sendmail package update

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>

SOURCES/Sendmail-sasl2.conf

@@ -0,0 +1 @@
+pwcheck_method:saslauthd

SOURCES/sendmail-8.12.7-hesiod.patch

@@ -0,0 +1,22 @@
+--- sendmail-8.12.7/sendmail/recipient.c
++++ sendmail-8.12.7/sendmail/recipient.c
+@@ -1146,7 +1146,7 @@
+ 
+ 	*fuzzyp = false;
+ 
+-#if HESIOD
++#if disableHESIOD
+ 	/* DEC Hesiod getpwnam accepts numeric strings -- short circuit it */
+ 	for (p = name; *p != '\0'; p++)
+ 		if (!isascii(*p) || !isdigit(*p))
+--- sendmail-8.12.7/libsm/mbdb.c
++++ sendmail-8.12.7/libsm/mbdb.c
+@@ -315,7 +315,7 @@
+ {
+ 	struct passwd *pw;
+ 
+-#ifdef HESIOD
++#ifdef disableHESIOD
+ 	/* DEC Hesiod getpwnam accepts numeric strings -- short circuit it */
+ 	{
+ 		char *p;

SOURCES/sendmail-8.12.7-manpage.patch

@@ -0,0 +1,16 @@
+--- sendmail-8.12.7/sendmail/sendmail.8.manpage	2003-01-13 11:17:32.000000000 +0100
++++ sendmail-8.12.7/sendmail/sendmail.8	2003-01-13 11:17:59.000000000 +0100
+@@ -687,13 +687,11 @@
+  /var/spool/mqueue/*
+ temp files
+ .SH SEE ALSO
+-binmail(1),
+ mail(1),
+ rmail(1),
+ syslog(3),
+ aliases(5),
+ mailaddr(7),
+-rc(8)
+ .PP
+ DARPA 
+ Internet Request For Comments

SOURCES/sendmail-8.13.0-cyrus.patch

@@ -0,0 +1,11 @@
+--- sendmail-8.13.0/cf/mailer/cyrus.m4.cyrus	2004-06-30 11:47:47.116910591 +0200
++++ sendmail-8.13.0/cf/mailer/cyrus.m4	2004-06-30 11:49:02.262556546 +0200
+@@ -36,7 +36,7 @@
+ #
+ 
+ _DEFIFNOT(`CYRUS_MAILER_FLAGS', `Ah5@/:|')
+-ifdef(`CYRUS_MAILER_PATH',, `define(`CYRUS_MAILER_PATH', /usr/cyrus/bin/deliver)')
++ifdef(`CYRUS_MAILER_PATH',, `define(`CYRUS_MAILER_PATH', /usr/lib/cyrus-imapd/deliver)')
+ ifdef(`CYRUS_MAILER_ARGS',, `define(`CYRUS_MAILER_ARGS', `deliver -e -m $h -- $u')')
+ ifdef(`CYRUS_MAILER_USER',, `define(`CYRUS_MAILER_USER', `cyrus:mail')')
+ _DEFIFNOT(`CYRUS_BB_MAILER_FLAGS', `u')

SOURCES/sendmail-8.13.1-localdomain.patch

@@ -0,0 +1,11 @@
+--- sendmail-8.13.1/cf/m4/proto.m4.localdomain	2007-01-22 16:35:19.000000000 +0100
++++ sendmail-8.13.1/cf/m4/proto.m4	2007-01-22 16:36:47.000000000 +0100
+@@ -1840,6 +1840,8 @@
+ 			$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
+ R<@> < $* @ localhost.$m >
+ 			$: < ? $&{client_name} > < $1 @ localhost.$m >
++R<@> < $* @ localhost.localdomain >
++			$: < ? $&{client_name} > < $1 @ localhost.localdomain >
+ ifdef(`_NO_UUCP_', `dnl',
+ `R<@> < $* @ localhost.UUCP >
+ 			$: < ? $&{client_name} > < $1 @ localhost.UUCP >')

