head	1.3;
access;
symbols
	RELENG_8_4:1.3.0.8
	RELENG_9_1_0_RELEASE:1.3
	RELENG_9_1:1.3.0.6
	RELENG_9_1_BP:1.3
	RELENG_8_3_0_RELEASE:1.2.2.1
	RELENG_8_3:1.2.2.1.0.2
	RELENG_8_3_BP:1.2.2.1
	RELENG_9_0_0_RELEASE:1.3
	RELENG_9_0:1.3.0.4
	RELENG_9_0_BP:1.3
	RELENG_9:1.3.0.2
	RELENG_9_BP:1.3
	RELENG_7_4_0_RELEASE:1.1.1.14.2.1
	RELENG_8_2_0_RELEASE:1.2
	RELENG_7_4:1.1.1.14.2.1.0.8
	RELENG_7_4_BP:1.1.1.14.2.1
	RELENG_8_2:1.2.0.8
	RELENG_8_2_BP:1.2
	RELENG_8_1_0_RELEASE:1.2
	RELENG_8_1:1.2.0.6
	RELENG_8_1_BP:1.2
	RELENG_7_3_0_RELEASE:1.1.1.14.2.1
	RELENG_7_3:1.1.1.14.2.1.0.6
	RELENG_7_3_BP:1.1.1.14.2.1
	RELENG_8_0_0_RELEASE:1.2
	RELENG_8_0:1.2.0.4
	RELENG_8_0_BP:1.2
	RELENG_8:1.2.0.2
	RELENG_8_BP:1.2
	RELENG_7_2_0_RELEASE:1.1.1.14.2.1
	RELENG_7_2:1.1.1.14.2.1.0.4
	RELENG_7_2_BP:1.1.1.14.2.1
	RELENG_7_1_0_RELEASE:1.1.1.14.2.1
	RELENG_6_4_0_RELEASE:1.1.1.13.2.2
	RELENG_7_1:1.1.1.14.2.1.0.2
	RELENG_7_1_BP:1.1.1.14.2.1
	RELENG_6_4:1.1.1.13.2.2.0.2
	RELENG_6_4_BP:1.1.1.13.2.2
	RELENG_7_0_0_RELEASE:1.1.1.14
	RELENG_6_3_0_RELEASE:1.1.1.13.2.1
	RELENG_7_0:1.1.1.14.0.4
	RELENG_7_0_BP:1.1.1.14
	RELENG_6_3:1.1.1.13.2.1.0.2
	RELENG_6_3_BP:1.1.1.13.2.1
	v8_14_2:1.1.1.14
	RELENG_7:1.1.1.14.0.2
	RELENG_7_BP:1.1.1.14
	v8_14_1:1.1.1.14
	RELENG_6_2_0_RELEASE:1.1.1.13
	RELENG_6_2:1.1.1.13.0.8
	RELENG_6_2_BP:1.1.1.13
	v8_13_8:1.1.1.13
	v8_13_7:1.1.1.13
	RELENG_5_5_0_RELEASE:1.1.1.12.2.1
	RELENG_5_5:1.1.1.12.2.1.0.4
	RELENG_5_5_BP:1.1.1.12.2.1
	RELENG_6_1_0_RELEASE:1.1.1.13
	RELENG_6_1:1.1.1.13.0.6
	RELENG_6_1_BP:1.1.1.13
	v8_13_6:1.1.1.13
	RELENG_6_0_0_RELEASE:1.1.1.13
	RELENG_6_0:1.1.1.13.0.4
	RELENG_6_0_BP:1.1.1.13
	RELENG_6:1.1.1.13.0.2
	RELENG_6_BP:1.1.1.13
	v8_13_4:1.1.1.13
	RELENG_5_4_0_RELEASE:1.1.1.12.2.1
	RELENG_5_4:1.1.1.12.2.1.0.2
	RELENG_5_4_BP:1.1.1.12.2.1
	v8_13_3:1.1.1.13
	RELENG_4_11_0_RELEASE:1.1.1.3.2.7
	RELENG_4_11:1.1.1.3.2.7.0.2
	RELENG_4_11_BP:1.1.1.3.2.7
	RELENG_5_3_0_RELEASE:1.1.1.12
	RELENG_5_3:1.1.1.12.0.4
	RELENG_5_3_BP:1.1.1.12
	RELENG_5:1.1.1.12.0.2
	RELENG_5_BP:1.1.1.12
	v8_13_1:1.1.1.12
	RELENG_4_10_0_RELEASE:1.1.1.3.2.6
	RELENG_4_10:1.1.1.3.2.6.0.6
	RELENG_4_10_BP:1.1.1.3.2.6
	RELENG_5_2_1_RELEASE:1.1.1.11
	v8_12_11:1.1.1.11
	RELENG_5_2_0_RELEASE:1.1.1.11
	RELENG_5_2:1.1.1.11.0.4
	RELENG_5_2_BP:1.1.1.11
	RELENG_4_9_0_RELEASE:1.1.1.3.2.6
	RELENG_4_9:1.1.1.3.2.6.0.4
	RELENG_4_9_BP:1.1.1.3.2.6
	v8_12_10:1.1.1.11
	RELENG_5_1_0_RELEASE:1.1.1.11
	RELENG_5_1:1.1.1.11.0.2
	RELENG_5_1_BP:1.1.1.11
	RELENG_4_8_0_RELEASE:1.1.1.3.2.6
	v8_12_9:1.1.1.11
	RELENG_4_8:1.1.1.3.2.6.0.2
	RELENG_4_8_BP:1.1.1.3.2.6
	v8_12_8:1.1.1.11
	v8_12_7:1.1.1.11
	RELENG_5_0_0_RELEASE:1.1.1.10
	RELENG_5_0:1.1.1.10.0.2
	RELENG_5_0_BP:1.1.1.10
	RELENG_4_7_0_RELEASE:1.1.1.3.2.5
	RELENG_4_7:1.1.1.3.2.5.0.4
	RELENG_4_7_BP:1.1.1.3.2.5
	v8_12_6:1.1.1.10
	RELENG_4_6_2_RELEASE:1.1.1.3.2.5
	RELENG_4_6_1_RELEASE:1.1.1.3.2.5
	v8_12_5:1.1.1.10
	v8_12_4:1.1.1.10
	RELENG_4_6_0_RELEASE:1.1.1.3.2.5
	RELENG_4_6:1.1.1.3.2.5.0.2
	RELENG_4_6_BP:1.1.1.3.2.5
	v8_12_3_20020420:1.1.1.9
	v8_12_3:1.1.1.8
	v8_12_2:1.1.1.7
	RELENG_4_5_0_RELEASE:1.1.1.3.2.3
	RELENG_4_5:1.1.1.3.2.3.0.4
	RELENG_4_5_BP:1.1.1.3.2.3
	RELENG_4_4_0_RELEASE:1.1.1.3.2.3
	RELENG_4_4:1.1.1.3.2.3.0.2
	RELENG_4_4_BP:1.1.1.3.2.3
	v8_11_6:1.1.1.6
	v8_11_5:1.1.1.6
	v8_11_4:1.1.1.5
	RELENG_4_3_0_RELEASE:1.1.1.3.2.2
	RELENG_4_3:1.1.1.3.2.2.0.2
	RELENG_4_3_BP:1.1.1.3.2.2
	v8_11_3:1.1.1.5
	v8_11_2:1.1.1.5
	RELENG_4_2_0_RELEASE:1.1.1.3.2.2
	v8_11_1:1.1.1.5
	RELENG_4_1_1_RELEASE:1.1.1.3.2.1
	PRE_SMPNG:1.1.1.4
	v8_11_0:1.1.1.4
	RELENG_4_1_0_RELEASE:1.1.1.3
	RELENG_3_5_0_RELEASE:1.1.1.2.2.1
	RELENG_4_0_0_RELEASE:1.1.1.3
	RELENG_4:1.1.1.3.0.2
	RELENG_4_BP:1.1.1.3
	RELENG_3_4_0_RELEASE:1.1.1.2.2.1
	RELENG_3_3_0_RELEASE:1.1.1.2.2.1
	RELENG_3_2_PAO:1.1.1.2.2.1.0.2
	RELENG_3_2_PAO_BP:1.1.1.2.2.1
	RELENG_3_2_0_RELEASE:1.1.1.2.2.1
	RELENG_3_1_0_RELEASE:1.1.1.2
	v8_9_3:1.1.1.3
	v8_9_2_header:1.1.1.2
	RELENG_3:1.1.1.2.0.2
	RELENG_3_BP:1.1.1.2
	v8_9_2:1.1.1.2
	RELENG_3_0_0_RELEASE:1.1.1.1
	v8_9_1:1.1.1.1
	SENDMAIL:1.1.1;
locks; strict;
comment	@# @;


