This commit was generated by cvs2svn to compensate for changes in r27876,

which included commits to RCS files with non-trunk default branches.

23 files changed, 727 insertions, 259 deletions

diff --git a/usr.sbin/sendmail/FAQ b/usr.sbin/sendmail/FAQ
index 28f957c..522e7c8 100644
--- a/usr.sbin/sendmail/FAQ
+++ b/usr.sbin/sendmail/FAQ
@@ -1,11 +1,11 @@
 The FAQ is no longer maintained with the sendmail release.  It is
 posted regularly to comp.mail.sendmail, comp.mail.misc, comp.mail.smail,
 comp.answers, and news.answers, and can be obtained via anonymous FTP
-from ftp://rtfm.mit.edu/pub/usenet/news.answers/mail/sendmail-faq.
+from ftp://rtfm.mit.edu/pub/usenet/news.answers/mail/sendmail-faq/.
 If you do not have access to anonymous FTP, you can retrieve it by
 sending email to mail-server@rtfm.mit.edu with the command "send
 usenet/news.answers/mail/sendmail-faq" in the message.
 
-An HTML version is also available at http://www.sendmail.org/faq.
+An HTML version is also available at http://www.sendmail.org/faq/.
 
-				--Eric Allman		14 June 1997
+				--Eric Allman		19 June 1997
diff --git a/usr.sbin/sendmail/READ_ME b/usr.sbin/sendmail/READ_ME
index e632ca4..08b5aff 100644
--- a/usr.sbin/sendmail/READ_ME
+++ b/usr.sbin/sendmail/READ_ME
@@ -1,5 +1,5 @@
 /*-
- *	@(#)READ_ME	8.30 (Berkeley) 5/8/97
+ *	@(#)READ_ME	8.32 (Berkeley) 7/6/97
  */
 
 			SENDMAIL RELEASE 8
@@ -164,10 +164,10 @@ RFC1035.
 IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE:  ****  DO NOT  ****
 use the version that was on the Net2 tape -- it has a number of
 nefarious bugs that were bad enough when I got them; you shouldn't have
-to go through the same thing.  Instead, get a new version via public
-FTP from ftp.sleepycat.com, file db/packages/db.1.85.tar.gz.  This
-software is highly recommended; it gets rid of several stupid limits, it's
-much faster, and the interface is nicer to animals and plants.  You will
+to go through the same thing.  Instead, get a new version via the web at
+http://www.sleepycat.com/packages/db.1.85.tar.gz.  This software is
+highly recommended; it gets rid of several stupid limits, it's much
+faster, and the interface is nicer to animals and plants.  You will
 also probably find that you have to add -I/where/you/put/db/include
 to the sendmail makefile to get db.h to work properly.
 
@@ -253,6 +253,34 @@ Makefiles, so you could drop it in as your default make.
 For more details, see src/READ_ME.
 
 
++-----------------------+
+| DIRECTORY PERMISSIONS |
++-----------------------+
+
+Sendmail often gets blamed for many problems that are actually the
+result of other problems, such as overly permissive modes on directories.
+For this reason, sendmail checks the modes on system directories and
+files to determine if they have been trusted.  For sendmail to run
+without complaining, you MUST execute the following command:
+
+	chmod go-w / /etc /usr /var /var/spool /var/spool/mqueue
+
+You will probably have to tweak this for your environment (for example,
+some systems put the spool directory into /usr/spool instead of
+/var/spool).  As a general rule, after you have compiled sendmail,
+run the command
+
+	sendmail -v -bi
+
+to initialize the alias database.  If it gives messages such as
+
+	WARNING: writable directory /etc
+	WARNING: writable directory /usr/spool/mqueue
+
+then the directories listed have inappropriate write permissions and
+should be secured to avoid various possible security attacks.
+
+
 +---------------------+
 | DIRECTORY STRUCTURE |
 +---------------------+
diff --git a/usr.sbin/sendmail/RELEASE_NOTES b/usr.sbin/sendmail/RELEASE_NOTES
index 77d72f9..9f4f3ab 100644
--- a/usr.sbin/sendmail/RELEASE_NOTES
+++ b/usr.sbin/sendmail/RELEASE_NOTES
@@ -1,11 +1,163 @@
 			SENDMAIL RELEASE NOTES
-	     @(#)RELEASE_NOTES	8.8.6.11 (Berkeley) 6/14/97
+	     @(#)RELEASE_NOTES	8.8.7.7 (Berkeley) 8/3/97
 
 
 This listing shows the version of the sendmail binary, the version
 of the sendmail configuration files, the date of release, and a
 summary of the changes in that release.
 
+8.8.7/8.8.7	97/08/03
+	If using Berkeley DB on systems without O_EXLOCK (open a file with
+		an exclusive lock already set -- i.e., almost all systems
+		except 4.4-BSD derived systems), the initial attempt at
+		rebuilding aliases file if the database didn't already
+		exist would fail.  Patch from Raymund Will of LST Software
+		GmbH.
+	Bogus incoming SMTP commands would reset the SMTP conversation.
+		Problem noted by Fredrik Jönsson of the Royal Institute
+		of Technology, Stockholm.
+	Since TCP Wrappers includes setenv(), unsetenv(), and putenv(),
+		some environments could give "multiple definitions" for these
+		routines during compilation.  If using TCP Wrappers, assume
+		that these routines are included as though they were in the
+		C library.  Patch from Robert La Ferla.
+	When a NEWDB database map was rebuilt at the same time it was being
+		used by a queue run, the maps could be left locked for the
+		duration of the queue run, causing other processes to hang.
+		Problem noted by Kendall Libby of Shore.NET.
+	In some cases, NoRecipientAction=add-bcc was being ignored, so the
+		mail was passed on without any recipient header.  This could
+		cause problems downstream.  Problem noted by Xander Jansen
+		of SURFnet ExpertiseCentrum.
+	Give error when GDBM is used with sendmail.  GDBM's locking and
+		linking of the .dir and .pag files interferes with sendmail's
+		locking and security checks.  Problems noted by Fyodor
+		Yarochkin of the Kyrgyz Republic FreeNet.
+	Don't fsync qf files if SuperSafe option is not set.
+	Avoid extra calls to gethostbyname for addresses for which a
+		gethostbyaddr found no value.  Also, ignore any returns
+		from gethostbyaddr that look like a dotted quad.
+	If PTR lookup fails when looking up an SMTP peer, don't tag it as
+		"may be forged", since at the network level we pretty much
+		have to assume that the information is good.
+	In some cases, errors during an SMTP session could leave files
+		open or locked.
+	Better handling of missing file descriptors (0, 1, 2) on startup.
+	Better handling of non-setuid binaries -- avoids certain obnoxious
+		errors during testing.
+	Errors in file locking of NEWDB maps had the incorrect file name
+		printed in the error message.
+	If the AllowBogusHELO option were set and an EHLO with a bad or
+		missing parameter were issued, the EHLO behaved like a HELO.
+	Load limiting never kicked in for incoming SMTP transactions if the
+		DeliverMode=background and any recipient was an alias or
+		had a .forward file.  From Nik Conwell of Boston University.
+	On some non-Posix systems, the decision of whether chown(2) permits
+		file giveaway was undefined.  From Tetsu Ushijima of the
+		Tokyo Institute of Technology.
+	Fix race condition that could cause the body of a message to be
+		lost (so only the header was delivered).  This only occurs
+		on systems that do not use flock(2), and only when a queue
+		runner runs during a critical section in another message
+		delivery.  Based on a patch from Steve Schweinhart of
+		Results Computing.
+	If a qf file was found in a mail queue directory that had a problem
+		(wrong ownership, bad format, etc.) and the file name was
+		exactly MAXQFNAME bytes long, then instead of being tried
+		once, it would be tried on every queue run.  Problem noted
+		by Bryan Costales of Mercury Mail.
+	If the system supports an st_gen field in the status structure,
+		include it when reporting that a file has changed after open.
+		This adds a new compile flag, HAS_ST_GEN (0/1 option).
+		This out to be checked as well as reported, since it is
+		theoretically possible for an attacker to remove a file after
+		it is opened and replace it with another file that has the
+		same i-number, but some filesystems (notably AFS) return
+		garbage in this field, and hence always look like the file
+		has changed.  As a practical matter this is not a security
+		problem, since the files can be neither hard nor soft links,
+		and on no filesystem (that I am aware of) is it possible to
+		have two files on the same filesystem with the same i-number
+		simultaneously.
+	Delete the root Makefile from the distribution -- it is only for
+		use internally, and does not work at customer sites.
+	Fix botch that caused the second MAIL FROM: command in a single
+		transaction to clear the entire transaction.  Problem
+		noted by John Kennedy of Cal State University, Chico.
+	Work properly on machines that have _PATH_VARTMP defined without
+		a trailing slash.  (And a pox on vendors that decide to
+		ignore the established conventions!)  Problem noted by
+		Gregory Neil Shapiro of WPI.
+	Internal changes to make it easier to add another protocol family
+		(intended for IPv6).  Patches are from John Kennedy of
+		CSU Chico.
+	In certain cases, 7->8 bit MIME decoding of Base64 text could leave
+		an extra space at the beginning of some lines.  Problem
+		noted by Charles Karney of Princeton University; fix based
+		on a patch from Christophe Wolfhugel.
+	Portability:
+		Allow _PATH_VENDOR_CF to be set in Makefile for consistency
+			with the _Sendmail_ book, 2nd edition.  Note that
+			the book is actually wrong: _PATH_SENDMAILCF should
+			be used instead.
+		AIX 3.x: Include <sys/select.h>.  Patch from Gene Rackow
+			of Argonne National Laboratory.
+		OpenBSD from from Paul DuBois of the University of Wisconsin.
+		RISC/os 4.0 from Paul DuBois of the University of Wisconsin.
+		SunOS: Include <memory.h> to fix warning from util.c.  From
+			James Aldridge of EUnet Ltd.
+		Solaris: Change STDIR (location of status file) to /etc/mail
+			in Makefiles.
+		Linux, Dynix, UNICOS: Remove -DNDBM and -lgdbm from
+			Makefiles.  Use NEWDB on Linux instead.
+		NCR MP-RAS 3.x with STREAMware TCP/IP: SIOCGIFNUM ioctl
+			exists but behaves differently than other OSes.
+			Add SIOCGIFNUM_IS_BROKEN compile flag to get
+			around the problem.  Problem noted by Tom Moore of
+			NCR Corp.
+		HP-UX 9.x: fix compile warnings for old select API.  Problem
+			noted by Tom Smith of Digital Equipment Corp.
+		UnixWare 2.x: compile warnings on offsetof macro.  Problem
+			noted by Tom Good of the Community Access Information
+			Resource Network
+		SCO 4.2: compile problems caused by a change in the type of
+			the "length" parameters passed to accept, getpeername,
+			getsockname, and getsockopt.  Adds new compile flags
+			SOCKADDR_SIZE_T and SOCKOPT_SIZE_T.  Problem reported
+			by Tom Good of St. Vincent's North Richmond Community
+			Mental Health Center Residential Services.
+		AIX 4: Use size_t for SOCKADDR_SIZE_T and SOCKOPT_SIZE_T.
+			Suggested by Brett Hogden of Rochester Gas & Electric
+			Corp.
+		Linux: avoid compile problem for versions of <setjmp.h> that
+			#define both setjmp and longjmp.  Problem pointed out
+			by J.R. Oldroyd of TerraNet.
+		CONFIG: SCO UnixWare 2.1: Support for OSTYPE(sco-uw-2.1)
+			from Christopher Durham of SCO.
+		CONFIG: NEXTSTEP: define confCW_FILE to
+			/etc/sendmail/sendmail.cw to match the usual
+			configuration.  Patch from Dennis Glatting of
+			PlainTalk.
+	CONFIG: MAILER(fax) called a program that hasn't existed for a long
+		time.  Convert to use the HylaFAX 4.0 conventions.  Suggested
+		by Harry Styron.
+	CONFIG: Improve sample anti-spam rulesets in cf/cf/knecht.mc.  These
+		are the rulesets in use on sendmail.org.
+	MAKEMAP: give error on GDBM files.
+	MAIL.LOCAL: Make error messages a bit more explicit, for example,
+		telling more details on what actually changed when "file
+		changed after open".
+	CONTRIB: etrn.pl: Ignore comments in Fw files.  Support multiple Fw
+		files.
+	CONTRIB: passwd-to-alias.pl: Handle 8 bit characters and '-'.
+	NEW FILES:
+		src/Makefiles/Makefile.OpenBSD
+		src/Makefiles/Makefile.RISCos.4_0
+		test/t_exclopen.c
+		cf/ostype/sco-uw-2.1.m4
+	DELETED FILES:
+		Makefile
+
 8.8.6/8.8.6	97/06/14
 	    *************************************************************
 	    * The extensive assistance of Gregory Neil Shapiro of WPI	*
@@ -303,7 +455,6 @@ summary of the changes in that release.
 		cf/ostype/gnuhurd.m4
 		cf/ostype/irix6.m4
 		contrib/passwd-to-alias.pl
-		test/t_exclopen.c
 		src/Makefiles/Makefile.IRIX64.6.1
 		src/Makefiles/Makefile.IRIX64.6.x
 	RENAMED FILES:
diff --git a/usr.sbin/sendmail/cf/README b/usr.sbin/sendmail/cf/README
index a41ea37..af8cdb1 100644
--- a/usr.sbin/sendmail/cf/README
+++ b/usr.sbin/sendmail/cf/README
@@ -4,7 +4,7 @@
 
