Import of sendmail version 8.11.0 into vendor branch SENDMAIL with

release tag v8_11_0.

Obtained from: ftp://ftp.sendmail.org/pub/sendmail/

1 files changed, 310 insertions, 152 deletions

diff --git a/contrib/sendmail/src/README b/contrib/sendmail/src/README
index 7106e8c..0f9285c 100644
--- a/contrib/sendmail/src/README
+++ b/contrib/sendmail/src/README
@@ -1,4 +1,5 @@
-# Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+#	All rights reserved.
 # Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988
 #	The Regents of the University of California.  All rights reserved.
@@ -8,7 +9,7 @@
 # the sendmail distribution.
 #
 #
-#	@(#)README	8.211 (Berkeley) 2/2/1999
+#	$Id: README,v 8.263.2.1.2.19 2000/07/15 17:35:18 gshapiro Exp $
 #
 
 This directory contains the source files for sendmail(TM).
@@ -16,7 +17,7 @@ This directory contains the source files for sendmail(TM).
 *********************
 !! DO NOT USE MAKE !!  in this directory to compile sendmail --
 *********************  instead, use the "Build" script located in
-the src directory.  It will build an appropriate Makefile, and
+the sendmail directory.  It will build an appropriate Makefile, and
 create an appropriate obj.* subdirectory so that multiplatform
 support works easily.
 
@@ -70,7 +71,7 @@ confLIBS	-l flags for selecting libraries during linking
 confLDOPTS	other ld(1) linker options
 
 Others can be found by examining Makefile.m4.  Please read
-../BuildTools/README for more information about the site.config.m4
+../devtools/README for more information about the site.config.m4
 file.
 
 You can recompile from scratch using the -c flag with the Build
@@ -78,7 +79,7 @@ command.  This removes the existing compilation directory for the
 current platform and builds a new one.
 
 Porting to a new Unix-based system should be a matter of creating
-an appropriate configuration file in the BuildTools/OS/ directory.
+an appropriate configuration file in the devtools/OS/ directory.
 
 
 
@@ -103,7 +104,7 @@ NEWDB		The new Berkeley DB package.  Some systems (e.g., BSD/OS and
 		running BSD/386 1.x, you will need to upgrade the included
 		Berkeley DB library to a current version.  NEWDB is included
 		automatically if the Build script can find a library named
-		libdb.a.
+		libdb.a or libdb.so.
 NDBM		The older NDBM implementation -- the very old V7 DBM
 		implementation is no longer supported.
 NIS		Network Information Services.  To use this you must have
@@ -114,13 +115,16 @@ HESIOD		Support for Hesiod (from the DEC/Athena distribution).  You
 		must already have Hesiod support on your system for this to
 		work.  You may be able to get this to work with the MIT/Athena
 		version of Hesiod, but that's likely to be a lot of work.
-LDAPMAP		Lightweight Directory Lookup Protocol support.  You will
-		have to install the UMich or OpenLDAP ldap and lber
-		libraries to use this flag.
+LDAPMAP		Lightweight Directory Access Protocol support.  You will
+		have to install the UMich or OpenLDAP
+		(http://www.openldap.org/) ldap and lber libraries to use
+		this flag.
 MAP_REGEX	Regular Expression support.  You will need to use an
 		operating system which comes with the POSIX regex()
 		routines or install a regexp library such as libregex from
 		the Free Software Foundation.
+PH_MAP		PH map support.  You will need the qi PH package.
+MAP_NSD		nsd map support (IRIX 6.5 and later).
 
 >>>  NOTE WELL for NEWDB support: If you want to get ndbm support, for
 >>>  Berkeley DB versions under 2.0, it is CRITICAL that you remove
@@ -182,7 +186,7 @@ Wherever possible, I try to make sendmail pull in the correct
 compilation options needed to compile on various environments based on
 automatically defined symbols.  Some machines don't seem to have useful
 symbols available, requiring that a compilation flag be defined in
-the Makefile; see the Buildtools/OS subdirectory for the supported
+the Makefile; see the devtools/OS subdirectory for the supported
 architectures.
 
