status
 57	util.c		snprintf
+58	bf.c		bf* routines
 60	map.c
 61	conf.c		sm_gethostbyname
 62	multiple	file descriptor checking
+63	queue.c		runqueue process watching
+64	multiple	Milter
 80			content length
 81			sun remote mode
 91	mci.c		syslogging of MCI cache information
 94	srvrsmtp.c	cause commands to fail (for protocol testing)
+95	srvrsmtp.c	AUTH
+95	usersmtp.c	AUTH
+98	*		timers
 99	main.c		avoid backgrounding (no printed output)
diff --git a/contrib/sendmail/src/alias.c b/contrib/sendmail/src/alias.c
index a7149f2..4d3c4a6 100644
--- a/contrib/sendmail/src/alias.c
+++ b/contrib/sendmail/src/alias.c
@@ -1,24 +1,29 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
  *
  * By using this file, you agree to the terms and conditions set
  * forth in the LICENSE file which can be found at the top level of
  * the sendmail distribution.
- *
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
  */
 
-# include "sendmail.h"
+#include <sendmail.h>
 
 #ifndef lint
-static char sccsid[] = "@(#)alias.c	8.96 (Berkeley) 12/18/1998";
-#endif /* not lint */
+static char id[] = "@(#)$Id: alias.c,v 8.142.4.1 2000/05/25 18:56:12 gshapiro Exp $";
+#endif /* ! lint */
+
+# define SEPARATOR ':'
+# define ALIAS_SPEC_SEPARATORS	" ,/:"
+
+static MAP	*AliasFileMap = NULL;	/* the actual aliases.files map */
+static int	NAliasFileMaps;	/* the number of entries in AliasFileMap */
 
+static char	*aliaslookup __P((char *, int *));
 
-MAP	*AliasFileMap = NULL;	/* the actual aliases.files map */
-int	NAliasFileMaps;		/* the number of entries in AliasFileMap */
 /*
 **  ALIAS -- Compute aliases.
 **
@@ -53,15 +58,14 @@ alias(a, sendq, aliaslevel, e)
 {
 	register char *p;
 	char *owner;
-	auto int stat = EX_OK;
+	auto int status = EX_OK;
 	char obuf[MAXNAME + 7];
-	extern char *aliaslookup __P((char *, int *, ENVELOPE *));
 
 	if (tTd(27, 1))
-		printf("alias(%s)\n", a->q_user);
+		dprintf("alias(%s)\n", a->q_user);
 
 	/* don't realias already aliased names */
-	if (bitset(QDONTSEND|QBADADDR|QVERIFIED, a->q_flags))
+	if (!QS_IS_OK(a->q_state))
 		return;
 
 	if (NoAlias)
@@ -77,10 +81,33 @@ alias(a, sendq, aliaslevel, e)
 	**	bounce messages inappropriately.
 	*/
 
-	p = aliaslookup(a->q_user, &stat, e);
-	if (stat == EX_TEMPFAIL || stat == EX_UNAVAILABLE)
+
+#if _FFR_REDIRECTEMPTY
+	/*
+	**  envelope <> can't be sent to mailing lists, only owner-
+	**  send spam of this type to owner- of the list
+	**  ----  to stop spam from going to mailing lists!
+	*/
+	if (e->e_sender != NULL && *e->e_sender == '\0')
 	{
-		a->q_flags |= QQUEUEUP;
+		/* Look for owner of alias */
+		(void) strlcpy(obuf, "owner-", sizeof obuf);
+		(void) strlcat(obuf, a->q_user, sizeof obuf);
+		if (aliaslookup(obuf, &status) != NULL)
+		{
+			if (LogLevel > 8)
+				syslog(LOG_WARNING,
+				       "possible spam from <> to list: %s, redirected to %s\n",
+				       a->q_user, obuf);
+			a->q_user = newstr(obuf);
+		}
+	}
+#endif /* _FFR_REDIRECTEMPTY */
+
+	p = aliaslookup(a->q_user, &status);
+	if (status == EX_TEMPFAIL || status == EX_UNAVAILABLE)
+	{
+		a->q_state = QS_QUEUEUP;
 		if (e->e_message == NULL)
 			e->e_message = newstr("alias database unavailable");
 		return;
@@ -94,40 +121,52 @@ alias(a, sendq, aliaslevel, e)
 	*/
 
 	if (tTd(27, 1))
-		printf("%s (%s, %s) aliased to %s\n",
-		    a->q_paddr, a->q_host, a->q_user, p);
+		dprintf("%s (%s, %s) aliased to %s\n",
+			a->q_paddr, a->q_host, a->q_user, p);
 	if (bitset(EF_VRFYONLY, e->e_flags))
 	{
-		a->q_flags |= QVERIFIED;
+		a->q_state = QS_VERIFIED;
 		return;
 	}
 	message("aliased to %s", shortenstring(p, MAXSHORTSTR));
-	if (LogLevel > 9)
+	if (LogLevel > 10)
 		sm_syslog(LOG_INFO, e->e_id,
 			"alias %.100s => %s",
 			a->q_paddr, shortenstring(p, MAXSHORTSTR));
 	a->q_flags &= ~QSELFREF;
 	if (tTd(27, 5))
 	{
-		printf("alias: QDONTSEND ");
+		dprintf("alias: QS_EXPANDED ");
 		printaddr(a, FALSE);
 	}
-	a->q_flags |= QDONTSEND;
+	a->q_state = QS_EXPANDED;
+
+	/*
+	**  Always deliver aliased items as the default user.
+	**  Setting q_gid to 0 forces deliver() to use DefUser
+	**  instead of the alias name for the call to initgroups().
+	*/
+
+	a->q_uid = DefUid;
+	a->q_gid = 0;
+	a->q_fullname = NULL;
+	a->q_flags |= QGOODUID|QALIAS;
+
 	(void) sendtolist(p, a, sendq, aliaslevel + 1, e);
-	if (bitset(QSELFREF, a->q_flags))
-		a->q_flags &= ~QDONTSEND;
+	if (bitset(QSELFREF, a->q_flags) && QS_IS_EXPANDED(a->q_state))
+		a->q_state = QS_OK;
 
 	/*
 	**  Look for owner of alias
 	*/
 
-	(void) strcpy(obuf, "owner-");
+	(void) strlcpy(obuf, "owner-", sizeof obuf);
 	if (strncmp(a->q_user, "owner-", 6) == 0 ||
 	    strlen(a->q_user) > (SIZE_T) sizeof obuf - 7)
-		(void) strcat(obuf, "owner");
+		(void) strlcat(obuf, "owner", sizeof obuf);
 	else
-		(void) strcat(obuf, a->q_user);
-	owner = aliaslookup(obuf, &stat, e);
+		(void) strlcat(obuf, a->q_user, sizeof obuf);
+	owner = aliaslookup(obuf, &status);
 	if (owner == NULL)
 		return;
 
@@ -149,7 +188,6 @@ alias(a, sendq, aliaslevel, e)
 **	Parameters:
 **		name -- the name to look up.
 **		pstat -- a pointer to a place to put the status.
-**		e -- the current envelope.
 **
 **	Returns:
 **		the value of name.
@@ -162,11 +200,10 @@ alias(a, sendq, aliaslevel, e)
 **		The return value will be trashed across calls.
 */
 
-char *
-aliaslookup(name, pstat, e)
+static char *
+aliaslookup(name, pstat)
 	char *name;
 	int *pstat;
-	ENVELOPE *e;
 {
 	static MAP *map = NULL;
 
@@ -178,8 +215,7 @@ aliaslookup(name, pstat, e)
 			return NULL;
 		map = &s->s_map;
 	}
-	if (!bitset(MF_OPEN, map->map_mflags))
-		return NULL;
+	DYNOPENMAP(map);
 
 	/* special case POstMastER -- always use lower case */
 	if (strcasecmp(name, "postmaster") == 0)
@@ -209,7 +245,7 @@ setalias(spec)
 	STAB *s;
 
 	if (tTd(27, 8))
-		printf("setalias(%s)\n", spec);
+		dprintf("setalias(%s)\n", spec);
 
 	for (p = spec; p != NULL; )
 	{
@@ -229,7 +265,8 @@ setalias(spec)
 		}
 		if (AliasFileMap == NULL)
 		{
-			strcpy(buf, "aliases.files sequence");
+			(void) strlcpy(buf, "aliases.files sequence",
+				       sizeof buf);
 			AliasFileMap = makemapentry(buf);
 			if (AliasFileMap == NULL)
 			{
@@ -240,11 +277,10 @@ setalias(spec)
 		(void) snprintf(buf, sizeof buf, "Alias%d", NAliasFileMaps);
 		s = stab(buf, ST_MAP, ST_ENTER);
 		map = &s->s_map;
-		bzero(map, sizeof *map);
+		memset(map, '\0', sizeof *map);
 		map->map_mname = s->s_name;
-
-		p = strpbrk(p, " ,/:");
-		if (p != NULL && *p == ':')
+		p = strpbrk(p,ALIAS_SPEC_SEPARATORS);
+		if (p != NULL && *p == SEPARATOR)
 		{
 			/* map name */
 			*p++ = '\0';
@@ -259,12 +295,32 @@ setalias(spec)
 
 		/* find end of spec */
 		if (p != NULL)
-			p = strchr(p, ',');
+		{
+			bool quoted = FALSE;
+
+			for (; *p != '\0'; p++)
+			{
+				/*
+				**  Don't break into a quoted string.
+				**  Needed for ldap maps which use
+				**  commas in their specifications.
+				*/
+
+				if (*p == '"')
+					quoted = !quoted;
+				else if (*p == ',' && !quoted)
+					break;
+			}
+
+			/* No more alias specifications follow */
+			if (*p == '\0')
+				p = NULL;
+		}
 		if (p != NULL)
 			*p++ = '\0';
 
 		if (tTd(27, 20))
-			printf("  map %s:%s %s\n", class, s->s_name, spec);
+			dprintf("  map %s:%s %s\n", class, s->s_name, spec);
 
 		/* look up class */
 		s = stab(class, ST_MAPCLASS, ST_FIND);
@@ -310,7 +366,7 @@ bool
 aliaswait(map, ext, isopen)
 	MAP *map;
 	char *ext;
-	int isopen;
+	bool isopen;
 {
 	bool attimeout = FALSE;
 	time_t mtime;
@@ -318,7 +374,7 @@ aliaswait(map, ext, isopen)
 	char buf[MAXNAME + 1];
 
 	if (tTd(27, 3))
-		printf("aliaswait(%s:%s)\n",
+		dprintf("aliaswait(%s:%s)\n",
 			map->map_class->map_cname, map->map_file);
 	if (bitset(MF_ALIASWAIT, map->map_mflags))
 		return isopen;
@@ -346,12 +402,12 @@ aliaswait(map, ext, isopen)
 			*/
 
 			if (tTd(27, 2))
-				printf("aliaswait: sleeping for %d seconds\n",
+				dprintf("aliaswait: sleeping for %u seconds\n",
 					sleeptime);
 
 			map->map_class->map_close(map);
 			map->map_mflags &= ~(MF_OPEN|MF_WRITABLE);
-			sleep(sleeptime);
+			(void) sleep(sleeptime);
 			sleeptime *= 2;
 			if (sleeptime > 60)
 				sleeptime = 60;
@@ -363,14 +419,14 @@ aliaswait(map, ext, isopen)
 	if (!bitset(MCF_REBUILDABLE, map->map_class->map_cflags))
 	{
 		if (tTd(27, 3))
-			printf("aliaswait: not rebuildable\n");
+			dprintf("aliaswait: not rebuildable\n");
 		map->map_mflags &= ~MF_ALIASWAIT;
 		return isopen;
 	}
 	if (stat(map->map_file, &stb) < 0)
 	{
 		if (tTd(27, 3))
-			printf("aliaswait: no source file\n");
+			dprintf("aliaswait: no source file\n");
 		map->map_mflags &= ~MF_ALIASWAIT;
 		return isopen;
 	}
@@ -379,8 +435,10 @@ aliaswait(map, ext, isopen)
 		map->map_file, ext == NULL ? "" : ext);
 	if (stat(buf, &stb) < 0 || stb.st_mtime < mtime || attimeout)
 	{
+#if !_FFR_REMOVE_AUTOREBUILD
 		/* database is out of date */
-		if (AutoRebuild && stb.st_ino != 0 &&
+		if (AutoRebuild &&
+		    stb.st_ino != 0 &&
 		    (stb.st_uid == geteuid() ||
 		     (geteuid() == 0 && stb.st_uid == TrustedUid)))
 		{
@@ -406,6 +464,13 @@ aliaswait(map, ext, isopen)
 					buf);
 			message("Warning: alias database %s out of date", buf);
 		}
+#else /* !_FFR_REMOVE_AUTOREBUILD */
+		if (LogLevel > 3)
+			sm_syslog(LOG_INFO, NOQID,
+				  "alias database %s out of date",
+				  buf);
+		message("Warning: alias database %s out of date", buf);
+#endif /* !_FFR_REMOVE_AUTOREBUILD */
 	}
 	map->map_mflags &= ~MF_ALIASWAIT;
 	return isopen;
@@ -433,20 +498,20 @@ rebuildaliases(map, automatic)
 	FILE *af;
 	bool nolock = FALSE;
 	bool success = FALSE;
-	int sff = SFF_OPENASROOT|SFF_REGONLY|SFF_NOLOCK;	
+	long sff = SFF_OPENASROOT|SFF_REGONLY|SFF_NOLOCK;
 	sigfunc_t oldsigint, oldsigquit;
 #ifdef SIGTSTP
 	sigfunc_t oldsigtstp;
-#endif
+#endif /* SIGTSTP */
 
 	if (!bitset(MCF_REBUILDABLE, map->map_class->map_cflags))
 		return FALSE;
 
-	if (!bitset(DBS_LINKEDALIASFILEINWRITABLEDIR, DontBlameSendmail))
+	if (!bitnset(DBS_LINKEDALIASFILEINWRITABLEDIR, DontBlameSendmail))
 		sff |= SFF_NOWLINK;
-	if (!bitset(DBS_GROUPWRITABLEALIASFILE, DontBlameSendmail))
+	if (!bitnset(DBS_GROUPWRITABLEALIASFILE, DontBlameSendmail))
 		sff |= SFF_NOGWFILES;
-	if (!bitset(DBS_WORLDWRITABLEALIASFILE, DontBlameSendmail))
+	if (!bitnset(DBS_WORLDWRITABLEALIASFILE, DontBlameSendmail))
 		sff |= SFF_NOWWFILES;
 
 	/* try to lock the source file */
@@ -460,7 +525,7 @@ rebuildaliases(map, automatic)
 			int saveerr = errno;
 
 			if (tTd(27, 1))
-				printf("Can't open %s: %s\n",
+				dprintf("Can't open %s: %s\n",
 					map->map_file, errstring(saveerr));
 			if (!automatic && !bitset(MF_OPTIONAL, map->map_mflags))
 				message("newaliases: cannot open %s: %s",
@@ -489,7 +554,7 @@ rebuildaliases(map, automatic)
 			(void) lockfile(fileno(af), map->map_file, NULL,
 					LOCK_EX);
 		}
-		(void) xfclose(af, "rebuildaliases1", map->map_file);
+		(void) fclose(af);
 		errno = 0;
 		return FALSE;
 	}
@@ -498,7 +563,7 @@ rebuildaliases(map, automatic)
 	oldsigquit = setsignal(SIGQUIT, SIG_IGN);
 #ifdef SIGTSTP
 	oldsigtstp = setsignal(SIGTSTP, SIG_IGN);
-#endif
+#endif /* SIGTSTP */
 
 	if (map->map_class->map_open(map, O_RDWR))
 	{
@@ -517,7 +582,7 @@ rebuildaliases(map, automatic)
 	else
 	{
 		if (tTd(27, 1))
-			printf("Can't create database for %s: %s\n",
+			dprintf("Can't create database for %s: %s\n",
 				map->map_file, errstring(errno));
 		if (!automatic)
 			syserr("Cannot create database for alias file %s",
@@ -525,7 +590,7 @@ rebuildaliases(map, automatic)
 	}
 
 	/* close the file, thus releasing locks */
-	xfclose(af, "rebuildaliases2", map->map_file);
+	(void) fclose(af);
 
 	/* add distinguished entries and close the database */
 	if (bitset(MF_OPEN, map->map_mflags))
@@ -537,9 +602,9 @@ rebuildaliases(map, automatic)
 	/* restore the old signals */
 	(void) setsignal(SIGINT, oldsigint);
 	(void) setsignal(SIGQUIT, oldsigquit);
-#ifdef SIGTSTP
+# ifdef SIGTSTP
 	(void) setsignal(SIGTSTP, oldsigtstp);
-#endif
+# endif /* SIGTSTP */
 	return success;
 }
 /*
@@ -551,7 +616,7 @@ rebuildaliases(map, automatic)
 **	Parameters:
 **		map -- the alias database descriptor.
 **		af -- file to read the aliases from.
-**		announcestats -- anounce statistics regarding number of
+**		announcestats -- announce statistics regarding number of
 **			aliases, longest alias, etc.
 **		logstats -- lot the same info.
 **
@@ -585,14 +650,13 @@ readaliases(map, af, announcestats, logstats)
 	LineNumber = 0;
 	naliases = bytes = longest = 0;
 	skipping = FALSE;
-	while (fgets(line, sizeof (line), af) != NULL)
+	while (fgets(line, sizeof line, af) != NULL)
 	{
 		int lhssize, rhssize;
 		int c;
 
 		LineNumber++;
 		p = strchr(line, '\n');
-#if _FFR_BACKSLASH_IN_ALIASES
 		while (p != NULL && p > line && p[-1] == '\\')
 		{
 			p--;
@@ -601,12 +665,12 @@ readaliases(map, af, announcestats, logstats)
 			LineNumber++;
 			p = strchr(p, '\n');
 		}
-#endif
 		if (p != NULL)
 			*p = '\0';
 		else if (!feof(af))
 		{
-			syserr("554 alias line too long");
+			errno = 0;
+			syserr("554 5.3.0 alias line too long");
 
 			/* flush to end of line */
 			while ((c = getc(af)) != EOF && c != '\n')
@@ -626,7 +690,7 @@ readaliases(map, af, announcestats, logstats)
 		  case ' ':
 		  case '\t':
 			if (!skipping)
-				syserr("554 Non-continuation line starts with space");
+				syserr("554 5.3.5 Non-continuation line starts with space");
 			skipping = TRUE;
 			continue;
 		}
@@ -645,12 +709,12 @@ readaliases(map, af, announcestats, logstats)
 			continue;
 		if (*p++ != ':')
 		{
-			syserr("554 missing colon");
+			syserr("554 5.3.5 missing colon");
 			continue;
 		}
 		if (parseaddr(line, &al, RF_COPYALL, ':', NULL, CurEnv) == NULL)
 		{
-			syserr("554 %.40s... illegal alias name", line);
+			syserr("554 5.3.5 %.40s... illegal alias name", line);
 			continue;
 		}
 
@@ -685,7 +749,7 @@ readaliases(map, af, announcestats, logstats)
 						break;
 					if (parseaddr(p, &bl, RF_COPYNONE, ',',
 						      &delimptr, CurEnv) == NULL)
-						usrerr("553 %s... bad address", p);
+						usrerr("553 5.3.5 %s... bad address", p);
 					p = delimptr;
 				}
 			}
@@ -709,7 +773,7 @@ readaliases(map, af, announcestats, logstats)
 			/* check for line overflow */
 			if (strchr(p, '\n') == NULL && !feof(af))
 			{
-				usrerr("554 alias too long");
+				usrerr("554 5.3.5 alias too long");
 				while ((c = fgetc(af)) != EOF && c != '\n')
 					continue;
 				skipping = TRUE;
@@ -722,7 +786,7 @@ readaliases(map, af, announcestats, logstats)
 
 		if (!bitnset(M_ALIASABLE, al.q_mailer->m_flags))
 		{
-			syserr("554 %s... cannot alias non-local names",
+			syserr("554 5.3.5 %s... cannot alias non-local names",
 				al.q_paddr);
 			continue;
 		}
@@ -738,7 +802,29 @@ readaliases(map, af, announcestats, logstats)
 
 		lhssize = strlen(al.q_user);
 		rhssize = strlen(rhs);
-		map->map_class->map_store(map, al.q_user, rhs);
+		if (rhssize > 0)
+		{
+			/* is RHS empty (just spaces)? */
+			p = rhs;
+			while (isascii(*p) && isspace(*p))
+				p++;
+		}
+		if (rhssize == 0 || *p == '\0')
+		{
+			syserr("554 5.3.5 %.40s... missing value for alias",
+			       line);
+
+		}
+		else
+		{
+			map->map_class->map_store(map, al.q_user, rhs);
+
+			/* statistics */
+			naliases++;
+			bytes += lhssize + rhssize;
+			if (rhssize > longest)
+				longest = rhssize;
+		}
 
 		if (al.q_paddr != NULL)
 			free(al.q_paddr);
@@ -746,12 +832,6 @@ readaliases(map, af, announcestats, logstats)
 			free(al.q_host);
 		if (al.q_user != NULL)
 			free(al.q_user);
-
-		/* statistics */
-		naliases++;
-		bytes += lhssize + rhssize;
-		if (rhssize > longest)
-			longest = rhssize;
 	}
 
 	CurEnv->e_to = NULL;
@@ -798,14 +878,14 @@ forward(user, sendq, aliaslevel, e)
 	bool got_transient;
 
 	if (tTd(27, 1))
-		printf("forward(%s)\n", user->q_paddr);
+		dprintf("forward(%s)\n", user->q_paddr);
 
 	if (!bitnset(M_HASPWENT, user->q_mailer->m_flags) ||
-	    bitset(QBADADDR, user->q_flags))
+	    !QS_IS_OK(user->q_state))
 		return;
 	if (user->q_home == NULL)
 	{
-		syserr("554 forward: no home");
+		syserr("554 5.3.0 forward: no home");
 		user->q_home = "/no/such/directory";
 	}
 
@@ -820,18 +900,19 @@ forward(user, sendq, aliaslevel, e)
 	for (pp = ForwardPath; pp != NULL; pp = ep)
 	{
 		int err;
-		char buf[MAXPATHLEN+1];
+		char buf[MAXPATHLEN + 1];
+		struct stat st;
 
-		ep = strchr(pp, ':');
+		ep = strchr(pp, SEPARATOR);
 		if (ep != NULL)
 			*ep = '\0';
 		expand(pp, buf, sizeof buf, e);
 		if (ep != NULL)
-			*ep++ = ':';
+			*ep++ = SEPARATOR;
 		if (buf[0] == '\0')
 			continue;
 		if (tTd(27, 3))
-			printf("forward: trying %s\n", buf);
+			dprintf("forward: trying %s\n", buf);
 
 		err = include(buf, TRUE, user, sendq, aliaslevel, e);
 		if (err == 0)
@@ -841,11 +922,19 @@ forward(user, sendq, aliaslevel, e)
 			/* we may have to suspend this message */
 			got_transient = TRUE;
 			if (tTd(27, 2))
-				printf("forward: transient error on %s\n", buf);
+				dprintf("forward: transient error on %s\n",
+					buf);
 			if (LogLevel > 2)
+			{
+				char *curhost = CurHostName;
+
+				CurHostName = NULL;
 				sm_syslog(LOG_ERR, e->e_id,
-					"forward %s: transient error: %s",
-					buf, errstring(err));
+					  "forward %s: transient error: %s",
+					  buf, errstring(err));
+				CurHostName = curhost;
+			}
+
 		}
 		else
 		{
@@ -854,18 +943,27 @@ forward(user, sendq, aliaslevel, e)
 			  case ENOENT:
 				break;
 
+			  case E_SM_WWDIR:
+			  case E_SM_GWDIR:
+				/* check if it even exists */
+				if (stat(buf, &st) < 0 && errno == ENOENT)
+				{
+					if (bitnset(DBS_DONTWARNFORWARDFILEINUNSAFEDIRPATH,
+						    DontBlameSendmail))
+						break;
+				}
+				/* FALLTHROUGH */
+
 #if _FFR_FORWARD_SYSERR
 			  case E_SM_NOSLINK:
 			  case E_SM_NOHLINK:
 			  case E_SM_REGONLY:
 			  case E_SM_ISEXEC:
-			  case E_SM_WWDIR:
-			  case E_SM_GWDIR:
 			  case E_SM_WWFILE:
 			  case E_SM_GWFILE:
 				syserr("forward: %s: %s", buf, errstring(err));
 				break;
-#endif
+#endif /* _FFR_FORWARD_SYSERR */
 
 			  default:
 				if (LogLevel > (RunAsUid == 0 ? 2 : 10))
@@ -889,7 +987,7 @@ forward(user, sendq, aliaslevel, e)
 		*/
 
 		message("transient .forward open error: message queued");
-		user->q_flags |= QQUEUEUP;
+		user->q_state = QS_QUEUEUP;
 		return;
 	}
 }
diff --git a/contrib/sendmail/src/aliases b/contrib/sendmail/src/aliases
index 7540eea..85e62a9 100644
--- a/contrib/sendmail/src/aliases
+++ b/contrib/sendmail/src/aliases
@@ -1,4 +1,5 @@
 #
+#	$Id: aliases,v 8.1 1999/02/06 18:44:07 gshapiro Exp $
 #	@(#)aliases	8.2 (Berkeley) 3/5/94
 #
 #  Aliases in this file will NOT be expanded in the header from
diff --git a/contrib/sendmail/src/aliases.5 b/contrib/sendmail/src/aliases.5
index bf45838..4782c34 100644
--- a/contrib/sendmail/src/aliases.5
+++ b/contrib/sendmail/src/aliases.5
@@ -1,4 +1,5 @@
-.\" Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+.\" Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+.\"	 All rights reserved.
 .\" Copyright (c) 1983, 1997 Eric P. Allman.  All rights reserved.
 .\" Copyright (c) 1985, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -8,78 +9,112 @@
 .\" the sendmail distribution.
 .\"
 .\"
-.\"     @(#)aliases.5	8.8 (Berkeley) 5/19/1998
+.\"     $Id: aliases.5,v 8.15.4.1 2000/07/18 07:23:02 gshapiro Exp $
 .\"
-.Dd May 19, 1998
-.Dt ALIASES 5
-.Os BSD 4
-.Sh NAME
-.Nm aliases
-.Nd aliases file for sendmail
-.Sh SYNOPSIS
-.Nm aliases
-.Sh DESCRIPTION
-This file describes user
-.Tn ID
-aliases used by
-.Pa /usr/sbin/sendmail .
-The file resides in
-.Pa /etc
-and
+.TH ALIASES 5 "$Date: 2000/07/18 07:23:02 $"
+.SH NAME
+.B aliases
+\- aliases file for sendmail
+.SH SYNOPSIS
+.B aliases
+.SH DESCRIPTION
+This file describes user 
+ID 
+aliases used by 
+sendmail.
+The file resides in 
+/etc/mail 
+and 
 is formatted as a series of lines of the form
-.Bd -filled -offset indent
-name: name_1, name2, name_3, . . .
-.Ed
-.Pp
+.IP
+name: addr_1, addr_2, addr_3, . . .
+.PP
 The
-.Em name
+.I name
 is the name to alias, and the
-.Em name_n
-are the aliases for that name.
-Lines beginning with white space are continuation lines.
-Lines beginning with
-.Ql #
+.I addr_n
+are the aliases for that name.  
+.I addr_n
+can be another alias, a local username, a local filename,
+a command,
+an include file,
+or an external address.
+.TP
+.B Local Username
+username
+.IP
+The username must be available via getpwnam(3).
+.TP
+.B Local Filename
+/path/name
+.IP
+Messages are appended to the file specified by the full pathname
+(starting with a slash (/))
+.TP
+.B Command
+|command
+.IP
+A command starts with a pipe symbol (|),
+it receives messages via standard input.
+.TP
+.B Include File
+:include: /path/name
+.IP
+The aliases in pathname are added to the aliases for
+.I name.
+.TP
+.B E-Mail Address
+user@domain
+.IP
+An e-mail address in RFC 822 format.
+.PP
+Lines beginning with white space are continuation lines.  
+Another way to continue lines is by placing a backslash 
+directly before a newline.  
+Lines beginning with 
+# 
 are comments.
-.Pp
-Aliasing occurs only on local names.
+.PP
+Aliasing occurs only on local names.  
 Loops can not occur, since no message will be sent to any person more than once.
-.Pp
-After aliasing has been done, local and valid recipients who have a
-.Dq Pa .forward
-file in their home directory have messages forwarded to the
+.PP
+After aliasing has been done, local and valid recipients who have a 
+``.forward'' 
+file in their home directory have messages forwarded to the 
 list of users defined in that file.
-.Pp
+.PP
 This is only the raw data file; the actual aliasing information is
-placed into a binary format in the file
-.Pa /etc/aliases.db
-using the program
-.Xr newaliases 1 .
-A
-.Xr newaliases
-command should be executed each time the aliases file is changed for the
+placed into a binary format in the file 
+/etc/mail/aliases.db
+using the program 
+newaliases(1).  
+A 
+newaliases
+command should be executed each time the aliases file is changed for the 
 change to take effect.
-.Sh SEE  ALSO
-.Xr newaliases 1 ,
-.Xr dbopen 3 ,
-.Xr dbm 3 ,
-.Xr sendmail 8
-.Rs
-.%T "SENDMAIL Installation and Operation Guide"
-.Re
-.Rs
-.%T "SENDMAIL An Internetwork Mail Router"
-.Re
-.Sh BUGS
-If you have compiled
-.Xr sendmail
+.SH SEE  ALSO
+newaliases(1), 
+dbm(3), 
+dbopen(3), 
+db_open(3), 
+sendmail(8)
+.PP
+.I
+SENDMAIL Installation and Operation Guide.
+.PP
+.I 
+SENDMAIL An Internetwork Mail Router.
+.SH BUGS
+If you have compiled 
+sendmail 
 with DBM support instead of NEWDB,
-you may have encountered problems in
-.Xr dbm 3
-restricting a single alias to about 1000 bytes of information.
-You can get longer aliases by ``chaining''; that is, make the last name in
+you may have encountered problems in 
+dbm(3) 
+restricting a single alias to about 1000 bytes of information.  
+You can get longer aliases by ``chaining''; that is, make the last name in 
 the alias be a dummy name which is a continuation alias.
-.Sh HISTORY
+.SH HISTORY
 The
-.Nm
-file format appeared in
-.Bx 4.0 .
+.B aliases
+file format appeared in 
+4.0BSD.
diff --git a/contrib/sendmail/src/arpadate.c b/contrib/sendmail/src/arpadate.c
index c02decd..c265cdb 100644
--- a/contrib/sendmail/src/arpadate.c
+++ b/contrib/sendmail/src/arpadate.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,10 +12,10 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)arpadate.c	8.14 (Berkeley) 2/2/1999";
-#endif /* not lint */
+static char id[] = "@(#)$Id: arpadate.c,v 8.23 1999/09/23 19:59:18 ca Exp $";
+#endif /* ! lint */
 
-# include "sendmail.h"
+#include <sendmail.h>
 
 /*
 **  ARPADATE -- Create date in ARPANET format
@@ -34,7 +35,7 @@ static char sccsid[] = "@(#)arpadate.c	8.14 (Berkeley) 2/2/1999";
 **
 **	Bugs:
 **		Timezone is computed from local time, rather than
-**		from whereever (and whenever) the message was sent.
+**		from wherever (and whenever) the message was sent.
 **		To do better is very hard.
 **
 **		Some sites are now inserting the timezone into the
@@ -44,7 +45,7 @@ static char sccsid[] = "@(#)arpadate.c	8.14 (Berkeley) 2/2/1999";
 
 #ifndef TZNAME_MAX
 # define TZNAME_MAX	50	/* max size of timezone */
-#endif
+#endif /* ! TZNAME_MAX */
 
 /* values for TZ_TYPE */
 #define TZ_NONE		0	/* no character timezone support */
@@ -148,10 +149,10 @@ arpadate(ud)
 		tz = NULL;
 #if TZ_TYPE == TZ_TM_NAME
 		tz = lt->tm_name;
-#endif
+#endif /* TZ_TYPE == TZ_TM_NAME */
 #if TZ_TYPE == TZ_TM_ZONE
 		tz = lt->tm_zone;
-#endif
+#endif /* TZ_TYPE == TZ_TM_ZONE */
 #if TZ_TYPE == TZ_TZNAME
 		{
 			extern char *tzname[];
@@ -163,14 +164,14 @@ arpadate(ud)
 			else
 				tz = NULL;
 		}
-#endif
+#endif /* TZ_TYPE == TZ_TZNAME */
 #if TZ_TYPE == TZ_TIMEZONE
 		{
 			extern char *timezone();
 
 			tz = timezone(off, lt->tm_isdst);
 		}
-#endif
+#endif /* TZ_TYPE == TZ_TIMEZONE */
 		if (off < 0)
 		{
 			off = -off;
@@ -198,5 +199,5 @@ arpadate(ud)
 	}
 	*q = '\0';
 
-	return (b);
+	return b;
 }
diff --git a/contrib/sendmail/src/bf.h b/contrib/sendmail/src/bf.h
new file mode 100644
index 0000000..d7d6303
--- /dev/null
+++ b/contrib/sendmail/src/bf.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ *	$Id: bf.h,v 8.5 1999/11/04 19:31:25 ca Exp $
+ *
+ * Contributed by Exactis.com, Inc.
+ *
+ */
+
+#ifndef BF_H
+#define BF_H 1
+
+extern FILE	*bfopen __P((char *, int, size_t, long));
+extern FILE	*bfdup __P((FILE *));
+extern int	bfcommit __P((FILE *));
+extern int	bfrewind __P((FILE *));
+extern int	bftruncate __P((FILE *));
+extern int	bfclose __P((FILE *));
+extern bool	bftest __P((FILE *));
+
+#endif /* BF_H */
diff --git a/contrib/sendmail/src/bf_portable.c b/contrib/sendmail/src/bf_portable.c
new file mode 100644
index 0000000..4de0af3
--- /dev/null
+++ b/contrib/sendmail/src/bf_portable.c
@@ -0,0 +1,482 @@
+/*
+ * Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ * Contributed by Exactis.com, Inc.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: bf_portable.c,v 8.25.4.3 2000/06/29 21:21:58 gshapiro Exp $";
+#endif /* ! lint */
+
+#if SFIO
+# include <sfio/stdio.h>
+#endif /* SFIO */
+
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/uio.h>
+#include <errno.h>
+#if !SFIO
+# include <stdio.h>
+#endif /* !SFIO */
+#ifndef BF_STANDALONE
+# include "sendmail.h"
+#endif /* ! BF_STANDALONE */
+#include "bf_portable.h"
+#include "bf.h"
+
+/*
+**  BFOPEN -- create a new buffered file
+**
+**	Parameters:
+**		filename -- the file's name
+**		fmode -- what mode the file should be created as
+**		bsize -- amount of buffer space to allocate (may be 0)
+**		flags -- if running under sendmail, passed directly to safeopen
+**
+**	Returns:
+**		a FILE * which may then be used with stdio functions, or NULL
+**		on failure. FILE * is opened for writing (mode "w+").
+**
+**	Side Effects:
+**		none.
+**
+**	Sets errno:
+**		ENOMEM -- out of memory
+**		ENOENT -- illegal empty filename specified
+**		any value of errno specified by open()
+**		any value of errno specified by fdopen()
+**		any value of errno specified by funopen()
+*/
+
+#ifdef BF_STANDALONE
+# define OPEN(fn, omode, cmode, sff) open(fn, omode, cmode)
+#else /* BF_STANDALONE */
+# define OPEN(fn, omode, cmode, sff) safeopen(fn, omode, cmode, sff)
+#endif /* BF_STANDALONE */
+
+/* List of currently-open buffered files */
+struct bf *bflist = NULL;
+
+FILE *
+bfopen(filename, fmode, bsize, flags)
+	char *filename;
+	int fmode;
+	size_t bsize;
+	long flags;
+{
+	struct bf *bfp;
+	FILE *retval;
+	int fd, l;
+
+	fd = OPEN(filename, O_RDWR | O_CREAT | O_TRUNC, fmode, flags);
+	if (fd == -1)
+	{
+		/* errno is set implicitly by open */
+		return NULL;
+	}
+
+	retval = fdopen(fd, "w+");
+
+	/* If failure, return immediately */
+	if (retval == NULL)
+	{
+		/* errno is set implicitly by fdopen */
+		return NULL;
+	}
+
+	/* Allocate memory */
+	bfp = (struct bf *)malloc(sizeof(struct bf));
+	if (bfp == NULL)
+	{
+		(void) fclose(retval);
+
+		/* don't care about errors */
+		(void) unlink(filename);
+		errno = ENOMEM;
+		return NULL;
+	}
+	if (tTd(58, 8))
+		dprintf("bfopen(%s): malloced %ld\n",
+			filename, (long) sizeof(struct bf));
+
+	l = strlen(filename) + 1;
+	bfp->bf_filename = (char *)malloc(l);
+	if (bfp->bf_filename == NULL)
+	{
+		free(bfp);
+		(void) fclose(retval);
+
+		/* don't care about errors */
+		(void) unlink(filename);
+		errno = ENOMEM;
+		return NULL;
+	}
+	(void) strlcpy(bfp->bf_filename, filename, l);
+
+	/* Fill in the other fields, then add it to the list */
+	bfp->bf_key = retval;
+	bfp->bf_committed = FALSE;
+	bfp->bf_refcount = 1;
+
+	bfinsert(bfp);
+
+	/* Whew. Nothing bad happened. We're okay. */
+	return retval;
+}
+/*
+**  BFDUP -- increase refcount on buffered file
+**
+**	Parameters:
+**		fp -- FILE * to "duplicate"
+**
+**	Returns:
+**		fp with increased refcount
+*/
+
+FILE *
+bfdup(fp)
+	FILE *fp;
+{
+	struct bf *bfp;
+
+	/* Get associated bf structure */
+	bfp = bflookup(fp);
+
+	if (bfp == NULL)
+		return NULL;
+
+	/* Increase the refcount */
+	bfp->bf_refcount++;
+
+	return fp;
+}
+
+/*
+**  BFCOMMIT -- "commits" the buffered file
+**
+**	Parameters:
+**		fp -- FILE * to commit to disk
+**
+**	Returns:
+**		0 on success, -1 on error
+**
+**	Side Effects:
+**		Forces the given FILE * to be written to disk if it is not
+**		already, and ensures that it will be kept after closing. If
+**		fp is not a buffered file, this is a no-op.
+**
+**	Sets errno:
+**		any value of errno specified by open()
+**		any value of errno specified by write()
+**		any value of errno specified by lseek()
+*/
+
+int
+bfcommit(fp)
+	FILE *fp;
+{
+	struct bf *bfp;
+
+	/* Get associated bf structure */
+	bfp = bflookup(fp);
+
+	/* If called on a normal FILE *, noop */
+	if (bfp != NULL)
+		bfp->bf_committed = TRUE;
+
+	return 0;
+}
+
+/*
+**  BFREWIND -- rewinds the FILE *
+**
+**	Parameters:
+**		fp -- FILE * to rewind
+**
+**	Returns:
+**		0 on success, -1 on error
+**
+**	Side Effects:
+**		rewinds the FILE * and puts it into read mode. Normally one
+**		would bfopen() a file, write to it, then bfrewind() and
+**		fread(). If fp is not a buffered file, this is equivalent to
+**		rewind().
+**
+**	Sets errno:
+**		any value of errno specified by fseek()
+*/
+
+int
+bfrewind(fp)
+	FILE *fp;
+{
+	int err;
+
+	/* check to see if there is an error on the stream */
+	err = ferror(fp);
+
+	(void) fflush(fp);
+
+	/*
+	**  Clear error if tried to fflush()
+	**  a read-only file pointer and
+	**  there wasn't a previous error.
+	*/
+
+	if (err == 0)
+		clearerr(fp);
+
+	/* errno is set implicitly by fseek() before return */
+	return fseek(fp, 0, SEEK_SET);
+}
+
+/*
+**  BFTRUNCATE -- rewinds and truncates the FILE *
+**
+**	Parameters:
+**		fp -- FILE * to truncate
+**
+**	Returns:
+**		0 on success, -1 on error
+**
+**	Side Effects:
+**		rewinds the FILE *, truncates it to zero length, and puts it
+**		into write mode. If fp is not a buffered file, this is
+**		equivalent to a rewind() and then an ftruncate(fileno(fp), 0).
+**
+**	Sets errno:
+**		any value of errno specified by fseek()
+**		any value of errno specified by ftruncate()
+*/
+
+int
+bftruncate(fp)
+	FILE *fp;
+{
+	int ret;
+
+	if (bfrewind(fp) == -1)
+	{
+		/* errno is set implicitly by bfrewind() */
+		return -1;
+	}
+
+#if NOFTRUNCATE
+	/* XXX */
+	errno = EINVAL;
+	ret = -1;
+#else /* NOFTRUNCATE */
+	/* errno is set implicitly by ftruncate() before return */
+	ret = ftruncate(fileno(fp), 0);
+#endif /* NOFTRUNCATE */
+	return ret;
+}
+
+/*
+**  BFCLOSE -- close a buffered file
+**
+**	Parameters:
+**		fp -- FILE * to close
+**
+**	Returns:
+**		0 on success, EOF on failure
+**
+**	Side Effects:
+**		Closes fp. If fp is a buffered file, unlink it if it has not
+**		already been committed. If fp is not a buffered file, this is
+**		equivalent to fclose().
+**
+**	Sets errno:
+**		any value of errno specified by fclose()
+*/
+
+int
+bfclose(fp)
+	FILE *fp;
+{
+	int retval;
+	struct bf *bfp = NULL;
+
+	/* Get associated bf structure */
+	bfp = bflookup(fp);
+
+	/* Decrement and check refcount */
+	if (bfp != NULL && --bfp->bf_refcount > 0)
+		return 0;
+
+	/* If bf, get bf structure and remove from list */
+	if (bfp != NULL)
+		bfp = bfdelete(fp);
+
+	if (fclose(fp) == EOF)
+	{
+		if (tTd(58, 8))
+			dprintf("bfclose: fclose failed\n");
+		/* errno is set implicitly by fclose() */
+		return -1;
+	}
+
+	if (bfp == NULL)
+		return 0;
+
+	/* Success unless we determine otherwise in next block */
+	retval = 0;
+
+	if (bfp != NULL)
+	{
+		/* Might have to unlink; certainly will have to deallocate */
+		if (!bfp->bf_committed)
+			retval = unlink(bfp->bf_filename);
+
+		free(bfp->bf_filename);
+		free(bfp);
+		if (tTd(58, 8))
+			dprintf("bfclose: freed %ld\n",
+				(long) sizeof(struct bf));
+	}
+	else
+	{
+		if (tTd(58, 8))
+			dprintf("bfclose: bfp was NULL\n");
+	}
+
+	return retval;
+}
+
+/*
+**  BFTEST -- test if a FILE * is a buffered file
+**
+**	Parameters:
+**		fp -- FILE * to test
+**
+**	Returns:
+**		TRUE if fp is a buffered file, FALSE otherwise.
+**
+**	Side Effects:
+**		none.
+**
+**	Sets errno:
+**		never.
+*/
+
+bool
+bftest(fp)
+	FILE *fp;
+{
+	return (bflookup(fp) != NULL);
+}
+
+/*
+**  BFINSERT -- insert item in linking list
+**
+**	Parameters:
+**		datum -- item to insert
+**
+**	Returns:
+**		none.
+**
+**	Side Effects:
+**		none.
+**
+**	Sets errno:
+**		never.
+*/
+
+void
+bfinsert(datum)
+	struct bf *datum;
+{
+	datum->bf_cdr = bflist;
+	bflist = datum;
+}
+
+/*
+**  BFLOOKUP -- lookup FILE * in list
+**
+**	Parameters:
+**		fp -- FILE * to lookup
+**
+**	Returns:
+**		bf struct for the FILE *, NULL if not found
+**
+**	Side Effects:
+**		none.
+**
+**	Sets errno:
+**		never.
+*/
+
+struct bf *
+bflookup(key)
+	FILE *key;
+{
+	struct bf *t;
+
+	for (t = bflist; t != NULL; t = t->bf_cdr)
+	{
+		if (t->bf_key == key)
+		{
+			return t;
+		}
+	}
+
+	/* If we got this far, we didn't find it */
+	return NULL;
+}
+
+/*
+**  BFDELETE -- delete a FILE * in list
+**
+**	Parameters:
+**		fp -- FILE * to delete
+**
+**	Returns:
+**		bf struct for deleted FILE *, NULL if not found,
+**
+**	Side Effects:
+**		none.
+**
+**	Sets errno:
+**		never.
+*/
+
+struct bf *
+bfdelete(key)
+	FILE *key;
+{
+	struct bf *t, *u;
+
+	if (bflist == NULL)
+		return NULL;
+
+	/* if first element, special case */
+	if (bflist->bf_key == key)
+	{
+		u = bflist;
+		bflist = bflist->bf_cdr;
+		return u;
+	}
+
+	for (t = bflist; t->bf_cdr != NULL; t = t->bf_cdr)
+	{
+		if (t->bf_cdr->bf_key == key)
+		{
+			u = t->bf_cdr;
+			t->bf_cdr = u->bf_cdr;
+			return u;
+		}
+	}
+
+	/* If we got this far, we didn't find it */
+	return NULL;
+}
diff --git a/contrib/sendmail/src/bf_portable.h b/contrib/sendmail/src/bf_portable.h
new file mode 100644
index 0000000..e319a74
--- /dev/null
+++ b/contrib/sendmail/src/bf_portable.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ *	$Id: bf_portable.h,v 8.6 1999/11/04 19:31:25 ca Exp $
+ *
+ * Contributed by Exactis.com, Inc.
+ *
+ */
+
+#ifndef BF_PORTABLE_H
+#define BF_PORTABLE_H 1
+/*
+**  This implementation will behave differently from the Torek-based code in
+**  the following major ways:
+**   - The buffer size argument to bfopen() will be sent in, sent back,
+**     queried, lost, found, subjected to public inquiry, lost again, and
+**     finally buried in soft peat and recycled as firelighters.
+**   - Errors in creating the file (but not necessarily writing to it) will
+**     always be detected and reported synchronously with the bfopen()
+*/
+
+/* Linked structure for storing information about each buffered file */
+struct bf
+{
+	FILE		*bf_key;	/* Unused except as a key for lookup */
+	bool		bf_committed;	/* buffered file is on disk */
+	char		*bf_filename;	/* Name of disk file */
+	int		bf_refcount;	/* Reference count */
+	struct bf	*bf_cdr;
+};
+
+/*
+**  Access routines for looking up bf structures
+**
+**	maybe replace with a faster data structure later
+*/
+
+extern void		bfinsert __P((struct bf *));
+extern struct bf	*bflookup __P((FILE *));
+extern struct bf	*bfdelete __P((FILE *));
+#endif /* BF_PORTABLE_H */
diff --git a/contrib/sendmail/src/bf_torek.c b/contrib/sendmail/src/bf_torek.c
new file mode 100644
index 0000000..fb05368
--- /dev/null
+++ b/contrib/sendmail/src/bf_torek.c
@@ -0,0 +1,784 @@
+/*
+ * Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ * Contributed by Exactis.com, Inc.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: bf_torek.c,v 8.19.18.1 2000/07/18 16:52:26 gshapiro Exp $";
+#endif /* ! lint */
+
+#if SFIO
+   ERROR README: Can not use bf_torek.c with SFIO.
+#endif /* SFIO */
+
+#include <sys/types.h>
+#include <sys/uio.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <stdio.h>
+#ifndef BF_STANDALONE
+# include "sendmail.h"
+#endif /* ! BF_STANDALONE */
+#include "bf_torek.h"
+#include "bf.h"
+
+/*
+**  BFOPEN -- create a new buffered file
+**
+**	Parameters:
+**		filename -- the file's name
+**		fmode -- what mode the file should be created as
+**		bsize -- amount of buffer space to allocate (may be 0)
+**		flags -- if running under sendmail, passed directly to safeopen
+**
+**	Returns:
+**		a FILE * which may then be used with stdio functions, or NULL
+**		on failure. FILE * is opened for writing (mode "w+").
+**
+**	Side Effects:
+**		none.
+**
+**	Sets errno:
+**		ENOMEM -- out of memory
+**		ENOENT -- illegal empty filename specified
+**		any value of errno specified by open()
+**		any value of errno specified by fdopen()
+**		any value of errno specified by funopen()
+*/
+
+#ifdef BF_STANDALONE
+# define OPEN(fn, omode, cmode, sff) open(fn, omode, cmode)
+#else /* BF_STANDALONE */
+# define OPEN(fn, omode, cmode, sff) safeopen(fn, omode, cmode, sff)
+#endif /* BF_STANDALONE */
+
+FILE *
+bfopen(filename, fmode, bsize, flags)
+	char *filename;
+	int fmode;
+	size_t bsize;
+	long flags;
+{
+	struct bf *bfp;
+	FILE *retval;
+	int save_errno, l;
+	struct stat st;
+
+	/* Sanity checks */
+	/* Empty filename string */
+	if (*filename == '\0')
+	{
+		errno = ENOENT;
+		return NULL;
+	}
+
+	if (stat(filename, &st) == 0)
+	{
+		/* file already exists on disk */
+		errno = EEXIST;
+		return NULL;
+	}
+
+	/* Allocate memory */
+	bfp = (struct bf *)malloc(sizeof(struct bf));
+	if (bfp == NULL)
+	{
+		errno = ENOMEM;
+		return NULL;
+	}
+
+	/* A zero bsize is valid, just don't allocate memory */
+	if (bsize > 0)
+	{
+		bfp->bf_buf = (char *)malloc(bsize);
+		if (bfp->bf_buf == NULL)
+		{
+			free(bfp);
+			errno = ENOMEM;
+			return NULL;
+		}
+	}
+	else
+		bfp->bf_buf = NULL;
+
+	/* Nearly home free, just set all the parameters now */
+	bfp->bf_committed = FALSE;
+	bfp->bf_ondisk = FALSE;
+	bfp->bf_refcount = 1;
+	bfp->bf_flags = flags;
+	bfp->bf_bufsize = bsize;
+	bfp->bf_buffilled = 0;
+	l = strlen(filename) + 1;
+	bfp->bf_filename = (char *)malloc(l);
+	if (bfp->bf_filename == NULL)
+	{
+		free(bfp);
+		if (bfp->bf_buf != NULL)
+			free(bfp->bf_buf);
+		errno = ENOMEM;
+		return NULL;
+	}
+	(void) strlcpy(bfp->bf_filename, filename, l);
+	bfp->bf_filemode = fmode;
+	bfp->bf_offset = 0;
+	bfp->bf_size = 0;
+
+	if (tTd(58, 8))
+		dprintf("bfopen(%s, %d)\n", filename, bsize);
+
+	/* The big test: will funopen accept it? */
+	retval = funopen((void *)bfp, _bfread, _bfwrite, _bfseek, _bfclose);
+	if (retval == NULL)
+	{
+		/* Just in case free() sets errno */
+		save_errno = errno;
+		free(bfp);
+		free(bfp->bf_filename);
+		if (bfp->bf_buf != NULL)
+			free(bfp->bf_buf);
+		errno = save_errno;
+		return NULL;
+	}
+	else
+	{
+		/* Success */
+		return retval;
+	}
+}
+/*
+**  BFDUP -- increase refcount on buffered file
+**
+**	Parameters:
+**		fp -- FILE * to "duplicate"
+**
+**	Returns:
+**		If file is memory buffered, fp with increased refcount
+**		If file is on disk, NULL (need to use link())
+*/
+
+FILE *
+bfdup(fp)
+	FILE *fp;
+{
+	struct bf *bfp;
+
+	/* If called on a normal FILE *, noop */
+	if (!bftest(fp))
+		return NULL;
+
+	/* Get associated bf structure */
+	bfp = (struct bf *)fp->_cookie;
+
+	/* Increase ref count */
+	bfp->bf_refcount++;
+
+	return fp;
+}
+
+/*
+**  BFCOMMIT -- "commits" the buffered file
+**
+**	Parameters:
+**		fp -- FILE * to commit to disk
+**
+**	Returns:
+**		0 on success, -1 on error
+**
+**	Side Effects:
+**		Forces the given FILE * to be written to disk if it is not
+**		already, and ensures that it will be kept after closing. If
+**		fp is not a buffered file, this is a no-op.
+**
+**	Sets errno:
+**		any value of errno specified by open()
+**		any value of errno specified by write()
+**		any value of errno specified by lseek()
+*/
+
+int
+bfcommit(fp)
+	FILE *fp;
+{
+	struct bf *bfp;
+	int retval;
+	int byteswritten;
+
+	/* If called on a normal FILE *, noop */
+	if (!bftest(fp))
+		return 0;
+
+	/* Get associated bf structure */
+	bfp = (struct bf *)fp->_cookie;
+
+	/* If already committed, noop */
+	if (bfp->bf_committed)
+		return 0;
+
+	/* Do we need to open a file? */
+	if (!bfp->bf_ondisk)
+	{
+		struct stat st;
+
+		if (tTd(58, 8))
+			dprintf("bfcommit(%s): to disk\n", bfp->bf_filename);
+
+		if (stat(bfp->bf_filename, &st) == 0)
+		{
+			errno = EEXIST;
+			return -1;
+		}
+
+		retval = OPEN(bfp->bf_filename, O_RDWR | O_CREAT | O_TRUNC,
+			      bfp->bf_filemode, bfp->bf_flags);
+
+		/* Couldn't create file: failure */
+		if (retval < 0)
+		{
+			/* errno is set implicitly by open() */
+			return -1;
+		}
+
+		bfp->bf_disk_fd = retval;
+		bfp->bf_ondisk = TRUE;
+	}
+
+	/* Write out the contents of our buffer, if we have any */
+	if (bfp->bf_buffilled > 0)
+	{
+		byteswritten = 0;
+
+		if (lseek(bfp->bf_disk_fd, 0, SEEK_SET) < 0)
+		{
+			/* errno is set implicitly by lseek() */
+			return -1;
+		}
+
+		while (byteswritten < bfp->bf_buffilled)
+		{
+			retval = write(bfp->bf_disk_fd,
+				       bfp->bf_buf + byteswritten,
+				       bfp->bf_buffilled - byteswritten);
+			if (retval < 0)
+			{
+				/* errno is set implicitly by write() */
+				return -1;
+			}
+			else
+				byteswritten += retval;
+		}
+	}
+	bfp->bf_committed = TRUE;
+
+	/* Invalidate buf; all goes to file now */
+	bfp->bf_buffilled = 0;
+	if (bfp->bf_bufsize > 0)
+	{
+		/* Don't need buffer anymore; free it */
+		bfp->bf_bufsize = 0;
+		free(bfp->bf_buf);
+	}
+	return 0;
+}
+
+/*
+**  BFREWIND -- rewinds the FILE *
+**
+**	Parameters:
+**		fp -- FILE * to rewind
+**
+**	Returns:
+**		0 on success, -1 on error
+**
+**	Side Effects:
+**		rewinds the FILE * and puts it into read mode. Normally one
+**		would bfopen() a file, write to it, then bfrewind() and
+**		fread(). If fp is not a buffered file, this is equivalent to
+**		rewind().
+**
+**	Sets errno:
+**		any value of errno specified by fseek()
+*/
+
+int
+bfrewind(fp)
+	FILE *fp;
+{
+	int err;
+
+	/* check to see if there is an error on the stream */
+	err = ferror(fp);
+
+	(void) fflush(fp);
+
+	/*
+	**  Clear error if tried to fflush()
+	**  a read-only file pointer and
+	**  there wasn't a previous error.
+	*/
+
+	if (err == 0)
+		clearerr(fp);
+
+	/* errno is set implicitly by fseek() before return */
+	return fseek(fp, 0, SEEK_SET);
+}
+
+/*
+**  BFTRUNCATE -- rewinds and truncates the FILE *
+**
+**	Parameters:
+**		fp -- FILE * to truncate
+**
+**	Returns:
+**		0 on success, -1 on error
+**
+**	Side Effects:
+**		rewinds the FILE *, truncates it to zero length, and puts it
+**		into write mode. If fp is not a buffered file, this is
+**		equivalent to a rewind() and then an ftruncate(fileno(fp), 0).
+**
+**	Sets errno:
+**		any value of errno specified by fseek()
+**		any value of errno specified by ftruncate()
+*/
+
+int
+bftruncate(fp)
+	FILE *fp;
+{
+	struct bf *bfp;
+
+	if (bfrewind(fp) < 0)
+		return -1;
+
+	if (bftest(fp))
+	{
+		/* Get bf structure */
+		bfp = (struct bf *)fp->_cookie;
+		bfp->bf_buffilled = 0;
+		bfp->bf_size = 0;
+
+		/* Need to zero the buffer */
+		if (bfp->bf_bufsize > 0)
+			memset(bfp->bf_buf, '\0', bfp->bf_bufsize);
+		if (bfp->bf_ondisk)
+			return ftruncate(bfp->bf_disk_fd, 0);
+		else
+			return 0;
+	}
+	else
+		return ftruncate(fileno(fp), 0);
+}
+
+/*
+**  BFCLOSE -- close a buffered file
+**
+**	Parameters:
+**		fp -- FILE * to close
+**
+**	Returns:
+**		0 on success, EOF on failure
+**
+**	Side Effects:
+**		Closes fp. If fp is a buffered file, unlink it if it has not
+**		already been committed. If fp is not a buffered file, this is
+**		equivalent to fclose().
+**
+**	Sets errno:
+**		any value of errno specified by fclose()
+*/
+
+int
+bfclose(fp)
+	FILE *fp;
+{
+	struct bf *bfp;
+
+	/* If called on a normal FILE *, call fclose() on it */
+	if (!bftest(fp))
+		return fclose(fp);
+
+	/* Cast cookie back to correct type */
+	bfp = (struct bf *)fp->_cookie;
+
+	/* Check reference count to see if we actually want to close */
+	if (bfp != NULL && --bfp->bf_refcount > 0)
+		return 0;
+
+	/*
+	**  In this implementation, just call fclose--the _bfclose
+	**  routine will be called by that
+	*/
+
+	return fclose(fp);
+}
+
+/*
+**  BFTEST -- test if a FILE * is a buffered file
+**
+**	Parameters:
+**		fp -- FILE * to test
+**
+**	Returns:
+**		TRUE if fp is a buffered file, FALSE otherwise.
+**
+**	Side Effects:
+**		none.
+**
+**	Sets errno:
+**		never.
+*/
+
+bool
+bftest(fp)
+	FILE *fp;
+{
+	/*
+	**  Check to see if our special I/O routines are installed
+	**  in this file structure
+	*/
+
+	return ((fp->_close == _bfclose) &&
+		(fp->_read == _bfread) &&
+		(fp->_seek == _bfseek) &&
+		(fp->_write == _bfwrite));
+}
+
+/*
+**  _BFCLOSE -- close a buffered file
+**
+**	Parameters:
+**		cookie -- cookie of file to close
+**
+**	Returns:
+**		0 to indicate success
+**
+**	Side Effects:
+**		deletes backing file, frees memory.
+**
+**	Sets errno:
+**		never.
+*/
+
+int
+_bfclose(cookie)
+	void *cookie;
+{
+	struct bf *bfp;
+
+	/* Cast cookie back to correct type */
+	bfp = (struct bf *)cookie;
+
+	/* Need to clean up the file */
+	if (bfp->bf_ondisk && !bfp->bf_committed)
+		unlink(bfp->bf_filename);
+
+	/* Need to free the buffer */
+	if (bfp->bf_bufsize > 0)
+		free(bfp->bf_buf);
+
+	/* Finally, free the structure */
+	free(bfp);
+
+	return 0;
+}
+
+/*
+**  _BFREAD -- read a buffered file
+**
+**	Parameters:
+**		cookie -- cookie of file to read
+**		buf -- buffer to fill
+**		nbytes -- how many bytes to read
+**
+**	Returns:
+**		number of bytes read or -1 indicate failure
+**
+**	Side Effects:
+**		none.
+**
+*/
+
+int
+_bfread(cookie, buf, nbytes)
+	void *cookie;
+	char *buf;
+	int nbytes;
+{
+	struct bf *bfp;
+	int count = 0;	/* Number of bytes put in buf so far */
+	int retval;
+
+	/* Cast cookie back to correct type */
+	bfp = (struct bf *)cookie;
+
+	if (bfp->bf_offset < bfp->bf_buffilled)
+	{
+		/* Need to grab some from buffer */
+		count = nbytes;
+		if ((bfp->bf_offset + count) > bfp->bf_buffilled)
+			count = bfp->bf_buffilled - bfp->bf_offset;
+
+		memcpy(buf, bfp->bf_buf + bfp->bf_offset, count);
+	}
+
+	if ((bfp->bf_offset + nbytes) > bfp->bf_buffilled)
+	{
+		/* Need to grab some from file */
+
+		if (!bfp->bf_ondisk)
+		{
+			/* Oops, the file doesn't exist. EOF. */
+			goto finished;
+		}
+
+		/* Catch a read() on an earlier failed write to disk */
+		if (bfp->bf_disk_fd < 0)
+		{
+			errno = EIO;
+			return -1;
+		}
+
+		if (lseek(bfp->bf_disk_fd,
+			  bfp->bf_offset + count, SEEK_SET) < 0)
+		{
+			if ((errno == EINVAL) || (errno == ESPIPE))
+			{
+				/*
+				**  stdio won't be expecting these
+				**  errnos from read()! Change them
+				**  into something it can understand.
+				*/
+
+				errno = EIO;
+			}
+			return -1;
+		}
+
+		while (count < nbytes)
+		{
+			retval = read(bfp->bf_disk_fd,
+				      buf + count,
+				      nbytes - count);
+			if (retval < 0)
+			{
+				/* errno is set implicitly by read() */
+				return -1;
+			}
+			else if (retval == 0)
+				goto finished;
+			else
+				count += retval;
+		}
+	}
+
+finished:
+	bfp->bf_offset += count;
+	return count;
+}
+
+/*
+**  _BFSEEK -- seek to a position in a buffered file
+**
+**	Parameters:
+**		cookie -- cookie of file to seek
+**		offset -- position to seek to
+**		whence -- how to seek
+**
+**	Returns:
+**		new file offset or -1 indicate failure
+**
+**	Side Effects:
+**		none.
+**
+*/
+
+fpos_t
+_bfseek(cookie, offset, whence)
+	void *cookie;
+	fpos_t offset;
+	int whence;
+
+{
+	struct bf *bfp;
+
+	/* Cast cookie back to correct type */
+	bfp = (struct bf *)cookie;
+
+	switch (whence)
+	{
+		case SEEK_SET:
+			bfp->bf_offset = offset;
+			break;
+
+		case SEEK_CUR:
+			bfp->bf_offset += offset;
+			break;
+
+		case SEEK_END:
+			bfp->bf_offset = bfp->bf_size + offset;
+			break;
+
+		default:
+			errno = EINVAL;
+			return -1;
+	}
+	return bfp->bf_offset;
+}
+
+/*
+**  _BFWRITE -- write to a buffered file
+**
+**	Parameters:
+**		cookie -- cookie of file to write
+**		buf -- data buffer
+**		nbytes -- how many bytes to write
+**
+**	Returns:
+**		number of bytes written or -1 indicate failure
+**
+**	Side Effects:
+**		may create backing file if over memory limit for file.
+**
+*/
+
+int
+_bfwrite(cookie, buf, nbytes)
+	void *cookie;
+	const char *buf;
+	int nbytes;
+{
+	struct bf *bfp;
+	int count = 0;	/* Number of bytes written so far */
+	int retval;
+
+	/* Cast cookie back to correct type */
+	bfp = (struct bf *)cookie;
+
+	/* If committed, go straight to disk */
+	if (bfp->bf_committed)
+	{
+		if (lseek(bfp->bf_disk_fd, bfp->bf_offset, SEEK_SET) < 0)
+		{
+			if ((errno == EINVAL) || (errno == ESPIPE))
+			{
+				/*
+				**  stdio won't be expecting these
+				**  errnos from write()! Change them
+				**  into something it can understand.
+				*/
+
+				errno = EIO;
+			}
+			return -1;
+		}
+
+		count = write(bfp->bf_disk_fd, buf, nbytes);
+		if (count < 0)
+		{
+			/* errno is set implicitly by write() */
+			return -1;
+		}
+		goto finished;
+	}
+
+	if (bfp->bf_offset < bfp->bf_bufsize)
+	{
+		/* Need to put some in buffer */
+		count = nbytes;
+		if ((bfp->bf_offset + count) > bfp->bf_bufsize)
+			count = bfp->bf_bufsize - bfp->bf_offset;
+
+		memcpy(bfp->bf_buf + bfp->bf_offset, buf, count);
+		if ((bfp->bf_offset + count) > bfp->bf_buffilled)
+			bfp->bf_buffilled = bfp->bf_offset + count;
+	}
+
+	if ((bfp->bf_offset + nbytes) > bfp->bf_bufsize)
+	{
+		/* Need to put some in file */
+		if (!bfp->bf_ondisk)
+		{
+			/* Oops, the file doesn't exist. */
+			if (tTd(58, 8))
+				dprintf("_bfwrite(%s): to disk\n",
+					bfp->bf_filename);
+
+			retval = OPEN(bfp->bf_filename,
+				      O_RDWR | O_CREAT | O_TRUNC,
+				      bfp->bf_filemode, bfp->bf_flags);
+
+			/* Couldn't create file: failure */
+			if (retval < 0)
+			{
+				/*
+				**  stdio may not be expecting these
+				**  errnos from write()! Change to
+				**  something which it can understand.
+				**  Note that ENOSPC and EDQUOT are saved
+				**  because they are actually valid for
+				**  write().
+				*/
+
+				if (!((errno == ENOSPC) || (errno == EDQUOT)))
+					errno = EIO;
+
+				return -1;
+			}
+			bfp->bf_disk_fd = retval;
+			bfp->bf_ondisk = TRUE;
+		}
+
+		/* Catch a write() on an earlier failed write to disk */
+		if (bfp->bf_ondisk && bfp->bf_disk_fd < 0)
+		{
+			errno = EIO;
+			return -1;
+		}
+
+		if (lseek(bfp->bf_disk_fd,
+			  bfp->bf_offset + count, SEEK_SET) < 0)
+		{
+			if ((errno == EINVAL) || (errno == ESPIPE))
+			{
+				/*
+				**  stdio won't be expecting these
+				**  errnos from write()! Change them into
+				**  something which it can understand.
+				*/
+
+				errno = EIO;
+			}
+			return -1;
+		}
+
+		while (count < nbytes)
+		{
+			retval = write(bfp->bf_disk_fd, buf + count,
+				       nbytes - count);
+			if (retval < 0)
+			{
+				/* errno is set implicitly by write() */
+				return -1;
+			}
+			else
+				count += retval;
+		}
+	}
+
+finished:
+	bfp->bf_offset += count;
+	if (bfp->bf_offset > bfp->bf_size)
+		bfp->bf_size = bfp->bf_offset;
+	return count;
+}
diff --git a/contrib/sendmail/src/bf_torek.h b/contrib/sendmail/src/bf_torek.h
new file mode 100644
index 0000000..48c3995
--- /dev/null
+++ b/contrib/sendmail/src/bf_torek.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ *	$Id: bf_torek.h,v 8.6 1999/11/04 19:31:25 ca Exp $
+ *
+ * Contributed by Exactis.com, Inc.
+ *
+ */
+
+#ifndef BF_TOREK_H
+#define BF_TOREK_H 1
+/*
+**  Data structure for storing information about each buffered file
+*/
+
+struct bf
+{
+	bool	bf_committed;	/* Has this buffered file been committed? */
+	bool	bf_ondisk;	/* On disk: committed or buffer overflow */
+	int	bf_flags;
+	int	bf_disk_fd;	/* If on disk, associated file descriptor */
+	char	*bf_buf;	/* Memory buffer */
+	int	bf_bufsize;	/* Length of above buffer */
+	int	bf_buffilled;	/* Bytes of buffer actually filled */
+	char	*bf_filename;	/* Name of buffered file, if ever committed */
+	mode_t	bf_filemode;	/* Mode of buffered file, if ever committed */
+	fpos_t	bf_offset;	/* Currect file offset */
+	int	bf_size;	/* Total current size of file */
+	int	bf_refcount;	/* Reference count */
+};
+
+/* Our lower-level I/O routines */
+extern int	_bfclose __P((void *));
+extern int	_bfread __P((void *, char *, int));
+extern fpos_t	_bfseek __P((void *, fpos_t, int));
+extern int	_bfwrite __P((void *, const char *, int));
+#endif /* BF_TOREK_H */
diff --git a/contrib/sendmail/src/clock.c b/contrib/sendmail/src/clock.c
index e6466e6..33b38f4 100644
--- a/contrib/sendmail/src/clock.c
+++ b/contrib/sendmail/src/clock.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,14 +12,17 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)clock.c	8.35 (Berkeley) 2/2/1999";
-#endif /* not lint */
+static char id[] = "@(#)$Id: clock.c,v 8.52.18.2 2000/05/25 23:33:30 gshapiro Exp $";
+#endif /* ! lint */
 
-# include "sendmail.h"
+#include <sendmail.h>
+
+#ifndef sigmask
+# define sigmask(s)	(1 << ((s) - 1))
+#endif /* ! sigmask */
+
+static void	endsleep __P((void));
 
-# ifndef sigmask
-#  define sigmask(s)	(1 << ((s) - 1))
-# endif
 
 /*
 **  SETEVENT -- set an event to happen at a specific time.
@@ -40,8 +44,6 @@ static char sccsid[] = "@(#)clock.c	8.35 (Berkeley) 2/2/1999";
 
 EVENT	*FreeEventList;		/* list of free events */
 
-static SIGFUNC_DECL	tick __P((int));
-
 EVENT *
 setevent(intvl, func, arg)
 	time_t intvl;
@@ -55,8 +57,8 @@ setevent(intvl, func, arg)
 
 	if (intvl <= 0)
 	{
-		syserr("554 setevent: intvl=%ld\n", intvl);
-		return (NULL);
+		syserr("554 5.3.0 setevent: intvl=%ld\n", intvl);
+		return NULL;
 	}
 
 	wasblocked = blocksignal(SIGALRM);
@@ -83,16 +85,16 @@ setevent(intvl, func, arg)
 	*evp = ev;
 
 	if (tTd(5, 5))
-		printf("setevent: intvl=%ld, for=%ld, func=%lx, arg=%d, ev=%lx\n",
+		dprintf("setevent: intvl=%ld, for=%ld, func=%lx, arg=%d, ev=%lx\n",
 			(long) intvl, (long)(now + intvl), (u_long) func,
 			arg, (u_long) ev);
 
-	setsignal(SIGALRM, tick);
+	(void) setsignal(SIGALRM, tick);
 	intvl = EventQueue->ev_time - now;
 	(void) alarm((unsigned) intvl < 1 ? 1 : intvl);
 	if (wasblocked == 0)
 		(void) releasesignal(SIGALRM);
-	return (ev);
+	return ev;
 }
 /*
 **  CLREVENT -- remove an event from the event queue.
@@ -115,7 +117,7 @@ clrevent(ev)
 	int wasblocked;
 
 	if (tTd(5, 5))
-		printf("clrevent: ev=%lx\n", (u_long) ev);
+		dprintf("clrevent: ev=%lx\n", (u_long) ev);
 	if (ev == NULL)
 		return;
 
@@ -137,9 +139,52 @@ clrevent(ev)
 
 	/* restore clocks and pick up anything spare */
 	if (wasblocked == 0)
-		releasesignal(SIGALRM);
+		(void) releasesignal(SIGALRM);
 	if (EventQueue != NULL)
-		kill(getpid(), SIGALRM);
+		(void) kill(getpid(), SIGALRM);
+	else
+	{
+		/* nothing left in event queue, no need for an alarm */
+		(void) alarm(0);
+	}
+}
+/*
+**  CLEAR_EVENTS -- remove all events from the event queue.
+**
+**	Parameters:
+**		none.
+**
+**	Returns:
+**		none.
+*/
+
+void
+clear_events()
+{
+	register EVENT *ev;
+	int wasblocked;
+
+	if (tTd(5, 5))
+		dprintf("clear_events: EventQueue=%lx\n", (u_long) EventQueue);
+
+	if (EventQueue == NULL)
+		return;
+
+	/* nothing will be left in event queue, no need for an alarm */
+	(void) alarm(0);
+	wasblocked = blocksignal(SIGALRM);
+
+	/* find the end of the EventQueue */
+	for (ev = EventQueue; ev->ev_link != NULL; ev = ev->ev_link)
+		continue;
+
+	ev->ev_link = FreeEventList;
+	FreeEventList = EventQueue;
+	EventQueue = NULL;
+
+	/* restore clocks and pick up anything spare */
+	if (wasblocked == 0)
+		(void) releasesignal(SIGALRM);
 }
 /*
 **  TICK -- take a clock tick
@@ -159,20 +204,20 @@ clrevent(ev)
 */
 
 /* ARGSUSED */
-static SIGFUNC_DECL
+SIGFUNC_DECL
 tick(sig)
 	int sig;
 {
 	register time_t now;
 	register EVENT *ev;
 	int mypid = getpid();
-	int olderrno = errno;
+	int save_errno = errno;
 
 	(void) alarm(0);
 	now = curtime();
 
 	if (tTd(5, 4))
-		printf("tick: now=%ld\n", (long) now);
+		dprintf("tick: now=%ld\n", (long) now);
 
 	/* reset signal in case System V semantics */
 	(void) setsignal(SIGALRM, tick);
@@ -187,7 +232,7 @@ tick(sig)
 		ev = EventQueue;
 		EventQueue = EventQueue->ev_link;
 		if (tTd(5, 6))
-			printf("tick: ev=%lx, func=%lx, arg=%d, pid=%d\n",
+			dprintf("tick: ev=%lx, func=%lx, arg=%d, pid=%d\n",
 				(u_long) ev, (u_long) ev->ev_func,
 				ev->ev_arg, ev->ev_pid);
 
@@ -208,14 +253,14 @@ tick(sig)
 		}
 
 		/* call ev_func */
-		errno = olderrno;
+		errno = save_errno;
 		(*f)(arg);
 		(void) alarm(0);
 		now = curtime();
 	}
 	if (EventQueue != NULL)
 		(void) alarm((unsigned) (EventQueue->ev_time - now));
-	errno = olderrno;
+	errno = save_errno;
 	return SIGFUNC_RETURN;
 }
 /*
@@ -235,12 +280,12 @@ tick(sig)
 **		be run during that interval.
 */
 
+
 static bool	SleepDone;
-static void	endsleep __P((void));
 
 #ifndef SLEEP_T
 # define SLEEP_T	unsigned int
-#endif
+#endif /* ! SLEEP_T */
 
 SLEEP_T
 sleep(intvl)
@@ -254,9 +299,9 @@ sleep(intvl)
 	(void) setevent((time_t) intvl, endsleep, 0);
 	was_held = releasesignal(SIGALRM);
 	while (!SleepDone)
-		pause();
+		(void) pause();
 	if (was_held > 0)
-		blocksignal(SIGALRM);
+		(void) blocksignal(SIGALRM);
 	return (SLEEP_T) 0;
 }
 
diff --git a/contrib/sendmail/src/collect.c b/contrib/sendmail/src/collect.c
index a8916b1..f6c3682 100644
--- a/contrib/sendmail/src/collect.c
+++ b/contrib/sendmail/src/collect.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,13 +12,17 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)collect.c	8.93 (Berkeley) 1/26/1999";
-#endif /* not lint */
+static char id[] = "@(#)$Id: collect.c,v 8.136.4.3 2000/06/22 22:13:45 geir Exp $";
+#endif /* ! lint */
 
-# include <errno.h>
-# include "sendmail.h"
+#include <sendmail.h>
 
-/*
+
+static void	collecttimeout __P((time_t));
+static void	dferror __P((FILE *volatile, char *, ENVELOPE *));
+static void	eatfrom __P((char *volatile, ENVELOPE *));
+
+/*
 **  COLLECT -- read & parse message header & make temp file.
 **
 **	Creates a temporary file name and copies the standard
@@ -42,7 +47,6 @@ static char sccsid[] = "@(#)collect.c	8.93 (Berkeley) 1/26/1999";
 */
 
 static jmp_buf	CtxCollectTimeout;
-static void	collecttimeout __P((time_t));
 static bool	CollectProgress;
 static EVENT	*CollectTimeout;
 
@@ -66,7 +70,7 @@ collect(fp, smtpmode, hdrp, e)
 	HDR **hdrp;
 	register ENVELOPE *e;
 {
-	register FILE *volatile tf;
+	register FILE *volatile df;
 	volatile bool ignrdot = smtpmode ? FALSE : IgnrDot;
 	volatile time_t dbto = smtpmode ? TimeOuts.to_datablock : 0;
 	register char *volatile bp;
@@ -77,13 +81,17 @@ collect(fp, smtpmode, hdrp, e)
 	volatile int buflen;
 	volatile int istate;
 	volatile int mstate;
+	volatile int hdrslen = 0;
+	volatile int numhdrs = 0;
+	volatile int dfd;
+	volatile int afd;
+	volatile int rstat = EX_OK;
 	u_char *volatile pbp;
-	int hdrslen = 0;
 	u_char peekbuf[8];
-	char dfname[MAXQFNAME];
+	char hsize[16];
+	char hnum[16];
+	char dfname[MAXPATHLEN];
 	char bufbuf[MAXLINE];
-	extern bool isheader __P((char *));
-	extern void tferror __P((FILE *volatile, ENVELOPE *));
 
 	headeronly = hdrp != NULL;
 
@@ -93,18 +101,33 @@ collect(fp, smtpmode, hdrp, e)
 
 	if (!headeronly)
 	{
-		int tfd;
 		struct stat stbuf;
 
-		strcpy(dfname, queuename(e, 'd'));
-		tfd = dfopen(dfname, O_WRONLY|O_CREAT|O_TRUNC, FileMode, SFF_ANYFILE);
-		if (tfd < 0 || (tf = fdopen(tfd, "w")) == NULL)
+		(void) strlcpy(dfname, queuename(e, 'd'), sizeof dfname);
+#if _FFR_QUEUE_FILE_MODE
+		{
+			MODE_T oldumask;
+
+			if (bitset(S_IWGRP, QueueFileMode))
+				oldumask = umask(002);
+			df = bfopen(dfname, QueueFileMode, DataFileBufferSize,
+				    SFF_OPENASROOT);
+			if (bitset(S_IWGRP, QueueFileMode))
+				(void) umask(oldumask);
+		}
+#else /* _FFR_QUEUE_FILE_MODE */
+		df = bfopen(dfname, FileMode, DataFileBufferSize,
+			    SFF_OPENASROOT);
+#endif /* _FFR_QUEUE_FILE_MODE */
+		if (df == NULL)
 		{
 			syserr("Cannot create %s", dfname);
 			e->e_flags |= EF_NO_BODY_RETN;
 			finis(TRUE, ExitStat);
+			/* NOTREACHED */
 		}
-		if (fstat(fileno(tf), &stbuf) < 0)
+		dfd = fileno(df);
+		if (dfd < 0 || fstat(dfd, &stbuf) < 0)
 			e->e_dfino = -1;
 		else
 		{
@@ -124,7 +147,7 @@ collect(fp, smtpmode, hdrp, e)
 		message("354 Enter mail, end with \".\" on a line by itself");
 
 	if (tTd(30, 2))
-		printf("collect\n");
+		dprintf("collect\n");
 
 	/*
 	**  Read the message.
@@ -152,7 +175,7 @@ collect(fp, smtpmode, hdrp, e)
 				    "timeout waiting for input from %s during message collect",
 				    CurHostName ? CurHostName : "<local machine>");
 			errno = 0;
-			usrerr("451 timeout waiting for input during message collect");
+			usrerr("451 4.4.1 timeout waiting for input during message collect");
 			goto readerr;
 		}
 		CollectTimeout = setevent(dbto, collecttimeout, dbto);
@@ -161,7 +184,7 @@ collect(fp, smtpmode, hdrp, e)
 	for (;;)
 	{
 		if (tTd(30, 35))
-			printf("top, istate=%d, mstate=%d\n", istate, mstate);
+			dprintf("top, istate=%d, mstate=%d\n", istate, mstate);
 		for (;;)
 		{
 			if (pbp > peekbuf)
@@ -180,12 +203,12 @@ collect(fp, smtpmode, hdrp, e)
 				if (TrafficLogFile != NULL && !headeronly)
 				{
 					if (istate == IS_BOL)
-						fprintf(TrafficLogFile, "%05d <<< ",
+						(void) fprintf(TrafficLogFile, "%05d <<< ",
 							(int) getpid());
 					if (c == EOF)
-						fprintf(TrafficLogFile, "[EOF]\n");
+						(void) fprintf(TrafficLogFile, "[EOF]\n");
 					else
-						putc(c, TrafficLogFile);
+						(void) putc(c, TrafficLogFile);
 				}
 				if (c == EOF)
 					goto readerr;
@@ -195,8 +218,8 @@ collect(fp, smtpmode, hdrp, e)
 					HasEightBits |= bitset(0x80, c);
 			}
 			if (tTd(30, 94))
-				printf("istate=%d, c=%c (0x%x)\n",
-					istate, c, c);
+				dprintf("istate=%d, c=%c (0x%x)\n",
+					istate, (char) c, c);
 			switch (istate)
 			{
 			  case IS_BOL:
@@ -244,7 +267,7 @@ collect(fp, smtpmode, hdrp, e)
 					istate = IS_BOL;
 				else
 				{
-					ungetc(c, fp);
+					(void) ungetc(c, fp);
 					c = '\r';
 					istate = IS_NORM;
 				}
@@ -270,9 +293,9 @@ bufferchar:
 				/* just put the character out */
 				if (MaxMessageSize <= 0 ||
 				    e->e_msgsize <= MaxMessageSize)
-					putc(c, tf);
+					(void) putc(c, df);
 
-				/* fall through */
+				/* FALLTHROUGH */
 
 			  case MS_DISCARD:
 				continue;
@@ -293,16 +316,18 @@ bufferchar:
 				else
 					buflen += MEMCHUNKSIZE;
 				buf = xalloc(buflen);
-				bcopy(obuf, buf, bp - obuf);
+				memmove(buf, obuf, bp - obuf);
 				bp = &buf[bp - obuf];
 				if (obuf != bufbuf)
 					free(obuf);
 			}
 			if (c >= 0200 && c <= 0237)
 			{
-#if 0	/* causes complaints -- figure out something for 8.9 */
+#if 0	/* causes complaints -- figure out something for 8.11 */
 				usrerr("Illegal character 0x%x in header", c);
-#endif
+#else /* 0 */
+				/* EMPTY */
+#endif /* 0 */
 			}
 			else if (c != '\0')
 			{
@@ -317,8 +342,9 @@ bufferchar:
 					errno = 0;
 					e->e_flags |= EF_CLRQUEUE;
 					e->e_status = "5.6.0";
-					usrerr("552 Headers too large (%d max)",
-						MaxHeadersLength);
+					usrerrenh(e->e_status,
+						  "552 Headers too large (%d max)",
+						  MaxHeadersLength);
 					mstate = MS_DISCARD;
 				}
 			}
@@ -329,7 +355,7 @@ bufferchar:
 
 nextstate:
 		if (tTd(30, 35))
-			printf("nextstate, istate=%d, mstate=%d, line = \"%s\"\n",
+			dprintf("nextstate, istate=%d, mstate=%d, line = \"%s\"\n",
 				istate, mstate, buf);
 		switch (mstate)
 		{
@@ -338,14 +364,12 @@ nextstate:
 #ifndef NOTUNIX
 			if (strncmp(buf, "From ", 5) == 0)
 			{
-				extern void eatfrom __P((char *volatile, ENVELOPE *));
-
 				bp = buf;
 				eatfrom(buf, e);
 				continue;
 			}
-#endif
-			/* fall through */
+#endif /* ! NOTUNIX */
+			/* FALLTHROUGH */
 
 		  case MS_HEADER:
 			if (!isheader(buf))
@@ -362,7 +386,7 @@ nextstate:
 				c = getc(fp);
 			} while (errno == EINTR);
 			if (c != EOF)
-				ungetc(c, fp);
+				(void) ungetc(c, fp);
 			if (c == ' ' || c == '\t')
 			{
 				/* yep -- defer this */
@@ -374,18 +398,32 @@ nextstate:
 				bp++;
 			*bp = '\0';
 
-			if (bitset(H_EOH, chompheader(buf, FALSE, hdrp, e)))
+			if (bitset(H_EOH, chompheader(buf,
+						      CHHDR_CHECK | CHHDR_USER,
+						      hdrp, e)))
 			{
 				mstate = MS_BODY;
 				goto nextstate;
 			}
+			numhdrs++;
 			break;
 
 		  case MS_BODY:
 			if (tTd(30, 1))
-				printf("EOH\n");
+				dprintf("EOH\n");
+
 			if (headeronly)
 				goto readerr;
+
+			/* call the end-of-header check ruleset */
+			snprintf(hnum, sizeof hnum, "%d", numhdrs);
+			snprintf(hsize, sizeof hsize, "%d", hdrslen);
+			if (tTd(30, 10))
+				dprintf("collect: rscheck(\"check_eoh\", \"%s $| %s\")\n",
+					hnum, hsize);
+			rstat = rscheck("check_eoh", hnum, hsize, e, FALSE,
+					TRUE, 4);
+
 			bp = buf;
 
 			/* toss blank line */
@@ -402,7 +440,7 @@ nextstate:
 			    e->e_msgsize <= MaxMessageSize)
 			{
 				while (*bp != '\0')
-					putc(*bp++, tf);
+					(void) putc(*bp++, df);
 			}
 			break;
 		}
@@ -415,7 +453,7 @@ readerr:
 		const char *errmsg = errstring(errno);
 
 		if (tTd(30, 1))
-			printf("collect: premature EOM: %s\n", errmsg);
+			dprintf("collect: premature EOM: %s\n", errmsg);
 		if (LogLevel >= 2)
 			sm_syslog(LOG_WARNING, e->e_id,
 				"collect: premature EOM: %s", errmsg);
@@ -428,14 +466,65 @@ readerr:
 	if (headeronly)
 		return;
 
-	if (tf != NULL &&
-	    (fflush(tf) != 0 || ferror(tf) ||
-	     (SuperSafe && fsync(fileno(tf)) < 0) ||
-	     fclose(tf) < 0))
+	if (df == NULL)
 	{
-		tferror(tf, e);
+		/* skip next few clauses */
+		/* EMPTY */
+	}
+	else if (fflush(df) != 0 || ferror(df))
+	{
+		dferror(df, "fflush||ferror", e);
+		flush_errors(TRUE);
+		finis(TRUE, ExitStat);
+		/* NOTREACHED */
+	}
+	else if (!SuperSafe)
+	{
+		/* skip next few clauses */
+		/* EMPTY */
+	}
+	else if ((afd = fileno(df)) >= 0 && fsync(afd) < 0)
+	{
+		dferror(df, "fsync", e);
 		flush_errors(TRUE);
 		finis(TRUE, ExitStat);
+		/* NOTREACHED */
+	}
+	else if (bfcommit(df) < 0)
+	{
+		int save_errno = errno;
+
+		if (save_errno == EEXIST)
+		{
+			char *dfile;
+			struct stat st;
+
+			dfile = queuename(e, 'd');
+			if (stat(dfile, &st) < 0)
+				st.st_size = -1;
+			errno = EEXIST;
+			syserr("collect: bfcommit(%s): already on disk, size = %ld",
+			       dfile, st.st_size);
+			dfd = fileno(df);
+			if (dfd >= 0)
+				dumpfd(dfd, TRUE, TRUE);
+		}
+		errno = save_errno;
+		dferror(df, "bfcommit", e);
+		flush_errors(TRUE);
+		finis(save_errno != EEXIST, ExitStat);
+	}
+	else if (bfclose(df) < 0)
+	{
+		dferror(df, "bfclose", e);
+		flush_errors(TRUE);
+		finis(TRUE, ExitStat);
+		/* NOTREACHED */
+	}
+	else
+	{
+		/* everything is happily flushed to disk */
+		df = NULL;
 	}
 
 	/* An EOF when running SMTP is an error */
@@ -461,11 +550,11 @@ readerr:
 			    shortenstring(e->e_from.q_paddr, MAXSHORTSTR),
 			    errstring(errno));
 		if (feof(fp))
-			usrerr("451 collect: %s on connection from %s, from=%s",
+			usrerr("451 4.4.1 collect: %s on connection from %s, from=%s",
 				problem, host,
 				shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
 		else
-			syserr("451 collect: %s on connection from %s, from=%s",
+			syserr("451 4.4.1 collect: %s on connection from %s, from=%s",
 				problem, host,
 				shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
 
@@ -478,6 +567,7 @@ readerr:
 		if (InChild)
 			ExitStat = EX_QUIT;
 		finis(TRUE, ExitStat);
+		/* NOTREACHED */
 	}
 
 	/*
@@ -494,7 +584,6 @@ readerr:
 	if (OpMode != MD_VERIFY)
 		markstats(e, (ADDRESS *) NULL, FALSE);
 
-#if _FFR_DSN_RRT_OPTION
 	/*
 	**  If we have a Return-Receipt-To:, turn it into a DSN.
 	*/
@@ -507,7 +596,6 @@ readerr:
 			if (!bitset(QHASNOTIFY, q->q_flags))
 				q->q_flags |= QHASNOTIFY|QPINGONSUCCESS;
 	}
-#endif
 
 	/*
 	**  Add an Apparently-To: line if we have no recipient lines.
@@ -539,11 +627,11 @@ readerr:
 			break;
 
 		  case NRA_ADD_BCC:
-			addheader("Bcc", " ", &e->e_header);
+			addheader("Bcc", " ", 0, &e->e_header);
 			break;
 
 		  case NRA_ADD_TO_UNDISCLOSED:
-			addheader("To", "undisclosed-recipients:;", &e->e_header);
+			addheader("To", "undisclosed-recipients:;", 0, &e->e_header);
 			break;
 		}
 
@@ -554,9 +642,9 @@ readerr:
 				if (q->q_alias != NULL)
 					continue;
 				if (tTd(30, 3))
-					printf("Adding %s: %s\n",
+					dprintf("Adding %s: %s\n",
 						hdr, q->q_paddr);
-				addheader(hdr, q->q_paddr, &e->e_header);
+				addheader(hdr, q->q_paddr, 0, &e->e_header);
 			}
 		}
 	}
@@ -566,8 +654,9 @@ readerr:
 	{
 		e->e_flags |= EF_NO_BODY_RETN|EF_CLRQUEUE;
 		e->e_status = "5.2.3";
-		usrerr("552 Message exceeds maximum fixed size (%ld)",
-			MaxMessageSize);
+		usrerrenh(e->e_status,
+			  "552 Message exceeds maximum fixed size (%ld)",
+			  MaxMessageSize);
 		if (LogLevel > 6)
 			sm_syslog(LOG_NOTICE, e->e_id,
 				"message size (%ld) exceeds maximum (%ld)",
@@ -582,7 +671,7 @@ readerr:
 		    !bitset(EF_IS_MIME, e->e_flags))
 		{
 			e->e_status = "5.6.1";
-			usrerr("554 Eight bit data not allowed");
+			usrerrenh(e->e_status, "554 Eight bit data not allowed");
 		}
 	}
 	else
@@ -593,12 +682,20 @@ readerr:
 			e->e_bodytype = "7BIT";
 	}
 
-	if ((e->e_dfp = fopen(dfname, "r")) == NULL)
+	if (SuperSafe)
 	{
-		/* we haven't acked receipt yet, so just chuck this */
-		syserr("Cannot reopen %s", dfname);
-		finis(TRUE, ExitStat);
+		if ((e->e_dfp = fopen(dfname, "r")) == NULL)
+		{
+			/* we haven't acked receipt yet, so just chuck this */
+			syserr("Cannot reopen %s", dfname);
+			finis(TRUE, ExitStat);
+			/* NOTREACHED */
+		}
 	}
+	else
+		e->e_dfp = df;
+	if (e->e_dfp == NULL)
+		syserr("!collect: no e_dfp");
 }
 
 
@@ -614,11 +711,12 @@ collecttimeout(timeout)
 	CollectTimeout = setevent(timeout, collecttimeout, timeout);
 	CollectProgress = FALSE;
 }
-/*
-**  TFERROR -- signal error on writing the temporary file.
+/*
+**  DFERROR -- signal error on writing the data file.
 **
 **	Parameters:
-**		tf -- the file pointer for the temporary file.
+**		df -- the file pointer for the data file.
+**		msg -- detailed message.
 **		e -- the current envelope.
 **
 **	Returns:
@@ -629,62 +727,67 @@ collecttimeout(timeout)
 **		Arranges for following output to go elsewhere.
 */
 
-void
-tferror(tf, e)
-	FILE *volatile tf;
+static void
+dferror(df, msg, e)
+	FILE *volatile df;
+	char *msg;
 	register ENVELOPE *e;
 {
+	char *dfname;
+
+	dfname = queuename(e, 'd');
 	setstat(EX_IOERR);
 	if (errno == ENOSPC)
 	{
 #if STAT64 > 0
 		struct stat64 st;
-#else
+#else /* STAT64 > 0 */
 		struct stat st;
-#endif
+#endif /* STAT64 > 0 */
 		long avail;
 		long bsize;
-		extern long freediskspace __P((char *, long *));
 
 		e->e_flags |= EF_NO_BODY_RETN;
 
 		if (
 #if STAT64 > 0
-		    fstat64(fileno(tf), &st) 
-#else
-		    fstat(fileno(tf), &st) 
-#endif
+		    fstat64(fileno(df), &st)
+#else /* STAT64 > 0 */
+		    fstat(fileno(df), &st)
+#endif /* STAT64 > 0 */
 		    < 0)
 		  st.st_size = 0;
-		(void) freopen(queuename(e, 'd'), "w", tf);
+		(void) freopen(dfname, "w", df);
 		if (st.st_size <= 0)
-			fprintf(tf, "\n*** Mail could not be accepted");
+			fprintf(df, "\n*** Mail could not be accepted");
+		/*CONSTCOND*/
 		else if (sizeof st.st_size > sizeof (long))
-			fprintf(tf, "\n*** Mail of at least %s bytes could not be accepted\n",
+			fprintf(df, "\n*** Mail of at least %s bytes could not be accepted\n",
 				quad_to_string(st.st_size));
 		else
-			fprintf(tf, "\n*** Mail of at least %lu bytes could not be accepted\n",
+			fprintf(df, "\n*** Mail of at least %lu bytes could not be accepted\n",
 				(unsigned long) st.st_size);
-		fprintf(tf, "*** at %s due to lack of disk space for temp file.\n",
+		fprintf(df, "*** at %s due to lack of disk space for temp file.\n",
 			MyHostName);
-		avail = freediskspace(QueueDir, &bsize);
+		avail = freediskspace(qid_printqueue(e->e_queuedir), &bsize);
 		if (avail > 0)
 		{
 			if (bsize > 1024)
 				avail *= bsize / 1024;
 			else if (bsize < 1024)
 				avail /= 1024 / bsize;
-			fprintf(tf, "*** Currently, %ld kilobytes are available for mail temp files.\n",
+			fprintf(df, "*** Currently, %ld kilobytes are available for mail temp files.\n",
 				avail);
 		}
 		e->e_status = "4.3.1";
-		usrerr("452 Out of disk space for temp file");
+		usrerrenh(e->e_status, "452 Out of disk space for temp file");
 	}
 	else
-		syserr("collect: Cannot write tf%s", e->e_id);
-	if (freopen("/dev/null", "w", tf) == NULL)
+		syserr("collect: Cannot write %s (%s, uid=%d)",
+			dfname, msg, geteuid());
+	if (freopen("/dev/null", "w", df) == NULL)
 		sm_syslog(LOG_ERR, e->e_id,
-			  "tferror: freopen(\"/dev/null\") failed: %s",
+			  "dferror: freopen(\"/dev/null\") failed: %s",
 			  errstring(errno));
 }
 /*
@@ -704,21 +807,21 @@ tferror(tf, e)
 **		such as the date.
 */
 
-# ifndef NOTUNIX
+#ifndef NOTUNIX
 
-char	*DowList[] =
+static char	*DowList[] =
 {
 	"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", NULL
 };
 
-char	*MonthList[] =
+static char	*MonthList[] =
 {
 	"Jan", "Feb", "Mar", "Apr", "May", "Jun",
 	"Jul", "Aug", "Sep", "Oct", "Nov", "Dec",
 	NULL
 };
 
-void
+static void
 eatfrom(fm, e)
 	char *volatile fm;
 	register ENVELOPE *e;
@@ -727,7 +830,7 @@ eatfrom(fm, e)
 	register char **dt;
 
 	if (tTd(30, 2))
-		printf("eatfrom(%s)\n", fm);
+		dprintf("eatfrom(%s)\n", fm);
 
 	/* find the date part */
 	p = fm;
@@ -762,11 +865,9 @@ eatfrom(fm, e)
 
 		/* we have found a date */
 		q = xalloc(25);
-		(void) strncpy(q, p, 25);
-		q[24] = '\0';
+		(void) strlcpy(q, p, 25);
 		q = arpadate(q);
 		define('a', newstr(q), e);
 	}
 }
-
-# endif /* NOTUNIX */
+#endif /* ! NOTUNIX */
diff --git a/contrib/sendmail/src/conf.c b/contrib/sendmail/src/conf.c
index 3cfa73b..30b41a4 100644
--- a/contrib/sendmail/src/conf.c
+++ b/contrib/sendmail/src/conf.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,14 +12,28 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)conf.c	8.452 (Berkeley) 1/26/1999";
-#endif /* not lint */
+static char id[] = "@(#)$Id: conf.c,v 8.646.2.2.2.23 2000/07/15 17:35:18 gshapiro Exp $";
+#endif /* ! lint */
+
+#include <sendmail.h>
+#include <sendmail/pathnames.h>
 
-# include "sendmail.h"
-# include "pathnames.h"
 # include <sys/ioctl.h>
 # include <sys/param.h>
-# include <limits.h>
+
+#include <limits.h>
+#if NETINET || NETINET6
+# include <arpa/inet.h>
+#endif /* NETINET || NETINET6 */
+#if HASULIMIT && defined(HPUX11)
+# include <ulimit.h>
+#endif /* HASULIMIT && defined(HPUX11) */
+
+
+static void	setupmaps __P((void));
+static void	setupmailers __P((void));
+static int	get_num_procs_online __P((void));
+
 
 /*
 **  CONF.C -- Sendmail Configuration Tables.
@@ -54,51 +69,52 @@ static char sccsid[] = "@(#)conf.c	8.452 (Berkeley) 1/26/1999";
 
 struct hdrinfo	HdrInfo[] =
 {
-		/* originator fields, most to least significant  */
-	{ "resent-sender",		H_FROM|H_RESENT			},
-	{ "resent-from",		H_FROM|H_RESENT			},
-	{ "resent-reply-to",		H_FROM|H_RESENT			},
-	{ "sender",			H_FROM				},
-	{ "from",			H_FROM				},
-	{ "reply-to",			H_FROM				},
-	{ "errors-to",			H_FROM|H_ERRORSTO		},
-	{ "full-name",			H_ACHECK			},
-	{ "return-receipt-to",		H_RECEIPTTO			},
+		/* originator fields, most to least significant */
+	{ "resent-sender",		H_FROM|H_RESENT,	NULL	},
+	{ "resent-from",		H_FROM|H_RESENT,	NULL	},
+	{ "resent-reply-to",		H_FROM|H_RESENT,	NULL	},
+	{ "sender",			H_FROM,			NULL	},
+	{ "from",			H_FROM,			NULL	},
+	{ "reply-to",			H_FROM,			NULL	},
+	{ "errors-to",			H_FROM|H_ERRORSTO,	NULL	},
+	{ "full-name",			H_ACHECK,		NULL	},
+	{ "return-receipt-to",		H_RECEIPTTO,		NULL	},
 
 		/* destination fields */
-	{ "to",				H_RCPT				},
-	{ "resent-to",			H_RCPT|H_RESENT			},
-	{ "cc",				H_RCPT				},
-	{ "resent-cc",			H_RCPT|H_RESENT			},
-	{ "bcc",			H_RCPT|H_BCC			},
-	{ "resent-bcc",			H_RCPT|H_BCC|H_RESENT		},
-	{ "apparently-to",		H_RCPT				},
+	{ "to",				H_RCPT,			NULL	},
+	{ "resent-to",			H_RCPT|H_RESENT,	NULL	},
+	{ "cc",				H_RCPT,			NULL	},
+	{ "resent-cc",			H_RCPT|H_RESENT,	NULL	},
+	{ "bcc",			H_RCPT|H_BCC,		NULL	},
+	{ "resent-bcc",			H_RCPT|H_BCC|H_RESENT,	NULL	},
+	{ "apparently-to",		H_RCPT,			NULL	},
 
 		/* message identification and control */
-	{ "message-id",			0				},
-	{ "resent-message-id",		H_RESENT			},
-	{ "message",			H_EOH				},
-	{ "text",			H_EOH				},
+	{ "message-id",			0,			NULL	},
+	{ "resent-message-id",		H_RESENT,		NULL	},
+	{ "message",			H_EOH,			NULL	},
+	{ "text",			H_EOH,			NULL	},
 
 		/* date fields */
-	{ "date",			0				},
-	{ "resent-date",		H_RESENT			},
+	{ "date",			0,			NULL	},
+	{ "resent-date",		H_RESENT,		NULL	},
 
 		/* trace fields */
-	{ "received",			H_TRACE|H_FORCE			},
-	{ "x400-received",		H_TRACE|H_FORCE			},
-	{ "via",			H_TRACE|H_FORCE			},
-	{ "mail-from",			H_TRACE|H_FORCE			},
+	{ "received",			H_TRACE|H_FORCE,	NULL	},
+	{ "x400-received",		H_TRACE|H_FORCE,	NULL	},
+	{ "via",			H_TRACE|H_FORCE,	NULL	},
+	{ "mail-from",			H_TRACE|H_FORCE,	NULL	},
 
 		/* miscellaneous fields */
-	{ "comments",			H_FORCE|H_ENCODABLE		},
-	{ "return-path",		H_FORCE|H_ACHECK		},
-	{ "content-transfer-encoding",	H_CTE				},
-	{ "content-type",		H_CTYPE				},
-	{ "content-length",		H_ACHECK			},
-	{ "subject",			H_ENCODABLE			},
-
-	{ NULL,				0				}
+	{ "comments",			H_FORCE|H_ENCODABLE,	NULL	},
+	{ "return-path",		H_FORCE|H_ACHECK|H_BINDLATE,	NULL	},
+	{ "content-transfer-encoding",	H_CTE,			NULL	},
+	{ "content-type",		H_CTYPE,		NULL	},
+	{ "content-length",		H_ACHECK,		NULL	},
+	{ "subject",			H_ENCODABLE,		NULL	},
+	{ "x-authentication-warning",	H_FORCE,		NULL	},
+
+	{ NULL,				0,			NULL	}
 };
 
 
@@ -121,6 +137,7 @@ struct prival PrivacyValues[] =
 	{ "noverb",		PRIV_NOVERB		},
 	{ "authwarnings",	PRIV_AUTHWARNINGS	},
 	{ "noreceipts",		PRIV_NORECEIPTS		},
+	{ "nobodyreturn",	PRIV_NOBODYRETN		},
 	{ "goaway",		PRIV_GOAWAY		},
 	{ NULL,			0			}
 };
@@ -172,6 +189,14 @@ struct dbsval DontBlameSendmailValues[] =
 					DBS_INCLUDEFILEINUNSAFEDIRPATHSAFE },
 	{ "runprograminunsafedirpath",	DBS_RUNPROGRAMINUNSAFEDIRPATH	},
 	{ "runwritableprogram",		DBS_RUNWRITABLEPROGRAM		},
+	{ "nonrootsafeaddr",		DBS_NONROOTSAFEADDR		},
+	{ "truststickybit",		DBS_TRUSTSTICKYBIT		},
+	{ "dontwarnforwardfileinunsafedirpath",
+					DBS_DONTWARNFORWARDFILEINUNSAFEDIRPATH },
+	{ "insufficiententropy",	DBS_INSUFFICIENTENTROPY },
+#if _FFR_UNSAFE_SASL
+	{ "groupreadablesaslfile",	DBS_GROUPREADABLESASLFILE	},
+#endif /* _FFR_UNSAFE_SASL */
 	{ NULL,				0				}
 };
 
@@ -202,39 +227,36 @@ int	DtableSize =	50;		/* max open files; reset in 4.2bsd */
 #define HOURS		* 60 MINUTES
 #define DAYS		* 24 HOURS
 
-#ifndef _PATH_VARTMP
-# define _PATH_VARTMP	"/usr/tmp/"
-#endif
-
 #ifndef MAXRULERECURSION
 # define MAXRULERECURSION	50	/* max ruleset recursion depth */
-#endif
+#endif /* ! MAXRULERECURSION */
 
 void
 setdefaults(e)
 	register ENVELOPE *e;
 {
 	int i;
+	int numprocs;
 	struct passwd *pw;
-	char buf[MAXNAME];
-	extern void setdefuser __P((void));
-	extern void setupmaps __P((void));
-	extern void setupmailers __P((void));
-	extern void setupheaders __P((void));
 
+	numprocs = get_num_procs_online();
 	SpaceSub = ' ';				/* option B */
-	QueueLA = 8;				/* option x */
-	RefuseLA = 12;				/* option X */
+	QueueLA = 8 * numprocs;			/* option x */
+	RefuseLA = 12 * numprocs;		/* option X */
 	WkRecipFact = 30000L;			/* option y */
 	WkClassFact = 1800L;			/* option z */
 	WkTimeFact = 90000L;			/* option Z */
 	QueueFactor = WkRecipFact * 20;		/* option q */
 	FileMode = (RealUid != geteuid()) ? 0644 : 0600;
 						/* option F */
-
-	if (((pw = getpwnam("mailnull")) != NULL && pw->pw_uid != 0) ||
-	    ((pw = getpwnam("sendmail")) != NULL && pw->pw_uid != 0) ||
-	    ((pw = getpwnam("daemon")) != NULL && pw->pw_uid != 0))
+#if _FFR_QUEUE_FILE_MODE
+	QueueFileMode = (RealUid != geteuid()) ? 0644 : 0600;
+						/* option QueueFileMode */
+#endif /* _FFR_QUEUE_FILE_MODE */
+
+	if (((pw = sm_getpwnam("mailnull")) != NULL && pw->pw_uid != 0) ||
+	    ((pw = sm_getpwnam("sendmail")) != NULL && pw->pw_uid != 0) ||
+	    ((pw = sm_getpwnam("daemon")) != NULL && pw->pw_uid != 0))
 	{
 		DefUid = pw->pw_uid;		/* option u */
 		DefGid = pw->pw_gid;		/* option g */
@@ -248,31 +270,36 @@ setdefaults(e)
 	}
 	TrustedUid = 0;
 	if (tTd(37, 4))
-		printf("setdefaults: DefUser=%s, DefUid=%d, DefGid=%d\n",
-		       DefUser != NULL ? DefUser : "<1:1>",
-		       (int) DefUid, (int) DefGid);
+		dprintf("setdefaults: DefUser=%s, DefUid=%d, DefGid=%d\n",
+			DefUser != NULL ? DefUser : "<1:1>",
+			(int) DefUid, (int) DefGid);
 	CheckpointInterval = 10;		/* option C */
 	MaxHopCount = 25;			/* option h */
-	e->e_sendmode = SM_FORK;		/* option d */
+	set_delivery_mode(SM_FORK, e);		/* option d */
 	e->e_errormode = EM_PRINT;		/* option e */
+	e->e_queuedir = NOQDIR;
+	e->e_ctime = curtime();
 	SevenBitInput = FALSE;			/* option 7 */
 	MaxMciCache = 1;			/* option k */
 	MciCacheTimeout = 5 MINUTES;		/* option K */
 	LogLevel = 9;				/* option L */
-	inittimeouts(NULL);			/* option r */
+	inittimeouts(NULL, FALSE);		/* option r */
 	PrivacyFlags = PRIV_PUBLIC;		/* option p */
-	DontBlameSendmail = DBS_SAFE;		/* DontBlameSendmail option */
+	MeToo = TRUE;				/* option m */
+	SendMIMEErrors = TRUE;			/* option f */
+	SuperSafe = TRUE;			/* option s */
+	clrbitmap(DontBlameSendmail);		/* DontBlameSendmail option */
 #if MIME8TO7
 	MimeMode = MM_CVTMIME|MM_PASS8BIT;	/* option 8 */
-#else
+#else /* MIME8TO7 */
 	MimeMode = MM_PASS8BIT;
-#endif
+#endif /* MIME8TO7 */
 	for (i = 0; i < MAXTOCLASS; i++)
 	{
 		TimeOuts.to_q_return[i] = 5 DAYS;	/* option T */
 		TimeOuts.to_q_warning[i] = 0;		/* option T */
 	}
-	ServiceSwitchFile = "/etc/service.switch";
+	ServiceSwitchFile = "/etc/mail/service.switch";
 	ServiceCacheMaxAge = (time_t) 10;
 	HostsFile = _PATH_HOSTS;
 	PidFile = newstr(_PATH_SENDMAILPID);
@@ -285,14 +312,35 @@ setdefaults(e)
 	DontLockReadFiles = TRUE;
 	DoubleBounceAddr = "postmaster";
 	MaxHeadersLength = MAXHDRSLEN;
-	snprintf(buf, sizeof buf, "%s%sdead.letter",
-		_PATH_VARTMP,
-		_PATH_VARTMP[sizeof _PATH_VARTMP - 2] == '/' ? "" : "/");
-	DeadLetterDrop = newstr(buf);
+	MaxForwardEntries = 0;
+#if SASL
+	AuthMechanisms = newstr(AUTH_MECHANISMS);
+#endif /* SASL */
 #ifdef HESIOD_INIT
 	HesiodContext = NULL;
-#endif
+#endif /* HESIOD_INIT */
+#if NETINET6
+	/* Detect if IPv6 is available at run time */
+	i = socket(AF_INET6, SOCK_STREAM, 0);
+	if (i >= 0)
+	{
+		InetMode = AF_INET6;
+		(void) close(i);
+	}
+	else
+		InetMode = AF_INET;
+#else /* NETINET6 */
+	InetMode = AF_INET;
+#endif /* NETINET6 */
 	ControlSocketName = NULL;
+	memset(&ConnectOnlyTo, '\0', sizeof ConnectOnlyTo);
+	DataFileBufferSize = 4096;
+	XscriptFileBufferSize = 4096;
+	for (i = 0; i < MAXRWSETS; i++)
+		RuleSetNames[i] = NULL;
+#if _FFR_MILTER
+	InputFilters[0] = NULL;
+#endif /* _FFR_MILTER */
 	setupmaps();
 	setupmailers();
 	setupheaders();
@@ -314,26 +362,30 @@ setdefuser()
 	snprintf(defuserbuf, sizeof defuserbuf, "%s",
 		defpwent == NULL ? "nobody" : defpwent->pw_name);
 	if (tTd(37, 4))
-		printf("setdefuser: DefUid=%d, DefUser=%s\n",
+		dprintf("setdefuser: DefUid=%d, DefUser=%s\n",
 		       (int) DefUid, DefUser);
 }
 /*
 **  SETUPMAILERS -- initialize default mailers
 */
 
-void
+static void
 setupmailers()
 {
 	char buf[100];
 
-	strcpy(buf, "prog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh -c \201u");
+	(void) strlcpy(buf, "prog, P=/bin/sh, F=lsoDq9, T=X-Unix/X-Unix/X-Unix, A=sh -c \201u",
+		sizeof buf);
 	makemailer(buf);
 
-	strcpy(buf, "*file*, P=[FILE], F=lsDFMPEouq9, T=DNS/RFC822/X-Unix, A=FILE \201u");
+	(void) strlcpy(buf, "*file*, P=[FILE], F=lsDFMPEouq9, T=X-Unix/X-Unix/X-Unix, A=FILE \201u",
+		sizeof buf);
 	makemailer(buf);
 
-	strcpy(buf, "*include*, P=/dev/null, F=su, A=INCLUDE \201u");
+	(void) strlcpy(buf, "*include*, P=/dev/null, F=su, A=INCLUDE \201u",
+		sizeof buf);
 	makemailer(buf);
+	initerrmailers();
 }
 /*
 **  SETUPMAPS -- set up map classes
@@ -357,7 +409,7 @@ setupmailers()
 		s->s_mapclass.map_store = store; \
 	}
 
-void
+static void
 setupmaps()
 {
 	register STAB *s;
@@ -370,55 +422,74 @@ setupmaps()
 	MAPDEF("btree", ".db", MCF_ALIASOK|MCF_REBUILDABLE,
 		map_parseargs, bt_map_open, db_map_close,
 		db_map_lookup, db_map_store);
-#endif
+#endif /* NEWDB */
 
 #ifdef NDBM
 	MAPDEF("dbm", ".dir", MCF_ALIASOK|MCF_REBUILDABLE,
 		map_parseargs, ndbm_map_open, ndbm_map_close,
 		ndbm_map_lookup, ndbm_map_store);
-#endif
+#endif /* NDBM */
 
 #ifdef NIS
 	MAPDEF("nis", NULL, MCF_ALIASOK,
 		map_parseargs, nis_map_open, null_map_close,
 		nis_map_lookup, null_map_store);
-#endif
+#endif /* NIS */
 
 #ifdef NISPLUS
 	MAPDEF("nisplus", NULL, MCF_ALIASOK,
 		map_parseargs, nisplus_map_open, null_map_close,
 		nisplus_map_lookup, null_map_store);
-#endif
+#endif /* NISPLUS */
+
 #ifdef LDAPMAP
-	MAPDEF("ldapx", NULL, 0,
-		ldap_map_parseargs, ldap_map_open, ldap_map_close,
-		ldap_map_lookup, null_map_store);
-#endif
+	MAPDEF("ldap", NULL, MCF_ALIASOK,
+		ldapmap_parseargs, ldapmap_open, ldapmap_close,
+		ldapmap_lookup, null_map_store);
+
+	/* Deprecated */
+	MAPDEF("ldapx", NULL, MCF_ALIASOK,
+		ldapx_map_parseargs, ldapmap_open, ldapmap_close,
+		ldapmap_lookup, null_map_store);
+#endif /* LDAPMAP */
+
+#ifdef PH_MAP
+	MAPDEF("ph", NULL, 0,
+		ph_map_parseargs, ph_map_open, ph_map_close,
+		ph_map_lookup, null_map_store);
+#endif /* PH_MAP */
+
+#if MAP_NSD
+	/* IRIX 6.5 nsd support */
+	MAPDEF("nsd", NULL, MCF_ALIASOK,
+	       map_parseargs, null_map_open, null_map_close,
+	       nsd_map_lookup, null_map_store);
+#endif /* MAP_NSD */
 
 #ifdef HESIOD
 	MAPDEF("hesiod", NULL, MCF_ALIASOK|MCF_ALIASONLY,
 		map_parseargs, hes_map_open, null_map_close,
 		hes_map_lookup, null_map_store);
-#endif
+#endif /* HESIOD */
 
 #if NETINFO
 	MAPDEF("netinfo", NULL, MCF_ALIASOK,
 		map_parseargs, ni_map_open, null_map_close,
 		ni_map_lookup, null_map_store);
-#endif
+#endif /* NETINFO */
 
 #if 0
 	MAPDEF("dns", NULL, 0,
 		dns_map_init, null_map_open, null_map_close,
 		dns_map_lookup, null_map_store);
-#endif
+#endif /* 0 */
 
 #if NAMED_BIND
 	/* best MX DNS lookup */
 	MAPDEF("bestmx", NULL, MCF_OPTFILE,
 		map_parseargs, null_map_open, null_map_close,
 		bestmx_map_lookup, null_map_store);
-#endif
+#endif /* NAMED_BIND */
 
 	MAPDEF("host", NULL, 0,
 		host_map_init, null_map_open, null_map_close,
@@ -450,14 +521,14 @@ setupmaps()
 	MAPDEF("regex", NULL, 0,
 		regex_map_init, null_map_open, null_map_close,
 		regex_map_lookup, null_map_store);
-#endif
+#endif /* MAP_REGEX */
 
 #if USERDB
 	/* user database */
 	MAPDEF("userdb", ".db", 0,
 		map_parseargs, null_map_open, null_map_close,
 		udb_map_lookup, null_map_store);
-#endif
+#endif /* USERDB */
 
 	/* arbitrary programs */
 	MAPDEF("program", NULL, MCF_ALIASOK,
@@ -479,12 +550,28 @@ setupmaps()
 		map_parseargs, null_map_open, null_map_close,
 		null_map_lookup, null_map_store);
 
-#if _FFR_MAP_SYSLOG
 	/* syslog map -- logs information to syslog */
 	MAPDEF("syslog", NULL, 0,
-	       syslog_map_parseargs, null_map_open, null_map_close,
-	       syslog_map_lookup, null_map_store);
-#endif
+		syslog_map_parseargs, null_map_open, null_map_close,
+		syslog_map_lookup, null_map_store);
+
+	/* macro storage map -- rulesets can set macros */
+	MAPDEF("macro", NULL, 0,
+		dequote_init, null_map_open, null_map_close,
+		macro_map_lookup, null_map_store);
+
+	/* arithmetic map -- add/subtract/compare */
+	MAPDEF("arith", NULL, 0,
+		dequote_init, null_map_open, null_map_close,
+		arith_map_lookup, null_map_store);
+
+	if (tTd(38, 2))
+	{
+		/* bogus map -- always return tempfail */
+		MAPDEF("bogus",	NULL, MCF_ALIASOK|MCF_OPTFILE,
+		       map_parseargs, null_map_open, null_map_close,
+		       bogus_map_lookup, null_map_store);
+	}
 }
 
 #undef MAPDEF
@@ -528,43 +615,47 @@ inithostmaps()
 		if (strcmp(maptype[i], "files") == 0 &&
 		    stab("hosts.files", ST_MAP, ST_FIND) == NULL)
 		{
-			strcpy(buf, "hosts.files text -k 0 -v 1 /etc/hosts");
+			(void) strlcpy(buf, "hosts.files text -k 0 -v 1 /etc/hosts",
+				sizeof buf);
 			(void) makemapentry(buf);
 		}
-#if NAMED_BIND
+# if NAMED_BIND
 		else if (strcmp(maptype[i], "dns") == 0 &&
 		    stab("hosts.dns", ST_MAP, ST_FIND) == NULL)
 		{
-			strcpy(buf, "hosts.dns dns A");
+			(void) strlcpy(buf, "hosts.dns dns A", sizeof buf);
 			(void) makemapentry(buf);
 		}
-#endif
-#ifdef NISPLUS
+# endif /* NAMED_BIND */
+# ifdef NISPLUS
 		else if (strcmp(maptype[i], "nisplus") == 0 &&
 		    stab("hosts.nisplus", ST_MAP, ST_FIND) == NULL)
 		{
-			strcpy(buf, "hosts.nisplus nisplus -k name -v address -d hosts.org_dir");
+			(void) strlcpy(buf, "hosts.nisplus nisplus -k name -v address hosts.org_dir",
+				sizeof buf);
 			(void) makemapentry(buf);
 		}
-#endif
-#ifdef NIS
+# endif /* NISPLUS */
+# ifdef NIS
 		else if (strcmp(maptype[i], "nis") == 0 &&
 		    stab("hosts.nis", ST_MAP, ST_FIND) == NULL)
 		{
-			strcpy(buf, "hosts.nis nis -d -k 0 -v 1 hosts.byname");
+			(void) strlcpy(buf, "hosts.nis nis -k 0 -v 1 hosts.byname",
+				sizeof buf);
 			(void) makemapentry(buf);
 		}
-#endif
-#if NETINFO
+# endif /* NIS */
+# if NETINFO
 		else if (strcmp(maptype[i], "netinfo") == 0) &&
 		    stab("hosts.netinfo", ST_MAP, ST_FIND) == NULL)
 		{
-			strcpy(buf, "hosts.netinfo netinfo -v name /machines");
+			(void) strlcpy(buf, "hosts.netinfo netinfo -v name /machines",
+				sizeof buf);
 			(void) makemapentry(buf);
 		}
-#endif
+# endif /* NETINFO */
 	}
-#endif
+#endif /* 0 */
 
 	/*
 	**  Make sure we have a host map.
@@ -573,11 +664,11 @@ inithostmaps()
 	if (stab("host", ST_MAP, ST_FIND) == NULL)
 	{
 		/* user didn't initialize: set up host map */
-		strcpy(buf, "host host");
+		(void) strlcpy(buf, "host host", sizeof buf);
 #if NAMED_BIND
 		if (ConfigLevel >= 2)
-			strcat(buf, " -a.");
-#endif
+			(void) strlcat(buf, " -a. -D", sizeof buf);
+#endif /* NAMED_BIND */
 		(void) makemapentry(buf);
 	}
 
@@ -591,45 +682,49 @@ inithostmaps()
 		if (strcmp(maptype[i], "files") == 0 &&
 		    stab("aliases.files", ST_MAP, ST_FIND) == NULL)
 		{
-			strcpy(buf, "aliases.files null");
+			(void) strlcpy(buf, "aliases.files null", sizeof buf);
 			(void) makemapentry(buf);
 		}
 #ifdef NISPLUS
 		else if (strcmp(maptype[i], "nisplus") == 0 &&
 		    stab("aliases.nisplus", ST_MAP, ST_FIND) == NULL)
 		{
-			strcpy(buf, "aliases.nisplus nisplus -kalias -vexpansion -d mail_aliases.org_dir");
+			(void) strlcpy(buf, "aliases.nisplus nisplus -kalias -vexpansion mail_aliases.org_dir",
+				sizeof buf);
 			(void) makemapentry(buf);
 		}
-#endif
+#endif /* NISPLUS */
 #ifdef NIS
 		else if (strcmp(maptype[i], "nis") == 0 &&
 		    stab("aliases.nis", ST_MAP, ST_FIND) == NULL)
 		{
-			strcpy(buf, "aliases.nis nis -d mail.aliases");
+			(void) strlcpy(buf, "aliases.nis nis mail.aliases",
+				sizeof buf);
 			(void) makemapentry(buf);
 		}
-#endif
-#ifdef NETINFO
+#endif /* NIS */
+#if NETINFO
 		else if (strcmp(maptype[i], "netinfo") == 0 &&
 		    stab("aliases.netinfo", ST_MAP, ST_FIND) == NULL)
 		{
-			strcpy(buf, "aliases.netinfo netinfo -z, /aliases");
+			(void) strlcpy(buf, "aliases.netinfo netinfo -z, /aliases",
+				sizeof buf);
 			(void) makemapentry(buf);
 		}
-#endif
+#endif /* NETINFO */
 #ifdef HESIOD
 		else if (strcmp(maptype[i], "hesiod") == 0 &&
 		    stab("aliases.hesiod", ST_MAP, ST_FIND) == NULL)
 		{
-			strcpy(buf, "aliases.hesiod hesiod aliases");
+			(void) strlcpy(buf, "aliases.hesiod hesiod aliases",
+				sizeof buf);
 			(void) makemapentry(buf);
 		}
-#endif
+#endif /* HESIOD */
 	}
 	if (stab("aliases", ST_MAP, ST_FIND) == NULL)
 	{
-		strcpy(buf, "aliases switch aliases");
+		(void) strlcpy(buf, "aliases switch aliases", sizeof buf);
 		(void) makemapentry(buf);
 	}
 
@@ -644,40 +739,43 @@ inithostmaps()
 		if (strcmp(maptype[i], "files") == 0 &&
 		    stab("users.files", ST_MAP, ST_FIND) == NULL)
 		{
-			strcpy(buf, "users.files text -m -z: -k0 -v6 /etc/passwd");
+			(void) strlcpy(buf, "users.files text -m -z: -k0 -v6 /etc/passwd",
+				sizeof buf);
 			(void) makemapentry(buf);
 		}
-#ifdef NISPLUS
+# ifdef NISPLUS
 		else if (strcmp(maptype[i], "nisplus") == 0 &&
 		    stab("users.nisplus", ST_MAP, ST_FIND) == NULL)
 		{
-			strcpy(buf, "users.nisplus nisplus -m -kname -vhome -d passwd.org_dir");
+			(void) strlcpy(buf, "users.nisplus nisplus -m -kname -vhome passwd.org_dir",
+				sizeof buf);
 			(void) makemapentry(buf);
 		}
-#endif
-#ifdef NIS
+# endif /* NISPLUS */
+# ifdef NIS
 		else if (strcmp(maptype[i], "nis") == 0 &&
 		    stab("users.nis", ST_MAP, ST_FIND) == NULL)
 		{
-			strcpy(buf, "users.nis nis -m -d passwd.byname");
+			(void) strlcpy(buf, "users.nis nis -m passwd.byname",
+				sizeof buf);
 			(void) makemapentry(buf);
 		}
-#endif
-#ifdef HESIOD
+# endif /* NIS */
+# ifdef HESIOD
 		else if (strcmp(maptype[i], "hesiod") == 0) &&
 		    stab("users.hesiod", ST_MAP, ST_FIND) == NULL)
 		{
-			strcpy(buf, "users.hesiod hesiod");
+			(void) strlcpy(buf, "users.hesiod hesiod", sizeof buf);
 			(void) makemapentry(buf);
 		}
-#endif
+# endif /* HESIOD */
 	}
 	if (stab("users", ST_MAP, ST_FIND) == NULL)
 	{
-		strcpy(buf, "users switch -m passwd");
+		(void) strlcpy(buf, "users switch -m passwd", sizeof buf);
 		(void) makemapentry(buf);
 	}
-#endif
+#endif /* 0 */
 }
 /*
 **  SWITCH_MAP_FIND -- find the list of types associated with a map
@@ -694,23 +792,26 @@ inithostmaps()
 **
 **	Returns:
 **		The number of map types filled in, or -1 for failure.
+**
+**	Side effects:
+**		Preserves errno so nothing in the routine clobbers it.
 */
 
 #if defined(SOLARIS) || (defined(sony_news) && defined(__svr4))
 # define _USE_SUN_NSSWITCH_
-#endif
+#endif /* defined(SOLARIS) || (defined(sony_news) && defined(__svr4)) */
 
 #ifdef _USE_SUN_NSSWITCH_
 # include <nsswitch.h>
-#endif
+#endif /* _USE_SUN_NSSWITCH_ */
 
 #if defined(ultrix) || (defined(__osf__) && defined(__alpha))
 # define _USE_DEC_SVC_CONF_
-#endif
+#endif /* defined(ultrix) || (defined(__osf__) && defined(__alpha)) */
 
 #ifdef _USE_DEC_SVC_CONF_
 # include <sys/svcinfo.h>
-#endif
+#endif /* _USE_DEC_SVC_CONF_ */
 
 int
 switch_map_find(service, maptype, mapreturn)
@@ -719,6 +820,7 @@ switch_map_find(service, maptype, mapreturn)
 	short mapreturn[MAXMAPACTIONS];
 {
 	int svcno;
+	int save_errno = errno;
 
 #ifdef _USE_SUN_NSSWITCH_
 	struct __nsw_switchconfig *nsw_conf;
@@ -749,8 +851,9 @@ switch_map_find(service, maptype, mapreturn)
 		svcno++;
 		lk = lk->next;
 	}
+	errno = save_errno;
 	return svcno;
-#endif
+#endif /* _USE_SUN_NSSWITCH_ */
 
 #ifdef _USE_DEC_SVC_CONF_
 	struct svcinfo *svcinfo;
@@ -769,7 +872,10 @@ switch_map_find(service, maptype, mapreturn)
 	else if (strcmp(service, "passwd") == 0)
 		svc = SVC_PASSWD;
 	else
+	{
+		errno = save_errno;
 		return -1;
+	}
 	for (svcno = 0; svcno < SVC_PATHSIZE; svcno++)
 	{
 		switch (svcinfo->svcpath[svc][svcno])
@@ -786,18 +892,20 @@ switch_map_find(service, maptype, mapreturn)
 			maptype[svcno] = "dns";
 			break;
 
-#ifdef SVC_HESIOD
+# ifdef SVC_HESIOD
 		  case SVC_HESIOD:
 			maptype[svcno] = "hesiod";
 			break;
-#endif
+# endif /* SVC_HESIOD */
 
 		  case SVC_LAST:
+			errno = save_errno;
 			return svcno;
 		}
 	}
+	errno = save_errno;
 	return svcno;
-#endif
+#endif /* _USE_DEC_SVC_CONF_ */
 
 #if !defined(_USE_SUN_NSSWITCH_) && !defined(_USE_DEC_SVC_CONF_)
 	/*
@@ -814,9 +922,10 @@ switch_map_find(service, maptype, mapreturn)
 	{
 		/* (re)read service switch */
 		register FILE *fp;
-		int sff = SFF_REGONLY|SFF_OPENASROOT|SFF_NOLOCK;
+		long sff = SFF_REGONLY|SFF_OPENASROOT|SFF_NOLOCK;
 
-		if (!bitset(DBS_LINKEDSERVICESWITCHFILEINWRITABLEDIR, DontBlameSendmail))
+		if (!bitnset(DBS_LINKEDSERVICESWITCHFILEINWRITABLEDIR,
+			    DontBlameSendmail))
 			sff |= SFF_NOWLINK;
 
 		if (ConfigFileRead)
@@ -878,7 +987,7 @@ switch_map_find(service, maptype, mapreturn)
 				if (svcno < MAXMAPSTACK)
 					st->s_service[svcno] = NULL;
 			}
-			fclose(fp);
+			(void) fclose(fp);
 		}
 	}
 
@@ -894,46 +1003,56 @@ switch_map_find(service, maptype, mapreturn)
 			if (maptype[svcno++] == NULL)
 				break;
 		}
+		errno = save_errno;
 		return --svcno;
 	}
-#endif
+#endif /* !defined(_USE_SUN_NSSWITCH_) && !defined(_USE_DEC_SVC_CONF_) */
 
 #if !defined(_USE_SUN_NSSWITCH_)
 	/* if the service file doesn't work, use an absolute fallback */
 # ifdef _USE_DEC_SVC_CONF_
   punt:
-# endif
+# endif /* _USE_DEC_SVC_CONF_ */
 	for (svcno = 0; svcno < MAXMAPACTIONS; svcno++)
 		mapreturn[svcno] = 0;
 	svcno = 0;
 	if (strcmp(service, "aliases") == 0)
 	{
 		maptype[svcno++] = "files";
+# if defined(AUTO_NETINFO_ALIASES) && defined (NETINFO)
+		maptype[svcno++] = "netinfo";
+# endif /* defined(AUTO_NETINFO_ALIASES) && defined (NETINFO) */
 # ifdef AUTO_NIS_ALIASES
 #  ifdef NISPLUS
 		maptype[svcno++] = "nisplus";
-#  endif
+#  endif /* NISPLUS */
 #  ifdef NIS
 		maptype[svcno++] = "nis";
-#  endif
-# endif
+#  endif /* NIS */
+# endif /* AUTO_NIS_ALIASES */
+		errno = save_errno;
 		return svcno;
 	}
 	if (strcmp(service, "hosts") == 0)
 	{
-#  if NAMED_BIND
+# if NAMED_BIND
 		maptype[svcno++] = "dns";
-#  else
-#   if defined(sun) && !defined(BSD)
+# else /* NAMED_BIND */
+#  if defined(sun) && !defined(BSD)
 		/* SunOS */
 		maptype[svcno++] = "nis";
-#   endif
-#  endif
+#  endif /* defined(sun) && !defined(BSD) */
+# endif /* NAMED_BIND */
+# if defined(AUTO_NETINFO_HOSTS) && defined (NETINFO)
+		maptype[svcno++] = "netinfo";
+# endif /* defined(AUTO_NETINFO_HOSTS) && defined (NETINFO) */
 		maptype[svcno++] = "files";
+		errno = save_errno;
 		return svcno;
 	}
+	errno = save_errno;
 	return -1;
-#endif
+#endif /* !defined(_USE_SUN_NSSWITCH_) */
 }
 /*
 **  USERNAME -- return the user id of the logged in user.
@@ -983,12 +1102,12 @@ username()
 		}
 		if (myname == NULL || myname[0] == '\0')
 		{
-			syserr("554 Who are you?");
+			syserr("554 5.3.0 Who are you?");
 			myname = "postmaster";
 		}
 	}
 
-	return (myname);
+	return myname;
 }
 /*
 **  TTYPATH -- Get the path of the user's tty
@@ -1027,22 +1146,22 @@ ttypath()
 	    (pathn = ttyname(0)) == NULL)
 	{
 		errno = 0;
-		return (NULL);
+		return NULL;
 	}
 
 	/* see if we have write permission */
 	if (stat(pathn, &stbuf) < 0 || !bitset(S_IWOTH, stbuf.st_mode))
 	{
 		errno = 0;
-		return (NULL);
+		return NULL;
 	}
 
 	/* see if the user is logged in */
 	if (getlogin() == NULL)
-		return (NULL);
+		return NULL;
 
 	/* looks good */
-	return (pathn);
+	return pathn;
 }
 /*
 **  CHECKCOMPAT -- check for From and To person compatible.
@@ -1077,16 +1196,11 @@ checkcompat(to, e)
 	register ADDRESS *to;
 	register ENVELOPE *e;
 {
-# ifdef lint
-	if (to == NULL)
-		to++;
-# endif /* lint */
-
 	if (tTd(49, 1))
-		printf("checkcompat(to=%s, from=%s)\n",
+		dprintf("checkcompat(to=%s, from=%s)\n",
 			to->q_paddr, e->e_from.q_paddr);
 
-# ifdef EXAMPLE_CODE
+#ifdef EXAMPLE_CODE
 	/* this code is intended as an example only */
 	register STAB *s;
 
@@ -1095,12 +1209,12 @@ checkcompat(to, e)
 	    to->q_mailer == s->s_mailer)
 	{
 		usrerr("553 No ARPA mail through this machine: see your system administration");
-		/* e->e_flags |= EF_NO_BODY_RETN; to supress body on return */
+		/* e->e_flags |= EF_NO_BODY_RETN; to suppress body on return */
 		to->q_status = "5.7.1";
-		return (EX_UNAVAILABLE);
+		return EX_UNAVAILABLE;
 	}
-# endif /* EXAMPLE_CODE */
-	return (EX_OK);
+#endif /* EXAMPLE_CODE */
+	return EX_OK;
 }
 /*
 **  SETSIGNAL -- set a signal handler
@@ -1113,29 +1227,54 @@ setsignal(sig, handler)
 	int sig;
 	sigfunc_t handler;
 {
-#if defined(SYS5SIGNALS) || defined(BSD4_3)
-# ifdef BSD4_3
-	return signal(sig, handler);
-# else
-	return sigset(sig, handler);
-# endif
-#else
+	/*
+	**  First, try for modern signal calls
+	**  and restartable syscalls
+	*/
+
+# ifdef SA_RESTART
 	struct sigaction n, o;
 
-	bzero(&n, sizeof n);
-# if USE_SA_SIGACTION
+	memset(&n, '\0', sizeof n);
+#  if USE_SA_SIGACTION
 	n.sa_sigaction = (void(*)(int, siginfo_t *, void *)) handler;
 	n.sa_flags = SA_RESTART|SA_SIGINFO;
-# else
+#  else /* USE_SA_SIGACTION */
 	n.sa_handler = handler;
-#  ifdef SA_RESTART
 	n.sa_flags = SA_RESTART;
-#  endif
-# endif
+#  endif /* USE_SA_SIGACTION */
 	if (sigaction(sig, &n, &o) < 0)
 		return SIG_ERR;
 	return o.sa_handler;
-#endif
+# else /* SA_RESTART */
+
+	/*
+	**  Else check for SYS5SIGNALS or
+	**  BSD4_3 signals
+	*/
+
+#  if defined(SYS5SIGNALS) || defined(BSD4_3)
+#   ifdef BSD4_3
+	return signal(sig, handler);
+#   else /* BSD4_3 */
+	return sigset(sig, handler);
+#   endif /* BSD4_3 */
+#  else /* defined(SYS5SIGNALS) || defined(BSD4_3) */
+
+	/*
+	**  Finally, if nothing else is available,
+	**  go for a default
+	*/
+
+	struct sigaction n, o;
+
+	memset(&n, '\0', sizeof n);
+	n.sa_handler = handler;
+	if (sigaction(sig, &n, &o) < 0)
+		return SIG_ERR;
+	return o.sa_handler;
+#  endif /* defined(SYS5SIGNALS) || defined(BSD4_3) */
+# endif /* SA_RESTART */
 }
 /*
 **  BLOCKSIGNAL -- hold a signal to prevent delivery
@@ -1153,13 +1292,13 @@ int
 blocksignal(sig)
 	int sig;
 {
-#ifdef BSD4_3
-# ifndef sigmask
-#  define sigmask(s)	(1 << ((s) - 1))
-# endif
+# ifdef BSD4_3
+#  ifndef sigmask
+#   define sigmask(s)	(1 << ((s) - 1))
+#  endif /* ! sigmask */
 	return (sigblock(sigmask(sig)) & sigmask(sig)) != 0;
-#else
-# ifdef ALTOS_SYSTEM_V
+# else /* BSD4_3 */
+#  ifdef ALTOS_SYSTEM_V
 	sigfunc_t handler;
 
 	handler = sigset(sig, SIG_HOLD);
@@ -1167,17 +1306,17 @@ blocksignal(sig)
 		return -1;
 	else
 		return handler == SIG_HOLD;
-# else
+#  else /* ALTOS_SYSTEM_V */
 	sigset_t sset, oset;
 
-	sigemptyset(&sset);
-	sigaddset(&sset, sig);
+	(void) sigemptyset(&sset);
+	(void) sigaddset(&sset, sig);
 	if (sigprocmask(SIG_BLOCK, &sset, &oset) < 0)
 		return -1;
 	else
 		return sigismember(&oset, sig);
-# endif
-#endif
+#  endif /* ALTOS_SYSTEM_V */
+# endif /* BSD4_3 */
 }
 /*
 **  RELEASESIGNAL -- release a held signal
@@ -1195,10 +1334,10 @@ int
 releasesignal(sig)
 	int sig;
 {
-#ifdef BSD4_3
+# ifdef BSD4_3
 	return (sigsetmask(sigblock(0) & ~sigmask(sig)) & sigmask(sig)) != 0;
-#else
-# ifdef ALTOS_SYSTEM_V
+# else /* BSD4_3 */
+#  ifdef ALTOS_SYSTEM_V
 	sigfunc_t handler;
 
 	handler = sigset(sig, SIG_HOLD);
@@ -1206,17 +1345,17 @@ releasesignal(sig)
 		return -1;
 	else
 		return handler == SIG_HOLD;
-# else
+#  else /* ALTOS_SYSTEM_V */
 	sigset_t sset, oset;
 
-	sigemptyset(&sset);
-	sigaddset(&sset, sig);
+	(void) sigemptyset(&sset);
+	(void) sigaddset(&sset, sig);
 	if (sigprocmask(SIG_UNBLOCK, &sset, &oset) < 0)
 		return -1;
 	else
 		return sigismember(&oset, sig);
-# endif
-#endif
+#  endif /* ALTOS_SYSTEM_V */
+# endif /* BSD4_3 */
 }
 /*
 **  HOLDSIGS -- arrange to hold all signals
@@ -1263,11 +1402,11 @@ rlsesigs()
 
 #ifdef _AUX_SOURCE
 # include <compat.h>
-#endif
+#endif /* _AUX_SOURCE */
 
 #if SHARE_V1
 # include <shares.h>
-#endif
+#endif /* SHARE_V1 */
 
 void
 init_md(argc, argv)
@@ -1276,16 +1415,16 @@ init_md(argc, argv)
 {
 #ifdef _AUX_SOURCE
 	setcompat(getcompat() | COMPAT_BSDPROT);
-#endif
+#endif /* _AUX_SOURCE */
 
 #ifdef SUN_EXTENSIONS
 	init_md_sun();
-#endif
+#endif /* SUN_EXTENSIONS */
 
 #if _CONVEX_SOURCE
 	/* keep gethostby*() from stripping the local domain name */
 	set_domain_trim_off();
-#endif
+#endif /* _CONVEX_SOURCE */
 #ifdef __QNX__
 	/*
 	**  Due to QNX's network distributed nature, you can target a tcpip
@@ -1294,7 +1433,7 @@ init_md(argc, argv)
 	**  environment is clear.
 	*/
 	__sock_locate();
-#endif
+#endif /* __QNX__ */
 #if SECUREWARE || defined(_SCO_unix_)
 	set_auth_parameters(argc, argv);
 
@@ -1307,14 +1446,15 @@ init_md(argc, argv)
 
 	if (getluid() == -1)
 		setluid(0);
-# endif
-#endif
+# endif /* _SCO_unix_ */
+#endif /* SECUREWARE || defined(_SCO_unix_) */
+
 
 #ifdef VENDOR_DEFAULT
 	VendorCode = VENDOR_DEFAULT;
-#else
+#else /* VENDOR_DEFAULT */
 	VendorCode = VENDOR_BERKELEY;
-#endif
+#endif /* VENDOR_DEFAULT */
 }
 /*
 **  INIT_VENDOR_MACROS -- vendor-dependent macro initializations
@@ -1370,167 +1510,171 @@ init_vendor_macros(e)
 /* do guesses based on general OS type */
 #ifndef LA_TYPE
 # define LA_TYPE	LA_ZERO
-#endif
+#endif /* ! LA_TYPE */
 
 #ifndef FSHIFT
 # if defined(unixpc)
 #  define FSHIFT	5
-# endif
+# endif /* defined(unixpc) */
 
 # if defined(__alpha) || defined(IRIX)
 #  define FSHIFT	10
-# endif
+# endif /* defined(__alpha) || defined(IRIX) */
 
-#endif
+#endif /* ! FSHIFT */
 
 #ifndef FSHIFT
 # define FSHIFT		8
-#endif
+#endif /* ! FSHIFT */
 
 #ifndef FSCALE
 # define FSCALE		(1 << FSHIFT)
-#endif
+#endif /* ! FSCALE */
 
 #ifndef LA_AVENRUN
 # ifdef SYSTEM5
 #  define LA_AVENRUN	"avenrun"
-# else
+# else /* SYSTEM5 */
 #  define LA_AVENRUN	"_avenrun"
-# endif
-#endif
+# endif /* SYSTEM5 */
+#endif /* ! LA_AVENRUN */
 
 /* _PATH_KMEM should be defined in <paths.h> */
 #ifndef _PATH_KMEM
 # define _PATH_KMEM	"/dev/kmem"
-#endif
+#endif /* ! _PATH_KMEM */
 
 #if (LA_TYPE == LA_INT) || (LA_TYPE == LA_FLOAT) || (LA_TYPE == LA_SHORT)
 
-#include <nlist.h>
+# include <nlist.h>
 
 /* _PATH_UNIX should be defined in <paths.h> */
-#ifndef _PATH_UNIX
-# if defined(SYSTEM5)
-#  define _PATH_UNIX	"/unix"
-# else
-#  define _PATH_UNIX	"/vmunix"
-# endif
-#endif
-
-#ifdef _AUX_SOURCE
+# ifndef _PATH_UNIX
+#  if defined(SYSTEM5)
+#   define _PATH_UNIX	"/unix"
+#  else /* defined(SYSTEM5) */
+#   define _PATH_UNIX	"/vmunix"
+#  endif /* defined(SYSTEM5) */
+# endif /* ! _PATH_UNIX */
+
+# ifdef _AUX_SOURCE
 struct nlist	Nl[2];
-#else
+# else /* _AUX_SOURCE */
 struct nlist	Nl[] =
 {
 	{ LA_AVENRUN },
 	{ 0 },
 };
-#endif
-#define	X_AVENRUN	0
+# endif /* _AUX_SOURCE */
+# define X_AVENRUN	0
 
-int
+static int
 getla()
 {
 	static int kmem = -1;
-#if LA_TYPE == LA_INT
+# if LA_TYPE == LA_INT
 	long avenrun[3];
-#else
-# if LA_TYPE == LA_SHORT
+# else /* LA_TYPE == LA_INT */
+#  if LA_TYPE == LA_SHORT
 	short avenrun[3];
-# else
+#  else /* LA_TYPE == LA_SHORT */
 	double avenrun[3];
-# endif
-#endif
+#  endif /* LA_TYPE == LA_SHORT */
+# endif /* LA_TYPE == LA_INT */
 	extern int errno;
 	extern off_t lseek();
 
 	if (kmem < 0)
 	{
-#ifdef _AUX_SOURCE
-		strcpy(Nl[X_AVENRUN].n_name, LA_AVENRUN);
+# ifdef _AUX_SOURCE
+		(void) strlcpy(Nl[X_AVENRUN].n_name, LA_AVENRUN,
+			       sizeof Nl[X_AVENRUN].n_name);
 		Nl[1].n_name[0] = '\0';
-#endif
+# endif /* _AUX_SOURCE */
 
-#if defined(_AIX3) || defined(_AIX4)
+# if defined(_AIX3) || defined(_AIX4)
 		if (knlist(Nl, 1, sizeof Nl[0]) < 0)
-#else
+# else /* defined(_AIX3) || defined(_AIX4) */
 		if (nlist(_PATH_UNIX, Nl) < 0)
-#endif
+# endif /* defined(_AIX3) || defined(_AIX4) */
 		{
 			if (tTd(3, 1))
-				printf("getla: nlist(%s): %s\n", _PATH_UNIX,
+				dprintf("getla: nlist(%s): %s\n", _PATH_UNIX,
 					errstring(errno));
-			return (-1);
+			return -1;
 		}
 		if (Nl[X_AVENRUN].n_value == 0)
 		{
 			if (tTd(3, 1))
-				printf("getla: nlist(%s, %s) ==> 0\n",
+				dprintf("getla: nlist(%s, %s) ==> 0\n",
 					_PATH_UNIX, LA_AVENRUN);
-			return (-1);
+			return -1;
 		}
-#ifdef NAMELISTMASK
+# ifdef NAMELISTMASK
 		Nl[X_AVENRUN].n_value &= NAMELISTMASK;
-#endif
+# endif /* NAMELISTMASK */
 
 		kmem = open(_PATH_KMEM, 0, 0);
 		if (kmem < 0)
 		{
 			if (tTd(3, 1))
-				printf("getla: open(/dev/kmem): %s\n",
+				dprintf("getla: open(/dev/kmem): %s\n",
 					errstring(errno));
-			return (-1);
+			return -1;
 		}
-		(void) fcntl(kmem, F_SETFD, 1);
+		(void) fcntl(kmem, F_SETFD, FD_CLOEXEC);
 	}
 	if (tTd(3, 20))
-		printf("getla: symbol address = %#lx\n",
+		dprintf("getla: symbol address = %#lx\n",
 			(u_long) Nl[X_AVENRUN].n_value);
 	if (lseek(kmem, (off_t) Nl[X_AVENRUN].n_value, SEEK_SET) == -1 ||
 	    read(kmem, (char *) avenrun, sizeof(avenrun)) < sizeof(avenrun))
 	{
 		/* thank you Ian */
 		if (tTd(3, 1))
-			printf("getla: lseek or read: %s\n", errstring(errno));
-		return (-1);
+			dprintf("getla: lseek or read: %s\n",
+				errstring(errno));
+		return -1;
 	}
 # if (LA_TYPE == LA_INT) || (LA_TYPE == LA_SHORT)
 	if (tTd(3, 5))
 	{
 #  if LA_TYPE == LA_SHORT
-		printf("getla: avenrun = %d", avenrun[0]);
+		dprintf("getla: avenrun = %d", avenrun[0]);
 		if (tTd(3, 15))
-			printf(", %d, %d", avenrun[1], avenrun[2]);
-#  else
-		printf("getla: avenrun = %ld", avenrun[0]);
+			dprintf(", %d, %d", avenrun[1], avenrun[2]);
+#  else /* LA_TYPE == LA_SHORT */
+		dprintf("getla: avenrun = %ld", avenrun[0]);
 		if (tTd(3, 15))
-			printf(", %ld, %ld", avenrun[1], avenrun[2]);
-#  endif
-		printf("\n");
+			dprintf(", %ld, %ld", avenrun[1], avenrun[2]);
+#  endif /* LA_TYPE == LA_SHORT */
+		dprintf("\n");
 	}
 	if (tTd(3, 1))
-		printf("getla: %d\n", (int) (avenrun[0] + FSCALE/2) >> FSHIFT);
+		dprintf("getla: %d\n",
+			(int) (avenrun[0] + FSCALE/2) >> FSHIFT);
 	return ((int) (avenrun[0] + FSCALE/2) >> FSHIFT);
-# else /* LA_TYPE == LA_FLOAT */
+# else /* (LA_TYPE == LA_INT) || (LA_TYPE == LA_SHORT) */
 	if (tTd(3, 5))
 	{
-		printf("getla: avenrun = %g", avenrun[0]);
+		dprintf("getla: avenrun = %g", avenrun[0]);
 		if (tTd(3, 15))
-			printf(", %g, %g", avenrun[1], avenrun[2]);
-		printf("\n");
+			dprintf(", %g, %g", avenrun[1], avenrun[2]);
+		dprintf("\n");
 	}
 	if (tTd(3, 1))
-		printf("getla: %d\n", (int) (avenrun[0] +0.5));
+		dprintf("getla: %d\n", (int) (avenrun[0] +0.5));
 	return ((int) (avenrun[0] + 0.5));
-# endif
+# endif /* (LA_TYPE == LA_INT) || (LA_TYPE == LA_SHORT) */
 }
 
-#endif /* LA_TYPE == LA_INT or LA_SHORT or LA_FLOAT */
+#endif /* (LA_TYPE == LA_INT) || (LA_TYPE == LA_FLOAT) || (LA_TYPE == LA_SHORT) */
 
 #if LA_TYPE == LA_READKSYM
 
 # include <sys/ksym.h>
 
+static int
 getla()
 {
 	static int kmem = -1;
@@ -1544,11 +1688,11 @@ getla()
 		if (kmem < 0)
 		{
 			if (tTd(3, 1))
-				printf("getla: open(/dev/kmem): %s\n",
+				dprintf("getla: open(/dev/kmem): %s\n",
 					errstring(errno));
-			return (-1);
+			return -1;
 		}
-		(void) fcntl(kmem, F_SETFD, 1);
+		(void) fcntl(kmem, F_SETFD, FD_CLOEXEC);
 	}
 	mirk.mirk_symname = LA_AVENRUN;
 	mirk.mirk_buf = avenrun;
@@ -1556,19 +1700,20 @@ getla()
 	if (ioctl(kmem, MIOC_READKSYM, &mirk) < 0)
 	{
 		if (tTd(3, 1))
-			printf("getla: ioctl(MIOC_READKSYM) failed: %s\n",
+			dprintf("getla: ioctl(MIOC_READKSYM) failed: %s\n",
 				errstring(errno));
 		return -1;
 	}
 	if (tTd(3, 5))
 	{
-		printf("getla: avenrun = %d", avenrun[0]);
+		dprintf("getla: avenrun = %d", avenrun[0]);
 		if (tTd(3, 15))
-			printf(", %d, %d", avenrun[1], avenrun[2]);
-		printf("\n");
+			dprintf(", %d, %d", avenrun[1], avenrun[2]);
+		dprintf("\n");
 	}
 	if (tTd(3, 1))
-		printf("getla: %d\n", (int) (avenrun[0] + FSCALE/2) >> FSHIFT);
+		dprintf("getla: %d\n",
+			(int) (avenrun[0] + FSCALE/2) >> FSHIFT);
 	return ((int) (avenrun[0] + FSCALE/2) >> FSHIFT);
 }
 
@@ -1578,7 +1723,7 @@ getla()
 
 # include <sys/dg_sys_info.h>
 
-int
+static int
 getla()
 {
 	struct dg_sys_info_load_info load_info;
@@ -1587,9 +1732,9 @@ getla()
 		DG_SYS_INFO_LOAD_INFO_TYPE, DG_SYS_INFO_LOAD_VERSION_0);
 
 	if (tTd(3, 1))
-		printf("getla: %d\n", (int) (load_info.one_minute + 0.5));
+		dprintf("getla: %d\n", (int) (load_info.one_minute + 0.5));
 
-	return((int) (load_info.one_minute + 0.5));
+	return ((int) (load_info.one_minute + 0.5));
 }
 
 #endif /* LA_TYPE == LA_DGUX */
@@ -1609,7 +1754,7 @@ struct pst_swapinfo;
 # include <sys/param.h>
 # include <sys/pstat.h>
 
-int
+static int
 getla()
 {
 	struct pst_dynamic pstd;
@@ -1619,7 +1764,7 @@ getla()
 		return 0;
 
 	if (tTd(3, 1))
-		printf("getla: %d\n", (int) (pstd.psd_avg_1_min + 0.5));
+		dprintf("getla: %d\n", (int) (pstd.psd_avg_1_min + 0.5));
 
 	return (int) (pstd.psd_avg_1_min + 0.5);
 }
@@ -1628,7 +1773,7 @@ getla()
 
 #if LA_TYPE == LA_SUBR
 
-int
+static int
 getla()
 {
 	double avenrun[3];
@@ -1636,11 +1781,12 @@ getla()
 	if (getloadavg(avenrun, sizeof(avenrun) / sizeof(avenrun[0])) < 0)
 	{
 		if (tTd(3, 1))
-			perror("getla: getloadavg failed:");
-		return (-1);
+			dprintf("getla: getloadavg failed: %s",
+				errstring(errno));
+		return -1;
 	}
 	if (tTd(3, 1))
-		printf("getla: %d\n", (int) (avenrun[0] +0.5));
+		dprintf("getla: %d\n", (int) (avenrun[0] +0.5));
 	return ((int) (avenrun[0] + 0.5));
 }
 
@@ -1652,13 +1798,13 @@ getla()
 **  This has been tested on NEXTSTEP release 2.1/3.X.
 */
 
-#if defined(NX_CURRENT_COMPILER_RELEASE) && NX_CURRENT_COMPILER_RELEASE > NX_COMPILER_RELEASE_3_0
-# include <mach/mach.h>
-#else
-# include <mach.h>
-#endif
+# if defined(NX_CURRENT_COMPILER_RELEASE) && NX_CURRENT_COMPILER_RELEASE > NX_COMPILER_RELEASE_3_0
+#  include <mach/mach.h>
+# else /* defined(NX_CURRENT_COMPILER_RELEASE) && NX_CURRENT_COMPILER_RELEASE > NX_COMPILER_RELEASE_3_0 */
+#  include <mach.h>
+# endif /* defined(NX_CURRENT_COMPILER_RELEASE) && NX_CURRENT_COMPILER_RELEASE > NX_COMPILER_RELEASE_3_0 */
 
-int
+static int
 getla()
 {
 	processor_set_t default_set;
@@ -1671,7 +1817,8 @@ getla()
 	if (error != KERN_SUCCESS)
 	{
 		if (tTd(3, 1))
-			perror("getla: processor_set_default failed:");
+			dprintf("getla: processor_set_default failed: %s",
+				errstring(errno));
 		return -1;
 	}
 	info_count = PROCESSOR_SET_BASIC_INFO_COUNT;
@@ -1680,11 +1827,14 @@ getla()
 			       &info_count) != KERN_SUCCESS)
 	{
 		if (tTd(3, 1))
-			perror("getla: processor_set_info failed:");
+			dprintf("getla: processor_set_info failed: %s",
+				errstring(errno));
 		return -1;
 	}
 	if (tTd(3, 1))
-		printf("getla: %d\n", (int) (info.load_average + (LOAD_SCALE / 2)) / LOAD_SCALE);
+		dprintf("getla: %d\n",
+			(int) ((info.load_average + (LOAD_SCALE / 2)) /
+			       LOAD_SCALE));
 	return (int) (info.load_average + (LOAD_SCALE / 2)) / LOAD_SCALE;
 }
 
@@ -1702,9 +1852,9 @@ getla()
 
 # ifndef _PATH_LOADAVG
 #  define _PATH_LOADAVG	"/proc/loadavg"
-# endif
+# endif /* ! _PATH_LOADAVG */
 
-int
+static int
 getla()
 {
 	double avenrun;
@@ -1715,22 +1865,22 @@ getla()
 	if (fp == NULL)
 	{
 		if (tTd(3, 1))
-			printf("getla: fopen(%s): %s\n",
+			dprintf("getla: fopen(%s): %s\n",
 				_PATH_LOADAVG, errstring(errno));
 		return -1;
 	}
 	result = fscanf(fp, "%lf", &avenrun);
-	fclose(fp);
+	(void) fclose(fp);
 	if (result != 1)
 	{
 		if (tTd(3, 1))
-			printf("getla: fscanf() = %d: %s\n",
+			dprintf("getla: fscanf() = %d: %s\n",
 				result, errstring(errno));
 		return -1;
 	}
 
 	if (tTd(3, 1))
-		printf("getla(): %.2f\n", avenrun);
+		dprintf("getla(): %.2f\n", avenrun);
 
 	return ((int) (avenrun + 0.5));
 }
@@ -1738,7 +1888,8 @@ getla()
 #endif /* LA_TYPE == LA_PROCSTR */
 
 #if LA_TYPE == LA_IRIX6
-#include <sys/sysmp.h>
+
+# include <sys/sysmp.h>
 
 int getla(void)
 {
@@ -1751,42 +1902,43 @@ int getla(void)
 		if (kmem < 0)
 		{
 			if (tTd(3, 1))
-				printf("getla: open(%s): %s\n", _PATH_KMEM,
+				dprintf("getla: open(%s): %s\n", _PATH_KMEM,
 					errstring(errno));
 			return -1;
 		}
-		(void) fcntl(kmem, F_SETFD, 1);
+		(void) fcntl(kmem, F_SETFD, FD_CLOEXEC);
 	}
 
-	if (lseek(kmem, (sysmp(MP_KERNADDR, MPKA_AVENRUN) & 0x7fffffff), SEEK_SET) == -1 || 
-	    read(kmem, (char *)avenrun, sizeof(avenrun)) < sizeof(avenrun)) 
+	if (lseek(kmem, (sysmp(MP_KERNADDR, MPKA_AVENRUN) & 0x7fffffff), SEEK_SET) == -1 ||
+	    read(kmem, (char *)avenrun, sizeof(avenrun)) < sizeof(avenrun))
 	{
 		if (tTd(3, 1))
-			printf("getla: lseek or read: %s\n",
-			       errstring(errno));
+			dprintf("getla: lseek or read: %s\n",
+				errstring(errno));
 		return -1;
 	}
 	if (tTd(3, 5))
 	{
-		printf("getla: avenrun = %ld", (long int) avenrun[0]);
+		dprintf("getla: avenrun = %ld", (long int) avenrun[0]);
 		if (tTd(3, 15))
-			printf(", %ld, %ld",
-			       (long int) avenrun[1], (long int) avenrun[2]);
-		printf("\n");
+			dprintf(", %ld, %ld",
+				(long int) avenrun[1], (long int) avenrun[2]);
+		dprintf("\n");
 	}
 
 	if (tTd(3, 1))
-		printf("getla: %d\n", (int) (avenrun[0] + FSCALE/2) >> FSHIFT);
+		dprintf("getla: %d\n",
+			(int) (avenrun[0] + FSCALE/2) >> FSHIFT);
 	return ((int) (avenrun[0] + FSCALE/2) >> FSHIFT);
 
 }
-#endif
+#endif /* LA_TYPE == LA_IRIX6 */
 
 #if LA_TYPE == LA_KSTAT
 
-#include <kstat.h>
+# include <kstat.h>
 
-int
+static int
 getla()
 {
 	static kstat_ctl_t *kc = NULL;
@@ -1799,7 +1951,7 @@ getla()
 	if (kc == NULL)
 	{
 		if (tTd(3, 1))
-			printf("getla: kstat_open(): %s\n",
+			dprintf("getla: kstat_open(): %s\n",
 				errstring(errno));
 		return -1;
 	}
@@ -1808,14 +1960,14 @@ getla()
 	if (ksp == NULL)
 	{
 		if (tTd(3, 1))
-			printf("getla: kstat_lookup(): %s\n",
+			dprintf("getla: kstat_lookup(): %s\n",
 				errstring(errno));
 		return -1;
 	}
 	if (kstat_read(kc, ksp, NULL) < 0)
 	{
 		if (tTd(3, 1))
-			printf("getla: kstat_read(): %s\n",
+			dprintf("getla: kstat_read(): %s\n",
 				errstring(errno));
 		return -1;
 	}
@@ -1839,9 +1991,9 @@ getla()
 
 # ifndef _PATH_AVENRUN
 #  define _PATH_AVENRUN	"/dev/table/avenrun"
-# endif
+# endif /* ! _PATH_AVENRUN */
 
-int
+static int
 getla()
 {
 	static int afd = -1;
@@ -1868,10 +2020,10 @@ getla()
 	r = read(afd, &avenrun, sizeof avenrun);
 
 	if (tTd(3, 5))
-		printf("getla: avenrun = %d\n", avenrun);
+		dprintf("getla: avenrun = %d\n", avenrun);
 	loadav = (int) (avenrun + FSCALE/2) >> FSHIFT;
 	if (tTd(3, 1))
-		printf("getla: %d\n", loadav);
+		dprintf("getla: %d\n", loadav);
 	return loadav;
 }
 
@@ -1890,34 +2042,35 @@ int getla()
 	if (table(TBL_LOADAVG, 0, &tab, 1, sizeof(tab)) == -1)
 	{
 		if (tTd(3, 1))
-			printf("getla: table %s\n", errstring(errno));
-		return (-1);
+			dprintf("getla: table %s\n", errstring(errno));
+		return -1;
 	}
 
 	if (tTd(3, 1))
-		printf("getla: scale = %d\n", tab.tl_lscale);
+		dprintf("getla: scale = %d\n", tab.tl_lscale);
 
 	if (tab.tl_lscale)
-		ave = (tab.tl_avenrun.l[0] + (tab.tl_lscale/2)) / tab.tl_lscale;
+		ave = ((tab.tl_avenrun.l[2] + (tab.tl_lscale/2)) /
+		       tab.tl_lscale);
 	else
-		ave = (int) (tab.tl_avenrun.d[0] + 0.5);
+		ave = (int) (tab.tl_avenrun.d[2] + 0.5);
 
 	if (tTd(3, 1))
-		printf("getla: %d\n", ave);
+		dprintf("getla: %d\n", ave);
 
 	return ave;
 }
 
-#endif
+#endif /* LA_TYPE == LA_ALPHAOSF */
 
 #if LA_TYPE == LA_ZERO
 
-int
+static int
 getla()
 {
 	if (tTd(3, 1))
-		printf("getla: ZERO\n");
-	return (0);
+		dprintf("getla: ZERO\n");
+	return 0;
 }
 
 #endif /* LA_TYPE == LA_ZERO */
@@ -1947,12 +2100,12 @@ getla()
 
 /* Non Apollo stuff removed by Don Lewis 11/15/93 */
 #ifndef lint
-static char  rcsid[] = "@(#)$Id: getloadavg.c,v 1.16 1991/06/21 12:51:15 paul Exp $";
-#endif /* !lint */
+static char  rcsid[] = "@(#)$OrigId: getloadavg.c,v 1.16 1991/06/21 12:51:15 paul Exp $";
+#endif /* ! lint */
 
 #ifdef apollo
 # undef volatile
-#    include <apollo/base.h>
+# include <apollo/base.h>
 
 /* ARGSUSED */
 int getloadavg( call_data )
@@ -1964,9 +2117,40 @@ int getloadavg( call_data )
      long loadav[3];
      proc1_$get_loadav(loadav, &st);
      *avenrun = loadav[0] / (double) (1 << 16);
-     return(0);
+     return 0;
 }
-#   endif /* apollo */
+#endif /* apollo */
+/*
+**  SM_GETLA -- get the current load average and set macro
+**
+**	Parameters:
+**		e -- the envelope for the load average macro.
+**
+**	Returns:
+**		The current load average as an integer.
+**
+**	Side Effects:
+**		Sets the load average macro ({load_avg}) if
+**		envelope e is not NULL.
+*/
+
+int
+sm_getla(e)
+	ENVELOPE *e;
+{
+	register int la;
+
+	la = getla();
+	if (e != NULL)
+	{
+		char labuf[8];
+
+		snprintf(labuf, sizeof labuf, "%d", CurrentLA);
+		define(macid("{load_avg}", NULL), newstr(labuf), e);
+	}
+	return la;
+}
+
 /*
 **  SHOULDQUEUE -- should this message be queued or sent?
 **
@@ -1974,7 +2158,7 @@ int getloadavg( call_data )
 **
 **	Parameters:
 **		pri -- the priority of the message in question.
-**		ctime -- the message creation time.
+**		ct -- the message creation time.
 **
 **	Returns:
 **		TRUE -- if this message should be queued up for the
@@ -1985,42 +2169,43 @@ int getloadavg( call_data )
 **		none.
 */
 
-extern int	get_num_procs_online __P((void));
-
+/* ARGSUSED1 */
 bool
-shouldqueue(pri, ctime)
+shouldqueue(pri, ct)
 	long pri;
-	time_t ctime;
+	time_t ct;
 {
 	bool rval;
-	int queuela = QueueLA * get_num_procs_online();
 
 	if (tTd(3, 30))
-		printf("shouldqueue: CurrentLA=%d, pri=%ld: ", CurrentLA, pri);
-	if (CurrentLA < queuela)
+		dprintf("shouldqueue: CurrentLA=%d, pri=%ld: ",
+			CurrentLA, pri);
+	if (CurrentLA < QueueLA)
 	{
 		if (tTd(3, 30))
-			printf("FALSE (CurrentLA < QueueLA)\n");
-		return (FALSE);
+			dprintf("FALSE (CurrentLA < QueueLA)\n");
+		return FALSE;
 	}
 #if 0	/* this code is reported to cause oscillation around RefuseLA */
 	if (CurrentLA >= RefuseLA && QueueLA < RefuseLA)
 	{
 		if (tTd(3, 30))
-			printf("TRUE (CurrentLA >= RefuseLA)\n");
-		return (TRUE);
+			dprintf("TRUE (CurrentLA >= RefuseLA)\n");
+		return TRUE;
 	}
-#endif
-	rval = pri > (QueueFactor / (CurrentLA - queuela + 1));
+#endif /* 0 */
+	rval = pri > (QueueFactor / (CurrentLA - QueueLA + 1));
 	if (tTd(3, 30))
-		printf("%s (by calculation)\n", rval ? "TRUE" : "FALSE");
+		dprintf("%s (by calculation)\n", rval ? "TRUE" : "FALSE");
 	return rval;
 }
 /*
 **  REFUSECONNECTIONS -- decide if connections should be refused
 **
 **	Parameters:
-**		port -- port number (for error messages only)
+**		name -- daemon name (for error messages only)
+**		e -- the current envelope.
+**		d -- number of daemon
 **
 **	Returns:
 **		TRUE if incoming SMTP connections should be refused
@@ -2032,58 +2217,48 @@ shouldqueue(pri, ctime)
 */
 
 bool
-refuseconnections(port)
-	int port;
+refuseconnections(name, e, d)
+	char *name;
+	ENVELOPE *e;
+	int d;
 {
-	int refusela = RefuseLA * get_num_procs_online();
 	time_t now;
-	static time_t lastconn = (time_t) 0;
-	static int conncnt = 0;
-	extern bool enoughdiskspace __P((long));
+	static time_t lastconn[MAXDAEMONS];
+	static int conncnt[MAXDAEMONS];
+
 
 #ifdef XLA
 	if (!xla_smtp_ok())
 		return TRUE;
-#endif
+#endif /* XLA */
 
 	now = curtime();
-	if (now != lastconn)
+	if (now != lastconn[d])
 	{
-		lastconn = now;
-		conncnt = 0;
+		lastconn[d] = now;
+		conncnt[d] = 0;
 	}
-	else if (conncnt++ > ConnRateThrottle && ConnRateThrottle > 0)
+	else if (conncnt[d]++ > ConnRateThrottle && ConnRateThrottle > 0)
 	{
 		/* sleep to flatten out connection load */
-		sm_setproctitle(TRUE, "deferring connections on port %d: %d per second",
-			port, ConnRateThrottle);
-		if (LogLevel >= 14)
+		sm_setproctitle(TRUE, e, "deferring connections on daemon %s: %d per second",
+				name, ConnRateThrottle);
+		if (LogLevel >= 9)
 			sm_syslog(LOG_INFO, NOQID,
-				"deferring connections on port %d: %d per second",
-				port, ConnRateThrottle);
-		sleep(1);
+				"deferring connections on daemon %s: %d per second",
+				name, ConnRateThrottle);
+		(void) sleep(1);
 	}
 
 	CurrentLA = getla();
-	if (CurrentLA >= refusela)
+	if (RefuseLA > 0 && CurrentLA >= RefuseLA)
 	{
-		sm_setproctitle(TRUE, "rejecting connections on port %d: load average: %d",
-			port, CurrentLA);
-		if (LogLevel >= 14)
+		sm_setproctitle(TRUE, e, "rejecting connections on daemon %s: load average: %d",
+				name, CurrentLA);
+		if (LogLevel >= 9)
 			sm_syslog(LOG_INFO, NOQID,
-				"rejecting connections on port %d: load average: %d",
-				port, CurrentLA);
-		return TRUE;
-	}
-
-	if (!enoughdiskspace(MinBlocksFree + 1))
-	{
-		sm_setproctitle(TRUE, "rejecting connections on port %d: min free: %d",
-			port, MinBlocksFree);
-		if (LogLevel >= 14)
-			sm_syslog(LOG_INFO, NOQID,
-				"rejecting connections on port %d: min free: %d",
-				port, MinBlocksFree);
+				"rejecting connections on daemon %s: load average: %d",
+				name, CurrentLA);
 		return TRUE;
 	}
 
@@ -2092,12 +2267,12 @@ refuseconnections(port)
 		proc_list_probe();
 		if (CurChildren >= MaxChildren)
 		{
-			sm_setproctitle(TRUE, "rejecting connections on port %d: %d children, max %d",
-				port, CurChildren, MaxChildren);
-			if (LogLevel >= 14)
+			sm_setproctitle(TRUE, e, "rejecting connections on daemon %s: %d children, max %d",
+					name, CurChildren, MaxChildren);
+			if (LogLevel >= 9)
 				sm_syslog(LOG_INFO, NOQID,
-					"rejecting connections on port %d: %d children, max %d",
-					port, CurChildren, MaxChildren);
+					"rejecting connections on daemon %s: %d children, max %d",
+					name, CurChildren, MaxChildren);
 			return TRUE;
 		}
 	}
@@ -2130,37 +2305,38 @@ refuseconnections(port)
 
 #ifndef SPT_TYPE
 # define SPT_TYPE	SPT_REUSEARGV
-#endif
+#endif /* ! SPT_TYPE */
+
 
 #if SPT_TYPE != SPT_NONE && SPT_TYPE != SPT_BUILTIN
 
 # if SPT_TYPE == SPT_PSTAT
 #  include <sys/pstat.h>
-# endif
+# endif /* SPT_TYPE == SPT_PSTAT */
 # if SPT_TYPE == SPT_PSSTRINGS
 #  include <machine/vmparam.h>
 #  include <sys/exec.h>
 #  ifndef PS_STRINGS	/* hmmmm....  apparently not available after all */
 #   undef SPT_TYPE
 #   define SPT_TYPE	SPT_REUSEARGV
-#  else
+#  else /* ! PS_STRINGS */
 #   ifndef NKPDE			/* FreeBSD 2.0 */
 #    define NKPDE 63
 typedef unsigned int	*pt_entry_t;
-#   endif
-#  endif
-# endif
+#   endif /* ! NKPDE */
+#  endif /* ! PS_STRINGS */
+# endif /* SPT_TYPE == SPT_PSSTRINGS */
 
 # if SPT_TYPE == SPT_PSSTRINGS || SPT_TYPE == SPT_CHANGEARGV
 #  define SETPROC_STATIC	static
-# else
+# else /* SPT_TYPE == SPT_PSSTRINGS || SPT_TYPE == SPT_CHANGEARGV */
 #  define SETPROC_STATIC
-# endif
+# endif /* SPT_TYPE == SPT_PSSTRINGS || SPT_TYPE == SPT_CHANGEARGV */
 
 # if SPT_TYPE == SPT_SYSMIPS
 #  include <sys/sysmips.h>
 #  include <sys/sysnews.h>
-# endif
+# endif /* SPT_TYPE == SPT_SYSMIPS */
 
 # if SPT_TYPE == SPT_SCO
 #  include <sys/immu.h>
@@ -2169,26 +2345,29 @@ typedef unsigned int	*pt_entry_t;
 #  include <sys/fs/s5param.h>
 #  if PSARGSZ > MAXLINE
 #   define SPT_BUFSIZE	PSARGSZ
-#  endif
-# endif
+#  endif /* PSARGSZ > MAXLINE */
+# endif /* SPT_TYPE == SPT_SCO */
 
 # ifndef SPT_PADCHAR
 #  define SPT_PADCHAR	' '
-# endif
+# endif /* ! SPT_PADCHAR */
 
 #endif /* SPT_TYPE != SPT_NONE && SPT_TYPE != SPT_BUILTIN */
 
-# ifndef SPT_BUFSIZE
-#  define SPT_BUFSIZE	MAXLINE
-# endif
+#ifndef SPT_BUFSIZE
+# define SPT_BUFSIZE	MAXLINE
+#endif /* ! SPT_BUFSIZE */
 
 /*
 **  Pointers for setproctitle.
 **	This allows "ps" listings to give more useful information.
 */
 
-char		**Argv = NULL;		/* pointer to argument vector */
-char		*LastArgv = NULL;	/* end of argv */
+static char	**Argv = NULL;		/* pointer to argument vector */
+static char	*LastArgv = NULL;	/* end of argv */
+#if SPT_TYPE != SPT_BUILTIN
+static void	setproctitle __P((const char *, ...));
+#endif /* SPT_TYPE != SPT_BUILTIN */
 
 void
 initsetproctitle(argc, argv, envp)
@@ -2218,57 +2397,52 @@ initsetproctitle(argc, argv, envp)
 	Argv = argv;
 
 	/*
-	**  Determine how much space we can use for setproctitle.  
+	**  Determine how much space we can use for setproctitle.
 	**  Use all contiguous argv and envp pointers starting at argv[0]
- 	*/
+	*/
 	for (i = 0; i < argc; i++)
 	{
-		if (i==0 || LastArgv + 1 == argv[i])
+		if (i == 0 || LastArgv + 1 == argv[i])
 			LastArgv = argv[i] + strlen(argv[i]);
-		else
-			continue;
 	}
-	for (i=0; envp[i] != NULL; i++)
+	for (i = 0; LastArgv != NULL && envp[i] != NULL; i++)
 	{
 		if (LastArgv + 1 == envp[i])
 			LastArgv = envp[i] + strlen(envp[i]);
-		else
-			continue;
 	}
 }
 
 #if SPT_TYPE != SPT_BUILTIN
 
-
 /*VARARGS1*/
-void
+static void
 # ifdef __STDC__
 setproctitle(const char *fmt, ...)
-# else
+# else /* __STDC__ */
 setproctitle(fmt, va_alist)
 	const char *fmt;
 	va_dcl
-# endif
+# endif /* __STDC__ */
 {
 # if SPT_TYPE != SPT_NONE
-	register char *p;
 	register int i;
+	register char *p;
 	SETPROC_STATIC char buf[SPT_BUFSIZE];
 	VA_LOCAL_DECL
 #  if SPT_TYPE == SPT_PSTAT
 	union pstun pst;
-#  endif
+#  endif /* SPT_TYPE == SPT_PSTAT */
 #  if SPT_TYPE == SPT_SCO
 	off_t seek_off;
 	static int kmem = -1;
 	static int kmempid = -1;
 	struct user u;
-#  endif
+#  endif /* SPT_TYPE == SPT_SCO */
 
 	p = buf;
 
 	/* print sendmail: heading for grep */
-	(void) strcpy(p, "sendmail: ");
+	(void) strlcpy(p, "sendmail: ", SPACELEFT(buf, p));
 	p += strlen(p);
 
 	/* print the argument string */
@@ -2281,14 +2455,14 @@ setproctitle(fmt, va_alist)
 #  if SPT_TYPE == SPT_PSTAT
 	pst.pst_command = buf;
 	pstat(PSTAT_SETCMD, pst, i, 0, 0);
-#  endif
+#  endif /* SPT_TYPE == SPT_PSTAT */
 #  if SPT_TYPE == SPT_PSSTRINGS
 	PS_STRINGS->ps_nargvstr = 1;
 	PS_STRINGS->ps_argvstr = buf;
-#  endif
+#  endif /* SPT_TYPE == SPT_PSSTRINGS */
 #  if SPT_TYPE == SPT_SYSMIPS
 	sysmips(SONY_SYSNEWS, NEWS_SETPSARGS, buf);
-#  endif
+#  endif /* SPT_TYPE == SPT_SYSMIPS */
 #  if SPT_TYPE == SPT_SCO
 	if (kmem < 0 || kmempid != getpid())
 	{
@@ -2297,30 +2471,33 @@ setproctitle(fmt, va_alist)
 		kmem = open(_PATH_KMEM, O_RDWR, 0);
 		if (kmem < 0)
 			return;
-		(void) fcntl(kmem, F_SETFD, 1);
+		(void) fcntl(kmem, F_SETFD, FD_CLOEXEC);
 		kmempid = getpid();
 	}
 	buf[PSARGSZ - 1] = '\0';
 	seek_off = UVUBLK + (off_t) u.u_psargs - (off_t) &u;
 	if (lseek(kmem, (off_t) seek_off, SEEK_SET) == seek_off)
 		(void) write(kmem, buf, PSARGSZ);
-#  endif
+#  endif /* SPT_TYPE == SPT_SCO */
 #  if SPT_TYPE == SPT_REUSEARGV
+	if (LastArgv == NULL)
+		return;
+
 	if (i > LastArgv - Argv[0] - 2)
 	{
 		i = LastArgv - Argv[0] - 2;
 		buf[i] = '\0';
 	}
-	(void) strcpy(Argv[0], buf);
+	(void) strlcpy(Argv[0], buf, i + 1);
 	p = &Argv[0][i];
 	while (p < LastArgv)
 		*p++ = SPT_PADCHAR;
 	Argv[1] = NULL;
-#  endif
+#  endif /* SPT_TYPE == SPT_REUSEARGV */
 #  if SPT_TYPE == SPT_CHANGEARGV
 	Argv[0] = buf;
 	Argv[1] = 0;
-#  endif
+#  endif /* SPT_TYPE == SPT_CHANGEARGV */
 # endif /* SPT_TYPE != SPT_NONE */
 }
 
@@ -2333,6 +2510,7 @@ setproctitle(fmt, va_alist)
 **
 **	Parameters:
 **		status -- whether or not to store as process status
+**		e -- the current envelope.
 **		fmt -- a printf style format string.
 **		a, b, c -- possible parameters to fmt.
 **
@@ -2342,26 +2520,36 @@ setproctitle(fmt, va_alist)
 
 /*VARARGS2*/
 void
-# ifdef __STDC__
-sm_setproctitle(bool status, const char *fmt, ...)
-# else
-sm_setproctitle(status, fmt, va_alist)
+#ifdef __STDC__
+sm_setproctitle(bool status, ENVELOPE *e, const char *fmt, ...)
+#else /* __STDC__ */
+sm_setproctitle(status, e, fmt, va_alist)
 	bool status;
+	ENVELOPE *e;
 	const char *fmt;
 	va_dcl
-#endif
+#endif /* __STDC__ */
 {
 	char buf[SPT_BUFSIZE];
-
 	VA_LOCAL_DECL
+
 	/* print the argument string */
 	VA_START(fmt);
-	(void) vsnprintf(buf, SPT_BUFSIZE, fmt, ap);
+	(void) vsnprintf(buf, sizeof buf, fmt, ap);
 	VA_END;
 
 	if (status)
 		proc_list_set(getpid(), buf);
-	setproctitle("%s", buf);
+
+	if (ProcTitlePrefix != NULL)
+	{
+		char prefix[SPT_BUFSIZE];
+
+		expand(ProcTitlePrefix, prefix, sizeof prefix, e);
+		setproctitle("%s: %s", prefix, buf);
+	}
+	else
+		setproctitle("%s", buf);
 }
 /*
 **  WAITFOR -- wait for a particular process id.
@@ -2381,37 +2569,37 @@ int
 waitfor(pid)
 	pid_t pid;
 {
-#ifdef WAITUNION
+# ifdef WAITUNION
 	union wait st;
-#else
+# else /* WAITUNION */
 	auto int st;
-#endif
+# endif /* WAITUNION */
 	pid_t i;
-#if defined(ISC_UNIX) || defined(_SCO_unix_)
+# if defined(ISC_UNIX) || defined(_SCO_unix_)
 	int savesig;
-#endif
+# endif /* defined(ISC_UNIX) || defined(_SCO_unix_) */
 
 	do
 	{
 		errno = 0;
-#if defined(ISC_UNIX) || defined(_SCO_unix_)
+# if defined(ISC_UNIX) || defined(_SCO_unix_)
 		savesig = releasesignal(SIGCHLD);
-#endif
+# endif /* defined(ISC_UNIX) || defined(_SCO_unix_) */
 		i = wait(&st);
-#if defined(ISC_UNIX) || defined(_SCO_unix_)
+# if defined(ISC_UNIX) || defined(_SCO_unix_)
 		if (savesig > 0)
 			blocksignal(SIGCHLD);
-#endif
+# endif /* defined(ISC_UNIX) || defined(_SCO_unix_) */
 		if (i > 0)
-			proc_list_drop(i);
+			(void) proc_list_drop(i);
 	} while ((i >= 0 || errno == EINTR) && i != pid);
 	if (i < 0)
 		return -1;
-#ifdef WAITUNION
+# ifdef WAITUNION
 	return st.w_status;
-#else
+# else /* WAITUNION */
 	return st;
-#endif
+# endif /* WAITUNION */
 }
 /*
 **  REAPCHILD -- pick up the body of my child, lest it become a zombie
@@ -2424,21 +2612,25 @@ waitfor(pid)
 **
 **	Side Effects:
 **		Picks up extant zombies.
+**		Control socket exits may restart/shutdown daemon.
 */
 
+/* ARGSUSED0 */
 SIGFUNC_DECL
 reapchild(sig)
 	int sig;
 {
-	int olderrno = errno;
+	int save_errno = errno;
+	int st;
 	pid_t pid;
-# ifdef HASWAITPID
+#if HASWAITPID
 	auto int status;
 	int count;
 
 	count = 0;
 	while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
 	{
+		st = status;
 		if (count++ > 1000)
 		{
 			if (LogLevel > 0)
@@ -2447,14 +2639,13 @@ reapchild(sig)
 					pid, status);
 			break;
 		}
-		proc_list_drop(pid);
-	}
-# else
+#else /* HASWAITPID */
 # ifdef WNOHANG
 	union wait status;
 
 	while ((pid = wait3(&status, WNOHANG, (struct rusage *) NULL)) > 0)
-		proc_list_drop(pid);
+	{
+		st = status.w_status;
 # else /* WNOHANG */
 	auto int status;
 
@@ -2466,13 +2657,33 @@ reapchild(sig)
 	*/
 
 	if ((pid = wait(&status)) > 0)
-		proc_list_drop(pid);
+	{
+		st = status;
 # endif /* WNOHANG */
-# endif
-# ifdef SYS5SIGNALS
+#endif /* HASWAITPID */
+		/* Drop PID and check if it was a control socket child */
+		if (proc_list_drop(pid) == PROC_CONTROL &&
+		    WIFEXITED(st))
+		{
+			/* if so, see if we need to restart or shutdown */
+			if (WEXITSTATUS(st) == EX_RESTART)
+			{
+				/* emulate a SIGHUP restart */
+				sighup(0);
+				/* NOTREACHED */
+			}
+			else if (WEXITSTATUS(st) == EX_SHUTDOWN)
+			{
+				/* emulate a SIGTERM shutdown */
+				intsig(0);
+				/* NOTREACHED */
+			}
+		}
+	}
+#ifdef SYS5SIGNALS
 	(void) setsignal(SIGCHLD, reapchild);
-# endif
-	errno = olderrno;
+#endif /* SYS5SIGNALS */
+	errno = save_errno;
 	return SIGFUNC_RETURN;
 }
 /*
@@ -2489,7 +2700,7 @@ reapchild(sig)
 **		none.
 */
 
-#ifdef NEEDPUTENV
+#if NEEDPUTENV
 
 # if NEEDPUTENV == 2		/* no setenv(3) call available */
 
@@ -2498,10 +2709,10 @@ putenv(str)
 	char *str;
 {
 	char **current;
-	int matchlen, envlen=0;
+	int matchlen, envlen = 0;
 	char *tmp;
 	char **newenv;
-	static int first=1;
+	static bool first = TRUE;
 	extern char **environ;
 
 	/*
@@ -2518,13 +2729,15 @@ putenv(str)
 	 * Search for an existing string in the environment and find the
 	 * length of environ.  If found, replace and exit.
 	 */
-	for (current=environ; *current; current++) {
+	for (current = environ; *current; current++)
+	{
 		++envlen;
 
-		if (strncmp(str, *current, matchlen) == 0) {
+		if (strncmp(str, *current, matchlen) == 0)
+		{
 			/* found it, now insert the new version */
 			*current = (char *)str;
-			return(0);
+			return 0;
 		}
 	}
 
@@ -2532,28 +2745,31 @@ putenv(str)
 	 * There wasn't already a slot so add space for a new slot.
 	 * If this is our first time through, use malloc(), else realloc().
 	 */
-	if (first) {
+	if (first)
+	{
 		newenv = (char **) malloc(sizeof(char *) * (envlen + 2));
 		if (newenv == NULL)
-			return(-1);
+			return -1;
 
-		first=0;
+		first = FALSE;
 		(void) memcpy(newenv, environ, sizeof(char *) * envlen);
-	} else {
+	}
+	else
+	{
 		newenv = (char **) realloc((char *)environ, sizeof(char *) * (envlen + 2));
 		if (newenv == NULL)
-			return(-1);
+			return -1;
 	}
 
 	/* actually add in the new entry */
 	environ = newenv;
 	environ[envlen] = (char *)str;
-	environ[envlen+1] = NULL;
+	environ[envlen + 1] = NULL;
 
-	return(0);
+	return 0;
 }
 
-#else			/* implement putenv() in terms of setenv() */
+# else /* NEEDPUTENV == 2 */
 
 int
 putenv(env)
@@ -2569,13 +2785,13 @@ putenv(env)
 	l = p - env;
 	if (l > sizeof nbuf - 1)
 		l = sizeof nbuf - 1;
-	bcopy(env, nbuf, l);
+	memmove(nbuf, env, l);
 	nbuf[l] = '\0';
 	return setenv(nbuf, ++p, 1);
 }
 
-# endif
-#endif
+# endif /* NEEDPUTENV == 2 */
+#endif /* NEEDPUTENV */
 /*
 **  UNSETENV -- remove a variable from the environment
 **
@@ -2595,7 +2811,7 @@ putenv(env)
 **		Modifies environ.
 */
 
-#ifndef HASUNSETENV
+#if !HASUNSETENV
 
 void
 unsetenv(name)
@@ -2616,7 +2832,7 @@ unsetenv(name)
 		*pp = pp[1];
 }
 
-#endif
+#endif /* !HASUNSETENV */
 /*
 **  GETDTABLESIZE -- return number of file descriptors
 **
@@ -2634,33 +2850,33 @@ unsetenv(name)
 
 #ifdef SOLARIS
 # include <sys/resource.h>
-#endif
+#endif /* SOLARIS */
 
 int
 getdtsize()
 {
-#ifdef RLIMIT_NOFILE
+# ifdef RLIMIT_NOFILE
 	struct rlimit rl;
 
 	if (getrlimit(RLIMIT_NOFILE, &rl) >= 0)
 		return rl.rlim_cur;
-#endif
+# endif /* RLIMIT_NOFILE */
 
-# ifdef HASGETDTABLESIZE
+# if HASGETDTABLESIZE
 	return getdtablesize();
-# else
+# else /* HASGETDTABLESIZE */
 #  ifdef _SC_OPEN_MAX
 	return sysconf(_SC_OPEN_MAX);
-#  else
+#  else /* _SC_OPEN_MAX */
 	return NOFILE;
-#  endif
-# endif
+#  endif /* _SC_OPEN_MAX */
+# endif /* HASGETDTABLESIZE */
 }
 /*
 **  UNAME -- get the UUCP name of this system.
 */
 
-#ifndef HASUNAME
+#if !HASUNAME
 
 int
 uname(name)
@@ -2680,7 +2896,7 @@ uname(name)
 		if (n != NULL)
 			*n = '\0';
 		if (name->nodename[0] != '\0')
-			return (0);
+			return 0;
 	}
 
 	/* try /usr/include/whoami.h -- has a #define somewhere */
@@ -2689,15 +2905,17 @@ uname(name)
 		char buf[MAXLINE];
 
 		while (fgets(buf, MAXLINE, file) != NULL)
+		{
 			if (sscanf(buf, "#define sysname \"%*[^\"]\"",
 					NODE_LENGTH, name->nodename) > 0)
 				break;
+		}
 		(void) fclose(file);
 		if (name->nodename[0] != '\0')
-			return (0);
+			return 0;
 	}
 
-#ifdef TRUST_POPEN
+#  if 0
 	/*
 	**  Popen is known to have security holes.
 	*/
@@ -2711,20 +2929,20 @@ uname(name)
 		if (n != NULL)
 			*n = '\0';
 		if (name->nodename[0] != '\0')
-			return (0);
+			return 0;
 	}
-#endif
+#  endif /* 0 */
 
-	return (-1);
+	return -1;
 }
-#endif /* HASUNAME */
+#endif /* !HASUNAME */
 /*
 **  INITGROUPS -- initialize groups
 **
 **	Stub implementation for System V style systems
 */
 
-#ifndef HASINITGROUPS
+#if !HASINITGROUPS
 
 initgroups(name, basegid)
 	char *name;
@@ -2733,7 +2951,7 @@ initgroups(name, basegid)
 	return 0;
 }
 
-#endif
+#endif /* !HASINITGROUPS */
 /*
 **  SETGROUPS -- set group list
 **
@@ -2750,17 +2968,17 @@ setgroups(ngroups, grouplist)
 	return 0;
 }
 
-#endif
+#endif /* ! NGROUPS_MAX */
 /*
 **  SETSID -- set session id (for non-POSIX systems)
 */
 
-#ifndef HASSETSID
+#if !HASSETSID
 
 pid_t
 setsid __P ((void))
 {
-#ifdef TIOCNOTTY
+#  ifdef TIOCNOTTY
 	int fd;
 
 	fd = open("/dev/tty", O_RDWR, 0);
@@ -2769,33 +2987,33 @@ setsid __P ((void))
 		(void) ioctl(fd, (int) TIOCNOTTY, (char *) 0);
 		(void) close(fd);
 	}
-#endif /* TIOCNOTTY */
-# ifdef SYS5SETPGRP
+#  endif /* TIOCNOTTY */
+#  ifdef SYS5SETPGRP
 	return setpgrp();
-# else
+#  else /* SYS5SETPGRP */
 	return setpgid(0, getpid());
-# endif
+#  endif /* SYS5SETPGRP */
 }
 
-#endif
+#endif /* !HASSETSID */
 /*
 **  FSYNC -- dummy fsync
 */
 
-#ifdef NEEDFSYNC
+#if NEEDFSYNC
 
 fsync(fd)
 	int fd;
 {
 # ifdef O_SYNC
 	return fcntl(fd, F_SETFL, O_SYNC);
-# else
+# else /* O_SYNC */
 	/* nothing we can do */
 	return 0;
-# endif
+# endif /* O_SYNC */
 }
 
-#endif
+#endif /* NEEDFSYNC */
 /*
 **  DGUX_INET_ADDR -- inet_addr for DG/UX
 **
@@ -2806,7 +3024,7 @@ fsync(fd)
 
 #ifdef DGUX_5_4_2
 
-#undef inet_addr
+# undef inet_addr
 
 long
 dgux_inet_addr(host)
@@ -2818,12 +3036,12 @@ dgux_inet_addr(host)
 	return haddr.s_addr;
 }
 
-#endif
+#endif /* DGUX_5_4_2 */
 /*
 **  GETOPT -- for old systems or systems with bogus implementations
 */
 
-#ifdef NEEDGETOPT
+#if NEEDGETOPT
 
 /*
  * Copyright (c) 1985 Regents of the University of California.
@@ -2837,29 +3055,27 @@ dgux_inet_addr(host)
 **  to reset if invoked by the program to scan args for a 2nd time
 */
 
-#if defined(LIBC_SCCS) && !defined(lint)
+# if defined(LIBC_SCCS) && !defined(lint)
 static char sccsid[] = "@(#)getopt.c	4.3 (Berkeley) 3/9/86";
-#endif /* LIBC_SCCS and not lint */
-
-#include <stdio.h>
+# endif /* defined(LIBC_SCCS) && !defined(lint) */
 
 /*
  * get option letter from argument vector
  */
-#ifdef _CONVEX_SOURCE
+# ifdef _CONVEX_SOURCE
 extern int	optind, opterr, optopt;
 extern char	*optarg;
-#else
+# else /* _CONVEX_SOURCE */
 int	opterr = 1;		/* if error message should be printed */
 int	optind = 1;		/* index into parent argv vector */
 int	optopt = 0;		/* character checked for validity */
 char	*optarg = NULL;		/* argument associated with option */
-#endif
+# endif /* _CONVEX_SOURCE */
 
-#define BADCH	(int)'?'
-#define EMSG	""
-#define tell(s)	if (opterr) {fputs(*nargv,stderr);fputs(s,stderr); \
-		fputc(optopt,stderr);fputc('\n',stderr);return(BADCH);}
+# define BADCH	(int)'?'
+# define EMSG	""
+# define tell(s)	if (opterr) {fputs(*nargv,stderr);fputs(s,stderr); \
+			fputc(optopt,stderr);fputc('\n',stderr);return(BADCH);}
 
 int
 getopt(nargc,nargv,ostr)
@@ -2900,21 +3116,21 @@ getopt(nargc,nargv,ostr)
 			place = EMSG;
 			tell(": option requires an argument -- ");
 		}
-	 	else optarg = nargv[optind];	/* white space */
+		else optarg = nargv[optind];	/* white space */
 		place = EMSG;
 		++optind;
 	}
 	return(optopt);			/* dump back option letter */
 }
 
-#endif
+#endif /* NEEDGETOPT */
 /*
 **  VFPRINTF, VSPRINTF -- for old 4.3 BSD systems missing a real version
 */
 
-#ifdef NEEDVPRINTF
+#if NEEDVPRINTF
 
-#define MAXARG	16
+# define MAXARG	16
 
 vfprintf(fp, fmt, ap)
 	FILE *fp;
@@ -2948,7 +3164,7 @@ vsprintf(s, fmt, ap)
 			bp[12], bp[13], bp[14], bp[15]);
 }
 
-#endif
+#endif /* NEEDVPRINTF */
 /*
 **  USERSHELLOK -- tell if a user's shell is ok for unrestricted use
 **
@@ -2965,52 +3181,52 @@ vsprintf(s, fmt, ap)
 
 # ifndef _PATH_SHELLS
 #  define _PATH_SHELLS	"/etc/shells"
-# endif
+# endif /* ! _PATH_SHELLS */
 
 # if defined(_AIX3) || defined(_AIX4)
 #  include <userconf.h>
 #  if _AIX4 >= 40200
 #   include <userpw.h>
-#  endif
+#  endif /* _AIX4 >= 40200 */
 #  include <usersec.h>
-# endif
+# endif /* defined(_AIX3) || defined(_AIX4) */
 
-char	*DefaultUserShells[] =
+static char	*DefaultUserShells[] =
 {
 	"/bin/sh",		/* standard shell */
 	"/usr/bin/sh",
 	"/bin/csh",		/* C shell */
 	"/usr/bin/csh",
-#ifdef __hpux
-# ifdef V4FS
+# ifdef __hpux
+#  ifdef V4FS
 	"/usr/bin/rsh",		/* restricted Bourne shell */
 	"/usr/bin/ksh",		/* Korn shell */
 	"/usr/bin/rksh",	/* restricted Korn shell */
 	"/usr/bin/pam",
 	"/usr/bin/keysh",	/* key shell (extended Korn shell) */
 	"/usr/bin/posix/sh",
-# else
+#  else /* V4FS */
 	"/bin/rsh",		/* restricted Bourne shell */
 	"/bin/ksh",		/* Korn shell */
 	"/bin/rksh",		/* restricted Korn shell */
 	"/bin/pam",
 	"/usr/bin/keysh",	/* key shell (extended Korn shell) */
 	"/bin/posix/sh",
-# endif
-#endif
-#if defined(_AIX3) || defined(_AIX4)
+#  endif /* V4FS */
+# endif /* __hpux */
+# if defined(_AIX3) || defined(_AIX4)
 	"/bin/ksh",		/* Korn shell */
 	"/usr/bin/ksh",
 	"/bin/tsh",		/* trusted shell */
 	"/usr/bin/tsh",
 	"/bin/bsh",		/* Bourne shell */
 	"/usr/bin/bsh",
-#endif
-#if defined(__svr4__) || defined(__svr5__)
+# endif /* defined(_AIX3) || defined(_AIX4) */
+# if defined(__svr4__) || defined(__svr5__)
 	"/bin/ksh",		/* Korn shell */
 	"/usr/bin/ksh",
-#endif
-#ifdef sgi
+# endif /* defined(__svr4__) || defined(__svr5__) */
+# ifdef sgi
 	"/sbin/sh",		/* SGI's shells really live in /sbin */
 	"/sbin/csh",
 	"/bin/ksh",		/* Korn shell */
@@ -3018,11 +3234,11 @@ char	*DefaultUserShells[] =
 	"/usr/bin/ksh",
 	"/bin/tcsh",		/* Extended csh */
 	"/usr/bin/tcsh",
-#endif
+# endif /* sgi */
 	NULL
 };
 
-#endif
+#endif /* !HASGETUSERSHELL */
 
 #define WILDCARD_SHELL	"/SENDMAIL/ANY/SHELL/"
 
@@ -3031,7 +3247,7 @@ usershellok(user, shell)
 	char *user;
 	char *shell;
 {
-#if HASGETUSERSHELL
+# if HASGETUSERSHELL
 	register char *p;
 	extern char *getusershell();
 
@@ -3045,10 +3261,10 @@ usershellok(user, shell)
 			break;
 	endusershell();
 	return p != NULL;
-#else
-# if USEGETCONFATTR
+# else /* HASGETUSERSHELL */
+#  if USEGETCONFATTR
 	auto char *v;
-# endif
+#  endif /* USEGETCONFATTR */
 	register FILE *shellf;
 	char buf[MAXLINE];
 
@@ -3056,7 +3272,7 @@ usershellok(user, shell)
 	    ConfigLevel <= 1)
 		return TRUE;
 
-# if USEGETCONFATTR
+#  if USEGETCONFATTR
 	/*
 	**  Naturally IBM has a "better" idea.....
 	**
@@ -3080,14 +3296,14 @@ usershellok(user, shell)
 		}
 		return FALSE;
 	}
-# endif
+#  endif /* USEGETCONFATTR */
 
 	shellf = fopen(_PATH_SHELLS, "r");
 	if (shellf == NULL)
 	{
 		/* no /etc/shells; see if it is one of the std shells */
 		char **d;
-		
+
 		if (errno != ENOENT && LogLevel > 3)
 			sm_syslog(LOG_ERR, NOQID,
 				  "usershellok: cannot open %s: %s",
@@ -3116,13 +3332,13 @@ usershellok(user, shell)
 		*p = '\0';
 		if (strcmp(shell, q) == 0 || strcmp(WILDCARD_SHELL, q) == 0)
 		{
-			fclose(shellf);
+			(void) fclose(shellf);
 			return TRUE;
 		}
 	}
-	fclose(shellf);
+	(void) fclose(shellf);
 	return FALSE;
-#endif
+# endif /* HASGETUSERSHELL */
 }
 /*
 **  FREEDISKSPACE -- see how much free space is on the queue filesystem
@@ -3135,7 +3351,7 @@ usershellok(user, shell)
 **			block size is stored.
 **
 **	Returns:
-**		The number of bytes free on the queue filesystem.
+**		The number of blocks free on the queue filesystem.
 **		-1 if the statfs call fails.
 **
 **	Side effects:
@@ -3153,83 +3369,83 @@ usershellok(user, shell)
 
 #ifndef SFS_TYPE
 # define SFS_TYPE	SFS_NONE
-#endif
+#endif /* ! SFS_TYPE */
 
 #if SFS_TYPE == SFS_USTAT
 # include <ustat.h>
-#endif
+#endif /* SFS_TYPE == SFS_USTAT */
 #if SFS_TYPE == SFS_4ARGS || SFS_TYPE == SFS_STATFS
 # include <sys/statfs.h>
-#endif
+#endif /* SFS_TYPE == SFS_4ARGS || SFS_TYPE == SFS_STATFS */
 #if SFS_TYPE == SFS_VFS
 # include <sys/vfs.h>
-#endif
+#endif /* SFS_TYPE == SFS_VFS */
 #if SFS_TYPE == SFS_MOUNT
 # include <sys/mount.h>
-#endif
+#endif /* SFS_TYPE == SFS_MOUNT */
 #if SFS_TYPE == SFS_STATVFS
 # include <sys/statvfs.h>
-#endif
+#endif /* SFS_TYPE == SFS_STATVFS */
 
 long
 freediskspace(dir, bsize)
 	char *dir;
 	long *bsize;
 {
-#if SFS_TYPE != SFS_NONE
-# if SFS_TYPE == SFS_USTAT
+# if SFS_TYPE != SFS_NONE
+#  if SFS_TYPE == SFS_USTAT
 	struct ustat fs;
 	struct stat statbuf;
-#  define FSBLOCKSIZE	DEV_BSIZE
-#  define SFS_BAVAIL	f_tfree
-# else
-#  if defined(ultrix)
+#   define FSBLOCKSIZE	DEV_BSIZE
+#   define SFS_BAVAIL	f_tfree
+#  else /* SFS_TYPE == SFS_USTAT */
+#   if defined(ultrix)
 	struct fs_data fs;
-#   define SFS_BAVAIL	fd_bfreen
-#   define FSBLOCKSIZE	1024L
-#  else
-#   if SFS_TYPE == SFS_STATVFS
+#    define SFS_BAVAIL	fd_bfreen
+#    define FSBLOCKSIZE	1024L
+#   else /* defined(ultrix) */
+#    if SFS_TYPE == SFS_STATVFS
 	struct statvfs fs;
-#    define FSBLOCKSIZE	fs.f_frsize
-#   else
+#     define FSBLOCKSIZE	fs.f_frsize
+#    else /* SFS_TYPE == SFS_STATVFS */
 	struct statfs fs;
-#    define FSBLOCKSIZE	fs.f_bsize
-#   endif
-#  endif
-# endif
-# ifndef SFS_BAVAIL
-#  define SFS_BAVAIL f_bavail
-# endif
-
-# if SFS_TYPE == SFS_USTAT
+#     define FSBLOCKSIZE	fs.f_bsize
+#    endif /* SFS_TYPE == SFS_STATVFS */
+#   endif /* defined(ultrix) */
+#  endif /* SFS_TYPE == SFS_USTAT */
+#  ifndef SFS_BAVAIL
+#   define SFS_BAVAIL f_bavail
+#  endif /* ! SFS_BAVAIL */
+
+#  if SFS_TYPE == SFS_USTAT
 	if (stat(dir, &statbuf) == 0 && ustat(statbuf.st_dev, &fs) == 0)
-# else
-#  if SFS_TYPE == SFS_4ARGS
+#  else /* SFS_TYPE == SFS_USTAT */
+#   if SFS_TYPE == SFS_4ARGS
 	if (statfs(dir, &fs, sizeof fs, 0) == 0)
-#  else
-#   if SFS_TYPE == SFS_STATVFS
+#   else /* SFS_TYPE == SFS_4ARGS */
+#    if SFS_TYPE == SFS_STATVFS
 	if (statvfs(dir, &fs) == 0)
-#   else
-#    if defined(ultrix)
+#    else /* SFS_TYPE == SFS_STATVFS */
+#     if defined(ultrix)
 	if (statfs(dir, &fs) > 0)
-#    else
+#     else /* defined(ultrix) */
 	if (statfs(dir, &fs) == 0)
-#    endif
-#   endif
-#  endif
-# endif
+#     endif /* defined(ultrix) */
+#    endif /* SFS_TYPE == SFS_STATVFS */
+#   endif /* SFS_TYPE == SFS_4ARGS */
+#  endif /* SFS_TYPE == SFS_USTAT */
 	{
 		if (bsize != NULL)
 			*bsize = FSBLOCKSIZE;
 		if (fs.SFS_BAVAIL <= 0)
 			return 0;
 		else if (fs.SFS_BAVAIL > LONG_MAX)
-			return LONG_MAX;
+			return (long) LONG_MAX;
 		else
 			return (long) fs.SFS_BAVAIL;
 	}
-#endif
-	return (-1);
+# endif /* SFS_TYPE != SFS_NONE */
+	return -1;
 }
 /*
 **  ENOUGHDISKSPACE -- is there enough free space on the queue fs?
@@ -3240,6 +3456,7 @@ freediskspace(dir, bsize)
 **		msize -- the size to check against.  If zero, we don't yet
 **		know how big the message will be, so just check for
 **		a "reasonable" amount.
+**		log -- log message?
 **
 **	Returns:
 **		TRUE if there is enough space.
@@ -3247,22 +3464,25 @@ freediskspace(dir, bsize)
 */
 
 bool
-enoughdiskspace(msize)
+enoughdiskspace(msize, log)
 	long msize;
+	bool log;
 {
-	long bfree, bsize;
+	long bfree;
+	long bsize;
 
 	if (MinBlocksFree <= 0 && msize <= 0)
 	{
 		if (tTd(4, 80))
-			printf("enoughdiskspace: no threshold\n");
+			dprintf("enoughdiskspace: no threshold\n");
 		return TRUE;
 	}
 
-	if ((bfree = freediskspace(QueueDir, &bsize)) >= 0)
+	bfree = freediskspace(QueueDir, &bsize);
+	if (bfree >= 0)
 	{
 		if (tTd(4, 80))
-			printf("enoughdiskspace: bavail=%ld, need=%ld\n",
+			dprintf("enoughdiskspace: bavail=%ld, need=%ld\n",
 				bfree, msize);
 
 		/* convert msize to block count */
@@ -3272,7 +3492,7 @@ enoughdiskspace(msize)
 
 		if (bfree < msize)
 		{
-			if (LogLevel > 0)
+			if (log && LogLevel > 0)
 				sm_syslog(LOG_ALERT, CurEnv->e_id,
 					"low on space (have %ld, %s needs %ld in %s)",
 					bfree,
@@ -3282,7 +3502,7 @@ enoughdiskspace(msize)
 		}
 	}
 	else if (tTd(4, 80))
-		printf("enoughdiskspace failure: min=%ld, need=%ld: %s\n",
+		dprintf("enoughdiskspace failure: min=%ld, need=%ld: %s\n",
 			MinBlocksFree, msize, errstring(errno));
 	return TRUE;
 }
@@ -3316,73 +3536,76 @@ transienterror(err)
 	  case ENOSPC:			/* No space left on device */
 #ifdef ETIMEDOUT
 	  case ETIMEDOUT:		/* Connection timed out */
-#endif
+#endif /* ETIMEDOUT */
 #ifdef ESTALE
 	  case ESTALE:			/* Stale NFS file handle */
-#endif
+#endif /* ESTALE */
 #ifdef ENETDOWN
 	  case ENETDOWN:		/* Network is down */
-#endif
+#endif /* ENETDOWN */
 #ifdef ENETUNREACH
 	  case ENETUNREACH:		/* Network is unreachable */
-#endif
+#endif /* ENETUNREACH */
 #ifdef ENETRESET
 	  case ENETRESET:		/* Network dropped connection on reset */
-#endif
+#endif /* ENETRESET */
 #ifdef ECONNABORTED
 	  case ECONNABORTED:		/* Software caused connection abort */
-#endif
+#endif /* ECONNABORTED */
 #ifdef ECONNRESET
 	  case ECONNRESET:		/* Connection reset by peer */
-#endif
+#endif /* ECONNRESET */
 #ifdef ENOBUFS
 	  case ENOBUFS:			/* No buffer space available */
-#endif
+#endif /* ENOBUFS */
 #ifdef ESHUTDOWN
 	  case ESHUTDOWN:		/* Can't send after socket shutdown */
-#endif
+#endif /* ESHUTDOWN */
 #ifdef ECONNREFUSED
 	  case ECONNREFUSED:		/* Connection refused */
-#endif
+#endif /* ECONNREFUSED */
 #ifdef EHOSTDOWN
 	  case EHOSTDOWN:		/* Host is down */
-#endif
+#endif /* EHOSTDOWN */
 #ifdef EHOSTUNREACH
 	  case EHOSTUNREACH:		/* No route to host */
-#endif
+#endif /* EHOSTUNREACH */
 #ifdef EDQUOT
 	  case EDQUOT:			/* Disc quota exceeded */
-#endif
+#endif /* EDQUOT */
 #ifdef EPROCLIM
 	  case EPROCLIM:		/* Too many processes */
-#endif
+#endif /* EPROCLIM */
 #ifdef EUSERS
 	  case EUSERS:			/* Too many users */
-#endif
+#endif /* EUSERS */
 #ifdef EDEADLK
 	  case EDEADLK:			/* Resource deadlock avoided */
-#endif
+#endif /* EDEADLK */
 #ifdef EISCONN
 	  case EISCONN:			/* Socket already connected */
-#endif
+#endif /* EISCONN */
 #ifdef EINPROGRESS
 	  case EINPROGRESS:		/* Operation now in progress */
-#endif
+#endif /* EINPROGRESS */
 #ifdef EALREADY
 	  case EALREADY:		/* Operation already in progress */
-#endif
+#endif /* EALREADY */
 #ifdef EADDRINUSE
 	  case EADDRINUSE:		/* Address already in use */
-#endif
+#endif /* EADDRINUSE */
 #ifdef EADDRNOTAVAIL
 	  case EADDRNOTAVAIL:		/* Can't assign requested address */
-#endif
+#endif /* EADDRNOTAVAIL */
 #ifdef ETXTBSY
 	  case ETXTBSY:			/* (Apollo) file locked */
-#endif
+#endif /* ETXTBSY */
 #if defined(ENOSR) && (!defined(ENOBUFS) || (ENOBUFS != ENOSR))
 	  case ENOSR:			/* Out of streams resources */
-#endif
+#endif /* defined(ENOSR) && (!defined(ENOBUFS) || (ENOBUFS != ENOSR)) */
+#ifdef ENOLCK
+	  case ENOLCK:			/* No locks available */
+#endif /* ENOLCK */
 	  case E_SM_OPENTIMEOUT:	/* PSEUDO: open timed out */
 		return TRUE;
 	}
@@ -3422,7 +3645,7 @@ lockfile(fd, filename, ext, type)
 	if (ext == NULL)
 		ext = "";
 
-	bzero(&lfd, sizeof lfd);
+	memset(&lfd, '\0', sizeof lfd);
 	if (bitset(LOCK_UN, type))
 		lfd.l_type = F_UNLCK;
 	else if (bitset(LOCK_EX, type))
@@ -3436,7 +3659,7 @@ lockfile(fd, filename, ext, type)
 		action = F_SETLKW;
 
 	if (tTd(55, 60))
-		printf("lockfile(%s%s, action=%d, type=%d): ",
+		dprintf("lockfile(%s%s, action=%d, type=%d): ",
 			filename, ext, action, lfd.l_type);
 
 	while ((i = fcntl(fd, action, &lfd)) < 0 && errno == EINTR)
@@ -3444,13 +3667,13 @@ lockfile(fd, filename, ext, type)
 	if (i >= 0)
 	{
 		if (tTd(55, 60))
-			printf("SUCCESS\n");
+			dprintf("SUCCESS\n");
 		return TRUE;
 	}
 	save_errno = errno;
 
 	if (tTd(55, 60))
-		printf("(%s) ", errstring(save_errno));
+		dprintf("(%s) ", errstring(save_errno));
 
 	/*
 	**  On SunOS, if you are testing using -oQ/tmp/mqueue or
@@ -3464,40 +3687,41 @@ lockfile(fd, filename, ext, type)
 	if (save_errno == EINVAL)
 	{
 		if (tTd(55, 60))
-			printf("SUCCESS\n");
+			dprintf("SUCCESS\n");
 		return TRUE;
 	}
 
-	if (!bitset(LOCK_NB, type) || (save_errno != EACCES && save_errno != EAGAIN))
+	if (!bitset(LOCK_NB, type) ||
+	    (save_errno != EACCES && save_errno != EAGAIN))
 	{
 		int omode = -1;
 #  ifdef F_GETFL
 		(void) fcntl(fd, F_GETFL, &omode);
 		errno = save_errno;
-#  endif
+#  endif /* F_GETFL */
 		syserr("cannot lockf(%s%s, fd=%d, type=%o, omode=%o, euid=%d)",
 			filename, ext, fd, type, omode, geteuid());
 		dumpfd(fd, TRUE, TRUE);
 	}
-# else
+# else /* !HASFLOCK */
 	if (ext == NULL)
 		ext = "";
 
 	if (tTd(55, 60))
-		printf("lockfile(%s%s, type=%o): ", filename, ext, type);
+		dprintf("lockfile(%s%s, type=%o): ", filename, ext, type);
 
 	while ((i = flock(fd, type)) < 0 && errno == EINTR)
 		continue;
 	if (i >= 0)
 	{
 		if (tTd(55, 60))
-			printf("SUCCESS\n");
+			dprintf("SUCCESS\n");
 		return TRUE;
 	}
 	save_errno = errno;
 
 	if (tTd(55, 60))
-		printf("(%s) ", errstring(save_errno));
+		dprintf("(%s) ", errstring(save_errno));
 
 	if (!bitset(LOCK_NB, type) || save_errno != EWOULDBLOCK)
 	{
@@ -3505,14 +3729,14 @@ lockfile(fd, filename, ext, type)
 #  ifdef F_GETFL
 		(void) fcntl(fd, F_GETFL, &omode);
 		errno = save_errno;
-#  endif
+#  endif /* F_GETFL */
 		syserr("cannot flock(%s%s, fd=%d, type=%o, omode=%o, euid=%d)",
 			filename, ext, fd, type, omode, geteuid());
 		dumpfd(fd, TRUE, TRUE);
 	}
-# endif
+# endif /* !HASFLOCK */
 	if (tTd(55, 60))
-		printf("FAIL\n");
+		dprintf("FAIL\n");
 	errno = save_errno;
 	return FALSE;
 }
@@ -3571,19 +3795,19 @@ lockfile(fd, filename, ext, type)
 
 #ifndef IS_SAFE_CHOWN
 # define IS_SAFE_CHOWN	> 0
-#endif
+#endif /* ! IS_SAFE_CHOWN */
 
 bool
 chownsafe(fd, safedir)
 	int fd;
 	bool safedir;
 {
-#if (!defined(_POSIX_CHOWN_RESTRICTED) || _POSIX_CHOWN_RESTRICTED != -1) && \
+# if (!defined(_POSIX_CHOWN_RESTRICTED) || _POSIX_CHOWN_RESTRICTED != -1) && \
     (defined(_PC_CHOWN_RESTRICTED) || defined(_GNU_TYPES_H))
 	int rval;
 
 	/* give the system administrator a chance to override */
-	if (bitset(DBS_ASSUMESAFECHOWN, DontBlameSendmail))
+	if (bitnset(DBS_ASSUMESAFECHOWN, DontBlameSendmail))
 		return TRUE;
 
 	/*
@@ -3594,14 +3818,14 @@ chownsafe(fd, safedir)
 
 	errno = 0;
 	rval = fpathconf(fd, _PC_CHOWN_RESTRICTED);
-# if SAFENFSPATHCONF
+#  if SAFENFSPATHCONF
 	return errno == 0 && rval IS_SAFE_CHOWN;
-# else
+#  else /* SAFENFSPATHCONF */
 	return safedir && errno == 0 && rval IS_SAFE_CHOWN;
-# endif
-#else
-	return bitset(DBS_ASSUMESAFECHOWN, DontBlameSendmail);
-#endif
+#  endif /* SAFENFSPATHCONF */
+# else /* (!defined(_POSIX_CHOWN_RESTRICTED) || _POSIX_CHOWN_RESTRICTED != -1) && \ */
+	return bitnset(DBS_ASSUMESAFECHOWN, DontBlameSendmail);
+# endif /* (!defined(_POSIX_CHOWN_RESTRICTED) || _POSIX_CHOWN_RESTRICTED != -1) && \ */
 }
 /*
 **  RESETLIMITS -- reset system controlled resource limits
@@ -3618,12 +3842,12 @@ chownsafe(fd, safedir)
 #if HASSETRLIMIT
 # ifdef RLIMIT_NEEDS_SYS_TIME_H
 #  include <sys/time.h>
-# endif
+# endif /* RLIMIT_NEEDS_SYS_TIME_H */
 # include <sys/resource.h>
-#endif
+#endif /* HASSETRLIMIT */
 #ifndef FD_SETSIZE
 # define FD_SETSIZE	256
-#endif
+#endif /* ! FD_SETSIZE */
 
 void
 resetlimits()
@@ -3637,13 +3861,13 @@ resetlimits()
 # ifdef RLIMIT_NOFILE
 	lim.rlim_cur = lim.rlim_max = FD_SETSIZE;
 	(void) setrlimit(RLIMIT_NOFILE, &lim);
-# endif
-#else
+# endif /* RLIMIT_NOFILE */
+#else /* HASSETRLIMIT */
 # if HASULIMIT
 	(void) ulimit(2, 0x3fffff);
 	(void) ulimit(4, FD_SETSIZE);
-# endif
-#endif
+# endif /* HASULIMIT */
+#endif /* HASSETRLIMIT */
 	errno = 0;
 }
 /*
@@ -3660,7 +3884,6 @@ getcfname()
 		return ConfFile;
 #if NETINFO
 	{
-		extern char *ni_propval __P((char *, char *, char *, char *, int));
 		char *cflocation;
 
 		cflocation = ni_propval("/locations", NULL, "sendmail",
@@ -3668,7 +3891,7 @@ getcfname()
 		if (cflocation != NULL)
 			return cflocation;
 	}
-#endif
+#endif /* NETINFO */
 
 	return _PATH_SENDMAILCF;
 }
@@ -3707,7 +3930,7 @@ setvendor(vendor)
 		VendorCode = VENDOR_SUN;
 		return TRUE;
 	}
-#endif
+#endif /* SUN_EXTENSIONS */
 
 #if defined(VENDOR_NAME) && defined(VENDOR_CODE)
 	if (strcasecmp(vendor, VENDOR_NAME) == 0)
@@ -3715,7 +3938,7 @@ setvendor(vendor)
 		VendorCode = VENDOR_CODE;
 		return TRUE;
 	}
-#endif
+#endif /* defined(VENDOR_NAME) && defined(VENDOR_CODE) */
 
 	return FALSE;
 }
@@ -3735,20 +3958,20 @@ getvendor(vendorcode)
 {
 #if defined(VENDOR_NAME) && defined(VENDOR_CODE)
 	/*
-	**  Can't have the same switch case twice so need to 
+	**  Can't have the same switch case twice so need to
 	**  handle VENDOR_CODE outside of switch.  It might
 	**  match one of the existing VENDOR_* codes.
 	*/
 
 	if (vendorcode == VENDOR_CODE)
 		return VENDOR_NAME;
-#endif
+#endif /* defined(VENDOR_NAME) && defined(VENDOR_CODE) */
 
 	switch (vendorcode)
 	{
 		case VENDOR_BERKELEY:
 			return "Berkeley";
-		
+
 		case VENDOR_SUN:
 			return "Sun";
 
@@ -3780,7 +4003,7 @@ getvendor(vendorcode)
 
 #if SHARE_V1
 int	DefShareUid;	/* default share uid to run as -- unused??? */
-#endif
+#endif /* SHARE_V1 */
 
 void
 vendor_pre_defaults(e)
@@ -3789,15 +4012,19 @@ vendor_pre_defaults(e)
 #if SHARE_V1
 	/* OTHERUID is defined in shares.h, do not be alarmed */
 	DefShareUid = OTHERUID;
-#endif
+#endif /* SHARE_V1 */
 #if defined(SUN_EXTENSIONS) && defined(SUN_DEFAULT_VALUES)
 	sun_pre_defaults(e);
-#endif
+#endif /* defined(SUN_EXTENSIONS) && defined(SUN_DEFAULT_VALUES) */
 #ifdef apollo
-	/* stupid domain/os can't even open /etc/sendmail.cf without this */
+	/*
+	**  stupid domain/os can't even open
+	**  /etc/mail/sendmail.cf without this
+	*/
+
 	setuserenv("ISP", NULL);
 	setuserenv("SYSTYPE", NULL);
-#endif
+#endif /* apollo */
 }
 
 
@@ -3807,14 +4034,14 @@ vendor_post_defaults(e)
 {
 #ifdef __QNX__
 	char *p;
-	
+
 	/* Makes sure the SOCK environment variable remains */
 	if (p = getextenv("SOCK"))
 		setuserenv("SOCK", p);
-#endif
+#endif /* __QNX__ */
 #if defined(SUN_EXTENSIONS) && defined(SUN_DEFAULT_VALUES)
 	sun_post_defaults(e);
-#endif
+#endif /* defined(SUN_EXTENSIONS) && defined(SUN_DEFAULT_VALUES) */
 }
 /*
 **  VENDOR_DAEMON_SETUP -- special vendor setup needed for daemon mode
@@ -3824,6 +4051,9 @@ void
 vendor_daemon_setup(e)
 	ENVELOPE *e;
 {
+#if HASSETLOGIN
+	(void) setlogin(RunAsUserName);
+#endif /* HASSETLOGIN */
 #if SECUREWARE
 	if (getluid() != -1)
 	{
@@ -3848,18 +4078,18 @@ void
 vendor_set_uid(uid)
 	UID_T uid;
 {
-	/* 
+	/*
 	**  We need to setup the share groups (lnodes)
-	**  and and auditing inforation (luid's)
+	**  and add auditing information (luid's)
 	**  before we loose our ``root''ness.
 	*/
 #if SHARE_V1
 	if (setupshares(uid, syserr) != 0)
 		syserr("Unable to set up shares");
-#endif
+#endif /* SHARE_V1 */
 #if SECUREWARE
 	(void) setup_secure(uid);
-#endif
+#endif /* SECUREWARE */
 }
 /*
 **  VALIDATE_CONNECTION -- check connection for rationality
@@ -3883,7 +4113,7 @@ vendor_set_uid(uid)
 /* tcpwrappers does no logging, but you still have to declare these -- ugh */
 int	allow_severity	= LOG_INFO;
 int	deny_severity	= LOG_NOTICE;
-#endif
+#endif /* TCPWRAPPERS */
 
 #if DAEMON
 char *
@@ -3892,38 +4122,32 @@ validate_connection(sap, hostname, e)
 	char *hostname;
 	ENVELOPE *e;
 {
-#if TCPWRAPPERS
+# if TCPWRAPPERS
 	char *host;
-#endif
+# endif /* TCPWRAPPERS */
 
 	if (tTd(48, 3))
-		printf("validate_connection(%s, %s)\n",
+		dprintf("validate_connection(%s, %s)\n",
 			hostname, anynet_ntoa(sap));
 
-	if (rscheck("check_relay", hostname, anynet_ntoa(sap), e) != EX_OK)
+	if (rscheck("check_relay", hostname, anynet_ntoa(sap),
+		    e, TRUE, TRUE, 4) != EX_OK)
 	{
 		static char reject[BUFSIZ*2];
 		extern char MsgBuf[];
 
 		if (tTd(48, 4))
-			printf("  ... validate_connection: BAD (rscheck)\n");
+			dprintf("  ... validate_connection: BAD (rscheck)\n");
 
-		if (strlen(MsgBuf) > 5)
-		{
-			if (isascii(MsgBuf[0]) && isdigit(MsgBuf[0]) &&
-			    isascii(MsgBuf[1]) && isdigit(MsgBuf[1]) &&
-			    isascii(MsgBuf[2]) && isdigit(MsgBuf[2]))
-				strcpy(reject, &MsgBuf[4]);
-			else
-				strcpy(reject, MsgBuf);
-		}
+		if (strlen(MsgBuf) >= 3)
+			(void) strlcpy(reject, MsgBuf, sizeof reject);
 		else
-			strcpy(reject, "Access denied");
+			(void) strlcpy(reject, "Access denied", sizeof reject);
 
 		return reject;
 	}
 
-#if TCPWRAPPERS
+# if TCPWRAPPERS
 	if (hostname[0] == '[' && hostname[strlen(hostname) - 1] == ']')
 		host = "unknown";
 	else
@@ -3931,20 +4155,20 @@ validate_connection(sap, hostname, e)
 	if (!hosts_ctl("sendmail", host, anynet_ntoa(sap), STRING_UNKNOWN))
 	{
 		if (tTd(48, 4))
-			printf("  ... validate_connection: BAD (tcpwrappers)\n");
+			dprintf("  ... validate_connection: BAD (tcpwrappers)\n");
 		if (LogLevel >= 4)
-			sm_syslog(LOG_NOTICE, NOQID,
+			sm_syslog(LOG_NOTICE, e->e_id,
 				"tcpwrappers (%s, %s) rejection",
 				host, anynet_ntoa(sap));
 		return "Access denied";
 	}
-#endif
+# endif /* TCPWRAPPERS */
 	if (tTd(48, 4))
-		printf("  ... validate_connection: OK\n");
+		dprintf("  ... validate_connection: OK\n");
 	return NULL;
 }
 
-#endif
+#endif /* DAEMON */
 /*
 **  STRTOL -- convert string to long integer
 **
@@ -3953,11 +4177,11 @@ validate_connection(sap, hostname, e)
 **	This is taken verbatim from the 4.4-Lite C library.
 */
 
-#ifdef NEEDSTRTOL
+#if NEEDSTRTOL
 
-#if defined(LIBC_SCCS) && !defined(lint)
+# if defined(LIBC_SCCS) && !defined(lint)
 static char sccsid[] = "@(#)strtol.c	8.1 (Berkeley) 6/4/93";
-#endif /* LIBC_SCCS and not lint */
+# endif /* defined(LIBC_SCCS) && !defined(lint) */
 
 /*
  * Convert a string to a long integer.
@@ -4044,10 +4268,10 @@ strtol(nptr, endptr, base)
 		acc = -acc;
 	if (endptr != 0)
 		*endptr = (char *)(any ? s - 1 : nptr);
-	return (acc);
+	return acc;
 }
 
-#endif
+#endif /* NEEDSTRTOL */
 /*
 **  STRSTR -- find first substring in string
 **
@@ -4061,7 +4285,7 @@ strtol(nptr, endptr, base)
 **		NULL if little is not contained in big.
 */
 
-#ifdef NEEDSTRSTR
+#if NEEDSTRSTR
 
 char *
 strstr(big, little)
@@ -4084,7 +4308,7 @@ strstr(big, little)
 	return NULL;
 }
 
-#endif
+#endif /* NEEDSTRSTR */
 /*
 **  SM_GETHOSTBY{NAME,ADDR} -- compatibility routines for gethostbyXXX
 **
@@ -4092,13 +4316,71 @@ strstr(big, little)
 **	routines.  For example, Solaris versions at least through 2.3
 **	don't properly deliver a canonical h_name field.  This tries to
 **	work around these problems.
+**
+**	Support IPv6 as well as IPv4.
 */
 
-struct hostent *
-sm_gethostbyname(name)
+#if NETINET6 && NEEDSGETIPNODE && __RES < 19990909
+
+# ifndef AI_DEFAULT
+#  define AI_DEFAULT	0	/* dummy */
+# endif /* ! AI_DEFAULT */
+# ifndef AI_ADDRCONFIG
+#  define AI_ADDRCONFIG	0	/* dummy */
+# endif /* ! AI_ADDRCONFIG */
+# ifndef AI_V4MAPPED
+#  define AI_V4MAPPED	0	/* dummy */
+# endif /* ! AI_V4MAPPED */
+# ifndef AI_ALL
+#  define AI_ALL	0	/* dummy */
+# endif /* ! AI_ALL */
+
+static struct hostent *
+getipnodebyname(name, family, flags, err)
 	char *name;
+	int family;
+	int flags;
+	int *err;
 {
+	bool resv6 = TRUE;
 	struct hostent *h;
+
+	if (family == AF_INET6)
+	{
+		/* From RFC2133, section 6.1 */
+		resv6 = bitset(RES_USE_INET6, _res.options);
+		_res.options |= RES_USE_INET6;
+	}
+	h_errno = 0;
+	h = gethostbyname(name);
+	*err = h_errno;
+	if (family == AF_INET6 && !resv6)
+		_res.options &= ~RES_USE_INET6;
+	return h;
+}
+
+static struct hostent *
+getipnodebyaddr(addr, len, family, err)
+	char *addr;
+	int len;
+	int family;
+	int *err;
+{
+	struct hostent *h;
+
+	h_errno = 0;
+	h = gethostbyaddr(addr, len, family);
+	*err = h_errno;
+	return h;
+}
+#endif /* NEEDSGETIPNODE && NETINET6 && __RES < 19990909 */
+
+struct hostent *
+sm_gethostbyname(name, family)
+	char *name;
+	int family;
+{
+	struct hostent *h = NULL;
 #if (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4))
 # if SOLARIS == 20300 || SOLARIS == 203
 	static struct hostent hp;
@@ -4106,28 +4388,44 @@ sm_gethostbyname(name)
 	extern struct hostent *_switch_gethostbyname_r();
 
 	if (tTd(61, 10))
-		printf("_switch_gethostbyname_r(%s)... ", name);
+		dprintf("_switch_gethostbyname_r(%s)... ", name);
 	h = _switch_gethostbyname_r(name, &hp, buf, sizeof(buf), &h_errno);
-# else
+# else /* SOLARIS == 20300 || SOLARIS == 203 */
 	extern struct hostent *__switch_gethostbyname();
 
 	if (tTd(61, 10))
-		printf("__switch_gethostbyname(%s)... ", name);
+		dprintf("__switch_gethostbyname(%s)... ", name);
 	h = __switch_gethostbyname(name);
-# endif
-#else
+# endif /* SOLARIS == 20300 || SOLARIS == 203 */
+#else /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4)) */
 	int nmaps;
+# if NETINET6
+	int flags = AI_DEFAULT|AI_ALL;
+	int err;
+# endif /* NETINET6 */
+	int save_errno;
 	char *maptype[MAXMAPSTACK];
 	short mapreturn[MAXMAPACTIONS];
 	char hbuf[MAXNAME];
 
 	if (tTd(61, 10))
-		printf("gethostbyname(%s)... ", name);
+		dprintf("sm_gethostbyname(%s, %d)... ", name, family);
+
+# if NETINET6
+#  if ADDRCONFIG_IS_BROKEN
+	flags &= ~AI_ADDRCONFIG;
+#  endif /* ADDRCONFIG_IS_BROKEN */
+	h = getipnodebyname(name, family, flags, &err);
+	h_errno = err;
+# else /* NETINET6 */
 	h = gethostbyname(name);
+# endif /* NETINET6 */
+
+	save_errno = errno;
 	if (h == NULL)
 	{
 		if (tTd(61, 10))
-			printf("failure\n");
+			dprintf("failure\n");
 
 		nmaps = switch_map_find("hosts", maptype, mapreturn);
 		while (--nmaps >= 0)
@@ -4138,27 +4436,77 @@ sm_gethostbyname(name)
 		{
 			/* try short name */
 			if (strlen(name) > (SIZE_T) sizeof hbuf - 1)
+			{
+				errno = save_errno;
 				return NULL;
-			strcpy(hbuf, name);
+			}
+			(void) strlcpy(hbuf, name, sizeof hbuf);
 			shorten_hostname(hbuf);
 
 			/* if it hasn't been shortened, there's no point */
 			if (strcmp(hbuf, name) != 0)
 			{
 				if (tTd(61, 10))
-					printf("gethostbyname(%s)... ", hbuf);
+					dprintf("sm_gethostbyname(%s, %d)... ",
+					       hbuf, family);
+
+# if NETINET6
+				h = getipnodebyname(hbuf, family,
+						    AI_V4MAPPED|AI_ALL,
+						    &err);
+				h_errno = err;
+				save_errno = errno;
+# else /* NETINET6 */
 				h = gethostbyname(hbuf);
+				save_errno = errno;
+# endif /* NETINET6 */
 			}
 		}
 	}
-#endif
+#endif /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4)) */
 	if (tTd(61, 10))
 	{
 		if (h == NULL)
-			printf("failure\n");
+			dprintf("failure\n");
 		else
-			printf("%s\n", h->h_name);
+		{
+			dprintf("%s\n", h->h_name);
+			if (tTd(61, 11))
+			{
+#if NETINET6
+				struct in6_addr ia6;
+				char buf6[INET6_ADDRSTRLEN];
+#else /* NETINET6 */
+				struct in_addr ia;
+#endif /* NETINET6 */
+				int i;
+
+				if (h->h_aliases != NULL)
+					for (i = 0; h->h_aliases[i] != NULL;
+					     i++)
+						dprintf("\talias: %s\n",
+							h->h_aliases[i]);
+				for (i = 0; h->h_addr_list[i] != NULL; i++)
+				{
+					char *addr;
+
+#if NETINET6
+					memmove(&ia6, h->h_addr_list[i],
+						IN6ADDRSZ);
+					addr = anynet_ntop(&ia6,
+							   buf6, sizeof buf6);
+#else /* NETINET6 */
+					memmove(&ia, h->h_addr_list[i],
+						INADDRSZ);
+					addr = (char *) inet_ntoa(ia);
+#endif /* NETINET6 */
+					if (addr != NULL)
+						dprintf("\taddr: %s\n", addr);
+				}
+			}
+		}
 	}
+	errno = save_errno;
 	return h;
 }
 
@@ -4168,50 +4516,62 @@ sm_gethostbyaddr(addr, len, type)
 	int len;
 	int type;
 {
+	struct hostent *hp;
 #if (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204)
 # if SOLARIS == 20300 || SOLARIS == 203
-	static struct hostent hp;
+	static struct hostent he;
 	static char buf[1000];
 	extern struct hostent *_switch_gethostbyaddr_r();
 
-	return _switch_gethostbyaddr_r(addr, len, type, &hp, buf, sizeof(buf), &h_errno);
-# else
+	hp = _switch_gethostbyaddr_r(addr, len, type, &he, buf, sizeof(buf), &h_errno);
+# else /* SOLARIS == 20300 || SOLARIS == 203 */
 	extern struct hostent *__switch_gethostbyaddr();
 
-	return __switch_gethostbyaddr(addr, len, type);
-# endif
-#else
-	return gethostbyaddr(addr, len, type);
-#endif
+	hp = __switch_gethostbyaddr(addr, len, type);
+# endif /* SOLARIS == 20300 || SOLARIS == 203 */
+#else /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) */
+# if NETINET6
+	int err;
+# endif /* NETINET6 */
+
+# if NETINET6
+	hp = getipnodebyaddr(addr, len, type, &err);
+	h_errno = err;
+# else /* NETINET6 */
+	hp = gethostbyaddr(addr, len, type);
+# endif /* NETINET6 */
+	return hp;
+#endif /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) */
 }
 /*
 **  SM_GETPW{NAM,UID} -- wrapper for getpwnam and getpwuid
 */
 
+
 struct passwd *
 sm_getpwnam(user)
 	char *user;
 {
-#ifdef _AIX4
+# ifdef _AIX4
 	extern struct passwd *_getpwnam_shadow(const char *, const int);
 
 	return _getpwnam_shadow(user, 0);
-#else
+# else /* _AIX4 */
 	return getpwnam(user);
-#endif
+# endif /* _AIX4 */
 }
 
 struct passwd *
 sm_getpwuid(uid)
 	UID_T uid;
 {
-#if defined(_AIX4) && 0
+# if defined(_AIX4) && 0
 	extern struct passwd *_getpwuid_shadow(const int, const int);
 
 	return _getpwuid_shadow(uid,0);
-#else
+# else /* defined(_AIX4) && 0 */
 	return getpwuid(uid);
-#endif
+# endif /* defined(_AIX4) && 0 */
 }
 /*
 **  SECUREWARE_SETUP_SECURE -- Convex SecureWare setup
@@ -4242,7 +4602,7 @@ secureware_setup_secure(uid)
 
 	if (getluid() != -1)
 		return;
-	
+
 	if ((rc = set_secure_info(uid)) != SSI_GOOD_RETURN)
 	{
 		switch (rc)
@@ -4267,7 +4627,7 @@ secureware_setup_secure(uid)
 			syserr("Could not set kernel privs, uid = %d", uid);
 
 		  default:
-			syserr("Unknown return code (%d) from set_secure_info(%d)", 
+			syserr("Unknown return code (%d) from set_secure_info(%d)",
 				rc, uid);
 			break;
 		}
@@ -4276,7 +4636,7 @@ secureware_setup_secure(uid)
 }
 #endif /* SECUREWARE */
 /*
-**  ADD_LOCAL_HOST_NAMES -- Add a hostname to class 'w' based on IP address
+**  ADD_HOSTNAMES -- Add a hostname to class 'w' based on IP address
 **
 **	Add hostnames to class 'w' based on the IP address read from
 **	the network interface.
@@ -4288,28 +4648,37 @@ secureware_setup_secure(uid)
 **		0 if successful, -1 if host lookup fails.
 */
 
-int
+static int
 add_hostnames(sa)
 	SOCKADDR *sa;
 {
 	struct hostent *hp;
+	char **ha;
+	char hnb[MAXHOSTNAMELEN];
 
 	/* lookup name with IP address */
 	switch (sa->sa.sa_family)
 	{
+#if NETINET
 		case AF_INET:
 			hp = sm_gethostbyaddr((char *) &sa->sin.sin_addr,
 				sizeof(sa->sin.sin_addr), sa->sa.sa_family);
 			break;
+#endif /* NETINET */
+
+#if NETINET6
+		case AF_INET6:
+			hp = sm_gethostbyaddr((char *) &sa->sin6.sin6_addr,
+				sizeof(sa->sin6.sin6_addr), sa->sa.sa_family);
+			break;
+#endif /* NETINET6 */
 
 		default:
-#if _FFR_LOG_UNSUPPORTED_FAMILIES
-			/* XXX: Give warning about unsupported family */
+			/* Give warning about unsupported family */
 			if (LogLevel > 3)
 				sm_syslog(LOG_WARNING, NOQID,
 					  "Unsupported address family %d: %.100s",
 					  sa->sa.sa_family, anynet_ntoa(sa));
-#endif
 			return -1;
 	}
 
@@ -4317,15 +4686,20 @@ add_hostnames(sa)
 	{
 		int save_errno = errno;
 
-		if (LogLevel > 3)
+		if (LogLevel > 3 &&
+#if NETINET6
+		    !(sa->sa.sa_family == AF_INET6 &&
+		      IN6_IS_ADDR_LINKLOCAL(&sa->sin6.sin6_addr)) &&
+#endif /* NETINET6 */
+		    TRUE)
 			sm_syslog(LOG_WARNING, NOQID,
 				"gethostbyaddr(%.100s) failed: %d\n",
 				anynet_ntoa(sa),
 #if NAMED_BIND
 				h_errno
-#else
+#else /* NAMED_BIND */
 				-1
-#endif
+#endif /* NAMED_BIND */
 				);
 		errno = save_errno;
 		return -1;
@@ -4336,19 +4710,37 @@ add_hostnames(sa)
 	{
 		setclass('w', (char *) hp->h_name);
 		if (tTd(0, 4))
-			printf("\ta.k.a.: %s\n", hp->h_name);
+			dprintf("\ta.k.a.: %s\n", hp->h_name);
+
+		if (snprintf(hnb, sizeof hnb, "[%s]", hp->h_name) < sizeof hnb
+		    && !wordinclass((char *) hnb, 'w'))
+			setclass('w', hnb);
+	}
+	else
+	{
+		if (tTd(0, 43))
+			dprintf("\ta.k.a.: %s (already in $=w)\n", hp->h_name);
 	}
 
 	/* save all it aliases name */
-	while (*hp->h_aliases)
+	for (ha = hp->h_aliases; ha != NULL && *ha != NULL; ha++)
 	{
-		if (!wordinclass(*hp->h_aliases, 'w'))
+		if (!wordinclass(*ha, 'w'))
 		{
-			setclass('w', *hp->h_aliases);
+			setclass('w', *ha);
 			if (tTd(0, 4))
-				printf("\ta.k.a.: %s\n", *hp->h_aliases);
+				dprintf("\ta.k.a.: %s\n", *ha);
+			if (snprintf(hnb, sizeof hnb,
+				     "[%s]", *ha) < sizeof hnb &&
+			    !wordinclass((char *) hnb, 'w'))
+				setclass('w', hnb);
+		}
+		else
+		{
+			if (tTd(0, 43))
+				dprintf("\ta.k.a.: %s (already in $=w)\n",
+					*ha);
 		}
-		hp->h_aliases++;
 	}
 	return 0;
 }
@@ -4365,23 +4757,206 @@ add_hostnames(sa)
 **		Loads $=w with the names of all the interfaces.
 */
 
+#if !NETINET
+# define SIOCGIFCONF_IS_BROKEN	1 /* XXX */
+#endif /* !NETINET */
+
 #if defined(SIOCGIFCONF) && !SIOCGIFCONF_IS_BROKEN
 struct rtentry;
 struct mbuf;
-# include <arpa/inet.h>
 # ifndef SUNOS403
 #  include <sys/time.h>
-# endif
-# if _AIX4 >= 40300
+# endif /* ! SUNOS403 */
+# if (_AIX4 >= 40300) && !defined(_NET_IF_H)
 #  undef __P
-# endif
+# endif /* (_AIX4 >= 40300) && !defined(_NET_IF_H) */
 # include <net/if.h>
-#endif
+#endif /* defined(SIOCGIFCONF) && !SIOCGIFCONF_IS_BROKEN */
 
 void
 load_if_names()
 {
-#if defined(SIOCGIFCONF) && !SIOCGIFCONF_IS_BROKEN
+#if NETINET6 && defined(SIOCGLIFCONF)
+	int s;
+	int i;
+	struct lifconf lifc;
+	struct lifnum lifn;
+	int numifs;
+
+	s = socket(InetMode, SOCK_DGRAM, 0);
+	if (s == -1)
+		return;
+
+	/* get the list of known IP address from the kernel */
+#   ifdef SIOCGLIFNUM
+	lifn.lifn_family = AF_UNSPEC;
+	lifn.lifn_flags = 0;
+	if (ioctl(s, SIOCGLIFNUM, (char *)&lifn) < 0)
+	{
+		/* can't get number of interfaces -- fall back */
+		if (tTd(0, 4))
+			dprintf("SIOCGLIFNUM failed: %s\n", errstring(errno));
+		numifs = -1;
+	}
+	else
+	{
+		numifs = lifn.lifn_count;
+		if (tTd(0, 42))
+			dprintf("system has %d interfaces\n", numifs);
+	}
+	if (numifs < 0)
+#   endif /* SIOCGLIFNUM */
+		numifs = MAXINTERFACES;
+
+	if (numifs <= 0)
+	{
+		close(s);
+		return;
+	}
+	lifc.lifc_len = numifs * sizeof (struct lifreq);
+	lifc.lifc_buf = xalloc(lifc.lifc_len);
+	lifc.lifc_family = AF_UNSPEC;
+	lifc.lifc_flags = 0;
+	if (ioctl(s, SIOCGLIFCONF, (char *)&lifc) < 0)
+	{
+		if (tTd(0, 4))
+			dprintf("SIOCGLIFCONF failed: %s\n", errstring(errno));
+		close(s);
+		return;
+	}
+
+	/* scan the list of IP address */
+	if (tTd(0, 40))
+		dprintf("scanning for interface specific names, lifc_len=%d\n",
+			lifc.lifc_len);
+
+	for (i = 0; i < lifc.lifc_len; )
+	{
+		struct lifreq *ifr = (struct lifreq *)&lifc.lifc_buf[i];
+		SOCKADDR *sa = (SOCKADDR *) &ifr->lifr_addr;
+		char *addr;
+		struct in6_addr ia6;
+		struct in_addr ia;
+#   ifdef SIOCGLIFFLAGS
+		struct lifreq ifrf;
+#   endif /* SIOCGLIFFLAGS */
+		char ip_addr[256];
+		char buf6[INET6_ADDRSTRLEN];
+		int af = ifr->lifr_addr.ss_family;
+
+		/*
+		**  We must close and recreate the socket each time
+		**  since we don't know what type of socket it is now
+		**  (each status function may change it).
+		*/
+
+		(void) close(s);
+
+		s = socket(af, SOCK_DGRAM, 0);
+		if (s == -1)
+			return;
+
+		/*
+		**  If we don't have a complete ifr structure,
+		**  don't try to use it.
+		*/
+
+		if ((lifc.lifc_len - i) < sizeof *ifr)
+			break;
+
+#   ifdef BSD4_4_SOCKADDR
+		if (sa->sa.sa_len > sizeof ifr->lifr_addr)
+			i += sizeof ifr->lifr_name + sa->sa.sa_len;
+		else
+#   endif /* BSD4_4_SOCKADDR */
+			i += sizeof *ifr;
+
+		if (tTd(0, 20))
+			dprintf("%s\n", anynet_ntoa(sa));
+
+		if (af != AF_INET && af != AF_INET6)
+			continue;
+
+#   ifdef SIOCGLIFFLAGS
+		memset(&ifrf, '\0', sizeof(struct lifreq));
+		(void) strlcpy(ifrf.lifr_name, ifr->lifr_name,
+			       sizeof(ifrf.lifr_name));
+		if (ioctl(s, SIOCGLIFFLAGS, (char *) &ifrf) < 0)
+		{
+			if (tTd(0, 4))
+				dprintf("SIOCGLIFFLAGS failed: %s\n",
+					errstring(errno));
+			continue;
+		}
+		else if (tTd(0, 41))
+			dprintf("\tflags: %lx\n",
+				(unsigned long)ifrf.lifr_flags);
+
+		if (!bitset(IFF_UP, ifrf.lifr_flags))
+			continue;
+#   endif /* SIOCGLIFFLAGS */
+
+		ip_addr[0] = '\0';
+
+		/* extract IP address from the list*/
+		switch (af)
+		{
+		  case AF_INET6:
+			ia6 = sa->sin6.sin6_addr;
+			if (ia6.s6_addr == in6addr_any.s6_addr)
+			{
+				addr = anynet_ntop(&ia6, buf6, sizeof buf6);
+				message("WARNING: interface %s is UP with %s address",
+					ifr->lifr_name,
+					addr == NULL ? "(NULL)" : addr);
+				continue;
+			}
+
+			/* save IP address in text from */
+			addr = anynet_ntop(&ia6, buf6, sizeof buf6);
+			if (addr != NULL)
+				(void) snprintf(ip_addr, sizeof ip_addr,
+						"[%.*s]",
+						sizeof ip_addr - 3, addr);
+			break;
+
+		  case AF_INET:
+			ia = sa->sin.sin_addr;
+			if (ia.s_addr == INADDR_ANY ||
+			    ia.s_addr == INADDR_NONE)
+			{
+				message("WARNING: interface %s is UP with %s address",
+					ifr->lifr_name, inet_ntoa(ia));
+				continue;
+			}
+
+			/* save IP address in text from */
+			(void) snprintf(ip_addr, sizeof ip_addr, "[%.*s]",
+					sizeof ip_addr - 3, inet_ntoa(ia));
+			break;
+		}
+
+		if (*ip_addr == '\0')
+			continue;
+
+		if (!wordinclass(ip_addr, 'w'))
+		{
+			setclass('w', ip_addr);
+			if (tTd(0, 4))
+				dprintf("\ta.k.a.: %s\n", ip_addr);
+		}
+
+#   ifdef SIOCGLIFFLAGS
+		/* skip "loopback" interface "lo" */
+		if (bitset(IFF_LOOPBACK, ifrf.lifr_flags))
+			continue;
+#   endif /* SIOCGLIFFLAGS */
+		(void) add_hostnames(sa);
+	}
+	free(lifc.lifc_buf);
+	close(s);
+#else /* NETINET6 && defined(SIOCGLIFCONF) */
+# if defined(SIOCGIFCONF) && !SIOCGIFCONF_IS_BROKEN
 	int s;
 	int i;
 	struct ifconf ifc;
@@ -4392,23 +4967,23 @@ load_if_names()
 		return;
 
 	/* get the list of known IP address from the kernel */
-# if defined(SIOCGIFNUM) && !SIOCGIFNUM_IS_BROKEN
+#  if defined(SIOCGIFNUM) && !SIOCGIFNUM_IS_BROKEN
 	if (ioctl(s, SIOCGIFNUM, (char *) &numifs) < 0)
 	{
 		/* can't get number of interfaces -- fall back */
 		if (tTd(0, 4))
-			printf("SIOCGIFNUM failed: %s\n", errstring(errno));
+			dprintf("SIOCGIFNUM failed: %s\n", errstring(errno));
 		numifs = -1;
 	}
 	else if (tTd(0, 42))
-		printf("system has %d interfaces\n", numifs);
+		dprintf("system has %d interfaces\n", numifs);
 	if (numifs < 0)
-# endif
-		numifs = 512;
+#  endif /* defined(SIOCGIFNUM) && !SIOCGIFNUM_IS_BROKEN */
+		numifs = MAXINTERFACES;
 
 	if (numifs <= 0)
 	{
-		close(s);
+		(void) close(s);
 		return;
 	}
 	ifc.ifc_len = numifs * sizeof (struct ifreq);
@@ -4416,71 +4991,128 @@ load_if_names()
 	if (ioctl(s, SIOCGIFCONF, (char *)&ifc) < 0)
 	{
 		if (tTd(0, 4))
-			printf("SIOGIFCONF failed: %s\n", errstring(errno));
-		close(s);
+			dprintf("SIOCGIFCONF failed: %s\n", errstring(errno));
+		(void) close(s);
 		return;
 	}
 
 	/* scan the list of IP address */
 	if (tTd(0, 40))
-		printf("scanning for interface specific names, ifc_len=%d\n",
+		dprintf("scanning for interface specific names, ifc_len=%d\n",
 			ifc.ifc_len);
 
 	for (i = 0; i < ifc.ifc_len; )
 	{
+		int af;
 		struct ifreq *ifr = (struct ifreq *) &ifc.ifc_buf[i];
 		SOCKADDR *sa = (SOCKADDR *) &ifr->ifr_addr;
+#   if NETINET6
+		char *addr;
+		struct in6_addr ia6;
+#   endif /* NETINET6 */
 		struct in_addr ia;
-#ifdef SIOCGIFFLAGS
+#   ifdef SIOCGIFFLAGS
 		struct ifreq ifrf;
-#endif
+#   endif /* SIOCGIFFLAGS */
 		char ip_addr[256];
-		extern char *inet_ntoa();
+#   if NETINET6
+		char buf6[INET6_ADDRSTRLEN];
+#   endif /* NETINET6 */
 
-#ifdef BSD4_4_SOCKADDR
+		/*
+		**  If we don't have a complete ifr structure,
+		**  don't try to use it.
+		*/
+
+		if ((ifc.ifc_len - i) < sizeof *ifr)
+			break;
+
+#   ifdef BSD4_4_SOCKADDR
 		if (sa->sa.sa_len > sizeof ifr->ifr_addr)
 			i += sizeof ifr->ifr_name + sa->sa.sa_len;
 		else
-#endif
+#   endif /* BSD4_4_SOCKADDR */
 			i += sizeof *ifr;
 
 		if (tTd(0, 20))
-			printf("%s\n", anynet_ntoa(sa));
-
-		if (ifr->ifr_addr.sa_family != AF_INET)
+			dprintf("%s\n", anynet_ntoa(sa));
+
+		af = ifr->ifr_addr.sa_family;
+		if (af != AF_INET
+#   if NETINET6
+		    && af != AF_INET6
+#   endif /* NETINET6 */
+		    )
 			continue;
 
-#ifdef SIOCGIFFLAGS
-		bzero(&ifrf, sizeof(struct ifreq));
-		strncpy(ifrf.ifr_name, ifr->ifr_name, sizeof(ifrf.ifr_name));
-		ioctl(s, SIOCGIFFLAGS, (char *) &ifrf);
+#   ifdef SIOCGIFFLAGS
+		memset(&ifrf, '\0', sizeof(struct ifreq));
+		(void) strlcpy(ifrf.ifr_name, ifr->ifr_name,
+			       sizeof(ifrf.ifr_name));
+		(void) ioctl(s, SIOCGIFFLAGS, (char *) &ifrf);
 		if (tTd(0, 41))
-			printf("\tflags: %x\n", ifrf.ifr_flags);
-# define IFRFREF ifrf
-#else
-# define IFRFREF (*ifr)
-#endif
+			dprintf("\tflags: %lx\n",
+				(unsigned long) ifrf.ifr_flags);
+#    define IFRFREF ifrf
+#   else /* SIOCGIFFLAGS */
+#    define IFRFREF (*ifr)
+#   endif /* SIOCGIFFLAGS */
+
 		if (!bitset(IFF_UP, IFRFREF.ifr_flags))
 			continue;
 
+		ip_addr[0] = '\0';
+
 		/* extract IP address from the list*/
-		ia = sa->sin.sin_addr;
-		if (ia.s_addr == INADDR_ANY || ia.s_addr == INADDR_NONE)
+		switch (af)
 		{
-			message("WARNING: interface %s is UP with %s address",
-				ifr->ifr_name, inet_ntoa(ia));
-			continue;
+		  case AF_INET:
+			ia = sa->sin.sin_addr;
+			if (ia.s_addr == INADDR_ANY ||
+			    ia.s_addr == INADDR_NONE)
+			{
+				message("WARNING: interface %s is UP with %s address",
+					ifr->ifr_name, inet_ntoa(ia));
+				continue;
+			}
+
+			/* save IP address in text from */
+			(void) snprintf(ip_addr, sizeof ip_addr, "[%.*s]",
+					(int) sizeof ip_addr - 3,
+					inet_ntoa(ia));
+			break;
+
+#   if NETINET6
+		  case AF_INET6:
+			ia6 = sa->sin6.sin6_addr;
+			if (ia6.s6_addr == in6addr_any.s6_addr)
+			{
+				addr = anynet_ntop(&ia6, buf6, sizeof buf6);
+				message("WARNING: interface %s is UP with %s address",
+					ifr->ifr_name,
+					addr == NULL ? "(NULL)" : addr);
+				continue;
+			}
+
+			/* save IP address in text from */
+			addr = anynet_ntop(&ia6, buf6, sizeof buf6);
+			if (addr != NULL)
+				(void) snprintf(ip_addr, sizeof ip_addr,
+						"[%.*s]",
+						sizeof ip_addr - 3, addr);
+			break;
+
+#   endif /* NETINET6 */
 		}
 
-		/* save IP address in text from */
-		(void) snprintf(ip_addr, sizeof ip_addr, "[%.*s]",
-			sizeof ip_addr - 3,
-			inet_ntoa(ia));
+		if (ip_addr[0] == '\0')
+			continue;
+
 		if (!wordinclass(ip_addr, 'w'))
 		{
 			setclass('w', ip_addr);
 			if (tTd(0, 4))
-				printf("\ta.k.a.: %s\n", ip_addr);
+				dprintf("\ta.k.a.: %s\n", ip_addr);
 		}
 
 		/* skip "loopback" interface "lo" */
@@ -4490,9 +5122,37 @@ load_if_names()
 		(void) add_hostnames(sa);
 	}
 	free(ifc.ifc_buf);
-	close(s);
-# undef IFRFREF
-#endif
+	(void) close(s);
+#  undef IFRFREF
+# endif /* defined(SIOCGIFCONF) && !SIOCGIFCONF_IS_BROKEN */
+#endif /* NETINET6 && defined(SIOCGLIFCONF) */
+}
+/*
+**  ISLOOPBACK -- is socket address in the loopback net?
+**
+**	Parameters:
+**		sa -- socket address.
+**
+**	Returns:
+**		TRUE -- is socket address in the loopback net?
+**		FALSE -- otherwise
+**
+*/
+
+bool
+isloopback(sa)
+	SOCKADDR sa;
+{
+#if NETINET6
+	if (IN6_IS_ADDR_LOOPBACK(&sa.sin6.sin6_addr))
+		return TRUE;
+#else /* NETINET6 */
+	/* XXX how to correctly extract IN_LOOPBACKNET part? */
+	if (((ntohl(sa.sin.sin_addr.s_addr) & IN_CLASSA_NET)
+	     >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
+		return TRUE;
+#endif /* NETINET6 */
+	return FALSE;
 }
 /*
 **  GET_NUM_PROCS_ONLINE -- return the number of processors currently online
@@ -4504,21 +5164,70 @@ load_if_names()
 **		The number of processors online.
 */
 
-int
+static int
 get_num_procs_online()
 {
 	int nproc = 0;
 
-#if _FFR_SCALE_LA_BY_NUM_PROCS
-#ifdef _SC_NPROCESSORS_ONLN
+#ifdef USESYSCTL
+# if defined(CTL_HW) && defined(HW_NCPU)
+	size_t sz;
+	int mib[2];
+
+	mib[0] = CTL_HW;
+	mib[1] = HW_NCPU;
+	sz = (size_t) sizeof nproc;
+	(void) sysctl(mib, 2, &nproc, &sz, NULL, 0);
+# endif /* defined(CTL_HW) && defined(HW_NCPUS) */
+#else /* USESYSCTL */
+# ifdef _SC_NPROCESSORS_ONLN
 	nproc = (int) sysconf(_SC_NPROCESSORS_ONLN);
-#endif
-#endif
+# else /* _SC_NPROCESSORS_ONLN */
+#  ifdef __hpux
+#   include <sys/pstat.h>
+	struct pst_dynamic psd;
+
+	if (pstat_getdynamic(&psd, sizeof(psd), (size_t)1, 0) != -1)
+		nproc = psd.psd_proc_cnt;
+#  endif /* __hpux */
+# endif /* _SC_NPROCESSORS_ONLN */
+#endif /* USESYSCTL */
+
 	if (nproc <= 0)
 		nproc = 1;
 	return nproc;
 }
 /*
+**  SEED_RANDOM -- seed the random number generator
+**
+**	Parameters:
+**		none
+**
+**	Returns:
+**		none
+*/
+
+void
+seed_random()
+{
+#if HASSRANDOMDEV
+	srandomdev();
+#else /* HASSRANDOMDEV */
+	long seed;
+	struct timeval t;
+
+	seed = (long) getpid();
+	if (gettimeofday(&t, NULL) >= 0)
+		seed += t.tv_sec + t.tv_usec;
+
+# if HASRANDOM
+	(void) srandom(seed);
+# else /* HASRANDOM */
+	(void) srand((unsigned int) seed);
+# endif /* HASRANDOM */
+#endif /* HASSRANDOMDEV */
+}
+/*
 **  SM_SYSLOG -- syslog wrapper to keep messages under SYSLOG_BUFSIZE
 **
 **	Parameters:
@@ -4533,61 +5242,61 @@ get_num_procs_online()
 
 /* VARARGS3 */
 void
-# ifdef __STDC__
+#ifdef __STDC__
 sm_syslog(int level, const char *id, const char *fmt, ...)
-# else
+#else /* __STDC__ */
 sm_syslog(level, id, fmt, va_alist)
 	int level;
 	const char *id;
 	const char *fmt;
 	va_dcl
-#endif
+#endif /* __STDC__ */
 {
 	static char *buf = NULL;
-	static size_t bufsize = MAXLINE;
+	static size_t bufsize;
 	char *begin, *end;
+	int save_errno;
 	int seq = 1;
 	int idlen;
+	char buf0[MAXLINE];
 	extern int SnprfOverflow;
 	extern int SyslogErrno;
 	extern char *DoprEnd;
 	VA_LOCAL_DECL
-	extern void sm_dopr __P((char *, const char *, va_list));
-	
-	SyslogErrno = errno;
+
+	save_errno = SyslogErrno = errno;
 	if (id == NULL)
-	{
 		id = "NOQUEUE";
-		idlen = 9;
-	}
 	else if (strcmp(id, NOQID) == 0)
-	{
 		id = "";
-		idlen = 0;
-	}
-	else
-		idlen = strlen(id + 2);
-bufalloc:
-	if (buf == NULL)
-		buf = (char *) xalloc(sizeof(char) * bufsize);
+	idlen = strlen(id);
 
-	/* do a virtual vsnprintf into buf */
-	VA_START(fmt);
-	buf[0] = 0;
-	DoprEnd = buf + bufsize - 1;
-	SnprfOverflow = 0;
-	sm_dopr(buf, fmt, ap);
-	*DoprEnd = '\0';
-	VA_END;
-	/* end of virtual vsnprintf */
+	if (buf == NULL)
+	{
+		buf = buf0;
+		bufsize = sizeof buf0;
+	}
 
-	if (SnprfOverflow)
+	for (;;)
 	{
+		/* do a virtual vsnprintf into buf */
+		VA_START(fmt);
+		buf[0] = 0;
+		DoprEnd = buf + bufsize - 1;
+		SnprfOverflow = 0;
+		sm_dopr(buf, fmt, ap);
+		*DoprEnd = '\0';
+		VA_END;
+		/* end of virtual vsnprintf */
+
+		if (SnprfOverflow == 0)
+			break;
+
 		/* String too small, redo with correct size */
 		bufsize += SnprfOverflow + 1;
-		free(buf);
-		buf = NULL;
-		goto bufalloc;
+		if (buf != buf0)
+			free(buf);
+		buf = xalloc(bufsize * sizeof (char));
 	}
 	if ((strlen(buf) + idlen + 1) < SYSLOG_BUFSIZE)
 	{
@@ -4596,22 +5305,25 @@ bufalloc:
 			syslog(level, "%s", buf);
 		else
 			syslog(level, "%s: %s", id, buf);
-#else
+#else /* LOG */
 		/*XXX should do something more sensible */
 		if (*id == '\0')
 			fprintf(stderr, "%s\n", buf);
 		else
 			fprintf(stderr, "%s: %s\n", id, buf);
-#endif
+#endif /* LOG */
+		if (buf == buf0)
+			buf = NULL;
+		errno = save_errno;
 		return;
 	}
 
 	begin = buf;
 	while (*begin != '\0' &&
-	       (strlen(begin) + idlen + 5) > SYSLOG_BUFSIZE) 
+	       (strlen(begin) + idlen + 5) > SYSLOG_BUFSIZE)
 	{
 		char save;
-	
+
 		if (seq == 999)
 		{
 			/* Too many messages */
@@ -4635,24 +5347,29 @@ bufalloc:
 		*end = 0;
 #if LOG
 		syslog(level, "%s[%d]: %s ...", id, seq++, begin);
-#else
+#else /* LOG */
 		fprintf(stderr, "%s[%d]: %s ...\n", id, seq++, begin);
-#endif
+#endif /* LOG */
 		*end = save;
 		begin = end;
 	}
 	if (seq == 999)
 #if LOG
-		syslog(level, "%s[%d]: log terminated, too many parts", id, seq);
-#else
-		fprintf(stderr, "%s[%d]: log terminated, too many parts\n", id, seq);
-#endif
+		syslog(level, "%s[%d]: log terminated, too many parts",
+			id, seq);
+#else /* LOG */
+		fprintf(stderr, "%s[%d]: log terminated, too many parts\n",
+			id, seq);
+#endif /* LOG */
 	else if (*begin != '\0')
 #if LOG
 		syslog(level, "%s[%d]: %s", id, seq, begin);
-#else
+#else /* LOG */
 		fprintf(stderr, "%s[%d]: %s\n", id, seq, begin);
-#endif
+#endif /* LOG */
+	if (buf == buf0)
+		buf = NULL;
+	errno = save_errno;
 }
 /*
 **  HARD_SYSLOG -- call syslog repeatedly until it works
@@ -4668,20 +5385,20 @@ bufalloc:
 # ifdef V4FS
 #  define XCNST	const
 #  define CAST	(const char *)
-# else
+# else /* V4FS */
 #  define XCNST
 #  define CAST
-# endif
+# endif /* V4FS */
 
 void
 # ifdef __STDC__
 hard_syslog(int pri, XCNST char *msg, ...)
-# else
+# else /* __STDC__ */
 hard_syslog(pri, msg, va_alist)
 	int pri;
 	XCNST char *msg;
 	va_dcl
-# endif
+# endif /* __STDC__ */
 {
 	int i;
 	char buf[SYSLOG_BUFSIZE];
@@ -4696,19 +5413,19 @@ hard_syslog(pri, msg, va_alist)
 }
 
 # undef CAST
-#endif
+#endif /* defined(__hpux) && !defined(HPUX11) */
+#if NEEDLOCAL_HOSTNAME_LENGTH
 /*
 **  LOCAL_HOSTNAME_LENGTH
 **
 **	This is required to get sendmail to compile against BIND 4.9.x
 **	on Ultrix.
+**
+**	Unfortunately, a Compaq Y2K patch kit provides it without
+**	bumping __RES in /usr/include/resolv.h so we can't automatically
+**	figure out whether it is needed.
 */
 
-#if defined(ultrix) && NAMED_BIND
-
-# include <resolv.h>
-# if __RES >= 19931104 && __RES < 19950621
-
 int
 local_hostname_length(hostname)
 	char *hostname;
@@ -4720,15 +5437,15 @@ local_hostname_length(hostname)
 	len_host = strlen(hostname);
 	len_domain = strlen(_res.defdname);
 	if (len_host > len_domain &&
-	    (strcasecmp(hostname + len_host - len_domain,_res.defdname) == 0) &&
+	    (strcasecmp(hostname + len_host - len_domain,
+			_res.defdname) == 0) &&
 	    hostname[len_host - len_domain - 1] == '.')
 		return len_host - len_domain - 1;
 	else
 		return 0;
 }
+#endif /* NEEDLOCAL_HOSTNAME_LENGTH */
 
-# endif
-#endif
 /*
 **  Compile-Time options
 */
@@ -4737,88 +5454,106 @@ char	*CompileOptions[] =
 {
 #ifdef HESIOD
 	"HESIOD",
-#endif
+#endif /* HESIOD */
 #if HES_GETMAILHOST
 	"HES_GETMAILHOST",
-#endif
+#endif /* HES_GETMAILHOST */
 #ifdef LDAPMAP
 	"LDAPMAP",
-#endif
+#endif /* LDAPMAP */
+#ifdef MAP_NSD
+	"MAP_NSD",
+#endif /* MAP_NSD */
 #ifdef MAP_REGEX
 	"MAP_REGEX",
-#endif
+#endif /* MAP_REGEX */
 #if LOG
 	"LOG",
-#endif
+#endif /* LOG */
 #if MATCHGECOS
 	"MATCHGECOS",
-#endif
+#endif /* MATCHGECOS */
 #if MIME7TO8
 	"MIME7TO8",
-#endif
+#endif /* MIME7TO8 */
 #if MIME8TO7
 	"MIME8TO7",
-#endif
+#endif /* MIME8TO7 */
 #if NAMED_BIND
 	"NAMED_BIND",
-#endif
+#endif /* NAMED_BIND */
 #ifdef NDBM
 	"NDBM",
-#endif
+#endif /* NDBM */
 #if NETINET
 	"NETINET",
-#endif
+#endif /* NETINET */
+#if NETINET6
+	"NETINET6",
+#endif /* NETINET6 */
 #if NETINFO
 	"NETINFO",
-#endif
+#endif /* NETINFO */
 #if NETISO
 	"NETISO",
-#endif
+#endif /* NETISO */
 #if NETNS
 	"NETNS",
-#endif
+#endif /* NETNS */
 #if NETUNIX
 	"NETUNIX",
-#endif
+#endif /* NETUNIX */
 #if NETX25
 	"NETX25",
-#endif
+#endif /* NETX25 */
 #ifdef NEWDB
 	"NEWDB",
-#endif
+#endif /* NEWDB */
 #ifdef NIS
 	"NIS",
-#endif
+#endif /* NIS */
 #ifdef NISPLUS
 	"NISPLUS",
-#endif
+#endif /* NISPLUS */
+#ifdef PH_MAP
+	"PH_MAP",
+#endif /* PH_MAP */
 #if QUEUE
 	"QUEUE",
-#endif
+#endif /* QUEUE */
+#if SASL
+	"SASL",
+#endif /* SASL */
 #if SCANF
 	"SCANF",
-#endif
+#endif /* SCANF */
+#if SFIO
+	"SFIO",
+#endif /* SFIO */
 #if SMTP
 	"SMTP",
-#endif
+#endif /* SMTP */
 #if SMTPDEBUG
 	"SMTPDEBUG",
-#endif
+#endif /* SMTPDEBUG */
+#if STARTTLS
+	"STARTTLS",
+#endif /* STARTTLS */
 #ifdef SUID_ROOT_FILES_OK
 	"SUID_ROOT_FILES_OK",
-#endif
+#endif /* SUID_ROOT_FILES_OK */
 #if TCPWRAPPERS
 	"TCPWRAPPERS",
-#endif
+#endif /* TCPWRAPPERS */
 #if USERDB
 	"USERDB",
-#endif
+#endif /* USERDB */
 #if XDEBUG
 	"XDEBUG",
-#endif
+#endif /* XDEBUG */
 #ifdef XLA
 	"XLA",
-#endif
+#endif /* XLA */
 	NULL
 };
 
@@ -4831,108 +5566,133 @@ char	*OsCompileOptions[] =
 {
 #if BOGUS_O_EXCL
 	"BOGUS_O_EXCL",
-#endif
+#endif /* BOGUS_O_EXCL */
+#if FAST_PID_RECYCLE
+	"FAST_PID_RECYCLE",
+#endif /* FAST_PID_RECYCLE */
+#if HASFCHOWN
+	"HASFCHOWN",
+#endif /* HASFCHOWN */
 #if HASFCHMOD
 	"HASFCHMOD",
-#endif
+#endif /* HASFCHMOD */
 #if HASFLOCK
 	"HASFLOCK",
-#endif
+#endif /* HASFLOCK */
 #if HASGETDTABLESIZE
 	"HASGETDTABLESIZE",
-#endif
+#endif /* HASGETDTABLESIZE */
 #if HASGETUSERSHELL
 	"HASGETUSERSHELL",
-#endif
+#endif /* HASGETUSERSHELL */
 #if HASINITGROUPS
 	"HASINITGROUPS",
-#endif
+#endif /* HASINITGROUPS */
 #if HASLSTAT
 	"HASLSTAT",
-#endif
+#endif /* HASLSTAT */
+#if HASRANDOM
+	"HASRANDOM",
+#endif /* HASRANDOM */
+#if HASSETLOGIN
+	"HASSETLOGIN",
+#endif /* HASSETLOGIN */
 #if HASSETREUID
 	"HASSETREUID",
-#endif
+#endif /* HASSETREUID */
 #if HASSETRLIMIT
 	"HASSETRLIMIT",
-#endif
+#endif /* HASSETRLIMIT */
 #if HASSETSID
 	"HASSETSID",
-#endif
+#endif /* HASSETSID */
 #if HASSETUSERCONTEXT
 	"HASSETUSERCONTEXT",
-#endif
+#endif /* HASSETUSERCONTEXT */
 #if HASSETVBUF
 	"HASSETVBUF",
-#endif
+#endif /* HASSETVBUF */
 #if HASSNPRINTF
 	"HASSNPRINTF",
-#endif
+#endif /* HASSNPRINTF */
 #if HAS_ST_GEN
 	"HAS_ST_GEN",
-#endif
+#endif /* HAS_ST_GEN */
+#if HASSRANDOMDEV
+	"HASSRANDOMDEV",
+#endif /* HASSRANDOMDEV */
+#if HASURANDOMDEV
+	"HASURANDOMDEV",
+#endif /* HASURANDOMDEV */
 #if HASSTRERROR
 	"HASSTRERROR",
-#endif
+#endif /* HASSTRERROR */
 #if HASULIMIT
 	"HASULIMIT",
-#endif
+#endif /* HASULIMIT */
 #if HASUNAME
 	"HASUNAME",
-#endif
+#endif /* HASUNAME */
 #if HASUNSETENV
 	"HASUNSETENV",
-#endif
+#endif /* HASUNSETENV */
 #if HASWAITPID
 	"HASWAITPID",
-#endif
+#endif /* HASWAITPID */
 #if IDENTPROTO
 	"IDENTPROTO",
-#endif
+#endif /* IDENTPROTO */
 #if IP_SRCROUTE
 	"IP_SRCROUTE",
-#endif
+#endif /* IP_SRCROUTE */
 #if O_EXLOCK && HASFLOCK && !BOGUS_O_EXCL
 	"LOCK_ON_OPEN",
-#endif
+#endif /* O_EXLOCK && HASFLOCK && !BOGUS_O_EXCL */
 #if NEEDFSYNC
 	"NEEDFSYNC",
-#endif
+#endif /* NEEDFSYNC */
 #if NOFTRUNCATE
 	"NOFTRUNCATE",
-#endif
+#endif /* NOFTRUNCATE */
 #if RLIMIT_NEEDS_SYS_TIME_H
 	"RLIMIT_NEEDS_SYS_TIME_H",
-#endif
+#endif /* RLIMIT_NEEDS_SYS_TIME_H */
 #if SAFENFSPATHCONF
 	"SAFENFSPATHCONF",
-#endif
+#endif /* SAFENFSPATHCONF */
 #if SECUREWARE
 	"SECUREWARE",
-#endif
+#endif /* SECUREWARE */
 #if SHARE_V1
 	"SHARE_V1",
-#endif
+#endif /* SHARE_V1 */
 #if SIOCGIFCONF_IS_BROKEN
 	"SIOCGIFCONF_IS_BROKEN",
-#endif
+#endif /* SIOCGIFCONF_IS_BROKEN */
 #if SIOCGIFNUM_IS_BROKEN
 	"SIOCGIFNUM_IS_BROKEN",
-#endif
+#endif /* SIOCGIFNUM_IS_BROKEN */
+#if SNPRINTF_IS_BROKEN
+	"SNPRINTF_IS_BROKEN",
+#endif /* SNPRINTF_IS_BROKEN */
+#if SO_REUSEADDR_IS_BROKEN
+	"SO_REUSEADDR_IS_BROKEN",
+#endif /* SO_REUSEADDR_IS_BROKEN */
 #if SYS5SETPGRP
 	"SYS5SETPGRP",
-#endif
+#endif /* SYS5SETPGRP */
 #if SYSTEM5
 	"SYSTEM5",
-#endif
+#endif /* SYSTEM5 */
 #if USE_SA_SIGACTION
 	"USE_SA_SIGACTION",
-#endif
+#endif /* USE_SA_SIGACTION */
 #if USE_SIGLONGJMP
 	"USE_SIGLONGJMP",
-#endif
+#endif /* USE_SIGLONGJMP */
 #if USESETEUID
 	"USESETEUID",
-#endif
+#endif /* USESETEUID */
 	NULL
 };
+
diff --git a/contrib/sendmail/src/conf.h b/contrib/sendmail/src/conf.h
index 6097c27..00953e9 100644
--- a/contrib/sendmail/src/conf.h
+++ b/contrib/sendmail/src/conf.h
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -9,7 +10,7 @@
  * the sendmail distribution.
  *
  *
- *	@(#)conf.h	8.385 (Berkeley) 1/28/1999
+ *	$Id: conf.h,v 8.496.4.20 2000/07/15 17:35:19 gshapiro Exp $
  */
 