SOURCES/sendmail-8.13.7-pid.patch

@@ -0,0 +1,20 @@
+--- sendmail-8.13.7/cf/cf/submit.mc.pid	2006-04-05 07:54:41.000000000 +0200
++++ sendmail-8.13.7/cf/cf/submit.mc	2006-06-19 18:07:11.000000000 +0200
+@@ -15,12 +15,16 @@
+ #
+ 
+ divert(0)dnl
+-VERSIONID(`$Id: submit.mc,v 8.14 2006/04/05 05:54:41 ca Exp $')
++sinclude(`/usr/share/sendmail-cf/m4/cf.m4')dnl
++VERSIONID(`linux setup')dnl
+ define(`confCF_VERSION', `Submit')dnl
+ define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
+ define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
+ define(`confTIME_ZONE', `USE_TZ')dnl
+ define(`confDONT_INIT_GROUPS', `True')dnl
++define(`confPID_FILE', `/run/sm-client.pid')dnl
++dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl
++FEATURE(`use_ct_file')dnl
+ dnl
+ dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
+ FEATURE(`msp', `[127.0.0.1]')dnl

SOURCES/sendmail-8.13.7-vacation.patch

@@ -0,0 +1,11 @@
+--- sendmail-8.13.7/vacation/Makefile.vacation	1999-09-24 00:36:45.000000000 +0200
++++ sendmail-8.13.7/vacation/Makefile	2006-07-18 15:12:42.000000000 +0200
+@@ -1,7 +1,7 @@
+ #       $Id: Makefile,v 8.5 1999/09/23 22:36:45 ca Exp $
+ 
+ SHELL= /bin/sh
+-BUILD=   ./Build
++BUILD=   ./Build -f ../redhat.config.m4
+ OPTIONS= $(CONFIG) $(FLAGS)
+ 
+ all: FRC

SOURCES/sendmail-8.14.1-noversion.patch

@@ -0,0 +1,13 @@
+--- sendmail-8.14.1/sendmail/helpfile.noversion	2007-02-01 19:29:44.000000000 +0100
++++ sendmail-8.14.1/sendmail/helpfile	2007-04-10 16:58:16.000000000 +0200
+@@ -11,9 +11,7 @@
+ cpyr	forth in the LICENSE file which can be found at the top level of
+ cpyr	the sendmail distribution.
+ cpyr
+-cpyr	$$Id: helpfile,v 8.48 2007/02/01 18:29:44 ca Exp $$
+-cpyr
+-smtp	This is sendmail version $v
++smtp	This is sendmail
+ smtp	Topics:
+ smtp		HELO	EHLO	MAIL	RCPT	DATA
+ smtp		RSET	NOOP	QUIT	HELP	VRFY

SOURCES/sendmail-8.14.3-ipv6-bad-helo.patch

@@ -0,0 +1,8 @@
+--- sendmail-8.14.3/cf/feature/block_bad_helo.m4		2006-06-16 00:49:30.000000000 +0200
++++ sendmail-8.14.3/cf/feature/block_bad_helo.m4.ipv6-bad-helo	2010-01-03 23:28:25.000000000 +0100
+@@ -16,3 +16,5 @@
+ define(`_BLOCK_BAD_HELO_', `')dnl
+ RELAY_DOMAIN(`127.0.0.1')dnl
+ LOCAL_DOMAIN(`[127.0.0.1]')dnl
++RELAY_DOMAIN(`IPv6:::1')dnl
++LOCAL_DOMAIN(`[IPv6:::1]')dnl