 If you are a system to which sendmail has already been ported you
@@ -199,6 +203,8 @@ SYS5SIGNALS	Use System V signal semantics -- the signal handler
 SYS5SETPGRP	Use System V setpgrp() semantics.  Implied by SYSTEM5.
 HASFCHMOD	Define this to one if you have the fchmod(2) system call.
 		This improves security.
+HASFCHOWN	Define this to one if you have the fchown(2) system call.
+		This is required for the TrustedUser option.
 HASFLOCK	Set this if you prefer to use the flock(2) system call
 		rather than using fcntl-based locking.  Fcntl locking
 		has some semantic gotchas, but many vendor systems
@@ -260,7 +266,10 @@ HASGETDTABLESIZE
 		Define this if you have the getdtablesize(2) syscall.
 HAS_ST_GEN	Define this to 1 if your system has the st_gen field in
 		the stat structure (see stat(2)).
-USESTRERROR	Define this if you have the libc strerror function (which
+HASSRANDOMDEV	Define this if your system has the srandomdev(3) function
+		call.
+HASURANDOMDEV	Define this if your system has /dev/urandom(4).
+HASSTRERROR	Define this if you have the libc strerror(3) function (which
 		should be declared in <errno.h>), and it should be used
 		instead of sys_errlist.
 NEEDGETOPT	Define this if you need a reimplementation of getopt(3).
@@ -439,8 +448,17 @@ SIOCGIFNUM_IS_BROKEN
 NEED_PERCENTQ	Set this if your system doesn't support the printf
 		format strings %lld or %llu.  If this is set, %qd and
 		%qu are used instead.
-
-
+FAST_PID_RECYCLE
+		Set this if your system can reuse the same PID in the same
+		second.
+SO_REUSEADDR_IS_BROKEN
+		Set this if your system has a setsockopt() SO_REUSEADDR
+		flag but doesn't pay attention to it when trying to bind a
+		socket to a recently closed port.
+SNPRINTF_IS_BROKEN
+		Set this if your system has an snprintf() implementation
+		which does not NUL terminate the string being filled in.
+		Use test/t_snprintf.c to test your system.
 
 +-----------------------+
 | COMPILE-TIME FEATURES |
@@ -468,6 +486,9 @@ HESIOD		Define this to get Hesiod support for aliases and maps.
 		Normally defined in the Makefile.
 NETINFO		Define this to get NeXT NetInfo support for aliases and maps.
 		Normally defined in the Makefile.
+LDAPMAP		Define this to get LDAP support for maps.
+PH_MAP		Define this to get PH support for maps.
+MAP_NSD		Define this to get nsd support for maps.
 USERDB		Define this to 1 to include support for the User Information
 		Database.  Implied by NEWDB or HESIOD.  You can use
 		-DUSERDB=0 to explicitly turn it off.
@@ -477,7 +498,7 @@ IDENTPROTO	Define this as 1 to get IDENT (RFC 1413) protocol support.
 		implementation.  You can define it to be 0 to explicitly
 		turn off IDENT protocol support.  If defined off, the code
 		is actually still compiled in, but it defaults off; you
-		can turn it on by setting the IDENT timeout to 30s in the
+		can turn it on by setting the IDENT timeout in the
 		configuration file.
 IP_SRCROUTE	Define this to 1 to get IP source routing information
 		displayed in the Received: header.  This is assumed on
@@ -493,10 +514,16 @@ LOG		Set this to get syslog(3) support.  Defined by default
 		in conf.h.  You want this if at all possible.
 NETINET		Set this to get TCP/IP support.  Defined by default
 		in conf.h.  You probably want this.
+NETINET6	Set this to get IPv6 support.  Other configuration may
+		be needed in conf.h for your particular operating system.
+		Also, DaemonPortOptions must be set appropriately for
+		sendmail to accept IPv6 connections.
 NETISO		Define this to get ISO networking support.
 NETUNIX		Define this to get Unix domain networking support.  Defined
 		by default.  A few bizarre systems (SCO, ISC, Altos) don't
 		support this networking domain.
+NETNS		Define this to get NS networking support.
+NETX25		Define this to get X.25 networking support.
 SMTP		Define this to get the SMTP code.  Implied by NETINET
 		or NETISO.
 NAMED_BIND	If non-zero, include DNS (name daemon) support, including
@@ -536,6 +563,37 @@ SHARE_V1	Support for the fair share scheduler, version 1.  Setting to
 		1 causes final delivery to be done using the recipients
 		resource limitations.  So far as I know, this is only
 		supported on ConvexOS.
+SASL		Enables SMTP AUTH (RFC 2554). This requires the Cyrus SASL
+		library (ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/).  Please
+		install at least version 1.5.13.  See below for further
+		information: SASL COMPILATION AND CONFIGURATION.  If your
+		SASL library is older than 1.5.10, you have to set this
+		to its version number using a simple conversion:  a.b.c
+		-> c + b*100 + a*10000, e.g. for 1.5.9 define SASL=10509.
+		Note: Using an older version than 1.5.5 of Cyrus SASL is
+		not supported. Starting with version 1.5.10, setting SASL=1
+		is sufficient. Any value other than 1 (or 0) will be
+		compared with the actual version found and if there is a
+		mismatch, compilation will fail.
+EGD		Define this if your system has EGD installed, see
+		http://www.lothar.com/tech/crypto/ . It should be used to
+		seed the PRNG for STARTTLS if HASURANDOMDEV is not defined.
+STARTTLS	Enables SMTP STARTTLS (RFC 2487). This requires OpenSSL
+		(http://www.OpenSSL.org/) and sfio (see below).
+		See STARTTLS COMPILATION AND CONFIGURATION for further
+		information.
+TLS_NO_RSA	Turn off support for RSA algorithms in STARTTLS.
+SFIO		Uses sfio instead of stdio. sfio is available from AT&T
+		(http://www.research.att.com/sw/tools/sfio/).  If this
+		compile flag is set, confSTDIO_TYPE must be set to portable.
+		This compile flag is necessary for STARTTLS; it also
+		enables the security layer of SASL.  The sfio include file
+		stdio.h must be installed in a subdirectory called sfio,
+		i.e., if you install sfio in /usr/local, stdio.h should
+		be in /usr/local/include/sfio, and libsfio.a should be in
+		/usr/local/lib.  Notice: you may run into problems if
+		you use sfio2000 (the body of a message is lost).  Use
+		sfio1999 instead.
 