1.3
date	2011.06.14.04.20.18;	author gshapiro;	state Exp;
branches
	1.3.8.1;
next	1.2;

1.2
date	2008.08.28.06.08.29;	author gshapiro;	state Exp;
branches
	1.2.2.1;
next	1.1;

1.1
date	98.08.03.05.56.19;	author peter;	state Exp;
branches
	1.1.1.1;
next	;

1.3.8.1
date	2011.06.14.04.20.18;	author svnexp;	state dead;
branches;
next	1.3.8.2;

1.3.8.2
date	2013.03.28.13.01.56;	author svnexp;	state Exp;
branches;
next	;

1.2.2.1
date	2011.06.20.01.43.14;	author gshapiro;	state Exp;
branches;
next	;

1.1.1.1
date	98.08.03.05.56.19;	author peter;	state Exp;
branches;
next	1.1.1.2;

1.1.1.2
date	99.01.12.12.24.09;	author peter;	state Exp;
branches
	1.1.1.2.2.1;
next	1.1.1.3;

1.1.1.3
date	99.02.07.09.40.33;	author peter;	state Exp;
branches
	1.1.1.3.2.1;
next	1.1.1.4;

1.1.1.4
date	2000.08.12.21.54.21;	author gshapiro;	state Exp;
branches;
next	1.1.1.5;

1.1.1.5
date	2000.10.01.01.47.36;	author gshapiro;	state Exp;
branches;
next	1.1.1.6;

1.1.1.6
date	2001.08.01.01.33.22;	author gshapiro;	state Exp;
branches;
next	1.1.1.7;

1.1.1.7
date	2002.02.17.21.56.38;	author gshapiro;	state Exp;
branches;
next	1.1.1.8;

1.1.1.8
date	2002.04.10.03.04.47;	author gshapiro;	state Exp;
branches;
next	1.1.1.9;

1.1.1.9
date	2002.04.20.20.31.37;	author gshapiro;	state Exp;
branches;
next	1.1.1.10;

1.1.1.10
date	2002.06.11.21.11.49;	author gshapiro;	state Exp;
branches;
next	1.1.1.11;

1.1.1.11
date	2003.02.08.20.30.49;	author gshapiro;	state Exp;
branches;
next	1.1.1.12;

1.1.1.12
date	2004.08.01.01.04.11;	author gshapiro;	state Exp;
branches
	1.1.1.12.2.1;
next	1.1.1.13;

1.1.1.13
date	2005.02.14.02.29.17;	author gshapiro;	state Exp;
branches
	1.1.1.13.2.1;
next	1.1.1.14;

1.1.1.14
date	2007.04.09.01.38.48;	author gshapiro;	state Exp;
branches
	1.1.1.14.2.1;
next	;

1.1.1.2.2.1
date	99.04.07.09.29.05;	author peter;	state Exp;
branches;
next	;

1.1.1.3.2.1
date	2000.08.27.17.30.58;	author gshapiro;	state Exp;
branches;
next	1.1.1.3.2.2;

1.1.1.3.2.2
date	2000.10.10.05.07.15;	author gshapiro;	state Exp;
branches;
next	1.1.1.3.2.3;

1.1.1.3.2.3
date	2001.08.01.03.19.26;	author gshapiro;	state Exp;
branches;
next	1.1.1.3.2.4;

1.1.1.3.2.4
date	2002.03.25.21.24.01;	author gshapiro;	state Exp;
branches;
next	1.1.1.3.2.5;

1.1.1.3.2.5
date	2002.04.17.01.59.31;	author gshapiro;	state Exp;
branches;
next	1.1.1.3.2.6;

1.1.1.3.2.6
date	2003.02.13.18.03.13;	author gshapiro;	state Exp;
branches;
next	1.1.1.3.2.7;

1.1.1.3.2.7
date	2004.08.09.00.15.34;	author gshapiro;	state Exp;
branches;
next	1.1.1.3.2.8;

1.1.1.3.2.8
date	2005.02.19.17.21.27;	author gshapiro;	state Exp;
branches;
next	1.1.1.3.2.9;

1.1.1.3.2.9
date	2007.04.12.03.12.55;	author gshapiro;	state Exp;
branches;
next	;

1.1.1.12.2.1
date	2005.02.19.17.15.24;	author gshapiro;	state Exp;
branches;
next	1.1.1.12.2.2;

1.1.1.12.2.2
date	2007.04.12.03.12.19;	author gshapiro;	state Exp;
branches;
next	;

1.1.1.13.2.1
date	2007.04.12.03.11.33;	author gshapiro;	state Exp;
branches;
next	1.1.1.13.2.2;

1.1.1.13.2.2
date	2008.08.30.00.21.55;	author gshapiro;	state Exp;
branches;
next	;

1.1.1.14.2.1
date	2008.08.30.00.20.49;	author gshapiro;	state Exp;
branches;
next	1.1.1.14.2.2;

1.1.1.14.2.2
date	2011.06.20.02.04.20;	author gshapiro;	state Exp;
branches;
next	;


desc
@@


1.3
log
@SVN rev 223067 on 2011-06-14 04:20:18Z by gshapiro

Merge sendmail 8.14.5 to HEAD

MFC after:	4 days
@
text
@

	     K N O W N   B U G S   I N   S E N D M A I L


The following are bugs or deficiencies in sendmail that we are aware of
but which have not been fixed in the current release.  You probably
want to get the most up to date version of this from ftp.sendmail.org
in /pub/sendmail/KNOWNBUGS.  For descriptions of bugs that have been
fixed, see the file RELEASE_NOTES (in the root directory of the sendmail
distribution).

This list is not guaranteed to be complete.

* Header values which are too long may be truncated.

  If a value of a structured header is longer than 256 (MAXNAME)
  characters then it may be truncated during output. For example,
  if a single address in the To: header is longer than 256 characters
  then it will be truncated which may result in a syntactically
  invalid address.

* Delivery to programs that generate too much output may cause problems

  If e-mail is delivered to a program which generates too much
  output, then sendmail may issue an error:

  timeout waiting for input from local during Draining Input

  Make sure that the program does not generate output beyond a
  status message (corresponding to the exit status).  This may
  require a wrapper around the actual program to redirect output
  to /dev/null.

