Import sendmail 8.8.5. See RELEASE_NOTES for changes.

Obtained from: ftp.sendmail.org:/pub/sendmail

33 files changed, 821 insertions, 273 deletions

diff --git a/usr.sbin/sendmail/RELEASE_NOTES b/usr.sbin/sendmail/RELEASE_NOTES
index 621cbcc..a935a73 100644
--- a/usr.sbin/sendmail/RELEASE_NOTES
+++ b/usr.sbin/sendmail/RELEASE_NOTES
@@ -1,11 +1,157 @@
 			SENDMAIL RELEASE NOTES
-	     @(#)RELEASE_NOTES	8.8.4.4 (Berkeley) 12/2/96
+	     @(#)RELEASE_NOTES	8.8.5.3 (Berkeley) 1/21/97
 
 
 This listing shows the version of the sendmail binary, the version
 of the sendmail configuration files, the date of release, and a
 summary of the changes in that release.
 
+8.8.5/8.8.5	97/01/21
+	SECURITY: Clear out group list during startup.  Without this, sendmail
+		will continue to run with the group permissions of the caller,
+		even if RunAsUser is specified.
+	SECURITY: Make purgestat (-bH) be root-only.  This is not in response
+		to any known attack, but it's best to be conservative.
+		Suggested by Peter Wemm of DIALix.
+	SECURITY: Fix buffer overrun problem in MIME code that has possible
+		security implications.  Patch from Alex Garthwaite of the
+		University of Pennsylvania.
+	Use of a -f flag with a phrase attached (e.g., "-f 'Full Name <addr>'")
+		would truncate the address after "Full".  Although the -f
+		syntax is incorrect (since it is in the envelope, it
+		shouldn't have comments and full names), the failure mode
+		was unnecessarily awful.
+	Fix a possible null pointer dereference when converting 8-bit data
+		to a 7-bit format.  Problem noted by Jim Hutchins of
+		Sandia National Labs and David James of British Telecom.
+	Clear out stale state that affected F=9 on SMTP mailers in queue
+		runs.  Although this really shouldn't be used (F=9 is for
+		final delivery only, and using it on an SMTP mailer makes
+		it possible for a message to be converted from 8->7->8->7
+		bits several times), it shouldn't have failed with a syserr.
+		Problem noted by Eric Hagberg of Morgan Stanley.
+	_Really_ fix the multiple :maildrop code in the user database
+		module.  Patch from Roy Mongiovi of Georgia Tech.
+	Let F lines in the configuration file actually read root-only
+		files if the configuration file is safe.  Based on a
+		patch from Keith Reynolds of SCO.
+	ETRN followed by QUIT would hold the connection open until the queue
+		run completed.  Problem noted by Truck Lewis of TDK
+		Semiconductor Corp.
+	It turns out that despite the documentation, the TCP wrappers library
+		does _not_ log rejected connections.  Do the logging ourselves.
+		Problem noted by Fletcher Mattox of the University of Texas
+		at Austin.
+	If sendmail finds a qf file in its queue directory that is an unknown
+		version (e.g., when backing out to an old version), the
+		error is reported on every queue run.  Change it to only
+		give the error once (and rename the qf => Qf).  Patch from
+		William A. Gianopoulos of Raytheon Company.
+	Start a new session when doing background delivery; currently it
+		ignored signals but didn't start a new signal, that caused
+		some problems if a background process tried to send mail
+		under certain circumstances.  Problem noted by Eric Hagberg
+		of Morgan Stanley; fix from Kari Hurtta.
+	Simplify test for skipping a queue run to just check if the current
+		load average is >= the queueing load average.  Previously
+		the check factored in some other parameters that caused it
+		to essentially never skip the queue run.  Patch from Bryan
+		Costales.
+	If the SMTP server is running in "nullserver" mode (that is, it is
+		rejecting all commands), start sleeping after MAXBADCOMMAND
+		(25) commands; this helps prevent a bad guy from putting
+		you into a tight loop as a denial-of-service attack.  Based
+		on an e-mail conversation with Brad Knowles of AOL.
+	Slow down when too many "light weight" commands have been issued;
+		this helps prevent a class of denial-of-service attacks.
+		The current values and defaults are:
+		    MAXNOOPCOMMANDS	20	NOOP, VERB, ONEX, XUSR
+		    MAXHELOCOMMANDS	3	HELO, EHLO
+		    MAXVRFYCOMMANDS	6	VRFY, EXPN
+		    MAXETRNCOMMANDS	8	ETRN
+		These will probably be configurable in a future release.
+	On systems that have uid_t typedefed to be an unsigned short, programs
+		that had the F=S flag and no U= equate would be invoked with
+		the real uid set to 65535 rather than being left unchanged.
+	In some cases, NOTIFY=NEVER was not being honored.  Problem noted
+		by Steve Hubert of the University of Washington, Seattle.
+	Mail that was Quoted-Printable encoded and had a soft line break on
+		the last line (i.e., an incomplete continuation) had the last
+		line dropped.  Since this appears to be illegal it isn't
+		clear what to do with it, but flushing the last line seems
+		to be a better "fail soft" approach.  Based on a patch from
+		Eric Hagberg.
+	If AllowBogusHELO and PrivacyOptions=needmailhelo are both set, a
+		bogus HELO command still causes the "Polite people say HELO
+		first" error message.  Problem pointed out by Chris Thomas
+		of UCLA; patch from John Beck of SunSoft.
+	Handle "sendmail -bp -qSfoobar" properly if restrictqrun is set
+		 in PrivacyFlags.  The -q shouldn't turn this command off.
+		 Problem noted by Murray Kucherawy of Pacific Bell Internet;
+		 based on a patch from Gregory Neil Shapiro of WPI.
+	Don't consider SMTP reply codes 452 or 552 (exceeded storage allocation)
+		in a DATA transaction to be sticky; these can occur because
+		a message is too large, and smaller messages should still go
+		through.  Problem noted by Matt Dillon of Best Internet
+		Communications.
+	In some cases bounces were saved in /var/tmp/dead.letter even if they
+		had been successfully delivered to the envelope sender.
+		Problem noted Eric Hagberg of Morgan Stanley; solution from
+		Gregory Neil Shapiro of WPI.
+	Give better diagnostics on long alias lines.  Based on code contributed
+		by Patrick Gosling of the University of Cambridge.
+	Increase the number of virtual interfaces that will be probed for
+		alternate names.  Problem noted by Gregory Neil Shapiro of
+		WPI.
+	PORTABILITY:
+		UXP/DS V20L10 for Fujitsu DS/90: Makefile patches from
+			Toshiaki Nomura of Fujitsu Limited.
+		SunOS with LDAP support: compile problems with struct timeval.
+			Patch from Nick Cuccia of TCSI Corporation.
+		SCO: from Keith Reynolds of SCO.
+		Solaris: kstat load average computation wasn't being used.
+			Fixes from Michael Ju. Tokarev of Telecom Service, JSC
+			(Moscow).
+		OpenBSD: from Jason Downs of teeny.org.
+		Altos System V: from Tim Rice.
+		Solaris 2.5: from Alan Perry of SunSoft.
+		Solaris 2.6: from John Beck of SunSoft.
+		Harris Nighthawk PowerUX (mh6000 box): from Bob Miorelli
+			of Pratt & Whitney <miorelli@pweh.com>.
+	CONFIG: It seems that I hadn't gotten the Received: line syntax
+		_just_right_ yet.  Tweak it again.  I'll omit the names
+		of the "contributors" (quantity two) in this one case.
+		As of now, NO MORE DISCUSSION about the syntax of the
+		Received: line.
+	CONFIG: Although FEATURE(nullclient) uses EXPOSED_USER (class $=E),
+		it never inserts that class into the output file.  Fix it
+		so it will honor EXPOSED_USER but will _not_ include root
+		automatically in this class.  Problem noted by Ronan KERYELL
+		of Centre de Recherche en Informatique de l'École Nationale
+		Supérieure des Mines de Paris (CRI-ENSMP).
+	CONFIG: Clean up handling of "local:" syntax in relay specifications
+		such as LUSER_RELAY.  This change permits the following
+		syntaxes:  ``local:'' will send to the same user on the
+		local machine (e.g., in a mailertable entry for "host",
+		``local:'' will cause an address addressed to user@host to
+		go to user on the local machone).  ``local:user'' will send
+		to the named user on the local machine.  ``local:user@host''
+		is equivalent to ``local:user'' (the host is ignored).  In
+		all cases, the original user@host is passed in $@ (i.e., the
+		detail information).  Inspired by a report from Michael Fuhr
+		of Dimensional Communications, L.L.C.
+	CONFIG: Strip quotes from the first word of an "error:" host
+		indication.  This lets you set (for example) the LUSER_RELAY
+		to be ``error:\"5.1.1\" Your Message Here''.  Note the use
+		of the \" so that the resulting string is properly quoted.
+		Problem noted by Gregory Neil Shapiro of WPI.
+	OP.ME: documentation was inconsistent about whether sendmail did a
+		NOOP or a RSET to probe the connection (it does a RSET).
+		Inconsistency noted by Deeran Peethamparam.
+	OP.ME: insert additional blank pages so it will print properly on
+		a duplex printer.  From Matthew Black of Cal State University,
+		Long Beach.
+
 8.8.4/8.8.4	96/12/02
 	SECURITY: under some circumstances, an attacker could get additional
 		permissions by hard linking to files that were group
diff --git a/usr.sbin/sendmail/cf/README b/usr.sbin/sendmail/cf/README
index d71ffd2..6ea2998 100644
--- a/usr.sbin/sendmail/cf/README
+++ b/usr.sbin/sendmail/cf/README
@@ -4,7 +4,7 @@
 
 		Eric Allman <eric@CS.Berkeley.EDU>
 
-		@(#)README	8.108 (Berkeley) 11/16/96
+		@(#)README	8.111 (Berkeley) 1/16/97
 
 
 This document describes the sendmail configuration files being used
@@ -31,8 +31,10 @@ This package requires a post-V7 version of m4; if you are running the
 4.2bsd, SysV.2, or 7th Edition version, I suggest finding a friend with
 a newer version.  You can m4-expand on their system, then run locally.
 SunOS's /usr/5bin/m4 or BSD-Net/2's m4 both work.  GNU m4 version 1.1
-also works.  Unfortunately, I'm told that the M4 on BSDI 1.0 doesn't
-work -- you'll have to use a Net/2 or GNU version.
+or later also works.  Unfortunately, I'm told that the M4 on BSDI 1.0
+doesn't work -- you'll have to use a Net/2 or GNU version.  GNU m4 is
+available from ftp://prep.ai.mit.edu/pub/gnu/m4-1.4.tar.gz (check for
+the latest version).
 
 IF YOU DON'T HAVE A BERKELEY MAKE, don't despair!  Just run
 "m4 ../m4/cf.m4 foo.mc > foo.cf" -- that should be all you need.
@@ -305,9 +307,13 @@ POP_MAILER_ARGS		[pop $u] The arguments passed to the POP mailer.
 PROCMAIL_MAILER_PATH	[/usr/local/bin/procmail] The path to the procmail
 			program.  This is also used by FEATURE(local_procmail).
 PROCMAIL_MAILER_FLAGS	[Shu] Flags added to Procmail mailer.  Flags
-			``DFMmn'' are always set.
+			``DFMmn'' are always set.  This is NOT used by
+			FEATURE(local_procmail); tweak LOCAL_MAILER_FLAGS
+			instead.
 PROCMAIL_MAILER_ARGS	[procmail -m $h $f $u] The arguments passed to
-			the Procmail mailer.
+			the Procmail mailer.  This is NOT used by
+			FEATURE(local_procmail); tweak LOCAL_MAILER_ARGS
+			instead.
 PROCMAIL_MAILER_MAX	[undefined] If set, the maximum size message that
 			will be accepted by the procmail mailer.
 MAIL11_MAILER_PATH	[/usr/etc/mail11] The path to the mail11 mailer.
@@ -694,7 +700,10 @@ local_procmail	Use procmail as the local mailer.  This mailer can
 		normally the +indicator is just tossed, but by default
 		it is passed as the -a argument to procmail.  The
 		argument to this feature is the pathname of procmail,
-		which defaults to PROCMAIL_MAILER_PATH.
+		which defaults to PROCMAIL_MAILER_PATH.  Note that this
+		does NOT use PROCMAIL_MAILER_FLAGS or PROCMAIL_MAILER_ARGS
+		for the local mailer; tweak LOCAL_MAILER_FLAGS and
+		LOCAL_MAILER_ARGS instead.
 
