IFC @ r222830

21 files changed, 406 insertions, 212 deletions

diff --git a/contrib/sendmail/src/Makefile.m4 b/contrib/sendmail/src/Makefile.m4
index 0fa3374..7bcd24d 100644
--- a/contrib/sendmail/src/Makefile.m4
+++ b/contrib/sendmail/src/Makefile.m4
@@ -1,4 +1,4 @@
-dnl $Id: Makefile.m4,v 8.121 2009/12/15 22:39:23 ca Exp $
+dnl $Id: Makefile.m4,v 8.126 2010/11/24 19:59:54 gshapiro Exp $
 include(confBUILDTOOLSDIR`/M4/switch.m4')
 
 define(`confREQUIRE_LIBSM', `true')
diff --git a/contrib/sendmail/src/conf.c b/contrib/sendmail/src/conf.c
index 8d8f9ed..ffc6f20 100644
--- a/contrib/sendmail/src/conf.c
+++ b/contrib/sendmail/src/conf.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2009 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2010 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
@@ -13,7 +13,7 @@
 
 #include <sendmail.h>
 
-SM_RCSID("@(#)$Id: conf.c,v 8.1153 2009/12/18 17:25:12 ca Exp $")
+SM_RCSID("@(#)$Id: conf.c,v 8.1168 2011/01/25 18:31:30 ca Exp $")
 
 #include <sm/sendmail.h>
 #include <sendmail/pathnames.h>
@@ -50,8 +50,11 @@ static int	get_num_procs_online __P((void));
 static int	add_hostnames __P((SOCKADDR *));
 
 #if NETINET6 && NEEDSGETIPNODE
-static struct hostent *getipnodebyname __P((char *, int, int, int *));
-static struct hostent *getipnodebyaddr __P((char *, int, int, int *));
+static struct hostent *sm_getipnodebyname __P((const char *, int, int, int *));
+static struct hostent *sm_getipnodebyaddr __P((const void *, size_t, int, int *));
+#else /* NETINET6 && NEEDSGETIPNODE */
+#define sm_getipnodebyname getipnodebyname 
+#define sm_getipnodebyaddr getipnodebyaddr
 #endif /* NETINET6 && NEEDSGETIPNODE */
 
 
@@ -2600,7 +2603,7 @@ setproctitle(fmt, va_alist)
 **		none.
 */
 
-/*VARARGS2*/
+/*VARARGS3*/
 void
 #ifdef __STDC__
 sm_setproctitle(bool status, ENVELOPE *e, const char *fmt, ...)
@@ -4188,7 +4191,7 @@ strstr(big, little)
 /*
 **  SM_GETHOSTBY{NAME,ADDR} -- compatibility routines for gethostbyXXX
 **
-**	Some operating systems have wierd problems with the gethostbyXXX
+**	Some operating systems have weird problems with the gethostbyXXX
 **	routines.  For example, Solaris versions at least through 2.3
 **	don't properly deliver a canonical h_name field.  This tries to
 **	work around these problems.
@@ -4212,8 +4215,8 @@ strstr(big, little)
 # endif /* ! AI_ALL */
 
 static struct hostent *
-getipnodebyname(name, family, flags, err)
-	char *name;
+sm_getipnodebyname(name, family, flags, err)
+	const char *name;
 	int family;
 	int flags;
 	int *err;
@@ -4236,9 +4239,9 @@ getipnodebyname(name, family, flags, err)
 }
 
 static struct hostent *
-getipnodebyaddr(addr, len, family, err)
-	char *addr;
-	int len;
+sm_getipnodebyaddr(addr, len, family, err)
+	const void *addr;
+	size_t len;
 	int family;
 	int *err;
 {
@@ -4305,7 +4308,7 @@ sm_gethostbyname(name, family)
 #  if ADDRCONFIG_IS_BROKEN
 	flags &= ~AI_ADDRCONFIG;
 #  endif /* ADDRCONFIG_IS_BROKEN */
-	h = getipnodebyname(name, family, flags, &err);
+	h = sm_getipnodebyname(name, family, flags, &err);
 	SM_SET_H_ERRNO(err);
 # else /* NETINET6 */
 	h = gethostbyname(name);
@@ -4344,7 +4347,7 @@ sm_gethostbyname(name, family)
 					       hbuf, family);
 
 # if NETINET6
-				h = getipnodebyname(hbuf, family, flags, &err);
+				h = sm_getipnodebyname(hbuf, family, flags, &err);
 				SM_SET_H_ERRNO(err);
 				save_errno = errno;
 # else /* NETINET6 */
@@ -4441,7 +4444,7 @@ sm_gethostbyaddr(addr, len, type)
 	{
 		int err;
 
-		hp = getipnodebyaddr(addr, len, type, &err);
+		hp = sm_getipnodebyaddr(addr, len, type, &err);
 		SM_SET_H_ERRNO(err);
 	}
 # else /* NETINET6 */
@@ -4864,6 +4867,7 @@ load_if_names()
 		switch (af)
 		{
 		  case AF_INET6:
+			SETV6LOOPBACKADDRFOUND(*sa);
 #  ifdef __KAME__
 			/* convert into proper scoped address */
 			if ((IN6_IS_ADDR_LINKLOCAL(&sa->sin6.sin6_addr) ||
@@ -5063,6 +5067,7 @@ load_if_names()
 
 #   if NETINET6
 		  case AF_INET6:
+			SETV6LOOPBACKADDRFOUND(*sa);
 #    ifdef __KAME__
 			/* convert into proper scoped address */
 			if ((IN6_IS_ADDR_LINKLOCAL(&sa->sin6.sin6_addr) ||
@@ -5928,6 +5933,9 @@ char	*OsCompileOptions[] =
 #if HASWAITPID
 	"HASWAITPID",
 #endif /* HASWAITPID */
+#if HAVE_NANOSLEEP
+	"HAVE_NANOSLEEP",
+#endif /* HAVE_NANOSLEEP */
 #if IDENTPROTO
 	"IDENTPROTO",
 #endif /* IDENTPROTO */
@@ -6018,6 +6026,9 @@ char	*OsCompileOptions[] =
 #ifdef USESYSCTL
 	"USESYSCTL",
 #endif /* USESYSCTL */
+#if USE_OPENSSL_ENGINE
+	"USE_OPENSSL_ENGINE",
+#endif /* USE_OPENSSL_ENGINE */
 #if USING_NETSCAPE_LDAP
 	"USING_NETSCAPE_LDAP",
 #endif /* USING_NETSCAPE_LDAP */
@@ -6321,7 +6332,7 @@ char	*FFRCompileOptions[] =
 #endif /* _FFR_QUEUE_SCHED_DBG */
 #if _FFR_RCPTTHROTDELAY
 	/* configurable delay for BadRcptThrottle */
-	"_FFR_RCPTTHROTDELAY"
+	"_FFR_RCPTTHROTDELAY",
 #endif /* _FFR_RCPTTHROTDELAY */
 #if _FFR_REDIRECTEMPTY
 	/*
diff --git a/contrib/sendmail/src/daemon.c b/contrib/sendmail/src/daemon.c
index 983ad2f..a1dcbe85 100644
--- a/contrib/sendmail/src/daemon.c
+++ b/contrib/sendmail/src/daemon.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2007, 2009 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2007, 2009, 2010 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
@@ -14,7 +14,7 @@
 #include <sendmail.h>
 #include "map.h"
 
-SM_RCSID("@(#)$Id: daemon.c,v 8.683 2009/12/18 01:12:40 ca Exp $")
+SM_RCSID("@(#)$Id: daemon.c,v 8.691 2011/01/25 18:31:30 ca Exp $")
 
 #if defined(SOCK_STREAM) || defined(__GNU_LIBRARY__)
 # define USE_SOCK_STREAM	1
@@ -1267,7 +1267,8 @@ setupdaemon(daemonaddr)
 	  case AF_INET6:
 		if (IN6_IS_ADDR_UNSPECIFIED(&daemonaddr->sin6.sin6_addr))
 			daemonaddr->sin6.sin6_addr =
-			    LocalDaemon ? in6addr_loopback : in6addr_any;
+			    (LocalDaemon && V6LoopbackAddrFound) ?
+			    in6addr_loopback : in6addr_any;
 		port = daemonaddr->sin6.sin6_port;
 		break;
 #endif /* NETINET6 */
@@ -2219,7 +2220,8 @@ makeconnection(host, port, mci, e, enough)
 #if NETINET6
 		  case AF_INET6:
 			if (IN6_IS_ADDR_UNSPECIFIED(&clt_addr.sin6.sin6_addr))
-				clt_addr.sin6.sin6_addr = LocalDaemon ?
+				clt_addr.sin6.sin6_addr =
+					(LocalDaemon && V6LoopbackAddrFound) ?
 					in6addr_loopback : in6addr_any;
 			else
 				clt_bind = true;
@@ -2665,6 +2667,7 @@ gothostent:
 #if NETINET
 			  case AF_INET:
 				addr.sin.sin_addr.s_addr = ConnectOnlyTo.sin.sin_addr.s_addr;
+				addr.sa.sa_family = ConnectOnlyTo.sa.sa_family;
 				break;
 #endif /* NETINET */
 