  Such a problem has been reported for bulk_mailer.

* Null bytes are not handled properly in headers.

  Sendmail should handle full binary data.  As it stands, it handles
  all values in the body, but not 0x00 in the header.  Changing
  this would require a major restructuring of the code -- for
  example, almost no C library support could be used to handle
  strings.

* Header checks are not called if header value is too long or empty.

  If the value of a header is longer than 1250 (MAXNAME + MAXATOM - 6)
  characters or it contains a single word longer than 256 (MAXNAME)
  characters then no header check is done even if one is configured for
  the header.

* Header lines which are too long will be split incorrectly.

  Header lines which are longer than 2045 characters will be split
  but some characters might be lost.  Fix: obey RFC (2)822 and do not
  send lines that are longer than 1000 characters.

* milter communication fails if a single header is larger than 64K.

  If a single header is larger than 64KB (which is not possible in the
  default configuration) then it cannot be transferred in one block to
  libmilter and hence the communication fails.  This can be avoided by
  increasing the constant MILTER_CHUNK_SIZE in
  include/libmilter/mfdef.h and recompiling sendmail, libmilter, and
  all (statically linked) milters (or by using an undocumented compile
  time option:  _FFR_MAXDATASIZE; you have to read the source code in
  order to use this properly).

* Sender addresses whose domain part cause a temporary A record lookup
  failure but have a valid MX record will be temporarily rejected in
  the default configuration.  Solution: fix the DNS at the sender side.
  If that's not easy to achieve, possible workarounds are:
  - add an entry to the access map:
	dom.ain	OK
  - (only for advanced users) replace

# Resolve map (to check if a host exists in check_mail)
Kresolve host -a<OKR> -T<TEMP>

   with

# Resolve map (to check if a host exists in check_mail)
Kcanon host -a<OKR> -T<TEMP>
Kdnsmx dns -R MX -a<OKR> -T<TEMP>
Kresolve sequence dnsmx canon


* Duplicate error messages.

  Sometimes identical, duplicate error messages can be generated.  As
  near as I can tell, this is rare and relatively innocuous.

* Misleading error messages.

  If an illegal address is specified on the command line together
  with at least one valid address and PostmasterCopy is set, the
  DSN does not contain the illegal address, but only the valid
  address(es).

* \231 considered harmful.

  Header addresses that have the \231 character (and possibly others
  in the range \201 - \237) behave in odd and usually unexpected ways.

* accept() problem on SVR4.

  Apparently, the sendmail daemon loop (doing accept()s on the network)
  can get into a weird state on SVR4; it starts logging ``SYSERR:
  getrequests: accept: Protocol Error''.  The workaround is to kill
  and restart the sendmail daemon.  We don't have an SVR4 system at
  Berkeley that carries more than token mail load, so I can't validate
  this.  It is likely to be a glitch in the sockets emulation, since
  "Protocol Error" is not possible error code with Berkeley TCP/IP.

  I've also had someone report the message ``sendmail: accept:
  SIOCGPGRP failed errno 22'' on an SVR4 system.  This message is
  not in the sendmail source code, so I assume it is also a bug
  in the sockets emulation.  (Errno 22 is EINVAL "Invalid Argument"
  on all the systems I have available, including Solaris 2.x.)
  Apparently, this problem is due to linking -lc before -lsocket;
  if you are having this problem, check your Makefile.

* accept() problem on Linux.

  The accept() in sendmail daemon loop can return ETIMEDOUT.  An
  error is reported to syslog:

  Jun  9 17:14:12 hostname sendmail[207]: NOQUEUE: SYSERR(root):
			getrequests: accept: Connection timed out

  "Connection timed out" is not documented as a valid return from
  accept(2) and this was believed to be a bug in the Linux kernel.
  Later information from the Linux kernel group states that Linux
  2.0 kernels follow RFC1122 while sendmail follows the original BSD
  (now POSIX 1003.1g draft) specification.  The 2.1.X and later kernels
  will follow the POSIX draft.

* Excessive mailing list nesting can run out of file descriptors.

  If you have a mailing list that includes lots of other mailing
  lists, each of which has a separate owner, you can run out of
  file descriptors.  Each mailing list with a separate owner uses
  one open file descriptor (prior to 8.6.6 it was three open
  file descriptors per list).  This is particularly egregious if
  you have your connection cache set to be large.

* Connection caching breaks if you pass the port number as an argument.

  If you have a definition such as:

	  Mport,          P=[IPC], F=kmDFMuX, S=11/31, R=21,
			  M=2100000, T=DNS/RFC822/SMTP,
			  A=IPC [127.0.0.1] $h

  (i.e., where $h is the port number instead of the host name) the
  connection caching code will break because it won't notice that
  two messages addressed to different ports should use different
  connections.

* ESMTP SIZE underestimates the size of a message

  Sendmail makes no allowance for headers that it adds, nor does it
  account for the SMTP on-the-wire \r\n expansion.  It probably doesn't
  allow for 8->7 bit MIME conversions either.

* Client ignores SIZE parameter.

  When sendmail acts as client and the server specifies a limit
  for the mail size, sendmail will ignore this and try to send the
  mail anyway.  The server will usually reject the MAIL command
  which specifies the size of the message and hence this problem
  is not significant.

* Paths to programs being executed and the mode of program files are
  not checked.  Essentially, the RunProgramInUnsafeDirPath and
  RunWritableProgram bits in the DontBlameSendmail option are always
  set.  This is not a problem if your system is well managed (that is,
  if binaries and system directories are mode 755 instead of something
  foolish like 777).

* 8-bit data in GECOS field

  If the GECOS (personal name) information in the passwd file contains
  8-bit characters, those characters can be included in the message
  header, which can cause problems when sending SMTP to hosts that
  only accept 7-bit characters.

* 8->7 bit MIME conversion

  When sendmail is doing 8->7 bit MIME conversions, and the message
  contains certain MIME body types that cannot be converted to 7-bit,
  sendmail will pass the message as 8-bit.

* 7->8 bit MIME conversion

  If a message that is encoded as 7-bit MIME is converted to 8-bit and
  that message when decoded is illegal (e.g., because of long lines or
  illegal characters), sendmail can produce an illegal message.

* MIME encoded full name phrases in the From: header

  If a full name phrase includes characters from MustQuoteChars, sendmail
  will quote the entire full name phrase.  If MustQuoteChars includes
  characters which are not special characters according to STD 11 (RFC
  822), this quotation can interfere with MIME encoded full name phrases.
  By default, sendmail includes the single quote character (') in
  MustQuoteChars even though it is not listed as a special character in
  STD 11.

* bestmx map with -z flag truncates the list of MX hosts

  A bestmx map configured with the -z flag will truncate the list
  of MX hosts.  This prevents creation of strings which are too
  long for ruleset parsing.  This can have an adverse effect on the
  relay_based_on_MX feature.

* Saving to ~sender/dead.letter fails if su'ed to root

  If ErrorMode is set to print and an error in sending mail occurs,
  the normal action is to print a message to the screen and append
  the message to a dead.letter file in the sender's home directory.
  In the case where the sender is using su to act as root, the file
  safety checks prevent sendmail from saving the dead.letter file
  because the sender's uid and the current real uid do not match.