 bestmx_is_local	Accept mail as though locally addressed for any host that
 		lists us as the best possible MX record.  This generates
@@ -1426,7 +1435,10 @@ confCF_VERSION		$Z macro	If defined, this is appended to the
 confFROM_HEADER		From:		[$?x$x <$g>$|$g$.] The format of an 
 					internally generated From: address.
 confRECEIVED_HEADER	Received:
-      [.$?_($?s$|from $.$_) $.by $j ($v/$Z)$?r with $r$. id $i$?u for $u$.; $b]
+		[$?sfrom $s .$?_($?s$|from $.$_)
+			$.by $j ($v/$Z)$?r with $r$. id $i$?u
+			for $u$.;
+			$b]
 					The format of the Received: header
 					in messages passed through this host.
 					It is unwise to try to change this.
diff --git a/usr.sbin/sendmail/cf/cf/Makefile b/usr.sbin/sendmail/cf/cf/Makefile
index 33f5943..7450b2a 100644
--- a/usr.sbin/sendmail/cf/cf/Makefile
+++ b/usr.sbin/sendmail/cf/cf/Makefile
@@ -1,10 +1,10 @@
-#	@(#)Makefile	8.17 (Berkeley) 9/12/95
+#	@(#)Makefile	8.19 (Berkeley) 1/14/97
 
 #
 #  This Makefile uses the new Berkeley "make" program.  See Makefile.dist
 #  for a more vanilla version.
 #
-#  Configuration files are created using "m4 file.mc > file.cf";
+#  Create configuration files using "m4 ../m4/cf.m4 file.mc > file.cf";
 #  this may be easier than tweaking the Makefile.  You do need to
 #  have a fairly modern M4 available (GNU m4 works).  On SunOS, use
 #  /usr/5bin/m4.
@@ -31,7 +31,7 @@ ALL=	generic-bsd4.4.cf generic-hpux9.cf generic-hpux10.cf \
 		cs-sunos4.1.cf cs-ultrix4.cf \
 	s2k-osf1.cf s2k-ultrix4.cf \
 	chez.cs.cf huginn.cs.cf mail.cs.cf mail.eecs.cf mailspool.cs.cf \
-		python.cs.cf ucbarpa.cf ucbvax.cf vangogh.cs.cf
+		python.cs.cf ucbarpa.cf ucbvax.cf vangogh.cs.cf knecht.cf
 
 all: $(ALL)
 
diff --git a/usr.sbin/sendmail/cf/cf/knecht.mc b/usr.sbin/sendmail/cf/cf/knecht.mc
index 0cd17fa..f7d57e3 100644
--- a/usr.sbin/sendmail/cf/cf/knecht.mc
+++ b/usr.sbin/sendmail/cf/cf/knecht.mc
@@ -33,12 +33,19 @@ divert(-1)
 # SUCH DAMAGE.
 #
 
-include(`../m4/cf.m4')
-VERSIONID(`@(#)knecht.mc	8.1 (Berkeley) 6/7/93')
-OSTYPE(ultrix4.1)dnl
-DOMAIN(cs.exposed)dnl
-define(`LOCAL_RELAY', CS.Berkeley.EDU)dnl
-MAILER(smtp)dnl
+#
+#  This is specific to Eric's home machine.
+#
 
-# our local domain
-DDCS.Berkeley.EDU
+divert(0)dnl
+VERSIONID(`@(#)knecht.mc	8.4 (Berkeley) 11/24/96')
+OSTYPE(bsd4.4)dnl
+DOMAIN(generic)dnl
+define(`confDEF_USER_ID', `mailnull')dnl
+define(`confHOST_STATUS_DIRECTORY', `.hoststat')dnl
+define(`confTO_ICONNECT', `10s')dnl
+define(`confCOPY_ERRORS_TO', `Postmaster')dnl
+define(`confTO_QUEUEWARN', `8h')dnl
+FEATURE(virtusertable)dnl
+MAILER(local)dnl
+MAILER(smtp)dnl
diff --git a/usr.sbin/sendmail/cf/m4/cfhead.m4 b/usr.sbin/sendmail/cf/m4/cfhead.m4
index 91d4b9a..6bef4c6 100644
--- a/usr.sbin/sendmail/cf/m4/cfhead.m4
+++ b/usr.sbin/sendmail/cf/m4/cfhead.m4
@@ -106,18 +106,18 @@ define(`SITE', `ifelse(CONCAT($'2`, $3), SU,
 		CONCAT(C, $3, $'1`))')
 sinclude(_CF_DIR_`'siteconfig/$1.m4)')
 define(`EXPOSED_USER', `PUSHDIVERT(5)CE$1
-POPDIVERT`'dnl')
+POPDIVERT`'dnl`'')
 define(`LOCAL_USER', `PUSHDIVERT(5)CL$1
-POPDIVERT`'dnl')
+POPDIVERT`'dnl`'')
 define(`MASQUERADE_AS', `define(`MASQUERADE_NAME', $1)')
 define(`MASQUERADE_DOMAIN', `PUSHDIVERT(5)CM$1
-POPDIVERT`'dnl')
+POPDIVERT`'dnl`'')
 define(`MASQUERADE_DOMAIN_FILE', `PUSHDIVERT(5)FM$1
-POPDIVERT`'dnl')
+POPDIVERT`'dnl`'')
 define(`GENERICS_DOMAIN', `PUSHDIVERT(5)CG$1
-POPDIVERT`'dnl')
+POPDIVERT`'dnl`'')
 define(`GENERICS_DOMAIN_FILE', `PUSHDIVERT(5)FG$1
-POPDIVERT`'dnl')
+POPDIVERT`'dnl`'')
 define(`_OPTINS', `ifdef(`$1', `$2$1$3')')
 
 m4wrap(`include(_CF_DIR_`m4/proto.m4')')
@@ -129,8 +129,9 @@ define(`confFROM_LINE', `From $g  $d')
 define(`confOPERATORS', `.:%@!^/[]+')
 define(`confSMTP_LOGIN_MSG', `$j Sendmail $v/$Z; $b')
 define(`confRECEIVED_HEADER', `$?sfrom $s $.$?_($?s$|from $.$_)
-          $.by $j ($v/$Z)$?r with $r$.
-	  id $i$?u for $u$.; $b')
+	$.by $j ($v/$Z)$?r with $r$. id $i$?u
+	for $u; $|;
+	$.$b')
 define(`confSEVEN_BIT_INPUT', `False')
 define(`confEIGHT_BIT_HANDLING', `pass8')
 define(`confALIAS_WAIT', `10')
@@ -156,4 +157,4 @@ define(`confMIME_FORMAT_ERRORS', `True')
 define(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward')
 
 divert(0)dnl
-VERSIONID(`@(#)cfhead.m4	8.7 (Berkeley) 11/20/96')
+VERSIONID(`@(#)cfhead.m4	8.9 (Berkeley) 1/18/97')
diff --git a/usr.sbin/sendmail/cf/m4/proto.m4 b/usr.sbin/sendmail/cf/m4/proto.m4
index 676aa35..fc09fe0 100644
--- a/usr.sbin/sendmail/cf/m4/proto.m4
+++ b/usr.sbin/sendmail/cf/m4/proto.m4
@@ -34,7 +34,7 @@ divert(-1)
 #
 divert(0)
 
-VERSIONID(`@(#)proto.m4	8.136 (Berkeley) 11/24/96')
+VERSIONID(`@(#)proto.m4	8.139 (Berkeley) 12/31/96')
 
 MAILER(local)dnl
 
@@ -171,17 +171,18 @@ DR`'ifdef(`LOCAL_RELAY', LOCAL_RELAY)
 # who gets all local email traffic ($R has precedence for unqualified names)
 DH`'ifdef(`MAIL_HUB', MAIL_HUB)
 
-# class L: names that should be delivered locally, even if we have a relay
+# dequoting map
+Kdequote dequote
+
+divert(0)dnl	# end of nullclient diversion
 # class E: names that should be exposed as from this host, even if we masquerade
+ifdef(`_NULL_CLIENT_ONLY_', `#',
+`# class L: names that should be delivered locally, even if we have a relay
 # class M: domains that should be converted to $M
 #CL root
-CE root
+')CE root
 undivert(5)dnl
 
-# dequoting map
-Kdequote dequote
-
-divert(0)dnl	# end of nullclient diversion
 # who I masquerade as (null for no masquerading) (see also $=M)
 DM`'ifdef(`MASQUERADE_NAME', MASQUERADE_NAME)
 
@@ -685,7 +686,7 @@ define(`X', ifdef(`VIRTUSER_TABLE', `', `#'))dnl
 X`'R$+ < @ $=w . > 	$: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
 X`'R< @ > $+ < @ $+ . >	$: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
 X`'R< @ > $+		$: $1
-X`'R< error : $- $+ > $* 	$#error $@ $1 $: $2
+X`'R< error : $- $+ > $* 	$#error $@ $( dequote $1 $) $: $2
 X`'R< $+ > $+ < @ $+ >	$: $>97 $1
 undefine(`X')dnl
 
@@ -798,6 +799,8 @@ R< > $+ + $*		$#_LOCAL_ $@ $2 $: $1
 R< > $+			$: < $H > $1			try hub
 R< > $+			$: < $R > $1			try relay
 R< > $+			$@ $1				nope, give up
+R< local : $* > $*	$: $>95 < local : $1 > $2	no host extension
+R< error : $* > $*	$: $>95 < error : $1 > $2	no host extension
 R< $- : $+ > $+		$: $>95 < $1 : $2 > $3 < @ $2 >
 R< $+ > $+		$@ $>95 < $1 > $2 < @ $1 >
 
@@ -821,15 +824,33 @@ undefine(`X')dnl
 
 S95
 R< > $*				$@ $1			strip off null relay
-R< error : $- $+ > $*		$#error $@ $1 $: $2	special case errors
-R< local : > $* < @ $* >	$#local $@ $1@$2 $: $1	no host: use old user
-R< local : $+ > $* <@ $* . > $*	$#local $@ $2@$3 $: $1	special case local
+R< error : $- $+ > $*		$#error $@ $( dequote $1 $) $: $2
+R< local : $* > $*		$>CanonLocal < $1 > $2
 R< $- : $+ @ $+ > $*<$*>$*	$# $1 $@ $3 $: $2<@$3>	use literal user
 R< $- : $+ > $*			$# $1 $@ $2 $: $3	try qualified mailer
 R< $=w > $*			$@ $2			delete local host
 R< $+ > $*			$#_RELAY_ $@ $1 $: $2	use unqualified mailer
 
 ###################################################################
+###  Ruleset CanonLocal -- canonify local: syntax		###
+###################################################################
+
+SCanonLocal
+# strip trailing dot from any host name that may appear
+R< $* > $* < @ $* . >		$: < $1 > $2 < @ $3 >
+
+# handle local: syntax -- use old user, either with or without host
+R< > $* < @ $* > $*		$#local $@ $1@$2 $: $1
+R< > $+				$#local $@ $1    $: $1
+
+# handle local:user@host syntax -- ignore host part
+R< $+ @ $+ > $*			$: < $1 > $3
+
+# handle local:user syntax
+R< $+ > $* <@ $* > $*		$#local $@ $2@$3 $: $1
+R< $+ > $* 			$#local $@ $2    $: $1
+
+###################################################################
 ###  Ruleset 93 -- convert header names to masqueraded form	###
 ###################################################################
 
