rsalz@bbn.com (Rich Salz) (11/14/88)
Many readers here will no doubt be interested in today's comp.sources.unix posting, the IDA Sendmail kit: | Submitted-by: Lennart Lovstrand <lovstran@arisia.xerox.com> | Posting-number: Volume 16, Issue 73 | Archive-name: ida2/part01 | | Hello & Welcome to the IDA* Sendmail Enhancement Kit (rev 1.2.5). | | The Kit includes a set of source code modifications to the BSD 4.3 | sendmail program version 5.59. The changes will enable sendmail to have | direct access to dbm(3) files and Sun's Yellow Pages, separate envelope/ | header rewriting rulesets, and multi-token class matches among other | things. Various bug fixes and other improvements has also been included. | | As a separate part of the Kit is the IDA Sendmail Master Configuration | file and a sample setups used at the CIS Dept, U of Linkoping and at | Rank Xerox EuroPARC. The configuration file together with the supplied | data files and utility programs implement such nice features as pathalias | based systems routing within sendmail, fully !-/@-translating rulesets, | and generic local user addresses and again much more. See the "M4 | IDENTIFIERS" section in ida/cf/Sendmail.mc for details and options. | | Finally, there is an accompanying paper on mail addressing issues in | general and hybrid addresses in particular. Included in the paper is a | description of the changes to sendmail and the configuration setup. | Note however that the paper was written for the original (1.0) revision | of the Kit and that it therefore may be out of date on some details. See | the supplied README and INSTALL files for up-to-date information. | | To unpack the Kit, preferrably first cd to your sendmail source directory | and then send the rest of this message and the following seven through | /bin/sh or unshar. This should create a new "ida" subdirectory with all | the Kit's files. | | If you are on the ARPA Internet, you may choose to retrieve the Kit | in compressed tar format from ~ftp/pub1/ida.tar.Z on Arisia.Xerox.COM | using anonymous ftp. A compressed executable binary of IDA sendmail for | Sun-3/SunOS 3.x is also available as ~ftp/pub1/ida-sendmail-sun3.Z. | | Enjoy! | --Lennart | | *) IDA is an abbreviation of "Institutionen for Datavetenskap", Swedish | for "The Department of Computer and Information Science". Under no | circumstance should it be confused with the IDA that stands for the | Institute for Defense Analysis, with which the author has no | relationship to nor wish to become associated with. -- Please send comp.sources.unix-related mail to rsalz@uunet.uu.net.
Lovstrand.pa@Xerox.COM (11/16/88)
In article <1193@fig.bbn.com> rsalz@bbn.com (Rich Salz) writes: > Many readers here will no doubt be interested in today's comp.sources.unix > posting, the IDA Sendmail kit: > > | Submitted-by: Lennart Lovstrand <lovstran@arisia.xerox.com> > | Posting-number: Volume 16, Issue 73 > | Archive-name: ida2/part01 > | > | Hello & Welcome to the IDA* Sendmail Enhancement Kit (rev 1.2.5). Please note that this version was sent out before the time of the Arpanet Worm and therefore still has the SMTP debug command enabled. The lastest revision of the Kit, 1.2.8, doesn't. It also includes some improved error reporting code for SMTP delivery and a bugfix for cases when network connections prematurely are closed, causing sendmail to dump core. Available as stated below (sorry, no patch update yet): > | If you are on the ARPA Internet, you may choose to retrieve the Kit > | in compressed tar format from ~ftp/pub1/ida.tar.Z on Arisia.Xerox.COM > | using anonymous ftp. A compressed executable binary of IDA sendmail for > | Sun-3/SunOS 3.x is also available as ~ftp/pub1/ida-sendmail-sun3.Z. Now also available is a compressed binary for Sun-4/SunOS 4.0 in pub1/ida-sendmail-sun4.Z. Paranoic people should check that all files have been written by uid 400. ftp> ls "-l pub1/ida*" 200 PORT command okay. 150 Opening data connection for /bin/ls (13.1.100.206,2111) (0 bytes). -rw-r--r-- 1 400 116189 Nov 11 02:55 pub1/ida-sendmail-sun3.Z -rw-r--r-- 1 400 99469 Nov 11 02:52 pub1/ida-sendmail-sun4.Z -rw-r--r-- 1 400 190939 Nov 11 03:21 pub1/ida.tar.Z 226 Transfer complete. Different people has written to me with propositions on how to improve the MX lookup code -- to those: thanks for your suggestions & patches, but sorry for not having responded yet. I haven't included any of it in the Kit because the solutions offered doesn't seem to fit with the current use of $[...$] for both name canonicalization and as a predicate for SMTP/TCP deliverability. I hope to get around to do something about it eventually though... ...or convert to smail-3 or Zmailer or... (one of these days, you know) > Please send comp.sources.unix-related mail to rsalz@uunet.uu.net. Yes, please do! And thanks, Rich. --Lennart <Lovstrand.EuroPARC@Xerox.COM> Rank Xerox EuroPARC, 61 Regent St, Cambridge, CB2 1AB, U.K. (God, it is horrible to telnet over satellite links!)
