head 1.3; access; symbols pkgsrc-2026Q1:1.3.0.2 pkgsrc-2026Q1-base:1.3 pkgsrc-2025Q4:1.2.0.16 pkgsrc-2025Q4-base:1.2 pkgsrc-2025Q3:1.2.0.14 pkgsrc-2025Q3-base:1.2 pkgsrc-2025Q2:1.2.0.12 pkgsrc-2025Q2-base:1.2 pkgsrc-2025Q1:1.2.0.10 pkgsrc-2025Q1-base:1.2 pkgsrc-2024Q4:1.2.0.8 pkgsrc-2024Q4-base:1.2 pkgsrc-2024Q3:1.2.0.6 pkgsrc-2024Q3-base:1.2 pkgsrc-2024Q2:1.2.0.4 pkgsrc-2024Q2-base:1.2 pkgsrc-2024Q1:1.2.0.2 pkgsrc-2024Q1-base:1.2 pkgsrc-2023Q4:1.1.0.36 pkgsrc-2023Q4-base:1.1 pkgsrc-2023Q3:1.1.0.34 pkgsrc-2023Q3-base:1.1 pkgsrc-2023Q2:1.1.0.32 pkgsrc-2023Q2-base:1.1 pkgsrc-2023Q1:1.1.0.30 pkgsrc-2023Q1-base:1.1 pkgsrc-2022Q4:1.1.0.28 pkgsrc-2022Q4-base:1.1 pkgsrc-2022Q3:1.1.0.26 pkgsrc-2022Q3-base:1.1 pkgsrc-2022Q2:1.1.0.24 pkgsrc-2022Q2-base:1.1 pkgsrc-2022Q1:1.1.0.22 pkgsrc-2022Q1-base:1.1 pkgsrc-2021Q4:1.1.0.20 pkgsrc-2021Q4-base:1.1 pkgsrc-2021Q3:1.1.0.18 pkgsrc-2021Q3-base:1.1 pkgsrc-2021Q2:1.1.0.16 pkgsrc-2021Q2-base:1.1 pkgsrc-2021Q1:1.1.0.14 pkgsrc-2021Q1-base:1.1 pkgsrc-2020Q4:1.1.0.12 pkgsrc-2020Q4-base:1.1 pkgsrc-2020Q3:1.1.0.10 pkgsrc-2020Q3-base:1.1 pkgsrc-2020Q2:1.1.0.8 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.4 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.6 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.2 pkgsrc-2019Q3-base:1.1; locks; strict; comment @# @; 1.3 date 2026.03.02.07.39.29; author jnemeth; state Exp; branches; next 1.2; commitid hRaoxTwMYU3L7nwG; 1.2 date 2024.01.15.04.43.22; author jnemeth; state Exp; branches; next 1.1; commitid ibRTU6YcoLIM7vUE; 1.1 date 2019.07.15.04.32.49; author jnemeth; state Exp; branches; next ; commitid jIGa2kaE2N2eT5vB; desc @@ 1.3 log @Update to sendmail 8.18.2 pkgsrc changes: - fix one thing related to resn - convert from NetBSD's old blocklistd to blacklistd NOTE: UseBlocklist is now UseBlacklist SENDMAIL RELEASE NOTES This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release. 8.18.2/8.18.2 2025/12/27 Avoid adding a second To: header to DSNs, instead any additional addresses are appended to an existing To: header (this also applies to Cc: and Bcc:). Fix matching of wildcard SANs in the experimental support for SMTP MTA Strict Transport Security (MTA-STS). Problem reported by Dilyan Palauzo. The experimental support for SMTP MTA Strict Transport Security has been significantly rewritten to handle the problems caused by it being tied to the domain of a RCPT address (instead to an SMTP server for all the domains it handles - compare DANE). The most visible change is that an SMTP transaction where the first RCPT has an STS policy will have only RCPTs with the same domain instead of all RCPTs going to the same servers (MX). Accordingly, MTA-STS can be disabled per RCPT domain by adding access map entries of the form STS:domain NO Successful deliveries to RCPTs which have an STS policy show STS=OK in the to=... stat=Sent log entry. If an STS policy for a RCPT could not be fulfilled then the RCPT is not being sent and an error containing the string "STS" is logged. MaxQueueAge is now observed for all types of QueueSortOrder even those which internally skip some code (including the MaxQueueAge check). On some systems the rejection of a RCPT by a milter could silently be ignored. Increase size for an internal buffer which can contain AUTH data because XOAUTH2 could use very long tokens. Patch from Frank Schmirler. Portability: Add support for Darwin 24 and 25. LIBSM: Fix compilation of vfscanf.c with gcc-15. Problem reported by Jaroslav Škarvada of RedHat. MAILSTATS: Fix compilation with gcc-15. Problem reported by Jaroslav Škarvada of RedHat. New Files: cf/feature/same_domain_only.m4 devtools/OS/Darwin.24.x devtools/OS/Darwin.25.x @ text @$NetBSD: patch-bn,v 1.2 2024/01/15 04:43:22 jnemeth Exp $ --- sendmail/sendmail.8.orig 2023-02-09 18:24:38.000000000 +0000 +++ sendmail/sendmail.8 @@@@ -552,6 +552,11 @@@@ for this amount of time, failed messages will be returned to the sender. The default is five days. .TP +.RI UseBlocklist +If set, send authentication failure and success notifications to the +.BR blocklistd (8) +daemon. +.TP .RI UserDatabaseSpec= userdatabase If set, a user database is consulted to get forwarding information. You can consider this an adjunct to the aliasing mechanism, @ 1.2 log @Update to sendmail 8.17.2: some feature updates and a bunch of bug fixes. pkgsrc changes: - remove some backported patches now included upstream - rename blacklistd option to blacklist to match defaults/mk.conf - accept old opiton blacklistd - add new smtputf8 option to enable SMTP SMTPUTF8 protocol option SENDMAIL RELEASE NOTES This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release. 