diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..43de629 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/sendmail.8.14.7.tar.gz diff --git a/.sendmail.metadata b/.sendmail.metadata new file mode 100644 index 0000000..ffe9fad --- /dev/null +++ b/.sendmail.metadata @@ -0,0 +1 @@ +7a16bfd3f14e877b30e6dff4952ab6ae49951314 SOURCES/sendmail.8.14.7.tar.gz diff --git a/SOURCES/Sendmail-sasl2.conf b/SOURCES/Sendmail-sasl2.conf new file mode 100644 index 0000000..74ef83f --- /dev/null +++ b/SOURCES/Sendmail-sasl2.conf @@ -0,0 +1 @@ +pwcheck_method:saslauthd diff --git a/SOURCES/sendmail-8.12.7-hesiod.patch b/SOURCES/sendmail-8.12.7-hesiod.patch new file mode 100644 index 0000000..ad3de30 --- /dev/null +++ b/SOURCES/sendmail-8.12.7-hesiod.patch @@ -0,0 +1,22 @@ +--- sendmail-8.12.7/sendmail/recipient.c ++++ sendmail-8.12.7/sendmail/recipient.c +@@ -1146,7 +1146,7 @@ + + *fuzzyp = false; + +-#if HESIOD ++#if disableHESIOD + /* DEC Hesiod getpwnam accepts numeric strings -- short circuit it */ + for (p = name; *p != '\0'; p++) + if (!isascii(*p) || !isdigit(*p)) +--- sendmail-8.12.7/libsm/mbdb.c ++++ sendmail-8.12.7/libsm/mbdb.c +@@ -315,7 +315,7 @@ + { + struct passwd *pw; + +-#ifdef HESIOD ++#ifdef disableHESIOD + /* DEC Hesiod getpwnam accepts numeric strings -- short circuit it */ + { + char *p; diff --git a/SOURCES/sendmail-8.12.7-manpage.patch b/SOURCES/sendmail-8.12.7-manpage.patch new file mode 100644 index 0000000..8a38b6b --- /dev/null +++ b/SOURCES/sendmail-8.12.7-manpage.patch @@ -0,0 +1,16 @@ +--- sendmail-8.12.7/sendmail/sendmail.8.manpage 2003-01-13 11:17:32.000000000 +0100 ++++ sendmail-8.12.7/sendmail/sendmail.8 2003-01-13 11:17:59.000000000 +0100 +@@ -687,13 +687,11 @@ + /var/spool/mqueue/* + temp files + .SH SEE ALSO +-binmail(1), + mail(1), + rmail(1), + syslog(3), + aliases(5), + mailaddr(7), +-rc(8) + .PP + DARPA + Internet Request For Comments diff --git a/SOURCES/sendmail-8.13.0-cyrus.patch b/SOURCES/sendmail-8.13.0-cyrus.patch new file mode 100644 index 0000000..e296d5b --- /dev/null +++ b/SOURCES/sendmail-8.13.0-cyrus.patch @@ -0,0 +1,11 @@ +--- sendmail-8.13.0/cf/mailer/cyrus.m4.cyrus 2004-06-30 11:47:47.116910591 +0200 ++++ sendmail-8.13.0/cf/mailer/cyrus.m4 2004-06-30 11:49:02.262556546 +0200 +@@ -36,7 +36,7 @@ + # + + _DEFIFNOT(`CYRUS_MAILER_FLAGS', `Ah5@/:|') +-ifdef(`CYRUS_MAILER_PATH',, `define(`CYRUS_MAILER_PATH', /usr/cyrus/bin/deliver)') ++ifdef(`CYRUS_MAILER_PATH',, `define(`CYRUS_MAILER_PATH', /usr/lib/cyrus-imapd/deliver)') + ifdef(`CYRUS_MAILER_ARGS',, `define(`CYRUS_MAILER_ARGS', `deliver -e -m $h -- $u')') + ifdef(`CYRUS_MAILER_USER',, `define(`CYRUS_MAILER_USER', `cyrus:mail')') + _DEFIFNOT(`CYRUS_BB_MAILER_FLAGS', `u') diff --git a/SOURCES/sendmail-8.13.1-localdomain.patch b/SOURCES/sendmail-8.13.1-localdomain.patch new file mode 100644 index 0000000..1fd344b --- /dev/null +++ b/SOURCES/sendmail-8.13.1-localdomain.patch @@ -0,0 +1,11 @@ +--- sendmail-8.13.1/cf/m4/proto.m4.localdomain 2007-01-22 16:35:19.000000000 +0100 ++++ sendmail-8.13.1/cf/m4/proto.m4 2007-01-22 16:36:47.000000000 +0100 +@@ -1840,6 +1840,8 @@ + $: < ? $&{client_name} > < $1 @ [127.0.0.1] > + R<@> < $* @ localhost.$m > + $: < ? $&{client_name} > < $1 @ localhost.$m > ++R<@> < $* @ localhost.localdomain > ++ $: < ? $&{client_name} > < $1 @ localhost.localdomain > + ifdef(`_NO_UUCP_', `dnl', + `R<@> < $* @ localhost.UUCP > + $: < ? $&{client_name} > < $1 @ localhost.UUCP >') diff --git a/SOURCES/sendmail-8.13.7-pid.patch b/SOURCES/sendmail-8.13.7-pid.patch new file mode 100644 index 0000000..4e22c85 --- /dev/null +++ b/SOURCES/sendmail-8.13.7-pid.patch @@ -0,0 +1,20 @@ +--- sendmail-8.13.7/cf/cf/submit.mc.pid 2006-04-05 07:54:41.000000000 +0200 ++++ sendmail-8.13.7/cf/cf/submit.mc 2006-06-19 18:07:11.000000000 +0200 +@@ -15,12 +15,16 @@ + # + + divert(0)dnl +-VERSIONID(`$Id: submit.mc,v 8.14 2006/04/05 05:54:41 ca Exp $') ++sinclude(`/usr/share/sendmail-cf/m4/cf.m4')dnl ++VERSIONID(`linux setup')dnl + define(`confCF_VERSION', `Submit')dnl + define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining + define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet + define(`confTIME_ZONE', `USE_TZ')dnl + define(`confDONT_INIT_GROUPS', `True')dnl ++define(`confPID_FILE', `/run/sm-client.pid')dnl ++dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl ++FEATURE(`use_ct_file')dnl + dnl + dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1] + FEATURE(`msp', `[127.0.0.1]')dnl diff --git a/SOURCES/sendmail-8.13.7-vacation.patch b/SOURCES/sendmail-8.13.7-vacation.patch new file mode 100644 index 0000000..d4f9808 --- /dev/null +++ b/SOURCES/sendmail-8.13.7-vacation.patch @@ -0,0 +1,11 @@ +--- sendmail-8.13.7/vacation/Makefile.vacation 1999-09-24 00:36:45.000000000 +0200 ++++ sendmail-8.13.7/vacation/Makefile 2006-07-18 15:12:42.000000000 +0200 +@@ -1,7 +1,7 @@ + # $Id: Makefile,v 8.5 1999/09/23 22:36:45 ca Exp $ + + SHELL= /bin/sh +-BUILD= ./Build ++BUILD= ./Build -f ../redhat.config.m4 + OPTIONS= $(CONFIG) $(FLAGS) + + all: FRC diff --git a/SOURCES/sendmail-8.14.1-noversion.patch b/SOURCES/sendmail-8.14.1-noversion.patch new file mode 100644 index 0000000..c500898 --- /dev/null +++ b/SOURCES/sendmail-8.14.1-noversion.patch @@ -0,0 +1,13 @@ +--- sendmail-8.14.1/sendmail/helpfile.noversion 2007-02-01 19:29:44.000000000 +0100 ++++ sendmail-8.14.1/sendmail/helpfile 2007-04-10 16:58:16.000000000 +0200 +@@ -11,9 +11,7 @@ + cpyr forth in the LICENSE file which can be found at the top level of + cpyr the sendmail distribution. + cpyr +-cpyr $$Id: helpfile,v 8.48 2007/02/01 18:29:44 ca Exp $$ +-cpyr +-smtp This is sendmail version $v ++smtp This is sendmail + smtp Topics: + smtp HELO EHLO MAIL RCPT DATA + smtp RSET NOOP QUIT HELP VRFY diff --git a/SOURCES/sendmail-8.14.3-ipv6-bad-helo.patch b/SOURCES/sendmail-8.14.3-ipv6-bad-helo.patch new file mode 100644 index 0000000..1e8b493 --- /dev/null +++ b/SOURCES/sendmail-8.14.3-ipv6-bad-helo.patch @@ -0,0 +1,8 @@ +--- sendmail-8.14.3/cf/feature/block_bad_helo.m4 2006-06-16 00:49:30.000000000 +0200 ++++ sendmail-8.14.3/cf/feature/block_bad_helo.m4.ipv6-bad-helo 2010-01-03 23:28:25.000000000 +0100 +@@ -16,3 +16,5 @@ + define(`_BLOCK_BAD_HELO_', `')dnl + RELAY_DOMAIN(`127.0.0.1')dnl + LOCAL_DOMAIN(`[127.0.0.1]')dnl ++RELAY_DOMAIN(`IPv6:::1')dnl ++LOCAL_DOMAIN(`[IPv6:::1]')dnl diff --git a/SOURCES/sendmail-8.14.3-milterfdleaks.patch b/SOURCES/sendmail-8.14.3-milterfdleaks.patch new file mode 100644 index 0000000..7154394 --- /dev/null +++ b/SOURCES/sendmail-8.14.3-milterfdleaks.patch @@ -0,0 +1,75 @@ +Patches by Paul Howarth +https://bugzilla.redhat.com/show_bug.cgi?id=485426 + +--- sendmail-8.14.3/sendmail/milter.c 2008-09-19 15:51:03.000000000 +0100 ++++ sendmail-8.14.3/sendmail/milter.c 2008-09-19 16:37:57.000000000 +0100 +@@ -30,6 +30,9 @@ + + # include + ++# include ++# include ++ + static void milter_connect_timeout __P((int)); + static void milter_error __P((struct milter *, ENVELOPE *)); + static int milter_open __P((struct milter *, bool, ENVELOPE *)); +@@ -650,6 +653,7 @@ + SOCKADDR_LEN_T addrlen = 0; + int addrno = 0; + int save_errno; ++ int fdflags; + char *p; + char *colon; + char *at; +@@ -1186,6 +1190,21 @@ + (char *)&nodelay, sizeof(nodelay)); + } + # endif /* MILTER_NO_NAGLE && !defined(TCP_CORK) */ ++ ++ /* ++ ** Need to set close-on-exec for sock to prevent it ++ ** leaking to the local delivery process ++ */ ++ if ((fdflags = fcntl(sock, F_GETFD, 0)) == -1 || ++ fcntl(sock, F_SETFD, fdflags | FD_CLOEXEC) == -1) ++ { ++ save_errno = errno; ++ if (MilterLogLevel > 0) ++ sm_syslog(LOG_WARNING, e->e_id, ++ "Milter (%s): Unable to set close-on-exec on sock (%s)", ++ m->mf_name, sm_errstring(save_errno = errno)); ++ } ++ + return sock; + } + +--- sendmail-8.14.3/libmilter/listener.c 2007-04-23 23:22:50.000000000 +0100 ++++ sendmail-8.14.3/libmilter/listener.c 2008-06-18 16:36:38.000000000 +0100 +@@ -728,6 +728,7 @@ + int acnt = 0; /* error count for accept() failures */ + int scnt = 0; /* error count for select() failures */ + int save_errno = 0; ++ int fdflags; + #if !_FFR_WORKERS_POOL + sthread_t thread_id; + #endif /* !_FFR_WORKERS_POOL */ +@@ -807,6 +808,19 @@ + (void) smutex_unlock(&L_Mutex); + + /* ++ ** Need to set close-on-exec for connfd in case a user's ++ ** filter starts other applications ++ */ ++ if ((fdflags = fcntl(connfd, F_GETFD, 0)) == -1 || ++ fcntl(connfd, F_SETFD, fdflags | FD_CLOEXEC) == -1) ++ { ++ smi_log(SMI_LOG_WARN, ++ "%s: Unable to set close-on-exec on connfd (%s)", ++ smfi->xxfi_name, sm_errstring(errno)); ++ /* XXX: continue? */ ++ } ++ ++ /* + ** If remote side closes before accept() finishes, + ** sockaddr might not be fully filled in. + */ diff --git a/SOURCES/sendmail-8.14.3-sharedmilter.patch b/SOURCES/sendmail-8.14.3-sharedmilter.patch new file mode 100644 index 0000000..29e1851 --- /dev/null +++ b/SOURCES/sendmail-8.14.3-sharedmilter.patch @@ -0,0 +1,50 @@ +diff -up sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4.sharedmilter sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4 +--- sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4.sharedmilter 2009-01-20 15:19:34.000000000 +0100 ++++ sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4 2009-01-20 15:19:34.000000000 +0100 +@@ -15,22 +15,23 @@ divert(-1) + divert(0)dnl + include(confBUILDTOOLSDIR`/M4/'bldM4_TYPE_DIR`/links.m4')dnl + bldLIST_PUSH_ITEM(`bldC_PRODUCTS', bldCURRENT_PRODUCT)dnl +-bldPUSH_TARGET(bldCURRENT_PRODUCT`.a')dnl ++bldPUSH_TARGET(bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL)dnl + bldPUSH_INSTALL_TARGET(`install-'bldCURRENT_PRODUCT)dnl + bldPUSH_CLEAN_TARGET(bldCURRENT_PRODUCT`-clean')dnl + + include(confBUILDTOOLSDIR`/M4/'bldM4_TYPE_DIR`/defines.m4') + divert(bldTARGETS_SECTION) +-bldCURRENT_PRODUCT.a: ${BEFORE} ${bldCURRENT_PRODUCT`OBJS'} +- ${AR} ${AROPTS} bldCURRENT_PRODUCT.a ${bldCURRENT_PRODUCT`OBJS'} +- ${RANLIB} ${RANLIBOPTS} bldCURRENT_PRODUCT.a ++bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL: ${BEFORE} ${bldCURRENT_PRODUCT`OBJS'} ++ ${CC} ${CFLAGS} ${LDOPTS_SO} -o bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL `-Wl,'confSONAME`,'bldCURRENT_PRODUCT`.so.'confSOVER ${bldCURRENT_PRODUCT`OBJS'} + ifdef(`bldLINK_SOURCES', `bldMAKE_SOURCE_LINKS(bldLINK_SOURCES)') + +-install-`'bldCURRENT_PRODUCT: bldCURRENT_PRODUCT.a ++install-`'bldCURRENT_PRODUCT: bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL + ifdef(`bldINSTALLABLE', ` ifdef(`confMKDIR', `if [ ! -d ${DESTDIR}${bldINSTALL_DIR`'LIBDIR} ]; then confMKDIR -p ${DESTDIR}${bldINSTALL_DIR`'LIBDIR}; else :; fi ') +- ${INSTALL} -c -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} bldCURRENT_PRODUCT.a ${DESTDIR}${LIBDIR}') ++ ${LN} ${LNOPTS} bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL ${DESTDIR}${LIBDIR}/bldCURRENT_PRODUCT.so.confSOVER ++ ${LN} ${LNOPTS} bldCURRENT_PRODUCT.so.confSOVER ${DESTDIR}${LIBDIR}/bldCURRENT_PRODUCT.so ++ ${INSTALL} -c -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} bldCURRENT_PRODUCT.so.confSOVER`.'confSOPLVL ${DESTDIR}${LIBDIR}') + + bldCURRENT_PRODUCT-clean: +- rm -f ${OBJS} bldCURRENT_PRODUCT.a ${MANPAGES} ++ rm -f ${OBJS} bldCURRENT_PRODUCT.so* ${MANPAGES} + + divert(0) +diff -up sendmail-8.14.3/libmilter/Makefile.m4.sharedmilter sendmail-8.14.3/libmilter/Makefile.m4 +--- sendmail-8.14.3/libmilter/Makefile.m4.sharedmilter 2008-04-08 07:23:44.000000000 +0200 ++++ sendmail-8.14.3/libmilter/Makefile.m4 2009-01-20 15:26:05.000000000 +0100 +@@ -9,7 +9,11 @@ define(`confMT', `true') + SMSRCDIR=ifdef(`confSMSRCDIR', `confSMSRCDIR', `${SRCDIR}/sendmail') + PREPENDDEF(`confINCDIRS', `-I${SMSRCDIR} ') + +-bldPRODUCT_START(`library', `libmilter') ++APPENDDEF(`confOPTIMIZE', `-fno-pie -fPIC') ++define(`runCtest', `esyscmd(`echo -e "#include \n#include \"../include/libmilter/mfapi.h\"\nint main(){'$1`;return 0;}" | gcc -x c -I../include -o ctest - && ./ctest && rm -f ctest')')dnl ++define(`confSOVER', runCtest(`printf(\"%d.%d\", SM_LM_VRS_MAJOR(SMFI_VERSION), SM_LM_VRS_MINOR(SMFI_VERSION))'))dnl ++define(`confSOPLVL', runCtest(`printf(\"%d\", SM_LM_VRS_PLVL(SMFI_VERSION))'))dnl ++bldPRODUCT_START(`sharedlibrary', `libmilter') + define(`bldINSTALLABLE', `true') + define(`LIBMILTER_EXTRAS', `errstring.c strl.c') + APPENDDEF(`confENVDEF', `-DNOT_SENDMAIL -Dsm_snprintf=snprintf') diff --git a/SOURCES/sendmail-8.14.3-smrsh_paths.patch b/SOURCES/sendmail-8.14.3-smrsh_paths.patch new file mode 100644 index 0000000..9240f39 --- /dev/null +++ b/SOURCES/sendmail-8.14.3-smrsh_paths.patch @@ -0,0 +1,182 @@ +diff -up sendmail-8.14.3/smrsh/README.smrsh_paths sendmail-8.14.3/smrsh/README +--- sendmail-8.14.3/smrsh/README.smrsh_paths 2008-02-12 17:40:06.000000000 +0100 ++++ sendmail-8.14.3/smrsh/README 2008-07-15 14:40:36.000000000 +0200 +@@ -6,7 +6,7 @@ Software Engineering Institute, Carnegie + intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability, + and to the software, smrsh.c, written by Eric Allman. + +- ++* Modified by Red Hat, Inc., to reflect different paths. * + + The smrsh(8) program is intended as a replacement for /bin/sh in the + program mailer definition of sendmail(8). This README file describes +@@ -56,15 +56,15 @@ These can be added to the devtools/Site/ + global M4 macro confENVDEF or the smrsh specific M4 macro + conf_smrsh_ENVDEF. + +-As root, install smrsh in /usr/libexec. Using the Build script: ++As root, install smrsh in /usr/sbin. Using the Build script: + + host.domain# sh ./Build install + +-For manual installation: install smrsh in the /usr/libexec ++For manual installation: install smrsh in the /usr/sbin + directory, with mode 511. + +- host.domain# mv smrsh /usr/libexec +- host.domain# chmod 511 /usr/libexec/smrsh ++ host.domain# mv smrsh /usr/sbin ++ host.domain# chmod 511 /usr/sbin/smrsh + + + +@@ -86,7 +86,7 @@ perl(1), uudecode(1) or the stream edito + acceptable commands. + + If your platform doesn't have a default SMRSH_CMDDIR setting, you will +-next need to create the directory /usr/adm/sm.bin and populate ++next need to create the directory /etc/smrsh and populate + it with the programs that your site feels are allowable for sendmail + to execute. This directory is explicitly specified in the source + code for smrsh, so changing this directory must be accompanied with +@@ -95,22 +95,22 @@ a change in smrsh.c. + + You will have to be root to make these modifications. + +-After creating the /usr/adm/sm.bin directory, either copy the programs ++After creating the /etc/smrsh directory, either copy the programs + to the directory, or establish links to the allowable programs from +-/usr/adm/sm.bin. Change the file permissions, so that these programs ++/etc/smrsh. Change the file permissions, so that these programs + can not be modified by non-root users. If you use links, you should + ensure that the target programs are not modifiable. + + To allow the popular vacation(1) program by creating a link in the +-/usr/adm/sm.bin directory, you should: ++/etc/smrsh directory, you should: + +- host.domain# cd /usr/adm/sm.bin ++ host.domain# cd /etc/smrsh + host.domain# ln -s /usr/ucb/vacation vacation + + + + +-After populating the /usr/adm/sm.bin directory, you can now configure ++After populating the /etc/smrsh directory, you can now configure + sendmail to use the restricted shell. Save the current sendmail.cf + file prior to modifying it, as a prudent precaution. + +@@ -125,7 +125,7 @@ help to locate it. + + In order to configure sendmail to use smrsh, you must modify the Mprog + definition in the sendmail.cf file, by replacing the /bin/sh specification +-with /usr/libexec/smrsh. ++with /usr/sbin/smrsh. + + As an example: + +@@ -133,14 +133,14 @@ In most Sun Microsystems' sendmail.cf fi + Mprog, P=/bin/sh, F=lsDFMeuP, S=10, R=20, A=sh -c $u + + which should be changed to: +-Mprog, P=/usr/libexec/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u +- ^^^^^^^^^^^^^^^^^^ ++Mprog, P=/usr/sbin/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u ++ ^^^^^^^^^^^^^^^^ + + A more generic line may be: + Mprog, P=/bin/sh, F=lsDFM, A=sh -c $u + + and should be changed to; +-Mprog, P=/usr/libexec/smrsh, F=lsDFM, A=sh -c $u ++Mprog, P=/usr/sbin/smrsh, F=lsDFM, A=sh -c $u + + + After modifying the Mprog definition in the sendmail.cf file, if a frozen +@@ -151,7 +151,7 @@ or /etc/mail directories. The specific + a search of the strings(1) output of the sendmail