 
 +---------------------+
@@ -570,6 +628,70 @@ wildcard MX records that match your domain.  ANYTHING ELSE WILL GIVE
 YOU HEADACHES!
 
 
++----------------------------------------+
+| STARTTLS COMPILATION AND CONFIGURATION |
++----------------------------------------+
+
+Please read the docs accompanying the OpenSSL library and sfio.
+You have to compile and install both libraries before you can compile
+sendmail.  See devtools/README how to set the correct compile time
+parameters; you should at least set the following variables:
+
+define(`confSTDIO_TYPE', `portable')
+APPENDDEF(`confENVDEF', `-DSFIO')
+APPENDDEF(`confLIBS', `-lsfio')
+APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS')
+APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')
+
+Configuration information can be found in doc/op/op.me (required
+certificates) and cf/README (how to tell sendmail about certificates).
+
+To perform an initial test, connect to your sendmail daemon
+(telnet localhost 25) and issue a EHLO localhost and see whether
+250-STARTTLS
+is in the response.  If it isn't, run the daemon with
+-O LogLevel=14
+and try again.  Then take a look at the logfile and see whether
+there are any problems listed about permissions (unsafe files)
+or the validity of X.509 certificates.
+
+Note: sfio must be used in all libraries with which sendmail exchanges
+file pointers. That is, libsmutil must be compiled with sfio, which
+is accomplished by the above config parameters. Another example is
+PH map support.  This does not apply to the usual libraries, e.g.,
+OpenSSL, Berkeley DB, Cyrus SASL.
+
+Further information can be found via:
+http://www.sendmail.org/tips/
+
+
++------------------------------------+
+| SASL COMPILATION AND CONFIGURATION |
++------------------------------------+
+
+Please read the docs accompanying the library (INSTALL and README).
+If you use Berkeley DB for Cyrus SASL then you must compile sendmail
+with the same version of Berkeley DB.
+
+You have to select and install authentication mechanisms and tell
+sendmail where to find the sasl library and the include files (see
+devtools/README for the parameters to set). Setup the required
+users and passwords as explained in the SASL documentation.  See
+also cf/README for authentication related options (esp. DefaultAuthInfo
+if you want authentication between MTAs).
+
+To perform an initial test, connect to your sendmail daemon
+(telnet localhost 25) and issue a EHLO localhost and see whether
+250-AUTH ....
+is in the response.  If it isn't, run the daemon with
+-O LogLevel=14
+and try again.  Then take a look at the logfile and see whether
+there are any security related problems listed (unsafe files).
+
+Further information can be found via:
+http://www.sendmail.org/tips/
+
+
 +-------------------------------------+
 | OPERATING SYSTEM AND COMPILE QUIRKS |
 +-------------------------------------+
@@ -609,7 +731,7 @@ Configuration file location
 	Up to 8.6, sendmail tried to find the sendmail.cf file in the same
 	place as the vendors had put it, even when this was obviously
 	stupid.  As of 8.7, sendmail ALWAYS looks for /etc/sendmail.cf.
-	Beginning with 8.10, sendmail will use /etc/mail/sendmail.cf.
+	Beginning with 8.10, sendmail uses /etc/mail/sendmail.cf.
 	You can get sendmail to use the stupid vendor .cf location by
 	adding -DUSE_VENDOR_CF_PATH during compilation, but this may break
 	support programs and scripts that need to find sendmail.cf.  You
@@ -617,6 +739,22 @@ Configuration file location
 	vendor location rather than changing the location in the sendmail
 	binary.
 
+	NETINFO systems use NETINFO to determine the location of
+	sendmail.cf. The full path to sendmail.cf is stored as the value of
+	the "sendmail.cf" property in the "/locations/sendmail"
+	subdirectory of NETINFO. Set the value of this property to
+	"/etc/mail/sendmail.cf" (without the quotes) to use this new
+	default location for Sendmail 8.10.0 and higher.
+
+ControlSocket permissions
+	Paraphrased from BIND 8.2.1's README:
+
+	Solaris and other pre-4.4BSD kernels do not respect ownership or
+	protections on UNIX-domain sockets.  The short term fix for this is to
+	override the default path and put such control sockets into root-
+	owned directories which do not permit non-root to r/w/x through them.
+	The long term fix is for all kernels to upgrade to 4.4BSD semantics.
+
 SunOS 4.x (Solaris 1.x)
 	You may have to use -lresolv on SunOS.  However, beware that
 	this links in a new version of gethostbyname that does not
@@ -647,6 +785,11 @@ SunOS 4.x (Solaris 1.x)
 	and it should work.  This info is thanks to Brian Bartholomew
 	<bb@math.ufl.edu> of I-Kinetics, Inc.
 
