This file contains all changes to patch and documentation since first version was posted via google groups to comp.mail.sendmail on oct 14, 2004 That was internally revision 5 Changelog follows below: ============================================================== V16 -- May 16,2007 Nineteenth documented revision. Released * Do not prematurely review uniformity of commands sent to milter (such as RCPT) upon certain commands received from the milter when using feature MilterRwsetsResponse * While ruleset processing milter response commands the macro {milter_phase} will be set to the command previously sent to the milter * During ruleset processing the macro {milter_prevcmd} will be set to the command previously sent to the milter. * Milter rulesets can now be called for the SMFIC_DATA command, signalling the start of data transmission. * Milter rulesets can now be called for the SMFIC_EOB command. * smfi_sm_map() can now use the SMFRW_ALLMATCH option. With this option, instead of using the results of one map lookup to feed to the next, each map is looked up with the original values and the results are added to the list. This option will not take effect if SMFRW_CONDELSE is set and SMFRW_MAPDELIM is not set and if there is no map delimiter. * Properly copy data returned by map_lookup in milter_send_lookup() so that staticly allocated memory is not free()'d inappropriatly. This was broken by SMFRW_MAPDELIM. * Fix memory leak in _FFR_MILTER_SM_MAP map lookup handling. * Fix mergestrarr() guarantee of NULL termination of the array. * Fix incompatibility between _FFR_MILTER_RWSETS and _FFR_MILTER_EAGAIN by not freeing rewritten data immediately after sending to milter, because with _FFR_MILTER_EAGAIN we may need to send it again. * added a paranoid memory leak check in milter_headers() * paranoid memory leak checks now need to be turned on with _FFR_MILTER_PARANOID_FREE * New feature _FFR_CLASS_MAP adds these functions to sendmail. int del_class(char * class, char * string); int del_class_regex(char * class, char * regular_expression); int bufdump_class(char * class, char ** buf, size_t * buflen, size_t * bufsize, char * delim, char * matchstr, int regex); int regex_wordinclass(char * word, int class); Kclass can now be used with these parameters: -k for class name if this is not provided, the firt parameter passed to the map needs to be the class name -v for lookup type can be any of L for Lookup D for Delete A for Add U for dUmp R for regex matching to be used in Lookup, Delete and dUmp operations -z for delim since dUmp will return multiple values -a append on success -T append on failure They can be used to delete or dump values from classes. del_class_regex() and regex_wordinclass() require MAP_REGEX. Using regex mapping in bufdump_class() requires MAP_REGEX. * New milter feature flags: [K]k SMFRW_DEL - request deletion of values from classes [X]x SMFRW_REGEX - request regex matching values These depend on _FFR_CLASS_MAP and MAP_REGEX. _FFR_CLASS_MAP has been moved into external patch, available at http://www.jmaimon.com/sendmail The return status is EX_OK + the number of non-deleted strings. The non-deleted strings are returned. * Dumping contents of classes functionality has been moved into the _FFR_CLASS_MAP external patch, available at http://www.jmaimon.com/sendmail * libmilter now supports milters listening for connections on multiple sockets simultaneously. To use this feature, libmilter must be compiled with _FFR_MILTER_MULTIPLE_SOCKETS defined to 1 to turn this on. When compiled with this feature turned on, libmilter published api changes in this way: int smfi_setconn(char *oconn) erases all previous connection strings, replacing them with the single provided string. int smfi_addconn(char *oconn) adds a new connection string, maintaining a list of strings. This new function behaves in all other ways like smfi_setconn() const char *smfi_getconn(SMFICTX *ctx) returns a pointer to read-only string describing which socket the connection was made to. So in order to use this feature, simply replace calls to smfi_setconn() with smfi_addconn() and allow the path to be set multiple times. smfi_getconn() is there to allow a milter to behave differently depending on which socket the connection was made to. You could for instance use this to setup ssl tunnels with certificate validation requirements to offer enhanced milter services across the internet. The feature also causes some changes in internal libmilter api. Review the source for any details. * _FFR_MILTER_POLL_EXC modifies libmilter when used