binary. + + In order to create a new frozen configuration, if it is required: +- host.domain# /usr/lib/sendmail -bz ++ host.domain# /usr/sbin/sendmail -bz + + Now re-start the sendmail process. An example of how to do this on + a typical system follows: +diff -up sendmail-8.14.3/smrsh/smrsh.8.smrsh_paths sendmail-8.14.3/smrsh/smrsh.8 +--- sendmail-8.14.3/smrsh/smrsh.8.smrsh_paths 2004-08-06 05:55:35.000000000 +0200 ++++ sendmail-8.14.3/smrsh/smrsh.8 2008-07-15 14:38:07.000000000 +0200 +@@ -39,7 +39,7 @@ Briefly, + .I smrsh + limits programs to be in a single directory, + by default +-/usr/adm/sm.bin, ++/etc/smrsh, + allowing the system administrator to choose the set of acceptable commands, + and to the shell builtin commands ``exec'', ``exit'', and ``echo''. + It also rejects any commands with the characters +@@ -56,10 +56,10 @@ so forwarding to ``/usr/ucb/vacation'', + and + ``vacation'' + all actually forward to +-``/usr/adm/sm.bin/vacation''. ++``/etc/smrsh/vacation''. + .PP + System administrators should be conservative about populating +-the sm.bin directory. ++the /etc/smrsh directory. + For example, a reasonable additions is + .IR vacation (1), + and the like. +@@ -68,7 +68,7 @@ never include any shell or shell-like pr + (such as + .IR perl (1)) + in the +-sm.bin ++/etc/smrsh + directory. + Note that this does not restrict the use of shell or perl scripts + in the sm.bin directory (using the ``#!'' syntax); +@@ -79,20 +79,7 @@ is a very bad idea. + .IR procmail (1) + allows users to run arbitrary programs in their + .IR procmailrc (5). +-.SH COMPILATION +-Compilation should be trivial on most systems. +-You may need to use \-DSMRSH_PATH=\e"\fIpath\fP\e" +-to adjust the default search path +-(defaults to ``/bin:/usr/bin:/usr/ucb'') +-and/or \-DSMRSH_CMDDIR=\e"\fIdir\fP\e" +-to change the default program directory +-(defaults to ``/usr/adm/sm.bin''). + .SH FILES +-/usr/adm/sm.bin \- default directory for restricted programs on most OSs +-.PP +-/var/adm/sm.bin \- directory for restricted programs on HP UX and Solaris +-.PP +-/usr/libexec/sm.bin \- directory for restricted programs on FreeBSD (>= 3.3) and DragonFly BSD +- ++/etc/smrsh \- directory for restricted programs + .SH SEE ALSO + sendmail(8) +diff -up sendmail-8.14.3/smrsh/smrsh.c.smrsh_paths sendmail-8.14.3/smrsh/smrsh.c +--- sendmail-8.14.3/smrsh/smrsh.c.smrsh_paths 2004-08-06 20:54:22.000000000 +0200 ++++ sendmail-8.14.3/smrsh/smrsh.c 2008-07-15 14:38:07.000000000 +0200 +@@ -77,7 +77,7 @@ SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.65 20 + # ifdef SMRSH_CMDDIR + # define CMDDIR SMRSH_CMDDIR + # else /* SMRSH_CMDDIR */ +-# define CMDDIR "/usr/adm/sm.bin" ++# define CMDDIR "/etc/smrsh" + # endif /* SMRSH_CMDDIR */ + #endif /* ! CMDDIR */ + +@@ -89,7 +89,7 @@ SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.65 20 + # ifdef SMRSH_PATH + # define PATH SMRSH_PATH + # else /* SMRSH_PATH */ +-# define PATH "/bin:/usr/bin:/usr/ucb" ++# define PATH "/bin:/usr/bin" + # endif /* SMRSH_PATH */ + #endif /* ! PATH */ + diff --git a/SOURCES/sendmail-8.14.4-aliases_dir.patch b/SOURCES/sendmail-8.14.4-aliases_dir.patch new file mode 100644 index 0000000..3dfb2aa --- /dev/null +++ b/SOURCES/sendmail-8.14.4-aliases_dir.patch @@ -0,0 +1,119 @@ +diff -up sendmail-8.14.3/cf/m4/cfhead.m4.movefiles sendmail-8.14.3/cf/m4/cfhead.m4 +--- sendmail-8.14.3/cf/m4/cfhead.m4.movefiles 2004-01-28 23:02:22.000000000 +0100 ++++ sendmail-8.14.3/cf/m4/cfhead.m4 2008-12-02 18:07:06.000000000 +0100 +@@ -259,7 +259,7 @@ ifdef(`MAIL_SETTINGS_DIR', , `define(`MA + define(`DATABASE_MAP_TYPE', `hash') + + # set up default values for options +-define(`ALIAS_FILE', `MAIL_SETTINGS_DIR`'aliases') ++define(`ALIAS_FILE', `/etc/aliases') + define(`confMAILER_NAME', ``MAILER-DAEMON'') + define(`confFROM_LINE', `From $g $d') + define(`confOPERATORS', `.:%@!^/[]+') +diff -up ./sendmail/aliases.0.orig ./sendmail/aliases.0 +--- ./sendmail/aliases.0.orig 2009-12-23 05:48:32.000000000 +0100 ++++ ./sendmail/aliases.0 2010-02-01 10:49:56.093920068 +0100 +@@ -63,7 +63,7 @@ DDEESSCCRRIIPPTTIIOONN + the list of users defined in that file. + + This is only the raw data file; the actual aliasing information is +- placed into a binary format in the file /etc/mail/aliases.db using the ++ placed into a binary format in the file /etc/aliases.db using the + program newaliases(1). A newaliases command should be executed each + time the aliases file is changed for the change to take effect. + +diff -up ./sendmail/aliases.5.orig ./sendmail/aliases.5 +--- ./sendmail/aliases.5.orig 2004-07-12 07:39:21.000000000 +0200 ++++ ./sendmail/aliases.5 2010-02-01 10:45:46.407921946 +0100 +@@ -23,7 +23,7 @@ ID + aliases used by + sendmail. + The file resides in +-/etc/mail ++/etc + and + is formatted as a series of lines of the form + .IP +@@ -96,7 +96,7 @@ list of users defined in that file. + .PP + This is only the raw data file; the actual aliasing information is + placed into a binary format in the file +-/etc/mail/aliases.db ++/etc/aliases.db + using the program + newaliases(1). + A +diff -up ./sendmail/newaliases.0.orig ./sendmail/newaliases.0 +--- ./sendmail/newaliases.0.orig 2009-12-23 05:48:32.000000000 +0100 ++++ ./sendmail/newaliases.0 2010-02-01 10:49:46.527918883 +0100 +@@ -10,7 +10,7 @@ SSYYNNOOPPSSIISS + + DDEESSCCRRIIPPTTIIOONN + NNeewwaalliiaasseess rebuilds the random access data base for the mail aliases +- file /etc/mail/aliases. It must be run each time this file is changed ++ file /etc/aliases. It must be run each time this file is changed + in order for the change to take effect. + + NNeewwaalliiaasseess is identical to ``sendmail -bi''. +@@ -22,7 +22,7 @@ DDEESSCCRRIIPPTTIIOONN + sseennddmmaaiill.. + + FFIILLEESS +- /etc/mail/aliases The mail aliases file ++ /etc/aliases The mail aliases file + + SSEEEE AALLSSOO + aliases(5), sendmail(8) +diff -up ./sendmail/newaliases.1.orig ./sendmail/newaliases.1 +--- ./sendmail/newaliases.1.orig 2001-10-10 05:23:17.000000000 +0200 ++++ ./sendmail/newaliases.1 2010-02-01 10:49:36.194921433 +0100 +@@ -20,7 +20,7 @@ newaliases + .SH DESCRIPTION + .B Newaliases + rebuilds the random access data base for the mail aliases file +-/etc/mail/aliases. It must be run each time this file is changed ++/etc/aliases. It must be run each time this file is changed + in order for the change to take effect. + .PP + .B Newaliases +@@ -40,7 +40,7 @@ puts a special token into the data base + .B sendmail. + .SH FILES + .TP 2i +-/etc/mail/aliases ++/etc/aliases + The mail aliases file + .SH SEE ALSO + aliases(5), sendmail(8) +diff -up ./sendmail/sendmail.0.orig ./sendmail/sendmail.0 +--- ./sendmail/sendmail.0.orig 2009-12-23 05:48:32.000000000 +0100 ++++ ./sendmail/sendmail.0 2010-02-01 10:49:04.494920283 +0100 +@@ -430,10 +430,10 @@ FFIILLEESS + are only approximations. + + +- /etc/mail/aliases ++ /etc/aliases + raw data for alias names + +- /etc/mail/aliases.db ++ /etc/aliases.db + data base of alias names + + /etc/mail/sendmail.cf +diff -up ./sendmail/sendmail.8.orig ./sendmail/sendmail.8 +--- ./sendmail/sendmail.8.orig 2009-04-10 19:49:19.000000000 +0200 ++++ ./sendmail/sendmail.8 2010-02-01 10:50:04.993920355 +0100 +@@ -706,10 +706,10 @@ Thus, + these values are only approximations. + .PP + .TP +- /etc/mail/aliases ++ /etc/aliases + raw data for alias names + .TP +- /etc/mail/aliases.db ++ /etc/aliases.db + data base of alias names + .TP + /etc/mail/sendmail.cf diff --git a/SOURCES/sendmail-8.14.4-dynamic.patch b/SOURCES/sendmail-8.14.4-dynamic.patch new file mode 100644 index 0000000..652a75c --- /dev/null +++ b/SOURCES/sendmail-8.14.4-dynamic.patch @@ -0,0 +1,46 @@ +--- sendmail-8.14.4/devtools/OS/Linux 2010-01-03 22:55:35.000000000 +0100 ++++ sendmail-8.14.4/devtools/OS/Linux.dynamic 2010-01-03 22:59:03.000000000 +0100 +@@ -7,7 +7,7 @@ + define(`confCCOPTS_SO', `-fPIC') + define(`confSM_OS_HEADER', `sm_os_linux') + define(`confMANROOT', `/usr/share/man/man') +-define(`confLIBS', `-ldl') ++define(`confLIBS', `-pie -ldl') + define(`confEBINDIR', `/usr/sbin') + APPENDDEF(`confLIBSEARCH', `crypt nsl') + +@@ -22,19 +22,19 @@ + ifelse(confBLDVARIANT, `DEBUG', + dnl Debug build + ` +- define(`confOPTIMIZE',`-g -Wall') ++ define(`confOPTIMIZE',`-g -Wall -fpie') + ', + dnl Optimized build + confBLDVARIANT, `OPTIMIZED', + ` +- define(`confOPTIMIZE',`-O2') ++ define(`confOPTIMIZE',`-O2 -fpie') + ', + dnl Purify build + confBLDVARIANT, `PURIFY', + ` +- define(`confOPTIMIZE',`-g') ++ define(`confOPTIMIZE',`-g -fpie') + ', + dnl default + ` +- define(`confOPTIMIZE',`-O2') ++ define(`confOPTIMIZE',`-O2 -fpie') + ') +--- sendmail-8.14.4/libsm/Makefile.m4 2006-08-16 23:06:31.000000000 +0200 ++++ sendmail-8.14.4/libsm/Makefile.m4.dynamic 2010-01-03 23:01:36.000000000 +0100 +@@ -6,7 +6,7 @@ + define(`confREQUIRE_SM_OS_H', `true') + PREPENDDEF(`confENVDEF', `confMAPDEF') + bldPRODUCT_START(`library', `libsm') +-define(`bldSOURCES', ` assert.c debug.c errstring.c exc.c heap.c match.c rpool.c strdup.c strerror.c strl.c clrerr.c fclose.c feof.c ferror.c fflush.c fget.c fpos.c findfp.c flags.c fopen.c fprintf.c fpurge.c fput.c fread.c fscanf.c fseek.c fvwrite.c fwalk.c fwrite.c get.c makebuf.c put.c refill.c rewind.c setvbuf.c smstdio.c snprintf.c sscanf.c stdio.c strio.c ungetc.c vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c wbuf.c wsetup.c string.c stringf.c xtrap.c strto.c test.c path.c strcasecmp.c strrevcmp.c signal.c clock.c config.c shm.c sem.c mbdb.c strexit.c cf.c ldap.c niprop.c mpeix.c memstat.c util.c ') ++define(`bldSOURCES', ` assert.c debug.c errstring.c exc.c heap.c match.c rpool.c strdup.c strl.c clrerr.c fclose.c feof.c ferror.c fflush.c fget.c fpos.c findfp.c flags.c fopen.c fprintf.c fpurge.c fput.c fread.c fscanf.c fseek.c fvwrite.c fwalk.c fwrite.c get.c makebuf.c put.c refill.c rewind.c setvbuf.c smstdio.c snprintf.c sscanf.c stdio.c strio.c ungetc.c vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c wbuf.c wsetup.c string.c stringf.c xtrap.c strto.c test.c path.c strcasecmp.c strrevcmp.c signal.c clock.c config.c shm.c sem.c mbdb.c strexit.c cf.c ldap.c niprop.c mpeix.c memstat.c util.c ') + bldPRODUCT_END + dnl msg.c + dnl syslogio.c diff --git a/SOURCES/sendmail-8.14.4-libdb5.patch b/SOURCES/sendmail-8.14.4-libdb5.patch new file mode 100644 index 0000000..9bd5e50 --- /dev/null +++ b/SOURCES/sendmail-8.14.4-libdb5.patch @@ -0,0 +1,12 @@ +--- sendmail-8.14.4/include/sm/bdb.h.old 2003-03-06 17:30:05.000000000 +0100 ++++ sendmail-8.14.4/include/sm/bdb.h 2010-04-15 16:02:41.029169004 +0200 +@@ -19,7 +19,8 @@ + # define DB_VERSION_MAJOR 1 + # endif /* ! DB_VERSION_MAJOR */ + +-# if DB_VERSION_MAJOR >= 4 && DB_VERSION_MINOR >= 1 ++# if (DB_VERSION_MAJOR >= 4 && DB_VERSION_MINOR >= 1) || \ ++ (DB_VERSION_MAJOR >= 5) + + # define DBTXN NULL , + diff --git a/SOURCES/sendmail-8.14.4-makemapman.patch b/SOURCES/sendmail-8.14.4-makemapman.patch new file mode 100644 index 0000000..7beb0cd --- /dev/null +++ b/SOURCES/sendmail-8.14.4-makemapman.patch @@ -0,0 +1,56 @@ +--- sendmail-8.14.4/cf/cf/Build 1999-03-02 03:37:12.000000000 +0100 ++++ sendmail-8.14.4/cf/cf/Build.makemapman 2010-01-03 22:49:38.000000000 +0100 +@@ -18,7 +18,7 @@ + SMROOT=${SMROOT-../..} + BUILDTOOLS=${BUILDTOOLS-$SMROOT/devtools} + +-M4=`sh $BUILDTOOLS/bin/find_m4.sh` ++M4=/usr/bin/m4 + ret=$? + if [ $ret -ne 0 ] + then +--- sendmail-8.14.4/devtools/OS/Linux 2009-01-22 03:15:42.000000000 +0100 ++++ sendmail-8.14.4/devtools/OS/Linux.makemapman 2010-01-03 22:50:27.000000000 +0100 +@@ -6,7 +6,7 @@ + define(`confDEPEND_TYPE', `CC-M') + define(`confCCOPTS_SO', `-fPIC') + define(`confSM_OS_HEADER', `sm_os_linux') +-define(`confMANROOT', `/usr/man/man') ++define(`confMANROOT', `/usr/share/man/man') + define(`confLIBS', `-ldl') + define(`confEBINDIR', `/usr/sbin') + APPENDDEF(`confLIBSEARCH', `crypt nsl') +@@ -16,6 +16,8 @@ + define(`confMTLDOPTS', `-lpthread') + define(`confLDOPTS_SO', `-shared') + define(`confSONAME',`-soname') ++define('confSBINGRP', 'mail') ++define('confSBINMODE', '6755') + + ifelse(confBLDVARIANT, `DEBUG', + dnl Debug build +--- sendmail-8.14.4/makemap/makemap.8 2008-05-03 01:07:48.000000000 +0200 ++++ sendmail-8.14.4/makemap/makemap.8.makemapman 2010-01-03 22:51:04.000000000 +0100 +@@ -52,12 +52,6 @@ + parameter. + They may be + .TP +-dbm +-DBM format maps. +-This requires the +-ndbm(3) +-library. +-.TP + btree + B-Tree format maps. + This requires the new Berkeley DB +--- sendmail-8.14.4/rmail/rmail.c 2001-09-18 23:45:29.000000000 +0200 ++++ sendmail-8.14.4/rmail/rmail.c.makemapman 2010-01-03 22:51:36.000000000 +0100 +@@ -276,7 +276,6 @@ + args[i++] = _PATH_SENDMAIL; /* Build sendmail's argument list. */ + args[i++] = "-G"; /* relay submission */ + args[i++] = "-oee"; /* No errors, just status. */ +- args[i++] = "-odq"; /* Queue it, don't try to deliver. */ + args[i++] = "-oi"; /* Ignore '.' on a line by itself. */ + + /* set from system and protocol used */ diff --git a/SOURCES/sendmail-8.14.4-sasl2-in-etc.patch b/SOURCES/sendmail-8.14.4-sasl2-in-etc.patch new file mode 100644 index 0000000..c7f1a6f --- /dev/null +++ b/SOURCES/sendmail-8.14.4-sasl2-in-etc.patch @@ -0,0 +1,29 @@ +--- sendmail-8.14.4/sendmail/usersmtp.c 2009-06-17 18:26:51.000000000 +0100 ++++ sendmail-8.14.4/sendmail/usersmtp.c 2010-06-11 13:13:52.150312505 +0100 +@@ -1323,9 +1323,7 @@ + { + long sff; + int r; +-#if SASL <= 10515 + size_t len; +-#endif /* SASL <= 10515 */ + char *p; + + if (file == NULL || *file == '\0') +@@ -1361,9 +1359,16 @@ + #endif /* SASL <= 10515 */ + + p = (char *) file; ++ len = strlen(p); + if ((r = safefile(p, RunAsUid, RunAsGid, RunAsUserName, sff, + S_IRUSR, NULL)) == 0) + return SASL_OK; ++#if SASL > 10515 ++ /* Expect /usr/lib/sasl2/Sendmail.conf to be missing - config now in /etc/sasl2 */ ++ if (type == SASL_VRFY_CONF && r == ENOENT && ++ len >= 8 && strncmp(p, "/usr/lib", 8) == 0) ++ return SASL_CONTINUE; ++#endif /* SASL > 10515 */ + if (LogLevel > (r != ENOENT ? 