 		Eric Allman <eric@CS.Berkeley.EDU>
 
-		@(#)README	8.120 (Berkeley) 6/14/97
+		@(#)README	8.122 (Berkeley) 7/6/97
 
 
 This document describes the sendmail configuration files being used
@@ -443,8 +443,8 @@ usenet		Usenet (network news) delivery.  If this is specified,
 		and may be considered a security problem.
 
 fax		Facsimile transmission.  This is experimental and based
-		on Sam Leffler's FlexFAX software.  For more information,
-		see below.
+		on Sam Leffler's HylaFAX software.  For more information,
+		see http://www.vix.com/hylafax/.
 
 pop		Post Office Protocol.
 
@@ -1297,133 +1297,6 @@ In general, file giveaways are a mistake -- if you can turn them
 off I recommend you do so.
 
 
-+------------------+
-| FlexFAX SOFTWARE |
-+------------------+
-
-Sam Leffler's FlexFAX software is still in beta test -- but he expects a
-public version out "later this week" [as of 3/1/93].  The following
-blurb is direct from Sam:
-
-	$Header: /usr/people/sam/fax/RCS/HOWTO,v 1.14 93/05/24 11:42:16 sam Exp $
-
-	How To Obtain This Software (in case all you get is this file)
-	--------------------------------------------------------------
-	The source code is available for public ftp on
-	    sgi.com			sgi/fax/v2.1.src.tar.Z
-		(192.48.153.1)
-
-	You can also obtain inst'able images for Silicon Graphics machines from
-	    sgi.com			sgi/fax/v2.1.inst.tar
-		(192.48.153.1)
-
-	For example,
-	    % ftp -n sgi.com
-	    ....
-	    ftp> user anonymous
-	    ... <type in password>
-	    ftp> cd sgi/fax
-	    ftp> binary
-	    ftp> get v2.1.src.tar.Z
-
-	In general, the latest version of the 2.1 release of the software is
-	always available as "v2.1.src.tar.Z" or "v2.1.inst.tar" in the ftp
-	directory.  This file is a link to the appropriate released version (so
-	don't waste your time retrieving the linked file as well!) Any files of
-	the form v2.1.*.patch are shell scripts that can be used to patch older
-	versions of the source code.  For example, the file v2.1.0.patch would
-	contain patches to update v2.1.0.tar.Z.  (Note to beta testers: this is
-	different than the naming conventions used during beta testing.) Patch
-	files only work to go between consecutive versions, so if you are
-	multiple versions behind the latest release, you will need to apply
-	each patch file between your current version and the latest.
-
-
-	Obtaining the Software by Electronic Mail
-	-----------------------------------------
-	Do not send me requests for the software; they will be ignored (without
-	response).  If you cannot use FTP at all, there is a service called
-	"ftpmail" available from gatekeeper.dec.com:  you can send e-mail to
-	this machine and it will use FTP to retrieve files for you and send you
-	the files back again via e-mail.  To find out more about the ftpmail
-	service, send a message to "ftpmail@gatekeeper.dec.com" whose body
-	consists of the single line "help".
-
-
-	Obtaining the Software Within Silicon Graphics
-	----------------------------------------------
-	Internal to Silicon Graphics there are inst'able images on the host
-	flake.asd in the directory /usr/dist.  Thus you can do something like:
-
-	    % inst -f flake.asd.sgi.com:/usr/dist/flexfax
-
-	to install the latest version of the software on your machine.
-
-
-	What to do Once You've Retrieved Stuff
-	--------------------------------------
-	The external distributions come in a compressed or uncompressed tar
-	file.  To extract the source distribution:
-
-	    % zcat v2.1.src.tar.Z | tar xf -
-
-	(uncompress and extract individual files in current directory).  To
-	unpack and install the client portion of the inst'able distribution:
-
-	    % mkdir dist
-	    % cd dist; tar xf ../v2.1.inst.tar; cd ..
-	    % inst -f dist/flexfax
-	    ...
-	    inst> go
-
-	(Note, the dist subdirectory is because some versions of inst fail if
-	the files are in the current directory.) Server binaries are also
-	included in the inst'able images as flexfax.server.*.  They are not
-	installed by default, so to get them also you need to do:
-
-	    % inst -f flexfax
-	    ...
-	    inst> install flexfax.server.*
-	    inst> go
-
-	The SGI binaries were built for Version 4.0.5H of the IRIX operating
-	system.  They should work w/o problem on earlier versions of the
-	system, but I have not fully tested this.  Also, note that to install a
-	server on an SGI machine, you need to have installed the Display
-	PostScript execution environment product (dps_eoe).  Otherwise, the fax
-	server will not be able to convert PostScript to facsimile for
-	transmission.
-
-	If you are working from the source distribution, look at the file
-	README in the top of the source tree.  If you are working from the inst
-	images, the subsystem flexfax.man.readme contains the README file and
-	other useful pieces of information--the installed files are placed in
-	the directory /usr/local/doc/flexfax).  Basically you will need to run
-	the faxaddmodem script to setup and configure your fax modem.  Consult
-	the README file and the manual page for faxaddmodem for information.
-
-
-	FlexFAX Mail List
-	-----------------
-	A mailing list for users of this software is located on sgi.com.
-	If you want to join this mailing list or have a list-related request
-	such as getting your name removed from it, send a request to
-
-	    majordomo@whizzer.wpd.sgi.com
-
-	For example, to subscribe, send the line "subscribe flexfax" in
-	the body of your message.  The line "help" will return a list of
-	the commands understood by the mailing list management software.
-
-	Submissions (including bug reports) should be directed to:
-
-	    flexfax@sgi.com
-
-	When corresponding about this software please always specify what
-	version you have, what system you're running on, and, if the problem is
-	specific to your modem, identify the modem and firmware revision.
-
-
 +--------------------------------+
 | TWEAKING CONFIGURATION OPTIONS |
 +--------------------------------+
@@ -1905,7 +1778,7 @@ MAILERS
    1	[e]smtp, relay	SMTP channel
    2	uucp-*		UNIX-to-UNIX Copy Program
    3	netnews		Network News delivery
-   4	fax		Sam Leffler's FlexFAX software
+   4	fax		Sam Leffler's HylaFAX software
    5	mail11		DECnet mailer
 
 
diff --git a/usr.sbin/sendmail/cf/m4/proto.m4 b/usr.sbin/sendmail/cf/m4/proto.m4
index dd085b5..78fa195 100644
--- a/usr.sbin/sendmail/cf/m4/proto.m4
+++ b/usr.sbin/sendmail/cf/m4/proto.m4
@@ -34,7 +34,7 @@ divert(-1)
 #
 divert(0)
 