with SM_CONF_POLL to not return an error in mi_read_cmd() if POLLHUP and POLLIN are signalled together. ============================================================== V15 -- Oct 24,2006 Eighteenth documented revision. Released * smfi_sm_comm() and smfi_sm_vcomm() renamed to smfi_sm_lookup() and smfi_sm_vlookup(). This will mean a recompilation of libmilter and all milters that use the function might be neccessary. * smfi_sm_testmode() This provides access to sendmail -bt mode to milters. This is turned on by _FFR_MILTER_SM_TESTMODE compilation flags. The behavior and mechanism of accessing, configuring it and using it is similar to all other smfi_sm_*() functions. Refer to the include/libmilter/mfapi.h function documentation. There are new configuration options to turn on the feature on a global basis in the cf or mc file and to specify a ruleset to control and rewrite each set of input to the testmode. Milter.Sm_Testmode (confMILTER_SM_TESTMODE) Milter.Sm_TestmodeRuleSet (confMILTER_SM_TESTMODE_RULESET) There are also new flags to the milter F= field to enable use of the feature. O for Testmode libmilter has these new functions: smfi_sm_testmode() and smfi_sm_vtestmode() These new flags are introduced: SMFRW_TM_DEBUG - requests that the debug flags passed in be used. SMFRW_TM_ONE - requests that only one testmode process be used for all input. SMFRW_MULTIPLE_CONT can be used for continued testmode with bad statuses (without SMFRW_TM_ONE). SMFRW_EXPAND and SMFRW_DOLLARS operate on the supplied input as well, if requested. SMFRW_PRESCAN should only be used if you know why you would want to. These flags are controlled by providing arguments to the MilterTestmode cf option and by using the new Milter E= field. Uppercase disallows and lowercase allows the flag to be used. The new flags are as follows: BbIi Defaults are [] [B]b SMFRW_TM_DEBUG - Request debug flags be used I[i] SMFRW_TM_ONE - Request only one testmode process be used. * Now you can call rulesets to examine and possibly change the results and/or the response of a milter, if ruleset flag R is used. This feature should be expected to behave in the same manner as the original _FFR_MILTER_RWSETS feature. For some of these commands continuing the milter after altering them may not be possible. Those are marked with *. The preceeding paragraph does not apply to milters that signal SMFIF_TRYREJECT in conjunction with the _FFR_MILTER_RWSETS_SPIKE feature. To replace the milter command, the ruleset must return either of the following mailers: #ok #relay or #accept and the the new command must be the first character of the returned ruleset following the mailer selection. The remainder of the response format is undocumented, study the workspace input to the rulesets and return something similar. The supported commands and their corresponding character is as follows: (taken from "include/libmilter/mfdef.h") SMFIR_ADDRCPT '+' /* add recipient */ SMFIR_DELRCPT '-' /* remove recipient */ *SMFIR_ACCEPT 'a' /* accept */ *SMFIR_REPLBODY 'b' /* replace body (chunk) */ SMFIR_CONTINUE 'c' /* continue */ *SMFIR_DISCARD 'd' /* discard */ *SMFIR_CONN_FAIL 'f' /* cause a connection failure */ SMFIR_CHGHEADER 'm' /* change header */ SMFIR_PROGRESS 'p' /* progress */ *SMFIR_REJECT 'r' /* reject */ *SMFIR_TEMPFAIL 't' /* tempfail */ *SMFIR_SHUTDOWN '4' /* 421: shutdown (internal to MTA) */ SMFIR_ADDHEADER 'h' /* add header */ SMFIR_INSHEADER 'i' /* insert header */ *SMFIR_REPLYCODE 'y' /* reply code etc */ *SMFIR_QUARANTINE 'q' /* quarantine */ This feature is turned on by compiling sendmail with _FFR_MILTER_RWSETS_RESPONSE This feature can be turned on independently of _FFR_MILTER_RWSETS and needs to be turned on with a new option of Milter.RwsetsResponse or confMILTER_RWSETS_RESPONSE Be warned. Many of these milter commands do not have any data to preseed the workspace. Your rulesets for them need to be able to expect a blank workspace. * macro {milter_cmd} is now defined to the character of the milter command during milter rulesets. This should make it easier to share rulesets. * in a slight departure from sendmail normal syntax, now multiple milter cmds can be specified in one ruleset equation, something like this "R=+-mih:R:ResponseRS;C:ConnectRS;MR:MailRcptRS" * attempt better compatibility with sendmail feature _FFR_MILTER_NOHDR_RESP, still completely untested. Now if any of SMFIF_EAGAIN, SMFIF_REWRITE, SMFIF_SM_CLASS, SMFIF_SM_MAP, SMFIF_SM_MACRO are turned on, the MTA will wait for those commands during Header commands. This feature may now be turned on