@@ -2872,7 +2875,10 @@ nextaddr:
 
 	/* Use the configured HeloName as appropriate */
 	if (HeloName != NULL && HeloName[0] != '\0')
+	{
+		SM_FREE_CLR(mci->mci_heloname);
 		mci->mci_heloname = newstr(HeloName);
+	}
 
 	mci_setstat(mci, EX_OK, NULL, NULL);
 	return EX_OK;
diff --git a/contrib/sendmail/src/deliver.c b/contrib/sendmail/src/deliver.c
index 0322c95..acd977f 100644
--- a/contrib/sendmail/src/deliver.c
+++ b/contrib/sendmail/src/deliver.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2010 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
@@ -14,7 +14,7 @@
 #include <sendmail.h>
 #include <sm/time.h>
 
-SM_RCSID("@(#)$Id: deliver.c,v 8.1020 2009/12/18 17:08:01 ca Exp $")
+SM_RCSID("@(#)$Id: deliver.c,v 8.1024 2011/01/12 23:52:59 ca Exp $")
 
 #if HASSETUSERCONTEXT
 # include <login_cap.h>
@@ -1850,7 +1850,7 @@ deliver(e, firstto)
 	**	If we are running SMTP, we just need to clean up.
 	*/
 
-	/* XXX this seems a bit wierd */
+	/* XXX this seems a bit weird */
 	if (ctladdr == NULL && m != ProgMailer && m != FileMailer &&
 	    bitset(QGOODUID, e->e_from.q_flags))
 		ctladdr = &e->e_from;
@@ -2144,6 +2144,7 @@ tryhost:
 			mci->mci_lastuse = curtime();
 			mci->mci_deliveries = 0;
 			mci->mci_exitstat = i;
+			mci_clr_extensions(mci);
 # if NAMED_BIND
 			mci->mci_herrno = h_errno;
 # endif /* NAMED_BIND */
@@ -3104,7 +3105,7 @@ reconnect:	/* after switching to an encrypted connection */
 			    mci->mci_state != MCIS_CLOSED)
 			{
 				SET_HELO(mci->mci_flags);
-				mci->mci_flags &= ~MCIF_EXTENS;
+				mci_clr_extensions(mci);
 				goto reconnect;
 			}
 		}
@@ -3157,7 +3158,7 @@ reconnect:	/* after switching to an encrypted connection */
 						     &mci->mci_out,
 						     mci->mci_conn, tmo) == 0)
 					{
-						mci->mci_flags &= ~MCIF_EXTENS;
+						mci_clr_extensions(mci);
 						mci->mci_flags |= MCIF_AUTHACT|
 								  MCIF_ONLY_EHLO;
 						goto reconnect;
@@ -6111,12 +6112,13 @@ starttls(m, mci, e)
 		return EX_TEMPFAIL;
 
 # if USE_OPENSSL_ENGINE
-	if (!SSL_set_engine(NULL))
+	if (!SSLEngineInitialized && !SSL_set_engine(NULL))
 	{
 		sm_syslog(LOG_ERR, NOQID,
 			  "STARTTLS=client, SSL_set_engine=failed");
 		return EX_TEMPFAIL;
 	}
+	SSLEngineInitialized = true;
 # endif /* USE_OPENSSL_ENGINE */
 
 	smtpmessage("STARTTLS", m, mci);
diff --git a/contrib/sendmail/src/domain.c b/contrib/sendmail/src/domain.c
index 394b0d3f..21442b3 100644
--- a/contrib/sendmail/src/domain.c
+++ b/contrib/sendmail/src/domain.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2004, 2006 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2004, 2006, 2010 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1986, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
@@ -15,9 +15,9 @@
 #include "map.h"
 
 #if NAMED_BIND
-SM_RCSID("@(#)$Id: domain.c,v 8.202 2006/12/19 01:15:07 ca Exp $ (with name server)")
+SM_RCSID("@(#)$Id: domain.c,v 8.204 2010/06/29 15:35:33 ca Exp $ (with name server)")
 #else /* NAMED_BIND */
-SM_RCSID("@(#)$Id: domain.c,v 8.202 2006/12/19 01:15:07 ca Exp $ (without name server)")
+SM_RCSID("@(#)$Id: domain.c,v 8.204 2010/06/29 15:35:33 ca Exp $ (without name server)")
 #endif /* NAMED_BIND */
 
 #if NAMED_BIND
@@ -25,25 +25,6 @@ SM_RCSID("@(#)$Id: domain.c,v 8.202 2006/12/19 01:15:07 ca Exp $ (without name s
 # include <arpa/inet.h>
 
 
-/*
-**  The standard udp packet size PACKETSZ (512) is not sufficient for some
-**  nameserver answers containing very many resource records. The resolver
-**  may switch to tcp and retry if it detects udp packet overflow.
-**  Also note that the resolver routines res_query and res_search return
-**  the size of the *un*truncated answer in case the supplied answer buffer
-**  it not big enough to accommodate the entire answer.
-*/
-
-# ifndef MAXPACKET
-#  define MAXPACKET 8192	/* max packet size used internally by BIND */
-# endif /* ! MAXPACKET */
-
-typedef union
-{
-	HEADER		qb1;
-	unsigned char	qb2[MAXPACKET];
-} querybuf;
-
 # ifndef MXHOSTBUFSIZE
 #  define MXHOSTBUFSIZE	(128 * MAXMXHOSTS)
 # endif /* ! MXHOSTBUFSIZE */
diff --git a/contrib/sendmail/src/envelope.c b/contrib/sendmail/src/envelope.c
index 022c3ca..18defd2 100644
--- a/contrib/sendmail/src/envelope.c
+++ b/contrib/sendmail/src/envelope.c
@@ -13,7 +13,7 @@
 
 #include <sendmail.h>
 
-SM_RCSID("@(#)$Id: envelope.c,v 8.310 2009/12/18 17:08:01 ca Exp $")
+SM_RCSID("@(#)$Id: envelope.c,v 8.312 2010/02/03 16:36:40 ca Exp $")
 
 /*
 **  CLRSESSENVELOPE -- clear session oriented data in an envelope
@@ -246,12 +246,14 @@ dropenvelope(e, fulldrop, split)
 		e->e_flags |= EF_FATALERRS|EF_CLRQUEUE;
 	}
 
+
 	e->e_flags &= ~EF_QUEUERUN;
 	for (q = e->e_sendqueue; q != NULL; q = q->q_next)
 	{
 		if (QS_IS_UNDELIVERED(q->q_state))
 			queueit = true;
 
+
 		/* see if a notification is needed */
 		if (bitset(QPINGONFAILURE, q->q_flags) &&
 		    ((IS_MSG_ERR(msg_timeout) &&
diff --git a/contrib/sendmail/src/err.c b/contrib/sendmail/src/err.c
index 5825666..baa355a 100644
--- a/contrib/sendmail/src/err.c
+++ b/contrib/sendmail/src/err.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2003, 2010 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
@@ -13,7 +13,7 @@
 
 #include <sendmail.h>
 
-SM_RCSID("@(#)$Id: err.c,v 8.196 2006/11/10 23:14:08 ca Exp $")
+SM_RCSID("@(#)$Id: err.c,v 8.205 2010/02/03 23:22:41 ca Exp $")
 
 #if LDAPMAP
 # include <lber.h>
@@ -359,7 +359,7 @@ usrerr(fmt, va_alist)
 **		increments Errors.
 */
 
-/*VARARGS1*/
+/*VARARGS2*/
 void
 #ifdef __STDC__
 usrerrenh(char *enhsc, const char *fmt, ...)
@@ -427,6 +427,7 @@ usrerrenh(enhsc, fmt, va_alist)
 	if (QuickAbort)
 		sm_exc_raisenew_x(&EtypeQuickAbort, 1);
 }
+
 /*
 **  MESSAGE -- print message (not necessarily an error)
 **
@@ -473,11 +474,12 @@ message(msg, va_alist)
 	  case '5':
 		if (CurEnv->e_rpool == NULL && CurEnv->e_message != NULL)
 			sm_free(CurEnv->e_message);
-		CurEnv->e_message =
-			sm_rpool_strdup_x(CurEnv->e_rpool, errtxt);
+		CurEnv->e_message = sm_rpool_strdup_x(CurEnv->e_rpool, errtxt);
 		break;
 	}
 }
+
+
 /*
 **  NMESSAGE -- print message (not necessarily an error)
 **
diff --git a/contrib/sendmail/src/main.c b/contrib/sendmail/src/main.c
index 1bbb070..4d2318f 100644
--- a/contrib/sendmail/src/main.c
+++ b/contrib/sendmail/src/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2006, 2008, 2009 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2006, 2008, 2009, 2011 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
@@ -26,7 +26,7 @@ SM_UNUSED(static char copyright[]) =
 	The Regents of the University of California.  All rights reserved.\n";
 #endif /* ! lint */
 
