1. Forum
  2. Usenet
  3. COMP.MAIL.SENDMAIL

  • sendmail snapshot 8.17.0.0

    From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to All on Tue May 4 19:43:58 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    sendmail snapshot 8.17.0.0 is available for testing. It offers
    even more functionality to control the input from clients: rejecting
    HTTP commands at more stages and a new ruleset check_other.

    8.17.0/8.17.0 202X/XX/XX
    Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533)
    is available when using the compile time option USE_EAI
    (see also devtools/Site/site.config.m4.sample for other
    required settings) and the cf option SmtpUTF8.
    For mail submission the new command line option -U must
    be used to specify SMTPUTF8.
    Please test and provide feedback.
    Experimental support for SMTP MTA Strict Transport Security
    (MTA-STS, see RFC 8461) is available when using
    - the compile time option _FFR_MTA_STS,
    - FEATURE(sts), which implicitly sets the cf option
    StrictTransportSecurity,
    - postfix-mta-sts-resolver, see
    https://github.com/Snawoot/postfix-mta-sts-resolver.git
    New ruleset check_other which is called for all unknown SMTP
    commands in the server and for commands which do not
    have specific rulesets, e.g., NOOP and VERB.
    New ruleset clt_features which can be used to select features
    in the SMTP client per server. Currently only two
    flags are available: D/M to disable DANE/MTA-STS,
    respectively.
    Avoid leaking session macros for an envelope between
    delivery attempts to different servers. This problem
    could have affected check_compat.
    Avoid leaking actual SMTP replies between delivery attempts
    to different servers which could cause bogus logging
    of reply= entries.
    Change default SMTP reply code for STARTTLS related problems
    from 403 to 454 to better match the RFCs.
    Fix a theoretical buffer overflow when encountering an
    unknown/unsupported socket address family on an
    operating system where sa_data is larger than 30
    (the standard is 14). Based on patch by Toomas Soome.
    Previously the commands GET, POST, CONNECT, or USER terminate
    a connection immediately only if sent as first command.
    Now this is also done if any of these is sent directly
    after STARTTLS or if the 'h' option is set via
    srv_features.
    CONFIG: New FEATURE(`check_other') to provide a default
    check_other ruleset.
    MAIL.LOCAL: Enhance some error messages to simplify
    troubleshooting.
    Portability:
    Add support for Darwin 19.
    Added Files:
    cf/feature/check_other.m4
    cf/feature/sts.m4
    devtools/OS/Darwin.19.x

    Available at:
    https://ftp.sendmail.org/snapshots/sendmail.8.17.0.0.tar.gz https://ftp.sendmail.org/snapshots/sendmail.8.17.0.0.tar.gz.sig

    SHA256 (sendmail.8.17.0.0.tar.gz) = 786734fb6b6c1a14fa58beab90df9ed4dbcfe59128181e072066529e3284ad07
    SHA256 (sendmail.8.17.0.0.tar.gz.sig) = 8620871eadbb66a753e1e3ceef75bed181c19b8cb4cabb5633cea6fa5c10580a
    -----BEGIN PGP SIGNATURE-----

    iQIcBAEBAgAGBQJgkaGKAAoJEExm6o1L7hvulioP/juftpkYyugwh0jrZGcMPcea S0ENbdW6vkPh1x2DgJokpStXYyw1W5sTXCXPOR21xHlf1ncAbQjuWqiNPqub70cz kY61LioMyz4zndA7vpKPRXp6cPA1oCVm0JbboBDu0YMh2xDViMBs+nriAaWf8nVS 1Ui5KykvbUJ8Wz7MoBj0f/DCp9qUR21RBa72uM2C49KC7JUe4JD2j1DdeFHJNiL9 PTdS6mO0PpYl6E12DPr8gAJs8QEks83B9JGGUjUZUyUqyNXywcpZQwE0xXMTiCVE UJoxPafk+sfE2amj6/y/9jEZvGY+dhVVI4fNBXfbKLI2ik2fFY/AUNS02iduDm9I kjDGSykG/6i8YkhGOJx8G5Wbqvf9E9Bk2ZPSb86gjKu5211/AouVbiLGkKdtX8i4 PHEFCQOFwL92F3Gp/V5fOU6YGG1CQOYNPE+EWOFde/+WXQm0hJBZGv/x4qnzbKwn v42iw9xg6H5QEhjyNMf1h6OfMQyOHqKH3ee5bgrQjUD2jFJteCWteVcXiar7iAgu kiPSwcFPp4xiHBpU7yCbsIW095R7QRTbTi439f+3v102cXHspA6gD1Mc8JW4OHV2 hbEOZoTF8d/MMO9RMQX+gAn0DwhvlIVq+6Dgy/TRcUsPnlxixXO4Tfp38zKW6W43 8GJ+NlbGbZzcf0Vs8Z+J
    =15Q4
    -----END PGP SIGNATURE-----

    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Alex Haut@21:1/5 to All on Sun May 9 08:10:38 2021
    Hi Claus.

    I did not see _FFR_TLS_ALTNAMES listed as a pre-requisite for _FFR_MTA_STS. Not sure this was expected, but thought to let you know.

    cc -M -I. -I../../include -DNEWDB -DNETINET6 -DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS -DMAP_REGEX -DSOCKETMAP -DTLS_EC -DDNSSEC_TEST -DUSE_EAI -D_FFR_MTA_STS -DMILTER main.c alias.c arpadate.c bf.c collect.c conf.c control.c
    convtime.c daemon.c deliver.c domain.c envelope.c err.c headers.c macro.c map.c mci.c milter.c mime.c parseaddr.c queue.c ratectrl.c readcf.c recipient.c sasl.c savemail.c sfsasl.c shmticklib.c sm_resolve.c srvrsmtp.c stab.c stats.c sysexits.c timers.c
    tlsh.c tls.c trace.c udb.c usersmtp.c util.c version.c >> Makefile conf.c:6603:4: error: invalid preprocessing directive #ERROR
    6603 | # ERROR: "_FFR_MTA_STS requires _FFR_TLS_ALTNAMES"
    | ^~~~~
    make[1]: *** [Makefile:402: depend] Error 1

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to Alex Haut on Sun May 9 19:05:11 2021
    Alex Haut wrote:

    I did not see _FFR_TLS_ALTNAMES listed as a pre-requisite for _FFR_MTA_STS. Not sure
    this was expected, but thought to let you know.

    None of the pre-requisites were listed -- I've added them to the
    release notes, but I'm not sure that's a good place. Suggestions?


    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)