+	NOTE: The SunOS 4.X linker uses library paths specified during
+	compilation using -L for run-time shared library searches.
+	Therefore, it is vital that relative and unsafe directory paths not
+	be used when compiling sendmail.
+
 SunOS 4.0.2 (Sun 386i)
 	Date: Fri, 25 Aug 1995 11:13:58 +0200 (MET DST)
 	From: teus@oce.nl
@@ -656,7 +799,7 @@ SunOS 4.0.2 (Sun 386i)
 	* Don't use /usr/5bin in your PATH, but make /usr/5bin/uname
 	  available as "uname" command.
 	* Use the defines "-DBSD4_3 -DNAMED_BIND=0" in
-	  BuildTools/OS/SunOS.4.0, which is selected via the "uname" command.
+	  devtools/OS/SunOS.4.0, which is selected via the "uname" command.
 	I recommend to make available the db-library on the system first
 	(and change the Makefile to use this library).
 	Note that the sendmail.cf and aliases files are found in /etc.
@@ -688,44 +831,6 @@ Solaris 2.x (SunOS 5.x)
 	make sure /opt/SUNWspro/bin/cc is used instead of /usr/ucb/cc
 	(or it might complain about tm_zone).
 
-	To the best of my knowledge, Solaris does not have the
-	gethostbyname problem described above.  However, it does
-	have another one:
-
-	From a correspondent:
-
-	   For solaris 2.2, I have
-
-		hosts:      files dns
-
-	   in /etc/nsswitch.conf and /etc/hosts has to have the fully
-	   qualified host name. I think "files" has to be before "dns"
-	   in /etc/nsswitch.conf during bootup.
-
-	From another correspondent:
-
-	   When running sendmail under Solaris, the gethostbyname()
-	   hack in conf.c which should perform proper canonicalization
-	   of host names could fail.  Result: the host name is not
-	   canonicalized despite the hack, and you'll have to define $j
-	   and $m in sendmail.cf somewhere.
-
-	   The reason could be that /etc/nsswitch.conf is improperly
-	   configured (at least from sendmail's point of view).  For
-	   example, the line
-
-		hosts:      files nisplus dns
-
-	   will make gethostbyname() look in /etc/hosts first, then ask
-	   nisplus, then dns.  However, if /etc/hosts does not contain
-	   the full canonicalized hostname, then no amount of
-	   gethostbyname()s will work.
-
-	   Solution (or rather, a workaround): Ask nisplus first, then
-	   dns, then local files:
-
-		hosts:      nisplus dns [NOTFOUND=return] files
-
 	The Solaris "syslog" function is apparently limited to something
 	about 90 characters because of a kernel limitation.  If you have
 	source code, you can probably up this number.  You can get patches
@@ -777,12 +882,6 @@ Solaris 2.4 (SunOS 5.4)
 	>>
 	>> here, path 2 would be the first used.
 
-Solaris 2.6 (SunOS 5.6)
-	If you built sendmail 8.8.1 through 8.8.4 inclusive on a Solaris 2.5
-	system, that binary will not run on Solaris 2.6, due to problems with
-	incompatible snprintf(3s) calls.  This problem is fixed in sendmail
-	8.8.5.
-
 Solaris 2.5.1 (SunOS 5.5.1) and 2.6 (SunOS 5.6)
 	Apparently Solaris 2.5.1 patch 103663-01 installs a new
 	/usr/include/resolv.h file that defines the __P macro without
@@ -803,19 +902,43 @@ Solaris 2.5.1 (SunOS 5.5.1) and 2.6 (SunOS 5.6)
 	Sun is aware of the problem (Sun bug ID 4081053) and it will be fixed
 	in Solaris 2.7.
 
