Eric Allman's posting about sendmail 8.8

Last Update 28.07.1996
From: eric@InReference.COM (Eric Allman)
Newsgroups: comp.mail.sendmail
Subject: Re: sendmail 8.8
Date: 26 Jul 1996 11:55:22 -0700
Organization: InReference, Inc.
Sender: eric@knecht.Oxford.Reference.COM
Message-ID: <4tb4aq$npl@knecht.Oxford.Reference.COM>

In article <>, Roger Southwick <> writes:
|> |> Robert Yoder wrote:
|> > Well, I'm looking at the brochure for Lisa96, (Sep 29 - Oct 4),...
|> And if Eric's true to form, he'll release 8.8 the day before he flys to Chicago... :-)
|> That's what he did with 8.7, released it just before Lisa 95 in Monterey.

Actually, it is my hope to have sendmail 8.8 out somewhat before that,
but a lot depends on the rest of my life (read: job).  My hope is to
have Beta release out in a few weeks.

The original hope was to have the second edition edition of the O'Reilly
sendmail "bat" book out for LISA.  Bryan Costales and I discussed that
with the O'Reilly folks, and determined that in order to make that date
we would have to release it with no copy editing at all.  We agreed that
that was unacceptable, so although we will have a laser-printed draft
for people to look over, the book won't actually hit the printers until
(we are guessing) about a month later.  That's assuming I can get enough
time to read the second draft, which Bryan is finishing up now, and will
stop making changes in 8.8 so that he can freeze the text.

Unfortunately, the necessity to earn a living has taken precedence over
working full time on sendmail -- and there's easily enough things I would
like to do to make it into a full-time job.  That has, unfortunately,
also precluded me from reading comp.mail.sendmail.  I'm in here today
because I just came back from the USENIX Security conference, where
several people told me that there was a "lively debate" going on
about 8.8.  (Lively, perhaps, but I only found this one message.)

I've attached the current 8.8 RELEASE_NOTES to whet your appetites.
There are no guarantees that I won't add (or even delete) features
between now and release time.  In particular, there is one major new
feature that has some problems that may be serious enough to cause me
to pull it out until 8.9.  I'm not saying which one because I don't
want to appear to be yanking the chain of the person who made the
contribution.  There's another significant feature I would like to
add if at all possible.



8.8/8.8		96/08/xx
	Under some circumstances, Bcc: headers would not be properly
		deleted.  Pointed out by Jonathan Kamens of OpenVision.
	Log a warning if the sendmail daemon is invoked without a full
		pathname, which prevents "kill -1" from working.  I was
		urged to put this in by Andrey A. Chernov of DEMOS (Russia).
	Fix small buffer overflow.  Since the data in this buffer was not
		read externally, there was no security problem (and in fact
		probably wouldn't really overflow on most compilers).  Pointed
		out by KIZU takashi of Osaka University.
	Fix problem causing domain literals such as [] to be ignored
		if a FallbackMXHost was specified in the configuration file
		-- all mail would be sent to the fallback even if the original
		host was accessible.  Pointed out by Munenari Hirayama of
		NSC (Japan).
	A message that didn't terminate with a newline would (sometimes) not
		have the trailing "." added properly in the SMTP dialogue,
		causing SMTP to hang.  Patch from Per Hedeland of Ericsson.
	The DaemonPortOptions suboption to bind to a particular address was
		incorrect and nonfunctional due to a misunderstanding of the
		semantics of binding on a passive socket.  Patch from
		NIIBE Yutaka of Mitsubishi Research Institute.
	Increase the number of MX hosts for a single name to 100 to better
		handle the truly huge service providers such as AOL, which
		has 13 at the moment (and climbing).  In order to avoid
		trashing memory, the buffer for all names has only been
		slightly increased in size, to 12.8K from 10.2K -- this means
		that if a single name had 100 MX records, the average size
		of those records could not exceed 128 bytes.  Requested by
		Brad Knowles of America On Line.
	Restore use of IDENT returns where the OSTYPE field equals "OTHER".
		Urged by Dan Bernstein of U.C. Berkeley.
	Print q_statdate and q_specificity in address structure debugging
	Expand MCI structure flag bits for debugging output.
	Support IPv6-style domain literals, which can have colons between
		square braces.
