Fri Feb 11 12:32:01 EST 2000 - (Greg A. Woods) woods@planix.com This BETA release of Smail fixes a few more bugs in the previous beta. The most important fix is for a remote relay vulnerability that was detectable by ORBS. The really annoying problem I introduced a while ago that caused aliases like "user: user@localhost" to go into an endless loop has been fixed too. Pre-hashing of already delivered recipients from partially processed messages in the queue should actually work now and this will prevent re-routing them and thus avoid a potentially large number of DNS lookups and other routing activities during queue runs, just as it was originally designed to do. A security-related fix to rate limit EXPN and VRFY commands (what some folks call a "tar pit") has been implemented (see the new config variables smtp_expn_delay and smtp_vrfy_delay). Another somewhat security-related fix adds hard enforcement of max_message_size for all messages received by SMTP, not just ESMTP as was previously. This latter change also revealed that there are commonly used mailers (mostly on NT) that simply ignore the ESMTP SIZE option and will send big messages anyway. This won't be allowed any more and it's noted in the log so you can see which ones are problematic. Be warned though that some really dumb end-user MUAs don't honour 552 responses to the final DATA '.' and treat it as a deferral, trying again over and over again until the user has the idea to check their outgoing message folder. Messages stuck to invalid or down hosts without MX records should bounce again. On the other hand some types of "connection refused" errors were causing immediate bounces, and that should be fixed too. Messages routed via a smarthost won't cause the queue to block if there's some problem with the target host, i.e. the retry file for the target host will be locked instead of the "next" host which is the smarthost. This should prevent bottlenecks in the queue when using the smarthost feature. After battling a major outgoing queue overflow at one of my client sites I discovered that it might make more sense to always have retry_interval at least twice as large as queue_interval (i.e. what's given as "-qN"). This is now the default but of course it can easily be changed by specifying a retry_interval of your choice. If you have any experience in queueing theory and statistics I'd like to discuss my reasoning with you to see if I'm on the right track or not. One subtle change in the parsing of the retry file is that now a missing value defaults to the global default and not '0', and the use of '0' for retry_interval now means to use the queue_interval*2 metric instead of literally zero which previously prevented the retry_duration from ever having any effect. There may be a remaining problem with retry files that don't specify a wildcard entry, but that can obviously be avoided by simply specifying one that matches the defaults, i.e.: "* /". EXPN will now properly omit duplicates in their output and with both VRFY and EXPN it will now be possible to continue and actually send a message to the tested address (previously it would claim the address had already been seen due to the duplicate detection via a re-used hash table). The "250" message sent after the DATA '.' command will note whether the message has just been queued for later delivery or not (eg. for messages received between smtp_accept_queue and smtp_accept_max). More fixes have been made to conf/EDITME-netbsdpkg to better integrate with the "mailwrapper" front-end. A prototype NetBSD pkgsrc module is available from me for those who would like to install Smail that way. The patch in contrib/patch.etrn has been updated too. Just for fun the message body size is now printed by 'mailq'. Finally the "bouncemail" script has been made to work again (and should be more aesthetically pleasing on BSD machines now too!). As always the ToDo and PROJECTS files list a growing number of things that various people think should be worked on. Patches that eliminate items from these files are always welcome! If you'd like to work on any of the bigger projects just send a note to and let us know so we can help co-ordinate and possibly give you access to the CVS repository. See the README and the file Smail3-devel for more information. Remember to use the smailbug utility to submit patches, change requests, bug reports and other stuff that needs to be recorded so it won't get lost or forgotten! (There's now a symlink installed in the smail_bin_dir to make it easier to access this script, and there's a new manual page for it too.)