8 : 10)) + sm_syslog(LOG_WARNING, NOQID, "error: safesasl(%s) failed: %s", + p, sm_errstring(r)); diff --git a/SOURCES/sendmail-8.14.4-switchfile.patch b/SOURCES/sendmail-8.14.4-switchfile.patch new file mode 100644 index 0000000..2be8c2b --- /dev/null +++ b/SOURCES/sendmail-8.14.4-switchfile.patch @@ -0,0 +1,11 @@ +--- sendmail-8.14.4/sendmail/conf.c 2009-12-18 18:25:12.000000000 +0100 ++++ sendmail-8.14.4/sendmail/conf.c.switchfile 2010-01-03 23:08:27.000000000 +0100 +@@ -972,7 +972,7 @@ + if (p != NULL) + *p = '\0'; + #ifndef SM_NSSWITCH_DELIMS +-# define SM_NSSWITCH_DELIMS " \t" ++# define SM_NSSWITCH_DELIMS " \t:" + #endif /* SM_NSSWITCH_DELIMS */ + p = strpbrk(buf, SM_NSSWITCH_DELIMS); + if (p != NULL) diff --git a/SOURCES/sendmail-8.14.7-add-ec-support.patch b/SOURCES/sendmail-8.14.7-add-ec-support.patch new file mode 100644 index 0000000..6de9851 --- /dev/null +++ b/SOURCES/sendmail-8.14.7-add-ec-support.patch @@ -0,0 +1,32 @@ +diff --git a/sendmail/tls.c b/sendmail/tls.c +index 60d408e..72da987 100644 +--- a/sendmail/tls.c ++++ b/sendmail/tls.c +@@ -970,6 +970,9 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar + /* Diffie-Hellman initialization */ + if (bitset(TLS_I_TRY_DH, req)) + { ++#if _FFR_TLS_EC ++ EC_KEY *ecdh; ++#endif /* _FFR_TLS_EC */ + if (bitset(TLS_S_DHPAR_OK, status)) + { + BIO *bio; +@@ -1044,6 +1047,17 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar + who, 8 * DH_size(dh), *dhparam); + DH_free(dh); + } ++ ++#if _FFR_TLS_EC ++ ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); ++ if (ecdh != NULL) ++ { ++ SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE); ++ SSL_CTX_set_tmp_ecdh(*ctx, ecdh); ++ EC_KEY_free(ecdh); ++ } ++#endif /* _FFR_TLS_EC */ ++ + } + # endif /* !NO_DH */ + diff --git a/SOURCES/sendmail-8.14.7-client-port.patch b/SOURCES/sendmail-8.14.7-client-port.patch new file mode 100644 index 0000000..6f3f3f9 --- /dev/null +++ b/SOURCES/sendmail-8.14.7-client-port.patch @@ -0,0 +1,20 @@ +diff --git a/sendmail/main.c b/sendmail/main.c +index 021262c..7769148 100644 +--- a/sendmail/main.c ++++ b/sendmail/main.c +@@ -2620,13 +2620,13 @@ main(argc, argv, envp) + #if NETINET + case AF_INET: + (void) sm_snprintf(pbuf, sizeof(pbuf), "%d", +- RealHostAddr.sin.sin_port); ++ ntohs(RealHostAddr.sin.sin_port)); + break; + #endif /* NETINET */ + #if NETINET6 + case AF_INET6: + (void) sm_snprintf(pbuf, sizeof(pbuf), "%d", +- RealHostAddr.sin6.sin6_port); ++ ntohs(RealHostAddr.sin6.sin6_port)); + break; + #endif /* NETINET6 */ + default: diff --git a/SOURCES/sendmail-8.14.7-ipv6-mx-cname-fix.patch b/SOURCES/sendmail-8.14.7-ipv6-mx-cname-fix.patch new file mode 100644 index 0000000..47ce904 --- /dev/null +++ b/SOURCES/sendmail-8.14.7-ipv6-mx-cname-fix.patch @@ -0,0 +1,88 @@ +--- sendmail-8.14.7/sendmail/conf.c.orig 2015-12-30 14:24:10.000000000 -0800 ++++ sendmail-8.14.7/sendmail/conf.c 2015-12-30 14:30:32.000000000 -0800 +@@ -4234,7 +4234,18 @@ + h = gethostbyname(name); + if (!resv6) + _res.options &= ~RES_USE_INET6; +- *err = h_errno; ++ ++ /* the function is supposed to return only the requested family */ ++ if (h != NULL && h->h_addrtype != family) ++ { ++# if NETINET6 ++ freehostent(h); ++# endif /* NETINET6 */ ++ h = NULL; ++ *err = NO_DATA; ++ } ++ else ++ *err = h_errno; + return h; + } + +@@ -4363,6 +4374,17 @@ + } + } + #endif /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4)) */ ++ ++ /* the function is supposed to return only the requested family */ ++ if (h != NULL && h->h_addrtype != family) ++ { ++# if NETINET6 ++ freehostent(h); ++# endif /* NETINET6 */ ++ h = NULL; ++ SM_SET_H_ERRNO(NO_DATA); ++ } ++ + if (tTd(61, 10)) + { + if (h == NULL) +@@ -4372,13 +4394,12 @@ + sm_dprintf("%s\n", h->h_name); + if (tTd(61, 11)) + { ++ struct in_addr ia; ++ size_t i; + #if NETINET6 + struct in6_addr ia6; + char buf6[INET6_ADDRSTRLEN]; +-#else /* NETINET6 */ +- struct in_addr ia; + #endif /* NETINET6 */ +- size_t i; + + if (h->h_aliases != NULL) + for (i = 0; h->h_aliases[i] != NULL; +@@ -4389,16 +4410,23 @@ + { + char *addr; + ++ addr = NULL; + #if NETINET6 +- memmove(&ia6, h->h_addr_list[i], +- IN6ADDRSZ); +- addr = anynet_ntop(&ia6, +- buf6, sizeof(buf6)); +-#else /* NETINET6 */ +- memmove(&ia, h->h_addr_list[i], +- INADDRSZ); +- addr = (char *) inet_ntoa(ia); ++ if (h->h_addrtype == AF_INET6) ++ { ++ memmove(&ia6, h->h_addr_list[i], ++ IN6ADDRSZ); ++ addr = anynet_ntop(&ia6, ++ buf6, sizeof(buf6)); ++ } ++ else + #endif /* NETINET6 */ ++ /* "else" in #if code above */ ++ { ++ memmove(&ia, h->h_addr_list[i], ++ INADDRSZ); ++ addr = (char *) inet_ntoa(ia); ++ } + if (addr != NULL) + sm_dprintf("\taddr: %s\n", addr); + } diff --git a/SOURCES/sendmail-8.14.7-qos.patch b/SOURCES/sendmail-8.14.7-qos.patch new file mode 100644 index 0000000..721d81e --- /dev/null +++ b/SOURCES/sendmail-8.14.7-qos.patch @@ -0,0 +1,234 @@ +--- sendmail-8.14.4/cf/m4/proto.m4.orig 2011-01-11 20:02:14.000000000 -0700 ++++ sendmail-8.14.4/cf/m4/proto.m4 2011-01-11 20:02:14.000000000 -0700 +@@ -251,6 +251,9 @@ _OPTION(SevenBitInput, `confSEVEN_BIT_IN + # 8-bit data handling + _OPTION(EightBitMode, `confEIGHT_BIT_HANDLING', `pass8') + ++# DSCP marking of traffic (IP_TOS) ++_OPTION(InetQoS, `confINET_QOS', `none') ++ + # wait for alias file rebuild (default units: minutes) + _OPTION(AliasWait, `confALIAS_WAIT', `5m') + +--- sendmail-8.14.4/cf/cf/submit.mc.orig 2011-01-11 20:02:14.000000000 -0700 ++++ sendmail-8.14.4/cf/cf/submit.mc 2011-01-11 20:02:14.000000000 -0700 +@@ -22,6 +22,8 @@ define(`__OSTYPE__',`')dnl dirty hack to + define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet + define(`confTIME_ZONE', `USE_TZ')dnl + define(`confDONT_INIT_GROUPS', `True')dnl ++dnl # If you're operating in a DSCP/RFC-4594 environment with QoS ++dnl define(`confINET_QOS', `AF11')dnl + define(`confPID_FILE', `/run/sm-client.pid')dnl + dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl + FEATURE(`use_ct_file')dnl +--- sendmail-8.14.4/sendmail/sendmail.h.orig 2009-12-18 10:08:01.000000000 -0700 ++++ sendmail-8.14.4/sendmail/sendmail.h 2011-01-11 20:39:35.000000000 -0700 +@@ -2387,7 +2387,14 @@ EXTERN struct termescape TermEscape; /* + EXTERN SOCKADDR ConnectOnlyTo; /* override connection address (for testing) */ + EXTERN SOCKADDR RealHostAddr; /* address of host we are talking to */ + extern const SM_EXC_TYPE_T EtypeQuickAbort; /* type of a QuickAbort exception */ +- ++#if _FFR_QOS ++# if !defined(SOL_IP) && defined(IPPROTO_IP) ++# define SOL_IP IPPROTO_IP ++# endif ++# if defined(SOL_IP) && defined(IP_TOS) ++EXTERN int InetQoS; /* QoS mapping */ ++# endif ++#endif + + EXTERN int ConnectionRateWindowSize; + #if STARTTLS && USE_OPENSSL_ENGINE +--- sendmail-8.14.4/sendmail/conf.c.orig 2011-01-11 20:02:14.000000000 -0700 ++++ sendmail-8.14.4/sendmail/conf.c 2011-01-11 20:24:29.000000000 -0700 +@@ -6298,6 +6298,10 @@ char *FFRCompileOptions[] = + #if _FFR_QF_PARANOIA + "_FFR_QF_PARANOIA", + #endif /* _FFR_QF_PARANOIA */ ++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) ++ /* QoS */ ++ "_FFR_QOS", ++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */ + #if _FFR_QUEUEDELAY + /* Exponential queue delay; disabled in 8.13 since it isn't used. */ + "_FFR_QUEUEDELAY", +--- sendmail-8.14.4/sendmail/daemon.c.orig 2009-12-17 18:12:40.000000000 -0700 ++++ sendmail-8.14.4/sendmail/daemon.c 2011-01-11 20:46:37.000000000 -0700 +@@ -104,6 +104,10 @@ static int NDaemons = 0; /* actual num + + static time_t NextDiskSpaceCheck = 0; + ++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) ++int InetQoS = 0; /* none by default */ ++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */ ++ + /* + ** GETREQUESTS -- open mail IPC port and get requests. + ** +@@ -1131,6 +1135,16 @@ opendaemonsocket(d, firsttime) + (void) setsockopt(d->d_socket, SOL_SOCKET, + SO_KEEPALIVE, (char *)&on, sizeof(on)); + ++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) ++ if (InetQoS != 0x00 ++ && (d->d_addr.sa.sa_family == AF_INET ++ || (d->d_addr.sin6.sin6_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(d->d_addr.sin6.sin6_addr.s6_addr32)))) { ++ if (setsockopt(d->d_socket, SOL_IP, ++ IP_TOS, (char *)&InetQoS, sizeof(InetQoS)) < 0) ++ syserr("opendaemonsock: daemon %s: setsockopt(IP_TOS)", d->d_name); ++ } ++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */ ++ + #ifdef SO_RCVBUF + if (d->d_tcprcvbufsize > 0) + { +@@ -2565,6 +2579,16 @@ gothostent: + return EX_TEMPFAIL; + } + ++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) ++ if (InetQoS != 0x00 ++ && (family == AF_INET ++ || (family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(addr.sin6.sin6_addr.s6_addr32)))) ++ { ++ if (setsockopt(s, SOL_IP, IP_TOS, ++ (char *)&InetQoS, sizeof(InetQoS)) < 0) ++ syserr("makeconnection: setsockopt(IP_TOS)"); ++ } ++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */ + #ifdef SO_SNDBUF + if (ClientSettings[family].d_tcpsndbufsize > 0) + { +--- sendmail-8.14.7/sendmail/readcf.c.orig 2013-03-15 18:54:12.000000000 +0100 ++++ sendmail-8.14.7/sendmail/readcf.c 2013-04-21 17:58:19.000000000 +0200 +@@ -18,6 +18,7 @@ + + #if NETINET || NETINET6 + # include ++# include + #endif /* NETINET || NETINET6 */ + + +@@ -2280,8 +2281,8 @@ + # define O_RCPTTHROTDELAY 0xe6 + { "BadRcptThrottleDelay", O_RCPTTHROTDELAY, OI_SAFE }, + #endif /* _FFR_RCPTTHROTDELAY */ +-#if 0 && _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) +-# define O_INETQOS 0xe7 /* reserved for FFR_QOS */ ++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) ++# define O_INETQOS 0xe7 + { "InetQoS", O_INETQOS, OI_NONE }, + #endif + #if STARTTLS && _FFR_FIPSMODE +@@ -2389,6 +2390,77 @@ + }; + #endif /* STARTTLS && _FFR_TLS_1 */ + ++#ifdef O_INETQOS ++static struct qosmap ++{ ++ char *name; /* name of the setting */ ++ int value; /* corresponding setsockopt() value */ ++} QoSMap[] = { ++#ifdef IPTOS_CLASS_CS0 ++ { "CS0", IPTOS_CLASS_CS0 }, ++#endif ++#ifdef IPTOS_CLASS_CS1 ++ { "CS1", IPTOS_CLASS_CS1 }, ++#endif ++#ifdef IPTOS_DSCP_AF11 ++ { "AF11", IPTOS_DSCP_AF11 }, ++#endif ++#ifdef IPTOS_DSCP_AF12 ++ { "AF12", IPTOS_DSCP_AF12 }, ++#endif ++#ifdef IPTOS_DSCP_AF13 ++ { "AF13", IPTOS_DSCP_AF13 }, ++#endif ++#ifdef IPTOS_CLASS_CS2 ++ { "CS2", IPTOS_CLASS_CS2 }, ++#endif ++#ifdef IPTOS_DSCP_AF21 ++ { "AF21", IPTOS_DSCP_AF21 }, ++#endif ++#ifdef IPTOS_DSCP_AF22 ++ { "AF22", IPTOS_DSCP_AF22 }, ++#endif ++#ifdef IPTOS_DSCP_AF23 ++ { "AF23", IPTOS_DSCP_AF23 }, ++#endif ++#ifdef IPTOS_CLASS_CS3 ++ { "CS3", IPTOS_CLASS_CS3 }, ++#endif ++#ifdef IPTOS_DSCP_AF31 ++ { "AF31", IPTOS_DSCP_AF31 }, ++#endif ++#ifdef IPTOS_DSCP_AF32 ++ { "AF32", IPTOS_DSCP_AF32 }, ++#endif ++#ifdef IPTOS_DSCP_AF33 ++ { "AF33", IPTOS_DSCP_AF33 }, ++#endif ++#ifdef IPTOS_CLASS_CS4 ++ { "CS4", IPTOS_CLASS_CS4 }, ++#endif ++#ifdef IPTOS_DSCP_AF41 ++ { "AF41", IPTOS_DSCP_AF41 }, ++#endif ++#ifdef IPTOS_DSCP_AF42 ++ { "AF42", IPTOS_DSCP_AF42 }, ++#endif ++#ifdef IPTOS_DSCP_AF43 ++ { "AF43", IPTOS_DSCP_AF43 }, ++#endif ++#ifdef IPTOS_CLASS_CS5 ++ { "CS5", IPTOS_CLASS_CS5 }, ++#endif ++#ifdef IPTOS_CLASS_CS6 ++ { "CS6", IPTOS_CLASS_CS6 }, ++#endif ++#ifdef IPTOS_CLASS_CS7 ++ { "CS7", IPTOS_CLASS_CS7 }, ++#endif ++ { "none", 0x00 }, ++ { NULL, 0 } ++}; ++#endif ++ + + # define CANONIFY(val) + +@@ -4035,6 +4107,33 @@ + break; + #endif /* _FFR_REJECT_NUL_BYTE */ + ++#ifdef O_INETQOS ++ case O_INETQOS: ++ { ++ struct qosmap *qmp; ++ InetQoS = -1; ++ ++ for (qmp = QoSMap; qmp->name != NULL; ++qmp) { ++ if (!strcmp(val, qmp->name)) { ++ InetQoS = qmp->value; ++ break; ++ } ++ } ++ ++ /* ++ ** we could allow writing it as a hex value, but ++ ** we don't at this time. ++ **/ ++ if (qmp->name == NULL) { ++ (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, ++ "Warning: Option: %s unknown parameter '%s'\n", ++ OPTNAME, val); ++ break; ++ } ++ break; ++ } ++#endif ++ + default: + if (tTd(37, 1)) + { diff --git a/SOURCES/sendmail-8.14.7-tls-use-certificate-chain-file.patch b/SOURCES/sendmail-8.14.7-tls-use-certificate-chain-file.patch new file mode 100644 index 0000000..0dea379 --- /dev/null +++ b/SOURCES/sendmail-8.14.7-tls-use-certificate-chain-file.patch @@ -0,0 +1,70 @@ +diff --git a/sendmail/conf.c b/sendmail/conf.c +index 777e05e..e693ed0 100644 +--- a/sendmail/conf.c ++++ b/sendmail/conf.c +@@ -6504,6 +6504,14 @@ char *FFRCompileOptions[] = + /* More STARTTLS options, e.g., secondary certs. */ + "_FFR_TLS_1", + #endif /* _FFR_TLS_1 */ ++#if _FFR_TLS_USE_CERTIFICATE_CHAIN_FILE ++ /* ++ ** Use SSL_CTX_use_certificate_chain_file() ++ ** instead of SSL_CTX_use_certificate_file() ++ */ ++ ++ "_FFR_TLS_USE_CERTIFICATE_CHAIN_FILE", ++#endif /* _FFR_TLS_USE_CERTIFICATE_CHAIN_FILE */ + #if _FFR_TRUSTED_QF + /* + ** If we don't own the file mark it as unsafe. +diff --git a/sendmail/tls.c b/sendmail/tls.c +index 72da987..6707a35 100644 +--- a/sendmail/tls.c ++++ b/sendmail/tls.c +@@ -860,17 +860,25 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar + if (bitset(TLS_I_USE_KEY, req)) + return false; + } ++#if _FFR_TLS_USE_CERTIFICATE_CHAIN_FILE ++# define SSL_CTX_use_cert(ssl_ctx, certfile) \ ++ SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile) ++# define SSL_CTX_USE_CERT "SSL_CTX_use_certificate_chain_file" ++#else ++# define SSL_CTX_use_cert(ssl_ctx, certfile) \ ++ SSL_CTX_use_certificate_file(ssl_ctx, certfile, SSL_FILETYPE_PEM) ++# define SSL_CTX_USE_CERT "SSL_CTX_use_certificate_file" ++#endif + + /* get the certificate file */ + if (bitset(TLS_S_CERT_OK, status) && +- SSL_CTX_use_certificate_file(*ctx, certfile, +- SSL_FILETYPE_PEM) <= 0) ++ SSL_CTX_use_cert(*ctx, certfile) <= 0) + { + if (LogLevel > 7) + { + sm_syslog(LOG_WARNING, NOQID, +- "STARTTLS=%s, error: SSL_CTX_use_certificate_file(%s) failed", +- who, certfile); ++ "STARTTLS=%s, error: %s(%s) failed", ++ who, SSL_CTX_USE_CERT, certfile); + if (LogLevel > 9) + tlslogerr(LOG_WARNING, who); + } +@@ -914,13 +922,13 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar + + /* get the certificate file */ + if (bitset(TLS_S_CERT2_OK, status) && +- SSL_CTX_use_certificate_file(*ctx, cf2, SSL_FILETYPE_PEM) <= 0) ++ SSL_CTX_use_cert(*ctx, cf2) <= 0) + { + if (LogLevel > 7) + { + sm_syslog(LOG_WARNING, NOQID, +- "STARTTLS=%s, error: SSL_CTX_use_certificate_file(%s) failed", +- who, cf2); ++ "STARTTLS=%s, error: %s(%s) failed", ++ who, SSL_CTX_USE_CERT, cf2); + if (LogLevel > 9) + tlslogerr(LOG_WARNING, who); + } diff --git a/SOURCES/sendmail-8.14.7-tls11-12-config-options.patch b/SOURCES/sendmail-8.14.7-tls11-12-config-options.patch new file mode 100644 index 0000000..6cdbc2f --- /dev/null +++ b/SOURCES/sendmail-8.14.7-tls11-12-config-options.patch @@ -0,0 +1,17 @@ +diff --git a/sendmail/readcf.c b/sendmail/readcf.c +index b749e1f..140f4b0 100644 +--- a/sendmail/readcf.c ++++ b/sendmail/readcf.c +@@ -2374,6 +2374,12 @@ static struct ssl_options + #ifdef SSL_OP_NO_TLSv1 + { "SSL_OP_NO_TLSv1", SSL_OP_NO_TLSv1 }, + #endif ++#ifdef SSL_OP_NO_TLSv1_1 ++ { "SSL_OP_NO_TLSv1_1", SSL_OP_NO_TLSv1_1 }, ++#endif /* SSL_OP_NO_TLSv1_1 */ ++#ifdef SSL_OP_NO_TLSv1_2 ++ { "SSL_OP_NO_TLSv1_2", SSL_OP_NO_TLSv1_2 }, ++#endif /* SSL_OP_NO_TLSv1_2 */ + #ifdef SSL_OP_PKCS1_CHECK_1 + { "SSL_OP_PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1 }, + #endif diff --git a/SOURCES/sendmail-etc-mail-access b/SOURCES/sendmail-etc-mail-access new file mode 100644 index 0000000..31715ef --- /dev/null +++ b/SOURCES/sendmail-etc-mail-access @@ -0,0 +1,12 @@ +# Check the /usr/share/doc/sendmail/README.cf file for a description +# of the format of this file. (search for access_db in that file) +# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc +# package. +# +# If you want to use AuthInfo with "M:PLAIN LOGIN", make sure to have the +# cyrus-sasl-plain package installed. +# +# By default we allow relaying from localhost... +Connect:localhost.localdomain RELAY +Connect:localhost RELAY +Connect:127.0.0.1 RELAY diff --git a/SOURCES/sendmail-etc-mail-domaintable b/SOURCES/sendmail-etc-mail-domaintable new file mode 100644 index 0000000..2dfd1aa --- /dev/null +++ b/SOURCES/sendmail-etc-mail-domaintable @@ -0,0 +1,4 @@ +# The "domain table" can be used to provide domain name mapping. +# Use of this should really be limited to your own domains. +# It may be useful if you change names (e.g., your company +# changes names from oldname.com to newname.com) diff --git a/SOURCES/sendmail-etc-mail-local-host-names b/SOURCES/sendmail-etc-mail-local-host-names new file mode 100644 index 0000000..9248c00 --- /dev/null +++ b/SOURCES/sendmail-etc-mail-local-host-names @@ -0,0 +1 @@ +# local-host-names - include all aliases for your machine here. diff --git a/SOURCES/sendmail-etc-mail-mailertable b/SOURCES/sendmail-etc-mail-mailertable new file mode 100644 index 0000000..0deb307 --- /dev/null +++ b/SOURCES/sendmail-etc-mail-mailertable @@ -0,0 +1,30 @@ +# The "mailer table" can be used to override routing for particular domains +# (which are not in class {w}, i.e. local host names). +# +# hash /etc/mail/mailertable +# +# Keys in this database are fully qualified domain names or partial domains +# preceded by a dot -- for example, "vangogh.CS.Berkeley.EDU" or +# ".CS.Berkeley.EDU". As a special case of the latter, "." matches any domain +# not covered by other keys. Values must be of the form: +# +# mailer:domain +# +# where "mailer" is the internal mailer name, and "domain" is where to send +# the message. These maps are not reflected into the message header. As a +# special case, the forms: +# +# local:user +# +# will forward to the indicated user using the local mailer, +# +# local: +# +# will forward to the original user in the e-mail address using the local +# mailer, and +# +# error:code message +# error:D.S.N:code message +# +# will give an error message with the indicated SMTP reply code and message, +# where D.S.N is an RFC 1893 compliant error code. diff --git a/SOURCES/sendmail-etc-mail-trusted-users b/SOURCES/sendmail-etc-mail-trusted-users new file mode 100644 index 0000000..986184d --- /dev/null +++ b/SOURCES/sendmail-etc-mail-trusted-users @@ -0,0 +1,2 @@ +# trusted-users - users that can send mail as others without a warning +# apache, mailman, majordomo, uucp, are good candidates diff --git a/SOURCES/sendmail-etc-mail-virtusertable b/SOURCES/sendmail-etc-mail-virtusertable new file mode 100644 index 0000000..cc4b545 --- /dev/null +++ b/SOURCES/sendmail-etc-mail-virtusertable @@ -0,0 +1,41 @@ +# A domain-specific form of aliasing, allowing multiple virtual domains to be +# hosted on one machine. +# +# info@foo.com foo-info +# info@bar.com bar-info +# joe@bar.com error:nouser 550 No such user here +# jax@bar.com error:5.7.0:550 Address invalid +# @baz.org jane@example.net +# +# then mail addressed to info@foo.com will be sent to the address foo-info, +# mail addressed to info@bar.com will be delivered to bar-info, and mail +# addressed to