 /*
@@ -19,59 +20,108 @@
 **	included in the next release.
 */
 
+#ifndef CONF_H
+#define CONF_H 1
+
 #ifdef __GNUC__
 struct rusage;	/* forward declaration to get gcc to shut up in wait.h */
-#endif
+#endif /* __GNUC__ */
 
 # include <sys/param.h>
 # include <sys/types.h>
+# if SFIO && defined(SF_APPEND)
+#  undef SF_APPEND		/* Both sfio/stdio.h and sys/stat.h define it */
+# endif /* SFIO && defined(SF_APPEND) */
 # include <sys/stat.h>
-#ifndef __QNX__
+# ifndef __QNX__
 /* in QNX this grabs bogus LOCK_* manifests */
-# include <sys/file.h>
-#endif
+#  include <sys/file.h>
+# endif /* ! __QNX__ */
 # include <sys/wait.h>
 # include <limits.h>
 # include <fcntl.h>
 # include <signal.h>
 # include <netdb.h>
 # include <pwd.h>
+# include <grp.h>
+
+/* make sure TOBUFSIZ isn't larger than system limit for size of exec() args */
+#ifdef ARG_MAX
+# if ARG_MAX > 4096
+#  define SM_ARG_MAX	4096
+# else /* ARG_MAX > 4096 */
+#  define SM_ARG_MAX	ARG_MAX
+# endif /* ARG_MAX > 4096 */
+#else /* ARG_MAX */
+# define SM_ARG_MAX	4096
+#endif /* ARG_MAX */
 
 /**********************************************************************
 **  Table sizes, etc....
 **	There shouldn't be much need to change these....
 **********************************************************************/
 
-# define MAXLINE	2048		/* max line length */
-# define MAXNAME	256		/* max length of a name */
-# define MAXPV		40		/* max # of parms to mailers */
-# define MAXATOM	200		/* max atoms per address */
-# define MAXMAILERS	25		/* maximum mailers known to system */
-# define MAXRWSETS	200		/* max # of sets of rewriting rules */
-# define MAXPRIORITIES	25		/* max values for Precedence: field */
-# define MAXMXHOSTS	100		/* max # of MX records for one host */
-# define SMTPLINELIM	990		/* maximum SMTP line length */
-# define MAXKEY		128		/* maximum size of a database key */
-# define MEMCHUNKSIZE	1024		/* chunk size for memory allocation */
-# define MAXUSERENVIRON	100		/* max envars saved, must be >= 3 */
-# define MAXALIASDB	12		/* max # of alias databases */
-# define MAXMAPSTACK	12		/* max # of stacked or sequenced maps */
-# define MAXTOCLASS	8		/* max # of message timeout classes */
-# define MAXMIMEARGS	20		/* max args in Content-Type: */
-# define MAXMIMENESTING	20		/* max MIME multipart nesting */
-# define QUEUESEGSIZE	1000		/* increment for queue size */
-# define MAXQFNAME	20		/* max qf file name length */
-# define MACBUFSIZE	4096		/* max expanded macro buffer size */
-# define TOBUFSIZE	512		/* max buffer to hold address list */
-# define MAXSHORTSTR	203		/* max short string length */
-# if _FFR_MAX_MIME_HEADER_LENGTH
-#  define MAXMACNAMELEN	25		/* max macro name length */
-# else
-#  define MAXMACNAMELEN	20		/* max macro name length */
-# endif
-# ifndef MAXHDRSLEN
-#  define MAXHDRSLEN	(32 * 1024)	/* max size of message headers */
-# endif
+#define MAXLINE		2048		/* max line length */
+#define MAXNAME		256		/* max length of a name */
+#define MAXPV		256		/* max # of parms to mailers */
+#define MAXATOM		1000		/* max atoms per address */
+#define MAXRWSETS	200		/* max # of sets of rewriting rules */
+#define MAXPRIORITIES	25		/* max values for Precedence: field */
+#define MAXMXHOSTS	100		/* max # of MX records for one host */
+#define SMTPLINELIM	990		/* maximum SMTP line length */
+#define MAXKEY		128		/* maximum size of a database key */
+#define MEMCHUNKSIZE	1024		/* chunk size for memory allocation */
+#define MAXUSERENVIRON	100		/* max envars saved, must be >= 3 */
+#define MAXALIASDB	12		/* max # of alias databases */
+#define MAXMAPSTACK	12		/* max # of stacked or sequenced maps */
+#if _FFR_MILTER
+# define MAXFILTERS	25		/* max # of milter filters */
+# define MAXFILTERMACROS	50	/* max # of macros per milter cmd */
+#endif /* _FFR_MILTER */
+#define MAXSMTPARGS	20		/* max # of ESMTP args for MAIL/RCPT */
+#define MAXTOCLASS	8		/* max # of message timeout classes */
+#define MAXRESTOTYPES	3		/* max # of resolver timeout types */
+#define MAXMIMEARGS	20		/* max args in Content-Type: */
+#define MAXMIMENESTING	20		/* max MIME multipart nesting */
+#define QUEUESEGSIZE	1000		/* increment for queue size */
+#define MAXQFNAME	20		/* max qf file name length */
+#define MACBUFSIZE	4096		/* max expanded macro buffer size */
+#define TOBUFSIZE	SM_ARG_MAX	/* max buffer to hold address list */
+#define MAXSHORTSTR	203		/* max short string length */
+#define MAXMACNAMELEN	25		/* max macro name length */
+#define MAXMACROID	0377		/* max macro id number */
+#ifndef MAXHDRSLEN
+# define MAXHDRSLEN	(32 * 1024)	/* max size of message headers */
+#endif /* ! MAXHDRSLEN */
+#define MAXDAEMONS	10		/* max number of ports to listen to */
+#ifndef MAXINTERFACES
+# define MAXINTERFACES	512		/* number of interfaces to probe */
+#endif /* MAXINTERFACES */
+#ifndef MAXSYMLINKS
+# define MAXSYMLINKS	32		/* max number of symlinks in a path */
+#endif /* ! MAXSYMLINKS */
+#define MAXLINKPATHLEN	(MAXPATHLEN * MAXSYMLINKS) /* max link-expanded file */
+#define DATA_PROGRESS_TIMEOUT	300	/* how ofter to check DATA progress */
+#define ENHSCLEN	10		/* max len of enhanced status code */
+#if _FFR_DYNAMIC_TOBUF
+# define DEFAULT_MAX_RCPT	100	/* max number of RCPTs per envelope */
+#endif /* _FFR_DYNAMIC_TOBUF */
+
+#if SASL
+# ifndef AUTH_MECHANISMS
+#  if STARTTLS && _FFR_EXT_MECH
+#   define AUTH_MECHANISMS	"EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5"
+#  else /* STARTTLS && _FFR_EXT_MECH */
+#   define AUTH_MECHANISMS	"GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5"
+#  endif /* STARTTLS && _FFR_EXT_MECH */
+# endif /* ! AUTH_MECHANISMS */
+#endif /* SASL */
+
+#ifdef LDAPMAP
+# define LDAPMAP_MAX_ATTR	64
+# define LDAPMAP_MAX_FILTER	1024
+# define LDAPMAP_MAX_PASSWD	256
+#endif /* LDAPMAP */
 
 /**********************************************************************
 **  Compilation options.
@@ -80,41 +130,45 @@ struct rusage;	/* forward declaration to get gcc to shut up in wait.h */
 **  All can be overridden from Makefile.
 **********************************************************************/
 
-# ifndef NETINET
-#  define NETINET	1	/* include internet support */
-# endif
+#ifndef NETINET
+# define NETINET	1	/* include internet support */
+#endif /* ! NETINET */
 
-# ifndef NETISO
-#  define NETISO	0	/* do not include ISO socket support */
-# endif
+#ifndef NETINET6
+# define NETINET6	0	/* do not include IPv6 support */
+#endif /* ! NETINET6 */
 
-# ifndef NAMED_BIND
-#  define NAMED_BIND	1	/* use Berkeley Internet Domain Server */
-# endif
+#ifndef NETISO
+# define NETISO	0		/* do not include ISO socket support */
+#endif /* ! NETISO */
 
-# ifndef XDEBUG
-#  define XDEBUG	1	/* enable extended debugging */
-# endif
+#ifndef NAMED_BIND
+# define NAMED_BIND	1	/* use Berkeley Internet Domain Server */
+#endif /* ! NAMED_BIND */
 
-# ifndef MATCHGECOS
-#  define MATCHGECOS	1	/* match user names from gecos field */
-# endif
+#ifndef XDEBUG
+# define XDEBUG		1	/* enable extended debugging */
+#endif /* ! XDEBUG */
 
-# ifndef DSN
-#  define DSN		1	/* include delivery status notification code */
-# endif
+#ifndef MATCHGECOS
+# define MATCHGECOS	1	/* match user names from gecos field */
+#endif /* ! MATCHGECOS */
 
-# if !defined(USERDB) && (defined(NEWDB) || defined(HESIOD))
-#  define USERDB	1	/* look in user database */
-# endif
+#ifndef DSN
+# define DSN		1	/* include delivery status notification code */
+#endif /* ! DSN */
 
-# ifndef MIME8TO7
-#  define MIME8TO7	1	/* 8->7 bit MIME conversions */
-# endif
+#if !defined(USERDB) && (defined(NEWDB) || defined(HESIOD))
+# define USERDB		1	/* look in user database */
+#endif /* !defined(USERDB) && (defined(NEWDB) || defined(HESIOD)) */
 
-# ifndef MIME7TO8
-#  define MIME7TO8	1	/* 7->8 bit MIME conversions */
-# endif
+#ifndef MIME8TO7
+# define MIME8TO7	1	/* 8->7 bit MIME conversions */
+#endif /* ! MIME8TO7 */
+
+#ifndef MIME7TO8
+# define MIME7TO8	1	/* 7->8 bit MIME conversions */
+#endif /* ! MIME7TO8 */
 
 /**********************************************************************
 **  "Hard" compilation options.
@@ -123,7 +177,7 @@ struct rusage;	/* forward declaration to get gcc to shut up in wait.h */
 **  be turned off unless absolutely necessary.
 **********************************************************************/
 
-# define LOG		1	/* enable logging -- don't turn off */
+#define LOG		1	/* enable logging -- don't turn off */
 
 /**********************************************************************
 **  End of site-specific configuration.
@@ -141,13 +195,15 @@ struct rusage;	/* forward declaration to get gcc to shut up in wait.h */
 
 #ifdef __STDC__
 # define HASSETVBUF	1	/* we have setvbuf(3) in libc */
-#endif
+#endif /* __STDC__ */
 
 /*
 **  Assume you have standard calls; can be #undefed below if necessary.
 */
 
+#ifndef HASLSTAT
 # define HASLSTAT	1	/* has lstat(2) call */
+#endif /* ! HASLSTAT */
 /**********************************************************************
 **  Operating system configuration.
 **
@@ -168,7 +224,7 @@ struct rusage;	/* forward declaration to get gcc to shut up in wait.h */
 # define SYSTEM5	1	/* include all the System V defines */
 # define HASINITGROUPS	1	/* has initgroups(3) call */
 # define HASFCHMOD	1	/* has fchmod(2) syscall */
-# define USESETEUID	1	/* has useable seteuid(2) call */
+# define USESETEUID	1	/* has usable seteuid(2) call */
 # define BOGUS_O_EXCL	1	/* exclusive open follows symlinks */
 # define seteuid(e)	setresuid(-1, e, -1)
 # define IP_SRCROUTE	1	/* can check IP source routing */
@@ -178,10 +234,18 @@ struct rusage;	/* forward declaration to get gcc to shut up in wait.h */
 # define GIDSET_T	gid_t
 # ifndef HASGETUSERSHELL
 #  define HASGETUSERSHELL 0	/* getusershell(3) causes core dumps */
-# endif
-# ifndef HPUX11
-#  define syslog	hard_syslog
-# endif
+# endif /* ! HASGETUSERSHELL */
+# ifdef HPUX11
+#  define HASFCHOWN	1	/* has fchown(2) */
+#  define HASSNPRINTF	1	/* has snprintf(3) */
+#  ifndef BROKEN_RES_SEARCH
+#   define BROKEN_RES_SEARCH 1	/* res_search(unknown) returns h_errno=0 */
+#  endif /* ! BROKEN_RES_SEARCH */
+# else /* HPUX11 */
+#  ifndef NOT_SENDMAIL
+#   define syslog	hard_syslog
+#  endif /* ! NOT_SENDMAIL */
+# endif /* HPUX11 */
 # define SAFENFSPATHCONF 1	/* pathconf(2) pessimizes on NFS filesystems */
 
 # ifdef V4FS
@@ -189,32 +253,32 @@ struct rusage;	/* forward declaration to get gcc to shut up in wait.h */
 #  define _PATH_UNIX		"/stand/vmunix"
 #  ifndef _PATH_VENDOR_CF
 #   define _PATH_VENDOR_CF	"/etc/mail/sendmail.cf"
-#  endif
+#  endif /* ! _PATH_VENDOR_CF */
 #  ifndef _PATH_SENDMAILPID
 #   define _PATH_SENDMAILPID	"/etc/mail/sendmail.pid"
-#  endif
+#  endif /* ! _PATH_SENDMAILPID */
 #  ifndef IDENTPROTO
 #   define IDENTPROTO	1	/* TCP/IP implementation fixed in 10.0 */
-#  endif
-
-# else
+#  endif /* ! IDENTPROTO */
+#  include <sys/mpctl.h>	/* for mpctl() in get_num_procs_online() */
+# else /* V4FS */
 		/* HP-UX 9.x */
 #  define _PATH_UNIX		"/hp-ux"
 #  ifndef _PATH_VENDOR_CF
 #   define _PATH_VENDOR_CF	"/usr/lib/sendmail.cf"
-#  endif
+#  endif /* ! _PATH_VENDOR_CF */
 #  ifndef IDENTPROTO
 #   define IDENTPROTO	0	/* TCP/IP implementation is broken */
-#  endif
+#  endif /* ! IDENTPROTO */
 #  ifdef __STDC__
 extern void	hard_syslog(int, char *, ...);
-#  else
+#  else /* __STDC__ */
 extern void	hard_syslog();
-#  endif
+#  endif /* __STDC__ */
 #  define FDSET_CAST	(int *)	/* cast for fd_set parameters to select */
-# endif
+# endif /* V4FS */
 
-#endif
+#endif /* __hpux */
 
 
 /*
@@ -223,13 +287,17 @@ extern void	hard_syslog();
 
 #ifdef _AIX4
 # define _AIX3		1	/* pull in AIX3 stuff */
+# define BSD4_4_SOCKADDR	/* has sa_len */
 # define USESETEUID	1	/* seteuid(2) works */
 # define TZ_TYPE	TZ_NAME	/* use tzname[] vector */
 # define SOCKOPT_LEN_T	size_t	/* arg#5 to getsockopt */
 # if _AIX4 >= 40200
 #  define HASSETREUID	1	/* setreuid(2) works as of AIX 4.2 */
 #  define SOCKADDR_LEN_T	size_t	/* e.g., arg#3 to accept, getsockname */
-# endif
+# endif /* _AIX4 >= 40200 */
+# if _AIX4 >= 40300
+#  define HASSNPRINTF	1		/* has snprintf starting in 4.3 */
+# endif /* _AIX4 >= 40300 */
 # if defined(_ILS_MACROS)	/* IBM versions aren't side-effect clean */
 #  undef isascii
 #  define isascii(c)		!(c & ~0177)
@@ -237,8 +305,8 @@ extern void	hard_syslog();
 #  define isdigit(__a)		(_IS(__a,_ISDIGIT))
 #  undef isspace
 #  define isspace(__a)		(_IS(__a,_ISSPACE))
-# endif
-#endif
+# endif /* defined(_ILS_MACROS) */
+#endif /* _AIX4 */
 
 
 /*
@@ -249,6 +317,7 @@ extern void	hard_syslog();
 # include <paths.h>
 # include <sys/machine.h>	/* to get byte order */
 # include <sys/select.h>
+# define HASFCHOWN	1	/* has fchown(2) */
 # define HASINITGROUPS	1	/* has initgroups(3) call */
 # define HASUNAME	1	/* use System V uname(2) system call */
 # define HASGETUSERSHELL 0	/* does not have getusershell(3) call */
@@ -260,7 +329,7 @@ extern void	hard_syslog();
 # define LA_TYPE	LA_INT
 # define FSHIFT		16
 # define LA_AVENRUN	"avenrun"
-#endif
+#endif /* _AIX3 */
 
 
 /*
@@ -301,11 +370,11 @@ typedef int		pid_t;
 /* make this sendmail in a completely different place */
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/usr/local/newmail/sendmail.cf"
-# endif
+# endif /* ! _PATH_VENDOR_CF */
 # ifndef _PATH_SENDMAILPID
 #  define _PATH_SENDMAILPID	"/usr/local/newmail/sendmail.pid"
-# endif
-#endif
+# endif /* ! _PATH_SENDMAILPID */
+#endif /* AIX */
 
 
 /*
@@ -315,9 +384,9 @@ typedef int		pid_t;
 **
 **	Use IRIX64 instead of IRIX for 64-bit IRIX (6.0).
 **	Use IRIX5 instead of IRIX for IRIX 5.x.
-** 
+**
 **	This version tries to be adaptive using _MIPS_SIM:
-**		_MIPS_SIM == _ABIO32 (= 1)    Abi: -32  on IRIX 6.2
+**		_MIPS_SIM == _ABIO32 (= 1)    Abi: -32 on IRIX 6.2
 **		_MIPS_SIM == _ABIN32 (= 2)    Abi: -n32 on IRIX 6.2
 **		_MIPS_SIM == _ABI64  (= 3)    Abi: -64 on IRIX 6.2
 **
@@ -331,15 +400,14 @@ typedef int		pid_t;
 #if defined(__sgi)
 # ifndef IRIX
 #  define IRIX
-# endif
+# endif /* ! IRIX */
 # if _MIPS_SIM > 0 && !defined(IRIX5)
 #  define IRIX5			/* IRIX5 or IRIX6 */
-# endif
+# endif /* _MIPS_SIM > 0 && !defined(IRIX5) */
 # if _MIPS_SIM > 1 && !defined(IRIX6) && !defined(IRIX64)
 #  define IRIX6			/* IRIX6 */
-# endif
-
-#endif
+# endif /* _MIPS_SIM > 1 && !defined(IRIX6) && !defined(IRIX64) */
+#endif /* defined(__sgi) */
 
 #ifdef IRIX
 # define SYSTEM5	1	/* this is a System-V derived system */
@@ -354,34 +422,35 @@ typedef int		pid_t;
 # define SFS_BAVAIL	f_bfree		/* alternate field name */
 # define SYSLOG_BUFSIZE 512
 # ifdef IRIX6
-#  define STAT64        1
+#  define STAT64	1
 #  define QUAD_T	unsigned long long
 #  define LA_TYPE	LA_IRIX6	/* figure out at run time */
 #  define SAFENFSPATHCONF 0	/* pathconf(2) lies on NFS filesystems */
-# else
+# else /* IRIX6 */
 #  define LA_TYPE	LA_INT
 
 #  ifdef IRIX64
-#   define STAT64       1
+#   define STAT64	1
 #   define QUAD_T	unsigned long long
 #   define NAMELISTMASK	0x7fffffffffffffff	/* mask for nlist() values */
-#  else
-#   define STAT64       0
+#  else /* IRIX64 */
+#   define STAT64	0
 #   define NAMELISTMASK	0x7fffffff		/* mask for nlist() values */
-#  endif
-# endif
+#  endif /* IRIX64 */
+# endif /* IRIX6 */
 # if defined(IRIX64) || defined(IRIX5) || defined(IRIX6)
 #  include <sys/cdefs.h>
 #  include <paths.h>
 #  define ARGV_T	char *const *
+#  define HASFCHOWN	1	/* has fchown(2) */
 #  define HASSETRLIMIT	1	/* has setrlimit(2) syscall */
-#  define HASGETDTABLESIZE 1    /* has getdtablesize(2) syscall */
+#  define HASGETDTABLESIZE 1	/* has getdtablesize(2) syscall */
 #  define HASSTRERROR	1	/* has strerror(3) */
-# else
+# else /* defined(IRIX64) || defined(IRIX5) || defined(IRIX6) */
 #  define ARGV_T	const char **
 #  define WAITUNION	1	/* use "union wait" as wait argument type */
-# endif
-#endif
+# endif /* defined(IRIX64) || defined(IRIX5) || defined(IRIX6) */
+#endif /* IRIX */
 
 
 /*
@@ -399,78 +468,95 @@ typedef int		pid_t;
 # define HASFCHMOD	1	/* has fchmod(2) syscall */
 # define IP_SRCROUTE	1	/* can check IP source routing */
 # define SAFENFSPATHCONF 1	/* pathconf(2) pessimizes on NFS filesystems */
+# ifndef HASFCHOWN
+#  define HASFCHOWN	1	/* fchown(2) */
+# endif /* ! HASFCHOWN */
 
 # ifdef SOLARIS_2_3
 #  define SOLARIS	20300	/* for back compat only -- use -DSOLARIS=20300 */
-# endif
+# endif /* SOLARIS_2_3 */
 
 # if defined(NOT_SENDMAIL) && !defined(SOLARIS) && defined(sun) && (defined(__svr4__) || defined(__SVR4))
 #  define SOLARIS	1	/* unknown Solaris version */
-# endif
+# endif /* defined(NOT_SENDMAIL) && !defined(SOLARIS) && defined(sun) && (defined(__svr4__) || defined(__SVR4)) */
 
 # ifdef SOLARIS
 			/* Solaris 2.x (a.k.a. SunOS 5.x) */
 #  ifndef __svr4__
-#   define __svr4__		/* use all System V Releae 4 defines below */
-#  endif
+#   define __svr4__		/* use all System V Release 4 defines below */
+#  endif /* ! __svr4__ */
 #  define GIDSET_T	gid_t
 #  define USE_SA_SIGACTION	1	/* use sa_sigaction field */
 #  ifndef _PATH_UNIX
 #   define _PATH_UNIX		"/dev/ksyms"
-#  endif
+#  endif /* ! _PATH_UNIX */
 #  ifndef _PATH_VENDOR_CF
 #   define _PATH_VENDOR_CF	"/etc/mail/sendmail.cf"
-#  endif
+#  endif /* ! _PATH_VENDOR_CF */
 #  ifndef _PATH_SENDMAILPID
 #   define _PATH_SENDMAILPID	"/etc/mail/sendmail.pid"
-#  endif
+#  endif /* ! _PATH_SENDMAILPID */
 #  ifndef _PATH_HOSTS
 #   define _PATH_HOSTS		"/etc/inet/hosts"
-#  endif
+#  endif /* ! _PATH_HOSTS */
 #  ifndef SYSLOG_BUFSIZE
 #   define SYSLOG_BUFSIZE	1024	/* allow full size syslog buffer */
-#  endif
+#  endif /* ! SYSLOG_BUFSIZE */
 #  ifndef TZ_TYPE
 #   define TZ_TYPE	TZ_TZNAME
-#  endif
+#  endif /* ! TZ_TYPE */
 #  if SOLARIS >= 20300 || (SOLARIS < 10000 && SOLARIS >= 203)
 #   define USESETEUID	1		/* seteuid works as of 2.3 */
-#  endif
+#  endif /* SOLARIS >= 20300 || (SOLARIS < 10000 && SOLARIS >= 203) */
 #  if SOLARIS >= 20500 || (SOLARIS < 10000 && SOLARIS >= 205)
 #   define HASSETREUID	1		/* setreuid works as of 2.5 */
 #   if SOLARIS < 207 || (SOLARIS > 10000 && SOLARIS < 20700)
 #    ifndef LA_TYPE
 #     define LA_TYPE	LA_KSTAT	/* use kstat(3k) -- may work in < 2.5 */
-#    endif
-#   endif
-#  endif
+#    endif /* ! LA_TYPE */
+#    ifndef RANDOMSHIFT		/* random() doesn't work well (sometimes) */
+#     define RANDOMSHIFT	8
+#    endif /* RANDOMSHIFT */
+#   endif /* SOLARIS < 207 || (SOLARIS > 10000 && SOLARIS < 20700) */
+#  else /* SOLARIS >= 20500 || (SOLARIS < 10000 && SOLARIS >= 205) */
+#   ifndef HASRANDOM
+#    define HASRANDOM	0		/* doesn't have random(3) */
+#   endif /* ! HASRANDOM */
+#  endif /* SOLARIS >= 20500 || (SOLARIS < 10000 && SOLARIS >= 205) */
 #  if SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206)
 #   define HASSNPRINTF	1		/* has snprintf starting in 2.6 */
-#  endif
+#  endif /* SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206) */
 #  if SOLARIS >= 20700 || (SOLARIS < 10000 && SOLARIS >= 207)
 #   ifndef LA_TYPE
+#    include <sys/loadavg.h>
 #    define LA_TYPE	LA_SUBR		/* getloadavg(3c) appears in 2.7 */
-#   endif
+#   endif /* ! LA_TYPE */
 #   define HASGETUSERSHELL 1	/* getusershell(3c) bug fixed in 2.7 */
-#  endif
+#  endif /* SOLARIS >= 20700 || (SOLARIS < 10000 && SOLARIS >= 207) */
+#  if SOLARIS >= 20800 || (SOLARIS < 10000 && SOLARIS >= 208)
+#   undef NETINET6
+#   define NETINET6	1	/* IPv6 added in 2.8 */
+#   define HASSTRL	1	/* str*(3) added in 2.8 */
+#  endif /* SOLARIS >= 20800 || (SOLARIS < 10000 && SOLARIS >= 208) */
 #  ifndef HASGETUSERSHELL
 #   define HASGETUSERSHELL 0	/* getusershell(3) causes core dumps pre-2.7 */
-#  endif
+#  endif /* ! HASGETUSERSHELL */
 
-# else
+# else /* SOLARIS */
 			/* SunOS 4.0.3 or 4.1.x */
 #  define HASGETUSERSHELL 1	/* DOES have getusershell(3) call in libc */
 #  define HASSETREUID	1	/* has setreuid(2) call */
 #  ifndef HASFLOCK
 #   define HASFLOCK	1	/* has flock(2) call */
-#  endif
+#  endif /* ! HASFLOCK */
 #  define SFS_TYPE	SFS_VFS	/* use <sys/vfs.h> statfs() implementation */
 #  define TZ_TYPE	TZ_TM_ZONE	/* use tm->tm_zone */
 #  include <memory.h>
 #  include <vfork.h>
 #  ifdef __GNUC__
 #   define strtoul	strtol	/* gcc library bogosity */
-#  endif
+#  endif /* __GNUC__ */
+#  define memmove(d, s, l)	(bcopy((s), (d), (l)))
 
 #  ifdef SUNOS403
 			/* special tweaking for SunOS 4.0.3 */
@@ -486,19 +572,19 @@ typedef int		pid_t;
 typedef int		pid_t;
 extern char		*getenv();
 
-#  else
+#  else /* SUNOS403 */
 			/* 4.1.x specifics */
 #   define HASSETSID	1	/* has Posix setsid(2) call */
 #   define HASSETVBUF	1	/* we have setvbuf(3) in libc */
 
-#  endif
-# endif
+#  endif /* SUNOS403 */
+# endif /* SOLARIS */
 
 # ifndef LA_TYPE
 #  define LA_TYPE	LA_INT
-# endif
+# endif /* ! LA_TYPE */
 
-#endif /* sun && !BSD */
+#endif /* defined(sun) && !defined(BSD) */
 
 /*
 **  DG/UX
@@ -510,9 +596,9 @@ extern char		*getenv();
 
 #ifdef DGUX_5_4_2
 # define DGUX		1
-#endif
+#endif /* DGUX_5_4_2 */
 
-#ifdef	DGUX
+#ifdef DGUX
 # define SYSTEM5	1
 # define LA_TYPE	LA_DGUX
 # define HASSETREUID	1	/* has setreuid(2) call */
@@ -524,7 +610,7 @@ extern char		*getenv();
 # define HASSNPRINTF	1	/* has snprintf(3) */
 # ifndef IDENTPROTO
 #  define IDENTPROTO	0	/* TCP/IP implementation is broken */
-# endif
+# endif /* ! IDENTPROTO */
 # define SPT_TYPE	SPT_NONE	/* don't use setproctitle */
 # define SFS_TYPE	SFS_4ARGS	/* four argument statfs() call */
 
@@ -538,8 +624,8 @@ extern char		*getenv();
 # ifdef DGUX_5_4_2
 #  define inet_addr	dgux_inet_addr
 extern long	dgux_inet_addr();
-# endif
-#endif
+# endif /* DGUX_5_4_2 */
+#endif /* DGUX */
 
 
 /*
@@ -556,39 +642,43 @@ extern long	dgux_inet_addr();
 # define HASINITGROUPS	1	/* has initgroups(3) call */
 # define HASUNAME	1	/* use System V uname(2) system call */
 # define HASFCHMOD	1	/* has fchmod(2) syscall */
+# define HASFCHOWN	1	/* has fchown(2) syscall */
 # ifndef HASFLOCK
 #  define HASFLOCK	1	/* has flock(2) call */
-# endif
+# endif /* ! HASFLOCK */
 # define HASGETUSERSHELL 0	/* does not have getusershell(3) call */
 # ifndef BROKEN_RES_SEARCH
 #  define BROKEN_RES_SEARCH 1	/* res_search(unknown) returns h_errno=0 */
-# endif
+# endif /* ! BROKEN_RES_SEARCH */
+# if !defined(NEEDLOCAL_HOSTNAME_LENGTH) && NAMED_BIND && __RES >= 19931104 && __RES < 19950621
+#  define NEEDLOCAL_HOSTNAME_LENGTH	1	/* see sendmail/README */
+# endif /* !defined(NEEDLOCAL_HOSTNAME_LENGTH) && NAMED_BIND && __RES >= 19931104 && __RES < 19950621 */
 # ifdef vax
 #  define LA_TYPE	LA_FLOAT
-# else
+# else /* vax */
 #  define LA_TYPE	LA_INT
 #  define LA_AVENRUN	"avenrun"
-# endif
+# endif /* vax */
 # define SFS_TYPE	SFS_MOUNT	/* use <sys/mount.h> statfs() impl */
 # ifndef IDENTPROTO
 #  define IDENTPROTO	0	/* pre-4.4 TCP/IP implementation is broken */
-# endif
+# endif /* ! IDENTPROTO */
 # define SYSLOG_BUFSIZE	256
-#endif
+#endif /* ultrix */
 
 
 /*
 **  OSF/1 for KSR.
 **
-**      Contributed by Todd C. Miller <Todd.Miller@cs.colorado.edu>
+**	Contributed by Todd C. Miller <Todd.Miller@cs.colorado.edu>
 */
 
 #ifdef __ksr__
-# define __osf__	1       /* get OSF/1 defines below */
+# define __osf__	1	/* get OSF/1 defines below */
 # ifndef TZ_TYPE
 #  define TZ_TYPE	TZ_TZNAME	/* use tzname[] vector */
-# endif
-#endif
+# endif /* ! TZ_TYPE */
+#endif /* __ksr__ */
 
 
 /*
@@ -602,40 +692,44 @@ extern long	dgux_inet_addr();
 # define __osf__	1	/* get OSF/1 defines below */
 # ifndef TZ_TYPE
 #  define TZ_TYPE	TZ_TZNAME	/* use tzname[] vector */
-# endif
+# endif /* ! TZ_TYPE */
 # define GIDSET_T	gid_t
 # define MAXNAMLEN	NAME_MAX
-#endif
+#endif /* __PARAGON__ */
 
 
 /*
-**  OSF/1 (tested on Alpha) -- now known as Digital UNIX.
+**  Tru64 UNIX, formerly known as Digital UNIX, formerly known as DEC OSF/1
 **
 **	Tested for 3.2 and 4.0.
 */
 
 #ifdef __osf__
+# define HASUNAME	1	/* has uname(2) call */
 # define HASUNSETENV	1	/* has unsetenv(3) call */
-# define USESETEUID	1	/* has useable seteuid(2) call */
+# define USESETEUID	1	/* has usable seteuid(2) call */
 # define HASINITGROUPS	1	/* has initgroups(3) call */
 # define HASFCHMOD	1	/* has fchmod(2) syscall */
+# define HASFCHOWN	1	/* has fchown(2) syscall */
+# define HASSETLOGIN	1	/* has setlogin(2) */
 # define IP_SRCROUTE	1	/* can check IP source routing */
 # define HAS_ST_GEN	1	/* has st_gen field in stat struct */
+# define GIDSET_T	gid_t
+# if _FFR_MILTER
+#  define SM_INT32	int	/* 32bit integer */
+# endif /* _FFR_MILTER */
 # ifndef HASFLOCK
 #  define HASFLOCK	1	/* has flock(2) call */
-# endif
+# endif /* ! HASFLOCK */
 # define LA_TYPE	LA_ALPHAOSF
 # define SFS_TYPE	SFS_STATVFS	/* use <sys/statvfs.h> statfs() impl */
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/var/adm/sendmail/sendmail.cf"
-# endif  
+# endif /* ! _PATH_VENDOR_CF */
 # ifndef _PATH_SENDMAILPID
 #  define _PATH_SENDMAILPID	"/var/run/sendmail.pid"
-# endif
-# define bcopy(s, d, l)		(memmove((d), (s), (l)))
-# define bzero(d, l)		(memset((d), '\0', (l)))
-# define bcmp(s, d, l)		(memcmp((s), (d), (l)))
-#endif
+# endif /* ! _PATH_SENDMAILPID */
+#endif /* __osf__ */
 
 
 /*
@@ -647,7 +741,7 @@ extern long	dgux_inet_addr();
 # define NEEDPUTENV	2	/* need putenv(3) call; no setenv(3) call */
 # ifndef HASFLOCK
 #  define HASFLOCK	1	/* has flock(2) call */
-# endif
+# endif /* ! HASFLOCK */
 # define NEEDGETOPT	1	/* need a replacement for getopt(3) */
 # define WAITUNION	1	/* use "union wait" as wait argument type */
 # define UID_T		int	/* compiler gripes on uid_t */
@@ -656,38 +750,42 @@ extern long	dgux_inet_addr();
 # define setpgid	setpgrp
 # ifndef NOT_SENDMAIL
 #  define sleep		sleepX
-# endif
+# endif /* ! NOT_SENDMAIL */
 # ifndef LA_TYPE
 #  define LA_TYPE	LA_MACH
-# endif
+# endif /* ! LA_TYPE */
 # define SFS_TYPE	SFS_VFS	/* use <sys/vfs.h> statfs() implementation */
 # ifndef _POSIX_SOURCE
 typedef int		pid_t;
 #  undef WEXITSTATUS
 #  undef WIFEXITED
-# endif
+#  undef WIFSTOPPED
+#  undef WTERMSIG
+# endif /* ! _POSIX_SOURCE */
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/etc/sendmail/sendmail.cf"
-# endif
+# endif /* ! _PATH_VENDOR_CF */
 # ifndef _PATH_SENDMAILPID
 #  define _PATH_SENDMAILPID	"/etc/sendmail/sendmail.pid"
-# endif
+# endif /* ! _PATH_SENDMAILPID */
 
 # ifdef TCPWRAPPERS
 #  ifndef HASUNSETENV
 #   define HASUNSETENV	1
-#  endif
+#  endif /* ! HASUNSETENV */
 #  undef NEEDPUTENV
-# endif
+# endif /* TCPWRAPPERS */
 
-#endif
+#endif /* NeXT */
 
 /*
 **  Apple Rhapsody
 **	Contributed by Wilfredo Sanchez <wsanchez@apple.com>
+**
+**	Also used for Apple Darwin support.
 */
 
-#ifdef __APPLE__
+#if defined(DARWIN)
 # define HASFCHMOD	1	/* has fchmod(2) syscall */
 # define HASFLOCK	1	/* has flock(2) syscall */
 # define HASUNAME	1	/* has uname(2) syscall */
@@ -696,13 +794,13 @@ typedef int		pid_t;
 # define HASINITGROUPS	1
 # define HASSETVBUF	1
 # define HASSETREUID	1
-# define USESETEUID	1	/* has useable seteuid(2) call */
+# define USESETEUID	1	/* has usable seteuid(2) call */
 # define HASLSTAT	1
 # define HASSETRLIMIT	1
 # define HASWAITPID	1
 # define HASSTRERROR	1	/* has strerror(3) */
 # define HASSNPRINTF	1	/* has snprintf(3) and vsnprintf(3) */
-# define USESTRERROR	1	/* has strerror(3) */
+# define HASSTRERROR	1	/* has strerror(3) */
 # define HASGETDTABLESIZE	1
 # define HASGETUSERSHELL	1
 # define NEEDGETOPT	1	/* need a replacement for getopt(3) */
@@ -715,7 +813,7 @@ typedef int		pid_t;
 # define SPT_TYPE	SPT_PSSTRINGS
 # define SPT_PADCHAR	'\0'	/* pad process title with nulls */
 # define ERRLIST_PREDEFINED	/* don't declare sys_errlist */
-#endif
+#endif /* DARWIN */
 
 
 /*
@@ -727,7 +825,7 @@ typedef int		pid_t;
 #if defined(BSD4_4) && !defined(__bsdi__) && !defined(__GNU__)
 # include <paths.h>
 # define HASUNSETENV	1	/* has unsetenv(3) call */
-# define USESETEUID	1	/* has useable seteuid(2) call */
+# define USESETEUID	1	/* has usable seteuid(2) call */
 # define HASFCHMOD	1	/* has fchmod(2) syscall */
 # define HASSNPRINTF	1	/* has snprintf(3) and vsnprintf(3) */
 # define HASSTRERROR	1	/* has strerror(3) */
@@ -739,10 +837,10 @@ typedef int		pid_t;
 # define NETLINK	1	/* supports AF_LINK */
 # ifndef LA_TYPE
 #  define LA_TYPE	LA_SUBR
-# endif
+# endif /* ! LA_TYPE */
 # define SFS_TYPE	SFS_MOUNT	/* use <sys/mount.h> statfs() impl */
 # define SPT_TYPE	SPT_PSSTRINGS	/* use PS_STRINGS pointer */
-#endif
+#endif /* defined(BSD4_4) && !defined(__bsdi__) && !defined(__GNU__) */
 
 
 /*
@@ -754,8 +852,9 @@ typedef int		pid_t;
 # include <paths.h>
 # define HASUNSETENV	1	/* has the unsetenv(3) call */
 # define HASSETSID	1	/* has the setsid(2) POSIX syscall */
-# define USESETEUID	1	/* has useable seteuid(2) call */
+# define USESETEUID	1	/* has usable seteuid(2) call */
 # define HASFCHMOD	1	/* has fchmod(2) syscall */
+# define HASSETLOGIN	1	/* has setlogin(2) */
 # define HASSNPRINTF	1	/* has snprintf(3) and vsnprintf(3) */
 # define HASUNAME	1	/* has uname(2) syscall */
 # define HASSTRERROR	1	/* has strerror(3) */
@@ -767,21 +866,21 @@ typedef int		pid_t;
 # define SFS_TYPE	SFS_MOUNT	/* use <sys/mount.h> statfs() impl */
 # ifndef LA_TYPE
 #  define LA_TYPE	LA_SUBR
-# endif
+# endif /* ! LA_TYPE */
 # define GIDSET_T	gid_t
 # define QUAD_T		quad_t
 # if defined(_BSDI_VERSION) && _BSDI_VERSION >= 199312
 			/* version 1.1 or later */
 #  undef SPT_TYPE
 #  define SPT_TYPE	SPT_BUILTIN	/* setproctitle is in libc */
-# else
+# else /* defined(_BSDI_VERSION) && _BSDI_VERSION >= 199312 */
 			/* version 1.0 or earlier */
 #  define SPT_PADCHAR	'\0'	/* pad process title with nulls */
-# endif
+# endif /* defined(_BSDI_VERSION) && _BSDI_VERSION >= 199312 */
 # if defined(_BSDI_VERSION) && _BSDI_VERSION >= 199701	/* on 3.x */
 #  define HASSETUSERCONTEXT 1	/* has setusercontext */
-# endif
-#endif
+# endif /* defined(_BSDI_VERSION) && _BSDI_VERSION >= 199701 */
+#endif /* __bsdi__ */
 
 
 /*
@@ -795,29 +894,26 @@ typedef int		pid_t;
 # include <unix.h>
 # include <sys/select.h>
 # undef NGROUPS_MAX
-# define HASSETSID      1       /* has the setsid(2) POSIX syscall */
-# define USESETEUID     1       /* has useable seteuid(2) call */
-# define HASFCHMOD      1       /* has fchmod(2) syscall */
-# define HASGETDTABLESIZE 1     /* has getdtablesize(2) call */
-# define HASSETREUID    1       /* has setreuid(2) call */
+# define HASSETSID	1	/* has the setsid(2) POSIX syscall */
+# define USESETEUID	1	/* has usable seteuid(2) call */
+# define HASFCHMOD	1	/* has fchmod(2) syscall */
+# define HASGETDTABLESIZE 1	/* has getdtablesize(2) call */
+# define HASSETREUID	1	/* has setreuid(2) call */
 # define HASSTRERROR	1	/* has strerror(3) */
 # define HASFLOCK	0
-# undef HASINITGROUPS           /* has initgroups(3) call */
-# define NEEDGETOPT     1       /* use sendmail's getopt */
-# define IP_SRCROUTE    1       /* can check IP source routing */
-# define TZ_TYPE        TZ_TMNAME       /* use tmname variable */
-# define GIDSET_T       gid_t
-# define LA_TYPE        LA_ZERO
-# define SFS_TYPE       SFS_NONE
-# define SPT_TYPE       SPT_REUSEARGV
-# define SPT_PADCHAR    '\0'    /* pad process title with nulls */
+# undef HASINITGROUPS		/* has initgroups(3) call */
+# define NEEDGETOPT	1	/* use sendmail's getopt */
+# define IP_SRCROUTE	1	/* can check IP source routing */
+# define TZ_TYPE	TZ_TMNAME	/* use tmname variable */
+# define GIDSET_T	gid_t
+# define LA_TYPE	LA_ZERO
+# define SFS_TYPE	SFS_NONE
+# define SPT_TYPE	SPT_REUSEARGV
+# define SPT_PADCHAR	'\0'	/* pad process title with nulls */
 # define HASGETUSERSHELL 0
 # define E_PSEUDOBASE	512
-# define bcopy(s, d, l)		(memmove((d), (s), (l)))
-# define bzero(d, l)		(memset((d), '\0', (l)))
-# define bcmp(s, d, l)		(memcmp((s), (d), (l)))
 # define _FILE_H_INCLUDED
-#endif
+#endif /* defined(__QNX__) */
 
 
 /*
@@ -833,8 +929,9 @@ typedef int		pid_t;
 # include <paths.h>
 # define HASUNSETENV	1	/* has unsetenv(3) call */
 # define HASSETSID	1	/* has the setsid(2) POSIX syscall */
-# define USESETEUID	1	/* has useable seteuid(2) call */
+# define USESETEUID	1	/* has usable seteuid(2) call */
 # define HASFCHMOD	1	/* has fchmod(2) syscall */
+# define HASFCHOWN	1	/* fchown(2) */
 # define HASSNPRINTF	1	/* has snprintf(3) and vsnprintf(3) */
 # define HASUNAME	1	/* has uname(2) syscall */
 # define HASSTRERROR	1	/* has strerror(3) */
@@ -847,37 +944,59 @@ typedef int		pid_t;
 # define SAFENFSPATHCONF 1	/* pathconf(2) pessimizes on NFS filesystems */
 # define GIDSET_T	gid_t
 # define QUAD_T		unsigned long long
+# define SFIO_STDIO_COMPAT	1	/* can use RES_DEBUG */
 # ifndef LA_TYPE
 #  define LA_TYPE	LA_SUBR
-# endif
+# endif /* ! LA_TYPE */
 # define SFS_TYPE	SFS_MOUNT	/* use <sys/mount.h> statfs() impl */
 # if defined(__NetBSD__) && (NetBSD > 199307 || NetBSD0_9 > 1)
 #  undef SPT_TYPE
 #  define SPT_TYPE	SPT_BUILTIN	/* setproctitle is in libc */
-# endif
+# endif /* defined(__NetBSD__) && (NetBSD > 199307 || NetBSD0_9 > 1) */
+# if defined(__NetBSD__) && ((__NetBSD_Version__ > 102070000) || (NetBSD1_2 > 8) || defined(NetBSD1_4) || defined(NetBSD1_3))
+#   define HASURANDOMDEV	1	/* has /dev/urandom(4) */
+# endif /* defined(__NetBSD__) && ((__NetBSD_Version__ > 102070000) || (NetBSD1_2 > 8) || defined(NetBSD1_4) || defined(NetBSD1_3)) */
 # if defined(__FreeBSD__)
+#  define HASSETLOGIN	1	/* has setlogin(2) */
+#  if __FreeBSD_version >= 227001
+#   define HASSRANDOMDEV	1	/* has srandomdev(3) */
+#   define HASURANDOMDEV	1	/* has /dev/urandom(4) */
+#  endif /* __FreeBSD_version >= 227001 */
 #  undef SPT_TYPE
 #  if __FreeBSD__ >= 2
 #   include <osreldate.h>
 #   if __FreeBSD_version >= 199512	/* 2.2-current when it appeared */
 #    include <libutil.h>
 #    define SPT_TYPE	SPT_BUILTIN
-#   endif
+#   endif /* __FreeBSD_version >= 199512 */
 #   if __FreeBSD_version >= 222000	/* 2.2.2-release and later */
-#    define HASSETUSERCONTEXT 	1	/* BSDI-style login classes */
-#   endif
-#  endif
+#    define HASSETUSERCONTEXT	1	/* BSDI-style login classes */
+#   endif /* __FreeBSD_version >= 222000 */
+#   if __FreeBSD_version >= 330000	/* 3.3.0-release and later */
+#    ifndef HASSTRL
+#     define HASSTRL		1	/* has strlc{py,at}(3) functions */
+#    endif /* HASSTRL */
+#   endif /* __FreeBSD_version >= 330000 */
+#   define USESYSCTL		1	/* use sysctl(3) for getting ncpus */
+#   include <sys/sysctl.h>
+#  endif /* __FreeBSD__ >= 2 */
 #  ifndef SPT_TYPE
 #   define SPT_TYPE	SPT_REUSEARGV
 #   define SPT_PADCHAR	'\0'		/* pad process title with nulls */
-#  endif
-# endif
+#  endif /* ! SPT_TYPE */
+# endif /* defined(__FreeBSD__) */
 # if defined(__OpenBSD__)
 #  undef SPT_TYPE
 #  define SPT_TYPE	SPT_BUILTIN	/* setproctitle is in libc */
-# endif
-#endif
-
+#  define HASSETLOGIN	1	/* has setlogin(2) */
+#  define HASURANDOMDEV	1	/* has /dev/urandom(4) */
+#  if OpenBSD < 199912
+#   define HASSTRL	0	/* strlcat(3) is broken in 2.5 and earlier */
+#  else /* OpenBSD < 199912 */
+#   define HASSTRL	1	/* has strlc{py,at}(3) functions */
+#  endif /* OpenBSD < 199912 */
+# endif /* defined(__OpenBSD__) */
+#endif /* defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) */
 
 
 /*
@@ -892,24 +1011,24 @@ typedef int		pid_t;
 # define HASINITGROUPS	1	/* has initgroups(3) call */
 # ifndef HASFLOCK
 #  define HASFLOCK	1	/* has flock(2) call */
-# endif
+# endif /* ! HASFLOCK */
 # define NEEDGETOPT	1	/* need a replacement for getopt(3) */
 # define NEEDSTRTOL	1	/* need the strtol() function */
 # define setpgid	setpgrp
 # ifndef LA_TYPE
 #  define LA_TYPE	LA_FLOAT
-# endif
+# endif /* ! LA_TYPE */
 # define SFS_TYPE	SFS_VFS	/* use <sys/vfs.h> statfs() implementation */
 # undef HASSETVBUF		/* don't actually have setvbuf(3) */
 # undef WEXITSTATUS
 # undef WIFEXITED
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/usr/lib/sendmail.cf"
-# endif
+# endif /* ! _PATH_VENDOR_CF */
 # ifndef _PATH_SENDMAILPID
 #  define _PATH_SENDMAILPID	"/etc/sendmail.pid"
-# endif
-#endif
+# endif /* ! _PATH_SENDMAILPID */
+#endif /* defined(MACH) && defined(i386) && !defined(__GNU__) */
 
 
 
@@ -917,44 +1036,37 @@ typedef int		pid_t;
 **  GNU OS (hurd)
 **	Largely BSD & posix compatible.
 **	Port contributed by Miles Bader <miles@gnu.ai.mit.edu>.
+**	Updated by Mark Kettenis <kettenis@wins.uva.nl>.
 */
 
-#ifdef __GNU_HURD__
-# define SIOCGIFCONF_IS_BROKEN	1
-# define IP_SRCROUTE		0
-# define HASFCHMOD		1
-# define HASFLOCK		1
-# define HASUNAME		1
-# define HASUNSETENV		1
-# define HASSETSID		1
-# define HASINITGROUPS		1
-# define HASSETVBUF		1
-# define HASSETREUID		1
-# define USESETEUID		1
-# define HASLSTAT		1
-# define HASSETRLIMIT		1
-# define HASWAITPID		1
-# define HASGETDTABLESIZE	1
-# define HASSTRERROR		1
-/* # define NEEDGETOPT		1 */
-# define HASGETUSERSHELL	1
-# define ERRLIST_PREDEFINED	1
-# define BSD4_4_SOCKADDR	1
+#if defined(__GNU__) && !defined(NeXT)
+# include <paths.h>
+# define HASFCHMOD	1	/* has fchmod(2) call */
+# define HASFCHOWN	1	/* has fchown(2) call */
+# define HASUNAME	1	/* has uname(2) call */
+# define HASUNSETENV	1	/* has unsetenv(3) call */
+# define HAS_ST_GEN	1	/* has st_gen field in stat struct */
+# define HASSNPRINTF	1	/* has snprintf(3) and vsnprintf(3) */
+# define HASSTRERROR	1	/* has strerror(3) */
 # define GIDSET_T	gid_t
-# define LA_TYPE	LA_MACH
-
-/* GNU uses mach[34], which renames some rpcs from mach2.x.  */
-# define host_self	mach_host_self
+# define SOCKADDR_LEN_T	socklen_t
+# define SOCKOPT_LEN_T	socklen_t
+# if (__GLIBC__ == 2 && __GLIBC_MINOR__ > 1) || __GLIBC__ > 2
+#  define LA_TYPE	LA_SUBR
+# else
+#  define LA_TYPE	LA_MACH
+   /* GNU uses mach[34], which renames some rpcs from mach2.x. */
+#  define host_self	mach_host_self
+# endif
 # define SFS_TYPE	SFS_STATFS
 # define SPT_TYPE	SPT_CHANGEARGV
-
-/* GNU has no MAXPATHLEN; ideally the code should be changed to not use it.  */
+# define ERRLIST_PREDEFINED	1	/* don't declare sys_errlist */
+# define BSD4_4_SOCKADDR	1	/* has sa_len */
+# define SIOCGIFCONF_IS_BROKEN  1	/* SIOCGFCONF doesn't work */
+# define HAS_IN_H	1	/* GNU has netinet/in.h. */
+/* GNU has no MAXPATHLEN; ideally the code should be changed to not use it. */
 # define MAXPATHLEN	2048
-
-/* Define device num frobbing macros.  */
-# define major(x)	((x)>>8)
-# define minor(x)	((x)&0xFF)
-#endif /* GNU */
+#endif /* defined(__GNU__) && !defined(NeXT) */
 
 /*
 **  4.3 BSD -- this is for very old systems
@@ -972,18 +1084,17 @@ typedef int		pid_t;
 # define setpgid	setpgrp
 # ifndef LA_TYPE
 #  define LA_TYPE	LA_FLOAT
-# endif
+# endif /* ! LA_TYPE */
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/usr/lib/sendmail.cf"
-# endif
+# endif /* ! _PATH_VENDOR_CF */
 # ifndef IDENTPROTO
 #  define IDENTPROTO	0	/* TCP/IP implementation is broken */
-# endif
+# endif /* ! IDENTPROTO */
 # undef WEXITSTATUS
 # undef WIFEXITED
 typedef short		pid_t;
-extern int		errno;
-#endif
+#endif /* defined(oldBSD43) || defined(MORE_BSD) || defined(umipsbsd) */
 
 
 /*
@@ -1010,6 +1121,7 @@ extern int		errno;
 # define SIOCGIFNUM_IS_BROKEN 1	/* SIOCGIFNUM returns bogus value */
 # define HASSNPRINTF	1	/* has snprintf(3) call */
 # define HASFCHMOD	1	/* has fchmod(2) call */
+# define HASFCHOWN	1	/* has fchown(2) call */
 # define HASSETRLIMIT	1	/* has setrlimit(2) call */
 # define USESETEUID	1	/* has seteuid(2) call */
 # define HASINITGROUPS	1	/* has initgroups(3) call */
@@ -1017,21 +1129,21 @@ extern int		errno;
 # define RLIMIT_NEEDS_SYS_TIME_H	1
 # ifndef LA_TYPE
 #  define LA_TYPE	LA_DEVSHORT
-# endif
+# endif /* ! LA_TYPE */
 # define _PATH_AVENRUN	"/dev/table/avenrun"
 # ifndef _SCO_unix_4_2
 #  define _SCO_unix_4_2
-# else
+# else /* ! _SCO_unix_4_2 */
 #  define SOCKADDR_LEN_T	size_t	/* e.g., arg#3 to accept, getsockname */
 #  define SOCKOPT_LEN_T		size_t	/* arg#5 to getsockopt */
-# endif
-#endif
+# endif /* ! _SCO_unix_4_2 */
+#endif /* _SCO_DS >= 1 */
 
 /* SCO UNIX 3.2v4.2/Open Desktop 3.0 */
 #ifdef _SCO_unix_4_2
 # define _SCO_unix_
 # define HASSETREUID	1	/* has setreuid(2) call */
-#endif
+#endif /* _SCO_unix_4_2 */
 
 /* SCO UNIX 3.2v4.0 Open Desktop 2.0 and earlier */
 #ifdef _SCO_unix_
@@ -1051,24 +1163,24 @@ extern int		errno;
 # define _PATH_UNIX		"/unix"
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/usr/lib/sendmail.cf"
-# endif
+# endif /* ! _PATH_VENDOR_CF */
 # ifndef _PATH_SENDMAILPID
 #  define _PATH_SENDMAILPID	"/etc/sendmail.pid"
-# endif
+# endif /* ! _PATH_SENDMAILPID */
 
 /* stuff fixed in later releases */
 # ifndef _SCO_unix_4_2
 #  define SYS5SIGNALS	1	/* SysV signal semantics -- reset on each sig */
-# endif
+# endif /* ! _SCO_unix_4_2 */
 
 # ifndef _SCO_DS
 #  define ftruncate	chsize	/* use chsize(2) to emulate ftruncate */
 #  define NEEDFSYNC	1	/* needs the fsync(2) call stub */
 #  define NETUNIX	0	/* no unix domain socket support */
 #  define LA_TYPE	LA_SHORT
-# endif
+# endif /* ! _SCO_DS */
 
-#endif
+#endif /* _SCO_unix_ */
 
 
 /*
@@ -1094,12 +1206,11 @@ extern int		errno;
 # define _PATH_UNIX		"/unix"
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/usr/lib/sendmail.cf"
-# endif
+# endif /* ! _PATH_VENDOR_CF */
 # ifndef _PATH_SENDMAILPID
 #  define _PATH_SENDMAILPID	"/etc/sendmail.pid"
-# endif
-
-#endif
+# endif /* ! _PATH_SENDMAILPID */
+#endif /* ISC_UNIX */
 
 
 /*
@@ -1133,7 +1244,6 @@ typedef short		pid_t;
 typedef unsigned long	mode_t;
 
 /* some stuff that should have been in the include files */
-# include <grp.h>
 extern char		*malloc();
 extern struct passwd	*getpwent();
 extern struct passwd	*getpwnam();
@@ -1142,7 +1252,7 @@ extern char		*getenv();
 extern struct group	*getgrgid();
 extern struct group	*getgrnam();
 
-#endif
+#endif /* ALTOS_SYSTEM_V */
 
 
 /*
@@ -1175,7 +1285,7 @@ extern struct group	*getgrnam();
 # define SFS_TYPE	SFS_VFS	/* use <sys/vfs.h> statfs() implementation */
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/usr/lib/sendmail.cf"
-# endif
+# endif /* ! _PATH_VENDOR_CF */
 # ifndef S_IREAD
 #  define S_IREAD	_S_IREAD
 #  define S_IWRITE	_S_IWRITE
@@ -1183,26 +1293,26 @@ extern struct group	*getgrnam();
 #  define S_IFMT	_S_IFMT
 #  define S_IFCHR	_S_IFCHR
 #  define S_IFBLK	_S_IFBLK
-# endif
+# endif /* ! S_IREAD */
 # ifndef TZ_TYPE
 #  define TZ_TYPE	TZ_TIMEZONE
-# endif
+# endif /* ! TZ_TYPE */
 # ifndef IDENTPROTO
 #  define IDENTPROTO	1
-# endif
+# endif /* ! IDENTPROTO */
 # ifndef SHARE_V1
 #  define SHARE_V1	1	/* version 1 of the fair share scheduler */
-# endif
+# endif /* ! SHARE_V1 */
 # if !defined(__GNUC__ )
 #  define UID_T	int		/* GNUC gets it right, ConvexC botches */
 #  define GID_T	int		/* GNUC gets it right, ConvexC botches */
-# endif
+# endif /* !defined(__GNUC__ ) */
 # if SECUREWARE
 #  define FORK	fork		/* SecureWare wants the real fork! */
-# else
+# else /* SECUREWARE */
 #  define FORK	vfork		/* the rest of the OS versions don't care */
-# endif
-#endif
+# endif /* SECUREWARE */
+#endif /* _CONVEX_SOURCE */
 
 
 /*
@@ -1216,7 +1326,7 @@ extern struct group	*getgrnam();
 # define HASUNSETENV	1	/* has unsetenv(3) call */
 # ifndef HASFLOCK
 #  define HASFLOCK	1	/* has flock(2) call */
-# endif
+# endif /* ! HASFLOCK */
 # define WAITUNION	1	/* use "union wait" as wait argument type */
 # define NEEDGETOPT	1	/* need a replacement for getopt(3) */
 # define NEEDPUTENV	1	/* need putenv(3) call */
@@ -1229,7 +1339,6 @@ extern struct group	*getgrnam();
 
 # define setpgid	setpgrp
 
-extern int		errno;
 typedef int		pid_t;
 # define SIGFUNC_DEFINED
 # define SIGFUNC_RETURN	(0)
@@ -1242,14 +1351,14 @@ extern void		*malloc();
 # ifdef RISCOS_4_0
 #  ifndef ARBPTR_T
 #   define ARBPTR_T	char *
-#  endif
+#  endif /* ! ARBPTR_T */
 #  undef HASFLOCK
 #  define HASFLOCK	0
 # endif /* RISCOS_4_0 */
 
 # include <sys/time.h>
 
-#endif
+#endif /* RISCOS */
 
 
 /*
@@ -1267,12 +1376,16 @@ extern void		*malloc();
 **	gcc-2.8.1		glibc-2.0.94		linux-2.1.109
 **
 **  NOTE: Override HASFLOCK as you will but, as of 1.99.6, mixed-style
-** 	file locking is no longer allowed.  In particular, make sure
+**	file locking is no longer allowed.  In particular, make sure
 **	your DBM library and sendmail are both using either flock(2)
 **	*or* fcntl(2) file locking, but not both.
 */
 
 #ifdef __linux__
+# include <linux/version.h>
+# if !defined(KERNEL_VERSION)	/* not defined in 2.0.x kernel series */
+#  define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))
+# endif /* KERNEL_VERSION */
 # define BSD		1	/* include BSD defines */
 # define USESETEUID	0	/* Have it due to POSIX, but doesn't work */
 # define NEEDGETOPT	1	/* need a replacement for getopt(3) */
@@ -1280,34 +1393,73 @@ extern void		*malloc();
 # define HASUNSETENV	1	/* has unsetenv(3) call */
 # ifndef HASSNPRINTF
 #  define HASSNPRINTF	1	/* has snprintf(3) and vsnprintf(3) */
-# endif
+# endif /* ! HASSNPRINTF */
 # define ERRLIST_PREDEFINED	/* don't declare sys_errlist */
 # define GIDSET_T	gid_t	/* from <linux/types.h> */
 # define HASGETUSERSHELL 0	/* getusershell(3) broken in Slackware 2.0 */
-# define IP_SRCROUTE	0	/* linux <= 1.2.8 doesn't support IP_OPTIONS */
+# ifndef IP_SRCROUTE
+#  define IP_SRCROUTE	0	/* linux <= 1.2.8 doesn't support IP_OPTIONS */
+# endif /* ! IP_SRCROUTE */
+# ifndef HAS_IN_H
+#  define HAS_IN_H	1	/* use netinet/in.h */
+# endif /* ! HAS_IN_H */
 # define USE_SIGLONGJMP	1	/* sigsetjmp needed for signal handling */
 # ifndef HASFLOCK
-#  include <linux/version.h>
 #  if LINUX_VERSION_CODE < 66399
 #   define HASFLOCK	0	/* flock(2) is broken after 0.99.13 */
-#  else
+#  else /* LINUX_VERSION_CODE < 66399 */
 #   define HASFLOCK	1	/* flock(2) fixed after 1.3.95 */
-#  endif
-# endif
+#  endif /* LINUX_VERSION_CODE < 66399 */
+# endif /* ! HASFLOCK */
 # ifndef LA_TYPE
 #  define LA_TYPE	LA_PROCSTR
-# endif
+# endif /* ! LA_TYPE */
 # define SFS_TYPE	SFS_VFS		/* use <sys/vfs.h> statfs() impl */
 # define SPT_PADCHAR	'\0'		/* pad process title with nulls */
+# if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,0,0))
+#  ifndef HASURANDOMDEV
+#   define HASURANDOMDEV 1	/* 2.0 (at least) has linux/drivers/char/random.c */
+#  endif /* ! HASURANDOMDEV */
+# endif /* LINUX_VERSION_CODE */
 # ifndef TZ_TYPE
 #  define TZ_TYPE	TZ_NONE		/* no standard for Linux */
-# endif
+# endif /* ! TZ_TYPE */
 # ifndef _PATH_SENDMAILPID
 #  define _PATH_SENDMAILPID	"/var/run/sendmail.pid"
-# endif
+# endif /* ! _PATH_SENDMAILPID */
 # include <sys/sysmacros.h>
 # undef atol			/* wounded in <stdlib.h> */
-#endif
+# if NETINET6
+   /*
+   **  Linux doesn't have a good way to tell userland what interfaces are
+   **  IPv6-capable.  Therefore, the BIND resolver can not determine if there
+   **  are IPv6 interfaces to honor AI_ADDRCONFIG.  Unfortunately, it assumes
+   **  that none are present.  (Excuse the macro name ADDRCONFIG_IS_BROKEN.)
+   */
+#  define ADDRCONFIG_IS_BROKEN	1
+
+   /*
+   **  Indirectly included from glibc's <feature.h>.  IPv6 support is native
+   **  in 2.1 and later, but the APIs appear before the functions.
+   */
+#  if defined(__GLIBC__) && defined(__GLIBC_MINOR__)
+#   define GLIBC_VERSION ((__GLIBC__ << 8) + __GLIBC_MINOR__)
+#   if (GLIBC_VERSION >= 0x201)
+#    undef IPPROTO_ICMPV6	/* linux #defines, glibc enums */
+#   else /* (GLIBC_VERSION >= 0x201) */
+#    include <linux/in6.h>	/* IPv6 support */
+#   endif /* (GLIBC_VERSION >= 0x201) */
+#   if (GLIBC_VERSION == 0x201 && !defined(NEEDSGETIPNODE))
+     /* Have APIs in <netdb.h>, but no support in glibc */
+#    define NEEDSGETIPNODE	1
+#   endif /* (GLIBC_VERSION == 0x201 && ! NEEDSGETIPNODE) */
+#   undef GLIBC_VERSION
+#  endif /* defined(__GLIBC__) && defined(__GLIBC_MINOR__) */
+# endif /* NETINET6 */
+# ifndef HASFCHOWN
+#  define HASFCHOWN	1	/* fchown(2) */
+# endif /* ! HASFCHOWN */
+#endif /* __linux__ */
 
 
 /*
@@ -1325,7 +1477,7 @@ extern void		*malloc();
 #ifdef DELL_SVR4
 				/* no changes necessary */
 				/* see general __svr4__ defines below */
-#endif
+#endif /* DELL_SVR4 */
 
 
 /*
@@ -1349,23 +1501,23 @@ extern void		*malloc();
 # define ERRLIST_PREDEFINED	1
 # ifndef IDENTPROTO
 #  define IDENTPROTO	0	/* TCP/IP implementation is broken */
-# endif
+# endif /* ! IDENTPROTO */
 # ifndef LA_TYPE
 #  define LA_TYPE	LA_INT
 #  define FSHIFT	16
-# endif
+# endif /* ! LA_TYPE */
 # define LA_AVENRUN	"avenrun"
 # define SFS_TYPE	SFS_VFS	/* use <sys/vfs.h> statfs() implementation */
 # define TZ_TYPE	TZ_TZNAME
 # ifndef _PATH_UNIX
 #  define _PATH_UNIX		"/unix"		/* should be in <paths.h> */
-# endif
+# endif /* ! _PATH_UNIX */
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/usr/lib/sendmail.cf"
-# endif
+# endif /* ! _PATH_VENDOR_CF */
 # undef WIFEXITED
 # undef WEXITSTATUS
-#endif
+#endif /* _AUX_SOURCE */
 
 
 /*
@@ -1387,7 +1539,7 @@ extern struct passwd	*getpwent(), *getpwnam(), *getpwuid();
 extern struct group	*getgrent(), *getgrnam(), *getgrgid();
 # undef WIFEXITED
 # undef WEXITSTATUS
-#endif
+#endif /* UMAXV */
 
 
 /*
@@ -1405,7 +1557,7 @@ extern struct group	*getgrent(), *getgrnam(), *getgrgid();
 typedef int		pid_t;
 # undef WIFEXITED
 # undef WEXITSTATUS
-#endif
+#endif /* titan */
 
 
 /*
@@ -1421,9 +1573,9 @@ typedef int		pid_t;
 # define BSD4_3		1	/* to get signal() in conf.c */
 # define WAITUNION	1
 # define LA_TYPE	LA_FLOAT
-# ifdef	_POSIX_VERSION
+# ifdef _POSIX_VERSION
 #  undef _POSIX_VERSION		/* set in <unistd.h> */
-# endif
+# endif /* _POSIX_VERSION */
 # undef HASSETVBUF		/* don't actually have setvbuf(3) */
 # define setpgid	setpgrp
 
@@ -1437,15 +1589,15 @@ typedef int		pid_t;
 
 # ifndef IDENTPROTO
 #  define IDENTPROTO	0	/* TCP/IP implementation is broken */
-# endif
+# endif /* ! IDENTPROTO */
 
 # ifndef _PATH_UNIX
 #  define _PATH_UNIX		"/dynix"
-# endif
+# endif /* ! _PATH_UNIX */
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/usr/lib/sendmail.cf"
-# endif
-#endif
+# endif /* ! _PATH_VENDOR_CF */
+#endif /* sequent */
 
 
 /*
@@ -1471,14 +1623,14 @@ typedef int		pid_t;
 # define SPT_TYPE	SPT_NONE	/* don't use setproctitle */
 # ifndef IDENTPROTO
 #  define IDENTPROTO	0	/* TCP/IP implementation is broken */
-# endif
+# endif /* ! IDENTPROTO */
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/usr/lib/sendmail.cf"
-# endif
+# endif /* ! _PATH_VENDOR_CF */
 # ifndef _PATH_SENDMAILPID
 #  define _PATH_SENDMAILPID	"/etc/sendmail.pid"
-# endif
-#endif
+# endif /* ! _PATH_SENDMAILPID */
+#endif /* _SEQUENT_ */
 
 
 /*
@@ -1494,7 +1646,7 @@ typedef int		pid_t;
 # define LA_TYPE	LA_ZERO
 # define SFS_TYPE	SFS_4ARGS	/* four argument statfs() call */
 # define SFS_BAVAIL	f_bfree		/* alternate field name */
-#endif
+#endif /* UNICOS */
 
 
 /*
@@ -1517,24 +1669,24 @@ typedef int		pid_t;
 # define TZ_TYPE	TZ_TZNAME
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/usr/lib/sendmail.cf"
-# endif
+# endif /* ! _PATH_VENDOR_CF */
 # ifndef _PATH_SENDMAILPID
 #  define _PATH_SENDMAILPID	"/etc/sendmail.pid"
-# endif
-# undef  S_IFSOCK		/* S_IFSOCK and S_IFIFO are the same */
-# undef  S_IFIFO
+# endif /* ! _PATH_SENDMAILPID */
+# undef	 S_IFSOCK		/* S_IFSOCK and S_IFIFO are the same */
+# undef	 S_IFIFO
 # define S_IFIFO	0010000
 # ifndef IDENTPROTO
 #  define IDENTPROTO	0	/* TCP/IP implementation is broken */
-# endif
+# endif /* ! IDENTPROTO */
 # define RLIMIT_NEEDS_SYS_TIME_H	1
 # if defined(NGROUPS_MAX) && !NGROUPS_MAX
 #  undef NGROUPS_MAX
-# endif
-#endif
+# endif /* defined(NGROUPS_MAX) && !NGROUPS_MAX */
+#endif /* apollo */
 
 /*
-**  System V Rel 5.x (a.k.a Unixware7 w/o BSD-Compatiblity Libs ie. native)
+**  System V Rel 5.x (a.k.a Unixware7 w/o BSD-Compatibility Libs ie. native)
 **
 **	Contributed by Paul Gampe <paulg@apnic.net>
 */
@@ -1552,18 +1704,20 @@ typedef int		pid_t;
 # define SOCKOPT_LEN_T		size_t
 # ifndef _PATH_UNIX
 #  define _PATH_UNIX		"/stand/unix"
-# endif
+# endif /* ! _PATH_UNIX */
 # define SPT_PADCHAR		'\0'	/* pad process title with nulls */
-# define SYSLOG_BUFSIZE		1024	/* unsure */
+# ifndef SYSLOG_BUFSIZE
+#  define SYSLOG_BUFSIZE	1024	/* unsure */
+# endif /* SYSLOG_BUFSIZE */
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/etc/sendmail.cf"
-# endif
+# endif /* ! _PATH_VENDOR_CF */
 # ifndef _PATH_SENDMAILPID
 #  define _PATH_SENDMAILPID	"/etc/sendmail.pid"
-# endif
-#endif
+# endif /* ! _PATH_SENDMAILPID */
+#endif /* __svr5__ */
 
-/* ###################################################################### */ 
+/* ###################################################################### */
 
 /*
 **  UnixWare 2.x
@@ -1573,7 +1727,7 @@ typedef int		pid_t;
 # define UNIXWARE	1
 # define HASSNPRINTF	1	/* has snprintf(3) and vsnprintf(3) */
 # undef offsetof		/* avoid stddefs.h, sys/sysmacros.h conflict */
-#endif
+#endif /* UNIXWARE2 */
 
 
 /*
@@ -1598,15 +1752,15 @@ typedef int		pid_t;
 # undef WEXITSTATUS
 # ifndef _PATH_UNIX
 #  define _PATH_UNIX		"/unix"
-# endif
+# endif /* ! _PATH_UNIX */
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/usr/ucblib/sendmail.cf"
-# endif
+# endif /* ! _PATH_VENDOR_CF */
 # ifndef _PATH_SENDMAILPID
 #  define _PATH_SENDMAILPID	"/usr/ucblib/sendmail.pid"
-# endif
+# endif /* ! _PATH_SENDMAILPID */
 # define SYSLOG_BUFSIZE	128
-#endif
+#endif /* UNIXWARE */
 
 
 /*
@@ -1619,13 +1773,13 @@ typedef int		pid_t;
 # define SYSTEM5	1	/* looks like System V */
 # ifndef HASGETUSERSHELL
 #  define HASGETUSERSHELL 0	/* does not have getusershell(3) call */
-# endif
+# endif /* ! HASGETUSERSHELL */
 # define DEV_BSIZE	512	/* device block size not defined */
 # define GIDSET_T	gid_t
 # undef LOG			/* syslog not available */
 # define NEEDFSYNC	1	/* no fsync in system library */
 # define GETSHORT	_getshort
-#endif
+#endif /* CLIX */
 
 
 /*
@@ -1640,7 +1794,7 @@ typedef int		pid_t;
 # define IP_SRCROUTE	0	/* Something is broken with getsockopt() */
 # define SYSLOG_BUFSIZE	1024
 # define SPT_TYPE  SPT_NONE
-#endif
+#endif /* NCR_MP_RAS2 */
 
 
 /*
@@ -1651,10 +1805,19 @@ typedef int		pid_t;
 
 #ifdef NCR_MP_RAS3
 # define __svr4__
+# define HASFCHOWN	1	/* has fchown(2) call */
 # define SIOCGIFNUM_IS_BROKEN	1	/* SIOCGIFNUM has non-std interface */
+# define SO_REUSEADDR_IS_BROKEN	1	/* doesn't work if accept() fails */
 # define SYSLOG_BUFSIZE	1024
-# define SPT_TYPE 	SPT_NONE
-#endif
+# define SPT_TYPE	SPT_NONE
+# ifndef _XOPEN_SOURCE
+#  define _XOPEN_SOURCE
+#  define _XOPEN_SOURCE_EXTENDED 1
+#  include <sys/resource.h>
+#  undef _XOPEN_SOURCE
+#  undef _XOPEN_SOURCE_EXTENDED
+# endif /* ! _XOPEN_SOURCE */
+#endif /* NCR_MP_RAS3 */
 
 
 /*
@@ -1665,38 +1828,46 @@ typedef int		pid_t;
 
 #ifdef NonStop_UX_BXX
 # define __svr4__
-#endif
+#endif /* NonStop_UX_BXX */
 
 
 /*
-**  Hitachi 3050R & 3050RX Workstations running HI-UX/WE2.
+**  Hitachi 3050R/3050RX and 3500 Workstations running HI-UX/WE2.
 **
-**	Tested for 1.04 and 1.03
+**	Tested for 1.04, 1.03
 **	From Akihiro Hashimoto ("Hash") <hash@dominic.ipc.chiba-u.ac.jp>.
+**
+**	Tested for 4.02, 6.10 and 7.10
+**	From Motonori NAKAMURA <motonori@media.kyoto-u.ac.jp>.
 */
 
-#ifdef __H3050R
+#if !defined(__hpux) && (defined(_H3050R) || defined(_HIUX_SOURCE))
 # define SYSTEM5	1	/* include all the System V defines */
 # define HASINITGROUPS	1	/* has initgroups(3) call */
+# define HASFCHMOD	1	/* has fchmod(2) syscall */
 # define setreuid(r, e)	setresuid(r, e, -1)
 # define LA_TYPE	LA_FLOAT
+# define SPT_TYPE	SPT_PSTAT
 # define SFS_TYPE	SFS_VFS	/* use <sys/vfs.h> statfs() implementation */
-# define HASSETVBUF	/* HI-UX has no setlinebuf */
+# ifndef HASSETVBUF
+#  define HASSETVBUF	/* HI-UX has no setlinebuf */
+# endif /* ! HASSETVBUF */
 # ifndef GIDSET_T
 #  define GIDSET_T	gid_t
-# endif
+# endif /* ! GIDSET_T */
 # ifndef _PATH_UNIX
 #  define _PATH_UNIX		"/HI-UX"
-# endif
+# endif /* ! _PATH_UNIX */
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/usr/lib/sendmail.cf"
-# endif
+# endif /* ! _PATH_VENDOR_CF */
 # ifndef IDENTPROTO
 #  define IDENTPROTO	0	/* TCP/IP implementation is broken */
-# endif
+# endif /* ! IDENTPROTO */
 # ifndef HASGETUSERSHELL
 #  define HASGETUSERSHELL 0	/* getusershell(3) causes core dumps */
-# endif
+# endif /* ! HASGETUSERSHELL */
+# define FDSET_CAST	(int *)	/* cast for fd_set parameters to select */
 
 /*
 **  avoid m_flags conflict between Berkeley DB 1.85 db.h & sys/sysmacros.h
@@ -1706,11 +1877,11 @@ typedef int		pid_t;
 
 # ifdef __STDC__
 extern int	syslog(int, char *, ...);
-#else
+# else /* __STDC__ */
 extern int	syslog();
-# endif
+# endif /* __STDC__ */
 
-#endif
+#endif /* !defined(__hpux) && (defined(_H3050R) || defined(_HIUX_SOURCE)) */
 
 
 /*
@@ -1730,7 +1901,7 @@ extern int	syslog();
 # define HASSETVBUF	1	/* has setvbuf(3) function */
 # ifndef HASGETUSERSHELL
 #  define HASGETUSERSHELL 0	/* does not have getusershell(3) function */
-# endif
+# endif /* ! HASGETUSERSHELL */
 # define GIDSET_T	gid_t	/* type of 2nd arg to getgroups(2) isn't int */
 # define LA_TYPE	LA_ZERO		/* doesn't have load average */
 # define SFS_TYPE	SFS_4ARGS	/* use 4-arg statfs() */
@@ -1738,8 +1909,8 @@ extern int	syslog();
 # define _PATH_UNIX		"/unix"
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/usr/lib/sendmail.cf"
-# endif
-#endif
+# endif /* ! _PATH_VENDOR_CF */
+#endif /* _UTS */
 
 /*
 **  Cray Computer Corporation's CSOS
@@ -1757,7 +1928,7 @@ extern int	syslog();
 # define SFS_BAVAIL	f_bfree		/* alternate field name */
 # define _POSIX_CHOWN_RESTRICTED	-1
 extern struct group	*getgrent(), *getgrnam(), *getgrgid();
-#endif
+#endif /* _CRAYCOM */
 
 
 /*
@@ -1771,7 +1942,7 @@ extern struct group	*getgrent(), *getgrnam(), *getgrgid();
 			/* NEWS-OS 4.2.1R */
 #  ifndef BSD
 #   define BSD			/* has BSD routines */
-#  endif
+#  endif /* ! BSD */
 #  define HASUNSETENV	1	/* has unsetenv(2) call */
 #  undef HASSETVBUF		/* don't actually have setvbuf(3) */
 #  define WAITUNION	1	/* use "union wait" as wait argument type */
@@ -1779,7 +1950,7 @@ extern struct group	*getgrent(), *getgrnam(), *getgrgid();
 #  define SFS_TYPE	SFS_VFS /* use <sys/vfs.h> statfs() implementation */
 #  ifndef HASFLOCK
 #   define HASFLOCK	1	/* has flock(2) call */
-#  endif
+#  endif /* ! HASFLOCK */
 #  define setpgid	setpgrp
 #  undef WIFEXITED
 #  undef WEXITSTATUS
@@ -1790,33 +1961,33 @@ typedef int		(*sigfunc_t)();
 #  define SIGFUNC_RETURN	(0)
 #  define SIGFUNC_DECL		int
 
-# else
+# else /* ! __svr4 */
 			/* NEWS-OS 6.0.3 with /bin/cc */
 #  ifndef __svr4__
-#   define __svr4__		/* use all System V Releae 4 defines below */
-#  endif
+#   define __svr4__		/* use all System V Release 4 defines below */
+#  endif /* ! __svr4__ */
 #  define HASSETSID	1	/* has Posix setsid(2) call */
 #  define HASGETUSERSHELL 1	/* DOES have getusershell(3) call in libc */
 #  define LA_TYPE	LA_READKSYM	/* use MIOC_READKSYM ioctl */
 #  ifndef SPT_TYPE
 #   define SPT_TYPE	SPT_SYSMIPS	/* use sysmips() (OS 6.0.2 or later) */
-#  endif
+#  endif /* ! SPT_TYPE */
 #  define GIDSET_T	gid_t
 #  undef WIFEXITED
 #  undef WEXITSTATUS
 #  ifndef SYSLOG_BUFSIZE
-#   define SYSLOG_BUFSIZE	1024
-#  endif
+#   define SYSLOG_BUFSIZE	256
+#  endif /* ! SYSLOG_BUFSIZE */
 #  define _PATH_UNIX		"/stand/unix"
 #  ifndef _PATH_VENDOR_CF
 #   define _PATH_VENDOR_CF	"/etc/mail/sendmail.cf"
-#  endif
+#  endif /* ! _PATH_VENDOR_CF */
 #  ifndef _PATH_SENDMAILPID
 #   define _PATH_SENDMAILPID	"/etc/mail/sendmail.pid"
-#  endif
+#  endif /* ! _PATH_SENDMAILPID */
 
-# endif
-#endif
+# endif /* ! __svr4 */
+#endif /* sony_news */
 
 
 /*
@@ -1828,7 +1999,7 @@ typedef int		(*sigfunc_t)();
 #ifdef luna
 # ifndef IDENTPROTO
 #  define IDENTPROTO	0	/* TCP/IP implementation is broken */
-# endif
+# endif /* ! IDENTPROTO */
 # define HASUNSETENV	1	/* has unsetenv(2) call */
 # define NEEDPUTENV	1	/* need putenv(3) call */
 # define NEEDGETOPT	1	/* need a replacement for getopt(3) */
@@ -1839,15 +2010,15 @@ typedef int		(*sigfunc_t)();
 #  define NEEDVPRINTF	1	/* need a replacement for vprintf(3) */
 #  define LA_TYPE	LA_INT
 #  define TZ_TYPE	TZ_TM_ZONE	/* use tm->tm_zone */
-# endif
+# endif /* uniosb */
 # ifdef luna2
 #  define LA_TYPE	LA_SUBR
 #  define TZ_TYPE	TZ_TM_ZONE	/* use tm->tm_zone */
-# endif
+# endif /* luna2 */
 # ifdef luna88k
 #  define HASSNPRINTF	1	/* has snprintf(3) and vsnprintf(3) */
 #  define LA_TYPE	LA_INT
-# endif
+# endif /* luna88k */
 # define SFS_TYPE	SFS_VFS /* use <sys/vfs.h> statfs() implementation */
 # define setpgid	setpgrp
 # undef WIFEXITED
@@ -1858,13 +2029,12 @@ typedef int		(*sigfunc_t)();
 # define SIGFUNC_RETURN	(0)
 # define SIGFUNC_DECL	int
 extern char	*getenv();
-extern int	errno;
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/usr/lib/sendmail.cf"
-# endif
-#endif
+# endif /* ! _PATH_VENDOR_CF */
+#endif /* luna */
+
 
-  
 /*
 **  NEC EWS-UX/V 4.2 (with /usr/ucb/cc)
 **
@@ -1873,8 +2043,8 @@ extern int	errno;
 
 #if defined(nec_ews_svr4) || defined(_nec_ews_svr4)
 # ifndef __svr4__
-#  define __svr4__		/* use all System V Releae 4 defines below */
-# endif
+#  define __svr4__		/* use all System V Release 4 defines below */
+# endif /* ! __svr4__ */
 # define SYS5SIGNALS	1	/* SysV signal semantics -- reset on each sig */
 # define HASSETSID	1	/* has Posix setsid(2) call */
 # define LA_TYPE	LA_READKSYM	/* use MIOC_READSYM ioctl */
@@ -1883,10 +2053,16 @@ extern int	errno;
 # undef WIFEXITED
 # undef WEXITSTATUS
 # define NAMELISTMASK	0x7fffffff	/* mask for nlist() values */
+# ifndef _PATH_VENDOR_CF
+#  define _PATH_VENDOR_CF	"/usr/ucblib/sendmail.cf"
+# endif /* ! _PATH_VENDOR_CF */
+# ifndef _PATH_SENDMAILPID
+#  define _PATH_SENDMAILPID	"/usr/ucblib/sendmail.pid"
+# endif /* ! _PATH_SENDMAILPID */
 # ifndef SYSLOG_BUFSIZE
 #  define SYSLOG_BUFSIZE	1024	/* allow full size syslog buffer */
-# endif
-#endif
+# endif /* ! SYSLOG_BUFSIZE */
+#endif /* defined(nec_ews_svr4) || defined(_nec_ews_svr4) */
 
 
 /*
@@ -1894,7 +2070,7 @@ extern int	errno;
 **
 **	From Diego R. Lopez <drlopez@cica.es>.
 **	Additional changes from Fumio Moriya and Toshiaki Nomura of the
-**		Fujitsu Fresoftware gruop <dsfrsoft@oai6.yk.fujitsu.co.jp>.
+**		Fujitsu Fresoftware group <dsfrsoft@oai6.yk.fujitsu.co.jp>.
 */
 
 #ifdef __uxp__
@@ -1906,17 +2082,17 @@ extern int	errno;
 # define HASFLOCK		0
 # if UXPDS == 10
 #  define HASSNPRINTF		0	/* no snprintf(3) or vsnprintf(3) */
-# else
+# else /* UXPDS == 10 */
 #  define HASSNPRINTF		1	/* has snprintf(3) and vsnprintf(3) */
-# endif
+# endif /* UXPDS == 10 */
 # define _PATH_UNIX		"/stand/unix"
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/usr/ucblib/sendmail.cf"
-# endif
+# endif /* ! _PATH_VENDOR_CF */
 # ifndef _PATH_SENDMAILPID
 #  define _PATH_SENDMAILPID	"/usr/ucblib/sendmail.pid"
-# endif
-#endif
+# endif /* ! _PATH_SENDMAILPID */
+#endif /* __uxp__ */
 
 /*
 **  Pyramid DC/OSx
@@ -1928,8 +2104,8 @@ extern int	errno;
 # define GIDSET_T	gid_t
 # ifndef IDENTPROTO
 #  define IDENTPROTO	0	/* TCP/IP implementation is broken */
-# endif
-#endif
+# endif /* ! IDENTPROTO */
+#endif /* DCOSx */
 
 /*
 **  Concurrent Computer Corporation Maxion
@@ -1953,7 +2129,7 @@ extern int	errno;
 # define SFS_BAVAIL		f_bavail
 # ifndef SYSLOG_BUFSIZE
 #  define SYSLOG_BUFSIZE	256	/* Use 256 bytes */
-# endif
+# endif /* ! SYSLOG_BUFSIZE */
 
 # undef WUNTRACED
 # undef WIFEXITED
@@ -1963,7 +2139,7 @@ extern int	errno;
 # undef WTERMSIG
 # undef WSTOPSIG
 
-#endif
+#endif /* __MAXION__ */
 
 /*
 **  Harris Nighthawk PowerUX (nh6000 box)
@@ -1974,29 +2150,30 @@ extern int	errno;
 #ifdef _PowerUX
 # ifndef __svr4__
 #  define __svr4__
-# endif
+# endif /* ! __svr4__ */
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/etc/mail/sendmail.cf"
-# endif
+# endif /* ! _PATH_VENDOR_CF */
 # ifndef _PATH_SENDMAILPID
 #  define _PATH_SENDMAILPID	"/etc/mail/sendmail.pid"
-# endif
+# endif /* ! _PATH_SENDMAILPID */
 # define SYSLOG_BUFSIZE		1024
 # define HASSNPRINTF		1	/* has snprintf(3) and vsnprintf(3) */
 # define LA_TYPE		LA_ZERO
 typedef struct msgb		mblk_t;
 # undef offsetof	/* avoid stddefs.h and sys/sysmacros.h conflict */
-#endif
+#endif /* _PowerUX */
 
 /*
-**  Siemens Nixdorf Informationssysteme AG SINIX 
+**  Siemens Nixdorf Informationssysteme AG SINIX
 **
 **	Contributed by Gerald Rinske <Gerald.Rinske@mch.sni.de>
 **	of Siemens Business Services VAS.
 */
 #ifdef sinix
+# define HASRANDOM		0	/* has random(3) */
 # define SYSLOG_BUFSIZE		1024
-#endif
+#endif /* sinix */
 
 /*
 **  CRAY T3E
@@ -2006,7 +2183,31 @@ typedef struct msgb		mblk_t;
 */
 #ifdef _CRAY
 # define GET_IPOPT_DST(dst)	*(struct in_addr *)&(dst)
-#endif
+#endif /* _CRAY */
+
+/*
+**  Motorola 922, MC88110, UNIX SYSTEM V/88 Release 4.0 Version 4.3
+**
+**	Contributed by Sergey Rusanov <rsm@utfoms.udmnet.ru>
+*/
+
+#ifdef MOTO
+# define HASFCHMOD		1
+# define HASSETRLIMIT		0
+# define HASSETSID		1
+# define HASSETREUID		1
+# define HASULIMIT		1
+# define HASWAITPID		1
+# define HASGETDTABLESIZE	1
+# define HASGETUSERSHELL	1
+# define IP_SRCROUTE		0
+# define IDENTPROTO		0
+# define RES_DNSRCH_VARIABLE	_res_dnsrch
+# define _PATH_UNIX		"/unix"
+# define _PATH_VENDOR_CF	"/etc/sendmail.cf"
+# define _PATH_SENDMAILPID	"/var/run/sendmail.pid"
+#endif /* MOTO */
+
 
 /**********************************************************************
 **  End of Per-Operating System defines
@@ -2022,52 +2223,52 @@ typedef struct msgb		mblk_t;
 # define HASINITGROUPS	1	/* has initgroups(3) call */
 # ifndef IP_SRCROUTE
 #  define IP_SRCROUTE	1	/* can check IP source routing */
-# endif
+# endif /* ! IP_SRCROUTE */
 # ifndef HASSETRLIMIT
 #  define HASSETRLIMIT	1	/* has setrlimit(2) call */
-# endif
+# endif /* ! HASSETRLIMIT */
 # ifndef HASFLOCK
 #  define HASFLOCK	1	/* has flock(2) call */
-# endif
+# endif /* ! HASFLOCK */
 # ifndef TZ_TYPE
 #  define TZ_TYPE	TZ_TM_ZONE	/* use tm->tm_zone variable */
-# endif
-#endif
+# endif /* ! TZ_TYPE */
+#endif /* BSD */
 
 /* general System V Release 4 defines */
 #ifdef __svr4__
 # define SYSTEM5	1
-# define USESETEUID	1	/* has useable seteuid(2) call */
+# define USESETEUID	1	/* has usable seteuid(2) call */
 # define HASINITGROUPS	1	/* has initgroups(3) call */
 # define BSD_COMP	1	/* get BSD ioctl calls */
 # ifndef HASSETRLIMIT
 #  define HASSETRLIMIT	1	/* has setrlimit(2) call */
-# endif
+# endif /* ! HASSETRLIMIT */
 # ifndef HASGETUSERSHELL
 #  define HASGETUSERSHELL 0	/* does not have getusershell(3) call */
-# endif
+# endif /* ! HASGETUSERSHELL */
 # ifndef HASFCHMOD
 #  define HASFCHMOD	1	/* most (all?) SVr4s seem to have fchmod(2) */
-# endif
+# endif /* ! HASFCHMOD */
 
 # ifndef _PATH_UNIX
 #  define _PATH_UNIX		"/unix"
-# endif
+# endif /* ! _PATH_UNIX */
 # ifndef _PATH_VENDOR_CF
 #  define _PATH_VENDOR_CF	"/usr/ucblib/sendmail.cf"
-# endif
+# endif /* ! _PATH_VENDOR_CF */
 # ifndef _PATH_SENDMAILPID
 #  define _PATH_SENDMAILPID	"/usr/ucblib/sendmail.pid"
-# endif
+# endif /* ! _PATH_SENDMAILPID */
 # ifndef SYSLOG_BUFSIZE
 #  define SYSLOG_BUFSIZE	128
-# endif
+# endif /* ! SYSLOG_BUFSIZE */
 # ifndef SFS_TYPE
 #  define SFS_TYPE		SFS_STATVFS
-# endif
+# endif /* ! SFS_TYPE */
 
 # define USE_SIGLONGJMP	1	/* sigsetjmp needed for signal handling */
-#endif
+#endif /* __svr4__ */
 
 /* general System V defines */
 #ifdef SYSTEM5
@@ -2077,38 +2278,30 @@ typedef struct msgb		mblk_t;
 # define HASSETVBUF	1	/* we have setvbuf(3) in libc */
 # ifndef HASULIMIT
 #  define HASULIMIT	1	/* has the ulimit(2) syscall */
-# endif
+# endif /* ! HASULIMIT */
 # ifndef LA_TYPE
 #  ifdef MIOC_READKSYM
 #   define LA_TYPE	LA_READKSYM	/* use MIOC_READKSYM ioctl */
-#  else
+#  else /* MIOC_READKSYM */
 #   define LA_TYPE	LA_INT		/* assume integer load average */
-#  endif
-# endif
+#  endif /* MIOC_READKSYM */
+# endif /* ! LA_TYPE */
 # ifndef SFS_TYPE
 #  define SFS_TYPE	SFS_USTAT	/* use System V ustat(2) syscall */
-# endif
+# endif /* ! SFS_TYPE */
 # ifndef TZ_TYPE
 #  define TZ_TYPE	TZ_TZNAME	/* use tzname[] vector */
-# endif
-# define bcopy(s, d, l)		(memmove((d), (s), (l)))
-# define bzero(d, l)		(memset((d), '\0', (l)))
-# define bcmp(s, d, l)		(memcmp((s), (d), (l)))
-#endif
+# endif /* ! TZ_TYPE */
+#endif /* SYSTEM5 */
 
 /* general POSIX defines */
 #ifdef _POSIX_VERSION
 # define HASSETSID	1	/* has Posix setsid(2) call */
 # define HASWAITPID	1	/* has Posix waitpid(2) call */
 # if _POSIX_VERSION >= 199500 && !defined(USESETEUID)
-#  define USESETEUID	1	/* has useable seteuid(2) call */
-# endif
-# ifndef bcopy
-#  define bcopy(s, d, l)	(memmove((d), (s), (l)))
-#  define bzero(d, l)		(memset((d), '\0', (l)))
-#  define bcmp(s, d, l)		(memcmp((s), (d), (l)))
-# endif
-#endif
+#  define USESETEUID	1	/* has usable seteuid(2) call */
+# endif /* _POSIX_VERSION >= 199500 && !defined(USESETEUID) */
+#endif /* _POSIX_VERSION */
 /*
 **  Tweaking for systems that (for example) claim to be BSD or POSIX
 **  but don't have all the standard BSD or POSIX routines (boo hiss).
@@ -2116,26 +2309,15 @@ typedef struct msgb		mblk_t;
 
 #ifdef titan
 # undef HASINITGROUPS		/* doesn't have initgroups(3) call */
-#endif
+#endif /* titan */
 
 #ifdef _CRAYCOM
 # undef HASSETSID		/* despite POSIX claim, doesn't have setsid */
-#endif
-
-#ifdef ISC_UNIX
-# undef bcopy			/* despite SystemV claim, uses BSD bcopy */
-#endif
-
-#ifdef ALTOS_SYSTEM_V
-# undef bcopy			/* despite SystemV claim, uses BSD bcopy */
-# undef bzero			/* despite SystemV claim, uses BSD bzero */
-# undef bcmp			/* despite SystemV claim, uses BSD bcmp */
-#endif
-
-#if defined(sun) && !defined(BSD) && !defined(SOLARIS) && !defined(__svr4__) && !defined(__SVR4)
-# undef bcopy			/* SunOS 4 doesn't have memmove() */
-#endif
+#endif /* _CRAYCOM */
 
+#ifdef MOTO
+# undef USESETEUID
+#endif /* MOTO */
 
 /*
 **  Due to a "feature" in some operating systems such as Ultrix 4.3 and
@@ -2150,55 +2332,77 @@ typedef struct msgb		mblk_t;
 
 #ifndef IDENTPROTO
 # define IDENTPROTO	1	/* use IDENT proto (RFC 1413) */
-#endif
+#endif /* ! IDENTPROTO */
 
 #ifndef IP_SRCROUTE
 # define IP_SRCROUTE	1	/* Detect IP source routing */
-#endif
+#endif /* ! IP_SRCROUTE */
 
 #ifndef HASGETUSERSHELL
 # define HASGETUSERSHELL 1	/* libc has getusershell(3) call */
-#endif
+#endif /* ! HASGETUSERSHELL */
 
 #ifndef NETUNIX
 # define NETUNIX	1	/* include unix domain support */
-#endif
+#endif /* ! NETUNIX */
+
+#ifndef HASRANDOM
+# define HASRANDOM	1	/* has random(3) support */
+#endif /* ! HASRANDOM */
 
 #ifndef HASFLOCK
 # define HASFLOCK	0	/* assume no flock(2) support */
-#endif
+#endif /* ! HASFLOCK */
 
 #ifndef HASSETREUID
 # define HASSETREUID	0	/* assume no setreuid(2) call */
-#endif
+#endif /* ! HASSETREUID */
 
 #ifndef HASFCHMOD
 # define HASFCHMOD	0	/* assume no fchmod(2) syscall */
-#endif
+#endif /* ! HASFCHMOD */
 
 #ifndef USESETEUID
 # define USESETEUID	0	/* assume no seteuid(2) call or no saved ids */
-#endif
+#endif /* ! USESETEUID */
 
 #ifndef HASSETRLIMIT
 # define HASSETRLIMIT	0	/* assume no setrlimit(2) support */
-#endif
+#endif /* ! HASSETRLIMIT */
 
 #ifndef HASULIMIT
 # define HASULIMIT	0	/* assume no ulimit(2) support */
-#endif
+#endif /* ! HASULIMIT */
 
 #ifndef SECUREWARE
 # define SECUREWARE	0	/* assume no SecureWare C2 auditing hooks */
-#endif
+#endif /* ! SECUREWARE */
 
 #ifndef USE_SIGLONGJMP
 # define USE_SIGLONGJMP	0	/* assume setjmp handles signals properly */
-#endif
+#endif /* ! USE_SIGLONGJMP */
 
 #ifndef FDSET_CAST
 # define FDSET_CAST		/* (empty) cast for fd_set arg to select */
-#endif
+#endif /* ! FDSET_CAST */
+
+/*
+**  Pick a mailer setuid method for changing the current uid
+*/
+
+#define USE_SETEUID	0
+#define USE_SETREUID	1
+#define USE_SETUID	2
+
+#if USESETEUID
+# define MAILER_SETUID_METHOD	USE_SETEUID
+#else /* USESETEUID */
+# if HASSETREUID
+#  define MAILER_SETUID_METHOD	USE_SETREUID
+# else /* HASSETREUID */
+#  define MAILER_SETUID_METHOD	USE_SETUID
+# endif /* HASSETREUID */
+#endif /* USESETEUID */
 
 /*
 **  If no type for argument two of getgroups call is defined, assume
@@ -2208,39 +2412,39 @@ typedef struct msgb		mblk_t;
 
 #ifndef GIDSET_T
 # define GIDSET_T	int
-#endif
+#endif /* ! GIDSET_T */
 
 #ifndef UID_T
 # define UID_T		uid_t
-#endif
+#endif /* ! UID_T */
 
 #ifndef GID_T
 # define GID_T		gid_t
-#endif
+#endif /* ! GID_T */
 
 #ifndef SIZE_T
 # define SIZE_T		size_t
-#endif
+#endif /* ! SIZE_T */
 
 #ifndef MODE_T
 # define MODE_T		mode_t
-#endif
+#endif /* ! MODE_T */
 
 #ifndef ARGV_T
 # define ARGV_T		char **
-#endif
+#endif /* ! ARGV_T */
 
 #ifndef SOCKADDR_LEN_T
 # define SOCKADDR_LEN_T	int
-#endif
+#endif /* ! SOCKADDR_LEN_T */
 
 #ifndef SOCKOPT_LEN_T
 # define SOCKOPT_LEN_T	int
-#endif
+#endif /* ! SOCKOPT_LEN_T */
 
 #ifndef QUAD_T
 # define QUAD_T	unsigned long
-#endif
+#endif /* ! QUAD_T */
 /**********************************************************************
 **  Remaining definitions should never have to be changed.  They are
 **  primarily to provide back compatibility for older systems -- for
@@ -2250,46 +2454,60 @@ typedef struct msgb		mblk_t;
 /* System 5 compatibility */
 #ifndef S_ISREG
 # define S_ISREG(foo)	((foo & S_IFMT) == S_IFREG)
-#endif
+#endif /* ! S_ISREG */
 #ifndef S_ISDIR
 # define S_ISDIR(foo)	((foo & S_IFMT) == S_IFDIR)
-#endif
+#endif /* ! S_ISDIR */
 #if !defined(S_ISLNK) && defined(S_IFLNK)
 # define S_ISLNK(foo)	((foo & S_IFMT) == S_IFLNK)
-#endif
+#endif /* !defined(S_ISLNK) && defined(S_IFLNK) */
+#if !defined(S_ISFIFO)
+# if defined(S_IFIFO)
+#  define S_ISFIFO(foo)	((foo & S_IFMT) == S_IFIFO)
+# else /* defined(S_IFIFO) */
+#  define S_ISFIFO(foo)	FALSE
+# endif /* defined(S_IFIFO) */
+#endif /* !defined(S_ISFIFO) */
 #ifndef S_IRUSR
 # define S_IRUSR		0400
-#endif
+#endif /* ! S_IRUSR */
 #ifndef S_IWUSR
 # define S_IWUSR		0200
-#endif
+#endif /* ! S_IWUSR */
 #ifndef S_IRGRP
 # define S_IRGRP		0040
-#endif
+#endif /* ! S_IRGRP */
 #ifndef S_IWGRP
 # define S_IWGRP		0020
-#endif
+#endif /* ! S_IWGRP */
 #ifndef S_IROTH
 # define S_IROTH		0004
-#endif
+#endif /* ! S_IROTH */
 #ifndef S_IWOTH
 # define S_IWOTH		0002
-#endif
+#endif /* ! S_IWOTH */
+
+/* close-on-exec flag */
+#ifndef FD_CLOEXEC
+# define FD_CLOEXEC	1
+#endif /* ! FD_CLOEXEC */
 
 /*
 **  Older systems don't have this error code -- it should be in
 **  /usr/include/sysexits.h.
 */
 
-# ifndef EX_CONFIG
+#ifndef EX_CONFIG
 # define EX_CONFIG	78	/* configuration error */
-# endif
+#endif /* ! EX_CONFIG */
 
-/* pseudo-code used in server SMTP */
-# define EX_QUIT	22	/* drop out of server immediately */
+/* pseudo-codes */
+#define EX_QUIT		22	/* drop out of server immediately */
+#define EX_RESTART	23	/* restart sendmail daemon */
+#define EX_SHUTDOWN	24	/* shutdown sendmail daemon */
 
 /* pseudo-code used for mci_setstat */
-# define EX_NOTSTICKY	-5	/* don't save persistent status */
+#define EX_NOTSTICKY	-5	/* don't save persistent status */
 
 
 /*
@@ -2299,67 +2517,76 @@ typedef struct msgb		mblk_t;
 #define ST_MODE_NOFILE	0171147		/* unlikely to occur */
 
 
-/*
-**  These are used in a few cases where we need some special
-**  error codes, but where the system doesn't provide something
-**  reasonable.  They are printed in errstring.
-*/
-
-#ifndef E_PSEUDOBASE
-# define E_PSEUDOBASE	256
-#endif
-
-#define E_SM_OPENTIMEOUT (E_PSEUDOBASE + 0)	/* Timeout on file open */
-#define E_SM_NOSLINK	(E_PSEUDOBASE + 1)	/* Symbolic links not allowed */
-#define E_SM_NOHLINK	(E_PSEUDOBASE + 2)	/* Hard links not allowed */
-#define E_SM_REGONLY	(E_PSEUDOBASE + 3)	/* Regular files only */
-#define E_SM_ISEXEC	(E_PSEUDOBASE + 4)	/* Executable files not allowed */
-#define E_SM_WWDIR	(E_PSEUDOBASE + 5)	/* World writable directory */
-#define E_SM_GWDIR	(E_PSEUDOBASE + 6)	/* Group writable directory */
-#define E_SM_FILECHANGE (E_PSEUDOBASE + 7)	/* File changed after open */
-#define E_SM_WWFILE	(E_PSEUDOBASE + 8)	/* World writable file */
-#define E_SM_GWFILE	(E_PSEUDOBASE + 9)	/* Group writable file */
-#define E_DNSBASE	(E_PSEUDOBASE + 20)	/* base for DNS h_errno */
-
 /* type of arbitrary pointer */
 #ifndef ARBPTR_T
 # define ARBPTR_T	void *
-#endif
+#endif /* ! ARBPTR_T */
 
 #ifndef __P
-# include "cdefs.h"
-#endif
+# include "sendmail/cdefs.h"
+#endif /* ! __P */
 
 #if HESIOD && !defined(NAMED_BIND)
 # define NAMED_BIND	1	/* not one without the other */
-#endif
+#endif /* HESIOD && !defined(NAMED_BIND) */
 
-#if NAMED_BIND && !defined(__ksr__) && !defined(h_errno)
+# if NAMED_BIND && !defined( __ksr__ ) && !defined( h_errno )
 extern int	h_errno;
-#endif
+# endif /* NAMED_BIND && !defined( __ksr__ ) && !defined( h_errno ) */
+
+#ifdef LDAPMAP
+# include <sys/time.h>
+# include <lber.h>
+# include <ldap.h>
+
+/* Some LDAP constants */
+# define LDAPMAP_FALSE		0
+# define LDAPMAP_TRUE		1
+
+/*
+**  ldap_init(3) is broken in Umich 3.x and OpenLDAP 1.0/1.1.
+**  Use the lack of LDAP_OPT_SIZELIMIT to detect old API implementations
+**  and assume (falsely) that all old API implementations are broken.
+**  (OpenLDAP 1.2 and later have a working ldap_init(), add -DUSE_LDAP_INIT)
+*/
+
+# if defined(LDAP_OPT_SIZELIMIT) && !defined(USE_LDAP_INIT)
+#  define USE_LDAP_INIT	1
+# endif /* defined(LDAP_OPT_SIZELIMIT) && !defined(USE_LDAP_INIT) */
+
+/*
+**  LDAP_OPT_SIZELIMIT is not defined under Umich 3.x nor OpenLDAP 1.x,
+**  hence ldap_set_option() must not exist.
+*/
+
+# if defined(LDAP_OPT_SIZELIMIT) && !defined(USE_LDAP_SET_OPTION)
+#  define USE_LDAP_SET_OPTION	1
+# endif /* defined(LDAP_OPT_SIZELIMIT) && !defined(USE_LDAP_SET_OPTION) */
+
+#endif /* LDAPMAP */
 
 /*
 **  Do some required dependencies
 */
 
-#if NETINET || NETISO
+#if NETINET || NETINET6 || NETISO
 # ifndef SMTP
 #  define SMTP		1	/* enable user and server SMTP */
-# endif
+# endif /* ! SMTP */
 # ifndef QUEUE
 #  define QUEUE		1	/* enable queueing */
-# endif
+# endif /* ! QUEUE */
 # ifndef DAEMON
 #  define DAEMON	1	/* include the daemon (requires IPC & SMTP) */
-# endif
-#endif
+# endif /* ! DAEMON */
+#endif /* NETINET || NETINET6 || NETISO */
 
 
 /*
 **  Arrange to use either varargs or stdargs
 */
 
-# ifdef __STDC__
+#ifdef __STDC__
 
 # include <stdarg.h>
 
@@ -2367,7 +2594,7 @@ extern int	h_errno;
 # define VA_START(f)	va_start(ap, f)
 # define VA_END		va_end(ap)
 
-# else
+#else /* __STDC__ */
 
 # include <varargs.h>
 
@@ -2375,91 +2602,100 @@ extern int	h_errno;
 # define VA_START(f)	va_start(ap)
 # define VA_END		va_end(ap)
 
-# endif
+#endif /* __STDC__ */
 
-#ifdef HASUNAME
+#if HASUNAME
 # include <sys/utsname.h>
 # ifdef newstr
 #  undef newstr
-# endif
-#else /* ! HASUNAME */
+# endif /* newstr */
+#else /* HASUNAME */
 # define NODE_LENGTH 32
 struct utsname
 {
-	char nodename[NODE_LENGTH+1];
+	char nodename[NODE_LENGTH + 1];
 };
 #endif /* HASUNAME */
 
 #if !defined(MAXHOSTNAMELEN) && !defined(_SCO_unix_) && !defined(NonStop_UX_BXX) && !defined(ALTOS_SYSTEM_V)
 # define MAXHOSTNAMELEN	256
-#endif
+#endif /* !defined(MAXHOSTNAMELEN) && !defined(_SCO_unix_) && !defined(NonStop_UX_BXX) && !defined(ALTOS_SYSTEM_V) */
 
 #if !defined(SIGCHLD) && defined(SIGCLD)
 # define SIGCHLD	SIGCLD
-#endif
+#endif /* !defined(SIGCHLD) && defined(SIGCLD) */
 
 #ifndef STDIN_FILENO
 # define STDIN_FILENO	0
-#endif
+#endif /* ! STDIN_FILENO */
 
 #ifndef STDOUT_FILENO
 # define STDOUT_FILENO	1
-#endif
+#endif /* ! STDOUT_FILENO */
 
 #ifndef STDERR_FILENO
 # define STDERR_FILENO	2
-#endif
+#endif /* ! STDERR_FILENO */
 
 #ifndef LOCK_SH
 # define LOCK_SH	0x01	/* shared lock */
 # define LOCK_EX	0x02	/* exclusive lock */
 # define LOCK_NB	0x04	/* non-blocking lock */
 # define LOCK_UN	0x08	/* unlock */
-#endif
+#endif /* ! LOCK_SH */
 
 #ifndef S_IXOTH
 # define S_IXOTH	(S_IEXEC >> 6)
-#endif
+#endif /* ! S_IXOTH */
 
 #ifndef S_IXGRP
 # define S_IXGRP	(S_IEXEC >> 3)
-#endif
+#endif /* ! S_IXGRP */
 
 #ifndef S_IXUSR
 # define S_IXUSR	(S_IEXEC)
-#endif
+#endif /* ! S_IXUSR */
 
 #ifndef SEEK_SET
 # define SEEK_SET	0
 # define SEEK_CUR	1
 # define SEEK_END	2
-#endif
+#endif /* ! SEEK_SET */
 
 #ifndef SIG_ERR
 # define SIG_ERR	((void (*)()) -1)
-#endif
+#endif /* ! SIG_ERR */
 
 #ifndef WEXITSTATUS
 # define WEXITSTATUS(st)	(((st) >> 8) & 0377)
-#endif
+#endif /* ! WEXITSTATUS */
 #ifndef WIFEXITED
 # define WIFEXITED(st)		(((st) & 0377) == 0)
-#endif
+#endif /* ! WIFEXITED */
+#ifndef WIFSTOPPED
+# define WIFSTOPPED(st)		(((st) & 0100) == 0)
+#endif /* ! WIFSTOPPED */
+#ifndef WCOREDUMP
+# define WCOREDUMP(st)		(((st) & 0200) != 0)
+#endif /* ! WCOREDUMP */
+#ifndef WTERMSIG
+# define WTERMSIG(st)		(((st) & 0177))
+#endif /* ! WTERMSIG */
 
 #ifndef SIGFUNC_DEFINED
 typedef void		(*sigfunc_t) __P((int));
-#endif
+#endif /* ! SIGFUNC_DEFINED */
 #ifndef SIGFUNC_RETURN
 # define SIGFUNC_RETURN
-#endif
+#endif /* ! SIGFUNC_RETURN */
 #ifndef SIGFUNC_DECL
 # define SIGFUNC_DECL	void
-#endif
+#endif /* ! SIGFUNC_DECL */
 
 /* size of syslog buffer */
 #ifndef SYSLOG_BUFSIZE
 # define SYSLOG_BUFSIZE	1024
-#endif
+#endif /* ! SYSLOG_BUFSIZE */
 
 /*
 **  Size of prescan buffer.
@@ -2467,12 +2703,23 @@ typedef void		(*sigfunc_t) __P((int));
 **	not be changed; there are some hard-to-define dependencies.
 */
 
-# define PSBUFSIZE	(MAXNAME + MAXATOM)	/* size of prescan buffer */
+#define PSBUFSIZE	(MAXNAME + MAXATOM)	/* size of prescan buffer */
 
 /* fork routine -- set above using #ifdef _osname_ or in Makefile */
-# ifndef FORK
+#ifndef FORK
 # define FORK		fork		/* function to call to fork mailer */
-# endif
+#endif /* ! FORK */
+
+
+/* random routine -- set above using #ifdef _osname_ or in Makefile */
+#if HASRANDOM
+# define get_random()	random()
+#else /* HASRANDOM */
+# define get_random()	((long) rand())
+# ifndef RANDOMSHIFT
+#  define RANDOMSHIFT	8
+# endif /* RANDOMSHIFT */
+#endif /* HASRANDOM */
 
 /*
 **  Default to using scanf in readcf.
@@ -2480,7 +2727,14 @@ typedef void		(*sigfunc_t) __P((int));
 
 #ifndef SCANF
 # define SCANF		1
-#endif
+#endif /* ! SCANF */
+
+#if _FFR_MILTER
+/* 32 bit type */
+# ifndef SM_INT32
+#  define SM_INT32	int32_t
+# endif /* SM_INT32 */
+#endif /* _FFR_MILTER */
 
 /*
 **  SVr4 and similar systems use different routines for setjmp/longjmp
@@ -2490,21 +2744,35 @@ typedef void		(*sigfunc_t) __P((int));
 #if USE_SIGLONGJMP
 # ifdef jmp_buf
 #  undef jmp_buf
-# endif
+# endif /* jmp_buf */
 # define jmp_buf		sigjmp_buf
 # ifdef setjmp
 #  undef setjmp
-# endif
+# endif /* setjmp */
 # define setjmp(env)		sigsetjmp(env, 1)
 # ifdef longjmp
 #  undef longjmp
-# endif
+# endif /* longjmp */
 # define longjmp(env, val)	siglongjmp(env, val)
-#endif
+#endif /* USE_SIGLONGJMP */
 
 #if !defined(NGROUPS_MAX) && defined(NGROUPS)
 # define NGROUPS_MAX	NGROUPS		/* POSIX naming convention */
-#endif
+#endif /* !defined(NGROUPS_MAX) && defined(NGROUPS) */
+
+/*
+**  Some snprintf() implementations are rumored not to NUL terminate.
+*/
+#if SNPRINTF_IS_BROKEN
+# ifdef snprintf
+#  undef snprintf
+# endif /* snprintf */
+# define snprintf	sm_snprintf
+# ifdef vsnprintf
+#  undef vsnprintf
+# endif /* vsnprintf */
+# define vsnprintf	sm_vsnprintf
+#endif /* SNPRINTF_IS_BROKEN */
 
 /*
 **  If we don't have a system syslog, simulate it.
@@ -2519,4 +2787,14 @@ typedef void		(*sigfunc_t) __P((int));
 # define LOG_NOTICE	5	/* normal but significant condition */
 # define LOG_INFO	6	/* informational */
 # define LOG_DEBUG	7	/* debug-level messages */
-#endif
+#endif /* !LOG */
+
+#if SFIO && defined(ERRLIST_PREDEFINED)
+# undef ERRLIST_PREDEFINED
+#endif /* SFIO && defined(ERRLIST_PREDEFINED) */
+
+#ifndef SFIO_STDIO_COMPAT
+# define SFIO_STDIO_COMPAT	0
+#endif /* ! SFIO_STDIO_COMPAT */
+
+#endif /* CONF_H */
diff --git a/contrib/sendmail/src/control.c b/contrib/sendmail/src/control.c
index 415818c..287391a 100644
--- a/contrib/sendmail/src/control.c
+++ b/contrib/sendmail/src/control.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  *
  * By using this file, you agree to the terms and conditions set
  * forth in the LICENSE file which can be found at the top level of
@@ -8,10 +9,11 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)control.c	8.18 (Berkeley) 1/17/1999";
-#endif /* not lint */
+static char id[] = "@(#)$Id: control.c,v 8.44.14.7 2000/07/03 21:49:05 geir Exp $";
+#endif /* ! lint */
+
+#include <sendmail.h>
 
-#include "sendmail.h"
 
 int ControlSocket = -1;
 
@@ -31,10 +33,10 @@ int ControlSocket = -1;
 int
 opencontrolsocket()
 {
-#ifdef NETUNIX
-# if _FFR_CONTROL_SOCKET
+#if NETUNIX
+	int save_errno;
 	int rval;
-	int sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_CREAT|SFF_MUSTOWN;
+	long sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_CREAT|SFF_MUSTOWN;
 	struct sockaddr_un controladdr;
 
 	if (ControlSocketName == NULL)
@@ -60,28 +62,26 @@ opencontrolsocket()
 	if (ControlSocket < 0)
 		return -1;
 
-	unlink(ControlSocketName);
-	bzero(&controladdr, sizeof controladdr);
+	(void) unlink(ControlSocketName);
+	memset(&controladdr, '\0', sizeof controladdr);
 	controladdr.sun_family = AF_UNIX;
-	strcpy(controladdr.sun_path, ControlSocketName);
+	(void) strlcpy(controladdr.sun_path, ControlSocketName,
+		       sizeof controladdr.sun_path);
 
 	if (bind(ControlSocket, (struct sockaddr *) &controladdr,
 		 sizeof controladdr) < 0)
 	{
-		int save_errno = errno;
-
+		save_errno = errno;
 		clrcontrol();
 		errno = save_errno;
 		return -1;
 	}
 
-#  if _FFR_TRUSTED_USER
 	if (geteuid() == 0 && TrustedUid != 0)
 	{
 		if (chown(ControlSocketName, TrustedUid, -1) < 0)
 		{
-			int save_errno = errno;
-
+			save_errno = errno;
 			sm_syslog(LOG_ALERT, NOQID,
 				  "ownership change on %s failed: %s",
 				  ControlSocketName, errstring(save_errno));
@@ -92,12 +92,10 @@ opencontrolsocket()
 			return -1;
 		}
 	}
-#  endif
 
 	if (chmod(ControlSocketName, S_IRUSR|S_IWUSR) < 0)
 	{
-		int save_errno = errno;
-
+		save_errno = errno;
 		closecontrolsocket(TRUE);
 		errno = save_errno;
 		return -1;
@@ -105,14 +103,12 @@ opencontrolsocket()
 
 	if (listen(ControlSocket, 8) < 0)
 	{
-		int save_errno = errno;
-
+		save_errno = errno;
 		closecontrolsocket(TRUE);
 		errno = save_errno;
 		return -1;
 	}
-# endif
-#endif
+#endif /* NETUNIX */
 	return 0;
 }
 /*
@@ -132,9 +128,8 @@ void
 closecontrolsocket(fullclose)
 	bool fullclose;
 {
-#ifdef NETUNIX
-# if _FFR_CONTROL_SOCKET
-	int sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_CREAT|SFF_MUSTOWN;
+#if NETUNIX
+	long sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_CREAT|SFF_MUSTOWN;
 
 	if (ControlSocket >= 0)
 	{
@@ -148,7 +143,7 @@ closecontrolsocket(fullclose)
 
 		rval = safefile(ControlSocketName, RunAsUid, RunAsGid, RunAsUserName,
 				sff, S_IRUSR|S_IWUSR, NULL);
-		
+
 		/* if not safe, don't unlink */
 		if (rval != 0)
 			return;
@@ -161,8 +156,7 @@ closecontrolsocket(fullclose)
 			return;
 		}
 	}
-# endif
-#endif
+#endif /* NETUNIX */
 	return;
 }
 /*
@@ -181,13 +175,11 @@ closecontrolsocket(fullclose)
 void
 clrcontrol()
 {
-#ifdef NETUNIX
-# if _FFR_CONTROL_SOCKET
+#if NETUNIX
 	if (ControlSocket >= 0)
 		(void) close(ControlSocket);
 	ControlSocket = -1;
-# endif
-#endif
+#endif /* NETUNIX */
 }
 
 #ifndef NOT_SENDMAIL
@@ -196,7 +188,7 @@ clrcontrol()
 **  CONTROL_COMMAND -- read and process command from named socket
 **
 **	Read and process the command from the opened socket.
-**	Return the results down the same socket.
+**	Exits when done since it is running in a forked child.
 **
 **	Parameters:
 **		sock -- the opened socket from getrequests()
@@ -208,11 +200,11 @@ clrcontrol()
 
 struct cmd
 {
-	char	*cmdname;	/* command name */
-	int	cmdcode;	/* internal code, see below */
+	char	*cmd_name;	/* command name */
+	int	cmd_code;	/* internal code, see below */
 };
 
-/* values for cmdcode */
+/* values for cmd_code */
 # define CMDERROR	0	/* bad command */
 # define CMDRESTART	1	/* restart daemon */
 # define CMDSHUTDOWN	2	/* end daemon */
@@ -228,12 +220,23 @@ static struct cmd	CmdTab[] =
 	{ NULL,		CMDERROR	}
 };
 
+static jmp_buf	CtxControlTimeout;
+
+static void
+controltimeout(timeout)
+	time_t timeout;
+{
+	longjmp(CtxControlTimeout, 1);
+}
+
 void
 control_command(sock, e)
 	int sock;
 	ENVELOPE *e;
 {
-	FILE *s;
+	volatile int exitstat = EX_OK;
+	FILE *s = NULL;
+	EVENT *ev = NULL;
 	FILE *traffic;
 	FILE *oldout;
 	char *cmd;
@@ -241,33 +244,45 @@ control_command(sock, e)
 	struct cmd *c;
 	char cmdbuf[MAXLINE];
 	char inp[MAXLINE];
-	extern char **SaveArgv;
-	extern void help __P((char *));
 
-	sm_setproctitle(FALSE, "control cmd read");
-		
+	sm_setproctitle(FALSE, e, "control cmd read");
+
+	if (TimeOuts.to_control > 0)
+	{
+		/* handle possible input timeout */
+		if (setjmp(CtxControlTimeout) != 0)
+		{
+			if (LogLevel > 2)
+				sm_syslog(LOG_NOTICE, e->e_id,
+					  "timeout waiting for input during control command");
+			exit(EX_IOERR);
+		}
+		ev = setevent(TimeOuts.to_control, controltimeout,
+			      TimeOuts.to_control);
+	}
+
 	s = fdopen(sock, "r+");
 	if (s == NULL)
 	{
 		int save_errno = errno;
 
-		close(sock);
+		(void) close(sock);
 		errno = save_errno;
-		return;
+		exit(EX_IOERR);
 	}
 	setbuf(s, NULL);
 
 	if (fgets(inp, sizeof inp, s) == NULL)
 	{
-		fclose(s);
-		return;
+		(void) fclose(s);
+		exit(EX_IOERR);
 	}
 	(void) fflush(s);
 
 	/* clean up end of line */
 	fixcrlf(inp, TRUE);
 
-	sm_setproctitle(FALSE, "control: %s", inp);
+	sm_setproctitle(FALSE, e, "control: %s", inp);
 
 	/* break off command */
 	for (p = inp; isascii(*p) && isspace(*p); p++)
@@ -278,72 +293,59 @@ control_command(sock, e)
 	       cmd < &cmdbuf[sizeof cmdbuf - 2])
 		*cmd++ = *p++;
 	*cmd = '\0';
-	
+
 	/* throw away leading whitespace */
 	while (isascii(*p) && isspace(*p))
 		p++;
-	
+
 	/* decode command */
-	for (c = CmdTab; c->cmdname != NULL; c++)
+	for (c = CmdTab; c->cmd_name != NULL; c++)
 	{
-		if (!strcasecmp(c->cmdname, cmdbuf))
+		if (strcasecmp(c->cmd_name, cmdbuf) == 0)
 			break;
 	}
 
-	switch (c->cmdcode)
+	switch (c->cmd_code)
 	{
 	  case CMDHELP:		/* get help */
 		traffic = TrafficLogFile;
 		TrafficLogFile = NULL;
 		oldout = OutChannel;
 		OutChannel = s;
-		help("control");
+		help("control", e);
 		TrafficLogFile = traffic;
 		OutChannel = oldout;
 		break;
-		
+
 	  case CMDRESTART:	/* restart the daemon */
-		if (SaveArgv[0][0] != '/')
-		{
-			fprintf(s, "ERROR: could not restart: need full path\r\n");
-			break;
-		}
-		if (LogLevel > 3)
-			sm_syslog(LOG_INFO, NOQID,
-				  "restarting %s on due to control command",
-				  SaveArgv[0]);
-		closecontrolsocket(FALSE);
-		if (drop_privileges(TRUE) != EX_OK)
-		{
-			if (LogLevel > 0)
-				sm_syslog(LOG_ALERT, NOQID,
-					  "could not set[ug]id(%d, %d): %m",
-					  RunAsUid, RunAsGid);
-
-			fprintf(s, "ERROR: could not set[ug]id(%d, %d): %s, exiting...\r\n",
-				(int)RunAsUid, (int)RunAsGid, errstring(errno));
-			finis(FALSE, EX_OSERR);
-		}
 		fprintf(s, "OK\r\n");
-		clrcontrol();
-		(void) fcntl(sock, F_SETFD, 1);
-		execve(SaveArgv[0], (ARGV_T) SaveArgv, (ARGV_T) ExternalEnviron);
-		if (LogLevel > 0)
-			sm_syslog(LOG_ALERT, NOQID, "could not exec %s: %m",
-				  SaveArgv[0]);
-		fprintf(s, "ERROR: could not exec %s: %s, exiting...\r\n",
-			SaveArgv[0], errstring(errno));
-		finis(FALSE, EX_OSFILE);
+		exitstat = EX_RESTART;
 		break;
 
 	  case CMDSHUTDOWN:	/* kill the daemon */
 		fprintf(s, "OK\r\n");
-		finis(FALSE, EX_OK);
+		exitstat = EX_SHUTDOWN;
 		break;
 
 	  case CMDSTATUS:	/* daemon status */
 		proc_list_probe();
-		fprintf(s, "%d/%d\r\n", CurChildren, MaxChildren);
+		{
+			long bsize;
+			long free;
+
+			free = freediskspace(QueueDir, &bsize);
+
+			/*
+			**  Prevent overflow and don't lose
+			**  precision (if bsize == 512)
+			*/
+
+			free = (long)((double)free * ((double)bsize / 1024));
+
+			fprintf(s, "%d/%d/%ld/%d\r\n",
+				CurChildren, MaxChildren,
+				free, sm_getla(NULL));
+		}
 		proc_list_display(s);
 		break;
 
@@ -351,6 +353,10 @@ control_command(sock, e)
 		fprintf(s, "Bad command (%s)\r\n", cmdbuf);
 		break;
 	}
-	fclose(s);
+	(void) fclose(s);
+	if (ev != NULL)
+		clrevent(ev);
+	exit(exitstat);
 }
-#endif
+#endif /* ! NOT_SENDMAIL */
+
diff --git a/contrib/sendmail/src/convtime.c b/contrib/sendmail/src/convtime.c
index ab8591d..9bed853 100644
--- a/contrib/sendmail/src/convtime.c
+++ b/contrib/sendmail/src/convtime.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,10 +12,10 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)convtime.c	8.14 (Berkeley) 5/19/1998";
-#endif /* not lint */
+static char id[] = "@(#)$Id: convtime.c,v 8.25 1999/06/16 21:11:26 ca Exp $";
+#endif /* ! lint */
 
-# include "sendmail.h"
+#include <sendmail.h>
 
 /*
 **  CONVTIME -- convert time
@@ -42,12 +43,14 @@ static char sccsid[] = "@(#)convtime.c	8.14 (Berkeley) 5/19/1998";
 time_t
 convtime(p, units)
 	char *p;
-	char units;
+	int units;
 {
 	register time_t t, r;
 	register char c;
 
 	r = 0;
+	if (strcasecmp(p, "now") == 0)
+		return NOW;
 	while (*p != '\0')
 	{
 		t = 0;
@@ -67,16 +70,21 @@ convtime(p, units)
 		{
 		  case 'w':		/* weeks */
 			t *= 7;
+			/* FALLTHROUGH */
 
 		  case 'd':		/* days */
+			/* FALLTHROUGH */
 		  default:
 			t *= 24;
+			/* FALLTHROUGH */
 
 		  case 'h':		/* hours */
 			t *= 60;
+			/* FALLTHROUGH */
 
 		  case 'm':		/* minutes */
 			t *= 60;
+			/* FALLTHROUGH */
 
 		  case 's':		/* seconds */
 			break;
@@ -84,7 +92,7 @@ convtime(p, units)
 		r += t;
 	}
 
-	return (r);
+	return r;
 }
 /*
 **  PINTVL -- produce printable version of a time interval
@@ -105,7 +113,7 @@ convtime(p, units)
 **		The string returned is in a static buffer.
 */
 
-# define PLURAL(n)	((n) == 1 ? "" : "s")
+#define PLURAL(n)	((n) == 1 ? "" : "s")
 
 char *
 pintvl(intvl, brief)
@@ -117,7 +125,9 @@ pintvl(intvl, brief)
 	int wk, dy, hr, mi, se;
 
 	if (intvl == 0 && !brief)
-		return ("zero seconds");
+		return "zero seconds";
+	if (intvl == NOW)
+		return "too long";
 
 	/* decode the interval into weeks, days, hours, minutes, seconds */
 	se = intvl % 60;
@@ -149,7 +159,7 @@ pintvl(intvl, brief)
 		}
 		(void) snprintf(p, SPACELEFT(buf, p), "%02d:%02d:%02d",
 			hr, mi, se);
-		return (buf);
+		return buf;
 	}
 
 	/* use the verbose form */
diff --git a/contrib/sendmail/src/daemon.c b/contrib/sendmail/src/daemon.c
index ae6b004..50da6c4 100644
--- a/contrib/sendmail/src/daemon.c
+++ b/contrib/sendmail/src/daemon.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -10,40 +11,78 @@
  *
  */
 
-#include <errno.h>
-#include "sendmail.h"
+#include <sendmail.h>
+
 
 #ifndef lint
-#ifdef DAEMON
-static char sccsid[] = "@(#)daemon.c	8.236 (Berkeley) 1/25/1999 (with daemon mode)";
-#else
-static char sccsid[] = "@(#)daemon.c	8.236 (Berkeley) 1/25/1999 (without daemon mode)";
-#endif
-#endif /* not lint */
+# ifdef DAEMON
+static char id[] = "@(#)$Id: daemon.c,v 8.401.4.14 2000/07/14 04:15:00 gshapiro Exp $ (with daemon mode)";
+# else /* DAEMON */
+static char id[] = "@(#)$Id: daemon.c,v 8.401.4.14 2000/07/14 04:15:00 gshapiro Exp $ (without daemon mode)";
+# endif /* DAEMON */
+#endif /* ! lint */
 
 #if defined(SOCK_STREAM) || defined(__GNU_LIBRARY__)
 # define USE_SOCK_STREAM	1
-#endif
+#endif /* defined(SOCK_STREAM) || defined(__GNU_LIBRARY__) */
 
 #if DAEMON || defined(USE_SOCK_STREAM)
-# include <arpa/inet.h>
+# if NETINET || NETINET6
+#  include <arpa/inet.h>
+# endif /* NETINET || NETINET6 */
 # if NAMED_BIND
-#  include <resolv.h>
 #  ifndef NO_DATA
 #   define NO_DATA	NO_ADDRESS
-#  endif
-# endif
-#endif
+#  endif /* ! NO_DATA */
+# endif /* NAMED_BIND */
+#endif /* DAEMON || defined(USE_SOCK_STREAM) */
 
 #if DAEMON
 
 # include <sys/time.h>
 
-# if IP_SRCROUTE
+# if IP_SRCROUTE && NETINET
 #  include <netinet/in_systm.h>
 #  include <netinet/ip.h>
-#  include <netinet/ip_var.h>
-# endif
+#  if HAS_IN_H
+#   include <netinet/in.h>
+#   ifndef IPOPTION
+#    define IPOPTION	ip_opts
+#    define IP_LIST	ip_opts
+#    define IP_DST	ip_dst
+#   endif /* ! IPOPTION */
+#  else /* HAS_IN_H */
+#   include <netinet/ip_var.h>
+#   ifndef IPOPTION
+#    define IPOPTION	ipoption
+#    define IP_LIST	ipopt_list
+#    define IP_DST	ipopt_dst
+#   endif /* ! IPOPTION */
+#  endif /* HAS_IN_H */
+# endif /* IP_SRCROUTE && NETINET */
+
+/* structure to describe a daemon */
+struct daemon
+{
+	int		d_socket;	/* fd for socket */
+	SOCKADDR	d_addr;		/* socket for incoming */
+	u_short		d_port;		/* port number */
+	int		d_listenqueue;	/* size of listen queue */
+	int		d_tcprcvbufsize;	/* size of TCP receive buffer */
+	int		d_tcpsndbufsize;	/* size of TCP send buffer */
+	time_t		d_refuse_connections_until;
+	bool		d_firsttime;
+	int		d_socksize;
+	BITMAP256	d_flags;	/* flags; see sendmail.h */
+	char		*d_mflags;	/* flags for use in macro */
+	char		*d_name;	/* user-supplied name */
+};
+
+typedef struct daemon DAEMON_T;
+
+static void	connecttimeout __P((void));
+static int	opendaemonsocket __P((struct daemon *, bool));
+static u_short	setupdaemon __P((SOCKADDR *));
 
 /*
 **  DAEMON.C -- routines to use when running as a daemon.
@@ -74,6 +113,14 @@ static char sccsid[] = "@(#)daemon.c	8.236 (Berkeley) 1/25/1999 (without daemon
 **	host_map_lookup(map, hbuf, avp, pstat)
 **		Convert the entry in hbuf into a canonical form.
 */
+
+static DAEMON_T	Daemons[MAXDAEMONS];
+static int	ndaemons = 0;			/* actual number of daemons */
+
+/* options for client */
+static int	TcpRcvBufferSize = 0;	/* size of TCP receive buffer */
+static int	TcpSndBufferSize = 0;	/* size of TCP send buffer */
+
 /*
 **  GETREQUESTS -- open mail IPC port and get requests.
 **
@@ -81,7 +128,7 @@ static char sccsid[] = "@(#)daemon.c	8.236 (Berkeley) 1/25/1999 (without daemon
 **		e -- the current envelope.
 **
 **	Returns:
-**		none.
+**		pointer to flags.
 **
 **	Side Effects:
 **		Waits until some interesting activity occurs.  When
@@ -92,89 +139,49 @@ static char sccsid[] = "@(#)daemon.c	8.236 (Berkeley) 1/25/1999 (without daemon
 **		to the communication channel.
 */
 
-int		DaemonSocket	= -1;		/* fd describing socket */
-SOCKADDR	DaemonAddr;			/* socket for incoming */
-int		ListenQueueSize = 10;		/* size of listen queue */
-int		TcpRcvBufferSize = 0;		/* size of TCP receive buffer */
-int		TcpSndBufferSize = 0;		/* size of TCP send buffer */
-
-void
+BITMAP256 *
 getrequests(e)
 	ENVELOPE *e;
 {
 	int t;
-	time_t refuse_connections_until = 0;
-	bool firsttime = TRUE;
-	FILE *pidf;
-	int sff;
-	int socksize;
-	u_short port;
-#if XDEBUG
+	time_t last_disk_space_check = 0;
+	int idx, curdaemon = -1;
+	int i, olddaemon = 0;
+# if XDEBUG
 	bool j_has_dot;
-#endif
+# endif /* XDEBUG */
 	char status[MAXLINE];
-	extern void reapchild __P((int));
-#ifdef NETUNIX
+	SOCKADDR sa;
+	SOCKADDR_LEN_T len = sizeof sa;
+# if NETUNIX
 	extern int ControlSocket;
-#endif
-	extern int opendaemonsocket __P((bool));
-	extern int opencontrolsocket __P((void));
+# endif /* NETUNIX */
+	extern ENVELOPE BlankEnvelope;
 
-	/*
-	**  Set up the address for the mailer.
-	*/
+#define D(x,idx)	x[idx]
 
-	switch (DaemonAddr.sa.sa_family)
-	{
-	  case AF_UNSPEC:
-		DaemonAddr.sa.sa_family = AF_INET;
-		/* fall through ... */
 
-	  case AF_INET:
-		if (DaemonAddr.sin.sin_addr.s_addr == 0)
-			DaemonAddr.sin.sin_addr.s_addr = INADDR_ANY;
-		port = DaemonAddr.sin.sin_port;
-		break;
-
-	  default:
-		/* unknown protocol */
-		port = 0;
-		break;
-	}
-	if (port == 0)
+	for (idx = 0; idx < ndaemons; idx++)
 	{
-		register struct servent *sp;
-
-		sp = getservbyname("smtp", "tcp");
-		if (sp == NULL)
-		{
-			syserr("554 service \"smtp\" unknown");
-			port = htons(25);
-		}
-		else
-			port = sp->s_port;
+		Daemons[idx].d_port = setupdaemon(&(Daemons[idx].d_addr));
+		Daemons[idx].d_firsttime = TRUE;
+		Daemons[idx].d_refuse_connections_until = (time_t) 0;
 	}
-
-	switch (DaemonAddr.sa.sa_family)
-	{
-	  case AF_INET:
-		DaemonAddr.sin.sin_port = port;
-		break;
-
-	  default:
-		/* unknown protocol */
-		break;
-	}
-
 	/*
 	**  Try to actually open the connection.
 	*/
 
 	if (tTd(15, 1))
-		printf("getrequests: port 0x%x\n", port);
+	{
+		for (idx = 0; idx < ndaemons; idx++)
+			dprintf("getrequests: daemon %s: port %d\n",
+				Daemons[idx].d_name,
+				ntohs(Daemons[idx].d_port));
+	}
 
 	/* get a socket for the SMTP connection */
-	socksize = opendaemonsocket(TRUE);
+	for (idx = 0; idx < ndaemons; idx++)
+		Daemons[idx].d_socksize = opendaemonsocket(&Daemons[idx], TRUE);
 
 	if (opencontrolsocket() < 0)
 		sm_syslog(LOG_WARNING, NOQID,
@@ -183,43 +190,28 @@ getrequests(e)
 
 	(void) setsignal(SIGCHLD, reapchild);
 
-	/* write the pid to the log file for posterity */
-	sff = SFF_NOLINK|SFF_ROOTOK|SFF_REGONLY|SFF_CREAT;
-	if (TrustedUid != 0 && RealUid == TrustedUid)
-		sff |= SFF_OPENASROOT;
-	pidf = safefopen(PidFile, O_WRONLY|O_TRUNC, 0644, sff);
-	if (pidf == NULL)
-	{
-		sm_syslog(LOG_ERR, NOQID, "unable to write %s", PidFile);
-	}
-	else
-	{
-		extern char *CommandLineArgs;
-
-		/* write the process id on line 1 */
-		fprintf(pidf, "%ld\n", (long) getpid());
-
-		/* line 2 contains all command line flags */
-		fprintf(pidf, "%s\n", CommandLineArgs);
+	/* write the pid to file */
+	log_sendmail_pid(e);
 
-		/* flush and close */
-		fclose(pidf);
-	}
-
-#if XDEBUG
+# if XDEBUG
 	{
 		char jbuf[MAXHOSTNAMELEN];
 
 		expand("\201j", jbuf, sizeof jbuf, e);
 		j_has_dot = strchr(jbuf, '.') != NULL;
 	}
-#endif
+# endif /* XDEBUG */
 
 	/* Add parent process as first item */
-	proc_list_add(getpid(), "Sendmail daemon");
+	proc_list_add(getpid(), "Sendmail daemon", PROC_DAEMON);
 
 	if (tTd(15, 1))
-		printf("getrequests: %d\n", DaemonSocket);
+	{
+		for (idx = 0; idx < ndaemons; idx++)
+			dprintf("getrequests: daemon %s: %d\n",
+				Daemons[idx].d_name,
+				Daemons[idx].d_socket);
+	}
 
 	for (;;)
 	{
@@ -227,59 +219,96 @@ getrequests(e)
 		auto SOCKADDR_LEN_T lotherend;
 		bool timedout = FALSE;
 		bool control = FALSE;
-		int savederrno;
+		int save_errno;
 		int pipefd[2];
-		extern bool refuseconnections __P((int));
 
 		/* see if we are rejecting connections */
 		(void) blocksignal(SIGALRM);
-		if (curtime() >= refuse_connections_until)
+
+		for (idx = 0; idx < ndaemons; idx++)
 		{
-			if (refuseconnections(ntohs(port)))
+			if (curtime() < Daemons[idx].d_refuse_connections_until)
+				continue;
+			if (refuseconnections(Daemons[idx].d_name, e, idx))
 			{
-				if (DaemonSocket >= 0)
+				if (Daemons[idx].d_socket >= 0)
 				{
 				       /* close socket so peer fails quickly */
-				       (void) close(DaemonSocket);
-				       DaemonSocket = -1;
+				       (void) close(Daemons[idx].d_socket);
+				       Daemons[idx].d_socket = -1;
 				}
 
 				/* refuse connections for next 15 seconds */
-				refuse_connections_until = curtime() + 15;
+				Daemons[idx].d_refuse_connections_until = curtime() + 15;
 			}
-			else if (DaemonSocket < 0 || firsttime)
+			else if (Daemons[idx].d_socket < 0 ||
+				 Daemons[idx].d_firsttime)
 			{
+			      if (!Daemons[idx].d_firsttime && LogLevel >= 9)
+				sm_syslog(LOG_INFO, NOQID,
+					  "accepting connections again for daemon %s",
+					  Daemons[idx].d_name);
+
 			      /* arrange to (re)open the socket if needed */
-			      (void) opendaemonsocket(FALSE);
-			      firsttime = FALSE;
+			      (void) opendaemonsocket(&Daemons[idx], FALSE);
+			      Daemons[idx].d_firsttime = FALSE;
+			}
+		}
+
+		if (curtime() >= last_disk_space_check)
+		{
+			if (!enoughdiskspace(MinBlocksFree + 1, FALSE))
+			{
+				if (!bitnset(D_ETRNONLY, Daemons[idx].d_flags))
+				{
+					/* log only if not logged before */
+					if (LogLevel >= 9)
+						sm_syslog(LOG_INFO, NOQID,
+							  "rejecting new messages: min free: %d",
+							  MinBlocksFree);
+					sm_setproctitle(TRUE, e,
+							"rejecting new messages: min free: %d",
+							 MinBlocksFree);
+					setbitn(D_ETRNONLY, Daemons[idx].d_flags);
+				}
+			}
+			else if (bitnset(D_ETRNONLY, Daemons[idx].d_flags))
+			{
+				/* log only if not logged before */
+				if (LogLevel >= 9)
+					sm_syslog(LOG_INFO, NOQID,
+						  "accepting new messages (again)");
+				/* title will be set below */
+				clrbitn(D_ETRNONLY, Daemons[idx].d_flags);
 			}
+			/* only check disk space once a minute */
+			last_disk_space_check = curtime() + 60;
 		}
 
-#if XDEBUG
+# if XDEBUG
 		/* check for disaster */
 		{
 			char jbuf[MAXHOSTNAMELEN];
-			extern void dumpstate __P((char *));
 
 			expand("\201j", jbuf, sizeof jbuf, e);
 			if (!wordinclass(jbuf, 'w'))
 			{
 				dumpstate("daemon lost $j");
 				sm_syslog(LOG_ALERT, NOQID,
-					"daemon process doesn't have $j in $=w; see syslog");
+					  "daemon process doesn't have $j in $=w; see syslog");
 				abort();
 			}
 			else if (j_has_dot && strchr(jbuf, '.') == NULL)
 			{
 				dumpstate("daemon $j lost dot");
 				sm_syslog(LOG_ALERT, NOQID,
-					"daemon process $j lost dot; see syslog");
+					  "daemon process $j lost dot; see syslog");
 				abort();
 			}
 		}
-#endif
+# endif /* XDEBUG */
 
-#if 0
+# if 0
 		/*
 		**  Andrew Sun <asun@ieps-sun.ml.com> claims that this will
 		**  fix the SVr4 problem.  But it seems to have gone away,
@@ -289,8 +318,9 @@ getrequests(e)
 		if (DaemonSocket >= 0 &&
 		    SetNonBlocking(DaemonSocket, FALSE) < 0)
 			log an error here;
-#endif
+# endif /* 0 */
 		(void) releasesignal(SIGALRM);
+
 		for (;;)
 		{
 			int highest = -1;
@@ -299,32 +329,47 @@ getrequests(e)
 
 			FD_ZERO(&readfds);
 
-			/* wait for a connection */
-			if (DaemonSocket >= 0)
+			for (idx = 0; idx < ndaemons; idx++)
 			{
-				sm_setproctitle(TRUE,
-						"accepting connections on port %d",
-						ntohs(port));
-				if (DaemonSocket > highest)
-					highest = DaemonSocket;
-				FD_SET(DaemonSocket, &readfds);
+				/* wait for a connection */
+				if (Daemons[idx].d_socket >= 0)
+				{
+					if (!bitnset(D_ETRNONLY, Daemons[idx].d_flags))
+					{
+						sm_setproctitle(TRUE, e,
+								"accepting connections");
+					}
+					if (Daemons[idx].d_socket > highest)
+						highest = Daemons[idx].d_socket;
+					FD_SET((u_int)Daemons[idx].d_socket, &readfds);
+				}
 			}
-#ifdef NETUNIX
+
+# if NETUNIX
 			if (ControlSocket >= 0)
 			{
 				if (ControlSocket > highest)
 					highest = ControlSocket;
 				FD_SET(ControlSocket, &readfds);
 			}
-#endif
-			if (DaemonSocket >= 0)
-				timeout.tv_sec = 60;
-			else
+# endif /* NETUNIX */
+
+			/*
+			**  if one socket is closed, set the timeout
+			**  to 5 seconds (so it might get reopened soon),
+			**  otherwise (all sockets open) 60.
+			*/
+			idx = 0;
+			while (idx < ndaemons && Daemons[idx].d_socket >= 0)
+				idx++;
+			if (idx < ndaemons)
 				timeout.tv_sec = 5;
+			else
+				timeout.tv_sec = 60;
 			timeout.tv_usec = 0;
 
 			t = select(highest + 1, FDSET_CAST &readfds,
-			   	   NULL, NULL, &timeout);
+				   NULL, NULL, &timeout);
 
 			if (DoQueueRun)
 				(void) runqueue(TRUE, FALSE);
@@ -336,16 +381,28 @@ getrequests(e)
 
 			control = FALSE;
 			errno = 0;
-			if (DaemonSocket >= 0 &&
-			    FD_ISSET(DaemonSocket, &readfds))
+			curdaemon = -1;
+
+			/* look "round-robin" for an active socket */
+			if ((idx = olddaemon + 1) >= ndaemons)
+				idx = 0;
+			for (i = 0; i < ndaemons; i++)
 			{
-				lotherend = socksize;
-				t = accept(DaemonSocket,
-					   (struct sockaddr *)&RealHostAddr,
-					   &lotherend);
+				if (Daemons[idx].d_socket >= 0 &&
+				    FD_ISSET(Daemons[idx].d_socket, &readfds))
+				{
+					lotherend = Daemons[idx].d_socksize;
+					t = accept(Daemons[idx].d_socket,
+						   (struct sockaddr *)&RealHostAddr,
+						   &lotherend);
+					olddaemon = curdaemon = idx;
+					break;
+				}
+				if (++idx >= ndaemons)
+					idx = 0;
 			}
-#ifdef NETUNIX
-			else if (ControlSocket >= 0 &&
+# if NETUNIX
+			if (curdaemon == -1 && ControlSocket >= 0 &&
 				 FD_ISSET(ControlSocket, &readfds))
 			{
 				struct sockaddr_un sa_un;
@@ -356,7 +413,7 @@ getrequests(e)
 					   &lotherend);
 				control = TRUE;
 			}
-#endif
+# endif /* NETUNIX */
 			if (t >= 0 || errno != EINTR)
 				break;
 		}
@@ -365,37 +422,94 @@ getrequests(e)
 			timedout = FALSE;
 			continue;
 		}
-		if (control)
-		{
-			if (t >= 0)
-			{
-				extern void control_command __P((int, ENVELOPE *));
-
-				control_command(t, e);
-			}
-			else
-				syserr("getrequests: control accept");
-			continue;
-		}
-		savederrno = errno;
+		save_errno = errno;
 		(void) blocksignal(SIGALRM);
 		if (t < 0)
 		{
-			errno = savederrno;
+			errno = save_errno;
 			syserr("getrequests: accept");
 
 			/* arrange to re-open the socket next time around */
-			(void) close(DaemonSocket);
-			DaemonSocket = -1;
+			(void) close(Daemons[curdaemon].d_socket);
+			Daemons[curdaemon].d_socket = -1;
+# if SO_REUSEADDR_IS_BROKEN
+			/*
+			**  Give time for bound socket to be released.
+			**  This creates a denial-of-service if you can
+			**  force accept() to fail on affected systems.
+			*/
+
+			Daemons[curdaemon].d_refuse_connections_until = curtime() + 15;
+# endif /* SO_REUSEADDR_IS_BROKEN */
 			continue;
 		}
 
+		if (!control)
+		{
+			/* set some daemon related macros */
+			switch (Daemons[curdaemon].d_addr.sa.sa_family)
+			{
+			  case AF_UNSPEC:
+				define(macid("{daemon_family}", NULL),
+				       "unspec", &BlankEnvelope);
+				break;
+# if NETINET
+			  case AF_INET:
+				define(macid("{daemon_family}", NULL),
+				       "inet", &BlankEnvelope);
+				break;
+# endif /* NETINET */
+# if NETINET6
+			  case AF_INET6:
+				define(macid("{daemon_family}", NULL),
+				       "inet6", &BlankEnvelope);
+				break;
+# endif /* NETINET6 */
+# if NETISO
+			  case AF_ISO:
+				define(macid("{daemon_family}", NULL),
+				       "iso", &BlankEnvelope);
+				break;
+# endif /* NETISO */
+# if NETNS
+			  case AF_NS:
+				define(macid("{daemon_family}", NULL),
+				       "ns", &BlankEnvelope);
+				break;
+# endif /* NETNS */
+# if NETX25
+			  case AF_CCITT:
+				define(macid("{daemon_family}", NULL),
+				       "x.25", &BlankEnvelope);
+				break;
+# endif /* NETX25 */
+			}
+			define(macid("{daemon_name}", NULL),
+			       Daemons[curdaemon].d_name, &BlankEnvelope);
+			if (Daemons[curdaemon].d_mflags != NULL)
+				define(macid("{daemon_flags}", NULL),
+				       Daemons[curdaemon].d_mflags,
+				       &BlankEnvelope);
+			else
+				define(macid("{daemon_flags}", NULL),
+				       "", &BlankEnvelope);
+		}
+
 		/*
 		**  Create a subprocess to process the mail.
 		*/
 
 		if (tTd(15, 2))
-			printf("getrequests: forking (fd = %d)\n", t);
+			dprintf("getrequests: forking (fd = %d)\n", t);
+
+		/*
+		**  advance state of PRNG
+		**  this is necessary because otherwise all child processes
+		**  will produce the same PRN sequence and hence the selection
+		**  of a queue directory (and other things, e.g., MX selection)
+		**  are not "really" random.
+		*/
+		(void) get_random();
 
 		/*
 		**  Create a pipe to keep the child from writing to the
@@ -406,7 +520,7 @@ getrequests(e)
 		if (pipe(pipefd) < 0)
 			pipefd[0] = pipefd[1] = -1;
 
-		blocksignal(SIGCHLD);
+		(void) blocksignal(SIGCHLD);
 		pid = fork();
 		if (pid < 0)
 		{
@@ -417,7 +531,7 @@ getrequests(e)
 				(void) close(pipefd[1]);
 			}
 			(void) releasesignal(SIGCHLD);
-			sleep(10);
+			(void) sleep(10);
 			(void) close(t);
 			continue;
 		}
@@ -425,8 +539,7 @@ getrequests(e)
 		if (pid == 0)
 		{
 			char *p;
-			extern SIGFUNC_DECL intsig __P((int));
-			FILE *inchannel, *outchannel;
+			FILE *inchannel, *outchannel = NULL;
 
 			/*
 			**  CHILD -- return to caller.
@@ -434,22 +547,49 @@ getrequests(e)
 			**	Verify calling user id if possible here.
 			*/
 
+			if (!control)
+			{
+				define(macid("{daemon_addr}", NULL),
+				       newstr(anynet_ntoa(&Daemons[curdaemon].d_addr)),
+				       &BlankEnvelope);
+				(void) snprintf(status, sizeof status, "%d",
+						ntohs(Daemons[curdaemon].d_port));
+				define(macid("{daemon_port}", NULL),
+				       newstr(status), &BlankEnvelope);
+			}
+
 			(void) releasesignal(SIGALRM);
 			(void) releasesignal(SIGCHLD);
 			(void) setsignal(SIGCHLD, SIG_DFL);
 			(void) setsignal(SIGHUP, intsig);
-			(void) close(DaemonSocket);
+			for (idx = 0; idx < ndaemons; idx++)
+			{
+				if (Daemons[idx].d_socket >= 0)
+					(void) close(Daemons[idx].d_socket);
+			}
 			clrcontrol();
-			proc_list_clear();
 
-			/* Add parent process as first child item */
-			proc_list_add(getpid(), "daemon child");
+			/* Avoid SMTP daemon actions if control command */
+			if (control)
+			{
+				/* Add control socket process */
+				proc_list_add(getpid(), "console socket child",
+					PROC_CONTROL_CHILD);
+			}
+			else
+			{
+				proc_list_clear();
 
-			/* don't schedule queue runs if we are told to ETRN */
-			QueueIntvl = 0;
+				/* Add parent process as first child item */
+				proc_list_add(getpid(), "daemon child",
+					      PROC_DAEMON_CHILD);
 
-			sm_setproctitle(TRUE, "startup with %s",
-				anynet_ntoa(&RealHostAddr));
+				/* don't schedule queue runs if ETRN */
+				QueueIntvl = 0;
+
+				sm_setproctitle(TRUE, e, "startup with %s",
+						anynet_ntoa(&RealHostAddr));
+			}
 
 			if (pipefd[0] != -1)
 			{
@@ -473,12 +613,31 @@ getrequests(e)
 				(void) close(pipefd[0]);
 			}
 
+			/* control socket processing */
+			if (control)
+			{
+				control_command(t, e);
+
+				/* NOTREACHED */
+				exit(EX_SOFTWARE);
+			}
+
 			/* determine host name */
 			p = hostnamebyanyaddr(&RealHostAddr);
 			if (strlen(p) > (SIZE_T) MAXNAME)
 				p[MAXNAME] = '\0';
 			RealHostName = newstr(p);
-			sm_setproctitle(TRUE, "startup with %s", p);
+			if (RealHostName[0] == '[')
+			{
+				/* TEMP, FAIL: which one? */
+				define(macid("{client_resolve}", NULL),
+				       (h_errno == TRY_AGAIN) ? "TEMP" : "FAIL",
+				       &BlankEnvelope);
+			}
+			else
+				define(macid("{client_resolve}", NULL), "OK",
+				       &BlankEnvelope);
+			sm_setproctitle(TRUE, e, "startup with %s", p);
 
 			if ((inchannel = fdopen(t, "r")) == NULL ||
 			    (t = dup(t)) < 0 ||
@@ -492,44 +651,107 @@ getrequests(e)
 			OutChannel = outchannel;
 			DisConnected = FALSE;
 
-#ifdef XLA
+# ifdef XLA
 			if (!xla_host_ok(RealHostName))
 			{
-				message("421 Too many SMTP sessions for this host");
+				message("421 4.4.5 Too many SMTP sessions for this host");
 				finis(FALSE, EX_OK);
 			}
-#endif
+# endif /* XLA */
+			/* find out name for interface of connection */
+			if (getsockname(fileno(InChannel), &sa.sa,
+					&len) == 0)
+			{
+				p = hostnamebyanyaddr(&sa);
+				if (tTd(15, 9))
+					dprintf("getreq: got name %s\n", p);
+				define(macid("{if_name}", NULL),
+				       newstr(p), &BlankEnvelope);
+
+				/* do this only if it is not the loopback */
+				/* interface: how to figure out? XXX */
+				if (!isloopback(sa))
+				{
+					define(macid("{if_addr}", NULL),
+					       newstr(anynet_ntoa(&sa)),
+					       &BlankEnvelope);
+					p = xalloc(5);
+					snprintf(p, 4, "%d", sa.sa.sa_family);
+					define(macid("{if_family}", NULL), p,
+					       &BlankEnvelope);
+					if (tTd(15, 7))
+						dprintf("getreq: got addr %s and family %s\n",
+							macvalue(macid("{if_addr}", NULL),
+								 &BlankEnvelope),
+							macvalue(macid("{if_addr}", NULL),
+								 &BlankEnvelope));
+				}
+				else
+				{
+					define(macid("{if_addr}", NULL), NULL,
+					       &BlankEnvelope);
+					define(macid("{if_family}", NULL), NULL,
+					       &BlankEnvelope);
+				}
+			}
+			else
+			{
+				if (tTd(15, 7))
+					dprintf("getreq: getsockname failed\n");
+				define(macid("{if_name}", NULL), NULL,
+				       &BlankEnvelope);
+				define(macid("{if_addr}", NULL), NULL,
+				       &BlankEnvelope);
+				define(macid("{if_family}", NULL), NULL,
+				       &BlankEnvelope);
+			}
 			break;
 		}
 
 		/* parent -- keep track of children */
-		snprintf(status, sizeof status, "SMTP server child for %s",
-			 anynet_ntoa(&RealHostAddr));
-		proc_list_add(pid, status);
+		if (control)
+		{
+			snprintf(status, sizeof status, "control socket server child");
+			proc_list_add(pid, status, PROC_CONTROL);
+		}
+		else
+		{
+			snprintf(status, sizeof status,
+				 "SMTP server child for %s",
+				 anynet_ntoa(&RealHostAddr));
+			proc_list_add(pid, status, PROC_DAEMON);
+		}
 		(void) releasesignal(SIGCHLD);
 
 		/* close the read end of the synchronization pipe */
 		if (pipefd[0] != -1)
+		{
 			(void) close(pipefd[0]);
+			pipefd[0] = -1;
+		}
 
 		/* close the port so that others will hang (for a while) */
 		(void) close(t);
 
 		/* release the child by closing the read end of the sync pipe */
 		if (pipefd[1] != -1)
+		{
 			(void) close(pipefd[1]);
+			pipefd[1] = -1;
+		}
 	}
+
 	if (tTd(15, 2))
-		printf("getreq: returning\n");
-	return;
+		dprintf("getreq: returning\n");
+	return &Daemons[curdaemon].d_flags;
 }
 /*
-**  OPENDAEMONSOCKET -- open the SMTP socket
+**  OPENDAEMONSOCKET -- open SMTP socket
 **
-**	Deals with setting all appropriate options.  DaemonAddr must
-**	be set up in advance.
+**	Deals with setting all appropriate options.
 **
 **	Parameters:
+**		d -- the structure for the daemon to open.
 **		firsttime -- set if this is the initial open.
 **
 **	Returns:
@@ -540,103 +762,231 @@ getrequests(e)
 **		Exits if the socket cannot be created.
 */
 
-#define MAXOPENTRIES	10	/* maximum number of tries to open connection */
+# define MAXOPENTRIES	10	/* maximum number of tries to open connection */
 
-int
-opendaemonsocket(firsttime)
+static int
+opendaemonsocket(d, firsttime)
+	struct daemon *d;
 	bool firsttime;
 {
 	int on = 1;
-	int socksize = 0;
+	int fdflags;
+	SOCKADDR_LEN_T socksize = 0;
 	int ntries = 0;
-	int saveerrno;
+	int save_errno;
 
 	if (tTd(15, 2))
-		printf("opendaemonsocket()\n");
+		dprintf("opendaemonsocket(%s)\n", d->d_name);
 
 	do
 	{
 		if (ntries > 0)
-			sleep(5);
-		if (firsttime || DaemonSocket < 0)
+			(void) sleep(5);
+		if (firsttime || d->d_socket < 0)
 		{
-			DaemonSocket = socket(DaemonAddr.sa.sa_family, SOCK_STREAM, 0);
-			if (DaemonSocket < 0)
+			d->d_socket = socket(d->d_addr.sa.sa_family,
+					     SOCK_STREAM, 0);
+			if (d->d_socket < 0)
 			{
-				saveerrno = errno;
-				syserr("opendaemonsocket: can't create server SMTP socket");
+				save_errno = errno;
+				syserr("opendaemonsocket: daemon %s: can't create server SMTP socket", d->d_name);
 			  severe:
 				if (LogLevel > 0)
 					sm_syslog(LOG_ALERT, NOQID,
-						"problem creating SMTP socket");
-				DaemonSocket = -1;
+						  "daemon %s: problem creating SMTP socket", d->d_name);
+				d->d_socket = -1;
 				continue;
 			}
 
 			/* turn on network debugging? */
 			if (tTd(15, 101))
-				(void) setsockopt(DaemonSocket, SOL_SOCKET,
+				(void) setsockopt(d->d_socket, SOL_SOCKET,
 						  SO_DEBUG, (char *)&on,
 						  sizeof on);
 
-			(void) setsockopt(DaemonSocket, SOL_SOCKET,
+			(void) setsockopt(d->d_socket, SOL_SOCKET,
 					  SO_REUSEADDR, (char *)&on, sizeof on);
-			(void) setsockopt(DaemonSocket, SOL_SOCKET,
+			(void) setsockopt(d->d_socket, SOL_SOCKET,
 					  SO_KEEPALIVE, (char *)&on, sizeof on);
 
-#ifdef SO_RCVBUF
-			if (TcpRcvBufferSize > 0)
+# ifdef SO_RCVBUF
+			if (d->d_tcprcvbufsize > 0)
 			{
-				if (setsockopt(DaemonSocket, SOL_SOCKET,
+				if (setsockopt(d->d_socket, SOL_SOCKET,
 					       SO_RCVBUF,
-					       (char *) &TcpRcvBufferSize,
-					       sizeof(TcpRcvBufferSize)) < 0)
-					syserr("opendaemonsocket: setsockopt(SO_RCVBUF)");
+					       (char *) &d->d_tcprcvbufsize,
+					       sizeof(d->d_tcprcvbufsize)) < 0)
+					syserr("opendaemonsocket: daemon %s: setsockopt(SO_RCVBUF)", d->d_name);
+			}
+# endif /* SO_RCVBUF */
+# ifdef SO_SNDBUF
+			if (d->d_tcpsndbufsize > 0)
+			{
+				if (setsockopt(d->d_socket, SOL_SOCKET,
+					       SO_SNDBUF,
+					       (char *) &d->d_tcpsndbufsize,
+					       sizeof(d->d_tcpsndbufsize)) < 0)
+					syserr("opendaemonsocket: daemon %s: setsockopt(SO_SNDBUF)", d->d_name);
 			}
-#endif
+# endif /* SO_SNDBUF */
 
-			switch (DaemonAddr.sa.sa_family)
+			if ((fdflags = fcntl(d->d_socket, F_GETFD, 0)) == -1 ||
+			    fcntl(d->d_socket, F_SETFD,
+				  fdflags | FD_CLOEXEC) == -1)
+			{
+				save_errno = errno;
+				syserr("opendaemonsocket: daemon %s: failed to %s close-on-exec flag: %s",
+				       d->d_name,
+				       fdflags == -1 ? "get" : "set",
+				       errstring(save_errno));
+				(void) close(d->d_socket);
+				goto severe;
+			}
+
+			switch (d->d_addr.sa.sa_family)
 			{
 # if NETINET
 			  case AF_INET:
-				socksize = sizeof DaemonAddr.sin;
+				socksize = sizeof d->d_addr.sin;
 				break;
-# endif
+# endif /* NETINET */
+
+# if NETINET6
+			  case AF_INET6:
+				socksize = sizeof d->d_addr.sin6;
+				break;
+# endif /* NETINET6 */
 
 # if NETISO
 			  case AF_ISO:
-				socksize = sizeof DaemonAddr.siso;
+				socksize = sizeof d->d_addr.siso;
 				break;
-# endif
+# endif /* NETISO */
 
 			  default:
-				socksize = sizeof DaemonAddr;
+				socksize = sizeof d->d_addr;
 				break;
 			}
 
-			if (bind(DaemonSocket, &DaemonAddr.sa, socksize) < 0)
+			if (bind(d->d_socket, &d->d_addr.sa, socksize) < 0)
 			{
 				/* probably another daemon already */
-				saveerrno = errno;
-				syserr("opendaemonsocket: cannot bind");
-				(void) close(DaemonSocket);
+				save_errno = errno;
+				syserr("opendaemonsocket: daemon %s: cannot bind",
+				       d->d_name);
+				(void) close(d->d_socket);
 				goto severe;
 			}
 		}
-		if (!firsttime && listen(DaemonSocket, ListenQueueSize) < 0)
+		if (!firsttime &&
+		    listen(d->d_socket, d->d_listenqueue) < 0)
 		{
-			saveerrno = errno;
-			syserr("opendaemonsocket: cannot listen");
-			(void) close(DaemonSocket);
+			save_errno = errno;
+			syserr("opendaemonsocket: daemon %s: cannot listen",
+			       d->d_name);
+			(void) close(d->d_socket);
 			goto severe;
 		}
 		return socksize;
-	} while (ntries++ < MAXOPENTRIES && transienterror(saveerrno));
-	syserr("!opendaemonsocket: server SMTP socket wedged: exiting");
-	/*NOTREACHED*/
+	} while (ntries++ < MAXOPENTRIES && transienterror(save_errno));
+	syserr("!opendaemonsocket: daemon %s: server SMTP socket wedged: exiting",
+	       d->d_name);
+	/* NOTREACHED */
 	return -1;  /* avoid compiler warning on IRIX */
 }
 /*
+**  SETUPDAEMON -- setup socket for daemon
+**
+**	Parameters:
+**		daemonaddr -- socket for daemon
+**		daemon -- number of daemon
+**
+**	Returns:
+**		port number on which daemon should run
+**
+*/
+static u_short
+setupdaemon(daemonaddr)
+	SOCKADDR *daemonaddr;
+{
+	u_short port;
+
+	/*
+	**  Set up the address for the mailer.
+	*/
+
+	if (daemonaddr->sa.sa_family == AF_UNSPEC)
+	{
+		memset(daemonaddr, '\0', sizeof *daemonaddr);
+# if NETINET
+		daemonaddr->sa.sa_family = AF_INET;
+# endif /* NETINET */
+	}
+
+	switch (daemonaddr->sa.sa_family)
+	{
+# if NETINET
+	  case AF_INET:
+		if (daemonaddr->sin.sin_addr.s_addr == 0)
+			daemonaddr->sin.sin_addr.s_addr = INADDR_ANY;
+		port = daemonaddr->sin.sin_port;
+		break;
+# endif /* NETINET */
+
+# if NETINET6
+	  case AF_INET6:
+		if (IN6_IS_ADDR_UNSPECIFIED(&daemonaddr->sin6.sin6_addr))
+			daemonaddr->sin6.sin6_addr = in6addr_any;
+		port = daemonaddr->sin6.sin6_port;
+		break;
+# endif /* NETINET6 */
+
+	  default:
+		/* unknown protocol */
+		port = 0;
+		break;
+	}
+	if (port == 0)
+	{
+# ifdef NO_GETSERVBYNAME
+		port = htons(25);
+# else /* NO_GETSERVBYNAME */
+		{
+			register struct servent *sp;
+
+			sp = getservbyname("smtp", "tcp");
+			if (sp == NULL)
+			{
+				syserr("554 5.3.5 service \"smtp\" unknown");
+				port = htons(25);
+			}
+			else
+				port = sp->s_port;
+		}
+# endif /* NO_GETSERVBYNAME */
+	}
+
+	switch (daemonaddr->sa.sa_family)
+	{
+# if NETINET
+	  case AF_INET:
+		daemonaddr->sin.sin_port = port;
+		break;
+# endif /* NETINET */
+
+# if NETINET6
+	  case AF_INET6:
+		daemonaddr->sin6.sin6_port = port;
+		break;
+# endif /* NETINET6 */
+
+	  default:
+		/* unknown protocol */
+		break;
+	}
+	return(port);
+}
+/*
 **  CLRDAEMON -- reset the daemon connection
 **
 **	Parameters:
@@ -652,26 +1002,41 @@ opendaemonsocket(firsttime)
 void
 clrdaemon()
 {
-	if (DaemonSocket >= 0)
-		(void) close(DaemonSocket);
-	DaemonSocket = -1;
+	int i;
+
+	for (i = 0; i < ndaemons; i++)
+	{
+		if (Daemons[i].d_socket >= 0)
+			(void) close(Daemons[i].d_socket);
+		Daemons[i].d_socket = -1;
+	}
 }
 /*
-**  SETDAEMONOPTIONS -- set options for running the daemon
+**  SETSOCKADDROPTIONS -- set options for SOCKADDR (daemon or client)
 **
 **	Parameters:
 **		p -- the options line.
+**		d -- the daemon structure to fill in.
 **
 **	Returns:
 **		none.
 */
 
-void
-setdaemonoptions(p)
+static void
+setsockaddroptions(p, d)
 	register char *p;
+	struct daemon *d;
 {
-	if (DaemonAddr.sa.sa_family == AF_UNSPEC)
-		DaemonAddr.sa.sa_family = AF_INET;
+# if NETISO
+	short port;
+# endif /* NETISO */
+	int l;
+	char *h, *flags;
+
+# if NETINET
+	if (d->d_addr.sa.sa_family == AF_UNSPEC)
+		d->d_addr.sa.sa_family = AF_INET;
+# endif /* NETINET */
 
 	while (p != NULL)
 	{
@@ -698,123 +1063,366 @@ setdaemonoptions(p)
 		{
 		  case 'F':		/* address family */
 			if (isascii(*v) && isdigit(*v))
-				DaemonAddr.sa.sa_family = atoi(v);
-#if NETINET
+				d->d_addr.sa.sa_family = atoi(v);
+# if NETINET
 			else if (strcasecmp(v, "inet") == 0)
-				DaemonAddr.sa.sa_family = AF_INET;
-#endif
-#if NETISO
+				d->d_addr.sa.sa_family = AF_INET;
+# endif /* NETINET */
+# if NETINET6
+			else if (strcasecmp(v, "inet6") == 0)
+				d->d_addr.sa.sa_family = AF_INET6;
+# endif /* NETINET6 */
+# if NETISO
 			else if (strcasecmp(v, "iso") == 0)
-				DaemonAddr.sa.sa_family = AF_ISO;
-#endif
-#if NETNS
+				d->d_addr.sa.sa_family = AF_ISO;
+# endif /* NETISO */
+# if NETNS
 			else if (strcasecmp(v, "ns") == 0)
-				DaemonAddr.sa.sa_family = AF_NS;
-#endif
-#if NETX25
+				d->d_addr.sa.sa_family = AF_NS;
+# endif /* NETNS */
+# if NETX25
 			else if (strcasecmp(v, "x.25") == 0)
-				DaemonAddr.sa.sa_family = AF_CCITT;
-#endif
+				d->d_addr.sa.sa_family = AF_CCITT;
+# endif /* NETX25 */
 			else
-				syserr("554 Unknown address family %s in Family=option", v);
+				syserr("554 5.3.5 Unknown address family %s in Family=option",
+				       v);
 			break;
 
 		  case 'A':		/* address */
-			switch (DaemonAddr.sa.sa_family)
+			switch (d->d_addr.sa.sa_family)
 			{
-#if NETINET
+# if NETINET
 			  case AF_INET:
-				if (isascii(*v) && isdigit(*v))
-					DaemonAddr.sin.sin_addr.s_addr = inet_addr(v);
-				else
+				if (!isascii(*v) || !isdigit(*v) ||
+				    ((d->d_addr.sin.sin_addr.s_addr = inet_addr(v)) == INADDR_NONE))
 				{
 					register struct hostent *hp;
 
-					hp = sm_gethostbyname(v);
+					hp = sm_gethostbyname(v, AF_INET);
 					if (hp == NULL)
-						syserr("554 host \"%s\" unknown", v);
+						syserr("554 5.3.0 host \"%s\" unknown",
+						       v);
 					else
-						bcopy(hp->h_addr, &DaemonAddr.sin.sin_addr, INADDRSZ);
+					{
+						while (*(hp->h_addr_list) &&
+						       hp->h_addrtype != AF_INET)
+							hp->h_addr_list++;
+						if (*(hp->h_addr_list) == NULL)
+							syserr("554 5.3.0 host \"%s\" unknown",
+							       v);
+						else
+							memmove(&d->d_addr.sin.sin_addr,
+								*(hp->h_addr_list),
+								INADDRSZ);
+					}
 				}
 				break;
-#endif
+# endif /* NETINET */
+
+# if NETINET6
+			  case AF_INET6:
+				if (!isascii(*v) || !isxdigit(*v) ||
+				    inet_pton(AF_INET6, v,
+					      &d->d_addr.sin6.sin6_addr) != 1)
+				{
+					register struct hostent *hp;
+
+					hp = sm_gethostbyname(v, AF_INET6);
+					if (hp == NULL)
+						syserr("554 5.3.0 host \"%s\" unknown",
+						       v);
+					else
+					{
+						while (*(hp->h_addr_list) &&
+						       hp->h_addrtype != AF_INET6)
+							hp->h_addr_list++;
+						if (*(hp->h_addr_list) == NULL)
+							syserr("554 5.3.0 host \"%s\" unknown",
+							       v);
+						else
+							memmove(&d->d_addr.sin6.sin6_addr,
+								*(hp->h_addr_list),
+								IN6ADDRSZ);
+					}
+				}
+				break;
+# endif /* NETINET6 */
 
 			  default:
-				syserr("554 Address= option unsupported for family %d",
-					DaemonAddr.sa.sa_family);
+				syserr("554 5.3.5 address= option unsupported for family %d",
+				       d->d_addr.sa.sa_family);
 				break;
 			}
 			break;
 
 		  case 'P':		/* port */
-			switch (DaemonAddr.sa.sa_family)
+			switch (d->d_addr.sa.sa_family)
 			{
-#if NETISO
-				short port;
-#endif
-
-#if NETINET
+# if NETINET
 			  case AF_INET:
 				if (isascii(*v) && isdigit(*v))
-					DaemonAddr.sin.sin_port = htons(atoi(v));
+					d->d_addr.sin.sin_port = htons((u_short)atoi((const char *)v));
 				else
 				{
+#  ifdef NO_GETSERVBYNAME
+					syserr("554 5.3.5 invalid port number: %s",
+					       v);
+#  else /* NO_GETSERVBYNAME */
 					register struct servent *sp;
 
 					sp = getservbyname(v, "tcp");
 					if (sp == NULL)
-						syserr("554 service \"%s\" unknown", v);
+						syserr("554 5.3.5 service \"%s\" unknown",
+						       v);
 					else
-						DaemonAddr.sin.sin_port = sp->s_port;
+						d->d_addr.sin.sin_port = sp->s_port;
+#  endif /* NO_GETSERVBYNAME */
 				}
 				break;
-#endif
+# endif /* NETINET */
+
+# if NETINET6
+			  case AF_INET6:
+				if (isascii(*v) && isdigit(*v))
+					d->d_addr.sin6.sin6_port = htons((u_short)atoi(v));
+				else
+				{
+#  ifdef NO_GETSERVBYNAME
+					syserr("554 5.3.5 invalid port number: %s",
+					       v);
+#  else /* NO_GETSERVBYNAME */
+					register struct servent *sp;
 
-#if NETISO
+					sp = getservbyname(v, "tcp");
+					if (sp == NULL)
+						syserr("554 5.3.5 service \"%s\" unknown",
+						       v);
+					else
+						d->d_addr.sin6.sin6_port = sp->s_port;
+#  endif /* NO_GETSERVBYNAME */
+				}
+				break;
+# endif /* NETINET6 */
+
+# if NETISO
 			  case AF_ISO:
 				/* assume two byte transport selector */
 				if (isascii(*v) && isdigit(*v))
-					port = htons(atoi(v));
+					port = htons((u_short)atoi(v));
 				else
 				{
+#  ifdef NO_GETSERVBYNAME
+					syserr("554 5.3.5 invalid port number: %s",
+					       v);
+#  else /* NO_GETSERVBYNAME */
 					register struct servent *sp;
 
 					sp = getservbyname(v, "tcp");
 					if (sp == NULL)
-						syserr("554 service \"%s\" unknown", v);
+						syserr("554 5.3.5 service \"%s\" unknown",
+						       v);
 					else
 						port = sp->s_port;
+#  endif /* NO_GETSERVBYNAME */
 				}
-				bcopy((char *) &port, TSEL(&DaemonAddr.siso), 2);
+				memmove(TSEL(&d->d_addr.siso),
+					(char *) &port, 2);
 				break;
-#endif
+# endif /* NETISO */
 
 			  default:
-				syserr("554 Port= option unsupported for family %d",
-					DaemonAddr.sa.sa_family);
+				syserr("554 5.3.5 Port= option unsupported for family %d",
+				       d->d_addr.sa.sa_family);
 				break;
 			}
 			break;
 
 		  case 'L':		/* listen queue size */
-			ListenQueueSize = atoi(v);
+			d->d_listenqueue = atoi(v);
+			break;
+
+		  case 'M':		/* modifiers (flags) */
+			l = 3 * strlen(v) + 3;
+			h = v;
+			flags = xalloc(l);
+			d->d_mflags = flags;
+			for (; *h != '\0'; h++)
+			{
+				if (!(isascii(*h) && isspace(*h)))
+				{
+					if (flags != d->d_mflags)
+						*f++ = ' ';
+					*flags++ = *h;
+					if (isupper(*h))
+						*flags++ = *h;
+				}
+			}
+			*flags++ = '\0';
+			for (; *v != '\0'; v++)
+				if (!(isascii(*v) && isspace(*v)))
+					setbitn(*v, d->d_flags);
 			break;
 
 		  case 'S':		/* send buffer size */
-			TcpSndBufferSize = atoi(v);
+			d->d_tcpsndbufsize = atoi(v);
 			break;
 
 		  case 'R':		/* receive buffer size */
-			TcpRcvBufferSize = atoi(v);
+			d->d_tcprcvbufsize = atoi(v);
+			break;
+
+		  case 'N':		/* name */
+			d->d_name = v;
 			break;
 
 		  default:
-			syserr("554 DaemonPortOptions parameter \"%s\" unknown", f);
+			syserr("554 5.3.5 PortOptions parameter \"%s\" unknown",
+			       f);
 		}
 	}
 }
 /*
-**  MAKECONNECTION -- make a connection to an SMTP socket on another machine.
+**  SETDAEMONOPTIONS -- set options for running the MTA daemon
+**
+**	Parameters:
+**		p -- the options line.
+**
+**	Returns:
+**		TRUE if successful, FALSE otherwise.
+*/
+
+bool
+setdaemonoptions(p)
+	register char *p;
+{
+	if (ndaemons >= MAXDAEMONS)
+		return FALSE;
+	Daemons[ndaemons].d_socket = -1;
+	Daemons[ndaemons].d_listenqueue = 10;
+	clrbitmap(Daemons[ndaemons].d_flags);
+	setsockaddroptions(p, &Daemons[ndaemons]);
+
+	if (Daemons[ndaemons].d_name != NULL)
+		Daemons[ndaemons].d_name = newstr(Daemons[ndaemons].d_name);
+	else
+	{
+		char num[30];
+
+		snprintf(num, sizeof num, "Daemon%d", ndaemons);
+		Daemons[ndaemons].d_name = newstr(num);
+	}
+
+	if (tTd(37, 1))
+	{
+		dprintf("Daemon %s flags: ", Daemons[ndaemons].d_name);
+		if (bitnset(D_ETRNONLY, Daemons[ndaemons].d_flags))
+			dprintf("ETRNONLY ");
+		if (bitnset(D_NOETRN, Daemons[ndaemons].d_flags))
+			dprintf("NOETRN ");
+		dprintf("\n");
+	}
+	++ndaemons;
+	return TRUE;
+}
+/*
+**  INITDAEMON -- initialize daemon if not yet done.
+**
+**	Parameters:
+**		none
+**
+**	Returns:
+**		none
+**
+**	Side Effects:
+**		initializes structure for one daemon.
+*/
+void
+initdaemon()
+{
+	if (ndaemons == 0)
+	{
+		Daemons[ndaemons].d_socket = -1;
+		Daemons[ndaemons].d_listenqueue = 10;
+		Daemons[ndaemons].d_name = "Daemon0";
+		ndaemons = 1;
+	}
+}
+/*
+**  SETCLIENTOPTIONS -- set options for running the client
+**
+**	Parameters:
+**		p -- the options line.
+**
+**	Returns:
+**		none.
+*/
+
+static SOCKADDR	ClientAddr;		/* address for client */
+
+void
+setclientoptions(p)
+	register char *p;
+{
+	struct daemon d;
+	extern ENVELOPE BlankEnvelope;
+
+	memset(&d, '\0', sizeof d);
+	setsockaddroptions(p, &d);
+
+	/* grab what we need */
+	memcpy(&ClientAddr, &d.d_addr, sizeof ClientAddr);
+	TcpSndBufferSize = d.d_tcpsndbufsize;
+	TcpRcvBufferSize = d.d_tcprcvbufsize;
+	if (d.d_mflags != NULL)
+		define(macid("{client_flags}", NULL), d.d_mflags,
+		       &BlankEnvelope);
+	else
+		define(macid("{client_flags}", NULL), "", &BlankEnvelope);
+}
+/*
+**  ADDR_FAMILY -- determine address family from address
+**
+**	Parameters:
+**		addr -- the string representation of the address
+**
+**	Returns:
+**		AF_INET, AF_INET6 or AF_UNSPEC
+**
+**	Side Effects:
+**		none.
+*/
+
+static int
+addr_family(addr)
+	char *addr;
+{
+# if NETINET6
+	SOCKADDR clt_addr;
+# endif /* NETINET6 */
+
+# if NETINET
+	if (inet_addr(addr) != INADDR_NONE)
+	{
+		if (tTd(16, 9))
+			printf("addr_family(%s): INET\n", addr);
+		return AF_INET;
+	}
+# endif /* NETINET */
+# if NETINET6
+	if (inet_pton(AF_INET6, addr, &clt_addr.sin6.sin6_addr) == 1)
+	{
+		if (tTd(16, 9))
+			printf("addr_family(%s): INET6\n", addr);
+		return AF_INET6;
+	}
+# endif /* NETINET6 */
+	if (tTd(16, 9))
+		printf("addr_family(%s): UNSPEC\n", addr);
+	return AF_UNSPEC;
+}
+/*
+**  MAKECONNECTION -- make a connection to an SMTP socket on a machine.
 **
 **	Parameters:
 **		host -- the name of the host.
@@ -833,19 +1441,12 @@ setdaemonoptions(p)
 
 static jmp_buf	CtxConnectTimeout;
 
-static void
-connecttimeout()
-{
-	errno = ETIMEDOUT;
-	longjmp(CtxConnectTimeout, 1);
-}
-
 SOCKADDR	CurHostAddr;		/* address of current host */
 
 int
 makeconnection(host, port, mci, e)
 	char *host;
-	u_short port;
+	volatile u_int port;
 	register MCI *mci;
 	ENVELOPE *e;
 {
@@ -853,54 +1454,221 @@ makeconnection(host, port, mci, e)
 	register volatile int s;
 	register struct hostent *volatile hp = (struct hostent *)NULL;
 	SOCKADDR addr;
-	int sav_errno;
-	volatile int addrlen;
+	SOCKADDR clt_addr;
+	int save_errno = 0;
+	volatile SOCKADDR_LEN_T addrlen;
 	volatile bool firstconnect;
 	EVENT *volatile ev = NULL;
+# if NETINET6
+	volatile bool v6found = FALSE;
+# endif /* NETINET6 */
+	volatile int family = InetMode;
+	SOCKADDR_LEN_T len;
+	volatile SOCKADDR_LEN_T socksize = 0;
+	volatile bool clt_bind;
+	BITMAP256 d_flags;
+	char *p;
+	extern ENVELOPE BlankEnvelope;
+
+	/* retranslate ${daemon_flags} into bitmap */
+	clrbitmap(d_flags);
+	if ((p = macvalue(macid("{daemon_flags}", NULL), e)) != NULL)
+	{
+		for (; *p != '\0'; p++)
+		{
+			if (!(isascii(*p) && isspace(*p)))
+				setbitn(*p, d_flags);
+		}
+	}
+
+	/* "add" ${client_flags} to bitmap */
+	if ((p = macvalue(macid("{client_flags}", NULL), e)) != NULL)
+	{
+		for (; *p != '\0'; p++)
+		{
+			/* look for just this one flag */
+			if (*p == D_IFNHELO)
+			{
+				setbitn(*p, d_flags);
+				break;
+			}
+		}
+	}
+
+# if NETINET6
+ v4retry:
+# endif /* NETINET6 */
+	clt_bind = FALSE;
+
+	/* Set up the address for outgoing connection. */
+	if (bitnset(D_BINDIF, d_flags) &&
+	    (p = macvalue(macid("{if_addr}", NULL), e)) != NULL)
+	{
+# if NETINET6
+		char p6[INET6_ADDRSTRLEN];
+# endif /* NETINET6 */
+
+		memset(&clt_addr, '\0', sizeof clt_addr);
+
+		/* infer the address family from the address itself */
+		clt_addr.sa.sa_family = addr_family(p);
+		switch (clt_addr.sa.sa_family)
+		{
+# if NETINET
+		  case AF_INET:
+			if ((clt_addr.sin.sin_addr.s_addr = inet_addr(p))
+			    != INADDR_NONE)
+			{
+				clt_bind = TRUE;
+				socksize = sizeof (struct sockaddr_in);
+			}
+			else if (clt_addr.sin.sin_port != 0)
+			{
+				clt_addr.sin.sin_addr.s_addr = INADDR_ANY;
+				clt_bind = TRUE;
+				socksize = sizeof (struct sockaddr_in);
+			}
+			break;
+# endif /* NETINET */
+
+# if NETINET6
+		  case AF_INET6:
+			if (inet_addr(p) != INADDR_NONE)
+				snprintf(p6, sizeof p6, "::ffff:%s", p);
+			else
+				strlcpy(p6, p, sizeof p6);
+			if (inet_pton(AF_INET6, p6,
+				      &clt_addr.sin6.sin6_addr) == 1)
+			{
+				clt_bind = TRUE;
+				socksize = sizeof (struct sockaddr_in6);
+			}
+			else if (clt_addr.sin6.sin6_port != 0)
+			{
+				if (IN6_IS_ADDR_UNSPECIFIED(&clt_addr.sin6.sin6_addr))
+					clt_addr.sin6.sin6_addr = in6addr_any;
+				clt_bind = TRUE;
+				socksize = sizeof (struct sockaddr_in6);
+			}
+			break;
+# endif /* NETINET6 */
+
+# if 0
+		  default:
+			syserr("554 5.3.5 Address= option unsupported for family %d",
+			       clt_addr.sa.sa_family);
+			break;
+# endif /* 0 */
+		}
+		if (clt_bind)
+			family = clt_addr.sa.sa_family;
+	}
+	else
+	{
+		STRUCTCOPY(ClientAddr, clt_addr);
+		if (clt_addr.sa.sa_family == AF_UNSPEC)
+			clt_addr.sa.sa_family = InetMode;
+		switch (clt_addr.sa.sa_family)
+		{
+# if NETINET
+		  case AF_INET:
+			if (clt_addr.sin.sin_addr.s_addr == 0)
+				clt_addr.sin.sin_addr.s_addr = INADDR_ANY;
+			else
+				clt_bind = TRUE;
+			if (clt_addr.sin.sin_port != 0)
+				clt_bind = TRUE;
+			socksize = sizeof (struct sockaddr_in);
+			break;
+# endif /* NETINET */
+# if NETINET6
+		  case AF_INET6:
+			if (IN6_IS_ADDR_UNSPECIFIED(&clt_addr.sin6.sin6_addr))
+				clt_addr.sin6.sin6_addr = in6addr_any;
+			else
+				clt_bind = TRUE;
+			socksize = sizeof (struct sockaddr_in6);
+			if (clt_addr.sin6.sin6_port != 0)
+				clt_bind = TRUE;
+			break;
+# endif /* NETINET6 */
+# if NETISO
+		  case AF_ISO:
+			socksize = sizeof clt_addr.siso;
+			clt_bind = TRUE;
+			break;
+# endif /* NETISO */
+		  default:
+			break;
+		}
+	}
 
 	/*
 	**  Set up the address for the mailer.
 	**	Accept "[a.b.c.d]" syntax for host name.
 	*/
 
-#if NAMED_BIND
+# if NAMED_BIND
 	h_errno = 0;
-#endif
+# endif /* NAMED_BIND */
 	errno = 0;
-	bzero(&CurHostAddr, sizeof CurHostAddr);
+	memset(&CurHostAddr, '\0', sizeof CurHostAddr);
+	memset(&addr, '\0', sizeof addr);
 	SmtpPhase = mci->mci_phase = "initial connection";
 	CurHostName = host;
 
 	if (host[0] == '[')
 	{
-#if NETINET
-		unsigned long hid = INADDR_NONE;
-#endif
-		register char *p = strchr(host, ']');
-
+		p = strchr(host, ']');
 		if (p != NULL)
 		{
+# if NETINET
+			unsigned long hid = INADDR_NONE;
+# endif /* NETINET */
+# if NETINET6
+			struct sockaddr_in6 hid6;
+# endif /* NETINET6 */
+
 			*p = '\0';
-#if NETINET
-			hid = inet_addr(&host[1]);
-			if (hid == INADDR_NONE)
-#endif
+# if NETINET6
+			memset(&hid6, '\0', sizeof hid6);
+# endif /* NETINET6 */
+# if NETINET
+			if (family == AF_INET &&
+			    (hid = inet_addr(&host[1])) != INADDR_NONE)
+			{
+				addr.sin.sin_family = AF_INET;
+				addr.sin.sin_addr.s_addr = hid;
+			}
+			else
+# endif /* NETINET */
+# if NETINET6
+			if (family == AF_INET6 &&
+			    inet_pton(AF_INET6, &host[1],
+				      &hid6.sin6_addr) == 1)
+			{
+				addr.sin6.sin6_family = AF_INET6;
+				addr.sin6.sin6_addr = hid6.sin6_addr;
+			}
+			else
+# endif /* NETINET6 */
 			{
 				/* try it as a host name (avoid MX lookup) */
-				hp = sm_gethostbyname(&host[1]);
+				hp = sm_gethostbyname(&host[1], family);
 				if (hp == NULL && p[-1] == '.')
 				{
-#if NAMED_BIND
+# if NAMED_BIND
 					int oldopts = _res.options;
 
 					_res.options &= ~(RES_DEFNAMES|RES_DNSRCH);
-#endif
+# endif /* NAMED_BIND */
 					p[-1] = '\0';
-					hp = sm_gethostbyname(&host[1]);
+					hp = sm_gethostbyname(&host[1],
+							      family);
 					p[-1] = '.';
-#if NAMED_BIND
+# if NAMED_BIND
 					_res.options = oldopts;
-#endif
+# endif /* NAMED_BIND */
 				}
 				*p = ']';
 				goto gothostent;
@@ -911,62 +1679,87 @@ makeconnection(host, port, mci, e)
 		{
 			extern char MsgBuf[];
 
-			usrerr("553 Invalid numeric domain spec \"%s\"", host);
+			usrerrenh("5.1.2",
+				  "553 Invalid numeric domain spec \"%s\"",
+				  host);
 			mci_setstat(mci, EX_NOHOST, "5.1.2", MsgBuf);
+			errno = EINVAL;
 			return EX_NOHOST;
 		}
-#if NETINET
-		addr.sin.sin_family = AF_INET;		/*XXX*/
-		addr.sin.sin_addr.s_addr = hid;
-#endif
 	}
 	else
 	{
 		/* contortion to get around SGI cc complaints */
 		{
-			register char *p = &host[strlen(host) - 1];
-
-			hp = sm_gethostbyname(host);
+			p = &host[strlen(host) - 1];
+			hp = sm_gethostbyname(host, family);
 			if (hp == NULL && *p == '.')
 			{
-#if NAMED_BIND
+# if NAMED_BIND
 				int oldopts = _res.options;
 
 				_res.options &= ~(RES_DEFNAMES|RES_DNSRCH);
-#endif
+# endif /* NAMED_BIND */
 				*p = '\0';
-				hp = sm_gethostbyname(host);
+				hp = sm_gethostbyname(host, family);
 				*p = '.';
-#if NAMED_BIND
+# if NAMED_BIND
 				_res.options = oldopts;
-#endif
+# endif /* NAMED_BIND */
 			}
 		}
 gothostent:
 		if (hp == NULL)
 		{
-#if NAMED_BIND
+# if NAMED_BIND
 			/* check for name server timeouts */
 			if (errno == ETIMEDOUT || h_errno == TRY_AGAIN ||
 			    (errno == ECONNREFUSED && UseNameServer))
 			{
+				save_errno = errno;
 				mci_setstat(mci, EX_TEMPFAIL, "4.4.3", NULL);
+				errno = save_errno;
 				return EX_TEMPFAIL;
 			}
-#endif
+# endif /* NAMED_BIND */
+# if NETINET6
+			/*
+			**  Try v6 first, then fall back to v4.
+			**  If we found a v6 address, but no v4
+			**  addresses, then TEMPFAIL.
+			*/
+
+			if (family == AF_INET6)
+			{
+				family = AF_INET;
+				goto v4retry;
+			}
+			if (v6found)
+				goto v6tempfail;
+# endif /* NETINET6 */
+			save_errno = errno;
 			mci_setstat(mci, EX_NOHOST, "5.1.2", NULL);
-			return (EX_NOHOST);
+			errno = save_errno;
+			return EX_NOHOST;
 		}
 		addr.sa.sa_family = hp->h_addrtype;
 		switch (hp->h_addrtype)
 		{
-#if NETINET
+# if NETINET
 		  case AF_INET:
-			bcopy(hp->h_addr,
-				&addr.sin.sin_addr,
+			memmove(&addr.sin.sin_addr,
+				hp->h_addr,
 				INADDRSZ);
 			break;
-#endif
+# endif /* NETINET */
+
+# if NETINET6
+		  case AF_INET6:
+			memmove(&addr.sin6.sin6_addr,
+				hp->h_addr,
+				IN6ADDRSZ);
+			break;
+# endif /* NETINET6 */
 
 		  default:
 			if (hp->h_length > sizeof addr.sa.sa_data)
@@ -974,10 +1767,11 @@ gothostent:
 				syserr("makeconnection: long sa_data: family %d len %d",
 					hp->h_addrtype, hp->h_length);
 				mci_setstat(mci, EX_NOHOST, "5.1.2", NULL);
+				errno = EINVAL;
 				return EX_NOHOST;
 			}
-			bcopy(hp->h_addr,
-				addr.sa.sa_data,
+			memmove(addr.sa.sa_data,
+				hp->h_addr,
 				hp->h_length);
 			break;
 		}
@@ -990,57 +1784,69 @@ gothostent:
 
 	if (port == 0)
 	{
+# ifdef NO_GETSERVBYNAME
+		port = htons(25);
+# else /* NO_GETSERVBYNAME */
 		register struct servent *sp = getservbyname("smtp", "tcp");
 
 		if (sp == NULL)
 		{
 			if (LogLevel > 2)
 				sm_syslog(LOG_ERR, NOQID,
-					"makeconnection: service \"smtp\" unknown");
+					  "makeconnection: service \"smtp\" unknown");
 			port = htons(25);
 		}
 		else
 			port = sp->s_port;
+# endif /* NO_GETSERVBYNAME */
 	}
 
 	switch (addr.sa.sa_family)
 	{
-#if NETINET
+# if NETINET
 	  case AF_INET:
 		addr.sin.sin_port = port;
 		addrlen = sizeof (struct sockaddr_in);
 		break;
-#endif
+# endif /* NETINET */
 
-#if NETISO
+# if NETINET6
+	  case AF_INET6:
+		addr.sin6.sin6_port = port;
+		addrlen = sizeof (struct sockaddr_in6);
+		break;
+# endif /* NETINET6 */
+
+# if NETISO
 	  case AF_ISO:
 		/* assume two byte transport selector */
-		bcopy((char *) &port, TSEL((struct sockaddr_iso *) &addr), 2);
+		memmove(TSEL((struct sockaddr_iso *) &addr), (char *) &port, 2);
 		addrlen = sizeof (struct sockaddr_iso);
 		break;
-#endif
+# endif /* NETISO */
 
 	  default:
 		syserr("Can't connect to address family %d", addr.sa.sa_family);
 		mci_setstat(mci, EX_NOHOST, "5.1.2", NULL);
-		return (EX_NOHOST);
+		errno = EINVAL;
+		return EX_NOHOST;
 	}
 
 	/*
 	**  Try to actually open the connection.
 	*/
 
-#ifdef XLA
+# ifdef XLA
 	/* if too many connections, don't bother trying */
 	if (!xla_noqueue_ok(host))
 		return EX_TEMPFAIL;
-#endif
+# endif /* XLA */
 
 	firstconnect = TRUE;
 	for (;;)
 	{
 		if (tTd(16, 1))
-			printf("makeconnection (%s [%s])\n",
+			dprintf("makeconnection (%s [%s])\n",
 				host, anynet_ntoa(&addr));
 
 		/* save for logging */
@@ -1058,16 +1864,17 @@ gothostent:
 		}
 		if (s < 0)
 		{
-			sav_errno = errno;
+			save_errno = errno;
 			syserr("makeconnection: cannot create socket");
-#ifdef XLA
+# ifdef XLA
 			xla_host_end(host);
-#endif
+# endif /* XLA */
 			mci_setstat(mci, EX_TEMPFAIL, "4.4.5", NULL);
+			errno = save_errno;
 			return EX_TEMPFAIL;
 		}
 
-#ifdef SO_SNDBUF
+# ifdef SO_SNDBUF
 		if (TcpSndBufferSize > 0)
 		{
 			if (setsockopt(s, SOL_SOCKET, SO_SNDBUF,
@@ -1075,21 +1882,71 @@ gothostent:
 				       sizeof(TcpSndBufferSize)) < 0)
 				syserr("makeconnection: setsockopt(SO_SNDBUF)");
 		}
-#endif
+# endif /* SO_SNDBUF */
+# ifdef SO_RCVBUF
+		if (TcpRcvBufferSize > 0)
+		{
+			if (setsockopt(s, SOL_SOCKET, SO_RCVBUF,
+				       (char *) &TcpRcvBufferSize,
+				       sizeof(TcpRcvBufferSize)) < 0)
+				syserr("makeconnection: setsockopt(SO_RCVBUF)");
+		}
+# endif /* SO_RCVBUF */
+
 
 		if (tTd(16, 1))
-			printf("makeconnection: fd=%d\n", s);
+			dprintf("makeconnection: fd=%d\n", s);
 
 		/* turn on network debugging? */
 		if (tTd(16, 101))
 		{
 			int on = 1;
+
 			(void) setsockopt(s, SOL_SOCKET, SO_DEBUG,
 					  (char *)&on, sizeof on);
 		}
 		if (e->e_xfp != NULL)
-			(void) fflush(e->e_xfp);		/* for debugging */
-		errno = 0;					/* for debugging */
+			(void) fflush(e->e_xfp);	/* for debugging */
+		errno = 0;				/* for debugging */
+
+		if (clt_bind)
+		{
+			int on = 1;
+
+			switch (clt_addr.sa.sa_family)
+			{
+# if NETINET
+			  case AF_INET:
+				if (clt_addr.sin.sin_port != 0)
+					(void) setsockopt(s, SOL_SOCKET,
+							  SO_REUSEADDR,
+							  (char *) &on,
+							  sizeof on);
+				break;
+# endif /* NETINET */
+
+# if NETINET6
+			  case AF_INET6:
+				if (clt_addr.sin6.sin6_port != 0)
+					(void) setsockopt(s, SOL_SOCKET,
+							  SO_REUSEADDR,
+							  (char *) &on,
+							  sizeof on);
+				break;
+# endif /* NETINET6 */
+			}
+
+			if (bind(s, &clt_addr.sa, socksize) < 0)
+			{
+				save_errno = errno;
+				(void) close(s);
+				errno = save_errno;
+				syserr("makeconnection: cannot bind socket [%s]",
+				       anynet_ntoa(&clt_addr));
+				errno = save_errno;
+				return EX_TEMPFAIL;
+			}
+		}
 
 		/*
 		**  Linux seems to hang in connect for 90 minutes (!!!).
@@ -1107,29 +1964,40 @@ gothostent:
 			else
 				ev = NULL;
 
-#if _FFR_CONNECTONLYTO_OPTION
-			/* for testing */
-			if (ConnectOnlyTo != 0)
-				addr.sin.sin_addr.s_addr = ConnectOnlyTo;
-#endif
+			switch (ConnectOnlyTo.sa.sa_family)
+			{
+# if NETINET
+			  case AF_INET:
+				addr.sin.sin_addr.s_addr = ConnectOnlyTo.sin.sin_addr.s_addr;
+				break;
+# endif /* NETINET */
+
+# if NETINET6
+			  case AF_INET6:
+				memmove(&addr.sin6.sin6_addr,
+					&ConnectOnlyTo.sin6.sin6_addr,
+					IN6ADDRSZ);
+				break;
+# endif /* NETINET6 */
+			}
 			i = connect(s, (struct sockaddr *) &addr, addrlen);
-			sav_errno = errno;
+			save_errno = errno;
 			if (ev != NULL)
 				clrevent(ev);
 			if (i >= 0)
 				break;
 		}
 		else
-			sav_errno = errno;
+			save_errno = errno;
 
 		/* if running demand-dialed connection, try again */
 		if (DialDelay > 0 && firstconnect)
 		{
 			if (tTd(16, 1))
-				printf("Connect failed (%s); trying again...\n",
-					errstring(sav_errno));
+				dprintf("Connect failed (%s); trying again...\n",
+					errstring(save_errno));
 			firstconnect = FALSE;
-			sleep(DialDelay);
+			(void) sleep(DialDelay);
 			continue;
 		}
 
@@ -1140,53 +2008,224 @@ gothostent:
 			sm_syslog(LOG_INFO, e->e_id,
 				  "makeconnection (%s [%s]) failed: %s",
 				  host, anynet_ntoa(&addr),
-				  errstring(sav_errno));
+				  errstring(save_errno));
 
 		if (hp != NULL && hp->h_addr_list[addrno] != NULL)
 		{
 			if (tTd(16, 1))
-				printf("Connect failed (%s); trying new address....\n",
-					errstring(sav_errno));
+				dprintf("Connect failed (%s); trying new address....\n",
+					errstring(save_errno));
 			switch (addr.sa.sa_family)
 			{
-#if NETINET
+# if NETINET
 			  case AF_INET:
-				bcopy(hp->h_addr_list[addrno++],
-				      &addr.sin.sin_addr,
-				      INADDRSZ);
+				memmove(&addr.sin.sin_addr,
+					hp->h_addr_list[addrno++],
+					INADDRSZ);
 				break;
-#endif
+# endif /* NETINET */
+
+# if NETINET6
+			  case AF_INET6:
+				memmove(&addr.sin6.sin6_addr,
+					hp->h_addr_list[addrno++],
+					IN6ADDRSZ);
+				break;
+# endif /* NETINET6 */
 
 			  default:
-				bcopy(hp->h_addr_list[addrno++],
-					addr.sa.sa_data,
+				memmove(addr.sa.sa_data,
+					hp->h_addr_list[addrno++],
 					hp->h_length);
 				break;
 			}
 			continue;
 		}
+		errno = save_errno;
 
+# if NETINET6
+		if (family == AF_INET6)
+		{
+			if (tTd(16, 1))
+				dprintf("Connect failed (%s); retrying with AF_INET....\n",
+					errstring(save_errno));
+			v6found = TRUE;
+			family = AF_INET;
+			goto v4retry;
+		}
+	v6tempfail:
+# endif /* NETINET6 */
 		/* couldn't open connection */
-#ifdef XLA
+# if NETINET6
+		/* Don't clobber an already saved errno from v4retry */
+		if (errno > 0)
+# endif /* NETINET6 */
+			save_errno = errno;
+		if (tTd(16, 1))
+			dprintf("Connect failed (%s)\n", errstring(save_errno));
+# ifdef XLA
 		xla_host_end(host);
-#endif
+# endif /* XLA */
 		mci_setstat(mci, EX_TEMPFAIL, "4.4.1", NULL);
+		errno = save_errno;
 		return EX_TEMPFAIL;
 	}
 
 	/* connection ok, put it into canonical form */
+	mci->mci_out = NULL;
 	if ((mci->mci_out = fdopen(s, "w")) == NULL ||
 	    (s = dup(s)) < 0 ||
 	    (mci->mci_in = fdopen(s, "r")) == NULL)
 	{
+		save_errno = errno;
 		syserr("cannot open SMTP client channel, fd=%d", s);
 		mci_setstat(mci, EX_TEMPFAIL, "4.4.5", NULL);
+		if (mci->mci_out != NULL)
+			(void) fclose(mci->mci_out);
+		(void) close(s);
+		errno = save_errno;
+		return EX_TEMPFAIL;
+	}
+
+	/* find out name for Interface through which we connect */
+	len = sizeof addr;
+	if (getsockname(s, &addr.sa, &len) == 0)
+	{
+		char *name;
+		char *p;
+
+		define(macid("{if_addr}", NULL), newstr(anynet_ntoa(&addr)),
+		       &BlankEnvelope);
+		p = xalloc(5);
+		snprintf(p, 4, "%d", addr.sa.sa_family);
+		define(macid("{if_family}", NULL), p, &BlankEnvelope);
+
+		name = hostnamebyanyaddr(&addr);
+		define(macid("{if_name}", NULL), newstr(name), &BlankEnvelope);
+		if (LogLevel > 11)
+		{
+			/* log connection information */
+			sm_syslog(LOG_INFO, e->e_id,
+				  "SMTP outgoing connect on %.40s", name);
+		}
+		if (bitnset(D_IFNHELO, d_flags))
+		{
+			if (name[0] != '[' && strchr(name, '.') != NULL)
+				mci->mci_heloname = newstr(name);
+		}
+	}
+	else
+	{
+		define(macid("{if_name}", NULL), NULL, &BlankEnvelope);
+		define(macid("{if_addr}", NULL), NULL, &BlankEnvelope);
+		define(macid("{if_family}", NULL), NULL, &BlankEnvelope);
+	}
+	mci_setstat(mci, EX_OK, NULL, NULL);
+	return EX_OK;
+}
+
+static void
+connecttimeout()
+{
+	errno = ETIMEDOUT;
+	longjmp(CtxConnectTimeout, 1);
+}
+/*
+**  MAKECONNECTION_DS -- make a connection to a domain socket.
+**
+**	Parameters:
+**		mux_path -- the path of the socket to connect to.
+**		mci -- a pointer to the mail connection information
+**			structure to be filled in.
+**
+**	Returns:
+**		An exit code telling whether the connection could be
+**			made and if not why not.
+**
+**	Side Effects:
+**		none.
+*/
+
+# if NETUNIX
+int makeconnection_ds(mux_path, mci)
+	char *mux_path;
+	register MCI *mci;
+{
+	int sock;
+	int rval, save_errno;
+	long sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_ROOTOK|SFF_EXECOK;
+	struct sockaddr_un unix_addr;
+
+	/* if not safe, don't connect */
+	rval = safefile(mux_path, RunAsUid, RunAsGid, RunAsUserName,
+			sff, S_IRUSR|S_IWUSR, NULL);
+
+	if (rval != 0)
+	{
+		syserr("makeconnection_ds: unsafe domain socket");
+		mci_setstat(mci, EX_TEMPFAIL, "4.3.5", NULL);
+		errno = rval;
+		return EX_TEMPFAIL;
+	}
+
+	/* prepare address structure */
+	memset(&unix_addr, '\0', sizeof unix_addr);
+	unix_addr.sun_family = AF_UNIX;
+
+	if (strlen(mux_path) >= sizeof unix_addr.sun_path)
+	{
+		syserr("makeconnection_ds: domain socket name too long");
+		/* XXX why TEMPFAIL ? */
+		mci_setstat(mci, EX_TEMPFAIL, "5.3.5", NULL);
+		errno = ENAMETOOLONG;
+		return EX_UNAVAILABLE;
+	}
+	(void) strlcpy(unix_addr.sun_path, mux_path, sizeof unix_addr.sun_path);
+
+	/* initialize domain socket */
+	sock = socket(AF_UNIX, SOCK_STREAM, 0);
+	if (sock == -1)
+	{
+		save_errno = errno;
+		syserr("makeconnection_ds: could not create domain socket");
+		mci_setstat(mci, EX_TEMPFAIL, "4.4.5", NULL);
+		errno = save_errno;
+		return EX_TEMPFAIL;
+	}
+
+	/* connect to server */
+	if (connect(sock, (struct sockaddr *) &unix_addr,
+		    sizeof(unix_addr)) == -1)
+	{
+		save_errno = errno;
+		syserr("Could not connect to socket %s", mux_path);
+		mci_setstat(mci, EX_TEMPFAIL, "4.4.1", NULL);
+		(void) close(sock);
+		errno = save_errno;
+		return EX_TEMPFAIL;
+	}
+
+	/* connection ok, put it into canonical form */
+	mci->mci_out = NULL;
+	if ((mci->mci_out = fdopen(sock, "w")) == NULL ||
+	    (sock = dup(sock)) < 0 ||
+	    (mci->mci_in = fdopen(sock, "r")) == NULL)
+	{
+		save_errno = errno;
+		syserr("cannot open SMTP client channel, fd=%d", sock);
+		mci_setstat(mci, EX_TEMPFAIL, "4.4.5", NULL);
+		if (mci->mci_out != NULL)
+			(void) fclose(mci->mci_out);
+		(void) close(sock);
+		errno = save_errno;
 		return EX_TEMPFAIL;
 	}
 
 	mci_setstat(mci, EX_OK, NULL, NULL);
-	return (EX_OK);
+	errno = 0;
+	return EX_OK;
 }
+# endif /* NETUNIX */
 /*
 **  MYHOSTNAME -- return the name of this host.
 **
@@ -1210,16 +2249,29 @@ myhostname(hostbuf, size)
 
 	if (gethostname(hostbuf, size) < 0)
 	{
-		(void) strcpy(hostbuf, "localhost");
+		(void) strlcpy(hostbuf, "localhost", size);
 	}
-	hp = sm_gethostbyname(hostbuf);
+	hp = sm_gethostbyname(hostbuf, InetMode);
 	if (hp == NULL)
 		return NULL;
 	if (strchr(hp->h_name, '.') != NULL || strchr(hostbuf, '.') == NULL)
+		(void) cleanstrcpy(hostbuf, hp->h_name, size);
+
+# if NETINFO
+	if (strchr(hostbuf, '.') == NULL)
 	{
-		(void) strncpy(hostbuf, hp->h_name, size - 1);
-		hostbuf[size - 1] = '\0';
+		char *domainname;
+
+		domainname = ni_propval("/locations", NULL, "resolver",
+					"domain", '\0');
+		if (domainname != NULL &&
+		    strlen(domainname) + strlen(hostbuf) + 1 < size)
+		{
+			(void) strlcat(hostbuf, ".", size);
+			(void) strlcat(hostbuf, domainname, size);
+		}
 	}
+# endif /* NETINFO */
 
 	/*
 	**  If there is still no dot in the name, try looking for a
@@ -1230,11 +2282,11 @@ myhostname(hostbuf, size)
 	{
 		char **ha;
 
-		for (ha = hp->h_aliases; *ha != NULL; ha++)
+		for (ha = hp->h_aliases; ha != NULL && *ha != NULL; ha++)
 		{
 			if (strchr(*ha, '.') != NULL)
 			{
-				(void) strncpy(hostbuf, *ha, size - 1);
+				(void) cleanstrcpy(hostbuf, *ha, size - 1);
 				hostbuf[size - 1] = '\0';
 				break;
 			}
@@ -1254,21 +2306,21 @@ myhostname(hostbuf, size)
 	    !getcanonname(hostbuf, size, TRUE))
 	{
 		sm_syslog(LOG_CRIT, NOQID,
-			"My unqualified host name (%s) unknown; sleeping for retry",
-			hostbuf);
+			  "My unqualified host name (%s) unknown; sleeping for retry",
+			  hostbuf);
 		message("My unqualified host name (%s) unknown; sleeping for retry",
 			hostbuf);
-		sleep(60);
+		(void) sleep(60);
 		if (!getcanonname(hostbuf, size, TRUE))
 		{
 			sm_syslog(LOG_ALERT, NOQID,
-				"unable to qualify my own domain name (%s) -- using short name",
-				hostbuf);
+				  "unable to qualify my own domain name (%s) -- using short name",
+				  hostbuf);
 			message("WARNING: unable to qualify my own domain name (%s) -- using short name",
 				hostbuf);
 		}
 	}
-	return (hp);
+	return hp;
 }
 /*
 **  ADDRCMP -- compare two host addresses
@@ -1283,24 +2335,44 @@ myhostname(hostbuf, size)
 **		else -- they don't match
 */
 
-int
+static int
 addrcmp(hp, ha, sa)
 	struct hostent *hp;
 	char *ha;
 	SOCKADDR *sa;
 {
+# if NETINET6
+	u_char *a;
+# endif /* NETINET6 */
+
 	switch (sa->sa.sa_family)
 	{
+# if NETINET
 	  case AF_INET:
 		if (hp->h_addrtype == AF_INET)
-			return bcmp(ha, (char *) &sa->sin.sin_addr, hp->h_length);
+			return memcmp(ha, (char *) &sa->sin.sin_addr, INADDRSZ);
 		break;
+# endif /* NETINET */
+
+# if NETINET6
+	  case AF_INET6:
+		a = (u_char *) &sa->sin6.sin6_addr;
+
+		/* Straight binary comparison */
+		if (hp->h_addrtype == AF_INET6)
+			return memcmp(ha, a, IN6ADDRSZ);
 
+		/* If IPv4-mapped IPv6 address, compare the IPv4 section */
+		if (hp->h_addrtype == AF_INET &&
+		    IN6_IS_ADDR_V4MAPPED(&sa->sin6.sin6_addr))
+			return memcmp(a + IN6ADDRSZ - INADDRSZ, ha, INADDRSZ);
+		break;
+# endif /* NETINET6 */
 	}
 	return -1;
 }
 /*
-**  GETAUTHINFO -- get the real host name asociated with a file descriptor
+**  GETAUTHINFO -- get the real host name associated with a file descriptor
 **
 **	Uses RFC1413 protocol to try to get info from the other end.
 **
@@ -1327,6 +2399,7 @@ getauthinfo(fd, may_be_forged)
 	int fd;
 	bool *may_be_forged;
 {
+	u_short port = 0;
 	SOCKADDR_LEN_T falen;
 	register char *volatile p = NULL;
 	SOCKADDR la;
@@ -1347,12 +2420,21 @@ getauthinfo(fd, may_be_forged)
 	if (isatty(fd) || (i = getpeername(fd, &RealHostAddr.sa, &falen)) < 0 ||
 	    falen <= 0 || RealHostAddr.sa.sa_family == 0)
 	{
-		if (i < 0 && errno != ENOTSOCK)
-			return NULL;
+		if (i < 0)
+		{
+			/*
+			**  ENOTSOCK is OK: bail on anything else, but reset
+			**  errno in this case, so a mis-report doesn't
+			**  happen later.
+			*/
+			if (errno != ENOTSOCK)
+				return NULL;
+			errno = 0;
+		}
 		(void) snprintf(hbuf, sizeof hbuf, "%s@localhost",
 			RealUserName);
 		if (tTd(9, 1))
-			printf("getauthinfo: %s\n", hbuf);
+			dprintf("getauthinfo: %s\n", hbuf);
 		return hbuf;
 	}
 
@@ -1377,7 +2459,8 @@ getauthinfo(fd, may_be_forged)
 	else
 	{
 		/* try to match the reverse against the forward lookup */
-		hp = sm_gethostbyname(RealHostName);
+		hp = sm_gethostbyname(RealHostName,
+				      RealHostAddr.sa.sa_family);
 
 		if (hp == NULL)
 			*may_be_forged = TRUE;
@@ -1394,27 +2477,75 @@ getauthinfo(fd, may_be_forged)
 		goto noident;
 
 	lalen = sizeof la;
-	if (RealHostAddr.sa.sa_family != AF_INET ||
-	    getsockname(fd, &la.sa, &lalen) < 0 || lalen <= 0 ||
-	    la.sa.sa_family != AF_INET)
+	switch (RealHostAddr.sa.sa_family)
 	{
-		/* no ident info */
-		goto noident;
-	}
+# if NETINET
+	  case AF_INET:
+		if (getsockname(fd, &la.sa, &lalen) < 0 ||
+		    lalen <= 0 ||
+		    la.sa.sa_family != AF_INET)
+		{
+			/* no ident info */
+			goto noident;
+		}
+		port = RealHostAddr.sin.sin_port;
 
-	/* create ident query */
-	(void) snprintf(ibuf, sizeof ibuf, "%d,%d\r\n",
-		ntohs(RealHostAddr.sin.sin_port), ntohs(la.sin.sin_port));
+		/* create ident query */
+		(void) snprintf(ibuf, sizeof ibuf, "%d,%d\r\n",
+				ntohs(RealHostAddr.sin.sin_port),
+				ntohs(la.sin.sin_port));
 
-	/* create local address */
-	la.sin.sin_port = 0;
+		/* create local address */
+		la.sin.sin_port = 0;
 
-	/* create foreign address */
-	sp = getservbyname("auth", "tcp");
-	if (sp != NULL)
-		RealHostAddr.sin.sin_port = sp->s_port;
-	else
+		/* create foreign address */
+#  ifdef NO_GETSERVBYNAME
 		RealHostAddr.sin.sin_port = htons(113);
+#  else /* NO_GETSERVBYNAME */
+		sp = getservbyname("auth", "tcp");
+		if (sp != NULL)
+			RealHostAddr.sin.sin_port = sp->s_port;
+		else
+			RealHostAddr.sin.sin_port = htons(113);
+		break;
+#  endif /* NO_GETSERVBYNAME */
+# endif /* NETINET */
+
+# if NETINET6
+	  case AF_INET6:
+		if (getsockname(fd, &la.sa, &lalen) < 0 ||
+		    lalen <= 0 ||
+		    la.sa.sa_family != AF_INET6)
+		{
+			/* no ident info */
+			goto noident;
+		}
+		port = RealHostAddr.sin6.sin6_port;
+
+		/* create ident query */
+		(void) snprintf(ibuf, sizeof ibuf, "%d,%d\r\n",
+				ntohs(RealHostAddr.sin6.sin6_port),
+				ntohs(la.sin6.sin6_port));
+
+		/* create local address */
+		la.sin6.sin6_port = 0;
+
+		/* create foreign address */
+#  ifdef NO_GETSERVBYNAME
+		RealHostAddr.sin6.sin6_port = htons(113);
+#  else /* NO_GETSERVBYNAME */
+		sp = getservbyname("auth", "tcp");
+		if (sp != NULL)
+			RealHostAddr.sin6.sin6_port = sp->s_port;
+		else
+			RealHostAddr.sin6.sin6_port = htons(113);
+		break;
+#  endif /* NO_GETSERVBYNAME */
+# endif /* NETINET6 */
+	  default:
+		/* no ident info */
+		goto noident;
+	}
 
 	s = -1;
 	if (setjmp(CtxAuthTimeout) != 0)
@@ -1427,21 +2558,22 @@ getauthinfo(fd, may_be_forged)
 	/* put a timeout around the whole thing */
 	ev = setevent(TimeOuts.to_ident, authtimeout, 0);
 
+
 	/* connect to foreign IDENT server using same address as SMTP socket */
-	s = socket(AF_INET, SOCK_STREAM, 0);
+	s = socket(la.sa.sa_family, SOCK_STREAM, 0);
 	if (s < 0)
 	{
 		clrevent(ev);
 		goto noident;
 	}
-	if (bind(s, &la.sa, sizeof la.sin) < 0 ||
-	    connect(s, &RealHostAddr.sa, sizeof RealHostAddr.sin) < 0)
+	if (bind(s, &la.sa, lalen) < 0 ||
+	    connect(s, &RealHostAddr.sa, lalen) < 0)
 	{
 		goto closeident;
 	}
 
 	if (tTd(9, 10))
-		printf("getauthinfo: sent %s", ibuf);
+		dprintf("getauthinfo: sent %s", ibuf);
 
 	/* send query */
 	if (write(s, ibuf, strlen(ibuf)) < 0)
@@ -1468,7 +2600,7 @@ getauthinfo(fd, may_be_forged)
 	*++p = '\0';
 
 	if (tTd(9, 3))
-		printf("getauthinfo:  got %s\n", ibuf);
+		dprintf("getauthinfo:  got %s\n", ibuf);
 
 	/* parse result */
 	p = strchr(ibuf, ':');
@@ -1536,19 +2668,37 @@ closeident:
 	clrevent(ev);
 
 noident:
+	/* put back the original incoming port */
+	switch (RealHostAddr.sa.sa_family)
+	{
+# if NETINET
+	  case AF_INET:
+		if (port > 0)
+			RealHostAddr.sin.sin_port = port;
+		break;
+# endif /* NETINET */
+
+# if NETINET6
+	  case AF_INET6:
+		if (port > 0)
+			RealHostAddr.sin6.sin6_port = port;
+		break;
+# endif /* NETINET6 */
+	}
+
 	if (RealHostName == NULL)
 	{
 		if (tTd(9, 1))
-			printf("getauthinfo: NULL\n");
+			dprintf("getauthinfo: NULL\n");
 		return NULL;
 	}
 	snprintf(hbuf, sizeof hbuf, "%s", RealHostName);
 
 postident:
-#if IP_SRCROUTE
-# ifndef GET_IPOPT_DST
-#  define GET_IPOPT_DST(dst)	(dst)
-# endif
+# if IP_SRCROUTE
+#  ifndef GET_IPOPT_DST
+#   define GET_IPOPT_DST(dst)	(dst)
+#  endif /* ! GET_IPOPT_DST */
 	/*
 	**  Extract IP source routing information.
 	**
@@ -1569,8 +2719,7 @@ postident:
 		u_char *q;
 		u_char *o;
 		int l;
-		struct in_addr addr;
-		struct ipoption ipopt;
+		struct IPOPTION ipopt;
 
 		ipoptlen = sizeof ipopt;
 		if (getsockopt(fd, IPPROTO_IP, IP_OPTIONS,
@@ -1578,12 +2727,12 @@ postident:
 			goto noipsr;
 		if (ipoptlen == 0)
 			goto noipsr;
-		o = (u_char *) ipopt.ipopt_list;
+		o = (u_char *) ipopt.IP_LIST;
 		while (o != NULL && o < (u_char *) &ipopt + ipoptlen)
 		{
 			switch (*o)
 			{
-			  case IPOPT_EOL: 
+			  case IPOPT_EOL:
 				o = NULL;
 				break;
 
@@ -1609,7 +2758,7 @@ postident:
 				snprintf(p, SPACELEFT(hbuf, p), " [%s@%.*s",
 				    *o == IPOPT_SSRR ? "!" : "",
 				    l > 240 ? 120 : l / 2,
-				    inet_ntoa(GET_IPOPT_DST(ipopt.ipopt_dst)));
+				    inet_ntoa(GET_IPOPT_DST(ipopt.IP_DST)));
 				i = strlen(p);
 				p += i;
 				l -= strlen(p);
@@ -1620,17 +2769,19 @@ postident:
 				q = &o[3];
 				for ( ; j >= 0; j--)
 				{
+					struct in_addr addr;
+
 					memcpy(&addr, q, sizeof(addr));
 					snprintf(p, SPACELEFT(hbuf, p),
-						"%c%.*s",
-						j != 0 ? '@' : ':',
-						l > 240 ? 120 :
-						    j == 0 ? l : l / 2,
-						inet_ntoa(addr));
+						 "%c%.*s",
+						 j != 0 ? '@' : ':',
+						 l > 240 ? 120 :
+						 j == 0 ? l : l / 2,
+						 inet_ntoa(addr));
 					i = strlen(p);
 					p += i;
 					l -= i + 1;
-					q += sizeof(struct in_addr); 
+					q += sizeof(struct in_addr);
 				}
 				o += o[1];
 				break;
@@ -1646,7 +2797,7 @@ postident:
 	}
 
 noipsr:
-#endif
+# endif /* IP_SRCROUTE */
 	if (RealHostName != NULL && RealHostName[0] != '[')
 	{
 		p = &hbuf[strlen(hbuf)];
@@ -1659,11 +2810,30 @@ noipsr:
 		(void) snprintf(p, SPACELEFT(hbuf, p), " (may be forged)");
 	}
 
-#if IP_SRCROUTE
+# if IP_SRCROUTE
 postipsr:
-#endif
+# endif /* IP_SRCROUTE */
 	if (tTd(9, 1))
-		printf("getauthinfo: %s\n", hbuf);
+		dprintf("getauthinfo: %s\n", hbuf);
+
+	/* put back the original incoming port */
+	switch (RealHostAddr.sa.sa_family)
+	{
+# if NETINET
+	  case AF_INET:
+		if (port > 0)
+			RealHostAddr.sin.sin_port = port;
+		break;
+# endif /* NETINET */
+
+# if NETINET6
+	  case AF_INET6:
+		if (port > 0)
+			RealHostAddr.sin6.sin6_port = port;
+		break;
+# endif /* NETINET6 */
+	}
+
 	return hbuf;
 }
 /*
@@ -1696,8 +2866,13 @@ host_map_lookup(map, name, av, statp)
 	int *statp;
 {
 	register struct hostent *hp;
+# if NETINET
 	struct in_addr in_addr;
-	char *cp;
+# endif /* NETINET */
+# if NETINET6
+	struct in6_addr in6_addr;
+# endif /* NETINET6 */
+	char *cp, *ans = NULL;
 	register STAB *s;
 	char hbuf[MAXNAME + 1];
 
@@ -1710,15 +2885,15 @@ host_map_lookup(map, name, av, statp)
 	if (bitset(NCF_VALID, s->s_namecanon.nc_flags))
 	{
 		if (tTd(9, 1))
-			printf("host_map_lookup(%s) => CACHE %s\n",
-			       name,
-			       s->s_namecanon.nc_cname == NULL
+			dprintf("host_map_lookup(%s) => CACHE %s\n",
+				name,
+				s->s_namecanon.nc_cname == NULL
 					? "NULL"
 					: s->s_namecanon.nc_cname);
 		errno = s->s_namecanon.nc_errno;
-#if NAMED_BIND
+# if NAMED_BIND
 		h_errno = s->s_namecanon.nc_herrno;
-#endif
+# endif /* NAMED_BIND */
 		*statp = s->s_namecanon.nc_stat;
 		if (*statp == EX_TEMPFAIL)
 		{
@@ -1731,9 +2906,9 @@ host_map_lookup(map, name, av, statp)
 		if (s->s_namecanon.nc_cname == NULL)
 		{
 			syserr("host_map_lookup(%s): bogus NULL cache entry, errno = %d, h_errno = %d",
-				name,
-				s->s_namecanon.nc_errno,
-				s->s_namecanon.nc_herrno);
+			       name,
+			       s->s_namecanon.nc_errno,
+			       s->s_namecanon.nc_herrno);
 			return NULL;
 		}
 		if (bitset(MF_MATCHONLY, map->map_mflags))
@@ -1752,10 +2927,11 @@ host_map_lookup(map, name, av, statp)
 	**  lookups because those could try to connect to a server.
 	*/
 
-	if (CurEnv->e_sendmode == SM_DEFER)
+	if (CurEnv->e_sendmode == SM_DEFER &&
+	    bitset(MF_DEFER, map->map_mflags))
 	{
 		if (tTd(9, 1))
-			printf("host_map_lookup(%s) => DEFERRED\n", name);
+			dprintf("host_map_lookup(%s) => DEFERRED\n", name);
 		*statp = EX_TEMPFAIL;
 		return NULL;
 	}
@@ -1767,96 +2943,96 @@ host_map_lookup(map, name, av, statp)
 	**  unknown.
 	*/
 
+	if (tTd(9, 1))
+		dprintf("host_map_lookup(%s) => ", name);
 	if (*name != '[')
 	{
-		if (tTd(9, 1))
-			printf("host_map_lookup(%s) => ", name);
-		s->s_namecanon.nc_flags |= NCF_VALID;		/* will be soon */
 		snprintf(hbuf, sizeof hbuf, "%s", name);
 		if (getcanonname(hbuf, sizeof hbuf - 1, !HasWildcardMX))
+			ans = hbuf;
+	}
+	else
+	{
+		if ((cp = strchr(name, ']')) == NULL)
+			return NULL;
+		*cp = '\0';
+
+		hp = NULL;
+# if NETINET
+		if ((in_addr.s_addr = inet_addr(&name[1])) != INADDR_NONE)
+			hp = sm_gethostbyaddr((char *)&in_addr,
+					      INADDRSZ, AF_INET);
+# endif /* NETINET */
+# if NETINET6
+		if (hp == NULL &&
+		    inet_pton(AF_INET6, &name[1], &in6_addr) == 1)
+			hp = sm_gethostbyaddr((char *)&in6_addr,
+					      IN6ADDRSZ, AF_INET6);
+# endif /* NETINET6 */
+		*cp = ']';
+
+		if (hp != NULL)
 		{
-			if (tTd(9, 1))
-				printf("%s\n", hbuf);
-			s->s_namecanon.nc_stat = EX_OK;
-			s->s_namecanon.nc_cname = newstr(hbuf);
-			if (bitset(MF_MATCHONLY, map->map_mflags))
-				cp = map_rewrite(map, name, strlen(name), NULL);
-			else
-				cp = map_rewrite(map, hbuf, strlen(hbuf), av);
-			return cp;
+			/* found a match -- copy out */
+			ans = denlstring((char *) hp->h_name, TRUE, TRUE);
 		}
-		else
-		{
-			s->s_namecanon.nc_errno = errno;
-#if NAMED_BIND
-			s->s_namecanon.nc_herrno = h_errno;
-			if (tTd(9, 1))
-				printf("FAIL (%d)\n", h_errno);
-			switch (h_errno)
-			{
-			  case TRY_AGAIN:
-				if (UseNameServer)
-				{
-					CurEnv->e_status = "4.4.3";
-					message("851 %s: Name server timeout",
-						shortenstring(name, 33));
-				}
-				*statp = EX_TEMPFAIL;
-				break;
-
-			  case HOST_NOT_FOUND:
-			  case NO_DATA:
-				*statp = EX_NOHOST;
-				break;
+	}
 
-			  case NO_RECOVERY:
-				*statp = EX_SOFTWARE;
-				break;
+	s->s_namecanon.nc_flags |= NCF_VALID;	/* will be soon */
 
-			  default:
-				*statp = EX_UNAVAILABLE;
-				break;
-			}
-#else
-			if (tTd(9, 1))
-				printf("FAIL\n");
-			*statp = EX_NOHOST;
-#endif
-			s->s_namecanon.nc_stat = *statp;
-			return NULL;
-		}
+	/* Found an answer */
+	if (ans != NULL)
+	{
+		s->s_namecanon.nc_stat = *statp = EX_OK;
+		s->s_namecanon.nc_cname = newstr(ans);
+		if (bitset(MF_MATCHONLY, map->map_mflags))
+			cp = map_rewrite(map, name, strlen(name), NULL);
+		else
+			cp = map_rewrite(map, ans, strlen(ans), av);
+		return cp;
 	}
-	if ((cp = strchr(name, ']')) == NULL)
-		return (NULL);
-	*cp = '\0';
-	in_addr.s_addr = inet_addr(&name[1]);
-	*cp = ']';
 
-	/* nope -- ask the name server */
-	hp = sm_gethostbyaddr((char *)&in_addr, INADDRSZ, AF_INET);
+
+	/* No match found */
 	s->s_namecanon.nc_errno = errno;
-#if NAMED_BIND
+# if NAMED_BIND
 	s->s_namecanon.nc_herrno = h_errno;
-#endif
-	s->s_namecanon.nc_flags |= NCF_VALID;		/* will be soon */
-	if (hp == NULL)
+	if (tTd(9, 1))
+		dprintf("FAIL (%d)\n", h_errno);
+	switch (h_errno)
 	{
-		s->s_namecanon.nc_stat = *statp = EX_NOHOST;
-		return (NULL);
-	}
+	  case TRY_AGAIN:
+		if (UseNameServer)
+		{
+			CurEnv->e_status = "4.4.3";
+			message("851 %s: Name server timeout",
+				shortenstring(name, 33));
+		}
+		*statp = EX_TEMPFAIL;
+		break;
 
-	/* found a match -- copy out */
-	hp->h_name = denlstring((char *) hp->h_name, TRUE, TRUE);
-	s->s_namecanon.nc_stat = *statp = EX_OK;
-	s->s_namecanon.nc_cname = newstr(hp->h_name);
-	if (bitset(MF_MATCHONLY, map->map_mflags))
-		cp = map_rewrite(map, name, strlen(name), NULL);
-	else
-		cp = map_rewrite(map, hp->h_name, strlen(hp->h_name), av);
-	return cp;
-}
+	  case HOST_NOT_FOUND:
+	  case NO_DATA:
+		*statp = EX_NOHOST;
+		break;
 
-# else /* DAEMON */
+	  case NO_RECOVERY:
+		*statp = EX_SOFTWARE;
+		break;
+
+	  default:
+		*statp = EX_UNAVAILABLE;
+		break;
+	}
+# else /* NAMED_BIND */
+	if (tTd(9, 1))
+		dprintf("FAIL\n");
+	*statp = EX_NOHOST;
+# endif /* NAMED_BIND */
+	s->s_namecanon.nc_stat = *statp;
+	return NULL;
+}
+#else /* DAEMON */
 /* code for systems without sophisticated networking */
 
 /*
@@ -1882,10 +3058,10 @@ myhostname(hostbuf, size)
 		fixcrlf(hostbuf, TRUE);
 		(void) fclose(f);
 	}
-	return (NULL);
+	return NULL;
 }
 /*
-**  GETAUTHINFO -- get the real host name asociated with a file descriptor
+**  GETAUTHINFO -- get the real host name associated with a file descriptor
 **
 **	Parameters:
 **		fd -- the descriptor
@@ -1911,7 +3087,7 @@ getauthinfo(fd, may_be_forged)
 	return NULL;
 }
 /*
-**  MAPHOSTNAME -- turn a hostname into canonical form
+**  HOST_MAP_LOOKUP -- turn a hostname into canonical form
 **
 **	Parameters:
 **		map -- a pointer to the database map.
@@ -1938,13 +3114,45 @@ host_map_lookup(map, name, avp, statp)
 	char **avp;
 	char *statp;
 {
-	register struct hostent *hp;
+	register struct hostent *hp = NULL;
 	char *cp;
 
-	hp = sm_gethostbyname(name);
+	hp = sm_gethostbyname(name, InetMode);
+	if (hp == NULL && InetMode != AF_INET)
+		hp = sm_gethostbyname(name, AF_INET);
 	if (hp == NULL)
 	{
+# if NAMED_BIND
+		if (tTd(9, 1))
+			dprintf("FAIL (%d)\n", h_errno);
+		switch (h_errno)
+		{
+		  case TRY_AGAIN:
+			if (UseNameServer)
+			{
+				CurEnv->e_status = "4.4.3";
+				message("851 %s: Name server timeout",
+					shortenstring(name, 33));
+			}
+			*statp = EX_TEMPFAIL;
+			break;
+
+		  case HOST_NOT_FOUND:
+		  case NO_DATA:
+			*statp = EX_NOHOST;
+			break;
+
+		  case NO_RECOVERY:
+			*statp = EX_SOFTWARE;
+			break;
+
+		  default:
+			*statp = EX_UNAVAILABLE;
+			break;
+		}
+#else /* NAMED_BIND */
 		*statp = EX_NOHOST;
+#endif /* NAMED_BIND */
 		return NULL;
 	}
 	if (bitset(MF_MATCHONLY, map->map_mflags))
@@ -1989,6 +3197,14 @@ host_map_init(map, args)
 		  case 't':
 			map->map_mflags |= MF_NODEFER;
 			break;
+
+		  case 'S':	/* only for consistency */
+			map->map_spacesub = *++p;
+			break;
+
+		  case 'D':
+			map->map_mflags |= MF_DEFER;
+			break;
 		}
 		while (*p != '\0' && !(isascii(*p) && isspace(*p)))
 			p++;
@@ -2001,6 +3217,36 @@ host_map_init(map, args)
 		map->map_tapp = newstr(map->map_tapp);
 	return TRUE;
 }
+
+#if NETINET6
+/*
+**  ANYNET_NTOP -- convert an IPv6 network address to printable form.
+**
+**	Parameters:
+**		s6a -- a pointer to an in6_addr structure.
+**		dst -- buffer to store result in
+**		dst_len -- size of dst buffer
+**
+**	Returns:
+**		A printable version of that structure.
+*/
+char *
+anynet_ntop(s6a, dst, dst_len)
+	struct in6_addr *s6a;
+	char *dst;
+	size_t dst_len;
+{
+	register char *ap;
+
+	if (IN6_IS_ADDR_V4MAPPED(s6a))
+		ap = (char *) inet_ntop(AF_INET,
+					&s6a->s6_addr[IN6ADDRSZ - INADDRSZ],
+					dst, dst_len);
+	else
+		ap = (char *) inet_ntop(AF_INET6, s6a, dst, dst_len);
+	return ap;
+}
+#endif /* NETINET6 */
 /*
 **  ANYNET_NTOA -- convert a network address to printable form.
 **
@@ -2013,9 +3259,9 @@ host_map_init(map, args)
 
 #ifdef USE_SOCK_STREAM
 
-#if NETLINK
-# include <net/if_dl.h>
-#endif
+# if NETLINK
+#  include <net/if_dl.h>
+# endif /* NETLINK */
 
 char *
 anynet_ntoa(sap)
@@ -2034,27 +3280,35 @@ anynet_ntoa(sap)
 
 	switch (sap->sa.sa_family)
 	{
-#if NETUNIX
+# if NETUNIX
 	  case AF_UNIX:
-	  	if (sap->sunix.sun_path[0] != '\0')
-	  		snprintf(buf, sizeof buf, "[UNIX: %.64s]",
+		if (sap->sunix.sun_path[0] != '\0')
+			snprintf(buf, sizeof buf, "[UNIX: %.64s]",
 				sap->sunix.sun_path);
-	  	else
-	  		snprintf(buf, sizeof buf, "[UNIX: localhost]");
+		else
+			snprintf(buf, sizeof buf, "[UNIX: localhost]");
 		return buf;
-#endif
+# endif /* NETUNIX */
 
-#if NETINET
+# if NETINET
 	  case AF_INET:
-		return inet_ntoa(sap->sin.sin_addr);
-#endif
+		return (char *) inet_ntoa(sap->sin.sin_addr);
+# endif /* NETINET */
+
+# if NETINET6
+	  case AF_INET6:
+		ap = anynet_ntop(&sap->sin6.sin6_addr, buf, sizeof buf);
+		if (ap != NULL)
+			return ap;
+		break;
+# endif /* NETINET6 */
 
-#if NETLINK
+# if NETLINK
 	  case AF_LINK:
 		snprintf(buf, sizeof buf, "[LINK: %s]",
 			link_ntoa((struct sockaddr_dl *) &sap->sa));
 		return buf;
-#endif
+# endif /* NETLINK */
 	  default:
 		/* this case is needed when nothing is #defined */
 		/* in order to keep the switch syntactically correct */
@@ -2091,37 +3345,51 @@ hostnamebyanyaddr(sap)
 	register SOCKADDR *sap;
 {
 	register struct hostent *hp;
+# if NAMED_BIND
 	int saveretry;
+# endif /* NAMED_BIND */
+# if NETINET6
+	struct in6_addr in6_addr;
+# endif /* NETINET6 */
 
-#if NAMED_BIND
+# if NAMED_BIND
 	/* shorten name server timeout to avoid higher level timeouts */
 	saveretry = _res.retry;
-	_res.retry = 3;
-#endif /* NAMED_BIND */
+	if (_res.retry * _res.retrans > 20)
+		_res.retry = 20 / _res.retrans;
+# endif /* NAMED_BIND */
 
 	switch (sap->sa.sa_family)
 	{
-#if NETINET
+# if NETINET
 	  case AF_INET:
 		hp = sm_gethostbyaddr((char *) &sap->sin.sin_addr,
 			INADDRSZ,
 			AF_INET);
 		break;
-#endif
+# endif /* NETINET */
 
-#if NETISO
+# if NETINET6
+	  case AF_INET6:
+		hp = sm_gethostbyaddr((char *) &sap->sin6.sin6_addr,
+				      IN6ADDRSZ,
+				      AF_INET6);
+		break;
+# endif /* NETINET6 */
+
+# if NETISO
 	  case AF_ISO:
 		hp = sm_gethostbyaddr((char *) &sap->siso.siso_addr,
 			sizeof sap->siso.siso_addr,
 			AF_ISO);
 		break;
-#endif
+# endif /* NETISO */
 
-#if NETUNIX
+# if NETUNIX
 	  case AF_UNIX:
 		hp = NULL;
 		break;
-#endif
+# endif /* NETUNIX */
 
 	  default:
 		hp = sm_gethostbyaddr(sap->sa.sa_data,
@@ -2130,25 +3398,30 @@ hostnamebyanyaddr(sap)
 		break;
 	}
 
-#if NAMED_BIND
+# if NAMED_BIND
 	_res.retry = saveretry;
-#endif /* NAMED_BIND */
-
-	if (hp != NULL && hp->h_name[0] != '[' &&
-	    inet_addr(hp->h_name) == INADDR_NONE)
+# endif /* NAMED_BIND */
+
+# if NETINET || NETINET6
+	if (hp != NULL && hp->h_name[0] != '['
+#  if NETINET6
+	    && inet_pton(AF_INET6, hp->h_name, &in6_addr) != 1
+#  endif /* NETINET6 */
+#  if NETINET
+	    && inet_addr(hp->h_name) == INADDR_NONE
+#  endif /* NETINET */
+	    )
 		return denlstring((char *) hp->h_name, TRUE, TRUE);
-#if NETUNIX
-	else if (sap->sa.sa_family == AF_UNIX && sap->sunix.sun_path[0] == '\0')
+# endif /* NETINET || NETINET6 */
+# if NETUNIX
+	if (sap->sa.sa_family == AF_UNIX && sap->sunix.sun_path[0] == '\0')
 		return "localhost";
-#endif
-	else
+# endif /* NETUNIX */
 	{
-		/* produce a dotted quad */
 		static char buf[203];
 
 		(void) snprintf(buf, sizeof buf, "[%.200s]", anynet_ntoa(sap));
 		return buf;
 	}
 }
-
-#endif /* SOCK_STREAM */
+#endif /* USE_SOCK_STREAM */
diff --git a/contrib/sendmail/src/deliver.c b/contrib/sendmail/src/deliver.c
index ed03328..d1907d4 100644
--- a/contrib/sendmail/src/deliver.c
+++ b/contrib/sendmail/src/deliver.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,23 +12,33 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)deliver.c	8.367 (Berkeley) 1/18/1999";
-#endif /* not lint */
+static char id[] = "@(#)$Id: deliver.c,v 8.600.2.1.2.31 2000/07/18 02:24:43 gshapiro Exp $";
+#endif /* ! lint */
+
+#include <sendmail.h>
 
-#include "sendmail.h"
-#include <errno.h>
-#include <grp.h>
-#if NAMED_BIND
-#include <resolv.h>
-#endif
 
 #if HASSETUSERCONTEXT
 # include <login_cap.h>
-#endif
+#endif /* HASSETUSERCONTEXT */
+
+#if STARTTLS || (SASL && SFIO)
+# include "sfsasl.h"
+#endif /* STARTTLS || (SASL && SFIO) */
+
+static int	deliver __P((ENVELOPE *, ADDRESS *));
+static void	dup_queue_file __P((ENVELOPE *, ENVELOPE *, int));
+static void	mailfiletimeout __P((void));
+static void	markfailure __P((ENVELOPE *, ADDRESS *, MCI *, int, bool));
+static int	parse_hostsignature __P((char *, char **, MAILER *));
+static void	sendenvelope __P((ENVELOPE *, int));
+static char	*hostsignature __P((MAILER *, char *));
 
 #if SMTP
-extern char	SmtpError[];
-#endif
+# if STARTTLS
+static int	starttls __P((MAILER *, MCI *, ENVELOPE *));
+# endif /* STARTTLS */
+#endif /* SMTP */
 
 /*
 **  SENDALL -- actually send all the messages.
@@ -55,12 +66,12 @@ sendall(e, mode)
 	register ADDRESS *q;
 	char *owner;
 	int otherowners;
+	int save_errno;
 	register ENVELOPE *ee;
 	ENVELOPE *splitenv = NULL;
 	int oldverbose = Verbose;
 	bool somedeliveries = FALSE, expensive = FALSE;
 	pid_t pid;
-	void sendenvelope __P((ENVELOPE *, int));
 
 	/*
 	**  If this message is to be discarded, don't bother sending
@@ -70,7 +81,7 @@ sendall(e, mode)
 	if (bitset(EF_DISCARD, e->e_flags))
 	{
 		if (tTd(13, 1))
-			printf("sendall: discarding id %s\n", e->e_id);
+			dprintf("sendall: discarding id %s\n", e->e_id);
 		e->e_flags |= EF_CLRQUEUE;
 		if (LogLevel > 4)
 			sm_syslog(LOG_INFO, e->e_id, "discarded");
@@ -103,14 +114,12 @@ sendall(e, mode)
 
 	if (tTd(13, 1))
 	{
-		extern void printenvflags __P((ENVELOPE *));
-
-		printf("\n===== SENDALL: mode %c, id %s, e_from ",
+		dprintf("\n===== SENDALL: mode %c, id %s, e_from ",
 			mode, e->e_id);
 		printaddr(&e->e_from, FALSE);
-		printf("\te_flags = ");
+		dprintf("\te_flags = ");
 		printenvflags(e);
-		printf("sendqueue:\n");
+		dprintf("sendqueue:\n");
 		printaddr(e->e_sendqueue, TRUE);
 	}
 
@@ -129,34 +138,41 @@ sendall(e, mode)
 		errno = 0;
 #if QUEUE
 		queueup(e, mode == SM_QUEUE || mode == SM_DEFER);
-#endif
+#endif /* QUEUE */
 		e->e_flags |= EF_FATALERRS|EF_PM_NOTIFY|EF_CLRQUEUE;
-		syserr("554 Too many hops %d (%d max): from %s via %s, to %s",
+		ExitStat = EX_UNAVAILABLE;
+		syserr("554 5.0.0 Too many hops %d (%d max): from %s via %s, to %s",
 			e->e_hopcount, MaxHopCount, e->e_from.q_paddr,
 			RealHostName == NULL ? "localhost" : RealHostName,
 			e->e_sendqueue->q_paddr);
-		e->e_sendqueue->q_status = "5.4.6";
+		for (q = e->e_sendqueue; q != NULL; q = q->q_next)
+		{
+			if (QS_IS_DEAD(q->q_state))
+				continue;
+			q->q_state = QS_BADADDR;
+			q->q_status = "5.4.6";
+		}
 		return;
 	}
 
 	/*
 	**  Do sender deletion.
 	**
-	**	If the sender has the QQUEUEUP flag set, skip this.
+	**	If the sender should be queued up, skip this.
 	**	This can happen if the name server is hosed when you
 	**	are trying to send mail.  The result is that the sender
 	**	is instantiated in the queue as a recipient.
 	*/
 
 	if (!bitset(EF_METOO, e->e_flags) &&
-	    !bitset(QQUEUEUP, e->e_from.q_flags))
+	    !QS_IS_QUEUEUP(e->e_from.q_state))
 	{
 		if (tTd(13, 5))
 		{
-			printf("sendall: QDONTSEND ");
+			dprintf("sendall: QS_SENDER ");
 			printaddr(&e->e_from, FALSE);
 		}
-		e->e_from.q_flags |= QDONTSEND;
+		e->e_from.q_state = QS_SENDER;
 		(void) recipient(&e->e_from, &e->e_sendqueue, 0, e);
 	}
 
@@ -177,14 +193,14 @@ sendall(e, mode)
 			q->q_owner = a->q_owner;
 
 		if (q->q_owner != NULL &&
-		    !bitset(QDONTSEND, q->q_flags) &&
+		    !QS_IS_DEAD(q->q_state) &&
 		    strcmp(q->q_owner, e->e_from.q_paddr) == 0)
 			q->q_owner = NULL;
 	}
 
 	if (tTd(13, 25))
 	{
-		printf("\nAfter first owner pass, sendq =\n");
+		dprintf("\nAfter first owner pass, sendq =\n");
 		printaddr(e->e_sendqueue, TRUE);
 	}
 
@@ -193,7 +209,7 @@ sendall(e, mode)
 	while (owner != NULL && otherowners > 0)
 	{
 		if (tTd(13, 28))
-			printf("owner = \"%s\", otherowners = %d\n",
+			dprintf("owner = \"%s\", otherowners = %d\n",
 				owner, otherowners);
 		owner = NULL;
 		otherowners = bitset(EF_SENDRECEIPT, e->e_flags) ? 1 : 0;
@@ -202,18 +218,18 @@ sendall(e, mode)
 		{
 			if (tTd(13, 30))
 			{
-				printf("Checking ");
+				dprintf("Checking ");
 				printaddr(q, FALSE);
 			}
-			if (bitset(QDONTSEND, q->q_flags))
+			if (QS_IS_DEAD(q->q_state))
 			{
 				if (tTd(13, 30))
-					printf("    ... QDONTSEND\n");
+					dprintf("    ... QS_IS_DEAD\n");
 				continue;
 			}
 			if (tTd(13, 29) && !tTd(13, 30))
 			{
-				printf("Checking ");
+				dprintf("Checking ");
 				printaddr(q, FALSE);
 			}
 
@@ -222,7 +238,7 @@ sendall(e, mode)
 				if (owner == NULL)
 				{
 					if (tTd(13, 40))
-						printf("    ... First owner = \"%s\"\n",
+						dprintf("    ... First owner = \"%s\"\n",
 							q->q_owner);
 					owner = q->q_owner;
 				}
@@ -231,7 +247,7 @@ sendall(e, mode)
 					if (strcmp(owner, q->q_owner) == 0)
 					{
 						if (tTd(13, 40))
-							printf("    ... Same owner = \"%s\"\n",
+							dprintf("    ... Same owner = \"%s\"\n",
 								owner);
 
 						/* make future comparisons cheap */
@@ -240,23 +256,69 @@ sendall(e, mode)
 					else
 					{
 						if (tTd(13, 40))
-							printf("    ... Another owner \"%s\"\n",
+							dprintf("    ... Another owner \"%s\"\n",
 								q->q_owner);
 						otherowners++;
 					}
 					owner = q->q_owner;
 				}
 				else if (tTd(13, 40))
-					printf("    ... Same owner = \"%s\"\n",
+					dprintf("    ... Same owner = \"%s\"\n",
 						owner);
 			}
 			else
 			{
 				if (tTd(13, 40))
-					printf("    ... Null owner\n");
+					dprintf("    ... Null owner\n");
 				otherowners++;
 			}
 
+			if (QS_IS_BADADDR(q->q_state))
+			{
+				if (tTd(13, 30))
+					dprintf("    ... QS_IS_BADADDR\n");
+				continue;
+			}
+
+			if (QS_IS_QUEUEUP(q->q_state))
+			{
+				MAILER *m = q->q_mailer;
+
+				/*
+				**  If we have temporary address failures
+				**  (e.g., dns failure) and a fallback MX is
+				**  set, send directly to the fallback MX host.
+				*/
+
+				if (FallBackMX != NULL &&
+				    !wordinclass(FallBackMX, 'w') &&
+				    mode != SM_VERIFY &&
+				    (strcmp(m->m_mailer, "[IPC]") == 0 ||
+				     strcmp(m->m_mailer, "[TCP]") == 0) &&
+				    m->m_argv[0] != NULL &&
+				    (strcmp(m->m_argv[0], "TCP") == 0 ||
+				     strcmp(m->m_argv[0], "IPC") == 0))
+				{
+					int len;
+					char *p;
+
+					if (tTd(13, 30))
+						dprintf("    ... FallBackMX\n");
+
+					len = strlen(FallBackMX) + 3;
+					p = xalloc(len);
+					snprintf(p, len, "[%s]", FallBackMX);
+					q->q_state = QS_OK;
+					q->q_host = p;
+				}
+				else
+				{
+					if (tTd(13, 30))
+						dprintf("    ... QS_IS_QUEUEUP\n");
+					continue;
+				}
+			}
+
 			/*
 			**  If this mailer is expensive, and if we don't
 			**  want to make connections now, just mark these
@@ -266,45 +328,46 @@ sendall(e, mode)
 			**  daemon will come along to send the messages later.
 			*/
 
-			if (bitset(QBADADDR|QQUEUEUP, q->q_flags))
+			if (NoConnect && !Verbose &&
+			    bitnset(M_EXPENSIVE, q->q_mailer->m_flags))
 			{
 				if (tTd(13, 30))
-					printf("    ... QBADADDR|QQUEUEUP\n");
-				continue;
+					dprintf("    ... expensive\n");
+				q->q_state = QS_QUEUEUP;
+				expensive = TRUE;
 			}
-			if (NoConnect && !Verbose &&
-			    bitnset(M_EXPENSIVE, q->q_mailer->m_flags))
+			else if (bitnset(M_HOLD, q->q_mailer->m_flags) &&
+				 QueueLimitId == NULL &&
+				 QueueLimitSender == NULL &&
+				 QueueLimitRecipient == NULL)
 			{
 				if (tTd(13, 30))
-					printf("    ... expensive\n");
-				q->q_flags |= QQUEUEUP;
+					dprintf("    ... hold\n");
+				q->q_state = QS_QUEUEUP;
 				expensive = TRUE;
 			}
 			else
 			{
 				if (tTd(13, 30))
-					printf("    ... deliverable\n");
+					dprintf("    ... deliverable\n");
 				somedeliveries = TRUE;
 			}
 		}
 
 		if (owner != NULL && otherowners > 0)
 		{
-			extern HDR *copyheader __P((HDR *));
-			extern ADDRESS *copyqueue __P((ADDRESS *));
-			extern void dup_queue_file __P((ENVELOPE *, ENVELOPE *, int));
-
 			/*
 			**  Split this envelope into two.
 			*/
 
-			ee = (ENVELOPE *) xalloc(sizeof(ENVELOPE));
+			ee = (ENVELOPE *) xalloc(sizeof *ee);
 			*ee = *e;
+			ee->e_message = NULL;
 			ee->e_id = NULL;
-			(void) queuename(ee, '\0');
+			assign_queueid(ee);
 
 			if (tTd(13, 1))
-				printf("sendall: split %s into %s, owner = \"%s\", otherowners = %d\n",
+				dprintf("sendall: split %s into %s, owner = \"%s\", otherowners = %d\n",
 					e->e_id, ee->e_id, owner, otherowners);
 
 			ee->e_header = copyheader(e->e_header);
@@ -315,24 +378,26 @@ sendall(e, mode)
 			setsender(owner, ee, NULL, '\0', TRUE);
 			if (tTd(13, 5))
 			{
-				printf("sendall(split): QDONTSEND ");
+				dprintf("sendall(split): QS_SENDER ");
 				printaddr(&ee->e_from, FALSE);
 			}
-			ee->e_from.q_flags |= QDONTSEND;
+			ee->e_from.q_state = QS_SENDER;
 			ee->e_dfp = NULL;
+			ee->e_lockfp = NULL;
 			ee->e_xfp = NULL;
+			ee->e_queuedir = e->e_queuedir;
 			ee->e_errormode = EM_MAIL;
 			ee->e_sibling = splitenv;
+			ee->e_statmsg = NULL;
 			splitenv = ee;
 
 			for (q = e->e_sendqueue; q != NULL; q = q->q_next)
 			{
 				if (q->q_owner == owner)
 				{
-					q->q_flags |= QDONTSEND;
-					q->q_flags &= ~(QQUEUEUP|QBADADDR);
+					q->q_state = QS_CLONED;
 					if (tTd(13, 6))
-						printf("\t... stripping %s from original envelope\n",
+						dprintf("\t... stripping %s from original envelope\n",
 							q->q_paddr);
 				}
 			}
@@ -340,10 +405,9 @@ sendall(e, mode)
 			{
 				if (q->q_owner != owner)
 				{
-					q->q_flags |= QDONTSEND;
-					q->q_flags &= ~(QQUEUEUP|QBADADDR);
+					q->q_state = QS_CLONED;
 					if (tTd(13, 6))
-						printf("\t... dropping %s from cloned envelope\n",
+						dprintf("\t... dropping %s from cloned envelope\n",
 							q->q_paddr);
 				}
 				else
@@ -352,18 +416,32 @@ sendall(e, mode)
 					q->q_flags &= ~(QHASNOTIFY|Q_PINGFLAGS);
 					q->q_flags |= DefaultNotify & ~QPINGONSUCCESS;
 					if (tTd(13, 6))
-						printf("\t... moving %s to cloned envelope\n",
+						dprintf("\t... moving %s to cloned envelope\n",
 							q->q_paddr);
 				}
 			}
 
 			if (mode != SM_VERIFY && bitset(EF_HAS_DF, e->e_flags))
 				dup_queue_file(e, ee, 'd');
-			openxscript(ee);
+
+			/*
+			**  Give the split envelope access to the parent
+			**  transcript file for errors obtained while
+			**  processing the recipients (done before the
+			**  envelope splitting).
+			*/
+
+			if (e->e_xfp != NULL)
+				ee->e_xfp = bfdup(e->e_xfp);
+
+			/* failed to dup e->e_xfp, start a new transcript */
+			if (ee->e_xfp == NULL)
+				openxscript(ee);
+
 			if (mode != SM_VERIFY && LogLevel > 4)
 				sm_syslog(LOG_INFO, ee->e_id,
-					"clone %s, owner=%s",
-					e->e_id, owner);
+					  "clone %s, owner=%s",
+					  e->e_id, owner);
 		}
 	}
 
@@ -372,10 +450,10 @@ sendall(e, mode)
 		setsender(owner, e, NULL, '\0', TRUE);
 		if (tTd(13, 5))
 		{
-			printf("sendall(owner): QDONTSEND ");
+			dprintf("sendall(owner): QS_SENDER ");
 			printaddr(&e->e_from, FALSE);
 		}
-		e->e_from.q_flags |= QDONTSEND;
+		e->e_from.q_state = QS_SENDER;
 		e->e_errormode = EM_MAIL;
 		e->e_flags |= EF_NORECEIPT;
 		e->e_flags &= ~EF_FATALERRS;
@@ -386,7 +464,7 @@ sendall(e, mode)
 	    mode != SM_VERIFY)
 	{
 		if (tTd(13, 29))
-			printf("No deliveries: auto-queuing\n");
+			dprintf("No deliveries: auto-queuing\n");
 		mode = SM_QUEUE;
 
 		/* treat this as a delivery in terms of counting tries */
@@ -401,7 +479,7 @@ sendall(e, mode)
 		}
 	}
 
-# if QUEUE
+#if QUEUE
 	if ((mode == SM_QUEUE || mode == SM_DEFER || mode == SM_FORK ||
 	     (mode != SM_VERIFY && SuperSafe)) &&
 	    (!bitset(EF_INQUEUE, e->e_flags) || splitenv != NULL))
@@ -422,20 +500,20 @@ sendall(e, mode)
 
 	if (tTd(13, 20))
 	{
-		printf("sendall: final mode = %c\n", mode);
+		dprintf("sendall: final mode = %c\n", mode);
 		if (tTd(13, 21))
 		{
-			printf("\n================ Final Send Queue(s) =====================\n");
-			printf("\n  *** Envelope %s, e_from=%s ***\n",
+			dprintf("\n================ Final Send Queue(s) =====================\n");
+			dprintf("\n  *** Envelope %s, e_from=%s ***\n",
 				e->e_id, e->e_from.q_paddr);
 			printaddr(e->e_sendqueue, TRUE);
 			for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
 			{
-				printf("\n  *** Envelope %s, e_from=%s ***\n",
+				dprintf("\n  *** Envelope %s, e_from=%s ***\n",
 					ee->e_id, ee->e_from.q_paddr);
 				printaddr(ee->e_sendqueue, TRUE);
 			}
-			printf("==========================================================\n\n");
+			dprintf("==========================================================\n\n");
 		}
 	}
 	switch (mode)
@@ -446,9 +524,9 @@ sendall(e, mode)
 
 	  case SM_QUEUE:
 	  case SM_DEFER:
-# if HASFLOCK
+#if HASFLOCK
   queueonly:
-# endif
+#endif /* HASFLOCK */
 		if (e->e_nrcpts > 0)
 			e->e_flags |= EF_INQUEUE;
 		dropenvelope(e, splitenv != NULL);
@@ -464,7 +542,7 @@ sendall(e, mode)
 		if (e->e_xfp != NULL)
 			(void) fflush(e->e_xfp);
 
-# if !HASFLOCK
+#if !HASFLOCK
 		/*
 		**  Since fcntl locking has the interesting semantic that
 		**  the lock is owned by a process, not by an open file
@@ -497,36 +575,49 @@ sendall(e, mode)
 			ee->e_id = qid;
 		}
 
-# endif /* !HASFLOCK */
+#endif /* !HASFLOCK */
+
+		/*
+		**  Since the delivery may happen in a child and the parent
+		**  does not wait, the parent may close the maps thereby
+		**  removing any shared memory used by the map.  Therefore,
+		**  close the maps now so the child will dynamically open
+		**  them if necessary.
+		*/
+
+		closemaps();
 
 		pid = fork();
 		if (pid < 0)
 		{
-# if HASFLOCK
+			syserr("deliver: fork 1");
+#if HASFLOCK
 			goto queueonly;
-# else
+#else /* HASFLOCK */
 			e->e_id = NULL;
 			for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
 				ee->e_id = NULL;
 			return;
-# endif /* HASFLOCK */
+#endif /* HASFLOCK */
 		}
 		else if (pid > 0)
 		{
-# if HASFLOCK
+#if HASFLOCK
 			/* be sure we leave the temp files to our child */
 			/* close any random open files in the envelope */
 			closexscript(e);
 			if (e->e_dfp != NULL)
-				(void) xfclose(e->e_dfp, "sendenvelope dfp", e->e_id);
+				(void) bfclose(e->e_dfp);
 			e->e_dfp = NULL;
 			e->e_flags &= ~EF_HAS_DF;
 
 			/* can't call unlockqueue to avoid unlink of xfp */
 			if (e->e_lockfp != NULL)
-				(void) xfclose(e->e_lockfp, "sendenvelope lockfp", e->e_id);
+				(void) fclose(e->e_lockfp);
+			else
+				syserr("%s: sendall: null lockfp", e->e_id);
 			e->e_lockfp = NULL;
-# endif
+#endif /* HASFLOCK */
 
 			/* make sure the parent doesn't own the envelope */
 			e->e_id = NULL;
@@ -540,18 +631,22 @@ sendall(e, mode)
 		pid = fork();
 		if (pid > 0)
 			exit(EX_OK);
+		save_errno = errno;
 
 		/* be sure we are immune from the terminal */
 		disconnect(2, e);
+		clearstats();
 
 		/* prevent parent from waiting if there was an error */
 		if (pid < 0)
 		{
-# if HASFLOCK
+			errno = save_errno;
+			syserr("deliver: fork 2");
+#if HASFLOCK
 			e->e_flags |= EF_INQUEUE;
-# else
+#else /* HASFLOCK */
 			e->e_id = NULL;
-# endif /* HASFLOCK */
+#endif /* HASFLOCK */
 			finis(TRUE, ExitStat);
 		}
 
@@ -570,18 +665,9 @@ sendall(e, mode)
 
 		mci_flush(FALSE, NULL);
 
-		/*
-		**  Since the delivery may happen in a child and the parent
-		**  does not wait, the parent may close the maps thereby
-		**  removing any shared memory used by the map.  Therefore,
-		**  open a copy of the maps for the delivery process.
-		*/
-
-		initmaps(FALSE, e);
-
-# if HASFLOCK
+#if HASFLOCK
 		break;
-# else
+#else /* HASFLOCK */
 
 		/*
 		**  Now reacquire and run the various queue files.
@@ -591,12 +677,14 @@ sendall(e, mode)
 		{
 			ENVELOPE *sibling = ee->e_sibling;
 
-			(void) dowork(ee->e_id, FALSE, FALSE, ee);
+			(void) dowork(ee->e_queuedir, ee->e_id,
+				      FALSE, FALSE, ee);
 			ee->e_sibling = sibling;
 		}
-		(void) dowork(e->e_id, FALSE, FALSE, e);
+		(void) dowork(e->e_queuedir, e->e_id,
+			      FALSE, FALSE, e);
 		finis(TRUE, ExitStat);
-# endif /* !HASFLOCK */
+#endif /* HASFLOCK */
 	}
 
 	sendenvelope(e, mode);
@@ -616,7 +704,7 @@ sendall(e, mode)
 		finis(TRUE, ExitStat);
 }
 
-void
+static void
 sendenvelope(e, mode)
 	register ENVELOPE *e;
 	int mode;
@@ -625,13 +713,13 @@ sendenvelope(e, mode)
 	bool didany;
 
 	if (tTd(13, 10))
-		printf("sendenvelope(%s) e_flags=0x%lx\n",
+		dprintf("sendenvelope(%s) e_flags=0x%lx\n",
 			e->e_id == NULL ? "[NOQUEUE]" : e->e_id,
 			e->e_flags);
 	if (LogLevel > 80)
 		sm_syslog(LOG_DEBUG, e->e_id,
-			"sendenvelope, flags=0x%x",
-			e->e_flags);
+			  "sendenvelope, flags=0x%lx",
+			  e->e_flags);
 
 	/*
 	**  If we have had global, fatal errors, don't bother sending
@@ -647,6 +735,11 @@ sendenvelope(e, mode)
 		return;
 	}
 
+	/* Don't attempt deliveries if we want to bounce now */
+	if (!bitset(EF_RESPONSE, e->e_flags) &&
+	    TimeOuts.to_q_return[e->e_timeoutclass] == NOW)
+		return;
+
 	/*
 	**  Run through the list and send everything.
 	**
@@ -656,6 +749,7 @@ sendenvelope(e, mode)
 
 	e->e_nsent = 0;
 	e->e_flags |= EF_GLOBALERRS;
+
 	define(macid("{envid}", NULL), e->e_envid, e);
 	define(macid("{bodytype}", NULL), e->e_bodytype, e);
 	didany = FALSE;
@@ -669,11 +763,11 @@ sendenvelope(e, mode)
 		(void) snprintf(wbuf, sizeof wbuf, "sendall(%.*s)",
 			MAXNAME, q->q_paddr);
 		checkfd012(wbuf);
-#endif
+#endif /* XDEBUG */
 		if (mode == SM_VERIFY)
 		{
 			e->e_to = q->q_paddr;
-			if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
+			if (QS_IS_SENDABLE(q->q_state))
 			{
 				if (q->q_host != NULL && q->q_host[0] != '\0')
 					message("deliverable: mailer %s, host %s, user %s",
@@ -686,11 +780,9 @@ sendenvelope(e, mode)
 						q->q_user);
 			}
 		}
-		else if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
+		else if (QS_IS_OK(q->q_state))
 		{
-			extern int deliver __P((ENVELOPE *, ADDRESS *));
-
-# if QUEUE
+#if QUEUE
 			/*
 			**  Checkpoint the send list every few addresses
 			*/
@@ -700,7 +792,7 @@ sendenvelope(e, mode)
 				queueup(e, FALSE);
 				e->e_nsent = 0;
 			}
-# endif /* QUEUE */
+#endif /* QUEUE */
 			(void) deliver(e, q);
 			didany = TRUE;
 		}
@@ -713,7 +805,7 @@ sendenvelope(e, mode)
 
 #if XDEBUG
 	checkfd012("end of sendenvelope");
-#endif
+#endif /* XDEBUG */
 }
 /*
 **  DUP_QUEUE_FILE -- duplicate a queue file into a split queue
@@ -727,35 +819,40 @@ sendenvelope(e, mode)
 **		none
 */
 
-void
+static void
 dup_queue_file(e, ee, type)
 	struct envelope *e, *ee;
 	int type;
 {
-	char f1buf[MAXQFNAME], f2buf[MAXQFNAME];
+	char f1buf[MAXPATHLEN], f2buf[MAXPATHLEN];
 
 	ee->e_dfp = NULL;
 	ee->e_xfp = NULL;
+
+	/*
+	**  Make sure both are in the same directory.
+	*/
+
 	snprintf(f1buf, sizeof f1buf, "%s", queuename(e, type));
 	snprintf(f2buf, sizeof f2buf, "%s", queuename(ee, type));
 	if (link(f1buf, f2buf) < 0)
 	{
-		int saverrno = errno;
+		int save_errno = errno;
 
 		syserr("sendall: link(%s, %s)", f1buf, f2buf);
-		if (saverrno == EEXIST)
+		if (save_errno == EEXIST)
 		{
 			if (unlink(f2buf) < 0)
 			{
 				syserr("!sendall: unlink(%s): permanent",
 					f2buf);
-				/*NOTREACHED*/
+				/* NOTREACHED */
 			}
 			if (link(f1buf, f2buf) < 0)
 			{
 				syserr("!sendall: link(%s, %s): permanent",
 					f1buf, f2buf);
-				/*NOTREACHED*/
+				/* NOTREACHED */
 			}
 		}
 	}
@@ -782,13 +879,13 @@ dup_queue_file(e, ee, type)
 **		vfork for you.....
 */
 
-# define NFORKTRIES	5
+#define NFORKTRIES	5
 
-# ifndef FORK
+#ifndef FORK
 # define FORK	fork
-# endif
+#endif /* ! FORK */
 
-# define DOFORK(fORKfN) \
+#define DOFORK(fORKfN) \
 {\
 	register int i;\
 \
@@ -798,7 +895,7 @@ dup_queue_file(e, ee, type)
 		if (pid >= 0)\
 			break;\
 		if (i > 0)\
-			sleep((unsigned) NFORKTRIES - i);\
+			(void) sleep((unsigned) NFORKTRIES - i);\
 	}\
 }
 /*
@@ -822,7 +919,7 @@ dofork()
 	register pid_t pid = -1;
 