SOURCES/sendmail-8.14.3-milterfdleaks.patch

@@ -0,0 +1,75 @@
+Patches by Paul Howarth
+https://bugzilla.redhat.com/show_bug.cgi?id=485426
+
+--- sendmail-8.14.3/sendmail/milter.c	2008-09-19 15:51:03.000000000 +0100
++++ sendmail-8.14.3/sendmail/milter.c	2008-09-19 16:37:57.000000000 +0100
+@@ -30,6 +30,9 @@
+ 
+ # include <sm/fdset.h>
+ 
++# include <unistd.h>
++# include <fcntl.h>
++
+ static void	milter_connect_timeout __P((int));
+ static void	milter_error __P((struct milter *, ENVELOPE *));
+ static int	milter_open __P((struct milter *, bool, ENVELOPE *));
+@@ -650,6 +653,7 @@
+ 	SOCKADDR_LEN_T addrlen = 0;
+ 	int addrno = 0;
+ 	int save_errno;
++	int fdflags;
+ 	char *p;
+ 	char *colon;
+ 	char *at;
+@@ -1186,6 +1190,21 @@
+ 			   (char *)&nodelay, sizeof(nodelay));
+ 	}
+ # endif /* MILTER_NO_NAGLE && !defined(TCP_CORK) */
++
++	/*
++	** Need to set close-on-exec for sock to prevent it
++	** leaking to the local delivery process
++	*/
++	if ((fdflags = fcntl(sock, F_GETFD, 0)) == -1 ||
++	    fcntl(sock, F_SETFD, fdflags | FD_CLOEXEC) == -1)
++	{
++		save_errno = errno;
++		if (MilterLogLevel > 0)
++			sm_syslog(LOG_WARNING, e->e_id,
++				"Milter (%s): Unable to set close-on-exec on sock (%s)",
++					m->mf_name, sm_errstring(save_errno = errno));
++	}
++
+ 	return sock;
+ }
+ 
+--- sendmail-8.14.3/libmilter/listener.c	2007-04-23 23:22:50.000000000 +0100
++++ sendmail-8.14.3/libmilter/listener.c	2008-06-18 16:36:38.000000000 +0100
+@@ -728,6 +728,7 @@
+ 	int acnt = 0;	/* error count for accept() failures */
+ 	int scnt = 0;	/* error count for select() failures */
+ 	int save_errno = 0;
++	int fdflags;
+ #if !_FFR_WORKERS_POOL
+ 	sthread_t thread_id;
+ #endif /* !_FFR_WORKERS_POOL */
+@@ -807,6 +808,19 @@
+ 		(void) smutex_unlock(&L_Mutex);
+ 
+ 		/*
++		** Need to set close-on-exec for connfd in case a user's
++		** filter starts other applications
++		*/
++		if ((fdflags = fcntl(connfd, F_GETFD, 0)) == -1 ||
++		    fcntl(connfd, F_SETFD, fdflags | FD_CLOEXEC) == -1)
++		{
++			smi_log(SMI_LOG_WARN,
++				"%s: Unable to set close-on-exec on connfd (%s)",
++				smfi->xxfi_name, sm_errstring(errno));
++			/* XXX: continue? */
++		}
++
++		/*
+ 		**  If remote side closes before accept() finishes,
+ 		**  sockaddr might not be fully filled in.
+ 		*/