-VERSIONID(`@(#)proto.m4	8.149 (Berkeley) 4/30/97')
+VERSIONID(`@(#)proto.m4	8.151 (Berkeley) 7/31/97')
 
 MAILER(local)dnl
 
@@ -871,7 +871,9 @@ S93
 
 # handle generics database
 define(`X', ifdef(`GENERICS_TABLE', `', `#'))dnl
-X`'R$+ < @ $=G . > 	$: < $1@$2 > $1 < @ $2 . > @	mark
+ifdef(`_GENERICS_ENTIRE_DOMAIN_',
+`X`'R$+ < @ $* $=G . >	$: < $1@$2$3 > $1 < @ $2$3 . > @	mark',
+`X`'R$+ < @ $=G . >	$: < $1@$2 > $1 < @ $2 . > @	mark')
 X`'R$+ < @ *LOCAL* >	$: < $1@$j > $1 < @ *LOCAL* > @	mark
 X`'R< $+ > $+ < $* > @	$: < $(generics $1 $: $) > $2 < $3 >
 X`'R< > $+ < @ $+ > 	$: < $(generics $1 $: $) > $1 < @ $2 >
diff --git a/usr.sbin/sendmail/cf/m4/version.m4 b/usr.sbin/sendmail/cf/m4/version.m4
index c9b3228..0e03173 100644
--- a/usr.sbin/sendmail/cf/m4/version.m4
+++ b/usr.sbin/sendmail/cf/m4/version.m4
@@ -32,8 +32,8 @@ divert(-1)
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-VERSIONID(`@(#)version.m4	8.8.6.1 (Berkeley) 6/14/97')
+VERSIONID(`@(#)version.m4	8.8.7.1 (Berkeley) 8/1/97')
 #
 divert(0)
 # Configuration version number
-DZ8.8.6`'ifdef(`confCF_VERSION', `/confCF_VERSION')
+DZ8.8.7`'ifdef(`confCF_VERSION', `/confCF_VERSION')
diff --git a/usr.sbin/sendmail/cf/mailer/fax.m4 b/usr.sbin/sendmail/cf/mailer/fax.m4
index 726c83a..7712465 100644
--- a/usr.sbin/sendmail/cf/mailer/fax.m4
+++ b/usr.sbin/sendmail/cf/mailer/fax.m4
@@ -4,7 +4,9 @@ PUSHDIVERT(-1)
 # Copyright (c) 1988, 1993
 #	The Regents of the University of California.  All rights reserved.
 #
-#	This assumes you already have Sam Leffler's FAX software.
+#  This assumes you already have Sam Leffler's HylaFAX software.
+#
+#  Tested with HylaFAX 4.0pl1
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -36,9 +38,9 @@ PUSHDIVERT(-1)
 #
 
 ifdef(`FAX_MAILER_ARGS',,
-	`define(`FAX_MAILER_ARGS', mailfax $u $h $f)')
+	`define(`FAX_MAILER_ARGS', faxmail -d $u@$h $f)')
 ifdef(`FAX_MAILER_PATH',,
-	`define(`FAX_MAILER_PATH', /usr/local/lib/fax/mailfax)')
+	`define(`FAX_MAILER_PATH', /usr/local/bin/faxmail)')
 ifdef(`FAX_MAILER_MAX',,
 	`define(`FAX_MAILER_MAX', 100000)')
 POPDIVERT
@@ -46,7 +48,7 @@ POPDIVERT
 ###   FAX Mailer specification   ###
 ####################################
 
-VERSIONID(`@(#)fax.m4	8.5 (Berkeley) 5/10/96')
+VERSIONID(`@(#)fax.m4	8.6 (Berkeley) 7/6/97')
 
 Mfax,		P=FAX_MAILER_PATH, F=DFMhu, S=14, R=24, M=FAX_MAILER_MAX, T=X-Phone/X-FAX/X-Unix,
 		A=FAX_MAILER_ARGS
diff --git a/usr.sbin/sendmail/cf/ostype/nextstep.m4 b/usr.sbin/sendmail/cf/ostype/nextstep.m4
index dcdf47c..80139756 100644
--- a/usr.sbin/sendmail/cf/ostype/nextstep.m4
+++ b/usr.sbin/sendmail/cf/ostype/nextstep.m4
@@ -34,8 +34,9 @@ divert(-1)
 #
 
 divert(0)
-VERSIONID(`@(#)nextstep.m4	8.7 (Berkeley) 9/25/96')
+VERSIONID(`@(#)nextstep.m4	8.8 (Berkeley) 6/18/97')
 define(`ALIAS_FILE', /etc/sendmail/aliases)dnl
+define(`confCW_FILE', /etc/sendmail/sendmail.cw)dnl
 ifdef(`HELP_FILE',, `define(`HELP_FILE', /usr/lib/sendmail.hf)')dnl
 ifdef(`STATUS_FILE',, `define(`STATUS_FILE', /etc/sendmail/sendmail.st)')dnl
 ifdef(`UUCP_MAILER_PATH',, `define(`UUCP_MAILER_PATH', /usr/bin/uux)')dnl
diff --git a/usr.sbin/sendmail/cf/ostype/sco-uw-2.1.m4 b/usr.sbin/sendmail/cf/ostype/sco-uw-2.1.m4
new file mode 100644
index 0000000..ebce499
--- /dev/null
+++ b/usr.sbin/sendmail/cf/ostype/sco-uw-2.1.m4
@@ -0,0 +1,16 @@
+#
+#  SCO UnixWare 2.1.2 ostype file
+#
+#	Contributed by Christopher Durham <chrisdu@SCO.COM> of SCO.
+#
+divert(0)
+VERSIONID(`@(#)sco-uw-2.1.m4	8.1 (Berkeley) 7/6/97')
+
+define(`ALIAS_FILE', /usr/lib/mail/aliases)dnl
+ifdef(`HELP_FILE',,`define(`HELP_FILE', /usr/ucblib/sendmail.hf)')dnl
+ifdef(`STATUS_FILE',,`define(`STATUS_FILE', /usr/ucblib/sendmail.st)')dnl
+define(`LOCAL_MAILER_PATH', `/usr/bin/rmail')dnl
+define(`LOCAL_MAILER_FLAGS', `fhCEn9')dnl
+define(`LOCAL_SHELL_FLAGS', `ehuP')dnl
+define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gmedium $h!rmail ($u)')dnl
+define(`LOCAL_MAILER_ARGS',`rmail $u')dnl
diff --git a/usr.sbin/sendmail/contrib/etrn.pl b/usr.sbin/sendmail/contrib/etrn.pl
index 6dfafaa..1e2cba9 100755
--- a/usr.sbin/sendmail/contrib/etrn.pl
+++ b/usr.sbin/sendmail/contrib/etrn.pl
@@ -70,6 +70,7 @@ $debug = $opt_d;
 $server = shift(@ARGV);
 @hosts = @ARGV;
 die $usage unless $server;
+@cwfiles = ();
 
 if (!@hosts) {
 	push(@hosts,$hostname);
@@ -82,6 +83,12 @@ if (!@hosts) {
 			chop($cwfile);
 			$optional = /^Fw-o/;
 			$cwfile =~ s,^Fw[^/]*,,;	# extract the file name
+
+			if (-r $cwfile) {
+			    push (@cwfiles, $cwfile);
+			} else {
+			    die "$cwfile is not readable" unless $optional;
+			}
 		}
 		if (/^Cw(.*)$/){		# look for a line starting with "Cw"
 			@cws = split (' ', $1);
@@ -93,17 +100,18 @@ if (!@hosts) {
 	}
 	close(CF);
 
-	if ($cwfile){
+	for $cwfile (@cwfiles) {
 		$0 = "$av0 - reading $cwfile";
 		if (open(CW, "<$cwfile")){
 			while (<CW>){
+			        next if /^\#/;
 				$thishost = $_;
 				chop($thishost);
 				push(@hosts, $thishost) unless $thishost =~ $hostname;
 			}
 			close(CW);
 		} else {
-			die "open $cwfile: $!" unless $optional;
+			die "open $cwfile: $!";
 		}
 	}
 }
diff --git a/usr.sbin/sendmail/contrib/passwd-to-alias.pl b/usr.sbin/sendmail/contrib/passwd-to-alias.pl
index b2bbab5..05a51b9 100644
--- a/usr.sbin/sendmail/contrib/passwd-to-alias.pl
+++ b/usr.sbin/sendmail/contrib/passwd-to-alias.pl
@@ -18,7 +18,9 @@ while (@a = getpwent) {
     }
 
