DISCLAIMER: There is no guarantee that I know what I am talking about. Use
at your own risk.
Things I have cooked up for sendmail 8.12, 8.13 and related
Unless noted otherwise, patches and contributions, to the extent that copyright applies, are licensed under the same copyright license as the file they patch or are intended to be placed into(this includes rulesets), only when used with that file. Otherwise it may be assumed that GNU GPLv2 or later applies.
The sendmail consortium has special consideration to incorporate anything featured on this page as a part of Sendmail 8 or any of its deriviatives, at which point all Sendmail consortium license terms OR at the receivers option, GNU GPLv2 or later would apply to those portions.
If you want any other terms please write me and I will be happy to oblige you, within limits
New version of badrcpt_shutdown patch for 8.14.3
This version is not tested as of this time. Sendmail 8.14.3 now includes this _FFR patch, without documenation and m4 configuration. This version of the patch contains only the m4 and documentation.
New version of badrcpt_shutdown patch for 8.14.2
This version is not tested as of this time. Sendmail 8.14.3 now includes this _FFR patch, without documenation and m4 configuration.
This patch allows you to perform virtusertable lookups for domains that are considered local due to the feature bestmx_is_local. To enable this feature, place this line into sendmail.mc
define(`_VIRTUSER_BESTMX_LOCAL_DOMAIN_')dnl
This patch turns on spam friend lookups for the localpart of the domain, per the feature delay_checks, for domains that are considered local due to feature bestmx_is_local. This patch has been hanging around for a while, found it while cleaning the closet.
This patch attempts to fix occurences where sendmail logs the connecting IP address as "null". This is related to identd queries.
milter-rrres V16 applies against sendmail 8.13.8 and contains many new features and fixes.
Highlights of this release include interaction with the class-map patch and the ability for libmilter milters to listen to connections on multiple sockets.
More details can be found in the Changes file.
Sendmail 8.14 compatibility is planned for future release.
This patch adds a new map type of "class" to sendmail. This class allows you to create maps to manipulate the contents of classes, adding, querying, dumping the entire contents and deleting members of the class or even the entire class. The map also supports using regex to perform these operations.
This patch changes sendmail lookup handling to accomodate CNAME's in MX records. Normally, this would be handled by canonification routines, but those can be turned off. This patch is also usefull for configurations that utilize sendmail's dns map type to perform DNS resolution on names that could be CNAME's.
This patch provides the ability to run sendmail with -d50.99 which will then save the queue files (renaming q* to Q*) for later analysis. Admin beware: Queues filling up full of files is bad for your system. Turn on this ability by compiling sendmail with -D_FFR_QUEUE_SAVEFILES.
Compiling sendmail with -D_FFR_QUEUE_SAVEFILES_OPTION will expose the functionality without debugging flags as a sendmail option QueueSaveFiles (mc option confQUEUE_SAVE_FILES).
This experimental patch provides the ability to control minimum queue age and maximum queue age per queue group. It also allows binary shifted by number of tries backoff on subsuquent retries, optionaly divided.
To turn on this feature compile sendmail with -D_FFR_QUEUE_TIMING and configure a queue group like so
QUEUE_GROUP(`myqueue',`P=path, T=N:30s;X:15m;D:2, F=b')dnl
To turn off the backoff algorithm, leave out the b flag.
An additional feature where the flag i can be used to force initial retry immediately is available by compiling -D_FFR_QUEUE_INITIAL_RETRY
The objective of the patch is to allow very fast initial retrying of queued mail and slowing it down after some tries. Presumably you would use persistent queue runners for this. This patch has undergone minimal testing; its not very convenient to test aging on sendmail queue files.
It would probably be a nice addition if sendmail could move the queue entries to another group with more compatible timing settings after its aging time reaches a maxage point.
This version of the patch adds _FFR_ATTACK_FASTTERM which will terminate smtp connections to whatever number you set _FFR_ATTACK_FASTTERM to or double the number of allowed commands, whichever is first. Without using a number, this means connections will be terminated immediately after sendmail sleeps when they reach the maximum number allowed.