diff --git a/usr.sbin/sendmail/cf/m4/version.m4 b/usr.sbin/sendmail/cf/m4/version.m4
index b3ee9a7..1837c22 100644
--- a/usr.sbin/sendmail/cf/m4/version.m4
+++ b/usr.sbin/sendmail/cf/m4/version.m4
@@ -32,8 +32,8 @@ divert(-1)
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-VERSIONID(`@(#)version.m4	8.8.4.2 (Berkeley) 11/26/96')
+VERSIONID(`@(#)version.m4	8.8.5.3 (Berkeley) 1/21/97')
 #
 divert(0)
 # Configuration version number
-DZ8.8.4`'ifdef(`confCF_VERSION', `/confCF_VERSION')
+DZ8.8.5`'ifdef(`confCF_VERSION', `/confCF_VERSION')
diff --git a/usr.sbin/sendmail/cf/ostype/powerux.m4 b/usr.sbin/sendmail/cf/ostype/powerux.m4
new file mode 100644
index 0000000..d0fd3dc
--- /dev/null
+++ b/usr.sbin/sendmail/cf/ostype/powerux.m4
@@ -0,0 +1,46 @@
+divert(-1)
+#
+# Copyright (c) 1983 Eric P. Allman
+# Copyright (c) 1988, 1993
+#	The Regents of the University of California.  All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+# 3. All advertising materials mentioning features or use of this software
+#    must display the following acknowledgement:
+#	This product includes software developed by the University of
+#	California, Berkeley and its contributors.
+# 4. Neither the name of the University nor the names of its contributors
+#    may be used to endorse or promote products derived from this software
+#    without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+divert(0)
+VERSIONID(`@(#)powerux.m4	8.1 (Berkeley) 1/16/97')
+
+define(`ALIAS_FILE', /etc/mail/aliases)dnl
+ifdef(`HELP_FILE',,`define(`HELP_FILE', /etc/mail/sendmail.hf)')dnl
+ifdef(`STATUS_FILE',,`define(`STATUS_FILE', /etc/mail/sendmail.st)')dnl
+define(`LOCAL_MAILER_PATH', `/usr/bin/rmail')dnl
+define(`LOCAL_MAILER_FLAGS', `mn9')dnl
+define(`LOCAL_MAILER_ARGS', `rmail $u')dnl
+define(`LOCAL_SHELL_FLAGS', `ehuP')dnl
+define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gmedium $h!rmail ($u)')dnl
diff --git a/usr.sbin/sendmail/cf/ostype/sinix.m4 b/usr.sbin/sendmail/cf/ostype/sinix.m4
new file mode 100644
index 0000000..7b50e9e
--- /dev/null
+++ b/usr.sbin/sendmail/cf/ostype/sinix.m4
@@ -0,0 +1,45 @@
+divert(-1)
+#
+# Copyright (c) 1996 Eric P. Allman
+# Copyright (c) 1988, 1993
+#	The Regents of the University of California.  All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+# 3. All advertising materials mentioning features or use of this software
+#    must display the following acknowledgement:
+#	This product includes software developed by the University of
+#	California, Berkeley and its contributors.
+# 4. Neither the name of the University nor the names of its contributors
+#    may be used to endorse or promote products derived from this software
+#    without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+divert(0)
+VERSIONID(`@(#)sinix.m4	8.1 (Berkeley) 12/14/96')
+define(`QUEUE_DIR', /usr/ucblib/mqueue)dnl
+define(`ALIAS_FILE', /usr/ucblib/aliases)dnl
+ifdef(`HELP_FILE',,`define(`HELP_FILE', /usr/ucblib/sendmail.hf)')dnl
+ifdef(`STATUS_FILE',,`define(`STATUS_FILE', /usr/ucblib/sendmail.st)')dnl
+define(`LOCAL_MAILER_PATH', `/usr/ucblib/mail.local')dnl
+define(`LOCAL_MAILER_FLAGS', `rmn9')dnl
+define(`LOCAL_SHELL_FLAGS', `ehuP')dnl
+define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gmedium $h!rmail ($u)')dnl
diff --git a/usr.sbin/sendmail/doc/op/op.me b/usr.sbin/sendmail/doc/op/op.me
index 4237497..88b69ea 100644
--- a/usr.sbin/sendmail/doc/op/op.me
+++ b/usr.sbin/sendmail/doc/op/op.me
@@ -30,7 +30,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"	@(#)op.me	8.100 (Berkeley) 12/1/96
+.\"	@(#)op.me	8.103 (Berkeley) 12/13/96
 .\"
 .\" eqn op.me | pic | troff -me
 .eh 'SMM:08-%''Sendmail Installation and Operation Guide'
@@ -65,10 +65,9 @@
 .sp
 .r
 Eric Allman
-InReference, Inc.
 eric@Sendmail.ORG
 .sp
-Version 8.100
+Version 8.103
 .sp
 For Sendmail Version 8.8
 .)l
@@ -161,6 +160,12 @@ Several major changes were introduced in version 8.7.
 You should not attempt to use this document
 for prior versions of
 .i sendmail .
+.bp
+.rs
+.sp |4i
+.ce 2
+This page intentionally left blank;
+replace it with a blank sheet for double-sided output.
 .bp 7
 .sh 1 "BASIC INSTALLATION"
 .pp
@@ -2476,7 +2481,7 @@ When trying to open a connection
 the cache is first searched.
 If an open connection is found, it is probed to see if it is still active
 by sending a
-.sm NOOP
+.sm RSET
 command.
 It is not an error if this fails;
 instead, the connection is closed and reopened.
@@ -8134,6 +8139,15 @@ Temporary versions of the qf files,
 used during queue file rebuild.
 .ip /var/spool/mqueue/xf*
 A transcript of the current session.
+.if e \
+\{\
+.	bp
+.	rs
+.	sp |4i
+.	ce 2
+This page intentionally left blank;
+replace it with a blank sheet for double-sided output.
+.\}
 .\".ro
 .\".ls 1
 .\".tp
@@ -8148,16 +8162,9 @@ A transcript of the current session.
 .\".sp
 .\".sz 10
 .\"Eric Allman
-.\"InReference, Inc.
 .\".sp
-.\"Version 8.100
+.\"Version 8.103
 .\".ce 0
-.bp 2
-.rs
-.sp |4i
-.ce 2
-This page intentionally left blank;
-replace it with a blank sheet for double-sided output.
 .bp 3
 .ce
 .sz 12
diff --git a/usr.sbin/sendmail/src/READ_ME b/usr.sbin/sendmail/src/READ_ME
index 72e9a18..88fa68a 100644
--- a/usr.sbin/sendmail/src/READ_ME
+++ b/usr.sbin/sendmail/src/READ_ME
@@ -30,7 +30,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-#	@(#)READ_ME	8.132 (Berkeley) 12/1/96
+#	@(#)READ_ME	8.135 (Berkeley) 1/21/97
 #
 
 This directory contains the source files for sendmail.
@@ -529,9 +529,7 @@ HES_GETMAILHOST	Define this to 1 if you are using Hesiod with the
 XDEBUG		Do additional internal checking.  These don't cost too
 		much; you might as well leave this on.
 TCPWRAPPERS	Turns on support for the TCP wrappers library (-lwrap).
-		This library is available on ftp.win.tue.nl in /pub/security;
-		grab tcp_wrappers_<VER>.tar.gz (where <VER> is the highest
-		numbered version).
+		See below for further information.
 SECUREWARE	Enable calls to the SecureWare luid enabling/changing routines.
 		SecureWare is a C2 security package added to several UNIX's
 		(notably ConvexOS) to get a C2 Secure system.  This
@@ -787,6 +785,12 @@ Solaris 2.4 (SunOS 5.4)
 	>>
 	>> here, path 2 would be the first used.
 
+Solaris 2.6 (SunOS 5.6)
+	If you built sendmail 8.8.1 through 8.8.4 inclusive on a Solaris 2.5
+	system, that binary will not run on Solaris 2.6, due to problems with
+	incompatible snprintf(3s) calls.  This problem is fixed in sendmail
+	8.8.5.
+
 Ultrix
 	By default, the IDENT protocol is turned off on Ultrix.  If you
 	are running Ultrix 4.4 or later, or if you have included patch
@@ -803,7 +807,7 @@ Solaris 2.5.1 (SunOS 5.5.1)
 	   /usr/include/resolv.h:208: warning: `__P' redefined
 	   cdefs.h:58: warning: this is the location of the previous definition
 
-	If you are running with this patch, create a file in the
+	If you are running with this patch, create a resolv.h file in the
 	obj.SunOS.5.5.1.* directory that reads:
 
 	   #undef __P
@@ -1289,14 +1293,19 @@ LDAP
 	    send them along.
 
 TCP Wrappers
-	If you are using -DTCPWRAPPERS to get TCP Wrappers support, you will
-	also need to install libwrap.a (you can get it from ftp.win.tue.nl)
-	and modify the Makefile to include -lwrap in the LIBS line.
+	If you are using -DTCPWRAPPERS to get TCP Wrappers support you will
+	also need to install libwrap.a and modify the Makefile to include
+	-lwrap in the LIBS line (make sure that INCDIRS and LIBDIRS point
+	to where the tcpd.h and libwrap.a can be found).
+
+	TCP Wrappers is available on ftp.win.tue.nl in /pub/security;
+	grab tcp_wrappers_<VER>.tar.gz (where <VER> is the highest
+	numbered version).
 
 	If you have alternate MX sites for your site, be sure that all of
 	your MX sites reject the same set of hosts.  If not, a bad guy whom
 	you reject will connect to your site, fail, and move on to the next
-	MX site, which will accept the mail for your and forward it on to you.
+	MX site, which will accept the mail for you and forward it on to you.
 
 
 +--------------+
@@ -1398,4 +1407,4 @@ version.c	The version number and information about this
 
 Eric Allman
 
-(Version 8.132, last update 12/1/96 09:34:37)
+(Version 8.135, last update 1/21/97 07:47:02)
diff --git a/usr.sbin/sendmail/src/alias.c b/usr.sbin/sendmail/src/alias.c
index 95de1ee..b09a85d 100644
--- a/usr.sbin/sendmail/src/alias.c
+++ b/usr.sbin/sendmail/src/alias.c
@@ -35,7 +35,7 @@
 # include "sendmail.h"
 
 #ifndef lint
-static char sccsid[] = "@(#)alias.c	8.66 (Berkeley) 9/20/96";
+static char sccsid[] = "@(#)alias.c	8.67 (Berkeley) 1/18/97";
 #endif /* not lint */
 
 
@@ -601,11 +601,24 @@ readaliases(map, af, announcestats, logstats)
 	while (fgets(line, sizeof (line), af) != NULL)
 	{
 		int lhssize, rhssize;
+		int c;
 
 		LineNumber++;
 		p = strchr(line, '\n');
 		if (p != NULL)
 			*p = '\0';
+		else if (!feof(af))
+		{
+			syserr("554 alias line too long");
+
+			/* flush to end of line */
+			while ((c = getc(af)) != EOF && c != '\n')
+				continue;
+
+			/* skip any continuation lines */
+			skipping = TRUE;
+			continue;
+		}
 		switch (line[0])
 		{
 		  case '#':
@@ -655,7 +668,6 @@ readaliases(map, af, announcestats, logstats)
 		rhs = p;
 		for (;;)
 		{
-			register char c;
 			register char *nlp;
 
 			nlp = &p[strlen(p)];
@@ -698,12 +710,19 @@ readaliases(map, af, announcestats, logstats)
 			LineNumber++;
 
 			/* check for line overflow */
-			if (strchr(p, '\n') == NULL)
+			if (strchr(p, '\n') == NULL && !feof(af))
 			{
 				usrerr("554 alias too long");
+				while ((c = fgetc(af)) != EOF && c != '\n')
+					continue;
+				skipping = TRUE;
 				break;
 			}
 		}
+
+		if (skipping)
+			continue;
+
 		if (!bitnset(M_ALIASABLE, al.q_mailer->m_flags))
 		{
 			syserr("554 %s... cannot alias non-local names",
diff --git a/usr.sbin/sendmail/src/clock.c b/usr.sbin/sendmail/src/clock.c
index 281ee60..5639f44 100644
--- a/usr.sbin/sendmail/src/clock.c
+++ b/usr.sbin/sendmail/src/clock.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)clock.c	8.16 (Berkeley) 11/27/96";
+static char sccsid[] = "@(#)clock.c	8.18 (Berkeley) 12/31/96";
 #endif /* not lint */
 
 # include "sendmail.h"
@@ -60,7 +60,7 @@ static char sccsid[] = "@(#)clock.c	8.16 (Berkeley) 11/27/96";
 **		none.
 */
 
-static void tick __P((int));
+static SIGFUNC_DECL tick __P((int));
 
 EVENT *
 setevent(intvl, func, arg)
@@ -161,7 +161,7 @@ clrevent(ev)
 **		calls the next function in EventQueue.
 */
 
-static void
+static SIGFUNC_DECL
 tick(arg)
 	int arg;
 {
@@ -169,9 +169,6 @@ tick(arg)
 	register EVENT *ev;
 	int mypid = getpid();
 	int olderrno = errno;
-#ifdef SIG_UNBLOCK
-	sigset_t ss;
-#endif
 
 	(void) setsignal(SIGALRM, SIG_IGN);
 	(void) alarm(0);
@@ -224,6 +221,7 @@ tick(arg)
 	if (EventQueue != NULL)
 		(void) alarm((unsigned) (EventQueue->ev_time - now));
 	errno = olderrno;
+	return SIGFUNC_RETURN;
 }
 /*
 **  SLEEP -- a version of sleep that works with this stuff
diff --git a/usr.sbin/sendmail/src/collect.c b/usr.sbin/sendmail/src/collect.c
index c5e1ceb..660521c 100644
--- a/usr.sbin/sendmail/src/collect.c
+++ b/usr.sbin/sendmail/src/collect.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)collect.c	8.61 (Berkeley) 11/24/96";
+static char sccsid[] = "@(#)collect.c	8.62 (Berkeley) 12/11/96";
 #endif /* not lint */
 
 # include <errno.h>
@@ -501,6 +501,21 @@ readerr:
 		markstats(e, (ADDRESS *) NULL);
 	}
 
+#ifdef _FFR_DSN_RRT
+	/*
+	**  If we have a Return-Receipt-To:, turn it into a DSN.
+	*/
+
+	if (RrtImpliesDsn && hvalue("return-receipt-to", e->e_header) != NULL)
+	{
+		ADDRESS *q;
+
+		for (q = e->e_sendqueue; q != NULL; q = q->q_next)
+			if (!bitset(QHASNOTIFY, q->q_flags))
+				q->q_flags |= QHASNOTIFY|QPINGONSUCCESS;
+	}
+#endif
+
 	/*
 	**  Add an Apparently-To: line if we have no recipient lines.
 	*/
diff --git a/usr.sbin/sendmail/src/conf.c b/usr.sbin/sendmail/src/conf.c
index f4a2219..e172a78 100644
--- a/usr.sbin/sendmail/src/conf.c
+++ b/usr.sbin/sendmail/src/conf.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)conf.c	8.325 (Berkeley) 12/1/96";
+static char sccsid[] = "@(#)conf.c	8.333 (Berkeley) 1/21/97";
 #endif /* not lint */
 