     $fullname =~ s/\.*[ _]+\.*/./g;
-    if ($fullname =~ /^[a-zA-Z]+(\.[a-zA-Z]+)+$/) {
+    $fullname =~ tr [åäöÅÄÖé] [aaoAAOe];  # <hakan@af.lu.se> 1997-06-15
+    if ($fullname =~ /^[a-zA-Z][a-zA-Z-]+(\.[a-zA-Z][a-zA-Z-]+)+$/) {  
+#   if ($fullname =~ /^[a-zA-Z]+(\.[a-zA-Z]+)+$/) {    # Kari E. Hurtta
 	print "$fullname: $name\n";
     } else {
 	print "# $fullname: $name\n";
diff --git a/usr.sbin/sendmail/doc/op/op.me b/usr.sbin/sendmail/doc/op/op.me
index 6e288a5..fc8ca3a 100644
--- a/usr.sbin/sendmail/doc/op/op.me
+++ b/usr.sbin/sendmail/doc/op/op.me
@@ -30,7 +30,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"	@(#)op.me	8.104 (Berkeley) 3/10/97
+.\"	@(#)op.me	8.105 (Berkeley) 7/3/97
 .\"
 .\" eqn op.me | pic | troff -me
 .eh 'SMM:08-%''Sendmail Installation and Operation Guide'
@@ -67,7 +67,7 @@
 Eric Allman
 eric@Sendmail.ORG
 .sp
-Version 8.104
+Version 8.105
 .sp
 For Sendmail Version 8.8
 .)l
@@ -675,7 +675,7 @@ routines preset the mode reasonably,
 so this step can be skipped.
 The actual path of this file
 is defined in the
-.b A
+.b AliasFile
 option of the
 .i sendmail.cf
 file.
@@ -1179,6 +1179,32 @@ and the other system routines that would be necessary
 to make this work seamlessly.
 .sh 2 "The Alias Database"
 .pp
+After recipient addresses are read from the SMTP connection
+or command line
+they are parsed by ruleset 0,
+which must resolve to a
+{\c
+.i mailer ,
+.i host ,
+.i user }
+triple.
+If the flags selected by the
+.i mailer
+includes the
+.b A
+(aliasable) flag,
+the
+.i user
+part of the triple is looked up as the key
+(i.e., the left hand side)
+into the alias database
+If there is a match, the address is deleted from the send queue
+and all addresses on the right hand side of the alias
+are added in place of the alias that was found.
+This is a recursive operation,
+so aliases found in the right hand side of the alias
+are similarly expanded.
+.pp
 The alias database exists in two forms.
 One is a text form,
 maintained in the file
@@ -8159,7 +8185,7 @@ replace it with a blank sheet for double-sided output.
 .\".sz 10
 .\"Eric Allman
 .\".sp
-.\"Version 8.104
+.\"Version 8.105
 .\".ce 0
 .bp 3
 .ce
diff --git a/usr.sbin/sendmail/makemap/makemap.8 b/usr.sbin/sendmail/makemap/makemap.8
index 23ac522..3c1f6fa 100644
--- a/usr.sbin/sendmail/makemap/makemap.8
+++ b/usr.sbin/sendmail/makemap/makemap.8
@@ -29,7 +29,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     @(#)makemap.8	8.3 (Berkeley) 7/24/94
+.\"     @(#)makemap.8	8.4 (Berkeley) 7/23/97
 .\"
 .Dd November 16, 1992
 .Dt MAKEMAP 8
@@ -89,7 +89,7 @@ the second is the value.
 The value may contain
 ``%\fIn\fP''
 strings to indicated parameter substitution.
-Literal parentheses should be doubled
+Literal percents should be doubled
 (``%%'').
 Blank lines and lines beginning with ``#'' are ignored.
 .Ss Flags
diff --git a/usr.sbin/sendmail/src/READ_ME b/usr.sbin/sendmail/src/READ_ME
index 8046d41..154916a 100644
--- a/usr.sbin/sendmail/src/READ_ME
+++ b/usr.sbin/sendmail/src/READ_ME
@@ -30,7 +30,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-#	@(#)READ_ME	8.142 (Berkeley) 6/3/97
+#	@(#)READ_ME	8.148 (Berkeley) 8/1/97
 #
 
 This directory contains the source files for sendmail.
@@ -149,7 +149,7 @@ The options are:
 NEWDB		The new Berkeley DB package.  Some systems (e.g., BSD/OS and
 		Digital UNIX 4.0) have this package pre-installed.  If your
 		system does not have NEWDB installed, get the latest version
-		from FTP://ftp.sleepycat.com/db/packages/db.1.85.tar.gz.
+		from http://www.sleepycat.com/packages/db.1.85.tar.gz.
 		DO NOT use the version from the Net2 distribution.  If you are
 		still running BSD/386 1.x, you will also need to define
 		OLD_NEWDB.
@@ -295,6 +295,8 @@ HASULIMIT	Define this if you have the ulimit(2) syscall (System V
 HASWAITPID	Define this if you have the waitpid(2) syscall.
 HASGETDTABLESIZE
 		Define this if you have the getdtablesize(2) syscall.
+HAS_ST_GEN	Define this to 1 if your system has the st_gen field in
+		the stat structure (see stat(2)).
 USESTRERROR	Define this if you have the libc strerror function (which
 		should be declared in <errno.h>), and it should be used
 		instead of sys_errlist.
@@ -339,6 +341,12 @@ SLEEP_T		The type returned by the system sleep() function.
 ARBPTR_T	The type of an arbitrary pointer -- defaults to "void *".
 		If you are an very old compiler you may need to define
 		this to be "char *".
+SOCKADDR_LEN_T	The type used for the third parameter to accept(2),
+		getsockname(2), and getpeername(2), representing the
+		length of a struct sockaddr.  Defaults to int.
+SOCKOPT_LEN_T	The type used for the fifth parameter to getsockopt(2)
+		and setsockopt(2), representing the length of the option
+		buffer.  Defaults to int.
 LA_TYPE		The type of load average your kernel supports.  These
 		can be one of:
 		 LA_ZERO (1) -- it always returns the load average as
@@ -457,6 +465,14 @@ SAFENFSPATHCONF	Set this to 1 if and only if you have verified that a
 		assumption!  The test/t_pathconf.c program will try this
 		for you -- you have to run it in a directory that is
 		mounted from a server that allows file giveaway.
+SIOCGIFCONF_IS_BROKEN
+		Set this if your system has an SIOCGIFCONF ioctl defined,
+		but it doesn't behave the same way as "most" systems (BSD,
+		Solaris, SunOS, HP-UX, etc.)
+SIOCGIFNUM_IS_BROKEN
+		Set this if your system has an SIOCGIFNUM ioctl defined,
+		but it doesn't behave the same way as "most" systems
+		(Solaris, HP-UX).
 
 
 
@@ -633,6 +649,12 @@ GCC 2.7.x problems
 	problems.  I recommend against using -O on that architecture.  This
 	has been seen on FreeBSD 2.0.5 RELEASE.
 
+GDBM	GDBM does not work with sendmail 8.8 because the additional
+	security checks and file locking cause problems.  Unfortunately,
+	gdbm does not provide a compile flag in its version of ndbm.h so
+	the code can adapt.  We expect this to be fixed in 8.9, but
+	probably at the cost of a new command line compile flag.
+
 Configuration file location
 	Up to 8.6, sendmail tried to find the sendmail.cf file in the same
 	place as the vendors had put it, even when this was obviously
@@ -960,6 +982,7 @@ A/UX
 	then re-compile sendmail with "-lgdbm", "-DNDBM", and using the
 	ndbm.h header file that comes with the gnu-package. This makes
 	things behave properly.
+	  [NOTE: see comment above about GDBM]
 
 	I suppose porting the New Berkeley db package is another route,
 	however, I made a quick attempt at it, and found it difficult
@@ -1416,4 +1439,4 @@ version.c	The version number and information about this
 
 Eric Allman
 
-(Version 8.142, last update 6/3/97 11:34:09)
+(Version 8.148, last update 8/1/97 16:41:54)
diff --git a/usr.sbin/sendmail/src/TRACEFLAGS b/usr.sbin/sendmail/src/TRACEFLAGS
index e9d4818..db461db 100644
--- a/usr.sbin/sendmail/src/TRACEFLAGS
+++ b/usr.sbin/sendmail/src/TRACEFLAGS
@@ -55,6 +55,9 @@
 44	safefile.c	safefile, safedirpath, filechanged
 45	envelope.c	setsender
 46	envelope.c	openxscript
+47	main.c		drop_privileges
+48	parseaddr.c	rscheck
+48	conf.c		validate_connection
 49	conf.c		checkcompat
 50	envelope.c	dropenvelope
 51	queue.c		unlockqueue
diff --git a/usr.sbin/sendmail/src/envelope.c b/usr.sbin/sendmail/src/envelope.c
index 4dc07ae..3e0fc20 100644
--- a/usr.sbin/sendmail/src/envelope.c
+++ b/usr.sbin/sendmail/src/envelope.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)envelope.c	8.104 (Berkeley) 6/3/97";
+static char sccsid[] = "@(#)envelope.c	8.105 (Berkeley) 6/24/97";
 #endif /* not lint */
 
 #include "sendmail.h"
@@ -178,7 +178,7 @@ dropenvelope(e, fulldrop)
 		{
 			failure_return = TRUE;
 			if (q->q_owner == NULL && !emptyaddr(&e->e_from))
-				(void) sendtolist(e->e_from.q_paddr, NULL,
+				(void) sendtolist(e->e_from.q_paddr, NULLADDR,
 						  &e->e_errorqueue, 0, e);
 		}
 		else if (bitset(QPINGONSUCCESS, q->q_flags) &&
diff --git a/usr.sbin/sendmail/src/err.c b/usr.sbin/sendmail/src/err.c
index 5bec088..f4f95e6 100644
--- a/usr.sbin/sendmail/src/err.c
+++ b/usr.sbin/sendmail/src/err.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)err.c	8.62 (Berkeley) 6/5/97";
+static char sccsid[] = "@(#)err.c	8.64 (Berkeley) 7/25/97";
 #endif /* not lint */
 