with the SMFIF_NOHREPL milter description flag. * Internal: restructure milter cmd logic handling with regards to milter rulesets * Internal: _FFR_MILTER_SM_LOOKUP is now used wherever either _FFR_MILTER_{REWRITE||SM_*} used to be. * A new SMFIF flag SMFIF_NOHREPL_LOOKUP which is used with the _FFR_MILTER_NOHDR_RESP feature. This disables the ability of a milter to send lookup commands to the MTA during Header commands and as such the MTA does not wait for them. * A new semi-related feature, turned on with _FFR_MILTER_NOBOD_RESP which disables replies to MTA during Body commands, thereby speeding things up. This needs to also be turned on in the milter by selecting SMFIF_NOBREPL. If any of SMFIF_EAGAIN, SMFIF_REWRITE, SMFIF_SM_CLASS, SMFIF_SM_MAP, SMFIF_SM_MACRO are turned on, the MTA will wait for those commands during Body commands, unless SMFIF_NOBREPL_LOOKUP is also turned on. * added a paranoid memory leak check in milter_body() * previous documentation did not list the macro MILTER_MAX_RWSETS which is significant in that it controls the max amount of rulesets allowed per milter. The previous default was 25 or 5 depending on whether _FFR_MILTER_RWSETS_MULTI was turned on or off, respectively. This has been changed to 32 or 16. * _FFR_MILTER_TERMLF is a new feature similar to one proposed and discussed on comp.mail.sendmail and readable here http://www.issociate.de/board/goto/1052878/Proposal_for_new_Milter_flag..html With this feature milters can signal SMFIF_TERMLF and sendmail will not convert \n to \r\n, instead it will convert \r\n to \n. * Inclusion of a new file, milter-rrres-ffr.m4 with all described features turned on, for the users convenience. * _FFR_MILTER_SM_MACRO feature fixed so that when no value is supplied in combination with SMFRW_ADD flag, it will unset the macro. Header documentation in include/libmilter/mfapi.h updated. * _FFR_MILTER_SM_MACRO has not been properly tested, and fixes are being put into it for this release. * libmilter updates so that lookup calls can include a NULL or blank value for "rset" arg. * New sendmail and libmilter feature _FFR_MILTER_SM_LOOKUP_SEQ With this feature, you can turn on sequencing (cookie) of sendmail lookup commands from milters. This would be usefull if there existed the possibility of receiving the wrong response to a milter sendmail lookup command. You need to enable the sequencing on a per milter basis with the 'Y' flag in the F= milter field and the milter must request the feature with SMFIF_SM_LOOKUP_SEQ. As implemented, the sequencing is thread safe, but since all the lookup commands currently are NOT, then this makes little difference. Milter lookup commands that fail due to sequencing will return either MI_E_NO_SEQ or MI_E_SEQ. * New libmilter feature _FFR_MILTER_SM_LOOKUP_LOCK This feature enables thread locking for lookup calls, thereby enabling the possibility of making the lookups thread safe for user threads in the milter. This locking includes protecting _FFR_MILTER_EAGAIN_LOCK * The locking performed by the _FFR_MILTER_SM_LOOKUP_LOCK _FFR_MILTER_SM_LOOKUP_SEQ features may be turned on with either of these SMFIF_SM_LOOKUP_LOCK SMFIF_SM_LOOKUP_SEQ_LOCK flags. Corresponding SMFIP_ flags also exist. They are internally the same value, since it doesnt make sense to want locking for one and not the other. Since the motivation for locking would be that there would be more than one thread per socket connection, those would be user invoked threads and therefore the user needs locking for both sequence numbers and for lookup calls so that one thread's read follows its write. * New internal to sendmail milter function milter_writev() This is turned on by compiling sendmail with _FFR_MILTER_WRITEV With this feature, milter_write() is a wrapper to milter_writev(). * New feature _FFR_MILTER_RETRY_WRITEV wraps milter_write[v]() with a retry loop. Modeled after the one found in libmilter/comm.c * Macro {milter_rcvd_options} is set to a string containing characters for each option requested by the milter. The character set is the "on" flag character. For example, the string will contain a 'n' if the milter sends SMFRW_EXPAND in its options. If you change the macro value the new value will be parsed into the new options and will be checked against the option policy for the lookup request. To this end a new option, SMFRW_OFF has been introduced. If is only valid to be in the milter requsted option list if it is intended to abort the lookup operation with a MI_E_EMPTY error. [F]f SMFRW_OFF - Cause the lookup feature to be disallowed