This version of the patch adds _FFR_ATTACK_FASTTERM which will terminate smtp connections to whatever number you set _FFR_ATTACK_FASTTERM to or double the number of allowed commands, whichever is first. Without using a number, this means connections will be terminated immediately after sendmail sleeps when they reach the maximum number allowed.
Also added is _FFR_ATTACK_UPTO_LIMIT which changes the limit handling from reaching to exceeding.
An experimental patch that makes sendmail flush the response to a client's cmd if a timeout has been exceeded. This overrides the default behavior of smtp PIPELINE which only sends the response if there is no more input to proccess from the client. The timeout is controlled by the cf option Timeout.to_flushresponse and by the mc option conf_TIMEOUT_FLUSH_RESPONSE. Sendmail must be built with -D_FFR_TIMEOUT_FLUSH_RESPONSE and the mc file must have _FFR_TIMEOUT_FLUSH_RESPONSE defined.
Without the timeout defined, sendmail will flush the response after EVERY command as the timeout will default to 0. To turn off the behavior completely, set the timeout to -1.
There may be an issue with poorly implemented clients that perform one read per write, they may deadlock.
The rational for this patch is that systems may implement their timeouts based only on the first command sent in a pipelined batch. This could mean that having a delay of 6 seconds for 10 pipelined recipients would trigger a 60 second timeout for the MAIL FROM: command on the remote system.
A patch that enables more logging to show how much time sendmail waits due to bad commands before shutting down the connection. Enable it by compiling sendmail with -D_FFR_ATTACK_LOG_SLEEP
An updated patch to the _FFR_DNSMAP_MULTIBEST which includes the samename fix.
An experimental patch to the _FFR_DNSMAP_MULTI feature that restricts the multiple answers to the ones with the domain name matching the first answers domain name.
This is turned on by compiling sendmail with _FFR_DNSMAP_MULTI_SAMENAME
milter-rrres V15 applies against sendmail 8.13.6 - 8.13.8 and contains many new features and fixes.
Some of the highlights include milter lookup access for sendmail testmode, ruleset processing of milter command responses, libmilter thread locking for lookup access, more rulesets to control lookup request and more macros set for use of these rulesets. All the details, which includes much more, can be found in the Changes file.
The SingleBounceAddr Patch adds the sendmail cf option SingleBounceAddr and the mc option confSINGLE_BOUNCE_ADDR which can be set to a value that when macro expanded results in a non blank string will be used as the destination for bounces instead of the rightfull recipient.
To turn on this feature you must compile sendmail with -D_FFR_SINGLE_BOUNCE_ADDR
Version two of the patch does not override copying postmaster on configuration or software errors. It does this by moving the code around even without -D_FFR_SINGLE_BOUNCE_ADDR. Your choice which to use.
A new milter project, callahead-milter is a milter that is designed to be able to perform rcpt and sender callahead/callback smtp verification. It is designed to be able to work closely with sendmail and to do as little harm as possible.
While at version 0.01 the milter is completely unsuited for actual use except for those brave and hardy souls looking for adventure, at 2821 lines it was impossible to resist posting its announcement.
Version 8 of the patch fixes the case where the lack of IPv6 hosts would be treated as a host not found condition even if inet4 hosts were found. This version also returns IPv6 hosts in the standard sendmail fashion.
Version 7 of the patch changes Fallback MX handling a bit and cleans up some possible memory leak.
Here is a mirror of Andrzej Adam Filip old anfi.homeunix.net pages.
A ruleset that allows you to restrict email being sent to email addresses from unauthenticated senders. The ruleset also allows you to restrict which authenticated users can send email to the restricted email address.
The ruleset introduces these new access map tags. Following the tag can be the usual access map values, looked up in this order: The exact email address, the Full email address, the Localpart of the email address and the domainpart of the email address.