+Solaris 7 (SunOS 5.7)
+	Solaris 7 includes LDAP libraries but the implementation was
+	lacking a few things.  The following settings can be placed in
+	devtools/Site/site.SunOS.5.7.m4 if you plan on using those
+	libraries.
+
+	APPENDDEF(`confMAPDEF', `-DLDAPMAP')
+	APPENDDEF(`confENVDEF', `-DLDAP_VERSION_MAX=3')
+	APPENDDEF(`confLIBS', `-lldap')
+
+	Also, Sun's patch 107555 is needed to prevent a crash in the call
+	to ldap_set_option for LDAP_OPT_REFERRALS in ldapmap_setopts if
+	LDAP support is compiled in sendmail.
+
 Ultrix
 	By default, the IDENT protocol is turned off on Ultrix.  If you
 	are running Ultrix 4.4 or later, or if you have included patch
 	CXO-8919 for Ultrix 4.2 or 4.3 to fix the TCP problem, you can turn
-	IDENT on in the configuration file by setting the "ident" timeout
-	to 30 seconds.
+	IDENT on in the configuration file by setting the "ident" timeout.
+
+	The Ultrix 4.5 Y2K patch (ULTV45-022-1) has changed the resolver
+	included in libc.a.  Unfortunately, the __RES symbol hasn't changed
+	and therefore, sendmail can no longer automatically detect the
+	newer version.  If you get a compiler error:
+
+	/lib/libc.a(gethostent.o): local_hostname_length: multiply defined
+
+	Then rebuild with this in devtools/Site/site.ULTRIX.m4:
+
+	APPENDDEF(`conf_sendmail_ENVDEF', `-DNEEDLOCAL_HOSTNAME_LENGTH=0')
 
 Digital UNIX (formerly DEC OSF/1)
 	If you are compiling on OSF/1 (DEC Alpha), you must use
 	-L/usr/shlib (otherwise it core dumps on startup).  You may also
 	need -mld to get the nlist() function, although some versions
 	apparently don't need this.
-	
+
 	Also, the enclosed makefile removed /usr/sbin/smtpd; if you need
 	it, just create the link to the sendmail binary.
 
@@ -886,13 +1009,13 @@ IRIX
 	http://reality.sgi.com/ariel/freeware/#db .
 
 IRIX 6.x
-	It is important that on IRIX 6.x you give used ABI in command
-	line of Build, otherwise configuration script does not work
-	correctly, e.g.,
-
-		sh Build -E ABI=-n32
+	If you are using XFS filesystem, avoid using the -32 ABI switch to
+	the cc compiler if possible.
 
-	If you are using XFS filesystem, avoid using ABI=-32 if possible.
+IRIX 6.4
+	The IRIX 6.5.4 version of /bin/m4 does not work properly with
+	sendmail.  Either install fw_m4.sw.m4 off the Freeware_May99 CD and
+	use /usr/freeware/bin/m4 or install and use GNU m4.
 
 NeXT or NEXTSTEP
 	NEXTSTEP 3.3 and earlier ship with the old DBM library.  Also,
@@ -904,7 +1027,7 @@ NeXT or NEXTSTEP
 		#include <sys/dir.h>
 		#define dirent	direct
 
-	(BuildTools/OS/NeXT should try to do both of these for you.)
+	(devtools/OS/NeXT should try to do both of these for you.)
 
 	Apparently, there is a bug in getservbyname on Nextstep 3.0
 	that causes it to fail under some circumstances with the
@@ -915,8 +1038,6 @@ NeXT or NEXTSTEP
 
 	in your .cf file.
 
-	You may have to use -DNeXT.
-
 BSDI (BSD/386) 1.0, NetBSD 0.9, FreeBSD 1.0
 	The "m4" from BSDI won't handle the config files properly.
 	I haven't had a chance to test this myself.
@@ -926,18 +1047,18 @@ BSDI (BSD/386) 1.0, NetBSD 0.9, FreeBSD 1.0
 	recently posted in comp.os.386bsd.bugs (and maybe others).
 	NetBSD-current includes the PD-M4 (as stated in the NetBSD file
 	CHANGES).
-	
+
 	FreeBSD 1.0 RELEASE has uname(2) now. Use -DUSEUNAME in order to
-	use it (look into BuildTools/OS/FreeBSD). NetBSD-current may have
+	use it (look into devtools/OS/FreeBSD). NetBSD-current may have
 	it too but it has not been verified.
 
 	The latest version of Berkeley DB uses a different naming
 	scheme than the version that is supplied with your release.  This
 	means you will be able to use the current version of Berkeley DB
 	with sendmail as long you use the new db.h when compiling
-	sendmail and link it against the new libdb.a.  You should probably
-	keep the original db.h in /usr/include and the new db.h in
-	/usr/local/include.
+	sendmail and link it against the new libdb.a or libdb.so.  You
+	should probably keep the original db.h in /usr/include and the
+	new db.h in /usr/local/include.
 
 4.3BSD
 	If you are running a "virgin" version of 4.3BSD, you'll have
@@ -949,7 +1070,7 @@ BSDI (BSD/386) 1.0, NetBSD 0.9, FreeBSD 1.0
 	determined to continue to use your old, buggy version (or as
 	a shortcut to get sendmail working -- I'm sure you have the
 	best intentions to port a modern version of BIND), you can
-	copy ../contrib/oldbind.compat.c into src and add
+	copy ../contrib/oldbind.compat.c into sendmail and add
 	oldbind.compat.o to OBJADD in the Makefile.
 
 A/UX
@@ -994,7 +1115,7 @@ SCO Unix
 	/etc/named.boot.
 		- sigh -
 
-	According to SCO, the m4 which ships with UnixWare 2.1.2 is broken.	
+	According to SCO, the m4 which ships with UnixWare 2.1.2 is broken.
 	We recommend installing GNU m4 before attempting to build sendmail.
 