Additionaly, to make this truly usefull another new macro {ftr_option_nm} is also available. It describes the name of the lookup feature in use. The value will be the same as the cf file option name for that feature. * Now all features that use a ruleset for rewriting the names can also use a ruleset for rewriting the strings. Seperate the rulesets with a '/'. The code that does this is a horrible ugly hack. As an example: define(`confMILTER_REWRITE_RULESET', `rewrite_ruleset/rewrite_ruleset_strings')dnl The previously described new macros are available to these rulesets. * Fixed a bug in handling names without SMFRW_MULTIPLE selected. All kinds of bad things would happen otherwise. * Now map results map be split into strings by map delimiter IF it has one. To do this, use this new Milter option J[j] SMFRW_MAPDELIM - Cause the map lookup results to split into strings by map delimiter if it has one This flag must be accompanied with SMFRW_CONDELSE to turn off splitting with CONDELSE which isnt compatible. * Unrelated minor feature _FFR_MILTER_DEBUG_MACROS which simply outputs the macros sent by the MTA if milter debug level is > 8. This can be usefull to correlate libmilter debug messages with sendmail queue-ids and similar. * Unrelated minor feature _FFR_MILTER_RD_TIMEOUT_LOUD and _FFR_MILTER_RD_TIMEOUT_LOUD_DEBUG The first ensures that libmilter syslogs whenever a read times out and the seconds also outputs debug output (no matter what libmilter debug level is). * verbose-milter now needs to be compiled with llist.c which is now included. ============================================================== V14 -- Mar 12,2006 Seventeenth documented revision. Released * smfi_vrewrite now also accepts strings like smfi_rewrite(). variadic arguments are then added to that. Therefore care should be taken so that the pointer supplied as char***strvp deref to (char**) NULL if there are no strings supplied. Otherwise it will be treated as a null terminated array of strings just like smfi_rewrite() does. * smfi_rewrite() now accepts a list of rulesets, seperated by commas, turned on by SMFRW_MULTIPLE option. The output of the one rule is used for the input to the next. Rules are proccessed left to right. By default, rulesets returning $#error, $#abort, $#discard will stop the processing. To override this, use the SMFRW_MULTIPLE_CONT option. * rewrite-like access to sendmail extended to maps, classes and macros. These are turned on by _FFR_MILTER_SM_MAP _FFR_MILTER_SM_CLASS _FFR_MILTER_SM_MACRO compilation flags. The behavior and mechanism of accessing, configuring them and using it is similar. There are new configuration options to turn on the features on a global basis in the cf or mc file and to specify a ruleset to control access to the maps, classes, macros. There are also new flags to the milter F= field to enable use of the feature(s). Milter.Sm_Map (confMILTER_SM_MAP) Milter.Sm_MapRuleSet (confMILTER_SM_MAP_RULESET) Milter.Sm_Class (confMILTER_SM_CLASS) Milter.Sm_ClassRuleSet (confMILTER_SM_CLASS_RULESET) Milter.Sm_Macro (confMILTER_SM_MACRO) Milter.Sm_MacroRuleSet (confMILTER_SM_MACRO_RULESET) P for MAP C for Class M for Macro libmilter has these new functions smfi_sm_map() smfi_sm_vmap() smfi_sm_class() smfi_sm_vclass smfi_sm_macro() smfi_sm_vmacro() New flags allow, among other things, to set values in classes and maps. Internally almost all code involved with the original _FFR_MILTER_REWRITE feature has been very much rewritten in order to accomodate the new features with a minimum of duplication of code. Flags that a milter can signal can now be controlled on a global per feature basis or on a per milter for all feature basis. These flags are supplied by providing arguments to the (for example) MilterRewrite cf option and by using the new Milter E= field. A feature must be turned on globally and per milter for the milter to use it. Uppercase disallows and lowercase allows the flag to be used. The flags as follows: OoUuDdPpMmCcEeLlAaRrTtQqHhNn Defaults are [] O[o] SMFRW_ON (feature is turned on) U[u] SMFRW_UNFILTER (unfilter rewrites) [D]d SMFRW_DOLLARS (expand sendmail dollars) [P]p SMFRW_PRESCAN (prescan input and output) M[m] SMFRW_MULTIPLE (multiple names in input) C[c] SMFRW_MULTIPLE_CONT (continue next name on status < EX_OK) E[e] SMFRW_CONDELSE (process $| as string seperator) [L]l SMFRW_DUMP (dump contents of name) [A]a SMFRW_ADD (add value to name - class, macro) R[r] SMFRW_NORETSTR (dont return any strings) G[g] SMFRW_NEGMATCH (invert the status) T[t] SMFRW_OPTIONAL (disallowed flags are