 	DOFORK(fork);
-	return (pid);
+	return pid;
 }
 /*
 **  DELIVER -- Deliver a message to a list of addresses.
@@ -848,12 +945,12 @@ dofork()
 
 #ifndef NO_UID
 # define NO_UID		-1
-#endif
+#endif /* ! NO_UID */
 #ifndef NO_GID
 # define NO_GID		-1
-#endif
+#endif /* ! NO_GID */
 
-int
+static int
 deliver(e, firstto)
 	register ENVELOPE *e;
 	ADDRESS *firstto;
@@ -872,49 +969,52 @@ deliver(e, firstto)
 	ADDRESS *volatile tochain = NULL; /* users chain in this mailer call */
 	int rcode;			/* response code */
 	int lmtp_rcode = EX_OK;
+	int nummxhosts = 0;		/* number of MX hosts available */
+	int hostnum = 0;		/* current MX host index */
 	char *firstsig;			/* signature of firstto */
 	pid_t pid = -1;
 	char *volatile curhost;
 	register u_short port = 0;
+#if NETUNIX
+	char *mux_path = NULL;		/* path to UNIX domain socket */
+#endif /* NETUNIX */
 	time_t xstart;
 	bool suidwarn;
 	bool anyok;			/* at least one address was OK */
 	bool goodmxfound = FALSE;	/* at least one MX was OK */
+	bool ovr;
+#if _FFR_DYNAMIC_TOBUF
+	int strsize;
+	int rcptcount;
+	static int tobufsize = 0;
+	static char *tobuf = NULL;
+#else /* _FFR_DYNAMIC_TOBUF */
+	char tobuf[TOBUFSIZE];		/* text line of to people */
+#endif /* _FFR_DYNAMIC_TOBUF */
 	int mpvect[2];
 	int rpvect[2];
-	char *pv[MAXPV+1];
-	char tobuf[TOBUFSIZE];		/* text line of to people */
+	char *mxhosts[MAXMXHOSTS + 1];
+	char *pv[MAXPV + 1];
 	char buf[MAXNAME + 1];
 	char rpathbuf[MAXNAME + 1];	/* translated return path */
-	extern int checkcompat __P((ADDRESS *, ENVELOPE *));
-	extern void markfailure __P((ENVELOPE *, ADDRESS *, MCI *, int));
 
 	errno = 0;
-	if (bitset(QDONTSEND|QBADADDR|QQUEUEUP, to->q_flags))
-		return (0);
+	if (!QS_IS_OK(to->q_state))
+		return 0;
 
 	suidwarn = geteuid() == 0;
 
-#if NAMED_BIND
-	/* unless interactive, try twice, over a minute */
-	if (OpMode == MD_DAEMON || OpMode == MD_SMTP)
-	{
-		_res.retrans = 30;
-		_res.retry = 2;
-	}
-#endif
-
 	m = to->q_mailer;
 	host = to->q_host;
 	CurEnv = e;			/* just in case */
 	e->e_statmsg = NULL;
 #if SMTP
 	SmtpError[0] = '\0';
-#endif
+#endif /* SMTP */
 	xstart = curtime();
 
 	if (tTd(10, 1))
-		printf("\n--deliver, id=%s, mailer=%s, host=`%s', first user=`%s'\n",
+		dprintf("\n--deliver, id=%s, mailer=%s, host=`%s', first user=`%s'\n",
 			e->e_id, m->m_name, host, to->q_user);
 	if (tTd(10, 100))
 		printopenfds(FALSE);
@@ -923,14 +1023,14 @@ deliver(e, firstto)
 	**  Clear $&{client_*} macros if this is a bounce message to
 	**  prevent rejection by check_compat ruleset.
 	*/
-	
+
 	if (bitset(EF_RESPONSE, e->e_flags))
 	{
 		define(macid("{client_name}", NULL), "", e);
 		define(macid("{client_addr}", NULL), "", e);
 		define(macid("{client_port}", NULL), "", e);
 	}
-	
+
 	/*
 	**  Do initial argv setup.
 	**	Insert the mailer name.  Notice that $x expansion is
@@ -962,7 +1062,9 @@ deliver(e, firstto)
 	*pvp++ = m->m_argv[0];
 
 	/* insert -f or -r flag as appropriate */
-	if (FromFlag && (bitnset(M_FOPT, m->m_flags) || bitnset(M_ROPT, m->m_flags)))
+	if (FromFlag &&
+	    (bitnset(M_FOPT, m->m_flags) ||
+	     bitnset(M_ROPT, m->m_flags)))
 	{
 		if (bitnset(M_FOPT, m->m_flags))
 			*pvp++ = "-f";
@@ -998,8 +1100,9 @@ deliver(e, firstto)
 		*pvp++ = newstr(buf);
 		if (pvp >= &pv[MAXPV - 3])
 		{
-			syserr("554 Too many parameters to %s before $u", pv[0]);
-			return (-1);
+			syserr("554 5.3.5 Too many parameters to %s before $u",
+			       pv[0]);
+			return -1;
 		}
 	}
 
@@ -1012,14 +1115,14 @@ deliver(e, firstto)
 	if (*mvp == NULL)
 	{
 		/* running SMTP */
-# if SMTP
+#if SMTP
 		clever = TRUE;
 		*pvp = NULL;
-# else /* SMTP */
+#else /* SMTP */
 		/* oops!  we don't implement SMTP */
-		syserr("554 SMTP style mailer not implemented");
-		return (EX_SOFTWARE);
-# endif /* SMTP */
+		syserr("554 5.3.5 SMTP style mailer not implemented");
+		return EX_SOFTWARE;
+#endif /* SMTP */
 	}
 
 	/*
@@ -1029,29 +1132,51 @@ deliver(e, firstto)
 	**  always send another copy later.
 	*/
 
+#if _FFR_DYNAMIC_TOBUF
+	e->e_to = NULL;
+	strsize = 2;
+	rcptcount = 0;
+#else /* _FFR_DYNAMIC_TOBUF */
 	tobuf[0] = '\0';
 	e->e_to = tobuf;
+#endif /* _FFR_DYNAMIC_TOBUF */
+
 	ctladdr = NULL;
-	firstsig = hostsignature(firstto->q_mailer, firstto->q_host, e);
+	firstsig = hostsignature(firstto->q_mailer, firstto->q_host);
 	for (; to != NULL; to = to->q_next)
 	{
 		/* avoid sending multiple recipients to dumb mailers */
+#if _FFR_DYNAMIC_TOBUF
+		if (tochain != NULL && !bitnset(M_MUSER, m->m_flags))
+			break;
+#else /* _FFR_DYNAMIC_TOBUF */
 		if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags))
 			break;
+#endif /* _FFR_DYNAMIC_TOBUF */
 
 		/* if already sent or not for this host, don't send */
-		if (bitset(QDONTSEND|QBADADDR|QQUEUEUP, to->q_flags) ||
+		if (!QS_IS_OK(to->q_state) ||
 		    to->q_mailer != firstto->q_mailer ||
-		    strcmp(hostsignature(to->q_mailer, to->q_host, e), firstsig) != 0)
+		    strcmp(hostsignature(to->q_mailer, to->q_host),
+			   firstsig) != 0)
 			continue;
 
 		/* avoid overflowing tobuf */
+#if _FFR_DYNAMIC_TOBUF
+		strsize += strlen(to->q_paddr) + 1;
+		if (!clever && strsize > TOBUFSIZE)
+			break;
+
+		if (++rcptcount > to->q_mailer->m_maxrcpt)
+			break;
+#else /* _FFR_DYNAMIC_TOBUF */
 		if (sizeof tobuf < (strlen(to->q_paddr) + strlen(tobuf) + 2))
 			break;
+#endif /* _FFR_DYNAMIC_TOBUF */
 
 		if (tTd(10, 1))
 		{
-			printf("\nsend to ");
+			dprintf("\nsend to ");
 			printaddr(to, FALSE);
 		}
 
@@ -1061,18 +1186,12 @@ deliver(e, firstto)
 
 		if (tTd(10, 2))
 		{
-			printf("ctladdr=");
+			dprintf("ctladdr=");
 			printaddr(ctladdr, FALSE);
 		}
 
 		user = to->q_user;
 		e->e_to = to->q_paddr;
-		if (tTd(10, 5))
-		{
-			printf("deliver: QDONTSEND ");
-			printaddr(to, FALSE);
-		}
-		to->q_flags |= QDONTSEND;
 
 		/*
 		**  Check to see that these people are allowed to
@@ -1086,44 +1205,59 @@ deliver(e, firstto)
 				to->q_status = "5.2.3";
 			else
 				to->q_status = "5.3.4";
-			usrerr("552 Message is too large; %ld bytes max", m->m_maxsize);
-			markfailure(e, to, NULL, EX_UNAVAILABLE);
-			giveresponse(EX_UNAVAILABLE, m, NULL, ctladdr, xstart, e);
+			/* set to->q_rstatus = NULL; or to the following? */
+			usrerrenh(to->q_status,
+				  "552 Message is too large; %ld bytes max",
+				  m->m_maxsize);
+			markfailure(e, to, NULL, EX_UNAVAILABLE, FALSE);
+			giveresponse(EX_UNAVAILABLE, to->q_status, m,
+				     NULL, ctladdr, xstart, e);
 			continue;
 		}
 #if NAMED_BIND
 		h_errno = 0;
-#endif
+#endif /* NAMED_BIND */
 
+		ovr = TRUE;
 		/* do config file checking of compatibility */
-		rcode = rscheck("check_compat",
-				e->e_from.q_paddr, to->q_paddr, e);
+		rcode = rscheck("check_compat", e->e_from.q_paddr, to->q_paddr,
+				e, TRUE, TRUE, 4);
 		if (rcode == EX_OK)
 		{
 			/* do in-code checking if not discarding */
 			if (!bitset(EF_DISCARD, e->e_flags))
+			{
 				rcode = checkcompat(to, e);
+				ovr = FALSE;
+			}
 		}
 		if (rcode != EX_OK)
 		{
-			markfailure(e, to, NULL, rcode);
-			giveresponse(rcode, m, NULL, ctladdr, xstart, e);
+			markfailure(e, to, NULL, rcode, ovr);
+			giveresponse(rcode, to->q_status, m,
+				     NULL, ctladdr, xstart, e);
 			continue;
 		}
 		if (bitset(EF_DISCARD, e->e_flags))
 		{
 			if (tTd(10, 5))
 			{
-				printf("deliver: discarding recipient ");
+				dprintf("deliver: discarding recipient ");
 				printaddr(to, FALSE);
 			}
 
+			/* pretend the message was sent */
+			/* XXX should we log something here? */
+			to->q_state = QS_DISCARDED;
+
 			/*
 			**  Remove discard bit to prevent discard of
-			**  future recipients
+			**  future recipients.  This is safe because the
+			**  true "global discard" has been handled before
+			**  we get here.
 			*/
-			e->e_flags &= ~EF_DISCARD;
 
+			e->e_flags &= ~EF_DISCARD;
 			continue;
 		}
 
@@ -1151,7 +1285,7 @@ deliver(e, firstto)
 		**	>>>>>>>>>> function is subsumed by sendmail.
 		*/
 
-		if (bitset(QBADADDR|QQUEUEUP, to->q_flags))
+		if (!QS_IS_OK(to->q_state))
 			continue;
 
 		/*
@@ -1178,12 +1312,13 @@ deliver(e, firstto)
 				       m->m_name);
 				rcode = EX_CONFIG;
 			}
-			giveresponse(rcode, m, NULL, ctladdr, xstart, e);
-			markfailure(e, to, NULL, rcode);
+			giveresponse(rcode, to->q_status, m, NULL,
+				     ctladdr, xstart, e);
+			markfailure(e, to, NULL, rcode, TRUE);
 			e->e_nsent++;
 			if (rcode == EX_OK)
 			{
-				to->q_flags |= QSENT;
+				to->q_state = QS_SENT;
 				if (bitnset(M_LOCALMAILER, m->m_flags) &&
 				    bitset(QPINGONSUCCESS, to->q_flags))
 				{
@@ -1207,15 +1342,46 @@ deliver(e, firstto)
 		to->q_tchain = tochain;
 		tochain = to;
 
+#if _FFR_DYNAMIC_TOBUF
+		e->e_to = "[CHAIN]";
+#else /* _FFR_DYNAMIC_TOBUF */
 		/* create list of users for error messages */
-		(void) strcat(tobuf, ",");
-		(void) strcat(tobuf, to->q_paddr);
+		(void) strlcat(tobuf, ",", sizeof tobuf);
+		(void) strlcat(tobuf, to->q_paddr, sizeof tobuf);
+#endif /* _FFR_DYNAMIC_TOBUF */
+
 		define('u', user, e);		/* to user */
 		p = to->q_home;
 		if (p == NULL && ctladdr != NULL)
 			p = ctladdr->q_home;
 		define('z', p, e);	/* user's home */
 
+		/* set the ${dsn_notify} macro if applicable */
+		if (bitset(QHASNOTIFY, to->q_flags))
+		{
+			char notify[MAXLINE];
+
+			notify[0] = '\0';
+			if (bitset(QPINGONSUCCESS, to->q_flags))
+				(void) strlcat(notify, "SUCCESS,",
+					       sizeof notify);
+			if (bitset(QPINGONFAILURE, to->q_flags))
+				(void) strlcat(notify, "FAILURE,",
+					       sizeof notify);
+			if (bitset(QPINGONDELAY, to->q_flags))
+				(void) strlcat(notify, "DELAY,", sizeof notify);
+
+			/* Set to NEVER or drop trailing comma */
+			if (notify[0] == '\0')
+				(void) strlcat(notify, "NEVER", sizeof notify);
+			else
+				notify[strlen(notify) - 1] = '\0';
+
+			define(macid("{dsn_notify}", NULL), newstr(notify), e);
+		}
+		else
+			define(macid("{dsn_notify}", NULL), NULL, e);
+
 		/*
 		**  Expand out this user into argument list.
 		*/
@@ -1233,13 +1399,44 @@ deliver(e, firstto)
 	}
 
 	/* see if any addresses still exist */
+#if _FFR_DYNAMIC_TOBUF
+	if (tochain == NULL)
+#else /* _FFR_DYNAMIC_TOBUF */
 	if (tobuf[0] == '\0')
+#endif /* _FFR_DYNAMIC_TOBUF */
 	{
 		define('g', (char *) NULL, e);
-		return (0);
+		e->e_to = NULL;
+		return 0;
 	}
 
 	/* print out messages as full list */
+#if _FFR_DYNAMIC_TOBUF
+	{
+		int l = 1;
+		char *tobufptr;
+
+		for (to = tochain; to != NULL; to = to->q_tchain)
+			l += strlen(to->q_paddr) + 1;
+		if (l < TOBUFSIZE)
+			l = TOBUFSIZE;
+		if (l > tobufsize)
+		{
+			if (tobuf != NULL)
+				free(tobuf);
+			tobufsize = l;
+			tobuf = xalloc(tobufsize);
+		}
+		tobufptr = tobuf;
+		*tobufptr = '\0';
+		for (to = tochain; to != NULL; to = to->q_tchain)
+		{
+			snprintf(tobufptr, tobufsize - (tobufptr - tobuf),
+				 ",%s", to->q_paddr);
+			tobufptr += strlen(tobufptr);
+		}
+	}
+#endif /* _FFR_DYNAMIC_TOBUF */
 	e->e_to = tobuf + 1;
 
 	/*
@@ -1251,7 +1448,8 @@ deliver(e, firstto)
 		expand(*mvp, buf, sizeof buf, e);
 		*pvp++ = newstr(buf);
 		if (pvp >= &pv[MAXPV])
-			syserr("554 deliver: pv overflow after $u for %s", pv[0]);
+			syserr("554 5.3.0 deliver: pv overflow after $u for %s",
+			       pv[0]);
 	}
 	*pvp++ = NULL;
 
@@ -1263,7 +1461,7 @@ deliver(e, firstto)
 	**	If we are running SMTP, we just need to clean up.
 	*/
 
-	/*XXX this seems a bit wierd */
+	/* XXX this seems a bit wierd */
 	if (ctladdr == NULL && m != ProgMailer && m != FileMailer &&
 	    bitset(QGOODUID, e->e_from.q_flags))
 		ctladdr = &e->e_from;
@@ -1271,17 +1469,17 @@ deliver(e, firstto)
 #if NAMED_BIND
 	if (ConfigLevel < 2)
 		_res.options &= ~(RES_DEFNAMES | RES_DNSRCH);	/* XXX */
-#endif
+#endif /* NAMED_BIND */
 
 	if (tTd(11, 1))
 	{
-		printf("openmailer:");
+		dprintf("openmailer:");
 		printav(pv);
 	}
 	errno = 0;
 #if NAMED_BIND
 	h_errno = 0;
-#endif
+#endif /* NAMED_BIND */
 
 	CurHostName = NULL;
 
@@ -1307,7 +1505,7 @@ deliver(e, firstto)
 			shortenstring(e->e_to, MAXSHORTSTR), m->m_name);
 		checkfd012(wbuf);
 	}
-#endif
+#endif /* XDEBUG */
 
 	/* check for 8-bit available */
 	if (bitset(EF_HAS8BIT, e->e_flags) &&
@@ -1315,11 +1513,12 @@ deliver(e, firstto)
 	    (bitset(EF_DONT_MIME, e->e_flags) ||
 	     !(bitset(MM_MIME8BIT, MimeMode) ||
 	       (bitset(EF_IS_MIME, e->e_flags) &&
-	        bitset(MM_CVTMIME, MimeMode)))))
+		bitset(MM_CVTMIME, MimeMode)))))
 	{
-		usrerr("554 Cannot send 8-bit data to 7-bit destination");
-		rcode = EX_DATAERR;
 		e->e_status = "5.6.3";
+		usrerrenh(e->e_status,
+		       "554 Cannot send 8-bit data to 7-bit destination");
+		rcode = EX_DATAERR;
 		goto give_up;
 	}
 
@@ -1330,7 +1529,7 @@ deliver(e, firstto)
 	if (strcmp(m->m_mailer, "[LPC]") == 0)
 	{
 		mci = (MCI *) xalloc(sizeof *mci);
-		bzero((char *) mci, sizeof *mci);
+		memset((char *) mci, '\0', sizeof *mci);
 		mci->mci_in = stdin;
 		mci->mci_out = stdout;
 		mci->mci_state = clever ? MCIS_OPENING : MCIS_OPEN;
@@ -1344,13 +1543,23 @@ deliver(e, firstto)
 
 		if (pv[0] == NULL || pv[1] == NULL || pv[1][0] == '\0')
 		{
-			syserr("null host name for %s mailer", m->m_mailer);
+			syserr("null destination for %s mailer", m->m_mailer);
 			rcode = EX_CONFIG;
 			goto give_up;
 		}
 
-		CurHostName = pv[1];
-		curhost = hostsignature(m, pv[1], e);
+# if NETUNIX
+		if (strcmp(pv[0], "FILE") == 0)
+		{
+			curhost = CurHostName = "localhost";
+			mux_path = pv[1];
+		}
+		else
+# endif /* NETUNIX */
+		{
+			CurHostName = pv[1];
+			curhost = hostsignature(m, pv[1]);
+		}
 
 		if (curhost == NULL || curhost[0] == '\0')
 		{
@@ -1361,47 +1570,71 @@ deliver(e, firstto)
 
 		if (!clever)
 		{
-			syserr("554 non-clever IPC");
+			syserr("554 5.3.5 non-clever IPC");
 			rcode = EX_CONFIG;
 			goto give_up;
 		}
-		if (pv[2] != NULL)
+		if (pv[2] != NULL
+# if NETUNIX
+		    && mux_path == NULL
+# endif /* NETUNIX */
+		    )
 		{
-			port = htons(atoi(pv[2]));
+			port = htons((u_short)atoi(pv[2]));
 			if (port == 0)
 			{
+# ifdef NO_GETSERVBYNAME
+				syserr("Invalid port number: %s", pv[2]);
+# else /* NO_GETSERVBYNAME */
 				struct servent *sp = getservbyname(pv[2], "tcp");
 
 				if (sp == NULL)
 					syserr("Service %s unknown", pv[2]);
 				else
 					port = sp->s_port;
+# endif /* NO_GETSERVBYNAME */
 			}
 		}
+
+		nummxhosts = parse_hostsignature(curhost, mxhosts, m);
 tryhost:
-		while (*curhost != '\0')
+		while (hostnum < nummxhosts)
 		{
+			char sep = ':';
+			char *endp;
 			static char hostbuf[MAXNAME + 1];
-			extern int makeconnection __P((char *, u_short, MCI *, ENVELOPE *));
 
-			/* pull the next host from the signature */
-			p = strchr(curhost, ':');
-			if (p == NULL)
-				p = (char *) &curhost[strlen(curhost)];
-			if (p == curhost)
+# if NETINET6
+			if (*mxhosts[hostnum] == '[')
+			{
+				endp = strchr(mxhosts[hostnum] + 1, ']');
+				if (endp != NULL)
+					endp = strpbrk(endp + 1, ":,");
+			}
+			else
+				endp = strpbrk(mxhosts[hostnum], ":,");
+# else /* NETINET6 */
+			endp = strpbrk(mxhosts[hostnum], ":,");
+# endif /* NETINET6 */
+			if (endp != NULL)
+			{
+				sep = *endp;
+				*endp = '\0';
+			}
+
+			if (*mxhosts[hostnum] == '\0')
 			{
 				syserr("deliver: null host name in signature");
-				curhost++;
+				hostnum++;
+				if (endp != NULL)
+					*endp = sep;
 				continue;
 			}
-			i = p - curhost;
-			if (i >= sizeof hostbuf)
-				i = sizeof hostbuf - 1;
-			strncpy(hostbuf, curhost, i);
-			hostbuf[i] = '\0';
-			if (*p != '\0')
-				p++;
-			curhost = p;
+			(void) strlcpy(hostbuf, mxhosts[hostnum],
+				       sizeof hostbuf);
+			hostnum++;
+			if (endp != NULL)
+				*endp = sep;
 
 			/* see if we already know that this host is fried */
 			CurHostName = hostbuf;
@@ -1410,13 +1643,14 @@ tryhost:
 			{
 				if (tTd(11, 1))
 				{
-					printf("openmailer: ");
+					dprintf("openmailer: ");
 					mci_dump(mci, FALSE);
 				}
 				CurHostName = mci->mci_host;
 				message("Using cached %sSMTP connection to %s via %s...",
 					bitset(MCIF_ESMTP, mci->mci_flags) ? "E" : "",
 					hostbuf, m->m_name);
+				mci->mci_deliveries++;
 				break;
 			}
 			mci->mci_mailer = m;
@@ -1435,20 +1669,35 @@ tryhost:
 			}
 
 			/* try the connection */
-			sm_setproctitle(TRUE, "%s %s: %s", e->e_id, hostbuf, "user open");
-			if (port == 0)
+			sm_setproctitle(TRUE, e, "%s %s: %s",
+					qid_printname(e),
+					hostbuf, "user open");
+# if NETUNIX
+			if (mux_path != NULL)
+			{
 				message("Connecting to %s via %s...",
-					hostbuf, m->m_name);
+					mux_path, m->m_name);
+				i = makeconnection_ds(mux_path, mci);
+			}
 			else
-				message("Connecting to %s port %d via %s...",
-					hostbuf, ntohs(port), m->m_name);
-			i = makeconnection(hostbuf, port, mci, e);
+# endif /* NETUNIX */
+			{
+				if (port == 0)
+					message("Connecting to %s via %s...",
+						hostbuf, m->m_name);
+				else
+					message("Connecting to %s port %d via %s...",
+						hostbuf, ntohs(port),
+						m->m_name);
+				i = makeconnection(hostbuf, port, mci, e);
+			}
 			mci->mci_lastuse = curtime();
+			mci->mci_deliveries = 0;
 			mci->mci_exitstat = i;
 			mci->mci_errno = errno;
-#if NAMED_BIND
+# if NAMED_BIND
 			mci->mci_herrno = h_errno;
-#endif
+# endif /* NAMED_BIND */
 			if (i == EX_OK)
 			{
 				goodmxfound = TRUE;
@@ -1461,8 +1710,8 @@ tryhost:
 			}
 			else
 			{
-			    	if (tTd(11, 1))
-					printf("openmailer: makeconnection => stat=%d, errno=%d\n",
+				if (tTd(11, 1))
+					dprintf("openmailer: makeconnection => stat=%d, errno=%d\n",
 						i, errno);
 				if (i == EX_TEMPFAIL)
 					goodmxfound = TRUE;
@@ -1481,10 +1730,10 @@ tryhost:
 			goto give_up;
 		}
 		mci->mci_pid = 0;
-#else /* no DAEMON */
-		syserr("554 openmailer: no IPC");
+#else /* DAEMON */
+		syserr("554 5.3.5 openmailer: no IPC");
 		if (tTd(11, 1))
-			printf("openmailer: NULL\n");
+			dprintf("openmailer: NULL\n");
 		rcode = EX_UNAVAILABLE;
 		goto give_up;
 #endif /* DAEMON */
@@ -1507,10 +1756,11 @@ tryhost:
 			{
 				message("Using cached LMTP connection for %s...",
 					m->m_name);
+				mci->mci_deliveries++;
 				goto do_transfer;
 			}
 		}
-#endif
+#endif /* SMTP */
 
 		/* announce the connection to verbose listeners */
 		if (host == NULL || host[0] == '\0')
@@ -1529,7 +1779,7 @@ tryhost:
 
 #if XDEBUG
 		checkfd012("before creating mail pipe");
-#endif
+#endif /* XDEBUG */
 
 		/* create a pipe to shove the mail through */
 		if (pipe(mpvect) < 0)
@@ -1537,7 +1787,7 @@ tryhost:
 			syserr("%s... openmailer(%s): pipe (to mailer)",
 				shortenstring(e->e_to, MAXSHORTSTR), m->m_name);
 			if (tTd(11, 1))
-				printf("openmailer: NULL\n");
+				dprintf("openmailer: NULL\n");
 			rcode = EX_OSERR;
 			goto give_up;
 		}
@@ -1551,7 +1801,7 @@ tryhost:
 				mpvect[0], mpvect[1]);
 			printopenfds(TRUE);
 			if (tTd(11, 1))
-				printf("openmailer: NULL\n");
+				dprintf("openmailer: NULL\n");
 			rcode = EX_OSERR;
 			goto give_up;
 		}
@@ -1574,45 +1824,43 @@ tryhost:
 					m->m_name, mpvect[0], mpvect[1],
 					fileno(e->e_lockfp));
 		}
-#endif
+#endif /* XDEBUG */
 
-		/* if this mailer speaks smtp, create a return pipe */
-#if SMTP
-		if (clever)
+		/* create a return pipe */
+		if (pipe(rpvect) < 0)
 		{
-			if (pipe(rpvect) < 0)
-			{
-				syserr("%s... openmailer(%s): pipe (from mailer)",
-					shortenstring(e->e_to, MAXSHORTSTR),
-					m->m_name);
-				(void) close(mpvect[0]);
-				(void) close(mpvect[1]);
-				if (tTd(11, 1))
-					printf("openmailer: NULL\n");
-				rcode = EX_OSERR;
-				goto give_up;
-			}
-# if XDEBUG
-			checkfdopen(rpvect[0], "rpvect[0]");
-			checkfdopen(rpvect[1], "rpvect[1]");
-# endif
+			syserr("%s... openmailer(%s): pipe (from mailer)",
+				shortenstring(e->e_to, MAXSHORTSTR),
+				m->m_name);
+			(void) close(mpvect[0]);
+			(void) close(mpvect[1]);
+			if (tTd(11, 1))
+				dprintf("openmailer: NULL\n");
+			rcode = EX_OSERR;
+			goto give_up;
 		}
-#endif
+#if XDEBUG
+		checkfdopen(rpvect[0], "rpvect[0]");
+		checkfdopen(rpvect[1], "rpvect[1]");
+#endif /* XDEBUG */
 
 		/*
 		**  Actually fork the mailer process.
 		**	DOFORK is clever about retrying.
 		**
 		**	Dispose of SIGCHLD signal catchers that may be laying
-		**	around so that endmail will get it.
+		**	around so that endmailer will get it.
 		*/
 
 		if (e->e_xfp != NULL)
-			(void) fflush(e->e_xfp);		/* for debugging */
+			(void) fflush(e->e_xfp);	/* for debugging */
 		(void) fflush(stdout);
 		(void) setsignal(SIGCHLD, SIG_DFL);
+
+
 		DOFORK(FORK);
 		/* pid is set by DOFORK */
+
 		if (pid < 0)
 		{
 			/* failure */
@@ -1620,22 +1868,17 @@ tryhost:
 				shortenstring(e->e_to, MAXSHORTSTR), m->m_name);
 			(void) close(mpvect[0]);
 			(void) close(mpvect[1]);
-#if SMTP
-			if (clever)
-			{
-				(void) close(rpvect[0]);
-				(void) close(rpvect[1]);
-			}
-#endif
+			(void) close(rpvect[0]);
+			(void) close(rpvect[1]);
 			if (tTd(11, 1))
-				printf("openmailer: NULL\n");
+				dprintf("openmailer: NULL\n");
 			rcode = EX_OSERR;
 			goto give_up;
 		}
 		else if (pid == 0)
 		{
 			int i;
-			int saveerrno;
+			int save_errno;
 			int new_euid = NO_UID;
 			int new_ruid = NO_UID;
 			int new_gid = NO_GID;
@@ -1653,7 +1896,7 @@ tryhost:
 			if (m != FileMailer || stat(tochain->q_user, &stb) < 0)
 				stb.st_mode = 0;
 
-#if HASSETUSERCONTEXT
+# if HASSETUSERCONTEXT
 			/*
 			**  Set user resources.
 			*/
@@ -1671,11 +1914,11 @@ tryhost:
 						pwd, pwd->pw_uid,
 						LOGIN_SETRESOURCES|LOGIN_SETPRIORITY);
 			}
-#endif
+# endif /* HASSETUSERCONTEXT */
 
 			/* tweak niceness */
 			if (m->m_nice != 0)
-				nice(m->m_nice);
+				(void) nice(m->m_nice);
 
 			/* reset group id */
 			if (bitnset(M_SPECIFIC_UID, m->m_flags))
@@ -1692,8 +1935,11 @@ tryhost:
 						u = ctladdr->q_user;
 
 					if (initgroups(u, ctladdr->q_gid) == -1 && suidwarn)
+					{
 						syserr("openmailer: initgroups(%s, %d) failed",
 							u, ctladdr->q_gid);
+						exit(EX_TEMPFAIL);
+					}
 				}
 				else
 				{
@@ -1701,7 +1947,10 @@ tryhost:
 
 					gidset[0] = ctladdr->q_gid;
 					if (setgroups(1, gidset) == -1 && suidwarn)
+					{
 						syserr("openmailer: setgroups() failed");
+						exit(EX_TEMPFAIL);
+					}
 				}
 				new_gid = ctladdr->q_gid;
 			}
@@ -1710,8 +1959,11 @@ tryhost:
 				if (!DontInitGroups)
 				{
 					if (initgroups(DefUser, DefGid) == -1 && suidwarn)
+					{
 						syserr("openmailer: initgroups(%s, %d) failed",
 							DefUser, DefGid);
+						exit(EX_TEMPFAIL);
+					}
 				}
 				else
 				{
@@ -1719,16 +1971,55 @@ tryhost:
 
 					gidset[0] = DefGid;
 					if (setgroups(1, gidset) == -1 && suidwarn)
+					{
 						syserr("openmailer: setgroups() failed");
+						exit(EX_TEMPFAIL);
+					}
 				}
 				if (m->m_gid == 0)
 					new_gid = DefGid;
 				else
 					new_gid = m->m_gid;
 			}
-			if (new_gid != NO_GID && setgid(new_gid) < 0 && suidwarn)
-				syserr("openmailer: setgid(%ld) failed",
-					(long) new_gid);
+			if (new_gid != NO_GID)
+			{
+				if (RunAsUid != 0 &&
+				    bitnset(M_SPECIFIC_UID, m->m_flags) &&
+				    new_gid != getgid() &&
+				    new_gid != getegid())
+				{
+					/* Only root can change the gid */
+					syserr("openmailer: insufficient privileges to change gid");
+					exit(EX_TEMPFAIL);
+				}
+
+				if (setgid(new_gid) < 0 && suidwarn)
+				{
+					syserr("openmailer: setgid(%ld) failed",
+					       (long) new_gid);
+					exit(EX_TEMPFAIL);
+				}
+			}
+
+			/* change root to some "safe" directory */
+			if (m->m_rootdir != NULL)
+			{
+				expand(m->m_rootdir, buf, sizeof buf, e);
+				if (tTd(11, 20))
+					dprintf("openmailer: chroot %s\n",
+						buf);
+				if (chroot(buf) < 0)
+				{
+					syserr("openmailer: Cannot chroot(%s)",
+					       buf);
+					exit(EX_TEMPFAIL);
+				}
+				if (chdir("/") < 0)
+				{
+					syserr("openmailer: cannot chdir(/)");
+					exit(EX_TEMPFAIL);
+				}
+			}
 
 			/* reset user id */
 			endpwent();
@@ -1744,40 +2035,59 @@ tryhost:
 				new_ruid = DefUid;
 			if (new_euid != NO_UID)
 			{
+				if (RunAsUid != 0 && new_euid != RunAsUid)
+				{
+					/* Only root can change the uid */
+					syserr("openmailer: insufficient privileges to change uid");
+					exit(EX_TEMPFAIL);
+				}
+
 				vendor_set_uid(new_euid);
-#if USESETEUID
+# if MAILER_SETUID_METHOD == USE_SETEUID
 				if (seteuid(new_euid) < 0 && suidwarn)
+				{
 					syserr("openmailer: seteuid(%ld) failed",
 						(long) new_euid);
-#else
-# if HASSETREUID
+					exit(EX_TEMPFAIL);
+				}
+# endif /* MAILER_SETUID_METHOD == USE_SETEUID */
+# if MAILER_SETUID_METHOD == USE_SETREUID
 				if (setreuid(new_ruid, new_euid) < 0 && suidwarn)
+				{
 					syserr("openmailer: setreuid(%ld, %ld) failed",
 						(long) new_ruid, (long) new_euid);
-# else
+					exit(EX_TEMPFAIL);
+				}
+# endif /* MAILER_SETUID_METHOD == USE_SETREUID */
+# if MAILER_SETUID_METHOD == USE_SETUID
 				if (new_euid != geteuid() && setuid(new_euid) < 0 && suidwarn)
+				{
 					syserr("openmailer: setuid(%ld) failed",
 						(long) new_euid);
-# endif
-#endif
+					exit(EX_TEMPFAIL);
+				}
+# endif /* MAILER_SETUID_METHOD == USE_SETUID */
 			}
 			else if (new_ruid != NO_UID)
 			{
 				vendor_set_uid(new_ruid);
 				if (setuid(new_ruid) < 0 && suidwarn)
+				{
 					syserr("openmailer: setuid(%ld) failed",
 						(long) new_ruid);
+					exit(EX_TEMPFAIL);
+				}
 			}
 
 			if (tTd(11, 2))
-				printf("openmailer: running as r/euid=%d/%d\n",
-					(int) getuid(), (int) geteuid());
+				dprintf("openmailer: running as r/euid=%d/%d, r/egid=%d/%d\n",
+					(int) getuid(), (int) geteuid(),
+					(int) getgid(), (int) getegid());
 
 			/* move into some "safe" directory */
 			if (m->m_execdir != NULL)
 			{
 				char *q;
-				char buf[MAXLINE + 1];
 
 				for (p = m->m_execdir; p != NULL; p = q)
 				{
@@ -1788,7 +2098,7 @@ tryhost:
 					if (q != NULL)
 						*q++ = ':';
 					if (tTd(11, 20))
-						printf("openmailer: trydir %s\n",
+						dprintf("openmailer: trydir %s\n",
 							buf);
 					if (buf[0] != '\0' && chdir(buf) >= 0)
 						break;
@@ -1796,31 +2106,16 @@ tryhost:
 			}
 
 			/* arrange to filter std & diag output of command */
-#if SMTP
-			if (clever)
-			{
-				(void) close(rpvect[0]);
-				if (dup2(rpvect[1], STDOUT_FILENO) < 0)
-				{
-					syserr("%s... openmailer(%s): cannot dup pipe %d for stdout",
-						shortenstring(e->e_to, MAXSHORTSTR),
-						m->m_name, rpvect[1]);
-					_exit(EX_OSERR);
-				}
-				(void) close(rpvect[1]);
-			}
-			else
+			(void) close(rpvect[0]);
+			if (dup2(rpvect[1], STDOUT_FILENO) < 0)
 			{
-				/* put mailer output in transcript */
-				if (dup2(fileno(e->e_xfp), STDOUT_FILENO) < 0)
-				{
-					syserr("%s... openmailer(%s): cannot dup xscript %d for stdout",
-						shortenstring(e->e_to, MAXSHORTSTR),
-						m->m_name, fileno(e->e_xfp));
-					_exit(EX_OSERR);
-				}
+				syserr("%s... openmailer(%s): cannot dup pipe %d for stdout",
+				       shortenstring(e->e_to, MAXSHORTSTR),
+				       m->m_name, rpvect[1]);
+				_exit(EX_OSERR);
 			}
-#endif
+			(void) close(rpvect[1]);
+
 			if (dup2(STDOUT_FILENO, STDERR_FILENO) < 0)
 			{
 				syserr("%s... openmailer(%s): cannot dup stdout for stderr",
@@ -1846,18 +2141,20 @@ tryhost:
 				register int j;
 
 				if ((j = fcntl(i, F_GETFD, 0)) != -1)
-					(void) fcntl(i, F_SETFD, j | 1);
+					(void) fcntl(i, F_SETFD,
+						     j | FD_CLOEXEC);
 			}
 
 			/* run disconnected from terminal */
 			(void) setsid();
 
 			/* try to execute the mailer */
-			execve(m->m_mailer, (ARGV_T) pv, (ARGV_T) UserEnviron);
-			saveerrno = errno;
+			(void) execve(m->m_mailer, (ARGV_T) pv,
+				      (ARGV_T) UserEnviron);
+			save_errno = errno;
 			syserr("Cannot exec %s", m->m_mailer);
 			if (bitnset(M_LOCALMAILER, m->m_flags) ||
-			    transienterror(saveerrno))
+			    transienterror(save_errno))
 				_exit(EX_OSERR);
 			_exit(EX_UNAVAILABLE);
 		}
@@ -1869,7 +2166,7 @@ tryhost:
 		if (mci == NULL)
 		{
 			mci = (MCI *) xalloc(sizeof *mci);
-			bzero((char *) mci, sizeof *mci);
+			memset((char *) mci, '\0', sizeof *mci);
 		}
 		mci->mci_mailer = m;
 		if (clever)
@@ -1889,38 +2186,28 @@ tryhost:
 			syserr("deliver: cannot create mailer output channel, fd=%d",
 				mpvect[1]);
 			(void) close(mpvect[1]);
-#if SMTP
-			if (clever)
-			{
-				(void) close(rpvect[0]);
-				(void) close(rpvect[1]);
-			}
-#endif
+			(void) close(rpvect[0]);
+			(void) close(rpvect[1]);
 			rcode = EX_OSERR;
 			goto give_up;
 		}
-#if SMTP
-		if (clever)
+
+		(void) close(rpvect[1]);
+		mci->mci_in = fdopen(rpvect[0], "r");
+		if (mci->mci_in == NULL)
 		{
-			(void) close(rpvect[1]);
-			mci->mci_in = fdopen(rpvect[0], "r");
-			if (mci->mci_in == NULL)
-			{
-				syserr("deliver: cannot create mailer input channel, fd=%d",
-					mpvect[1]);
-				(void) close(rpvect[0]);
-				fclose(mci->mci_out);
-				mci->mci_out = NULL;
-				rcode = EX_OSERR;
-				goto give_up;
-			}
+			syserr("deliver: cannot create mailer input channel, fd=%d",
+			       mpvect[1]);
+			(void) close(rpvect[0]);
+			(void) fclose(mci->mci_out);
+			mci->mci_out = NULL;
+			rcode = EX_OSERR;
+			goto give_up;
 		}
-		else
-#endif
-		{
+
+		/* Don't cache non-clever connections */
+		if (!clever)
 			mci->mci_flags |= MCIF_TEMP;
-			mci->mci_in = NULL;
-		}
 	}
 
 	/*
@@ -1933,11 +2220,256 @@ tryhost:
 #if SMTP
 	if (clever && mci->mci_state != MCIS_CLOSED)
 	{
-		extern void smtpinit __P((MAILER *, MCI *, ENVELOPE *));
+		static u_short again;
+# if SASL && SFIO
+#  define DONE_TLS_B	0x01
+#  define DONE_TLS	bitset(DONE_TLS_B, again)
+# endif /* SASL && SFIO */
+# if STARTTLS
+#  define DONE_STARTTLS_B	0x02
+#  define DONE_STARTTLS	bitset(DONE_STARTTLS_B, again)
+# endif /* STARTTLS */
+# define ONLY_HELO_B	0x04
+# define ONLY_HELO	bitset(ONLY_HELO_B, again)
+# define SET_HELO	again |= ONLY_HELO_B
+# define CLR_HELO	again &= ~ONLY_HELO_B
+
+		again = 0;
+# if STARTTLS || (SASL && SFIO)
+reconnect:	/* after switching to an authenticated connection */
+# endif /* STARTTLS || (SASL && SFIO) */
+
+# if SASL
+		mci->mci_saslcap = NULL;
+# endif /* SASL */
+		smtpinit(m, mci, e, ONLY_HELO);
+		CLR_HELO;
+
+# if STARTTLS
+		/* first TLS then AUTH to provide a security layer */
+		if (mci->mci_state != MCIS_CLOSED && !DONE_STARTTLS)
+		{
+			int olderrors;
+			bool hasdot;
+			bool usetls;
+			bool saveQuickAbort = QuickAbort;
+			bool saveSuprErrs = SuprErrs;
+			extern SOCKADDR CurHostAddr;
+
+			rcode = EX_OK;
+			usetls = bitset(MCIF_TLS, mci->mci_flags);
+			hasdot = CurHostName[strlen(CurHostName) - 1] == '.';
+			if (hasdot)
+				CurHostName[strlen(CurHostName) - 1] = '\0';
+			define(macid("{server_name}", NULL),
+			       newstr(CurHostName), e);
+			if (CurHostAddr.sa.sa_family != 0)
+				define(macid("{server_addr}", NULL),
+				       newstr(anynet_ntoa(&CurHostAddr)), e);
+			else
+				define(macid("{server_addr}", NULL), NULL, e);
+#  if _FFR_TLS_O_T
+			if (usetls)
+			{
+				olderrors = Errors;
+				QuickAbort = FALSE;
+				SuprErrs = TRUE;
+				if (rscheck("try_tls", CurHostName, NULL,
+					    e, TRUE, FALSE, 8) != EX_OK
+				    || Errors > olderrors)
+					usetls = FALSE;
+				SuprErrs = saveSuprErrs;
+				QuickAbort = saveQuickAbort;
+			}
+#  endif /* _FFR_TLS_O_T */
+
+			/* undo change of CurHostName */
+			if (hasdot)
+				CurHostName[strlen(CurHostName)] = '.';
+			if (usetls)
+			{
+				if ((rcode = starttls(m, mci, e)) == EX_OK)
+				{
+					/* start again without STARTTLS */
+					again |= DONE_STARTTLS_B;
+					mci->mci_flags |= MCIF_TLSACT;
+				}
+				else
+				{
+					char *s;
+
+					/*
+					**  TLS negotation failed, what to do?
+					**  fall back to unencrypted connection
+					**  or abort? How to decide?
+					**  set a macro and call a ruleset.
+					*/
+					mci->mci_flags &= ~MCIF_TLS;
+					switch (rcode)
+					{
+					  case EX_TEMPFAIL:
+						s = "TEMP";
+						break;
+					  case EX_USAGE:
+						s = "USAGE";
+						break;
+					  case EX_PROTOCOL:
+						s = "PROTOCOL";
+						break;
+					  case EX_SOFTWARE:
+						s = "SOFTWARE";
+						break;
+
+					  /* everything else is a failure */
+					  default:
+						s = "FAILURE";
+						rcode = EX_TEMPFAIL;
+					}
+					define(macid("{verify}", NULL),
+					       newstr(s), e);
+				}
+			}
+			else
+				define(macid("{verify}", NULL), "NONE", e);
+			olderrors = Errors;
+			QuickAbort = FALSE;
+			SuprErrs = TRUE;
+
+			/*
+			**  rcode == EX_SOFTWARE is special:
+			**  the TLS negotation failed
+			**  we have to drop the connection no matter what
+			**  However, we call tls_server to give it the chance
+			**  to log the problem and return an appropriate
+			**  error code.
+			*/
+			if (rscheck("tls_server",
+				     macvalue(macid("{verify}", NULL), e),
+				     NULL, e, TRUE, TRUE, 6) != EX_OK ||
+			    Errors > olderrors ||
+			    rcode == EX_SOFTWARE)
+			{
+				char enhsc[ENHSCLEN];
+				extern char MsgBuf[];
+
+				if (ISSMTPCODE(MsgBuf) &&
+				    extenhsc(MsgBuf + 4, ' ', enhsc) > 0)
+				{
+					p = newstr(MsgBuf);
+				}
+				else
+				{
+					p = "403 4.7.0 server not authenticated.";
+					(void) strlcpy(enhsc, "4.7.0",
+						       sizeof enhsc);
+				}
+				SuprErrs = saveSuprErrs;
+				QuickAbort = saveQuickAbort;
 
-		smtpinit(m, mci, e);
+				if (rcode == EX_SOFTWARE)
+				{
+					/* drop the connection */
+					mci->mci_state = MCIS_QUITING;
+					if (mci->mci_in != NULL)
+					{
+						(void) fclose(mci->mci_in);
+						mci->mci_in = NULL;
+					}
+					mci->mci_flags &= ~MCIF_TLSACT;
+					(void) endmailer(mci, e, pv);
+				}
+				else
+				{
+					/* abort transfer */
+					smtpquit(m, mci, e);
+				}
+
+				/* temp or permanent failure? */
+				rcode = (*p == '4') ? EX_TEMPFAIL
+						    : EX_UNAVAILABLE;
+				mci_setstat(mci, rcode, newstr(enhsc), p);
+
+				/*
+				**  hack to get the error message into
+				**  the envelope (done in giveresponse())
+				*/
+				(void) strlcpy(SmtpError, p, sizeof SmtpError);
+			}
+			QuickAbort = saveQuickAbort;
+			SuprErrs = saveSuprErrs;
+			if (DONE_STARTTLS && mci->mci_state != MCIS_CLOSED)
+			{
+				SET_HELO;
+				mci->mci_flags &= ~MCIF_EXTENS;
+				goto reconnect;
+			}
+		}
+# endif /* STARTTLS */
+# if SASL
+		/* if other server supports authentication let's authenticate */
+		if (mci->mci_state != MCIS_CLOSED &&
+		    mci->mci_saslcap != NULL &&
+#  if SFIO
+		    !DONE_TLS &&
+#  endif /* SFIO */
+		    SASLInfo != NULL)
+		{
+			/*
+			**  should we require some minimum authentication?
+			**  XXX ignore result?
+			*/
+			if (smtpauth(m, mci, e) == EX_OK)
+			{
+#  if SFIO
+				int result;
+				sasl_ssf_t *ssf;
+
+				/* get security strength (features) */
+				result = sasl_getprop(mci->mci_conn, SASL_SSF,
+						      (void **) &ssf);
+				if (LogLevel > 9)
+					sm_syslog(LOG_INFO, NOQID,
+						  "SASL: outgoing connection to %.64s: mech=%.16s, bits=%d",
+						  mci->mci_host,
+						  macvalue(macid("{auth_type}",
+								 NULL), e),
+						  *ssf);
+				/*
+				**  only switch to encrypted connection
+				**  if a security layer has been negotiated
+				*/
+				if (result == SASL_OK && *ssf > 0)
+				{
+					/*
+					**  convert sfio stuff to use SASL
+					**  check return values
+					**  if the call fails,
+					**  fall back to unencrypted version
+					**  unless some cf option requires
+					**  encryption then the connection must
+					**  be aborted
+					*/
+					if (sfdcsasl(mci->mci_in, mci->mci_out,
+						     mci->mci_conn) == 0)
+					{
+						again |= DONE_TLS_B;
+						SET_HELO;
+						mci->mci_flags &= ~MCIF_EXTENS;
+						mci->mci_flags |= MCIF_AUTHACT;
+						goto reconnect;
+					}
+					syserr("SASL TLS switch failed in client");
+				}
+				/* else? XXX */
+#  endif /* SFIO */
+				mci->mci_flags |= MCIF_AUTHACT;
+
+			}
+		}
+# endif /* SASL */
 	}
-#endif
+
+#endif /* SMTP */
 
 do_transfer:
 	/* clear out per-message flags from connection structure */
@@ -1962,11 +2494,11 @@ do_transfer:
 		    (p[10] == '\0' || p[10] == ' ' || p[10] == ';'))
 			mci->mci_flags |= MCIF_CVT7TO8;
 	}
-#endif
+#endif /* MIME7TO8 */
 
 	if (tTd(11, 1))
 	{
-		printf("openmailer: ");
+		dprintf("openmailer: ");
 		mci_dump(mci, FALSE);
 	}
 
@@ -1977,23 +2509,23 @@ do_transfer:
 		errno = mci->mci_errno;
 #if NAMED_BIND
 		h_errno = mci->mci_herrno;
-#endif
+#endif /* NAMED_BIND */
 		if (rcode == EX_OK)
 		{
 			/* shouldn't happen */
-			syserr("554 deliver: mci=%lx rcode=%d errno=%d state=%d sig=%s",
-				(long) mci, rcode, errno, mci->mci_state,
+			syserr("554 5.3.5 deliver: mci=%lx rcode=%d errno=%d state=%d sig=%s",
+				(u_long) mci, rcode, errno, mci->mci_state,
 				firstsig);
 			mci_dump_all(TRUE);
 			rcode = EX_SOFTWARE;
 		}
 #if DAEMON
-		else if (curhost != NULL && *curhost != '\0')
+		else if (nummxhosts > hostnum)
 		{
 			/* try next MX site */
 			goto tryhost;
 		}
-#endif
+#endif /* DAEMON */
 	}
 	else if (!clever)
 	{
@@ -2001,7 +2533,6 @@ do_transfer:
 		**  Format and send message.
 		*/
 
-		mci->mci_contentlen = 0;
 		putfromline(mci, e);
 		(*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER);
 		(*e->e_putbody)(mci, e, NULL);
@@ -2012,10 +2543,6 @@ do_transfer:
 	else
 #if SMTP
 	{
-		extern int smtpmailfrom __P((MAILER *, MCI *, ENVELOPE *));
-		extern int smtprcpt __P((ADDRESS *, MAILER *, MCI *, ENVELOPE *));
-		extern int smtpdata __P((MAILER *, MCI *, ENVELOPE *));
-
 		/*
 		**  Send the MAIL FROM: protocol
 		*/
@@ -2028,18 +2555,38 @@ do_transfer:
 
 			/* send the recipient list */
 			tobuf[0] = '\0';
+
 			for (to = tochain; to != NULL; to = to->q_tchain)
 			{
 				e->e_to = to->q_paddr;
-				if (strlen(to->q_paddr) + (t - tobuf) + 2 > sizeof tobuf)
+#if !_FFR_DYNAMIC_TOBUF
+				if (strlen(to->q_paddr) +
+				    (t - tobuf) + 2 > sizeof tobuf)
 				{
 					/* not enough room */
 					continue;
 				}
-				else if ((i = smtprcpt(to, m, mci, e)) != EX_OK)
+#endif /* !_FFR_DYNAMIC_TOBUF */
+
+# if STARTTLS
+#  if _FFR_TLS_RCPT
+				i = rscheck("tls_rcpt", to->q_user, NULL, e,
+					    TRUE, TRUE, 4);
+				if (i != EX_OK)
 				{
-					markfailure(e, to, mci, i);
-					giveresponse(i, m, mci, ctladdr, xstart, e);
+					markfailure(e, to, mci, i, FALSE);
+					giveresponse(i, to->q_status,  m,
+						     mci, ctladdr, xstart, e);
+					continue;
+				}
+#  endif /* _FFR_TLS_RCPT */
+# endif /* STARTTLS */
+
+				if ((i = smtprcpt(to, m, mci, e)) != EX_OK)
+				{
+					markfailure(e, to, mci, i, FALSE);
+					giveresponse(i, to->q_status,  m,
+						     mci, ctladdr, xstart, e);
 				}
 				else
 				{
@@ -2065,16 +2612,16 @@ do_transfer:
 			}
 		}
 # if DAEMON
-		if (rcode == EX_TEMPFAIL && curhost != NULL && *curhost != '\0')
+		if (rcode == EX_TEMPFAIL && nummxhosts > hostnum)
 		{
 			/* try next MX site */
 			goto tryhost;
 		}
-# endif
+# endif /* DAEMON */
 	}
-#else /* not SMTP */
+#else /* SMTP */
 	{
-		syserr("554 deliver: need SMTP compiled to use clever mailer");
+		syserr("554 5.3.5 deliver: need SMTP compiled to use clever mailer");
 		rcode = EX_CONFIG;
 		goto give_up;
 	}
@@ -2082,7 +2629,7 @@ do_transfer:
 #if NAMED_BIND
 	if (ConfigLevel < 2)
 		_res.options |= RES_DEFNAMES | RES_DNSRCH;	/* XXX */
-#endif
+#endif /* NAMED_BIND */
 
 	if (tTd(62, 1))
 		checkfds("after delivery");
@@ -2103,62 +2650,79 @@ do_transfer:
 		anyok = FALSE;
 	}
 	else
-#endif
+#endif /* SMTP */
 		anyok = rcode == EX_OK;
 
 	for (to = tochain; to != NULL; to = to->q_tchain)
 	{
 		/* see if address already marked */
-		if (bitset(QBADADDR|QQUEUEUP, to->q_flags))
+		if (!QS_IS_OK(to->q_state))
 			continue;
 
 #if SMTP
 		/* if running LMTP, get the status for each address */
 		if (bitnset(M_LMTP, m->m_flags))
 		{
-			extern int smtpgetstat __P((MAILER *, MCI *, ENVELOPE *));
-
 			if (lmtp_rcode == EX_OK)
 				rcode = smtpgetstat(m, mci, e);
 			if (rcode == EX_OK)
 			{
-				if (strlen(to->q_paddr) + strlen(tobuf) + 2 > sizeof tobuf)
+#if !_FFR_DYNAMIC_TOBUF
+				if (strlen(to->q_paddr) +
+				    strlen(tobuf) + 2 > sizeof tobuf)
 				{
 					syserr("LMTP tobuf overflow");
 				}
 				else
+#endif /* !_FFR_DYNAMIC_TOBUF */
 				{
-					strcat(tobuf, ",");
-					strcat(tobuf, to->q_paddr);
+					(void) strlcat(tobuf, ",",
+						       sizeof tobuf);
+					(void) strlcat(tobuf, to->q_paddr,
+						       sizeof tobuf);
 				}
 				anyok = TRUE;
 			}
 			else
 			{
 				e->e_to = to->q_paddr;
-				markfailure(e, to, mci, rcode);
-				giveresponse(rcode, m, mci, ctladdr, xstart, e);
+				markfailure(e, to, mci, rcode, TRUE);
+				giveresponse(rcode, to->q_status, m, mci,
+					     ctladdr, xstart, e);
 				e->e_to = tobuf + 1;
 				continue;
 			}
 		}
 		else
-#endif
+#endif /* SMTP */
 		{
 			/* mark bad addresses */
 			if (rcode != EX_OK)
 			{
 				if (goodmxfound && rcode == EX_NOHOST)
 					rcode = EX_TEMPFAIL;
-				markfailure(e, to, mci, rcode);
+				markfailure(e, to, mci, rcode, TRUE);
 				continue;
 			}
 		}
 
 		/* successful delivery */
-		to->q_flags |= QSENT;
+		to->q_state = QS_SENT;
 		to->q_statdate = curtime();
 		e->e_nsent++;
+
+#if QUEUE
+		/*
+		**  Checkpoint the send list every few addresses
+		*/
+
+		if (e->e_nsent >= CheckpointInterval)
+		{
+			queueup(e, FALSE);
+			e->e_nsent = 0;
+		}
+#endif /* QUEUE */
+
 		if (bitnset(M_LOCALMAILER, m->m_flags) &&
 		    bitset(QPINGONSUCCESS, to->q_flags))
 		{
@@ -2192,10 +2756,10 @@ do_transfer:
 		if (mci != NULL && mci->mci_state == MCIS_ACTIVE)
 			mci->mci_state = MCIS_OPEN;
 	}
-#endif
+#endif /* SMTP */
 
 	if (tobuf[0] != '\0')
-		giveresponse(rcode, m, mci, ctladdr, xstart, e);
+		giveresponse(rcode, NULL, m, mci, ctladdr, xstart, e);
 	if (anyok)
 		markstats(e, tochain, FALSE);
 	mci_store_persistent(mci);
@@ -2205,7 +2769,7 @@ do_transfer:
 	if (clever && mci != NULL && mci->mci_state != MCIS_CLOSED &&
 	    !bitset(MCIF_CACHED, mci->mci_flags))
 		smtpquit(m, mci, e);
-#endif
+#endif /* SMTP */
 
 	/*
 	**  Restore state and return.
@@ -2222,12 +2786,14 @@ do_transfer:
 			m->m_name);
 		checkfd012(wbuf);
 	}
-#endif
+#endif /* XDEBUG */
 
 	errno = 0;
 	define('g', (char *) NULL, e);
-	return (rcode);
+	e->e_to = NULL;
+	return rcode;
 }
+
 /*
 **  MARKFAILURE -- mark a failure on a specific address.
 **
@@ -2236,6 +2802,7 @@ do_transfer:
 **		q -- the address to mark.
 **		mci -- mailer connection information.
 **		rcode -- the code signifying the particular failure.
+**		ovr -- override an existing code?
 **
 **	Returns:
 **		none.
@@ -2246,14 +2813,16 @@ do_transfer:
 **			the message will be queued, as appropriate.
 */
 
-void
-markfailure(e, q, mci, rcode)
+static void
+markfailure(e, q, mci, rcode, ovr)
 	register ENVELOPE *e;
 	register ADDRESS *q;
 	register MCI *mci;
 	int rcode;
+	bool ovr;
 {
-	char *stat = NULL;
+	char *status = NULL;
+	char *rstatus = NULL;
 
 	switch (rcode)
 	{
@@ -2263,53 +2832,52 @@ markfailure(e, q, mci, rcode)
 	  case EX_TEMPFAIL:
 	  case EX_IOERR:
 	  case EX_OSERR:
-		q->q_flags |= QQUEUEUP;
-		q->q_flags &= ~QDONTSEND;
+		q->q_state = QS_QUEUEUP;
 		break;
 
 	  default:
-		q->q_flags |= QBADADDR;
+		q->q_state = QS_BADADDR;
 		break;
 	}
 
 	/* find most specific error code possible */
 	if (mci != NULL && mci->mci_status != NULL)
 	{
-		q->q_status = mci->mci_status;
+		status = mci->mci_status;
 		if (mci->mci_rstatus != NULL)
-			q->q_rstatus = newstr(mci->mci_rstatus);
+			rstatus = newstr(mci->mci_rstatus);
 		else
-			q->q_rstatus = NULL;
+			rstatus = NULL;
 	}
 	else if (e->e_status != NULL)
 	{
-		q->q_status = e->e_status;
-		q->q_rstatus = NULL;
+		status = e->e_status;
+		rstatus = NULL;
 	}
 	else
 	{
 		switch (rcode)
 		{
 		  case EX_USAGE:
-			stat = "5.5.4";
+			status = "5.5.4";
 			break;
 
 		  case EX_DATAERR:
-			stat = "5.5.2";
+			status = "5.5.2";
 			break;
 
 		  case EX_NOUSER:
-			stat = "5.1.1";
+			status = "5.1.1";
 			break;
 
 		  case EX_NOHOST:
-			stat = "5.1.2";
+			status = "5.1.2";
 			break;
 
 		  case EX_NOINPUT:
 		  case EX_CANTCREAT:
 		  case EX_NOPERM:
-			stat = "5.3.0";
+			status = "5.3.0";
 			break;
 
 		  case EX_UNAVAILABLE:
@@ -2317,34 +2885,41 @@ markfailure(e, q, mci, rcode)
 		  case EX_OSFILE:
 		  case EX_PROTOCOL:
 		  case EX_CONFIG:
-			stat = "5.5.0";
+			status = "5.5.0";
 			break;
 
 		  case EX_OSERR:
 		  case EX_IOERR:
-			stat = "4.5.0";
+			status = "4.5.0";
 			break;
 
 		  case EX_TEMPFAIL:
-			stat = "4.2.0";
+			status = "4.2.0";
 			break;
 		}
-		if (stat != NULL)
-			q->q_status = stat;
 	}
 
-	q->q_statdate = curtime();
-	if (CurHostName != NULL && CurHostName[0] != '\0')
-		q->q_statmta = newstr(CurHostName);
+	/* new status? */
+	if (status != NULL && *status != '\0' && (ovr || q->q_status == NULL ||
+	    *q->q_status == '\0' || *q->q_status < *status))
+	{
+		q->q_status = status;
+		q->q_rstatus = rstatus;
+	}
 	if (rcode != EX_OK && q->q_rstatus == NULL &&
 	    q->q_mailer != NULL && q->q_mailer->m_diagtype != NULL &&
-	    strcasecmp(q->q_mailer->m_diagtype, "UNIX") == 0)
+	    strcasecmp(q->q_mailer->m_diagtype, "X-UNIX") == 0)
 	{
-		char buf[30];
+		char buf[16];
 
 		(void) snprintf(buf, sizeof buf, "%d", rcode);
 		q->q_rstatus = newstr(buf);
 	}
+
+	q->q_statdate = curtime();
+	if (CurHostName != NULL && CurHostName[0] != '\0' &&
+	    mci != NULL && !bitset(M_LOCALMAILER, mci->mci_flags))
+		q->q_statmta = newstr(CurHostName);
 }
 /*
 **  ENDMAILER -- Wait for mailer to terminate.
@@ -2367,6 +2942,15 @@ markfailure(e, q, mci, rcode)
 **		none.
 */
 
+static jmp_buf	EndWaitTimeout;
+
+static void
+endwaittimeout()
+{
+	errno = ETIMEDOUT;
+	longjmp(EndWaitTimeout, 1);
+}
+
 int
 endmailer(mci, e, pv)
 	register MCI *mci;
@@ -2374,31 +2958,78 @@ endmailer(mci, e, pv)
 	char **pv;
 {
 	int st;
+	int save_errno = errno;
+	char buf[MAXLINE];
+	EVENT *ev = NULL;
+
 
 	mci_unlock_host(mci);
 
-	/* close any connections */
-	if (mci->mci_in != NULL)
-		(void) xfclose(mci->mci_in, mci->mci_mailer->m_name, "mci_in");
+#if SASL
+	/* shutdown SASL */
+	if (bitset(MCIF_AUTHACT, mci->mci_flags))
+	{
+		sasl_dispose(&mci->mci_conn);
+		mci->mci_flags &= ~MCIF_AUTHACT;
+	}
+#endif /* SASL */
+
+#if STARTTLS
+	/* shutdown TLS */
+	(void) endtlsclt(mci);
+#endif /* STARTTLS */
+
+	/* close output to mailer */
 	if (mci->mci_out != NULL)
-		(void) xfclose(mci->mci_out, mci->mci_mailer->m_name, "mci_out");
+		(void) fclose(mci->mci_out);
+
+	/* copy any remaining input to transcript */
+	if (mci->mci_in != NULL && mci->mci_state != MCIS_ERROR &&
+	    e->e_xfp != NULL)
+	{
+		while (sfgets(buf, sizeof buf, mci->mci_in,
+		       TimeOuts.to_quit, "Draining Input") != NULL)
+			(void) fputs(buf, e->e_xfp);
+	}
+
+	/* now close the input */
+	if (mci->mci_in != NULL)
+		(void) fclose(mci->mci_in);
 	mci->mci_in = mci->mci_out = NULL;
 	mci->mci_state = MCIS_CLOSED;
 
+	errno = save_errno;
+
 	/* in the IPC case there is nothing to wait for */
 	if (mci->mci_pid == 0)
-		return (EX_OK);
+		return EX_OK;
 
-#if _FFR_TIMEOUT_WAIT
-	put a timeout around the wait
-#endif
+	/* put a timeout around the wait */
+	if (mci->mci_mailer->m_wait > 0)
+	{
+		if (setjmp(EndWaitTimeout) == 0)
+			ev = setevent(mci->mci_mailer->m_wait,
+				      endwaittimeout, 0);
+		else
+		{
+			syserr("endmailer %s: wait timeout (%d)",
+			       mci->mci_mailer->m_name,
+			       mci->mci_mailer->m_wait);
+			return EX_TEMPFAIL;
+		}
+	}
 
-	/* wait for the mailer process to die and collect status */
+	/* wait for the mailer process, collect status */
 	st = waitfor(mci->mci_pid);
+	save_errno = errno;
+	if (ev != NULL)
+		clrevent(ev);
+	errno = save_errno;
+
 	if (st == -1)
 	{
 		syserr("endmailer %s: wait", mci->mci_mailer->m_name);
-		return (EX_SOFTWARE);
+		return EX_SOFTWARE;
 	}
 
 	if (WIFEXITED(st))
@@ -2408,8 +3039,10 @@ endmailer(mci, e, pv)
 	}
 
 	/* it died a horrid death */
-	syserr("451 mailer %s died with signal %o",
-		mci->mci_mailer->m_name, st);
+	syserr("451 4.3.0 mailer %s died with signal %d%s",
+		mci->mci_mailer->m_name, WTERMSIG(st),
+		WCOREDUMP(st) ? " (core dumped)" :
+		(WIFSTOPPED(st) ? " (stopped)" : ""));
 
 	/* log the arguments */
 	if (pv != NULL && e->e_xfp != NULL)
@@ -2423,15 +3056,16 @@ endmailer(mci, e, pv)
 	}
 
 	ExitStat = EX_TEMPFAIL;
-	return (EX_TEMPFAIL);
+	return EX_TEMPFAIL;
 }
 /*
 **  GIVERESPONSE -- Interpret an error response from a mailer
 **
 **	Parameters:
-**		stat -- the status code from the mailer (high byte
+**		status -- the status code from the mailer (high byte
 **			only; core dumps must have been taken care of
 **			already).
+**		dsn -- the DSN associated with the address, if any.
 **		m -- the mailer info for this mailer.
 **		mci -- the mailer connection info -- can be NULL if the
 **			response is given before the connection is made.
@@ -2450,8 +3084,9 @@ endmailer(mci, e, pv)
 */
 
 void
-giveresponse(stat, m, mci, ctladdr, xstart, e)
-	int stat;
+giveresponse(status, dsn, m, mci, ctladdr, xstart, e)
+	int status;
+	char *dsn;
 	register MAILER *m;
 	register MCI *mci;
 	ADDRESS *ctladdr;
@@ -2461,7 +3096,10 @@ giveresponse(stat, m, mci, ctladdr, xstart, e)
 	register const char *statmsg;
 	extern char *SysExMsg[];
 	register int i;
+	int errnum = errno;
+	int off = 4;
 	extern int N_SysEx;
+	char dsnbuf[ENHSCLEN];
 	char buf[MAXLINE];
 
 	if (e == NULL)
@@ -2471,25 +3109,27 @@ giveresponse(stat, m, mci, ctladdr, xstart, e)
 	**  Compute status message from code.
 	*/
 
-	i = stat - EX__BASE;
-	if (stat == 0)
+	i = status - EX__BASE;
+	if (status == 0)
 	{
-		statmsg = "250 Sent";
+		statmsg = "250 2.0.0 Sent";
 		if (e->e_statmsg != NULL)
 		{
 			(void) snprintf(buf, sizeof buf, "%s (%s)",
-				statmsg, shortenstring(e->e_statmsg, 403));
+					statmsg,
+					shortenstring(e->e_statmsg, 403));
 			statmsg = buf;
 		}
 	}
 	else if (i < 0 || i >= N_SysEx)
 	{
-		(void) snprintf(buf, sizeof buf, "554 unknown mailer error %d",
-			stat);
-		stat = EX_UNAVAILABLE;
+		(void) snprintf(buf, sizeof buf,
+				"554 5.3.0 unknown mailer error %d",
+				status);
+		status = EX_UNAVAILABLE;
 		statmsg = buf;
 	}
-	else if (stat == EX_TEMPFAIL)
+	else if (status == EX_TEMPFAIL)
 	{
 		char *bp = buf;
 
@@ -2499,10 +3139,10 @@ giveresponse(stat, m, mci, ctladdr, xstart, e)
 		if (h_errno == TRY_AGAIN)
 			statmsg = errstring(h_errno+E_DNSBASE);
 		else
-#endif
+#endif /* NAMED_BIND */
 		{
-			if (errno != 0)
-				statmsg = errstring(errno);
+			if (errnum != 0)
+				statmsg = errstring(errnum);
 			else
 			{
 #if SMTP
@@ -2513,25 +3153,55 @@ giveresponse(stat, m, mci, ctladdr, xstart, e)
 			}
 		}
 		if (statmsg != NULL && statmsg[0] != '\0')
+		{
+			switch (errnum)
+			{
+#ifdef ENETDOWN
+			  case ENETDOWN:	/* Network is down */
+#endif /* ENETDOWN */
+#ifdef ENETUNREACH
+			  case ENETUNREACH:	/* Network is unreachable */
+#endif /* ENETUNREACH */
+#ifdef ENETRESET
+			  case ENETRESET:	/* Network dropped connection on reset */
+#endif /* ENETRESET */
+#ifdef ECONNABORTED
+			  case ECONNABORTED:	/* Software caused connection abort */
+#endif /* ECONNABORTED */
+#ifdef EHOSTDOWN
+			  case EHOSTDOWN:	/* Host is down */
+#endif /* EHOSTDOWN */
+#ifdef EHOSTUNREACH
+			  case EHOSTUNREACH:	/* No route to host */
+#endif /* EHOSTUNREACH */
+				if (mci->mci_host != NULL)
+				{
+					snprintf(bp, SPACELEFT(buf, bp),
+						 ": %s", mci->mci_host);
+					bp += strlen(bp);
+				}
+				break;
+			}
 			snprintf(bp, SPACELEFT(buf, bp), ": %s", statmsg);
+		}
 		statmsg = buf;
 	}
 #if NAMED_BIND
-	else if (stat == EX_NOHOST && h_errno != 0)
+	else if (status == EX_NOHOST && h_errno != 0)
 	{
 		statmsg = errstring(h_errno + E_DNSBASE);
 		(void) snprintf(buf, sizeof buf, "%s (%s)",
 			SysExMsg[i] + 1, statmsg);
 		statmsg = buf;
 	}
-#endif
+#endif /* NAMED_BIND */
 	else
 	{
 		statmsg = SysExMsg[i];
-		if (*statmsg++ == ':' && errno != 0)
+		if (*statmsg++ == ':' && errnum != 0)
 		{
 			(void) snprintf(buf, sizeof buf, "%s: %s",
-				statmsg, errstring(errno));
+				statmsg, errstring(errnum));
 			statmsg = buf;
 		}
 	}
@@ -2540,21 +3210,53 @@ giveresponse(stat, m, mci, ctladdr, xstart, e)
 	**  Print the message as appropriate
 	*/
 
-	if (stat == EX_OK || stat == EX_TEMPFAIL)
+	if (status == EX_OK || status == EX_TEMPFAIL)
 	{
 		extern char MsgBuf[];
 
-		message("%s", &statmsg[4]);
-		if (stat == EX_TEMPFAIL && e->e_xfp != NULL)
+		if ((off = isenhsc(statmsg + 4, ' ')) > 0)
+		{
+			if (dsn == NULL)
+			{
+				snprintf(dsnbuf, sizeof dsnbuf,
+					 "%.*s", off, statmsg + 4);
+				dsn = dsnbuf;
+			}
+			off += 5;
+		}
+		else
+		{
+			off = 4;
+		}
+		message("%s", statmsg + off);
+		if (status == EX_TEMPFAIL && e->e_xfp != NULL)
 			fprintf(e->e_xfp, "%s\n", &MsgBuf[4]);
 	}
 	else
 	{
-		char mbuf[8];
+		char mbuf[ENHSCLEN + 4];
 
 		Errors++;
-		snprintf(mbuf, sizeof mbuf, "%.3s %%s", statmsg);
-		usrerr(mbuf, &statmsg[4]);
+		if ((off = isenhsc(statmsg + 4, ' ')) > 0 &&
+		    off < sizeof mbuf - 4)
+		{
+			if (dsn == NULL)
+			{
+				snprintf(dsnbuf, sizeof dsnbuf,
+					 "%.*s", off, statmsg + 4);
+				dsn = dsnbuf;
+			}
+			off += 5;
+			(void) strlcpy(mbuf, statmsg, off);
+			(void) strlcat(mbuf, " %s", sizeof mbuf);
+		}
+		else
+		{
+			dsnbuf[0] = '\0';
+			(void) snprintf(mbuf, sizeof mbuf, "%.3s %%s", statmsg);
+			off = 4;
+		}
+		usrerr(mbuf, &statmsg[off]);
 	}
 
 	/*
@@ -2565,25 +3267,27 @@ giveresponse(stat, m, mci, ctladdr, xstart, e)
 	*/
 
 	if (OpMode != MD_VERIFY && !bitset(EF_VRFYONLY, e->e_flags) &&
-	    LogLevel > ((stat == EX_TEMPFAIL) ? 8 : (stat == EX_OK) ? 7 : 6))
-		logdelivery(m, mci, &statmsg[4], ctladdr, xstart, e);
+	    LogLevel > ((status == EX_TEMPFAIL) ? 8 : (status == EX_OK) ? 7 : 6))
+		logdelivery(m, mci, dsn, statmsg + off, ctladdr, xstart, e);
 
 	if (tTd(11, 2))
-		printf("giveresponse: stat=%d, e->e_message=%s\n",
-			stat, e->e_message == NULL ? "<NULL>" : e->e_message);
-
-	if (stat != EX_TEMPFAIL)
-		setstat(stat);
-	if (stat != EX_OK && (stat != EX_TEMPFAIL || e->e_message == NULL))
+		dprintf("giveresponse: status=%d, dsn=%s, e->e_message=%s\n",
+			status,
+			dsn == NULL ? "<NULL>" : dsn,
+			e->e_message == NULL ? "<NULL>" : e->e_message);
+
+	if (status != EX_TEMPFAIL)
+		setstat(status);
+	if (status != EX_OK && (status != EX_TEMPFAIL || e->e_message == NULL))
 	{
 		if (e->e_message != NULL)
 			free(e->e_message);
-		e->e_message = newstr(&statmsg[4]);
+		e->e_message = newstr(statmsg + off);
 	}
 	errno = 0;
 #if NAMED_BIND
 	h_errno = 0;
-#endif
+#endif /* NAMED_BIND */
 }
 /*
 **  LOGDELIVERY -- log the delivery in the system log
@@ -2595,8 +3299,9 @@ giveresponse(stat, m, mci, ctladdr, xstart, e)
 **	Parameters:
 **		m -- the mailer info.  Can be NULL for initial queue.
 **		mci -- the mailer connection info -- can be NULL if the
-**			log is occuring when no connection is active.
-**		stat -- the message to print for the status.
+**			log is occurring when no connection is active.
+**		dsn -- the DSN attached to the status.
+**		status -- the message to print for the status.
 **		ctladdr -- the controlling address for the to list.
 **		xstart -- the transaction start time, used for
 **			computing transaction delay.
@@ -2610,10 +3315,11 @@ giveresponse(stat, m, mci, ctladdr, xstart, e)
 */
 
 void
-logdelivery(m, mci, stat, ctladdr, xstart, e)
+logdelivery(m, mci, dsn, status, ctladdr, xstart, e)
 	MAILER *m;
 	register MCI *mci;
-	const char *stat;
+	char *dsn;
+	const char *status;
 	ADDRESS *ctladdr;
 	time_t xstart;
 	register ENVELOPE *e;
@@ -2623,31 +3329,32 @@ logdelivery(m, mci, stat, ctladdr, xstart, e)
 	int l;
 	char buf[1024];
 
-#  if (SYSLOG_BUFSIZE) >= 256
+#if (SYSLOG_BUFSIZE) >= 256
 	/* ctladdr: max 106 bytes */
 	bp = buf;
 	if (ctladdr != NULL)
 	{
 		snprintf(bp, SPACELEFT(buf, bp), ", ctladdr=%s",
-			shortenstring(ctladdr->q_paddr, 83));
+			 shortenstring(ctladdr->q_paddr, 83));
 		bp += strlen(bp);
 		if (bitset(QGOODUID, ctladdr->q_flags))
 		{
 			(void) snprintf(bp, SPACELEFT(buf, bp), " (%d/%d)",
-					ctladdr->q_uid, ctladdr->q_gid);
+					(int) ctladdr->q_uid,
+					(int) ctladdr->q_gid);
 			bp += strlen(bp);
 		}
 	}
 
 	/* delay & xdelay: max 41 bytes */
 	snprintf(bp, SPACELEFT(buf, bp), ", delay=%s",
-		pintvl(curtime() - e->e_ctime, TRUE));
+		 pintvl(curtime() - e->e_ctime, TRUE));
 	bp += strlen(bp);
 
 	if (xstart != (time_t) 0)
 	{
 		snprintf(bp, SPACELEFT(buf, bp), ", xdelay=%s",
-			pintvl(curtime() - xstart, TRUE));
+			 pintvl(curtime() - xstart, TRUE));
 		bp += strlen(bp);
 	}
 
@@ -2658,98 +3365,142 @@ logdelivery(m, mci, stat, ctladdr, xstart, e)
 		bp += strlen(bp);
 	}
 
+	/* pri: changes with each delivery attempt */
+	snprintf(bp, SPACELEFT(buf, bp), ", pri=%ld", e->e_msgpriority);
+	bp += strlen(bp);
+
 	/* relay: max 66 bytes for IPv4 addresses */
 	if (mci != NULL && mci->mci_host != NULL)
 	{
 # if DAEMON
 		extern SOCKADDR CurHostAddr;
-# endif
+# endif /* DAEMON */
 
 		snprintf(bp, SPACELEFT(buf, bp), ", relay=%s",
-			shortenstring(mci->mci_host, 40));
+			 shortenstring(mci->mci_host, 40));
 		bp += strlen(bp);
 
 # if DAEMON
 		if (CurHostAddr.sa.sa_family != 0)
 		{
 			snprintf(bp, SPACELEFT(buf, bp), " [%s]",
-				anynet_ntoa(&CurHostAddr));
+				 anynet_ntoa(&CurHostAddr));
 		}
-# endif
+# endif /* DAEMON */
 	}
-	else if (strcmp(stat, "queued") != 0)
+	else if (strcmp(status, "queued") != 0)
 	{
 		p = macvalue('h', e);
 		if (p != NULL && p[0] != '\0')
 		{
 			snprintf(bp, SPACELEFT(buf, bp), ", relay=%s",
-				shortenstring(p, 40));
+				 shortenstring(p, 40));
 		}
 	}
 	bp += strlen(bp);
 
-#define STATLEN		(((SYSLOG_BUFSIZE) - 100) / 4)
-#if (STATLEN) < 63
-# undef STATLEN
-# define STATLEN	63
-#endif
-#if (STATLEN) > 203
-# undef STATLEN
-# define STATLEN	203
-#endif
+	/* dsn */
+	if (dsn != NULL && *dsn != '\0')
+	{
+		snprintf(bp, SPACELEFT(buf, bp), ", dsn=%s",
+			 shortenstring(dsn, ENHSCLEN));
+		bp += strlen(bp);
+	}
+
+# define STATLEN		(((SYSLOG_BUFSIZE) - 100) / 4)
+# if (STATLEN) < 63
+#  undef STATLEN
+#  define STATLEN	63
+# endif /* (STATLEN) < 63 */
+# if (STATLEN) > 203
+#  undef STATLEN
+#  define STATLEN	203
+# endif /* (STATLEN) > 203 */
 
 	/* stat: max 210 bytes */
 	if ((bp - buf) > (sizeof buf - ((STATLEN) + 20)))
 	{
 		/* desperation move -- truncate data */
 		bp = buf + sizeof buf - ((STATLEN) + 17);
-		strcpy(bp, "...");
+		(void) strlcpy(bp, "...", SPACELEFT(buf, bp));
 		bp += 3;
 	}
 
-	(void) strcpy(bp, ", stat=");
+	(void) strlcpy(bp, ", stat=", SPACELEFT(buf, bp));
 	bp += strlen(bp);
 
-	(void) strcpy(bp, shortenstring(stat, (STATLEN)));
+	(void) strlcpy(bp, shortenstring(status, STATLEN), SPACELEFT(buf, bp));
 
 	/* id, to: max 13 + TOBUFSIZE bytes */
 	l = SYSLOG_BUFSIZE - 100 - strlen(buf);
-	p = e->e_to;
+	p = e->e_to == NULL ? "NO-TO-LIST" : e->e_to;
 	while (strlen(p) >= (SIZE_T) l)
 	{
-		register char *q = strchr(p + l, ',');
+		register char *q;
 
+#if _FFR_DYNAMIC_TOBUF
+		for (q = p + l; q > p; q--)
+		{
+			if (*q == ',')
+				break;
+		}
+		if (p == q)
+			break;
+#else /* _FFR_DYNAMIC_TOBUF */
+		q = strchr(p + l, ',');
 		if (q == NULL)
 			break;
+#endif /* _FFR_DYNAMIC_TOBUF */
+
 		sm_syslog(LOG_INFO, e->e_id,
-			"to=%.*s [more]%s",
-			++q - p, p, buf);
+			  "to=%.*s [more]%s",
+			  ++q - p, p, buf);
 		p = q;
 	}
+#if _FFR_DYNAMIC_TOBUF
+	sm_syslog(LOG_INFO, e->e_id, "to=%.*s%s", l, p, buf);
+#else /* _FFR_DYNAMIC_TOBUF */
 	sm_syslog(LOG_INFO, e->e_id, "to=%s%s", p, buf);
+#endif /* _FFR_DYNAMIC_TOBUF */
 
-#  else		/* we have a very short log buffer size */
+#else /* (SYSLOG_BUFSIZE) >= 256 */
 
 	l = SYSLOG_BUFSIZE - 85;
-	p = e->e_to;
+	p = e->e_to == NULL ? "NO-TO-LIST" : e->e_to;
 	while (strlen(p) >= (SIZE_T) l)
 	{
-		register char *q = strchr(p + l, ',');
+		register char *q;
 
+#if _FFR_DYNAMIC_TOBUF
+		for (q = p + l; q > p; q--)
+		{
+			if (*q == ',')
+				break;
+		}
+		if (p == q)
+			break;
+#else /* _FFR_DYNAMIC_TOBUF */
+		q = strchr(p + l, ',');
 		if (q == NULL)
 			break;
+#endif /* _FFR_DYNAMIC_TOBUF */
+
 		sm_syslog(LOG_INFO, e->e_id,
-			"to=%.*s [more]",
-			++q - p, p);
+			  "to=%.*s [more]",
+			  ++q - p, p);
 		p = q;
 	}
+#if _FFR_DYNAMIC_TOBUF
+	sm_syslog(LOG_INFO, e->e_id, "to=%.*s", l, p);
+#else /* _FFR_DYNAMIC_TOBUF */
 	sm_syslog(LOG_INFO, e->e_id, "to=%s", p);
+#endif /* _FFR_DYNAMIC_TOBUF */
 
 	if (ctladdr != NULL)
 	{
 		bp = buf;
 		snprintf(bp, SPACELEFT(buf, bp), "ctladdr=%s",
-			shortenstring(ctladdr->q_paddr, 83));
+			 shortenstring(ctladdr->q_paddr, 83));
 		bp += strlen(bp);
 		if (bitset(QGOODUID, ctladdr->q_flags))
 		{
@@ -2761,12 +3512,12 @@ logdelivery(m, mci, stat, ctladdr, xstart, e)
 	}
 	bp = buf;
 	snprintf(bp, SPACELEFT(buf, bp), "delay=%s",
-		pintvl(curtime() - e->e_ctime, TRUE));
+		 pintvl(curtime() - e->e_ctime, TRUE));
 	bp += strlen(bp);
 	if (xstart != (time_t) 0)
 	{
 		snprintf(bp, SPACELEFT(buf, bp), ", xdelay=%s",
-			pintvl(curtime() - xstart, TRUE));
+			 pintvl(curtime() - xstart, TRUE));
 		bp += strlen(bp);
 	}
 
@@ -2783,7 +3534,7 @@ logdelivery(m, mci, stat, ctladdr, xstart, e)
 	{
 # if DAEMON
 		extern SOCKADDR CurHostAddr;
-# endif
+# endif /* DAEMON */
 
 		snprintf(bp, SPACELEFT(buf, bp), "relay=%.100s", mci->mci_host);
 		bp += strlen(bp);
@@ -2792,9 +3543,9 @@ logdelivery(m, mci, stat, ctladdr, xstart, e)
 		if (CurHostAddr.sa.sa_family != 0)
 			snprintf(bp, SPACELEFT(buf, bp), " [%.100s]",
 				anynet_ntoa(&CurHostAddr));
-# endif
+# endif /* DAEMON */
 	}
-	else if (strcmp(stat, "queued") != 0)
+	else if (strcmp(status, "queued") != 0)
 	{
 		p = macvalue('h', e);
 		if (p != NULL && p[0] != '\0')
@@ -2803,8 +3554,8 @@ logdelivery(m, mci, stat, ctladdr, xstart, e)
 	if (buf[0] != '\0')
 		sm_syslog(LOG_INFO, e->e_id, "%.1000s", buf);
 
-	sm_syslog(LOG_INFO, e->e_id, "stat=%s", shortenstring(stat, 63));
-#  endif /* short log buffer */
+	sm_syslog(LOG_INFO, e->e_id, "stat=%s", shortenstring(status, 63));
+#endif /* (SYSLOG_BUFSIZE) >= 256 */
 }
 /*
 **  PUTFROMLINE -- output a UNIX-style from line (or whatever)
@@ -2852,14 +3603,14 @@ putfromline(mci, e)
 			char *at;
 			char hname[MAXNAME];
 
-		    	/*
+			/*
 			**  If we can construct a UUCP path, do so
 			*/
 
 			at = strrchr(buf, '@');
 			if (at == NULL)
 			{
-				expand( "\201k", hname, sizeof hname, e);
+				expand("\201k", hname, sizeof hname, e);
 				at = hname;
 			}
 			else
@@ -2907,6 +3658,7 @@ putbody(mci, e, separator)
 	register ENVELOPE *e;
 	char *separator;
 {
+	bool dead = FALSE;
 	char buf[MAXLINE];
 	char *boundaries[MAXMIMENESTING + 1];
 
@@ -2920,8 +3672,13 @@ putbody(mci, e, separator)
 
 		e->e_dfp = fopen(df, "r");
 		if (e->e_dfp == NULL)
-			syserr("putbody: Cannot open %s for %s from %s",
-				df, e->e_to, e->e_from.q_paddr);
+		{
+			char *msg = "!putbody: Cannot open %s for %s from %s";
+
+			if (errno == ENOENT)
+				msg++;
+			syserr(msg, df, e->e_to, e->e_from.q_paddr);
+		}
 	}
 	if (e->e_dfp == NULL)
 	{
@@ -2933,6 +3690,7 @@ putbody(mci, e, separator)
 		putline("<<< No Message Collected >>>", mci);
 		goto endofmessage;
 	}
+
 	if (e->e_dfino == (ino_t) 0)
 	{
 		struct stat stbuf;
@@ -2945,7 +3703,9 @@ putbody(mci, e, separator)
 			e->e_dfino = stbuf.st_ino;
 		}
 	}
-	rewind(e->e_dfp);
+
+	/* paranoia: the df file should always be in a rewound state */
+	(void) bfrewind(e->e_dfp);
 
 #if MIME8TO7
 	if (bitset(MCIF_CVT8TO7, mci->mci_flags))
@@ -2969,23 +3729,41 @@ putbody(mci, e, separator)
 		/* now do the hard work */
 		boundaries[0] = NULL;
 		mci->mci_flags |= MCIF_INHEADER;
-		mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER);
+		(void) mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER);
 	}
 # if MIME7TO8
 	else if (bitset(MCIF_CVT7TO8, mci->mci_flags))
 	{
-		mime7to8(mci, e->e_header, e);
+		(void) mime7to8(mci, e->e_header, e);
 	}
-# endif
+# endif /* MIME7TO8 */
 	else if (MaxMimeHeaderLength > 0 || MaxMimeFieldLength > 0)
 	{
+		bool oldsuprerrs = SuprErrs;
+
 		/* Use mime8to7 to check multipart for MIME header overflows */
 		boundaries[0] = NULL;
 		mci->mci_flags |= MCIF_INHEADER;
-		mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER|M87F_NO8TO7);
+
+		/*
+		**  If EF_DONT_MIME is set, we have a broken MIME message
+		**  and don't want to generate a new bounce message whose
+		**  body propagates the broken MIME.  We can't just not call
+		**  mime8to7() as is done above since we need the security
+		**  checks.  The best we can do is suppress the errors.
+		*/
+
+		if (bitset(EF_DONT_MIME, e->e_flags))
+			SuprErrs = TRUE;
+
+		(void) mime8to7(mci, e->e_header, e, boundaries,
+				M87F_OUTER|M87F_NO8TO7);
+
+		/* restore SuprErrs */
+		SuprErrs = oldsuprerrs;
 	}
 	else
-#endif
+#endif /* MIME8TO7 */
 	{
 		int ostate;
 		register char *bp;
@@ -2995,8 +3773,7 @@ putbody(mci, e, separator)
 		int padc;
 		char *buflim;
 		int pos = 0;
-		size_t eol_len;
-		char peekbuf[10];
+		char peekbuf[12];
 
 		if (bitset(MCIF_INHEADER, mci->mci_flags))
 		{
@@ -3009,13 +3786,12 @@ putbody(mci, e, separator)
 		if (mci->mci_mailer->m_linelimit > 0 &&
 		    mci->mci_mailer->m_linelimit < sizeof buf - 1)
 			buflim = &buf[mci->mci_mailer->m_linelimit - 1];
-		eol_len = strlen(mci->mci_mailer->m_eol);
 
 		/* copy temp file to output with mapping */
 		ostate = OS_HEAD;
 		bp = buf;
 		pbp = peekbuf;
-		while (!ferror(mci->mci_out))
+		while (!ferror(mci->mci_out) && !dead)
 		{
 			if (pbp > peekbuf)
 				c = *--pbp;
@@ -3030,7 +3806,7 @@ putbody(mci, e, separator)
 				if (c == '\0' &&
 				    bitnset(M_NONULLS, mci->mci_mailer->m_flags))
 					break;
-#endif
+#endif /* _FFR_NONULLS */
 				if (c != '\r' && c != '\n' && bp < buflim)
 				{
 					*bp++ = c;
@@ -3068,29 +3844,43 @@ putbody(mci, e, separator)
 					fprintf(TrafficLogFile, "%05d >>> ",
 						(int) getpid());
 					if (padc != EOF)
-						putc(padc, TrafficLogFile);
+						(void) putc(padc,
+							    TrafficLogFile);
 					for (xp = buf; xp < bp; xp++)
-						putc(*xp, TrafficLogFile);
+						(void) putc((unsigned char) *xp,
+							    TrafficLogFile);
 					if (c == '\n')
-						fputs(mci->mci_mailer->m_eol,
+						(void) fputs(mci->mci_mailer->m_eol,
 						      TrafficLogFile);
 				}
 				if (padc != EOF)
 				{
-					putc(padc, mci->mci_out);
-					mci->mci_contentlen++;
+					if (putc(padc, mci->mci_out) == EOF)
+					{
+						dead = TRUE;
+						continue;
+					}
 					pos++;
 				}
 				for (xp = buf; xp < bp; xp++)
 				{
-					putc(*xp, mci->mci_out);
-					mci->mci_contentlen++;
+					if (putc((unsigned char) *xp,
+						 mci->mci_out) == EOF)
+					{
+						dead = TRUE;
+						break;
+					}
+
+					/* record progress for DATA timeout */
+					DataProgress = TRUE;
 				}
+				if (dead)
+					continue;
 				if (c == '\n')
 				{
-					fputs(mci->mci_mailer->m_eol,
-					      mci->mci_out);
-					mci->mci_contentlen += eol_len;
+					if (fputs(mci->mci_mailer->m_eol,
+						  mci->mci_out) == EOF)
+						break;
 					pos = 0;
 				}
 				else
@@ -3099,6 +3889,9 @@ putbody(mci, e, separator)
 					if (c != '\r')
 						*pbp++ = c;
 				}
+
+				/* record progress for DATA timeout */
+				DataProgress = TRUE;
 				bp = buf;
 
 				/* determine next state */
@@ -3114,12 +3907,17 @@ putbody(mci, e, separator)
 				if (c == '\n')
 				{
 					/* got CRLF */
-					fputs(mci->mci_mailer->m_eol, mci->mci_out);
-					mci->mci_contentlen += eol_len;
+					if (fputs(mci->mci_mailer->m_eol,
+						  mci->mci_out) == EOF)
+						continue;
+
+					/* record progress for DATA timeout */
+					DataProgress = TRUE;
+
 					if (TrafficLogFile != NULL)
 					{
-						fputs(mci->mci_mailer->m_eol,
-						      TrafficLogFile);
+						(void) fputs(mci->mci_mailer->m_eol,
+							     TrafficLogFile);
 					}
 					ostate = OS_HEAD;
 					continue;
@@ -3141,16 +3939,46 @@ putbody(mci, e, separator)
 				if (c == '\0' &&
 				    bitnset(M_NONULLS, mci->mci_mailer->m_flags))
 					break;
-#endif
+#endif /* _FFR_NONULLS */
 putch:
 				if (mci->mci_mailer->m_linelimit > 0 &&
-				    pos > mci->mci_mailer->m_linelimit &&
+				    pos >= mci->mci_mailer->m_linelimit - 1 &&
 				    c != '\n')
 				{
-					putc('!', mci->mci_out);
-					mci->mci_contentlen++;
-					fputs(mci->mci_mailer->m_eol, mci->mci_out);
-					mci->mci_contentlen += eol_len;
+					int d;
+
+					/* check next character for EOL */
+					if (pbp > peekbuf)
+						d = *(pbp - 1);
+					else if ((d = getc(e->e_dfp)) != EOF)
+						*pbp++ = d;
+
+					if (d == '\n' || d == EOF)
+					{
+						if (TrafficLogFile != NULL)
+							(void) putc((unsigned char) c,
+							    TrafficLogFile);
+						if (putc((unsigned char) c,
+							 mci->mci_out) == EOF)
+						{
+							dead = TRUE;
+							continue;
+						}
+						pos++;
+						continue;
+					}
+
+					if (putc('!', mci->mci_out) == EOF ||
+					    fputs(mci->mci_mailer->m_eol,
+						  mci->mci_out) == EOF)
+					{
+						dead = TRUE;
+						continue;
+					}
+
+					/* record progress for DATA timeout */
+					DataProgress = TRUE;
+
 					if (TrafficLogFile != NULL)
 					{
 						fprintf(TrafficLogFile, "!%s",
@@ -3163,22 +3991,31 @@ putch:
 				if (c == '\n')
 				{
 					if (TrafficLogFile != NULL)
-						fputs(mci->mci_mailer->m_eol,
+						(void) fputs(mci->mci_mailer->m_eol,
 						      TrafficLogFile);
-					fputs(mci->mci_mailer->m_eol, mci->mci_out);
-					mci->mci_contentlen += eol_len;
+					if (fputs(mci->mci_mailer->m_eol,
+						  mci->mci_out) == EOF)
+						continue;
 					pos = 0;
 					ostate = OS_HEAD;
 				}
 				else
 				{
 					if (TrafficLogFile != NULL)
-						putc(c, TrafficLogFile);
-					putc(c, mci->mci_out);
-					mci->mci_contentlen++;
+						(void) putc((unsigned char) c,
+							    TrafficLogFile);
+					if (putc((unsigned char) c,
+						 mci->mci_out) == EOF)
+					{
+						dead = TRUE;
+						continue;
+					}
 					pos++;
 					ostate = OS_INLINE;
 				}
+
+				/* record progress for DATA timeout */
+				DataProgress = TRUE;
 				break;
 			}
 		}
@@ -3189,33 +4026,59 @@ putch:
 			if (TrafficLogFile != NULL)
 			{
 				for (xp = buf; xp < bp; xp++)
-					putc(*xp, TrafficLogFile);
+					(void) putc((unsigned char) *xp,
+						    TrafficLogFile);
 			}
 			for (xp = buf; xp < bp; xp++)
 			{
-				putc(*xp, mci->mci_out);
-				mci->mci_contentlen++;
+				if (putc((unsigned char) *xp, mci->mci_out) ==
+				    EOF)
+				{
+					dead = TRUE;
+					break;
+				}
+
+				/* record progress for DATA timeout */
+				DataProgress = TRUE;
 			}
 			pos += bp - buf;
 		}
-		if (pos > 0)
+		if (!dead && pos > 0)
 		{
 			if (TrafficLogFile != NULL)
-				fputs(mci->mci_mailer->m_eol, TrafficLogFile);
-			fputs(mci->mci_mailer->m_eol, mci->mci_out);
-			mci->mci_contentlen += eol_len;
+				(void) fputs(mci->mci_mailer->m_eol,
+					     TrafficLogFile);
+			(void) fputs(mci->mci_mailer->m_eol, mci->mci_out);
+
+			/* record progress for DATA timeout */
+			DataProgress = TRUE;
 		}
 	}
 
 	if (ferror(e->e_dfp))
 	{
-		syserr("putbody: df%s: read error", e->e_id);
+		syserr("putbody: %s/df%s: read error",
+		       qid_printqueue(e->e_queuedir), e->e_id);
 		ExitStat = EX_IOERR;
 	}
 
 endofmessage:
+	/*
+	**  Since mailfile() uses e_dfp in a child process,
+	**  the file offset in the stdio library for the
+	**  parent process will not agree with the in-kernel
+	**  file offset since the file descriptor is shared
+	**  between the processes.  Therefore, it is vital
+	**  that the file always be rewound.  This forces the
+	**  kernel offset (lseek) and stdio library (ftell)
+	**  offset to match.
+	*/
+
+	if (e->e_dfp != NULL)
+		(void) bfrewind(e->e_dfp);
+
 	/* some mailers want extra blank line at end of message */
-	if (bitnset(M_BLANKEND, mci->mci_mailer->m_flags) &&
+	if (!dead && bitnset(M_BLANKEND, mci->mci_mailer->m_flags) &&
 	    buf[0] != '\0' && buf[0] != '\n')
 		putline("", mci);
 
@@ -3225,6 +4088,7 @@ endofmessage:
 		syserr("putbody: write error");
 		ExitStat = EX_IOERR;
 	}
+
 	errno = 0;
 }
 /*
@@ -3258,26 +4122,30 @@ endofmessage:
 */
 
 static jmp_buf	CtxMailfileTimeout;
-static void	mailfiletimeout __P((void));
 
 int
 mailfile(filename, mailer, ctladdr, sfflags, e)
 	char *volatile filename;
 	MAILER *volatile mailer;
 	ADDRESS *ctladdr;
-	volatile int sfflags;
+	volatile long sfflags;
 	register ENVELOPE *e;
 {
 	register FILE *f;
 	register pid_t pid = -1;
-	volatile int mode = ST_MODE_NOFILE;
+	volatile int mode;
+	int len;
+	off_t curoff;
 	bool suidwarn = geteuid() == 0;
 	char *p;
+	char *volatile realfile;
 	EVENT *ev;
+	char buf[MAXLINE + 1];
+	char targetfile[MAXPATHLEN + 1];
 
 	if (tTd(11, 1))
 	{
-		printf("mailfile %s\n  ctladdr=", filename);
+		dprintf("mailfile %s\n  ctladdr=", filename);
 		printaddr(ctladdr, FALSE);
 	}
 
@@ -3285,7 +4153,7 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
 		mailer = FileMailer;
 
 	if (e->e_xfp != NULL)
-		fflush(e->e_xfp);
+		(void) fflush(e->e_xfp);
 
 	/*
 	**  Special case /dev/null.  This allows us to restrict file
@@ -3303,9 +4171,66 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
 	       (bitset(EF_IS_MIME, e->e_flags) &&
 		bitset(MM_CVTMIME, MimeMode)))))
 	{
-		usrerr("554 Cannot send 8-bit data to 7-bit destination");
 		e->e_status = "5.6.3";
-		return(EX_DATAERR);
+		usrerrenh(e->e_status,
+		       "554 Cannot send 8-bit data to 7-bit destination");
+		return EX_DATAERR;
+	}
+
+	/* Find the actual file */
+	if (SafeFileEnv != NULL && SafeFileEnv[0] != '\0')
+	{
+		len = strlen(SafeFileEnv);
+
+		if (strncmp(SafeFileEnv, filename, len) == 0)
+			filename += len;
+
+		if (len + strlen(filename) + 1 > MAXPATHLEN)
+		{
+			syserr("mailfile: filename too long (%s/%s)",
+			       SafeFileEnv, filename);
+			return EX_CANTCREAT;
+		}
+		(void) strlcpy(targetfile, SafeFileEnv, sizeof targetfile);
+		realfile = targetfile + len;
+		if (targetfile[len - 1] != '/')
+			(void) strlcat(targetfile, "/", sizeof targetfile);
+		if (*filename == '/')
+			filename++;
+		(void) strlcat(targetfile, filename, sizeof targetfile);
+	}
+	else if (mailer->m_rootdir != NULL)
+	{
+		expand(mailer->m_rootdir, targetfile, sizeof targetfile, e);
+		len = strlen(targetfile);
+
+		if (strncmp(targetfile, filename, len) == 0)
+			filename += len;
+
+		if (len + strlen(filename) + 1 > MAXPATHLEN)
+		{
+			syserr("mailfile: filename too long (%s/%s)",
+			       targetfile, filename);
+			return EX_CANTCREAT;
+		}
+		realfile = targetfile + len;
+		if (targetfile[len - 1] != '/')
+			(void) strlcat(targetfile, "/", sizeof targetfile);
+		if (*filename == '/')
+			(void) strlcat(targetfile, filename + 1,
+				       sizeof targetfile);
+		else
+			(void) strlcat(targetfile, filename, sizeof targetfile);
+	}
+	else
+	{
+		if (strlen(filename) > MAXPATHLEN)
+		{
+			syserr("mailfile: filename too long (%s)", filename);
+			return EX_CANTCREAT;
+		}
+		(void) strlcpy(targetfile, filename, sizeof targetfile);
+		realfile = targetfile;
 	}
 
 	/*
@@ -3317,7 +4242,7 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
 	DOFORK(fork);
 
 	if (pid < 0)
-		return (EX_OSERR);
+		return EX_OSERR;
 	else if (pid == 0)
 	{
 		/* child -- actually write to file */
@@ -3346,36 +4271,24 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
 		else
 			ev = NULL;
 
-#ifdef HASLSTAT
-		if (bitset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail))
-			err = stat(filename, &stb);
-		else
-			err = lstat(filename, &stb);
-		if (err < 0)
-#else
-		if (stat(filename, &stb) < 0)
-#endif
-		{
-			stb.st_mode = ST_MODE_NOFILE;
+		/* check file mode to see if setuid */
+		if (stat(targetfile, &stb) < 0)
 			mode = FileMode;
-			oflags |= O_CREAT|O_EXCL;
-		}
-		else if (bitset(S_IXUSR|S_IXGRP|S_IXOTH, stb.st_mode) ||
-			 (!bitset(DBS_FILEDELIVERYTOHARDLINK, DontBlameSendmail) &&
-			  stb.st_nlink != 1) ||
-			 (SafeFileEnv != NULL && !S_ISREG(stb.st_mode)))
-			exit(EX_CANTCREAT);
-		if (mode == ST_MODE_NOFILE)
+		else
 			mode = stb.st_mode;
 
 		/* limit the errors to those actually caused in the child */
 		errno = 0;
 		ExitStat = EX_OK;
 
-		if (ctladdr != NULL || bitset(SFF_RUNASREALUID, sfflags))
+		/* Allow alias expansions to use the S_IS{U,G}ID bits */
+		if ((ctladdr != NULL && !bitset(QALIAS, ctladdr->q_flags)) ||
+		    bitset(SFF_RUNASREALUID, sfflags))
 		{
 			/* ignore setuid and setgid bits */
 			mode &= ~(S_ISGID|S_ISUID);
+			if (tTd(11, 20))
+				dprintf("mailfile: ignoring setuid/setgid bits\n");
 		}
 
 		/* we have to open the dfile BEFORE setuid */
@@ -3398,6 +4311,12 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
 			{
 				RealUserName = NULL;
 				RealUid = mailer->m_uid;
+				if (RunAsUid != 0 && RealUid != RunAsUid)
+				{
+					/* Only root can change the uid */
+					syserr("mailfile: insufficient privileges to change uid");
+					exit(EX_TEMPFAIL);
+				}
 			}
 			else if (bitset(S_ISUID, mode))
 			{
@@ -3425,11 +4344,25 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
 
 			/* select a new group to run as */
 			if (bitnset(M_SPECIFIC_UID, mailer->m_flags))
+			{
 				RealGid = mailer->m_gid;
+				if (RunAsUid != 0 &&
+				    (RealGid != getgid() ||
+				     RealGid != getegid()))
+				{
+					/* Only root can change the gid */
+					syserr("mailfile: insufficient privileges to change gid");
+					exit(EX_TEMPFAIL);
+				}
+			}
 			else if (bitset(S_ISGID, mode))
 				RealGid = stb.st_gid;
 			else if (ctladdr != NULL && ctladdr->q_uid != 0)
 				RealGid = ctladdr->q_gid;
+			else if (ctladdr != NULL &&
+				 ctladdr->q_uid == DefUid &&
+				 ctladdr->q_gid == 0)
+				RealGid = DefGid;
 			else if (mailer != NULL && mailer->m_gid != 0)
 				RealGid = mailer->m_gid;
 			else
@@ -3449,8 +4382,11 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
 		if (RealUserName != NULL && !DontInitGroups)
 		{
 			if (initgroups(RealUserName, RealGid) == -1 && suidwarn)
+			{
 				syserr("mailfile: initgroups(%s, %d) failed",
 					RealUserName, RealGid);
+				exit(EX_TEMPFAIL);
+			}
 		}
 		else
 		{
@@ -3458,40 +4394,63 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
 
 			gidset[0] = RealGid;
 			if (setgroups(1, gidset) == -1 && suidwarn)
+			{
 				syserr("mailfile: setgroups() failed");
+				exit(EX_TEMPFAIL);
+			}
 		}
 
-		/* if you have a safe environment, go into it */
-		if (SafeFileEnv != NULL && SafeFileEnv[0] != '\0')
-		{
-			int i;
+		/*
+		**  If you have a safe environment, go into it.
+		*/
 
-			if (chroot(SafeFileEnv) < 0)
+		if (realfile != targetfile)
+		{
+			*realfile = '\0';
+			if (tTd(11, 20))
+				dprintf("mailfile: chroot %s\n", targetfile);
+			if (chroot(targetfile) < 0)
 			{
 				syserr("mailfile: Cannot chroot(%s)",
-					SafeFileEnv);
+				       targetfile);
 				exit(EX_CANTCREAT);
 			}
-			i = strlen(SafeFileEnv);
-			if (strncmp(SafeFileEnv, filename, i) == 0)
-				filename += i;
+			*realfile = '/';
 		}
+
+		if (tTd(11, 40))
+			dprintf("mailfile: deliver to %s\n", realfile);
+
 		if (chdir("/") < 0)
+		{
 			syserr("mailfile: cannot chdir(/)");
+			exit(EX_CANTCREAT);
+		}
 
 		/* now reset the group and user ids */
 		endpwent();
 		if (setgid(RealGid) < 0 && suidwarn)
+		{
 			syserr("mailfile: setgid(%ld) failed", (long) RealGid);
+			exit(EX_TEMPFAIL);
+		}
 		vendor_set_uid(RealUid);
 		if (setuid(RealUid) < 0 && suidwarn)
+		{
 			syserr("mailfile: setuid(%ld) failed", (long) RealUid);
+			exit(EX_TEMPFAIL);
+		}
+
+		if (tTd(11, 2))
+			dprintf("mailfile: running as r/euid=%d/%d, r/egid=%d/%d\n",
+				(int) getuid(), (int) geteuid(),
+				(int) getgid(), (int) getegid());
+
 
 		/* move into some "safe" directory */
 		if (mailer->m_execdir != NULL)
 		{
 			char *q;
-			char buf[MAXLINE + 1];
 
 			for (p = mailer->m_execdir; p != NULL; p = q)
 			{
@@ -3502,45 +4461,86 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
 				if (q != NULL)
 					*q++ = ':';
 				if (tTd(11, 20))
-					printf("mailfile: trydir %s\n",
-					       buf);
+					dprintf("mailfile: trydir %s\n", buf);
 				if (buf[0] != '\0' && chdir(buf) >= 0)
 					break;
 			}
 		}
 
-		sfflags |= SFF_NOPATHCHECK;
-		if (!bitset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail))
+		/*
+		**  Recheck the file after we have assumed the ID of the
+		**  delivery user to make sure we can deliver to it as
+		**  that user.  This is necessary if sendmail is running
+		**  as root and the file is on an NFS mount which treats
+		**  root as nobody.
+		*/
+
+#if HASLSTAT
+		if (bitnset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail))
+			err = stat(realfile, &stb);
+		else
+			err = lstat(realfile, &stb);
+#else /* HASLSTAT */
+		err = stat(realfile, &stb);
+#endif /* HASLSTAT */
+
+		if (err < 0)
+		{
+			stb.st_mode = ST_MODE_NOFILE;
+			mode = FileMode;
+			oflags |= O_CREAT|O_EXCL;
+		}
+		else if (bitset(S_IXUSR|S_IXGRP|S_IXOTH, mode) ||
+			 (!bitnset(DBS_FILEDELIVERYTOHARDLINK,
+				   DontBlameSendmail) &&
+			  stb.st_nlink != 1) ||
+			 (realfile != targetfile && !S_ISREG(mode)))
+			exit(EX_CANTCREAT);
+		else
+			mode = stb.st_mode;
+
+		if (!bitnset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail))
 			sfflags |= SFF_NOSLINK;
-		if (!bitset(DBS_FILEDELIVERYTOHARDLINK, DontBlameSendmail))
+		if (!bitnset(DBS_FILEDELIVERYTOHARDLINK, DontBlameSendmail))
 			sfflags |= SFF_NOHLINK;
 		sfflags &= ~SFF_OPENASROOT;
-		f = safefopen(filename, oflags, FileMode, sfflags);
+		f = safefopen(realfile, oflags, mode, sfflags);
 		if (f == NULL)
 		{
-			message("554 cannot open %s: %s",
-				shortenstring(filename, MAXSHORTSTR),
-				errstring(errno));
-			exit(EX_CANTCREAT);
+			if (transienterror(errno))
+			{
+				usrerr("454 4.3.0 cannot open %s: %s",
+				       shortenstring(realfile, MAXSHORTSTR),
+				       errstring(errno));
+				exit(EX_TEMPFAIL);
+			}
+			else
+			{
+				usrerr("554 5.3.0 cannot open %s: %s",
+				       shortenstring(realfile, MAXSHORTSTR),
+				       errstring(errno));
+				exit(EX_CANTCREAT);
+			}
 		}
-		if (filechanged(filename, fileno(f), &stb))
+		if (filechanged(realfile, fileno(f), &stb))
 		{
-			message("554 file changed after open");
+			syserr("554 5.3.0 file changed after open");
 			exit(EX_CANTCREAT);
 		}
 		if (fstat(fileno(f), &stb) < 0)
 		{
-			message("554 cannot fstat %s", errstring(errno));
+			syserr("554 5.3.0 cannot fstat %s", errstring(errno));
 			exit(EX_CANTCREAT);
 		}
 
+		curoff = stb.st_size;
+
 		if (ev != NULL)
 			clrevent(ev);
 
-		bzero(&mcibuf, sizeof mcibuf);
+		memset(&mcibuf, '\0', sizeof mcibuf);
 		mcibuf.mci_mailer = mailer;
 		mcibuf.mci_out = f;
-		mcibuf.mci_contentlen = 0;
 		if (bitnset(M_7BITS, mailer->m_flags))
 			mcibuf.mci_flags |= MCIF_7BIT;
 
@@ -3563,32 +4563,37 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
 			/* may want to convert 7 -> 8 */
 			/* XXX should really parse it here -- and use a class XXX */
 			if (strncasecmp(p, "text/plain", 10) == 0 &&
-			        (p[10] == '\0' || p[10] == ' ' || p[10] == ';'))
+			    (p[10] == '\0' || p[10] == ' ' || p[10] == ';'))
 				mcibuf.mci_flags |= MCIF_CVT7TO8;
 		}
-#endif
+#endif /* MIME7TO8 */
 
 		putfromline(&mcibuf, e);
 		(*e->e_puthdr)(&mcibuf, e->e_header, e, M87F_OUTER);
 		(*e->e_putbody)(&mcibuf, e, NULL);
 		putline("\n", &mcibuf);
-		if (fflush(f) < 0 || ferror(f))
+		if (fflush(f) < 0 ||
+		    (SuperSafe && fsync(fileno(f)) < 0) ||
+		    ferror(f))
 		{
-			message("451 I/O error: %s", errstring(errno));
 			setstat(EX_IOERR);
+#if !NOFTRUNCATE
+			(void) ftruncate(fileno(f), curoff);
+#endif /* !NOFTRUNCATE */
 		}
 
 		/* reset ISUID & ISGID bits for paranoid systems */
 #if HASFCHMOD
-		(void) fchmod(fileno(f), (MODE_T) stb.st_mode);
-#else
-		(void) chmod(filename, (MODE_T) stb.st_mode);
-#endif
-		(void) xfclose(f, "mailfile", filename);
+		(void) fchmod(fileno(f), (MODE_T) mode);
+#else /* HASFCHMOD */
+		(void) chmod(filename, (MODE_T) mode);
+#endif /* HASFCHMOD */
+		if (fclose(f) < 0)
+			setstat(EX_IOERR);
 		(void) fflush(stdout);
-		setuid(RealUid);
+		(void) setuid(RealUid);
 		exit(ExitStat);
-		/*NOTREACHED*/
+		/* NOTREACHED */
 	}
 	else
 	{
@@ -3599,7 +4604,7 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
 		if (st == -1)
 		{
 			syserr("mailfile: %s: wait", mailer->m_name);
-			return (EX_SOFTWARE);
+			return EX_SOFTWARE;
 		}
 		if (WIFEXITED(st))
 			return (WEXITSTATUS(st));
@@ -3607,9 +4612,9 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
 		{
 			syserr("mailfile: %s: child died on signal %d",
 			       mailer->m_name, st);
-			return (EX_UNAVAILABLE);
+			return EX_UNAVAILABLE;
 		}
-		/*NOTREACHED*/
+		/* NOTREACHED */
 	}
 	return EX_UNAVAILABLE;	/* avoid compiler warning on IRIX */
 }
@@ -3629,7 +4634,6 @@ mailfiletimeout()
 **	Parameters:
 **		m -- the mailer describing this host.
 **		host -- the host name.
-**		e -- the current envelope.
 **
 **	Returns:
 **		The signature for this host.
@@ -3637,35 +4641,58 @@ mailfiletimeout()
 **	Side Effects:
 **		Can tweak the symbol table.
 */
+#define MAXHOSTSIGNATURE	8192	/* max len of hostsignature */
 
-char *
-hostsignature(m, host, e)
+static char *
+hostsignature(m, host)
 	register MAILER *m;
 	char *host;
-	ENVELOPE *e;
 {
 	register char *p;
 	register STAB *s;
+#if NAMED_BIND
+	char sep = ':';
+	char prevsep = ':';
 	int i;
 	int len;
-#if NAMED_BIND
 	int nmx;
+	int hl;
 	char *hp;
 	char *endp;
 	int oldoptions = _res.options;
 	char *mxhosts[MAXMXHOSTS + 1];
-#endif
+	u_short mxprefs[MAXMXHOSTS + 1];
+#endif /* NAMED_BIND */
+
+	if (tTd(17, 3))
+		dprintf("hostsignature(%s)\n", host);
+
+	/*
+	**  If local delivery, just return a constant.
+	*/
+
+	if (bitnset(M_LOCALMAILER, m->m_flags))
+		return "localhost";
 
 	/*
 	**  Check to see if this uses IPC -- if not, it can't have MX records.
 	*/
 
 	p = m->m_mailer;
-	if (strcmp(p, "[IPC]") != 0 && strcmp(p, "[TCP]") != 0)
+	if (strcmp(p, "[IPC]") != 0 &&
+	    strcmp(p, "[TCP]") != 0)
 	{
 		/* just an ordinary mailer */
 		return host;
 	}
+#if NETUNIX
+	else if (m->m_argv[0] != NULL &&
+		 strcmp(m->m_argv[0], "FILE") == 0)
+	{
+		/* rendezvous in the file system, no MX records */
+		return host;
+	}
+#endif /* NETUNIX */
 
 	/*
 	**  Look it up in the symbol table.
@@ -3673,7 +4700,12 @@ hostsignature(m, host, e)
 
 	s = stab(host, ST_HOSTSIG, ST_ENTER);
 	if (s->s_hostsig != NULL)
+	{
+		if (tTd(17, 3))
+			dprintf("hostsignature(): stab(%s) found %s\n", host,
+				s->s_hostsig);
 		return s->s_hostsig;
+	}
 
 	/*
 	**  Not already there -- create a signature.
@@ -3685,9 +4717,23 @@ hostsignature(m, host, e)
 
 	for (hp = host; hp != NULL; hp = endp)
 	{
-		endp = strchr(hp, ':');
+#if NETINET6
+		if (*hp == '[')
+		{
+			endp = strchr(hp + 1, ']');
+			if (endp != NULL)
+				endp = strpbrk(endp + 1, ":,");
+		}
+		else
+			endp = strpbrk(hp, ":,");
+#else /* NETINET6 */
+		endp = strpbrk(hp, ":,");
+#endif /* NETINET6 */
 		if (endp != NULL)
+		{
+			sep = *endp;
 			*endp = '\0';
+		}
 
 		if (bitnset(M_NOMX, m->m_flags))
 		{
@@ -3699,7 +4745,7 @@ hostsignature(m, host, e)
 		{
 			auto int rcode;
 
-			nmx = getmxrr(hp, mxhosts, TRUE, &rcode);
+			nmx = getmxrr(hp, mxhosts, mxprefs, TRUE, &rcode);
 			if (nmx <= 0)
 			{
 				register MCI *mci;
@@ -3709,50 +4755,398 @@ hostsignature(m, host, e)
 				mci->mci_errno = errno;
 				mci->mci_herrno = h_errno;
 				mci->mci_lastuse = curtime();
-				mci_setstat(mci, rcode, NULL, NULL);
+				if (rcode == EX_NOHOST)
+					mci_setstat(mci, rcode, "5.1.2",
+						"550 Host unknown");
+				else
+					mci_setstat(mci, rcode, NULL, NULL);
 
 				/* use the original host name as signature */
 				nmx = 1;
 				mxhosts[0] = hp;
 			}
+			if (tTd(17, 3))
+				dprintf("hostsignature(): getmxrr() returned %d, mxhosts[0]=%s\n",
+					nmx, mxhosts[0]);
 		}
 
 		len = 0;
 		for (i = 0; i < nmx; i++)
-		{
 			len += strlen(mxhosts[i]) + 1;
-		}
 		if (s->s_hostsig != NULL)
 			len += strlen(s->s_hostsig) + 1;
+		if (len >= MAXHOSTSIGNATURE)
+		{
+			sm_syslog(LOG_WARNING, NOQID, "hostsignature for host '%s' exceeds maxlen (%d): %d",
+				  host, MAXHOSTSIGNATURE, len);
+			len = MAXHOSTSIGNATURE;
+		}
 		p = xalloc(len);
 		if (s->s_hostsig != NULL)
 		{
-			(void) strcpy(p, s->s_hostsig);
+			(void) strlcpy(p, s->s_hostsig, len);
 			free(s->s_hostsig);
 			s->s_hostsig = p;
-			p += strlen(p);
-			*p++ = ':';
+			hl = strlen(p);
+			p += hl;
+			*p++ = prevsep;
+			len -= hl + 1;
 		}
 		else
 			s->s_hostsig = p;
 		for (i = 0; i < nmx; i++)
 		{
+			hl = strlen(mxhosts[i]);
+			if (len - 1 < hl || len <= 1)
+			{
+				/* force to drop out of outer loop */
+				len = -1;
+				break;
+			}
 			if (i != 0)
-				*p++ = ':';
-			strcpy(p, mxhosts[i]);
-			p += strlen(p);
+			{
+				if (mxprefs[i] == mxprefs[i - 1])
+					*p++ = ',';
+				else
+					*p++ = ':';
+				len--;
+			}
+			(void) strlcpy(p, mxhosts[i], len);
+			p += hl;
+			len -= hl;
 		}
+
+		/*
+		**  break out of loop if len exceeded MAXHOSTSIGNATURE
+		**  because we won't have more space for further hosts
+		**  anyway (separated by : in the .cf file).
+		*/
+
+		if (len < 0)
+			break;
 		if (endp != NULL)
-			*endp++ = ':';
+			*endp++ = sep;
+		prevsep = sep;
 	}
 	makelower(s->s_hostsig);
 	if (ConfigLevel < 2)
 		_res.options = oldoptions;
-#else
+#else /* NAMED_BIND */
 	/* not using BIND -- the signature is just the host name */
 	s->s_hostsig = host;
-#endif
+#endif /* NAMED_BIND */
 	if (tTd(17, 1))
-		printf("hostsignature(%s) = %s\n", host, s->s_hostsig);
+		dprintf("hostsignature(%s) = %s\n", host, s->s_hostsig);
 	return s->s_hostsig;
 }
+/*
+**  PARSE_HOSTSIGNATURE -- parse the "signature" and return MX host array.
+**
+**	The signature describes how we are going to send this -- it
+**	can be just the hostname (for non-Internet hosts) or can be
+**	an ordered list of MX hosts which must be randomized for equal
+**	MX preference values.
+**
+**	Parameters:
+**		sig -- the host signature.
+**		mxhosts -- array to populate.
+**
+**	Returns:
+**		The number of hosts inserted into mxhosts array.
+**
+**	Side Effects:
+**		Randomizes equal MX preference hosts in mxhosts.
+*/
+
+static int
+parse_hostsignature(sig, mxhosts, mailer)
+	char *sig;
+	char **mxhosts;
+	MAILER *mailer;
+{
+	int nmx = 0;
+	int curpref = 0;
+	int i, j;
+	char *hp, *endp;
+	u_short prefer[MAXMXHOSTS];
+	long rndm[MAXMXHOSTS];
+
+	for (hp = sig; hp != NULL; hp = endp)
+	{
+		char sep = ':';
+
+#if NETINET6
+		if (*hp == '[')
+		{
+			endp = strchr(hp + 1, ']');
+			if (endp != NULL)
+				endp = strpbrk(endp + 1, ":,");
+		}
+		else
+			endp = strpbrk(hp, ":,");
+#else /* NETINET6 */
+		endp = strpbrk(hp, ":,");
+#endif /* NETINET6 */
+		if (endp != NULL)
+		{
+			sep = *endp;
+			*endp = '\0';
+		}
+
+		mxhosts[nmx] = hp;
+		prefer[nmx] = curpref;
+		if (mci_match(hp, mailer))
+			rndm[nmx] = 0;
+		else
+			rndm[nmx] = get_random();
+
+		if (endp != NULL)
+		{
+			/*
+			**  Since we don't have the original MX prefs,
+			**  make our own.  If the separator is a ':', that
+			**  means the preference for the next host will be
+			**  higher than this one, so simply increment curpref.
+			*/
+
+			if (sep == ':')
+				curpref++;
+
+			*endp++ = sep;
+		}
+		if (++nmx >= MAXMXHOSTS)
+			break;
+	}
+
+	/* sort the records using the random factor for equal preferences */
+	for (i = 0; i < nmx; i++)
+	{
+		for (j = i + 1; j < nmx; j++)
+		{
+			/*
+			**  List is already sorted by MX preference, only
+			**  need to look for equal preference MX records
+			*/
+
+			if (prefer[i] < prefer[j])
+				break;
+
+			if (prefer[i] > prefer[j] ||
+			    (prefer[i] == prefer[j] && rndm[i] > rndm[j]))
+			{
+				register u_short tempp;
+				register long tempr;
+				register char *temp1;
+
+				tempp = prefer[i];
+				prefer[i] = prefer[j];
+				prefer[j] = tempp;
+				temp1 = mxhosts[i];
+				mxhosts[i] = mxhosts[j];
+				mxhosts[j] = temp1;
+				tempr = rndm[i];
+				rndm[i] = rndm[j];
+				rndm[j] = tempr;
+			}
+		}
+	}
+	return nmx;
+}
+
+#if SMTP
+# if STARTTLS
+static SSL_CTX	*clt_ctx = NULL;
+
+/*
+**  INITCLTTLS -- initialize client side TLS
+**
+**	Parameters:
+**		none.
+**
+**	Returns:
+**		succeeded?
+*/
+
+bool
+initclttls()
+{
+	if (clt_ctx != NULL)
+		return TRUE;	/* already done */
+	return inittls(&clt_ctx, TLS_I_CLT, FALSE, CltCERTfile, Cltkeyfile,
+		       CACERTpath, CACERTfile, DHParams);
+}
+
+/*
+**  STARTTLS -- try to start secure connection (client side)
+**
+**	Parameters:
+**		m -- the mailer.
+**		mci -- the mailer connection info.
+**		e -- the envelope.
+**
+**	Returns:
+**		success?
+**		(maybe this should be some other code than EX_
+**		that denotes which stage failed.)
+*/
+
+static int
+starttls(m, mci, e)
+	MAILER *m;
+	MCI *mci;
+	ENVELOPE *e;
+{
+	int smtpresult;
+	int result;
+	SSL *clt_ssl = NULL;
+
+	smtpmessage("STARTTLS", m, mci);
+
+	/* get the reply */
+	smtpresult = reply(m, mci, e, TimeOuts.to_datafinal, NULL, NULL);
+	/* which timeout? XXX */
+
+	/* check return code from server */
+	if (smtpresult == 454)
+		return EX_TEMPFAIL;
+	if (smtpresult == 501)
+		return EX_USAGE;
+	if (smtpresult == -1)
+		return smtpresult;
+	if (smtpresult != 220)
+		return EX_PROTOCOL;
+
+	if (LogLevel > 13)
+		sm_syslog(LOG_INFO, e->e_id, "TLS: start client");
+	if (clt_ctx == NULL && !initclttls())
+		return EX_SOFTWARE;
+
+	/* start connection */
+	if ((clt_ssl = SSL_new(clt_ctx)) == NULL)
+	{
+		if (LogLevel > 5)
+		{
+			sm_syslog(LOG_ERR, e->e_id,
+				  "TLS: error: client: SSL_new failed");
+			if (LogLevel > 9)
+				tlslogerr();
+		}
+		return EX_SOFTWARE;
+	}
+
+	/* SSL_clear(clt_ssl); ? */
+	if ((result = SSL_set_rfd(clt_ssl, fileno(mci->mci_in))) != 1 ||
+	    (result = SSL_set_wfd(clt_ssl, fileno(mci->mci_out))) != 1)
+	{
+		if (LogLevel > 5)
+		{
+			sm_syslog(LOG_ERR, e->e_id,
+				  "TLS: error: SSL_set_xfd failed=%d", result);
+			if (LogLevel > 9)
+				tlslogerr();
+		}
+		return EX_SOFTWARE;
+	}
+	SSL_set_connect_state(clt_ssl);
+	if ((result = SSL_connect(clt_ssl)) <= 0)
+	{
+		int i;
+
+		/* what to do in this case? */
+		i = SSL_get_error(clt_ssl, result);
+		if (LogLevel > 5)
+		{
+			sm_syslog(LOG_ERR, e->e_id,
+				  "TLS: error: SSL_connect failed=%d (%d)",
+				  result, i);
+			if (LogLevel > 9)
+				tlslogerr();
+		}
+		SSL_free(clt_ssl);
+		clt_ssl = NULL;
+		return EX_SOFTWARE;
+	}
+	mci->mci_ssl = clt_ssl;
+	result = tls_get_info(clt_ssl, e, FALSE, mci->mci_host);
+
+	/* switch to use SSL... */
+#if SFIO
+	if (sfdctls(mci->mci_in, mci->mci_out, mci->mci_ssl) == 0)
+		return EX_OK;
+#else /* SFIO */
+# if _FFR_TLS_TOREK
+	if (sfdctls(&mci->mci_in, &mci->mci_out, mci->mci_ssl) == 0)
+		return EX_OK;
+# endif /* _FFR_TLS_TOREK */
+#endif /* SFIO */
+
+	/* failure */
+	SSL_free(clt_ssl);
+	clt_ssl = NULL;
+	return EX_SOFTWARE;
+}
+
+/*
+**  ENDTLSCLT -- shutdown secure connection (client side)
+**
+**	Parameters:
+**		mci -- the mailer connection info.
+**
+**	Returns:
+**		success?
+*/
+int
+endtlsclt(mci)
+	MCI *mci;
+{
+	int r;
+
+	if (!bitset(MCIF_TLSACT, mci->mci_flags))
+		return EX_OK;
+	r = endtls(mci->mci_ssl, "client");
+	mci->mci_flags &= ~MCIF_TLSACT;
+	return r;
+}
+/*
+**  ENDTLS -- shutdown secure connection
+**
+**	Parameters:
+**		ssl -- SSL connection information.
+**		side -- srv/clt (for logging).
+**
+**	Returns:
+**		success?
+*/
+
+int
+endtls(ssl, side)
+	SSL *ssl;
+	char *side;
+{
+	if (ssl != NULL)
+	{
+		int r;
+
+		if ((r = SSL_shutdown(ssl)) < 0)
+		{
+			if (LogLevel > 11)
+				sm_syslog(LOG_WARNING, NOQID,
+					  "SSL_shutdown %s failed: %d",
+					  side, r);
+			return EX_SOFTWARE;
+		}
+		else if (r == 0)
+		{
+			if (LogLevel > 13)
+				sm_syslog(LOG_WARNING, NOQID,
+					  "SSL_shutdown %s not done",
+					  side);
+			return EX_SOFTWARE;
+		}
+		SSL_free(ssl);
+		ssl = NULL;
+	}
+	return EX_OK;
+}
+# endif /* STARTTLS */
+#endif /* SMTP */
diff --git a/contrib/sendmail/src/domain.c b/contrib/sendmail/src/domain.c
index ec79be8..8f5c8e2 100644
--- a/contrib/sendmail/src/domain.c
+++ b/contrib/sendmail/src/domain.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1986, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -10,21 +11,20 @@
  *
  */
 
-#include "sendmail.h"
+#include <sendmail.h>
 
 #ifndef lint
-#if NAMED_BIND
-static char sccsid[] = "@(#)domain.c	8.81 (Berkeley) 1/21/1999 (with name server)";
-#else
-static char sccsid[] = "@(#)domain.c	8.81 (Berkeley) 1/21/1999 (without name server)";
-#endif
-#endif /* not lint */
+# if NAMED_BIND
+static char id[] = "@(#)$Id: domain.c,v 8.114.6.1.2.3 2000/06/13 18:00:08 gshapiro Exp $ (with name server)";
+# else /* NAMED_BIND */
+static char id[] = "@(#)$Id: domain.c,v 8.114.6.1.2.3 2000/06/13 18:00:08 gshapiro Exp $ (without name server)";
+# endif /* NAMED_BIND */
+#endif /* ! lint */
+
 
 #if NAMED_BIND
 
-#include <errno.h>
-#include <resolv.h>
-#include <arpa/inet.h>
+# include <arpa/inet.h>
 
 /*
 **  The standard udp packet size PACKETSZ (512) is not sufficient for some
@@ -35,9 +35,9 @@ static char sccsid[] = "@(#)domain.c	8.81 (Berkeley) 1/21/1999 (without name ser
 **  it not big enough to accommodate the entire answer.
 */
 
-#ifndef MAXPACKET
-# define MAXPACKET 8192		/* max packet size used internally by BIND */
-#endif
+# ifndef MAXPACKET
+#  define MAXPACKET 8192	/* max packet size used internally by BIND */
+# endif /* ! MAXPACKET */
 
 typedef union
 {
@@ -45,41 +45,51 @@ typedef union
 	u_char	qb2[MAXPACKET];
 } querybuf;
 
-#ifndef MXHOSTBUFSIZE
-# define MXHOSTBUFSIZE	(128 * MAXMXHOSTS)
-#endif
+# ifndef MXHOSTBUFSIZE
+#  define MXHOSTBUFSIZE	(128 * MAXMXHOSTS)
+# endif /* ! MXHOSTBUFSIZE */
 
 static char	MXHostBuf[MXHOSTBUFSIZE];
 
-#ifndef MAXDNSRCH
-# define MAXDNSRCH	6	/* number of possible domains to search */
-#endif
+# ifndef MAXDNSRCH
+#  define MAXDNSRCH	6	/* number of possible domains to search */
+# endif /* ! MAXDNSRCH */
+
+# ifndef RES_DNSRCH_VARIABLE
+#  define RES_DNSRCH_VARIABLE	_res.dnsrch
+# endif /* ! RES_DNSRCH_VARIABLE */
+
+# ifndef MAX
+#  define MAX(a, b)	((a) > (b) ? (a) : (b))
+# endif /* ! MAX */
 
-#ifndef MAX
-# define MAX(a, b)	((a) > (b) ? (a) : (b))
-#endif
+# ifndef NO_DATA
+#  define NO_DATA	NO_ADDRESS
+# endif /* ! NO_DATA */
 
-#ifndef NO_DATA
-# define NO_DATA	NO_ADDRESS
-#endif
+# ifndef HFIXEDSZ
+#  define HFIXEDSZ	12	/* sizeof(HEADER) */
+# endif /* ! HFIXEDSZ */
 
-#ifndef HFIXEDSZ
-# define HFIXEDSZ	12	/* sizeof(HEADER) */
-#endif
+# define MAXCNAMEDEPTH	10	/* maximum depth of CNAME recursion */
 
-#define MAXCNAMEDEPTH	10	/* maximum depth of CNAME recursion */
+# if defined(__RES) && (__RES >= 19940415)
+#  define RES_UNC_T	char *
+# else /* defined(__RES) && (__RES >= 19940415) */
+#  define RES_UNC_T	u_char *
+# endif /* defined(__RES) && (__RES >= 19940415) */
+
+static char	*gethostalias __P((char *));
+static int	mxrand __P((char *));
 
-#if defined(__RES) && (__RES >= 19940415)
-# define RES_UNC_T	char *
-#else
-# define RES_UNC_T	u_char *
-#endif
 /*
 **  GETMXRR -- get MX resource records for a domain
 **
 **	Parameters:
 **		host -- the name of the host to MX.
 **		mxhosts -- a pointer to a return buffer of MX records.
+**		mxprefs -- a pointer to a return buffer of MX preferences.
+**			If NULL, don't try to populate.
 **		droplocalhost -- If TRUE, all MX records less preferred
 **			than the local host (as determined by $=w) will
 **			be discarded.
@@ -93,9 +103,10 @@ static char	MXHostBuf[MXHOSTBUFSIZE];
 */
 
 int
-getmxrr(host, mxhosts, droplocalhost, rcode)
+getmxrr(host, mxhosts, mxprefs, droplocalhost, rcode)
 	char *host;
 	char **mxhosts;
+	u_short *mxprefs;
 	bool droplocalhost;
 	int *rcode;
 {
@@ -111,14 +122,15 @@ getmxrr(host, mxhosts, droplocalhost, rcode)
 	u_short localpref = 256;
 	char *fallbackMX = FallBackMX;
 	bool trycanon = FALSE;
+	u_short *prefs;
 	int (*resfunc)();
-	extern int res_query(), res_search();
 	u_short prefer[MAXMXHOSTS];
 	int weight[MAXMXHOSTS];
-	extern int mxrand __P((char *));
+	extern int res_query(), res_search();
 
 	if (tTd(8, 2))
-		printf("getmxrr(%s, droplocalhost=%d)\n", host, droplocalhost);
+		dprintf("getmxrr(%s, droplocalhost=%d)\n",
+			host, droplocalhost);
 
 	if (fallbackMX != NULL && droplocalhost &&
 	    wordinclass(fallbackMX, 'w'))
@@ -129,6 +141,12 @@ getmxrr(host, mxhosts, droplocalhost, rcode)
 
 	*rcode = EX_OK;
 
+	if (mxprefs != NULL)
+		prefs = mxprefs;
+	else
+		prefs = prefer;
+
+
 	/* efficiency hack -- numeric or non-MX lookups */
 	if (host[0] == '[')
 		goto punt;
@@ -153,22 +171,22 @@ getmxrr(host, mxhosts, droplocalhost, rcode)
 	if (n < 0)
 	{
 		if (tTd(8, 1))
-			printf("getmxrr: res_search(%s) failed (errno=%d, h_errno=%d)\n",
+			dprintf("getmxrr: res_search(%s) failed (errno=%d, h_errno=%d)\n",
 			    (host == NULL) ? "<NULL>" : host, errno, h_errno);
 		switch (h_errno)
 		{
 		  case NO_DATA:
 			trycanon = TRUE;
-			/* fall through */
+			/* FALLTHROUGH */
 
 		  case NO_RECOVERY:
 			/* no MX data on this host */
 			goto punt;
 
 		  case HOST_NOT_FOUND:
-#if BROKEN_RES_SEARCH
+# if BROKEN_RES_SEARCH
 		  case 0:	/* Ultrix resolver retns failure w/ h_errno=0 */
-#endif
+# endif /* BROKEN_RES_SEARCH */
 			/* host doesn't exist in DNS; might be in /etc/hosts */
 			trycanon = TRUE;
 			*rcode = EX_NOHOST;
@@ -180,6 +198,10 @@ getmxrr(host, mxhosts, droplocalhost, rcode)
 			if (fallbackMX != NULL)
 			{
 				/* name server is hosed -- push to fallback */
+				if (nmx > 0)
+					prefs[nmx] = prefs[nmx - 1] + 1;
+				else
+					prefs[nmx] = 0;
 				mxhosts[nmx++] = fallbackMX;
 				return nmx;
 			}
@@ -195,7 +217,7 @@ getmxrr(host, mxhosts, droplocalhost, rcode)
 		}
 
 		/* irreconcilable differences */
-		return (-1);
+		return -1;
 	}
 
 	/* avoid problems after truncation in tcp packets */
@@ -206,12 +228,16 @@ getmxrr(host, mxhosts, droplocalhost, rcode)
 	hp = (HEADER *)&answer;
 	cp = (u_char *)&answer + HFIXEDSZ;
 	eom = (u_char *)&answer + n;
-	for (qdcount = ntohs(hp->qdcount); qdcount--; cp += n + QFIXEDSZ)
+	for (qdcount = ntohs((u_short)hp->qdcount);
+	     qdcount--;
+	     cp += n + QFIXEDSZ)
+	{
 		if ((n = dn_skipname(cp, eom)) < 0)
 			goto punt;
+	}
 	buflen = sizeof(MXHostBuf) - 1;
 	bp = MXHostBuf;
-	ancount = ntohs(hp->ancount);
+	ancount = ntohs((u_short)hp->ancount);
 	while (--ancount >= 0 && cp < eom && nmx < MAXMXHOSTS - 1)
 	{
 		if ((n = dn_expand((u_char *)&answer,
@@ -219,13 +245,13 @@ getmxrr(host, mxhosts, droplocalhost, rcode)
 			break;
 		cp += n;
 		GETSHORT(type, cp);
- 		cp += INT16SZ + INT32SZ;
+		cp += INT16SZ + INT32SZ;
 		GETSHORT(n, cp);
 		if (type != T_MX)
 		{
 			if (tTd(8, 8) || _res.options & RES_DEBUG)
-				printf("unexpected answer type %d, size %d\n",
-				    type, n);
+				dprintf("unexpected answer type %d, size %d\n",
+					type, n);
 			cp += n;
 			continue;
 		}
@@ -237,7 +263,7 @@ getmxrr(host, mxhosts, droplocalhost, rcode)
 		if (wordinclass(bp, 'w'))
 		{
 			if (tTd(8, 3))
-				printf("found localhost (%s) in MX list, pref=%d\n",
+				dprintf("found localhost (%s) in MX list, pref=%d\n",
 					bp, pref);
 			if (droplocalhost)
 			{
@@ -250,7 +276,7 @@ getmxrr(host, mxhosts, droplocalhost, rcode)
 		}
 		else
 			weight[nmx] = mxrand(bp);
-		prefer[nmx] = pref;
+		prefs[nmx] = pref;
 		mxhosts[nmx++] = bp;
 		n = strlen(bp);
 		bp += n;
@@ -268,15 +294,15 @@ getmxrr(host, mxhosts, droplocalhost, rcode)
 	{
 		for (j = i + 1; j < nmx; j++)
 		{
-			if (prefer[i] > prefer[j] ||
-			    (prefer[i] == prefer[j] && weight[i] > weight[j]))
+			if (prefs[i] > prefs[j] ||
+			    (prefs[i] == prefs[j] && weight[i] > weight[j]))
 			{
 				register int temp;
 				register char *temp1;
 
-				temp = prefer[i];
-				prefer[i] = prefer[j];
-				prefer[j] = temp;
+				temp = prefs[i];
+				prefs[i] = prefs[j];
+				prefs[j] = temp;
 				temp1 = mxhosts[i];
 				mxhosts[i] = mxhosts[j];
 				mxhosts[j] = temp1;
@@ -285,7 +311,7 @@ getmxrr(host, mxhosts, droplocalhost, rcode)
 				weight[j] = temp;
 			}
 		}
-		if (seenlocal && prefer[i] >= localpref)
+		if (seenlocal && prefs[i] >= localpref)
 		{
 			/* truncate higher preference part of list */
 			nmx = i;
@@ -301,7 +327,10 @@ getmxrr(host, mxhosts, droplocalhost, rcode)
 		{
 			/* compress out duplicate */
 			for (j = i + 1; j < nmx; j++)
+			{
 				mxhosts[j] = mxhosts[j + 1];
+				prefs[j] = prefs[j + 1];
+			}
 			nmx--;
 		}
 	}
@@ -309,9 +338,10 @@ getmxrr(host, mxhosts, droplocalhost, rcode)
 	if (nmx == 0)
 	{
 punt:
-		if (seenlocal &&
-		    (!TryNullMXList || sm_gethostbyname(host) == NULL))
+		if (seenlocal)
 		{
+			struct hostent *h = NULL;
+
 			/*
 			**  If we have deleted all MX entries, this is
 			**  an error -- we should NEVER send to a host that
@@ -324,10 +354,45 @@ punt:
 			**  bad idea, but it's up to you....
 			*/
 
-			*rcode = EX_CONFIG;
-			syserr("MX list for %s points back to %s",
-				host, MyHostName);
-			return -1;
+			if (TryNullMXList)
+			{
+				h_errno = 0;
+				errno = 0;
+				h = sm_gethostbyname(host, AF_INET);
+				if (h == NULL)
+				{
+					if (errno == ETIMEDOUT ||
+					    h_errno == TRY_AGAIN ||
+					    (errno == ECONNREFUSED &&
+					     UseNameServer))
+					{
+						*rcode = EX_TEMPFAIL;
+						return -1;
+					}
+# if NETINET6
+					h_errno = 0;
+					errno = 0;
+					h = sm_gethostbyname(host, AF_INET6);
+					if (h == NULL &&
+					    (errno == ETIMEDOUT ||
+					     h_errno == TRY_AGAIN ||
+					     (errno == ECONNREFUSED &&
+					      UseNameServer)))
+					{
+						*rcode = EX_TEMPFAIL;
+						return -1;
+					}
+# endif /* NETINET6 */
+				}
+			}
+
+			if (h == NULL)
+			{
+				*rcode = EX_CONFIG;
+				syserr("MX list for %s points back to %s",
+				       host, MyHostName);
+				return -1;
+			}
 		}
 		if (strlen(host) >= (SIZE_T) sizeof MXHostBuf)
 		{
@@ -338,20 +403,33 @@ punt:
 		}
 		snprintf(MXHostBuf, sizeof MXHostBuf, "%s", host);
 		mxhosts[0] = MXHostBuf;
+		prefs[0] = 0;
 		if (host[0] == '[')
 		{
 			register char *p;
+# if NETINET6
+			struct sockaddr_in6 tmp6;
+# endif /* NETINET6 */
 
 			/* this may be an MX suppression-style address */
 			p = strchr(MXHostBuf, ']');
 			if (p != NULL)
 			{
 				*p = '\0';
+
 				if (inet_addr(&MXHostBuf[1]) != INADDR_NONE)
 				{
 					nmx++;
 					*p = ']';
 				}
+# if NETINET6
+				else if (inet_pton(AF_INET6, &MXHostBuf[1],
+						   &tmp6.sin6_addr) == 1)
+				{
+					nmx++;
+					*p = ']';
+				}
+# endif /* NETINET6 */
 				else
 				{
 					trycanon = TRUE;
@@ -374,9 +452,15 @@ punt:
 
 	/* if we have a default lowest preference, include that */
 	if (fallbackMX != NULL && !seenlocal)
+	{
+		if (nmx > 0)
+			prefs[nmx] = prefs[nmx - 1] + 1;
+		else
+			prefs[nmx] = 0;
 		mxhosts[nmx++] = fallbackMX;
+	}
 
-	return (nmx);
+	return nmx;
 }
 /*
 **  MXRAND -- create a randomizer for equal MX preferences
@@ -396,7 +480,7 @@ punt:
 **		none.
 */
 
-int
+static int
 mxrand(host)
 	register char *host;
 {
@@ -411,7 +495,7 @@ mxrand(host)
 	}
 
 	if (tTd(17, 9))
-		printf("mxrand(%s)", host);
+		dprintf("mxrand(%s)", host);
 
 	hfunc = seed;
 	while (*host != '\0')
@@ -427,7 +511,7 @@ mxrand(host)
 	hfunc++;
 
 	if (tTd(17, 9))
-		printf(" = %d\n", hfunc);
+		dprintf(" = %d\n", hfunc);
 	return hfunc;
 }
 /*
@@ -453,7 +537,7 @@ bestmx_map_lookup(map, name, av, statp)
 	char buf[PSBUFSIZE / 2];
 
 	_res.options &= ~(RES_DNSRCH|RES_DEFNAMES);
-	nmx = getmxrr(name, mxhosts, FALSE, statp);
+	nmx = getmxrr(name, mxhosts, NULL, FALSE, statp);
 	_res.options = saveopts;
 	if (nmx <= 0)
 		return NULL;
@@ -470,7 +554,7 @@ bestmx_map_lookup(map, name, av, statp)
 	for (i = 0; i < nmx; i++)
 	{
 		int slen;
-		
+
 		if (strchr(mxhosts[i], map->map_coldelim) != NULL)
 		{
 			syserr("bestmx_map_lookup: MX host %.64s includes map delimiter character 0x%02X",
@@ -485,7 +569,7 @@ bestmx_map_lookup(map, name, av, statp)
 			*p++ = map->map_coldelim;
 			len++;
 		}
-		strcpy(p, mxhosts[i]);
+		(void) strlcpy(p, mxhosts[i], sizeof buf - len);
 		p += slen;
 		len += slen;
 	}
@@ -497,7 +581,7 @@ bestmx_map_lookup(map, name, av, statp)
 **	This algorithm tries to be smart about wildcard MX records.
 **	This is hard to do because DNS doesn't tell is if we matched
 **	against a wildcard or a specific MX.
-**	
+**
 **	We always prefer A & CNAME records, since these are presumed
 **	to be specific.
 **
@@ -530,7 +614,7 @@ dns_getcanonname(host, hbsize, trymx, statp)
 {
 	register u_char *eom, *ap;
 	register char *cp;
-	register int n; 
+	register int n;
 	HEADER *hp;
 	querybuf answer;
 	int ancount, qdcount;
@@ -546,10 +630,9 @@ dns_getcanonname(host, hbsize, trymx, statp)
 	char *xp;
 	char nbuf[MAX(MAXPACKET, MAXDNAME*2+2)];
 	char *searchlist[MAXDNSRCH+2];
-	extern char *gethostalias __P((char *));
 
 	if (tTd(8, 2))
-		printf("dns_getcanonname(%s, trymx=%d)\n", host, trymx);
+		dprintf("dns_getcanonname(%s, trymx=%d)\n", host, trymx);
 
 	if ((_res.options & RES_INIT) == 0 && res_init() == -1)
 	{
@@ -561,7 +644,9 @@ dns_getcanonname(host, hbsize, trymx, statp)
 	**  Initialize domain search list.  If there is at least one
 	**  dot in the name, search the unmodified name first so we
 	**  find "vse.CS" in Czechoslovakia instead of in the local
-	**  domain (e.g., vse.CS.Berkeley.EDU).
+	**  domain (e.g., vse.CS.Berkeley.EDU).  Note that there is no
+	**  longer a country named Czechoslovakia but this type of problem
+	**  is still present.
 	**
 	**  Older versions of the resolver could create this
 	**  list by tearing apart the host name.
@@ -575,7 +660,7 @@ cnameloop:
 			n++;
 
 	/*
-	**  If this is a simple name, determine whether it matches an 
+	**  If this is a simple name, determine whether it matches an
 	**  alias in the file defined by the environment variable HOSTALIASES.
 	*/
 	if (n == 0 && (xp = gethostalias(host)) != NULL)
@@ -586,14 +671,13 @@ cnameloop:
 		}
 		else
 		{
-			strncpy(host, xp, hbsize);
-			host[hbsize - 1] = '\0';
+			(void) strlcpy(host, xp, hbsize);
 			goto cnameloop;
 		}
 	}
 
 	/*
-	**  Build the search list.  
+	**  Build the search list.
 	**	If there is at least one dot in name, start with a null
 	**	domain to search the unmodified name first.
 	**	If name does not end with a dot and search up local domain
@@ -608,7 +692,10 @@ cnameloop:
 		*dp++ = "";
 	if (n >= 0 && *--cp != '.' && bitset(RES_DNSRCH, _res.options))
 	{
-		for (domain = _res.dnsrch; *domain != NULL; )
+		/* make sure there are less than MAXDNSRCH domains */
+		for (domain = RES_DNSRCH_VARIABLE, ret = 0;
+		     *domain != NULL && ret < MAXDNSRCH;
+		     ret++)
 			*dp++ = *domain++;
 	}
 	else if (n == 0 && bitset(RES_DEFNAMES, _res.options))
@@ -634,16 +721,21 @@ cnameloop:
 		if (qtype == T_ANY)
 			gotmx = FALSE;
 		if (tTd(8, 5))
-			printf("dns_getcanonname: trying %s.%s (%s)\n",
+			dprintf("dns_getcanonname: trying %s.%s (%s)\n",
 				host, *dp,
-				qtype == T_ANY ? "ANY" : qtype == T_A ? "A" :
-				qtype == T_MX ? "MX" : "???");
+				qtype == T_ANY ? "ANY" :
+# if NETINET6
+				qtype == T_AAAA ? "AAAA" :
+# endif /* NETINET6 */
+				qtype == T_A ? "A" :
+				qtype == T_MX ? "MX" :
+				"???");
 		ret = res_querydomain(host, *dp, C_IN, qtype,
 				      answer.qb2, sizeof(answer.qb2));
 		if (ret <= 0)
 		{
 			if (tTd(8, 7))
-				printf("\tNO: errno=%d, h_errno=%d\n",
+				dprintf("\tNO: errno=%d, h_errno=%d\n",
 					errno, h_errno);
 
 			if (errno == ECONNREFUSED || h_errno == TRY_AGAIN)
@@ -651,7 +743,22 @@ cnameloop:
 				/* the name server seems to be down */
 				h_errno = TRY_AGAIN;
 				*statp = EX_TEMPFAIL;
-				return FALSE;
+
+				/*
+				**  If the ANY query is larger than the
+				**  UDP packet size, the resolver will
+				**  fall back to TCP.  However, some
+				**  misconfigured firewalls block 53/TCP
+				**  so the ANY lookup fails whereas an MX
+				**  or A record might work.  Therefore,
+				**  don't fail on ANY queries.
+				**
+				**  The ANY query is really meant to prime
+				**  the cache so this isn't dangerous.
+				*/
+
+				if (qtype != T_ANY)
+					return FALSE;
 			}
 
 			if (h_errno != HOST_NOT_FOUND)
@@ -659,10 +766,22 @@ cnameloop:
 				/* might have another type of interest */
 				if (qtype == T_ANY)
 				{
+# if NETINET6
+					qtype = T_AAAA;
+# else /* NETINET6 */
 					qtype = T_A;
+# endif /* NETINET6 */
 					continue;
 				}
-				else if (qtype == T_A && !gotmx && (trymx || **dp == '\0'))
+# if NETINET6
+				else if (qtype == T_AAAA)
+				{
+					qtype = T_A;
+					continue;
+				}
+# endif /* NETINET6 */
+				else if (qtype == T_A && !gotmx &&
+					 (trymx || **dp == '\0'))
 				{
 					qtype = T_MX;
 					continue;
@@ -675,7 +794,7 @@ cnameloop:
 			continue;
 		}
 		else if (tTd(8, 7))
-			printf("\tYES\n");
+			dprintf("\tYES\n");
 
 		/* avoid problems after truncation in tcp packets */
 		if (ret > sizeof(answer))
@@ -692,21 +811,24 @@ cnameloop:
 		eom = (u_char *) &answer + ret;
 
 		/* skip question part of response -- we know what we asked */
-		for (qdcount = ntohs(hp->qdcount); qdcount--; ap += ret + QFIXEDSZ)
+		for (qdcount = ntohs((u_short)hp->qdcount);
+		     qdcount--;
+		     ap += ret + QFIXEDSZ)
 		{
 			if ((ret = dn_skipname(ap, eom)) < 0)
 			{
 				if (tTd(8, 20))
-					printf("qdcount failure (%d)\n",
-						ntohs(hp->qdcount));
+					dprintf("qdcount failure (%d)\n",
+						ntohs((u_short)hp->qdcount));
 				*statp = EX_SOFTWARE;
 				return FALSE;		/* ???XXX??? */
 			}
 		}
 
 		amatch = FALSE;
-		for (ancount = ntohs(hp->ancount); --ancount >= 0 && ap < eom;
-									ap += n)
+		for (ancount = ntohs((u_short)hp->ancount);
+		     --ancount >= 0 && ap < eom;
+		     ap += n)
 		{
 			n = dn_expand((u_char *) &answer, eom, ap,
 				      (RES_UNC_T) nbuf, sizeof nbuf);
@@ -725,7 +847,7 @@ cnameloop:
 					/*
 					**  If we are using MX matches and have
 					**  not yet gotten one, save this one
-					**  but keep searching for an A or 
+					**  but keep searching for an A or
 					**  CNAME match.
 					*/
 
@@ -743,6 +865,16 @@ cnameloop:
 				**  Such MX matches are as good as an A match,
 				**  fall through.
 				*/
+				/* FALLTHROUGH */
+
+# if NETINET6
+			  case T_AAAA:
+				/* Flag that a good match was found */
+				amatch = TRUE;
+
+				/* continue in case a CNAME also exists */
+				continue;
+# endif /* NETINET6 */
 
 			  case T_A:
 				/* Flag that a good match was found */
@@ -782,8 +914,7 @@ cnameloop:
 				if ((ret = dn_expand((u_char *)&answer,
 				    eom, ap, (RES_UNC_T) nbuf, sizeof(nbuf))) < 0)
 					break;
-				(void)strncpy(host, nbuf, hbsize); /* XXX */
-				host[hbsize - 1] = '\0';
+				(void)strlcpy(host, nbuf, hbsize);
 
 				/*
 				**  RFC 1034 section 3.6 specifies that CNAME
@@ -801,7 +932,7 @@ cnameloop:
 
 		if (amatch)
 		{
-			/* 
+			/*
 			**  Got a good match -- either an A, CNAME, or an
 			**  exact MX record.  Save it and get out of here.
 			*/
@@ -822,7 +953,17 @@ cnameloop:
 		*/
 
 		if (qtype == T_ANY)
+		{
+# if NETINET6
+			qtype = T_AAAA;
+# else /* NETINET6 */
+			qtype = T_A;
+# endif /* NETINET6 */
+		}
+# if NETINET6
+		else if (qtype == T_AAAA)
 			qtype = T_A;
+# endif /* NETINET6 */
 		else if (qtype == T_A && !gotmx && (trymx || **dp == '\0'))
 			qtype = T_MX;
 		else
@@ -848,24 +989,21 @@ cnameloop:
 	(void) snprintf(nbuf, sizeof nbuf, "%.*s%s%.*s", MAXDNAME, host,
 			*mxmatch == '\0' ? "" : ".",
 			MAXDNAME, mxmatch);
-	strncpy(host, nbuf, hbsize);
-	host[hbsize - 1] = '\0';
+	(void) strlcpy(host, nbuf, hbsize);
 	if (tTd(8, 5))
-		printf("dns_getcanonname: %s\n", host);
+		dprintf("dns_getcanonname: %s\n", host);
 	*statp = EX_OK;
 	return TRUE;
 }
 
-
-
-char *
+static char *
 gethostalias(host)
 	char *host;
 {
 	char *fname;
 	FILE *fp;
 	register char *p = NULL;
-	int sff = SFF_REGONLY;
+	long sff = SFF_REGONLY;
 	char buf[MAXLINE];
 	static char hbuf[MAXDNAME];
 
@@ -892,10 +1030,10 @@ gethostalias(host)
 	if (feof(fp))
 	{
 		/* no match */
-		fclose(fp);
+		(void) fclose(fp);
 		return NULL;
 	}
-	fclose(fp);
+	(void) fclose(fp);
 
 	/* got a match; extract the equivalent name */
 	while (*p != '\0' && isascii(*p) && isspace(*p))
@@ -904,9 +1042,7 @@ gethostalias(host)
 	while (*p != '\0' && !(isascii(*p) && isspace(*p)))
 		p++;
 	*p = '\0';
-	strncpy(hbuf, host, sizeof hbuf - 1);
-	hbuf[sizeof hbuf - 1] = '\0';
+	(void) strlcpy(hbuf, host, sizeof hbuf);
 	return hbuf;
 }
-
 #endif /* NAMED_BIND */
diff --git a/contrib/sendmail/src/envelope.c b/contrib/sendmail/src/envelope.c
index 2cc90d6..1e8bfdc 100644
--- a/contrib/sendmail/src/envelope.c
+++ b/contrib/sendmail/src/envelope.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,10 +12,11 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)envelope.c	8.122 (Berkeley) 1/25/1999";
-#endif /* not lint */
+static char id[] = "@(#)$Id: envelope.c,v 8.180.14.3 2000/06/29 05:30:23 gshapiro Exp $";
+#endif /* ! lint */
+
+#include <sendmail.h>
 
-#include "sendmail.h"
 
 /*
 **  NEWENVELOPE -- allocate a new envelope
@@ -41,10 +43,15 @@ newenvelope(e, parent)
 		parent = e->e_parent;
 	clearenvelope(e, TRUE);
 	if (e == CurEnv)
-		bcopy((char *) &NullAddress, (char *) &e->e_from, sizeof e->e_from);
+		memmove((char *) &e->e_from,
+			(char *) &NullAddress,
+			sizeof e->e_from);
 	else
-		bcopy((char *) &CurEnv->e_from, (char *) &e->e_from, sizeof e->e_from);
+		memmove((char *) &e->e_from,
+			(char *) &CurEnv->e_from,
+			sizeof e->e_from);
 	e->e_parent = parent;
+	assign_queueid(e);
 	e->e_ctime = curtime();
 	if (parent != NULL)
 		e->e_msgpriority = parent->e_msgsize;
@@ -53,7 +60,7 @@ newenvelope(e, parent)
 	if (CurEnv->e_xfp != NULL)
 		(void) fflush(CurEnv->e_xfp);
 
-	return (e);
+	return e;
 }
 /*
 **  DROPENVELOPE -- deallocate an envelope.
@@ -80,29 +87,29 @@ dropenvelope(e, fulldrop)
 	bool failure_return = FALSE;
 	bool delay_return = FALSE;
 	bool success_return = FALSE;
+	bool pmnotify = bitset(EF_PM_NOTIFY, e->e_flags);
+	bool done = FALSE;
 	register ADDRESS *q;
 	char *id = e->e_id;
 	char buf[MAXLINE];
 
 	if (tTd(50, 1))
 	{
-		extern void printenvflags __P((ENVELOPE *));
-
-		printf("dropenvelope %lx: id=", (u_long) e);
+		dprintf("dropenvelope %lx: id=", (u_long) e);
 		xputs(e->e_id);
-		printf(", flags=");
+		dprintf(", flags=");
 		printenvflags(e);
 		if (tTd(50, 10))
 		{
-			printf("sendq=");
+			dprintf("sendq=");
 			printaddr(e->e_sendqueue, TRUE);
 		}
 	}
 
 	if (LogLevel > 84)
 		sm_syslog(LOG_DEBUG, id,
-			"dropenvelope, e_flags=0x%x, OpMode=%c, pid=%d",
-			e->e_flags, OpMode, getpid());
+			  "dropenvelope, e_flags=0x%lx, OpMode=%c, pid=%d",
+			  e->e_flags, OpMode, getpid());
 
 	/* we must have an id to remove disk files */
 	if (id == NULL)
@@ -126,41 +133,38 @@ dropenvelope(e, fulldrop)
 	if (curtime() > e->e_ctime + TimeOuts.to_q_return[e->e_timeoutclass])
 		message_timeout = TRUE;
 
+	if (TimeOuts.to_q_return[e->e_timeoutclass] == NOW &&
+	    !bitset(EF_RESPONSE, e->e_flags))
+	{
+		message_timeout = TRUE;
+		e->e_flags |= EF_FATALERRS|EF_CLRQUEUE;
+	}
+
 	e->e_flags &= ~EF_QUEUERUN;
 	for (q = e->e_sendqueue; q != NULL; q = q->q_next)
 	{
-		if (bitset(QQUEUEUP, q->q_flags) &&
-		    bitset(QDONTSEND, q->q_flags))
-		{
-			/* I'm not sure how this happens..... */
-			if (tTd(50, 2))
-			{
-				printf("Bogus flags: ");
-				printaddr(q, FALSE);
-			}
-			q->q_flags &= ~QDONTSEND;
-		}
-		if (!bitset(QBADADDR|QDONTSEND|QSENT, q->q_flags))
+		if (QS_IS_UNDELIVERED(q->q_state))
 			queueit = TRUE;
-#if XDEBUG
-		else if (bitset(QQUEUEUP, q->q_flags))
-			sm_syslog(LOG_DEBUG, e->e_id,
-				"dropenvelope: q_flags = %x, paddr = %s",
-				q->q_flags, q->q_paddr);
-#endif
 
 		/* see if a notification is needed */
 		if (bitset(QPINGONFAILURE, q->q_flags) &&
-		    ((message_timeout && bitset(QQUEUEUP, q->q_flags)) ||
-		     bitset(QBADADDR, q->q_flags)))
+		    ((message_timeout && QS_IS_QUEUEUP(q->q_state)) ||
+		     QS_IS_BADADDR(q->q_state) ||
+		     (TimeOuts.to_q_return[e->e_timeoutclass] == NOW &&
+		      !bitset(EF_RESPONSE, e->e_flags))))
+
 		{
 			failure_return = TRUE;
-			if (q->q_owner == NULL && !emptyaddr(&e->e_from))
+			if (!done && q->q_owner == NULL &&
+			    !emptyaddr(&e->e_from))
+			{
 				(void) sendtolist(e->e_from.q_paddr, NULLADDR,
 						  &e->e_errorqueue, 0, e);
+				done = TRUE;
+			}
 		}
 		else if (bitset(QPINGONSUCCESS, q->q_flags) &&
-			 ((bitset(QSENT, q->q_flags) &&
+			 ((QS_IS_SENT(q->q_state) &&
 			   bitnset(M_LOCALMAILER, q->q_mailer->m_flags)) ||
 			  bitset(QRELAYED|QEXPANDED|QDELIVERED, q->q_flags)))
 		{
@@ -176,14 +180,15 @@ dropenvelope(e, fulldrop)
 	*/
 
 	if (!queueit)
+		/* EMPTY */
 		/* nothing to do */ ;
 	else if (message_timeout)
 	{
 		if (failure_return)
 		{
 			(void) snprintf(buf, sizeof buf,
-				"Cannot send message within %s",
-				pintvl(TimeOuts.to_q_return[e->e_timeoutclass], FALSE));
+					"Cannot send message for %s",
+					pintvl(TimeOuts.to_q_return[e->e_timeoutclass], FALSE));
 			if (e->e_message != NULL)
 				free(e->e_message);
 			e->e_message = newstr(buf);
@@ -195,9 +200,9 @@ dropenvelope(e, fulldrop)
 		fprintf(e->e_xfp, "Message will be deleted from queue\n");
 		for (q = e->e_sendqueue; q != NULL; q = q->q_next)
 		{
-			if (!bitset(QBADADDR|QDONTSEND|QSENT, q->q_flags))
+			if (QS_IS_UNDELIVERED(q->q_state))
 			{
-				q->q_flags |= QBADADDR;
+				q->q_state = QS_BADADDR;
 				q->q_status = "4.4.7";
 			}
 		}
@@ -215,7 +220,10 @@ dropenvelope(e, fulldrop)
 		{
 			for (q = e->e_sendqueue; q != NULL; q = q->q_next)
 			{
-				if (bitset(QQUEUEUP, q->q_flags) &&
+				if (QS_IS_QUEUEUP(q->q_state) &&
+#if _FFR_NODELAYDSN_ON_HOLD
+				    !bitnset(M_HOLD, q->q_mailer->m_flags) &&
+#endif /* _FFR_NODELAYDSN_ON_HOLD */
 				    bitset(QPINGONDELAY, q->q_flags))
 				{
 					q->q_flags |= QDELAYED;
@@ -242,7 +250,7 @@ dropenvelope(e, fulldrop)
 	}
 
 	if (tTd(50, 2))
-		printf("failure_return=%d delay_return=%d success_return=%d queueit=%d\n",
+		dprintf("failure_return=%d delay_return=%d success_return=%d queueit=%d\n",
 			failure_return, delay_return, success_return, queueit);
 
 	/*
@@ -254,11 +262,12 @@ dropenvelope(e, fulldrop)
 	{
 		for (q = e->e_sendqueue; q != NULL; q = q->q_next)
 		{
-			if (!bitset(QDONTSEND, q->q_flags) &&
+			if ((QS_IS_OK(q->q_state) ||
+			     QS_IS_VERIFIED(q->q_state)) &&
 			    bitset(QPINGONFAILURE, q->q_flags))
 			{
 				failure_return = TRUE;
-				q->q_flags |= QBADADDR;
+				q->q_state = QS_BADADDR;
 			}
 		}
 	}
@@ -274,7 +283,8 @@ dropenvelope(e, fulldrop)
 		auto ADDRESS *rlist = NULL;
 
 		if (tTd(50, 8))
-			printf("dropenvelope(%s): sending return receipt\n", id);
+			dprintf("dropenvelope(%s): sending return receipt\n",
+				id);
 		e->e_flags |= EF_SENDRECEIPT;
 		(void) sendtolist(e->e_from.q_paddr, NULLADDR, &rlist, 0, e);
 		(void) returntosender("Return receipt", rlist, RTSF_NO_BODY, e);
@@ -287,10 +297,8 @@ dropenvelope(e, fulldrop)
 
 	if ((failure_return || delay_return) && e->e_errormode != EM_QUIET)
 	{
-		extern void savemail __P((ENVELOPE *, bool));
-
 		if (tTd(50, 8))
-			printf("dropenvelope(%s): saving mail\n", id);
+			dprintf("dropenvelope(%s): saving mail\n", id);
 		savemail(e, !bitset(EF_NO_BODY_RETN, e->e_flags));
 	}
 
@@ -298,16 +306,28 @@ dropenvelope(e, fulldrop)
 	**  Arrange to send warning messages to postmaster as requested.
 	*/
 
-	if ((failure_return || bitset(EF_PM_NOTIFY, e->e_flags)) &&
+	if ((failure_return || pmnotify) &&
 	    PostMasterCopy != NULL &&
-	    !bitset(EF_RESPONSE, e->e_flags) && e->e_class >= 0)
+	    !bitset(EF_RESPONSE, e->e_flags) &&
+	    e->e_class >= 0)
 	{
 		auto ADDRESS *rlist = NULL;
+		char pcopy[MAXNAME];
 
-		if (tTd(50, 8))
-			printf("dropenvelope(%s): sending postmaster copy\n", id);
-		(void) sendtolist(PostMasterCopy, NULLADDR, &rlist, 0, e);
-		(void) returntosender(e->e_message, rlist, RTSF_PM_BOUNCE, e);
+		if (failure_return)
+		{
+			expand(PostMasterCopy, pcopy, sizeof pcopy, e);
+
+			if (tTd(50, 8))
+				dprintf("dropenvelope(%s): sending postmaster copy to %s\n",
+					id, pcopy);
+			(void) sendtolist(pcopy, NULLADDR, &rlist, 0, e);
+		}
+		if (pmnotify)
+			(void) sendtolist("postmaster", NULLADDR,
+					  &rlist, 0, e);
+		(void) returntosender(e->e_message, rlist,
+				      RTSF_PM_BOUNCE|RTSF_NO_BODY, e);
 	}
 
 	/*
@@ -316,42 +336,42 @@ dropenvelope(e, fulldrop)
 
 simpledrop:
 	if (tTd(50, 8))
-		printf("dropenvelope(%s): at simpledrop, queueit=%d\n",
+		dprintf("dropenvelope(%s): at simpledrop, queueit=%d\n",
 			id, queueit);
 	if (!queueit || bitset(EF_CLRQUEUE, e->e_flags))
 	{
 		if (tTd(50, 1))
 		{
-			extern void printenvflags __P((ENVELOPE *));
-
-			printf("\n===== Dropping [dq]f%s... queueit=%d, e_flags=",
+			dprintf("\n===== Dropping [dq]f%s... queueit=%d, e_flags=",
 				e->e_id, queueit);
 			printenvflags(e);
 		}
 		xunlink(queuename(e, 'd'));
 		xunlink(queuename(e, 'q'));
 
-		if (LogLevel > 10)
-			sm_syslog(LOG_INFO, id, "done");
+		if (e->e_ntries > 0 && LogLevel > 9)
+			sm_syslog(LOG_INFO, id, "done; delay=%s, ntries=%d",
+				  pintvl(curtime() - e->e_ctime, TRUE),
+				  e->e_ntries);
 	}
 	else if (queueit || !bitset(EF_INQUEUE, e->e_flags))
 	{
 #if QUEUE
 		queueup(e, FALSE);
 #else /* QUEUE */
-		syserr("554 dropenvelope: queueup");
+		syserr("554 5.3.0 dropenvelope: queueup");
 #endif /* QUEUE */
 	}
 
 	/* now unlock the job */
 	if (tTd(50, 8))
-		printf("dropenvelope(%s): unlocking job\n", id);
+		dprintf("dropenvelope(%s): unlocking job\n", id);
 	closexscript(e);
 	unlockqueue(e);
 
 	/* make sure that this envelope is marked unused */
 	if (e->e_dfp != NULL)
-		(void) xfclose(e->e_dfp, "dropenvelope df", e->e_id);
+		(void) bfclose(e->e_dfp);
 	e->e_dfp = NULL;
 	e->e_id = NULL;
 	e->e_flags &= ~EF_HAS_DF;
@@ -389,9 +409,9 @@ clearenvelope(e, fullclear)
 	{
 		/* clear out any file information */
 		if (e->e_xfp != NULL)
-			(void) xfclose(e->e_xfp, "clearenvelope xfp", e->e_id);
+			(void) bfclose(e->e_xfp);
 		if (e->e_dfp != NULL)
-			(void) xfclose(e->e_dfp, "clearenvelope dfp", e->e_id);
+			(void) bfclose(e->e_dfp);
 		e->e_xfp = e->e_dfp = NULL;
 	}
 
@@ -399,13 +419,13 @@ clearenvelope(e, fullclear)
 	STRUCTCOPY(BlankEnvelope, *e);
 	e->e_message = NULL;
 	if (Verbose)
-		e->e_sendmode = SM_DELIVER;
+		set_delivery_mode(SM_DELIVER, e);
 	bh = BlankEnvelope.e_header;
 	nhp = &e->e_header;
 	while (bh != NULL)
 	{
 		*nhp = (HDR *) xalloc(sizeof *bh);
-		bcopy((char *) bh, (char *) *nhp, sizeof *bh);
+		memmove((char *) *nhp, (char *) bh, sizeof *bh);
 		bh = bh->h_link;
 		nhp = &(*nhp)->h_link;
 	}
@@ -416,7 +436,7 @@ clearenvelope(e, fullclear)
 **	In Daemon mode, this is done in the child.
 **
 **	Parameters:
-**		none.
+**		e -- the envelope to use.
 **
 **	Returns:
 **		none.
@@ -438,15 +458,19 @@ initsys(e)
 	register char *p;
 	extern char *ttyname();
 #endif /* TTYNAME */
-	extern void settime __P((ENVELOPE *));
 
 	/*
 	**  Give this envelope a reality.
 	**	I.e., an id, a transcript, and a creation time.
 	*/
 
+	setnewqueue(e);
 	openxscript(e);
 	e->e_ctime = curtime();
+#if _FFR_QUEUEDELAY
+	e->e_queuealg = QueueAlg;
+	e->e_queuedelay = QueueInitDelay;
+#endif /* _FFR_QUEUEDELAY */
 
 	/*
 	**  Set OutChannel to something useful if stdout isn't it.
@@ -464,7 +488,7 @@ initsys(e)
 	*/
 
 	/* process id */
-	(void) snprintf(pbuf, sizeof pbuf, "%d", getpid());
+	(void) snprintf(pbuf, sizeof pbuf, "%d", (int) getpid());
 	define('p', newstr(pbuf), e);
 
 	/* hop count */
@@ -474,6 +498,9 @@ initsys(e)
 	/* time as integer, unix time, arpa time */
 	settime(e);
 
+	/* Load average */
+	(void)sm_getla(e);
+
 #ifdef TTYNAME
 	/* tty name */
 	if (macvalue('y', e) == NULL)
@@ -493,7 +520,7 @@ initsys(e)
 **  SETTIME -- set the current time.
 **
 **	Parameters:
-**		none.
+**		e -- the envelope in which the macros should be set.
 **
 **	Returns:
 **		none.
@@ -511,14 +538,13 @@ settime(e)
 	char tbuf[20];				/* holds "current" time */
 	char dbuf[30];				/* holds ctime(tbuf) */
 	register struct tm *tm;
-	extern struct tm *gmtime();
 
 	now = curtime();
 	tm = gmtime(&now);
 	(void) snprintf(tbuf, sizeof tbuf, "%04d%02d%02d%02d%02d", tm->tm_year + 1900,
-			tm->tm_mon+1, tm->tm_mday, tm->tm_hour, tm->tm_min);
+			tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min);
 	define('t', newstr(tbuf), e);
-	(void) strcpy(dbuf, ctime(&now));
+	(void) strlcpy(dbuf, ctime(&now), sizeof dbuf);
 	p = strchr(dbuf, '\n');
 	if (p != NULL)
 		*p = '\0';
@@ -546,38 +572,42 @@ settime(e)
 */
 
 #ifndef O_APPEND
-#define O_APPEND	0
-#endif
+# define O_APPEND	0
+#endif /* ! O_APPEND */
 
 void
 openxscript(e)
 	register ENVELOPE *e;
 {
 	register char *p;
-	int fd;
 
 	if (e->e_xfp != NULL)
 		return;
+
+#if 0
+	if (e->e_lockfp == NULL && bitset(EF_INQUEUE, e->e_flags))
+		syserr("openxscript: job not locked");
+#endif /* 0 */
+
 	p = queuename(e, 'x');
-	fd = open(p, O_WRONLY|O_CREAT|O_APPEND, FileMode);
-	if (fd < 0)
+	e->e_xfp = bfopen(p, FileMode, XscriptFileBufferSize,
+			  SFF_NOTEXCL|SFF_OPENASROOT);
+
+	if (e->e_xfp == NULL)
 	{
 		syserr("Can't create transcript file %s", p);
-		fd = open("/dev/null", O_WRONLY, 0644);
-		if (fd < 0)
+		e->e_xfp = fopen("/dev/null", "r+");
+		if (e->e_xfp == NULL)
 			syserr("!Can't open /dev/null");
 	}
-	e->e_xfp = fdopen(fd, "a");
-	if (e->e_xfp == NULL)
-		syserr("!Can't create transcript stream %s", p);
-#ifdef HASSETVBUF
-	setvbuf(e->e_xfp, NULL, _IOLBF, 0);
-#else
-	setlinebuf(e->e_xfp);
-#endif
+#if HASSETVBUF
+	(void) setvbuf(e->e_xfp, NULL, _IOLBF, 0);
+#else /* HASSETVBUF */
+	(void) setlinebuf(e->e_xfp);
+#endif /* HASSETVBUF */
 	if (tTd(46, 9))
 	{
-		printf("openxscript(%s):\n  ", p);
+		dprintf("openxscript(%s):\n  ", p);
 		dumpfd(fileno(e->e_xfp), TRUE, FALSE);
 	}
 }
@@ -600,7 +630,11 @@ closexscript(e)
 {
 	if (e->e_xfp == NULL)
 		return;
-	(void) xfclose(e->e_xfp, "closexscript", e->e_id);
+#if 0
+	if (e->e_lockfp == NULL)
+		syserr("closexscript: job not locked");
+#endif /* 0 */
+	(void) bfclose(e->e_xfp);
 	e->e_xfp = NULL;
 }
 /*
@@ -659,7 +693,7 @@ setsender(from, e, delimptr, delimchar, internal)
 	extern char *FullName;
 
 	if (tTd(45, 1))
-		printf("setsender(%s)\n", from == NULL ? "" : from);
+		dprintf("setsender(%s)\n", from == NULL ? "" : from);
 
 	/*
 	**  Figure out the real user executing us.
@@ -675,11 +709,16 @@ setsender(from, e, delimptr, delimchar, internal)
 	if (ConfigLevel < 2)
 		SuprErrs = TRUE;
 
-	e->e_from.q_flags = QBADADDR;
+#if _FFR_ADDR_TYPE
+	define(macid("{addr_type}", NULL), "e s", e);
+#endif /* _FFR_ADDR_TYPE */
+	/* preset state for then clause in case from == NULL */
+	e->e_from.q_state = QS_BADADDR;
+	e->e_from.q_flags = 0;
 	if (from == NULL ||
 	    parseaddr(from, &e->e_from, RF_COPYALL|RF_SENDERADDR,
 		      delimchar, delimptr, e) == NULL ||
-	    bitset(QBADADDR, e->e_from.q_flags) ||
+	    QS_IS_BADADDR(e->e_from.q_state) ||
 	    e->e_from.q_mailer == ProgMailer ||
 	    e->e_from.q_mailer == FileMailer ||
 	    e->e_from.q_mailer == InclMailer)
@@ -703,16 +742,17 @@ setsender(from, e, delimptr, delimchar, internal)
 				p = ebuf;
 			}
 			sm_syslog(LOG_NOTICE, e->e_id,
-				"setsender: %s: invalid or unparseable, received from %s",
-				shortenstring(from, 83), p);
+				  "setsender: %s: invalid or unparsable, received from %s",
+				  shortenstring(from, 83), p);
 		}
 		if (from != NULL)
 		{
-			if (!bitset(QBADADDR, e->e_from.q_flags))
+			if (!QS_IS_BADADDR(e->e_from.q_state))
 			{
 				/* it was a bogus mailer in the from addr */
 				e->e_status = "5.1.7";
-				usrerr("553 Invalid sender address");
+				usrerrenh(e->e_status,
+					  "553 Invalid sender address");
 			}
 			SuprErrs = TRUE;
 		}
@@ -727,31 +767,30 @@ setsender(from, e, delimptr, delimchar, internal)
 			if (parseaddr(from = newstr(nbuf), &e->e_from,
 				      RF_COPYALL, ' ', NULL, e) == NULL &&
 			    parseaddr(from = "postmaster", &e->e_from,
-			    	      RF_COPYALL, ' ', NULL, e) == NULL)
-				syserr("553 setsender: can't even parse postmaster!");
+				      RF_COPYALL, ' ', NULL, e) == NULL)
+				syserr("553 5.3.0 setsender: can't even parse postmaster!");
 		}
 	}
 	else
 		FromFlag = TRUE;
-	e->e_from.q_flags |= QDONTSEND;
+	e->e_from.q_state = QS_SENDER;
 	if (tTd(45, 5))
 	{
-		printf("setsender: QDONTSEND ");
+		dprintf("setsender: QS_SENDER ");
 		printaddr(&e->e_from, FALSE);
 	}
 	SuprErrs = FALSE;
 
-# if USERDB
+#if USERDB
 	if (bitnset(M_CHECKUDB, e->e_from.q_mailer->m_flags))
 	{
 		register char *p;
-		extern char *udbsender __P((char *));
 
 		p = udbsender(e->e_from.q_user);
 		if (p != NULL)
 			from = p;
 	}
-# endif /* USERDB */
+#endif /* USERDB */
 
 	if (bitnset(M_HASPWENT, e->e_from.q_mailer->m_flags))
 	{
@@ -795,7 +834,7 @@ setsender(from, e, delimptr, delimchar, internal)
 		}
 		else
 		{
-			e->e_from.q_home = "/no/such/directory";
+			e->e_from.q_home = NULL;
 		}
 		if (FullName != NULL && !internal)
 			define('x', FullName, e);
@@ -825,19 +864,22 @@ setsender(from, e, delimptr, delimchar, internal)
 		/* don't need to give error -- prescan did that already */
 		if (LogLevel > 2)
 			sm_syslog(LOG_NOTICE, e->e_id,
-				"cannot prescan from (%s)",
-				shortenstring(from, MAXSHORTSTR));
+				  "cannot prescan from (%s)",
+				  shortenstring(from, MAXSHORTSTR));
 		finis(TRUE, ExitStat);
 	}
 	(void) rewrite(pvp, 3, 0, e);
 	(void) rewrite(pvp, 1, 0, e);
 	(void) rewrite(pvp, 4, 0, e);
+#if _FFR_ADDR_TYPE
+	define(macid("{addr_type}", NULL), NULL, e);
+#endif /* _FFR_ADDR_TYPE */
 	bp = buf + 1;
 	cataddr(pvp, NULL, bp, sizeof buf - 2, '\0');
 	if (*bp == '@' && !bitnset(M_NOBRACKET, e->e_from.q_mailer->m_flags))
 	{
 		/* heuristic: route-addr: add angle brackets */
-		strcat(bp, ">");
+		(void) strlcat(bp, ">", sizeof buf - 1);
 		*--bp = '<';
 	}
 	e->e_sender = newstr(bp);
@@ -848,12 +890,17 @@ setsender(from, e, delimptr, delimchar, internal)
 	    bitnset(M_CANONICAL, e->e_from.q_mailer->m_flags))
 	{
 		char **lastat;
-		extern char **copyplist __P((char **, bool));
 
 		/* get rid of any pesky angle brackets */
+#if _FFR_ADDR_TYPE
+		define(macid("{addr_type}", NULL), "e s", e);
+#endif /* _FFR_ADDR_TYPE */
 		(void) rewrite(pvp, 3, 0, e);
 		(void) rewrite(pvp, 1, 0, e);
 		(void) rewrite(pvp, 4, 0, e);
+#if _FFR_ADDR_TYPE
+		define(macid("{addr_type}", NULL), NULL, e);
+#endif /* _FFR_ADDR_TYPE */
 
 		/* strip off to the last "@" sign */
 		for (lastat = NULL; *pvp != NULL; pvp++)
@@ -864,7 +911,7 @@ setsender(from, e, delimptr, delimchar, internal)
 			e->e_fromdomain = copyplist(lastat, TRUE);
 			if (tTd(45, 3))
 			{
-				printf("Saving from domain: ");
+				dprintf("Saving from domain: ");
 				printav(e->e_fromdomain);
 			}
 		}
@@ -886,7 +933,7 @@ struct eflags
 	u_long	ef_bit;
 };
 
-struct eflags	EnvelopeFlags[] =
+static struct eflags	EnvelopeFlags[] =
 {
 	{ "OLDSTYLE",		EF_OLDSTYLE	},
 	{ "INQUEUE",		EF_INQUEUE	},
diff --git a/contrib/sendmail/src/err.c b/contrib/sendmail/src/err.c
index 1a875a2..78b5c5d 100644
--- a/contrib/sendmail/src/err.c
+++ b/contrib/sendmail/src/err.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,11 +12,20 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)err.c	8.74 (Berkeley) 6/4/1998";
-#endif /* not lint */
+static char id[] = "@(#)$Id: err.c,v 8.120.4.1 2000/05/25 18:56:15 gshapiro Exp $";
+#endif /* ! lint */
 
-# include "sendmail.h"
-# include <errno.h>
+#include <sendmail.h>
+#ifdef LDAPMAP
+# include <lber.h>
+# include <ldap.h>			/* for LDAP error codes */
+#endif /* LDAPMAP */
+
+
+static void	putoutmsg __P((char *, bool, bool));
+static void	puterrmsg __P((char *));
+static char	*fmtmsg __P((char *, const char *, const char *, const char *,
+			     int, const char *, va_list));
 
 /*
 **  SYSERR -- Print error message.
@@ -43,31 +53,29 @@ static char sccsid[] = "@(#)err.c	8.74 (Berkeley) 6/4/1998";
 **		sets ExitStat.
 */
 
-char	MsgBuf[BUFSIZ*2];		/* text of most recent message */
-char	HeldMessageBuf[sizeof MsgBuf];	/* for held messages */
-
-extern void	putoutmsg __P((char *, bool, bool));
-extern void	puterrmsg __P((char *));
-static void	fmtmsg __P((char *, const char *, const char *, int, const char *, va_list));
+char		MsgBuf[BUFSIZ*2];	/* text of most recent message */
+static char	HeldMessageBuf[sizeof MsgBuf];	/* for held messages */
 
 #if NAMED_BIND && !defined(NO_DATA)
 # define NO_DATA	NO_ADDRESS
-#endif
+#endif /* NAMED_BIND && !defined(NO_DATA) */
 
 void
 /*VARARGS1*/
 #ifdef __STDC__
 syserr(const char *fmt, ...)
-#else
+#else /* __STDC__ */
 syserr(fmt, va_alist)
 	const char *fmt;
 	va_dcl
-#endif
+#endif /* __STDC__ */
 {
 	register char *p;
-	int olderrno = errno;
+	int save_errno = errno;
 	bool panic;
-	char *uname;
+	char *user;
+	char *enhsc;
+	char *errtxt;
 	struct passwd *pw;
 	char ubuf[80];
 	VA_LOCAL_DECL
@@ -80,12 +88,18 @@ syserr(fmt, va_alist)
 	}
 
 	/* format and output the error message */
-	if (olderrno == 0)
+	if (save_errno == 0)
+	{
 		p = "554";
+		enhsc = "5.0.0";
+	}
 	else
+	{
 		p = "451";
+		enhsc = "4.0.0";
+	}
 	VA_START(fmt);
-	fmtmsg(MsgBuf, (char *) NULL, p, olderrno, fmt, ap);
+	errtxt = fmtmsg(MsgBuf, (char *) NULL, p, enhsc, save_errno, fmt, ap);
 	VA_END;
 	puterrmsg(MsgBuf);
 
@@ -94,35 +108,35 @@ syserr(fmt, va_alist)
 	{
 		if (CurEnv->e_message != NULL)
 			free(CurEnv->e_message);
-		CurEnv->e_message = newstr(MsgBuf + 4);
+		CurEnv->e_message = newstr(errtxt);
 	}
 
 	/* determine exit status if not already set */
 	if (ExitStat == EX_OK)
 	{
-		if (olderrno == 0)
+		if (save_errno == 0)
 			ExitStat = EX_SOFTWARE;
 		else
 			ExitStat = EX_OSERR;
 		if (tTd(54, 1))
-			printf("syserr: ExitStat = %d\n", ExitStat);
+			dprintf("syserr: ExitStat = %d\n", ExitStat);
 	}
 
 	pw = sm_getpwuid(getuid());
 	if (pw != NULL)
-		uname = pw->pw_name;
+		user = pw->pw_name;
 	else
 	{
-		uname = ubuf;
-		snprintf(ubuf, sizeof ubuf, "UID%d", getuid());
+		user = ubuf;
+		snprintf(ubuf, sizeof ubuf, "UID%d", (int) getuid());
 	}
 
 	if (LogLevel > 0)
 		sm_syslog(panic ? LOG_ALERT : LOG_CRIT,
 			  CurEnv == NULL ? NOQID : CurEnv->e_id,
 			  "SYSERR(%s): %.900s",
-			  uname, &MsgBuf[4]);
-	switch (olderrno)
+			  user, errtxt);
+	switch (save_errno)
 	{
 	  case EBADF:
 	  case ENFILE:
@@ -130,19 +144,21 @@ syserr(fmt, va_alist)
 	  case ENOTTY:
 #ifdef EFBIG
 	  case EFBIG:
-#endif
+#endif /* EFBIG */
 #ifdef ESPIPE
 	  case ESPIPE:
-#endif
+#endif /* ESPIPE */
 #ifdef EPIPE
 	  case EPIPE:
-#endif
+#endif /* EPIPE */
 #ifdef ENOBUFS
 	  case ENOBUFS:
-#endif
+#endif /* ENOBUFS */
 #ifdef ESTALE
 	  case ESTALE:
-#endif
+#endif /* ESTALE */
+
+
 		printopenfds(TRUE);
 		mci_dump_all(TRUE);
 		break;
@@ -151,7 +167,8 @@ syserr(fmt, va_alist)
 	{
 #ifdef XLA
 		xla_all_end();
-#endif
+#endif /* XLA */
+		sync_queue_time();
 		if (tTd(0, 1))
 			abort();
 		exit(EX_OSERR);
@@ -182,21 +199,117 @@ syserr(fmt, va_alist)
 void
 #ifdef __STDC__
 usrerr(const char *fmt, ...)
-#else
+#else /* __STDC__ */
 usrerr(fmt, va_alist)
 	const char *fmt;
 	va_dcl
-#endif
+#endif /* __STDC__ */
 {
+	char *enhsc;
+	char *errtxt;
 	VA_LOCAL_DECL
 
+	if (fmt[0] == '5' || fmt[0] == '6')
+		enhsc = "5.0.0";
+	else if (fmt[0] == '4' || fmt[0] == '8')
+		enhsc = "4.0.0";
+	else if (fmt[0] == '2')
+		enhsc = "2.0.0";
+	else
+		enhsc = NULL;
+	VA_START(fmt);
+	errtxt = fmtmsg(MsgBuf, CurEnv->e_to, "501", enhsc, 0, fmt, ap);
+	VA_END;
+
 	if (SuprErrs)
 		return;
 
+	/* save this message for mailq printing */
+	switch (MsgBuf[0])
+	{
+	  case '4':
+	  case '8':
+		if (CurEnv->e_message != NULL)
+			break;
+
+		/* FALLTHROUGH */
+
+	  case '5':
+	  case '6':
+		if (CurEnv->e_message != NULL)
+			free(CurEnv->e_message);
+		if (MsgBuf[0] == '6')
+		{
+			char buf[MAXLINE];
+
+			snprintf(buf, sizeof buf, "Postmaster warning: %.*s",
+				(int) sizeof buf - 22, errtxt);
+			CurEnv->e_message = newstr(buf);
+		}
+		else
+		{
+			CurEnv->e_message = newstr(errtxt);
+		}
+		break;
+	}
+
+	puterrmsg(MsgBuf);
+
+	if (LogLevel > 3 && LogUsrErrs)
+		sm_syslog(LOG_NOTICE, CurEnv->e_id, "%.900s", errtxt);
+
+	if (QuickAbort)
+		longjmp(TopFrame, 1);
+}
+/*
+**  USRERRENH -- Signal user error.
+**
+**	Same as usrerr but with enhanced status code.
+**
+**	Parameters:
+**		enhsc -- the enhanced status code.
+**		fmt -- the format string.  If it does not begin with
+**			a three-digit SMTP reply code, 501 is assumed.
+**		(others) -- printf strings
+**
+**	Returns:
+**		none
+**		Through TopFrame if QuickAbort is set.
+**
+**	Side Effects:
+**		increments Errors.
+*/
+
+/*VARARGS1*/
+void
+#ifdef __STDC__
+usrerrenh(char *enhsc, const char *fmt, ...)
+#else /* __STDC__ */
+usrerrenh(enhsc, fmt, va_alist)
+	char *enhsc;
+	const char *fmt;
+	va_dcl
+#endif /* __STDC__ */
+{
+	char *errtxt;
+	VA_LOCAL_DECL
+
+	if (enhsc == NULL || *enhsc == '\0')
+	{
+		if (fmt[0] == '5' || fmt[0] == '6')
+			enhsc = "5.0.0";
+		else if (fmt[0] == '4' || fmt[0] == '8')
+			enhsc = "4.0.0";
+		else if (fmt[0] == '2')
+			enhsc = "2.0.0";
+	}
 	VA_START(fmt);
-	fmtmsg(MsgBuf, CurEnv->e_to, "501", 0, fmt, ap);
+	errtxt = fmtmsg(MsgBuf, CurEnv->e_to, "501", enhsc, 0, fmt, ap);
 	VA_END;
 
+	if (SuprErrs)
+		return;
+
 	/* save this message for mailq printing */
 	switch (MsgBuf[0])
 	{
@@ -205,7 +318,7 @@ usrerr(fmt, va_alist)
 		if (CurEnv->e_message != NULL)
 			break;
 
-		/* fall through.... */
+		/* FALLTHROUGH */
 
 	  case '5':
 	  case '6':
@@ -216,12 +329,12 @@ usrerr(fmt, va_alist)
 			char buf[MAXLINE];
 
 			snprintf(buf, sizeof buf, "Postmaster warning: %.*s",
-				sizeof buf - 22, MsgBuf + 4);
+				(int) sizeof buf - 22, errtxt);
 			CurEnv->e_message = newstr(buf);
 		}
 		else
 		{
-			CurEnv->e_message = newstr(MsgBuf + 4);
+			CurEnv->e_message = newstr(errtxt);
 		}
 		break;
 	}
@@ -229,9 +342,7 @@ usrerr(fmt, va_alist)
 	puterrmsg(MsgBuf);
 
 	if (LogLevel > 3 && LogUsrErrs)
-		sm_syslog(LOG_NOTICE, CurEnv->e_id,
-			"%.900s",
-			&MsgBuf[4]);
+		sm_syslog(LOG_NOTICE, CurEnv->e_id, "%.900s", errtxt);
 
 	if (QuickAbort)
 		longjmp(TopFrame, 1);
@@ -255,17 +366,18 @@ usrerr(fmt, va_alist)
 void
 #ifdef __STDC__
 message(const char *msg, ...)
-#else
+#else /* __STDC__ */
 message(msg, va_alist)
 	const char *msg;
 	va_dcl
-#endif
+#endif /* __STDC__ */
 {
+	char *errtxt;
 	VA_LOCAL_DECL
 
 	errno = 0;
 	VA_START(msg);
-	fmtmsg(MsgBuf, CurEnv->e_to, "050", 0, msg, ap);
+	errtxt = fmtmsg(MsgBuf, CurEnv->e_to, "050", (char *) NULL, 0, msg, ap);
 	VA_END;
 	putoutmsg(MsgBuf, FALSE, FALSE);
 
@@ -276,12 +388,12 @@ message(msg, va_alist)
 	  case '8':
 		if (CurEnv->e_message != NULL)
 			break;
-		/* fall through.... */
+		/* FALLTHROUGH */
 
 	  case '5':
 		if (CurEnv->e_message != NULL)
 			free(CurEnv->e_message);
-		CurEnv->e_message = newstr(MsgBuf + 4);
+		CurEnv->e_message = newstr(errtxt);
 		break;
 	}
 }
@@ -307,17 +419,19 @@ message(msg, va_alist)
 void
 #ifdef __STDC__
 nmessage(const char *msg, ...)
-#else
+#else /* __STDC__ */
 nmessage(msg, va_alist)
 	const char *msg;
 	va_dcl
-#endif
+#endif /* __STDC__ */
 {
+	char *errtxt;
 	VA_LOCAL_DECL
 
 	errno = 0;
 	VA_START(msg);
-	fmtmsg(MsgBuf, (char *) NULL, "050", 0, msg, ap);
+	errtxt = fmtmsg(MsgBuf, (char *) NULL, "050",
+			(char *) NULL, 0, msg, ap);
 	VA_END;
 	putoutmsg(MsgBuf, FALSE, FALSE);
 
@@ -328,12 +442,12 @@ nmessage(msg, va_alist)
 	  case '8':
 		if (CurEnv->e_message != NULL)
 			break;
-		/* fall through.... */
+		/* FALLTHROUGH */
 
 	  case '5':
 		if (CurEnv->e_message != NULL)
 			free(CurEnv->e_message);
-		CurEnv->e_message = newstr(MsgBuf + 4);
+		CurEnv->e_message = newstr(errtxt);
 		break;
 	}
 }
@@ -356,17 +470,18 @@ nmessage(msg, va_alist)
 **		Deletes SMTP reply code number as appropriate.
 */
 
-void
+static void
 putoutmsg(msg, holdmsg, heldmsg)
 	char *msg;
 	bool holdmsg;
 	bool heldmsg;
 {
+	char *errtxt = msg;
 	char msgcode = msg[0];
 
 	/* display for debugging */
 	if (tTd(54, 8))
-		printf("--- %s%s%s\n", msg, holdmsg ? " (hold)" : "",
+		dprintf("--- %s%s%s\n", msg, holdmsg ? " (hold)" : "",
 			heldmsg ? " (held)" : "");
 
 	/* map warnings to something SMTP can handle */
@@ -382,8 +497,8 @@ putoutmsg(msg, holdmsg, heldmsg)
 
 	if (LogLevel >= 15 && (OpMode == MD_SMTP || OpMode == MD_DAEMON))
 		sm_syslog(LOG_INFO, CurEnv->e_id,
-			"--> %s%s",
-			msg, holdmsg ? " (held)" : "");
+			  "--> %s%s",
+			  msg, holdmsg ? " (held)" : "");
 
 	if (msgcode == '8')
 		msg[0] = '0';
@@ -395,6 +510,8 @@ putoutmsg(msg, holdmsg, heldmsg)
 	{
 		/* save for possible future display */
 		msg[0] = msgcode;
+		if (HeldMessageBuf[0] == '5' && msgcode == '4')
+			return;
 		snprintf(HeldMessageBuf, sizeof HeldMessageBuf, "%s", msg);
 		return;
 	}
@@ -403,16 +520,29 @@ putoutmsg(msg, holdmsg, heldmsg)
 
 	if (OutChannel == NULL)
 		return;
-	
+
+	/* find actual text of error (after SMTP status codes) */
+	if (ISSMTPREPLY(errtxt))
+	{
+		int l;
+
+		errtxt += 4;
+		l = isenhsc(errtxt, ' ');
+		if (l <= 0)
+			l = isenhsc(errtxt, '\0');
+		if (l > 0)
+			errtxt += l + 1;
+	}
+
 	/* if DisConnected, OutChannel now points to the transcript */
 	if (!DisConnected &&
 	    (OpMode == MD_SMTP || OpMode == MD_DAEMON || OpMode == MD_ARPAFTP))
 		fprintf(OutChannel, "%s\r\n", msg);
 	else
-		fprintf(OutChannel, "%s\n", &msg[4]);
+		fprintf(OutChannel, "%s\n", errtxt);
 	if (TrafficLogFile != NULL)
 		fprintf(TrafficLogFile, "%05d >>> %s\n", (int) getpid(),
-			(OpMode == MD_SMTP || OpMode == MD_DAEMON) ? msg : &msg[4]);
+			(OpMode == MD_SMTP || OpMode == MD_DAEMON) ? msg : errtxt);
 	if (msg[3] == ' ')
 		(void) fflush(OutChannel);
 	if (!ferror(OutChannel) || DisConnected)
@@ -432,9 +562,9 @@ putoutmsg(msg, holdmsg, heldmsg)
 	HoldErrs = TRUE;
 	if (LogLevel > 0)
 		sm_syslog(LOG_CRIT, CurEnv->e_id,
-			"SYSERR: putoutmsg (%s): error on output channel sending \"%s\": %s",
-			CurHostName == NULL ? "NO-HOST" : CurHostName,
-			shortenstring(msg, MAXSHORTSTR), errstring(errno));
+			  "SYSERR: putoutmsg (%s): error on output channel sending \"%s\": %s",
+			  CurHostName == NULL ? "NO-HOST" : CurHostName,
+			  shortenstring(msg, MAXSHORTSTR), errstring(errno));
 }
 /*
 **  PUTERRMSG -- like putoutmsg, but does special processing for error messages
@@ -449,7 +579,7 @@ putoutmsg(msg, holdmsg, heldmsg)
 **		Sets the fatal error bit in the envelope as appropriate.
 */
 
-void
+static void
 puterrmsg(msg)
 	char *msg;
 {
@@ -467,7 +597,7 @@ puterrmsg(msg)
 
 	if (CurEnv == NULL)
 		return;
-	
+
 	if (msgcode == '6')
 	{
 		/* notify the postmaster */
@@ -480,28 +610,122 @@ puterrmsg(msg)
 	}
 }
 /*
+**  ISENHSC -- check whether a string contains an enhanced status code
+**
+**	Parameters:
+**		s -- string with possible enhanced status code.
+**		delim -- delim for enhanced status code.
+**
+**	Returns:
+**		0  -- no enhanced status code.
+**		>4 -- length of enhanced status code.
+**
+**	Side Effects:
+**		none.
+*/
+int
+isenhsc(s, delim)
+	const char *s;
+	int delim;
+{
+	int l, h;
+
+	if (s == NULL)
+		return 0;
+	if (!((*s == '2' || *s == '4' || *s == '5') && s[1] == '.'))
+		return 0;
+	h = 0;
+	l = 2;
+	while (h < 3 && isascii(s[l + h]) && isdigit(s[l + h]))
+		++h;
+	if (h == 0 || s[l + h] != '.')
+		return 0;
+	l += h + 1;
+	h = 0;
+	while (h < 3 && isascii(s[l + h]) && isdigit(s[l + h]))
+		++h;
+	if (h == 0 || s[l + h] != delim)
+		return 0;
+	return l + h;
+}
+/*
+**  EXTENHSC -- check and extract an enhanced status code
+**
+**	Parameters:
+**		s -- string with possible enhanced status code.
+**		delim -- delim for enhanced status code.
+**		e -- pointer to storage for enhanced status code.
+**			must be != NULL and have space for at least
+**			10 characters ([245].[0-9]{1,3}.[0-9]{1,3})
+**
+**	Returns:
+**		0  -- no enhanced status code.
+**		>4 -- length of enhanced status code.
+**
+**	Side Effects:
+**		fills e with enhanced status code.
+*/
+int
+extenhsc(s, delim, e)
+	const char *s;
+	int delim;
+	char *e;
+{
+	int l, h;
+
+	if (s == NULL)
+		return 0;
+	if (!((*s == '2' || *s == '4' || *s == '5') && s[1] == '.'))
+		return 0;
+	h = 0;
+	l = 2;
+	e[0] = s[0];
+	e[1] = '.';
+	while (h < 3 && isascii(s[l + h]) && isdigit(s[l + h]))
+	{
+		e[l + h] = s[l + h];
+		++h;
+	}
+	if (h == 0 || s[l + h] != '.')
+		return 0;
+	e[l + h] = '.';
+	l += h + 1;
+	h = 0;
+	while (h < 3 && isascii(s[l + h]) && isdigit(s[l + h]))
+	{
+		e[l + h] = s[l + h];
+		++h;
+	}
+	if (h == 0 || s[l + h] != delim)
+		return 0;
+	e[l + h] = '\0';
+	return l + h;
+}
+/*
 **  FMTMSG -- format a message into buffer.
 **
 **	Parameters:
-**		eb -- error buffer to get result.
+**		eb -- error buffer to get result -- MUST BE MsgBuf.
 **		to -- the recipient tag for this message.
-**		num -- arpanet error number.
+**		num -- default three digit SMTP reply code.
+**		enhsc -- enhanced status code.
 **		en -- the error number to display.
 **		fmt -- format of string.
-**		a, b, c, d, e -- arguments.
+**		ap -- arguments for fmt.
 **
 **	Returns:
-**		none.
+**		pointer to error text beyond status codes.
 **
 **	Side Effects:
 **		none.
 */
 
-static void
-fmtmsg(eb, to, num, eno, fmt, ap)
+static char *
+fmtmsg(eb, to, num, enhsc, eno, fmt, ap)
 	register char *eb;
 	const char *to;
 	const char *num;
+	const char *enhsc;
 	int eno;
 	const char *fmt;
 	va_list ap;
@@ -509,11 +733,10 @@ fmtmsg(eb, to, num, eno, fmt, ap)
 	char del;
 	int l;
 	int spaceleft = sizeof MsgBuf;
+	char *errtxt;
 
 	/* output the reply code */
-	if (isascii(fmt[0]) && isdigit(fmt[0]) &&
-	    isascii(fmt[1]) && isdigit(fmt[1]) &&
-	    isascii(fmt[2]) && isdigit(fmt[2]))
+	if (ISSMTPCODE(fmt))
 	{
 		num = fmt;
 		fmt += 4;
@@ -526,6 +749,26 @@ fmtmsg(eb, to, num, eno, fmt, ap)
 	eb += 4;
 	spaceleft -= 4;
 
+	if ((l = isenhsc(fmt, ' ' )) > 0 && l < spaceleft - 4)
+	{
+		/* copy enh.status code including trailing blank */
+		l++;
+		(void) strlcpy(eb, fmt, l + 1);
+		eb += l;
+		spaceleft -= l;
+		fmt += l;
+	}
+	else if ((l = isenhsc(enhsc, '\0')) > 0 && l < spaceleft - 4)
+	{
+		/* copy enh.status code */
+		(void) strlcpy(eb, enhsc, l + 1);
+		eb[l] = ' ';
+		eb[++l] = '\0';
+		eb += l;
+		spaceleft -= l;
+	}
+	errtxt = eb;
+
 	/* output the file name and line number */
 	if (FileName != NULL)
 	{
@@ -556,6 +799,8 @@ fmtmsg(eb, to, num, eno, fmt, ap)
 	/* output the error code, if any */
 	if (eno != 0)
 		(void) snprintf(eb, spaceleft, ": %s", errstring(eno));
+
+	return errtxt;
 }
 /*
 **  BUFFER_ERRORS -- arrange to buffer future error messages
@@ -613,13 +858,10 @@ errstring(errnum)
 	char *dnsmsg;
 	char *bp;
 	static char buf[MAXLINE];
-# if !HASSTRERROR && !defined(ERRLIST_PREDEFINED)
+#if !HASSTRERROR && !defined(ERRLIST_PREDEFINED)
 	extern char *sys_errlist[];
 	extern int sys_nerr;
-# endif
-# if SMTP
-	extern char *SmtpPhase;
-# endif /* SMTP */
+#endif /* !HASSTRERROR && !defined(ERRLIST_PREDEFINED) */
 
 	/*
 	**  Handle special network error codes.
@@ -630,18 +872,18 @@ errstring(errnum)
 	dnsmsg = NULL;
 	switch (errnum)
 	{
-# if defined(DAEMON) && defined(ETIMEDOUT)
+#if defined(DAEMON) && defined(ETIMEDOUT)
 	  case ETIMEDOUT:
 	  case ECONNRESET:
 		bp = buf;
-#if HASSTRERROR
+# if HASSTRERROR
 		snprintf(bp, SPACELEFT(buf, bp), "%s", strerror(errnum));
-#else
+# else /* HASSTRERROR */
 		if (errnum >= 0 && errnum < sys_nerr)
 			snprintf(bp, SPACELEFT(buf, bp), "%s", sys_errlist[errnum]);
 		else
 			snprintf(bp, SPACELEFT(buf, bp), "Error %d", errnum);
-#endif
+# endif /* HASSTRERROR */
 		bp += strlen(bp);
 		if (CurHostName != NULL)
 		{
@@ -666,24 +908,24 @@ errstring(errnum)
 			snprintf(bp, SPACELEFT(buf, bp), " during %s",
 				SmtpPhase);
 		}
-		return (buf);
+		return buf;
 
 	  case EHOSTDOWN:
 		if (CurHostName == NULL)
 			break;
 		(void) snprintf(buf, sizeof buf, "Host %s is down",
 			shortenstring(CurHostName, MAXSHORTSTR));
-		return (buf);
+		return buf;
 
 	  case ECONNREFUSED:
 		if (CurHostName == NULL)
 			break;
 		(void) snprintf(buf, sizeof buf, "Connection refused by %s",
 			shortenstring(CurHostName, MAXSHORTSTR));
-		return (buf);
-# endif
+		return buf;
+#endif /* defined(DAEMON) && defined(ETIMEDOUT) */
 
-# if NAMED_BIND
+#if NAMED_BIND
 	  case HOST_NOT_FOUND + E_DNSBASE:
 		dnsmsg = "host not found";
 		break;
@@ -699,7 +941,7 @@ errstring(errnum)
 	  case NO_DATA + E_DNSBASE:
 		dnsmsg = "no data known";
 		break;
-# endif
+#endif /* NAMED_BIND */
 
 	  case EPERM:
 		/* SunOS gives "Not owner" -- this is the POSIX message */
@@ -738,13 +980,18 @@ errstring(errnum)
 
 	  case E_SM_GWFILE:
 		return "Group writable file";
+
+	  case E_SM_GRFILE:
+		return "Group readable file";
+
+	  case E_SM_WRFILE:
+		return "World readable file";
 	}
 
 	if (dnsmsg != NULL)
 	{
 		bp = buf;
-		strcpy(bp, "Name server: ");
-		bp += strlen(bp);
+		bp += strlcpy(bp, "Name server: ", sizeof buf);
 		if (CurHostName != NULL)
 		{
 			snprintf(bp, SPACELEFT(buf, bp), "%s: ",
@@ -755,13 +1002,18 @@ errstring(errnum)
 		return buf;
 	}
 
+#ifdef LDAPMAP
+	if (errnum >= E_LDAPBASE)
+		return ldap_err2string(errnum - E_LDAPBASE);
+#endif /* LDAPMAP */
+
 #if HASSTRERROR
 	return strerror(errnum);
-#else
+#else /* HASSTRERROR */
 	if (errnum > 0 && errnum < sys_nerr)
-		return (sys_errlist[errnum]);
+		return sys_errlist[errnum];
 
 	(void) snprintf(buf, sizeof buf, "Error %d", errnum);
-	return (buf);
-#endif
+	return buf;
+#endif /* HASSTRERROR */
 }
diff --git a/contrib/sendmail/src/headers.c b/contrib/sendmail/src/headers.c
index 6c43dcb..8f19197 100644
--- a/contrib/sendmail/src/headers.c
+++ b/contrib/sendmail/src/headers.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,11 +12,14 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)headers.c	8.136 (Berkeley) 1/26/1999";
-#endif /* not lint */
+static char id[] = "@(#)$Id: headers.c,v 8.203.4.6 2000/07/19 02:53:32 ca Exp $";
+#endif /* ! lint */
 
-# include <errno.h>
-# include "sendmail.h"
+#include <sendmail.h>
+
+static bool	fix_mime_header __P((char *));
+static int	priencode __P((char *));
+static void	put_vanilla_header __P((HDR *, char *, MCI *));
 
 /*
 **  SETUPHEADERS -- initialize headers in symbol table
@@ -43,11 +47,13 @@ setupheaders()
 /*
 **  CHOMPHEADER -- process and save a header line.
 **
-**	Called by collect and by readcf to deal with header lines.
+**	Called by collect, readcf, and readqf to deal with header lines.
 **
 **	Parameters:
 **		line -- header as a text line.
-**		def -- if set, this is a default value.
+**		pflag -- flags:
+**			CHHDR_DEF: this is a default value.
+**			CHHDR_CHECK: call rulesets.
 **		hdrp -- a pointer to the place to save the header.
 **		e -- the envelope including this header.
 **
@@ -59,32 +65,34 @@ setupheaders()
 **		Contents of 'line' are destroyed.
 */
 
-struct hdrinfo	NormalHeader =	{ NULL, 0, NULL };
+static struct hdrinfo	NormalHeader =	{ NULL, 0, NULL };
 
-int
-chompheader(line, def, hdrp, e)
+u_long
+chompheader(line, pflag, hdrp, e)
 	char *line;
-	bool def;
+	int pflag;
 	HDR **hdrp;
 	register ENVELOPE *e;
 {
+	u_char mid = '\0';
 	register char *p;
 	register HDR *h;
 	HDR **hp;
 	char *fname;
 	char *fvalue;
 	bool cond = FALSE;
+	bool dropfrom;
 	bool headeronly;
 	STAB *s;
 	struct hdrinfo *hi;
 	bool nullheader = FALSE;
-	BITMAP mopts;
+	BITMAP256 mopts;
 
 	if (tTd(31, 6))
 	{
-		printf("chompheader: ");
+		dprintf("chompheader: ");
 		xputs(line);
-		printf("\n");
+		dprintf("\n");
 	}
 
 	headeronly = hdrp != NULL;
@@ -94,21 +102,76 @@ chompheader(line, def, hdrp, e)
 	/* strip off options */
 	clrbitmap(mopts);
 	p = line;
-	if (*p == '?')
+	if (!bitset(pflag, CHHDR_USER) && *p == '?')
 	{
-		/* have some */
-		register char *q = strchr(p + 1, *p);
-		
-		if (q != NULL)
+		int c;
+		register char *q;
+
+		q = strchr(++p, '?');
+		if (q == NULL)
+			goto hse;
+
+		*q = '\0';
+		c = *p & 0377;
+
+		/* possibly macro conditional */
+		if (c == MACROEXPAND)
 		{
-			*q++ = '\0';
-			while (*++p != '\0')
-				setbitn(*p, mopts);
-			p = q;
+			/* catch ?$? */
+			if (*++p == '\0')
+			{
+				*q = '?';
+				goto hse;
+			}
+
+			mid = (u_char) *p++;
+
+			/* catch ?$abc? */
+			if (*p != '\0')
+			{
+				*q = '?';
+				goto hse;
+			}
+		}
+		else if (*p == '$')
+		{
+			/* catch ?$? */
+			if (*++p == '\0')
+			{
+				*q = '?';
+				goto hse;
+			}
+
+			mid = (u_char)macid(p, NULL);
+			if (bitset(0200, mid))
+				p += strlen(macname(mid)) + 2;
+			else
+				p++;
+
+			/* catch ?$abc? */
+			if (*p != '\0')
+			{
+				*q = '?';
+				goto hse;
+			}
+
 		}
 		else
-			syserr("553 header syntax error, line \"%s\"", line);
-		cond = TRUE;
+		{
+			while (*p != '\0')
+			{
+				if (!isascii(*p))
+				{
+					*q = '?';
+					goto hse;
+				}
+
+				setbitn(*p, mopts);
+				cond = TRUE;
+				p++;
+			}
+		}
+		p = q + 1;
 	}
 
 	/* find canonical name */
@@ -120,7 +183,8 @@ chompheader(line, def, hdrp, e)
 		p++;
 	if (*p++ != ':' || fname == fvalue)
 	{
-		syserr("553 header syntax error, line \"%s\"", line);
+hse:
+		syserr("553 5.3.0 header syntax error, line \"%s\"", line);
 		return 0;
 	}
 	*fvalue = '\0';
@@ -141,7 +205,7 @@ chompheader(line, def, hdrp, e)
 		return H_EOH;
 
 	/* check to see if it represents a ruleset call */
-	if (def)
+	if (bitset(pflag, CHHDR_DEF))
 	{
 		char hbuf[50];
 
@@ -151,12 +215,18 @@ chompheader(line, def, hdrp, e)
 		if ((*p++ & 0377) == CALLSUBR)
 		{
 			auto char *endp;
+			bool strc;
 
+			strc = *p == '+';	/* strip comments? */
+			if (strc)
+				++p;
 			if (strtorwset(p, &endp, ST_ENTER) > 0)
 			{
 				*endp = '\0';
 				s = stab(fname, ST_HEADER, ST_ENTER);
 				s->s_header.hi_ruleset = newstr(p);
+				if (!strc)
+					s->s_header.hi_flags |= H_STRIPCOMM;
 			}
 			return 0;
 		}
@@ -172,19 +242,20 @@ chompheader(line, def, hdrp, e)
 	if (tTd(31, 9))
 	{
 		if (s == NULL)
-			printf("no header flags match\n");
+			dprintf("no header flags match\n");
 		else
-			printf("header match, flags=%x, ruleset=%s\n", 
+			dprintf("header match, flags=%lx, ruleset=%s\n",
 				hi->hi_flags,
 				hi->hi_ruleset == NULL ? "<NULL>" : hi->hi_ruleset);
 	}
 
 	/* see if this is a resent message */
-	if (!def && !headeronly && bitset(H_RESENT, hi->hi_flags))
+	if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
+	    bitset(H_RESENT, hi->hi_flags))
 		e->e_flags |= EF_RESENT;
 
 	/* if this is an Errors-To: header keep track of it now */
-	if (UseErrorsTo && !def && !headeronly &&
+	if (UseErrorsTo && !bitset(pflag, CHHDR_DEF) && !headeronly &&
 	    bitset(H_ERRORSTO, hi->hi_flags))
 		(void) sendtolist(fvalue, NULLADDR, &e->e_errorqueue, 0, e);
 
@@ -210,8 +281,74 @@ chompheader(line, def, hdrp, e)
 	**  If there is a check ruleset, verify it against the header.
 	*/
 
-	if (!def && hi->hi_ruleset != NULL)
-		(void) rscheck(hi->hi_ruleset, fvalue, NULL, e);
+	if (bitset(pflag, CHHDR_CHECK))
+	{
+		bool stripcom = FALSE;
+		char *rs;
+
+		/* no ruleset? look for default */
+		rs = hi->hi_ruleset;
+		if (rs == NULL)
+		{
+			s = stab("*", ST_HEADER, ST_FIND);
+			if (s != NULL)
+			{
+				rs = (&s->s_header)->hi_ruleset;
+				stripcom = bitset((&s->s_header)->hi_flags,
+						  H_STRIPCOMM);
+			}
+		}
+		else
+			stripcom = bitset(hi->hi_flags, H_STRIPCOMM);
+		if (rs != NULL)
+		{
+			int l;
+			char qval[MAXNAME];
+			char hlen[16];
+			char *sp, *dp;
+
+			dp = qval;
+			l = 0;
+			dp[l++] = '"';
+			for (sp = fvalue; *sp != '\0' && l < MAXNAME - 2; sp++)
+			{
+				switch(*sp)
+				{
+				  case '\011': /* ht */
+				  case '\012': /* nl */
+				  case '\013': /* vt */
+				  case '\014': /* np */
+				  case '\015': /* cr */
+					dp[l++] = ' ';
+					break;
+				  case '"':
+					dp[l++] = '\\';
+					/* FALLTHROUGH */
+				  default:
+					dp[l++] = *sp;
+					break;
+				}
+			}
+			dp[l++] = '"';
+			dp[l++] = '\0';
+			l = strlen(fvalue);
+			snprintf(hlen, sizeof hlen, "%d", l);
+			define(macid("{hdrlen}", NULL), newstr(hlen), e);
+			if (l >= MAXNAME)
+			{
+				if (LogLevel > 9)
+					sm_syslog(LOG_WARNING, e->e_id,
+						  "Warning: truncated header '%s' before check with '%s' len=%d max=%d",
+						  fname, rs, l, MAXNAME);
+			}
+			if ((sp = macvalue(macid("{currHeader}", NULL), e)) !=
+			    NULL)
+				free(sp);
+			define(macid("{currHeader}", NULL), newstr(qval), e);
+			define(macid("{hdr_name}", NULL), newstr(fname), e);
+			(void) rscheck(rs, fvalue, NULL, e, stripcom, TRUE, 4);
+		}
+	}
 
 	/*
 	**  Drop explicit From: if same as what we would generate.
@@ -219,28 +356,31 @@ chompheader(line, def, hdrp, e)
 	**  insert the full name information in all circumstances.
 	*/
 
+	dropfrom = FALSE;
 	p = "resent-from";
 	if (!bitset(EF_RESENT, e->e_flags))
 		p += 7;
-	if (!def && !headeronly && !bitset(EF_QUEUERUN, e->e_flags) &&
-	    strcasecmp(fname, p) == 0)
+	if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
+	    !bitset(EF_QUEUERUN, e->e_flags) && strcasecmp(fname, p) == 0)
 	{
 		if (tTd(31, 2))
 		{
-			printf("comparing header from (%s) against default (%s or %s)\n",
+			dprintf("comparing header from (%s) against default (%s or %s)\n",
 				fvalue, e->e_from.q_paddr, e->e_from.q_user);
 		}
 		if (e->e_from.q_paddr != NULL &&
+		    e->e_from.q_mailer != NULL &&
+		    bitnset(M_LOCALMAILER, e->e_from.q_mailer->m_flags) &&
 		    (strcmp(fvalue, e->e_from.q_paddr) == 0 ||
 		     strcmp(fvalue, e->e_from.q_user) == 0))
-			return hi->hi_flags;
+			dropfrom = TRUE;
 	}
 
 	/* delete default value for this header */
 	for (hp = hdrp; (h = *hp) != NULL; hp = &h->h_link)
 	{
 		if (strcasecmp(fname, h->h_field) == 0 &&
-		    bitset(H_DEFAULT, h->h_flags) &&
+		    !bitset(H_USER, h->h_flags) &&
 		    !bitset(H_FORCE, h->h_flags))
 		{
 			if (nullheader)
@@ -248,13 +388,20 @@ chompheader(line, def, hdrp, e)
 				/* user-supplied value was null */
 				return 0;
 			}
+			if (dropfrom)
+			{
+				/* make this look like the user entered it */
+				h->h_flags |= H_USER;
+				return hi->hi_flags;
+			}
 			h->h_value = NULL;
 			if (!cond)
 			{
 				/* copy conditions from default case */
-				bcopy((char *)h->h_mflags, (char *)mopts,
-						sizeof mopts);
+				memmove((char *)mopts, (char *)h->h_mflags,
+					sizeof mopts);
 			}
+			h->h_macro = mid;
 		}
 	}
 
@@ -263,20 +410,24 @@ chompheader(line, def, hdrp, e)
 	h->h_field = newstr(fname);
 	h->h_value = newstr(fvalue);
 	h->h_link = NULL;
-	bcopy((char *) mopts, (char *) h->h_mflags, sizeof mopts);
+	memmove((char *) h->h_mflags, (char *) mopts, sizeof mopts);
+	h->h_macro = mid;
 	*hp = h;
 	h->h_flags = hi->hi_flags;
+	if (bitset(pflag, CHHDR_USER))
+		h->h_flags |= H_USER;
 
 	/* strip EOH flag if parsing MIME headers */
 	if (headeronly)
 		h->h_flags &= ~H_EOH;
-	if (def)
+	if (bitset(pflag, CHHDR_DEF))
 		h->h_flags |= H_DEFAULT;
-	if (cond)
+	if (cond || mid != '\0')
 		h->h_flags |= H_CHECK;
 
 	/* hack to see if this is a new format message */
-	if (!def && !headeronly && bitset(H_RCPT|H_FROM, h->h_flags) &&
+	if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
+	    bitset(H_RCPT|H_FROM, h->h_flags) &&
 	    (strchr(fvalue, ',') != NULL || strchr(fvalue, '(') != NULL ||
 	     strchr(fvalue, '<') != NULL || strchr(fvalue, ';') != NULL))
 	{
@@ -293,7 +444,8 @@ chompheader(line, def, hdrp, e)
 **	Parameters:
 **		field -- the name of the header field.
 **		value -- the value of the field.
-**		hp -- an indirect pointer to the header structure list.
+**		flags -- flags to add to h_flags.
+**		hdrlist -- an indirect pointer to the header structure list.
 **
 **	Returns:
 **		none.
@@ -303,9 +455,10 @@ chompheader(line, def, hdrp, e)
 */
 
 void
-addheader(field, value, hdrlist)
+addheader(field, value, flags, hdrlist)
 	char *field;
 	char *value;
+	int flags;
 	HDR **hdrlist;
 {
 	register HDR *h;
@@ -327,10 +480,11 @@ addheader(field, value, hdrlist)
 	h->h_field = field;
 	h->h_value = newstr(value);
 	h->h_link = *hp;
-	h->h_flags = H_DEFAULT;
+	h->h_flags = flags;
 	if (s != NULL)
 		h->h_flags |= s->s_header.hi_flags;
 	clrbitmap(h->h_mflags);
+	h->h_macro = '\0';
 	*hp = h;
 }
 /*
@@ -362,9 +516,9 @@ hvalue(field, header)
 	{
 		if (!bitset(H_DEFAULT, h->h_flags) &&
 		    strcasecmp(h->h_field, field) == 0)
-			return (h->h_value);
+			return h->h_value;
 	}
-	return (NULL);
+	return NULL;
 }
 /*
 **  ISHEADER -- predicate telling if argument is a header.
@@ -439,7 +593,6 @@ eatheader(e, full)
 	int hopcnt = 0;
 	char *msgid;
 	char buf[MAXLINE];
-	extern int priencode __P((char *));
 
 	/*
 	**  Set up macros for possible expansion in headers.
@@ -456,12 +609,8 @@ eatheader(e, full)
 	p = hvalue("full-name", e->e_header);
 	if (p != NULL)
 	{
-		extern bool rfc822_string __P((char *));
-
 		if (!rfc822_string(p))
 		{
-			extern char *addquotes __P((char *));
-
 			/*
 			**  Quote a full name with special characters
 			**  as a comment so crackaddr() doesn't destroy
@@ -473,37 +622,34 @@ eatheader(e, full)
 	}
 
 	if (tTd(32, 1))
-		printf("----- collected header -----\n");
+		dprintf("----- collected header -----\n");
 	msgid = NULL;
 	for (h = e->e_header; h != NULL; h = h->h_link)
 	{
 		if (tTd(32, 1))
-			printf("%s: ", h->h_field);
+			dprintf("%s: ", h->h_field);
 		if (h->h_value == NULL)
 		{
 			if (tTd(32, 1))
-				printf("<NULL>\n");
+				dprintf("<NULL>\n");
 			continue;
 		}
 
 		/* do early binding */
-		if (bitset(H_DEFAULT, h->h_flags))
+		if (bitset(H_DEFAULT, h->h_flags) &&
+		    !bitset(H_BINDLATE, h->h_flags))
 		{
 			if (tTd(32, 1))
 			{
-				printf("(");
+				dprintf("(");
 				xputs(h->h_value);
-				printf(") ");
+				dprintf(") ");
 			}
 			expand(h->h_value, buf, sizeof buf, e);
 			if (buf[0] != '\0')
 			{
 				if (bitset(H_FROM, h->h_flags))
-				{
-					extern char *crackaddr __P((char *));
-
 					expand(crackaddr(buf), buf, sizeof buf, e);
-				}
 				h->h_value = newstr(buf);
 				h->h_flags &= ~H_DEFAULT;
 			}
@@ -512,7 +658,7 @@ eatheader(e, full)
 		if (tTd(32, 1))
 		{
 			xputs(h->h_value);
-			printf("\n");
+			dprintf("\n");
 		}
 
 		/* count the number of times it has been processed */
@@ -526,7 +672,7 @@ eatheader(e, full)
 		{
 #if 0
 			int saveflags = e->e_flags;
-#endif
+#endif /* 0 */
 
 			(void) sendtolist(h->h_value, NULLADDR,
 					  &e->e_sendqueue, 0, e);
@@ -536,11 +682,11 @@ eatheader(e, full)
 			**  Change functionality so a fatal error on an
 			**  address doesn't affect the entire envelope.
 			*/
-			 
+
 			/* delete fatal errors generated by this address */
 			if (!bitset(EF_FATALERRS, saveflags))
 				e->e_flags &= ~EF_FATALERRS;
-#endif
+#endif /* 0 */
 		}
 
 		/* save the message-id for logging */
@@ -555,7 +701,7 @@ eatheader(e, full)
 		}
 	}
 	if (tTd(32, 1))
-		printf("----------------------------\n");
+		dprintf("----------------------------\n");
 
 	/* if we are just verifying (that is, sendmail -t -bv), drop out now */
 	if (OpMode == MD_VERIFY)
@@ -640,7 +786,7 @@ eatheader(e, full)
 		if (hi->hi_field != NULL)
 		{
 			if (tTd(32, 2))
-				printf("eatheader: setsender(*%s == %s)\n",
+				dprintf("eatheader: setsender(*%s == %s)\n",
 					hi->hi_field, p);
 			setsender(p, e, NULL, '\0', TRUE);
 		}
@@ -684,7 +830,7 @@ logsender(e, msgid)
 		l = strlen(msgid);
 		if (l > sizeof mbuf - 1)
 			l = sizeof mbuf - 1;
-		bcopy(msgid, mbuf, l);
+		memmove(mbuf, msgid, l);
 		mbuf[l] = '\0';
 		p = mbuf;
 		while ((p = strchr(p, '\n')) != NULL)
@@ -694,6 +840,7 @@ logsender(e, msgid)
 	if (bitset(EF_RESPONSE, e->e_flags))
 		name = "[RESPONSE]";
 	else if ((name = macvalue('_', e)) != NULL)
+		/* EMPTY */
 		;
 	else if (RealHostName == NULL)
 		name = "localhost";
@@ -712,12 +859,12 @@ logsender(e, msgid)
 	}
 
 	/* some versions of syslog only take 5 printf args */
-#  if (SYSLOG_BUFSIZE) >= 256
+#if (SYSLOG_BUFSIZE) >= 256
 	sbp = sbuf;
 	snprintf(sbp, SPACELEFT(sbuf, sbp),
-	    "from=%.200s, size=%ld, class=%d, pri=%ld, nrcpts=%d",
+	    "from=%.200s, size=%ld, class=%d, nrcpts=%d",
 	    e->e_from.q_paddr == NULL ? "<NONE>" : e->e_from.q_paddr,
-	    e->e_msgsize, e->e_class, e->e_msgpriority, e->e_nrcpts);
+	    e->e_msgsize, e->e_class, e->e_nrcpts);
 	sbp += strlen(sbp);
 	if (msgid != NULL)
 	{
@@ -732,24 +879,47 @@ logsender(e, msgid)
 	}
 	p = macvalue('r', e);
 	if (p != NULL)
+	{
 		(void) snprintf(sbp, SPACELEFT(sbuf, sbp), ", proto=%.20s", p);
+		sbp += strlen(sbp);
+	}
+	p = macvalue(macid("{daemon_name}", NULL), e);
+	if (p != NULL)
+	{
+		(void) snprintf(sbp, SPACELEFT(sbuf, sbp), ", daemon=%.20s", p);
+		sbp += strlen(sbp);
+	}
+# if SASL
+	p = macvalue(macid("{auth_type}", NULL), e);
+	if (p != NULL)
+	{
+		(void) snprintf(sbp, SPACELEFT(sbuf, sbp), ", mech=%.12s", p);
+		sbp += strlen(sbp);
+	}
+	p = macvalue(macid("{auth_author}", NULL), e);
+	if (p != NULL)
+	{
+		(void) snprintf(sbp, SPACELEFT(sbuf, sbp), ", auth=%.30s", p);
+		sbp += strlen(sbp);
+	}
+# endif /* SASL */
 	sm_syslog(LOG_INFO, e->e_id,
-		"%.850s, relay=%.100s",
-		sbuf, name);
+		  "%.850s, relay=%.100s",
+		  sbuf, name);
 
-#  else			/* short syslog buffer */
+#else /* (SYSLOG_BUFSIZE) >= 256 */
 
 	sm_syslog(LOG_INFO, e->e_id,
-		"from=%s",
-		e->e_from.q_paddr == NULL ? "<NONE>"
-					  : shortenstring(e->e_from.q_paddr, 83));
+		  "from=%s",
+		  e->e_from.q_paddr == NULL ? "<NONE>"
+					    : shortenstring(e->e_from.q_paddr, 83));
 	sm_syslog(LOG_INFO, e->e_id,
-		"size=%ld, class=%ld, pri=%ld, nrcpts=%d",
-		e->e_msgsize, e->e_class, e->e_msgpriority, e->e_nrcpts);
+		  "size=%ld, class=%ld, nrcpts=%d",
+		  e->e_msgsize, e->e_class, e->e_nrcpts);
 	if (msgid != NULL)
 		sm_syslog(LOG_INFO, e->e_id,
-			"msgid=%s",
-			shortenstring(mbuf, 83));
+			  "msgid=%s",
+			  shortenstring(mbuf, 83));
 	sbp = sbuf;
 	*sbp = '\0';
 	if (e->e_bodytype != NULL)
@@ -764,8 +934,8 @@ logsender(e, msgid)
 		sbp += strlen(sbp);
 	}
 	sm_syslog(LOG_INFO, e->e_id,
-		"%.400srelay=%.100s", sbuf, name);
-#  endif
+		  "%.400srelay=%.100s", sbuf, name);
+#endif /* (SYSLOG_BUFSIZE) >= 256 */
 }
 /*
 **  PRIENCODE -- encode external priority names into internal values.
@@ -780,7 +950,7 @@ logsender(e, msgid)
 **		none.
 */
 
-int
+static int
 priencode(p)
 	char *p;
 {
@@ -788,12 +958,12 @@ priencode(p)
 
 	for (i = 0; i < NumPriorities; i++)
 	{
-		if (!strcasecmp(p, Priorities[i].pri_name))
-			return (Priorities[i].pri_val);
+		if (strcasecmp(p, Priorities[i].pri_name) == 0)
+			return Priorities[i].pri_val;
 	}
 
 	/* unknown priority */
-	return (0);
+	return 0;
 }
 /*
 **  CRACKADDR -- parse an address and turn it into a macro
@@ -848,7 +1018,7 @@ crackaddr(addr)
 	static char buf[MAXNAME + 1];
 
 	if (tTd(33, 1))
-		printf("crackaddr(%s)\n", addr);
+		dprintf("crackaddr(%s)\n", addr);
 
 	/* strip leading spaces */
 	while (*addr != '\0' && isascii(*addr) && isspace(*addr))
@@ -1147,19 +1317,19 @@ crackaddr(addr)
 
 	if (tTd(33, 1))
 	{
-		printf("crackaddr=>`");
+		dprintf("crackaddr=>`");
 		xputs(buf);
-		printf("'\n");
+		dprintf("'\n");
 	}
 
-	return (buf);
+	return buf;
 }
 /*
 **  PUTHEADER -- put the header part of a message from the in-core copy
 **
 **	Parameters:
 **		mci -- the connection information.
-**		h -- the header to put.
+**		hdr -- the header to put.
 **		e -- envelope to use.
 **		flags -- MIME conversion flags.
 **
@@ -1175,7 +1345,7 @@ crackaddr(addr)
  */
 #ifndef MAX
 # define MAX(a,b) (((a)>(b))?(a):(b))
-#endif
+#endif /* ! MAX */
 
 void
 putheader(mci, hdr, e, flags)
@@ -1189,7 +1359,7 @@ putheader(mci, hdr, e, flags)
 	char obuf[MAXLINE];
 
 	if (tTd(34, 1))
-		printf("--- putheader, mailer = %s ---\n",
+		dprintf("--- putheader, mailer = %s ---\n",
 			mci->mci_mailer->m_name);
 
 	/*
@@ -1204,30 +1374,30 @@ putheader(mci, hdr, e, flags)
 	for (h = hdr; h != NULL; h = h->h_link)
 	{
 		register char *p = h->h_value;
-		extern bool bitintersect __P((BITMAP, BITMAP));
 
 		if (tTd(34, 11))
 		{
-			printf("  %s: ", h->h_field);
+			dprintf("  %s: ", h->h_field);
 			xputs(p);
 		}
 
-#if _FFR_MAX_MIME_HEADER_LENGTH
+		/* Skip empty headers */
+		if (h->h_value == NULL)
+			continue;
+
 		/* heuristic shortening of MIME fields to avoid MUA overflows */
 		if (MaxMimeFieldLength > 0 &&
 		    wordinclass(h->h_field,
 				macid("{checkMIMEFieldHeaders}", NULL)))
 		{
-			extern bool fix_mime_header __P((char *));
-
 			if (fix_mime_header(h->h_value))
 			{
 				sm_syslog(LOG_ALERT, e->e_id,
-				  	"Truncated MIME %s header due to field size (possible attack)",
-				  	h->h_field);
+					  "Truncated MIME %s header due to field size (possible attack)",
+					  h->h_field);
 				if (tTd(34, 11))
-				  	printf("  truncated MIME %s header due to field size (possible attack)\n",
-					  	h->h_field);
+					dprintf("  truncated MIME %s header due to field size (possible attack)\n",
+						h->h_field);
 			}
 		}
 
@@ -1235,15 +1405,15 @@ putheader(mci, hdr, e, flags)
 		    wordinclass(h->h_field,
 				macid("{checkMIMETextHeaders}", NULL)))
 		{
-			if (strlen(h->h_value) > MaxMimeHeaderLength)
+			if (strlen(h->h_value) > (size_t)MaxMimeHeaderLength)
 			{
 				h->h_value[MaxMimeHeaderLength - 1] = '\0';
 				sm_syslog(LOG_ALERT, e->e_id,
-				  	"Truncated long MIME %s header (possible attack)",
-				  	h->h_field);
+					  "Truncated long MIME %s header (possible attack)",
+					  h->h_field);
 				if (tTd(34, 11))
-				  	printf("  truncated long MIME %s header (possible attack)\n",
-					  	h->h_field);
+					dprintf("  truncated long MIME %s header (possible attack)\n",
+						h->h_field);
 			}
 		}
 
@@ -1251,19 +1421,16 @@ putheader(mci, hdr, e, flags)
 		    wordinclass(h->h_field,
 				macid("{checkMIMEHeaders}", NULL)))
 		{
-			extern bool shorten_rfc822_string __P((char *, int));
-
 			if (shorten_rfc822_string(h->h_value, MaxMimeHeaderLength))
 			{
 				sm_syslog(LOG_ALERT, e->e_id,
-				  	"Truncated long MIME %s header (possible attack)",
-				  	h->h_field);
+					  "Truncated long MIME %s header (possible attack)",
+					  h->h_field);
 				if (tTd(34, 11))
-				  	printf("  truncated long MIME %s header (possible attack)\n",
-					  	h->h_field);
+					dprintf("  truncated long MIME %s header (possible attack)\n",
+						h->h_field);
 			}
 		}
-#endif
 
 		/*
 		**  Suppress Content-Transfer-Encoding: if we are MIMEing
@@ -1277,23 +1444,25 @@ putheader(mci, hdr, e, flags)
 		    !bitset(M87F_NO8TO7, flags))
 		{
 			if (tTd(34, 11))
-				printf(" (skipped (content-transfer-encoding))\n");
+				dprintf(" (skipped (content-transfer-encoding))\n");
 			continue;
 		}
 
 		if (bitset(MCIF_INMIME, mci->mci_flags))
 		{
 			if (tTd(34, 11))
-				printf("\n");
+				dprintf("\n");
 			put_vanilla_header(h, p, mci);
 			continue;
 		}
 
 		if (bitset(H_CHECK|H_ACHECK, h->h_flags) &&
-		    !bitintersect(h->h_mflags, mci->mci_mailer->m_flags))
+		    !bitintersect(h->h_mflags, mci->mci_mailer->m_flags) &&
+		    (h->h_macro == '\0' ||
+		     macvalue(h->h_macro & 0377, e) == NULL))
 		{
 			if (tTd(34, 11))
-				printf(" (skipped)\n");
+				dprintf(" (skipped)\n");
 			continue;
 		}
 
@@ -1301,32 +1470,29 @@ putheader(mci, hdr, e, flags)
 		if (bitset(H_RESENT, h->h_flags) && !bitset(EF_RESENT, e->e_flags))
 		{
 			if (tTd(34, 11))
-				printf(" (skipped (resent))\n");
+				dprintf(" (skipped (resent))\n");
 			continue;
 		}
 
 		/* suppress return receipts if requested */
 		if (bitset(H_RECEIPTTO, h->h_flags) &&
-#if _FFR_DSN_RRT_OPTION
 		    (RrtImpliesDsn || bitset(EF_NORECEIPT, e->e_flags)))
-#else
-		    bitset(EF_NORECEIPT, e->e_flags))
-#endif
 		{
 			if (tTd(34, 11))
-				printf(" (skipped (receipt))\n");
+				dprintf(" (skipped (receipt))\n");
 			continue;
 		}
 
 		/* macro expand value if generated internally */
-		if (bitset(H_DEFAULT, h->h_flags))
+		if (bitset(H_DEFAULT, h->h_flags) ||
+		    bitset(H_BINDLATE, h->h_flags))
 		{
 			expand(p, buf, sizeof buf, e);
 			p = buf;
 			if (*p == '\0')
 			{
 				if (tTd(34, 11))
-					printf(" (skipped -- null value)\n");
+					dprintf(" (skipped -- null value)\n");
 				continue;
 			}
 		}
@@ -1337,7 +1503,7 @@ putheader(mci, hdr, e, flags)
 			if (bitset(EF_DELETE_BCC, e->e_flags))
 			{
 				if (tTd(34, 11))
-					printf(" (skipped -- bcc)\n");
+					dprintf(" (skipped -- bcc)\n");
 			}
 			else
 			{
@@ -1350,7 +1516,7 @@ putheader(mci, hdr, e, flags)
 		}
 
 		if (tTd(34, 11))
-			printf("\n");
+			dprintf("\n");
 
 		if (bitset(H_FROM|H_RCPT, h->h_flags))
 		{
@@ -1369,7 +1535,7 @@ putheader(mci, hdr, e, flags)
 
 	/*
 	**  If we are converting this to a MIME message, add the
-	**  MIME headers.
+	**  MIME headers (but not in MIME mode!).
 	*/
 
 #if MIME8TO7
@@ -1377,10 +1543,10 @@ putheader(mci, hdr, e, flags)
 	    bitset(EF_HAS8BIT, e->e_flags) &&
 	    !bitset(EF_DONT_MIME, e->e_flags) &&
 	    !bitnset(M_8BITS, mci->mci_mailer->m_flags) &&
-	    !bitset(MCIF_CVT8TO7|MCIF_CVT7TO8, mci->mci_flags))
+	    !bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME, mci->mci_flags) &&
+	    hvalue("MIME-Version", e->e_header) == NULL)
 	{
-		if (hvalue("MIME-Version", e->e_header) == NULL)
-			putline("MIME-Version: 1.0", mci);
+		putline("MIME-Version: 1.0", mci);
 		if (hvalue("Content-Type", e->e_header) == NULL)
 		{
 			snprintf(obuf, sizeof obuf,
@@ -1391,7 +1557,7 @@ putheader(mci, hdr, e, flags)
 		if (hvalue("Content-Transfer-Encoding", e->e_header) == NULL)
 			putline("Content-Transfer-Encoding: 8bit", mci);
 	}
-#endif
+#endif /* MIME8TO7 */
 }
 /*
 **  PUT_VANILLA_HEADER -- output a fairly ordinary header
@@ -1405,7 +1571,7 @@ putheader(mci, hdr, e, flags)
 **		none.
 */
 
-void
+static void
 put_vanilla_header(h, v, mci)
 	HDR *h;
 	char *v;
@@ -1417,10 +1583,8 @@ put_vanilla_header(h, v, mci)
 	char obuf[MAXLINE];
 
 	putflags = PXLF_HEADER;
-#if _FFR_7BITHDRS
 	if (bitnset(M_7BITHDRS, mci->mci_mailer->m_flags))
 		putflags |= PXLF_STRIP8BIT;
-#endif
 	(void) snprintf(obuf, sizeof obuf, "%.200s: ", h->h_field);
 	obp = obuf + strlen(obuf);
 	while ((nlp = strchr(v, '\n')) != NULL)
@@ -1428,7 +1592,7 @@ put_vanilla_header(h, v, mci)
 		int l;
 
 		l = nlp - v;
-		if (SPACELEFT(obuf, obp) - 1 < l)
+		if (SPACELEFT(obuf, obp) - 1 < (size_t)l)
 			l = SPACELEFT(obuf, obp) - 1;
 
 		snprintf(obp, SPACELEFT(obuf, obp), "%.*s", l, v);
@@ -1439,7 +1603,7 @@ put_vanilla_header(h, v, mci)
 			*obp++ = ' ';
 	}
 	snprintf(obp, SPACELEFT(obuf, obp), "%.*s",
-		sizeof obuf - (obp - obuf) - 1, v);
+		(int) sizeof obuf - (obp - obuf) - 1, v);
 	putxline(obuf, strlen(obuf), mci, putflags);
 }
 /*
@@ -1480,12 +1644,10 @@ commaize(h, p, oldstyle, mci, e)
 	*/
 
 	if (tTd(14, 2))
-		printf("commaize(%s: %s)\n", h->h_field, p);
+		dprintf("commaize(%s: %s)\n", h->h_field, p);
 
-#if _FFR_7BITHDRS
 	if (bitnset(M_7BITHDRS, mci->mci_mailer->m_flags))
 		putflags |= PXLF_STRIP8BIT;
-#endif
 
 	obp = obuf;
 	(void) snprintf(obp, SPACELEFT(obuf, obp), "%.200s: ", h->h_field);
@@ -1507,7 +1669,7 @@ commaize(h, p, oldstyle, mci, e)
 		register int c;
 		char savechar;
 		int flags;
-		auto int stat;
+		auto int status;
 
 		/*
 		**  Find the end of the name.  New style names
@@ -1562,16 +1724,15 @@ commaize(h, p, oldstyle, mci, e)
 		else if (e->e_from.q_mailer != NULL &&
 			 bitnset(M_UDBRECIPIENT, e->e_from.q_mailer->m_flags))
 		{
-			extern char *udbsender __P((char *));
 			char *q;
 
 			q = udbsender(name);
 			if (q != NULL)
 				name = q;
 		}
-#endif
-		stat = EX_OK;
-		name = remotename(name, mci->mci_mailer, flags, &stat, e);
+#endif /* USERDB */
+		status = EX_OK;
+		name = remotename(name, mci->mci_mailer, flags, &status, e);
 		if (*name == '\0')
 		{
 			*p = savechar;
@@ -1579,6 +1740,13 @@ commaize(h, p, oldstyle, mci, e)
 		}
 		name = denlstring(name, FALSE, TRUE);
 
+		/*
+		**  record data progress so DNS timeouts
+		**  don't cause DATA timeouts
+		*/
+
+		DataProgress = TRUE;
+
 		/* output the name with nice formatting */
 		opos += strlen(name);
 		if (!firstone)
@@ -1588,7 +1756,7 @@ commaize(h, p, oldstyle, mci, e)
 			snprintf(obp, SPACELEFT(obuf, obp), ",\n");
 			putxline(obuf, strlen(obuf), mci, putflags);
 			obp = obuf;
-			(void) strcpy(obp, "        ");
+			(void) strlcpy(obp, "        ", sizeof obp);
 			opos = strlen(obp);
 			obp += opos;
 			opos += strlen(name);
@@ -1632,14 +1800,14 @@ copyheader(header)
 
 	while (header != NULL)
 	{
-		newhdr = (HDR *) xalloc(sizeof(HDR));
+		newhdr = (HDR *) xalloc(sizeof *newhdr);
 		STRUCTCOPY(*header, *newhdr);
 		*tail = newhdr;
 		tail = &newhdr->h_link;
 		header = header->h_link;
 	}
 	*tail = NULL;
-	
+
 	return ret;
 }
 /*
@@ -1659,40 +1827,38 @@ copyheader(header)
 **		string modified in place
 */
 
-bool
+static bool
 fix_mime_header(string)
 	char *string;
 {
 	bool modified = FALSE;
 	char *begin = string;
 	char *end;
-	extern char *find_character __P((char *, char));
-	extern bool shorten_rfc822_string __P((char *, int));
-	
+
 	if (string == NULL || *string == '\0')
 		return FALSE;
-	
+
 	/* Split on each ';' */
 	while ((end = find_character(begin, ';')) != NULL)
 	{
 		char save = *end;
 		char *bp;
-		
+
 		*end = '\0';
-		
+
 		/* Shorten individual parameter */
 		if (shorten_rfc822_string(begin, MaxMimeFieldLength))
 			modified = TRUE;
-		
+
 		/* Collapse the possibly shortened string with rest */
 		bp = begin + strlen(begin);
 		if (bp != end)
 		{
 			char *ep = end;
-			
+
 			*end = save;
 			end = bp;
-			
+
 			/* copy character by character due to overlap */
 			while (*ep != '\0')
 				*bp++ = *ep++;
@@ -1702,7 +1868,7 @@ fix_mime_header(string)
 			*end = save;
 		if (*end == '\0')
 			break;
-		
+
 		/* Move past ';' */
 		begin = end + 1;
 	}
diff --git a/contrib/sendmail/src/helpfile b/contrib/sendmail/src/helpfile
new file mode 100644
index 0000000..2563d2e
--- /dev/null
+++ b/contrib/sendmail/src/helpfile
@@ -0,0 +1,136 @@
+#vers	2
+cpyr
+cpyr	Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+cpyr	    All rights reserved.
+cpyr	Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
+cpyr	Copyright (c) 1988, 1993
+cpyr	    The Regents of the University of California.  All rights reserved.
+cpyr
+cpyr
+cpyr	By using this file, you agree to the terms and conditions set
+cpyr	forth in the LICENSE file which can be found at the top level of
+cpyr	the sendmail distribution.
+cpyr
+cpyr	$$Id: helpfile,v 8.31.16.3 2000/07/19 18:54:55 gshapiro Exp $$
+cpyr
+smtp	This is sendmail version $v
+smtp	Topics:
+smtp		HELO	EHLO	MAIL	RCPT	DATA
+smtp		RSET	NOOP	QUIT	HELP	VRFY
+smtp		EXPN	VERB	ETRN	DSN	AUTH
+smtp		STARTTLS
+smtp	For more info use "HELP <topic>".
+smtp	To report bugs in the implementation send email to
+smtp		sendmail-bugs@sendmail.org.
+smtp	For local information send email to Postmaster at your site.
+help	HELP [ <topic> ]
+help		The HELP command gives help info.
+helo	HELO <hostname>
+helo		Introduce yourself.
+ehlo	EHLO <hostname>
+ehlo		Introduce yourself, and request extended SMTP mode.
+ehlo	Possible replies include:
+ehlo		SEND		Send as mail			[RFC821]
+ehlo		SOML		Send as mail or terminal	[RFC821]
+ehlo		SAML		Send as mail and terminal	[RFC821]
+ehlo		EXPN		Expand the mailing list		[RFC821]
+ehlo		HELP		Supply helpful information	[RFC821]
+ehlo		TURN		Turn the operation around	[RFC821]
+ehlo		8BITMIME	Use 8-bit data			[RFC1652]
+ehlo		SIZE		Message size declaration	[RFC1870]
+ehlo		VERB		Verbose				[Allman]
+ehlo		ONEX		One message transaction only	[Allman]
+ehlo		CHUNKING	Chunking			[RFC1830]
+ehlo		BINARYMIME	Binary MIME			[RFC1830]
+ehlo		PIPELINING	Command Pipelining		[RFC1854]
+ehlo		DSN		Delivery Status Notification	[RFC1891]
+ehlo		ETRN		Remote Message Queue Starting	[RFC1985]
+ehlo		STARTTLS	Secure SMTP			[RFC2487]
+ehlo		AUTH		Authentication			[RFC2554]
+ehlo		XUSR		Initial (user) submission	[Allman]
+ehlo		ENHANCEDSTATUSCODES	Enhanced status codes	[RFC2034]
+mail	MAIL FROM: <sender> [ <parameters> ]
+mail		Specifies the sender.  Parameters are ESMTP extensions.
+mail		See "HELP DSN" for details.
+rcpt	RCPT TO: <recipient> [ <parameters> ]
+rcpt		Specifies the recipient.  Can be used any number of times.
+rcpt		Parameters are ESMTP extensions.  See "HELP DSN" for details.
+data	DATA
+data		Following text is collected as the message.
+data		End with a single dot.
+rset	RSET
+rset		Resets the system.
+quit	QUIT
+quit		Exit sendmail (SMTP).
+auth	AUTH mechanism [initial-response]
+auth		Start authentication.
+starttls	STARTTLS
+starttls		Start TLS negotiation.
+verb	VERB
+verb		Go into verbose mode.  This sends 0xy responses that are
+verb		not RFC821 standard (but should be)  They are recognized
+verb		by humans and other sendmail implementations.
+vrfy	VRFY <recipient>
+vrfy		Verify an address.  If you want to see what it aliases
+vrfy		to, use EXPN instead.
+expn	EXPN <recipient>
+expn		Expand an address.  If the address indicates a mailing
+expn		list, return the contents of that list.
+noop	NOOP
+noop		Do nothing.
+send	SEND FROM: <sender>
+send		replaces the MAIL command, and can be used to send
+send		directly to a users terminal.  Not supported in this
+send		implementation.
+soml	SOML FROM: <sender>
+soml		Send or mail.  If the user is logged in, send directly,
+soml		otherwise mail.  Not supported in this implementation.
+saml	SAML FROM: <sender>
+saml		Send and mail.  Send directly to the user's terminal,
+saml		and also mail a letter.  Not supported in this
+saml		implementation.
+turn	TURN
+turn		Reverses the direction of the connection.  Not currently
+turn		implemented.
+etrn	ETRN [ <hostname> | @<domain> | #<queuename> ]
+etrn		Run the queue for the specified <hostname>, or
+etrn		all hosts within a given <domain>, or a specially-named
+etrn		<queuename> (implementation-specific).
+dsn	MAIL FROM: <sender> [ RET={ FULL | HDRS} ] [ ENVID=<envid> ]
+dsn	RCPT TO: <recipient> [ NOTIFY={NEVER,SUCCESS,FAILURE,DELAY} ]
+dsn			     [ ORCPT=<recipient> ]
+dsn		SMTP Delivery Status Notifications.
+dsn	Descriptions:
+dsn		RET	Return either the full message or only headers.
+dsn		ENVID	Sender's "envelope identifier" for tracking.
+dsn		NOTIFY	When to send a DSN. Multiple options are OK, comma-
+dsn			delimited. NEVER must appear by itself.
+dsn		ORCPT	Original recipient.
+-bt	Help for test mode:
+-bt	?		 :this help message.
+-bt	.Dmvalue	 :define macro `m' to `value'.
+-bt	.Ccvalue	 :add `value' to class `c'.
+-bt	=Sruleset	 :dump the contents of the indicated ruleset.
+-bt	=M		 :display the known mailers.
+-bt	-ddebug-spec	 :equivalent to the command-line -d debug flag.
+-bt	$$m		 :print the value of macro $$m.
+-bt	$$=c		 :print the contents of class $$=c.
+-bt	/mx host	 :returns the MX records for `host'.
+-bt	/parse address	 :parse address, returning the value of crackaddr, and
+-bt			  the parsed address.
+-bt	/try mailer addr :rewrite address into the form it will have when
+-bt			  presented to the indicated mailer.
+-bt	/tryflags flags	 :set flags used by parsing.  The flags can be `H' for
+-bt			  Header or `E' for Envelope, and `S' for Sender or `R'
+-bt			  for Recipient.  These can be combined, `HR' sets
+-bt			  flags for header recipients.
+-bt	/canon hostname	 :try to canonify hostname.
+-bt	/map mapname key :look up `key' in the indicated `mapname'.
+-bt	/quit		 :quit address test mode.
+-bt	rules addr	 :run the indicated address through the named rules.
+-bt			  Rules can be a comma separated list of rules.
+control	Help for smcontrol:
+control	help		This message.
+control	restart		Restart sendmail.
+control	shutdown	Shutdown sendmail.
+control	status		Show sendmail status.
diff --git a/contrib/sendmail/src/macro.c b/contrib/sendmail/src/macro.c
index d45a0c7..f0e1db2 100644
--- a/contrib/sendmail/src/macro.c
+++ b/contrib/sendmail/src/macro.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,10 +12,10 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)macro.c	8.26 (Berkeley) 11/8/1998";
-#endif /* not lint */
+static char id[] = "@(#)$Id: macro.c,v 8.40.16.1 2000/05/25 18:56:15 gshapiro Exp $";
+#endif /* ! lint */
 
-# include "sendmail.h"
+#include <sendmail.h>
 
 char	*MacroName[256];	/* macro id to name table */
 int	NextMacroId = 0240;	/* codes for long named macros */
@@ -55,9 +56,9 @@ expand(s, buf, bufsize, e)
 
 	if (tTd(35, 24))
 	{
-		printf("expand(");
+		dprintf("expand(");
 		xputs(s);
-		printf(")\n");
+		dprintf(")\n");
 	}
 
 	skipping = FALSE;
@@ -84,7 +85,12 @@ expand(s, buf, bufsize, e)
 			if (skipping)
 				skiplev++;
 			else
-				skipping = macvalue(c, e) == NULL;
+			{
+				char *mv;
+
+				mv = macvalue(c, e);
+				skipping = (mv == NULL || *mv == '\0');
+			}
 			continue;
 
 		  case CONDELSE:	/* change state of skipping */
@@ -142,9 +148,9 @@ expand(s, buf, bufsize, e)
 
 	if (tTd(35, 24))
 	{
-		printf("expand ==> ");
+		dprintf("expand ==> ");
 		xputs(xbuf);
-		printf("\n");
+		dprintf("\n");
 	}
 
 	/* recurse as appropriate */
@@ -163,9 +169,9 @@ expand(s, buf, bufsize, e)
 
 	/* copy results out */
 	i = xp - xbuf;
-	if (i >= bufsize)
+	if ((size_t)i >= bufsize)
 		i = bufsize - 1;
-	bcopy(xbuf, buf, i);
+	memmove(buf, xbuf, i);
 	buf[i] = '\0';
 }
 /*
@@ -239,14 +245,27 @@ define(n, v, e)
 	char *v;
 	register ENVELOPE *e;
 {
+	int m;
+
+	m = n & 0377;
 	if (tTd(35, 9))
 	{
-		printf("%sdefine(%s as ", 
-		    (e->e_macro[n & 0377] == NULL) ? "" : "re", macname(n));
+		dprintf("%sdefine(%s as ",
+			(e->e_macro[m] == NULL) ? ""
+						: "re", macname(n));
 		xputs(v);
-		printf(")\n");
+		dprintf(")\n");
 	}
-	e->e_macro[n & 0377] = v;
+	e->e_macro[m] = v;
+
+#if _FFR_RESET_MACRO_GLOBALS
+	switch (m)
+	{
+	  case 'j':
+		MyHostName = v;
+		break;
+	}
+#endif /* _FFR_RESET_MACRO_GLOBALS */
 }
 /*
 **  MACVALUE -- return uninterpreted value of a macro.
@@ -272,10 +291,10 @@ macvalue(n, e)
 		register char *p = e->e_macro[n];
 
 		if (p != NULL)
-			return (p);
+			return p;
 		e = e->e_parent;
 	}
-	return (NULL);
+	return NULL;
 }
 /*
 **  MACNAME -- return the name of a macro given its internal id
@@ -337,9 +356,9 @@ macid(p, ep)
 
 	if (tTd(35, 14))
 	{
-		printf("macid(");
+		dprintf("macid(");
 		xputs(p);
-		printf(") => ");
+		dprintf(") => ");
 	}
 
 	if (*p == '\0' || (p[0] == '{' && p[1] == '}'))
@@ -348,7 +367,7 @@ macid(p, ep)
 		if (ep != NULL)
 			*ep = p;
 		if (tTd(35, 14))
-			printf("NULL\n");
+			dprintf("NULL\n");
 		return '\0';
 	}
 	if (*p != '{')
@@ -357,7 +376,7 @@ macid(p, ep)
 		if (ep != NULL)
 			*ep = p + 1;
 		if (tTd(35, 14))
-			printf("%c\n", *p);
+			dprintf("%c\n", *p);
 		return *p;
 	}
 	bp = mbuf;
@@ -394,7 +413,7 @@ macid(p, ep)
 			mid = s->s_macro;
 		else
 		{
-			if (NextMacroId > 0377)
+			if (NextMacroId > MAXMACROID)
 			{
 				syserr("Macro/class {%s}: too many long names", mbuf);
 				s->s_macro = -1;
@@ -410,7 +429,7 @@ macid(p, ep)
 	if (ep != NULL)
 		*ep = p;
 	if (tTd(35, 14))
-		printf("0x%x\n", mid);
+		dprintf("0x%x\n", mid);
 	return mid;
 }
 /*
diff --git a/contrib/sendmail/src/mailq.1 b/contrib/sendmail/src/mailq.1
index 8b6e63a..20be6a0 100644
--- a/contrib/sendmail/src/mailq.1
+++ b/contrib/sendmail/src/mailq.1
@@ -1,4 +1,5 @@
-.\" Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+.\" Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+.\"	 All rights reserved.
 .\" Copyright (c) 1983, 1997 Eric P. Allman.  All rights reserved.
 .\" Copyright (c) 1985, 1990, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -8,60 +9,63 @@
 .\" the sendmail distribution.
 .\"
 .\"
-.\"     @(#)mailq.1	8.10 (Berkeley) 5/19/1998
+.\"     $Id: mailq.1,v 8.14.28.1 2000/07/14 05:07:01 gshapiro Exp $
 .\"
-.Dd May 19, 1998
-.Dt MAILQ 1
-.Os BSD 4
-.Sh NAME
-.Nm mailq
-.Nd print the mail queue
-.Sh SYNOPSIS
-.Nm mailq
-.Op Fl v
-.Sh DESCRIPTION
-.Nm Mailq
+.TH MAILQ 1 "$Date: 2000/07/14 05:07:01 $"
+.SH NAME
+.B mailq
+\- print the mail queue
+.SH SYNOPSIS
+.B mailq
+.RB [ \-v ]
+.SH DESCRIPTION
+.B Mailq
 prints a summary of the mail messages queued for future delivery.
-.Pp
-The first line printed for each message
-shows the internal identifier used on this host
-for the message,
+.PP
+The first line printed for each message 
+shows the internal identifier used on this host 
+for the message with a possible status character, 
 the size of the message in bytes,
-the date and time the message was accepted into the queue,
-and the envelope sender of the message.
-The second line shows the error message that caused this message
-to be retained in the queue;
-it will not be present if the message is being processed
-for the first time.
-The following lines show message recipients,
+the date and time the message was accepted into the queue, 
+and the envelope sender of the message.  
+The second line shows the error message that caused this message 
+to be retained in the queue; 
+it will not be present if the message is being processed 
+for the first time.  
+The status characters are either
+.B *
+to indicate the job is being processed;
+.B X
+to indicate that the load is too high to process the job; and
+.B -
+to indicate that the job is too young to process.
+The following lines show message recipients, 
 one per line.
-.Pp
-.Nm Mailq
-is identical to
-.Dq Li "sendmail -bp" .
-.Pp
+.PP
+.B Mailq
+is identical to ``sendmail -bp''.
+.PP
 The options are as follows:
-.Bl -tag -width Ds
-.It Fl v
-Print verbose information.
-This adds the priority of the message and
-a single character indicator (``+'' or blank)
-indicating whether a warning message has been sent
+.TP
+.B \-v
+Print verbose information.  
+This adds the priority of the message and 
+a single character indicator (``+'' or blank) 
+indicating whether a warning message has been sent 
 on the first line of the message.
 Additionally, extra lines may be intermixed with the recipients
-indicating the ``controlling user'' information;
-this shows who will own any programs that are executed
-on behalf of this message
+indicating the ``controlling user'' information; 
+this shows who will own any programs that are executed 
+on behalf of this message 
 and the name of the alias this command expanded from, if any.
-.El
-.Pp
+.PP
 The
-.Nm mailq
+.B mailq
 utility exits 0 on success, and >0 if an error occurs.
-.Sh SEE ALSO
-.Xr sendmail 8
-.Sh HISTORY
+.SH SEE ALSO
+sendmail(8)
+.SH HISTORY
 The
-.Nm mailq
-command appeared in
-.Bx 4.0 .
+.B mailq
+command appeared in 
+4.0BSD.
diff --git a/contrib/sendmail/src/main.c b/contrib/sendmail/src/main.c
index cb6fd57..7b66e0c 100644
--- a/contrib/sendmail/src/main.c
+++ b/contrib/sendmail/src/main.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -12,24 +13,29 @@
 
 #ifndef lint
 static char copyright[] =
-"@(#) Copyright (c) 1998 Sendmail, Inc.  All rights reserved.\n\
+"@(#) Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.\n\
+	All rights reserved.\n\
      Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.\n\
      Copyright (c) 1988, 1993\n\
 	The Regents of the University of California.  All rights reserved.\n";
-#endif /* not lint */
+#endif /* ! lint */
 
 #ifndef lint
-static char sccsid[] = "@(#)main.c	8.322 (Berkeley) 12/18/1998";
-#endif /* not lint */
+static char id[] = "@(#)$Id: main.c,v 8.485.4.19 2000/06/29 01:31:02 gshapiro Exp $";
+#endif /* ! lint */
 
 #define	_DEFINE
 
-#include "sendmail.h"
-#include <arpa/inet.h>
-#include <grp.h>
-#if NAMED_BIND
-#include <resolv.h>
-#endif
+#include <sendmail.h>
+
+
+#if NETINET || NETINET6
+# include <arpa/inet.h>
+#endif /* NETINET || NETINET6 */
+
+static void	dump_class __P((STAB *, int));
+static void	obsolete __P((char **));
+static void	testmodeline __P((char *, ENVELOPE *));
 
 /*
 **  SENDMAIL -- Post mail to a set of destinations.
@@ -39,7 +45,7 @@ static char sccsid[] = "@(#)main.c	8.322 (Berkeley) 12/18/1998";
 **	turn calls a bunch of mail servers that do the real work of
 **	delivering the mail.
 **
-**	Sendmail is driven by settings read in from /etc/sendmail.cf
+**	Sendmail is driven by settings read in from /etc/mail/sendmail.cf
 **	(read by readcf.c).
 **
 **	Usage:
@@ -65,30 +71,37 @@ static char sccsid[] = "@(#)main.c	8.322 (Berkeley) 12/18/1998";
 int		NextMailer;	/* "free" index into Mailer struct */
 char		*FullName;	/* sender's full name */
 ENVELOPE	BlankEnvelope;	/* a "blank" envelope */
-ENVELOPE	MainEnvelope;	/* the envelope around the basic letter */
+static ENVELOPE	MainEnvelope;	/* the envelope around the basic letter */
 ADDRESS		NullAddress =	/* a null address */
 		{ "", "", NULL, "" };
 char		*CommandLineArgs;	/* command line args for pid file */
 bool		Warn_Q_option = FALSE;	/* warn about Q option use */
 char		**SaveArgv;	/* argument vector for re-execing */
-int		MissingFds = 0;	/* bit map of fds missing on startup */
+static int	MissingFds = 0;	/* bit map of fds missing on startup */
 
 #ifdef NGROUPS_MAX
 GIDSET_T	InitialGidSet[NGROUPS_MAX];
-#endif
-
-static void	obsolete __P((char **));
-extern void	printmailer __P((MAILER *));
-extern void	tTflag __P((char *));
+#endif /* NGROUPS_MAX */
 
 #if DAEMON && !SMTP
 ERROR %%%%   Cannot have DAEMON mode without SMTP   %%%% ERROR
 #endif /* DAEMON && !SMTP */
 #if SMTP && !QUEUE
 ERROR %%%%   Cannot have SMTP mode without QUEUE   %%%% ERROR
-#endif /* DAEMON && !SMTP */
+#endif /* SMTP && !QUEUE */
 
-#define MAXCONFIGLEVEL	8	/* highest config version level known */
+#define MAXCONFIGLEVEL	9	/* highest config version level known */
+
+#if SASL
+static sasl_callback_t srvcallbacks[] =
+{
+	{	SASL_CB_VERIFYFILE,	&safesaslfile,	NULL	},
+	{	SASL_CB_PROXY_POLICY,	&proxy_policy,	NULL	},
+	{	SASL_CB_LIST_END,	NULL,		NULL	}
+};
+#endif /* SASL */
+
+int SubmitMode;
 
 int
 main(argc, argv, envp)
@@ -103,16 +116,21 @@ main(argc, argv, envp)
 	STAB *st;
 	register int i;
 	int j;
-	bool queuemode = FALSE;		/* process queue requests */
+	int dp;
 	bool safecf = TRUE;
+	BITMAP256 *p_flags = NULL;	/* daemon flags */
 	bool warn_C_flag = FALSE;
+	bool auth = TRUE;		/* whether to set e_auth_param */
 	char warn_f_flag = '\0';
 	bool run_in_foreground = FALSE;	/* -bD mode */
 	static bool reenter = FALSE;
 	struct passwd *pw;
 	struct hostent *hp;
 	char *nullserver = NULL;
+	char *authinfo = NULL;
+	char *sysloglabel = NULL;	/* label for syslog */
 	bool forged;
+	struct stat traf_st;		/* for TrafficLog FIFO check */
 	char jbuf[MAXHOSTNAMELEN];	/* holds MyHostName */
 	static char rnamebuf[MAXNAME];	/* holds RealUserName */
 	char *emptyenviron[1];
@@ -122,31 +140,6 @@ main(argc, argv, envp)
 	extern int opterr;
 	extern char *optarg;
 	extern char **environ;
-	extern time_t convtime __P((char *, char));
-	extern SIGFUNC_DECL intsig __P((int));
-	extern struct hostent *myhostname __P((char *, int));
-	extern char *getauthinfo __P((int, bool *));
-	extern char *getcfname __P((void));
-	extern SIGFUNC_DECL sigusr1 __P((int));
-	extern SIGFUNC_DECL sighup __P((int));
-	extern SIGFUNC_DECL quiesce __P((int));
-	extern void initmacros __P((ENVELOPE *));
-	extern void init_md __P((int, char **));
-	extern int getdtsize __P((void));
-	extern void tTsetup __P((u_char *, int, char *));
-	extern void setdefaults __P((ENVELOPE *));
-	extern void initsetproctitle __P((int, char **, char **));
-	extern void init_vendor_macros __P((ENVELOPE *));
-	extern void load_if_names __P((void));
-	extern void vendor_pre_defaults __P((ENVELOPE *));
-	extern void vendor_post_defaults __P((ENVELOPE *));
-	extern void readcf __P((char *, bool, ENVELOPE *));
-	extern void printqueue __P((void));
-	extern void sendtoargv __P((char **, ENVELOPE *));
-	extern void resetlimits __P((void));
-#ifndef HASUNSETENV
-	extern void unsetenv __P((char *));
-#endif  
 
 	/*
 	**  Check to see if we reentered.
@@ -167,6 +160,7 @@ main(argc, argv, envp)
 	/* do machine-dependent initializations */
 	init_md(argc, argv);
 
+
 	/* in 4.4BSD, the table can be huge; impose a reasonable limit */
 	DtableSize = getdtsize();
 	if (DtableSize > 256)
@@ -190,12 +184,12 @@ main(argc, argv, envp)
 	errno = 0;
 
 #if LOG
-# ifdef LOG_MAIL
+#  ifdef LOG_MAIL
 	openlog("sendmail", LOG_PID, LOG_MAIL);
-# else 
+#  else /* LOG_MAIL */
 	openlog("sendmail", LOG_PID);
-# endif
-#endif 
+#  endif /* LOG_MAIL */
+#endif /* LOG */
 
 	if (MissingFds != 0)
 	{
@@ -203,11 +197,11 @@ main(argc, argv, envp)
 
 		mbuf[0] = '\0';
 		if (bitset(1 << STDIN_FILENO, MissingFds))
-			strcat(mbuf, ", stdin");
+			(void) strlcat(mbuf, ", stdin", sizeof mbuf);
 		if (bitset(1 << STDOUT_FILENO, MissingFds))
-			strcat(mbuf, ", stdout");
+			(void) strlcat(mbuf, ", stdout", sizeof mbuf);
 		if (bitset(1 << STDERR_FILENO, MissingFds))
-			strcat(mbuf, ", stderr");
+			(void) strlcat(mbuf, ", stderr", sizeof mbuf);
 		syserr("File descriptors missing on startup: %s", &mbuf[2]);
 	}
 
@@ -215,9 +209,18 @@ main(argc, argv, envp)
 	Errors = 0;
 	ExitStat = EX_OK;
 
