Import sendmail 8.13.1

author: gshapiro <gshapiro@FreeBSD.org> 2004-08-01 01:04:57 +0000
committer: gshapiro <gshapiro@FreeBSD.org> 2004-08-01 01:04:57 +0000
commit: 1fc446a819a244515d9461fa50d34ee191414d6f (patch)
tree: f6477ae85b00ee6d58b086b0d1d597dd9a403391 /contrib/sendmail/cf
parent: 238623a0204c90e8d61dbde7b3b499a5036f2e5d (diff)
download: FreeBSD-src-1fc446a819a244515d9461fa50d34ee191414d6f.zip
FreeBSD-src-1fc446a819a244515d9461fa50d34ee191414d6f.tar.gz
31 files changed, 1000 insertions, 221 deletions
diff --git a/contrib/sendmail/cf/README b/contrib/sendmail/cf/README
index ff70579..52985bb 100644
--- a/contrib/sendmail/cf/README
+++ b/contrib/sendmail/cf/README
@@ -28,6 +28,7 @@ MASQUERADING AND RELAYING
 USING LDAP FOR ALIASES, MAPS, AND CLASSES
 LDAP ROUTING
 ANTI-SPAM CONFIGURATION CONTROL
+CONNECTION CONTROL
 STARTTLS
 SMTP AUTHENTICATION
 ADDING NEW MAILERS OR RULESETS
@@ -76,7 +77,7 @@ Let's examine a typical .mc file:
 
 	divert(-1)
 	#
-	# Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers.
+	# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
 	#	All rights reserved.
 	# Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 	# Copyright (c) 1988, 1993
@@ -130,8 +131,8 @@ definition appropriate for your environment.
 
 These describe the mailers used at the default CS site.  The local
 mailer is always included automatically.  Beware: MAILER declarations
-should always be at the end of the configuration file.  The general
-rules are that the order should be:
+should only be followed by LOCAL_* sections.  The general rules are
+that the order should be:
 
 	VERSIONID
 	OSTYPE
@@ -1051,6 +1052,12 @@ local_lmtp	Use an LMTP capable local mailer.  The argument to this
 		LMTP capable.  The path to mail.local is set by the
 		confEBINDIR m4 variable -- making the default
 		LOCAL_MAILER_PATH /usr/libexec/mail.local.
+		If a different LMTP capable mailer is used, its pathname
+		can be specified as second parameter and the arguments
+		passed to it (A=) as third parameter, e.g.,
+
+			FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp')
+
 		WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
 		i.e., without respecting any definitions in an OSTYPE setting.
 
@@ -1226,6 +1233,13 @@ delay_checks	The rulesets check_mail and check_relay will not be called
 		section.  Note: this feature is incompatible to the versions
 		in 8.10 and 8.11.
 
+use_client_ptr	If this feature is enabled then check_relay will override
+		its first argument with $&{client_ptr}.  This is useful for
+		rejections based on the unverified hostname of client,
+		which turns on the same behavior as in earlier sendmail
+		versions when delay_checks was not in use.  See doc/op/op.*
+		about check_relay, {client_name}, and {client_ptr}.
+
 dnsbl		Turns on rejection of hosts found in an DNS based rejection
 		list.  If an argument is provided it is used as the domain
 		in which blocked hosts are listed; otherwise it defaults to
@@ -1299,6 +1313,67 @@ enhdnsbl	Enhanced version of dnsbl (see above).  Further arguments
 
 		will be logged).
 
+ratecontrol	Enable simple ruleset to do connection rate control
+		checking.  This requires entries in access_db of the form
+
+			ClientRate:IP.ADD.RE.SS		LIMIT
+
+		The RHS specifies the maximum number of connections
+		(an integer number) over the time interval defined
+		by ConnectionRateWindowSize, where 0 means unlimited.
+
+		Take the following example:
+
+			ClientRate:10.1.2.3		4
+			ClientRate:127.0.0.1		0
+			ClientRate:			10
+
+		10.1.2.3 can only make up to 4 connections, the
+		general limit it 10, and 127.0.0.1 can make an unlimited
+		number of connections per ConnectionRateWindowSize.
+
+		See also CONNECTION CONTROL.
+
+conncontrol	Enable a simple check of the number of incoming SMTP
+		connections.  This requires entries in access_db of the
+		form
+
+			ClientConn:IP.ADD.RE.SS		LIMIT
+
+		The RHS specifies the maximum number of open connections
+		(an integer number).
+
+		Take the following example:
+
+			ClientConn:10.1.2.3		4
+			ClientConn:127.0.0.1		0
+			ClientConn:			10
+
+		10.1.2.3 can only have up to 4 open connections, the
+		general limit it 10, and 127.0.0.1 does not have any
+		explicit limit.
+
+		See also CONNECTION CONTROL.
+
+mtamark		Experimental support for "Marking Mail Transfer Agents in
+		Reverse DNS with TXT RRs" (MTAMark), see
+		draft-stumpf-dns-mtamark-01.  Optional arguments are:
+
+		1. Error message, default:
+
+			550 Rejected: $&{client_addr} not listed as MTA
+
+		2. Temporary lookup failures are ignored unless a second
+		argument is given, which must be either `t' or a full
+		error message.
+
+		3. Lookup prefix, default: _perm._smtp._srv.  This should
+		not be changed unless the draft changes it.
+
+		Example:
+
+			FEATURE(`mtamark', `', `t')
+
 lookupdotdomain	Look up also .domain in the access map.  This allows to
 		match only subdomains.  It does not work well with
 		FEATURE(`relay_hosts_only'), because most lookups for
@@ -1393,6 +1468,32 @@ queuegroup	A simple example how to select a queue group based
 		Note: please read the warning in doc/op/op.me about
 		queue groups and possible queue manipulations.
 
+greet_pause	Adds the greet_pause ruleset which enables open proxy
+		and SMTP slamming protection.  The feature can take an
+		argument specifying the milliseconds to wait:
+
+			FEATURE(`greet_pause', `5000')  dnl 5 seconds
+
+		If FEATURE(`access_db') is enabled, an access database
+		lookup with the GreetPause tag is done using client
+		hostname, domain, IP address, or subnet to determine the
+		pause time:
+
+			GreetPause:my.domain	0
+			GreetPause:example.com	5000
+			GreetPause:10.1.2	2000
+			GreetPause:127.0.0.1	0
+
+		When using FEATURE(`access_db'), the optional
+		FEATURE(`greet_pause') argument becomes the default if
+		nothing is found in the access database.  A ruleset called
+		Local_greet_pause can be used for local modifications, e.g.,
+
+			LOCAL_RULESETS
+			SLocal_greet_pause
+			R$*		$: $&{daemon_flags}
+			R$* a $*	$# 0
+
 +-------+
 | HACKS |
 +-------+
@@ -1461,6 +1562,9 @@ The second example demonstrates that you can use two names on the
 same line; these are usually aliases for the same host (or are at
 least in the same company).
 
+The macro LOCAL_UUCP can be used to add rules into the generated
+cf file at the place where MAILER(`uucp') inserts its rules.  This
+should only be used if really necessary.
 
 +--------------------+
 | USING UUCP MAILERS |
@@ -1787,7 +1891,8 @@ declared as follows:
 		  (|(sendmailMTACluster=${sendmailMTACluster})
 		    (sendmailMTAHost=$j))
 		  (sendmailMTAKey=%0))
-	     -v sendmailMTAAliasValue
+	     -v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject
+
 
 NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
 used when the binary expands the `ldap:' token as the AliasFile option is
@@ -1893,7 +1998,7 @@ For example, FEATURE(`mailertable', `LDAP') would use the map definition:
 			       (|(sendmailMTACluster=${sendmailMTACluster})
 				 (sendmailMTAHost=$j))
 			       (sendmailMTAKey=%0))
-			  -1 -v sendmailMTAMapValue
+			  -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject
 
 An example LDAP LDIF entry using this map might be:
 
@@ -1960,7 +2065,7 @@ specification:
 		       (sendmailMTAClassName=R)
 		       (|(sendmailMTACluster=${sendmailMTACluster})
 			 (sendmailMTAHost=$j)))
-		  -v sendmailMTAClassValue
+		  -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass
 
 NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
 used when the binary expands the `@LDAP' token as class declarations are
@@ -2053,18 +2158,25 @@ and will not reject addresses not found by the LDAP lookup.  However,
 this behavior can be changed by giving additional arguments to the FEATURE()
 command:
 
- FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>, <detail>)
+ FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>,
+		 <detail>, <nodomain>, <tempfail>)
 
 where <mailHost> is a map definition describing how to lookup an alternative
 mail host for a particular address; <mailRoutingAddress> is a map definition
 describing how to lookup an alternative address for a particular address;
 the <bounce> argument, if present and not the word "passthru", dictates
 that mail should be bounced if neither a mailHost nor mailRoutingAddress
-is found; and <detail> indicates what actions to take if the address
+is found, if set to "sendertoo", the sender will be rejected if not
+found in LDAP; and <detail> indicates what actions to take if the address
 contains +detail information -- `strip' tries the lookup with the +detail
 and if no matches are found, strips the +detail and tries the lookup again;
 `preserve', does the same as `strip' but if a mailRoutingAddress match is
-found, the +detail information is copied to the new address.
+found, the +detail information is copied to the new address; the <nodomain>
+argument, if present, will prevent the @domain lookup if the full
+address is not found in LDAP; the <tempfail> argument, if set to
+"tempfail", instructs the rules to give an SMTP 4XX temporary
+error if the LDAP server gives the MTA a temporary failure, or if set to
+"queue" (the default), the MTA will locally queue the mail.
 
 The default <mailHost> map definition is:
 
@@ -2237,12 +2349,11 @@ access map.  If an optional argument `domain' (this is the literal
 word `domain', not a placeholder) is given, the domain portion of
 the mail sender is also checked to allowing relaying.  This option
 only works together with the tag From: for the LHS of the access
-map entries (see below: Finer control...).  This feature allows
-spammers to abuse your mail server by specifying a return address
-that you enabled in your access file.  This may be harder to figure
-out for spammers, but it should not be used unless necessary.
-Instead use SMTP AUTH or STARTTLS to allow relaying for roaming
-users.
+map entries.  This feature allows spammers to abuse your mail server
+by specifying a return address that you enabled in your access file.
+This may be harder to figure out for spammers, but it should not
+be used unless necessary.  Instead use SMTP AUTH or STARTTLS to
+allow relaying for roaming users.
 
 
 If source routing is used in the recipient address (e.g.,
@@ -2338,12 +2449,13 @@ The table itself uses e-mail addresses, domain names, and network
 numbers as keys.  Note that IPv6 addresses must be prefaced with "IPv6:".
 For example,
 
-	spammer@aol.com			REJECT
-	cyberspammer.com		REJECT
-	TLD				REJECT
-	192.168.212			REJECT
-	IPv6:2002:c0a8:02c7		RELAY
-	IPv6:2002:c0a8:51d2::23f4	REJECT
+	From:spammer@aol.com			REJECT
+	From:cyberspammer.com			REJECT
+	Connect:cyberspammer.com		REJECT
+	Connect:TLD				REJECT
+	Connect:192.168.212			REJECT
+	Connect:IPv6:2002:c0a8:02c7		RELAY
+	Connect:IPv6:2002:c0a8:51d2::23f4	REJECT
 
 would refuse mail from spammer@aol.com, any user from cyberspammer.com
 (or any host within the cyberspammer.com domain), any host in the entire
@@ -2351,6 +2463,41 @@ top level domain TLD, 192.168.212.* network, and the IPv6 address
 2002:c0a8:51d2::23f4.  It would allow relay for the IPv6 network
 2002:c0a8:02c7::/48.
 
+Entries in the access map should be tagged according to their type.
+Three tags are available:
+
+	Connect:	connection information (${client_addr}, ${client_name})
+	From:		envelope sender
+	To:		envelope recipient
+
+Notice: untagged entries are deprecated.
+
+If the required item is looked up in a map, it will be tried first
+with the corresponding tag in front, then (as fallback to enable
+backward compatibility) without any tag, unless the specific feature
+requires a tag.  For example,
+
+	From:spammer@some.dom	REJECT
+	To:friend.domain	RELAY
+	Connect:friend.domain	OK
+	Connect:from.domain	RELAY
+	From:good@another.dom	OK
+	From:another.dom	REJECT
+
+This would deny mails from spammer@some.dom but you could still
+send mail to that address even if FEATURE(`blacklist_recipients')
+is enabled.  Your system will allow relaying to friend.domain, but
+not from it (unless enabled by other means).  Connections from that
+domain will be allowed even if it ends up in one of the DNS based
+rejection lists.  Relaying is enabled from from.domain but not to
+it (since relaying is based on the connection information for
+outgoing relaying, the tag Connect: must be used; for incoming
+relaying, which is based on the recipient address, To: must be
+used).  The last two entries allow mails from good@another.dom but
+reject mail from all other addresses with another.dom as domain
+part.
+
+
 The value part of the map can contain:
 
 	OK		Accept mail even if other rules in the running
@@ -2377,38 +2524,46 @@ The value part of the map can contain:
 			"any text" is a message to return for the command.
 			The string should be quoted to avoid surprises,
 			e.g., sendmail may remove spaces otherwise.
-			This type is deprecated, use one the two
+			This type is deprecated, use one of the two
 			ERROR:  entries below instead.
 	ERROR:### any text
 			as above, but useful to mark error messages as such.
 	ERROR:D.S.N:### any text
 			where D.S.N is an RFC 1893 compliant error code
 			and the rest as above.
+	QUARANTINE:any text
+			Quarantine the message using the given text as the
+			quarantining reason.
 
 For example:
 
-	cyberspammer.com	ERROR:"550 We don't accept mail from spammers"
-	okay.cyberspammer.com	OK
-	sendmail.org		RELAY
-	128.32			RELAY
-	IPv6:1:2:3:4:5:6:7	RELAY
-	[127.0.0.3]		OK
-	[IPv6:1:2:3:4:5:6:7:8]	OK
-
-would accept mail from okay.cyberspammer.com, but would reject mail from
-all other hosts at cyberspammer.com with the indicated message.  It would
-allow relaying mail from and to any hosts in the sendmail.org domain, and
-allow relaying from the 128.32.*.* network and the IPv6 1:2:3:4:5:6:7:*
-network.  The latter two entries are for checks against ${client_name} if
-the IP address doesn't resolve to a hostname (or is considered as "may be
-forged").  That is, using square brackets means these are host names,
-not network numbers.
+	From:cyberspammer.com	ERROR:"550 We don't accept mail from spammers"
+	From:okay.cyberspammer.com	OK
+	Connect:sendmail.org		RELAY
+	To:sendmail.org			RELAY
+	Connect:128.32			RELAY
+	Connect:128.32.2		SKIP
+	Connect:IPv6:1:2:3:4:5:6:7	RELAY
+	Connect:suspicious.example.com	QUARANTINE:Mail from suspicious host
+	Connect:[127.0.0.3]		OK
+	Connect:[IPv6:1:2:3:4:5:6:7:8]	OK
+
+would accept mail from okay.cyberspammer.com, but would reject mail
+from all other hosts at cyberspammer.com with the indicated message.
+It would allow relaying mail from and to any hosts in the sendmail.org
+domain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network
+and from the 128.32.*.* network except for the 128.32.2.* network,
+which shows how SKIP is useful to exempt subnets/subdomains.  The
+last two entries are for checks against ${client_name} if the IP
+address doesn't resolve to a hostname (or is considered as "may be
+forged").  That is, using square brackets means these are host
+names, not network numbers.
 