	Log open file descriptors for the "cannot dup" messages in deliver();
		this is an attempt to track down a bug that one person seems
		to be having (it may be a Solaris bug!).
	DSN NOTIFY parameters were not properly propogated across queue runs;
		this caused the NOTIFY info to sometimes be lost.  Problem
		pointed out by Claus Assmann of the
		Christian-Albrechts-University of Kiel.
	The statistics gathered in the file were too high; in
		some cases failures (e.g., user unknown or temporary failure)
		would count as a delivery as far as the statistics were
		concerned.  Problem noted by Tom Moore of AT&T GIS.
	Systems that don't have flock() would not send split envelopes in
		the initial run.  Problem pointed out by Leonard Zubkoff of
		Dandelion Digital.
	Move buffer overflow checking -- these primarily involve distrusting
		results that may come from NIS and DNS.
	4.4-BSD-derived systems, including FreeBSD, NetBSD, and BSD/OS didn't
		include <paths.h> and hence had the wrong pathnames for a few
		things like /var/tmp.  Reported by Matthew Green.
	Conditions were reversed for the Priority: header, resulting in all
		values being interpreted as non-urgent except for non-urgent,
		which was interpreted as normal.  Patch from Bryan Costales.
	The -o (optional) flag was being ignored on hash and btree maps
		since 8.7.2.  Fix from Bryan Costales.
	Content-Types listed in class "q" will always be encoded as
		Quoted-Printable (or more accurately, will never be encoded
		as base64).  The class can have primary types (e.g., "text")
		or full types (e.g., "text/plain").  Class "q" is
		preinitialized to have "text/plain" only.  Based on a
		suggestion by Marius Olafsson of the University of Iceland.
	Define ${envid} to be the original envelope id (from the ESMTP DSN
		dialogue) so it can be passed to programs in mailers.
	Define ${bodytype} to be the body type (from the -B flag or the
		BODY= ESMTP parameter) so it can be passed to programs in
	Cause the VRFY command to return 252 instead of 250 unless the F=q
		flag is set in the mailer descriptor.  Suggested by John
		Myers of CMU.
	Implement ESMTP ETRN command to flush the queue for a specific host.
		The command takes a host name; data for that host is
		immediately (and asynchronously) flushed.  Because this shares
		the -qR implementation, other hosts may be attempted, but
		there should be no security implications.  Implementation
		from John Beck of Pangaea Reference Systems.  See internet
		draft draft-dewinter-queue-start-01.txt for details.
	Add three new command line flags to pass in DSN parameters: -V envid
		(equivalent to ENVID=envid on the MAIL command), -R ret
		(equivalent to RET=ret on the MAIL command), and -Nnotify
		(equivalent to NOTIFY=notify on the RCPT command).  Note
		that the -N flag applies to all recipients; there is no way
		to specify per-address notifications on the command line,
		nor is there an equivalent for the ORCPT= per-address
	Restore LogLevel option to be safe (it can only be increased);
		apparently I went into paranoid mode between 8.6 and 8.7
		and made it unsafe.  Pointed out by Dabe Murphy of the
		University of Maryland.
	New logging on log level 15:  all SMTP traffic.  Patches from
		Andrew Gross of San Diego Supercomputer Center.
	NetInfo property value searching code wasn't stopping when it found
		a match.  This was causing the wrong values to be found (and
		had a memory leak).  Found by Bastian Schleuter of TU-Berlin.
	Add new F=0 (zero) mailer flag to turn off MX lookups.  It was pointed
		out by Bill Wisner of Electronics for Imaging that you can't
		use the bracket address form for the MAIL_HUB macro, since
		that causes the brackets to remain in the envelope recipient
		address used for delivery.  The simple fix (stripping off the
		brackets in the config file) breaks the use of IP literal
		addresses.  This flag will solve that problem.
	Add MustQuoteChars option.  This is a list of characters that must
		be quoted if they are found in the phrase part of an address
		(that is, the full name part).  The characters @,;:\()[] are
		always in this list and cannot be removed.  The default is
		this list plus . and ' to match RFC 822.
	Add AllowBogusHELO option; if set, sendmail will allow HELO commands
		that do not include a host name for back compatibility with
		some stupid SMTP clients.  Setting this violates RFC 1123
		section 5.2.5.
	Add MaxDaemonChildren option; if this is set, sendmail will start
		rejecting connections if it has more than this many
		outstanding children accepting mail.  Note that you may
		see more processes than this because of outgoing mail; this
		is for incoming connections only.