+	SubmitMode = SUBMIT_UNKNOWN;
 #if XDEBUG
 	checkfd012("after openlog");
-#endif
+#endif /* XDEBUG */
+
+	/*
+	**  Seed the random number generator.
+	**  Used for queue file names, picking a queue directory, and
+	**  MX randomization.
+	*/
+
+	seed_random();
 
 	tTsetup(tTdvect, sizeof tTdvect, "0-99.1");
 
@@ -228,15 +231,16 @@ main(argc, argv, envp)
 		InitialGidSet[0] = (GID_T) -1;
 	while (i < NGROUPS_MAX)
 		InitialGidSet[i++] = InitialGidSet[0];
-#endif
+#endif /* NGROUPS_MAX */
 
 	/* drop group id privileges (RunAsUser not yet set) */
-	(void) drop_privileges(FALSE);
+	dp = drop_privileges(FALSE);
+	setstat(dp);
 
-#ifdef SIGUSR1
+# ifdef SIGUSR1
 	/* arrange to dump state on user-1 signal */
-	setsignal(SIGUSR1, sigusr1);
-#endif
+	(void) setsignal(SIGUSR1, sigusr1);
+# endif /* SIGUSR1 */
 
 	/* initialize for setproctitle */
 	initsetproctitle(argc, argv, envp);
@@ -248,15 +252,16 @@ main(argc, argv, envp)
 	**  Do a quick prescan of the argument list.
 	*/
 
+
 #if defined(__osf__) || defined(_AIX3)
-# define OPTIONS	"B:b:C:cd:e:F:f:h:IiM:mN:nO:o:p:q:R:r:sTtUV:vX:x"
-#endif
+# define OPTIONS	"B:b:C:cd:e:F:f:Gh:IiL:M:mN:nO:o:p:q:R:r:sTtUV:vX:x"
+#endif /* defined(__osf__) || defined(_AIX3) */
 #if defined(sony_news)
-# define OPTIONS	"B:b:C:cd:E:e:F:f:h:IiJ:M:mN:nO:o:p:q:R:r:sTtUV:vX:"
-#endif
+# define OPTIONS	"B:b:C:cd:E:e:F:f:Gh:IiJ:L:M:mN:nO:o:p:q:R:r:sTtUV:vX:"
+#endif /* defined(sony_news) */
 #ifndef OPTIONS
-# define OPTIONS	"B:b:C:cd:e:F:f:h:IiM:mN:nO:o:p:q:R:r:sTtUV:vX:"
-#endif
+# define OPTIONS	"B:b:C:cd:e:F:f:Gh:IiL:M:mN:nO:o:p:q:R:r:sTtUV:vX:"
+#endif /* ! OPTIONS */
 	opterr = 0;
 	while ((j = getopt(argc, argv, OPTIONS)) != -1)
 	{
@@ -273,10 +278,37 @@ main(argc, argv, envp)
 			tTflag(optarg);
 			setbuf(stdout, (char *) NULL);
 			break;
+
+		  case 'G':	/* relay (gateway) submission */
+			SubmitMode |= SUBMIT_MTA;
+			break;
+
+		  case 'L':
+			j = min(strlen(optarg), 24) + 1;
+			sysloglabel = xalloc(j);
+			(void) strlcpy(sysloglabel, optarg, j);
+			break;
+
+		  case 'U':	/* initial (user) submission */
+			SubmitMode |= SUBMIT_MSA;
+			break;
 		}
 	}
 	opterr = 1;
 
+	if (sysloglabel != NULL)
+	{
+#if LOG
+		closelog();
+#  ifdef LOG_MAIL
+		openlog(sysloglabel, LOG_PID, LOG_MAIL);
+#  else /* LOG_MAIL */
+		openlog(sysloglabel, LOG_PID);
+#  endif /* LOG_MAIL */
+#endif /* LOG */
+	}
+
+
 	/* set up the blank envelope */
 	BlankEnvelope.e_puthdr = putheader;
 	BlankEnvelope.e_putbody = putbody;
@@ -299,12 +331,14 @@ main(argc, argv, envp)
 	if (pw != NULL)
 		(void) snprintf(rnamebuf, sizeof rnamebuf, "%s", pw->pw_name);
 	else
-		(void) snprintf(rnamebuf, sizeof rnamebuf, "Unknown UID %d", RealUid);
+		(void) snprintf(rnamebuf, sizeof rnamebuf, "Unknown UID %d",
+				(int) RealUid);
+
 	RealUserName = rnamebuf;
 
 	if (tTd(0, 101))
 	{
-		printf("Version %s\n", Version);
+		dprintf("Version %s\n", Version);
 		finis(FALSE, EX_OK);
 	}
 
@@ -315,7 +349,7 @@ main(argc, argv, envp)
 	if (RealUid != 0 && geteuid() == RealUid)
 	{
 		if (tTd(47, 1))
-			printf("Non-setuid binary: RunAsUid = RealUid = %d\n",
+			dprintf("Non-setuid binary: RunAsUid = RealUid = %d\n",
 				(int)RealUid);
 		RunAsUid = RealUid;
 	}
@@ -327,25 +361,31 @@ main(argc, argv, envp)
 
 	if (tTd(47, 5))
 	{
-		printf("main: e/ruid = %d/%d e/rgid = %d/%d\n",
-			(int)geteuid(), (int)getuid(), (int)getegid(), (int)getgid());
-		printf("main: RunAsUser = %d:%d\n", (int)RunAsUid, (int)RunAsGid);
+		dprintf("main: e/ruid = %d/%d e/rgid = %d/%d\n",
+			(int)geteuid(), (int)getuid(),
+			(int)getegid(), (int)getgid());
+		dprintf("main: RunAsUser = %d:%d\n",
+			(int)RunAsUid, (int)RunAsGid);
 	}
 
 	/* save command line arguments */
-	i = 0;
+	j = 0;
 	for (av = argv; *av != NULL; )
-		i += strlen(*av++) + 1;
+		j += strlen(*av++) + 1;
 	SaveArgv = (char **) xalloc(sizeof (char *) * (argc + 1));
-	CommandLineArgs = xalloc(i);
+	CommandLineArgs = xalloc(j);
 	p = CommandLineArgs;
 	for (av = argv, i = 0; *av != NULL; )
 	{
+		int h;
+
 		SaveArgv[i++] = newstr(*av);
 		if (av != argv)
 			*p++ = ' ';
-		strcpy(p, *av++);
-		p += strlen(p);
+		(void) strlcpy(p, *av++, j);
+		h = strlen(p);
+		p += h;
+		j -= h + 1;
 	}
 	SaveArgv[i] = NULL;
 
@@ -354,59 +394,53 @@ main(argc, argv, envp)
 		int ll;
 		extern char *CompileOptions[];
 
-		printf("Version %s\n Compiled with:", Version);
+		dprintf("Version %s\n Compiled with:", Version);
 		av = CompileOptions;
 		ll = 7;
 		while (*av != NULL)
 		{
 			if (ll + strlen(*av) > 63)
 			{
-				putchar('\n');
+				dprintf("\n");
 				ll = 0;
 			}
 			if (ll == 0)
-			{
-				putchar('\t');
-				putchar('\t');
-			}
+				dprintf("\t\t");
 			else
-				putchar(' ');
-			printf("%s", *av);
+				dprintf(" ");
+			dprintf("%s", *av);
 			ll += strlen(*av++) + 1;
 		}
-		putchar('\n');
+		dprintf("\n");
 	}
 	if (tTd(0, 10))
 	{
 		int ll;
 		extern char *OsCompileOptions[];
 
-		printf("    OS Defines:");
+		dprintf("    OS Defines:");
 		av = OsCompileOptions;
 		ll = 7;
 		while (*av != NULL)
 		{
 			if (ll + strlen(*av) > 63)
 			{
-				putchar('\n');
+				dprintf("\n");
 				ll = 0;
 			}
 			if (ll == 0)
-			{
-				putchar('\t');
-				putchar('\t');
-			}
+				dprintf("\t\t");
 			else
-				putchar(' ');
-			printf("%s", *av);
+				dprintf(" ");
+			dprintf("%s", *av);
 			ll += strlen(*av++) + 1;
 		}
-		putchar('\n');
+		dprintf("\n");
 #ifdef _PATH_UNIX
-		printf("Kernel symbols:\t%s\n", _PATH_UNIX);
-#endif
-		printf(" Def Conf file:\t%s\n", getcfname());
-		printf("      Pid file:\t%s\n", PidFile);
+		dprintf("Kernel symbols:\t%s\n", _PATH_UNIX);
+#endif /* _PATH_UNIX */
+		dprintf(" Def Conf file:\t%s\n", getcfname());
+		dprintf("  Def Pid file:\t%s\n", PidFile);
 	}
 
 	InChannel = stdin;
@@ -428,8 +462,8 @@ main(argc, argv, envp)
 
 		tzlen = strlen(p) + 4;
 		tz = xalloc(tzlen);
-		snprintf(tz, tzlen, "TZ=%s", p);
-		putenv(tz);
+		(void) snprintf(tz, tzlen, "TZ=%s", p);
+		(void) putenv(tz);
 	}
 
 	/* prime the child environment */
@@ -449,15 +483,30 @@ main(argc, argv, envp)
 
 #if NAMED_BIND
 	if (!bitset(RES_INIT, _res.options))
-		res_init();
+		(void) res_init();
+
+	/*
+	**  hack to avoid crashes when debugging for the resolver is
+	**  turned on and sfio is used
+	*/
 	if (tTd(8, 8))
+# if !SFIO || SFIO_STDIO_COMPAT
 		_res.options |= RES_DEBUG;
+# else /* !SFIO || SFIO_STDIO_COMPAT */
+		dprintf("RES_DEBUG not available due to SFIO\n");
+# endif /* !SFIO || SFIO_STDIO_COMPAT */
 	else
 		_res.options &= ~RES_DEBUG;
 # ifdef RES_NOALIASES
 	_res.options |= RES_NOALIASES;
-# endif
-#endif
+# endif /* RES_NOALIASES */
+	TimeOuts.res_retry[RES_TO_DEFAULT] = _res.retry;
+	TimeOuts.res_retry[RES_TO_FIRST] = _res.retry;
+	TimeOuts.res_retry[RES_TO_NORMAL] = _res.retry;
+	TimeOuts.res_retrans[RES_TO_DEFAULT] = _res.retrans;
+	TimeOuts.res_retrans[RES_TO_FIRST] = _res.retrans;
+	TimeOuts.res_retrans[RES_TO_NORMAL] = _res.retrans;
+#endif /* NAMED_BIND */
 
 	errno = 0;
 	from = NULL;
@@ -476,7 +525,7 @@ main(argc, argv, envp)
 		struct	utsname	utsname;
 
 		if (tTd(0, 4))
-			printf("canonical name: %s\n", jbuf);
+			dprintf("canonical name: %s\n", jbuf);
 		define('w', newstr(jbuf), CurEnv);	/* must be new string */
 		define('j', newstr(jbuf), CurEnv);
 		setclass('w', jbuf);
@@ -492,7 +541,7 @@ main(argc, argv, envp)
 			{
 				*p = '\0';
 				if (tTd(0, 4))
-					printf("\ta.k.a.: %s\n", jbuf);
+					dprintf("\ta.k.a.: %s\n", jbuf);
 				setclass('w', jbuf);
 				*p++ = '.';
 				p = strchr(p, '.');
@@ -504,12 +553,13 @@ main(argc, argv, envp)
 		else
 		{
 			if (tTd(0, 22))
-				printf("uname failed (%s)\n", errstring(errno));
+				dprintf("uname failed (%s)\n",
+					errstring(errno));
 			makelower(jbuf);
 			p = jbuf;
 		}
 		if (tTd(0, 4))
-			printf(" UUCP nodename: %s\n", p);
+			dprintf(" UUCP nodename: %s\n", p);
 		p = newstr(p);
 		define('k', p, CurEnv);
 		setclass('k', p);
@@ -520,28 +570,63 @@ main(argc, argv, envp)
 		for (av = hp->h_aliases; av != NULL && *av != NULL; av++)
 		{
 			if (tTd(0, 4))
-				printf("\ta.k.a.: %s\n", *av);
+				dprintf("\ta.k.a.: %s\n", *av);
 			setclass('w', *av);
 		}
-#if NETINET
-		if (hp->h_addrtype == AF_INET && hp->h_length == INADDRSZ)
+#if NETINET || NETINET6
+		for (i = 0; hp->h_addr_list[i] != NULL; i++)
 		{
-			for (i = 0; hp->h_addr_list[i] != NULL; i++)
+# if NETINET6
+			char *addr;
+			char buf6[INET6_ADDRSTRLEN];
+			struct in6_addr ia6;
+# endif /* NETINET6 */
+# if NETINET
+			struct in_addr ia;
+# endif /* NETINET */
+			char ipbuf[103];
+
+			ipbuf[0] = '\0';
+			switch (hp->h_addrtype)
 			{
-				char ipbuf[103];
+# if NETINET
+			  case AF_INET:
+				if (hp->h_length != INADDRSZ)
+					break;
 
-				snprintf(ipbuf, sizeof ipbuf, "[%.100s]",
-					inet_ntoa(*((struct in_addr *) hp->h_addr_list[i])));
-				if (tTd(0, 4))
-					printf("\ta.k.a.: %s\n", ipbuf);
-				setclass('w', ipbuf);
+				memmove(&ia, hp->h_addr_list[i], INADDRSZ);
+				(void) snprintf(ipbuf,	 sizeof ipbuf,
+						"[%.100s]", inet_ntoa(ia));
+				break;
+# endif /* NETINET */
+
+# if NETINET6
+			  case AF_INET6:
+				if (hp->h_length != IN6ADDRSZ)
+					break;
+
+				memmove(&ia6, hp->h_addr_list[i], IN6ADDRSZ);
+				addr = anynet_ntop(&ia6, buf6, sizeof buf6);
+				if (addr != NULL)
+					(void) snprintf(ipbuf, sizeof ipbuf,
+							"[%.100s]", addr);
+				break;
+# endif /* NETINET6 */
 			}
+			if (ipbuf[0] == '\0')
+				break;
+
+			if (tTd(0, 4))
+				dprintf("\ta.k.a.: %s\n", ipbuf);
+			setclass('w', ipbuf);
 		}
-#endif
+#endif /* NETINET || NETINET6 */
 	}
 
 	/* current time */
 	define('b', arpadate((char *) NULL), CurEnv);
+	/* current load average */
+	CurrentLA = sm_getla(CurEnv);
 
 	QueueLimitRecipient = (QUEUE_CHAR *) NULL;
 	QueueLimitSender = (QUEUE_CHAR *) NULL;
@@ -576,17 +661,17 @@ main(argc, argv, envp)
 			{
 			  case MD_DAEMON:
 			  case MD_FGDAEMON:
-# if !DAEMON
+#if !DAEMON
 				usrerr("Daemon mode not implemented");
 				ExitStat = EX_USAGE;
 				break;
-# endif /* DAEMON */
+#endif /* !DAEMON */
 			  case MD_SMTP:
-# if !SMTP
+#if !SMTP
 				usrerr("I don't speak SMTP");
 				ExitStat = EX_USAGE;
 				break;
-# endif /* SMTP */
+#endif /* !SMTP */
 
 			  case MD_INITALIAS:
 			  case MD_DELIVER:
@@ -619,7 +704,8 @@ main(argc, argv, envp)
 			if (RealUid != 0)
 				warn_C_flag = TRUE;
 			ConfFile = optarg;
-			(void) drop_privileges(TRUE);
+			dp = drop_privileges(TRUE);
+			setstat(dp);
 			safecf = FALSE;
 			break;
 
@@ -643,21 +729,31 @@ main(argc, argv, envp)
 			FullName = newstr(optarg);
 			break;
 
+		  case 'G':	/* relay (gateway) submission */
+			/* already set */
+			break;
+
 		  case 'h':	/* hop count */
-			CurEnv->e_hopcount = strtol(optarg, &ep, 10);
+			CurEnv->e_hopcount = (short) strtol(optarg, &ep, 10);
 			if (*ep)
 			{
 				usrerr("Bad hop count (%s)", optarg);
 				ExitStat = EX_USAGE;
 			}
 			break;
-		
+
+		  case 'L':	/* program label */
+			/* already set */
+			break;
+
 		  case 'n':	/* don't alias */
 			NoAlias = TRUE;
 			break;
 
 		  case 'N':	/* delivery status notifications */
 			DefaultNotify |= QHASNOTIFY;
+			define(macid("{dsn_notify}", NULL),
+			       newstr(optarg), CurEnv);
 			if (strcasecmp(optarg, "never") == 0)
 				break;
 			for (p = optarg; p != NULL; optarg = p)
@@ -708,43 +804,61 @@ main(argc, argv, envp)
 			break;
 
 		  case 'q':	/* run queue files at intervals */
-# if QUEUE
+#if QUEUE
+			/* sanity check */
+			if (OpMode != MD_DELIVER &&
+			    OpMode != MD_DAEMON &&
+			    OpMode != MD_FGDAEMON &&
+			    OpMode != MD_PRINT &&
+			    OpMode != MD_QUEUERUN)
+			{
+				usrerr("Can not use -q with -b%c", OpMode);
+				ExitStat = EX_USAGE;
+				break;
+			}
+
+			/* don't override -bd, -bD or -bp */
+			if (OpMode == MD_DELIVER)
+				OpMode = MD_QUEUERUN;
+
 			FullName = NULL;
-			queuemode = TRUE;
+
 			switch (optarg[0])
 			{
 			  case 'I':
-				if ((new = (QUEUE_CHAR *)malloc(sizeof(QUEUE_CHAR))) == NULL)
-					syserr("!Out of memory!!");
+				new = (QUEUE_CHAR *) xalloc(sizeof *new);
 				new->queue_match = newstr(&optarg[1]);
 				new->queue_next = QueueLimitId;
 				QueueLimitId = new;
 				break;
 
 			  case 'R':
-				if ((new = (QUEUE_CHAR *)malloc(sizeof(QUEUE_CHAR))) == NULL)
-					syserr("!Out of memory!!");
+				new = (QUEUE_CHAR *) xalloc(sizeof *new);
 				new->queue_match = newstr(&optarg[1]);
 				new->queue_next = QueueLimitRecipient;
 				QueueLimitRecipient = new;
 				break;
 
 			  case 'S':
-				if ((new = (QUEUE_CHAR *)malloc(sizeof(QUEUE_CHAR))) == NULL)
-					syserr("!Out of memory!!");
+				new = (QUEUE_CHAR *) xalloc(sizeof *new);
 				new->queue_match = newstr(&optarg[1]);
 				new->queue_next = QueueLimitSender;
 				QueueLimitSender = new;
 				break;
 
 			  default:
+				i = Errors;
 				QueueIntvl = convtime(optarg, 'm');
+
+				/* check for bad conversion */
+				if (i < Errors)
+					ExitStat = EX_USAGE;
 				break;
 			}
-# else /* QUEUE */
+#else /* QUEUE */
 			usrerr("I don't know about queues");
 			ExitStat = EX_USAGE;
-# endif /* QUEUE */
+#endif /* QUEUE */
 			break;
 
 		  case 'R':	/* DSN RET: what to return */
@@ -762,6 +876,8 @@ main(argc, argv, envp)
 				usrerr("Invalid -R value");
 				ExitStat = EX_USAGE;
 			}
+			define(macid("{dsn_ret}", NULL),
+			       newstr(optarg), CurEnv);
 			break;
 
 		  case 't':	/* read recipients from message */
@@ -769,7 +885,7 @@ main(argc, argv, envp)
 			break;
 
 		  case 'U':	/* initial (user) submission */
-			UserSubmission = TRUE;
+			/* already set */
 			break;
 
 		  case 'V':	/* DSN ENVID: set "original" envelope id */
@@ -779,23 +895,32 @@ main(argc, argv, envp)
 				ExitStat = EX_USAGE;
 			}
 			else
+			{
 				CurEnv->e_envid = newstr(optarg);
+				define(macid("{dsn_envid}", NULL),
+				       newstr(optarg), CurEnv);
+			}
 			break;
 
 		  case 'X':	/* traffic log file */
-			(void) drop_privileges(TRUE);
-			TrafficLogFile = fopen(optarg, "a");
+			dp = drop_privileges(TRUE);
+			setstat(dp);
+			if (stat(optarg, &traf_st) == 0 &&
+			    S_ISFIFO(traf_st.st_mode))
+				TrafficLogFile = fopen(optarg, "w");
+			else
+				TrafficLogFile = fopen(optarg, "a");
 			if (TrafficLogFile == NULL)
 			{
 				syserr("cannot open %s", optarg);
 				ExitStat = EX_CANTCREAT;
 				break;
 			}
-#ifdef HASSETVBUF
-			setvbuf(TrafficLogFile, NULL, _IOLBF, 0);
-#else
-			setlinebuf(TrafficLogFile);
-#endif
+#if HASSETVBUF
+			(void) setvbuf(TrafficLogFile, NULL, _IOLBF, 0);
+#else /* HASSETVBUF */
+			(void) setlinebuf(TrafficLogFile);
+#endif /* HASSETVBUF */
 			break;
 
 			/* compatibility flags */
@@ -816,22 +941,22 @@ main(argc, argv, envp)
 			setoption('f', "T", FALSE, TRUE, CurEnv);
 			break;
 
-# ifdef DBM
+#ifdef DBM
 		  case 'I':	/* initialize alias DBM file */
 			OpMode = MD_INITALIAS;
 			break;
-# endif /* DBM */
+#endif /* DBM */
 
-# if defined(__osf__) || defined(_AIX3)
+#if defined(__osf__) || defined(_AIX3)
 		  case 'x':	/* random flag that OSF/1 & AIX mailx passes */
 			break;
-# endif
-# if defined(sony_news)
+#endif /* defined(__osf__) || defined(_AIX3) */
+#if defined(sony_news)
 		  case 'E':
 		  case 'J':	/* ignore flags for Japanese code conversion
-				   impremented on Sony NEWS */
+				   implemented on Sony NEWS */
 			break;
-# endif
+#endif /* defined(sony_news) */
 
 		  default:
 			finis(TRUE, EX_USAGE);
@@ -840,6 +965,35 @@ main(argc, argv, envp)
 	}
 	av += optind;
 
+	if (bitset(SUBMIT_MTA, SubmitMode) &&
+	    bitset(SUBMIT_MSA, SubmitMode))
+	{
+		/* sanity check */
+		errno = 0;	/* reset to avoid bogus error messages */
+		syserr("Cannot use both -G and -U together");
+	}
+	else if (bitset(SUBMIT_MTA, SubmitMode))
+		define(macid("{daemon_flags}", NULL), "CC f", CurEnv);
+	else if (bitset(SUBMIT_MSA, SubmitMode))
+	{
+		define(macid("{daemon_flags}", NULL), "c u", CurEnv);
+
+		/* check for wrong OpMode */
+		if (OpMode != MD_DELIVER && OpMode != MD_SMTP)
+		{
+			errno = 0;	/* reset to avoid bogus error msgs */
+			syserr("Cannot use -U and -b%c", OpMode);
+		}
+	}
+	else
+	{
+#if _FFR_DEFAULT_SUBMIT_TO_MSA
+		define(macid("{daemon_flags}", NULL), "c u", CurEnv);
+#else /* _FFR_DEFAULT_SUBMIT_TO_MSA */
+		/* EMPTY */
+#endif /* _FFR_DEFAULT_SUBMIT_TO_MSA */
+	}
+
 	/*
 	**  Do basic initialization.
 	**	Read system control file.
@@ -857,8 +1011,9 @@ main(argc, argv, envp)
 
 #if XDEBUG
 	checkfd012("before readcf");
-#endif
+#endif /* XDEBUG */
 	vendor_pre_defaults(CurEnv);
+
 	readcf(getcfname(), safecf, CurEnv);
 	ConfigFileRead = TRUE;
 	vendor_post_defaults(CurEnv);
@@ -878,15 +1033,21 @@ main(argc, argv, envp)
 	if (OpMode != MD_DAEMON && OpMode != MD_FGDAEMON)
 	{
 		/* drop privileges -- daemon mode done after socket/bind */
-		(void) drop_privileges(FALSE);
+		dp = drop_privileges(FALSE);
+		setstat(dp);
 	}
 
+#if NAMED_BIND
+	_res.retry = TimeOuts.res_retry[RES_TO_DEFAULT];
+	_res.retrans = TimeOuts.res_retrans[RES_TO_DEFAULT];
+#endif /* NAMED_BIND */
+
 	/*
 	**  Find our real host name for future logging.
 	*/
 
-	p = getauthinfo(STDIN_FILENO, &forged);
-	define('_', p, CurEnv);
+	authinfo = getauthinfo(STDIN_FILENO, &forged);
+	define('_', authinfo, CurEnv);
 
 	/* suppress error printing if errors mailed back or whatever */
 	if (CurEnv->e_errormode != EM_PRINT)
@@ -902,16 +1063,16 @@ main(argc, argv, envp)
 
 	if (tTd(0, 1))
 	{
-		printf("\n============ SYSTEM IDENTITY (after readcf) ============");
-		printf("\n      (short domain name) $w = ");
+		dprintf("\n============ SYSTEM IDENTITY (after readcf) ============");
+		dprintf("\n      (short domain name) $w = ");
 		xputs(macvalue('w', CurEnv));
-		printf("\n  (canonical domain name) $j = ");
+		dprintf("\n  (canonical domain name) $j = ");
 		xputs(macvalue('j', CurEnv));
-		printf("\n         (subdomain name) $m = ");
+		dprintf("\n         (subdomain name) $m = ");
 		xputs(macvalue('m', CurEnv));
-		printf("\n              (node name) $k = ");
+		dprintf("\n              (node name) $k = ");
 		xputs(macvalue('k', CurEnv));
-		printf("\n========================================================\n\n");
+		dprintf("\n========================================================\n\n");
 	}
 
 	/*
@@ -923,11 +1084,12 @@ main(argc, argv, envp)
 	if (warn_C_flag)
 		auth_warning(CurEnv, "Processed by %s with -C %s",
 			RealUserName, ConfFile);
-	if (Warn_Q_option)
+	if (Warn_Q_option && !wordinclass(RealUserName, 't'))
 		auth_warning(CurEnv, "Processed from queue %s", QueueDir);
 
 	/* check body type for legality */
 	if (CurEnv->e_bodytype == NULL)
+		/* EMPTY */
 		/* nothing */ ;
 	else if (strcasecmp(CurEnv->e_bodytype, "7BIT") == 0)
 		SevenBitInput = TRUE;
@@ -944,7 +1106,7 @@ main(argc, argv, envp)
 		DefaultNotify = QPINGONFAILURE|QPINGONDELAY;
 
 	/* be sure we don't pick up bogus HOSTALIASES environment variable */
-	if (queuemode && RealUid != 0)
+	if (OpMode == MD_QUEUERUN && RealUid != 0)
 		(void) unsetenv("HOSTALIASES");
 
 	/* check for sane configuration level */
@@ -977,10 +1139,10 @@ main(argc, argv, envp)
 	{
 		if (LogLevel > 1)
 			sm_syslog(LOG_ALERT, NOQID,
-				"user %d attempted to %s",
-				RealUid,
-				OpMode != MD_PURGESTAT ? "run daemon"
-						       : "purge host status");
+				  "user %d attempted to %s",
+				  RealUid,
+				  OpMode != MD_PURGESTAT ? "run daemon"
+							 : "purge host status");
 		usrerr("Permission denied");
 		finis(FALSE, EX_USAGE);
 	}
@@ -993,9 +1155,9 @@ main(argc, argv, envp)
 			sm_syslog(LOG_ALERT, NOQID,
 				  "user %d attempted to rebuild the alias map",
 				  RealUid);
- 		usrerr("Permission denied");
- 		finis(FALSE, EX_USAGE);
- 	}
+		usrerr("Permission denied");
+		finis(FALSE, EX_USAGE);
+	}
 
 	if (MeToo)
 		BlankEnvelope.e_flags |= EF_METOO;
@@ -1016,13 +1178,13 @@ main(argc, argv, envp)
 		HoldErrs = FALSE;
 		/* arrange to exit cleanly on hangup signal */
 		if (setsignal(SIGHUP, SIG_IGN) == (sigfunc_t) SIG_DFL)
-			setsignal(SIGHUP, intsig);
+			(void) setsignal(SIGHUP, intsig);
 		break;
 
 	  case MD_FGDAEMON:
 		run_in_foreground = TRUE;
 		OpMode = MD_DAEMON;
-		/* fall through ... */
+		/* FALLTHROUGH */
 
 	  case MD_DAEMON:
 		vendor_daemon_setup(CurEnv);
@@ -1034,28 +1196,23 @@ main(argc, argv, envp)
 		/* arrange to restart on hangup signal */
 		if (SaveArgv[0] == NULL || SaveArgv[0][0] != '/')
 			sm_syslog(LOG_WARNING, NOQID,
-				"daemon invoked without full pathname; kill -1 won't work");
-		setsignal(SIGHUP, sighup);
+				  "daemon invoked without full pathname; kill -1 won't work");
+		(void) setsignal(SIGHUP, sighup);
 
 		/* workaround: can't seem to release the signal in the parent */
-		releasesignal(SIGHUP);
+		(void) releasesignal(SIGHUP);
 		break;
 
 	  case MD_INITALIAS:
 		Verbose = 2;
 		CurEnv->e_errormode = EM_PRINT;
 		HoldErrs = FALSE;
-		/* fall through... */
-
-	  case MD_PRINT:
-		/* to handle sendmail -bp -qSfoobar properly */
-		queuemode = FALSE;
-		/* fall through... */
+		/* FALLTHROUGH */
 
 	  default:
 		/* arrange to exit cleanly on hangup signal */
 		if (setsignal(SIGHUP, SIG_IGN) == (sigfunc_t) SIG_DFL)
-			setsignal(SIGHUP, intsig);
+			(void) setsignal(SIGHUP, intsig);
 		break;
 	}
 
@@ -1063,18 +1220,15 @@ main(argc, argv, envp)
 	if (FullName != NULL)
 	{
 		char *full = NULL;
-		extern bool rfc822_string __P((char *));
 
 		/* full names can't have newlines */
-		if (strchr(FullName, '\n') != NULL) 
+		if (strchr(FullName, '\n') != NULL)
 		{
 			FullName = full = newstr(denlstring(FullName, TRUE, TRUE));
 		}
 		/* check for characters that may have to be quoted */
 		if (!rfc822_string(FullName))
 		{
-			extern char *addquotes __P((char *));
-
 			/*
 			**  Quote a full name with special characters
 			**  as a comment so crackaddr() doesn't destroy
@@ -1100,13 +1254,11 @@ main(argc, argv, envp)
 	/* check for vendor mismatch */
 	if (VendorCode != VENDOR_CODE)
 	{
-		extern char *getvendor __P((int));
-
 		message("Warning: .cf file vendor code mismatch: sendmail expects vendor %s, .cf file vendor is %s",
 			getvendor(VENDOR_CODE), getvendor(VendorCode));
 	}
-#endif
-	
+#endif /* VENDOR_CODE */
+
 	/* check for out of date configuration level */
 	if (ConfigLevel < MAXCONFIGLEVEL)
 	{
@@ -1115,9 +1267,7 @@ main(argc, argv, envp)
 	}
 
 	if (ConfigLevel < 3)
-	{
 		UseErrorsTo = TRUE;
-	}
 
 	/* set options that were previous macros */
 	if (SmtpGreeting == NULL)
@@ -1134,6 +1284,7 @@ main(argc, argv, envp)
 		else
 			UnixFromLine = "From \201g  \201d";
 	}
+	SmtpError[0] = '\0';
 
 	/* our name for SMTP codes */
 	expand("\201j", jbuf, sizeof jbuf, CurEnv);
@@ -1221,9 +1372,8 @@ main(argc, argv, envp)
 	setclass('b', "audio");
 	setclass('b', "video");
 	setclass('b', "application/octet-stream");
-#endif
+#endif /* USE_B_CLASS */
 
-#if _FFR_MAX_MIME_HEADER_LENGTH
 	/* MIME headers which have fields to check for overflow */
 	setclass(macid("{checkMIMEFieldHeaders}", NULL), "content-disposition");
 	setclass(macid("{checkMIMEFieldHeaders}", NULL), "content-type");
@@ -1237,7 +1387,14 @@ main(argc, argv, envp)
 	setclass(macid("{checkMIMEHeaders}", NULL), "content-transfer-encoding");
 	setclass(macid("{checkMIMEHeaders}", NULL), "content-type");
 	setclass(macid("{checkMIMEHeaders}", NULL), "mime-version");
-#endif
+
+	/* Macros to save in the qf file -- don't remove any */
+	setclass(macid("{persistentMacros}", NULL), "r");
+	setclass(macid("{persistentMacros}", NULL), "s");
+	setclass(macid("{persistentMacros}", NULL), "_");
+	setclass(macid("{persistentMacros}", NULL), "{if_addr}");
+	setclass(macid("{persistentMacros}", NULL), "{daemon_flags}");
+	setclass(macid("{persistentMacros}", NULL), "{client_flags}");
 
 	/* operate in queue directory */
 	if (QueueDir == NULL)
@@ -1250,13 +1407,14 @@ main(argc, argv, envp)
 	}
 	else
 	{
-		/* test path to get warning messages */
-		(void) safedirpath(QueueDir, (uid_t) 0, (gid_t) 0, NULL, SFF_ANYFILE);
-		if (OpMode != MD_TEST && chdir(QueueDir) < 0)
-		{
-			syserr("cannot chdir(%s)", QueueDir);
-			ExitStat = EX_CONFIG;
-		}
+		/*
+		**  If multiple queues wildcarded, use one for
+		**  the daemon's home. Note that this preconditions
+		**  a wildcarded QueueDir to a real pathname.
+		*/
+
+		if (OpMode != MD_TEST)
+			multiqueue_cache();
 	}
 
 	/* check host status directory for validity */
@@ -1264,13 +1422,14 @@ main(argc, argv, envp)
 	{
 		/* cannot use this value */
 		if (tTd(0, 2))
-			printf("Cannot use HostStatusDirectory = %s: %s\n",
+			dprintf("Cannot use HostStatusDirectory = %s: %s\n",
 				HostStatDir, errstring(errno));
 		HostStatDir = NULL;
 	}
 
-# if QUEUE
-	if (queuemode && RealUid != 0 && bitset(PRIV_RESTRICTQRUN, PrivacyFlags))
+#if QUEUE
+	if (OpMode == MD_QUEUERUN && RealUid != 0 &&
+	    bitset(PRIV_RESTRICTQRUN, PrivacyFlags))
 	{
 		struct stat stbuf;
 
@@ -1284,7 +1443,13 @@ main(argc, argv, envp)
 			finis(FALSE, EX_NOPERM);
 		}
 	}
-# endif /* QUEUE */
+#endif /* QUEUE */
+
+#if _FFR_MILTER
+	/* sanity checks on milter filters */
+	if (OpMode == MD_DAEMON || OpMode == MD_SMTP)
+		milter_parse_list(InputFilterList, InputFilters, MAXFILTERS);
+#endif /* _FFR_MILTER */
 
 	/* if we've had errors so far, exit now */
 	if (ExitStat != EX_OK && OpMode != MD_TEST)
@@ -1292,7 +1457,7 @@ main(argc, argv, envp)
 
 #if XDEBUG
 	checkfd012("before main() initmaps");
-#endif
+#endif /* XDEBUG */
 
 	/*
 	**  Do operation-mode-dependent initialization.
@@ -1304,29 +1469,29 @@ main(argc, argv, envp)
 		/* print the queue */
 #if QUEUE
 		dropenvelope(CurEnv, TRUE);
-		signal(SIGPIPE, quiesce);
+		(void) setsignal(SIGPIPE, quiesce);
 		printqueue();
 		finis(FALSE, EX_OK);
 #else /* QUEUE */
 		usrerr("No queue to print");
-		finis(FALSE, ExitStat);
+		finis(FALSE, EX_UNAVAILABLE);
 #endif /* QUEUE */
 		break;
 
 	  case MD_HOSTSTAT:
-		signal(SIGPIPE, quiesce);
-		mci_traverse_persistent(mci_print_persistent, NULL);
+		(void) setsignal(SIGPIPE, quiesce);
+		(void) mci_traverse_persistent(mci_print_persistent, NULL);
 		finis(FALSE, EX_OK);
-	    	break;
+		break;
 
 	  case MD_PURGESTAT:
-		mci_traverse_persistent(mci_purge_persistent, NULL);
+		(void) mci_traverse_persistent(mci_purge_persistent, NULL);
 		finis(FALSE, EX_OK);
-	    	break;
+		break;
 
 	  case MD_INITALIAS:
 		/* initialize maps */
-		initmaps(TRUE, CurEnv);
+		initmaps();
 		finis(FALSE, ExitStat);
 		break;
 
@@ -1334,22 +1499,18 @@ main(argc, argv, envp)
 	  case MD_DAEMON:
 		/* reset DSN parameters */
 		DefaultNotify = QPINGONFAILURE|QPINGONDELAY;
+		define(macid("{dsn_notify}", NULL), NULL, CurEnv);
 		CurEnv->e_envid = NULL;
+		define(macid("{dsn_envid}", NULL), NULL, CurEnv);
 		CurEnv->e_flags &= ~(EF_RET_PARAM|EF_NO_BODY_RETN);
+		define(macid("{dsn_ret}", NULL), NULL, CurEnv);
 
 		/* don't open maps for daemon -- done below in child */
 		break;
-
-	  default:
-		/* open the maps */
-		initmaps(FALSE, CurEnv);
-		break;
 	}
 
 	if (tTd(0, 15))
 	{
-		extern void printrules __P((void));
-
 		/* print configuration table (or at least part of it) */
 		if (tTd(0, 90))
 			printrules();
@@ -1374,7 +1535,6 @@ main(argc, argv, envp)
 	if (OpMode == MD_TEST)
 	{
 		char buf[MAXLINE];
-		SIGFUNC_DECL intindebug __P((int));
 
 		if (isatty(fileno(stdin)))
 			Verbose = 2;
@@ -1389,13 +1549,11 @@ main(argc, argv, envp)
 		(void) setsignal(SIGINT, intindebug);
 		for (;;)
 		{
-			extern void testmodeline __P((char *, ENVELOPE *));
-
 			if (Verbose == 2)
 				printf("> ");
 			(void) fflush(stdout);
 			if (fgets(buf, sizeof buf, stdin) == NULL)
-				finis(TRUE, ExitStat);
+				testmodeline("/quit", CurEnv);
 			p = strchr(buf, '\n');
 			if (p != NULL)
 				*p = '\0';
@@ -1405,17 +1563,44 @@ main(argc, argv, envp)
 		}
 	}
 
-# if QUEUE
+#if SMTP
+# if STARTTLS
+	/*
+	**  basic TLS initialization
+	**  ignore result for now
+	*/
+	SSL_library_init();
+	SSL_load_error_strings();
+#  if 0
+	/* this is currently a macro for SSL_library_init */
+	SSLeay_add_ssl_algorithms();
+#  endif /* 0 */
+
+	/* initialize PRNG */
+	tls_rand_init(RandFile, 7);
+
+# endif /* STARTTLS */
+#endif /* SMTP */
+
+#if QUEUE
 	/*
 	**  If collecting stuff from the queue, go start doing that.
 	*/
 
-	if (queuemode && OpMode != MD_DAEMON && QueueIntvl == 0)
+	if (OpMode == MD_QUEUERUN && QueueIntvl == 0)
 	{
+# if SMTP
+#  if STARTTLS
+		{
+			/* init TLS for client, ignore result for now */
+			(void) initclttls();
+		}
+#  endif /* STARTTLS */
+# endif /* SMTP */
 		(void) runqueue(FALSE, Verbose);
 		finis(TRUE, ExitStat);
 	}
-# endif /* QUEUE */
+#endif /* QUEUE */
 
 	/*
 	**  If a daemon, wait for a request.
@@ -1429,7 +1614,6 @@ main(argc, argv, envp)
 	if (OpMode == MD_DAEMON || QueueIntvl != 0)
 	{
 		char dtype[200];
-		extern void getrequests __P((ENVELOPE *));
 
 		if (!run_in_foreground && !tTd(99, 100))
 		{
@@ -1446,40 +1630,55 @@ main(argc, argv, envp)
 
 		dtype[0] = '\0';
 		if (OpMode == MD_DAEMON)
-			strcat(dtype, "+SMTP");
+			(void) strlcat(dtype, "+SMTP", sizeof dtype);
 		if (QueueIntvl != 0)
 		{
-			strcat(dtype, "+queueing@");
-			strcat(dtype, pintvl(QueueIntvl, TRUE));
+			(void) strlcat(dtype, "+queueing@", sizeof dtype);
+			(void) strlcat(dtype, pintvl(QueueIntvl, TRUE),
+				       sizeof dtype);
 		}
 		if (tTd(0, 1))
-			strcat(dtype, "+debugging");
+			(void) strlcat(dtype, "+debugging", sizeof dtype);
 
 		sm_syslog(LOG_INFO, NOQID,
-			"starting daemon (%s): %s", Version, dtype + 1);
+			  "starting daemon (%s): %s", Version, dtype + 1);
 #ifdef XLA
 		xla_create_file();
-#endif
+#endif /* XLA */
+
+		/* save daemon type in a macro for possible PidFile use */
+		define(macid("{daemon_info}", NULL),
+		       newstr(dtype + 1), &BlankEnvelope);
 
-# if QUEUE
-		if (queuemode)
+		/* save queue interval in a macro for possible PidFile use */
+		define(macid("{queue_interval}", NULL),
+		       newstr(pintvl(QueueIntvl, TRUE)), CurEnv);
+
+#if QUEUE
+		if (QueueIntvl != 0)
 		{
 			(void) runqueue(TRUE, FALSE);
 			if (OpMode != MD_DAEMON)
 			{
+				/* write the pid to file */
+				log_sendmail_pid(CurEnv);
 				for (;;)
 				{
-					pause();
+					(void) pause();
 					if (DoQueueRun)
 						(void) runqueue(TRUE, FALSE);
 				}
 			}
 		}
-# endif /* QUEUE */
+#endif /* QUEUE */
 		dropenvelope(CurEnv, TRUE);
 
 #if DAEMON
-		getrequests(CurEnv);
+# if STARTTLS
+		/* init TLS for server, ignore result for now */
+		(void) initsrvtls();
+# endif /* STARTTLS */
+		p_flags = getrequests(CurEnv);
 
 		/* drop privileges */
 		(void) drop_privileges(FALSE);
@@ -1491,12 +1690,18 @@ main(argc, argv, envp)
 		**  Get authentication data
 		*/
 
-		p = getauthinfo(fileno(InChannel), &forged);
-		define('_', p, &BlankEnvelope);
+		authinfo = getauthinfo(fileno(InChannel), &forged);
+		define('_', authinfo, &BlankEnvelope);
 #endif /* DAEMON */
 	}
 
-# if SMTP
+	if (LogLevel > 9)
+	{
+		/* log connection information */
+		sm_syslog(LOG_INFO, NULL, "connect from %.100s", authinfo);
+	}
+
+#if SMTP
 	/*
 	**  If running SMTP protocol, start collecting and executing
 	**  commands.  This will never return.
@@ -1505,7 +1710,6 @@ main(argc, argv, envp)
 	if (OpMode == MD_SMTP || OpMode == MD_DAEMON)
 	{
 		char pbuf[20];
-		extern void smtp __P((char *, ENVELOPE *));
 
 		/*
 		**  Save some macros for check_* rulesets.
@@ -1515,24 +1719,46 @@ main(argc, argv, envp)
 		{
 			char ipbuf[103];
 
-			snprintf(ipbuf, sizeof ipbuf, "[%.100s]",
-				 inet_ntoa(RealHostAddr.sin.sin_addr));
-
+			(void) snprintf(ipbuf, sizeof ipbuf, "[%.100s]",
+					anynet_ntoa(&RealHostAddr));
 			define(macid("{client_name}", NULL),
 			       newstr(ipbuf), &BlankEnvelope);
+			define(macid("{client_resolve}", NULL),
+			       "FORGED", &BlankEnvelope);
 		}
 		else
-			define(macid("{client_name}", NULL), RealHostName, &BlankEnvelope);
+			define(macid("{client_name}", NULL), RealHostName,
+			       &BlankEnvelope);
 		define(macid("{client_addr}", NULL),
 		       newstr(anynet_ntoa(&RealHostAddr)), &BlankEnvelope);
-		if (RealHostAddr.sa.sa_family == AF_INET)
-			snprintf(pbuf, sizeof pbuf, "%d", RealHostAddr.sin.sin_port);
-		else
-			snprintf(pbuf, sizeof pbuf, "0");
-		define(macid("{client_port}", NULL), newstr(pbuf), &BlankEnvelope);
+		(void)sm_getla(&BlankEnvelope);
+
+		switch(RealHostAddr.sa.sa_family)
+		{
+# if NETINET
+		  case AF_INET:
+			(void) snprintf(pbuf, sizeof pbuf, "%d",
+					RealHostAddr.sin.sin_port);
+			break;
+# endif /* NETINET */
+# if NETINET6
+		  case AF_INET6:
+			(void) snprintf(pbuf, sizeof pbuf, "%d",
+					RealHostAddr.sin6.sin6_port);
+			break;
+# endif /* NETINET6 */
+		  default:
+			(void) snprintf(pbuf, sizeof pbuf, "0");
+			break;
+		}
+		define(macid("{client_port}", NULL),
+		       newstr(pbuf), &BlankEnvelope);
 
-		/* initialize maps now for check_relay ruleset */
-		initmaps(FALSE, CurEnv);
+#if SASL
+		/* give a syserr or just disable AUTH ? */
+		if (sasl_server_init(srvcallbacks, "Sendmail") != SASL_OK)
+			syserr("!sasl_server_init failed!");
+#endif /* SASL */
 
 		if (OpMode == MD_DAEMON)
 		{
@@ -1542,14 +1768,23 @@ main(argc, argv, envp)
 							 RealHostName, CurEnv);
 			HoldErrs = FALSE;
 		}
-		smtp(nullserver, CurEnv);
+		else if (p_flags == NULL)
+		{
+			p_flags = (BITMAP256 *) xalloc(sizeof *p_flags);
+			clrbitmap(p_flags);
+		}
+# if STARTTLS
+		if (OpMode == MD_SMTP)
+			(void) initsrvtls();
+# endif /* STARTTLS */
+		smtp(nullserver, *p_flags, CurEnv);
 	}
-# endif /* SMTP */
+#endif /* SMTP */
 
 	clearenvelope(CurEnv, FALSE);
 	if (OpMode == MD_VERIFY)
 	{
-		CurEnv->e_sendmode = SM_VERIFY;
+		set_delivery_mode(SM_VERIFY, CurEnv);
 		PostMasterCopy = NULL;
 	}
 	else
@@ -1563,22 +1798,55 @@ main(argc, argv, envp)
 	*/
 
 	initsys(CurEnv);
-	if (warn_f_flag != '\0' && !wordinclass(RealUserName, 't'))
+	define(macid("{ntries}", NULL), "0", CurEnv);
+	setsender(from, CurEnv, NULL, '\0', FALSE);
+	if (warn_f_flag != '\0' && !wordinclass(RealUserName, 't') &&
+	    (!bitnset(M_LOCALMAILER, CurEnv->e_from.q_mailer->m_flags) ||
+	     strcmp(CurEnv->e_from.q_user, RealUserName) != 0))
+	{
 		auth_warning(CurEnv, "%s set sender to %s using -%c",
 			RealUserName, from, warn_f_flag);
-	setsender(from, CurEnv, NULL, '\0', FALSE);
+#if SASL
+		auth = FALSE;
+#endif /* SASL */
+	}
+	if (auth)
+	{
+		char *fv;
+
+		/* set the initial sender for AUTH= to $f@$j */
+		fv = macvalue('f', CurEnv);
+		if (fv == NULL || *fv == '\0')
+			CurEnv->e_auth_param = NULL;
+		else
+		{
+			if (strchr(fv, '@') == NULL)
+			{
+				i = strlen(fv) + strlen(macvalue('j', CurEnv))
+				    + 2;
+				p = xalloc(i);
+				(void) snprintf(p, i, "%s@%s", fv,
+						macvalue('j', CurEnv));
+			}
+			else
+				p = newstr(fv);
+			CurEnv->e_auth_param = newstr(xtextify(p, NULL));
+		}
+	}
 	if (macvalue('s', CurEnv) == NULL)
 		define('s', RealHostName, CurEnv);
 
 	if (*av == NULL && !GrabTo)
 	{
+		CurEnv->e_to = NULL;
 		CurEnv->e_flags |= EF_GLOBALERRS;
+		HoldErrs = FALSE;
 		usrerr("Recipient names must be specified");
 
 		/* collect body for UUCP return */
 		if (OpMode != MD_VERIFY)
 			collect(InChannel, FALSE, NULL, CurEnv);
-		finis(TRUE, ExitStat);
+		finis(TRUE, EX_USAGE);
 	}
 
 	/*
@@ -1600,11 +1868,11 @@ main(argc, argv, envp)
 	if (GrabTo)
 	{
 		ADDRESS *q;
-		
+
 		for (q = CurEnv->e_sendqueue; q != NULL; q = q->q_next)
-			q->q_flags |= QDONTSEND;
+			q->q_state = QS_REMOVED;
 	}
-#endif
+#endif /* _FFR_FIX_DASHT */
 
 	/*
 	**  Read the input mail.
@@ -1613,40 +1881,77 @@ main(argc, argv, envp)
 	CurEnv->e_to = NULL;
 	if (OpMode != MD_VERIFY || GrabTo)
 	{
+		int savederrors = Errors;
 		long savedflags = CurEnv->e_flags & EF_FATALERRS;
 
 		CurEnv->e_flags |= EF_GLOBALERRS;
 		CurEnv->e_flags &= ~EF_FATALERRS;
+		Errors = 0;
+		buffer_errors();
 		collect(InChannel, FALSE, NULL, CurEnv);
 
+		/* header checks failed */
+		if (Errors > 0)
+		{
+			/* Log who the mail would have gone to */
+			if (LogLevel > 8 && CurEnv->e_message != NULL &&
+			    !GrabTo)
+			{
+				ADDRESS *a;
+
+				for (a = CurEnv->e_sendqueue;
+				     a != NULL;
+				     a = a->q_next)
+				{
+					if (!QS_IS_UNDELIVERED(a->q_state))
+						continue;
+
+					CurEnv->e_to = a->q_paddr;
+					logdelivery(NULL, NULL, NULL,
+						    CurEnv->e_message,
+						    NULL, (time_t) 0, CurEnv);
+				}
+				CurEnv->e_to = NULL;
+			}
+			flush_errors(TRUE);
+			finis(TRUE, ExitStat);
+			/* NOTREACHED */
+			return -1;
+		}
+
 		/* bail out if message too large */
 		if (bitset(EF_CLRQUEUE, CurEnv->e_flags))
 		{
-			finis(TRUE, ExitStat);
-			/*NOTREACHED*/
+			finis(TRUE, ExitStat != EX_OK ? ExitStat : EX_DATAERR);
+			/* NOTREACHED */
 			return -1;
 		}
+		Errors = savederrors;
 		CurEnv->e_flags |= savedflags;
 	}
 	errno = 0;
 
 	if (tTd(1, 1))
-		printf("From person = \"%s\"\n", CurEnv->e_from.q_paddr);
+		dprintf("From person = \"%s\"\n", CurEnv->e_from.q_paddr);
 
 	/*
 	**  Actually send everything.
 	**	If verifying, just ack.
 	*/
 
-	CurEnv->e_from.q_flags |= QDONTSEND;
+	CurEnv->e_from.q_state = QS_SENDER;
 	if (tTd(1, 5))
 	{
-		printf("main: QDONTSEND ");
+		dprintf("main: QS_SENDER ");
 		printaddr(&CurEnv->e_from, FALSE);
 	}
 	CurEnv->e_to = NULL;
-	CurrentLA = getla();
+	CurrentLA = sm_getla(CurEnv);
 	GrabTo = FALSE;
+#if NAMED_BIND
+	_res.retry = TimeOuts.res_retry[RES_TO_FIRST];
+	_res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
+#endif /* NAMED_BIND */
 	sendall(CurEnv, SM_DEFAULT);
 
 	/*
@@ -1655,8 +1960,8 @@ main(argc, argv, envp)
 	*/
 
 	finis(TRUE, ExitStat);
-	/*NOTREACHED*/
-	return -1;
+	/* NOTREACHED */
+	return ExitStat;
 }
 
 /* ARGSUSED */
@@ -1664,6 +1969,7 @@ SIGFUNC_DECL
 quiesce(sig)
 	int sig;
 {
+	clear_events();
 	finis(FALSE, EX_OK);
 }
 
@@ -1675,8 +1981,6 @@ intindebug(sig)
 	longjmp(TopFrame, 1);
 	return SIGFUNC_RETURN;
 }
-
-
 /*
 **  FINIS -- Clean up and exit.
 **
@@ -1696,16 +2000,10 @@ finis(drop, exitstat)
 	bool drop;
 	volatile int exitstat;
 {
-	extern void closemaps __P((void));
-#ifdef USERDB
-	extern void _udbx_close __P((void));
-#endif
 
 	if (tTd(2, 1))
 	{
-		extern void printenvflags __P((ENVELOPE *));
-
-		printf("\n====finis: stat %d e_id=%s e_flags=",
+		dprintf("\n====finis: stat %d e_id=%s e_flags=",
 			exitstat,
 			CurEnv->e_id == NULL ? "NOQUEUE" : CurEnv->e_id);
 		printenvflags(CurEnv);
@@ -1722,8 +2020,13 @@ finis(drop, exitstat)
 
 	/* clean up temp files */
 	CurEnv->e_to = NULL;
-	if (drop && CurEnv->e_id != NULL)
-		dropenvelope(CurEnv, TRUE);
+	if (drop)
+	{
+		if (CurEnv->e_id != NULL)
+			dropenvelope(CurEnv, TRUE);
+		else
+			poststats(StatFile);
+	}
 
 	/* flush any cached connections */
 	mci_flush(TRUE, NULL);
@@ -1731,35 +2034,36 @@ finis(drop, exitstat)
 	/* close maps belonging to this pid */
 	closemaps();
 
-#ifdef USERDB
+#if USERDB
 	/* close UserDatabase */
 	_udbx_close();
-#endif
+#endif /* USERDB */
 
-# ifdef XLA
+#ifdef XLA
 	/* clean up extended load average stuff */
 	xla_all_end();
-# endif
+#endif /* XLA */
 
 	/* and exit */
   forceexit:
 	if (LogLevel > 78)
 		sm_syslog(LOG_DEBUG, CurEnv->e_id,
-			"finis, pid=%d",
-			getpid());
+			  "finis, pid=%d",
+			  getpid());
 	if (exitstat == EX_TEMPFAIL || CurEnv->e_errormode == EM_BERKNET)
 		exitstat = EX_OK;
 
+	sync_queue_time();
+
 	/* reset uid for process accounting */
 	endpwent();
-	setuid(RealUid);
-
+	(void) setuid(RealUid);
 	exit(exitstat);
 }
 /*
 **  INTSIG -- clean up on interrupt
 **
-**	This just arranges to exit.  It pessimises in that it
+**	This just arranges to exit.  It pessimizes in that it
 **	may resend a message.
 **
 **	Parameters:
@@ -1777,15 +2081,48 @@ SIGFUNC_DECL
 intsig(sig)
 	int sig;
 {
-	if (LogLevel > 79)
+	bool drop = FALSE;
+
+	clear_events();
+	if (sig != 0 && LogLevel > 79)
 		sm_syslog(LOG_DEBUG, CurEnv->e_id, "interrupt");
 	FileName = NULL;
-	unlockqueue(CurEnv);
 	closecontrolsocket(TRUE);
 #ifdef XLA
 	xla_all_end();
-#endif
-	finis(FALSE, EX_OK);
+#endif /* XLA */
+
+	/* Clean-up on aborted stdin message submission */
+	if (CurEnv->e_id != NULL &&
+	    (OpMode == MD_SMTP ||
+	     OpMode == MD_DELIVER ||
+	     OpMode == MD_ARPAFTP))
+	{
+		register ADDRESS *q;
+
+		/* don't return an error indication */
+		CurEnv->e_to = NULL;
+		CurEnv->e_flags &= ~EF_FATALERRS;
+		CurEnv->e_flags |= EF_CLRQUEUE;
+
+		/*
+		**  Spin through the addresses and
+		**  mark them dead to prevent bounces
+		*/
+
+		for (q = CurEnv->e_sendqueue; q != NULL; q = q->q_next)
+			q->q_state = QS_DONTSEND;
+
+		/* and don't try to deliver the partial message either */
+		if (InChild)
+			ExitStat = EX_QUIT;
+
+		drop = TRUE;
+	}
+	else
+		unlockqueue(CurEnv);
+
+	finis(drop, EX_OK);
 }
 /*
 **  INITMACROS -- initialize the macro system
@@ -1867,7 +2204,7 @@ initmacros(e)
 **		droplev -- how "deeply" we should drop the line.
 **			0 -- ignore signals, mail back errors, make sure
 **			     output goes to stdout.
-**			1 -- also, make stdout go to transcript.
+**			1 -- also, make stdout go to /dev/null.
 **			2 -- also, disconnect from controlling terminal
 **			     (only for daemon mode).
 **		e -- the current envelope.
@@ -1888,17 +2225,17 @@ disconnect(droplev, e)
 	int fd;
 
 	if (tTd(52, 1))
-		printf("disconnect: In %d Out %d, e=%lx\n",
+		dprintf("disconnect: In %d Out %d, e=%lx\n",
 			fileno(InChannel), fileno(OutChannel), (u_long) e);
 	if (tTd(52, 100))
 	{
-		printf("don't\n");
+		dprintf("don't\n");
 		return;
 	}
 	if (LogLevel > 93)
 		sm_syslog(LOG_DEBUG, e->e_id,
-			"disconnect level %d",
-			droplev);
+			  "disconnect level %d",
+			  droplev);
 
 	/* be sure we don't get nasty signals */
 	(void) setsignal(SIGINT, SIG_IGN);
@@ -1929,27 +2266,15 @@ disconnect(droplev, e)
 	}
 	if (droplev > 0)
 	{
-		if (e->e_xfp == NULL)
-		{
-			fd = open("/dev/null", O_WRONLY, 0666);
-			if (fd == -1)
-				sm_syslog(LOG_ERR, e->e_id,
-					  "disconnect: open(\"/dev/null\") failed: %s",
-					  errstring(errno));
-		}
-		else
-		{
-			fd = fileno(e->e_xfp);
-			if (fd == -1)
-				sm_syslog(LOG_ERR, e->e_id,
-					  "disconnect: fileno(e->e_xfp) failed: %s",
-					  errstring(errno));
-		}
+		fd = open("/dev/null", O_WRONLY, 0666);
+		if (fd == -1)
+			sm_syslog(LOG_ERR, e->e_id,
+				  "disconnect: open(\"/dev/null\") failed: %s",
+				  errstring(errno));
 		(void) fflush(stdout);
-		dup2(fd, STDOUT_FILENO);
-		dup2(fd, STDERR_FILENO);
-		if (e->e_xfp == NULL)
-			close(fd);
+		(void) dup2(fd, STDOUT_FILENO);
+		(void) dup2(fd, STDERR_FILENO);
+		(void) close(fd);
 	}
 
 	/* drop our controlling TTY completely if possible */
@@ -1961,12 +2286,12 @@ disconnect(droplev, e)
 
 #if XDEBUG
 	checkfd012("disconnect");
-#endif
+#endif /* XDEBUG */
 
 	if (LogLevel > 71)
 		sm_syslog(LOG_DEBUG, e->e_id,
-			"in background, pid=%d",
-			getpid());
+			  "in background, pid=%d",
+			  getpid());
 
 	errno = 0;
 }
@@ -1990,7 +2315,7 @@ obsolete(argv)
 		    ap[1] != 'd' &&
 #if defined(sony_news)
 		    ap[1] != 'E' && ap[1] != 'J' &&
-#endif
+#endif /* defined(sony_news) */
 		    argv[1] != NULL && argv[1][0] != '-')
 		{
 			argv++;
@@ -2002,9 +2327,8 @@ obsolete(argv)
 		if (ap[1] == 'C' && ap[2] == '\0')
 		{
 			*argv = xalloc(sizeof(__DEFPATH) + 2);
-			argv[0][0] = '-';
-			argv[0][1] = 'C';
-			(void)strcpy(&argv[0][2], __DEFPATH);
+			(void) snprintf(argv[0], sizeof(__DEFPATH) + 2, "-C%s",
+					__DEFPATH);
 		}
 
 		/* If -q doesn't have an argument, run it once. */
@@ -2015,7 +2339,7 @@ obsolete(argv)
 		if (ap[1] == 'd' && ap[2] == '\0')
 			*argv = "-d0-99.1";
 
-# if defined(sony_news)
+#if defined(sony_news)
 		/* if -E doesn't have an argument, use -EC */
 		if (ap[1] == 'E' && ap[2] == '\0')
 			*argv = "-EC";
@@ -2023,7 +2347,7 @@ obsolete(argv)
 		/* if -J doesn't have an argument, use -JJ */
 		if (ap[1] == 'J' && ap[2] == '\0')
 			*argv = "-JJ";
-# endif
+#endif /* defined(sony_news) */
 	}
 }
 /*
@@ -2041,12 +2365,12 @@ obsolete(argv)
 void
 #ifdef __STDC__
 auth_warning(register ENVELOPE *e, const char *msg, ...)
-#else
+#else /* __STDC__ */
 auth_warning(e, msg, va_alist)
 	register ENVELOPE *e;
 	const char *msg;
 	va_dcl
-#endif
+#endif /* __STDC__ */
 {
 	char buf[MAXLINE];
 	VA_LOCAL_DECL
@@ -2055,7 +2379,6 @@ auth_warning(e, msg, va_alist)
 	{
 		register char *p;
 		static char hostbuf[48];
-		extern struct hostent *myhostname __P((char *, int));
 
 		if (hostbuf[0] == '\0')
 			(void) myhostname(hostbuf, sizeof hostbuf);
@@ -2065,11 +2388,11 @@ auth_warning(e, msg, va_alist)
 		VA_START(msg);
 		vsnprintf(p, SPACELEFT(buf, p), msg, ap);
 		VA_END;
-		addheader("X-Authentication-Warning", buf, &e->e_header);
+		addheader("X-Authentication-Warning", buf, 0, &e->e_header);
 		if (LogLevel > 3)
 			sm_syslog(LOG_INFO, e->e_id,
-				"Authentication-Warning: %.400s",
-				buf);
+				  "Authentication-Warning: %.400s",
+				  buf);
 	}
 }
 /*
@@ -2116,7 +2439,7 @@ setuserenv(envar, value)
 	const char *envar;
 	const char *value;
 {
-	int i;
+	int i, l;
 	char **evp = UserEnviron;
 	char *p;
 
@@ -2127,11 +2450,10 @@ setuserenv(envar, value)
 			return;
 	}
 
-	i = strlen(envar);
-	p = (char *) xalloc(strlen(value) + i + 2);
-	strcpy(p, envar);
-	p[i++] = '=';
-	strcpy(&p[i], value);
+	i = strlen(envar) + 1;
+	l = strlen(value) + i + 1;
+	p = (char *) xalloc(l);
+	(void) snprintf(p, l, "%s=%s", envar, value);
 
 	while (*evp != NULL && strncmp(*evp, p, i) != 0)
 		evp++;
@@ -2161,18 +2483,21 @@ dumpstate(when)
 {
 	register char *j = macvalue('j', CurEnv);
 	int rs;
+	extern int NextMacroId;
 
 	sm_syslog(LOG_DEBUG, CurEnv->e_id,
-		"--- dumping state on %s: $j = %s ---",
-		when,
-		j == NULL ? "<NULL>" : j);
+		  "--- dumping state on %s: $j = %s ---",
+		  when,
+		  j == NULL ? "<NULL>" : j);
 	if (j != NULL)
 	{
 		if (!wordinclass(j, 'w'))
 			sm_syslog(LOG_DEBUG, CurEnv->e_id,
-				"*** $j not in $=w ***");
+				  "*** $j not in $=w ***");
 	}
 	sm_syslog(LOG_DEBUG, CurEnv->e_id, "CurChildren = %d", CurChildren);
+	sm_syslog(LOG_DEBUG, CurEnv->e_id, "NextMacroId = %d (Max %d)\n",
+		  NextMacroId, MAXMACROID);
 	sm_syslog(LOG_DEBUG, CurEnv->e_id, "--- open file descriptors: ---");
 	printopenfds(TRUE);
 	sm_syslog(LOG_DEBUG, CurEnv->e_id, "--- connection cache: ---");
@@ -2180,15 +2505,15 @@ dumpstate(when)
 	rs = strtorwset("debug_dumpstate", NULL, ST_FIND);
 	if (rs > 0)
 	{
-		int stat;
+		int status;
 		register char **pvp;
 		char *pv[MAXATOM + 1];
 
 		pv[0] = NULL;
-		stat = rewrite(pv, rs, 0, CurEnv);
+		status = rewrite(pv, rs, 0, CurEnv);
 		sm_syslog(LOG_DEBUG, CurEnv->e_id,
-		       "--- ruleset debug_dumpstate returns stat %d, pv: ---",
-		       stat);
+			  "--- ruleset debug_dumpstate returns stat %d, pv: ---",
+			  status);
 		for (pvp = pv; *pvp != NULL; pvp++)
 			sm_syslog(LOG_DEBUG, CurEnv->e_id, "%s", *pvp);
 	}
@@ -2211,27 +2536,50 @@ SIGFUNC_DECL
 sighup(sig)
 	int sig;
 {
+	int i;
+	extern int DtableSize;
+
+	clear_events();
+	(void) alarm(0);
 	if (SaveArgv[0][0] != '/')
 	{
 		if (LogLevel > 3)
-			sm_syslog(LOG_INFO, NOQID, "could not restart: need full path");
+			sm_syslog(LOG_INFO, NOQID,
+				  "could not restart: need full path");
 		finis(FALSE, EX_OSFILE);
 	}
 	if (LogLevel > 3)
-		sm_syslog(LOG_INFO, NOQID, "restarting %s on signal", SaveArgv[0]);
-	alarm(0);
-	releasesignal(SIGHUP);
+		sm_syslog(LOG_INFO, NOQID, "restarting %s %s",
+			  sig == 0 ? "due to control command" : "on signal",
+			  SaveArgv[0]);
+
+	/* Control socket restart? */
+	if (sig != 0)
+		(void) releasesignal(SIGHUP);
+
 	closecontrolsocket(TRUE);
 	if (drop_privileges(TRUE) != EX_OK)
 	{
 		if (LogLevel > 0)
-			sm_syslog(LOG_ALERT, NOQID, "could not set[ug]id(%d, %d): %m",
-				RunAsUid, RunAsGid);
+			sm_syslog(LOG_ALERT, NOQID,
+				  "could not set[ug]id(%d, %d): %m",
+				  RunAsUid, RunAsGid);
 		finis(FALSE, EX_OSERR);
 	}
-	execve(SaveArgv[0], (ARGV_T) SaveArgv, (ARGV_T) ExternalEnviron);
+
+	/* arrange for all the files to be closed */
+	for (i = 3; i < DtableSize; i++)
+	{
+		register int j;
+
+		if ((j = fcntl(i, F_GETFD, 0)) != -1)
+			(void) fcntl(i, F_SETFD, j | FD_CLOEXEC);
+	}
+
+	(void) execve(SaveArgv[0], (ARGV_T) SaveArgv, (ARGV_T) ExternalEnviron);
 	if (LogLevel > 0)
-		sm_syslog(LOG_ALERT, NOQID, "could not exec %s: %m", SaveArgv[0]);
+		sm_syslog(LOG_ALERT, NOQID, "could not exec %s: %m",
+			  SaveArgv[0]);
 	finis(FALSE, EX_OSFILE);
 }
 /*
@@ -2254,8 +2602,9 @@ drop_privileges(to_real_uid)
 	GIDSET_T emptygidset[1];
 
 	if (tTd(47, 1))
-		printf("drop_privileges(%d): Real[UG]id=%d:%d, RunAs[UG]id=%d:%d\n",
-			(int)to_real_uid, (int)RealUid, (int)RealGid, (int)RunAsUid, (int)RunAsGid);
+		dprintf("drop_privileges(%d): Real[UG]id=%d:%d, RunAs[UG]id=%d:%d\n",
+			(int)to_real_uid, (int)RealUid,
+			(int)RealGid, (int)RunAsUid, (int)RunAsGid);
 
 	if (to_real_uid)
 	{
@@ -2270,18 +2619,61 @@ drop_privileges(to_real_uid)
 	/* reset group permissions; these can be set later */
 	emptygidset[0] = (to_real_uid || RunAsGid != 0) ? RunAsGid : getegid();
 	if (setgroups(1, emptygidset) == -1 && geteuid() == 0)
+	{
+		syserr("drop_privileges: setgroups(1, %d) failed",
+		       (int)emptygidset[0]);
 		rval = EX_OSERR;
+	}
 
 	/* reset primary group and user id */
 	if ((to_real_uid || RunAsGid != 0) && setgid(RunAsGid) < 0)
+	{
+		syserr("drop_privileges: setgid(%d) failed", (int)RunAsGid);
 		rval = EX_OSERR;
-	if ((to_real_uid || RunAsUid != 0) && setuid(RunAsUid) < 0)
-		rval = EX_OSERR;
+	}
+	if (to_real_uid || RunAsUid != 0)
+	{
+		uid_t euid = geteuid();
+
+		if (setuid(RunAsUid) < 0)
+		{
+			syserr("drop_privileges: setuid(%d) failed",
+			       (int)RunAsUid);
+			rval = EX_OSERR;
+		}
+		else if (RunAsUid != 0 && setuid(0) == 0)
+		{
+			/*
+			**  Believe it or not, the Linux capability model
+			**  allows a non-root process to override setuid()
+			**  on a process running as root and prevent that
+			**  process from dropping privileges.
+			*/
+
+			syserr("drop_privileges: setuid(0) succeeded (when it should not)");
+			rval = EX_OSERR;
+		}
+		else if (RunAsUid != euid && setuid(euid) == 0)
+		{
+			/*
+			**  Some operating systems will keep the saved-uid
+			**  if a non-root effective-uid calls setuid(real-uid)
+			**  making it possible to set it back again later.
+			*/
+
+			syserr("drop_privileges: Unable to drop non-root set-user-id privileges");
+			rval = EX_OSERR;
+		}
+	}
 	if (tTd(47, 5))
 	{
-		printf("drop_privileges: e/ruid = %d/%d e/rgid = %d/%d\n",
-			(int)geteuid(), (int)getuid(), (int)getegid(), (int)getgid());
-		printf("drop_privileges: RunAsUser = %d:%d\n", (int)RunAsUid, (int)RunAsGid);
+		dprintf("drop_privileges: e/ruid = %d/%d e/rgid = %d/%d\n",
+			(int)geteuid(), (int)getuid(),
+			(int)getegid(), (int)getgid());
+		dprintf("drop_privileges: RunAsUser = %d:%d\n",
+			(int)RunAsUid, (int)RunAsGid);
+		if (tTd(47, 10))
+			dprintf("drop_privileges: rval = %d\n", rval);
 	}
 	return rval;
 }
@@ -2342,7 +2734,7 @@ fill_fd(fd, where)
 **		X  normal process through rule set X
 */
 
-void
+static void
 testmodeline(line, e)
 	char *line;
 	ENVELOPE *e;
@@ -2358,20 +2750,19 @@ testmodeline(line, e)
 	ADDRESS a;
 	static int tryflags = RF_COPYNONE;
 	char exbuf[MAXLINE];
-	extern bool invalidaddr __P((char *, char *));
-	extern char *crackaddr __P((char *));
-	extern void dump_class __P((STAB *, int));
-	extern void translate_dollars __P((char *));
-	extern void help __P((char *));
+	extern u_char TokTypeNoC[];
 
+#if _FFR_ADDR_TYPE
+	define(macid("{addr_type}", NULL), "e r", e);
+#endif /* _FFR_ADDR_TYPE */
 	switch (line[0])
 	{
 	  case '#':
-	  case 0:
+	  case '\0':
 		return;
 
 	  case '?':
-		help("-bt");
+		help("-bt", e);
 		return;
 
 	  case '.':		/* config-style settings */
@@ -2438,22 +2829,22 @@ testmodeline(line, e)
 				return;
 			do
 			{
-				putchar('R');
+				(void) putchar('R');
 				s = rw->r_lhs;
 				while (*s != NULL)
 				{
 					xputs(*s++);
-					putchar(' ');
+					(void) putchar(' ');
 				}
-				putchar('\t');
-				putchar('\t');
+				(void) putchar('\t');
+				(void) putchar('\t');
 				s = rw->r_rhs;
 				while (*s != NULL)
 				{
 					xputs(*s++);
-					putchar(' ');
+					(void) putchar(' ');
 				}
-				putchar('\n');
+				(void) putchar('\n');
 			} while ((rw = rw->r_next) != NULL);
 			break;
 
@@ -2530,6 +2921,11 @@ testmodeline(line, e)
 			printf("Usage: /[canon|map|mx|parse|try|tryflags]\n");
 			return;
 		}
+		if (strcasecmp(&line[1], "quit") == 0)
+		{
+			CurEnv->e_id = NULL;
+			finis(TRUE, ExitStat);
+		}
 		if (strcasecmp(&line[1], "mx") == 0)
 		{
 #if NAMED_BIND
@@ -2543,13 +2939,13 @@ testmodeline(line, e)
 				printf("Usage: /mx address\n");
 				return;
 			}
-			nmx = getmxrr(p, mxhosts, FALSE, &rcode);
+			nmx = getmxrr(p, mxhosts, NULL, FALSE, &rcode);
 			printf("getmxrr(%s) returns %d value(s):\n", p, nmx);
 			for (i = 0; i < nmx; i++)
 				printf("\t%s\n", mxhosts[i]);
-#else
+#else /* NAMED_BIND */
 			printf("No MX code compiled in\n");
-#endif
+#endif /* NAMED_BIND */
 		}
 		else if (strcasecmp(&line[1], "canon") == 0)
 		{
@@ -2560,13 +2956,12 @@ testmodeline(line, e)
 				printf("Usage: /canon address\n");
 				return;
 			}
-			else if (strlen(p) >= sizeof host)
+			else if (strlcpy(host, p, sizeof host) >= sizeof host)
 			{
 				printf("Name too long\n");
 				return;
 			}
-			strcpy(host, p);
-			(void) getcanonname(host, sizeof(host), HasWildcardMX);
+			(void) getcanonname(host, sizeof host, HasWildcardMX);
 			printf("getcanonname(%s) returns %s\n", p, host);
 		}
 		else if (strcasecmp(&line[1], "map") == 0)
@@ -2593,7 +2988,8 @@ testmodeline(line, e)
 				printf("Map named \"%s\" not found\n", p);
 				return;
 			}
-			if (!bitset(MF_OPEN, map->s_map.map_mflags))
+			if (!bitset(MF_OPEN, map->s_map.map_mflags) &&
+			    !openmap(&(map->s_map)))
 			{
 				printf("Map named \"%s\" not open\n", p);
 				return;
@@ -2611,7 +3007,7 @@ testmodeline(line, e)
 		else if (strcasecmp(&line[1], "try") == 0)
 		{
 			MAILER *m;
-			STAB *s;
+			STAB *st;
 			auto int rcode = EX_OK;
 
 			q = strpbrk(p, " \t");
@@ -2625,13 +3021,13 @@ testmodeline(line, e)
 				printf("Usage: /try mailer address\n");
 				return;
 			}
-			s = stab(p, ST_MAILER, ST_FIND);
-			if (s == NULL)
+			st = stab(p, ST_MAILER, ST_FIND);
+			if (st == NULL)
 			{
 				printf("Unknown mailer %s\n", p);
 				return;
 			}
-			m = s->s_mailer;
+			m = st->s_mailer;
 			printf("Trying %s %s address %s for mailer %s\n",
 				bitset(RF_HEADERADDR, tryflags) ? "header" : "envelope",
 				bitset(RF_SENDERADDR, tryflags) ? "sender" : "recipient",
@@ -2673,6 +3069,13 @@ testmodeline(line, e)
 					break;
 				}
 			}
+#if _FFR_ADDR_TYPE
+			exbuf[0] = bitset(RF_HEADERADDR, tryflags) ? 'h' : 'e';
+			exbuf[1] = ' ';
+			exbuf[2] = bitset(RF_SENDERADDR, tryflags) ? 's' : 'r';
+			exbuf[3] = '\0';
+			define(macid("{addr_type}", NULL), newstr(exbuf), e);
+#endif /* _FFR_ADDR_TYPE */
 		}
 		else if (strcasecmp(&line[1], "parse") == 0)
 		{
@@ -2723,13 +3126,13 @@ testmodeline(line, e)
 		char pvpbuf[PSBUFSIZE];
 
 		pvp = prescan(++p, ',', pvpbuf, sizeof pvpbuf,
-			      &delimptr, NULL);
+			      &delimptr, ConfigLevel >= 9 ? TokTypeNoC : NULL);
 		if (pvp == NULL)
 			continue;
 		p = q;
 		while (*p != '\0')
 		{
-			int stat;
+			int status;
 
 			rs = strtorwset(p, NULL, ST_FIND);
 			if (rs < 0)
@@ -2737,18 +3140,17 @@ testmodeline(line, e)
 				printf("Undefined ruleset %s\n", p);
 				break;
 			}
-			stat = rewrite(pvp, rs, 0, e);
-			if (stat != EX_OK)
+			status = rewrite(pvp, rs, 0, e);
+			if (status != EX_OK)
 				printf("== Ruleset %s (%d) status %d\n",
-					p, rs, stat);
+					p, rs, status);
 			while (*p != '\0' && *p++ != ',')
 				continue;
 		}
 	} while (*(p = delimptr) != '\0');
 }
 
-
-void
+static void
 dump_class(s, id)
 	register STAB *s;
 	int id;
diff --git a/contrib/sendmail/src/makesendmail b/contrib/sendmail/src/makesendmail
index ab8a49d..9ca3520 100755
--- a/contrib/sendmail/src/makesendmail
+++ b/contrib/sendmail/src/makesendmail
@@ -1,513 +1,13 @@
 #!/bin/sh
 
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
-# Copyright (c) 1993, 1996-1997 Eric P. Allman.  All rights reserved.
-# Copyright (c) 1993
-#	The Regents of the University of California.  All rights reserved.
+# Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
 # forth in the LICENSE file which can be found at the top level of
 # the sendmail distribution.
 #
 #
-#       @(#)Build	8.93 (Berkeley) 6/24/98
-#
-
-#
-#  A quick-and-dirty script to compile sendmail and related programs
-#  in the presence of multiple architectures.  To use, just use
-#  "sh Build".
-#
-
-trap "rm -f $obj/.settings$$; exit" 1 2 3 15
-
-cflag=""
-mflag=""
-sflag=""
-makeargs=""
-libdirs=""
-incdirs=""
-libsrch=""
-siteconfig=""
-EX_USAGE=64
-EX_NOINPUT=66
-EX_UNAVAILABLE=69
-
-while [ ! -z "$1" ]
-do
-	case $1
-	in
-	  -c)	# clean out existing $obj tree
-		cflag=1
-		shift
-		;;
-
-	  -m)	# show Makefile name only
-		mflag=1
-		shift
-		;;
-
-	  -E*)	# environment variables to pass into Build
-		arg=`echo $1 | sed 's/^-E//'`
-		if [ -z "$arg" ]
-		then
-		    shift   # move to argument
-		    arg=$1
-		fi
-		if [ -z "$arg" ]
-		then
-			echo "Empty -E flag" >&2
-			exit $EX_USAGE
-		else
-			case $arg
-			in
-			  *=*)	# check format
-				eval $arg
-				export `echo $arg | sed 's;=.*;;'`
-				;;
-			  *)	# bad format
-				echo "Bad format for -E argument ($arg)" >&2
-				exit $EX_USAGE
-				;;
-			esac
-			shift
-		fi
-		;;
-
-	  -L*)	# set up LIBDIRS
-		libdirs="$libdirs $1"
-		shift
-		;;
-
-	  -I*)	# set up INCDIRS
-		incdirs="$incdirs $1"
-		shift
-		;;
-
-	  -f*)	# select site config file
-		arg=`echo $1 | sed 's/^-f//'`
-		if [ -z "$arg" ]
-		then
-		    shift   # move to argument
-		    arg=$1
-		fi
-		if [ "$siteconfig" ]
-		then
-			echo "Only one -f flag allowed" >&2
-			exit $EX_USAGE
-		else
-			siteconfig=$arg
-			if [ -z "$siteconfig" ]
-			then
-				echo "Missing argument for -f flag" >&2
-				exit $EX_USAGE
-			elif [ ! -f "$siteconfig" ]
-			then
-				echo "${siteconfig}: File not found"
-				exit $EX_NOINPUT
-			else
-				shift	# move past argument
-			fi
-		fi
-		;;
-
-	  -S)	# skip auto-configure
-		sflag="-s"
-		shift
-		;;
-
-	  *)	# pass argument to make
-		makeargs="$makeargs \"$1\""
-		shift
-		;;
-	esac
-done
-
-#
-#  Do heuristic guesses !ONLY! for machines that do not have uname
-#
-if [ -d /NextApps -a ! -f /bin/uname -a ! -f /usr/bin/uname ]
-then
-	# probably a NeXT box
-	arch=`hostinfo | sed -n 's/.*Processor type: \([^ ]*\).*/\1/p'`
-	os=NeXT
-	rel=`hostinfo | sed -n 's/.*NeXT Mach \([0-9\.]*\).*/\1/p'`
-elif [ -f /usr/sony/bin/machine -a -f /etc/osversion ]
-then
-	# probably a Sony NEWS 4.x
-	os=NEWS-OS
-	rel=`awk '{ print $3}' /etc/osversion`
-	arch=`/usr/sony/bin/machine`
-elif [ -d /usr/omron -a -f /bin/luna ]
-then
-	# probably a Omron LUNA
-	os=LUNA
-	if [ -f /bin/luna1 ] && /bin/luna1
-	then
-		rel=unios-b
-		arch=luna1
-	elif [ -f /bin/luna2 ] && /bin/luna2
-	then
-		rel=Mach
-		arch=luna2
-	elif [ -f /bin/luna88k ] && /bin/luna88k
-	then
-		rel=Mach
-		arch=luna88k
-	fi
-elif [ -d /usr/apollo -a -d \`node_data ]
-then
-	# probably a Apollo/DOMAIN
-	os=DomainOS
-	arch=$ISP
-	rel=`/usr/apollo/bin/bldt | grep Domain | awk '{ print $4 }' | sed -e 's/,//g'`
-fi
-
-if [ ! "$arch" -a ! "$os" -a ! "$rel" ]
-then
-	arch=`uname -m | sed -e 's/ //g'`
-	os=`uname -s | sed -e 's/\//-/g' -e 's/ //g'`
-	rel=`uname -r | sed -e 's/(/-/g' -e 's/)//g'`
-fi
-
-#
-#  Tweak the values we have already got.  PLEASE LIMIT THESE to
-#  tweaks that are absolutely necessary because your system uname
-#  routine doesn't return something sufficiently unique.  Don't do
-#  it just because you don't like the name that is returned.  You
-#  can combine the architecture name with the os name to create a
-#  unique Makefile name.
-#
-
-# tweak machine architecture
-case $arch
-in
-  sun4*)	arch=sun4;;
-
-  9000/*)	arch=`echo $arch | sed -e 's/9000.//' -e 's/..$/xx/'`;;
-
-  DS/907000)	arch=ds90;;
-
-  NILE*)	arch=NILE
-		os=`uname -v`;;
-esac
-
-# tweak operating system type and release
-node=`uname -n | sed -e 's/\//-/g' -e 's/ //g'`
-if [ "$os" = "$node" -a "$arch" = "i386" -a "$rel" = 3.2 -a "`uname -v`" = 2 ]
-then
-	# old versions of SCO UNIX set uname -s the same as uname -n
-	os=SCO_SV
-fi
-if [ "$rel" = 4.0 ]
-then
-	case $arch in
-	  3[34]??|3[34]??,*)
-		if [ -d /usr/sadm/sysadm/add-ons/WIN-TCP ]
-		then
-			os=NCR.MP-RAS.2.x
-		elif [ -d /usr/sadm/sysadm/add-ons/inet ]
-		then
-			os=NCR.MP-RAS.3.x
-		fi
-		;;
-	esac
-fi
-
-case $os
-in
-  DYNIX-ptx)	os=PTX;;
-  Paragon*)	os=Paragon;;
-  HP-UX)	rel=`echo $rel | sed -e 's/^[^.]*\.0*//'`;;
-  AIX)		rela=$rel
-		rel=`uname -v`
-		case $rel in
-		  2)	arch=""
-			;;
-		  4)	if [ "$rela" = "3" ]
-			then
-				arch=$rela
-			fi
-			;;
-		esac
-		rel=$rel.$rela
-		;;
-  BSD-386)	os=BSD-OS;;
-  SCO_SV)	os=SCO; rel=`uname -X | sed -n 's/Release = 3.2v//p'`;;
-  UNIX_System_V) if [ "$arch" = "ds90" ]
-		then
-			os="UXPDS"
-			rel=`uname -v | sed -e 's/\(V.*\)L.*/\1/'`
-		fi;;
-  SINIX-?)	os=SINIX;;
-  DomainOS)	case $rel in
-		  10.4*)	rel=10.4;;
-		esac
-		;;
-esac
-
-# get "base part" of operating system release
-rroot=`echo $rel | sed -e 's/\.[^.]*$//'`
-rbase=`echo $rel | sed -e 's/\..*//'`
-if [ "$rroot" = "$rbase" ]
-then
-	rroot=$rel
-fi
-
-# heuristic tweaks to clean up names -- PLEASE LIMIT THESE!
-if [ "$os" = "unix" ]
-then
-	# might be Altos System V
-	case $rel
-	in
-	  5.3*)		os=Altos;;
-	esac
-elif [ -r /unix -a -r /usr/lib/libseq.a -a -r /lib/cpp ]
-then
-	# might be a DYNIX/ptx 2.x system, which has a broken uname
-	if strings /lib/cpp | grep _SEQUENT_ > /dev/null
-	then
-		os=PTX
-	fi
-elif [ -d /usr/nec ]
-then
-	# NEC machine -- what is it running?
-	if [ "$os" = "UNIX_System_V" ]
-	then
-		os=EWS-UX_V
-	elif [ "$os" = "UNIX_SV" ]
-	then
-		os=UX4800
-	fi
-elif [ "$arch" = "mips" ]
-then
-	case $rel
-	in
-	  4_*)
-		if [ `uname -v` = "UMIPS" ]
-		then
-			os=RISCos
-		fi;;
-	esac
-fi
-
-# see if there is a "user suffix" specified
-if [ "${SENDMAIL_SUFFIX-}x" = "x" ]
-then
-	sfx=""
-else
-	sfx=".${SENDMAIL_SUFFIX}"
-fi
-
-echo "Configuration: os=$os, rel=$rel, rbase=$rbase, rroot=$rroot, arch=$arch, sfx=$sfx"
-
-
-SMROOT=${SMROOT-..}
-BUILDTOOLS=${BUILDTOOLS-$SMROOT/BuildTools}
-export SMROOT BUILDTOOLS
-
-# see if we are in a Build-able directory
-if [ ! -f Makefile.m4 ]; then
-	echo "Makefile.m4 not found.  Build can only be run from a source directory."
-	exit $EX_UNAVAILABLE
-fi
-
-# now try to find a reasonable object directory
-if [ -r obj.$os.$rel.$arch$sfx ]; then
-	obj=obj.$os.$rel.$arch$sfx
-elif [ -r obj.$os.$rroot.$arch$sfx ]; then
-	obj=obj.$os.$rroot.$arch$sfx
-elif [ -r obj.$os.$rbase.x.$arch$sfx ]; then
-	obj=obj.$os.$rbase.x.$arch$sfx
-elif [ -r obj.$os.$rel$sfx ]; then
-	obj=obj.$os.$rel$sfx
-elif [ -r obj.$os.$rbase.x$sfx ]; then
-	obj=obj.$os.$rbase.x$sfx
-elif [ -r obj.$os.$arch$sfx ]; then
-	obj=obj.$os.$arch$sfx
-elif [ -r obj.$rel.$arch$sfx ]; then
-	obj=obj.$rel.$arch$sfx
-elif [ -r obj.$rbase.x.$arch$sfx ]; then
-	obj=obj.$rbase.x.$arch$sfx
-elif [ -r obj.$os$sfx ]; then
-	obj=obj.$os$sfx
-elif [ -r obj.$arch$sfx ]; then
-	obj=obj.$arch$sfx
-elif [ -r obj.$rel$sfx ]; then
-	obj=obj.$rel$sfx
-elif [ -r obj$sfx ]; then
-	obj=obj$sfx
-fi
-if [ -z "$obj" -o "$cflag" ]
-then
-	if [ -n "$obj" ]
-	then
-		echo "Clearing out existing $obj tree"
-		rm -rf $obj
-	else
-		# no existing obj directory -- try to create one if Makefile found
-		obj=obj.$os.$rel.$arch$sfx
-	fi
-	if [ -r $BUILDTOOLS/OS/$os.$rel.$arch$sfx ]; then
-		oscf=$os.$rel.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rel.$arch ]; then
-		oscf=$os.$rel.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot.$arch$sfx ]; then
-		oscf=$os.$rroot.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot.$arch ]; then
-		oscf=$os.$rroot.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x.$arch$sfx ]; then
-		oscf=$os.$rbase.x.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x.$arch ]; then
-		oscf=$os.$rbase.x.$arch
-	elif [ -r $BUILDTOOLS/OS/$os.$rel$sfx ]; then
-		oscf=$os.$rel$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rel ]; then
-		oscf=$os.$rel
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot$sfx ]; then
-		oscf=$os.$rroot$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rroot ]; then
-		oscf=$os.$rroot
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x$sfx ]; then
-		oscf=$os.$rbase.x$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$rbase.x ]; then
-		oscf=$os.$rbase.x
-	elif [ -r $BUILDTOOLS/OS/$os.$arch$sfx ]; then
-		oscf=$os.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$os.$arch ]; then
-		oscf=$os.$arch
-	elif [ -r $BUILDTOOLS/OS/$rel.$arch$sfx ]; then
-		oscf=$rel.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rel.$arch ]; then
-		oscf=$rel.$arch
-	elif [ -r $BUILDTOOLS/OS/$rroot.$arch$sfx ]; then
-		oscf=$rroot.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rroot.$arch ]; then
-		oscf=$rroot.$arch
-	elif [ -r $BUILDTOOLS/OS/$rbase.x.$arch$sfx ]; then
-		oscf=$rbase.x.$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$rbase.x.$arch ]; then
-		oscf=$rbase.x.$arch
-	elif [ -r $BUILDTOOLS/OS/$os$sfx ]; then
-		oscf=$os$sfx
-	elif [ -r $BUILDTOOLS/OS/$os ]; then
-		oscf=$os
-	elif [ -r $BUILDTOOLS/OS/$arch$sfx ]; then
-		oscf=$arch$sfx
-	elif [ -r $BUILDTOOLS/OS/$arch ]; then
-		oscf=$arch
-	elif [ -r $BUILDTOOLS/OS/$rel$sfx ]; then
-		oscf=$rel$sfx
-	elif [ -r $BUILDTOOLS/OS/$rel ]; then
-		oscf=$rel
-	elif [ -r $BUILDTOOLS/OS/$rel$sfx ]; then
-		oscf=$rel$sfx
-	else
-		echo "Cannot determine how to support $arch.$os.$rel" >&2
-		exit $EX_UNAVAILABLE
-	fi
-	M4=`sh $BUILDTOOLS/bin/find_m4.sh`
-	ret=$?
-	if [ $ret -ne 0 ]
-	then
-		exit $ret
-	fi
-	echo "Using M4=$M4"
-	export M4
-	if [ "$mflag" ]
-	then
-		echo "Will run in virgin $obj using $BUILDTOOLS/OS/$oscf"
-		exit 0
-	fi
-	if [ "$ABI" ]
-	then
-		echo "Using ABI $ABI"
-	fi
-	echo "Creating $obj using $BUILDTOOLS/OS/$oscf"
-	mkdir $obj
-	(cd $obj; ln -s ../*.[ch158] .)
-	if [ -f sendmail.hf ]
-	then
-		(cd $obj; ln -s ../sendmail.hf .)
-	fi
-
-	rm -f $obj/.settings$$
-	echo 'divert(-1)' > $obj/.settings$$
-	cat $BUILDTOOLS/M4/header.m4 >> $obj/.settings$$
-	if [ "$ABI" ]
-	then
-		echo "define(\`confABI', \`$ABI')" >> $obj/.settings$$
-	fi
-	cat $BUILDTOOLS/OS/$oscf >> $obj/.settings$$
-
-	if [ -z "$siteconfig" ]
-	then
-		# none specified, use defaults
-		if [ -f $BUILDTOOLS/Site/site.$oscf$sfx.m4 ]
-		then
-			siteconfig=$BUILDTOOLS/Site/site.$oscf$sfx.m4
-		elif [ -f $BUILDTOOLS/Site/site.$oscf.m4 ]
-		then
-			siteconfig=$BUILDTOOLS/Site/site.$oscf.m4
-		fi
-		if [ -f $BUILDTOOLS/Site/site.config.m4 ]
-		then
-			siteconfig="$BUILDTOOLS/Site/site.config.m4 $siteconfig"
-		fi
-	fi
-	if [ ! -z "$siteconfig" ]
-	then
-		echo "Including $siteconfig"
-		cat $siteconfig >> $obj/.settings$$
-	fi
-	if [ "$libdirs" ]
-	then
-		echo "define(\`confLIBDIRS', confLIBDIRS \`\`$libdirs'')" >> $obj/.settings$$
-	fi
-	if [ "$incdirs" ]
-	then
-		echo "define(\`confINCDIRS', confINCDIRS \`\`$incdirs'')" >> $obj/.settings$$
-	fi
-	echo 'divert(0)dnl' >> $obj/.settings$$
-	libdirs=`(cat $obj/.settings$$; echo "_SRIDBIL_= confLIBDIRS" ) | \
-		sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
-		grep "^_SRIDBIL_=" | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_SRIDBIL_=//"`
-	libsrch=`(cat $obj/.settings$$; echo "_HCRSBIL_= confLIBSEARCH" ) | \
-		sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
-		grep "^_HCRSBIL_=" | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_HCRSBIL_=//"`
-	echo 'divert(-1)' >> $obj/.settings$$
-	LIBDIRS="$libdirs" LIBSRCH="$libsrch" SITECONFIG="$siteconfig" sh $BUILDTOOLS/bin/configure.sh $sflag $oscf >> $obj/.settings$$
-	echo 'divert(0)dnl' >> $obj/.settings$$
-	sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' $obj/.settings$$ | \
-		${M4} -DconfBUILDTOOLSDIR=$BUILDTOOLS - Makefile.m4 | \
-		sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' > $obj/Makefile
-	if [ $? -ne 0 -o ! -s $obj/Makefile ]
-	then
-		echo "ERROR: ${M4} failed; You may need a newer version of M4, at least as new as System V or GNU" 1>&2
-		rm -rf $obj
-		exit $EX_UNAVAILABLE
-	fi
-	rm -f $obj/.settings$$
-	echo "Making dependencies in $obj"
-	(cd $obj; ${MAKE-make} depend)
-fi
-
-if [ "$mflag" ]
-then
-	makefile=`ls -l $obj/Makefile | sed 's/.* //'`
-	if [ -z "$makefile" ]
-	then
-		echo "ERROR: $obj exists but has no Makefile" >&2
-		exit $EX_NOINPUT
-	fi
-	echo "Will run in existing $obj using $makefile"
-	exit 0
-fi
+#	$Id: makesendmail,v 8.4 1999/04/04 07:01:42 gshapiro Exp $
 
-echo "Making in $obj"
-cd $obj
-eval exec ${MAKE-make} $makeargs
+exec ./Build $*
diff --git a/contrib/sendmail/src/map.c b/contrib/sendmail/src/map.c
index 8fc3387f..3908966 100644
--- a/contrib/sendmail/src/map.c
+++ b/contrib/sendmail/src/map.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1992, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1992, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,10 +12,11 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)map.c	8.261 (Berkeley) 2/2/1999";
-#endif /* not lint */
+static char id[] = "@(#)$Id: map.c,v 8.414.4.13 2000/07/14 16:48:21 ca Exp $";
+#endif /* ! lint */
+
+#include <sendmail.h>
 
-#include "sendmail.h"
 
 #ifdef NDBM
 # include <ndbm.h>
@@ -23,21 +25,54 @@ static char sccsid[] = "@(#)map.c	8.261 (Berkeley) 2/2/1999";
   ERROR README:	the README file about tweaking Berkeley DB so it can
   ERROR README:	coexist with NDBM, or delete -DNDBM from the Makefile
   ERROR README: and use -DNEWDB instead.
-# endif
-#endif
+# endif /* R_FIRST */
+#endif /* NDBM */
 #ifdef NEWDB
 # include <db.h>
 # ifndef DB_VERSION_MAJOR
 #  define DB_VERSION_MAJOR 1
-# endif
-#endif
+# endif /* ! DB_VERSION_MAJOR */
+#endif /* NEWDB */
 #ifdef NIS
   struct dom_binding;	/* forward reference needed on IRIX */
 # include <rpcsvc/ypclnt.h>
 # ifdef NDBM
 #  define NDBM_YP_COMPAT	/* create YP-compatible NDBM files */
-# endif
-#endif
+# endif /* NDBM */
+#endif /* NIS */
+
+#ifdef NEWDB
+# if DB_VERSION_MAJOR < 2
+static bool	db_map_open __P((MAP *, int, char *, DBTYPE, const void *));
+# endif /* DB_VERSION_MAJOR < 2 */
+# if DB_VERSION_MAJOR == 2
+static bool	db_map_open __P((MAP *, int, char *, DBTYPE, DB_INFO *));
+# endif /* DB_VERSION_MAJOR == 2 */
+# if DB_VERSION_MAJOR > 2
+static bool	db_map_open __P((MAP *, int, char *, DBTYPE, void **));
+# endif /* DB_VERSION_MAJOR > 2 */
+#endif /* NEWDB */
+static bool	extract_canonname __P((char *, char *, char[], int));
+#ifdef LDAPMAP
+static void	ldapmap_clear __P((LDAPMAP_STRUCT *));
+static STAB	*ldapmap_findconn __P((LDAPMAP_STRUCT *));
+static int	ldapmap_geterrno __P((LDAP *));
+static void	ldapmap_setopts __P((LDAP *, LDAPMAP_STRUCT *));
+static bool	ldapmap_start __P((MAP *));
+static void	ldaptimeout __P((int));
+#endif /* LDAPMAP */
+static void	map_close __P((STAB *, int));
+static void	map_init __P((STAB *, int));
+#ifdef NISPLUS
+static bool	nisplus_getcanonname __P((char *, int, int *));
+#endif /* NISPLUS */
+#ifdef NIS
+static bool	nis_getcanonname __P((char *, int, int *));
+#endif /* NIS */
+#if NETINFO
+static bool	ni_getcanonname __P((char *, int, int *));
+#endif /* NETINFO */
+static bool	text_getcanonname __P((char *, int, int *));
 
 /*
 **  MAP.C -- implementations for various map classes.
@@ -83,20 +118,17 @@ static char sccsid[] = "@(#)map.c	8.261 (Berkeley) 2/2/1999";
 
 #ifndef EX_NOTFOUND
 # define EX_NOTFOUND	EX_NOHOST
-#endif
-
-extern bool	aliaswait __P((MAP *, char *, int));
-extern bool	extract_canonname __P((char *, char *, char[], int));
+#endif /* ! EX_NOTFOUND */
 
 #if O_EXLOCK && HASFLOCK && !BOGUS_O_EXCL
 # define LOCK_ON_OPEN	1	/* we can open/create a locked file */
-#else
+#else /* O_EXLOCK && HASFLOCK && !BOGUS_O_EXCL */
 # define LOCK_ON_OPEN	0	/* no such luck -- bend over backwards */
-#endif
+#endif /* O_EXLOCK && HASFLOCK && !BOGUS_O_EXCL */
 
 #ifndef O_ACCMODE
 # define O_ACCMODE	(O_RDONLY|O_WRONLY|O_RDWR)
-#endif
+#endif /* ! O_ACCMODE */
 /*
 **  MAP_PARSEARGS -- parse config line arguments for database lookup
 **
@@ -121,7 +153,12 @@ map_parseargs(map, ap)
 {
 	register char *p = ap;
 
+	/*
+	**  there is no check whether there is really an argument,
+	**  but that's not important enough to warrant extra code
+	*/
 	map->map_mflags |= MF_TRY0NULL | MF_TRY1NULL;
+	map->map_spacesub = SpaceSub;	/* default value */
 	for (;;)
 	{
 		while (isascii(*p) && isspace(*p))
@@ -204,15 +241,18 @@ map_parseargs(map, ap)
 			map->map_mflags |= MF_NODEFER;
 			break;
 
-#ifdef RESERVED_FOR_SUN
-		  case 'd':
-			map->map_mflags |= MF_DOMAIN_WIDE;
+
+		  case 'S':
+			map->map_spacesub = *++p;
 			break;
 
-		  case 's':
-			/* info type */
+		  case 'D':
+			map->map_mflags |= MF_DEFER;
+			break;
+
+		  default:
+			syserr("Illegal option %c map %s", *p, map->map_mname);
 			break;
-#endif
 		}
 		while (*p != '\0' && !(isascii(*p) && isspace(*p)))
 			p++;
@@ -290,15 +330,15 @@ map_rewrite(map, s, slen, av)
 
 	if (tTd(39, 1))
 	{
-		printf("map_rewrite(%.*s), av =", (int)slen, s);
+		dprintf("map_rewrite(%.*s), av =", (int)slen, s);
 		if (av == NULL)
-			printf(" (nullv)");
+			dprintf(" (nullv)");
 		else
 		{
 			for (avp = av; *avp != NULL; avp++)
-				printf("\n\t%s", *avp);
+				dprintf("\n\t%s", *avp);
 		}
-		printf("\n");
+		dprintf("\n");
 	}
 
 	/* count expected size of output (can safely overestimate) */
@@ -337,8 +377,11 @@ map_rewrite(map, s, slen, av)
 	bp = buf;
 	if (av == NULL)
 	{
-		bcopy(s, bp, slen);
+		memmove(bp, s, slen);
 		bp += slen;
+
+		/* assert(len > slen); */
+		len -= slen;
 	}
 	else
 	{
@@ -347,6 +390,8 @@ map_rewrite(map, s, slen, av)
 			if (c != '%')
 			{
   pushc:
+				if (--len <= 0)
+					break;
 				*bp++ = c;
 				continue;
 			}
@@ -357,6 +402,7 @@ map_rewrite(map, s, slen, av)
 			if (!(isascii(c) && isdigit(c)))
 			{
 				*bp++ = '%';
+				--len;
 				goto pushc;
 			}
 			for (avp = av; --c >= '0' && *avp != NULL; avp++)
@@ -365,59 +411,59 @@ map_rewrite(map, s, slen, av)
 				continue;
 
 			/* transliterate argument into output string */
-			for (ap = *avp; (c = *ap++) != '\0'; )
+			for (ap = *avp; (c = *ap++) != '\0' && len > 0; --len)
 				*bp++ = c;
 		}
 	}
-	if (map->map_app != NULL)
-		strcpy(bp, map->map_app);
+	if (map->map_app != NULL && len > 0)
+		(void) strlcpy(bp, map->map_app, len);
 	else
 		*bp = '\0';
 	if (tTd(39, 1))
-		printf("map_rewrite => %s\n", buf);
+		dprintf("map_rewrite => %s\n", buf);
 	return buf;
 }
 /*
-**  INITMAPS -- initialize for aliasing
+**  INITMAPS -- rebuild alias maps
 **
 **	Parameters:
-**		rebuild -- if TRUE, this rebuilds the cached versions.
-**		e -- current envelope.
+**		none.
 **
 **	Returns:
 **		none.
-**
-**	Side Effects:
-**		initializes aliases:
-**		if alias database:  opens the database.
-**		if no database available: reads aliases into the symbol table.
 */
 
 void
-initmaps(rebuild, e)
-	bool rebuild;
-	register ENVELOPE *e;
+initmaps()
 {
-	extern void map_init __P((STAB *, int));
-
 #if XDEBUG
 	checkfd012("entering initmaps");
-#endif
-	CurEnv = e;
-
+#endif /* XDEBUG */
 	stabapply(map_init, 0);
-	stabapply(map_init, rebuild ? 2 : 1);
 #if XDEBUG
 	checkfd012("exiting initmaps");
-#endif
+#endif /* XDEBUG */
 }
+/*
+**  MAP_INIT -- rebuild a map
+**
+**	Parameters:
+**		s -- STAB entry: if map: try to rebuild
+**		unused -- unused variable
+**
+**	Returns:
+**		none.
+**
+**	Side Effects:
+**		will close already open rebuildable map.
+*/
 
-void
-map_init(s, pass)
+/* ARGSUSED1 */
+static void
+map_init(s, unused)
 	register STAB *s;
-	int pass;
+	int unused;
 {
-	bool rebuildable;
 	register MAP *map;
 
 	/* has to be a map */
@@ -429,28 +475,17 @@ map_init(s, pass)
 		return;
 
 	if (tTd(38, 2))
-		printf("map_init(%s:%s, %s, %d)\n",
+		dprintf("map_init(%s:%s, %s)\n",
 			map->map_class->map_cname == NULL ? "NULL" :
 				map->map_class->map_cname,
 			map->map_mname == NULL ? "NULL" : map->map_mname,
-			map->map_file == NULL ? "NULL" : map->map_file,
-			pass);
+			map->map_file == NULL ? "NULL" : map->map_file);
 
-	/*
-	**  Pass 0 opens all non-rebuildable maps.
-	**  Pass 1 opens all rebuildable maps for read.
-	**  Pass 2 rebuilds all rebuildable maps.
-	*/
-
-	rebuildable = (bitset(MF_ALIAS, map->map_mflags) &&
-		       bitset(MCF_REBUILDABLE, map->map_class->map_cflags));
-
-	if ((pass == 0 && rebuildable) ||
-	    ((pass == 1 || pass == 2) && !rebuildable))
+	if (!bitset(MF_ALIAS, map->map_mflags) ||
+	    !bitset(MCF_REBUILDABLE, map->map_class->map_cflags))
 	{
 		if (tTd(38, 3))
-			printf("\twrong pass (pass = %d, rebuildable = %d)\n",
-			       pass, rebuildable);
+			dprintf("\tnot rebuildable\n");
 		return;
 	}
 
@@ -461,16 +496,50 @@ map_init(s, pass)
 		map->map_mflags &= ~(MF_OPEN|MF_WRITABLE);
 	}
 
-	if (pass == 2)
+	(void) rebuildaliases(map, FALSE);
+	return;
+}
+/*
+**  OPENMAP -- open a map
+**
+**	Parameters:
+**		map -- map to open (it must not be open).
+**
+**	Returns:
+**		whether open succeeded.
+**
+*/
+
+bool
+openmap(map)
+	MAP *map;
+{
+	bool restore = FALSE;
+	bool savehold = HoldErrs;
+	bool savequick = QuickAbort;
+	int saveerrors = Errors;
+
+	if (!bitset(MF_VALID, map->map_mflags))
+		return FALSE;
+
+	/* better safe than sorry... */
+	if (bitset(MF_OPEN, map->map_mflags))
+		return TRUE;
+
+	/* Don't send a map open error out via SMTP */
+	if ((OnlyOneError || QuickAbort) &&
+	    (OpMode == MD_SMTP || OpMode == MD_DAEMON))
 	{
-		(void) rebuildaliases(map, FALSE);
-		return;
+		restore = TRUE;
+		HoldErrs = TRUE;
+		QuickAbort = FALSE;
 	}
 
+	errno = 0;
 	if (map->map_class->map_open(map, O_RDONLY))
 	{
 		if (tTd(38, 4))
-			printf("\t%s:%s %s: valid\n",
+			dprintf("openmap()\t%s:%s %s: valid\n",
 				map->map_class->map_cname == NULL ? "NULL" :
 					map->map_class->map_cname,
 				map->map_mname == NULL ? "NULL" :
@@ -483,14 +552,15 @@ map_init(s, pass)
 	else
 	{
 		if (tTd(38, 4))
-			printf("\t%s:%s %s: invalid: %s\n",
+			dprintf("openmap()\t%s:%s %s: invalid%s%s\n",
 				map->map_class->map_cname == NULL ? "NULL" :
 					map->map_class->map_cname,
 				map->map_mname == NULL ? "NULL" :
 					map->map_mname,
 				map->map_file == NULL ? "NULL" :
 					map->map_file,
-				errstring(errno));
+				errno == 0 ? "" : ": ",
+				errno == 0 ? "" : errstring(errno));
 		if (!bitset(MF_OPTIONAL, map->map_mflags))
 		{
 			extern MAPCLASS BogusMapClass;
@@ -499,7 +569,21 @@ map_init(s, pass)
 			map->map_mflags |= MF_OPEN;
 			map->map_pid = getpid();
 		}
+		else
+		{
+			/* don't try again */
+			map->map_mflags &= ~MF_VALID;
+		}
 	}
+
+	if (restore)
+	{
+		Errors = saveerrors;
+		HoldErrs = savehold;
+		QuickAbort = savequick;
+	}
+
+	return bitset(MF_OPEN, map->map_mflags);
 }
 /*
 **  CLOSEMAPS -- close all open maps opened by the current pid.
@@ -514,13 +598,21 @@ map_init(s, pass)
 void
 closemaps()
 {
-	extern void map_close __P((STAB *, int));
-
 	stabapply(map_close, 0);
 }
+/*
+**  MAP_CLOSE -- close a map opened by the current pid.
+**
+**	Parameters:
+**		s -- STAB entry: if map: try to open
+**		second parameter is unused (required by stabapply())
+**
+**	Returns:
+**		none.
+*/
 
 /* ARGSUSED1 */
-void
+static void
 map_close(s, unused)
 	register STAB *s;
 	int unused;
@@ -529,19 +621,20 @@ map_close(s, unused)
 
 	if (s->s_type != ST_MAP)
 		return;
-	
+
 	map = &s->s_map;
 
 	if (!bitset(MF_VALID, map->map_mflags) ||
 	    !bitset(MF_OPEN, map->map_mflags) ||
+	    bitset(MF_SHARED, map->map_mflags) ||
 	    map->map_pid != getpid())
 		return;
-	
+
 	if (tTd(38, 5))
-		printf("closemaps: closing %s (%s)\n",
-		       map->map_mname == NULL ? "NULL" : map->map_mname,
-		       map->map_file == NULL ? "NULL" : map->map_file);
-	
+		dprintf("closemaps: closing %s (%s)\n",
+			map->map_mname == NULL ? "NULL" : map->map_mname,
+			map->map_file == NULL ? "NULL" : map->map_file);
+
 	map->map_class->map_close(map);
 	map->map_mflags &= ~(MF_OPEN|MF_WRITABLE);
 }
@@ -568,7 +661,7 @@ getcanonname(host, hbsize, trymx)
 	int mapno;
 	bool found = FALSE;
 	bool got_tempfail = FALSE;
-	auto int stat;
+	auto int status;
 	char *maptype[MAXMAPSTACK];
 	short mapreturn[MAXMAPACTIONS];
 
@@ -578,50 +671,40 @@ getcanonname(host, hbsize, trymx)
 		int i;
 
 		if (tTd(38, 20))
-			printf("getcanonname(%s), trying %s\n",
+			dprintf("getcanonname(%s), trying %s\n",
 				host, maptype[mapno]);
 		if (strcmp("files", maptype[mapno]) == 0)
 		{
-			extern bool text_getcanonname __P((char *, int, int *));
-
-			found = text_getcanonname(host, hbsize, &stat);
+			found = text_getcanonname(host, hbsize, &status);
 		}
 #ifdef NIS
 		else if (strcmp("nis", maptype[mapno]) == 0)
 		{
-			extern bool nis_getcanonname __P((char *, int, int *));
-
-			found = nis_getcanonname(host, hbsize, &stat);
+			found = nis_getcanonname(host, hbsize, &status);
 		}
-#endif
+#endif /* NIS */
 #ifdef NISPLUS
 		else if (strcmp("nisplus", maptype[mapno]) == 0)
 		{
-			extern bool nisplus_getcanonname __P((char *, int, int *));
-
-			found = nisplus_getcanonname(host, hbsize, &stat);
+			found = nisplus_getcanonname(host, hbsize, &status);
 		}
-#endif
+#endif /* NISPLUS */
 #if NAMED_BIND
 		else if (strcmp("dns", maptype[mapno]) == 0)
 		{
-			extern bool dns_getcanonname __P((char *, int, bool, int *));
-
-			found = dns_getcanonname(host, hbsize, trymx, &stat);
+			found = dns_getcanonname(host, hbsize, trymx, &status);
 		}
-#endif
+#endif /* NAMED_BIND */
 #if NETINFO
 		else if (strcmp("netinfo", maptype[mapno]) == 0)
 		{
-			extern bool ni_getcanonname __P((char *, int, int *));
-
-			found = ni_getcanonname(host, hbsize, &stat);
+			found = ni_getcanonname(host, hbsize, &status);
 		}
-#endif
+#endif /* NETINFO */
 		else
 		{
 			found = FALSE;
-			stat = EX_UNAVAILABLE;
+			status = EX_UNAVAILABLE;
 		}
 
 		/*
@@ -637,12 +720,12 @@ getcanonname(host, hbsize, trymx)
 			break;
 
 		/* see if we should continue */
-		if (stat == EX_TEMPFAIL)
+		if (status == EX_TEMPFAIL)
 		{
 			i = MA_TRYAGAIN;
 			got_tempfail = TRUE;
 		}
-		else if (stat == EX_NOTFOUND)
+		else if (status == EX_NOTFOUND)
 			i = MA_NOTFOUND;
 		else
 			i = MA_UNAVAIL;
@@ -655,7 +738,7 @@ getcanonname(host, hbsize, trymx)
 		char *d;
 
 		if (tTd(38, 20))
-			printf("getcanonname(%s), found\n", host);
+			dprintf("getcanonname(%s), found\n", host);
 
 		/*
 		**  If returned name is still single token, compensate
@@ -670,26 +753,24 @@ getcanonname(host, hbsize, trymx)
 			    hbsize > (int) (strlen(host) + strlen(d) + 1))
 			{
 				if (host[strlen(host) - 1] != '.')
-					strcat(host, ".");
-				strcat(host, d);
+					(void) strlcat(host, ".", hbsize);
+				(void) strlcat(host, d, hbsize);
 			}
 			else
-			{
 				return FALSE;
-			}
 		}
 		return TRUE;
 	}
 
 	if (tTd(38, 20))
-		printf("getcanonname(%s), failed, stat=%d\n", host, stat);
+		dprintf("getcanonname(%s), failed, status=%d\n", host, status);
 
 #if NAMED_BIND
 	if (got_tempfail)
 		h_errno = TRY_AGAIN;
 	else
 		h_errno = HOST_NOT_FOUND;
-#endif
+#endif /* NAMED_BIND */
 
 	return FALSE;
 }
@@ -707,7 +788,7 @@ getcanonname(host, hbsize, trymx)
 **		FALSE -- otherwise.
 */
 
-bool
+static bool
 extract_canonname(name, line, cbuf, cbuflen)
 	char *name;
 	char *line;
@@ -717,7 +798,6 @@ extract_canonname(name, line, cbuf, cbuflen)
 	int i;
 	char *p;
 	bool found = FALSE;
-	extern char *get_column __P((char *, int, char, char *, int));
 
 	cbuf[0] = '\0';
 	if (line[0] == '#')
@@ -746,11 +826,11 @@ extract_canonname(name, line, cbuf, cbuflen)
 		char *domain = macvalue('m', CurEnv);
 
 		if (domain != NULL &&
-		    strlen(domain) + strlen(cbuf) + 1 < cbuflen)
+		    strlen(domain) + (i = strlen(cbuf)) + 1 < (size_t) cbuflen)
 		{
-			p = &cbuf[strlen(cbuf)];
+			p = &cbuf[i];
 			*p++ = '.';
-			strcpy(p, domain);
+			(void) strlcpy(p, domain, cbuflen - i - 1);
 		}
 	}
 	return found;
@@ -771,18 +851,19 @@ ndbm_map_open(map, mode)
 	int mode;
 {
 	register DBM *dbm;
-	struct stat st;
+	int save_errno;
 	int dfd;
 	int pfd;
-	int sff;
+	long sff;
 	int ret;
 	int smode = S_IREAD;
 	char dirfile[MAXNAME + 1];
 	char pagfile[MAXNAME + 1];
+	struct stat st;
 	struct stat std, stp;
 
 	if (tTd(38, 2))
-		printf("ndbm_map_open(%s, %s, %d)\n",
+		dprintf("ndbm_map_open(%s, %s, %d)\n",
 			map->map_mname, map->map_file, mode);
 	map->map_lockfd = -1;
 	mode &= O_ACCMODE;
@@ -794,24 +875,26 @@ ndbm_map_open(map, mode)
 	if (mode == O_RDWR)
 	{
 		sff |= SFF_CREAT;
-		if (!bitset(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail))
+		if (!bitnset(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail))
 			sff |= SFF_NOSLINK;
-		if (!bitset(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail))
+		if (!bitnset(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail))
 			sff |= SFF_NOHLINK;
 		smode = S_IWRITE;
 	}
 	else
 	{
-		if (!bitset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail))
+		if (!bitnset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail))
 			sff |= SFF_NOWLINK;
 	}
-	if (!bitset(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail))
+	if (!bitnset(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail))
 		sff |= SFF_SAFEDIRPATH;
 	ret = safefile(dirfile, RunAsUid, RunAsGid, RunAsUserName,
 			    sff, smode, &std);
 	if (ret == 0)
 		ret = safefile(pagfile, RunAsUid, RunAsGid, RunAsUserName,
 			       sff, smode, &stp);
+
+# if !_FFR_REMOVE_AUTOREBUILD
 	if (ret == ENOENT && AutoRebuild &&
 	    bitset(MCF_REBUILDABLE, map->map_class->map_cflags) &&
 	    (bitset(MF_IMPL_NDBM, map->map_mflags) ||
@@ -819,7 +902,6 @@ ndbm_map_open(map, mode)
 	    mode == O_RDONLY)
 	{
 		bool impl = bitset(MF_IMPL_NDBM, map->map_mflags);
-		extern bool impl_map_open __P((MAP *, int));
 
 		/* may be able to rebuild */
 		map->map_mflags &= ~MF_IMPL_NDBM;
@@ -830,6 +912,8 @@ ndbm_map_open(map, mode)
 		else
 			return ndbm_map_open(map, O_RDONLY);
 	}
+# endif /* !_FFR_REMOVE_AUTOREBUILD */
+
 	if (ret != 0)
 	{
 		char *prob = "unsafe";
@@ -838,7 +922,7 @@ ndbm_map_open(map, mode)
 		if (ret == ENOENT)
 			prob = "missing";
 		if (tTd(38, 2))
-			printf("\t%s map file: %d\n", prob, ret);
+			dprintf("\t%s map file: %d\n", prob, ret);
 		if (!bitset(MF_OPTIONAL, map->map_mflags))
 			syserr("dbm map \"%s\": %s map file %s",
 				map->map_mname, prob, map->map_file);
@@ -847,15 +931,15 @@ ndbm_map_open(map, mode)
 	if (std.st_mode == ST_MODE_NOFILE)
 		mode |= O_CREAT|O_EXCL;
 
-#if LOCK_ON_OPEN
+# if LOCK_ON_OPEN
 	if (mode == O_RDONLY)
 		mode |= O_SHLOCK;
 	else
 		mode |= O_TRUNC|O_EXLOCK;
-#else
+# else /* LOCK_ON_OPEN */
 	if ((mode & O_ACCMODE) == O_RDWR)
 	{
-# if NOFTRUNCATE
+#  if NOFTRUNCATE
 		/*
 		**  Warning: race condition.  Try to lock the file as
 		**  quickly as possible after opening it.
@@ -864,7 +948,7 @@ ndbm_map_open(map, mode)
 		*/
 
 		mode |= O_TRUNC;
-# else
+#  else /* NOFTRUNCATE */
 		/*
 		**  This ugly code opens the map without truncating it,
 		**  locks the file, then truncates it.  Necessary to
@@ -873,11 +957,11 @@ ndbm_map_open(map, mode)
 
 		int dirfd;
 		int pagfd;
-		int sff = SFF_CREAT|SFF_OPENASROOT;
+		long sff = SFF_CREAT|SFF_OPENASROOT;
 
-		if (!bitset(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail))
+		if (!bitnset(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail))
 			sff |= SFF_NOSLINK;
-		if (!bitset(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail))
+		if (!bitnset(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail))
 			sff |= SFF_NOHLINK;
 
 		dirfd = safeopen(dirfile, mode, DBMMODE, sff);
@@ -885,8 +969,7 @@ ndbm_map_open(map, mode)
 
 		if (dirfd < 0 || pagfd < 0)
 		{
-			int save_errno = errno;
-
+			save_errno = errno;
 			if (dirfd >= 0)
 				(void) close(dirfd);
 			if (pagfd >= 0)
@@ -899,8 +982,7 @@ ndbm_map_open(map, mode)
 		if (ftruncate(dirfd, (off_t) 0) < 0 ||
 		    ftruncate(pagfd, (off_t) 0) < 0)
 		{
-			int save_errno = errno;
-
+			save_errno = errno;
 			(void) close(dirfd);
 			(void) close(pagfd);
 			errno = save_errno;
@@ -913,8 +995,7 @@ ndbm_map_open(map, mode)
 		if (std.st_mode == ST_MODE_NOFILE &&
 		    (fstat(dirfd, &std) < 0 || fstat(pagfd, &stp) < 0))
 		{
-			int save_errno = errno;
-
+			save_errno = errno;
 			(void) close(dirfd);
 			(void) close(pagfd);
 			errno = save_errno;
@@ -925,27 +1006,26 @@ ndbm_map_open(map, mode)
 
 		/* have to save the lock for the duration (bletch) */
 		map->map_lockfd = dirfd;
-		close(pagfd);
+		(void) close(pagfd);
 
 		/* twiddle bits for dbm_open */
 		mode &= ~(O_CREAT|O_EXCL);
-# endif
+#  endif /* NOFTRUNCATE */
 	}
-#endif
+# endif /* LOCK_ON_OPEN */
 
 	/* open the database */
 	dbm = dbm_open(map->map_file, mode, DBMMODE);
 	if (dbm == NULL)
 	{
-		int save_errno = errno;
-
+		save_errno = errno;
 		if (bitset(MF_ALIAS, map->map_mflags) &&
 		    aliaswait(map, ".pag", FALSE))
 			return TRUE;
-#if !LOCK_ON_OPEN && !NOFTRUNCATE
+# if !LOCK_ON_OPEN && !NOFTRUNCATE
 		if (map->map_lockfd >= 0)
-			close(map->map_lockfd);
-#endif
+			(void) close(map->map_lockfd);
+# endif /* !LOCK_ON_OPEN && !NOFTRUNCATE */
 		errno = save_errno;
 		if (!bitset(MF_OPTIONAL, map->map_mflags))
 			syserr("Cannot open DBM database %s", map->map_file);
@@ -957,10 +1037,10 @@ ndbm_map_open(map, mode)
 	{
 		/* heuristic: if files are linked, this is actually gdbm */
 		dbm_close(dbm);
-#if !LOCK_ON_OPEN && !NOFTRUNCATE
+# if !LOCK_ON_OPEN && !NOFTRUNCATE
 		if (map->map_lockfd >= 0)
-			close(map->map_lockfd);
-#endif
+			(void) close(map->map_lockfd);
+# endif /* !LOCK_ON_OPEN && !NOFTRUNCATE */
 		errno = 0;
 		syserr("dbm map \"%s\": cannot support GDBM",
 			map->map_mname);
@@ -970,13 +1050,12 @@ ndbm_map_open(map, mode)
 	if (filechanged(dirfile, dfd, &std) ||
 	    filechanged(pagfile, pfd, &stp))
 	{
-		int save_errno = errno;
-
+		save_errno = errno;
 		dbm_close(dbm);
-#if !LOCK_ON_OPEN && !NOFTRUNCATE
+# if !LOCK_ON_OPEN && !NOFTRUNCATE
 		if (map->map_lockfd >= 0)
-			close(map->map_lockfd);
-#endif
+			(void) close(map->map_lockfd);
+# endif /* !LOCK_ON_OPEN && !NOFTRUNCATE */
 		errno = save_errno;
 		syserr("ndbm_map_open(%s): file changed after open",
 			map->map_file);
@@ -984,14 +1063,24 @@ ndbm_map_open(map, mode)
 	}
 
 	map->map_db1 = (ARBPTR_T) dbm;
+
+	/*
+	**  Need to set map_mtime before the call to aliaswait()
+	**  as aliaswait() will call map_lookup() which requires
+	**  map_mtime to be set
+	*/
+
+	if (fstat(dfd, &st) >= 0)
+		map->map_mtime = st.st_mtime;
+
 	if (mode == O_RDONLY)
 	{
-#if LOCK_ON_OPEN
+# if LOCK_ON_OPEN
 		if (dfd >= 0)
 			(void) lockfile(dfd, map->map_file, ".dir", LOCK_UN);
 		if (pfd >= 0)
 			(void) lockfile(pfd, map->map_file, ".pag", LOCK_UN);
-#endif
+# endif /* LOCK_ON_OPEN */
 		if (bitset(MF_ALIAS, map->map_mflags) &&
 		    !aliaswait(map, ".pag", TRUE))
 			return FALSE;
@@ -999,9 +1088,9 @@ ndbm_map_open(map, mode)
 	else
 	{
 		map->map_mflags |= MF_LOCKED;
-#if _FFR_TRUSTED_USER
 		if (geteuid() == 0 && TrustedUid != 0)
 		{
+#  if HASFCHOWN
 			if (fchown(dfd, TrustedUid, -1) < 0 ||
 			    fchown(pfd, TrustedUid, -1) < 0)
 			{
@@ -1013,11 +1102,9 @@ ndbm_map_open(map, mode)
 				message("050 ownership change on %s failed: %s",
 					map->map_file, errstring(err));
 			}
+#  endif /* HASFCHOWN */
 		}
-#endif
 	}
-	if (fstat(dfd, &st) >= 0)
-		map->map_mtime = st.st_mtime;
 	return TRUE;
 }
 
@@ -1039,7 +1126,7 @@ ndbm_map_lookup(map, name, av, statp)
 	struct stat stbuf;
 
 	if (tTd(38, 20))
-		printf("ndbm_map_lookup(%s, %s)\n",
+		dprintf("ndbm_map_lookup(%s, %s)\n",
 			map->map_mname, name);
 
 	key.dptr = name;
@@ -1048,7 +1135,7 @@ ndbm_map_lookup(map, name, av, statp)
 	{
 		if (key.dsize > sizeof keybuf - 1)
 			key.dsize = sizeof keybuf - 1;
-		bcopy(key.dptr, keybuf, key.dsize);
+		memmove(keybuf, key.dptr, key.dsize);
 		keybuf[key.dsize] = '\0';
 		makelower(keybuf);
 		key.dptr = keybuf;
@@ -1063,6 +1150,8 @@ lockdbm:
 		int omode = bitset(map->map_mflags, MF_WRITABLE) ? O_RDWR
 								 : O_RDONLY;
 
+		if (fd >= 0 && !bitset(MF_LOCKED, map->map_mflags))
+			(void) lockfile(fd, map->map_file, ".dir", LOCK_UN);
 		map->map_class->map_close(map);
 		map->map_mflags &= ~(MF_OPEN|MF_WRITABLE);
 		if (map->map_class->map_open(map, omode))
@@ -1126,11 +1215,11 @@ ndbm_map_store(map, lhs, rhs)
 {
 	datum key;
 	datum data;
-	int stat;
+	int status;
 	char keybuf[MAXNAME + 1];
 
 	if (tTd(38, 12))
-		printf("ndbm_map_store(%s, %s, %s)\n",
+		dprintf("ndbm_map_store(%s, %s, %s)\n",
 			map->map_mname, lhs, rhs);
 
 	key.dsize = strlen(lhs);
@@ -1139,7 +1228,7 @@ ndbm_map_store(map, lhs, rhs)
 	{
 		if (key.dsize > sizeof keybuf - 1)
 			key.dsize = sizeof keybuf - 1;
-		bcopy(key.dptr, keybuf, key.dsize);
+		memmove(keybuf, key.dptr, key.dsize);
 		keybuf[key.dsize] = '\0';
 		makelower(keybuf);
 		key.dptr = keybuf;
@@ -1154,8 +1243,8 @@ ndbm_map_store(map, lhs, rhs)
 		data.dsize++;
 	}
 
-	stat = dbm_store((DBM *) map->map_db1, key, data, DBM_INSERT);
-	if (stat > 0)
+	status = dbm_store((DBM *) map->map_db1, key, data, DBM_INSERT);
+	if (status > 0)
 	{
 		if (!bitset(MF_APPEND, map->map_mflags))
 			message("050 Warning: duplicate alias name %s", lhs);
@@ -1183,13 +1272,15 @@ ndbm_map_store(map, lhs, rhs)
 				data.dsize = data.dsize + old.dsize + 1;
 				data.dptr = buf;
 				if (tTd(38, 9))
-					printf("ndbm_map_store append=%s\n", data.dptr);
+					dprintf("ndbm_map_store append=%s\n",
+						data.dptr);
 			}
 		}
-		stat = dbm_store((DBM *) map->map_db1, key, data, DBM_REPLACE);
+		status = dbm_store((DBM *) map->map_db1,
+				   key, data, DBM_REPLACE);
 	}
-	if (stat != 0)
-		syserr("readaliases: dbm put (%s)", lhs);
+	if (status != 0)
+		syserr("readaliases: dbm put (%s): %d", lhs, status);
 }
 
 
@@ -1202,12 +1293,12 @@ ndbm_map_close(map)
 	register MAP  *map;
 {
 	if (tTd(38, 9))
-		printf("ndbm_map_close(%s, %s, %lx)\n",
+		dprintf("ndbm_map_close(%s, %s, %lx)\n",
 			map->map_mname, map->map_file, map->map_mflags);
 
 	if (bitset(MF_WRITABLE, map->map_mflags))
 	{
-#ifdef NDBM_YP_COMPAT
+# ifdef NDBM_YP_COMPAT
 		bool inclnull;
 		char buf[MAXHOSTNAMELEN];
 
@@ -1231,7 +1322,7 @@ ndbm_map_close(map)
 
 		if (inclnull)
 			map->map_mflags |= MF_INCLNULL;
-#endif
+# endif /* NDBM_YP_COMPAT */
 
 		/* write out the distinguished alias */
 		ndbm_map_store(map, "@", "@");
@@ -1239,13 +1330,13 @@ ndbm_map_close(map)
 	dbm_close((DBM *) map->map_db1);
 
 	/* release lock (if needed) */
-#if !LOCK_ON_OPEN
+# if !LOCK_ON_OPEN
 	if (map->map_lockfd >= 0)
 		(void) close(map->map_lockfd);
-#endif
+# endif /* !LOCK_ON_OPEN */
 }
 
-#endif
+#endif /* NDBM */
 /*
 **  NEWDB (Hash and BTree) Modules
 */
@@ -1264,43 +1355,44 @@ ndbm_map_close(map)
 **	be pokey about it.  That's hard to do.
 */
 
-#if DB_VERSION_MAJOR < 2
-extern bool	db_map_open __P((MAP *, int, char *, DBTYPE, const void *));
-#else
-extern bool	db_map_open __P((MAP *, int, char *, DBTYPE, DB_INFO *));
-#endif
-
 /* these should be K line arguments */
-#if DB_VERSION_MAJOR < 2
-# define db_cachesize	cachesize
-# define h_nelem	nelem
-# ifndef DB_CACHE_SIZE
-#  define DB_CACHE_SIZE	(1024 * 1024)	/* database memory cache size */
-# endif
-# ifndef DB_HASH_NELEM
-#  define DB_HASH_NELEM	4096		/* (starting) size of hash table */
-# endif
-#endif
+# if DB_VERSION_MAJOR < 2
+#  define db_cachesize	cachesize
+#  define h_nelem	nelem
+#  ifndef DB_CACHE_SIZE
+#   define DB_CACHE_SIZE	(1024 * 1024)	/* database memory cache size */
+#  endif /* ! DB_CACHE_SIZE */
+#  ifndef DB_HASH_NELEM
+#   define DB_HASH_NELEM	4096		/* (starting) size of hash table */
+#  endif /* ! DB_HASH_NELEM */
+# endif /* DB_VERSION_MAJOR < 2 */
 
 bool
 bt_map_open(map, mode)
 	MAP *map;
 	int mode;
 {
-#if DB_VERSION_MAJOR < 2
+# if DB_VERSION_MAJOR < 2
 	BTREEINFO btinfo;
-#else
+# endif /* DB_VERSION_MAJOR < 2 */
+# if DB_VERSION_MAJOR == 2
 	DB_INFO btinfo;
-#endif
+# endif /* DB_VERSION_MAJOR == 2 */
+# if DB_VERSION_MAJOR > 2
+	void *btinfo = NULL;
+# endif /* DB_VERSION_MAJOR > 2 */
 
 	if (tTd(38, 2))
-		printf("bt_map_open(%s, %s, %d)\n",
+		dprintf("bt_map_open(%s, %s, %d)\n",
 			map->map_mname, map->map_file, mode);
 
-	bzero(&btinfo, sizeof btinfo);
-#ifdef DB_CACHE_SIZE
+# if DB_VERSION_MAJOR < 3
+	memset(&btinfo, '\0', sizeof btinfo);
+#  ifdef DB_CACHE_SIZE
 	btinfo.db_cachesize = DB_CACHE_SIZE;
-#endif
+#  endif /* DB_CACHE_SIZE */
+# endif /* DB_VERSION_MAJOR < 3 */
+
 	return db_map_open(map, mode, "btree", DB_BTREE, &btinfo);
 }
 
@@ -1309,53 +1401,64 @@ hash_map_open(map, mode)
 	MAP *map;
 	int mode;
 {
-#if DB_VERSION_MAJOR < 2
+# if DB_VERSION_MAJOR < 2
 	HASHINFO hinfo;
-#else
+# endif /* DB_VERSION_MAJOR < 2 */
+# if DB_VERSION_MAJOR == 2
 	DB_INFO hinfo;
-#endif
+# endif /* DB_VERSION_MAJOR == 2 */
+# if DB_VERSION_MAJOR > 2
+	void *hinfo = NULL;
+# endif /* DB_VERSION_MAJOR > 2 */
 
 	if (tTd(38, 2))
-		printf("hash_map_open(%s, %s, %d)\n",
+		dprintf("hash_map_open(%s, %s, %d)\n",
 			map->map_mname, map->map_file, mode);
 
-	bzero(&hinfo, sizeof hinfo);
-#ifdef DB_HASH_NELEM
+# if DB_VERSION_MAJOR < 3
+	memset(&hinfo, '\0', sizeof hinfo);
+#  ifdef DB_HASH_NELEM
 	hinfo.h_nelem = DB_HASH_NELEM;
-#endif
-#ifdef DB_CACHE_SIZE
+#  endif /* DB_HASH_NELEM */
+#  ifdef DB_CACHE_SIZE
 	hinfo.db_cachesize = DB_CACHE_SIZE;
-#endif
+#  endif /* DB_CACHE_SIZE */
+# endif /* DB_VERSION_MAJOR < 3 */
+
 	return db_map_open(map, mode, "hash", DB_HASH, &hinfo);
 }
 
-bool
+static bool
 db_map_open(map, mode, mapclassname, dbtype, openinfo)
 	MAP *map;
 	int mode;
 	char *mapclassname;
 	DBTYPE dbtype;
-#if DB_VERSION_MAJOR < 2
+# if DB_VERSION_MAJOR < 2
 	const void *openinfo;
-#else
+# endif /* DB_VERSION_MAJOR < 2 */
+# if DB_VERSION_MAJOR == 2
 	DB_INFO *openinfo;
-#endif
+# endif /* DB_VERSION_MAJOR == 2 */
+# if DB_VERSION_MAJOR > 2
+	void **openinfo;
+# endif /* DB_VERSION_MAJOR > 2 */
 {
 	DB *db = NULL;
 	int i;
 	int omode;
 	int smode = S_IREAD;
 	int fd;
-	int sff;
-	int saveerrno;
+	long sff;
+	int save_errno;
 	struct stat st;
 	char buf[MAXNAME + 1];
 
 	/* do initial file and directory checks */
-	snprintf(buf, sizeof buf - 3, "%s", map->map_file);
+	(void) strlcpy(buf, map->map_file, sizeof buf - 3);
 	i = strlen(buf);
 	if (i < 3 || strcmp(&buf[i - 3], ".db") != 0)
-		(void) strcat(buf, ".db");
+		(void) strlcat(buf, ".db", sizeof buf);
 
 	mode &= O_ACCMODE;
 	omode = mode;
@@ -1364,20 +1467,22 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
 	if (mode == O_RDWR)
 	{
 		sff |= SFF_CREAT;
-		if (!bitset(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail))
+		if (!bitnset(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail))
 			sff |= SFF_NOSLINK;
-		if (!bitset(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail))
+		if (!bitnset(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail))
 			sff |= SFF_NOHLINK;
 		smode = S_IWRITE;
 	}
 	else
 	{
-		if (!bitset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail))
+		if (!bitnset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail))
 			sff |= SFF_NOWLINK;
 	}
-	if (!bitset(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail))
+	if (!bitnset(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail))
 		sff |= SFF_SAFEDIRPATH;
 	i = safefile(buf, RunAsUid, RunAsGid, RunAsUserName, sff, smode, &st);
+
+# if !_FFR_REMOVE_AUTOREBUILD
 	if (i == ENOENT && AutoRebuild &&
 	    bitset(MCF_REBUILDABLE, map->map_class->map_cflags) &&
 	    (bitset(MF_IMPL_HASH, map->map_mflags) ||
@@ -1385,7 +1490,6 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
 	    mode == O_RDONLY)
 	{
 		bool impl = bitset(MF_IMPL_HASH, map->map_mflags);
-		extern bool impl_map_open __P((MAP *, int));
 
 		/* may be able to rebuild */
 		map->map_mflags &= ~MF_IMPL_HASH;
@@ -1397,6 +1501,7 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
 			return db_map_open(map, O_RDONLY, mapclassname,
 					   dbtype, openinfo);
 	}
+# endif /* !_FFR_REMOVE_AUTOREBUILD */
 
 	if (i != 0)
 	{
@@ -1406,7 +1511,7 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
 		if (i == ENOENT)
 			prob = "missing";
 		if (tTd(38, 2))
-			printf("\t%s map file: %s\n", prob, errstring(i));
+			dprintf("\t%s map file: %s\n", prob, errstring(i));
 		errno = i;
 		if (!bitset(MF_OPTIONAL, map->map_mflags))
 			syserr("%s map \"%s\": %s map file %s",
@@ -1418,12 +1523,12 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
 
 	map->map_lockfd = -1;
 
-#if LOCK_ON_OPEN
+# if LOCK_ON_OPEN
 	if (mode == O_RDWR)
 		omode |= O_TRUNC|O_EXLOCK;
 	else
 		omode |= O_SHLOCK;
-#else
+# else /* LOCK_ON_OPEN */
 	/*
 	**  Pre-lock the file to avoid race conditions.  In particular,
 	**  since dbopen returns NULL if the file is zero length, we
@@ -1441,8 +1546,7 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
 	/* make sure no baddies slipped in just before the open... */
 	if (filechanged(buf, fd, &st))
 	{
-		int save_errno = errno;
-
+		save_errno = errno;
 		(void) close(fd);
 		errno = save_errno;
 		syserr("db_map_open(%s): file changed after pre-open", buf);
@@ -1452,8 +1556,7 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
 	/* if new file, get the "before" bits for later filechanged check */
 	if (st.st_mode == ST_MODE_NOFILE && fstat(fd, &st) < 0)
 	{
-		int save_errno = errno;
-
+		save_errno = errno;
 		(void) close(fd);
 		errno = save_errno;
 		syserr("db_map_open(%s): cannot fstat pre-opened file",
@@ -1469,13 +1572,16 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
 	if (mode == O_RDWR)
 		omode |= O_TRUNC;
 	omode &= ~(O_EXCL|O_CREAT);
-#endif
+# endif /* LOCK_ON_OPEN */
 
-#if DB_VERSION_MAJOR < 2
+# if DB_VERSION_MAJOR < 2
 	db = dbopen(buf, omode, DBMMODE, dbtype, openinfo);
-#else
+# else /* DB_VERSION_MAJOR < 2 */
 	{
 		int flags = 0;
+#  if DB_VERSION_MAJOR > 2
+		int ret;
+#  endif /* DB_VERSION_MAJOR > 2 */
 
 		if (mode == O_RDONLY)
 			flags |= DB_RDONLY;
@@ -1484,54 +1590,93 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
 		if (bitset(O_TRUNC, omode))
 			flags |= DB_TRUNCATE;
 
+#  if !HASFLOCK && defined(DB_FCNTL_LOCKING)
+		flags |= DB_FCNTL_LOCKING;
+#  endif /* !HASFLOCK && defined(DB_FCNTL_LOCKING) */
+
+#  if DB_VERSION_MAJOR > 2
+		ret = db_create(&db, NULL, 0);
+#  ifdef DB_CACHE_SIZE
+		if (ret == 0 && db != NULL)
+		{
+			ret = db->set_cachesize(db, 0, DB_CACHE_SIZE, 0);
+			if (ret != 0)
+			{
+				(void) db->close(db, 0);
+				db = NULL;
+			}
+		}
+#  endif /* DB_CACHE_SIZE */
+#  ifdef DB_HASH_NELEM
+		if (dbtype == DB_HASH && ret == 0 && db != NULL)
+		{
+			ret = db->set_h_nelem(db, DB_HASH_NELEM);
+			if (ret != 0)
+			{
+				(void) db->close(db, 0);
+				db = NULL;
+			}
+		}
+#  endif /* DB_HASH_NELEM */
+		if (ret == 0 && db != NULL)
+		{
+			ret = db->open(db, buf, NULL, dbtype, flags, DBMMODE);
+			if (ret != 0)
+			{
+				(void) db->close(db, 0);
+				db = NULL;
+			}
+		}
+		errno = ret;
+#  else /* DB_VERSION_MAJOR > 2 */
 		errno = db_open(buf, dbtype, flags, DBMMODE,
 				NULL, openinfo, &db);
+#  endif /* DB_VERSION_MAJOR > 2 */
 	}
-#endif
-	saveerrno = errno;
+# endif /* DB_VERSION_MAJOR < 2 */
+	save_errno = errno;
 
-#if !LOCK_ON_OPEN
+# if !LOCK_ON_OPEN
 	if (mode == O_RDWR)
 		map->map_lockfd = fd;
 	else
 		(void) close(fd);
-#endif
+# endif /* !LOCK_ON_OPEN */
 
 	if (db == NULL)
 	{
 		if (mode == O_RDONLY && bitset(MF_ALIAS, map->map_mflags) &&
 		    aliaswait(map, ".db", FALSE))
 			return TRUE;
-#if !LOCK_ON_OPEN
+# if !LOCK_ON_OPEN
 		if (map->map_lockfd >= 0)
 			(void) close(map->map_lockfd);
-#endif
-		errno = saveerrno;
+# endif /* !LOCK_ON_OPEN */
+		errno = save_errno;
 		if (!bitset(MF_OPTIONAL, map->map_mflags))
 			syserr("Cannot open %s database %s",
 				mapclassname, buf);
 		return FALSE;
 	}
 
-#if DB_VERSION_MAJOR < 2
+# if DB_VERSION_MAJOR < 2
 	fd = db->fd(db);
-#else
+# else /* DB_VERSION_MAJOR < 2 */
 	fd = -1;
 	errno = db->fd(db, &fd);
-#endif
+# endif /* DB_VERSION_MAJOR < 2 */
 	if (filechanged(buf, fd, &st))
 	{
-		int save_errno = errno;
-
-#if DB_VERSION_MAJOR < 2
-		db->close(db);
-#else
+		save_errno = errno;
+# if DB_VERSION_MAJOR < 2
+		(void) db->close(db);
+# else /* DB_VERSION_MAJOR < 2 */
 		errno = db->close(db, 0);
-#endif
-#if !LOCK_ON_OPEN
+# endif /* DB_VERSION_MAJOR < 2 */
+# if !LOCK_ON_OPEN
 		if (map->map_lockfd >= 0)
-			close(map->map_lockfd);
-#endif
+			(void) close(map->map_lockfd);
+# endif /* !LOCK_ON_OPEN */
 		errno = save_errno;
 		syserr("db_map_open(%s): file changed after open", buf);
 		return FALSE;
@@ -1539,20 +1684,20 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
 
 	if (mode == O_RDWR)
 		map->map_mflags |= MF_LOCKED;
-#if LOCK_ON_OPEN
+# if LOCK_ON_OPEN
 	if (fd >= 0 && mode == O_RDONLY)
 	{
 		(void) lockfile(fd, buf, NULL, LOCK_UN);
 	}
-#endif
+# endif /* LOCK_ON_OPEN */
 
 	/* try to make sure that at least the database header is on disk */
 	if (mode == O_RDWR)
 	{
 		(void) db->sync(db, 0);
-#if _FFR_TRUSTED_USER
 		if (geteuid() == 0 && TrustedUid != 0)
 		{
+#  if HASFCHOWN
 			if (fchown(fd, TrustedUid, -1) < 0)
 			{
 				int err = errno;
@@ -1563,14 +1708,21 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
 				message("050 ownership change on %s failed: %s",
 					buf, errstring(err));
 			}
+#  endif /* HASFCHOWN */
 		}
-#endif
 	}
 
+	map->map_db2 = (ARBPTR_T) db;
+
+	/*
+	**  Need to set map_mtime before the call to aliaswait()
+	**  as aliaswait() will call map_lookup() which requires
+	**  map_mtime to be set
+	*/
+
 	if (fd >= 0 && fstat(fd, &st) >= 0)
 		map->map_mtime = st.st_mtime;
 
-	map->map_db2 = (ARBPTR_T) db;
 	if (mode == O_RDONLY && bitset(MF_ALIAS, map->map_mflags) &&
 	    !aliaswait(map, ".db", TRUE))
 		return FALSE;
@@ -1593,24 +1745,23 @@ db_map_lookup(map, name, av, statp)
 	register DB *db = (DB *) map->map_db2;
 	int i;
 	int st;
-	int saveerrno;
+	int save_errno;
 	int fd;
 	struct stat stbuf;
 	char keybuf[MAXNAME + 1];
 	char buf[MAXNAME + 1];
 
-	bzero(&key, sizeof key);
-	bzero(&val, sizeof val);
+	memset(&key, '\0', sizeof key);
+	memset(&val, '\0', sizeof val);
 
 	if (tTd(38, 20))
-		printf("db_map_lookup(%s, %s)\n",
+		dprintf("db_map_lookup(%s, %s)\n",
 			map->map_mname, name);
 
 	i = strlen(map->map_file);
 	if (i > MAXNAME)
 		i = MAXNAME;
-	strncpy(buf, map->map_file, i);
-	buf[i] = '\0';
+	(void) strlcpy(buf, map->map_file, i + 1);
 	if (i > 3 && strcmp(&buf[i - 3], ".db") == 0)
 		buf[i - 3] = '\0';
 
@@ -1618,17 +1769,17 @@ db_map_lookup(map, name, av, statp)
 	if (key.size > sizeof keybuf - 1)
 		key.size = sizeof keybuf - 1;
 	key.data = keybuf;
-	bcopy(name, keybuf, key.size);
+	memmove(keybuf, name, key.size);
 	keybuf[key.size] = '\0';
 	if (!bitset(MF_NOFOLDCASE, map->map_mflags))
 		makelower(keybuf);
   lockdb:
-#if DB_VERSION_MAJOR < 2
+# if DB_VERSION_MAJOR < 2
 	fd = db->fd(db);
-#else
+# else /* DB_VERSION_MAJOR < 2 */
 	fd = -1;
 	errno = db->fd(db, &fd);
-#endif
+# endif /* DB_VERSION_MAJOR < 2 */
 	if (fd >= 0 && !bitset(MF_LOCKED, map->map_mflags))
 		(void) lockfile(fd, buf, ".db", LOCK_SH);
 	if (fd < 0 || fstat(fd, &stbuf) < 0 || stbuf.st_mtime > map->map_mtime)
@@ -1637,6 +1788,8 @@ db_map_lookup(map, name, av, statp)
 		int omode = bitset(map->map_mflags, MF_WRITABLE) ? O_RDWR
 								 : O_RDONLY;
 
+		if (fd >= 0 && !bitset(MF_LOCKED, map->map_mflags))
+			(void) lockfile(fd, buf, ".db", LOCK_UN);
 		map->map_class->map_close(map);
 		map->map_mflags &= ~(MF_OPEN|MF_WRITABLE);
 		if (map->map_class->map_open(map, omode))
@@ -1668,9 +1821,9 @@ db_map_lookup(map, name, av, statp)
 	st = 1;
 	if (bitset(MF_TRY0NULL, map->map_mflags))
 	{
-#if DB_VERSION_MAJOR < 2
+# if DB_VERSION_MAJOR < 2
 		st = db->get(db, &key, &val, 0);
-#else
+# else /* DB_VERSION_MAJOR < 2 */
 		errno = db->get(db, NULL, &key, &val, 0);
 		switch (errno)
 		{
@@ -1687,16 +1840,16 @@ db_map_lookup(map, name, av, statp)
 			st = -1;
 			break;
 		}
-#endif
+# endif /* DB_VERSION_MAJOR < 2 */
 		if (st == 0)
 			map->map_mflags &= ~MF_TRY1NULL;
 	}
 	if (st != 0 && bitset(MF_TRY1NULL, map->map_mflags))
 	{
 		key.size++;
-#if DB_VERSION_MAJOR < 2
+# if DB_VERSION_MAJOR < 2
 		st = db->get(db, &key, &val, 0);
-#else
+# else /* DB_VERSION_MAJOR < 2 */
 		errno = db->get(db, NULL, &key, &val, 0);
 		switch (errno)
 		{
@@ -1713,16 +1866,16 @@ db_map_lookup(map, name, av, statp)
 			st = -1;
 			break;
 		}
-#endif
+# endif /* DB_VERSION_MAJOR < 2 */
 		if (st == 0)
 			map->map_mflags &= ~MF_TRY0NULL;
 	}
-	saveerrno = errno;
+	save_errno = errno;
 	if (fd >= 0 && !bitset(MF_LOCKED, map->map_mflags))
 		(void) lockfile(fd, buf, ".db", LOCK_UN);
 	if (st != 0)
 	{
-		errno = saveerrno;
+		errno = save_errno;
 		if (st < 0)
 			syserr("db_map_lookup: get (%s)", name);
 		return NULL;
@@ -1744,17 +1897,17 @@ db_map_store(map, lhs, rhs)
 	char *lhs;
 	char *rhs;
 {
-	int stat;
+	int status;
 	DBT key;
 	DBT data;
 	register DB *db = map->map_db2;
 	char keybuf[MAXNAME + 1];
 
-	bzero(&key, sizeof key);
-	bzero(&data, sizeof data);
+	memset(&key, '\0', sizeof key);
+	memset(&data, '\0', sizeof data);
 
 	if (tTd(38, 12))
-		printf("db_map_store(%s, %s, %s)\n",
+		dprintf("db_map_store(%s, %s, %s)\n",
 			map->map_mname, lhs, rhs);
 
 	key.size = strlen(lhs);
@@ -1763,7 +1916,7 @@ db_map_store(map, lhs, rhs)
 	{
 		if (key.size > sizeof keybuf - 1)
 			key.size = sizeof keybuf - 1;
-		bcopy(key.data, keybuf, key.size);
+		memmove(keybuf, key.data, key.size);
 		keybuf[key.size] = '\0';
 		makelower(keybuf);
 		key.data = keybuf;
@@ -1778,26 +1931,26 @@ db_map_store(map, lhs, rhs)
 		data.size++;
 	}
 
-#if DB_VERSION_MAJOR < 2
-	stat = db->put(db, &key, &data, R_NOOVERWRITE);
-#else
+# if DB_VERSION_MAJOR < 2
+	status = db->put(db, &key, &data, R_NOOVERWRITE);
+# else /* DB_VERSION_MAJOR < 2 */
 	errno = db->put(db, NULL, &key, &data, DB_NOOVERWRITE);
 	switch (errno)
 	{
 	  case DB_KEYEXIST:
-		stat = 1;
+		status = 1;
 		break;
 
 	  case 0:
-		stat = 0;
+		status = 0;
 		break;
 
 	  default:
-		stat = -1;
+		status = -1;
 		break;
 	}
-#endif
-	if (stat > 0)
+# endif /* DB_VERSION_MAJOR < 2 */
+	if (status > 0)
 	{
 		if (!bitset(MF_APPEND, map->map_mflags))
 			message("050 Warning: duplicate alias name %s", lhs);
@@ -1807,14 +1960,14 @@ db_map_store(map, lhs, rhs)
 			static int bufsiz = 0;
 			DBT old;
 
-			bzero(&old, sizeof old);
+			memset(&old, '\0', sizeof old);
 
-			old.data = db_map_lookup(map, key.data, 
-						 (char **)NULL, &stat);
+			old.data = db_map_lookup(map, key.data,
+						 (char **)NULL, &status);
 			if (old.data != NULL)
 			{
 				old.size = strlen(old.data);
-				if (data.size + old.size + 2 > bufsiz)
+				if (data.size + old.size + 2 > (size_t)bufsiz)
 				{
 					if (buf != NULL)
 						(void) free(buf);
@@ -1826,17 +1979,17 @@ db_map_store(map, lhs, rhs)
 				data.size = data.size + old.size + 1;
 				data.data = buf;
 				if (tTd(38, 9))
-					printf("db_map_store append=%s\n",
-					       (char *) data.data);
+					dprintf("db_map_store append=%s\n",
+						(char *) data.data);
 			}
 		}
-#if DB_VERSION_MAJOR < 2
-		stat = db->put(db, &key, &data, 0);
-#else
-		stat = errno = db->put(db, NULL, &key, &data, 0);
-#endif
+# if DB_VERSION_MAJOR < 2
+		status = db->put(db, &key, &data, 0);
+# else /* DB_VERSION_MAJOR < 2 */
+		status = errno = db->put(db, NULL, &key, &data, 0);
+# endif /* DB_VERSION_MAJOR < 2 */
 	}
-	if (stat != 0)
+	if (status != 0)
 		syserr("readaliases: db put (%s)", lhs);
 }
 
@@ -1852,7 +2005,7 @@ db_map_close(map)
 	register DB *db = map->map_db2;
 
 	if (tTd(38, 9))
-		printf("db_map_close(%s, %s, %lx)\n",
+		dprintf("db_map_close(%s, %s, %lx)\n",
 			map->map_mname, map->map_file, map->map_mflags);
 
 	if (bitset(MF_WRITABLE, map->map_mflags))
@@ -1863,14 +2016,14 @@ db_map_close(map)
 
 	(void) db->sync(db, 0);
 
-#if !LOCK_ON_OPEN
+# if !LOCK_ON_OPEN
 	if (map->map_lockfd >= 0)
 		(void) close(map->map_lockfd);
-#endif
+# endif /* !LOCK_ON_OPEN */
 
-#if DB_VERSION_MAJOR < 2
+# if DB_VERSION_MAJOR < 2
 	if (db->close(db) != 0)
-#else
+# else /* DB_VERSION_MAJOR < 2 */
 	/*
 	**  Berkeley DB can use internal shared memory
 	**  locking for its memory pool.  Closing a map
@@ -1895,21 +2048,20 @@ db_map_close(map)
 	}
 
 	if ((errno = db->close(db, 0)) != 0)
-#endif
+# endif /* DB_VERSION_MAJOR < 2 */
 		syserr("db_map_close(%s, %s, %lx): db close failure",
 			map->map_mname, map->map_file, map->map_mflags);
 }
-
-#endif
+#endif /* NEWDB */
 /*
 **  NIS Modules
 */
 
-# ifdef NIS
+#ifdef NIS
 
 # ifndef YPERR_BUSY
 #  define YPERR_BUSY	16
-# endif
+# endif /* ! YPERR_BUSY */
 
 /*
 **  NIS_MAP_OPEN -- open DBM map
@@ -1926,22 +2078,22 @@ nis_map_open(map, mode)
 	auto int vsize;
 
 	if (tTd(38, 2))
-		printf("nis_map_open(%s, %s, %d)\n",
+		dprintf("nis_map_open(%s, %s, %d)\n",
 			map->map_mname, map->map_file, mode);
 
 	mode &= O_ACCMODE;
 	if (mode != O_RDONLY)
 	{
 		/* issue a pseudo-error message */
-#ifdef ENOSYS
+# ifdef ENOSYS
 		errno = ENOSYS;
-#else
-# ifdef EFTYPE
+# else /* ENOSYS */
+#  ifdef EFTYPE
 		errno = EFTYPE;
-# else
+#  else /* EFTYPE */
 		errno = ENXIO;
-# endif
-#endif
+#  endif /* EFTYPE */
+# endif /* ENOSYS */
 		return FALSE;
 	}
 
@@ -1962,18 +2114,22 @@ nis_map_open(map, mode)
 		if (yperr != 0)
 		{
 			if (!bitset(MF_OPTIONAL, map->map_mflags))
-				syserr("421 NIS map %s specified, but NIS not running",
-					map->map_file);
+				syserr("421 4.3.5 NIS map %s specified, but NIS not running",
+				       map->map_file);
 			return FALSE;
 		}
 	}
 
 	/* check to see if this map actually exists */
+	vp = NULL;
 	yperr = yp_match(map->map_domain, map->map_file, "@", 1,
 			&vp, &vsize);
 	if (tTd(38, 10))
-		printf("nis_map_open: yp_match(@, %s, %s) => %s\n",
+		dprintf("nis_map_open: yp_match(@, %s, %s) => %s\n",
 			map->map_domain, map->map_file, yperr_string(yperr));
+	if (vp != NULL)
+		free(vp);
+
 	if (yperr == 0 || yperr == YPERR_KEY || yperr == YPERR_BUSY)
 	{
 		/*
@@ -1983,16 +2139,16 @@ nis_map_open(map, mode)
 		**  is rebuilt, so aliaswait() just hangs.  I hate HP-UX.
 		*/
 
-#if 0
+# if 0
 		if (!bitset(MF_ALIAS, map->map_mflags) ||
 		    aliaswait(map, NULL, TRUE))
-#endif
+# endif /* 0 */
 			return TRUE;
 	}
 
 	if (!bitset(MF_OPTIONAL, map->map_mflags))
 	{
-		syserr("421 Cannot bind to map %s in domain %s: %s",
+		syserr("421 4.0.0 Cannot bind to map %s in domain %s: %s",
 			map->map_file, map->map_domain, yperr_string(yperr));
 	}
 
@@ -2019,17 +2175,18 @@ nis_map_lookup(map, name, av, statp)
 	char keybuf[MAXNAME + 1];
 
 	if (tTd(38, 20))
-		printf("nis_map_lookup(%s, %s)\n",
+		dprintf("nis_map_lookup(%s, %s)\n",
 			map->map_mname, name);
 
 	buflen = strlen(name);
 	if (buflen > sizeof keybuf - 1)
 		buflen = sizeof keybuf - 1;
-	bcopy(name, keybuf, buflen);
+	memmove(keybuf, name, buflen);
 	keybuf[buflen] = '\0';
 	if (!bitset(MF_NOFOLDCASE, map->map_mflags))
 		makelower(keybuf);
 	yperr = YPERR_KEY;
+	vp = NULL;
 	if (bitset(MF_TRY0NULL, map->map_mflags))
 	{
 		yperr = yp_match(map->map_domain, map->map_file, keybuf, buflen,
@@ -2039,6 +2196,11 @@ nis_map_lookup(map, name, av, statp)
 	}
 	if (yperr == YPERR_KEY && bitset(MF_TRY1NULL, map->map_mflags))
 	{
+		if (vp != NULL)
+		{
+			free(vp);
+			vp = NULL;
+		}
 		buflen++;
 		yperr = yp_match(map->map_domain, map->map_file, keybuf, buflen,
 			     &vp, &vsize);
@@ -2049,12 +2211,21 @@ nis_map_lookup(map, name, av, statp)
 	{
 		if (yperr != YPERR_KEY && yperr != YPERR_BUSY)
 			map->map_mflags &= ~(MF_VALID|MF_OPEN);
+		if (vp != NULL)
+			free(vp);
 		return NULL;
 	}
 	if (bitset(MF_MATCHONLY, map->map_mflags))
 		return map_rewrite(map, name, strlen(name), NULL);
 	else
-		return map_rewrite(map, vp, vsize, av);
+	{
+		char *ret;
+
+		ret = map_rewrite(map, vp, vsize, av);
+		if (vp != NULL)
+			free(vp);
+		return ret;
+	}
 }
 
 
@@ -2062,7 +2233,7 @@ nis_map_lookup(map, name, av, statp)
 **  NIS_GETCANONNAME -- look up canonical name in NIS
 */
 
-bool
+static bool
 nis_getcanonname(name, hbsize, statp)
 	char *name;
 	int hbsize;
@@ -2080,21 +2251,21 @@ nis_getcanonname(name, hbsize, statp)
 	char nbuf[MAXNAME + 1];
 
 	if (tTd(38, 20))
-		printf("nis_getcanonname(%s)\n", name);
+		dprintf("nis_getcanonname(%s)\n", name);
 
-	if (strlen(name) >= sizeof nbuf)
+	if (strlcpy(nbuf, name, sizeof nbuf) >= sizeof nbuf)
 	{
 		*statp = EX_UNAVAILABLE;
 		return FALSE;
 	}
-	(void) strcpy(nbuf, name);
 	shorten_hostname(nbuf);
 	keylen = strlen(nbuf);
 
 	if (yp_domain == NULL)
-		yp_get_default_domain(&yp_domain);
+		(void) yp_get_default_domain(&yp_domain);
 	makelower(nbuf);
 	yperr = YPERR_KEY;
+	vp = NULL;
 	if (try0null)
 	{
 		yperr = yp_match(yp_domain, "hosts.byname", nbuf, keylen,
@@ -2104,6 +2275,11 @@ nis_getcanonname(name, hbsize, statp)
 	}
 	if (yperr == YPERR_KEY && try1null)
 	{
+		if (vp != NULL)
+		{
+			free(vp);
+			vp = NULL;
+		}
 		keylen++;
 		yperr = yp_match(yp_domain, "hosts.byname", nbuf, keylen,
 			     &vp, &vsize);
@@ -2118,14 +2294,14 @@ nis_getcanonname(name, hbsize, statp)
 			*statp = EX_TEMPFAIL;
 		else
 			*statp = EX_UNAVAILABLE;
+		if (vp != NULL)
+			free(vp);
 		return FALSE;
 	}
-	if (vsize >= sizeof host_record)
-		vsize = sizeof host_record - 1;
-	strncpy(host_record, vp, vsize);
-	host_record[vsize] = '\0';
+	(void) strlcpy(host_record, vp, sizeof host_record);
+	free(vp);
 	if (tTd(38, 44))
-		printf("got record `%s'\n", host_record);
+		dprintf("got record `%s'\n", host_record);
 	if (!extract_canonname(nbuf, host_record, cbuf, sizeof cbuf))
 	{
 		/* this should not happen, but.... */
@@ -2137,12 +2313,12 @@ nis_getcanonname(name, hbsize, statp)
 		*statp = EX_UNAVAILABLE;
 		return FALSE;
 	}
-	strcpy(name, cbuf);
+	(void) strlcpy(name, cbuf, hbsize);
 	*statp = EX_OK;
 	return TRUE;
 }
 
-#endif
+#endif /* NIS */
 /*
 **  NISPLUS Modules
 **
@@ -2151,15 +2327,15 @@ nis_getcanonname(name, hbsize, statp)
 
 #ifdef NISPLUS
 
-#undef NIS		/* symbol conflict in nis.h */
-#undef T_UNSPEC		/* symbol conflict in nis.h -> ... -> sys/tiuser.h */
-#include <rpcsvc/nis.h>
-#include <rpcsvc/nislib.h>
+# undef NIS		/* symbol conflict in nis.h */
+# undef T_UNSPEC	/* symbol conflict in nis.h -> ... -> sys/tiuser.h */
+# include <rpcsvc/nis.h>
+# include <rpcsvc/nislib.h>
 
-#define EN_col(col)	zo_data.objdata_u.en_data.en_cols.en_cols_val[(col)].ec_value.ec_value_val
-#define COL_NAME(res,i)	((res->objects.objects_val)->TA_data.ta_cols.ta_cols_val)[i].tc_name
-#define COL_MAX(res)	((res->objects.objects_val)->TA_data.ta_cols.ta_cols_len)
-#define PARTIAL_NAME(x)	((x)[strlen(x) - 1] != '.')
+# define EN_col(col)	zo_data.objdata_u.en_data.en_cols.en_cols_val[(col)].ec_value.ec_value_val
+# define COL_NAME(res,i)	((res->objects.objects_val)->TA_data.ta_cols.ta_cols_val)[i].tc_name
+# define COL_MAX(res)	((res->objects.objects_val)->TA_data.ta_cols.ta_cols_len)
+# define PARTIAL_NAME(x)	((x)[strlen(x) - 1] != '.')
 
 /*
 **  NISPLUS_MAP_OPEN -- open nisplus table
@@ -2175,7 +2351,7 @@ nisplus_map_open(map, mode)
 	char qbuf[MAXLINE + NIS_MAXNAMELEN];
 
 	if (tTd(38, 2))
-		printf("nisplus_map_open(%s, %s, %d)\n",
+		dprintf("nisplus_map_open(%s, %s, %d)\n",
 			map->map_mname, map->map_file, mode);
 
 	mode &= O_ACCMODE;
@@ -2191,12 +2367,10 @@ nisplus_map_open(map, mode)
 	if (PARTIAL_NAME(map->map_file) && map->map_domain == NULL)
 	{
 		/* set default NISPLUS Domain to $m */
-		extern char *nisplus_default_domain __P((void));
-
 		map->map_domain = newstr(nisplus_default_domain());
 		if (tTd(38, 2))
-			printf("nisplus_map_open(%s): using domain %s\n",
-				 map->map_file, map->map_domain);
+			dprintf("nisplus_map_open(%s): using domain %s\n",
+				map->map_file, map->map_domain);
 	}
 	if (!PARTIAL_NAME(map->map_file))
 	{
@@ -2232,12 +2406,12 @@ nisplus_map_open(map, mode)
 			break;
 
 		  default:		/* all other nisplus errors */
-#if 0
+# if 0
 			if (!bitset(MF_OPTIONAL, map->map_mflags))
-				syserr("421 Cannot find table %s.%s: %s",
+				syserr("421 4.0.0 Cannot find table %s.%s: %s",
 					map->map_file, map->map_domain,
 					nis_sperrno(res->status));
-#endif
+# endif /* 0 */
 			errno = EAGAIN;
 			return FALSE;
 		}
@@ -2247,13 +2421,13 @@ nisplus_map_open(map, mode)
 	    (NIS_RES_OBJECT(res)->zo_data.zo_type != TABLE_OBJ))
 	{
 		if (tTd(38, 10))
-			printf("nisplus_map_open: %s is not a table\n", qbuf);
-#if 0
+			dprintf("nisplus_map_open: %s is not a table\n", qbuf);
+# if 0
 		if (!bitset(MF_OPTIONAL, map->map_mflags))
-			syserr("421 %s.%s: %s is not a table",
+			syserr("421 4.0.0 %s.%s: %s is not a table",
 				map->map_file, map->map_domain,
 				nis_sperrno(res->status));
-#endif
+# endif /* 0 */
 		errno = EBADF;
 		return FALSE;
 	}
@@ -2264,15 +2438,15 @@ nisplus_map_open(map, mode)
 	max_col = COL_MAX(res);
 
 	/* verify the key column exist */
-	for (i=0; i< max_col; i++)
+	for (i = 0; i< max_col; i++)
 	{
-		if (!strcmp(map->map_keycolnm, COL_NAME(res,i)))
+		if (strcmp(map->map_keycolnm, COL_NAME(res,i)) == 0)
 			break;
 	}
 	if (i == max_col)
 	{
 		if (tTd(38, 2))
-			printf("nisplus_map_open(%s): can not find key column %s\n",
+			dprintf("nisplus_map_open(%s): can not find key column %s\n",
 				map->map_file, map->map_keycolnm);
 		errno = ENOENT;
 		return FALSE;
@@ -2285,7 +2459,7 @@ nisplus_map_open(map, mode)
 		return TRUE;
 	}
 
-	for (i=0; i< max_col; i++)
+	for (i = 0; i< max_col; i++)
 	{
 		if (strcmp(map->map_valcolnm, COL_NAME(res,i)) == 0)
 		{
@@ -2295,8 +2469,8 @@ nisplus_map_open(map, mode)
 	}
 
 	if (tTd(38, 2))
-		printf("nisplus_map_open(%s): can not find column %s\n",
-			 map->map_file, map->map_keycolnm);
+		dprintf("nisplus_map_open(%s): can not find column %s\n",
+			map->map_file, map->map_keycolnm);
 	errno = ENOENT;
 	return FALSE;
 }
@@ -2322,7 +2496,7 @@ nisplus_map_lookup(map, name, av, statp)
 	nis_result *result;
 
 	if (tTd(38, 20))
-		printf("nisplus_map_lookup(%s, %s)\n",
+		dprintf("nisplus_map_lookup(%s, %s)\n",
 			map->map_mname, name);
 
 	if (!bitset(MF_OPEN, map->map_mflags))
@@ -2364,7 +2538,7 @@ nisplus_map_lookup(map, name, av, statp)
 			/* double the quote */
 			*skp++ = '"';
 			skleft--;
-			/* fall through... */
+			/* FALLTHROUGH */
 
 		  default:
 			*skp++ = *p;
@@ -2386,7 +2560,7 @@ nisplus_map_lookup(map, name, av, statp)
 			map->map_keycolnm, search_key, map->map_file);
 
 	if (tTd(38, 20))
-		printf("qbuf=%s\n", qbuf);
+		dprintf("qbuf=%s\n", qbuf);
 	result = nis_list(qbuf, FOLLOW_LINKS | FOLLOW_PATH, NULL, NULL);
 	if (result->status == NIS_SUCCESS)
 	{
@@ -2397,12 +2571,12 @@ nisplus_map_lookup(map, name, av, statp)
 		{
 			if (LogLevel > 10)
 				sm_syslog(LOG_WARNING, CurEnv->e_id,
-				  "%s: lookup error, expected 1 entry, got %d",
-				    map->map_file, count);
+					  "%s: lookup error, expected 1 entry, got %d",
+					  map->map_file, count);
 
 			/* ignore second entry */
 			if (tTd(38, 20))
-				printf("nisplus_map_lookup(%s), got %d entries, additional entries ignored\n",
+				dprintf("nisplus_map_lookup(%s), got %d entries, additional entries ignored\n",
 					name, count);
 		}
 
@@ -2412,7 +2586,7 @@ nisplus_map_lookup(map, name, av, statp)
 			p = "";
 		vsize = strlen(p);
 		if (tTd(38, 20))
-			printf("nisplus_map_lookup(%s), found %s\n",
+			dprintf("nisplus_map_lookup(%s), found %s\n",
 				name, p);
 		if (bitset(MF_MATCHONLY, map->map_mflags))
 			str = map_rewrite(map, name, strlen(name), NULL);
@@ -2435,7 +2609,7 @@ nisplus_map_lookup(map, name, av, statp)
 		}
 	}
 	if (tTd(38, 20))
-		printf("nisplus_map_lookup(%s), failed\n", name);
+		dprintf("nisplus_map_lookup(%s), failed\n", name);
 	nis_freeresult(result);
 	return NULL;
 }
@@ -2446,7 +2620,7 @@ nisplus_map_lookup(map, name, av, statp)
 **  NISPLUS_GETCANONNAME -- look up canonical name in NIS+
 */
 
-bool
+static bool
 nisplus_getcanonname(name, hbsize, statp)
 	char *name;
 	int hbsize;
@@ -2464,7 +2638,7 @@ nisplus_getcanonname(name, hbsize, statp)
 		*statp = EX_UNAVAILABLE;
 		return FALSE;
 	}
-	(void) strcpy(nbuf, name);
+	(void) strlcpy(nbuf, name, sizeof nbuf);
 	shorten_hostname(nbuf);
 
 	p = strchr(nbuf, '.');
@@ -2487,8 +2661,8 @@ nisplus_getcanonname(name, hbsize, statp)
 	}
 
 	if (tTd(38, 20))
-		printf("\nnisplus_getcanoname(%s), qbuf=%s\n",
-			 name, qbuf);
+		dprintf("\nnisplus_getcanoname(%s), qbuf=%s\n",
+			name, qbuf);
 
 	result = nis_list(qbuf, EXPAND_NAME|FOLLOW_LINKS|FOLLOW_PATH,
 		NULL, NULL);
@@ -2502,24 +2676,24 @@ nisplus_getcanonname(name, hbsize, statp)
 		{
 			if (LogLevel > 10)
 				sm_syslog(LOG_WARNING, CurEnv->e_id,
-				       "nisplus_getcanonname: lookup error, expected 1 entry, got %d",
-				       count);
+					  "nisplus_getcanonname: lookup error, expected 1 entry, got %d",
+					  count);
 
 			/* ignore second entry */
 			if (tTd(38, 20))
-				printf("nisplus_getcanoname(%s), got %d entries, all but first ignored\n",
+				dprintf("nisplus_getcanoname(%s), got %d entries, all but first ignored\n",
 					name, count);
 		}
 
 		if (tTd(38, 20))
-			printf("nisplus_getcanoname(%s), found in directory \"%s\"\n",
-			       name, (NIS_RES_OBJECT(result))->zo_domain);
+			dprintf("nisplus_getcanoname(%s), found in directory \"%s\"\n",
+				name, (NIS_RES_OBJECT(result))->zo_domain);
 
 
 		vp = ((NIS_RES_OBJECT(result))->EN_col(0));
 		vsize = strlen(vp);
 		if (tTd(38, 20))
-			printf("nisplus_getcanonname(%s), found %s\n",
+			dprintf("nisplus_getcanonname(%s), found %s\n",
 				name, vp);
 		if (strchr(vp, '.') != NULL)
 		{
@@ -2534,7 +2708,7 @@ nisplus_getcanonname(name, hbsize, statp)
 		if (hbsize > vsize + (int) strlen(domain) + 1)
 		{
 			if (domain[0] == '\0')
-				strcpy(name, vp);
+				(void) strlcpy(name, vp, hbsize);
 			else
 				snprintf(name, hbsize, "%s.%s", vp, domain);
 			*statp = EX_OK;
@@ -2554,13 +2728,12 @@ nisplus_getcanonname(name, hbsize, statp)
 			*statp = EX_UNAVAILABLE;
 	}
 	if (tTd(38, 20))
-		printf("nisplus_getcanonname(%s), failed, status=%d, nsw_stat=%d\n",
+		dprintf("nisplus_getcanonname(%s), failed, status=%d, nsw_stat=%d\n",
 			name, result->status, *statp);
 	nis_freeresult(result);
 	return FALSE;
 }
 
-
 char *
 nisplus_default_domain()
 {
@@ -2568,7 +2741,7 @@ nisplus_default_domain()
 	char *p;
 
 	if (default_domain[0] != '\0')
-		return(default_domain);
+		return default_domain;
 
 	p = nis_local_directory();
 	snprintf(default_domain, sizeof default_domain, "%s", p);
@@ -2578,191 +2751,314 @@ nisplus_default_domain()
 #endif /* NISPLUS */
 /*
 **  LDAP Modules
-**
-**	Contributed by Booker C. Bense <bbense@networking.stanford.edu>.
-**	Get your support from him.
 */
 
-#ifdef LDAPMAP
+/*
+**  LDAPMAP_DEQUOTE - helper routine for ldapmap_parseargs
+*/
+
+#if defined(LDAPMAP) || defined(PH_MAP)
+
+# ifdef PH_MAP
+#  define ph_map_dequote ldapmap_dequote
+# endif /* PH_MAP */
+
+char *
+ldapmap_dequote(str)
+	char *str;
+{
+	char *p;
+	char *start;
+
+	if (str == NULL)
+		return NULL;
+
+	p = str;
+	if (*p == '"')
+	{
+		/* Should probably swallow initial whitespace here */
+		start = ++p;
+	}
+	else
+		return str;
+	while (*p != '"' && *p != '\0')
+		p++;
+	if (*p != '\0')
+		*p = '\0';
+	return start;
+}
+#endif /* defined(LDAPMAP) || defined(PH_MAP) */
 
-# undef NEEDGETOPT		/* used for something else in LDAP */
+#ifdef LDAPMAP
 
-# include <lber.h>
-# include <ldap.h>
-# include "ldap_map.h"
+LDAPMAP_STRUCT *LDAPDefaults = NULL;
 
 /*
-**  LDAP_MAP_OPEN -- open LDAP map
+**  LDAPMAP_OPEN -- open LDAP map
 **
-**	Since LDAP is TCP-based there is not much we can or should do
-**	here.  It might be a good idea to attempt an open/close here.
+**	Connect to the LDAP server.  Re-use existing connections since a
+**	single server connection to a host (with the same host, port,
+**	bind DN, and secret) can answer queries for multiple maps.
 */
 
 bool
-ldap_map_open(map, mode)
+ldapmap_open(map, mode)
 	MAP *map;
 	int mode;
 {
+	LDAPMAP_STRUCT *lmap;
+	STAB *s;
+
 	if (tTd(38, 2))
-		printf("ldap_map_open(%s, %d)\n", map->map_mname, mode);
+		dprintf("ldapmap_open(%s, %d)\n", map->map_mname, mode);
 
 	mode &= O_ACCMODE;
+
+	/* sendmail doesn't have the ability to write to LDAP (yet) */
 	if (mode != O_RDONLY)
 	{
 		/* issue a pseudo-error message */
-#ifdef ENOSYS
+# ifdef ENOSYS
 		errno = ENOSYS;
-#else
-# ifdef EFTYPE
+# else /* ENOSYS */
+#  ifdef EFTYPE
 		errno = EFTYPE;
-# else
+#  else /* EFTYPE */
 		errno = ENXIO;
-# endif
-#endif
+#  endif /* EFTYPE */
+# endif /* ENOSYS */
 		return FALSE;
 	}
+
+	/* Comma separate if used as an alias file */
+	if (map->map_coldelim == '\0' && bitset(MF_ALIAS, map->map_mflags))
+		map->map_coldelim = ',';
+
+	lmap = (LDAPMAP_STRUCT *) map->map_db1;
+
+	s = ldapmap_findconn(lmap);
+	if (s->s_ldap != NULL)
+	{
+		/* Already have a connection open to this LDAP server */
+		lmap->ldap_ld = s->s_ldap;
+		map->map_mflags |= MF_SHARED;
+		return TRUE;
+	}
+
+	/* No connection yet, connect */
+	if (!ldapmap_start(map))
+		return FALSE;
+
+	/* Save connection for reuse */
+	s->s_ldap = lmap->ldap_ld;
 	return TRUE;
 }
 
-
 /*
-**  LDAP_MAP_START -- actually open LDAP map
+**  LDAPMAP_START -- actually connect to an LDAP server
 **
-**	Caching should be investigated.
+**	Parameters:
+**		map -- the map being opened.
+**
+**	Returns:
+**		TRUE if connection is successful, FALSE otherwise.
+**
+**	Side Effects:
+**		Populates lmap->ldap_ld.
 */
 
 static jmp_buf	LDAPTimeout;
 
-static void
-ldaptimeout(sig_no)
-	int sig_no;
-{
-	longjmp(LDAPTimeout, 1);
-}
-
-bool
-ldap_map_start(map)
+static bool
+ldapmap_start(map)
 	MAP *map;
 {
-	LDAP_MAP_STRUCT *lmap;
-	LDAP *ld;
+	register int bind_result;
+	int save_errno;
 	register EVENT *ev = NULL;
+	LDAPMAP_STRUCT *lmap;
+	LDAP *ld;
 
 	if (tTd(38, 2))
-		printf("ldap_map_start(%s)\n", map->map_mname);
+		dprintf("ldapmap_start(%s)\n", map->map_mname);
 
-	lmap = (LDAP_MAP_STRUCT *) map->map_db1;
+	lmap = (LDAPMAP_STRUCT *) map->map_db1;
 
 	if (tTd(38,9))
-		printf("ldap_open(%s, %d)\n", lmap->ldaphost, lmap->ldapport);
+		dprintf("ldapmap_start(%s, %d)\n",
+			lmap->ldap_host == NULL ? "localhost" : lmap->ldap_host,
+			lmap->ldap_port);
 
-	/* Need to set an alarm here, ldap_open is hopelessly broken. */
+# if USE_LDAP_INIT
+	ld = ldap_init(lmap->ldap_host, lmap->ldap_port);
+# else /* USE_LDAP_INIT */
+	/*
+	**  If using ldap_open(), the actual connection to the server
+	**  happens now so we need the timeout here.  For ldap_init(),
+	**  the connection happens at bind time.
+	*/
 
 	/* set the timeout */
-	if (lmap->timeout.tv_sec != 0)
+	if (lmap->ldap_timeout.tv_sec != 0)
 	{
 		if (setjmp(LDAPTimeout) != 0)
 		{
 			if (LogLevel > 1)
 				sm_syslog(LOG_NOTICE, CurEnv->e_id,
-				       "timeout waiting for ldap_open to %.100s",
-				       lmap->ldaphost);
-			return (FALSE);
+					  "timeout conning to LDAP server %.100s",
+					  lmap->ldap_host == NULL ? "localhost" : lmap->ldap_host);
+			return FALSE;
 		}
-		ev = setevent(lmap->timeout.tv_sec, ldaptimeout, 0);
+		ev = setevent(lmap->ldap_timeout.tv_sec, ldaptimeout, 0);
 	}
 
-#ifdef USE_LDAP_INIT
-	ld = ldap_init(lmap->ldaphost,lmap->ldapport);
-#else
-	ld = ldap_open(lmap->ldaphost,lmap->ldapport);
-#endif
+	ld = ldap_open(lmap->ldap_host, lmap->ldap_port);
+	save_errno = errno;
 
- 	/* clear the event if it has not sprung */
-	if (lmap->timeout.tv_sec != 0)
+	/* clear the event if it has not sprung */
+	if (ev != NULL)
 		clrevent(ev);
+# endif /* USE_LDAP_INIT */
 
+	errno = save_errno;
 	if (ld == NULL)
 	{
 		if (!bitset(MF_OPTIONAL, map->map_mflags))
 		{
-			syserr("%sldapopen failed to %s in map %s",
-				bitset(MF_NODEFER, map->map_mflags) ? "" : "421 ",
-				lmap->ldaphost, map->map_mname);
+			if (bitset(MF_NODEFER, map->map_mflags))
+				syserr("%s failed to %s in map %s",
+# if USE_LDAP_INIT
+				       "ldap_init",
+# else /* USE_LDAP_INIT */
+				       "ldap_open",
+# endif /* USE_LDAP_INIT */
+				       lmap->ldap_host == NULL ? "localhost"
+							       : lmap->ldap_host,
+				       map->map_mname);
+			else
+				syserr("421 4.0.0 %s failed to %s in map %s",
+# if USE_LDAP_INIT
+				       "ldap_init",
+# else /* USE_LDAP_INIT */
+				       "ldap_open",
+# endif /* USE_LDAP_INIT */
+				       lmap->ldap_host == NULL ? "localhost"
+							       : lmap->ldap_host,
+				       map->map_mname);
 		}
 		return FALSE;
 	}
 
-#ifdef USE_LDAP_SET_OPTION
-	ldap_set_option(ld, LDAP_OPT_DEREF, &lmap->deref);
-	ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &lmap->timelimit);
-	ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &lmap->sizelimit);
-	ldap_set_option(ld, LDAP_OPT_REFERRALS, 
-			bitset(LDAP_OPT_REFERRALS, lmap->ldap_options) ?
-			LDAP_OPT_ON : LDAP_OPT_OFF);
-#else
-	/* From here on in we can use ldap internal timelimits */
-	ld->ld_deref = lmap->deref;
-	ld->ld_timelimit = lmap->timelimit;
-	ld->ld_sizelimit = lmap->sizelimit;
-	ld->ld_options = lmap->ldap_options;
-#endif
+	ldapmap_setopts(ld, lmap);
 
-#ifdef USE_LDAP_INIT
-	/* ld needs to be cast into the map struct */
-	lmap->ld = ld; 
-	return TRUE;
-#else
-	if (ldap_bind_s(ld, lmap->binddn,lmap->passwd,lmap->method) != LDAP_SUCCESS)
+# if USE_LDAP_INIT
+	/*
+	**  If using ldap_init(), the actual connection to the server
+	**  happens at ldap_bind_s() so we need the timeout here.
+	*/
+
+	/* set the timeout */
+	if (lmap->ldap_timeout.tv_sec != 0)
 	{
-		if (!bitset(MF_OPTIONAL, map->map_mflags))
+		if (setjmp(LDAPTimeout) != 0)
 		{
-			syserr("421 Cannot bind to map %s in ldap server %s",
-				map->map_mname, lmap->ldaphost);
+			if (LogLevel > 1)
+				sm_syslog(LOG_NOTICE, CurEnv->e_id,
+					  "timeout conning to LDAP server %.100s",
+					  lmap->ldap_host == NULL ? "localhost"
+								  : lmap->ldap_host);
+			return FALSE;
 		}
+		ev = setevent(lmap->ldap_timeout.tv_sec, ldaptimeout, 0);
 	}
-	else
-	{
-		/* We need to cast ld into the map structure */
-		lmap->ld = ld;
-		return TRUE;
-	}
+# endif /* USE_LDAP_INIT */
 
-	return FALSE;
-#endif
-}
+# ifdef LDAP_AUTH_KRBV4
+	if (lmap->ldap_method == LDAP_AUTH_KRBV4 &&
+	    lmap->ldap_secret != NULL)
+	{
+		/*
+		**  Need to put ticket in environment here instead of
+		**  during parseargs as there may be different tickets
+		**  for different LDAP connections.
+		*/
 
+		(void) putenv(lmap->ldap_secret);
+	}
+# endif /* LDAP_AUTH_KRBV4 */
 
-/*
-**  LDAP_MAP_STOP -- close the ldap connection
-*/
+	bind_result = ldap_bind_s(ld, lmap->ldap_binddn,
+				  lmap->ldap_secret, lmap->ldap_method);
 
-void
-ldap_map_stop(map)
-	MAP *map;
-{
-	LDAP_MAP_STRUCT *lmap;
+# if USE_LDAP_INIT
+	/* clear the event if it has not sprung */
+	if (ev != NULL)
+		clrevent(ev);
+# endif /* USE_LDAP_INIT */
 
-	lmap = (LDAP_MAP_STRUCT *) map->map_db1;
-	if (lmap->ld != NULL)
+	if (bind_result != LDAP_SUCCESS)
 	{
-		ldap_unbind(lmap->ld);
-		lmap->ld = NULL;
+		errno = bind_result + E_LDAPBASE;
+		if (!bitset(MF_OPTIONAL, map->map_mflags))
+		{
+			syserr("421 4.0.0 Cannot bind to map %s in ldap server %s",
+			       map->map_mname,
+			       lmap->ldap_host == NULL ? "localhost" : lmap->ldap_host);
+		}
+		return FALSE;
 	}
+
+	/* We need to cast ld into the map structure */
+	lmap->ldap_ld = ld;
+	return TRUE;
+}
+
+/* ARGSUSED */
+static void
+ldaptimeout(sig_no)
+	int sig_no;
+{
+	longjmp(LDAPTimeout, 1);
 }
 
 /*
-**  LDAP_MAP_CLOSE -- close ldap map
+**  LDAPMAP_CLOSE -- close ldap map
 */
 
 void
-ldap_map_close(map)
+ldapmap_close(map)
 	MAP *map;
 {
-	ldap_map_stop(map);
+	LDAPMAP_STRUCT *lmap;
+	STAB *s;
+
+	if (tTd(38, 2))
+		dprintf("ldapmap_close(%s)\n", map->map_mname);
+
+	lmap = (LDAPMAP_STRUCT *) map->map_db1;
+
+	/* Check if already closed */
+	if (lmap->ldap_ld == NULL)
+		return;
+
+	s = ldapmap_findconn(lmap);
+
+	/* Check if already closed */
+	if (s->s_ldap == NULL)
+		return;
+
+	/* If same as saved connection, stored connection is going away */
+	if (s->s_ldap == lmap->ldap_ld)
+		s->s_ldap = NULL;
+
+	if (lmap->ldap_ld != NULL)
+	{
+		ldap_unbind(lmap->ldap_ld);
+		lmap->ldap_ld = NULL;
+	}
 }
 
-#ifdef SUNET_ID
+# ifdef SUNET_ID
 /*
 **  SUNET_ID_HASH -- Convert a string to it's Sunet_id canonical form
 **  This only makes sense at Stanford University.
@@ -2792,225 +3088,697 @@ sunet_id_hash(str)
 	}
 	if (*p_last != '\0')
 		*p_last = '\0';
-	return (str);
+	return str;
 }
+# endif /* SUNET_ID */
 
-
-
-#endif /* SUNET_ID */
 /*
-**  LDAP_MAP_LOOKUP -- look up a datum in a LDAP map
+**  LDAPMAP_LOOKUP -- look up a datum in a LDAP map
 */
 
 char *
-ldap_map_lookup(map, name, av, statp)
+ldapmap_lookup(map, name, av, statp)
 	MAP *map;
 	char *name;
 	char **av;
 	int *statp;
 {
-	LDAP_MAP_STRUCT *lmap = NULL;
-	LDAPMessage *entry;
-	char *vp;
-	auto int vsize;
+	int i;
+	int entries = 0;
+	int msgid;
+	int ret;
+	int vsize;
+	char *fp, *vp;
+	char *p, *q;
+	char *result = NULL;
+	LDAPMAP_STRUCT *lmap = NULL;
 	char keybuf[MAXNAME + 1];
-	char filter[LDAP_MAP_MAX_FILTER + 1];
-	char **attr_values = NULL;
-	char *result;
-	int name_len;
-	char *fp, *p, *q;
+	char filter[LDAPMAP_MAX_FILTER + 1];
 
 	if (tTd(38, 20))
-		printf("ldap_map_lookup(%s, %s)\n", map->map_mname, name);
-
-	/* actually open the map */
-	if (!ldap_map_start(map))
-	{
-		result = NULL;
-		*statp = EX_TEMPFAIL;
-		goto quick_exit;
-	}
+		dprintf("ldapmap_lookup(%s, %s)\n", map->map_mname, name);
 
 	/* Get ldap struct pointer from map */
-	lmap = (LDAP_MAP_STRUCT *) map->map_db1;
+	lmap = (LDAPMAP_STRUCT *) map->map_db1;
+	ldapmap_setopts(lmap->ldap_ld, lmap);
 
-	name_len = strlen(name);
-	if (name_len > MAXNAME)
-		name_len = MAXNAME;
-	strncpy(keybuf, name, name_len);
-	keybuf[name_len] = '\0';
+	(void) strlcpy(keybuf, name, sizeof keybuf);
 
 	if (!bitset(MF_NOFOLDCASE, map->map_mflags))
-#ifdef SUNET_ID
+	{
+# ifdef SUNET_ID
 		sunet_id_hash(keybuf);
-#else
+# else /* SUNET_ID */
 		makelower(keybuf);
-#endif /*SUNET_ID */
+# endif /* SUNET_ID */
+	}
 
 	/* substitute keybuf into filter, perhaps multiple times */
+	memset(filter, '\0', sizeof filter);
 	fp = filter;
-	p = lmap->filter;
+	p = lmap->ldap_filter;
 	while ((q = strchr(p, '%')) != NULL)
 	{
 		if (q[1] == 's')
 		{
 			snprintf(fp, SPACELEFT(filter, fp), "%.*s%s",
 				 q - p, p, keybuf);
+			fp += strlen(fp);
 			p = q + 2;
 		}
+		else if (q[1] == '0')
+		{
+			char *k = keybuf;
+
+			snprintf(fp, SPACELEFT(filter, fp), "%.*s",
+				 q - p, p);
+			fp += strlen(fp);
+			p = q + 2;
+
+			/* Properly escape LDAP special characters */
+			while (SPACELEFT(filter, fp) > 0 &&
+			       *k != '\0')
+			{
+				if (*k == '*' || *k == '(' ||
+				    *k == ')' || *k == '\\')
+				{
+					(void) strlcat(fp,
+						       (*k == '*' ? "\\2A" :
+							(*k == '(' ? "\\28" :
+							 (*k == ')' ? "\\29" :
+							  (*k == '\\' ? "\\5C" :
+							   "\00")))),
+						SPACELEFT(filter, fp));
+					fp += strlen(fp);
+					k++;
+				}
+				else
+					*fp++ = *k++;
+			}
+		}
 		else
 		{
 			snprintf(fp, SPACELEFT(filter, fp), "%.*s",
 				 q - p + 1, p);
 			p = q + (q[1] == '%' ? 2 : 1);
+			fp += strlen(fp);
 		}
-		fp += strlen(fp);
 	}
 	snprintf(fp, SPACELEFT(filter, fp), "%s", p);
 	if (tTd(38, 20))
-		printf("ldap search filter=%s\n", filter);
+		dprintf("ldap search filter=%s\n", filter);
 
-	if (ldap_search_st(lmap->ld, lmap->base,lmap->scope,filter,
-			   lmap->attr, lmap->attrsonly, &(lmap->timeout),
-			   &(lmap->res)) != LDAP_SUCCESS)
+	lmap->ldap_res = NULL;
+	msgid = ldap_search(lmap->ldap_ld, lmap->ldap_base, lmap->ldap_scope,
+			    filter,
+			    (lmap->ldap_attr[0] == NULL ? NULL :
+			     lmap->ldap_attr),
+			    lmap->ldap_attrsonly);
+	if (msgid == -1)
 	{
-		/* try stopping/starting map */
-		ldap_map_stop(map);
-		if (!ldap_map_start(map))
+		errno = ldapmap_geterrno(lmap->ldap_ld) + E_LDAPBASE;
+		if (!bitset(MF_OPTIONAL, map->map_mflags))
 		{
-			result = NULL;
-			*statp = EX_TEMPFAIL;
-			goto quick_exit;
+			if (bitset(MF_NODEFER, map->map_mflags))
+				syserr("Error in ldap_search_st using %s in map %s",
+				       filter, map->map_mname);
+			else
+				syserr("421 4.0.0 Error in ldap_search_st using %s in map %s",
+				       filter, map->map_mname);
 		}
-		if (ldap_search_st(lmap->ld, lmap->base, lmap->scope, filter,
-				   lmap->attr, lmap->attrsonly,
-				   &(lmap->timeout), &(lmap->res))
-			!= LDAP_SUCCESS)
+		*statp = EX_TEMPFAIL;
+		return NULL;
+	}
+
+	*statp = EX_NOTFOUND;
+	vp = NULL;
+
+	/* Get results (all if MF_NOREWRITE, otherwise one by one) */
+	while ((ret = ldap_result(lmap->ldap_ld, msgid,
+				  bitset(MF_NOREWRITE, map->map_mflags),
+				  (lmap->ldap_timeout.tv_sec == 0 ? NULL :
+				   &(lmap->ldap_timeout)),
+				  &(lmap->ldap_res))) == LDAP_RES_SEARCH_ENTRY)
+	{
+		LDAPMessage *entry;
+
+		if (bitset(MF_SINGLEMATCH, map->map_mflags))
+		{
+			entries += ldap_count_entries(lmap->ldap_ld,
+						      lmap->ldap_res);
+			if (entries > 1)
+			{
+				*statp = EX_NOTFOUND;
+				if (lmap->ldap_res != NULL)
+				{
+					ldap_msgfree(lmap->ldap_res);
+					lmap->ldap_res = NULL;
+				}
+				(void) ldap_abandon(lmap->ldap_ld, msgid);
+				if (vp != NULL)
+					free(vp);
+				if (tTd(38, 25))
+					dprintf("ldap search found multiple on a single match query\n");
+				return NULL;
+			}
+		}
+
+		/* If we don't want multiple values and we have one, break */
+		if (map->map_coldelim == '\0' && vp != NULL)
+			break;
+
+		/* Cycle through all entries */
+		for (entry = ldap_first_entry(lmap->ldap_ld, lmap->ldap_res);
+		     entry != NULL;
+		     entry = ldap_next_entry(lmap->ldap_ld, lmap->ldap_res))
 		{
+			BerElement *ber;
+			char *attr;
+			char **vals = NULL;
+
+			/*
+			**  If matching only and found an entry,
+			**  no need to spin through attributes
+			*/
+
+			if (*statp == EX_OK &&
+			    bitset(MF_MATCHONLY, map->map_mflags))
+				continue;
+
+# if !defined(LDAP_VERSION_MAX) && !defined(LDAP_OPT_SIZELIMIT)
+			/*
+			**  Reset value to prevent lingering
+			**  LDAP_DECODING_ERROR due to
+			**  OpenLDAP 1.X's hack (see below)
+			*/
+
+			lmap->ldap_ld->ld_errno = LDAP_SUCCESS;
+# endif /* !defined(LDAP_VERSION_MAX) !defined(LDAP_OPT_SIZELIMIT) */
+
+			for (attr = ldap_first_attribute(lmap->ldap_ld, entry,
+							 &ber);
+			     attr != NULL;
+			     attr = ldap_next_attribute(lmap->ldap_ld, entry,
+							ber))
+			{
+				char *tmp, *vp_tmp;
+
+				if (lmap->ldap_attrsonly == LDAPMAP_FALSE)
+				{
+					vals = ldap_get_values(lmap->ldap_ld,
+							       entry,
+							       attr);
+					if (vals == NULL)
+					{
+						errno = ldapmap_geterrno(lmap->ldap_ld);
+						if (errno == LDAP_SUCCESS)
+							continue;
+
+						/* Must be an error */
+						errno += E_LDAPBASE;
+						if (!bitset(MF_OPTIONAL,
+							    map->map_mflags))
+						{
+							if (bitset(MF_NODEFER,
+								   map->map_mflags))
+								syserr("Error getting LDAP values in map %s",
+								       map->map_mname);
+							else
+								syserr("421 4.0.0 Error getting LDAP values in map %s",
+								       map->map_mname);
+						}
+						*statp = EX_TEMPFAIL;
+# if USING_NETSCAPE_LDAP
+						ldap_mem_free(attr);
+# endif /* USING_NETSCAPE_LDAP */
+						if (lmap->ldap_res != NULL)
+						{
+							ldap_msgfree(lmap->ldap_res);
+							lmap->ldap_res = NULL;
+						}
+						(void) ldap_abandon(lmap->ldap_ld,
+								    msgid);
+						if (vp != NULL)
+							free(vp);
+						return NULL;
+					}
+				}
+
+				*statp = EX_OK;
+
+# if !defined(LDAP_VERSION_MAX) && !defined(LDAP_OPT_SIZELIMIT)
+				/*
+				**  Reset value to prevent lingering
+				**  LDAP_DECODING_ERROR due to
+				**  OpenLDAP 1.X's hack (see below)
+				*/
+
+				lmap->ldap_ld->ld_errno = LDAP_SUCCESS;
+# endif /* !defined(LDAP_VERSION_MAX) !defined(LDAP_OPT_SIZELIMIT) */
+
+				/*
+				**  If matching only,
+				**  no need to spin through entries
+				*/
+
+				if (bitset(MF_MATCHONLY, map->map_mflags))
+					continue;
+
+				/*
+				**  If we don't want multiple values,
+				**  return first found.
+				*/
+
+				if (map->map_coldelim == '\0')
+				{
+					if (lmap->ldap_attrsonly == LDAPMAP_TRUE)
+					{
+						vp = newstr(attr);
+# if USING_NETSCAPE_LDAP
+						ldap_mem_free(attr);
+# endif /* USING_NETSCAPE_LDAP */
+						break;
+					}
+
+					if (vals[0] == NULL)
+					{
+						ldap_value_free(vals);
+# if USING_NETSCAPE_LDAP
+						ldap_mem_free(attr);
+# endif /* USING_NETSCAPE_LDAP */
+						continue;
+					}
+
+					vp = newstr(vals[0]);
+					ldap_value_free(vals);
+# if USING_NETSCAPE_LDAP
+					ldap_mem_free(attr);
+# endif /* USING_NETSCAPE_LDAP */
+					break;
+				}
+
+				/* attributes only */
+				if (lmap->ldap_attrsonly == LDAPMAP_TRUE)
+				{
+					if (vp == NULL)
+						vp = newstr(attr);
+					else
+					{
+						vsize = strlen(vp) +
+							strlen(attr) + 2;
+						tmp = xalloc(vsize);
+						snprintf(tmp, vsize, "%s%c%s",
+							 vp, map->map_coldelim,
+							 attr);
+						free(vp);
+						vp = tmp;
+					}
+# if USING_NETSCAPE_LDAP
+					ldap_mem_free(attr);
+# endif /* USING_NETSCAPE_LDAP */
+					continue;
+				}
+
+				/*
+				**  If there is more than one,
+				**  munge then into a map_coldelim
+				**  separated string
+				*/
+
+				vsize = 0;
+				for (i = 0; vals[i] != NULL; i++)
+					vsize += strlen(vals[i]) + 1;
+				vp_tmp = xalloc(vsize);
+				*vp_tmp = '\0';
+
+				p = vp_tmp;
+				for (i = 0; vals[i] != NULL; i++)
+				{
+					p += strlcpy(p, vals[i],
+						     vsize - (p - vp_tmp));
+					if (p >= vp_tmp + vsize)
+						syserr("ldapmap_lookup: Internal error: buffer too small for LDAP values");
+					if (vals[i + 1] != NULL)
+						*p++ = map->map_coldelim;
+				}
+
+				ldap_value_free(vals);
+# if USING_NETSCAPE_LDAP
+				ldap_mem_free(attr);
+# endif /* USING_NETSCAPE_LDAP */
+				if (vp == NULL)
+				{
+					vp = vp_tmp;
+					continue;
+				}
+				vsize = strlen(vp) + strlen(vp_tmp) + 2;
+				tmp = xalloc(vsize);
+				snprintf(tmp, vsize, "%s%c%s",
+					 vp, map->map_coldelim, vp_tmp);
+
+				free(vp);
+				free(vp_tmp);
+				vp = tmp;
+			}
+			errno = ldapmap_geterrno(lmap->ldap_ld);
+
+			/*
+			**  We check errno != LDAP_DECODING_ERROR since
+			**  OpenLDAP 1.X has a very ugly *undocumented*
+			**  hack of returning this error code from
+			**  ldap_next_attribute() if the library freed the
+			**  ber attribute.  See:
+			**  http://www.openldap.org/lists/openldap-devel/9901/msg00064.html
+			*/
+
+			if (errno != LDAP_SUCCESS &&
+			    errno != LDAP_DECODING_ERROR)
+			{
+				/* Must be an error */
+				errno += E_LDAPBASE;
+				if (!bitset(MF_OPTIONAL, map->map_mflags))
+				{
+					if (bitset(MF_NODEFER, map->map_mflags))
+						syserr("Error getting LDAP attributes in map %s",
+						       map->map_mname);
+					else
+						syserr("421 4.0.0 Error getting LDAP attributes in map %s",
+						       map->map_mname);
+				}
+				*statp = EX_TEMPFAIL;
+				if (lmap->ldap_res != NULL)
+				{
+					ldap_msgfree(lmap->ldap_res);
+					lmap->ldap_res = NULL;
+				}
+				(void) ldap_abandon(lmap->ldap_ld, msgid);
+				if (vp != NULL)
+					free(vp);
+				return NULL;
+			}
+
+			/* We don't want multiple values and we have one */
+			if (map->map_coldelim == '\0' && vp != NULL)
+				break;
+		}
+		errno = ldapmap_geterrno(lmap->ldap_ld);
+		if (errno != LDAP_SUCCESS && errno != LDAP_DECODING_ERROR)
+		{
+			/* Must be an error */
+			errno += E_LDAPBASE;
 			if (!bitset(MF_OPTIONAL, map->map_mflags))
 			{
-				syserr("%sError in ldap_search_st using %s in map %s",
-					bitset(MF_NODEFER, map->map_mflags) ? "" : "421 ",
-					filter, map->map_mname);
+				if (bitset(MF_NODEFER, map->map_mflags))
+					syserr("Error getting LDAP entries in map %s",
+					       map->map_mname);
+				else
+					syserr("421 4.0.0 Error getting LDAP entries in map %s",
+					       map->map_mname);
 			}
-			result = NULL;
 			*statp = EX_TEMPFAIL;
-			goto quick_exit;
+			if (lmap->ldap_res != NULL)
+			{
+				ldap_msgfree(lmap->ldap_res);
+				lmap->ldap_res = NULL;
+			}
+			(void) ldap_abandon(lmap->ldap_ld, msgid);
+			if (vp != NULL)
+				free(vp);
+			return NULL;
 		}
+		ldap_msgfree(lmap->ldap_res);
+		lmap->ldap_res = NULL;
 	}
 
-	entry = ldap_first_entry(lmap->ld,lmap->res);
-	if (entry == NULL)
+	/*
+	**  If grabbing all results at once for MF_NOREWRITE and
+	**  only want a single match, make sure that's all we have
+	*/
+
+	if (ret == LDAP_RES_SEARCH_RESULT &&
+	    bitset(MF_NOREWRITE|MF_SINGLEMATCH, map->map_mflags))
 	{
-	        result = NULL;
-		*statp = EX_NOTFOUND;
-		goto quick_exit;
+		entries += ldap_count_entries(lmap->ldap_ld, lmap->ldap_res);
+		if (entries > 1)
+		{
+			*statp = EX_NOTFOUND;
+			if (lmap->ldap_res != NULL)
+			{
+				ldap_msgfree(lmap->ldap_res);
+				lmap->ldap_res = NULL;
+			}
+			if (vp != NULL)
+				free(vp);
+			return NULL;
+		}
+		*statp = EX_OK;
 	}
 
-	/* Need to build the args for map_rewrite here */
-	attr_values = ldap_get_values(lmap->ld,entry,lmap->attr[0]);
-	if (attr_values == NULL)
+	if (ret == 0)
+		errno = ETIMEDOUT;
+	else
+		errno = ldapmap_geterrno(lmap->ldap_ld);
+	if (errno != LDAP_SUCCESS)
 	{
-		/* bad things happened */
-		result = NULL;
-		*statp = EX_NOTFOUND;
-		goto quick_exit;
+		/* Must be an error */
+		if (ret != 0)
+			errno += E_LDAPBASE;
+		if (!bitset(MF_OPTIONAL, map->map_mflags))
+		{
+			if (bitset(MF_NODEFER, map->map_mflags))
+				syserr("Error getting LDAP results in map %s",
+				       map->map_mname);
+			else
+				syserr("421 4.0.0 Error getting LDAP results in map %s",
+				       map->map_mname);
+		}
+		*statp = EX_TEMPFAIL;
+		if (vp != NULL)
+			free(vp);
+		return NULL;
 	}
 
-	*statp = EX_OK;
+	/* Did we match anything? */
+	if (vp == NULL)
+		return NULL;
 
-	/* If there is more that one use the first */
-	vp = attr_values[0];
-	vsize = strlen(vp);
+	/*
+	**  If MF_NOREWRITE, we are special map which doesn't
+	**  actually return a map value.  Instead, we don't free
+	**  ldap_res and let the calling function process the LDAP
+	**  results.  The caller should ldap_msgfree(lmap->ldap_res).
+	*/
 
-	if (LogLevel > 9)
-		sm_syslog(LOG_INFO, CurEnv->e_id,
-			"ldap %.100s => %s",
-			name, vp);
-	if (bitset(MF_MATCHONLY, map->map_mflags))
-		result = map_rewrite(map, name, strlen(name), NULL);
-	else
-		result = map_rewrite(map, vp, vsize, av);
-
-  quick_exit:
-	if (attr_values != NULL)
-		ldap_value_free(attr_values);
-	if (lmap != NULL)
-		ldap_msgfree(lmap->res);
-	ldap_map_stop(map);
-	return result ;
-}
+	if (bitset(MF_NOREWRITE, map->map_mflags))
+	{
+		/* vp != NULL due to test above */
+		free(vp);
+		return "";
+	}
 
+	if (*statp == EX_OK)
+	{
+		/* vp != NULL due to test above */
+		if (LogLevel > 9)
+			sm_syslog(LOG_INFO, CurEnv->e_id,
+				  "ldap %.100s => %s", name, vp);
+		if (bitset(MF_MATCHONLY, map->map_mflags))
+			result = map_rewrite(map, name, strlen(name), NULL);
+		else
+			result = map_rewrite(map, vp, strlen(vp), av);
+		free(vp);
+	}
+	return result;
+}
 
 /*
-**  LDAP_MAP_DEQUOTE - helper routine for ldap_map_parseargs
+**  LDAPMAP_FINDCONN -- find an LDAP connection to the server
+**
+**	Cache LDAP connections based on the host, port, bind DN,
+**	and secret so we don't have multiple connections open to
+**	the same server for different maps.
+**
+**	Parameters:
+**		lmap -- LDAP map information
+**
+**	Returns:
+**		Symbol table entry for the LDAP connection.
+**
 */
 
-char *
-ldap_map_dequote(str)
-	char *str;
+static STAB *
+ldapmap_findconn(lmap)
+	LDAPMAP_STRUCT *lmap;
 {
-	char *p;
-	char *start;
-	p = str;
+	int len;
+	char *nbuf;
+	STAB *s;
+
+	len = (lmap->ldap_host == NULL ? strlen("localhost") :
+					 strlen(lmap->ldap_host)) + 1 + 8 + 1 +
+		(lmap->ldap_binddn == NULL ? 0 : strlen(lmap->ldap_binddn)) +
+		1 +
+		(lmap->ldap_secret == NULL ? 0 : strlen(lmap->ldap_secret)) +
+		1;
+	nbuf = xalloc(len);
+	snprintf(nbuf, len, "%s%c%d%c%s%c%s",
+		 (lmap->ldap_host == NULL ? "localhost" : lmap->ldap_host),
+		 CONDELSE,
+		 lmap->ldap_port,
+		 CONDELSE,
+		 (lmap->ldap_binddn == NULL ? "" : lmap->ldap_binddn),
+		 CONDELSE,
+		 (lmap->ldap_secret == NULL ? "" : lmap->ldap_secret));
+	s = stab(nbuf, ST_LDAP, ST_ENTER);
+	free(nbuf);
+	return s;
+}
+/*
+**  LDAPMAP_SETOPTS -- set LDAP options
+**
+**	Parameters:
+**		ld -- LDAP session handle
+**		lmap -- LDAP map information
+**
+**	Returns:
+**		None.
+**
+*/
 
-	if (*p == '"')
-	{
-		start = ++p;
-		/* Should probably swallow initial whitespace here */
-	}
+static void
+ldapmap_setopts(ld, lmap)
+	LDAP *ld;
+	LDAPMAP_STRUCT *lmap;
+{
+# if USE_LDAP_SET_OPTION
+	ldap_set_option(ld, LDAP_OPT_DEREF, &lmap->ldap_deref);
+	if (bitset(LDAP_OPT_REFERRALS, lmap->ldap_options))
+		ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON);
 	else
-	{
-		return(str);
-	}
-	while (*p != '"' && *p != '\0')
-	{
-		p++;
-	}
-	if (*p != '\0')
-		*p = '\0';
-	return start;
+		ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
+	ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &lmap->ldap_sizelimit);
+	ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &lmap->ldap_timelimit);
+# else /* USE_LDAP_SET_OPTION */
+	/* From here on in we can use ldap internal timelimits */
+	ld->ld_deref = lmap->ldap_deref;
+	ld->ld_options = lmap->ldap_options;
+	ld->ld_sizelimit = lmap->ldap_sizelimit;
+	ld->ld_timelimit = lmap->ldap_timelimit;
+# endif /* USE_LDAP_SET_OPTION */
+}
+/*
+**  LDAPMAP_GETERRNO -- get ldap errno value
+**
+**	Parameters:
+**		ld -- LDAP session handle
+**
+**	Returns:
+**		LDAP errno.
+**
+*/
+
+static int
+ldapmap_geterrno(ld)
+	LDAP *ld;
+{
+	int err = LDAP_SUCCESS;
+
+# if defined(LDAP_VERSION_MAX) && LDAP_VERSION_MAX >= 3
+	(void) ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &err);
+# else /* defined(LDAP_VERSION_MAX) && LDAP_VERSION_MAX >= 3 */
+#  ifdef LDAP_OPT_SIZELIMIT
+	err = ldap_get_lderrno(ld, NULL, NULL);
+#  else /* LDAP_OPT_SIZELIMIT */
+	err = ld->ld_errno;
+
+	/*
+	**  Reset value to prevent lingering LDAP_DECODING_ERROR due to
+	**  OpenLDAP 1.X's hack (see above)
+	*/
+
+	ld->ld_errno = LDAP_SUCCESS;
+#  endif /* LDAP_OPT_SIZELIMIT */
+# endif /* defined(LDAP_VERSION_MAX) && LDAP_VERSION_MAX >= 3 */
+	return err;
+}
+
+/*
+**  LDAPX_MAP_PARSEARGS -- print warning about use of ldapx map.
+*/
+
+bool
+ldapx_map_parseargs(map, args)
+	MAP *map;
+	char *args;
+{
+	printf("Warning: The \"ldapx\" map class is deprecated and will be removed in a future\n");
+	printf("         version.  Use the \"ldap\" map class instead for map \"%s\".\n",
+	       map->map_mname);
+	return ldapmap_parseargs(map, args);
 }
 
 /*
-**  LDAP_MAP_PARSEARGS -- parse ldap map definition args.
+**  LDAPMAP_PARSEARGS -- parse ldap map definition args.
 */
 
+struct lamvalues LDAPAuthMethods[] =
+{
+	{	"none",		LDAP_AUTH_NONE		},
+	{	"simple",	LDAP_AUTH_SIMPLE	},
+# ifdef LDAP_AUTH_KRBV4
+	{	"krbv4",	LDAP_AUTH_KRBV4		},
+# endif /* LDAP_AUTH_KRBV4 */
+	{	NULL,		0			}
+};
+
+struct ladvalues LDAPAliasDereference[] =
+{
+	{	"never",	LDAP_DEREF_NEVER	},
+	{	"always",	LDAP_DEREF_ALWAYS	},
+	{	"search",	LDAP_DEREF_SEARCHING	},
+	{	"find",		LDAP_DEREF_FINDING	},
+	{	NULL,		0			}
+};
+
+struct lssvalues LDAPSearchScope[] =
+{
+	{	"base",		LDAP_SCOPE_BASE		},
+	{	"one",		LDAP_SCOPE_ONELEVEL	},
+	{	"sub",		LDAP_SCOPE_SUBTREE	},
+	{	NULL,		0			}
+};
+
 bool
-ldap_map_parseargs(map,args)
+ldapmap_parseargs(map, args)
 	MAP *map;
 	char *args;
 {
+	bool secretread = TRUE;
+	int i;
 	register char *p = args;
-	register int done;
-	LDAP_MAP_STRUCT *lmap;
-
-	/* We need to alloc an LDAP_MAP_STRUCT struct */
-	lmap  = (LDAP_MAP_STRUCT *) xalloc(sizeof(LDAP_MAP_STRUCT));
-
-	/* Set default int's here , default strings below */
-	lmap->ldapport =  DEFAULT_LDAP_MAP_PORT;
-	lmap->deref = DEFAULT_LDAP_MAP_DEREF;
-	lmap->timelimit = DEFAULT_LDAP_MAP_TIMELIMIT;
-	lmap->sizelimit = DEFAULT_LDAP_MAP_SIZELIMIT;
-	lmap->ldap_options = DEFAULT_LDAP_MAP_LDAP_OPTIONS;
-	lmap->method = DEFAULT_LDAP_MAP_METHOD;
-	lmap->scope = DEFAULT_LDAP_MAP_SCOPE;
-	lmap->attrsonly = DEFAULT_LDAP_MAP_ATTRSONLY;
-	lmap->timeout.tv_sec = DEFAULT_LDAP_MAP_TIMELIMIT;
-	lmap->timeout.tv_usec = 0;
-
-	/* Default char ptrs to NULL */
-	lmap->binddn = NULL;
-	lmap->passwd = NULL;
-	lmap->base   = NULL;
-	lmap->ldaphost = NULL;
-
-	/* Default general ptrs to NULL */
-	lmap->ld = NULL;
-	lmap->res = NULL;
+	LDAPMAP_STRUCT *lmap;
+	struct lamvalues *lam;
+	struct ladvalues *lad;
+	struct lssvalues *lss;
+	char m_tmp[MAXPATHLEN + LDAPMAP_MAX_PASSWD];
 
-	map->map_mflags |= MF_TRY0NULL | MF_TRY1NULL;
+	/* Get ldap struct pointer from map */
+	lmap = (LDAPMAP_STRUCT *) map->map_db1;
+
+	/* Check if setting the initial LDAP defaults */
+	if (lmap == NULL || lmap != LDAPDefaults)
+	{
+		/* We need to alloc an LDAPMAP_STRUCT struct */
+		lmap = (LDAPMAP_STRUCT *) xalloc(sizeof *lmap);
+		if (LDAPDefaults == NULL)
+			ldapmap_clear(lmap);
+		else
+			STRUCTCOPY(*LDAPDefaults, *lmap);
+	}
+
+	/* there is no check whether there is really an argument */
+	map->map_mflags |= MF_TRY0NULL|MF_TRY1NULL;
+	map->map_spacesub = SpaceSub;	/* default value */
 	for (;;)
 	{
 		while (isascii(*p) && isspace(*p))
@@ -3048,10 +3816,6 @@ ldap_map_parseargs(map,args)
 			map->map_mflags |= MF_KEEPQUOTES;
 			break;
 
-		  case 't':
-			map->map_mflags |= MF_NODEFER;
-			break;
-
 		  case 'a':
 			map->map_app = ++p;
 			break;
@@ -3060,49 +3824,126 @@ ldap_map_parseargs(map,args)
 			map->map_tapp = ++p;
 			break;
 
-			/* Start of ldap_map specific args */
+		  case 't':
+			map->map_mflags |= MF_NODEFER;
+			break;
+
+		  case 'S':
+			map->map_spacesub = *++p;
+			break;
+
+		  case 'D':
+			map->map_mflags |= MF_DEFER;
+			break;
+
+		  case 'z':
+			if (*++p != '\\')
+				map->map_coldelim = *p;
+			else
+			{
+				switch (*++p)
+				{
+				  case 'n':
+					map->map_coldelim = '\n';
+					break;
+
+				  case 't':
+					map->map_coldelim = '\t';
+					break;
+
+				  default:
+					map->map_coldelim = '\\';
+				}
+			}
+			break;
+
+			/* Start of ldapmap specific args */
 		  case 'k':		/* search field */
 			while (isascii(*++p) && isspace(*p))
 				continue;
-			lmap->filter = p;
+			lmap->ldap_filter = p;
 			break;
 
 		  case 'v':		/* attr to return */
 			while (isascii(*++p) && isspace(*p))
 				continue;
-			lmap->attr[0] = p;
-			lmap->attr[1] = NULL;
+			lmap->ldap_attr[0] = p;
+			lmap->ldap_attr[1] = NULL;
+			break;
+
+		  case '1':
+			map->map_mflags |= MF_SINGLEMATCH;
 			break;
 
 			/* args stolen from ldapsearch.c */
 		  case 'R':		/* don't auto chase referrals */
-#ifdef LDAP_REFERRALS
+# ifdef LDAP_REFERRALS
 			lmap->ldap_options &= ~LDAP_OPT_REFERRALS;
-#else  /* LDAP_REFERRALS */
+# else /* LDAP_REFERRALS */
 			syserr("compile with -DLDAP_REFERRALS for referral support\n");
-#endif /* LDAP_REFERRALS */
+# endif /* LDAP_REFERRALS */
 			break;
 
-		  case 'n':		/* retrieve attribute names only -- no values */
-			lmap->attrsonly += 1;
+		  case 'n':		/* retrieve attribute names only */
+			lmap->ldap_attrsonly = LDAPMAP_TRUE;
 			break;
 
-		  case 's':		/* search scope */
-			if (strncasecmp(++p, "base", 4) == 0)
+		  case 'r':		/* alias dereferencing */
+			while (isascii(*++p) && isspace(*p))
+				continue;
+
+			if (strncasecmp(p, "LDAP_DEREF_", 11) == 0)
+				p += 11;
+
+			for (lad = LDAPAliasDereference;
+			     lad != NULL && lad->lad_name != NULL; lad++)
 			{
-				lmap->scope = LDAP_SCOPE_BASE;
+				if (strncasecmp(p, lad->lad_name,
+						strlen(lad->lad_name)) == 0)
+					break;
 			}
-			else if (strncasecmp(p, "one", 3) == 0)
+			if (lad->lad_name != NULL)
+				lmap->ldap_deref = lad->lad_code;
+			else
 			{
-				lmap->scope = LDAP_SCOPE_ONELEVEL;
+				/* bad config line */
+				if (!bitset(MCF_OPTFILE,
+					    map->map_class->map_cflags))
+				{
+					char *ptr;
+
+					if ((ptr = strchr(p, ' ')) != NULL)
+						*ptr = '\0';
+					syserr("Deref must be [never|always|search|find] not %s in map %s",
+						p, map->map_mname);
+					if (ptr != NULL)
+						*ptr = ' ';
+					return FALSE;
+				}
 			}
-			else if (strncasecmp(p, "sub", 3) == 0)
+			break;
+
+		  case 's':		/* search scope */
+			while (isascii(*++p) && isspace(*p))
+				continue;
+
+			if (strncasecmp(p, "LDAP_SCOPE_", 11) == 0)
+				p += 11;
+
+			for (lss = LDAPSearchScope;
+			     lss != NULL && lss->lss_name != NULL; lss++)
 			{
-				lmap->scope = LDAP_SCOPE_SUBTREE;
+				if (strncasecmp(p, lss->lss_name,
+						strlen(lss->lss_name)) == 0)
+					break;
 			}
+			if (lss->lss_name != NULL)
+				lmap->ldap_scope = lss->lss_code;
 			else
-			{		/* bad config line */
-				if (!bitset(MCF_OPTFILE, map->map_class->map_cflags))
+			{
+				/* bad config line */
+				if (!bitset(MCF_OPTFILE,
+					    map->map_class->map_cflags))
 				{
 					char *ptr;
 
@@ -3120,49 +3961,105 @@ ldap_map_parseargs(map,args)
 		  case 'h':		/* ldap host */
 			while (isascii(*++p) && isspace(*p))
 				continue;
-			map->map_domain = p;
-			lmap->ldaphost = p;
+			lmap->ldap_host = p;
 			break;
 
 		  case 'b':		/* search base */
 			while (isascii(*++p) && isspace(*p))
 				continue;
-			lmap->base = p;
+			lmap->ldap_base = p;
 			break;
 
 		  case 'p':		/* ldap port */
 			while (isascii(*++p) && isspace(*p))
 				continue;
-			lmap->ldapport = atoi(p);
+			lmap->ldap_port = atoi(p);
 			break;
 
 		  case 'l':		/* time limit */
 			while (isascii(*++p) && isspace(*p))
 				continue;
-			lmap->timelimit = atoi(p);
-			lmap->timeout.tv_sec = lmap->timelimit;
+			lmap->ldap_timelimit = atoi(p);
+			lmap->ldap_timeout.tv_sec = lmap->ldap_timelimit;
+			break;
+
+		  case 'Z':
+			while (isascii(*++p) && isspace(*p))
+				continue;
+			lmap->ldap_sizelimit = atoi(p);
 			break;
 
+		  case 'd':		/* Dn to bind to server as */
+			while (isascii(*++p) && isspace(*p))
+				continue;
+			lmap->ldap_binddn = p;
+			break;
+
+		  case 'M':		/* Method for binding */
+			while (isascii(*++p) && isspace(*p))
+				continue;
+
+			if (strncasecmp(p, "LDAP_AUTH_", 10) == 0)
+				p += 10;
+
+			for (lam = LDAPAuthMethods;
+			     lam != NULL && lam->lam_name != NULL; lam++)
+			{
+				if (strncasecmp(p, lam->lam_name,
+						strlen(lam->lam_name)) == 0)
+					break;
+			}
+			if (lam->lam_name != NULL)
+				lmap->ldap_method = lam->lam_code;
+			else
+			{
+				/* bad config line */
+				if (!bitset(MCF_OPTFILE,
+					    map->map_class->map_cflags))
+				{
+					char *ptr;
+
+					if ((ptr = strchr(p, ' ')) != NULL)
+						*ptr = '\0';
+					syserr("Method for binding must be [none|simple|krbv4] not %s in map %s",
+						p, map->map_mname);
+					if (ptr != NULL)
+						*ptr = ' ';
+					return FALSE;
+				}
+			}
+
+			break;
+
+			/*
+			**  This is a string that is dependent on the
+			**  method used defined above.
+			*/
+
+		  case 'P':		/* Secret password for binding */
+			 while (isascii(*++p) && isspace(*p))
+				continue;
+			lmap->ldap_secret = p;
+			secretread = FALSE;
+			break;
+
+		  default:
+			syserr("Illegal option %c map %s", *p, map->map_mname);
+			break;
 		}
 
-		/* need to account for quoted strings here arggg... */
-		done =  isascii(*p) && isspace(*p);
-		while (*p != '\0' && !done)
+		/* need to account for quoted strings here */
+		while (*p != '\0' && !(isascii(*p) && isspace(*p)))
 		{
 			if (*p == '"')
 			{
 				while (*++p != '"' && *p != '\0')
-				{
 					continue;
-				}
 				if (*p != '\0')
 					p++;
 			}
 			else
-			{
 				p++;
-			}
-			done = isascii(*p) && isspace(*p);
 		}
 
 		if (*p != '\0')
@@ -3170,47 +4067,130 @@ ldap_map_parseargs(map,args)
 	}
 
 	if (map->map_app != NULL)
-		map->map_app = newstr(ldap_map_dequote(map->map_app));
+		map->map_app = newstr(ldapmap_dequote(map->map_app));
 	if (map->map_tapp != NULL)
-		map->map_tapp = newstr(ldap_map_dequote(map->map_tapp));
-	if (map->map_domain != NULL)
-		map->map_domain = newstr(ldap_map_dequote(map->map_domain));
+		map->map_tapp = newstr(ldapmap_dequote(map->map_tapp));
 
 	/*
 	**  We need to swallow up all the stuff into a struct
 	**  and dump it into map->map_dbptr1
 	*/
 
-	if (lmap->ldaphost != NULL)
-		lmap->ldaphost = newstr(ldap_map_dequote(lmap->ldaphost));
-	else
+	if (lmap->ldap_host != NULL &&
+	    (LDAPDefaults == NULL ||
+	     LDAPDefaults == lmap ||
+	     LDAPDefaults->ldap_host != lmap->ldap_host))
+		lmap->ldap_host = newstr(ldapmap_dequote(lmap->ldap_host));
+	map->map_domain = lmap->ldap_host;
+
+	if (lmap->ldap_binddn != NULL &&
+	    (LDAPDefaults == NULL ||
+	     LDAPDefaults == lmap ||
+	     LDAPDefaults->ldap_binddn != lmap->ldap_binddn))
+		lmap->ldap_binddn = newstr(ldapmap_dequote(lmap->ldap_binddn));
+
+	if (lmap->ldap_secret != NULL &&
+	    (LDAPDefaults == NULL ||
+	     LDAPDefaults == lmap ||
+	     LDAPDefaults->ldap_secret != lmap->ldap_secret))
 	{
-		syserr("LDAP map: -h flag is required");
-		return FALSE;
-	}
+		FILE *sfd;
+		long sff = SFF_OPENASROOT|SFF_ROOTOK|SFF_NOWLINK|SFF_NOWWFILES|SFF_NOGWFILES;
 
-	if (lmap->binddn != NULL)
-		lmap->binddn = newstr(ldap_map_dequote(lmap->binddn));
-	else
-		lmap->binddn = DEFAULT_LDAP_MAP_BINDDN;
+		if (DontLockReadFiles)
+			sff |= SFF_NOLOCK;
 
+		/* need to use method to map secret to passwd string */
+		switch (lmap->ldap_method)
+		{
+		  case LDAP_AUTH_NONE:
+			/* Do nothing */
+			break;
 
-	if (lmap->passwd != NULL)
-		lmap->passwd = newstr(ldap_map_dequote(lmap->passwd));
-	else
-		lmap->passwd = DEFAULT_LDAP_MAP_PASSWD;
+		  case LDAP_AUTH_SIMPLE:
 
-	if (lmap->base != NULL)
-		lmap->base = newstr(ldap_map_dequote(lmap->base));
-	else
-	{
-		syserr("LDAP map: -b flag is required");
-		return FALSE;
+			/*
+			**  Secret is the name of a file with
+			**  the first line as the password.
+			*/
+
+			/* Already read in the secret? */
+			if (secretread)
+				break;
+
+			sfd = safefopen(ldapmap_dequote(lmap->ldap_secret),
+					O_RDONLY, 0, sff);
+			if (sfd == NULL)
+			{
+				syserr("LDAP map: cannot open secret %s",
+				       ldapmap_dequote(lmap->ldap_secret));
+				return FALSE;
+			}
+			lmap->ldap_secret = sfgets(m_tmp, LDAPMAP_MAX_PASSWD,
+						   sfd, 0, "ldapmap_parseargs");
+			(void) fclose(sfd);
+			if (lmap->ldap_secret != NULL &&
+			    strlen(m_tmp) > 0)
+			{
+				/* chomp newline */
+				if (m_tmp[strlen(m_tmp) - 1] == '\n')
+					m_tmp[strlen(m_tmp) - 1] = '\0';
+
+				lmap->ldap_secret = m_tmp;
+			}
+			break;
+
+# ifdef LDAP_AUTH_KRBV4
+		  case LDAP_AUTH_KRBV4:
+
+			/*
+			**  Secret is where the ticket file is
+			**  stashed
+			*/
+
+			snprintf(m_tmp, MAXPATHLEN + LDAPMAP_MAX_PASSWD,
+				 "KRBTKFILE=%s",
+				 ldapmap_dequote(lmap->ldap_secret));
+			lmap->ldap_secret = m_tmp;
+			break;
+# endif /* LDAP_AUTH_KRBV4 */
+
+		  default:	       /* Should NEVER get here */
+			syserr("LDAP map: Illegal value in lmap method");
+			return FALSE;
+			break;
+		}
 	}
 
+	if (lmap->ldap_secret != NULL &&
+	    (LDAPDefaults == NULL ||
+	     LDAPDefaults == lmap ||
+	     LDAPDefaults->ldap_secret != lmap->ldap_secret))
+		lmap->ldap_secret = newstr(ldapmap_dequote(lmap->ldap_secret));
 
-	if (lmap->filter != NULL)
-		lmap->filter = newstr(ldap_map_dequote(lmap->filter));
+	if (lmap->ldap_base != NULL &&
+	    (LDAPDefaults == NULL ||
+	     LDAPDefaults == lmap ||
+	     LDAPDefaults->ldap_base != lmap->ldap_base))
+		lmap->ldap_base = newstr(ldapmap_dequote(lmap->ldap_base));
+
+	/*
+	**  Save the server from extra work.  If request is for a single
+	**  match, tell the server to only return enough records to
+	**  determine if there is a single match or not.  This can not
+	**  be one since the server would only return one and we wouldn't
+	**  know if there were others available.
+	*/
+
+	if (bitset(MF_SINGLEMATCH, map->map_mflags))
+		lmap->ldap_sizelimit = 2;
+
+	/* If setting defaults, don't process ldap_filter and ldap_attr */
+	if (lmap == LDAPDefaults)
+		return TRUE;
+
+	if (lmap->ldap_filter != NULL)
+		lmap->ldap_filter = newstr(ldapmap_dequote(lmap->ldap_filter));
 	else
 	{
 		if (!bitset(MCF_OPTFILE, map->map_class->map_cflags))
@@ -3219,27 +4199,805 @@ ldap_map_parseargs(map,args)
 			return FALSE;
 		}
 	}
-	if (lmap->attr[0] != NULL)
-		lmap->attr[0] = newstr(ldap_map_dequote(lmap->attr[0]));
-	else
+
+	if (lmap->ldap_attr[0] != NULL)
 	{
-		if (!bitset(MCF_OPTFILE, map->map_class->map_cflags))
+		i = 0;
+		p = ldapmap_dequote(lmap->ldap_attr[0]);
+		lmap->ldap_attr[0] = NULL;
+
+		while (p != NULL)
 		{
-			syserr("No return attribute in %s", map->map_mname);
-			return FALSE;
+			char *v;
+
+			while (isascii(*p) && isspace(*p))
+				p++;
+			if (*p == '\0')
+				break;
+			v = p;
+			p = strchr(v, ',');
+			if (p != NULL)
+				*p++ = '\0';
+
+			if (i == LDAPMAP_MAX_ATTR)
+			{
+				syserr("Too many return attributes in %s (max %d)",
+				       map->map_mname, LDAPMAP_MAX_ATTR);
+				return FALSE;
+			}
+			if (*v != '\0')
+				lmap->ldap_attr[i++] = newstr(v);
 		}
+		lmap->ldap_attr[i] = NULL;
 	}
 
 	map->map_db1 = (ARBPTR_T) lmap;
 	return TRUE;
 }
 
-#endif /* LDAP Modules */
+/*
+**  LDAPMAP_CLEAR -- set default values for LDAPMAP_STRUCT
+**
+**	Parameters:
+**		lmap -- pointer to LDAPMAP_STRUCT to clear
+**
+**	Returns:
+**		None.
+**
+*/
+
+static void
+ldapmap_clear(lmap)
+	LDAPMAP_STRUCT *lmap;
+{
+	lmap->ldap_host = NULL;
+	lmap->ldap_port = LDAP_PORT;
+	lmap->ldap_deref = LDAP_DEREF_NEVER;
+	lmap->ldap_timelimit = LDAP_NO_LIMIT;
+	lmap->ldap_sizelimit = LDAP_NO_LIMIT;
+# ifdef LDAP_REFERRALS
+	lmap->ldap_options = LDAP_OPT_REFERRALS;
+# else /* LDAP_REFERRALS */
+	lmap->ldap_options = 0;
+# endif /* LDAP_REFERRALS */
+	lmap->ldap_binddn = NULL;
+	lmap->ldap_secret = NULL;
+	lmap->ldap_method = LDAP_AUTH_SIMPLE;
+	lmap->ldap_base = NULL;
+	lmap->ldap_scope = LDAP_SCOPE_SUBTREE;
+	lmap->ldap_attrsonly = LDAPMAP_FALSE;
+	lmap->ldap_timeout.tv_sec = 0;
+	lmap->ldap_timeout.tv_usec = 0;
+	lmap->ldap_ld = NULL;
+	lmap->ldap_filter = NULL;
+	lmap->ldap_attr[0] = NULL;
+	lmap->ldap_res = NULL;
+}
 /*
-**  syslog map
+**  LDAPMAP_SET_DEFAULTS -- Read default map spec from LDAPDefaults in .cf
+**
+**	Parameters:
+**		spec -- map argument string from LDAPDefaults option
+**
+**	Returns:
+**		None.
+**
+*/
+
+void
+ldapmap_set_defaults(spec)
+	char *spec;
+{
+	MAP map;
+
+	/* Allocate and set the default values */
+	if (LDAPDefaults == NULL)
+		LDAPDefaults = (LDAPMAP_STRUCT *) xalloc(sizeof *LDAPDefaults);
+	ldapmap_clear(LDAPDefaults);
+
+	memset(&map, '\0', sizeof map);
+	map.map_db1 = (ARBPTR_T) LDAPDefaults;
+
+	(void) ldapmap_parseargs(&map, spec);
+
+	/* These should never be set in LDAPDefaults */
+	if (map.map_mflags != (MF_TRY0NULL|MF_TRY1NULL) ||
+	    map.map_spacesub != SpaceSub ||
+	    map.map_app != NULL ||
+	    map.map_tapp != NULL)
+	{
+		syserr("readcf: option LDAPDefaultSpec: Do not set non-LDAP specific flags");
+		if (map.map_app != NULL)
+		{
+			free(map.map_app);
+			map.map_app = NULL;
+		}
+		if (map.map_tapp != NULL)
+		{
+			free(map.map_tapp);
+			map.map_tapp = NULL;
+		}
+	}
+
+	if (LDAPDefaults->ldap_filter != NULL)
+	{
+		syserr("readcf: option LDAPDefaultSpec: Do not set the LDAP search filter");
+		/* don't free, it isn't malloc'ed in parseargs */
+		LDAPDefaults->ldap_filter = NULL;
+	}
+
+	if (LDAPDefaults->ldap_attr[0] != NULL)
+	{
+		syserr("readcf: option LDAPDefaultSpec: Do not set the requested LDAP attributes");
+		/* don't free, they aren't malloc'ed in parseargs */
+		LDAPDefaults->ldap_attr[0] = NULL;
+	}
+}
+#endif /* LDAPMAP */
+/*
+**  PH map
+*/
+
+#ifdef PH_MAP
+
+/*
+**  Support for the CCSO Nameserver (ph/qi).
+**  This code is intended to replace the so-called "ph mailer".
+**  Contributed by Mark D. Roth <roth@uiuc.edu>.  Contact him for support.
+*/
+
+# include <qiapi.h>
+# include <qicode.h>
+
+/*
+**  PH_MAP_PARSEARGS -- parse ph map definition args.
+*/
+
+bool
+ph_map_parseargs(map, args)
+	MAP *map;
+	char *args;
+{
+	int i;
+	register int done;
+	PH_MAP_STRUCT *pmap = NULL;
+	register char *p = args;
+
+	pmap = (PH_MAP_STRUCT *) xalloc(sizeof *pmap);
+
+	/* defaults */
+	pmap->ph_servers = NULL;
+	pmap->ph_field_list = NULL;
+	pmap->ph_to_server = NULL;
+	pmap->ph_from_server = NULL;
+	pmap->ph_sockfd = -1;
+	pmap->ph_timeout = 0;
+
+	map->map_mflags |= MF_TRY0NULL|MF_TRY1NULL;
+	for (;;)
+	{
+		while (isascii(*p) && isspace(*p))
+			p++;
+		if (*p != '-')
+			break;
+		switch (*++p)
+		{
+		  case 'N':
+			map->map_mflags |= MF_INCLNULL;
+			map->map_mflags &= ~MF_TRY0NULL;
+			break;
+
+		  case 'O':
+			map->map_mflags &= ~MF_TRY1NULL;
+			break;
+
+		  case 'o':
+			map->map_mflags |= MF_OPTIONAL;
+			break;
+
+		  case 'f':
+			map->map_mflags |= MF_NOFOLDCASE;
+			break;
+
+		  case 'm':
+			map->map_mflags |= MF_MATCHONLY;
+			break;
+
+		  case 'A':
+			map->map_mflags |= MF_APPEND;
+			break;
+
+		  case 'q':
+			map->map_mflags |= MF_KEEPQUOTES;
+			break;
+
+		  case 't':
+			map->map_mflags |= MF_NODEFER;
+			break;
+
+		  case 'a':
+			map->map_app = ++p;
+			break;
+
+		  case 'T':
+			map->map_tapp = ++p;
+			break;
+
+#if _FFR_PHMAP_TIMEOUT
+		  case 'l':
+			while (isascii(*++p) && isspace(*p))
+				continue;
+			pmap->ph_timeout = atoi(p);
+			break;
+#endif /* _FFR_PHMAP_TIMEOUT */
+
+		  case 'S':
+			map->map_spacesub = *++p;
+			break;
+
+		  case 'D':
+			map->map_mflags |= MF_DEFER;
+			break;
+
+		  case 'h':		/* PH server list */
+			while (isascii(*++p) && isspace(*p))
+				continue;
+			pmap->ph_servers = p;
+			break;
+
+		  case 'v':		/* fields to search for */
+			while (isascii(*++p) && isspace(*p))
+				continue;
+			pmap->ph_field_list = p;
+			break;
+
+		  default:
+			syserr("ph_map_parseargs: unknown option -%c\n", *p);
+		}
+
+		/* try to account for quoted strings */
+		done = isascii(*p) && isspace(*p);
+		while (*p != '\0' && !done)
+		{
+			if (*p == '"')
+			{
+				while (*++p != '"' && *p != '\0')
+					continue;
+				if (*p != '\0')
+					p++;
+			}
+			else
+				p++;
+			done = isascii(*p) && isspace(*p);
+		}
+
+		if (*p != '\0')
+			*p++ = '\0';
+	}
+
+	if (map->map_app != NULL)
+		map->map_app = newstr(ph_map_dequote(map->map_app));
+	if (map->map_tapp != NULL)
+		map->map_tapp = newstr(ph_map_dequote(map->map_tapp));
+
+	if (pmap->ph_field_list != NULL)
+		pmap->ph_field_list = newstr(ph_map_dequote(pmap->ph_field_list));
+	else
+		pmap->ph_field_list = DEFAULT_PH_MAP_FIELDS;
+
+	if (pmap->ph_servers != NULL)
+		pmap->ph_servers = newstr(ph_map_dequote(pmap->ph_servers));
+	else
+	{
+		syserr("ph_map_parseargs: -h flag is required");
+		return FALSE;
+	}
+
+	map->map_db1 = (ARBPTR_T) pmap;
+	return TRUE;
+}
+
+#if _FFR_PHMAP_TIMEOUT
+/*
+**  PH_MAP_CLOSE -- close the connection to the ph server
+*/
+
+static void
+ph_map_safeclose(map)
+	MAP *map;
+{
+	int save_errno = errno;
+	PH_MAP_STRUCT *pmap;
+
+	pmap = (PH_MAP_STRUCT *)map->map_db1;
+
+	if (pmap->ph_sockfd != -1)
+	{
+		(void) close(pmap->ph_sockfd);
+		pmap->ph_sockfd = -1;
+	}
+	if (pmap->ph_from_server != NULL)
+	{
+		(void) fclose(pmap->ph_from_server);
+		pmap->ph_from_server = NULL;
+	}
+	if (pmap->ph_to_server != NULL)
+	{
+		(void) fclose(pmap->ph_to_server);
+		pmap->ph_to_server = NULL;
+	}
+	map->map_mflags &= ~(MF_OPEN|MF_WRITABLE);
+	errno = save_errno;
+}
+
+void
+ph_map_close(map)
+	MAP *map;
+{
+	PH_MAP_STRUCT *pmap;
+
+	pmap = (PH_MAP_STRUCT *)map->map_db1;
+	(void) fprintf(pmap->ph_to_server, "quit\n");
+	(void) fflush(pmap->ph_to_server);
+	ph_map_safeclose(map);
+}
+
+static jmp_buf  PHTimeout;
+
+/* ARGSUSED */
+static void
+ph_timeout_func(sig_no)
+	int sig_no;
+{
+	longjmp(PHTimeout, 1);
+}
+#else /* _FFR_PHMAP_TIMEOUT */
+/*
+**  PH_MAP_CLOSE -- close the connection to the ph server
+*/
+
+void
+ph_map_close(map)
+	MAP *map;
+{
+	PH_MAP_STRUCT *pmap;
+
+	pmap = (PH_MAP_STRUCT *)map->map_db1;
+	CloseQi(pmap->ph_to_server, pmap->ph_from_server);
+	pmap->ph_to_server = NULL;
+	pmap->ph_from_server = NULL;
+}
+#endif /* _FFR_PHMAP_TIMEOUT */
+
+/*
+**  PH_MAP_OPEN -- sub for opening PH map
+*/
+bool
+ph_map_open(map, mode)
+	MAP *map;
+	int mode;
+{
+#if !_FFR_PHMAP_TIMEOUT
+	int save_errno = 0;
+#endif /* !_FFR_PHMAP_TIMEOUT */
+	int j;
+	char *hostlist, *tmp;
+	QIR *server_data = NULL;
+	PH_MAP_STRUCT *pmap;
+#if _FFR_PHMAP_TIMEOUT
+	register EVENT *ev = NULL;
+#endif /* _FFR_PHMAP_TIMEOUT */
+
+	if (tTd(38, 2))
+		dprintf("ph_map_open(%s)\n", map->map_mname);
+
+	mode &= O_ACCMODE;
+	if (mode != O_RDONLY)
+	{
+		/* issue a pseudo-error message */
+# ifdef ENOSYS
+		errno = ENOSYS;
+# else /* ENOSYS */
+#  ifdef EFTYPE
+		errno = EFTYPE;
+#  else /* EFTYPE */
+		errno = ENXIO;
+#  endif /* EFTYPE */
+# endif /* ENOSYS */
+		return FALSE;
+	}
+
+	pmap = (PH_MAP_STRUCT *)map->map_db1;
+
+	hostlist = newstr(pmap->ph_servers);
+	tmp = strtok(hostlist, " ");
+	do
+	{
+#if _FFR_PHMAP_TIMEOUT
+		if (pmap->ph_timeout != 0)
+		{
+			if (setjmp(PHTimeout) != 0)
+			{
+				ev = NULL;
+				if (LogLevel > 1)
+					sm_syslog(LOG_NOTICE, CurEnv->e_id,
+						  "timeout connecting to PH server %.100s",
+						  tmp);
+# ifdef ETIMEDOUT
+				errno = ETIMEDOUT;
+# else /* ETIMEDOUT */
+				errno = 0;
+# endif /* ETIMEDOUT */
+				goto ph_map_open_abort;
+			}
+			ev = setevent(pmap->ph_timeout, ph_timeout_func, 0);
+		}
+		if (!OpenQiSock(tmp, &(pmap->ph_sockfd)) &&
+		    !Sock2FILEs(pmap->ph_sockfd, &(pmap->ph_to_server),
+				&(pmap->ph_from_server)) &&
+		    fprintf(pmap->ph_to_server, "id sendmail+phmap\n") >= 0 &&
+		    fflush(pmap->ph_to_server) == 0 &&
+		    (server_data = ReadQi(pmap->ph_from_server, &j)) != NULL &&
+		    server_data->code == 200)
+		{
+			if (ev != NULL)
+				clrevent(ev);
+			FreeQIR(server_data);
+#else /* _FFR_PHMAP_TIMEOUT */
+		if (OpenQi(tmp, &(pmap->ph_to_server),
+			   &(pmap->ph_from_server)) >= 0)
+		{
+			if (fprintf(pmap->ph_to_server,
+				    "id sendmail+phmap\n") < 0 ||
+			    fflush(pmap->ph_to_server) < 0 ||
+			    (server_data = ReadQi(pmap->ph_from_server,
+						  &j)) == NULL ||
+			    server_data->code != 200)
+			{
+				save_errno = errno;
+				CloseQi(pmap->ph_to_server,
+					pmap->ph_from_server);
+				continue;
+			}
+			if (server_data != NULL)
+				FreeQIR(server_data);
+#endif /* _FFR_PHMAP_TIMEOUT */
+			free(hostlist);
+			return TRUE;
+		}
+#if _FFR_PHMAP_TIMEOUT
+  ph_map_open_abort:
+		if (ev != NULL)
+			clrevent(ev);
+		ph_map_safeclose(map);
+		if (server_data != NULL)
+		{
+			FreeQIR(server_data);
+			server_data = NULL;
+		}
+#else /* _FFR_PHMAP_TIMEOUT */
+		save_errno = errno;
+#endif /* _FFR_PHMAP_TIMEOUT */
+	} while (tmp = strtok(NULL, " "));
+
+#if !_FFR_PHMAP_TIMEOUT
+	errno = save_errno;
+#endif /* !_FFR_PHMAP_TIMEOUT */
+	if (!bitset(MF_OPTIONAL, map->map_mflags))
+	{
+		if (errno == 0 && !bitset(MF_NODEFER,map->map_mflags))
+			errno = EAGAIN;
+		syserr("ph_map_open: cannot connect to PH server");
+	}
+	else if (LogLevel > 1)
+		sm_syslog(LOG_NOTICE, CurEnv->e_id,
+			  "ph_map_open: cannot connect to PH server");
+	free(hostlist);
+	return FALSE;
+}
+
+/*
+**  PH_MAP_LOOKUP -- look up key from ph server
 */
 
-#if _FFR_MAP_SYSLOG
+#if _FFR_PHMAP_TIMEOUT
+# define MAX_PH_FIELDS	20
+#endif /* _FFR_PHMAP_TIMEOUT */
+
+char *
+ph_map_lookup(map, key, args, pstat)
+	MAP *map;
+	char *key;
+	char **args;
+	int *pstat;
+{
+	int j;
+	size_t sz;
+	char *tmp, *tmp2;
+	char *message = NULL, *field = NULL, *fmtkey;
+	QIR *server_data = NULL;
+	QIR *qirp;
+	char keybuf[MAXKEY + 1], fieldbuf[101];
+#if _FFR_PHMAP_TIMEOUT
+	QIR *hold_data[MAX_PH_FIELDS];
+	int hold_data_idx = 0;
+	register EVENT *ev = NULL;
+#endif /* _FFR_PHMAP_TIMEOUT */
+	PH_MAP_STRUCT *pmap;
+
+	pmap = (PH_MAP_STRUCT *)map->map_db1;
+
+	*pstat = EX_OK;
+
+#if _FFR_PHMAP_TIMEOUT
+	if (pmap->ph_timeout != 0)
+	{
+		if (setjmp(PHTimeout) != 0)
+		{
+			ev = NULL;
+			if (LogLevel > 1)
+				sm_syslog(LOG_NOTICE, CurEnv->e_id,
+					  "timeout during PH lookup of %.100s",
+					  key);
+# ifdef ETIMEDOUT
+			errno = ETIMEDOUT;
+# else /* ETIMEDOUT */
+			errno = 0;
+# endif /* ETIMEDOUT */
+			*pstat = EX_TEMPFAIL;
+			goto ph_map_lookup_abort;
+		}
+		ev = setevent(pmap->ph_timeout, ph_timeout_func, 0);
+	}
+
+#endif /* _FFR_PHMAP_TIMEOUT */
+	/* check all relevant fields */
+	tmp = pmap->ph_field_list;
+	do
+	{
+#if _FFR_PHMAP_TIMEOUT
+		server_data = NULL;
+#endif /* _FFR_PHMAP_TIMEOUT */
+		while (isascii(*tmp) && isspace(*tmp))
+			tmp++;
+		if (*tmp == '\0')
+			break;
+		sz = strcspn(tmp, " ") + 1;
+		if (sz > sizeof fieldbuf)
+			sz = sizeof fieldbuf;
+		(void) strlcpy(fieldbuf, tmp, sz);
+		field = fieldbuf;
+		tmp += sz;
+
+		(void) strlcpy(keybuf, key, sizeof keybuf);
+		fmtkey = keybuf;
+		if (strcmp(field, "alias") == 0)
+		{
+			/*
+			**  for alias lookups, replace any punctuation
+			**  characters with '-'
+			*/
+
+			for (tmp2 = fmtkey; *tmp2 !=  '\0'; tmp2++)
+			{
+				if (isascii(*tmp2) && ispunct(*tmp2))
+					*tmp2 = '-';
+			}
+			tmp2 = field;
+		}
+		else if (strcmp(field,"spacedname") == 0)
+		{
+			/*
+			**  for "spaced" name lookups, replace any
+			**  punctuation characters with a space
+			*/
+
+			for (tmp2 = fmtkey; *tmp2 != '\0'; tmp2++)
+			{
+				if (isascii(*tmp2) && ispunct(*tmp2) &&
+				    *tmp2 != '*')
+					*tmp2 = ' ';
+			}
+			tmp2 = &(field[6]);
+		}
+		else
+			tmp2 = field;
+
+		if (LogLevel > 9)
+			sm_syslog(LOG_NOTICE, CurEnv->e_id,
+				  "ph_map_lookup: query %s=\"%s\" return email",
+				  tmp2, fmtkey);
+		if (tTd(38, 20))
+			dprintf("ph_map_lookup: query %s=\"%s\" return email\n",
+				tmp2, fmtkey);
+
+		j = 0;
+
+		if (fprintf(pmap->ph_to_server, "query %s=%s return email\n",
+			    tmp2, fmtkey) < 0)
+			message = "qi query command failed";
+		else if (fflush(pmap->ph_to_server) < 0)
+			message = "qi fflush failed";
+		else if ((server_data = ReadQi(pmap->ph_from_server,
+					       &j)) == NULL)
+			message = "ReadQi() returned NULL";
+
+#if _FFR_PHMAP_TIMEOUT
+		if ((hold_data[hold_data_idx] = server_data) != NULL)
+		{
+			/* save pointer for later free() */
+			hold_data_idx++;
+		}
+#endif /* _FFR_PHMAP_TIMEOUT */
+
+		if (server_data == NULL ||
+		    (server_data->code >= 400 &&
+		     server_data->code < 500))
+		{
+			/* temporary failure */
+			*pstat = EX_TEMPFAIL;
+#if _FFR_PHMAP_TIMEOUT
+			break;
+#else /* _FFR_PHMAP_TIMEOUT */
+			if (server_data != NULL)
+			{
+				FreeQIR(server_data);
+				server_data = NULL;
+			}
+			return NULL;
+#endif /* _FFR_PHMAP_TIMEOUT */
+		}
+
+		/*
+		**  if we found a single match, break out.
+		**  otherwise, try the next field.
+		*/
+
+		if (j == 1)
+			break;
+
+		/*
+		**  check for a single response which is an error:
+		**  ReadQi() doesn't set j on error responses,
+		**  but we should stop here instead of moving on if
+		**  it happens (e.g., alias found but email field empty)
+		*/
+
+		for (qirp = server_data;
+		     qirp != NULL && qirp->code < 0;
+		     qirp++)
+		{
+			if (tTd(38, 20))
+				dprintf("ph_map_lookup: QIR: %d:%d:%d:%s\n",
+					qirp->code, qirp->subcode, qirp->field,
+					(qirp->message ? qirp->message
+					 : "[NULL]"));
+			if (qirp->code <= -500)
+			{
+				j = 0;
+				goto ph_map_lookup_abort;
+			}
+		}
+
+#if _FFR_PHMAP_TIMEOUT
+	} while (*tmp != '\0' && hold_data_idx < MAX_PH_FIELDS);
+#else /* _FFR_PHMAP_TIMEOUT */
+	} while (*tmp != '\0');
+#endif /* _FFR_PHMAP_TIMEOUT */
+
+  ph_map_lookup_abort:
+#if _FFR_PHMAP_TIMEOUT
+	if (ev != NULL)
+		clrevent(ev);
+
+	/*
+	**  Return EX_TEMPFAIL if the timer popped
+	**  or we got a temporary PH error
+	*/
+
+	if (*pstat == EX_TEMPFAIL)
+		ph_map_safeclose(map);
+
+	/* if we didn't find a single match, bail out */
+	if (*pstat == EX_OK && j != 1)
+		*pstat = EX_UNAVAILABLE;
+
+	if (*pstat == EX_OK)
+	{
+		/*
+		** skip leading whitespace and chop at first address
+		*/
+
+		for (tmp = server_data->message;
+		     isascii(*tmp) && isspace(*tmp);
+		     tmp++)
+			continue;
+
+		for (tmp2 = tmp; *tmp2 != '\0'; tmp2++)
+		{
+			if (isascii(*tmp2) && isspace(*tmp2))
+			{
+				*tmp2 = '\0';
+				break;
+			}
+		}
+
+		if (tTd(38,20))
+			dprintf("ph_map_lookup: %s => %s\n", key, tmp);
+
+		if (bitset(MF_MATCHONLY, map->map_mflags))
+			message = map_rewrite(map, key, strlen(key), NULL);
+		else
+			message = map_rewrite(map, tmp, strlen(tmp), args);
+	}
+
+	/*
+	**  Deferred free() of returned server_data values
+	**  the deferral is to avoid the risk of a free() being
+	**  interrupted by the event timer.  By now the timeout event
+	**  has been cleared and none of the data is still in use.
+	*/
+
+	while (--hold_data_idx >= 0)
+	{
+		if (hold_data[hold_data_idx] != NULL)
+			FreeQIR(hold_data[hold_data_idx]);
+	}
+
+	if (*pstat == EX_OK)
+		return message;
+
+	return NULL;
+#else /* _FFR_PHMAP_TIMEOUT */
+	/* if we didn't find a single match, bail out */
+	if (j != 1)
+	{
+		*pstat = EX_UNAVAILABLE;
+		if (server_data != NULL)
+		{
+			FreeQIR(server_data);
+			server_data = NULL;
+		}
+		return NULL;
+	}
+
+	/*
+	** skip leading whitespace and chop at first address
+	*/
+
+	for (tmp = server_data->message;
+	     isascii(*tmp) && isspace(*tmp);
+	     tmp++)
+		continue;
+
+	for (tmp2 = tmp; *tmp2 != '\0'; tmp2++)
+	{
+		if (isascii(*tmp2) && isspace(*tmp2))
+		{
+			*tmp2 = '\0';
+			break;
+		}
+	}
+
+	if (tTd(38,20))
+		dprintf("ph_map_lookup: %s => %s\n", key, tmp);
+
+	if (bitset(MF_MATCHONLY, map->map_mflags))
+		message = map_rewrite(map, key, strlen(key), NULL);
+	else
+		message = map_rewrite(map, tmp, strlen(tmp), args);
+	if (server_data != NULL)
+	{
+		FreeQIR(server_data);
+		server_data = NULL;
+	}
+	return message;
+#endif /* _FFR_PHMAP_TIMEOUT */
+}
+#endif /* PH_MAP */
+/*
+**  syslog map
+*/
 
 #define map_prio	map_lockfd	/* overload field */
 
@@ -3255,18 +5013,42 @@ syslog_map_parseargs(map, args)
 	char *p = args;
 	char *priority = NULL;
 
-	for (;;)
+	/* there is no check whether there is really an argument */
+	while (*p != '\0')
 	{
 		while (isascii(*p) && isspace(*p))
 			p++;
 		if (*p != '-')
 			break;
-		if (*++p == 'L')
-			priority = ++p;
-		while (*p != '\0' && !(isascii(*p) && isspace(*p)))
-			p++;
-		if (*p != '\0')
-			*p++ = '\0';
+		++p;
+		if (*p == 'D')
+		{
+			map->map_mflags |= MF_DEFER;
+			++p;
+		}
+		else if (*p == 'S')
+		{
+			map->map_spacesub = *++p;
+			if (*p != '\0')
+				p++;
+		}
+		else if (*p == 'L')
+		{
+			while (*++p != '\0' && isascii(*p) && isspace(*p))
+				continue;
+			if (*p == '\0')
+				break;
+			priority = p;
+			while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+				p++;
+			if (*p != '\0')
+				*p++ = '\0';
+		}
+		else
+		{
+			syserr("Illegal option %c map syslog", *p);
+			++p;
+		}
 	}
 
 	if (priority == NULL)
@@ -3280,42 +5062,42 @@ syslog_map_parseargs(map, args)
 		if (strcasecmp("EMERG", priority) == 0)
 			map->map_prio = LOG_EMERG;
 		else
-#endif
+#endif /* LOG_EMERG */
 #ifdef LOG_ALERT
 		if (strcasecmp("ALERT", priority) == 0)
 			map->map_prio = LOG_ALERT;
 		else
-#endif
+#endif /* LOG_ALERT */
 #ifdef LOG_CRIT
 		if (strcasecmp("CRIT", priority) == 0)
 			map->map_prio = LOG_CRIT;
 		else
-#endif
+#endif /* LOG_CRIT */
 #ifdef LOG_ERR
 		if (strcasecmp("ERR", priority) == 0)
 			map->map_prio = LOG_ERR;
 		else
-#endif
+#endif /* LOG_ERR */
 #ifdef LOG_WARNING
 		if (strcasecmp("WARNING", priority) == 0)
 			map->map_prio = LOG_WARNING;
 		else
-#endif
+#endif /* LOG_WARNING */
 #ifdef LOG_NOTICE
 		if (strcasecmp("NOTICE", priority) == 0)
 			map->map_prio = LOG_NOTICE;
 		else
-#endif
+#endif /* LOG_NOTICE */
 #ifdef LOG_INFO
 		if (strcasecmp("INFO", priority) == 0)
 			map->map_prio = LOG_INFO;
 		else
-#endif
+#endif /* LOG_INFO */
 #ifdef LOG_DEBUG
 		if (strcasecmp("DEBUG", priority) == 0)
 			map->map_prio = LOG_DEBUG;
 		else
-#endif
+#endif /* LOG_DEBUG */
 		{
 			syserr("syslog_map_parseargs: Unknown priority %s\n",
 			       priority);
@@ -3341,8 +5123,8 @@ syslog_map_lookup(map, string, args, statp)
 	if (ptr != NULL)
 	{
 		if (tTd(38, 20))
-			printf("syslog_map_lookup(%s (priority %d): %s\n",
-			       map->map_mname, map->map_prio, ptr);
+			dprintf("syslog_map_lookup(%s (priority %d): %s\n",
+				map->map_mname, map->map_prio, ptr);
 
 		sm_syslog(map->map_prio, CurEnv->e_id, "%s", ptr);
 	}
@@ -3351,7 +5133,6 @@ syslog_map_lookup(map, string, args, statp)
 	return "";
 }
 
-#endif /* _FFR_MAP_SYSLOG */
 /*
 **  HESIOD Modules
 */
@@ -3364,33 +5145,33 @@ hes_map_open(map, mode)
 	int mode;
 {
 	if (tTd(38, 2))
-		printf("hes_map_open(%s, %s, %d)\n",
+		dprintf("hes_map_open(%s, %s, %d)\n",
 			map->map_mname, map->map_file, mode);
 
 	if (mode != O_RDONLY)
 	{
 		/* issue a pseudo-error message */
-#ifdef ENOSYS
+# ifdef ENOSYS
 		errno = ENOSYS;
-#else
-# ifdef EFTYPE
+# else /* ENOSYS */
+#  ifdef EFTYPE
 		errno = EFTYPE;
-# else
+#  else /* EFTYPE */
 		errno = ENXIO;
-# endif
-#endif
+#  endif /* EFTYPE */
+# endif /* ENOSYS */
 		return FALSE;
 	}
 
-#ifdef HESIOD_INIT
+# ifdef HESIOD_INIT
 	if (HesiodContext != NULL || hesiod_init(&HesiodContext) == 0)
 		return TRUE;
 
 	if (!bitset(MF_OPTIONAL, map->map_mflags))
-		syserr("421 cannot initialize Hesiod map (%s)",
+		syserr("421 4.0.0 cannot initialize Hesiod map (%s)",
 			errstring(errno));
 	return FALSE;
-#else
+# else /* HESIOD_INIT */
 	if (hes_error() == HES_ER_UNINIT)
 		hes_init();
 	switch (hes_error())
@@ -3401,10 +5182,10 @@ hes_map_open(map, mode)
 	}
 
 	if (!bitset(MF_OPTIONAL, map->map_mflags))
-		syserr("421 cannot initialize Hesiod map (%d)", hes_error());
+		syserr("421 4.0.0 cannot initialize Hesiod map (%d)", hes_error());
 
 	return FALSE;
-#endif /* HESIOD_INIT */
+# endif /* HESIOD_INIT */
 }
 
 char *
@@ -3417,7 +5198,7 @@ hes_map_lookup(map, name, av, statp)
 	char **hp;
 
 	if (tTd(38, 20))
-		printf("hes_map_lookup(%s, %s)\n", map->map_file, name);
+		dprintf("hes_map_lookup(%s, %s)\n", map->map_file, name);
 
 	if (name[0] == '\\')
 	{
@@ -3431,24 +5212,24 @@ hes_map_lookup(map, name, av, statp)
 		else
 			np = xalloc(strlen(name) + 2);
 		np[0] = '\\';
-		strcpy(&np[1], name);
-#ifdef HESIOD_INIT
+		(void) strlcpy(&np[1], name, (sizeof nbuf) - 1);
+# ifdef HESIOD_INIT
 		hp = hesiod_resolve(HesiodContext, np, map->map_file);
-#else
+# else /* HESIOD_INIT */
 		hp = hes_resolve(np, map->map_file);
-#endif /* HESIOD_INIT */
+# endif /* HESIOD_INIT */
 		if (np != nbuf)
 			free(np);
 	}
 	else
 	{
-#ifdef HESIOD_INIT
+# ifdef HESIOD_INIT
 		hp = hesiod_resolve(HesiodContext, name, map->map_file);
-#else
+# else /* HESIOD_INIT */
 		hp = hes_resolve(name, map->map_file);
-#endif /* HESIOD_INIT */
+# endif /* HESIOD_INIT */
 	}
-#ifdef HESIOD_INIT
+# ifdef HESIOD_INIT
 	if (hp == NULL)
 		return NULL;
 	if (*hp == NULL)
@@ -3470,7 +5251,7 @@ hes_map_lookup(map, name, av, statp)
 		}
 		return NULL;
 	}
-#else
+# else /* HESIOD_INIT */
 	if (hp == NULL || hp[0] == NULL)
 	{
 		switch (hes_error())
@@ -3493,7 +5274,7 @@ hes_map_lookup(map, name, av, statp)
 		}
 		return NULL;
 	}
-#endif /* HESIOD_INIT */
+# endif /* HESIOD_INIT */
 
 	if (bitset(MF_MATCHONLY, map->map_mflags))
 		return map_rewrite(map, name, strlen(name), NULL);
@@ -3501,7 +5282,7 @@ hes_map_lookup(map, name, av, statp)
 		return map_rewrite(map, hp[0], strlen(hp[0]), av);
 }
 
-#endif
+#endif /* HESIOD */
 /*
 **  NeXT NETINFO Modules
 */
@@ -3511,9 +5292,6 @@ hes_map_lookup(map, name, av, statp)
 # define NETINFO_DEFAULT_DIR		"/aliases"
 # define NETINFO_DEFAULT_PROPERTY	"members"
 
-extern char	*ni_propval __P((char *, char *, char *, char *, int));
-
-
 /*
 **  NI_MAP_OPEN -- open NetInfo Aliases
 */
@@ -3524,7 +5302,7 @@ ni_map_open(map, mode)
 	int mode;
 {
 	if (tTd(38, 2))
-		printf("ni_map_open(%s, %s, %d)\n",
+		dprintf("ni_map_open(%s, %s, %d)\n",
 			map->map_mname, map->map_file, mode);
 	mode &= O_ACCMODE;
 
@@ -3556,7 +5334,7 @@ ni_map_lookup(map, name, av, statp)
 	char *propval;
 
 	if (tTd(38, 20))
-		printf("ni_map_lookup(%s, %s)\n", map->map_mname, name);
+		dprintf("ni_map_lookup(%s, %s)\n", map->map_mname, name);
 
 	propval = ni_propval(map->map_file, map->map_keycolnm, name,
 			     map->map_valcolnm, map->map_coldelim);
@@ -3573,7 +5351,7 @@ ni_map_lookup(map, name, av, statp)
 }
 
 
-bool
+static bool
 ni_getcanonname(name, hbsize, statp)
 	char *name;
 	int hbsize;
@@ -3584,14 +5362,13 @@ ni_getcanonname(name, hbsize, statp)
 	char nbuf[MAXNAME + 1];
 
 	if (tTd(38, 20))
-		printf("ni_getcanonname(%s)\n", name);
+		dprintf("ni_getcanonname(%s)\n", name);
 
-	if (strlen(name) >= sizeof nbuf)
+	if (strlcpy(nbuf, name, sizeof nbuf) >= sizeof nbuf)
 	{
 		*statp = EX_UNAVAILABLE;
 		return FALSE;
 	}
-	(void) strcpy(nbuf, name);
 	shorten_hostname(nbuf);
 
 	/* we only accept single token search key */
@@ -3616,7 +5393,8 @@ ni_getcanonname(name, hbsize, statp)
 
 	if (hbsize >= strlen(vptr))
 	{
-		strcpy(name, vptr);
+		(void) strlcpy(name, vptr, hbsize);
+		free(vptr);
 		*statp = EX_OK;
 		return TRUE;
 	}
@@ -3646,7 +5424,7 @@ ni_getcanonname(name, hbsize, statp)
 **			1. the directory is not found
 **			2. the property name is not found
 **			3. the property contains multiple values
-**			4. some error occured
+**			4. some error occurred
 **		else -- the value of the lookup.
 **
 **	Example:
@@ -3654,14 +5432,14 @@ ni_getcanonname(name, hbsize, statp)
 **		  ni_propval("/aliases", "name", aliasname, "members", ',')
 **
 **	Notes:
-**      	Caller should free the return value of ni_proval
+**		Caller should free the return value of ni_proval
 */
 
 # include <netinfo/ni.h>
 
-# define LOCAL_NETINFO_DOMAIN    "."
-# define PARENT_NETINFO_DOMAIN   ".."
-# define MAX_NI_LEVELS           256
+# define LOCAL_NETINFO_DOMAIN	"."
+# define PARENT_NETINFO_DOMAIN	".."
+# define MAX_NI_LEVELS		256
 
 char *
 ni_propval(keydir, keyprop, keyval, valprop, sepchar)
@@ -3673,7 +5451,7 @@ ni_propval(keydir, keyprop, keyval, valprop, sepchar)
 {
 	char *propval = NULL;
 	int i;
-	int j, alen;
+	int j, alen, l;
 	void *ni = NULL;
 	void *lastni = NULL;
 	ni_status nis;
@@ -3692,19 +5470,19 @@ ni_propval(keydir, keyprop, keyval, valprop, sepchar)
 	i = strlen(keydir) + strlen(keyval) + 2;
 	if (keyprop != NULL)
 		i += strlen(keyprop) + 1;
-	if (i > sizeof keybuf)
+	if (i >= sizeof keybuf)
 		return NULL;
-	strcpy(keybuf, keydir);
-	strcat(keybuf, "/");
+	(void) strlcpy(keybuf, keydir, sizeof keybuf);
+	(void) strlcat(keybuf, "/", sizeof keybuf);
 	if (keyprop != NULL)
 	{
-		strcat(keybuf, keyprop);
-		strcat(keybuf, "=");
+		(void) strlcat(keybuf, keyprop, sizeof keybuf);
+		(void) strlcat(keybuf, "=", sizeof keybuf);
 	}
-	strcat(keybuf, keyval);
+	(void) strlcat(keybuf, keyval, sizeof keybuf);
 
 	if (tTd(38, 21))
-		printf("ni_propval(%s, %s, %s, %s, %d) keybuf='%s'\n",
+		dprintf("ni_propval(%s, %s, %s, %s, %d) keybuf='%s'\n",
 			keydir, keyprop, keyval, valprop, sepchar, keybuf);
 	/*
 	**  If the passed directory and property name are found
@@ -3720,7 +5498,7 @@ ni_propval(keydir, keyprop, keyval, valprop, sepchar)
 		{
 			nis = ni_open(NULL, LOCAL_NETINFO_DOMAIN, &ni);
 			if (tTd(38, 20))
-				printf("ni_open(LOCAL) = %d\n", nis);
+				dprintf("ni_open(LOCAL) = %d\n", nis);
 		}
 		else
 		{
@@ -3729,7 +5507,7 @@ ni_propval(keydir, keyprop, keyval, valprop, sepchar)
 			lastni = ni;
 			nis = ni_open(lastni, PARENT_NETINFO_DOMAIN, &ni);
 			if (tTd(38, 20))
-				printf("ni_open(PARENT) = %d\n", nis);
+				dprintf("ni_open(PARENT) = %d\n", nis);
 		}
 
 		/*
@@ -3758,7 +5536,9 @@ ni_propval(keydir, keyprop, keyval, valprop, sepchar)
 			continue;
 
 		if (tTd(38, 20))
-			printf("ni_lookupprop: len=%d\n", ninl.ni_namelist_len);
+			dprintf("ni_lookupprop: len=%d\n",
+				ninl.ni_namelist_len);
+
 		/*
 		**  See if we have an acceptable number of values.
 		*/
@@ -3782,9 +5562,11 @@ ni_propval(keydir, keyprop, keyval, valprop, sepchar)
 		propval = p = xalloc(alen);
 		for (j = 0; j < ninl.ni_namelist_len; j++)
 		{
-			strcpy(p, ninl.ni_namelist_val[j]);
-			p += strlen(p);
+			(void) strlcpy(p, ninl.ni_namelist_val[j], alen);
+			l = strlen(p);
+			p += l;
 			*p++ = sepchar;
+			alen -= l + 1;
 		}
 		*--p = '\0';
 