removed) [Q]q SMFRW_REQUIRED (disallowed flags terminate processing) H[h] SMFRW_ALLMATCH (match all values against names) [N]n SMFRW_EXPAND (macro expansion performed on input) * translating of sendmail dollar symbols is available with the SNFRW_DOLLARS option. * Setting of class values and/or macro values is performed with the SMFRW_ADD option. * Class values can be "dumped" back to the milter with the option SMFRW_DUMP * Classes, macros, maps also support multiple values like rewrite. * One can insist on matching all values in one supplied class, matching at least one value in all supplied classes or matching all values in any supplied class. SMFRW_ALLMATCH combined with SMFRW_MULTIPLE_CONT results in returning success if all supplied values matched at one of the supplied classes. * One can flag not to receive any strings back to the milter, just to return status with SMFRW_NORETSTR * How disallowed flags are handled (lookup rejected or flag ignored) is controlled with SMFRW_OPTIONAL or SMFRW_REQUIRED set in either global cf file option, milter E= field or milter function call flag * Many bugs are expected for this release. * verbose_milter.c has been updated to include tests for the new features, consult its command line arguments, and compile it with the same definitions used for libmilter * Just to make this clear: All calls to variadic functions must be terminated with a NULL argument. Updated function doc in header file * Fixed MilterRewriteRuleset which was broken in all previous versions * If smfi_rewrite and friends do not receive anything other than a status code, nothing would be stored back. This could cause a SEGV on unassuming milters who would free the pointer array. Now NULL is stored. * Original Documentation incorrectly states that an empty response from sendmail to rewrite/lookup commands would cause a return of MI_SUCCESS. Libmilter will flag that as MI_E_EMPTY in all cases where sendmail does not reply with at least a status code, in which case it may be assumed that the call to smfi_rewrite and friends requires no free()ing. Sendmail should always return a status for every call unless an unrecoverable error occured, preventing it from guaranteeing correct results for the lookup operation. * Detect where rewrites of the supplied names using the feature's configured ruleset (e.g. MilterRewriteRuleset) returns its input. Treat it as a ruleset that wishes to permit the name and change nothing. Log accordingly with a debug level of 77,5. This is incorrect behavior. A milter wishing to allow the lookup to the supplied name should.... * Well thats a bit harsh, seeing as there was no documented method to indicate that the feature ruleset wanted todo nothing. So now to permit and do nothing return any of the mailers $#ok $#relay $#accept all which indicate a status greater than EX_OK Alternatively, return an empty workspace. The rewrite may be used to replace names by returning an EX_OK status (no mailer selected) and the workspace contained in names. Multiple names can be returned, regardless of whether the milter signalled for multiple names. Seperate multiple names with $| NOT ',' * By the same token, returning with #error #discard #abort will all cause the lookup call to return with no status to the milter, causing the milter call to return with the MI_E_EMPTY error code. * _FFR_MILTER_EAGAIN_LOCK has been added. Previously, calls to smfi_sm_comm() that resulted in MI_E_EAGAIN depended on the calling milter app to detect that error and not perform any more lookups. With this defined, the decision is removed from the milters control. Libmilter will return MI_E_EAGAIN on every subsequent call to smfi_sm_comm() until the lock is reset by libmilter receiving a normal protocol command IN the proper location (mi_engine). * Inclusion of unrelated new feature, where compiling with _FFR_MILTER_OPENCLOSE changes libmilter behavior not to call any callback functions for smtp QUIT IF the libmilter has not previously called the CONNECT callback (if it exists). As suggested by Claus Aßmann http://groups.google.com/group/comp.mail.sendmail/browse_frm/thread/e05c90a8f0605e57/03528ceae4f255fc?hl=en#03528ceae4f255fc * Changes to values in libmilter/mfdef.h and libmilter/mfapi.h may cause problems running certain milters with certain features compiled into sendmail and libmilter if the sendmail and libmilter are not on the same version of this patch. If you are experiencing any problems with MTA<->milter negotiation recompile/reinstall sendmail and libmilter against this version of the patch with the