	Add ConnectionRateThrottle option.  If set to a positive value, the
		number of incoming SMTP connections that will be permitted
		in a single second is limited to this number.  Connections are
		not refused during this time, just deferred.  The intent is to
		flatten out demand so that load average limiting can kick in.
		It is less radical than MaxDaemonChildren, which will stop
		accepting connections even if all the connections are idle
		(e.g., due to connection caching).
	Add ConnectionInfoTimeout option.  This interval (defaulting to 30m)
		specifies how long cached information about the state of a
		host will be kept within a single queue run.  It is useful
		only for hosts that have large queues that take a very long
		time to run.  If a queue run finishes faster than this option
		it will do nothing; queue runs taking longer than this timeout
		will give the host another try after this interval.
	Add SingleLineFromHeader option.  If set, From: headers are coerced
		into being a single line even if they had newlines in them
		when read.  This is to get around a botch in Lotus Notes.
	Text class maps were totally broken -- if you ever retrieved the last
		item in a table it would be truncated.  Problem noted by
		Gregory Neil Shapiro of WPI.
	Extend the lines printed by the mailq command (== the -bp flag) when
		-v is given to 120 characters; this allows more information
		to be displayed.  Suggested by Gregory Neil Shapiro of WPI.
	Allow macro definitions (`D' lines) with unquoted commas; previously
		this was treated as end-of-input.  Problem noted by Bryan
	The RET= envelope parameter (used for DSNs) wasn't properly written
		to the queue file.  Fix from John Hughes of Atlantic
		Technologies, Inc.
	Close /var/tmp/dead.letter after a successful write -- otherwise
		if this happens in a queue run it can cause nasty delays.
		Problem noted by Mark Horton of AT&T.
	If userdb entries pointed to userdb entries, and there were multiple
		values for a given key, the database cursor would get
		trashed by the recursive call.  Problem noted by Roy Mongiovi
		of Georgia Tech.  Fixed by reading all the values and creating
		a comma-separated list; thus, the -v output will be somewhat
		different for this case.
	Fix buffer allocation problem with Hesiod-based userdb maps when
		HES_GETMAILHOST is defined.  Based on a patch by Betty Lee
		of Stanford University.
	When envelopes were split due to aliases with owner- aliases, and
		there was some error on one of the lists, more than one of
		the owners would get the message.  Problem pointed out by
		Roy Mongiovi of Georgia Tech.
	Detect excessive recursion in macro expansions, e.g., $X defined
		in terms of $Y which is defined in terms of $X.  Problem
		noted by Bryan Costales; patch from Eric Wassenaar.
	When using F=U to get "ugly UUCP" From_ lines, a buffer could in
		some cases get trashed causing bogus From_ lines.  Fix from
		Kyle Jones of UUNET.
	When doing load average initialization, if the nlist call for avenrun
		failed, the second and subsequent lookups wouldn't notice
		that fact causing bogus load averages to be returned.  Noted
		by Casper Dik of Sun Holland.
	Fix problem with incompatibility with some versions of inet_aton that
		have changed the return value to unsigned, so a check for an
		error return of -1 doesn't work.  Use INADDR_NONE instead.
		This could cause mail to addresses such as [] to bounce
		or get dropped.  Problem noted by Christophe Wolfhugel of the
		Pasteur Institute.
	DSNs were inconsistent if a failure occured during the DATA phase
		rather than the RCPT phase: the Action: would be correct, but
		the detailed status information would be wrong.  Problem noted
		by Bob Snyder of General Electric Company.
	Add -U command line flag, XUSR ESMTP extension, and UserSubmission
		option, all indicating that this is the initial MUA->MTA
		submission.  The flag current does nothing, but in future
		releases (when MUAs start using these flags) it will probably
		turn on things like DNS canonification.
	Default end-of-line string (E= specification on mailer [M] lines)
		to \r\n on SMTP mailers.  Default remains \n on non-SMTP
	Change the internal definition for the *file* and *include* mailers
		to have $u in the argument vectors so that they aren't
		misinterpreted as SMTP mailers and thus use \r\n line
		termination.  This will affect anyone who has redefined
		either of these in their configuration file.
	Don't assume that IDENT servers close the connection after a query;
		responses can be newline terminated.  From Terry Kennedy of
		St. Peter's College.