@@ -3800,7 +5582,7 @@ ni_propval(keydir, keyprop, keyval, valprop, sepchar)
 	if (lastni != NULL && ni != lastni)
 		ni_free(lastni);
 	if (tTd(38, 20))
-		printf("ni_propval returns: '%s'\n", propval);
+		dprintf("ni_propval returns: '%s'\n", propval);
 
 	return propval;
 }
@@ -3824,11 +5606,11 @@ text_map_open(map, mode)
 	MAP *map;
 	int mode;
 {
-	int sff;
+	long sff;
 	int i;
 
 	if (tTd(38, 2))
-		printf("text_map_open(%s, %s, %d)\n",
+		dprintf("text_map_open(%s, %s, %d)\n",
 			map->map_mname, map->map_file, mode);
 
 	mode &= O_ACCMODE;
@@ -3853,16 +5635,19 @@ text_map_open(map, mode)
 	}
 
 	sff = SFF_ROOTOK|SFF_REGONLY;
-	if (!bitset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail))
+	if (!bitnset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail))
 		sff |= SFF_NOWLINK;
-	if (!bitset(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail))
+	if (!bitnset(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail))
 		sff |= SFF_SAFEDIRPATH;
 	if ((i = safefile(map->map_file, RunAsUid, RunAsGid, RunAsUserName,
 			  sff, S_IRUSR, NULL)) != 0)
 	{
+		int save_errno = errno;
+
 		/* cannot open this map */
 		if (tTd(38, 2))
-			printf("\tunsafe map file: %d\n", i);
+			dprintf("\tunsafe map file: %d\n", i);
+		errno = save_errno;
 		if (!bitset(MF_OPTIONAL, map->map_mflags))
 			syserr("text map \"%s\": unsafe map file %s",
 				map->map_mname, map->map_file);
@@ -3899,12 +5684,12 @@ text_map_open(map, mode)
 
 	if (tTd(38, 2))
 	{
-		printf("text_map_open(%s, %s): delimiter = ",
+		dprintf("text_map_open(%s, %s): delimiter = ",
 			map->map_mname, map->map_file);
 		if (map->map_coldelim == '\0')
-			printf("(white space)\n");
+			dprintf("(white space)\n");
 		else
-			printf("%c\n", map->map_coldelim);
+			dprintf("%c\n", map->map_coldelim);
 	}
 
 	map->map_sff = sff;
@@ -3930,20 +5715,19 @@ text_map_lookup(map, name, av, statp)
 	char delim;
 	int key_idx;
 	bool found_it;
-	int sff = map->map_sff;
+	long sff = map->map_sff;
 	char search_key[MAXNAME + 1];
 	char linebuf[MAXLINE];
 	char buf[MAXNAME + 1];
-	extern char *get_column __P((char *, int, char, char *, int));
 
 	found_it = FALSE;
 	if (tTd(38, 20))
-		printf("text_map_lookup(%s, %s)\n", map->map_mname,  name);
+		dprintf("text_map_lookup(%s, %s)\n", map->map_mname,  name);
 
 	buflen = strlen(name);
 	if (buflen > sizeof search_key - 1)
 		buflen = sizeof search_key - 1;
-	bcopy(name, search_key, buflen);
+	memmove(search_key, name, buflen);
 	search_key[buflen] = '\0';
 	if (!bitset(MF_NOFOLDCASE, map->map_mflags))
 		makelower(search_key);
@@ -3974,7 +5758,7 @@ text_map_lookup(map, name, av, statp)
 			break;
 		}
 	}
-	fclose(f);
+	(void) fclose(f);
 	if (!found_it)
 	{
 		*statp = EX_NOTFOUND;
@@ -3994,12 +5778,11 @@ text_map_lookup(map, name, av, statp)
 		return map_rewrite(map, vp, vsize, av);
 }
 
-
 /*
 **  TEXT_GETCANONNAME -- look up canonical name in hosts file
 */
 
-bool
+static bool
 text_getcanonname(name, hbsize, statp)
 	char *name;
 	int hbsize;
@@ -4012,14 +5795,14 @@ text_getcanonname(name, hbsize, statp)
 	char nbuf[MAXNAME + 1];
 
 	if (tTd(38, 20))
-		printf("text_getcanonname(%s)\n", name);
+		dprintf("text_getcanonname(%s)\n", name);
 
 	if (strlen(name) >= (SIZE_T) sizeof nbuf)
 	{
 		*statp = EX_UNAVAILABLE;
 		return FALSE;
 	}
-	(void) strcpy(nbuf, name);
+	(void) strlcpy(nbuf, name, sizeof nbuf);
 	shorten_hostname(nbuf);
 
 	f = fopen(HostsFile, "r");
@@ -4038,7 +5821,7 @@ text_getcanonname(name, hbsize, statp)
 		if (linebuf[0] != '\0')
 			found = extract_canonname(nbuf, linebuf, cbuf, sizeof cbuf);
 	}
-	fclose(f);
+	(void) fclose(f);
 	if (!found)
 	{
 		*statp = EX_NOHOST;
@@ -4047,7 +5830,7 @@ text_getcanonname(name, hbsize, statp)
 
 	if ((SIZE_T) hbsize >= strlen(cbuf))
 	{
-		strcpy(name, cbuf);
+		(void) strlcpy(name, cbuf, hbsize);
 		*statp = EX_OK;
 		return TRUE;
 	}
@@ -4074,13 +5857,13 @@ stab_map_lookup(map, name, av, pstat)
 	register STAB *s;
 
 	if (tTd(38, 20))
-		printf("stab_lookup(%s, %s)\n",
+		dprintf("stab_lookup(%s, %s)\n",
 			map->map_mname, name);
 
 	s = stab(name, ST_ALIAS, ST_FIND);
 	if (s != NULL)
-		return (s->s_alias);
-	return (NULL);
+		return s->s_alias;
+	return NULL;
 }
 
 
@@ -4116,11 +5899,11 @@ stab_map_open(map, mode)
 	int mode;
 {
 	FILE *af;
-	int sff;
+	long sff;
 	struct stat st;
 
 	if (tTd(38, 2))
-		printf("stab_map_open(%s, %s, %d)\n",
+		dprintf("stab_map_open(%s, %s, %d)\n",
 			map->map_mname, map->map_file, mode);
 
 	mode &= O_ACCMODE;
@@ -4131,9 +5914,9 @@ stab_map_open(map, mode)
 	}
 
 	sff = SFF_ROOTOK|SFF_REGONLY;
-	if (!bitset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail))
+	if (!bitnset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail))
 		sff |= SFF_NOWLINK;
-	if (!bitset(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail))
+	if (!bitnset(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail))
 		sff |= SFF_SAFEDIRPATH;
 	af = safefopen(map->map_file, O_RDONLY, 0444, sff);
 	if (af == NULL)
@@ -4142,7 +5925,7 @@ stab_map_open(map, mode)
 
 	if (fstat(fileno(af), &st) >= 0)
 		map->map_mtime = st.st_mtime;
-	fclose(af);
+	(void) fclose(af);
 
 	return TRUE;
 }
@@ -4165,17 +5948,17 @@ impl_map_lookup(map, name, av, pstat)
 	int *pstat;
 {
 	if (tTd(38, 20))
-		printf("impl_map_lookup(%s, %s)\n",
+		dprintf("impl_map_lookup(%s, %s)\n",
 			map->map_mname, name);
 
 #ifdef NEWDB
 	if (bitset(MF_IMPL_HASH, map->map_mflags))
 		return db_map_lookup(map, name, av, pstat);
-#endif
+#endif /* NEWDB */
 #ifdef NDBM
 	if (bitset(MF_IMPL_NDBM, map->map_mflags))
 		return ndbm_map_lookup(map, name, av, pstat);
-#endif
+#endif /* NDBM */
 	return stab_map_lookup(map, name, av, pstat);
 }
 
@@ -4190,16 +5973,16 @@ impl_map_store(map, lhs, rhs)
 	char *rhs;
 {
 	if (tTd(38, 12))
-		printf("impl_map_store(%s, %s, %s)\n",
+		dprintf("impl_map_store(%s, %s, %s)\n",
 			map->map_mname, lhs, rhs);
 #ifdef NEWDB
 	if (bitset(MF_IMPL_HASH, map->map_mflags))
 		db_map_store(map, lhs, rhs);
-#endif
+#endif /* NEWDB */
 #ifdef NDBM
 	if (bitset(MF_IMPL_NDBM, map->map_mflags))
 		ndbm_map_store(map, lhs, rhs);
-#endif
+#endif /* NDBM */
 	stab_map_store(map, lhs, rhs);
 }
 
@@ -4213,7 +5996,7 @@ impl_map_open(map, mode)
 	int mode;
 {
 	if (tTd(38, 2))
-		printf("impl_map_open(%s, %s, %d)\n",
+		dprintf("impl_map_open(%s, %s, %d)\n",
 			map->map_mname, map->map_file, mode);
 
 	mode &= O_ACCMODE;
@@ -4223,12 +6006,12 @@ impl_map_open(map, mode)
 	{
 # ifdef NDBM_YP_COMPAT
 		if (mode == O_RDONLY || strstr(map->map_file, "/yp/") == NULL)
-# endif
+# endif /* NDBM_YP_COMPAT */
 			return TRUE;
 	}
 	else
 		map->map_mflags &= ~MF_IMPL_HASH;
-#endif
+#endif /* NEWDB */
 #ifdef NDBM
 	map->map_mflags |= MF_IMPL_NDBM;
 	if (ndbm_map_open(map, mode))
@@ -4237,17 +6020,17 @@ impl_map_open(map, mode)
 	}
 	else
 		map->map_mflags &= ~MF_IMPL_NDBM;
-#endif
+#endif /* NDBM */
 
 #if defined(NEWDB) || defined(NDBM)
 	if (Verbose)
 		message("WARNING: cannot open alias database %s%s",
 			map->map_file,
 			mode == O_RDONLY ? "; reading text version" : "");
-#else
+#else /* defined(NEWDB) || defined(NDBM) */
 	if (mode != O_RDONLY)
 		usrerr("Cannot rebuild aliases: no database format defined");
-#endif
+#endif /* defined(NEWDB) || defined(NDBM) */
 
 	if (mode == O_RDONLY)
 		return stab_map_open(map, mode);
@@ -4265,7 +6048,7 @@ impl_map_close(map)
 	MAP *map;
 {
 	if (tTd(38, 9))
-		printf("impl_map_close(%s, %s, %lx)\n",
+		dprintf("impl_map_close(%s, %s, %lx)\n",
 			map->map_mname, map->map_file, map->map_mflags);
 #ifdef NEWDB
 	if (bitset(MF_IMPL_HASH, map->map_mflags))
@@ -4273,7 +6056,7 @@ impl_map_close(map)
 		db_map_close(map);
 		map->map_mflags &= ~MF_IMPL_HASH;
 	}
-#endif
+#endif /* NEWDB */
 
 #ifdef NDBM
 	if (bitset(MF_IMPL_NDBM, map->map_mflags))
@@ -4281,7 +6064,7 @@ impl_map_close(map)
 		ndbm_map_close(map);
 		map->map_mflags &= ~MF_IMPL_NDBM;
 	}
-#endif
+#endif /* NDBM */
 }
 /*
 **  User map class.
@@ -4301,7 +6084,7 @@ user_map_open(map, mode)
 	int mode;
 {
 	if (tTd(38, 2))
-		printf("user_map_open(%s, %d)\n",
+		dprintf("user_map_open(%s, %d)\n",
 			map->map_mname, mode);
 
 	mode &= O_ACCMODE;
@@ -4310,16 +6093,17 @@ user_map_open(map, mode)
 		/* issue a pseudo-error message */
 #ifdef ENOSYS
 		errno = ENOSYS;
-#else
+#else /* ENOSYS */
 # ifdef EFTYPE
 		errno = EFTYPE;
-# else
+# else /* EFTYPE */
 		errno = ENXIO;
-# endif
-#endif
+# endif /* EFTYPE */
+#endif /* ENOSYS */
 		return FALSE;
 	}
 	if (map->map_valcolnm == NULL)
+		/* EMPTY */
 		/* nothing */ ;
 	else if (strcasecmp(map->map_valcolnm, "name") == 0)
 		map->map_valcolno = 1;
@@ -4361,7 +6145,7 @@ user_map_lookup(map, key, av, statp)
 	auto bool fuzzy;
 
 	if (tTd(38, 20))
-		printf("user_map_lookup(%s, %s)\n",
+		dprintf("user_map_lookup(%s, %s)\n",
 			map->map_mname, key);
 
 	pw = finduser(key, &fuzzy);
@@ -4386,12 +6170,12 @@ user_map_lookup(map, key, av, statp)
 			break;
 
 		  case 3:
-			snprintf(buf, sizeof buf, "%d", pw->pw_uid);
+			snprintf(buf, sizeof buf, "%d", (int) pw->pw_uid);
 			rwval = buf;
 			break;
 
 		  case 4:
-			snprintf(buf, sizeof buf, "%d", pw->pw_gid);
+			snprintf(buf, sizeof buf, "%d", (int) pw->pw_gid);
 			rwval = buf;
 			break;
 
@@ -4426,16 +6210,17 @@ prog_map_lookup(map, name, av, statp)
 	int *statp;
 {
 	int i;
-	register char *p;
+	int save_errno;
 	int fd;
+	int status;
 	auto pid_t pid;
+	register char *p;
 	char *rval;
-	int stat;
 	char *argv[MAXPV + 1];
 	char buf[MAXLINE];
 
 	if (tTd(38, 20))
-		printf("prog_map_lookup(%s, %s) %s\n",
+		dprintf("prog_map_lookup(%s, %s) %s\n",
 			map->map_mname, name, map->map_file);
 
 	i = 0;
@@ -4454,10 +6239,10 @@ prog_map_lookup(map, name, av, statp)
 	argv[i] = NULL;
 	if (tTd(38, 21))
 	{
-		printf("prog_open:");
+		dprintf("prog_open:");
 		for (i = 0; argv[i] != NULL; i++)
-			printf(" %s", argv[i]);
-		printf("\n");
+			dprintf(" %s", argv[i]);
+		dprintf("\n");
 	}
 	(void) blocksignal(SIGCHLD);
 	pid = prog_open(argv, &fd, CurEnv);
@@ -4467,7 +6252,7 @@ prog_map_lookup(map, name, av, statp)
 			syserr("prog_map_lookup(%s) failed (%s) -- closing",
 				map->map_mname, errstring(errno));
 		else if (tTd(38, 9))
-			printf("prog_map_lookup(%s) failed (%s) -- closing",
+			dprintf("prog_map_lookup(%s) failed (%s) -- closing",
 				map->map_mname, errstring(errno));
 		map->map_mflags &= ~(MF_VALID|MF_OPEN);
 		*statp = EX_OSFILE;
@@ -4483,7 +6268,7 @@ prog_map_lookup(map, name, av, statp)
 	else if (i == 0)
 	{
 		if (tTd(38, 20))
-			printf("prog_map_lookup(%s): empty answer\n",
+			dprintf("prog_map_lookup(%s): empty answer\n",
 				map->map_mname);
 		rval = NULL;
 	}
@@ -4506,26 +6291,28 @@ prog_map_lookup(map, name, av, statp)
 	}
 
 	/* wait for the process to terminate */
-	close(fd);
-	stat = waitfor(pid);
+	(void) close(fd);
+	status = waitfor(pid);
+	save_errno = errno;
 	(void) releasesignal(SIGCHLD);
+	errno = save_errno;
 
-	if (stat == -1)
+	if (status == -1)
 	{
 		syserr("prog_map_lookup(%s): wait error %s\n",
 			map->map_mname, errstring(errno));
 		*statp = EX_SOFTWARE;
 		rval = NULL;
 	}
-	else if (WIFEXITED(stat))
+	else if (WIFEXITED(status))
 	{
-		if ((*statp = WEXITSTATUS(stat)) != EX_OK)
+		if ((*statp = WEXITSTATUS(status)) != EX_OK)
 			rval = NULL;
 	}
 	else
 	{
 		syserr("prog_map_lookup(%s): child died on signal %d",
-			map->map_mname, stat);
+			map->map_mname, status);
 		*statp = EX_UNAVAILABLE;
 		rval = NULL;
 	}
@@ -4560,7 +6347,7 @@ seq_map_parse(map, ap)
 	int maxmap;
 
 	if (tTd(38, 2))
-		printf("seq_map_parse(%s, %s)\n", map->map_mname, ap);
+		dprintf("seq_map_parse(%s, %s)\n", map->map_mname, ap);
 	maxmap = 0;
 	while (*ap != '\0')
 	{
@@ -4570,7 +6357,9 @@ seq_map_parse(map, ap)
 		/* find beginning of map name */
 		while (isascii(*ap) && isspace(*ap))
 			ap++;
-		for (p = ap; isascii(*p) && isalnum(*p); p++)
+		for (p = ap;
+		     (isascii(*p) && isalnum(*p)) || *p == '_' || *p == '.';
+		     p++)
 			continue;
 		if (*p != '\0')
 			*p++ = '\0';
@@ -4624,16 +6413,16 @@ switch_map_open(map, mode)
 	char *maptype[MAXMAPSTACK];
 
 	if (tTd(38, 2))
-		printf("switch_map_open(%s, %s, %d)\n",
+		dprintf("switch_map_open(%s, %s, %d)\n",
 			map->map_mname, map->map_file, mode);
 
 	mode &= O_ACCMODE;
 	nmaps = switch_map_find(map->map_file, maptype, map->map_return);
 	if (tTd(38, 19))
 	{
-		printf("\tswitch_map_find => %d\n", nmaps);
+		dprintf("\tswitch_map_find => %d\n", nmaps);
 		for (mapno = 0; mapno < nmaps; mapno++)
-			printf("\t\t%s\n", maptype[mapno]);
+			dprintf("\t\t%s\n", maptype[mapno]);
 	}
 	if (nmaps <= 0 || nmaps > MAXMAPSTACK)
 		return FALSE;
@@ -4657,7 +6446,7 @@ switch_map_open(map, mode)
 		{
 			map->map_stack[mapno] = &s->s_map;
 			if (tTd(38, 4))
-				printf("\tmap_stack[%d] = %s:%s\n",
+				dprintf("\tmap_stack[%d] = %s:%s\n",
 					mapno, s->s_map.map_class->map_cname,
 					nbuf);
 		}
@@ -4677,7 +6466,7 @@ seq_map_close(map)
 	int mapno;
 
 	if (tTd(38, 9))
-		printf("seq_map_close(%s)\n", map->map_mname);
+		dprintf("seq_map_close(%s)\n", map->map_mname);
 
 	for (mapno = 0; mapno < MAXMAPSTACK; mapno++)
 	{
@@ -4707,7 +6496,7 @@ seq_map_lookup(map, key, args, pstat)
 	bool tempfail = FALSE;
 
 	if (tTd(38, 20))
-		printf("seq_map_lookup(%s, %s)\n", map->map_mname, key);
+		dprintf("seq_map_lookup(%s, %s)\n", map->map_mname, key);
 
 	for (mapno = 0; mapno < MAXMAPSTACK; mapbit <<= 1, mapno++)
 	{
@@ -4716,7 +6505,8 @@ seq_map_lookup(map, key, args, pstat)
 
 		if (mm == NULL)
 			continue;
-		if (!bitset(MF_OPEN, mm->map_mflags))
+		if (!bitset(MF_OPEN, mm->map_mflags) &&
+		    !openmap(mm))
 		{
 			if (bitset(mapbit, map->map_return[MA_UNAVAIL]))
 			{
@@ -4759,7 +6549,7 @@ seq_map_store(map, key, val)
 	int mapno;
 
 	if (tTd(38, 12))
-		printf("seq_map_store(%s, %s, %s)\n",
+		dprintf("seq_map_store(%s, %s, %s)\n",
 			map->map_mname, key, val);
 
 	for (mapno = 0; mapno < MAXMAPSTACK; mapno++)
@@ -4840,6 +6630,39 @@ MAPCLASS	BogusMapClass =
 	null_map_open,	null_map_close,
 };
 /*
+**  MACRO modules
+*/
+
+char *
+macro_map_lookup(map, name, av, statp)
+	MAP *map;
+	char *name;
+	char **av;
+	int *statp;
+{
+	int mid;
+
+	if (tTd(38, 20))
+		dprintf("macro_map_lookup(%s, %s)\n", map->map_mname,
+			name == NULL ? "NULL" : name);
+
+	if (name == NULL ||
+	    *name == '\0' ||
+	    (mid = macid(name, NULL)) == '\0')
+	{
+		*statp = EX_CONFIG;
+		return NULL;
+	}
+
+	if (av[1] == NULL)
+		define(mid, NULL, CurEnv);
+	else
+		define(mid, newstr(av[1]), CurEnv);
+
+	*statp = EX_OK;
+	return "";
+}
+/*
 **  REGEX modules
 */
 
@@ -4854,13 +6677,13 @@ MAPCLASS	BogusMapClass =
 # define ERRBUF_SIZE	80
 # define MAX_MATCH	32
 
-# define xnalloc(s)	memset(xalloc(s), 0, s);
+# define xnalloc(s)	memset(xalloc(s), '\0', s);
 
 struct regex_map
 {
-	regex_t	pattern_buf;		/* xalloc it */
+	regex_t	regex_pattern_buf;	/* xalloc it */
 	int	*regex_subfields;	/* move to type MAP */
-	char	*delim;			/* move to type MAP */
+	char	*regex_delim;		/* move to type MAP */
 };
 
 static int
@@ -4927,17 +6750,17 @@ regex_map_init(map, ap)
 	static char defdstr[] = { (char)DEFAULT_DELIM, '\0' };
 
 	if (tTd(38, 2))
-		printf("regex_map_init: mapname '%s', args '%s'\n",
-				map->map_mname, ap);
+		dprintf("regex_map_init: mapname '%s', args '%s'\n",
+			map->map_mname, ap);
 
 	pflags = REG_ICASE | REG_EXTENDED | REG_NOSUB;
 
 	p = ap;
 
-	map_p = (struct regex_map *) xnalloc(sizeof(struct regex_map));
+	map_p = (struct regex_map *) xnalloc(sizeof *map_p);
 
 	for (;;)
-        {
+	{
 		while (isascii(*p) && isspace(*p))
 			p++;
 		if (*p != '-')
@@ -4963,7 +6786,7 @@ regex_map_init(map, ap)
 			break;
 
 		  case 'd':	/* delimiter */
-			map_p->delim = ++p;
+			map_p->regex_delim = ++p;
 			break;
 
 		  case 'a':	/* map append */
@@ -4974,21 +6797,30 @@ regex_map_init(map, ap)
 			map->map_mflags |= MF_MATCHONLY;
 			break;
 
+		  case 'S':
+			map->map_spacesub = *++p;
+			break;
+
+		  case 'D':
+			map->map_mflags |= MF_DEFER;
+			break;
+
 		}
-                while (*p != '\0' && !(isascii(*p) && isspace(*p)))
-                        p++;
-                if (*p != '\0')
-                        *p++ = '\0';
+		while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+			p++;
+		if (*p != '\0')
+			*p++ = '\0';
 	}
 	if (tTd(38, 3))
-		printf("regex_map_init: compile '%s' 0x%x\n", p, pflags);
+		dprintf("regex_map_init: compile '%s' 0x%x\n", p, pflags);
 
-	if ((regerr = regcomp(&(map_p->pattern_buf), p, pflags)) != 0)
+	if ((regerr = regcomp(&(map_p->regex_pattern_buf), p, pflags)) != 0)
 	{
 		/* Errorhandling */
 		char errbuf[ERRBUF_SIZE];
 
-		regerror(regerr, &(map_p->pattern_buf), errbuf, ERRBUF_SIZE);
+		(void) regerror(regerr, &(map_p->regex_pattern_buf),
+			 errbuf, ERRBUF_SIZE);
 		syserr("pattern-compile-error: %s\n", errbuf);
 		free(map_p);
 		return FALSE;
@@ -4996,21 +6828,22 @@ regex_map_init(map, ap)
 
 	if (map->map_app != NULL)
 		map->map_app = newstr(map->map_app);
-	if (map_p->delim != NULL)
-		map_p->delim = newstr(map_p->delim);
+	if (map_p->regex_delim != NULL)
+		map_p->regex_delim = newstr(map_p->regex_delim);
 	else
-		map_p->delim = defdstr;
+		map_p->regex_delim = defdstr;
 
 	if (!bitset(REG_NOSUB, pflags))
 	{
 		/* substring matching */
 		int substrings;
-		int *fields = (int *)xalloc(sizeof(int) * (MAX_MATCH + 1));
+		int *fields = (int *) xalloc(sizeof(int) * (MAX_MATCH + 1));
 
-		substrings = map_p->pattern_buf.re_nsub + 1;
+		substrings = map_p->regex_pattern_buf.re_nsub + 1;
 
 		if (tTd(38, 3))
-			printf("regex_map_init: nr of substrings %d\n", substrings);
+			dprintf("regex_map_init: nr of substrings %d\n",
+				substrings);
 
 		if (substrings >= MAX_MATCH)
 		{
@@ -5027,7 +6860,7 @@ regex_map_init(map, ap)
 		}
 		else
 		{
-			/* set default fields  */
+			/* set default fields */
 			int i;
 
 			for (i = 0; i < substrings; i++)
@@ -5039,10 +6872,10 @@ regex_map_init(map, ap)
 		{
 			int *ip;
 
-			printf("regex_map_init: subfields");
+			dprintf("regex_map_init: subfields");
 			for (ip = fields; *ip != END_OF_FIELDS; ip++)
-				printf(" %d", *ip);
-			printf("\n");
+				dprintf(" %d", *ip);
+			dprintf("\n");
 		}
 	}
 	map->map_db1 = (ARBPTR_T)map_p;	/* dirty hack */
@@ -5078,13 +6911,14 @@ regex_map_lookup(map, name, av, statp)
 	{
 		char **cpp;
 
-		printf("regex_map_lookup: key '%s'\n", name);
-		for (cpp = av; cpp && *cpp; cpp++)
-			printf("regex_map_lookup: arg '%s'\n", *cpp);
+		dprintf("regex_map_lookup: key '%s'\n", name);
+		for (cpp = av; cpp != NULL && *cpp != NULL; cpp++)
+			dprintf("regex_map_lookup: arg '%s'\n", *cpp);
 	}
 
 	map_p = (struct regex_map *)(map->map_db1);
-	reg_res = regexec(&(map_p->pattern_buf), name, MAX_MATCH, pmatch, 0);
+	reg_res = regexec(&(map_p->regex_pattern_buf),
+			  name, MAX_MATCH, pmatch, 0);
 
 	if (bitset(MF_REGEX_NOT, map->map_mflags))
 	{
@@ -5115,7 +6949,7 @@ regex_map_lookup(map, name, av, statp)
 		if (av[1] != NULL)
 		{
 			if (parse_fields(av[1], fields, MAX_MATCH + 1,
-				 (int) map_p->pattern_buf.re_nsub + 1) == -1)
+					 (int) map_p->regex_pattern_buf.re_nsub + 1) == -1)
 			{
 				*statp = EX_CONFIG;
 				return NULL;
@@ -5129,7 +6963,7 @@ regex_map_lookup(map, name, av, statp)
 		{
 			if (!first)
 			{
-				for (sp = map_p->delim; *sp; sp++)
+				for (sp = map_p->regex_delim; *sp; sp++)
 				{
 					if (dp < ldp)
 						*dp++ = *sp;
@@ -5148,12 +6982,12 @@ regex_map_lookup(map, name, av, statp)
 			{
 				if (dp < ldp)
 				{
-					if(bslashmode)
-					{ 
+					if (bslashmode)
+					{
 						*dp++ = *sp;
 						bslashmode = FALSE;
 					}
-					else if(quotemode && *sp != '"' &&
+					else if (quotemode && *sp != '"' &&
 						*sp != '\\')
 					{
 						*dp++ = *sp;
@@ -5194,9 +7028,9 @@ regex_map_lookup(map, name, av, statp)
 		if (anglecnt != 0 || cmntcnt != 0 || quotemode ||
 		    bslashmode || spacecnt != 0)
 		{
-			sm_syslog(LOG_WARNING, NOQID, 
-				 "Warning: regex may cause prescan() failure map=%s lookup=%s",
-				 map->map_mname, name);
+			sm_syslog(LOG_WARNING, NOQID,
+				  "Warning: regex may cause prescan() failure map=%s lookup=%s",
+				  map->map_mname, name);
 			return NULL;
 		}
 
@@ -5207,3 +7041,189 @@ regex_map_lookup(map, name, av, statp)
 	return regex_map_rewrite(map, "", (size_t)0, av);
 }
 #endif /* MAP_REGEX */
+/*
+**  NSD modules
+*/
+#ifdef MAP_NSD
+
+# include <ndbm.h>
+# define _DATUM_DEFINED
+# include <ns_api.h>
+
+typedef struct ns_map_list
+{
+	ns_map_t *map;
+	char *mapname;
+	struct ns_map_list *next;
+} ns_map_list_t;
+
+static ns_map_t *
+ns_map_t_find(mapname)
+	char *mapname;
+{
+	static ns_map_list_t *ns_maps = NULL;
+	ns_map_list_t *ns_map;
+
+	/* walk the list of maps looking for the correctly named map */
+	for (ns_map = ns_maps; ns_map != NULL; ns_map = ns_map->next)
+	{
+		if (strcmp(ns_map->mapname, mapname) == 0)
+			break;
+	}
+
+	/* if we are looking at a NULL ns_map_list_t, then create a new one */
+	if (ns_map == NULL)
+	{
+		ns_map = (ns_map_list_t *) xalloc(sizeof *ns_map);
+		ns_map->mapname = newstr(mapname);
+		ns_map->map = (ns_map_t *) xalloc(sizeof *ns_map->map);
+		ns_map->next = ns_maps;
+		ns_maps = ns_map;
+	}
+	return ns_map->map;
+}
+
+char *
+nsd_map_lookup(map, name, av, statp)
+	MAP *map;
+	char *name;
+	char **av;
+	int *statp;
+{
+	int buflen;
+	char *p;
+	ns_map_t *ns_map;
+	char keybuf[MAXNAME + 1];
+	char buf[MAXLINE];
+
+	if (tTd(38, 20))
+		dprintf("nsd_map_lookup(%s, %s)\n", map->map_mname, name);
+
+	buflen = strlen(name);
+	if (buflen > sizeof keybuf - 1)
+		buflen = sizeof keybuf - 1;
+	memmove(keybuf, name, buflen);
+	keybuf[buflen] = '\0';
+	if (!bitset(MF_NOFOLDCASE, map->map_mflags))
+		makelower(keybuf);
+
+	ns_map = ns_map_t_find(map->map_file);
+	if (ns_map == NULL)
+	{
+		if (tTd(38, 20))
+			dprintf("nsd_map_t_find failed\n");
+		return NULL;
+	}
+
+	if (ns_lookup(ns_map, NULL, map->map_file,
+		      keybuf, NULL, buf, MAXLINE) == NULL)
+		return NULL;
+
+	/* Null out trailing \n */
+	if ((p = strchr(buf, '\n')) != NULL)
+		*p = '\0';
+
+	return map_rewrite(map, buf, strlen(buf), av);
+}
+#endif /* MAP_NSD */
+
+char *
+arith_map_lookup(map, name, av, statp)
+	MAP *map;
+	char *name;
+	char **av;
+	int *statp;
+{
+	long r;
+	long v[2];
+	bool res = FALSE;
+	bool boolres;
+	static char result[16];
+	char **cpp;
+
+	if (tTd(38, 2))
+	{
+		dprintf("arith_map_lookup: key '%s'\n", name);
+		for (cpp = av; cpp != NULL && *cpp != NULL; cpp++)
+			dprintf("arith_map_lookup: arg '%s'\n", *cpp);
+	}
+	r = 0;
+	boolres = FALSE;
+	cpp = av;
+	*statp = EX_OK;
+
+	/*
+	**  read arguments for arith map
+	**  - no check is made whether they are really numbers
+	**  - just ignores args after the second
+	*/
+	for (++cpp; cpp != NULL && *cpp != NULL && r < 2; cpp++)
+		v[r++] = strtol(*cpp, NULL, 0);
+
+	/* operator and (at least) two operands given? */
+	if (name != NULL && r == 2)
+	{
+		switch(*name)
+		{
+#if _FFR_ARITH
+		  case '|':
+			r = v[0] | v[1];
+			break;
+
+		  case '&':
+			r = v[0] & v[1];
+			break;
+
+		  case '%':
+			if (v[1] == 0)
+				return NULL;
+			r = v[0] % v[1];
+			break;
+#endif /* _FFR_ARITH */
+
+		  case '+':
+			r = v[0] + v[1];
+			break;
+
+		  case '-':
+			r = v[0] - v[1];
+			break;
+
+		  case '*':
+			r = v[0] * v[1];
+			break;
+
+		  case '/':
+			if (v[1] == 0)
+				return NULL;
+			r = v[0] / v[1];
+			break;
+
+		  case 'l':
+			res = v[0] < v[1];
+			boolres = TRUE;
+			break;
+
+		  case '=':
+			res = v[0] == v[1];
+			boolres = TRUE;
+			break;
+
+		  default:
+			/* XXX */
+			*statp = EX_CONFIG;
+			if (LogLevel > 10)
+				sm_syslog(LOG_WARNING, NOQID,
+					  "arith_map: unknown operator %c",
+					  isprint(*name) ? *name : '?');
+			return NULL;
+		}
+		if (boolres)
+			snprintf(result, sizeof result, res ? "TRUE" : "FALSE");
+		else
+			snprintf(result, sizeof result, "%ld", r);
+		return result;
+	}
+	*statp = EX_CONFIG;
+	return NULL;
+}
diff --git a/contrib/sendmail/src/mci.c b/contrib/sendmail/src/mci.c
index 41649a2..18877ed 100644
--- a/contrib/sendmail/src/mci.c
+++ b/contrib/sendmail/src/mci.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,13 +12,25 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)mci.c	8.83 (Berkeley) 10/13/1998";
-#endif /* not lint */
+static char id[] = "@(#)$Id: mci.c,v 8.133.10.3 2000/06/23 16:17:06 ca Exp $";
+#endif /* ! lint */
+
+#include <sendmail.h>
+
+
+#if NETINET || NETINET6
+# include <arpa/inet.h>
+#endif /* NETINET || NETINET6 */
 
-#include "sendmail.h"
-#include <arpa/inet.h>
 #include <dirent.h>
 
+static int	mci_generate_persistent_path __P((const char *, char *,
+						  int, bool));
+static bool	mci_load_persistent __P((MCI *));
+static void	mci_uncache __P((MCI **, bool));
+static int	mci_lock_host_statfile __P((MCI *));
+static int	mci_read_persistent __P((FILE *, MCI *));
+
 /*
 **  Mail Connection Information (MCI) Caching Module.
 **
@@ -49,11 +62,8 @@ static char sccsid[] = "@(#)mci.c	8.83 (Berkeley) 10/13/1998";
 **	MCI structure.
 */
 
-MCI	**MciCache;		/* the open connection cache */
+static MCI	**MciCache;		/* the open connection cache */
 
-extern int	mci_generate_persistent_path __P((const char *, char *, int, bool));
-extern bool	mci_load_persistent __P((MCI *));
-extern void	mci_uncache __P((MCI **, bool));
 /*
 **  MCI_CACHE -- enter a connection structure into the open connection cache
 **
@@ -96,12 +106,13 @@ mci_cache(mci)
 		mci_uncache(mcislot, TRUE);
 
 	if (tTd(42, 5))
-		printf("mci_cache: caching %lx (%s) in slot %d\n",
-			(u_long) mci, mci->mci_host, (int)(mcislot - MciCache));
+		dprintf("mci_cache: caching %lx (%s) in slot %d\n",
+			(u_long) mci, mci->mci_host,
+			(int)(mcislot - MciCache));
 	if (tTd(91, 100))
 		sm_syslog(LOG_DEBUG, CurEnv->e_id,
-			"mci_cache: caching %x (%.100s) in slot %d",
-			mci, mci->mci_host, mcislot - MciCache);
+			  "mci_cache: caching %lx (%.100s) in slot %d",
+			  (u_long) mci, mci->mci_host, mcislot - MciCache);
 
 	*mcislot = mci;
 	mci->mci_flags |= MCIF_CACHED;
@@ -135,8 +146,8 @@ mci_scan(savemci)
 	{
 		/* first call */
 		MciCache = (MCI **) xalloc(MaxMciCache * sizeof *MciCache);
-		bzero((char *) MciCache, MaxMciCache * sizeof *MciCache);
-		return (&MciCache[0]);
+		memset((char *) MciCache, '\0', MaxMciCache * sizeof *MciCache);
+		return &MciCache[0];
 	}
 
 	now = curtime();
@@ -149,10 +160,16 @@ mci_scan(savemci)
 			bestmci = &MciCache[i];
 			continue;
 		}
-		if (mci->mci_lastuse + MciCacheTimeout < now && mci != savemci)
+		if ((mci->mci_lastuse + MciCacheTimeout < now ||
+		     (mci->mci_mailer != NULL &&
+		      mci->mci_mailer->m_maxdeliveries > 0 &&
+		      mci->mci_deliveries + 1 >= mci->mci_mailer->m_maxdeliveries))&&
+		    mci != savemci)
 		{
-			/* connection idle too long -- close it */
+			/* connection idle too long or too many deliveries */
 			bestmci = &MciCache[i];
+
+			/* close it */
 			mci_uncache(bestmci, TRUE);
 			continue;
 		}
@@ -178,7 +195,7 @@ mci_scan(savemci)
 **		none.
 */
 
-void
+static void
 mci_uncache(mcislot, doquit)
 	register MCI **mcislot;
 	bool doquit;
@@ -196,14 +213,16 @@ mci_uncache(mcislot, doquit)
 	mci_unlock_host(mci);
 
 	if (tTd(42, 5))
-		printf("mci_uncache: uncaching %lx (%s) from slot %d (%d)\n",
+		dprintf("mci_uncache: uncaching %lx (%s) from slot %d (%d)\n",
 			(u_long) mci, mci->mci_host,
 			(int)(mcislot - MciCache), doquit);
 	if (tTd(91, 100))
 		sm_syslog(LOG_DEBUG, CurEnv->e_id,
-			"mci_uncache: uncaching %x (%.100s) from slot %d (%d)",
-			mci, mci->mci_host, mcislot - MciCache, doquit);
+			  "mci_uncache: uncaching %lx (%.100s) from slot %d (%d)",
+			  (u_long) mci, mci->mci_host,
+			  mcislot - MciCache, doquit);
 
+	mci->mci_deliveries = 0;
 #if SMTP
 	if (doquit)
 	{
@@ -214,17 +233,17 @@ mci_uncache(mcislot, doquit)
 		/* only uses the envelope to flush the transcript file */
 		if (mci->mci_state != MCIS_CLOSED)
 			smtpquit(mci->mci_mailer, mci, &BlankEnvelope);
-#ifdef XLA
+# ifdef XLA
 		xla_host_end(mci->mci_host);
-#endif
+# endif /* XLA */
 	}
 	else
-#endif
+#endif /* SMTP */
 	{
 		if (mci->mci_in != NULL)
-			xfclose(mci->mci_in, "mci_uncache", "mci_in");
+			(void) fclose(mci->mci_in);
 		if (mci->mci_out != NULL)
-			xfclose(mci->mci_out, "mci_uncache", "mci_out");
+			(void) fclose(mci->mci_out);
 		mci->mci_in = mci->mci_out = NULL;
 		mci->mci_state = MCIS_CLOSED;
 		mci->mci_exitstat = EX_OK;
@@ -274,22 +293,30 @@ mci_get(host, m)
 	extern SOCKADDR CurHostAddr;
 
 	/* clear CurHostAddr so we don't get a bogus address with this name */
-	bzero(&CurHostAddr, sizeof CurHostAddr);
-#endif
+	memset(&CurHostAddr, '\0', sizeof CurHostAddr);
+#endif /* DAEMON */
 
 	/* clear out any expired connections */
 	(void) mci_scan(NULL);
 
 	if (m->m_mno < 0)
 		syserr("negative mno %d (%s)", m->m_mno, m->m_name);
+
 	s = stab(host, ST_MCI + m->m_mno, ST_ENTER);
 	mci = &s->s_mci;
-	mci->mci_host = s->s_name;
 
-	if (!mci_load_persistent(mci))
+	/*
+	**  We don't need to load the peristent data if we have data
+	**  already loaded in the cache.
+	*/
+
+	if (mci->mci_host == NULL &&
+	    (mci->mci_host = s->s_name) != NULL &&
+	    !mci_load_persistent(mci))
 	{
 		if (tTd(42, 2))
-			printf("mci_get(%s %s): lock failed\n", host, m->m_name);
+			dprintf("mci_get(%s %s): lock failed\n",
+				host, m->m_name);
 		mci->mci_exitstat = EX_TEMPFAIL;
 		mci->mci_state = MCIS_CLOSED;
 		mci->mci_statfile = NULL;
@@ -298,7 +325,7 @@ mci_get(host, m)
 
 	if (tTd(42, 2))
 	{
-		printf("mci_get(%s %s): mci_state=%d, _flags=%x, _exitstat=%d, _errno=%d\n",
+		dprintf("mci_get(%s %s): mci_state=%d, _flags=%lx, _exitstat=%d, _errno=%d\n",
 			host, m->m_name, mci->mci_state, mci->mci_flags,
 			mci->mci_exitstat, mci->mci_errno);
 	}
@@ -306,8 +333,6 @@ mci_get(host, m)
 #if SMTP
 	if (mci->mci_state == MCIS_OPEN)
 	{
-		extern int smtpprobe __P((MCI *));
-
 		/* poke the connection to see if it's still alive */
 		(void) smtpprobe(mci);
 
@@ -328,9 +353,9 @@ mci_get(host, m)
 			(void) getpeername(fileno(mci->mci_in),
 				(struct sockaddr *) &CurHostAddr, &socklen);
 		}
-# endif
+# endif /* DAEMON */
 	}
-#endif
+#endif /* SMTP */
 	if (mci->mci_state == MCIS_CLOSED)
 	{
 		time_t now = curtime();
@@ -347,6 +372,29 @@ mci_get(host, m)
 	return mci;
 }
 /*
+**  MCI_MATCH -- check connection cache for a particular host
+*/
+
+bool
+mci_match(host, m)
+	char *host;
+	MAILER *m;
+{
+	register MCI *mci;
+	register STAB *s;
+
+	if (m->m_mno < 0)
+		return FALSE;
+	s = stab(host, ST_MCI + m->m_mno, ST_FIND);
+	if (s == NULL)
+		return FALSE;
+
+	mci = &s->s_mci;
+	if (mci->mci_state == MCIS_OPEN)
+		return TRUE;
+	return FALSE;
+}
+/*
 **  MCI_SETSTAT -- set status codes in MCI structure.
 **
 **	Parameters:
@@ -395,7 +443,7 @@ struct mcifbits
 	int	mcif_bit;	/* flag bit */
 	char	*mcif_name;	/* flag name */
 };
-struct mcifbits	MciFlags[] =
+static struct mcifbits	MciFlags[] =
 {
 	{ MCIF_VALID,		"VALID"		},
 	{ MCIF_TEMP,		"TEMP"		},
@@ -424,18 +472,17 @@ mci_dump(mci, logit)
 	register char *p;
 	char *sep;
 	char buf[4000];
-	extern char *ctime();
 
 	sep = logit ? " " : "\n\t";
 	p = buf;
-	snprintf(p, SPACELEFT(buf, p), "MCI@%x: ", mci);
+	snprintf(p, SPACELEFT(buf, p), "MCI@%lx: ", (u_long) mci);
 	p += strlen(p);
 	if (mci == NULL)
 	{
 		snprintf(p, SPACELEFT(buf, p), "NULL");
 		goto printit;
 	}
-	snprintf(p, SPACELEFT(buf, p), "flags=%x", mci->mci_flags);
+	snprintf(p, SPACELEFT(buf, p), "flags=%lx", mci->mci_flags);
 	p += strlen(p);
 	if (mci->mci_flags != 0)
 	{
@@ -454,7 +501,7 @@ mci_dump(mci, logit)
 	snprintf(p, SPACELEFT(buf, p),
 		",%serrno=%d, herrno=%d, exitstat=%d, state=%d, pid=%d,%s",
 		sep, mci->mci_errno, mci->mci_herrno,
-		mci->mci_exitstat, mci->mci_state, mci->mci_pid, sep);
+		mci->mci_exitstat, mci->mci_state, (int) mci->mci_pid, sep);
 	p += strlen(p);
 	snprintf(p, SPACELEFT(buf, p),
 		"maxsize=%ld, phase=%s, mailer=%s,%s",
@@ -517,7 +564,7 @@ mci_dump_all(logit)
 **		mci -- containing the host we want to lock.
 **
 **	Returns:
-**		EX_OK	   -- got the lock.
+**		EX_OK	    -- got the lock.
 **		EX_TEMPFAIL -- didn't get the lock.
 */
 
@@ -528,7 +575,7 @@ mci_lock_host(mci)
 	if (mci == NULL)
 	{
 		if (tTd(56, 1))
-			printf("mci_lock_host: NULL mci\n");
+			dprintf("mci_lock_host: NULL mci\n");
 		return EX_OK;
 	}
 
@@ -538,34 +585,34 @@ mci_lock_host(mci)
 	return mci_lock_host_statfile(mci);
 }
 
-int
+static int
 mci_lock_host_statfile(mci)
 	MCI *mci;
 {
-	int savedErrno = errno;
+	int save_errno = errno;
 	int retVal = EX_OK;
-	char fname[MAXPATHLEN+1];
+	char fname[MAXPATHLEN + 1];
 
 	if (HostStatDir == NULL || mci->mci_host == NULL)
 		return EX_OK;
 
 	if (tTd(56, 2))
-		printf("mci_lock_host: attempting to lock %s\n",
+		dprintf("mci_lock_host: attempting to lock %s\n",
 			mci->mci_host);
 
 	if (mci_generate_persistent_path(mci->mci_host, fname, sizeof fname, TRUE) < 0)
 	{
 		/* of course this should never happen */
 		if (tTd(56, 2))
-			printf("mci_lock_host: Failed to generate host path for %s\n",
-			       mci->mci_host);
+			dprintf("mci_lock_host: Failed to generate host path for %s\n",
+				mci->mci_host);
 
 		retVal = EX_TEMPFAIL;
 		goto cleanup;
 	}
 
 	mci->mci_statfile = safefopen(fname, O_RDWR, FileMode,
-		   SFF_NOLOCK|SFF_NOLINK|SFF_OPENASROOT|SFF_REGONLY|SFF_SAFEDIRPATH|SFF_CREAT);
+				      SFF_NOLOCK|SFF_NOLINK|SFF_OPENASROOT|SFF_REGONLY|SFF_SAFEDIRPATH|SFF_CREAT);
 
 	if (mci->mci_statfile == NULL)
 	{
@@ -577,19 +624,19 @@ mci_lock_host_statfile(mci)
 	if (!lockfile(fileno(mci->mci_statfile), fname, "", LOCK_EX|LOCK_NB))
 	{
 		if (tTd(56, 2))
-			printf("mci_lock_host: couldn't get lock on %s\n",
-			       fname);
-		fclose(mci->mci_statfile);
+			dprintf("mci_lock_host: couldn't get lock on %s\n",
+				fname);
+		(void) fclose(mci->mci_statfile);
 		mci->mci_statfile = NULL;
 		retVal = EX_TEMPFAIL;
 		goto cleanup;
 	}
 
 	if (tTd(56, 12) && mci->mci_statfile != NULL)
-		printf("mci_lock_host: Sanity check -- lock is good\n");
+		dprintf("mci_lock_host: Sanity check -- lock is good\n");
 
 cleanup:
-	errno = savedErrno;
+	errno = save_errno;
 	return retVal;
 }
 /*
@@ -609,12 +656,12 @@ void
 mci_unlock_host(mci)
 	MCI *mci;
 {
-	int saveErrno = errno;
+	int save_errno = errno;
 
 	if (mci == NULL)
 	{
 		if (tTd(56, 1))
-			printf("mci_unlock_host: NULL mci\n");
+			dprintf("mci_unlock_host: NULL mci\n");
 		return;
 	}
 
@@ -624,23 +671,23 @@ mci_unlock_host(mci)
 	if (!SingleThreadDelivery && mci_lock_host_statfile(mci) == EX_TEMPFAIL)
 	{
 		if (tTd(56, 1))
-			printf("mci_unlock_host: stat file already locked\n");
+			dprintf("mci_unlock_host: stat file already locked\n");
 	}
 	else
 	{
 		if (tTd(56, 2))
-			printf("mci_unlock_host: store prior to unlock\n");
+			dprintf("mci_unlock_host: store prior to unlock\n");
 
 		mci_store_persistent(mci);
 	}
 
 	if (mci->mci_statfile != NULL)
 	{
-		fclose(mci->mci_statfile);
+		(void) fclose(mci->mci_statfile);
 		mci->mci_statfile = NULL;
 	}
 
-	errno = saveErrno;
+	errno = save_errno;
 }
 /*
 **  MCI_LOAD_PERSISTENT -- load persistent host info
@@ -657,38 +704,38 @@ mci_unlock_host(mci)
 **		FALSE -- lock failed
 */
 
-bool
+static bool
 mci_load_persistent(mci)
 	MCI *mci;
 {
-	int saveErrno = errno;
+	int save_errno = errno;
 	bool locked = TRUE;
 	FILE *fp;
-	char fname[MAXPATHLEN+1];
+	char fname[MAXPATHLEN + 1];
 
 	if (mci == NULL)
 	{
 		if (tTd(56, 1))
-			printf("mci_load_persistent: NULL mci\n");
+			dprintf("mci_load_persistent: NULL mci\n");
 		return TRUE;
 	}
 
 	if (IgnoreHostStatus || HostStatDir == NULL || mci->mci_host == NULL)
 		return TRUE;
-	
+
 	/* Already have the persistent information in memory */
 	if (SingleThreadDelivery && mci->mci_statfile != NULL)
 		return TRUE;
 
 	if (tTd(56, 1))
-		printf("mci_load_persistent: Attempting to load persistent information for %s\n",
-		       mci->mci_host);
-		
+		dprintf("mci_load_persistent: Attempting to load persistent information for %s\n",
+			mci->mci_host);
+
 	if (mci_generate_persistent_path(mci->mci_host, fname, sizeof fname, FALSE) < 0)
 	{
 		/* Not much we can do if the file isn't there... */
 		if (tTd(56, 1))
-			printf("mci_load_persistent: Couldn't generate host path\n");
+			dprintf("mci_load_persistent: Couldn't generate host path\n");
 		goto cleanup;
 	}
 
@@ -698,21 +745,23 @@ mci_load_persistent(mci)
 	{
 		/* I can't think of any reason this should ever happen */
 		if (tTd(56, 1))
-			printf("mci_load_persistent: open(%s): %s\n",
+			dprintf("mci_load_persistent: open(%s): %s\n",
 				fname, errstring(errno));
 		goto cleanup;
 	}
 
 	FileName = fname;
 	locked = lockfile(fileno(fp), fname, "", LOCK_SH|LOCK_NB);
-	(void) mci_read_persistent(fp, mci);
-	FileName = NULL;
 	if (locked)
-		lockfile(fileno(fp), fname, "", LOCK_UN);
-	fclose(fp);
+	{
+		(void) mci_read_persistent(fp, mci);
+		(void) lockfile(fileno(fp), fname, "", LOCK_UN);
+	}
+	FileName = NULL;
+	(void) fclose(fp);
 
 cleanup:
-	errno = saveErrno;
+	errno = save_errno;
 	return locked;
 }
 /*
@@ -734,7 +783,7 @@ cleanup:
 **		perfectly safe due to underlying stdio buffering.
 */
 
-int
+static int
 mci_read_persistent(fp, mci)
 	FILE *fp;
 	register MCI *mci;
@@ -750,7 +799,7 @@ mci_read_persistent(fp, mci)
 		syserr("mci_read_persistent: NULL mci");
 	if (tTd(56, 93))
 	{
-		printf("mci_read_persistent: fp=%lx, mci=", (u_long) fp);
+		dprintf("mci_read_persistent: fp=%lx, mci=", (u_long) fp);
 		mci_dump(mci, FALSE);
 	}
 
@@ -835,12 +884,12 @@ void
 mci_store_persistent(mci)
 	MCI *mci;
 {
-	int saveErrno = errno;
+	int save_errno = errno;
 
 	if (mci == NULL)
 	{
 		if (tTd(56, 1))
-			printf("mci_store_persistent: NULL mci\n");
+			dprintf("mci_store_persistent: NULL mci\n");
 		return;
 	}
 
@@ -848,20 +897,20 @@ mci_store_persistent(mci)
 		return;
 
 	if (tTd(56, 1))
-		printf("mci_store_persistent: Storing information for %s\n",
-			   mci->mci_host);
+		dprintf("mci_store_persistent: Storing information for %s\n",
+			mci->mci_host);
 
 	if (mci->mci_statfile == NULL)
 	{
 		if (tTd(56, 1))
-			printf("mci_store_persistent: no statfile\n");
+			dprintf("mci_store_persistent: no statfile\n");
 		return;
 	}
 
 	rewind(mci->mci_statfile);
 #if !NOFTRUNCATE
 	(void) ftruncate(fileno(mci->mci_statfile), (off_t) 0);
-#endif
+#endif /* !NOFTRUNCATE */
 
 	fprintf(mci->mci_statfile, "V0\n");
 	fprintf(mci->mci_statfile, "E%d\n", mci->mci_errno);
@@ -876,9 +925,9 @@ mci_store_persistent(mci)
 	fprintf(mci->mci_statfile, "U%ld\n", (long)(mci->mci_lastuse));
 	fprintf(mci->mci_statfile, ".\n");
 
-	fflush(mci->mci_statfile);
+	(void) fflush(mci->mci_statfile);
 
-	errno = saveErrno;
+	errno = save_errno;
 	return;
 }
 /*
@@ -903,6 +952,7 @@ mci_store_persistent(mci)
 **		< 0 -- if any action routine returns a negative value, that
 **			value is returned.
 **		0 -- if we successfully went to completion.
+**		> 0 -- return status from action()
 */
 
 int
@@ -920,13 +970,13 @@ mci_traverse_persistent(action, pathname)
 		return -1;
 
 	if (tTd(56, 1))
-		printf("mci_traverse: pathname is %s\n", pathname);
+		dprintf("mci_traverse: pathname is %s\n", pathname);
 
 	ret = stat(pathname, &statbuf);
 	if (ret < 0)
 	{
 		if (tTd(56, 2))
-			printf("mci_traverse: Failed to stat %s: %s\n",
+			dprintf("mci_traverse: Failed to stat %s: %s\n",
 				pathname, errstring(errno));
 		return ret;
 	}
@@ -934,12 +984,13 @@ mci_traverse_persistent(action, pathname)
 	{
 		struct dirent *e;
 		char *newptr;
-		char newpath[MAXPATHLEN+1];
+		char newpath[MAXPATHLEN + 1];
+		bool leftone, removedone;
 
 		if ((d = opendir(pathname)) == NULL)
 		{
 			if (tTd(56, 2))
-				printf("mci_traverse: opendir %s: %s\n",
+				dprintf("mci_traverse: opendir %s: %s\n",
 					pathname, errstring(errno));
 			return -1;
 		}
@@ -947,41 +998,62 @@ mci_traverse_persistent(action, pathname)
 		if (strlen(pathname) >= sizeof newpath - MAXNAMLEN - 3)
 		{
 			if (tTd(56, 2))
-				printf("mci_traverse: path \"%s\" too long",
+				dprintf("mci_traverse: path \"%s\" too long",
 					pathname);
 			return -1;
 		}
-		strcpy(newpath, pathname);
+		(void) strlcpy(newpath, pathname, sizeof newpath);
 		newptr = newpath + strlen(newpath);
 		*newptr++ = '/';
 
-		while ((e = readdir(d)) != NULL)
+		/*
+		**  repeat until no file has been removed
+		**  this may become ugly when several files "expire"
+		**  during these loops, but it's better than doing
+		**  a rewinddir() inside the inner loop
+		*/
+		do
 		{
-			if (e->d_name[0] == '.')
-				continue;
-
-			strncpy(newptr, e->d_name,
-				sizeof newpath - (newptr - newpath) - 1);
-			newpath[sizeof newpath - 1] = '\0';
-
-			ret = mci_traverse_persistent(action, newpath);
+			leftone = removedone = FALSE;
+			while ((e = readdir(d)) != NULL)
+			{
+				if (e->d_name[0] == '.')
+					continue;
+
+				(void) strlcpy(newptr, e->d_name,
+					       sizeof newpath -
+					       (newptr - newpath));
+
+				ret = mci_traverse_persistent(action, newpath);
+				if (ret < 0)
+					break;
+				if (ret == 1)
+					leftone = TRUE;
+				if (!removedone && ret == 0 &&
+				    action == mci_purge_persistent)
+					removedone = TRUE;
+			}
 			if (ret < 0)
 				break;
-
 			/*
 			**  The following appears to be
 			**  necessary during purges, since
 			**  we modify the directory structure
 			*/
-
-			if (action == mci_purge_persistent)
+			if (removedone)
 				rewinddir(d);
-		}
+			if (tTd(56, 40))
+				dprintf("mci_traverse: path %s: ret %d removed %d left %d\n",
+					pathname, ret, removedone, leftone);
+		} while (removedone);
 
 		/* purge (or whatever) the directory proper */
-		*--newptr = '\0';
-		ret = (*action)(newpath, NULL);
-		closedir(d);
+		if (!leftone)
+		{
+			*--newptr = '\0';
+			ret = (*action)(newpath, NULL);
+		}
+		(void) closedir(d);
 	}
 	else if (S_ISREG(statbuf.st_mode))
 	{
@@ -990,7 +1062,7 @@ mci_traverse_persistent(action, pathname)
 		char *scan;
 		char host[MAXHOSTNAMELEN];
 		char *hostptr = host;
-		
+
 		/*
 		**  Reconstruct the host name from the path to the
 		**  persistent information.
@@ -1025,7 +1097,7 @@ mci_traverse_persistent(action, pathname)
 	return ret;
 }
 /*
-**  MCI_PRINT_PERSISTENT -- print persisten info
+**  MCI_PRINT_PERSISTENT -- print persistent info
 **
 **	Dump the persistent information in the file 'pathname'
 **
@@ -1064,23 +1136,23 @@ mci_print_persistent(pathname, hostname)
 	if (fp == NULL)
 	{
 		if (tTd(56, 1))
-			printf("mci_print_persistent: cannot open %s: %s\n",
+			dprintf("mci_print_persistent: cannot open %s: %s\n",
 				pathname, errstring(errno));
 		return 0;
 	}
 
 	FileName = pathname;
-	bzero(&mcib, sizeof mcib);
+	memset(&mcib, '\0', sizeof mcib);
 	if (mci_read_persistent(fp, &mcib) < 0)
 	{
 		syserr("%s: could not read status file", pathname);
-		fclose(fp);
+		(void) fclose(fp);
 		FileName = NULL;
 		return 0;
 	}
 
 	locked = !lockfile(fileno(fp), pathname, "", LOCK_EX|LOCK_NB);
-	fclose(fp);
+	(void) fclose(fp);
 	FileName = NULL;
 
 	printf("%c%-39s %12s ",
@@ -1123,7 +1195,9 @@ mci_print_persistent(pathname, hostname)
 **			NULL if this is a directory (domain).
 **
 **	Returns:
-**		0
+**		0 -- ok
+**		1 -- file not deleted (too young, incorrect format)
+**		< 0 -- some error occurred
 */
 
 int
@@ -1131,18 +1205,30 @@ mci_purge_persistent(pathname, hostname)
 	char *pathname;
 	char *hostname;
 {
+	struct stat statbuf;
 	char *end = pathname + strlen(pathname) - 1;
+	int ret;
 
 	if (tTd(56, 1))
-		printf("mci_purge_persistent: purging %s\n", pathname);
+		dprintf("mci_purge_persistent: purging %s\n", pathname);
 
+	ret = stat(pathname, &statbuf);
+	if (ret < 0)
+	{
+		if (tTd(56, 2))
+			dprintf("mci_purge_persistent: Failed to stat %s: %s\n",
+				pathname, errstring(errno));
+		return ret;
+	}
+	if (curtime() - statbuf.st_mtime < MciInfoTimeout)
+		return 1;
 	if (hostname != NULL)
 	{
 		/* remove the file */
 		if (unlink(pathname) < 0)
 		{
 			if (tTd(56, 2))
-				printf("mci_purge_persistent: failed to unlink %s: %s\n",
+				dprintf("mci_purge_persistent: failed to unlink %s: %s\n",
 					pathname, errstring(errno));
 		}
 	}
@@ -1150,18 +1236,18 @@ mci_purge_persistent(pathname, hostname)
 	{
 		/* remove the directory */
 		if (*end != '.')
-			return 0;
+			return 1;
 
 		if (tTd(56, 1))
-			printf("mci_purge_persistent: dpurge %s\n", pathname);
+			dprintf("mci_purge_persistent: dpurge %s\n", pathname);
 
 		if (rmdir(pathname) < 0)
 		{
 			if (tTd(56, 2))
-				printf("mci_purge_persistent: rmdir %s: %s\n",
+				dprintf("mci_purge_persistent: rmdir %s: %s\n",
 					pathname, errstring(errno));
 		}
-		
+
 	}
 
 	return 0;
@@ -1185,7 +1271,7 @@ mci_purge_persistent(pathname, hostname)
 **		-1 -- failure
 */
 
-int
+static int
 mci_generate_persistent_path(host, path, pathlen, createflag)
 	const char *host;
 	char *path;
@@ -1196,6 +1282,9 @@ mci_generate_persistent_path(host, path, pathlen, createflag)
 	int ret = 0;
 	int len;
 	char t_host[MAXHOSTNAMELEN];
+#if NETINET6
+	struct in6_addr in6_addr;
+#endif /* NETINET6 */
 
 	/*
 	**  Rationality check the arguments.
@@ -1213,7 +1302,7 @@ mci_generate_persistent_path(host, path, pathlen, createflag)
 	}
 
 	if (tTd(56, 80))
-		printf("mci_generate_persistent_path(%s): ", host);
+		dprintf("mci_generate_persistent_path(%s): ", host);
 
 	if (*host == '\0' || *host == '.')
 		return -1;
@@ -1222,9 +1311,9 @@ mci_generate_persistent_path(host, path, pathlen, createflag)
 	if (strlen(host) > sizeof t_host - 1)
 		return -1;
 	if (host[0] == '[')
-		strcpy(t_host, host + 1);
-	else	
-		strcpy(t_host, host);
+		(void) strlcpy(t_host, host + 1, sizeof t_host);
+	else
+		(void) strlcpy(t_host, host, sizeof t_host);
 
 	/*
 	**  Delete any trailing dots from the hostname.
@@ -1236,9 +1325,18 @@ mci_generate_persistent_path(host, path, pathlen, createflag)
 	       (elem[-1] == '.' || (host[0] == '[' && elem[-1] == ']')))
 		*--elem = '\0';
 
+#if NETINET || NETINET6
 	/* check for bogus bracketed address */
-	if (host[0] == '[' && inet_addr(t_host) == INADDR_NONE)
+	if (host[0] == '[' &&
+# if NETINET6
+	    inet_pton(AF_INET6, t_host, &in6_addr) != 1 &&
+# endif /* NETINET6 */
+# if NETINET
+	    inet_addr(t_host) == INADDR_NONE
+# endif /* NETINET */
+	    )
 		return -1;
+#endif /* NETINET || NETINET6 */
 
 	/* check for what will be the final length of the path */
 	len = strlen(HostStatDir) + 2;
@@ -1253,7 +1351,7 @@ mci_generate_persistent_path(host, path, pathlen, createflag)
 	if (len > pathlen || len < 1)
 		return -1;
 
-	strcpy(path, HostStatDir);
+	(void) strlcpy(path, HostStatDir, pathlen);
 	p = path + strlen(path);
 
 	while (elem > t_host)
@@ -1284,10 +1382,10 @@ mci_generate_persistent_path(host, path, pathlen, createflag)
 	if (tTd(56, 80))
 	{
 		if (ret < 0)
-			printf("FAILURE %d\n", ret);
+			dprintf("FAILURE %d\n", ret);
 		else
-			printf("SUCCESS %s\n", path);
+			dprintf("SUCCESS %s\n", path);
 	}
 
-	return (ret);
+	return ret;
 }
diff --git a/contrib/sendmail/src/milter.c b/contrib/sendmail/src/milter.c
new file mode 100644
index 0000000..82f1574
--- /dev/null
+++ b/contrib/sendmail/src/milter.c
@@ -0,0 +1,3402 @@
+/*
+ * Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: milter.c,v 8.50.4.30 2000/07/18 07:24:51 gshapiro Exp $";
+#endif /* ! lint */
+
+#if _FFR_MILTER
+
+# include <sendmail.h>
+# include <errno.h>
+# include <sys/time.h>
+
+# if NETINET || NETINET6
+#  include <arpa/inet.h>
+# endif /* NETINET || NETINET6 */
+
+
+static void	milter_error __P((struct milter *));
+static int	milter_open __P((struct milter *, bool, ENVELOPE *));
+static void	milter_parse_timeouts __P((char *, struct milter *));
+
+static char *MilterConnectMacros[MAXFILTERMACROS + 1];
+static char *MilterHeloMacros[MAXFILTERMACROS + 1];
+static char *MilterEnvFromMacros[MAXFILTERMACROS + 1];
+static char *MilterEnvRcptMacros[MAXFILTERMACROS + 1];
+
+# define MILTER_CHECK_DONE_MSG() \
+	if (*state == SMFIR_REPLYCODE || \
+	    *state == SMFIR_REJECT || \
+	    *state == SMFIR_DISCARD || \
+	    *state == SMFIR_TEMPFAIL) \
+	{ \
+		/* Abort the filters to let them know we are done with msg */ \
+		milter_abort(e); \
+	}
+
+# define MILTER_CHECK_ERROR(action) \
+	if (bitnset(SMF_TEMPFAIL, m->mf_flags)) \
+		*state = SMFIR_TEMPFAIL; \
+	else if (bitnset(SMF_REJECT, m->mf_flags)) \
+		*state = SMFIR_REJECT; \
+	else \
+		action;
+
+# define MILTER_CHECK_REPLYCODE(default) \
+	if (response == NULL || \
+	    strlen(response) + 1 != (size_t) rlen || \
+	    rlen < 3 || \
+	    (response[0] != '4' && response[0] != '5') || \
+	    !isascii(response[1]) || !isdigit(response[1]) || \
+	    !isascii(response[2]) || !isdigit(response[2])) \
+	{ \
+		if (response != NULL) \
+			free(response); \
+		response = newstr(default); \
+	} \
+	else \
+	{ \
+		char *ptr = response; \
+ \
+		/* Check for unprotected %'s in the string */ \
+		while (*ptr != '\0') \
+		{ \
+			if (*ptr == '%' && *++ptr != '%') \
+			{ \
+				free(response); \
+				response = newstr(default); \
+				break; \
+			} \
+			ptr++; \
+		} \
+	}
+
+# define MILTER_DF_ERROR(msg) \
+{ \
+	int save_errno = errno; \
+ \
+	if (tTd(64, 5)) \
+	{ \
+		dprintf(msg, dfname, errstring(save_errno)); \
+		dprintf("\n"); \
+	} \
+	if (LogLevel > 0) \
+		sm_syslog(LOG_ERR, e->e_id, msg, dfname, errstring(save_errno)); \
+	if (SuperSafe) \
+	{ \
+		if (e->e_dfp != NULL) \
+		{ \
+			(void) fclose(e->e_dfp); \
+			e->e_dfp = NULL; \
+		} \
+		e->e_flags &= ~EF_HAS_DF; \
+	} \
+	errno = save_errno; \
+}
+
+/*
+**  MILTER_TIMEOUT -- make sure socket is ready in time
+**
+**	Parameters:
+**		routine -- routine name for debug/logging
+**		secs -- number of seconds in timeout
+**		write -- waiting to read or write?
+**
+**	Assumes 'm' is a milter structure for the current socket.
+*/
+
+
+#  define MILTER_TIMEOUT(routine, secs, write) \
+{ \
+	int ret; \
+	int save_errno; \
+	fd_set fds; \
+	struct timeval tv; \
+ \
+	if (m->mf_sock >= FD_SETSIZE) \
+	{ \
+		if (tTd(64, 5)) \
+			dprintf("%s(%s): socket %d is larger than FD_SETSIZE %d\n", \
+				routine, m->mf_name, m->mf_sock, FD_SETSIZE); \
+		if (LogLevel > 0) \
+			sm_syslog(LOG_ERR, e->e_id, \
+				  "%s(%s): socket %d is larger than FD_SETSIZE %d\n", \
+				  routine, m->mf_name, m->mf_sock, FD_SETSIZE); \
+		milter_error(m); \
+		return NULL; \
+	} \
+ \
+	FD_ZERO(&fds); \
+	FD_SET(m->mf_sock, &fds); \
+	tv.tv_sec = secs; \
+	tv.tv_usec = 0; \
+	ret = select(m->mf_sock + 1, \
+		     write ? NULL : &fds, \
+		     write ? &fds : NULL, \
+		     NULL, &tv); \
+ \
+	switch (ret) \
+	{ \
+	  case 0: \
+		if (tTd(64, 5)) \
+			dprintf("%s(%s): timeout\n", routine, m->mf_name); \
+		if (LogLevel > 0) \
+			sm_syslog(LOG_ERR, e->e_id, "%s(%s): timeout\n", \
+				  routine, m->mf_name); \
+		milter_error(m); \
+		return NULL; \
+ \
+	  case -1: \
+		save_errno = errno; \
+		if (tTd(64, 5)) \
+			dprintf("%s(%s): select: %s\n", \
+				routine,  m->mf_name, errstring(save_errno)); \
+		if (LogLevel > 0) \
+			sm_syslog(LOG_ERR, e->e_id, \
+				  "%s(%s): select: %s\n", \
+				  routine, m->mf_name, errstring(save_errno)); \
+		milter_error(m); \
+		return NULL; \
+ \
+	  default: \
+		if (FD_ISSET(m->mf_sock, &fds)) \
+			break; \
+		if (tTd(64, 5)) \
+			dprintf("%s(%s): socket not ready\n", \
+				routine, m->mf_name); \
+		if (LogLevel > 0) \
+			sm_syslog(LOG_ERR, e->e_id, \
+				  "%s(%s): socket not ready\n", \
+				  m->mf_name, routine); \
+		milter_error(m); \
+		return NULL; \
+	} \
+}
+
+
+/*
+**  Low level functions
+*/
+
+/*
+**  MILTER_READ -- read from a remote milter filter
+**
+**	Parameters:
+**		m -- milter to read from.
+**		cmd -- return param for command read.
+**		rlen -- return length of response string.
+**		to -- timeout in seconds.
+**		e -- current envelope.
+**
+**	Returns:
+**		response string (may be NULL)
+*/
+
+static char *
+milter_sysread(m, buf, sz, to, e)
+	struct milter *m;
+	char *buf;
+	ssize_t sz;
+	time_t to;
+	ENVELOPE *e;
+{
+	time_t readstart;
+	ssize_t len, curl;
+
+	curl = 0;
+
+	if (to > 0)
+		readstart = curtime();
+
+	for (;;)
+	{
+		if (to > 0)
+		{
+			time_t now;
+
+			now = curtime();
+			if (now - readstart >= to)
+			{
+				if (tTd(64, 5))
+					dprintf("milter_read(%s): timeout before data read\n",
+						m->mf_name);
+				if (LogLevel > 0)
+					sm_syslog(LOG_ERR, e->e_id,
+						  "milter_read(%s): timeout before data read\n",
+						  m->mf_name);
+				milter_error(m);
+				return NULL;
+			}
+			to -= now - readstart;
+			readstart = now;
+			MILTER_TIMEOUT("milter_read", to, FALSE);
+		}
+
+		len = read(m->mf_sock, buf + curl, sz - curl);
+
+		if (len < 0)
+		{
+			int save_errno = errno;
+
+			if (tTd(64, 5))
+				dprintf("milter_read(%s): read returned %ld: %s\n",
+					m->mf_name, (long) len,
+					errstring(save_errno));
+			if (LogLevel > 0)
+				sm_syslog(LOG_ERR, e->e_id,
+					  "milter_read(%s): read returned %ld: %s",
+					  m->mf_name, (long) len,
+					  errstring(save_errno));
+			milter_error(m);
+			return NULL;
+		}
+
+		curl += len;
+		if (len == 0 || len >= sz)
+			break;
+
+	}
+
+	if (curl != sz)
+	{
+		if (tTd(64, 5))
+			dprintf("milter_read(%s): read returned %ld, expecting %ld\n",
+				m->mf_name, (long) curl, (long) sz);
+		if (LogLevel > 0)
+			sm_syslog(LOG_ERR, e->e_id,
+				  "milter_read(%s): read returned %ld, expecting %ld",
+				  m->mf_name, (long) curl, (long) sz);
+		milter_error(m);
+		return NULL;
+	}
+	return buf;
+}
+
+static char *
+milter_read(m, cmd, rlen, to, e)
+	struct milter *m;
+	char *cmd;
+	ssize_t *rlen;
+	time_t to;
+	ENVELOPE *e;
+{
+	time_t readstart;
+	ssize_t expl;
+	mi_int32 i;
+	char *buf;
+	char data[MILTER_LEN_BYTES + 1];
+
+	*rlen = 0;
+	*cmd = '\0';
+
+	if (to > 0)
+		readstart = curtime();
+
+	if (milter_sysread(m, data, sizeof data, to, e) == NULL)
+		return NULL;
+
+	/* reset timeout */
+	if (to > 0)
+	{
+		time_t now;
+
+		now = curtime();
+		if (now - readstart >= to)
+		{
+			if (tTd(64, 5))
+				dprintf("milter_read(%s): timeout before data read\n",
+					m->mf_name);
+			if (LogLevel > 0)
+				sm_syslog(LOG_ERR, e->e_id,
+					  "milter_read(%s): timeout before data read\n",
+					  m->mf_name);
+			milter_error(m);
+			return NULL;
+		}
+		to -= now - readstart;
+	}
+
+	*cmd = data[MILTER_LEN_BYTES];
+	data[MILTER_LEN_BYTES] = '\0';
+	(void) memcpy(&i, data, MILTER_LEN_BYTES);
+	expl = ntohl(i) - 1;
+
+	if (tTd(64, 25))
+		dprintf("milter_read(%s): expecting %ld bytes\n",
+			m->mf_name, (long) expl);
+
+	if (expl < 0)
+	{
+		if (tTd(64, 5))
+			dprintf("milter_read(%s): read size %ld out of range\n",
+				m->mf_name, (long) expl);
+		if (LogLevel > 0)
+			sm_syslog(LOG_ERR, e->e_id,
+				  "milter_read(%s): read size %ld out of range",
+				  m->mf_name, (long) expl);
+		milter_error(m);
+		return NULL;
+	}
+
+	if (expl == 0)
+		return NULL;
+
+	buf = (char *)xalloc(expl);
+
+	if (milter_sysread(m, buf, expl, to, e) == NULL)
+	{
+		free(buf);
+		return NULL;
+	}
+
+	if (tTd(64, 50))
+		dprintf("milter_read(%s): Returning %*s\n",
+			m->mf_name, (int) expl, buf);
+	*rlen = expl;
+	return buf;
+}
+/*
+**  MILTER_WRITE -- write to a remote milter filter
+**
+**	Parameters:
+**		m -- milter to read from.
+**		cmd -- command to send.
+**		buf -- optional command data.
+**		len -- length of buf.
+**		to -- timeout in seconds.
+**		e -- current envelope.
+**
+**	Returns:
+**		buf if successful, NULL otherwise
+**		Not actually used anywhere but function prototype
+**			must match milter_read()
+*/
+
+static char *
+milter_write(m, cmd, buf, len, to, e)
+	struct milter *m;
+	char cmd;
+	char *buf;
+	ssize_t len;
+	time_t to;
+	ENVELOPE *e;
+{
+	time_t writestart = (time_t) 0;
+	ssize_t sl, i;
+	mi_int32 nl;
+	char data[MILTER_LEN_BYTES + 1];
+
+	if (len < 0 || len > MILTER_CHUNK_SIZE)
+	{
+		if (tTd(64, 5))
+			dprintf("milter_write(%s): length %ld out of range\n",
+				m->mf_name, (long) len);
+		if (LogLevel > 0)
+			sm_syslog(LOG_ERR, e->e_id,
+				  "milter_write(%s): length %ld out of range",
+				  m->mf_name, (long) len);
+		milter_error(m);
+		return NULL;
+	}
+
+	if (tTd(64, 20))
+		dprintf("milter_write(%s): cmd %c, len %ld\n",
+			m->mf_name, cmd, (long) len);
+
+	nl = htonl(len + 1);	/* add 1 for the cmd char */
+	(void) memcpy(data, (char *) &nl, MILTER_LEN_BYTES);
+	data[MILTER_LEN_BYTES] = cmd;
+	sl = MILTER_LEN_BYTES + 1;
+
+	if (to > 0)
+	{
+		writestart = curtime();
+		MILTER_TIMEOUT("milter_write", to, TRUE);
+	}
+
+	/* use writev() instead to send the whole stuff at once? */
+	i = write(m->mf_sock, (void *) data, sl);
+	if (i != sl)
+	{
+		int save_errno = errno;
+
+		if (tTd(64, 5))
+			dprintf("milter_write(%s): write(%c) returned %ld, expected %ld: %s\n",
+				m->mf_name, cmd, (long) i, (long) sl,
+				errstring(save_errno));
+		if (LogLevel > 0)
+			sm_syslog(LOG_ERR, e->e_id,
+				  "milter_write(%s): write(%c) returned %ld, expected %ld: %s",
+				  m->mf_name, cmd, (long) i, (long) sl,
+				  errstring(save_errno));
+		milter_error(m);
+		return buf;
+	}
+
+	if (len <= 0 || buf == NULL)
+		return buf;
+
+	if (tTd(64, 50))
+		dprintf("milter_write(%s): Sending %*s\n",
+			m->mf_name, (int) len, buf);
+
+	if (to > 0)
+	{
+		time_t now;
+
+		now = curtime();
+		if (now - writestart >= to)
+		{
+			if (tTd(64, 5))
+				dprintf("milter_write(%s): timeout before data send\n",
+					m->mf_name);
+			if (LogLevel > 0)
+				sm_syslog(LOG_ERR, e->e_id,
+					  "milter_write(%s): timeout before data send\n",
+					  m->mf_name);
+			milter_error(m);
+			return NULL;
+		}
+		else
+		{
+			to -= now - writestart;
+			MILTER_TIMEOUT("milter_write", to, TRUE);
+		}
+	}
+
+	i = write(m->mf_sock, (void *) buf, len);
+	if (i != len)
+	{
+		int save_errno = errno;
+
+		if (tTd(64, 5))
+			dprintf("milter_write(%s): write(%c) returned %ld, expected %ld: %s\n",
+				m->mf_name, cmd, (long) i, (long) sl,
+				errstring(save_errno));
+		if (LogLevel > 0)
+			sm_syslog(LOG_ERR, e->e_id,
+				  "milter_write(%s): write(%c) returned %ld, expected %ld: %s",
+				  m->mf_name, cmd, (long) i, (long) len,
+				  errstring(save_errno));
+		milter_error(m);
+		return NULL;
+	}
+	return buf;
+}
+
+/*
+**  Utility functions
+*/
+
+/*
+**  MILTER_OPEN -- connect to remote milter filter
+**
+**	Parameters:
+**		m -- milter to connect to.
+**		parseonly -- parse but don't connect.
+**		e -- current envelope.
+**
+**	Returns:
+**		connected socket if sucessful && !parseonly,
+**		0 upon parse success if parseonly,
+**		-1 otherwise.
+*/
+
+static int
+milter_open(m, parseonly, e)
+	struct milter *m;
+	bool parseonly;
+	ENVELOPE *e;
+{
+	int sock = 0;
+	SOCKADDR_LEN_T addrlen = 0;
+	int addrno = 0;
+	int save_errno;
+	char *p;
+	char *colon;
+	char *at;
+	struct hostent *hp = NULL;
+	SOCKADDR addr;
+
+	if (m->mf_conn == NULL || m->mf_conn[0] == '\0')
+	{
+		if (tTd(64, 5))
+			dprintf("X%s: empty or missing socket information\n",
+				m->mf_name);
+		if (parseonly)
+			syserr("X%s: empty or missing socket information",
+			       m->mf_name);
+		else if (LogLevel > 10)
+			sm_syslog(LOG_ERR, e->e_id,
+				  "X%s: empty or missing socket information",
+				  m->mf_name);
+		milter_error(m);
+		return -1;
+	}
+
+	/* protocol:filename or protocol:port@host */
+	p = m->mf_conn;
+	colon = strchr(p, ':');
+	if (colon != NULL)
+	{
+		*colon = '\0';
+
+		if (*p == '\0')
+		{
+# if NETUNIX
+			/* default to AF_UNIX */
+			addr.sa.sa_family = AF_UNIX;
+# else /* NETUNIX */
+#  if NETINET
+			/* default to AF_INET */
+			addr.sa.sa_family = AF_INET;
+#  else /* NETINET */
+#   if NETINET6
+			/* default to AF_INET6 */
+			addr.sa.sa_family = AF_INET6;
+#   else /* NETINET6 */
+			/* no protocols available */
+			sm_syslog(LOG_ERR, e->e_id,
+				  "X%s: no valid socket protocols available",
+				  m->mf_name);
+			milter_error(m);
+			return -1;
+#   endif /* NETINET6 */
+#  endif /* NETINET */
+# endif /* NETUNIX */
+		}
+# if NETUNIX
+		else if (strcasecmp(p, "unix") == 0 ||
+			 strcasecmp(p, "local") == 0)
+			addr.sa.sa_family = AF_UNIX;
+# endif /* NETUNIX */
+# if NETINET
+		else if (strcasecmp(p, "inet") == 0)
+			addr.sa.sa_family = AF_INET;
+# endif /* NETINET */
+# if NETINET6
+		else if (strcasecmp(p, "inet6") == 0)
+			addr.sa.sa_family = AF_INET6;
+# endif /* NETINET6 */
+		else
+		{
+# ifdef EPROTONOSUPPORT
+			errno = EPROTONOSUPPORT;
+# else /* EPROTONOSUPPORT */
+			errno = EINVAL;
+# endif /* EPROTONOSUPPORT */
+			if (tTd(64, 5))
+				dprintf("X%s: unknown socket type %s\n",
+					m->mf_name, p);
+			if (parseonly)
+				syserr("X%s: unknown socket type %s",
+				       m->mf_name, p);
+			else if (LogLevel > 10)
+				sm_syslog(LOG_ERR, e->e_id,
+					  "X%s: unknown socket type %s",
+					  m->mf_name, p);
+			milter_error(m);
+			return -1;
+		}
+		*colon++ = ':';
+	}
+	else
+	{
+		/* default to AF_UNIX */
+		addr.sa.sa_family = AF_UNIX;
+		colon = p;
+	}
+
+# if NETUNIX
+	if (addr.sa.sa_family == AF_UNIX)
+	{
+		long sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_EXECOK;
+
+		at = colon;
+		if (strlen(colon) >= sizeof addr.sunix.sun_path)
+		{
+			if (tTd(64, 5))
+				dprintf("X%s: local socket name %s too long\n",
+					m->mf_name, colon);
+			errno = EINVAL;
+			if (parseonly)
+				syserr("X%s: local socket name %s too long",
+				       m->mf_name, colon);
+			else if (LogLevel > 10)
+				sm_syslog(LOG_ERR, e->e_id,
+					  "X%s: local socket name %s too long",
+					  m->mf_name, colon);
+			milter_error(m);
+			return -1;
+		}
+		errno = safefile(colon, RunAsUid, RunAsGid, RunAsUserName, sff,
+				 S_IRUSR|S_IWUSR, NULL);
+
+		/* if just parsing .cf file, socket doesn't need to exist */
+		if (parseonly && errno == ENOENT)
+		{
+			if (OpMode == MD_DAEMON ||
+			    OpMode == MD_FGDAEMON)
+				fprintf(stderr,
+					"WARNING: X%s: local socket name %s missing\n",
+					m->mf_name, colon);
+		}
+		else if (errno != 0)
+		{
+			/* if not safe, don't create */
+			save_errno = errno;
+			if (tTd(64, 5))
+				dprintf("X%s: local socket name %s unsafe\n",
+					m->mf_name, colon);
+			errno = save_errno;
+			if (parseonly)
+			{
+				if (OpMode == MD_DAEMON ||
+				    OpMode == MD_FGDAEMON ||
+				    OpMode == MD_SMTP)
+					syserr("X%s: local socket name %s unsafe",
+					       m->mf_name, colon);
+			}
+			else if (LogLevel > 10)
+				sm_syslog(LOG_ERR, e->e_id,
+					  "X%s: local socket name %s unsafe",
+					  m->mf_name, colon);
+			milter_error(m);
+			return -1;
+		}
+
+		(void) strlcpy(addr.sunix.sun_path, colon,
+			       sizeof addr.sunix.sun_path);
+		addrlen = sizeof (struct sockaddr_un);
+	}
+	else
+# endif /* NETUNIX */
+# if NETINET || NETINET6
+	if (FALSE
+#  if NETINET
+		 || addr.sa.sa_family == AF_INET
+#  endif /* NETINET */
+#  if NETINET6
+		 || addr.sa.sa_family == AF_INET6
+#  endif /* NETINET6 */
+		 )
+	{
+		u_short port;
+
+		/* Parse port@host */
+		at = strchr(colon, '@');
+		if (at == NULL)
+		{
+			if (tTd(64, 5))
+				dprintf("X%s: bad address %s (expected port@host)\n",
+					m->mf_name, colon);
+			if (parseonly)
+				syserr("X%s: bad address %s (expected port@host)",
+				       m->mf_name, colon);
+			else if (LogLevel > 10)
+				sm_syslog(LOG_ERR, e->e_id,
+					  "X%s: bad address %s (expected port@host)",
+					  m->mf_name, colon);
+			milter_error(m);
+			return -1;
+		}
+		*at = '\0';
+		if (isascii(*colon) && isdigit(*colon))
+			port = htons((u_short) atoi(colon));
+		else
+		{
+#  ifdef NO_GETSERVBYNAME
+			if (tTd(64, 5))
+				dprintf("X%s: invalid port number %s\n",
+					m->mf_name, colon);
+			if (parseonly)
+				syserr("X%s: invalid port number %s",
+				       m->mf_name, colon);
+			else if (LogLevel > 10)
+				sm_syslog(LOG_ERR, e->e_id,
+					  "X%s: invalid port number %s",
+					  m->mf_name, colon);
+			milter_error(m);
+			return -1;
+#  else /* NO_GETSERVBYNAME */
+			register struct servent *sp;
+
+			sp = getservbyname(colon, "tcp");
+			if (sp == NULL)
+			{
+				save_errno = errno;
+				if (tTd(64, 5))
+					dprintf("X%s: unknown port name %s\n",
+						m->mf_name, colon);
+				errno = save_errno;
+				if (parseonly)
+					syserr("X%s: unknown port name %s",
+					       m->mf_name, colon);
+				else if (LogLevel > 10)
+					sm_syslog(LOG_ERR, e->e_id,
+						  "X%s: unknown port name %s",
+						  m->mf_name, colon);
+				milter_error(m);
+				return -1;
+			}
+			port = sp->s_port;
+#  endif /* NO_GETSERVBYNAME */
+		}
+		*at++ = '@';
+		if (*at == '[')
+		{
+			char *end;
+
+			end = strchr(at, ']');
+			if (end != NULL)
+			{
+				bool found = FALSE;
+#  if NETINET
+				unsigned long hid = INADDR_NONE;
+#  endif /* NETINET */
+#  if NETINET6
+				struct sockaddr_in6 hid6;
+#  endif /* NETINET6 */
+
+				*end = '\0';
+#  if NETINET
+				if (addr.sa.sa_family == AF_INET &&
+				    (hid = inet_addr(&at[1])) != INADDR_NONE)
+				{
+					addr.sin.sin_addr.s_addr = hid;
+					addr.sin.sin_port = port;
+					found = TRUE;
+				}
+#  endif /* NETINET */
+#  if NETINET6
+				(void) memset(&hid6, '\0', sizeof hid6);
+				if (addr.sa.sa_family == AF_INET6 &&
+				    inet_pton(AF_INET6, &at[1],
+					      &hid6.sin6_addr) == 1)
+				{
+					addr.sin6.sin6_addr = hid6.sin6_addr;
+					addr.sin6.sin6_port = port;
+					found = TRUE;
+				}
+#  endif /* NETINET6 */
+				*end = ']';
+				if (!found)
+				{
+					if (tTd(64, 5))
+						dprintf("X%s: Invalid numeric domain spec \"%s\"\n",
+							m->mf_name, at);
+					if (parseonly)
+						syserr("X%s: Invalid numeric domain spec \"%s\"",
+						       m->mf_name, at);
+					else if (LogLevel > 10)
+						sm_syslog(LOG_ERR, e->e_id,
+							  "X%s: Invalid numeric domain spec \"%s\"",
+							  m->mf_name, at);
+					milter_error(m);
+					return -1;
+				}
+			}
+			else
+			{
+				if (tTd(64, 5))
+					dprintf("X%s: Invalid numeric domain spec \"%s\"\n",
+						m->mf_name, at);
+				if (parseonly)
+					syserr("X%s: Invalid numeric domain spec \"%s\"",
+					       m->mf_name, at);
+				else if (LogLevel > 10)
+					sm_syslog(LOG_ERR, e->e_id,
+						  "X%s: Invalid numeric domain spec \"%s\"",
+						  m->mf_name, at);
+				milter_error(m);
+				return -1;
+			}
+		}
+		else
+		{
+			hp = sm_gethostbyname(at, addr.sa.sa_family);
+			if (hp == NULL)
+			{
+				save_errno = errno;
+				if (tTd(64, 5))
+					dprintf("X%s: Unknown host name %s\n",
+						m->mf_name, at);
+				errno = save_errno;
+				if (parseonly)
+					syserr("X%s: Unknown host name %s",
+					       m->mf_name, at);
+				else if (LogLevel > 10)
+					sm_syslog(LOG_ERR, e->e_id,
+						  "X%s: Unknown host name %s",
+						  m->mf_name, at);
+				milter_error(m);
+				return -1;
+			}
+			addr.sa.sa_family = hp->h_addrtype;
+			switch (hp->h_addrtype)
+			{
+#  if NETINET
+			  case AF_INET:
+				memmove(&addr.sin.sin_addr,
+					hp->h_addr,
+					INADDRSZ);
+				addr.sin.sin_port = port;
+				addrlen = sizeof (struct sockaddr_in);
+				addrno = 1;
+				break;
+#  endif /* NETINET */
+
+#  if NETINET6
+			  case AF_INET6:
+				memmove(&addr.sin6.sin6_addr,
+					hp->h_addr,
+					IN6ADDRSZ);
+				addr.sin6.sin6_port = port;
+				addrlen = sizeof (struct sockaddr_in6);
+				addrno = 1;
+				break;
+#  endif /* NETINET6 */
+
+			  default:
+				if (tTd(64, 5))
+					dprintf("X%s: Unknown protocol for %s (%d)\n",
+						m->mf_name, at,
+						hp->h_addrtype);
+				if (parseonly)
+					syserr("X%s: Unknown protocol for %s (%d)",
+					       m->mf_name, at, hp->h_addrtype);
+				else if (LogLevel > 10)
+					sm_syslog(LOG_ERR, e->e_id,
+						  "X%s: Unknown protocol for %s (%d)",
+						  m->mf_name, at,
+						  hp->h_addrtype);
+				milter_error(m);
+				return -1;
+			}
+		}
+	}
+	else
+# endif /* NETINET || NETINET6 */
+	{
+		if (tTd(64, 5))
+			dprintf("X%s: unknown socket protocol\n", m->mf_name);
+		if (parseonly)
+			syserr("X%s: unknown socket protocol", m->mf_name);
+		else if (LogLevel > 10)
+			sm_syslog(LOG_ERR, e->e_id,
+				  "X%s: unknown socket protocol", m->mf_name);
+		milter_error(m);
+		return -1;
+	}
+
+	/* just parsing through? */
+	if (parseonly)
+	{
+		m->mf_state = SMFS_READY;
+		return 0;
+	}
+
+	/* sanity check */
+	if (m->mf_state != SMFS_READY &&
+	    m->mf_state != SMFS_CLOSED)
+	{
+		/* shouldn't happen */
+		if (tTd(64, 1))
+			dprintf("milter_open(%s): Trying to open filter in state %c\n",
+				m->mf_name, (char) m->mf_state);
+		milter_error(m);
+		return -1;
+	}
+
+	/* nope, actually connecting */
+	for (;;)
+	{
+		sock = socket(addr.sa.sa_family, SOCK_STREAM, 0);
+		if (sock < 0)
+		{
+			save_errno = errno;
+			if (tTd(64, 5))
+				dprintf("X%s: error creating socket: %s\n",
+					m->mf_name, errstring(save_errno));
+			if (LogLevel > 0)
+				sm_syslog(LOG_ERR, e->e_id,
+					  "X%s: error creating socket: %s",
+					  m->mf_name, errstring(save_errno));
+			milter_error(m);
+			return -1;
+		}
+
+		if (connect(sock, (struct sockaddr *) &addr, addrlen) >= 0)
+			break;
+
+		/* couldn't connect.... try next address */
+		save_errno = errno;
+		if (tTd(64, 5))
+			dprintf("milter_open(%s): %s failed: %s\n",
+				m->mf_name, at, errstring(save_errno));
+		if (LogLevel >= 14)
+			sm_syslog(LOG_INFO, e->e_id,
+				  "milter_open(%s): %s failed: %s",
+				  m->mf_name, at, errstring(save_errno));
+		(void) close(sock);
+
+		/* try next address */
+		if (hp != NULL && hp->h_addr_list[addrno] != NULL)
+		{
+			switch (addr.sa.sa_family)
+			{
+# if NETINET
+			  case AF_INET:
+				memmove(&addr.sin.sin_addr,
+					hp->h_addr_list[addrno++],
+					INADDRSZ);
+				break;
+# endif /* NETINET */
+
+# if NETINET6
+			  case AF_INET6:
+				memmove(&addr.sin6.sin6_addr,
+					hp->h_addr_list[addrno++],
+					IN6ADDRSZ);
+				break;
+# endif /* NETINET6 */
+
+			  default:
+				if (tTd(64, 5))
+					dprintf("X%s: Unknown protocol for %s (%d)\n",
+						m->mf_name, at,
+						hp->h_addrtype);
+				if (LogLevel > 0)
+					sm_syslog(LOG_ERR, e->e_id,
+						  "X%s: Unknown protocol for %s (%d)",
+						  m->mf_name, at,
+						  hp->h_addrtype);
+				milter_error(m);
+				return -1;
+			}
+			continue;
+		}
+		if (tTd(64, 5))
+			dprintf("X%s: error connecting to filter\n",
+				m->mf_name);
+		if (LogLevel > 0)
+			sm_syslog(LOG_ERR, e->e_id,
+				  "X%s: error connecting to filter",
+				  m->mf_name);
+		milter_error(m);
+		return -1;
+	}
+	m->mf_state = SMFS_OPEN;
+	return sock;
+}
+/*
+**  MILTER_SETUP -- setup structure for a mail filter
+**
+**	Parameters:
+**		line -- the options line.
+**
+**	Returns:
+**		none
+*/
+
+void
+milter_setup(line)
+	char *line;
+{
+	char fcode;
+	register char *p;
+	register struct milter *m;
+	STAB *s;
+
+	/* collect the mailer name */
+	for (p = line;
+	     *p != '\0' && *p != ',' && !(isascii(*p) && isspace(*p));
+	     p++)
+		continue;
+	if (*p != '\0')
+		*p++ = '\0';
+	if (line[0] == '\0')
+	{
+		syserr("name required for mail filter");
+		return;
+	}
+	m = (struct milter *)xalloc(sizeof *m);
+	memset((char *) m, '\0', sizeof *m);
+	m->mf_name = newstr(line);
+	m->mf_state = SMFS_READY;
+	m->mf_sock = -1;
+	m->mf_timeout[SMFTO_WRITE] = (time_t) 10;
+	m->mf_timeout[SMFTO_READ] = (time_t) 10;
+	m->mf_timeout[SMFTO_EOM] = (time_t) 300;
+
+	/* now scan through and assign info from the fields */
+	while (*p != '\0')
+	{
+		char *delimptr;
+
+		while (*p != '\0' &&
+		       (*p == ',' || (isascii(*p) && isspace(*p))))
+			p++;
+
+		/* p now points to field code */
+		fcode = *p;
+		while (*p != '\0' && *p != '=' && *p != ',')
+			p++;
+		if (*p++ != '=')
+		{
+			syserr("X%s: `=' expected", m->mf_name);
+			return;
+		}
+		while (isascii(*p) && isspace(*p))
+			p++;
+
+		/* p now points to the field body */
+		p = munchstring(p, &delimptr, ',');
+
+		/* install the field into the mailer struct */
+		switch (fcode)
+		{
+		  case 'S':		/* socket */
+			if (p == NULL)
+				m->mf_conn = NULL;
+			else
+				m->mf_conn = newstr(p);
+			break;
+
+		  case 'F':		/* Milter flags configured on MTA */
+			for (; *p != '\0'; p++)
+			{
+				if (!(isascii(*p) && isspace(*p)))
+					setbitn(*p, m->mf_flags);
+			}
+			break;
+
+		  case 'T':		/* timeouts */
+			milter_parse_timeouts(p, m);
+			break;
+
+		  default:
+			syserr("X%s: unknown filter equate %c=",
+			       m->mf_name, fcode);
+			break;
+		}
+		p = delimptr;
+	}
+
+	/* early check for errors */
+	(void) milter_open(m, TRUE, CurEnv);
+
+	/* enter the mailer into the symbol table */
+	s = stab(m->mf_name, ST_MILTER, ST_ENTER);
+	if (s->s_milter != NULL)
+		syserr("X%s: duplicate filter definition", m->mf_name);
+	else
+		s->s_milter = m;
+}
+/*
+**  MILTER_PARSE_LIST -- parse option list into an array
+**
+**	Called when reading configuration file.
+**
+**	Parameters:
+**		spec -- the filter list.
+**		list -- the array to fill in.
+**		max -- the maximum number of entries in list.
+**
+**	Returns:
+**		none
+*/
+
+void
+milter_parse_list(spec, list, max)
+	char *spec;
+	struct milter **list;
+	int max;
+{
+	int numitems = 0;
+	register char *p;
+
+	/* leave one for the NULL signifying the end of the list */
+	max--;
+
+	for (p = spec; p != NULL; )
+	{
+		STAB *s;
+
+		while (isascii(*p) && isspace(*p))
+			p++;
+		if (*p == '\0')
+			break;
+		spec = p;
+
+		if (numitems >= max)
+		{
+			syserr("Too many filters defined, %d max", max);
+			if (max > 0)
+				list[0] = NULL;
+			return;
+		}
+		p = strpbrk(p, ",");
+		if (p != NULL)
+			*p++ = '\0';
+
+		s = stab(spec, ST_MILTER, ST_FIND);
+		if (s == NULL)
+		{
+			syserr("InputFilter %s not defined", spec);
+			ExitStat = EX_CONFIG;
+			return;
+		}
+		list[numitems++] = s->s_milter;
+	}
+	list[numitems] = NULL;
+}
+/*
+**  MILTER_PARSE_TIMEOUTS -- parse timeout list
+**
+**	Called when reading configuration file.
+**
+**	Parameters:
+**		spec -- the timeout list.
+**		m -- milter to set.
+**
+**	Returns:
+**		none
+*/
+
+static void
+milter_parse_timeouts(spec, m)
+	char *spec;
+	struct milter *m;
+{
+	char fcode;
+	register char *p;
+
+	p = spec;
+
+	/* now scan through and assign info from the fields */
+	while (*p != '\0')
+	{
+		char *delimptr;
+
+		while (*p != '\0' &&
+		       (*p == ';' || (isascii(*p) && isspace(*p))))
+			p++;
+
+		/* p now points to field code */
+		fcode = *p;
+		while (*p != '\0' && *p != ':')
+			p++;
+		if (*p++ != ':')
+		{
+			syserr("X%s, T=: `:' expected", m->mf_name);
+			return;
+		}
+		while (isascii(*p) && isspace(*p))
+			p++;
+
+		/* p now points to the field body */
+		p = munchstring(p, &delimptr, ';');
+
+		/* install the field into the mailer struct */
+		switch (fcode)
+		{
+		  case 'S':
+			m->mf_timeout[SMFTO_WRITE] = convtime(p, 's');
+			if (tTd(64, 5))
+				printf("X%s: %c=%ld\n",
+				       m->mf_name, fcode,
+				       (u_long) m->mf_timeout[SMFTO_WRITE]);
+			break;
+
+		  case 'R':
+			m->mf_timeout[SMFTO_READ] = convtime(p, 's');
+			if (tTd(64, 5))
+				printf("X%s: %c=%ld\n",
+				       m->mf_name, fcode,
+				       (u_long) m->mf_timeout[SMFTO_READ]);
+			break;
+
+		  case 'E':
+			m->mf_timeout[SMFTO_EOM] = convtime(p, 's');
+			if (tTd(64, 5))
+				printf("X%s: %c=%ld\n",
+				       m->mf_name, fcode,
+				       (u_long) m->mf_timeout[SMFTO_EOM]);
+			break;
+
+		  default:
+			if (tTd(64, 5))
+				printf("X%s: %c unknown\n",
+				       m->mf_name, fcode);
+			syserr("X%s: unknown filter timeout %c",
+			       m->mf_name, fcode);
+			break;
+		}
+		p = delimptr;
+	}
+}
+/*
+**  MILTER_SET_OPTION -- set an individual milter option
+**
+**	Parameters:
+**		name -- the name of the option.
+**		val -- the value of the option.
+**		sticky -- if set, don't let other setoptions override
+**			this value.
+**
+**	Returns:
+**		none.
+*/
+
+/* set if Milter sub-option is stuck */
+static BITMAP256	StickyMilterOpt;
+
+static struct milteropt
+{
+	char	*mo_name;	/* long name of milter option */
+	u_char	mo_code;	/* code for option */
+} MilterOptTab[] =
+{
+# define MO_MACROS_CONNECT		0x01
+	{ "macros.connect",		MO_MACROS_CONNECT		},
+# define MO_MACROS_HELO			0x02
+	{ "macros.helo",		MO_MACROS_HELO			},
+# define MO_MACROS_ENVFROM		0x03
+	{ "macros.envfrom",		MO_MACROS_ENVFROM		},
+# define MO_MACROS_ENVRCPT		0x04
+	{ "macros.envrcpt",		MO_MACROS_ENVRCPT		},
+	{ NULL,				0				},
+};
+
+void
+milter_set_option(name, val, sticky)
+	char *name;
+	char *val;
+	bool sticky;
+{
+	int nummac = 0;
+	register struct milteropt *mo;
+	char *p;
+	char **macros = NULL;
+
+	if (tTd(37, 2) || tTd(64, 5))
+		dprintf("milter_set_option(%s = %s)", name, val);
+
+	for (mo = MilterOptTab; mo->mo_name != NULL; mo++)
+	{
+		if (strcasecmp(mo->mo_name, name) == 0)
+			break;
+	}
+
+	if (mo->mo_name == NULL)
+		syserr("milter_set_option: invalid Milter option %s", name);
+
+	/*
+	**  See if this option is preset for us.
+	*/
+
+	if (!sticky && bitnset(mo->mo_code, StickyMilterOpt))
+	{
+		if (tTd(37, 2) || tTd(64,5))
+			dprintf(" (ignored)\n");
+		return;
+	}
+
+	if (tTd(37, 2) || tTd(64,5))
+		dprintf("\n");
+
+	switch (mo->mo_code)
+	{
+	  case MO_MACROS_CONNECT:
+		if (macros == NULL)
+			macros = MilterConnectMacros;
+		/* FALLTHROUGH */
+
+	  case MO_MACROS_HELO:
+		if (macros == NULL)
+			macros = MilterHeloMacros;
+		/* FALLTHROUGH */
+
+	  case MO_MACROS_ENVFROM:
+		if (macros == NULL)
+			macros = MilterEnvFromMacros;
+		/* FALLTHROUGH */
+
+	  case MO_MACROS_ENVRCPT:
+		if (macros == NULL)
+			macros = MilterEnvRcptMacros;
+
+		p = newstr(val);
+		while (*p != '\0')
+		{
+			char *macro;
+
+			/* Skip leading commas, spaces */
+			while (*p != '\0' &&
+			       (*p == ',' || (isascii(*p) && isspace(*p))))
+				p++;
+
+			if (*p == '\0')
+				break;
+
+			/* Find end of macro */
+			macro = p;
+			while (*p != '\0' && *p != ',' &&
+			       isascii(*p) && !isspace(*p))
+				p++;
+			if (*p != '\0')
+				*p++ = '\0';
+
+			if (nummac >= MAXFILTERMACROS)
+			{
+				syserr("milter_set_option: too many macros in Milter.%s (max %d)",
+				       name, MAXFILTERMACROS);
+				macros[nummac] = NULL;
+				break;
+			}
+			macros[nummac++] = macro;
+		}
+		macros[nummac] = NULL;
+		break;
+
+	  default:
+		syserr("milter_set_option: invalid Milter option %s", name);
+		break;
+	}
+
+	if (sticky)
+		setbitn(mo->mo_code, StickyMilterOpt);
+}
+/*
+**  MILTER_REOPEN_DF -- open & truncate the df file (for replbody)
+**
+**	Parameters:
+**		e -- current envelope.
+**
+**	Returns:
+**		0 if succesful, -1 otherwise
+*/
+
+static int
+milter_reopen_df(e)
+	ENVELOPE *e;
+{
+	char dfname[MAXPATHLEN];
+
+	(void) strlcpy(dfname, queuename(e, 'd'), sizeof dfname);
+
+	/*
+	**  In SuperSafe mode, e->e_dfp is a read-only FP so
+	**  close and reopen writable (later close and reopen
+	**  read only again).
+	**
+	**  In !SuperSafe mode, e->e_dfp still points at the
+	**  buffered file I/O descriptor, still open for writing
+	**  so there isn't as much work to do, just truncate it
+	**  and go.
+	*/
+
+	if (SuperSafe)
+	{
+		/* close read-only df */
+		if (bitset(EF_HAS_DF, e->e_flags) && e->e_dfp != NULL)
+		{
+			(void) fclose(e->e_dfp);
+			e->e_flags &= ~EF_HAS_DF;
+		}
+
+		/* open writable */
+		if ((e->e_dfp = fopen(dfname, "w+")) == NULL)
+		{
+			MILTER_DF_ERROR("milter_reopen_df: fopen %s: %s");
+			return -1;
+		}
+	}
+	else if (e->e_dfp == NULL)
+	{
+		/* shouldn't happen */
+		errno = ENOENT;
+		MILTER_DF_ERROR("milter_reopen_df: NULL e_dfp (%s: %s)");
+		return -1;
+	}
+	return 0;
+}
+/*
+**  MILTER_RESET_DF -- re-open read-only the df file (for replbody)
+**
+**	Parameters:
+**		e -- current envelope.
+**
+**	Returns:
+**		0 if succesful, -1 otherwise
+*/
+
+static int
+milter_reset_df(e)
+	ENVELOPE *e;
+{
+	int afd;
+	char dfname[MAXPATHLEN];
+
+	(void) strlcpy(dfname, queuename(e, 'd'), sizeof dfname);
+
+	if (fflush(e->e_dfp) != 0 || ferror(e->e_dfp))
+	{
+		MILTER_DF_ERROR("milter_reset_df: error writing/flushing %s: %s");
+		return -1;
+	}
+	else if (!SuperSafe)
+	{
+		/* skip next few clauses */
+		/* EMPTY */
+	}
+	else if ((afd = fileno(e->e_dfp)) >= 0 && fsync(afd) < 0)
+	{
+		MILTER_DF_ERROR("milter_reset_df: error sync'ing %s: %s");
+		return -1;
+	}
+	else if (fclose(e->e_dfp) < 0)
+	{
+		MILTER_DF_ERROR("milter_reset_df: error closing %s: %s");
+		return -1;
+	}
+	else if ((e->e_dfp = fopen(dfname, "r")) == NULL)
+	{
+		MILTER_DF_ERROR("milter_reset_df: error reopening %s: %s");
+		return -1;
+	}
+	else
+		e->e_flags |= EF_HAS_DF;
+	return 0;
+}
+/*
+**  MILTER_CAN_DELRCPTS -- can any milter filters delete recipients?
+**
+**	Parameters:
+**		none
+**
+**	Returns:
+**		TRUE if any filter deletes recipients, FALSE otherwise
+*/
+
+bool
+milter_can_delrcpts()
+{
+	bool can = FALSE;
+	int i;
+
+	if (tTd(64, 10))
+		dprintf("milter_can_delrcpts:");
+
+	for (i = 0; InputFilters[i] != NULL; i++)
+	{
+		struct milter *m = InputFilters[i];
+
+		if (bitset(SMFIF_DELRCPT, m->mf_fflags))
+		{
+			can = TRUE;
+			break;
+		}
+	}
+	if (tTd(64, 10))
+		dprintf("%s\n", can ? "TRUE" : "FALSE");
+
+	return can;
+}
+/*
+**  MILTER_QUIT_FILTER -- close down a single filter
+**
+**	Parameters:
+**		m -- milter structure of filter to close down.
+**		e -- current envelope.
+**
+**	Returns:
+**		none
+*/
+
+static void
+milter_quit_filter(m, e)
+	struct milter *m;
+	ENVELOPE *e;
+{
+	if (tTd(64, 10))
+		dprintf("milter_quit_filter(%s)\n", m->mf_name);
+
+	/* Never replace error state */
+	if (m->mf_state == SMFS_ERROR)
+		return;
+
+	if (m->mf_sock < 0 ||
+	    m->mf_state == SMFS_CLOSED ||
+	    m->mf_state == SMFS_READY)
+	{
+		m->mf_sock = -1;
+		m->mf_state = SMFS_CLOSED;
+		return;
+	}
+
+	(void) milter_write(m, SMFIC_QUIT, (char *) NULL, 0,
+			    m->mf_timeout[SMFTO_WRITE], e);
+	(void) close(m->mf_sock);
+	m->mf_sock = -1;
+	if (m->mf_state != SMFS_ERROR)
+		m->mf_state = SMFS_CLOSED;
+}
+/*
+**  MILTER_ABORT_FILTER -- tell filter to abort current message
+**
+**	Parameters:
+**		m -- milter structure of filter to abort.
+**		e -- current envelope.
+**
+**	Returns:
+**		none
+*/
+
+static void
+milter_abort_filter(m, e)
+	struct milter *m;
+	ENVELOPE *e;
+{
+	if (tTd(64, 10))
+		dprintf("milter_abort_filter(%s)\n", m->mf_name);
+
+	if (m->mf_sock < 0 ||
+	    m->mf_state != SMFS_INMSG)
+		return;
+
+	(void) milter_write(m, SMFIC_ABORT, (char *) NULL, 0,
+			    m->mf_timeout[SMFTO_WRITE], e);
+	if (m->mf_state != SMFS_ERROR)
+		m->mf_state = SMFS_DONE;
+}
+/*
+**  MILTER_SEND_MACROS -- provide macros to the filters
+**
+**	Parameters:
+**		m -- milter to send macros to.
+**		macros -- macros to send for filter smfi_getsymval().
+**		cmd -- which command the macros are associated with.
+**		e -- current envelope (for macro access).
+**
+**	Returns:
+**		none
+*/
+
+static void
+milter_send_macros(m, macros, cmd, e)
+	struct milter *m;
+	char **macros;
+	char cmd;
+	ENVELOPE *e;
+{
+	int i;
+	int mid;
+	char *v;
+	char *buf, *bp;
+	ssize_t s;
+
+	/* sanity check */
+	if (macros == NULL || macros[0] == NULL)
+		return;
+
+	/* put together data */
+	s = 1;			/* for the command character */
+	for (i = 0; macros[i] != NULL; i++)
+	{
+		mid = macid(macros[i], NULL);
+		if (mid == '\0')
+			continue;
+		v = macvalue(mid, e);
+		if (v == NULL)
+			continue;
+		s += strlen(macros[i]) + 1 + strlen(v) + 1;
+	}
+
+	buf = (char *)xalloc(s);
+	bp = buf;
+	*bp++ = cmd;
+	for (i = 0; macros[i] != NULL; i++)
+	{
+		mid = macid(macros[i], NULL);
+		if (mid == '\0')
+			continue;
+		v = macvalue(mid, e);
+		if (v == NULL)
+			continue;
+
+		if (tTd(64, 10))
+			dprintf("milter_send_macros(%s, %c): %s=%s\n",
+				m->mf_name, cmd, macros[i], v);
+
+		(void) strlcpy(bp, macros[i], s - (bp - buf));
+		bp += strlen(bp) + 1;
+		(void) strlcpy(bp, v, s - (bp - buf));
+		bp += strlen(bp) + 1;
+	}
+	(void) milter_write(m, SMFIC_MACRO, buf, s,
+			    m->mf_timeout[SMFTO_WRITE], e);
+	free(buf);
+}
+
+/*
+**  MILTER_SEND_COMMAND -- send a command and return the response for a filter
+**
+**	Parameters:
+**		m -- current milter filter
+**		command -- command to send.
+**		data -- optional command data.
+**		sz -- length of buf.
+**		e -- current envelope (for e->e_id).
+**		state -- return state word.
+**
+**	Returns:
+**		response string (may be NULL)
+*/
+
+static char *
+milter_send_command(m, command, data, sz, e, state)
+	struct milter *m;
+	char command;
+	void *data;
+	ssize_t sz;
+	ENVELOPE *e;
+	char *state;
+{
+	char rcmd;
+	ssize_t rlen;
+	u_long skipflag;
+	char *defresponse;
+	char *response;
+
+	if (tTd(64, 10))
+		dprintf("milter_send_command(%s): cmd %c len %ld\n",
+			m->mf_name, (char) command, (long) sz);
+
+	/* find skip flag and default failure */
+	switch (command)
+	{
+	  case SMFIC_CONNECT:
+		skipflag = SMFIP_NOCONNECT;
+		defresponse = "554 Command rejected";
+		break;
+
+	  case SMFIC_HELO:
+		skipflag = SMFIP_NOHELO;
+		defresponse = "550 Command rejected";
+		break;
+
+	  case SMFIC_MAIL:
+		skipflag = SMFIP_NOMAIL;
+		defresponse = "550 5.7.1 Command rejected";
+		break;
+
+	  case SMFIC_RCPT:
+		skipflag = SMFIP_NORCPT;
+		defresponse = "550 5.7.1 Command rejected";
+		break;
+
+	  case SMFIC_HEADER:
+		skipflag = SMFIP_NOHDRS;
+		defresponse = "550 5.7.1 Command rejected";
+		break;
+
+	  case SMFIC_BODY:
+		skipflag = SMFIP_NOBODY;
+		defresponse = "554 5.7.1 Command rejected";
+		break;
+
+	  case SMFIC_EOH:
+		skipflag = SMFIP_NOEOH;
+		defresponse = "550 5.7.1 Command rejected";
+		break;
+
+	  case SMFIC_BODYEOB:
+	  case SMFIC_OPTNEG:
+	  case SMFIC_MACRO:
+	  case SMFIC_ABORT:
+	  case SMFIC_QUIT:
+		/* NOTE: not handled by milter_send_command() */
+		/* FALLTHROUGH */
+
+	  default:
+		skipflag = 0;
+		defresponse = "550 5.7.1 Command rejected";
+		break;
+	}
+
+	/* check if filter wants this command */
+	if (skipflag != 0 &&
+	    bitset(skipflag, m->mf_pflags))
+		return NULL;
+
+
+	(void) milter_write(m, command, data, sz,
+			    m->mf_timeout[SMFTO_WRITE], e);
+	if (m->mf_state == SMFS_ERROR)
+	{
+		MILTER_CHECK_ERROR(/* EMPTY */;);
+		return NULL;
+	}
+
+	response = milter_read(m, &rcmd, &rlen,
+			       m->mf_timeout[SMFTO_READ], e);
+	if (m->mf_state == SMFS_ERROR)
+	{
+		MILTER_CHECK_ERROR(/* EMPTY */;);
+		return NULL;
+	}
+
+	if (tTd(64, 10))
+		dprintf("milter_send_command(%s): returned %c\n",
+			m->mf_name, (char) rcmd);
+
+	switch (rcmd)
+	{
+	  case SMFIR_REPLYCODE:
+		MILTER_CHECK_REPLYCODE(defresponse);
+		/* FALLTHROUGH */
+
+	  case SMFIR_REJECT:
+	  case SMFIR_DISCARD:
+	  case SMFIR_TEMPFAIL:
+		*state = rcmd;
+		break;
+
+	  case SMFIR_ACCEPT:
+		/* this filter is done with message/connection */
+		m->mf_state = SMFS_DONE;
+		break;
+
+	  case SMFIR_CONTINUE:
+		/* if MAIL command is ok, filter is in message state */
+		if (command == SMFIC_MAIL)
+			m->mf_state = SMFS_INMSG;
+		break;
+
+	  default:
+		/* Invalid response to command */
+		if (LogLevel > 0)
+			sm_syslog(LOG_ERR, e->e_id,
+				  "milter_send_command(%s): returned bogus response %c",
+				  m->mf_name, rcmd);
+		milter_error(m);
+		break;
+	}
+
+	if (*state != SMFIR_REPLYCODE &&
+	    response != NULL)
+	{
+		free(response);
+		response = NULL;
+	}
+	return response;
+}
+
+/*
+**  MILTER_COMMAND -- send a command and return the response for each filter
+**
+**	Parameters:
+**		command -- command to send.
+**		data -- optional command data.
+**		sz -- length of buf.
+**		macros -- macros to send for filter smfi_getsymval().
+**		e -- current envelope (for macro access).
+**		state -- return state word.
+**
+**	Returns:
+**		response string (may be NULL)
+*/
+
+static char *
+milter_command(command, data, sz, macros, e, state)
+	char command;
+	void *data;
+	ssize_t sz;
+	char **macros;
+	ENVELOPE *e;
+	char *state;
+{
+	int i;
+	char *response = NULL;
+
+	if (tTd(64, 10))
+		dprintf("milter_command: cmd %c len %ld\n",
+			(char) command, (long) sz);
+
+	*state = SMFIR_CONTINUE;
+	for (i = 0; InputFilters[i] != NULL; i++)
+	{
+		struct milter *m = InputFilters[i];
+
+		/* sanity check */
+		if (m->mf_sock < 0 ||
+		    (m->mf_state != SMFS_OPEN && m->mf_state != SMFS_INMSG))
+			continue;
+
+		/* send macros (regardless of whether we send command) */
+		if (macros != NULL && macros[0] != NULL)
+		{
+			milter_send_macros(m, macros, command, e);
+			if (m->mf_state == SMFS_ERROR)
+			{
+				MILTER_CHECK_ERROR(continue);
+				break;
+			}
+		}
+
+		response = milter_send_command(m, command, data, sz, e, state);
+		if (*state != SMFIR_CONTINUE)
+			break;
+	}
+	return response;
+}
+/*
+**  MILTER_NEGOTIATE -- get version and flags from filter
+**
+**	Parameters:
+**		m -- milter filter structure.
+**		e -- current envelope.
+**
+**	Returns:
+**		0 on success, -1 otherwise
+*/
+
+static int
+milter_negotiate(m, e)
+	struct milter *m;
+	ENVELOPE *e;
+{
+	char rcmd;
+	mi_int32 fvers;
+	mi_int32 fflags;
+	mi_int32 pflags;
+	char *response;
+	ssize_t rlen;
+	char data[MILTER_OPTLEN];
+
+	/* sanity check */
+	if (m->mf_sock < 0 || m->mf_state != SMFS_OPEN)
+	{
+		if (LogLevel > 0)
+			sm_syslog(LOG_ERR, e->e_id,
+				  "milter_negotiate(%s): impossible state",
+				  m->mf_name);
+		milter_error(m);
+		return -1;
+	}
+
+	fvers = htonl(SMFI_VERSION);
+	fflags = htonl(SMFI_CURR_ACTS);
+	pflags = htonl(SMFI_CURR_PROT);
+	(void) memcpy(data, (char *) &fvers, MILTER_LEN_BYTES);
+	(void) memcpy(data + MILTER_LEN_BYTES,
+		      (char *) &fflags, MILTER_LEN_BYTES);
+	(void) memcpy(data + (MILTER_LEN_BYTES * 2),
+		      (char *) &pflags, MILTER_LEN_BYTES);
+	(void) milter_write(m, SMFIC_OPTNEG, data, sizeof data,
+			    m->mf_timeout[SMFTO_WRITE], e);
+
+	if (m->mf_state == SMFS_ERROR)
+		return -1;
+
+	response = milter_read(m, &rcmd, &rlen, m->mf_timeout[SMFTO_READ], e);
+	if (m->mf_state == SMFS_ERROR)
+		return -1;
+
+	if (rcmd != SMFIC_OPTNEG)
+	{
+		if (tTd(64, 5))
+			dprintf("milter_negotiate(%s): returned %c instead of %c\n",
+				m->mf_name, rcmd, SMFIC_OPTNEG);
+		if (LogLevel > 0)
+			sm_syslog(LOG_ERR, e->e_id,
+				  "milter_negotiate(%s): returned %c instead of %c",
+				  m->mf_name, rcmd, SMFIC_OPTNEG);
+		if (response != NULL)
+			free(response);
+		milter_error(m);
+		return -1;
+	}
+
+	/* Make sure we have enough bytes for the version */
+	if (response == NULL || rlen < MILTER_LEN_BYTES)
+	{
+		if (tTd(64, 5))
+			dprintf("milter_negotiate(%s): did not return valid info\n",
+				m->mf_name);
+		if (LogLevel > 0)
+			sm_syslog(LOG_ERR, e->e_id,
+				  "milter_negotiate(%s): did not return valid info",
+				  m->mf_name);
+		if (response != NULL)
+			free(response);
+		milter_error(m);
+		return -1;
+	}
+
+	/* extract information */
+	(void) memcpy((char *) &fvers, response, MILTER_LEN_BYTES);
+
+	/* Now make sure we have enough for the feature bitmap */
+	if (rlen != MILTER_OPTLEN)
+	{
+		if (tTd(64, 5))
+			dprintf("milter_negotiate(%s): did not return enough info\n",
+				m->mf_name);
+		if (LogLevel > 0)
+			sm_syslog(LOG_ERR, e->e_id,
+				  "milter_negotiate(%s): did not return enough info",
+				  m->mf_name);
+		if (response != NULL)
+			free(response);
+		milter_error(m);
+		return -1;
+	}
+
+	(void) memcpy((char *) &fflags, response + MILTER_LEN_BYTES,
+		      MILTER_LEN_BYTES);
+	(void) memcpy((char *) &pflags, response + (MILTER_LEN_BYTES * 2),
+		      MILTER_LEN_BYTES);
+	free(response);
+	response = NULL;
+
+	m->mf_fvers = ntohl(fvers);
+	m->mf_fflags = ntohl(fflags);
+	m->mf_pflags = ntohl(pflags);
+
+	/* check for version compatibility */
+	if (m->mf_fvers == 1 ||
+	    m->mf_fvers > SMFI_VERSION)
+	{
+		if (tTd(64, 5))
+			dprintf("milter_negotiate(%s): version %lu != MTA milter version %d\n",
+				m->mf_name, m->mf_fvers, SMFI_VERSION);
+		if (LogLevel > 0)
+			sm_syslog(LOG_ERR, e->e_id,
+				  "milter_negotiate(%s): version %ld != MTA milter version %d",
+				  m->mf_name, m->mf_fvers, SMFI_VERSION);
+		milter_error(m);
+		return -1;
+	}
+
+	/* check for filter feature mismatch */
+	if ((m->mf_fflags & SMFI_CURR_ACTS) != m->mf_fflags)
+	{
+		if (tTd(64, 5))
+			dprintf("milter_negotiate(%s): filter abilities 0x%lx != MTA milter abilities 0x%lx\n",
+				m->mf_name, m->mf_fflags,
+				(u_long) SMFI_CURR_ACTS);
+		if (LogLevel > 0)
+			sm_syslog(LOG_ERR, e->e_id,
+				  "milter_negotiate(%s): filter abilities 0x%lx != MTA milter abilities 0x%lx\n",
+				  m->mf_name, m->mf_fflags,
+				  (u_long) SMFI_CURR_ACTS);
+		milter_error(m);
+		return -1;
+	}
+
+	/* check for protocol feature mismatch */
+	if ((m->mf_pflags & SMFI_CURR_PROT) != m->mf_pflags)
+	{
+		if (tTd(64, 5))
+			dprintf("milter_negotiate(%s): protocol abilities 0x%lx != MTA milter abilities 0x%lx\n",
+				m->mf_name, m->mf_pflags,
+				(u_long) SMFI_CURR_PROT);
+		if (LogLevel > 0)
+			sm_syslog(LOG_ERR, e->e_id,
+				  "milter_negotiate(%s): protocol abilities 0x%lx != MTA milter abilities 0x%lx\n",
+				  m->mf_name, m->mf_pflags,
+				  (u_long) SMFI_CURR_PROT);
+		milter_error(m);
+		return -1;
+	}
+
+	if (tTd(64, 5))
+		dprintf("milter_negotiate(%s): version %lu, fflags 0x%lx, pflags 0x%lx\n",
+			m->mf_name, m->mf_fvers, m->mf_fflags, m->mf_pflags);
+	return 0;
+}
+/*
+**  MILTER_PER_CONNECTION_CHECK -- checks on per-connection commands
+**
+**	Reduce code duplication by putting these checks in one place
+**
+**	Parameters:
+**		e -- current envelope.
+**
+**	Returns:
+**		none
+*/
+
+static void
+milter_per_connection_check(e)
+	ENVELOPE *e;
+{
+	int i;
+
+	/* see if we are done with any of the filters */
+	for (i = 0; InputFilters[i] != NULL; i++)
+	{
+		struct milter *m = InputFilters[i];
+
+		if (m->mf_state == SMFS_DONE)
+			milter_quit_filter(m, e);
+	}
+}
+/*
+**  MILTER_ERROR -- Put a milter filter into error state
+**
+**	Parameters:
+**		m -- the broken filter.
+**
+**	Returns:
+**		none
+*/
+
+static void
+milter_error(m)
+	struct milter *m;
+{
+	/*
+	**  We could send a quit here but
+	**  we may have gotten here due to
+	**  an I/O error so we don't want
+	**  to try to make things worse.
+	*/
+
+	if (m->mf_sock >= 0)
+	{
+		(void) close(m->mf_sock);
+		m->mf_sock = -1;
+	}
+	m->mf_state = SMFS_ERROR;
+}
+/*
+**  MILTER_HEADERS -- send headers to a single milter filter
+**
+**	Parameters:
+**		m -- current filter.
+**		e -- current envelope.
+**		state -- return state from response.
+**
+**	Returns:
+**		response string (may be NULL)
+*/
+
+static char *
+milter_headers(m, e, state)
+	struct milter *m;
+	ENVELOPE *e;
+	char *state;
+{
+	char *response = NULL;
+	HDR *h;
+
+	for (h = e->e_header; h != NULL; h = h->h_link)
+	{
+		char *buf;
+		ssize_t s;
+
+		/* don't send over deleted headers */
+		if (h->h_value == NULL)
+		{
+			/* strip H_USER so not counted in milter_chgheader() */
+			h->h_flags &= ~H_USER;
+			continue;
+		}
+
+		/* skip auto-generated */
+		if (!bitset(H_USER, h->h_flags))
+			continue;
+
+		if (tTd(64, 10))
+			dprintf("milter_headers: %s: %s\n",
+				h->h_field, h->h_value);
+
+		s = strlen(h->h_field) + 1 +
+			strlen(h->h_value) + 1;
+		buf = (char *) xalloc(s);
+		snprintf(buf, s, "%s%c%s", h->h_field, '\0', h->h_value);
+
+		/* send it over */
+		response = milter_send_command(m, SMFIC_HEADER, buf,
+					       s, e, state);
+		free(buf);
+		if (m->mf_state == SMFS_ERROR ||
+		    m->mf_state == SMFS_DONE ||
+		    *state != SMFIR_CONTINUE)
+			break;
+	}
+	return response;
+}
+/*
+**  MILTER_BODY -- send the body to a filter
+**
+**	Parameters:
+**		m -- current filter.
+**		e -- current envelope.
+**		state -- return state from response.
+**
+**	Returns:
+**		response string (may be NULL)
+*/
+
+static char *
+milter_body(m, e, state)
+	struct milter *m;
+	ENVELOPE *e;
+	char *state;
+{
+	char bufchar = '\0';
+	char prevchar = '\0';
+	int c;
+	char *response = NULL;
+	char *bp;
+	char buf[MILTER_CHUNK_SIZE];
+
+	if (tTd(64, 10))
+		dprintf("milter_body\n");
+
+	if (bfrewind(e->e_dfp) < 0)
+	{
+		ExitStat = EX_IOERR;
+		*state = SMFIR_TEMPFAIL;
+		syserr("milter_body: %s/df%s: rewind error",
+		       qid_printqueue(e->e_queuedir), e->e_id);
+		return NULL;
+	}
+
+	bp = buf;
+	while ((c = getc(e->e_dfp)) != EOF)
+	{
+		/*  Change LF to CRLF */
+		if (c == '\n')
+		{
+			/* Not a CRLF already? */
+			if (prevchar != '\r')
+			{
+				/* Room for CR now? */
+				if (bp + 2 > &buf[sizeof buf])
+				{
+					/* No room, buffer LF */
+					bufchar = c;
+
+					/* and send CR now */
+					c = '\r';
+				}
+				else
+				{
+					/* Room to do it now */
+					*bp++ = '\r';
+					prevchar = '\r';
+				}
+			}
+		}
+		*bp++ = (char) c;
+		prevchar = c;
+		if (bp >= &buf[sizeof buf])
+		{
+			/* send chunk */
+			response = milter_send_command(m, SMFIC_BODY, buf,
+						       bp - buf, e, state);
+			bp = buf;
+			if (bufchar != '\0')
+			{
+				*bp++ = bufchar;
+				bufchar = '\0';
+				prevchar = bufchar;
+			}
+		}
+		if (m->mf_state == SMFS_ERROR ||
+		    m->mf_state == SMFS_DONE ||
+		    *state != SMFIR_CONTINUE)
+			break;
+	}
+
+	/* check for read errors */
+	if (ferror(e->e_dfp))
+	{
+		ExitStat = EX_IOERR;
+		if (*state == SMFIR_CONTINUE ||
+		    *state == SMFIR_ACCEPT)
+		{
+			*state = SMFIR_TEMPFAIL;
+			if (response != NULL)
+			{
+				free(response);
+				response = NULL;
+			}
+		}
+		syserr("milter_body: %s/df%s: read error",
+		       qid_printqueue(e->e_queuedir), e->e_id);
+		return response;
+	}
+
+	/* send last body chunk */
+	if (bp > buf &&
+	    m->mf_state != SMFS_ERROR &&
+	    m->mf_state != SMFS_DONE &&
+	    *state == SMFIR_CONTINUE)
+	{
+		/* send chunk */
+		response = milter_send_command(m, SMFIC_BODY, buf, bp - buf,
+					       e, state);
+		bp = buf;
+	}
+	return response;
+}
+
+/*
+**  Actions
+*/
+
+/*
+**  MILTER_ADDHEADER -- Add the supplied header to the message
+**
+**	Parameters:
+**		response -- encoded form of header/value.
+**		rlen -- length of response.
+**		e -- current envelope.
+**
+**	Returns:
+**		none
+*/
+
+static void
+milter_addheader(response, rlen, e)
+	char *response;
+	ssize_t rlen;
+	ENVELOPE *e;
+{
+	char *val;
+
+	if (tTd(64, 10))
+		dprintf("milter_addheader: ");
+
+	/* sanity checks */
+	if (response == NULL)
+	{
+		if (tTd(64, 10))
+			dprintf("NULL response\n");
+		return;
+	}
+
+	if (rlen < 2 || strlen(response) + 1 >= (size_t) rlen)
+	{
+		if (tTd(64, 10))
+			dprintf("didn't follow protocol (total len)\n");
+		return;
+	}
+
+	/* Find separating NUL */
+	val = response + strlen(response) + 1;
+
+	/* another sanity check */
+	if (strlen(response) + strlen(val) + 2 != (size_t) rlen)
+	{
+		if (tTd(64, 10))
+			dprintf("didn't follow protocol (part len)\n");
+		return;
+	}
+
+	if (*response == '\0')
+	{
+		if (tTd(64, 10))
+			dprintf("empty field name\n");
+		return;
+	}
+
+	/* add to e_msgsize */
+	e->e_msgsize += strlen(response) + 2 + strlen(val);
+
+	if (tTd(64, 10))
+		dprintf("Add %s: %s\n", response, val);
+
+	addheader(newstr(response), val, H_USER, &e->e_header);
+}
+/*
+**  MILTER_CHANGEHEADER -- Change the supplied header in the message
+**
+**	Parameters:
+**		response -- encoded form of header/index/value.
+**		rlen -- length of response.
+**		e -- current envelope.
+**
+**	Returns:
+**		none
+*/
+
+static void
+milter_changeheader(response, rlen, e)
+	char *response;
+	ssize_t rlen;
+	ENVELOPE *e;
+{
+	mi_int32 i, index;
+	char *field, *val;
+	HDR *h;
+
+	if (tTd(64, 10))
+		dprintf("milter_changeheader: ");
+
+	/* sanity checks */
+	if (response == NULL)
+	{
+		if (tTd(64, 10))
+			dprintf("NULL response\n");
+		return;
+	}
+
+	if (rlen < 2 || strlen(response) + 1 >= (size_t) rlen)
+	{
+		if (tTd(64, 10))
+			dprintf("didn't follow protocol (total len)\n");
+		return;
+	}
+
+	/* Find separating NUL */
+	(void) memcpy((char *) &i, response, MILTER_LEN_BYTES);
+	index = ntohl(i);
+	field = response + MILTER_LEN_BYTES;
+	val = field + strlen(field) + 1;
+
+	/* another sanity check */
+	if (MILTER_LEN_BYTES + strlen(field) + 1 +
+	    strlen(val) + 1 != (size_t) rlen)
+	{
+		if (tTd(64, 10))
+			dprintf("didn't follow protocol (part len)\n");
+		return;
+	}
+
+	if (*field == '\0')
+	{
+		if (tTd(64, 10))
+			dprintf("empty field name\n");
+		return;
+	}
+
+	for (h = e->e_header; h != NULL; h = h->h_link)
+	{
+		if (bitset(H_USER, h->h_flags) &&
+		    strcasecmp(h->h_field, field) == 0 &&
+		    --index <= 0)
+			break;
+	}
+
+	if (h == NULL)
+	{
+		if (*val == '\0')
+		{
+			if (tTd(64, 10))
+				dprintf("Delete (noop) %s:\n", field);
+		}
+		else
+		{
+			/* treat modify value with no existing header as add */
+			if (tTd(64, 10))
+				dprintf("Add %s: %s\n",	field, val);
+
+			addheader(newstr(field), val, H_USER, &e->e_header);
+		}
+		return;
+	}
+
+	if (tTd(64, 10))
+	{
+		if (*val == '\0')
+		{
+			dprintf("Delete %s: %s\n", field,
+				h->h_value == NULL ? "<NULL>" : h->h_value);
+		}
+		else
+		{
+			dprintf("Change %s: from %s to %s\n",
+				field,
+				h->h_value == NULL ? "<NULL>" : h->h_value,
+				val);
+		}
+	}
+
+	if (h->h_value != NULL)
+	{
+		e->e_msgsize -= strlen(h->h_value);
+		free(h->h_value);
+	}
+
+	if (*val == '\0')
+	{
+		/* Remove "Field: " from message size */
+		e->e_msgsize -= strlen(h->h_field) + 2;
+		h->h_value = NULL;
+	}
+	else
+	{
+		h->h_value = newstr(val);
+		e->e_msgsize += strlen(h->h_value);
+	}
+}
+/*
+**  MILTER_ADDRCPT -- Add the supplied recipient to the message
+**
+**	Parameters:
+**		response -- encoded form of recipient address.
+**		rlen -- length of response.
+**		e -- current envelope.
+**
+**	Returns:
+**		none
+*/
+
+static void
+milter_addrcpt(response, rlen, e)
+	char *response;
+	ssize_t rlen;
+	ENVELOPE *e;
+{
+	if (tTd(64, 10))
+		dprintf("milter_addrcpt: ");
+
+	/* sanity checks */
+	if (response == NULL)
+	{
+		if (tTd(64, 10))
+			dprintf("NULL response\n");
+		return;
+	}
+
+	if (*response == '\0' ||
+	    strlen(response) + 1 != (size_t) rlen)
+	{
+		if (tTd(64, 10))
+			dprintf("didn't follow protocol (total len %d != rlen %d)\n",
+				strlen(response), rlen -1);
+		return;
+	}
+
+	if (tTd(64, 10))
+		dprintf("%s\n", response);
+	(void) sendtolist(response, NULLADDR, &e->e_sendqueue, 0, e);
+	return;
+}
+/*
+**  MILTER_DELRCPT -- Delete the supplied recipient from the message
+**
+**	Parameters:
+**		response -- encoded form of recipient address.
+**		rlen -- length of response.
+**		e -- current envelope.
+**
+**	Returns:
+**		none
+*/
+
+static void
+milter_delrcpt(response, rlen, e)
+	char *response;
+	ssize_t rlen;
+	ENVELOPE *e;
+{
+	if (tTd(64, 10))
+		dprintf("milter_delrcpt: ");
+
+	/* sanity checks */
+	if (response == NULL)
+	{
+		if (tTd(64, 10))
+			dprintf("NULL response\n");
+		return;
+	}
+
+	if (*response == '\0' ||
+	    strlen(response) + 1 != (size_t) rlen)
+	{
+		if (tTd(64, 10))
+			dprintf("didn't follow protocol (total len)\n");
+		return;
+	}
+
+	if (tTd(64, 10))
+		dprintf("%s\n", response);
+	(void) removefromlist(response, &e->e_sendqueue, e);
+	return;
+}
+/*
+**  MILTER_REPLBODY -- Replace the current df file with new body
+**
+**	Parameters:
+**		response -- encoded form of new body.
+**		rlen -- length of response.
+**		newfilter -- if first time called by a new filter
+**		e -- current envelope.
+**
+**	Returns:
+**		0 upon success, -1 upon failure
+*/
+
+static int
+milter_replbody(response, rlen, newfilter, e)
+	char *response;
+	ssize_t rlen;
+	bool newfilter;
+	ENVELOPE *e;
+{
+	static char prevchar;
+	int i;
+
+	if (tTd(64, 10))
+		dprintf("milter_replbody\n");
+
+	/* If a new filter, reset previous character and truncate df */
+	if (newfilter)
+	{
+		off_t prevsize = 0;
+		char dfname[MAXPATHLEN];
+
+		(void) strlcpy(dfname, queuename(e, 'd'), sizeof dfname);
+
+		/* Reset prevchar */
+		prevchar = '\0';
+
+		/* Get the current df information */
+		if (bitset(EF_HAS_DF, e->e_flags) && e->e_dfp != NULL)
+		{
+			int afd;
+			struct stat st;
+
+			afd = fileno(e->e_dfp);
+			if (afd > 0 && fstat(afd, &st) == 0)
+				prevsize = st.st_size;
+		}
+
+		/* truncate current df file */
+		if (bftruncate(e->e_dfp) < 0)
+		{
+			MILTER_DF_ERROR("milter_reopen_df: bftruncate %s: %s");
+			return -1;
+		}
+		else
+		{
+			if (prevsize > e->e_msgsize)
+				e->e_msgsize = 0;
+			else
+				e->e_msgsize -= prevsize;
+		}
+	}
+
+	if (response == NULL)
+	{
+		/* Flush the buffered '\r' */
+		if (prevchar == '\r')
+		{
+			(void) putc(prevchar, e->e_dfp);
+			e->e_msgsize++;
+		}
+		return 0;
+	}
+
+	for (i = 0; i < rlen; i++)
+	{
+		/* Buffered char from last chunk */
+		if (i == 0 && prevchar == '\r')
+		{
+			/* Not CRLF, output prevchar */
+			if (response[i] != '\n')
+			{
+				(void) putc(prevchar, e->e_dfp);
+				e->e_msgsize++;
+			}
+			prevchar = '\0';
+		}
+
+		/* Turn CRLF into LF */
+		if (response[i] == '\r')
+		{
+			/* check if at end of chunk */
+			if (i + 1 < rlen)
+			{
+				/* If LF, strip CR */
+				if (response[i + 1] == '\n')
+					i++;
+			}
+			else
+			{
+				/* check next chunk */
+				prevchar = '\r';
+				continue;
+			}
+		}
+		(void) putc(response[i], e->e_dfp);
+		e->e_msgsize++;
+	}
+	return 0;
+}
+
+/*
+**  MTA callouts
+*/
+
+/*
+**  MILTER_INIT -- open and negotiate with all of the filters
+**
+**	Parameters:
+**		e -- current envelope.
+**		state -- return state from response.
+**
+**	Returns:
+**		none
+*/
+
+/* ARGSUSED */
+void
+milter_init(e, state)
+	ENVELOPE *e;
+	char *state;
+{
+	int i;
+
+	if (tTd(64, 10))
+		dprintf("milter_init\n");
+
+	*state = SMFIR_CONTINUE;
+	for (i = 0; InputFilters[i] != NULL; i++)
+	{
+		struct milter *m = InputFilters[i];
+
+		m->mf_sock = milter_open(m, FALSE, e);
+		if (m->mf_state == SMFS_ERROR)
+		{
+			MILTER_CHECK_ERROR(continue);
+			break;
+		}
+
+		if (m->mf_sock < 0 ||
+		    milter_negotiate(m, e) < 0 ||
+		    m->mf_state == SMFS_ERROR)
+		{
+			if (tTd(64, 5))
+				dprintf("milter_init(%s): failed to %s\n",
+					m->mf_name,
+					m->mf_sock < 0 ? "open" : "negotiate");
+
+			/* if negotation failure, close socket */
+			if (m->mf_sock >= 0)
+			{
+				(void) close(m->mf_sock);
+				m->mf_sock = -1;
+			}
+			milter_error(m);
+			if (m->mf_state == SMFS_ERROR)
+			{
+				MILTER_CHECK_ERROR(continue);
+				break;
+			}
+		}
+	}
+
+	/*
+	**  If something temp/perm failed with one of the filters,
+	**  we won't be using any of them, so clear any existing
+	**  connections.
+	*/
+
+	if (*state != SMFIR_CONTINUE)
+		milter_quit(e);
+}
+/*
+**  MILTER_CONNECT -- send connection info to milter filters
+**
+**	Parameters:
+**		hostname -- hostname of remote machine.
+**		addr -- address of remote machine.
+**		e -- current envelope.
+**		state -- return state from response.
+**
+**	Returns:
+**		response string (may be NULL)
+*/
+
+char *
+milter_connect(hostname, addr, e, state)
+	char *hostname;
+	SOCKADDR addr;
+	ENVELOPE *e;
+	char *state;
+{
+	char family;
+	u_short port;
+	char *buf, *bp;
+	char *response;
+	char *sockinfo = NULL;
+	ssize_t s;
+# if NETINET6
+	char buf6[INET6_ADDRSTRLEN];
+# endif /* NETINET6 */
+
+	if (tTd(64, 10))
+		dprintf("milter_connect(%s)\n", hostname);
+
+	/* gather data */
+	switch (addr.sa.sa_family)
+	{
+# if NETUNIX
+	  case AF_UNIX:
+		family = SMFIA_UNIX;
+		port = htons(0);
+		sockinfo = addr.sunix.sun_path;
+		break;
+# endif /* NETUNIX */
+
+# if NETINET
+	  case AF_INET:
+		family = SMFIA_INET;
+		port = htons(addr.sin.sin_port);
+		sockinfo = (char *) inet_ntoa(addr.sin.sin_addr);
+		break;
+# endif /* NETINET */
+
+# if NETINET6
+	  case AF_INET6:
+		family = SMFIA_INET6;
+		port = htons(addr.sin6.sin6_port);
+		sockinfo = anynet_ntop(&addr.sin6.sin6_addr, buf6,
+				       sizeof buf6);
+		if (sockinfo == NULL)
+			sockinfo = "";
+		break;
+# endif /* NETINET6 */
+
+	  default:
+		family = SMFIA_UNKNOWN;
+		break;
+	}
+
+	s = strlen(hostname) + 1 + sizeof(family);
+	if (family != SMFIA_UNKNOWN)
+		s += sizeof(port) + strlen(sockinfo) + 1;
+
+	buf = (char *)xalloc(s);
+	bp = buf;
+
+	/* put together data */
+	(void) memcpy(bp, hostname, strlen(hostname));
+	bp += strlen(hostname);
+	*bp++ = '\0';
+	(void) memcpy(bp, &family, sizeof family);
+	bp += sizeof family;
+	if (family != SMFIA_UNKNOWN)
+	{
+		(void) memcpy(bp, &port, sizeof port);
+		bp += sizeof port;
+
+		/* include trailing '\0' */
+		(void) memcpy(bp, sockinfo, strlen(sockinfo) + 1);
+	}
+
+	response = milter_command(SMFIC_CONNECT, buf, s,
+				  MilterConnectMacros, e, state);
+	free(buf);
+
+	/*
+	**  If this message connection is done for,
+	**  close the filters.
+	*/
+
+	if (*state != SMFIR_CONTINUE)
+		milter_quit(e);
+	else
+		milter_per_connection_check(e);
+
+	/*
+	**  SMFIR_REPLYCODE can't work with connect due to
+	**  the requirements of SMTP.  Therefore, ignore the
+	**  reply code text but keep the state it would reflect.
+	*/
+
+	if (*state == SMFIR_REPLYCODE)
+	{
+		if (response != NULL &&
+		    *response == '4')
+			*state = SMFIR_TEMPFAIL;
+		else
+			*state = SMFIR_REJECT;
+		if (response != NULL)
+		{
+			free(response);
+			response = NULL;
+		}
+	}
+	return response;
+}
+/*
+**  MILTER_HELO -- send SMTP HELO/EHLO command info to milter filters
+**
+**	Parameters:
+**		helo -- argument to SMTP HELO/EHLO command.
+**		e -- current envelope.
+**		state -- return state from response.
+**
+**	Returns:
+**		response string (may be NULL)
+*/
+
+char *
+milter_helo(helo, e, state)
+	char *helo;
+	ENVELOPE *e;
+	char *state;
+{
+	char *response;
+
+	if (tTd(64, 10))
+		dprintf("milter_helo(%s)\n", helo);
+
+	response = milter_command(SMFIC_HELO, helo, strlen(helo) + 1,
+				  MilterHeloMacros, e, state);
+	milter_per_connection_check(e);
+	return response;
+}
+/*
+**  MILTER_ENVFROM -- send SMTP MAIL command info to milter filters
+**
+**	Parameters:
+**		args -- SMTP MAIL command args (args[0] == sender).
+**		e -- current envelope.
+**		state -- return state from response.
+**
+**	Returns:
+**		response string (may be NULL)
+*/
+
+char *
+milter_envfrom(args, e, state)
+	char **args;
+	ENVELOPE *e;
+	char *state;
+{
+	int i;
+	char *buf, *bp;
+	char *response;
+	ssize_t s;
+
+	if (tTd(64, 10))
+	{
+		dprintf("milter_envfrom:");
+		for (i = 0; args[i] != NULL; i++)
+			dprintf(" %s", args[i]);
+		dprintf("\n");
+	}
+
+	/* sanity check */
+	if (args[0] == NULL)
+	{
+		*state = SMFIR_REJECT;
+		return NULL;
+	}
+
+	/* new message, so ... */
+	for (i = 0; InputFilters[i] != NULL; i++)
+	{
+		struct milter *m = InputFilters[i];
+
+		switch (m->mf_state)
+		{
+		  case SMFS_INMSG:
+			/* abort in message filters */
+			milter_abort_filter(m, e);
+			/* FALLTHROUGH */
+
+		  case SMFS_DONE:
+			/* reset done filters */
+			m->mf_state = SMFS_OPEN;
+			break;
+		}
+	}
+
+	/* put together data */
+	s = 0;
+	for (i = 0; args[i] != NULL; i++)
+		s += strlen(args[i]) + 1;
+	buf = (char *)xalloc(s);
+	bp = buf;
+	for (i = 0; args[i] != NULL; i++)
+	{
+		(void) strlcpy(bp, args[i], s - (bp - buf));
+		bp += strlen(bp) + 1;
+	}
+
+	/* send it over */
+	response = milter_command(SMFIC_MAIL, buf, s,
+				  MilterEnvFromMacros, e, state);
+	free(buf);
+
+	/*
+	**  If filter rejects/discards a per message command,
+	**  abort the other filters since we are done with the
+	**  current message.
+	*/
+
+	MILTER_CHECK_DONE_MSG();
+	return response;
+}
+/*
+**  MILTER_ENVRCPT -- send SMTP RCPT command info to milter filters
+**
+**	Parameters:
+**		args -- SMTP MAIL command args (args[0] == recipient).
+**		e -- current envelope.
+**		state -- return state from response.
+**
+**	Returns:
+**		response string (may be NULL)
+*/
+
+char *
+milter_envrcpt(args, e, state)
+	char **args;
+	ENVELOPE *e;
+	char *state;
+{
+	int i;
+	char *buf, *bp;
+	char *response;
+	ssize_t s;
+
+	if (tTd(64, 10))
+	{
+		dprintf("milter_envrcpt:");
+		for (i = 0; args[i] != NULL; i++)
+			dprintf(" %s", args[i]);
+		dprintf("\n");
+	}
+
+	/* sanity check */
+	if (args[0] == NULL)
+	{
+		*state = SMFIR_REJECT;
+		return NULL;
+	}
+
+	/* put together data */
+	s = 0;
+	for (i = 0; args[i] != NULL; i++)
+		s += strlen(args[i]) + 1;
+	buf = (char *)xalloc(s);
+	bp = buf;
+	for (i = 0; args[i] != NULL; i++)
+	{
+		(void) strlcpy(bp, args[i], s - (bp - buf));
+		bp += strlen(bp) + 1;
+	}
+
+	/* send it over */
+	response = milter_command(SMFIC_RCPT, buf, s,
+				  MilterEnvRcptMacros, e, state);
+	free(buf);
+	return response;
+}
+/*
+**  MILTER_DATA -- send message headers/body and gather final message results
+**
+**	Parameters:
+**		e -- current envelope.
+**		state -- return state from response.
+**
+**	Returns:
+**		response string (may be NULL)
+**
+**	Side effects:
+**		- Uses e->e_dfp for access to the body
+**		- Can call the various milter action routines to
+**		  modify the envelope or message.
+*/
+
+# define MILTER_CHECK_RESULTS() \
+	if (*state == SMFIR_ACCEPT || \
+	    m->mf_state == SMFS_DONE || \
+	    m->mf_state == SMFS_ERROR) \
+	{ \
+		if (m->mf_state != SMFS_ERROR) \
+			m->mf_state = SMFS_DONE; \
+		continue;	/* to next filter */ \
+	} \
+	if (*state != SMFIR_CONTINUE) \
+	{ \
+		m->mf_state = SMFS_DONE; \
+		goto finishup; \
+	}
+
+char *
+milter_data(e, state)
+	ENVELOPE *e;
+	char *state;
+{
+	bool replbody = FALSE;		/* milter_replbody() called? */
+	bool replfailed = FALSE;	/* milter_replbody() failed? */
+	bool rewind = FALSE;		/* rewind df file? */
+	bool dfopen = FALSE;		/* df open for writing? */
+	bool newfilter;			/* reset on each new filter */
+	char rcmd;
+	int i;
+	int save_errno;
+	char *response = NULL;
+	time_t eomsent;
+	ssize_t rlen;
+
+	if (tTd(64, 10))
+		dprintf("milter_data\n");
+
+	*state = SMFIR_CONTINUE;
+
+	/*
+	**  XXX: Should actually send body chunks to each filter
+	**  a chunk at a time instead of sending the whole body to
+	**  each filter in turn.  However, only if the filters don't
+	**  change the body.
+	*/
+
+	for (i = 0; InputFilters[i] != NULL; i++)
+	{
+		struct milter *m = InputFilters[i];
+
+		if (*state != SMFIR_CONTINUE &&
+		    *state != SMFIR_ACCEPT)
+		{
+			/*
+			**  A previous filter has dealt with the message,
+			**  safe to stop processing the filters.
+			*/
+
+			break;
+		}
+
+		/* Now reset state for later evaluation */
+		*state = SMFIR_CONTINUE;
+		newfilter = TRUE;
+
+		/* sanity checks */
+		if (m->mf_sock < 0 ||
+		    (m->mf_state != SMFS_OPEN && m->mf_state != SMFS_INMSG))
+			continue;
+
+		m->mf_state = SMFS_INMSG;
+
+		/* check if filter wants the headers */
+		if (!bitset(SMFIP_NOHDRS, m->mf_pflags))
+		{
+			response = milter_headers(m, e, state);
+			MILTER_CHECK_RESULTS();
+		}
+
+		/* check if filter wants EOH */
+		if (!bitset(SMFIP_NOEOH, m->mf_pflags))
+		{
+			if (tTd(64, 10))
+				dprintf("milter_data: eoh\n");
+
+			/* send it over */
+			response = milter_send_command(m, SMFIC_EOH, NULL, 0,
+						       e, state);
+			MILTER_CHECK_RESULTS();
+		}
+
+		/* check if filter wants the body */
+		if (!bitset(SMFIP_NOBODY, m->mf_pflags) &&
+		    e->e_dfp != NULL)
+		{
+			rewind = TRUE;
+			response = milter_body(m, e, state);
+			MILTER_CHECK_RESULTS();
+		}
+
+		/* send the final body chunk */
+		(void) milter_write(m, SMFIC_BODYEOB, NULL, 0,
+				    m->mf_timeout[SMFTO_WRITE], e);
+
+		/* Get time EOM sent for timeout */
+		eomsent = curtime();
+
+		/* deal with the possibility of multiple responses */
+		while (*state == SMFIR_CONTINUE)
+		{
+			/* Check total timeout from EOM to final ACK/NAK */
+			if (m->mf_timeout[SMFTO_EOM] > 0 &&
+			    curtime() - eomsent >= m->mf_timeout[SMFTO_EOM])
+			{
+				if (tTd(64, 5))
+					dprintf("milter_data(%s): EOM ACK/NAK timeout\n",
+						m->mf_name);
+				if (LogLevel > 0)
+					sm_syslog(LOG_ERR, e->e_id,
+						  "milter_data(%s): EOM ACK/NAK timeout\n",
+						  m->mf_name);
+				milter_error(m);
+				MILTER_CHECK_ERROR(continue);
+				break;
+			}
+
+			response = milter_read(m, &rcmd, &rlen,
+					       m->mf_timeout[SMFTO_READ], e);
+			if (m->mf_state == SMFS_ERROR)
+				break;
+
+			if (tTd(64, 10))
+				dprintf("milter_data(%s): state %c\n",
+					m->mf_name, (char) rcmd);
+
+			switch (rcmd)
+			{
+			  case SMFIR_REPLYCODE:
+				MILTER_CHECK_REPLYCODE("554 5.7.1 Command rejected");
+				*state = rcmd;
+				m->mf_state = SMFS_DONE;
+				break;
+
+			  case SMFIR_REJECT:
+			  case SMFIR_DISCARD:
+			  case SMFIR_TEMPFAIL:
+				*state = rcmd;
+				m->mf_state = SMFS_DONE;
+				break;
+
+			  case SMFIR_CONTINUE:
+			  case SMFIR_ACCEPT:
+				/* this filter is done with message */
+				if (replfailed)
+					*state = SMFIR_TEMPFAIL;
+				else
+					*state = SMFIR_ACCEPT;
+				m->mf_state = SMFS_DONE;
+				break;
+
+			  case SMFIR_PROGRESS:
+				break;
+
+			  case SMFIR_ADDHEADER:
+				if (!bitset(SMFIF_ADDHDRS, m->mf_fflags))
+				{
+					if (LogLevel > 9)
+						sm_syslog(LOG_WARNING, e->e_id,
+							  "milter_data(%s): lied about adding headers, honoring request anyway",
+							  m->mf_name);
+				}
+				milter_addheader(response, rlen, e);
+				break;
+
+			  case SMFIR_CHGHEADER:
+				if (!bitset(SMFIF_CHGHDRS, m->mf_fflags))
+				{
+					if (LogLevel > 9)
+						sm_syslog(LOG_WARNING, e->e_id,
+							  "milter_data(%s): lied about changing headers, honoring request anyway",
+							  m->mf_name);
+				}
+				milter_changeheader(response, rlen, e);
+				break;
+
+			  case SMFIR_ADDRCPT:
+				if (!bitset(SMFIF_ADDRCPT, m->mf_fflags))
+				{
+					if (LogLevel > 9)
+						sm_syslog(LOG_WARNING, e->e_id,
+							  "milter_data(%s) lied about adding recipients, honoring request anyway",
+							  m->mf_name);
+				}
+				milter_addrcpt(response, rlen, e);
+				break;
+
+			  case SMFIR_DELRCPT:
+				if (!bitset(SMFIF_DELRCPT, m->mf_fflags))
+				{
+					if (LogLevel > 9)
+						sm_syslog(LOG_WARNING, e->e_id,
+							  "milter_data(%s): lied about removing recipients, honoring request anyway",
+							  m->mf_name);
+				}
+				milter_delrcpt(response, rlen, e);
+				break;
+
+			  case SMFIR_REPLBODY:
+				if (!bitset(SMFIF_MODBODY, m->mf_fflags))
+				{
+					if (LogLevel > 0)
+						sm_syslog(LOG_ERR, e->e_id,
+							  "milter_data(%s): lied about replacing body, rejecting request and tempfailing message",
+							  m->mf_name);
+					replfailed = TRUE;
+					break;
+				}
+
+				/* already failed in attempt */
+				if (replfailed)
+					break;
+
+				if (!dfopen)
+				{
+					if (milter_reopen_df(e) < 0)
+					{
+						replfailed = TRUE;
+						break;
+					}
+					dfopen = TRUE;
+					rewind = TRUE;
+				}
+
+				if (milter_replbody(response, rlen,
+						    newfilter, e) < 0)
+					replfailed = TRUE;
+				newfilter = FALSE;
+				replbody = TRUE;
+				break;
+
+			  default:
+				/* Invalid response to command */
+				if (LogLevel > 0)
+					sm_syslog(LOG_ERR, e->e_id,
+						  "milter_data(%s): returned bogus response %c",
+						  m->mf_name, rcmd);
+				milter_error(m);
+				break;
+			}
+			if (rcmd != SMFIR_REPLYCODE &&
+			    response != NULL)
+			{
+				free(response);
+				response = NULL;
+			}
+
+			if (m->mf_state == SMFS_ERROR)
+				break;
+		}
+
+		if (replbody && !replfailed)
+		{
+			/* flush possible buffered character */
+			milter_replbody(NULL, 0, !replbody, e);
+			replbody = FALSE;
+		}
+
+		if (m->mf_state == SMFS_ERROR)
+		{
+			MILTER_CHECK_ERROR(continue);
+			goto finishup;
+		}
+	}
+
+finishup:
+	/* leave things in the expected state if we touched it */
+	if (replfailed)
+	{
+		if (*state == SMFIR_CONTINUE ||
+		    *state == SMFIR_ACCEPT)
+		{
+			*state = SMFIR_TEMPFAIL;
+			if (response != NULL)
+			{
+				free(response);
+				response = NULL;
+			}
+		}
+
+		if (dfopen)
+		{
+			(void) fclose(e->e_dfp);
+			e->e_dfp = NULL;
+			e->e_flags &= ~EF_HAS_DF;
+			dfopen = FALSE;
+		}
+		rewind = FALSE;
+	}
+
+	if ((dfopen && milter_reset_df(e) < 0) ||
+	    (rewind && bfrewind(e->e_dfp) < 0))
+	{
+		save_errno = errno;
+		ExitStat = EX_IOERR;
+
+		/*
+		**  If filter told us to keep message but we had
+		**  an error, we can't really keep it, tempfail it.
+		*/
+
+		if (*state == SMFIR_CONTINUE ||
+		    *state == SMFIR_ACCEPT)
+		{
+			*state = SMFIR_TEMPFAIL;
+			if (response != NULL)
+			{
+				free(response);
+				response = NULL;
+			}
+		}
+
+		errno = save_errno;
+		syserr("milter_data: %s/df%s: read error",
+		       qid_printqueue(e->e_queuedir), e->e_id);
+	}
+	MILTER_CHECK_DONE_MSG();
+	return response;
+}
+/*
+**  MILTER_QUIT -- informs the filter(s) we are done and closes connection(s)
+**
+**	Parameters:
+**		e -- current envelope.
+**
+**	Returns:
+**		none
+*/
+
+void
+milter_quit(e)
+	ENVELOPE *e;
+{
+	int i;
+
+	if (tTd(64, 10))
+		dprintf("milter_quit\n");
+
+	for (i = 0; InputFilters[i] != NULL; i++)
+		milter_quit_filter(InputFilters[i], e);
+}
+/*
+**  MILTER_ABORT -- informs the filter(s) that we are aborting current message
+**
+**	Parameters:
+**		e -- current envelope.
+**
+**	Returns:
+**		none
+*/
+
+void
+milter_abort(e)
+	ENVELOPE *e;
+{
+	int i;
+
+	if (tTd(64, 10))
+		dprintf("milter_abort\n");
+
+	for (i = 0; InputFilters[i] != NULL; i++)
+	{
+		struct milter *m = InputFilters[i];
+
+		/* sanity checks */
+		if (m->mf_sock < 0 || m->mf_state != SMFS_INMSG)
+			continue;
+
+		milter_abort_filter(m, e);
+	}
+}
+#endif /* _FFR_MILTER */
diff --git a/contrib/sendmail/src/mime.c b/contrib/sendmail/src/mime.c
index 7156891..e92f615 100644
--- a/contrib/sendmail/src/mime.c
+++ b/contrib/sendmail/src/mime.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1994, 1996-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1994
  *	The Regents of the University of California.  All rights reserved.
@@ -10,12 +11,18 @@
  *
  */
 
-# include "sendmail.h"
-# include <string.h>
+#include <sendmail.h>
+#include <string.h>
 
 #ifndef lint
-static char sccsid[] = "@(#)mime.c	8.71 (Berkeley) 1/18/1999";
-#endif /* not lint */
+static char id[] = "@(#)$Id: mime.c,v 8.94 1999/10/17 17:35:58 ca Exp $";
+#endif /* ! lint */
+
+static int	isboundary __P((char *, char **));
+static int	mimeboundary __P((char *, char **));
+static int	mime_fromqp __P((u_char *, u_char **, int, int));
+static int	mime_getchar __P((FILE *, char **, int *));
+static int	mime_getchar_crlf __P((FILE *, char **, int *));
 
 /*
 **  MIME support.
@@ -37,23 +44,22 @@ static char sccsid[] = "@(#)mime.c	8.71 (Berkeley) 1/18/1999";
 #if MIME8TO7
 
 /* character set for hex and base64 encoding */
-char	Base16Code[] =	"0123456789ABCDEF";
-char	Base64Code[] =	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+static char	Base16Code[] =	"0123456789ABCDEF";
+static char	Base64Code[] =	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
 
 /* types of MIME boundaries */
-#define MBT_SYNTAX	0	/* syntax error */
-#define MBT_NOTSEP	1	/* not a boundary */
-#define MBT_INTERMED	2	/* intermediate boundary (no trailing --) */
-#define MBT_FINAL	3	/* final boundary (trailing -- included) */
+# define MBT_SYNTAX	0	/* syntax error */
+# define MBT_NOTSEP	1	/* not a boundary */
+# define MBT_INTERMED	2	/* intermediate boundary (no trailing --) */
+# define MBT_FINAL	3	/* final boundary (trailing -- included) */
 
 static char	*MimeBoundaryNames[] =
 {
 	"SYNTAX",	"NOTSEP",	"INTERMED",	"FINAL"
 };
 
-bool	MapNLtoCRLF;
+static bool	MapNLtoCRLF;
 
-extern int	mimeboundary __P((char *, char **));
 /*
 **  MIME8TO7 -- output 8 bit body in 7 bit format
 **
@@ -83,8 +89,8 @@ extern int	mimeboundary __P((char *, char **));
 
 struct args
 {
-	char	*field;		/* name of field */
-	char	*value;		/* value of that field */
+	char	*a_field;	/* name of field */
+	char	*a_value;	/* value of that field */
 };
 
 int
@@ -113,20 +119,18 @@ mime8to7(mci, header, e, boundaries, flags)
 	char buf[MAXLINE];
 	char pvpbuf[MAXLINE];
 	extern u_char MimeTokenTab[256];
-	extern int mime_getchar __P((FILE *, char **, int *));
-	extern int mime_getchar_crlf __P((FILE *, char **, int *));
 
 	if (tTd(43, 1))
 	{
-		printf("mime8to7: flags = %x, boundaries =", flags);
+		dprintf("mime8to7: flags = %x, boundaries =", flags);
 		if (boundaries[0] == NULL)
-			printf(" <none>");
+			dprintf(" <none>");
 		else
 		{
 			for (i = 0; boundaries[i] != NULL; i++)
-				printf(" %s", boundaries[i]);
+				dprintf(" %s", boundaries[i]);
 		}
-		printf("\n");
+		dprintf("\n");
 	}
 	MapNLtoCRLF = TRUE;
 	p = hvalue("Content-Transfer-Encoding", header);
@@ -160,7 +164,7 @@ mime8to7(mci, header, e, boundaries, flags)
 		if (tTd(43, 40))
 		{
 			for (i = 0; pvp[i] != NULL; i++)
-				printf("pvp[%d] = \"%s\"\n", i, pvp[i]);
+				dprintf("pvp[%d] = \"%s\"\n", i, pvp[i]);
 		}
 		type = *pvp++;
 		if (*pvp != NULL && strcmp(*pvp, "/") == 0 &&
@@ -178,14 +182,24 @@ mime8to7(mci, header, e, boundaries, flags)
 			if (*pvp++ == NULL || *pvp == NULL)
 				break;
 
+			/* complain about empty values */
+			if (strcmp(*pvp, ";") == 0)
+			{
+				usrerr("mime8to7: Empty parameter in Content-Type header");
+
+				/* avoid bounce loops */
+				e->e_flags |= EF_DONT_MIME;
+				continue;
+			}
+
 			/* extract field name */
-			argv[argc].field = *pvp++;
+			argv[argc].a_field = *pvp++;
 
 			/* see if there is a value */
 			if (*pvp != NULL && strcmp(*pvp, "=") == 0 &&
 			    (*++pvp == NULL || strcmp(*pvp, ";") != 0))
 			{
-				argv[argc].value = *pvp;
+				argv[argc].a_value = *pvp;
 				argc++;
 			}
 		}
@@ -212,10 +226,10 @@ mime8to7(mci, header, e, boundaries, flags)
 	if (wordinclass(buf, 'n') || (cte != NULL && !wordinclass(cte, 'e')))
 		flags |= M87F_NO8BIT;
 
-#ifdef USE_B_CLASS
+# ifdef USE_B_CLASS
 	if (wordinclass(buf, 'b') || wordinclass(type, 'b'))
 		MapNLtoCRLF = FALSE;
-#endif
+# endif /* USE_B_CLASS */
 	if (wordinclass(buf, 'q') || wordinclass(type, 'q'))
 		use_qp = TRUE;
 
@@ -228,19 +242,18 @@ mime8to7(mci, header, e, boundaries, flags)
 	if (strcasecmp(type, "multipart") == 0 &&
 	    (!bitset(M87F_NO8BIT, flags) || bitset(M87F_NO8TO7, flags)))
 	{
-		int blen;
 
 		if (strcasecmp(subtype, "digest") == 0)
 			flags |= M87F_DIGEST;
 
 		for (i = 0; i < argc; i++)
 		{
-			if (strcasecmp(argv[i].field, "boundary") == 0)
+			if (strcasecmp(argv[i].a_field, "boundary") == 0)
 				break;
 		}
-		if (i >= argc || argv[i].value == NULL)
+		if (i >= argc || argv[i].a_value == NULL)
 		{
-			syserr("mime8to7: Content-Type: \"%s\": %s boundary",
+			usrerr("mime8to7: Content-Type: \"%s\": %s boundary",
 				i >= argc ? "missing" : "bogus", p);
 			p = "---";
 
@@ -249,29 +262,26 @@ mime8to7(mci, header, e, boundaries, flags)
 		}
 		else
 		{
-			p = argv[i].value;
+			p = argv[i].a_value;
 			stripquotes(p);
 		}
-		blen = strlen(p);
-		if (blen > sizeof bbuf - 1)
+		if (strlcpy(bbuf, p, sizeof bbuf) >= sizeof bbuf)
 		{
-			syserr("mime8to7: multipart boundary \"%s\" too long",
+			usrerr("mime8to7: multipart boundary \"%s\" too long",
 				p);
-			blen = sizeof bbuf - 1;
 
 			/* avoid bounce loops */
 			e->e_flags |= EF_DONT_MIME;
 		}
-		strncpy(bbuf, p, blen);
-		bbuf[blen] = '\0';
+
 		if (tTd(43, 1))
-			printf("mime8to7: multipart boundary \"%s\"\n", bbuf);
+			dprintf("mime8to7: multipart boundary \"%s\"\n", bbuf);
 		for (i = 0; i < MAXMIMENESTING; i++)
 			if (boundaries[i] == NULL)
 				break;
 		if (i >= MAXMIMENESTING)
 		{
-			syserr("mime8to7: multipart nesting boundary too deep");
+			usrerr("mime8to7: multipart nesting boundary too deep");
 
 			/* avoid bounce loops */
 			e->e_flags |= EF_DONT_MIME;
@@ -286,6 +296,7 @@ mime8to7(mci, header, e, boundaries, flags)
 		/* skip the early "comment" prologue */
 		putline("", mci);
 		mci->mci_flags &= ~MCIF_INHEADER;
+		bt = MBT_FINAL;
 		while (fgets(buf, sizeof buf, e->e_dfp) != NULL)
 		{
 			bt = mimeboundary(buf, boundaries);
@@ -293,7 +304,7 @@ mime8to7(mci, header, e, boundaries, flags)
 				break;
 			putxline(buf, strlen(buf), mci, PXLF_MAPFROM|PXLF_STRIP8BIT);
 			if (tTd(43, 99))
-				printf("  ...%s", buf);
+				dprintf("  ...%s", buf);
 		}
 		if (feof(e->e_dfp))
 			bt = MBT_FINAL;
@@ -304,7 +315,7 @@ mime8to7(mci, header, e, boundaries, flags)
 			snprintf(buf, sizeof buf, "--%s", bbuf);
 			putline(buf, mci);
 			if (tTd(43, 35))
-				printf("  ...%s\n", buf);
+				dprintf("  ...%s\n", buf);
 			collect(e->e_dfp, FALSE, &hdr, e);
 			if (tTd(43, 101))
 				putline("+++after collect", mci);
@@ -316,7 +327,7 @@ mime8to7(mci, header, e, boundaries, flags)
 		snprintf(buf, sizeof buf, "--%s--", bbuf);
 		putline(buf, mci);
 		if (tTd(43, 35))
-			printf("  ...%s\n", buf);
+			dprintf("  ...%s\n", buf);
 		boundaries[i] = NULL;
 		mci->mci_flags &= ~MCIF_INMIME;
 
@@ -328,12 +339,12 @@ mime8to7(mci, header, e, boundaries, flags)
 				break;
 			putxline(buf, strlen(buf), mci, PXLF_MAPFROM|PXLF_STRIP8BIT);
 			if (tTd(43, 99))
-				printf("  ...%s", buf);
+				dprintf("  ...%s", buf);
 		}
 		if (feof(e->e_dfp))
 			bt = MBT_FINAL;
 		if (tTd(43, 3))
-			printf("\t\t\tmime8to7=>%s (multipart)\n",
+			dprintf("\t\t\tmime8to7=>%s (multipart)\n",
 				MimeBoundaryNames[bt]);
 		return bt;
 	}
@@ -429,7 +440,7 @@ mime8to7(mci, header, e, boundaries, flags)
 
 	if (tTd(43, 8))
 	{
-		printf("mime8to7: %ld high bit(s) in %ld byte(s), cte=%s, type=%s/%s\n",
+		dprintf("mime8to7: %ld high bit(s) in %ld byte(s), cte=%s, type=%s/%s\n",
 			(long) sectionhighbits, (long) sectionsize,
 			cte == NULL ? "[none]" : cte,
 			type == NULL ? "[none]" : type,
@@ -443,7 +454,8 @@ mime8to7(mci, header, e, boundaries, flags)
 	{
 		/* no encoding necessary */
 		if (cte != NULL &&
-		    bitset(MCIF_INMIME, mci->mci_flags) &&
+		    bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME,
+			   mci->mci_flags) &&
 		    !bitset(M87F_NO8TO7, flags))
 		{
 			/*
@@ -458,7 +470,7 @@ mime8to7(mci, header, e, boundaries, flags)
 				"Content-Transfer-Encoding: %.200s", cte);
 			putline(buf, mci);
 			if (tTd(43, 36))
-				printf("  ...%s\n", buf);
+				dprintf("  ...%s\n", buf);
 		}
 		putline("", mci);
 		mci->mci_flags &= ~MCIF_INHEADER;
@@ -479,7 +491,7 @@ mime8to7(mci, header, e, boundaries, flags)
 		int c1, c2;
 
 		if (tTd(43, 36))
-			printf("  ...Content-Transfer-Encoding: base64\n");
+			dprintf("  ...Content-Transfer-Encoding: base64\n");
 		putline("Content-Transfer-Encoding: base64", mci);
 		snprintf(buf, sizeof buf,
 			"X-MIME-Autoconverted: from 8bit to base64 by %s id %s",
@@ -529,7 +541,7 @@ mime8to7(mci, header, e, boundaries, flags)
 		/* use quoted-printable encoding */
 		int c1, c2;
 		int fromstate;
-		BITMAP badchars;
+		BITMAP256 badchars;
 
 		/* set up map of characters that must be mapped */
 		clrbitmap(badchars);
@@ -544,7 +556,7 @@ mime8to7(mci, header, e, boundaries, flags)
 				setbitn(*p, badchars);
 
 		if (tTd(43, 36))
-			printf("  ...Content-Transfer-Encoding: quoted-printable\n");
+			dprintf("  ...Content-Transfer-Encoding: quoted-printable\n");
 		putline("Content-Transfer-Encoding: quoted-printable", mci);
 		snprintf(buf, sizeof buf,
 			"X-MIME-Autoconverted: from 8bit to quoted-printable by %s id %s",
@@ -643,7 +655,7 @@ mime8to7(mci, header, e, boundaries, flags)
 
 	}
 	if (tTd(43, 3))
-		printf("\t\t\tmime8to7=>%s (basic)\n", MimeBoundaryNames[bt]);
+		dprintf("\t\t\tmime8to7=>%s (basic)\n", MimeBoundaryNames[bt]);
 	return bt;
 }
 /*
@@ -661,7 +673,7 @@ mime8to7(mci, header, e, boundaries, flags)
 **		The next character in the input stream.
 */
 
-int
+static int
 mime_getchar(fp, boundaries, btp)
 	register FILE *fp;
 	char **boundaries;
@@ -685,7 +697,7 @@ mime_getchar(fp, boundaries, btp)
 		buflen--;
 		return *bp++;
 	}
-	else 
+	else
 		c = getc(fp);
 	bp = buf;
 	buflen = 0;
@@ -697,7 +709,7 @@ mime_getchar(fp, boundaries, btp)
 		c = getc(fp);
 		if (c == '\n')
 		{
-			ungetc(c, fp);
+			(void) ungetc(c, fp);
 			return c;
 		}
 		start = 1;
@@ -767,7 +779,7 @@ mime_getchar(fp, boundaries, btp)
 **		The next character in the input stream.
 */
 
-int
+static int
 mime_getchar_crlf(fp, boundaries, btp)
 	register FILE *fp;
 	char **boundaries;
@@ -804,7 +816,7 @@ mime_getchar_crlf(fp, boundaries, btp)
 **			enclosure -- i.e., a syntax error.
 */
 
-int
+static int
 mimeboundary(line, boundaries)
 	register char *line;
 	char **boundaries;
@@ -812,7 +824,6 @@ mimeboundary(line, boundaries)
 	int type = MBT_NOTSEP;
 	int i;
 	int savec;
-	extern int isboundary __P((char *, char **));
 
 	if (line[0] != '-' || line[1] != '-' || boundaries == NULL)
 		return MBT_NOTSEP;
@@ -827,7 +838,7 @@ mimeboundary(line, boundaries)
 	line[i] = '\0';
 
 	if (tTd(43, 5))
-		printf("mimeboundary: line=\"%s\"... ", line);
+		dprintf("mimeboundary: line=\"%s\"... ", line);
 
 	/* check for this as an intermediate boundary */
 	if (isboundary(&line[2], boundaries) >= 0)
@@ -843,7 +854,7 @@ mimeboundary(line, boundaries)
 
 	line[i] = savec;
 	if (tTd(43, 5))
-		printf("%s\n", MimeBoundaryNames[type]);
+		dprintf("%s\n", MimeBoundaryNames[type]);
 	return type;
 }
 /*
@@ -886,7 +897,7 @@ defcharset(e)
 **
 */
 
-int
+static int
 isboundary(line, boundaries)
 	char *line;
 	char **boundaries;
@@ -900,7 +911,6 @@ isboundary(line, boundaries)
 	}
 	return -1;
 }
-
 #endif /* MIME8TO7 */
 
 #if MIME7TO8
@@ -930,8 +940,6 @@ isboundary(line, boundaries)
 **		none.
 */
 
-extern int	mime_fromqp __P((u_char *, u_char **, int, int));
-
 static char index_64[128] =
 {
 	-1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1,
@@ -944,8 +952,7 @@ static char index_64[128] =
 	41,42,43,44, 45,46,47,48, 49,50,51,-1, -1,-1,-1,-1
 };
 
-#define CHAR64(c)  (((c) < 0 || (c) > 127) ? -1 : index_64[(c)])
-
+# define CHAR64(c)  (((c) < 0 || (c) > 127) ? -1 : index_64[(c)])
 
 void
 mime7to8(mci, header, e)
@@ -1103,7 +1110,7 @@ mime7to8(mci, header, e)
 		putxline((char *) fbuf, fbufp - fbuf, mci, PXLF_MAPFROM);
 	}
 	if (tTd(43, 3))
-		printf("\t\t\tmime7to8 => %s to 8bit done\n", cte);
+		dprintf("\t\t\tmime7to8 => %s to 8bit done\n", cte);
 }
 /*
 **  The following is based on Borenstein's "codes.c" module, with simplifying
@@ -1126,9 +1133,9 @@ static char index_hex[128] =
 	-1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1
 };
 
-#define HEXCHAR(c)  (((c) < 0 || (c) > 127) ? -1 : index_hex[(c)])
+# define HEXCHAR(c)  (((c) < 0 || (c) > 127) ? -1 : index_hex[(c)])
 
-int
+static int
 mime_fromqp(infile, outfile, state, maxlen)
 	u_char *infile;
 	u_char **outfile;
@@ -1185,6 +1192,4 @@ mime_fromqp(infile, outfile, state, maxlen)
 	*(*outfile)++ = '\0';
 	return 1;
 }
-
-
 #endif /* MIME7TO8 */
diff --git a/contrib/sendmail/src/newaliases.1 b/contrib/sendmail/src/newaliases.1
index b9673cd..dffa4ce 100644
--- a/contrib/sendmail/src/newaliases.1
+++ b/contrib/sendmail/src/newaliases.1
@@ -1,4 +1,5 @@
-.\" Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+.\" Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+.\"	 All rights reserved.
 .\" Copyright (c) 1983, 1997 Eric P. Allman.  All rights reserved.
 .\" Copyright (c) 1985, 1990, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -8,40 +9,33 @@
 .\" the sendmail distribution.
 .\"
 .\"
-.\"     @(#)newaliases.1	8.10 (Berkeley) 5/19/1998
+.\"     $Id: newaliases.1,v 8.15 1999/06/22 20:41:34 tony Exp $
 .\"
-.Dd May 19, 1998
-.Dt NEWALIASES 1
-.Os BSD 4
-.Sh NAME
-.Nm newaliases
-.Nd rebuild the data base for the mail aliases file
-.Sh SYNOPSIS
-.Nm newaliases
-.Sh DESCRIPTION
-.Nm Newaliases
+.TH NEWALIASES 1 "$Date: 1999/06/22 20:41:34 $"
+.SH NAME
+.B newaliases
+\- rebuild the data base for the mail aliases file
+.SH SYNOPSIS
+.B newaliases
+.SH DESCRIPTION
+.B Newaliases
 rebuilds the random access data base for the mail aliases file
-.Pa /etc/aliases .
-It must be run each time this file is changed in order
-for the change to take effect.
-.Pp
-.Nm Newaliases
-is identical to
-.Dq Li "sendmail -bi" .
-.Pp
+/etc/mail/aliases.  It must be run each time this file is changed
+in order for the change to take effect.
+.PP
+.B Newaliases
+is identical to ``sendmail -bi''.
+.PP
 The
-.Nm newaliases
+.B newaliases
 utility exits 0 on success, and >0 if an error occurs.
-.Sh FILES
-.Bl -tag -width /etc/aliases -compact
-.It Pa /etc/aliases
+.SH FILES
+.TP 2i
+/etc/mail/aliases
 The mail aliases file
-.El
-.Sh SEE ALSO
-.Xr aliases 5 ,
-.Xr sendmail 8
-.Sh HISTORY
+.SH SEE ALSO
+aliases(5), sendmail(8)
+.SH HISTORY
 The
-.Nm newaliases
-command appeared in
-.Bx 4.0 .
+.B newaliases
+command appeared in 4.0BSD.
diff --git a/contrib/sendmail/src/parseaddr.c b/contrib/sendmail/src/parseaddr.c
index 86762fd..ad4ed9a 100644
--- a/contrib/sendmail/src/parseaddr.c
+++ b/contrib/sendmail/src/parseaddr.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,10 +12,15 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)parseaddr.c	8.156 (Berkeley) 10/27/1998";
-#endif /* not lint */
+static char id[] = "@(#)$Id: parseaddr.c,v 8.234.4.1 2000/05/25 18:56:16 gshapiro Exp $";
+#endif /* ! lint */
 
-# include "sendmail.h"
+#include <sendmail.h>
+
+static void	allocaddr __P((ADDRESS *, int, char *));
+static int	callsubr __P((char**, int, ENVELOPE *));
+static char	*map_lookup __P((STAB *, char *, char **, int *, ENVELOPE *));
+static ADDRESS	*buildaddr __P((char **, ADDRESS *, int, ENVELOPE *));
 
 /*
 **  PARSEADDR -- Parse an address
@@ -52,7 +58,7 @@ static char sccsid[] = "@(#)parseaddr.c	8.156 (Berkeley) 10/27/1998";
 */
 
 /* following delimiters are inherent to the internal algorithms */
-# define DELIMCHARS	"()<>,;\r\n"	/* default word delimiters */
+#define DELIMCHARS	"()<>,;\r\n"	/* default word delimiters */
 
 ADDRESS *
 parseaddr(addr, a, flags, delim, delimptr, e)
@@ -65,10 +71,8 @@ parseaddr(addr, a, flags, delim, delimptr, e)
 {
 	register char **pvp;
 	auto char *delimptrbuf;
-	bool queueup;
+	bool qup;
 	char pvpbuf[PSBUFSIZE];
-	extern bool invalidaddr __P((char *, char *));
-	extern void allocaddr __P((ADDRESS *, int, char *));
 
 	/*
 	**  Initialize and prescan address.
@@ -76,7 +80,7 @@ parseaddr(addr, a, flags, delim, delimptr, e)
 
 	e->e_to = addr;
 	if (tTd(20, 1))
-		printf("\n--parseaddr(%s)\n", addr);
+		dprintf("\n--parseaddr(%s)\n", addr);
 
 	if (delimptr == NULL)
 		delimptr = &delimptrbuf;
@@ -85,14 +89,14 @@ parseaddr(addr, a, flags, delim, delimptr, e)
 	if (pvp == NULL)
 	{
 		if (tTd(20, 1))
-			printf("parseaddr-->NULL\n");
-		return (NULL);
+			dprintf("parseaddr-->NULL\n");
+		return NULL;
 	}
 
 	if (invalidaddr(addr, delim == '\0' ? NULL : *delimptr))
 	{
 		if (tTd(20, 1))
-			printf("parseaddr-->bad address\n");
+			dprintf("parseaddr-->bad address\n");
 		return NULL;
 	}
 
@@ -120,11 +124,11 @@ parseaddr(addr, a, flags, delim, delimptr, e)
 	**	Ruleset 0 does basic parsing.  It must resolve.
 	*/
 
-	queueup = FALSE;
+	qup = FALSE;
 	if (rewrite(pvp, 3, 0, e) == EX_TEMPFAIL)
-		queueup = TRUE;
+		qup = TRUE;
 	if (rewrite(pvp, 0, 0, e) == EX_TEMPFAIL)
-		queueup = TRUE;
+		qup = TRUE;
 
 
 	/*
@@ -139,25 +143,25 @@ parseaddr(addr, a, flags, delim, delimptr, e)
 	*/
 
 	allocaddr(a, flags, addr);
-	if (bitset(QBADADDR, a->q_flags))
+	if (QS_IS_BADADDR(a->q_state))
 		return a;
 
 	/*
 	**  If there was a parsing failure, mark it for queueing.
 	*/
 
-	if (queueup && OpMode != MD_INITALIAS)
+	if (qup && OpMode != MD_INITALIAS)
 	{
 		char *msg = "Transient parse error -- message queued for future delivery";
 
 		if (e->e_sendmode == SM_DEFER)
 			msg = "Deferring message until queue run";
 		if (tTd(20, 1))
-			printf("parseaddr: queuing message\n");
+			dprintf("parseaddr: queuing message\n");
 		message(msg);
 		if (e->e_message == NULL && e->e_sendmode != SM_DEFER)
 			e->e_message = newstr(msg);
-		a->q_flags |= QQUEUEUP;
+		a->q_state = QS_QUEUEUP;
 		a->q_status = "4.4.3";
 	}
 
@@ -167,11 +171,11 @@ parseaddr(addr, a, flags, delim, delimptr, e)
 
 	if (tTd(20, 1))
 	{
-		printf("parseaddr-->");
+		dprintf("parseaddr-->");
 		printaddr(a, FALSE);
 	}
 
-	return (a);
+	return a;
 }
 /*
 **  INVALIDADDR -- check for address containing meta-characters
@@ -197,9 +201,10 @@ invalidaddr(addr, delimptr)
 		if (savedelim != '\0')
 			*delimptr = '\0';
 	}
-	if (strlen(addr) > TOBUFSIZE - 2)
+	if (strlen(addr) > MAXNAME - 1)
 	{
-		usrerr("553 Address too long (%d bytes max)", TOBUFSIZE - 2);
+		usrerr("553 5.1.1 Address too long (%d bytes max)",
+		       MAXNAME - 1);
 		goto failure;
 	}
 	for (; *addr != '\0'; addr++)
@@ -214,7 +219,7 @@ invalidaddr(addr, delimptr)
 		return FALSE;
 	}
 	setstat(EX_USAGE);
-	usrerr("553 Address contained invalid control characters");
+	usrerr("553 5.1.1 Address contained invalid control characters");
 failure:
 	if (delimptr != NULL && savedelim != '\0')
 		*delimptr = savedelim;
@@ -238,21 +243,21 @@ failure:
 **		Copies portions of a into local buffers as requested.
 */
 
-void
+static void
 allocaddr(a, flags, paddr)
 	register ADDRESS *a;
 	int flags;
 	char *paddr;
 {
 	if (tTd(24, 4))
-		printf("allocaddr(flags=%x, paddr=%s)\n", flags, paddr);
+		dprintf("allocaddr(flags=%x, paddr=%s)\n", flags, paddr);
 
 	a->q_paddr = paddr;
 
 	if (a->q_user == NULL)
-		a->q_user = "";
+		a->q_user = newstr("");
 	if (a->q_host == NULL)
-		a->q_host = "";
+		a->q_host = newstr("");
 
 	if (bitset(RF_COPYPARSE, flags))
 	{
@@ -262,13 +267,14 @@ allocaddr(a, flags, paddr)
 	}
 
 	if (a->q_paddr == NULL)
-		a->q_paddr = a->q_user;
+		a->q_paddr = newstr(a->q_user);
 }
 /*
 **  PRESCAN -- Prescan name and make it canonical
 **
 **	Scans a name and turns it into a set of tokens.  This process
-**	deletes blanks and comments (in parentheses).
+**	deletes blanks and comments (in parentheses) (if the token type
+**	for left paren is SPC).
 **
 **	This routine knows about quoted strings and angle brackets.
 **
@@ -299,20 +305,20 @@ allocaddr(a, flags, paddr)
 */
 
 /* states and character types */
-# define OPR		0	/* operator */
-# define ATM		1	/* atom */
-# define QST		2	/* in quoted string */
-# define SPC		3	/* chewing up spaces */
-# define ONE		4	/* pick up one character */
-# define ILL		5	/* illegal character */
+#define OPR		0	/* operator */
+#define ATM		1	/* atom */
+#define QST		2	/* in quoted string */
+#define SPC		3	/* chewing up spaces */
+#define ONE		4	/* pick up one character */
+#define ILL		5	/* illegal character */
 
-# define NSTATES	6	/* number of states */
-# define TYPE		017	/* mask to select state type */
+#define NSTATES	6	/* number of states */
+#define TYPE		017	/* mask to select state type */
 
 /* meta bits for table */
-# define M		020	/* meta character; don't pass through */
-# define B		040	/* cause a break */
-# define MB		M|B	/* meta-break */
+#define M		020	/* meta character; don't pass through */
+#define B		040	/* cause a break */
+#define MB		M|B	/* meta-break */
 
 static short StateTab[NSTATES][NSTATES] =
 {
@@ -333,7 +339,7 @@ static u_char	TokTypeTab[256] =
     /*	dle dc1 dc2 dc3 dc4 nak syn etb  can em  sub esc fs  gs  rs  us   */
 	ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
     /*  sp  !   "   #   $   %   &   '    (   )   *   +   ,   -   .   /    */
-	SPC,ATM,QST,ATM,ATM,ATM,ATM,ATM, ATM,SPC,ATM,ATM,ATM,ATM,ATM,ATM,
+	SPC,ATM,QST,ATM,ATM,ATM,ATM,ATM, SPC,SPC,ATM,ATM,ATM,ATM,ATM,ATM,
     /*	0   1   2   3   4   5   6   7    8   9   :   ;   <   =   >   ?    */
 	ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
     /*	@   A   B   C   D   E   F   G    H   I   J   K   L   M   N   O    */
@@ -371,7 +377,7 @@ u_char	MimeTokenTab[256] =
     /*	dle dc1 dc2 dc3 dc4 nak syn etb  can em  sub esc fs  gs  rs  us   */
 	ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL,
     /*  sp  !   "   #   $   %   &   '    (   )   *   +   ,   -   .   /    */
-	SPC,ATM,QST,ATM,ATM,ATM,ATM,ATM, ATM,SPC,ATM,ATM,OPR,ATM,ATM,OPR,
+	SPC,ATM,QST,ATM,ATM,ATM,ATM,ATM, SPC,SPC,ATM,ATM,OPR,ATM,ATM,OPR,
     /*	0   1   2   3   4   5   6   7    8   9   :   ;   <   =   >   ?    */
 	ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,OPR,OPR,OPR,OPR,OPR,OPR,
     /*	@   A   B   C   D   E   F   G    H   I   J   K   L   M   N   O    */
@@ -401,8 +407,46 @@ u_char	MimeTokenTab[256] =
 	ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL,
 };
 
+/* token type table: don't strip comments */
+u_char	TokTypeNoC[256] =
+{
+    /*	nul soh stx etx eot enq ack bel  bs  ht  nl  vt  np  cr  so  si   */
+	ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,SPC,SPC,SPC,SPC,SPC,ATM,ATM,
+    /*	dle dc1 dc2 dc3 dc4 nak syn etb  can em  sub esc fs  gs  rs  us   */
+	ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
+    /*  sp  !   "   #   $   %   &   '    (   )   *   +   ,   -   .   /    */
+	SPC,ATM,QST,ATM,ATM,ATM,ATM,ATM, OPR,OPR,ATM,ATM,ATM,ATM,ATM,ATM,
+    /*	0   1   2   3   4   5   6   7    8   9   :   ;   <   =   >   ?    */
+	ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
+    /*	@   A   B   C   D   E   F   G    H   I   J   K   L   M   N   O    */
+	ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
+    /*  P   Q   R   S   T   U   V   W    X   Y   Z   [   \   ]   ^   _    */
+	ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
+    /*	`   a   b   c   d   e   f   g    h   i   j   k   l   m   n   o    */
+	ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
+    /*  p   q   r   s   t   u   v   w    x   y   z   {   |   }   ~   del  */
+	ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
+
+    /*	nul soh stx etx eot enq ack bel  bs  ht  nl  vt  np  cr  so  si   */
+	OPR,OPR,ONE,OPR,OPR,OPR,OPR,OPR, OPR,OPR,OPR,OPR,OPR,OPR,OPR,OPR,
+    /*	dle dc1 dc2 dc3 dc4 nak syn etb  can em  sub esc fs  gs  rs  us   */
+	OPR,OPR,OPR,ONE,ONE,ONE,OPR,OPR, OPR,OPR,OPR,OPR,OPR,OPR,OPR,OPR,
+    /*  sp  !   "   #   $   %   &   '    (   )   *   +   ,   -   .   /    */
+	ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
+    /*	0   1   2   3   4   5   6   7    8   9   :   ;   <   =   >   ?    */
+	ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
+    /*	@   A   B   C   D   E   F   G    H   I   J   K   L   M   N   O    */
+	ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
+    /*  P   Q   R   S   T   U   V   W    X   Y   Z   [   \   ]   ^   _    */
+	ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
+    /*	`   a   b   c   d   e   f   g    h   i   j   k   l   m   n   o    */
+	ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
+    /*  p   q   r   s   t   u   v   w    x   y   z   {   |   }   ~   del  */
+	ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
+};
+
 
-# define NOCHAR		-1	/* signal nothing in lookahead token */
+#define NOCHAR		-1	/* signal nothing in lookahead token */
 
 char **
 prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
@@ -425,7 +469,7 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
 	int state;
 	int newstate;
 	char *saveto = CurEnv->e_to;
-	static char *av[MAXATOM+1];
+	static char *av[MAXATOM + 1];
 	static char firsttime = TRUE;
 	extern int errno;
 
@@ -442,12 +486,15 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
 			if (OperatorChars == NULL)
 				OperatorChars = ".:@[]";
 		}
-		expand(OperatorChars, obuf, sizeof obuf - sizeof DELIMCHARS, CurEnv);
-		strcat(obuf, DELIMCHARS);
+		expand(OperatorChars, obuf, sizeof obuf - sizeof DELIMCHARS,
+		       CurEnv);
+		(void) strlcat(obuf, DELIMCHARS, sizeof obuf);
 		for (p = obuf; *p != '\0'; p++)
 		{
 			if (TokTypeTab[*p & 0xff] == ATM)
 				TokTypeTab[*p & 0xff] = OPR;
+			if (TokTypeNoC[*p & 0xff] == ATM)
+				TokTypeNoC[*p & 0xff] = OPR;
 		}
 	}
 	if (toktab == NULL)
@@ -468,9 +515,9 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
 	CurEnv->e_to = p;
 	if (tTd(22, 11))
 	{
-		printf("prescan: ");
+		dprintf("prescan: ");
 		xputs(p);
-		(void) putchar('\n');
+		dprintf("\n");
 	}
 
 	do
@@ -485,14 +532,14 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
 				/* see if there is room */
 				if (q >= &pvpbuf[pvpbsize - 5])
 				{
-					usrerr("553 Address too long");
+					usrerr("553 5.1.1 Address too long");
 					if (strlen(addr) > (SIZE_T) MAXNAME)
 						addr[MAXNAME] = '\0';
 	returnnull:
 					if (delimptr != NULL)
 						*delimptr = p;
 					CurEnv->e_to = saveto;
-					return (NULL);
+					return NULL;
 				}
 
 				/* squirrel it away */
@@ -539,7 +586,7 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
 			}
 
 			if (tTd(22, 101))
-				printf("c=%c, s=%d; ", c, state);
+				dprintf("c=%c, s=%d; ", c, state);
 
 			/* chew up special characters */
 			*q = '\0';
@@ -566,14 +613,15 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
 			}
 			else if (state == QST)
 			{
+				/* EMPTY */
 				/* do nothing, just avoid next clauses */
 			}
-			else if (c == '(')
+			else if (c == '(' && toktab['('] == SPC)
 			{
 				cmntcnt++;
 				c = NOCHAR;
 			}
-			else if (c == ')')
+			else if (c == ')' && toktab['('] == SPC)
 			{
 				if (cmntcnt <= 0)
 				{
@@ -584,15 +632,17 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
 					cmntcnt--;
 			}
 			else if (cmntcnt > 0)
+			{
 				c = NOCHAR;
+			}
 			else if (c == '<')
 			{
-				char *q = p;
+				char *ptr = p;
 
 				anglecnt++;
-				while (isascii(*q) && isspace(*q))
-					q++;
-				if (*q == '@')
+				while (isascii(*ptr) && isspace(*ptr))
+					ptr++;
+				if (*ptr == '@')
 					route_syntax = TRUE;
 			}
 			else if (c == '>')
@@ -618,7 +668,7 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
 
 			newstate = StateTab[state][toktab[c & 0xff]];
 			if (tTd(22, 101))
-				printf("ns=%02o\n", newstate);
+				dprintf("ns=%02o\n", newstate);
 			state = newstate & TYPE;
 			if (state == ILL)
 			{
@@ -639,18 +689,18 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
 			*q++ = '\0';
 			if (tTd(22, 36))
 			{
-				printf("tok=");
+				dprintf("tok=");
 				xputs(tok);
-				(void) putchar('\n');
+				dprintf("\n");
 			}
 			if (avp >= &av[MAXATOM])
 			{
-				usrerr("553 prescan: too many tokens");
+				usrerr("553 5.1.0 prescan: too many tokens");
 				goto returnnull;
 			}
 			if (q - tok > MAXNAME)
 			{
-				usrerr("553 prescan: token too long");
+				usrerr("553 5.1.0 prescan: token too long");
 				goto returnnull;
 			}
 			*avp++ = tok;
@@ -662,17 +712,17 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
 		*delimptr = p;
 	if (tTd(22, 12))
 	{
-		printf("prescan==>");
+		dprintf("prescan==>");
 		printav(av);
 	}
 	CurEnv->e_to = saveto;
 	if (av[0] == NULL)
 	{
 		if (tTd(22, 1))
-			printf("prescan: null leading token\n");
-		return (NULL);
+			dprintf("prescan: null leading token\n");
+		return NULL;
 	}
-	return (av);
+	return av;
 }
 /*
 **  REWRITE -- apply rewrite rules to token vector.
@@ -712,12 +762,12 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
 
 struct match
 {
-	char	**first;	/* first token matched */
-	char	**last;		/* last token matched */
-	char	**pattern;	/* pointer to pattern */
+	char	**match_first;		/* first token matched */
+	char	**match_last;		/* last token matched */
+	char	**match_pattern;	/* pointer to pattern */
 };
 
-# define MAXMATCH	9	/* max params per rewrite */
+#define MAXMATCH	9	/* max params per rewrite */
 
 
 int
@@ -729,6 +779,8 @@ rewrite(pvp, ruleset, reclevel, e)
 {
 	register char *ap;		/* address pointer */
 	register char *rp;		/* rewrite pointer */
+	register char *rulename;	/* ruleset name */
+	register char *prefix;
 	register char **avp;		/* address vector pointer */
 	register char **rvp;		/* rewrite vector pointer */
 	register struct match *mlp;	/* cur ptr into mlist */
@@ -737,25 +789,39 @@ rewrite(pvp, ruleset, reclevel, e)
 	int rstat = EX_OK;		/* return status */
 	int loopcount;
 	struct match mlist[MAXMATCH];	/* stores match on LHS */
-	char *npvp[MAXATOM+1];		/* temporary space for rebuild */
+	char *npvp[MAXATOM + 1];	/* temporary space for rebuild */
 	char buf[MAXLINE];
-	extern int callsubr __P((char**, int, ENVELOPE *));
-	extern int sm_strcasecmp __P((char *, char *));
+	char name[6];
 
-	if (OpMode == MD_TEST || tTd(21, 1))
+	if (ruleset < 0 || ruleset >= MAXRWSETS)
+	{
+		syserr("554 5.3.5 rewrite: illegal ruleset number %d", ruleset);
+		return EX_CONFIG;
+	}
+	rulename = RuleSetNames[ruleset];
+	if (rulename == NULL)
 	{
-		printf("rewrite: ruleset %3d   input:", ruleset);
+		snprintf(name, sizeof name, "%d", ruleset);
+		rulename = name;
+	}
+	if (OpMode == MD_TEST)
+		prefix = "";
+	else
+		prefix = "rewrite: ruleset ";
+	if (OpMode == MD_TEST)
+	{
+		printf("%s%-16.16s   input:", prefix, rulename);
 		printav(pvp);
 	}
-	if (ruleset < 0 || ruleset >= MAXRWSETS)
+	else if (tTd(21, 1))
 	{
-		syserr("554 rewrite: illegal ruleset number %d", ruleset);
-		return EX_CONFIG;
+		dprintf("%s%-16.16s   input:", prefix, rulename);
+		printav(pvp);
 	}
 	if (reclevel++ > MaxRuleRecursion)
 	{
-		syserr("rewrite: excessive recursion (max %d), ruleset %d",
-			MaxRuleRecursion, ruleset);
+		syserr("rewrite: excessive recursion (max %d), ruleset %s",
+			MaxRuleRecursion, rulename);
 		return EX_CONFIG;
 	}
 	if (pvp == NULL)
@@ -770,7 +836,7 @@ rewrite(pvp, ruleset, reclevel, e)
 	loopcount = 0;
 	for (rwr = RewriteRules[ruleset]; rwr != NULL; )
 	{
-		int stat;
+		int status;
 
 		/* if already canonical, quit now */
 		if (pvp[0] != NULL && (pvp[0][0] & 0377) == CANONNET)
@@ -778,7 +844,11 @@ rewrite(pvp, ruleset, reclevel, e)
 
 		if (tTd(21, 12))
 		{
-			printf("-----trying rule:");
+			if (tTd(21, 15))
+				dprintf("-----trying rule (line %d):",
+				       rwr->r_line);
+			else
+				dprintf("-----trying rule:");
 			printav(rwr->r_lhs);
 		}
 
@@ -788,11 +858,11 @@ rewrite(pvp, ruleset, reclevel, e)
 		avp = pvp;
 		if (++loopcount > 100)
 		{
-			syserr("554 Infinite loop in ruleset %d, rule %d",
-				ruleset, ruleno);
+			syserr("554 5.3.5 Infinite loop in ruleset %s, rule %d",
+				rulename, ruleno);
 			if (tTd(21, 1))
 			{
-				printf("workspace: ");
+				dprintf("workspace: ");
 				printav(pvp);
 			}
 			break;
@@ -803,11 +873,11 @@ rewrite(pvp, ruleset, reclevel, e)
 			rp = *rvp;
 			if (tTd(21, 35))
 			{
-				printf("ADVANCE rp=");
+				dprintf("ADVANCE rp=");
 				xputs(rp);
-				printf(", ap=");
+				dprintf(", ap=");
 				xputs(ap);
-				printf("\n");
+				dprintf("\n");
 			}
 			if (rp == NULL)
 			{
@@ -825,28 +895,29 @@ rewrite(pvp, ruleset, reclevel, e)
 			{
 			  case MATCHCLASS:
 				/* match any phrase in a class */
-				mlp->pattern = rvp;
-				mlp->first = avp;
+				mlp->match_pattern = rvp;
+				mlp->match_first = avp;
 	extendclass:
 				ap = *avp;
 				if (ap == NULL)
 					goto backup;
-				mlp->last = avp++;
-				cataddr(mlp->first, mlp->last, buf, sizeof buf, '\0');
+				mlp->match_last = avp++;
+				cataddr(mlp->match_first, mlp->match_last,
+					buf, sizeof buf, '\0');
 				if (!wordinclass(buf, rp[1]))
 				{
 					if (tTd(21, 36))
 					{
-						printf("EXTEND  rp=");
+						dprintf("EXTEND  rp=");
 						xputs(rp);
-						printf(", ap=");
+						dprintf(", ap=");
 						xputs(ap);
-						printf("\n");
+						dprintf("\n");
 					}
 					goto extendclass;
 				}
 				if (tTd(21, 36))
-					printf("CLMATCH\n");
+					dprintf("CLMATCH\n");
 				mlp++;
 				break;
 
@@ -855,22 +926,22 @@ rewrite(pvp, ruleset, reclevel, e)
 				if (wordinclass(ap, rp[1]))
 					goto backup;
 
-				/* fall through */
+				/* FALLTHROUGH */
 
 			  case MATCHONE:
 			  case MATCHANY:
 				/* match exactly one token */
-				mlp->pattern = rvp;
-				mlp->first = avp;
-				mlp->last = avp++;
+				mlp->match_pattern = rvp;
+				mlp->match_first = avp;
+				mlp->match_last = avp++;
 				mlp++;
 				break;
 
 			  case MATCHZANY:
 				/* match zero or more tokens */
-				mlp->pattern = rvp;
-				mlp->first = avp;
-				mlp->last = avp - 1;
+				mlp->match_pattern = rvp;
+				mlp->match_first = avp;
+				mlp->match_last = avp - 1;
 				mlp++;
 				break;
 
@@ -888,9 +959,9 @@ rewrite(pvp, ruleset, reclevel, e)
 				*/
 
 				ap = macvalue(rp[1], e);
-				mlp->first = avp;
+				mlp->match_first = avp;
 				if (tTd(21, 2))
-					printf("rewrite: LHS $&%s => \"%s\"\n",
+					dprintf("rewrite: LHS $&%s => \"%s\"\n",
 						macname(rp[1]),
 						ap == NULL ? "(NULL)" : ap);
 
@@ -902,7 +973,7 @@ rewrite(pvp, ruleset, reclevel, e)
 					    strncasecmp(ap, *avp, strlen(*avp)) != 0)
 					{
 						/* no match */
-						avp = mlp->first;
+						avp = mlp->match_first;
 						goto backup;
 					}
 					ap += strlen(*avp++);
@@ -927,18 +998,18 @@ rewrite(pvp, ruleset, reclevel, e)
 			/* match failed -- back up */
 			while (--mlp >= mlist)
 			{
-				rvp = mlp->pattern;
+				rvp = mlp->match_pattern;
 				rp = *rvp;
-				avp = mlp->last + 1;
+				avp = mlp->match_last + 1;
 				ap = *avp;
 
 				if (tTd(21, 36))
 				{
-					printf("BACKUP  rp=");
+					dprintf("BACKUP  rp=");
 					xputs(rp);
-					printf(", ap=");
+					dprintf(", ap=");
 					xputs(ap);
-					printf("\n");
+					dprintf("\n");
 				}
 
 				if (ap == NULL)
@@ -950,7 +1021,7 @@ rewrite(pvp, ruleset, reclevel, e)
 				    (*rp & 0377) == MATCHZANY)
 				{
 					/* extend binding and continue */
-					mlp->last = avp++;
+					mlp->match_last = avp++;
 					rvp++;
 					mlp++;
 					break;
@@ -958,7 +1029,7 @@ rewrite(pvp, ruleset, reclevel, e)
 				if ((*rp & 0377) == MATCHCLASS)
 				{
 					/* extend binding and try again */
-					mlp->last = avp;
+					mlp->match_last = avp;
 					goto extendclass;
 				}
 			}
@@ -977,7 +1048,7 @@ rewrite(pvp, ruleset, reclevel, e)
 		if (mlp < mlist || *rvp != NULL)
 		{
 			if (tTd(21, 10))
-				printf("----- rule fails\n");
+				dprintf("----- rule fails\n");
 			rwr = rwr->r_next;
 			ruleno++;
 			loopcount = 0;
@@ -987,22 +1058,25 @@ rewrite(pvp, ruleset, reclevel, e)
 		rvp = rwr->r_rhs;
 		if (tTd(21, 12))
 		{
-			printf("-----rule matches:");
+			dprintf("-----rule matches:");
 			printav(rvp);
 		}
 
 		rp = *rvp;
-		if ((*rp & 0377) == CANONUSER)
-		{
-			rvp++;
-			rwr = rwr->r_next;
-			ruleno++;
-			loopcount = 0;
-		}
-		else if ((*rp & 0377) == CANONHOST)
+		if (rp != NULL)
 		{
-			rvp++;
-			rwr = NULL;
+			if ((*rp & 0377) == CANONUSER)
+			{
+				rvp++;
+				rwr = rwr->r_next;
+				ruleno++;
+				loopcount = 0;
+			}
+			else if ((*rp & 0377) == CANONHOST)
+			{
+				rvp++;
+				rwr = NULL;
+			}
 		}
 
 		/* substitute */
@@ -1018,28 +1092,29 @@ rewrite(pvp, ruleset, reclevel, e)
 				m = &mlist[rp[1] - '1'];
 				if (m < mlist || m >= mlp)
 				{
-					syserr("554 rewrite: ruleset %d: replacement $%c out of bounds",
-						ruleset, rp[1]);
+					syserr("554 5.3.5 rewrite: ruleset %s: replacement $%c out of bounds",
+						rulename, rp[1]);
 					return EX_CONFIG;
 				}
 				if (tTd(21, 15))
 				{
-					printf("$%c:", rp[1]);
-					pp = m->first;
-					while (pp <= m->last)
+					dprintf("$%c:", rp[1]);
+					pp = m->match_first;
+					while (pp <= m->match_last)
 					{
-						printf(" %lx=\"", (u_long) *pp);
-						(void) fflush(stdout);
-						printf("%s\"", *pp++);
+						dprintf(" %lx=\"",
+							(u_long) *pp);
+						(void) dflush();
+						dprintf("%s\"", *pp++);
 					}
-					printf("\n");
+					dprintf("\n");
 				}
-				pp = m->first;
-				while (pp <= m->last)
+				pp = m->match_first;
+				while (pp <= m->match_last)
 				{
 					if (avp >= &npvp[MAXATOM])
 					{
-						syserr("554 rewrite: expansion too long");
+						syserr("554 5.3.0 rewrite: expansion too long");
 						return EX_DATAERR;
 					}
 					*avp++ = *pp++;
@@ -1051,7 +1126,7 @@ rewrite(pvp, ruleset, reclevel, e)
 				if (avp >= &npvp[MAXATOM])
 				{
 	toolong:
-					syserr("554 rewrite: expansion too long");
+					syserr("554 5.3.0 rewrite: expansion too long");
 					return EX_DATAERR;
 				}
 				if ((*rp & 0377) != MACRODEXPAND)
@@ -1070,7 +1145,7 @@ rewrite(pvp, ruleset, reclevel, e)
 					char pvpbuf[PSBUFSIZE];
 
 					if (tTd(21, 2))
-						printf("rewrite: RHS $&%s => \"%s\"\n",
+						dprintf("rewrite: RHS $&%s => \"%s\"\n",
 							macname(rp[1]),
 							mval == NULL ? "(NULL)" : mval);
 					if (mval == NULL || *mval == '\0')
@@ -1079,7 +1154,7 @@ rewrite(pvp, ruleset, reclevel, e)
 					/* save the remainder of the input */
 					for (xpvp = pvp; *xpvp != NULL; xpvp++)
 						trsize += sizeof *xpvp;
-					if (trsize > pvpb1_size)
+					if ((size_t) trsize > pvpb1_size)
 					{
 						if (pvpb1 != NULL)
 							free(pvpb1);
@@ -1087,11 +1162,14 @@ rewrite(pvp, ruleset, reclevel, e)
 						pvpb1_size = trsize;
 					}
 
-					bcopy((char *) pvp, (char *) pvpb1, trsize);
+					memmove((char *) pvpb1,
+						(char *) pvp,
+						trsize);
 
 					/* scan the new replacement */
 					xpvp = prescan(mval, '\0', pvpbuf,
-						       sizeof pvpbuf, NULL, NULL);
+						       sizeof pvpbuf, NULL,
+						       NULL);
 					if (xpvp == NULL)
 					{
 						/* prescan pre-printed error */
@@ -1102,17 +1180,20 @@ rewrite(pvp, ruleset, reclevel, e)
 					while (*xpvp != NULL)
 					{
 						if (tTd(21, 19))
-							printf(" ... %s\n", *xpvp);
+							dprintf(" ... %s\n",
+								*xpvp);
 						*avp++ = newstr(*xpvp);
 						if (avp >= &npvp[MAXATOM])
 							goto toolong;
 						xpvp++;
 					}
 					if (tTd(21, 19))
-						printf(" ... DONE\n");
+						dprintf(" ... DONE\n");
 
 					/* restore the old trailing input */
-					bcopy((char *) pvpb1, (char *) pvp, trsize);
+					memmove((char *) pvp,
+						(char *) pvpb1,
+						trsize);
 				}
 			}
 		}
@@ -1134,12 +1215,11 @@ rewrite(pvp, ruleset, reclevel, e)
 			char **key_rvp;
 			char **arg_rvp;
 			char **default_rvp;
-			char buf[MAXNAME + 1];
+			char cbuf[MAXNAME + 1];
 			char *pvpb1[MAXATOM + 1];
 			char *argvect[10];
 			char pvpbuf[PSBUFSIZE];
 			char *nullpvp[1];
-			extern char *map_lookup __P((STAB *, char *, char **, int *, ENVELOPE *));
 
 			if ((**rvp & 0377) != HOSTBEGIN &&
 			    (**rvp & 0377) != LOOKUPBEGIN)
@@ -1164,7 +1244,7 @@ rewrite(pvp, ruleset, reclevel, e)
 			}
 			map = stab(mapname, ST_MAP, ST_FIND);
 			if (map == NULL)
-				syserr("554 rewrite: map %s not found", mapname);
+				syserr("554 5.3.0 rewrite: map %s not found", mapname);
 
 			/* extract the match part */
 			key_rvp = ++rvp;
@@ -1217,19 +1297,20 @@ rewrite(pvp, ruleset, reclevel, e)
 
 			/* save the remainder of the input string */
 			trsize = (int) (avp - rvp + 1) * sizeof *rvp;
-			bcopy((char *) rvp, (char *) pvpb1, trsize);
+			memmove((char *) pvpb1, (char *) rvp, trsize);
 
 			/* look it up */
-			cataddr(key_rvp, NULL, buf, sizeof buf, '\0');
-			argvect[0] = buf;
-			replac = map_lookup(map, buf, argvect, &rstat, e);
+			cataddr(key_rvp, NULL, cbuf, sizeof cbuf,
+				map == NULL ? '\0' : map->s_map.map_spacesub);
+			argvect[0] = cbuf;
+			replac = map_lookup(map, cbuf, argvect, &rstat, e);
 
 			/* if no replacement, use default */
 			if (replac == NULL && default_rvp != NULL)
 			{
 				/* create the default */
-				cataddr(default_rvp, NULL, buf, sizeof buf, '\0');
-				replac = buf;
+				cataddr(default_rvp, NULL, cbuf, sizeof cbuf, '\0');
+				replac = cbuf;
 			}
 
 			if (replac == NULL)
@@ -1273,29 +1354,33 @@ rewrite(pvp, ruleset, reclevel, e)
 		**  Check for subroutine calls.
 		*/
 
-		stat = callsubr(npvp, reclevel, e);
-		if (rstat == EX_OK || stat == EX_TEMPFAIL)
-			rstat = stat;
+		status = callsubr(npvp, reclevel, e);
+		if (rstat == EX_OK || status == EX_TEMPFAIL)
+			rstat = status;
 
 		/* copy vector back into original space. */
 		for (avp = npvp; *avp++ != NULL;)
 			continue;
-		bcopy((char *) npvp, (char *) pvp,
+		memmove((char *) pvp, (char *) npvp,
 		      (int) (avp - npvp) * sizeof *avp);
-		
+
 		if (tTd(21, 4))
 		{
-			printf("rewritten as:");
+			dprintf("rewritten as:");
 			printav(pvp);
 		}
 	}
 
-	if (OpMode == MD_TEST || tTd(21, 1))
+	if (OpMode == MD_TEST)
 	{
-		printf("rewrite: ruleset %3d returns:", ruleset);
+		printf("%s%-16.16s returns:", prefix, rulename);
+		printav(pvp);
+	}
+	else if (tTd(21, 1))
+	{
+		dprintf("%s%-16.16s returns:", prefix, rulename);
 		printav(pvp);
 	}
-
 	return rstat;
 }
 /*
@@ -1313,17 +1398,17 @@ rewrite(pvp, ruleset, reclevel, e)
 **		pvp is modified.
 */
 
-int
+static int
 callsubr(pvp, reclevel, e)
 	char **pvp;
 	int reclevel;
 	ENVELOPE *e;
 {
-    	char **avp;
-    	char **rvp;
+	char **avp;
+	char **rvp;
 	register int i;
 	int subr;
-	int stat;
+	int status;
 	int rstat = EX_OK;
 	char *tpvp[MAXATOM + 1];
 
@@ -1340,8 +1425,9 @@ callsubr(pvp, reclevel, e)
 			}
 
 			if (tTd(21, 3))
-				printf("-----callsubr %s (%d)\n", avp[1], subr);
-				
+				dprintf("-----callsubr %s (%d)\n",
+					avp[1], subr);
+
 			/*
 			**  Take care of possible inner calls first.
 			**  use a full size temporary buffer to avoid
@@ -1353,9 +1439,9 @@ callsubr(pvp, reclevel, e)
 				tpvp[i - 2] = avp[i];
 			tpvp[i - 2] = NULL;
 
-			stat = callsubr(tpvp, reclevel, e);
-			if (rstat == EX_OK || stat == EX_TEMPFAIL)
-				rstat = stat;
+			status = callsubr(tpvp, reclevel, e);
+			if (rstat == EX_OK || status == EX_TEMPFAIL)
+				rstat = status;
 
 			/*
 			**  Now we need to call the ruleset specified for
@@ -1364,9 +1450,9 @@ callsubr(pvp, reclevel, e)
 			**  since it has all the data we want to rewrite.
 			*/
 
-			stat = rewrite(tpvp, subr, reclevel, e);
-			if (rstat == EX_OK || stat == EX_TEMPFAIL)
-				rstat = stat;
+			status = rewrite(tpvp, subr, reclevel, e);
+			if (rstat == EX_OK || status == EX_TEMPFAIL)
+				rstat = status;
 
 			/*
 			**  Find length of tpvp and current offset into
@@ -1380,7 +1466,7 @@ callsubr(pvp, reclevel, e)
 				continue;
 			if (((rvp - tpvp) + (avp - pvp)) > MAXATOM)
 			{
-			    	syserr("554 callsubr: expansion too long");
+				syserr("554 5.3.0 callsubr: expansion too long");
 				return EX_DATAERR;
 			}
 
@@ -1420,74 +1506,77 @@ callsubr(pvp, reclevel, e)
 **		NULL -- if there was no data for the given key.
 */
 
-char *
-map_lookup(map, key, argvect, pstat, e)
-	STAB *map;
+static char *
+map_lookup(smap, key, argvect, pstat, e)
+	STAB *smap;
 	char key[];
 	char **argvect;
 	int *pstat;
 	ENVELOPE *e;
 {
-	auto int stat = EX_OK;
+	auto int status = EX_OK;
+	MAP *map;
 	char *replac;
 
-	if (e->e_sendmode == SM_DEFER)
+	if (smap == NULL)
+		return NULL;
+
+	map = &smap->s_map;
+	DYNOPENMAP(map);
+
+	if (e->e_sendmode == SM_DEFER &&
+	    bitset(MF_DEFER, map->map_mflags))
 	{
 		/* don't do any map lookups */
 		if (tTd(60, 1))
-			printf("map_lookup(%s, %s) => DEFERRED\n",
-				map->s_name, key);
+			dprintf("map_lookup(%s, %s) => DEFERRED\n",
+				smap->s_name, key);
 		*pstat = EX_TEMPFAIL;
 		return NULL;
 	}
-	if (map == NULL || !bitset(MF_OPEN, map->s_map.map_mflags))
-		return NULL;
 
-	if (!bitset(MF_KEEPQUOTES, map->s_map.map_mflags))
+	if (!bitset(MF_KEEPQUOTES, map->map_mflags))
 		stripquotes(key);
 
-	/* XXX should try to auto-open the map here */
-
 	if (tTd(60, 1))
 	{
-		printf("map_lookup(%s, %s", map->s_name, key);
+		dprintf("map_lookup(%s, %s", smap->s_name, key);
 		if (tTd(60, 5))
 		{
 			int i;
 
 			for (i = 0; argvect[i] != NULL; i++)
-				printf(", %%%d=%s", i, argvect[i]);
+				dprintf(", %%%d=%s", i, argvect[i]);
 		}
-		printf(") => ");
+		dprintf(") => ");
 	}
-	replac = (*map->s_map.map_class->map_lookup)(&map->s_map,
-			key, argvect, &stat);
+	replac = (*map->map_class->map_lookup)(map, key, argvect, &status);
 	if (tTd(60, 1))
-		printf("%s (%d)\n",
+		dprintf("%s (%d)\n",
 			replac != NULL ? replac : "NOT FOUND",
-			stat);
+			status);
 
-	/* should recover if stat == EX_TEMPFAIL */
-	if (stat == EX_TEMPFAIL && !bitset(MF_NODEFER, map->s_map.map_mflags))
+	/* should recover if status == EX_TEMPFAIL */
+	if (status == EX_TEMPFAIL && !bitset(MF_NODEFER, map->map_mflags))
 	{
 		*pstat = EX_TEMPFAIL;
 		if (tTd(60, 1))
-			printf("map_lookup(%s, %s) tempfail: errno=%d\n",
-				map->s_name, key, errno);
+			dprintf("map_lookup(%s, %s) tempfail: errno=%d\n",
+				smap->s_name, key, errno);
 		if (e->e_message == NULL)
 		{
 			char mbuf[320];
 
 			snprintf(mbuf, sizeof mbuf,
 				"%.80s map: lookup (%s): deferred",
-				map->s_name,
+				smap->s_name,
 				shortenstring(key, MAXSHORTSTR));
 			e->e_message = newstr(mbuf);
 		}
 	}
-	if (stat == EX_TEMPFAIL && map->s_map.map_tapp != NULL)
+	if (status == EX_TEMPFAIL && map->map_tapp != NULL)
 	{
-		size_t i = strlen(key) + strlen(map->s_map.map_tapp) + 1;
+		size_t i = strlen(key) + strlen(map->map_tapp) + 1;
 		static char *rwbuf = NULL;
 		static size_t rwbuflen = 0;
 
@@ -1498,15 +1587,51 @@ map_lookup(map, key, argvect, pstat, e)
 			rwbuflen = i;
 			rwbuf = (char *) xalloc(rwbuflen);
 		}
-		snprintf(rwbuf, rwbuflen, "%s%s", key, map->s_map.map_tapp);
+		snprintf(rwbuf, rwbuflen, "%s%s", key, map->map_tapp);
 		if (tTd(60, 4))
-			printf("map_lookup tempfail: returning \"%s\"\n",
+			dprintf("map_lookup tempfail: returning \"%s\"\n",
 				rwbuf);
 		return rwbuf;
 	}
 	return replac;
 }
 /*
+**  INITERRMAILERS -- initialize error and discard mailers
+**
+**	Parameters:
+**		none.
+**
+**	Returns:
+**		none.
+**
+**	Side Effects:
+**		initializes error and discard mailers.
+*/
+
+static MAILER discardmailer;
+static MAILER errormailer;
+static char *discardargv[] = { "DISCARD", NULL };
+static char *errorargv[] = { "ERROR", NULL };
+
+void
+initerrmailers()
+{
+	if (discardmailer.m_name == NULL)
+	{
+		/* initialize the discard mailer */
+		discardmailer.m_name = "*discard*";
+		discardmailer.m_mailer = "DISCARD";
+		discardmailer.m_argv = discardargv;
+	}
+	if (errormailer.m_name == NULL)
+	{
+		/* initialize the bogus mailer */
+		errormailer.m_name = "*error*";
+		errormailer.m_mailer = "ERROR";
+		errormailer.m_argv = errorargv;
+	}
+}
+/*
 **  BUILDADDR -- build address from token vector.
 **
 **	Parameters:
@@ -1525,7 +1650,7 @@ map_lookup(map, key, argvect, pstat, e)
 **		fills in 'a'
 */
 
-struct errcodes
+static struct errcodes
 {
 	char	*ec_name;		/* name of error code */
 	int	ec_code;		/* numeric code */
@@ -1540,11 +1665,12 @@ struct errcodes
 	{ "protocol",		EX_PROTOCOL	},
 #ifdef EX_CONFIG
 	{ "config",		EX_CONFIG	},
-#endif
+#endif /* EX_CONFIG */
 	{ NULL,			EX_UNAVAILABLE	}
 };
 
-ADDRESS *
+
+static ADDRESS *
 buildaddr(tv, a, flags, e)
 	register char **tv;
 	register ADDRESS *a;
@@ -1557,46 +1683,33 @@ buildaddr(tv, a, flags, e)
 	char *mname;
 	char **hostp;
 	char hbuf[MAXNAME + 1];
-	static MAILER discardmailer;
-	static MAILER errormailer;
-	static char *discardargv[] = { "DISCARD", NULL };
-	static char *errorargv[] = { "ERROR", NULL };
 	static char ubuf[MAXNAME + 2];
 
 	if (tTd(24, 5))
 	{
-		printf("buildaddr, flags=%x, tv=", flags);
+		dprintf("buildaddr, flags=%x, tv=", flags);
 		printav(tv);
 	}
 
 	if (a == NULL)
 		a = (ADDRESS *) xalloc(sizeof *a);
-	bzero((char *) a, sizeof *a);
+	memset((char *) a, '\0', sizeof *a);
+	hbuf[0] = '\0';
 
 	/* set up default error return flags */
 	a->q_flags |= DefaultNotify;
 
-	if (discardmailer.m_name == NULL)
-	{
-		/* initialize the discard mailer */
-		discardmailer.m_name = "*discard*";
-		discardmailer.m_mailer = "DISCARD";
-		discardmailer.m_argv = discardargv;
-	}
-
 	/* figure out what net/mailer to use */
 	if (*tv == NULL || (**tv & 0377) != CANONNET)
 	{
-		syserr("554 buildaddr: no mailer in parsed address");
+		syserr("554 5.3.5 buildaddr: no mailer in parsed address");
 badaddr:
-		a->q_flags |= QBADADDR;
-		a->q_mailer = &errormailer;
-		if (errormailer.m_name == NULL)
+		if (ExitStat == EX_TEMPFAIL)
+			a->q_state = QS_QUEUEUP;
+		else
 		{
-			/* initialize the bogus mailer */
-			errormailer.m_name = "*error*";
-			errormailer.m_mailer = "ERROR";
-			errormailer.m_argv = errorargv;
+			a->q_state = QS_BADADDR;
+			a->q_mailer = &errormailer;
 		}
 		return a;
 	}
@@ -1611,7 +1724,7 @@ badaddr:
 		tv++;
 	if (*tv == NULL)
 	{
-		syserr("554 buildaddr: no user");
+		syserr("554 5.3.5 buildaddr: no user");
 		goto badaddr;
 	}
 	if (tv == hostp)
@@ -1623,14 +1736,17 @@ badaddr:
 	/* save away the host name */
 	if (strcasecmp(mname, "error") == 0)
 	{
+		/* Set up triplet for use by -bv */
+		a->q_mailer = &errormailer;
+		a->q_user = newstr(ubuf);
+
 		if (hostp != NULL)
 		{
 			register struct errcodes *ep;
 
+			a->q_host = newstr(hbuf);
 			if (strchr(hbuf, '.') != NULL)
 			{
-				extern int dsntoexitstat __P((char *));
-
 				a->q_status = newstr(hbuf);
 				setstat(dsntoexitstat(hbuf));
 			}
@@ -1647,34 +1763,38 @@ badaddr:
 			}
 		}
 		else
+		{
+			a->q_host = NULL;
 			setstat(EX_UNAVAILABLE);
+		}
 		stripquotes(ubuf);
-		if (isascii(ubuf[0]) && isdigit(ubuf[0]) &&
-		    isascii(ubuf[1]) && isdigit(ubuf[1]) &&
-		    isascii(ubuf[2]) && isdigit(ubuf[2]) &&
-		    ubuf[3] == ' ')
+		if (ISSMTPCODE(ubuf) && ubuf[3] == ' ')
 		{
-			char fmt[10];
-
-			strncpy(fmt, ubuf, 3);
-			strcpy(&fmt[3], " %s");
-			usrerr(fmt, ubuf + 4);
-
-			/*
-			**  If this is a 4xx code and we aren't running
-			**  SMTP on our input, bounce this message;
-			**  otherwise it disappears without a trace.
-			*/
+			char fmt[16];
+			int off;
 
-			if (fmt[0] == '4' && OpMode != MD_SMTP &&
-			    OpMode != MD_DAEMON)
+			if ((off = isenhsc(ubuf + 4, ' ')) > 0)
+			{
+				ubuf[off + 4] = '\0';
+				off += 5;
+			}
+			else
 			{
-				e->e_flags |= EF_FATALERRS;
+				off = 4;
+				ubuf[3] = '\0';
 			}
+			(void) snprintf(fmt, sizeof fmt, "%s %%s", ubuf);
+			if (off > 4)
+				usrerr(fmt, ubuf + off);
+			else if (isenhsc(hbuf, '\0') > 0)
+				usrerrenh(hbuf, fmt, ubuf + off);
+			else
+				usrerr(fmt, ubuf + off);
+			/* XXX ubuf[off - 1] = ' '; */
 		}
 		else
 		{
-			usrerr("553 %s", ubuf);
+			usrerr("553 5.3.0 %s", ubuf);
 		}
 		goto badaddr;
 	}
@@ -1686,7 +1806,7 @@ badaddr:
 	}
 	if (m == NULL)
 	{
-		syserr("554 buildaddr: unknown mailer %s", mname);
+		syserr("554 5.3.5 buildaddr: unknown mailer %s", mname);
 		goto badaddr;
 	}
 	a->q_mailer = m;
@@ -1696,7 +1816,7 @@ badaddr:
 	{
 		if (!bitnset(M_LOCALMAILER, m->m_flags))
 		{
-			syserr("554 buildaddr: no host");
+			syserr("554 5.3.5 buildaddr: no host");
 			goto badaddr;
 		}
 		a->q_host = NULL;
@@ -1735,7 +1855,18 @@ badaddr:
 
 	/* rewrite according recipient mailer rewriting rules */
 	define('h', a->q_host, e);
+
+#if _FFR_ADDR_TYPE
+	/*
+	**  Note, change the 9 to a 10 before removing #if FFR check
+	**  in a future version.
+	*/
+
+	if (ConfigLevel >= 9 ||
+	    !bitset(RF_SENDERADDR|RF_HEADERADDR, flags))
+#else /* _FFR_ADDR_TYPE */
 	if (!bitset(RF_SENDERADDR|RF_HEADERADDR, flags))
+#endif /* _FFR_ADDR_TYPE */
 	{
 		/* sender addresses done later */
 		(void) rewrite(tv, 2, 0, e);
@@ -1746,7 +1877,7 @@ badaddr:
 
 	/* save the result for the command line/RCPT argument */
 	cataddr(tv, NULL, ubuf, sizeof ubuf, '\0');
-	a->q_user = ubuf;
+	a->q_user = newstr(ubuf);
 
 	/*
 	**  Do mapping to lower case as requested by mailer
@@ -1759,7 +1890,7 @@ badaddr:
 
 	if (tTd(24, 6))
 	{
-		printf("buildaddr => ");
+		dprintf("buildaddr => ");
 		printaddr(a, FALSE);
 	}
 	return a;
@@ -1796,25 +1927,31 @@ cataddr(pvp, evp, buf, sz, spacesub)
 	register int i;
 	register char *p;
 
+	if (sz <= 0)
+		return;
+
 	if (spacesub == '\0')
 		spacesub = SpaceSub;
 
 	if (pvp == NULL)
 	{
-		(void) strcpy(buf, "");
+		*buf = '\0';
 		return;
 	}
 	p = buf;
 	sz -= 2;
-	while (*pvp != NULL && (i = strlen(*pvp)) < sz)
+	while (*pvp != NULL && (i = strlen(*pvp)) < sz - 1)
 	{
 		natomtok = (TokTypeTab[**pvp & 0xff] == ATM);
 		if (oatomtok && natomtok)
+		{
 			*p++ = spacesub;
-		(void) strcpy(p, *pvp);
+			--sz;
+		}
+		(void) strlcpy(p, *pvp, sz);
 		oatomtok = natomtok;
 		p += i;
-		sz -= i + 1;
+		sz -= i;
 		if (pvp++ == evp)
 			break;
 	}
@@ -1846,11 +1983,11 @@ sameaddr(a, b)
 
 	/* if they don't have the same mailer, forget it */
 	if (a->q_mailer != b->q_mailer)
-		return (FALSE);
+		return FALSE;
 
 	/* if the user isn't the same, we can drop out */
 	if (strcmp(a->q_user, b->q_user) != 0)
-		return (FALSE);
+		return FALSE;
 
 	/* if we have good uids for both but they differ, these are different */
 	if (a->q_mailer == ProgMailer)
@@ -1860,24 +1997,24 @@ sameaddr(a, b)
 		if (ca != NULL && cb != NULL &&
 		    bitset(QGOODUID, ca->q_flags & cb->q_flags) &&
 		    ca->q_uid != cb->q_uid)
-			return (FALSE);
+			return FALSE;
 	}
 
 	/* otherwise compare hosts (but be careful for NULL ptrs) */
 	if (a->q_host == b->q_host)
 	{
 		/* probably both null pointers */
-		return (TRUE);
+		return TRUE;
 	}
 	if (a->q_host == NULL || b->q_host == NULL)
 	{
 		/* only one is a null pointer */
-		return (FALSE);
+		return FALSE;
 	}
 	if (strcmp(a->q_host, b->q_host) != 0)
-		return (FALSE);
+		return FALSE;
 
-	return (TRUE);
+	return TRUE;
 }
 /*
 **  PRINTADDR -- print address (for debugging)
@@ -1899,17 +2036,12 @@ struct qflags
 	u_long	qf_bit;
 };
 
-struct qflags	AddressFlags[] =
+static struct qflags	AddressFlags[] =
 {
-	{ "QDONTSEND",		QDONTSEND	},
-	{ "QBADADDR",		QBADADDR	},
 	{ "QGOODUID",		QGOODUID	},
 	{ "QPRIMARY",		QPRIMARY	},
-	{ "QQUEUEUP",		QQUEUEUP	},
-	{ "QSENT",		QSENT		},
 	{ "QNOTREMOTE",		QNOTREMOTE	},
 	{ "QSELFREF",		QSELFREF	},
-	{ "QVERIFIED",		QVERIFIED	},
 	{ "QBOGUSSHELL",	QBOGUSSHELL	},
 	{ "QUNSAFEADDR",	QUNSAFEADDR	},
 	{ "QPINGONSUCCESS",	QPINGONSUCCESS	},
@@ -1962,7 +2094,70 @@ printaddr(a, follow)
 		printf("\tuser `%s', ruser `%s'\n",
 		       a->q_user,
 		       a->q_ruser == NULL ? "<null>" : a->q_ruser);
-		printf("\tnext=%lx, alias %lx, uid %d, gid %d\n",
+		printf("\tstate=");
+		switch (a->q_state)
+		{
+		  case QS_OK:
+			printf("OK");
+			break;
+
+		  case QS_DONTSEND:
+			printf("DONTSEND");
+			break;
+
+		  case QS_BADADDR:
+			printf("BADADDR");
+			break;
+
+		  case QS_QUEUEUP:
+			printf("QUEUEUP");
+			break;
+
+		  case QS_SENT:
+			printf("SENT");
+			break;
+
+		  case QS_VERIFIED:
+			printf("VERIFIED");
+			break;
+
+		  case QS_EXPANDED:
+			printf("EXPANDED");
+			break;
+
+		  case QS_SENDER:
+			printf("SENDER");
+			break;
+
+		  case QS_CLONED:
+			printf("CLONED");
+			break;
+
+		  case QS_DISCARDED:
+			printf("DISCARDED");
+			break;
+
+		  case QS_REPLACED:
+			printf("REPLACED");
+			break;
+
+		  case QS_REMOVED:
+			printf("REMOVED");
+			break;
+
+		  case QS_DUPLICATE:
+			printf("DUPLICATE");
+			break;
+
+		  case QS_INCLUDED:
+			printf("INCLUDED");
+			break;
+
+		  default:
+			printf("%d", a->q_state);
+			break;
+		}
+		printf(", next=%lx, alias %lx, uid %d, gid %d\n",
 		       (u_long) a->q_next, (u_long) a->q_alias,
 		       (int) a->q_uid, (int) a->q_gid);
 		printf("\tflags=%lx<", a->q_flags);
@@ -1988,7 +2183,8 @@ printaddr(a, follow)
 		printf("\trstatus=\"%s\"\n",
 		       a->q_rstatus == NULL ? "(none)" : a->q_rstatus);
 		printf("\tspecificity=%d, statdate=%s\n",
-			a->q_specificity, ctime(&a->q_statdate));
+		       a->q_specificity,
+		       a->q_statdate == 0 ? "(none)" : ctime(&a->q_statdate));
 
 		if (!follow)
 			return;
@@ -2052,20 +2248,38 @@ remotename(name, m, flags, pstat, e)
 	static char buf[MAXNAME + 1];
 	char lbuf[MAXNAME + 1];
 	char pvpbuf[PSBUFSIZE];
-	extern char *crackaddr __P((char *));
+#if _FFR_ADDR_TYPE
+	char addrtype[4];
+#endif /* _FFR_ADDR_TYPE */
 
 	if (tTd(12, 1))
-		printf("remotename(%s)\n", name);
+		dprintf("remotename(%s)\n", name);
 
 	/* don't do anything if we are tagging it as special */
 	if (bitset(RF_SENDERADDR, flags))
+	{
 		rwset = bitset(RF_HEADERADDR, flags) ? m->m_sh_rwset
 						     : m->m_se_rwset;
+#if _FFR_ADDR_TYPE
+		addrtype[2] = 's';
+#endif /* _FFR_ADDR_TYPE */
+	}
 	else
+	{
 		rwset = bitset(RF_HEADERADDR, flags) ? m->m_rh_rwset
 						     : m->m_re_rwset;
+#if _FFR_ADDR_TYPE
+		addrtype[2] = 'r';
+#endif /* _FFR_ADDR_TYPE */
+	}
 	if (rwset < 0)
-		return (name);
+		return name;
+#if _FFR_ADDR_TYPE
+	addrtype[1] = ' ';
+	addrtype[3] = '\0';
+	addrtype[0] = bitset(RF_HEADERADDR, flags) ? 'h' : 'e';
+	define(macid("{addr_type}", NULL), addrtype, e);
+#endif /* _FFR_ADDR_TYPE */
 
 	/*
 	**  Do a heuristic crack of this name to extract any comment info.
@@ -2087,24 +2301,36 @@ remotename(name, m, flags, pstat, e)
 
 	pvp = prescan(name, '\0', pvpbuf, sizeof pvpbuf, NULL, NULL);
 	if (pvp == NULL)
-		return (name);
+		return name;
 	if (rewrite(pvp, 3, 0, e) == EX_TEMPFAIL)
 		*pstat = EX_TEMPFAIL;
 	if (bitset(RF_ADDDOMAIN, flags) && e->e_fromdomain != NULL)
 	{
 		/* append from domain to this address */
 		register char **pxp = pvp;
+		int l = MAXATOM;	/* size of buffer for pvp */
 
 		/* see if there is an "@domain" in the current name */
 		while (*pxp != NULL && strcmp(*pxp, "@") != 0)
+		{
 			pxp++;
+			--l;
+		}
 		if (*pxp == NULL)
 		{
 			/* no.... append the "@domain" from the sender */
 			register char **qxq = e->e_fromdomain;
 
 			while ((*pxp++ = *qxq++) != NULL)
-				continue;
+			{
+				if (--l <= 0)
+				{
+					*--pxp = NULL;
+					usrerr("553 5.1.0 remotename: too many tokens");
+					*pstat = EX_UNAVAILABLE;
+					break;
+				}
+			}
 			if (rewrite(pvp, 3, 0, e) == EX_TEMPFAIL)
 				*pstat = EX_TEMPFAIL;
 		}
@@ -2159,8 +2385,8 @@ remotename(name, m, flags, pstat, e)
 	define('g', oldg, e);
 
 	if (tTd(12, 1))
-		printf("remotename => `%s'\n", buf);
-	return (buf);
+		dprintf("remotename => `%s'\n", buf);
+	return buf;
 }
 /*
 **  MAPLOCALUSER -- run local username through ruleset 5 for final redirection
@@ -2194,33 +2420,37 @@ maplocaluser(a, sendq, aliaslevel, e)
 
 	if (tTd(29, 1))
 	{
-		printf("maplocaluser: ");
+		dprintf("maplocaluser: ");
 		printaddr(a, FALSE);
 	}
 	pvp = prescan(a->q_user, '\0', pvpbuf, sizeof pvpbuf, &delimptr, NULL);
 	if (pvp == NULL)
 	{
 		if (tTd(29, 9))
-			printf("maplocaluser: cannot prescan %s\n", a->q_user);
+			dprintf("maplocaluser: cannot prescan %s\n",
+				a->q_user);
 		return;
 	}
 
 	define('h', a->q_host, e);
 	define('u', a->q_user, e);
 	define('z', a->q_home, e);
- 
+
+#if _FFR_ADDR_TYPE
+	define(macid("{addr_type}", NULL), "e r", e);
+#endif /* _FFR_ADDR_TYPE */
 	if (rewrite(pvp, 5, 0, e) == EX_TEMPFAIL)
 	{
 		if (tTd(29, 9))
-			printf("maplocaluser: rewrite tempfail\n");
-		a->q_flags |= QQUEUEUP;
+			dprintf("maplocaluser: rewrite tempfail\n");
+		a->q_state = QS_QUEUEUP;
 		a->q_status = "4.4.3";
 		return;
 	}
 	if (pvp[0] == NULL || (pvp[0][0] & 0377) != CANONNET)
 	{
 		if (tTd(29, 9))
-			printf("maplocaluser: doesn't resolve\n");
+			dprintf("maplocaluser: doesn't resolve\n");
 		return;
 	}
 
@@ -2229,7 +2459,7 @@ maplocaluser(a, sendq, aliaslevel, e)
 	if (a1 == NULL || sameaddr(a, a1))
 	{
 		if (tTd(29, 9))
-			printf("maplocaluser: address unchanged\n");
+			dprintf("maplocaluser: address unchanged\n");
 		if (a1 != NULL)
 			free(a1);
 		return;
@@ -2238,17 +2468,18 @@ maplocaluser(a, sendq, aliaslevel, e)
 	/* make new address take on flags and print attributes of old */
 	a1->q_flags &= ~Q_COPYFLAGS;
 	a1->q_flags |= a->q_flags & Q_COPYFLAGS;
-	a1->q_paddr = a->q_paddr;
+	a1->q_paddr = newstr(a->q_paddr);
+	a1->q_orcpt = a->q_orcpt;
 
 	/* mark old address as dead; insert new address */
-	a->q_flags |= QDONTSEND;
+	a->q_state = QS_REPLACED;
 	if (tTd(29, 5))
 	{
-		printf("maplocaluser: QDONTSEND ");
+		dprintf("maplocaluser: QS_REPLACED ");
 		printaddr(a, FALSE);
 	}
 	a1->q_alias = a;
-	allocaddr(a1, RF_COPYALL, a->q_paddr);
+	allocaddr(a1, RF_COPYALL, newstr(a->q_paddr));
 	(void) recipient(a1, sendq, aliaslevel, e);
 }
 /*
@@ -2271,6 +2502,7 @@ dequote_init(map, args)
 {
 	register char *p = args;
 
+	/* there is no check whether there is really an argument */
 	map->map_mflags |= MF_KEEPQUOTES;
 	for (;;)
 	{
@@ -2284,8 +2516,13 @@ dequote_init(map, args)
 			map->map_app = ++p;
 			break;
 
+		  case 'D':
+			map->map_mflags |= MF_DEFER;
+			break;
+
+		  case 'S':
 		  case 's':
-			map->map_coldelim = *++p;
+			map->map_spacesub = *++p;
 			break;
 		}
 		while (*p != '\0' && !(isascii(*p) && isspace(*p)))
@@ -2330,7 +2567,7 @@ dequote_map(map, name, av, statp)
 	int spacecnt = 0;
 	bool quotemode = FALSE;
 	bool bslashmode = FALSE;
-	char spacesub = map->map_coldelim;
+	char spacesub = map->map_spacesub;
 
 	for (p = q = name; (c = *p++) != '\0'; )
 	{
@@ -2360,6 +2597,7 @@ dequote_map(map, name, av, statp)
 			break;
 
 		  case ' ':
+		  case '\t':
 			spacecnt++;
 			break;
 		}
@@ -2403,6 +2641,9 @@ dequote_map(map, name, av, statp)
 **		p1 -- the first string to check.
 **		p2 -- the second string to check -- may be null.
 **		e -- the current envelope.
+**		rmcomm -- remove comments?
+**		cnt -- count rejections (statistics)?
+**		logl -- logging level
 **
 **	Returns:
 **		EX_OK -- if the rwset doesn't resolve to $#error
@@ -2410,11 +2651,13 @@ dequote_map(map, name, av, statp)
 */
 
 int
-rscheck(rwset, p1, p2, e)
+rscheck(rwset, p1, p2, e, rmcomm, cnt, logl)
 	char *rwset;
 	char *p1;
 	char *p2;
 	ENVELOPE *e;
+	bool rmcomm, cnt;
+	int logl;
 {
 	char *buf;
 	int bufsize;
@@ -2431,7 +2674,7 @@ rscheck(rwset, p1, p2, e)
 	extern char MsgBuf[];
 
 	if (tTd(48, 2))
-		printf("rscheck(%s, %s, %s)\n", rwset, p1,
+		dprintf("rscheck(%s, %s, %s)\n", rwset, p1,
 			p2 == NULL ? "(NULL)" : p2);
 
 	rsno = strtorwset(rwset, NULL, ST_FIND);
@@ -2464,12 +2707,13 @@ rscheck(rwset, p1, p2, e)
 	}
 	SuprErrs = TRUE;
 	QuickAbort = FALSE;
-	pvp = prescan(buf, '\0', pvpbuf, sizeof pvpbuf, NULL, NULL);
+	pvp = prescan(buf, '\0', pvpbuf, sizeof pvpbuf, NULL,
+		      rmcomm ? NULL : TokTypeNoC);
 	SuprErrs = saveSuprErrs;
 	if (pvp == NULL)
 	{
 		if (tTd(48, 2))
-			printf("rscheck: cannot prescan input\n");
+			dprintf("rscheck: cannot prescan input\n");
 /*
 		syserr("rscheck: cannot prescan input: \"%s\"",
 			shortenstring(buf, MAXSHORTSTR));
@@ -2488,11 +2732,11 @@ rscheck(rwset, p1, p2, e)
 	if (strcmp(pvp[1], "discard") == 0)
 	{
 		if (tTd(48, 2))
-			printf("rscheck: discard mailer selected\n");
+			dprintf("rscheck: discard mailer selected\n");
 		e->e_flags |= EF_DISCARD;
 		discard = TRUE;
 	}
-	else 
+	else
 	{
 		int savelogusrerrs = LogUsrErrs;
 		static bool logged = FALSE;
@@ -2506,12 +2750,13 @@ rscheck(rwset, p1, p2, e)
 		ExitStat = saveexitstat;
 		if (!logged)
 		{
-			markstats(e, &a1, TRUE);
+			if (cnt)
+				markstats(e, &a1, TRUE);
 			logged = TRUE;
 		}
 	}
-	
-	if (LogLevel >= 4)
+
+	if (LogLevel >= logl)
 	{
 		char *relay;
 		char *p;
diff --git a/contrib/sendmail/src/queue.c b/contrib/sendmail/src/queue.c
index b02fc08..209d5b7 100644
--- a/contrib/sendmail/src/queue.c
+++ b/contrib/sendmail/src/queue.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -10,20 +11,28 @@
  *
  */
 
-# include "sendmail.h"
+
+#include <sendmail.h>
 
 #ifndef lint
-#if QUEUE
-static char sccsid[] = "@(#)queue.c	8.211 (Berkeley) 1/25/1999 (with queueing)";
-#else
-static char sccsid[] = "@(#)queue.c	8.211 (Berkeley) 1/25/1999 (without queueing)";
-#endif
-#endif /* not lint */
+# if QUEUE
+static char id[] = "@(#)$Id: queue.c,v 8.343.4.11 2000/07/14 05:55:51 gshapiro Exp $ (with queueing)";
+# else /* QUEUE */
+static char id[] = "@(#)$Id: queue.c,v 8.343.4.11 2000/07/14 05:55:51 gshapiro Exp $ (without queueing)";
+# endif /* QUEUE */
+#endif /* ! lint */
 
-# include <errno.h>
 # include <dirent.h>
 
-# if QUEUE
+#if QUEUE
+
+# if _FFR_QUEUEDELAY
+#  define QF_VERSION	5	/* version number of this queue format */
+static time_t	queuedelay __P((ENVELOPE *));
+# else /* _FFR_QUEUEDELAY */
+#  define QF_VERSION	4	/* version number of this queue format */
+#  define queuedelay(e)	MinQueueAge
+# endif /* _FFR_QUEUEDELAY */
 
 /*
 **  Work queue.
@@ -42,11 +51,23 @@ struct work
 
 typedef struct work	WORK;
 
-WORK	*WorkQ;			/* queue of things to be done */
+static WORK	*WorkQ;			/* queue of things to be done */
+
+static void	grow_wlist __P((int));
+static int	orderq __P((int, bool));
+static void	printctladdr __P((ADDRESS *, FILE *));
+static int	print_single_queue __P((int));
+static bool	readqf __P((ENVELOPE *));
+static void	runqueueevent __P((void));
+static int	run_single_queue __P((int, bool, bool));
+static char	*strrev __P((char *));
+static ADDRESS	*setctluser __P((char *, int));
+static int	workcmpf0();
+static int	workcmpf1();
+static int	workcmpf2();
+static int	workcmpf3();
+static int	workcmpf4();
 
-#define QF_VERSION	2	/* version number of this queue format */
-
-extern int orderq __P((bool));
 /*
 **  QUEUEUP -- queue a message up for future transmission.
 **
@@ -62,6 +83,8 @@ extern int orderq __P((bool));
 **		The queue file is left locked.
 */
 
+# define TEMPQF_LETTER 'T'
+
 void
 queueup(e, announce)
 	register ENVELOPE *e;
@@ -71,15 +94,14 @@ queueup(e, announce)
 	register FILE *tfp;
 	register HDR *h;
 	register ADDRESS *q;
-	int fd;
+	int tfd = -1;
 	int i;
 	bool newid;
 	register char *p;
 	MAILER nullmailer;
 	MCI mcibuf;
-	char tf[MAXQFNAME];
+	char tf[MAXPATHLEN];
 	char buf[MAXLINE];
-	extern void printctladdr __P((ADDRESS *, FILE *));
 
 	/*
 	**  Create control file.
@@ -88,7 +110,7 @@ queueup(e, announce)
 	newid = (e->e_id == NULL) || !bitset(EF_INQUEUE, e->e_flags);
 
 	/* if newid, queuename will create a locked qf file in e->lockfp */
-	strcpy(tf, queuename(e, 't'));
+	(void) strlcpy(tf, queuename(e, 't'), sizeof tf);
 	tfp = e->e_lockfp;
 	if (tfp == NULL)
 		newid = FALSE;
@@ -96,68 +118,92 @@ queueup(e, announce)
 	/* if newid, just write the qf file directly (instead of tf file) */
 	if (!newid)
 	{
+		int flags;
+
+		flags = O_CREAT|O_WRONLY|O_EXCL;
+
 		/* get a locked tf file */
 		for (i = 0; i < 128; i++)
 		{
-			fd = open(tf, O_CREAT|O_WRONLY|O_EXCL, FileMode);
-			if (fd < 0)
+			if (tfd < 0)
 			{
-				if (errno != EEXIST)
-					break;
-				if (LogLevel > 0 && (i % 32) == 0)
-					sm_syslog(LOG_ALERT, e->e_id,
-						"queueup: cannot create %s, uid=%d: %s",
-						tf, geteuid(), errstring(errno));
+#if _FFR_QUEUE_FILE_MODE
+				MODE_T oldumask;
+
+				if (bitset(S_IWGRP, QueueFileMode))
+					oldumask = umask(002);
+				tfd = open(tf, flags, QueueFileMode);
+				if (bitset(S_IWGRP, QueueFileMode))
+					(void) umask(oldumask);
+#else /* _FFR_QUEUE_FILE_MODE */
+				tfd = open(tf, flags, FileMode);
+#endif /* _FFR_QUEUE_FILE_MODE */
+
+				if (tfd < 0)
+				{
+					if (errno != EEXIST)
+						break;
+					if (LogLevel > 0 && (i % 32) == 0)
+						sm_syslog(LOG_ALERT, e->e_id,
+							  "queueup: cannot create %s, uid=%d: %s",
+							  tf, geteuid(), errstring(errno));
+				}
 			}
-			else
+			if (tfd >= 0)
 			{
-				if (lockfile(fd, tf, NULL, LOCK_EX|LOCK_NB))
+				if (lockfile(tfd, tf, NULL, LOCK_EX|LOCK_NB))
 					break;
 				else if (LogLevel > 0 && (i % 32) == 0)
 					sm_syslog(LOG_ALERT, e->e_id,
-						"queueup: cannot lock %s: %s",
-						tf, errstring(errno));
-				close(fd);
+						  "queueup: cannot lock %s: %s",
+						  tf, errstring(errno));
+				if ((i % 32) == 31)
+				{
+					(void) close(tfd);
+					tfd = -1;
+				}
 			}
 
 			if ((i % 32) == 31)
 			{
 				/* save the old temp file away */
-				(void) rename(tf, queuename(e, 'T'));
+				(void) rename(tf, queuename(e, TEMPQF_LETTER));
 			}
 			else
-				sleep(i % 32);
+				(void) sleep(i % 32);
 		}
-		if (fd < 0 || (tfp = fdopen(fd, "w")) == NULL)
+		if (tfd < 0 || (tfp = fdopen(tfd, "w")) == NULL)
 		{
+			int save_errno = errno;
+
 			printopenfds(TRUE);
+			errno = save_errno;
 			syserr("!queueup: cannot create queue temp file %s, uid=%d",
 				tf, geteuid());
 		}
 	}
 
 	if (tTd(40, 1))
-		printf("\n>>>>> queueing %s%s >>>>>\n", e->e_id,
+		dprintf("\n>>>>> queueing %s/qf%s%s >>>>>\n",
+			qid_printqueue(e->e_queuedir), e->e_id,
 			newid ? " (new id)" : "");
 	if (tTd(40, 3))
 	{
-		extern void printenvflags __P((ENVELOPE *));
-
-		printf("  e_flags=");
+		dprintf("  e_flags=");
 		printenvflags(e);
 	}
 	if (tTd(40, 32))
 	{
-		printf("  sendq=");
+		dprintf("  sendq=");
 		printaddr(e->e_sendqueue, TRUE);
 	}
 	if (tTd(40, 9))
 	{
-		printf("  tfp=");
+		dprintf("  tfp=");
 		dumpfd(fileno(tfp), TRUE, FALSE);
-		printf("  lockfp=");
+		dprintf("  lockfp=");
 		if (e->e_lockfp == NULL)
-			printf("NULL\n");
+			dprintf("NULL\n");
 		else
 			dumpfd(fileno(e->e_lockfp), TRUE, FALSE);
 	}
@@ -166,18 +212,41 @@ queueup(e, announce)
 	**  If there is no data file yet, create one.
 	*/
 
-	if (!bitset(EF_HAS_DF, e->e_flags))
+	if (bitset(EF_HAS_DF, e->e_flags))
 	{
+		if (e->e_dfp != NULL && bfcommit(e->e_dfp) < 0)
+			syserr("!queueup: cannot commit data file %s, uid=%d",
+				queuename(e, 'd'), geteuid());
+	}
+	else
+	{
+		int dfd;
 		register FILE *dfp = NULL;
-		char dfname[MAXQFNAME];
+		char dfname[MAXPATHLEN];
 		struct stat stbuf;
 
-		strcpy(dfname, queuename(e, 'd'));
-		fd = open(dfname, O_WRONLY|O_CREAT|O_TRUNC, FileMode);
-		if (fd < 0 || (dfp = fdopen(fd, "w")) == NULL)
+		if (e->e_dfp != NULL && bftest(e->e_dfp))
+			syserr("committing over bf file");
+
+		(void) strlcpy(dfname, queuename(e, 'd'), sizeof dfname);
+#if _FFR_QUEUE_FILE_MODE
+		{
+			MODE_T oldumask;
+
+			if (bitset(S_IWGRP, QueueFileMode))
+				oldumask = umask(002);
+			dfd = open(dfname, O_WRONLY|O_CREAT|O_TRUNC,
+				   QueueFileMode);
+			if (bitset(S_IWGRP, QueueFileMode))
+				(void) umask(oldumask);
+		}
+#else /* _FFR_QUEUE_FILE_MODE */
+		dfd = open(dfname, O_WRONLY|O_CREAT|O_TRUNC, FileMode);
+#endif /* _FFR_QUEUE_FILE_MODE */
+		if (dfd < 0 || (dfp = fdopen(dfd, "w")) == NULL)
 			syserr("!queueup: cannot create data temp file %s, uid=%d",
 				dfname, geteuid());
-		if (fstat(fd, &stbuf) < 0)
+		if (fstat(dfd, &stbuf) < 0)
 			e->e_dfino = -1;
 		else
 		{
@@ -185,11 +254,13 @@ queueup(e, announce)
 			e->e_dfino = stbuf.st_ino;
 		}
 		e->e_flags |= EF_HAS_DF;
-		bzero(&mcibuf, sizeof mcibuf);
+		memset(&mcibuf, '\0', sizeof mcibuf);
 		mcibuf.mci_out = dfp;
 		mcibuf.mci_mailer = FileMailer;
 		(*e->e_putbody)(&mcibuf, e, NULL);
-		(void) xfclose(dfp, "queueup dfp", e->e_id);
+		if (fclose(dfp) < 0)
+			syserr("!queueup: cannot save data temp file %s, uid=%d",
+				dfname, geteuid());
 		e->e_putbody = putbody;
 	}
 
@@ -206,7 +277,17 @@ queueup(e, announce)
 	fprintf(tfp, "T%ld\n", (long) e->e_ctime);
 
 	/* output last delivery time */
+# if _FFR_QUEUEDELAY
+	fprintf(tfp, "K%ld\n", (long) e->e_dtime);
+	fprintf(tfp, "G%d\n", e->e_queuealg);
+	fprintf(tfp, "Y%ld\n", (long) e->e_queuedelay);
+	if (tTd(40, 64))
+		sm_syslog(LOG_INFO, e->e_id,
+			"queue alg: %d delay %ld next: %ld (now: %ld)\n",
+			e->e_queuealg, e->e_queuedelay, e->e_dtime, curtime());
+# else /* _FFR_QUEUEDELAY */
 	fprintf(tfp, "K%ld\n", (long) e->e_dtime);
+# endif /* _FFR_QUEUEDELAY */
 
 	/* output number of delivery attempts */
 	fprintf(tfp, "N%d\n", e->e_ntries);
@@ -218,13 +299,16 @@ queueup(e, announce)
 	/* XXX should probably include device major/minor too */
 	if (e->e_dfino != -1)
 	{
+		/*CONSTCOND*/
 		if (sizeof e->e_dfino > sizeof(long))
-			fprintf(tfp, "I%d/%d/%s\n",
-				major(e->e_dfdev), minor(e->e_dfdev),
+			fprintf(tfp, "I%ld/%ld/%s\n",
+				(long) major(e->e_dfdev),
+				(long) minor(e->e_dfdev),
 				quad_to_string(e->e_dfino));
 		else
-			fprintf(tfp, "I%d/%d/%lu\n",
-				major(e->e_dfdev), minor(e->e_dfdev),
+			fprintf(tfp, "I%ld/%ld/%lu\n",
+				(long) major(e->e_dfdev),
+				(long) minor(e->e_dfdev),
 				(unsigned long) e->e_dfino);
 	}
 
@@ -232,10 +316,10 @@ queueup(e, announce)
 	if (e->e_bodytype != NULL)
 		fprintf(tfp, "B%s\n", denlstring(e->e_bodytype, TRUE, FALSE));
 
-#if _FFR_SAVE_CHARSET
+# if _FFR_SAVE_CHARSET
 	if (e->e_charset != NULL)
 		fprintf(tfp, "X%s\n", denlstring(e->e_charset, TRUE, FALSE));
-#endif
+# endif /* _FFR_SAVE_CHARSET */
 
 	/* message from envelope, if it exists */
 	if (e->e_message != NULL)
@@ -259,13 +343,8 @@ queueup(e, announce)
 	if (buf[0] != '\0')
 		fprintf(tfp, "F%s\n", buf);
 
-	/* $r and $s and $_ macro values */
-	if ((p = macvalue('r', e)) != NULL)
-		fprintf(tfp, "$r%s\n", denlstring(p, TRUE, FALSE));
-	if ((p = macvalue('s', e)) != NULL)
-		fprintf(tfp, "$s%s\n", denlstring(p, TRUE, FALSE));
-	if ((p = macvalue('_', e)) != NULL)
-		fprintf(tfp, "$_%s\n", denlstring(p, TRUE, FALSE));
+	/* save $={persistentMacros} macro values */
+	queueup_macros(macid("{persistentMacros}", NULL), tfp, e);
 
 	/* output name of sender */
 	if (bitnset(M_UDBENVELOPE, e->e_from.q_mailer->m_flags))
@@ -278,49 +357,47 @@ queueup(e, announce)
 	if (e->e_envid != NULL)
 		fprintf(tfp, "Z%s\n", denlstring(e->e_envid, TRUE, FALSE));
 
+	/* output AUTH= parameter */
+	if (e->e_auth_param != NULL)
+		fprintf(tfp, "A%s\n", denlstring(e->e_auth_param,
+						 TRUE, FALSE));
+
 	/* output list of recipient addresses */
 	printctladdr(NULL, NULL);
 	for (q = e->e_sendqueue; q != NULL; q = q->q_next)
 	{
-		if (bitset(QDONTSEND|QBADADDR|QSENT, q->q_flags))
-		{
-#if XDEBUG
-			if (bitset(QQUEUEUP, q->q_flags))
-				sm_syslog(LOG_DEBUG, e->e_id,
-					"dropenvelope: q_flags = %x, paddr = %s",
-					q->q_flags, q->q_paddr);
-#endif
+		if (!QS_IS_UNDELIVERED(q->q_state))
 			continue;
-		}
+
 		printctladdr(q, tfp);
 		if (q->q_orcpt != NULL)
 			fprintf(tfp, "Q%s\n",
 				denlstring(q->q_orcpt, TRUE, FALSE));
-		putc('R', tfp);
+		(void) putc('R', tfp);
 		if (bitset(QPRIMARY, q->q_flags))
-			putc('P', tfp);
+			(void) putc('P', tfp);
 		if (bitset(QHASNOTIFY, q->q_flags))
-			putc('N', tfp);
+			(void) putc('N', tfp);
 		if (bitset(QPINGONSUCCESS, q->q_flags))
-			putc('S', tfp);
+			(void) putc('S', tfp);
 		if (bitset(QPINGONFAILURE, q->q_flags))
-			putc('F', tfp);
+			(void) putc('F', tfp);
 		if (bitset(QPINGONDELAY, q->q_flags))
-			putc('D', tfp);
-		putc(':', tfp);
-		fprintf(tfp, "%s\n", denlstring(q->q_paddr, TRUE, FALSE));
+			(void) putc('D', tfp);
+		(void) putc(':', tfp);
+		(void) fprintf(tfp, "%s\n", denlstring(q->q_paddr, TRUE, FALSE));
 		if (announce)
 		{
 			e->e_to = q->q_paddr;
 			message("queued");
 			if (LogLevel > 8)
-				logdelivery(q->q_mailer, NULL, "queued",
-					    NULL, (time_t) 0, e);
+				logdelivery(q->q_mailer, NULL, q->q_status,
+					    "queued", NULL, (time_t) 0, e);
 			e->e_to = NULL;
 		}
 		if (tTd(40, 1))
 		{
-			printf("queueing ");
+			dprintf("queueing ");
 			printaddr(q, FALSE);
 		}
 	}
@@ -335,24 +412,23 @@ queueup(e, announce)
 	**	no effect on the addresses as they are output.
 	*/
 
-	bzero((char *) &nullmailer, sizeof nullmailer);
+	memset((char *) &nullmailer, '\0', sizeof nullmailer);
 	nullmailer.m_re_rwset = nullmailer.m_rh_rwset =
 			nullmailer.m_se_rwset = nullmailer.m_sh_rwset = -1;
 	nullmailer.m_eol = "\n";
-	bzero(&mcibuf, sizeof mcibuf);
+	memset(&mcibuf, '\0', sizeof mcibuf);
 	mcibuf.mci_mailer = &nullmailer;
 	mcibuf.mci_out = tfp;
 
 	define('g', "\201f", e);
 	for (h = e->e_header; h != NULL; h = h->h_link)
 	{
-		extern bool bitzerop __P((BITMAP));
-
 		if (h->h_value == NULL)
 			continue;
 
 		/* don't output resent headers on non-resent messages */
-		if (bitset(H_RESENT, h->h_flags) && !bitset(EF_RESENT, e->e_flags))
+		if (bitset(H_RESENT, h->h_flags) &&
+		    !bitset(EF_RESENT, e->e_flags))
 			continue;
 
 		/* expand macros; if null, don't output header at all */
@@ -364,28 +440,39 @@ queueup(e, announce)
 		}
 
 		/* output this header */
-		fprintf(tfp, "H");
+		fprintf(tfp, "H?");
 
-		/* if conditional, output the set of conditions */
-		if (!bitzerop(h->h_mflags) && bitset(H_CHECK|H_ACHECK, h->h_flags))
+		/* output conditional macro if present */
+		if (h->h_macro != '\0')
+		{
+			if (bitset(0200, h->h_macro))
+				fprintf(tfp, "${%s}",
+					macname(h->h_macro & 0377));
+			else
+				fprintf(tfp, "$%c", h->h_macro);
+		}
+		else if (!bitzerop(h->h_mflags) &&
+			 bitset(H_CHECK|H_ACHECK, h->h_flags))
 		{
 			int j;
 
-			(void) putc('?', tfp);
+			/* if conditional, output the set of conditions */
 			for (j = '\0'; j <= '\177'; j++)
 				if (bitnset(j, h->h_mflags))
 					(void) putc(j, tfp);
-			(void) putc('?', tfp);
 		}
+		(void) putc('?', tfp);
 
 		/* output the header: expand macros, convert addresses */
-		if (bitset(H_DEFAULT, h->h_flags))
+		if (bitset(H_DEFAULT, h->h_flags) &&
+		    !bitset(H_BINDLATE, h->h_flags))
 		{
 			fprintf(tfp, "%s: %s\n",
 				h->h_field,
 				denlstring(buf, FALSE, TRUE));
 		}
-		else if (bitset(H_FROM|H_RCPT, h->h_flags))
+		else if (bitset(H_FROM|H_RCPT, h->h_flags) &&
+			 !bitset(H_BINDLATE, h->h_flags))
 		{
 			bool oldstyle = bitset(EF_OLDSTYLE, e->e_flags);
 			FILE *savetrace = TrafficLogFile;
@@ -434,9 +521,20 @@ queueup(e, announce)
 			syserr("cannot rename(%s, %s), uid=%d",
 				tf, qf, geteuid());
 
+		/*
+		**  fsync() after renaming to make sure
+		**  metadata is written to disk on
+		**  filesystems in which renames are
+		**  not guaranteed such as softupdates.
+		*/
+
+		if (tfd >= 0 && SuperSafe && fsync(tfd) < 0)
+			syserr("!queueup: cannot fsync queue temp file %s",
+			       tf);
+
 		/* close and unlock old (locked) qf */
 		if (e->e_lockfp != NULL)
-			(void) xfclose(e->e_lockfp, "queueup lockfp", e->e_id);
+			(void) fclose(e->e_lockfp);
 		e->e_lockfp = tfp;
 	}
 	else
@@ -449,16 +547,16 @@ queueup(e, announce)
 		sm_syslog(LOG_DEBUG, e->e_id, "queueup, qf=%s", qf);
 
 	if (tTd(40, 1))
-		printf("<<<<< done queueing %s <<<<<\n\n", e->e_id);
+		dprintf("<<<<< done queueing %s <<<<<\n\n", e->e_id);
 	return;
 }
 
-void
+static void
 printctladdr(a, tfp)
 	register ADDRESS *a;
 	FILE *tfp;
 {
-	char *uname;
+	char *user;
 	register ADDRESS *q;
 	uid_t uid;
 	gid_t gid;
@@ -479,13 +577,13 @@ printctladdr(a, tfp)
 	q = getctladdr(a);
 	if (q == NULL)
 	{
-		uname = NULL;
+		user = NULL;
 		uid = 0;
 		gid = 0;
 	}
 	else
 	{
-		uname = q->q_ruser != NULL ? q->q_ruser : q->q_user;
+		user = q->q_ruser != NULL ? q->q_ruser : q->q_user;
 		uid = q->q_uid;
 		gid = q->q_gid;
 	}
@@ -498,11 +596,11 @@ printctladdr(a, tfp)
 	lastuid = uid;
 	lastctladdr = a;
 
-	if (uid == 0 || uname == NULL || uname[0] == '\0')
+	if (uid == 0 || user == NULL || user[0] == '\0')
 		fprintf(tfp, "C");
 	else
 		fprintf(tfp, "C%s:%ld:%ld",
-			denlstring(uname, TRUE, FALSE), (long) uid, (long) gid);
+			denlstring(user, TRUE, FALSE), (long) uid, (long) gid);
 	fprintf(tfp, ":%s\n", denlstring(a->q_paddr, TRUE, FALSE));
 }
 /*
@@ -515,6 +613,7 @@ printctladdr(a, tfp)
 **		forkflag -- TRUE if the queue scanning should be done in
 **			a child process.  We double-fork so it is not our
 **			child and we don't have to clean up after it.
+**			FALSE can be ignored if we have multiple queues.
 **		verbose -- if TRUE, print out status information.
 **
 **	Returns:
@@ -524,21 +623,95 @@ printctladdr(a, tfp)
 **		runs things in the mail queue.
 */
 
-ENVELOPE	QueueEnvelope;		/* the queue run envelope */
-extern int	get_num_procs_online __P((void));
+static ENVELOPE	QueueEnvelope;		/* the queue run envelope */
+int		NumQueues = 0;		/* number of queues */
+static time_t	LastQueueTime = 0;	/* last time a queue ID assigned */
+static pid_t	LastQueuePid = -1;	/* last PID which had a queue ID */
+
+struct qpaths_s
+{
+	char	*qp_name;	/* name of queue dir */
+	short	qp_subdirs;	/* use subdirs? */
+};
+
+typedef struct qpaths_s QPATHS;
+
+/* values for qp_supdirs */
+#define QP_NOSUB	0x0000	/* No subdirectories */
+#define QP_SUBDF	0x0001	/* "df" subdirectory */
+#define QP_SUBQF	0x0002	/* "qf" subdirectory */
+#define QP_SUBXF	0x0004	/* "xf" subdirectory */
+
+static QPATHS	*QPaths = NULL;		/* list of queue directories */
 
 bool
 runqueue(forkflag, verbose)
 	bool forkflag;
 	bool verbose;
 {
+	int i;
+	bool ret = TRUE;
+	static int curnum = 0;
+
+	if (!forkflag && NumQueues > 1 && !verbose)
+		forkflag = TRUE;
+
+	for (i = 0; i < NumQueues; i++)
+	{
+		/*
+		**  Pick up where we left off, in case we
+		**  used up all the children last time
+		**  without finishing.
+		*/
+
+		ret = run_single_queue(curnum, forkflag, verbose);
+
+		/*
+		**  Failure means a message was printed for ETRN
+		**  and subsequent queues are likely to fail as well.
+		*/
+
+		if (!ret)
+			break;
+
+		if (++curnum >= NumQueues)
+			curnum = 0;
+	}
+	if (QueueIntvl != 0)
+		(void) setevent(QueueIntvl, runqueueevent, 0);
+	return ret;
+}
+/*
+**  RUN_SINGLE_QUEUE -- run the jobs in a single queue.
+**
+**	Gets the stuff out of the queue in some presumably logical
+**	order and processes them.
+**
+**	Parameters:
+**		queuedir -- queue to process
+**		forkflag -- TRUE if the queue scanning should be done in
+**			a child process.  We double-fork so it is not our
+**			child and we don't have to clean up after it.
+**		verbose -- if TRUE, print out status information.
+**
+**	Returns:
+**		TRUE if the queue run successfully began.
+**
+**	Side Effects:
+**		runs things in the mail queue.
+*/
+
+static bool
+run_single_queue(queuedir, forkflag, verbose)
+	int queuedir;
+	bool forkflag;
+	bool verbose;
+{
 	register ENVELOPE *e;
 	int njobs;
 	int sequenceno = 0;
 	time_t current_la_time;
 	extern ENVELOPE BlankEnvelope;
-	extern void clrdaemon __P((void));
-	extern void runqueueevent __P((void));
 