james@bigtex.cactus.org (James Van Artsdalen) (11/18/88)
In <445@arisia.Xerox.COM>, Lovstrand.pa@Xerox.COM wrote: > Please note that this version was sent out before the time of the > Arpanet Worm and therefore still has the SMTP debug command enabled. > The lastest revision of the Kit, 1.2.8, doesn't. Please do NOT go around disabling "debug" in source distributions! You do NOT close the wormhole by disabling the SMTP debug command. The wormhole was only indirectly related to the "debug". Those who smugly kill the "debug" word are in for a surprise: those who turn off all debugging code are making their lives needlessly miserable. -- James R. Van Artsdalen james@bigtex.cactus.org "Live Free or Die" Home: 512-346-2444 Work: 338-8789 9505 Arboretum Blvd Austin TX 78759
jordan@zooks.ads.com (Jordan Hayes) (11/18/88)
James Van Artsdalen <james@bigtex.cactus.org> writes:
The wormhole was only indirectly related to the "debug". Those
who smugly kill the "debug" word are in for a surprise;
Um, how so? The only other way to turn on debugging requires command
line arguments, and if you run sendmail that way, the script will get
run as you (not daemon) ... to be sure, the "fix" that was distributed
by UCB was not the best one, but it certainly closes that hole.
Sendmail tries real hard (sometimes *too* hard) to run things as
non-priveledged as possible when it can.
those who turn off all debugging code are making their lives
needlessly miserable.
Why is that? How often do you use the debugging features? I have a
non-set-uid version in my bin that I use for configuration file
hacking, but you should normally not ever need it (there are some fixes
required to get all the benefits from logging with DEBUG #undef'd, but
they are rather straightforward).
/jordanjames@bigtex.cactus.org (James Van Artsdalen) (11/18/88)
In <6129@zodiac.UUCP>, jordan@ads.com (Jordan Hayes) wrote: > Um, how so? The only other way to turn on debugging requires command > line arguments, and if you run sendmail that way, the script will get > run as you (not daemon) Not true on my sendmail, which is 5.59 as distributed from Berkeley. > to be sure, the "fix" that was distributed by UCB was not the best > one, but it certainly closes that hole. The distributed patch does not close the hole in the sense that it merely makes the hole less accessible. "less accessible" != "closed". I currently know of no way to pipe to a program after the word "debug" is removed without having login access to the machine already. But there are enough strange conditions in the code that I wonder if it can't be done with the right cases of queuing, aliases & errors... -- James R. Van Artsdalen james@bigtex.cactus.org "Live Free or Die" Home: 512-346-2444 Work: 338-8789 9505 Arboretum Blvd Austin TX 78759
Lovstrand.EuroPARC@Xerox.COM (Lennart) (11/19/88)
Sender: Followup-To: Distribution: Organization: Rank Xerox EuroPARC Keywords: In article <10695@bigtex.cactus.org> james@bigtex.cactus.org (James Van Artsdalen) writes: > Please do NOT go around disabling "debug" in source distributions! > You do NOT close the wormhole by disabling the SMTP debug command. Don't despair! None of the actual debugging code has been removed and the SMTP "DEBUG" command has only been disabled by default. The normal -d switch works just as usual and you can even turn on SMTP DEBUG by defining NETDEBUG in conf.h if you think you really need it temporarily or whatever. If SMTP DEBUG means much for you, you'll probably be happy to know that it should be relatively safe to turn it on again when I get 1.2.9 over to arisia.xerox.com. This revision has had the offending tTd(0, 1) escape removed from recipient.c (yes, so debug code was actually removed in the end -- so shoot me). It will also close another potential hole that was discovered recently but which nobody seems to have tried to utilize yet. I'll probably keep NETDEBUG undefined by default, though; I still feel a bit uneasy about it. --Lennart <Lovstrand.EuroPARC@Xerox.COM> Rank Xerox EuroPARC, Cambridge, CB2 1AB, England
thomas@uplog.se (Thomas Hameenaho) (11/21/88)
The part 2 that we got was garbled. Can anyone please resend?
znks.
--
Real life: Thomas Hameenaho Email: thomas@uplog.{se,uucp}
Snail mail: TeleLOGIC Uppsala AB Phone: +46 18 189406
Box 1218 Fax: +46 18 132039
S - 751 42 Uppsala, Sweden