 Warning: if you change the RFC 821 compliant error code from the default
 value of 550, then you should probably also change the RFC 1893 compliant
 error code to match it.  For example, if you use
 
-	user@example.com	ERROR:450 mailbox full
+	To:user@example.com	ERROR:450 mailbox full
 
 the error returned would be "450 5.0.0 mailbox full" which is wrong.
 Use "ERROR:4.2.2:450 mailbox full" instead.
@@ -2427,7 +2582,7 @@ hosts listed in class {R} to be fully qualified host names.
 You can also use the access database to block sender addresses based on
 the username portion of the address.  For example:
 
-	FREE.STEALTH.MAILER@	ERROR:550 Spam not accepted
+	From:FREE.STEALTH.MAILER@	ERROR:550 Spam not accepted
 
 Note that you must include the @ after the username to signify that
 this database entry is for checking only the username portion of the
@@ -2440,24 +2595,24 @@ If you use:
 then you can add entries to the map for local users, hosts in your
 domains, or addresses in your domain which should not receive mail:
 
-	badlocaluser@		ERROR:550 Mailbox disabled for this username
-	host.mydomain.com	ERROR:550 That host does not accept mail
-	user@otherhost.mydomain.com	ERROR:550 Mailbox disabled for this recipient
+	To:badlocaluser@	ERROR:550 Mailbox disabled for badlocaluser
+	To:host.my.TLD		ERROR:550 That host does not accept mail
+	To:user@other.my.TLD	ERROR:550 Mailbox disabled for this recipient
 
-This would prevent a recipient of badlocaluser@mydomain.com, any
-user at host.mydomain.com, and the single address
-user@otherhost.mydomain.com from receiving mail.  Please note: a
-local username must be now tagged with an @ (this is consistent
-with the check of the sender address, and hence it is possible to
-distinguish between hostnames and usernames).  Enabling this feature
-will keep you from sending mails to all addresses that have an
-error message or REJECT as value part in the access map.  Taking
-the example from above:
+This would prevent a recipient of badlocaluser in any of the local
+domains (class {w}), any user at host.my.TLD, and the single address
+user@other.my.TLD from receiving mail.  Please note: a local username
+must be now tagged with an @ (this is consistent with the check of
+the sender address, and hence it is possible to distinguish between
+hostnames and usernames).  Enabling this feature will keep you from
+sending mails to all addresses that have an error message or REJECT
+as value part in the access map.  Taking the example from above:
 
 	spammer@aol.com		REJECT
 	cyberspammer.com	REJECT
 
 Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
+That's why tagged entries should be used.
 
 There are several DNS based blacklists, the first of which was
 the RBL (``Realtime Blackhole List'') run by the MAPS project,
@@ -2533,46 +2688,12 @@ regex map:
 
 These rules are called with the original arguments of the corresponding
 check_* ruleset.  If the local ruleset returns $#OK, no further checking
-is done by the features described above and the mail is accepted.  If the
-local ruleset resolves to a mailer (such as $#error or $#discard), the
-appropriate action is taken.  Otherwise, the results of the local
-rewriting are ignored.
-
-Finer control by using tags for the LHS of the access map
----------------------------------------------------------
-
-Read this section only if the options listed so far are not sufficient
-for your purposes.  There is now the option to tag entries in the
-access map according to their type.  Three tags are available:
-
-	Connect:	connection information (${client_addr}, ${client_name})
-	From:		envelope sender
-	To:		envelope recipient
-
-If the required item is looked up in a map, it will be tried first
-with the corresponding tag in front, then (as fallback to enable
-backward compatibility) without any tag, unless the specific feature
-requires a tag.  For example,
-
-	From:spammer@some.dom	REJECT
-	To:friend.domain	RELAY
-	Connect:friend.domain	OK
-	Connect:from.domain	RELAY
-	From:good@another.dom	OK
-	From:another.dom	REJECT
-
-This would deny mails from spammer@some.dom but you could still
-send mail to that address even if FEATURE(`blacklist_recipients')
-is enabled.  Your system will allow relaying to friend.domain, but
-not from it (unless enabled by other means).  Connections from that
-domain will be allowed even if it ends up in one of the DNS based
-rejection lists.  Relaying is enabled from from.domain but not to
-it (since relaying is based on the connection information for
-outgoing relaying, the tag Connect: must be used; for incoming
-relaying, which is based on the recipient address, To: must be
-used).  The last two entries allow mails from good@another.dom but
-reject mail from all other addresses with another.dom as domain
-part.
+is done by the features described above and the mail is accepted.  If
+the local ruleset resolves to a mailer (such as $#error or $#discard),
+the appropriate action is taken.  Other results starting with $# are
+interpreted by sendmail and may lead to unspecified behavior.  Note: do
+NOT create a mailer with the name OK.  Return values that do not start
+with $# are ignored, i.e., normal processing continues.
 
 Delay all checks
 ----------------
@@ -2677,6 +2798,8 @@ to $&{currHeader}.
 2. There are no default rulesets coming with this distribution of
 sendmail.  You can either write your own or you can search the
 WWW for examples, e.g.,  http://www.digitalanswers.org/check_local/
+3. When using a default ruleset for headers, the name of the header 
+currently being checked can be found in the $&{hdr_name} macro.
 
 After all of the headers are read, the check_eoh ruleset will be called for
 any final header-related checks.  The ruleset is called with the number of
@@ -2711,6 +2834,38 @@ probably not be used in production.
 	# Otherwise, reject the mail
 	R$*			$#error $: 553 Header Error
 
+
++--------------------+
+| CONNECTION CONTROL |
++--------------------+
+
+The features ratecontrol and conncontrol allow to establish connection
+limits per client IP address or net.  These features can limit the
+rate of connections (connections per time unit) or the number of
+incoming SMTP connections, respectively.  If enabled, appropriate
+rulesets are called at the end of check_relay, i.e., after DNS
+blacklists and generic access_db operations.  The features require
+FEATURE(`access_db') to be listed earlier in the mc file.
+
+Note: FEATURE(`delay_checks') delays those connection control checks
+after a recipient address has been received, hence making these
+connection control features less useful.  To run the checks as early
+as possible, specify the parameter `nodelay', e.g.,
+
+	FEATURE(`ratecontrol', `nodelay')
+
+In that case, FEATURE(`delay_checks') has no effect on connection
+control (and it must be specified earlier in the mc file).
+
+An optional second argument `terminate' specifies whether the
+rulesets should return the error code 421 which will cause
+sendmail to terminate the session with that error if it is
+returned from check_relay, i.e., not delayed as explained in
+the previous paragraph.  Example:
+
+	FEATURE(`ratecontrol', `nodelay', `terminate')
+
+
 +----------+
 | STARTTLS |
 +----------+
@@ -2774,6 +2929,7 @@ If it is SUBJECT, the DN of the cert subject is looked up next in the
 access map using the tag CERTSUBJECT.  If the value is RELAY, relaying
 is allowed.
 
+To make things a bit more flexible (or complicated), the values for
 ${cert_issuer} and ${cert_subject} can be optionally modified by regular
 expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
 _CERT_REGEX_SUBJECT_, respectively.  To avoid problems with those macros in
@@ -2818,8 +2974,11 @@ Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org	SUBJECT
 CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
 DeathStar/Email=deathstar@endmail.org		RELAY
 
-Note: line breaks have been inserted after "CN=" for readability,
-each tagged entry must be one (long) line in the access map.
+Notes:
+- line breaks have been inserted after "CN=" for readability,
+  each tagged entry must be one (long) line in the access map.
+- if OpenSSL 0.9.7 or newer is used then the "Email=" part of a DN
+  is replaced by "emailAddress=".
 
 Of course it is also possible to write a simple ruleset that allows
 relaying for everyone who can present a cert that can be verified, e.g.,
@@ -2952,7 +3111,7 @@ R$*		$: $&{auth_type}
 R$+		$# OK
 
 which checks whether a user has successfully authenticated using
-any available mechanism.  Depending on the setup of the CYRUS SASL
+any available mechanism.  Depending on the setup of the Cyrus SASL
 library, more sophisticated rulesets might be required, e.g.,
 
 SLocal_check_rcpt
@@ -2980,6 +3139,9 @@ If the selected mechanism provides a security layer the number of
 bits used for the key of the symmetric cipher is stored in the
 macro ${auth_ssf}.
 
+Providing SMTP AUTH Data when sendmail acts as Client
+-----------------------------------------------------
+
 If sendmail acts as client, it needs some information how to
 authenticate against another MTA.  This information can be provided
 by the ruleset authinfo or by the option DefaultAuthInfo.  The
@@ -2991,6 +3153,12 @@ only performed if the access map is used; if the authinfo feature
 is used then only up to three lookups are performed (two exact
 matches, one default).
 
+Note: If your daemon does client authentication when sending, and
+if it uses either PLAIN or LOGIN authentication, then you *must*
+prevent ordinary users from seeing verbose output.  Do NOT install
+sendmail set-user-ID.  Use PrivacyOptions to turn off verbose output
+("goaway" works for this).
+
 Notice: the default configuration file causes the option DefaultAuthInfo
 to fail since the ruleset authinfo is in the .cf file. If you really
 want to use DefaultAuthInfo (it is deprecated) then you have to
@@ -3341,12 +3509,17 @@ off, do so.
 +--------------------------------+
 
 There are a large number of configuration options that don't normally
-need to be changed.  However, if you feel you need to tweak them, you
-can define the following M4 variables.  This list is shown in four
-columns:  the name you define, the default value for that definition,
-the option or macro that is affected (either Ox for an option or Dx
-for a macro), and a brief description.  Greater detail of the semantics
-can be found in the Installation and Operations Guide.
+need to be changed.  However, if you feel you need to tweak them,
+you can define the following M4 variables. Note that some of these
+variables require formats that are defined in RFC 2821 or RFC 2822.
+Before changing them you need to make sure you do not violate those
+(and other relevant) RFCs.
+
+This list is shown in four columns:  the name you define, the default
+value for that definition, the option or macro that is affected
+(either Ox for an option or Dx for a macro), and a brief description.
+Greater detail of the semantics can be found in the Installation
+and Operations Guide.
 
 Some options are likely to be deprecated in future versions -- that is,
 the option is only included to provide back-compatibility.  These are
@@ -3358,7 +3531,7 @@ be ``double quoted, like this phrase'' to avoid having the comma
 confuse things.  This is common for alias file definitions and for
 the read timeout.
 
-M4 Variable Name	Configuration	Description & [Default]
+M4 Variable Name	Configuration	[Default] & Description
 ================	=============	=======================
 confMAILER_NAME		$n macro	[MAILER-DAEMON] The sender name used
 					for internally generated outgoing
@@ -3387,6 +3560,9 @@ confRECEIVED_HEADER	Received:
 					The format of the Received: header
 					in messages passed through this host.
 					It is unwise to try to change this.
+confMESSAGEID_HEADER	Message-Id:	[<$t.$i@$j>] The format of an
+					internally generated Message-Id:
+					header.
 confCW_FILE		Fw class	[/etc/mail/local-host-names] Name
 					of file used to get the local
 					additions to class {w} (local host
@@ -3590,6 +3766,10 @@ confTO_QUEUERETURN_NONURGENT
 			Timeout.queuereturn.non-urgent
 					[undefined] As above, for non-urgent
 					(low) priority messages.
+confTO_QUEUERETURN_DSN
+			Timeout.queuereturn.dsn
+					[undefined] As above, for delivery
+					status notification messages.
 confTO_QUEUEWARN	Timeout.queuewarn
 					[4h] The timeout before a warning
 					message is sent to the sender telling
@@ -3605,6 +3785,10 @@ confTO_QUEUEWARN_NONURGENT
 			Timeout.queuewarn.non-urgent
 					[undefined] As above, for non-urgent
 					(low) priority messages.
+confTO_QUEUEWARN_DSN
+			Timeout.queuewarn.dsn
+					[undefined] As above, for delivery
+					status notification messages.
 confTO_HOSTSTATUS	Timeout.hoststatus
 					[30m] How long information about host
 					statuses will be maintained before it
@@ -3653,6 +3837,8 @@ confUSERDB_SPEC		UserDatabaseSpec
 					[undefined] User database
 					specification.
 confFALLBACK_MX		FallbackMXhost	[undefined] Fallback MX host.
+confFALLBACK_SMARTHOST	FallbackSmartHost
+					[undefined] Fallback smart host.
 confTRY_NULL_MX_LIST	TryNullMXList	[False] If this host is the best MX
 					for a host and other arrangements
 					haven't been made, try connecting
@@ -3670,6 +3856,8 @@ confREFUSE_LA		RefuseLA	[varies] Load average at which
 					numproc) where numproc is the
 					number of processors online (if
 					that can be determined).
+confREJECT_LOG_INTERVAL	RejectLogInterval	[3h] Log interval when
+					refusing connections for this long.
 confDELAY_LA		DelayLA		[0] Load average at which sendmail
 					will sleep for one second on most
 					SMTP commands and before accepting
@@ -3688,7 +3876,6 @@ confMAX_HEADERS_LENGTH	MaxHeadersLength
 confMAX_MIME_HEADER_LENGTH  MaxMimeHeaderLength
 					[undefined] Maximum length of
 					certain MIME header field values.
-					If not set, sendmail uses 2048/1024.
 confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
 					[undefined] The maximum number of
 					connections permitted per second per
@@ -3696,6 +3883,10 @@ confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
 					are accepted, further connections
 					will be delayed.  If not set or <= 0,
 					there is no limit.
+confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize
+					[60s] Define the length of the
+					interval for which the number of
+					incoming connections is maintained.
 confWORK_RECIPIENT_FACTOR
 			RecipientFactor	[30000] Cost of each recipient.
 confSEPARATE_PROC	ForkEachJob	[False] Run all deliveries in a
@@ -3768,7 +3959,7 @@ confMAX_QUEUE_CHILDREN	MaxQueueChildren
 					of concurrent queue runners active.
 					This is to keep system resources used
 					within a reasonable limit.  Relates to
-					Queue Groups and ForkAllJobs.
+					Queue Groups and ForkEachJob.
 confMAX_RUNNERS_PER_QUEUE	MaxRunnersPerQueue
 					[1] Only active when MaxQueueChildren
 					defined.  Controls the maximum number
@@ -3909,7 +4100,11 @@ confAUTH_MECHANISMS	AuthMechanisms	[GSSAPI KERBEROS_V4 DIGEST-MD5
 					authentication mechanisms will be the
 					intersection of this list and the list
 					of available mechanisms as determined
-					by the CYRUS SASL library.
+					by the Cyrus SASL library.
+confAUTH_REALM		AuthRealm	[undefined] The authentication realm
+					that is passed to the Cyrus SASL
+					library.  If no realm is specified,
+					$j is used.
 confDEF_AUTH_INFO	DefaultAuthInfo	[undefined] Name of file that contains
 					authentication information for
 					outgoing connections.  This file must
@@ -3973,6 +4168,10 @@ confCLIENT_CERT		ClientCertFile	[undefined] File containing the
 confCLIENT_KEY		ClientKeyFile	[undefined] File containing the
 					private key belonging to the client
 					cert.
+confCRL			CRLFile		[undefined] File containing certificate
+					revocation status, useful for X.509v3
+					authentication. Note that CRL requires
+					at least OpenSSL version 0.9.7.
 confDH_PARAMETERS	DHParameters	[undefined] File containing the
 					DH parameters.
 confRAND_FILE		RandFile	[undefined] File containing random
@@ -3992,6 +4191,10 @@ confUSE_MSP		UseMSP		[false] Use as mail submission
 					program, see sendmail/SECURITY.
 confDELIVER_BY_MIN	DeliverByMin	[0] Minimum time for Deliver By
 					SMTP Service Extension (RFC 2852).
+confREQUIRES_DIR_FSYNC	RequiresDirfsync	[true] RequiresDirfsync can
+					be used to turn off the compile time
+					flag REQUIRES_DIR_FSYNC at runtime.
+					See sendmail/README for details.
 confSHARED_MEMORY_KEY	SharedMemoryKey [0] Key for shared memory.
 confFAST_SPLIT		FastSplit	[1] If set to a value greater than
 					zero, the initial MX lookups on
@@ -4035,6 +4238,9 @@ confMILTER_MACROS_ENVRCPT	Milter.macros.envrcpt
 					[{rcpt_mailer}, {rcpt_host},
 					{rcpt_addr}] Macros to transmit to
 					milters after RCPT TO command.
+confMILTER_MACROS_EOM		Milter.macros.eom
+					[{msg_id}] Macros to transmit to
+					milters after DATA command.
 