 # include "sendmail.h"
@@ -112,7 +112,7 @@ syserr(fmt, va_alist)
 	puterrmsg(MsgBuf);
 
 	/* save this message for mailq printing */
-	if (!panic)
+	if (!panic && CurEnv != NULL)
 	{
 		if (CurEnv->e_message != NULL)
 			free(CurEnv->e_message);
@@ -140,9 +140,10 @@ syserr(fmt, va_alist)
 	}
 
 	if (LogLevel > 0)
-		sm_syslog(panic ? LOG_ALERT : LOG_CRIT, CurEnv->e_id,
-			"SYSERR(%s): %.900s",
-			uname, &MsgBuf[4]);
+		sm_syslog(panic ? LOG_ALERT : LOG_CRIT,
+			  CurEnv == NULL ? NOQID : CurEnv->e_id,
+			  "SYSERR(%s): %.900s",
+			  uname, &MsgBuf[4]);
 	switch (olderrno)
 	{
 	  case EBADF:
@@ -178,7 +179,7 @@ syserr(fmt, va_alist)
 		exit(EX_OSERR);
 	}
 	errno = 0;
-	if (QuickAbort || (OnlyOneError && !HoldErrs))
+	if (QuickAbort)
 		longjmp(TopFrame, 2);
 }
 /*
@@ -254,7 +255,7 @@ usrerr(fmt, va_alist)
 			"%.900s",
 			&MsgBuf[4]);
 
-	if (QuickAbort || (OnlyOneError && !HoldErrs))
+	if (QuickAbort)
 		longjmp(TopFrame, 1);
 }
 /*
@@ -397,7 +398,8 @@ putoutmsg(msg, holdmsg, heldmsg)
 		msg[0] = '4';
 
 	/* output to transcript if serious */
-	if (!heldmsg && CurEnv->e_xfp != NULL && strchr("45", msg[0]) != NULL)
+	if (!heldmsg && CurEnv != NULL && CurEnv->e_xfp != NULL &&
+	    strchr("45", msg[0]) != NULL)
 		fprintf(CurEnv->e_xfp, "%s\n", msg);
 
 	if (LogLevel >= 15 && (OpMode == MD_SMTP || OpMode == MD_DAEMON))
@@ -421,6 +423,9 @@ putoutmsg(msg, holdmsg, heldmsg)
 
 	(void) fflush(stdout);
 
+	if (OutChannel == NULL)
+		return;
+	
 	/* if DisConnected, OutChannel now points to the transcript */
 	if (!DisConnected &&
 	    (OpMode == MD_SMTP || OpMode == MD_DAEMON || OpMode == MD_ARPAFTP))
@@ -441,7 +446,8 @@ putoutmsg(msg, holdmsg, heldmsg)
 	**	rude servers don't read result.
 	*/
 
-	if (feof(InChannel) || ferror(InChannel) || strncmp(msg, "221", 3) == 0)
+	if (InChannel == NULL || feof(InChannel) || ferror(InChannel) ||
+	    strncmp(msg, "221", 3) == 0)
 		return;
 
 	/* can't call syserr, 'cause we are using MsgBuf */
@@ -474,8 +480,16 @@ puterrmsg(msg)
 	/* output the message as usual */
 	putoutmsg(msg, HoldErrs, FALSE);
 
+	/* be careful about multiple error messages */
+	if (OnlyOneError)
+		HoldErrs = TRUE;
+
 	/* signal the error */
 	Errors++;
+
+	if (CurEnv == NULL)
+		return;
+	
 	if (msgcode == '6')
 	{
 		/* notify the postmaster */
diff --git a/usr.sbin/sendmail/src/map.c b/usr.sbin/sendmail/src/map.c
index e0a0fd2..88e82b1 100644
--- a/usr.sbin/sendmail/src/map.c
+++ b/usr.sbin/sendmail/src/map.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)map.c	8.168 (Berkeley) 6/14/97";
+static char sccsid[] = "@(#)map.c	8.181 (Berkeley) 7/9/97";
 #endif /* not lint */
 
 #include "sendmail.h"
@@ -113,14 +113,6 @@ extern bool	extract_canonname __P((char *, char *, char[], int));
 # define LOCK_ON_OPEN	0	/* no such luck -- bend over backwards */
 #endif
 
-#ifndef O_LEAVELOCKED
-# if O_SHLOCK
-#  define O_LEAVELOCKED	O_SHLOCK
-# else
-#  define O_LEAVELOCKED	0x1000
-# endif
-#endif
-
 #ifndef O_ACCMODE
 # define O_ACCMODE	(O_RDONLY|O_WRONLY|O_RDWR)
 #endif
@@ -733,7 +725,7 @@ extract_canonname(name, line, cbuf, cbuflen)
 #ifdef NDBM
 
 /*
-**  DBM_MAP_OPEN -- DBM-style map open
+**  NDBM_MAP_OPEN -- DBM-style map open
 */
 
 bool
@@ -743,7 +735,8 @@ ndbm_map_open(map, mode)
 {
 	register DBM *dbm;
 	struct stat st;
-	int fd;
+	int dfd;
+	int pfd;
 	int sff;
 	int ret;
 	int smode = S_IREAD;
@@ -760,10 +753,10 @@ ndbm_map_open(map, mode)
 	/* do initial file and directory checks */
 	snprintf(dirfile, sizeof dirfile, "%s.dir", map->map_file);
 	snprintf(pagfile, sizeof pagfile, "%s.pag", map->map_file);
-	sff = SFF_ROOTOK|SFF_REGONLY|SFF_CREAT;
+	sff = SFF_ROOTOK|SFF_REGONLY;
 	if (mode == O_RDWR)
 	{
-		sff |= SFF_NOLINK;
+		sff |= SFF_NOLINK|SFF_CREAT;
 		smode = S_IWRITE;
 	}
 	else
@@ -786,13 +779,21 @@ ndbm_map_open(map, mode)
 		return FALSE;
 	}
 	if (std.st_mode == ST_MODE_NOFILE)
-		mode |= O_EXCL;
+		mode |= O_CREAT|O_EXCL;
+
+	/* heuristic: if files are linked, this is actually gdbm */
+	if (std.st_dev == stp.st_dev && std.st_ino == stp.st_ino)
+	{
+		syserr("dbm map \"%s\": cannot support GDBM",
+			map->map_mname);
+		return FALSE;
+	}
 
 #if LOCK_ON_OPEN
 	if (mode == O_RDONLY)
 		mode |= O_SHLOCK;
 	else
-		mode |= O_CREAT|O_TRUNC|O_EXLOCK;
+		mode |= O_TRUNC|O_EXLOCK;
 #else
 	if ((mode & O_ACCMODE) == O_RDWR)
 	{
@@ -804,7 +805,7 @@ ndbm_map_open(map, mode)
 		**	but there isn't anything we can do about it.
 		*/
 
-		mode |= O_CREAT|O_TRUNC;
+		mode |= O_TRUNC;
 # else
 		/*
 		**  This ugly code opens the map without truncating it,
@@ -815,29 +816,57 @@ ndbm_map_open(map, mode)
 		int dirfd;
 		int pagfd;
 
-		dirfd = safeopen(dirfile, mode|O_CREAT, DBMMODE,
+		dirfd = safeopen(dirfile, mode, DBMMODE,
 				 SFF_NOLINK|SFF_CREAT|SFF_OPENASROOT);
-		pagfd = safeopen(pagfile, mode|O_CREAT, DBMMODE,
+		pagfd = safeopen(pagfile, mode, DBMMODE,
 				 SFF_NOLINK|SFF_CREAT|SFF_OPENASROOT);
 
 		if (dirfd < 0 || pagfd < 0)
 		{
+			int save_errno = errno;
+
+			if (dirfd >= 0)
+				(void) close(dirfd);
+			if (pagfd >= 0)
+				(void) close(pagfd);
+			errno = save_errno;
 			syserr("ndbm_map_open: cannot create database %s",
 				map->map_file);
-			close(dirfd);
-			close(pagfd);
 			return FALSE;
 		}
-		if (ftruncate(dirfd, (off_t) 0) < 0)
-			syserr("ndbm_map_open: cannot truncate %s.dir",
+		if (ftruncate(dirfd, (off_t) 0) < 0 ||
+		    ftruncate(pagfd, (off_t) 0) < 0)
+		{
+			int save_errno = errno;
+
+			(void) close(dirfd);
+			(void) close(pagfd);
+			errno = save_errno;
+			syserr("ndbm_map_open: cannot truncate %s.{dir,pag}",
 				map->map_file);
-		if (ftruncate(pagfd, (off_t) 0) < 0)
-			syserr("ndbm_map_open: cannot truncate %s.pag",
+			return FALSE;
+		}
+
+		/* if new file, get "before" bits for later filechanged check */
+		if (std.st_mode == ST_MODE_NOFILE &&
+		    (fstat(dirfd, &std) < 0 || fstat(pagfd, &stp) < 0))
+		{
+			int save_errno = errno;
+
+			(void) close(dirfd);
+			(void) close(pagfd);
+			errno = save_errno;
+			syserr("ndbm_map_open(%s.{dir,pag}): cannot fstat pre-opened file",
 				map->map_file);
+			return FALSE;
+		}
 