-SM_RCSID("@(#)$Id: main.c,v 8.971 2009/12/18 17:08:01 ca Exp $")
+SM_RCSID("@(#)$Id: main.c,v 8.976 2011/03/15 23:14:36 ca Exp $")
 
 
 #if NETINET || NETINET6
@@ -304,6 +304,9 @@ main(argc, argv, envp)
 	SubmitMode = SUBMIT_UNKNOWN;
 #if _FFR_LOCAL_DAEMON
 	LocalDaemon = false;
+# if NETINET6
+	V6LoopbackAddrFound = false;
+# endif /* NETINET6 */
 #endif /* _FFR_LOCAL_DAEMON */
 #if XDEBUG
 	checkfd012("after openlog");
@@ -1308,7 +1311,7 @@ main(argc, argv, envp)
 		(void) getfallbackmxrr(FallbackMX);
 #endif /* NAMED_BIND */
 
-	if (SuperSafe == SAFE_INTERACTIVE && CurEnv->e_sendmode != SM_DELIVER)
+	if (SuperSafe == SAFE_INTERACTIVE && !SM_IS_INTERACTIVE(CurEnv->e_sendmode))
 	{
 		(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
 				     "WARNING: SuperSafe=interactive should only be used with\n         DeliveryMode=interactive\n");
@@ -3190,7 +3193,7 @@ sigpipe(sig)
 **	may resend a message.
 **
 **	Parameters:
-**		none.
+**		sig -- incoming signal.
 **
 **	Returns:
 **		none.
@@ -3201,8 +3204,6 @@ sigpipe(sig)
 **	NOTE:	THIS CAN BE CALLED FROM A SIGNAL HANDLER.  DO NOT ADD
 **		ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
 **		DOING.
-**
-**		XXX: More work is needed for this signal handler.
 */
 
 /* ARGSUSED */
@@ -3217,38 +3218,34 @@ intsig(sig)
 	errno = save_errno;
 	CHECK_CRITICAL(sig);
 	sm_allsignals(true);
+	IntSig = true;
 
-	if (sig != 0 && LogLevel > 79)
-		sm_syslog(LOG_DEBUG, CurEnv->e_id, "interrupt");
 	FileName = NULL;
 
 	/* Clean-up on aborted stdin message submission */
-	if (CurEnv->e_id != NULL &&
-	    (OpMode == MD_SMTP ||
+	if  (OpMode == MD_SMTP ||
 	     OpMode == MD_DELIVER ||
-	     OpMode == MD_ARPAFTP))
+	     OpMode == MD_ARPAFTP)
 	{
-		register ADDRESS *q;
-
-		/* don't return an error indication */
-		CurEnv->e_to = NULL;
-		CurEnv->e_flags &= ~EF_FATALERRS;
-		CurEnv->e_flags |= EF_CLRQUEUE;
-
-		/*
-		**  Spin through the addresses and
-		**  mark them dead to prevent bounces
-		*/
-
-		for (q = CurEnv->e_sendqueue; q != NULL; q = q->q_next)
-			q->q_state = QS_DONTSEND;
-
-		drop = true;
+		if (CurEnv->e_id != NULL)
+		{
+			char *fn;
+
+			fn = queuename(CurEnv, DATAFL_LETTER);
+			if (fn != NULL)
+				(void) unlink(fn);
+			fn = queuename(CurEnv, ANYQFL_LETTER);
+			if (fn != NULL)
+				(void) unlink(fn);
+		}
+		_exit(EX_OK);
+		/* NOTREACHED */
 	}
-	else if (OpMode != MD_TEST)
-	{
+
+	if (sig != 0 && LogLevel > 79)
+		sm_syslog(LOG_DEBUG, CurEnv->e_id, "interrupt");
+	if (OpMode != MD_TEST)
 		unlockqueue(CurEnv);
-	}
 
 	finis(drop, false, EX_OK);
 	/* NOTREACHED */
diff --git a/contrib/sendmail/src/map.c b/contrib/sendmail/src/map.c
index be88685..2eb6958 100644
--- a/contrib/sendmail/src/map.c
+++ b/contrib/sendmail/src/map.c
@@ -13,7 +13,7 @@
 
 #include <sendmail.h>
 
-SM_RCSID("@(#)$Id: map.c,v 8.705 2009/08/11 22:22:40 ca Exp $")
+SM_RCSID("@(#)$Id: map.c,v 8.706 2010/07/27 03:35:42 ca Exp $")
 
 #if LDAPMAP
 # include <sm/ldap.h>
@@ -5985,7 +5985,7 @@ stab_map_store(map, lhs, rhs)
 /*
 **  STAB_MAP_OPEN -- initialize (reads data file)
 **
-**	This is a wierd case -- it is only intended as a fallback for
+**	This is a weird case -- it is only intended as a fallback for
 **	aliases.  For this reason, opens for write (only during a
 **	"newaliases") always fails, and opens for read open the
 **	actual underlying text file instead of the database.
diff --git a/contrib/sendmail/src/mci.c b/contrib/sendmail/src/mci.c
index 2770117..7b17167 100644
--- a/contrib/sendmail/src/mci.c
+++ b/contrib/sendmail/src/mci.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2005, 2010 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
@@ -13,7 +13,7 @@
 
 #include <sendmail.h>
 
-SM_RCSID("@(#)$Id: mci.c,v 8.221 2007/11/13 23:44:25 gshapiro Exp $")
+SM_RCSID("@(#)$Id: mci.c,v 8.223 2010/03/10 04:35:28 ca Exp $")
 
 #if NETINET || NETINET6
 # include <arpa/inet.h>
@@ -288,6 +288,32 @@ mci_flush(doquit, allbut)
 			mci_uncache(&MciCache[i], doquit);
 	}
 }
+
+/*
+**  MCI_CLR_EXTENSIONS -- clear knowledge about SMTP extensions
+**
+**	Parameters:
+**		mci -- the connection to clear.
+**
+**	Returns:
+**		none.
+*/
+
+void
+mci_clr_extensions(mci)
+	MCI *mci;
+{
+	if (mci == NULL)
+		return;
+
+	mci->mci_flags &= ~MCIF_EXTENS;
+	mci->mci_maxsize = 0;
+	mci->mci_min_by = 0;
+#if SASL
+	mci->mci_saslcap = NULL;
+#endif /* SASL */
+}
+
 /*
 **  MCI_GET -- get information about a particular host
 **
@@ -567,6 +593,7 @@ static struct mcifbits	MciFlags[] =
 	{ MCIF_CVT7TO8,		"CVT7TO8"	},
 	{ MCIF_INMIME,		"INMIME"	},
 	{ MCIF_AUTH,		"AUTH"		},
+	{ MCIF_AUTH2,		"AUTH2"		},
 	{ MCIF_AUTHACT,		"AUTHACT"	},
 	{ MCIF_ENHSTAT,		"ENHSTAT"	},
 	{ MCIF_PIPELINED,	"PIPELINED"	},
diff --git a/contrib/sendmail/src/parseaddr.c b/contrib/sendmail/src/parseaddr.c
index 19bcf73..9135c22 100644
--- a/contrib/sendmail/src/parseaddr.c
+++ b/contrib/sendmail/src/parseaddr.c
@@ -13,7 +13,7 @@
 
 #include <sendmail.h>
 
-SM_RCSID("@(#)$Id: parseaddr.c,v 8.403 2008/02/08 02:27:35 ca Exp $")
+SM_RCSID("@(#)$Id: parseaddr.c,v 8.404 2010/07/27 03:35:42 ca Exp $")
 
 #include <sm/sendmail.h>
 #include "map.h"
@@ -319,7 +319,7 @@ delim:
 **			is invalid and should be "repaired".
 **
 **	Returns:
-**		true -- if the address has any "wierd" characters or
+**		true -- if the address has any "weird" characters or
 **			non-printable characters or if a quote is unbalanced.
 **		false -- otherwise.
 */
diff --git a/contrib/sendmail/src/queue.c b/contrib/sendmail/src/queue.c
index 194f525..16142d9 100644
--- a/contrib/sendmail/src/queue.c
+++ b/contrib/sendmail/src/queue.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2009 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2009, 2011 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
@@ -14,7 +14,7 @@
 #include <sendmail.h>
 #include <sm/sem.h>
 
-SM_RCSID("@(#)$Id: queue.c,v 8.987 2009/12/18 17:08:01 ca Exp $")
+SM_RCSID("@(#)$Id: queue.c,v 8.991 2011/03/15 23:14:36 ca Exp $")
 