 
 See also the description of OSTYPE for some parameters that can be
@@ -4177,6 +4383,12 @@ adding the following to your sendmail.mc file:
 	R$*	$: $&{auth_authen}
 	Rsmmsp	$# OK
 
+Note: the authentication data can leak to local users who invoke
+the MSP with debug options or even with -v.  For that reason either
+an authentication mechanism that does not show the password in the
+AUTH dialogue (e.g., DIGEST-MD5) or a different authentication
+method like STARTTLS should be used.
+
 feature/msp.m4 defines almost all settings for the MSP.  Most of
 those should not be changed at all.  Some of the features and options
 can be overridden if really necessary.  It is a bit tricky to do
@@ -4375,4 +4587,4 @@ M4 DIVERSIONS
    8	DNS based blacklists
    9	special local rulesets (1 and 2)
 
-$Revision: 8.623.2.27 $, Last updated $Date: 2004/01/11 17:58:25 $
+$Revision: 8.691 $, Last updated $Date: 2004/07/19 17:47:34 $
diff --git a/contrib/sendmail/cf/cf/Makefile b/contrib/sendmail/cf/cf/Makefile
index 9a69a18..04d5eee 100644
--- a/contrib/sendmail/cf/cf/Makefile
+++ b/contrib/sendmail/cf/cf/Makefile
@@ -1,7 +1,7 @@
 #
 #  Makefile for configuration files.
 #
-#	$Id: Makefile,v 8.56 2001/12/13 23:56:37 gshapiro Exp $
+#	$Id: Makefile,v 8.58 2003/10/20 22:01:00 ca Exp $
 #
 
 #
@@ -19,6 +19,8 @@ SUBMIT=	submit
 MAILDIR=/etc/mail
 M4=	m4
 CFDIR=	..
+SED=  sed
+ECHO= echo
 CHMOD=	chmod
 ROMODE=	444
 RM=	rm -f
@@ -35,6 +37,8 @@ CFMODE=0444
 .mc.cf:
 	$(RM) $@
 	$(M4) ${CFDIR}/m4/cf.m4 $*.mc > $@ || ( $(RM) $@ && exit 1 )
+	$(ECHO) "### $*.mc ###" >>$@
+	$(SED) -e 's/^/# /' $*.mc >>$@
 	$(CHMOD) $(ROMODE) $@
 
 GENERIC=generic-bsd4.4.cf generic-hpux9.cf generic-hpux10.cf \
@@ -99,6 +103,7 @@ M4FILES=\
 	${CFDIR}/feature/bestmx_is_local.m4 \
 	${CFDIR}/feature/bitdomain.m4 \
 	${CFDIR}/feature/blacklist_recipients.m4 \
+	${CFDIR}/feature/conncontrol.m4 \
 	${CFDIR}/feature/dnsbl.m4 \
 	${CFDIR}/feature/domaintable.m4 \
 	${CFDIR}/feature/generics_entire_domain.m4 \
@@ -113,12 +118,12 @@ M4FILES=\
 	${CFDIR}/feature/masquerade_envelope.m4 \
 	${CFDIR}/feature/no_default_msa.m4 \
 	${CFDIR}/feature/nocanonify.m4 \
-	${CFDIR}/feature/nodns.m4 \
 	${CFDIR}/feature/notsticky.m4 \
 	${CFDIR}/feature/nouucp.m4 \
 	${CFDIR}/feature/nullclient.m4 \
 	${CFDIR}/feature/promiscuous_relay.m4 \
 	${CFDIR}/feature/redirect.m4 \
+	${CFDIR}/feature/ratecontrol.m4 \
 	${CFDIR}/feature/relay_based_on_MX.m4 \
 	${CFDIR}/feature/relay_entire_domain.m4 \
 	${CFDIR}/feature/relay_hosts_only.m4 \
diff --git a/contrib/sendmail/cf/cf/knecht.mc b/contrib/sendmail/cf/cf/knecht.mc
index 6c370fd..98dbef9 100644
--- a/contrib/sendmail/cf/cf/knecht.mc
+++ b/contrib/sendmail/cf/cf/knecht.mc
@@ -19,16 +19,15 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`$Id: knecht.mc,v 8.55 2001/08/01 22:20:40 eric Exp $')
+VERSIONID(`$Id: knecht.mc,v 8.58 2004/01/28 00:54:41 eric Exp $')
 OSTYPE(bsd4.4)
 DOMAIN(generic)
 
-define(`ALIAS_FILE', ``/etc/mail/aliases, /var/listmanager/aliases'')
+define(`ALIAS_FILE', ``/etc/mail/aliases, /etc/mail/lists/sendmail.org/aliases, /var/listmanager/aliases'')
 define(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward+$h:$z/.forward')
 define(`confDEF_USER_ID', `mailnull')
 define(`confHOST_STATUS_DIRECTORY', `.hoststat')
 define(`confTO_ICONNECT', `10s')
-define(`confCOPY_ERRORS_TO', `Postmaster')
 define(`confTO_QUEUEWARN', `8h')
 define(`confMIN_QUEUE_AGE', `27m')
 define(`confTRUSTED_USERS', ``www listmgr'')
@@ -42,9 +41,12 @@ define(`confSERVER_KEY', `CERT_DIR/MYkey.pem')
 define(`confCLIENT_CERT', `CERT_DIR/MYcert.pem')
 define(`confCLIENT_KEY', `CERT_DIR/MYkey.pem')
 
+define(`CYRUS_MAILER_PATH', `/usr/local/cyrus/bin/deliver')
+
 FEATURE(access_db)
 FEATURE(local_lmtp)
 FEATURE(virtusertable)
+FEATURE(mailertable)
 
 FEATURE(`nocanonify', `canonify_hosts')
 CANONIFY_DOMAIN(`sendmail.org')
@@ -61,8 +63,17 @@ define(`confFAST_SPLIT', `10')
 dnl #  10 runners, split into at most 15 recipients per envelope
 QUEUE_GROUP(`mqueue', `P=/var/spool/mqueue, R=5, r=15, F=f')
 
+
+dnl # enable spam assassin
+INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')
+
 MAILER(local)
 MAILER(smtp)
+MAILER(cyrus)
+
+LOCAL_RULE_0
+Rcyrus.$+ + $+ < @ $=w . >	$#cyrus $@ $2 $: $1
+Rcyrus.$+ < @ $=w . >		$#cyrus $: $1
 
 LOCAL_CONFIG
 #
@@ -73,6 +84,7 @@ LOCAL_CONFIG
 Kcheckaddress regex -a@MATCH
    ^([0-9]+<@(aol|msn)\.com|[0-9][^<]*<@juno\.com)\.?>
 
+######################################################################
 #
 #  Names that won't be allowed in a To: line (local-part and domains)
 #
@@ -86,18 +98,42 @@ SCheckTo
 R$={RejectToLocalparts}@$*	$#error $: "553 Header error"
 R$*@$={RejectToDomains}		$#error $: "553 Header error"
 
+######################################################################
 HMessage-Id: $>CheckMessageId
 
 SCheckMessageId
+# Record the presence of the header
+R$*			$: $(storage {MessageIdCheck} $@ OK $) $1
+
+# validate syntax
 R< $+ @ $+ >			$@ OK
 R$*				$#error $: "554 Header error"
 
+
+######################################################################
 HReceived: $>CheckReceived
 
 SCheckReceived
+# Record the presence of any Received header
+R$*			$: $(storage {ReceivedCheck} $@ OK $) $1
+
+# check syntax
 R$* ......................................................... $*
 				$#error $: "554 Header error"
 
+######################################################################
+#
+#  Reject advertising subjects
+#
+
+Kadvsubj regex -b -a@MATCH �?��
+HSubject: $>+CheckSubject
+SCheckSubject
+R$*			$: $(advsubj $&{currHeader} $: OK $)
+ROK			$@ OK
+R$*			$#error $@ 5.7.0 $: 550 5.7.0 spam rejected.
+
+######################################################################
 #
 # Reject certain senders
 #	Regex match to catch things in quotes
@@ -159,13 +195,65 @@ LOCAL_RULESETS
 KSirCamWormMarker regex -f -aSUSPECT multipart/mixed;boundary=----.+_Outlook_Express_message_boundary
 HContent-Type:		$>CheckContentType
 
+######################################################################
 SCheckContentType
 R$+			$: $(SirCamWormMarker $1 $)
 RSUSPECT		$#error $: "553 Possible virus, see http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html"
 
 HContent-Disposition:	$>CheckContentDisposition
 
+######################################################################
 SCheckContentDisposition
 R$-			$@ OK
 R$- ; $+		$@ OK
 R$*			$#error $: "553 Illegal Content-Disposition"
+
+
+#
+#  Sobig.F
+#
+
+LOCAL_CONFIG
+Kstorage macro
+
+LOCAL_RULESETS
+######################################################################
+### check for the existance of the X-MailScanner Header
+HX-MailScanner:		$>+CheckXMSc
+D{SobigFPat}Found to be clean
+D{SobigFMsg}This message may contain the Sobig.F virus.
+
+SCheckXMSc
+### if it exists, and the defined value is set, record the presence
+R${SobigFPat} $*	$: $(storage {SobigFCheck} $@ SobigF $) $1
+R$*			$@ OK
+
+######################################################################
+Scheck_eoh
+# Check if a Message-Id was found
+R$*			$: < $&{MessageIdCheck} >
+
+# If Message-Id was found clear the X-MailScanner store and return with OK
+R< $+ >			$@ OK $>ClearStorage
+
+# Are we the first Hop?
+R$*			$: < $&{ReceivedCheck} >
+R< $+ >			$@ OK $>ClearStorage
+
+# no Message-Id->check X-Mailscanner presence, too
+R$*			$: < $&{SobigFCheck} >
+
+# clear store
+R$*			$: $>ClearStorage $1
+# no msgid, first hop and Header found? -> reject the message
+R < SobigF >		$#error $: 553 ${SobigFMsg}
+
+# No Header! Fine, take the message
+R$*			$@ OK
+
+######################################################################
+SClearStorage
+R$*			$: $(storage {SobigFCheck} $) $1
+R$*			$: $(storage {ReceivedCheck} $) $1
+R$*			$: $(storage {MessageIdCheck} $) $1
+R$*			$@ $1
diff --git a/contrib/sendmail/cf/cf/submit.cf b/contrib/sendmail/cf/cf/submit.cf
index cb9f8c7..ee9ae09 100644
--- a/contrib/sendmail/cf/cf/submit.cf
+++ b/contrib/sendmail/cf/cf/submit.cf
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
 #	All rights reserved.
 # Copyright (c) 1983, 1995 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
@@ -16,6 +16,9 @@
 #####
 #####		SENDMAIL CONFIGURATION FILE
 #####
+##### built by ca@wiz.smi.sendmail.com on Fri Jul 30 11:06:26 PDT 2004
+##### in /extra/home/ca/sm-8.13.1/OpenSource/sendmail-8.13.1/cf/cf
+##### using ../ as configuration include directory
 #####
 ######################################################################
 #####
@@ -24,15 +27,15 @@
 ######################################################################
 ######################################################################
 
-#####  $Id: cfhead.m4,v 8.108.2.6 2003/12/05 02:26:47 ca Exp $  #####
+#####  $Id: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $  #####
 #####  $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $  #####
-#####  $Id: submit.mc,v 8.6.2.7 2003/09/10 22:11:56 ca Exp $  #####
-#####  $Id: msp.m4,v 1.32 2002/03/26 22:02:03 ca Exp $  #####
+#####  $Id: submit.mc,v 8.13 2003/09/10 22:12:48 ca Exp $  #####
+#####  $Id: msp.m4,v 1.33 2004/02/09 22:32:38 ca Exp $  #####
 
 #####  $Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $  #####
 
 
-#####  $Id: proto.m4,v 8.649.2.30 2004/01/11 17:54:06 ca Exp $  #####
+#####  $Id: proto.m4,v 8.710 2004/07/27 17:32:48 ca Exp $  #####
 
 # level 10 config file format
 V10/Berkeley
@@ -111,7 +114,7 @@ D{MTAHost}[127.0.0.1]
 
 
 # Configuration version number
-DZ8.12.11/Submit
+DZ8.13.1/Submit
 
 
 ###############
@@ -134,7 +137,7 @@ O AliasWait=10
 O MinFreeBlocks=100
 
 # maximum message size
-#O MaxMessageSize=1000000
+#O MaxMessageSize=0
 
 # substitution for space (blank) characters
 O BlankSub=.
@@ -277,19 +280,19 @@ O QueueDirectory=/var/spool/clientmqueue
 #O Timeout.quit=2m
 #O Timeout.misc=2m
 #O Timeout.command=1h
-O Timeout.ident=0
+#O Timeout.ident=5s
 #O Timeout.fileopen=60s
 #O Timeout.control=2m
 O Timeout.queuereturn=5d
 #O Timeout.queuereturn.normal=5d
 #O Timeout.queuereturn.urgent=2d
 #O Timeout.queuereturn.non-urgent=7d
-
+#O Timeout.queuereturn.dsn=5d
 O Timeout.queuewarn=4h
 #O Timeout.queuewarn.normal=4h
 #O Timeout.queuewarn.urgent=1h
 #O Timeout.queuewarn.non-urgent=12h
-
+#O Timeout.queuewarn.dsn=4h
 #O Timeout.hoststatus=30m
 #O Timeout.resolver.retrans=5s
 #O Timeout.resolver.retrans.first=5s
@@ -328,6 +331,9 @@ O TimeZoneSpec=
 # fallback MX host
 #O FallbackMXhost=fall.back.host.net
 