same _FFR_MILTER* definitions. * milter_rewrite() will now return immediately with EX_OK if no ruleset value is provided. It will not set to NULL any supplied buffer address. * early return from some functions could leave macro milter-name defined. * A new timeout L controls the amount a time a milter can spend consecutively on lookup operations. A milter that violates the timeout will be set to error status for the duration of that connection. Default is 60 seconds. * Apparently the work on rcpt handling in V11 introduced a bug, where certain macros would be set to NULL too early. This has been fixed. ============================================================== V13b -- March 06, 2006 Sixteenth documented revision. Released * Bug in ruleset result handling. Rulesets that returned #abort did not cause the milter to be aborted. All versions from v8 - v13a have this bug. ============================================================== V13a -- October 30, 2005 Fifteenth documented revision. Unreleased * made compatible with 8.13.5 libmilter changes * fix compiler warnings ================================================================ V13 -- October 30, 2005 Fourteenth documented revision. Released * Added check for NULL input in smfi_vrewrite(). * Added check for NULL input in smfi_rewrite(). If desired, you can now ask for rewrite rule results without passing in any strings or getting any back. * Added checks for not NULL before calls to free(). ============================================================== V12a -- October 30, 2005 Thirteenth documented revision. Released * made compatible with 8.13.5 libmilter changes * fix compiler warnings ============================================================== V12 -- April 1, 2005 Twelfth documented revision. Released * Fixed potential uninitalized pointer deref in removeutagaddr() * _FFR_MILTER_READWRITE_CHECKS None of these should be neccessary in 8.13.4, but they are there to ensure milter communication does not continue if the milter is in an error condition. * Updated _FFR_ definitions for printing on -d1 * If you use this patch, let me know. * Fixed debugging for rewrites category numbers that got missed. * Fixed real doozy of a bug with a misplaced ! in features _FFR_MILTER_NOEOB and _FFR_MILTER_NOBODY_EARLY that caused all milters eom actions to be completely ignored. ============================================================= V11c -- March 28, 2005 Eleventh documented revision. Released * Recreate patch against 8.13.4 * Trace/Debug category numbers are different See sendmail/TRACEFLAGS ============================================================== V11b -- March 2, 2005 Tenth documented revision. Released * Fix regression in milter-rulesets causing milter timeouts * Change _FFR_MILTER_NOEOB and _FFR_MILTER_NOBODY_EARLY implementation. ============================================================== V11 -- February 28, 2005 Ninth documented revision. Released * Fix an issue where sendmail could segfault if writing macros to a milter caused a sigpipe before the EOB milter command. * _FFR_MILTER_RCPT_DEL changes the way recipient rejected by milters are removed from the delivery list. This causes sendmail to free the address entry and remove it from the chain of recipients, instead of marking it removed. * Work on milter_rcpt_error portion of patch, which is still a mess of gotos. * New milter ruleset flag O which means cOntinue to next ruleset. Use this to set flag S but continue to proccess the next ruleset. If there are no more rulesets, the ruleset proccessing terminates as if successfull and milter handling continues as normal. Usefull if you want to prevent rejections but still handle the recipient, so for example you would flag the ruleset as 'SNO'. This presumes the milter will do something usefull in addition to attempting to reject the email. Also conceivably usefull if you want the ruleset to do something and want to ensure that it has no other effect on milter proccessing. You would flag it as 'O' and the next ruleset as 'C'. * Mailers selected by rulesets are now case insesitive. * Fixes to rcpt handling include changing the order of setting/unsetting macros and proper counting of badrcpts. * Fixed issue where milter responses were not listened for again after a rewrite request during milter EOB callback stage * Milters may no longer need to receive an End Of Body command if they do not register a callback for it. This is selected by compiling sendmail with _FFR_MILTER_NOEOB * Milters may be sent an abort message early on during the