* Berkeley DB 2.X race condition with fcntl() locking

  There is a race condition for Berkeley DB 2.X databases on
  operating systems which use fcntl() style locking, such as
  Solaris.  Sendmail locks the map before calling db_open() to
  prevent others from modifying the map while it is being opened.
  Unfortunately, Berkeley DB opens the map, closes it, and then
  reopens it.  fcntl() locking drops the lock when any file
  descriptor pointing to the file is closed, even if it is a
  different file descriptor than the one used to initially lock
  the file.  As a result there is a possibility that entries in a
  map might not be found during a map rebuild.  As a workaround,
  you can use makemap to build a map with a new name and then
  "mv" the new db file to replace the old one.

  Sleepycat Software has added code to avoid this race condition to
  Berkeley DB versions after 2.7.5.

* File open timeouts not available on hard mounted NFS file systems

  Since SIGALRM does not interrupt an RPC call for hard mounted
  NFS file systems, it is impossible to implement a timeout on a file
  open operation.  Therefore, while the NFS server is not responding,
  attempts to open a file on that server will hang.  Systems with
  local mail delivery and NFS hard mounted home directories should be
  avoided, as attempts to open the forward files could hang.

* Race condition for delivery to set-user-ID files

  Sendmail will deliver to a fail if the file is owned by the DefaultUser
  or has the set-user-ID bit set.  Unfortunately, some systems clear that bit
  when a file is modified.  Sendmail compensates by resetting the file mode
  back to it's original settings.  Unfortunately, there's still a
  permission failure race as sendmail checks the permissions before locking
  the file.  This is unavoidable as sendmail must verify the file is safe
  to open before opening it.  A file can not be locked until it is open.

* MAIL_HUB always takes precedence over LOCAL_RELAY

  Despite the information in the documentation, MAIL_HUB ($H) will always
  be used if set instead of LOCAL_RELAY ($R).  This will be fixed in a
  future version.

$Revision: 8.61 $, Last updated $Date: 2011/04/07 17:48:23 $
@


1.3.8.1
log
@file KNOWNBUGS was added on branch RELENG_8_4 on 2013-03-28 13:01:56 +0000
@
text
@d1 269
@


1.3.8.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 269


	     K N O W N   B U G S   I N   S E N D M A I L


The following are bugs or deficiencies in sendmail that we are aware of
but which have not been fixed in the current release.  You probably
want to get the most up to date version of this from ftp.sendmail.org
in /pub/sendmail/KNOWNBUGS.  For descriptions of bugs that have been
fixed, see the file RELEASE_NOTES (in the root directory of the sendmail
distribution).

This list is not guaranteed to be complete.

* Header values which are too long may be truncated.

  If a value of a structured header is longer than 256 (MAXNAME)
  characters then it may be truncated during output. For example,
  if a single address in the To: header is longer than 256 characters
  then it will be truncated which may result in a syntactically
  invalid address.

* Delivery to programs that generate too much output may cause problems

  If e-mail is delivered to a program which generates too much
  output, then sendmail may issue an error:

  timeout waiting for input from local during Draining Input

  Make sure that the program does not generate output beyond a
  status message (corresponding to the exit status).  This may
  require a wrapper around the actual program to redirect output
  to /dev/null.

  Such a problem has been reported for bulk_mailer.

* Null bytes are not handled properly in headers.

  Sendmail should handle full binary data.  As it stands, it handles
  all values in the body, but not 0x00 in the header.  Changing
  this would require a major restructuring of the code -- for
  example, almost no C library support could be used to handle
  strings.

* Header checks are not called if header value is too long or empty.

  If the value of a header is longer than 1250 (MAXNAME + MAXATOM - 6)
  characters or it contains a single word longer than 256 (MAXNAME)
  characters then no header check is done even if one is configured for
  the header.

* Header lines which are too long will be split incorrectly.

  Header lines which are longer than 2045 characters will be split
  but some characters might be lost.  Fix: obey RFC (2)822 and do not
  send lines that are longer than 1000 characters.

* milter communication fails if a single header is larger than 64K.

  If a single header is larger than 64KB (which is not possible in the
  default configuration) then it cannot be transferred in one block to
  libmilter and hence the communication fails.  This can be avoided by
  increasing the constant MILTER_CHUNK_SIZE in
  include/libmilter/mfdef.h and recompiling sendmail, libmilter, and
  all (statically linked) milters (or by using an undocumented compile
  time option:  _FFR_MAXDATASIZE; you have to read the source code in
  order to use this properly).

* Sender addresses whose domain part cause a temporary A record lookup
  failure but have a valid MX record will be temporarily rejected in
  the default configuration.  Solution: fix the DNS at the sender side.
  If that's not easy to achieve, possible workarounds are:
  - add an entry to the access map:
	dom.ain	OK
  - (only for advanced users) replace

# Resolve map (to check if a host exists in check_mail)
Kresolve host -a<OKR> -T<TEMP>

   with

# Resolve map (to check if a host exists in check_mail)
Kcanon host -a<OKR> -T<TEMP>
Kdnsmx dns -R MX -a<OKR> -T<TEMP>
Kresolve sequence dnsmx canon


* Duplicate error messages.

  Sometimes identical, duplicate error messages can be generated.  As
  near as I can tell, this is rare and relatively innocuous.

* Misleading error messages.

  If an illegal address is specified on the command line together
  with at least one valid address and PostmasterCopy is set, the
  DSN does not contain the illegal address, but only the valid
  address(es).

* \231 considered harmful.

  Header addresses that have the \231 character (and possibly others
  in the range \201 - \237) behave in odd and usually unexpected ways.

* accept() problem on SVR4.

  Apparently, the sendmail daemon loop (doing accept()s on the network)
  can get into a weird state on SVR4; it starts logging ``SYSERR:
  getrequests: accept: Protocol Error''.  The workaround is to kill
  and restart the sendmail daemon.  We don't have an SVR4 system at
  Berkeley that carries more than token mail load, so I can't validate
  this.  It is likely to be a glitch in the sockets emulation, since
  "Protocol Error" is not possible error code with Berkeley TCP/IP.

  I've also had someone report the message ``sendmail: accept:
  SIOCGPGRP failed errno 22'' on an SVR4 system.  This message is
  not in the sendmail source code, so I assume it is also a bug
  in the sockets emulation.  (Errno 22 is EINVAL "Invalid Argument"
  on all the systems I have available, including Solaris 2.x.)
  Apparently, this problem is due to linking -lc before -lsocket;
  if you are having this problem, check your Makefile.

* accept() problem on Linux.

  The accept() in sendmail daemon loop can return ETIMEDOUT.  An
  error is reported to syslog:

  Jun  9 17:14:12 hostname sendmail[207]: NOQUEUE: SYSERR(root):
			getrequests: accept: Connection timed out

  "Connection timed out" is not documented as a valid return from
  accept(2) and this was believed to be a bug in the Linux kernel.
  Later information from the Linux kernel group states that Linux
  2.0 kernels follow RFC1122 while sendmail follows the original BSD
  (now POSIX 1003.1g draft) specification.  The 2.1.X and later kernels
  will follow the POSIX draft.

* Excessive mailing list nesting can run out of file descriptors.

  If you have a mailing list that includes lots of other mailing
  lists, each of which has a separate owner, you can run out of
  file descriptors.  Each mailing list with a separate owner uses
  one open file descriptor (prior to 8.6.6 it was three open
  file descriptors per list).  This is particularly egregious if
  you have your connection cache set to be large.

* Connection caching breaks if you pass the port number as an argument.