+# fallback smart host
+#O FallbackSmartHost=fall.back.host.net
+
 # if we are the best MX host for a site, try it directly instead of config err
 #O TryNullMXList=False
 
@@ -337,6 +343,9 @@ O TimeZoneSpec=
 # load average at which we refuse connections
 #O RefuseLA=12
 
+# log interval when refusing connections for this long
+#O RejectLogInterval=3h
+
 # load average at which we delay connections; 0 means no limit
 #O DelayLA=0
 
@@ -346,6 +355,9 @@ O TimeZoneSpec=
 # maximum number of new connections per second
 #O ConnectionRateThrottle=0
 
+# Width of the window 
+#O ConnectionRateWindowSize=60s
+
 # work recipient factor
 #O RecipientFactor=30000
 
@@ -418,11 +430,11 @@ O DontInitGroups=True
 O RunAsUser=smmsp
 
 # maximum number of recipients per SMTP envelope
-#O MaxRecipientsPerMessage=100
+#O MaxRecipientsPerMessage=0
 
 # limit the rate recipients per SMTP envelope are accepted
 # once the threshold number of recipients have been rejected
-#O BadRcptThrottle=20
+#O BadRcptThrottle=0
 
 # shall we get local names from our installed interfaces?
 O DontProbeInterfaces=True
@@ -440,7 +452,7 @@ O TrustedUser=smmsp
 #O ControlSocketName=/var/spool/mqueue/.control
 
 # Maximum MIME header length to protect MUAs
-#O MaxMimeHeaderLength=2048/1024
+#O MaxMimeHeaderLength=0/0
 
 # Maximum length of the sum of all headers
 #O MaxHeadersLength=32768
@@ -463,9 +475,15 @@ O PidFile=/var/spool/clientmqueue/sm-client.pid
 # lookup type to find information about local mailboxes
 #O MailboxDatabase=pw
 
+# override compile time flag REQUIRES_DIR_FSYNC
+#O RequiresDirfsync=true
+
 # list of authentication mechanisms
 #O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
 
+# Authentication realm
+#O AuthRealm
+
 # default authentication information for outgoing connections
 #O DefaultAuthInfo=/etc/mail/default-auth-info
 
@@ -494,6 +512,8 @@ O PidFile=/var/spool/clientmqueue/sm-client.pid
 #O ClientCertFile
 # Client private key
 #O ClientKeyFile
+# File containing certificate revocation lists 
+#O CRLFile
 # DHParameters (only required if DSA/DH is used)
 #O DHParameters
 # Random data source (required for systems without /dev/urandom under OpenSSL)
@@ -944,6 +964,8 @@ R<$+> $*			$@ $2
 ###  check_relay -- check hostname/address on SMTP startup
 ######################################################################
 
+
+
 SLocal_check_relay
 Scheck_relay
 R$*			$: $1 $| $>"Local_check_relay" $1
@@ -1086,6 +1108,7 @@ R$+ < @ $* $=R >	$@ RELAY
 
 
 
+
 # check for local user (i.e. unqualified address)
 R$*			$: <?> $1
 R<?> $* < @ $+ >	$: <REMOTE> $1 < @ $2 >
@@ -1111,7 +1134,7 @@ R$=w			$@ RELAY		... and see if it is local
 
 # check client name: first: did it resolve?
 R$*			$: < $&{client_resolve} >
-R<TEMP>			$#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
+R<TEMP>			$#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
 R<FORGED>		$#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
 R<FAIL>			$#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
 R$*			$: <@> $&{client_name}
@@ -1151,6 +1174,28 @@ R$*			$#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{au
 ######################################################################
 SLocal_Relay_Auth
 
+######################################################################
+###  srv_features: which features to offer to a client?
+###	(done in server)
+######################################################################
+Ssrv_features
+
+
+######################################################################
+###  try_tls: try to use STARTTLS?
+###	(done in client)
+######################################################################
+Stry_tls
+
+
+######################################################################
+###  tls_rcpt: is connection with server "good" enough?
+###	(done in client, per recipient)
+###
+###	Parameters:
+###		$1: recipient
+######################################################################
+Stls_rcpt
 
 
 ######################################################################
@@ -1205,6 +1250,10 @@ Sauthinfo
 
 
 
+
+
+
+
 SLocal_localaddr
 R$+			$: $>ParseRecipient $1
 R$* < @ $+ > $*		$#relay $@ ${MTAHost} $: $1 < @ $2 > $3
@@ -1374,3 +1423,30 @@ Mrelay,		P=[IPC], F=mDFMuXa8k, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=
 		T=DNS/RFC822/SMTP,
 		A=TCP $h
 
+### submit.mc ###
+# divert(-1)
+# #
+# # Copyright (c) 2001-2003 Sendmail, Inc. and its suppliers.
+# #	All rights reserved.
+# #
+# # By using this file, you agree to the terms and conditions set
+# # forth in the LICENSE file which can be found at the top level of
+# # the sendmail distribution.
+# #
+# #
+# 
+# #
+# #  This is the prototype file for a set-group-ID sm-msp sendmail that
+# #  acts as a initial mail submission program.
+# #
+# 
+# divert(0)dnl
+# VERSIONID(`$Id: submit.mc,v 8.13 2003/09/10 22:12:48 ca Exp $')
+# define(`confCF_VERSION', `Submit')dnl
+# define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
+# define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
+# define(`confTIME_ZONE', `USE_TZ')dnl
+# define(`confDONT_INIT_GROUPS', `True')dnl
+# dnl
+# dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
+# FEATURE(`msp', `[127.0.0.1]')dnl
diff --git a/contrib/sendmail/cf/cf/submit.mc b/contrib/sendmail/cf/cf/submit.mc
index 26393c3..610bbef 100644
--- a/contrib/sendmail/cf/cf/submit.mc
+++ b/contrib/sendmail/cf/cf/submit.mc
@@ -15,7 +15,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`$Id: submit.mc,v 8.6.2.7 2003/09/10 22:11:56 ca Exp $')
+VERSIONID(`$Id: submit.mc,v 8.13 2003/09/10 22:12:48 ca Exp $')
 define(`confCF_VERSION', `Submit')dnl
 define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
 define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
diff --git a/contrib/sendmail/cf/feature/access_db.m4 b/contrib/sendmail/cf/feature/access_db.m4
index 796cc13..5488a45 100644
--- a/contrib/sendmail/cf/feature/access_db.m4
+++ b/contrib/sendmail/cf/feature/access_db.m4
@@ -1,6 +1,6 @@
 divert(-1)
 #
-# Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2002, 2004 Sendmail, Inc. and its suppliers.
 #	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
@@ -10,7 +10,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`$Id: access_db.m4,v 8.24 2002/03/06 21:50:25 ca Exp $')
+VERSIONID(`$Id: access_db.m4,v 8.26 2004/06/24 18:10:02 ca Exp $')
 divert(-1)
 
 define(`_ACCESS_TABLE_', `')
@@ -33,9 +33,12 @@ ifelse(defn(`_ARG_'), `', `',
       ')
     ')
   ')
+ifdef(`_GREET_PAUSE_',
+	`errprint(`*** WARNING: FEATURE(`greet_pause') before FEATURE(`access_db')
+	greet_pause will not use access_db!')')
 
 LOCAL_CONFIG
 # Access list database (for spam stomping)
 Kaccess ifelse(defn(`_ARG_'), `', DATABASE_MAP_TYPE -T`'_ATMPF_ MAIL_SETTINGS_DIR`access',
-	       defn(`_ARG_'), `LDAP', `ldap -T`'_ATMPF_ -1 -v sendmailMTAMapValue -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=access)(sendmailMTAKey=%0))',
+	       defn(`_ARG_'), `LDAP', `ldap -T`'_ATMPF_ -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=access)(sendmailMTAKey=%0))',
 	       defn(`_NARG_'), `', `_ARG_', `_NARG_')
diff --git a/contrib/sendmail/cf/feature/authinfo.m4 b/contrib/sendmail/cf/feature/authinfo.m4
index 3533d30..99dd6e9 100644
--- a/contrib/sendmail/cf/feature/authinfo.m4
+++ b/contrib/sendmail/cf/feature/authinfo.m4
@@ -1,6 +1,6 @@
 divert(-1)
 #
-# Copyright (c) 2000-2001 Sendmail, Inc. and its suppliers.
+# Copyright (c) 2000-2002 Sendmail, Inc. and its suppliers.
 #	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
@@ -10,7 +10,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`$Id: authinfo.m4,v 1.7 2001/03/16 00:51:25 gshapiro Exp $')
+VERSIONID(`$Id: authinfo.m4,v 1.9 2002/06/27 23:23:57 gshapiro Exp $')
 divert(-1)
 
 define(`_AUTHINFO_TABLE_', `')
@@ -18,5 +18,5 @@ define(`_AUTHINFO_TABLE_', `')
 LOCAL_CONFIG
 # authinfo list database: contains info for authentication as client
 Kauthinfo ifelse(defn(`_ARG_'), `', DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`authinfo',
-		 defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=authinfo)(sendmailMTAKey=%0))',
+		 defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=authinfo)(sendmailMTAKey=%0))',
 		 `_ARG_')
diff --git a/contrib/sendmail/cf/feature/bitdomain.m4 b/contrib/sendmail/cf/feature/bitdomain.m4
index 3232be8..2ff3fa6 100644
--- a/contrib/sendmail/cf/feature/bitdomain.m4
+++ b/contrib/sendmail/cf/feature/bitdomain.m4
@@ -1,6 +1,6 @@
 divert(-1)
 #
-# Copyright (c) 1998, 1999, 2001 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998, 1999, 2001-2002 Sendmail, Inc. and its suppliers.
 #	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
@@ -13,7 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`$Id: bitdomain.m4,v 8.28 2001/03/16 00:51:25 gshapiro Exp $')
+VERSIONID(`$Id: bitdomain.m4,v 8.30 2002/06/27 23:23:57 gshapiro Exp $')
 divert(-1)
 
 define(`_BITDOMAIN_TABLE_', `')
@@ -21,5 +21,5 @@ define(`_BITDOMAIN_TABLE_', `')
 LOCAL_CONFIG
 # BITNET mapping table
 Kbitdomain ifelse(defn(`_ARG_'), `', DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`bitdomain',
-		  defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=bitdomain)(sendmailMTAKey=%0))',
+		  defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=bitdomain)(sendmailMTAKey=%0))',
 		  `_ARG_')
diff --git a/contrib/sendmail/cf/feature/conncontrol.m4 b/contrib/sendmail/cf/feature/conncontrol.m4
new file mode 100644
index 0000000..87c23b0
--- /dev/null
+++ b/contrib/sendmail/cf/feature/conncontrol.m4
@@ -0,0 +1,36 @@
+divert(-1)
+#
+# Copyright (c) 2003, 2004 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: conncontrol.m4,v 1.4 2004/02/19 21:31:47 ca Exp $')
+
+divert(-1)
+ifdef(`_ACCESS_TABLE_', `
+	define(`_CONN_CONTROL_', `1')
+	ifelse(defn(`_ARG_'), `', `',
+		strcasecmp(defn(`_ARG_'), `nodelay'), `1',
+		`ifdef(`_DELAY_CHECKS_',
+			`
+			define(`_CONN_CONTROL_IMMEDIATE_', `1')
+			define(`_CONTROL_IMMEDIATE_', `1')
+			',
+			`errprint(`*** ERROR: FEATURE(`conncontrol', `nodelay') requires FEATURE(`delay_checks')')'
+		)',
+		`errprint(`*** ERROR: unknown parameter '"defn(`_ARG_')"` for FEATURE(`conncontrol')')')
+	define(`_FFR_SRCHLIST_A', `1')
+	ifelse(len(X`'_ARG2_), `1', `',
+		_ARG2_, `terminate', `define(`_CONN_CONTROL_REPLY', `421')',
+		`errprint(`*** ERROR: FEATURE(`conncontrol'): unknown argument '"_ARG2_"
+)'
+		)
+	', `errprint(`*** ERROR: FEATURE(`conncontrol') requires FEATURE(`access_db')
+')')
+ifdef(`_CONN_CONTROL_REPLY',,`define(`_CONN_CONTROL_REPLY', `452')')
diff --git a/contrib/sendmail/cf/feature/dnsbl.m4 b/contrib/sendmail/cf/feature/dnsbl.m4
index 7389646..c560586 100644
--- a/contrib/sendmail/cf/feature/dnsbl.m4
+++ b/contrib/sendmail/cf/feature/dnsbl.m4
@@ -9,11 +9,10 @@ divert(-1)
 #
 #
 