 # include "sendmail.h"
@@ -127,14 +127,6 @@ struct hdrinfo	HdrInfo[] =
 
 
 /*
-**  Location of system files/databases/etc.
-*/
-
-char	*PidFile =	_PATH_SENDMAILPID;	/* stores daemon proc id */
-
-
-
-/*
 **  Privacy values
 */
 
@@ -230,6 +222,7 @@ setdefaults(e)
 	ServiceSwitchFile = "/etc/service.switch";
 	ServiceCacheMaxAge = (time_t) 10;
 	HostsFile = _PATH_HOSTS;
+	PidFile = newstr(_PATH_SENDMAILPID);
 	MustQuoteChars = "@,;:\\()[].'";
 	MciInfoTimeout = 30 MINUTES;
 	MaxRuleRecursion = MAXRULERECURSION;
@@ -1851,12 +1844,13 @@ int getla(void)
 int
 getla()
 {
-	kstat_ctl_t *kc;
-	kstat_t *ksp;
+	static kstat_ctl_t *kc = NULL;
+	static kstat_t *ksp = NULL;
 	kstat_named_t *ksn;
 	int la;
 
-	kc = kstat_open();
+	if (kc == NULL)		/* if not initialized before */
+		kc = kstat_open();
 	if (kc == NULL)
 	{
 		if (tTd(3, 1))
@@ -1864,24 +1858,25 @@ getla()
 				errstring(errno));
 		return -1;
 	}
-	ksp = kstat_lookup(kc, "unix", 0, "system_misc"); /* NULL on error */
+	if (ksp == NULL)
+		ksp = kstat_lookup(kc, "unix", 0, "system_misc");
 	if (ksp == NULL)
 	{
 		if (tTd(3, 1))
 			printf("getla: kstat_lookup(): %s\n",
-				errstring(errno);
+				errstring(errno));
 		return -1;
 	}
 	if (kstat_read(kc, ksp, NULL) < 0)
 	{
 		if (tTd(3, 1))
 			printf("getla: kstat_read(): %s\n",
-				errstring(errno);
+				errstring(errno));
 		return -1;
 	}
 	ksn = (kstat_named_t *) kstat_data_lookup(ksp, "avenrun_1min");
-	la = (ksn->value.ul + FSCALE/2) >> FSHIFT;
-	kstat_close(kc);
+	la = ((double)ksn->value.ul + FSCALE/2) / FSCALE;
+	/* kstat_close(kc); /o do not close for fast access */
 	return la;
 }
 
@@ -2377,7 +2372,7 @@ setproctitle(fmt, va_alist)
 **		Picks up extant zombies.
 */
 
-void
+SIGFUNC_DECL
 reapchild(sig)
 	int sig;
 {
@@ -2419,6 +2414,7 @@ reapchild(sig)
 	(void) setsignal(SIGCHLD, reapchild);
 # endif
 	errno = olderrno;
+	return SIGFUNC_RETURN;
 }
 /*
 **  PUTENV -- emulation of putenv() in terms of setenv()
@@ -2805,12 +2801,12 @@ getopt(nargc,nargv,ostr)
 	if(!*place) {			/* update scanning pointer */
 		if (optind >= nargc || *(place = nargv[optind]) != '-' || !*++place) {
 			atend++;
-			return(EOF);
+			return -1;
 		}
 		if (*place == '-') {	/* found "--" */
 			++optind;
 			atend++;
-			return(EOF);
+			return -1;
 		}
 	}				/* option letter okay? */
 	if ((optopt = (int)*place++) == (int)':' || !(oli = strchr(ostr,optopt))) {
@@ -3692,6 +3688,7 @@ lockfile(fd, filename, ext, type)
 #  endif
 		syserr("cannot lockf(%s%s, fd=%d, type=%o, omode=%o, euid=%d)",
 			filename, ext, fd, type, omode, geteuid());
+		dumpfd(fd, TRUE, TRUE);
 	}
 # else
 	if (ext == NULL)
@@ -3721,6 +3718,7 @@ lockfile(fd, filename, ext, type)
 #  endif
 		syserr("cannot flock(%s%s, fd=%d, type=%o, omode=%o, euid=%d)",
 			filename, ext, fd, type, omode, geteuid());
+		dumpfd(fd, TRUE, TRUE);
 	}
 # endif
 	if (tTd(55, 60))
@@ -4011,8 +4009,10 @@ vendor_set_uid(uid)
 
 #if TCPWRAPPERS
 # include <tcpd.h>
+
+/* tcpwrappers does no logging, but you still have to declare these -- ugh */
 int	allow_severity	= LOG_INFO;
-int	deny_severity	= LOG_WARNING;
+int	deny_severity	= LOG_NOTICE;
 #endif
 
 #if DAEMON
@@ -4027,7 +4027,14 @@ validate_connection(sap, hostname, e)
 
 #if TCPWRAPPERS
 	if (!hosts_ctl("sendmail", hostname, anynet_ntoa(sap), STRING_UNKNOWN))
+	{
+# ifdef LOG
+		if (LogLevel >= 4)
+			syslog(LOG_NOTICE, "tcpwrappers (%s, %s) rejection",
+				hostname, anynet_ntoa(sap));
+# endif
 		return FALSE;
+	}
 #endif
 	return TRUE;
 }
@@ -4395,7 +4402,7 @@ load_if_names()
 	int s;
 	int i;
         struct ifconf ifc;
-	char interfacebuf[1024];
+	char interfacebuf[10240];
 
 	s = socket(AF_INET, SOCK_DGRAM, 0);
 	if (s == -1)
@@ -4766,6 +4773,9 @@ char	*OsCompileOptions[] =
 #if USE_SA_SIGACTION
 	"USE_SA_SIGACTION",
 #endif
+#if USE_SIGLONGJMP
+	"USE_SIGLONGJMP",
+#endif
 #if USESETEUID
 	"USESETEUID",
 #endif
diff --git a/usr.sbin/sendmail/src/conf.h b/usr.sbin/sendmail/src/conf.h
index 39a92f5..595ed43 100644
--- a/usr.sbin/sendmail/src/conf.h
+++ b/usr.sbin/sendmail/src/conf.h
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	@(#)conf.h	8.279 (Berkeley) 12/1/96
+ *	@(#)conf.h	8.288 (Berkeley) 1/17/97
  */
 
 /*
@@ -367,14 +367,12 @@ typedef int		pid_t;
 
 #if defined(sun) && !defined(BSD)
 
+# include <sys/time.h>
 # define HASINITGROUPS	1	/* has initgroups(3) call */
 # define HASUNAME	1	/* use System V uname(2) system call */
 # define HASGETUSERSHELL 1	/* DOES have getusershell(3) call in libc */
 # define HASFCHMOD	1	/* has fchmod(2) syscall */
 # define IP_SRCROUTE	1	/* can check IP source routing */
-# ifndef LA_TYPE
-#  define LA_TYPE	LA_INT
-# endif
 
 # ifdef SOLARIS_2_3
 #  define SOLARIS	20300	/* for back compat only -- use -DSOLARIS=20300 */
@@ -389,7 +387,6 @@ typedef int		pid_t;
 #  ifndef __svr4__
 #   define __svr4__		/* use all System V Releae 4 defines below */
 #  endif
-#  include <sys/time.h>
 #  define GIDSET_T	gid_t
 #  define USE_SA_SIGACTION	1	/* use sa_sigaction field */
 #  ifndef _PATH_UNIX
@@ -409,16 +406,14 @@ typedef int		pid_t;
 #   define USESETEUID	1		/* seteuid works as of 2.3 */
 #  endif
 #  if SOLARIS >= 20500 || (SOLARIS < 10000 && SOLARIS >= 205)
-#   define HASSNPRINTF	1		/* has snprintf starting in 2.5 */
 #   define HASSETREUID	1		/* setreuid works as of 2.5 */
-#   if SOLARIS == 20500 || SOLARIS == 205
-#    define snprintf	__snprintf	/* but names it oddly in 2.5 */
-#    define vsnprintf	__vsnprintf
-#   endif
 #   ifndef LA_TYPE
 #    define LA_TYPE	LA_KSTAT	/* use kstat(3k) -- may work in < 2.5 */
 #   endif
 #  endif
+#  if SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206)
+#   define HASSNPRINTF	1		/* has snprintf starting in 2.6 */
+#  endif
 #  ifndef HASGETUSERSHELL
 #   define HASGETUSERSHELL 0	/* getusershell(3) causes core dumps */
 #  endif
@@ -454,7 +449,12 @@ extern char		*getenv();
 
 #  endif
 # endif
-#endif
+
+# ifndef LA_TYPE
+#  define LA_TYPE	LA_INT
+# endif
+
+#endif /* sun && !BSD */
 
 /*
 **  DG/UX
@@ -680,7 +680,7 @@ typedef int		pid_t;
 
 
 /*
-**  FreeBSD / NetBSD (all architectures, all versions)
+**  FreeBSD / NetBSD / OpenBSD (all architectures, all versions)
 **
 **  4.3BSD clone, closer to 4.4BSD	for FreeBSD 1.x and NetBSD 0.9x
 **  4.4BSD-Lite based			for FreeBSD 2.x and NetBSD 1.x
@@ -688,7 +688,7 @@ typedef int		pid_t;
 **	See also BSD defines.
 */
 
-#if defined(__FreeBSD__) || defined(__NetBSD__)
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
 # include <paths.h>
 # define HASUNSETENV	1	/* has unsetenv(3) call */
 # define HASSETSID	1	/* has the setsid(2) POSIX syscall */
@@ -723,6 +723,10 @@ typedef int		pid_t;
 #   define SPT_PADCHAR	'\0'		/* pad process title with nulls */
 #  endif
 # endif
+# if defined(__OpenBSD__)
+#  undef SPT_TYPE
+#  define SPT_TYPE	SPT_BUILTIN	/* setproctitle is in libc */
+# endif
 #endif
 
 
@@ -832,6 +836,7 @@ extern int		errno;
 # define SYSTEM5	1	/* include all the System V defines */
 # define HASGETUSERSHELL 0	/* does not have getusershell(3) call */
 # define NOFTRUNCATE	0	/* has (simulated) ftruncate call */
+# define USE_SIGLONGJMP	1	/* sigsetjmp needed for signal handling */
 # define MAXPATHLEN	PATHSIZE
 # define SFS_TYPE	SFS_4ARGS	/* use <sys/statfs.h> 4-arg impl */
 # define SFS_BAVAIL	f_bfree		/* alternate field name */
@@ -904,6 +909,7 @@ extern int		errno;
 # define WAITUNION	1	/* use "union wait" as wait argument type */
 # define NEEDFSYNC	1	/* no fsync(2) in system library */
 # define NEEDSTRSTR	1	/* need emulation of the strstr(3) call */
+# define NOFTRUNCATE	1	/* do not have ftruncate(2) */
 # define MAXPATHLEN	PATH_MAX
 # define LA_TYPE	LA_SHORT
 # define SFS_TYPE	SFS_STATFS	/* use <sys/statfs.h> statfs() impl */
@@ -917,6 +923,7 @@ extern int		errno;
 typedef unsigned short	uid_t;
 typedef unsigned short	gid_t;
 typedef short		pid_t;
+typedef unsigned long	mode_t;
 
 /* some stuff that should have been in the include files */
 # include <grp.h>
@@ -1015,7 +1022,9 @@ extern struct group	*getgrnam();
 
 extern int		errno;
 typedef int		pid_t;
-#define			SIGFUNC_DEFINED
+#define SIGFUNC_DEFINED
+#define SIGFUNC_RETURN	(0)
+#define SIGFUNC_DECL	int
 typedef int		(*sigfunc_t)();
 extern char		*getenv();
 extern void		*malloc();
@@ -1110,6 +1119,8 @@ extern void		*malloc();
 # define HASINITGROUPS	1	/* has initgroups(3) call */
 # define HASSETVBUF	1	/* we have setvbuf(3) in libc */
 # define SIGFUNC_DEFINED	/* sigfunc_t already defined */
+# define SIGFUNC_RETURN	(0)	/* XXX this is a guess */
+# define SIGFUNC_DECL	int	/* XXX this is a guess */
 # ifndef IDENTPROTO
 #  define IDENTPROTO	0	/* TCP/IP implementation is broken */
 # endif
@@ -1284,6 +1295,9 @@ typedef int		pid_t;
 #  define IDENTPROTO	0	/* TCP/IP implementation is broken */
 # endif
 # define RLIMIT_NEEDS_SYS_TIME_H	1
+# if defined(NGROUPS_MAX) && !NGROUPS_MAX
+#  undef NGROUPS_MAX
+# endif
 #endif
 
 
@@ -1494,6 +1508,8 @@ extern struct group	*getgrent(), *getgrnam(), *getgrgid();
 typedef int		pid_t;
 typedef int		(*sigfunc_t)();
 #  define SIGFUNC_DEFINED
+#  define SIGFUNC_RETURN	(0)
+#  define SIGFUNC_DECL		int
 