RcptAuthReq:
RcptAuth:
RcptAuthReq:user@domain\TAB Yes
This requires authentication for the email address.
RcptAuthReq:user@domain\TAB No
This explicitly does not requires authentication for the email address.
RcptAuth:user@domain\TAB user1,user2,user3
This lists the allowed authenticated users for the email address. Authentication required is implied.
New version of badrcpt_shutdown patch for 8.13.6 New version of skip-rshecks patch for 8.13.6 milter-rrres V14 applies against sendmail 8.13.5 and contains many new features and fixes.
Fix for bug where some macros would be set to NULL a bit too early.
Fix for bug in ruleset handling #abort
Rulesets and a milter to check and optionally rewrite the From: headers and the smtp Mail From: command based upon the SMTP authenticated username Supplied find milter, milter build script (requires milter-rrres), rulesets and design/doc
Mar 23, 2006, Sendmail 8.13.6
This version is not tested as of this time.
Mar 23, 2006, Sendmail 8.13.6
This version is not tested as of this time.
Mar 12, 2006, Sendmail 8.13.5
More details can be found in the Changes file.
March 12, 2006. milter-rrres v11 - v13a.
March 06, 2006. milter-rrres v8 - v13a.
Dec 27, 2005
Nov 1 2005, Sendmail 8.13.5
Can be utilized by hooking local_mail_from or by hooking the confFROM_HEADER() or by using the supplied milter
Potentialy insertable into sendmail order of execution by changing smtp mailer definitions as well
Some rulesets I wrote to perform access checks against MX's. This allows you to dynamicaly duplicate the checks that dnsbls such as rfci's bogusmx use for listing. Apparently the recently released Sendmail X includes a similar feature.
Use the MX: tag in the access map, and standard sendmail access map return values and search orders apply.
June 28, 2006
Updated the rulesets so that now it will reject email addresses that do not have a sendmail resolvable MX (includes smarthost, fallback MX, A record). To disable this, uncomment the apropriate line.
Mailertable interaction can also be disabled.
This version is not well tested and may not work well.
milter-rrres V13a applies against sendmail 8.13.5 and is compatible with changes in libmilter. V13, V12 and earlier are NOT and can cause problems communicating with certain milters.
milter-rrres V13a applies against sendmail 8.13.5 and is compatible with changes in libmilter. V13, V12 and earlier are NOT and can cause problems communicating with certain milters.
More details can be found in the Changes file.
milter-rrres V12a applies against sendmail 8.13.5 and is compatible with changes in libmilter. V13, V12 and earlier are NOT and can cause problems communicating with certain milters.
More details can be found in the Changes file.
compare-map v2 applies against sendmail 8.13.4 and 8.13.5
This version supports comparing arbitrary number of strings, not just the first two, until it matches. It also supports basic regex utilizing -b and extended regex with -e
compare-map v1 applies against sendmail 8.13.4.
This patch introduces a new map type, compare. This map type can be used to compare strings.
Basic usage is like this:
Kcompare compare
And in a ruleset:
R$* $| $* $: $(compare $1 $@ $2 $: $)
RMATCH $#OK
R$* $#error
The map understands these arguments:
-a : string to return on successfull match (default MATCH)
-f : case sensitive search
-n : successfull return is if strings do NOT match
-T : string to return on unsuccessfull match (default blank)
If the map is called with only one string the following arguments are relevant in this order
-z : delimiting charachter to seperate the key value into 2 strings
-k : string to use to seperate the key value into 2 strings
-v : string to use to seperate the key value into 2 strings
Currently, one can do something similar by storing the string into a macro with a macro map and then by trying to match the LHS with it. However that is a bit awkward and apparantly, more susceptible to mangling.
milter-rrres V13 applies against sendmail 8.13.4 More details can be found in the Changes file.
milter-rrres V12 applies against sendmail 8.13.4 and has important fixes. More details can be found in the Changes file.
This version of the patch cleans up some things.