 	DoQueueRun = FALSE;
 
@@ -547,7 +720,7 @@ runqueue(forkflag, verbose)
 	**  the queue.
 	*/
 
-	CurrentLA = getla();	/* get load average */
+	CurrentLA = sm_getla(NULL);	/* get load average */
 	current_la_time = curtime();
 
 	if (shouldqueue(WkRecipFact, current_la_time))
@@ -558,10 +731,8 @@ runqueue(forkflag, verbose)
 			message("458 %s\n", msg);
 		if (LogLevel > 8)
 			sm_syslog(LOG_INFO, NOQID,
-				"runqueue: %s",
-				msg);
-		if (forkflag && QueueIntvl != 0)
-			(void) setevent(QueueIntvl, runqueueevent, 0);
+				  "runqueue: %s",
+				  msg);
 		return FALSE;
 	}
 
@@ -572,7 +743,14 @@ runqueue(forkflag, verbose)
 	if (forkflag && QueueIntvl != 0 &&
 	    MaxChildren > 0 && CurChildren >= MaxChildren)
 	{
-		(void) setevent(QueueIntvl, runqueueevent, 0);
+		char *msg = "Skipping queue run -- too many children";
+
+		if (verbose)
+			message("458 %s (%d)\n", msg, CurChildren);
+		if (LogLevel > 8)
+			sm_syslog(LOG_INFO, NOQID,
+				  "runqueue: %s (%d)",
+				  msg, CurChildren);
 		return FALSE;
 	}
 
@@ -583,10 +761,8 @@ runqueue(forkflag, verbose)
 	if (forkflag)
 	{
 		pid_t pid;
-		extern SIGFUNC_DECL intsig __P((int));
-		extern SIGFUNC_DECL reapchild __P((int));
 
-		blocksignal(SIGCHLD);
+		(void) blocksignal(SIGCHLD);
 		(void) setsignal(SIGCHLD, reapchild);
 
 		pid = dofork();
@@ -599,10 +775,8 @@ runqueue(forkflag, verbose)
 				message("458 %s: %s\n", msg, err);
 			if (LogLevel > 8)
 				sm_syslog(LOG_INFO, NOQID,
-					"runqueue: %s: %s",
-					msg, err);
-			if (QueueIntvl != 0)
-				(void) setevent(QueueIntvl, runqueueevent, 0);
+					  "runqueue: %s: %s",
+					  msg, err);
 			(void) releasesignal(SIGCHLD);
 			return FALSE;
 		}
@@ -610,30 +784,31 @@ runqueue(forkflag, verbose)
 		{
 			/* parent -- pick up intermediate zombie */
 			(void) blocksignal(SIGALRM);
-			proc_list_add(pid, "Queue runner");
+			proc_list_add(pid, "Queue runner", PROC_QUEUE);
 			(void) releasesignal(SIGALRM);
-			releasesignal(SIGCHLD);
-			if (QueueIntvl != 0)
-				(void) setevent(QueueIntvl, runqueueevent, 0);
+			(void) releasesignal(SIGCHLD);
 			return TRUE;
 		}
-		/* child -- double fork and clean up signals */
+		/* child -- clean up signals */
 		clrcontrol();
 		proc_list_clear();
 
 		/* Add parent process as first child item */
-		proc_list_add(getpid(), "Queue runner child process");
-		releasesignal(SIGCHLD);
+		proc_list_add(getpid(), "Queue runner child process",
+			      PROC_QUEUE_CHILD);
+		(void) releasesignal(SIGCHLD);
 		(void) setsignal(SIGCHLD, SIG_DFL);
 		(void) setsignal(SIGHUP, intsig);
+
 	}
 
-	sm_setproctitle(TRUE, "running queue: %s", QueueDir);
+	sm_setproctitle(TRUE, CurEnv, "running queue: %s",
+			qid_printqueue(queuedir));
 
-	if (LogLevel > 69)
+	if (LogLevel > 69 || tTd(63, 99))
 		sm_syslog(LOG_DEBUG, NOQID,
-			"runqueue %s, pid=%d, forkflag=%d",
-			QueueDir, getpid(), forkflag);
+			  "runqueue %s, pid=%d, forkflag=%d",
+			  qid_printqueue(queuedir), getpid(), forkflag);
 
 	/*
 	**  Release any resources used by the daemon code.
@@ -666,12 +841,6 @@ runqueue(forkflag, verbose)
 	}
 
 	/*
-	**  Make sure the alias database is open.
-	*/
-
-	initmaps(FALSE, e);
-
-	/*
 	**  If we are running part of the queue, always ignore stored
 	**  host status.
 	*/
@@ -691,7 +860,8 @@ runqueue(forkflag, verbose)
 	*/
 
 	/* order the existing work requests */
-	njobs = orderq(FALSE);
+	njobs = orderq(queuedir, FALSE);
+
 
 	/* process them once at a time */
 	while (WorkQ != NULL)
@@ -709,7 +879,7 @@ runqueue(forkflag, verbose)
 
 		if (current_la_time < curtime() - 30)
 		{
-			CurrentLA = getla();
+			CurrentLA = sm_getla(e);
 			current_la_time = curtime();
 		}
 		if (shouldqueue(WkRecipFact, current_la_time))
@@ -720,8 +890,8 @@ runqueue(forkflag, verbose)
 				message("%s", msg);
 			if (LogLevel > 8)
 				sm_syslog(LOG_INFO, NOQID,
-					"runqueue: %s",
-					msg);
+					  "runqueue: %s",
+					  msg);
 			break;
 		}
 		sequenceno++;
@@ -729,26 +899,30 @@ runqueue(forkflag, verbose)
 		{
 			if (Verbose)
 				message("");
-			if (QueueSortOrder == QS_BYPRIORITY)
+			if (QueueSortOrder == QSO_BYPRIORITY)
 			{
 				if (Verbose)
-					message("Skipping %s (sequence %d of %d) and flushing rest of queue",
+					message("Skipping %s/%s (sequence %d of %d) and flushing rest of queue",
+						qid_printqueue(queuedir),
 						w->w_name + 2,
 						sequenceno,
 						njobs);
 				if (LogLevel > 8)
 					sm_syslog(LOG_INFO, NOQID,
-						"runqueue: Flushing queue from %s (pri %ld, LA %d, %d of %d)",
-						w->w_name + 2,
-						w->w_pri,
-						CurrentLA,
-						sequenceno,
-						njobs);
+						  "runqueue: Flushing queue from %s/%s (pri %ld, LA %d, %d of %d)",
+						  qid_printqueue(queuedir),
+						  w->w_name + 2,
+						  w->w_pri,
+						  CurrentLA,
+						  sequenceno,
+						  njobs);
 				break;
 			}
 			else if (Verbose)
-				message("Skipping %s (sequence %d of %d)",
-					w->w_name + 2, sequenceno, njobs);
+				message("Skipping %s/%s (sequence %d of %d)",
+					qid_printqueue(queuedir),
+					w->w_name + 2,
+					sequenceno, njobs);
 		}
 		else
 		{
@@ -757,10 +931,19 @@ runqueue(forkflag, verbose)
 			if (Verbose)
 			{
 				message("");
-				message("Running %s (sequence %d of %d)",
-					w->w_name + 2, sequenceno, njobs);
+				message("Running %s/%s (sequence %d of %d)",
+					qid_printqueue(queuedir),
+					w->w_name + 2,
+					sequenceno, njobs);
 			}
-			pid = dowork(w->w_name + 2, ForkQueueRuns, FALSE, e);
+			if (tTd(63, 100))
+				sm_syslog(LOG_DEBUG, NOQID,
+					  "runqueue %s dowork(%s)",
+					  qid_printqueue(queuedir),
+					  w->w_name + 2);
+
+			pid = dowork(queuedir, w->w_name + 2,
+				     ForkQueueRuns, FALSE, e);
 			errno = 0;
 			if (pid != 0)
 				(void) waitfor(pid);
@@ -773,17 +956,17 @@ runqueue(forkflag, verbose)
 
 	/* exit without the usual cleanup */
 	e->e_id = NULL;
-	finis(TRUE, ExitStat);
-	/*NOTREACHED*/
+	if (forkflag)
+		finis(TRUE, ExitStat);
+	/* NOTREACHED */
 	return TRUE;
 }
 
-
 /*
 **  RUNQUEUEEVENT -- stub for use in setevent
 */
 
-void
+static void
 runqueueevent()
 {
 	DoQueueRun = TRUE;
@@ -792,6 +975,7 @@ runqueueevent()
 **  ORDERQ -- order the work queue.
 **
 **	Parameters:
+**		queuedir -- the index of the queue directory.
 **		doall -- if set, include everything in the queue (even
 **			the jobs that cannot be run because the load
 **			average is too high).  Otherwise, exclude those
@@ -813,8 +997,9 @@ runqueueevent()
 static WORK	*WorkList = NULL;
 static int	WorkListSize = 0;
 
-int
-orderq(doall)
+static int
+orderq(queuedir, doall)
+	int queuedir;
 	bool doall;
 {
 	register struct dirent *d;
@@ -825,32 +1010,41 @@ orderq(doall)
 	int wn = -1;
 	int wc;
 	QUEUE_CHAR *check;
-	
+	char qd[MAXPATHLEN];
+	char qf[MAXPATHLEN];
+
+	if (queuedir == NOQDIR)
+		(void) strlcpy(qd, ".", sizeof qd);
+	else
+		(void) snprintf(qd, sizeof qd, "%s%s",
+				QPaths[queuedir].qp_name,
+				(bitset(QP_SUBQF, QPaths[queuedir].qp_subdirs) ? "/qf" : ""));
+
 	if (tTd(41, 1))
 	{
-		printf("orderq:\n");
+		dprintf("orderq:\n");
 
 		check = QueueLimitId;
 		while (check != NULL)
 		{
-			printf("\tQueueLimitId = %s\n",
-			       check->queue_match);
+			dprintf("\tQueueLimitId = %s\n",
+				check->queue_match);
 			check = check->queue_next;
 		}
 
 		check = QueueLimitSender;
 		while (check != NULL)
 		{
-			printf("\tQueueLimitSender = %s\n",
-			       check->queue_match);
+			dprintf("\tQueueLimitSender = %s\n",
+				check->queue_match);
 			check = check->queue_next;
 		}
 
 		check = QueueLimitRecipient;
 		while (check != NULL)
 		{
-			printf("\tQueueLimitRecipient = %s\n",
-			       check->queue_match);
+			dprintf("\tQueueLimitRecipient = %s\n",
+				check->queue_match);
 			check = check->queue_next;
 		}
 	}
@@ -869,11 +1063,11 @@ orderq(doall)
 	}
 
 	/* open the queue directory */
-	f = opendir(".");
+	f = opendir(qd);
 	if (f == NULL)
 	{
-		syserr("orderq: cannot open \"%s\" as \".\"", QueueDir);
-		return (0);
+		syserr("orderq: cannot open \"%s\"", qid_printqueue(queuedir));
+		return 0;
 	}
 
 	/*
@@ -885,24 +1079,24 @@ orderq(doall)
 		FILE *cf;
 		int qfver = 0;
 		char lbuf[MAXNAME + 1];
-		extern bool strcontainedin __P((char *, char *));
+		struct stat sbuf;
 
 		if (tTd(41, 50))
-			printf("orderq: checking %s\n", d->d_name);
+			dprintf("orderq: checking %s\n", d->d_name);
 
 		/* is this an interesting entry? */
 		if (d->d_name[0] != 'q' || d->d_name[1] != 'f')
 			continue;
 
-		if (strlen(d->d_name) > MAXQFNAME)
+		if (strlen(d->d_name) >= MAXQFNAME)
 		{
 			if (Verbose)
 				printf("orderq: %s too long, %d max characters\n",
 					d->d_name, MAXQFNAME);
 			if (LogLevel > 0)
 				sm_syslog(LOG_ALERT, NOQID,
-					"orderq: %s too long, %d max characters",
-					d->d_name, MAXQFNAME);
+					  "orderq: %s too long, %d max characters",
+					  d->d_name, MAXQFNAME);
 			continue;
 		}
 
@@ -917,69 +1111,67 @@ orderq(doall)
 		if (QueueLimitId != NULL && check == NULL)
 			continue;
 
-#ifdef PICKY_QF_NAME_CHECK
-		/*
-		**  Check queue name for plausibility.  This handles
-		**  both old and new type ids.
-		*/
-
-		p = d->d_name + 2;
-		if (isupper(p[0]) && isupper(p[2]))
-			p += 3;
-		else if (isupper(p[1]))
-			p += 2;
-		else
-			p = d->d_name;
-		for (i = 0; isdigit(*p); p++)
-			i++;
-		if (i < 5 || *p != '\0')
-		{
-			if (Verbose)
-				printf("orderq: bogus qf name %s\n", d->d_name);
-			if (LogLevel > 0)
-				sm_syslog(LOG_ALERT, NOQID,
-					"orderq: bogus qf name %s",
-					d->d_name);
-			if (strlen(d->d_name) > (SIZE_T) MAXNAME)
-				d->d_name[MAXNAME] = '\0';
-			strcpy(lbuf, d->d_name);
-			lbuf[0] = 'Q';
-			(void) rename(d->d_name, lbuf);
-			continue;
-		}
-#endif
-
-		/* open control file (if not too many files) */
+		/* grow work list if necessary */
 		if (++wn >= MaxQueueRun && MaxQueueRun > 0)
 		{
 			if (wn == MaxQueueRun && LogLevel > 0)
-				sm_syslog(LOG_ALERT, NOQID,
-					"WorkList for %s maxed out at %d",
-					QueueDir, MaxQueueRun);
+				sm_syslog(LOG_WARNING, NOQID,
+					  "WorkList for %s maxed out at %d",
+					  qid_printqueue(queuedir),
+					  MaxQueueRun);
 			continue;
 		}
 		if (wn >= WorkListSize)
 		{
-			extern void grow_wlist __P((void));
-
-			grow_wlist();
+			grow_wlist(queuedir);
 			if (wn >= WorkListSize)
 				continue;
 		}
+		w = &WorkList[wn];
 
-		cf = fopen(d->d_name, "r");
+		(void) snprintf(qf, sizeof qf, "%s/%s", qd, d->d_name);
+		if (stat(qf, &sbuf) < 0)
+		{
+			if (errno != ENOENT)
+				sm_syslog(LOG_INFO, NOQID,
+					  "orderq: can't stat %s/%s",
+					  qid_printqueue(queuedir), d->d_name);
+			wn--;
+			continue;
+		}
+		if (!bitset(S_IFREG, sbuf.st_mode))
+		{
+			/* Yikes!  Skip it or we will hang on open! */
+			syserr("orderq: %s/%s is not a regular file",
+			       qid_printqueue(queuedir), d->d_name);
+			wn--;
+			continue;
+		}
+
+		/* avoid work if possible */
+		if (QueueSortOrder == QSO_BYFILENAME)
+		{
+			w->w_name = newstr(d->d_name);
+			w->w_host = NULL;
+			w->w_lock = w->w_tooyoung = FALSE;
+			w->w_pri = 0;
+			w->w_ctime = 0;
+			continue;
+		}
+
+		/* open control file */
+		cf = fopen(qf, "r");
 		if (cf == NULL)
 		{
 			/* this may be some random person sending hir msgs */
 			/* syserr("orderq: cannot open %s", cbuf); */
 			if (tTd(41, 2))
-				printf("orderq: cannot open %s: %s\n",
+				dprintf("orderq: cannot open %s: %s\n",
 					d->d_name, errstring(errno));
 			errno = 0;
 			wn--;
 			continue;
 		}
-		w = &WorkList[wn];
 		w->w_name = newstr(d->d_name);
 		w->w_host = NULL;
 		w->w_lock = !lockfile(fileno(cf), w->w_name, NULL, LOCK_SH|LOCK_NB);
@@ -993,13 +1185,12 @@ orderq(doall)
 		i = NEED_P | NEED_T;
 		if (QueueLimitSender != NULL)
 			i |= NEED_S;
-		if (QueueSortOrder == QS_BYHOST || QueueLimitRecipient != NULL)
+		if (QueueLimitRecipient != NULL)
 			i |= NEED_R;
 		while (i != 0 && fgets(lbuf, sizeof lbuf, cf) != NULL)
 		{
 			int c;
 			time_t age;
-			extern bool strcontainedin __P((char *, char *));
 
 			p = strchr(lbuf, '\n');
 			if (p != NULL)
@@ -1030,7 +1221,10 @@ orderq(doall)
 			  case 'R':
 				if (w->w_host == NULL &&
 				    (p = strrchr(&lbuf[1], '@')) != NULL)
-					w->w_host = newstr(&p[1]);
+				{
+					w->w_host = strrev(&p[1]);
+					makelower(w->w_host);
+				}
 				if (QueueLimitRecipient == NULL)
 				{
 					i &= ~NEED_R;
@@ -1058,17 +1252,17 @@ orderq(doall)
 				break;
 
 			  case 'S':
-				  check = QueueLimitSender;
-				  while (check != NULL)
-				  {
-					  if (strcontainedin(check->queue_match,
-							     &lbuf[1]))
-						  break;
-					  else
-						  check = check->queue_next;
-				  }
-				  if (check != NULL)
-					  i &= ~NEED_S;
+				check = QueueLimitSender;
+				while (check != NULL)
+				{
+					if (strcontainedin(check->queue_match,
+							   &lbuf[1]))
+						break;
+					else
+						check = check->queue_next;
+				}
+				if (check != NULL)
+					i &= ~NEED_S;
 				break;
 
 			  case 'K':
@@ -1082,6 +1276,17 @@ orderq(doall)
 				if (atol(&lbuf[1]) == 0)
 					w->w_tooyoung = FALSE;
 				break;
+
+# if _FFR_QUEUEDELAY
+/*
+			  case 'G':
+				queuealg = atoi(lbuf[1]);
+				break;
+			  case 'Y':
+				queuedelay = (time_t) atol(&lbuf[1]);
+				break;
+*/
+# endif /* _FFR_QUEUEDELAY */
 			}
 		}
 		(void) fclose(cf);
@@ -1091,7 +1296,7 @@ orderq(doall)
 		{
 			/* don't even bother sorting this job in */
 			if (tTd(41, 49))
-				printf("skipping %s (%x)\n", w->w_name, i);
+				dprintf("skipping %s (%x)\n", w->w_name, i);
 			free(w->w_name);
 			if (w->w_host)
 				free(w->w_host);
@@ -1101,15 +1306,15 @@ orderq(doall)
 	(void) closedir(f);
 	wn++;
 
+	WorkQ = NULL;
+	if (WorkList == NULL)
+		return 0;
 	wc = min(wn, WorkListSize);
 	if (wc > MaxQueueRun && MaxQueueRun > 0)
 		wc = MaxQueueRun;
 
-	if (QueueSortOrder == QS_BYHOST)
+	if (QueueSortOrder == QSO_BYHOST)
 	{
-		extern int workcmpf1();
-		extern int workcmpf2();
-
 		/*
 		**  Sort the work directory for the first time,
 		**  based on host name, lock status, and priority.
@@ -1133,8 +1338,6 @@ orderq(doall)
 			w = &WorkList[i];
 			while (++i < wc)
 			{
-				extern int sm_strcasecmp __P((char *, char *));
-
 				if (WorkList[i].w_host == NULL &&
 				    w->w_host == NULL)
 					WorkList[i].w_lock = TRUE;
@@ -1154,20 +1357,24 @@ orderq(doall)
 
 		qsort((char *) WorkList, wc, sizeof *WorkList, workcmpf2);
 	}
-	else if (QueueSortOrder == QS_BYTIME)
+	else if (QueueSortOrder == QSO_BYTIME)
 	{
-		extern int workcmpf3();
-
 		/*
 		**  Simple sort based on submission time only.
 		*/
 
 		qsort((char *) WorkList, wc, sizeof *WorkList, workcmpf3);
 	}
-	else
+	else if (QueueSortOrder == QSO_BYFILENAME)
 	{
-		extern int workcmpf0();
+		/*
+		**  Sort based on qf filename.
+		*/
 
+		qsort((char *) WorkList, wc, sizeof *WorkList, workcmpf4);
+	}
+	else
+	{
 		/*
 		**  Simple sort based on queue priority only.
 		*/
@@ -1180,7 +1387,6 @@ orderq(doall)
 	**	Should be turning it into a list of envelopes here perhaps.
 	*/
 
-	WorkQ = NULL;
 	for (i = wc; --i >= 0; )
 	{
 		w = (WORK *) xalloc(sizeof *w);
@@ -1201,16 +1407,23 @@ orderq(doall)
 	if (tTd(40, 1))
 	{
 		for (w = WorkQ; w != NULL; w = w->w_next)
-			printf("%32s: pri=%ld\n", w->w_name, w->w_pri);
+		{
+			if (w->w_host != NULL)
+				dprintf("%22s: pri=%ld %s\n",
+					w->w_name, w->w_pri, w->w_host);
+			else
+				dprintf("%32s: pri=%ld\n",
+					w->w_name, w->w_pri);
+		}
 	}
 
-	return (wn);
+	return wn;
 }
 /*
 **  GROW_WLIST -- make the work list larger
 **
 **	Parameters:
-**		none.
+**		queuedir -- the index for the queue directory.
 **
 **	Returns:
 **		none.
@@ -1221,14 +1434,16 @@ orderq(doall)
 **		should be checked again upon return.
 */
 
-void
-grow_wlist()
+static void
+grow_wlist(queuedir)
+	int queuedir;
 {
 	if (tTd(41, 1))
-		printf("grow_wlist: WorkListSize=%d\n", WorkListSize);
+		dprintf("grow_wlist: WorkListSize=%d\n", WorkListSize);
 	if (WorkList == NULL)
 	{
-		WorkList = (WORK *) xalloc(sizeof(WORK) * (QUEUESEGSIZE + 1));
+		WorkList = (WORK *) xalloc((sizeof *WorkList) *
+					   (QUEUESEGSIZE + 1));
 		WorkListSize = QUEUESEGSIZE;
 	}
 	else
@@ -1243,20 +1458,21 @@ grow_wlist()
 			WorkList = newlist;
 			if (LogLevel > 1)
 			{
-				sm_syslog(LOG_NOTICE, NOQID,
-					"grew WorkList for %s to %d",
-					QueueDir, WorkListSize);
+				sm_syslog(LOG_INFO, NOQID,
+					  "grew WorkList for %s to %d",
+					  qid_printqueue(queuedir),
+					  WorkListSize);
 			}
 		}
 		else if (LogLevel > 0)
 		{
 			sm_syslog(LOG_ALERT, NOQID,
-				"FAILED to grow WorkList for %s to %d",
-				QueueDir, newsize);
+				  "FAILED to grow WorkList for %s to %d",
+				  qid_printqueue(queuedir), newsize);
 		}
 	}
 	if (tTd(41, 1))
-		printf("grow_wlist: WorkListSize now %d\n", WorkListSize);
+		dprintf("grow_wlist: WorkListSize now %d\n", WorkListSize);
 }
 /*
 **  WORKCMPF0 -- simple priority-only compare function.
@@ -1274,7 +1490,7 @@ grow_wlist()
 **		none.
 */
 
-int
+static int
 workcmpf0(a, b)
 	register WORK *a;
 	register WORK *b;
@@ -1307,13 +1523,12 @@ workcmpf0(a, b)
 **		none.
 */
 
-int
+static int
 workcmpf1(a, b)
 	register WORK *a;
 	register WORK *b;
 {
 	int i;
-	extern int sm_strcasecmp __P((char *, char *));
 
 	/* host name */
 	if (a->w_host != NULL && b->w_host == NULL)
@@ -1349,13 +1564,12 @@ workcmpf1(a, b)
 **		none.
 */
 
-int
+static int
 workcmpf2(a, b)
 	register WORK *a;
 	register WORK *b;
 {
 	int i;
-	extern int sm_strcasecmp __P((char *, char *));
 
 	/* lock status */
 	if (a->w_lock != b->w_lock)
@@ -1389,7 +1603,7 @@ workcmpf2(a, b)
 **		none.
 */
 
-int
+static int
 workcmpf3(a, b)
 	register WORK *a;
 	register WORK *b;
@@ -1402,9 +1616,61 @@ workcmpf3(a, b)
 		return 0;
 }
 /*
+**  WORKCMPF4 -- compare based on file name
+**
+**	Parameters:
+**		a -- the first argument.
+**		b -- the second argument.
+**
+**	Returns:
+**		-1 if a < b
+**		 0 if a == b
+**		+1 if a > b
+**
+**	Side Effects:
+**		none.
+*/
+
+static int
+workcmpf4(a, b)
+	register WORK *a;
+	register WORK *b;
+{
+	return strcmp(a->w_name, b->w_name);
+}
+/*
+**  STRREV -- reverse string
+**
+**	Returns a pointer to a new string that is the reverse of
+**	the string pointed to by fwd.  The space for the new
+**	string is obtained using xalloc().
+**
+**	Parameters:
+**		fwd -- the string to reverse.
+**
+**	Returns:
+**		the reversed string.
+*/
+
+static char *
+strrev(fwd)
+	char *fwd;
+{
+	char *rev = NULL;
+	int len, cnt;
+
+	len = strlen(fwd);
+	rev = xalloc(len + 1);
+	for (cnt = 0; cnt < len; ++cnt)
+		rev[cnt] = fwd[len - cnt - 1];
+	rev[len] = '\0';
+	return rev;
+}
+/*
 **  DOWORK -- do a work request.
 **
 **	Parameters:
+**		queuedir -- the index of the queue directory for the job.
 **		id -- the ID of the job to run.
 **		forkflag -- if set, run this in background.
 **		requeueflag -- if set, reinstantiate the queue quickly.
@@ -1421,17 +1687,17 @@ workcmpf3(a, b)
 */
 
 pid_t
-dowork(id, forkflag, requeueflag, e)
+dowork(queuedir, id, forkflag, requeueflag, e)
+	int queuedir;
 	char *id;
 	bool forkflag;
 	bool requeueflag;
 	register ENVELOPE *e;
 {
 	register pid_t pid;
-	extern bool readqf __P((ENVELOPE *));
 
 	if (tTd(40, 1))
-		printf("dowork(%s)\n", id);
+		dprintf("dowork(%s/%s)\n", qid_printqueue(queuedir), id);
 
 	/*
 	**  Fork for work.
@@ -1439,6 +1705,16 @@ dowork(id, forkflag, requeueflag, e)
 
 	if (forkflag)
 	{
+		/*
+		**  Since the delivery may happen in a child and the
+		**  parent does not wait, the parent may close the
+		**  maps thereby removing any shared memory used by
+		**  the map.  Therefore, close the maps now so the
+		**  child will dynamically open them if necessary.
+		*/
+
+		closemaps();
+
 		pid = fork();
 		if (pid < 0)
 		{
@@ -1454,16 +1730,6 @@ dowork(id, forkflag, requeueflag, e)
 		{
 			/* child -- error messages to the transcript */
 			QuickAbort = OnlyOneError = FALSE;
-
-			/*
-			**  Since the delivery may happen in a child and the
-			**  parent does not wait, the parent may close the
-			**  maps thereby removing any shared memory used by
-			**  the map.  Therefore, open a copy of the maps for
-			**  the delivery process.
-			*/
-		
-			initmaps(FALSE, e);
 		}
 	}
 	else
@@ -1483,23 +1749,25 @@ dowork(id, forkflag, requeueflag, e)
 
 		/* set basic modes, etc. */
 		(void) alarm(0);
+		clearstats();
 		clearenvelope(e, FALSE);
 		e->e_flags |= EF_QUEUERUN|EF_GLOBALERRS;
-		e->e_sendmode = SM_DELIVER;
+		set_delivery_mode(SM_DELIVER, e);
 		e->e_errormode = EM_MAIL;
 		e->e_id = id;
+		e->e_queuedir = queuedir;
 		GrabTo = UseErrorsTo = FALSE;
 		ExitStat = EX_OK;
 		if (forkflag)
 		{
 			disconnect(1, e);
-			OpMode = MD_DELIVER;
+			OpMode = MD_QUEUERUN;
 		}
-		sm_setproctitle(TRUE, "%s: from queue", id);
+		sm_setproctitle(TRUE, e, "%s: from queue", qid_printname(e));
 		if (LogLevel > 76)
 			sm_syslog(LOG_DEBUG, e->e_id,
-				"dowork, pid=%d",
-				getpid());
+				  "dowork, pid=%d",
+				  getpid());
 
 		/* don't use the headers from sendmail.cf... */
 		e->e_header = NULL;
@@ -1508,7 +1776,8 @@ dowork(id, forkflag, requeueflag, e)
 		if (!readqf(e))
 		{
 			if (tTd(40, 4) && e->e_id != NULL)
-				printf("readqf(%s) failed\n", e->e_id);
+				dprintf("readqf(%s) failed\n",
+					qid_printname(e));
 			e->e_id = NULL;
 			if (forkflag)
 				finis(FALSE, EX_OK);
@@ -1548,7 +1817,7 @@ dowork(id, forkflag, requeueflag, e)
 **		The queue file is returned locked.
 */
 
-bool
+static bool
 readqf(e)
 	register ENVELOPE *e;
 {
@@ -1561,22 +1830,26 @@ readqf(e)
 	register char *p;
 	char *orcpt = NULL;
 	bool nomore = FALSE;
-	char qf[MAXQFNAME];
+	MODE_T qsafe;
+	char qf[MAXPATHLEN];
 	char buf[MAXLINE];
-	extern ADDRESS *setctluser __P((char *, int));
 
 	/*
 	**  Read and process the file.
 	*/
 
-	strcpy(qf, queuename(e, 'q'));
+	(void) strlcpy(qf, queuename(e, 'q'), sizeof qf);
 	qfp = fopen(qf, "r+");
 	if (qfp == NULL)
 	{
+		int save_errno = errno;
+
 		if (tTd(40, 8))
-			printf("readqf(%s): fopen failure (%s)\n",
+			dprintf("readqf(%s): fopen failure (%s)\n",
 				qf, errstring(errno));
-		if (errno != ENOENT)
+		errno = save_errno;
+		if (errno != ENOENT
+		    )
 			syserr("readqf: no control file %s", qf);
 		return FALSE;
 	}
@@ -1584,8 +1857,10 @@ readqf(e)
 	if (!lockfile(fileno(qfp), qf, NULL, LOCK_EX|LOCK_NB))
 	{
 		/* being processed by another queuer */
-		if (Verbose || tTd(40, 8))
+		if (Verbose)
 			printf("%s: locked\n", e->e_id);
+		if (tTd(40, 8))
+			dprintf("%s: locked\n", e->e_id);
 		if (LogLevel > 19)
 			sm_syslog(LOG_DEBUG, e->e_id, "locked");
 		(void) fclose(qfp);
@@ -1600,25 +1875,33 @@ readqf(e)
 	{
 		/* must have been being processed by someone else */
 		if (tTd(40, 8))
-			printf("readqf(%s): fstat failure (%s)\n",
+			dprintf("readqf(%s): fstat failure (%s)\n",
 				qf, errstring(errno));
-		fclose(qfp);
+		(void) fclose(qfp);
 		return FALSE;
 	}
 
-	if ((st.st_uid != geteuid() && geteuid() != RealUid) ||
-	    bitset(S_IWOTH|S_IWGRP, st.st_mode))
+	qsafe = S_IWOTH|S_IWGRP;
+#if _FFR_QUEUE_FILE_MODE
+	if (bitset(S_IWGRP, QueueFileMode))
+		qsafe &= ~S_IWGRP;
+#endif /* _FFR_QUEUE_FILE_MODE */
+
+	if ((st.st_uid != geteuid() &&
+	     st.st_uid != TrustedUid &&
+	     geteuid() != RealUid) ||
+	    bitset(qsafe, st.st_mode))
 	{
 		if (LogLevel > 0)
 		{
 			sm_syslog(LOG_ALERT, e->e_id,
-				"bogus queue file, uid=%d, mode=%o",
-				st.st_uid, st.st_mode);
+				  "bogus queue file, uid=%d, mode=%o",
+				  st.st_uid, st.st_mode);
 		}
 		if (tTd(40, 8))
-			printf("readqf(%s): bogus file\n", qf);
+			dprintf("readqf(%s): bogus file\n", qf);
 		loseqfile(e, "bogus file uid in mqueue");
-		fclose(qfp);
+		(void) fclose(qfp);
 		return FALSE;
 	}
 
@@ -1627,12 +1910,10 @@ readqf(e)
 		/* must be a bogus file -- if also old, just remove it */
 		if (st.st_ctime + 10 * 60 < curtime())
 		{
-			qf[0] = 'd';
-			(void) unlink(qf);
-			qf[0] = 'q';
-			(void) unlink(qf);
+			(void) xunlink(queuename(e, 'd'));
+			(void) xunlink(queuename(e, 'q'));
 		}
-		fclose(qfp);
+		(void) fclose(qfp);
 		return FALSE;
 	}
 
@@ -1643,7 +1924,7 @@ readqf(e)
 		**  unlinked.  Just assume it is zero length.
 		*/
 
-		fclose(qfp);
+		(void) fclose(qfp);
 		return FALSE;
 	}
 
@@ -1656,25 +1937,28 @@ readqf(e)
 
 	LineNumber = 0;
 	e->e_flags |= EF_GLOBALERRS;
-	OpMode = MD_DELIVER;
+	OpMode = MD_QUEUERUN;
 	ctladdr = NULL;
 	e->e_dfino = -1;
 	e->e_msgsize = -1;
+# if _FFR_QUEUEDELAY
+	e->e_queuealg = QD_LINEAR;
+	e->e_queuedelay = (time_t) 0;
+# endif /* _FFR_QUEUEDELAY */
 	while ((bp = fgetfolded(buf, sizeof buf, qfp)) != NULL)
 	{
-		register char *p;
 		u_long qflags;
 		ADDRESS *q;
 		int mid;
 		auto char *ep;
 
 		if (tTd(40, 4))
-			printf("+++++ %s\n", bp);
+			dprintf("+++++ %s\n", bp);
 		if (nomore)
 		{
 			/* hack attack */
 			syserr("SECURITY ALERT: extra data in qf: %s", bp);
-			fclose(qfp);
+			(void) fclose(qfp);
 			loseqfile(e, "bogus queue line");
 			return FALSE;
 		}
@@ -1686,7 +1970,7 @@ readqf(e)
 				break;
 			syserr("Version number in qf (%d) greater than max (%d)",
 				qfver, QF_VERSION);
-			fclose(qfp);
+			(void) fclose(qfp);
 			loseqfile(e, "unsupported qf file version");
 			return FALSE;
 
@@ -1750,7 +2034,7 @@ readqf(e)
 			break;
 
 		  case 'H':		/* header */
-			(void) chompheader(&bp[1], FALSE, NULL, e);
+			(void) chompheader(&bp[1], 0, NULL, e);
 			hdrsize += strlen(&bp[1]);
 			break;
 
@@ -1767,11 +2051,11 @@ readqf(e)
 			e->e_bodytype = newstr(&bp[1]);
 			break;
 
-#if _FFR_SAVE_CHARSET
+# if _FFR_SAVE_CHARSET
 		  case 'X':		/* character set */
 			e->e_charset = newstr(&bp[1]);
 			break;
-#endif
+# endif /* _FFR_SAVE_CHARSET */
 
 		  case 'D':		/* data file name */
 			/* obsolete -- ignore */
@@ -1785,31 +2069,58 @@ readqf(e)
 			/* regenerated below */
 			break;
 
-		  case 'K':		/* time of last deliver attempt */
+		  case 'K':	/* time of last delivery attempt */
 			e->e_dtime = atol(&buf[1]);
 			break;
 
+# if _FFR_QUEUEDELAY
+		  case 'G':	/* queue delay algorithm */
+			e->e_queuealg = atoi(&buf[1]);
+			break;
+		  case 'Y':	/* current delay */
+			e->e_queuedelay = (time_t) atol(&buf[1]);
+			break;
+# endif /* _FFR_QUEUEDELAY */
+
 		  case 'N':		/* number of delivery attempts */
 			e->e_ntries = atoi(&buf[1]);
 
 			/* if this has been tried recently, let it be */
-			if (e->e_ntries > 0 &&
-			    MinQueueAge > 0 && e->e_dtime <= curtime() &&
-			    curtime() < e->e_dtime + MinQueueAge)
+			if (e->e_ntries > 0 && e->e_dtime <= curtime() &&
+			    curtime() < e->e_dtime + queuedelay(e))
 			{
-				char *howlong = pintvl(curtime() - e->e_dtime, TRUE);
+				char *howlong;
 
-				if (Verbose || tTd(40, 8))
+				howlong = pintvl(curtime() - e->e_dtime, TRUE);
+				if (Verbose)
 					printf("%s: too young (%s)\n",
+					       e->e_id, howlong);
+				if (tTd(40, 8))
+					dprintf("%s: too young (%s)\n",
 						e->e_id, howlong);
 				if (LogLevel > 19)
 					sm_syslog(LOG_DEBUG, e->e_id,
-						"too young (%s)",
-						howlong);
+						  "too young (%s)",
+						  howlong);
 				e->e_id = NULL;
 				unlockqueue(e);
 				return FALSE;
 			}
+			define(macid("{ntries}", NULL), newstr(&buf[1]), e);
+
+# if NAMED_BIND
+			/* adjust BIND parameters immediately */
+			if (e->e_ntries == 0)
+			{
+				_res.retry = TimeOuts.res_retry[RES_TO_FIRST];
+				_res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
+			}
+			else
+			{
+				_res.retry = TimeOuts.res_retry[RES_TO_NORMAL];
+				_res.retrans = TimeOuts.res_retrans[RES_TO_NORMAL];
+			}
+# endif /* NAMED_BIND */
 			break;
 
 		  case 'P':		/* message priority */
@@ -1821,7 +2132,7 @@ readqf(e)
 			{
 				/* we are being spoofed! */
 				syserr("SECURITY ALERT: bogus qf line %s", bp);
-				fclose(qfp);
+				(void) fclose(qfp);
 				loseqfile(e, "bogus queue line");
 				return FALSE;
 			}
@@ -1858,11 +2169,40 @@ readqf(e)
 
 		  case 'Z':		/* original envelope id from ESMTP */
 			e->e_envid = newstr(&bp[1]);
+			define(macid("{dsn_envid}", NULL), newstr(&bp[1]), e);
+			break;
+
+		  case 'A':		/* AUTH= parameter */
+			e->e_auth_param = newstr(&bp[1]);
 			break;
 
 		  case '$':		/* define macro */
-			mid = macid(&bp[1], &ep);
-			define(mid, newstr(ep), e);
+			{
+				char *p;
+
+				mid = macid(&bp[1], &ep);
+				p = newstr(ep);
+				define(mid, p, e);
+
+				/*
+				**  HACK ALERT: Unfortunately, 8.10 and
+				**  8.11 reused the ${if_addr} and
+				**  ${if_family} macros for both the incoming
+				**  interface address/family (getrequests())
+				**  and the outgoing interface address/family
+				**  (makeconnection()).  In order for D_BINDIF
+				**  to work properly, have to preserve the
+				**  incoming information in the queue file for
+				**  later delivery attempts.  The original
+				**  information is stored in the envelope
+				**  in readqf() so it can be stored in
+				**  queueup_macros().  This should be fixed
+				**  in 8.12.
+				*/
+
+				if (strcmp(macname(mid), "if_addr") == 0)
+					e->e_if_macros[EIF_ADDR] = p;
+			}
 			break;
 
 		  case '.':		/* terminate file */
@@ -1872,7 +2212,7 @@ readqf(e)
 		  default:
 			syserr("readqf: %s: line %d: bad line \"%s\"",
 				qf, LineNumber, shortenstring(bp, MAXSHORTSTR));
-			fclose(qfp);
+			(void) fclose(qfp);
 			loseqfile(e, "unrecognized line");
 			return FALSE;
 		}
@@ -1893,6 +2233,15 @@ readqf(e)
 		return TRUE;
 	}
 
+	/* possibly set ${dsn_ret} macro */
+	if (bitset(EF_RET_PARAM, e->e_flags))
+	{
+		if (bitset(EF_NO_BODY_RETN, e->e_flags))
+			define(macid("{dsn_ret}", NULL), "hdrs", e);
+		else
+			define(macid("{dsn_ret}", NULL), "full", e);
+	}
+
 	/*
 	**  Arrange to read the data file.
 	*/
@@ -1917,6 +2266,48 @@ readqf(e)
 	return TRUE;
 }
 /*
+**  PRTSTR -- print a string, "unprintable" characters are shown as \oct
+**
+**	Parameters:
+**		s -- string to print
+**		ml -- maximum length of output
+**
+**	Returns:
+**		none.
+**
+**	Side Effects:
+**		Prints a string on stdout.
+*/
+
+static void
+prtstr(s, ml)
+	char *s;
+	int ml;
+{
+	char c;
+
+	if (s == NULL)
+		return;
+	while (ml-- > 0 && ((c = *s++) != '\0'))
+	{
+		if (c == '\\')
+		{
+			if (ml-- > 0)
+			{
+				putchar(c);
+				putchar(c);
+			}
+		}
+		else if (isascii(c) && isprint(c))
+			putchar(c);
+		else
+		{
+			if ((ml -= 3) > 0)
+				printf("\\%03o", c);
+		}
+	}
+}
+/*
 **  PRINTQUEUE -- print out a representation of the mail queue
 **
 **	Parameters:
@@ -1932,11 +2323,52 @@ readqf(e)
 void
 printqueue()
 {
+	int i, nrequests = 0;
+
+	for (i = 0; i < NumQueues; i++)
+		nrequests += print_single_queue(i);
+	if (NumQueues > 1)
+		printf("\t\tTotal Requests: %d\n", nrequests);
+}
+/*
+**  PRINT_SINGLE_QUEUE -- print out a representation of a single mail queue
+**
+**	Parameters:
+**		queuedir -- queue directory
+**
+**	Returns:
+**		none.
+**
+**	Side Effects:
+**		Prints a listing of the mail queue on the standard output.
+*/
+
+static int
+print_single_queue(queuedir)
+	int queuedir;
+{
 	register WORK *w;
 	FILE *f;
 	int nrequests;
+	char qd[MAXPATHLEN];
+	char qddf[MAXPATHLEN];
 	char buf[MAXLINE];
 
+	if (queuedir == NOQDIR)
+	{
+		(void) strlcpy(qd, ".", sizeof qd);
+		(void) strlcpy(qddf, ".", sizeof qddf);
+	}
+	else
+	{
+		(void) snprintf(qd, sizeof qd, "%s%s",
+				QPaths[queuedir].qp_name,
+				(bitset(QP_SUBQF, QPaths[queuedir].qp_subdirs) ? "/qf" : ""));
+		(void) snprintf(qddf, sizeof qddf, "%s%s",
+				QPaths[queuedir].qp_name,
+				(bitset(QP_SUBDF, QPaths[queuedir].qp_subdirs) ? "/df" : ""));
+	}
+
 	/*
 	**  Check for permission to print the queue
 	*/
@@ -1947,12 +2379,12 @@ printqueue()
 # ifdef NGROUPS_MAX
 		int n;
 		extern GIDSET_T InitialGidSet[NGROUPS_MAX];
-# endif
+# endif /* NGROUPS_MAX */
 
-		if (stat(QueueDir, &st) < 0)
+		if (stat(qd, &st) < 0)
 		{
-			syserr("Cannot stat %s", QueueDir);
-			return;
+			syserr("Cannot stat %s", qid_printqueue(queuedir));
+			return 0;
 		}
 # ifdef NGROUPS_MAX
 		n = NGROUPS_MAX;
@@ -1962,13 +2394,13 @@ printqueue()
 				break;
 		}
 		if (n < 0 && RealGid != st.st_gid)
-# else
+# else /* NGROUPS_MAX */
 		if (RealGid != st.st_gid)
-# endif
+# endif /* NGROUPS_MAX */
 		{
 			usrerr("510 You are not permitted to see the queue");
 			setstat(EX_NOPERM);
-			return;
+			return 0;
 		}
 	}
 
@@ -1976,7 +2408,7 @@ printqueue()
 	**  Read and order the queue.
 	*/
 
-	nrequests = orderq(TRUE);
+	nrequests = orderq(queuedir, TRUE);
 
 	/*
 	**  Print the work list that we have read.
@@ -1985,19 +2417,20 @@ printqueue()
 	/* first see if there is anything */
 	if (nrequests <= 0)
 	{
-		printf("Mail queue is empty\n");
-		return;
+		printf("%s is empty\n", qid_printqueue(queuedir));
+		return 0;
 	}
 
-	CurrentLA = getla();	/* get load average */
+	CurrentLA = sm_getla(NULL);	/* get load average */
 
-	printf("\t\tMail Queue (%d request%s", nrequests, nrequests == 1 ? "" : "s");
+	printf("\t\t%s (%d request%s", qid_printqueue(queuedir), nrequests,
+	       nrequests == 1 ? "" : "s");
 	if (MaxQueueRun > 0 && nrequests > MaxQueueRun)
 		printf(", only %d printed", MaxQueueRun);
 	if (Verbose)
-		printf(")\n--Q-ID-- --Size-- -Priority- ---Q-Time--- -----------Sender/Recipient-----------\n");
+		printf(")\n----Q-ID---- --Size-- -Priority- ---Q-Time--- ---------Sender/Recipient--------\n");
 	else
-		printf(")\n--Q-ID-- --Size-- -----Q-Time----- ------------Sender/Recipient------------\n");
+		printf(")\n----Q-ID---- --Size-- -----Q-Time----- ------------Sender/Recipient------------\n");
 	for (w = WorkQ; w != NULL; w = w->w_next)
 	{
 		struct stat st;
@@ -2007,9 +2440,11 @@ printqueue()
 		int qfver;
 		char statmsg[MAXLINE];
 		char bodytype[MAXNAME + 1];
+		char qf[MAXPATHLEN];
 
-		printf("%8s", w->w_name + 2);
-		f = fopen(w->w_name, "r");
+		printf("%12s", w->w_name + 2);
+		(void) snprintf(qf, sizeof qf, "%s/%s", qd, w->w_name);
+		f = fopen(qf, "r");
 		if (f == NULL)
 		{
 			printf(" (job completed)\n");
@@ -2017,7 +2452,8 @@ printqueue()
 			continue;
 		}
 		w->w_name[0] = 'd';
-		if (stat(w->w_name, &st) >= 0)
+		(void) snprintf(qf, sizeof qf, "%s/%s", qddf, w->w_name);
+		if (stat(qf, &st) >= 0)
 			dfsize = st.st_size;
 		else
 			dfsize = -1;
@@ -2048,42 +2484,47 @@ printqueue()
 			  case 'M':	/* error message */
 				if ((i = strlen(&buf[1])) >= sizeof statmsg)
 					i = sizeof statmsg - 1;
-				bcopy(&buf[1], statmsg, i);
+				memmove(statmsg, &buf[1], i);
 				statmsg[i] = '\0';
 				break;
 
 			  case 'B':	/* body type */
 				if ((i = strlen(&buf[1])) >= sizeof bodytype)
 					i = sizeof bodytype - 1;
-				bcopy(&buf[1], bodytype, i);
+				memmove(bodytype, &buf[1], i);
 				bodytype[i] = '\0';
 				break;
 
 			  case 'S':	/* sender name */
 				if (Verbose)
-					printf("%8ld %10ld%c%.12s %.78s",
-					    dfsize,
-					    w->w_pri,
-					    bitset(EF_WARNING, flags) ? '+' : ' ',
-					    ctime(&submittime) + 4,
-					    &buf[1]);
+				{
+					printf("%8ld %10ld%c%.12s ",
+					       dfsize,
+					       w->w_pri,
+					       bitset(EF_WARNING, flags) ? '+' : ' ',
+					       ctime(&submittime) + 4);
+					prtstr(&buf[1], 78);
+				}
 				else
-					printf("%8ld %.16s %.45s", dfsize,
-					    ctime(&submittime), &buf[1]);
+				{
+					printf("%8ld %.16s ", dfsize,
+					    ctime(&submittime));
+					prtstr(&buf[1], 40);
+				}
 				if (statmsg[0] != '\0' || bodytype[0] != '\0')
 				{
 					printf("\n    %10.10s", bodytype);
 					if (statmsg[0] != '\0')
 						printf("   (%.*s)",
-							Verbose ? 100 : 60,
-							statmsg);
+						       Verbose ? 100 : 60,
+						       statmsg);
 				}
 				break;
 
 			  case 'C':	/* controlling user */
 				if (Verbose)
 					printf("\n\t\t\t\t      (---%.74s---)",
-						&buf[1]);
+					       &buf[1]);
 				break;
 
 			  case 'R':	/* recipient name */
@@ -2096,9 +2537,15 @@ printqueue()
 					p++;
 				}
 				if (Verbose)
-					printf("\n\t\t\t\t\t  %.78s", p);
+				{
+					printf("\n\t\t\t\t\t      ");
+					prtstr(p, 73);
+				}
 				else
-					printf("\n\t\t\t\t   %.45s", p);
+				{
+					printf("\n\t\t\t\t       ");
+					prtstr(p, 40);
+				}
 				break;
 
 			  case 'T':	/* creation time */
@@ -2122,148 +2569,173 @@ printqueue()
 		printf("\n");
 		(void) fclose(f);
 	}
+	return nrequests;
 }
-
-# endif /* QUEUE */
 /*
 **  QUEUENAME -- build a file name in the queue directory for this envelope.
 **
-**	Assigns an id code if one does not already exist.
-**	This code is very careful to avoid trashing existing files
-**	under any circumstances.
-**
 **	Parameters:
 **		e -- envelope to build it in/from.
 **		type -- the file type, used as the first character
 **			of the file name.
 **
 **	Returns:
-**		a pointer to the new file name (in a static buffer).
+**		a pointer to the queue name (in a static buffer).
 **
 **	Side Effects:
-**		If no id code is already assigned, queuename will
-**		assign an id code, create a qf file, and leave a
-**		locked, open-for-write file pointer in the envelope.
+**		If no id code is already assigned, queuename() will
+**		assign an id code with assign_queueid().  If no queue
+**		directory is assigned, one will be set with setnewqueue().
 */
 
-#ifndef ENOLCK
-# define ENOLCK		-1
-#endif
-#ifndef ENOSPC
-# define ENOSPC		-1
-#endif
-
 char *
 queuename(e, type)
 	register ENVELOPE *e;
 	int type;
 {
-	static pid_t pid = -1;
-	static char c0;
-	static char c1;
-	static char c2;
-	time_t now;
-	struct tm *tm;
-	static char buf[MAXNAME + 1];
+	char *sub = "";
+	static char buf[MAXPATHLEN];
 
+	/* Assign an ID if needed */
 	if (e->e_id == NULL)
-	{
-		char qf[MAXQFNAME];
+		assign_queueid(e);
+
+	/* Assign a queue directory if needed */
+	if (e->e_queuedir == NOQDIR)
+		setnewqueue(e);
 
-		/* find a unique id */
-		if (pid != getpid())
+	if (e->e_queuedir == NOQDIR)
+		(void) snprintf(buf, sizeof buf, "%cf%s",
+				type, e->e_id);
+	else
+	{
+		switch (type)
 		{
-			/* new process -- start back at "AA" */
-			pid = getpid();
-			now = curtime();
-			tm = localtime(&now);
-			c0 = 'A' + tm->tm_hour;
-			c1 = 'A';
-			c2 = 'A' - 1;
+		  case 'd':
+			if (bitset(QP_SUBDF, QPaths[e->e_queuedir].qp_subdirs))
+				sub = "/df";
+			break;
+
+		  case 'T':
+		  case 't':
+		  case 'Q':
+		  case 'q':
+			if (bitset(QP_SUBQF, QPaths[e->e_queuedir].qp_subdirs))
+				sub = "/qf";
+			break;
+
+		  case 'x':
+			if (bitset(QP_SUBXF, QPaths[e->e_queuedir].qp_subdirs))
+				sub = "/xf";
+			break;
 		}
-		(void) snprintf(qf, sizeof qf, "qf%cAA%05d", c0, pid);
 
-		while (c1 < '~' || c2 < 'Z')
-		{
-			int i;
-			int attempts = 0;
+		(void) snprintf(buf, sizeof buf, "%s%s/%cf%s",
+				QPaths[e->e_queuedir].qp_name,
+				sub, type, e->e_id);
+	}
 
-			if (c2 >= 'Z')
-			{
-				c1++;
-				c2 = 'A' - 1;
-			}
-			qf[3] = c1;
-			qf[4] = ++c2;
-			if (tTd(7, 20))
-				printf("queuename: trying \"%s\"\n", qf);
+	if (tTd(7, 2))
+		dprintf("queuename: %s\n", buf);
+	return buf;
+}
+/*
+**  ASSIGN_QUEUEID -- assign a queue ID for this envelope.
+**
+**	Assigns an id code if one does not already exist.
+**	This code assumes that nothing will remain in the queue for
+**	longer than 60 years.  It is critical that files with the given
+**	name not already exist in the queue.
+**	Also initializes e_queuedir to NOQDIR.
+**
+**	Parameters:
+**		e -- envelope to set it in.
+**
+**	Returns:
+**		none.
+*/
 
-			i = open(qf, O_WRONLY|O_CREAT|O_EXCL, FileMode);
-			if (i < 0)
-			{
-				if (errno == EEXIST)
-					continue;
-				syserr("queuename: Cannot create \"%s\" in \"%s\" (euid=%d)",
-					qf, QueueDir, geteuid());
-				finis(FALSE, EX_UNAVAILABLE);
-			}
-			do
-			{
-				if (attempts > 0)
-					sleep(attempts);
-				e->e_lockfp = 0;
-				if (lockfile(i, qf, NULL, LOCK_EX|LOCK_NB))
-				{
-					e->e_lockfp = fdopen(i, "w");
-					break;
-				}
-			} while ((errno == ENOLCK || errno == ENOSPC) &&
-				 attempts++ < 4);
+static char	Base60Code[] =	"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwx";
 
-			/* Successful lock */
-			if (e->e_lockfp != 0)
-				break;
+void
+assign_queueid(e)
+	register ENVELOPE *e;
+{
+	pid_t pid = getpid();
+	static char cX = 0;
+	static long random_offset;
+	struct tm *tm;
+	char idbuf[MAXQFNAME - 2];
 
-#if !HASFLOCK
-			if (errno != EAGAIN && errno != EACCES)
-#else
-			if (errno != EWOULDBLOCK)
-#endif
-			{
-				syserr("queuename: Cannot lock \"%s\" in \"%s\" (euid=%d)",
-					qf, QueueDir, geteuid());
-				finis(FALSE, EX_OSERR);
-			}
+	if (e->e_id != NULL)
+		return;
 
-			/* a reader got the file; abandon it and try again */
-			(void) close(i);
-		}
-		if (c1 >= '~' && c2 >= 'Z')
-		{
-			syserr("queuename: Cannot create \"%s\" in \"%s\" (euid=%d)",
-				qf, QueueDir, geteuid());
-			finis(FALSE, EX_OSERR);
-		}
-		e->e_id = newstr(&qf[2]);
-		define('i', e->e_id, e);
-		if (tTd(7, 1))
-			printf("queuename: assigned id %s, env=%lx\n",
-			       e->e_id, (u_long) e);
-		if (tTd(7, 9))
+	/* see if we need to get a new base time/pid */
+	if (cX >= 60 || LastQueueTime == 0 || LastQueuePid != pid)
+	{
+		time_t then = LastQueueTime;
+
+		/* if the first time through, pick a random offset */
+		if (LastQueueTime == 0)
+			random_offset = get_random();
+
+		while ((LastQueueTime = curtime()) == then &&
+		       LastQueuePid == pid)
 		{
-			printf("  lockfd=");
-			dumpfd(fileno(e->e_lockfp), TRUE, FALSE);
+			(void) sleep(1);
 		}
-		if (LogLevel > 93)
-			sm_syslog(LOG_DEBUG, e->e_id, "assigned id");
+		LastQueuePid = getpid();
+		cX = 0;
 	}
-
-	if (type == '\0')
-		return (NULL);
-	(void) snprintf(buf, sizeof buf, "%cf%s", type, e->e_id);
-	if (tTd(7, 2))
-		printf("queuename: %s\n", buf);
-	return (buf);
+	if (tTd(7, 50))
+		dprintf("assign_queueid: random_offset = %ld (%d)\n",
+			random_offset, (int)(cX + random_offset) % 60);
+
+	tm = gmtime(&LastQueueTime);
+	idbuf[0] = Base60Code[tm->tm_year % 60];
+	idbuf[1] = Base60Code[tm->tm_mon];
+	idbuf[2] = Base60Code[tm->tm_mday];
+	idbuf[3] = Base60Code[tm->tm_hour];
+	idbuf[4] = Base60Code[tm->tm_min];
+	idbuf[5] = Base60Code[tm->tm_sec];
+	idbuf[6] = Base60Code[((int)cX++ + random_offset) % 60];
+	(void) snprintf(&idbuf[7], sizeof idbuf - 7, "%05d",
+			(int) LastQueuePid);
+	e->e_id = newstr(idbuf);
+	define('i', e->e_id, e);
+	e->e_queuedir = NOQDIR;
+	if (tTd(7, 1))
+		dprintf("assign_queueid: assigned id %s, e=%lx\n",
+			e->e_id, (u_long) e);
+	if (LogLevel > 93)
+		sm_syslog(LOG_DEBUG, e->e_id, "assigned id");
+}
+/*
+**  SYNC_QUEUE_TIME -- Assure exclusive PID in any given second
+**
+**	Make sure one PID can't be used by two processes in any one second.
+**
+**		If the system rotates PIDs fast enough, may get the
+**		same pid in the same second for two distinct processes.
+**		This will interfere with the queue file naming system.
+**
+**	Parameters:
+**		none
+**
+**	Returns:
+**		none
+*/
+void
+sync_queue_time()
+{
+# if FAST_PID_RECYCLE
+	if (OpMode != MD_TEST &&
+	    OpMode != MD_VERIFY &&
+	    LastQueueTime > 0 &&
+	    LastQueuePid == getpid() &&
+	    curtime() == LastQueueTime)
+		(void) sleep(1);
+# endif /* FAST_PID_RECYCLE */
 }
 /*
 **  UNLOCKQUEUE -- unlock the queue entry for a specified envelope
@@ -2283,12 +2755,13 @@ unlockqueue(e)
 	ENVELOPE *e;
 {
 	if (tTd(51, 4))
-		printf("unlockqueue(%s)\n",
+		dprintf("unlockqueue(%s)\n",
 			e->e_id == NULL ? "NOQUEUE" : e->e_id);
 
+
 	/* if there is a lock file in the envelope, close it */
 	if (e->e_lockfp != NULL)
-		xfclose(e->e_lockfp, "unlockqueue", e->e_id);
+		(void) fclose(e->e_lockfp);
 	e->e_lockfp = NULL;
 
 	/* don't create a queue id if we don't already have one */
@@ -2319,7 +2792,7 @@ unlockqueue(e)
 **		none.
 */
 
-ADDRESS *
+static ADDRESS *
 setctluser(user, qfver)
 	char *user;
 	int qfver;
@@ -2340,7 +2813,7 @@ setctluser(user, qfver)
 	*/
 
 	a = (ADDRESS *) xalloc(sizeof *a);
-	bzero((char *) a, sizeof *a);
+	memset((char *) a, '\0', sizeof *a);
 
 	if (*user == '\0')
 	{
@@ -2377,10 +2850,10 @@ setctluser(user, qfver)
 		}
 	}
 
-	a->q_flags |= QPRIMARY;		/* flag as a "ctladdr"  */
+	a->q_flags |= QPRIMARY;		/* flag as a "ctladdr" */
 	a->q_mailer = LocalMailer;
 	if (p == NULL)
-		a->q_paddr = a->q_user;
+		a->q_paddr = newstr(a->q_user);
 	else
 		a->q_paddr = newstr(p);
 	return a;
@@ -2396,27 +2869,500 @@ setctluser(user, qfver)
 **		none.
 */
 
+# define LOSEQF_LETTER 'Q'
+
 void
 loseqfile(e, why)
 	register ENVELOPE *e;
 	char *why;
 {
 	char *p;
-	char buf[MAXQFNAME + 1];
+	char buf[MAXPATHLEN];
 
 	if (e == NULL || e->e_id == NULL)
 		return;
 	p = queuename(e, 'q');
-	if (strlen(p) > MAXQFNAME)
-	{
-		syserr("loseqfile: queuename (%s) too long", p);
+	if (strlen(p) >= (SIZE_T) sizeof buf)
 		return;
-	}
-	strcpy(buf, p);
-	p = queuename(e, 'Q');
+	(void) strlcpy(buf, p, sizeof buf);
+	p = queuename(e, LOSEQF_LETTER);
 	if (rename(buf, p) < 0)
 		syserr("cannot rename(%s, %s), uid=%d", buf, p, geteuid());
 	else if (LogLevel > 0)
 		sm_syslog(LOG_ALERT, e->e_id,
-			"Losing %s: %s", buf, why);
+			  "Losing %s: %s", buf, why);
+}
+/*
+**  QID_PRINTNAME -- create externally printable version of queue id
+**
+**	Parameters:
+**		e -- the envelope.
+**
+**	Returns:
+**		a printable version
+*/
+
+char *
+qid_printname(e)
+	ENVELOPE *e;
+{
+	char *id;
+	static char idbuf[MAXQFNAME + 34];
+
+	if (e == NULL)
+		return "";
+
+	if (e->e_id == NULL)
+		id = "";
+	else
+		id = e->e_id;
+
+	if (e->e_queuedir == NOQDIR)
+		return id;
+
+	(void) snprintf(idbuf, sizeof idbuf, "%.32s/%s",
+			QPaths[e->e_queuedir].qp_name, id);
+	return idbuf;
+}
+/*
+**  QID_PRINTQUEUE -- create full version of queue directory for df files
+**
+**	Parameters:
+**		queuedir -- the short version of the queue directory
+**
+**	Returns:
+**		the full pathname to the queue (static)
+*/
+
+char *
+qid_printqueue(queuedir)
+	int queuedir;
+{
+	char *subdir;
+	static char dir[MAXPATHLEN];
+
+	if (queuedir == NOQDIR)
+		return QueueDir;
+
+	if (strcmp(QPaths[queuedir].qp_name, ".") == 0)
+		subdir = NULL;
+	else
+		subdir = QPaths[queuedir].qp_name;
+
+	(void) snprintf(dir, sizeof dir, "%s%s%s%s", QueueDir,
+			subdir == NULL ? "" : "/",
+			subdir == NULL ? "" : subdir,
+			(bitset(QP_SUBDF, QPaths[queuedir].qp_subdirs) ? "/df" : ""));
+	return dir;
+}
+/*
+**  SETNEWQUEUE -- Sets a new queue directory
+**
+**	Assign a queue directory to an envelope and store the directory
+**	in e->e_queuedir.  The queue is chosen at random.
+**
+**	This routine may be improved in the future to allow for more
+**	elaborate queueing schemes.  Suggestions and code contributions
+**	are welcome.
+**
+**	Parameters:
+**		e -- envelope to assign a queue for.
+**
+**	Returns:
+**		none.
+*/
+
+void
+setnewqueue(e)
+	ENVELOPE *e;
+{
+	int idx;
+
+	if (tTd(41, 20))
+		dprintf("setnewqueue: called\n");
+
+	if (e->e_queuedir != NOQDIR)
+	{
+		if (tTd(41, 20))
+			dprintf("setnewqueue: e_queuedir already assigned (%s)\n",
+				qid_printqueue(e->e_queuedir));
+		return;
+	}
+
+	if (NumQueues == 1)
+		idx = 0;
+	else
+	{
+#if RANDOMSHIFT
+		/* lower bits are not random "enough", select others */
+		idx = (get_random() >> RANDOMSHIFT) % NumQueues;
+#else /* RANDOMSHIFT */
+		idx = get_random() % NumQueues;
+#endif /* RANDOMSHIFT */
+		if (tTd(41, 15))
+			dprintf("setnewqueue: get_random() %% %d = %d\n",
+				NumQueues, idx);
+	}
+
+	e->e_queuedir = idx;
+	if (tTd(41, 3))
+		dprintf("setnewqueue: Assigned queue directory %s\n",
+			qid_printqueue(e->e_queuedir));
+}
+
+/*
+**  CHKQDIR -- check a queue directory
+**
+**	Parameters:
+**		name -- name of queue directory
+**		sff -- flags for safefile()
+**
+**	Returns:
+**		is it a queue directory?
+*/
+
+static bool
+chkqdir(name, sff)
+	char *name;
+	long sff;
+{
+	struct stat statb;
+	int i;
+
+# if HASLSTAT
+	if (lstat(name, &statb) < 0)
+# else /* HASLSTAT */
+	if (stat(name, &statb) < 0)
+# endif /* HASLSTAT */
+	{
+		if (tTd(41, 2))
+			dprintf("multiqueue_cache: stat(\"%s\"): %s\n",
+				name, errstring(errno));
+		return FALSE;
+	}
+# if HASLSTAT
+	if (S_ISLNK(statb.st_mode))
+	{
+		/*
+		**  For a symlink we need to make sure the
+		**  target is a directory
+		*/
+		if (stat(name, &statb) < 0)
+		{
+			if (tTd(41, 2))
+				dprintf("multiqueue_cache: stat(\"%s\"): %s\n",
+					name, errstring(errno));
+			return FALSE;
+		}
+	}
+# endif /* HASLSTAT */
+
+	if (!S_ISDIR(statb.st_mode))
+	{
+		if (tTd(41, 2))
+			dprintf("multiqueue_cache: \"%s\": Not a directory\n",
+				name);
+		return FALSE;
+	}
+
+	/* Print a warning if unsafe (but still use it) */
+	i = safedirpath(name, RunAsUid, RunAsGid, NULL, sff, 0, 0);
+	if (i != 0 && tTd(41, 2))
+		dprintf("multiqueue_cache: \"%s\": Not safe: %s\n",
+			name, errstring(i));
+	return TRUE;
+}
+
+/*
+**  MULTIQUEUE_CACHE -- cache a list of paths to queues.
+**
+**	Each potential queue is checked as the cache is built.
+**	Thereafter, each is blindly trusted.
+**	Note that we can be called again after a timeout to rebuild
+**	(although code for that is not ready yet).
+**
+**	Parameters:
+**		none
+**
+**	Returns:
+**		none
+*/
+
+void
+multiqueue_cache()
+{
+	register DIR *dp;
+	register struct dirent *d;
+	char *cp;
+	int i, len;
+	int slotsleft = 0;
+	long sff = SFF_ANYFILE;
+	char qpath[MAXPATHLEN];
+	char subdir[MAXPATHLEN];
+
+	if (tTd(41, 20))
+		dprintf("multiqueue_cache: called\n");
+
+	if (NumQueues != 0 && QPaths != NULL)
+	{
+		for (i = 0; i < NumQueues; i++)
+		{
+			if (QPaths[i].qp_name != NULL)
+				(void) free(QPaths[i].qp_name);
+		}
+		(void) free((char *)QPaths);
+		QPaths = NULL;
+		NumQueues = 0;
+	}
+
+	/* If running as root, allow safedirpath() checks to use privs */
+	if (RunAsUid == 0)
+		sff |= SFF_ROOTOK;
+
+	(void) snprintf(qpath, sizeof qpath, "%s", QueueDir);
+	len = strlen(qpath) - 1;
+	cp = &qpath[len];
+	if (*cp == '*')
+	{
+		*cp = '\0';
+		if ((cp = strrchr(qpath, '/')) == NULL)
+		{
+			syserr("QueueDirectory: can not wildcard relative path");
+			if (tTd(41, 2))
+				dprintf("multiqueue_cache: \"%s\": Can not wildcard relative path.\n",
+					QueueDir);
+			ExitStat = EX_CONFIG;
+			return;
+		}
+		if (cp == qpath)
+		{
+			/*
+			**  Special case of top level wildcard, like /foo*
+			*/
+
+			(void) snprintf(qpath + 1, sizeof qpath - 1,
+					"%s", qpath);
+			++cp;
+		}
+		*(cp++) = '\0';
+		len = strlen(cp);
+
+		if (tTd(41, 2))
+			dprintf("multiqueue_cache: prefix=\"%s\"\n", cp);
+
+		QueueDir = newstr(qpath);
+
+		/*
+		**  XXX Should probably wrap this whole loop in a timeout
+		**  in case some wag decides to NFS mount the queues.
+		*/
+
+		/* test path to get warning messages */
+		i= safedirpath(QueueDir, RunAsUid, RunAsGid, NULL, sff, 0, 0);
+		if (i != 0 && tTd(41, 2))
+			dprintf("multiqueue_cache: \"%s\": Not safe: %s\n",
+				QueueDir, errstring(i));
+
+		if (chdir(QueueDir) < 0)
+		{
+			syserr("can not chdir(%s)", QueueDir);
+			if (tTd(41, 2))
+				dprintf("multiqueue_cache: \"%s\": %s\n",
+					qpath, errstring(errno));
+			ExitStat = EX_CONFIG;
+			return;
+		}
+
+		if ((dp = opendir(".")) == NULL)
+		{
+			syserr("can not opendir(%s)", QueueDir);
+			if (tTd(41, 2))
+				dprintf("multiqueue_cache: opendir(\"%s\"): %s\n",
+					QueueDir, errstring(errno));
+			ExitStat = EX_CONFIG;
+			return;
+		}
+		while ((d = readdir(dp)) != NULL)
+		{
+			if (strncmp(d->d_name, cp, len) != 0)
+			{
+				if (tTd(41, 5))
+					dprintf("multiqueue_cache: \"%s\", skipped\n",
+						d->d_name);
+				continue;
+			}
+			if (!chkqdir(d->d_name, sff))
+				continue;
+
+			if (QPaths == NULL)
+			{
+				slotsleft = 20;
+				QPaths = (QPATHS *)xalloc((sizeof *QPaths) *
+							  slotsleft);
+				NumQueues = 0;
+			}
+			else if (slotsleft < 1)
+			{
+				QPaths = (QPATHS *)realloc((char *)QPaths,
+							  (sizeof *QPaths) *
+							  (NumQueues + 10));
+				if (QPaths == NULL)
+				{
+					(void) closedir(dp);
+					return;
+				}
+				slotsleft += 10;
+			}
+
+			/* check subdirs */
+			QPaths[NumQueues].qp_subdirs = QP_NOSUB;
+			(void) snprintf(subdir, sizeof subdir, "%s/%s/%s",
+					qpath, d->d_name, "qf");
+			if (chkqdir(subdir, sff))
+				QPaths[NumQueues].qp_subdirs |= QP_SUBQF;
+
+			(void) snprintf(subdir, sizeof subdir, "%s/%s/%s",
+					qpath, d->d_name, "df");
+			if (chkqdir(subdir, sff))
+				QPaths[NumQueues].qp_subdirs |= QP_SUBDF;
+
+			(void) snprintf(subdir, sizeof subdir, "%s/%s/%s",
+					qpath, d->d_name, "xf");
+			if (chkqdir(subdir, sff))
+				QPaths[NumQueues].qp_subdirs |= QP_SUBXF;
+
+			/* assert(strlen(d->d_name) < MAXPATHLEN - 14) */
+			/* maybe even - 17 (subdirs) */
+			QPaths[NumQueues].qp_name = newstr(d->d_name);
+			if (tTd(41, 2))
+				dprintf("multiqueue_cache: %d: \"%s\" cached (%x).\n",
+					NumQueues, d->d_name,
+					QPaths[NumQueues].qp_subdirs);
+			NumQueues++;
+			slotsleft--;
+		}
+		(void) closedir(dp);
+	}
+	if (NumQueues == 0)
+	{
+		if (*cp != '*' && tTd(41, 2))
+			dprintf("multiqueue_cache: \"%s\": No wildcard suffix character\n",
+				QueueDir);
+		QPaths = (QPATHS *)xalloc(sizeof *QPaths);
+		QPaths[0].qp_name = newstr(".");
+		QPaths[0].qp_subdirs = QP_NOSUB;
+		NumQueues = 1;
+
+		/* test path to get warning messages */
+		(void) safedirpath(QueueDir, RunAsUid, RunAsGid,
+				   NULL, sff, 0, 0);
+		if (chdir(QueueDir) < 0)
+		{
+			syserr("can not chdir(%s)", QueueDir);
+			if (tTd(41, 2))
+				dprintf("multiqueue_cache: \"%s\": %s\n",
+					QueueDir, errstring(errno));
+			ExitStat = EX_CONFIG;
+		}
+
+		/* check subdirs */
+		(void) snprintf(subdir, sizeof subdir, "%s/qf", QueueDir);
+		if (chkqdir(subdir, sff))
+			QPaths[0].qp_subdirs |= QP_SUBQF;
+
+		(void) snprintf(subdir, sizeof subdir, "%s/df",	QueueDir);
+		if (chkqdir(subdir, sff))
+			QPaths[0].qp_subdirs |= QP_SUBDF;
+
+		(void) snprintf(subdir, sizeof subdir, "%s/xf", QueueDir);
+		if (chkqdir(subdir, sff))
+			QPaths[0].qp_subdirs |= QP_SUBXF;
+	}
+}
+
+# if 0
+/*
+**  HASHFQN -- calculate a hash value for a fully qualified host name
+**
+**	Arguments:
+**		fqn -- an all lower-case host.domain string
+**		buckets -- the number of buckets (queue directories)
+**
+**	Returns:
+**		a bucket number (signed integer)
+**		-1 on error
+**
+**	Contributed by Exactis.com, Inc.
+*/
+
+int
+hashfqn(fqn, buckets)
+	register char *fqn;
+	int buckets;
+{
+	register char *p;
+	register int h = 0, hash, cnt;
+#  define WATERINC (1000)
+
+	if (fqn == NULL)
+		return -1;
+
+	/*
+	**  A variation on the gdb hash
+	**  This is the best as of Feb 19, 1996 --bcx
+	*/
+
+	p = fqn;
+	h = 0x238F13AF * strlen(p);
+	for (cnt = 0; *p != 0; ++p, cnt++)
+	{
+		h = (h + (*p << (cnt * 5 % 24))) & 0x7FFFFFFF;
+	}
+	h = (1103515243 * h + 12345) & 0x7FFFFFFF;
+	if (buckets < 2)
+		hash = 0;
+	else
+		hash = (h % buckets);
+
+	return hash;
+}
+# endif /* 0 */
+
+# if _FFR_QUEUEDELAY
+/*
+**  QUEUEDELAY -- compute queue delay time
+**
+**	Parameters:
+**		e -- the envelope to queue up.
+**
+**	Returns:
+**		queue delay time
+**
+**	Side Effects:
+**		may change e_queuedelay
+*/
+
+static time_t
+queuedelay(e)
+	ENVELOPE *e;
+{
+	time_t qd;
+
+	if (e->e_queuealg == QD_EXP)
+	{
+		if (e->e_queuedelay == 0)
+			e->e_queuedelay = QueueInitDelay;
+		else
+		{
+			e->e_queuedelay *= 2;
+			if (e->e_queuedelay > QueueMaxDelay)
+				e->e_queuedelay = QueueMaxDelay;
+		}
+		qd = e->e_queuedelay;
+	}
+	else
+		qd = MinQueueAge;
+	return qd;
 }
+# endif /* _FFR_QUEUEDELAY */
+#endif /* QUEUE */
diff --git a/contrib/sendmail/src/readcf.c b/contrib/sendmail/src/readcf.c
index df40097..2521435 100644
--- a/contrib/sendmail/src/readcf.c
+++ b/contrib/sendmail/src/readcf.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,14 +12,25 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)readcf.c	8.238 (Berkeley) 1/28/1999";
-#endif /* not lint */
+static char id[] = "@(#)$Id: readcf.c,v 8.382.4.14 2000/07/12 00:00:27 geir Exp $";
+#endif /* ! lint */
 
-# include "sendmail.h"
-# include <grp.h>
-#if NAMED_BIND
-# include <resolv.h>
-#endif
+#include <sendmail.h>
+
+
+#if NETINET || NETINET6
+# include <arpa/inet.h>
+#endif /* NETINET || NETINET6 */
+
+#define SECONDS
+#define MINUTES	* 60
+#define HOUR	* 3600
+#define HOURS	HOUR
+
+static void	fileclass __P((int, char *, char *, bool, bool));
+static char	**makeargv __P((char *));
+static void	settimeout __P((char *, char *, bool));
+static void	toomany __P((int, int));
 
 /*
 **  READCF -- read configuration file.
@@ -74,7 +86,7 @@ readcf(cfname, safe, e)
 	register ENVELOPE *e;
 {
 	FILE *cf;
-	int ruleset = 0;
+	int ruleset = -1;
 	char *q;
 	struct rewrite *rwp = NULL;
 	char *bp;
@@ -84,18 +96,13 @@ readcf(cfname, safe, e)
 	bool optional;
 	int mid;
 	register char *p;
-	int sff = SFF_OPENASROOT;
+	long sff = SFF_OPENASROOT;
 	struct stat statb;
 	char buf[MAXLINE];
 	char exbuf[MAXLINE];
 	char pvpbuf[MAXLINE + MAXATOM];
 	static char *null_list[1] = { NULL };
-	extern char **copyplist __P((char **, bool));
-	extern char *munchstring __P((char *, char **, int));
-	extern void fileclass __P((int, char *, char *, bool, bool));
-	extern void toomany __P((int, int));
-	extern void translate_dollars __P((char *));
-	extern void inithostmaps __P((void));
+	extern u_char TokTypeNoC[];
 
 	FileName = cfname;
 	LineNumber = 0;
@@ -128,13 +135,13 @@ readcf(cfname, safe, e)
 				FileName);
 		if (LogLevel > 0)
 			sm_syslog(LOG_CRIT, NOQID,
-				"%s: WARNING: dangerous write permissions",
-				FileName);
+				  "%s: WARNING: dangerous write permissions",
+				  FileName);
 	}
 
 #ifdef XLA
 	xla_zero();
-#endif
+#endif /* XLA */
 
 	while ((bp = fgetfolded(buf, sizeof buf, cf)) != NULL)
 	{
@@ -157,6 +164,11 @@ readcf(cfname, safe, e)
 			break;
 
 		  case 'R':		/* rewriting rule */
+			if (ruleset < 0)
+			{
+				syserr("missing valid ruleset for \"%s\"", bp);
+				break;
+			}
 			for (p = &bp[1]; *p != '\0' && *p != '\t'; p++)
 				continue;
 
@@ -183,7 +195,8 @@ readcf(cfname, safe, e)
 			*p = '\0';
 			expand(&bp[1], exbuf, sizeof exbuf, e);
 			rwp->r_lhs = prescan(exbuf, '\t', pvpbuf,
-					     sizeof pvpbuf, NULL, NULL);
+					     sizeof pvpbuf, NULL,
+					     ConfigLevel >= 9 ? TokTypeNoC : NULL);
 			nfuzzy = 0;
 			if (rwp->r_lhs != NULL)
 			{
@@ -247,6 +260,7 @@ readcf(cfname, safe, e)
 						syserr("Inappropriate use of %s on LHS",
 							botch);
 				}
+				rwp->r_line = LineNumber;
 			}
 			else
 			{
@@ -263,7 +277,8 @@ readcf(cfname, safe, e)
 			*p = '\0';
 			expand(q, exbuf, sizeof exbuf, e);
 			rwp->r_rhs = prescan(exbuf, '\t', pvpbuf,
-					     sizeof pvpbuf, NULL, NULL);
+					     sizeof pvpbuf, NULL,
+					     ConfigLevel >= 9 ? TokTypeNoC : NULL);
 			if (rwp->r_rhs != NULL)
 			{
 				register char **ap;
@@ -324,11 +339,15 @@ readcf(cfname, safe, e)
 			ruleset = strtorwset(exbuf, NULL, ST_ENTER);
 			if (ruleset < 0)
 				break;
+
 			rwp = RewriteRules[ruleset];
 			if (rwp != NULL)
 			{
-				if (OpMode == MD_TEST || tTd(37, 1))
+				if (OpMode == MD_TEST)
 					printf("WARNING: Ruleset %s has multiple definitions\n",
+					       &bp[1]);
+				if (tTd(37, 1))
+					dprintf("WARNING: Ruleset %s has multiple definitions\n",
 						&bp[1]);
 				while (rwp->r_next != NULL)
 					rwp = rwp->r_next;
@@ -342,7 +361,7 @@ readcf(cfname, safe, e)
 			break;
 
 		  case 'H':		/* required header line */
-			(void) chompheader(&bp[1], TRUE, NULL, e);
+			(void) chompheader(&bp[1], CHHDR_DEF, NULL, e);
 			break;
 
 		  case 'C':		/* word class */
@@ -390,13 +409,16 @@ readcf(cfname, safe, e)
 			}
 			else
 				optional = FALSE;
+
 			file = p;
+			q = p;
+			while (*q != '\0' && !(isascii(*q) && isspace(*q)))
+				q++;
 			if (*file == '|')
 				p = "%s";
 			else
 			{
-				while (*p != '\0' && !(isascii(*p) && isspace(*p)))
-					p++;
+				p = q;
 				if (*p == '\0')
 					p = "%s";
 				else
@@ -413,7 +435,7 @@ readcf(cfname, safe, e)
 		  case 'L':		/* extended load average description */
 			xla_init(&bp[1]);
 			break;
-#endif
+#endif /* XLA */
 
 #if defined(SUN_EXTENSIONS) && defined(SUN_LOOKUP_MACRO)
 		  case 'L':		/* lookup macro */
@@ -423,7 +445,7 @@ readcf(cfname, safe, e)
 				goto badline;
 			sun_lg_config_line(bp, e);
 			break;
-#endif
+#endif /* defined(SUN_EXTENSIONS) && defined(SUN_LOOKUP_MACRO) */
 
 		  case 'M':		/* define mailer */
 			makemailer(&bp[1]);
@@ -454,7 +476,7 @@ readcf(cfname, safe, e)
 				continue;
 			if (!isascii(*p) || !isdigit(*p))
 			{
-				syserr("invalid argument to V line: \"%.20s\"", 
+				syserr("invalid argument to V line: \"%.20s\"",
 					&bp[1]);
 				break;
 			}
@@ -483,8 +505,6 @@ readcf(cfname, safe, e)
 
 			if (*ep++ == '/')
 			{
-				extern bool setvendor __P((char *));
-
 				/* extract vendor code */
 				for (p = ep; isascii(*p) && isalpha(*p); )
 					p++;
@@ -508,6 +528,12 @@ readcf(cfname, safe, e)
 			setuserenv(&bp[1], p);
 			break;
 
+#if _FFR_MILTER
+		  case 'X':		/* mail filter */
+			milter_setup(&bp[1]);
+			break;
+#endif /* _FFR_MILTER */
+
 		  default:
 		  badline:
 			syserr("unknown configuration line \"%s\"", bp);
@@ -520,12 +546,15 @@ readcf(cfname, safe, e)
 		syserr("I/O read error");
 		finis(FALSE, EX_OSFILE);
 	}
-	fclose(cf);
+	(void) fclose(cf);
 	FileName = NULL;
 
 	/* initialize host maps from local service tables */
 	inithostmaps();
 
+	/* initialize daemon (if not defined yet) */
+	initdaemon();
+
 	/* determine if we need to do special name-server frotz */
 	{
 		int nmaps;
@@ -558,7 +587,7 @@ readcf(cfname, safe, e)
 					UseHesiod = TRUE;
 			}
 		}
-#endif
+#endif /* HESIOD */
 	}
 }
 /*
@@ -599,16 +628,16 @@ translate_dollars(bp)
 
 			  case '\\':
 				/* it's backslash escaped */
-				(void) strcpy(p, p + 1);
+				(void) strlcpy(p, p + 1, strlen(p));
 				break;
 
 			  default:
-				/* delete preceeding white space */
+				/* delete leading white space */
 				while (isascii(*p) && isspace(*p) &&
 				       *p != '\n' && p > bp)
 					p--;
 				if ((e = strchr(++p, '\n')) != NULL)
-					(void) strcpy(p, e);
+					(void) strlcpy(p, e, strlen(p));
 				else
 					*p-- = '\0';
 				break;
@@ -622,7 +651,7 @@ translate_dollars(bp)
 		if (p[1] == '$')
 		{
 			/* actual dollar sign.... */
-			(void) strcpy(p, p + 1);
+			(void) strlcpy(p, p + 1, strlen(p));
 			continue;
 		}
 
@@ -635,8 +664,8 @@ translate_dollars(bp)
 
 		/* convert macro name to code */
 		*p = macid(p, &ep);
-		if (ep != p)
-			strcpy(p + 1, ep);
+		if (ep != p + 1)
+			(void) strlcpy(p + 1, ep, strlen(p + 1));
 	}
 
 	/* strip trailing white space from the line */
@@ -657,7 +686,7 @@ translate_dollars(bp)
 **		gives a syserr.
 */
 
-void
+static void
 toomany(id, maxcnt)
 	int id;
 	int maxcnt;
@@ -684,7 +713,7 @@ toomany(id, maxcnt)
 **			the named class.
 */
 
-void
+static void
 fileclass(class, filename, fmt, safe, optional)
 	int class;
 	char *filename;
@@ -693,13 +722,13 @@ fileclass(class, filename, fmt, safe, optional)
 	bool optional;
 {
 	FILE *f;
-	int sff;
+	long sff;
 	pid_t pid;
 	register char *p;
 	char buf[MAXLINE];
 
 	if (tTd(37, 2))
-		printf("fileclass(%s, fmt=%s)\n", filename, fmt);
+		dprintf("fileclass(%s, fmt=%s)\n", filename, fmt);
 
 	if (filename[0] == '|')
 	{
@@ -725,9 +754,10 @@ fileclass(class, filename, fmt, safe, optional)
 	{
 		pid = -1;
 		sff = SFF_REGONLY;
-		if (!bitset(DBS_CLASSFILEINUNSAFEDIRPATH, DontBlameSendmail))
+		if (!bitnset(DBS_CLASSFILEINUNSAFEDIRPATH, DontBlameSendmail))
 			sff |= SFF_SAFEDIRPATH;
-		if (!bitset(DBS_LINKEDCLASSFILEINWRITABLEDIR, DontBlameSendmail))
+		if (!bitnset(DBS_LINKEDCLASSFILEINWRITABLEDIR,
+			     DontBlameSendmail))
 			sff |= SFF_NOWLINK;
 		if (safe)
 			sff |= SFF_OPENASROOT;
@@ -738,26 +768,25 @@ fileclass(class, filename, fmt, safe, optional)
 	if (f == NULL)
 	{
 		if (!optional)
-			syserr("fileclass: cannot open %s", filename);
+			syserr("fileclass: cannot open '%s'", filename);
 		return;
 	}
 
 	while (fgets(buf, sizeof buf, f) != NULL)
 	{
-		register char *p;
-# if SCANF
+#if SCANF
 		char wordbuf[MAXLINE + 1];
-# endif
+#endif /* SCANF */
 
 		if (buf[0] == '#')
 			continue;
-# if SCANF
+#if SCANF
 		if (sscanf(buf, fmt, wordbuf) != 1)
 			continue;
 		p = wordbuf;
-# else /* SCANF */
+#else /* SCANF */
 		p = buf;
-# endif /* SCANF */
+#endif /* SCANF */
 
 		/*
 		**  Break up the match into words.
@@ -808,6 +837,7 @@ fileclass(class, filename, fmt, safe, optional)
 **			   S -- the sender rewriting set
 **			   T -- the mailer type (for DSNs)
 **			   U -- the uid to run as
+**			   W -- the time to wait at the end
 **			The first word is the canonical name of the mailer.
 **
 **	Returns:
@@ -828,12 +858,10 @@ makemailer(line)
 	char fcode;
 	auto char *endp;
 	extern int NextMailer;
-	extern char **makeargv __P((char *));
-	extern char *munchstring __P((char *, char **, int));
 
 	/* allocate a mailer and set up defaults */
 	m = (struct mailer *) xalloc(sizeof *m);
-	bzero((char *) m, sizeof *m);
+	memset((char *) m, '\0', sizeof *m);
 
 	/* collect the mailer name */
 	for (p = line; *p != '\0' && *p != ',' && !(isascii(*p) && isspace(*p)); p++)
@@ -923,6 +951,16 @@ makemailer(line)
 			m->m_maxsize = atol(p);
 			break;
 
+		  case 'm':		/* maximum messages per connection */
+			m->m_maxdeliveries = atoi(p);
+			break;
+
+#if _FFR_DYNAMIC_TOBUF
+		  case 'r':		/* max recipient per envelope */
+			m->m_maxrcpt = atoi(p);
+			break;
+#endif /* _FFR_DYNAMIC_TOBUF */
+
 		  case 'L':		/* maximum line length */
 			m->m_linelimit = atoi(p);
 			if (m->m_linelimit < 0)
@@ -1040,6 +1078,23 @@ makemailer(line)
 				m->m_gid = strtol(p, NULL, 0);
 			}
 			break;
+
+		  case 'W':		/* wait timeout */
+			m->m_wait = convtime(p, 's');
+			break;
+
+		  case '/':		/* new root directory */
+			if (*p == '\0')
+				syserr("mailer %s: null root directory",
+					m->m_name);
+			else
+				m->m_rootdir = newstr(p);
+			break;
+
+		  default:
+			syserr("M%s: unknown mailer equate %c=",
+			       m->m_name, fcode);
+			break;
 		}
 
 		p = delimptr;
@@ -1063,6 +1118,11 @@ makemailer(line)
 		return;
 	}
 
+#if _FFR_DYNAMIC_TOBUF
+	if (m->m_maxrcpt <= 0)
+		m->m_maxrcpt = DEFAULT_MAX_RCPT;
+#endif /* _FFR_DYNAMIC_TOBUF */
+
 	/* do some heuristic cleanup for back compatibility */
 	if (bitnset(M_LIMITS, m->m_flags))
 	{
@@ -1072,18 +1132,51 @@ makemailer(line)
 			setbitn(M_7BITS, m->m_flags);
 	}
 
-	if (strcmp(m->m_mailer, "[IPC]") == 0 ||
-	    strcmp(m->m_mailer, "[TCP]") == 0)
+	if (strcmp(m->m_mailer, "[TCP]") == 0)
 	{
-		if (m->m_mtatype == NULL)
-			m->m_mtatype = "dns";
-		if (m->m_addrtype == NULL)
-			m->m_addrtype = "rfc822";
-		if (m->m_diagtype == NULL)
-			m->m_diagtype = "smtp";
+#if _FFR_REMOVE_TCP_PATH
+		syserr("M%s: P=[TCP] is deprecated, use P=[IPC] instead\n",
+		       m->m_name);
+#else /* _FFR_REMOVE_TCP_PATH */
+		printf("M%s: Warning: P=[TCP] is deprecated, use P=[IPC] instead\n",
+		       m->m_name);
+#endif /* _FFR_REMOVE_TCP_PATH */
 	}
 
-	if (strcmp(m->m_mailer, "[FILE]") == 0)
+	if (strcmp(m->m_mailer, "[IPC]") == 0 ||
+#if !_FFR_REMOVE_TCP_MAILER_PATH
+	    strcmp(m->m_mailer, "[TCP]") == 0
+#endif /* !_FFR_REMOVE_TCP_MAILER_PATH */
+	    )
+	{
+		/* Use the second argument for host or path to socket */
+		if (m->m_argv[0] == NULL || m->m_argv[1] == NULL ||
+		    m->m_argv[1][0] == '\0')
+		{
+			syserr("M%s: too few parameters for %s mailer",
+			       m->m_name, m->m_mailer);
+		}
+		if (strcmp(m->m_argv[0], "TCP") != 0 &&
+#if NETUNIX
+		    strcmp(m->m_argv[0], "FILE") != 0 &&
+#endif /* NETUNIX */
+#if !_FFR_DEPRECATE_IPC_MAILER_ARG
+		    strcmp(m->m_argv[0], "IPC") != 0
+#endif /* !_FFR_DEPRECATE_IPC_MAILER_ARG */
+		    )
+		{
+			printf("M%s: Warning: first argument in %s mailer must be %s\n",
+			       m->m_name, m->m_mailer,
+#if NETUNIX
+			       "TCP or FILE"
+#else /* NETUNIX */
+			       "TCP"
+#endif /* NETUNIX */
+			       );
+		}
+
+	}
+	else if (strcmp(m->m_mailer, "[FILE]") == 0)
 	{
 		/* Use the second argument for filename */
 		if (m->m_argv[0] == NULL || m->m_argv[1] == NULL ||
@@ -1101,6 +1194,23 @@ makemailer(line)
 		}
 	}
 
+	if (strcmp(m->m_mailer, "[IPC]") == 0 ||
+	    strcmp(m->m_mailer, "[TCP]") == 0)
+	{
+		if (m->m_mtatype == NULL)
+			m->m_mtatype = "dns";
+		if (m->m_addrtype == NULL)
+			m->m_addrtype = "rfc822";
+		if (m->m_diagtype == NULL)
+		{
+			if (m->m_argv[0] != NULL &&
+			    strcmp(m->m_argv[0], "FILE") == 0)
+				m->m_diagtype = "x-unix";
+			else
+				m->m_diagtype = "smtp";
+		}
+	}
+
 	if (m->m_eol == NULL)
 	{
 		char **pp;
@@ -1108,8 +1218,6 @@ makemailer(line)
 		/* default for SMTP is \r\n; use \n for local delivery */
 		for (pp = m->m_argv; *pp != NULL; pp++)
 		{
-			char *p;
-
 			for (p = *pp; *p != '\0'; )
 			{
 				if ((*p++ & 0377) == MACROEXPAND && *p == 'u')
@@ -1149,6 +1257,10 @@ makemailer(line)
 **
 **	Returns:
 **		the munched string.
+**
+**	Side Effects:
+**		the munched string is a local static buffer.
+**		it must be copied before the function is called again.
 */
 
 char *
@@ -1204,7 +1316,7 @@ munchstring(p, delimptr, delim)
 	if (delimptr != NULL)
 		*delimptr = p;
 	*q++ = '\0';
-	return (buf);
+	return buf;
 }
 /*
 **  MAKEARGV -- break up a string into words
@@ -1219,7 +1331,7 @@ munchstring(p, delimptr, delim)
 **		munges p.
 */
 
-char **
+static char **
 makeargv(p)
 	register char *p;
 {
@@ -1243,9 +1355,9 @@ makeargv(p)
 
 	/* now make a copy of the argv */
 	avp = (char **) xalloc(sizeof *avp * i);
-	bcopy((char *) argv, (char *) avp, sizeof *avp * i);
+	memmove((char *) avp, (char *) argv, sizeof *avp * i);
 
-	return (avp);
+	return avp;
 }
 /*
 **  PRINTRULES -- print rewrite rules (for debugging)
@@ -1297,11 +1409,25 @@ printmailer(m)
 {
 	int j;
 
-	printf("mailer %d (%s): P=%s S=%d/%d R=%d/%d M=%ld U=%d:%d F=",
-		m->m_mno, m->m_name,
-		m->m_mailer, m->m_se_rwset, m->m_sh_rwset,
-		m->m_re_rwset, m->m_rh_rwset, m->m_maxsize,
-		(int) m->m_uid, (int) m->m_gid);
+	printf("mailer %d (%s): P=%s S=", m->m_mno, m->m_name, m->m_mailer);
+	if (RuleSetNames[m->m_se_rwset] == NULL)
+		printf("%d/", m->m_se_rwset);
+	else
+		printf("%s/", RuleSetNames[m->m_se_rwset]);
+	if (RuleSetNames[m->m_sh_rwset] == NULL)
+		printf("%d R=", m->m_sh_rwset);
+	else
+		printf("%s R=", RuleSetNames[m->m_sh_rwset]);
+	if (RuleSetNames[m->m_re_rwset] == NULL)
+		printf("%d/", m->m_re_rwset);
+	else
+		printf("%s/", RuleSetNames[m->m_re_rwset]);
+	if (RuleSetNames[m->m_rh_rwset] == NULL)
+		printf("%d ", m->m_rh_rwset);
+	else
+		printf("%s ", RuleSetNames[m->m_rh_rwset]);
+	printf("M=%ld U=%d:%d F=", m->m_maxsize,
+	       (int) m->m_uid, (int) m->m_gid);
 	for (j = '\0'; j <= '\177'; j++)
 		if (bitnset(j, m->m_flags))
 			(void) putchar(j);
@@ -1313,6 +1439,9 @@ printmailer(m)
 		m->m_mtatype == NULL ? "<undefined>" : m->m_mtatype,
 		m->m_addrtype == NULL ? "<undefined>" : m->m_addrtype,
 		m->m_diagtype == NULL ? "<undefined>" : m->m_diagtype);
+#if _FFR_DYNAMIC_TOBUF
+	printf(" r=%d", m->m_maxrcpt);
+#endif /* _FFR_DYNAMIC_TOBUF */
 	if (m->m_argv != NULL)
 	{
 		char **a = m->m_argv;
@@ -1347,13 +1476,11 @@ printmailer(m)
 **		Sets options as implied by the arguments.
 */
 
-static BITMAP	StickyOpt;		/* set if option is stuck */
-extern void	settimeout __P((char *, char *));
-
+static BITMAP256	StickyOpt;		/* set if option is stuck */
 
 #if NAMED_BIND
 
-struct resolverflags
+static struct resolverflags
 {
 	char	*rf_name;	/* name of the flag */
 	long	rf_bits;	/* bits to set/clear */
@@ -1372,170 +1499,219 @@ struct resolverflags
 	{ NULL,		0		}
 };
 
-#endif
+#endif /* NAMED_BIND */
+
+#define OI_NONE		0	/* no special treatment */
+#define OI_SAFE		0x0001	/* safe for random people to use */
+#define OI_SUBOPT	0x0002	/* option has suboptions */
 
-struct optioninfo
+static struct optioninfo
 {
 	char	*o_name;	/* long name of option */
 	u_char	o_code;		/* short name of option */
-	bool	o_safe;		/* safe for random people to use */
+	u_short	o_flags;	/* option flags */
 } OptionTab[] =
 {
-	{ "SevenBitInput",		'7',		TRUE	},
+#if defined(SUN_EXTENSIONS) && defined(REMOTE_MODE)
+	{ "RemoteMode",			'>',		OI_NONE	},
+#endif /* defined(SUN_EXTENSIONS) && defined(REMOTE_MODE) */
+	{ "SevenBitInput",		'7',		OI_SAFE	},
 #if MIME8TO7
-	{ "EightBitMode",		'8',		TRUE	},
-#endif
-	{ "AliasFile",			'A',		FALSE	},
-	{ "AliasWait",			'a',		FALSE	},
-	{ "BlankSub",			'B',		FALSE	},
-	{ "MinFreeBlocks",		'b',		TRUE	},
-	{ "CheckpointInterval",		'C',		TRUE	},
-	{ "HoldExpensive",		'c',		FALSE	},
-	{ "AutoRebuildAliases",		'D',		FALSE	},
-	{ "DeliveryMode",		'd',		TRUE	},
-	{ "ErrorHeader",		'E',		FALSE	},
-	{ "ErrorMode",			'e',		TRUE	},
-	{ "TempFileMode",		'F',		FALSE	},
-	{ "SaveFromLine",		'f',		FALSE	},
-	{ "MatchGECOS",			'G',		FALSE	},
-	{ "HelpFile",			'H',		FALSE	},
-	{ "MaxHopCount",		'h',		FALSE	},
-	{ "ResolverOptions",		'I',		FALSE	},
-	{ "IgnoreDots",			'i',		TRUE	},
-	{ "ForwardPath",		'J',		FALSE	},
-	{ "SendMimeErrors",		'j',		TRUE	},
-	{ "ConnectionCacheSize",	'k',		FALSE	},
-	{ "ConnectionCacheTimeout",	'K',		FALSE	},
-	{ "UseErrorsTo",		'l',		FALSE	},
-	{ "LogLevel",			'L',		TRUE	},
-	{ "MeToo",			'm',		TRUE	},
-	{ "CheckAliases",		'n',		FALSE	},
-	{ "OldStyleHeaders",		'o',		TRUE	},
-	{ "DaemonPortOptions",		'O',		FALSE	},
-	{ "PrivacyOptions",		'p',		TRUE	},
-	{ "PostmasterCopy",		'P',		FALSE	},
-	{ "QueueFactor",		'q',		FALSE	},
-	{ "QueueDirectory",		'Q',		FALSE	},
-	{ "DontPruneRoutes",		'R',		FALSE	},
-	{ "Timeout",			'r',		FALSE	},
-	{ "StatusFile",			'S',		FALSE	},
-	{ "SuperSafe",			's',		TRUE	},
-	{ "QueueTimeout",		'T',		FALSE	},
-	{ "TimeZoneSpec",		't',		FALSE	},
-	{ "UserDatabaseSpec",		'U',		FALSE	},
-	{ "DefaultUser",		'u',		FALSE	},
-	{ "FallbackMXhost",		'V',		FALSE	},
-	{ "Verbose",			'v',		TRUE	},
-	{ "TryNullMXList",		'w',		FALSE	},
-	{ "QueueLA",			'x',		FALSE	},
-	{ "RefuseLA",			'X',		FALSE	},
-	{ "RecipientFactor",		'y',		FALSE	},
-	{ "ForkEachJob",		'Y',		FALSE	},
-	{ "ClassFactor",		'z',		FALSE	},
-	{ "RetryFactor",		'Z',		FALSE	},
+	{ "EightBitMode",		'8',		OI_SAFE	},
+#endif /* MIME8TO7 */
+	{ "AliasFile",			'A',		OI_NONE	},
+	{ "AliasWait",			'a',		OI_NONE	},
+	{ "BlankSub",			'B',		OI_NONE	},
+	{ "MinFreeBlocks",		'b',		OI_SAFE	},
+	{ "CheckpointInterval",		'C',		OI_SAFE	},
+	{ "HoldExpensive",		'c',		OI_NONE	},
+#if !_FFR_REMOVE_AUTOREBUILD
+	{ "AutoRebuildAliases",		'D',		OI_NONE	},
+#endif /* !_FFR_REMOVE_AUTOREBUILD */
+	{ "DeliveryMode",		'd',		OI_SAFE	},
+	{ "ErrorHeader",		'E',		OI_NONE	},
+	{ "ErrorMode",			'e',		OI_SAFE	},
+	{ "TempFileMode",		'F',		OI_NONE	},
+	{ "SaveFromLine",		'f',		OI_NONE	},
+	{ "MatchGECOS",			'G',		OI_NONE	},
+	{ "HelpFile",			'H',		OI_NONE	},
+	{ "MaxHopCount",		'h',		OI_NONE	},
+	{ "ResolverOptions",		'I',		OI_NONE	},
+	{ "IgnoreDots",			'i',		OI_SAFE	},
+	{ "ForwardPath",		'J',		OI_NONE	},
+	{ "SendMimeErrors",		'j',		OI_SAFE	},
+	{ "ConnectionCacheSize",	'k',		OI_NONE	},
+	{ "ConnectionCacheTimeout",	'K',		OI_NONE	},
+	{ "UseErrorsTo",		'l',		OI_NONE	},
+	{ "LogLevel",			'L',		OI_SAFE	},
+	{ "MeToo",			'm',		OI_SAFE	},
+	{ "CheckAliases",		'n',		OI_NONE	},
+	{ "OldStyleHeaders",		'o',		OI_SAFE	},
+	{ "DaemonPortOptions",		'O',		OI_NONE	},
+	{ "PrivacyOptions",		'p',		OI_SAFE	},
+	{ "PostmasterCopy",		'P',		OI_NONE	},
+	{ "QueueFactor",		'q',		OI_NONE	},
+	{ "QueueDirectory",		'Q',		OI_NONE	},
+	{ "DontPruneRoutes",		'R',		OI_NONE	},
+	{ "Timeout",			'r',		OI_SUBOPT },
+	{ "StatusFile",			'S',		OI_NONE	},
+	{ "SuperSafe",			's',		OI_SAFE	},
+	{ "QueueTimeout",		'T',		OI_NONE	},
+	{ "TimeZoneSpec",		't',		OI_NONE	},
+	{ "UserDatabaseSpec",		'U',		OI_NONE	},
+	{ "DefaultUser",		'u',		OI_NONE	},
+	{ "FallbackMXhost",		'V',		OI_NONE	},
+	{ "Verbose",			'v',		OI_SAFE	},
+	{ "TryNullMXList",		'w',		OI_NONE	},
+	{ "QueueLA",			'x',		OI_NONE	},
+	{ "RefuseLA",			'X',		OI_NONE	},
+	{ "RecipientFactor",		'y',		OI_NONE	},
+	{ "ForkEachJob",		'Y',		OI_NONE	},
+	{ "ClassFactor",		'z',		OI_NONE	},
+	{ "RetryFactor",		'Z',		OI_NONE	},
 #define O_QUEUESORTORD	0x81
-	{ "QueueSortOrder",		O_QUEUESORTORD,	TRUE	},
+	{ "QueueSortOrder",		O_QUEUESORTORD,	OI_SAFE	},
 #define O_HOSTSFILE	0x82
-	{ "HostsFile",			O_HOSTSFILE,	FALSE	},
+	{ "HostsFile",			O_HOSTSFILE,	OI_NONE	},
 #define O_MQA		0x83
-	{ "MinQueueAge",		O_MQA,		TRUE	},
+	{ "MinQueueAge",		O_MQA,		OI_SAFE	},
 #define O_DEFCHARSET	0x85
-	{ "DefaultCharSet",		O_DEFCHARSET,	TRUE	},
+	{ "DefaultCharSet",		O_DEFCHARSET,	OI_SAFE	},
 #define O_SSFILE	0x86
-	{ "ServiceSwitchFile",		O_SSFILE,	FALSE	},
+	{ "ServiceSwitchFile",		O_SSFILE,	OI_NONE	},
 #define O_DIALDELAY	0x87
-	{ "DialDelay",			O_DIALDELAY,	TRUE	},
+	{ "DialDelay",			O_DIALDELAY,	OI_SAFE	},
 #define O_NORCPTACTION	0x88
-	{ "NoRecipientAction",		O_NORCPTACTION,	TRUE	},
+	{ "NoRecipientAction",		O_NORCPTACTION,	OI_SAFE	},
 #define O_SAFEFILEENV	0x89
-	{ "SafeFileEnvironment",	O_SAFEFILEENV,	FALSE	},
+	{ "SafeFileEnvironment",	O_SAFEFILEENV,	OI_NONE	},
 #define O_MAXMSGSIZE	0x8a
-	{ "MaxMessageSize",		O_MAXMSGSIZE,	FALSE	},
+	{ "MaxMessageSize",		O_MAXMSGSIZE,	OI_NONE	},
 #define O_COLONOKINADDR	0x8b
-	{ "ColonOkInAddr",		O_COLONOKINADDR, TRUE	},
+	{ "ColonOkInAddr",		O_COLONOKINADDR, OI_SAFE },
 #define O_MAXQUEUERUN	0x8c
-	{ "MaxQueueRunSize",		O_MAXQUEUERUN,	TRUE	},
+	{ "MaxQueueRunSize",		O_MAXQUEUERUN,	OI_SAFE	},
 #define O_MAXCHILDREN	0x8d
-	{ "MaxDaemonChildren",		O_MAXCHILDREN,	FALSE	},
+	{ "MaxDaemonChildren",		O_MAXCHILDREN,	OI_NONE	},
 #define O_KEEPCNAMES	0x8e
-	{ "DontExpandCnames",		O_KEEPCNAMES,	FALSE	},
+	{ "DontExpandCnames",		O_KEEPCNAMES,	OI_NONE	},
 #define O_MUSTQUOTE	0x8f
-	{ "MustQuoteChars",		O_MUSTQUOTE,	FALSE	},
+	{ "MustQuoteChars",		O_MUSTQUOTE,	OI_NONE	},
 #define O_SMTPGREETING	0x90
-	{ "SmtpGreetingMessage",	O_SMTPGREETING,	FALSE	},
+	{ "SmtpGreetingMessage",	O_SMTPGREETING,	OI_NONE	},
 #define O_UNIXFROM	0x91
-	{ "UnixFromLine",		O_UNIXFROM,	FALSE	},
+	{ "UnixFromLine",		O_UNIXFROM,	OI_NONE	},
 #define O_OPCHARS	0x92
-	{ "OperatorChars",		O_OPCHARS,	FALSE	},
+	{ "OperatorChars",		O_OPCHARS,	OI_NONE	},
 #define O_DONTINITGRPS	0x93
-	{ "DontInitGroups",		O_DONTINITGRPS,	FALSE	},
+	{ "DontInitGroups",		O_DONTINITGRPS,	OI_NONE	},
 #define O_SLFH		0x94
-	{ "SingleLineFromHeader",	O_SLFH,		TRUE	},
+	{ "SingleLineFromHeader",	O_SLFH,		OI_SAFE	},
 #define O_ABH		0x95
-	{ "AllowBogusHELO",		O_ABH,		TRUE	},
+	{ "AllowBogusHELO",		O_ABH,		OI_SAFE	},
 #define O_CONNTHROT	0x97
-	{ "ConnectionRateThrottle",	O_CONNTHROT,	FALSE	},
+	{ "ConnectionRateThrottle",	O_CONNTHROT,	OI_NONE	},
 #define O_UGW		0x99
-	{ "UnsafeGroupWrites",		O_UGW,		FALSE	},
+	{ "UnsafeGroupWrites",		O_UGW,		OI_NONE	},
 #define O_DBLBOUNCE	0x9a
-	{ "DoubleBounceAddress",	O_DBLBOUNCE,	FALSE	},
+	{ "DoubleBounceAddress",	O_DBLBOUNCE,	OI_NONE	},
 #define O_HSDIR		0x9b
-	{ "HostStatusDirectory",	O_HSDIR,	FALSE	},
+	{ "HostStatusDirectory",	O_HSDIR,	OI_NONE	},
 #define O_SINGTHREAD	0x9c
-	{ "SingleThreadDelivery",	O_SINGTHREAD,	FALSE	},
+	{ "SingleThreadDelivery",	O_SINGTHREAD,	OI_NONE	},
 #define O_RUNASUSER	0x9d
-	{ "RunAsUser",			O_RUNASUSER,	FALSE	},
-#if _FFR_DSN_RRT_OPTION
+	{ "RunAsUser",			O_RUNASUSER,	OI_NONE	},
 #define O_DSN_RRT	0x9e
-	{ "RrtImpliesDsn",		O_DSN_RRT,	FALSE	},
-#endif
-#if _FFR_PIDFILE_OPTION
+	{ "RrtImpliesDsn",		O_DSN_RRT,	OI_NONE	},
 #define O_PIDFILE	0x9f
-	{ "PidFile",			O_PIDFILE,	FALSE	},
-#endif
+	{ "PidFile",			O_PIDFILE,	OI_NONE	},
 #define O_DONTBLAMESENDMAIL	0xa0
-	{ "DontBlameSendmail",		O_DONTBLAMESENDMAIL,	FALSE	},
+	{ "DontBlameSendmail",		O_DONTBLAMESENDMAIL,	OI_NONE	},
 #define O_DPI		0xa1
-	{ "DontProbeInterfaces",	O_DPI,		FALSE	},
+	{ "DontProbeInterfaces",	O_DPI,		OI_NONE	},
 #define O_MAXRCPT	0xa2
-	{ "MaxRecipientsPerMessage",	O_MAXRCPT,	FALSE	},
-#if _FFR_DEADLETTERDROP_OPTION
+	{ "MaxRecipientsPerMessage",	O_MAXRCPT,	OI_SAFE	},
 #define O_DEADLETTER	0xa3
-	{ "DeadLetterDrop",		O_DEADLETTER,	FALSE	},
-#endif
+	{ "DeadLetterDrop",		O_DEADLETTER,	OI_NONE	},
 #if _FFR_DONTLOCKFILESFORREAD_OPTION
-#define O_DONTLOCK	0xa4
-	{ "DontLockFilesForRead",	O_DONTLOCK,	FALSE	},
-#endif
-#if _FFR_MAXALIASRECURSION_OPTION
+# define O_DONTLOCK	0xa4
+	{ "DontLockFilesForRead",	O_DONTLOCK,	OI_NONE	},
+#endif /* _FFR_DONTLOCKFILESFORREAD_OPTION */
 #define O_MAXALIASRCSN	0xa5
-	{ "MaxAliasRecursion",		O_MAXALIASRCSN,	FALSE	},
-#endif
-#if _FFR_CONNECTONLYTO_OPTION
+	{ "MaxAliasRecursion",		O_MAXALIASRCSN,	OI_NONE	},
 #define O_CNCTONLYTO	0xa6
-	{ "ConnectOnlyTo",		O_CNCTONLYTO,	FALSE	},
-#endif
-#if _FFR_TRUSTED_USER
+	{ "ConnectOnlyTo",		O_CNCTONLYTO,	OI_NONE	},
 #define O_TRUSTUSER	0xa7
-	{ "TrustedUser",		O_TRUSTUSER,	FALSE	},
-#endif
-#if _FFR_MAX_MIME_HEADER_LENGTH
+	{ "TrustedUser",		O_TRUSTUSER,	OI_NONE	},
 #define O_MAXMIMEHDRLEN	0xa8
-	{ "MaxMimeHeaderLength",	O_MAXMIMEHDRLEN,	FALSE	},
-#endif
-#if _FFR_CONTROL_SOCKET
+	{ "MaxMimeHeaderLength",	O_MAXMIMEHDRLEN,	OI_NONE	},
 #define O_CONTROLSOCKET	0xa9
-	{ "ControlSocketName",		O_CONTROLSOCKET,	FALSE	},
-#endif
-#if _FFR_MAX_HEADERS_LENGTH
+	{ "ControlSocketName",		O_CONTROLSOCKET,	OI_NONE	},
 #define O_MAXHDRSLEN	0xaa
-	{ "MaxHeadersLength",		O_MAXHDRSLEN,	FALSE	},
-#endif
-	{ NULL,				'\0',		FALSE	}
+	{ "MaxHeadersLength",		O_MAXHDRSLEN,	OI_NONE	},
+#if _FFR_MAX_FORWARD_ENTRIES
+# define O_MAXFORWARD	0xab
+	{ "MaxForwardEntries",		O_MAXFORWARD,	OI_NONE	},
+#endif /* _FFR_MAX_FORWARD_ENTRIES */
+#define O_PROCTITLEPREFIX	0xac
+	{ "ProcessTitlePrefix",		O_PROCTITLEPREFIX,	OI_NONE	},
+#define O_SASLINFO	0xad
+#if _FFR_ALLOW_SASLINFO
+	{ "DefaultAuthInfo",		O_SASLINFO,	OI_SAFE	},
+#else /* _FFR_ALLOW_SASLINFO */
+	{ "DefaultAuthInfo",		O_SASLINFO,	OI_NONE	},
+#endif /* _FFR_ALLOW_SASLINFO */
+#define O_SASLMECH	0xae
+	{ "AuthMechanisms",		O_SASLMECH,	OI_NONE	},
+#define O_CLIENTPORT	0xaf
+	{ "ClientPortOptions",		O_CLIENTPORT,	OI_NONE	},
+#define O_DF_BUFSIZE	0xb0
+	{ "DataFileBufferSize",		O_DF_BUFSIZE,	OI_NONE	},
+#define O_XF_BUFSIZE	0xb1
+	{ "XscriptFileBufferSize",	O_XF_BUFSIZE,	OI_NONE	},
+# define O_LDAPDEFAULTSPEC	0xb2
+	{ "LDAPDefaultSpec",		O_LDAPDEFAULTSPEC,	OI_NONE	},
+#if _FFR_QUEUEDELAY
+#define O_QUEUEDELAY	0xb3
+	{ "QueueDelay",			O_QUEUEDELAY,	OI_NONE	},
+#endif /* _FFR_QUEUEDELAY */
+# define O_SRVCERTFILE	0xb4
+	{ "ServerCertFile",		O_SRVCERTFILE,	OI_NONE	},
+# define O_SRVKEYFILE	0xb5
+	{ "Serverkeyfile",		O_SRVKEYFILE,	OI_NONE	},
+# define O_CLTCERTFILE	0xb6
+	{ "ClientCertFile",		O_CLTCERTFILE,	OI_NONE	},
+# define O_CLTKEYFILE	0xb7
+	{ "Clientkeyfile",		O_CLTKEYFILE,	OI_NONE	},
+# define O_CACERTFILE	0xb8
+	{ "CACERTFile",			O_CACERTFILE,	OI_NONE	},
+# define O_CACERTPATH	0xb9
+	{ "CACERTPath",			O_CACERTPATH,	OI_NONE	},
+# define O_DHPARAMS	0xba
+	{ "DHParameters",		O_DHPARAMS,	OI_NONE	},
+#if _FFR_MILTER
+#define O_INPUTMILTER	0xbb
+	{ "InputMailFilters",		O_INPUTMILTER,	OI_NONE	},
+#define O_MILTER	0xbc
+	{ "Milter",			O_MILTER,	OI_SUBOPT	},
+#endif /* _FFR_MILTER */
+#define O_SASLOPTS	0xbd
+	{ "AuthOptions",		O_SASLOPTS,	OI_NONE	},
+#if _FFR_QUEUE_FILE_MODE
+#define O_QUEUE_FILE_MODE	0xbe
+	{ "QueueFileMode",		O_QUEUE_FILE_MODE, OI_NONE	},
+#endif /* _FFR_QUEUE_FILE_MODE */
+# if _FFR_TLS_1
+# define O_DHPARAMS5	0xbf
+	{ "DHParameters512",		O_DHPARAMS5,	OI_NONE	},
+# define O_CIPHERLIST	0xc0
+	{ "CipherList",			O_CIPHERLIST,	OI_NONE	},
+# endif /* _FFR_TLS_1 */
+# define O_RANDFILE	0xc1
+	{ "RandFile",			O_RANDFILE,	OI_NONE	},
+	{ NULL,				'\0',		OI_NONE	}
 };
 
-
-
 void
 setoption(opt, val, safe, sticky, e)
 	int opt;
@@ -1551,15 +1727,10 @@ setoption(opt, val, safe, sticky, e)
 	bool can_setuid = RunAsUid == 0;
 	auto char *ep;
 	char buf[50];
-	extern bool atobool __P((char *));
-	extern time_t convtime __P((char *, char));
-	extern int QueueLA;
-	extern int RefuseLA;
 	extern bool Warn_Q_option;
-	extern void setalias __P((char *));
-	extern int atooct __P((char *));
-	extern void setdefuser __P((void));
-	extern void setdaemonoptions __P((char *));
+#if _FFR_ALLOW_SASLINFO
+	extern int SubmitMode;
+#endif /* _FFR_ALLOW_SASLINFO */
 
 	errno = 0;
 	if (opt == ' ')
@@ -1636,13 +1807,23 @@ setoption(opt, val, safe, sticky, e)
 		subopt = NULL;
 	}
 
+	if (subopt != NULL && !bitset(OI_SUBOPT, o->o_flags))
+	{
+		if (tTd(37, 1))
+			dprintf("setoption: %s does not support suboptions, ignoring .%s\n",
+				o->o_name == NULL ? "<unknown>" : o->o_name,
+				subopt);
+		subopt = NULL;
+	}
+
 	if (tTd(37, 1))
 	{
-		printf(isascii(opt) && isprint(opt) ?
-			    "setoption %s (%c).%s=" :
-			    "setoption %s (0x%x).%s=",
+		dprintf(isascii(opt) && isprint(opt) ?
+			"setoption %s (%c)%s%s=" :
+			"setoption %s (0x%x)%s%s=",
 			o->o_name == NULL ? "<unknown>" : o->o_name,
 			opt,
+			subopt == NULL ? "" : ".",
 			subopt == NULL ? "" : subopt);
 		xputs(val);
 	}
@@ -1654,7 +1835,7 @@ setoption(opt, val, safe, sticky, e)
 	if (!sticky && bitnset(opt, StickyOpt))
 	{
 		if (tTd(37, 1))
-			printf(" (ignored)\n");
+			dprintf(" (ignored)\n");
 		return;
 	}
 
@@ -1664,17 +1845,20 @@ setoption(opt, val, safe, sticky, e)
 
 	if (!safe && RealUid == 0)
 		safe = TRUE;
-	if (!safe && !o->o_safe)
+	if (!safe && !bitset(OI_SAFE, o->o_flags))
 	{
 		if (opt != 'M' || (val[0] != 'r' && val[0] != 's'))
 		{
+			int dp;
+
 			if (tTd(37, 1))
-				printf(" (unsafe)");
-			(void) drop_privileges(TRUE);
+				dprintf(" (unsafe)");
+			dp = drop_privileges(TRUE);
+			setstat(dp);
 		}
 	}
 	if (tTd(37, 1))
-		printf("\n");
+		dprintf("\n");
 
 	switch (opt & 0xff)
 	{
@@ -1698,7 +1882,7 @@ setoption(opt, val, safe, sticky, e)
 			MimeMode = MM_CVTMIME;
 			break;
 
-#if 0
+# if 0
 		  case 'r':		/* reject 8-bit, don't convert MIME */
 			MimeMode = 0;
 			break;
@@ -1714,14 +1898,14 @@ setoption(opt, val, safe, sticky, e)
 		  case 'c':		/* convert 8 bit to MIME, never 7 bit */
 			MimeMode = MM_MIME8BIT;
 			break;
-#endif
+# endif /* 0 */
 
 		  default:
 			syserr("Unknown 8-bit mode %c", *val);
 			finis(FALSE, EX_USAGE);
 		}
 		break;
-#endif
+#endif /* MIME8TO7 */
 
 	  case 'A':		/* set default alias file */
 		if (val[0] == '\0')
@@ -1765,33 +1949,32 @@ setoption(opt, val, safe, sticky, e)
 		switch (*val)
 		{
 		  case '\0':
-			e->e_sendmode = SM_DELIVER;
+			set_delivery_mode(SM_DELIVER, e);
 			break;
 
 		  case SM_QUEUE:	/* queue only */
 		  case SM_DEFER:	/* queue only and defer map lookups */
 #if !QUEUE
 			syserr("need QUEUE to set -odqueue or -oddefer");
-#endif /* QUEUE */
-			/* fall through..... */
+#endif /* !QUEUE */
+			/* FALLTHROUGH */
 
 		  case SM_DELIVER:	/* do everything */
 		  case SM_FORK:		/* fork after verification */
-			e->e_sendmode = *val;
+			set_delivery_mode(*val, e);
 			break;
 
 		  default:
 			syserr("Unknown delivery mode %c", *val);
 			finis(FALSE, EX_USAGE);
 		}
-		buf[0] = (char)e->e_sendmode;
-		buf[1] = '\0';
-		define(macid("{deliveryMode}", NULL), newstr(buf), e);
 		break;
 
+#if !_FFR_REMOVE_AUTOREBUILD
 	  case 'D':		/* rebuild alias database as needed */
 		AutoRebuild = atobool(val);
 		break;
+#endif /* !_FFR_REMOVE_AUTOREBUILD */
 
 	  case 'E':		/* error message header/header file */
 		if (*val != '\0')
@@ -1843,7 +2026,7 @@ setoption(opt, val, safe, sticky, e)
 
 	  case 'H':		/* help file */
 		if (val[0] == '\0')
-			HelpFile = "sendmail.hf";
+			HelpFile = "helpfile";
 		else
 			HelpFile = newstr(val);
 		break;
@@ -1893,11 +2076,11 @@ setoption(opt, val, safe, sticky, e)
 				_res.options |= rfp->rf_bits;
 		}
 		if (tTd(8, 2))
-			printf("_res.options = %x, HasWildcardMX = %d\n",
+			dprintf("_res.options = %x, HasWildcardMX = %d\n",
 				(u_int) _res.options, HasWildcardMX);
-#else
+#else /* NAMED_BIND */
 		usrerr("name server (I option) specified but BIND not compiled in");
-#endif
+#endif /* NAMED_BIND */
 		break;
 
 	  case 'i':		/* ignore dot lines in message */
@@ -1952,10 +2135,13 @@ setoption(opt, val, safe, sticky, e)
 
 	  case 'O':		/* daemon options */
 #if DAEMON
-		setdaemonoptions(val);
-#else
+		if (!setdaemonoptions(val))
+		{
+			syserr("too many daemons defined (%d max)", MAXDAEMONS);
+		}
+#else /* DAEMON */
 		syserr("DaemonPortOptions (O option) set but DAEMON not compiled in");
-#endif
+#endif /* DAEMON */
 		break;
 
 	  case 'o':		/* assume old style headers */
@@ -2017,14 +2203,14 @@ setoption(opt, val, safe, sticky, e)
 
 	  case 'r':		/* read timeout */
 		if (subopt == NULL)
-			inittimeouts(val);
+			inittimeouts(val, sticky);
 		else
-			settimeout(subopt, val);
+			settimeout(subopt, val, sticky);
 		break;
 
 	  case 'S':		/* status file */
 		if (val[0] == '\0')
-			StatFile = "sendmail.st";
+			StatFile = "statistics";
 		else
 			StatFile = newstr(val);
 		break;
@@ -2038,9 +2224,9 @@ setoption(opt, val, safe, sticky, e)
 		if (p != NULL)
 		{
 			*p++ = '\0';
-			settimeout("queuewarn", p);
+			settimeout("queuewarn", p, sticky);
 		}
-		settimeout("queuereturn", val);
+		settimeout("queuereturn", val, sticky);
 		break;
 
 	  case 't':		/* time zone name */
@@ -2087,7 +2273,7 @@ setoption(opt, val, safe, sticky, e)
 			syserr("readcf: option u: uid value (%ld) > UID_MAX (%ld); ignored",
 				DefUid, UID_MAX);
 		}
-#endif
+#endif /* UID_MAX */
 
 		/* handle the group if it is there */
 		if (*p == '\0')
@@ -2134,22 +2320,28 @@ setoption(opt, val, safe, sticky, e)
 		WkTimeFact = atoi(val);
 		break;
 
+
 	  case O_QUEUESORTORD:	/* queue sorting order */
 		switch (*val)
 		{
 		  case 'h':	/* Host first */
 		  case 'H':
-			QueueSortOrder = QS_BYHOST;
+			QueueSortOrder = QSO_BYHOST;
 			break;
 
 		  case 'p':	/* Priority order */
 		  case 'P':
-			QueueSortOrder = QS_BYPRIORITY;
+			QueueSortOrder = QSO_BYPRIORITY;
 			break;
 
 		  case 't':	/* Submission time */
 		  case 'T':
-			QueueSortOrder = QS_BYTIME;
+			QueueSortOrder = QSO_BYTIME;
+			break;
+
+		  case 'f':	/* File Name */
+		  case 'F':
+			QueueSortOrder = QSO_BYFILENAME;
 			break;
 
 		  default:
@@ -2157,6 +2349,43 @@ setoption(opt, val, safe, sticky, e)
 		}
 		break;
 
+#if _FFR_QUEUEDELAY
+	  case O_QUEUEDELAY:	/* queue delay algorithm */
+		switch (*val)
+		{
+		  case 'e':	/* exponential */
+		  case 'E':
+			QueueAlg = QD_EXP;
+			QueueInitDelay = 10 MINUTES;
+			QueueMaxDelay = 2 HOURS;
+			p = strchr(val, '/');
+			if (p != NULL)
+			{
+				char *q;
+
+				*p++ = '\0';
+				q = strchr(p, '/');
+				if (q != NULL)
+					*q++ = '\0';
+				QueueInitDelay = convtime(p, 's');
+				if (q != NULL)
+				{
+					QueueMaxDelay = convtime(q, 's');
+				}
+			}
+			break;
+
+		  case 'l':	/* linear */
+		  case 'L':
+			QueueAlg = QD_LINEAR;
+			break;
+
+		  default:
+			syserr("Invalid queue delay algorithm \"%s\"", val);
+		}
+		break;
+#endif /* _FFR_QUEUEDELAY */
+
 	  case O_HOSTSFILE:	/* pathname of /etc/hosts file */
 		HostsFile = newstr(val);
 		break;
@@ -2212,14 +2441,22 @@ setoption(opt, val, safe, sticky, e)
 		MaxChildren = atoi(val);
 		break;
 
+#if _FFR_MAX_FORWARD_ENTRIES
+	  case O_MAXFORWARD:	/* max # of forward entries */
+		MaxForwardEntries = atoi(val);
+		break;
+#endif /* _FFR_MAX_FORWARD_ENTRIES */
+
 	  case O_KEEPCNAMES:	/* don't expand CNAME records */
 		DontExpandCnames = atobool(val);
 		break;
 
 	  case O_MUSTQUOTE:	/* must quote these characters in phrases */
-		strcpy(buf, "@,;:\\()[]");
+		(void) strlcpy(buf, "@,;:\\()[]", sizeof buf);
 		if (strlen(val) < (SIZE_T) sizeof buf - 10)
-			strcat(buf, val);
+			(void) strlcat(buf, val, sizeof buf);
+		else
+			printf("Warning: MustQuoteChars too long, ignored.\n");
 		MustQuoteChars = newstr(buf);
 		break;
 
@@ -2232,6 +2469,8 @@ setoption(opt, val, safe, sticky, e)
 		break;
 
 	  case O_OPCHARS:	/* operator characters (old $o macro) */
+		if (OperatorChars != NULL)
+			printf("Warning: OperatorChars is being redefined.\n         It should only be set before ruleset definitions.\n");
 		OperatorChars = newstr(munchstring(val, NULL, '\0'));
 		break;
 
@@ -2253,7 +2492,12 @@ setoption(opt, val, safe, sticky, e)
 
 	  case O_UGW:		/* group writable files are unsafe */
 		if (!atobool(val))
-			DontBlameSendmail |= DBS_GROUPWRITABLEFORWARDFILESAFE|DBS_GROUPWRITABLEINCLUDEFILESAFE;
+		{
+			setbitn(DBS_GROUPWRITABLEFORWARDFILESAFE,
+				DontBlameSendmail);
+			setbitn(DBS_GROUPWRITABLEINCLUDEFILESAFE,
+				DontBlameSendmail);
+		}
 		break;
 
 	  case O_DBLBOUNCE:	/* address to which to send double bounces */
@@ -2307,7 +2551,7 @@ setoption(opt, val, safe, sticky, e)
 			syserr("readcf: option RunAsUser: uid value (%ld) > UID_MAX (%ld); ignored",
 				RunAsUid, UID_MAX);
 		}
-#endif
+#endif /* UID_MAX */
 		if (*p != '\0')
 		{
 			if (isascii(*p) && isdigit(*p))
@@ -2318,7 +2562,7 @@ setoption(opt, val, safe, sticky, e)
 			else
 			{
 				register struct group *gr;
-	
+
 				gr = getgrnam(p);
 				if (gr == NULL)
 					syserr("readcf: option RunAsUser: unknown group %s",
@@ -2328,21 +2572,19 @@ setoption(opt, val, safe, sticky, e)
 			}
 		}
 		if (tTd(47, 5))
-			printf("readcf: RunAsUser = %d:%d\n", (int)RunAsUid, (int)RunAsGid);
+			dprintf("readcf: RunAsUser = %d:%d\n",
+				(int)RunAsUid, (int)RunAsGid);
 		break;
 
-#if _FFR_DSN_RRT_OPTION
 	  case O_DSN_RRT:
 		RrtImpliesDsn = atobool(val);
 		break;
-#endif
 
-#if _FFR_PIDFILE_OPTION
 	  case O_PIDFILE:
-		free(PidFile);
+		if (PidFile != NULL)
+			free(PidFile);
 		PidFile = newstr(val);
 		break;
-#endif
 
 	case O_DONTBLAMESENDMAIL:
 		p = val;
@@ -2370,9 +2612,9 @@ setoption(opt, val, safe, sticky, e)
 			if (dbs->dbs_name == NULL)
 				syserr("readcf: DontBlameSendmail option: %s unrecognized", val);
 			else if (dbs->dbs_flag == DBS_SAFE)
-				DontBlameSendmail = DBS_SAFE;
+				clrbitmap(DontBlameSendmail);
 			else
-				DontBlameSendmail |= dbs->dbs_flag;
+				setbitn(dbs->dbs_flag, DontBlameSendmail);
 		}
 		sticky = FALSE;
 		break;
@@ -2385,35 +2627,45 @@ setoption(opt, val, safe, sticky, e)
 		MaxRcptPerMsg = atoi(val);
 		break;
 
-#if _FFR_DEADLETTERDROP_OPTION
 	  case O_DEADLETTER:
 		if (DeadLetterDrop != NULL)
 			free(DeadLetterDrop);
 		DeadLetterDrop = newstr(val);
 		break;
-#endif
 
 #if _FFR_DONTLOCKFILESFORREAD_OPTION
 	  case O_DONTLOCK:
 		DontLockReadFiles = atobool(val);
 		break;
-#endif
+#endif /* _FFR_DONTLOCKFILESFORREAD_OPTION */
 
-#if _FFR_MAXALIASRECURSION_OPTION
 	  case O_MAXALIASRCSN:
 		MaxAliasRecursion = atoi(val);
 		break;
-#endif
 
-#if _FFR_CONNECTONLYTO_OPTION
 	  case O_CNCTONLYTO:
 		/* XXX should probably use gethostbyname */
-		ConnectOnlyTo = inet_addr(val);
+#if NETINET || NETINET6
+# if NETINET6
+		if (inet_addr(val) == INADDR_NONE)
+		{
+			ConnectOnlyTo.sa.sa_family = AF_INET6;
+			if (inet_pton(AF_INET6, val,
+				      &ConnectOnlyTo.sin6.sin6_addr) != 1)
+				syserr("readcf: option ConnectOnlyTo: invalid IP address %s",
+				       val);
+		}
+		else
+# endif /* NETINET6 */
+		{
+			ConnectOnlyTo.sa.sa_family = AF_INET;
+			ConnectOnlyTo.sin.sin_addr.s_addr = inet_addr(val);
+		}
+#endif /* NETINET || NETINET6 */
 		break;
-#endif
 
-#if _FFR_TRUSTED_USER
 	  case O_TRUSTUSER:
+#if HASFCHOWN
 		if (isascii(*val) && isdigit(*val))
 			TrustedUid = atoi(val);
 		else
@@ -2428,18 +2680,19 @@ setoption(opt, val, safe, sticky, e)
 				TrustedUid = pw->pw_uid;
 		}
 
-#ifdef UID_MAX
+# ifdef UID_MAX
 		if (TrustedUid > UID_MAX)
 		{
 			syserr("readcf: option TrustedUser: uid value (%ld) > UID_MAX (%ld)",
 				TrustedUid, UID_MAX);
 			TrustedUid = 0;
 		}
-#endif
+# endif /* UID_MAX */
+#else /* HASFCHOWN */
+		syserr("readcf: option TrustedUser: can not be used on systems which do not support fchown()");
+#endif /* HASFCHOWN */
 		break;
-#endif
 
-#if _FFR_MAX_MIME_HEADER_LENGTH
 	  case O_MAXMIMEHDRLEN:
 		p = strchr(val, '/');
 		if (p != NULL)
@@ -2460,37 +2713,257 @@ setoption(opt, val, safe, sticky, e)
 		else if (MaxMimeFieldLength < 40)
 			printf("Warning: MaxMimeHeaderLength: field length limit set lower than 40\n");
 		break;
-#endif
 
-#if _FFR_CONTROL_SOCKET
 	  case O_CONTROLSOCKET:
 		if (ControlSocketName != NULL)
 			free(ControlSocketName);
 		ControlSocketName = newstr(val);
 		break;
-#endif
 
-#if _FFR_MAX_HEADERS_LENGTH
 	  case O_MAXHDRSLEN:
 		MaxHeadersLength = atoi(val);
 
 		if (MaxHeadersLength > 0 &&
 		    MaxHeadersLength < (MAXHDRSLEN / 2))
-			printf("Warning: MaxHeadersLength: headers length limit set lower than %d\n", MAXHDRSLEN);
+			printf("Warning: MaxHeadersLength: headers length limit set lower than %d\n", (MAXHDRSLEN / 2));
+		break;
+
+	  case O_PROCTITLEPREFIX:
+		if (ProcTitlePrefix != NULL)
+			free(ProcTitlePrefix);
+		ProcTitlePrefix = newstr(val);
+		break;
+
+#if SASL
+	  case O_SASLINFO:
+#if _FFR_ALLOW_SASLINFO
+		/*
+		**  Allow users to select their own authinfo file.
+		**  However, this is not a "perfect" solution.
+		**  If mail is queued, the authentication info
+		**  will not be used in subsequent delivery attempts.
+		**  If we really want to support this, then it has
+		**  to be stored in the queue file.
+		*/
+		if (!bitset(SUBMIT_MSA, SubmitMode) && RealUid != 0 &&
+		    RunAsUid != RealUid)
+		{
+			errno = 0;
+			syserr("Error: %s only allowed with -U\n",
+				o->o_name == NULL ? "<unknown>" : o->o_name);
+			ExitStat = EX_USAGE;
+			break;
+		}
+#endif /* _FFR_ALLOW_SASLINFO */
+		if (SASLInfo != NULL)
+			free(SASLInfo);
+		SASLInfo = newstr(val);
+		break;
+
+	  case O_SASLMECH:
+		if (AuthMechanisms != NULL)
+			free(AuthMechanisms);
+		if (*val != '\0')
+			AuthMechanisms = newstr(val);
+		else
+			AuthMechanisms = NULL;
+		break;
+
+	  case O_SASLOPTS:
+		while (val != NULL && *val != '\0')
+		{
+			switch(*val)
+			{
+			  case 'A':
+				SASLOpts |= SASL_AUTH_AUTH;
+				break;
+# if _FFR_SASL_OPTS
+			  case 'a':
+				SASLOpts |= SASL_SEC_NOACTIVE;
+				break;
+			  case 'c':
+				SASLOpts |= SASL_SEC_PASS_CREDENTIALS;
+				break;
+			  case 'd':
+				SASLOpts |= SASL_SEC_NODICTIONARY;
+				break;
+			  case 'f':
+				SASLOpts |= SASL_SEC_FORWARD_SECRECY;
+				break;
+			  case 'p':
+				SASLOpts |= SASL_SEC_NOPLAINTEXT;
+				break;
+			  case 'y':
+				SASLOpts |= SASL_SEC_NOANONYMOUS;
+				break;
+# endif /* _FFR_SASL_OPTS */
+			  default:
+				printf("Warning: Option: %s unknown parameter '%c'\n",
+					o->o_name == NULL ? "<unknown>"
+							  : o->o_name,
+					(isascii(*val) && isprint(*val)) ? *val
+									 : '?');
+				break;
+			}
+			++val;
+			val = strpbrk(val, ", \t");
+			if (val != NULL)
+				++val;
+		}
+		break;
+
+#else /* SASL */
+	  case O_SASLINFO:
+	  case O_SASLMECH:
+	  case O_SASLOPTS:
+		printf("Warning: Option: %s requires SASL support (-DSASL)\n",
+			o->o_name == NULL ? "<unknown>" : o->o_name);
+		break;
+#endif /* SASL */
+
+#if STARTTLS
+	  case O_SRVCERTFILE:
+		if (SrvCERTfile != NULL)
+			free(SrvCERTfile);
+		SrvCERTfile = newstr(val);
+		break;
+
+	  case O_SRVKEYFILE:
+		if (Srvkeyfile != NULL)
+			free(Srvkeyfile);
+		Srvkeyfile = newstr(val);
+		break;
+
+	  case O_CLTCERTFILE:
+		if (CltCERTfile != NULL)
+			free(CltCERTfile);
+		CltCERTfile = newstr(val);
+		break;
+
+	  case O_CLTKEYFILE:
+		if (Cltkeyfile != NULL)
+			free(Cltkeyfile);
+		Cltkeyfile = newstr(val);
+		break;
+
+	  case O_CACERTFILE:
+		if (CACERTfile != NULL)
+			free(CACERTfile);
+		CACERTfile = newstr(val);
+		break;
+
+	  case O_CACERTPATH:
+		if (CACERTpath != NULL)
+			free(CACERTpath);
+		CACERTpath = newstr(val);
+		break;
+
+	  case O_DHPARAMS:
+		if (DHParams != NULL)
+			free(DHParams);
+		DHParams = newstr(val);
+		break;
+
+#  if _FFR_TLS_1
+	  case O_DHPARAMS5:
+		if (DHParams5 != NULL)
+			free(DHParams5);
+		DHParams5 = newstr(val);
+		break;
+
+	  case O_CIPHERLIST:
+		if (CipherList != NULL)
+			free(CipherList);
+		CipherList = newstr(val);
+		break;
+#  endif /* _FFR_TLS_1 */
+
+	  case O_RANDFILE:
+		if (RandFile != NULL)
+			free(RandFile);
+		RandFile= newstr(val);
+		break;
+
+# else /* STARTTLS */
+	  case O_SRVCERTFILE:
+	  case O_SRVKEYFILE:
+	  case O_CLTCERTFILE:
+	  case O_CLTKEYFILE:
+	  case O_CACERTFILE:
+	  case O_CACERTPATH:
+	  case O_DHPARAMS:
+#  if _FFR_TLS_1
+	  case O_DHPARAMS5:
+	  case O_CIPHERLIST:
+#  endif /* _FFR_TLS_1 */
+	  case O_RANDFILE:
+		printf("Warning: Option: %s requires TLS support\n",
+			o->o_name == NULL ? "<unknown>" : o->o_name);
+		break;
+
+# endif /* STARTTLS */
+
+	  case O_CLIENTPORT:
+#if DAEMON
+		setclientoptions(val);
+#else /* DAEMON */
+		syserr("ClientPortOptions (O option) set but DAEMON not compiled in");
+#endif /* DAEMON */
+		break;
+
+	  case O_DF_BUFSIZE:
+		DataFileBufferSize = atoi(val);
 		break;
-#endif
+
+	  case O_XF_BUFSIZE:
+		XscriptFileBufferSize = atoi(val);
+		break;
+
+	  case O_LDAPDEFAULTSPEC:
+#ifdef LDAPMAP
+		ldapmap_set_defaults(val);
+#else /* LDAPMAP */
+		printf("Warning: Option: %s requires LDAP support (-DLDAPMAP)\n",
+			o->o_name == NULL ? "<unknown>" : o->o_name);
+#endif /* LDAPMAP */
+		break;
+
+#if _FFR_MILTER
+	  case O_INPUTMILTER:
+		InputFilterList = newstr(val);
+		break;
+
+	  case O_MILTER:
+		milter_set_option(subopt, val, sticky);
+		break;
+#endif /* _FFR_MILTER */
+
+#if _FFR_QUEUE_FILE_MODE
+	  case O_QUEUE_FILE_MODE:	/* queue file mode */
+		QueueFileMode = atooct(val) & 0777;
+		break;
+#endif /* _FFR_QUEUE_FILE_MODE */
 
 	  default:
 		if (tTd(37, 1))
 		{
 			if (isascii(opt) && isprint(opt))
-				printf("Warning: option %c unknown\n", opt);
+				dprintf("Warning: option %c unknown\n", opt);
 			else
-				printf("Warning: option 0x%x unknown\n", opt);
+				dprintf("Warning: option 0x%x unknown\n", opt);
 		}
 		break;
 	}
-	if (sticky)
+
+	/*
+	**  Options with suboptions are responsible for taking care
+	**  of sticky-ness (e.g., that a command line setting is kept
+	**  when reading in the sendmail.cf file).  This has to be done
+	**  when the suboptions are parsed since each suboption must be
+	**  sticky, not the root option.
+	*/
+
+	if (sticky && !bitset(OI_SUBOPT, o->o_flags))
 		setbitn(opt, StickyOpt);
 }
 /*
@@ -2514,10 +2987,28 @@ setclass(class, str)
 {
 	register STAB *s;
 
-	if (tTd(37, 8))
-		printf("setclass(%s, %s)\n", macname(class), str);
-	s = stab(str, ST_CLASS, ST_ENTER);
-	setbitn(class, s->s_class);
+	if ((*str & 0377) == MATCHCLASS)
+	{
+		int mid;
+
+		str++;
+		mid = macid(str, NULL);
+		if (mid == '\0')
+			return;
+
+		if (tTd(37, 8))
+			dprintf("setclass(%s, $=%s)\n",
+				macname(class), macname(mid));
+		copy_class(mid, class);
+	}
+	else
+	{
+		if (tTd(37, 8))
+			dprintf("setclass(%s, %s)\n", macname(class), str);
+
+		s = stab(str, ST_CLASS, ST_ENTER);
+		setbitn(class, s->s_class);
+	}
 }
 /*
 **  MAKEMAPENTRY -- create a map entry
@@ -2589,11 +3080,11 @@ makemapentry(line)
 
 	if (tTd(37, 5))
 	{
-		printf("map %s, class %s, flags %lx, file %s,\n",
+		dprintf("map %s, class %s, flags %lx, file %s,\n",
 			s->s_map.map_mname, s->s_map.map_class->map_cname,
 			s->s_map.map_mflags,
 			s->s_map.map_file == NULL ? "(null)" : s->s_map.map_file);
-		printf("\tapp %s, domain %s, rebuild %s\n",
+		dprintf("\tapp %s, domain %s, rebuild %s\n",
 			s->s_map.map_app == NULL ? "(null)" : s->s_map.map_app,
 			s->s_map.map_domain == NULL ? "(null)" : s->s_map.map_domain,
 			s->s_map.map_rebuild == NULL ? "(null)" : s->s_map.map_rebuild);
@@ -2645,7 +3136,7 @@ strtorwset(p, endp, stabmode)
 	{
 		STAB *s;
 		char delim;
-		char *q;
+		char *q = NULL;
 
 		q = p;
 		while (*p != '\0' && isascii(*p) &&
@@ -2693,7 +3184,7 @@ strtorwset(p, endp, stabmode)
 		{
 			if (endp != NULL)
 				*endp = p;
-			if (s->s_ruleset > 0)
+			if (s->s_ruleset >= 0)
 				ruleset = s->s_ruleset;
 			else if ((ruleset = --nextruleset) < MAXRWSETS / 2)
 			{
@@ -2702,25 +3193,322 @@ strtorwset(p, endp, stabmode)
 				ruleset = -1;
 			}
 		}
-		if (s->s_ruleset > 0 && ruleset >= 0 && ruleset != s->s_ruleset)
+		if (s->s_ruleset >= 0 &&
+		    ruleset >= 0 &&
+		    ruleset != s->s_ruleset)
 		{
 			syserr("%s: ruleset changed value (old %d, new %d)",
 				q, s->s_ruleset, ruleset);
 			ruleset = s->s_ruleset;
 		}
-		else if (ruleset > 0)
+		else if (ruleset >= 0)
 		{
 			s->s_ruleset = ruleset;
 		}
+		if (stabmode == ST_ENTER)
+		{
+			char *h = NULL;
+
+			if (RuleSetNames[ruleset] != NULL)
+				free(RuleSetNames[ruleset]);
+			if (delim != '\0' && (h = strchr(q, delim)) != NULL)
+				*h = '\0';
+			RuleSetNames[ruleset] = newstr(q);
+			if (delim == '/' && h != NULL)
+				*h = delim;	/* put back delim */
+		}
 	}
 	return ruleset;
 }
 /*
+**  SETTIMEOUT -- set an individual timeout
+**
+**	Parameters:
+**		name -- the name of the timeout.
+**		val -- the value of the timeout.
+**		sticky -- if set, don't let other setoptions override
+**			this value.
+**
+**	Returns:
+**		none.
+*/
+
+/* set if Timeout sub-option is stuck */
+static BITMAP256	StickyTimeoutOpt;
+
+static struct timeoutinfo
+{
+	char	*to_name;	/* long name of timeout */
+	u_char	to_code;	/* code for option */
+} TimeOutTab[] =
+{
+#define TO_INITIAL			0x01
+	{ "initial",			TO_INITIAL			},
+#define TO_MAIL				0x02
+	{ "mail",			TO_MAIL				},
+#define TO_RCPT				0x03
+	{ "rcpt",			TO_RCPT				},
+#define TO_DATAINIT			0x04
+	{ "datainit",			TO_DATAINIT			},
+#define TO_DATABLOCK			0x05
+	{ "datablock",			TO_DATABLOCK			},
+#define TO_DATAFINAL			0x06
+	{ "datafinal",			TO_DATAFINAL			},
+#define TO_COMMAND			0x07
+	{ "command",			TO_COMMAND			},
+#define TO_RSET				0x08
+	{ "rset",			TO_RSET				},
+#define TO_HELO				0x09
+	{ "helo",			TO_HELO				},
+#define TO_QUIT				0x0A
+	{ "quit",			TO_QUIT				},
+#define TO_MISC				0x0B
+	{ "misc",			TO_MISC				},
+#define TO_IDENT			0x0C
+	{ "ident",			TO_IDENT			},
+#define TO_FILEOPEN			0x0D
+	{ "fileopen",			TO_FILEOPEN			},
+#define TO_CONNECT			0x0E
+	{ "connect",			TO_CONNECT			},
+#define TO_ICONNECT			0x0F
+	{ "iconnect",			TO_ICONNECT			},
+#define TO_QUEUEWARN			0x10
+	{ "queuewarn",			TO_QUEUEWARN			},
+	{ "queuewarn.*",		TO_QUEUEWARN			},
+#define TO_QUEUEWARN_NORMAL		0x11
+	{ "queuewarn.normal",		TO_QUEUEWARN_NORMAL		},
+#define TO_QUEUEWARN_URGENT		0x12
+	{ "queuewarn.urgent",		TO_QUEUEWARN_URGENT		},
+#define TO_QUEUEWARN_NON_URGENT		0x13
+	{ "queuewarn.non-urgent",	TO_QUEUEWARN_NON_URGENT		},
+#define TO_QUEUERETURN			0x14
+	{ "queuereturn",		TO_QUEUERETURN			},
+	{ "queuereturn.*",		TO_QUEUERETURN			},
+#define TO_QUEUERETURN_NORMAL		0x15
+	{ "queuereturn.normal",		TO_QUEUERETURN_NORMAL		},
+#define TO_QUEUERETURN_URGENT		0x16
+	{ "queuereturn.urgent",		TO_QUEUERETURN_URGENT		},
+#define TO_QUEUERETURN_NON_URGENT	0x17
+	{ "queuereturn.non-urgent",	TO_QUEUERETURN_NON_URGENT	},
+#define TO_HOSTSTATUS			0x18
+	{ "hoststatus",			TO_HOSTSTATUS			},
+#define TO_RESOLVER_RETRANS		0x19
+	{ "resolver.retrans",		TO_RESOLVER_RETRANS		},
+#define TO_RESOLVER_RETRANS_NORMAL	0x1A
+	{ "resolver.retrans.normal",	TO_RESOLVER_RETRANS_NORMAL	},
+#define TO_RESOLVER_RETRANS_FIRST	0x1B
+	{ "resolver.retrans.first",	TO_RESOLVER_RETRANS_FIRST	},
+#define TO_RESOLVER_RETRY		0x1C
+	{ "resolver.retry",		TO_RESOLVER_RETRY		},
+#define TO_RESOLVER_RETRY_NORMAL	0x1D
+	{ "resolver.retry.normal",	TO_RESOLVER_RETRY_NORMAL	},
+#define TO_RESOLVER_RETRY_FIRST		0x1E
+	{ "resolver.retry.first",	TO_RESOLVER_RETRY_FIRST		},
+#define TO_CONTROL			0x1F
+	{ "control",			TO_CONTROL			},
+	{ NULL,				0				},
+};
+
+
+static void
+settimeout(name, val, sticky)
+	char *name;
+	char *val;
+	bool sticky;
+{
+	register struct timeoutinfo *to;
+	int i;
+	time_t toval;
+
+	if (tTd(37, 2))
+		dprintf("settimeout(%s = %s)", name, val);
+
+	for (to = TimeOutTab; to->to_name != NULL; to++)
+	{
+		if (strcasecmp(to->to_name, name) == 0)
+			break;
+	}
+
+	if (to->to_name == NULL)
+		syserr("settimeout: invalid timeout %s", name);
+
+	/*
+	**  See if this option is preset for us.
+	*/
+
+	if (!sticky && bitnset(to->to_code, StickyTimeoutOpt))
+	{
+		if (tTd(37, 2))
+			dprintf(" (ignored)\n");
+		return;
+	}
+
+	if (tTd(37, 2))
+		dprintf("\n");
+
+	toval = convtime(val, 'm');
+
+	switch (to->to_code)
+	{
+	  case TO_INITIAL:
+		TimeOuts.to_initial = toval;
+		break;
+
+	  case TO_MAIL:
+		TimeOuts.to_mail = toval;
+		break;
+
+	  case TO_RCPT:
+		TimeOuts.to_rcpt = toval;
+		break;
+
+	  case TO_DATAINIT:
+		TimeOuts.to_datainit = toval;
+		break;
+
+	  case TO_DATABLOCK:
+		TimeOuts.to_datablock = toval;
+		break;
+
+	  case TO_DATAFINAL:
+		TimeOuts.to_datafinal = toval;
+		break;
+
+	  case TO_COMMAND:
+		TimeOuts.to_nextcommand = toval;
+		break;
+
+	  case TO_RSET:
+		TimeOuts.to_rset = toval;
+		break;
+
+	  case TO_HELO:
+		TimeOuts.to_helo = toval;
+		break;
+
+	  case TO_QUIT:
+		TimeOuts.to_quit = toval;
+		break;
+
+	  case TO_MISC:
+		TimeOuts.to_miscshort = toval;
+		break;
+
+	  case TO_IDENT:
+		TimeOuts.to_ident = toval;
+		break;
+
+	  case TO_FILEOPEN:
+		TimeOuts.to_fileopen = toval;
+		break;
+
+	  case TO_CONNECT:
+		TimeOuts.to_connect = toval;
+		break;
+
+	  case TO_ICONNECT:
+		TimeOuts.to_iconnect = toval;
+		break;
+
+	  case TO_QUEUEWARN:
+		toval = convtime(val, 'h');
+		TimeOuts.to_q_warning[TOC_NORMAL] = toval;
+		TimeOuts.to_q_warning[TOC_URGENT] = toval;
+		TimeOuts.to_q_warning[TOC_NONURGENT] = toval;
+		break;
+
+	  case TO_QUEUEWARN_NORMAL:
+		toval = convtime(val, 'h');
+		TimeOuts.to_q_warning[TOC_NORMAL] = toval;
+		break;
+
+	  case TO_QUEUEWARN_URGENT:
+		toval = convtime(val, 'h');
+		TimeOuts.to_q_warning[TOC_URGENT] = toval;
+		break;
+
+	  case TO_QUEUEWARN_NON_URGENT:
+		toval = convtime(val, 'h');
+		TimeOuts.to_q_warning[TOC_NONURGENT] = toval;
+		break;
+
+	  case TO_QUEUERETURN:
+		toval = convtime(val, 'd');
+		TimeOuts.to_q_return[TOC_NORMAL] = toval;
+		TimeOuts.to_q_return[TOC_URGENT] = toval;
+		TimeOuts.to_q_return[TOC_NONURGENT] = toval;
+		break;
+
+	  case TO_QUEUERETURN_NORMAL:
+		toval = convtime(val, 'd');
+		TimeOuts.to_q_return[TOC_NORMAL] = toval;
+		break;
+
+	  case TO_QUEUERETURN_URGENT:
+		toval = convtime(val, 'd');
+		TimeOuts.to_q_return[TOC_URGENT] = toval;
+		break;
+
+	  case TO_QUEUERETURN_NON_URGENT:
+		toval = convtime(val, 'd');
+		TimeOuts.to_q_return[TOC_NONURGENT] = toval;
+		break;
+
+
+	  case TO_HOSTSTATUS:
+		MciInfoTimeout = toval;
+		break;
+
+	  case TO_RESOLVER_RETRANS:
+		toval = convtime(val, 's');
+		TimeOuts.res_retrans[RES_TO_DEFAULT] = toval;
+		TimeOuts.res_retrans[RES_TO_FIRST] = toval;
+		TimeOuts.res_retrans[RES_TO_NORMAL] = toval;
+		break;
+
+	  case TO_RESOLVER_RETRY:
+		i = atoi(val);
+		TimeOuts.res_retry[RES_TO_DEFAULT] = i;
+		TimeOuts.res_retry[RES_TO_FIRST] = i;
+		TimeOuts.res_retry[RES_TO_NORMAL] = i;
+		break;
+
+	  case TO_RESOLVER_RETRANS_NORMAL:
+		TimeOuts.res_retrans[RES_TO_NORMAL] = convtime(val, 's');
+		break;
+
+	  case TO_RESOLVER_RETRY_NORMAL:
+		TimeOuts.res_retry[RES_TO_NORMAL] = atoi(val);
+		break;
+
+	  case TO_RESOLVER_RETRANS_FIRST:
+		TimeOuts.res_retrans[RES_TO_FIRST] = convtime(val, 's');
+		break;
+
+	  case TO_RESOLVER_RETRY_FIRST:
+		TimeOuts.res_retry[RES_TO_FIRST] = atoi(val);
+		break;
+
+	  case TO_CONTROL:
+		TimeOuts.to_control = toval;
+		break;
+
+	  default:
+		syserr("settimeout: invalid timeout %s", name);
+		break;
+	}
+
+	if (sticky)
+		setbitn(to->to_code, StickyTimeoutOpt);
+}
+/*
 **  INITTIMEOUTS -- parse and set timeout values
 **
 **	Parameters:
 **		val -- a pointer to the values.  If NULL, do initial
 **			settings.
+**		sticky -- if set, don't let other setoptions override
+**			this suboption value.
 **
 **	Returns:
 **		none.
@@ -2729,19 +3517,15 @@ strtorwset(p, endp, stabmode)
 **		Initializes the TimeOuts structure
 */
 
-#define SECONDS
-#define MINUTES	* 60
-#define HOUR	* 3600
-
 void
-inittimeouts(val)
+inittimeouts(val, sticky)
 	register char *val;
+	bool sticky;
 {
 	register char *p;
-	extern time_t convtime __P((char *, char));
 
 	if (tTd(37, 2))
-		printf("inittimeouts(%s)\n", val == NULL ? "<NULL>" : val);
+		dprintf("inittimeouts(%s)\n", val == NULL ? "<NULL>" : val);
 	if (val == NULL)
 	{
 		TimeOuts.to_connect = (time_t) 0 SECONDS;
@@ -2757,28 +3541,30 @@ inittimeouts(val)
 		TimeOuts.to_nextcommand = (time_t) 1 HOUR;
 		TimeOuts.to_miscshort = (time_t) 2 MINUTES;
 #if IDENTPROTO
-		TimeOuts.to_ident = (time_t) 30 SECONDS;
-#else
+		TimeOuts.to_ident = (time_t) 5 SECONDS;
+#else /* IDENTPROTO */
 		TimeOuts.to_ident = (time_t) 0 SECONDS;
-#endif
+#endif /* IDENTPROTO */
 		TimeOuts.to_fileopen = (time_t) 60 SECONDS;
+		TimeOuts.to_control = (time_t) 2 MINUTES;
 		if (tTd(37, 5))
 		{
-			printf("Timeouts:\n");
-			printf("  connect = %ld\n", (long)TimeOuts.to_connect);
-			printf("  initial = %ld\n", (long)TimeOuts.to_initial);
-			printf("  helo = %ld\n", (long)TimeOuts.to_helo);
-			printf("  mail = %ld\n", (long)TimeOuts.to_mail);
-			printf("  rcpt = %ld\n", (long)TimeOuts.to_rcpt);
-			printf("  datainit = %ld\n", (long)TimeOuts.to_datainit);
-			printf("  datablock = %ld\n", (long)TimeOuts.to_datablock);
-			printf("  datafinal = %ld\n", (long)TimeOuts.to_datafinal);
-			printf("  rset = %ld\n", (long)TimeOuts.to_rset);
-			printf("  quit = %ld\n", (long)TimeOuts.to_quit);
-			printf("  nextcommand = %ld\n", (long)TimeOuts.to_nextcommand);
-			printf("  miscshort = %ld\n", (long)TimeOuts.to_miscshort);
-			printf("  ident = %ld\n", (long)TimeOuts.to_ident);
-			printf("  fileopen = %ld\n", (long)TimeOuts.to_fileopen);
+			dprintf("Timeouts:\n");
+			dprintf("  connect = %ld\n", (long)TimeOuts.to_connect);
+			dprintf("  initial = %ld\n", (long)TimeOuts.to_initial);
+			dprintf("  helo = %ld\n", (long)TimeOuts.to_helo);
+			dprintf("  mail = %ld\n", (long)TimeOuts.to_mail);
+			dprintf("  rcpt = %ld\n", (long)TimeOuts.to_rcpt);
+			dprintf("  datainit = %ld\n", (long)TimeOuts.to_datainit);
+			dprintf("  datablock = %ld\n", (long)TimeOuts.to_datablock);
+			dprintf("  datafinal = %ld\n", (long)TimeOuts.to_datafinal);
+			dprintf("  rset = %ld\n", (long)TimeOuts.to_rset);
+			dprintf("  quit = %ld\n", (long)TimeOuts.to_quit);
+			dprintf("  nextcommand = %ld\n", (long)TimeOuts.to_nextcommand);
+			dprintf("  miscshort = %ld\n", (long)TimeOuts.to_miscshort);
+			dprintf("  ident = %ld\n", (long)TimeOuts.to_ident);
+			dprintf("  fileopen = %ld\n", (long)TimeOuts.to_fileopen);
+			dprintf("  control = %ld\n", (long)TimeOuts.to_control);
 		}
 		return;
 	}
@@ -2803,6 +3589,15 @@ inittimeouts(val)
 			TimeOuts.to_datablock = TimeOuts.to_mail;
 			TimeOuts.to_datafinal = TimeOuts.to_mail;
 			TimeOuts.to_nextcommand = TimeOuts.to_mail;
+			if (sticky)
+			{
+				setbitn(TO_MAIL, StickyTimeoutOpt);
+				setbitn(TO_RCPT, StickyTimeoutOpt);
+				setbitn(TO_DATAINIT, StickyTimeoutOpt);
+				setbitn(TO_DATABLOCK, StickyTimeoutOpt);
+				setbitn(TO_DATAFINAL, StickyTimeoutOpt);
+				setbitn(TO_COMMAND, StickyTimeoutOpt);
+			}
 			continue;
 		}
 		else
@@ -2815,106 +3610,7 @@ inittimeouts(val)
 				continue;
 			}
 			*q++ = '\0';
-			settimeout(val, q);
+			settimeout(val, q, sticky);
 		}
 	}
 }
-/*
-**  SETTIMEOUT -- set an individual timeout
-**
-**	Parameters:
-**		name -- the name of the timeout.
-**		val -- the value of the timeout.
-**
-**	Returns:
-**		none.
-*/
-
-void
-settimeout(name, val)
-	char *name;
-	char *val;
-{
-	register char *p;
-	time_t to;
-	extern time_t convtime __P((char *, char));
-
-	if (tTd(37, 2))
-		printf("settimeout(%s = %s)\n", name, val);
-
-	to = convtime(val, 'm');
-	p = strchr(name, '.');
-	if (p != NULL)
-		*p++ = '\0';
-
-	if (strcasecmp(name, "initial") == 0)
-		TimeOuts.to_initial = to;
-	else if (strcasecmp(name, "mail") == 0)
-		TimeOuts.to_mail = to;
-	else if (strcasecmp(name, "rcpt") == 0)
-		TimeOuts.to_rcpt = to;
-	else if (strcasecmp(name, "datainit") == 0)
-		TimeOuts.to_datainit = to;
-	else if (strcasecmp(name, "datablock") == 0)
-		TimeOuts.to_datablock = to;
-	else if (strcasecmp(name, "datafinal") == 0)
-		TimeOuts.to_datafinal = to;
-	else if (strcasecmp(name, "command") == 0)
-		TimeOuts.to_nextcommand = to;
-	else if (strcasecmp(name, "rset") == 0)
-		TimeOuts.to_rset = to;
-	else if (strcasecmp(name, "helo") == 0)
-		TimeOuts.to_helo = to;
-	else if (strcasecmp(name, "quit") == 0)
-		TimeOuts.to_quit = to;
-	else if (strcasecmp(name, "misc") == 0)
-		TimeOuts.to_miscshort = to;
-	else if (strcasecmp(name, "ident") == 0)
-		TimeOuts.to_ident = to;
-	else if (strcasecmp(name, "fileopen") == 0)
-		TimeOuts.to_fileopen = to;
-	else if (strcasecmp(name, "connect") == 0)
-		TimeOuts.to_connect = to;
-	else if (strcasecmp(name, "iconnect") == 0)
-		TimeOuts.to_iconnect = to;
-	else if (strcasecmp(name, "queuewarn") == 0)
-	{
-		to = convtime(val, 'h');
-		if (p == NULL || strcmp(p, "*") == 0)
-		{
-			TimeOuts.to_q_warning[TOC_NORMAL] = to;
-			TimeOuts.to_q_warning[TOC_URGENT] = to;
-			TimeOuts.to_q_warning[TOC_NONURGENT] = to;
-		}
-		else if (strcasecmp(p, "normal") == 0)
-			TimeOuts.to_q_warning[TOC_NORMAL] = to;
-		else if (strcasecmp(p, "urgent") == 0)
-			TimeOuts.to_q_warning[TOC_URGENT] = to;
-		else if (strcasecmp(p, "non-urgent") == 0)
-			TimeOuts.to_q_warning[TOC_NONURGENT] = to;
-		else
-			syserr("settimeout: invalid queuewarn subtimeout %s", p);
-	}
-	else if (strcasecmp(name, "queuereturn") == 0)
-	{
-		to = convtime(val, 'd');
-		if (p == NULL || strcmp(p, "*") == 0)
-		{
-			TimeOuts.to_q_return[TOC_NORMAL] = to;
-			TimeOuts.to_q_return[TOC_URGENT] = to;
-			TimeOuts.to_q_return[TOC_NONURGENT] = to;
-		}
-		else if (strcasecmp(p, "normal") == 0)
-			TimeOuts.to_q_return[TOC_NORMAL] = to;
-		else if (strcasecmp(p, "urgent") == 0)
-			TimeOuts.to_q_return[TOC_URGENT] = to;
-		else if (strcasecmp(p, "non-urgent") == 0)
-			TimeOuts.to_q_return[TOC_NONURGENT] = to;
-		else
-			syserr("settimeout: invalid queuereturn subtimeout %s", p);
-	}
-	else if (strcasecmp(name, "hoststatus") == 0)
-		MciInfoTimeout = convtime(val, 'm');
-	else
-		syserr("settimeout: invalid timeout %s", name);
-}
diff --git a/contrib/sendmail/src/recipient.c b/contrib/sendmail/src/recipient.c
index f7e221f..3d6e632 100644
--- a/contrib/sendmail/src/recipient.c
+++ b/contrib/sendmail/src/recipient.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,11 +12,14 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)recipient.c	8.163 (Berkeley) 1/23/1999";
-#endif /* not lint */
+static char id[] = "@(#)$Id: recipient.c,v 8.231.14.5 2000/06/27 20:15:46 gshapiro Exp $";
+#endif /* ! lint */
 
-# include "sendmail.h"
-# include <grp.h>
+#include <sendmail.h>
+
+
+static void	includetimeout __P((void));
+static ADDRESS	*self_reference __P((ADDRESS *));
 
 /*
 **  SENDTOLIST -- Designate a send list.
@@ -70,7 +74,7 @@ sendtolist(list, ctladdr, sendq, aliaslevel, e)
 
 	if (tTd(25, 1))
 	{
-		printf("sendto: %s\n   ctladdr=", list);
+		dprintf("sendto: %s\n   ctladdr=", list);
 		printaddr(ctladdr, FALSE);
 	}
 
@@ -89,11 +93,17 @@ sendtolist(list, ctladdr, sendq, aliaslevel, e)
 	/* make sure we have enough space to copy the string */
 	i = strlen(list) + 1;
 	if (i <= sizeof buf)
+	{
 		bufp = buf;
+		i = sizeof buf;
+	}
 	else
 		bufp = xalloc(i);
-	strcpy(bufp, denlstring(list, FALSE, TRUE));
+	(void) strlcpy(bufp, denlstring(list, FALSE, TRUE), i);
 
+#if _FFR_ADDR_TYPE
+	define(macid("{addr_type}", NULL), "e r", e);
+#endif /* _FFR_ADDR_TYPE */
 	for (p = bufp; *p != '\0'; )
 	{
 		auto char *delimptr;
@@ -113,37 +123,36 @@ sendtolist(list, ctladdr, sendq, aliaslevel, e)
 		if (ctladdr != NULL)
 		{
 			ADDRESS *b;
-			extern ADDRESS *self_reference __P((ADDRESS *, ENVELOPE *));
 
 			/* self reference test */
 			if (sameaddr(ctladdr, a))
 			{
 				if (tTd(27, 5))
 				{
-					printf("sendtolist: QSELFREF ");
+					dprintf("sendtolist: QSELFREF ");
 					printaddr(ctladdr, FALSE);
 				}
 				ctladdr->q_flags |= QSELFREF;
 			}
 
 			/* check for address loops */
-			b = self_reference(a, e);
+			b = self_reference(a);
 			if (b != NULL)
 			{
 				b->q_flags |= QSELFREF;
 				if (tTd(27, 5))
 				{
-					printf("sendtolist: QSELFREF ");
+					dprintf("sendtolist: QSELFREF ");
 					printaddr(b, FALSE);
 				}
 				if (a != b)
 				{
 					if (tTd(27, 5))
 					{
-						printf("sendtolist: QDONTSEND ");
+						dprintf("sendtolist: QS_DONTSEND ");
 						printaddr(a, FALSE);
 					}
-					a->q_flags |= QDONTSEND;
+					a->q_state = QS_DONTSEND;
 					b->q_flags |= a->q_flags & QNOTREMOTE;
 					continue;
 				}
@@ -177,7 +186,118 @@ sendtolist(list, ctladdr, sendq, aliaslevel, e)
 	e->e_to = oldto;
 	if (bufp != buf)
 		free(bufp);
-	return (naddrs);
+#if _FFR_ADDR_TYPE
+	define(macid("{addr_type}", NULL), NULL, e);
+#endif /* _FFR_ADDR_TYPE */
+	return naddrs;
+}
+/*
+**  REMOVEFROMLIST -- Remove addresses from a send list.
+**
+**	The parameter is a comma-separated list of recipients to remove.
+**	Note that it only deletes matching addresses.  If those addresses
+**	have been expended already in the sendq, it won't mark the
+**	expanded recipients as QS_REMOVED.
+**
+**	Parameters:
+**		list -- the list to remove.
+**		sendq -- a pointer to the head of a queue to remove
+**			these addresses from.
+**		e -- the envelope in which to remove these recipients.
+**
+**	Returns:
+**		The number of addresses removed from the list.
+**
+*/
+
+int
+removefromlist(list, sendq, e)
+	char *list;
+	ADDRESS **sendq;
+	ENVELOPE *e;
+{
+	char delimiter;		/* the address delimiter */
+	int naddrs;
+	int i;
+	char *p;
+	char *oldto = e->e_to;
+	char *bufp;
+	char buf[MAXNAME + 1];
+
+	if (list == NULL)
+	{
+		syserr("removefromlist: null list");
+		return 0;
+	}
+
+	if (tTd(25, 1))
+		dprintf("removefromlist: %s\n", list);
+
+	/* heuristic to determine old versus new style addresses */
+	if (strchr(list, ',') != NULL || strchr(list, ';') != NULL ||
+	    strchr(list, '<') != NULL || strchr(list, '(') != NULL)
+		e->e_flags &= ~EF_OLDSTYLE;
+	delimiter = ' ';
+	if (!bitset(EF_OLDSTYLE, e->e_flags))
+		delimiter = ',';
+
+	naddrs = 0;
+
+	/* make sure we have enough space to copy the string */
+	i = strlen(list) + 1;
+	if (i <= sizeof buf)
+	{
+		bufp = buf;
+		i = sizeof buf;
+	}
+	else
+		bufp = xalloc(i);
+	(void) strlcpy(bufp, denlstring(list, FALSE, TRUE), i);
+
+#if _FFR_ADDR_TYPE
+	define(macid("{addr_type}", NULL), "e r", e);
+#endif /* _FFR_ADDR_TYPE */
+	for (p = bufp; *p != '\0'; )
+	{
+		ADDRESS a;		/* parsed address to be removed */
+		ADDRESS *q;
+		ADDRESS **pq;
+		char *delimptr;
+
+		/* parse the address */
+		while ((isascii(*p) && isspace(*p)) || *p == ',')
+			p++;
+		if (parseaddr(p, &a, RF_COPYALL,
+			      delimiter, &delimptr, e) == NULL)
+		{
+			p = delimptr;
+			continue;
+		}
+		p = delimptr;
+		for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next)
+		{
+			if (!QS_IS_DEAD(q->q_state) &&
+			    sameaddr(q, &a))
+			{
+				if (tTd(25, 5))
+				{
+					dprintf("removefromlist: QS_REMOVED ");
+					printaddr(&a, FALSE);
+				}
+				q->q_state = QS_REMOVED;
+				naddrs++;
+				break;
+			}
+		}
+	}
+
+	e->e_to = oldto;
+	if (bufp != buf)
+		free(bufp);
+#if _FFR_ADDR_TYPE
+	define(macid("{addr_type}", NULL), NULL, e);
+#endif /* _FFR_ADDR_TYPE */
+	return naddrs;
 }
 /*
 **  RECIPIENT -- Designate a message recipient
@@ -187,7 +307,7 @@ sendtolist(list, ctladdr, sendq, aliaslevel, e)
 **	Parameters:
 **		a -- the (preparsed) address header for the recipient.
 **		sendq -- a pointer to the head of a queue to put the
-**			recipient in.  Duplicate supression is done
+**			recipient in.  Duplicate suppression is done
 **			in this queue.
 **		aliaslevel -- the current alias nesting depth.
 **		e -- the current envelope.
@@ -210,14 +330,13 @@ recipient(a, sendq, aliaslevel, e)
 	register ADDRESS *q;
 	ADDRESS **pq;
 	register struct mailer *m;
-	register char *p;
+	register char *p = NULL;
 	bool quoted = FALSE;		/* set if the addr has a quote bit */
 	int findusercount = 0;
-	bool initialdontsend = bitset(QDONTSEND, a->q_flags);
-	int i;
+	bool initialdontsend = QS_IS_DEAD(a->q_state);
+	int i, buflen;
 	char *buf;
 	char buf0[MAXNAME + 1];		/* unquoted image of the user name */
-	extern void alias __P((ADDRESS *, ADDRESS **, int, ENVELOPE *));
 
 	e->e_to = a->q_paddr;
 	m = a->q_mailer;
@@ -226,7 +345,7 @@ recipient(a, sendq, aliaslevel, e)
 		a->q_flags |= QPRIMARY;
 	if (tTd(26, 1))
 	{
-		printf("\nrecipient (%d): ", aliaslevel);
+		dprintf("\nrecipient (%d): ", aliaslevel);
 		printaddr(a, FALSE);
 	}
 
@@ -239,14 +358,70 @@ recipient(a, sendq, aliaslevel, e)
 			e->e_origrcpt = "";
 	}
 
+#if _FFR_GEN_ORCPT
+	/* set ORCPT DSN arg if not already set */
+	if (a->q_orcpt == NULL)
+	{
+		for (q = a; q->q_alias != NULL; q = q->q_alias)
+			continue;
+
+		/* check for an existing ORCPT */
+		if (q->q_orcpt != NULL)
+			a->q_orcpt = q->q_orcpt;
+		else
+		{
+			/* make our own */
+			bool b = FALSE;
+			char *qp;
+			char obuf[MAXLINE];
+
+			if (e->e_from.q_mailer != NULL)
+				p = e->e_from.q_mailer->m_addrtype;
+			if (p == NULL)
+				p = "rfc822";
+			(void) strlcpy(obuf, p, sizeof obuf);
+			(void) strlcat(obuf, ";", sizeof obuf);
+
+			qp = q->q_paddr;
+
+			/* FFR: Needs to strip comments from stdin addrs */
+
+			/* strip brackets from address */
+			if (*qp == '<')
+			{
+				b = qp[strlen(qp) - 1] == '>';
+				if (b)
+					qp[strlen(qp) - 1] = '\0';
+				qp++;
+			}
+
+			p = xtextify(denlstring(qp, TRUE, FALSE), NULL);
+
+			if (strlcat(obuf, p, sizeof obuf) >= sizeof obuf)
+			{
+				/* if too big, don't use it */
+				obuf[0] = '\0';
+			}
+
+			/* undo damage */
+			if (b)
+				qp[strlen(qp)] = '>';
+
+			if (obuf[0] != '\0')
+				a->q_orcpt = newstr(obuf);
+		}
+	}
+#endif /* _FFR_GEN_ORCPT */
+
 	/* break aliasing loops */
 	if (aliaslevel > MaxAliasRecursion)
 	{
-		a->q_flags |= QBADADDR;
+		a->q_state = QS_BADADDR;
 		a->q_status = "5.4.6";
-		usrerr("554 aliasing/forwarding loop broken (%d aliases deep; %d max)",
-			aliaslevel, MaxAliasRecursion);
-		return (a);
+		usrerrenh(a->q_status,
+			  "554 aliasing/forwarding loop broken (%d aliases deep; %d max)",
+			  aliaslevel, MaxAliasRecursion);
+		return a;
 	}
 
 	/*
@@ -256,10 +431,16 @@ recipient(a, sendq, aliaslevel, e)
 	/* get unquoted user for file, program or user.name check */
 	i = strlen(a->q_user);
 	if (i >= sizeof buf0)
-		buf = xalloc(i + 1);
+	{
+		buflen = i + 1;
+		buf = xalloc(buflen);
+	}
 	else
+	{
 		buf = buf0;
-	(void) strcpy(buf, a->q_user);
+		buflen = sizeof buf0;
+	}
+	(void) strlcpy(buf, a->q_user, buflen);
 	for (p = buf; *p != '\0' && !quoted; p++)
 	{
 		if (*p == '\\')
@@ -272,28 +453,32 @@ recipient(a, sendq, aliaslevel, e)
 	{
 		if (a->q_alias == NULL)
 		{
-			a->q_flags |= QBADADDR;
+			a->q_state = QS_BADADDR;
 			a->q_status = "5.7.1";
-			usrerr("550 Cannot mail directly to programs");
+			usrerrenh(a->q_status,
+				  "550 Cannot mail directly to programs");
 		}
 		else if (bitset(QBOGUSSHELL, a->q_alias->q_flags))
 		{
-			a->q_flags |= QBADADDR;
+			a->q_state = QS_BADADDR;
 			a->q_status = "5.7.1";
 			if (a->q_alias->q_ruser == NULL)
-				usrerr("550 UID %d is an unknown user: cannot mail to programs",
-					a->q_alias->q_uid);
+				usrerrenh(a->q_status,
+					  "550 UID %d is an unknown user: cannot mail to programs",
+					  a->q_alias->q_uid);
 			else
-				usrerr("550 User %s@%s doesn't have a valid shell for mailing to programs",
-					a->q_alias->q_ruser, MyHostName);
+				usrerrenh(a->q_status,
+					  "550 User %s@%s doesn't have a valid shell for mailing to programs",
+					  a->q_alias->q_ruser, MyHostName);
 		}
 		else if (bitset(QUNSAFEADDR, a->q_alias->q_flags))
 		{
-			a->q_flags |= QBADADDR;
+			a->q_state = QS_BADADDR;
 			a->q_status = "5.7.1";
-			a->q_rstatus = newstr("Unsafe for mailing to programs");
-			usrerr("550 Address %s is unsafe for mailing to programs",
-				a->q_alias->q_paddr);
+			a->q_rstatus = newstr("550 Unsafe for mailing to programs");
+			usrerrenh(a->q_status,
+				  "550 Address %s is unsafe for mailing to programs",
+				  a->q_alias->q_paddr);
 		}
 	}
 
@@ -302,7 +487,7 @@ recipient(a, sendq, aliaslevel, e)
 	**	If they are there already, return, otherwise continue.
 	**	If the list is empty, just add it.  Notice the cute
 	**	hack to make from addresses suppress things correctly:
-	**	the QDONTSEND bit will be set in the send list.
+	**	the QS_DUPLICATE state will be set in the send list.
 	**	[Please note: the emphasis is on "hack."]
 	*/
 
@@ -314,17 +499,32 @@ recipient(a, sendq, aliaslevel, e)
 		{
 			if (tTd(26, 1))
 			{
-				printf("%s in sendq: ", a->q_paddr);
+				dprintf("%s in sendq: ", a->q_paddr);
 				printaddr(q, FALSE);
 			}
 			if (!bitset(QPRIMARY, q->q_flags))
 			{
-				if (!bitset(QDONTSEND, a->q_flags))
+				if (!QS_IS_DEAD(a->q_state))
 					message("duplicate suppressed");
+				else
+					q->q_state = QS_DUPLICATE;
+				q->q_flags |= a->q_flags;
+			}
+			else if (bitset(QSELFREF, q->q_flags)
+#if _FFR_MILTER
+				 || q->q_state == QS_REMOVED
+#endif /* _FFR_MILTER */
+				 )
+			{
+#if _FFR_MILTER
+				/*
+				**  If an earlier milter removed the address,
+				**  a later one can still add it back.
+				*/
+#endif /* _FFR_MILTER */
+				q->q_state = a->q_state;
 				q->q_flags |= a->q_flags;
 			}
-			else if (bitset(QSELFREF, q->q_flags))
-				q->q_flags |= a->q_flags & ~QDONTSEND;
 			a = q;
 			goto done;
 		}
@@ -344,21 +544,22 @@ recipient(a, sendq, aliaslevel, e)
   trylocaluser:
 	if (tTd(29, 7))
 	{
-		printf("at trylocaluser: ");
+		dprintf("at trylocaluser: ");
 		printaddr(a, FALSE);
 	}
 
-	if (bitset(QDONTSEND|QBADADDR|QVERIFIED, a->q_flags))
+	if (!QS_IS_OK(a->q_state))
 		goto testselfdestruct;
 
 	if (m == InclMailer)
 	{
-		a->q_flags |= QDONTSEND;
+		a->q_state = QS_INCLUDED;
 		if (a->q_alias == NULL)
 		{
-			a->q_flags |= QBADADDR;
+			a->q_state = QS_BADADDR;
 			a->q_status = "5.7.1";
-			usrerr("550 Cannot mail directly to :include:s");
+			usrerrenh(a->q_status,
+				  "550 Cannot mail directly to :include:s");
 		}
 		else
 		{
@@ -370,95 +571,86 @@ recipient(a, sendq, aliaslevel, e)
 			{
 				if (LogLevel > 2)
 					sm_syslog(LOG_ERR, e->e_id,
-						"include %s: transient error: %s",
-						shortenstring(a->q_user, MAXSHORTSTR),
-						errstring(ret));
-				a->q_flags |= QQUEUEUP;
-				a->q_flags &= ~QDONTSEND;
-				usrerr("451 Cannot open %s: %s",
+						  "include %s: transient error: %s",
+						  shortenstring(a->q_user, MAXSHORTSTR),
+						  errstring(ret));
+				a->q_state = QS_QUEUEUP;
+				usrerr("451 4.2.4 Cannot open %s: %s",
 					shortenstring(a->q_user, MAXSHORTSTR),
 					errstring(ret));
 			}
 			else if (ret != 0)
 			{
-				a->q_flags |= QBADADDR;
+				a->q_state = QS_BADADDR;
 				a->q_status = "5.2.4";
-				usrerr("550 Cannot open %s: %s",
-					shortenstring(a->q_user, MAXSHORTSTR),
-					errstring(ret));
+				usrerrenh(a->q_status,
+					  "550 Cannot open %s: %s",
+					  shortenstring(a->q_user, MAXSHORTSTR),
+					  errstring(ret));
 			}
 		}
 	}
 	else if (m == FileMailer)
 	{
-		extern bool writable __P((char *, ADDRESS *, int));
-
 		/* check if writable or creatable */
 		if (a->q_alias == NULL)
 		{
-			a->q_flags |= QBADADDR;
+			a->q_state = QS_BADADDR;
 			a->q_status = "5.7.1";
-			usrerr("550 Cannot mail directly to files");
+			usrerrenh(a->q_status,
+				  "550 Cannot mail directly to files");
 		}
 		else if (bitset(QBOGUSSHELL, a->q_alias->q_flags))
 		{
-			a->q_flags |= QBADADDR;
+			a->q_state = QS_BADADDR;
 			a->q_status = "5.7.1";
 			if (a->q_alias->q_ruser == NULL)
-				usrerr("550 UID %d is an unknown user: cannot mail to files",
-					a->q_alias->q_uid);
+				usrerrenh(a->q_status,
+					  "550 UID %d is an unknown user: cannot mail to files",
+					  a->q_alias->q_uid);
 			else
-				usrerr("550 User %s@%s doesn't have a valid shell for mailing to files",
-					a->q_alias->q_ruser, MyHostName);
+				usrerrenh(a->q_status,
+					  "550 User %s@%s doesn't have a valid shell for mailing to files",
+					  a->q_alias->q_ruser, MyHostName);
 		}
 		else if (bitset(QUNSAFEADDR, a->q_alias->q_flags))
 		{
-			a->q_flags |= QBADADDR;
+			a->q_state = QS_BADADDR;
 			a->q_status = "5.7.1";
-			a->q_rstatus = newstr("Unsafe for mailing to files");
-			usrerr("550 Address %s is unsafe for mailing to files",
-				a->q_alias->q_paddr);
-		}
-		else if (strcmp(buf, "/dev/null") == 0)
-		{
-			/* /dev/null is always accepted */
-		}
-		else if (!writable(buf, a->q_alias, SFF_CREAT))
-		{
-			a->q_flags |= QBADADDR;
-			giveresponse(EX_CANTCREAT, m, NULL, a->q_alias,
-				     (time_t) 0, e);
+			a->q_rstatus = newstr("550 Unsafe for mailing to files");
+			usrerrenh(a->q_status,
+				  "550 Address %s is unsafe for mailing to files",
+				  a->q_alias->q_paddr);
 		}
 	}
 
 	/* try aliasing */
-	if (!quoted && !bitset(QDONTSEND, a->q_flags) &&
+	if (!quoted && QS_IS_OK(a->q_state) &&
 	    bitnset(M_ALIASABLE, m->m_flags))
 		alias(a, sendq, aliaslevel, e);
 
-# if USERDB
+#if USERDB
 	/* if not aliased, look it up in the user database */
-	if (!bitset(QDONTSEND|QNOTREMOTE|QVERIFIED, a->q_flags) &&
+	if (!bitset(QNOTREMOTE, a->q_flags) &&
+	    QS_IS_SENDABLE(a->q_state) &&
 	    bitnset(M_CHECKUDB, m->m_flags))
 	{
-		extern int udbexpand __P((ADDRESS *, ADDRESS **, int, ENVELOPE *));
-
 		if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL)
 		{
-			a->q_flags |= QQUEUEUP;
+			a->q_state = QS_QUEUEUP;
 			if (e->e_message == NULL)
 				e->e_message = newstr("Deferred: user database error");
 			if (LogLevel > 8)
 				sm_syslog(LOG_INFO, e->e_id,
-					"deferred: udbexpand: %s",
-					errstring(errno));
+					  "deferred: udbexpand: %s",
+					  errstring(errno));
 			message("queued (user database error): %s",
 				errstring(errno));
 			e->e_nrcpts++;
 			goto testselfdestruct;
 		}
 	}
-# endif
+#endif /* USERDB */
 
 	/*
 	**  If we have a level two config file, then pass the name through
@@ -469,16 +661,15 @@ recipient(a, sendq, aliaslevel, e)
 
 	if (tTd(29, 5))
 	{
-		printf("recipient: testing local?  cl=%d, rr5=%lx\n\t",
+		dprintf("recipient: testing local?  cl=%d, rr5=%lx\n\t",
 			ConfigLevel, (u_long) RewriteRules[5]);
 		printaddr(a, FALSE);
 	}
-	if (!bitset(QNOTREMOTE|QDONTSEND|QQUEUEUP|QVERIFIED, a->q_flags) &&
-	    ConfigLevel >= 2 && RewriteRules[5] != NULL &&
-	    bitnset(M_TRYRULESET5, m->m_flags))
+	if (ConfigLevel >= 2 && RewriteRules[5] != NULL &&
+	    bitnset(M_TRYRULESET5, m->m_flags) &&
+	    !bitset(QNOTREMOTE, a->q_flags) &&
+	    QS_IS_OK(a->q_state))
 	{
-		extern void maplocaluser __P((ADDRESS *, ADDRESS **, int, ENVELOPE *));
-
 		maplocaluser(a, sendq, aliaslevel + 1, e);
 	}
 
@@ -487,21 +678,23 @@ recipient(a, sendq, aliaslevel, e)
 	**  and deliver it.
 	*/
 
-	if (!bitset(QDONTSEND|QQUEUEUP|QVERIFIED, a->q_flags) &&
+	if (QS_IS_OK(a->q_state) &&
 	    bitnset(M_HASPWENT, m->m_flags))
 	{
 		auto bool fuzzy;
 		register struct passwd *pw;
-		extern void forward __P((ADDRESS *, ADDRESS **, int, ENVELOPE *));
 
 		/* warning -- finduser may trash buf */
 		pw = finduser(buf, &fuzzy);
 		if (pw == NULL || strlen(pw->pw_name) > MAXNAME)
 		{
-			a->q_flags |= QBADADDR;
-			a->q_status = "5.1.1";
-			giveresponse(EX_NOUSER, m, NULL, a->q_alias,
-				     (time_t) 0, e);
+			{
+				a->q_state = QS_BADADDR;
+				a->q_status = "5.1.1";
+				a->q_rstatus = newstr("550 5.1.1 User unknown");
+				giveresponse(EX_NOUSER, a->q_status, m, NULL,
+					     a->q_alias, (time_t) 0, e);
+			}
 		}
 		else
 		{
@@ -513,15 +706,16 @@ recipient(a, sendq, aliaslevel, e)
 				a->q_user = newstr(pw->pw_name);
 				if (findusercount++ > 3)
 				{
-					a->q_flags |= QBADADDR;
+					a->q_state = QS_BADADDR;
 					a->q_status = "5.4.6";
-					usrerr("554 aliasing/forwarding loop for %s broken",
-						pw->pw_name);
+					usrerrenh(a->q_status,
+						  "554 aliasing/forwarding loop for %s broken",
+						  pw->pw_name);
 					goto done;
 				}
 
 				/* see if it aliases */
-				(void) strcpy(buf, pw->pw_name);
+				(void) strlcpy(buf, pw->pw_name, buflen);
 				goto trylocaluser;
 			}
 			if (strcmp(pw->pw_dir, "/") == 0)
@@ -542,41 +736,42 @@ recipient(a, sendq, aliaslevel, e)
 			if (bitset(EF_VRFYONLY, e->e_flags))
 			{
 				/* don't do any more now */
-				a->q_flags |= QVERIFIED;
+				a->q_state = QS_VERIFIED;
 			}
 			else if (!quoted)
 				forward(a, sendq, aliaslevel, e);
 		}
 	}
-	if (!bitset(QDONTSEND, a->q_flags))
+	if (!QS_IS_DEAD(a->q_state))
 		e->e_nrcpts++;
 
   testselfdestruct:
 	a->q_flags |= QTHISPASS;
 	if (tTd(26, 8))
 	{
-		printf("testselfdestruct: ");
+		dprintf("testselfdestruct: ");
 		printaddr(a, FALSE);
 		if (tTd(26, 10))
 		{
-			printf("SENDQ:\n");
+			dprintf("SENDQ:\n");
 			printaddr(*sendq, TRUE);
-			printf("----\n");
+			dprintf("----\n");
 		}
 	}
 	if (a->q_alias == NULL && a != &e->e_from &&
-	    bitset(QDONTSEND, a->q_flags))
+	    QS_IS_DEAD(a->q_state))
 	{
 		for (q = *sendq; q != NULL; q = q->q_next)
 		{
-			if (!bitset(QDONTSEND, q->q_flags))
+			if (!QS_IS_DEAD(q->q_state))
 				break;
 		}
 		if (q == NULL)
 		{
-			a->q_flags |= QBADADDR;
+			a->q_state = QS_BADADDR;
 			a->q_status = "5.4.6";
-			usrerr("554 aliasing/forwarding loop broken");
+			usrerrenh(a->q_status,
+				  "554 aliasing/forwarding loop broken");
 		}
 	}
 
@@ -601,7 +796,7 @@ recipient(a, sendq, aliaslevel, e)
 		for (q = *sendq; q != NULL; q = q->q_next)
 		{
 			if (bitset(QTHISPASS, q->q_flags) &&
-			    !bitset(QDONTSEND|QBADADDR, q->q_flags))
+			    QS_IS_SENDABLE(q->q_state))
 			{
 				nrcpts++;
 				only = q;
@@ -625,14 +820,15 @@ recipient(a, sendq, aliaslevel, e)
 			/* arrange for return receipt */
 			e->e_flags |= EF_SENDRECEIPT;
 			a->q_flags |= QEXPANDED;
-			if (e->e_xfp != NULL && bitset(QPINGONSUCCESS, a->q_flags))
+			if (e->e_xfp != NULL &&
+			    bitset(QPINGONSUCCESS, a->q_flags))
 				fprintf(e->e_xfp,
 					"%s... expanded to multiple addresses\n",
 					a->q_paddr);
 		}
 	}
 	a->q_flags |= QRCPTOK;
-	return (a);
+	return a;
 }
 /*
 **  FINDUSER -- find the password entry for a user.
@@ -667,7 +863,7 @@ finduser(name, fuzzyp)
 	bool tryagain;
 
 	if (tTd(29, 4))
-		printf("finduser(%s): ", name);
+		dprintf("finduser(%s): ", name);
 
 	*fuzzyp = FALSE;
 
@@ -679,17 +875,17 @@ finduser(name, fuzzyp)
 	if (*p == '\0')
 	{
 		if (tTd(29, 4))
-			printf("failed (numeric input)\n");
+			dprintf("failed (numeric input)\n");
 		return NULL;
 	}
-#endif
+#endif /* HESIOD */
 
 	/* look up this login name using fast path */
 	if ((pw = sm_getpwnam(name)) != NULL)
 	{
 		if (tTd(29, 4))
-			printf("found (non-fuzzy)\n");
-		return (pw);
+			dprintf("found (non-fuzzy)\n");
+		return pw;
 	}
 
 	/* try mapping it to lower case */
@@ -705,7 +901,7 @@ finduser(name, fuzzyp)
 	if (tryagain && (pw = sm_getpwnam(name)) != NULL)
 	{
 		if (tTd(29, 4))
-			printf("found (lower case)\n");
+			dprintf("found (lower case)\n");
 		*fuzzyp = TRUE;
 		return pw;
 	}
@@ -715,7 +911,7 @@ finduser(name, fuzzyp)
 	if (!MatchGecos)
 	{
 		if (tTd(29, 4))
-			printf("not found (fuzzy disabled)\n");
+			dprintf("not found (fuzzy disabled)\n");
 		return NULL;
 	}
 
@@ -734,16 +930,16 @@ finduser(name, fuzzyp)
 		if (strcasecmp(pw->pw_name, name) == 0)
 		{
 			if (tTd(29, 4))
-				printf("found (case wrapped)\n");
+				dprintf("found (case wrapped)\n");
 			break;
 		}
-# endif
+# endif /* 0 */
 
 		buildfname(pw->pw_gecos, pw->pw_name, buf, sizeof buf);
-		if (strchr(buf, ' ') != NULL && !strcasecmp(buf, name))
+		if (strchr(buf, ' ') != NULL && strcasecmp(buf, name) == 0)
 		{
 			if (tTd(29, 4))
-				printf("fuzzy matches %s\n", pw->pw_name);
+				dprintf("fuzzy matches %s\n", pw->pw_name);
 			message("sending to login name %s", pw->pw_name);
 			break;
 		}
@@ -751,16 +947,16 @@ finduser(name, fuzzyp)
 	if (pw != NULL)
 		*fuzzyp = TRUE;
 	else if (tTd(29, 4))
-		printf("no fuzzy match found\n");
+		dprintf("no fuzzy match found\n");
 # if DEC_OSF_BROKEN_GETPWENT	/* DEC OSF/1 3.2 or earlier */
 	endpwent();
-# endif
+# endif /* DEC_OSF_BROKEN_GETPWENT */
 	return pw;
-#else
+#else /* MATCHGECOS */
 	if (tTd(29, 4))
-		printf("not found (fuzzy disabled)\n");
+		dprintf("not found (fuzzy disabled)\n");
 	return NULL;
-#endif
+#endif /* MATCHGECOS */
 }
 /*
 **  WRITABLE -- predicate returning if the file is writable.
@@ -790,14 +986,14 @@ bool
 writable(filename, ctladdr, flags)
 	char *filename;
 	ADDRESS *ctladdr;
-	int flags;
+	long flags;
 {
-	uid_t euid;
-	gid_t egid;
-	char *uname;
+	uid_t euid = 0;
+	gid_t egid = 0;
+	char *user = NULL;
 
 	if (tTd(44, 5))
-		printf("writable(%s, 0x%x)\n", filename, flags);
+		dprintf("writable(%s, 0x%lx)\n", filename, flags);
 
 	/*
 	**  File does exist -- check that it is writable.
@@ -807,37 +1003,37 @@ writable(filename, ctladdr, flags)
 	{
 		euid = geteuid();
 		egid = getegid();
-		uname = NULL;
+		user = NULL;
 	}
 	else if (ctladdr != NULL)
 	{
 		euid = ctladdr->q_uid;
 		egid = ctladdr->q_gid;
-		uname = ctladdr->q_user;
+		user = ctladdr->q_user;
 	}
 	else if (bitset(SFF_RUNASREALUID, flags))
 	{
 		euid = RealUid;
 		egid = RealGid;
-		uname = RealUserName;
+		user = RealUserName;
 	}
 	else if (FileMailer != NULL && !bitset(SFF_ROOTOK, flags))
 	{
 		euid = FileMailer->m_uid;
 		egid = FileMailer->m_gid;
-		uname = NULL;
+		user = NULL;
 	}
 	else
 	{
 		euid = egid = 0;
-		uname = NULL;
+		user = NULL;
 	}
 	if (!bitset(SFF_ROOTOK, flags))
 	{
 		if (euid == 0)
 		{
 			euid = DefUid;
-			uname = DefUser;
+			user = DefUser;
 		}
 		if (egid == 0)
 			egid = DefGid;
@@ -846,12 +1042,12 @@ writable(filename, ctladdr, flags)
 	    (ctladdr == NULL || !bitset(QGOODUID, ctladdr->q_flags)))
 		flags |= SFF_SETUIDOK;
 
-	if (!bitset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail))
+	if (!bitnset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail))
 		flags |= SFF_NOSLINK;
-	if (!bitset(DBS_FILEDELIVERYTOHARDLINK, DontBlameSendmail))
+	if (!bitnset(DBS_FILEDELIVERYTOHARDLINK, DontBlameSendmail))
 		flags |= SFF_NOHLINK;
 
-	errno = safefile(filename, euid, egid, uname, flags, S_IWRITE, NULL);
+	errno = safefile(filename, euid, egid, user, flags, S_IWRITE, NULL);
 	return errno == 0;
 }
 /*
@@ -891,7 +1087,6 @@ writable(filename, ctladdr, flags)
 */
 
 static jmp_buf	CtxIncludeTimeout;
-static void	includetimeout __P((void));
 
 int
 include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
@@ -909,59 +1104,81 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
 	register EVENT *ev = NULL;
 	int nincludes;
 	int mode;
+	volatile bool maxreached = FALSE;
 	register ADDRESS *ca;
-	volatile uid_t saveduid, uid;
-	volatile gid_t savedgid, gid;
-	char *volatile uname;
+	volatile uid_t saveduid;
+	volatile gid_t savedgid;
+	volatile uid_t uid;
+	volatile gid_t gid;
+	char *volatile user;
 	int rval = 0;
-	volatile int sfflags = SFF_REGONLY;
+	volatile long sfflags = SFF_REGONLY;
 	register char *p;
 	bool safechown = FALSE;
 	volatile bool safedir = FALSE;
 	struct stat st;
 	char buf[MAXLINE];
-	extern bool chownsafe __P((int, bool));
 
 	if (tTd(27, 2))
-		printf("include(%s)\n", fname);
+		dprintf("include(%s)\n", fname);
 	if (tTd(27, 4))
-		printf("   ruid=%d euid=%d\n", (int) getuid(), (int) geteuid());
+		dprintf("   ruid=%d euid=%d\n",
+			(int) getuid(), (int) geteuid());
 	if (tTd(27, 14))
 	{
-		printf("ctladdr ");
+		dprintf("ctladdr ");
 		printaddr(ctladdr, FALSE);
 	}
 
 	if (tTd(27, 9))
-		printf("include: old uid = %d/%d\n",
-		       (int) getuid(), (int) geteuid());
+		dprintf("include: old uid = %d/%d\n",
+			(int) getuid(), (int) geteuid());
 
 	if (forwarding)
 		sfflags |= SFF_MUSTOWN|SFF_ROOTOK|SFF_NOWLINK;
 
+	/*
+	**  If RunAsUser set, won't be able to run programs as user
+	**  so mark them as unsafe unless the administrator knows better.
+	*/
+
+	if ((geteuid() != 0 || RunAsUid != 0) &&
+	    !bitnset(DBS_NONROOTSAFEADDR, DontBlameSendmail))
+	{
+		if (tTd(27, 4))
+			dprintf("include: not safe (euid=%d, RunAsUid=%d)\n",
+				(int) geteuid(), (int) RunAsUid);
+		ctladdr->q_flags |= QUNSAFEADDR;
+	}
+
 	ca = getctladdr(ctladdr);
-	if (ca == NULL)
+	if (ca == NULL ||
+	    (ca->q_uid == DefUid && ca->q_gid == 0))
 	{
 		uid = DefUid;
 		gid = DefGid;
-		uname = DefUser;
+		user = DefUser;
 	}
 	else
 	{
 		uid = ca->q_uid;
 		gid = ca->q_gid;
-		uname = ca->q_user;
+		user = ca->q_user;
 	}
-#if HASSETREUID || USESETEUID
+#if MAILER_SETUID_METHOD != USE_SETUID
 	saveduid = geteuid();
 	savedgid = getegid();
 	if (saveduid == 0)
 	{
 		if (!DontInitGroups)
 		{
-			if (initgroups(uname, gid) == -1)
+			if (initgroups(user, gid) == -1)
+			{
+				rval = EAGAIN;
 				syserr("include: initgroups(%s, %d) failed",
-					uname, gid);
+					user, gid);
+				goto resetuid;
+			}
 		}
 		else
 		{
@@ -969,29 +1186,46 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
 
 			gidset[0] = gid;
 			if (setgroups(1, gidset) == -1)
+			{
+				rval = EAGAIN;
 				syserr("include: setgroups() failed");
+				goto resetuid;
+			}
 		}
 
 		if (gid != 0 && setgid(gid) < -1)
+		{
+			rval = EAGAIN;
 			syserr("setgid(%d) failure", gid);
+			goto resetuid;
+		}
 		if (uid != 0)
 		{
-# if USESETEUID
+# if MAILER_SETUID_METHOD == USE_SETEUID
 			if (seteuid(uid) < 0)
+			{
+				rval = EAGAIN;
 				syserr("seteuid(%d) failure (real=%d, eff=%d)",
 					uid, getuid(), geteuid());
-# else
+				goto resetuid;
+			}
+# endif /* MAILER_SETUID_METHOD == USE_SETEUID */
+# if MAILER_SETUID_METHOD == USE_SETREUID
 			if (setreuid(0, uid) < 0)
+			{
+				rval = EAGAIN;
 				syserr("setreuid(0, %d) failure (real=%d, eff=%d)",
 					uid, getuid(), geteuid());
-# endif
+				goto resetuid;
+			}
+# endif /* MAILER_SETUID_METHOD == USE_SETREUID */
 		}
 	}
-#endif
+#endif /* MAILER_SETUID_METHOD != USE_SETUID */
 
 	if (tTd(27, 9))
-		printf("include: new uid = %d/%d\n",
-		       (int) getuid(), (int) geteuid());
+		dprintf("include: new uid = %d/%d\n",
+			(int) getuid(), (int) geteuid());
 
 	/*
 	**  If home directory is remote mounted but server is down,
@@ -1000,7 +1234,7 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
 
 	if (setjmp(CtxIncludeTimeout) != 0)
 	{
-		ctladdr->q_flags |= QQUEUEUP;
+		ctladdr->q_state = QS_QUEUEUP;
 		errno = 0;
 
 		/* return pseudo-error code */
@@ -1012,6 +1246,7 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
 	else
 		ev = NULL;
 
+
 	/* check for writable parent directory */
 	p = strrchr(fname, '/');
 	if (p != NULL)
@@ -1019,7 +1254,8 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
 		int ret;
 
 		*p = '\0';
-		ret = safedirpath(fname, uid, gid, uname, sfflags|SFF_SAFEDIRPATH);
+		ret = safedirpath(fname, uid, gid, user,
+				  sfflags|SFF_SAFEDIRPATH, 0, 0);
 		if (ret == 0)
 		{
 			/* in safe directory: relax chown & link rules */
@@ -1028,22 +1264,24 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
 		}
 		else
 		{
-			if (bitset((forwarding ?
-				    DBS_FORWARDFILEINUNSAFEDIRPATH :
-				    DBS_INCLUDEFILEINUNSAFEDIRPATH),
-				   DontBlameSendmail))
+			if (bitnset((forwarding ?
+				     DBS_FORWARDFILEINUNSAFEDIRPATH :
+				     DBS_INCLUDEFILEINUNSAFEDIRPATH),
+				    DontBlameSendmail))
 				sfflags |= SFF_NOPATHCHECK;
-			else if (bitset((forwarding ?
-					 DBS_FORWARDFILEINGROUPWRITABLEDIRPATH :
-					 DBS_INCLUDEFILEINGROUPWRITABLEDIRPATH),
-					DontBlameSendmail) &&
+			else if (bitnset((forwarding ?
+					  DBS_FORWARDFILEINGROUPWRITABLEDIRPATH :
+					  DBS_INCLUDEFILEINGROUPWRITABLEDIRPATH),
+					 DontBlameSendmail) &&
 				 ret == E_SM_GWDIR)
 			{
-				DontBlameSendmail |= DBS_GROUPWRITABLEDIRPATHSAFE;
-				ret = safedirpath(fname, uid,
-						  gid, uname,
-						  sfflags|SFF_SAFEDIRPATH);
-				DontBlameSendmail &= ~DBS_GROUPWRITABLEDIRPATHSAFE;
+				setbitn(DBS_GROUPWRITABLEDIRPATHSAFE,
+					DontBlameSendmail);
+				ret = safedirpath(fname, uid, gid, user,
+						  sfflags|SFF_SAFEDIRPATH,
+						  0, 0);
+				clrbitn(DBS_GROUPWRITABLEDIRPATHSAFE,
+					DontBlameSendmail);
 				if (ret == 0)
 					sfflags |= SFF_NOPATHCHECK;
 				else
@@ -1052,10 +1290,10 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
 			else
 				sfflags |= SFF_SAFEDIRPATH;
 			if (ret > E_PSEUDOBASE &&
-			    !bitset((forwarding ?
-				     DBS_FORWARDFILEINUNSAFEDIRPATHSAFE :
-				     DBS_INCLUDEFILEINUNSAFEDIRPATHSAFE),
-				    DontBlameSendmail))
+			    !bitnset((forwarding ?
+				      DBS_FORWARDFILEINUNSAFEDIRPATHSAFE :
+				      DBS_INCLUDEFILEINUNSAFEDIRPATHSAFE),
+				     DontBlameSendmail))
 			{
 				if (LogLevel >= 12)
 					sm_syslog(LOG_INFO, e->e_id,
@@ -1069,31 +1307,31 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
 
 	/* allow links only in unwritable directories */
 	if (!safedir &&
-	    !bitset((forwarding ?
-		     DBS_LINKEDFORWARDFILEINWRITABLEDIR :
-		     DBS_LINKEDINCLUDEFILEINWRITABLEDIR),
-		    DontBlameSendmail))
+	    !bitnset((forwarding ?
+		      DBS_LINKEDFORWARDFILEINWRITABLEDIR :
+		      DBS_LINKEDINCLUDEFILEINWRITABLEDIR),
+		     DontBlameSendmail))
 		sfflags |= SFF_NOLINK;
 
-	rval = safefile(fname, uid, gid, uname, sfflags, S_IREAD, &st);
+	rval = safefile(fname, uid, gid, user, sfflags, S_IREAD, &st);
 	if (rval != 0)
 	{
 		/* don't use this :include: file */
 		if (tTd(27, 4))
-			printf("include: not safe (uid=%d): %s\n",
+			dprintf("include: not safe (uid=%d): %s\n",
 				(int) uid, errstring(rval));
 	}
 	else if ((fp = fopen(fname, "r")) == NULL)
 	{
 		rval = errno;
 		if (tTd(27, 4))
-			printf("include: open: %s\n", errstring(rval));
+			dprintf("include: open: %s\n", errstring(rval));
 	}
 	else if (filechanged(fname, fileno(fp), &st))
 	{
 		rval = E_SM_FILECHANGE;
 		if (tTd(27, 4))
-			printf("include: file changed after open\n");
+			dprintf("include: file changed after open\n");
 	}
 	if (ev != NULL)
 		clrevent(ev);
@@ -1107,27 +1345,29 @@ resetuid:
 		{
 # if USESETEUID
 			if (seteuid(0) < 0)
-				syserr("seteuid(0) failure (real=%d, eff=%d)",
+				syserr("!seteuid(0) failure (real=%d, eff=%d)",
 					getuid(), geteuid());
-# else
+# else /* USESETEUID */
 			if (setreuid(-1, 0) < 0)
-				syserr("setreuid(-1, 0) failure (real=%d, eff=%d)",
+				syserr("!setreuid(-1, 0) failure (real=%d, eff=%d)",
 					getuid(), geteuid());
 			if (setreuid(RealUid, 0) < 0)
-				syserr("setreuid(%d, 0) failure (real=%d, eff=%d)",
+				syserr("!setreuid(%d, 0) failure (real=%d, eff=%d)",
 					RealUid, getuid(), geteuid());
-# endif
+# endif /* USESETEUID */
 		}
-		setgid(savedgid);
+		if (setgid(savedgid) < 0)
+			syserr("!setgid(%d) failure (real=%d eff=%d)",
+			       savedgid, getgid(), getegid());
 	}
-#endif
+#endif /* HASSETREUID || USESETEUID */
 
 	if (tTd(27, 9))
-		printf("include: reset uid = %d/%d\n",
-		       (int) getuid(), (int) geteuid());
+		dprintf("include: reset uid = %d/%d\n",
+			(int) getuid(), (int) geteuid());
 
 	if (rval == E_SM_OPENTIMEOUT)
-		usrerr("451 open timeout on %s", fname);
+		usrerr("451 4.4.1 open timeout on %s", fname);
 
 	if (fp == NULL)
 		return rval;
@@ -1136,18 +1376,22 @@ resetuid:
 	{
 		rval = errno;
 		syserr("Cannot fstat %s!", fname);
+		(void) fclose(fp);
 		return rval;
 	}
 
 	/* if path was writable, check to avoid file giveaway tricks */
 	safechown = chownsafe(fileno(fp), safedir);
 	if (tTd(27, 6))
-		printf("include: parent of %s is %s, chown is %ssafe\n",
+		dprintf("include: parent of %s is %s, chown is %ssafe\n",
 			fname,
 			safedir ? "safe" : "dangerous",
 			safechown ? "" : "un");
 
-	if (ca == NULL && safechown)
+	/* if no controlling user or coming from an alias delivery */
+	if (safechown &&
+	    (ca == NULL ||
+	     (ca->q_uid == DefUid && ca->q_gid == 0)))
 	{
 		ctladdr->q_uid = st.st_uid;
 		ctladdr->q_gid = st.st_gid;
@@ -1165,7 +1409,10 @@ resetuid:
 
 		pw = sm_getpwuid(st.st_uid);
 		if (pw == NULL)
+		{
+			ctladdr->q_uid = st.st_uid;
 			ctladdr->q_flags |= QBOGUSSHELL;
+		}
 		else
 		{
 			char *sh;
@@ -1179,10 +1426,10 @@ resetuid:
 			{
 				if (LogLevel >= 12)
 					sm_syslog(LOG_INFO, e->e_id,
-						"%s: user %s has bad shell %s, marked %s",
-						shortenstring(fname, MAXSHORTSTR),
-						pw->pw_name, sh,
-						safechown ? "bogus" : "unsafe");
+						  "%s: user %s has bad shell %s, marked %s",
+						  shortenstring(fname, MAXSHORTSTR),
+						  pw->pw_name, sh,
+						  safechown ? "bogus" : "unsafe");
 				if (safechown)
 					ctladdr->q_flags |= QBOGUSSHELL;
 				else
@@ -1194,10 +1441,9 @@ resetuid:
 	if (bitset(EF_VRFYONLY, e->e_flags))
 	{
 		/* don't do any more now */
-		ctladdr->q_flags |= QVERIFIED;
-		ctladdr->q_flags &= ~QDONTSEND;
+		ctladdr->q_state = QS_VERIFIED;
 		e->e_nrcpts++;
-		xfclose(fp, "include", fname);
+		(void) fclose(fp);
 		return rval;
 	}
 
@@ -1210,24 +1456,24 @@ resetuid:
 	*/
 
 	mode = S_IWOTH;
-	if (!bitset((forwarding ?
-		     DBS_GROUPWRITABLEFORWARDFILESAFE :
-		     DBS_GROUPWRITABLEINCLUDEFILESAFE),
-		    DontBlameSendmail))
+	if (!bitnset((forwarding ?
+		      DBS_GROUPWRITABLEFORWARDFILESAFE :
+		      DBS_GROUPWRITABLEINCLUDEFILESAFE),
+		     DontBlameSendmail))
 		mode |= S_IWGRP;
 
 	if (bitset(mode, st.st_mode))
 	{
 		if (tTd(27, 6))
-			printf("include: %s is %s writable, marked unsafe\n",
+			dprintf("include: %s is %s writable, marked unsafe\n",
 				shortenstring(fname, MAXSHORTSTR),
 				bitset(S_IWOTH, st.st_mode) ? "world" : "group");
 		if (LogLevel >= 12)
 			sm_syslog(LOG_INFO, e->e_id,
-				"%s: %s writable %s file, marked unsafe",
-				shortenstring(fname, MAXSHORTSTR),
-				bitset(S_IWOTH, st.st_mode) ? "world" : "group",
-				forwarding ? "forward" : ":include:");
+				  "%s: %s writable %s file, marked unsafe",
+				  shortenstring(fname, MAXSHORTSTR),
+				  bitset(S_IWOTH, st.st_mode) ? "world" : "group",
+				  forwarding ? "forward" : ":include:");
 		ctladdr->q_flags |= QUNSAFEADDR;
 	}
 
@@ -1236,13 +1482,10 @@ resetuid:
 	LineNumber = 0;
 	ctladdr->q_flags &= ~QSELFREF;
 	nincludes = 0;
-	while (fgets(buf, sizeof buf, fp) != NULL)
+	while (fgets(buf, sizeof buf, fp) != NULL && !maxreached)
 	{
-		register char *p = strchr(buf, '\n');
-
+		fixcrlf(buf, TRUE);
 		LineNumber++;
-		if (p != NULL)
-			*p = '\0';
 		if (buf[0] == '#' || buf[0] == '\0')
 			continue;
 
@@ -1264,27 +1507,40 @@ resetuid:
 		e->e_to = NULL;
 		message("%s to %s",
 			forwarding ? "forwarding" : "sending", buf);
-		if (forwarding && LogLevel > 9)
+		if (forwarding && LogLevel > 10)
 			sm_syslog(LOG_INFO, e->e_id,
-				"forward %.200s => %s",
-				oldto, shortenstring(buf, MAXSHORTSTR));
+				  "forward %.200s => %s",
+				  oldto, shortenstring(buf, MAXSHORTSTR));
 
 		nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e);
+
+		if (forwarding &&
+		    MaxForwardEntries > 0 &&
+		    nincludes >= MaxForwardEntries)
+		{
+			/* just stop reading and processing further entries */
+			/* additional: (?)
+			ctladdr->q_state = QS_DONTSEND;
+			**/
+			syserr("Attempt to forward to more then %d addresses (in %s)!",
+				MaxForwardEntries,fname);
+			maxreached = TRUE;
+		}
 	}
 
 	if (ferror(fp) && tTd(27, 3))
-		printf("include: read error: %s\n", errstring(errno));
+		dprintf("include: read error: %s\n", errstring(errno));
 	if (nincludes > 0 && !bitset(QSELFREF, ctladdr->q_flags))
 	{
 		if (tTd(27, 5))
 		{
-			printf("include: QDONTSEND ");
+			dprintf("include: QS_DONTSEND ");
 			printaddr(ctladdr, FALSE);
 		}
-		ctladdr->q_flags |= QDONTSEND;
+		ctladdr->q_state = QS_DONTSEND;
 	}
 
-	(void) xfclose(fp, "include", fname);
+	(void) fclose(fp);
 	FileName = oldfilename;
 	LineNumber = oldlinenumber;
 	e->e_to = oldto;
@@ -1344,7 +1600,7 @@ getctladdr(a)
 {
 	while (a != NULL && !bitset(QGOODUID, a->q_flags))
 		a = a->q_alias;
-	return (a);
+	return a;
 }
 /*
 **  SELF_REFERENCE -- check to see if an address references itself
@@ -1360,22 +1616,20 @@ getctladdr(a)
 **
 **	Parameters:
 **		a -- the address to check.
-**		e -- the current envelope.
 **
 **	Returns:
 **		The address that should be retained.
 */
 
-ADDRESS *
-self_reference(a, e)
+static ADDRESS *
+self_reference(a)
 	ADDRESS *a;
-	ENVELOPE *e;
 {
 	ADDRESS *b;		/* top entry in self ref loop */
 	ADDRESS *c;		/* entry that point to a real mail box */
 
 	if (tTd(27, 1))
-		printf("self_reference(%s)\n", a->q_paddr);
+		dprintf("self_reference(%s)\n", a->q_paddr);
 
 	for (b = a->q_alias; b != NULL; b = b->q_alias)
 	{
@@ -1386,7 +1640,7 @@ self_reference(a, e)
 	if (b == NULL)
 	{
 		if (tTd(27, 1))
-			printf("\t... no self ref\n");
+			dprintf("\t... no self ref\n");
 		return NULL;
 	}
 
@@ -1394,14 +1648,14 @@ self_reference(a, e)
 	**  Pick the first address that resolved to a real mail box
 	**  i.e has a pw entry.  The returned value will be marked
 	**  QSELFREF in recipient(), which in turn will disable alias()
-	**  from marking it QDONTSEND, which mean it will be used
+	**  from marking it as QS_IS_DEAD(), which mean it will be used
 	**  as a deliverable address.
 	**
 	**  The 2 key thing to note here are:
 	**	1) we are in a recursive call sequence:
 	**		alias->sentolist->recipient->alias
 	**	2) normally, when we return back to alias(), the address
-	**	   will be marked QDONTSEND, since alias() assumes the
+	**	   will be marked QS_EXPANDED, since alias() assumes the
 	**	   expanded form will be used instead of the current address.
 	**	   This behaviour is turned off if the address is marked
 	**	   QSELFREF We set QSELFREF when we return to recipient().
@@ -1411,15 +1665,15 @@ self_reference(a, e)
 	while (c != NULL)
 	{
 		if (tTd(27, 10))
-			printf("  %s", c->q_user);
+			dprintf("  %s", c->q_user);
 		if (bitnset(M_HASPWENT, c->q_mailer->m_flags))
 		{
 			if (tTd(27, 2))
-				printf("\t... getpwnam(%s)... ", c->q_user);
+				dprintf("\t... getpwnam(%s)... ", c->q_user);
 			if (sm_getpwnam(c->q_user) != NULL)
 			{
 				if (tTd(27, 2))
-					printf("found\n");
+					dprintf("found\n");
 
 				/* ought to cache results here */
 				if (sameaddr(b, c))
@@ -1428,7 +1682,7 @@ self_reference(a, e)
 					return c;
 			}
 			if (tTd(27, 2))
-				printf("failed\n");
+				dprintf("failed\n");
 		}
 		else
 		{
@@ -1437,7 +1691,8 @@ self_reference(a, e)
 			    b->q_mailer == c->q_mailer)
 			{
 				if (tTd(27, 2))
-					printf("\t... local match (%s)\n", c->q_user);
+					dprintf("\t... local match (%s)\n",
+						c->q_user);
 				if (sameaddr(b, c))
 					return b;
 				else
@@ -1445,12 +1700,12 @@ self_reference(a, e)
 			}
 		}
 		if (tTd(27, 10))
-			printf("\n");
+			dprintf("\n");
 		c = c->q_alias;
 	}
 
 	if (tTd(27, 1))
-		printf("\t... cannot break loop for \"%s\"\n", a->q_paddr);
+		dprintf("\t... cannot break loop for \"%s\"\n", a->q_paddr);
 
 	return NULL;
 }
diff --git a/contrib/sendmail/src/savemail.c b/contrib/sendmail/src/savemail.c
index 6a18ee6..0478e359 100644
--- a/contrib/sendmail/src/savemail.c
+++ b/contrib/sendmail/src/savemail.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,10 +12,14 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)savemail.c	8.140 (Berkeley) 1/18/1999";
-#endif /* not lint */
+static char id[] = "@(#)$Id: savemail.c,v 8.212.4.3 2000/06/13 07:16:26 gshapiro Exp $";
+#endif /* ! lint */
 
-# include "sendmail.h"
+#include <sendmail.h>
+
+
+static void	errbody __P((MCI *, ENVELOPE *, char *));
+static bool	pruneroute __P((char *));
 
 /*
 **  SAVEMAIL -- Save mail on error
@@ -39,14 +44,14 @@ static char sccsid[] = "@(#)savemail.c	8.140 (Berkeley) 1/18/1999";
 */
 
 /* defines for state machine */
-# define ESM_REPORT	0	/* report to sender's terminal */
-# define ESM_MAIL	1	/* mail back to sender */
-# define ESM_QUIET	2	/* messages have already been returned */
-# define ESM_DEADLETTER	3	/* save in ~/dead.letter */
-# define ESM_POSTMASTER	4	/* return to postmaster */
-# define ESM_USRTMP	5	/* save in /usr/tmp/dead.letter */
-# define ESM_PANIC	6	/* leave the locked queue/transcript files */
-# define ESM_DONE	7	/* the message is successfully delivered */
+#define ESM_REPORT		0	/* report to sender's terminal */
+#define ESM_MAIL		1	/* mail back to sender */
+#define ESM_QUIET		2	/* mail has already been returned */
+#define ESM_DEADLETTER		3	/* save in ~/dead.letter */
+#define ESM_POSTMASTER		4	/* return to postmaster */
+#define ESM_DEADLETTERDROP	5	/* save in DeadLetterDrop */
+#define ESM_PANIC		6	/* call loseqfile() */
+#define ESM_DONE		7	/* message is successfully delivered */
 
 
 void
@@ -61,13 +66,12 @@ savemail(e, sendbody)
 	register char *p;
 	MCI mcibuf;
 	int flags;
-	char buf[MAXLINE+1];
-	extern char *ttypath __P((void));
-	extern bool writable __P((char *, ADDRESS *, int));
+	long sff;
+	char buf[MAXLINE + 1];
 
 	if (tTd(6, 1))
 	{
-		printf("\nsavemail, errormode = %c, id = %s, ExitStat = %d\n  e_from=",
+		dprintf("\nsavemail, errormode = %c, id = %s, ExitStat = %d\n  e_from=",
 			e->e_errormode, e->e_id == NULL ? "NONE" : e->e_id,
 			ExitStat);
 		printaddr(&e->e_from, FALSE);
@@ -90,7 +94,7 @@ savemail(e, sendbody)
 		if (parseaddr(e->e_sender, &e->e_from,
 			      RF_COPYPARSE|RF_SENDERADDR, '\0', NULL, e) == NULL)
 		{
-			syserr("553 Cannot parse Postmaster!");
+			syserr("553 5.3.5 Cannot parse Postmaster!");
 			finis(TRUE, EX_SOFTWARE);
 		}
 	}
@@ -107,6 +111,8 @@ savemail(e, sendbody)
 	**	ESM_MAIL	Mail response to the sender.
 	**	ESM_DEADLETTER	Save response in ~/dead.letter.
 	**	ESM_POSTMASTER	Mail response to the postmaster.
+	**	ESM_DEADLETTERDROP
+	**			If DeadLetterDrop set, save it there.
 	**	ESM_PANIC	Save response anywhere possible.
 	*/
 
@@ -132,7 +138,8 @@ savemail(e, sendbody)
 		return;
 
 	  default:
-		syserr("554 savemail: bogus errormode x%x\n", e->e_errormode);
+		syserr("554 5.3.0 savemail: bogus errormode x%x\n",
+		       e->e_errormode);
 		state = ESM_MAIL;
 		break;
 	}
@@ -152,7 +159,7 @@ savemail(e, sendbody)
 	while (state != ESM_DONE)
 	{
 		if (tTd(6, 5))
-			printf("  state %d\n", state);
+			dprintf("  state %d\n", state);
 
 		switch (state)
 		{
@@ -182,24 +189,17 @@ savemail(e, sendbody)
 			printf("Errors occurred while sending mail.\r\n");
 			if (e->e_xfp != NULL)
 			{
-				(void) fflush(e->e_xfp);
-				fp = fopen(queuename(e, 'x'), "r");
+				(void) bfrewind(e->e_xfp);
+				printf("Transcript follows:\r\n");
+				while (fgets(buf, sizeof buf, e->e_xfp) != NULL &&
+				       !ferror(stdout))
+					(void) fputs(buf, stdout);
 			}
 			else
-				fp = NULL;
-			if (fp == NULL)
 			{
 				syserr("Cannot open %s", queuename(e, 'x'));
 				printf("Transcript of session is unavailable.\r\n");
 			}
-			else
-			{
-				printf("Transcript follows:\r\n");
-				while (fgets(buf, sizeof buf, fp) != NULL &&
-				       !ferror(stdout))
-					fputs(buf, stdout);
-				(void) xfclose(fp, "savemail transcript", e->e_id);
-			}
 			printf("Original message will be saved in dead.letter.\r\n");
 			state = ESM_DEADLETTER;
 			break;
@@ -231,14 +231,14 @@ savemail(e, sendbody)
 			if (!emptyaddr(&e->e_from))
 			{
 				char from[TOBUFSIZE];
-				extern bool pruneroute __P((char *));
 
-				if (strlen(e->e_from.q_paddr) + 1 > sizeof from)
+				if (strlen(e->e_from.q_paddr) >= sizeof from)
 				{
 					state = ESM_POSTMASTER;
 					break;
 				}
-				strcpy(from, e->e_from.q_paddr);
+				(void) strlcpy(from, e->e_from.q_paddr,
+					       sizeof from);
 
 				if (!DontPruneRoutes && pruneroute(from))
 				{
@@ -248,7 +248,7 @@ savemail(e, sendbody)
 					     a = a->q_next)
 					{
 						if (sameaddr(a, &e->e_from))
-							a->q_flags |= QDONTSEND;
+							a->q_state = QS_DUPLICATE;
 					}
 				}
 				(void) sendtolist(from, NULLADDR,
@@ -267,8 +267,10 @@ savemail(e, sendbody)
 
 			/* check to see if there are any good addresses */
 			for (q = e->e_errorqueue; q != NULL; q = q->q_next)
-				if (!bitset(QBADADDR|QDONTSEND, q->q_flags))
+			{
+				if (QS_IS_SENDABLE(q->q_state))
 					break;
+			}
 			if (q == NULL)
 			{
 				/* this is an error-error */
@@ -294,12 +296,12 @@ savemail(e, sendbody)
 			*/
 
 			q = NULL;
-			if (sendtolist(DoubleBounceAddr,
-				NULLADDR, &q, 0, e) <= 0)
+			expand(DoubleBounceAddr, buf, sizeof buf, e);
+			if (sendtolist(buf, NULLADDR, &q, 0, e) <= 0)
 			{
-				syserr("553 cannot parse %s!", DoubleBounceAddr);
+				syserr("553 5.3.0 cannot parse %s!", buf);
 				ExitStat = EX_SOFTWARE;
-				state = ESM_USRTMP;
+				state = ESM_DEADLETTERDROP;
 				break;
 			}
 			flags = RTSF_PM_BOUNCE;
@@ -312,7 +314,7 @@ savemail(e, sendbody)
 			}
 
 			/* didn't work -- last resort */
-			state = ESM_USRTMP;
+			state = ESM_DEADLETTERDROP;
 			break;
 
 		  case ESM_DEADLETTER:
@@ -342,27 +344,37 @@ savemail(e, sendbody)
 
 			/* we have a home directory; write dead.letter */
 			define('z', p, e);
+
+			/* get the sender for the UnixFromLine */
+			p = macvalue('g', e);
+			define('g', e->e_sender, e);
+
 			expand("\201z/dead.letter", buf, sizeof buf, e);
-			flags = SFF_CREAT|SFF_REGONLY|SFF_RUNASREALUID;
+			sff = SFF_CREAT|SFF_REGONLY|SFF_RUNASREALUID;
 			if (RealUid == 0)
-				flags |= SFF_ROOTOK;
+				sff |= SFF_ROOTOK;
 			e->e_to = buf;
-			if (mailfile(buf, FileMailer, NULL, flags, e) == EX_OK)
+			if (writable(buf, NULL, sff) &&
+			    mailfile(buf, FileMailer, NULL, sff, e) == EX_OK)
 			{
 				int oldverb = Verbose;
 
-				Verbose = 1;
-				message("Saved message in %s", buf);
+				if (OpMode != MD_DAEMON && OpMode != MD_SMTP)
+					Verbose = 1;
+				if (Verbose > 0)
+					message("Saved message in %s", buf);
 				Verbose = oldverb;
+				define('g', p, e);
 				state = ESM_DONE;
 				break;
 			}
+			define('g', p, e);
 			state = ESM_MAIL;
 			break;
 
-		  case ESM_USRTMP:
+		  case ESM_DEADLETTERDROP:
 			/*
-			**  Log the mail in /usr/tmp/dead.letter.
+			**  Log the mail in DeadLetterDrop file.
 			*/
 
 			if (e->e_class < 0)
@@ -372,55 +384,63 @@ savemail(e, sendbody)
 			}
 
 			if ((SafeFileEnv != NULL && SafeFileEnv[0] != '\0') ||
-			    DeadLetterDrop == NULL || DeadLetterDrop[0] == '\0')
+			    DeadLetterDrop == NULL ||
+			    DeadLetterDrop[0] == '\0')
 			{
 				state = ESM_PANIC;
 				break;
 			}
 
-			flags = SFF_CREAT|SFF_REGONLY|SFF_ROOTOK|SFF_OPENASROOT|SFF_MUSTOWN;
-			if (!writable(DeadLetterDrop, NULL, flags) ||
+			sff = SFF_CREAT|SFF_REGONLY|SFF_ROOTOK|SFF_OPENASROOT|SFF_MUSTOWN;
+			if (!writable(DeadLetterDrop, NULL, sff) ||
 			    (fp = safefopen(DeadLetterDrop, O_WRONLY|O_APPEND,
-					    FileMode, flags)) == NULL)
+					    FileMode, sff)) == NULL)
 			{
 				state = ESM_PANIC;
 				break;
 			}
 
-			bzero(&mcibuf, sizeof mcibuf);
+			memset(&mcibuf, '\0', sizeof mcibuf);
 			mcibuf.mci_out = fp;
 			mcibuf.mci_mailer = FileMailer;
 			if (bitnset(M_7BITS, FileMailer->m_flags))
 				mcibuf.mci_flags |= MCIF_7BIT;
-			mcibuf.mci_contentlen = 0;
+
+			/* get the sender for the UnixFromLine */
+			p = macvalue('g', e);
+			define('g', e->e_sender, e);
 
 			putfromline(&mcibuf, e);
 			(*e->e_puthdr)(&mcibuf, e->e_header, e, M87F_OUTER);
 			(*e->e_putbody)(&mcibuf, e, NULL);
 			putline("\n", &mcibuf);
 			(void) fflush(fp);
-			if (ferror(fp))
+			if (ferror(fp) ||
+			    fclose(fp) < 0)
 				state = ESM_PANIC;
 			else
 			{
 				int oldverb = Verbose;
 
-				Verbose = 1;
-				message("Saved message in %s", DeadLetterDrop);
+				if (OpMode != MD_DAEMON && OpMode != MD_SMTP)
+					Verbose = 1;
+				if (Verbose > 0)
+					message("Saved message in %s",
+						DeadLetterDrop);
 				Verbose = oldverb;
 				if (LogLevel > 3)
 					sm_syslog(LOG_NOTICE, e->e_id,
-						"Saved message in %s",
-						DeadLetterDrop);
+						  "Saved message in %s",
+						  DeadLetterDrop);
 				state = ESM_DONE;
 			}
-			(void) xfclose(fp, "savemail", DeadLetterDrop);
+			define('g', p, e);
 			break;
 
 		  default:
-			syserr("554 savemail: unknown state %d", state);
+			syserr("554 5.3.5 savemail: unknown state %d", state);
 
-			/* fall through ... */
+			/* FALLTHROUGH */
 
 		  case ESM_PANIC:
 			/* leave the locked queue & transcript files around */
@@ -467,22 +487,21 @@ returntosender(msg, returnq, flags, e)
 	register ADDRESS *q;
 	char *p;
 	char buf[MAXNAME + 1];
-	extern void errbody __P((MCI *, ENVELOPE *, char *));
 
 	if (returnq == NULL)
-		return (-1);
+		return -1;
 
 	if (msg == NULL)
 		msg = "Unable to deliver mail";
 
 	if (tTd(6, 1))
 	{
-		printf("\n*** Return To Sender: msg=\"%s\", depth=%d, e=%lx, returnq=",
-		       msg, returndepth, (u_long) e);
+		dprintf("\n*** Return To Sender: msg=\"%s\", depth=%d, e=%lx, returnq=",
+			msg, returndepth, (u_long) e);
 		printaddr(returnq, TRUE);
 		if (tTd(6, 20))
 		{
-			printf("Sendq=");
+			dprintf("Sendq=");
 			printaddr(e->e_sendqueue, TRUE);
 		}
 	}
@@ -490,76 +509,119 @@ returntosender(msg, returnq, flags, e)
 	if (++returndepth >= MAXRETURNS)
 	{
 		if (returndepth != MAXRETURNS)
-			syserr("554 returntosender: infinite recursion on %s", returnq->q_paddr);
+			syserr("554 5.3.0 returntosender: infinite recursion on %s",
+			       returnq->q_paddr);
 		/* don't "unrecurse" and fake a clean exit */
 		/* returndepth--; */
-		return (0);
+		return 0;
 	}
 
-	define('g', e->e_from.q_paddr, e);
+	define('g', e->e_sender, e);
 	define('u', NULL, e);
 
 	/* initialize error envelope */
 	ee = newenvelope(&errenvelope, e);
 	define('a', "\201b", ee);
-	define('r', "internal", ee);
+	define('r', "", ee);
 	define('s', "localhost", ee);
 	define('_', "localhost", ee);
+#if SASL
+	define(macid("{auth_type}", NULL), "", ee);
+	define(macid("{auth_authen}", NULL), "", ee);
+	define(macid("{auth_author}", NULL), "", ee);
+	define(macid("{auth_ssf}", NULL), "", ee);
+#endif /* SASL */
+#if STARTTLS
+	define(macid("{cert_issuer}", NULL), "", ee);
+	define(macid("{cert_subject}", NULL), "", ee);
+	define(macid("{cipher_bits}", NULL), "", ee);
+	define(macid("{cipher}", NULL), "", ee);
+	define(macid("{tls_version}", NULL), "", ee);
+	define(macid("{verify}", NULL), "", ee);
+# if _FFR_TLS_1
+	define(macid("{alg_bits}", NULL), "", ee);
+	define(macid("{cn_issuer}", NULL), "", ee);
+	define(macid("{cn_subject}", NULL), "", ee);
+# endif /* _FFR_TLS_1 */
+#endif /* STARTTLS */
+
 	ee->e_puthdr = putheader;
 	ee->e_putbody = errbody;
 	ee->e_flags |= EF_RESPONSE|EF_METOO;
 	if (!bitset(EF_OLDSTYLE, e->e_flags))
 		ee->e_flags &= ~EF_OLDSTYLE;
+	if (bitset(EF_DONT_MIME, e->e_flags))
+	{
+		ee->e_flags |= EF_DONT_MIME;
+
+		/*
+		**  If we can't convert to MIME and we don't pass
+		**  8-bit, we can't send the body.
+		*/
+
+		if (bitset(EF_HAS8BIT, e->e_flags) &&
+		    !bitset(MM_PASS8BIT, MimeMode))
+			flags &= ~RTSF_SEND_BODY;
+	}
+
 	ee->e_sendqueue = returnq;
 	ee->e_msgsize = ERRORFUDGE;
-	if (bitset(RTSF_SEND_BODY, flags))
+	if (bitset(RTSF_SEND_BODY, flags) &&
+	    !bitset(PRIV_NOBODYRETN, PrivacyFlags))
 		ee->e_msgsize += e->e_msgsize;
 	else
 		ee->e_flags |= EF_NO_BODY_RETN;
 	initsys(ee);
+
+#if NAMED_BIND
+	_res.retry = TimeOuts.res_retry[RES_TO_FIRST];
+	_res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
+#endif /* NAMED_BIND */
 	for (q = returnq; q != NULL; q = q->q_next)
 	{
-		if (bitset(QBADADDR, q->q_flags))
+		if (QS_IS_BADADDR(q->q_state))
 			continue;
 
 		q->q_flags &= ~(QHASNOTIFY|Q_PINGFLAGS);
 		q->q_flags |= QPINGONFAILURE;
 
-		if (!bitset(QDONTSEND, q->q_flags))
+		if (!QS_IS_DEAD(q->q_state))
 			ee->e_nrcpts++;
 
 		if (q->q_alias == NULL)
-			addheader("To", q->q_paddr, &ee->e_header);
+			addheader("To", q->q_paddr, 0, &ee->e_header);
 	}
 
 	if (LogLevel > 5)
 	{
-		if (bitset(EF_RESPONSE|EF_WARNING, e->e_flags))
+		if (bitset(EF_RESPONSE, e->e_flags))
 			p = "return to sender";
+		else if (bitset(EF_WARNING, e->e_flags))
+			p = "sender notify";
 		else if (bitset(RTSF_PM_BOUNCE, flags))
 			p = "postmaster notify";
 		else
 			p = "DSN";
 		sm_syslog(LOG_INFO, e->e_id,
-			"%s: %s: %s",
-			ee->e_id, p, shortenstring(msg, MAXSHORTSTR));
+			  "%s: %s: %s",
+			  ee->e_id, p, shortenstring(msg, MAXSHORTSTR));
 	}
 
 	if (SendMIMEErrors)
 	{
-		addheader("MIME-Version", "1.0", &ee->e_header);
+		addheader("MIME-Version", "1.0", 0, &ee->e_header);
 
 		(void) snprintf(buf, sizeof buf, "%s.%ld/%.100s",
-			ee->e_id, curtime(), MyHostName);
+				ee->e_id, curtime(), MyHostName);
 		ee->e_msgboundary = newstr(buf);
 		(void) snprintf(buf, sizeof buf,
 #if DSN
-			"multipart/report; report-type=delivery-status;\n\tboundary=\"%s\"",
-#else
-			"multipart/mixed; boundary=\"%s\"",
-#endif
-			ee->e_msgboundary);
-		addheader("Content-Type", buf, &ee->e_header);
+				"multipart/report; report-type=delivery-status;\n\tboundary=\"%s\"",
+#else /* DSN */
+				"multipart/mixed; boundary=\"%s\"",
+#endif /* DSN */
+				ee->e_msgboundary);
+		addheader("Content-Type", buf, 0, &ee->e_header);
 
 		p = hvalue("Content-Transfer-Encoding", e->e_header);
 		if (p != NULL && strcasecmp(p, "binary") != 0)
@@ -567,48 +629,50 @@ returntosender(msg, returnq, flags, e)
 		if (p == NULL && bitset(EF_HAS8BIT, e->e_flags))
 			p = "8bit";
 		if (p != NULL)
-			addheader("Content-Transfer-Encoding", p, &ee->e_header);
+			addheader("Content-Transfer-Encoding",
+				  p, 0, &ee->e_header);
 	}
 	if (strncmp(msg, "Warning:", 8) == 0)
 	{
-		addheader("Subject", msg, &ee->e_header);
+		addheader("Subject", msg, 0, &ee->e_header);
 		p = "warning-timeout";
 	}
 	else if (strncmp(msg, "Postmaster warning:", 19) == 0)
 	{
-		addheader("Subject", msg, &ee->e_header);
+		addheader("Subject", msg, 0, &ee->e_header);
 		p = "postmaster-warning";
 	}
 	else if (strcmp(msg, "Return receipt") == 0)
 	{
-		addheader("Subject", msg, &ee->e_header);
+		addheader("Subject", msg, 0, &ee->e_header);
 		p = "return-receipt";
 	}
 	else if (bitset(RTSF_PM_BOUNCE, flags))
 	{
-		snprintf(buf, sizeof buf, "Postmaster notify: %.*s",
-			sizeof buf - 20, msg);
-		addheader("Subject", buf, &ee->e_header);
+		snprintf(buf, sizeof buf,
+			 "Postmaster notify: see transcript for details");
+		addheader("Subject", buf, 0, &ee->e_header);
 		p = "postmaster-notification";
 	}
 	else
 	{
-		snprintf(buf, sizeof buf, "Returned mail: %.*s",
-			sizeof buf - 20, msg);
-		addheader("Subject", buf, &ee->e_header);
+		snprintf(buf, sizeof buf,
+			 "Returned mail: see transcript for details");
+		addheader("Subject", buf, 0, &ee->e_header);
 		p = "failure";
 	}
 	(void) snprintf(buf, sizeof buf, "auto-generated (%s)", p);
-	addheader("Auto-Submitted", buf, &ee->e_header);
+	addheader("Auto-Submitted", buf, 0, &ee->e_header);
 
 	/* fake up an address header for the from person */
 	expand("\201n", buf, sizeof buf, e);
-	if (parseaddr(buf, &ee->e_from, RF_COPYALL|RF_SENDERADDR, '\0', NULL, e) == NULL)
+	if (parseaddr(buf, &ee->e_from,
+		      RF_COPYALL|RF_SENDERADDR, '\0', NULL, e) == NULL)
 	{
-		syserr("553 Can't parse myself!");
+		syserr("553 5.3.5 Can't parse myself!");
 		ExitStat = EX_SOFTWARE;
 		returndepth--;
-		return (-1);
+		return -1;
 	}
 	ee->e_from.q_flags &= ~(QHASNOTIFY|Q_PINGFLAGS);
 	ee->e_from.q_flags |= QPINGONFAILURE;
@@ -632,11 +696,12 @@ returntosender(msg, returnq, flags, e)
 	returndepth--;
 
 	/* check for delivery errors */
-	if (ee->e_parent == NULL || !bitset(EF_RESPONSE, ee->e_parent->e_flags))
+	if (ee->e_parent == NULL ||
+	    !bitset(EF_RESPONSE, ee->e_parent->e_flags))
 		return 0;
 	for (q = ee->e_sendqueue; q != NULL; q = q->q_next)
 	{
-		if (bitset(QQUEUEUP|QSENT, q->q_flags))
+		if (QS_IS_ATTEMPTED(q->q_state))
 			return 0;
 	}
 	return -1;
@@ -659,18 +724,20 @@ returntosender(msg, returnq, flags, e)
 **		Outputs the body of an error message.
 */
 
-void
+/* ARGSUSED2 */
+static void
 errbody(mci, e, separator)
 	register MCI *mci;
 	register ENVELOPE *e;
 	char *separator;
 {
-	register FILE *xfile;
-	char *p;
-	register ADDRESS *q = NULL;
 	bool printheader;
 	bool sendbody;
 	bool pm_notify;
+	int save_errno;
+	register FILE *xfile;
+	char *p;
+	register ADDRESS *q = NULL;
 	char buf[MAXLINE];
 
 	if (bitset(MCIF_INHEADER, mci->mci_flags))
@@ -709,8 +776,10 @@ errbody(mci, e, separator)
 	else
 	{
 		for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next)
-			if (bitset(QBADADDR, q->q_flags))
+		{
+			if (QS_IS_BADADDR(q->q_state))
 				break;
+		}
 	}
 	if (!pm_notify && q == NULL &&
 	    !bitset(EF_FATALERRS|EF_SENDRECEIPT, e->e_parent->e_flags))
@@ -726,33 +795,40 @@ errbody(mci, e, separator)
 		putline("", mci);
 	}
 	snprintf(buf, sizeof buf, "The original message was received at %s",
-		arpadate(ctime(&e->e_parent->e_ctime)));
+		 arpadate(ctime(&e->e_parent->e_ctime)));
 	putline(buf, mci);
 	expand("from \201_", buf, sizeof buf, e->e_parent);
 	putline(buf, mci);
+
+	/* include id in postmaster copies */
+	if (pm_notify && e->e_parent->e_id != NULL)
+	{
+		snprintf(buf, sizeof buf, "with id %s", e->e_parent->e_id);
+		putline(buf, mci);
+	}
 	putline("", mci);
 
 	/*
 	**  Output error message header (if specified and available).
 	*/
 
-	if (ErrMsgFile != NULL && !bitset(EF_SENDRECEIPT, e->e_parent->e_flags))
+	if (ErrMsgFile != NULL &&
+	    !bitset(EF_SENDRECEIPT, e->e_parent->e_flags))
 	{
 		if (*ErrMsgFile == '/')
 		{
-			int sff = SFF_ROOTOK|SFF_REGONLY;
+			long sff = SFF_ROOTOK|SFF_REGONLY;
 
 			if (DontLockReadFiles)
 				sff |= SFF_NOLOCK;
-			if (!bitset(DBS_ERRORHEADERINUNSAFEDIRPATH, DontBlameSendmail))
+			if (!bitnset(DBS_ERRORHEADERINUNSAFEDIRPATH,
+				     DontBlameSendmail))
 				sff |= SFF_SAFEDIRPATH;
 			xfile = safefopen(ErrMsgFile, O_RDONLY, 0444, sff);
 			if (xfile != NULL)
 			{
 				while (fgets(buf, sizeof buf, xfile) != NULL)
 				{
-					extern void translate_dollars __P((char *));
-
 					translate_dollars(buf);
 					expand(buf, buf, sizeof buf, e);
 					putline(buf, mci);
@@ -776,7 +852,7 @@ errbody(mci, e, separator)
 	printheader = TRUE;
 	for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next)
 	{
-		if (!bitset(QBADADDR, q->q_flags) ||
+		if (!QS_IS_BADADDR(q->q_state) ||
 		    !bitset(QPINGONFAILURE, q->q_flags))
 			continue;
 
@@ -790,10 +866,18 @@ errbody(mci, e, separator)
 		snprintf(buf, sizeof buf, "%s",
 			 shortenstring(q->q_paddr, MAXSHORTSTR));
 		putline(buf, mci);
+		if (q->q_rstatus != NULL)
+		{
+			snprintf(buf, sizeof buf, "    (reason: %s)",
+				 shortenstring(exitstat(q->q_rstatus),
+					       MAXSHORTSTR));
+			putline(buf, mci);
+		}
 		if (q->q_alias != NULL)
 		{
 			snprintf(buf, sizeof buf, "    (expanded from: %s)",
-				shortenstring(q->q_alias->q_paddr, MAXSHORTSTR));
+				 shortenstring(q->q_alias->q_paddr,
+					       MAXSHORTSTR));
 			putline(buf, mci);
 		}
 	}
@@ -803,7 +887,7 @@ errbody(mci, e, separator)
 	printheader = TRUE;
 	for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next)
 	{
-		if (bitset(QBADADDR, q->q_flags) ||
+		if (QS_IS_BADADDR(q->q_state) ||
 		    !bitset(QPRIMARY, q->q_flags) ||
 		    !bitset(QDELAYED, q->q_flags))
 			continue;
@@ -821,7 +905,8 @@ errbody(mci, e, separator)
 		if (q->q_alias != NULL)
 		{
 			snprintf(buf, sizeof buf, "    (expanded from: %s)",
-				shortenstring(q->q_alias->q_paddr, MAXSHORTSTR));
+				 shortenstring(q->q_alias->q_paddr,
+					       MAXSHORTSTR));
 			putline(buf, mci);
 		}
 	}
@@ -831,7 +916,7 @@ errbody(mci, e, separator)
 	printheader = TRUE;
 	for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next)
 	{
-		if (bitset(QBADADDR, q->q_flags) ||
+		if (QS_IS_BADADDR(q->q_state) ||
 		    !bitset(QPRIMARY, q->q_flags) ||
 		    bitset(QDELAYED, q->q_flags))
 			continue;
@@ -859,12 +944,13 @@ errbody(mci, e, separator)
 		}
 
 		snprintf(buf, sizeof buf, "%s  (%s)",
-			shortenstring(q->q_paddr, MAXSHORTSTR), p);
+			 shortenstring(q->q_paddr, MAXSHORTSTR), p);
 		putline(buf, mci);
 		if (q->q_alias != NULL)
 		{
 			snprintf(buf, sizeof buf, "    (expanded from: %s)",
-				shortenstring(q->q_alias->q_paddr, MAXSHORTSTR));
+				 shortenstring(q->q_alias->q_paddr,
+					       MAXSHORTSTR));
 			putline(buf, mci);
 		}
 	}
@@ -876,25 +962,25 @@ errbody(mci, e, separator)
 	*/
 
 	(void) fflush(stdout);
-	p = queuename(e->e_parent, 'x');
-	if ((xfile = fopen(p, "r")) == NULL)
+	if (e->e_parent->e_xfp == NULL)
 	{
-		syserr("Cannot open %s", p);
-		putline("   ----- Transcript of session is unavailable -----\n", mci);
+		putline("   ----- Transcript of session is unavailable -----\n",
+			mci);
 	}
 	else
 	{
 		printheader = TRUE;
+		(void) bfrewind(e->e_parent->e_xfp);
 		if (e->e_xfp != NULL)
 			(void) fflush(e->e_xfp);
-		while (fgets(buf, sizeof buf, xfile) != NULL)
+		while (fgets(buf, sizeof buf, e->e_parent->e_xfp) != NULL)
 		{
 			if (printheader)
-				putline("   ----- Transcript of session follows -----\n", mci);
+				putline("   ----- Transcript of session follows -----\n",
+					mci);
 			printheader = FALSE;
 			putline(buf, mci);
 		}
-		(void) xfclose(xfile, "errbody xscript", p);
 	}
 	errno = 0;
 
@@ -918,8 +1004,9 @@ errbody(mci, e, separator)
 		/* original envelope id from MAIL FROM: line */
 		if (e->e_parent->e_envid != NULL)
 		{
-			(void) snprintf(buf, sizeof buf, "Original-Envelope-Id: %.800s",
-				xuntextify(e->e_parent->e_envid));
+			(void) snprintf(buf, sizeof buf,
+					"Original-Envelope-Id: %.800s",
+					xuntextify(e->e_parent->e_envid));
 			putline(buf, mci);
 		}
 
@@ -936,14 +1023,15 @@ errbody(mci, e, separator)
 			if (e->e_parent->e_from.q_mailer == NULL ||
 			    (p = e->e_parent->e_from.q_mailer->m_mtatype) == NULL)
 				p = "dns";
-			(void) snprintf(buf, sizeof buf, "Received-From-MTA: %s; %.800s",
-				p, RealHostName);
+			(void) snprintf(buf, sizeof buf,
+					"Received-From-MTA: %s; %.800s",
+					p, RealHostName);
 			putline(buf, mci);
 		}
 
 		/* Arrival-Date: -- when it arrived here */
 		(void) snprintf(buf, sizeof buf, "Arrival-Date: %s",
-			arpadate(ctime(&e->e_parent->e_ctime)));
+				arpadate(ctime(&e->e_parent->e_ctime)));
 		putline(buf, mci);
 
 		/*
@@ -955,7 +1043,7 @@ errbody(mci, e, separator)
 			register ADDRESS *r;
 			char *action;
 
-			if (bitset(QBADADDR, q->q_flags))
+			if (QS_IS_BADADDR(q->q_state))
 				action = "failed";
 			else if (!bitset(QPRIMARY, q->q_flags))
 				continue;
@@ -980,8 +1068,9 @@ errbody(mci, e, separator)
 			/* Original-Recipient: -- passed from on high */
 			if (q->q_orcpt != NULL)
 			{
-				(void) snprintf(buf, sizeof buf, "Original-Recipient: %.800s",
-					q->q_orcpt);
+				(void) snprintf(buf, sizeof buf,
+						"Original-Recipient: %.800s",
+						q->q_orcpt);
 				putline(buf, mci);
 			}
 
@@ -991,40 +1080,71 @@ errbody(mci, e, separator)
 				p = "rfc822";
 			for (r = q; r->q_alias != NULL; r = r->q_alias)
 				continue;
-			if (strchr(r->q_user, '@') != NULL)
+			if (strcasecmp(p, "rfc822") != 0)
+			{
+				(void) snprintf(buf, sizeof buf,
+						"Final-Recipient: %s; %.800s",
+						r->q_mailer->m_addrtype,
+						r->q_user);
+			}
+			else if (strchr(r->q_user, '@') != NULL)
 			{
 				(void) snprintf(buf, sizeof buf,
-					"Final-Recipient: %s; %.800s",
-					p, r->q_user);
+						"Final-Recipient: %s; %.800s",
+						p, r->q_user);
 			}
 			else if (strchr(r->q_paddr, '@') != NULL)
 			{
+				char *qp;
+				bool b;
+
+				qp = r->q_paddr;
+				/* strip brackets from address */
+				b = FALSE;
+				if (*qp == '<')
+				{
+					b = qp[strlen(qp) - 1]  == '>';
+					if (b)
+						qp[strlen(qp) - 1] = '\0';
+					qp++;
+				}
 				(void) snprintf(buf, sizeof buf,
-					"Final-Recipient: %s; %.800s",
-					p, r->q_paddr);
+						"Final-Recipient: %s; %.800s",
+						p, qp);
+				/* undo damage */
+				if (b)
+					qp[strlen(qp)] = '>';
 			}
 			else
 			{
 				(void) snprintf(buf, sizeof buf,
-					"Final-Recipient: %s; %.700s@%.100s",
-					p, r->q_user, MyHostName);
+						"Final-Recipient: %s; %.700s@%.100s",
+						p, r->q_user, MyHostName);
 			}
 			putline(buf, mci);
 
 			/* X-Actual-Recipient: -- the real problem address */
 			if (r != q && q->q_user[0] != '\0')
 			{
-				if (strchr(q->q_user, '@') == NULL)
+				if (q->q_mailer != NULL &&
+				    q->q_mailer->m_addrtype != NULL)
+					p = q->q_mailer->m_addrtype;
+				else
+					p = "rfc822";
+
+				if (strcasecmp(p, "rfc822") == 0 &&
+				    strchr(q->q_user, '@') == NULL)
 				{
 					(void) snprintf(buf, sizeof buf,
-						"X-Actual-Recipient: %s; %.700s@%.100s",
-						p, q->q_user, MyHostName);
+							"X-Actual-Recipient: %s; %.700s@%.100s",
+							p, q->q_user,
+							MyHostName);
 				}
 				else
 				{
 					(void) snprintf(buf, sizeof buf,
-						"X-Actual-Recipient: %s; %.800s",
-						p, q->q_user);
+							"X-Actual-Recipient: %s; %.800s",
+							p, q->q_user);
 				}
 				putline(buf, mci);
 			}
@@ -1036,9 +1156,9 @@ errbody(mci, e, separator)
 			/* Status: -- what _really_ happened? */
 			if (q->q_status != NULL)
 				p = q->q_status;
-			else if (bitset(QBADADDR, q->q_flags))
+			else if (QS_IS_BADADDR(q->q_state))
 				p = "5.0.0";
-			else if (bitset(QQUEUEUP, q->q_flags))
+			else if (QS_IS_QUEUEUP(q->q_state))
 				p = "4.0.0";
 			else
 				p = "2.0.0";
@@ -1052,8 +1172,8 @@ errbody(mci, e, separator)
 				    (p = q->q_mailer->m_mtatype) == NULL)
 					p = "dns";
 				(void) snprintf(buf, sizeof buf,
-					"Remote-MTA: %s; %.800s",
-					p, q->q_statmta);
+						"Remote-MTA: %s; %.800s",
+						p, q->q_statmta);
 				p = &buf[strlen(buf) - 1];
 				if (*p == '.')
 					*p = '\0';
@@ -1067,8 +1187,8 @@ errbody(mci, e, separator)
 				if (p == NULL)
 					p = "smtp";
 				(void) snprintf(buf, sizeof buf,
-					"Diagnostic-Code: %s; %.800s",
-					p, q->q_rstatus);
+						"Diagnostic-Code: %s; %.800s",
+						p, q->q_rstatus);
 				putline(buf, mci);
 			}
 
@@ -1076,26 +1196,25 @@ errbody(mci, e, separator)
 			if (q->q_statdate == (time_t) 0L)
 				q->q_statdate = curtime();
 			(void) snprintf(buf, sizeof buf,
-				"Last-Attempt-Date: %s",
-				arpadate(ctime(&q->q_statdate)));
+					"Last-Attempt-Date: %s",
+					arpadate(ctime(&q->q_statdate)));
 			putline(buf, mci);
 
 			/* Will-Retry-Until: -- for delayed messages only */
-			if (bitset(QQUEUEUP, q->q_flags) &&
-			    !bitset(QBADADDR, q->q_flags))
+			if (QS_IS_QUEUEUP(q->q_state))
 			{
 				time_t xdate;
 
 				xdate = e->e_parent->e_ctime +
 					TimeOuts.to_q_return[e->e_parent->e_timeoutclass];
 				snprintf(buf, sizeof buf,
-					"Will-Retry-Until: %s",
-					arpadate(ctime(&xdate)));
+					 "Will-Retry-Until: %s",
+					 arpadate(ctime(&xdate)));
 				putline(buf, mci);
 			}
 		}
 	}
-#endif
+#endif /* DSN */
 
 	/*
 	**  Output text of original message
@@ -1113,33 +1232,37 @@ errbody(mci, e, separator)
 				putline("   ----- Original message follows -----\n", mci);
 			else
 				putline("   ----- Message header follows -----\n", mci);
-			(void) fflush(mci->mci_out);
 		}
 		else
 		{
 			(void) snprintf(buf, sizeof buf, "--%s",
-				e->e_msgboundary);
+					e->e_msgboundary);
 
 			putline(buf, mci);
 			(void) snprintf(buf, sizeof buf, "Content-Type: %s",
-				sendbody ? "message/rfc822"
-					 : "text/rfc822-headers");
+					sendbody ? "message/rfc822"
+						 : "text/rfc822-headers");
 			putline(buf, mci);
 
-			p = hvalue("Content-Transfer-Encoding", e->e_parent->e_header);
+			p = hvalue("Content-Transfer-Encoding",
+				   e->e_parent->e_header);
 			if (p != NULL && strcasecmp(p, "binary") != 0)
 				p = NULL;
-			if (p == NULL && bitset(EF_HAS8BIT, e->e_parent->e_flags))
+			if (p == NULL &&
+			    bitset(EF_HAS8BIT, e->e_parent->e_flags))
 				p = "8bit";
 			if (p != NULL)
 			{
-				(void) snprintf(buf, sizeof buf, "Content-Transfer-Encoding: %s",
-					p);
+				(void) snprintf(buf, sizeof buf,
+						"Content-Transfer-Encoding: %s",
+						p);
 				putline(buf, mci);
 			}
 		}
 		putline("", mci);
+		save_errno = errno;
 		putheader(mci, e->e_parent->e_header, e->e_parent, M87F_OUTER);
+		errno = save_errno;
 		if (sendbody)
 			putbody(mci, e->e_parent, e->e_msgboundary);
 		else if (e->e_msgboundary == NULL)
@@ -1160,6 +1283,7 @@ errbody(mci, e, separator)
 		putline(buf, mci);
 	}
 	putline("", mci);
+	(void) fflush(mci->mci_out);
 
 	/*
 	**  Cleanup and exit
@@ -1293,8 +1417,8 @@ xtextify(t, taboo)
 		    strchr(taboo, c) != NULL)
 		{
 			*p++ = '+';
-			*p++ = "0123456789abcdef"[c >> 4];
-			*p++ = "0123456789abcdef"[c & 0xf];
+			*p++ = "0123456789ABCDEF"[c >> 4];
+			*p++ = "0123456789ABCDEF"[c & 0xf];
 		}
 		else
 			*p++ = c;
@@ -1421,22 +1545,22 @@ xtextok(s)
 }
 /*
 **  PRUNEROUTE -- prune an RFC-822 source route
-** 
+**
 **	Trims down a source route to the last internet-registered hop.
 **	This is encouraged by RFC 1123 section 5.3.3.
-** 
+**
 **	Parameters:
 **		addr -- the address
-** 
+**
 **	Returns:
 **		TRUE -- address was modified
 **		FALSE -- address could not be pruned
-** 
+**
 **	Side Effects:
 **		modifies addr in-place
 */
 