  If you have a definition such as:

	  Mport,          P=[IPC], F=kmDFMuX, S=11/31, R=21,
			  M=2100000, T=DNS/RFC822/SMTP,
			  A=IPC [127.0.0.1] $h

  (i.e., where $h is the port number instead of the host name) the
  connection caching code will break because it won't notice that
  two messages addressed to different ports should use different
  connections.

* ESMTP SIZE underestimates the size of a message

  Sendmail makes no allowance for headers that it adds, nor does it
  account for the SMTP on-the-wire \r\n expansion.  It probably doesn't
  allow for 8->7 bit MIME conversions either.

* Client ignores SIZE parameter.

  When sendmail acts as client and the server specifies a limit
  for the mail size, sendmail will ignore this and try to send the
  mail anyway.  The server will usually reject the MAIL command
  which specifies the size of the message and hence this problem
  is not significant.

* Paths to programs being executed and the mode of program files are
  not checked.  Essentially, the RunProgramInUnsafeDirPath and
  RunWritableProgram bits in the DontBlameSendmail option are always
  set.  This is not a problem if your system is well managed (that is,
  if binaries and system directories are mode 755 instead of something
  foolish like 777).

* 8-bit data in GECOS field

  If the GECOS (personal name) information in the passwd file contains
  8-bit characters, those characters can be included in the message
  header, which can cause problems when sending SMTP to hosts that
  only accept 7-bit characters.

* 8->7 bit MIME conversion

  When sendmail is doing 8->7 bit MIME conversions, and the message
  contains certain MIME body types that cannot be converted to 7-bit,
  sendmail will pass the message as 8-bit.

* 7->8 bit MIME conversion

  If a message that is encoded as 7-bit MIME is converted to 8-bit and
  that message when decoded is illegal (e.g., because of long lines or
  illegal characters), sendmail can produce an illegal message.

* MIME encoded full name phrases in the From: header

  If a full name phrase includes characters from MustQuoteChars, sendmail
  will quote the entire full name phrase.  If MustQuoteChars includes
  characters which are not special characters according to STD 11 (RFC
  822), this quotation can interfere with MIME encoded full name phrases.
  By default, sendmail includes the single quote character (') in
  MustQuoteChars even though it is not listed as a special character in
  STD 11.

* bestmx map with -z flag truncates the list of MX hosts

  A bestmx map configured with the -z flag will truncate the list
  of MX hosts.  This prevents creation of strings which are too
  long for ruleset parsing.  This can have an adverse effect on the
  relay_based_on_MX feature.

* Saving to ~sender/dead.letter fails if su'ed to root

  If ErrorMode is set to print and an error in sending mail occurs,
  the normal action is to print a message to the screen and append
  the message to a dead.letter file in the sender's home directory.
  In the case where the sender is using su to act as root, the file
  safety checks prevent sendmail from saving the dead.letter file
  because the sender's uid and the current real uid do not match.

* Berkeley DB 2.X race condition with fcntl() locking

  There is a race condition for Berkeley DB 2.X databases on
  operating systems which use fcntl() style locking, such as
  Solaris.  Sendmail locks the map before calling db_open() to
  prevent others from modifying the map while it is being opened.
  Unfortunately, Berkeley DB opens the map, closes it, and then
  reopens it.  fcntl() locking drops the lock when any file
  descriptor pointing to the file is closed, even if it is a
  different file descriptor than the one used to initially lock
  the file.  As a result there is a possibility that entries in a
  map might not be found during a map rebuild.  As a workaround,
  you can use makemap to build a map with a new name and then
  "mv" the new db file to replace the old one.

  Sleepycat Software has added code to avoid this race condition to
  Berkeley DB versions after 2.7.5.

* File open timeouts not available on hard mounted NFS file systems

  Since SIGALRM does not interrupt an RPC call for hard mounted
  NFS file systems, it is impossible to implement a timeout on a file
  open operation.  Therefore, while the NFS server is not responding,
  attempts to open a file on that server will hang.  Systems with
  local mail delivery and NFS hard mounted home directories should be
  avoided, as attempts to open the forward files could hang.

* Race condition for delivery to set-user-ID files

  Sendmail will deliver to a fail if the file is owned by the DefaultUser
  or has the set-user-ID bit set.  Unfortunately, some systems clear that bit
  when a file is modified.  Sendmail compensates by resetting the file mode
  back to it's original settings.  Unfortunately, there's still a
  permission failure race as sendmail checks the permissions before locking
  the file.  This is unavoidable as sendmail must verify the file is safe
  to open before opening it.  A file can not be locked until it is open.

* MAIL_HUB always takes precedence over LOCAL_RELAY

  Despite the information in the documentation, MAIL_HUB ($H) will always
  be used if set instead of LOCAL_RELAY ($R).  This will be fixed in a
  future version.

$Revision: 8.61 $, Last updated $Date: 2011/04/07 17:48:23 $
@


1.2
log
@SVN rev 182352 on 2008-08-28 06:08:29Z by gshapiro

Merge sendmail 8.14.3 into HEAD.

Note: As the first merge since the conversion to svn, it includes many
propset changes to get the proper svn:eol-style and svn:mime-type on the
files (as merged from the fixed up vendor/dist area).

MFC after:	3 days
@
text
@d15 8
d269 1
a269 1
$Revision: 8.60 $, Last updated $Date: 2007/12/04 01:16:50 $
@


1.2.2.1
log
@SVN rev 223315 on 2011-06-20 01:43:14Z by gshapiro

Merge sendmail 8.14.5 to RELENG_8
@
text
@a14 8
* Header values which are too long may be truncated.

  If a value of a structured header is longer than 256 (MAXNAME)
  characters then it may be truncated during output. For example,
  if a single address in the To: header is longer than 256 characters
  then it will be truncated which may result in a syntactically
  invalid address.

d261 1
a261 1
$Revision: 8.61 $, Last updated $Date: 2011/04/07 17:48:23 $
@


1.1
log
@Initial revision
@
text
@a3 1
			     (for 8.9.0)
d6 1
a6 1
The following are bugs or deficiencies in sendmail that I am aware of
d8 1
a8 1
want to get the most up to date version of this from ftp.sendmail.org	
d15 13
d32 47
a78 4
  all values in the body, but only 0x01-0x80 and 0xA0-0xFF in
  the header.  Notably missing is 0x00, which would require a major
  restructuring of the code -- for example, almost no C library support
  could be used to handle strings.
d85 1
a85 1
* $c (hop count) macro improperly set.
d87 4
a90 10
  The $c macro is supposed to contain the current hop count, for use
  when calling a mailer.  This macro is initialized too early, and
  is always zero (or the value of the -c command line flag, if any).
  This macro will probably be removed entirely in a future release;
  I don't believe there are any mailers left that require it.