 #include <dirent.h>
 
@@ -203,7 +203,7 @@ static const char *FSPath[MAXFILESYS];	/* pathnames for file systems */
 **	tag -- should be a unique id to avoid misinterpretations by others.
 **		idea: hash over configuration data that will be stored here.
 **	NumFileSys -- number of file systems.
-**	FileSys -- (arrary of) structure for used file systems.
+**	FileSys -- (array of) structure for used file systems.
 **	RSATmpCnt -- counter for number of uses of ephemeral RSA key.
 **	QShm -- (array of) structure for information about queue directories.
 */
@@ -633,7 +633,6 @@ queueup(e, announce, msync)
 	}
 
 	/* output inode number of data file */
-	/* XXX should probably include device major/minor too */
 	if (e->e_dfino != -1)
 	{
 		(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "I%ld/%ld/%llu\n",
@@ -5195,7 +5194,11 @@ queuename(e, type)
 
 	/* Assign an ID if needed */
 	if (e->e_id == NULL)
+	{
+		if (IntSig)
+			return NULL;
 		assign_queueid(e);
+	}
 	type = queue_letter(e, type);
 
 	/* begin of filename */
@@ -5239,7 +5242,11 @@ queuename(e, type)
 	else
 	{
 		if (e->e_qgrp == NOQGRP || e->e_qdir == NOQDIR)
+		{
+			if (IntSig)
+				return NULL;
 			(void) setnewqueue(e);
+		}
 		if (type ==  DATAFL_LETTER)
 		{
 			qd = e->e_dfqdir;
@@ -5279,6 +5286,8 @@ queuename(e, type)
 			break;
 
 		  default:
+			if (IntSig)
+				return NULL;
 			sm_abort("queuename: bad queue file type %d", type);
 		}
 
diff --git a/contrib/sendmail/src/readcf.c b/contrib/sendmail/src/readcf.c
index c6d48a8..7bc70c2 100644
--- a/contrib/sendmail/src/readcf.c
+++ b/contrib/sendmail/src/readcf.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2006, 2008, 2009 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2006, 2008-2010 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
@@ -14,12 +14,13 @@
 #include <sendmail.h>
 #include <sm/sendmail.h>
 
-SM_RCSID("@(#)$Id: readcf.c,v 8.674 2009/10/26 17:47:00 ca Exp $")
+SM_RCSID("@(#)$Id: readcf.c,v 8.684 2011/03/15 17:29:29 guenther Exp $")
 
 #if NETINET || NETINET6
 # include <arpa/inet.h>
 #endif /* NETINET || NETINET6 */
 
+
 #define SECONDS
 #define MINUTES	* 60
 #define HOUR	* 3600
@@ -114,7 +115,15 @@ readcf(cfname, safe, e)
 	LineNumber = 0;
 
 #if STARTTLS
-	Srv_SSL_Options = Clt_SSL_Options = SSL_OP_ALL;
+	Srv_SSL_Options = SSL_OP_ALL;
+	Clt_SSL_Options = SSL_OP_ALL
+#ifdef SSL_OP_NO_SSLv2
+		| SSL_OP_NO_SSLv2
+#endif
+#ifdef SSL_OP_NO_TICKET
+		| SSL_OP_NO_TICKET
+#endif
+		;
 #endif /* STARTTLS */
 	if (DontLockReadFiles)
 		sff |= SFF_NOLOCK;
@@ -2271,6 +2280,10 @@ static struct optioninfo
 # define O_RCPTTHROTDELAY	0xe6
 	{ "BadRcptThrottleDelay",	O_RCPTTHROTDELAY,	OI_SAFE	},
 #endif /* _FFR_RCPTTHROTDELAY */
+#if 0 && _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
+# define O_INETQOS	0xe7	/* reserved for FFR_QOS */
+	{ "InetQoS",			O_INETQOS,	OI_NONE },
+#endif
 
 	{ NULL,				'\0',		OI_NONE	}
 };
@@ -2285,68 +2298,85 @@ static struct ssl_options
 /* these are turned on by default */
 #ifdef SSL_OP_MICROSOFT_SESS_ID_BUG
 	{ "SSL_OP_MICROSOFT_SESS_ID_BUG",	SSL_OP_MICROSOFT_SESS_ID_BUG	},
-#endif /* SSL_OP_MICROSOFT_SESS_ID_BUG */
+#endif
 #ifdef SSL_OP_NETSCAPE_CHALLENGE_BUG
 	{ "SSL_OP_NETSCAPE_CHALLENGE_BUG",	SSL_OP_NETSCAPE_CHALLENGE_BUG	},
-#endif /* SSL_OP_NETSCAPE_CHALLENGE_BUG */
+#endif
 #ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
 	{ "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG",	SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG	},
-#endif /* SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG */
+#endif
 #ifdef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
 	{ "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG",	SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG	},
-#endif /* SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG */
+#endif
 #ifdef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
 	{ "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER",	SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER	},
-#endif /* SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER */
+#endif
 #ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
 	{ "SSL_OP_MSIE_SSLV2_RSA_PADDING",	SSL_OP_MSIE_SSLV2_RSA_PADDING	},
-#endif /* SSL_OP_MSIE_SSLV2_RSA_PADDING */
+#endif
 #ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
 	{ "SSL_OP_SSLEAY_080_CLIENT_DH_BUG",	SSL_OP_SSLEAY_080_CLIENT_DH_BUG	},
-#endif /* SSL_OP_SSLEAY_080_CLIENT_DH_BUG */
+#endif
 #ifdef SSL_OP_TLS_D5_BUG
 	{ "SSL_OP_TLS_D5_BUG",	SSL_OP_TLS_D5_BUG	},
-#endif /* SSL_OP_TLS_D5_BUG */
+#endif
 #ifdef SSL_OP_TLS_BLOCK_PADDING_BUG
 	{ "SSL_OP_TLS_BLOCK_PADDING_BUG",	SSL_OP_TLS_BLOCK_PADDING_BUG	},
-#endif /* SSL_OP_TLS_BLOCK_PADDING_BUG */
+#endif
 #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
 	{ "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS",	SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS	},
-#endif /* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */
+#endif
+#ifdef SSL_OP_ALL
 	{ "SSL_OP_ALL",	SSL_OP_ALL	},
+#endif
+#ifdef SSL_OP_NO_QUERY_MTU
+	{ "SSL_OP_NO_QUERY_MTU",	SSL_OP_NO_QUERY_MTU	},
+#endif
+#ifdef SSL_OP_COOKIE_EXCHANGE
+	{ "SSL_OP_COOKIE_EXCHANGE",	SSL_OP_COOKIE_EXCHANGE	},
+#endif
+#ifdef SSL_OP_NO_TICKET
+	{ "SSL_OP_NO_TICKET",	SSL_OP_NO_TICKET	},
+#endif
 #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
 	{ "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION",	SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	},
-#endif /* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION */
+#endif
+#ifdef SSL_OP_SINGLE_ECDH_USE
+	{ "SSL_OP_SINGLE_ECDH_USE",	SSL_OP_SINGLE_ECDH_USE	},
+#endif
+#ifdef SSL_OP_SINGLE_DH_USE
+	{ "SSL_OP_SINGLE_DH_USE",	SSL_OP_SINGLE_DH_USE	},
+#endif
 #ifdef SSL_OP_EPHEMERAL_RSA
 	{ "SSL_OP_EPHEMERAL_RSA",	SSL_OP_EPHEMERAL_RSA	},
-#endif /* SSL_OP_EPHEMERAL_RSA */
+#endif
 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
 	{ "SSL_OP_CIPHER_SERVER_PREFERENCE",	SSL_OP_CIPHER_SERVER_PREFERENCE	},
-#endif /* SSL_OP_CIPHER_SERVER_PREFERENCE */
+#endif
 #ifdef SSL_OP_TLS_ROLLBACK_BUG
 	{ "SSL_OP_TLS_ROLLBACK_BUG",	SSL_OP_TLS_ROLLBACK_BUG	},
-#endif /* SSL_OP_TLS_ROLLBACK_BUG */
+#endif
 #ifdef SSL_OP_NO_SSLv2
 	{ "SSL_OP_NO_SSLv2",	SSL_OP_NO_SSLv2	},
-#endif /* SSL_OP_NO_SSLv2 */
+#endif
 #ifdef SSL_OP_NO_SSLv3
 	{ "SSL_OP_NO_SSLv3",	SSL_OP_NO_SSLv3	},
-#endif /* SSL_OP_NO_SSLv3 */
+#endif
 #ifdef SSL_OP_NO_TLSv1
 	{ "SSL_OP_NO_TLSv1",	SSL_OP_NO_TLSv1	},
-#endif /* SSL_OP_NO_TLSv1 */
+#endif
 #ifdef SSL_OP_PKCS1_CHECK_1
 	{ "SSL_OP_PKCS1_CHECK_1",	SSL_OP_PKCS1_CHECK_1	},
-#endif /* SSL_OP_PKCS1_CHECK_1 */
+#endif
 #ifdef SSL_OP_PKCS1_CHECK_2
 	{ "SSL_OP_PKCS1_CHECK_2",	SSL_OP_PKCS1_CHECK_2	},
-#endif /* SSL_OP_PKCS1_CHECK_2 */
+#endif
 #ifdef SSL_OP_NETSCAPE_CA_DN_BUG
 	{ "SSL_OP_NETSCAPE_CA_DN_BUG",	SSL_OP_NETSCAPE_CA_DN_BUG	},
-#endif /* SSL_OP_NETSCAPE_CA_DN_BUG */
+#endif
 #ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
 	{ "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG",	SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG	},
-#endif /* SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG */
+#endif
 	{ NULL,		0		}
 };
 #endif /* STARTTLS && _FFR_TLS_1 */
@@ -2639,6 +2669,7 @@ setoption(opt, val, safe, sticky, e)
 			set_delivery_mode(*val, e);
 			break;
 