-bool
+static bool
 pruneroute(addr)
 	char *addr;
 {
@@ -1460,14 +1584,14 @@ pruneroute(addr)
 	i = strlen(at + 1);
 	if (i >= (SIZE_T) sizeof hostbuf)
 		return FALSE;
-	strcpy(hostbuf, at + 1);
+	(void) strlcpy(hostbuf, at + 1, sizeof hostbuf);
 	hostbuf[i - 1] = '\0';
 
 	while (start)
 	{
-		if (getmxrr(hostbuf, mxhosts, FALSE, &rcode) > 0)
+		if (getmxrr(hostbuf, mxhosts, NULL, FALSE, &rcode) > 0)
 		{
-			strcpy(addr + 1, start + 1);
+			(void) strlcpy(addr + 1, start + 1, strlen(addr) - 1);
 			return TRUE;
 		}
 		c = *start;
@@ -1475,12 +1599,12 @@ pruneroute(addr)
 		comma = strrchr(addr, ',');
 		if (comma != NULL && comma[1] == '@' &&
 		    strlen(comma + 2) < (SIZE_T) sizeof hostbuf)
-			strcpy(hostbuf, comma + 2);
+			(void) strlcpy(hostbuf, comma + 2, sizeof hostbuf);
 		else
 			comma = NULL;
 		*start = c;
 		start = comma;
 	}
-#endif
+#endif /* NAMED_BIND */
 	return FALSE;
 }
diff --git a/contrib/sendmail/src/sendmail.8 b/contrib/sendmail/src/sendmail.8
index 093b6e6..eb70b7d 100644
--- a/contrib/sendmail/src/sendmail.8
+++ b/contrib/sendmail/src/sendmail.8
@@ -1,580 +1,685 @@
-.\" Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+.\" Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+.\"      All rights reserved.
 .\" Copyright (c) 1983, 1997 Eric P. Allman.  All rights reserved.
 .\" Copyright (c) 1988, 1991, 1993
-.\"	The Regents of the University of California.  All rights reserved.
+.\"     The Regents of the University of California.  All rights reserved.
 .\"
 .\" By using this file, you agree to the terms and conditions set
 .\" forth in the LICENSE file which can be found at the top level of
 .\" the sendmail distribution.
 .\"
 .\"
-.\"     @(#)sendmail.8	8.20 (Berkeley) 8/2/1998
+.\"     $Id: sendmail.8,v 8.36 2000/02/01 05:49:57 gshapiro Exp $
 .\"
-.Dd August 2, 1998
-.Dt SENDMAIL 8
-.Os BSD 4
-.Sh NAME
-.Nm sendmail
-.Nd an electronic mail transport agent
-.Sh SYNOPSIS
-.Nm sendmail
-.Op Ar flags
-.Op Ar address ...
-.Nm newaliases
-.Nm mailq
-.Op Fl v
-.Sh DESCRIPTION
-.Nm Sendmail
+.TH SENDMAIL 8 "$Date: 2000/02/01 05:49:57 $"
+.SH NAME
+.B sendmail
+\- an electronic mail transport agent
+.SH SYNOPSIS
+.B sendmail
+.RI [ flags "] [" "address ..." ]
+.br
+.B newaliases
+.br
+.B mailq
+.RB [ \-v ]
+.br
+.B hoststat
+.br
+.B purgestat
+.br
+.B smtpd
+.SH DESCRIPTION
+.B Sendmail
 sends a message to one or more
-.Em recipients ,
-routing the message over whatever networks
+.I recipients,
+routing the message over whatever networks 
 are necessary.
-.Nm Sendmail
-does internetwork forwarding as necessary
+.B Sendmail
+does internetwork forwarding as necessary 
 to deliver the message to the correct place.
-.Pp
-.Nm Sendmail
-is not intended as a user interface routine;
-other programs provide user-friendly
+.PP
+.B Sendmail
+is not intended as a user interface routine; 
+other programs provide user-friendly 
 front ends;
-.Nm sendmail
+.B sendmail
 is used only to deliver pre-formatted messages.
-.Pp
+.PP
 With no flags,
-.Nm sendmail
-reads its standard input
-up to an end-of-file
-or a line consisting only of a single dot
+.B sendmail
+reads its standard input 
+up to an end-of-file 
+or a line consisting only of a single dot 
 and sends a copy of the message found there
-to all of the addresses listed.
-It determines the network(s) to use
+to all of the addresses listed.  
+It determines the network(s) to use 
 based on the syntax and contents of the addresses.
-.Pp
-Local addresses are looked up in a file
+.PP
+Local addresses are looked up in a file 
 and aliased appropriately.
-Aliasing can be prevented by preceding the address
+Aliasing can be prevented by preceding the address 
 with a backslash.
-Normally the sender is not included in any alias
-expansions, e.g.,
-if `john' sends to `group',
-and `group' includes `john' in the expansion,
-then the letter will not be delivered to `john'.
-.Ss Parameters
-.Bl -tag -width Fl
-.It Fl B Ns Ar type
+Beginning with 8.10, the sender is included in any alias 
+expansions, e.g., 
+if `john' sends to `group', 
+and `group' includes `john' in the expansion, 
+then the letter will also be delivered to `john'.
+.SS Parameters
+.TP
+.BI \-B type
 Set the body type to
-.Ar type .
-Current legal values
-.Li 7BIT
-or
-.Li 8BITMIME .
-.It Fl ba
-Go into
-.Tn ARPANET
-mode.
-All input lines must end with a CR-LF,
-and all messages will be generated with a CR-LF at the end.
-Also,
-the ``From:'' and ``Sender:''
+.IR type .
+Current legal values are 
+7BIT 
+or  
+8BITMIME.
+.TP
+.B \-ba
+Go into 
+ARPANET 
+mode.  All input lines must end with a CR-LF, 
+and all messages will be generated with a CR-LF at the end.  
+Also, 
+the ``From:'' and ``Sender:'' 
 fields are examined for the name of the sender.
-.It Fl bd
-Run as a daemon.  This requires Berkeley
-.Tn IPC .
-.Nm Sendmail
-will fork and run in background
+.TP
+.B \-bd
+Run as a daemon.  This requires Berkeley 
+IPC.
+.B Sendmail
+will fork and run in background 
 listening on socket 25 for incoming
-.Tn SMTP
-connections.
-This is normally run from
-.Pa /etc/rc .
-.It Fl bD
+SMTP 
+connections.  
+This is normally run from 
+/etc/rc.
+.TP
+.B \-bD
 Same as
-.Fl bd
+.B \-bd
 except runs in foreground.
-.It Fl bh
+.TP
+.B \-bh
 Print the persistent host status database.
-.It Fl bH
-Purge the persistent host status database.
-.It Fl bi
+.TP
+.B \-bH
+Purge expired entries from the persistent host status database.
+.TP
+.B \-bi
 Initialize the alias database.
-.It Fl bm
+.TP
+.B \-bm
 Deliver mail in the usual way (default).
-.It Fl bp
+.TP
+.B \-bp
 Print a listing of the queue.
-.It Fl bs
-Use the
-.Tn SMTP
-protocol as described in
-.Tn RFC821
-on standard input and output.
+.TP
+.B \-bs
+Use the 
+SMTP 
+protocol as described in 
+RFC821 
+on standard input and output.  
 This flag implies all the operations of the
-.Fl ba
-flag that are compatible with
-.Tn SMTP .
-.It Fl bt
-Run in address test mode.
-This mode reads addresses and shows the steps in parsing;
+.B \-ba
+flag that are compatible with 
+SMTP.
+.TP
+.B \-bt
+Run in address test mode.  
+This mode reads addresses and shows the steps in parsing; 
 it is used for debugging configuration tables.
-.It Fl bv
+.TP
+.B \-bv
 Verify names only \- do not try to collect or deliver a message.
-Verify mode is normally used for validating
+Verify mode is normally used for validating 
 users or mailing lists.
-.It Fl C Ns Ar file
+.TP
+.BI \-C file
 Use alternate configuration file.
-.Nm Sendmail
+.B Sendmail
 refuses to run as root if an alternate configuration file is specified.
-.It Fl d Ns Ar X
+.TP
+.BI \-d X
 Set debugging value to
-.Ar X .
+.IR X .
 .ne 1i
-.It Fl F Ns Ar fullname
+.TP
+.BI \-F fullname
 Set the full name of the sender.
-.It Fl f Ns Ar name
-Sets the name of the ``from'' person
-(i.e., the sender of the mail).
-.Fl f
-can only be used
-by ``trusted'' users
+.TP
+.BI \-f name
+Sets the name of the ``from'' person 
+(i.e., the envelope sender of the mail).
+This address may also be used in the From: header
+if that header is missing during initial submission.
+The envelope sender address is used as the recipient
+for delivery status notifications
+and may also appear in a Return-Path: header.
+.B \-f
+should only be used 
+by ``trusted'' users 
 (normally
-.Em root ,
-.Em daemon ,
+.IR root ", " daemon ,
 and
-.Em network )
-or if the person you are trying to become
+.IR network )
+or if the person you are trying to become 
 is the same as the person you are.
-.It Fl h Ns Ar N
+Otherwise,
+an X-Authentication-Warning header
+will be added to the message.
+.TP
+.BI \-h N
 Set the hop count to
-.Ar N .
-The hop count is incremented every time the mail is
+.IR N .
+The hop count is incremented every time the mail is 
 processed.
-When it reaches a limit,
+When it reaches a limit, 
 the mail is returned with an error message,
-the victim of an aliasing loop.
-If not specified,
+the victim of an aliasing loop.  
+If not specified, 
 ``Received:'' lines in the message are counted.
-.It Fl i
+.TP
+.B \-i
 Ignore dots alone on lines by themselves in incoming messages.
 This should be set if you are reading data from a file.
-.It Fl N Ar dsn
+.TP
+.BI "\-L " tag
+Set the identifier used in syslog messages to the supplied
+.IR tag .
+.TP
+.BI "\-N " dsn
 Set delivery status notification conditions to
-.Ar dsn,
-which can be
-.Ql never
-for no notifications
-or a comma separated list of the values
-.Ql failure
-to be notified if delivery failed,
-.Ql delay
-to be notified if delivery is delayed, and
-.Ql success
+.IR dsn ,
+which can be 
+`never' 
+for no notifications 
+or a comma separated list of the values 
+`failure' 
+to be notified if delivery failed, 
+`delay'
+to be notified if delivery is delayed, and 
+`success' 
 to be notified when the message is successfully delivered.
-.It Fl n
+.TP
+.B \-n
 Don't do aliasing.
-.It Fl O Ar option Ns = Ns Em value
+.TP
+\fB\-O\fP \fIoption\fR=\fIvalue\fR 
 Set option
-.Ar option
+.I option
 to the specified
-.Em value .
-This form uses long names.
-See below for more details.
-.It Fl o Ns Ar x Em value
+.IR value .
+This form uses long names.  See below for more details.
+.TP
+.BI \-o "x value"
 Set option
-.Ar x
+.I x
 to the specified
-.Em value .
-This form uses single character names only.
-The short names are not described in this manual page;
+.IR value .
+This form uses single character names only.  
+The short names are not described in this manual page; 
 see the
-.%T "Sendmail Installation and Operation Guide"
+.I "Sendmail Installation and Operation Guide"
 for details.
-.It Fl p Ns Ar protocol
-Set the name of the protocol used to receive the message.
-This can be a simple protocol name such as ``UUCP''
+.TP
+.BI \-p protocol
+Set the name of the protocol used to receive the message.  
+This can be a simple protocol name such as ``UUCP'' 
 or a protocol and hostname, such as ``UUCP:ucbvax''.
-.It Fl q Ns Bq Ar time
-Processed saved messages in the queue at given intervals.
+.TP
+\fB\-q\fR[\fItime\fR] 
+Processed saved messages in the queue at given intervals.  
 If
-.Ar time
-is omitted,
-process the queue once.
-.Xr Time
-is given as a tagged number,
-with
-.Ql s
-being seconds,
-.Ql m
-being minutes,
-.Ql h
-being hours,
-.Ql d
-being days,
-and
-.Ql w
+.I time
+is omitted, process the queue once.
+.I Time
+is given as a tagged number, 
+with 
+`s' 
+being seconds, 
+`m' 
+being minutes, 
+`h' 
+being hours, 
+`d' 
+being days, 
+and 
+`w' 
 being weeks.
-For example,
-.Ql \-q1h30m
-or
-.Ql \-q90m
+For example, 
+`\-q1h30m' 
+or 
+`\-q90m' 
 would both set the timeout to one hour thirty minutes.
 If
-.Ar time
+.I time
 is specified,
-.Nm sendmail
-will run in background.
+.B sendmail
+will run in the background.  
 This option can be used safely with
-.Fl bd .
-.It Fl qI Ns Ar substr
+.BR \-bd .
+.TP
+.BI \-qI substr
 Limit processed jobs to those containing
-.Ar substr
+.I substr
 as a substring of the queue id.
-.It Fl qR Ns Ar substr
+.TP
+.BI \-qR substr
 Limit processed jobs to those containing
-.Ar substr
+.I substr
 as a substring of one of the recipients.
-.It Fl qS Ns Ar substr
+.TP
+.BI \-qS substr
 Limit processed jobs to those containing
-.Ar substr
+.I substr
 as a substring of the sender.
-.It Fl R Ar return
-Set the amount of the message to be returned
+.TP
+.BI "\-R " return
+Set the amount of the message to be returned 
 if the message bounces.
 The
-.Ar return
-parameter can be
-.Ql full
-to return the entire message or
-.Ql hdrs
-to return only the headers.
-.It Fl r Ns Ar name
+.I return
+parameter can be 
+`full' 
+to return the entire message or 
+`hdrs' 
+to return only the headers.  
+In the latter case also local bounces return only the headers.
+.TP
+.BI \-r name
 An alternate and obsolete form of the
-.Fl f
+.B \-f
 flag.
-.It Fl t
-Read message for recipients.
-To:, Cc:, and Bcc: lines will be scanned for recipient addresses.
+.TP
+.B \-t
+Read message for recipients.  
+To:, Cc:, and Bcc: lines will be scanned for recipient addresses.  
 The Bcc: line will be deleted before transmission.
-.It Fl U
-Initial (user) submission.
-This should
-.Em always
+.TP
+.B \-U
+Initial (user) submission.  This should
+.I always
 be set when called from a user agent such as
-.Nm Mail
+.B Mail
 or
-.Nm exmh
+.B exmh
 and
-.Em never
+.I never
 be set when called by a network delivery agent such as
-.Nm rmail .
-.It Fl V Ar envid
-Set the original envelope id.
-This is propagated across SMTP to servers that support DSNs
+.BR rmail .
+.TP
+.BI "\-V " envid
+Set the original envelope id.  
+This is propagated across SMTP to servers that support DSNs 
 and is returned in DSN-compliant error messages.
-.It Fl v
-Go into verbose mode.
+.TP
+.B \-v
+Go into verbose mode.  
 Alias expansions will be announced, etc.
-.It Fl X Ar logfile
+.TP
+.BI "\-X " logfile
 Log all traffic in and out of mailers in the indicated log file.
-This should only be used as a last resort
-for debugging mailer bugs.
+This should only be used as a last resort 
+for debugging mailer bugs.  
 It will log a lot of data very quickly.
-.It Fl -
-Stop processing command flags and use the rest of the arguments
-as addresses.
-.El
-.Ss Options
+.TP
+.B \-\-
+Stop processing command flags and use the rest of the arguments as
+addresses.
+.SS Options
 There are also a number of processing options that may be set.
-Normally these will only be used by a system administrator.
-Options may be set either on the command line
+Normally these will only be used by a system administrator.  
+Options may be set either on the command line 
 using the
-.Fl o
-flag (for short names),
-the
-.Fl O
-flag (for long names),
-or in the configuration file.
+.B \-o
+flag (for short names), the
+.B \-O
+flag (for long names), 
+or in the configuration file.  
 This is a partial list limited to those options that are likely to be useful
-on the command line
-and only shows the long names;
+on the command line 
+and only shows the long names; 
 for a complete list (and details), consult the
-.%T "Sendmail Installation and Operation Guide" .
+.IR "Sendmail Installation and Operation Guide" .
 The options are:
-.Bl -tag -width Fl
-.It Li AliasFile= Ns Ar file
+.TP
+.RI AliasFile= file
 Use alternate alias file.
-.It Li HoldExpensive
-On mailers that are considered ``expensive'' to connect to,
-don't initiate immediate connection.
+.TP
+HoldExpensive 
+On mailers that are considered ``expensive'' to connect to, 
+don't initiate immediate connection.  
 This requires queueing.
-.It Li CheckpointInterval= Ns Ar N
+.TP
+.RI CheckpointInterval= N
 Checkpoint the queue file after every
-.Ar N
-successful deliveries (default 10).
-This avoids excessive duplicate deliveries
-when sending to long mailing lists
+.I N
+successful deliveries (default 10).  
+This avoids excessive duplicate deliveries 
+when sending to long mailing lists 
 interrupted by system crashes.
 .ne 1i
-.It Li DeliveryMode= Ns Ar x
+.TP
+.RI DeliveryMode= x
 Set the delivery mode to
-.Ar x .
-Delivery modes are
-.Ql i
-for interactive (synchronous) delivery,
-.Ql b
-for background (asynchronous) delivery,
-.Ql q
+.IR x .
+Delivery modes are 
+`i' 
+for interactive (synchronous) delivery, 
+`b'
+for background (asynchronous) delivery, 
+`q' 
 for queue only \- i.e.,
-actual delivery is done the next time the queue is run, and
-.Ql d
-for deferred \- the same as
-.Ql q
-except that database lookups (notably DNS and NIS lookups) are avoided.
-.It Li ErrorMode= Ns Ar x
+actual delivery is done the next time the queue is run, and 
+`d'
+for deferred \- the same as 
+`q' 
+except that database lookups for maps which have set the \-D option
+(default for the host map) are avoided.
+.TP
+.RI ErrorMode= x
 Set error processing to mode
-.Ar x .
-Valid modes are
-.Ql m
-to mail back the error message,
-.Ql w
-to ``write'' back the error message
-(or mail it back if the sender is not logged in),
-.Ql p
-to print the errors on the terminal
-(default),
-.Ql q
-to throw away error messages
-(only exit status is returned),
-and
-.Ql e
-to do special processing for the BerkNet.
-If the text of the message is not mailed back
-by
+.IR x .
+Valid modes are 
+`m' 
+to mail back the error message, 
+`w' 
+to ``write''
+back the error message 
+(or mail it back if the sender is not logged in), 
+`p' 
+to print the errors on the terminal 
+(default), 
+`q' 
+to throw away error messages 
+(only exit status is returned), 
+and 
+`e'
+to do special processing for the BerkNet.  
+If the text of the message is not mailed back 
+by 
 modes
-.Ql m
+`m'
 or
-.Ql w
-and if the sender is local to this machine,
+`w'
+and if the sender is local to this machine, 
 a copy of the message is appended to the file
-.Pa dead.letter
+.I dead.letter
 in the sender's home directory.
-.It Li SaveFromLine
+.TP
+SaveFromLine
 Save
-.Tn UNIX Ns \-style
+UNIX-style
 From lines at the front of messages.
-.It Li MaxHopCount= Ar N
-The maximum number of times a message is allowed to ``hop''
+.TP
+.RI MaxHopCount= N
+The maximum number of times a message is allowed to ``hop'' 
 before we decide it is in a loop.
-.It Li IgnoreDots
-Do not take dots on a line by themselves
+.TP
+IgnoreDots
+Do not take dots on a line by themselves 
 as a message terminator.
-.It Li SendMimeErrors
-Send error messages in MIME format.
-If not set, the DSN (Delivery Status Notification) SMTP extension
+.TP
+SendMimeErrors
+Send error messages in MIME format.  
+If not set, the DSN (Delivery Status Notification) SMTP extension 
 is disabled.
-.It Li ConnectionCacheTimeout= Ns Ar timeout
+.TP
+.RI ConnectionCacheTimeout= timeout
 Set connection cache timeout.
-.It Li ConnectionCacheSize= Ns Ar N
+.TP
+.RI ConnectionCacheSize= N
 Set connection cache size.
-.It Li LogLevel= Ns Ar n
+.TP
+.RI LogLevel= n
 The log level.
-.It Li MeToo
-Send to ``me'' (the sender) also if I am in an alias expansion.
-.It Li CheckAliases
+.TP
+.RI MeToo= False
+Don't send to ``me'' (the sender) if I am in an alias expansion.
+.TP
+CheckAliases
 Validate the right hand side of aliases during a
-.Xr newaliases 1
+newaliases(1)
 command.
-.It Li OldStyleHeaders
-If set, this message may have
-old style headers.
-If not set,
-this message is guaranteed to have new style headers
-(i.e., commas instead of spaces between addresses).
-If set, an adaptive algorithm is used that will correctly
+.TP
+OldStyleHeaders
+If set, this message may have 
+old style headers.  
+If not set, 
+this message is guaranteed to have new style headers 
+(i.e., commas instead of spaces between addresses).  
+If set, an adaptive algorithm is used that will correctly 
 determine the header format in most cases.
-.It Li QueueDirectory= Ns Ar queuedir
+.TP
+.RI QueueDirectory= queuedir
 Select the directory in which to queue messages.
-.It Li StatusFile= Ns Ar file
+.TP
+.RI StatusFile= file
 Save statistics in the named file.
-.It Li Timeout.queuereturn= Ns Ar time
-Set the timeout on undelivered messages in the queue to the specified time.
-After delivery has failed
-(e.g., because of a host being down)
-for this amount of time,
-failed messages will be returned to the sender.
+.TP
+.RI Timeout.queuereturn= time
+Set the timeout on undelivered messages in the queue to the specified time.  
+After delivery has failed 
+(e.g., because of a host being down) 
+for this amount of time, 
+failed messages will be returned to the sender.  
 The default is five days.
-.It Li UserDatabaseSpec= Ns Ar userdatabase
+.TP
+.RI UserDatabaseSpec= userdatabase
 If set, a user database is consulted to get forwarding information.
-You can consider this an adjunct to the aliasing mechanism,
-except that the database is intended to be distributed;
-aliases are local to a particular host.
+You can consider this an adjunct to the aliasing mechanism, 
+except that the database is intended to be distributed; 
+aliases are local to a particular host.  
 This may not be available if your sendmail does not have the
-.Dv USERDB
+USERDB
 option compiled in.
-.It Li ForkEachJob
-Fork each job during queue runs.
+.TP
+ForkEachJob
+Fork each job during queue runs.  
 May be convenient on memory-poor machines.
-.It Li SevenBitInput
+.TP
+SevenBitInput
 Strip incoming messages to seven bits.
-.It Li EightBitMode= Ns Ar mode
+.TP
+.RI EightBitMode= mode
 Set the handling of eight bit input to seven bit destinations to
-.Ar mode :
-.Li m
+.IR mode :
+m
 (mimefy) will convert to seven-bit MIME format,
-.Li p
-(pass) will pass it as eight bits (but violates protocols),
+p
+(pass) will pass it as eight bits (but violates protocols), 
 and
-.Li s
+s
 (strict) will bounce the message.
-.It Li MinQueueAge= Ns Ar timeout
+.TP
+.RI MinQueueAge= timeout
 Sets how long a job must ferment in the queue between attempts to send it.
-.It Li DefaultCharSet= Ns Ar charset
-Sets the default character set used to label 8-bit data
+.TP
+.RI DefaultCharSet= charset
+Sets the default character set used to label 8-bit data 
 that is not otherwise labelled.
-.It Li DialDelay= Ns Ar sleeptime
-If opening a connection fails,
+.TP
+.RI DialDelay= sleeptime
+If opening a connection fails, 
 sleep for
-.Ar sleeptime
-seconds and try again.
+.I sleeptime
+seconds and try again.  
 Useful on dial-on-demand sites.
-.It Li NoRecipientAction= Ns Ar action
-Set the behaviour when there are no recipient headers (To:, Cc: or Bcc:)
-in the message to
-.Ar action :
-.Li none
+.TP
+.RI NoRecipientAction= action
+Set the behaviour when there are no recipient headers (To:, Cc: or
+Bcc:) in the message to
+.IR action :
+none
 leaves the message unchanged,
-.Li add-to
+add-to
 adds a To: header with the envelope recipients,
-.Li add-apparently-to
+add-apparently-to
 adds an Apparently-To: header with the envelope recipients,
-.Li add-bcc
+add-bcc
 adds an empty Bcc: header, and
-.Li add-to-undisclosed
+add-to-undisclosed
 adds a header reading
-.Ql "To: undisclosed-recipients:;" .
-.It Li MaxDaemonChildren= Ns Ar N
+`To: undisclosed-recipients:;'.
+.TP
+.RI MaxDaemonChildren= N
 Sets the maximum number of children that an incoming SMTP daemon
 will allow to spawn at any time to
-.Ar N .
-.It Li ConnectionRateThrottle= Ns Ar N
+.IR N .
+.TP
+.RI ConnectionRateThrottle= N
 Sets the maximum number of connections per second to the SMTP port to
-.Ar N .
-.El
-.Pp
-In aliases,
-the first character of a name may be
-a vertical bar to cause interpretation of
-the rest of the name as a command
-to pipe the mail to.
-It may be necessary to quote the name
+.IR N .
+.PP
+In aliases, 
+the first character of a name may be 
+a vertical bar to cause interpretation of 
+the rest of the name as a command 
+to pipe the mail to.  
+It may be necessary to quote the name 
 to keep
-.Nm sendmail
-from suppressing the blanks from between arguments.
+.B sendmail
+from suppressing the blanks from between arguments. 
 For example, a common alias is:
-.Pp
-.Bd -literal -offset indent -compact
+.IP
 msgs: "|/usr/bin/msgs -s"
-.Ed
-.Pp
+.PP
 Aliases may also have the syntax
-.Dq :include: Ns Ar filename
+.RI ``:include: filename ''
 to ask
-.Xr sendmail
-to read the named file for a list of recipients.
+.B sendmail
+to read the named file for a list of recipients.  
 For example, an alias such as:
-.Pp
-.Bd -literal -offset indent -compact
+.IP
 poets: ":include:/usr/local/lib/poets.list"
-.Ed
-.Pp
+.PP
 would read
-.Pa /usr/local/lib/poets.list
+.I /usr/local/lib/poets.list
 for the list of addresses making up the group.
-.Pp
-.Nm Sendmail
-returns an exit status
-describing what it did.
+.PP
+.B Sendmail
+returns an exit status 
+describing what it did.  
 The codes are defined in
-.Aq Pa sysexits.h :
-.Bl -tag -width EX_UNAVAILABLE -compact -offset indent
-.It Dv EX_OK
+.RI < sysexits.h >:
+.TP
+EX_OK
 Successful completion on all addresses.
-.It Dv EX_NOUSER
+.TP
+EX_NOUSER
 User name not recognized.
-.It Dv EX_UNAVAILABLE
-Catchall meaning necessary resources
+.TP
+EX_UNAVAILABLE
+Catchall meaning necessary resources 
 were not available.
-.It Dv EX_SYNTAX
+.TP
+EX_SYNTAX
 Syntax error in address.
-.It Dv EX_SOFTWARE
-Internal software error,
+.TP
+EX_SOFTWARE
+Internal software error, 
 including bad arguments.
-.It Dv EX_OSERR
-Temporary operating system error,
+.TP
+EX_OSERR
+Temporary operating system error, 
 such as
-.Dq cannot fork .
-.It Dv EX_NOHOST
+``cannot fork''.
+.TP
+EX_NOHOST
 Host name not recognized.
-.It Dv EX_TEMPFAIL
-Message could not be sent immediately,
+.TP
+EX_TEMPFAIL
+Message could not be sent immediately, 
 but was queued.
-.El
-.Pp
+.PP
 If invoked as
-.Nm newaliases ,
-.Nm sendmail
-will rebuild the alias database.
-If invoked as
-.Nm mailq ,
-.Nm sendmail
+.BR newaliases ,
+.B sendmail
+will rebuild the alias database.  If invoked as
+.BR mailq ,
+.B sendmail
 will print the contents of the mail queue.
-.Sh FILES
+If invoked as
+.BR hoststat ,
+.B sendmail
+will print the persistent host status database.
+If invoked as
+.BR purgestat ,
+.B sendmail
+will purge expired entries from the persistent host status database.
+If invoked as
+.BR smtpd ,
+.B sendmail
+will act as a daemon, as if the
+.B \-bd
+option were specified.
+.SH NOTES
+.B sendmail
+often gets blamed for many problems
+that are actually the result of other problems,
+such as overly permissive modes on directories.
+For this reason,
+.B sendmail
+checks the modes on system directories and files
+to determine if they can be trusted.
+Although these checks can be turned off
+and your system security reduced by setting the
+.BR DontBlameSendmail
+option,
+the permission problems should be fixed.
+For more information, see:
+
+.I http://www.sendmail.org/tips/DontBlameSendmail.html
+.SH FILES
 Except for the file
-.Pa /etc/sendmail.cf
-itself and the daemon process ID file,
-the following pathnames are all specified in
-.Pa /etc/sendmail.cf.
-Thus,
+.I /etc/mail/sendmail.cf
+itself the following pathnames are all specified in
+.IR /etc/mail/sendmail.cf .
+Thus, 
 these values are only approximations.
-.Pp
-.Bl -tag -width /usr/lib/sendmail.fc -compact
-.It Pa /etc/aliases
+.PP
+.TP
+ /etc/mail/aliases
 raw data for alias names
-.It Pa /etc/aliases.db
+.TP
+ /etc/mail/aliases.db
 data base of alias names
-.It Pa /etc/sendmail.cf
+.TP
+ /etc/mail/sendmail.cf
 configuration file
-.It Pa /etc/sendmail.hf
+.TP
+ /etc/mail/helpfile
 help file
-.It Pa /var/log/sendmail.st
+.TP
+ /etc/mail/statistics
 collected statistics
-.It Pa /var/spool/mqueue/*
+.TP
+ /var/spool/mqueue/*
 temp files
-.El
-.Sh SEE ALSO
-.Xr binmail 1 ,
-.Xr mail 1 ,
-.Xr rmail 1 ,
-.Xr syslog 3 ,
-.Xr aliases 5 ,
-.Xr mailaddr 7 ,
-.Xr rc 8 ;
-.Pp
-DARPA
+.SH SEE ALSO
+binmail(1),
+mail(1),
+rmail(1),
+syslog(3),
+aliases(5),
+mailaddr(7),
+rc(8)
+.PP
+DARPA 
 Internet Request For Comments
-.%T RFC819 ,
-.%T RFC821 ,
-.%T RFC822 .
-.Rs
-.%T "Sendmail \- An Internetwork Mail Router"
-.%V SMM
-.%N \&No. 9
-.Re
-.Rs
-.%T "Sendmail Installation and Operation Guide"
-.%V SMM
-.%N \&No. 8
-.Re
-.Sh HISTORY
+.IR RFC819 ,
+.IR RFC821 ,
+.IR RFC822 .
+.IR "Sendmail \- An Internetwork Mail Router" ,
+No. 9, SMM.
+.IR "Sendmail Installation and Operation Guide" ,
+No. 8, SMM.
+.PP
+http://www.sendmail.org/
+.SH HISTORY
 The
-.Nm
+.B sendmail
 command appeared in
-.Bx 4.2 .
+4.2BSD.
diff --git a/contrib/sendmail/src/sendmail.h b/contrib/sendmail/src/sendmail.h
index ff2697e..e199d66 100644
--- a/contrib/sendmail/src/sendmail.h
+++ b/contrib/sendmail/src/sendmail.h
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -7,78 +8,128 @@
  * By using this file, you agree to the terms and conditions set
  * forth in the LICENSE file which can be found at the top level of
  * the sendmail distribution.
- *
- *
- *	@(#)sendmail.h	8.295 (Berkeley) 1/26/1999
  */
 
 /*
-**  SENDMAIL.H -- Global definitions for sendmail.
+**  SENDMAIL.H -- MTA-specific definitions for sendmail.
 */
 
-# ifdef _DEFINE
+#ifndef _SENDMAIL_H
+#define _SENDMAIL_H 1
+
+#ifdef _DEFINE
 # define EXTERN
 # ifndef lint
-static char SmailSccsId[] =	"@(#)sendmail.h	8.295		1/26/1999";
-# endif
-# else /*  _DEFINE */
+static char SmailId[] =	"@(#)$Id: sendmail.h,v 8.517.4.28 2000/07/18 02:24:44 gshapiro Exp $";
+# endif /* ! lint */
+#else /* _DEFINE */
 # define EXTERN extern
-# endif /* _DEFINE */
+#endif /* _DEFINE */
+
+
+#include <unistd.h>
+
+#if SFIO
+# include <sfio/stdio.h>
+# if defined(SFIO_VERSION) && SFIO_VERSION > 20000000L
+   ERROR README: SFIO 2000 does not work with sendmail, use SFIO 1999 instead.
+# endif /* defined(SFIO_VERSION) && SFIO_VERSION > 20000000L */
+#endif /* SFIO */
 
-# include <unistd.h>
-# include <stddef.h>
-# include <stdlib.h>
+#include <stddef.h>
+#include <stdlib.h>
+#if !SFIO
 # include <stdio.h>
-# include <ctype.h>
-# include <setjmp.h>
-# include <string.h>
-# include <time.h>
-# include <errno.h>
+#endif /* !SFIO */
+#include <ctype.h>
+#include <setjmp.h>
+#include <string.h>
+#include <time.h>
 # ifdef EX_OK
 #  undef EX_OK			/* for SVr4.2 SMP */
-# endif
-# include <sysexits.h>
+# endif /* EX_OK */
+#include <sysexits.h>
 
-# include "conf.h"
-# include "useful.h"
+#include "sendmail/sendmail.h"
+#include "bf.h"
+#include "timers.h"
 
-# ifdef LOG
+#ifdef LOG
 # include <syslog.h>
-# endif /* LOG */
+#endif /* LOG */
 
-# if NETINET || NETUNIX || NETISO || NETNS || NETX25
-# include <sys/socket.h>
-# endif
+
+
+# if NETINET || NETINET6 || NETUNIX || NETISO || NETNS || NETX25
+#  include <sys/socket.h>
+# endif /* NETINET || NETINET6 || NETUNIX || NETISO || NETNS || NETX25 */
 # if NETUNIX
-# include <sys/un.h>
-# endif
-# if NETINET
-# include <netinet/in.h>
-# endif
+#  include <sys/un.h>
+# endif /* NETUNIX */
+# if NETINET || NETINET6
+#  include <netinet/in.h>
+# endif /* NETINET || NETINET6 */
+# if NETINET6
+/*
+**  There is no standard yet for IPv6 includes.
+**  Specify OS specific implementation in conf.h
+*/
+# endif /* NETINET6 */
 # if NETISO
-# include <netiso/iso.h>
-# endif
+#  include <netiso/iso.h>
+# endif /* NETISO */
 # if NETNS
-# include <netns/ns.h>
-# endif
+#  include <netns/ns.h>
+# endif /* NETNS */
 # if NETX25
-# include <netccitt/x25.h>
-# endif
-
-#if NAMED_BIND
-# include <arpa/nameser.h>
-# ifdef NOERROR
-#  undef NOERROR		/* avoid <sys/streams.h> conflict */
-# endif
-#endif
-
-#ifdef HESIOD
-# include <hesiod.h>
-# if !defined(HES_ER_OK) || defined(HESIOD_INTERFACES)
-#  define HESIOD_INIT		/* support for the new interface */
-EXTERN void	*HesiodContext;
-# endif
-#endif
+#  include <netccitt/x25.h>
+# endif /* NETX25 */
+
+# if NAMED_BIND
+#  include <arpa/nameser.h>
+#  ifdef NOERROR
+#   undef NOERROR		/* avoid <sys/streams.h> conflict */
+#  endif /* NOERROR */
+#  include <resolv.h>
+# endif /* NAMED_BIND */
+
+# ifdef HESIOD
+#  include <hesiod.h>
+#  if !defined(HES_ER_OK) || defined(HESIOD_INTERFACES)
+#   define HESIOD_INIT		/* support for the new interface */
+#  endif /* !defined(HES_ER_OK) || defined(HESIOD_INTERFACES) */
+# endif /* HESIOD */
+
+#if STARTTLS
+# if !SFIO && !_FFR_TLS_TOREK
+  ERROR README: STARTTLS requires SFIO
+# endif /* !SFIO && !_FFR_TLS_TOREK */
+# if SFIO && _FFR_TLS_TOREK
+  ERROR README: Can not do both SFIO and _FFR_TLS_TOREK
+# endif /* SFIO && _FFR_TLS_TOREK */
+#  include <openssl/ssl.h>
+#endif /* STARTTLS */
+
+#if SASL  /* include the sasl include files if we have them */
+# include <sasl.h>
+# if defined(SASL_VERSION_MAJOR) && defined(SASL_VERSION_MINOR) && defined(SASL_VERSION_STEP)
+#  define SASL_VERSION (SASL_VERSION_MAJOR * 10000)  + (SASL_VERSION_MINOR * 100) + SASL_VERSION_STEP
+#  if SASL == 1
+#   undef SASL
+#   define SASL SASL_VERSION
+#  else /* SASL == 1 */
+#   if SASL != SASL_VERSION
+  ERROR README: -DSASL (SASL) does not agree with the version of the CYRUS_SASL library (SASL_VERSION)
+  ERROR README: see README!
+#   endif /* SASL != SASL_VERSION */
+#  endif /* SASL == 1 */
+# else /* defined(SASL_VERSION_MAJOR) && defined(SASL_VERSION_MINOR) && defined(SASL_VERSION_STEP) */
+#  if SASL == 1
+  ERROR README: please set -DSASL to the version of the CYRUS_SASL library
+  ERROR README: see README!
+#  endif /* SASL == 1 */
+# endif /* defined(SASL_VERSION_MAJOR) && defined(SASL_VERSION_MINOR) && defined(SASL_VERSION_STEP) */
+#endif /* SASL */
 
 /*
 **  Following are "sort of" configuration constants, but they should
@@ -91,56 +142,30 @@ EXTERN void	*HesiodContext;
 
 #ifndef INADDRSZ
 # define INADDRSZ	4		/* size of an IPv4 address in bytes */
-#endif
+#endif /* ! INADDRSZ */
+#ifndef IN6ADDRSZ
+# define IN6ADDRSZ	16		/* size of an IPv6 address in bytes */
+#endif /* ! IN6ADDRSZ */
 #ifndef INT16SZ
 # define INT16SZ	2		/* size of a 16 bit integer in bytes */
-#endif
+#endif /* ! INT16SZ */
 #ifndef INT32SZ
 # define INT32SZ	4		/* size of a 32 bit integer in bytes */
-#endif
-
-
-
-/* forward references for prototypes */
-typedef struct envelope	ENVELOPE;
-typedef struct mailer	MAILER;
-
+#endif /* ! INT32SZ */
 
 /*
-**  Data structure for bit maps.
-**
-**	Each bit in this map can be referenced by an ascii character.
-**	This is 256 possible bits, or 32 8-bit bytes.
+**  Error return from inet_addr(3), in case not defined in /usr/include.
 */
 
-#define BITMAPBYTES	32	/* number of bytes in a bit map */
-#define BYTEBITS	8	/* number of bits in a byte */
-
-/* internal macros */
-#define _BITWORD(bit)	((bit) / (BYTEBITS * sizeof (int)))
-#define _BITBIT(bit)	(1 << ((bit) % (BYTEBITS * sizeof (int))))
-
-typedef int	BITMAP[BITMAPBYTES / sizeof (int)];
-
-/* test bit number N */
-#define bitnset(bit, map)	((map)[_BITWORD(bit)] & _BITBIT(bit))
-
-/* set bit number N */
-#define setbitn(bit, map)	(map)[_BITWORD(bit)] |= _BITBIT(bit)
-
-/* clear bit number N */
-#define clrbitn(bit, map)	(map)[_BITWORD(bit)] &= ~_BITBIT(bit)
-
-/* clear an entire bit map */
-#define clrbitmap(map)		bzero((char *) map, BITMAPBYTES)
+#ifndef INADDR_NONE
+# define INADDR_NONE	0xffffffff
+#endif /* ! INADDR_NONE */
 
 
-/*
-**  Utility macros
-*/
+/* forward references for prototypes */
+typedef struct envelope	ENVELOPE;
+typedef struct mailer	MAILER;
 
-/* return number of bytes left in a buffer */
-#define SPACELEFT(buf, ptr)	(sizeof buf - ((ptr) - buf))
 /*
 **  Address structure.
 **	Addresses are stored internally in this structure.
@@ -167,50 +192,97 @@ struct address
 	char		*q_rstatus;	/* remote status message for DSNs */
 	time_t		q_statdate;	/* date of status messages */
 	char		*q_statmta;	/* MTA generating q_rstatus */
+	short		q_state;	/* address state, see below */
 	short		q_specificity;	/* how "specific" this address is */
 };
 
 typedef struct address ADDRESS;
 
-# define QDONTSEND	0x00000001	/* don't send to this address */
-# define QBADADDR	0x00000002	/* this address is verified bad */
-# define QGOODUID	0x00000004	/* the q_uid q_gid fields are good */
-# define QPRIMARY	0x00000008	/* set from RCPT or argv */
-# define QQUEUEUP	0x00000010	/* queue for later transmission */
-# define QSENT		0x00000020	/* has been successfully delivered */
-# define QNOTREMOTE	0x00000040	/* address not for remote forwarding */
-# define QSELFREF	0x00000080	/* this address references itself */
-# define QVERIFIED	0x00000100	/* verified, but not expanded */
-# define QBOGUSSHELL	0x00000400	/* user has no valid shell listed */
-# define QUNSAFEADDR	0x00000800	/* address aquired via unsafe path */
-# define QPINGONSUCCESS	0x00001000	/* give return on successful delivery */
-# define QPINGONFAILURE	0x00002000	/* give return on failure */
-# define QPINGONDELAY	0x00004000	/* give return on message delay */
-# define QHASNOTIFY	0x00008000	/* propogate notify parameter */
-# define QRELAYED	0x00010000	/* DSN: relayed to non-DSN aware sys */
-# define QEXPANDED	0x00020000	/* DSN: undergone list expansion */
-# define QDELIVERED	0x00040000	/* DSN: successful final delivery */
-# define QDELAYED	0x00080000	/* DSN: message delayed */
-# define QTHISPASS	0x40000000	/* temp: address set this pass */
-# define QRCPTOK	0x80000000	/* recipient() processed address */
-
-# define Q_PINGFLAGS	(QPINGONSUCCESS|QPINGONFAILURE|QPINGONDELAY)
-
-# define NULLADDR	((ADDRESS *) NULL)
+/* bit values for q_flags */
+#define QGOODUID	0x00000001	/* the q_uid q_gid fields are good */
+#define QPRIMARY	0x00000002	/* set from RCPT or argv */
+#define QNOTREMOTE	0x00000004	/* address not for remote forwarding */
+#define QSELFREF	0x00000008	/* this address references itself */
+#define QBOGUSSHELL	0x00000010	/* user has no valid shell listed */
+#define QUNSAFEADDR	0x00000020	/* address acquired via unsafe path */
+#define QPINGONSUCCESS	0x00000040	/* give return on successful delivery */
+#define QPINGONFAILURE	0x00000080	/* give return on failure */
+#define QPINGONDELAY	0x00000100	/* give return on message delay */
+#define QHASNOTIFY	0x00000200	/* propogate notify parameter */
+#define QRELAYED	0x00000400	/* DSN: relayed to non-DSN aware sys */
+#define QEXPANDED	0x00000800	/* DSN: undergone list expansion */
+#define QDELIVERED	0x00001000	/* DSN: successful final delivery */
+#define QDELAYED	0x00002000	/* DSN: message delayed */
+#define QALIAS		0x00004000	/* expanded alias */
+#define QTHISPASS	0x40000000	/* temp: address set this pass */
+#define QRCPTOK		0x80000000	/* recipient() processed address */
+
+#define Q_PINGFLAGS	(QPINGONSUCCESS|QPINGONFAILURE|QPINGONDELAY)
+
+/* values for q_state */
+#define QS_OK		0		/* address ok (for now)/not yet tried */
+#define QS_SENT		1		/* good address, delivery complete */
+#define QS_BADADDR	2		/* illegal address */
+#define QS_QUEUEUP	3		/* save address in queue */
+#define QS_VERIFIED	4		/* verified, but not expanded */
+#define QS_DONTSEND	5		/* don't send to this address */
+#define QS_EXPANDED	6		/* expanded */
+#define QS_SENDER	7		/* message sender (MeToo) */
+#define QS_CLONED	8		/* addr cloned to a split envelope */
+#define QS_DISCARDED	9		/* recipient discarded (EF_DISCARD) */
+#define QS_REPLACED	10		/* maplocaluser()/UserDB replaced */
+#define QS_REMOVED	11		/* removed (removefromlist()) */
+#define QS_DUPLICATE	12		/* duplicate suppressed */
+#define QS_INCLUDED	13		/* :include: delivery */
+
+/* address state testing primitives */
+#define QS_IS_OK(s)		((s) == QS_OK)
+#define QS_IS_SENT(s)		((s) == QS_SENT)
+#define QS_IS_BADADDR(s)	((s) == QS_BADADDR)
+#define QS_IS_QUEUEUP(s)	((s) == QS_QUEUEUP)
+#define QS_IS_VERIFIED(s)	((s) == QS_VERIFIED)
+#define QS_IS_EXPANDED(s)	((s) == QS_EXPANDED)
+#define QS_IS_REMOVED(s)	((s) == QS_REMOVED)
+#define QS_IS_UNDELIVERED(s)	((s) == QS_OK || \
+				 (s) == QS_QUEUEUP || \
+				 (s) == QS_VERIFIED)
+#define QS_IS_SENDABLE(s)	((s) == QS_OK || \
+				 (s) == QS_QUEUEUP)
+#define QS_IS_ATTEMPTED(s)	((s) == QS_QUEUEUP || \
+				 (s) == QS_SENT)
+#define QS_IS_DEAD(s)		((s) == QS_DONTSEND || \
+				 (s) == QS_CLONED || \
+				 (s) == QS_SENDER || \
+				 (s) == QS_DISCARDED || \
+				 (s) == QS_REPLACED || \
+				 (s) == QS_REMOVED || \
+				 (s) == QS_DUPLICATE || \
+				 (s) == QS_INCLUDED || \
+				 (s) == QS_EXPANDED)
+
+
+#define NULLADDR	((ADDRESS *) NULL)
+
+extern ADDRESS	NullAddress;	/* a null (template) address [main.c] */
 
 /* functions */
+extern void	cataddr __P((char **, char **, char *, int, int));
+extern char	*crackaddr __P((char *));
+extern bool	emptyaddr __P((ADDRESS *));
+extern ADDRESS	*getctladdr __P((ADDRESS *));
+extern int	include __P((char *, bool, ADDRESS *, ADDRESS **, int, ENVELOPE *));
+extern bool	invalidaddr __P((char *, char *));
 extern ADDRESS	*parseaddr __P((char *, ADDRESS *, int, int, char **, ENVELOPE *));
-extern ADDRESS	*buildaddr __P((char **, ADDRESS *, int, ENVELOPE *));
-extern ADDRESS	*recipient __P((ADDRESS *, ADDRESS **, int, ENVELOPE *));
 extern char	**prescan __P((char *, int, char[], int, char **, u_char *));
-extern int	rewrite __P((char **, int, int, ENVELOPE *));
+extern void	printaddr __P((ADDRESS *, bool));
+extern ADDRESS	*recipient __P((ADDRESS *, ADDRESS **, int, ENVELOPE *));
 extern char	*remotename __P((char *, MAILER *, int, int *, ENVELOPE *));
-extern ADDRESS	*getctladdr __P((ADDRESS *));
+extern int	rewrite __P((char **, int, int, ENVELOPE *));
 extern bool	sameaddr __P((ADDRESS *, ADDRESS *));
-extern bool	emptyaddr __P((ADDRESS *));
-extern void	printaddr __P((ADDRESS *, bool));
-extern void	cataddr __P((char **, char **, char *, int, int));
 extern int	sendtolist __P((char *, ADDRESS *, ADDRESS **, int, ENVELOPE *));
+extern int	removefromlist __P((char *, ADDRESS **, ENVELOPE *));
+extern void	setsender __P((char *, ENVELOPE *, char **, int, bool));
+
 /*
 **  Mailer definition structure.
 **	Every mailer known to the system is declared in this
@@ -230,7 +302,7 @@ struct mailer
 	char	*m_mtatype;	/* type of this MTA */
 	char	*m_addrtype;	/* type for addresses */
 	char	*m_diagtype;	/* type for diagnostics */
-	BITMAP	m_flags;	/* status flags, see below */
+	BITMAP256 m_flags;	/* status flags, see below */
 	short	m_mno;		/* mailer number internally */
 	short	m_nice;		/* niceness to run at (mostly for prog) */
 	char	**m_argv;	/* template argument vector */
@@ -241,92 +313,104 @@ struct mailer
 	char	*m_eol;		/* end of line string */
 	long	m_maxsize;	/* size limit on message to this mailer */
 	int	m_linelimit;	/* max # characters per line */
+	int	m_maxdeliveries; /* max deliveries per mailer connection */
 	char	*m_execdir;	/* directory to chdir to before execv */
+	char	*m_rootdir;	/* directory to chroot to before execv */
 	uid_t	m_uid;		/* UID to run as */
 	gid_t	m_gid;		/* GID to run as */
 	char	*m_defcharset;	/* default character set */
+	time_t	m_wait;		/* timeout to wait for end */
+#if _FFR_DYNAMIC_TOBUF
+	int	m_maxrcpt;	/* max recipients per envelope client-side */
+#endif /* _FFR_DYNAMIC_TOBUF */
 };
 
 /* bits for m_flags */
-# define M_ESMTP	'a'	/* run Extended SMTP protocol */
-# define M_ALIASABLE	'A'	/* user can be LHS of an alias */
-# define M_BLANKEND	'b'	/* ensure blank line at end of message */
-# define M_NOCOMMENT	'c'	/* don't include comment part of address */
-# define M_CANONICAL	'C'	/* make addresses canonical "u@dom" */
-# define M_NOBRACKET	'd'	/* never angle bracket envelope route-addrs */
+#define M_ESMTP		'a'	/* run Extended SMTP protocol */
+#define M_ALIASABLE	'A'	/* user can be LHS of an alias */
+#define M_BLANKEND	'b'	/* ensure blank line at end of message */
+#define M_NOCOMMENT	'c'	/* don't include comment part of address */
+#define M_CANONICAL	'C'	/* make addresses canonical "u@dom" */
+#define M_NOBRACKET	'd'	/* never angle bracket envelope route-addrs */
 		/*	'D'	   CF: include Date: */
-# define M_EXPENSIVE	'e'	/* it costs to use this mailer.... */
-# define M_ESCFROM	'E'	/* escape From lines to >From */
-# define M_FOPT		'f'	/* mailer takes picky -f flag */
+#define M_EXPENSIVE	'e'	/* it costs to use this mailer.... */
+#define M_ESCFROM	'E'	/* escape From lines to >From */
+#define M_FOPT		'f'	/* mailer takes picky -f flag */
 		/*	'F'	   CF: include From: or Resent-From: */
-# define M_NO_NULL_FROM	'g'	/* sender of errors should be $g */
-# define M_HST_UPPER	'h'	/* preserve host case distinction */
-# define M_PREHEAD	'H'	/* MAIL11V3: preview headers */
-# define M_UDBENVELOPE	'i'	/* do udbsender rewriting on envelope */
-# define M_INTERNAL	'I'	/* SMTP to another sendmail site */
-# define M_UDBRECIPIENT	'j'	/* do udbsender rewriting on recipient lines */
-# define M_NOLOOPCHECK	'k'	/* don't check for loops in HELO command */
-# define M_CHUNKING	'K'	/* CHUNKING: reserved for future use */
-# define M_LOCALMAILER	'l'	/* delivery is to this host */
-# define M_LIMITS	'L'	/* must enforce SMTP line limits */
-# define M_MUSER	'm'	/* can handle multiple users at once */
+#define M_NO_NULL_FROM	'g'	/* sender of errors should be $g */
+#define M_HST_UPPER	'h'	/* preserve host case distinction */
+#define M_PREHEAD	'H'	/* MAIL11V3: preview headers */
+#define M_UDBENVELOPE	'i'	/* do udbsender rewriting on envelope */
+#define M_INTERNAL	'I'	/* SMTP to another sendmail site */
+#define M_UDBRECIPIENT	'j'	/* do udbsender rewriting on recipient lines */
+#define M_NOLOOPCHECK	'k'	/* don't check for loops in HELO command */
+#define M_CHUNKING	'K'	/* CHUNKING: reserved for future use */
+#define M_LOCALMAILER	'l'	/* delivery is to this host */
+#define M_LIMITS	'L'	/* must enforce SMTP line limits */
+#define M_MUSER		'm'	/* can handle multiple users at once */
 		/*	'M'	   CF: include Message-Id: */
-# define M_NHDR		'n'	/* don't insert From line */
-# define M_MANYSTATUS	'N'	/* MAIL11V3: DATA returns multi-status */
-# define M_RUNASRCPT	'o'	/* always run mailer as recipient */
-# define M_FROMPATH	'p'	/* use reverse-path in MAIL FROM: */
+#define M_NHDR		'n'	/* don't insert From line */
+#define M_MANYSTATUS	'N'	/* MAIL11V3: DATA returns multi-status */
+#define M_RUNASRCPT	'o'	/* always run mailer as recipient */
+#define M_FROMPATH	'p'	/* use reverse-path in MAIL FROM: */
 		/*	'P'	   CF: include Return-Path: */
-# define M_VRFY250	'q'	/* VRFY command returns 250 instead of 252 */
-# define M_ROPT		'r'	/* mailer takes picky -r flag */
-# define M_SECURE_PORT	'R'	/* try to send on a reserved TCP port */
-# define M_STRIPQ	's'	/* strip quote chars from user/host */
-# define M_SPECIFIC_UID	'S'	/* run as specific uid/gid */
-# define M_USR_UPPER	'u'	/* preserve user case distinction */
-# define M_UGLYUUCP	'U'	/* this wants an ugly UUCP from line */
-# define M_CONTENT_LEN	'v'	/* add Content-Length: header (SVr4) */
+#define M_VRFY250	'q'	/* VRFY command returns 250 instead of 252 */
+#define M_ROPT		'r'	/* mailer takes picky -r flag */
+#define M_SECURE_PORT	'R'	/* try to send on a reserved TCP port */
+#define M_STRIPQ	's'	/* strip quote chars from user/host */
+#define M_SPECIFIC_UID	'S'	/* run as specific uid/gid */
+#define M_USR_UPPER	'u'	/* preserve user case distinction */
+#define M_UGLYUUCP	'U'	/* this wants an ugly UUCP from line */
+#define M_CONTENT_LEN	'v'	/* add Content-Length: header (SVr4) */
 		/*	'V'	   UIUC: !-relativize all addresses */
-# define M_HASPWENT	'w'	/* check for /etc/passwd entry */
+#define M_HASPWENT	'w'	/* check for /etc/passwd entry */
 		/*	'x'	   CF: include Full-Name: */
-# define M_XDOT		'X'	/* use hidden-dot algorithm */
-# define M_LMTP		'z'	/* run Local Mail Transport Protocol */
-# define M_NOMX		'0'	/* turn off MX lookups */
-# define M_NONULLS	'1'	/* don't send null bytes */
-# define M_EBCDIC	'3'	/* extend Q-P encoding for EBCDIC */
-# define M_TRYRULESET5	'5'	/* use ruleset 5 after local aliasing */
-# define M_7BITHDRS	'6'	/* strip headers to 7 bits even in 8 bit path */
-# define M_7BITS	'7'	/* use 7-bit path */
-# define M_8BITS	'8'	/* force "just send 8" behaviour */
-# define M_MAKE8BIT	'9'	/* convert 7 -> 8 bit if appropriate */
-# define M_CHECKINCLUDE	':'	/* check for :include: files */
-# define M_CHECKPROG	'|'	/* check for |program addresses */
-# define M_CHECKFILE	'/'	/* check for /file addresses */
-# define M_CHECKUDB	'@'	/* user can be user database key */
-# define M_CHECKHDIR	'~'	/* SGI: check for valid home directory */
-
-EXTERN MAILER	*Mailer[MAXMAILERS+1];
-
-EXTERN MAILER	*LocalMailer;		/* ptr to local mailer */
-EXTERN MAILER	*ProgMailer;		/* ptr to program mailer */
-EXTERN MAILER	*FileMailer;		/* ptr to *file* mailer */
-EXTERN MAILER	*InclMailer;		/* ptr to *include* mailer */
+#define M_XDOT		'X'	/* use hidden-dot algorithm */
+#define M_LMTP		'z'	/* run Local Mail Transport Protocol */
+#define M_NOMX		'0'	/* turn off MX lookups */
+#define M_NONULLS	'1'	/* don't send null bytes */
+#define M_EBCDIC	'3'	/* extend Q-P encoding for EBCDIC */
+#define M_TRYRULESET5	'5'	/* use ruleset 5 after local aliasing */
+#define M_7BITHDRS	'6'	/* strip headers to 7 bits even in 8 bit path */
+#define M_7BITS		'7'	/* use 7-bit path */
+#define M_8BITS		'8'	/* force "just send 8" behaviour */
+#define M_MAKE8BIT	'9'	/* convert 7 -> 8 bit if appropriate */
+#define M_CHECKINCLUDE	':'	/* check for :include: files */
+#define M_CHECKPROG	'|'	/* check for |program addresses */
+#define M_CHECKFILE	'/'	/* check for /file addresses */
+#define M_CHECKUDB	'@'	/* user can be user database key */
+#define M_CHECKHDIR	'~'	/* SGI: check for valid home directory */
+#define M_HOLD		'%'	/* Hold delivery until ETRN/-qI/-qR/-qS */
+#define M_PLUS		'+'	/* Reserved: Used in mc for adding new flags */
+#define M_MINUS		'-'	/* Reserved: Used in mc for removing flags */
+
+/* functions */
+extern void	initerrmailers __P((void));
+extern void	makemailer __P((char *));
+
 /*
 **  Information about currently open connections to mailers, or to
 **  hosts that we have looked up recently.
 */
 
-# define MCI		struct mailer_con_info
+#define MCI		struct mailer_con_info
 
 MCI
 {
-	short		mci_flags;	/* flag bits, see below */
+	u_long		mci_flags;	/* flag bits, see below */
 	short		mci_errno;	/* error number on last connection */
 	short		mci_herrno;	/* h_errno from last DNS lookup */
 	short		mci_exitstat;	/* exit status from last connection */
 	short		mci_state;	/* SMTP state */
-	off_t		mci_contentlen;	/* body length for Content-Length: */
+	int		mci_deliveries;	/* delivery attempts for connection */
 	long		mci_maxsize;	/* max size this server will accept */
+#if SFIO
+	Sfio_t		*mci_in;	/* input side of connection */
+	Sfio_t		*mci_out;	/* output side of connection */
+#else /* SFIO */
 	FILE		*mci_in;	/* input side of connection */
 	FILE		*mci_out;	/* output side of connection */
+#endif /* SFIO */
 	pid_t		mci_pid;	/* process id of subordinate proc */
 	char		*mci_phase;	/* SMTP phase string */
 	struct mailer	*mci_mailer;	/* ptr to the mailer for this conn */
@@ -335,25 +419,46 @@ MCI
 	char		*mci_rstatus;	/* SMTP status to be copied to addrs */
 	time_t		mci_lastuse;	/* last usage time */
 	FILE		*mci_statfile;	/* long term status file */
+	char		*mci_heloname;	/* name to use as HELO arg */
+#if SASL
+	bool		mci_sasl_auth;	/* authenticated? */
+	int		mci_sasl_string_len;
+	char		*mci_sasl_string;	/* sasl reply string */
+	char		*mci_saslcap;	/* SASL list of mechanisms */
+	sasl_conn_t	*mci_conn;	/* SASL connection */
+#endif /* SASL */
+#if STARTTLS
+	SSL		*mci_ssl;	/* SSL connection */
+#endif /* STARTTLS */
 };
 
 
 /* flag bits */
-#define MCIF_VALID	0x0001		/* this entry is valid */
-#define MCIF_TEMP	0x0002		/* don't cache this connection */
-#define MCIF_CACHED	0x0004		/* currently in open cache */
-#define MCIF_ESMTP	0x0008		/* this host speaks ESMTP */
-#define MCIF_EXPN	0x0010		/* EXPN command supported */
-#define MCIF_SIZE	0x0020		/* SIZE option supported */
-#define MCIF_8BITMIME	0x0040		/* BODY=8BITMIME supported */
-#define MCIF_7BIT	0x0080		/* strip this message to 7 bits */
-#define MCIF_MULTSTAT	0x0100		/* MAIL11V3: handles MULT status */
-#define MCIF_INHEADER	0x0200		/* currently outputing header */
-#define MCIF_CVT8TO7	0x0400		/* convert from 8 to 7 bits */
-#define MCIF_DSN	0x0800		/* DSN extension supported */
-#define MCIF_8BITOK	0x1000		/* OK to send 8 bit characters */
-#define MCIF_CVT7TO8	0x2000		/* convert from 7 to 8 bits */
-#define MCIF_INMIME	0x4000		/* currently reading MIME header */
+#define MCIF_VALID	0x00000001	/* this entry is valid */
+#define MCIF_TEMP	0x00000002	/* don't cache this connection */
+#define MCIF_CACHED	0x00000004	/* currently in open cache */
+#define MCIF_ESMTP	0x00000008	/* this host speaks ESMTP */
+#define MCIF_EXPN	0x00000010	/* EXPN command supported */
+#define MCIF_SIZE	0x00000020	/* SIZE option supported */
+#define MCIF_8BITMIME	0x00000040	/* BODY=8BITMIME supported */
+#define MCIF_7BIT	0x00000080	/* strip this message to 7 bits */
+#define MCIF_MULTSTAT	0x00000100	/* MAIL11V3: handles MULT status */
+#define MCIF_INHEADER	0x00000200	/* currently outputing header */
+#define MCIF_CVT8TO7	0x00000400	/* convert from 8 to 7 bits */
+#define MCIF_DSN	0x00000800	/* DSN extension supported */
+#define MCIF_8BITOK	0x00001000	/* OK to send 8 bit characters */
+#define MCIF_CVT7TO8	0x00002000	/* convert from 7 to 8 bits */
+#define MCIF_INMIME	0x00004000	/* currently reading MIME header */
+#define MCIF_AUTH	0x00008000	/* AUTH= supported */
+#define MCIF_AUTHACT	0x00010000	/* SASL (AUTH) active */
+#define MCIF_ENHSTAT	0x00020000	/* ENHANCEDSTATUSCODES supported */
+#if STARTTLS
+#define MCIF_TLS	0x00100000	/* STARTTLS supported */
+#define MCIF_TLSACT	0x00200000	/* STARTTLS active */
+#define MCIF_EXTENS	(MCIF_EXPN | MCIF_SIZE | MCIF_8BITMIME | MCIF_DSN | MCIF_8BITOK | MCIF_AUTH | MCIF_ENHSTAT | MCIF_TLS)
+#else /* STARTTLS */
+#define MCIF_EXTENS	(MCIF_EXPN | MCIF_SIZE | MCIF_8BITMIME | MCIF_DSN | MCIF_8BITOK | MCIF_AUTH | MCIF_ENHSTAT)
+#endif /* STARTTLS */
 
 /* states */
 #define MCIS_CLOSED	0		/* no traffic on this connection */
@@ -365,20 +470,21 @@ MCI
 #define MCIS_ERROR	6		/* I/O error on connection */
 
 /* functions */
-extern MCI	*mci_get __P((char *, MAILER *));
 extern void	mci_cache __P((MCI *));
-extern void	mci_flush __P((bool, MCI *));
 extern void	mci_dump __P((MCI *, bool));
 extern void	mci_dump_all __P((bool));
-extern MCI	**mci_scan __P((MCI *));
-extern int 	mci_traverse_persistent __P((int (*)(), char *));
+extern void	mci_flush __P((bool, MCI *));
+extern MCI	*mci_get __P((char *, MAILER *));
+extern int	mci_lock_host __P((MCI *));
+extern bool	mci_match __P((char *, MAILER *));
 extern int	mci_print_persistent __P((char *, char *));
 extern int	mci_purge_persistent __P((char *, char *));
-extern int	mci_lock_host __P((MCI *));
+extern MCI	**mci_scan __P((MCI *));
+extern void	mci_setstat __P((MCI *, int, char *, char *));
+extern void	mci_store_persistent __P((MCI *));
+extern int	mci_traverse_persistent __P((int (*)(), char *));
 extern void	mci_unlock_host __P((MCI *));
-extern int	mci_lock_host_statfile __P((MCI *));
-extern void 	mci_store_persistent __P((MCI *));
-extern int 	mci_read_persistent __P((FILE *, MCI *));
+
 /*
 **  Header structure.
 **	This structure is used internally to store header items.
@@ -389,8 +495,9 @@ struct header
 	char		*h_field;	/* the name of the field */
 	char		*h_value;	/* the value of that field */
 	struct header	*h_link;	/* the next header */
-	u_short		h_flags;	/* status bits, see below */
-	BITMAP		h_mflags;	/* m_flags bits needed */
+	u_char		h_macro;	/* include header if macro defined */
+	u_long		h_flags;	/* status bits, see below */
+	BITMAP256	h_mflags;	/* m_flags bits needed */
 };
 
 typedef struct header	HDR;
@@ -404,37 +511,64 @@ typedef struct header	HDR;
 struct hdrinfo
 {
 	char	*hi_field;	/* the name of the field */
-	u_short	hi_flags;	/* status bits, see below */
+	u_long	hi_flags;	/* status bits, see below */
 	char	*hi_ruleset;	/* validity check ruleset */
 };
 
 extern struct hdrinfo	HdrInfo[];
 
 /* bits for h_flags and hi_flags */
-# define H_EOH		0x0001	/* this field terminates header */
-# define H_RCPT		0x0002	/* contains recipient addresses */
-# define H_DEFAULT	0x0004	/* if another value is found, drop this */
-# define H_RESENT	0x0008	/* this address is a "Resent-..." address */
-# define H_CHECK	0x0010	/* check h_mflags against m_flags */
-# define H_ACHECK	0x0020	/* ditto, but always (not just default) */
-# define H_FORCE	0x0040	/* force this field, even if default */
-# define H_TRACE	0x0080	/* this field contains trace information */
-# define H_FROM		0x0100	/* this is a from-type field */
-# define H_VALID	0x0200	/* this field has a validated value */
-# define H_RECEIPTTO	0x0400	/* this field has return receipt info */
-# define H_ERRORSTO	0x0800	/* this field has error address info */
-# define H_CTE		0x1000	/* this field is a content-transfer-encoding */
-# define H_CTYPE	0x2000	/* this is a content-type field */
-# define H_BCC		0x4000	/* Bcc: header: strip value or delete */
-# define H_ENCODABLE	0x8000	/* field can be RFC 1522 encoded */
+#define H_EOH		0x00000001	/* field terminates header */
+#define H_RCPT		0x00000002	/* contains recipient addresses */
+#define H_DEFAULT	0x00000004	/* if another value is found, drop this */
+#define H_RESENT	0x00000008	/* this address is a "Resent-..." address */
+#define H_CHECK		0x00000010	/* check h_mflags against m_flags */
+#define H_ACHECK	0x00000020	/* ditto, but always (not just default) */
+#define H_FORCE		0x00000040	/* force this field, even if default */
+#define H_TRACE		0x00000080	/* this field contains trace information */
+#define H_FROM		0x00000100	/* this is a from-type field */
+#define H_VALID		0x00000200	/* this field has a validated value */
+#define H_RECEIPTTO	0x00000400	/* field has return receipt info */
+#define H_ERRORSTO	0x00000800	/* field has error address info */
+#define H_CTE		0x00001000	/* field is a content-transfer-encoding */
+#define H_CTYPE		0x00002000	/* this is a content-type field */
+#define H_BCC		0x00004000	/* Bcc: header: strip value or delete */
+#define H_ENCODABLE	0x00008000	/* field can be RFC 1522 encoded */
+#define H_STRIPCOMM	0x00010000	/* header check: strip comments */
+#define H_BINDLATE	0x00020000	/* only expand macros at deliver */
+#define H_USER		0x00040000	/* header came from the user/SMTP */
+
+/* bits for chompheader() */
+#define CHHDR_DEF	0x0001	/* default header */
+#define CHHDR_CHECK	0x0002	/* call ruleset for header */
+#define CHHDR_USER	0x0004	/* header from user */
 
 /* functions */
-extern void	addheader __P((char *, char *, HDR **));
-extern char	*hvalue __P((char *, HDR *));
+extern void	addheader __P((char *, char *, int, HDR **));
+extern u_long	chompheader __P((char *, int, HDR **, ENVELOPE *));
 extern void	commaize __P((HDR *, char *, bool, MCI *, ENVELOPE *));
-extern void	put_vanilla_header __P((HDR *, char *, MCI *));
+extern HDR	*copyheader __P((HDR *));
 extern void	eatheader __P((ENVELOPE *, bool));
-extern int	chompheader __P((char *, bool, HDR **, ENVELOPE *));
+extern char	*hvalue __P((char *, HDR *));
+extern bool	isheader __P((char *));
+extern void	putfromline __P((MCI *, ENVELOPE *));
+extern void	setupheaders __P((void));
+
+/*
+**  Performance monitoring
+*/
+
+#define TIMERS		struct sm_timers
+
+TIMERS
+{
+	TIMER	ti_overall;	/* the whole process */
+};
+
+
+#define PUSHTIMER(l, t)	{ if (tTd(98, l)) pushtimer(&t); }
+#define POPTIMER(l, t)	{ if (tTd(98, l)) poptimer(&t); }
+
 /*
 **  Envelope structure.
 **	This structure defines the message itself.  There is usually
@@ -468,11 +602,12 @@ struct envelope
 					/* function to put header of message */
 	void		(*e_putbody)__P((MCI *, ENVELOPE *, char *));
 					/* function to put body of message */
-	struct envelope	*e_parent;	/* the message this one encloses */
-	struct envelope *e_sibling;	/* the next envelope of interest */
+	ENVELOPE	*e_parent;	/* the message this one encloses */
+	ENVELOPE	*e_sibling;	/* the next envelope of interest */
 	char		*e_bodytype;	/* type of message body */
-	FILE		*e_dfp;		/* temporary file */
+	FILE		*e_dfp;		/* data file */
 	char		*e_id;		/* code for this entry in queue */
+	int		e_queuedir;	/* index into queue directories */
 	FILE		*e_xfp;		/* transcript file */
 	FILE		*e_lockfp;	/* the lock file for this message */
 	char		*e_message;	/* error message */
@@ -486,44 +621,53 @@ struct envelope
 	dev_t		e_dfdev;	/* df file's device, for crash recov */
 	ino_t		e_dfino;	/* df file's ino, for crash recovery */
 	char		*e_macro[256];	/* macro definitions */
+	char		*e_if_macros[2]; /* HACK: incoming interface info */
+	char		*e_auth_param;
+	TIMERS		e_timers;	/* per job timers */
+#if _FFR_QUEUEDELAY
+	int		e_queuealg;	/* algorithm for queue delay */
+	time_t		e_queuedelay;	/* current delay */
+#endif /* _FFR_QUEUEDELAY */
 };
 
 /* values for e_flags */
-#define EF_OLDSTYLE	0x0000001	/* use spaces (not commas) in hdrs */
-#define EF_INQUEUE	0x0000002	/* this message is fully queued */
-#define EF_NO_BODY_RETN	0x0000004	/* omit message body on error */
-#define EF_CLRQUEUE	0x0000008	/* disk copy is no longer needed */
-#define EF_SENDRECEIPT	0x0000010	/* send a return receipt */
-#define EF_FATALERRS	0x0000020	/* fatal errors occured */
-#define EF_DELETE_BCC	0x0000040	/* delete Bcc: headers entirely */
-#define EF_RESPONSE	0x0000080	/* this is an error or return receipt */
-#define EF_RESENT	0x0000100	/* this message is being forwarded */
-#define EF_VRFYONLY	0x0000200	/* verify only (don't expand aliases) */
-#define EF_WARNING	0x0000400	/* warning message has been sent */
-#define EF_QUEUERUN	0x0000800	/* this envelope is from queue */
-#define EF_GLOBALERRS	0x0001000	/* treat errors as global */
-#define EF_PM_NOTIFY	0x0002000	/* send return mail to postmaster */
-#define EF_METOO	0x0004000	/* send to me too */
-#define EF_LOGSENDER	0x0008000	/* need to log the sender */
-#define EF_NORECEIPT	0x0010000	/* suppress all return-receipts */
-#define EF_HAS8BIT	0x0020000	/* at least one 8-bit char in body */
-#define EF_NL_NOT_EOL	0x0040000	/* don't accept raw NL as EOLine */
-#define EF_CRLF_NOT_EOL	0x0080000	/* don't accept CR-LF as EOLine */
-#define EF_RET_PARAM	0x0100000	/* RCPT command had RET argument */
-#define EF_HAS_DF	0x0200000	/* set when df file is instantiated */
-#define EF_IS_MIME	0x0400000	/* really is a MIME message */
-#define EF_DONT_MIME	0x0800000	/* never MIME this message */
-#define EF_DISCARD	0x1000000	/* discard the message */
-
-EXTERN ENVELOPE	*CurEnv;	/* envelope currently being processed */
+#define EF_OLDSTYLE	0x0000001L	/* use spaces (not commas) in hdrs */
+#define EF_INQUEUE	0x0000002L	/* this message is fully queued */
+#define EF_NO_BODY_RETN	0x0000004L	/* omit message body on error */
+#define EF_CLRQUEUE	0x0000008L	/* disk copy is no longer needed */
+#define EF_SENDRECEIPT	0x0000010L	/* send a return receipt */
+#define EF_FATALERRS	0x0000020L	/* fatal errors occurred */
+#define EF_DELETE_BCC	0x0000040L	/* delete Bcc: headers entirely */
+#define EF_RESPONSE	0x0000080L	/* this is an error or return receipt */
+#define EF_RESENT	0x0000100L	/* this message is being forwarded */
+#define EF_VRFYONLY	0x0000200L	/* verify only (don't expand aliases) */
+#define EF_WARNING	0x0000400L	/* warning message has been sent */
+#define EF_QUEUERUN	0x0000800L	/* this envelope is from queue */
+#define EF_GLOBALERRS	0x0001000L	/* treat errors as global */
+#define EF_PM_NOTIFY	0x0002000L	/* send return mail to postmaster */
+#define EF_METOO	0x0004000L	/* send to me too */
+#define EF_LOGSENDER	0x0008000L	/* need to log the sender */
+#define EF_NORECEIPT	0x0010000L	/* suppress all return-receipts */
+#define EF_HAS8BIT	0x0020000L	/* at least one 8-bit char in body */
+#define EF_NL_NOT_EOL	0x0040000L	/* don't accept raw NL as EOLine */
+#define EF_CRLF_NOT_EOL	0x0080000L	/* don't accept CR-LF as EOLine */
+#define EF_RET_PARAM	0x0100000L	/* RCPT command had RET argument */
+#define EF_HAS_DF	0x0200000L	/* set when df file is instantiated */
+#define EF_IS_MIME	0x0400000L	/* really is a MIME message */
+#define EF_DONT_MIME	0x0800000L	/* never MIME this message */
+#define EF_DISCARD	0x1000000L	/* discard the message */
+
+/* values for e_if_macros */
+#define EIF_ADDR	0		/* ${if_addr} */
 
 /* functions */
-extern ENVELOPE	*newenvelope __P((ENVELOPE *, ENVELOPE *));
-extern void	dropenvelope __P((ENVELOPE *, bool));
 extern void	clearenvelope __P((ENVELOPE *, bool));
-
-extern void	putheader __P((MCI *, HDR *, ENVELOPE *, int));
+extern void	dropenvelope __P((ENVELOPE *, bool));
+extern ENVELOPE	*newenvelope __P((ENVELOPE *, ENVELOPE *));
+extern void	printenvflags __P((ENVELOPE *));
 extern void	putbody __P((MCI *, ENVELOPE *, char *));
+extern void	putheader __P((MCI *, HDR *, ENVELOPE *, int));
+
 /*
 **  Message priority classes.
 **
@@ -554,8 +698,6 @@ struct priority
 	int	pri_val;	/* internal value for same */
 };
 
-EXTERN struct priority	Priorities[MAXPRIORITIES];
-EXTERN int		NumPriorities;	/* pointer into Priorities */
 /*
 **  Rewrite rules.
 */
@@ -565,10 +707,9 @@ struct rewrite
 	char	**r_lhs;	/* pattern match */
 	char	**r_rhs;	/* substitution value */
 	struct rewrite	*r_next;/* next in chain */
+	int	r_line;		/* rule line in sendmail.cf */
 };
 
-EXTERN struct rewrite	*RewriteRules[MAXRWSETS];
-
 /*
 **  Special characters in rewriting rules.
 **	These are used internally only.
@@ -578,38 +719,38 @@ EXTERN struct rewrite	*RewriteRules[MAXRWSETS];
 */
 
 /* left hand side items */
-# define MATCHZANY	((u_char)0220)	/* match zero or more tokens */
-# define MATCHANY	((u_char)0221)	/* match one or more tokens */
-# define MATCHONE	((u_char)0222)	/* match exactly one token */
-# define MATCHCLASS	((u_char)0223)	/* match one token in a class */
-# define MATCHNCLASS	((u_char)0224)	/* match anything not in class */
-# define MATCHREPL	((u_char)0225)	/* replacement on RHS for above */
+#define MATCHZANY	((u_char)0220)	/* match zero or more tokens */
+#define MATCHANY	((u_char)0221)	/* match one or more tokens */
+#define MATCHONE	((u_char)0222)	/* match exactly one token */
+#define MATCHCLASS	((u_char)0223)	/* match one token in a class */
+#define MATCHNCLASS	((u_char)0224)	/* match anything not in class */
+#define MATCHREPL	((u_char)0225)	/* replacement on RHS for above */
 
 /* right hand side items */
-# define CANONNET	((u_char)0226)	/* canonical net, next token */
-# define CANONHOST	((u_char)0227)	/* canonical host, next token */
-# define CANONUSER	((u_char)0230)	/* canonical user, next N tokens */
-# define CALLSUBR	((u_char)0231)	/* call another rewriting set */
+#define CANONNET	((u_char)0226)	/* canonical net, next token */
+#define CANONHOST	((u_char)0227)	/* canonical host, next token */
+#define CANONUSER	((u_char)0230)	/* canonical user, next N tokens */
+#define CALLSUBR	((u_char)0231)	/* call another rewriting set */
 
 /* conditionals in macros */
-# define CONDIF		((u_char)0232)	/* conditional if-then */
-# define CONDELSE	((u_char)0233)	/* conditional else */
-# define CONDFI		((u_char)0234)	/* conditional fi */
+#define CONDIF		((u_char)0232)	/* conditional if-then */
+#define CONDELSE	((u_char)0233)	/* conditional else */
+#define CONDFI		((u_char)0234)	/* conditional fi */
 
 /* bracket characters for host name lookup */
-# define HOSTBEGIN	((u_char)0235)	/* hostname lookup begin */
-# define HOSTEND	((u_char)0236)	/* hostname lookup end */
+#define HOSTBEGIN	((u_char)0235)	/* hostname lookup begin */
+#define HOSTEND	((u_char)0236)	/* hostname lookup end */
 
 /* bracket characters for generalized lookup */
-# define LOOKUPBEGIN	((u_char)0205)	/* generalized lookup begin */
-# define LOOKUPEND	((u_char)0206)	/* generalized lookup end */
+#define LOOKUPBEGIN	((u_char)0205)	/* generalized lookup begin */
+#define LOOKUPEND	((u_char)0206)	/* generalized lookup end */
 
 /* macro substitution character */
-# define MACROEXPAND	((u_char)0201)	/* macro expansion */
-# define MACRODEXPAND	((u_char)0202)	/* deferred macro expansion */
+#define MACROEXPAND	((u_char)0201)	/* macro expansion */
+#define MACRODEXPAND	((u_char)0202)	/* deferred macro expansion */
 
 /* to make the code clearer */
-# define MATCHZERO	CANONHOST
+#define MATCHZERO	CANONHOST
 
 /* external <==> internal mapping table */
 struct metamac
@@ -619,14 +760,20 @@ struct metamac
 };
 
 /* values for macros with external names only */
-# define MID_OPMODE	0202	/* operation mode */
+#define MID_OPMODE	0202	/* operation mode */
 
 /* functions */
-extern void	expand __P((char *, char *, size_t, ENVELOPE *));
 extern void	define __P((int, char *, ENVELOPE *));
-extern char	*macvalue __P((int, ENVELOPE *));
-extern char	*macname __P((int));
+extern void	expand __P((char *, char *, size_t, ENVELOPE *));
 extern int	macid __P((char *, char **));
+extern char	*macname __P((int));
+extern char	*macvalue __P((int, ENVELOPE *));
+extern int	rscheck __P((char *, char *, char *, ENVELOPE *, bool, bool, int));
+extern void	setclass __P((int, char *));
+extern int	strtorwset __P((char *, char **, int));
+extern void	translate_dollars __P((char *));
+extern bool	wordinclass __P((char *, int));
+
 /*
 **  Name canonification short circuit.
 **
@@ -650,6 +797,11 @@ NAMECANON
 
 /* values for nc_flags */
 #define NCF_VALID	0x0001	/* entry valid */
+
+/* functions */
+extern bool	getcanonname __P((char *, int, bool));
+extern int	getmxrr __P((char *, char **, u_short *, bool, int *));
+
 /*
 **  Mapping functions
 **
@@ -657,9 +809,9 @@ NAMECANON
 **	(albeit not the implementation) comes from IDA sendmail.
 */
 
-# define MAPCLASS	struct _mapclass
-# define MAP		struct _map
-# define MAXMAPACTIONS	3		/* size of map_actions array */
+#define MAPCLASS	struct _mapclass
+#define MAP		struct _map
+#define MAXMAPACTIONS	5		/* size of map_actions array */
 
 
 /*
@@ -679,6 +831,7 @@ MAP
 	u_char		map_keycolno;	/* key column number */
 	u_char		map_valcolno;	/* value column number */
 	char		map_coldelim;	/* column delimiter */
+	char		map_spacesub;	/* spacesub */
 	char		*map_app;	/* to append to successful matches */
 	char		*map_tapp;	/* to append to "tempfail" matches */
 	char		*map_domain;	/* the (nominal) NIS domain */
@@ -691,31 +844,43 @@ MAP
 	short		map_return[MAXMAPACTIONS]; /* return bitmaps for stacked maps */
 };
 
+
 /* bit values for map_mflags */
-# define MF_VALID	0x00000001	/* this entry is valid */
-# define MF_INCLNULL	0x00000002	/* include null byte in key */
-# define MF_OPTIONAL	0x00000004	/* don't complain if map not found */
-# define MF_NOFOLDCASE	0x00000008	/* don't fold case in keys */
-# define MF_MATCHONLY	0x00000010	/* don't use the map value */
-# define MF_OPEN	0x00000020	/* this entry is open */
-# define MF_WRITABLE	0x00000040	/* open for writing */
-# define MF_ALIAS	0x00000080	/* this is an alias file */
-# define MF_TRY0NULL	0x00000100	/* try with no null byte */
-# define MF_TRY1NULL	0x00000200	/* try with the null byte */
-# define MF_LOCKED	0x00000400	/* this map is currently locked */
-# define MF_ALIASWAIT	0x00000800	/* alias map in aliaswait state */
-# define MF_IMPL_HASH	0x00001000	/* implicit: underlying hash database */
-# define MF_IMPL_NDBM	0x00002000	/* implicit: underlying NDBM database */
-# define MF_UNSAFEDB	0x00004000	/* this map is world writable */
-# define MF_APPEND	0x00008000	/* append new entry on rebuiled */
-# define MF_KEEPQUOTES	0x00010000	/* don't dequote key before lookup */
-# define MF_NODEFER	0x00020000	/* don't defer if map lookup fails */
-# define MF_REGEX_NOT	0x00040000	/* regular expression negation */
+#define MF_VALID	0x00000001	/* this entry is valid */
+#define MF_INCLNULL	0x00000002	/* include null byte in key */
+#define MF_OPTIONAL	0x00000004	/* don't complain if map not found */
+#define MF_NOFOLDCASE	0x00000008	/* don't fold case in keys */
+#define MF_MATCHONLY	0x00000010	/* don't use the map value */
+#define MF_OPEN		0x00000020	/* this entry is open */
+#define MF_WRITABLE	0x00000040	/* open for writing */
+#define MF_ALIAS	0x00000080	/* this is an alias file */
+#define MF_TRY0NULL	0x00000100	/* try with no null byte */
+#define MF_TRY1NULL	0x00000200	/* try with the null byte */
+#define MF_LOCKED	0x00000400	/* this map is currently locked */
+#define MF_ALIASWAIT	0x00000800	/* alias map in aliaswait state */
+#define MF_IMPL_HASH	0x00001000	/* implicit: underlying hash database */
+#define MF_IMPL_NDBM	0x00002000	/* implicit: underlying NDBM database */
+#define MF_UNSAFEDB	0x00004000	/* this map is world writable */
+#define MF_APPEND	0x00008000	/* append new entry on rebuild */
+#define MF_KEEPQUOTES	0x00010000	/* don't dequote key before lookup */
+#define MF_NODEFER	0x00020000	/* don't defer if map lookup fails */
+#define MF_REGEX_NOT	0x00040000	/* regular expression negation */
+#define MF_DEFER	0x00080000	/* don't lookup map in defer mode */
+#define MF_SINGLEMATCH	0x00100000	/* successful only if match one key */
+#define MF_NOREWRITE	0x00200000	/* don't rewrite result, return as-is */
+#define MF_SHARED	0x00400000	/* map connection is shared */
+
+#define DYNOPENMAP(map) if (!bitset(MF_OPEN, (map)->map_mflags)) \
+	{	\
+		if (!openmap(map))	\
+			return NULL;	\
+	}
+
 
 /* indices for map_actions */
-# define MA_NOTFOUND	0		/* member map returned "not found" */
-# define MA_UNAVAIL	1		/* member map is not available */
-# define MA_TRYAGAIN	2		/* member map returns temp failure */
+#define MA_NOTFOUND	0		/* member map returned "not found" */
+#define MA_UNAVAIL	1		/* member map is not available */
+#define MA_TRYAGAIN	2		/* member map returns temp failure */
 
 /*
 **  The class of a map -- essentially the functions to call
@@ -745,9 +910,134 @@ MAPCLASS
 #define MCF_OPTFILE	0x0008		/* file name is optional */
 
 /* functions */
-extern char	*map_rewrite __P((MAP *, const char *, size_t, char **));
+extern void	closemaps __P((void));
+extern bool	impl_map_open __P((MAP *, int));
+extern void	initmaps __P((void));
 extern MAP	*makemapentry __P((char *));
-extern void	initmaps __P((bool, ENVELOPE *));
+extern void	maplocaluser __P((ADDRESS *, ADDRESS **, int, ENVELOPE *));
+extern char	*map_rewrite __P((MAP *, const char *, size_t, char **));
+#if NETINFO
+extern char	*ni_propval __P((char *, char *, char *, char *, int));
+#endif /* NETINFO */
+extern bool	openmap __P((MAP *));
+#if USERDB
+extern void	_udbx_close __P((void));
+extern int	udbexpand __P((ADDRESS *, ADDRESS **, int, ENVELOPE *));
+extern char	*udbsender __P((char *));
+#endif /* USERDB */
+/*
+**  LDAP related items
+*/
+#ifdef LDAPMAP
+struct ldapmap_struct
+{
+	/* needed for ldap_open or ldap_init */
+	char		*ldap_host;
+	int		ldap_port;
+
+	/* options set in ld struct before ldap_bind_s */
+	int		ldap_deref;
+	time_t		ldap_timelimit;
+	int		ldap_sizelimit;
+	int		ldap_options;
+
+	/* args for ldap_bind_s */
+	LDAP		*ldap_ld;
+	char		*ldap_binddn;
+	char		*ldap_secret;
+	int		ldap_method;
+
+	/* args for ldap_search */
+	char		*ldap_base;
+	int		ldap_scope;
+	char		*ldap_filter;
+	char		*ldap_attr[LDAPMAP_MAX_ATTR + 1];
+	bool		ldap_attrsonly;
+
+	/* args for ldap_result */
+	struct timeval	ldap_timeout;
+	LDAPMessage	*ldap_res;
+};
+
+typedef struct ldapmap_struct	LDAPMAP_STRUCT;
+
+/* struct defining LDAP Auth Methods */
+struct lamvalues
+{
+	char	*lam_name;	/* name of LDAP auth method */
+	int	lam_code;	/* numeric code */
+};
+
+/* struct defining LDAP Alias Dereferencing */
+struct ladvalues
+{
+	char	*lad_name;	/* name of LDAP alias dereferencing method */
+	int	lad_code;	/* numeric code */
+};
+
+/* struct defining LDAP Search Scope */
+struct lssvalues
+{
+	char	*lss_name;	/* name of LDAP search scope */
+	int	lss_code;	/* numeric code */
+};
+
+/* functions */
+extern bool	ldapmap_parseargs __P((MAP *, char *));
+extern void	ldapmap_set_defaults __P((char *));
+#endif /* LDAPMAP */
+
+/*
+**  PH related items
+*/
+
+#ifdef PH_MAP
+struct ph_map_struct
+{
+	char	*ph_servers;	/* list of ph servers */
+	char	*ph_field_list;	/* list of fields to search for match */
+	FILE	*ph_to_server;
+	FILE	*ph_from_server;
+	int	ph_sockfd;
+	time_t	ph_timeout;
+};
+typedef struct ph_map_struct	PH_MAP_STRUCT;
+
+# define DEFAULT_PH_MAP_FIELDS		"alias callsign name spacedname"
+#endif /* PH_MAP */
+/*
+**  Process List (proclist)
+*/
+
+struct procs
+{
+	pid_t	proc_pid;
+	char	*proc_task;
+	int	proc_type;
+};
+
+#define NO_PID		((pid_t) 0)
+#ifndef PROC_LIST_SEG
+# define PROC_LIST_SEG	32		/* number of pids to alloc at a time */
+#endif /* ! PROC_LIST_SEG */
+
+/* process types */
+#define PROC_NONE		0
+#define PROC_DAEMON		1
+#define PROC_DAEMON_CHILD	2
+#define PROC_QUEUE		3
+#define PROC_QUEUE_CHILD	3
+#define PROC_CONTROL		4
+#define PROC_CONTROL_CHILD	5
+
+/* functions */
+extern void	proc_list_add __P((pid_t, char *, int));
+extern void	proc_list_clear __P((void));
+extern void	proc_list_display __P((FILE *));
+extern int	proc_list_drop __P((pid_t));
+extern void	proc_list_probe __P((void));
+extern void	proc_list_set __P((pid_t, char *));
+
 /*
 **  Symbol table definitions
 */
@@ -760,7 +1050,7 @@ struct symtab
 	struct symtab	*s_next;	/* pointer to next in chain */
 	union
 	{
-		BITMAP		sv_class;	/* bit-map of word classes */
+		BITMAP256	sv_class;	/* bit-map of word classes */
 		ADDRESS		*sv_addr;	/* pointer to address header */
 		MAILER		*sv_mailer;	/* pointer to mailer */
 		char		*sv_alias;	/* alias */
@@ -773,47 +1063,67 @@ struct symtab
 		int		sv_ruleset;	/* ruleset index */
 		struct hdrinfo	sv_header;	/* header metainfo */
 		char		*sv_service[MAXMAPSTACK]; /* service switch */
+#ifdef LDAPMAP
+		LDAP		*sv_ldap;	/* LDAP connection */
+#endif /* LDAPMAP */
+#if _FFR_MILTER
+		struct milter	*sv_milter;	/* milter filter name */
+#endif /* _FFR_MILTER */
 	}	s_value;
 };
 
 typedef struct symtab	STAB;
 
 /* symbol types */
-# define ST_UNDEF	0	/* undefined type */
-# define ST_CLASS	1	/* class map */
-# define ST_ADDRESS	2	/* an address in parsed format */
-# define ST_MAILER	3	/* a mailer header */
-# define ST_ALIAS	4	/* an alias */
-# define ST_MAPCLASS	5	/* mapping function class */
-# define ST_MAP		6	/* mapping function */
-# define ST_HOSTSIG	7	/* host signature */
-# define ST_NAMECANON	8	/* cached canonical name */
-# define ST_MACRO	9	/* macro name to id mapping */
-# define ST_RULESET	10	/* ruleset index */
-# define ST_SERVICE	11	/* service switch entry */
-# define ST_HEADER	12	/* special header flags */
-# define ST_MCI		16	/* mailer connection info (offset) */
-
-# define s_class	s_value.sv_class
-# define s_address	s_value.sv_addr
-# define s_mailer	s_value.sv_mailer
-# define s_alias	s_value.sv_alias
-# define s_mci		s_value.sv_mci
-# define s_mapclass	s_value.sv_mapclass
-# define s_hostsig	s_value.sv_hostsig
-# define s_map		s_value.sv_map
-# define s_namecanon	s_value.sv_namecanon
-# define s_macro	s_value.sv_macro
-# define s_ruleset	s_value.sv_ruleset
-# define s_service	s_value.sv_service
-# define s_header	s_value.sv_header
-
-extern STAB		*stab __P((char *, int, int));
-extern void		stabapply __P((void (*)(STAB *, int), int));
+#define ST_UNDEF	0	/* undefined type */
+#define ST_CLASS	1	/* class map */
+#define ST_ADDRESS	2	/* an address in parsed format */
+#define ST_MAILER	3	/* a mailer header */
+#define ST_ALIAS	4	/* an alias */
+#define ST_MAPCLASS	5	/* mapping function class */
+#define ST_MAP		6	/* mapping function */
+#define ST_HOSTSIG	7	/* host signature */
+#define ST_NAMECANON	8	/* cached canonical name */
+#define ST_MACRO	9	/* macro name to id mapping */
+#define ST_RULESET	10	/* ruleset index */
+#define ST_SERVICE	11	/* service switch entry */
+#define ST_HEADER	12	/* special header flags */
+#ifdef LDAPMAP
+# define ST_LDAP	13	/* LDAP connection */
+#endif /* LDAPMAP */
+#if _FFR_MILTER
+# define ST_MILTER	14	/* milter filter */
+#endif /* _FFR_MILTER */
+#define ST_MCI		16	/* mailer connection info (offset) */
+
+#define s_class		s_value.sv_class
+#define s_address	s_value.sv_addr
+#define s_mailer	s_value.sv_mailer
+#define s_alias		s_value.sv_alias
+#define s_mci		s_value.sv_mci
+#define s_mapclass	s_value.sv_mapclass
+#define s_hostsig	s_value.sv_hostsig
+#define s_map		s_value.sv_map
+#define s_namecanon	s_value.sv_namecanon
+#define s_macro		s_value.sv_macro
+#define s_ruleset	s_value.sv_ruleset
+#define s_service	s_value.sv_service
+#define s_header	s_value.sv_header
+#ifdef LDAPMAP
+# define s_ldap		s_value.sv_ldap
+#endif /* LDAPMAP */
+#if _FFR_MILTER
+# define s_milter	s_value.sv_milter
+#endif /* _FFR_MILTER */
 
 /* opcodes to stab */
-# define ST_FIND	0	/* find entry */
-# define ST_ENTER	1	/* enter if not there */
+#define ST_FIND		0	/* find entry */
+#define ST_ENTER	1	/* enter if not there */
+
+/* functions */
+extern STAB	*stab __P((char *, int, int));
+extern void	stabapply __P((void (*)(STAB *, int), int));
+
 /*
 **  STRUCT EVENT -- event queue.
 **
@@ -835,11 +1145,11 @@ struct event
 
 typedef struct event	EVENT;
 
-EXTERN EVENT	*EventQueue;		/* head of event queue */
-
 /* functions */
-extern EVENT	*setevent __P((time_t, void(*)(), int));
 extern void	clrevent __P((EVENT *));
+extern void	clear_events __P((void));
+extern EVENT	*setevent __P((time_t, void(*)(), int));
+
 /*
 **  Operation, send, error, and MIME modes
 **
@@ -856,8 +1166,6 @@ extern void	clrevent __P((EVENT *));
 **	The error mode tells how to return errors.
 */
 
-EXTERN char	OpMode;		/* operation mode, see below */
-
 #define MD_DELIVER	'm'		/* be a mail sender */
 #define MD_SMTP		's'		/* run SMTP on standard input */
 #define MD_ARPAFTP	'a'		/* obsolete ARPANET mode (Grey Book) */
@@ -870,6 +1178,7 @@ EXTERN char	OpMode;		/* operation mode, see below */
 #define MD_FREEZE	'z'		/* freeze the configuration file */
 #define MD_HOSTSTAT	'h'		/* print persistent host stat info */
 #define MD_PURGESTAT	'H'		/* purge persistent host stat info */
+#define MD_QUEUERUN	'q'		/* queue run */
 
 /* values for e_sendmode -- send modes */
 #define SM_DELIVER	'i'		/* interactive delivery */
@@ -878,9 +1187,12 @@ EXTERN char	OpMode;		/* operation mode, see below */
 #define SM_DEFER	'd'		/* defer map lookups as well as queue */
 #define SM_VERIFY	'v'		/* verify only (used internally) */
 
+
 /* used only as a parameter to sendall */
 #define SM_DEFAULT	'\0'		/* unspecified, use SendMode */
 
+/* functions */
+extern void	set_delivery_mode __P((int, ENVELOPE *));
 
 /* values for e_errormode -- error handling modes */
 #define EM_PRINT	'p'		/* print errors */
@@ -890,25 +1202,13 @@ EXTERN char	OpMode;		/* operation mode, see below */
 #define EM_QUIET	'q'		/* don't print messages (stat only) */
 
 
-/* MIME processing mode */
-EXTERN int	MimeMode;
-
 /* bit values for MimeMode */
 #define MM_CVTMIME	0x0001		/* convert 8 to 7 bit MIME */
 #define MM_PASS8BIT	0x0002		/* just send 8 bit data blind */
 #define MM_MIME8BIT	0x0004		/* convert 8-bit data to MIME */
 
-/* queue sorting order algorithm */
-EXTERN int	QueueSortOrder;
-
-#define QS_BYPRIORITY	0		/* sort by message priority */
-#define QS_BYHOST	1		/* sort by first host name */
-#define QS_BYTIME	2		/* sort by submission time */
-
 
 /* how to handle messages without any recipient addresses */
-EXTERN int		NoRecipientAction;
-
 #define NRA_NO_ACTION		0	/* just leave it as is */
 #define NRA_ADD_TO		1	/* add To: header */
 #define NRA_ADD_APPARENTLY_TO	2	/* add Apparently-To: header */
@@ -921,10 +1221,6 @@ EXTERN int		NoRecipientAction;
 #define PXLF_MAPFROM		0x0001	/* map From_ to >From_ */
 #define PXLF_STRIP8BIT		0x0002	/* strip 8th bit */
 #define PXLF_HEADER		0x0004	/* map newlines in headers */
-/*
-**  Additional definitions
-*/
-
 
 /*
 **  Privacy flags
@@ -939,17 +1235,20 @@ EXTERN int		NoRecipientAction;
 #define PRIV_NOVRFY		0x0010	/* disallow VRFY command entirely */
 #define PRIV_AUTHWARNINGS	0x0020	/* flag possible authorization probs */
 #define PRIV_NORECEIPTS		0x0040	/* disallow return receipts */
-#define PRIV_NOETRN		0x0080	/* disallow ETRN command entirely */
 #define PRIV_NOVERB		0x0100	/* disallow VERB command entirely */
 #define PRIV_RESTRICTMAILQ	0x1000	/* restrict mailq command */
 #define PRIV_RESTRICTQRUN	0x2000	/* restrict queue run */
-#define PRIV_GOAWAY		0x0fff	/* don't give no info, anyway, anyhow */
+#define PRIV_NOETRN		0x4000	/* disallow ETRN command entirely */
+#define PRIV_NOBODYRETN		0x8000	/* do not return bodies on bounces */
+
+/* don't give no info, anyway, anyhow */
+#define PRIV_GOAWAY		(0x0fff & ~PRIV_NORECEIPTS)
 
 /* struct defining such things */
 struct prival
 {
 	char	*pv_name;	/* name of privacy flag */
-	int	pv_flag;	/* numeric level */
+	u_short	pv_flag;	/* numeric level */
 };
 
 
@@ -968,42 +1267,7 @@ struct prival
 
 
 /*
-**  Flags passed to safefile/safedirpath.
-*/
-
-#define SFF_ANYFILE		0	/* no special restrictions */
-#define SFF_MUSTOWN		0x0001	/* user must own this file */
-#define SFF_NOSLINK		0x0002	/* file cannot be a symbolic link */
-#define SFF_ROOTOK		0x0004	/* ok for root to own this file */
-#define SFF_RUNASREALUID	0x0008	/* if no ctladdr, run as real uid */
-#define SFF_NOPATHCHECK		0x0010	/* don't bother checking dir path */
-#define SFF_SETUIDOK		0x0020	/* setuid files are ok */
-#define SFF_CREAT		0x0040	/* ok to create file if necessary */
-#define SFF_REGONLY		0x0080	/* regular files only */
-#define SFF_SAFEDIRPATH		0x0100	/* no writable directories allowed */
-#define SFF_NOHLINK		0x0200	/* file cannot have hard links */
-#define SFF_NOWLINK		0x0400	/* links only in non-writable dirs */
-#define SFF_NOGWFILES		0x0800	/* disallow world writable files */
-#define SFF_NOWWFILES		0x1000	/* disallow group writable files */
-
-/* flags that are actually specific to safeopen/safefopen/dfopen */
-#define SFF_OPENASROOT		0x2000	/* open as root instead of real user */
-#define SFF_NOLOCK		0x4000	/* don't lock the file */
-
-/* pseudo-flags */
-#define SFF_NOLINK		(SFF_NOHLINK|SFF_NOSLINK)
-
-/* functions */
-extern int	safefile __P((char *, UID_T, GID_T, char *, int, int, struct stat *));
-extern int	safedirpath __P((char *, UID_T, GID_T, char *, int));
-extern int	safeopen __P((char *, int, int, int));
-extern FILE	*safefopen __P((char *, int, int, int));
-extern int	dfopen __P((char *, int, int, int));
-extern bool	filechanged __P((char *, int, struct stat *));
-
-
-/*
-**  Flags passed to mime8to7.
+**  Flags passed to mime8to7 and putheader.
 */
 
 #define M87F_OUTER		0	/* outer context */
@@ -1011,6 +1275,9 @@ extern bool	filechanged __P((char *, int, struct stat *));
 #define M87F_DIGEST		0x0002	/* processing multipart/digest */
 #define M87F_NO8TO7		0x0004	/* don't do 8->7 bit conversions */
 
+/* functions */
+extern void	mime7to8 __P((MCI *, HDR *, ENVELOPE *));
+extern int	mime8to7 __P((MCI *, HDR *, ENVELOPE *, char **, int));
 
 /*
 **  Flags passed to returntosender.
@@ -1020,45 +1287,96 @@ extern bool	filechanged __P((char *, int, struct stat *));
 #define RTSF_SEND_BODY		0x0001	/* include body of message in return */
 #define RTSF_PM_BOUNCE		0x0002	/* this is a postmaster bounce */
 
+/* functions */
+extern int	returntosender __P((char *, ADDRESS *, int, ENVELOPE *));
 
 /*
 **  Regular UNIX sockaddrs are too small to handle ISO addresses, so
 **  we are forced to declare a supertype here.
 */
 
-# if NETINET || NETUNIX || NETISO || NETNS || NETX25
+#if NETINET || NETINET6 || NETUNIX || NETISO || NETNS || NETX25
 union bigsockaddr
 {
 	struct sockaddr		sa;	/* general version */
-#if NETUNIX
+# if NETUNIX
 	struct sockaddr_un	sunix;	/* UNIX family */
-#endif
-#if NETINET
+# endif /* NETUNIX */
+# if NETINET
 	struct sockaddr_in	sin;	/* INET family */
-#endif
-#if NETISO
+# endif /* NETINET */
+# if NETINET6
+	struct sockaddr_in6	sin6;	/* INET/IPv6 */
+# endif /* NETINET6 */
+# if NETISO
 	struct sockaddr_iso	siso;	/* ISO family */
-#endif
-#if NETNS
+# endif /* NETISO */
+# if NETNS
 	struct sockaddr_ns	sns;	/* XNS family */
-#endif
-#if NETX25
+# endif /* NETNS */
+# if NETX25
 	struct sockaddr_x25	sx25;	/* X.25 family */
-#endif
+# endif /* NETX25 */
 };
 
-#define SOCKADDR	union bigsockaddr
-
-EXTERN SOCKADDR RealHostAddr;	/* address of host we are talking to */
+# define SOCKADDR	union bigsockaddr
 
-extern char	*hostnamebyanyaddr __P((SOCKADDR *));
+/* functions */
 extern char	*anynet_ntoa __P((SOCKADDR *));
+# if NETINET6
+extern char	*anynet_ntop __P((struct in6_addr *, char *, size_t));
+# endif /* NETINET6 */
+extern char	*hostnamebyanyaddr __P((SOCKADDR *));
 # if DAEMON
 extern char	*validate_connection __P((SOCKADDR *, char *, ENVELOPE *));
-# endif
+# endif /* DAEMON */
+
+#endif /* NETINET || NETINET6 || NETUNIX || NETISO || NETNS || NETX25 */
+
+#if _FFR_MILTER
+/*
+**  Mail Filters (milter)
+*/
+
+#include <libmilter/milter.h>
+
+#define SMFTO_WRITE	0		/* Timeout for sending information */
+#define SMFTO_READ	1		/* Timeout waiting for a response */
+#define SMFTO_EOM	2		/* Timeout for ACK/NAK to EOM */
+
+#define SMFTO_NUM_TO	3		/* Total number of timeouts */
+
+struct milter
+{
+	char		*mf_name;	/* filter name */
+	BITMAP256	mf_flags;	/* MTA flags */
+	u_long		mf_fvers;	/* filter version */
+	u_long		mf_fflags;	/* filter flags */
+	u_long		mf_pflags;	/* protocol flags */
+	char		*mf_conn;	/* connection info */
+	int		mf_sock;	/* connected socket */
+	char		mf_state;	/* state of filter */
+	time_t		mf_timeout[SMFTO_NUM_TO]; /* timeouts */
+};
+
+/* MTA flags */
+# define SMF_REJECT		'R'	/* Reject connection on filter fail */
+# define SMF_TEMPFAIL		'T'	/* tempfail connection on failure */
 
-#endif
+/* states */
+# define SMFS_CLOSED		'C'	/* closed for all further actions */
+# define SMFS_OPEN		'O'	/* connected to remote milter filter */
+# define SMFS_INMSG		'M'	/* currently servicing a message */
+# define SMFS_DONE		'D'	/* done with current message */
+# define SMFS_ERROR		'E'	/* error state */
+# define SMFS_READY		'R'	/* ready for action */
+
+/* 32-bit type used by milter */
+typedef SM_INT32	mi_int32;
 
+EXTERN struct milter	*InputFilters[MAXFILTERS];
+EXTERN char		*InputFilterList;
+#endif /* _FFR_MILTER */
 
 /*
 **  Vendor codes
@@ -1071,7 +1389,7 @@ extern char	*validate_connection __P((SOCKADDR *, char *, ENVELOPE *));
 **		-DVENDOR_DEFAULT=VENDOR_xxx
 **	in the Makefile.
 **
-**	Vendors should apply to sendmail@CS.Berkeley.EDU for
+**	Vendors should apply to sendmail@sendmail.org for
 **	unique vendor codes.
 */
 
@@ -1081,57 +1399,10 @@ extern char	*validate_connection __P((SOCKADDR *, char *, ENVELOPE *));
 #define VENDOR_IBM	4	/* IBM specific config syntax */
 #define VENDOR_SENDMAIL	5	/* Sendmail, Inc. specific config syntax */
 
-EXTERN int	VendorCode;	/* vendor-specific operation enhancements */
-
 /* prototypes for vendor-specific hook routines */
-extern void	vendor_set_uid __P((UID_T));
 extern void	vendor_daemon_setup __P((ENVELOPE *));
+extern void	vendor_set_uid __P((UID_T));
 
-/*
-**  DontBlameSendmail options
-**
-**	Hopefully nobody uses these.
-*/
-#define DBS_SAFE					0
-#define DBS_ASSUMESAFECHOWN				0x00000001
-#define DBS_GROUPWRITABLEDIRPATHSAFE			0x00000002
-#define DBS_GROUPWRITABLEFORWARDFILESAFE		0x00000004
-#define DBS_GROUPWRITABLEINCLUDEFILESAFE		0x00000008
-#define DBS_GROUPWRITABLEALIASFILE			0x00000010
-#define DBS_WORLDWRITABLEALIASFILE			0x00000020
-#define DBS_FORWARDFILEINUNSAFEDIRPATH			0x00000040
-#define DBS_MAPINUNSAFEDIRPATH				0x00000080
-#define DBS_LINKEDALIASFILEINWRITABLEDIR		0x00000100
-#define DBS_LINKEDCLASSFILEINWRITABLEDIR		0x00000200
-#define DBS_LINKEDFORWARDFILEINWRITABLEDIR		0x00000400
-#define DBS_LINKEDINCLUDEFILEINWRITABLEDIR		0x00000800
-#define DBS_LINKEDMAPINWRITABLEDIR			0x00001000
-#define DBS_LINKEDSERVICESWITCHFILEINWRITABLEDIR	0x00002000
-#define DBS_FILEDELIVERYTOHARDLINK			0x00004000
-#define DBS_FILEDELIVERYTOSYMLINK			0x00008000
-#define DBS_WRITEMAPTOHARDLINK				0x00010000
-#define DBS_WRITEMAPTOSYMLINK				0x00020000
-#define DBS_WRITESTATSTOHARDLINK			0x00040000
-#define DBS_WRITESTATSTOSYMLINK				0x00080000
-#define DBS_FORWARDFILEINGROUPWRITABLEDIRPATH		0x00100000
-#define DBS_INCLUDEFILEINGROUPWRITABLEDIRPATH		0x00200000
-#define DBS_CLASSFILEINUNSAFEDIRPATH			0x00400000
-#define DBS_ERRORHEADERINUNSAFEDIRPATH			0x00800000
-#define DBS_HELPFILEINUNSAFEDIRPATH			0x01000000
-#define DBS_FORWARDFILEINUNSAFEDIRPATHSAFE		0x02000000
-#define DBS_INCLUDEFILEINUNSAFEDIRPATHSAFE		0x04000000
-#define DBS_RUNPROGRAMINUNSAFEDIRPATH			0x08000000
-#define DBS_RUNWRITABLEPROGRAM				0x10000000
-#define DBS_INCLUDEFILEINUNSAFEDIRPATH			0x20000000
-
-/* struct defining such things */
-struct dbsval
-{
-	char	*dbs_name;	/* name of DontBlameSendmail flag */
-	long	dbs_flag;	/* numeric level */
-};
-
-EXTERN long	DontBlameSendmail;	/* DontBlameSendmail option bits */
 
 /*
 **  Terminal escape codes.
@@ -1145,159 +1416,120 @@ struct termescape
 	char	*te_rv_off;	/* turn reverse-video off */
 };
 
-EXTERN struct termescape	TermEscape;
-
+/*
+**  Additional definitions
+*/
 
-/*
-**  Error return from inet_addr(3), in case not defined in /usr/include.
+/* d_flags, see daemon.c */
+/* generic rule: lower case: required, upper case: No */
+#define D_AUTHREQ	'a'	/* authentication required */
+#define D_BINDIF	'b'	/* use if_addr for outgoing connection */
+#define D_CANONREQ	'c'	/* canonification required (cf) */
+#define D_IFNHELO	'h'	/* use if name for HELO */
+#define D_FQMAIL	'f'	/* fq sender address required (cf) */
+#define D_FQRCPT	'r'	/* fq recipient address required (cf) */
+#define D_UNQUALOK	'u'	/* unqualified address is ok (cf) */
+#define D_NOCANON	'C'	/* no canonification (cf) */
+#define D_NOETRN	'E'	/* no ETRN (MSA) */
+#define D_ETRNONLY	((char)0x01)	/* allow only ETRN (disk low) */
+
+/* Flags for submitmode */
+#define SUBMIT_UNKNOWN	0x0000	/* unknown agent type */
+#define SUBMIT_MTA	0x0001	/* act like a message transfer agent */
+#define SUBMIT_MSA	0x0002	/* act like a message submission agent */
+
+#if SASL
+/*
+**  SASL
 */
 
-#ifndef INADDR_NONE
-# define INADDR_NONE	0xffffffff
-#endif
+/* authenticated? */
+# define SASL_NOT_AUTH	0		/* not authenticated */
+# define SASL_PROC_AUTH	1		/* in process of authenticating */
+# define SASL_IS_AUTH	2		/* authenticated */
+
+/* SASL options */
+# define SASL_AUTH_AUTH	0x1000		/* use auth= only if authenticated */
+# if _FFR_SASL_OPTS
+#  define SASL_SEC_MASK	0x0fff		/* mask for SASL_SEC_* values: sasl.h */
+#  if (SASL_SEC_NOPLAINTEXT & SASL_SEC_MASK) == 0 || \
+	(SASL_SEC_NOACTIVE & SASL_SEC_MASK) == 0 || \
+	(SASL_SEC_NODICTIONARY & SASL_SEC_MASK) == 0 || \
+	(SASL_SEC_FORWARD_SECRECY & SASL_SEC_MASK) == 0 || \
+	(SASL_SEC_NOANONYMOUS & SASL_SEC_MASK) == 0 || \
+	(SASL_SEC_PASS_CREDENTIALS & SASL_SEC_MASK) == 0
+ERROR: change SASL_SEC_MASK_ notify sendmail.org!
+#  endif
+# endif /* _FFR_SASL_OPTS */
+
+# define MAXOUTLEN 1024			/* length of output buffer */
+#endif /* SASL */
+
+#if STARTTLS
 /*
-**  Global variables.
+**  TLS
 */
 
-EXTERN bool	FromFlag;	/* if set, "From" person is explicit */
-EXTERN bool	MeToo;		/* send to the sender also */
-EXTERN bool	IgnrDot;	/* don't let dot end messages */
-EXTERN bool	SaveFrom;	/* save leading "From" lines */
-EXTERN bool	GrabTo;		/* if set, get recipients from msg */
-EXTERN bool	SuprErrs;	/* set if we are suppressing errors */
-EXTERN bool	HoldErrs;	/* only output errors to transcript */
-EXTERN bool	NoConnect;	/* don't connect to non-local mailers */
-EXTERN bool	SuperSafe;	/* be extra careful, even if expensive */
-EXTERN bool	ForkQueueRuns;	/* fork for each job when running the queue */
-EXTERN bool	AutoRebuild;	/* auto-rebuild the alias database as needed */
-EXTERN bool	CheckAliases;	/* parse addresses during newaliases */
-EXTERN bool	NoAlias;	/* suppress aliasing */
-EXTERN bool	UseNameServer;	/* using DNS -- interpret h_errno & MX RRs */
-EXTERN bool	UseHesiod;	/* using Hesiod -- interpret Hesiod errors */
-EXTERN bool	SevenBitInput;	/* force 7-bit data on input */
-EXTERN bool	HasEightBits;	/* has at least one eight bit input byte */
-EXTERN bool	ConfigFileRead;	/* configuration file has been read */
-EXTERN time_t	SafeAlias;	/* interval to wait until @:@ in alias file */
-EXTERN FILE	*InChannel;	/* input connection */
-EXTERN FILE	*OutChannel;	/* output connection */
-EXTERN char	*RealUserName;	/* real user name of caller */
-EXTERN uid_t	RealUid;	/* real uid of caller */
-EXTERN gid_t	RealGid;	/* real gid of caller */
-EXTERN uid_t	DefUid;		/* default uid to run as */
-EXTERN gid_t	DefGid;		/* default gid to run as */
-EXTERN char	*DefUser;	/* default user to run as (from DefUid) */
-EXTERN uid_t	TrustedUid;	/* uid of trusted user for files and startup */
-EXTERN MODE_T	OldUmask;	/* umask when sendmail starts up */
-EXTERN int	Verbose;	/* set if blow-by-blow desired */
-EXTERN int	Errors;		/* set if errors (local to single pass) */
-EXTERN int	ExitStat;	/* exit status code */
-EXTERN int	LineNumber;	/* line number in current input */
-EXTERN int	LogLevel;	/* level of logging to perform */
-EXTERN int	FileMode;	/* mode on files */
-EXTERN int	QueueLA;	/* load average starting forced queueing */
-EXTERN int	RefuseLA;	/* load average refusing connections are */
-EXTERN int	CurrentLA;	/* current load average */
-EXTERN long	QueueFactor;	/* slope of queue function */
-EXTERN time_t	QueueIntvl;	/* intervals between running the queue */
-EXTERN char	*HelpFile;	/* location of SMTP help file */
-EXTERN char	*ErrMsgFile;	/* file to prepend to all error messages */
-EXTERN char	*StatFile;	/* location of statistics summary */
-EXTERN char	*QueueDir;	/* location of queue directory */
-EXTERN char	*FileName;	/* name to print on error messages */
-EXTERN char	*SmtpPhase;	/* current phase in SMTP processing */
-EXTERN char	*MyHostName;	/* name of this host for SMTP messages */
-EXTERN char	*RealHostName;	/* name of host we are talking to */
-EXTERN char	*CurHostName;	/* current host we are dealing with */
-EXTERN jmp_buf	TopFrame;	/* branch-to-top-of-loop-on-error frame */
-EXTERN bool	QuickAbort;	/*  .... but only if we want a quick abort */
-EXTERN bool	OnlyOneError;	/*  .... or only want to give one SMTP reply */
-EXTERN bool	LogUsrErrs;	/* syslog user errors (e.g., SMTP RCPT cmd) */
-EXTERN bool	SendMIMEErrors;	/* send error messages in MIME format */
-EXTERN bool	MatchGecos;	/* look for user names in gecos field */
-EXTERN bool	UseErrorsTo;	/* use Errors-To: header (back compat) */
-EXTERN bool	TryNullMXList;	/* if we are the best MX, try host directly */
-EXTERN bool	InChild;	/* true if running in an SMTP subprocess */
-EXTERN bool	DisConnected;	/* running with OutChannel redirected to xf */
-EXTERN bool	ColonOkInAddr;	/* single colon legal in address */
-EXTERN bool	HasWildcardMX;	/* don't use MX records when canonifying */
-EXTERN char	SpaceSub;	/* substitution for <lwsp> */
-EXTERN int	PrivacyFlags;	/* privacy flags */
-EXTERN char	*ConfFile;	/* location of configuration file [conf.c] */
-EXTERN char	*PidFile;	/* location of proc id file [conf.c] */
-EXTERN char	*ControlSocketName; /* control socket filename [control.c] */
-extern ADDRESS	NullAddress;	/* a null (template) address [main.c] */
-EXTERN long	WkClassFact;	/* multiplier for message class -> priority */
-EXTERN long	WkRecipFact;	/* multiplier for # of recipients -> priority */
-EXTERN long	WkTimeFact;	/* priority offset each time this job is run */
-EXTERN char	*UdbSpec;	/* user database source spec */
-EXTERN int	MaxHopCount;	/* max # of hops until bounce */
-EXTERN int	ConfigLevel;	/* config file level */
-EXTERN char	*TimeZoneSpec;	/* override time zone specification */
-EXTERN char	*ForwardPath;	/* path to search for .forward files */
-EXTERN long	MinBlocksFree;	/* min # of blocks free on queue fs */
-EXTERN char	*FallBackMX;	/* fall back MX host */
-EXTERN long	MaxMessageSize;	/* advertised max size we will accept */
-EXTERN time_t	MinQueueAge;	/* min delivery interval */
-EXTERN time_t	DialDelay;	/* delay between dial-on-demand tries */
-EXTERN char	*SafeFileEnv;	/* chroot location for file delivery */
-EXTERN char	*HostsFile;	/* path to /etc/hosts file */
-EXTERN char	*HostStatDir;	/* location of host status information */
-EXTERN int	MaxQueueRun;	/* maximum number of jobs in one queue run */
-EXTERN int	MaxChildren;	/* maximum number of daemonic children */
-EXTERN int	CurChildren;	/* current number of daemonic children */
-EXTERN char	*SmtpGreeting;	/* SMTP greeting message (old $e macro) */
-EXTERN char	*UnixFromLine;	/* UNIX From_ line (old $l macro) */
-EXTERN char	*OperatorChars;	/* operators (old $o macro) */
-EXTERN bool	DontInitGroups;	/* avoid initgroups() because of NIS cost */
-EXTERN int	DefaultNotify;	/* default DSN notification flags */
-EXTERN bool	AllowBogusHELO;	/* allow syntax errors on HELO command */
-EXTERN bool	UserSubmission;	/* initial (user) mail submission */
-EXTERN char	*RunAsUserName;	/* user to become for bulk of run */
-EXTERN uid_t	RunAsUid;	/* UID to become for bulk of run */
-EXTERN gid_t	RunAsGid;	/* GID to become for bulk of run */
-EXTERN int	MaxRcptPerMsg;	/* max recipients per SMTP message */
-EXTERN bool	DoQueueRun;	/* non-interrupt time queue run needed */
-EXTERN u_long	ConnectOnlyTo;	/* override connection address (for testing) */
-EXTERN int	MaxHeadersLength;	/* max length of headers */
-#if _FFR_DSN_RRT_OPTION
-EXTERN bool	RrtImpliesDsn;	/* turn Return-Receipt-To: into DSN */
-#endif
-EXTERN char	*DeadLetterDrop;	/* path to dead letter office */
-EXTERN bool	DontProbeInterfaces;	/* don't probe interfaces for names */
-EXTERN bool	ChownAlwaysSafe;	/* treat chown(2) as safe */
-EXTERN bool	IgnoreHostStatus;	/* ignore long term host status files */
-EXTERN bool	SingleThreadDelivery;	/* single thread hosts on delivery */
-EXTERN bool	SingleLineFromHeader;	/* force From: header to be one line */
-EXTERN bool	DontLockReadFiles;	/* don't read lock support files */
-EXTERN int	ConnRateThrottle;	/* throttle for SMTP connection rate */
-EXTERN int	MaxAliasRecursion;	/* maximum depth of alias recursion */
-EXTERN int	MaxMacroRecursion;	/* maximum depth of macro recursion */
-EXTERN int	MaxRuleRecursion;	/* maximum depth of ruleset recursion */
-EXTERN char	*MustQuoteChars;	/* quote these characters in phrases */
-EXTERN char	*ServiceSwitchFile;	/* backup service switch */
-EXTERN char	*DefaultCharSet;	/* default character set for MIME */
-EXTERN char	*PostMasterCopy;	/* address to get errs cc's */
-EXTERN int	CheckpointInterval;	/* queue file checkpoint interval */
-EXTERN bool	DontPruneRoutes;	/* don't prune source routes */
-EXTERN bool	DontExpandCnames;	/* do not $[...$] expand CNAMEs */
-EXTERN int	MaxMciCache;		/* maximum entries in MCI cache */
-EXTERN time_t	ServiceCacheTime;	/* time service switch was cached */
-EXTERN time_t	ServiceCacheMaxAge;	/* refresh interval for cache */
-EXTERN time_t	MciCacheTimeout;	/* maximum idle time on connections */
-EXTERN time_t	MciInfoTimeout;		/* how long 'til we retry down hosts */
-EXTERN FILE	*TrafficLogFile;	/* file in which to log all traffic */
-EXTERN char	*DoubleBounceAddr;	/* where to send double bounces */
-EXTERN char	**ExternalEnviron;	/* input environment */
-EXTERN char	*UserEnviron[MAXUSERENVIRON + 1];
-					/* saved user environment */
-EXTERN int	MaxMimeHeaderLength;	/* maximum MIME header length */
-EXTERN int	MaxMimeFieldLength;	/* maximum MIME field length */
+/* what to do in the TLS initialization */
+#define TLS_I_NONE	0x00000000	/* no requirements... */
+#define TLS_I_CERT_EX	0x00000001	/* CERT must exist */
+#define TLS_I_CERT_UNR	0x00000002	/* CERT must be g/o unreadable */
+#define TLS_I_KEY_EX	0x00000004	/* KEY must exist */
+#define TLS_I_KEY_UNR	0x00000008	/* KEY must be g/o unreadable */
+#define TLS_I_CERTP_EX	0x00000010	/* CA CERT PATH must exist */
+#define TLS_I_CERTP_UNR	0x00000020	/* CA CERT PATH must be g/o unreadable */
+#define TLS_I_CERTF_EX	0x00000040	/* CA CERT FILE must exist */
+#define TLS_I_CERTF_UNR	0x00000080	/* CA CERT FILE must be g/o unreadable */
+#define TLS_I_RSA_TMP	0x00000100	/* RSA TMP must be generated */
+#define TLS_I_USE_KEY	0x00000200	/* private key must usable */
+#define TLS_I_USE_CERT	0x00000400	/* certificate must be usable */
+#define TLS_I_VRFY_PATH	0x00000800	/* load verify path must succeed */
+#define TLS_I_VRFY_LOC	0x00001000	/* load verify default must succeed */
+#define TLS_I_CACHE	0x00002000	/* require cache */
+#define TLS_I_TRY_DH	0x00004000	/* try DH certificate */
+#define TLS_I_REQ_DH	0x00008000	/* require DH certificate */
+#define TLS_I_DHPAR_EX	0x00010000	/* require DH parameters */
+#define TLS_I_DHPAR_UNR	0x00020000	/* DH param. must be g/o unreadable */
+#define TLS_I_DH512	0x00040000	/* generate 512bit DH param */
+#define TLS_I_DH1024	0x00080000	/* generate 1024bit DH param */
+#define TLS_I_DH2048	0x00100000	/* generate 2048bit DH param */
+
+/* server requirements */
+#define TLS_I_SRV	(TLS_I_CERT_EX | TLS_I_KEY_EX | TLS_I_KEY_UNR | \
+			 TLS_I_CERTP_EX | TLS_I_CERTF_EX | TLS_I_RSA_TMP | \
+			 TLS_I_USE_KEY | TLS_I_USE_CERT | TLS_I_VRFY_PATH | \
+			 TLS_I_VRFY_LOC | TLS_I_TRY_DH | \
+			 TLS_I_DH512)
+
+/* client requirements */
+#define TLS_I_CLT	(TLS_I_KEY_UNR)
+
+#define TLS_AUTH_OK	0
+#define TLS_AUTH_NO	1
+#define TLS_AUTH_FAIL	(-1)
+#endif /* STARTTLS */
 
-extern int	errno;
 
-/*
-**  Queue Run Limitations
+/*
+**  Queue related items
 */
+
+/* queue sort order */
+#define QSO_BYPRIORITY	0		/* sort by message priority */
+#define QSO_BYHOST	1		/* sort by first host name */
+#define QSO_BYTIME	2		/* sort by submission time */
+#define QSO_BYFILENAME	3		/* sort by file name only */
+
+#if _FFR_QUEUEDELAY
+#define QD_LINEAR	0		/* linear (old) delay alg */
+#define QD_EXP		1		/* exponential delay alg */
+#endif /* _FFR_QUEUEDELAY */
+
+#define	NOQDIR	(-1)			/* no queue directory (yet) */
+
+#define	NOW	((time_t) (-1))		/* queue return: now */
+
+/* Queue Run Limitations */
 struct queue_char
 {
 	char *queue_match;		/* string to match */
@@ -1306,9 +1538,20 @@ struct queue_char
 
 typedef struct queue_char QUEUE_CHAR;
 
-EXTERN QUEUE_CHAR	*QueueLimitRecipient;	/* limit queue runs to this recipient */
-EXTERN QUEUE_CHAR	*QueueLimitSender;	/* limit queue runs to this sender */
-EXTERN QUEUE_CHAR	*QueueLimitId;		/* limit queue runs to this id */
+/* functions */
+extern void	assign_queueid __P((ENVELOPE *));
+extern ADDRESS	*copyqueue __P((ADDRESS *));
+extern void	initsys __P((ENVELOPE *));
+extern void	loseqfile __P((ENVELOPE *, char *));
+extern void	multiqueue_cache __P((void));
+extern char	*qid_printname __P((ENVELOPE *));
+extern char	*qid_printqueue __P((int));
+extern char	*queuename __P((ENVELOPE *, int));
+extern void	queueup __P((ENVELOPE *, bool));
+extern bool	runqueue __P((bool, bool));
+extern void	setnewqueue __P((ENVELOPE *));
+extern bool	shouldqueue __P((long, time_t));
+extern void	sync_queue_time __P((void));
 
 /*
 **  Timeouts
@@ -1335,30 +1578,41 @@ EXTERN struct
 	time_t	to_miscshort;	/* misc short commands (NOOP, VERB, etc) */
 	time_t	to_ident;	/* IDENT protocol requests */
 	time_t	to_fileopen;	/* opening :include: and .forward files */
+	time_t	to_control;	/* process a control socket command */
 			/* following are per message */
 	time_t	to_q_return[MAXTOCLASS];	/* queue return timeouts */
 	time_t	to_q_warning[MAXTOCLASS];	/* queue warning timeouts */
+	time_t	res_retrans[MAXRESTOTYPES];	/* resolver retransmit */
+	int	res_retry[MAXRESTOTYPES];	/* resolver retry */
 } TimeOuts;
 
 /* timeout classes for return and warning timeouts */
-# define TOC_NORMAL	0	/* normal delivery */
-# define TOC_URGENT	1	/* urgent delivery */
-# define TOC_NONURGENT	2	/* non-urgent delivery */
+#define TOC_NORMAL	0	/* normal delivery */
+#define TOC_URGENT	1	/* urgent delivery */
+#define TOC_NONURGENT	2	/* non-urgent delivery */
+
+/* resolver timeout specifiers */
+#define RES_TO_FIRST	0	/* first attempt */
+#define RES_TO_NORMAL	1	/* subsequent attempts */
+#define RES_TO_DEFAULT	2	/* default value */
 
+/* functions */
+extern void	inittimeouts __P((char *, bool));
 
 /*
 **  Trace information
 */
 
-/* trace vector and macros for debugging flags */
-EXTERN u_char	tTdvect[100];
-# define tTd(flag, level)	(tTdvect[flag] >= level)
-# define tTdlevel(flag)		(tTdvect[flag])
+/* macros for debugging flags */
+#define tTd(flag, level)	(tTdvect[flag] >= (u_char)level)
+#define tTdlevel(flag)		(tTdvect[flag])
+
+/* variables */
+extern u_char	tTdvect[100];	/* trace vector */
 /*
 **  Miscellaneous information.
 */
 
-
 /*
 **  The "no queue id" queue id for sm_syslog
 */
@@ -1380,135 +1634,457 @@ EXTERN u_char	tTdvect[100];
 #define newstr(s)	strcpy(xalloc(strlen(s) + 1), s)
 
 #define STRUCTCOPY(s, d)	d = s
+/*
+**  Global variables.
+*/
+
+EXTERN bool	AllowBogusHELO;	/* allow syntax errors on HELO command */
+#if !_FFR_REMOVE_AUTOREBUILD
+EXTERN bool	AutoRebuild;	/* auto-rebuild the alias database as needed */
+#endif /* !_FFR_REMOVE_AUTOREBUILD */
+EXTERN bool	CheckAliases;	/* parse addresses during newaliases */
+EXTERN bool	ChownAlwaysSafe;	/* treat chown(2) as safe */
+EXTERN bool	ColonOkInAddr;	/* single colon legal in address */
+EXTERN bool	ConfigFileRead;	/* configuration file has been read */
+EXTERN bool	DataProgress;	/* have we sent anything since last check */
+EXTERN bool	DisConnected;	/* running with OutChannel redirected to xf */
+EXTERN bool	DoQueueRun;	/* non-interrupt time queue run needed */
+EXTERN bool	DontExpandCnames;	/* do not $[...$] expand CNAMEs */
+EXTERN bool	DontInitGroups;	/* avoid initgroups() because of NIS cost */
+EXTERN bool	DontLockReadFiles;	/* don't read lock support files */
+EXTERN bool	DontProbeInterfaces;	/* don't probe interfaces for names */
+EXTERN bool	DontPruneRoutes;	/* don't prune source routes */
+EXTERN bool	ForkQueueRuns;	/* fork for each job when running the queue */
+EXTERN bool	FromFlag;	/* if set, "From" person is explicit */
+EXTERN bool	GrabTo;		/* if set, get recipients from msg */
+EXTERN bool	HasEightBits;	/* has at least one eight bit input byte */
+EXTERN bool	HasWildcardMX;	/* don't use MX records when canonifying */
+EXTERN bool	HoldErrs;	/* only output errors to transcript */
+EXTERN bool	IgnoreHostStatus;	/* ignore long term host status files */
+EXTERN bool	IgnrDot;	/* don't let dot end messages */
+EXTERN bool	InChild;	/* true if running in an SMTP subprocess */
+EXTERN bool	LogUsrErrs;	/* syslog user errors (e.g., SMTP RCPT cmd) */
+EXTERN bool	MatchGecos;	/* look for user names in gecos field */
+EXTERN bool	MeToo;		/* send to the sender also */
+EXTERN bool	NoAlias;	/* suppress aliasing */
+EXTERN bool	NoConnect;	/* don't connect to non-local mailers */
+EXTERN bool	OnlyOneError;	/*  .... or only want to give one SMTP reply */
+EXTERN bool	QuickAbort;	/*  .... but only if we want a quick abort */
+EXTERN bool	RrtImpliesDsn;	/* turn Return-Receipt-To: into DSN */
+EXTERN bool	SaveFrom;	/* save leading "From" lines */
+EXTERN bool	SendMIMEErrors;	/* send error messages in MIME format */
+EXTERN bool	SevenBitInput;	/* force 7-bit data on input */
+EXTERN bool	SingleLineFromHeader;	/* force From: header to be one line */
+EXTERN bool	SingleThreadDelivery;	/* single thread hosts on delivery */
+EXTERN bool	SuperSafe;	/* be extra careful, even if expensive */
+EXTERN bool	SuprErrs;	/* set if we are suppressing errors */
+EXTERN bool	TryNullMXList;	/* if we are the best MX, try host directly */
+EXTERN bool	UseErrorsTo;	/* use Errors-To: header (back compat) */
+EXTERN bool	UseHesiod;	/* using Hesiod -- interpret Hesiod errors */
+EXTERN bool	UseNameServer;	/* using DNS -- interpret h_errno & MX RRs */
+EXTERN char	InetMode;		/* default network for daemon mode */
+EXTERN char	OpMode;		/* operation mode, see below */
+EXTERN char	SpaceSub;	/* substitution for <lwsp> */
+EXTERN int	CheckpointInterval;	/* queue file checkpoint interval */
+EXTERN int	ConfigLevel;	/* config file level */
+EXTERN int	ConnRateThrottle;	/* throttle for SMTP connection rate */
+EXTERN int	CurChildren;	/* current number of daemonic children */
+EXTERN int	CurrentLA;	/* current load average */
+EXTERN int	DefaultNotify;	/* default DSN notification flags */
+EXTERN int	Errors;		/* set if errors (local to single pass) */
+EXTERN int	ExitStat;	/* exit status code */
+EXTERN int	FileMode;	/* mode on files */
+EXTERN int	LineNumber;	/* line number in current input */
+EXTERN int	LogLevel;	/* level of logging to perform */
+EXTERN int	MaxAliasRecursion;	/* maximum depth of alias recursion */
+EXTERN int	MaxChildren;	/* maximum number of daemonic children */
+EXTERN int	MaxForwardEntries;	/* maximum number of forward entries */
+EXTERN int	MaxHeadersLength;	/* max length of headers */
+EXTERN int	MaxHopCount;	/* max # of hops until bounce */
+EXTERN int	MaxMacroRecursion;	/* maximum depth of macro recursion */
+EXTERN int	MaxMciCache;		/* maximum entries in MCI cache */
+EXTERN int	MaxMimeFieldLength;	/* maximum MIME field length */
+EXTERN int	MaxMimeHeaderLength;	/* maximum MIME header length */
 
 
+EXTERN int	MaxQueueRun;	/* maximum number of jobs in one queue run */
+EXTERN int	MaxRcptPerMsg;	/* max recipients per SMTP message */
+EXTERN int	MaxRuleRecursion;	/* maximum depth of ruleset recursion */
+EXTERN int	MimeMode;	/* MIME processing mode */
+EXTERN int	NoRecipientAction;
+EXTERN int	NumPriorities;	/* pointer into Priorities */
+EXTERN u_short	PrivacyFlags;	/* privacy flags */
+#if _FFR_QUEUE_FILE_MODE
+EXTERN int	QueueFileMode;	/* mode on qf/tf/df files */
+#endif /* _FFR_QUEUE_FILE_MODE */
+EXTERN int	QueueLA;	/* load average starting forced queueing */
+EXTERN int	QueueSortOrder;	/* queue sorting order algorithm */
+EXTERN int	RefuseLA;	/* load average refusing connections are */
+EXTERN int	VendorCode;	/* vendor-specific operation enhancements */
+EXTERN int	Verbose;	/* set if blow-by-blow desired */
+EXTERN gid_t	DefGid;		/* default gid to run as */
+EXTERN gid_t	RealGid;	/* real gid of caller */
+EXTERN gid_t	RunAsGid;	/* GID to become for bulk of run */
+EXTERN uid_t	DefUid;		/* default uid to run as */
+EXTERN uid_t	RealUid;	/* real uid of caller */
+EXTERN uid_t	RunAsUid;	/* UID to become for bulk of run */
+EXTERN uid_t	TrustedUid;	/* uid of trusted user for files and startup */
+EXTERN size_t	DataFileBufferSize;	/* size of buffer for in-core df */
+EXTERN size_t	XscriptFileBufferSize;	/* size of buffer for in-core xf */
+EXTERN time_t	DialDelay;	/* delay between dial-on-demand tries */
+EXTERN time_t	MciCacheTimeout;	/* maximum idle time on connections */
+EXTERN time_t	MciInfoTimeout;		/* how long 'til we retry down hosts */
+EXTERN time_t	MinQueueAge;	/* min delivery interval */
+EXTERN time_t	QueueIntvl;	/* intervals between running the queue */
+EXTERN time_t	SafeAlias;	/* interval to wait until @:@ in alias file */
+EXTERN time_t	ServiceCacheMaxAge;	/* refresh interval for cache */
+EXTERN time_t	ServiceCacheTime;	/* time service switch was cached */
+EXTERN MODE_T	OldUmask;	/* umask when sendmail starts up */
+EXTERN long	MaxMessageSize;	/* advertised max size we will accept */
+EXTERN long	MinBlocksFree;	/* min # of blocks free on queue fs */
+EXTERN long	QueueFactor;	/* slope of queue function */
+EXTERN long	WkClassFact;	/* multiplier for message class -> priority */
+EXTERN long	WkRecipFact;	/* multiplier for # of recipients -> priority */
+EXTERN long	WkTimeFact;	/* priority offset each time this job is run */
+#if SASL
+EXTERN char	*AuthMechanisms;	/* AUTH mechanisms */
+EXTERN char	*SASLInfo;		/* file with AUTH info */
+#endif /* SASL */
+EXTERN int	SASLOpts;		/* options for SASL */
+#if STARTTLS
+EXTERN char	*CACERTpath;	/* path to CA certificates (dir. with hashes) */
+EXTERN char	*CACERTfile;	/* file with CA certificate */
+EXTERN char	*SrvCERTfile;	/* file with server certificate */
+EXTERN char	*Srvkeyfile;	/* file with server private key */
+EXTERN char	*CltCERTfile;	/* file with client certificate */
+EXTERN char	*Cltkeyfile;	/* file with client private key */
+EXTERN char	*DHParams;	/* file with DH parameters */
+EXTERN char	*RandFile;	/* source of random data */
+# if _FFR_TLS_1
+EXTERN char	*DHParams5;	/* file with DH parameters (512) */
+EXTERN char	*CipherList;	/* list of ciphers */
+# endif /* _FFR_TLS_1 */
+#endif /* STARTTLS */
+EXTERN char	*ConfFile;	/* location of configuration file [conf.c] */
+EXTERN char	*ControlSocketName; /* control socket filename [control.c] */
+EXTERN char	*CurHostName;	/* current host we are dealing with */
+EXTERN char	*DeadLetterDrop;	/* path to dead letter office */
+EXTERN char	*DefUser;	/* default user to run as (from DefUid) */
+EXTERN char	*DefaultCharSet;	/* default character set for MIME */
+EXTERN char	*DoubleBounceAddr;	/* where to send double bounces */
+EXTERN char	*ErrMsgFile;	/* file to prepend to all error messages */
+EXTERN char	*FallBackMX;	/* fall back MX host */
+EXTERN char	*FileName;	/* name to print on error messages */
+EXTERN char	*ForwardPath;	/* path to search for .forward files */
+EXTERN char	*HelpFile;	/* location of SMTP help file */
+EXTERN char	*HostStatDir;	/* location of host status information */
+EXTERN char	*HostsFile;	/* path to /etc/hosts file */
+EXTERN char	*MustQuoteChars;	/* quote these characters in phrases */
+EXTERN char	*MyHostName;	/* name of this host for SMTP messages */
+EXTERN char	*OperatorChars;	/* operators (old $o macro) */
+EXTERN char	*PidFile;	/* location of proc id file [conf.c] */
+EXTERN char	*PostMasterCopy;	/* address to get errs cc's */
+EXTERN char	*ProcTitlePrefix; /* process title prefix */
+EXTERN char	*QueueDir;	/* location of queue directory */
+#if _FFR_QUEUEDELAY
+EXTERN int	QueueAlg;	/* algorithm for queue delays */
+EXTERN time_t	QueueInitDelay;	/* initial queue delay */
+EXTERN time_t	QueueMaxDelay;	/* maximum queue delay */
+#endif /* _FFR_QUEUEDELAY */
+EXTERN char	*RealHostName;	/* name of host we are talking to */
+EXTERN char	*RealUserName;	/* real user name of caller */
+EXTERN char	*RunAsUserName;	/* user to become for bulk of run */
+EXTERN char	*SafeFileEnv;	/* chroot location for file delivery */
+EXTERN char	*ServiceSwitchFile;	/* backup service switch */
+EXTERN char	*SmtpGreeting;	/* SMTP greeting message (old $e macro) */
+EXTERN char	*SmtpPhase;	/* current phase in SMTP processing */
+EXTERN char	SmtpError[MAXLINE];	/* save failure error messages */
+EXTERN char	*StatFile;	/* location of statistics summary */
+EXTERN char	*TimeZoneSpec;	/* override time zone specification */
+EXTERN char	*UdbSpec;	/* user database source spec */
+EXTERN char	*UnixFromLine;	/* UNIX From_ line (old $l macro) */
+EXTERN char	**ExternalEnviron;	/* input environment */
+					/* saved user environment */
+EXTERN BITMAP256	DontBlameSendmail;	/* DontBlameSendmail bits */
+#if SFIO
+EXTERN Sfio_t	*InChannel;	/* input connection */
+EXTERN Sfio_t	*OutChannel;	/* output connection */
+#else /* SFIO */
+EXTERN FILE	*InChannel;	/* input connection */
+EXTERN FILE	*OutChannel;	/* output connection */
+#endif /* SFIO */
+EXTERN FILE	*TrafficLogFile;	/* file in which to log all traffic */
+#ifdef HESIOD
+EXTERN void	*HesiodContext;
+#endif /* HESIOD */
+EXTERN ENVELOPE	*CurEnv;	/* envelope currently being processed */
+EXTERN EVENT	*EventQueue;	/* head of event queue */
+EXTERN MAILER	*LocalMailer;	/* ptr to local mailer */
+EXTERN MAILER	*ProgMailer;	/* ptr to program mailer */
+EXTERN MAILER	*FileMailer;	/* ptr to *file* mailer */
+EXTERN MAILER	*InclMailer;	/* ptr to *include* mailer */
+EXTERN QUEUE_CHAR	*QueueLimitRecipient;	/* limit queue run to rcpt */
+EXTERN QUEUE_CHAR	*QueueLimitSender;	/* limit queue run to sender */
+EXTERN QUEUE_CHAR	*QueueLimitId;		/* limit queue run to id */
+EXTERN MAILER	*Mailer[MAXMAILERS + 1];
+EXTERN struct rewrite	*RewriteRules[MAXRWSETS];
+EXTERN char	*RuleSetNames[MAXRWSETS];	/* ruleset number to name */
+EXTERN char	*UserEnviron[MAXUSERENVIRON + 1];
+EXTERN struct priority	Priorities[MAXPRIORITIES];
+EXTERN struct termescape	TermEscape;	/* terminal escape codes */
+EXTERN SOCKADDR	ConnectOnlyTo;	/* override connection address (for testing) */
+EXTERN SOCKADDR RealHostAddr;	/* address of host we are talking to */
+EXTERN jmp_buf	TopFrame;	/* branch-to-top-of-loop-on-error frame */
+EXTERN TIMERS	Timers;
 
 /*
 **  Declarations of useful functions
 */
 
-extern char	*xalloc __P((int));
-extern char	*sfgets __P((char *, int, FILE *, time_t, char *));
-extern char	*queuename __P((ENVELOPE *, int));
-extern time_t	curtime __P((void));
-extern bool	transienterror __P((int));
-extern char	*fgetfolded __P((char *, int, FILE *));
-extern char	*username __P((void));
-extern char	*pintvl __P((time_t, bool));
-extern bool	shouldqueue __P((long, time_t));
-extern bool	lockfile __P((int, char *, char *, int));
-extern char	*hostsignature __P((MAILER *, char *, ENVELOPE *));
-extern void	openxscript __P((ENVELOPE *));
+#if SASL
+extern char	*intersect __P((char *, char *));
+extern char	*iteminlist __P((char *, char *, char *));
+extern int	proxy_policy __P((void *, const char *, const char *, const char **, const char **));
+# if SASL > 10515
+extern int	safesaslfile __P((void *, char *, int));
+# else /* SASL > 10515 */
+extern int	safesaslfile __P((void *, char *));
+# endif /* SASL > 10515 */
+extern int	sasl_decode64 __P((const char *, unsigned, char *, unsigned *));
+extern int	sasl_encode64 __P((const char *, unsigned, char *, unsigned, unsigned *));
+#endif /* SASL */
+
+#if STARTTLS
+extern void	apps_ssl_info_cb __P((SSL *, int , int));
+extern bool	inittls __P((SSL_CTX **, u_long, bool, char *, char *, char *, char *, char *));
+extern bool	initclttls __P((void));
+extern bool	initsrvtls __P((void));
+extern int	tls_get_info __P((SSL *, ENVELOPE *, bool, char *));
+extern int	endtls __P((SSL *, char *));
+extern int	endtlsclt __P((MCI *));
+extern void	tlslogerr __P((void));
+extern void	tls_rand_init __P((char *, int));
+#endif /* STARTTLS */
+
+/* Transcript file */
 extern void	closexscript __P((ENVELOPE *));
-extern char	*shortenstring __P((const char *, int));
-extern bool	usershellok __P((char *, char *));
-extern char	*defcharset __P((ENVELOPE *));
-extern bool	wordinclass __P((char *, int));
-extern char	*denlstring __P((char *, bool, bool));
-extern void	makelower __P((char *));
-extern bool	rebuildaliases __P((MAP *, bool));
+extern void	openxscript __P((ENVELOPE *));
+
+/* error related */
+extern void	buffer_errors __P((void));
+extern void	flush_errors __P((bool));
+extern void	message __P((const char *, ...));
+extern void	nmessage __P((const char *, ...));
+extern void	syserr __P((const char *, ...));
+extern void	usrerrenh __P((char *, const char *, ...));
+extern void	usrerr __P((const char *, ...));
+extern int	isenhsc __P((const char *, int));
+extern int	extenhsc __P((const char *, int, char *));
+
+/* alias file */
+extern void	alias __P((ADDRESS *, ADDRESS **, int, ENVELOPE *));
+extern bool	aliaswait __P((MAP *, char *, bool));
+extern void	forward __P((ADDRESS *, ADDRESS **, int, ENVELOPE *));
 extern void	readaliases __P((MAP *, FILE *, bool, bool));
-extern void	finis __P((bool, volatile int));
-extern void	setsender __P((char *, ENVELOPE *, char **, int, bool));
-extern void	xputs __P((const char *));
+extern bool	rebuildaliases __P((MAP *, bool));
+extern void	setalias __P((char *));
+
+/* logging */
+extern void	logdelivery __P((MAILER *, MCI *, char *, const char *, ADDRESS *, time_t, ENVELOPE *));
 extern void	logsender __P((ENVELOPE *, char *));
-extern void	smtprset __P((MAILER *, MCI *, ENVELOPE *));
-extern void	smtpquit __P((MAILER *, MCI *, ENVELOPE *));
-extern void	setuserenv __P((const char *, const char *));
-extern char	*getextenv __P((const char *));
-extern void	disconnect __P((int, ENVELOPE *));
-extern void	putxline __P((char *, size_t, MCI *, int));
-extern void	dumpfd __P((int, bool, bool));
-extern void	makemailer __P((char *));
-extern void	putfromline __P((MCI *, ENVELOPE *));
-extern void	setoption __P((int, char *, bool, bool, ENVELOPE *));
-extern void	setclass __P((int, char *));
-extern void	inittimeouts __P((char *));
-extern void	logdelivery __P((MAILER *, MCI *, const char *, ADDRESS *, time_t, ENVELOPE *));
-extern void	giveresponse __P((int, MAILER *, MCI *, ADDRESS *, time_t, ENVELOPE *));
-extern void	buildfname __P((char *, char *, char *, int));
-extern void	mci_setstat __P((MCI *, int, char *, char *));
+extern void	sm_syslog __P((int, const char *, const char *, ...));
+
+/* SMTP */
+extern void	giveresponse __P((int, char *, MAILER *, MCI *, ADDRESS *, time_t, ENVELOPE *));
+extern int	reply __P((MAILER *, MCI *, ENVELOPE *, time_t, void (*)(), char **));
+extern void	smtp __P((char *volatile, BITMAP256, ENVELOPE *volatile));
+#if SASL
+extern int	smtpauth __P((MAILER *, MCI *, ENVELOPE *));
+#endif /* SASL */
+extern int	smtpdata __P((MAILER *, MCI *, ENVELOPE *));
+extern int	smtpgetstat __P((MAILER *, MCI *, ENVELOPE *));
+extern int	smtpmailfrom __P((MAILER *, MCI *, ENVELOPE *));
+extern void	smtpmessage __P((char *, MAILER *, MCI *, ...));
+extern void	smtpinit __P((MAILER *, MCI *, ENVELOPE *, bool));
 extern char	*smtptodsn __P((int));
-extern int	rscheck __P((char *, char *, char *, ENVELOPE *e));
-extern void	mime7to8 __P((MCI *, HDR *, ENVELOPE *));
-extern int	mime8to7 __P((MCI *, HDR *, ENVELOPE *, char **, int));
-extern void	xfclose __P((FILE *, char *, char *));
-extern int	switch_map_find __P((char *, char *[], short []));
-extern void	shorten_hostname __P((char []));
-extern int	waitfor __P((pid_t));
-extern void	proc_list_add __P((pid_t, char *));
-extern void	proc_list_set __P((pid_t, char *));
-extern void	proc_list_drop __P((pid_t));
-extern void	proc_list_clear __P((void));
-extern void	proc_list_display __P((FILE *));
-extern void	proc_list_probe __P((void));
-extern void	buffer_errors __P((void));
-extern void	flush_errors __P((bool));
-extern void	putline __P((char *, MCI *));
-extern bool	xtextok __P((char *));
-extern char	*xtextify __P((char *, char *));
-extern char	*xuntextify __P((char *));
-extern void	cleanstrcpy __P((char *, char *, int));
-extern int	getmxrr __P((char *, char **, bool, int *));
-extern int	strtorwset __P((char *, char **, int));
-extern void	printav __P((char **));
-extern void	printopenfds __P((bool));
+extern int	smtpprobe __P((MCI *));
+extern void	smtpquit __P((MAILER *, MCI *, ENVELOPE *));
+extern int	smtprcpt __P((ADDRESS *, MAILER *, MCI *, ENVELOPE *));
+extern void	smtprset __P((MAILER *, MCI *, ENVELOPE *));
+
+#define ISSMTPCODE(c)	(isascii(c[0]) && isdigit(c[0]) && \
+		    isascii(c[1]) && isdigit(c[1]) && \
+		    isascii(c[2]) && isdigit(c[2]))
+#define ISSMTPREPLY(c)	(ISSMTPCODE(c) && \
+		    (c[3] == ' ' || c[3] == '-' || c[3] == '\0'))
+
+/* delivery */
+extern pid_t	dowork __P((int, char *, bool, bool, ENVELOPE *));
 extern int	endmailer __P((MCI *, ENVELOPE *, char **));
-extern void	fixcrlf __P((char *, bool));
-extern int	dofork __P((void));
-extern void	initsys __P((ENVELOPE *));
-extern void	collect __P((FILE *, bool, HDR **, ENVELOPE *));
-extern void	stripquotes __P((char *));
-extern int	include __P((char *, bool, ADDRESS *, ADDRESS **, int, ENVELOPE  *));
-extern void	unlockqueue __P((ENVELOPE *));
-extern void	xunlink __P((char *));
-extern bool	runqueue __P((bool, bool));
-extern int	getla __P((void));
+extern int	mailfile __P((char *volatile, MAILER *volatile, ADDRESS *, volatile long, ENVELOPE *));
 extern void	sendall __P((ENVELOPE *, int));
-extern void	queueup __P((ENVELOPE *, bool));
-extern void	checkfds __P((char *));
-extern int	returntosender __P((char *, ADDRESS *, int, ENVELOPE *));
+
+/* stats */
 extern void	markstats __P((ENVELOPE *, ADDRESS *, bool));
+extern void	clearstats __P((void));
 extern void	poststats __P((char *));
+
+/* control socket */
+extern void	closecontrolsocket  __P((bool));
+extern void	clrcontrol  __P((void));
+extern void	control_command __P((int, ENVELOPE *));
+extern int	opencontrolsocket __P((void));
+
+#if _FFR_MILTER
+/* milter functions */
+extern void	milter_parse_list __P((char *, struct milter **, int));
+extern void	milter_setup __P((char *));
+extern void	milter_set_option __P((char *, char *, bool));
+extern bool	milter_can_delrcpts __P((void));
+extern void	milter_init __P((ENVELOPE *, char *));
+extern void	milter_quit __P((ENVELOPE *));
+extern void	milter_abort __P((ENVELOPE *));
+extern char	*milter_connect __P((char *, SOCKADDR, ENVELOPE *, char *));
+extern char	*milter_helo __P((char *, ENVELOPE *, char *));
+extern char	*milter_envfrom __P((char **, ENVELOPE *, char *));
+extern char	*milter_envrcpt __P((char **, ENVELOPE *, char *));
+extern char	*milter_data __P((ENVELOPE *, char *));
+#endif /* _FFR_MILTER */
+
+extern char	*addquotes __P((char *));
 extern char	*arpadate __P((char *));
-extern int	mailfile __P((char *volatile, MAILER *volatile, ADDRESS *, volatile int, ENVELOPE *));
-extern void	loseqfile __P((ENVELOPE *, char *));
-extern int	prog_open __P((char **, int *, ENVELOPE *));
-extern bool	getcanonname __P((char *, int, bool));
-extern bool	path_is_dir __P((char *, bool));
-extern pid_t	dowork __P((char *, bool, bool, ENVELOPE *));
+extern bool	atobool __P((char *));
+extern int	atooct __P((char *));
+extern void	auth_warning __P((ENVELOPE *, const char *, ...));
+extern int	blocksignal __P((int));
+extern bool	bitintersect __P((BITMAP256, BITMAP256));
+extern bool	bitzerop __P((BITMAP256));
+extern void	buildfname __P((char *, char *, char *, int));
+extern int	checkcompat __P((ADDRESS *, ENVELOPE *));
+#ifdef XDEBUG
+extern void	checkfd012 __P((char *));
+extern void	checkfdopen __P((int, char *));
+#endif /* XDEBUG */
+extern void	checkfds __P((char *));
+extern bool	chownsafe __P((int, bool));
+extern void	cleanstrcpy __P((char *, char *, int));
+extern void	clrdaemon __P((void));
+extern void	collect __P((FILE *, bool, HDR **, ENVELOPE *));
+extern time_t	convtime __P((char *, int));
+extern char	**copyplist __P((char **, bool));
+extern void	copy_class __P((int, int));
+extern time_t	curtime __P((void));
+extern char	*defcharset __P((ENVELOPE *));
+extern char	*denlstring __P((char *, bool, bool));
+extern void	disconnect __P((int, ENVELOPE *));
+extern bool	dns_getcanonname __P((char *, int, bool, int *));
+extern int	dofork __P((void));
 extern int	drop_privileges __P((bool));
+extern int	dsntoexitstat __P((char *));
+extern void	dumpfd __P((int, bool, bool));
+extern void	dumpstate __P((char *));
+extern bool	enoughdiskspace __P((long, bool));
+extern char	*exitstat __P((char *));
+extern char	*fgetfolded __P((char *, int, FILE *));
 extern void	fill_fd __P((int, char *));
-extern void	closecontrolsocket  __P((bool));
-extern void	clrcontrol  __P((void));
-
-extern const char	*errstring __P((int));
+extern char	*find_character __P((char *, int));
+extern struct passwd	*finduser __P((char *, bool *));
+extern void	finis __P((bool, volatile int));
+extern void	fixcrlf __P((char *, bool));
+extern long	freediskspace __P((char *, long *));
+extern char	*get_column __P((char *, int, int, char *, int));
+extern char	*getauthinfo __P((int, bool *));
+extern char	*getcfname __P((void));
+extern char	*getextenv __P((const char *));
+extern int	getdtsize __P((void));
+extern BITMAP256	*getrequests __P((ENVELOPE *));
+extern char	*getvendor __P((int));
+extern void	help __P((char *, ENVELOPE *));
+extern void	init_md __P((int, char **));
+extern void	initdaemon __P((void));
+extern void	inithostmaps __P((void));
+extern void	initmacros __P((ENVELOPE *));
+extern void	initsetproctitle __P((int, char **, char **));
+extern void	init_vendor_macros __P((ENVELOPE *));
+extern SIGFUNC_DECL	intindebug __P((int));
+extern SIGFUNC_DECL	intsig __P((int));
+extern bool	isloopback __P((SOCKADDR sa));
+extern void	load_if_names __P((void));
+extern bool	lockfile __P((int, char *, char *, int));
+extern void	log_sendmail_pid __P((ENVELOPE *));
+extern char	lower __P((int));
+extern void	makelower __P((char *));
+extern int	makeconnection_ds __P((char *, MCI *));
+extern int	makeconnection __P((char *, volatile u_int, MCI *, ENVELOPE *));
+extern char *	munchstring __P((char *, char **, int));
+extern struct hostent	*myhostname __P((char *, int));
+extern char	*nisplus_default_domain __P((void));	/* extern for Sun */
+extern bool	path_is_dir __P((char *, bool));
+extern char	*pintvl __P((time_t, bool));
+extern void	printav __P((char **));
+extern void	printmailer __P((MAILER *));
+extern void	printopenfds __P((bool));
+extern void	printqueue __P((void));
+extern void	printrules __P((void));
+extern int	prog_open __P((char **, int *, ENVELOPE *));
+extern void	putline __P((char *, MCI *));
+extern void	putxline __P((char *, size_t, MCI *, int));
+extern void	queueup_macros __P((int, FILE *, ENVELOPE *));
+extern SIGFUNC_DECL	quiesce __P((int));
+extern void	readcf __P((char *, bool, ENVELOPE *));
+extern SIGFUNC_DECL	reapchild __P((int));
+extern bool	refuseconnections __P((char *, ENVELOPE *, int));
+extern int	releasesignal __P((int));
+extern void	resetlimits __P((void));
+extern bool	rfc822_string __P((char *));
+extern void	savemail __P((ENVELOPE *, bool));
+extern void	seed_random __P((void));
+extern void	sendtoargv __P((char **, ENVELOPE *));
+extern void	setclientoptions __P((char *));
+extern bool	setdaemonoptions __P((char *));
+extern void	setdefaults __P((ENVELOPE *));
+extern void	setdefuser __P((void));
+extern bool	setvendor __P((char *));
+extern void	setoption __P((int, char *, bool, bool, ENVELOPE *));
 extern sigfunc_t	setsignal __P((int, sigfunc_t));
-extern int		blocksignal __P((int));
-extern int		releasesignal __P((int));
-extern struct hostent	*sm_gethostbyname __P((char *));
+extern void	setuserenv __P((const char *, const char *));
+extern void	settime __P((ENVELOPE *));
+extern char	*sfgets __P((char *, int, FILE *, time_t, char *));
+extern char	*shortenstring __P((const char *, int));
+extern void	shorten_hostname __P((char []));
+extern bool	shorten_rfc822_string __P((char *, size_t));
+extern SIGFUNC_DECL	sigusr1 __P((int));
+extern SIGFUNC_DECL	sighup __P((int));
+extern void	sm_dopr __P((char *, const char *, va_list));
+extern struct hostent	*sm_gethostbyname __P((char *, int));
 extern struct hostent	*sm_gethostbyaddr __P((char *, int, int));
+extern int	sm_getla __P((ENVELOPE *));
 extern struct passwd	*sm_getpwnam __P((char *));
 extern struct passwd	*sm_getpwuid __P((UID_T));
-extern struct passwd	*finduser __P((char *, bool *));
-
-#ifdef XDEBUG
-extern void		checkfdopen __P((int, char *));
-extern void		checkfd012 __P((char *));
-#endif
-
-/* ellipsis is a different case though */
-extern void		auth_warning __P((ENVELOPE *, const char *, ...));
-extern void		syserr __P((const char *, ...));
-extern void		usrerr __P((const char *, ...));
-extern void		message __P((const char *, ...));
-extern void		nmessage __P((const char *, ...));
-extern void		setproctitle __P((const char *, ...));
-extern void		sm_setproctitle __P((bool, const char *, ...));
-extern void		sm_syslog __P((int, const char *, const char *, ...));
-
-#if !HASSNPRINTF
-extern int		snprintf __P((char *, size_t, const char *, ...));
-extern int		vsnprintf __P((char *, size_t, const char *, va_list));
-#endif
-extern char		*quad_to_string __P((QUAD_T));
+extern void	sm_setproctitle __P((bool, ENVELOPE *, const char *, ...));
+extern int	sm_strcasecmp __P((const char *, const char *));
+extern bool	strcontainedin __P((char *, char *));
+extern void	stripquotes __P((char *));
+extern int	switch_map_find __P((char *, char *[], short []));
+extern bool	transienterror __P((int));
+extern void	tTflag __P((char *));
+extern void	tTsetup __P((u_char *, int, char *));
+extern SIGFUNC_DECL	tick __P((int));
+extern char	*ttypath __P((void));
+extern void	unlockqueue __P((ENVELOPE *));
+#if !HASUNSETENV
+extern void	unsetenv __P((char *));
+#endif /* !HASUNSETENV */
+extern char	*username __P((void));
+extern bool	usershellok __P((char *, char *));
+extern void	vendor_post_defaults __P((ENVELOPE *));
+extern void	vendor_pre_defaults __P((ENVELOPE *));
+extern int	waitfor __P((pid_t));
+extern bool	writable __P((char *, ADDRESS *, long));
+extern char	*xalloc __P((int));
+extern void	xputs __P((const char *));
+extern char	*xtextify __P((char *, char *));
+extern bool	xtextok __P((char *));
+extern void	xunlink __P((char *));
+extern char	*xuntextify __P((char *));
+#endif /* _SENDMAIL_H */
diff --git a/contrib/sendmail/src/sfsasl.c b/contrib/sendmail/src/sfsasl.c
new file mode 100644
index 0000000..43a65d1
--- /dev/null
+++ b/contrib/sendmail/src/sfsasl.c
@@ -0,0 +1,367 @@
+/*
+ * Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: sfsasl.c,v 8.17.4.7 2000/07/18 18:44:51 gshapiro Exp $";
+#endif /* ! lint */
+
+#if SFIO
+# include <sfio/stdio.h>
+#endif /* SFIO */
+
+#include <stdlib.h>
+#include <sendmail.h>
+
+#if SASL && SFIO
+/*
+**  SASL
+*/
+
+# include <sasl.h>
+# include "sfsasl.h"
+
+static ssize_t
+sasl_read(f, buf, size, disc)
+	Sfio_t *f;
+	Void_t *buf;
+	size_t size;
+	Sfdisc_t *disc;
+{
+	int len, result;
+	char *outbuf;
+	unsigned int outlen;
+	Sasldisc_t *sd = (Sasldisc_t *) disc;
+
+	len = sfrd(f, buf, size, disc);
+
+	if (len <= 0)
+		return len;
+
+	result = sasl_decode(sd->conn, buf, len, &outbuf, &outlen);
+
+	if (result != SASL_OK)
+	{
+		/* eventually, we'll want an exception here */
+		return -1;
+	}
+
+	if (outbuf != NULL)
+	{
+		(void)memcpy(buf, outbuf, outlen);
+		free(outbuf);
+	}
+	return outlen;
+}
+
+static ssize_t
+sasl_write(f, buf, size, disc)
+	Sfio_t *f;
+	const Void_t *buf;
+	size_t size;
+	Sfdisc_t *disc;
+{
+	int result;
+	char *outbuf;
+	unsigned int outlen;
+	Sasldisc_t *sd = (Sasldisc_t *) disc;
+
+	result = sasl_encode(sd->conn, buf, size, &outbuf, &outlen);
+
+	if (result != SASL_OK)
+	{
+		/* eventually, we'll want an exception here */
+		return -1;
+	}
+
+	if (outbuf != NULL)
+	{
+		sfwr(f, outbuf, outlen, disc);
+		free(outbuf);
+	}
+	return size;
+}
+
+int
+sfdcsasl(fin, fout, conn)
+	Sfio_t *fin;
+	Sfio_t *fout;
+	sasl_conn_t *conn;
+{
+	Sasldisc_t *saslin, *saslout;
+
+	if (conn == NULL)
+	{
+		/* no need to do anything */
+		return 0;
+	}
+
+	if ((saslin = (Sasldisc_t *) malloc(sizeof(Sasldisc_t))) == NULL)
+		return -1;
+	if ((saslout = (Sasldisc_t *) malloc(sizeof(Sasldisc_t))) == NULL)
+	{
+		free(saslin);
+		return -1;
+	}
+
+	saslin->disc.readf = sasl_read;
+	saslin->disc.writef = sasl_write;
+	saslin->disc.seekf = NULL;
+	saslin->disc.exceptf = NULL;
+
+	saslout->disc.readf = sasl_read;
+	saslout->disc.writef = sasl_write;
+	saslout->disc.seekf = NULL;
+	saslout->disc.exceptf = NULL;
+
+	saslin->conn = conn;
+	saslout->conn = conn;
+
+	if (sfdisc(fin, (Sfdisc_t *) saslin) != (Sfdisc_t *) saslin ||
+	    sfdisc(fout, (Sfdisc_t *) saslout) != (Sfdisc_t *) saslout)
+	{
+		free(saslin);
+		free(saslout);
+		return -1;
+	}
+	return 0;
+}
+#endif /* SASL && SFIO */
+
+#if STARTTLS && (SFIO || _FFR_TLS_TOREK)
+/*
+**  STARTTLS
+*/
+
+# include "sfsasl.h"
+#  include <openssl/err.h>
+
+static ssize_t
+# if SFIO
+tls_read(f, buf, size, disc)
+	Sfio_t *f;
+	Void_t *buf;
+	size_t size;
+	Sfdisc_t *disc;
+# else /* SFIO */
+tls_read(disc, buf, size)
+	void *disc;
+	void *buf;
+	size_t size;
+# endif /* SFIO */
+{
+	int r;
+	Tlsdisc_t *sd;
+
+	/* Cast back to correct type */
+	sd = (Tlsdisc_t *) disc;
+
+	r = SSL_read(sd->con, (char *) buf, size);
+	if (r < 0 && LogLevel > 7)
+	{
+		char *err;
+
+		err = NULL;
+		switch (SSL_get_error(sd->con, r))
+		{
+			case SSL_ERROR_NONE:
+				break;
+			case SSL_ERROR_WANT_WRITE:
+				err = "write W BLOCK";
+				break;
+			case SSL_ERROR_WANT_READ:
+				err = "write R BLOCK";
+				break;
+			case SSL_ERROR_WANT_X509_LOOKUP:
+				err = "write X BLOCK";
+				break;
+			case SSL_ERROR_ZERO_RETURN:
+				break;
+			case SSL_ERROR_SYSCALL:
+				err = "syscall error";
+/*
+				get_last_socket_error());
+*/
+				break;
+			case SSL_ERROR_SSL:
+				err = "generic SSL error";
+				break;
+		}
+		if (err != NULL)
+			sm_syslog(LOG_WARNING, NOQID, "TLS: read error:  %s",
+				  err);
+	}
+	return r;
+}
+
+static ssize_t
+# if SFIO
+tls_write(f, buf, size, disc)
+	Sfio_t *f;
+	const Void_t *buf;
+	size_t size;
+	Sfdisc_t *disc;
+# else /* SFIO */
+tls_write(disc, buf, size)
+	void *disc;
+	const void *buf;
+	size_t size;
+# endif /* SFIO */
+{
+	int r;
+	Tlsdisc_t *sd;
+
+	/* Cast back to correct type */
+	sd = (Tlsdisc_t *) disc;
+
+	r = SSL_write(sd->con, (char *)buf, size);
+	if (r < 0 && LogLevel > 7)
+	{
+		char *err;
+
+		err = NULL;
+		switch (SSL_get_error(sd->con, r))
+		{
+			case SSL_ERROR_NONE:
+				break;
+			case SSL_ERROR_WANT_WRITE:
+				err = "write W BLOCK";
+				break;
+			case SSL_ERROR_WANT_READ:
+				err = "write R BLOCK";
+				break;
+			case SSL_ERROR_WANT_X509_LOOKUP:
+				err = "write X BLOCK";
+				break;
+			case SSL_ERROR_ZERO_RETURN:
+				break;
+			case SSL_ERROR_SYSCALL:
+				err = "syscall error";
+/*
+				get_last_socket_error());
+*/
+				break;
+			case SSL_ERROR_SSL:
+				err = "generic SSL error";
+/*
+				ERR_GET_REASON(ERR_peek_error()));
+*/
+				break;
+		}
+		if (err != NULL)
+			sm_syslog(LOG_WARNING, NOQID, "TLS: write error:  %s",
+				  err);
+	}
+	return r;
+}
+
+# if !SFIO
+static int
+tls_close(cookie)
+	void *cookie;
+{
+	int retval = 0;
+	Tlsdisc_t *tc;
+
+	/* Cast back to correct type */
+	tc = (Tlsdisc_t *)cookie;
+
+	if (tc->fp != NULL)
+	{
+		retval = fclose(tc->fp);
+		tc->fp = NULL;
+	}
+
+	free(tc);
+	return retval;
+}
+# endif /* !SFIO */
+
+int
+sfdctls(fin, fout, con)
+# if SFIO
+	Sfio_t *fin;
+	Sfio_t *fout;
+# else /* SFIO */
+	FILE **fin;
+	FILE **fout;
+# endif /* SFIO */
+	SSL *con;
+{
+	Tlsdisc_t *tlsin, *tlsout;
+# if !SFIO
+	FILE *fp;
+# endif /* !SFIO */
+
+	if (con == NULL)
+		return 0;
+
+	if ((tlsin = (Tlsdisc_t *) malloc(sizeof(Tlsdisc_t))) == NULL)
+		return -1;
+	if ((tlsout = (Tlsdisc_t *) malloc(sizeof(Tlsdisc_t))) == NULL)
+	{
+		free(tlsin);
+		return -1;
+	}
+
+# if SFIO
+	tlsin->disc.readf = tls_read;
+	tlsin->disc.writef = tls_write;
+	tlsin->disc.seekf = NULL;
+	tlsin->disc.exceptf = NULL;
+	tlsin->con = con;
+
+	tlsout->disc.readf = tls_read;
+	tlsout->disc.writef = tls_write;
+	tlsout->disc.seekf = NULL;
+	tlsout->disc.exceptf = NULL;
+	tlsout->con = con;
+
+	SSL_set_rfd(con, fileno(fin));	/* fileno or sffileno? XXX */
+	SSL_set_wfd(con, fileno(fout));
+	if (sfdisc(fin, (Sfdisc_t *) tlsin) != (Sfdisc_t *) tlsin ||
+	    sfdisc(fout, (Sfdisc_t *) tlsout) != (Sfdisc_t *) tlsout)
+	{
+		free(tlsin);
+		free(tlsout);
+		return -1;
+	}
+# else /* SFIO */
+	tlsin->fp = *fin;
+	tlsin->con = con;
+	fp = funopen(tlsin, tls_read, tls_write, NULL, tls_close);
+	if (fp == NULL)
+	{
+		free(tlsin);
+		return -1;
+	}
+	*fin = fp;
+
+	tlsout->fp = *fout;
+	tlsout->con = con;
+	fp = funopen(tlsout, tls_read, tls_write, NULL, tls_close);
+	if (fp == NULL)
+	{
+		FILE *save;
+
+		/* Hack: Don't close underlying fp */
+		save = tlsin->fp;
+		tlsin->fp = NULL;
+		fclose(*fin);
+		*fin = save;
+		free(tlsout);
+		return -1;
+	}
+	*fout = fp;
+	SSL_set_rfd(con, fileno(tlsin->fp));
+	SSL_set_wfd(con, fileno(tlsout->fp));
+# endif /* SFIO */
+	return 0;
+}
+#endif /* STARTTLS && (SFIO || _FFR_TLS_TOREK) */
diff --git a/contrib/sendmail/src/sfsasl.h b/contrib/sendmail/src/sfsasl.h
new file mode 100644
index 0000000..b276e27
--- /dev/null
+++ b/contrib/sendmail/src/sfsasl.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 1999, 2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ *	$Id: sfsasl.h,v 8.13.4.4 2000/07/18 18:44:51 gshapiro Exp $"
+ */
+
+#ifndef SFSASL_H
+# define SFSASL_H
+
+# if SFIO
+#  include <sfio.h>
+# endif /* SFIO */
+
+# if SASL
+#  if SFIO
+
+/* sf discipline to add sasl */
+typedef struct _sasldisc
+{
+	Sfdisc_t	disc;
+	sasl_conn_t	*conn;
+} Sasldisc_t;
+
+extern int	sfdcsasl __P((Sfio_t *, Sfio_t *, sasl_conn_t *));
+
+#  endif /* SFIO */
+# endif /* SASL */
+
+# if STARTTLS
+#  if SFIO
+
+/* sf discipline to add tls */
+typedef struct _tlsdisc
+{
+	Sfdisc_t	disc;
+	SSL		*con;
+} Tlsdisc_t;
+
+extern int	sfdctls __P((Sfio_t *, Sfio_t *, SSL *));
+
+#  else /* SFIO */
+#   if _FFR_TLS_TOREK
+
+typedef struct tls_conn
+{
+	FILE		*fp;	/* original FILE * */
+	SSL		*con;	/* SSL context */
+} Tlsdisc_t;
+
+extern int	sfdctls __P((FILE **, FILE **, SSL *));
+
+#   endif /* _FFR_TLS_TOREK */
+#  endif /* SFIO */
+# endif /* STARTTLS */
+#endif /* ! SFSASL_H */
diff --git a/contrib/sendmail/src/shmticklib.c b/contrib/sendmail/src/shmticklib.c
new file mode 100644
index 0000000..a3e1ad5
--- /dev/null
+++ b/contrib/sendmail/src/shmticklib.c
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ * Contributed by Exactis.com, Inc.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: shmticklib.c,v 8.6 2000/02/26 01:32:27 gshapiro Exp $";
+#endif /* ! lint */
+
+#if _FFR_SHM_STATUS
+# if SFIO
+#  include <sfio/stdio.h>
+# else /* !SFIO */
+#  include <stdio.h>
+# endif /* SFIO */
+# include <sys/types.h>
+# include <sys/ipc.h>
+# include <sys/shm.h>
+
+# include "statusd_shm.h"
+
+/*
+**  SHMTICK -- increment a shared memory variable
+**
+**	Parameters:
+**		inc_me -- identity of shared memory segment
+**		what -- which variable to increment
+**
+**	Returns:
+**		none
+*/
+
+void
+shmtick(inc_me, what)
+	int inc_me;
+	int what;
+{
+	static int shmid = -1;
+	static STATUSD_SHM *sp = (STATUSD_SHM *)-1;
+	static unsigned int cookie = 0;
+
+	if (shmid < 0)
+	{
+		int size = sizeof(STATUSD_SHM);
+
+		shmid = shmget(STATUSD_SHM_KEY, size, 0);
+		if (shmid < 0)
+			return;
+	}
+	if ((unsigned long *)sp == (unsigned long *)-1)
+	{
+		sp = (STATUSD_SHM *)shmat(shmid, NULL, 0);
+		if ((unsigned long *)sp == (unsigned long *)-1)
+			return;
+	}
+	if (sp->magic != STATUSD_MAGIC)
+	{
+		/*
+		**  possible race condition, wait for
+		**  statusd to initialize.
+		*/
+
+		return;
+	}
+	if (what >= STATUSD_LONGS)
+		what = STATUSD_LONGS - 1;
+	if (inc_me >= STATUSD_LONGS)
+		inc_me = STATUSD_LONGS - 1;
+
+	if (sp->ul[STATUSD_COOKIE] != cookie)
+	{
+		cookie = sp->ul[STATUSD_COOKIE];
+		++(sp->ul[inc_me]);
+	}
+	++(sp->ul[what]);
+}
+#endif /* _FFR_SHM_STATUS */
diff --git a/contrib/sendmail/src/srvrsmtp.c b/contrib/sendmail/src/srvrsmtp.c
index f4ffe8c..52ea42f 100644
--- a/contrib/sendmail/src/srvrsmtp.c
+++ b/contrib/sendmail/src/srvrsmtp.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -10,19 +11,52 @@
  *
  */
 
-# include "sendmail.h"
 
-#ifndef lint
-#if SMTP
-static char sccsid[] = "@(#)srvrsmtp.c	8.187 (Berkeley) 10/23/1998 (with SMTP)";
-#else
-static char sccsid[] = "@(#)srvrsmtp.c	8.187 (Berkeley) 10/23/1998 (without SMTP)";
-#endif
-#endif /* not lint */
-
-# include <errno.h>
+#include <sendmail.h>
 
+#ifndef lint
 # if SMTP
+static char id[] = "@(#)$Id: srvrsmtp.c,v 8.471.2.2.2.40 2000/07/18 02:24:45 gshapiro Exp $ (with SMTP)";
+# else /* SMTP */
+static char id[] = "@(#)$Id: srvrsmtp.c,v 8.471.2.2.2.40 2000/07/18 02:24:45 gshapiro Exp $ (without SMTP)";
+# endif /* SMTP */
+#endif /* ! lint */
+
+#if SMTP
+# include "sfsasl.h"
+# if SASL
+#  define ENC64LEN(l)	(((l) + 2) * 4 / 3 + 1)
+static int saslmechs __P((sasl_conn_t *, char **));
+# endif /* SASL */
+# if STARTTLS
+#  include <sysexits.h>
+#   include <openssl/err.h>
+#   include <openssl/bio.h>
+#   include <openssl/pem.h>
+#   ifndef HASURANDOMDEV
+#    include <openssl/rand.h>
+#   endif /* !HASURANDOMDEV */
+
+static SSL	*srv_ssl = NULL;
+static SSL_CTX	*srv_ctx = NULL;
+#  if !TLS_NO_RSA
+static RSA	*rsa = NULL;
+#  endif /* !TLS_NO_RSA */
+static bool	tls_ok = FALSE;
+static int	tls_verify_cb __P((X509_STORE_CTX *));
+#  if !TLS_NO_RSA
+#   define RSA_KEYLENGTH	512
+#  endif /* !TLS_NO_RSA */
+# endif /* STARTTLS */
+
+static time_t	checksmtpattack __P((volatile int *, int, bool,
+				     char *, ENVELOPE *));
+static void	mail_esmtp_args __P((char *, char *, ENVELOPE *));
+static void	printvrfyaddr __P((ADDRESS *, bool, bool));
+static void	rcpt_esmtp_args __P((ADDRESS *, char *, char *, ENVELOPE *));
+static int	runinchild __P((char *, ENVELOPE *));
+static char	*skipword __P((char *volatile, char *));
+extern ENVELOPE	BlankEnvelope;
 
 /*
 **  SMTP -- run the SMTP protocol.
@@ -42,11 +76,11 @@ static char sccsid[] = "@(#)srvrsmtp.c	8.187 (Berkeley) 10/23/1998 (without SMTP
 
 struct cmd
 {
-	char	*cmdname;	/* command name */
-	int	cmdcode;	/* internal code, see below */
+	char	*cmd_name;	/* command name */
+	int	cmd_code;	/* internal code, see below */
 };
 
-/* values for cmdcode */
+/* values for cmd_code */
 # define CMDERROR	0	/* bad command */
 # define CMDMAIL	1	/* mail -- designate sender */
 # define CMDRCPT	2	/* rcpt -- designate recipient */
@@ -60,10 +94,18 @@ struct cmd
 # define CMDHELP	10	/* help -- give usage info */
 # define CMDEHLO	11	/* ehlo -- extended helo (RFC 1425) */
 # define CMDETRN	12	/* etrn -- flush queue */
+# if SASL
+#  define CMDAUTH	13	/* auth -- SASL authenticate */
+# endif /* SASL */
+# if STARTTLS
+#  define CMDSTLS	14	/* STARTTLS -- start TLS session */
+# endif /* STARTTLS */
 /* non-standard commands */
 # define CMDONEX	16	/* onex -- sending one transaction only */
 # define CMDVERB	17	/* verb -- go into verbose mode */
 # define CMDXUSR	18	/* xusr -- initial (user) submission */
+/* unimplemented commands from RFC 821 */
+# define CMDUNIMPL	19	/* unimplemented rfc821 commands */
 /* use this to catch and log "door handle" attempts on your system */
 # define CMDLOGBOGUS	23	/* bogus command that should be logged */
 /* debugging-only commands, only enabled if SMTPDEBUG is defined */
@@ -87,6 +129,16 @@ static struct cmd	CmdTab[] =
 	{ "verb",	CMDVERB		},
 	{ "onex",	CMDONEX		},
 	{ "xusr",	CMDXUSR		},
+	{ "send",	CMDUNIMPL	},
+	{ "saml",	CMDUNIMPL	},
+	{ "soml",	CMDUNIMPL	},
+	{ "turn",	CMDUNIMPL	},
+# if SASL
+	{ "auth",	CMDAUTH,	},
+# endif /* SASL */
+# if STARTTLS
+	{ "starttls",	CMDSTLS,	},
+# endif /* STARTTLS */
     /* remaining commands are here only to trap and log attempts to use them */
 	{ "showq",	CMDDBGQSHOW	},
 	{ "debug",	CMDDBGDEBUG	},
@@ -95,25 +147,29 @@ static struct cmd	CmdTab[] =
 	{ NULL,		CMDERROR	}
 };
 
-bool	OneXact = FALSE;		/* one xaction only this run */
-char	*CurSmtpClient;			/* who's at the other end of channel */
-
-static char	*skipword __P((char *volatile, char *));
+static bool	OneXact = FALSE;	/* one xaction only this run */
+static char	*CurSmtpClient;		/* who's at the other end of channel */
 
+# define MAXBADCOMMANDS		25	/* maximum number of bad commands */
+# define MAXNOOPCOMMANDS	20	/* max "noise" commands before slowdown */
+# define MAXHELOCOMMANDS	3	/* max HELO/EHLO commands before slowdown */
+# define MAXVRFYCOMMANDS	6	/* max VRFY/EXPN commands before slowdown */
+# define MAXETRNCOMMANDS	8	/* max ETRN commands before slowdown */
+# define MAXTIMEOUT	(4 * 60)	/* max timeout for bad commands */
 
-#define MAXBADCOMMANDS	25	/* maximum number of bad commands */
-#define MAXNOOPCOMMANDS	20	/* max "noise" commands before slowdown */
-#define MAXHELOCOMMANDS	3	/* max HELO/EHLO commands before slowdown */
-#define MAXVRFYCOMMANDS	6	/* max VRFY/EXPN commands before slowdown */
-#define MAXETRNCOMMANDS	8	/* max ETRN commands before slowdown */
+/* runinchild() returns */
+# define RIC_INCHILD		0	/* in a child process */
+# define RIC_INPARENT		1	/* still in parent process */
+# define RIC_TEMPFAIL		2	/* temporary failure occurred */
 
 void
-smtp(nullserver, e)
-	char *nullserver;
+smtp(nullserver, d_flags, e)
+	char *volatile nullserver;
+	BITMAP256 d_flags;
 	register ENVELOPE *volatile e;
 {
 	register char *volatile p;
-	register struct cmd *c;
+	register struct cmd *volatile c = NULL;
 	char *cmd;
 	auto ADDRESS *vrfyqueue;
 	ADDRESS *a;
@@ -126,6 +182,7 @@ smtp(nullserver, e)
 	auto char *delimptr;
 	char *id;
 	volatile int nrcpts = 0;	/* number of RCPT commands */
+	int ric;
 	bool doublequeue;
 	volatile bool discard;
 	volatile int badcommands = 0;	/* count of bad commands */
@@ -133,25 +190,62 @@ smtp(nullserver, e)
 	volatile int n_etrn = 0;	/* count of ETRN commands */
 	volatile int n_noop = 0;	/* count of NOOP/VERB/ONEX etc cmds */
 	volatile int n_helo = 0;	/* count of HELO/EHLO commands */
+	volatile int delay = 1;		/* timeout for bad commands */
 	bool ok;
-	volatile int lognullconnection = TRUE;
+	volatile bool tempfail = FALSE;
+# if _FFR_MILTER
+	volatile bool milterize = (nullserver == NULL);
+# endif /* _FFR_MILTER */
+	volatile time_t wt;		/* timeout after too many commands */
+	volatile time_t previous;	/* time after checksmtpattack() */
+	volatile bool lognullconnection = TRUE;
 	register char *q;
+	char *addr;
+	char *greetcode = "220";
 	QUEUE_CHAR *new;
+	int argno;
+	char *args[MAXSMTPARGS];
 	char inp[MAXLINE];
 	char cmdbuf[MAXLINE];
-	extern ENVELOPE BlankEnvelope;
-	extern void help __P((char *));
-	extern void settime __P((ENVELOPE *));
-	extern bool enoughdiskspace __P((long));
-	extern int runinchild __P((char *, ENVELOPE *));
-	extern void checksmtpattack __P((volatile int *, int, char *, ENVELOPE *));
+# if SASL
+	sasl_conn_t *conn;
+	volatile bool sasl_ok;
+	volatile int n_auth = 0;	/* count of AUTH commands */
+	bool ismore;
+	int result;
+	volatile int authenticating;
+	char *hostname;
+	char *user;
+	char *in, *out, *out2;
+	const char *errstr;
+	int inlen, out2len;
+	unsigned int outlen;
+	char *volatile auth_type;
+	char *mechlist;
+	volatile int n_mechs;
+	int len;
+	sasl_security_properties_t ssp;
+	sasl_external_properties_t ext_ssf;
+#  if SFIO
+	sasl_ssf_t *ssf;
+#  endif /* SFIO */
+# endif /* SASL */
+# if STARTTLS
+	int r;
+	volatile bool usetls = TRUE;
+	volatile bool tls_active = FALSE;
+	bool saveQuickAbort;
+	bool saveSuprErrs;
+# endif /* STARTTLS */
 
 	if (fileno(OutChannel) != fileno(stdout))
 	{
 		/* arrange for debugging output to go to remote host */
 		(void) dup2(fileno(OutChannel), fileno(stdout));
 	}
+
 	settime(e);
+	(void)sm_getla(e);
 	peerhostname = RealHostName;
 	if (peerhostname == NULL)
 		peerhostname = "localhost";
@@ -163,16 +257,169 @@ smtp(nullserver, e)
 	/* check_relay may have set discard bit, save for later */
 	discard = bitset(EF_DISCARD, e->e_flags);
 
-	sm_setproctitle(TRUE, "server %s startup", CurSmtpClient);
-#if DAEMON
-	if (LogLevel > 11)
+	sm_setproctitle(TRUE, e, "server %s startup", CurSmtpClient);
+
+# if SASL
+	sasl_ok = FALSE;	/* SASL can't be used (yet) */
+	n_mechs = 0;
+
+	/* SASL server new connection */
+	hostname = macvalue('j', e);
+#  if SASL > 10505
+	/* use empty realm: only works in SASL > 1.5.5 */
+	result = sasl_server_new("smtp", hostname, "", NULL, 0, &conn);
+#  else /* SASL > 10505 */
+	/* use no realm -> realm is set to hostname by SASL lib */
+	result = sasl_server_new("smtp", hostname, NULL, NULL, 0, &conn);
+#  endif /* SASL > 10505 */
+	if (result == SASL_OK)
 	{
-		/* log connection information */
-		sm_syslog(LOG_INFO, NOQID,
-			"SMTP connect from %.100s (%.100s)",
-			CurSmtpClient, anynet_ntoa(&RealHostAddr));
+		sasl_ok = TRUE;
+
+		/*
+		**  SASL set properties for sasl
+		**  set local/remote IP
+		**  XXX only IPv4: Cyrus SASL doesn't support anything else
+		**
+		**  XXX where exactly are these used/required?
+		**  Kerberos_v4
+		*/
+
+# if NETINET
+		in = macvalue(macid("{daemon_family}", NULL), e);
+		if (in != NULL && strcmp(in, "inet") == 0)
+		{
+			SOCKADDR_LEN_T addrsize;
+			struct sockaddr_in saddr_l;
+			struct sockaddr_in saddr_r;
+
+			addrsize = sizeof(struct sockaddr_in);
+			if (getpeername(fileno(InChannel),
+					(struct sockaddr *)&saddr_r,
+					&addrsize) == 0)
+			{
+				sasl_setprop(conn, SASL_IP_REMOTE, &saddr_r);
+				addrsize = sizeof(struct sockaddr_in);
+				if (getsockname(fileno(InChannel),
+						(struct sockaddr *)&saddr_l,
+						&addrsize) == 0)
+					sasl_setprop(conn, SASL_IP_LOCAL,
+						     &saddr_l);
+			}
+		}
+# endif /* NETINET */
+
+		authenticating = SASL_NOT_AUTH;
+		auth_type = NULL;
+		mechlist = NULL;
+		user = NULL;
+#  if 0
+		define(macid("{auth_author}", NULL), NULL, &BlankEnvelope);
+#  endif /* 0 */
+
+		/* set properties */
+		(void) memset(&ssp, '\0', sizeof ssp);
+#  if SFIO
+		/* XXX should these be options settable via .cf ? */
+		/* ssp.min_ssf = 0; is default due to memset() */
+		{
+			ssp.max_ssf = INT_MAX;
+			ssp.maxbufsize = MAXOUTLEN;
+		}
+#  endif /* SFIO */
+#  if _FFR_SASL_OPTS
+		ssp.security_flags = SASLOpts & SASL_SEC_MASK;
+#  endif /* _FFR_SASL_OPTS */
+		sasl_ok = sasl_setprop(conn, SASL_SEC_PROPS, &ssp) == SASL_OK;
+
+		if (sasl_ok)
+		{
+			/*
+			**  external security strength factor;
+			**  we have none so zero
+#   if STARTTLS
+			**  we may have to change this for STARTTLS
+			**  (dynamically)
+#   endif
+			*/
+			ext_ssf.ssf = 0;
+			ext_ssf.auth_id = NULL;
+			sasl_ok = sasl_setprop(conn, SASL_SSF_EXTERNAL,
+					       &ext_ssf) == SASL_OK;
+		}
+		if (sasl_ok)
+		{
+			n_mechs = saslmechs(conn, &mechlist);
+			sasl_ok = n_mechs > 0;
+		}
+	}
+	else
+	{
+		if (LogLevel > 9)
+			sm_syslog(LOG_WARNING, NOQID,
+				  "SASL error: sasl_server_new failed=%d",
+				  result);
+	}
+# endif /* SASL */
+
+# if STARTTLS
+#  if _FFR_TLS_O_T
+	saveQuickAbort = QuickAbort;
+	saveSuprErrs = SuprErrs;
+	SuprErrs = TRUE;
+	QuickAbort = FALSE;
+	if (rscheck("offer_tls", CurSmtpClient, "", e, TRUE, FALSE, 8) != EX_OK
+		    || Errors > 0)
+		usetls = FALSE;
+	QuickAbort = saveQuickAbort;
+	SuprErrs = saveSuprErrs;
+#  endif /* _FFR_TLS_O_T */
+# endif /* STARTTLS */
+
+# if _FFR_MILTER
+	if (milterize)
+	{
+		char state;
+
+		/* initialize mail filter connection */
+		milter_init(e, &state);
+		switch (state)
+		{
+		  case SMFIR_REJECT:
+			greetcode = "554";
+			nullserver = "Command rejected";
+			milterize = FALSE;
+			break;
+
+		  case SMFIR_TEMPFAIL:
+			tempfail = TRUE;
+			milterize = FALSE;
+			break;
+		}
 	}
-#endif
+
+	if (milterize && !bitset(EF_DISCARD, e->e_flags))
+	{
+		char state;
+
+		(void) milter_connect(peerhostname, RealHostAddr,
+				      e, &state);
+		switch (state)
+		{
+		  case SMFIR_REPLYCODE:	/* REPLYCODE shouldn't happen */
+		  case SMFIR_REJECT:
+			greetcode = "554";
+			nullserver = "Command rejected";
+			milterize = FALSE;
+			break;
+
+		  case SMFIR_TEMPFAIL:
+			tempfail = TRUE;
+			milterize = FALSE;
+			break;
+		}
+	}
+# endif /* _FFR_MILTER */
 
 	/* output the first line, inserting "ESMTP" as second word */
 	expand(SmtpGreeting, inp, sizeof inp, e);
@@ -182,8 +429,13 @@ smtp(nullserver, e)
 	id = strchr(inp, ' ');
 	if (id == NULL)
 		id = &inp[strlen(inp)];
-	cmd = p == NULL ? "220 %.*s ESMTP%s" : "220-%.*s ESMTP%s";
-	message(cmd, id - inp, inp, id);
+	if (p == NULL)
+		snprintf(cmdbuf, sizeof cmdbuf,
+			 "%s %%.*s ESMTP%%s", greetcode);
+	else
+		snprintf(cmdbuf, sizeof cmdbuf,
+			 "%s-%%.*s ESMTP%%s", greetcode);
+	message(cmdbuf, id - inp, inp, id);
 
 	/* output remaining lines */
 	while ((id = p) != NULL && (p = strchr(id, '\n')) != NULL)
@@ -191,13 +443,15 @@ smtp(nullserver, e)
 		*p++ = '\0';
 		if (isascii(*id) && isspace(*id))
 			id++;
-		message("220-%s", id);
+		(void) snprintf(cmdbuf, sizeof cmdbuf, "%s-%%s", greetcode);
+		message(cmdbuf, id);
 	}
 	if (id != NULL)
 	{
 		if (isascii(*id) && isspace(*id))
 			id++;
-		message("220 %s", id);
+		(void) snprintf(cmdbuf, sizeof cmdbuf, "%s %%s", greetcode);
+		message(cmdbuf, id);
 	}
 
 	protocol = NULL;
@@ -218,58 +472,246 @@ smtp(nullserver, e)
 		/* setup for the read */
 		e->e_to = NULL;
 		Errors = 0;
+		FileName = NULL;
 		(void) fflush(stdout);
 
 		/* read the input line */
 		SmtpPhase = "server cmd read";
-		sm_setproctitle(TRUE, "server %s cmd read", CurSmtpClient);
-		p = sfgets(inp, sizeof inp, InChannel, TimeOuts.to_nextcommand,
-				SmtpPhase);
+		sm_setproctitle(TRUE, e, "server %s cmd read", CurSmtpClient);
+# if SASL
+		/*
+		**  SMTP AUTH requires accepting any length,
+		**  at least for challenge/response
+		**  XXX
+		*/
+# endif /* SASL */
 
 		/* handle errors */
-		if (p == NULL)
+		if (ferror(OutChannel) ||
+		    (p = sfgets(inp, sizeof inp, InChannel,
+				TimeOuts.to_nextcommand, SmtpPhase)) == NULL)
 		{
+			char *d;
+
+			d = macvalue(macid("{daemon_name}", NULL), e);
+			if (d == NULL)
+				d = "stdin";
 			/* end of file, just die */
 			disconnect(1, e);
-			message("421 %s Lost input channel from %s",
+
+# if _FFR_MILTER
+			/* close out milter filters */
+			milter_quit(e);
+# endif /* _FFR_MILTER */
+
+			message("421 4.4.1 %s Lost input channel from %s",
 				MyHostName, CurSmtpClient);
 			if (LogLevel > (gotmail ? 1 : 19))
 				sm_syslog(LOG_NOTICE, e->e_id,
-					"lost input channel from %.100s",
-					CurSmtpClient);
-			if (lognullconnection && LogLevel > 5)
-				sm_syslog(LOG_INFO, NULL,
-				"Null connection from %.100s",
-				CurSmtpClient);
-
+					  "lost input channel from %.100s to %s after %s",
+					  CurSmtpClient, d,
+					  (c == NULL || c->cmd_name == NULL) ? "startup" : c->cmd_name);
 			/*
 			**  If have not accepted mail (DATA), do not bounce
 			**  bad addresses back to sender.
 			*/
+
 			if (bitset(EF_CLRQUEUE, e->e_flags))
 				e->e_sendqueue = NULL;
-
-			if (InChild)
-				ExitStat = EX_QUIT;
-			finis(TRUE, ExitStat);
+			goto doquit;
 		}
 
 		/* clean up end of line */
 		fixcrlf(inp, TRUE);
 
+# if SASL
+		if (authenticating == SASL_PROC_AUTH)
+		{
+#  if 0
+			if (*inp == '\0')
+			{
+				authenticating = SASL_NOT_AUTH;
+				message("501 5.5.2 missing input");
+				continue;
+			}
+#  endif /* 0 */
+			if (*inp == '*' && *(inp + 1) == '\0')
+			{
+				authenticating = SASL_NOT_AUTH;
+
+				/* rfc 2254 4. */
+				message("501 5.0.0 AUTH aborted");
+				continue;
+			}
+
+			/* could this be shorter? XXX */
+			out = xalloc(strlen(inp));
+			result = sasl_decode64(inp, strlen(inp), out, &outlen);
+			if (result != SASL_OK)
+			{
+				authenticating = SASL_NOT_AUTH;
+
+				/* rfc 2254 4. */
+				message("501 5.5.4 cannot decode AUTH parameter %s",
+					inp);
+				continue;
+			}
+
+			result = sasl_server_step(conn,	out, outlen,
+						  &out, &outlen, &errstr);
+
+			/* get an OK if we're done */
+			if (result == SASL_OK)
+			{
+  authenticated:
+				message("235 2.0.0 OK Authenticated");
+				authenticating = SASL_IS_AUTH;
+				define(macid("{auth_type}", NULL),
+				       newstr(auth_type), &BlankEnvelope);
+
+				result = sasl_getprop(conn, SASL_USERNAME,
+						      (void **)&user);
+				if (result != SASL_OK)
+				{
+					user = "";
+					define(macid("{auth_authen}", NULL),
+					       NULL, &BlankEnvelope);
+				}
+				else
+				{
+					define(macid("{auth_authen}", NULL),
+					       newstr(user), &BlankEnvelope);
+				}
+
+#  if 0
+				/* get realm? */
+				sasl_getprop(conn, SASL_REALM, (void **) &data);
+#  endif /* 0 */
+
+
+#  if SFIO
+				/* get security strength (features) */
+				result = sasl_getprop(conn, SASL_SSF,
+						      (void **) &ssf);
+				if (result != SASL_OK)
+				{
+					define(macid("{auth_ssf}", NULL),
+					       "0", &BlankEnvelope);
+					ssf = NULL;
+				}
+				else
+				{
+					char pbuf[8];
+
+					snprintf(pbuf, sizeof pbuf, "%u", *ssf);
+					define(macid("{auth_ssf}", NULL),
+					       newstr(pbuf), &BlankEnvelope);
+					if (tTd(95, 8))
+						dprintf("SASL auth_ssf: %u\n",
+							*ssf);
+				}
+				/*
+				**  only switch to encrypted connection
+				**  if a security layer has been negotiated
+				*/
+				if (ssf != NULL && *ssf > 0)
+				{
+					/*
+					**  convert sfio stuff to use SASL
+					**  check return values
+					**  if the call fails,
+					**  fall back to unencrypted version
+					**  unless some cf option requires
+					**  encryption then the connection must
+					**  be aborted
+					*/
+					if (sfdcsasl(InChannel, OutChannel,
+					    conn) == 0)
+					{
+						/* restart dialogue */
+						gothello = FALSE;
+						OneXact = TRUE;
+						n_helo = 0;
+					}
+					else
+						syserr("503 5.3.3 SASL TLS failed");
+					if (LogLevel > 9)
+						sm_syslog(LOG_INFO,
+							  NOQID,
+							  "SASL: connection from %.64s: mech=%.16s, id=%.64s, bits=%d",
+							  CurSmtpClient,
+							  auth_type, user,
+							  *ssf);
+				}
+#  else /* SFIO */
+				if (LogLevel > 9)
+					sm_syslog(LOG_INFO, NOQID,
+						  "SASL: connection from %.64s: mech=%.16s, id=%.64s",
+						  CurSmtpClient, auth_type,
+						  user);
+#  endif /* SFIO */
+			}
+			else if (result == SASL_CONTINUE)
+			{
+				len = ENC64LEN(outlen);
+				out2 = xalloc(len);
+				result = sasl_encode64(out, outlen, out2, len,
+						       (u_int *)&out2len);
+				if (result != SASL_OK)
+				{
+					/* correct code? XXX */
+					/* 454 Temp. authentication failure */
+					message("454 4.5.4 Internal error: unable to encode64");
+					if (LogLevel > 5)
+						sm_syslog(LOG_WARNING, e->e_id,
+							  "SASL encode64 error [%d for \"%s\"]",
+							  result, out);
+					/* start over? */
+					authenticating = SASL_NOT_AUTH;
+				}
+				else
+				{
+					message("334 %s", out2);
+					if (tTd(95, 2))
+						dprintf("SASL continue: msg='%s' len=%d\n",
+							out2, out2len);
+				}
+			}
+			else
+			{
+				/* not SASL_OK or SASL_CONT */
+				message("500 5.7.0 authentication failed");
+				if (LogLevel > 9)
+					sm_syslog(LOG_WARNING, e->e_id,
+						  "AUTH failure (%s): %s (%d)",
+						  auth_type,
+						  sasl_errstring(result, NULL,
+								 NULL),
+						  result);
+				authenticating = SASL_NOT_AUTH;
+			}
+		}
+		else
+		{
+			/* don't want to do any of this if authenticating */
+# endif /* SASL */
+
 		/* echo command to transcript */
 		if (e->e_xfp != NULL)
 			fprintf(e->e_xfp, "<<< %s\n", inp);
 
 		if (LogLevel >= 15)
 			sm_syslog(LOG_INFO, e->e_id,
-				"<-- %s",
-				inp);
+				  "<-- %s",
+				  inp);
 
 		if (e->e_id == NULL)
-			sm_setproctitle(TRUE, "%s: %.80s", CurSmtpClient, inp);
+			sm_setproctitle(TRUE, e, "%s: %.80s",
+					CurSmtpClient, inp);
 		else
-			sm_setproctitle(TRUE, "%s %s: %.80s", e->e_id, CurSmtpClient, inp);
+			sm_setproctitle(TRUE, e, "%s %s: %.80s",
+					qid_printname(e),
+					CurSmtpClient, inp);
 
 		/* break off command */
 		for (p = inp; isascii(*p) && isspace(*p); p++)
@@ -286,9 +728,9 @@ smtp(nullserver, e)
 			p++;
 
 		/* decode command */
-		for (c = CmdTab; c->cmdname != NULL; c++)
+		for (c = CmdTab; c->cmd_name != NULL; c++)
 		{
-			if (!strcasecmp(c->cmdname, cmdbuf))
+			if (strcasecmp(c->cmd_name, cmdbuf) == 0)
 				break;
 		}
 
@@ -302,27 +744,47 @@ smtp(nullserver, e)
 		**	to everything.
 		*/
 
-		if (nullserver != NULL)
+		if (nullserver != NULL || bitnset(D_ETRNONLY, d_flags))
 		{
-			switch (c->cmdcode)
+			switch (c->cmd_code)
 			{
 			  case CMDQUIT:
 			  case CMDHELO:
 			  case CMDEHLO:
 			  case CMDNOOP:
+			  case CMDRSET:
 				/* process normally */
 				break;
 
+			  case CMDETRN:
+				if (bitnset(D_ETRNONLY, d_flags) &&
+				    nullserver == NULL)
+					break;
+				continue;
+
 			  default:
 				if (++badcommands > MAXBADCOMMANDS)
-					sleep(1);
-				usrerr("550 %s", nullserver);
+				{
+					delay *= 2;
+					if (delay >= MAXTIMEOUT)
+						delay = MAXTIMEOUT;
+					(void) sleep(delay);
+				}
+				if (nullserver != NULL)
+				{
+					if (ISSMTPREPLY(nullserver))
+						usrerr(nullserver);
+					else
+						usrerr("550 5.0.0 %s", nullserver);
+				}
+				else
+					usrerr("452 4.4.5 Insufficient disk space; try again later");
 				continue;
 			}
 		}
 
 		/* non-null server */
-		switch (c->cmdcode)
+		switch (c->cmd_code)
 		{
 		  case CMDMAIL:
 		  case CMDEXPN:
@@ -331,11 +793,343 @@ smtp(nullserver, e)
 			lognullconnection = FALSE;
 		}
 
-		switch (c->cmdcode)
+		switch (c->cmd_code)
 		{
+# if SASL
+		  case CMDAUTH: /* sasl */
+			if (!sasl_ok)
+			{
+				message("503 5.3.3 AUTH not available");
+				break;
+			}
+			if (authenticating == SASL_IS_AUTH)
+			{
+				message("503 5.5.0 Already Authenticated");
+				break;
+			}
+			if (gotmail)
+			{
+				message("503 5.5.0 AUTH not permitted during a mail transaction");
+				break;
+			}
+			if (tempfail)
+			{
+				if (LogLevel > 9)
+					sm_syslog(LOG_INFO, e->e_id,
+						  "SMTP AUTH command (%.100s) from %.100s tempfailed (due to previous checks)",
+						  p, CurSmtpClient);
+				usrerr("454 4.7.1 Please try again later");
+				break;
+			}
+
+			ismore = FALSE;
+
+			/* crude way to avoid crack attempts */
+			(void) checksmtpattack(&n_auth, n_mechs + 1, TRUE,
+					       "AUTH", e);
+
+			/* make sure it's a valid string */
+			for (q = p; *q != '\0' && isascii(*q); q++)
+			{
+				if (isspace(*q))
+				{
+					*q = '\0';
+					while (*++q != '\0' &&
+					       isascii(*q) && isspace(*q))
+						continue;
+					*(q - 1) = '\0';
+					ismore = (*q != '\0');
+					break;
+				}
+			}
+
+			/* check whether mechanism is available */
+			if (iteminlist(p, mechlist, " ") == NULL)
+			{
+				message("503 5.3.3 AUTH mechanism %s not available",
+					p);
+				break;
+			}
+
+			if (ismore)
+			{
+				/* could this be shorter? XXX */
+				in = xalloc(strlen(q));
+				result = sasl_decode64(q, strlen(q), in,
+						       (u_int *)&inlen);
+				if (result != SASL_OK)
+				{
+					message("501 5.5.4 cannot BASE64 decode '%s'",
+						q);
+					if (LogLevel > 5)
+						sm_syslog(LOG_WARNING, e->e_id,
+							  "SASL decode64 error [%d for \"%s\"]",
+							  result, q);
+					/* start over? */
+					authenticating = SASL_NOT_AUTH;
+					in = NULL;
+					inlen = 0;
+					break;
+				}
+#  if 0
+				if (tTd(95, 99))
+				{
+					int i;
+
+					dprintf("AUTH: more \"");
+					for (i = 0; i < inlen; i++)
+					{
+						if (isascii(in[i]) &&
+						    isprint(in[i]))
+							dprintf("%c", in[i]);
+						else
+							dprintf("_");
+					}
+					dprintf("\"\n");
+				}
+#  endif /* 0 */
+			}
+			else
+			{
+				in = NULL;
+				inlen = 0;
+			}
+
+			/* see if that auth type exists */
+			result = sasl_server_start(conn, p, in, inlen,
+						   &out, &outlen, &errstr);
+
+			if (result != SASL_OK && result != SASL_CONTINUE)
+			{
+				message("500 5.7.0 authentication failed");
+				if (LogLevel > 9)
+					sm_syslog(LOG_ERR, e->e_id,
+						  "AUTH failure (%s): %s (%d)",
+						  p,
+						  sasl_errstring(result, NULL,
+								 NULL),
+						  result);
+				break;
+			}
+			auth_type = newstr(p);
+
+			if (result == SASL_OK)
+			{
+				/* ugly, but same code */
+				goto authenticated;
+				/* authenticated by the initial response */
+			}
+
+			/* len is at least 2 */
+			len = ENC64LEN(outlen);
+			out2 = xalloc(len);
+			result = sasl_encode64(out, outlen, out2, len,
+					       (u_int *)&out2len);
+
+			if (result != SASL_OK)
+			{
+				message("454 4.5.4 Temporary authentication failure");
+				if (LogLevel > 5)
+					sm_syslog(LOG_WARNING, e->e_id,
+						  "SASL encode64 error [%d for \"%s\"]",
+						  result, out);
+
+				/* start over? */
+				authenticating = SASL_NOT_AUTH;
+			}
+			else
+			{
+				message("334 %s", out2);
+				authenticating = SASL_PROC_AUTH;
+			}
+
+			break;
+# endif /* SASL */
+
+# if STARTTLS
+		  case CMDSTLS: /* starttls */
+			if (*p != '\0')
+			{
+				message("501 5.5.2 Syntax error (no parameters allowed)");
+				break;
+			}
+			if (!usetls)
+			{
+				message("503 5.5.0 TLS not available");
+				break;
+			}
+			if (!tls_ok)
+			{
+				message("454 4.3.3 TLS not available after start");
+				break;
+			}
+			if (gotmail)
+			{
+				message("503 5.5.0 TLS not permitted during a mail transaction");
+				break;
+			}
+			if (tempfail)
+			{
+				if (LogLevel > 9)
+					sm_syslog(LOG_INFO, e->e_id,
+						  "SMTP STARTTLS command (%.100s) from %.100s tempfailed (due to previous checks)",
+						  p, CurSmtpClient);
+				usrerr("454 4.7.1 Please try again later");
+				break;
+			}
+# if TLS_NO_RSA
+			/*
+			**  XXX do we need a temp key ?
+			*/
+# else /* TLS_NO_RSA */
+			if (SSL_CTX_need_tmp_RSA(srv_ctx) &&
+			   !SSL_CTX_set_tmp_rsa(srv_ctx,
+				(rsa = RSA_generate_key(RSA_KEYLENGTH, RSA_F4,
+							NULL, NULL)))
+			  )
+			{
+				message("454 4.3.3 TLS not available: error generating RSA temp key");
+				if (rsa != NULL)
+					RSA_free(rsa);
+				break;
+			}
+# endif /* TLS_NO_RSA */
+			if (srv_ssl != NULL)
+				SSL_clear(srv_ssl);
+			else if ((srv_ssl = SSL_new(srv_ctx)) == NULL)
+			{
+				message("454 4.3.3 TLS not available: error generating SSL handle");
+				break;
+			}
+			if (SSL_set_rfd(srv_ssl, fileno(InChannel)) <= 0 ||
+			    SSL_set_wfd(srv_ssl, fileno(OutChannel)) <= 0)
+			{
+				message("454 4.3.3 TLS not available: error set fd");
+				SSL_free(srv_ssl);
+				srv_ssl = NULL;
+				break;
+			}
+			message("220 2.0.0 Ready to start TLS");
+			SSL_set_accept_state(srv_ssl);
+
+#  define SSL_ACC(s)	SSL_accept(s)
+			if ((r = SSL_ACC(srv_ssl)) <= 0)
+			{
+				int i;
+
+				/* what to do in this case? */
+				i = SSL_get_error(srv_ssl, r);
+				if (LogLevel > 5)
+				{
+					sm_syslog(LOG_WARNING, e->e_id,
+						  "TLS: error: accept failed=%d (%d)",
+						  r, i);
+					if (LogLevel > 9)
+						tlslogerr();
+				}
+				tls_ok = FALSE;
+				SSL_free(srv_ssl);
+				srv_ssl = NULL;
+
+				/*
+				**  according to the next draft of
+				**  RFC 2487 the connection should be dropped
+				*/
+
+				/* arrange to ignore any current send list */
+				e->e_sendqueue = NULL;
+				goto doquit;
+			}
+
+			/* ignore return code for now, it's in {verify} */
+			(void) tls_get_info(srv_ssl, &BlankEnvelope, TRUE,
+					    CurSmtpClient);
+
+			/*
+			**  call Stls_client to find out whether
+			**  to accept the connection from the client
+			*/
+
+			saveQuickAbort = QuickAbort;
+			saveSuprErrs = SuprErrs;
+			SuprErrs = TRUE;
+			QuickAbort = FALSE;
+			if (rscheck("tls_client",
+				     macvalue(macid("{verify}", NULL), e),
+				     "STARTTLS", e, TRUE, TRUE, 6) != EX_OK ||
+			    Errors > 0)
+			{
+				extern char MsgBuf[];
+
+				if (MsgBuf[0] != '\0' && ISSMTPREPLY(MsgBuf))
+					nullserver = newstr(MsgBuf);
+				else
+					nullserver = "503 5.7.0 Authentication required.";
+			}
+			QuickAbort = saveQuickAbort;
+			SuprErrs = saveSuprErrs;
+
+			tls_ok = FALSE;	/* don't offer STARTTLS again */
+			gothello = FALSE;	/* discard info */
+			n_helo = 0;
+			OneXact = TRUE;	/* only one xaction this run */
+#  if SASL
+			if (sasl_ok)
+			{
+				char *s;
+
+				if ((s = macvalue(macid("{cipher_bits}", NULL), e)) != NULL &&
+				    (ext_ssf.ssf = atoi(s)) > 0)
+				{
+#  if _FFR_EXT_MECH
+					ext_ssf.auth_id = macvalue(macid("{cert_subject}",
+									 NULL),
+								   e);
+#  endif /* _FFR_EXT_MECH */
+					sasl_ok = sasl_setprop(conn, SASL_SSF_EXTERNAL,
+							       &ext_ssf) == SASL_OK;
+					if (mechlist != NULL)
+						free(mechlist);
+					mechlist = NULL;
+					if (sasl_ok)
+					{
+						n_mechs = saslmechs(conn,
+								    &mechlist);
+						sasl_ok = n_mechs > 0;
+					}
+				}
+			}
+#  endif /* SASL */
+
+			/* switch to secure connection */
+#if SFIO
+			r = sfdctls(InChannel, OutChannel, srv_ssl);
+#else /* SFIO */
+# if _FFR_TLS_TOREK
+			r = sfdctls(&InChannel, &OutChannel, srv_ssl);
+# endif /* _FFR_TLS_TOREK */
+#endif /* SFIO */
+			if (r == 0)
+				tls_active = TRUE;
+			else
+			{
+				/*
+				**  XXX this is an internal error
+				**  how to deal with it?
+				**  we can't generate an error message
+				**  since the other side switched to an
+				**  encrypted layer, but we could not...
+				**  just "hang up"?
+				*/
+				nullserver = "454 4.3.3 TLS not available: can't switch to encrypted layer";
+				syserr("TLS: can't switch to encrypted layer");
+			}
+			break;
+# endif /* STARTTLS */
+
 		  case CMDHELO:		/* hello -- introduce yourself */
 		  case CMDEHLO:		/* extended hello */
-			if (c->cmdcode == CMDEHLO)
+			if (c->cmd_code == CMDEHLO)
 			{
 				protocol = "ESMTP";
 				SmtpPhase = "server EHLO";
@@ -347,7 +1141,8 @@ smtp(nullserver, e)
 			}
 
 			/* avoid denial-of-service */
-			checksmtpattack(&n_helo, MAXHELOCOMMANDS, "HELO/EHLO", e);
+			(void) checksmtpattack(&n_helo, MAXHELOCOMMANDS, TRUE,
+					       "HELO/EHLO", e);
 
 			/* check for duplicate HELO/EHLO per RFC 1651 4.2 */
 			if (gothello)
@@ -369,6 +1164,10 @@ smtp(nullserver, e)
 			if (strlen(p) > MAXNAME)
 			{
 				usrerr("501 Invalid domain name");
+				if (LogLevel > 9)
+					sm_syslog(LOG_INFO, CurEnv->e_id,
+						  "invalid domain name (too long) from %.100s",
+						  CurSmtpClient);
 				break;
 			}
 
@@ -386,6 +1185,7 @@ smtp(nullserver, e)
 				if (strchr("[].-_#", *q) == NULL)
 					break;
 			}
+
 			if (*q == '\0')
 			{
 				q = "pleased to meet you";
@@ -394,6 +1194,10 @@ smtp(nullserver, e)
 			else if (!AllowBogusHELO)
 			{
 				usrerr("501 Invalid domain name");
+				if (LogLevel > 9)
+					sm_syslog(LOG_INFO, CurEnv->e_id,
+						  "invalid domain name (%.100s) from %.100s",
+						  p, CurSmtpClient);
 				break;
 			}
 			else
@@ -402,9 +1206,36 @@ smtp(nullserver, e)
 			}
 
 			gothello = TRUE;
-			
+
+# if _FFR_MILTER
+			if (milterize && !bitset(EF_DISCARD, e->e_flags))
+			{
+				char state;
+				char *response;
+
+				response = milter_helo(p, e, &state);
+				switch (state)
+				{
+				  case SMFIR_REPLYCODE:
+					nullserver = response;
+					milterize = FALSE;
+					break;
+
+				  case SMFIR_REJECT:
+					nullserver = "Command rejected";
+					milterize = FALSE;
+					break;
+
+				  case SMFIR_TEMPFAIL:
+					tempfail = TRUE;
+					milterize = FALSE;
+					break;
+				}
+			}
+# endif /* _FFR_MILTER */
+
 			/* print HELO response message */
-			if (c->cmdcode != CMDEHLO || nullserver != NULL)
+			if (c->cmd_code != CMDEHLO)
 			{
 				message("250 %s Hello %s, %s",
 					MyHostName, CurSmtpClient, q);
@@ -414,28 +1245,47 @@ smtp(nullserver, e)
 			message("250-%s Hello %s, %s",
 				MyHostName, CurSmtpClient, q);
 
+			/* offer ENHSC even for nullserver */
+			if (nullserver != NULL)
+			{
+				message("250 ENHANCEDSTATUSCODES");
+				break;
+			}
+
 			/* print EHLO features list */
+			message("250-ENHANCEDSTATUSCODES");
 			if (!bitset(PRIV_NOEXPN, PrivacyFlags))
 			{
 				message("250-EXPN");
 				if (!bitset(PRIV_NOVERB, PrivacyFlags))
 					message("250-VERB");
 			}
-#if MIME8TO7
+# if MIME8TO7
 			message("250-8BITMIME");
-#endif
+# endif /* MIME8TO7 */
 			if (MaxMessageSize > 0)
 				message("250-SIZE %ld", MaxMessageSize);
 			else
 				message("250-SIZE");
-#if DSN
-			if (SendMIMEErrors)
+# if DSN
+			if (SendMIMEErrors &&
+			    !bitset(PRIV_NORECEIPTS, PrivacyFlags))
 				message("250-DSN");
-#endif
+# endif /* DSN */
 			message("250-ONEX");
-			if (!bitset(PRIV_NOETRN, PrivacyFlags))
+			if (!bitset(PRIV_NOETRN, PrivacyFlags) &&
+			    !bitnset(D_NOETRN, d_flags))
 				message("250-ETRN");
 			message("250-XUSR");
+
+# if SASL
+			if (sasl_ok && mechlist != NULL && *mechlist != '\0')
+				message("250-AUTH %s", mechlist);
+# endif /* SASL */
+# if STARTTLS
+			if (tls_ok && usetls)
+				message("250-STARTTLS");
+# endif /* STARTTLS */
 			message("250 HELP");
 			break;
 
@@ -445,32 +1295,56 @@ smtp(nullserver, e)
 			/* check for validity of this command */
 			if (!gothello && bitset(PRIV_NEEDMAILHELO, PrivacyFlags))
 			{
-				usrerr("503 Polite people say HELO first");
+				usrerr("503 5.0.0 Polite people say HELO first");
 				break;
 			}
 			if (gotmail)
 			{
-				usrerr("503 Sender already specified");
+				usrerr("503 5.5.0 Sender already specified");
 				break;
 			}
 			if (InChild)
 			{
 				errno = 0;
-				syserr("503 Nested MAIL command: MAIL %s", p);
+				syserr("503 5.5.0 Nested MAIL command: MAIL %s", p);
 				finis(TRUE, ExitStat);
 			}
+# if SASL
+			if (bitnset(D_AUTHREQ, d_flags) &&
+			    authenticating != SASL_IS_AUTH)
+			{
+				usrerr("530 5.7.0 Authentication required");
+				break;
+			}
+# endif /* SASL */
+
+			p = skipword(p, "from");
+			if (p == NULL)
+				break;
+			if (tempfail)
+			{
+				if (LogLevel > 9)
+					sm_syslog(LOG_INFO, e->e_id,
+						  "SMTP MAIL command (%.100s) from %.100s tempfailed (due to previous checks)",
+						  p, CurSmtpClient);
+				usrerr("451 4.7.1 Please try again later");
+				break;
+			}
 
 			/* make sure we know who the sending host is */
 			if (sendinghost == NULL)
 				sendinghost = peerhostname;
 
-			p = skipword(p, "from");
-			if (p == NULL)
-				break;
 
 			/* fork a subprocess to process this command */
-			if (runinchild("SMTP-MAIL", e) > 0)
+			ric = runinchild("SMTP-MAIL", e);
+
+			/* Catch a problem and stop processing */
+			if (ric == RIC_TEMPFAIL && nullserver == NULL)
+				nullserver = "452 4.3.0 Internal software error";
+			if (ric != RIC_INCHILD)
 				break;
+
 			if (Errors > 0)
 				goto undo_subproc_no_pm;
 			if (!gothello)
@@ -479,7 +1353,7 @@ smtp(nullserver, e)
 					"%s didn't use HELO protocol",
 					CurSmtpClient);
 			}
-#ifdef PICKY_HELO_CHECK
+# ifdef PICKY_HELO_CHECK
 			if (strcasecmp(sendinghost, peerhostname) != 0 &&
 			    (strcasecmp(peerhostname, "localhost") != 0 ||
 			     strcasecmp(sendinghost, MyHostName) != 0))
@@ -487,18 +1361,21 @@ smtp(nullserver, e)
 				auth_warning(e, "Host %s claimed to be %s",
 					CurSmtpClient, sendinghost);
 			}
-#endif
+# endif /* PICKY_HELO_CHECK */
 
 			if (protocol == NULL)
 				protocol = "SMTP";
 			define('r', protocol, e);
 			define('s', sendinghost, e);
-			initsys(e);
+
 			if (Errors > 0)
 				goto undo_subproc_no_pm;
 			nrcpts = 0;
-			e->e_flags |= EF_LOGSENDER|EF_CLRQUEUE;
-			sm_setproctitle(TRUE, "%s %s: %.80s", e->e_id, CurSmtpClient, inp);
+			define(macid("{ntries}", NULL), "0", e);
+			e->e_flags |= EF_CLRQUEUE;
+			sm_setproctitle(TRUE, e, "%s %s: %.80s",
+					qid_printname(e),
+					CurSmtpClient, inp);
 
 			/* child -- go do the processing */
 			if (setjmp(TopFrame) > 0)
@@ -512,6 +1389,12 @@ smtp(nullserver, e)
 					QuickAbort = FALSE;
 					SuprErrs = TRUE;
 					e->e_flags &= ~EF_FATALERRS;
+
+					if (LogLevel > 4 &&
+					    bitset(EF_LOGSENDER, e->e_flags))
+						logsender(e, NULL);
+					e->e_flags &= ~EF_LOGSENDER;
+
 					finis(TRUE, ExitStat);
 				}
 				break;
@@ -526,16 +1409,37 @@ smtp(nullserver, e)
 			if (Errors > 0)
 				goto undo_subproc_no_pm;
 
-			/* do config file checking of the sender */
-			if (rscheck("check_mail", p, NULL, e) != EX_OK ||
-			    Errors > 0)
-				goto undo_subproc_no_pm;
+			/* Successfully set e_from, allow logging */
+			e->e_flags |= EF_LOGSENDER;
+
+			/* put resulting triple from parseaddr() into macros */
+			if (e->e_from.q_mailer != NULL)
+				 define(macid("{mail_mailer}", NULL),
+					e->e_from.q_mailer->m_name, e);
+			else
+				 define(macid("{mail_mailer}", NULL),
+					NULL, e);
+			if (e->e_from.q_host != NULL)
+				define(macid("{mail_host}", NULL),
+				       e->e_from.q_host, e);
+			else
+				define(macid("{mail_host}", NULL),
+				       "localhost", e);
+			if (e->e_from.q_user != NULL)
+				define(macid("{mail_addr}", NULL),
+				       e->e_from.q_user, e);
+			else
+				define(macid("{mail_addr}", NULL),
+				       NULL, e);
+			if (Errors > 0)
+			  goto undo_subproc_no_pm;
 
 			/* check for possible spoofing */
 			if (RealUid != 0 && OpMode == MD_SMTP &&
 			    !wordinclass(RealUserName, 't') &&
-			    !bitnset(M_LOCALMAILER, e->e_from.q_mailer->m_flags) &&
-			    strcmp(e->e_from.q_user, RealUserName) != 0)
+			    (!bitnset(M_LOCALMAILER,
+				      e->e_from.q_mailer->m_flags) ||
+			     strcmp(e->e_from.q_user, RealUserName) != 0))
 			{
 				auth_warning(e, "%s owned process doing -bs",
 					RealUserName);
@@ -543,12 +1447,15 @@ smtp(nullserver, e)
 
 			/* now parse ESMTP arguments */
 			e->e_msgsize = 0;
+			addr = p;
+			argno = 0;
+			args[argno++] = p;
 			p = delimptr;
 			while (p != NULL && *p != '\0')
 			{
 				char *kp;
 				char *vp = NULL;
-				extern void mail_esmtp_args __P((char *, char *, ENVELOPE *));
+				char *equal = NULL;
 
 				/* locate the beginning of the keyword */
 				while (isascii(*p) && isspace(*p))
@@ -562,6 +1469,7 @@ smtp(nullserver, e)
 					p++;
 				if (*p == '=')
 				{
+					equal = p;
 					*p++ = '\0';
 					vp = p;
 
@@ -576,44 +1484,90 @@ smtp(nullserver, e)
 					*p++ = '\0';
 
 				if (tTd(19, 1))
-					printf("MAIL: got arg %s=\"%s\"\n", kp,
+					dprintf("MAIL: got arg %s=\"%s\"\n", kp,
 						vp == NULL ? "<null>" : vp);
 
 				mail_esmtp_args(kp, vp, e);
+				if (equal != NULL)
+					*equal = '=';
+				args[argno++] = kp;
+				if (argno >= MAXSMTPARGS - 1)
+					usrerr("501 5.5.4 Too many parameters");
 				if (Errors > 0)
 					goto undo_subproc_no_pm;
 			}
+			args[argno] = NULL;
 			if (Errors > 0)
 				goto undo_subproc_no_pm;
 
+			/* do config file checking of the sender */
+			if (rscheck("check_mail", addr,
+				    NULL, e, TRUE, TRUE, 4) != EX_OK ||
+			    Errors > 0)
+				goto undo_subproc_no_pm;
+
 			if (MaxMessageSize > 0 && e->e_msgsize > MaxMessageSize)
 			{
-				usrerr("552 Message size exceeds fixed maximum message size (%ld)",
+				usrerr("552 5.2.3 Message size exceeds fixed maximum message size (%ld)",
 					MaxMessageSize);
 				goto undo_subproc_no_pm;
 			}
-				
-			if (!enoughdiskspace(e->e_msgsize))
+
+			if (!enoughdiskspace(e->e_msgsize, TRUE))
 			{
-				usrerr("452 Insufficient disk space; try again later");
+				usrerr("452 4.4.5 Insufficient disk space; try again later");
 				goto undo_subproc_no_pm;
 			}
 			if (Errors > 0)
 				goto undo_subproc_no_pm;
-			message("250 Sender ok");
+
+# if _FFR_MILTER
+			LogUsrErrs = TRUE;
+			if (milterize && !bitset(EF_DISCARD, e->e_flags))
+			{
+				char state;
+				char *response;
+
+				response = milter_envfrom(args, e, &state);
+				switch (state)
+				{
+				  case SMFIR_REPLYCODE:
+					usrerr(response);
+					break;
+
+				  case SMFIR_REJECT:
+					usrerr("550 5.7.1 Command rejected");
+					break;
+
+				  case SMFIR_DISCARD:
+					e->e_flags |= EF_DISCARD;
+					break;
+
+				  case SMFIR_TEMPFAIL:
+					usrerr("451 4.7.1 Try again later");
+					break;
+				}
+				if (response != NULL)
+					free(response);
+			}
+# endif /* _FFR_MILTER */
+			if (Errors > 0)
+				goto undo_subproc_no_pm;
+
+			message("250 2.1.0 Sender ok");
 			gotmail = TRUE;
 			break;
 
 		  case CMDRCPT:		/* rcpt -- designate recipient */
 			if (!gotmail)
 			{
-				usrerr("503 Need MAIL before RCPT");
+				usrerr("503 5.0.0 Need MAIL before RCPT");
 				break;
 			}
 			SmtpPhase = "server RCPT";
 			if (setjmp(TopFrame) > 0)
 			{
-				e->e_flags &= ~EF_FATALERRS;
+				e->e_flags &= ~(EF_FATALERRS|EF_PM_NOTIFY);
 				break;
 			}
 			QuickAbort = TRUE;
@@ -622,40 +1576,80 @@ smtp(nullserver, e)
 			/* limit flooding of our machine */
 			if (MaxRcptPerMsg > 0 && nrcpts >= MaxRcptPerMsg)
 			{
-				usrerr("452 Too many recipients");
+				usrerr("452 4.5.3 Too many recipients");
 				break;
 			}
 
 			if (e->e_sendmode != SM_DELIVER)
 				e->e_flags |= EF_VRFYONLY;
 
+# if _FFR_MILTER
+			/*
+			**  If the filter will be deleting recipients,
+			**  don't expand them at RCPT time (in the call
+			**  to recipient()).  If they are expanded, it
+			**  is impossible for removefromlist() to figure
+			**  out the expanded members of the original
+			**  recipient and mark them as QS_DONTSEND.
+			*/
+
+			if (milter_can_delrcpts())
+				e->e_flags |= EF_VRFYONLY;
+# endif /* _FFR_MILTER */
+
 			p = skipword(p, "to");
 			if (p == NULL)
 				break;
+# if _FFR_ADDR_TYPE
+			define(macid("{addr_type}", NULL), "e r", e);
+# endif /* _FFR_ADDR_TYPE */
 			a = parseaddr(p, NULLADDR, RF_COPYALL, ' ', &delimptr, e);
+#if _FFR_ADDR_TYPE
+			define(macid("{addr_type}", NULL), NULL, e);
+#endif /* _FFR_ADDR_TYPE */
 			if (Errors > 0)
 				break;
 			if (a == NULL)
 			{
-				usrerr("501 Missing recipient");
+				usrerr("501 5.0.0 Missing recipient");
 				break;
 			}
 
 			if (delimptr != NULL && *delimptr != '\0')
 				*delimptr++ = '\0';
 
-			/* do config file checking of the recipient */
-			if (rscheck("check_rcpt", p, NULL, e) != EX_OK ||
-			    Errors > 0)
+			/* put resulting triple from parseaddr() into macros */
+			if (a->q_mailer != NULL)
+				define(macid("{rcpt_mailer}", NULL),
+				       a->q_mailer->m_name, e);
+			else
+				define(macid("{rcpt_mailer}", NULL),
+				       NULL, e);
+			if (a->q_host != NULL)
+				define(macid("{rcpt_host}", NULL),
+				       a->q_host, e);
+			else
+				define(macid("{rcpt_host}", NULL),
+				       "localhost", e);
+			if (a->q_user != NULL)
+				define(macid("{rcpt_addr}", NULL),
+				       a->q_user, e);
+			else
+				define(macid("{rcpt_addr}", NULL),
+				       NULL, e);
+			if (Errors > 0)
 				break;
 
 			/* now parse ESMTP arguments */
+			addr = p;
+			argno = 0;
+			args[argno++] = p;
 			p = delimptr;
 			while (p != NULL && *p != '\0')
 			{
 				char *kp;
 				char *vp = NULL;
-				extern void rcpt_esmtp_args __P((ADDRESS *, char *, char *, ENVELOPE *));
+				char *equal = NULL;
 
 				/* locate the beginning of the keyword */
 				while (isascii(*p) && isspace(*p))
@@ -669,6 +1663,7 @@ smtp(nullserver, e)
 					p++;
 				if (*p == '=')
 				{
+					equal = p;
 					*p++ = '\0';
 					vp = p;
 
@@ -683,13 +1678,62 @@ smtp(nullserver, e)
 					*p++ = '\0';
 
 				if (tTd(19, 1))
-					printf("RCPT: got arg %s=\"%s\"\n", kp,
+					dprintf("RCPT: got arg %s=\"%s\"\n", kp,
 						vp == NULL ? "<null>" : vp);
 
 				rcpt_esmtp_args(a, kp, vp, e);
+				if (equal != NULL)
+					*equal = '=';
+				args[argno++] = kp;
+				if (argno >= MAXSMTPARGS - 1)
+					usrerr("501 5.5.4 Too many parameters");
 				if (Errors > 0)
 					break;
 			}
+			args[argno] = NULL;
+			if (Errors > 0)
+				break;
+
+			/* do config file checking of the recipient */
+			if (rscheck("check_rcpt", addr,
+				    NULL, e, TRUE, TRUE, 4) != EX_OK ||
+			    Errors > 0)
+				break;
+
+# if _FFR_MILTER
+			if (milterize && !bitset(EF_DISCARD, e->e_flags))
+			{
+				char state;
+				char *response;
+
+				response = milter_envrcpt(args, e, &state);
+				switch (state)
+				{
+				  case SMFIR_REPLYCODE:
+					usrerr(response);
+					break;
+
+				  case SMFIR_REJECT:
+					usrerr("550 5.7.1 Command rejected");
+					break;
+
+				  case SMFIR_DISCARD:
+					e->e_flags |= EF_DISCARD;
+					break;
+
+				  case SMFIR_TEMPFAIL:
+					usrerr("451 4.7.1 Try again later");
+					break;
+				}
+				if (response != NULL)
+					free(response);
+			}
+# endif /* _FFR_MILTER */
+
+			define(macid("{rcpt_mailer}", NULL), NULL, e);
+			define(macid("{rcpt_relay}", NULL), NULL, e);
+			define(macid("{rcpt_addr}", NULL), NULL, e);
+			define(macid("{dsn_notify}", NULL), NULL, e);
 			if (Errors > 0)
 				break;
 
@@ -700,17 +1744,19 @@ smtp(nullserver, e)
 
 			/* no errors during parsing, but might be a duplicate */
 			e->e_to = a->q_paddr;
-			if (!bitset(QBADADDR, a->q_flags))
+			if (!QS_IS_BADADDR(a->q_state))
 			{
-				message("250 Recipient ok%s",
-					bitset(QQUEUEUP, a->q_flags) ?
+				if (e->e_queuedir == NOQDIR)
+					initsys(e);
+				message("250 2.1.5 Recipient ok%s",
+					QS_IS_QUEUEUP(a->q_state) ?
 						" (will queue)" : "");
 				nrcpts++;
 			}
 			else
 			{
 				/* punt -- should keep message in ADDRESS.... */
-				usrerr("550 Addressee unknown");
+				usrerr("550 5.1.1 Addressee unknown");
 			}
 			break;
 
@@ -718,12 +1764,12 @@ smtp(nullserver, e)
 			SmtpPhase = "server DATA";
 			if (!gotmail)
 			{
-				usrerr("503 Need MAIL command");
+				usrerr("503 5.0.0 Need MAIL command");
 				break;
 			}
 			else if (nrcpts <= 0)
 			{
-				usrerr("503 Need RCPT (recipient)");
+				usrerr("503 5.0.0 Need RCPT (recipient)");
 				break;
 			}
 
@@ -732,21 +1778,20 @@ smtp(nullserver, e)
 				e->e_flags |= EF_DISCARD;
 
 			/* check to see if we need to re-expand aliases */
-			/* also reset QBADADDR on already-diagnosted addrs */
+			/* also reset QS_BADADDR on already-diagnosted addrs */
 			doublequeue = FALSE;
 			for (a = e->e_sendqueue; a != NULL; a = a->q_next)
 			{
-				if (bitset(QVERIFIED, a->q_flags) &&
+				if (QS_IS_VERIFIED(a->q_state) &&
 				    !bitset(EF_DISCARD, e->e_flags))
 				{
 					/* need to re-expand aliases */
 					doublequeue = TRUE;
 				}
-				if (bitset(QBADADDR, a->q_flags))
+				if (QS_IS_BADADDR(a->q_state))
 				{
 					/* make this "go away" */
-					a->q_flags |= QDONTSEND;
-					a->q_flags &= ~QBADADDR;
+					a->q_state = QS_DONTSEND;
 				}
 			}
 
@@ -754,8 +1799,71 @@ smtp(nullserver, e)
 			SmtpPhase = "collect";
 			buffer_errors();
 			collect(InChannel, TRUE, NULL, e);
+
+# if _FFR_MILTER
+			if (milterize &&
+			    Errors <= 0 &&
+			    !bitset(EF_DISCARD, e->e_flags))
+			{
+				char state;
+				char *response;
+
+				response = milter_data(e, &state);
+				switch (state)
+				{
+				  case SMFIR_REPLYCODE:
+					usrerr(response);
+					break;
+
+				  case SMFIR_REJECT:
+					usrerr("554 5.7.1 Command rejected");
+					break;
+
+				  case SMFIR_DISCARD:
+					e->e_flags |= EF_DISCARD;
+					break;
+
+				  case SMFIR_TEMPFAIL:
+					usrerr("451 4.7.1 Try again later");
+					break;
+				}
+				if (response != NULL)
+					free(response);
+			}
+
+			/* abort message filters that didn't get the body */
+			if (milterize)
+				milter_abort(e);
+# endif /* _FFR_MILTER */
+
+			/* redefine message size */
+			if ((q = macvalue(macid("{msg_size}", NULL), e))
+			    != NULL)
+				free(q);
+			snprintf(inp, sizeof inp, "%ld", e->e_msgsize);
+			define(macid("{msg_size}", NULL), newstr(inp), e);
 			if (Errors > 0)
 			{
+				/* Log who the mail would have gone to */
+				if (LogLevel > 8 &&
+				    e->e_message != NULL)
+				{
+					for (a = e->e_sendqueue;
+					     a != NULL;
+					     a = a->q_next)
+					{
+						if (!QS_IS_UNDELIVERED(a->q_state))
+							continue;
+
+						e->e_to = a->q_paddr;
+						logdelivery(NULL, NULL,
+							    a->q_status,
+							    e->e_message,
+							    NULL,
+							    (time_t) 0, e);
+					}
+					e->e_to = NULL;
+				}
 				flush_errors(TRUE);
 				buffer_errors();
 				goto abortmessage;
@@ -787,9 +1895,19 @@ smtp(nullserver, e)
 			*/
 
 			SmtpPhase = "delivery";
-			e->e_xfp = freopen(queuename(e, 'x'), "w", e->e_xfp);
+			(void) bftruncate(e->e_xfp);
 			id = e->e_id;
 
+			/*
+			**  If a header/body check (header checks or milter)
+			**  set EF_DISCARD, don't queueup the message --
+			**  that would lose the EF_DISCARD bit and deliver
+			**  the message.
+			*/
+
+			if (bitset(EF_DISCARD, e->e_flags))
+				doublequeue = FALSE;
+
 			if (doublequeue)
 			{
 				/* make sure it is in the queue */
@@ -798,28 +1916,43 @@ smtp(nullserver, e)
 			else
 			{
 				/* send to all recipients */
+# if NAMED_BIND
+				_res.retry = TimeOuts.res_retry[RES_TO_FIRST];
+				_res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
+# endif /* NAMED_BIND */
 				sendall(e, SM_DEFAULT);
 			}
 			e->e_to = NULL;
 
 			/* issue success message */
-			message("250 %s Message accepted for delivery", id);
+			message("250 2.0.0 %s Message accepted for delivery", id);
 
 			/* if we just queued, poke it */
 			if (doublequeue &&
 			    e->e_sendmode != SM_QUEUE &&
 			    e->e_sendmode != SM_DEFER)
 			{
-				CurrentLA = getla();
+				CurrentLA = sm_getla(e);
 
 				if (!shouldqueue(e->e_msgpriority, e->e_ctime))
 				{
+					/* close all the queue files */
+					closexscript(e);
+					if (e->e_dfp != NULL)
+						(void) bfclose(e->e_dfp);
+					e->e_dfp = NULL;
 					unlockqueue(e);
-					(void) dowork(id, TRUE, TRUE, e);
+
+					(void) dowork(e->e_queuedir, id,
+						      TRUE, TRUE, e);
 				}
 			}
 
   abortmessage:
+			if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags))
+				logsender(e, NULL);
+			e->e_flags &= ~EF_LOGSENDER;
+
 			/* if in a child, pop back to our parent */
 			if (InChild)
 				finis(TRUE, ExitStat);
@@ -832,14 +1965,24 @@ smtp(nullserver, e)
 			break;
 
 		  case CMDRSET:		/* rset -- reset state */
+# if _FFR_MILTER
+			/* abort milter filters */
+			milter_abort(e);
+# endif /* _FFR_MILTER */
+
 			if (tTd(94, 100))
-				message("451 Test failure");
+				message("451 4.0.0 Test failure");
 			else
-				message("250 Reset state");
+				message("250 2.0.0 Reset state");
 
 			/* arrange to ignore any current send list */
 			e->e_sendqueue = NULL;
 			e->e_flags |= EF_CLRQUEUE;
+
+			if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags))
+				logsender(e, NULL);
+			e->e_flags &= ~EF_LOGSENDER;
+
 			if (InChild)
 				finis(TRUE, ExitStat);
 
@@ -852,28 +1995,39 @@ smtp(nullserver, e)
 
 		  case CMDVRFY:		/* vrfy -- verify address */
 		  case CMDEXPN:		/* expn -- expand address */
-			checksmtpattack(&nverifies, MAXVRFYCOMMANDS,
-				c->cmdcode == CMDVRFY ? "VRFY" : "EXPN", e);
-			vrfy = c->cmdcode == CMDVRFY;
+			if (tempfail)
+			{
+				if (LogLevel > 9)
+					sm_syslog(LOG_INFO, e->e_id,
+						  "SMTP %s command (%.100s) from %.100s tempfailed (due to previous checks)",
+						  c->cmd_code == CMDVRFY ? "VRFY" : "EXPN",
+						  p, CurSmtpClient);
+				usrerr("550 5.7.1 Please try again later");
+				break;
+			}
+			wt = checksmtpattack(&nverifies, MAXVRFYCOMMANDS, FALSE,
+				c->cmd_code == CMDVRFY ? "VRFY" : "EXPN", e);
+			previous = curtime();
+			vrfy = c->cmd_code == CMDVRFY;
 			if (bitset(vrfy ? PRIV_NOVRFY : PRIV_NOEXPN,
 						PrivacyFlags))
 			{
 				if (vrfy)
-					message("252 Cannot VRFY user; try RCPT to attempt delivery (or try finger)");
+					message("252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)");
 				else
-					message("502 Sorry, we do not allow this operation");
+					message("502 5.7.0 Sorry, we do not allow this operation");
 				if (LogLevel > 5)
 					sm_syslog(LOG_INFO, e->e_id,
-						"%.100s: %s [rejected]",
-						CurSmtpClient,
-						shortenstring(inp, MAXSHORTSTR));
+						  "%.100s: %s [rejected]",
+						  CurSmtpClient,
+						  shortenstring(inp, MAXSHORTSTR));
 				break;
 			}
 			else if (!gothello &&
 				 bitset(vrfy ? PRIV_NEEDVRFYHELO : PRIV_NEEDEXPNHELO,
 						PrivacyFlags))
 			{
-				usrerr("503 I demand that you introduce yourself first");
+				usrerr("503 5.0.0 I demand that you introduce yourself first");
 				break;
 			}
 			if (runinchild(vrfy ? "SMTP-VRFY" : "SMTP-EXPN", e) > 0)
@@ -882,9 +2036,9 @@ smtp(nullserver, e)
 				goto undo_subproc;
 			if (LogLevel > 5)
 				sm_syslog(LOG_INFO, e->e_id,
-					"%.100s: %s",
-					CurSmtpClient,
-					shortenstring(inp, MAXSHORTSTR));
+					  "%.100s: %s",
+					  CurSmtpClient,
+					  shortenstring(inp, MAXSHORTSTR));
 			if (setjmp(TopFrame) > 0)
 				goto undo_subproc;
 			QuickAbort = TRUE;
@@ -895,133 +2049,199 @@ smtp(nullserver, e)
 				p++;
 			if (*p == '\0')
 			{
-				usrerr("501 Argument required");
+				usrerr("501 5.5.2 Argument required");
 			}
 			else
 			{
+				/* do config file checking of the address */
+				if (rscheck(vrfy ? "check_vrfy" : "check_expn",
+					    p, NULL, e, TRUE, FALSE, 4)
+				    != EX_OK || Errors > 0)
+					goto undo_subproc;
 				(void) sendtolist(p, NULLADDR, &vrfyqueue, 0, e);
 			}
+			if (wt > 0)
+				(void) sleep(wt - (curtime() - previous));
 			if (Errors > 0)
 				goto undo_subproc;
 			if (vrfyqueue == NULL)
 			{
-				usrerr("554 Nothing to %s", vrfy ? "VRFY" : "EXPN");
+				usrerr("554 5.5.2 Nothing to %s", vrfy ? "VRFY" : "EXPN");
 			}
 			while (vrfyqueue != NULL)
 			{
-				extern void printvrfyaddr __P((ADDRESS *, bool, bool));
+				if (!QS_IS_UNDELIVERED(vrfyqueue->q_state))
+				{
+					vrfyqueue = vrfyqueue->q_next;
+					continue;
+				}
 
+				/* see if there is more in the vrfy list */
 				a = vrfyqueue;
 				while ((a = a->q_next) != NULL &&
-				       bitset(QDONTSEND|QBADADDR, a->q_flags))
+				       (!QS_IS_UNDELIVERED(vrfyqueue->q_state)))
 					continue;
-				if (!bitset(QDONTSEND|QBADADDR, vrfyqueue->q_flags))
-					printvrfyaddr(vrfyqueue, a == NULL, vrfy);
-				vrfyqueue = vrfyqueue->q_next;
+				printvrfyaddr(vrfyqueue, a == NULL, vrfy);
+				vrfyqueue = a;
 			}
 			if (InChild)
 				finis(TRUE, ExitStat);
 			break;
 
 		  case CMDETRN:		/* etrn -- force queue flush */
-			if (bitset(PRIV_NOETRN, PrivacyFlags))
+			if (bitset(PRIV_NOETRN, PrivacyFlags) ||
+			    bitnset(D_NOETRN, d_flags))
 			{
-				message("502 Sorry, we do not allow this operation");
+				/* different message for MSA ? */
+				message("502 5.7.0 Sorry, we do not allow this operation");
 				if (LogLevel > 5)
 					sm_syslog(LOG_INFO, e->e_id,
-						"%.100s: %s [rejected]",
-						CurSmtpClient,
-						shortenstring(inp, MAXSHORTSTR));
+						  "%.100s: %s [rejected]",
+						  CurSmtpClient,
+						  shortenstring(inp, MAXSHORTSTR));
+				break;
+			}
+			if (tempfail)
+			{
+				if (LogLevel > 9)
+					sm_syslog(LOG_INFO, e->e_id,
+						  "SMTP ETRN command (%.100s) from %.100s tempfailed (due to previous checks)",
+						  p, CurSmtpClient);
+				usrerr("451 4.7.1 Please try again later");
 				break;
 			}
 
 			if (strlen(p) <= 0)
 			{
-				usrerr("500 Parameter required");
+				usrerr("500 5.5.2 Parameter required");
 				break;
 			}
 
 			/* crude way to avoid denial-of-service attacks */
-			checksmtpattack(&n_etrn, MAXETRNCOMMANDS, "ETRN", e);
+			(void) checksmtpattack(&n_etrn, MAXETRNCOMMANDS, TRUE,
+					     "ETRN", e);
+
+			/* do config file checking of the parameter */
+			if (rscheck("check_etrn", p, NULL, e, TRUE, FALSE, 4)
+			    != EX_OK || Errors > 0)
+				break;
 
 			if (LogLevel > 5)
 				sm_syslog(LOG_INFO, e->e_id,
-					"%.100s: ETRN %s",
-					CurSmtpClient,
-					shortenstring(p, MAXSHORTSTR));
+					  "%.100s: ETRN %s",
+					  CurSmtpClient,
+					  shortenstring(p, MAXSHORTSTR));
 
 			id = p;
 			if (*id == '@')
 				id++;
 			else
 				*--id = '@';
-				  
+
 			if ((new = (QUEUE_CHAR *)malloc(sizeof(QUEUE_CHAR))) == NULL)
 			{
-				syserr("500 ETRN out of memory");
+				syserr("500 5.5.0 ETRN out of memory");
 				break;
 			}
 			new->queue_match = id;
 			new->queue_next = NULL;
 			QueueLimitRecipient = new;
-			ok = runqueue(TRUE, TRUE);
+			ok = runqueue(TRUE, FALSE);
 			free(QueueLimitRecipient);
 			QueueLimitRecipient = NULL;
 			if (ok && Errors == 0)
-				message("250 Queuing for node %s started", p);
+				message("250 2.0.0 Queuing for node %s started", p);
 			break;
 
 		  case CMDHELP:		/* help -- give user info */
-			help(p);
+			help(p, e);
 			break;
 
 		  case CMDNOOP:		/* noop -- do nothing */
-			checksmtpattack(&n_noop, MAXNOOPCOMMANDS, "NOOP", e);
-			message("250 OK");
+			(void) checksmtpattack(&n_noop, MAXNOOPCOMMANDS, TRUE,
+					       "NOOP", e);
+			message("250 2.0.0 OK");
 			break;
 
 		  case CMDQUIT:		/* quit -- leave mail */
-			message("221 %s closing connection", MyHostName);
+			message("221 2.0.0 %s closing connection", MyHostName);
 
-doquit:
 			/* arrange to ignore any current send list */
 			e->e_sendqueue = NULL;
 
+# if STARTTLS
+			/* shutdown TLS connection */
+			if (tls_active)
+			{
+				(void) endtls(srv_ssl, "server");
+				tls_active = FALSE;
+			}
+# endif /* STARTTLS */
+# if SASL
+			if (authenticating == SASL_IS_AUTH)
+			{
+				sasl_dispose(&conn);
+				authenticating = SASL_NOT_AUTH;
+			}
+# endif /* SASL */
+
+doquit:
 			/* avoid future 050 messages */
 			disconnect(1, e);
 
+# if _FFR_MILTER
+			/* close out milter filters */
+			milter_quit(e);
+# endif /* _FFR_MILTER */
+
 			if (InChild)
 				ExitStat = EX_QUIT;
+
+			if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags))
+				logsender(e, NULL);
+			e->e_flags &= ~EF_LOGSENDER;
+
 			if (lognullconnection && LogLevel > 5)
+			{
+				char *d;
+
+				d = macvalue(macid("{daemon_name}", NULL), e);
+				if (d == NULL)
+					d = "stdin";
 				sm_syslog(LOG_INFO, NULL,
-					"Null connection from %.100s",
-					CurSmtpClient);
+					 "%.100s did not issue MAIL/EXPN/VRFY/ETRN during connection to %s",
+					  CurSmtpClient, d);
+			}
 			finis(TRUE, ExitStat);
+			/* NOTREACHED */
 
 		  case CMDVERB:		/* set verbose mode */
 			if (bitset(PRIV_NOEXPN, PrivacyFlags) ||
 			    bitset(PRIV_NOVERB, PrivacyFlags))
 			{
 				/* this would give out the same info */
-				message("502 Verbose unavailable");
+				message("502 5.7.0 Verbose unavailable");
 				break;
 			}
-			checksmtpattack(&n_noop, MAXNOOPCOMMANDS, "VERB", e);
+			(void) checksmtpattack(&n_noop, MAXNOOPCOMMANDS, TRUE,
+					       "VERB", e);
 			Verbose = 1;
-			e->e_sendmode = SM_DELIVER;
-			message("250 Verbose mode");
+			set_delivery_mode(SM_DELIVER, e);
+			message("250 2.0.0 Verbose mode");
 			break;
 
 		  case CMDONEX:		/* doing one transaction only */
-			checksmtpattack(&n_noop, MAXNOOPCOMMANDS, "ONEX", e);
+			(void) checksmtpattack(&n_noop, MAXNOOPCOMMANDS, TRUE,
+					       "ONEX", e);
 			OneXact = TRUE;
-			message("250 Only one transaction");
+			message("250 2.0.0 Only one transaction");
 			break;
 
 		  case CMDXUSR:		/* initial (user) submission */
-			checksmtpattack(&n_noop, MAXNOOPCOMMANDS, "XUSR", e);
-			UserSubmission = TRUE;
-			message("250 Initial submission");
+			(void) checksmtpattack(&n_noop, MAXNOOPCOMMANDS, TRUE,
+					       "XUSR", e);
+			define(macid("{daemon_flags}", NULL), "c u", CurEnv);
+			message("250 2.0.0 Initial submission");
 			break;
 
 # if SMTPDEBUG
@@ -1033,39 +2253,51 @@ doquit:
 		  case CMDDBGDEBUG:	/* set debug mode */
 			tTsetup(tTdvect, sizeof tTdvect, "0-99.1");
 			tTflag(p);
-			message("200 Debug set");
+			message("200 2.0.0 Debug set");
 			break;
 
-# else /* not SMTPDEBUG */
+# else /* SMTPDEBUG */
 		  case CMDDBGQSHOW:	/* show queues */
 		  case CMDDBGDEBUG:	/* set debug mode */
 # endif /* SMTPDEBUG */
 		  case CMDLOGBOGUS:	/* bogus command */
 			if (LogLevel > 0)
 				sm_syslog(LOG_CRIT, e->e_id,
-				    "\"%s\" command from %.100s (%.100s)",
-				    c->cmdname, CurSmtpClient,
-				    anynet_ntoa(&RealHostAddr));
-			/* FALL THROUGH */
+					  "\"%s\" command from %.100s (%.100s)",
+					  c->cmd_name, CurSmtpClient,
+					  anynet_ntoa(&RealHostAddr));
+			/* FALLTHROUGH */
 
 		  case CMDERROR:	/* unknown command */
 			if (++badcommands > MAXBADCOMMANDS)
 			{
-				message("421 %s Too many bad commands; closing connection",
+				message("421 4.7.0 %s Too many bad commands; closing connection",
 					MyHostName);
+
+				/* arrange to ignore any current send list */
+				e->e_sendqueue = NULL;
 				goto doquit;
 			}
 
-			usrerr("500 Command unrecognized: \"%s\"",
-				shortenstring(inp, MAXSHORTSTR));
+			usrerr("500 5.5.1 Command unrecognized: \"%s\"",
+			       shortenstring(inp, MAXSHORTSTR));
+			break;
+
+		  case CMDUNIMPL:
+			usrerr("502 5.5.1 Command not implemented: \"%s\"",
+			       shortenstring(inp, MAXSHORTSTR));
 			break;
 
 		  default:
 			errno = 0;
-			syserr("500 smtp: unknown code %d", c->cmdcode);
+			syserr("500 5.5.0 smtp: unknown code %d", c->cmd_code);
 			break;
 		}
+# if SASL
+		}
+# endif /* SASL */
 	}
+
 }
 /*
 **  CHECKSMTPATTACK -- check for denial-of-service attack by repetition
@@ -1074,6 +2306,7 @@ doquit:
 **		pcounter -- pointer to a counter for this command.
 **		maxcount -- maximum value for this counter before we
 **			slow down.
+**		waitnow -- sleep now (in this routine)?
 **		cname -- command name for logging.
 **		e -- the current envelope.
 **
@@ -1084,23 +2317,38 @@ doquit:
 **		Slows down if we seem to be under attack.
 */
 
-void
-checksmtpattack(pcounter, maxcount, cname, e)
+static time_t
+checksmtpattack(pcounter, maxcount, waitnow, cname, e)
 	volatile int *pcounter;
 	int maxcount;
+	bool waitnow;
 	char *cname;
 	ENVELOPE *e;
 {
 	if (++(*pcounter) >= maxcount)
 	{
+		time_t s;
+
 		if (*pcounter == maxcount && LogLevel > 5)
 		{
 			sm_syslog(LOG_INFO, e->e_id,
-				"%.100s: %.40s attack?",
-			       CurSmtpClient, cname);
+				  "%.100s: %.40s attack?",
+				  CurSmtpClient, cname);
 		}
-		sleep(*pcounter / maxcount);
+		s = 1 << (*pcounter - maxcount);
+		if (s >= MAXTIMEOUT)
+			s = MAXTIMEOUT;
+		/* sleep at least 1 second before returning */
+		(void) sleep(*pcounter / maxcount);
+		s -= *pcounter / maxcount;
+		if (waitnow)
+		{
+			(void) sleep(s);
+			return(0);
+		}
+		return(s);
 	}
+	return((time_t) 0);
 }
 /*
 **  SKIPWORD -- skip a fixed word.
@@ -1138,9 +2386,9 @@ skipword(p, w)
 	if (*p != ':')
 	{
 	  syntax:
-		usrerr("501 Syntax error in parameters scanning \"%s\"",
+		usrerr("501 5.5.2 Syntax error in parameters scanning \"%s\"",
 			shortenstring(firstp, MAXSHORTSTR));
-		return (NULL);
+		return NULL;
 	}
 	*p++ = '\0';
 	while (isascii(*p) && isspace(*p))
@@ -1153,7 +2401,7 @@ skipword(p, w)
 	if (strcasecmp(q, w))
 		goto syntax;
 
-	return (p);
+	return p;
 }
 /*
 **  MAIL_ESMTP_ARGS -- process ESMTP arguments from MAIL line
@@ -1167,7 +2415,7 @@ skipword(p, w)
 **		none.
 */
 
-void
+static void
 mail_esmtp_args(kp, vp, e)
 	char *kp;
 	char *vp;
@@ -1177,20 +2425,21 @@ mail_esmtp_args(kp, vp, e)
 	{
 		if (vp == NULL)
 		{
-			usrerr("501 SIZE requires a value");
+			usrerr("501 5.5.2 SIZE requires a value");
 			/* NOTREACHED */
 		}
+		define(macid("{msg_size}", NULL), newstr(vp), e);
 # if defined(__STDC__) && !defined(BROKEN_ANSI_LIBRARY)
 		e->e_msgsize = strtoul(vp, (char **) NULL, 10);
-# else
+# else /* defined(__STDC__) && !defined(BROKEN_ANSI_LIBRARY) */
 		e->e_msgsize = strtol(vp, (char **) NULL, 10);
-# endif
+# endif /* defined(__STDC__) && !defined(BROKEN_ANSI_LIBRARY) */
 	}
 	else if (strcasecmp(kp, "body") == 0)
 	{
 		if (vp == NULL)
 		{
-			usrerr("501 BODY requires a value");
+			usrerr("501 5.5.2 BODY requires a value");
 			/* NOTREACHED */
 		}
 		else if (strcasecmp(vp, "8bitmime") == 0)
@@ -1203,7 +2452,7 @@ mail_esmtp_args(kp, vp, e)
 		}
 		else
 		{
-			usrerr("501 Unknown BODY type %s",
+			usrerr("501 5.5.4 Unknown BODY type %s",
 				vp);
 			/* NOTREACHED */
 		}
@@ -1211,33 +2460,44 @@ mail_esmtp_args(kp, vp, e)
 	}
 	else if (strcasecmp(kp, "envid") == 0)
 	{
+		if (bitset(PRIV_NORECEIPTS, PrivacyFlags))
+		{
+			usrerr("504 5.7.0 Sorry, ENVID not supported, we do not allow DSN");
+			/* NOTREACHED */
+		}
 		if (vp == NULL)
 		{
-			usrerr("501 ENVID requires a value");
+			usrerr("501 5.5.2 ENVID requires a value");
 			/* NOTREACHED */
 		}
 		if (!xtextok(vp))
 		{
-			usrerr("501 Syntax error in ENVID parameter value");
+			usrerr("501 5.5.4 Syntax error in ENVID parameter value");
 			/* NOTREACHED */
 		}
 		if (e->e_envid != NULL)
 		{
-			usrerr("501 Duplicate ENVID parameter");
+			usrerr("501 5.5.0 Duplicate ENVID parameter");
 			/* NOTREACHED */
 		}
 		e->e_envid = newstr(vp);
+		define(macid("{dsn_envid}", NULL), newstr(vp), e);
 	}
 	else if (strcasecmp(kp, "ret") == 0)
 	{
+		if (bitset(PRIV_NORECEIPTS, PrivacyFlags))
+		{
+			usrerr("504 5.7.0 Sorry, RET not supported, we do not allow DSN");
+			/* NOTREACHED */
+		}
 		if (vp == NULL)
 		{
-			usrerr("501 RET requires a value");
+			usrerr("501 5.5.2 RET requires a value");
 			/* NOTREACHED */
 		}
 		if (bitset(EF_RET_PARAM, e->e_flags))
 		{
-			usrerr("501 Duplicate RET parameter");
+			usrerr("501 5.5.0 Duplicate RET parameter");
 			/* NOTREACHED */
 		}
 		e->e_flags |= EF_RET_PARAM;
@@ -1245,13 +2505,89 @@ mail_esmtp_args(kp, vp, e)
 			e->e_flags |= EF_NO_BODY_RETN;
 		else if (strcasecmp(vp, "full") != 0)
 		{
-			usrerr("501 Bad argument \"%s\" to RET", vp);
+			usrerr("501 5.5.2 Bad argument \"%s\" to RET", vp);
+			/* NOTREACHED */
+		}
+		define(macid("{dsn_ret}", NULL), newstr(vp), e);
+	}
+# if SASL
+	else if (strcasecmp(kp, "auth") == 0)
+	{
+		int len;
+		char *q;
+		char *auth_param;	/* the value of the AUTH=x */
+		bool saveQuickAbort = QuickAbort;
+		bool saveSuprErrs = SuprErrs;
+		char pbuf[256];
+
+		if (vp == NULL)
+		{
+			usrerr("501 5.5.2 AUTH= requires a value");
+			/* NOTREACHED */
+		}
+		if (e->e_auth_param != NULL)
+		{
+			usrerr("501 5.5.0 Duplicate AUTH parameter");
 			/* NOTREACHED */
 		}
+		if ((q = strchr(vp, ' ')) != NULL)
+			len = q - vp + 1;
+		else
+			len = strlen(vp) + 1;
+		auth_param = xalloc(len);
+		(void) strlcpy(auth_param, vp, len);
+		if (!xtextok(auth_param))
+		{
+			usrerr("501 5.5.4 Syntax error in AUTH parameter value");
+			/* just a warning? */
+			/* NOTREACHED */
+		}
+
+		/* XXX this might be cut off */
+		snprintf(pbuf, sizeof pbuf, "%s", xuntextify(auth_param));
+		/* xalloc() the buffer instead? */
+
+		/* XXX define this always or only if trusted? */
+		define(macid("{auth_author}", NULL), newstr(pbuf), e);
+
+		/*
+		**  call Strust_auth to find out whether
+		**  auth_param is acceptable (trusted)
+		**  we shouldn't trust it if not authenticated
+		**  (required by RFC, leave it to ruleset?)
+		*/
+
+		SuprErrs = TRUE;
+		QuickAbort = FALSE;
+		if (strcmp(auth_param, "<>") != 0 &&
+		     (rscheck("trust_auth", pbuf, NULL, e, TRUE, FALSE, 10)
+		      != EX_OK || Errors > 0))
+		{
+			if (tTd(95, 8))
+			{
+				q = e->e_auth_param;
+				dprintf("auth=\"%.100s\" not trusted user=\"%.100s\"\n",
+					pbuf, (q == NULL) ? "" : q);
+			}
+			/* not trusted */
+			e->e_auth_param = newstr("<>");
+		}
+		else
+		{
+			if (tTd(95, 8))
+				dprintf("auth=\"%.100s\" trusted\n", pbuf);
+			e->e_auth_param = newstr(auth_param);
+		}
+		free(auth_param);
+		/* reset values */
+		Errors = 0;
+		QuickAbort = saveQuickAbort;
+		SuprErrs = saveSuprErrs;
 	}
+# endif /* SASL */
 	else
 	{
-		usrerr("501 %s parameter unrecognized", kp);
+		usrerr("501 5.5.4 %s parameter unrecognized", kp);
 		/* NOTREACHED */
 	}
 }
@@ -1268,7 +2604,7 @@ mail_esmtp_args(kp, vp, e)
 **		none.
 */
 
-void
+static void
 rcpt_esmtp_args(a, kp, vp, e)
 	ADDRESS *a;
 	char *kp;
@@ -1279,13 +2615,20 @@ rcpt_esmtp_args(a, kp, vp, e)
 	{
 		char *p;
 
+		if (bitset(PRIV_NORECEIPTS, PrivacyFlags))
+		{
+			usrerr("504 5.7.0 Sorry, NOTIFY not supported, we do not allow DSN");
+			/* NOTREACHED */
+		}
 		if (vp == NULL)
 		{
-			usrerr("501 NOTIFY requires a value");
+			usrerr("501 5.5.2 NOTIFY requires a value");
 			/* NOTREACHED */
 		}
 		a->q_flags &= ~(QPINGONSUCCESS|QPINGONFAILURE|QPINGONDELAY);
 		a->q_flags |= QHASNOTIFY;
+		define(macid("{dsn_notify}", NULL), newstr(vp), e);
+
 		if (strcasecmp(vp, "never") == 0)
 			return;
 		for (p = vp; p != NULL; vp = p)
@@ -1301,7 +2644,7 @@ rcpt_esmtp_args(a, kp, vp, e)
 				a->q_flags |= QPINGONDELAY;
 			else
 			{
-				usrerr("501 Bad argument \"%s\"  to NOTIFY",
+				usrerr("501 5.5.4 Bad argument \"%s\"  to NOTIFY",
 					vp);
 				/* NOTREACHED */
 			}
@@ -1309,26 +2652,31 @@ rcpt_esmtp_args(a, kp, vp, e)
 	}
 	else if (strcasecmp(kp, "orcpt") == 0)
 	{
+		if (bitset(PRIV_NORECEIPTS, PrivacyFlags))
+		{
+			usrerr("504 5.7.0 Sorry, ORCPT not supported, we do not allow DSN");
+			/* NOTREACHED */
+		}
 		if (vp == NULL)
 		{
-			usrerr("501 ORCPT requires a value");
+			usrerr("501 5.5.2 ORCPT requires a value");
 			/* NOTREACHED */
 		}
 		if (strchr(vp, ';') == NULL || !xtextok(vp))
 		{
-			usrerr("501 Syntax error in ORCPT parameter value");
+			usrerr("501 5.5.4 Syntax error in ORCPT parameter value");
 			/* NOTREACHED */
 		}
 		if (a->q_orcpt != NULL)
 		{
-			usrerr("501 Duplicate ORCPT parameter");
+			usrerr("501 5.5.0 Duplicate ORCPT parameter");
 			/* NOTREACHED */
 		}
 		a->q_orcpt = newstr(vp);
 	}
 	else
 	{
-		usrerr("501 %s parameter unrecognized", kp);
+		usrerr("501 5.5.4 %s parameter unrecognized", kp);
 		/* NOTREACHED */
 	}
 }
@@ -1346,36 +2694,47 @@ rcpt_esmtp_args(a, kp, vp, e)
 **	Side Effects:
 **		Prints the appropriate 250 codes.
 */
+#define OFFF	(3 + 1 + 5 + 1)	/* offset in fmt: SMTP reply + enh. code */
 
-void
+static void
 printvrfyaddr(a, last, vrfy)
 	register ADDRESS *a;
 	bool last;
 	bool vrfy;
 {
-	char fmtbuf[20];
+	char fmtbuf[30];
 
 	if (vrfy && a->q_mailer != NULL &&
 	    !bitnset(M_VRFY250, a->q_mailer->m_flags))
-		strcpy(fmtbuf, "252");
+		(void) strlcpy(fmtbuf, "252", sizeof fmtbuf);
 	else
-		strcpy(fmtbuf, "250");
+		(void) strlcpy(fmtbuf, "250", sizeof fmtbuf);
 	fmtbuf[3] = last ? ' ' : '-';
-
+	(void) strlcpy(&fmtbuf[4], "2.1.5 ", sizeof fmtbuf - 4);
 	if (a->q_fullname == NULL)
 	{
-		if (strchr(a->q_user, '@') == NULL)
-			strcpy(&fmtbuf[4], "<%s@%s>");
+		if ((a->q_mailer == NULL ||
+		     a->q_mailer->m_addrtype == NULL ||
+		     strcasecmp(a->q_mailer->m_addrtype, "rfc822") == 0) &&
+		    strchr(a->q_user, '@') == NULL)
+			(void) strlcpy(&fmtbuf[OFFF], "<%s@%s>",
+				       sizeof fmtbuf - OFFF);
 		else
-			strcpy(&fmtbuf[4], "<%s>");
+			(void) strlcpy(&fmtbuf[OFFF], "<%s>",
+				       sizeof fmtbuf - OFFF);
 		message(fmtbuf, a->q_user, MyHostName);
 	}
 	else
 	{
-		if (strchr(a->q_user, '@') == NULL)
-			strcpy(&fmtbuf[4], "%s <%s@%s>");
+		if ((a->q_mailer == NULL ||
+		     a->q_mailer->m_addrtype == NULL ||
+		     strcasecmp(a->q_mailer->m_addrtype, "rfc822") == 0) &&
+		    strchr(a->q_user, '@') == NULL)
+			(void) strlcpy(&fmtbuf[OFFF], "%s <%s@%s>",
+				       sizeof fmtbuf - OFFF);
 		else
-			strcpy(&fmtbuf[4], "%s <%s>");
+			(void) strlcpy(&fmtbuf[OFFF], "%s <%s>",
+				       sizeof fmtbuf - OFFF);
 		message(fmtbuf, a->q_fullname, a->q_user, MyHostName);
 	}
 }
@@ -1386,14 +2745,15 @@ printvrfyaddr(a, last, vrfy)
 **		label -- a string used in error messages
 **
 **	Returns:
-**		zero in the child
-**		one in the parent
+**		RIC_INCHILD in the child
+**		RIC_INPARENT in the parent
+**		RIC_TEMPFAIL tempfail condition
 **
 **	Side Effects:
 **		none.
 */
 
-int
+static int
 runinchild(label, e)
 	char *label;
 	register ENVELOPE *e;
@@ -1402,8 +2762,19 @@ runinchild(label, e)
 
 	if (!OneXact)
 	{
+		extern int NumQueues;
+
+		/*
+		**  advance state of PRNG
+		**  this is necessary because otherwise all child processes
+		**  will produce the same PRN sequence and hence the selection
+		**  of a queue directory is not "really" random.
+		*/
+		if (NumQueues > 1)
+			(void) get_random();
+
 		/*
-		**  Disable child process reaping, in case ETRN has preceeded
+		**  Disable child process reaping, in case ETRN has preceded
 		**  MAIL command, and then fork.
 		*/
 
@@ -1412,24 +2783,28 @@ runinchild(label, e)
 		childpid = dofork();
 		if (childpid < 0)
 		{
-			syserr("451 %s: cannot fork", label);
+			syserr("451 4.3.0 %s: cannot fork", label);
 			(void) releasesignal(SIGCHLD);
-			return (1);
+			return RIC_INPARENT;
 		}
 		if (childpid > 0)
 		{
 			auto int st;
 
 			/* parent -- wait for child to complete */
-			sm_setproctitle(TRUE, "server %s child wait", CurSmtpClient);
+			sm_setproctitle(TRUE, e, "server %s child wait",
+					CurSmtpClient);
 			st = waitfor(childpid);
 			if (st == -1)
-				syserr("451 %s: lost child", label);
+				syserr("451 4.3.0 %s: lost child", label);
 			else if (!WIFEXITED(st))
-				syserr("451 %s: died on signal %d",
-					label, st & 0177);
+			{
+				syserr("451 4.3.0 %s: died on signal %d",
+				       label, st & 0177);
+				return RIC_TEMPFAIL;
+			}
 
-			/* if we exited on a QUIT command, complete the process */
+			/* if exited on a QUIT command, complete the process */
 			if (WEXITSTATUS(st) == EX_QUIT)
 			{
 				disconnect(1, e);
@@ -1439,27 +2814,1300 @@ runinchild(label, e)
 			/* restore the child signal */
 			(void) releasesignal(SIGCHLD);
 
-			return (1);
+			return RIC_INPARENT;
 		}
 		else
 		{
 			/* child */
 			InChild = TRUE;
 			QuickAbort = FALSE;
+			clearstats();
 			clearenvelope(e, FALSE);
+			assign_queueid(e);
 			(void) setsignal(SIGCHLD, SIG_DFL);
 			(void) releasesignal(SIGCHLD);
 		}
 	}
-	return (0);
+	return RIC_INCHILD;
 }
 