* If you EXPN a list or user that has a program mailer, the output of
  EXPN will include ``@@local.host.name''.  You can't actually mail to
  this address.  It's not clear what the right behavior is in this
  circumstance.
d117 2
a118 3
  Apparently, the accept() in sendmail daemon loop can return ETIMEDOUT
  and cause sendmail to sleep for 5 seconds during which time no new
  connections will be accepted.  An error is reported to syslog:
d158 8
d184 1
a184 1
  sendmail will strip the message to 7-bit.
d194 4
a197 4
  If a full name phrase includes characters from MustQuoteChars, sendmail  
  will quote the entire full name phrase. If MustQuoteChars includes  
  characters which are not special characters according to STD 11 (RFC  
  822), this quotation can interfere with MIME encoded full name phrases. 
d202 58
d261 1
a261 1
(Version 8.32, last updated 6/30/98)
@


1.1.1.1
log
@Import sendmail-8.9.1 (slightly trimmed) onto a fresh branch under
src/contrib as per various discussions.  I will copy across our changes
and then point the Makefiles across once the dust has settled..
@
text
@@


1.1.1.2
log
@Import sendmail-8.9.2 onto vendor branch  (update from 8.9.1)

Obtained from: ftp.sendamil.org
@
text
@d68 3
a70 2
  The accept() in sendmail daemon loop can return ETIMEDOUT.  An
  error is reported to syslog:
a145 1
* bestmx map with -z flag truncates the list of MX hosts
d147 1
a147 7
  A bestmx map configured with the -z flag will truncate the list
  of MX hosts.  This prevents creation of strings which are too
  long for ruleset parsing.  This can have an adverse effect on the
  relay_based_on_MX feature.


(Version 8.34, last updated 12/17/1998)
@


1.1.1.2.2.1
log
@MFC: Upgrade sendmail from patched 8.9.2 to proper 8.9.3
@
text
@a151 1
* Saving to ~sender/dead.letter fails if su'ed to root
d153 1
a153 32
  If ErrorMode is set to print and an error in sending mail occurs,
  the normal action is to print a message to the screen and append
  the message to a dead.letter file in the sender's home directory.
  In the case where the sender is using su to act as root, the file
  safety checks prevent sendmail from saving the dead.letter file
  because the sender's uid and the current real uid do not match.
  
* Berkeley DB 2.X race condition with fcntl() locking

  There is a race condition for Berkeley DB 2.X databases on
  operating systems which use fcntl() style locking, such as
  Solaris.  Sendmail locks the map before calling db_open() to
  prevent others from modifying the map while it is being opened.
  Unfortunately, Berkeley DB opens the map, closes it, and then
  reopens it.  fcntl() locking drops the lock when any file
  descriptor pointing to the file is closed, even if it is a
  different file descriptor than the one used to initially lock
  the file.  As a result there is a possibility that entries in a
  map might not be found during a map rebuild.  As a workaround,
  you can use makemap to build a map with a new name and then
  "mv" the new db file to replace the old one.

* File open timeouts not available on hard mounted NFS file systems

  Since SIGALRM does not interrupt an RPC call for hard mounted
  NFS file systems, it is impossible to implement a timeout on a file
  open operation.  Therefore, while the NFS server is not responding,
  attempts to open a file on that server will hang.  Systems with
  local mail delivery and NFS hard mounted home directories should be
  avoided, as attempts to open the forward files could hang.

(Version 8.36, last updated 2/4/1999)
@


1.1.1.3
log
@Import sendmail 8.9.3 onto vendor branch, replacing previous interim
8.9.2 + patches version.

Obtained from: ftp.sendmail.org
@
text
@a151 1
* Saving to ~sender/dead.letter fails if su'ed to root
d153 1
a153 32
  If ErrorMode is set to print and an error in sending mail occurs,
  the normal action is to print a message to the screen and append
  the message to a dead.letter file in the sender's home directory.
  In the case where the sender is using su to act as root, the file
  safety checks prevent sendmail from saving the dead.letter file
  because the sender's uid and the current real uid do not match.
  
* Berkeley DB 2.X race condition with fcntl() locking

  There is a race condition for Berkeley DB 2.X databases on
  operating systems which use fcntl() style locking, such as
  Solaris.  Sendmail locks the map before calling db_open() to
  prevent others from modifying the map while it is being opened.
  Unfortunately, Berkeley DB opens the map, closes it, and then
  reopens it.  fcntl() locking drops the lock when any file
  descriptor pointing to the file is closed, even if it is a
  different file descriptor than the one used to initially lock
  the file.  As a result there is a possibility that entries in a
  map might not be found during a map rebuild.  As a workaround,
  you can use makemap to build a map with a new name and then
  "mv" the new db file to replace the old one.

* File open timeouts not available on hard mounted NFS file systems

  Since SIGALRM does not interrupt an RPC call for hard mounted
  NFS file systems, it is impossible to implement a timeout on a file
  open operation.  Therefore, while the NFS server is not responding,
  attempts to open a file on that server will hang.  Systems with
  local mail delivery and NFS hard mounted home directories should be
  avoided, as attempts to open the forward files could hang.

(Version 8.36, last updated 2/4/1999)
@


1.1.1.3.2.1
log
@MFC: Import of sendmail 8.11.0.
     Includes: moving /etc/aliases to /etc/mail/aliases, removing outdated
               documentation, and updating freebsd.mc for new syntax.
@
text
@d4 1
a4 1
			     (for 8.9.3)
d9 1
a9 1
want to get the most up to date version of this from ftp.sendmail.org
d38 5
d137 4
a140 4
  If a full name phrase includes characters from MustQuoteChars, sendmail
  will quote the entire full name phrase. If MustQuoteChars includes
  characters which are not special characters according to STD 11 (RFC
  822), this quotation can interfere with MIME encoded full name phrases.
d160 1
a160 1

a175 3
  Sleepycat Software has added code to avoid this race condition to
  Berkeley DB versions after 2.7.5.

d185 1
a185 19
* Race condition for delivery to setuid files

  Sendmail will deliver to a fail if the file is owned by the DefaultUser
  or has the setuid bit set.  Unfortunately, some systems clear that bit
  when a file is modified.  Sendmail compensates by resetting the file mode 
  back to it's original settings.  Unfortunately, there's still a
  permission failure race as sendmail checks the permissions before locking 
  the file.  This is unavoidable as sendmail must verify the file is safe
  to open before opening it.  A file can not be locked until it is open.

* Potential denial of service attack with AutoRebuildAliases

  There is a potential for a denial of service attack if the
  AutoRebuildAliases option is set as a user can kill the sendmail process
  while it is rebuilding the aliases file leaving it in an inconsistent
  state.  This option and it's use is deprecated and will be removed from a
  future version of sendmail.

$Revision: 8.43 $, Last updated $Date: 1999/11/17 18:56:09 $
@


1.1.1.3.2.2
log
@MFC: Import of sendmail 8.11.1.
@
text
@d4 1
a15 14
* Delivery to programs that generate too much output may cause problems
  (8.10, 8.11)

  If e-mail is delivered to a program which generates too much
  output, then sendmail may issue an error:

  timeout waiting for input from local during Draining Input

  Make sure that the program does not generate output beyond a
  status message (corresponding to the exit status).  This may
  require a wrapper around the actual program to redirect output
  to /dev/null.

  Such a problem has been reported for bulk_mailer.
d201 1
a201 1
$Revision: 8.43.16.1 $, Last updated $Date: 2000/09/28 00:45:37 $
@


1.1.1.3.2.3
log
@MFC: Import of sendmail 8.11.5

Approved by:	jkh
@
text
@a37 7
* Header checks are not called if header value is too long.