anyone at baz.org will be sent to jane@example.net, mail to +# joe@bar.com will be rejected with the specified error message, and mail to +# jax@bar.com will also have a RFC 1893 compliant error code 5.7.0. +# +# The username from the original address is passed as %1 allowing: +# +# @foo.org %1@example.com +# +# Additionally, if the local part consists of "user+detail" then "detail" is +# passed as %2 and "+detail" is passed as %3 when a match against user+* is +# attempted, so entries like +# +# old+*@foo.org new+%2@example.com +# gen+*@foo.org %2@example.com +# +*@foo.org %1%3@example.com +# X++@foo.org Z%3@example.com +# @bar.org %1%3 +# +# Note: to preserve "+detail" for a default case (@domain) %1%3 must be used +# as RHS. There are two wildcards after "+": "+" matches only a non-empty +# detail, "*" matches also empty details, e.g., user+@foo.org matches# +# +*@foo.org but not ++@foo.org. This can be used to ensure that the +# parameters %2 and %3 are not empty. +# +# All the host names on the left hand side (foo.com, bar.com, and baz.org) +# must be in class {w} or class {VirtHost}. The latter can be defined by the +# macros VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE (analogously to +# MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE). If VIRTUSER_DOMAIN or +# VIRTUSER_DOMAIN_FILE is used, then the entries of class {VirtHost} are +# added to class {R}, i.e., relaying is allowed to (and from) those domains. diff --git a/SOURCES/sendmail-redhat.mc b/SOURCES/sendmail-redhat.mc new file mode 100644 index 0000000..61bc068 --- /dev/null +++ b/SOURCES/sendmail-redhat.mc @@ -0,0 +1,178 @@ +divert(-1)dnl +dnl # +dnl # This is the sendmail macro config file for m4. If you make changes to +dnl # /etc/mail/sendmail.mc, you will need to regenerate the +dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is +dnl # installed and then performing a +dnl # +dnl # /etc/mail/make +dnl # +include(`@@PATH@@/m4/cf.m4')dnl +VERSIONID(`setup for linux')dnl +OSTYPE(`linux')dnl +dnl # +dnl # Do not advertize sendmail version. +dnl # +dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl +dnl # +dnl # default logging level is 9, you might want to set it higher to +dnl # debug the configuration +dnl # +dnl define(`confLOG_LEVEL', `9')dnl +dnl # +dnl # Uncomment and edit the following line if your outgoing mail needs to +dnl # be sent out through an external mail server: +dnl # +dnl define(`SMART_HOST', `smtp.your.provider')dnl +dnl # +define(`confDEF_USER_ID', ``8:12'')dnl +dnl define(`confAUTO_REBUILD')dnl +define(`confTO_CONNECT', `1m')dnl +define(`confTRY_NULL_MX_LIST', `True')dnl +define(`confDONT_PROBE_INTERFACES', `True')dnl +define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl +define(`ALIAS_FILE', `/etc/aliases')dnl +define(`STATUS_FILE', `/var/log/mail/statistics')dnl +define(`UUCP_MAILER_MAX', `2000000')dnl +define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl +define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl +define(`confAUTH_OPTIONS', `A')dnl +dnl # +dnl # The following allows relaying if the user authenticates, and disallows +dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links +dnl # +dnl define(`confAUTH_OPTIONS', `A p')dnl +dnl # +dnl # PLAIN is the preferred plaintext authentication method and used by +dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do +dnl # use LOGIN. Other mechanisms should be used if the connection is not +dnl # guaranteed secure. +dnl # Please remember that saslauthd needs to be running for AUTH. +dnl # +dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl +dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl +dnl # +dnl # Rudimentary information on creating certificates for sendmail TLS: +dnl # cd /etc/pki/tls/certs; make sendmail.pem +dnl # Complete usage: +dnl # make -C /etc/pki/tls/certs usage +dnl # +dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl +dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl +dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl +dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl +dnl # +dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's +dnl # slapd, which requires the file to be readble by group ldap +dnl # +dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl +dnl # +dnl define(`confTO_QUEUEWARN', `4h')dnl +dnl define(`confTO_QUEUERETURN', `5d')dnl +dnl define(`confQUEUE_LA', `12')dnl +dnl define(`confREFUSE_LA', `18')dnl +define(`confTO_IDENT', `0')dnl +dnl # If you're operating in a DSCP/RFC-4594 environment with QoS +dnl define(`confINET_QOS', `AF11')dnl +dnl FEATURE(delay_checks)dnl +FEATURE(`no_default_msa', `dnl')dnl +FEATURE(`smrsh', `/usr/sbin/smrsh')dnl +FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl +FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl +FEATURE(redirect)dnl +FEATURE(always_add_domain)dnl +FEATURE(use_cw_file)dnl +FEATURE(use_ct_file)dnl +dnl # +dnl # The following limits the number of processes sendmail can fork to accept +dnl # incoming messages or process its message queues to 20.) sendmail refuses +dnl # to accept connections once it has reached its quota of child processes. +dnl # +dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl +dnl # +dnl # Limits the number of new connections per second. This caps the overhead +dnl # incurred due to forking new sendmail processes. May be useful against +dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address +dnl # limit would be useful but is not available as an option at this writing.) +dnl # +dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl +dnl # +dnl # The -t option will retry delivery if e.g. the user runs over his quota. +dnl # +FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl +FEATURE(`access_db', `hash -T -o /etc/mail/access.db')dnl +FEATURE(`blacklist_recipients')dnl +EXPOSED_USER(`root')dnl +dnl # +dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment +dnl # the following 2 definitions and activate below in the MAILER section the +dnl # cyrusv2 mailer. +dnl # +dnl define(`confLOCAL_MAILER', `cyrusv2')dnl +dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl +dnl # +dnl # The following causes sendmail to only listen on the IPv4 loopback address +dnl # 127.0.0.1 and not on any other network devices. Remove the loopback +dnl # address restriction to accept email from the internet or intranet. +dnl # +DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl +dnl # +dnl # The following causes sendmail to additionally listen to port 587 for +dnl # mail from MUAs that authenticate. Roaming users who can't reach their +dnl # preferred sendmail daemon due to port 25 being blocked or redirected find +dnl # this useful. +dnl # +dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl +dnl # +dnl # The following causes sendmail to additionally listen to port 465, but +dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed +dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't +dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS +dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps +dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1. +dnl # +dnl # For this to work your OpenSSL certificates must be configured. +dnl # +dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl +dnl # +dnl # The following causes sendmail to additionally listen on the IPv6 loopback +dnl # device. Remove the loopback address restriction listen to the network. +dnl # +dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl +dnl # +dnl # enable both ipv6 and ipv4 in sendmail: +dnl # +dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6') +dnl # +dnl # We strongly recommend not accepting unresolvable domains if you want to +dnl # protect yourself from spam. However, the laptop and users on computers +dnl # that do not have 24x7 DNS do need this. +dnl # +FEATURE(`accept_unresolvable_domains')dnl +dnl # +dnl FEATURE(`relay_based_on_MX')dnl +dnl # +dnl # Also accept email sent to "localhost.localdomain" as local email. +dnl # +LOCAL_DOMAIN(`localhost.localdomain')dnl +dnl # +dnl # The following example makes mail from this host and any additional +dnl # specified domains appear to be sent from mydomain.com +dnl # +dnl MASQUERADE_AS(`mydomain.com')dnl +dnl # +dnl # masquerade not just the headers, but the envelope as well +dnl # +dnl FEATURE(masquerade_envelope)dnl +dnl # +dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well +dnl # +dnl FEATURE(masquerade_entire_domain)dnl +dnl # +dnl MASQUERADE_DOMAIN(localhost)dnl +dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl +dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl +dnl MASQUERADE_DOMAIN(mydomain.lan)dnl +MAILER(smtp)dnl +MAILER(procmail)dnl +dnl MAILER(cyrusv2)dnl diff --git a/SOURCES/sendmail.etc-mail-Makefile b/SOURCES/sendmail.etc-mail-Makefile new file mode 100644 index 0000000..e80f4a9 --- /dev/null +++ b/SOURCES/sendmail.etc-mail-Makefile @@ -0,0 +1,8 @@ +# Pass everything to the make script + +all: +%: force + @./make $@ +force:; + +$(MAKEFILE_LIST):; diff --git a/SOURCES/sendmail.etc-mail-make b/SOURCES/sendmail.etc-mail-make new file mode 100644 index 0000000..f345b43 --- /dev/null +++ b/SOURCES/sendmail.etc-mail-make @@ -0,0 +1,129 @@ +#!/bin/sh +# Generate db and cf files if necessary. This used to be handled by +# /etc/mail/Makefile. + +teste() { + if ! test -e "$1"; then + echo "$1 doesn't exist" + exit 2 + fi +} + +makedb() { + teste "${1%.db}" + + if [ -z "$SM_FORCE_DBREBUILD" ]; then + test "${1%.db}" -nt "$1" || return 0 + fi + + if [ "$1" = userdb.db ]; then + makemap btree "$1" < "${1%.db}" + else + makemap hash "$1" < "${1%.db}" + fi +} + +makealiasesdb() { + uptodate=1 + + if [ -z "$SM_FORCE_DBREBUILD" ]; then + files=$(grep '^O AliasFile=' sendmail.cf | + while read a; do echo ${a#*=}; done) + + for a in $files; do + if [ "$a" = /etc/aliases ]; then + # /etc/aliases.db may be used by other MTA, make sure nothing + # has touched it since our last newaliases call + test "$a" -nt "${a}.db" || + test aliasesdb-stamp -nt "${a}.db" || + test aliasesdb-stamp -ot "${a}.db" || continue + else + test "$a" -nt "${a}.db" || continue + fi + + uptodate=0 + break + done + else + uptodate=0 + fi + + [ $uptodate = 1 ] && return 0 + + # check if alternatives is configured to sendmail + if [ "$(readlink -e /usr/bin/newaliases)" = /usr/sbin/sendmail.sendmail ] + then + /usr/bin/newaliases > /dev/null + touch -r /etc/aliases.db aliasesdb-stamp 2> /dev/null + else + rm -f aliasesdb-stamp + fi +} + +makecf() { + mc=${1%.cf}.mc + + teste "$mc" + + if [ -z "$SM_FORCE_CFREBUILD" ]; then + test "$mc" -nt "$1" || return 0 + fi + + if test -f /usr/share/sendmail-cf/m4/cf.m4; then + umask 022 + [ -e "$1" ] && mv -f "$1" "$1".bak + m4 "$mc" > "$1" + else + echo "WARNING: '$mc' is modified. Please install package sendmail-cf to update your configuration." + exit 15 + fi +} + +makeall() { + # These could be used by sendmail, but are not part of the default install. + # To use them you will have to generate your own sendmail.cf with + # FEATURE('whatever') + test -f bitdomain && makedb bitdomain.db + test -f uudomain && makedb uudomain.db + test -f genericstable && makedb genericstable.db + test -f userdb && makedb userdb.db + test -f authinfo && makedb authinfo.db + + makedb virtusertable.db + makedb access.db + makedb domaintable.db + makedb mailertable.db + + makecf sendmail.cf + makecf submit.cf +} + +cd /etc/mail || exit 1 + +[ $# -eq 0 ] && makeall + +for target; do + case "$target" in + *.db) + makedb "$target" + ;; + *.cf) + makecf "$target" + ;; + all) + makeall + ;; + aliases) + makealiasesdb + ;; + clean) + rm -f *.db *~ aliasesdb-stamp + ;; + start|stop|restart) + service sendmail "$target" + ;; + *) + echo "Don't know how to make $target" + exit 2 + esac +done diff --git a/SOURCES/sendmail.init b/SOURCES/sendmail.init new file mode 100644 index 0000000..fefd287 --- /dev/null +++ b/SOURCES/sendmail.init @@ -0,0 +1,144 @@ +#!/bin/bash +# +# sendmail This shell script takes care of starting and stopping +# sendmail. +# +# chkconfig: 2345 80 30 +# description: Sendmail is a Mail Transport Agent, which is the program \ +# that moves mail from one machine to another. +# processname: sendmail +# config: /etc/mail/sendmail.cf +# pidfile: /var/run/sendmail.pid + +### BEGIN INIT INFO +# Provides: sendmail smtpdaemon $mail-transfer-agent +# Required-Start: $local_fs $network +# Required-Stop: $local_fs $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: start and stop sendmail +# Description: sendmail is a Mail Transport Agent (MTA) +### END INIT INFO + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +[ -f /etc/sysconfig/network ] && . /etc/sysconfig/network + +# Source sendmail configureation. +if [ -f /etc/sysconfig/sendmail ]; then + . /etc/sysconfig/sendmail +else + DAEMON=no + QUEUE=1h +fi +[ -z "$SMQUEUE" ] && SMQUEUE="$QUEUE" +[ -z "$SMQUEUE" ] && SMQUEUE=1h + +# Check that we're a privileged user +[ `id -u` = 0 ] || exit 4 + +# Check that networking is up. +[ "${NETWORKING}" = "no" ] && exit 1 + +[ -x /usr/sbin/sendmail ] || exit 5 + +prog="sendmail" + +updateconf() { + /etc/mail/make > /dev/null 2>&1 + if [ $? -eq 15 ]; then + echo -n $"Package sendmail-cf is required to update configuration." + warning + echo + fi + /etc/mail/make aliases > /dev/null 2>&1 +} + +start() { + # Start daemons. + ret=0 + updateconf + echo -n $"Starting $prog: " + daemon /usr/sbin/sendmail $([ "x$DAEMON" = xyes ] && echo -bd) \ + $([ -n "$QUEUE" ] && echo -q$QUEUE) $SENDMAIL_OPTARG + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sendmail + let ret+=$RETVAL + + if [ ! -f /var/run/sm-client.pid ]; then + echo -n $"Starting sm-client: " + touch /var/run/sm-client.pid + chown smmsp:smmsp /var/run/sm-client.pid + if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then + /sbin/restorecon /var/run/sm-client.pid + fi + daemon --check sm-client /usr/sbin/sendmail -L sm-msp-queue -Ac \ + -q$SMQUEUE $SENDMAIL_OPTARG + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sm-client + let ret+=$RETVAL + fi + + [ $ret -eq 0 ] && return 0 || return 1 +} + +stop() { + # Stop daemons. + if [ -f /var/run/sm-client.pid ]; then + echo -n $"Shutting down sm-client: " + killproc sm-client + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f /var/run/sm-client.pid + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sm-client + fi + echo -n $"Shutting down $prog: " + killproc sendmail + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sendmail + return $RETVAL +} + +status -p /var/run/sendmail.pid >/dev/null || status -p /var/run/sm-client.pid >/dev/null +running=$? + +# See how we were called. +case "$1" in + start) + [ $running -eq 0 ] && exit 0 + start + RETVAL=$? + ;; + stop) + [ $running -eq 0 ] || exit 0 + stop + RETVAL=$? + ;; + restart|force-reload) + stop + start + RETVAL=$? + ;; + condrestart|try-restart) + [ $running -eq 0 ] || exit 0 + stop + start + RETVAL=$? + ;; + status) + echo -n sendmail; status -p /var/run/sendmail.pid -l sendmail + RETVAL=$? + echo -n sm-client; status -p /var/run/sm-client.pid -l sm-client + [ $RETVAL -eq 0 ] && RETVAL=$? + ;; + *) + echo $"Usage: $0 {start|stop|restart|condrestart|status}" + RETVAL=2 +esac + +exit $RETVAL diff --git a/SOURCES/sendmail.nm-dispatcher b/SOURCES/sendmail.nm-dispatcher new file mode 100644 index 0000000..b3122e5 --- /dev/null +++ b/SOURCES/sendmail.nm-dispatcher @@ -0,0 +1,7 @@ +#!