 # else
 			/* NEWS-OS 6.0.3 with /bin/cc */
@@ -1558,6 +1574,8 @@ typedef int		(*sigfunc_t)();
 typedef int		pid_t;
 typedef int		(*sigfunc_t)();
 # define SIGFUNC_DEFINED
+# define SIGFUNC_RETURN	(0)
+# define SIGFUNC_DECL	int
 extern char	*getenv();
 extern int	errno;
 # define _PATH_VENDOR_CF	"/usr/lib/sendmail.cf"
@@ -1662,6 +1680,28 @@ extern int	errno;
 
 #endif
 
+/*
+**  Harris Nighthawk PowerUX (nh6000 box)
+**
+**  Contributed by Bob Miorelli, Pratt & Whitney <miorelli@pweh.com>
+*/
+
+#ifdef _PowerUX
+# ifndef __svr4__
+#  define __svr4__
+# endif
+# define _PATH_VENDOR_CF	"/etc/mail/sendmail.cf"
+# ifndef _PATH_SENDMAILPID
+#  define _PATH_SENDMAILPID	"/etc/mail/sendmail.pid"
+# endif
+# define SYSLOG_BUFSIZE		1024
+# define HASSNPRINTF		1	/* has snprintf(3) and vsnprintf(3) */
+# define LA_TYPE		LA_ZERO
+typedef struct msgb		mblk_t;
+# undef offsetof	/* avoid stddefs.h and sys/sysmacros.h conflict */
+#endif
+
+
 /**********************************************************************
 **  End of Per-Operating System defines
 **********************************************************************/
@@ -1720,10 +1760,7 @@ extern int	errno;
 #  define SFS_TYPE		SFS_STATVFS
 # endif
 
-/* SVr4 uses different routines for setjmp/longjmp with signal support */
-# define jmp_buf		sigjmp_buf
-# define setjmp(env)		sigsetjmp(env, 1)
-# define longjmp(env, val)	siglongjmp(env, val)
+# define USE_SIGLONGJMP	1	/* sigsetjmp needed for signal handling */
 #endif
 
 /* general System V defines */
@@ -1844,6 +1881,10 @@ extern int	errno;
 # define SECUREWARE	0	/* assume no SecureWare C2 auditing hooks */
 #endif
 
+#ifndef USE_SIGLONGJMP
+# define USE_SIGLONGJMP	0	/* assume setjmp handles signals properly */
+#endif
+
 /*
 **  If no type for argument two of getgroups call is defined, assume
 **  it's an integer -- unfortunately, there seem to be several choices
@@ -2070,6 +2111,12 @@ struct utsname
 #ifndef SIGFUNC_DEFINED
 typedef void		(*sigfunc_t) __P((int));
 #endif
+#ifndef SIGFUNC_RETURN
+# define SIGFUNC_RETURN
+#endif
+#ifndef SIGFUNC_DECL
+# define SIGFUNC_DECL	void
+#endif
 
 /* size of syslog buffer */
 #ifndef SYSLOG_BUFSIZE
@@ -2116,3 +2163,22 @@ typedef void		(*sigfunc_t) __P((int));
 #ifndef SCANF
 # define SCANF		1
 #endif
+
+/*
+**  SVr4 and similar systems use different routines for setjmp/longjmp
+**  with signal support
+*/
+
+#if USE_SIGLONGJMP
+/* Silly SCO /usr/include/setjmp.h file has #define setjmp(env) setjmp(env) */
+# ifdef setjmp
+#  undef setjmp
+# endif
+# define jmp_buf		sigjmp_buf
+# define setjmp(env)		sigsetjmp(env, 1)
+# define longjmp(env, val)	siglongjmp(env, val)
+#endif
+
+#if !defined(NGROUPS_MAX) && defined(NGROUPS)
+# define NGROUPS_MAX	NGROUPS		/* POSIX naming convention */
+#endif
diff --git a/usr.sbin/sendmail/src/daemon.c b/usr.sbin/sendmail/src/daemon.c
index c8516fc..bd8a914 100644
--- a/usr.sbin/sendmail/src/daemon.c
+++ b/usr.sbin/sendmail/src/daemon.c
@@ -37,9 +37,9 @@
 
 #ifndef lint
 #ifdef DAEMON
-static char sccsid[] = "@(#)daemon.c	8.156 (Berkeley) 12/1/96 (with daemon mode)";
+static char sccsid[] = "@(#)daemon.c	8.159 (Berkeley) 1/14/97 (with daemon mode)";
 #else
-static char sccsid[] = "@(#)daemon.c	8.156 (Berkeley) 12/1/96 (without daemon mode)";
+static char sccsid[] = "@(#)daemon.c	8.159 (Berkeley) 1/14/97 (without daemon mode)";
 #endif
 #endif /* not lint */
 
@@ -165,7 +165,8 @@ getrequests(e)
 	(void) setsignal(SIGCHLD, reapchild);
 
 	/* write the pid to the log file for posterity */
-	pidf = fopen(PidFile, "w");
+	pidf = safefopen(PidFile, O_WRONLY|O_CREAT|O_TRUNC, 0644,
+			 SFF_NOSLINK|SFF_ROOTOK|SFF_REGONLY|SFF_CREAT);
 	if (pidf != NULL)
 	{
 		extern char *CommandLineArgs;
@@ -316,7 +317,7 @@ getrequests(e)
 		if (pid == 0)
 		{
 			char *p;
-			extern void intsig();
+			extern SIGFUNC_DECL intsig __P((int));
 			FILE *inchannel, *outchannel;
 			bool nullconn;
 
diff --git a/usr.sbin/sendmail/src/deliver.c b/usr.sbin/sendmail/src/deliver.c
index 576c166..97a1050 100644
--- a/usr.sbin/sendmail/src/deliver.c
+++ b/usr.sbin/sendmail/src/deliver.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)deliver.c	8.260 (Berkeley) 12/1/96";
+static char sccsid[] = "@(#)deliver.c	8.266 (Berkeley) 1/17/97";
 #endif /* not lint */
 
 #include "sendmail.h"
@@ -314,7 +314,7 @@ sendall(e, mode)
 			ee->e_errorqueue = copyqueue(e->e_errorqueue);
 			ee->e_flags = e->e_flags & ~(EF_INQUEUE|EF_CLRQUEUE|EF_FATALERRS|EF_SENDRECEIPT|EF_RET_PARAM);
 			ee->e_flags |= EF_NORECEIPT;
-			setsender(owner, ee, NULL, TRUE);
+			setsender(owner, ee, NULL, '\0', TRUE);
 			if (tTd(13, 5))
 			{
 				printf("sendall(split): QDONTSEND ");
@@ -401,7 +401,7 @@ sendall(e, mode)
 
 	if (owner != NULL)
 	{
-		setsender(owner, e, NULL, TRUE);
+		setsender(owner, e, NULL, '\0', TRUE);
 		if (tTd(13, 5))
 		{
 			printf("sendall(owner): QDONTSEND ");
@@ -470,6 +470,13 @@ sendall(e, mode)
   queueonly:
 		if (e->e_nrcpts > 0)
 			e->e_flags |= EF_INQUEUE;
+		dropenvelope(e, FALSE);
+		for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
+		{
+			if (ee->e_nrcpts > 0)
+				ee->e_flags |= EF_INQUEUE;
+			dropenvelope(ee, FALSE);
+		}
 		return;
 
 	  case SM_FORK:
@@ -547,7 +554,7 @@ sendall(e, mode)
 			exit(EX_OK);
 
 		/* be sure we are immune from the terminal */
-		disconnect(1, e);
+		disconnect(2, e);
 
 		/* prevent parent from waiting if there was an error */
 		if (pid < 0)
@@ -788,10 +795,10 @@ dofork()
 */
 
 #ifndef NO_UID
-# define NO_UID		((uid_t) -1)
+# define NO_UID		-1
 #endif
 #ifndef NO_GID
-# define NO_GID		((gid_t) -1)
+# define NO_GID		-1
 #endif
 
 int
@@ -1500,9 +1507,9 @@ tryhost:
 		{
 			int i;
 			int saveerrno;
-			uid_t new_euid = NO_UID;
-			uid_t new_ruid = NO_UID;
-			gid_t new_gid = NO_GID;
+			int new_euid = NO_UID;
+			int new_ruid = NO_UID;
+			int new_gid = NO_GID;
 			struct stat stb;
 			extern int DtableSize;
 
@@ -1765,12 +1772,13 @@ tryhost:
 	}
 #endif
 
+	/* clear out per-message flags from connection structure */
+	mci->mci_flags &= ~(MCIF_CVT7TO8|MCIF_CVT8TO7);
+
 	if (bitset(EF_HAS8BIT, e->e_flags) &&
 	    !bitset(EF_DONT_MIME, e->e_flags) &&
 	    bitnset(M_7BITS, m->m_flags))
 		mci->mci_flags |= MCIF_CVT8TO7;
-	else
-		mci->mci_flags &= ~MCIF_CVT8TO7;
 
 #if MIME7TO8
 	if (bitnset(M_MAKE8BIT, m->m_flags) &&
@@ -2000,7 +2008,7 @@ tryhost:
 		e->e_statmsg = NULL;
 
 		/* reset the mci state for the next transaction */
-		if (mci->mci_state == MCIS_ACTIVE)
+		if (mci != NULL && mci->mci_state == MCIS_ACTIVE)
 			mci->mci_state = MCIS_OPEN;
 	}
 # endif
@@ -2014,7 +2022,7 @@ tryhost:
 
 #if SMTP
 	/* now close the connection */
-	if (clever && mci->mci_state != MCIS_CLOSED &&
+	if (clever && mci != NULL && mci->mci_state != MCIS_CLOSED &&
 	    !bitset(MCIF_CACHED, mci->mci_flags))
 		smtpquit(m, mci, e);
 #endif
diff --git a/usr.sbin/sendmail/src/envelope.c b/usr.sbin/sendmail/src/envelope.c
index 6781522..c5e98f7e 100644
--- a/usr.sbin/sendmail/src/envelope.c
+++ b/usr.sbin/sendmail/src/envelope.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)envelope.c	8.99 (Berkeley) 12/1/96";
+static char sccsid[] = "@(#)envelope.c	8.101 (Berkeley) 12/16/96";
 #endif /* not lint */
 
 #include "sendmail.h"
@@ -275,11 +275,14 @@ dropenvelope(e, fulldrop)
 
 	if (bitset(EF_FATALERRS, e->e_flags) && !failure_return)
 	{
-		failure_return = TRUE;
 		for (q = e->e_sendqueue; q != NULL; q = q->q_next)
 		{
-			if (!bitset(QDONTSEND, q->q_flags))
+			if (!bitset(QDONTSEND, q->q_flags) &&
+			    bitset(QPINGONFAILURE, q->q_flags))
+			{
+				failure_return = TRUE;
 				q->q_flags |= QBADADDR;
+			}
 		}
 	}
 
@@ -640,6 +643,8 @@ closexscript(e)
 **		e -- the envelope in which we would like the sender set.
 **		delimptr -- if non-NULL, set to the location of the
 **			trailing delimiter.
+**		delimchar -- the character that will delimit the sender
+**			address.
 **		internal -- set if this address is coming from an internal
 **			source such as an owner alias.
 **
@@ -651,16 +656,16 @@ closexscript(e)
 */
 
 void
-setsender(from, e, delimptr, internal)
+setsender(from, e, delimptr, delimchar, internal)
 	char *from;
 	register ENVELOPE *e;
 	char **delimptr;
+	int delimchar;
 	bool internal;
 {
 	register char **pvp;
 	char *realname = NULL;
 	register struct passwd *pw;
-	char delimchar;
 	char *bp;
 	char buf[MAXNAME + 2];
 	char pvpbuf[PSBUFSIZE];
@@ -683,7 +688,6 @@ setsender(from, e, delimptr, internal)
 	if (ConfigLevel < 2)
 		SuprErrs = TRUE;
 
-	delimchar = internal ? '\0' : ' ';
 	e->e_from.q_flags = QBADADDR;
 	if (from == NULL ||
 	    parseaddr(from, &e->e_from, RF_COPYALL|RF_SENDERADDR,
diff --git a/usr.sbin/sendmail/src/headers.c b/usr.sbin/sendmail/src/headers.c
index ba1845d..d40d95f 100644
--- a/usr.sbin/sendmail/src/headers.c
+++ b/usr.sbin/sendmail/src/headers.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)headers.c	8.101 (Berkeley) 11/23/96";
+static char sccsid[] = "@(#)headers.c	8.103 (Berkeley) 12/11/96";
 #endif /* not lint */
 
 # include <errno.h>
@@ -569,7 +569,7 @@ eatheader(e, full)
 			if (tTd(32, 2))
 				printf("eatheader: setsender(*%s == %s)\n",
 					hi->hi_field, p);
-			setsender(p, e, NULL, TRUE);
+			setsender(p, e, NULL, '\0', TRUE);
 		}
 	}
 
@@ -1165,7 +1165,11 @@ putheader(mci, hdr, e)
 