data phase of the message if they have no callbacks registered for the message body. Turn this on by compiling sendmail with _FFR_MILTER_NOEOB and _FFR_MILTER_NOBODY_EARLY * Some small code flow and comment changes. Added some gotos. ============================================================== V10a -- December 16, 2004 Eighth documented revision. Released * Recreate patch against 8.13.2 ============================================================== V10 -- December 14, 2004 Seventh documented revision. Released * As a suggestion, one sure way of leaving the workspace as is from a ruleset is to use the macro map usualy named storage and store the ruleset's input there. Pop it out before returning. Something like this: R$* $: $(storage {ruleset_X_args} $@ $1 $) $1 R$* $: $>Canonify $1 ...... R$* $: $&{ruleset_X_args} R$* $: $(storage {ruleset_X_args} $@ $) $1 R$* $@ $1 * New milter ruleset flag C. This flag ensures that the ruleset gets a "clean slate" workspace. This is only needed following rulesets which use either R or W ruleset flags. * New milter ruleset flag W. This flag uses the workspace output of one ruleset as the input to the next ruleset for the milter cmd state. The workspace is NOT sent to the milter (unless followed by a ruleset with R flagged). * New and updated debug output statements. * Properly intialize ruleset flags, fixing several problems. ============================================================ V9 -- December 09, 2004 Sixth documented revision. Released * Big bug fix! Handling of milter rcpt errors was flawed in that rcpts that a milter rejected were delivered to anyway if the smtp session continued successfully (there was a valid rcpt). Compiling with -D_FFR_MILTER_RCPT_ERROR undefined in all previous versions would likely still exhibit the same bug. This version contains a tag and sweep so that rcpts the milter rejects are treated as if the milter called smfi_delrcpt(). (This bug is here because the milter call is placed after sendmail does nearly everything else on the recipient, including saving it in the list of recipients. There is no other way to either avoid sending error'd recipients to milter or to mark error'd recipients as such when sending them to the milter.) Included in the patch tarball is the diff between v8-v9 which contains this fix only. It should apply clean to previous versions. ============================================================ V8 -- December 07, 2004 Fifth documented revision. Released * Tracelevel 72-75 categories and debugging statements added. (more probably needed) * Beware! Rulesets for Milter Connect should not touch any input past the first $| because that includes binary data. Passing it into the RHS is asking for SYSERR messages. * The macro milter_name is now defined to the configured name of the milter during calls to rulesets for both the rwsets and rewrite features. * Milter ruleset flag N has been added. This effectively negates the result of the ruleset on the milter action. So if the milter ruleset does not resolve to one of the mailers then it is as if it resolved to $#discard. If the milter ruleset resolved to one of the mailers, its as if it did not. As a special case, if the milter ruleset resolves to $#relay its as if it resolved to $#abort * Changes in V7.a have been abandoned. Currently access to maps and classes should be provided to milters by way of ruleset rewrite calls. ============================================================ V7.a -- October 2?, 2004 Fourth documented revision. Unreleased -- Abandoned * -D_FFR_MILTER_SM_MAP enables compiling into sendmail/libmilter and milters support for milters to lookup values in sendmail maps. smfi_getmapvals() and smfi_vgetmapvals() are introduced by this. Milters must have the M flag and sendmail.mc needs this line define(`confMILTER_SM_MAP')dnl in order to allow a milter to use this functionality. A ruleset to reject/rewrite/permit map access may be defined by this line in semdail.mc define(`confMILTER_SM_MAP_RULESET', `rulesetname')dnl The named ruleset will be passed mapname $| miltername The behavior of the ruleset is as documented for the smfi_rewrite() feature. If it does not exist all map accesses are allowed. ========================================================= V7 -- November 15, 2004 Third documented version. Released. ========================================================== V7 -- October 20, 2004 Third documented version. Unreleased. * Updated _FFR_ definitions for printing on -d1 * _FFR_MILTER_MACROS_NOEMPTY no longer pre-set When compiling sendmail