-dnl 8.13: ifdef(`DNSBL_MAP', `', `define(`DNSBL_MAP', `dns -R A')')
-ifdef(`DNSBL_MAP', `', `define(`DNSBL_MAP', `host')')
+ifdef(`DNSBL_MAP', `', `define(`DNSBL_MAP', `dns -R A')')
 divert(0)
 ifdef(`_DNSBL_R_',`dnl',`dnl
-VERSIONID(`$Id: dnsbl.m4,v 8.28 2002/05/19 21:22:40 gshapiro Exp $')
+VERSIONID(`$Id: dnsbl.m4,v 8.29 2002/08/09 21:02:08 ca Exp $')
 define(`_DNSBL_R_',`')
 LOCAL_CONFIG
 # map for DNS based blacklist lookups
diff --git a/contrib/sendmail/cf/feature/domaintable.m4 b/contrib/sendmail/cf/feature/domaintable.m4
index b04b497..fadf816 100644
--- a/contrib/sendmail/cf/feature/domaintable.m4
+++ b/contrib/sendmail/cf/feature/domaintable.m4
@@ -1,6 +1,6 @@
 divert(-1)
 #
-# Copyright (c) 1998, 1999, 2001 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998, 1999, 2001-2002 Sendmail, Inc. and its suppliers.
 #	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
@@ -13,7 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`$Id: domaintable.m4,v 8.22 2001/03/16 00:51:25 gshapiro Exp $')
+VERSIONID(`$Id: domaintable.m4,v 8.24 2002/06/27 23:23:57 gshapiro Exp $')
 divert(-1)
 
 define(`_DOMAIN_TABLE_', `')
@@ -21,5 +21,5 @@ define(`_DOMAIN_TABLE_', `')
 LOCAL_CONFIG
 # Domain table (adding domains)
 Kdomaintable ifelse(defn(`_ARG_'), `', DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`domaintable',
-		    defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=domain)(sendmailMTAKey=%0))',
+		    defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=domain)(sendmailMTAKey=%0))',
 		    `_ARG_')
diff --git a/contrib/sendmail/cf/feature/genericstable.m4 b/contrib/sendmail/cf/feature/genericstable.m4
index c20022a..dfdfeac 100644
--- a/contrib/sendmail/cf/feature/genericstable.m4
+++ b/contrib/sendmail/cf/feature/genericstable.m4
@@ -1,6 +1,6 @@
 divert(-1)
 #
-# Copyright (c) 1998, 1999, 2001 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998, 1999, 2001-2002 Sendmail, Inc. and its suppliers.
 #	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
@@ -13,7 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`$Id: genericstable.m4,v 8.21 2001/03/16 00:51:26 gshapiro Exp $')
+VERSIONID(`$Id: genericstable.m4,v 8.23 2002/06/27 23:23:57 gshapiro Exp $')
 divert(-1)
 
 define(`_GENERICS_TABLE_', `')
@@ -21,5 +21,5 @@ define(`_GENERICS_TABLE_', `')
 LOCAL_CONFIG
 # Generics table (mapping outgoing addresses)
 Kgenerics ifelse(defn(`_ARG_'), `', DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`genericstable',
-		 defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=generics)(sendmailMTAKey=%0))',
+		 defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=generics)(sendmailMTAKey=%0))',
 		 `_ARG_')
diff --git a/contrib/sendmail/cf/feature/greet_pause.m4 b/contrib/sendmail/cf/feature/greet_pause.m4
new file mode 100644
index 0000000..1dddb58
--- /dev/null
+++ b/contrib/sendmail/cf/feature/greet_pause.m4
@@ -0,0 +1,44 @@
+divert(-1)
+#
+# Copyright (c) 2004 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: greet_pause.m4,v 1.4 2004/07/06 20:49:51 ca Exp $')
+divert(-1)
+
+ifelse(len(X`'_ARG_),`1',`ifdef(`_ACCESS_TABLE_', `',
+	`errprint(`*** ERROR: FEATURE(`greet_pause') requires FEATURE(`access_db')
+')')')
+
+define(`_GREET_PAUSE_', `')
+
+LOCAL_RULESETS
+######################################################################
+###  greet_pause: lookup pause time before 220 greeting
+###
+###	Parameters:
+###		$1: {client_name}
+###		$2: {client_addr}
+######################################################################
+SLocal_greet_pause
+Sgreet_pause
+R$*			$: <$1><?> $| $>"Local_greet_pause" $1
+R<$*><?> $| $#$*	$#$2
+R<$*><?> $| $*		$: $1
+ifdef(`_ACCESS_TABLE_', `dnl
+R$+ $| $+		$: $>D < $1 > <?> <! GreetPause> < $2 >
+R   $| $+		$: $>A < $1 > <?> <! GreetPause> <>	empty client_name
+R<?> <$+>		$: $>A < $1 > <?> <! GreetPause> <>	no: another lookup
+ifelse(len(X`'_ARG_),`1',
+`R<?> <$*>		$@',
+`R<?> <$*>		$# _ARG_')
+R<$* <TMPF>> <$*>	$@
+R<$+> <$*>		$# $1',`dnl
+R$*			$# _ARG_')
diff --git a/contrib/sendmail/cf/feature/ldap_routing.m4 b/contrib/sendmail/cf/feature/ldap_routing.m4
index 72a6e26..ad7f142 100644
--- a/contrib/sendmail/cf/feature/ldap_routing.m4
+++ b/contrib/sendmail/cf/feature/ldap_routing.m4
@@ -1,6 +1,6 @@
 divert(-1)
 #
-# Copyright (c) 1999-2002 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1999-2002, 2004 Sendmail, Inc. and its suppliers.
 #	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
@@ -10,24 +10,31 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`$Id: ldap_routing.m4,v 8.10 2002/03/27 22:17:43 ca Exp $')
+VERSIONID(`$Id: ldap_routing.m4,v 8.14 2004/02/18 02:45:11 gshapiro Exp $')
 divert(-1)
 
 # Check first two arguments.  If they aren't set, may need to warn in proto.m4
 ifelse(len(X`'_ARG1_), `1', `define(`_LDAP_ROUTING_WARN_', `yes')')
 ifelse(len(X`'_ARG2_), `1', `define(`_LDAP_ROUTING_WARN_', `yes')')
+ifelse(len(X`'_ARG5_), `1', `', `define(`_LDAP_ROUTE_NODOMAIN_', `yes')')
 
 # Check for third argument to indicate how to deal with non-existant
 # LDAP records
 ifelse(len(X`'_ARG3_), `1', `define(`_LDAP_ROUTING_', `_PASS_THROUGH_')',
        _ARG3_, `passthru', `define(`_LDAP_ROUTING_', `_PASS_THROUGH_')',
+       _ARG3_, `sendertoo', `define(`_LDAP_ROUTING_', `_MUST_EXIST_')define(`_LDAP_SENDER_MUST_EXIST_')',
        `define(`_LDAP_ROUTING_', `_MUST_EXIST_')')
 
-# Check for fouth argument to indicate how to deal with +detail info
+# Check for fourth argument to indicate how to deal with +detail info
 ifelse(len(X`'_ARG4_), `1', `',
        _ARG4_, `strip', `define(`_LDAP_ROUTE_DETAIL_', `_STRIP_')',
        _ARG4_, `preserve', `define(`_LDAP_ROUTE_DETAIL_', `_PRESERVE_')')
 
+# Check for sixth argument to indicate how to deal with tempfails
+ifelse(len(X`'_ARG6_), `1', `define(`_LDAP_ROUTE_MAPTEMP_', `_QUEUE_')',
+       _ARG6_, `tempfail', `define(`_LDAP_ROUTE_MAPTEMP_', `_TEMPFAIL_')',
+       _ARG6_, `queue', `define(`_LDAP_ROUTE_MAPTEMP_', `_QUEUE_')')
+
 LOCAL_CONFIG
 # LDAP routing maps
 Kldapmh ifelse(len(X`'_ARG1_), `1',
diff --git a/contrib/sendmail/cf/feature/local_lmtp.m4 b/contrib/sendmail/cf/feature/local_lmtp.m4
index f3c371b..6f3888a 100644
--- a/contrib/sendmail/cf/feature/local_lmtp.m4
+++ b/contrib/sendmail/cf/feature/local_lmtp.m4
@@ -1,6 +1,6 @@
 divert(-1)
 #
-# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2000, 2002 Sendmail, Inc. and its suppliers.
 #	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
@@ -10,7 +10,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`$Id: local_lmtp.m4,v 8.16 2000/08/18 18:58:45 ca Exp $')
+VERSIONID(`$Id: local_lmtp.m4,v 8.17 2002/11/17 04:41:04 ca Exp $')
 divert(-1)
 
 ifdef(`_MAILER_local_',
@@ -21,7 +21,8 @@ define(`LOCAL_MAILER_PATH',
 	ifelse(defn(`_ARG_'), `',
 		ifdef(`confEBINDIR', confEBINDIR, `/usr/libexec')`/mail.local',
 		_ARG_))
-define(`LOCAL_MAILER_FLAGS', `PSXfmnz9')
-define(`LOCAL_MAILER_ARGS', `mail.local -l')
+define(`LOCAL_MAILER_FLAGS', `PSXmnz9')
+define(`LOCAL_MAILER_ARGS',
+	ifelse(len(X`'_ARG2_), `1', `mail.local -l', _ARG2_))
 define(`LOCAL_MAILER_DSN_DIAGNOSTIC_CODE', `SMTP')
 define(`_LOCAL_LMTP_', `1')
diff --git a/contrib/sendmail/cf/feature/local_procmail.m4 b/contrib/sendmail/cf/feature/local_procmail.m4
index eaf83ea..694c3d9 100644
--- a/contrib/sendmail/cf/feature/local_procmail.m4
+++ b/contrib/sendmail/cf/feature/local_procmail.m4
@@ -13,7 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`$Id: local_procmail.m4,v 8.21.42.1 2002/11/17 04:25:07 ca Exp $')
+VERSIONID(`$Id: local_procmail.m4,v 8.22 2002/11/17 04:24:19 ca Exp $')
 divert(-1)
 
 ifdef(`_MAILER_local_',
diff --git a/contrib/sendmail/cf/feature/mailertable.m4 b/contrib/sendmail/cf/feature/mailertable.m4
index e4dcd70..e3e1d03 100644
--- a/contrib/sendmail/cf/feature/mailertable.m4
+++ b/contrib/sendmail/cf/feature/mailertable.m4
@@ -1,6 +1,6 @@
 divert(-1)
 #
-# Copyright (c) 1998, 1999, 2001 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998, 1999, 2001-2002 Sendmail, Inc. and its suppliers.
 #	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
@@ -13,7 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`$Id: mailertable.m4,v 8.23 2001/03/16 00:51:26 gshapiro Exp $')
+VERSIONID(`$Id: mailertable.m4,v 8.25 2002/06/27 23:23:57 gshapiro Exp $')
 divert(-1)
 
 define(`_MAILER_TABLE_', `')
@@ -21,5 +21,5 @@ define(`_MAILER_TABLE_', `')
 LOCAL_CONFIG
 # Mailer table (overriding domains)
 Kmailertable ifelse(defn(`_ARG_'), `', DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`mailertable',
-		    defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=mailer)(sendmailMTAKey=%0))',
+		    defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=mailer)(sendmailMTAKey=%0))',
 		    `_ARG_')
diff --git a/contrib/sendmail/cf/feature/msp.m4 b/contrib/sendmail/cf/feature/msp.m4
index f4bc64a..6ecf334 100644
--- a/contrib/sendmail/cf/feature/msp.m4
+++ b/contrib/sendmail/cf/feature/msp.m4
@@ -1,6 +1,6 @@
 divert(-1)
 #
-# Copyright (c) 2000-2002 Sendmail, Inc. and its suppliers.
+# Copyright (c) 2000-2002, 2004 Sendmail, Inc. and its suppliers.
 #	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
@@ -10,7 +10,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`$Id: msp.m4,v 1.32 2002/03/26 22:02:03 ca Exp $')
+VERSIONID(`$Id: msp.m4,v 1.33 2004/02/09 22:32:38 ca Exp $')
 divert(-1)
 undefine(`ALIAS_FILE')
 define(`confDELIVERY_MODE', `i')
@@ -21,7 +21,9 @@ define(`confDONT_PROBE_INTERFACES', `True')
 dnl ---------------------------------------------
 dnl run as this user (even if called by root)
 ifdef(`confRUN_AS_USER',,`define(`confRUN_AS_USER', `smmsp')')
-ifdef(`confTRUSTED_USER',,`define(`confTRUSTED_USER', confRUN_AS_USER)')
+ifdef(`confTRUSTED_USER',,`define(`confTRUSTED_USER',
+`ifelse(index(confRUN_AS_USER,`:'), -1, `confRUN_AS_USER',
+`substr(confRUN_AS_USER,0,index(confRUN_AS_USER,`:'))')')')
 dnl ---------------------------------------------
 dnl This queue directory must have the same group
 dnl as sendmail and it must be group-writable.
diff --git a/contrib/sendmail/cf/feature/mtamark.m4 b/contrib/sendmail/cf/feature/mtamark.m4
new file mode 100644
index 0000000..ae5f07a
--- /dev/null
+++ b/contrib/sendmail/cf/feature/mtamark.m4
@@ -0,0 +1,33 @@
+divert(-1)
+#
+# Copyright (c) 2004 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+ifdef(`_MTAMARK_R',`dnl',`dnl
+VERSIONID(`$Id: mtamark.m4,v 1.1 2004/03/22 19:22:40 ca Exp $')
+LOCAL_CONFIG
+define(`_MTAMARK_R',`')dnl
+# map for MTA mark
+Kmtamark dns -R TXT -a. -T<TMP> -r`'ifdef(`MTAMARK_TO',`MTAMARK_TO',`5')
+')
+divert(-1)
+define(`_MTAMARK_RR_', `ifelse(len(X`'_ARG3_),`1',`_perm._smtp._srv',`_ARG3_')')dnl
+define(`_MTAMARK_MSG_', `ifelse(len(X`'_ARG_),`1',`"550 Rejected: " $`'&{client_addr} " not listed as MTA"',`_ARG_')')dnl
+define(`_MTAMARK_MSG_TMP_', `ifelse(_ARG2_,`t',`"451 Temporary lookup failure of " _MTAMARK_RR_.$`'&{client_addr}',`_ARG2_')')dnl
+divert(8)
+# DNS based IP MTA list
+R$*		$: $&{client_addr}
+R$-.$-.$-.$-	$: <?> $(mtamark _MTAMARK_RR_.$4.$3.$2.$1.in-addr.arpa. $: OK $)
+R<?>1.		$: OKSOFAR
+R<?>0.		$#error $@ 5.7.1 $: _MTAMARK_MSG_
+ifelse(len(X`'_ARG2_),`1',
+`R<?>$+<TMP>	$: TMPOK',
+`R<?>$+<TMP>	$#error $@ 4.7.1 $: _MTAMARK_MSG_TMP_')
+divert(-1)
diff --git a/contrib/sendmail/cf/feature/ratecontrol.m4 b/contrib/sendmail/cf/feature/ratecontrol.m4
new file mode 100644
index 0000000..e3389c0
--- /dev/null
+++ b/contrib/sendmail/cf/feature/ratecontrol.m4
@@ -0,0 +1,36 @@
+divert(-1)
+#
+# Copyright (c) 2003, 2004 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: ratecontrol.m4,v 1.5 2004/02/19 21:31:47 ca Exp $')
+
+divert(-1)
+ifdef(`_ACCESS_TABLE_', `
+	define(`_RATE_CONTROL_', `1')
+	ifelse(defn(`_ARG_'), `', `',
+		strcasecmp(defn(`_ARG_'), `nodelay'), `1',
+		`ifdef(`_DELAY_CHECKS_',
+			`
+			define(`_RATE_CONTROL_IMMEDIATE_', `1')
+			define(`_CONTROL_IMMEDIATE_', `1')
+			',
+			`errprint(`*** ERROR: FEATURE(`ratecontrol', `nodelay') requires FEATURE(`delay_checks')')'
+		)',
+		`errprint(`*** ERROR: unknown parameter '"defn(`_ARG_')"` for FEATURE(`ratecontrol')')')
+	define(`_FFR_SRCHLIST_A', `1')
+	ifelse(len(X`'_ARG2_), `1', `',
+		_ARG2_, `terminate', `define(`_RATE_CONTROL_REPLY', `421')',
+		`errprint(`*** ERROR: FEATURE(`ratecontrol'): unknown argument '"_ARG2_"
+)'
+		)
+	', `errprint(`*** ERROR: FEATURE(`ratecontrol') requires FEATURE(`access_db')
+')')
+ifdef(`_RATE_CONTROL_REPLY',,`define(`_RATE_CONTROL_REPLY', `452')')
diff --git a/contrib/sendmail/cf/feature/use_client_ptr.m4 b/contrib/sendmail/cf/feature/use_client_ptr.m4
new file mode 100644
index 0000000..918dff1
--- /dev/null
+++ b/contrib/sendmail/cf/feature/use_client_ptr.m4
@@ -0,0 +1,21 @@
+divert(-1)
+#
+# Copyright (c) 2004 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: use_client_ptr.m4,v 1.1 2004/04/20 22:27:14 ca Exp $')
+divert(-1)
+
+# if defined, check_relay will use {client_ptr} instead of whatever
+# is passed in as its first argument.
+
+define(`_USE_CLIENT_PTR_', `1')
+
+divert(0)
diff --git a/contrib/sendmail/cf/feature/uucpdomain.m4 b/contrib/sendmail/cf/feature/uucpdomain.m4
index 4d23229..c6fbc5c 100644
--- a/contrib/sendmail/cf/feature/uucpdomain.m4
+++ b/contrib/sendmail/cf/feature/uucpdomain.m4
@@ -1,6 +1,6 @@
 divert(-1)
 #
-# Copyright (c) 1998, 1999, 2001 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998, 1999, 2001-2002 Sendmail, Inc. and its suppliers.
 #	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
@@ -13,7 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`$Id: uucpdomain.m4,v 8.27 2001/03/16 00:51:26 gshapiro Exp $')
+VERSIONID(`$Id: uucpdomain.m4,v 8.29 2002/06/27 23:23:57 gshapiro Exp $')
 divert(-1)
 
