This file contains all changes to patch and documentation since first version was posted via google groups to comp.mail.sendmail on oct 14, 2004 That was internally revision 5 Changelog follows below: ============================================================== V11b -- March 2, 2005 Ninth documented revision. Released ============================================================== * Fix regression in milter-rulesets causing milter timeouts * Change _FFR_MILTER_NOEOB and _FFR_MILTER_NOBODY_EARLY implementation. ============================================================== V11 -- February 28, 2005 Ninth documented revision. Released * Fix an issue where senmail could segfault if writing macros to a milter caused a sigpipe before the EOB milter command. * _FFR_MILTER_RCPT_DEL changes the way recipient rejected by milters are removed from the delivery list. This causes sendmail to free the address entry and remove it from the chain of recipients, instead of marking it removed. * Work on milter_rcpt_error portion of patch, which is still a mess of gotos. * New milter ruleset flag O which means cOntinue to next ruleset. Use this to set flag S but continue to proccess the next ruleset. If there are no more rulesets, the ruleset proccessing terminates as if successfull and milter handling continues as normal. Usefull if you want to prevent rejections but still handle the recipient, so for example you would flag the ruleset as 'SNO'. This presumes the milter will do something usefull in addition to attempting to reject the email. Also conceivably usefull if you want the ruleset to do something and want to ensure that it has no other effect on milter proccessing. You would flag it as 'O' and the next ruleset as 'C'. * Mailers selected by rulesets are now case insesitive. * Fixes to rcpt handling include changing the order of setting/unsetting macros and proper counting of badrcpts. * Fixed issue where milter responses were not listened for again after a rewrite request during milter EOB callback stage * Milters may no longer need to receive an End Of Body command if they do not register a callback for it. This is selected by compiling sendmail with _FFR_MILTER_NOEOB * Milters may be send an abort message early on during the data phase of the message if they have no callbacks registered for the message body. Turn this on by compiling sendmail with _FFR_MILTER_NOEOB and _FFR_MILTER_NOBODY_EARLY * Some small code flow and comment changes. Added some gotos. ============================================================== V10a -- December 16, 2004 Eighth documented revision. Released * Recreate patch against 8.13.2 ============================================================== V10 -- December 14, 2004 Seventh documented revision. Released * As a suggestion, one sure way of leaving the workspace as is from a ruleset is to use the macro map usualy named storage and store the ruleset's input there. Pop it out before returning. Something like this: R$* $: $(storage {ruleset_X_args} $@ $1 $) $1 R$* $: $>Canonify $1 ...... R$* $: $&{ruleset_X_args} R$* $: $(storage {ruleset_X_args} $@ $) $1 R$* $@ $1 * New milter ruleset flag C. This flag ensures that the ruleset gets a "clean slate" workspace. This is only needed following rulesets which use either R or W ruleset flags. * New milter ruleset flag W. This flag uses the workspace output of one ruleset as the input to the next ruleset for the milter cmd state. The workspace is NOT sent to the milter (unless followed by a ruleset with R flagged). * New and updated debug output statements. * Properly intialize ruleset flags, fixing several problems. ============================================================ V9 -- December 09, 2004 Sixth documented revision. Released * Big bug fix! Handling of milter rcpt errors was flawed in that rcpts that a milter rejected were delivered to anyway if the smtp session continued successfully (there was a valid rcpt). Compiling with -D_FFR_MILTER_RCPT_ERROR undefined in all previous versions would likely still exhibit the same bug. This version contains a tag and sweep so that rcpts the milter rejects are treated as if the milter called smfi_delrcpt(). (This bug is here because the milter call is placed after sendmail does nearly everything else on the recipient, including saving it in the list of recipients. There is no other way to either avoid sending error'd recipients to milter or to mark error'd recipients as such when sending them to the milter.) Included in the patch tarball is the diff between v8-v9 which contains this fix only. It should apply clean to previous versions. ============================================================ V8 -- December 07, 2004 Fifth documented revision. Released * Tracelevel 72-75 categories and debugging statements added. (more probably needed) * Beware! Rulesets for Milter Connect should not touch any input past the first $| because that includes binary data. Passing it into the RHS is asking for SYSERR messages. * The macro milter_name is now defined to the configured name of the milter during calls to rulesets for both the rwsets and rewrite features. * Milter ruleset flag N has been added. This effectively negates the result of the ruleset on the milter action. So if the milter ruleset does not resolve to one of the mailers then it is as if it resolved to $#discard. If the milter ruleset resolved to one of the mailers, its as if it did not. As a special case, if the milter ruleset resolves to $#relay its as if it resolved to $#abort * Changes in V7.a have been abandoned. Currently access to maps and classes should be provided to milters by way of ruleset rewrite calls. ============================================================ V7.a -- October 2?, 2004 Fourth documented revision. Unreleased -- Abandoned * -D_FFR_MILTER_SM_MAP enables compiling into sendmail/libmilter and milters support for milters to lookup values in sendmail maps. smfi_getmapvals() and smfi_vgetmapvals() are introduced by this. Milters must have the M flag and sendmail.mc needs this line define(`confMILTER_SM_MAP')dnl in order to allow a milter to use this functionality. A ruleset to reject/rewrite/permit map access may be defined by this line in semdail.mc define(`confMILTER_SM_MAP_RULESET', `rulesetname')dnl The named ruleset will be passed mapname $| miltername The behavior of the ruleset is as documented for the smfi_rewrite() feature. If it does not exist all map accesses are allowed. ========================================================= V7 -- November 15, 2004 Third documented version. Released. ========================================================== V7 -- October 20, 2004 Third documented version. Unreleased. * Updated _FFR_ definitions for printing on -d1 * _FFR_MILTER_MACROS_NOEMPTY no longer pre-set When compiling sendmail with -D_FFR_MILTER_MACROS_NOEMPTY sendmail will not send the macros command to the milter if there are no macros to send. * _FFR_MILTER_RCPT_ERROR not defined by default. This means that after patching and recompiling sendmail WITHOUT -D_FFR_MILTER_RCPT_ERROR sendmail's behavior will be different and will no longer send to Milters recipients who are undeliverable. I suspect most people would consider this a more reasonable approach. * Previous documentation did not make clear that SMFIF_TRYREJECTS will still not receive a ABORT command once in eom() stage. So data can be freed by first reject or by abort or by eom or by close. If the milter wants the data back again after unsuccessfull reject a workable solution may be to store or mark the data in such a way as it can be detected and free upon a new message start or abort command or by connection close. * Previous EAGAIN documentation left out that the EAGAIN feature includes a new timeout 'G'. =============================================== V6 -- October 19, 2004 Second documented version. Released. * Milter ruleset configuration now takes optional flags between like this: R=R:FRS:RcptRuleset This form is optional. R=R:RcptRuleSet will be parsed as no flags. These are the supported flags for milter rulesets: U -- When processing rulesets do not strip ($#,$@,$:) from ruleset workspace results. This only applies when any rewriting/replacing of workspace is done. F -- Opposite of above. Current default. R -- Replace workspace with rewrite results. Processes resulting workspace in accordance with the U or F flags. In all cases, if this flag is specified, this will be the workspace handed to any rulesets later defined for this milter cmd stage. When an (internally) marked safe ruleset definition is encountered, the data passed to the milter will be replaced by this rulesets workspace. S -- Spike rejections. If this ruleset results in filtering this command from the milter, the milter will be prevented from causing a rejection or discard of the email. This needs to be turned on by compiling sendmail with -D_FFR_MILTER_RWSETS_SPIKE Without this, the flag will be accepted and be a noop. * smfi_rewrite() has been modified to take an additional argument for options. Options are OR'd together and include: SMFRS_UNFILTER -- produces the same behavior as milter ruleset flag 'U'. SMFRS_CONDELSE -- MTA should not process $| as a string seperator in the results it sends back to the milter. * smfi_vrewrite() has been added. This function takes a variable number of not NULL arguments of pointer to char(strings). It then calls smfi_rewrite after processing them. For all other purposes, this is identical to smfi_rewrite() The first not NULL argument will terminate proccessing of the list of arguments. So dont do that. * SMFIF_TRYREJECT has been added. This is an additional milter flag to be OR'd into smfi.xxxFlags. This will cause the milter to negotiate the following behavior from sendmail. Normally a milter that tells the MTA to reject or tempfail a message does not expect any additional processing for that message, except for the xxxrcpt. With this flag set, should the MTA refuse to process the rejection/tempfail, the milter has indicated that it still wishes to continue proccessing the message. This is designed to work with behavior caused by the milter ruleset flag 'S'. This is a departure from current milter protocol. A milter that sets this flag must be prepared to continue processing a message that it has already rejected. It should not expect to continue processing the message. All message resources should be set to secondary pending reject status at the point of sending a rejection. The MTA should send an abort (or close) if the rejection was successfull. This is a departure from previous protocol behavior. At this point the rejected resources should be free'd and marked NULL. If the MTA continues with current message, the milter may choose to reinstate the rejected data. To enable this, libmilter and the milter must be recompiled with -D_FFR_MILTER_RWSETS_SPIKE * Fixed typo in smfi_getmaxdatasize() Interaction still untested. * Paranoia checks (somewhat messy) that should keep milter_envrcpt well fed in the event of error rcpts being sent to it courtesy of _FFR_MILTER_RCPT_ERROR and _FFR_MILTER_RCPT_ERROR_ALL * Interaction with -D_FFR_MILTER_NOHDR_RESP is not well tested. ================================================ V5 -- October 13, 2004 First documented version. Released. * macro command is not sent to the milter if there are no macros to send.