 		/* have to save the lock for the duration (bletch) */
 		map->map_lockfd = dirfd;
 		close(pagfd);
+
+		/* twiddle bits for dbm_open */
+		mode &= ~(O_CREAT|O_EXCL);
 # endif
 	}
 #endif
@@ -846,37 +875,46 @@ ndbm_map_open(map, mode)
 	dbm = dbm_open(map->map_file, mode, DBMMODE);
 	if (dbm == NULL)
 	{
+		int save_errno = errno;
+
 		if (bitset(MF_ALIAS, map->map_mflags) &&
 		    aliaswait(map, ".pag", FALSE))
 			return TRUE;
-		if (!bitset(MF_OPTIONAL, map->map_mflags))
-			syserr("Cannot open DBM database %s", map->map_file);
 #if !LOCK_ON_OPEN && !NOFTRUNCATE
 		if (map->map_lockfd >= 0)
 			close(map->map_lockfd);
 #endif
+		errno = save_errno;
+		if (!bitset(MF_OPTIONAL, map->map_mflags))
+			syserr("Cannot open DBM database %s", map->map_file);
 		return FALSE;
 	}
-	if (filechanged(dirfile, dbm_dirfno(dbm), &std, sff) ||
-	    filechanged(pagfile, dbm_pagfno(dbm), &stp, sff))
+	dfd = dbm_dirfno(dbm);
+	pfd = dbm_pagfno(dbm);
+	if (filechanged(dirfile, dfd, &std, sff) ||
+	    filechanged(pagfile, pfd, &stp, sff))
 	{
-		syserr("ndbm_map_open(%s): file changed after open",
-			map->map_file);
+		int save_errno = errno;
+
 		dbm_close(dbm);
 #if !LOCK_ON_OPEN && !NOFTRUNCATE
 		if (map->map_lockfd >= 0)
 			close(map->map_lockfd);
 #endif
+		errno = save_errno;
+		syserr("ndbm_map_open(%s): file changed after open",
+			map->map_file);
 		return FALSE;
 	}
 
-	map->map_db1 = (void *) dbm;
-	fd = dbm_dirfno((DBM *) map->map_db1);
+	map->map_db1 = (ARBPTR_T) dbm;
 	if (mode == O_RDONLY)
 	{
 #if LOCK_ON_OPEN
-		if (fd >= 0)
-			(void) lockfile(fd, map->map_file, ".pag", LOCK_UN);
+		if (dfd >= 0)
+			(void) lockfile(dfd, map->map_file, ".dir", LOCK_UN);
+		if (pfd >= 0)
+			(void) lockfile(pfd, map->map_file, ".pag", LOCK_UN);
 #endif
 		if (bitset(MF_ALIAS, map->map_mflags) &&
 		    !aliaswait(map, ".pag", TRUE))
@@ -886,14 +924,14 @@ ndbm_map_open(map, mode)
 	{
 		map->map_mflags |= MF_LOCKED;
 	}
-	if (fstat(dbm_dirfno((DBM *) map->map_db1), &st) >= 0)
+	if (fstat(dfd, &st) >= 0)
 		map->map_mtime = st.st_mtime;
 	return TRUE;
 }
 
 
 /*
-**  DBM_MAP_LOOKUP -- look up a datum in a DBM-type map
+**  NDBM_MAP_LOOKUP -- look up a datum in a DBM-type map
 */
 
 char *
@@ -951,7 +989,7 @@ ndbm_map_lookup(map, name, av, statp)
 
 
 /*
-**  DBM_MAP_STORE -- store a datum in the database
+**  NDBM_MAP_STORE -- store a datum in the database
 */
 
 void
@@ -994,7 +1032,7 @@ ndbm_map_store(map, lhs, rhs)
 	if (stat > 0)
 	{
 		if (!bitset(MF_APPEND, map->map_mflags))
-			usrerr("050 Warning: duplicate alias name %s", lhs);
+			message("050 Warning: duplicate alias name %s", lhs);
 		else
 		{
 			static char *buf = NULL;
@@ -1157,7 +1195,6 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
 	int fd;
 	int sff;
 	int saveerrno;
-	bool leavelocked = bitset(O_LEAVELOCKED, mode);
 	struct stat st;
 	char buf[MAXNAME + 1];
 
@@ -1170,10 +1207,10 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
 	mode &= O_ACCMODE;
 	omode = mode;
 
-	sff = SFF_ROOTOK|SFF_REGONLY|SFF_CREAT;
+	sff = SFF_ROOTOK|SFF_REGONLY;
 	if (mode == O_RDWR)
 	{
-		sff |= SFF_NOLINK;
+		sff |= SFF_NOLINK|SFF_CREAT;
 		smode = S_IWRITE;
 	}
 	else
@@ -1187,28 +1224,26 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
 	{
 		/* cannot open this map */
 		if (tTd(38, 2))
-			printf("\tunsafe map file: %d\n", i);
+			printf("\tunsafe map file: %s\n", errstring(i));
+		errno = i;
 		if (!bitset(MF_OPTIONAL, map->map_mflags))
 			syserr("%s map \"%s\": unsafe map file %s",
 				mapclassname, map->map_mname, map->map_file);
 		return FALSE;
 	}
 	if (st.st_mode == ST_MODE_NOFILE)
-		omode |= O_EXCL;
+		omode |= O_CREAT|O_EXCL;
 
 	map->map_lockfd = -1;
 
 #if LOCK_ON_OPEN
 	if (mode == O_RDWR)
-		omode |= O_CREAT|O_TRUNC|O_EXLOCK;
+		omode |= O_TRUNC|O_EXLOCK;
 # if !OLD_NEWDB
 	else
 		omode |= O_SHLOCK;
 # endif
 #else
-	if (mode == O_RDWR)
-		omode |= O_CREAT;
-
 	/*
 	**  Pre-lock the file to avoid race conditions.  In particular,
 	**  since dbopen returns NULL if the file is zero length, we
@@ -1216,26 +1251,51 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
 	*/
 
 	fd = open(buf, omode, DBMMODE);
-
 	if (fd < 0)
 	{
 		if (!bitset(MF_OPTIONAL, map->map_mflags))
 			syserr("db_map_open: cannot pre-open database %s", buf);
-		close(fd);
 		return FALSE;
 	}
-	if (!lockfile(fd, map->map_file, ".db",
-		      mode == O_RDONLY ? LOCK_SH : LOCK_EX))
+
+	/* make sure no baddies slipped in just before the open... */
+	if (filechanged(buf, fd, &st, sff))
+	{
+		int save_errno = errno;
+
+		(void) close(fd);
+		errno = save_errno;
+		syserr("db_map_open(%s): file changed after pre-open", buf);
+		return FALSE;
+	}
+
+	/* if new file, get the "before" bits for later filechanged check */
+	if (st.st_mode == ST_MODE_NOFILE && fstat(fd, &st) < 0)
+	{
+		int save_errno = errno;
+
+		(void) close(fd);
+		errno = save_errno;
+		syserr("db_map_open(%s): cannot fstat pre-opened file",
+			buf);
+		return FALSE;
+	}
+
+	/* actually lock the pre-opened file */
+	if (!lockfile(fd, buf, NULL, mode == O_RDONLY ? LOCK_SH : LOCK_EX))
 		syserr("db_map_open: cannot lock %s", buf);
+
+	/* set up mode bits for dbopen */
 	if (mode == O_RDWR)
 		omode |= O_TRUNC;
+	omode &= ~(O_EXCL|O_CREAT);
 #endif
 
 	db = dbopen(buf, omode, DBMMODE, dbtype, openinfo);
 	saveerrno = errno;
 
 #if !LOCK_ON_OPEN
-	if (leavelocked || mode == O_RDWR)
+	if (mode == O_RDWR)
 		map->map_lockfd = fd;
 	else
 		(void) close(fd);
@@ -1246,25 +1306,28 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
 		if (mode == O_RDONLY && bitset(MF_ALIAS, map->map_mflags) &&
 		    aliaswait(map, ".db", FALSE))
 			return TRUE;
-		errno = saveerrno;
-		if (!bitset(MF_OPTIONAL, map->map_mflags))
-			syserr("Cannot open %s database %s",
-				mapclassname, map->map_file);
 #if !LOCK_ON_OPEN
 		if (map->map_lockfd >= 0)
 			(void) close(map->map_lockfd);
 #endif
+		errno = saveerrno;
+		if (!bitset(MF_OPTIONAL, map->map_mflags))
+			syserr("Cannot open %s database %s",
+				mapclassname, map->map_file);
 		return FALSE;
 	}
 
 	if (filechanged(buf, db->fd(db), &st, sff))
 	{
-		syserr("db_map_open(%s): file changed after open", buf);
+		int save_errno = errno;
+
 		db->close(db);
 #if !LOCK_ON_OPEN
 		if (map->map_lockfd >= 0)
 			close(map->map_lockfd);
 #endif
+		errno = save_errno;
+		syserr("db_map_open(%s): file changed after open", buf);
 		return FALSE;
 	}
 
@@ -1273,9 +1336,9 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
 #if !OLD_NEWDB
 	fd = db->fd(db);
 # if LOCK_ON_OPEN
-	if (fd >= 0 && mode == O_RDONLY && !leavelocked)
+	if (fd >= 0 && mode == O_RDONLY)
 	{
-		(void) lockfile(fd, map->map_file, ".db", LOCK_UN);
+		(void) lockfile(fd, buf, NULL, LOCK_UN);
 	}
 # endif
 #endif
@@ -1291,7 +1354,7 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
 		map->map_mtime = st.st_mtime;
 #endif
 
-	map->map_db2 = (void *) db;
+	map->map_db2 = (ARBPTR_T) db;
 	if (mode == O_RDONLY && bitset(MF_ALIAS, map->map_mflags) &&
 	    !aliaswait(map, ".db", TRUE))
 		return FALSE;
@@ -1312,16 +1375,26 @@ db_map_lookup(map, name, av, statp)
 {
 	DBT key, val;
 	register DB *db = (DB *) map->map_db2;
+	int i;
 	int st;
 	int saveerrno;
 	int fd;
 	struct stat stbuf;
 	char keybuf[MAXNAME + 1];
+	char buf[MAXNAME + 1];
 
 	if (tTd(38, 20))
 		printf("db_map_lookup(%s, %s)\n",
 			map->map_mname, name);
 