 define(`_UUDOMAIN_TABLE_', `')
@@ -21,5 +21,5 @@ define(`_UUDOMAIN_TABLE_', `')
 LOCAL_CONFIG
 # UUCP domain table
 Kuudomain ifelse(defn(`_ARG_'), `', DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`uudomain',
-		 defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=uucpdomain)(sendmailMTAKey=%0))',
+		 defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=uucpdomain)(sendmailMTAKey=%0))',
 		 `_ARG_')
diff --git a/contrib/sendmail/cf/feature/virtusertable.m4 b/contrib/sendmail/cf/feature/virtusertable.m4
index d9c628f..1717b66 100644
--- a/contrib/sendmail/cf/feature/virtusertable.m4
+++ b/contrib/sendmail/cf/feature/virtusertable.m4
@@ -1,6 +1,6 @@
 divert(-1)
 #
-# Copyright (c) 1998, 1999, 2001 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998, 1999, 2001-2002 Sendmail, Inc. and its suppliers.
 #	All rights reserved.
 # Copyright (c) 1983 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
@@ -13,7 +13,7 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`$Id: virtusertable.m4,v 8.21 2001/03/16 00:51:26 gshapiro Exp $')
+VERSIONID(`$Id: virtusertable.m4,v 8.23 2002/06/27 23:23:57 gshapiro Exp $')
 divert(-1)
 
 define(`_VIRTUSER_TABLE_', `')
@@ -21,5 +21,5 @@ define(`_VIRTUSER_TABLE_', `')
 LOCAL_CONFIG
 # Virtual user table (maps incoming users)
 Kvirtuser ifelse(defn(`_ARG_'), `', DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`virtusertable',
-		 defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=virtuser)(sendmailMTAKey=%0))',
+		 defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=virtuser)(sendmailMTAKey=%0))',
 		 `_ARG_')
diff --git a/contrib/sendmail/cf/m4/cfhead.m4 b/contrib/sendmail/cf/m4/cfhead.m4
index c8b6f35..9ccaa24 100644
--- a/contrib/sendmail/cf/m4/cfhead.m4
+++ b/contrib/sendmail/cf/m4/cfhead.m4
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
 #	All rights reserved.
 # Copyright (c) 1983, 1995 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
@@ -302,7 +302,8 @@ define(`confMILTER_MACROS_CONNECT', ``j, _, {daemon_name}, {if_name}, {if_addr}'
 define(`confMILTER_MACROS_HELO', ``{tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}'')
 define(`confMILTER_MACROS_ENVFROM', ``i, {auth_type}, {auth_authen}, {auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mail_addr}'')
 define(`confMILTER_MACROS_ENVRCPT', ``{rcpt_mailer}, {rcpt_host}, {rcpt_addr}'')
+define(`confMILTER_MACROS_EOM', `{msg_id}')
 
 
 divert(0)dnl
-VERSIONID(`$Id: cfhead.m4,v 8.108.2.6 2003/12/05 02:26:47 ca Exp $')
+VERSIONID(`$Id: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $')
diff --git a/contrib/sendmail/cf/m4/proto.m4 b/contrib/sendmail/cf/m4/proto.m4
index 48f4eab..2397bc7 100644
--- a/contrib/sendmail/cf/m4/proto.m4
+++ b/contrib/sendmail/cf/m4/proto.m4
@@ -13,7 +13,7 @@ divert(-1)
 #
 divert(0)
 
-VERSIONID(`$Id: proto.m4,v 8.649.2.30 2004/01/11 17:54:06 ca Exp $')
+VERSIONID(`$Id: proto.m4,v 8.710 2004/07/27 17:32:48 ca Exp $')
 
 # level CF_LEVEL config file format
 V`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley')
@@ -197,7 +197,7 @@ ifdef(`_MACRO_MAP_', `', `# macro storage map
 define(`_MACRO_MAP_', `1')dnl
 Kmacro macro')
 # possible values for TLS_connection in access map
-C{tls}VERIFY ENCR', `dnl')
+C{Tls}VERIFY ENCR', `dnl')
 ifdef(`_CERT_REGEX_ISSUER_', `dnl
 # extract relevant part from cert issuer
 KCERTIssuer regex _CERT_REGEX_ISSUER_', `dnl')
@@ -261,7 +261,7 @@ _OPTION(AliasFile, `ALIAS_FILE', `MAIL_SETTINGS_DIR`'aliases')
 _OPTION(MinFreeBlocks, `confMIN_FREE_BLOCKS', `100')
 
 # maximum message size
-_OPTION(MaxMessageSize, `confMAX_MESSAGE_SIZE', `1000000')
+_OPTION(MaxMessageSize, `confMAX_MESSAGE_SIZE', `0')
 
 # substitution for space (blank) characters
 _OPTION(BlankSub, `confBLANK_SUB', `_')
@@ -425,14 +425,12 @@ _OPTION(Timeout.queuereturn, `confTO_QUEUERETURN', `5d')
 _OPTION(Timeout.queuereturn.normal, `confTO_QUEUERETURN_NORMAL', `5d')
 _OPTION(Timeout.queuereturn.urgent, `confTO_QUEUERETURN_URGENT', `2d')
 _OPTION(Timeout.queuereturn.non-urgent, `confTO_QUEUERETURN_NONURGENT', `7d')
-ifdef(`confTO_QUEUERETURN_DSN', `dnl
-O Timeout.queuereturn.dsn=confTO_QUEUERETURN_DSN')
+_OPTION(Timeout.queuereturn.dsn, `confTO_QUEUERETURN_DSN', `5d')
 _OPTION(Timeout.queuewarn, `confTO_QUEUEWARN', `4h')
 _OPTION(Timeout.queuewarn.normal, `confTO_QUEUEWARN_NORMAL', `4h')
 _OPTION(Timeout.queuewarn.urgent, `confTO_QUEUEWARN_URGENT', `1h')
 _OPTION(Timeout.queuewarn.non-urgent, `confTO_QUEUEWARN_NONURGENT', `12h')
-ifdef(`confTO_QUEUEWARN_DSN', `dnl
-O Timeout.queuewarn.dsn=confTO_QUEUEWARN_DSN')
+_OPTION(Timeout.queuewarn.dsn, `confTO_QUEUEWARN_DSN', `4h')
 _OPTION(Timeout.hoststatus, `confTO_HOSTSTATUS', `30m')
 _OPTION(Timeout.resolver.retrans, `confTO_RESOLVER_RETRANS', `5s')
 _OPTION(Timeout.resolver.retrans.first, `confTO_RESOLVER_RETRANS_FIRST', `5s')
@@ -473,6 +471,9 @@ _OPTION(UserDatabaseSpec, `confUSERDB_SPEC', `MAIL_SETTINGS_DIR`'userdb')
 # fallback MX host
 _OPTION(FallbackMXhost, `confFALLBACK_MX', `fall.back.host.net')
 
+# fallback smart host
+_OPTION(FallbackSmartHost, `confFALLBACK_SMARTHOST', `fall.back.host.net')
+
 # if we are the best MX host for a site, try it directly instead of config err
 _OPTION(TryNullMXList, `confTRY_NULL_MX_LIST', `False')
 
@@ -482,6 +483,9 @@ _OPTION(QueueLA, `confQUEUE_LA', `8')
 # load average at which we refuse connections
 _OPTION(RefuseLA, `confREFUSE_LA', `12')
 
+# log interval when refusing connections for this long
+_OPTION(RejectLogInterval, `confREJECT_LOG_INTERVAL', `3h')
+
 # load average at which we delay connections; 0 means no limit
 _OPTION(DelayLA, `confDELAY_LA', `0')
 
@@ -491,6 +495,9 @@ _OPTION(MaxDaemonChildren, `confMAX_DAEMON_CHILDREN', `0')
 # maximum number of new connections per second
 _OPTION(ConnectionRateThrottle, `confCONNECTION_RATE_THROTTLE', `0')
 
+# Width of the window 
+_OPTION(ConnectionRateWindowSize, `confCONNECTION_RATE_WINDOW_SIZE', `60s')
+
 # work recipient factor
 _OPTION(RecipientFactor, `confWORK_RECIPIENT_FACTOR', `30000')
 
@@ -565,11 +572,11 @@ _OPTION(DeadLetterDrop, `confDEAD_LETTER_DROP', `/var/tmp/dead.letter')
 _OPTION(RunAsUser, `confRUN_AS_USER', `sendmail')
 
 # maximum number of recipients per SMTP envelope
-_OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', `100')
+_OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', `0')
 
 # limit the rate recipients per SMTP envelope are accepted
 # once the threshold number of recipients have been rejected
-_OPTION(BadRcptThrottle, `confBAD_RCPT_THROTTLE', `20')
+_OPTION(BadRcptThrottle, `confBAD_RCPT_THROTTLE', `0')
 
 # shall we get local names from our installed interfaces?
 _OPTION(DontProbeInterfaces, `confDONT_PROBE_INTERFACES', `False')
@@ -587,7 +594,7 @@ _OPTION(TrustedUser, `confTRUSTED_USER', `root')
 _OPTION(ControlSocketName, `confCONTROL_SOCKET_NAME', `/var/spool/mqueue/.control')
 
 # Maximum MIME header length to protect MUAs
-_OPTION(MaxMimeHeaderLength, `confMAX_MIME_HEADER_LENGTH', `2048/1024')
+_OPTION(MaxMimeHeaderLength, `confMAX_MIME_HEADER_LENGTH', `0/0')
 
 # Maximum length of the sum of all headers
 _OPTION(MaxHeadersLength, `confMAX_HEADERS_LENGTH', `32768')
@@ -610,9 +617,15 @@ _OPTION(XscriptFileBufferSize, `confXF_BUFFER_SIZE', `4096')
 # lookup type to find information about local mailboxes
 _OPTION(MailboxDatabase, `confMAILBOX_DATABASE', `pw')
 
+# override compile time flag REQUIRES_DIR_FSYNC
+_OPTION(RequiresDirfsync, `confREQUIRES_DIR_FSYNC', `true')
+
 # list of authentication mechanisms
 _OPTION(AuthMechanisms, `confAUTH_MECHANISMS', `EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5')
 
+# Authentication realm
+_OPTION(AuthRealm, `confAUTH_REALM', `')
+
 # default authentication information for outgoing connections
 _OPTION(DefaultAuthInfo, `confDEF_AUTH_INFO', `MAIL_SETTINGS_DIR`'default-auth-info')
 
@@ -635,7 +648,7 @@ _OPTION(Milter.macros.connect, `confMILTER_MACROS_CONNECT', `')
 _OPTION(Milter.macros.helo, `confMILTER_MACROS_HELO', `')
 _OPTION(Milter.macros.envfrom, `confMILTER_MACROS_ENVFROM', `')
 _OPTION(Milter.macros.envrcpt, `confMILTER_MACROS_ENVRCPT', `')
-')
+_OPTION(Milter.macros.eom, `confMILTER_MACROS_EOM', `')')
 
 # CA directory
 _OPTION(CACertPath, `confCACERT_PATH', `')
@@ -649,6 +662,8 @@ _OPTION(ServerKeyFile, `confSERVER_KEY', `')
 _OPTION(ClientCertFile, `confCLIENT_CERT', `')
 # Client private key
 _OPTION(ClientKeyFile, `confCLIENT_KEY', `')
+# File containing certificate revocation lists 
+_OPTION(CRLFile, `confCRL', `')
 # DHParameters (only required if DSA/DH is used)
 _OPTION(DHParameters, `confDH_PARAMETERS', `')
 # Random data source (required for systems without /dev/urandom under OpenSSL)
@@ -685,6 +700,7 @@ ifdef(`confTRUSTED_USERS', `T`'confTRUSTED_USERS', `dnl')
 #########################
 
 ifdef(`confFROM_HEADER',, `define(`confFROM_HEADER', `$?x$x <$g>$|$g$.')')dnl
+ifdef(`confMESSAGEID_HEADER',, `define(`confMESSAGEID_HEADER', `<$t.$i@$j>')')dnl
 H?P?Return-Path: <$g>
 HReceived: confRECEIVED_HEADER
 H?D?Resent-Date: $a
@@ -694,8 +710,8 @@ H?F?From: confFROM_HEADER
 H?x?Full-Name: $x
 # HPosted-Date: $a
 # H?l?Received-Date: $b
-H?M?Resent-Message-Id: <$t.$i@$j>
-H?M?Message-Id: <$t.$i@$j>
+H?M?Resent-Message-Id: confMESSAGEID_HEADER
+H?M?Message-Id: confMESSAGEID_HEADER
 
 #
 ######################################################################
@@ -1429,13 +1445,21 @@ ifdef(`_LDAP_ROUTING_', `dnl
 ###		Parsed address (user < @ domain . >)
 ######################################################################
 
+# SMTP operation modes
+C{SMTPOpModes} s d D
+
 SLDAPExpand
 # do the LDAP lookups
 R<$+><$+><$*>	$: <$(ldapmra $2 $: $)> <$(ldapmh $2 $: $)> <$1> <$2> <$3>
 
-# look for temporary failures (return original address, MTA will queue up)
-R<$* <TMPF>> <$*> <$+> <$+> <$*>	$@ $3
-R<$*> <$* <TMPF>> <$+> <$+> <$*>	$@ $3
+# look for temporary failures and...
+R<$* <TMPF>> <$*> <$+> <$+> <$*>	$: $&{opMode} $| TMPF <$&{addr_type}> $| $3
+R<$*> <$* <TMPF>> <$+> <$+> <$*>	$: $&{opMode} $| TMPF <$&{addr_type}> $| $3
+ifelse(_LDAP_ROUTE_MAPTEMP_, `_TEMPFAIL_', `dnl
+# ... temp fail RCPT SMTP commands
+R$={SMTPOpModes} $| TMPF <e r> $| $+	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."')
+# ... return original address for MTA to queue up
+R$* $| TMPF <$*> $| $+			$@ $3
 
