-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
sendmail snapshot 8.17.0.3 is available for testing. It fixes a
performance problem when USE_EAI is enabled and reduces the
requirements when -U needs to be specified during mail submission.
8.17.1/8.17.1 202X/XX/XX
Deprecation notice: due to compatibility problems with some
third party code, we plan to finally switch from K&R
to ANSI C. If you are using sendmail on a system
which does not have a compiler for ANSI C contact us
with details as soon as possible so we can determine
how to proceed.
Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533)
is available when using the compile time option USE_EAI
(see also devtools/Site/site.config.m4.sample for other
required settings) and the cf option SMTPUTF8.
If a mail submission via the command line requires
the use of SMTPUTF8, e.g., because a header uses UTF-8
encoding, but the addresses on the command line are all
ASCII, then the new option -U must be used, and
the cf option SMTPUTF8 must be set in submit.cf.
Please test and provide feedback.
Experimental support for SMTP MTA Strict Transport Security
(MTA-STS, see RFC 8461) is available when using
- the compile time option _FFR_MTA_STS (which requires
STARTTLS, MAP_REGEX, SOCKETMAP, and _FFR_TLS_ALTNAMES),
- FEATURE(sts), which implicitly sets the cf option
StrictTransportSecurity,
- postfix-mta-sts-resolver, see
https://github.com/Snawoot/postfix-mta-sts-resolver.git
New ruleset check_other which is called for all unknown SMTP
commands in the server and for commands which do not
have specific rulesets, e.g., NOOP and VERB.
New ruleset clt_features which can be used to select features
in the SMTP client per server. Currently only two
flags are available: D/M to disable DANE/MTA-STS,
respectively.
Avoid leaking session macros for an envelope between
delivery attempts to different servers. This problem
could have affected check_compat.
Avoid leaking actual SMTP replies between delivery attempts
to different servers which could cause bogus logging
of reply= entries.
Change default SMTP reply code for STARTTLS related problems
from 403 to 454 to better match the RFCs.
Fix a theoretical buffer overflow when encountering an
unknown/unsupported socket address family on an
operating system where sa_data is larger than 30
(the standard is 14). Based on patch by Toomas Soome.
Previously the commands GET, POST, CONNECT, or USER terminate
a connection immediately only if sent as first command.
Now this is also done if any of these is sent directly
after STARTTLS or if the 'h' option is set via
srv_features.
CDB map locking has been changed so a sendmail process which
does have a CDB map open does not block an in-place
update of the map by makemap. The simple workaround
for that problem in earlier versions is to create
the map under a different name and then move it
into place.
CONFIG: New FEATURE(`check_other') to provide a default
check_other ruleset.
CONFIG: FEATURE(`tls_failures') is deprecated and will be
removed in future versions because it has a fundamental
problem: it is message oriented but STARTTLS is
session oriented. For example, having multiple
RCPTs in one envelope for different destinations,
with different temporary errors, does not work
properly, as the persistent macro applies to all
RCPTs and hence implicitly to all destinations (servers).
The option TLSFallbacktoClear should be used if needed.
MAIL.LOCAL: Enhance some error messages to simplify
troubleshooting.
Portability:
Add support for Darwin 19 & 20.
NOTE: File locking using fcntl() does not interoperate
with Berkeley DB 5.x (and probably later). Use
CDB, flock() (-DHASFLOCK), or an earlier Berkeley
DB version. Problem noted by Harald Hannelius.
New Files:
cf/feature/check_other.m4
cf/feature/sts.m4
devtools/OS/Darwin.19.x
devtools/OS/Darwin.20.x
include/sm/ixlen.h
libsm/ilenx.c
libsm/lowercase.c
libsm/strcaseeq.c
libsm/t-ixlen.c
libsm/t-ixlen.sh
libsm/t-streq.c
libsm/t-streq.sh
libsm/utf8_valid.c
libsm/uxtext_unquote.c
libsm/xleni.c
libsmutil/t-lockfile.c
libsmutil/t-lockfile-0.sh
libsmutil/t-maplock-0.sh
Available at:
https://ftp.sendmail.org/snapshots/sendmail.8.17.0.3.tar.gz https://ftp.sendmail.org/snapshots/sendmail.8.17.0.3.tar.gz.sig
SHA256 (sendmail.8.17.0.3.tar.gz) = 0b8cf894784fad367babca47a99e3a490882d4241258500bb827f0439e49749e
SHA256 (sendmail.8.17.0.3.tar.gz.sig) = 64e4e7f5031c7806465db914de45d028363a321e595cc0ed7c574c637aa3622f
-----BEGIN PGP SIGNATURE-----
iQIcBAEBAgAGBQJg0j3kAAoJEExm6o1L7hvudd4P/jHGeShR6MTp9ZyD7uQUraVt XA6z2XrZ7XAXCTyz3RNBOno4Fr+sm36C6awYYOgLjkNl7tjvSYnLCE9+OOSilXvp +u/7lHk3CwKwqCxsWpmA8SAVIQ0lwCohAPm7ZgB9NOZwjSTrkWt9aBst+WeH7bI5 Pkw3FtB+5uaAel2fWP3M6Lxz75+OSIRAOMYE+8Dp76c9Z62JBNbu1/Gr8NJgaanL /7b0I+rZsUmXIDdzqPZ117J999PZh9r920A8+s65blTNGbPD7NMBeo0EKQQ+Oaws eDZnLzeZK0z3PPV0KCae5jVhlMG9euueML+MU4a+mVYoBeDkR21K+nU1w9dVPEzo jOzwpjAS8hmjoQ2YtyDKZhUuZUiZciTX/YWHYOx2Zn0fGZl6mUVxUtkJXR00Vr/b cWCBCSJINcpF9yMnhg8cXDUJiFJlqZEViE/8MAO4q/EoAv6YU355BjnnZFE7cKTn 9hAKn/l/o9D1l2NB0Xwhny3qAaQ6br4jfYd/oD4z7cqQfeZp7MQSjSpkMw6zMTgI gWZH3foo3iw+IWhaGJG4S92NUCr8kcZgGpPJUI86DejiZVAb+eBd8qD5qkLx6woV afVRbptULrGF29Lek/tNS5Tf+9dAjTmKjrEa0s0oruWkavDs6flLGH/7b0VHNPtB 0dDPHFI+AEfMb+fnhu8D
=rbNT
-----END PGP SIGNATURE-----
--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)