+
 		  default:
 			syserr("Unknown delivery mode %c", *val);
 			finis(false, true, EX_USAGE);
@@ -3446,7 +3477,7 @@ setoption(opt, val, safe, sticky, e)
 		ConnectOnlyTo.sa.sa_family = AF_UNSPEC;
 # if NETINET6
 		if (anynet_pton(AF_INET6, val,
-				&ConnectOnlyTo.sin6.sin6_addr) != 1)
+				&ConnectOnlyTo.sin6.sin6_addr) == 1)
 			ConnectOnlyTo.sa.sa_family = AF_INET6;
 		else
 # endif /* NETINET6 */
diff --git a/contrib/sendmail/src/sendmail.8 b/contrib/sendmail/src/sendmail.8
index e5ce9ae..5097f22 100644
--- a/contrib/sendmail/src/sendmail.8
+++ b/contrib/sendmail/src/sendmail.8
@@ -9,9 +9,9 @@
 .\" the sendmail distribution.
 .\"
 .\"
-.\"     $Id: sendmail.8,v 8.59 2009/04/10 17:49:19 gshapiro Exp $
+.\"     $Id: sendmail.8,v 8.60 2011/03/07 23:44:48 ca Exp $
 .\"
-.TH SENDMAIL 8 "$Date: 2009/04/10 17:49:19 $"
+.TH SENDMAIL 8 "$Date: 2011/03/07 23:44:48 $"
 .SH NAME
 sendmail
 \- an electronic mail transport agent
@@ -224,7 +224,9 @@ If not specified,
 ``Received:'' lines in the message are counted.
 .TP
 .B \-i
-Ignore dots alone on lines by themselves in incoming messages.
+Do not strip a leading dot from lines in incoming messages,
+and do not treat a dot on a line by itself
+as the end of an incoming message.
 This should be set if you are reading data from a file.
 .TP
 .BI "\-L " tag
diff --git a/contrib/sendmail/src/sendmail.h b/contrib/sendmail/src/sendmail.h
index b170c2b..39ba16c 100644
--- a/contrib/sendmail/src/sendmail.h
+++ b/contrib/sendmail/src/sendmail.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2009 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2011 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
@@ -52,7 +52,7 @@
 
 #ifdef _DEFINE
 # ifndef lint
-SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 8.1068 2009/12/18 17:08:01 ca Exp $";
+SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 8.1089 2011/03/15 23:14:36 ca Exp $";
 # endif /* ! lint */
 #endif /* _DEFINE */
 
@@ -327,7 +327,7 @@ typedef struct address ADDRESS;
 				 (s) == QS_SENT || \
 				 (s) == QS_DISCARDED)
 #define QS_IS_DEAD(s)		((s) >= QS_DONTSEND)
-
+#define QS_IS_TEMPFAIL(s)	((s) == QS_QUEUEUP || (s) == QS_RETRY)
 
 #define NULLADDR	((ADDRESS *) NULL)
 
@@ -721,17 +721,20 @@ MCI
 #if STARTTLS
 #define MCIF_TLS	0x00100000	/* STARTTLS supported */
 #define MCIF_TLSACT	0x00200000	/* STARTTLS active */
-#define MCIF_EXTENS	(MCIF_EXPN | MCIF_SIZE | MCIF_8BITMIME | MCIF_DSN | MCIF_8BITOK | MCIF_AUTH | MCIF_ENHSTAT | MCIF_TLS)
 #else /* STARTTLS */
-#define MCIF_EXTENS	(MCIF_EXPN | MCIF_SIZE | MCIF_8BITMIME | MCIF_DSN | MCIF_8BITOK | MCIF_AUTH | MCIF_ENHSTAT)
+#define MCIF_TLS	0
+#define MCIF_TLSACT	0
 #endif /* STARTTLS */
 #define MCIF_DLVR_BY	0x00400000	/* DELIVERBY */
 #if _FFR_IGNORE_EXT_ON_HELO
 # define MCIF_HELO	0x00800000	/* we used HELO: ignore extensions */
 #endif /* _FFR_IGNORE_EXT_ON_HELO */
 #define MCIF_INLONGLINE 0x01000000	/* in the middle of a long line */
+#define MCIF_AUTH2	0x02000000	/* got 2 AUTH lines */
 #define MCIF_ONLY_EHLO	0x10000000	/* use only EHLO in smtpinit */
 
+#define MCIF_EXTENS	(MCIF_EXPN | MCIF_SIZE | MCIF_8BITMIME | MCIF_DSN | MCIF_8BITOK | MCIF_AUTH | MCIF_ENHSTAT | MCIF_TLS | MCIF_AUTH2)
+
 /* states */
 #define MCIS_CLOSED	0		/* no traffic on this connection */
 #define MCIS_OPENING	1		/* sending initial protocol */
@@ -749,6 +752,7 @@ extern void	mci_close __P((MCI *, char *where));
 extern void	mci_dump __P((SM_FILE_T *, MCI *, bool));
 extern void	mci_dump_all __P((SM_FILE_T *, bool));
 extern void	mci_flush __P((bool, MCI *));
+extern void	mci_clr_extensions __P((MCI *));
 extern MCI	*mci_get __P((char *, MAILER *));
 extern int	mci_lock_host __P((MCI *));
 extern bool	mci_match __P((char *, MAILER *));
@@ -1167,6 +1171,33 @@ struct hostsig_t
 
 typedef struct hostsig_t HOSTSIG_T;
 
+/*
+**  The standard udp packet size PACKETSZ (512) is not sufficient for some
+**  nameserver answers containing very many resource records. The resolver
+**  may switch to tcp and retry if it detects udp packet overflow.
+**  Also note that the resolver routines res_query and res_search return
+**  the size of the *un*truncated answer in case the supplied answer buffer
+**  it not big enough to accommodate the entire answer.
+*/
+
+# ifndef MAXPACKET
+#  define MAXPACKET 8192	/* max packet size used internally by BIND */
+# endif /* ! MAXPACKET */
+
+/*
+**  The resolver functions res_{send,query,querydomain} expect the
+**  answer buffer to be aligned, but some versions of gcc4 reverse
+**  25 years of history and no longer align char buffers on the
+**  stack, resulting in crashes on strict-alignment platforms.  Use
+**  this union when putting the buffer on the stack to force the
+**  alignment, then cast to (HEADER *) or (unsigned char *) as needed.
+*/
+typedef union
+{
+	HEADER		qb1;
+	unsigned char	qb2[MAXPACKET];
+} querybuf;
+
 /* functions */
 extern bool	getcanonname __P((char *, int, bool, int *));
 extern int	getmxrr __P((char *, char **, unsigned short *, bool, int *, bool, int *));
@@ -1246,11 +1277,15 @@ MAP
 #define MF_OPENBOGUS	0x00800000	/* open failed, don't call map_close */
 #define MF_CLOSING	0x01000000	/* map is being closed */
 
-#define DYNOPENMAP(map) if (!bitset(MF_OPEN, (map)->map_mflags)) \
-	{	\
-		if (!openmap(map))	\
-			return NULL;	\
-	}
+#define DYNOPENMAP(map) \
+	do		\
+	{		\
+		if (!bitset(MF_OPEN, (map)->map_mflags)) \
+		{	\
+			if (!openmap(map))	\
+				return NULL;	\
+		}	\
+	} while (0)
 
 
 /* indices for map_actions */
@@ -1569,8 +1604,19 @@ extern void	stabapply __P((void (*)(STAB *, int), int));
 
 #if _FFR_LOCAL_DAEMON
 EXTERN bool	LocalDaemon;
+# if NETINET6
+EXTERN bool	V6LoopbackAddrFound;	/* found an IPv6 loopback address */
+#  define SETV6LOOPBACKADDRFOUND(sa)	\
+	do	\
+	{	\
+		if (isloopback(sa))	\
+			V6LoopbackAddrFound = true;	\
+	} while (0)
+# endif /* NETINET6 */
 #else /* _FFR_LOCAL_DAEMON */
 # define LocalDaemon	false
+# define V6LoopbackAddrFound	false
+# define SETV6LOOPBACKADDRFOUND(sa)
 #endif /* _FFR_LOCAL_DAEMON */
 