  If the value of a header is longer than 1250 (MAXNAME + MAXATOM - 6)
  characters or it contains a single word longer than 256 (MAXNAME)
  characters then no header check is done even if one is configured for
  the header.

d196 1
a196 1
* Race condition for delivery to set-user-id files
d199 1
a199 1
  or has the set-user-id bit set.  Unfortunately, some systems clear that bit
d214 1
a214 1
$Revision: 8.43.16.2 $, Last updated $Date: 2001/07/31 22:42:46 $
@


1.1.1.3.2.4
log
@MFC: Import sendmail 8.12.2
MFC: Resolve conflicts from sendmail 8.12.2 import
MFC: Remove files no longer part of the sendmail 8.12.2 distribution.
MFC: Fix mail.local build for non-sendmail.org code (1.15)
@
text
@d6 1
a6 1
The following are bugs or deficiencies in sendmail that we are aware of
d16 1
d38 1
a38 1
* Header checks are not called if header value is too long or empty.
d50 1
a50 1
* Misleading error messages.
d52 5
a56 4
  If an illegal address is specified on the command line together
  with at least one valid address and PostmasterCopy is set, the
  DSN does not contain the illegal address, but only the valid
  address(es).
a123 8
* Client ignores SIZE parameter.

  When sendmail acts as client and the server specifies a limit
  for the mail size, sendmail will ignore this and try to send the
  mail anyway.  The server will usually reject the MAIL command
  which specifies the size of the message and hence this problem
  is not significant.

d153 1
a153 1
  will quote the entire full name phrase.  If MustQuoteChars includes
d203 1
a203 1
* Race condition for delivery to set-user-ID files
d206 1
a206 1
  or has the set-user-ID bit set.  Unfortunately, some systems clear that bit
d213 9
a221 1
$Revision: 8.54 $, Last updated $Date: 2001/12/17 16:07:51 $
@


1.1.1.3.2.5
log
@MFC: Import sendmail 8.12.3
@
text
@a43 19
* Sender addresses whose domain part cause a temporary A record lookup
  failure but have a valid MX record will be temporarily rejected in
  the default configuration.  Solution: fix the DNS at the sender side.
  If that's not easy to achieve, possible workarounds are:
  - add an entry to the access map:
	dom.ain	OK
  - (only for advanced users) replace

# Resolve map (to check if a host exists in check_mail)
Kresolve host -a<OKR> -T<TEMP>

   with

# Resolve map (to check if a host exists in check_mail)
Kcanon host -a<OKR> -T<TEMP>
Kdnsmx dns -R MX -a<OKR> -T<TEMP>
Kresolve sequence dnsmx canon


d219 1
a219 1
$Revision: 8.55 $, Last updated $Date: 2002/03/05 00:45:54 $
@


1.1.1.3.2.6
log
@MFC: sendmail 8.12.7
@
text
@d238 1
a238 7
* MAIL_HUB always takes precedence over LOCAL_RELAY

  Despite the information in the documentation, MAIL_HUB ($H) will always
  be used if set instead of LOCAL_RELAY ($R).  This will be fixed in a
  future version.

$Revision: 8.55.2.1 $, Last updated $Date: 2002/12/18 22:38:48 $
@


1.1.1.3.2.7
log
@MFC: sendmail 8.13.1 import and related changes
@
text
@d244 1
a244 1
$Revision: 8.56 $, Last updated $Date: 2002/12/18 22:39:06 $
@


1.1.1.3.2.8
log
@MFC: sendmail 8.13.3
@
text
@a43 6
* Header lines which are too long will be split incorrectly.

  Header lines which are longer than 2045 characters will be split
  but some characters might be lost.  Fix: obey RFC (2)822 and do not
  send lines that are longer than 1000 characters.

d244 1
a244 1
$Revision: 8.57 $, Last updated $Date: 2004/12/02 23:39:01 $
@


1.1.1.3.2.9
log
@MFC: sendmail 8.14.1
@
text
@d32 4
a35 4
  all values in the body, but not 0x00 in the header.  Changing
  this would require a major restructuring of the code -- for
  example, almost no C library support could be used to handle
  strings.
d173 1
a173 1
  sendmail will pass the message as 8-bit.
d238 1
a238 1
  when a file is modified.  Sendmail compensates by resetting the file mode
d240 1
a240 1
  permission failure race as sendmail checks the permissions before locking
d250 1
a250 1
$Revision: 8.59 $, Last updated $Date: 2007/02/21 23:13:58 $
@


1.1.1.4
log
@Import of sendmail version 8.11.0 into vendor branch SENDMAIL with
release tag v8_11_0.

Obtained from: ftp://ftp.sendmail.org/pub/sendmail/
@
text
@d4 1
a4 1
			     (for 8.9.3)
d9 1
a9 1
want to get the most up to date version of this from ftp.sendmail.org
d38 5
d137 4
a140 4
  If a full name phrase includes characters from MustQuoteChars, sendmail
  will quote the entire full name phrase. If MustQuoteChars includes
  characters which are not special characters according to STD 11 (RFC
  822), this quotation can interfere with MIME encoded full name phrases.
d160 1
a160 1

a175 3
  Sleepycat Software has added code to avoid this race condition to
  Berkeley DB versions after 2.7.5.

d185 1
a185 19
* Race condition for delivery to setuid files

  Sendmail will deliver to a fail if the file is owned by the DefaultUser
  or has the setuid bit set.  Unfortunately, some systems clear that bit
  when a file is modified.  Sendmail compensates by resetting the file mode 
  back to it's original settings.  Unfortunately, there's still a
  permission failure race as sendmail checks the permissions before locking 
  the file.  This is unavoidable as sendmail must verify the file is safe
  to open before opening it.  A file can not be locked until it is open.

* Potential denial of service attack with AutoRebuildAliases

  There is a potential for a denial of service attack if the
  AutoRebuildAliases option is set as a user can kill the sendmail process
  while it is rebuilding the aliases file leaving it in an inconsistent
  state.  This option and it's use is deprecated and will be removed from a
  future version of sendmail.

$Revision: 8.43 $, Last updated $Date: 1999/11/17 18:56:09 $
@


1.1.1.5
log
@Import of sendmail version 8.11.1 into vendor branch SENDMAIL with
release tag v8_11_1.

Obtained from: ftp://ftp.sendmail.org/pub/sendmail/
@
text
@d4 1
a15 14
* Delivery to programs that generate too much output may cause problems
  (8.10, 8.11)

  If e-mail is delivered to a program which generates too much
  output, then sendmail may issue an error:

  timeout waiting for input from local during Draining Input

  Make sure that the program does not generate output beyond a
  status message (corresponding to the exit status).  This may
  require a wrapper around the actual program to redirect output
  to /dev/null.

  Such a problem has been reported for bulk_mailer.
d201 1
a201 1
$Revision: 8.43.16.1 $, Last updated $Date: 2000/09/28 00:45:37 $
@


1.1.1.6
log
@Import sendmail 8.11.5
@
text
@a37 7
* Header checks are not called if header value is too long.

  If the value of a header is longer than 1250 (MAXNAME + MAXATOM - 6)
  characters or it contains a single word longer than 256 (MAXNAME)
  characters then no header check is done even if one is configured for
  the header.

d196 1
a196 1
* Race condition for delivery to set-user-id files
d199 1
a199 1
  or has the set-user-id bit set.  Unfortunately, some systems clear that bit
d214 1
a214 1
$Revision: 8.43.16.2 $, Last updated $Date: 2001/07/31 22:42:46 $
@


1.1.1.7
log
@Import sendmail 8.12.2
@
text
@d6 1
a6 1
The following are bugs or deficiencies in sendmail that we are aware of
d16 1
d38 1
a38 1
* Header checks are not called if header value is too long or empty.
d50 1
a50 1
* Misleading error messages.
d52 5
a56 4
  If an illegal address is specified on the command line together
  with at least one valid address and PostmasterCopy is set, the
  DSN does not contain the illegal address, but only the valid
  address(es).
a123 8
* Client ignores SIZE parameter.