-# endif /* SMTP */
+# if SASL
+
+/*
+**  SASLMECHS -- get list of possible AUTH mechanisms
+**
+**	Parameters:
+**		conn -- SASL connection info
+**		mechlist -- output parameter for list of mechanisms
+**
+**	Returns:
+**		number of mechs
+*/
+
+static int
+saslmechs(conn, mechlist)
+	sasl_conn_t *conn;
+	char **mechlist;
+{
+	int len, num, result;
+
+	/* "user" is currently unused */
+	result = sasl_listmech(conn, "user", /* XXX */
+			       "", " ", "", mechlist,
+			       (u_int *)&len, (u_int *)&num);
+	if (result == SASL_OK && num > 0)
+	{
+		if (LogLevel > 11)
+			sm_syslog(LOG_INFO, NOQID,
+				  "SASL: available mech=%s, allowed mech=%s",
+				  *mechlist, AuthMechanisms);
+		*mechlist = intersect(AuthMechanisms, *mechlist);
+	}
+	else
+	{
+		if (LogLevel > 9)
+			sm_syslog(LOG_WARNING, NOQID,
+				  "SASL error: listmech=%d, num=%d",
+				  result, num);
+	}
+	return num;
+}
+
+/*
+**  PROXY_POLICY -- define proxy policy for AUTH
+**
+**	Parameters:
+**		conntext -- unused
+**		auth_identity -- authentication identity
+**		requested_user -- authorization identity
+**		user -- allowed user (output)
+**		errstr -- possible error string (output)
+**
+**	Returns:
+**		ok?
+*/
+
+int
+proxy_policy(context, auth_identity, requested_user, user, errstr)
+	void *context;
+	const char *auth_identity;
+	const char *requested_user;
+	const char **user;
+	const char **errstr;
+{
+	if (user == NULL || auth_identity == NULL)
+		return SASL_FAIL;
+	*user = newstr(auth_identity);
+	return SASL_OK;
+}
+
+# endif /* SASL */
+
+# if STARTTLS
+#  if !TLS_NO_RSA
+RSA *rsa_tmp;	/* temporary RSA key */
+static RSA * tmp_rsa_key __P((SSL *, int, int));
+#  endif /* !TLS_NO_RSA */
+
+# if !NO_DH
+static DH *get_dh512 __P((void));
+
+static unsigned char dh512_p[] =
+{
+	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
+	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+	0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
+	0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+	0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
+	0x47,0x74,0xE8,0x33
+};
+static unsigned char dh512_g[] =
+{
+	0x02
+};
+
+static DH *
+get_dh512()
+{
+	DH *dh = NULL;
+
+	if ((dh = DH_new()) == NULL)
+		return(NULL);
+	dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+	dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+	if ((dh->p == NULL) || (dh->g == NULL))
+		return(NULL);
+	return(dh);
+}
+# endif /* !NO_DH */
+
+/*
+**  TLS_RAND_INIT -- initialize STARTTLS random generator
+**
+**	Parameters:
+**		randfile -- name of file with random data
+**		logl -- loglevel
+**
+**	Returns:
+**		None. (not yet, maybe it should return success/failure?)
+**
+**	Side Effects:
+**		initializes PRNG for tls library.
+*/
+
+#define MIN_RAND_BYTES	16	/* 128 bits */
+
+void
+tls_rand_init(randfile, logl)
+	char *randfile;
+	int logl;
+{
+#  ifndef HASURANDOMDEV
+	/* not required if /dev/urandom exists, OpenSSL does it internally */
+
+#define RF_OK		0	/* randfile OK */
+#define RF_MISS		1	/* randfile == NULL || *randfile == '\0' */
+#define RF_UNKNOWN	2	/* unknown prefix for randfile */
+
+	bool ok;
+	int randdef;
+
+	/*
+	**  initialize PRNG
+	*/
+
+	ok = FALSE;
+	randdef = (randfile == NULL || *randfile == '\0') ? RF_MISS : RF_OK;
+#   if EGD
+	if (randdef == RF_OK && strncasecmp(randfile, "egd:", 4) == 0)
+	{
+		randfile += 4;
+		if (RAND_egd(randfile) < 0)
+		{
+			sm_syslog(LOG_WARNING, NOQID,
+				  "TLS: RAND_egd(%s) failed: random number generator not seeded",
+				   randfile);
+		}
+		else
+			ok = TRUE;
+	}
+	else
+#   endif /* EGD */
+	if (randdef == RF_OK && strncasecmp(randfile, "file:", 5) == 0)
+	{
+		int fd;
+		long sff;
+		struct stat st;
+
+		randfile += 5;
+		sff = SFF_SAFEDIRPATH | SFF_NOWLINK
+		      | SFF_NOGWFILES | SFF_NOWWFILES
+		      | SFF_NOGRFILES | SFF_NOWRFILES
+		      | SFF_MUSTOWN | SFF_ROOTOK | SFF_OPENASROOT;
+		if ((fd = safeopen(randfile, O_RDONLY, 0, sff)) >= 0)
+		{
+			if (fstat(fd, &st) < 0)
+			{
+				if (LogLevel > logl)
+					sm_syslog(LOG_ERR, NOQID,
+						  "TLS: can't fstat(%s)",
+						  randfile);
+			}
+			else
+			{
+				bool use, problem;
+
+				use = TRUE;
+				problem = FALSE;
+				if (st.st_mtime + 600 < curtime())
+				{
+					use = bitnset(DBS_INSUFFICIENTENTROPY,
+						      DontBlameSendmail);
+					problem = TRUE;
+					if (LogLevel > logl)
+						sm_syslog(LOG_ERR, NOQID,
+							  "TLS: RandFile %s too old: %s",
+							  randfile,
+							  use ? "unsafe" :
+								"unusable");
+				}
+				if (use && st.st_size < MIN_RAND_BYTES)
+				{
+					use = bitnset(DBS_INSUFFICIENTENTROPY,
+						      DontBlameSendmail);
+					problem = TRUE;
+					if (LogLevel > logl)
+						sm_syslog(LOG_ERR, NOQID,
+							  "TLS: size(%s) < %d: %s",
+							  randfile,
+							  MIN_RAND_BYTES,
+							  use ? "unsafe" :
+								"unusable");
+				}
+				if (use)
+					ok = RAND_load_file(randfile, -1) >=
+					     MIN_RAND_BYTES;
+				if (use && !ok)
+				{
+					if (LogLevel > logl)
+						sm_syslog(LOG_WARNING,
+							  NOQID,
+							  "TLS: RAND_load_file(%s) failed: random number generator not seeded",
+							  randfile);
+				}
+				if (problem)
+					ok = FALSE;
+			}
+			if (ok || bitnset(DBS_INSUFFICIENTENTROPY,
+					  DontBlameSendmail))
+			{
+				/* add this even if fstat() failed */
+				RAND_seed((void *) &st, sizeof st);
+			}
+			(void) close(fd);
+		}
+		else
+		{
+			if (LogLevel > logl)
+				sm_syslog(LOG_WARNING, NOQID,
+					  "TLS: Warning: safeopen(%s) failed",
+					  randfile);
+		}
+	}
+	else if (randdef == RF_OK)
+	{
+		if (LogLevel > logl)
+			sm_syslog(LOG_WARNING, NOQID,
+				  "TLS: Error: no proper random file definition %s",
+				  randfile);
+		randdef = RF_UNKNOWN;
+	}
+	if (randdef == RF_MISS)
+	{
+		if (LogLevel > logl)
+			sm_syslog(LOG_WARNING, NOQID,
+				  "TLS: Error: missing random file definition");
+	}
+	if (!ok && bitnset(DBS_INSUFFICIENTENTROPY, DontBlameSendmail))
+	{
+		int i;
+		long r;
+		unsigned char buf[MIN_RAND_BYTES];
+
+		/* assert((MIN_RAND_BYTES % sizeof(long)) == 0); */
+		for (i = 0; i <= sizeof(buf) - sizeof(long); i += sizeof(long))
+		{
+			r = get_random();
+			(void) memcpy(buf + i, (void *) &r, sizeof(long));
+		}
+		RAND_seed(buf, sizeof buf);
+		if (LogLevel > logl)
+			sm_syslog(LOG_WARNING, NOQID,
+				  "TLS: Warning: random number generator not properly seeded");
+	}
+#  endif /* !HASURANDOMDEV */
+}
+
+/*
+**  status in initialization
+**  these flags keep track of the status of the initialization
+**  i.e., whether a file exists (_EX) and whether it can be used (_OK)
+**  [due to permissions]
+*/
+#define TLS_S_NONE	0x00000000	/* none yet  */
+#define TLS_S_CERT_EX	0x00000001	/* CERT file exists */
+#define TLS_S_CERT_OK	0x00000002	/* CERT file is ok */
+#define TLS_S_KEY_EX	0x00000004	/* KEY file exists */
+#define TLS_S_KEY_OK	0x00000008	/* KEY file is ok */
+#define TLS_S_CERTP_EX	0x00000010	/* CA CERT PATH exists */
+#define TLS_S_CERTP_OK	0x00000020	/* CA CERT PATH is ok */
+#define TLS_S_CERTF_EX	0x00000040	/* CA CERT FILE exists */
+#define TLS_S_CERTF_OK	0x00000080	/* CA CERT FILE is ok */
+
+# if _FFR_TLS_1
+#define TLS_S_CERT2_EX	0x00001000	/* 2nd CERT file exists */
+#define TLS_S_CERT2_OK	0x00002000	/* 2nd CERT file is ok */
+#define TLS_S_KEY2_EX	0x00004000	/* 2nd KEY file exists */
+#define TLS_S_KEY2_OK	0x00008000	/* 2nd KEY file is ok */
+# endif /* _FFR_TLS_1 */
+
+#define TLS_S_DH_OK	0x00200000	/* DH cert is ok */
+#define TLS_S_DHPAR_EX	0x00400000	/* DH param file exists */
+#define TLS_S_DHPAR_OK	0x00800000	/* DH param file is ok to use */
+
+/*
+**  TLS_OK_F -- can var be an absolute filename?
+**
+**	Parameters:
+**		var -- filename
+**		fn -- what is the filename used for?
+**
+**	Returns:
+**		ok?
+*/
+
+static bool
+tls_ok_f(var, fn)
+	char *var;
+	char *fn;
+{
+	/* must be absolute pathname */
+	if (var != NULL && *var == '/')
+		return TRUE;
+	if (LogLevel > 12)
+		sm_syslog(LOG_WARNING, NOQID, "TLS: file %s missing", fn);
+	return FALSE;
+}
+
+/*
+**  TLS_SAFE_F -- is a file safe to use?
+**
+**	Parameters:
+**		var -- filename
+**		sff -- flags for safefile()
+**
+**	Returns:
+**		ok?
+*/
+
+static bool
+tls_safe_f(var, sff)
+	char *var;
+	long sff;
+{
+	int ret;
+
+	if ((ret = safefile(var, RunAsUid, RunAsGid, RunAsUserName, sff,
+			    S_IRUSR, NULL)) == 0)
+		return TRUE;
+	if (LogLevel > 7)
+		sm_syslog(LOG_WARNING, NOQID, "TLS: file %s unsafe: %s",
+			  var, errstring(ret));
+	return FALSE;
+}
+
+/*
+**  TLS_OK_F -- macro to simplify calls to tls_ok_f
+**
+**	Parameters:
+**		var -- filename
+**		fn -- what is the filename used for?
+**		req -- is the file required?
+**		st -- status bit to set if ok
+**
+**	Side Effects:
+**		uses r, ok; may change ok and status.
+**
+*/
+
+#define TLS_OK_F(var, fn, req, st) if (ok) \
+	{ \
+		r = tls_ok_f(var, fn); \
+		if (r) \
+			status |= st; \
+		else if (req) \
+			ok = FALSE; \
+	}
+
+/*
+**  TLS_UNR -- macro to return whether a file should be unreadable
+**
+**	Parameters:
+**		bit -- flag to test
+**		req -- flags
+**
+**	Returns:
+**		0/SFF_NORFILES
+*/
+#define TLS_UNR(bit, req)	(bitset(bit, req) ? SFF_NORFILES : 0)
+
+/*
+**  TLS_SAFE_F -- macro to simplify calls to tls_safe_f
+**
+**	Parameters:
+**		var -- filename
+**		sff -- flags for safefile()
+**		req -- is the file required?
+**		ex -- does the file exist?
+**		st -- status bit to set if ok
+**
+**	Side Effects:
+**		uses r, ok, ex; may change ok and status.
+**
+*/
+
+#define TLS_SAFE_F(var, sff, req, ex, st) if (ex && ok) \
+	{ \
+		r = tls_safe_f(var, sff); \
+		if (r) \
+			status |= st;	\
+		else if (req) \
+			ok = FALSE;	\
+	}
+
+/*
+**  INITTLS -- initialize TLS
+**
+**	Parameters:
+**		ctx -- pointer to context
+**		req -- requirements for initialization (see sendmail.h)
+**		srv -- server side?
+**		certfile -- filename of certificate
+**		keyfile -- filename of private key
+**		cacertpath -- path to CAs
+**		cacertfile -- file with CA
+**		dhparam -- parameters for DH
+**
+**	Returns:
+**		succeeded?
+*/
+
+bool
+inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam)
+	SSL_CTX **ctx;
+	u_long req;
+	bool srv;
+	char *certfile, *keyfile, *cacertpath, *cacertfile, *dhparam;
+{
+# if !NO_DH
+	static DH *dh = NULL;
+# endif /* !NO_DH */
+	int r;
+	bool ok;
+	long sff, status;
+	char *who;
+# if _FFR_TLS_1
+	char *cf2, *kf2;
+# endif /* _FFR_TLS_1 */
+
+	status = TLS_S_NONE;
+	who = srv ? "srv" : "clt";
+	if (ctx == NULL)
+		syserr("TLS: %s:inittls: ctx == NULL", who);
+
+	/* already initialized? (we could re-init...) */
+	if (*ctx != NULL)
+		return TRUE;
+	ok = TRUE;
+
+# if _FFR_TLS_1
+	/*
+	**  look for a second filename: it must be separated by a ','
+	**  no blanks allowed (they won't be skipped).
+	**  we change a global variable here! this change will be undone
+	**  before return from the function but only if it returns TRUE.
+	**  this isn't a problem since in a failure case this function
+	**  won't be called again with the same (overwritten) values.
+	**  otherwise each return must be replaced with a goto endinittls.
+	*/
+	cf2 = NULL;
+	kf2 = NULL;
+	if (certfile != NULL && (cf2 = strchr(certfile, ',')) != NULL)
+	{
+		*cf2++ = '\0';
+		if (keyfile != NULL && (kf2 = strchr(keyfile, ',')) != NULL)
+			*kf2++ = '\0';
+	}
+# endif /* _FFR_TLS_1 */
+
+	/*
+	**  what do we require from the client?
+	**  must it have CERTs?
+	**  introduce an option and decide based on that
+	*/
+
+	TLS_OK_F(certfile, "CertFile", bitset(TLS_I_CERT_EX, req),
+		 TLS_S_CERT_EX);
+	TLS_OK_F(keyfile, "KeyFile", bitset(TLS_I_KEY_EX, req),
+		 TLS_S_KEY_EX);
+	TLS_OK_F(cacertpath, "CACERTPath", bitset(TLS_I_CERTP_EX, req),
+		 TLS_S_CERTP_EX);
+	TLS_OK_F(cacertfile, "CACERTFile", bitset(TLS_I_CERTF_EX, req),
+		 TLS_S_CERTF_EX);
+
+# if _FFR_TLS_1
+	if (cf2 != NULL)
+	{
+		TLS_OK_F(cf2, "CertFile", bitset(TLS_I_CERT_EX, req),
+			 TLS_S_CERT2_EX);
+	}
+	if (kf2 != NULL)
+	{
+		TLS_OK_F(kf2, "KeyFile", bitset(TLS_I_KEY_EX, req),
+			 TLS_S_KEY2_EX);
+	}
+# endif /* _FFR_TLS_1 */
+
+	/*
+	**  valid values for dhparam are (only the first char is checked)
+	**  none	no parameters: don't use DH
+	**  512		generate 512 bit parameters (fixed)
+	**  1024	generate 1024 bit parameters
+	**  /file/name	read parameters from /file/name
+	**  default is: 1024 for server, 512 for client (OK? XXX)
+	*/
+	if (bitset(TLS_I_TRY_DH, req))
+	{
+		if (dhparam != NULL)
+		{
+			char c = *dhparam;
+
+			if (c == '1')
+				req |= TLS_I_DH1024;
+			else if (c == '5')
+				req |= TLS_I_DH512;
+			else if (c != 'n' && c != 'N' && c != '/')
+			{
+				if (LogLevel > 12)
+					sm_syslog(LOG_WARNING, NOQID,
+						  "TLS: error: illegal value '%s' for DHParam",
+						  dhparam);
+				free(dhparam);
+				dhparam = NULL;
+			}
+		}
+		if (dhparam == NULL)
+			dhparam = srv ? newstr("1") : newstr("5");
+		else if (*dhparam == '/')
+		{
+			TLS_OK_F(dhparam, "DHParameters",
+				 bitset(TLS_I_DHPAR_EX, req),
+				 TLS_S_DHPAR_EX);
+		}
+	}
+	if (!ok)
+		return ok;
+
+	/* certfile etc. must be "safe". */
+	sff = SFF_REGONLY | SFF_SAFEDIRPATH | SFF_NOWLINK
+	     | SFF_NOGWFILES | SFF_NOWWFILES
+	     | SFF_MUSTOWN | SFF_ROOTOK | SFF_OPENASROOT;
+	if (DontLockReadFiles)
+		sff |= SFF_NOLOCK;
+
+	TLS_SAFE_F(certfile, sff | TLS_UNR(TLS_I_CERT_UNR, req),
+		   bitset(TLS_I_CERT_EX, req),
+		   bitset(TLS_S_CERT_EX, status), TLS_S_CERT_OK);
+	TLS_SAFE_F(keyfile, sff | TLS_UNR(TLS_I_KEY_UNR, req),
+		   bitset(TLS_I_KEY_EX, req),
+		   bitset(TLS_S_KEY_EX, status), TLS_S_KEY_OK);
+	TLS_SAFE_F(cacertfile, sff | TLS_UNR(TLS_I_CERTF_UNR, req),
+		   bitset(TLS_I_CERTF_EX, req),
+		   bitset(TLS_S_CERTF_EX, status), TLS_S_CERTF_OK);
+	TLS_SAFE_F(dhparam, sff | TLS_UNR(TLS_I_DHPAR_UNR, req),
+		   bitset(TLS_I_DHPAR_EX, req),
+		   bitset(TLS_S_DHPAR_EX, status), TLS_S_DHPAR_OK);
+	if (!ok)
+		return ok;
+# if _FFR_TLS_1
+	if (cf2 != NULL)
+	{
+		TLS_SAFE_F(cf2, sff | TLS_UNR(TLS_I_CERT_UNR, req),
+			   bitset(TLS_I_CERT_EX, req),
+			   bitset(TLS_S_CERT2_EX, status), TLS_S_CERT2_OK);
+	}
+	if (kf2 != NULL)
+	{
+		TLS_SAFE_F(kf2, sff | TLS_UNR(TLS_I_KEY_UNR, req),
+			   bitset(TLS_I_KEY_EX, req),
+			   bitset(TLS_S_KEY2_EX, status), TLS_S_KEY2_OK);
+	}
+# endif /* _FFR_TLS_1 */
+
+	/* create a method and a new context */
+	if (srv)
+	{
+		if ((*ctx = SSL_CTX_new(SSLv23_server_method())) == NULL)
+		{
+			if (LogLevel > 7)
+				sm_syslog(LOG_WARNING, NOQID,
+					  "TLS: error: SSL_CTX_new(SSLv23_server_method()) failed");
+			return FALSE;
+		}
+	}
+	else
+	{
+		if ((*ctx = SSL_CTX_new(SSLv23_client_method())) == NULL)
+		{
+			if (LogLevel > 7)
+				sm_syslog(LOG_WARNING, NOQID,
+					  "TLS: error: SSL_CTX_new(SSLv23_client_method()) failed");
+			return FALSE;
+		}
+	}
+
+#  if TLS_NO_RSA
+	/* turn off backward compatibility, required for no-rsa */
+	SSL_CTX_set_options(*ctx, SSL_OP_NO_SSLv2);
+#  endif /* TLS_NO_RSA */
+
+
+#  if !TLS_NO_RSA
+	/*
+	**  Create a temporary RSA key
+	**  XXX  Maybe we shouldn't create this always (even though it
+	**  is only at startup).
+	**  It is a time-consuming operation and it is not always necessary.
+	**  maybe we should do it only on demand...
+	*/
+	if (bitset(TLS_I_RSA_TMP, req) &&
+	    (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL,
+					NULL)) == NULL
+	   )
+	{
+		if (LogLevel > 7)
+		{
+			sm_syslog(LOG_WARNING, NOQID,
+				  "TLS: error: %s: RSA_generate_key failed",
+				  who);
+			if (LogLevel > 9)
+				tlslogerr();
+		}
+		return FALSE;
+	}
+#  endif /* !TLS_NO_RSA */
+
+	/*
+	**  load private key
+	**  XXX change this for DSA-only version
+	*/
+	if (bitset(TLS_S_KEY_OK, status) &&
+	    SSL_CTX_use_PrivateKey_file(*ctx, keyfile,
+					 SSL_FILETYPE_PEM) <= 0)
+	{
+		if (LogLevel > 7)
+		{
+			sm_syslog(LOG_WARNING, NOQID,
+				  "TLS: error: %s: SSL_CTX_use_PrivateKey_file(%s) failed",
+				  who, keyfile);
+			if (LogLevel > 9)
+				tlslogerr();
+		}
+		if (bitset(TLS_I_USE_KEY, req))
+			return FALSE;
+	}
+
+	/* get the certificate file */
+	if (bitset(TLS_S_CERT_OK, status) &&
+	    SSL_CTX_use_certificate_file(*ctx, certfile,
+					 SSL_FILETYPE_PEM) <= 0)
+	{
+		if (LogLevel > 7)
+		{
+			sm_syslog(LOG_WARNING, NOQID,
+				  "TLS: error: %s: SSL_CTX_use_certificate_file(%s) failed",
+				  who, certfile);
+			if (LogLevel > 9)
+				tlslogerr();
+		}
+		if (bitset(TLS_I_USE_CERT, req))
+			return FALSE;
+	}
+
+	/* check the private key */
+	if (bitset(TLS_S_KEY_OK, status) &&
+	    (r = SSL_CTX_check_private_key(*ctx)) <= 0)
+	{
+		/* Private key does not match the certificate public key */
+		if (LogLevel > 5)
+		{
+			sm_syslog(LOG_WARNING, NOQID,
+				  "TLS: error: %s: SSL_CTX_check_private_key failed(%s): %d",
+				  who, keyfile, r);
+			if (LogLevel > 9)
+				tlslogerr();
+		}
+		if (bitset(TLS_I_USE_KEY, req))
+			return FALSE;
+	}
+
+# if _FFR_TLS_1
+	/* XXX this code is pretty much duplicated from above! */
+
+	/* load private key */
+	if (bitset(TLS_S_KEY2_OK, status) &&
+	    SSL_CTX_use_PrivateKey_file(*ctx, kf2, SSL_FILETYPE_PEM) <= 0)
+	{
+		if (LogLevel > 7)
+		{
+			sm_syslog(LOG_WARNING, NOQID,
+				  "TLS: error: %s: SSL_CTX_use_PrivateKey_file(%s) failed",
+				  who, kf2);
+			if (LogLevel > 9)
+				tlslogerr();
+		}
+	}
+
+	/* get the certificate file */
+	if (bitset(TLS_S_CERT2_OK, status) &&
+	    SSL_CTX_use_certificate_file(*ctx, cf2, SSL_FILETYPE_PEM) <= 0)
+	{
+		if (LogLevel > 7)
+		{
+			sm_syslog(LOG_WARNING, NOQID,
+				  "TLS: error: %s: SSL_CTX_use_certificate_file(%s) failed",
+				  who, cf2);
+			if (LogLevel > 9)
+				tlslogerr();
+		}
+	}
+
+	/* we should also check the private key: */
+	if (bitset(TLS_S_KEY2_OK, status) &&
+	    (r = SSL_CTX_check_private_key(*ctx)) <= 0)
+	{
+		/* Private key does not match the certificate public key */
+		if (LogLevel > 5)
+		{
+			sm_syslog(LOG_WARNING, NOQID,
+				  "TLS: error: %s: SSL_CTX_check_private_key 2 failed: %d",
+				  who, r);
+			if (LogLevel > 9)
+				tlslogerr();
+		}
+	}
+# endif /* _FFR_TLS_1 */
+
+	/* SSL_CTX_set_quiet_shutdown(*ctx, 1); violation of standard? */
+	SSL_CTX_set_options(*ctx, SSL_OP_ALL);	/* XXX bug compatibility? */
+
+# if !NO_DH
+	/* Diffie-Hellman initialization */
+	if (bitset(TLS_I_TRY_DH, req))
+	{
+		if (bitset(TLS_S_DHPAR_OK, status))
+		{
+			BIO *bio;
+
+			if ((bio = BIO_new_file(dhparam, "r")) != NULL)
+			{
+				dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+				BIO_free(bio);
+				if (dh == NULL && LogLevel > 7)
+				{
+					u_long err;
+
+					err = ERR_get_error();
+					sm_syslog(LOG_WARNING, NOQID,
+						  "TLS: error: %s: cannot read DH parameters(%s): %s",
+						  who, dhparam,
+						  ERR_error_string(err, NULL));
+					if (LogLevel > 9)
+						tlslogerr();
+				}
+			}
+			else
+			{
+				if (LogLevel > 5)
+				{
+					sm_syslog(LOG_WARNING, NOQID,
+						  "TLS: error: %s: BIO_new_file(%s) failed",
+						  who, dhparam);
+					if (LogLevel > 9)
+						tlslogerr();
+				}
+			}
+		}
+		if (dh == NULL && bitset(TLS_I_DH1024, req))
+		{
+			DSA *dsa;
+
+			/* this takes a while! (7-130s on a 450MHz AMD K6-2) */
+			dsa = DSA_generate_parameters(1024, NULL, 0, NULL,
+						      NULL, 0, NULL);
+			dh = DSA_dup_DH(dsa);
+			DSA_free(dsa);
+		}
+		else
+		if (dh == NULL && bitset(TLS_I_DH512, req))
+			dh = get_dh512();
+
+		if (dh == NULL)
+		{
+			if (LogLevel > 9)
+			{
+				u_long err;
+
+				err = ERR_get_error();
+				sm_syslog(LOG_WARNING, NOQID,
+					  "TLS: error: %s: cannot read or set DH parameters(%s): %s",
+					  who, dhparam,
+					  ERR_error_string(err, NULL));
+			}
+			if (bitset(TLS_I_REQ_DH, req))
+				return FALSE;
+		}
+		else
+		{
+			SSL_CTX_set_tmp_dh(*ctx, dh);
+
+			/* important to avoid small subgroup attacks */
+			SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_DH_USE);
+			if (LogLevel > 12)
+				sm_syslog(LOG_INFO, NOQID,
+					  "TLS: %s: Diffie-Hellman init, key=%d bit (%c)",
+					  who, 8 * DH_size(dh), *dhparam);
+			DH_free(dh);
+		}
+	}
+# endif /* !NO_DH */
+
+
+	/* XXX do we need this cache here? */
+	if (bitset(TLS_I_CACHE, req))
+		SSL_CTX_sess_set_cache_size(*ctx, 128);
+	/* timeout? SSL_CTX_set_timeout(*ctx, TimeOut...); */
+
+	/* load certificate locations and default CA paths */
+	if (bitset(TLS_S_CERTP_EX, status) && bitset(TLS_S_CERTF_EX, status))
+	{
+		if ((r = SSL_CTX_load_verify_locations(*ctx, cacertfile,
+						       cacertpath)) == 1)
+		{
+#  if !TLS_NO_RSA
+			if (bitset(TLS_I_RSA_TMP, req))
+				SSL_CTX_set_tmp_rsa_callback(*ctx, tmp_rsa_key);
+#  endif /* !TLS_NO_RSA */
+
+			/* ask to verify the peer */
+			SSL_CTX_set_verify(*ctx, SSL_VERIFY_PEER, NULL);
+
+			/* install verify callback */
+			SSL_CTX_set_cert_verify_callback(*ctx, tls_verify_cb,
+							 NULL);
+			SSL_CTX_set_client_CA_list(*ctx,
+				SSL_load_client_CA_file(cacertfile));
+		}
+		else
+		{
+			/*
+			**  can't load CA data; do we care?
+			**  the data is necessary to authenticate the client,
+			**  which in turn would be necessary
+			**  if we want to allow relaying based on it.
+			*/
+			if (LogLevel > 5)
+			{
+				sm_syslog(LOG_WARNING, NOQID,
+					  "TLS: error: %s: %d load verify locs %s, %s",
+					  who, r, cacertpath, cacertfile);
+				if (LogLevel > 9)
+					tlslogerr();
+			}
+			if (bitset(TLS_I_VRFY_LOC, req))
+				return FALSE;
+		}
+	}
+
+	/* XXX: make this dependent on an option? */
+	if (tTd(96, 9))
+		SSL_CTX_set_info_callback(*ctx, apps_ssl_info_cb);
+
+#  if _FFR_TLS_1
+	/*
+	**  XXX install our own cipher list: option?
+	*/
+	if (CipherList != NULL && *CipherList != '\0')
+	{
+		if (SSL_CTX_set_cipher_list(*ctx, CipherList) <= 0)
+		{
+			if (LogLevel > 7)
+			{
+				sm_syslog(LOG_WARNING, NOQID,
+					  "TLS: error: %s: SSL_CTX_set_cipher_list(%s) failed, list ignored",
+					  who, CipherList);
+
+				if (LogLevel > 9)
+					tlslogerr();
+			}
+			/* failure if setting to this list is required? */
+		}
+	}
+#  endif /* _FFR_TLS_1 */
+	if (LogLevel > 12)
+		sm_syslog(LOG_INFO, NOQID, "TLS: init(%s)=%d", who, ok);
+
+# if _FFR_TLS_1
+#  if 0
+	/*
+	**  this label is required if we want to have a "clean" exit
+	**  see the comments above at the initialization of cf2
+	*/
+    endinittls:
+#  endif /* 0 */
+
+	/* undo damage to global variables */
+	if (cf2 != NULL)
+		*--cf2 = ',';
+	if (kf2 != NULL)
+		*--kf2 = ',';
+# endif /* _FFR_TLS_1 */
+
+	return ok;
+}
+/*
+**  INITSRVTLS -- initialize server side TLS
+**
+**	Parameters:
+**		none.
+**
+**	Returns:
+**		succeeded?
+*/
+
+bool
+initsrvtls()
+{
+
+	tls_ok = inittls(&srv_ctx, TLS_I_SRV, TRUE, SrvCERTfile, Srvkeyfile,
+			 CACERTpath, CACERTfile, DHParams);
+	return tls_ok;
+}
+/*
+**  TLS_GET_INFO -- get information about TLS connection
+**
+**	Parameters:
+**		ssl -- SSL connection structure
+**		e -- current envelope
+**		srv -- server or client
+**		host -- hostname of other side
+**
+**	Returns:
+**		result of authentication.
+**
+**	Side Effects:
+**		sets ${cipher}, ${tls_version}, ${verify}, ${cipher_bits},
+**		${cert}
+*/
+
+int
+tls_get_info(ssl, e, srv, host)
+	SSL *ssl;
+	ENVELOPE *e;
+	bool srv;
+	char *host;
+{
+	SSL_CIPHER *c;
+	int b, r;
+	char *s;
+	char bitstr[16];
+	X509 *cert;
+
+	c = SSL_get_current_cipher(ssl);
+	define(macid("{cipher}", NULL), newstr(SSL_CIPHER_get_name(c)), e);
+	b = SSL_CIPHER_get_bits(c, &r);
+	(void) snprintf(bitstr, sizeof bitstr, "%d", b);
+	define(macid("{cipher_bits}", NULL), newstr(bitstr), e);
+# if _FFR_TLS_1
+	(void) snprintf(bitstr, sizeof bitstr, "%d", r);
+	define(macid("{alg_bits}", NULL), newstr(bitstr), e);
+# endif /* _FFR_TLS_1 */
+	s = SSL_CIPHER_get_version(c);
+	if (s == NULL)
+		s = "UNKNOWN";
+	define(macid("{tls_version}", NULL), newstr(s), e);
+
+	cert = SSL_get_peer_certificate(ssl);
+	if (LogLevel >= 14)
+		sm_syslog(LOG_INFO, e->e_id,
+			  "TLS: get_verify in %s: %d get_peer: 0x%x",
+			  srv ? "srv" : "clt",
+			  SSL_get_verify_result(ssl), cert);
+	if (cert != NULL)
+	{
+		char buf[MAXNAME];
+
+		X509_NAME_oneline(X509_get_subject_name(cert),
+				  buf, sizeof buf);
+		define(macid("{cert_subject}", NULL),
+			       newstr(xtextify(buf, "<>\")")), e);
+		X509_NAME_oneline(X509_get_issuer_name(cert),
+				  buf, sizeof buf);
+		define(macid("{cert_issuer}", NULL),
+		       newstr(xtextify(buf, "<>\")")), e);
+# if _FFR_TLS_1
+		X509_NAME_get_text_by_NID(X509_get_subject_name(cert),
+					  NID_commonName, buf, sizeof buf);
+		define(macid("{cn_subject}", NULL),
+		       newstr(xtextify(buf, "<>\")")), e);
+		X509_NAME_get_text_by_NID(X509_get_issuer_name(cert),
+					  NID_commonName, buf, sizeof buf);
+		define(macid("{cn_issuer}", NULL),
+		       newstr(xtextify(buf, "<>\")")), e);
+# endif /* _FFR_TLS_1 */
+	}
+	else
+	{
+		define(macid("{cert_subject}", NULL), "", e);
+		define(macid("{cert_issuer}", NULL), "", e);
+# if _FFR_TLS_1
+		define(macid("{cn_subject}", NULL), "", e);
+		define(macid("{cn_issuer}", NULL), "", e);
+# endif /* _FFR_TLS_1 */
+	}
+	switch(SSL_get_verify_result(ssl))
+	{
+	  case X509_V_OK:
+		if (cert != NULL)
+		{
+			s = "OK";
+			r = TLS_AUTH_OK;
+		}
+		else
+		{
+			s = "NO";
+			r = TLS_AUTH_NO;
+		}
+		break;
+	  default:
+		s = "FAIL";
+		r = TLS_AUTH_FAIL;
+		break;
+	}
+	define(macid("{verify}", NULL), newstr(s), e);
+	if (cert != NULL)
+		X509_free(cert);
+
+	/* do some logging */
+	if (LogLevel > 9)
+	{
+		char *vers, *s1, *s2, *bits;
+
+		vers = macvalue(macid("{tls_version}", NULL), e);
+		bits = macvalue(macid("{cipher_bits}", NULL), e);
+		s1 = macvalue(macid("{verify}", NULL), e);
+		s2 = macvalue(macid("{cipher}", NULL), e);
+		sm_syslog(LOG_INFO, NOQID,
+			  "TLS: connection %s %.64s, version=%.16s, verify=%.16s, cipher=%.64s, bits=%.6s",
+			  srv ? "from" : "to",
+			  host == NULL ? "none" : host,
+			  vers == NULL ? "none" : vers,
+			  s1 == NULL ? "none" : s1,
+			  s2 == NULL ? "none" : s2,
+			  bits == NULL ? "0" : bits);
+		if (LogLevel > 11)
+		{
+			/*
+			**  maybe run xuntextify on the strings?
+			**  that is easier to read but makes it maybe a bit
+			**  more complicated to figure out the right values
+			**  for the access map...
+			*/
+			s1 = macvalue(macid("{cert_subject}", NULL), e);
+			s2 = macvalue(macid("{cert_issuer}", NULL), e);
+			sm_syslog(LOG_INFO, NOQID,
+				  "TLS: %s cert subject:%.128s, cert issuer=%.128s",
+				  srv ? "client" : "server",
+				  s1 == NULL ? "none" : s1,
+				  s2 == NULL ? "none" : s2);
+		}
+	}
+
+	return r;
+}
+
+# if !TLS_NO_RSA
+/*
+**  TMP_RSA_KEY -- return temporary RSA key
+**
+**	Parameters:
+**		s -- SSL connection structure
+**		export --
+**		keylength --
+**
+**	Returns:
+**		temporary RSA key.
+*/
+
+/* ARGUSED0 */
+static RSA *
+tmp_rsa_key(s, export, keylength)
+	SSL *s;
+	int export;
+	int keylength;
+{
+	return rsa_tmp;
+}
+# endif /* !TLS_NO_RSA */
+/*
+**  APPS_SSL_INFO_CB -- info callback for TLS connections
+**
+**	Parameters:
+**		s -- SSL connection structure
+**		where --
+**		ret --
+**
+**	Returns:
+**		none.
+*/
+
+void
+apps_ssl_info_cb(s, where, ret)
+	SSL *s;
+	int where;
+	int ret;
+{
+	char *str;
+	int w;
+	BIO *bio_err = NULL;
+
+	if (LogLevel > 14)
+		sm_syslog(LOG_INFO, NOQID,
+			  "info_callback where 0x%x ret %d", where, ret);
+
+	w = where & ~SSL_ST_MASK;
+	if (bio_err == NULL)
+		bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	if (w & SSL_ST_CONNECT)
+		str = "SSL_connect";
+	else if (w & SSL_ST_ACCEPT)
+		str = "SSL_accept";
+	else
+		str = "undefined";
+
+	if (where & SSL_CB_LOOP)
+	{
+		if (LogLevel > 12)
+			sm_syslog(LOG_NOTICE, NOQID,
+			"%s:%s\n", str, SSL_state_string_long(s));
+	}
+	else if (where & SSL_CB_ALERT)
+	{
+		str = (where & SSL_CB_READ) ? "read" : "write";
+		if (LogLevel > 12)
+			sm_syslog(LOG_NOTICE, NOQID,
+		"SSL3 alert %s:%s:%s\n",
+			   str, SSL_alert_type_string_long(ret),
+			   SSL_alert_desc_string_long(ret));
+	}
+	else if (where & SSL_CB_EXIT)
+	{
+		if (ret == 0)
+		{
+			if (LogLevel > 7)
+				sm_syslog(LOG_WARNING, NOQID,
+					"%s:failed in %s\n",
+					str, SSL_state_string_long(s));
+		}
+		else if (ret < 0)
+		{
+			if (LogLevel > 7)
+				sm_syslog(LOG_WARNING, NOQID,
+					"%s:error in %s\n",
+					str, SSL_state_string_long(s));
+		}
+	}
+}
+/*
+**  TLS_VERIFY_LOG -- log verify error for TLS certificates
+**
+**	Parameters:
+**		ok -- verify ok?
+**		ctx -- x509 context
+**
+**	Returns:
+**		0 -- fatal error
+**		1 -- ok
+*/
+
+static int
+tls_verify_log(ok, ctx)
+	int ok;
+	X509_STORE_CTX *ctx;
+{
+	SSL *ssl;
+	X509 *cert;
+	int reason, depth;
+	char buf[512];
+
+	cert = X509_STORE_CTX_get_current_cert(ctx);
+	reason = X509_STORE_CTX_get_error(ctx);
+	depth = X509_STORE_CTX_get_error_depth(ctx);
+	ssl = (SSL *)X509_STORE_CTX_get_ex_data(ctx,
+			SSL_get_ex_data_X509_STORE_CTX_idx());
+
+	if (ssl == NULL)
+	{
+		/* internal error */
+		sm_syslog(LOG_ERR, NOQID,
+			  "TLS: internal error: tls_verify_cb: ssl == NULL");
+		return 0;
+	}
+
+	X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof buf);
+	sm_syslog(LOG_INFO, NOQID,
+		  "TLS cert verify: depth=%d %s, state=%d, reason=%s\n",
+		  depth, buf, ok, X509_verify_cert_error_string(reason));
+	return 1;
+}
+
+/*
+**  TLS_VERIFY_CB -- verify callback for TLS certificates
+**
+**	Parameters:
+**		ctx -- x509 context
+**
+**	Returns:
+**		accept connection?
+**		currently: always yes.
+*/
+
+static int
+tls_verify_cb(ctx)
+	X509_STORE_CTX *ctx;
+{
+	int ok;
+
+	ok = X509_verify_cert(ctx);
+	if (ok == 0)
+	{
+		if (LogLevel > 13)
+			return tls_verify_log(ok, ctx);
+		return 1;	/* override it */
+	}
+	return ok;
+}
+
+
+/*
+**  TLSLOGERR -- log the errors from the TLS error stack
+**
+**	Parameters:
+**		none.
+**
+**	Returns:
+**		none.
+*/
+
+void
+tlslogerr()
+{
+	unsigned long l;
+	int line, flags;
+	unsigned long es;
+	char *file, *data;
+	char buf[256];
+#define CP (const char **)
+
+	es = CRYPTO_thread_id();
+	while ((l = ERR_get_error_line_data(CP &file, &line, CP &data, &flags))
+		!= 0)
+	{
+		sm_syslog(LOG_WARNING, NOQID,
+			 "TLS: %lu:%s:%s:%d:%s\n", es, ERR_error_string(l, buf),
+			 file, line, (flags & ERR_TXT_STRING) ? data : "");
+	}
+}
+
+# endif /* STARTTLS */
+#endif /* SMTP */
 /*
 **  HELP -- implement the HELP command.
 **
 **	Parameters:
 **		topic -- the topic we want help for.
+**		e -- envelope
 **
 **	Returns:
 **		none.
@@ -1467,21 +4115,28 @@ runinchild(label, e)
 **	Side Effects:
 **		outputs the help file to message output.
 */
+#define HELPVSTR	"#vers	"
+#define HELPVERSION	2
 
 void
-help(topic)
+help(topic, e)
 	char *topic;
+	ENVELOPE *e;
 {
 	register FILE *hf;
+	register char *p;
 	int len;
 	bool noinfo;
-	int sff = SFF_OPENASROOT|SFF_REGONLY;
+	bool first = TRUE;
+	long sff = SFF_OPENASROOT|SFF_REGONLY;
 	char buf[MAXLINE];
+	char inp[MAXLINE];
+	static int foundvers = -1;
 	extern char Version[];
 
 	if (DontLockReadFiles)
 		sff |= SFF_NOLOCK;
-	if (!bitset(DBS_HELPFILEINUNSAFEDIRPATH, DontBlameSendmail))    
+	if (!bitnset(DBS_HELPFILEINUNSAFEDIRPATH, DontBlameSendmail))
 		sff |= SFF_SAFEDIRPATH;
 
 	if (HelpFile == NULL ||
@@ -1489,14 +4144,14 @@ help(topic)
 	{
 		/* no help */
 		errno = 0;
-		message("502 Sendmail %s -- HELP not implemented", Version);
+		message("502 5.3.0 Sendmail %s -- HELP not implemented",
+			Version);
 		return;
 	}
 
 	if (topic == NULL || *topic == '\0')
 	{
 		topic = "smtp";
-		message("214-This is Sendmail version %s", Version);
 		noinfo = FALSE;
 	}
 	else
@@ -1509,24 +4164,61 @@ help(topic)
 
 	while (fgets(buf, sizeof buf, hf) != NULL)
 	{
+		if (buf[0] == '#')
+		{
+			if (foundvers < 0 &&
+			    strncmp(buf, HELPVSTR, strlen(HELPVSTR)) == 0)
+			{
+				int h;
+
+				if (sscanf(buf + strlen(HELPVSTR), "%d",
+					   &h) == 1)
+					foundvers = h;
+			}
+			continue;
+		}
 		if (strncmp(buf, topic, len) == 0)
 		{
-			register char *p;
+			if (first)
+			{
+				first = FALSE;
 
-			p = strchr(buf, '\t');
+				/* print version if no/old vers# in file */
+				if (foundvers < 2 && !noinfo)
+					message("214-2.0.0 This is Sendmail version %s", Version);
+			}
+			p = strpbrk(buf, " \t");
 			if (p == NULL)
-				p = buf;
+				p = buf + strlen(buf) - 1;
 			else
 				p++;
 			fixcrlf(p, TRUE);
-			message("214-%s", p);
+			if (foundvers >= 2)
+			{
+				translate_dollars(p);
+				expand(p, inp, sizeof inp, e);
+				p = inp;
+			}
+			message("214-2.0.0 %s", p);
 			noinfo = FALSE;
 		}
 	}
 
 	if (noinfo)
-		message("504 HELP topic \"%.10s\" unknown", topic);
+		message("504 5.3.0 HELP topic \"%.10s\" unknown", topic);
 	else
-		message("214 End of HELP info");
+		message("214 2.0.0 End of HELP info");
+
+	if (foundvers != 0 && foundvers < HELPVERSION)
+	{
+		if (LogLevel > 1)
+			sm_syslog(LOG_WARNING, e->e_id,
+				  "%s too old (require version %d)",
+				  HelpFile, HELPVERSION);
+
+		/* avoid log next time */
+		foundvers = 0;
+	}
+
 	(void) fclose(hf);
 }
diff --git a/contrib/sendmail/src/stab.c b/contrib/sendmail/src/stab.c
index 37b87a3..2177ae6 100644
--- a/contrib/sendmail/src/stab.c
+++ b/contrib/sendmail/src/stab.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,10 +12,10 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)stab.c	8.19 (Berkeley) 5/19/1998";
-#endif /* not lint */
+static char id[] = "@(#)$Id: stab.c,v 8.40.16.2 2000/06/05 21:46:59 gshapiro Exp $";
+#endif /* ! lint */
 
-# include "sendmail.h"
+#include <sendmail.h>
 
 /*
 **  STAB -- manage the symbol table
@@ -35,7 +36,7 @@ static char sccsid[] = "@(#)stab.c	8.19 (Berkeley) 5/19/1998";
 **		can update the symbol table.
 */
 
-# define STABSIZE	2003
+#define STABSIZE	2003
 
 static STAB	*SymTab[STABSIZE];
 
@@ -50,10 +51,9 @@ stab(name, type, op)
 	register int hfunc;
 	register char *p;
 	int len;
-	extern char lower __P((char));
 
 	if (tTd(36, 5))
-		printf("STAB: %s %d ", name, type);
+		dprintf("STAB: %s %d ", name, type);
 
 	/*
 	**  Compute the hashing function
@@ -64,7 +64,7 @@ stab(name, type, op)
 		hfunc = ((hfunc << 1) ^ (lower(*p) & 0377)) % STABSIZE;
 
 	if (tTd(36, 9))
-		printf("(hfunc=%d) ", hfunc);
+		dprintf("(hfunc=%d) ", hfunc);
 
 	ps = &SymTab[hfunc];
 	if (type == ST_MACRO || type == ST_RULESET)
@@ -89,16 +89,16 @@ stab(name, type, op)
 		if (tTd(36, 5))
 		{
 			if (s == NULL)
-				printf("not found\n");
+				dprintf("not found\n");
 			else
 			{
 				long *lp = (long *) s->s_class;
 
-				printf("type %d val %lx %lx %lx %lx\n",
+				dprintf("type %d val %lx %lx %lx %lx\n",
 					s->s_type, lp[0], lp[1], lp[2], lp[3]);
 			}
 		}
-		return (s);
+		return s;
 	}
 
 	/*
@@ -106,10 +106,9 @@ stab(name, type, op)
 	*/
 
 	if (tTd(36, 5))
-		printf("entered\n");
+		dprintf("entered\n");
 
 	/* determine size of new entry */
-#if _FFR_MEMORY_MISER
 	switch (type)
 	{
 	  case ST_CLASS:
@@ -122,6 +121,7 @@ stab(name, type, op)
 
 	  case ST_MAILER:
 		len = sizeof s->s_mailer;
+		break;
 
 	  case ST_ALIAS:
 		len = sizeof s->s_alias;
@@ -151,15 +151,35 @@ stab(name, type, op)
 		len = sizeof s->s_ruleset;
 		break;
 
+	  case ST_HEADER:
+		len = sizeof s->s_header;
+		break;
+
 	  case ST_SERVICE:
 		len = sizeof s->s_service;
 		break;
 
-	  case ST_HEADER:
-		len = sizeof s->s_header;
+#ifdef LDAPMAP
+	  case ST_LDAP:
+		len = sizeof s->s_ldap;
 		break;
+#endif /* LDAPMAP */
+
+#if _FFR_MILTER
+	  case ST_MILTER:
+		len = sizeof s->s_milter;
+		break;
+#endif /* _FFR_MILTER */
 
 	  default:
+		/*
+		**  Each mailer has it's own MCI stab entry:
+		**
+		**  s = stab(host, ST_MCI + m->m_mno, ST_ENTER);
+		**
+		**  Therefore, anything ST_MCI or larger is an s_mci.
+		*/
+
 		if (type >= ST_MCI)
 			len = sizeof s->s_mci;
 		else
@@ -170,13 +190,13 @@ stab(name, type, op)
 		break;
 	}
 	len += sizeof *s - sizeof s->s_value;
-#else
-	len = sizeof *s;
-#endif
+
+	if (tTd(36, 15))
+		dprintf("size of stab entry: %d\n", len);
 
 	/* make new entry */
 	s = (STAB *) xalloc(len);
-	bzero((char *) s, len);
+	memset((char *) s, '\0', len);
 	s->s_name = newstr(name);
 	s->s_type = type;
 	s->s_len = len;
@@ -184,7 +204,11 @@ stab(name, type, op)
 	/* link it in */
 	*ps = s;
 
-	return (s);
+	/* set a default value for rulesets */
+	if (type == ST_RULESET)
+		s->s_ruleset = -1;
+
+	return s;
 }
 /*
 **  STABAPPLY -- apply function to all stab entries
@@ -211,9 +235,104 @@ stabapply(func, arg)
 		for (s = *shead; s != NULL; s = s->s_next)
 		{
 			if (tTd(36, 90))
-				printf("stabapply: trying %d/%s\n",
+				dprintf("stabapply: trying %d/%s\n",
 					s->s_type, s->s_name);
 			func(s, arg);
 		}
 	}
 }
+/*
+**  QUEUEUP_MACROS -- queueup the macros in a class
+**
+**	Write the macros listed in the specified class into the
+**	file referenced by qfp.
+**
+**	Parameters:
+**		class -- class ID.
+**		qfp -- file pointer to the qf file.
+**		e -- the envelope.
+**
+**	Returns:
+**		none.
+*/
+
+void
+queueup_macros(class, qfp, e)
+	int class;
+	FILE *qfp;
+	ENVELOPE *e;
+{
+	register STAB **shead;
+	register STAB *s;
+
+	if (e == NULL)
+		return;
+
+	for (shead = SymTab; shead < &SymTab[STABSIZE]; shead++)
+	{
+		for (s = *shead; s != NULL; s = s->s_next)
+		{
+			int m;
+			char *p;
+
+			if (s->s_type == ST_CLASS &&
+			    bitnset(class & 0xff, s->s_class) &&
+			    (m = macid(s->s_name, NULL)) != '\0' &&
+			    (p = macvalue(m, e)) != NULL)
+			{
+				/*
+				**  HACK ALERT: Unfortunately, 8.10 and
+				**  8.11 reused the ${if_addr} and
+				**  ${if_family} macros for both the incoming
+				**  interface address/family (getrequests())
+				**  and the outgoing interface address/family
+				**  (makeconnection()).  In order for D_BINDIF
+				**  to work properly, have to preserve the
+				**  incoming information in the queue file for
+				**  later delivery attempts.  The original
+				**  information is stored in the envelope
+				**  in readqf() so it can be stored in
+				**  queueup_macros().  This should be fixed
+				**  in 8.12.
+				*/
+
+				if (e->e_if_macros[EIF_ADDR] != NULL &&
+				    strcmp(s->s_name, "{if_addr}") == 0)
+					p = e->e_if_macros[EIF_ADDR];
+
+				fprintf(qfp, "$%s%s\n",
+					s->s_name,
+					denlstring(p, TRUE, FALSE));
+			}
+		}
+	}
+}
+/*
+**  COPY_CLASS -- copy class members from one class to another
+**
+**	Parameters:
+**		src -- source class.
+**		dst -- destination class.
+**
+**	Returns:
+**		none.
+*/
+
+void
+copy_class(src, dst)
+	int src;
+	int dst;
+{
+	register STAB **shead;
+	register STAB *s;
+
+	for (shead = SymTab; shead < &SymTab[STABSIZE]; shead++)
+	{
+		for (s = *shead; s != NULL; s = s->s_next)
+		{
+			if (s->s_type == ST_CLASS &&
+			    bitnset(src & 0xff, s->s_class))
+				setbitn(dst, s->s_class);
+		}
+	}
+}
diff --git a/contrib/sendmail/src/stats.c b/contrib/sendmail/src/stats.c
index b1162ff..383cb37 100644
--- a/contrib/sendmail/src/stats.c
+++ b/contrib/sendmail/src/stats.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,20 +12,33 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)stats.c	8.22 (Berkeley) 5/19/1998";
-#endif /* not lint */
+static char id[] = "@(#)$Id: stats.c,v 8.36.14.2 2000/05/25 23:33:34 gshapiro Exp $";
+#endif /* ! lint */
 
-# include "sendmail.h"
-# include "mailstats.h"
+#include <sendmail.h>
+#include <sendmail/mailstats.h>
 
-struct statistics	Stat;
 
-bool	GotStats = FALSE;	/* set when we have stats to merge */
+static struct statistics	Stat;
 
+static bool	GotStats = FALSE;	/* set when we have stats to merge */
+
+/* See http://physics.nist.gov/cuu/Units/binary.html */
 #define ONE_K		1000		/* one thousand (twenty-four?) */
 #define KBYTES(x)	(((x) + (ONE_K - 1)) / ONE_K)
 /*
 **  MARKSTATS -- mark statistics
+**
+**	Parameters:
+**		e -- the envelope.
+**		to -- to address.
+**		reject -- whether this is a rejection.
+**
+**	Returns:
+**		none.
+**
+**	Side Effects:
+**		changes static Stat structure
 */
 
 void
@@ -33,7 +47,7 @@ markstats(e, to, reject)
 	register ADDRESS *to;
 	bool reject;
 {
-	if (reject == TRUE)
+	if (reject)
 	{
 		if (e->e_from.q_mailer != NULL)
 		{
@@ -42,9 +56,11 @@ markstats(e, to, reject)
 			else
 				Stat.stat_nr[e->e_from.q_mailer->m_mno]++;
 		}
+		Stat.stat_cr++;
 	}
 	else if (to == NULL)
 	{
+		Stat.stat_cf++;
 		if (e->e_from.q_mailer != NULL)
 		{
 			Stat.stat_nf[e->e_from.q_mailer->m_mno]++;
@@ -54,12 +70,35 @@ markstats(e, to, reject)
 	}
 	else
 	{
+		Stat.stat_ct++;
 		Stat.stat_nt[to->q_mailer->m_mno]++;
 		Stat.stat_bt[to->q_mailer->m_mno] += KBYTES(e->e_msgsize);
 	}
+
+
 	GotStats = TRUE;
 }
 /*
+**  CLEARSTATS -- clear statistics structure
+**
+**	Parameters:
+**		none.
+**
+**	Returns:
+**		none.
+**
+**	Side Effects:
+**		clears the Stat structure.
+*/
+
+void
+clearstats()
+{
+	/* clear the structure to avoid future disappointment */
+	memset(&Stat, '\0', sizeof Stat);
+	GotStats = FALSE;
+}
+/*
 **  POSTSTATS -- post statistics in the statistics file
 **
 **	Parameters:
@@ -77,8 +116,8 @@ poststats(sfile)
 	char *sfile;
 {
 	register int fd;
-	int sff = SFF_REGONLY|SFF_OPENASROOT;
-	struct statistics stat;
+	long sff = SFF_REGONLY|SFF_OPENASROOT;
+	struct statistics stats;
 	extern off_t lseek();
 
 	if (sfile == NULL || !GotStats)
@@ -89,9 +128,9 @@ poststats(sfile)
 	Stat.stat_magic = STAT_MAGIC;
 	Stat.stat_version = STAT_VERSION;
 
-	if (!bitset(DBS_WRITESTATSTOSYMLINK, DontBlameSendmail))
+	if (!bitnset(DBS_WRITESTATSTOSYMLINK, DontBlameSendmail))
 		sff |= SFF_NOSLINK;
-	if (!bitset(DBS_WRITESTATSTOHARDLINK, DontBlameSendmail))
+	if (!bitnset(DBS_WRITESTATSTOHARDLINK, DontBlameSendmail))
 		sff |= SFF_NOHLINK;
 
 	fd = safeopen(sfile, O_RDWR, 0644, sff);
@@ -103,33 +142,35 @@ poststats(sfile)
 		errno = 0;
 		return;
 	}
-	if (read(fd, (char *) &stat, sizeof stat) == sizeof stat &&
-	    stat.stat_size == sizeof stat &&
-	    stat.stat_magic == Stat.stat_magic &&
-	    stat.stat_version == Stat.stat_version)
+	if (read(fd, (char *) &stats, sizeof stats) == sizeof stats &&
+	    stats.stat_size == sizeof stats &&
+	    stats.stat_magic == Stat.stat_magic &&
+	    stats.stat_version == Stat.stat_version)
 	{
 		/* merge current statistics into statfile */
 		register int i;
 
 		for (i = 0; i < MAXMAILERS; i++)
 		{
-			stat.stat_nf[i] += Stat.stat_nf[i];
-			stat.stat_bf[i] += Stat.stat_bf[i];
-			stat.stat_nt[i] += Stat.stat_nt[i];
-			stat.stat_bt[i] += Stat.stat_bt[i];
-			stat.stat_nr[i] += Stat.stat_nr[i];
-			stat.stat_nd[i] += Stat.stat_nd[i];
+			stats.stat_nf[i] += Stat.stat_nf[i];
+			stats.stat_bf[i] += Stat.stat_bf[i];
+			stats.stat_nt[i] += Stat.stat_nt[i];
+			stats.stat_bt[i] += Stat.stat_bt[i];
+			stats.stat_nr[i] += Stat.stat_nr[i];
+			stats.stat_nd[i] += Stat.stat_nd[i];
 		}
+		stats.stat_cr += Stat.stat_cr;
+		stats.stat_ct += Stat.stat_ct;
+		stats.stat_cf += Stat.stat_cf;
 	}
 	else
-		bcopy((char *) &Stat, (char *) &stat, sizeof stat);
+		memmove((char *) &stats, (char *) &Stat, sizeof stats);
 
 	/* write out results */
 	(void) lseek(fd, (off_t) 0, 0);
-	(void) write(fd, (char *) &stat, sizeof stat);
+	(void) write(fd, (char *) &stats, sizeof stats);
 	(void) close(fd);
 
 	/* clear the structure to avoid future disappointment */
-	bzero(&Stat, sizeof stat);
-	GotStats = FALSE;
+	clearstats();
 }
diff --git a/contrib/sendmail/src/statusd_shm.h b/contrib/sendmail/src/statusd_shm.h
new file mode 100644
index 0000000..c48b2fd
--- /dev/null
+++ b/contrib/sendmail/src/statusd_shm.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ *	$Id: statusd_shm.h,v 8.4 1999/05/18 08:00:04 gshapiro Exp $
+ *
+ * Contributed by Exactis.com, Inc.
+ *
+ */
+
+/*
+** The shared memory part of statusd.
+**
+** Attach to STATUSD_SHM_KEY and update the counter appropriate
+** for your type of service.
+**
+*/
+
+#define STATUSD_MAGIC	110946
+#define STATUSD_SHM_KEY	(key_t)(13)
+#define STATUSD_LONGS	(2)
+
+typedef struct {
+	unsigned long	magic;
+	unsigned long	ul[STATUSD_LONGS];
+} STATUSD_SHM;
+
+/*
+**  Offsets into ul[]. The appropriate program
+**  increments these as appropriate.
+*/
+
+#define STATUSD_COOKIE		(0)	/* reregister cookie */
+
+/* sendmail */
+#define STATUSD_SM_NSENDMAIL	(1)	/* how many running */
+
+extern void	shmtick __P((int, int));
+
diff --git a/contrib/sendmail/src/sysexits.c b/contrib/sendmail/src/sysexits.c
index c7934c7..6cce614 100644
--- a/contrib/sendmail/src/sysexits.c
+++ b/contrib/sendmail/src/sysexits.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,10 +12,10 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)sysexits.c	8.13 (Berkeley) 5/24/1998";
-#endif /* not lint */
+static char id[] = "@(#)$Id: sysexits.c,v 8.25 1999/09/23 19:59:24 ca Exp $";
+#endif /* ! lint */
 
-#include "sendmail.h"
+#include <sendmail.h>
 
 /*
 **  SYSEXITS.C -- error messages corresponding to sysexits.h
@@ -25,24 +26,44 @@ static char sccsid[] = "@(#)sysexits.c	8.13 (Berkeley) 5/24/1998";
 
 char *SysExMsg[] =
 {
-	/* 64 USAGE */		" 500 Bad usage",
-	/* 65 DATAERR */	" 501 Data format error",
-	/* 66 NOINPUT */	":550 Cannot open input",
-	/* 67 NOUSER */		" 550 User unknown",
-	/* 68 NOHOST */		" 550 Host unknown",
-	/* 69 UNAVAILABLE */	" 554 Service unavailable",
-	/* 70 SOFTWARE */	":554 Internal error",
-	/* 71 OSERR */		":451 Operating system error",
-	/* 72 OSFILE */		":554 System file missing",
-	/* 73 CANTCREAT */	":550 Can't create output",
-	/* 74 IOERR */		":451 I/O error",
-	/* 75 TEMPFAIL */	" 250 Deferred",
-	/* 76 PROTOCOL */	" 554 Remote protocol error",
-	/* 77 NOPERM */		":550 Insufficient permission",
-	/* 78 CONFIG */		" 554 Local configuration error",
+	/* 64 USAGE */		" 500 5.0.0 Bad usage",
+	/* 65 DATAERR */	" 501 5.6.0 Data format error",
+	/* 66 NOINPUT */	":550 5.3.0 Cannot open input",
+	/* 67 NOUSER */		" 550 5.1.1 User unknown",
+	/* 68 NOHOST */		" 550 5.1.2 Host unknown",
+	/* 69 UNAVAILABLE */	" 554 5.0.0 Service unavailable",
+	/* 70 SOFTWARE */	":554 5.3.0 Internal error",
+	/* 71 OSERR */		":451 4.0.0 Operating system error",
+	/* 72 OSFILE */		":554 5.3.5 System file missing",
+	/* 73 CANTCREAT */	":550 5.0.0 Can't create output",
+	/* 74 IOERR */		":451 4.0.0 I/O error",
+	/* 75 TEMPFAIL */	" 450 4.0.0 Deferred",
+	/* 76 PROTOCOL */	" 554 5.5.0 Remote protocol error",
+	/* 77 NOPERM */		":550 5.0.0 Insufficient permission",
+	/* 78 CONFIG */		" 554 5.3.5 Local configuration error",
 };
 
 int N_SysEx = sizeof(SysExMsg) / sizeof(SysExMsg[0]);
+
+static char *SysExitMsg[] =
+{
+	"command line usage error",
+	"data format error",
+	"cannot open input",
+	"addressee unknown",
+	"host name unknown",
+	"service unavailable",
+	"internal software error",
+	"system error (e.g., can't fork)",
+	"critical OS file missing",
+	"can't create (user) output file",
+	"input/output error",
+	"temp failure; user is invited to retry",
+	"remote error in protocol",
+	"permission denied",
+	"configuration error"
+};
+
 /*
 **  DSNTOEXITSTAT -- convert DSN-style error code to EX_ style.
 **
@@ -111,7 +132,7 @@ dsntoexitstat(dsncode)
 		switch (code3)
 		{
 		  case 0:	/* Other or Undefined mailbox status */
-		  case 1:	/* Mailbox disabled, not acccepting messages */
+		  case 1:	/* Mailbox disabled, not accepting messages */
 		  case 2:	/* Mailbox full */
 		  case 4:	/* Mailing list expansion problem */
 			return EX_UNAVAILABLE;
@@ -160,3 +181,36 @@ dsntoexitstat(dsncode)
 	}
 	return EX_CONFIG;
 }
+
+/*
+**  EXITSTAT -- convert EX_ value to error text.
+**
+**	Parameters:
+**		excode -- rstatus which might consists of an EX_* value.
+**
+**	Returns:
+**		The corresponding error text or the original string.
+*/
+
+char *
+exitstat(excode)
+	char *excode;
+{
+	char *c;
+	int i;
+
+	if (excode == NULL || *excode == '\0')
+		return excode;
+	i = 0;
+	for (c = excode; *c != '\0'; c++)
+	{
+		if (isascii(*c) && isdigit(*c))
+			i = i * 10 + (*c - '0');
+		else
+			return excode;
+	}
+	i -= EX__BASE;
+	if (i >= 0 && i <= N_SysEx)
+		return SysExitMsg[i];
+	return excode;
+}
diff --git a/contrib/sendmail/src/timers.c b/contrib/sendmail/src/timers.c
new file mode 100644
index 0000000..74d0ccf
--- /dev/null
+++ b/contrib/sendmail/src/timers.c
@@ -0,0 +1,229 @@
+/*
+ * Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ * Contributed by Exactis.com, Inc.
+ *
+ */
+
+#ifndef lint
+static char id[] = "@(#)$Id: timers.c,v 8.13 1999/11/23 07:22:28 gshapiro Exp $";
+#endif /* ! lint */
+
+#if _FFR_TIMERS
+# include <sys/types.h>
+# include <sys/time.h>
+# include "sendmail.h"
+# include <sys/resource.h>	/* Must be after sendmail.h for NCR MP-RAS */
+
+static TIMER	BaseTimer;		/* current baseline */
+static int	NTimers;		/* current pointer into stack */
+static TIMER	*TimerStack[MAXTIMERSTACK];
+
+static void
+# ifdef __STDC__
+warntimer(const char *msg, ...)
+# else /* __STDC__ */
+warntimer(msg, va_alist)
+	const char *msg;
+	va_dcl
+# endif /* __STDC__ */
+{
+	char buf[MAXLINE];
+	VA_LOCAL_DECL
+
+# if 0
+	if (!tTd(98, 30))
+		return;
+# endif /* 0 */
+	VA_START(msg);
+	vsnprintf(buf, sizeof buf, msg, ap);
+	VA_END;
+	sm_syslog(LOG_NOTICE, CurEnv->e_id, "%s; e_timers=0x%lx",
+		  buf, (u_long) &CurEnv->e_timers);
+}
+
+static void
+zerotimer(ptimer)
+	TIMER *ptimer;
+{
+	memset(ptimer, '\0', sizeof *ptimer);
+}
+
+static void
+addtimer(ta, tb)
+	TIMER *ta;
+	TIMER *tb;
+{
+	tb->ti_wall_sec += ta->ti_wall_sec;
+	tb->ti_wall_usec += ta->ti_wall_usec;
+	if (tb->ti_wall_usec > 1000000)
+	{
+		tb->ti_wall_sec++;
+		tb->ti_wall_usec -= 1000000;
+	}
+	tb->ti_cpu_sec += ta->ti_cpu_sec;
+	tb->ti_cpu_usec += ta->ti_cpu_usec;
+	if (tb->ti_cpu_usec > 1000000)
+	{
+		tb->ti_cpu_sec++;
+		tb->ti_cpu_usec -= 1000000;
+	}
+}
+
+static void
+subtimer(ta, tb)
+	TIMER *ta;
+	TIMER *tb;
+{
+	tb->ti_wall_sec -= ta->ti_wall_sec;
+	tb->ti_wall_usec -= ta->ti_wall_usec;
+	if (tb->ti_wall_usec < 0)
+	{
+		tb->ti_wall_sec--;
+		tb->ti_wall_usec += 1000000;
+	}
+	tb->ti_cpu_sec -= ta->ti_cpu_sec;
+	tb->ti_cpu_usec -= ta->ti_cpu_usec;
+	if (tb->ti_cpu_usec < 0)
+	{
+		tb->ti_cpu_sec--;
+		tb->ti_cpu_usec += 1000000;
+	}
+}
+
+static int
+getcurtimer(ptimer)
+	TIMER *ptimer;
+{
+	struct rusage ru;
+	struct timeval now;
+
+	if (getrusage(RUSAGE_SELF, &ru) < 0 || gettimeofday(&now, NULL) < 0)
+		return -1;
+	ptimer->ti_wall_sec = now.tv_sec;
+	ptimer->ti_wall_usec = now.tv_usec;
+	ptimer->ti_cpu_sec = ru.ru_utime.tv_sec + ru.ru_stime.tv_sec;
+	ptimer->ti_cpu_usec = ru.ru_utime.tv_usec + ru.ru_stime.tv_usec;
+	if (ptimer->ti_cpu_usec > 1000000)
+	{
+		ptimer->ti_cpu_sec++;
+		ptimer->ti_cpu_usec -= 1000000;
+	}
+	return 0;
+}
+
+static void
+getinctimer(ptimer)
+	TIMER *ptimer;
+{
+	TIMER cur;
+
+	if (getcurtimer(&cur) < 0)
+	{
+		zerotimer(ptimer);
+		return;
+	}
+	if (BaseTimer.ti_wall_sec == 0)
+	{
+		/* first call */
+		memset(ptimer, '\0', sizeof *ptimer);
+	}
+	else
+	{
+		*ptimer = cur;
+		subtimer(&BaseTimer, ptimer);
+	}
+	BaseTimer = cur;
+}
+
+void
+flushtimers()
+{
+	NTimers = 0;
+	(void) getcurtimer(&BaseTimer);
+}
+
+void
+pushtimer(ptimer)
+	TIMER *ptimer;
+{
+	int i;
+	int save_errno = errno;
+	TIMER incr;
+
+	/* find how much time has changed since last call */
+	getinctimer(&incr);
+
+	/* add that into the old timers */
+	i = NTimers;
+	if (i > MAXTIMERSTACK)
+		i = MAXTIMERSTACK;
+	while (--i >= 0)
+	{
+		addtimer(&incr, TimerStack[i]);
+		if (TimerStack[i] == ptimer)
+		{
+			warntimer("Timer@0x%lx already on stack, index=%d, NTimers=%d",
+				  (u_long) ptimer, i, NTimers);
+			errno = save_errno;
+			return;
+		}
+	}
+	errno = save_errno;
+
+	/* handle stack overflow */
+	if (NTimers >= MAXTIMERSTACK)
+		return;
+
+	/* now add the timer to the stack */
+	TimerStack[NTimers++] = ptimer;
+}
+
+void
+poptimer(ptimer)
+	TIMER *ptimer;
+{
+	int i;
+	int save_errno = errno;
+	TIMER incr;
+
+	/* find how much time has changed since last call */
+	getinctimer(&incr);
+
+	/* add that into the old timers */
+	i = NTimers;
+	if (i > MAXTIMERSTACK)
+		i = MAXTIMERSTACK;
+	while (--i >= 0)
+		addtimer(&incr, TimerStack[i]);
+
+	/* pop back to this timer */
+	for (i = 0; i < NTimers; i++)
+		if (TimerStack[i] == ptimer)
+			break;
+	if (i != NTimers - 1)
+		warntimer("poptimer: odd pop (timer=0x%lx, index=%d, NTimers=%d)",
+			  (u_long) ptimer, i, NTimers);
+	NTimers = i;
+
+	/* clean up and return */
+	errno = save_errno;
+}
+
+char *
+strtimer(ptimer)
+	TIMER *ptimer;
+{
+	static char buf[40];
+
+	snprintf(buf, sizeof buf, "%ld.%06ldr/%ld.%06ldc",
+		ptimer->ti_wall_sec, ptimer->ti_wall_usec,
+		ptimer->ti_cpu_sec, ptimer->ti_cpu_usec);
+	return buf;
+}
+#endif /* _FFR_TIMERS */
diff --git a/contrib/sendmail/src/timers.h b/contrib/sendmail/src/timers.h
new file mode 100644
index 0000000..e86b6ec
--- /dev/null
+++ b/contrib/sendmail/src/timers.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ *	$Id: timers.h,v 8.4 1999/11/04 19:31:26 ca Exp $
+ *
+ * Contributed by Exactis.com, Inc.
+ *
+ */
+
+#ifndef TIMERS_H
+#define TIMERS_H 1
+
+#define MAXTIMERSTACK	20		/* maximum timer depth */
+
+#define TIMER	struct _timer
+
+TIMER
+{
+	long	ti_wall_sec;		/* wall clock seconds */
+	long	ti_wall_usec;		/* ... microseconds */
+	long	ti_cpu_sec;		/* cpu time seconds */
+	long	ti_cpu_usec;		/* ... microseconds */
+};
+
+extern void	pushtimer __P((TIMER *));
+extern void	poptimer __P((TIMER *));
+extern char	*strtimer __P((TIMER *));
+#endif /* TIMERS_H */
diff --git a/contrib/sendmail/src/trace.c b/contrib/sendmail/src/trace.c
index 5ab6032..f117598 100644
--- a/contrib/sendmail/src/trace.c
+++ b/contrib/sendmail/src/trace.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,10 +12,10 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)trace.c	8.12 (Berkeley) 5/19/1998";
-#endif /* not lint */
+static char id[] = "@(#)$Id: trace.c,v 8.20.22.1 2000/05/25 18:56:18 gshapiro Exp $";
+#endif /* ! lint */
 
-# include "sendmail.h"
+#include <sendmail.h>
 
 /*
 **  TtSETUP -- set up for trace package.
@@ -31,8 +32,8 @@ static char sccsid[] = "@(#)trace.c	8.12 (Berkeley) 5/19/1998";
 **		environment is set up.
 */
 
-u_char		*tTvect;
-int		tTsize;
+static u_char	*tTvect;
+static int	tTsize;
 static char	*DefFlags;
 
 void
@@ -62,7 +63,7 @@ void
 tTflag(s)
 	register char *s;
 {
-	unsigned int first, last;
+	int first, last;
 	register unsigned int i;
 
 	if (*s == '\0')
diff --git a/contrib/sendmail/src/udb.c b/contrib/sendmail/src/udb.c
index 96c6513..91d03f1 100644
--- a/contrib/sendmail/src/udb.c
+++ b/contrib/sendmail/src/udb.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -10,33 +11,31 @@
  *
  */
 
-#include "sendmail.h"
+#include <sendmail.h>
 
 #ifndef lint
-#if USERDB
-static char sccsid [] = "@(#)udb.c	8.71 (Berkeley) 1/17/1999 (with USERDB)";
-#else
-static char sccsid [] = "@(#)udb.c	8.71 (Berkeley) 1/17/1999 (without USERDB)";
-#endif
-#endif
+# if USERDB
+static char id[] = "@(#)$Id: udb.c,v 8.111 1999/11/16 02:04:04 gshapiro Exp $ (with USERDB)";
+# else /* USERDB */
+static char id[] = "@(#)$Id: udb.c,v 8.111 1999/11/16 02:04:04 gshapiro Exp $ (without USERDB)";
+# endif /* USERDB */
+#endif /* ! lint */
 
 #if USERDB
 
-#include <errno.h>
-
-#ifdef NEWDB
-# include <db.h>
-# ifndef DB_VERSION_MAJOR
-#  define DB_VERSION_MAJOR 1
-# endif
-#else
-# define DBT	struct _data_base_thang_
+# ifdef NEWDB
+#  include <db.h>
+#  ifndef DB_VERSION_MAJOR
+#   define DB_VERSION_MAJOR 1
+#  endif /* ! DB_VERSION_MAJOR */
+# else /* NEWDB */
+#  define DBT	struct _data_base_thang_
 DBT
 {
 	void	*data;		/* pointer to data */
 	size_t	size;		/* length of data */
 };
-#endif
+# endif /* NEWDB */
 
 /*
 **  UDB.C -- interface between sendmail and Berkeley User Data Base.
@@ -53,56 +52,61 @@ struct udbent
 	char	*udb_default;		/* default host for outgoing mail */
 	union
 	{
+# if NETINET || NETINET6
 		/* type UE_REMOTE -- do remote call for lookup */
 		struct
 		{
-			struct sockaddr_in _udb_addr;	/* address */
+			SOCKADDR	_udb_addr;	/* address */
 			int		_udb_timeout;	/* timeout */
 		} udb_remote;
-#define udb_addr	udb_u.udb_remote._udb_addr
-#define udb_timeout	udb_u.udb_remote._udb_timeout
+#  define udb_addr	udb_u.udb_remote._udb_addr
+#  define udb_timeout	udb_u.udb_remote._udb_timeout
+# endif /* NETINET || NETINET6 */
 
 		/* type UE_FORWARD -- forward message to remote */
 		struct
 		{
 			char	*_udb_fwdhost;	/* name of forward host */
 		} udb_forward;
-#define udb_fwdhost	udb_u.udb_forward._udb_fwdhost
+# define udb_fwdhost	udb_u.udb_forward._udb_fwdhost
 
-#ifdef NEWDB
+# ifdef NEWDB
 		/* type UE_FETCH -- lookup in local database */
 		struct
 		{
 			char	*_udb_dbname;	/* pathname of database */
 			DB	*_udb_dbp;	/* open database ptr */
 		} udb_lookup;
-#define udb_dbname	udb_u.udb_lookup._udb_dbname
-#define udb_dbp		udb_u.udb_lookup._udb_dbp
-#endif
+#  define udb_dbname	udb_u.udb_lookup._udb_dbname
+#  define udb_dbp	udb_u.udb_lookup._udb_dbp
+# endif /* NEWDB */
 	} udb_u;
 };
 
-#define UDB_EOLIST	0	/* end of list */
-#define UDB_SKIP	1	/* skip this entry */
-#define UDB_REMOTE	2	/* look up in remote database */
-#define UDB_DBFETCH	3	/* look up in local database */
-#define UDB_FORWARD	4	/* forward to remote host */
-#define UDB_HESIOD	5	/* look up via hesiod */
+# define UDB_EOLIST	0	/* end of list */
+# define UDB_SKIP	1	/* skip this entry */
+# define UDB_REMOTE	2	/* look up in remote database */
+# define UDB_DBFETCH	3	/* look up in local database */
+# define UDB_FORWARD	4	/* forward to remote host */
+# define UDB_HESIOD	5	/* look up via hesiod */
 
-#define MAXUDBENT	10	/* maximum number of UDB entries */
+# define MAXUDBENT	10	/* maximum number of UDB entries */
 
 
 struct udb_option
 {
-	char	*name;
-	char	*val;
+	char	*udbo_name;
+	char	*udbo_val;
 };
 
-#ifdef HESIOD
-extern int hes_udb_get __P((DBT *, DBT *));
-#endif
-extern int _udbx_init __P((ENVELOPE *));
-/*
+# ifdef HESIOD
+static int	hes_udb_get __P((DBT *, DBT *));
+# endif /* HESIOD */
+static char	*udbmatch __P((char *, char *));
+static int	_udbx_init __P((ENVELOPE *));
+static int	_udb_parsespec __P((char *, struct udb_option [], int));
+
+/*
 **  UDBEXPAND -- look up user in database and expand
 **
 **	Parameters:
@@ -120,12 +124,8 @@ extern int _udbx_init __P((ENVELOPE *));
 **		Modifies sendq.
 */
 
-int	UdbPort = 1616;
-int	UdbTimeout = 10;
-
-struct udbent	UdbEnts[MAXUDBENT + 1];
-int		UdbSock = -1;
-bool		UdbInitialized = FALSE;
+static struct udbent	UdbEnts[MAXUDBENT + 1];
+static bool		UdbInitialized = FALSE;
 
 int
 udbexpand(a, sendq, aliaslevel, e)
@@ -144,14 +144,14 @@ udbexpand(a, sendq, aliaslevel, e)
 	char *user;
 	char keybuf[MAXKEY];
 
-	bzero(&key, sizeof key);
-	bzero(&info, sizeof info);
+	memset(&key, '\0', sizeof key);
+	memset(&info, '\0', sizeof info);
 
 	if (tTd(28, 1))
-		printf("udbexpand(%s)\n", a->q_paddr);
+		dprintf("udbexpand(%s)\n", a->q_paddr);
 
 	/* make certain we are supposed to send to this address */
-	if (bitset(QDONTSEND|QVERIFIED, a->q_flags))
+	if (!QS_IS_SENDABLE(a->q_state))
 		return EX_OK;
 	e->e_to = a->q_paddr;
 
@@ -183,23 +183,22 @@ udbexpand(a, sendq, aliaslevel, e)
 		return EX_OK;
 
 	/* build actual database key */
-	(void) strcpy(keybuf, user);
-	(void) strcat(keybuf, ":maildrop");
+	(void) strlcpy(keybuf, user, sizeof keybuf);
+	(void) strlcat(keybuf, ":maildrop", sizeof keybuf);
 	keylen = strlen(keybuf);
 
 	breakout = FALSE;
 	for (up = UdbEnts; !breakout; up++)
 	{
-		char *user;
 		int usersize;
 		int userleft;
 		char userbuf[MEMCHUNKSIZE];
-#if defined(HESIOD) && defined(HES_GETMAILHOST)
+# if defined(HESIOD) && defined(HES_GETMAILHOST)
 		char pobuf[MAXNAME];
-#endif
-#if defined(NEWDB) && DB_VERSION_MAJOR > 1
+# endif /* defined(HESIOD) && defined(HES_GETMAILHOST) */
+# if defined(NEWDB) && DB_VERSION_MAJOR > 1
 		DBC *dbc = NULL;
-#endif
+# endif /* defined(NEWDB) && DB_VERSION_MAJOR > 1 */
 
 		user = userbuf;
 		userbuf[0] = '\0';
@@ -216,66 +215,66 @@ udbexpand(a, sendq, aliaslevel, e)
 
 		switch (up->udb_type)
 		{
-#ifdef NEWDB
+# ifdef NEWDB
 		  case UDB_DBFETCH:
 			key.data = keybuf;
 			key.size = keylen;
 			if (tTd(28, 80))
-				printf("udbexpand: trying %s (%d) via db\n",
+				dprintf("udbexpand: trying %s (%d) via db\n",
 					keybuf, keylen);
-#if DB_VERSION_MAJOR < 2
+#  if DB_VERSION_MAJOR < 2
 			i = (*up->udb_dbp->seq)(up->udb_dbp, &key, &info, R_CURSOR);
-#else
+#  else /* DB_VERSION_MAJOR < 2 */
 			i = 0;
 			if (dbc == NULL &&
-# if DB_VERSION_MAJOR > 2 || DB_VERSION_MINOR >=6
+#   if DB_VERSION_MAJOR > 2 || DB_VERSION_MINOR >= 6
 			    (errno = (*up->udb_dbp->cursor)(up->udb_dbp,
 							    NULL, &dbc, 0)) != 0)
-# else
+#   else /* DB_VERSION_MAJOR > 2 || DB_VERSION_MINOR >= 6 */
 			    (errno = (*up->udb_dbp->cursor)(up->udb_dbp,
 							    NULL, &dbc)) != 0)
-# endif
+#   endif /* DB_VERSION_MAJOR > 2 || DB_VERSION_MINOR >= 6 */
 				i = -1;
 			if (i != 0 || dbc == NULL ||
 			    (errno = dbc->c_get(dbc, &key,
 						&info, DB_SET)) != 0)
 				i = 1;
-#endif
+#  endif /* DB_VERSION_MAJOR < 2 */
 			if (i > 0 || info.size <= 0)
 			{
 				if (tTd(28, 2))
-					printf("udbexpand: no match on %s (%d)\n",
+					dprintf("udbexpand: no match on %s (%d)\n",
 						keybuf, keylen);
-#if DB_VERSION_MAJOR > 1
-				if (dbc != NULL) 
+#  if DB_VERSION_MAJOR > 1
+				if (dbc != NULL)
 				{
 					(void) dbc->c_close(dbc);
 					dbc = NULL;
 				}
-#endif
+#  endif /* DB_VERSION_MAJOR > 1 */
 				break;
 			}
 			if (tTd(28, 80))
-				printf("udbexpand: match %.*s: %.*s\n",
+				dprintf("udbexpand: match %.*s: %.*s\n",
 					(int) key.size, (char *) key.data,
 					(int) info.size, (char *) info.data);
 
 			a->q_flags &= ~QSELFREF;
 			while (i == 0 && key.size == keylen &&
-					bcmp(key.data, keybuf, keylen) == 0)
+			       memcmp(key.data, keybuf, keylen) == 0)
 			{
 				char *p;
 
 				if (bitset(EF_VRFYONLY, e->e_flags))
 				{
-					a->q_flags |= QVERIFIED;
-#if DB_VERSION_MAJOR > 1
+					a->q_state = QS_VERIFIED;
+#  if DB_VERSION_MAJOR > 1
 					if (dbc != NULL)
 					{
 						(void) dbc->c_close(dbc);
 						dbc = NULL;
 					}
-#endif
+#  endif /* DB_VERSION_MAJOR > 1 */
 					return EX_OK;
 				}
 
@@ -289,7 +288,7 @@ udbexpand(a, sendq, aliaslevel, e)
 						size = info.size;
 					nuser = xalloc(usersize + size);
 
-					bcopy(user, nuser, usersize);
+					memmove(nuser, user, usersize);
 					if (user != userbuf)
 						free(user);
 					user = nuser;
@@ -302,48 +301,48 @@ udbexpand(a, sendq, aliaslevel, e)
 					*p++ = ',';
 					userleft--;
 				}
-				bcopy(info.data, p, info.size);
+				memmove(p, info.data, info.size);
 				p[info.size] = '\0';
 				userleft -= info.size;
 
 				/* get the next record */
-#if DB_VERSION_MAJOR < 2
+#  if DB_VERSION_MAJOR < 2
 				i = (*up->udb_dbp->seq)(up->udb_dbp, &key, &info, R_NEXT);
-#else
+#  else /* DB_VERSION_MAJOR < 2 */
 				i = 0;
 				if ((errno = dbc->c_get(dbc, &key,
 							&info, DB_NEXT)) != 0)
 					i = 1;
-#endif
+#  endif /* DB_VERSION_MAJOR < 2 */
 			}
 
-#if DB_VERSION_MAJOR > 1
+#  if DB_VERSION_MAJOR > 1
 			if (dbc != NULL)
 			{
 				(void) dbc->c_close(dbc);
 				dbc = NULL;
 			}
-#endif
+#  endif /* DB_VERSION_MAJOR > 1 */
 
 			/* if nothing ever matched, try next database */
 			if (!breakout)
 				break;
 
 			message("expanded to %s", user);
-			if (LogLevel >= 10)
+			if (LogLevel > 10)
 				sm_syslog(LOG_INFO, e->e_id,
-					"expand %.100s => %s",
-					e->e_to,
-					shortenstring(user, MAXSHORTSTR));
+					  "expand %.100s => %s",
+					  e->e_to,
+					  shortenstring(user, MAXSHORTSTR));
 			naddrs = sendtolist(user, a, sendq, aliaslevel + 1, e);
 			if (naddrs > 0 && !bitset(QSELFREF, a->q_flags))
 			{
 				if (tTd(28, 5))
 				{
-					printf("udbexpand: QDONTSEND ");
+					dprintf("udbexpand: QS_EXPANDED ");
 					printaddr(a, FALSE);
 				}
-				a->q_flags |= QDONTSEND;
+				a->q_state = QS_EXPANDED;
 			}
 			if (i < 0)
 			{
@@ -357,24 +356,24 @@ udbexpand(a, sendq, aliaslevel, e)
 			**  it into the envelope.
 			*/
 
-			bzero(&key, sizeof key);
-			bzero(&info, sizeof info);
-			(void) strcpy(keybuf, a->q_user);
-			(void) strcat(keybuf, ":mailsender");
+			memset(&key, '\0', sizeof key);
+			memset(&info, '\0', sizeof info);
+			(void) strlcpy(keybuf, a->q_user, sizeof keybuf);
+			(void) strlcat(keybuf, ":mailsender", sizeof keybuf);
 			keylen = strlen(keybuf);
 			key.data = keybuf;
 			key.size = keylen;
 
-#if DB_VERSION_MAJOR < 2
+#  if DB_VERSION_MAJOR < 2
 			i = (*up->udb_dbp->get)(up->udb_dbp, &key, &info, 0);
-#else
+#  else /* DB_VERSION_MAJOR < 2 */
 			i = errno = (*up->udb_dbp->get)(up->udb_dbp, NULL,
 							&key, &info, 0);
-#endif
+#  endif /* DB_VERSION_MAJOR < 2 */
 			if (i != 0 || info.size <= 0)
 				break;
 			a->q_owner = xalloc(info.size + 1);
-			bcopy(info.data, a->q_owner, info.size);
+			memmove(a->q_owner, info.data, info.size);
 			a->q_owner[info.size] = '\0';
 
 			/* announce delivery; NORECEIPT bit set later */
@@ -387,14 +386,14 @@ udbexpand(a, sendq, aliaslevel, e)
 			e->e_flags |= EF_SENDRECEIPT;
 			a->q_flags |= QDELIVERED|QEXPANDED;
 			break;
-#endif
+# endif /* NEWDB */
 
-#ifdef HESIOD
+# ifdef HESIOD
 		  case UDB_HESIOD:
 			key.data = keybuf;
 			key.size = keylen;
 			if (tTd(28, 80))
-				printf("udbexpand: trying %s (%d) via hesiod\n",
+				dprintf("udbexpand: trying %s (%d) via hesiod\n",
 					keybuf, keylen);
 			/* look up the key via hesiod */
 			i = hes_udb_get(&key, &info);
@@ -406,16 +405,16 @@ udbexpand(a, sendq, aliaslevel, e)
 			}
 			else if (i > 0 || info.size <= 0)
 			{
-#if HES_GETMAILHOST
+#  if HES_GETMAILHOST
 				struct hes_postoffice *hp;
-#endif
+#  endif /* HES_GETMAILHOST */
 
 				if (tTd(28, 2))
-					printf("udbexpand: no match on %s (%d)\n",
+					dprintf("udbexpand: no match on %s (%d)\n",
 						(char *) keybuf, (int) keylen);
-#if HES_GETMAILHOST
+#  if HES_GETMAILHOST
 				if (tTd(28, 8))
-					printf("  ... trying hes_getmailhost(%s)\n",
+					dprintf("  ... trying hes_getmailhost(%s)\n",
 						a->q_user);
 				hp = hes_getmailhost(a->q_user);
 				if (hp == NULL)
@@ -427,7 +426,7 @@ udbexpand(a, sendq, aliaslevel, e)
 						return EX_TEMPFAIL;
 					}
 					if (tTd(28, 2))
-						printf("hes_getmailhost(%s): %d\n",
+						dprintf("hes_getmailhost(%s): %d\n",
 							a->q_user, hes_error());
 					break;
 				}
@@ -435,7 +434,7 @@ udbexpand(a, sendq, aliaslevel, e)
 				    sizeof pobuf - 2)
 				{
 					if (tTd(28, 2))
-						printf("hes_getmailhost(%s): expansion too long: %.30s@%.30s\n",
+						dprintf("hes_getmailhost(%s): expansion too long: %.30s@%.30s\n",
 							a->q_user,
 							hp->po_name,
 							hp->po_host);
@@ -445,44 +444,44 @@ udbexpand(a, sendq, aliaslevel, e)
 				snprintf(pobuf, sizeof pobuf, "%s@%s",
 					hp->po_name, hp->po_host);
 				info.size = strlen(info.data);
-#else
+#  else /* HES_GETMAILHOST */
 				break;
-#endif
+#  endif /* HES_GETMAILHOST */
 			}
 			if (tTd(28, 80))
-				printf("udbexpand: match %.*s: %.*s\n",
+				dprintf("udbexpand: match %.*s: %.*s\n",
 					(int) key.size, (char *) key.data,
 					(int) info.size, (char *) info.data);
 			a->q_flags &= ~QSELFREF;
 
 			if (bitset(EF_VRFYONLY, e->e_flags))
 			{
-				a->q_flags |= QVERIFIED;
+				a->q_state = QS_VERIFIED;
 				return EX_OK;
 			}
 
 			breakout = TRUE;
 			if (info.size >= usersize)
 				user = xalloc(info.size + 1);
-			bcopy(info.data, user, info.size);
+			memmove(user, info.data, info.size);
 			user[info.size] = '\0';
 
 			message("hesioded to %s", user);
-			if (LogLevel >= 10)
+			if (LogLevel > 10)
 				sm_syslog(LOG_INFO, e->e_id,
-					"hesiod %.100s => %s",
-					e->e_to,
-					shortenstring(user, MAXSHORTSTR));
+					  "hesiod %.100s => %s",
+					  e->e_to,
+					  shortenstring(user, MAXSHORTSTR));
 			naddrs = sendtolist(user, a, sendq, aliaslevel + 1, e);
 
 			if (naddrs > 0 && !bitset(QSELFREF, a->q_flags))
 			{
 				if (tTd(28, 5))
 				{
-					printf("udbexpand: QDONTSEND ");
+					dprintf("udbexpand: QS_EXPANDED ");
 					printaddr(a, FALSE);
 				}
-				a->q_flags |= QDONTSEND;
+				a->q_state = QS_EXPANDED;
 			}
 
 			/*
@@ -490,8 +489,8 @@ udbexpand(a, sendq, aliaslevel, e)
 			**  it into the envelope.
 			*/
 
-			(void) strcpy(keybuf, a->q_user);
-			(void) strcat(keybuf, ":mailsender");
+			(void) strlcpy(keybuf, a->q_user, sizeof keybuf);
+			(void) strlcat(keybuf, ":mailsender", sizeof keybuf);
 			keylen = strlen(keybuf);
 			key.data = keybuf;
 			key.size = keylen;
@@ -499,10 +498,10 @@ udbexpand(a, sendq, aliaslevel, e)
 			if (i != 0 || info.size <= 0)
 				break;
 			a->q_owner = xalloc(info.size + 1);
-			bcopy(info.data, a->q_owner, info.size);
+			memmove(a->q_owner, info.data, info.size);
 			a->q_owner[info.size] = '\0';
 			break;
-#endif /* HESIOD */
+# endif /* HESIOD */
 
 		  case UDB_REMOTE:
 			/* not yet implemented */
@@ -510,7 +509,10 @@ udbexpand(a, sendq, aliaslevel, e)
 
 		  case UDB_FORWARD:
 			if (bitset(EF_VRFYONLY, e->e_flags))
+			{
+				a->q_state = QS_VERIFIED;
 				return EX_OK;
+			}
 			i = strlen(up->udb_fwdhost) + strlen(a->q_user) + 1;
 			if (i >= usersize)
 			{
@@ -518,7 +520,7 @@ udbexpand(a, sendq, aliaslevel, e)
 				user = xalloc(usersize);
 			}
 			(void) snprintf(user, usersize, "%s@%s",
-				a->q_user, up->udb_fwdhost);
+					a->q_user, up->udb_fwdhost);
 			message("expanded to %s", user);
 			a->q_flags &= ~QSELFREF;
 			naddrs = sendtolist(user, a, sendq, aliaslevel + 1, e);
@@ -526,10 +528,10 @@ udbexpand(a, sendq, aliaslevel, e)
 			{
 				if (tTd(28, 5))
 				{
-					printf("udbexpand: QDONTSEND ");
+					dprintf("udbexpand: QS_EXPANDED ");
 					printaddr(a, FALSE);
 				}
-				a->q_flags |= QDONTSEND;
+				a->q_state = QS_EXPANDED;
 			}
 			breakout = TRUE;
 			break;
@@ -566,13 +568,25 @@ char *
 udbsender(sender)
 	char *sender;
 {
-	extern char *udbmatch __P((char *, char *));
-
 	return udbmatch(sender, "mailname");
 }
+/*
+**  UDBMATCH -- match user in field, return result of lookup.
+**
+**	Parameters:
+**		user -- the name of the user.
+**		field -- the field to lookup.
+**
+**	Returns:
+**		The external name for this sender, if derivable from the
+**			database.
+**		NULL -- if nothing is changed from the database.
+**
+**	Side Effects:
+**		none.
+*/
 
-
-char *
+static char *
 udbmatch(user, field)
 	char *user;
 	char *field;
@@ -585,7 +599,7 @@ udbmatch(user, field)
 	char keybuf[MAXKEY];
 
 	if (tTd(28, 1))
-		printf("udbmatch(%s, %s)\n", user, field);
+		dprintf("udbmatch(%s, %s)\n", user, field);
 
 	if (!UdbInitialized)
 	{
@@ -613,9 +627,7 @@ udbmatch(user, field)
 		return NULL;
 
 	/* build database key */
-	(void) strcpy(keybuf, user);
-	(void) strcat(keybuf, ":");
-	(void) strcat(keybuf, field);
+	(void) snprintf(keybuf, sizeof keybuf, "%s:%s", user, field);
 	keylen = strlen(keybuf);
 
 	for (up = UdbEnts; up->udb_type != UDB_EOLIST; up++)
@@ -626,54 +638,54 @@ udbmatch(user, field)
 
 		switch (up->udb_type)
 		{
-#ifdef NEWDB
+# ifdef NEWDB
 		  case UDB_DBFETCH:
-			bzero(&key, sizeof key);
-			bzero(&info, sizeof info);
+			memset(&key, '\0', sizeof key);
+			memset(&info, '\0', sizeof info);
 			key.data = keybuf;
 			key.size = keylen;
-#if DB_VERSION_MAJOR < 2
+#  if DB_VERSION_MAJOR < 2
 			i = (*up->udb_dbp->get)(up->udb_dbp, &key, &info, 0);
-#else
+#  else /* DB_VERSION_MAJOR < 2 */
 			i = errno = (*up->udb_dbp->get)(up->udb_dbp, NULL,
 							&key, &info, 0);
-#endif
+#  endif /* DB_VERSION_MAJOR < 2 */
 			if (i != 0 || info.size <= 0)
 			{
 				if (tTd(28, 2))
-					printf("udbmatch: no match on %s (%d) via db\n",
-							keybuf, keylen);
+					dprintf("udbmatch: no match on %s (%d) via db\n",
+						keybuf, keylen);
 				continue;
 			}
 
 			p = xalloc(info.size + 1);
-			bcopy(info.data, p, info.size);
+			memmove(p, info.data, info.size);
 			p[info.size] = '\0';
 			if (tTd(28, 1))
-				printf("udbmatch ==> %s\n", p);
+				dprintf("udbmatch ==> %s\n", p);
 			return p;
-#endif
+# endif /* NEWDB */
 
-#ifdef HESIOD
+# ifdef HESIOD
 		  case UDB_HESIOD:
 			key.data = keybuf;
 			key.size = keylen;
-			i = hes_udb_get(&key, &info); 
+			i = hes_udb_get(&key, &info);
 			if (i != 0 || info.size <= 0)
 			{
 				if (tTd(28, 2))
-					printf("udbmatch: no match on %s (%d) via hesiod\n",
-							keybuf, keylen);
+					dprintf("udbmatch: no match on %s (%d) via hesiod\n",
+						keybuf, keylen);
 				continue;
 			}
 
 			p = xalloc(info.size + 1);
-			bcopy(info.data, p, info.size);
+			memmove(p, info.data, info.size);
 			p[info.size] = '\0';
 			if (tTd(28, 1))
-				printf("udbmatch ==> %s\n", p);
+				dprintf("udbmatch ==> %s\n", p);
 			return p;
-#endif /* HESIOD */
+# endif /* HESIOD */
 		}
 	}
 
@@ -687,31 +699,31 @@ udbmatch(user, field)
 	*/
 
 	/* build database key */
-	(void) strcpy(keybuf, user);
-	(void) strcat(keybuf, ":maildrop");
+	(void) strlcpy(keybuf, user, sizeof keybuf);
+	(void) strlcat(keybuf, ":maildrop", sizeof keybuf);
 	keylen = strlen(keybuf);
 
 	for (up = UdbEnts; up->udb_type != UDB_EOLIST; up++)
 	{
 		switch (up->udb_type)
 		{
-#ifdef NEWDB
+# ifdef NEWDB
 		  case UDB_DBFETCH:
 			/* get the default case for this database */
 			if (up->udb_default == NULL)
 			{
-				bzero(&key, sizeof key);
-				bzero(&info, sizeof info);
+				memset(&key, '\0', sizeof key);
+				memset(&info, '\0', sizeof info);
 				key.data = ":default:mailname";
 				key.size = strlen(key.data);
-#if DB_VERSION_MAJOR < 2
+#  if DB_VERSION_MAJOR < 2
 				i = (*up->udb_dbp->get)(up->udb_dbp,
 							&key, &info, 0);
-#else
+#  else /* DB_VERSION_MAJOR < 2 */
 				i = errno = (*up->udb_dbp->get)(up->udb_dbp,
 								NULL, &key,
 								&info, 0);
-#endif
+#  endif /* DB_VERSION_MAJOR < 2 */
 				if (i != 0 || info.size <= 0)
 				{
 					/* no default case */
@@ -721,23 +733,23 @@ udbmatch(user, field)
 
 				/* save the default case */
 				up->udb_default = xalloc(info.size + 1);
-				bcopy(info.data, up->udb_default, info.size);
+				memmove(up->udb_default, info.data, info.size);
 				up->udb_default[info.size] = '\0';
 			}
 			else if (up->udb_default[0] == '\0')
 				continue;
 
 			/* we have a default case -- verify user:maildrop */
-			bzero(&key, sizeof key);
-			bzero(&info, sizeof info);
+			memset(&key, '\0', sizeof key);
+			memset(&info, '\0', sizeof info);
 			key.data = keybuf;
 			key.size = keylen;
-#if DB_VERSION_MAJOR < 2
+#  if DB_VERSION_MAJOR < 2
 			i = (*up->udb_dbp->get)(up->udb_dbp, &key, &info, 0);
-#else
+#  else /* DB_VERSION_MAJOR < 2 */
 			i = errno = (*up->udb_dbp->get)(up->udb_dbp, NULL,
 							&key, &info, 0);
-#endif
+#  endif /* DB_VERSION_MAJOR < 2 */
 			if (i != 0 || info.size <= 0)
 			{
 				/* nope -- no aliasing for this user */
@@ -745,23 +757,22 @@ udbmatch(user, field)
 			}
 
 			/* they exist -- build the actual address */
-			p = xalloc(strlen(user) + strlen(up->udb_default) + 2);
-			(void) strcpy(p, user);
-			(void) strcat(p, "@");
-			(void) strcat(p, up->udb_default);
+			i = strlen(user) + strlen(up->udb_default) + 2;
+			p = xalloc(i);
+			(void) snprintf(p, i, "%s@%s", user, up->udb_default);
 			if (tTd(28, 1))
-				printf("udbmatch ==> %s\n", p);
+				dprintf("udbmatch ==> %s\n", p);
 			return p;
-#endif
+# endif /* NEWDB */
 
-#ifdef HESIOD
+# ifdef HESIOD
 		  case UDB_HESIOD:
 			/* get the default case for this database */
 			if (up->udb_default == NULL)
 			{
 				key.data = ":default:mailname";
 				key.size = strlen(key.data);
-				i = hes_udb_get(&key, &info); 
+				i = hes_udb_get(&key, &info);
 
 				if (i != 0 || info.size <= 0)
 				{
@@ -772,7 +783,7 @@ udbmatch(user, field)
 
 				/* save the default case */
 				up->udb_default = xalloc(info.size + 1);
-				bcopy(info.data, up->udb_default, info.size);
+				memmove(up->udb_default, info.data, info.size);
 				up->udb_default[info.size] = '\0';
 			}
 			else if (up->udb_default[0] == '\0')
@@ -789,15 +800,14 @@ udbmatch(user, field)
 			}
 
 			/* they exist -- build the actual address */
-			p = xalloc(strlen(user) + strlen(up->udb_default) + 2);
-			(void) strcpy(p, user);
-			(void) strcat(p, "@");
-			(void) strcat(p, up->udb_default);
+			i = strlen(user) + strlen(up->udb_default) + 2;
+			p = xalloc(i);
+			(void) snprintf(p, i, "%s@%s", user, up->udb_default);
 			if (tTd(28, 1))
-				printf("udbmatch ==> %s\n", p);
+				dprintf("udbmatch ==> %s\n", p);
 			return p;
 			break;
-#endif /* HESIOD */
+# endif /* HESIOD */
 		}
 	}
 
@@ -831,7 +841,7 @@ udb_map_lookup(map, name, av, statp)
 	char keybuf[MAXNAME + 1];
 
 	if (tTd(28, 20) || tTd(38, 20))
-		printf("udb_map_lookup(%s, %s)\n", map->map_mname, name);
+		dprintf("udb_map_lookup(%s, %s)\n", map->map_mname, name);
 
 	if (bitset(MF_NOFOLDCASE, map->map_mflags))
 	{
@@ -843,7 +853,7 @@ udb_map_lookup(map, name, av, statp)
 
 		if (keysize > sizeof keybuf - 1)
 			keysize = sizeof keybuf - 1;
-		bcopy(name, keybuf, keysize);
+		memmove(keybuf, name, keysize);
 		keybuf[keysize] = '\0';
 		makelower(keybuf);
 		key = keybuf;
@@ -872,9 +882,9 @@ udb_map_lookup(map, name, av, statp)
 **		Fills in the UdbEnts structure from UdbSpec.
 */
 
-#define MAXUDBOPTS	27
+# define MAXUDBOPTS	27
 
-int
+static int
 _udbx_init(e)
 	ENVELOPE *e;
 {
@@ -888,7 +898,7 @@ _udbx_init(e)
 # ifdef UDB_DEFAULT_SPEC
 	if (UdbSpec == NULL)
 		UdbSpec = UDB_DEFAULT_SPEC;
-# endif
+# endif /* UDB_DEFAULT_SPEC */
 
 	p = UdbSpec;
 	up = UdbEnts;
@@ -896,15 +906,7 @@ _udbx_init(e)
 	{
 		char *spec;
 		int l;
-# if 0
-		auto int rcode;
-		int nmx;
-		int i;
-		register struct hostent *h;
-		char *mxhosts[MAXMXHOSTS + 1];
-# endif
 		struct udb_option opts[MAXUDBOPTS + 1];
-		extern int _udb_parsespec __P((char *, struct udb_option [], int));
 
 		while (*p == ' ' || *p == '\t' || *p == ',')
 			p++;
@@ -930,14 +932,6 @@ _udbx_init(e)
 		**	In the sendmail tradition, the leading character
 		**	defines the semantics of the rest of the entry.
 		**
-		**	+hostname --	send a datagram to the udb server
-		**			on host "hostname" asking for the
-		**			home mail server for this user.
-		**	*hostname --	similar to +hostname, except that the
-		**			hostname is searched as an MX record;
-		**			resulting hosts are searched as for
-		**			+mxhostname.  If no MX host is found,
-		**			this is the same as +hostname.
 		**	@hostname --	forward email to the indicated host.
 		**			This should be the last in the list,
 		**			since it always matches the input.
@@ -949,60 +943,6 @@ _udbx_init(e)
 
 		switch (*spec)
 		{
-#if 0
-		  case '+':	/* search remote database */
-		  case '*':	/* search remote database (expand MX) */
-			if (*spec == '*')
-			{
-#if NAMED_BIND
-				nmx = getmxrr(spec + 1, mxhosts, FALSE, &rcode);
-#else
-				mxhosts[0] = spec + 1;
-				nmx = 1;
-				rcode = 0;
-#endif
-				if (tTd(28, 16))
-				{
-					int i;
-
-					printf("getmxrr(%s): %d", spec + 1, nmx);
-					for (i = 0; i <= nmx; i++)
-						printf(" %s", mxhosts[i]);
-					printf("\n");
-				}
-			}
-			else
-			{
-				nmx = 1;
-				mxhosts[0] = spec + 1;
-			}
-
-			for (i = 0; i < nmx; i++)
-			{
-				h = sm_gethostbyname(mxhosts[i]);
-				if (h == NULL)
-					continue;
-				up->udb_type = UDB_REMOTE;
-				up->udb_pid = getpid();
-				up->udb_addr.sin_family = h->h_addrtype;
-				bcopy(h->h_addr_list[0],
-				      (char *) &up->udb_addr.sin_addr,
-				      INADDRSZ);
-				up->udb_addr.sin_port = UdbPort;
-				up->udb_timeout = UdbTimeout;
-				ents++;
-				up++;
-			}
-
-			/* set up a datagram socket */
-			if (UdbSock < 0)
-			{
-				UdbSock = socket(AF_INET, SOCK_DGRAM, 0);
-				(void) fcntl(UdbSock, F_SETFD, 1);
-			}
-			break;
-#endif
-
 		  case '@':	/* forward to remote host */
 			up->udb_type = UDB_FORWARD;
 			up->udb_pid = getpid();
@@ -1011,7 +951,7 @@ _udbx_init(e)
 			up++;
 			break;
 
-#ifdef HESIOD
+# ifdef HESIOD
 		  case 'h':	/* use hesiod */
 		  case 'H':
 			if (strcasecmp(spec, "hesiod") != 0)
@@ -1021,9 +961,9 @@ _udbx_init(e)
 			ents++;
 			up++;
 			break;
-#endif /* HESIOD */
+# endif /* HESIOD */
 
-#ifdef NEWDB
+# ifdef NEWDB
 		  case '/':	/* look up remote name */
 			l = strlen(spec);
 			if (l > 3 && strcmp(&spec[l - 3], ".db") == 0)
@@ -1033,44 +973,82 @@ _udbx_init(e)
 			else
 			{
 				up->udb_dbname = xalloc(l + 4);
-				strcpy(up->udb_dbname, spec);
-				strcat(up->udb_dbname, ".db");
+				(void) strlcpy(up->udb_dbname, spec, l + 4);
+				(void) strlcat(up->udb_dbname, ".db", l + 4);
 			}
 			errno = 0;
-#if DB_VERSION_MAJOR < 2
+#  if DB_VERSION_MAJOR < 2
 			up->udb_dbp = dbopen(up->udb_dbname, O_RDONLY,
 					     0644, DB_BTREE, NULL);
-#else
-			up->udb_dbp = NULL;
-			errno = db_open(up->udb_dbname, DB_BTREE, DB_RDONLY,
-					0644, NULL, NULL, &up->udb_dbp);
-#endif
+#  else /* DB_VERSION_MAJOR < 2 */
+			{
+				int flags = DB_RDONLY;
+#  if DB_VERSION_MAJOR > 2
+				int ret;
+#  endif /* DB_VERSION_MAJOR > 2 */
+
+#  if !HASFLOCK && defined(DB_FCNTL_LOCKING)
+				flags |= DB_FCNTL_LOCKING;
+#  endif /* !HASFLOCK && defined(DB_FCNTL_LOCKING) */
+
+				up->udb_dbp = NULL;
+
+#  if DB_VERSION_MAJOR > 2
+				ret = db_create(&up->udb_dbp, NULL, 0);
+				if (ret != 0)
+				{
+					(void) up->udb_dbp->close(up->udb_dbp,
+								  0);
+					up->udb_dbp = NULL;
+				}
+				else
+				{
+					ret = up->udb_dbp->open(up->udb_dbp,
+								up->udb_dbname,
+								NULL,
+								DB_BTREE,
+								flags,
+								0644);
+					if (ret != 0)
+					{
+						(void) up->udb_dbp->close(up->udb_dbp, 0);
+						up->udb_dbp = NULL;
+					}
+				}
+				errno = ret;
+#  else /* DB_VERSION_MAJOR > 2 */
+				errno = db_open(up->udb_dbname, DB_BTREE,
+						flags, 0644, NULL,
+						NULL, &up->udb_dbp);
+#  endif /* DB_VERSION_MAJOR > 2 */
+			}
+#  endif /* DB_VERSION_MAJOR < 2 */
 			if (up->udb_dbp == NULL)
 			{
 				if (tTd(28, 1))
 				{
-					int saveerrno = errno;
+					int save_errno = errno;
 
-#if DB_VERSION_MAJOR < 2
-					printf("dbopen(%s): %s\n",
-#else
-					printf("db_open(%s): %s\n",
-#endif
+#  if DB_VERSION_MAJOR < 2
+					dprintf("dbopen(%s): %s\n",
+#  else /* DB_VERSION_MAJOR < 2 */
+					dprintf("db_open(%s): %s\n",
+#  endif /* DB_VERSION_MAJOR < 2 */
 						up->udb_dbname,
 						errstring(errno));
-					errno = saveerrno;
+					errno = save_errno;
 				}
 				if (errno != ENOENT && errno != EACCES)
 				{
 					if (LogLevel > 2)
 						sm_syslog(LOG_ERR, e->e_id,
-#if DB_VERSION_MAJOR < 2
-							"dbopen(%s): %s",
-#else
-							"db_open(%s): %s",
-#endif
-							up->udb_dbname,
-							errstring(errno));
+#  if DB_VERSION_MAJOR < 2
+							  "dbopen(%s): %s",
+#  else /* DB_VERSION_MAJOR < 2 */
+							  "db_open(%s): %s",
+#  endif /* DB_VERSION_MAJOR < 2 */
+							  up->udb_dbname,
+							  errstring(errno));
 					up->udb_type = UDB_EOLIST;
 					if (up->udb_dbname != spec)
 						free(up->udb_dbname);
@@ -1082,11 +1060,11 @@ _udbx_init(e)
 			}
 			if (tTd(28, 1))
 			{
-#if DB_VERSION_MAJOR < 2
-				printf("_udbx_init: dbopen(%s)\n",
-#else
-				printf("_udbx_init: db_open(%s)\n",
-#endif
+#  if DB_VERSION_MAJOR < 2
+				dprintf("_udbx_init: dbopen(%s)\n",
+#  else /* DB_VERSION_MAJOR < 2 */
+				dprintf("_udbx_init: db_open(%s)\n",
+#  endif /* DB_VERSION_MAJOR < 2 */
 					up->udb_dbname);
 			}
 			up->udb_type = UDB_DBFETCH;
@@ -1094,10 +1072,12 @@ _udbx_init(e)
 			ents++;
 			up++;
 			break;
-#endif
+# endif /* NEWDB */
 
 		  default:
+# ifdef HESIOD
 badspec:
+# endif /* HESIOD */
 			syserr("Unknown UDB spec %s", spec);
 			break;
 		}
@@ -1110,34 +1090,34 @@ badspec:
 		{
 			switch (up->udb_type)
 			{
-#if DAEMON
+# if DAEMON
 			  case UDB_REMOTE:
-				printf("REMOTE: addr %s, timeo %d\n",
+				dprintf("REMOTE: addr %s, timeo %d\n",
 					anynet_ntoa((SOCKADDR *) &up->udb_addr),
 					up->udb_timeout);
 				break;
-#endif
+# endif /* DAEMON */
 
 			  case UDB_DBFETCH:
-#ifdef NEWDB
-				printf("FETCH: file %s\n",
+# ifdef NEWDB
+				dprintf("FETCH: file %s\n",
 					up->udb_dbname);
-#else
-				printf("FETCH\n");
-#endif
+# else /* NEWDB */
+				dprintf("FETCH\n");
+# endif /* NEWDB */
 				break;
 
 			  case UDB_FORWARD:
-				printf("FORWARD: host %s\n",
+				dprintf("FORWARD: host %s\n",
 					up->udb_fwdhost);
 				break;
 
 			  case UDB_HESIOD:
-				printf("HESIOD\n");
+				dprintf("HESIOD\n");
 				break;
 
 			  default:
-				printf("UNKNOWN\n");
+				dprintf("UNKNOWN\n");
 				break;
 			}
 		}
@@ -1152,28 +1132,26 @@ badspec:
 	*/
 
   tempfail:
-#ifdef NEWDB
+# ifdef NEWDB
 	for (up = UdbEnts; up->udb_type != UDB_EOLIST; up++)
 	{
 		if (up->udb_type == UDB_DBFETCH)
 		{
-#if DB_VERSION_MAJOR < 2
+#  if DB_VERSION_MAJOR < 2
 			(*up->udb_dbp->close)(up->udb_dbp);
-#else
+#  else /* DB_VERSION_MAJOR < 2 */
 			errno = (*up->udb_dbp->close)(up->udb_dbp, 0);
-#endif
+#  endif /* DB_VERSION_MAJOR < 2 */
 			if (tTd(28, 1))
-			{
-				printf("_udbx_init: db->close(%s)\n",
+				dprintf("_udbx_init: db->close(%s)\n",
 					up->udb_dbname);
-			}
 		}
 	}
-#endif
+# endif /* NEWDB */
 	return EX_TEMPFAIL;
 }
 
-int
+static int
 _udb_parsespec(udbspec, opt, maxopts)
 	char *udbspec;
 	struct udb_option opt[];
@@ -1194,11 +1172,11 @@ _udb_parsespec(udbspec, opt, maxopts)
 		if (spec_end != NULL)
 			*spec_end++ = '\0';
 
-		opt[optnum].name = spec;
-		opt[optnum].val = NULL;
+		opt[optnum].udbo_name = spec;
+		opt[optnum].udbo_val = NULL;
 		p = strchr(spec, '=');
 		if (p != NULL)
-			opt[optnum].val = ++p;
+			opt[optnum].udbo_val = ++p;
 	}
 	return optnum;
 }
@@ -1226,28 +1204,26 @@ _udbx_close()
 	{
 		if (up->udb_pid != pid)
 			continue;
-		
-#ifdef NEWDB
+
+# ifdef NEWDB
 		if (up->udb_type == UDB_DBFETCH)
 		{
-#if DB_VERSION_MAJOR < 2
+#  if DB_VERSION_MAJOR < 2
 			(*up->udb_dbp->close)(up->udb_dbp);
-#else
+#  else /* DB_VERSION_MAJOR < 2 */
 			errno = (*up->udb_dbp->close)(up->udb_dbp, 0);
-#endif
+#  endif /* DB_VERSION_MAJOR < 2 */
 		}
 		if (tTd(28, 1))
-		{
-			printf("_udbx_init: db->close(%s)\n",
+			dprintf("_udbx_init: db->close(%s)\n",
 				up->udb_dbname);
-		}
-#endif
+# endif /* NEWDB */
 	}
 }
 
-#ifdef HESIOD
+# ifdef HESIOD
 
-int
+static int
 hes_udb_get(key, info)
 	DBT *key;
 	DBT *info;
@@ -1256,9 +1232,8 @@ hes_udb_get(key, info)
 	char **hp;
 	char kbuf[MAXKEY + 1];
 
-	if (strlen(key->data) >= (SIZE_T) sizeof kbuf)
+	if (strlcpy(kbuf, key->data, sizeof kbuf) >= (SIZE_T) sizeof kbuf)
 		return 0;
-	strcpy(kbuf, key->data);
 	name = kbuf;
 	type = strrchr(name, ':');
 	if (type == NULL)
@@ -1268,18 +1243,18 @@ hes_udb_get(key, info)
 		return 1;
 
 	if (tTd(28, 1))
-		printf("hes_udb_get(%s, %s)\n", name, type);
+		dprintf("hes_udb_get(%s, %s)\n", name, type);
 
 	/* make the hesiod query */
-#ifdef HESIOD_INIT
+#  ifdef HESIOD_INIT
 	if (HesiodContext == NULL && hesiod_init(&HesiodContext) != 0)
 		return -1;
 	hp = hesiod_resolve(HesiodContext, name, type);
-#else
+#  else /* HESIOD_INIT */
 	hp = hes_resolve(name, type);
-#endif /* HESIOD_INIT */
+#  endif /* HESIOD_INIT */
 	*--type = ':';
-#ifdef HESIOD_INIT
+#  ifdef HESIOD_INIT
 	if (hp == NULL)
 		return 1;
 	if (*hp == NULL)
@@ -1289,7 +1264,7 @@ hes_udb_get(key, info)
 			return -1;
 		return 1;
 	}
-#else
+#  else /* HESIOD_INIT */
 	if (hp == NULL || hp[0] == NULL)
 	{
 		/* network problem or timeout */
@@ -1298,7 +1273,7 @@ hes_udb_get(key, info)
 
 		return 1;
 	}
-#endif /* HESIOD_INIT */
+#  endif /* HESIOD_INIT */
 	else
 	{
 		/*
@@ -1314,13 +1289,13 @@ hes_udb_get(key, info)
 	}
 
 	if (tTd(28, 80))
-		printf("hes_udb_get => %s\n", *hp);
+		dprintf("hes_udb_get => %s\n", *hp);
 
 	return 0;
 }
-#endif /* HESIOD */
+# endif /* HESIOD */
 
-#else /* not USERDB */
+#else /* USERDB */
 
 int
 udbexpand(a, sendq, aliaslevel, e)
diff --git a/contrib/sendmail/src/usersmtp.c b/contrib/sendmail/src/usersmtp.c
index c82942b..4254e58 100644
--- a/contrib/sendmail/src/usersmtp.c
+++ b/contrib/sendmail/src/usersmtp.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -10,20 +11,24 @@
  *
  */
 
-# include "sendmail.h"
+#include <sendmail.h>
 
 #ifndef lint
+# if SMTP
+static char id[] = "@(#)$Id: usersmtp.c,v 8.245.4.12 2000/07/17 19:55:08 ca Exp $ (with SMTP)";
+# else /* SMTP */
+static char id[] = "@(#)$Id: usersmtp.c,v 8.245.4.12 2000/07/17 19:55:08 ca Exp $ (without SMTP)";
+# endif /* SMTP */
+#endif /* ! lint */
+
+#include <sysexits.h>
+
 #if SMTP
-static char sccsid[] = "@(#)usersmtp.c	8.111 (Berkeley) 2/3/1999 (with SMTP)";
-#else
-static char sccsid[] = "@(#)usersmtp.c	8.111 (Berkeley) 2/3/1999 (without SMTP)";
-#endif
-#endif /* not lint */
 
-# include <sysexits.h>
-# include <errno.h>
 
-# if SMTP
+static void	datatimeout __P((void));
+static void	esmtp_check __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
+static void	helo_options __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
 
 /*
 **  USERSMTP -- run SMTP protocol from the user end.
@@ -31,17 +36,15 @@ static char sccsid[] = "@(#)usersmtp.c	8.111 (Berkeley) 2/3/1999 (without SMTP)"
 **	This protocol is described in RFC821.
 */
 
-#define REPLYTYPE(r)	((r) / 100)		/* first digit of reply code */
-#define REPLYCLASS(r)	(((r) / 10) % 10)	/* second digit of reply code */
-#define SMTPCLOSING	421			/* "Service Shutting Down" */
+# define REPLYTYPE(r)	((r) / 100)		/* first digit of reply code */
+# define REPLYCLASS(r)	(((r) / 10) % 10)	/* second digit of reply code */
+# define SMTPCLOSING	421			/* "Service Shutting Down" */
 
-char	SmtpMsgBuffer[MAXLINE];		/* buffer for commands */
-char	SmtpReplyBuffer[MAXLINE];	/* buffer for replies */
-char	SmtpError[MAXLINE] = "";	/* save failure error messages */
-bool	SmtpNeedIntro;			/* need "while talking" in transcript */
+#define ENHSCN(e, d)	(e) == NULL ? (d) : newstr(e)
 
-extern void	smtpmessage __P((char *f, MAILER *m, MCI *mci, ...));
-extern int	reply __P((MAILER *, MCI *, ENVELOPE *, time_t, void (*)()));
+static char	SmtpMsgBuffer[MAXLINE];		/* buffer for commands */
+static char	SmtpReplyBuffer[MAXLINE];	/* buffer for replies */
+static bool	SmtpNeedIntro;		/* need "while talking" in transcript */
 /*
 **  SMTPINIT -- initialize SMTP.
 **
@@ -49,8 +52,9 @@ extern int	reply __P((MAILER *, MCI *, ENVELOPE *, time_t, void (*)()));
 **
 **	Parameters:
 **		m -- mailer to create connection to.
-**		pvp -- pointer to parameter vector to pass to
-**			the mailer.
+**		mci -- the mailer connection info.
+**		e -- the envelope.
+**		onlyhelo -- send only helo command?
 **
 **	Returns:
 **		none.
@@ -60,19 +64,21 @@ extern int	reply __P((MAILER *, MCI *, ENVELOPE *, time_t, void (*)()));
 */
 
 void
-smtpinit(m, mci, e)
+smtpinit(m, mci, e, onlyhelo)
 	MAILER *m;
 	register MCI *mci;
 	ENVELOPE *e;
+	bool onlyhelo;
 {
 	register int r;
 	register char *p;
-	extern void esmtp_check __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
-	extern void helo_options __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
+	register char *hn;
+	char *enhsc;
 
+	enhsc = NULL;
 	if (tTd(18, 1))
 	{
-		printf("smtpinit ");
+		dprintf("smtpinit ");
 		mci_dump(mci, FALSE);
 	}
 
@@ -90,24 +96,29 @@ smtpinit(m, mci, e)
 	  case MCIS_ACTIVE:
 		/* need to clear old information */
 		smtprset(m, mci, e);
-		/* fall through */
+		/* FALLTHROUGH */
 
 	  case MCIS_OPEN:
-		return;
+		if (!onlyhelo)
+			return;
+		break;
 
 	  case MCIS_ERROR:
+	  case MCIS_QUITING:
 	  case MCIS_SSD:
 		/* shouldn't happen */
 		smtpquit(m, mci, e);
-		/* fall through */
+		/* FALLTHROUGH */
 
 	  case MCIS_CLOSED:
-		syserr("451 smtpinit: state CLOSED");
+		syserr("451 4.4.0 smtpinit: state CLOSED");
 		return;
 
 	  case MCIS_OPENING:
 		break;
 	}
+	if (onlyhelo)
+		goto helo;
 
 	mci->mci_state = MCIS_OPENING;
 
@@ -118,8 +129,9 @@ smtpinit(m, mci, e)
 	*/
 
 	SmtpPhase = mci->mci_phase = "client greeting";
-	sm_setproctitle(TRUE, "%s %s: %s", e->e_id, CurHostName, mci->mci_phase);
-	r = reply(m, mci, e, TimeOuts.to_initial, esmtp_check);
+	sm_setproctitle(TRUE, e, "%s %s: %s",
+			qid_printname(e), CurHostName, mci->mci_phase);
+	r = reply(m, mci, e, TimeOuts.to_initial, esmtp_check, NULL);
 	if (r < 0)
 		goto tempfail1;
 	if (REPLYTYPE(r) == 4)
@@ -132,27 +144,30 @@ smtpinit(m, mci, e)
 	**	My mother taught me to always introduce myself.
 	*/
 
+helo:
 	if (bitnset(M_ESMTP, m->m_flags) || bitnset(M_LMTP, m->m_flags))
 		mci->mci_flags |= MCIF_ESMTP;
+	hn = mci->mci_heloname ? mci->mci_heloname : MyHostName;
 
 tryhelo:
 	if (bitnset(M_LMTP, m->m_flags))
 	{
-		smtpmessage("LHLO %s", m, mci, MyHostName);
+		smtpmessage("LHLO %s", m, mci, hn);
 		SmtpPhase = mci->mci_phase = "client LHLO";
 	}
 	else if (bitset(MCIF_ESMTP, mci->mci_flags))
 	{
-		smtpmessage("EHLO %s", m, mci, MyHostName);
+		smtpmessage("EHLO %s", m, mci, hn);
 		SmtpPhase = mci->mci_phase = "client EHLO";
 	}
 	else
 	{
-		smtpmessage("HELO %s", m, mci, MyHostName);
+		smtpmessage("HELO %s", m, mci, hn);
 		SmtpPhase = mci->mci_phase = "client HELO";
 	}
-	sm_setproctitle(TRUE, "%s %s: %s", e->e_id, CurHostName, mci->mci_phase);
-	r = reply(m, mci, e, TimeOuts.to_helo, helo_options);
+	sm_setproctitle(TRUE, e, "%s %s: %s", qid_printname(e),
+			CurHostName, mci->mci_phase);
+	r = reply(m, mci, e, TimeOuts.to_helo, helo_options, NULL);
 	if (r < 0)
 		goto tempfail1;
 	else if (REPLYTYPE(r) == 5)
@@ -182,9 +197,9 @@ tryhelo:
 	    !bitnset(M_LMTP, m->m_flags) &&
 	    strcasecmp(&SmtpReplyBuffer[4], MyHostName) == 0)
 	{
-		syserr("553 %s config error: mail loops back to me (MX problem?)",
+		syserr("553 5.3.5 %s config error: mail loops back to me (MX problem?)",
 			CurHostName);
-		mci_setstat(mci, EX_CONFIG, NULL, NULL);
+		mci_setstat(mci, EX_CONFIG, "5.3.5", "system config error");
 		mci->mci_errno = 0;
 		smtpquit(m, mci, e);
 		return;
@@ -199,7 +214,7 @@ tryhelo:
 	{
 		/* tell it to be verbose */
 		smtpmessage("VERB", m, mci);
-		r = reply(m, mci, e, TimeOuts.to_miscshort, NULL);
+		r = reply(m, mci, e, TimeOuts.to_miscshort, NULL, &enhsc);
 		if (r < 0)
 			goto tempfail1;
 	}
@@ -215,7 +230,7 @@ tryhelo:
   tempfail1:
 	if (mci->mci_errno == 0)
 		mci->mci_errno = errno;
-	mci_setstat(mci, EX_TEMPFAIL, "4.4.2", NULL);
+	mci_setstat(mci, EX_TEMPFAIL, ENHSCN(enhsc, "4.4.2"), NULL);
 	if (mci->mci_state != MCIS_CLOSED)
 		smtpquit(m, mci, e);
 	return;
@@ -224,7 +239,8 @@ tryhelo:
 	if (mci->mci_errno == 0)
 		mci->mci_errno = errno;
 	/* XXX should use code from other end iff ENHANCEDSTATUSCODES */
-	mci_setstat(mci, EX_TEMPFAIL, "4.5.0", SmtpReplyBuffer);
+	mci_setstat(mci, EX_TEMPFAIL, ENHSCN(enhsc, "4.5.0"),
+		    SmtpReplyBuffer);
 	if (mci->mci_state != MCIS_CLOSED)
 		smtpquit(m, mci, e);
 	return;
@@ -249,7 +265,7 @@ tryhelo:
 **		none.
 */
 
-void
+static void
 esmtp_check(line, firstline, m, mci, e)
 	char *line;
 	bool firstline;
@@ -262,6 +278,74 @@ esmtp_check(line, firstline, m, mci, e)
 	if (strstr(line, "8BIT-OK") != NULL)
 		mci->mci_flags |= MCIF_8BITOK;
 }
+# if SASL
+/*
+**  STR_UNION -- create the union of two lists
+**
+**	Parameters:
+**		s1, s2 -- lists of items (separated by single blanks).
+**
+**	Returns:
+**		the union of both lists.
+*/
+
+static char *
+str_union(s1, s2)
+	char *s1, *s2;
+{
+	char *hr, *h1, *h, *res;
+	int l1, l2, rl;
+
+	if (s1 == NULL || *s1 == '\0')
+		return s2;
+	if (s2 == NULL || *s2 == '\0')
+		return s1;
+	l1 = strlen(s1);
+	l2 = strlen(s2);
+	rl = l1 + l2;
+	res = (char *)malloc(rl + 2);
+	if (res == NULL)
+	{
+		if (l1 > l2)
+			return s1;
+		return s2;
+	}
+	(void) strlcpy(res, s1, rl);
+	hr = res;
+	h1 = s2;
+	h = s2;
+
+	/* walk through s2 */
+	while (h != NULL && *h1 != '\0')
+	{
+		/* is there something after the current word? */
+		if ((h = strchr(h1, ' ')) != NULL)
+			*h = '\0';
+		l1 = strlen(h1);
+
+		/* does the current word appear in s1 ? */
+		if (iteminlist(h1, s1, " ") == NULL)
+		{
+			/* add space as delimiter */
+			*hr++ = ' ';
+
+			/* copy the item */
+			memcpy(hr, h1, l1);
+
+			/* advance pointer in result list */
+			hr += l1;
+			*hr = '\0';
+		}
+		if (h != NULL)
+		{
+			/* there are more items */
+			*h = ' ';
+			h1 = h + 1;
+		}
+	}
+	return res;
+}
+# endif /* SASL */
 /*
 **  HELO_OPTIONS -- process the options on a HELO line.
 **
@@ -276,7 +360,7 @@ esmtp_check(line, firstline, m, mci, e)
 **		none.
 */
 
-void
+static void
 helo_options(line, firstline, m, mci, e)
 	char *line;
 	bool firstline;
@@ -287,12 +371,19 @@ helo_options(line, firstline, m, mci, e)
 	register char *p;
 
 	if (firstline)
+	{
+# if SASL
+		if (mci->mci_saslcap != NULL)
+			free(mci->mci_saslcap);
+		mci->mci_saslcap = NULL;
+# endif /* SASL */
 		return;
+	}
 
 	if (strlen(line) < (SIZE_T) 5)
 		return;
 	line += 4;
-	p = strchr(line, ' ');
+	p = strpbrk(line, " =");
 	if (p != NULL)
 		*p++ = '\0';
 	if (strcasecmp(line, "size") == 0)
@@ -310,7 +401,987 @@ helo_options(line, firstline, m, mci, e)
 		mci->mci_flags |= MCIF_EXPN;
 	else if (strcasecmp(line, "dsn") == 0)
 		mci->mci_flags |= MCIF_DSN;
+	else if (strcasecmp(line, "enhancedstatuscodes") == 0)
+		mci->mci_flags |= MCIF_ENHSTAT;
+# if STARTTLS
+	else if (strcasecmp(line, "starttls") == 0)
+		mci->mci_flags |= MCIF_TLS;
+# endif /* STARTTLS */
+# if SASL
+	else if (strcasecmp(line, "auth") == 0)
+	{
+		if (p != NULL && *p != '\0')
+		{
+			if (mci->mci_saslcap != NULL)
+			{
+				char *h;
+
+				/*
+				**  create the union with previous auth
+				**  offerings because we recognize "auth "
+				**  and "auth=" (old format).
+				*/
+				h = mci->mci_saslcap;
+				mci->mci_saslcap = str_union(h, p);
+				if (h != mci->mci_saslcap)
+					free(h);
+				mci->mci_flags |= MCIF_AUTH;
+			}
+			else
+			{
+				int l;
+
+				l = strlen(p) + 1;
+				mci->mci_saslcap = (char *)malloc(l);
+
+				/* XXX this may be leaked */
+				if (mci->mci_saslcap != NULL)
+				{
+					(void) strlcpy(mci->mci_saslcap, p, l);
+					mci->mci_flags |= MCIF_AUTH;
+				}
+			}
+		}
+	}
+# endif /* SASL */
+}
+# if SASL
+
+/*
+**  GETSASLDATA -- process the challenges from the SASL protocol
+**
+**	This gets the relevant sasl response data out of the reply
+**	from the server
+**
+**	Parameters:
+**		line -- the response line.
+**		firstline -- set if this is the first line of the reply.
+**		m -- the mailer.
+**		mci -- the mailer connection info.
+**		e -- the envelope.
+**
+**	Returns:
+**		none.
+*/
+
+void
+getsasldata(line, firstline, m, mci, e)
+	char *line;
+	bool firstline;
+	MAILER *m;
+	register MCI *mci;
+	ENVELOPE *e;
+{
+	int len;
+	char *out;
+	int result;
+
+	/* if not a continue we don't care about it */
+	if ((strlen(line) <= 4) ||
+	    (line[0] != '3') ||
+	    (line[1] != '3') ||
+	    (line[2] != '4'))
+	{
+		mci->mci_sasl_string = NULL;
+		return;
+	}
+
+	/* forget about "334 " */
+	line += 4;
+	len = strlen(line);
+
+	out = xalloc(len + 1);
+	result = sasl_decode64(line, len, out, (u_int *)&len);
+	if (result != SASL_OK)
+	{
+		len = 0;
+		*out = '\0';
+	}
+	if (mci->mci_sasl_string != NULL)
+	{
+		if (mci->mci_sasl_string_len <= len)
+		{
+			free(mci->mci_sasl_string);
+			mci->mci_sasl_string = xalloc(len + 1);
+		}
+	}
+	else
+		mci->mci_sasl_string = xalloc(len + 1);
+	/* XXX this is probably leaked */
+	memcpy(mci->mci_sasl_string, out, len);
+	mci->mci_sasl_string[len] = '\0';
+	mci->mci_sasl_string_len = len;
+	free(out);
+	return;
 }
+
+/*
+**  READAUTH -- read auth value from a file
+**
+**	Parameters:
+**		l -- line to define.
+**		filename -- name of file to read.
+**		safe -- if set, this is a safe read.
+**
+**	Returns:
+**		line from file
+**
+**	Side Effects:
+**		overwrites local static buffer. The caller should copy
+**		the result.
+**
+*/
+
+/* lines in authinfo file */
+# define SASL_USER	1
+# define SASL_AUTHID	2
+# define SASL_PASSWORD	3
+# define SASL_DEFREALM	4
+# define SASL_MECH	5
+
+static char *sasl_info_name[] =
+{
+	"",
+	"user id",
+	"authorization id",
+	"password",
+	"realm",
+	"mechanism"
+};
+
+static char *
+readauth(l, filename, safe)
+	int l;
+	char *filename;
+	bool safe;
+{
+	FILE *f;
+	long sff;
+	pid_t pid;
+	int lc;
+	static char buf[MAXLINE];
+
+	if (filename == NULL || filename[0] == '\0')
+		return "";
+#if !_FFR_ALLOW_SASLINFO
+	/*
+	**  make sure we don't use a program that is not
+	**  accesible to the user who specified a different authinfo file.
+	**  However, currently we don't pass this info (authinfo file
+	**  specified by user) around, so we just turn off program access.
+	*/
+	if (filename[0] == '|')
+	{
+		auto int fd;
+		int i;
+		char *p;
+		char *argv[MAXPV + 1];
+
+		i = 0;
+		for (p = strtok(&filename[1], " \t"); p != NULL;
+		     p = strtok(NULL, " \t"))
+		{
+			if (i >= MAXPV)
+				break;
+			argv[i++] = p;
+		}
+		argv[i] = NULL;
+		pid = prog_open(argv, &fd, CurEnv);
+		if (pid < 0)
+			f = NULL;
+		else
+			f = fdopen(fd, "r");
+	}
+	else
+#endif /* !_FFR_ALLOW_SASLINFO */
+	{
+		pid = -1;
+		sff = SFF_REGONLY | SFF_SAFEDIRPATH | SFF_NOWLINK
+		      | SFF_NOGWFILES | SFF_NOWWFILES | SFF_NORFILES;
+		if (DontLockReadFiles)
+			sff |= SFF_NOLOCK;
+#if _FFR_ALLOW_SASLINFO
+		/*
+		**  XXX: make sure we don't read or open files that are not
+		**  accesible to the user who specified a different authinfo
+		**  file.
+		*/
+		sff |= SFF_MUSTOWN;
+#else /* _FFR_ALLOW_SASLINFO */
+		if (safe)
+			sff |= SFF_OPENASROOT;
+#endif /* _FFR_ALLOW_SASLINFO */
+
+		f = safefopen(filename, O_RDONLY, 0, sff);
+	}
+	if (f == NULL)
+	{
+		syserr("readauth: cannot open %s", filename);
+		return "";
+	}
+
+	lc = 0;
+	while (lc < l && fgets(buf, sizeof buf, f) != NULL)
+	{
+		if (buf[0] != '#')
+			lc++;
+	}
+
+	(void) fclose(f);
+	if (pid > 0)
+		(void) waitfor(pid);
+	if (lc < l)
+	{
+		if (LogLevel >= 9)
+			sm_syslog(LOG_WARNING, NOQID, "SASL: error: can't read %s from %s",
+			  sasl_info_name[l], filename);
+		return "";
+	}
+	lc = strlen(buf) - 1;
+	if (lc >= 0)
+		buf[lc] = '\0';
+	if (tTd(95, 6))
+		dprintf("readauth(%s, %d) = '%s'\n", filename, l, buf);
+	return buf;
+}
+
+#  ifndef __attribute__
+#   define __attribute__(x)
+#  endif /* ! __attribute__ */
+
+static int getsimple	__P((void *, int, const char **, unsigned *));
+static int getsecret	__P((sasl_conn_t *, void *, int, sasl_secret_t **));
+static int saslgetrealm	__P((void *, int, const char **, const char **));
+
+static sasl_callback_t callbacks[] =
+{
+	{	SASL_CB_GETREALM,	&saslgetrealm,	NULL	},
+# define CB_GETREALM_IDX	0
+	{	SASL_CB_PASS,		&getsecret,	NULL	},
+# define CB_PASS_IDX	1
+	{	SASL_CB_USER,		&getsimple,	NULL	},
+# define CB_USER_IDX	2
+	{	SASL_CB_AUTHNAME,	&getsimple,	NULL	},
+# define CB_AUTHNAME_IDX	3
+	{	SASL_CB_VERIFYFILE,	&safesaslfile,	NULL	},
+	{	SASL_CB_LIST_END,	NULL,		NULL	}
+};
+
+/*
+**  GETSIMPLE -- callback to get userid or authid
+**
+**	Parameters:
+**		context -- unused
+**		id -- what to do
+**		result -- (pointer to) result
+**		len -- (pointer to) length of result
+**
+**	Returns:
+**		OK/failure values
+*/
+
+static int
+getsimple(context, id, result, len)
+	void *context __attribute__((unused));
+	int id;
+	const char **result;
+	unsigned *len;
+{
+	char *h;
+#  if SASL > 10509
+	int addrealm;
+	static int addedrealm = FALSE;
+#  endif /* SASL > 10509 */
+	static char *user = NULL;
+	static char *authid = NULL;
+
+	if (result == NULL)
+		return SASL_BADPARAM;
+
+	switch (id)
+	{
+	  case SASL_CB_USER:
+		if (user == NULL)
+		{
+			h = readauth(SASL_USER, SASLInfo, TRUE);
+			user = newstr(h);
+		}
+		*result = user;
+		if (tTd(95, 5))
+			dprintf("AUTH username '%s'\n", *result);
+		if (len != NULL)
+			*len = user ? strlen(user) : 0;
+		break;
+
+	  case SASL_CB_AUTHNAME:
+#  if SASL > 10509
+		/* XXX maybe other mechanisms too?! */
+		addrealm = context != NULL &&
+			   strcasecmp(context, "CRAM-MD5") == 0;
+		if (addedrealm != addrealm && authid != NULL)
+		{
+#  if SASL > 10522
+			/*
+			**  digest-md5 prior to 1.5.23 doesn't copy the
+			**  value it gets from the callback, but free()s
+			**  it later on
+			**  workaround: don't free() it here
+			**  this can cause a memory leak!
+			*/
+			free(authid);
+#  endif /* SASL > 10522 */
+			authid = NULL;
+			addedrealm = addrealm;
+		}
+#  endif /* SASL > 10509 */
+		if (authid == NULL)
+		{
+			h = readauth(SASL_AUTHID, SASLInfo, TRUE);
+#  if SASL > 10509
+			if (addrealm && strchr(h, '@') == NULL)
+			{
+				size_t l;
+				char *realm;
+
+				realm = callbacks[CB_GETREALM_IDX].context;
+				l = strlen(h) + strlen(realm) + 2;
+				authid = xalloc(l);
+				snprintf(authid, l, "%s@%s", h, realm);
+			}
+			else
+#  endif /* SASL > 10509 */
+				authid = newstr(h);
+		}
+		*result = authid;
+		if (tTd(95, 5))
+			dprintf("AUTH authid '%s'\n", *result);
+		if (len != NULL)
+			*len = authid ? strlen(authid) : 0;
+		break;
+
+	  case SASL_CB_LANGUAGE:
+		*result = NULL;
+		if (len != NULL)
+			*len = 0;
+		break;
+
+	  default:
+		return SASL_BADPARAM;
+	}
+	return SASL_OK;
+}
+
+/*
+**  GETSECRET -- callback to get password
+**
+**	Parameters:
+**		conn -- connection information
+**		context -- unused
+**		id -- what to do
+**		psecret -- (pointer to) result
+**
+**	Returns:
+**		OK/failure values
+*/
+
+static int
+getsecret(conn, context, id, psecret)
+	sasl_conn_t *conn;
+	void *context __attribute__((unused));
+	int id;
+	sasl_secret_t **psecret;
+{
+	char *h;
+	int len;
+	static char *authpass = NULL;
+
+	if (conn == NULL || psecret == NULL || id != SASL_CB_PASS)
+		return SASL_BADPARAM;
+
+	if (authpass == NULL)
+	{
+		h = readauth(SASL_PASSWORD, SASLInfo, TRUE);
+		authpass = newstr(h);
+	}
+	len = strlen(authpass);
+	*psecret = (sasl_secret_t *) malloc(sizeof(sasl_secret_t) + len + 1);
+	if (*psecret == NULL)
+		return SASL_FAIL;
+	(void) strlcpy((*psecret)->data, authpass, len + 1);
+	(*psecret)->len = len;
+	return SASL_OK;
+}
+
+/*
+**  SAFESASLFILE -- callback for sasl: is file safe?
+**
+**	Parameters:
+**		context -- pointer to context between invocations (unused)
+**		file -- name of file to check
+**		type -- type of file to check
+**
+**	Returns:
+**		SASL_OK: file can be used
+**		SASL_CONTINUE: don't use file
+**		SASL_FAIL: failure (not used here)
+**
+*/
+int
+# if SASL > 10515
+safesaslfile(context, file, type)
+# else /* SASL > 10515 */
+safesaslfile(context, file)
+# endif /* SASL > 10515 */
+	void *context;
+	char *file;
+# if SASL > 10515
+	int type;
+# endif /* SASL > 10515 */
+{
+	long sff;
+	int r;
+	char *p;
+
+	if (file == NULL || *file == '\0')
+		return SASL_OK;
+	sff = SFF_SAFEDIRPATH|SFF_NOWLINK|SFF_NOGWFILES|SFF_NOWWFILES|SFF_ROOTOK;
+	if ((p = strrchr(file, '/')) == NULL)
+		p = file;
+	else
+		++p;
+
+# if SASL <= 10515
+	/* everything beside libs and .conf files must not be readable */
+	r = strlen(p);
+	if ((r <= 3 || strncmp(p, "lib", 3) != 0) &&
+	    (r <= 5 || strncmp(p + r - 5, ".conf", 5) != 0)
+#  if _FFR_UNSAFE_SASL
+	    && !bitnset(DBS_GROUPREADABLESASLFILE, DontBlameSendmail)
+#  endif /* _FFR_UNSAFE_SASL */
+	   )
+		sff |= SFF_NORFILES;
+# else /* SASL > 10515 */
+	/* files containing passwords should be not readable */
+	if (type == SASL_VRFY_PASSWD)
+	{
+#  if _FFR_UNSAFE_SASL
+		if (bitnset(DBS_GROUPREADABLESASLFILE, DontBlameSendmail))
+			sff |= SFF_NOWRFILES;
+		else
+#  endif /* _FFR_UNSAFE_SASL */
+			sff |= SFF_NORFILES;
+	}
+# endif /* SASL <= 10515 */
+
+	if ((r = safefile(file, RunAsUid, RunAsGid, RunAsUserName, sff,
+			  S_IRUSR, NULL)) == 0)
+		return SASL_OK;
+	if (LogLevel >= 11 || (r != ENOENT && LogLevel >= 9))
+		sm_syslog(LOG_WARNING, NOQID, "error: safesasl(%s) failed: %s",
+			  file, errstring(r));
+	return SASL_CONTINUE;
+}
+
+/*
+**  SASLGETREALM -- return the realm for SASL
+**
+**	return the realm for the client
+**
+**	Parameters:
+**		context -- context shared between invocations
+**			here: realm to return
+**		availrealms -- list of available realms
+**			{realm, realm, ...}
+**		result -- pointer to result
+**
+**	Returns:
+**		failure/success
+*/
+static int
+saslgetrealm(context, id, availrealms, result)
+	void *context;
+	int id;
+	const char **availrealms;
+	const char **result;
+{
+	if (LogLevel > 12)
+		sm_syslog(LOG_INFO, NOQID, "saslgetrealm: realm %s available realms %s",
+			  context,
+			  availrealms == NULL ? "<No Realms>" : *availrealms);
+	if (context == NULL)
+		return SASL_FAIL;
+
+	/* check whether context is in list? */
+	if (availrealms != NULL)
+	{
+		if (iteminlist(context, (char *)(*availrealms + 1), " ,}") ==
+		    NULL)
+		{
+			if (LogLevel > 8)
+				sm_syslog(LOG_ERR, NOQID,
+					  "saslgetrealm: realm %s not in list %s",
+					  context, *availrealms);
+			return SASL_FAIL;
+		}
+	}
+	*result = (char *)context;
+	return SASL_OK;
+}
+/*
+**  ITEMINLIST -- does item appear in list?
+**
+**	Check whether item appears in list (which must be separated by a
+**	character in delim) as a "word", i.e. it must appear at the begin
+**	of the list or after a space, and it must end with a space or the
+**	end of the list.
+**
+**	Parameters:
+**		item -- item to search.
+**		list -- list of items.
+**		delim -- list of delimiters.
+**
+**	Returns:
+**		pointer to occurrence (NULL if not found).
+*/
+
+char *
+iteminlist(item, list, delim)
+	char *item;
+	char *list;
+	char *delim;
+{
+	char *s;
+	int len;
+
+	if (list == NULL || *list == '\0')
+		return NULL;
+	if (item == NULL || *item == '\0')
+		return NULL;
+	s = list;
+	len = strlen(item);
+	while (s != NULL && *s != '\0')
+	{
+		if (strncasecmp(s, item, len) == 0 &&
+		    (s[len] == '\0' || strchr(delim, s[len]) != NULL))
+			return s;
+		s = strpbrk(s, delim);
+		if (s != NULL)
+			while (*++s == ' ')
+				continue;
+	}
+	return NULL;
+}
+/*
+**  REMOVEMECH -- remove item [rem] from list [list]
+**
+**	Parameters:
+**		rem -- item to remove
+**		list -- list of items
+**
+**	Returns:
+**		pointer to new list (NULL in case of error).
+*/
+
+char *
+removemech(rem, list)
+	char *rem;
+	char *list;
+{
+	char *ret;
+	char *needle;
+	int len;
+
+	if (list == NULL)
+		return NULL;
+	if (rem == NULL || *rem == '\0')
+	{
+		/* take out what? */
+		return NULL;
+	}
+
+	/* find the item in the list */
+	if ((needle = iteminlist(rem, list, " ")) == NULL)
+	{
+		/* not in there: return original */
+		return list;
+	}
+
+	/* length of string without rem */
+	len = strlen(list) - strlen(rem);
+	if (len == 0)
+	{
+		ret = xalloc(1);  /* XXX leaked */
+		*ret = '\0';
+		return ret;
+	}
+	ret = xalloc(len);  /* XXX leaked */
+	memset(ret, '\0', len);
+
+	/* copy from start to removed item */
+	memcpy(ret, list, needle - list);
+
+	/* length of rest of string past removed item */
+	len = strlen(needle) - strlen(rem) - 1;
+	if (len > 0)
+	{
+		/* not last item -- copy into string */
+		memcpy(ret + (needle - list),
+		       list + (needle - list) + strlen(rem) + 1,
+		       len);
+	}
+	else
+		ret[(needle - list) - 1] = '\0';
+	return ret;
+}
+/*
+**  INTERSECT -- create the intersection between two lists
+**
+**	Parameters:
+**		s1, s2 -- lists of items (separated by single blanks).
+**
+**	Returns:
+**		the intersection of both lists.
+*/
+
+char *
+intersect(s1, s2)
+	char *s1, *s2;
+{
+	char *hr, *h1, *h, *res;
+	int l1, l2, rl;
+
+	if (s1 == NULL || s2 == NULL)	/* NULL string(s) -> NULL result */
+		return NULL;
+	l1 = strlen(s1);
+	l2 = strlen(s2);
+	rl = min(l1, l2);
+	res = (char *)malloc(rl + 1);
+	if (res == NULL)
+		return NULL;
+	*res = '\0';
+	if (rl == 0)	/* at least one string empty? */
+		return res;
+	hr = res;
+	h1 = s1;
+	h = s1;
+
+	/* walk through s1 */
+	while (h != NULL && *h1 != '\0')
+	{
+		/* is there something after the current word? */
+		if ((h = strchr(h1, ' ')) != NULL)
+			*h = '\0';
+		l1 = strlen(h1);
+
+		/* does the current word appear in s2 ? */
+		if (iteminlist(h1, s2, " ") != NULL)
+		{
+			/* add a blank if not first item */
+			if (hr != res)
+				*hr++ = ' ';
+
+			/* copy the item */
+			memcpy(hr, h1, l1);
+
+			/* advance pointer in result list */
+			hr += l1;
+			*hr = '\0';
+		}
+		if (h != NULL)
+		{
+			/* there are more items */
+			*h = ' ';
+			h1 = h + 1;
+		}
+	}
+	return res;
+}
+/*
+**  ATTEMPTAUTH -- try to AUTHenticate using one mechanism
+**
+**	Parameters:
+**		m -- the mailer.
+**		mci -- the mailer connection structure.
+**		e -- the envelope (including the sender to specify).
+**		mechused - filled in with mechanism used
+**
+**	Returns:
+**		EX_OK/EX_TEMPFAIL
+*/
+
+int
+attemptauth(m, mci, e, mechused)
+	MAILER *m;
+	MCI *mci;
+	ENVELOPE *e;
+	char **mechused;
+{
+	int saslresult, smtpresult;
+	sasl_external_properties_t ssf;
+	sasl_interact_t *client_interact = NULL;
+	char *out;
+	unsigned int outlen;
+	static char *mechusing;
+	sasl_security_properties_t ssp;
+	char in64[MAXOUTLEN];
+# if NETINET
+	extern SOCKADDR CurHostAddr;
+# endif /* NETINET */
+
+	*mechused = NULL;
+	if (mci->mci_conn != NULL)
+	{
+		sasl_dispose(&(mci->mci_conn));
+
+		/* just in case, sasl_dispose() should take care of it */
+		mci->mci_conn = NULL;
+	}
+
+	/* make a new client sasl connection */
+	saslresult = sasl_client_new(bitnset(M_LMTP, m->m_flags) ? "lmtp"
+								 : "smtp",
+				     CurHostName, NULL, 0, &mci->mci_conn);
+
+	/* set properties */
+	(void) memset(&ssp, '\0', sizeof ssp);
+#  if SFIO
+	/* XXX should these be options settable via .cf ? */
+	/* ssp.min_ssf = 0; is default due to memset() */
+	{
+		ssp.max_ssf = INT_MAX;
+		ssp.maxbufsize = MAXOUTLEN;
+#   if 0
+		ssp.security_flags = SASL_SEC_NOPLAINTEXT;
+#   endif /* 0 */
+	}
+#  endif /* SFIO */
+	saslresult = sasl_setprop(mci->mci_conn, SASL_SEC_PROPS, &ssp);
+	if (saslresult != SASL_OK)
+		return EX_TEMPFAIL;
+
+	/* external security strength factor, authentication id */
+	ssf.ssf = 0;
+	ssf.auth_id = NULL;
+# if _FFR_EXT_MECH
+	out = macvalue(macid("{cert_subject}", NULL), e);
+	if (out != NULL && *out != '\0')
+		ssf.auth_id = out;
+	out = macvalue(macid("{cipher_bits}", NULL), e);
+	if (out != NULL && *out != '\0')
+		ssf.ssf = atoi(out);
+# endif /* _FFR_EXT_MECH */
+	saslresult = sasl_setprop(mci->mci_conn, SASL_SSF_EXTERNAL, &ssf);
+	if (saslresult != SASL_OK)
+		return EX_TEMPFAIL;
+
+# if NETINET
+	/* set local/remote ipv4 addresses */
+	if (mci->mci_out != NULL && CurHostAddr.sa.sa_family == AF_INET)
+	{
+		SOCKADDR_LEN_T addrsize;
+		struct sockaddr_in saddr_l;
+
+		if (sasl_setprop(mci->mci_conn, SASL_IP_REMOTE,
+				 (struct sockaddr_in *) &CurHostAddr)
+		    != SASL_OK)
+			return EX_TEMPFAIL;
+		addrsize = sizeof(struct sockaddr_in);
+		if (getsockname(fileno(mci->mci_out),
+				(struct sockaddr *) &saddr_l, &addrsize) != 0)
+		{
+			if (sasl_setprop(mci->mci_conn, SASL_IP_LOCAL,
+					 &saddr_l) != SASL_OK)
+				return EX_TEMPFAIL;
+		}
+	}
+# endif /* NETINET */
+
+	/* start client side of sasl */
+	saslresult = sasl_client_start(mci->mci_conn, mci->mci_saslcap,
+				       NULL, &client_interact,
+				       &out, &outlen,
+				       (const char **)&mechusing);
+	callbacks[CB_AUTHNAME_IDX].context = mechusing;
+
+	if (saslresult != SASL_OK && saslresult != SASL_CONTINUE)
+	{
+#  if SFIO
+		if (saslresult == SASL_NOMECH && LogLevel > 8)
+		{
+			sm_syslog(LOG_NOTICE, e->e_id,
+				  "available AUTH mechanisms do not fulfill requirements");
+		}
+#  endif /* SFIO */
+		return EX_TEMPFAIL;
+	}
+
+	*mechused = mechusing;
+
+	/* send the info across the wire */
+	if (outlen > 0)
+	{
+		saslresult = sasl_encode64(out, outlen, in64, MAXOUTLEN, NULL);
+		if (saslresult != SASL_OK) /* internal error */
+		{
+			if (LogLevel > 8)
+				sm_syslog(LOG_ERR, e->e_id,
+					"encode64 for AUTH failed");
+			return EX_TEMPFAIL;
+		}
+		smtpmessage("AUTH %s %s", m, mci, mechusing, in64);
+	}
+	else
+	{
+		smtpmessage("AUTH %s", m, mci, mechusing);
+	}
+
+	/* get the reply */
+	smtpresult = reply(m, mci, e, TimeOuts.to_datafinal, getsasldata, NULL);
+	/* which timeout? XXX */
+
+	for (;;)
+	{
+		/* check return code from server */
+		if (smtpresult == 235)
+		{
+			define(macid("{auth_type}", NULL),
+			       newstr(mechusing), e);
+#  if !SFIO
+			if (LogLevel > 9)
+				sm_syslog(LOG_INFO, NOQID,
+					  "SASL: outgoing connection to %.64s: mech=%.16s",
+					  mci->mci_host, mechusing);
+#  endif /* !SFIO */
+			return EX_OK;
+		}
+		if (smtpresult == -1)
+			return EX_IOERR;
+		if (smtpresult != 334)
+			return EX_TEMPFAIL;
+
+		saslresult = sasl_client_step(mci->mci_conn,
+					      mci->mci_sasl_string,
+					      mci->mci_sasl_string_len,
+					      &client_interact,
+					      &out, &outlen);
+
+		if (saslresult != SASL_OK && saslresult != SASL_CONTINUE)
+		{
+			if (tTd(95, 5))
+				dprintf("AUTH FAIL: %s (%d)\n",
+					sasl_errstring(saslresult, NULL, NULL),
+					saslresult);
+
+			/* fail deliberately, see RFC 2254 4. */
+			smtpmessage("*", m, mci);
+
+			/*
+			**  but we should only fail for this authentication
+			**  mechanism; how to do that?
+			*/
+
+			smtpresult = reply(m, mci, e, TimeOuts.to_datafinal,
+					   getsasldata, NULL);
+			return EX_TEMPFAIL;
+		}
+
+		if (outlen > 0)
+		{
+			saslresult = sasl_encode64(out, outlen, in64,
+						   MAXOUTLEN, NULL);
+			if (saslresult != SASL_OK)
+			{
+				/* give an error reply to the other side! */
+				smtpmessage("*", m, mci);
+				return EX_TEMPFAIL;
+			}
+		}
+		else
+			in64[0] = '\0';
+		smtpmessage(in64, m, mci);
+		smtpresult = reply(m, mci, e, TimeOuts.to_datafinal,
+				   getsasldata, NULL);
+		/* which timeout? XXX */
+	}
+	/* NOTREACHED */
+}
+
+/*
+**  SMTPAUTH -- try to AUTHenticate
+**
+**	This will try mechanisms in the order the sasl library decided until:
+**	- there are no more mechanisms
+**	- a mechanism succeeds
+**	- the sasl library fails initializing
+**
+**	Parameters:
+**		m -- the mailer.
+**		mci -- the mailer connection info.
+**		e -- the envelope.
+**
+**	Returns:
+**		EX_OK/EX_TEMPFAIL
+*/
+
+int
+smtpauth(m, mci, e)
+	MAILER *m;
+	MCI *mci;
+	ENVELOPE *e;
+{
+	int result;
+	char *mechused;
+	char *h;
+	static char *defrealm = NULL;
+	static char *mechs = NULL;
+
+	mci->mci_sasl_auth = FALSE;
+	if (defrealm == NULL)
+	{
+		h = readauth(SASL_DEFREALM, SASLInfo, TRUE);
+		if (h != NULL && *h != '\0')
+			defrealm = newstr(h);
+	}
+	if (defrealm == NULL || *defrealm == '\0')
+		defrealm = newstr(macvalue('j', CurEnv));
+	callbacks[CB_GETREALM_IDX].context = defrealm;
+
+# if _FFR_DEFAUTHINFO_MECHS
+	if (mechs == NULL)
+	{
+		h = readauth(SASL_MECH, SASLInfo, TRUE);
+		if (h != NULL && *h != '\0')
+			mechs = newstr(h);
+	}
+# endif /* _FFR_DEFAUTHINFO_MECHS */
+	if (mechs == NULL || *mechs == '\0')
+		mechs = AuthMechanisms;
+	mci->mci_saslcap = intersect(mechs, mci->mci_saslcap);
+
+	/* initialize sasl client library */
+	result = sasl_client_init(callbacks);
+	if (result != SASL_OK)
+		return EX_TEMPFAIL;
+	do
+	{
+		result = attemptauth(m, mci, e, &mechused);
+		if (result == EX_OK)
+			mci->mci_sasl_auth = TRUE;
+		else if (result == EX_TEMPFAIL)
+		{
+			mci->mci_saslcap = removemech(mechused,
+						      mci->mci_saslcap);
+			if (mci->mci_saslcap == NULL ||
+			    *(mci->mci_saslcap) == '\0')
+				return EX_TEMPFAIL;
+		}
+		else	/* all others for now */
+			return EX_TEMPFAIL;
+	} while (result != EX_OK);
+	return result;
+}
+# endif /* SASL */
+
 /*
 **  SMTPMAILFROM -- send MAIL command
 **
@@ -331,17 +1402,23 @@ smtpmailfrom(m, mci, e)
 	char *bodytype;
 	char buf[MAXNAME + 1];
 	char optbuf[MAXLINE];
+	char *enhsc;
 
 	if (tTd(18, 2))
-		printf("smtpmailfrom: CurHost=%s\n", CurHostName);
+		dprintf("smtpmailfrom: CurHost=%s\n", CurHostName);
+	enhsc = NULL;
 
 	/* set up appropriate options to include */
-	bufp = optbuf;
 	if (bitset(MCIF_SIZE, mci->mci_flags) && e->e_msgsize > 0)
+	{
 		snprintf(optbuf, sizeof optbuf, " SIZE=%ld", e->e_msgsize);
+		bufp = &optbuf[strlen(optbuf)];
+	}
 	else
-		strcpy(optbuf, "");
-	bufp = &optbuf[strlen(optbuf)];
+	{
+		optbuf[0] = '\0';
+		bufp = optbuf;
+	}
 
 	bodytype = e->e_bodytype;
 	if (bitset(MCIF_8BITMIME, mci->mci_flags))
@@ -364,9 +1441,10 @@ smtpmailfrom(m, mci, e)
 		 !bitset(EF_HAS8BIT, e->e_flags) ||
 		 bitset(MCIF_8BITOK, mci->mci_flags))
 	{
+		/* EMPTY */
 		/* just pass it through */
 	}
-#if MIME8TO7
+# if MIME8TO7
 	else if (bitset(MM_CVTMIME, MimeMode) &&
 		 !bitset(EF_DONT_MIME, e->e_flags) &&
 		 (!bitset(MM_PASS8BIT, MimeMode) ||
@@ -375,13 +1453,13 @@ smtpmailfrom(m, mci, e)
 		/* must convert from 8bit MIME format to 7bit encoded */
 		mci->mci_flags |= MCIF_CVT8TO7;
 	}
-#endif
+# endif /* MIME8TO7 */
 	else if (!bitset(MM_PASS8BIT, MimeMode))
 	{
 		/* cannot just send a 8-bit version */
 		extern char MsgBuf[];
 
-		usrerr("%s does not support 8BITMIME", CurHostName);
+		usrerrenh("5.6.3", "%s does not support 8BITMIME", CurHostName);
 		mci_setstat(mci, EX_NOTSTICKY, "5.6.3", MsgBuf);
 		return EX_DATAERR;
 	}
@@ -408,6 +1486,18 @@ smtpmailfrom(m, mci, e)
 		}
 	}
 
+	if (bitset(MCIF_AUTH, mci->mci_flags) && e->e_auth_param != NULL &&
+	    SPACELEFT(optbuf, bufp) > strlen(e->e_auth_param) + 7
+# if SASL
+	     && (!bitset(SASL_AUTH_AUTH, SASLOpts) || mci->mci_sasl_auth)
+# endif /* SASL */
+	    )
+	{
+		snprintf(bufp, SPACELEFT(optbuf, bufp),
+			 " AUTH=%s", e->e_auth_param);
+		bufp += strlen(bufp);
+	}
+
 	/*
 	**  Send the MAIL command.
 	**	Designates the sender.
@@ -417,7 +1507,7 @@ smtpmailfrom(m, mci, e)
 
 	if (bitset(EF_RESPONSE, e->e_flags) &&
 	    !bitnset(M_NO_NULL_FROM, m->m_flags))
-		(void) strcpy(buf, "");
+		buf[0] = '\0';
 	else
 		expand("\201g", buf, sizeof buf, e);
 	if (buf[0] == '<')
@@ -441,8 +1531,9 @@ smtpmailfrom(m, mci, e)
 			*bufp == '@' ? ',' : ':', bufp, optbuf);
 	}
 	SmtpPhase = mci->mci_phase = "client MAIL";
-	sm_setproctitle(TRUE, "%s %s: %s", e->e_id, CurHostName, mci->mci_phase);
-	r = reply(m, mci, e, TimeOuts.to_mail, NULL);
+	sm_setproctitle(TRUE, e, "%s %s: %s", qid_printname(e),
+			CurHostName, mci->mci_phase);
+	r = reply(m, mci, e, TimeOuts.to_mail, NULL, &enhsc);
 	if (r < 0)
 	{
 		/* communications failure */
@@ -454,13 +1545,15 @@ smtpmailfrom(m, mci, e)
 	else if (r == 421)
 	{
 		/* service shutting down */
-		mci_setstat(mci, EX_TEMPFAIL, "4.5.0", SmtpReplyBuffer);
+		mci_setstat(mci, EX_TEMPFAIL, ENHSCN(enhsc, "4.5.0"),
+			    SmtpReplyBuffer);
 		smtpquit(m, mci, e);
 		return EX_TEMPFAIL;
 	}
 	else if (REPLYTYPE(r) == 4)
 	{
-		mci_setstat(mci, EX_NOTSTICKY, smtptodsn(r), SmtpReplyBuffer);
+		mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, smtptodsn(r)),
+			    SmtpReplyBuffer);
 		return EX_TEMPFAIL;
 	}
 	else if (REPLYTYPE(r) == 2)
@@ -470,19 +1563,22 @@ smtpmailfrom(m, mci, e)
 	else if (r == 501)
 	{
 		/* syntax error in arguments */
-		mci_setstat(mci, EX_NOTSTICKY, "5.5.2", SmtpReplyBuffer);
+		mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.5.2"),
+			    SmtpReplyBuffer);
 		return EX_DATAERR;
 	}
 	else if (r == 553)
 	{
 		/* mailbox name not allowed */
-		mci_setstat(mci, EX_NOTSTICKY, "5.1.3", SmtpReplyBuffer);
+		mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.1.3"),
+			    SmtpReplyBuffer);
 		return EX_DATAERR;
 	}
 	else if (r == 552)
 	{
 		/* exceeded storage allocation */
-		mci_setstat(mci, EX_NOTSTICKY, "5.3.4", SmtpReplyBuffer);
+		mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.3.4"),
+			    SmtpReplyBuffer);
 		if (bitset(MCIF_SIZE, mci->mci_flags))
 			e->e_flags |= EF_NO_BODY_RETN;
 		return EX_UNAVAILABLE;
@@ -490,20 +1586,22 @@ smtpmailfrom(m, mci, e)
 	else if (REPLYTYPE(r) == 5)
 	{
 		/* unknown error */
-		mci_setstat(mci, EX_NOTSTICKY, "5.0.0", SmtpReplyBuffer);
+		mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.0.0"),
+			    SmtpReplyBuffer);
 		return EX_UNAVAILABLE;
 	}
 
 	if (LogLevel > 1)
 	{
 		sm_syslog(LOG_CRIT, e->e_id,
-			"%.100s: SMTP MAIL protocol error: %s",
-			CurHostName,
-			shortenstring(SmtpReplyBuffer, 403));
+			  "%.100s: SMTP MAIL protocol error: %s",
+			  CurHostName,
+			  shortenstring(SmtpReplyBuffer, 403));
 	}
 
 	/* protocol error -- close up */
-	mci_setstat(mci, EX_PROTOCOL, "5.5.1", SmtpReplyBuffer);
+	mci_setstat(mci, EX_PROTOCOL, ENHSCN(enhsc, "5.5.1"),
+		    SmtpReplyBuffer);
 	smtpquit(m, mci, e);
 	return EX_PROTOCOL;
 }
@@ -533,9 +1631,16 @@ smtprcpt(to, m, mci, e)
 	register int r;
 	char *bufp;
 	char optbuf[MAXLINE];
+	char *enhsc;
+
+	enhsc = NULL;
+	optbuf[0] = '\0';
+	bufp = optbuf;
 
-	strcpy(optbuf, "");
-	bufp = &optbuf[strlen(optbuf)];
+	/*
+	**  warning: in the following it is assumed that the free space
+	**  in bufp is sizeof optbuf
+	*/
 	if (bitset(MCIF_DSN, mci->mci_flags))
 	{
 		/* NOTIFY= parameter */
@@ -545,28 +1650,30 @@ smtprcpt(to, m, mci, e)
 		{
 			bool firstone = TRUE;
 
-			strcat(bufp, " NOTIFY=");
+			(void) strlcat(bufp, " NOTIFY=", sizeof optbuf);
 			if (bitset(QPINGONSUCCESS, to->q_flags))
 			{
-				strcat(bufp, "SUCCESS");
+				(void) strlcat(bufp, "SUCCESS", sizeof optbuf);
 				firstone = FALSE;
 			}
 			if (bitset(QPINGONFAILURE, to->q_flags))
 			{
 				if (!firstone)
-					strcat(bufp, ",");
-				strcat(bufp, "FAILURE");
+					(void) strlcat(bufp, ",",
+						       sizeof optbuf);
+				(void) strlcat(bufp, "FAILURE", sizeof optbuf);
 				firstone = FALSE;
 			}
 			if (bitset(QPINGONDELAY, to->q_flags))
 			{
 				if (!firstone)
-					strcat(bufp, ",");
-				strcat(bufp, "DELAY");
+					(void) strlcat(bufp, ",",
+						       sizeof optbuf);
+				(void) strlcat(bufp, "DELAY", sizeof optbuf);
 				firstone = FALSE;
 			}
 			if (firstone)
-				strcat(bufp, "NEVER");
+				(void) strlcat(bufp, "NEVER", sizeof optbuf);
 			bufp += strlen(bufp);
 		}
 
@@ -583,28 +1690,30 @@ smtprcpt(to, m, mci, e)
 	smtpmessage("RCPT To:<%s>%s", m, mci, to->q_user, optbuf);
 
 	SmtpPhase = mci->mci_phase = "client RCPT";
-	sm_setproctitle(TRUE, "%s %s: %s", e->e_id, CurHostName, mci->mci_phase);
-	r = reply(m, mci, e, TimeOuts.to_rcpt, NULL);
+	sm_setproctitle(TRUE, e, "%s %s: %s", qid_printname(e),
+			CurHostName, mci->mci_phase);
+	r = reply(m, mci, e, TimeOuts.to_rcpt, NULL, &enhsc);
 	to->q_rstatus = newstr(SmtpReplyBuffer);
-	to->q_status = smtptodsn(r);
-	to->q_statmta = mci->mci_host;
+	to->q_status = ENHSCN(enhsc, smtptodsn(r));
+	if (!bitnset(M_LMTP, m->m_flags))
+		to->q_statmta = mci->mci_host;
 	if (r < 0 || REPLYTYPE(r) == 4)
 		return EX_TEMPFAIL;
 	else if (REPLYTYPE(r) == 2)
 		return EX_OK;
 	else if (r == 550)
 	{
-		to->q_status = "5.1.1";
+		to->q_status = ENHSCN(enhsc, "5.1.1");
 		return EX_NOUSER;
 	}
 	else if (r == 551)
 	{
-		to->q_status = "5.1.6";
+		to->q_status = ENHSCN(enhsc, "5.1.6");
 		return EX_NOUSER;
 	}
 	else if (r == 553)
 	{
-		to->q_status = "5.1.3";
+		to->q_status = ENHSCN(enhsc, "5.1.3");
 		return EX_NOUSER;
 	}
 	else if (REPLYTYPE(r) == 5)
@@ -615,12 +1724,13 @@ smtprcpt(to, m, mci, e)
 	if (LogLevel > 1)
 	{
 		sm_syslog(LOG_CRIT, e->e_id,
-			"%.100s: SMTP RCPT protocol error: %s",
-			CurHostName,
-			shortenstring(SmtpReplyBuffer, 403));
+			  "%.100s: SMTP RCPT protocol error: %s",
+			  CurHostName,
+			  shortenstring(SmtpReplyBuffer, 403));
 	}
 
-	mci_setstat(mci, EX_PROTOCOL, "5.5.1", SmtpReplyBuffer);
+	mci_setstat(mci, EX_PROTOCOL, ENHSCN(enhsc, "5.5.1"),
+		    SmtpReplyBuffer);
 	return EX_PROTOCOL;
 }
 /*
@@ -639,7 +1749,6 @@ smtprcpt(to, m, mci, e)
 */
 
 static jmp_buf	CtxDataTimeout;
-static void	datatimeout __P((void));
 
 int
 smtpdata(m, mci, e)
@@ -652,7 +1761,9 @@ smtpdata(m, mci, e)
 	int rstat;
 	int xstat;
 	time_t timeout;
+	char *enhsc;
 
+	enhsc = NULL;
 	/*
 	**  Send the data.
 	**	First send the command and check that it is ok.
@@ -664,8 +1775,9 @@ smtpdata(m, mci, e)
 	/* send the command and check ok to proceed */
 	smtpmessage("DATA", m, mci);
 	SmtpPhase = mci->mci_phase = "client DATA 354";
-	sm_setproctitle(TRUE, "%s %s: %s", e->e_id, CurHostName, mci->mci_phase);
-	r = reply(m, mci, e, TimeOuts.to_datainit, NULL);
+	sm_setproctitle(TRUE, e, "%s %s: %s",
+			qid_printname(e), CurHostName, mci->mci_phase);
+	r = reply(m, mci, e, TimeOuts.to_datainit, NULL, &enhsc);
 	if (r < 0 || REPLYTYPE(r) == 4)
 	{
 		smtpquit(m, mci, e);
@@ -681,13 +1793,14 @@ smtpdata(m, mci, e)
 		if (LogLevel > 1)
 		{
 			sm_syslog(LOG_CRIT, e->e_id,
-				"%.100s: SMTP DATA-1 protocol error: %s",
-				CurHostName,
-				shortenstring(SmtpReplyBuffer, 403));
+				  "%.100s: SMTP DATA-1 protocol error: %s",
+				  CurHostName,
+				  shortenstring(SmtpReplyBuffer, 403));
 		}
 		smtprset(m, mci, e);
-		mci_setstat(mci, EX_PROTOCOL, "5.5.1", SmtpReplyBuffer);
-		return (EX_PROTOCOL);
+		mci_setstat(mci, EX_PROTOCOL, ENHSCN(enhsc, "5.5.1"),
+			    SmtpReplyBuffer);
+		return EX_PROTOCOL;
 	}
 
 	/*
@@ -701,17 +1814,39 @@ smtpdata(m, mci, e)
 		mci->mci_errno = errno;
 		mci->mci_state = MCIS_ERROR;
 		mci_setstat(mci, EX_TEMPFAIL, "4.4.2", NULL);
-		syserr("451 timeout writing message to %s", CurHostName);
+
+		/*
+		**  If putbody() couldn't finish due to a timeout,
+		**  rewind it here in the timeout handler.  See
+		**  comments at the end of putbody() for reasoning.
+		*/
+
+		if (e->e_dfp != NULL)
+			(void) bfrewind(e->e_dfp);
+
+		errno = mci->mci_errno;
+		syserr("451 4.4.1 timeout writing message to %s", CurHostName);
 		smtpquit(m, mci, e);
 		return EX_TEMPFAIL;
 	}
 
-	timeout = e->e_msgsize / 16;
-	if (timeout < (time_t) 600)
-		timeout = (time_t) 600;
-	timeout += e->e_nrcpts * 300;
+	if (tTd(18, 101))
+	{
+		/* simulate a DATA timeout */
+		timeout = 1;
+	}
+	else
+		timeout = DATA_PROGRESS_TIMEOUT;
+
 	ev = setevent(timeout, datatimeout, 0);
 
+
+	if (tTd(18, 101))
+	{
+		/* simulate a DATA timeout */
+		(void) sleep(1);
+	}
+
 	/*
 	**  Output the actual message.
 	*/
@@ -725,6 +1860,36 @@ smtpdata(m, mci, e)
 
 	clrevent(ev);
 
+# if _FFR_CATCH_BROKEN_MTAS
+	{
+		fd_set readfds;
+		struct timeval timeout;
+
+		FD_ZERO(&readfds);
+		FD_SET(fileno(mci->mci_in), &readfds);
+		timeout.tv_sec = 0;
+		timeout.tv_usec = 0;
+		if (select(fileno(mci->mci_in) + 1, FDSET_CAST &readfds,
+			   NULL, NULL, &timeout) > 0 &&
+		    FD_ISSET(fileno(mci->mci_in), &readfds))
+		{
+			/* terminate the message */
+			fprintf(mci->mci_out, ".%s", m->m_eol);
+			if (TrafficLogFile != NULL)
+				fprintf(TrafficLogFile, "%05d >>> .\n",
+					(int) getpid());
+			if (Verbose)
+				nmessage(">>> .");
+
+			mci->mci_errno = EIO;
+			mci->mci_state = MCIS_ERROR;
+			mci_setstat(mci, EX_PROTOCOL, "5.5.0", NULL);
+			smtpquit(m, mci, e);
+			return EX_PROTOCOL;
+		}
+	}
+# endif /* _FFR_CATCH_BROKEN_MTAS */
+
 	if (ferror(mci->mci_out))
 	{
 		/* error during processing -- don't send the dot */
@@ -744,10 +1909,11 @@ smtpdata(m, mci, e)
 
 	/* check for the results of the transaction */
 	SmtpPhase = mci->mci_phase = "client DATA status";
-	sm_setproctitle(TRUE, "%s %s: %s", e->e_id, CurHostName, mci->mci_phase);
+	sm_setproctitle(TRUE, e, "%s %s: %s", qid_printname(e),
+			CurHostName, mci->mci_phase);
 	if (bitnset(M_LMTP, m->m_flags))
 		return EX_OK;
-	r = reply(m, mci, e, TimeOuts.to_datafinal, NULL);
+	r = reply(m, mci, e, TimeOuts.to_datafinal, NULL, &enhsc);
 	if (r < 0)
 	{
 		smtpquit(m, mci, e);
@@ -767,18 +1933,24 @@ smtpdata(m, mci, e)
 		rstat = EX_UNAVAILABLE;
 	else
 		rstat = EX_PROTOCOL;
-	mci_setstat(mci, xstat, smtptodsn(r), SmtpReplyBuffer);
+	mci_setstat(mci, xstat, ENHSCN(enhsc, smtptodsn(r)),
+		    SmtpReplyBuffer);
 	if (e->e_statmsg != NULL)
 		free(e->e_statmsg);
-	e->e_statmsg = newstr(&SmtpReplyBuffer[4]);
+	if (bitset(MCIF_ENHSTAT, mci->mci_flags) &&
+	    (r = isenhsc(SmtpReplyBuffer + 4, ' ')) > 0)
+		r += 5;
+	else
+		r = 4;
+	e->e_statmsg = newstr(&SmtpReplyBuffer[r]);
 	if (rstat != EX_PROTOCOL)
 		return rstat;
 	if (LogLevel > 1)
 	{
 		sm_syslog(LOG_CRIT, e->e_id,
-			"%.100s: SMTP DATA-2 protocol error: %s",
-			CurHostName,
-			shortenstring(SmtpReplyBuffer, 403));
+			  "%.100s: SMTP DATA-2 protocol error: %s",
+			  CurHostName,
+			  shortenstring(SmtpReplyBuffer, 403));
 	}
 	return rstat;
 }
@@ -787,7 +1959,28 @@ smtpdata(m, mci, e)
 static void
 datatimeout()
 {
-	longjmp(CtxDataTimeout, 1);
+	if (DataProgress)
+	{
+		time_t timeout;
+		register EVENT *ev;
+
+		/* check back again later */
+		if (tTd(18, 101))
+		{
+			/* simulate a DATA timeout */
+			timeout = 1;
+		}
+		else
+			timeout = DATA_PROGRESS_TIMEOUT;
+
+		DataProgress = FALSE;
+		ev = setevent(timeout, datatimeout, 0);
+	}
+	else
+	{
+		/* no progress, give up */
+		longjmp(CtxDataTimeout, 1);
+	}
 }
 /*
 **  SMTPGETSTAT -- get status code from DATA in LMTP
@@ -808,37 +2001,45 @@ smtpgetstat(m, mci, e)
 	ENVELOPE *e;
 {
 	int r;
-	int stat;
+	int status;
+	char *enhsc;
 
+	enhsc = NULL;
 	/* check for the results of the transaction */
-	r = reply(m, mci, e, TimeOuts.to_datafinal, NULL);
+	r = reply(m, mci, e, TimeOuts.to_datafinal, NULL, &enhsc);
 	if (r < 0)
 	{
 		smtpquit(m, mci, e);
 		return EX_TEMPFAIL;
 	}
-	if (e->e_statmsg != NULL)
-		free(e->e_statmsg);
-	e->e_statmsg = newstr(&SmtpReplyBuffer[4]);
 	if (REPLYTYPE(r) == 4)
-		stat = EX_TEMPFAIL;
+		status = EX_TEMPFAIL;
 	else if (REPLYCLASS(r) != 5)
-		stat = EX_PROTOCOL;
+		status = EX_PROTOCOL;
 	else if (REPLYTYPE(r) == 2)
-		stat = EX_OK;
+		status = EX_OK;
 	else if (REPLYTYPE(r) == 5)
-		stat = EX_UNAVAILABLE;
+		status = EX_UNAVAILABLE;
+	else
+		status = EX_PROTOCOL;
+	if (e->e_statmsg != NULL)
+		free(e->e_statmsg);
+	if (bitset(MCIF_ENHSTAT, mci->mci_flags) &&
+	    (r = isenhsc(SmtpReplyBuffer + 4, ' ')) > 0)
+		r += 5;
 	else
-		stat = EX_PROTOCOL;
-	mci_setstat(mci, stat, smtptodsn(r), SmtpReplyBuffer);
-	if (LogLevel > 1 && stat == EX_PROTOCOL)
+		r = 4;
+	e->e_statmsg = newstr(&SmtpReplyBuffer[r]);
+	mci_setstat(mci, status, ENHSCN(enhsc, smtptodsn(r)),
+		    SmtpReplyBuffer);
+	if (LogLevel > 1 && status == EX_PROTOCOL)
 	{
 		sm_syslog(LOG_CRIT, e->e_id,
-			"%.100s: SMTP DATA-3 protocol error: %s",
-			CurHostName,
-			shortenstring(SmtpReplyBuffer, 403));
+			  "%.100s: SMTP DATA-3 protocol error: %s",
+			  CurHostName,
+			  shortenstring(SmtpReplyBuffer, 403));
 	}
-	return stat;
+	return status;
 }
 /*
 **  SMTPQUIT -- close the SMTP connection.
@@ -862,10 +2063,15 @@ smtpquit(m, mci, e)
 	ENVELOPE *e;
 {
 	bool oldSuprErrs = SuprErrs;
+	int rcode;
+
+	CurHostName = mci->mci_host;		/* XXX UGLY XXX */
+	if (CurHostName == NULL)
+		CurHostName = MyHostName;
 
 	/*
 	**	Suppress errors here -- we may be processing a different
-	**	job when we do the quit connection, and we don't want the 
+	**	job when we do the quit connection, and we don't want the
 	**	new job to be penalized for something that isn't it's
 	**	problem.
 	*/
@@ -873,18 +2079,38 @@ smtpquit(m, mci, e)
 	SuprErrs = TRUE;
 
 	/* send the quit message if we haven't gotten I/O error */
-	if (mci->mci_state != MCIS_ERROR)
+	if (mci->mci_state != MCIS_ERROR &&
+	    mci->mci_state != MCIS_QUITING)
 	{
+		int origstate = mci->mci_state;
+
 		SmtpPhase = "client QUIT";
+		mci->mci_state = MCIS_QUITING;
 		smtpmessage("QUIT", m, mci);
-		(void) reply(m, mci, e, TimeOuts.to_quit, NULL);
+		(void) reply(m, mci, e, TimeOuts.to_quit, NULL, NULL);
 		SuprErrs = oldSuprErrs;
-		if (mci->mci_state == MCIS_CLOSED)
+		if (mci->mci_state == MCIS_CLOSED ||
+		    origstate == MCIS_CLOSED)
 			return;
 	}
 
 	/* now actually close the connection and pick up the zombie */
-	(void) endmailer(mci, e, NULL);
+	rcode = endmailer(mci, e, NULL);
+	if (rcode != EX_OK)
+	{
+		char *mailer = NULL;
+
+		if (mci->mci_mailer != NULL &&
+		    mci->mci_mailer->m_name != NULL)
+			mailer = mci->mci_mailer->m_name;
+
+		/* look for naughty mailers */
+		sm_syslog(LOG_ERR, e->e_id,
+			  "smtpquit: mailer%s%s exited with exit value %d\n",
+			  mailer == NULL ? "" : " ",
+			  mailer == NULL ? "" : mailer,
+			  rcode);
+	}
 
 	SuprErrs = oldSuprErrs;
 }
@@ -900,13 +2126,23 @@ smtprset(m, mci, e)
 {
 	int r;
 
+	CurHostName = mci->mci_host;		/* XXX UGLY XXX */
+	if (CurHostName == NULL)
+		CurHostName = MyHostName;
+
 	SmtpPhase = "client RSET";
 	smtpmessage("RSET", m, mci);
-	r = reply(m, mci, e, TimeOuts.to_rset, NULL);
+	r = reply(m, mci, e, TimeOuts.to_rset, NULL, NULL);
 	if (r < 0)
 		mci->mci_state = MCIS_ERROR;
-	else if (REPLYTYPE(r) == 2)
+	else
 	{
+		/*
+		**  Any response is deemed to be acceptable.
+		**  The standard does not state the proper action
+		**  to take when a value other than 250 is received.
+		*/
+
 		mci->mci_state = MCIS_OPEN;
 		return;
 	}
@@ -922,12 +2158,17 @@ smtpprobe(mci)
 {
 	int r;
 	MAILER *m = mci->mci_mailer;
+	ENVELOPE *e;
 	extern ENVELOPE BlankEnvelope;
-	ENVELOPE *e = &BlankEnvelope;
 
+	CurHostName = mci->mci_host;		/* XXX UGLY XXX */
+	if (CurHostName == NULL)
+		CurHostName = MyHostName;
+
+	e = &BlankEnvelope;
 	SmtpPhase = "client probe";
 	smtpmessage("RSET", m, mci);
-	r = reply(m, mci, e, TimeOuts.to_miscshort, NULL);
+	r = reply(m, mci, e, TimeOuts.to_miscshort, NULL, NULL);
 	if (r < 0 || REPLYTYPE(r) != 2)
 		smtpquit(m, mci, e);
 	return r;
@@ -951,23 +2192,26 @@ smtpprobe(mci)
 */
 
 int
-reply(m, mci, e, timeout, pfunc)
+reply(m, mci, e, timeout, pfunc, enhstat)
 	MAILER *m;
 	MCI *mci;
 	ENVELOPE *e;
 	time_t timeout;
 	void (*pfunc)();
+	char **enhstat;
 {
 	register char *bufp;
 	register int r;
 	bool firstline = TRUE;
 	char junkbuf[MAXLINE];
+	static char enhstatcode[ENHSCLEN];
+	int save_errno;
 
 	if (mci->mci_out != NULL)
 		(void) fflush(mci->mci_out);
 
 	if (tTd(18, 1))
-		printf("reply\n");
+		dprintf("reply\n");
 
 	/*
 	**  Read the input line, being careful not to hang.
@@ -984,10 +2228,10 @@ reply(m, mci, e, timeout, pfunc)
 
 		/* if we are in the process of closing just give the code */
 		if (mci->mci_state == MCIS_CLOSED)
-			return (SMTPCLOSING);
+			return SMTPCLOSING;
 
 		if (mci->mci_out != NULL)
-			fflush(mci->mci_out);
+			(void) fflush(mci->mci_out);
 
 		/* get the line from the other side */
 		p = sfgets(bufp, MAXLINE, mci->mci_in, timeout, SmtpPhase);
@@ -1009,7 +2253,8 @@ reply(m, mci, e, timeout, pfunc)
 			mci->mci_errno = errno;
 			oldholderrs = HoldErrs;
 			HoldErrs = TRUE;
-			usrerr("451 reply: read error from %s", CurHostName);
+			usrerr("451 4.4.1 reply: read error from %s",
+			       CurHostName == NULL ? "NO_HOST" : CurHostName);
 
 			/* errors on QUIT should not be persistent */
 			if (strncmp(SmtpMsgBuffer, "QUIT", 4) != 0)
@@ -1017,15 +2262,16 @@ reply(m, mci, e, timeout, pfunc)
 
 			/* if debugging, pause so we can see state */
 			if (tTd(18, 100))
-				pause();
+				(void) pause();
 			mci->mci_state = MCIS_ERROR;
+			save_errno = errno;
 			smtpquit(m, mci, e);
-#if XDEBUG
+# if XDEBUG
 			{
 				char wbuf[MAXLINE];
-				char *p = wbuf;
 				int wbufleft = sizeof wbuf;
 
+				p = wbuf;
 				if (e->e_to != NULL)
 				{
 					int plen;
@@ -1041,9 +2287,10 @@ reply(m, mci, e, timeout, pfunc)
 					 SmtpPhase);
 				checkfd012(wbuf);
 			}
-#endif
+# endif /* XDEBUG */
+			errno = save_errno;
 			HoldErrs = oldholderrs;
-			return (-1);
+			return -1;
 		}
 		fixcrlf(bufp, TRUE);
 
@@ -1057,7 +2304,7 @@ reply(m, mci, e, timeout, pfunc)
 				/* inform user who we are chatting with */
 				fprintf(CurEnv->e_xfp,
 					"... while talking to %s:\n",
-					CurHostName);
+					CurHostName == NULL ? "NO_HOST" : CurHostName);
 				SmtpNeedIntro = FALSE;
 			}
 			if (SmtpMsgBuffer[0] != '\0')
@@ -1072,13 +2319,15 @@ reply(m, mci, e, timeout, pfunc)
 		if (Verbose)
 			nmessage("050 %s", bufp);
 
-		/* ignore improperly formated input */
-		if (!(isascii(bufp[0]) && isdigit(bufp[0])) ||
-		    !(isascii(bufp[1]) && isdigit(bufp[1])) ||
-		    !(isascii(bufp[2]) && isdigit(bufp[2])) ||
-		    !(bufp[3] == ' ' || bufp[3] == '-' || bufp[3] == '\0'))
+		/* ignore improperly formatted input */
+		if (!ISSMTPREPLY(bufp))
 			continue;
 
+		if (bitset(MCIF_ENHSTAT, mci->mci_flags) &&
+		    enhstat != NULL &&
+		    extenhsc(bufp + 4, ' ', enhstatcode) > 0)
+			*enhstat = enhstatcode;
+
 		/* process the line */
 		if (pfunc != NULL)
 			(*pfunc)(bufp, firstline, m, mci, e);
@@ -1118,7 +2367,7 @@ reply(m, mci, e, timeout, pfunc)
 		smtpquit(m, mci, e);
 	}
 
-	return (r);
+	return r;
 }
 /*
 **  SMTPMESSAGE -- send message to server
@@ -1137,15 +2386,15 @@ reply(m, mci, e, timeout, pfunc)
 
 /*VARARGS1*/
 void
-#ifdef __STDC__
+# ifdef __STDC__
 smtpmessage(char *f, MAILER *m, MCI *mci, ...)
-#else
+# else /* __STDC__ */
 smtpmessage(f, m, mci, va_alist)
 	char *f;
 	MAILER *m;
 	MCI *mci;
 	va_dcl
-#endif
+# endif /* __STDC__ */
 {
 	VA_LOCAL_DECL
 
@@ -1165,8 +2414,8 @@ smtpmessage(f, m, mci, va_alist)
 	}
 	else if (tTd(18, 1))
 	{
-		printf("smtpmessage: NULL mci_out\n");
+		dprintf("smtpmessage: NULL mci_out\n");
 	}
 }
 
-# endif /* SMTP */
+#endif /* SMTP */
diff --git a/contrib/sendmail/src/util.c b/contrib/sendmail/src/util.c
index 0cb8992..fa0f74a 100644
--- a/contrib/sendmail/src/util.c
+++ b/contrib/sendmail/src/util.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,11 +12,15 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)util.c	8.168 (Berkeley) 1/21/1999";
-#endif /* not lint */
+static char id[] = "@(#)$Id: util.c,v 8.225.2.1.2.8 2000/07/03 18:28:56 geir Exp $";
+#endif /* ! lint */
+
+#include <sendmail.h>
+#include <sysexits.h>
+
+
+static void	readtimeout __P((time_t));
 
-# include "sendmail.h"
-# include <sysexits.h>
 /*
 **  STRIPQUOTES -- Strip quotes & quote bits from a string.
 **
@@ -30,9 +35,6 @@ static char sccsid[] = "@(#)util.c	8.168 (Berkeley) 1/21/1999";
 **
 **	Side Effects:
 **		none.
-**
-**	Called By:
-**		deliver
 */
 
 void
@@ -91,7 +93,7 @@ addquotes(s)
 		if (c == '\\' || c == '"')
 			len++;
 	}
-	
+
 	q = r = xalloc(len + 3);
 	p = s;
 
@@ -176,7 +178,7 @@ rfc822_string(s)
 /*
 **  SHORTEN_RFC822_STRING -- Truncate and rebalance an RFC822 string
 **
-**	Arbitratily shorten (in place) an RFC822 string and rebalance
+**	Arbitrarily shorten (in place) an RFC822 string and rebalance
 **	comments and quotes.
 **
 **	Parameters:
@@ -202,7 +204,7 @@ shorten_rfc822_string(string, length)
 	size_t slen;
 	int parencount = 0;
 	char *ptr = string;
-	
+
 	/*
 	**  If have to rebalance an already short enough string,
 	**  need to do it within allocated space.
@@ -231,14 +233,14 @@ shorten_rfc822_string(string, length)
 			if (--parencount < 0)
 				parencount = 0;
 		}
-		
+
 		/* Inside a comment, quotes don't matter */
 		if (parencount <= 0 && *ptr == '"')
 			quoted = !quoted;
 
 increment:
 		/* Check for sufficient space for next character */
-		if (length - (ptr - string) <= ((backslash ? 1 : 0) +
+		if (length - (ptr - string) <= (size_t) ((backslash ? 1 : 0) +
 						parencount +
 						(quoted ? 1 : 0)))
 		{
@@ -299,12 +301,12 @@ increment:
 char *
 find_character(string, character)
 	char *string;
-	char character;
+	int character;
 {
 	bool backslash = FALSE;
 	bool quoted = FALSE;
 	int parencount = 0;
-		
+
 	while (string != NULL && *string != '\0')
 	{
 		if (backslash)
@@ -320,25 +322,25 @@ find_character(string, character)
 		  case '\\':
 			backslash = TRUE;
 			break;
-			
+
 		  case '(':
 			if (!quoted)
 				parencount++;
 			break;
-			
+
 		  case ')':
 			if (--parencount < 0)
 				parencount = 0;
 			break;
 		}
-		
+
 		/* Inside a comment, nothing matters */
 		if (parencount > 0)
 		{
 			string++;
 			continue;
 		}
-		
+
 		if (*string == '"')
 			quoted = !quoted;
 		else if (*string == character && !quoted)
@@ -381,7 +383,7 @@ xalloc(sz)
 		syserr("!Out of memory!!");
 		/* exit(EX_UNAVAILABLE); */
 	}
-	return (p);
+	return p;
 }
 /*
 **  COPYPLIST -- copy list of pointers.
@@ -416,7 +418,7 @@ copyplist(list, copycont)
 	vp++;
 
 	newvp = (char **) xalloc((int) (vp - list) * sizeof *vp);
-	bcopy((char *) list, (char *) newvp, (int) (vp - list) * sizeof *vp);
+	memmove((char *) newvp, (char *) list, (int) (vp - list) * sizeof *vp);
 
 	if (copycont)
 	{
@@ -424,13 +426,13 @@ copyplist(list, copycont)
 			*vp = newstr(*vp);
 	}
 
-	return (newvp);
+	return newvp;
 }
 /*
 **  COPYQUEUE -- copy address queue.
 **
 **	This routine is the equivalent of newstr for address queues
-**	addresses marked with QDONTSEND aren't copied
+**	addresses marked as QS_IS_DEAD() aren't copied
 **
 **	Parameters:
 **		addr -- list of address structures to copy.
@@ -452,9 +454,9 @@ copyqueue(addr)
 
 	while (addr != NULL)
 	{
-		if (!bitset(QDONTSEND, addr->q_flags))
+		if (!QS_IS_DEAD(addr->q_state))
 		{
-			newaddr = (ADDRESS *) xalloc(sizeof(ADDRESS));
+			newaddr = (ADDRESS *) xalloc(sizeof *newaddr);
 			STRUCTCOPY(*addr, *newaddr);
 			*tail = newaddr;
 			tail = &newaddr->q_next;
@@ -462,10 +464,81 @@ copyqueue(addr)
 		addr = addr->q_next;
 	}
 	*tail = NULL;
-	
+
 	return ret;
 }
 /*
+**  LOG_SENDMAIL_PID -- record sendmail pid and command line.
+**
+**	Parameters:
+**		e -- the current envelope.
+**
+**	Returns:
+**		none.
+**
+**	Side Effects:
+**		writes pidfile.
+*/
+
+void
+log_sendmail_pid(e)
+	ENVELOPE *e;
+{
+	long sff;
+	FILE *pidf;
+	char pidpath[MAXPATHLEN + 1];
+
+	/* write the pid to the log file for posterity */
+	sff = SFF_NOLINK|SFF_ROOTOK|SFF_REGONLY|SFF_CREAT;
+	if (TrustedUid != 0 && RealUid == TrustedUid)
+		sff |= SFF_OPENASROOT;
+	expand(PidFile, pidpath, sizeof pidpath, e);
+	pidf = safefopen(pidpath, O_WRONLY|O_TRUNC, 0644, sff);
+	if (pidf == NULL)
+	{
+		sm_syslog(LOG_ERR, NOQID, "unable to write %s", pidpath);
+	}
+	else
+	{
+		extern char *CommandLineArgs;
+
+		/* write the process id on line 1 */
+		fprintf(pidf, "%ld\n", (long) getpid());
+
+		/* line 2 contains all command line flags */
+		fprintf(pidf, "%s\n", CommandLineArgs);
+
+		/* flush and close */
+		(void) fclose(pidf);
+	}
+}
+/*
+**  SET_DELIVERY_MODE -- set and record the delivery mode
+**
+**	Parameters:
+**		mode -- delivery mode
+**		e -- the current envelope.
+**
+**	Returns:
+**		none.
+**
+**	Side Effects:
+**		sets $&{deliveryMode} macro
+*/
+
+void
+set_delivery_mode(mode, e)
+	int mode;
+	ENVELOPE *e;
+{
+	char buf[2];
+
+	e->e_sendmode = (char)mode;
+	buf[0] = (char)mode;
+	buf[1] = '\0';
+	define(macid("{deliveryMode}", NULL), newstr(buf), e);
+}
+/*
 **  PRINTAV -- print argument vector.
 **
 **	Parameters:
@@ -485,7 +558,7 @@ printav(av)
 	while (*av != NULL)
 	{
 		if (tTd(0, 44))
-			printf("\n\t%08lx=", (u_long) *av);
+			dprintf("\n\t%08lx=", (u_long) *av);
 		else
 			(void) putchar(' ');
 		xputs(*av++);
@@ -507,9 +580,9 @@ printav(av)
 
 char
 lower(c)
-	register char c;
+	register int c;
 {
-	return((isascii(c) && isupper(c)) ? tolower(c) : c);
+	return ((isascii(c) && isupper(c)) ? tolower(c) : c);
 }
 /*
 **  XPUTS -- put string doing control escapes.
@@ -560,12 +633,12 @@ xputs(s)
 			{
 				printf("%s$", TermEscape.te_rv_on);
 				if (c == MACRODEXPAND)
-					putchar('&');
+					(void) putchar('&');
 				shiftout = TRUE;
 				if (*s == '\0')
 					continue;
 				if (strchr("=~&?", *s) != NULL)
-					putchar(*s++);
+					(void) putchar(*s++);
 				if (bitset(0200, *s))
 					printf("{%s}", macname(*s++ & 0377));
 				else
@@ -601,7 +674,7 @@ xputs(s)
   printchar:
 		if (isprint(c))
 		{
-			putchar(c);
+			(void) putchar(c);
 			continue;
 		}
 
@@ -652,9 +725,6 @@ xputs(s)
 **
 **	Side Effects:
 **		String pointed to by p is translated to lower case.
-**
-**	Called By:
-**		parse
 */
 
 void
@@ -677,7 +747,7 @@ makelower(p)
 **
 **	Parameters:
 **		p -- name to build.
-**		login -- the login name of this user (for &).
+**		user -- the login name of this user (for &).
 **		buf -- place to put the result.
 **		buflen -- length of buf.
 **
@@ -689,9 +759,9 @@ makelower(p)
 */
 
 void
-buildfname(gecos, login, buf, buflen)
+buildfname(gecos, user, buf, buflen)
 	register char *gecos;
-	char *login;
+	char *user;
 	char *buf;
 	int buflen;
 {
@@ -707,13 +777,13 @@ buildfname(gecos, login, buf, buflen)
 		if (bp >= &buf[buflen - 1])
 		{
 			/* buffer overflow -- just use login name */
-			snprintf(buf, buflen, "%s", login);
+			snprintf(buf, buflen, "%s", user);
 			return;
 		}
 		if (*p == '&')
 		{
 			/* interpolate full name */
-			snprintf(bp, buflen - (bp - buf), "%s", login);
+			snprintf(bp, buflen - (bp - buf), "%s", user);
 			*bp = toupper(*bp);
 			bp += strlen(bp);
 		}
@@ -810,9 +880,9 @@ putxline(l, len, mci, pxflags)
 	register MCI *mci;
 	int pxflags;
 {
+	bool dead = FALSE;
 	register char *p, *end;
 	int slop = 0;
-	size_t eol_len = strlen(mci->mci_mailer->m_eol);
 
 	/* strip out 0200 bits -- these can look like TELNET protocol */
 	if (bitset(MCIF_7BIT, mci->mci_flags) ||
@@ -846,9 +916,8 @@ putxline(l, len, mci, pxflags)
 			if (l[0] == '.' && slop == 0 &&
 			    bitnset(M_XDOT, mci->mci_mailer->m_flags))
 			{
-				(void) putc('.', mci->mci_out);
-				if (!bitset(MCIF_INHEADER, mci->mci_flags))
-					mci->mci_contentlen++;
+				if (putc('.', mci->mci_out) == EOF)
+					dead = TRUE;
 				if (TrafficLogFile != NULL)
 					(void) putc('.', TrafficLogFile);
 			}
@@ -857,44 +926,61 @@ putxline(l, len, mci, pxflags)
 				 strncmp(l, "From ", 5) == 0 &&
 				 bitnset(M_ESCFROM, mci->mci_mailer->m_flags))
 			{
-				(void) putc('>', mci->mci_out);
-				if (!bitset(MCIF_INHEADER, mci->mci_flags))
-					mci->mci_contentlen++;
+				if (putc('>', mci->mci_out) == EOF)
+					dead = TRUE;
 				if (TrafficLogFile != NULL)
 					(void) putc('>', TrafficLogFile);
 			}
+			if (dead)
+				break;
+
 			while (l < q)
 			{
-				(void) putc(*l++, mci->mci_out);
-				if (!bitset(MCIF_INHEADER, mci->mci_flags))
-					mci->mci_contentlen++;
+				if (putc((unsigned char) *l++, mci->mci_out) ==
+				    EOF)
+				{
+					dead = TRUE;
+					break;
+				}
+
+				/* record progress for DATA timeout */
+				DataProgress = TRUE;
+			}
+			if (dead)
+				break;
+
+			if (putc('!', mci->mci_out) == EOF ||
+			    fputs(mci->mci_mailer->m_eol,
+				  mci->mci_out) == EOF ||
+			    putc(' ', mci->mci_out) == EOF)
+			{
+				dead = TRUE;
+				break;
 			}
-			(void) putc('!', mci->mci_out);
-			if (!bitset(MCIF_INHEADER, mci->mci_flags))
-				mci->mci_contentlen++;
-			fputs(mci->mci_mailer->m_eol, mci->mci_out);
-			if (!bitset(MCIF_INHEADER, mci->mci_flags))
-				mci->mci_contentlen += eol_len;
-			(void) putc(' ', mci->mci_out);
-			if (!bitset(MCIF_INHEADER, mci->mci_flags))
-				mci->mci_contentlen++;
+
+			/* record progress for DATA timeout */
+			DataProgress = TRUE;
+
 			if (TrafficLogFile != NULL)
 			{
 				for (l = l_base; l < q; l++)
-					(void) putc(*l, TrafficLogFile);
+					(void) putc((unsigned char)*l,
+						    TrafficLogFile);
 				fprintf(TrafficLogFile, "!\n%05d >>>  ",
 					(int) getpid());
 			}
 			slop = 1;
 		}
 
+		if (dead)
+			break;
+
 		/* output last part */
 		if (l[0] == '.' && slop == 0 &&
 		    bitnset(M_XDOT, mci->mci_mailer->m_flags))
 		{
-			(void) putc('.', mci->mci_out);
-			if (!bitset(MCIF_INHEADER, mci->mci_flags))
-				mci->mci_contentlen++;
+			if (putc('.', mci->mci_out) == EOF)
+				break;
 			if (TrafficLogFile != NULL)
 				(void) putc('.', TrafficLogFile);
 		}
@@ -903,37 +989,45 @@ putxline(l, len, mci, pxflags)
 			 strncmp(l, "From ", 5) == 0 &&
 			 bitnset(M_ESCFROM, mci->mci_mailer->m_flags))
 		{
-			(void) putc('>', mci->mci_out);
-			if (!bitset(MCIF_INHEADER, mci->mci_flags))
-				mci->mci_contentlen++;
+			if (putc('>', mci->mci_out) == EOF)
+				break;
 			if (TrafficLogFile != NULL)
 				(void) putc('>', TrafficLogFile);
 		}
 		for ( ; l < p; ++l)
 		{
 			if (TrafficLogFile != NULL)
-				(void) putc(*l, TrafficLogFile);
-			(void) putc(*l, mci->mci_out);
-			if (!bitset(MCIF_INHEADER, mci->mci_flags))
-				mci->mci_contentlen++;
+				(void) putc((unsigned char)*l, TrafficLogFile);
+			if (putc((unsigned char) *l, mci->mci_out) == EOF)
+			{
+				dead = TRUE;
+				break;
+			}
+
+			/* record progress for DATA timeout */
+			DataProgress = TRUE;
 		}
+		if (dead)
+			break;
+
 		if (TrafficLogFile != NULL)
 			(void) putc('\n', TrafficLogFile);
-		fputs(mci->mci_mailer->m_eol, mci->mci_out);
-		if (!bitset(MCIF_INHEADER, mci->mci_flags))
-			mci->mci_contentlen += eol_len;
+		if (fputs(mci->mci_mailer->m_eol, mci->mci_out) == EOF)
+			break;
 		if (l < end && *l == '\n')
 		{
 			if (*++l != ' ' && *l != '\t' && *l != '\0' &&
 			    bitset(PXLF_HEADER, pxflags))
 			{
-				(void) putc(' ', mci->mci_out);
-				if (!bitset(MCIF_INHEADER, mci->mci_flags))
-					mci->mci_contentlen++;
+				if (putc(' ', mci->mci_out) == EOF)
+					break;
 				if (TrafficLogFile != NULL)
 					(void) putc(' ', TrafficLogFile);
 			}
 		}
+
+		/* record progress for DATA timeout */
+		DataProgress = TRUE;
 	} while (l < end);
 }
 /*
@@ -957,42 +1051,14 @@ xunlink(f)
 
 	if (LogLevel > 98)
 		sm_syslog(LOG_DEBUG, CurEnv->e_id,
-			"unlink %s",
-			f);
+			  "unlink %s",
+			  f);
 
 	i = unlink(f);
 	if (i < 0 && LogLevel > 97)
 		sm_syslog(LOG_DEBUG, CurEnv->e_id,
-			"%s: unlink-fail %d",
-			f, errno);
-}
-/*
-**  XFCLOSE -- close a file, doing logging as appropriate.
-**
-**	Parameters:
-**		fp -- file pointer for the file to close
-**		a, b -- miscellaneous crud to print for debugging
-**
-**	Returns:
-**		none.
-**
-**	Side Effects:
-**		fp is closed.
-*/
-
-void
-xfclose(fp, a, b)
-	FILE *fp;
-	char *a, *b;
-{
-	if (tTd(53, 99))
-		printf("xfclose(%lx) %s %s\n", (u_long) fp, a, b);
-#if XDEBUG
-	if (fileno(fp) == 1)
-		syserr("xfclose(%s %s): fd = 1", a, b);
-#endif
-	if (fclose(fp) < 0 && tTd(53, 99))
-		printf("xfclose FAILURE: %s\n", errstring(errno));
+			  "%s: unlink-fail %d",
+			  f, errno);
 }
 /*
 **  SFGETS -- "safe" fgets -- times out and ignores random interrupts.
@@ -1013,8 +1079,8 @@ xfclose(fp, a, b)
 **		none.
 */
 
+
 static jmp_buf	CtxReadTimeout;
-static void	readtimeout __P((time_t));
 
 char *
 sfgets(buf, siz, fp, timeout, during)
@@ -1041,18 +1107,18 @@ sfgets(buf, siz, fp, timeout, during)
 		{
 			if (LogLevel > 1)
 				sm_syslog(LOG_NOTICE, CurEnv->e_id,
-				       "timeout waiting for input from %.100s during %s",
-				       CurHostName ? CurHostName : "local",
-				       during);
+					  "timeout waiting for input from %.100s during %s",
+					  CurHostName ? CurHostName : "local",
+					  during);
 			buf[0] = '\0';
 #if XDEBUG
 			checkfd012(during);
-#endif
+#endif /* XDEBUG */
 			if (TrafficLogFile != NULL)
 				fprintf(TrafficLogFile, "%05d <<< [TIMEOUT]\n",
 					(int) getpid());
 			errno = 0;
-			return (NULL);
+			return NULL;
 		}
 		ev = setevent(timeout, readtimeout, 0);
 	}
@@ -1081,7 +1147,7 @@ sfgets(buf, siz, fp, timeout, during)
 		if (TrafficLogFile != NULL)
 			fprintf(TrafficLogFile, "%05d <<< [EOF]\n", (int) getpid());
 		errno = save_errno;
-		return (NULL);
+		return NULL;
 	}
 	if (TrafficLogFile != NULL)
 		fprintf(TrafficLogFile, "%05d <<< %s", (int) getpid(), buf);
@@ -1101,7 +1167,7 @@ sfgets(buf, siz, fp, timeout, during)
 			}
 		}
 	}
-	return (buf);
+	return buf;
 }
 
 /* ARGSUSED */
@@ -1165,7 +1231,7 @@ fgetfolded(buf, n, f)
 			else
 				nn += MEMCHUNKSIZE;
 			nbp = xalloc(nn);
-			bcopy(bp, nbp, p - bp);
+			memmove(nbp, bp, p - bp);
 			p = &nbp[p - bp];
 			if (bp != buf)
 				free(bp);
@@ -1184,11 +1250,11 @@ fgetfolded(buf, n, f)
 		}
 	}
 	if (p == bp)
-		return (NULL);
+		return NULL;
 	if (p[-1] == '\n')
 		p--;
 	*p = '\0';
-	return (bp);
+	return bp;
 }
 /*
 **  CURTIME -- return current time.
@@ -1209,7 +1275,7 @@ curtime()
 	auto time_t t;
 
 	(void) time(&t);
-	return (t);
+	return t;
 }
 /*
 **  ATOBOOL -- convert a string representation to boolean.
@@ -1232,8 +1298,8 @@ atobool(s)
 	register char *s;
 {
 	if (s == NULL || *s == '\0' || strchr("tTyY", *s) != NULL)
-		return (TRUE);
-	return (FALSE);
+		return TRUE;
+	return FALSE;
 }
 /*
 **  ATOOCT -- convert a string representation to octal.
@@ -1257,7 +1323,7 @@ atooct(s)
 
 	while (*s >= '0' && *s <= '7')
 		i = (i << 3) | (*s++ - '0');
-	return (i);
+	return i;
 }
 /*
 **  BITINTERSECT -- tell if two bitmaps intersect
@@ -1275,15 +1341,15 @@ atooct(s)
 
 bool
 bitintersect(a, b)
-	BITMAP a;
-	BITMAP b;
+	BITMAP256 a;
+	BITMAP256 b;
 {
 	int i;
 
 	for (i = BITMAPBYTES / sizeof (int); --i >= 0; )
 		if ((a[i] & b[i]) != 0)
-			return (TRUE);
-	return (FALSE);
+			return TRUE;
+	return FALSE;
 }
 /*
 **  BITZEROP -- tell if a bitmap is all zero
@@ -1301,14 +1367,14 @@ bitintersect(a, b)
 
 bool
 bitzerop(map)
-	BITMAP map;
+	BITMAP256 map;
 {
 	int i;
 
 	for (i = BITMAPBYTES / sizeof (int); --i >= 0; )
 		if (map[i] != 0)
-			return (FALSE);
-	return (TRUE);
+			return FALSE;
+	return TRUE;
 }
 /*
 **  STRCONTAINEDIN -- tell if one string is contained in another
@@ -1393,7 +1459,7 @@ checkfdopen(fd, where)
 		syserr("checkfdopen(%d): %s not open as expected!", fd, where);
 		printopenfds(TRUE);
 	}
-#endif
+#endif /* XDEBUG */
 }
 /*
 **  CHECKFDS -- check for new or missing file descriptors
@@ -1416,7 +1482,7 @@ checkfds(where)
 	register int fd;
 	bool printhdr = TRUE;
 	int save_errno = errno;
-	static BITMAP baseline;
+	static BITMAP256 baseline;
 	extern int DtableSize;
 
 	if (DtableSize > 256)
@@ -1447,8 +1513,8 @@ checkfds(where)
 		if (printhdr)
 		{
 			sm_syslog(LOG_DEBUG, CurEnv->e_id,
-				"%s: changed fds:",
-				where);
+				  "%s: changed fds:",
+				  where);
 			printhdr = FALSE;
 		}
 		dumpfd(fd, TRUE, TRUE);
@@ -1466,7 +1532,9 @@ checkfds(where)
 **		none.
 */
 
-#include <arpa/inet.h>
+#if NETINET || NETINET6
+# include <arpa/inet.h>
+#endif /* NETINET || NETINET6 */
 
 void
 printopenfds(logit)
@@ -1498,14 +1566,14 @@ dumpfd(fd, printclosed, logit)
 	char *hp;
 #ifdef S_IFSOCK
 	SOCKADDR sa;
-#endif
+#endif /* S_IFSOCK */
 	auto SOCKADDR_LEN_T slen;
 	int i;
 #if STAT64 > 0
 	struct stat64 st;
-#else
+#else /* STAT64 > 0 */
 	struct stat st;
-#endif
+#endif /* STAT64 > 0 */
 	char buf[200];
 
 	p = buf;
@@ -1515,9 +1583,9 @@ dumpfd(fd, printclosed, logit)
 	if (
 #if STAT64 > 0
 	    fstat64(fd, &st)
-#else
+#else /* STAT64 > 0 */
 	    fstat(fd, &st)
-#endif
+#endif /* STAT64 > 0 */
 	    < 0)
 	{
 		if (errno != EBADF)
@@ -1541,7 +1609,7 @@ dumpfd(fd, printclosed, logit)
 		p += strlen(p);
 	}
 
-	snprintf(p, SPACELEFT(buf, p), "mode=%o: ", st.st_mode);
+	snprintf(p, SPACELEFT(buf, p), "mode=%o: ", (int) st.st_mode);
 	p += strlen(p);
 	switch (st.st_mode & S_IFMT)
 	{
@@ -1549,15 +1617,29 @@ dumpfd(fd, printclosed, logit)
 	  case S_IFSOCK:
 		snprintf(p, SPACELEFT(buf, p), "SOCK ");
 		p += strlen(p);
+		memset(&sa, '\0', sizeof sa);
 		slen = sizeof sa;
 		if (getsockname(fd, &sa.sa, &slen) < 0)
-			snprintf(p, SPACELEFT(buf, p), "(%s)", errstring(errno));
+			snprintf(p, SPACELEFT(buf, p), "(%s)",
+				 errstring(errno));
 		else
 		{
 			hp = hostnamebyanyaddr(&sa);
-			if (sa.sa.sa_family == AF_INET)
+			if (hp == NULL)
+			{
+				/* EMPTY */
+				/* do nothing */
+			}
+# if NETINET
+			else if (sa.sa.sa_family == AF_INET)
+				snprintf(p, SPACELEFT(buf, p), "%s/%d",
+					 hp, ntohs(sa.sin.sin_port));
+# endif /* NETINET */
+# if NETINET6
+			else if (sa.sa.sa_family == AF_INET6)
 				snprintf(p, SPACELEFT(buf, p), "%s/%d",
-					hp, ntohs(sa.sin.sin_port));
+					 hp, ntohs(sa.sin6.sin6_port));
+# endif /* NETINET6 */
 			else
 				snprintf(p, SPACELEFT(buf, p), "%s", hp);
 		}
@@ -1570,14 +1652,26 @@ dumpfd(fd, printclosed, logit)
 		else
 		{
 			hp = hostnamebyanyaddr(&sa);
-			if (sa.sa.sa_family == AF_INET)
+			if (hp == NULL)
+			{
+				/* EMPTY */
+				/* do nothing */
+			}
+# if NETINET
+			else if (sa.sa.sa_family == AF_INET)
 				snprintf(p, SPACELEFT(buf, p), "%s/%d",
-					hp, ntohs(sa.sin.sin_port));
+					 hp, ntohs(sa.sin.sin_port));
+# endif /* NETINET */
+# if NETINET6
+			else if (sa.sa.sa_family == AF_INET6)
+				snprintf(p, SPACELEFT(buf, p), "%s/%d",
+					 hp, ntohs(sa.sin6.sin6_port));
+# endif /* NETINET6 */
 			else
 				snprintf(p, SPACELEFT(buf, p), "%s", hp);
 		}
 		break;
-#endif
+#endif /* S_IFSOCK */
 
 	  case S_IFCHR:
 		snprintf(p, SPACELEFT(buf, p), "CHR: ");
@@ -1594,36 +1688,40 @@ dumpfd(fd, printclosed, logit)
 		snprintf(p, SPACELEFT(buf, p), "FIFO: ");
 		p += strlen(p);
 		goto defprint;
-#endif
+#endif /* defined(S_IFIFO) && (!defined(S_IFSOCK) || S_IFIFO != S_IFSOCK) */
 
 #ifdef S_IFDIR
 	  case S_IFDIR:
 		snprintf(p, SPACELEFT(buf, p), "DIR: ");
 		p += strlen(p);
 		goto defprint;
-#endif
+#endif /* S_IFDIR */
 
 #ifdef S_IFLNK
 	  case S_IFLNK:
 		snprintf(p, SPACELEFT(buf, p), "LNK: ");
 		p += strlen(p);
 		goto defprint;
-#endif
+#endif /* S_IFLNK */
 
 	  default:
 defprint:
+		/*CONSTCOND*/
 		if (sizeof st.st_ino > sizeof (long))
 			snprintf(p, SPACELEFT(buf, p),
 				 "dev=%d/%d, ino=%s, nlink=%d, u/gid=%d/%d, ",
 				 major(st.st_dev), minor(st.st_dev),
 				 quad_to_string(st.st_ino),
-				 st.st_nlink, st.st_uid, st.st_gid);
+				 (int) st.st_nlink, (int) st.st_uid,
+				 (int) st.st_gid);
 		else
 			snprintf(p, SPACELEFT(buf, p),
-				"dev=%d/%d, ino=%lu, nlink=%d, u/gid=%d/%d, ",
-				major(st.st_dev), minor(st.st_dev),
-				(unsigned long) st.st_ino,
-				st.st_nlink, st.st_uid, st.st_gid);
+				 "dev=%d/%d, ino=%lu, nlink=%d, u/gid=%d/%d, ",
+				 major(st.st_dev), minor(st.st_dev),
+				 (unsigned long) st.st_ino,
+				 (int) st.st_nlink, (int) st.st_uid,
+				 (int) st.st_gid);
+		/*CONSTCOND*/
 		if (sizeof st.st_size > sizeof (long))
 			snprintf(p, SPACELEFT(buf, p), "size=%s",
 				 quad_to_string(st.st_size));
@@ -1636,7 +1734,7 @@ defprint:
 printit:
 	if (logit)
 		sm_syslog(LOG_DEBUG, CurEnv ? CurEnv->e_id : NULL,
-			"%.800s", buf);
+			  "%.800s", buf);
 	else
 		printf("%s\n", buf);
 }
@@ -1701,7 +1799,7 @@ prog_open(argv, pfd, e)
 {
 	int pid;
 	int i;
-	int saveerrno;
+	int save_errno;
 	int fdv[2];
 	char *p, *q;
 	char buf[MAXLINE + 1];
@@ -1716,34 +1814,37 @@ prog_open(argv, pfd, e)
 	if (pid < 0)
 	{
 		syserr("%s: cannot fork", argv[0]);
-		close(fdv[0]);
-		close(fdv[1]);
+		(void) close(fdv[0]);
+		(void) close(fdv[1]);
 		return -1;
 	}
 	if (pid > 0)
 	{
 		/* parent */
-		close(fdv[1]);
+		(void) close(fdv[1]);
 		*pfd = fdv[0];
 		return pid;
 	}
 
 	/* child -- close stdin */
-	close(0);
+	(void) close(0);
 
 	/* stdout goes back to parent */
-	close(fdv[0]);
+	(void) close(fdv[0]);
 	if (dup2(fdv[1], 1) < 0)
 	{
 		syserr("%s: cannot dup2 for stdout", argv[0]);
 		_exit(EX_OSERR);
 	}
-	close(fdv[1]);
+	(void) close(fdv[1]);
 
 	/* stderr goes to transcript if available */
 	if (e->e_xfp != NULL)
 	{
-		if (dup2(fileno(e->e_xfp), 2) < 0)
+		int xfd;
+
+		xfd = fileno(e->e_xfp);
+		if (xfd >= 0 && dup2(xfd, 2) < 0)
 		{
 			syserr("%s: cannot dup2 for stderr", argv[0]);
 			_exit(EX_OSERR);
@@ -1752,14 +1853,36 @@ prog_open(argv, pfd, e)
 
 	/* this process has no right to the queue file */
 	if (e->e_lockfp != NULL)
-		close(fileno(e->e_lockfp));
+		(void) close(fileno(e->e_lockfp));
+
+	/* chroot to the program mailer directory, if defined */
+	if (ProgMailer != NULL && ProgMailer->m_rootdir != NULL)
+	{
+		expand(ProgMailer->m_rootdir, buf, sizeof buf, e);
+		if (chroot(buf) < 0)
+		{
+			syserr("prog_open: cannot chroot(%s)", buf);
+			exit(EX_TEMPFAIL);
+		}
+		if (chdir("/") < 0)
+		{
+			syserr("prog_open: cannot chdir(/)");
+			exit(EX_TEMPFAIL);
+		}
+	}
 
 	/* run as default user */
 	endpwent();
 	if (setgid(DefGid) < 0 && geteuid() == 0)
+	{
 		syserr("prog_open: setgid(%ld) failed", (long) DefGid);
+		exit(EX_TEMPFAIL);
+	}
 	if (setuid(DefUid) < 0 && geteuid() == 0)
+	{
 		syserr("prog_open: setuid(%ld) failed", (long) DefUid);
+		exit(EX_TEMPFAIL);
+	}
 
 	/* run in some directory */
 	if (ProgMailer != NULL)
@@ -1790,22 +1913,22 @@ prog_open(argv, pfd, e)
 		register int j;
 
 		if ((j = fcntl(i, F_GETFD, 0)) != -1)
-			(void) fcntl(i, F_SETFD, j | 1);
+			(void) fcntl(i, F_SETFD, j | FD_CLOEXEC);
 	}
 
 	/* now exec the process */
-	execve(argv[0], (ARGV_T) argv, (ARGV_T) UserEnviron);
+	(void) execve(argv[0], (ARGV_T) argv, (ARGV_T) UserEnviron);
 
 	/* woops!  failed */
-	saveerrno = errno;
+	save_errno = errno;
 	syserr("%s: cannot exec", argv[0]);
-	if (transienterror(saveerrno))
+	if (transienterror(save_errno))
 		_exit(EX_OSERR);
 	_exit(EX_CONFIG);
 	return -1;	/* avoid compiler warning on IRIX */
 }
 /*
-**  GET_COLUMN  -- look up a Column in a line buffer
+**  GET_COLUMN -- look up a Column in a line buffer
 **
 **	Parameters:
 **		line -- the raw text line to search.
@@ -1824,7 +1947,7 @@ char *
 get_column(line, col, delim, buf, buflen)
 	char line[];
 	int col;
-	char delim;
+	int delim;
 	char buf[];
 	int buflen;
 {
@@ -1832,24 +1955,24 @@ get_column(line, col, delim, buf, buflen)
 	char *begin, *end;
 	int i;
 	char delimbuf[4];
-	
-	if (delim == '\0')
-		strcpy(delimbuf, "\n\t ");
+
+	if ((char)delim == '\0')
+		(void) strlcpy(delimbuf, "\n\t ", sizeof delimbuf);
 	else
 	{
-		delimbuf[0] = delim;
+		delimbuf[0] = (char)delim;
 		delimbuf[1] = '\0';
 	}
 
 	p = line;
 	if (*p == '\0')
 		return NULL;			/* line empty */
-	if (*p == delim && col == 0)
+	if (*p == (char)delim && col == 0)
 		return NULL;			/* first column empty */
 
 	begin = line;
 
-	if (col == 0 && delim == '\0')
+	if (col == 0 && (char)delim == '\0')
 	{
 		while (*begin != '\0' && isascii(*begin) && isspace(*begin))
 			begin++;
@@ -1860,13 +1983,13 @@ get_column(line, col, delim, buf, buflen)
 		if ((begin = strpbrk(begin, delimbuf)) == NULL)
 			return NULL;		/* no such column */
 		begin++;
-		if (delim == '\0')
+		if ((char)delim == '\0')
 		{
 			while (*begin != '\0' && isascii(*begin) && isspace(*begin))
 				begin++;
 		}
 	}
-	
+
 	end = strpbrk(begin, delimbuf);
 	if (end == NULL)
 		i = strlen(begin);
@@ -1874,8 +1997,7 @@ get_column(line, col, delim, buf, buflen)
 		i = end - begin;
 	if (i >= buflen)
 		i = buflen - 1;
-	strncpy(buf, begin, i);
-	buf[i] = '\0';
+	(void) strlcpy(buf, begin, i + 1);
 	return buf;
 }
 /*
@@ -1899,6 +2021,9 @@ cleanstrcpy(t, f, l)
 	/* check for newlines and log if necessary */
 	(void) denlstring(f, TRUE, TRUE);
 
+	if (l <= 0)
+		syserr("!cleanstrcpy: length == 0");
+
 	l--;
 	while (l > 0 && *f != '\0')
 	{
@@ -1912,6 +2037,7 @@ cleanstrcpy(t, f, l)
 	}
 	*t = '\0';
 }
+
 /*
 **  DENLSTRING -- convert newlines in a string to spaces
 **
@@ -1952,16 +2078,16 @@ denlstring(s, strict, logattacks)
 		bp = xalloc(l);
 		bl = l;
 	}
-	strcpy(bp, s);
+	(void) strlcpy(bp, s, l);
 	for (p = bp; (p = strchr(p, '\n')) != NULL; )
 		*p++ = ' ';
 
 	if (logattacks)
 	{
 		sm_syslog(LOG_NOTICE, CurEnv->e_id,
-			"POSSIBLE ATTACK from %.100s: newline in string \"%s\"",
-			RealHostName == NULL ? "[UNKNOWN]" : RealHostName,
-			shortenstring(bp, MAXSHORTSTR));
+			  "POSSIBLE ATTACK from %.100s: newline in string \"%s\"",
+			  RealHostName == NULL ? "[UNKNOWN]" : RealHostName,
+			  shortenstring(bp, MAXSHORTSTR));
 	}
 
 	return bp;
@@ -1991,9 +2117,9 @@ path_is_dir(pathname, createflag)
 
 #if HASLSTAT
 	if (lstat(pathname, &statbuf) < 0)
-#else
+#else /* HASLSTAT */
 	if (stat(pathname, &statbuf) < 0)
-#endif
+#endif /* HASLSTAT */
 	{
 		if (errno != ENOENT || !createflag)
 			return FALSE;
@@ -2021,29 +2147,21 @@ path_is_dir(pathname, createflag)
 **
 **	Parameters:
 **		pid -- pid to add to list.
+**		task -- task of pid.
+**		type -- type of process.
 **
 **	Returns:
 **		none
 */
 
-struct procs
-{
-	pid_t	proc_pid;
-	char 	*proc_task;
-};
-
-static struct procs	*ProcListVec	= NULL;
-static int	ProcListSize	= 0;
-
-#define NO_PID		((pid_t) 0)
-#ifndef PROC_LIST_SEG
-# define PROC_LIST_SEG	32		/* number of pids to alloc at a time */
-#endif
+static struct procs	*ProcListVec = NULL;
+static int		ProcListSize = 0;
 
 void
-proc_list_add(pid, task)
+proc_list_add(pid, task, type)
 	pid_t pid;
 	char *task;
+	int type;
 {
 	int i;
 
@@ -2069,24 +2187,29 @@ proc_list_add(pid, task)
 		/* grow process list */
 		struct procs *npv;
 
-		npv = (struct procs *) xalloc(sizeof (struct procs) * (ProcListSize + PROC_LIST_SEG));
+		npv = (struct procs *) xalloc((sizeof *npv) *
+					      (ProcListSize + PROC_LIST_SEG));
 		if (ProcListSize > 0)
 		{
-			bcopy(ProcListVec, npv, ProcListSize *
-						sizeof (struct procs));
+			memmove(npv, ProcListVec,
+				ProcListSize * sizeof (struct procs));
 			free(ProcListVec);
 		}
 		for (i = ProcListSize; i < ProcListSize + PROC_LIST_SEG; i++)
 		{
 			npv[i].proc_pid = NO_PID;
 			npv[i].proc_task = NULL;
+			npv[i].proc_type = PROC_NONE;
 		}
 		i = ProcListSize;
 		ProcListSize += PROC_LIST_SEG;
 		ProcListVec = npv;
 	}
 	ProcListVec[i].proc_pid = pid;
+	if (ProcListVec[i].proc_task != NULL)
+		free(ProcListVec[i].proc_task);
 	ProcListVec[i].proc_task = newstr(task);
+	ProcListVec[i].proc_type = type;
 
 	/* if process adding itself, it's not a child */
 	if (pid != getpid())
@@ -2128,30 +2251,30 @@ proc_list_set(pid, task)
 **		pid -- pid to drop
 **
 **	Returns:
-**		none.
+**		type of process
 */
 
-void
+int
 proc_list_drop(pid)
 	pid_t pid;
 {
 	int i;
+	int type = PROC_NONE;
 
 	for (i = 0; i < ProcListSize; i++)
 	{
 		if (ProcListVec[i].proc_pid == pid)
 		{
 			ProcListVec[i].proc_pid = NO_PID;
-			if (ProcListVec[i].proc_task != NULL)
-			{
-				free(ProcListVec[i].proc_task);
-				ProcListVec[i].proc_task = NULL;
-			}
+			type = ProcListVec[i].proc_type;
 			break;
 		}
 	}
 	if (CurChildren > 0)
 		CurChildren--;
+
+
+	return type;
 }
 /*
 **  PROC_LIST_CLEAR -- clear the process list
@@ -2172,11 +2295,6 @@ proc_list_clear()
 	for (i = 1; i < ProcListSize; i++)
 	{
 		ProcListVec[i].proc_pid = NO_PID;
-		if (ProcListVec[i].proc_task != NULL)
-		{
-			free(ProcListVec[i].proc_task);
-			ProcListVec[i].proc_task = NULL;
-		}
 	}
 	CurChildren = 0;
 }
@@ -2204,14 +2322,9 @@ proc_list_probe()
 		{
 			if (LogLevel > 3)
 				sm_syslog(LOG_DEBUG, CurEnv->e_id,
-					"proc_list_probe: lost pid %d",
-					(int) ProcListVec[i].proc_pid);
+					  "proc_list_probe: lost pid %d",
+					  (int) ProcListVec[i].proc_pid);
 			ProcListVec[i].proc_pid = NO_PID;
-			if (ProcListVec[i].proc_task != NULL)
-			{
-				free(ProcListVec[i].proc_task);
-				ProcListVec[i].proc_task = NULL;
-			}
 			CurChildren--;
 		}
 	}
@@ -2288,7 +2401,7 @@ proc_list_display(out)
 
 #if defined(LIBC_SCCS) && !defined(lint)
 static char sccsid[] = "@(#)strcasecmp.c	8.1 (Berkeley) 6/4/93";
-#endif /* LIBC_SCCS and not lint */
+#endif /* defined(LIBC_SCCS) && !defined(lint) */
 
 /*
  * This array is designed for mapping upper and lower case letter
@@ -2340,7 +2453,7 @@ sm_strcasecmp(s1, s2)
 
 	while (cm[*us1] == cm[*us2++])
 		if (*us1++ == '\0')
-			return (0);
+			return 0;
 	return (cm[*us1] - cm[*--us2]);
 }
 
@@ -2361,5 +2474,5 @@ sm_strncasecmp(s1, s2, n)
 				break;
 		} while (--n != 0);
 	}
-	return (0);
+	return 0;
 }
diff --git a/contrib/sendmail/src/version.c b/contrib/sendmail/src/version.c
index 6f9d05e..1a57cda 100644
--- a/contrib/sendmail/src/version.c
+++ b/contrib/sendmail/src/version.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
  * Copyright (c) 1983 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -11,7 +12,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)version.c	8.9.3.1 (Berkeley) 2/4/1999";
-#endif /* not lint */
+static char id[] = "@(#)$Id: version.c,v 8.43.4.11 2000/07/19 20:40:59 gshapiro Exp $";
+#endif /* ! lint */
 
-char	Version[] = "8.9.3";
+char	Version[] = "8.11.0";
diff --git a/contrib/sendmail/test/Results b/contrib/sendmail/test/Results
index e31a68b..192f778 100644
--- a/contrib/sendmail/test/Results
+++ b/contrib/sendmail/test/Results
@@ -156,3 +156,5 @@ NCR MP-RAS 2	-1/0
 NCR MP-RAS 3	-1/0
 
 Linux 2.0.27	1/0	    1/0
+
+$Revision: 8.1 $, Last updated $Date: 1999/02/06 18:44:07 $
diff --git a/contrib/sendmail/test/t_exclopen.c b/contrib/sendmail/test/t_exclopen.c
index a42baa9..22ef693 100644
--- a/contrib/sendmail/test/t_exclopen.c
+++ b/contrib/sendmail/test/t_exclopen.c
@@ -28,15 +28,30 @@
 **	Ultrix 4.3	OK
 */
 
-#include <stdio.h>
-#include <errno.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <errno.h>
 #include <fcntl.h>
+#include <stdio.h>
+#include <unistd.h>
 
-char Attacker[128];
-char Attackee[128];
+#ifndef lint
+static char id[] = "@(#)$Id: t_exclopen.c,v 8.5 1999/08/28 00:25:28 gshapiro Exp $";
+#endif /* ! lint */
+
+static char Attacker[128];
+static char Attackee[128];
+
+static void
+bail(status)
+	int status;
+{
+	(void) unlink(Attacker);
+	(void) unlink(Attackee);
+	exit(status);
+}
 
+int
 main(argc, argv)
 	int argc;
 	char **argv;
@@ -61,16 +76,16 @@ main(argc, argv)
 	}
 	if (open(Attacker, O_WRONLY|O_CREAT|O_EXCL, 0644) < 0)
 	{
-		int saveerr = errno;
+		int save_errno = errno;
 
 		if (stat(Attackee, &st) >= 0)
 		{
 			printf("Weird.  Open failed but %s was created anyhow (errno = %d)\n",
-				Attackee, saveerr);
+				Attackee, save_errno);
 			bail(1);
 		}
 		printf("Good show!  Exclusive open works properly with symbolic links (errno = %d).\n",
-			saveerr);
+			save_errno);
 		bail(0);
 	}
 	if (stat(Attackee, &st) < 0)
@@ -82,12 +97,7 @@ main(argc, argv)
 	printf("Bad news: you can do an exclusive open through a symbolic link\n");
 	printf("\tBe sure you #define BOGUS_O_EXCL in conf.h\n");
 	bail(1);
-}
 
-bail(stat)
-	int stat;
-{
-	(void) unlink(Attacker);
-	(void) unlink(Attackee);
-	exit(stat);
+	/* NOTREACHED */
+	exit(0);
 }
diff --git a/contrib/sendmail/test/t_pathconf.c b/contrib/sendmail/test/t_pathconf.c
index a4b5038..5355fd6 100644
--- a/contrib/sendmail/test/t_pathconf.c
+++ b/contrib/sendmail/test/t_pathconf.c
@@ -5,13 +5,24 @@
 **  both do and do not permit file giveaway.
 */
 
-#include <unistd.h>
-#include <errno.h>
 #include <sys/types.h>
+#include <errno.h>
 #include <fcntl.h>
+#include <stdio.h>
+#include <unistd.h>
+#ifdef EX_OK
+# undef EX_OK		/* unistd.h may have another use for this */
+#endif /* EX_OK */
 #include <sysexits.h>
 
-main()
+#ifndef lint
+static char id[] = "@(#)$Id: t_pathconf.c,v 8.5 1999/08/28 00:25:28 gshapiro Exp $";
+#endif /* ! lint */
+
+int
+main(argc, argv)
+	int argc;
+	char **argv;
 {
 	int fd;
 	int i;
@@ -58,6 +69,6 @@ main()
 		else
 			printf("*** but in fact it is safe ***\n");
 	}
-	unlink(tbuf);
+	(void) unlink(tbuf);
 	exit(EX_OK);
 }
diff --git a/contrib/sendmail/test/t_seteuid.c b/contrib/sendmail/test/t_seteuid.c
index f3bd529..b912b60 100644
--- a/contrib/sendmail/test/t_seteuid.c
+++ b/contrib/sendmail/test/t_seteuid.c
@@ -15,11 +15,27 @@
 #include <unistd.h>
 #include <stdio.h>
 
+#ifndef lint
+static char id[] = "@(#)$Id: t_seteuid.c,v 8.4 1999/08/28 00:25:28 gshapiro Exp $";
+#endif /* ! lint */
+
 #ifdef __hpux
-#define seteuid(e)	setresuid(-1, e, -1)
-#endif
+# define seteuid(e)	setresuid(-1, e, -1)
+#endif /* __hpux */
+
+static void
+printuids(str, r, e)
+	char *str;
+	int r, e;
+{
+	printf("%s (should be %d/%d): r/euid=%d/%d\n", str, r, e,
+		getuid(), geteuid());
+}
 
-main()
+int
+main(argc, argv)
+	int argc;
+	char **argv;
 {
 	int fail = 0;
 	uid_t realuid = getuid();
@@ -111,11 +127,3 @@ main()
 	printf("\nIt is safe to define USESETEUID on this system\n");
 	exit(0);
 }
-
-printuids(str, r, e)
-	char *str;
-	int r, e;
-{
-	printf("%s (should be %d/%d): r/euid=%d/%d\n", str, r, e,
-		getuid(), geteuid());
-}
diff --git a/contrib/sendmail/test/t_setreuid.c b/contrib/sendmail/test/t_setreuid.c
index 6622068..1b6eff6 100644
--- a/contrib/sendmail/test/t_setreuid.c
+++ b/contrib/sendmail/test/t_setreuid.c
@@ -12,11 +12,27 @@
 #include <unistd.h>
 #include <stdio.h>
 
+#ifndef lint
+static char id[] = "@(#)$Id: t_setreuid.c,v 8.4 1999/08/28 00:25:28 gshapiro Exp $";
+#endif /* ! lint */
+
 #ifdef __hpux
-#define setreuid(r, e)	setresuid(r, e, -1)
-#endif
+# define setreuid(r, e)	setresuid(r, e, -1)
+#endif /* __hpux */
+
+static void
+printuids(str, r, e)
+	char *str;
+	int r, e;
+{
+	printf("%s (should be %d/%d): r/euid=%d/%d\n", str, r, e,
+		getuid(), geteuid());
+}
 
-main()
+int
+main(argc, argv)
+	int argc;
+	char **argv;
 {
 	int fail = 0;
 	uid_t realuid = getuid();
@@ -123,11 +139,3 @@ main()
 	printf("\nIt is safe to define HASSETREUID on this system\n");
 	exit(0);
 }
-
-printuids(str, r, e)
-	char *str;
-	int r, e;
-{
-	printf("%s (should be %d/%d): r/euid=%d/%d\n", str, r, e,
-		getuid(), geteuid());
-}
diff --git a/contrib/sendmail/test/t_setuid.c b/contrib/sendmail/test/t_setuid.c
new file mode 100644
index 0000000..7487579
--- /dev/null
+++ b/contrib/sendmail/test/t_setuid.c
@@ -0,0 +1,101 @@
+/*
+**  This program checks to see if your version of setuid works.
+**  Compile it, make it setuid root, and run it as yourself (NOT as
+**  root).
+**
+**	NOTE:  This should work everywhere, but Linux has the ability
+**	to use the undocumented setcap() call to make this break.
+**
+**  Compilation is trivial -- just "cc t_setuid.c".  Make it setuid,
+**  root and then execute it as a non-root user.
+*/
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <stdio.h>
+
+#ifndef lint
+static char id[] = "@(#)$Id: t_setuid.c,v 8.2.2.1 2000/05/31 00:29:47 gshapiro Exp $";
+#endif /* ! lint */
+
+static void
+printuids(str, r, e)
+	char *str;
+	int r, e;
+{
+	printf("%s (should be %d/%d): r/euid=%d/%d\n", str, r, e,
+		getuid(), geteuid());
+}
+
+int
+main(argc, argv)
+	int argc;
+	char **argv;
+{
+	int fail = 0;
+	uid_t realuid = getuid();
+
+	printuids("initial uids", realuid, 0);
+
+	if (geteuid() != 0)
+	{
+		printf("SETUP ERROR: re-run setuid root\n");
+		exit(1);
+	}
+
+	if (getuid() == 0)
+	{
+		printf("SETUP ERROR: must be run by a non-root user\n");
+		exit(1);
+	}
+
+	if (setuid(1) < 0)
+		printf("setuid(1) failure\n");
+	printuids("after setuid(1)", 1, 1);
+
+	if (geteuid() != 1)
+	{
+		fail++;
+		printf("MAYDAY!  Wrong effective uid\n");
+	}
+
+	if (getuid() != 1)
+	{
+		fail++;
+		printf("MAYDAY!  Wrong real uid\n");
+	}
+
+
+	/* do activity here */
+	if (setuid(0) == 0)
+	{
+		fail++;
+		printf("MAYDAY!  setuid(0) succeeded (should have failed)\n");
+	}
+	else
+	{
+		printf("setuid(0) failed (this is correct)\n");
+	}
+	printuids("after setuid(0)", 1, 1);
+
+	if (geteuid() != 1)
+	{
+		fail++;
+		printf("MAYDAY!  Wrong effective uid\n");
+	}
+	if (getuid() != 1)
+	{
+		fail++;
+		printf("MAYDAY!  Wrong real uid\n");
+	}
+	printf("\n");
+
+	if (fail)
+	{
+		printf("\nThis system cannot use setuid (maybe use setreuid)\n");
+		exit(1);
+	}
+
+	printf("\nIt is safe to use setuid on this system\n");
+	exit(0);
+}
diff --git a/contrib/sendmail/test/t_snprintf.c b/contrib/sendmail/test/t_snprintf.c
new file mode 100644
index 0000000..4789f49
--- /dev/null
+++ b/contrib/sendmail/test/t_snprintf.c
@@ -0,0 +1,24 @@
+#include <stdio.h>
+#include <sysexits.h>
+
+#define TEST_STRING	"1234567890"
+
+int
+main(argc, argv)
+	int argc;
+	char **argv;
+{
+	int r;
+	char buf[5];
+
+	r = snprintf(buf, sizeof buf, "%s", TEST_STRING);
+
+	if (buf[sizeof buf - 1] != '\0')
+	{
+		fprintf(stderr, "Add the following to devtools/Site/site.config.m4:\n\n");
+		fprintf(stderr, "APPENDDEF(`confENVDEF', `-DSNPRINTF_IS_BROKEN=1')\n\n");
+		exit(EX_OSERR);
+	}
+	fprintf(stderr, "snprintf() appears to work properly\n");
+	exit(EX_OK);
+}
diff --git a/contrib/sendmail/vacation/Build b/contrib/sendmail/vacation/Build
new file mode 100755
index 0000000..fbd060c
--- /dev/null
+++ b/contrib/sendmail/vacation/Build
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+#	$Id: Build,v 8.2 1999/03/02 02:35:21 peterh Exp $
+
+exec ../devtools/bin/Build $*
diff --git a/contrib/sendmail/vacation/Makefile b/contrib/sendmail/vacation/Makefile
new file mode 100644
index 0000000..7cc577f
--- /dev/null
+++ b/contrib/sendmail/vacation/Makefile
@@ -0,0 +1,17 @@
+#       $Id: Makefile,v 8.5 1999/09/23 22:36:45 ca Exp $
+
+SHELL= /bin/sh
+BUILD=   ./Build
+OPTIONS= $(CONFIG) $(FLAGS)
+
+all: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+clean: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+install: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) $@
+
+fresh: FRC
+	$(SHELL) $(BUILD) $(OPTIONS) -c
+
+FRC:
diff --git a/contrib/sendmail/vacation/Makefile.m4 b/contrib/sendmail/vacation/Makefile.m4
new file mode 100644
index 0000000..71430eb
--- /dev/null
+++ b/contrib/sendmail/vacation/Makefile.m4
@@ -0,0 +1,19 @@
+include(confBUILDTOOLSDIR`/M4/switch.m4')
+
+# sendmail dir
+SMSRCDIR=	ifdef(`confSMSRCDIR', `confSMSRCDIR', `${SRCDIR}/sendmail')
+PREPENDDEF(`confENVDEF', `confMAPDEF')
+PREPENDDEF(`confINCDIRS', `-I${SMSRCDIR} ')
+
+bldPRODUCT_START(`executable', `vacation')
+define(`bldSOURCES', `vacation.c ')
+bldPUSH_SMLIB(`smutil')
+bldPUSH_SMLIB(`smdb')
+APPENDDEF(`confENVDEF', `-DNOT_SENDMAIL')
+bldPRODUCT_END
+
+bldPRODUCT_START(`manpage', `vacation')
+define(`bldSOURCES', `vacation.1')
+bldPRODUCT_END
+
+bldFINISH
diff --git a/contrib/sendmail/vacation/vacation.1 b/contrib/sendmail/vacation/vacation.1
new file mode 100644
index 0000000..54bb674
--- /dev/null
+++ b/contrib/sendmail/vacation/vacation.1
@@ -0,0 +1,200 @@
+.\" Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+.\"	All rights reserved.
+.\" Copyright (c) 1985, 1987, 1990, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\"
+.\" By using this file, you agree to the terms and conditions set
+.\" forth in the LICENSE file which can be found at the top level of
+.\" the sendmail distribution.
+.\"
+.\"
+.\"	$Id: vacation.1,v 8.11 2000/03/17 07:32:50 gshapiro Exp $
+.\"
+.TH VACATION 1 "$Date: 2000/03/17 07:32:50 $"
+.SH NAME
+.B vacation
+\- return ``I am not here'' indication
+.SH SYNOPSIS
+.B vacation
+.B \-i
+.RB [ \-r 
+.IR interval ]
+.RB [ \-x ]
+.B vacation
+.RB [ \-a
+.IR alias ]
+.RB [ \-f
+.IR database ]
+.RB [ \-m
+.IR message ]
+.RB [ \-s
+.IR address ]
+.RB [ \-t
+.IR time ]
+.RB [ \-z ]
+.I login
+.SH DESCRIPTION
+.B Vacation
+returns a message to the sender of a message telling them that you
+are currently not reading your mail.  The intended use is in a
+.I .forward
+file.  For example, your
+.I .forward
+file might have:
+.IP
+\eeric, "|/usr/bin/vacation -a allman eric"
+.PP
+which would send messages to you (assuming your login name was eric) and
+reply to any messages for
+``eric''
+or
+``allman''.
+.PP
+Available options:
+.TP
+.BI \-a " alias"
+Handle messages for
+.Ar alias
+in the same manner as those received for the user's
+login name.
+.TP
+.BI \-f " filename"
+Use
+.I filename
+as name of the database instead of
+.IR ~/.vacation.db .
+Unless the
+.I filename
+starts with / it is relative to ~.
+.TP
+.B \-i
+Initialize the vacation database files.  It should be used
+before you modify your
+.I .forward
+file.
+.TP
+.BI \-m " filename"
+Use
+.I filename
+as name of the file containing the message to send instead of
+.IR ~/.vacation.msg .
+Unless the
+.I filename
+starts with / it is relative to ~.
+.TP
+.BI \-r " interval"
+Set the reply interval to
+.I interval
+days.  The default is one week.
+An interval of ``0'' or
+``infinite''
+(actually, any non-numeric character) will never send more than
+one reply.
+.TP
+.BI \-s " address"
+Use
+.I address
+instead of the sender address in the
+.I From 
+line to determine the reply address.
+.TP
+.BI \-t " time"
+Ignored, available only for compatibility with Sun's
+vacation program.
+.TP
+.B \-x
+reads an exclusion list from stdin (one address per line).
+Mails coming from an address
+in this exclusion list won't get a reply by
+.BR vacation .
+It is possible to exclude complete domains by specifying
+``@domain''
+as element of the exclusion list.
+.TP
+.B \-z
+Set the sender of the vacation message to
+``<>''
+instead of the user.
+This probably violates the RFCs since vacation messages are
+not required by a standards-track RFC to have a null reverse-path.
+.PP
+No message will be sent unless
+.I login
+(or an
+.I alias
+supplied using the
+.B \-a
+option) is part of either the
+``To:''
+or
+``Cc:''
+headers of the mail.
+No messages from
+``???-REQUEST'',
+``Postmaster'',
+``UUCP'',
+``MAILER'',
+or
+``MAILER-DAEMON''
+will be replied to (where these strings are
+case insensitive) nor is a notification sent if a
+``Precedence: bulk''
+or
+``Precedence: junk''
+line is included in the mail headers.
+The people who have sent you messages are maintained as a
+db(3)
+database in the file
+.I .vacation.db
+in your home directory.
+.PP
+.B Vacation
+expects a file
+.IR .vacation.msg ,
+in your home directory, containing a message to be sent back to each
+sender.  It should be an entire message (including headers).  For
+example, it might contain:
+.IP
+.nf
+From: eric@CS.Berkeley.EDU (Eric Allman)
+Subject: I am on vacation
+Delivered-By-The-Graces-Of: The Vacation program
+Precedence: bulk
+
+I am on vacation until July 22.  If you have something urgent,
+please contact Keith Bostic <bostic@CS.Berkeley.EDU>.
+--eric
+.fi 
+.PP
+.B Vacation
+reads the first line from the standard input for a
+UNIX
+``From''
+line to determine the sender.
+Sendmail(8)
+includes this
+``From''
+line automatically.
+.PP
+Fatal errors, such as calling
+.B vacation
+with incorrect arguments, or with non-existent
+.IR login s,
+are logged in the system log file, using
+syslog(8).
+.SH FILES
+.TP 1.8i
+~/.vacation.db
+database file
+.TP
+~/.vacation.msg
+message to send
+.SH SEE ALSO
+sendmail(8),
+syslog(8)
+.SH HISTORY
+The
+.B vacation
+command appeared in
+4.3BSD.
diff --git a/contrib/sendmail/vacation/vacation.c b/contrib/sendmail/vacation/vacation.c
new file mode 100644
index 0000000..d1c21e9
--- /dev/null
+++ b/contrib/sendmail/vacation/vacation.c
@@ -0,0 +1,1015 @@
+/*
+ * Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ * Copyright (c) 1983, 1987, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ * Copyright (c) 1983 Eric P. Allman.  All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ */
+
+#ifndef lint
+static char copyright[] =
+"@(#) Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.\n\
+	All rights reserved.\n\
+     Copyright (c) 1983, 1987, 1993\n\
+	The Regents of the University of California.  All rights reserved.\n\
+     Copyright (c) 1983 Eric P. Allman.  All rights reserved.\n";
+#endif /* ! lint */
+
+#ifndef lint
+static char id[] = "@(#)$Id: vacation.c,v 8.68.4.4 2000/07/18 05:10:29 gshapiro Exp $";
+#endif /* ! lint */
+
+#include <ctype.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <time.h>
+#include <unistd.h>
+#ifdef EX_OK
+# undef EX_OK		/* unistd.h may have another use for this */
+#endif /* EX_OK */
+#include <sysexits.h>
+
+#include "sendmail/sendmail.h"
+#include "libsmdb/smdb.h"
+
+#if defined(__hpux) && !defined(HPUX11)
+# undef syslog		/* Undo hard_syslog conf.h change */
+#endif /* defined(__hpux) && !defined(HPUX11) */
+
+#ifndef _PATH_SENDMAIL
+# define _PATH_SENDMAIL "/usr/lib/sendmail"
+#endif /* ! _PATH_SENDMAIL */
+
+#define ONLY_ONCE	((time_t) 0)	/* send at most one reply */
+#define INTERVAL_UNDEF	((time_t) (-1))	/* no value given */
+
+uid_t	RealUid;
+gid_t	RealGid;
+char	*RealUserName;
+uid_t	RunAsUid;
+uid_t	RunAsGid;
+char	*RunAsUserName;
+int	Verbose = 2;
+bool	DontInitGroups = FALSE;
+uid_t	TrustedUid = 0;
+BITMAP256 DontBlameSendmail;
+
+/*
+**  VACATION -- return a message to the sender when on vacation.
+**
+**	This program is invoked as a message receiver.  It returns a
+**	message specified by the user to whomever sent the mail, taking
+**	care not to return a message too often to prevent "I am on
+**	vacation" loops.
+*/
+
+#define	VDB	".vacation"		/* vacation database */
+#define	VMSG	".vacation.msg"		/* vacation message */
+#define SECSPERDAY	(60 * 60 * 24)
+#define DAYSPERWEEK	7
+
+#ifndef TRUE
+# define TRUE	1
+# define FALSE	0
+#endif /* ! TRUE */
+
+#ifndef __P
+# ifdef __STDC__
+#  define __P(protos)	protos
+# else /* __STDC__ */
+#  define __P(protos)	()
+#  define const
+# endif /* __STDC__ */
+#endif /* ! __P */
+
+typedef struct alias
+{
+	char *name;
+	struct alias *next;
+} ALIAS;
+
+ALIAS *Names = NULL;
+
+SMDB_DATABASE *Db;
+
+char From[MAXLINE];
+
+#if _FFR_DEBUG
+void (*msglog)(int, const char *, ...) = &syslog;
+static void debuglog __P((int, const char *, ...));
+#else /* _FFR_DEBUG */
+# define msglog		syslog
+#endif /* _FFR_DEBUG */
+
+int
+main(argc, argv)
+	int argc;
+	char **argv;
+{
+	bool iflag, emptysender, exclude;
+#if _FFR_LISTDB
+	bool lflag = FALSE;
+#endif /* _FFR_LISTDB */
+	int mfail = 0, ufail = 0;
+	int ch;
+	int result;
+	time_t interval;
+	struct passwd *pw;
+	ALIAS *cur;
+	char *dbfilename = VDB;
+	char *msgfilename = VMSG;
+	char *name;
+	SMDB_USER_INFO user_info;
+	static char rnamebuf[MAXNAME];
+	extern int optind, opterr;
+	extern char *optarg;
+	extern void usage __P((void));
+	extern void setinterval __P((time_t));
+	extern void readheaders __P((void));
+	extern bool recent __P((void));
+	extern void setreply __P((char *, time_t));
+	extern void sendmessage __P((char *, char *, bool));
+	extern void xclude __P((FILE *));
+
+	/* Vars needed to link with smutil */
+	clrbitmap(DontBlameSendmail);
+	RunAsUid = RealUid = getuid();
+	RunAsGid = RealGid = getgid();
+	pw = getpwuid(RealUid);
+	if (pw != NULL)
+	{
+		if (strlen(pw->pw_name) > MAXNAME - 1)
+			pw->pw_name[MAXNAME] = '\0';
+		snprintf(rnamebuf, sizeof rnamebuf, "%s", pw->pw_name);
+	}
+	else
+		snprintf(rnamebuf, sizeof rnamebuf,
+			 "Unknown UID %d", (int) RealUid);
+	RunAsUserName = RealUserName = rnamebuf;
+
+#ifdef LOG_MAIL
+	openlog("vacation", LOG_PID, LOG_MAIL);
+#else /* LOG_MAIL */
+	openlog("vacation", LOG_PID);
+#endif /* LOG_MAIL */
+
+	opterr = 0;
+	iflag = FALSE;
+	emptysender = FALSE;
+	exclude = FALSE;
+	interval = INTERVAL_UNDEF;
+	*From = '\0';
+
+#if _FFR_DEBUG && _FFR_LISTDB
+# define OPTIONS		"a:df:Iilm:r:s:t:xz"
+#else /* _FFR_DEBUG && _FFR_LISTDB */
+# if _FFR_DEBUG
+#  define OPTIONS		"a:df:Iim:r:s:t:xz"
+# else /* _FFR_DEBUG */
+#  if _FFR_LISTDB
+#   define OPTIONS		"a:f:Iilm:r:s:t:xz"
+#  else /* _FFR_LISTDB */
+#   define OPTIONS		"a:f:Iim:r:s:t:xz"
+#  endif /* _FFR_LISTDB */
+# endif /* _FFR_DEBUG */
+#endif /* _FFR_DEBUG && _FFR_LISTDB */
+
+	while (mfail == 0 && ufail == 0 &&
+	       (ch = getopt(argc, argv, OPTIONS)) != -1)
+	{
+		switch((char)ch)
+		{
+		  case 'a':			/* alias */
+			cur = (ALIAS *)malloc((u_int)sizeof(ALIAS));
+			if (cur == NULL)
+			{
+				mfail++;
+				break;
+			}
+			cur->name = optarg;
+			cur->next = Names;
+			Names = cur;
+			break;
+
+#if _FFR_DEBUG
+		case 'd':			/* debug mode */
+			msglog = &debuglog;
+			break;
+#endif /* _FFR_DEBUG */
+
+
+		  case 'f':		/* alternate database */
+			dbfilename = optarg;
+			break;
+
+		  case 'I':			/* backward compatible */
+		  case 'i':			/* init the database */
+			iflag = TRUE;
+			break;
+
+#if _FFR_LISTDB
+		  case 'l':
+			lflag = TRUE;		/* list the database */
+			break;
+#endif /* _FFR_LISTDB */
+
+		  case 'm':		/* alternate message file */
+			msgfilename = optarg;
+			break;
+
+		  case 'r':
+			if (isascii(*optarg) && isdigit(*optarg))
+			{
+				interval = atol(optarg) * SECSPERDAY;
+				if (interval < 0)
+					ufail++;
+			}
+			else
+				interval = ONLY_ONCE;
+			break;
+
+		  case 's':		/* alternate sender name */
+			(void) strlcpy(From, optarg, sizeof From);
+			break;
+
+		  case 't':		/* SunOS: -t1d (default expire) */
+			break;
+
+		  case 'x':
+			exclude = TRUE;
+			break;
+
+		  case 'z':
+			emptysender = TRUE;
+			break;
+
+		  case '?':
+		  default:
+			ufail++;
+			break;
+		}
+	}
+	argc -= optind;
+	argv += optind;
+
+	if (mfail != 0)
+	{
+		msglog(LOG_NOTICE,
+		       "vacation: can't allocate memory for alias.\n");
+		exit(EX_TEMPFAIL);
+	}
+	if (ufail != 0)
+		usage();
+
+	if (argc != 1)
+	{
+		if (!iflag &&
+#if _FFR_LISTDB
+		    !lflag &&
+#endif /* _FFR_LISTDB */
+		    !exclude)
+			usage();
+		if ((pw = getpwuid(getuid())) == NULL)
+		{
+			msglog(LOG_ERR,
+			       "vacation: no such user uid %u.\n", getuid());
+			exit(EX_NOUSER);
+		}
+	}
+#if _FFR_BLACKBOX
+	name = *argv;
+#else /* _FFR_BLACKBOX */
+	else if ((pw = getpwnam(*argv)) == NULL)
+	{
+		msglog(LOG_ERR, "vacation: no such user %s.\n", *argv);
+		exit(EX_NOUSER);
+	}
+	name = pw->pw_name;
+	if (chdir(pw->pw_dir) != 0)
+	{
+		msglog(LOG_NOTICE,
+		       "vacation: no such directory %s.\n", pw->pw_dir);
+		exit(EX_NOINPUT);
+	}
+#endif /* _FFR_BLACKBOX */
+	user_info.smdbu_id = pw->pw_uid;
+	user_info.smdbu_group_id = pw->pw_gid;
+	(void) strlcpy(user_info.smdbu_name, pw->pw_name,
+		       SMDB_MAX_USER_NAME_LEN);
+
+	result = smdb_open_database(&Db, dbfilename,
+				    O_CREAT|O_RDWR | (iflag ? O_TRUNC : 0),
+				    S_IRUSR|S_IWUSR, SFF_CREAT,
+				    SMDB_TYPE_DEFAULT, &user_info, NULL);
+	if (result != SMDBE_OK)
+	{
+		msglog(LOG_NOTICE, "vacation: %s: %s\n", dbfilename,
+		       errstring(result));
+		exit(EX_DATAERR);
+	}
+
+#if _FFR_LISTDB
+	if (lflag)
+	{
+		static void listdb __P((void));
+
+		listdb();
+		(void)Db->smdb_close(Db);
+		exit(EX_OK);
+	}
+#endif /* _FFR_LISTDB */
+
+	if (interval != INTERVAL_UNDEF)
+		setinterval(interval);
+
+	if (iflag)
+	{
+		result = Db->smdb_close(Db);
+		if (!exclude)
+			exit(EX_OK);
+	}
+
+	if (exclude)
+	{
+		xclude(stdin);
+		result = Db->smdb_close(Db);
+		exit(EX_OK);
+	}
+
+	if ((cur = (ALIAS *)malloc((u_int)sizeof(ALIAS))) == NULL)
+	{
+		msglog(LOG_NOTICE,
+		       "vacation: can't allocate memory for username.\n");
+		exit(EX_OSERR);
+	}
+	cur->name = name;
+	cur->next = Names;
+	Names = cur;
+
+	readheaders();
+	if (!recent())
+	{
+		time_t now;
+
+		(void) time(&now);
+		setreply(From, now);
+		result = Db->smdb_close(Db);
+		sendmessage(name, msgfilename, emptysender);
+	}
+	else
+		result = Db->smdb_close(Db);
+	exit(EX_OK);
+	/* NOTREACHED */
+	return EX_OK;
+}
+
+/*
+** READHEADERS -- read mail headers
+**
+**	Parameters:
+**		none.
+**
+**	Returns:
+**		nothing.
+**
+*/
+void
+readheaders()
+{
+	bool tome, cont;
+	register char *p;
+	register ALIAS *cur;
+	char buf[MAXLINE];
+	extern bool junkmail __P((char *));
+	extern bool nsearch __P((char *, char *));
+
+	cont = tome = FALSE;
+	while (fgets(buf, sizeof(buf), stdin) && *buf != '\n')
+	{
+		switch(*buf)
+		{
+		  case 'F':		/* "From " */
+			cont = FALSE;
+			if (strncmp(buf, "From ", 5) == 0)
+			{
+				bool quoted = FALSE;
+
+				p = buf + 5;
+				while (*p != '\0')
+				{
+					/* escaped character */
+					if (*p == '\\')
+					{
+						p++;
+						if (*p == '\0')
+						{
+							msglog(LOG_NOTICE,
+							       "vacation: badly formatted \"From \" line.\n");
+							exit(EX_DATAERR);
+						}
+					}
+					else if (*p == '"')
+						quoted = !quoted;
+					else if (*p == '\r' || *p == '\n')
+						break;
+					else if (*p == ' ' && !quoted)
+						break;
+					p++;
+				}
+				if (quoted)
+				{
+					msglog(LOG_NOTICE,
+					       "vacation: badly formatted \"From \" line.\n");
+					exit(EX_DATAERR);
+				}
+				*p = '\0';
+
+				/* ok since both strings have MAXLINE length */
+				if (*From == '\0')
+					(void)strlcpy(From, buf + 5,
+						      sizeof From);
+				if ((p = strchr(buf + 5, '\n')) != NULL)
+					*p = '\0';
+				if (junkmail(buf + 5))
+					exit(EX_OK);
+			}
+			break;
+
+		  case 'P':		/* "Precedence:" */
+		  case 'p':
+			cont = FALSE;
+			if (strlen(buf) <= 10 ||
+			    strncasecmp(buf, "Precedence", 10) != 0 ||
+			    (buf[10] != ':' && buf[10] != ' ' &&
+			     buf[10] != '\t'))
+				break;
+			if ((p = strchr(buf, ':')) == NULL)
+				break;
+			while (*++p != '\0' && isascii(*p) && isspace(*p));
+			if (*p == '\0')
+				break;
+			if (strncasecmp(p, "junk", 4) == 0 ||
+			    strncasecmp(p, "bulk", 4) == 0 ||
+			    strncasecmp(p, "list", 4) == 0)
+				exit(EX_OK);
+			break;
+
+		  case 'C':		/* "Cc:" */
+		  case 'c':
+			if (strncasecmp(buf, "Cc:", 3) != 0)
+				break;
+			cont = TRUE;
+			goto findme;
+
+		  case 'T':		/* "To:" */
+		  case 't':
+			if (strncasecmp(buf, "To:", 3) != 0)
+				break;
+			cont = TRUE;
+			goto findme;
+
+		  default:
+			if (!isascii(*buf) || !isspace(*buf) || !cont || tome)
+			{
+				cont = FALSE;
+				break;
+			}
+findme:
+			for (cur = Names;
+			     !tome && cur != NULL;
+			     cur = cur->next)
+				tome = nsearch(cur->name, buf);
+		}
+	}
+	if (!tome)
+		exit(EX_OK);
+	if (*From == '\0')
+	{
+		msglog(LOG_NOTICE, "vacation: no initial \"From \" line.\n");
+		exit(EX_DATAERR);
+	}
+}
+
+/*
+** NSEARCH --
+**	do a nice, slow, search of a string for a substring.
+**
+**	Parameters:
+**		name -- name to search.
+**		str -- string in which to search.
+**
+**	Returns:
+**		is name a substring of str?
+**
+*/
+bool
+nsearch(name, str)
+	register char *name, *str;
+{
+	register size_t len;
+	register char *s;
+
+	len = strlen(name);
+
+	for (s = str; *s != '\0'; ++s)
+	{
+		/*
+		**  Check to make sure that the string matches and
+		**  the previous character is not an alphanumeric and
+		**  the next character after the match is not an alphanumeric.
+		**
+		**  This prevents matching "eric" to "derick" while still
+		**  matching "eric" to "<eric+detail>".
+		*/
+
+		if (tolower(*s) == tolower(*name) &&
+		    strncasecmp(name, s, len) == 0 &&
+		    (s == str || !isascii(*(s - 1)) || !isalnum(*(s - 1))) &&
+		    (!isascii(*(s + len)) || !isalnum(*(s + len))))
+			return TRUE;
+	}
+	return FALSE;
+}
+
+/*
+** JUNKMAIL --
+**	read the header and return if automagic/junk/bulk/list mail
+**
+**	Parameters:
+**		from -- sender address.
+**
+**	Returns:
+**		is this some automated/junk/bulk/list mail?
+**
+*/
+bool
+junkmail(from)
+	char *from;
+{
+	register size_t len;
+	register char *p;
+	register struct ignore *cur;
+	static struct ignore
+	{
+		char	*name;
+		size_t	len;
+	} ignore[] =
+	{
+		{ "-request",		8	},
+		{ "postmaster",		10	},
+		{ "uucp",		4	},
+		{ "mailer-daemon",	13	},
+		{ "mailer",		6	},
+		{ "-relay",		6	},
+		{ NULL,			0	}
+	};
+
+	/*
+	 * This is mildly amusing, and I'm not positive it's right; trying
+	 * to find the "real" name of the sender, assuming that addresses
+	 * will be some variant of:
+	 *
+	 * From site!site!SENDER%site.domain%site.domain@site.domain
+	 */
+	if ((p = strchr(from, '%')) == NULL &&
+	    (p = strchr(from, '@')) == NULL)
+	{
+		if ((p = strrchr(from, '!')) != NULL)
+			++p;
+		else
+			p = from;
+		for (; *p; ++p)
+			continue;
+	}
+	len = p - from;
+	for (cur = ignore; cur->name != NULL; ++cur)
+	{
+		if (len >= cur->len &&
+		    strncasecmp(cur->name, p - cur->len, cur->len) == 0)
+			return TRUE;
+	}
+	return FALSE;
+}
+
+#define	VIT	"__VACATION__INTERVAL__TIMER__"
+
+/*
+** RECENT --
+**	find out if user has gotten a vacation message recently.
+**
+**	Parameters:
+**		none.
+**
+**	Returns:
+**		TRUE iff user has gotten a vacation message recently.
+**
+*/
+bool
+recent()
+{
+	SMDB_DBENT key, data;
+	time_t then, next;
+	bool trydomain = FALSE;
+	int st;
+	char *domain;
+
+	memset(&key, '\0', sizeof key);
+	memset(&data, '\0', sizeof data);
+
+	/* get interval time */
+	key.data.data = VIT;
+	key.data.size = sizeof(VIT);
+
+	st = Db->smdb_get(Db, &key, &data, 0);
+	if (st != SMDBE_OK)
+		next = SECSPERDAY * DAYSPERWEEK;
+	else
+		memmove(&next, data.data.data, sizeof(next));
+
+	memset(&data, '\0', sizeof data);
+
+	/* get record for this address */
+	key.data.data = From;
+	key.data.size = strlen(From);
+
+	do
+	{
+		st = Db->smdb_get(Db, &key, &data, 0);
+		if (st == SMDBE_OK)
+		{
+			memmove(&then, data.data.data, sizeof(then));
+			if (next == ONLY_ONCE || then == ONLY_ONCE ||
+			    then + next > time(NULL))
+				return TRUE;
+		}
+		if ((trydomain = !trydomain) &&
+		    (domain = strchr(From, '@')) != NULL)
+		{
+			key.data.data = domain;
+			key.data.size = strlen(domain);
+		}
+	} while (trydomain);
+	return FALSE;
+}
+
+/*
+** SETINTERVAL --
+**	store the reply interval
+**
+**	Parameters:
+**		interval -- time interval for replies.
+**
+**	Returns:
+**		nothing.
+**
+**	Side Effects:
+**		stores the reply interval in database.
+*/
+void
+setinterval(interval)
+	time_t interval;
+{
+	SMDB_DBENT key, data;
+
+	memset(&key, '\0', sizeof key);
+	memset(&data, '\0', sizeof data);
+
+	key.data.data = VIT;
+	key.data.size = sizeof(VIT);
+	data.data.data = (char*) &interval;
+	data.data.size = sizeof(interval);
+	(void)(Db->smdb_put)(Db, &key, &data, 0);
+}
+
+/*
+** SETREPLY --
+**	store that this user knows about the vacation.
+**
+**	Parameters:
+**		from -- sender address.
+**		when -- last reply time.
+**
+**	Returns:
+**		nothing.
+**
+**	Side Effects:
+**		stores user/time in database.
+*/
+void
+setreply(from, when)
+	char *from;
+	time_t when;
+{
+	SMDB_DBENT key, data;
+
+	memset(&key, '\0', sizeof key);
+	memset(&data, '\0', sizeof data);
+
+	key.data.data = from;
+	key.data.size = strlen(from);
+	data.data.data = (char*) &when;
+	data.data.size = sizeof(when);
+	(void)(Db->smdb_put)(Db, &key, &data, 0);
+}
+
+/*
+** XCLUDE --
+**	add users to vacation db so they don't get a reply.
+**
+**	Parameters:
+**		f -- file pointer with list of address to exclude
+**
+**	Returns:
+**		nothing.
+**
+**	Side Effects:
+**		stores users in database.
+*/
+void
+xclude(f)
+	FILE *f;
+{
+	char buf[MAXLINE], *p;
+
+	if (f == NULL)
+		return;
+	while (fgets(buf, sizeof buf, f))
+	{
+		if ((p = strchr(buf, '\n')) != NULL)
+			*p = '\0';
+		setreply(buf, ONLY_ONCE);
+	}
+}
+
+/*
+** SENDMESSAGE --
+**	exec sendmail to send the vacation file to sender
+**
+**	Parameters:
+**		myname -- user name.
+**		msgfn -- name of file with vacation message.
+**		emptysender -- use <> as sender address?
+**
+**	Returns:
+**		nothing.
+**
+**	Side Effects:
+**		sends vacation reply.
+*/
+void
+sendmessage(myname, msgfn, emptysender)
+	char *myname;
+	char *msgfn;
+	bool emptysender;
+{
+	FILE *mfp, *sfp;
+	int i;
+	int pvect[2];
+	char buf[MAXLINE];
+
+	mfp = fopen(msgfn, "r");
+	if (mfp == NULL)
+	{
+		if (msgfn[0] == '/')
+			msglog(LOG_NOTICE, "vacation: no %s file.\n", msgfn);
+		else
+			msglog(LOG_NOTICE, "vacation: no ~%s/%s file.\n",
+			       myname, msgfn);
+		exit(EX_NOINPUT);
+	}
+	if (pipe(pvect) < 0)
+	{
+		msglog(LOG_ERR, "vacation: pipe: %s", errstring(errno));
+		exit(EX_OSERR);
+	}
+	i = fork();
+	if (i < 0)
+	{
+		msglog(LOG_ERR, "vacation: fork: %s", errstring(errno));
+		exit(EX_OSERR);
+	}
+	if (i == 0)
+	{
+		(void) dup2(pvect[0], 0);
+		(void) close(pvect[0]);
+		(void) close(pvect[1]);
+		(void) fclose(mfp);
+		if (emptysender)
+			myname = "<>";
+		(void) execl(_PATH_SENDMAIL, "sendmail", "-f", myname, "--",
+		      From, NULL);
+		msglog(LOG_ERR, "vacation: can't exec %s: %s",
+			_PATH_SENDMAIL, errstring(errno));
+		exit(EX_UNAVAILABLE);
+	}
+	/* check return status of the following calls? XXX */
+	(void) close(pvect[0]);
+	if ((sfp = fdopen(pvect[1], "w")) != NULL)
+	{
+		(void) fprintf(sfp, "To: %s\n", From);
+		(void) fprintf(sfp, "Auto-Submitted: auto-generated\n");
+		while (fgets(buf, sizeof buf, mfp))
+			(void) fputs(buf, sfp);
+		(void) fclose(mfp);
+		(void) fclose(sfp);
+	}
+	else
+	{
+		(void) fclose(mfp);
+		msglog(LOG_ERR, "vacation: can't open pipe to sendmail");
+		exit(EX_UNAVAILABLE);
+	}
+}
+
+void
+usage()
+{
+	msglog(LOG_NOTICE, "uid %u: usage: vacation [-i] [-a alias]%s [-f db]%s [-m msg] [-r interval] [-s sender] [-t time] [-x] [-z] login\n",
+	       getuid(),
+#if _FFR_DEBUG
+	       " [-d]",
+#else /* _FFR_DEBUG */
+	       "",
+#endif /* _FFR_DEBUG */
+#if _FFR_LISTDB
+	       " [-l]"
+#else /* _FFR_LISTDB */
+	       ""
+#endif /* _FFR_LISTDB */
+	       );
+	exit(EX_USAGE);
+}
+
+#if _FFR_LISTDB
+/*
+** LISTDB -- list the contents of the vacation database
+**
+**	Parameters:
+**		none.
+**
+**	Returns:
+**		nothing.
+*/
+
+static void
+listdb()
+{
+	int result;
+	time_t t;
+	SMDB_CURSOR *cursor = NULL;
+	SMDB_DBENT db_key, db_value;
+
+	memset(&db_key, '\0', sizeof db_key);
+	memset(&db_value, '\0', sizeof db_value);
+
+	result = Db->smdb_cursor(Db, &cursor, 0);
+	if (result != SMDBE_OK)
+	{
+		fprintf(stderr, "vacation: set cursor: %s\n",
+			errstring(result));
+		return;
+	}
+
+	while ((result = cursor->smdbc_get(cursor, &db_key, &db_value,
+					   SMDB_CURSOR_GET_NEXT)) == SMDBE_OK)
+	{
+		/* skip magic VIT entry */
+		if ((int)db_key.data.size -1 == strlen(VIT) &&
+		    strncmp((char *)db_key.data.data, VIT,
+			    (int)db_key.data.size - 1) == 0)
+			continue;
+
+		/* skip bogus values */
+		if (db_value.data.size != sizeof t)
+		{
+			fprintf(stderr, "vacation: %.*s invalid time stamp\n",
+				(int) db_key.data.size,
+				(char *) db_key.data.data);
+			continue;
+		}
+
+		memcpy(&t, db_value.data.data, sizeof t);
+
+		if (db_key.data.size > 40)
+			db_key.data.size = 40;
+
+		printf("%-40.*s %-10s",
+		       (int) db_key.data.size, (char *) db_key.data.data,
+		       ctime(&t));
+
+		memset(&db_key, '\0', sizeof db_key);
+		memset(&db_value, '\0', sizeof db_value);
+	}
+
+	if (result != SMDBE_OK && result != SMDBE_LAST_ENTRY)
+	{
+		fprintf(stderr,	"vacation: get value at cursor: %s\n",
+			errstring(result));
+		if (cursor != NULL)
+		{
+			(void) cursor->smdbc_close(cursor);
+			cursor = NULL;
+		}
+		return;
+	}
+	(void) cursor->smdbc_close(cursor);
+	cursor = NULL;
+}
+#endif /* _FFR_LISTDB */
+
+#if _FFR_DEBUG
+/*
+** DEBUGLOG -- write message to standard error
+**
+**	Append a message to the standard error for the convenience of
+**	end-users debugging without access to the syslog messages.
+**
+**	Parameters:
+**		i -- syslog log level
+**		fmt -- string format
+**
+**	Returns:
+**		nothing.
+*/
+
+/*VARARGS2*/
+static void
+#ifdef __STDC__
+debuglog(int i, const char *fmt, ...)
+#else /* __STDC__ */
+debuglog(i, fmt, va_alist)
+	int i;
+	const char *fmt;
+	va_dcl
+#endif /* __STDC__ */
+
+{
+	VA_LOCAL_DECL
+
+	VA_START(fmt);
+	vfprintf(stderr, fmt, ap);
+	VA_END;
+}
+#endif /* _FFR_DEBUG */
+
+/*VARARGS1*/
+void
+#ifdef __STDC__
+message(const char *msg, ...)
+#else /* __STDC__ */
+message(msg, va_alist)
+	const char *msg;
+	va_dcl
+#endif /* __STDC__ */
+{
+	const char *m;
+	VA_LOCAL_DECL
+
+	m = msg;
+	if (isascii(m[0]) && isdigit(m[0]) &&
+	    isascii(m[1]) && isdigit(m[1]) &&
+	    isascii(m[2]) && isdigit(m[2]) && m[3] == ' ')
+		m += 4;
+	VA_START(msg);
+	(void) vfprintf(stderr, m, ap);
+	VA_END;
+	(void) fprintf(stderr, "\n");
+}
+
+/*VARARGS1*/
+void
+#ifdef __STDC__
+syserr(const char *msg, ...)
+#else /* __STDC__ */
+syserr(msg, va_alist)
+	const char *msg;
+	va_dcl
+#endif /* __STDC__ */
+{
+	const char *m;
+	VA_LOCAL_DECL
+
+	m = msg;
+	if (isascii(m[0]) && isdigit(m[0]) &&
+	    isascii(m[1]) && isdigit(m[1]) &&
+	    isascii(m[2]) && isdigit(m[2]) && m[3] == ' ')
+		m += 4;
+	VA_START(msg);
+	(void) vfprintf(stderr, m, ap);
+	VA_END;
+	(void) fprintf(stderr, "\n");
+}
+
+void
+dumpfd(fd, printclosed, logit)
+	int fd;
+	bool printclosed;
+	bool logit;
+{
+	return;
+}