 /* Note: see also include/sendmail/pathnames.h: GET_CLIENT_CF */
@@ -1585,6 +1631,7 @@ EXTERN bool	LocalDaemon;
 #define SM_DEFER	'd'		/* defer map lookups as well as queue */
 #define SM_VERIFY	'v'		/* verify only (used internally) */
 #define DM_NOTSET	(-1)	/* DeliveryMode (per daemon) option not set */
+# define SM_IS_INTERACTIVE(m)	((m) == SM_DELIVER)
 
 #define WILL_BE_QUEUED(m)	((m) == SM_QUEUE || (m) == SM_DEFER)
 
@@ -2100,7 +2147,11 @@ extern void	inittimeouts __P((char *, bool));
 */
 
 /* macros for debugging flags */
-#define tTd(flag, level)	(tTdvect[flag] >= (unsigned char)level)
+#if NOT_SENDMAIL
+# define tTd(flag, level)	(tTdvect[flag] >= (unsigned char)level)
+#else
+# define tTd(flag, level)	(tTdvect[flag] >= (unsigned char)level && !IntSig)
+#endif
 #define tTdlevel(flag)		(tTdvect[flag])
 
 /* variables */
@@ -2123,22 +2174,26 @@ extern unsigned char	tTdvect[100];	/* trace vector */
 */
 
 /* set exit status */
-#define setstat(s)	{ \
-				if (ExitStat == EX_OK || ExitStat == EX_TEMPFAIL) \
-					ExitStat = s; \
-			}
+#define setstat(s)	\
+	do		\
+	{		\
+		if (ExitStat == EX_OK || ExitStat == EX_TEMPFAIL) \
+			ExitStat = s; \
+	} while (0)
 
 
 #define STRUCTCOPY(s, d)	d = s
 
 /* free a pointer if it isn't NULL and set it to NULL */
 #define SM_FREE_CLR(p)	\
-			if ((p) != NULL) \
-			{ \
-				sm_free(p); \
-				(p) = NULL; \
-			} \
-			else
+	do		\
+	{		\
+		if ((p) != NULL) \
+		{ \
+			sm_free(p); \
+			(p) = NULL; \
+		} \
+	} while (0)
 
 /*
 **  Update a permanent string variable with a new value.
@@ -2185,6 +2240,15 @@ extern unsigned char	tTdvect[100];	/* trace vector */
 #define XS_DEFAULT	0
 #define XS_STARTTLS	1
 #define XS_AUTH		2
+#define XS_GREET	3
+#define XS_EHLO		4
+#define XS_MAIL		5
+#define XS_RCPT		6
+#define XS_DATA		7
+#define XS_EOM		8
+#define XS_DATA2	9
+#define XS_RCPT2	10
+#define XS_QUIT		15
 
 /*
 **  Global variables.
@@ -2363,6 +2427,7 @@ EXTERN char	*RunAsUserName;	/* user to become for bulk of run */
 EXTERN char	*SafeFileEnv;	/* chroot location for file delivery */
 EXTERN char	*ServiceSwitchFile;	/* backup service switch */
 EXTERN char	*volatile ShutdownRequest;/* a sendmail shutdown has been requested */
+EXTERN bool	volatile IntSig;
 EXTERN char	*SmtpGreeting;	/* SMTP greeting message (old $e macro) */
 EXTERN char	*SmtpPhase;	/* current phase in SMTP processing */
 EXTERN char	SmtpError[MAXLINE];	/* save failure error messages */
@@ -2390,6 +2455,9 @@ extern const SM_EXC_TYPE_T EtypeQuickAbort; /* type of a QuickAbort exception */
 
 
 EXTERN int ConnectionRateWindowSize;
+#if STARTTLS && USE_OPENSSL_ENGINE
+EXTERN bool	SSLEngineInitialized;
+#endif /* STARTTLS && USE_OPENSSL_ENGINE */
 
 /*
 **  Declarations of useful functions
@@ -2442,6 +2510,8 @@ extern int	smtprcpt __P((ADDRESS *, MAILER *, MCI *, ENVELOPE *, ADDRESS *, time
 extern void	smtprset __P((MAILER *, MCI *, ENVELOPE *));
 
 #define REPLYTYPE(r)	((r) / 100)		/* first digit of reply code */
+#define REPLYCLASS(r)	(((r) / 10) % 10)	/* second digit of reply code */
+#define REPLYMINOR(r)	((r) % 10)	/* last digit of reply code */
 #define ISSMTPCODE(c)	(isascii(c[0]) && isdigit(c[0]) && \
 		    isascii(c[1]) && isdigit(c[1]) && \
 		    isascii(c[2]) && isdigit(c[2]))
diff --git a/contrib/sendmail/src/sm_resolve.c b/contrib/sendmail/src/sm_resolve.c
index 6d9c28d..b8a1405 100644
--- a/contrib/sendmail/src/sm_resolve.c
+++ b/contrib/sendmail/src/sm_resolve.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000-2004 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 2000-2004, 2010 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  *
  * By using this file, you agree to the terms and conditions set
@@ -44,9 +44,13 @@
 #include <sendmail.h>
 #if DNSMAP
 # if NAMED_BIND
+#  if NETINET
+#   include <netinet/in_systm.h>
+#   include <netinet/ip.h>
+#  endif /* NETINET */
 #  include "sm_resolve.h"
 
-SM_RCSID("$Id: sm_resolve.c,v 8.36 2008/02/11 23:04:16 ca Exp $")
+SM_RCSID("$Id: sm_resolve.c,v 8.39 2010/06/29 15:35:33 ca Exp $")
 
 static struct stot
 {
@@ -394,7 +398,13 @@ dns_lookup_int(domain, rr_class, rr_type, retrans, retry)
 	time_t save_retrans = 0;
 	int save_retry = 0;
 	DNS_REPLY_T *r = NULL;
-	unsigned char reply[1024];
+	querybuf reply_buf;
+	unsigned char *reply;
+
+#define SMRBSIZE sizeof(reply_buf)
+#ifndef IP_MAXPACKET
+# define IP_MAXPACKET	65535
+#endif
 
 	if (tTd(8, 16))
 	{
@@ -415,15 +425,44 @@ dns_lookup_int(domain, rr_class, rr_type, retrans, retry)
 	}
 	errno = 0;
 	SM_SET_H_ERRNO(0);
-	len = res_search(domain, rr_class, rr_type, reply, sizeof(reply));
+	reply = (unsigned char *)&reply_buf;
+	len = res_search(domain, rr_class, rr_type, reply, SMRBSIZE);
+	if (len >= SMRBSIZE)
+	{
+		if (len >= IP_MAXPACKET)
+		{
+			if (tTd(8, 4))
+				sm_dprintf("dns_lookup: domain=%s, length=%d, default_size=%d, max=%d, status=response too long\n",
+					   domain, len, (int) SMRBSIZE,
+					   IP_MAXPACKET);
+		}
+		else
+		{
+			if (tTd(8, 6))
+				sm_dprintf("dns_lookup: domain=%s, length=%d, default_size=%d, max=%d, status=response longer than default size, resizing\n",
+					   domain, len, (int) SMRBSIZE,
+					   IP_MAXPACKET);
+			reply = (unsigned char *)sm_malloc(IP_MAXPACKET);
+			if (reply == NULL)
+				SM_SET_H_ERRNO(TRY_AGAIN);
+			else
+				len = res_search(domain, rr_class, rr_type,
+						 reply, IP_MAXPACKET);
+		}
+	}
 	if (tTd(8, 16))
 	{
 		_res.options = old_options;
 		sm_dprintf("dns_lookup(%s, %d, %s) --> %d\n",
 			   domain, rr_class, dns_type_to_string(rr_type), len);
 	}
-	if (len >= 0)
+	if (len >= 0 && len < IP_MAXPACKET && reply != NULL)
 		r = parse_dns_reply(reply, len);
+	if (reply != (unsigned char *)&reply_buf && reply != NULL)
+	{
+		sm_free(reply);
+		reply = NULL;
+	}
 	if (retrans > 0)
 		_res.retrans = save_retrans;
 	if (retry > 0)
diff --git a/contrib/sendmail/src/srvrsmtp.c b/contrib/sendmail/src/srvrsmtp.c
index 49016e4..1e6a5d2 100644
--- a/contrib/sendmail/src/srvrsmtp.c
+++ b/contrib/sendmail/src/srvrsmtp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2010 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
@@ -17,7 +17,7 @@
 # include <libmilter/mfdef.h>
 #endif /* MILTER */
 
-SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.989 2009/12/18 17:08:01 ca Exp $")
+SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.1008 2011/01/12 23:52:59 ca Exp $")
 