	Avoid core dumps on erroneous configuration files that have
		$#mailer with nothing following.  From Bryan Costales.
	Avoid null pointer dereference with high debug values in unlockqueue.
		Fix from Randy Martin of Clemson University.
	Fix possible buffer overrun when expanding very large macros.  Fix
		from Kyle Jones of UUNET.
	After 25 EXPN or VRFY commands, start pausing for a second before
		processing each one.  This avoids a certain form of denial
		of service attack.  Potential attack pointed out by Bryan
	Allow new named (not numbered!) config file rules to do validity
		checking on SMTP arguments: check_mail for MAIL commands and
		check_rcpt for RCPT commands.  These rulesets can do anything
		they want; their result is ignored unless they resolve to the
		$#error mailer, in which case the indicated message is printed
		and the command is rejected.  Similarly, the check_compat
		ruleset is called before delivery with "from_addr $| to_addr"
		(the $| is a meta-symbol used to separate the two addresses);
		it can give a "this sender can't send to this recipient"
		notification.  Note that this patch allows $| to stand alone
		in rulesets.
	Allow IDA-style recursive function calls.  Code contributed by Mark
		Lovell and Paul Vixie.
	Eliminate the "No ! in UUCP From address!" message" -- instead, create
		a virtual UUCP address using either a domain address or the $k
		macro.  Based on code contributed by Mark Lovell and Paul
	Add Stanford LDAP map.  Requires special libraries that are not
		included with sendmail.  Contributed by Booker C. Bense
		<>; contact him for support.
		See also the src/READ_ME file.
	Allow -dANSI to turn on ANSI escape sequences in debug output; this
		puts metasymbols (e.g., $+) in reverse video.  Really useful
		only for debugging deep bits of code where it is important to
		distinguish between the single-character metasymbol $+ and the
		two characters $, +.
	Changed ruleset 89 (executed in dumpstate()) to a named ruleset,
	Add new UnsafeGroupWrites option; if set, .forward and :include:
		files that are group writable are considered "unsafe" -- that
		is, programs and files referenced from such files are not
		valid recipients.
	Delete bogosity test for FallBackMX host; this prevented it to be a
		name that was not in DNS or was a domain-literal.  Problem
		noted by Tom May.
	Change the introduction to error messages to more clearly delineate
		permanent from temporary failures; if both existed in a
		single message it could be confusing.  Suggested by John
		Beck of InReference, Inc.
	The IngoreDot (i) option didn't work for lines that were terminated
		with CRLF.  Problem noted by Ted Stockwell of Secure
		Computing Corporation.
	Add a heuristic to improve the handling of unbalanced `<' signs in
		message headers.  Problem reported by Matt Dillon of Best
		Internet Communications.
	Check for bogus characters in the 0200-0237 range; since these are
		used internally, very strange errors can occur if those
		characters appear in headers.  Problem noted by Anders Gertz
		of Lysator.
	Implement 7 -> 8 bit MIME conversions.  This only takes place if the
		recipient mailer has the F=9 flag set, and only works on
		text/plain body types.  Code contributed by Marius Olafsson
		of the University of Iceland.
	Special case "postmaster" name so that it is always treated as lower
		case in alias files regardless of configuration settings;
		this prevents some potential problems where "Postmaster" or
		"POSTMASTER" might not match "postmaster".  In most cases
		this change is a no-op.
	The -o map flag was ignored for text maps.  Problem noted by Bryan
	The -a map flag was ignored for dequote maps.  Problem noted by
		Bryan Costales.
	Fix core dump when a lookup of a class "prog" map returns no
		response.  Patch from Bryan Costales.
	Log instances where sendmail is deferring or rejecting connections
		on LogLevel 14.  Suggested by Kyle Jones of UUNET.
	Include port number in process title for network daemons.  Suggested
		by Kyle Jones of UUNET.
	Send ``double bounces'' (errors that occur when sending an error
		message) to the address indicated in the DoubleBounceAddress
		option (default: postmaster).  Previously they were always
		sent to postmaster.  Suggested by Kyle Jones of UUNET.
	Add new mode, -bD, that acts like -bd in all respects except that
		it runs in foreground.  This is useful for using with a
		wrapper that "watches" system services.  Suggested by Kyle
		Jones of UUNET.