 		/* suppress return receipts if requested */
 		if (bitset(H_RECEIPTTO, h->h_flags) &&
+#if _FFR_DSN_RRT
+		    (RrtImpliesDsn || bitset(EF_NORECEIPT, e->e_flags)))
+#else
 		    bitset(EF_NORECEIPT, e->e_flags))
+#endif
 		{
 			if (tTd(34, 11))
 				printf(" (skipped (receipt))\n");
diff --git a/usr.sbin/sendmail/src/main.c b/usr.sbin/sendmail/src/main.c
index fbd954a..3c30fb3 100644
--- a/usr.sbin/sendmail/src/main.c
+++ b/usr.sbin/sendmail/src/main.c
@@ -39,7 +39,7 @@ static char copyright[] =
 #endif /* not lint */
 
 #ifndef lint
-static char sccsid[] = "@(#)main.c	8.223 (Berkeley) 12/1/96";
+static char sccsid[] = "@(#)main.c	8.230 (Berkeley) 1/17/97";
 #endif /* not lint */
 
 #define	_DEFINE
@@ -145,12 +145,12 @@ main(argc, argv, envp)
 	extern char *optarg;
 	extern char **environ;
 	extern time_t convtime();
-	extern void intsig();
+	extern SIGFUNC_DECL intsig __P((int));
 	extern struct hostent *myhostname();
 	extern char *getauthinfo();
 	extern char *getcfname();
-	extern void sigusr1();
-	extern void sighup();
+	extern SIGFUNC_DECL sigusr1 __P((int));
+	extern SIGFUNC_DECL sighup __P((int));
 	extern void initmacros __P((ENVELOPE *));
 	extern void init_md __P((int, char **));
 	extern int getdtsize __P((void));
@@ -165,6 +165,7 @@ main(argc, argv, envp)
 	extern void printqueue __P((void));
 	extern void sendtoargv __P((char **, ENVELOPE *));
 	extern void resetlimits __P((void));
+	extern void drop_privileges __P((void));
 
 	/*
 	**  Check to see if we reentered.
@@ -228,6 +229,9 @@ main(argc, argv, envp)
 
 	tTsetup(tTdvect, sizeof tTdvect, "0-99.1");
 
+	/* drop group id privileges (RunAsUser not yet set) */
+	drop_privileges();
+
 	/* Handle any non-getoptable constructions. */
 	obsolete(argv);
 
@@ -245,7 +249,7 @@ main(argc, argv, envp)
 # define OPTIONS	"B:b:C:cd:e:F:f:h:IiM:mN:nO:o:p:q:R:r:sTtUV:vX:"
 #endif
 	opterr = 0;
-	while ((j = getopt(argc, argv, OPTIONS)) != EOF)
+	while ((j = getopt(argc, argv, OPTIONS)) != -1)
 	{
 		switch (j)
 		{
@@ -511,7 +515,7 @@ main(argc, argv, envp)
 		OpMode = MD_PURGESTAT;
 
 	optind = 1;
-	while ((j = getopt(argc, argv, OPTIONS)) != EOF)
+	while ((j = getopt(argc, argv, OPTIONS)) != -1)
 	{
 		switch (j)
 		{
@@ -806,10 +810,7 @@ main(argc, argv, envp)
 	if (OpMode != MD_DAEMON && OpMode != MD_FGDAEMON)
 	{
 		/* drop privileges -- daemon mode done after socket/bind */
-		if (RunAsGid != 0)
-			(void) setgid(RunAsGid);
-		if (RunAsUid != 0)
-			(void) setuid(RunAsUid);
+		drop_privileges();
 	}
 
 	/*
@@ -900,6 +901,20 @@ main(argc, argv, envp)
 		printf("Warning: HostStatusDirectory required for SingleThreadDelivery\n");
 	}
 
+	/* check for permissions */
+	if ((OpMode == MD_DAEMON || OpMode == MD_PURGESTAT) && RealUid != 0)
+	{
+#ifdef LOG
+		if (LogLevel > 1)
+			syslog(LOG_ALERT, "user %d attempted to %s",
+				RealUid,
+				OpMode == MD_DAEMON ? "run daemon"
+						    : "purge host status");
+#endif
+		usrerr("Permission denied");
+		exit(EX_USAGE);
+	}
+
 	if (MeToo)
 		BlankEnvelope.e_flags |= EF_METOO;
 
@@ -916,17 +931,6 @@ main(argc, argv, envp)
 		/* fall through ... */
 
 	  case MD_DAEMON:
-		/* check for permissions */
-		if (RealUid != 0)
-		{
-#ifdef LOG
-			if (LogLevel > 1)
-				syslog(LOG_ALERT, "user %d attempted to run daemon",
-					RealUid);
-#endif
-			usrerr("Permission denied");
-			exit(EX_USAGE);
-		}
 		vendor_daemon_setup(CurEnv);
 
 		/* remove things that don't make sense in daemon mode */
@@ -948,6 +952,11 @@ main(argc, argv, envp)
 		Verbose = TRUE;
 		/* fall through... */
 
+	  case MD_PRINT:
+		/* to handle sendmail -bp -qSfoobar properly */
+		queuemode = FALSE;
+		/* fall through... */
+
 	  default:
 		/* arrange to exit cleanly on hangup signal */
 		if (setsignal(SIGHUP, SIG_IGN) == (sigfunc_t) SIG_DFL)
@@ -1214,7 +1223,7 @@ main(argc, argv, envp)
 	if (OpMode == MD_TEST)
 	{
 		char buf[MAXLINE];
-		void intindebug();
+		SIGFUNC_DECL intindebug __P((int));
 
 		if (isatty(fileno(stdin)))
 			Verbose = TRUE;
@@ -1318,10 +1327,7 @@ main(argc, argv, envp)
 		nullserver = getrequests(CurEnv);
 
 		/* drop privileges */
-		if (RunAsGid != 0)
-			(void) setgid(RunAsGid);
-		if (RunAsUid != 0)
-			(void) setuid(RunAsUid);
+		drop_privileges();
 
 		/* at this point we are in a child: reset state */
 		(void) newenvelope(CurEnv, CurEnv);
@@ -1385,7 +1391,7 @@ main(argc, argv, envp)
 	if (warn_f_flag != '\0' && !wordinclass(RealUserName, 't'))
 		auth_warning(CurEnv, "%s set sender to %s using -%c",
 			RealUserName, from, warn_f_flag);
-	setsender(from, CurEnv, NULL, FALSE);
+	setsender(from, CurEnv, NULL, '\0', FALSE);
 	if (macvalue('s', CurEnv) == NULL)
 		define('s', RealHostName, CurEnv);
 
@@ -1450,10 +1456,12 @@ main(argc, argv, envp)
 }
 
 
-void
-intindebug()
+SIGFUNC_DECL
+intindebug(sig)
+	int sig;
 {
 	longjmp(TopFrame, 1);
+	return SIGFUNC_RETURN;
 }
 
 
@@ -1528,8 +1536,9 @@ finis()
 **		Unlocks the current job.
 */
 
-void
-intsig()
+SIGFUNC_DECL
+intsig(sig)
+	int sig;
 {
 #ifdef LOG
 	if (LogLevel > 79)
@@ -1944,15 +1953,18 @@ dumpstate(when)
 }
 
 
-void
-sigusr1()
+SIGFUNC_DECL
+sigusr1(sig)
+	int sig;
 {
 	dumpstate("user signal");
+	return SIGFUNC_RETURN;
 }
 
 
-void
-sighup()
+SIGFUNC_DECL
+sighup(sig)
+	int sig;
 {
 	if (SaveArgv[0][0] != '/')
 	{
@@ -1984,6 +1996,31 @@ sighup()
 	exit(EX_OSFILE);
 }
 /*
+**  DROP_PRIVILEGES -- reduce privileges to those of the RunAsUser option
+**
+**	Parameters:
+**		none.
+**
+**	Returns:
+**		none.
+*/
+
+void
+drop_privileges()
+{
+#ifdef NGROUPS_MAX
+	/* reset group permissions; these can be set later */
+	GIDSET_T emptygidset[NGROUPS_MAX];
+
+	emptygidset[0] = RunAsGid == 0 ? getegid() : RunAsGid;
+	(void) setgroups(1, emptygidset);
+#endif
+	if (RunAsGid != 0)
+		(void) setgid(RunAsGid);
+	if (RunAsUid != 0)
+		(void) setuid(RunAsUid);
+}
+/*
 **  TESTMODELINE -- process a test mode input line
 **
 **	Parameters:
diff --git a/usr.sbin/sendmail/src/map.c b/usr.sbin/sendmail/src/map.c
index 1b0f086..3d40d62 100644
--- a/usr.sbin/sendmail/src/map.c
+++ b/usr.sbin/sendmail/src/map.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)map.c	8.146 (Berkeley) 11/24/96";
+static char sccsid[] = "@(#)map.c	8.147 (Berkeley) 1/17/97";
 #endif /* not lint */
 
 #include "sendmail.h"
@@ -1610,7 +1610,8 @@ nis_getcanonname(name, hbsize, statp)
 
 #ifdef NISPLUS
 
-#undef NIS /* symbol conflict in nis.h */
+#undef NIS		/* symbol conflict in nis.h */
+#undef T_UNSPEC		/* symbol conflict in nis.h -> ... -> sys/tiuser.h */
 #include <rpcsvc/nis.h>
 #include <rpcsvc/nislib.h>
 
diff --git a/usr.sbin/sendmail/src/mime.c b/usr.sbin/sendmail/src/mime.c
index bdb91a2..999c5ab 100644
--- a/usr.sbin/sendmail/src/mime.c
+++ b/usr.sbin/sendmail/src/mime.c
@@ -36,7 +36,7 @@
 # include <string.h>
 
 #ifndef lint
-static char sccsid[] = "@(#)mime.c	8.51 (Berkeley) 11/24/96";
+static char sccsid[] = "@(#)mime.c	8.54 (Berkeley) 1/14/97";
 #endif /* not lint */
 
 /*
@@ -958,10 +958,8 @@ mime7to8(mci, header, e)
 	register char *p;
 	char *cte;
 	char **pvp;
-	u_char *obp;
 	u_char *fbufp;
 	char buf[MAXLINE];
-	u_char obuf[MAXLINE + 1];
 	u_char fbuf[MAXLINE + 1];
 	char pvpbuf[MAXLINE];
 	extern u_char MimeTokenTab[256];
@@ -1045,9 +1043,10 @@ mime7to8(mci, header, e)
 			c2 = CHAR64(c2);
 
 			*fbufp = (c1 << 2) | ((c2 & 0x30) >> 4);
-			if (*fbufp++ == '\n' || fbuf >= &fbuf[MAXLINE])
+			if (*fbufp++ == '\n' || fbufp >= &fbuf[MAXLINE])
 			{
-				if (*--fbufp != '\n' || *--fbufp != '\r')
+				if (*--fbufp != '\n' ||
+				    (fbufp > fbuf && *--fbufp != '\r'))
 					fbufp++;
 				*fbufp = '\0';
 				putline((char *) fbuf, mci);
@@ -1057,9 +1056,10 @@ mime7to8(mci, header, e)
 				continue;
 			c3 = CHAR64(c3);
 			*fbufp = ((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2);
-			if (*fbufp++ == '\n' || fbuf >= &fbuf[MAXLINE])
+			if (*fbufp++ == '\n' || fbufp >= &fbuf[MAXLINE])
 			{
-				if (*--fbufp != '\n' || *--fbufp != '\r')
+				if (*--fbufp != '\n' ||
+				    (fbufp > fbuf && *--fbufp != '\r'))
 					fbufp++;
 				*fbufp = '\0';
 				putline((char *) fbuf, mci);
@@ -1069,36 +1069,38 @@ mime7to8(mci, header, e)
 				continue;
 			c4 = CHAR64(c4);
 			*fbufp = ((c3 & 0x03) << 6) | c4;
-			if (*fbufp++ == '\n' || fbuf >= &fbuf[MAXLINE])
+			if (*fbufp++ == '\n' || fbufp >= &fbuf[MAXLINE])
 			{
-				if (*--fbufp != '\n' || *--fbufp != '\r')
+				if (*--fbufp != '\n' ||
+				    (fbufp > fbuf && *--fbufp != '\r'))
 					fbufp++;
 				*fbufp = '\0';
 				putline((char *) fbuf, mci);
 				fbufp = fbuf;
 			}
 		}
-
-		/* force out partial last line */
-		if (fbufp > fbuf)
-		{
-			*fbufp = '\0';
-			putline((char *) fbuf, mci);
-		}
 	}
 	else
 	{
 		/* quoted-printable */
-		obp = obuf;
+		fbufp = fbuf;
 		while (fgets(buf, sizeof buf, e->e_dfp) != NULL)
 		{
-			if (mime_fromqp((u_char *) buf, &obp, 0, &obuf[MAXLINE] - obp) == 0)
+			if (mime_fromqp((u_char *) buf, &fbufp, 0,
+					&fbuf[MAXLINE] - fbufp) == 0)
 				continue;
 