 DG/UX
@@ -1016,7 +1137,7 @@ Apollo DomainOS
 		#include <sys/dir.h>
 		#define dirent	direct
 
-	(BuildTools/OS/DomainOS will attempt to do both of these for you.)
+	(devtools/OS/DomainOS will attempt to do both of these for you.)
 
 HP-UX 8.00
 	Date: Mon, 24 Jan 1994 13:25:45 +0200
@@ -1084,6 +1205,46 @@ Linux
 	implementation in the Linux 2.2.0 kernel and poll()-aware versions
 	of glib (at least up to 2.0.111).
 
+	Some pre-glibc distributions of Linux include a syslog.h that does
+	not work properly with SFIO.  You can fix this by adding
+	"#include <syslog.h>" to the SFIO version of stdio.h as the very
+	first line.
+
+AIX 4.X
+	The AIX 4.X linker uses library paths specified during compilation
+	using -L for run-time shared library searches.  Therefore, it is
+	vital that relative and unsafe directory paths not be using when
+	compiling sendmail.  Because of this danger, by default, compiles
+	on AIX use the -blibpath option to limit shared libraries to
+	/usr/lib and /lib.  If you need to allow more directories, such as
+	/usr/local/lib, modify your devtools/Site/site.AIX.4.2.m4,
+	site.AIX.4.3.m4, and/or site.AIX.4.x.m4 file(s) and set confLDOPTS
+	approriately.  For example:
+
+	define(`confLDOPTS', `-blibpath:/usr/lib:/lib:/usr/local/lib')
+
+	Be sure to only add (safe) system directories.
+
+	The AIX version of GNU ld also exhibits this problem.  If you are
+	using that version, instead of -blibpath, use its -rpath option.
+	For example:
+
+	gcc -Wl,-rpath /usr/lib -Wl,-rpath /lib -Wl,-rpath /usr/local/lib
+
+AIX 4.3.3
+	From: Valdis.Kletnieks@vt.edu
+	Date: Sun, 02 Jul 2000 03:58:02 -0400
+
+	Under AIX 4.3.3, after applying bos.adt.include 4.3.3.12 to close the
+	BIND 8.2.2 security holes, you can no lonber build with  -DNETINET6
+	because they changed the value of __RES in resolv.h but failed to
+	actually provide the API changes that the change implied.
+
+	Workarounds:
+	1) Compile without -DNETINET6
+	2) Build against a real Bind 8.2.2 include/lib tree
+	3) Wait for IBM to fix it
+
 AIX 4.2
 	The AIX m4 implements a different mechanism for ifdef which is
 	inconsistent with other versions of m4.  Therefore, it will not
@@ -1113,7 +1274,7 @@ AIX 2.2.1
 	Date: Mon Dec  4 14:14:56 CST 1995
 	From: Mark Whetzel <markw@antimatr.houston.tx.us>
 	Subject: Porting sendmail 8.7.2 to AIX V2 on the RT.
-	
+
 	This version of sendmail does not support MB, MG, and MR resource
 	records, which are supported by AIX sendmail.
 
@@ -1140,28 +1301,24 @@ AIX 2.2.1
 	that will return that information.  The 'LA_SUBR' define
 	will handle this for AIX V2 on the RT.
 
-	Note: You will have to change BuildTools/OS/AIX.2 to correctly
+	Note: You will have to change devtools/OS/AIX.2 to correctly
 	point to the locatons of the updated BIND source tree and
 	the location of the 'newdb' tree and library location.
-	You will also have to change BuildTools/OS/AIX.2 to know
+	You will also have to change devtools/OS/AIX.2 to know
 	about the location of the 'getloadavg' routine if you use
 	the LA_SUBR define.
 
-	
-	Manual pages will format correctly if given the mandoc macros
-	and used with nroff.  I have not tried groff.
-
 RISC/os
 	RISC/os from MIPS is a merged AT&T/Berkeley system.  When you
 	compile on that platform you will get duplicate definitions
 	on many files.  You can ignore these.
 
 System V Release 4 Based Systems
-	There is a single BuildTools OS that is intended for all SVR4-based
-	systems (built from BuildTools/OS/SVR4).  It defines __svr4__,
+	There is a single devtools OS that is intended for all SVR4-based
+	systems (built from devtools/OS/SVR4).  It defines __svr4__,
 	which is predefined by some compilers.  If your compiler already
 	defines this compile variable, you can delete the definition from
-	the generated Makefile or create a BuildTools/Site/site.config.m4
+	the generated Makefile or create a devtools/Site/site.config.m4
 	file.
 