	Fix botch in spacing around (parenthesized) comments in addresses
		when the comment comes before the address.  Patch from
		Motonori Nakamura of Kyoto University.
	Use the prefix "Postmaster notify" on the Subject: lines of messages
		that are being bounced to postmaster, rather than "Returned
		mail".  This permits the person who is postmaster more
		easily determine what messages are to their role as
		postmaster versus bounces to mail they actually sent.  Based
		on a suggestion by Motonori Nakamura.
	Add new value "time" for QueueSortOrder option; this causes the queue
		to be sorted strictly by the time of submission.  Note that
		this can cause very bad behaviour over slow lines (because
		large jobs will tend to delay small jobs) and on nodes with
		heavy traffic (because old things in the queue for hosts that
		are down delay processing of new jobs).  Also, this does not
		guarantee that jobs will be delivered in submission order
		unless you also set DeliveryMode=queue.  In general, it should
		probably only be used on the command line, and only in
		conjunction with -qRhost.domain.  In fact, there are very few
		cases where it should be used at all.  Based on an
		implementation by Motonori Nakamura.
	If a map lookup in ruleset 5 returns tempfail, queue the message in
		the same manner as other rulesets.  Previously a temporary
		failure in ruleset 5 was ignored.  Patch from Booker Bense
		of Stanford University.
	Don't proceed to the next MX host if an SMTP MAIL command returns a
		5yz (permanent failure) code.  The next MX host will still be
		tried if the connection cannot be opened in the first place
		or if the MAIL command returns a 4yz (temporary failure) code.
		(It's hard to know what to do here, since neither RFC 974 nor
		RFC 1123 specify when to proceed to the next MX host.)
		Suggested by Jonathan Kamens of OpenVision, Inc.
	Add new "-t" flag for map definitions (the "K" line in the .cf file).
		This causes map lookups that get a temporary failure (e.g.,
		name server failure) to _not_ defer the delivery of the
		message.  This should only be used if your configuration file
		is prepared to do something sensible in this case.  Based on
		an idea by Gregory Shapiro of WPI.
	Fix problem finding network interface addresses.  Patch from
		Motonori Nakamura.
	Don't reject qf entries that are not owned by your effective uid if
		you are not running setuid; this makes management of certain
		kinds of firewall setups difficult.  Patch suggested by
		Eamonn Coleman of Qualcomm.
	Add persistent host status.  This keeps the information normally
		maintained within a single queue run in disk files that are
		shared between sendmail instances.  The HostStatusDirectory
		is the directory in which the information is maintained.  If
		not set, persistent host status is turned off.  If not a full
		pathname, it is relative to the queue directory.  A common
		value is ".hoststat".
		There are also two new operation modes:
		  * -bh prints the status of hosts that have had recent
		  * -bH purges the host statuses.  No attempt is made to save
		    recent status information.
		This feature was originally written by Paul Vixie of Vixie
		Enterprises for KJS and adapted for V8 by Mark Lovell of
		Bigrock Consulting.  Paul's funding of Mark and Mark's patience
		with my insistence that things fit cleanly into the V8
		framework is gratefully appreciated.
	New SingleThreadDelivery option (requires HostStatusDirectory to
		operate).  Avoids letting two sendmails on the local machine
		open connections to the same remote host at the same time.  
		This reduces load on the other machine, but can cause mail to
		be delayed (for example, if one sendmail is delivering a huge
		message, other sendmails won't be able to send even small
		messages).  Also, it requires another file descriptor (for the
		lock file) per connection, so you may have to reduce
		ConnectionCacheSize to avoid running out of per-process
		file descriptors.  Based on the persistent host status code
		contributed by Paul Vixie and Mark Lovell.
	Allow sending to non-simple files (e.g., /dev/null) even if the
		SafeFileEnvironment option is set.  Problem noted by Bryan
	The -qR flag mistakenly matched flags in the "R" line of the queue
		file.  Problem noted by Bryan Costales.
	If a job was aborted using the interrupt signal (e.g., control-C from
		the keyboard), on some occasions an empty df file would be
		left around; these would collect in the queue directory.
		Problem noted by Bryan Costales.