/bin/sh + +case "$2" in + up|down|vpn-up|vpn-down) + /bin/systemctl --no-block try-restart sendmail.service || : + ;; +esac diff --git a/SOURCES/sendmail.pam b/SOURCES/sendmail.pam new file mode 100644 index 0000000..73e5348 --- /dev/null +++ b/SOURCES/sendmail.pam @@ -0,0 +1,3 @@ +#%PAM-1.0 +auth include password-auth +account include password-auth diff --git a/SOURCES/sendmail.service b/SOURCES/sendmail.service new file mode 100644 index 0000000..4181a32 --- /dev/null +++ b/SOURCES/sendmail.service @@ -0,0 +1,19 @@ +[Unit] +Description=Sendmail Mail Transport Agent +After=syslog.target network.target +Conflicts=postfix.service exim.service +Wants=sm-client.service + +[Service] +Type=forking +StartLimitInterval=0 +PIDFile=/run/sendmail.pid +Environment=SENDMAIL_OPTS=-q1h +EnvironmentFile=-/etc/sysconfig/sendmail +ExecStartPre=-/etc/mail/make +ExecStartPre=-/etc/mail/make aliases +ExecStart=/usr/sbin/sendmail -bd $SENDMAIL_OPTS $SENDMAIL_OPTARG + +[Install] +WantedBy=multi-user.target +Also=sm-client.service diff --git a/SOURCES/sendmail.sysconfig b/SOURCES/sendmail.sysconfig new file mode 100644 index 0000000..db73530 --- /dev/null +++ b/SOURCES/sendmail.sysconfig @@ -0,0 +1 @@ +SENDMAIL_OPTS="-q1h" diff --git a/SOURCES/sm-client.service b/SOURCES/sm-client.service new file mode 100644 index 0000000..c2f7bf7 --- /dev/null +++ b/SOURCES/sm-client.service @@ -0,0 +1,20 @@ +[Unit] +Description=Sendmail Mail Transport Client +After=syslog.target network.target sendmail.service +Conflicts=postfix.service exim.service +BindTo=sendmail.service + +[Service] +Type=forking +StartLimitInterval=0 +PIDFile=/run/sm-client.pid +Environment=SENDMAIL_OPTS=-q1h +EnvironmentFile=-/etc/sysconfig/sendmail +ExecStartPre=/bin/touch /run/sm-client.pid +ExecStartPre=/bin/chown smmsp:smmsp /run/sm-client.pid +ExecStartPre=-/sbin/restorecon /run/sm-client.pid +ExecStartPre=-/etc/mail/make +ExecStart=/usr/sbin/sendmail -L sm-msp-queue -Ac $SENDMAIL_OPTS $SENDMAIL_OPTARG + +[Install] +WantedBy=multi-user.target diff --git a/SPECS/sendmail.spec b/SPECS/sendmail.spec new file mode 100644 index 0000000..04d7633 --- /dev/null +++ b/SPECS/sendmail.spec @@ -0,0 +1,1905 @@ +# package options +%global with_tls yes +%global with_sasl2 yes +%global with_milter yes +%global with_ldap yes +%global enable_pie yes + +%global sendmailcf %{_datadir}/sendmail-cf +%global stdir %{_localstatedir}/log/mail +%global smshell /sbin/nologin +%global spooldir %{_localstatedir}/spool +%global maildir %{_sysconfdir}/mail + +%global sysv2systemdnvr 8.14.5-3 + +# Build with -O3 on ppc64 (rhbz#1051077) +%global _performance_build 1 + +# hardened build if not overrided +%{!?_hardened_build:%global _hardened_build 1} + +%if %{?_hardened_build:%{_hardened_build}}%{!?_hardened_build:0} +%global relro -Xlinker -z -Xlinker relro -Xlinker -z -Xlinker now +%endif + +Summary: A widely used Mail Transport Agent (MTA) +Name: sendmail +Version: 8.14.7 +Release: 6%{?dist} +License: Sendmail +Group: System Environment/Daemons +URL: http://www.sendmail.org/ +Source0: ftp://ftp.sendmail.org/pub/sendmail/sendmail.%{version}.tar.gz +# Systemd Service file +Source1: sendmail.service +# NetworkManager dispatch script +Source2: sendmail.nm-dispatcher +# script to generate db and cf files +Source3: sendmail.etc-mail-make +# default sysconfig file +Source4: sendmail.sysconfig +# default /etc/mail/Makefile +Source5: sendmail.etc-mail-Makefile +# default sendmail.mc +Source6: sendmail-redhat.mc +# Systemd Service file +Source7: sm-client.service +# pam config +Source8: sendmail.pam +# SysV initscript +Source9: sendmail.init +# sasl2 config +Source11: Sendmail-sasl2.conf +# default /etc/mail/access +Source12: sendmail-etc-mail-access +# default /etc/mail/domaintable +Source13: sendmail-etc-mail-domaintable +# default /etc/mail/local-host-names +Source14: sendmail-etc-mail-local-host-names +# default /etc/mail/mailertable +Source15: sendmail-etc-mail-mailertable +# default /etc/mail/trusted-users +Source16: sendmail-etc-mail-trusted-users +# default /etc/mail/virtusertable +Source17: sendmail-etc-mail-virtusertable +# fix man path and makemap man page +Patch3: sendmail-8.14.4-makemapman.patch +# fix smrsh paths +Patch4: sendmail-8.14.3-smrsh_paths.patch +# fix sm-client.pid path +Patch7: sendmail-8.13.7-pid.patch +# do not reject all numeric login names if hesiod support is compiled in, #80060 +Patch9: sendmail-8.12.7-hesiod.patch +# fix sendmail man page +Patch10: sendmail-8.12.7-manpage.patch +# compile with -fpie +Patch11: sendmail-8.14.4-dynamic.patch +# fix cyrus path +Patch12: sendmail-8.13.0-cyrus.patch +# fix aliases.db path +Patch13: sendmail-8.14.4-aliases_dir.patch +# fix vacation Makefile +Patch14: sendmail-8.13.7-vacation.patch +# remove version information from sendmail helpfile +Patch15: sendmail-8.14.1-noversion.patch +# do not accept localhost.localdomain as valid address from SMTP +Patch16: sendmail-8.13.1-localdomain.patch +# build libmilter as DSO +Patch17: sendmail-8.14.3-sharedmilter.patch +# skip colon separator when parsing service name in ServiceSwitchFile +Patch18: sendmail-8.14.4-switchfile.patch +# fix milter file descriptors leaks, #485426 +Patch20: sendmail-8.14.3-milterfdleaks.patch +# handle IPv6:::1 in block_bad_helo.m4 like 127.0.0.1, #549217 +Patch21: sendmail-8.14.3-ipv6-bad-helo.patch +# fix compilation with libdb5 +Patch22: sendmail-8.14.4-libdb5.patch +# silence warning about missing sasl2 config in /usr/lib*, now in /etc/sasl2 +Patch23: sendmail-8.14.4-sasl2-in-etc.patch +# add QoS support, patch from Philip Prindeville +# upstream reserved option ID 0xe7 for testing of this new feature, #576643 +Patch25: sendmail-8.14.7-qos.patch +# add support for EC ciphers, #1124827 +Patch26: sendmail-8.14.7-add-ec-support.patch +# properly set {client_port} value on little endian machines, +# patch by Kelsey Cumminngs +Patch27: sendmail-8.14.7-client-port.patch +# add support for config options disabling TLS 1.1/2 +# patch backported from upstream +Patch28: sendmail-8.14.7-tls11-12-config-options.patch +# fix for IPv6 enabled server to correctly send mails to servers which +# have MX record pointing to the CNAME +# patch backported from upstream +Patch29: sendmail-8.14.7-ipv6-mx-cname-fix.patch +# add support for SSL_CTX_use_certificate_chain_file(), #1596725 +# patch backported from upstream +Patch30: sendmail-8.14.7-tls-use-certificate-chain-file.patch +Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRequires: tcp_wrappers-devel +BuildRequires: libdb-devel +BuildRequires: hesiod-devel +BuildRequires: groff +BuildRequires: ghostscript +BuildRequires: m4 +BuildRequires: systemd +Provides: MTA smtpdaemon server(smtp) +Requires(post): systemd systemd-sysv coreutils %{_sbindir}/alternatives +Requires(preun): systemd %{_sbindir}/alternatives +Requires(postun): systemd coreutils %{_sbindir}/alternatives +Requires(pre): shadow-utils +Requires: initscripts +Requires: procmail +Requires: bash >= 2.0 +Requires: setup >= 2.5.31-1 +BuildRequires: setup >= 2.5.31-1 +%if "%{with_tls}" == "yes" +BuildRequires: openssl-devel +%endif +%if "%{with_sasl2}" == "yes" +BuildRequires: cyrus-sasl-devel openssl-devel +Requires: %{_sbindir}/saslauthd +%endif +%if "%{with_ldap}" == "yes" +BuildRequires: openldap-devel openssl-devel +%endif + + +%description +The Sendmail program is a very widely used Mail Transport Agent (MTA). +MTAs send mail from one machine to another. Sendmail is not a client +program, which you use to read your email. Sendmail is a +behind-the-scenes program which actually moves your email over +networks or the Internet to where you want it to go. + +If you ever need to reconfigure Sendmail, you will also need to have +the sendmail-cf package installed. If you need documentation on +Sendmail, you can install the sendmail-doc package. + +%package sysvinit +Summary: SysV initscript for sendmail +Group: System Environment/Daemons +BuildArch: noarch +Requires: %{name} = %{version}-%{release} +Requires(preun): chkconfig +Requires(post): chkconfig + +%description sysvinit +This package contains the SysV initscript. + +%package doc +Summary: Documentation about the Sendmail Mail Transport Agent program +Group: Documentation +BuildArch: noarch +Requires: sendmail = %{version}-%{release} + +%description doc +This package contains the Sendmail Installation and Operation Guide (PDF), +text files containing configuration documentation, plus a number of +contributed scripts and tools for use with Sendmail. + +%package devel +Summary: Extra development include files and development files +Group: Development/Libraries +Requires: sendmail = %{version}-%{release} +Requires: sendmail-milter = %{version}-%{release} + +%description devel +Include files and devel libraries for e.g. the milter add-ons as part +of sendmail. + +%package cf +Summary: The files needed to reconfigure Sendmail +Group: System Environment/Daemons +Requires: sendmail = %{version}-%{release} +BuildArch: noarch +Requires: m4 + +%description cf +This package includes the configuration files you need to generate the +sendmail.cf file distributed with the sendmail package. You will need +the sendmail-cf package if you ever need to reconfigure and rebuild +your sendmail.cf file. + +%package milter +Summary: The sendmail milter library +Group: System Environment/Libraries + +%description milter +The sendmail Mail Filter API (Milter) is designed to allow third-party +programs access to mail messages as they are being processed in order to +filter meta-information and content. + +This package includes the milter shared library. + +%prep +%setup -q + +%patch3 -p1 -b .makemapman +%patch4 -p1 -b .smrsh_paths +%patch7 -p1 -b .pid +%patch9 -p1 -b .hesiod +%patch10 -p1 -b .manpage +%patch11 -p1 -b .dynamic +%patch12 -p1 -b .cyrus +%patch13 -p1 -b .aliases_dir +%patch14 -p1 -b .vacation +%patch15 -p1 -b .noversion +%patch16 -p1 -b .localdomain + +cp devtools/M4/UNIX/{,shared}library.m4 +%patch17 -p1 -b .sharedmilter + +%patch18 -p1 -b .switchfile +%patch20 -p1 -b .milterfdleaks +%patch21 -p1 -b .ipv6-bad-helo +%patch22 -p1 -b .libdb5 +%patch23 -p1 -b .sasl2-in-etc +%patch25 -p1 -b .qos +%patch26 -p1 -b .ec-support +%patch27 -p1 -b .client-port +%patch28 -p1 -b .tls11-12-config-options +%patch29 -p1 -b .ipv6-mx-cname-fix +%patch30 -p1 -b .tls-use-certificate-chain-file + +for f in RELEASE_NOTES contrib/etrn.0; do + iconv -f iso8859-1 -t utf8 -o ${f}{_,} && + touch -r ${f}{,_} && mv -f ${f}{_,} +done + +sed -i 's|/usr/local/bin/perl|%{_bindir}/perl|' contrib/*.pl + +%build +# generate redhat config file +cat > redhat.config.m4 << EOF +define(\`confMAPDEF', \`-DNEWDB -DNIS -DHESIOD -DMAP_REGEX -DSOCKETMAP -DNAMED_BIND=1') +define(\`confOPTIMIZE', \`\`\`\`${RPM_OPT_FLAGS}'''') +define(\`confENVDEF', \`-I%{_includedir}/libdb -I/usr/kerberos/include -Wall -DXDEBUG=0 -DTCPWRAPPERS -DNETINET6 -DHES_GETMAILHOST -DUSE_VENDOR_CF_PATH=1 -D_FFR_LINUX_MHNL -D_FFR_QOS') +define(\`confLIBDIRS', \`-L/usr/kerberos/%{_lib}') +define(\`confLIBS', \`-lnsl -lwrap -lhesiod -lcrypt -ldb -lresolv %{?relro:%{relro}}') +define(\`confMANOWN', \`root') +define(\`confMANGRP', \`root') +define(\`confMANMODE', \`644') +define(\`confMAN1SRC', \`1') +define(\`confMAN5SRC', \`5') +define(\`confMAN8SRC', \`8') +define(\`confSTDIR', \`%{stdir}') +define(\`STATUS_FILE', \`%{stdir}/statistics') +define(\`confLIBSEARCH', \`db resolv 44bsd') +EOF +#' + +cat >> redhat.config.m4 << EOF +%ifarch ppc %{power64} s390x +APPENDDEF(\`confOPTIMIZE', \`-DSM_CONF_SHM=0') +%else +APPENDDEF(\`confOPTIMIZE', \`') +%endif +EOF + +%if "%{enable_pie}" == "yes" +%ifarch s390 s390x sparc sparcv9 sparc64 +%global _fpie -fPIE +%else +%global _fpie -fpie +%endif +cat >> redhat.config.m4 << EOF +APPENDDEF(\`confOPTIMIZE', \`%{_fpie}') +APPENDDEF(\`confLIBS', \`-pie') +EOF +%endif + +%if "%{with_tls}" == "yes" +cat >> redhat.config.m4 << EOF +APPENDDEF(\`conf_sendmail_ENVDEF', \`-DSTARTTLS -D_FFR_TLS_1 -D_FFR_TLS_EC -D_FFR_TLS_USE_CERTIFICATE_CHAIN_FILE')dnl +APPENDDEF(\`conf_sendmail_LIBS', \`-lssl -lcrypto')dnl +EOF +%endif + +%if "%{with_sasl2}" == "yes" +cat >> redhat.config.m4 << EOF +APPENDDEF(\`confENVDEF', \`-DSASL=2')dnl +APPENDDEF(\`confLIBS', \`-lsasl2 -lcrypto')dnl +EOF +%endif + +%if "%{with_milter}" == "yes" +cat >> redhat.config.m4 << EOF +APPENDDEF(\`conf_sendmail_ENVDEF', \`-DMILTER')dnl +EOF +%endif + +%if "%{with_ldap}" == "yes" +cat >> redhat.config.m4 << EOF +APPENDDEF(\`confMAPDEF', \`-DLDAPMAP -DLDAP_DEPRECATED')dnl +APPENDDEF(\`confENVDEF', \`-DSM_CONF_LDAP_MEMFREE=1')dnl +APPENDDEF(\`confLIBS', \`-lldap -llber -lssl -lcrypto')dnl +EOF +%endif + +DIRS="libsmutil sendmail mailstats rmail praliases smrsh makemap editmap" + +%if "%{with_milter}" == "yes" +DIRS="libmilter $DIRS" +%endif + +for i in $DIRS; do + pushd $i + sh Build -f ../redhat.config.m4 + popd +done + +make -C doc/op op.pdf + +%install +rm -rf %{buildroot} + +# create directories +for d in %{_bindir} %{_sbindir} %{_includedir}/libmilter \ + %{_libdir} %{_mandir}/man{1,5,8} %{maildir} %{stdir} %{spooldir} \ + %{_docdir}/sendmail-%{version} %{sendmailcf} %{_sysconfdir}/smrsh\ + %{spooldir}/clientmqueue %{_sysconfdir}/sysconfig %{_initrddir} \ + %{_sysconfdir}/pam.d %{_docdir}/sendmail-%{version}/contrib \ + %{_sysconfdir}/NetworkManager/dispatcher.d +do + install -m 755 -d %{buildroot}$d +done +install -m 700 -d %{buildroot}%{spooldir}/mqueue + +# create /usr/lib for 64 bit architectures +%if "%{_libdir}" != "/usr/lib" +install -m 755 -d %{buildroot}/usr/lib +%endif + +nameuser=`id -nu` +namegroup=`id -ng` + +Make() { + make $@ \ + DESTDIR=%{buildroot} \ + LIBDIR=%{_libdir} \ + MANROOT=%{_mandir}/man \ + LIBMODE=0755 INCMODE=0644 \ + SBINOWN=${nameuser} SBINGRP=${namegroup} \ + UBINOWN=${nameuser} UBINGRP=${namegroup} \ + MANOWN=${nameuser} MANGRP=${namegroup} \ + INCOWN=${nameuser} INCGRP=${namegroup} \ + LIBOWN=${nameuser} LIBGRP=${namegroup} \ + GBINOWN=${nameuser} GBINGRP=${namegroup} \ + CFOWN=${nameuser} CFGRP=${namegroup} \ + CFMODE=0644 MSPQOWN=${nameuser} +} + +OBJDIR=obj.$(uname -s).$(uname -r).$(uname -m) + +Make install -C $OBJDIR/libmilter +Make install -C $OBJDIR/sendmail +Make install -C $OBJDIR/mailstats +Make force-install -C $OBJDIR/rmail +Make install -C $OBJDIR/praliases +Make install -C $OBJDIR/smrsh +Make install -C $OBJDIR/makemap +Make install -C $OBJDIR/editmap + +# replace absolute with relative symlinks +ln -sf ../sbin/makemap %{buildroot}%{_bindir}/makemap +for f in hoststat mailq newaliases purgestat ; do + ln -sf ../sbin/sendmail.sendmail %{buildroot}%{_bindir}/${f} +done + +# use /usr/lib, even for 64 bit architectures +ln -sf ../sbin/sendmail.sendmail %{buildroot}/usr/lib/sendmail.sendmail + +# install docs for sendmail +install -p -m 644 FAQ %{buildroot}%{_docdir}/sendmail-%{version} +install -p -m 644 KNOWNBUGS %{buildroot}%{_docdir}/sendmail-%{version} +install -p -m 644 LICENSE %{buildroot}%{_docdir}/sendmail-%{version} +install -p -m 644 README %{buildroot}%{_docdir}/sendmail-%{version} +install -p -m 644 RELEASE_NOTES %{buildroot}%{_docdir}/sendmail-%{version} +gzip -9 %{buildroot}%{_docdir}/sendmail-%{version}/RELEASE_NOTES + +# install docs for sendmail-doc +install -m 644 doc/op/op.pdf %{buildroot}%{_docdir}/sendmail-%{version} +install -p -m 644 sendmail/README %{buildroot}%{_docdir}/sendmail-%{version}/README.sendmail +install -p -m 644 sendmail/SECURITY %{buildroot}%{_docdir}/sendmail-%{version} +install -p -m 644 smrsh/README %{buildroot}%{_docdir}/sendmail-%{version}/README.smrsh +install -p -m 644 libmilter/README %{buildroot}%{_docdir}/sendmail-%{version}/README.libmilter +install -p -m 644 cf/README %{buildroot}%{_docdir}/sendmail-%{version}/README.cf +install -p -m 644 contrib/* %{buildroot}%{_docdir}/sendmail-%{version}/contrib + +# install the cf files for the sendmail-cf package. +cp -ar cf/* %{buildroot}%{sendmailcf} +# remove patch backup files +rm -rf %{buildroot}%{sendmailcf}/cf/Build.* +rm -rf %{buildroot}%{sendmailcf}/*/*.mc.* +rm -rf %{buildroot}%{sendmailcf}/*/*.m4.* +# remove cf/README file because it is useless for end users +rm -f %{buildroot}%{sendmailcf}/cf/README + +# install sendmail.mc with proper paths +install -m 644 %{SOURCE6} %{buildroot}%{maildir}/sendmail.mc +sed -i -e 's|@@PATH@@|%{sendmailcf}|' %{buildroot}%{maildir}/sendmail.mc +touch -r %{SOURCE6} %{buildroot}%{maildir}/sendmail.mc + +# create sendmail.cf +cp %{buildroot}%{maildir}/sendmail.mc cf/cf/redhat.mc +sed -i -e 's|%{sendmailcf}|\.\.|' cf/cf/redhat.mc +%if "%{stdir}" != "%{maildir}" +sed -i -e 's:%{maildir}/statistics:%{stdir}/statistics:' cf/cf/redhat.mc +%endif +(cd cf/cf && m4 redhat.mc > redhat.cf) +install -m 644 cf/cf/redhat.cf %{buildroot}%{maildir}/sendmail.cf +install -p -m 644 cf/cf/submit.mc %{buildroot}%{maildir}/submit.mc + +# remove our build info as it causes multiarch conflicts +sed -i '/##### built by.