+	i = strlen(map->map_file);
+	if (i > MAXNAME)
+		i = MAXNAME;
+	strncpy(buf, map->map_file, i);
+	buf[i] = '\0';
+	if (i > 3 && strcmp(&buf[i - 3], ".db") == 0)
+		buf[i - 3] = '\0';
+
 	key.size = strlen(name);
 	if (key.size > sizeof keybuf - 1)
 		key.size = sizeof keybuf - 1;
@@ -1331,9 +1404,10 @@ db_map_lookup(map, name, av, statp)
 	if (!bitset(MF_NOFOLDCASE, map->map_mflags))
 		makelower(keybuf);
 #if !OLD_NEWDB
+  lockdb:
 	fd = db->fd(db);
 	if (fd >= 0 && !bitset(MF_LOCKED, map->map_mflags))
-		(void) lockfile(fd, map->map_file, ".db", LOCK_SH);
+		(void) lockfile(fd, buf, ".db", LOCK_SH);
 	if (fd < 0 || fstat(fd, &stbuf) < 0 || stbuf.st_mtime > map->map_mtime) 
 	{
 		/* Reopen the database to sync the cache */
@@ -1342,14 +1416,13 @@ db_map_lookup(map, name, av, statp)
 
 		map->map_class->map_close(map);
 		map->map_mflags &= ~(MF_OPEN|MF_WRITABLE);
-		omode |= O_LEAVELOCKED;
 		if (map->map_class->map_open(map, omode)) 
 		{
 			map->map_mflags |= MF_OPEN;
 			if ((omode && O_ACCMODE) == O_RDWR)
 				map->map_mflags |= MF_WRITABLE;
 			db = (DB *) map->map_db2;
-			fd = db->fd(db);
+			goto lockdb;
 		}
 		else
 		{
@@ -1385,7 +1458,7 @@ db_map_lookup(map, name, av, statp)
 	saveerrno = errno;
 #if !OLD_NEWDB
 	if (fd >= 0 && !bitset(MF_LOCKED, map->map_mflags))
-		(void) lockfile(fd, map->map_file, ".db", LOCK_UN);
+		(void) lockfile(fd, buf, ".db", LOCK_UN);
 #endif
 	if (st != 0)
 	{
@@ -1446,7 +1519,7 @@ db_map_store(map, lhs, rhs)
 	if (stat > 0)
 	{
 		if (!bitset(MF_APPEND, map->map_mflags))
-			usrerr("050 Warning: duplicate alias name %s", lhs);
+			message("050 Warning: duplicate alias name %s", lhs);
 		else
 		{
 			static char *buf = NULL;
@@ -1500,13 +1573,19 @@ db_map_close(map)
 		db_map_store(map, "@", "@");
 	}
 
-	if (db->close(db) != 0)
-		syserr("readaliases: db close failure");
+#if OLD_NEWDB
+	(void) db->sync(db);
+#else
+	(void) db->sync(db, 0);
+#endif
 
 #if !LOCK_ON_OPEN
 	if (map->map_lockfd >= 0)
 		(void) close(map->map_lockfd);
 #endif
+
+	if (db->close(db) != 0)
+		syserr("readaliases: db close failure");
 }
 
 #endif
@@ -2735,6 +2814,123 @@ ldap_map_parseargs(map,args)
 
 #endif /* LDAP Modules */
 /*
+** syslog map
+*/
+
+#if _FFR_SYSLOG_MAP
+
+#define map_prio	map_lockfd	/* overload field */
+
+/*
+** SYSLOG_MAP_PARSEARGS -- check for priority level to syslog messages.
+*/
+
+bool
+syslog_map_parseargs(map, args)
+	MAP *map;
+	char *args;
+{
+	char *p = args;
+	char *priority = NULL;
+
+	for (;;)
+	{
+		while (isascii(*p) && isspace(*p))
+			p++;
+		if (*p != '-')
+			break;
+		if (*++p == 'L')
+			priority = ++p;
+		while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+			p++;
+		if (*p != '\0')
+			*p++ = '\0';
+	}
+
+	if (priority == NULL)
+		map->map_prio = LOG_INFO;
+	else
+	{
+		if (strncasecmp("LOG_", priority, 4) == 0)
+			priority += 4;
+		
+#ifdef LOG_EMERG
+		if (strcasecmp("EMERG", priority) == 0)
+			map->map_prio = LOG_EMERG;
+		else
+#endif
+#ifdef LOG_ALERT
+		if (strcasecmp("ALERT", priority) == 0)
+			map->map_prio = LOG_ALERT;
+		else
+#endif
+#ifdef LOG_CRIT
+		if (strcasecmp("CRIT", priority) == 0)
+			map->map_prio = LOG_CRIT;
+		else
+#endif
+#ifdef LOG_ERR
+		if (strcasecmp("ERR", priority) == 0)
+			map->map_prio = LOG_ERR;
+		else
+#endif
+#ifdef LOG_WARNING
+		if (strcasecmp("WARNING", priority) == 0)
+			map->map_prio = LOG_WARNING;
+		else
+#endif
+#ifdef LOG_NOTICE
+		if (strcasecmp("NOTICE", priority) == 0)
+			map->map_prio = LOG_NOTICE;
+		else
+#endif
+#ifdef LOG_INFO
+		if (strcasecmp("INFO", priority) == 0)
+			map->map_prio = LOG_INFO;
+		else
+#endif
+#ifdef LOG_DEBUG
+		if (strcasecmp("DEBUG", priority) == 0)
+			map->map_prio = LOG_DEBUG;
+		else
+#endif
+		{
+			syserr("syslog_map_parseargs: Unknown priority %s\n",
+			       priority);
+			return FALSE;
+		}
+	}
+	return TRUE;
+}
+
+/*
+** SYSLOG_MAP_LOOKUP -- rewrite and syslog message.  Always return empty string
+*/
+
+char *
+syslog_map_lookup(map, string, args, statp)
+	MAP *map;
+	char *string;
+	char **args;
+	int *statp;
+{
+	char *ptr = map_rewrite(map, string, strlen(string), args);
+
+	if (ptr != NULL)
+	{
+		if (tTd(38, 20))
+			printf("syslog_map_lookup(%s (priority %d): %s\n",
+			       map->map_mname, map->map_prio, ptr);
+
+		sm_syslog(map->map_prio, CurEnv->e_id, "%s", ptr);
+	}
+	
+	*statp = EX_OK;
+	return "";
+}
+
+#endif /* _FFR_SYSLOG_MAP */
+/*
 **  HESIOD Modules
 */
 
diff --git a/usr.sbin/sendmail/src/mci.c b/usr.sbin/sendmail/src/mci.c
index f8ba789..929d82d 100644
--- a/usr.sbin/sendmail/src/mci.c
+++ b/usr.sbin/sendmail/src/mci.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)mci.c	8.62 (Berkeley) 5/29/97";
+static char sccsid[] = "@(#)mci.c	8.66 (Berkeley) 8/2/97";
 #endif /* not lint */
 
 #include "sendmail.h"
@@ -330,10 +330,10 @@ mci_get(host, m)
 		{
 			/* get peer host address for logging reasons only */
 			/* (this should really be in the mci struct) */
-			int socksize = sizeof CurHostAddr;
+			SOCKADDR_LEN_T socklen = sizeof CurHostAddr;
 
 			(void) getpeername(fileno(mci->mci_in),
-				(struct sockaddr *) &CurHostAddr, &socksize);
+				(struct sockaddr *) &CurHostAddr, &socklen);
 		}
 # endif
 	}
@@ -571,7 +571,7 @@ mci_lock_host_statfile(mci)
 		goto cleanup;
 	}
 
-	mci->mci_statfile = safefopen(fname, O_RDWR|O_CREAT, FileMode,
+	mci->mci_statfile = safefopen(fname, O_RDWR, FileMode,
 		   SFF_NOLOCK|SFF_NOLINK|SFF_OPENASROOT|SFF_REGONLY|SFF_CREAT);
 
 	if (mci->mci_statfile == NULL)
@@ -694,7 +694,7 @@ mci_load_persistent(mci)
 	}
 
 	fp = safefopen(fname, O_RDONLY, FileMode,
-		       SFF_NOLOCK|SFF_NOLINK|SFF_OPENASROOT|SFF_REGONLY);
+		       SFF_NOLINK|SFF_OPENASROOT|SFF_REGONLY);
 	if (fp == NULL)
 	{
 		/* I can't think of any reason this should ever happen */
diff --git a/usr.sbin/sendmail/src/queue.c b/usr.sbin/sendmail/src/queue.c
index 13965de..1d812b8 100644
--- a/usr.sbin/sendmail/src/queue.c
+++ b/usr.sbin/sendmail/src/queue.c
@@ -36,9 +36,9 @@
 
 #ifndef lint
 #if QUEUE
-static char sccsid[] = "@(#)queue.c	8.169 (Berkeley) 6/14/97 (with queueing)";
+static char sccsid[] = "@(#)queue.c	8.174 (Berkeley) 7/23/97 (with queueing)";
 #else
-static char sccsid[] = "@(#)queue.c	8.169 (Berkeley) 6/14/97 (without queueing)";
+static char sccsid[] = "@(#)queue.c	8.174 (Berkeley) 7/23/97 (without queueing)";
 #endif
 #endif /* not lint */
 
@@ -431,7 +431,9 @@ queueup(e, announce)
 
 	fprintf(tfp, ".\n");
 