	Change the makesendmail script to enhance the search for Makefiles
		based on release number.  For example, on SunOS 5.5.1, it will
		search for Makefile.SunOS.5.5.1, Makefile.SunOS.5.5, and then
		Makefile.SunOS.5.x (in addition to the other rules, e.g.,
		adding $arch).  Problem noted by Jason Mastaler of Atlanta
	When creating maps using "newaliases", always map the keys to lower
		case when creating the map unless the -f flag is specified on
		the map itself.  Previously this was done based on the F=u
		flag in the local mailer, which meant you could create aliases
		that you could never access.  Problem noted by Bob Wu of DEC.
	When a job was read from the queue, the bits causing notification on
		failure or delay were always set.  This caused those
		notifications to be sent even if NOTIFY=NEVER had been
		specified.  Problem noted by Steve Hubert of the University
		of Washington, Seattle.
	Add new configurable routine validate_connection (in conf.c).  This
		lets you decide if you are willing to accept traffic from
		this host.  If it returns FALSE, all SMTP commands will return
		"550 Access denied".  -DTCPWRAPPERS will include support for
		TCP wrappers; you will need to add -lwrap to the link line.
		(See src/READ_ME for details.)
	Don't include the "THIS IS A WARNING MESSAGE ONLY" banner on postmaster
		bounces.  Some people seemed to think that this could be
		confusing (even though it is true).  Suggested by Motonori
		Support for AIX/RS 2.2.1 from Mark Whetzel of Western
			Atlas International.
		Patches for Intel Paragon OSF/1 1.3 from Leo Bicknell
		On DEC OSF/1 3.2 and earlier, the MatchGECOS code would only
			work on the first recipient of a message due to a
			bug in the getpwent family.  If this is something you
			use, you can define DEC_OSF_BROKEN_GETPWENT=1 for a
			workaround.  From Maximum Entropy of Sanford C.
			Bernstein and Associates.
		FreeBSD uname -r returns a string containing
			parentheses, which breaks makesendmail.  Reported
			by Piero Serini <>.
		Sequent DYNIX/ptx 4.0.2 patches from Jack Woolley of
			Systems and Computer Technology Corporation.
		Solaris 2.x: omit the UUCP grade parameter (-g flag) because
			it is system-dependent.  Problem noted by J.J. Bailey
			of Bailey Computer Consulting.
		Pyramid NILE running DC/OSx support from Earle F. Ake of
			Hassler Communication Systems Technology, Inc.
		HP-UX 10.x compile glitch, reported by Anne Brink of the
			U.S. Army.
		NetBSD from Matthew Green of the NetBSD crew.
		SCO 5.x from Keith Reynolds of SCO.
		IRIX 6.2 from Robert Tarrall of the University of
			Colorado and Kari Hurtta of the Finnish Meteorological
		UXP/DS (Fujitsu/ICL DS/90 series) support from Diego R.
			Lopez, CICA (Seville).
		NCR SVR4 MP-RAS 3.x support from Tom Moore of NCR.
		PTX 3.2.0 from Kenneth Stailey of the US Department of Labor
			Employment Standards Administration.
		Altos System V (5.3.1) from Tim Rice of Multitalents.
		Concurrent Systems Corporation Maxion from Donald R. Laster
		NetInfo maps (improved debugging and multi-valued aliases)
			from Adrian Steinmann of Steinmann Consulting.
		ConvexOS 11.5 (including SecureWare C2 and the Share Scheduler)
			from Eric Schnoebelen of Convex.
	CONFIG: add file.  Contributed by
		Robert La Ferla of Hot Software.
	CONFIG: allow mailertables to resolve to ``error:code message''
		(where "code" is an exit status) on domains (previously
		worked only on hosts).  Patch from Cor Bosman of Xs4all
	CONFIG: hooks for IPv6-style domain literals.
	CONFIG: predefine ALIAS_FILE and change the prototype file so that
		if it is undefined the AliasFile option is never set; this
		should be transparent for most everyone.  Suggested by John
		Myers of CMU.
	CONFIG: add FEATURE(limited_masquerade).  Without this feature, any
		domain listed in $=w is masqueraded.  With it, only those
		domains listed in a MASQUERADE_DOMAIN macro are masqueraded.
	CONFIG: add FEATURE(masquerade_entire_domain).  This causes
		masquerading specified by MASQUERADE_DOMAIN to apply to all
		hosts under those domains as well as the domain headers
		themselves.  For example, if a configuration had
		MASQUERADE_DOMAIN(, then without this feature only would be masqueraded; with it, * would be
		masqueraded as well.  Based on an implementation by Richard
		(Pug) Bainter of U. Texas.