*on/,+3d' %{buildroot}%{maildir}/{submit,sendmail}.cf \ + %{buildroot}%{sendmailcf}/cf/submit.cf + +install -p -m 644 %{SOURCE12} %{buildroot}%{maildir}/access +install -p -m 644 %{SOURCE13} %{buildroot}%{maildir}/domaintable +install -p -m 644 %{SOURCE14} %{buildroot}%{maildir}/local-host-names +install -p -m 644 %{SOURCE15} %{buildroot}%{maildir}/mailertable +install -p -m 644 %{SOURCE16} %{buildroot}%{maildir}/trusted-users +install -p -m 644 %{SOURCE17} %{buildroot}%{maildir}/virtusertable + +# create db ghosts +for map in virtusertable access domaintable mailertable ; do + touch %{buildroot}%{maildir}/${map}.db + chmod 0644 %{buildroot}%{maildir}/${map}.db +done + +touch %{buildroot}%{maildir}/aliasesdb-stamp + +touch %{buildroot}%{spooldir}/clientmqueue/sm-client.st + +install -p -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/sendmail +install -p -m 755 %{SOURCE9} %{buildroot}%{_initrddir}/sendmail +install -p -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d/10-sendmail +install -p -m 755 %{SOURCE3} %{buildroot}%{maildir}/make +install -p -m 644 %{SOURCE5} %{buildroot}%{maildir}/Makefile + +chmod 644 %{buildroot}%{maildir}/helpfile + +# Systemd +mkdir -p %{buildroot}%{_unitdir} +install -m644 %{SOURCE1} %{buildroot}%{_unitdir} +install -m644 %{SOURCE7} %{buildroot}%{_unitdir} + +# fix permissions to allow debuginfo extraction and stripping +chmod 755 %{buildroot}%{_sbindir}/{mailstats,makemap,editmap,praliases,sendmail,smrsh} +chmod 755 %{buildroot}%{_bindir}/rmail + +%if "%{with_sasl2}" == "yes" +install -m 755 -d %{buildroot}%{_sysconfdir}/sasl2 +install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/sasl2/Sendmail.conf +%endif +install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/pam.d/smtp.sendmail + +# fix path for statistics file in man pages +%if "%{stdir}" != "%{maildir}" +sed -i -e 's:%{maildir}/statistics:%{stdir}/statistics:' %{buildroot}%{_mandir}/man*/* +%endif + +# rename files for alternative usage +mv %{buildroot}%{_sbindir}/sendmail %{buildroot}%{_sbindir}/sendmail.sendmail +touch %{buildroot}%{_sbindir}/sendmail +mv %{buildroot}%{_sbindir}/makemap %{buildroot}%{_sbindir}/makemap.sendmail +touch %{buildroot}%{_sbindir}/makemap +mv %{buildroot}%{_sbindir}/editmap %{buildroot}%{_sbindir}/editmap.sendmail +touch %{buildroot}%{_sbindir}/editmap +for i in mailq newaliases rmail; do + mv %{buildroot}%{_bindir}/$i %{buildroot}%{_bindir}/$i.sendmail + touch %{buildroot}%{_bindir}/$i +done +mv %{buildroot}%{_mandir}/man1/mailq.1 %{buildroot}%{_mandir}/man1/mailq.sendmail.1 +touch %{buildroot}%{_mandir}/man1/mailq.1 +mv %{buildroot}%{_mandir}/man1/newaliases.1 %{buildroot}%{_mandir}/man1/newaliases.sendmail.1 +touch %{buildroot}%{_mandir}/man1/newaliases.1 +mv %{buildroot}%{_mandir}/man5/aliases.5 %{buildroot}%{_mandir}/man5/aliases.sendmail.5 +touch %{buildroot}%{_mandir}/man5/aliases.5 +mv %{buildroot}%{_mandir}/man8/sendmail.8 %{buildroot}%{_mandir}/man8/sendmail.sendmail.8 +touch %{buildroot}%{_mandir}/man8/sendmail.8 +mv %{buildroot}%{_mandir}/man8/rmail.8 %{buildroot}%{_mandir}/man8/rmail.sendmail.8 +touch %{buildroot}%{_mandir}/man8/rmail.8 +mv %{buildroot}%{_mandir}/man8/makemap.8 %{buildroot}%{_mandir}/man8/makemap.sendmail.8 +touch %{buildroot}%{_mandir}/man8/makemap.8 +mv %{buildroot}%{_mandir}/man8/editmap.8 %{buildroot}%{_mandir}/man8/editmap.sendmail.8 +touch %{buildroot}%{_mandir}/man8/editmap.8 +touch %{buildroot}/usr/lib/sendmail +touch %{buildroot}%{_sysconfdir}/pam.d/smtp + +# create stub man pages +for m in man8/hoststat.8 man8/purgestat.8; do + [ -f %{buildroot}%{_mandir}/$m ] || + echo ".so man8/sendmail.8" > %{buildroot}%{_mandir}/$m +done + +%clean +rm -rf %{buildroot} + +%pre +getent group mailnull >/dev/null || \ + %{_sbindir}/groupadd -g 47 -r mailnull >/dev/null 2>&1 +getent passwd mailnull >/dev/null || \ + %{_sbindir}/useradd -u 47 -g mailnull -d %{spooldir}/mqueue -r \ + -s %{smshell} mailnull >/dev/null 2>&1 +getent group smmsp >/dev/null || \ + %{_sbindir}/groupadd -g 51 -r smmsp >/dev/null 2>&1 +getent passwd smmsp >/dev/null || \ + %{_sbindir}/useradd -u 51 -g smmsp -d %{spooldir}/mqueue -r \ + -s %{smshell} smmsp >/dev/null 2>&1 + +# hack to turn sbin/makemap and man8/makemap.8.gz into alternatives symlink +[ -h %{_sbindir}/makemap ] || rm -f %{_sbindir}/makemap || : +[ -h %{_mandir}/man8/makemap.8.gz ] || rm -f %{_mandir}/man8/makemap.8.gz || : + +exit 0 + +%postun +%systemd_postun_with_restart sendmail.service sm-client.service +if [ $1 -ge 1 ] ; then + mta=`readlink %{_sysconfdir}/alternatives/mta` + if [ "$mta" == "%{_sbindir}/sendmail.sendmail" ]; then + %{_sbindir}/alternatives --set mta %{_sbindir}/sendmail.sendmail + fi +fi +exit 0 + +%post +%systemd_post sendmail.service sm-client.service + +# Set up the alternatives files for MTAs. +%{_sbindir}/alternatives --install %{_sbindir}/sendmail mta %{_sbindir}/sendmail.sendmail 90 \ + --slave %{_sbindir}/makemap mta-makemap %{_sbindir}/makemap.sendmail \ + --slave %{_sbindir}/editmap mta-editmap %{_sbindir}/editmap.sendmail \ + --slave %{_bindir}/mailq mta-mailq %{_bindir}/mailq.sendmail \ + --slave %{_bindir}/newaliases mta-newaliases %{_bindir}/newaliases.sendmail \ + --slave %{_bindir}/rmail mta-rmail %{_bindir}/rmail.sendmail \ + --slave /usr/lib/sendmail mta-sendmail /usr/lib/sendmail.sendmail \ + --slave %{_sysconfdir}/pam.d/smtp mta-pam %{_sysconfdir}/pam.d/smtp.sendmail \ + --slave %{_mandir}/man8/sendmail.8.gz mta-sendmailman %{_mandir}/man8/sendmail.sendmail.8.gz \ + --slave %{_mandir}/man1/mailq.1.gz mta-mailqman %{_mandir}/man1/mailq.sendmail.1.gz \ + --slave %{_mandir}/man1/newaliases.1.gz mta-newaliasesman %{_mandir}/man1/newaliases.sendmail.1.gz \ + --slave %{_mandir}/man5/aliases.5.gz mta-aliasesman %{_mandir}/man5/aliases.sendmail.5.gz \ + --slave %{_mandir}/man8/rmail.8.gz mta-rmailman %{_mandir}/man8/rmail.sendmail.8.gz \ + --slave %{_mandir}/man8/makemap.8.gz mta-makemapman %{_mandir}/man8/makemap.sendmail.8.gz \ + --slave %{_mandir}/man8/editmap.8.gz mta-editmapman %{_mandir}/man8/editmap.sendmail.8.gz \ + --initscript sendmail > /dev/null 2>&1 + +# Rebuild maps. +{ + chown root %{_sysconfdir}/aliases.db %{maildir}/access.db \ + %{maildir}/mailertable.db %{maildir}/domaintable.db \ + %{maildir}/virtusertable.db + SM_FORCE_DBREBUILD=1 %{maildir}/make + SM_FORCE_DBREBUILD=1 %{maildir}/make aliases +} > /dev/null 2>&1 + +# Move existing SASL2 config to new location. +%if "%{with_sasl2}" == "yes" +[ -f %{_libdir}/sasl2/Sendmail.conf ] && touch -r %{_sysconfdir}/sasl2/Sendmail.conf \ + %{_libdir}/sasl2/Sendmail.conf ] && mv -f %{_libdir}/sasl2/Sendmail.conf \ + %{_sysconfdir}/sasl2 2>/dev/null || : +%endif + +# Create sm-client.st if it doesn't exist +if [ ! -f %{spooldir}/clientmqueue/sm-client.st ]; then + touch %{spooldir}/clientmqueue/sm-client.st + chown smmsp:smmsp %{spooldir}/clientmqueue/sm-client.st + chmod 0660 %{spooldir}/clientmqueue/sm-client.st +fi + +exit 0 + +%preun +%systemd_preun sendmail.service sm-client.service +if [ $1 = 0 ]; then + %{_sbindir}/alternatives --remove mta %{_sbindir}/sendmail.sendmail +fi +exit 0 + +%post milter -p /sbin/ldconfig + +%postun milter -p /sbin/ldconfig + +%post sysvinit +/sbin/chkconfig --add sendmail >/dev/null 2>&1 ||: + +%preun sysvinit +if [ "$1" = 0 ]; then + %{_initrddir}/sendmail stop >/dev/null 2>&1 ||: + /sbin/chkconfig --del sendmail >/dev/null 2>&1 ||: +fi + +%postun sysvinit +[ "$1" -ge "1" ] && %{_initrddir}/sendmail condrestart >/dev/null 2>&1 ||: + +%triggerun -- sendmail < %{sysv2systemdnvr} +%{_bindir}/systemd-sysv-convert --save sendmail >/dev/null 2>&1 ||: +/bin/systemctl enable sendmail.service >/dev/null 2>&1 +/bin/systemctl enable sm-client.service >/dev/null 2>&1 +/sbin/chkconfig --del sendmail >/dev/null 2>&1 || : +/bin/systemctl try-restart sendmail.service >/dev/null 2>&1 || : +/bin/systemctl try-restart sm-client.service >/dev/null 2>&1 || : +# workaround for systemd rhbz#738022 +/bin/systemctl is-active sendmail.service >/dev/null 2>&1 && \ + ! /bin/systemctl is-active sm-client.service >/dev/null 2>&1 && \ + /bin/systemctl start sm-client.service >/dev/null 2>&1 || : + +%triggerpostun -n sendmail-sysvinit -- sendmail < %{sysv2systemdnvr} +/sbin/chkconfig --add sendmail >/dev/null 2>&1 || : + +%files +%defattr(-,root,root,-) +%dir %{_docdir}/sendmail-%{version} +%doc %{_docdir}/sendmail-%{version}/FAQ +%doc %{_docdir}/sendmail-%{version}/KNOWNBUGS +%doc %{_docdir}/sendmail-%{version}/LICENSE +%doc %{_docdir}/sendmail-%{version}/README +%doc %{_docdir}/sendmail-%{version}/RELEASE_NOTES.gz +%{_bindir}/hoststat +%{_bindir}/makemap +%{_bindir}/purgestat +%{_sbindir}/mailstats +%{_sbindir}/makemap.sendmail +%{_sbindir}/editmap.sendmail +%{_sbindir}/praliases +%attr(2755,root,smmsp) %{_sbindir}/sendmail.sendmail +%{_bindir}/rmail.sendmail +%{_bindir}/newaliases.sendmail +%{_bindir}/mailq.sendmail +%{_sbindir}/smrsh +/usr/lib/sendmail.sendmail + +%{_mandir}/man8/rmail.sendmail.8.gz +%{_mandir}/man8/praliases.8.gz +%{_mandir}/man8/mailstats.8.gz +%{_mandir}/man8/makemap.sendmail.8.gz +%{_mandir}/man8/editmap.sendmail.8.gz +%{_mandir}/man8/sendmail.sendmail.8.gz +%{_mandir}/man8/smrsh.8.gz +%{_mandir}/man8/hoststat.8.gz +%{_mandir}/man8/purgestat.8.gz +%{_mandir}/man5/aliases.sendmail.5.gz +%{_mandir}/man1/newaliases.sendmail.1.gz +%{_mandir}/man1/mailq.sendmail.1.gz + +# dummy attributes for rpmlint +%ghost %attr(0755,-,-) %{_sbindir}/sendmail +%ghost %attr(0755,-,-) %{_sbindir}/makemap +%ghost %attr(0755,-,-) %{_sbindir}/editmap +%ghost %attr(0755,-,-) %{_bindir}/mailq +%ghost %attr(0755,-,-) %{_bindir}/newaliases +%ghost %attr(0755,-,-) %{_bindir}/rmail +%ghost %attr(0755,-,-) /usr/lib/sendmail + +%ghost %{_sysconfdir}/pam.d/smtp +%ghost %{_mandir}/man8/sendmail.8.gz +%ghost %{_mandir}/man1/mailq.1.gz +%ghost %{_mandir}/man1/newaliases.1.gz +%ghost %{_mandir}/man5/aliases.5.gz +%ghost %{_mandir}/man8/rmail.8.gz +%ghost %{_mandir}/man8/makemap.8.gz +%ghost %{_mandir}/man8/editmap.8.gz + +%dir %{stdir} +%dir %{_sysconfdir}/smrsh +%dir %{maildir} +%attr(0770,smmsp,smmsp) %dir %{spooldir}/clientmqueue +%attr(0700,root,mail) %dir %{spooldir}/mqueue + +%config(noreplace) %verify(not size mtime md5) %{stdir}/statistics +%config(noreplace) %{maildir}/Makefile +%config(noreplace) %{maildir}/make +%config(noreplace) %{maildir}/sendmail.cf +%config(noreplace) %{maildir}/submit.cf +%config(noreplace) %{maildir}/helpfile +%config(noreplace) %{maildir}/sendmail.mc +%config(noreplace) %{maildir}/submit.mc +%config(noreplace) %{maildir}/access +%config(noreplace) %{maildir}/domaintable +%config(noreplace) %{maildir}/local-host-names +%config(noreplace) %{maildir}/mailertable +%config(noreplace) %{maildir}/trusted-users +%config(noreplace) %{maildir}/virtusertable + +%ghost %{maildir}/aliasesdb-stamp +%ghost %{maildir}/virtusertable.db +%ghost %{maildir}/access.db +%ghost %{maildir}/domaintable.db +%ghost %{maildir}/mailertable.db + +%ghost %{spooldir}/clientmqueue/sm-client.st + +%{_unitdir}/sendmail.service +%{_unitdir}/sm-client.service +%config(noreplace) %{_sysconfdir}/sysconfig/sendmail +%config(noreplace) %{_sysconfdir}/pam.d/smtp.sendmail +%{_sysconfdir}/NetworkManager/dispatcher.d/10-sendmail + +%if "%{with_sasl2}" == "yes" +%config(noreplace) %{_sysconfdir}/sasl2/Sendmail.conf +%endif + +%files cf +%defattr(-,root,root,-) +%doc %{sendmailcf}/README +%dir %{sendmailcf} +%{sendmailcf}/cf +%{sendmailcf}/domain +%{sendmailcf}/feature +%{sendmailcf}/hack +%{sendmailcf}/m4 +%{sendmailcf}/mailer +%{sendmailcf}/ostype +%{sendmailcf}/sendmail.schema +%{sendmailcf}/sh +%{sendmailcf}/siteconfig + +%files devel +%defattr(-,root,root,-) +%doc libmilter/docs/* +%dir %{_includedir}/libmilter +%{_includedir}/libmilter/*.h +%{_libdir}/libmilter.so + +%files milter +%defattr(-,root,root,-) +%doc LICENSE +%doc %{_docdir}/sendmail-%{version}/README.libmilter +%{_libdir}/libmilter.so.[0-9].[0-9] +%{_libdir}/libmilter.so.[0-9].[0-9].[0-9] + +%files doc +%defattr(-,root,root,-) +%{_docdir}/sendmail-%{version}/README.cf +%{_docdir}/sendmail-%{version}/README.sendmail +%{_docdir}/sendmail-%{version}/README.smrsh +%{_docdir}/sendmail-%{version}/SECURITY +%{_docdir}/sendmail-%{version}/op.pdf +%dir %{_docdir}/sendmail-%{version}/contrib +%attr(0644,root,root) %{_docdir}/sendmail-%{version}/contrib/* + +%files sysvinit +%defattr(-,root,root,-) +%{_initrddir}/sendmail + +%changelog +* Thu Jul 25 2019 Jaroslav Škarvada - 8.14.7-6 +- Use SSL_CTX_use_certificate_chain_file() to handle intermediate + certificates passed additionally in confSERVER_CERT + Resolves: rhbz#1596725 + +* Thu Mar 23 2017 Jaroslav Škarvada - 8.14.7-5 +- Explicitly enabled sm-client statistics + Resolves: rhbz#890585 +- Enable ECDHE support + Resolves: rhbz#1124827 +- Properly set {client_port} value on little endian machines, + patch by Kelsey Cumminngs + Resolves: rhbz#1210914 +- Added makemap and its manual page into alternatives + Resolves: rhbz#1225891 +- Modified nm-dispatcher script to asynchronously restart sendmail and + not block the connection activation + Resolves: rhbz#1237070 +- Added config options allowing disablement of TLS 1.1/2 + Resolves: rhbz#1281476 +- Fixed problem with e-mails not sending from IPv6 enabled server + to servers with MX record pointing to CNAME + Resolves: rhbz#1294870 +- Added editmap + Resolves: rhbz#1342393 +- Removed systemd limit for sendmail restarts to workaround failure due to + rapid restarts caused by NetworkManager dispatcher script + Resolves: rhbz#1395102 +- Fixed op.pdf + Resolves: rhbz#1401070 + +* Fri Jan 24 2014 Daniel Mach - 8.14.7-4 +- Mass rebuild 2014-01-24 + +* Mon Jan 13 2014 Jaroslav Škarvada - 8.14.7-3 +- Build with -O3 on ppc64 + Resolves: rhbz#1051077 + +* Fri Dec 27 2013 Daniel Mach - 8.14.7-2 +- Mass rebuild 2013-12-27 + +* Sun Apr 21 2013 Robert Scheck - 8.14.7-1 +- Upgrade to 8.14.7 + +* Mon Feb 25 2013 Jaroslav Škarvada - 8.14.6-4 +- Switched to systemd-rpm macros + Resolves: rhbz#850310 + +* Thu Feb 14 2013 Fedora Release Engineering - 8.14.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Jan 16 2013 Jaroslav Škarvada - 8.14.6-2 +- Fixed milter_helo regression (milter-helo-fix patch) + Resolves: rhbz#895552 +- Fixed bogus dates in changelog + +* Mon Dec 24 2012 Robert Scheck - 8.14.6-1 +- Upgrade to 8.14.6 + +* Sat Jul 21 2012 Fedora Release Engineering - 8.14.5-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 25 2012 Jaroslav Škarvada - 8.14.5-14 +- Used power64 macro to support more subarchitectures like ppc64p7 + Resolves: rhbz#834626 + +* Fri Apr 6 2012 Jaroslav Škarvada - 8.14.5-13 +- Rebuilt with libdb-5.2 + +* Sat Jan 14 2012 Fedora Release Engineering - 8.14.5-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Nov 23 2011 Jaroslav Škarvada - 8.14.5-11 +- Added tighter bound to sm-client.service and sendmail.service + Resolves: rhbz#756232 + +* Mon Oct 24 2011 Jaroslav Škarvada - 8.14.5-10 +- The nm-dispatcher now uses try-restart instead of restart + Resolves: rhbz#748416 + +* Tue Sep 13 2011 Jaroslav Škarvada - 8.14.5-9 +- Enabled alternatives --initscript in post section +- Improved sysvinit subpackage - switched to noarch, added scriptlets +- Workarounded sm-client stop on SysV to systemd migration + +* Tue Aug 30 2011 Jaroslav Škarvada - 8.14.5-8 +- Enable override of hardened build settings + +* Tue Aug 30 2011 Jaroslav Škarvada - 8.14.5-7 +- Hardened build with full relro +- Provided SysV initscript in sysvinit subpackage for backward compatibility + +* Mon Jul 25 2011 Jaroslav Škarvada - 8.14.5-6 +- Fixed systemctl disable command in preun section +- Replaced reload by restart, dropped ExecReload from sendmail.service + Resolves: rhbz#719931 +- Switched to systemctl in NetworkManager dispatcher script +- Added ExecStartPre=-/etc/mail/make to sm-client.service +- Hardcoded daemon option (-bd) to sendmail.service, dropped the DAEMON var +- QUEUE var in /etc/sysconfig/sendmail replaced by SENDMAIL_OPTS var +- Added default preset (-q1h) to SENDMAIL_OPTS var + +* Fri Jul 22 2011 Jaroslav Škarvada - 8.14.5-5 +- Fixed SMTP AUTH over TLS in case of two AUTH lines + Resolves: rhbz#716628 + +* Mon Jul 18 2011 Jaroslav Škarvada - 8.14.5-4 +- Removed dots from description (there are no dots in systemd packaging + guidelines) +- Changed service type to forking and explicitly specified PID files +- Fixed creation of sm-client.pid +- Added Wants to sm-client.service and sendmail.service +- Replaced each occurrence of /var/run by /run in config files +- More details are available in rhbz#697636 + +* Thu Jun 30 2011 Jóhann B. Guðmundsson - 8.14.5-3 +- Introduce systemd unit file, drop SysV support + +* Thu Jun 16 2011 Paul Howarth - 8.14.5-2 +- Rebuilt with libdb-5.2 + +* Tue May 17 2011 Jaroslav Škarvada - 8.14.5-1 +- New version 8.14.5 +- Removed m4-ldap-routing, milter-fix-negativeid, man-i-option-fix + patches (upstreamed) + +* Thu Mar 