-	if (fflush(tfp) < 0 || fsync(fileno(tfp)) < 0 || ferror(tfp))
+	if (fflush(tfp) < 0 ||
+	    (SuperSafe && fsync(fileno(tfp)) < 0) ||
+	    ferror(tfp))
 	{
 		if (newid)
 			syserr("!552 Error writing control file %s", tf);
@@ -553,7 +555,6 @@ runqueue(forkflag, verbose)
 	extern ENVELOPE BlankEnvelope;
 	extern void clrdaemon __P((void));
 	extern void runqueueevent __P((void));
-	extern void drop_privileges __P((void));
 
 	DoQueueRun = FALSE;
 
@@ -670,7 +671,7 @@ runqueue(forkflag, verbose)
 
 	/* drop privileges */
 	if (geteuid() == (uid_t) 0)
-		drop_privileges();
+		(void) drop_privileges(FALSE);
 
 	/*
 	**  Create ourselves an envelope
@@ -684,7 +685,7 @@ runqueue(forkflag, verbose)
 	if (forkflag)
 	{
 		disconnect(1, e);
-		OnlyOneError = QuickAbort = FALSE;
+		QuickAbort = FALSE;
 	}
 
 	/*
@@ -1463,6 +1464,7 @@ dowork(id, forkflag, requeueflag, e)
 		{
 			if (tTd(40, 4))
 				printf("readqf(%s) failed\n", e->e_id);
+			e->e_id = NULL;
 			if (forkflag)
 				exit(EX_OK);
 			else
@@ -2325,13 +2327,17 @@ loseqfile(e, why)
 	char *why;
 {
 	char *p;
-	char buf[MAXQFNAME];
+	char buf[MAXQFNAME + 1];
 
 	if (e == NULL || e->e_id == NULL)
 		return;
-	if (strlen(e->e_id) > (SIZE_T) sizeof buf - 4)
+	p = queuename(e, 'q');
+	if (strlen(p) > MAXQFNAME)
+	{
+		syserr("loseqfile: queuename (%s) too long", p);
 		return;
-	strcpy(buf, queuename(e, 'q'));
+	}
+	strcpy(buf, p);
 	p = queuename(e, 'Q');
 	if (rename(buf, p) < 0)
 		syserr("cannot rename(%s, %s), uid=%d", buf, p, geteuid());
diff --git a/usr.sbin/sendmail/src/safefile.c b/usr.sbin/sendmail/src/safefile.c
index 0866034..842a09f 100644
--- a/usr.sbin/sendmail/src/safefile.c
+++ b/usr.sbin/sendmail/src/safefile.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)safefile.c	8.12 (Berkeley) 6/14/97";
+static char sccsid[] = "@(#)safefile.c	8.18 (Berkeley) 8/1/97";
 #endif /* not lint */
 
 # include "sendmail.h"
@@ -108,6 +108,10 @@ safefile(fn, uid, gid, uname, flags, mode, st)
 	strcpy(fbuf, fn);
 	fn = fbuf;
 
+	/* ignore SFF_SAFEDIRPATH if we are debugging */
+	if (RealUid != 0 && RunAsUid == RealUid)
+		flags &= ~SFF_SAFEDIRPATH;
+
 	/* first check to see if the file exists at all */
 #ifdef HASLSTAT
 	if ((bitset(SFF_NOSLINK, flags) ? lstat(fn, st)
@@ -464,6 +468,7 @@ safeopen(fn, omode, cmode, sff)
 
 	if (bitset(O_CREAT, omode))
 		sff |= SFF_CREAT;
+	omode &= ~O_CREAT;
 	smode = 0;
 	switch (omode & O_ACCMODE)
 	{
@@ -494,8 +499,8 @@ safeopen(fn, omode, cmode, sff)
 		errno = rval;
 		return -1;
 	}
-	if (stb.st_mode == ST_MODE_NOFILE)
-		omode |= O_EXCL;
+	if (stb.st_mode == ST_MODE_NOFILE && bitset(SFF_CREAT, sff))
+		omode |= O_EXCL|O_CREAT;
 
 	fd = dfopen(fn, omode, cmode, sff);
 	if (fd < 0)
@@ -561,10 +566,24 @@ safefopen(fn, omode, cmode, sff)
 	}
 	fd = safeopen(fn, omode, cmode, sff);
 	if (fd < 0)
+	{
+		if (tTd(44, 10))
+			printf("safefopen: safeopen failed: %s\n",
+				errstring(errno));
 		return NULL;
+	}
 	fp = fdopen(fd, fmode);
 	if (fp != NULL)
 		return fp;
+
+	if (tTd(44, 10))
+	{
+		printf("safefopen: fdopen(%s, %s) failed: omode=%x, sff=%x, err=%s\n",
+			fn, fmode, omode, sff, errstring(errno));
+#ifndef NOT_SENDMAIL
+		dumpfd(fd, TRUE, FALSE);
+#endif
+	}
 	(void) close(fd);
 	return NULL;
 }
@@ -607,6 +626,9 @@ filechanged(fn, fd, stb, sff)
 	if (sta.st_nlink != stb->st_nlink ||
 	    sta.st_dev != stb->st_dev ||
 	    sta.st_ino != stb->st_ino ||
+#if HAS_ST_GEN && 0		/* AFS returns garbage in st_gen */
+	    sta.st_gen != stb->st_gen ||
+#endif
 	    sta.st_uid != stb->st_uid ||
 	    sta.st_gid != stb->st_gid)
 	{
@@ -619,6 +641,10 @@ filechanged(fn, fd, stb, sff)
 				(long) stb->st_dev, (long) sta.st_dev);
 			printf(" ino	= %ld/%ld\n",
 				(long) stb->st_ino, (long) sta.st_ino);
+#if HAS_ST_GEN
+			printf(" gen	= %ld/%ld\n",
+				(long) stb->st_gen, (long) sta.st_gen);
+#endif
 			printf(" uid	= %ld/%ld\n",
 				(long) stb->st_uid, (long) sta.st_uid);
 			printf(" gid	= %ld/%ld\n",
diff --git a/usr.sbin/sendmail/src/version.c b/usr.sbin/sendmail/src/version.c
index 6f6ffad..c531c5b 100644
--- a/usr.sbin/sendmail/src/version.c
+++ b/usr.sbin/sendmail/src/version.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)version.c	8.8.6.1 (Berkeley) 6/14/97";
+static char sccsid[] = "@(#)version.c	8.8.7.3 (Berkeley) 8/3/97";
 #endif /* not lint */
 
-char	Version[] = "8.8.6";
+char	Version[] = "8.8.7";
diff --git a/usr.sbin/sendmail/test/t_exclopen.c b/usr.sbin/sendmail/test/t_exclopen.c
new file mode 100644
index 0000000..54f7873
--- /dev/null
+++ b/usr.sbin/sendmail/test/t_exclopen.c
@@ -0,0 +1,91 @@
+/*
+**  This program tests your system to see if you have the lovely
+**  security-defeating semantics that an open with O_CREAT|O_EXCL
+**  set will successfully open a file named by a symbolic link that
+**  points to a non-existent file.  Sadly, Posix is mute on what
+**  should happen in this situation.
+**
+**  Results to date:
+**	AIX 3.2		OK
+**	BSD family	OK
+**	  BSD/OS 2.1	OK
+**	  FreeBSD 2.1	OK
+**	DEC OSF/1 3.0	OK
+**	HP-UX 9.04	FAIL
+**	HP-UX 9.05	FAIL
+**	HP-UX 9.07	OK
+**	HP-UX 10.01	OK
+**	HP-UX 10.10	OK
+**	HP-UX 10.20	OK
+**	Irix 5.3	OK
+**	Irix 6.2	OK
+**	Linux		OK
+**	NeXT 2.1	OK
+**	Solaris 2.x	OK
+**	SunOS 4.x	OK
+**	Ultrix 4.3	OK
+*/
+
+#include <stdio.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+char Attacker[128];
+char Attackee[128];
+
+main(argc, argv)
+	int argc;
+	char **argv;
+{
+	struct stat st;
+
+	sprintf(Attacker, "/tmp/attacker.%d.%ld", getpid(), time(NULL));
+	sprintf(Attackee, "/tmp/attackee.%d.%ld", getpid(), time(NULL));
+
+	if (symlink(Attackee, Attacker) < 0)
+	{
+		printf("Could not create %s->%s symlink: %d\n",
+			Attacker, Attackee, errno);
+		bail(1);
+	}
+	(void) unlink(Attackee);
+	if (stat(Attackee, &st) >= 0)
+	{
+		printf("%s already exists -- remove and try again.\n",
+			Attackee);
+		bail(1);
+	}
+	if (open(Attacker, O_WRONLY|O_CREAT|O_EXCL, 0644) < 0)
+	{
+		int saveerr = errno;
+
+		if (stat(Attackee, &st) >= 0)
+		{
+			printf("Weird.  Open failed but %s was created anyhow (errno = %d)\n",
+				Attackee, saveerr);
+			bail(1);
+		}
+		printf("Good show!  Exclusive open works properly with symbolic links (errno = %d).\n",
+			saveerr);
+		bail(0);
+	}
+	if (stat(Attackee, &st) < 0)
+	{
+		printf("Weird.  Open succeeded but %s was not created\n",
+			Attackee);
+		bail(2);
+	}
+	printf("Bad news: you can do an exclusive open through a symbolic link\n");
+	printf("\tBe sure you #define BOGUS_O_EXCL in conf.h\n");
+	bail(1);
+}
+
+bail(stat)
+	int stat;
+{
+	(void) unlink(Attacker);
+	(void) unlink(Attackee);
+	exit(stat);
+}