8.17.2/8.17.2 2023/06/03 Make sure DANE checks (if enabled) are performed even if CACertPath or CACertFile are not set or unusable. Note: if the code to set up TLS in the client fails, then {verify} will be set to TEMP but DANE requirements will be ignored, i.e., by default mail will be sent without STARTTLS. This can be changed via a LOCAL_TLS_SERVER ruleset. Pass server name to clt_features ruleset instead of client name to account for limitations in macro availability described below in CONFIG section. This may break custom clt_features rulesets which expect to receive the client name as input. Fix a regression introduced in 8.17.1: aliases file which contain continuation lines caused parsing errors. Add an FFR (for future release) compile time option _FFR_LOG_STAGE to log the protocol stage as stage= for some errors during delivery attempts to make troubleshooting simpler. This new logging may be enabled in a future release. When EAI is enabled, milters also got the arguments of MAIL/RCPT commands in argv[0] for xxfi_envfrom()/xxfi_envrcpt() callbacks instead of just the mail address. Problem reported by Dilyan Palauzo. When EAI is enabled, mailq prints UTF-8 addresses as such if SMTPUTF8 was used. When EAI is enabled, the $h macro is now in the correct format. Previously this could cause wrong values for relay= in log entries and the mailer argument vector. When the compile time option USE_EAI is enabled, vacation could fail to respond when it should. Problem reported by Alex Hautequest. When EAI was enabled, header truncation might not have been logged even when it happened. Problem reported by Werner Wiethege. Handle a possible change in an upcoming release of Cyrus-SASL (2.1.28) by changing the definition of an internal flag. Patch from Dilyan Palauzo. Avoid an assertion failure when an smtps connection is made to the server and a milter is unavailable. Problem reported by Dilyan Palauzo. Fixed some spelling errors in documentation and comments, based on a codespell report by Jens Schleusener of fossies.org. The result of try_tls is now logged using status= instead of reject=. If tls_rcpt rejected the delivery of a recipient then a bogus dsn= entry might have been logged under some circumstances. If a server replied with 421 to a RCPT command then a bogus reply= might have been logged. When quoting the value for ${currHeader} avoid causing a syntax error (Unbalanced '"') when truncating a header value which is too long. Problem reported by Werner Wiethege. Reduce the performance impact of a change introduced in 8.12.9: the default for MaxMimeHeaderLength was set to 2048/1024. Problem reported by Tabata Shintaro of Internet Initiative Japan Inc. CONFIG: The default clt_features ruleset tried to access ${server_name} and ${server_addr} which are not set when the ruleset is invoked. Only the server name is available which is passed as an argument. CONFIG: Properly quote host variable to prevent cf build breakage when a hostname contains 'dnl'. Problem reported by Maxim Shalomikhin of Kaspersky. DEVTOOLS: Add configure.sh support for BSD's mandoc as an alternative man page formatting tool. DOC: Document that USAGE is a possible value for {verify}. LIBMILTER: The macros for the EOH and EOM callbacks are sent in reverse order which means accessing macros in the EOM callback got the macro for the EOH callback. Store those macros in the expected order in libmilter. Note: this does not affect sendmail because the macros for both callbacks are the same because the message is sent to libmilter after it is completely read by sendmail. Fix and problem report from David Buergin. Portability: Make use of IN_LOOPBACK, if defined, to determine if using a loopback address. Patch from Mike Karels of FreeBSD. On Linux use gethostbyname2(3) if glibc 2.19 or newer is used to avoid potential problems with IPv6 lookups. Patch from Werner Wiethege. Add support for Darwin 21 and Darwin 22. Solaris 12 has been renamed to Solaris 11.4, hence adapt a condition for sigwait(2) taking one argument. Patch from John Beck. New Files: devtools/M4/UNIX/sharedlib.m4 devtools/OS/Darwin.21.x devtools/OS/Darwin.22.x sendmail/sched.c libsm/notify.h 8.17.1/8.17.1 2021/08/17 Deprecation notice: due to compatibility problems with some third party code, we plan to finally switch from K&R to ANSI C. If you are using sendmail on a system which does not have a compiler for ANSI C contact us with details as soon as possible so we can determine how to proceed. Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533) is available when using the compile time option USE_EAI (see also devtools/Site/site.config.m4.sample for other required settings) and the cf option SMTPUTF8. If a mail submission via the command line requires the use of SMTPUTF8, e.g., because a header uses UTF-8 encoding, but the addresses on the command line are all ASCII, then the new option -U must be used, and the cf option SMTPUTF8 must be set in submit.cf. Please test and provide feedback. Experimental support for SMTP MTA Strict Transport Security (MTA-STS, see RFC 8461) is available when using - the compile time option _FFR_MTA_STS (which requires STARTTLS, MAP_REGEX, SOCKETMAP, and _FFR_TLS_ALTNAMES), - FEATURE(sts), which implicitly sets the cf option StrictTransportSecurity, - postfix-mta-sts-resolver, see https://github.com/Snawoot/postfix-mta-sts-resolver.git New ruleset check_other which is called for all unknown SMTP commands in the server and for commands which do not have specific rulesets, e.g., NOOP and VERB. New ruleset clt_features which can be used to select features in the SMTP client per server. Currently only two flags are available: D/M to disable DANE/MTA-STS, respectively. New compile time option NO_EOH_FIELDS to disable the special meaning of the headers Message: and Text: to denote the end of the message header. Avoid leaking session macros for an envelope between delivery attempts to different servers. This problem could have affected check_compat. Avoid leaking actual SMTP replies between delivery attempts to different servers which could cause bogus logging of reply= entries. Change default SMTP reply code for STARTTLS related problems from 403 to 454 to better match the RFCs. Fix a theoretical buffer overflow when encountering an unknown/unsupported socket address family on an operating system where sa_data is larger than 30 (the standard is 14). Based on patch by Toomas Soome. Several potential memory leaks and other similar problems (mostly in error handling code) have been fixed. Problems reported by Tomas Korbar of RedHat. Previously the commands GET, POST, CONNECT, or USER terminate a connection immediately only if sent as first command. Now this is also done if any of these is sent directly after STARTTLS or if the 'h' option is set via srv_features. CDB map locking has been changed so a sendmail process which does have a CDB map open does not block an in-place update of the map by makemap. The simple workaround for that problem in earlier versions is to create the map under a different name and then move it into place. On some systems the rejection of a RCPT by a milter could silently fail. CONFIG: New FEATURE(`check_other') to provide a default check_other ruleset. CONFIG: FEATURE(`tls_failures') is deprecated and will be removed in future versions because it has a fundamental problem: it is message oriented but STARTTLS is session oriented. For example, having multiple RCPTs in one envelope for different destinations, with different temporary errors, does not work properly, as the persistent macro applies to all RCPTs and hence implicitly to all destinations (servers). The option TLSFallbacktoClear should be used if needed. CONTRIB: AuthRealm.p0 has been modified for 8.16.1 by Anne Bennett. CONTRIB: Added cidrexpand -O option for suppressing duplicates from a CIDR expansion that overlaps a later entry and -S option for skipping comments exactly like makemap does. MAIL.LOCAL: Enhance some error messages to simplify troubleshooting. Portability: Add support for Darwin 19 & 20. Use proper FreeBSD version define to allow for cross compiling. Fix from Brooks Davis of the FreeBSD project. NOTE: File locking using fcntl() does not interoperate with Berkeley DB 5.x (and probably later). Use CDB, flock() (-DHASFLOCK), or an earlier Berkeley DB version. Problem noted by Harald Hannelius. New Files: cf/feature/check_other.m4 cf/feature/sts.m4 devtools/OS/Darwin.19.x devtools/OS/Darwin.20.x include/sm/ixlen.h libsm/ilenx.c libsm/lowercase.c libsm/strcaseeq.c libsm/t-ixlen.c libsm/t-ixlen.sh libsm/t-streq.c libsm/t-streq.sh libsm/utf8_valid.c libsm/uxtext_unquote.c libsm/xleni.c libsmutil/t-lockfile.c libsmutil/t-lockfile-0.sh libsmutil/t-maplock-0.sh @ text @d1 1 a1 1 $NetBSD$ d9 1 a9 1 +.RI UseBlacklist d11 1 a11 1 +.BR blacklistd (8) @ 1.1 log @Add support for working with blacklistd. These patches were originally created for FreeBSD and were ported to pkgsrc by Hauke Fath with some cleanup by myself. These patches add a new "UseBlacklist" option to sendmail to have it send authentication failure notices to blacklistd. @ text @d3 1 a3 1 --- sendmail/sendmail.8.orig 2014-06-13 14:57:59.000000000 +0000 d5 2 a6 2 @@@@ -537,6 +537,11 @@@@ for this amount of time, failed messages will be returned to the sender. d9 1 a9 1 +UseBlacklist d16 1 a16 1 You can consider this an adjunct to the aliasing mechanism, @