 # if mailRoutingAddress and local or non-existant mailHost,
 # return the new mailRoutingAddress
@@ -1475,11 +1499,12 @@ ifdef(`_LDAP_ROUTE_DETAIL_',
 # try without +detail
 R<> <> <$+> <$+ + $* @ $+> <>	$@ $>LDAPExpand <$1> <$2 @ $4> <+$3>')dnl
 
+ifdef(`_LDAP_ROUTE_NODOMAIN_', `dnl', `
 # if still no mailRoutingAddress and no mailHost,
 # try @domain
 ifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl
 R<> <> <$+> <$+ + $* @ $+> <>	$@ $>LDAPExpand <$1> <@ $4> <+$3>')
-R<> <> <$+> <$+ @ $+> <$*>	$@ $>LDAPExpand <$1> <@ $3> <$4>
+R<> <> <$+> <$+ @ $+> <$*>	$@ $>LDAPExpand <$1> <@ $3> <$4>')
 
 # if no mailRoutingAddress and no mailHost and this was a domain attempt,
 ifelse(_LDAP_ROUTING_, `_MUST_EXIST_', `dnl
@@ -1487,6 +1512,9 @@ ifelse(_LDAP_ROUTING_, `_MUST_EXIST_', `dnl
 R<> <> <$+> <@ $+> <$*>		$: <?> < $&{addr_type} > < $1 >
 # only give error for envelope recipient
 R<?> <e r> <$+>			$#error $@ nouser $: "550 User unknown"
+ifdef(`_LDAP_SENDER_MUST_EXIST_', `dnl
+# and the sender too
+R<?> <e s> <$+>			$#error $@ nouser $: "550 User unknown"')
 R<?> <$*> <$+>			$@ $2',
 `dnl
 # return the original address
@@ -1675,7 +1703,7 @@ R<$+> <$+>			$: <$1> $2',`dnl')')
 ifdef(`_RELAY_MX_SERVED_', `dnl
 dnl do "we" ($=w) act as backup MX server for the destination domain?
 R<NO> $* < @ $+ >		$: <MX> < : $(mxserved $2 $) : > < $1 < @$2 > >
-R<MX> < : $* <TEMP> : > $*	$#TEMP $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1
+R<MX> < : $* <TEMP> : > $*	$#TEMP $@ 4.4.0 $: "450 Can not check MX records for recipient host " $1
 dnl yes: mark it as <RELAY>
 R<MX> < $* : $=w. : $* > < $+ >	$: <RELAY> $4
 dnl no: put old <NO> mark back
@@ -1691,8 +1719,20 @@ R<$+> $*			$@ $2
 ###  check_relay -- check hostname/address on SMTP startup
 ######################################################################
 
+ifdef(`_CONTROL_IMMEDIATE_',`dnl
+Scheck_relay
+ifdef(`_RATE_CONTROL_IMMEDIATE_',`dnl
+dnl workspace: ignored...
+R$*		$: $>"RateControl" dummy', `dnl')
+ifdef(`_CONN_CONTROL_IMMEDIATE_',`dnl
+dnl workspace: ignored...
+R$*		$: $>"ConnControl" dummy', `dnl')
+dnl')
+
 SLocal_check_relay
 Scheck`'_U_`'relay
+ifdef(`_USE_CLIENT_PTR_',`dnl
+R$* $| $*		$: $&{client_ptr} $| $2', `dnl')
 R$*			$: $1 $| $>"Local_check_relay" $1
 R$* $| $* $| $#$*	$#$3
 R$* $| $* $| $*		$@ $>"Basic_check_relay" $1 $| $2
@@ -1715,10 +1755,9 @@ dnl workspace: <result-of-lookup> (<>|<{client_addr}>)
 R<?> <$*>		$: OK				found nothing
 dnl workspace: <result-of-lookup> (<>|<{client_addr}>) | OK
 R<$={Accept}> <$*>	$@ $1				return value of lookup
-R<REJECT> <$*>		$#error ifdef(`confREJECT_MSG', `$: "confREJECT_MSG"', `$@ 5.7.1 $: "550 Access denied"')
+R<REJECT> <$*>		$#error ifdef(`confREJECT_MSG', `$: confREJECT_MSG', `$@ 5.7.1 $: "550 Access denied"')
 R<DISCARD> <$*>		$#discard $: discard
-ifdef(`_FFR_QUARANTINE',
-`R<QUARANTINE:$+> <$*>	$#error $@ quarantine $: $1', `dnl')
+R<QUARANTINE:$+> <$*>	$#error $@ quarantine $: $1
 dnl error tag
 R<ERROR:$-.$-.$-:$+> <$*>	$#error $@ $1.$2.$3 $: $4
 R<ERROR:$+> <$*>		$#error $: $1
@@ -1734,6 +1773,14 @@ R$-.$-.$-.$-		$: <?> $(host $4.$3.$2.$1._RBL_. $: OK $)
 R<?>OK			$: OKSOFAR
 R<?>$+			$#error $@ 5.7.1 $: "550 Rejected: " $&{client_addr} " listed at _RBL_"',
 `dnl')
+ifdef(`_RATE_CONTROL_',`dnl
+ifdef(`_RATE_CONTROL_IMMEDIATE_',`', `dnl
+dnl workspace: ignored...
+R$*		$: $>"RateControl" dummy')', `dnl')
+ifdef(`_CONN_CONTROL_',`dnl
+ifdef(`_CONN_CONTROL_IMMEDIATE_',`',`dnl
+dnl workspace: ignored...
+R$*		$: $>"ConnControl" dummy')', `dnl')
 undivert(8)
 
 ######################################################################
@@ -1866,9 +1913,8 @@ R<PERM> $*		$#error $@ 5.1.8 $: "_CODE553 Domain of sender address " $&f " does
 ifdef(`_ACCESS_TABLE_', `dnl
 R<$={Accept}> $*	$# $1		accept from access map
 R<DISCARD> $*		$#discard $: discard
-ifdef(`_FFR_QUARANTINE',
-`R<QUARANTINE:$+> $*	$#error $@ quarantine $: $1', `dnl')
-R<REJECT> $*		$#error ifdef(`confREJECT_MSG', `$: "confREJECT_MSG"', `$@ 5.7.1 $: "550 Access denied"')
+R<QUARANTINE:$+> $*	$#error $@ quarantine $: $1
+R<REJECT> $*		$#error ifdef(`confREJECT_MSG', `$: confREJECT_MSG', `$@ 5.7.1 $: "550 Access denied"')
 dnl error tag
 R<ERROR:$-.$-.$-:$+> $*		$#error $@ $1.$2.$3 $: $4
 R<ERROR:$+> $*		$#error $: $1
@@ -2007,8 +2053,7 @@ dnl maybe we should stop checks already here (if SPAM_xyx)?
 R<$={SpamTag}> <$*>	$: @ $2		mark address as no match')
 R<REJECT> $*		$#error $@ 5.2.1 $: confRCPTREJ_MSG
 R<DISCARD> $*		$#discard $: discard
-ifdef(`_FFR_QUARANTINE',
-`R<QUARANTINE:$+> $*	$#error $@ quarantine $: $1', `dnl')
+R<QUARANTINE:$+> $*	$#error $@ quarantine $: $1
 dnl error tag
 R<ERROR:$-.$-.$-:$+> $*		$#error $@ $1.$2.$3 $: $4
 R<ERROR:$+> $*		$#error $: $1
@@ -2053,7 +2098,11 @@ dnl workspace: <Result-of-lookup | ?> <localpart<@domain>>
 R<?> <$+ < @ $+ >>	$: <$(access $2 $: ? $)> <$1 < @ $2 >>',`dnl')',
 `R$+ < @ $* $=R >	$@ RELAY
 ifdef(`_ACCESS_TABLE_', `dnl
-R$+ < @ $+ >		$: $>D <$2> <?> <+ To> <$1 < @ $2 >>',`dnl')')
+ifdef(`_RELAY_FULL_ADDR_', `dnl
+R$+ < @ $+ >		$: $1 < @ $2 > $| $>SearchList <+ To> $| <F:$1@$2> <D:$2> <F:$1@> <>
+R$+ < @ $+ > $| <$*>	$: <$3> <$1 <@ $2>>
+R$+ < @ $+ > $| $*	$: <$3> <$1 <@ $2>>',
+`R$+ < @ $+ >		$: $>D <$2> <?> <+ To> <$1 < @ $2 >>')')')
 ifdef(`_ACCESS_TABLE_', `dnl
 dnl workspace: <Result-of-lookup | ?> <localpart<@domain>>
 R<RELAY> $*		$@ RELAY
@@ -2065,7 +2114,7 @@ ifdef(`_RELAY_MX_SERVED_', `dnl
 # allow relaying for hosts which we MX serve
 R$+ < @ $+ >		$: < : $(mxserved $2 $) : > $1 < @ $2 >
 dnl this must not necessarily happen if the client is checked first...
-R< : $* <TEMP> : > $*	$#TEMP $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1
+R< : $* <TEMP> : > $*	$#TEMP $@ 4.4.0 $: "450 Can not check MX records for recipient host " $1
 R<$* : $=w . : $*> $*	$@ RELAY
 R< : $* : > $*		$: $2',
 `dnl')
@@ -2158,7 +2207,7 @@ dnl the input. otherwise these rules must "clean up" the workspace.
 # check client name: first: did it resolve?
 dnl input: ignored
 R$*			$: < $&{client_resolve} >
-R<TEMP>			$#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
+R<TEMP>			$#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
 R<FORGED>		$#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
 R<FAIL>			$#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
 dnl ${client_resolve} should be OK, so go ahead
@@ -2441,11 +2490,11 @@ dnl		A: recursive address lookup (LookUpAddress) [not yet required]
 
 # class with valid marks for SearchList
 dnl if A is activated: add it
-C{src}E F D U ifdef(`_FFR_SRCHLIST_A', `A')
+C{Src}E F D U ifdef(`_FFR_SRCHLIST_A', `A')
 SSearchList
 # just call the ruleset with the name of the tag... nice trick...
 dnl       2       3    4
-R<$+> $| <$={src}:$*> <$*>	$: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
+R<$+> $| <$={Src}:$*> <$*>	$: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
 dnl workspace: <o tag> $| <rest> $| <result of lookup> <>
 dnl no match and nothing left: return
 R<$+> $| <> $| <?> <>		$@ <?>
@@ -2488,7 +2537,6 @@ R$*			$#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{au
 ######################################################################
 SLocal_Relay_Auth
 
-ifdef(`_ACCESS_TABLE_', `dnl
 ######################################################################
 ###  srv_features: which features to offer to a client?
 ###	(done in server)
@@ -2498,13 +2546,14 @@ ifdef(`_LOCAL_SRV_FEATURES_', `dnl
 R$*			$: $1 $| $>"Local_srv_features" $1
 R$* $| $#$*		$#$2
 R$* $| $*		$: $1', `dnl')
+ifdef(`_ACCESS_TABLE_', `dnl
 R$*		$: $>D <$&{client_name}> <?> <! SRV_FEAT_TAG> <>
 R<?>$*		$: $>A <$&{client_addr}> <?> <! SRV_FEAT_TAG> <>
 R<?>$*		$: <$(access SRV_FEAT_TAG`'_TAG_DELIM_ $: ? $)>
 R<?>$*		$@ OK
 ifdef(`_ATMPF_', `dnl tempfail?
 R<$* _ATMPF_>$*	$#temp', `dnl')
-R<$+>$*		$# $1
+R<$+>$*		$# $1')
 
 ######################################################################
 ###  try_tls: try to use STARTTLS?
@@ -2515,14 +2564,15 @@ ifdef(`_LOCAL_TRY_TLS_', `dnl
 R$*			$: $1 $| $>"Local_try_tls" $1
 R$* $| $#$*		$#$2
 R$* $| $*		$: $1', `dnl')
+ifdef(`_ACCESS_TABLE_', `dnl
 R$*		$: $>D <$&{server_name}> <?> <! TLS_TRY_TAG> <>
 R<?>$*		$: $>A <$&{server_addr}> <?> <! TLS_TRY_TAG> <>
 R<?>$*		$: <$(access TLS_TRY_TAG`'_TAG_DELIM_ $: ? $)>
 R<?>$*		$@ OK
 ifdef(`_ATMPF_', `dnl tempfail?
 R<$* _ATMPF_>$*	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
-R<NO>$*		$#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"
- 
+R<NO>$*		$#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"')
+
 ######################################################################
 ###  tls_rcpt: is connection with server "good" enough?
 ###	(done in client, per recipient)
@@ -2536,6 +2586,7 @@ ifdef(`_LOCAL_TLS_RCPT_', `dnl
 R$*			$: $1 $| $>"Local_tls_rcpt" $1
 R$* $| $#$*		$#$2
 R$* $| $*		$: $1', `dnl')
+ifdef(`_ACCESS_TABLE_', `dnl
 dnl store name of other side
 R$*			$: $(macro {TLS_Name} $@ $&{server_name} $) $1
 dnl canonify recipient address
@@ -2637,10 +2688,10 @@ R$* $| <$*>$*			$: $1 $| <$2>
 dnl workspace: ${verify} $| <ResultOfLookup>
 # create the appropriate error codes
 dnl permanent or temporary error?
-R$* $| <PERM + $={tls} $*>	$: $1 $| <503:5.7.0> <$2 $3>
-R$* $| <TEMP + $={tls} $*>	$: $1 $| <403:4.7.0> <$2 $3>
+R$* $| <PERM + $={Tls} $*>	$: $1 $| <503:5.7.0> <$2 $3>
+R$* $| <TEMP + $={Tls} $*>	$: $1 $| <403:4.7.0> <$2 $3>
 dnl default case depends on TLS_PERM_ERR
-R$* $| <$={tls} $*>		$: $1 $| <ifdef(`TLS_PERM_ERR', `503:5.7.0', `403:4.7.0')> <$2 $3>
+R$* $| <$={Tls} $*>		$: $1 $| <ifdef(`TLS_PERM_ERR', `503:5.7.0', `403:4.7.0')> <$2 $3>
 dnl workspace: ${verify} $| [<SMTP:ESC>] <ResultOfLookup>
 # deal with TLS handshake failures: abort
 RSOFTWARE $| <$-:$+> $* 	$#error $@ $2 $: $1 " TLS handshake failed."
@@ -2650,9 +2701,9 @@ RSOFTWARE $| $* 		$#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`
 R$* $| <$*> <VERIFY>		$: <$2> <VERIFY> <> $1
 dnl separate optional requirements
 R$* $| <$*> <VERIFY + $+>	$: <$2> <VERIFY> <$3> $1
-R$* $| <$*> <$={tls}:$->$*	$: <$2> <$3:$4> <> $1
+R$* $| <$*> <$={Tls}:$->$*	$: <$2> <$3:$4> <> $1
 dnl separate optional requirements
-R$* $| <$*> <$={tls}:$- + $+>$*	$: <$2> <$3:$4> <$5> $1
+R$* $| <$*> <$={Tls}:$- + $+>$*	$: <$2> <$3:$4> <$5> $1
 dnl some other value in access map: accept
 dnl this also allows to override the default case (if used)
 R$* $| $*			$@ OK
@@ -2821,6 +2872,50 @@ R$* $| <?>$*	$@ no				no authinfo available
 R$* $| <$*> <>	$# $2
 dnl', `dnl')')
 