with -D_FFR_MILTER_MACROS_NOEMPTY sendmail will not send the macros command to the milter if there are no macros to send. * _FFR_MILTER_RCPT_ERROR not defined by default. This means that after patching and recompiling sendmail WITHOUT -D_FFR_MILTER_RCPT_ERROR sendmail's behavior will be different and will no longer send to Milters recipients who are undeliverable. I suspect most people would consider this a more reasonable approach. * Previous documentation did not make clear that SMFIF_TRYREJECTS will still not receive a ABORT command once in eom() stage. So data can be freed by first reject or by abort or by eom or by close. If the milter wants the data back again after unsuccessfull reject a workable solution may be to store or mark the data in such a way as it can be detected and free upon a new message start or abort command or by connection close. * Previous EAGAIN documentation left out that the EAGAIN feature includes a new timeout 'G'. =============================================== V6 -- October 19, 2004 Second documented version. Released. * Milter ruleset configuration now takes optional flags between like this: R=R:FRS:RcptRuleset This form is optional. R=R:RcptRuleSet will be parsed as no flags. These are the supported flags for milter rulesets: U -- When processing rulesets do not strip ($#,$@,$:) from ruleset workspace results. This only applies when any rewriting/replacing of workspace is done. F -- Opposite of above. Current default. R -- Replace workspace with rewrite results. Processes resulting workspace in accordance with the U or F flags. In all cases, if this flag is specified, this will be the workspace handed to any rulesets later defined for this milter cmd stage. When an (internally) marked safe ruleset definition is encountered, the data passed to the milter will be replaced by this rulesets workspace. S -- Spike rejections. If this ruleset results in filtering this command from the milter, the milter will be prevented from causing a rejection or discard of the email. This needs to be turned on by compiling sendmail with -D_FFR_MILTER_RWSETS_SPIKE Without this, the flag will be accepted and be a noop. * smfi_rewrite() has been modified to take an additional argument for options. Options are OR'd together and include: SMFRS_UNFILTER -- produces the same behavior as milter ruleset flag 'U'. SMFRS_CONDELSE -- MTA should not process $| as a string seperator in the results it sends back to the milter. * smfi_vrewrite() has been added. This function takes a variable number of not NULL arguments of pointer to char(strings). It then calls smfi_rewrite after processing them. For all other purposes, this is identical to smfi_rewrite() The first not NULL argument will terminate proccessing of the list of arguments. So dont do that. * SMFIF_TRYREJECT has been added. This is an additional milter flag to be OR'd into smfi.xxxFlags. This will cause the milter to negotiate the following behavior from sendmail. Normally a milter that tells the MTA to reject or tempfail a message does not expect any additional processing for that message, except for the xxxrcpt. With this flag set, should the MTA refuse to process the rejection/tempfail, the milter has indicated that it still wishes to continue proccessing the message. This is designed to work with behavior caused by the milter ruleset flag 'S'. This is a departure from current milter protocol. A milter that sets this flag must be prepared to continue processing a message that it has already rejected. It should not expect to continue processing the message. All message resources should be set to secondary pending reject status at the point of sending a rejection. The MTA should send an abort (or close) if the rejection was successfull. This is a departure from previous protocol behavior. At this point the rejected resources should be free'd and marked NULL. If the MTA continues with current message, the milter may choose to reinstate the rejected data. To enable this, libmilter and the milter must be recompiled with -D_FFR_MILTER_RWSETS_SPIKE * Fixed typo in smfi_getmaxdatasize() Interaction still untested. * Paranoia checks (somewhat messy) that should keep milter_envrcpt well fed in the event of error rcpts being sent to it courtesy of _FFR_MILTER_RCPT_ERROR and _FFR_MILTER_RCPT_ERROR_ALL * Interaction with -D_FFR_MILTER_NOHDR_RESP is not well tested. ================================================ V5 -- October 13, 2004 First documented version. Released. * macro command is not sent to the milter if there are no macros to send.