 #include <sm/time.h>
 #include <sm/fdset.h>
@@ -875,10 +875,8 @@ smtp(nullserver, d_flags, e)
 
 		/* XXX should these be options settable via .cf ? */
 		/* ssp.min_ssf = 0; is default due to memset() */
-		{
-			ssp.max_ssf = MaxSLBits;
-			ssp.maxbufsize = MAXOUTLEN;
-		}
+		ssp.max_ssf = MaxSLBits;
+		ssp.maxbufsize = MAXOUTLEN;
 		ssp.security_flags = SASLOpts & SASL_SEC_MASK;
 		sasl_ok = sasl_setprop(conn, SASL_SEC_PROPS, &ssp) == SASL_OK;
 
@@ -909,15 +907,6 @@ smtp(nullserver, d_flags, e)
 #endif /* SASL */
 
 #if STARTTLS
-# if USE_OPENSSL_ENGINE
-	if (tls_ok_srv && bitset(SRV_OFFER_TLS, features) &&
-	    !SSL_set_engine(NULL))
-	{
-		sm_syslog(LOG_ERR, NOQID,
-			  "STARTTLS=server, SSL_set_engine=failed");
-		tls_ok_srv = false;
-	}
-# endif /* USE_OPENSSL_ENGINE */
 
 
 	set_tls_rd_tmo(TimeOuts.to_nextcommand);
@@ -1836,6 +1825,21 @@ smtp(nullserver, d_flags, e)
 				break;
 			}
   starttls:
+# if USE_OPENSSL_ENGINE
+			if (!SSLEngineInitialized)
+			{
+				if (!SSL_set_engine(NULL))
+				{
+					sm_syslog(LOG_ERR, NOQID,
+						  "STARTTLS=server, SSL_set_engine=failed");
+					tls_ok_srv = false;
+					message("454 4.3.3 TLS not available right now");
+					break;
+				}
+				else
+					SSLEngineInitialized = true;
+			}
+# endif /* USE_OPENSSL_ENGINE */
 # if TLS_NO_RSA
 			/*
 			**  XXX do we need a temp key ?
@@ -2260,8 +2264,7 @@ smtp(nullserver, d_flags, e)
 				message("250-AUTH %s", mechlist);
 #endif /* SASL */
 #if STARTTLS
-			if (tls_ok_srv &&
-			    bitset(SRV_OFFER_TLS, features))
+			if (tls_ok_srv && bitset(SRV_OFFER_TLS, features))
 				message("250-STARTTLS");
 #endif /* STARTTLS */
 			if (DeliverByMin > 0)
@@ -2622,7 +2625,7 @@ smtp(nullserver, d_flags, e)
 				goto rcpt_done;
 			}
 
-			if (e->e_sendmode != SM_DELIVER
+			if (!SM_IS_INTERACTIVE(e->e_sendmode)
 #if _FFR_DM_ONE
 			    && (NotFirstDelivery || SM_DM_ONE != e->e_sendmode)
 #endif /* _FFR_DM_ONE */
@@ -3724,6 +3727,7 @@ smtp_data(smtp, e)
 	_res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
 #endif /* NAMED_BIND */
 
+
 	for (ee = e; ee != NULL; ee = ee->e_sibling)
 	{
 		/* make sure we actually do delivery */
@@ -3767,18 +3771,18 @@ smtp_data(smtp, e)
 	oldid = CurEnv->e_id;
 	CurEnv->e_id = id;
 
-	/* issue success message */
+		/* issue success message */
 #if _FFR_MSG_ACCEPT
-	if (MessageAccept != NULL && *MessageAccept != '\0')
-	{
-		char msg[MAXLINE];
+		if (MessageAccept != NULL && *MessageAccept != '\0')
+		{
+			char msg[MAXLINE];
 
-		expand(MessageAccept, msg, sizeof(msg), e);
-		message("250 2.0.0 %s", msg);
-	}
-	else
+			expand(MessageAccept, msg, sizeof(msg), e);
+			message("250 2.0.0 %s", msg);
+		}
+		else
 #endif /* _FFR_MSG_ACCEPT */
-	message("250 2.0.0 %s Message accepted for delivery", id);
+		message("250 2.0.0 %s Message accepted for delivery", id);
 	CurEnv->e_id = oldid;
 
 	/* if we just queued, poke it */
@@ -4687,7 +4691,8 @@ proxy_policy(conn, context, requested_user, rlen, auth_identity, alen,
 		return SASL_FAIL;
 
 	macdefine(&BlankEnvelope.e_macro, A_TEMP,
-		  macid("{auth_authen}"), (char *) auth_identity);
+		  macid("{auth_authen}"),
+		  xtextify((char *) auth_identity, "=<>\")"));
 
 	return SASL_OK;
 }
diff --git a/contrib/sendmail/src/tls.c b/contrib/sendmail/src/tls.c
index 7031994..a57a05d 100644
--- a/contrib/sendmail/src/tls.c
+++ b/contrib/sendmail/src/tls.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000-2006, 2008, 2009 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 2000-2006, 2008, 2009, 2011 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  *
  * By using this file, you agree to the terms and conditions set
@@ -10,7 +10,7 @@
 
 #include <sendmail.h>
 
-SM_RCSID("@(#)$Id: tls.c,v 8.114 2009/08/10 15:11:09 ca Exp $")
+SM_RCSID("@(#)$Id: tls.c,v 8.118 2011/03/07 23:20:47 ca Exp $")
 
 #if STARTTLS
 #  include <openssl/err.h>
@@ -1168,7 +1168,7 @@ tls_get_info(ssl, srv, host, mac, certreq)
 	MACROS_T *mac;
 	bool certreq;
 {
-	SSL_CIPHER *c;
+	const SSL_CIPHER *c;
 	int b, r;
 	long verifyok;
 	char *s, *who;
@@ -1213,12 +1213,14 @@ tls_get_info(ssl, srv, host, mac, certreq)
 		macdefine(mac, A_TEMP, macid("{cert_issuer}"),
 			 xtextify(buf, "<>\")"));
 
+# define LL_BADCERT	8
+
 #define CHECK_X509_NAME(which)	\
 	do {	\
 		if (r == -1)	\
 		{		\
 			sm_strlcpy(buf, "BadCertificateUnknown", sizeof(buf)); \
-			if (LogLevel > 7)	\
+			if (LogLevel > LL_BADCERT)	\
 				sm_syslog(LOG_INFO, NOQID,	\
 					"STARTTLS=%s, relay=%.100s, field=%s, status=failed to extract CN",	\
 					who,	\
diff --git a/contrib/sendmail/src/udb.c b/contrib/sendmail/src/udb.c
index 29470e7..22b198e 100644
--- a/contrib/sendmail/src/udb.c
+++ b/contrib/sendmail/src/udb.c
@@ -15,9 +15,9 @@
 #include "map.h"
 
 #if USERDB
-SM_RCSID("@(#)$Id: udb.c,v 8.164 2006/12/19 19:49:51 ca Exp $ (with USERDB)")
+SM_RCSID("@(#)$Id: udb.c,v 8.165 2010/01/10 06:22:00 ca Exp $ (with USERDB)")
 #else /* USERDB */
-SM_RCSID("@(#)$Id: udb.c,v 8.164 2006/12/19 19:49:51 ca Exp $ (without USERDB)")
+SM_RCSID("@(#)$Id: udb.c,v 8.165 2010/01/10 06:22:00 ca Exp $ (without USERDB)")
 #endif /* USERDB */
 
 #if USERDB
@@ -1219,7 +1219,7 @@ _udbx_close()
 #  endif /* DB_VERSION_MAJOR < 2 */
 		}
 		if (tTd(28, 1))
-			sm_dprintf("_udbx_init: db->close(%s)\n",
+			sm_dprintf("_udbx_close: db->close(%s)\n",
 				up->udb_dbname);
 # endif /* NEWDB */
 	}
diff --git a/contrib/sendmail/src/usersmtp.c b/contrib/sendmail/src/usersmtp.c
index 23278b0..0de839e 100644
--- a/contrib/sendmail/src/usersmtp.c
+++ b/contrib/sendmail/src/usersmtp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2006, 2008, 2009 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2006, 2008-2010 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
@@ -13,7 +13,7 @@
 
 #include <sendmail.h>
 
-SM_RCSID("@(#)$Id: usersmtp.c,v 8.473 2009/06/17 17:26:51 ca Exp $")
+SM_RCSID("@(#)$Id: usersmtp.c,v 8.485 2010/07/23 21:09:38 ca Exp $")
 
 #include <sysexits.h>
 
@@ -33,7 +33,6 @@ extern void	sm_sasl_free __P((void *));
 **	This protocol is described in RFC821.
 */
 
-#define REPLYCLASS(r)	(((r) / 10) % 10)	/* second digit of reply code */
 #define SMTPCLOSING	421			/* "Service Shutting Down" */
 