03 2011 Jaroslav Škarvada - 8.14.4-21 +- fix negative ctx_id in milter debug output (#577558) +- fix incomplete description of the -i option in man page (#676824) + +* Wed Feb 09 2011 Fedora Release Engineering - 8.14.4-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 12 2011 Jaroslav Škarvada - 8.14.4-19 +- updated QoS patch, including upstream comments and AF_INET6 4-in-6 support + +* Mon Jan 10 2011 Jaroslav Škarvada - 8.14.4-18 +- add QoS support, patch from Philip Prindeville + upstream reserved option ID 0xe7 for testing of this new feature (#576643) + +* Fri Nov 26 2010 Jaroslav Škarvada - 8.14.4-17 +- change LSB init header to provide $mail-transport-agent (#627413) + +* Mon Nov 08 2010 Jaroslav Škarvada - 8.14.4-16 +- fix m4 ldap routing macro, backport from 8.14.5.Alpha0, (#650366) + +* Wed Sep 29 2010 jkeating - 8.14.4-15 +- Rebuilt for gcc bug 634757 + +* Fri Sep 24 2010 Jaroslav Škarvada - 8.14.4-14 +- fix MAXHOSTNAMELEN (#485380) + +* Mon Sep 13 2010 Jaroslav Škarvada - 8.14.4-13 +- rebuilt with libdb-5.1 + +* Wed Aug 25 2010 Jaroslav Škarvada - 8.14.4-12 +- updated sendmail.nm-dispatcher script to handle VPN connections (#577540) + +* Tue Aug 17 2010 Jaroslav Škarvada - 8.14.4-11 +- README.libmilter moved to milter subpackage +- updated description of doc subpackage +- README.redhat removed (not needed any more) + +* Wed Aug 04 2010 Jaroslav Škarvada - 8.14.4-10 +- added stub man pages for hoststat and purgestat +- rmail man page added to alternatives +- updated subpackages description +- sendmail-cf/cf/README is not packaged - it is useless for end users +- added comments about purpose of files and patches +- removed redundant license tag from milter subpackage + +* Thu Jul 08 2010 Jaroslav Škarvada - 8.14.4-9 +- added license to milter subpackage according to new Licensing + Guidelines + +* Mon Jun 14 2010 Jaroslav Škarvada - 8.14.4-8 +- all 'define' changed to 'global' in spec +- perl interpreter path fixup moved from 'install' to 'prep' + +* Fri Jun 11 2010 Jaroslav Škarvada - 8.14.4-7 +- silenced warning about non-existing config in {_libdir}/sasl2 + +* Tue Jun 08 2010 Jaroslav Škarvada - 8.14.4-6 +- sasl2 config moved from {_libdir}/sasl2 to {_sysconfdir}/sasl2 +- added libdb5 patch for building with libdb-5 +- rebuilt with libdb-5 + +* Mon May 31 2010 Jaroslav Škarvada - 8.14.4-5 +- fixed user/group creation + +* Tue Mar 02 2010 Jaroslav Škarvada - 8.14.4-4 +- used noreplace for sasl config +- used ghost instead of explicit provides +- deffattr changed to (-,root,root,-) + +* Mon Feb 15 2010 Jaroslav Škarvada - 8.14.4-3 +- fixed libresolv implicit DSO linking (#564647) +- fixed initscript LSB compliance (#561040) + +* Thu Feb 04 2010 Jaroslav Škarvada - 8.14.4-2 +- fixed typo in spec file +- fixed aliases_dir patch + +* Tue Feb 02 2010 Jaroslav Škarvada - 8.14.4-1 +- new version 8.14.4 (#552078) +- RPM attributes S, 5, T not recorded for statistics file +- adapted patches: makemapman, dynamic, switchfile (#552078) +- movefiles patch incorporated into aliases_dir patch +- drop exitpanic patch (fixed upstream) + +* Sun Jan 03 2010 Robert Scheck 8.14.3-10 +- handle IPv6:::1 in block_bad_helo.m4 like 127.0.0.1 (#549217) + +* Tue Dec 15 2009 Miroslav Lichvar 8.14.3-9 +- fix milter file descriptors leaks (#485426) +- skip colon separator when parsing service name in ServiceSwitchFile +- return with non-zero exit code when free space is below MinFreeBlocks +- fix service stop/restart when only smclient is running +- fix submit.cf and helpfile permissions +- more merge review fixes (#226407) + +* Wed Sep 16 2009 Tomas Mraz - 8.14.3-8 +- Use password-auth common PAM configuration instead of system-auth + +* Fri Aug 21 2009 Tomas Mraz - 8.14.3-7 +- rebuilt with new openssl + +* Sun Jul 26 2009 Fedora Release Engineering - 8.14.3-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering - 8.14.3-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Tue Jan 20 2009 Miroslav Lichvar 8.14.3-4 +- build shared libmilter (#309281) +- drop static libraries +- convert RELEASE_NOTES to UTF-8 + +* Fri Dec 19 2008 Miroslav Lichvar 8.14.3-3 +- run newaliases only when necessary + +* Wed Dec 03 2008 Miroslav Lichvar 8.14.3-2 +- add NM dispatcher script (#451575) +- print warning on service start when sendmail-cf is required (#447148) +- replace Makefile with shell script to avoid dependency on make (#467841) +- fix multiarch conflicts (#343161) +- preserve timestamps on config files +- gzip RELEASE_NOTES +- defuzz patches +- drop gcc2690 patch + +* Tue Jul 22 2008 Thomas Woerner 8.14.3-1 +- new version 8.14.3 + +* Thu Jul 10 2008 Tom "spot" Callaway 8.14.2-5 +- rebuild against db4-4.7 + +* Sat Mar 29 2008 Dennis Gilmore 8.14.2-4 +- add sparcv9 to the -fPIE list + +* Fri Feb 8 2008 Thomas Woerner 8.14.2-3 +- added server(smtp) provide (rhbz#380621) + +* Wed Dec 05 2007 Release Engineering - 8.14.2-2 + - Rebuild for deps + +* Thu Nov 22 2007 Thomas Woerner 8.14.2-1 +- new version 8.14.2 + +* Mon Sep 17 2007 Thomas Woerner 8.14.1-4.2 +- made init script fully lsb conform + +* Wed Aug 29 2007 Thomas Woerner 8.14.1-4.1 +- fixed condrestart in init script to use exit instead of return + +* Mon Aug 27 2007 Thomas Woerner 8.14.1-4 +- do not remove /etc/aliases.db on package removal (rhbz#223637) +- fixed remaining paths to certs directory in sendmail.mc file +- added contrib scripts to the doc package (rhbz#183723) +- added LSB header to init script (rhbz#247053) +- added plain login information for cyrus-sasl to access file +- fixed compile problem with glibc-2.6.90+ +- fixed reoccuring m4 include problem (now using sinclude) + +* Fri Jul 20 2007 Thomas Woerner 8.14.1-3 +- do not accept localhost.localdomain as valid address from smtp + +* Mon Apr 16 2007 Thomas Woerner 8.14.1-2 +- readded chkconfig add for sendmail in post script +- dropped mysql support (useless without further patching) +- fixed executable permissions for /usr/sbin/makemap and /usr/sbin/smrsh +- dropped FFR_UNSAFE_SASL, because it has no effect anymore + +* Thu Apr 12 2007 Thomas Woerner 8.14.1-1.1 +- replaced prereq tags with requires() tags. + +* Thu Apr 12 2007 Thomas Woerner 8.14.1-1 +- new version 8.14.1 +- spec file cleanup for merge review (rhbz#226407) +- dropped update support for sendmail versions prior to 8.12.0 +- using pdf documentation + +* Tue Feb 6 2007 Thomas Woerner 8.14.0-1 +- new version 8.14.0 +- adapted patches: makemapman, dynamic + +* Tue Jan 23 2007 Florian La Roche +- #205803 add sparc/sparc64 to -fPIE list +- change sendmail.cf reference into sendmail-cf package name + +* Mon Dec 4 2006 Thomas Woerner 8.13.8-3.1 +- tcp_wrappers has a new devel and libs sub package, therefore changing build + requirement for tcp_wrappers to tcp_wrappers-devel + +* Tue Nov 28 2006 Thomas Woerner 8.13.8-3 +- added missing LDAP_DEPRECATED flag (#206288) + +* Mon Sep 04 2006 Florian La Roche +- unify sendmail.mc +- remove version information from sendmail helpfile + +* Fri Sep 1 2006 Thomas Woerner 8.13.8-1 +- new version 8.13.8 fixes CVE-2006-4434 (denial of service via a long header + line) + +* Thu Jul 20 2006 Thomas Woerner 8.13.7-3.1 +- dropped chown of /etc/mail/authinfo.db (#199455) + +* Tue Jul 18 2006 Thomas Woerner 8.13.7-3 +- using new syntax for access database (#177566) +- fixed failure message while shutting down sm-client (#119429) + resolution: stop sm-client before sendmail +- fixed method to specify persistent queue runners (#126760) +- removed patch backup files from sendmail-cf tree (#152955) +- fixed missing dnl on SMART_HOST define (#166680) +- fixed wrong location of aliases and aliases.db file in aliases man page + (#166744) +- enabled CipherList config option for sendmail (#172352) +- added user chowns for /etc/mail/authinfo.db and move check for cf files + (#184341) +- fixed Makefile of vacation (#191396) + vacation is not included in this sendmail package +- /var/log/mail now belongs to sendmail (#192850) + +* Wed Jul 12 2006 Jesse Keating - 8.13.7-2.1 +- rebuild + +* Mon Jun 19 2006 Thomas Woerner 8.13.7-2 +- dropped reference to Red Hat Linux in sendmail-redhat.mc (#176679) + +* Mon Jun 19 2006 Thomas Woerner 8.13.7-1 +- new version 8.13.7 (#195282) +- fixes CVE-2006-1173 (VU#146718): possible denial of service issue caused by + malformed multipart messages (#195776) + +* Wed Mar 22 2006 Thomas Woerner 8.13.6-1 +- new version 8.13.6 (fixes VU#834865) +- dropped libmilter-sigwait patch (fixed in 8.13.6) + +* Fri Feb 17 2006 Thomas Woerner 8.13.5-3 +- fixed selinuxenabled path in initscript +- fixed error handling with sigwait (#137709) + Thanks to Jonathan Kamens for the patch +- fixed prereq for cyrus-sasl: now using /usr/sbin/saslauthd +- appended 'dnl' to cert tags in sendmail.mc + +* Fri Feb 10 2006 Jesse Keating - 8.13.5-2.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 8.13.5-2.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Thu Nov 10 2005 Tomas Mraz 8.13.5-2 +- rebuilt against new openssl + +* Mon Oct 10 2005 Tomas Mraz +- use include instead of pam_stack in pam config + +* Mon Sep 19 2005 Thomas Woerner 8.13.5-1 +- new version 8.13.5 +- fixed email address in changelog + +* Fri May 6 2005 Thomas Woerner 8.13.4-2 +- using new certificates directory /etc/pki/tls/certs + +* Wed Apr 27 2005 Thomas Woerner 8.13.4-1.1 +- added configuration example for Cyrus-IMAPd to sendmail.mc (#142001) + Thanks to Alexander Dalloz + +* Tue Apr 12 2005 Thomas Woerner 8.13.4-1 +- new version 8.13.4 +- added requires for the sendmail base package in sendmail-cf, sendmail-devel + and sendmail-doc +- dropped upstream close_wait.p2 patch + +* Thu Mar 17 2005 Thomas Woerner 8.13.3-2 +- dropped direct support for bind: no bind in confLIBSEARCH anymore, + using libresolv again + +* Thu Mar 10 2005 Jason Vas Dias 8.13.3-1.2 +- fix libbind include path - use /usr/include/bind/netdb.h, no +- /usr/include/netdb.h - bug: 150339 + +* Tue Mar 1 2005 Thomas Woerner 8.13.3-1.1 +- fixed gcc4 build: use double quotes for confOPTIMIZE to avoid m4 confusion + with ',' +- fix for ppc: using tripple-quotes + +* Wed Jan 26 2005 Thomas Woerner 8.13.3-1 +- new version 8.13.3 with closewait.p2 patch + +* Fri Dec 17 2004 Thomas Woerner 8.13.2-1 +- new version 8.13.2 +- thanks to Robert Scheck for adapting the patches + +* Thu Nov 11 2004 Jeff Johnson 8.13.1-2.2 +- rebuild against db-4.3.21. + +* Tue Oct 26 2004 Thomas Woerner 8.13.1-2.1 +- added missing BuildRequires for groff (#134778) +- added socketmap support (#131906) + +* Wed Sep 1 2004 Thomas Woerner 8.13.1-2 +- applied Sendmail Errata (2004-08-24): errata_cataddr (#131179) + +* Mon Aug 2 2004 Thomas Woerner 8.13.1-1 +- new version 1.13.1 + +* Wed Jun 30 2004 Thomas Woerner 8.13.0-1.1 +- fixed init script to not complain missing sendmail-cf package (#126975) +- better message in /etc/mail/Makefile for missing sendmail-cf package. + +* Mon Jun 21 2004 Thomas Woerner 8.13.0-1 +- new version 8.13.0 +- made /etc/mail/Makefile complain missing sendmail-cf package (#123348) +- fixed ownership of %%{_includedir}/libmilter (#73977) +- moved back to /usr/share/ssl/certs as certificate directory (see sendmail.mc) +- extended sendmail.mc for spam protection + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Thu Apr 15 2004 Dan Walsh 8.12.11-4.6 +- Fix selinuxenabled location + +* Wed Apr 7 2004 Dan Walsh 8.12.11-4.5 +- Fix security context of pid file for selinux + +* Fri Apr 2 2004 Thomas Woerner 8.12.11-4.4 +- fixed alternatives slave for sendmail.sendmail + +* Thu Apr 1 2004 Thomas Woerner 8.12.11-4.3 +- set path to cyrus-imapd deliver + +* Wed Mar 31 2004 Thomas Woerner 8.12.11-4.2 +- fixed spec file + +* Wed Mar 31 2004 Thomas Woerner 8.12.11-4.1 +- added authinfo to possible sendmail maps: /etc/mail/Makefile (#119010) +- fixed minor version in changelog + +* Wed Mar 17 2004 Thomas Woerner 8.12.11-4 +- new slave in alternatives for sendmail man page + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Thu Feb 19 2004 Thomas Woerner 8.12.11-3.2 +- removed buildreq for gdbm-devel + +* Thu Feb 19 2004 Thomas Woerner 8.12.11-3 +- RH3.0E version: sasl1, no pie, old_setup (provide /etc/aliases) +- new switches for pie and old_setup + +* Thu Feb 5 2004 Thomas Woerner 8.12.11-2.1 +- new Sendmail.conf for sasl1 (#114726) + +* Wed Jan 28 2004 Thomas Woerner 8.12.11-2 +- added information for saslauthd and AUTH (#113463) +- fixed STATUS_FILE in sendmail-redhat.mc (#114302) +- reset mta after update if mta was sendmail (#114257) +- enabled pie for ia64 again + +* Mon Jan 26 2004 Thomas Woerner 8.12.11-1.3 +- removed /etc/aliases (now in setup) + +* Thu Jan 22 2004 Thomas Woerner 8.12.11-1.2 +- /usr/lib/sendmail is in alternatives, now +- removed trailing / from stdir +- fixed define for STATUS_FILE + +* Wed Jan 21 2004 Thomas Woerner 8.12.11-1.1 +- disabled pie for ia64 + +* Tue Jan 20 2004 Thomas Woerner 8.12.11-1 +- new version 8.12.11 +- pie + +* Mon Jan 12 2004 Thomas Woerner 8.12.10-7 +- fc2 version (with sasl2) + +* Mon Jan 12 2004 Thomas Woerner 8.12.10-6 +- reverted to sasl1 for 3.0E: added with_sasl1 +- spec file cleanup +- new location for statistics file (/var/log/) + +* Sun Dec 14 2003 Florian La Roche +- Fix download url. + +* Sat Dec 13 2003 Jeff Johnson 8.12.10-5 +- rebuild against db-4.2.52. + +* Thu Dec 11 2003 Florian La Roche +- fix pam alternatives handling +- add patch from Jakub Jelinek for PIE + +* Fri Dec 05 2003 Karsten Hopp 8.12.10-3 +- fix usage of RPM_OPT_FLAGS variable in spec file +- add makecert.sh script to -doc subpackage +- add cert paths to sendmail.mc + +* Wed Nov 26 2003 Karsten Hopp +- fix alternatives (#109313) +- enable TLS + +* Mon Oct 27 2003 Florian La Roche +- add some more system account entries into /etc/aliases +- add example for a mixed IPv6/IPv4 setup + +* Fri Oct 24 2003 Harald Hoyer 8.12.10-2 +- added with_ options + +* Thu Sep 25 2003 Jeff Johnson 8.12.10-1.2 +- rebuild against db-4.2.42. + +* Thu Sep 18 2003 Florian La Roche +- update to 8.12.10 + +* Wed Sep 17 2003 Florian La Roche +- add security patches for CAN-2003-0694 and CAN-2003-0681 + +* Mon Sep 01 2003 Florian La Roche +- move debug information from sendmail into debuginfo rpm +- on %%post make sure /etc/aliases.db and /etc/mail/*.db is correctly + owned by root +- do not set confTRUSTED_USER to smmsp in sendmail-redhat.mc + +* Fri Aug 08 2003 Florian La Roche +- run "make -C /etc/mail" (maybe generating new sendmail.cf, then newaliases +- added $SENDMAIL_OPTARG that could be set by /etc/sysconfig/sendmail #99224 + +* Wed Jul 30 2003 Florian La Roche +- adjust rpm license tag to say "Sendmail" + +* Fri Jul 04 2003 Florian La Roche +- enable pie only for a few archs +- enable full optims for s390 again, compiler seems to be fixed + +* Mon Jun 30 2003 Florian La Roche +- apply patch from Ulrich Drepper to support -pie + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Sat May 31 2003 Florian La Roche +- make init script more robust #91879 + +* Sun May 11 2003 Florian La Roche +- sendmail-cf requires m4, #90513 + +* Fri May 9 2003 Nalin Dahyabhai 8.12.9-6 +- move Sendmail.conf from /usr/lib/sasl to /usr/lib/sasl2 and change the + default pwcheck method to "saslauthd" + +* Mon May 5 2003 Nalin Dahyabhai 8.12.9-5 +- configure to use libsasl2 instead of libsasl to avoid linking with both + (we also link to libldap, which now uses libsasl2) +- link with -ldb instead of -ldb-4.0 on all releases after RHL 7.3 instead + of just 7.3 (all versions of db4-devel thereafter are expected to provide + the right linking setup) + +* Tue Apr 15 2003 Florian La Roche +- add a "umask 022" before building the *.cf files in /etc/mail/Makefile + +* Fri Apr 04 2003 Florian La Roche +- mark /etc/mail/Makefile as config(noreplace) #87688 +- mark /etc/pam.d/smtp as config(noreplace) #87731 + +* Sun Mar 30 2003 Florian La Roche +- update to 8.12.9 + +* Wed Mar 26 2003 Florian La Roche +- call make with the target "all" #86005 +- add start/stop/restart as Makefile targets +- add another security patch + +* Wed Mar 05 2003 Florian La Roche +- add correct db4-devel requirements for newer releases +- completely re-do many ifdef code in the spec-file +- fix some issues building for older RHL releases + +* Mon Feb 24 2003 Elliot Lee +- rebuilt + +* Mon Feb 24 2003 Elliot Lee +- rebuilt + +* Mon Feb 24 2003 Florian La Roche +- update to 8.12.8 + +* Tue Feb 11 2003 Florian La Roche +- rebuilt + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Wed Jan 22 2003 Florian La Roche +- add a confTRUSTED_USER line into sendmail.mc, submit.mc is already ok +- add patch from sendmail.org for cf/m4/proto.m4 + +* Mon Jan 13 2003 Florian La Roche +- do not reject all numeric login names if hesiod support is + compiled in. #80060 +- remove reference to non-existing man-pages #74552 + +* Sun Jan 12 2003 Florian La Roche +- sendmail-8.12.7-etrn.patch from Jos Vos +- submit.mc: enable "use_ct_file" by default #80519 +- add _FFR_MILTER_ROOT_UNSAFE #78223 + +* Sat Jan 11 2003 Florian La Roche +- update to 8.12.7 +- hack to make lib64 version work +- downgrade s390 optims to make it compile + +* Mon Jan 6 2003 Nalin Dahyabhai +- add openssl-devel as a build-time requirement +- preprocess the config file to add the right version of %%{_lib} +- add kerberos -I and -L flags to build configuration, needed for newer + versions of libssl + +* Wed Dec 11 2002 Florian La Roche +- always have a queue run interval for sm-msp-queue #81424 +- Jos Vos suggests adding another variable for sm-client queue-run + +* Mon Dec 02 2002 Florian La Roche +- add the following changes from Adrian Havill + to our default sendmail.mc file: + - added commented-out-by-default common AUTH/SSL examples + - updated m4 example and rpm reference + - added more comment documentation + - add commented out confAUTO_REBUILD example + - improve description about MASQUERADE_AS + +* Mon Nov 18 2002 Florian La Roche +- add to submit.mc: define(`_MTA_HOST_', `[127.0.0.1]') + to deliver directly to localhost IP instead of going through DNS +- submit.mc: exchange msp and use_ct_file to better enable it +- do not undefine UUCP_RELAY and BITNET_RELAY +- sendmail.mc: use LOCAL_DOMAIN instead of "Cw" directly +- sendmail.mc: add commented out MASQUERADE_AS example +- re-enable DAEMON variable for now + +* Tue Nov 12 2002 Nalin Dahyabhai +- remove absolute path names from the PAM configuration, allowing it to be + used by any arch on a multilib system + +* Sun Nov 03 2002 Florian La Roche +- fix mailman alias #75129 + +* Sat Nov 02 2002 Florian La Roche +- update to 8.12.6 + +* Fri Oct 04 2002 Phil Knirsch 8.12.5-7.2 +- Drop optflags to default to build correctly on s390(x). + +* Thu Sep 12 2002 Than Ngo 8.12.5-7.1 +- Added fix to build on x86_64 + +* Thu Aug 29 2002 Florian La Roche +- clean up some specfile cruft +- add more pseudo accounts to /etc/aliases + +* Thu Jul 25 2002 Phil Knirsch +- Only generate new cf files if the /usr/share/sendmail-cf/m4/cf.m4 exists. + +* Wed Jul 24 2002 Phil Knirsch +- Changed the behaviour in /etc/mail/Makefile to generate the sendmail.cf and + submit.cf from the mc files if they changed. +- Added a small README.redhat that descibed the new mc file behaviour and the + split into sendmail.cf and submit.cf. + +* Wed Jul 24 2002 Florian La Roche +- suggestions form Stephane Lentz: + - add correct include statement into submit.mc (like sendmail.mc) + - add commented out further suggestions into submit.mc + - disable ident lookups + +* Thu Jul 11 2002 Florian La Roche +- fix initscript for the second daemon and pidfile location #67910 + +* Mon Jul 01 2002 Florian La Roche +- update to 8.12.5 + +* Thu Jun 27 2002 Florian La Roche +- add further queue runs, slight spec-file cleanups + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Tue Jun 11 2002 Florian La Roche +- update to 8.12.4, adjust smrsh patch + +* Thu May 23 2002 Tim Powers +- automated rebuild + +* Sat Apr 13 2002 Florian La Roche +- update to 8.12.3 + +* Tue Mar 26 2002 Tim Powers +- rebuilt + +* Mon Mar 25 2002 Florian La Roche +- fix alternatives --remove #61737 +- add sendmail/SECURITY as docu #61870, #61545 + +* Wed Mar 20 2002 Florian La Roche +- add libsm.a #61270 +- change from /etc/sendmail.cf to /etc/mail/sendmail.cf +- add milter patch + +* Wed Mar 13 2002 Bill Nottingham +- ignore DAEMON=no; that configuration no longer functions + +* Wed Mar 13 2002 Florian La Roche +- make sure more version information is in the cf file #54418 +- do not use "-b" flag when patching in spec file +- require newer chkconfig version #61035 +- fix preun script #60880 +- add TMPF to access file creation #60956 + +* Sat Mar 09 2002 Florian La Roche +- mv include files to /usr/include/libmilter/ #60795 +- do not use "-f" option to virtusertable #60196 +- ad an example smarthost entry to config file #58298 + +* Fri Mar 8 2002 Bill Nottingham 8.12.2-5 +- use alternatives --initscript support +- run chkconfig --add before alternatives + +* Thu Feb 28 2002 Bill Nottingham 8.12.2-3 +- run alternatives --remove in %%preun +- add some prereqs + +* Mon Feb 25 2002 Nalin Dahyabhai 8.12.2-2 +- fix smmsp useradd invocation in %%pre +- switch back to db3 for storing db files + +* Wed Feb 20 2002 Nalin Dahyabhai 8.12.2-1 +- update to 8.12.2 (adds STARTTLS support without need for sfio) +- don't forcibly strip binaries; let the build root handle it +- add creation of the smmsp account (51/51) in %%pre +- enable hesiod map support +- modify default config to use an MSP +- comment out 'O AutoRebuildAliases' in %%post, otherwise sendmail will + fail to restart on upgrades + +* Wed Feb 20 2002 Florian La Roche +- add proper ifdefs around new alternative stuff to also be able + to build this for older releases + +* Fri Feb 1 2002 Bill Nottingham 8.11.6-12 +- %%triggerpostun on older versions to make sure alternatives work on + upgrades + +* Thu Jan 31 2002 Bill Nottingham 8.11.6-11 +- clean up alternatives somewhat, provide /usr/sbin/sendmail & friends + +* Thu Jan 31 2002 Bernhard Rosenkraenzer 8.11.6-10 +- Use alternatives + +* Tue Jan 22 2002 Florian La Roche +- fix quotation in spec-file + +* Thu Jan 10 2002 Florian La Roche +- integrate ugly logic to compile this src.rpm also on older Red Hat + Linux releases +- clean up spec file and patches a bit +- add db4 support + +* Wed Jan 09 2002 Florian La Roche +- fix another path to correct docu +- include sendmail/README in the docu +- compile with -D_FFR_WORKAROUND_BROKEN_NAMESERVERS, but do not + enable this at runtime +- devel subpackage files owned by root now + +* Fri Dec 07 2001 Florian La Roche +- change "-q" to "-s" as option to make #57216 +- move milter lib into separate "devel" sub-package +- add include files to devel sub-package #56064 +- fix pointer in access file to docu #54351 + +* Mon Sep 10 2001 Florian La Roche +- add libmilter docu +- add support for userdb to /etc/mail/Makefile +- use "btree" database files if a userdb is used +- buildrequires tcp_wrappers + +* Fri Aug 31 2001 Florian La Roche +- fix libmilter support +- fix init script to use /etc/mail/Makefile #52932 + +* Sat Aug 25 2001 Florian La Roche +- add libmilter library + +* Thu Aug 23 2001 Florian La Roche +- update to 8.11.6 +- correctly use /etc/mail/statistics + +* Thu Aug 09 2001 Florian La Roche +- change init script back to older conventions #51297 +- remove DoS patch, not needed anymore #51247 + +* Mon Aug 06 2001 Florian La Roche +- add option '-t' to procmail for local mail delivery + +* Tue Jul 24 2001 Florian La Roche +- point to the map files in sendmail.cf as pointed out by + David Beveridge + +* Mon Jul 23 2001 Florian La Roche +- add build requires #49695 +- do not call "userdel" + +* Tue Jul 10 2001 Florian La Roche +- change sendmail.cf to "noreplace" + +* Thu Jun 07 2001 Florian La Roche +- update to 8.11.4 + +* Wed May 09 2001 Florian La Roche +- update to 8.11.3 +- add "localhost.localdomain" to the list of hostnames accepted + for local delivery "Cw" in /etc/mail/sendmail.mc +- add patches from Pekka Savola + - Enable IPv6 at compile time, patch for glibc 2.2 from PLD + - Add a commented-out IPv6 daemon .mc line to sendmail.mc + - buildrequire: openldap-devel, cyrus-sasl-devel + +* Fri Mar 2 2001 Nalin Dahyabhai +- rebuild in new environment + +* Tue Feb 27 2001 Florian La Roche +- add noreplace for /etc/sysconfig/sendmail and /etc/mail/sendmail.mc + +* Wed Feb 21 2001 Florian La Roche +- add changes from Christopher McCrory : + - prepare /etc/mail/Makefile for more maps not shipped with this rpm + - changed sendmail.mc to include some more commented out options, + so that people are directly pointed at important options + - add /etc/pam.d/smtp for AUTH + - add FEATURE(use_ct_file) and /etc/mail/trusted-users + +* Fri Feb 16 2001 Tim Powers +- don't obsolete postfix and exim, only conflict (for RHN purposes) + +* Thu Feb 15 2001 Trond Eivind Glomsrød +- obsolete and conflict with exim and postfix + +* Wed Feb 14 2001 Florian La Roche +- fix devision by zero bug in #20395 +- mv /usr/lib/sendmail-cf /usr/share/sendmail-cf + +* Wed Feb 7 2001 Trond Eivind Glomsrød +- i18n tweaks to initscript + +* Wed Feb 07 2001 Florian La Roche +- aliases.db should be owned by group root + +* Wed Jan 24 2001 Florian La Roche +- prepare for startup-script translation + +* Tue Jan 23 2001 Florian La Roche +- enable daemon mode again, but only listen to the loopback device + instead of all devices. +- do not include check.tar with old anti-spam rules + +* Fri Jan 12 2001 Florian La Roche +- fix configuration of /etc/aliases + +* Mon Jan 08 2001 Florian La Roche +- fix interoperation problems with communigate pro +- disable msa + +* Thu Jan 04 2001 Florian La Roche +- update to (security release) 8.11.2 +- build also on RHL 6.x #16061 +- include smrsh man-page #17901 +- use the "-f" flag for makemap to preserve case for virtusertable + and userdb in /etc/mail/Makefile - suggested by Harald Hoyer +- fix /usr/doc -> usr/share/doc in docu #20611 +- wrong path in sendmail.mc #20691 +- tcp-wrapper support wasn't enabled correctly #21642 +- do not expose user "root" when masquerading like in older releases #21643 +- disable the VRFY and EXPN smtp commands #21801 +- disable queue-runs for normal users (restrictqrun privacy flag) +- fix typo in sendmail.mc #21880, #22682 +- disable daemon mode to see what needs fixing + +* Mon Oct 02 2000 Florian La Roche +- update to 8.11.1 + +* Fri Sep 08 2000 Nalin Dahyabhai +- rebuild in new environment + +* Tue Aug 22 2000 Nalin Dahyabhai +- apply fixes for LDAP maps being closed too soon + +* Mon Aug 14 2000 Nalin Dahyabhai +- provide /usr/lib/sasl/Sendmail.conf so that people know we can use it (#16064) + +* Mon Aug 7 2000 Florian La Roche +- enable listening on the smtp port again + +* Fri Aug 4 2000 Nalin Dahyabhai +- fix "missing find_m4.sh" problem by defining M4=/usr/bin/m4 (#14767) + +* Mon Jul 31 2000 Nalin Dahyabhai +- okay, enable LDAP support again +- enable SMTP auth support via Cyrus SASL + +* Tue Jul 25 2000 Nalin Dahyabhai +- disable the LDAP support until we can remove the sendmail->OpenLDAP->perl dep +- fix prereq + +* Tue Jul 25 2000 Florian La Roche +- update to sendmail 8.11.0 +- add LDAP support + +* Thu Jul 20 2000 Bill Nottingham +- move initscript back + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Sun Jul 9 2000 Florian La Roche +- require procmail +- add further aliases + +* Sat Jul 8 2000 Florian La Roche +- prereq init.d +- fix typo + +* Tue Jul 4 2000 Florian La Roche +- ignore error from useradd + +* Fri Jun 30 2000 Than Ngo +- FHS fixes +- /etc/rc.d/init.d -> /etc/init.d +- fix initscript + +* Fri Jun 23 2000 Florian La Roche +- change to /usr/share/man + +* Wed Jun 21 2000 Preston Brown +- turn off daemon behaviour by default + +* Sun Jun 18 2000 Bill Nottingham +- rebuild, fix dependencies + +* Sat Jun 10 2000 Bill Nottingham +- prereq /usr/sbin/useradd + +* Fri May 19 2000 Florian La Roche +- enable MAP_REGEX +- enable tcp_wrapper support + +* Thu May 18 2000 Florian La Roche +- fix etc/mail/aliases -> /etc/aliases in sendmail-redhat.mc + +* Wed May 3 2000 Bill Nottingham +- update to 8.10.1 +- fix build without sendmail installed +- add 'mailnull' user + +* Wed Mar 15 2000 Bill Nottingham +- update to 8.10.0 +- remove compatiblity chkconfig links +- add a mailnull user for sendmail to use + +* Thu Feb 17 2000 Cristian Gafton +- break the hard link for makemap and create it as a symlnk (#8223) + +* Thu Feb 17 2000 Bernhard Rosenkränzer +- Fix location of mailertable (Bug #6035) + +* Sat Feb 5 2000 Bill Nottingham +- fixes for non-root builds (#8178) + +* Wed Feb 2 2000 Florian La Roche +- change perms on /etc/sysconfig/sendmail from 0755 to 0644 +- allow compressed man-pages + +* Thu Dec 02 1999 Cristian Gafton +- add patch to prevent the DoS when rebuilding aliases + +* Wed Sep 1 1999 Jeff Johnson +- install man pages, not groff output (#3746). +- use dnl not '#' in m4 comment (#3749). +- add FEATURE(mailtertable) to the config -- example file needs this (#4649). +- use db2 not db1. + +* Tue Aug 31 1999 Jeff Johnson +- add 127.0.0.1 to /etc/mail/access to avoid IDENT: relay problem (#3178). + +* Tue Aug 31 1999 Bill Nottingham +- chkconfig --del in preun, not postun (#3982) + +* Mon Aug 16 1999 Bill Nottingham +- initscript munging + +* Fri Jul 02 1999 Cristian Gafton +- fixed typo bug in comment in the default .mc file (#2812) + +* Mon Apr 19 1999 Cristian Gafton +- fox the awk scripts in the postinstall +- enable FEATURE(accept_unresolvable_domains) by default to make laptop + users happy. + +* Sun Apr 18 1999 Cristian Gafton +- make the redhat.mc be a separate source files. Sanitize patches that used + to touch it. +- install redhat.mc as /etc/sendmail.mc so that people can easily modify + their sendmail.cf configurations. + +* Mon Apr 05 1999 Cristian Gafton +- fixed virtusertable patch +- make smrsh look into /etc/smrsh + +* Mon Mar 29 1999 Jeff Johnson +- remove noreplace attr from sednmail.cf. + +* Thu Mar 25 1999 Cristian Gafton +- provide a more sane /etc/mail/access default config file +- use makemap to initializa the empty databases, not touch +- added a small, but helpful /etc/mail/Makefile + +* Mon Mar 22 1999 Jeff Johnson +- correxct dangling symlinks. +- check for map file existence in %%post. + +* Sun Mar 21 1999 Cristian Gafton +- auto rebuild in the new build environment (release 3) + +* Fri Mar 19 1999 Jeff Johnson +- improved 8.9.3 config from Mike McHenry + +* Tue Mar 16 1999 Cristian Gafton +- version 8.9.3 + +* Tue Dec 29 1998 Cristian Gafton +- build for 6.0 +- use the libdb1 stuff correctly + +* Mon Sep 21 1998 Michael K. Johnson +- Allow empty QUEUE in /etc/sysconfig/sendmail for those who + want to run sendmail in daemon mode without processing the + queue regularly. + +* Thu Sep 17 1998 Michael K. Johnson +- /etc/sysconfig/sendmail + +* Fri Aug 28 1998 Jeff Johnson +- recompile statically linked binary for 5.2/sparc + +* Tue May 05 1998 Prospector System +- translations modified for de, fr, tr + +* Sat May 02 1998 Cristian Gafton +- enhanced initscripts + +* Fri May 01 1998 Cristian Gafton +- added a rmail patch + +* Wed Oct 29 1997 Donnie Barnes +- argh! Fixed some of the db1 handling that had to be added for glibc 2.1 + +* Fri Oct 24 1997 Donnie Barnes +- added support for db1 on SPARC + +* Thu Oct 16 1997 Donnie Barnes +- added chkconfig support +- various spec file cleanups +- changed group to Networking/Daemons (from Daemons). Sure, it runs on + non networked systems, but who really *needs* it then? + +* Wed Oct 08 1997 Donnie Barnes +- made /etc/mail/deny.db a ghost +- removed preun that used to remove deny.db (ghost handles that now) +- NOTE: upgrading from the sendmail packages in 4.8, 4.8.1, and possibly + 4.9 (all Red Hat betas between 4.2 and 5.0) could cause problems. You + may need to do a makemap in /etc/mail and a newaliases after upgrading + from those packages. Upgrading from 4.2 or prior should be fine. + +* Mon Oct 06 1997 Erik Troan +- made aliases.db a ghost + +* Tue Sep 23 1997 Donnie Barnes +- fixed preuninstall script to handle aliases.db on upgrades properly + +* Mon Sep 15 1997 Donnie Barnes +- fixed post-install output and changed /var/spool/mqueue to 755 + +* Thu Sep 11 1997 Donnie Barnes +- fixed /usr/lib/sendmail-cf paths + +* Tue Sep 09 1997 Donnie Barnes +- updated to 8.8.7 +- added some spam filtration +- combined some makefile patches +- added BuildRoot support + +* Wed Sep 03 1997 Erik Troan +- marked initscript symlinks as missingok +- run newalises after creating /var/spool/mqueue + +* Thu Jun 12 1997 Erik Troan +- built against glibc, udated release to -6 (skipped -5!) + +* Tue Apr 01 1997 Erik Troan +- Added -nsl on the Alpha (for glibc to provide NIS functions). + +* Mon Mar 03 1997 Erik Troan +- Added nis support.