 	It's been tested on Dell Issue 2.2.
@@ -1234,11 +1391,11 @@ UnixWare
 	According to Larry Rosenman <ler@lerami.lerctr.org>:
 
 		UnixWare 2.1.[23]'s m4 chokes (not obviously) when
-		processing the 8.9.0 cf files. 
- 
+		processing the 8.9.0 cf files.
+
 		I had a LOCAL_RULE_0 that wound up AFTER the
 		SBasic_check_rcpt rules using the SCO supplied M4.
-		GNU M4 works fine. 
+		GNU M4 works fine.
 
 UNICOS 8.0.3.4
 	Some people have reported that the -O flag on UNICOS can cause
@@ -1262,6 +1419,20 @@ BIND 4.9.2 and Ultrix
 
 	during the link stage.
 
+BIND 8.X
+	BIND 8.X returns HOST_NOT_FOUND instead of TRY_AGAIN on temporary
+	DNS failures when trying to find the hostname associated with an IP
+	address (gethostbyaddr()).  This can cause problems as
+	$&{client_name} based lookups in class R ($=R) and the access
+	database won't succeed.
+
+	This will be fixed in BIND 8.2.1.  For earlier versions, this can
+	be fixed by making "dns" the last name service queried for host
+	resolution in /etc/irs.conf:
+
+		hosts local continue
+		hosts dns
+
 strtoul
 	Some compilers (notably gcc) claim to be ANSI C but do not
 	include the ANSI-required routine "strtoul".  If your compiler
@@ -1290,39 +1461,16 @@ Listproc 6.0c
 	cause it to use "HELO hostname" (which Z-mail apparently requires
 	as well. :)
 
-LDAP
-	LDAP was provided by Booker Bense <bbense+ldap@stanford.edu> of
-	Stanford University.  From Booker:
-
-	  - The patch attached to this message implements an Ldap map class.
-	    Currently we are using this at stanford to support campus-wide
-	    email addressing. More information can be found at
-	    http://www.stanford.edu/~bbense/Inst.html.
-
-	  - Currently we are using the ldap map as follows:
-
-		Kluser ldapx
-		    -h"localhost borax.stanford.edu borate.stanford.edu boron.stanford.edu"
-		    -k"mailacceptinggeneralid=%s" -v maildrop
+OpenSSL
+	OpenSSL versions prior to 0.9.6 use a macro named Free which
+	conflicts with existing macro names on some platforms, such as
+	AIX.
 
-	    and in Rule set S5
-
-		# Now attempt to lookup in luser (ldap map)
-		R< $L > $+		$: < $L > $( luser $1 $)
-		R< $*  > $+ @ $+	$: < $3 > $2		Rewrite if forward
-
-	  - The map definition supports most of the standard Map args plus most
-	    of the command line options of ldapsearch. The software is currently
-	    limited to only accepting the first entry returned. It expects that
-	    the map defines an ldap filter that returns at most 1 valid entry.
-	    It requires the ldap and lber libraries from the Umich Ldap3.2
-	    release.
-
-	    The software has been in production on Solaris.2.5.1 at Stanford
-	    for over 2 years.
-
-	The LDAP map supports both the UMich LDAP 3.2 and 3.3 libraries as
-	well as the OpenLDAP (http://www.openldap.org/) libraries.
+PH
+	PH support is provided by Mark Roth <roth@uiuc.edu>.  The map is
+	described at http://www-wsg.cso.uiuc.edu/sendmail/patches/ .
+	Please contact Mark Roth for support and questions regarding the
+	map.
 
 TCP Wrappers
 	If you are using -DTCPWRAPPERS to get TCP Wrappers support you will
@@ -1331,9 +1479,7 @@ TCP Wrappers
 	(make sure that INCDIRS and LIBDIRS point to where the tcpd.h and
 	libwrap.a can be found).
 
-	TCP Wrappers is available on ftp.win.tue.nl in /pub/security;
-	grab tcp_wrappers_<VER>.tar.gz (where <VER> is the highest
-	numbered version).
+	TCP Wrappers is available at ftp://ftp.porcupine.org/pub/security/.
 
 	If you have alternate MX sites for your site, be sure that all of
 	your MX sites reject the same set of hosts.  If not, a bad guy whom
@@ -1347,28 +1493,24 @@ Regular Expressions (MAP_REGEX)
 
 	or sendmail gives an error about a regular expression with:
 
-		pattern-compile-error: : Operation not applicable 
+		pattern-compile-error: : Operation not applicable
 
 	Your libc does not include a running version of POSIX-regex. Use
-	librx or regex.o from the GNU Free Software Foundation,  
-	ftp://ftp.gnu.org/pub/gnu/rx-?.?.tar.gz or 
-	ftp://ftp.gnu.org/pub/gnu/regex-?.?.tar.gz. 
-	You can also use the regex-lib by Henry Spencer, 
-	ftp://ftp.funet.fi/pub/languages/C/spencer/regex.shar.gz  
-	Make sure, your compiler reads regex.h from the distribution,  
-	not from /usr/include, otherwise sendmail will dump a core. 
+	librx or regex.o from the GNU Free Software Foundation,
+	ftp://ftp.gnu.org/pub/gnu/rx-?.?.tar.gz or
+	ftp://ftp.gnu.org/pub/gnu/regex-?.?.tar.gz.
+	You can also use the regex-lib by Henry Spencer,
+	ftp://ftp.funet.fi/pub/languages/C/spencer/regex.shar.gz
+	Make sure, your compiler reads regex.h from the distribution,
+	not from /usr/include, otherwise sendmail will dump a core.
 