This version of the patch adds two (independent) features.
Compiling sendmail with -D_FFR_MX_NOHOST_SKIP will cause sendmail to ignore any MX which does not resolve properly
Compiling sendmail with -D_FFR_MX_NOHOST_HIPREF in the absence of the above cause sendmail to set a high value for the preference of the non-resolvable MX. This will cause it to go to the end of the list of usuable MX servers. If it is the only one left on the list, it will still be tried.
It is not neccessary to turn on the behavior of the below entry with -D_FFR_MX_A_REC_INCLASSW to use either of these features.
This is an experimental patch that allows sendmail to recognize itself in a MX list when the MX resolves to an A record that is listed in /etc/mail/local-host-names (class w) as [mx.ip.ad.dr]
This may be usefull if utilizing a large number of domains that have this form
@ IN MX 20 smtp
smtp IN A mx.ip.ad.dr
Along with the FEATURE(`bestmx_is_local') that would be all required to accept mail for all those domains.
Without FEATURE(`bestmx_is_local') this patch will only cause sendmail to change the error it finds when a MX record resolves to an A record listed in w but the domain name is not listed in w.
Currently sendmail bounces the message with "mail loops back to me (MX problem?)"
With this patch and without bestmx_is_local sendmail will instead bounce the message with this error "MX list for domain name points back to value of $j"
To turn this on, patch and compile sendmail with -D_FFR_MX_A_REC_INCLASSW
milter-rrres V11c applies against sendmail 8.13.4 and has updated debugging categories. See patched sendmail/TRACEFLAGS.
Mar 2 2005
milter-rrres V11b fixes critical issues with V11 release.
Details are in the Changes file.
This is a big update with many changes, most of them experimental. Includes a fix to a potential issue causing stray df files, a new ruleset flag, changes to rcpt handling and improvements to milter handling of message body. More details can be found in the Changes file.
-B map switch for MULTI_BEST
This patch allows one to pass -B to a map of dns map type. The -B flag instructs the map to return the best/most preferred records instead of all of them. Use this with the -z switch.
You will need to compile sendmail with -D_FFR_DNSMAP_MULTI and -D_FFR_DNSMAP_MULTI_BEST
This patch adds the same -B switch to the bestmx map type.
You will need to compile sendmail with -D_FFR_BESTMX_MULTI_BEST
New version of skip-rshecks patch avoids conflict with badrcpt_shutdown patch and is diffed against 8.13.2
Important: apply this patch BEFORE badrcpt_shutdown.
This is an update to the previous version 9 fixing important bugs with ruleset flag handling. More details can be found in the Changes file.
Dec 16 2004
Updated tarball includes patch to apply against Sendmail 8.13.2 as well.
This is an update to the previous version 8 fixing a critical bug. More details can be found in the Changes file.
This is an update to the previous version 7. More details can be found in the Changes file.
This is an update to the previous version 6. More details can be found in the Changes file.
badrcpt-shutdown.v1, BadRcptShutdown option.
This patch adds two options to sendmail.
BadRcptShutdown -- when the number of bad recipients reaches this threshold sendmail will consider closing the SMTP connection with a 421 code.
BadRcptShutdownGood -- the percentage of bad recipients out of total that needs to be matched or exceeded before sendmail will shutdown the connection. If 100, then sendmail will never shut the connection down if it has already accepted any recipients. If 0, sendmail will shut down the connection the recipient after BadRcptShutdown bad recipients have been reached.
To turn this on compile sendmail with -D_FFR_BADRCPT_SHUTDOWN
You also need to add -D_FFR_BADRCPT_SHUTDOWN to the m4 commandline before proccessing your mc file.
skip-rscheck.v1, SkipRSChecks option.
This patch adds an option that allows one to select which of the check* rulesets sendmail will NOT call. The rulesets will NOT be altered in any way. It is presumed that the configurer has another method of calling those rulesets, perhaps from a milter using the milter-rrres patch(below).