  When sendmail acts as client and the server specifies a limit
  for the mail size, sendmail will ignore this and try to send the
  mail anyway.  The server will usually reject the MAIL command
  which specifies the size of the message and hence this problem
  is not significant.

d153 1
a153 1
  will quote the entire full name phrase.  If MustQuoteChars includes
d203 1
a203 1
* Race condition for delivery to set-user-ID files
d206 1
a206 1
  or has the set-user-ID bit set.  Unfortunately, some systems clear that bit
d213 9
a221 1
$Revision: 8.54 $, Last updated $Date: 2001/12/17 16:07:51 $
@


1.1.1.8
log
@Import sendmail 8.12.3
@
text
@a43 19
* Sender addresses whose domain part cause a temporary A record lookup
  failure but have a valid MX record will be temporarily rejected in
  the default configuration.  Solution: fix the DNS at the sender side.
  If that's not easy to achieve, possible workarounds are:
  - add an entry to the access map:
	dom.ain	OK
  - (only for advanced users) replace

# Resolve map (to check if a host exists in check_mail)
Kresolve host -a<OKR> -T<TEMP>

   with

# Resolve map (to check if a host exists in check_mail)
Kcanon host -a<OKR> -T<TEMP>
Kdnsmx dns -R MX -a<OKR> -T<TEMP>
Kresolve sequence dnsmx canon


d219 1
a219 1
$Revision: 8.55 $, Last updated $Date: 2002/03/05 00:45:54 $
@


1.1.1.9
log
@Import of post-8.12.3 bug fixes from vendor repository.

These are being imported for the upcoming FreeBSD 4.6 release.
@
text
@d238 1
a238 1
$Revision: 1.1.1.8 $, Last updated $Date: 2002/04/10 03:04:47 $
@


1.1.1.10
log
@Import sendmail 8.12.4
@
text
@d238 1
a238 1
$Revision: 8.55 $, Last updated $Date: 2002/03/05 00:45:54 $
@


1.1.1.11
log
@Import sendmail 8.12.7
@
text
@d238 1
a238 7
* MAIL_HUB always takes precedence over LOCAL_RELAY

  Despite the information in the documentation, MAIL_HUB ($H) will always
  be used if set instead of LOCAL_RELAY ($R).  This will be fixed in a
  future version.

$Revision: 8.55.2.1 $, Last updated $Date: 2002/12/18 22:38:48 $
@


1.1.1.12
log
@Import sendmail 8.13.1
@
text
@d244 1
a244 1
$Revision: 8.56 $, Last updated $Date: 2002/12/18 22:39:06 $
@


1.1.1.12.2.1
log
@MFC: sendmail 8.13.3
@
text
@a43 6
* Header lines which are too long will be split incorrectly.

  Header lines which are longer than 2045 characters will be split
  but some characters might be lost.  Fix: obey RFC (2)822 and do not
  send lines that are longer than 1000 characters.

d244 1
a244 1
$Revision: 8.57 $, Last updated $Date: 2004/12/02 23:39:01 $
@


1.1.1.12.2.2
log
@MFC: sendmail 8.14.1
@
text
@d32 4
a35 4
  all values in the body, but not 0x00 in the header.  Changing
  this would require a major restructuring of the code -- for
  example, almost no C library support could be used to handle
  strings.
d173 1
a173 1
  sendmail will pass the message as 8-bit.
d238 1
a238 1
  when a file is modified.  Sendmail compensates by resetting the file mode
d240 1
a240 1
  permission failure race as sendmail checks the permissions before locking
d250 1
a250 1
$Revision: 8.59 $, Last updated $Date: 2007/02/21 23:13:58 $
@


1.1.1.13
log
@Import sendmail 8.13.3
@
text
@a43 6
* Header lines which are too long will be split incorrectly.

  Header lines which are longer than 2045 characters will be split
  but some characters might be lost.  Fix: obey RFC (2)822 and do not
  send lines that are longer than 1000 characters.

d244 1
a244 1
$Revision: 8.57 $, Last updated $Date: 2004/12/02 23:39:01 $
@


1.1.1.13.2.1
log
@MFC: sendmail 8.14.1
@
text
@d32 4
a35 4
  all values in the body, but not 0x00 in the header.  Changing
  this would require a major restructuring of the code -- for
  example, almost no C library support could be used to handle
  strings.
d173 1
a173 1
  sendmail will pass the message as 8-bit.
d238 1
a238 1
  when a file is modified.  Sendmail compensates by resetting the file mode
d240 1
a240 1
  permission failure race as sendmail checks the permissions before locking
d250 1
a250 1
$Revision: 8.59 $, Last updated $Date: 2007/02/21 23:13:58 $
@


1.1.1.13.2.2
log
@SVN rev 182466 on 2008-08-30 00:21:55Z by gshapiro

MFC: sendmail 8.14.3

Approved by:	re
@
text
@a49 11
* milter communication fails if a single header is larger than 64K.

  If a single header is larger than 64KB (which is not possible in the
  default configuration) then it cannot be transferred in one block to
  libmilter and hence the communication fails.  This can be avoided by
  increasing the constant MILTER_CHUNK_SIZE in
  include/libmilter/mfdef.h and recompiling sendmail, libmilter, and
  all (statically linked) milters (or by using an undocumented compile
  time option:  _FFR_MAXDATASIZE; you have to read the source code in
  order to use this properly).

d250 1
a250 1
$Revision: 8.60 $, Last updated $Date: 2007/12/04 01:16:50 $
@


1.1.1.14
log
@Import sendmail 8.14.1
@
text
@d32 4
a35 4
  all values in the body, but not 0x00 in the header.  Changing
  this would require a major restructuring of the code -- for
  example, almost no C library support could be used to handle
  strings.
d173 1
a173 1
  sendmail will pass the message as 8-bit.
d238 1
a238 1
  when a file is modified.  Sendmail compensates by resetting the file mode
d240 1
a240 1
  permission failure race as sendmail checks the permissions before locking
d250 1
a250 1
$Revision: 8.59 $, Last updated $Date: 2007/02/21 23:13:58 $
@


1.1.1.14.2.1
log
@SVN rev 182465 on 2008-08-30 00:20:49Z by gshapiro

MFC: sendmail 8.14.3

Approved by:	re
@
text
@a49 11
* milter communication fails if a single header is larger than 64K.

  If a single header is larger than 64KB (which is not possible in the
  default configuration) then it cannot be transferred in one block to
  libmilter and hence the communication fails.  This can be avoided by
  increasing the constant MILTER_CHUNK_SIZE in
  include/libmilter/mfdef.h and recompiling sendmail, libmilter, and
  all (statically linked) milters (or by using an undocumented compile
  time option:  _FFR_MAXDATASIZE; you have to read the source code in
  order to use this properly).

d250 1
a250 1
$Revision: 8.60 $, Last updated $Date: 2007/12/04 01:16:50 $
@


1.1.1.14.2.2
log
@SVN rev 223320 on 2011-06-20 02:04:20Z by gshapiro

Merge sendmail 8.14.5 to RELENG_7
@
text
@a14 8
* Header values which are too long may be truncated.

  If a value of a structured header is longer than 256 (MAXNAME)
  characters then it may be truncated during output. For example,
  if a single address in the To: header is longer than 256 characters
  then it will be truncated which may result in a syntactically
  invalid address.

d261 1
a261 1
$Revision: 8.61 $, Last updated $Date: 2011/04/07 17:48:23 $
@