+ifdef(`_RATE_CONTROL_',`dnl
+######################################################################
+###  RateControl: 
+###	Parameters:	ignored
+###	return: $#error or OK
+######################################################################
+SRateControl
+ifdef(`_ACCESS_TABLE_', `dnl
+R$*		$: <A:$&{client_addr}> <E:>
+dnl also look up a default value via E:
+R$+		$: $>SearchList <! ClientRate> $| $1 <>
+dnl found nothing: stop here
+R<?>		$@ OK
+ifdef(`_ATMPF_', `dnl tempfail?
+R<$* _ATMPF_>	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
+dnl use the generic routine (for now)
+R<0>		$@ OK		no limit
+R<$+>		$: <$1> $| $(arith l $@ $&{client_rate} $@ $1 $)
+dnl log this? Connection rate $&{client_rate} exceeds limit $1.
+R<$+> $| FALSE	$#error $@ 4.3.2 $: _RATE_CONTROL_REPLY Connection rate limit exceeded.
+')')
+
+ifdef(`_CONN_CONTROL_',`dnl
+######################################################################
+###  ConnControl: 
+###	Parameters:	ignored
+###	return: $#error or OK
+######################################################################
+SConnControl
+ifdef(`_ACCESS_TABLE_', `dnl
+R$*		$: <A:$&{client_addr}> <E:>
+dnl also look up a default value via E:
+R$+		$: $>SearchList <! ClientConn> $| $1 <>
+dnl found nothing: stop here
+R<?>		$@ OK
+ifdef(`_ATMPF_', `dnl tempfail?
+R<$* _ATMPF_>	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
+dnl use the generic routine (for now)
+R<0>		$@ OK		no limit
+R<$+>		$: <$1> $| $(arith l $@ $&{client_connections} $@ $1 $)
+dnl log this: Open connections $&{client_connections} exceeds limit $1.
+R<$+> $| FALSE	$#error $@ 4.3.2 $: _CONN_CONTROL_REPLY Too many open connections.
+')')
+
 undivert(9)dnl LOCAL_RULESETS
 #
 ######################################################################
diff --git a/contrib/sendmail/cf/m4/version.m4 b/contrib/sendmail/cf/m4/version.m4
index b6cc228..d06e15d 100644
--- a/contrib/sendmail/cf/m4/version.m4
+++ b/contrib/sendmail/cf/m4/version.m4
@@ -11,8 +11,8 @@ divert(-1)
 # the sendmail distribution.
 #
 #
-VERSIONID(`$Id: version.m4,v 8.92.2.26 2004/01/13 00:29:26 ca Exp $')
+VERSIONID(`$Id: version.m4,v 8.117 2004/07/30 18:03:07 ca Exp $')
 #
 divert(0)
 # Configuration version number
-DZ8.12.11`'ifdef(`confCF_VERSION', `/confCF_VERSION')
+DZ8.13.1`'ifdef(`confCF_VERSION', `/confCF_VERSION')
diff --git a/contrib/sendmail/cf/mailer/usenet.m4 b/contrib/sendmail/cf/mailer/usenet.m4
index d28c321..39f49b8 100644
--- a/contrib/sendmail/cf/mailer/usenet.m4
+++ b/contrib/sendmail/cf/mailer/usenet.m4
@@ -21,7 +21,7 @@ POPDIVERT
 ###  USENET Mailer specification ###
 ####################################
 
-VERSIONID(`$Id: usenet.m4,v 8.21.4.1 2003/03/03 22:53:03 ca Exp $')
+VERSIONID(`$Id: usenet.m4,v 8.22 2003/02/20 21:16:13 ca Exp $')
 
 Musenet,	P=USENET_MAILER_PATH, F=_MODMF_(USENET_MAILER_FLAGS, `USENET'), S=EnvFromL, R=EnvToL,
 		_OPTINS(`USENET_MAILER_MAX', `M=', `, ')T=X-Usenet/X-Usenet/X-Unix,_USENET_QGRP
diff --git a/contrib/sendmail/cf/ostype/unicos.m4 b/contrib/sendmail/cf/ostype/unicos.m4
new file mode 100644
index 0000000..d73f3fa
--- /dev/null
+++ b/contrib/sendmail/cf/ostype/unicos.m4
@@ -0,0 +1,22 @@
+divert(-1)
+#
+# Copyright (c) 2003 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+#
+
+divert(0)
+VERSIONID(`$Id: unicos.m4,v 1.1 2003/04/21 17:03:51 ca Exp $')
+define(`ALIAS_FILE', `/usr/lib/aliases')
+define(`HELP_FILE', `/usr/lib/sendmail.hf')
+define(`QUEUE_DIR', `/usr/spool/mqueue')
+define(`STATUS_FILE', `/usr/lib/sendmail.st')
+MODIFY_MAILER_FLAGS(`LOCAL', `+aSPpmnxXu')
+MODIFY_MAILER_FLAGS(`SMTP', `+anpeLC')
+define(`LOCAL_SHELL_FLAGS', `pxehu')
+define(`confPID_FILE', `/etc/sendmail.pid')dnl
diff --git a/contrib/sendmail/cf/ostype/unicosmk.m4 b/contrib/sendmail/cf/ostype/unicosmk.m4
new file mode 100644
index 0000000..e9cec04
--- /dev/null
+++ b/contrib/sendmail/cf/ostype/unicosmk.m4
@@ -0,0 +1,22 @@
+divert(-1)
+#
+# Copyright (c) 2003 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+#
+
+divert(0)
+VERSIONID(`$Id: unicosmk.m4,v 1.1 2003/04/21 17:03:51 ca Exp $')
+define(`ALIAS_FILE', `/usr/lib/aliases')
+define(`HELP_FILE', `/usr/lib/sendmail.hf')
+define(`QUEUE_DIR', `/usr/spool/mqueue')
+define(`STATUS_FILE', `/usr/lib/sendmail.st')
+MODIFY_MAILER_FLAGS(`LOCAL' , `+aSPpmnxXu')
+MODIFY_MAILER_FLAGS(`SMTP', `+anpeLC')
+define(`LOCAL_SHELL_FLAGS', `lsDFMpxehuo')
+define(`confPID_FILE', `/etc/sendmail.pid')dnl
diff --git a/contrib/sendmail/cf/ostype/unicosmp.m4 b/contrib/sendmail/cf/ostype/unicosmp.m4
new file mode 100644
index 0000000..79543d2
--- /dev/null
+++ b/contrib/sendmail/cf/ostype/unicosmp.m4
@@ -0,0 +1,27 @@
+divert(-1)
+#
+# Copyright (c) 2003 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+#
+
+#
+# Notes:
+# - In UNICOSMP seems that TZ variable is needed that correct time is marked
+#   to syslog
+#
+
+divert(0)
+VERSIONID(`$Id: unicosmp.m4,v 1.1 2003/04/21 17:03:51 ca Exp $')
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `Ehm9')dnl
+ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `mail -s -d $u')')dnl
+ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /var/spool/mqueue)')dnl
+ifdef(`STATUS_FILE',, `define(`STATUS_FILE', `/var/log/sendmail.st')')dnl
+define(`LOCAL_MAILER_PATH', `/usr/bin/mail')dnl
+define(`confTIME_ZONE', USE_TZ)dnl
+define(`confEBINDIR', `/usr/lib')dnl
diff --git a/contrib/sendmail/cf/sendmail.schema b/contrib/sendmail/cf/sendmail.schema
index f167822..a532f8b 100644
--- a/contrib/sendmail/cf/sendmail.schema
+++ b/contrib/sendmail/cf/sendmail.schema
@@ -5,13 +5,12 @@
 # forth in the LICENSE file which can be found at the top level of
 # the sendmail distribution.
 #
-# $Id: sendmail.schema,v 8.19.2.1 2002/11/20 23:13:27 gshapiro Exp $
+# $Id: sendmail.schema,v 8.21 2002/11/20 23:13:50 gshapiro Exp $
 
 # Note that this schema is experimental at this point as it has had little
 # public review.  Therefore, it may change in future versions.  Feedback
 # via sendmail@sendmail.org is encouraged.
 
-
 # OID arcs for Sendmail
 # enterprise:		1.3.6.1.4.1
 # sendmail:		enterprise.6152
@@ -88,6 +87,19 @@ attributetype ( 1.3.6.1.4.1.6152.10.3.1.16
 	EQUALITY caseIgnoreMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
+# attribute sendmailMTAMapSearch cis
+attributetype ( 1.3.6.1.4.1.6152.10.3.1.24
+	NAME 'sendmailMTAMapSearch'
+	DESC 'recursive search for values of a map entry'
+	EQUALITY caseExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+# attribute sendmailMTAMapURL cis
+attributetype ( 1.3.6.1.4.1.6152.10.3.1.25
+	NAME 'sendmailMTAMapURL'
+	DESC 'recursive search URL for values of a map entry'
+	EQUALITY caseExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
 #objectClass sendmailMTAMap
 #	requires
@@ -110,18 +122,22 @@ objectclass ( 1.3.6.1.4.1.6152.10.3.2.11
 #		objectClass,
 #		sendmailMTAMapName,
 #		sendmailMTAKey,
-#		sendmailMTAMapValue,
 #	allows
 #		sendmailMTACluster,
 #		sendmailMTAHost,
+#		sendmailMTAMapValue,
+#		sendmailMTAMapSearch,
+#		sendmailMTAMapURL,
 #		Description
 
 objectclass ( 1.3.6.1.4.1.6152.10.3.2.12
 	NAME 'sendmailMTAMapObject'
 	SUP sendmailMTAMap STRUCTURAL
 	DESC 'Sendmail MTA map object'
-	MUST ( sendmailMTAMapName $ sendmailMTAKey $ sendmailMTAMapValue )
-	MAY ( sendmailMTACluster $ sendmailMTAHost $ Description ) )
+	MUST ( sendmailMTAMapName $ sendmailMTAKey )
+	MAY ( sendmailMTACluster $ sendmailMTAHost $ 
+		sendmailMTAMapValue $ sendmailMTAMapSearch $
+		sendmailMTAMapURL $ Description ) )
 
 
 ###########################################################################
@@ -145,6 +161,19 @@ attributetype ( 1.3.6.1.4.1.6152.10.3.1.20
 	EQUALITY caseIgnoreMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
+# attribute sendmailMTAAliasSearch cis
+attributetype ( 1.3.6.1.4.1.6152.10.3.1.26
+	NAME 'sendmailMTAAliasSearch'
+	DESC 'recursive search for values of an alias'
+	EQUALITY caseExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+# attribute sendmailMTAAliasURL cis
+attributetype ( 1.3.6.1.4.1.6152.10.3.1.27
+	NAME 'sendmailMTAAliasURL'
+	DESC 'recursive search URL for values of an alias'
+	EQUALITY caseExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
 #objectClass sendmailMTAAlias
 #	requires
@@ -166,20 +195,23 @@ objectclass ( 1.3.6.1.4.1.6152.10.3.2.13
 #	requires
 #		objectClass,
 #		sendmailMTAKey,
-#		sendmailMTAAliasValue,
 #	allows
 #		sendmailMTAAliasGrouping,
 #		sendmailMTACluster,
 #		sendmailMTAHost,
+#		sendmailMTAAliasValue,
+#		sendmailMTAAliasSearch,
+#		sendmailMTAAliasURL,
 #		Description
 
 objectclass ( 1.3.6.1.4.1.6152.10.3.2.14
 	NAME 'sendmailMTAAliasObject'
 	SUP sendmailMTAAlias STRUCTURAL
 	DESC 'Sendmail MTA alias object'
-	MUST ( sendmailMTAKey $ sendmailMTAAliasValue )
-	MAY ( sendmailMTAAliasGrouping $
-		sendmailMTACluster $ sendmailMTAHost $ Description ) )
+	MUST sendmailMTAKey
+	MAY ( sendmailMTAAliasGrouping $ sendmailMTACluster $
+		sendmailMTAHost $ sendmailMTAAliasValue $
+		sendmailMTAAliasSearch $ sendmailMTAAliasURL $ Description ) )
 
 ###########################################################################
 #
@@ -201,20 +233,37 @@ attributetype ( 1.3.6.1.4.1.6152.10.3.1.23
 	EQUALITY caseIgnoreMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
+# attribute sendmailMTAClassSearch cis
+attributetype ( 1.3.6.1.4.1.6152.10.3.1.28
+	NAME 'sendmailMTAClassSearch'
+	DESC 'recursive search for members of a class'
+	EQUALITY caseExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+# attribute sendmailMTAClassURL cis
+attributetype ( 1.3.6.1.4.1.6152.10.3.1.29
+	NAME 'sendmailMTAClassURL'
+	DESC 'recursive search URL for members of a class'
+	EQUALITY caseExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
 #objectClass sendmailMTAClass
 #	requires
 #		objectClass,
 #		sendmailMTAClassName,
-#		sendmailMTAClassValue,
 #	allows
 #		sendmailMTACluster,
 #		sendmailMTAHost,
+#		sendmailMTAClassValue,
+#		sendmailMTAClassSearch,
+#		sendmailMTAClassURL,
 #		Description
 
 objectclass ( 1.3.6.1.4.1.6152.10.3.2.15
 	NAME 'sendmailMTAClass'
 	SUP sendmailMTA STRUCTURAL
 	DESC 'Sendmail MTA class definition'
-	MUST ( sendmailMTAClassName $ sendmailMTAClassValue )
-	MAY ( sendmailMTACluster $ sendmailMTAHost $ Description ) )
+	MUST sendmailMTAClassName
+	MAY ( sendmailMTACluster $ sendmailMTAHost $
+		sendmailMTAClassValue $ sendmailMTAClassSearch $
+		sendmailMTAClassURL $ Description ) )
author	gshapiro <gshapiro@FreeBSD.org>	2004-08-01 01:04:57 +0000
committer	gshapiro <gshapiro@FreeBSD.org>	2004-08-01 01:04:57 +0000
commit	1fc446a819a244515d9461fa50d34ee191414d6f (patch)
tree	f6477ae85b00ee6d58b086b0d1d597dd9a403391 /contrib/sendmail/cf
parent	238623a0204c90e8d61dbde7b3b499a5036f2e5d (diff)
download	FreeBSD-src-1fc446a819a244515d9461fa50d34ee191414d6f.zip FreeBSD-src-1fc446a819a244515d9461fa50d34ee191414d6f.tar.gz