 
 +--------------+
 | MANUAL PAGES |
 +--------------+
 
-The manual pages have been written against the -mandoc macros
-instead of the -man macros.  The latest version of groff has them
-included.  You can also get a copy from FTP.UU.NET in the directory
-/systems/unix/bsd-sources/share/tmac.  groff is available from
-ftp.gnu.org in the /pub/gnu directory.
-
+The manual pages have been written against the -man macros, and
+should format correctly with any reasonable *roff.
 
 +-----------------+
 | DEBUGGING HOOKS |
@@ -1402,13 +1544,22 @@ A typical formulation of ruleset 89 would be:
 
 The following list describes the files in this directory:
 
+Build		Shell script for building sendmail.
+Makefile	A convenience for calling ./Build.
 Makefile.m4	A template for constructing a makefile based on the
-		information in the BuildTools directory.
+		information in the devtools directory.
 README		This file.
 TRACEFLAGS	My own personal list of the trace flags -- not guaranteed
 		to be particularly up to date.
 alias.c		Does name aliasing in all forms.
+aliases.5	Man page describing the format of the aliases file.
 arpadate.c	A subroutine which creates ARPANET standard dates.
+bf.h		Buffered file I/O function declarations.
+bf_portable.c	Stub routines for systems lacking the Torek stdio library.
+bf_portable.h	Data structure and function declarations for bf_portable.c.
+bf_torek.c	Routines to implement memory-buffered file system using
+		hooks provided by Torek stdio library.
+bf_torek.h	Data structure and function declarations for bf_torek.c.
 clock.c		Routines to implement real-time oriented functions
 		in sendmail -- e.g., timeouts.
 collect.c	The routine that actually reads the mail into a temp
@@ -1425,40 +1576,47 @@ daemon.c	Routines to implement daemon mode.  This version is
 deliver.c	Routines to deliver mail.
 domain.c	Routines that interface with DNS (the Domain Name
 		System).
-err.c		Routines to print error messages.
 envelope.c	Routines to manipulate the envelope structure.
+err.c		Routines to print error messages.
 headers.c	Routines to process message headers.
+helpfile	An example helpfile for the SMTP HELP command and -bt mode.
 macro.c		The macro expander.  This is used internally to
 		insert information from the configuration file.
+mailq.1		Man page for the mailq command.
 main.c		The main routine to sendmail.  This file also
 		contains some miscellaneous routines.
+makesendmail	A convenience for calling ./Build.
 map.c		Support for database maps.
 mci.c		Routines that handle mail connection information caching.
+milter.c	MTA portions of the mail filter API.
 mime.c		MIME conversion routines.
+newaliases.1	Man page for the newaliases command.
 parseaddr.c	The routines which do address parsing.
 queue.c		Routines to implement message queueing.
 readcf.c	The routine that reads the configuration file and
 		translates it to internal form.
 recipient.c	Routines that manipulate the recipient list.
-safefile.c	Routines to do careful checking of file modes and permissions
-		when opening or creating files.
 savemail.c	Routines which save the letter on processing errors.
+sendmail.8	Man page for the sendmail command.
 sendmail.h	Main header file for sendmail.
-snprintf.c	Routines to manipulate strings but prevent buffer overflows.
+sfsasl.c	I/O interface between SASL/TLS and the MTA using SFIO.
+sfsasl.h	Header file for sfsasl.c.
+shmticklib.c	Routines for shared memory counters.
 srvrsmtp.c	Routines to implement server SMTP.
 stab.c		Routines to manage the symbol table.
 stats.c		Routines to collect and post the statistics.
+statusd_shm.h	Data structure and function declarations for shmticklib.c.
 sysexits.c	List of error messages associated with error codes
 		in sysexits.h.
+sysexits.h	List of error codes for systems that lack their own.
+timers.c	Routines to provide microtimers.
+timers.h	Data structure and function declarations for timers.h.
 trace.c		The trace package.  These routines allow setting and
 		testing of trace flags with a high granularity.
 udb.c		The user database interface module.
 usersmtp.c	Routines to implement user SMTP.
 util.c		Some general purpose routines used by sendmail.
 version.c	The version number and information about this
-		version of sendmail.  Theoretically, this gets
-		modified on every change.
-
-Eric Allman
+		version of sendmail.
 
-(Version 8.211, last update 2/2/1999 15:28:18)
+(Version $Revision: 8.263.2.1.2.19 $, last update $Date: 2000/07/15 17:35:18 $ )