-			putline((char *) obuf, mci);
-			obp = obuf;
+			putline((char *) fbuf, mci);
+			fbufp = fbuf;
 		}
 	}
+
+	/* force out partial last line */
+	if (fbufp > fbuf)
+	{
+		*fbufp = '\0';
+		putline((char *) fbuf, mci);
+	}
 	if (tTd(43, 3))
 		printf("\t\t\tmime7to8 => %s to 8bit done\n", cte);
 }
diff --git a/usr.sbin/sendmail/src/queue.c b/usr.sbin/sendmail/src/queue.c
index 5d00b9f..2afa73d 100644
--- a/usr.sbin/sendmail/src/queue.c
+++ b/usr.sbin/sendmail/src/queue.c
@@ -36,9 +36,9 @@
 
 #ifndef lint
 #if QUEUE
-static char sccsid[] = "@(#)queue.c	8.145 (Berkeley) 12/2/96 (with queueing)";
+static char sccsid[] = "@(#)queue.c	8.153 (Berkeley) 1/14/97 (with queueing)";
 #else
-static char sccsid[] = "@(#)queue.c	8.145 (Berkeley) 12/2/96 (without queueing)";
+static char sccsid[] = "@(#)queue.c	8.153 (Berkeley) 1/14/97 (without queueing)";
 #endif
 #endif /* not lint */
 
@@ -68,10 +68,6 @@ WORK	*WorkQ;			/* queue of things to be done */
 
 #define QF_VERSION	2	/* version number of this queue format */
 
-#if !defined(NGROUPS_MAX) && defined(NGROUPS)
-# define NGROUPS_MAX	NGROUPS	/* POSIX naming convention */
-#endif
-
 extern int orderq __P((bool));
 /*
 **  QUEUEUP -- queue a message up for future transmission.
@@ -553,6 +549,7 @@ runqueue(forkflag, verbose)
 	extern ENVELOPE BlankEnvelope;
 	extern void clrdaemon __P((void));
 	extern void runqueueevent __P((bool));
+	extern void drop_privileges __P((void));
 
 	/*
 	**  If no work will ever be selected, don't even bother reading
@@ -561,7 +558,7 @@ runqueue(forkflag, verbose)
 
 	CurrentLA = getla();	/* get load average */
 
-	if (shouldqueue(0L, curtime()))
+	if (CurrentLA >= QueueLA)
 	{
 		char *msg = "Skipping queue run -- load average too high";
 
@@ -583,9 +580,9 @@ runqueue(forkflag, verbose)
 	if (forkflag)
 	{
 		pid_t pid;
-		extern void intsig();
+		extern SIGFUNC_DECL intsig __P((int));
 #ifdef SIGCHLD
-		extern void reapchild();
+		extern SIGFUNC_DECL reapchild __P((int));
 
 		blocksignal(SIGCHLD);
 		(void) setsignal(SIGCHLD, reapchild);
@@ -633,7 +630,6 @@ runqueue(forkflag, verbose)
 		(void) setsignal(SIGCHLD, SIG_DFL);
 #endif /* SIGCHLD */
 		(void) setsignal(SIGHUP, intsig);
-		Verbose = FALSE;
 	}
 
 	setproctitle("running queue: %s", QueueDir);
@@ -657,12 +653,7 @@ runqueue(forkflag, verbose)
 
 	/* drop privileges */
 	if (geteuid() == (uid_t) 0)
-	{
-		if (RunAsGid != (gid_t) 0)
-			(void) setgid(RunAsGid);
-		if (RunAsUid != (uid_t) 0)
-			(void) setuid(RunAsUid);
-	}
+		drop_privileges();
 
 	/*
 	**  Create ourselves an envelope
@@ -672,6 +663,10 @@ runqueue(forkflag, verbose)
 	e = newenvelope(&QueueEnvelope, CurEnv);
 	e->e_flags = BlankEnvelope.e_flags;
 
+	/* make sure we have disconnected from parent */
+	if (forkflag)
+		disconnect(1, e);
+
 	/*
 	**  Make sure the alias database is open.
 	*/
@@ -1569,12 +1564,13 @@ readqf(e)
 		{
 		  case 'V':		/* queue file version number */
 			qfver = atoi(&bp[1]);
-			if (qfver > QF_VERSION)
-			{
-				syserr("Version number in qf (%d) greater than max (%d)",
-					qfver, QF_VERSION);
-			}
-			break;
+			if (qfver <= QF_VERSION)
+				break;
+			syserr("Version number in qf (%d) greater than max (%d)",
+				qfver, QF_VERSION);
+			fclose(qfp);
+			loseqfile(e, "unsupported qf file version");
+			return FALSE;
 
 		  case 'C':		/* specify controlling user */
 			ctladdr = setctluser(&bp[1], qfver);
@@ -1645,7 +1641,7 @@ readqf(e)
 			break;
 
 		  case 'S':		/* sender */
-			setsender(newstr(&bp[1]), e, NULL, TRUE);
+			setsender(newstr(&bp[1]), e, NULL, '\0', TRUE);
 			break;
 
 		  case 'B':		/* body type */
diff --git a/usr.sbin/sendmail/src/readcf.c b/usr.sbin/sendmail/src/readcf.c
index 58c4a3a..ca0100f 100644
--- a/usr.sbin/sendmail/src/readcf.c
+++ b/usr.sbin/sendmail/src/readcf.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)readcf.c	8.181 (Berkeley) 12/1/96";
+static char sccsid[] = "@(#)readcf.c	8.184 (Berkeley) 1/14/97";
 #endif /* not lint */
 
 # include "sendmail.h"
@@ -1482,6 +1482,14 @@ struct optioninfo
 	{ "SingleThreadDelivery",	O_SINGTHREAD,	FALSE	},
 #define O_RUNASUSER	0x9d
 	{ "RunAsUser",			O_RUNASUSER,	FALSE	},
+#ifdef _FFR_DSN_RRT
+#define O_DSN_RRT	0x9e
+	{ "RrtImpliesDsn",		O_DSN_RRT,	FALSE	},
+#endif
+#ifdef _FFR_PIDFILE_OPT
+#define O_PIDFILE	0x9f
+	{ "PidFile",			O_PIDFILE,	FALSE	},
+#endif
 
 	{ NULL,				'\0',		FALSE	}
 };
@@ -2264,6 +2272,19 @@ setoption(opt, val, safe, sticky, e)
 		}
 		break;
 
+#ifdef _FFR_DSN_RRT
+	  case O_DSN_RRT:
+		RrtImpliesDsn = atobool(p);
+		break;
+#endif
+
+#ifdef _FFR_PIDFILE_OPT
+	  case O_PIDFILE:
+		free(PidFile);
+		PidFile = newstr(p);
+		break;
+#endif
+
 	  default:
 		if (tTd(37, 1))
 		{
diff --git a/usr.sbin/sendmail/src/savemail.c b/usr.sbin/sendmail/src/savemail.c
index 4abad53..0d949f8 100644
--- a/usr.sbin/sendmail/src/savemail.c
+++ b/usr.sbin/sendmail/src/savemail.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)savemail.c	8.101 (Berkeley) 11/24/96";
+static char sccsid[] = "@(#)savemail.c	8.103 (Berkeley) 1/18/97";
 #endif /* not lint */
 
 # include "sendmail.h"
@@ -643,7 +643,7 @@ returntosender(msg, returnq, flags, e)
 	markstats(ee, NULLADDR);
 
 	/* actually deliver the error message */
-	sendall(ee, SM_DEFAULT);
+	sendall(ee, SM_DELIVER);
 
 	/* restore state */
 	dropenvelope(ee, TRUE);
@@ -1388,7 +1388,8 @@ xuntextify(t)
 **  XTEXTOK -- check if a string is legal xtext
 **
 **	Xtext is used in Delivery Status Notifications.  The spec was
-**	taken from draft-ietf-notary-mime-delivery-04.txt.
+**	taken from RFC 1891, ``SMTP Service Extension for Delivery
+**	Status Notifications''.
 **
 **	Parameters:
 **		s -- the string to check.
diff --git a/usr.sbin/sendmail/src/sendmail.8 b/usr.sbin/sendmail/src/sendmail.8
index f7c8750..81a4440 100644
--- a/usr.sbin/sendmail/src/sendmail.8
+++ b/usr.sbin/sendmail/src/sendmail.8
@@ -29,9 +29,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     @(#)sendmail.8	8.10 (Berkeley) 9/20/96
+.\"     @(#)sendmail.8	8.11 (Berkeley) 1/16/97
 .\"
-.Dd September 20, 1996
+.Dd January 16, 1997
 .Dt SENDMAIL 8
 .Os BSD 4
 .Sh NAME
@@ -293,7 +293,7 @@ be set when called by a network delivery agent such as
 .Nm rmail .
 .It Fl V Ar envid
 Set the original envelope id.
-This is propogated across SMTP to servers that support DSNs
+This is propagated across SMTP to servers that support DSNs
 and is returned in DSN-compliant error messages.
 .It Fl v
 Go into verbose mode.
diff --git a/usr.sbin/sendmail/src/sendmail.h b/usr.sbin/sendmail/src/sendmail.h
index 6aba9ab..9c0e3e2 100644
--- a/usr.sbin/sendmail/src/sendmail.h
+++ b/usr.sbin/sendmail/src/sendmail.h
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	@(#)sendmail.h	8.216 (Berkeley) 12/1/96
+ *	@(#)sendmail.h	8.219 (Berkeley) 1/14/97
  */
 
 /*
@@ -41,7 +41,7 @@
 # ifdef _DEFINE
 # define EXTERN
 # ifndef lint
-static char SmailSccsId[] =	"@(#)sendmail.h	8.216		12/1/96";
+static char SmailSccsId[] =	"@(#)sendmail.h	8.219		1/14/97";
 # endif
 # else /*  _DEFINE */
 # define EXTERN extern
@@ -1135,7 +1135,7 @@ EXTERN bool	HasWildcardMX;	/* don't use MX records when canonifying */
 EXTERN char	SpaceSub;	/* substitution for <lwsp> */
 EXTERN int	PrivacyFlags;	/* privacy flags */
 EXTERN char	*ConfFile;	/* location of configuration file [conf.c] */
-extern char	*PidFile;	/* location of proc id file [conf.c] */
+EXTERN char	*PidFile;	/* location of proc id file [conf.c] */
 extern ADDRESS	NullAddress;	/* a null (template) address [main.c] */
 EXTERN long	WkClassFact;	/* multiplier for message class -> priority */
 EXTERN long	WkRecipFact;	/* multiplier for # of recipients -> priority */
@@ -1165,6 +1165,9 @@ EXTERN bool	AllowBogusHELO;	/* allow syntax errors on HELO command */
 EXTERN bool	UserSubmission;	/* initial (user) mail submission */
 EXTERN uid_t	RunAsUid;	/* UID to become for bulk of run */
 EXTERN gid_t	RunAsGid;	/* GID to become for bulk of run */
+#ifdef _FFR_DSN_RRT
+EXTERN bool	RrtImpliesDsn;	/* turn Return-Receipt-To: into DSN */
+#endif
 EXTERN bool	IgnoreHostStatus;	/* ignore long term host status files */
 EXTERN bool	SingleThreadDelivery;	/* single thread hosts on delivery */
 EXTERN bool	UnsafeGroupWrites;	/* group-writable files are unsafe */
@@ -1291,7 +1294,7 @@ extern void	makelower __P((char *));
 extern void	rebuildaliases __P((MAP *, bool));
 extern void	readaliases __P((MAP *, FILE *, bool, bool));
 extern void	finis __P(());
-extern void	setsender __P((char *, ENVELOPE *, char **, bool));
+extern void	setsender __P((char *, ENVELOPE *, char **, int, bool));
 extern FILE	*safefopen __P((char *, int, int, int));
 extern void	xputs __P((const char *));
 extern void	logsender __P((ENVELOPE *, char *));
diff --git a/usr.sbin/sendmail/src/srvrsmtp.c b/usr.sbin/sendmail/src/srvrsmtp.c
index 895cce5..83bd463 100644
--- a/usr.sbin/sendmail/src/srvrsmtp.c
+++ b/usr.sbin/sendmail/src/srvrsmtp.c
@@ -36,9 +36,9 @@
 
 #ifndef lint
 #if SMTP
-static char sccsid[] = "@(#)srvrsmtp.c	8.131 (Berkeley) 12/1/96 (with SMTP)";
+static char sccsid[] = "@(#)srvrsmtp.c	8.136 (Berkeley) 1/17/97 (with SMTP)";
 #else
-static char sccsid[] = "@(#)srvrsmtp.c	8.131 (Berkeley) 12/1/96 (without SMTP)";
+static char sccsid[] = "@(#)srvrsmtp.c	8.136 (Berkeley) 1/17/97 (without SMTP)";
 #endif
 #endif /* not lint */
 
@@ -121,7 +121,11 @@ char	*CurSmtpClient;			/* who's at the other end of channel */
 static char	*skipword();
 