After patching sendmail compilation with -D_FFR_SKIP_RSCHECKS is neccessary to turn this feature on.
The sendmail cf option "SkipRSChecks" can be .mc defined like this:
define(`confSKIP_RS_CHECKS', `')dnl
where as arguments one puts in the letter corresponding to below rulesets.
E for check_eoh
L for check_relay
P for check_compat
S for try_tls
H for all the header rulesets
C for tls_client
M for check_mail
R for check_rcpt
V for check_vrfy
N for check_ertn
D for check_data
O for check_eom
Revision 6 of milter_rwsets_rcpt_rewrite_eagain_spike (milter-rrres) patch.
This revision of the patch adds the ability for milter rulesets to rewrite data sent to milters, flags and calling changes for smfi_rewrite(), smfi_vrewrite() and a new feature of Spiked Rejects.
Spiked rejects prevent any rejection of a milter from being proccessed as such by the MTA. Should the milter negotiate this with the MTA, the MTA will continue sending milter commands until message end after a spiked rejection.
See the enclosed Changes file for much more details, as well as the original Documentation.
This is an experimental patch to allow you to return error strings containing \n to sendmail from the access db or from ruleset checks. They will trigger multiline SMTP replies. I am currently not very sure if I handled enhanced DSN codes correctly.
The \n in the error string will be converted to a space before logged.
To use this patch please recompile sendmail with -D_FFR_MULTILINE_ERRORS
First Version: Oct 16, 2004.
Second Version: Oct 16, 2004. This one handles -X better.
Oct 26, 2004 -- New version fixes breakage to manual multiline replies sendmail already does (such as in response to EHLO command)
V3 of multiline patch
Oct 27, 2004 -- New version of patch repeats Enhanced status code for each line as per rfc2034 section 4.
V4 of multiline patch
Oct 28, 2004
This version detects already multilined msgs such as from smfi_setmlreply(). Also includued are some cleanups, proper handling of non smtp coded msgs and one less call to memchr.
V5 of multiline patch
Oct 30, 2004 -- This version is better optimized and now supports escaping the newline in access db or rulesets.
V6 of multiline patch
Dec 10, 2004
Apparently you will quickly run into cataddr() or prescan() errors with longer error messages. The fix is to increase MAXNAME to a larger value. The sendmail source warns about doing this, but it works. If anyone would happen to know what specific issues can be triggered by this, I would appreciate it.
Dec 16, 2004 -- This version is diffed against sendmail 8.13.2 and fixes handling of a trailing newline.
It also includes the increased MAXNAME.
V8 of multiline patch
Feb 27, 2005 -- This version allows you to compile libmilter with -D_FFR_MULTILINE_ERRORS.
This will allow smfi_setreply() to accept messages with '\n' in them, and to print them as smtp multiline errors.
smfi_setmlreply() is not as usuable as this because you must supply each line as a variadic argument.
Some sys-logged lines will include the escaped newline symbol.
V9 of multiline patch
Oct 30, 2005 -- Sendmail 8.13.5
V9a of multiline patch
As announced in this google post.
This provides the features of milter command ruleset processing, proper envrcpt ordering of operations, libmilter function smfi_rewrite and EAGAIN flow control.
Version 3 of
virtuser match localpart patch.
I fixed up some quotes and hopefully avoid any breakage of virtuser_entire_domain.
More importantly, this changes the sequencing so that in the following
myalias@mydomain.com myalias
myalias@
error:nouser The email address %1@%2 is not
valid on this system.
@mycustomersdomain.com mycustomers@someothedomain.com
The bottom line has higher precedence than the second.
Version 2 of
virtuser match localpart patch.
This one passes more parameters so when you match on local part your
error message could say this:
cust1list@ error:nouser The email address of %1 @ %2 is invalid on the
system.
Oct 16, 2004 Version 2
Fixes handling of localpart only users and does better job on IPv6 rcpts.
Mar 31, 2005 Version 3
This one appears to actually work.