	CONFIG: add FEATURE(genericstable) to do a more general rewriting of
		outgoing addresses.  Defaults to ``hash -o /etc/genericstable''.
		Keys are user names; values are outgoing mail addresses.  Yes,
		this does overlap with the user database, and figuring out
		just when to use which one may be tricky.  Based on code
		contributed by Richard (Pug) Bainter of U. Texas with updates
		from Per Hedeland of Ericsson.
	CONFIG: add FEATURE(virtusertable) to do generalized rewriting of
		incoming addresses.  Defaults to ``hash -o /etc/virtusertable''.
		Keys are either fully qualified addresses or just the host
		part (with the @ sign).  For example, a table containing:	foo-info	bar-info
		would send all mail destined for to foo-info
		(which is presumably an alias), mail addressed to
		to bar-info, and anything addressed to anyone at will
		be sent to  The names,,
		and must all be in $=w.  Based on discussions with
		a great many people.
	CONFIG: add nullclient configurations to define SMTP_MAILER_FLAGS.
		Suggested by Richard Bainter.
	CONFIG: add FAX_MAILER_ARGS to tweak the arguments passed to the
		"fax" mailer.
	CONFIG: allow mailertable entries to resolve to local:user; this
		passes the original user@host in to procmail-style local
		mailers as the "detail" information to allow them to do
		additional clever processing.  From Joe Pruett of
		Teleport Corporation.
	CONFIG: allow any context that takes "mailer:domain" to also take
		"mailer:user@domain" to force mailing to the given user;
		"local:user" can also be used to do local delivery.  This
		applies on *_RELAY and in the mailertable entries.  Based
		on a suggestion by Ribert Kiessling of Easynet.
	CONFIG: Allow FEATURE(bestmx_is_local) to take an argument that
		limits the possible domains; this reduces the number of DNS
		lookups required to support this feature.  For example,
		FEATURE(bestmx_is_local, limits the lookups
		to domains under  Code contributed by Anthony
		Thyssen <>.
	CONFIG: LOCAL_RULESETS introduces any locally defined rulesets,
		such as the check_rcpt ruleset.  Suggested by Gregory Shapiro
		of WPI.
	CONFIG: MAILER_DEFINITIONS introduces any mailer definitions, in the
		event you have to define local mailers.  Suggested by
		Gregory Shapiro of WPI.
	CONFIG: fix cases where a three- (or more-) stage route-addr could
		be misinterpreted as a list:...; syntax.  Based on a patch by
		Vlado Potisk <>.
	CONFIG: Fix masquerading of UUCP addresses when the UUCP relay is
		remotely connected.  The address host!user was being
		converted to host!user@thishost instead of host!user@uurelay.
		Problem noted by William Gianopoulos of Raytheon Company.
	CONTRIB: Remove XLA code at the request of the author, Christophe
	MAIL.LOCAL: make it possible to compile mail.local on Solaris.  Note
		well: this produces a slightly different mailbox format (no
		Content-Length: headers), file ownerships and modes are
		different (not owned by group mail; mode 600 instead of 660),
		and the local mailer flags will have to be tweaked (make them
		match bsd4.4) in order to use this mailer.  Patches from Paul
		Hammann of the Missouri Research and Education Network.
	MAIL.LOCAL: in some cases it could return EX_OK even though there
		was a delivery error, such as if the ownership on the file
		was wrong or the mode changed between the initial stat and
		the open.  Problem reported by William Colburn of the New
		Mexico Institute of Mining and Technology.
	MAILSTATS: handle zero length files more reliably.  Patch from Bryan
	MAKEMAP: The -d flag (to allow duplicate keys) to a btree map wasn't
		honored.  Fix from Michael Scott Shappe.
		src/Makefiles/Makefile.NCR3000 =>	Makefile.NCR.MP-RAS.2.x
		src/Makefiles/Makefile.SCO.3.2v4.2 =>	Makefile.SCO.4.2
		src/Makefiles/Makefile.UXPDS =>		Makefile.UXPDSV10
Eric Allman					     InReference, Inc.
Chief Technical Officer		    155A Moffett Park Drive, Suite 210
eric@InReference.COM				   Sunnyvale, CA 94089
http://WWW.InReference.COM/~eric		       +1/408/541-7641
Claus Aßmann Please send comments to: <>