 
-#define MAXBADCOMMANDS	25		/* maximum number of bad commands */
+#define MAXBADCOMMANDS	25	/* maximum number of bad commands */
+#define MAXNOOPCOMMANDS	20	/* max "noise" commands before slowdown */
+#define MAXHELOCOMMANDS	3	/* max HELO/EHLO commands before slowdown */
+#define MAXVRFYCOMMANDS	6	/* max VRFY/EXPN commands before slowdown */
+#define MAXETRNCOMMANDS	8	/* max ETRN commands before slowdown */
 
 void
 smtp(nullserver, e)
@@ -146,6 +150,8 @@ smtp(nullserver, e)
 	volatile int badcommands = 0;	/* count of bad commands */
 	volatile int nverifies = 0;	/* count of VRFY/EXPN commands */
 	volatile int n_etrn = 0;	/* count of ETRN commands */
+	volatile int n_noop = 0;	/* count of NOOP/VERB/ONEX etc cmds */
+	volatile int n_helo = 0;	/* count of HELO/EHLO commands */
 	bool ok;
 	char inp[MAXLINE];
 	char cmdbuf[MAXLINE];
@@ -154,6 +160,7 @@ smtp(nullserver, e)
 	extern void settime __P((ENVELOPE *));
 	extern bool enoughdiskspace __P((long));
 	extern int runinchild __P((char *, ENVELOPE *));
+	extern void checksmtpattack __P((volatile int *, int, char *));
 
 	if (fileno(OutChannel) != fileno(stdout))
 	{
@@ -303,10 +310,23 @@ smtp(nullserver, e)
 		**	to everything.
 		*/
 
-		if (nullserver && c->cmdcode != CMDQUIT)
+		if (nullserver)
 		{
-			message("550 Access denied");
-			continue;
+			switch (c->cmdcode)
+			{
+			  case CMDQUIT:
+			  case CMDHELO:
+			  case CMDEHLO:
+			  case CMDNOOP:
+				/* process normally */
+				break;
+
+			  default:
+				if (++badcommands > MAXBADCOMMANDS)
+					sleep(1);
+				message("550 Access denied");
+				continue;
+			}
 		}
 
 		/* non-null server */
@@ -325,6 +345,17 @@ smtp(nullserver, e)
 				SmtpPhase = "server HELO";
 			}
 
+			/* avoid denial-of-service */
+			checksmtpattack(&n_helo, MAXHELOCOMMANDS, "HELO/EHLO");
+
+			/* check for duplicate HELO/EHLO per RFC 1651 4.2 */
+			if (gothello)
+			{
+				message("503 %s Duplicate HELO/EHLO",
+					MyHostName);
+				break;
+			}
+
 			/* check for valid domain name (re 1123 5.2.5) */
 			if (*p == '\0' && !AllowBogusHELO)
 			{
@@ -355,20 +386,15 @@ smtp(nullserver, e)
 					if (!AllowBogusHELO)
 						message("501 Invalid domain name");
 					else
+					{
 						message("250 %s Invalid domain name, accepting anyway",
 							MyHostName);
+						gothello = TRUE;
+					}
 					break;
 				}
 			}
 
-			/* check for duplicate HELO/EHLO per RFC 1651 4.2 */
-			if (gothello)
-			{
-				message("503 %s Duplicate HELO/EHLO",
-					MyHostName);
-				break;
-			}
-
 			sendinghost = newstr(p);
 			gothello = TRUE;
 			if (c->cmdcode != CMDEHLO)
@@ -484,7 +510,7 @@ smtp(nullserver, e)
 
 			/* must parse sender first */
 			delimptr = NULL;
-			setsender(p, e, &delimptr, FALSE);
+			setsender(p, e, &delimptr, ' ', FALSE);
 			if (delimptr != NULL && *delimptr != '\0')
 				*delimptr++ = '\0';
 
@@ -775,18 +801,8 @@ smtp(nullserver, e)
 
 		  case CMDVRFY:		/* vrfy -- verify address */
 		  case CMDEXPN:		/* expn -- expand address */
-			if (++nverifies >= MAXBADCOMMANDS)
-			{
-#ifdef LOG
-				if (nverifies == MAXBADCOMMANDS &&
-				    LogLevel > 5)
-				{
-					syslog(LOG_INFO, "%.100s: VRFY attack?",
-					       CurSmtpClient);
-				}
-#endif
-				sleep(1);
-			}
+			checksmtpattack(&nverifies, MAXVRFYCOMMANDS,
+				c->cmdcode == CMDVRFY ? "VRFY" : "EXPN");
 			vrfy = c->cmdcode == CMDVRFY;
 			if (bitset(vrfy ? PRIV_NOVRFY : PRIV_NOEXPN,
 						PrivacyFlags))
@@ -867,8 +883,8 @@ smtp(nullserver, e)
 			}
 
 			/* crude way to avoid denial-of-service attacks */
-			if (n_etrn++ >= 3)
-				sleep(3);
+			checksmtpattack(&n_etrn, MAXETRNCOMMANDS, "ETRN");
+
 			id = p;
 			if (*id == '@')
 				id++;
@@ -892,6 +908,7 @@ smtp(nullserver, e)
 			break;
 
 		  case CMDNOOP:		/* noop -- do nothing */
+			checksmtpattack(&n_noop, MAXNOOPCOMMANDS, "NOOP");
 			message("250 OK");
 			break;
 
@@ -916,17 +933,20 @@ doquit:
 				message("502 Verbose unavailable");
 				break;
 			}
+			checksmtpattack(&n_noop, MAXNOOPCOMMANDS, "VERB");
 			Verbose = TRUE;
 			e->e_sendmode = SM_DELIVER;
 			message("250 Verbose mode");
 			break;
 
 		  case CMDONEX:		/* doing one transaction only */
+			checksmtpattack(&n_noop, MAXNOOPCOMMANDS, "ONEX");
 			OneXact = TRUE;
 			message("250 Only one transaction");
 			break;
 
 		  case CMDXUSR:		/* initial (user) submission */
+			checksmtpattack(&n_noop, MAXNOOPCOMMANDS, "XUSR");
 			UserSubmission = TRUE;
 			message("250 Initial submission");
 			break;
@@ -976,6 +996,40 @@ doquit:
 	}
 }
 /*
+**  CHECKSMTPATTACK -- check for denial-of-service attack by repetition
+**
+**	Parameters:
+**		pcounter -- pointer to a counter for this command.
+**		maxcount -- maximum value for this counter before we
+**			slow down.
+**		cname -- command name for logging.
+**
+**	Returns:
+**		none.
+**
+**	Side Effects:
+**		Slows down if we seem to be under attack.
+*/
+
+void
+checksmtpattack(pcounter, maxcount, cname)
+	volatile int *pcounter;
+	int maxcount;
+	char *cname;
+{
+	if (++(*pcounter) >= maxcount)
+	{
+#ifdef LOG
+		if (*pcounter == maxcount && LogLevel > 5)
+		{
+			syslog(LOG_INFO, "%.100s: %.40s attack?",
+			       CurSmtpClient, cname);
+		}
+#endif
+		sleep(*pcounter / maxcount);
+	}
+}
+/*
 **  SKIPWORD -- skip a fixed word.
 **
 **	Parameters:
diff --git a/usr.sbin/sendmail/src/udb.c b/usr.sbin/sendmail/src/udb.c
index 8c34c23..bb54ee8 100644
--- a/usr.sbin/sendmail/src/udb.c
+++ b/usr.sbin/sendmail/src/udb.c
@@ -36,9 +36,9 @@
 
 #ifndef lint
 #if USERDB
-static char sccsid [] = "@(#)udb.c	8.46 (Berkeley) 12/1/96 (with USERDB)";
+static char sccsid [] = "@(#)udb.c	8.47 (Berkeley) 12/6/96 (with USERDB)";
 #else
-static char sccsid [] = "@(#)udb.c	8.46 (Berkeley) 12/1/96 (without USERDB)";
+static char sccsid [] = "@(#)udb.c	8.47 (Berkeley) 12/6/96 (without USERDB)";
 #endif
 #endif
 
@@ -275,7 +275,7 @@ udbexpand(a, sendq, aliaslevel, e)
 					userleft--;
 				}
 				bcopy(info.data, p, info.size);
-				user[info.size] = '\0';
+				p[info.size] = '\0';
 				userleft -= info.size;
 
 				/* get the next record */
diff --git a/usr.sbin/sendmail/src/usersmtp.c b/usr.sbin/sendmail/src/usersmtp.c
index 7bd976b..d98841a 100644
--- a/usr.sbin/sendmail/src/usersmtp.c
+++ b/usr.sbin/sendmail/src/usersmtp.c
@@ -36,9 +36,9 @@
 
 #ifndef lint
 #if SMTP
-static char sccsid[] = "@(#)usersmtp.c	8.79 (Berkeley) 12/1/96 (with SMTP)";
+static char sccsid[] = "@(#)usersmtp.c	8.80 (Berkeley) 1/18/97 (with SMTP)";
 #else
-static char sccsid[] = "@(#)usersmtp.c	8.79 (Berkeley) 12/1/96 (without SMTP)";
+static char sccsid[] = "@(#)usersmtp.c	8.80 (Berkeley) 1/18/97 (without SMTP)";
 #endif
 #endif /* not lint */
 
@@ -493,6 +493,12 @@ smtpmailfrom(m, mci, e)
 		smtpquit(m, mci, e);
 		return EX_TEMPFAIL;
 	}
+	else if (r == 452 && bitset(MCIF_SIZE, mci->mci_flags) &&
+		 e->e_msgsize > 0)
+	{
+		mci_setstat(mci, EX_NOTSTICKY, smtptodsn(r), SmtpReplyBuffer);
+		return EX_TEMPFAIL;
+	}
 	else if (REPLYTYPE(r) == 4)
 	{
 		mci_setstat(mci, EX_TEMPFAIL, smtptodsn(r), SmtpReplyBuffer);
@@ -684,6 +690,7 @@ smtpdata(m, mci, e)
 	register int r;
 	register EVENT *ev;
 	int rstat;
+	int xstat;
 	time_t timeout;
 
 	/*
@@ -790,17 +797,22 @@ smtpdata(m, mci, e)
 		return EX_TEMPFAIL;
 	}
 	mci->mci_state = MCIS_OPEN;
-	if (REPLYTYPE(r) == 4)
+	xstat = EX_NOTSTICKY;
+	if (r == 452)
 		rstat = EX_TEMPFAIL;
+	else if (r == 552)
+		rstat = EX_UNAVAILABLE;
+	else if (REPLYTYPE(r) == 4)
+		rstat = xstat = EX_TEMPFAIL;
 	else if (REPLYCLASS(r) != 5)
-		rstat = EX_PROTOCOL;
+		rstat = xstat = EX_PROTOCOL;
 	else if (REPLYTYPE(r) == 2)
-		rstat = EX_OK;
+		rstat = xstat = EX_OK;
 	else if (REPLYTYPE(r) == 5)
-		rstat = EX_UNAVAILABLE;
+		rstat = xstat = EX_UNAVAILABLE;
 	else
 		rstat = EX_PROTOCOL;
-	mci_setstat(mci, rstat, smtptodsn(r), SmtpReplyBuffer);
+	mci_setstat(mci, xstat, smtptodsn(r), SmtpReplyBuffer);
 	if (e->e_statmsg != NULL)
 		free(e->e_statmsg);
 	e->e_statmsg = newstr(&SmtpReplyBuffer[4]);
diff --git a/usr.sbin/sendmail/src/util.c b/usr.sbin/sendmail/src/util.c
index eae587ba..dbe7655 100644
--- a/usr.sbin/sendmail/src/util.c
+++ b/usr.sbin/sendmail/src/util.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)util.c	8.113 (Berkeley) 11/24/96";
+static char sccsid[] = "@(#)util.c	8.115 (Berkeley) 1/5/97";
 #endif /* not lint */
 
 # include "sendmail.h"
@@ -313,7 +313,7 @@ xputs(s)
 			{
 				if (bitset(0200, *s))
 					printf("{%s}", macname(*s++ & 0377));
-				else
+				else if (*s != '\0')
 					printf("%c", *s++);
 			}
 			if (mp->metaname != '\0')
@@ -670,7 +670,9 @@ safefile(fn, uid, gid, uname, flags, mode, st)
 		return EPERM;
 	}
 
-	if (uid == 0 && !bitset(SFF_ROOTOK, flags))
+	if (uid == 0 && bitset(SFF_OPENASROOT, flags))
+		;
+	else if (uid == 0 && !bitset(SFF_ROOTOK, flags))
 		mode >>= 6;
 	else if (st->st_uid != uid)
 	{
diff --git a/usr.sbin/sendmail/src/version.c b/usr.sbin/sendmail/src/version.c
index 617e11a..a6b4f16 100644
--- a/usr.sbin/sendmail/src/version.c
+++ b/usr.sbin/sendmail/src/version.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)version.c	8.8.4.4 (Berkeley) 12/2/96";
+static char sccsid[] = "@(#)version.c	8.8.5.3 (Berkeley) 1/21/97";
 #endif /* not lint */
 
-char	Version[] = "8.8.4";
+char	Version[] = "8.8.5";