 #define ENHSCN(e, d)	((e) == NULL ? (d) : (e))
@@ -136,8 +135,7 @@ smtpinit(m, mci, e, onlyhelo)
 	SmtpPhase = mci->mci_phase = "client greeting";
 	sm_setproctitle(true, e, "%s %s: %s",
 			qid_printname(e), CurHostName, mci->mci_phase);
-	r = reply(m, mci, e, TimeOuts.to_initial, esmtp_check, NULL,
-		XS_DEFAULT);
+	r = reply(m, mci, e, TimeOuts.to_initial, esmtp_check, NULL, XS_GREET);
 	if (r < 0)
 		goto tempfail1;
 	if (REPLYTYPE(r) == 4)
@@ -183,7 +181,7 @@ tryhelo:
 	r = reply(m, mci, e,
 		  bitnset(M_LMTP, m->m_flags) ? TimeOuts.to_lhlo
 					      : TimeOuts.to_helo,
-		  helo_options, NULL, XS_DEFAULT);
+		  helo_options, NULL, XS_EHLO);
 	if (r < 0)
 		goto tempfail1;
 	else if (REPLYTYPE(r) == 5)
@@ -336,7 +334,15 @@ str_union(s1, s2, rpool)
 	l1 = strlen(s1);
 	l2 = strlen(s2);
 	rl = l1 + l2;
-	res = (char *) sm_rpool_malloc(rpool, rl + 2);
+	if (rl <= 0)
+	{
+		sm_syslog(LOG_WARNING, NOQID,
+			  "str_union: stringlen1=%d, stringlen2=%d, sum=%d, status=overflow",
+			  l1, l2, rl);
+		res = NULL;
+	}
+	else
+		res = (char *) sm_rpool_malloc(rpool, rl + 2);
 	if (res == NULL)
 	{
 		if (l1 > l2)
@@ -409,9 +415,7 @@ helo_options(line, firstline, m, mci, e)
 
 	if (firstline)
 	{
-#if SASL
-		mci->mci_saslcap = NULL;
-#endif /* SASL */
+		mci_clr_extensions(mci);
 #if _FFR_IGNORE_EXT_ON_HELO
 		logged = false;
 #endif /* _FFR_IGNORE_EXT_ON_HELO */
@@ -472,7 +476,8 @@ helo_options(line, firstline, m, mci, e)
 #if SASL
 	else if (sm_strcasecmp(line, "auth") == 0)
 	{
-		if (p != NULL && *p != '\0')
+		if (p != NULL && *p != '\0' &&
+		    !bitset(MCIF_AUTH2, mci->mci_flags))
 		{
 			if (mci->mci_saslcap != NULL)
 			{
@@ -484,7 +489,7 @@ helo_options(line, firstline, m, mci, e)
 
 				mci->mci_saslcap = str_union(mci->mci_saslcap,
 							     p, mci->mci_rpool);
-				mci->mci_flags |= MCIF_AUTH;
+				mci->mci_flags |= MCIF_AUTH2;
 			}
 			else
 			{
@@ -501,6 +506,9 @@ helo_options(line, firstline, m, mci, e)
 				}
 			}
 		}
+		if (tTd(95, 5))
+			sm_syslog(LOG_DEBUG, NOQID, "AUTH flags=%lx, mechs=%s",
+				mci->mci_flags, mci->mci_saslcap);
 	}
 #endif /* SASL */
 }
@@ -1606,13 +1614,11 @@ attemptauth(m, mci, e, sai)
 	(void) memset(&ssp, '\0', sizeof(ssp));
 
 	/* XXX should these be options settable via .cf ? */
-	{
-		ssp.max_ssf = MaxSLBits;
-		ssp.maxbufsize = MAXOUTLEN;
+	ssp.max_ssf = MaxSLBits;
+	ssp.maxbufsize = MAXOUTLEN;
 #  if 0
-		ssp.security_flags = SASL_SEC_NOPLAINTEXT;
+	ssp.security_flags = SASL_SEC_NOPLAINTEXT;
 #  endif /* 0 */
-	}
 	saslresult = sasl_setprop(mci->mci_conn, SASL_SEC_PROPS, &ssp);
 	if (saslresult != SASL_OK)
 		return EX_TEMPFAIL;
@@ -2175,7 +2181,7 @@ smtpmailfrom(m, mci, e)
 	SmtpPhase = mci->mci_phase = "client MAIL";
 	sm_setproctitle(true, e, "%s %s: %s", qid_printname(e),
 			CurHostName, mci->mci_phase);
-	r = reply(m, mci, e, TimeOuts.to_mail, NULL, &enhsc, XS_DEFAULT);
+	r = reply(m, mci, e, TimeOuts.to_mail, NULL, &enhsc, XS_MAIL);
 	if (r < 0)
 	{
 		/* communications failure */
@@ -2427,7 +2433,7 @@ smtprcptstat(to, m, mci, e)
 	}
 
 	enhsc = NULL;
-	r = reply(m, mci, e, TimeOuts.to_rcpt, NULL, &enhsc, XS_DEFAULT);
+	r = reply(m, mci, e, TimeOuts.to_rcpt, NULL, &enhsc, XS_RCPT);
 	save_errno = errno;
 	to->q_rstatus = sm_rpool_strdup_x(e->e_rpool, SmtpReplyBuffer);
 	to->q_status = ENHSCN_RPOOL(enhsc, smtptodsn(r), e->e_rpool);
@@ -2588,7 +2594,7 @@ smtpdata(m, mci, e, ctladdr, xstart)
 	mci->mci_state = MCIS_DATA;
 	sm_setproctitle(true, e, "%s %s: %s",
 			qid_printname(e), CurHostName, mci->mci_phase);
-	r = reply(m, mci, e, TimeOuts.to_datainit, NULL, &enhsc, XS_DEFAULT);
+	r = reply(m, mci, e, TimeOuts.to_datainit, NULL, &enhsc, XS_DATA);
 	if (r < 0 || REPLYTYPE(r) == 4)
 	{
 		if (r >= 0)
@@ -2722,7 +2728,7 @@ smtpdata(m, mci, e, ctladdr, xstart)
 			CurHostName, mci->mci_phase);
 	if (bitnset(M_LMTP, m->m_flags))
 		return EX_OK;
-	r = reply(m, mci, e, TimeOuts.to_datafinal, NULL, &enhsc, XS_DEFAULT);
+	r = reply(m, mci, e, TimeOuts.to_datafinal, NULL, &enhsc, XS_EOM);
 	if (r < 0)
 		return EX_TEMPFAIL;
 	if (mci->mci_state == MCIS_DATA)
@@ -2807,7 +2813,7 @@ smtpgetstat(m, mci, e)
 	enhsc = NULL;
 
 	/* check for the results of the transaction */
-	r = reply(m, mci, e, TimeOuts.to_datafinal, NULL, &enhsc, XS_DEFAULT);
+	r = reply(m, mci, e, TimeOuts.to_datafinal, NULL, &enhsc, XS_DATA2);
 	if (r < 0)
 		return EX_TEMPFAIL;
 	xstat = EX_NOTSTICKY;
@@ -2893,8 +2899,7 @@ smtpquit(m, mci, e)
 		SmtpPhase = "client QUIT";
 		mci->mci_state = MCIS_QUITING;
 		smtpmessage("QUIT", m, mci);
-		(void) reply(m, mci, e, TimeOuts.to_quit, NULL, NULL,
-				XS_DEFAULT);
+		(void) reply(m, mci, e, TimeOuts.to_quit, NULL, NULL, XS_QUIT);
 		SuprErrs = oldSuprErrs;
 		if (mci->mci_state == MCIS_CLOSED)
 			goto end;
@@ -3233,14 +3238,17 @@ reply(m, mci, e, timeout, pfunc, enhstat, rtype)
 		if (pfunc != NULL)
 			(*pfunc)(bufp, firstline, m, mci, e);
 
-		firstline = false;
-
 		/* decode the reply code */
 		r = atoi(bufp);
 
 		/* extra semantics: 0xx codes are "informational" */
 		if (r < 100)
+		{
+			firstline = false;
 			continue;
+		}
+
+		firstline = false;
 
 		/* if no continuation lines, return this line */
 		if (bufp[3] != '-')
diff --git a/contrib/sendmail/src/version.c b/contrib/sendmail/src/version.c
index cb94d0f..4f156c2 100644
--- a/contrib/sendmail/src/version.c
+++ b/contrib/sendmail/src/version.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2009 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2011 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1983 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
@@ -13,6 +13,6 @@
 
 #include <sm/gen.h>
 
-SM_RCSID("@(#)$Id: version.c,v 8.218 2009/12/23 04:43:09 ca Exp $")
+SM_RCSID("@(#)$Id: version.c,v 8.227 2011/04/26 23:02:35 ca Exp $")
 
-char	Version[] = "8.14.4";
+char	Version[] = "8.14.5";