SOURCES/sendmail-8.14.3-sharedmilter.patch

@@ -0,0 +1,50 @@
+diff -up sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4.sharedmilter sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4
+--- sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4.sharedmilter	2009-01-20 15:19:34.000000000 +0100
++++ sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4	2009-01-20 15:19:34.000000000 +0100
+@@ -15,22 +15,23 @@ divert(-1)
+ divert(0)dnl
+ include(confBUILDTOOLSDIR`/M4/'bldM4_TYPE_DIR`/links.m4')dnl
+ bldLIST_PUSH_ITEM(`bldC_PRODUCTS', bldCURRENT_PRODUCT)dnl
+-bldPUSH_TARGET(bldCURRENT_PRODUCT`.a')dnl
++bldPUSH_TARGET(bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL)dnl
+ bldPUSH_INSTALL_TARGET(`install-'bldCURRENT_PRODUCT)dnl
+ bldPUSH_CLEAN_TARGET(bldCURRENT_PRODUCT`-clean')dnl
+ 
+ include(confBUILDTOOLSDIR`/M4/'bldM4_TYPE_DIR`/defines.m4')
+ divert(bldTARGETS_SECTION)
+-bldCURRENT_PRODUCT.a: ${BEFORE} ${bldCURRENT_PRODUCT`OBJS'}
+-	${AR} ${AROPTS} bldCURRENT_PRODUCT.a ${bldCURRENT_PRODUCT`OBJS'}
+-	${RANLIB} ${RANLIBOPTS} bldCURRENT_PRODUCT.a
++bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL: ${BEFORE} ${bldCURRENT_PRODUCT`OBJS'}
++	${CC} ${CFLAGS} ${LDOPTS_SO} -o bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL `-Wl,'confSONAME`,'bldCURRENT_PRODUCT`.so.'confSOVER ${bldCURRENT_PRODUCT`OBJS'}
+ ifdef(`bldLINK_SOURCES', `bldMAKE_SOURCE_LINKS(bldLINK_SOURCES)')
+ 
+-install-`'bldCURRENT_PRODUCT: bldCURRENT_PRODUCT.a
++install-`'bldCURRENT_PRODUCT: bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL
+ ifdef(`bldINSTALLABLE', `	ifdef(`confMKDIR', `if [ ! -d ${DESTDIR}${bldINSTALL_DIR`'LIBDIR} ]; then confMKDIR -p ${DESTDIR}${bldINSTALL_DIR`'LIBDIR}; else :; fi ')
+-	${INSTALL} -c -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} bldCURRENT_PRODUCT.a ${DESTDIR}${LIBDIR}')
++	${LN} ${LNOPTS} bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL ${DESTDIR}${LIBDIR}/bldCURRENT_PRODUCT.so.confSOVER
++	${LN} ${LNOPTS} bldCURRENT_PRODUCT.so.confSOVER ${DESTDIR}${LIBDIR}/bldCURRENT_PRODUCT.so
++	${INSTALL} -c -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} bldCURRENT_PRODUCT.so.confSOVER`.'confSOPLVL ${DESTDIR}${LIBDIR}')
+ 
+ bldCURRENT_PRODUCT-clean:
+-	rm -f ${OBJS} bldCURRENT_PRODUCT.a ${MANPAGES}
++	rm -f ${OBJS} bldCURRENT_PRODUCT.so* ${MANPAGES}
+ 
+ divert(0)
+diff -up sendmail-8.14.3/libmilter/Makefile.m4.sharedmilter sendmail-8.14.3/libmilter/Makefile.m4
+--- sendmail-8.14.3/libmilter/Makefile.m4.sharedmilter	2008-04-08 07:23:44.000000000 +0200
++++ sendmail-8.14.3/libmilter/Makefile.m4	2009-01-20 15:26:05.000000000 +0100
+@@ -9,7 +9,11 @@ define(`confMT', `true')
+ SMSRCDIR=ifdef(`confSMSRCDIR', `confSMSRCDIR', `${SRCDIR}/sendmail')
+ PREPENDDEF(`confINCDIRS', `-I${SMSRCDIR} ')
+ 
+-bldPRODUCT_START(`library', `libmilter')
++APPENDDEF(`confOPTIMIZE', `-fno-pie -fPIC')
++define(`runCtest', `esyscmd(`echo -e "#include <stdio.h>\n#include \"../include/libmilter/mfapi.h\"\nint main(){'$1`;return 0;}" | gcc -x c -I../include -o ctest - && ./ctest && rm -f ctest')')dnl
++define(`confSOVER', runCtest(`printf(\"%d.%d\", SM_LM_VRS_MAJOR(SMFI_VERSION), SM_LM_VRS_MINOR(SMFI_VERSION))'))dnl
++define(`confSOPLVL', runCtest(`printf(\"%d\", SM_LM_VRS_PLVL(SMFI_VERSION))'))dnl
++bldPRODUCT_START(`sharedlibrary', `libmilter')
+ define(`bldINSTALLABLE', `true')
+ define(`LIBMILTER_EXTRAS', `errstring.c strl.c')
+ APPENDDEF(`confENVDEF', `-DNOT_SENDMAIL -Dsm_snprintf=snprintf')

SOURCES/sendmail-8.14.3-smrsh_paths.patch

@@ -0,0 +1,182 @@
+diff -up sendmail-8.14.3/smrsh/README.smrsh_paths sendmail-8.14.3/smrsh/README
+--- sendmail-8.14.3/smrsh/README.smrsh_paths	2008-02-12 17:40:06.000000000 +0100
++++ sendmail-8.14.3/smrsh/README	2008-07-15 14:40:36.000000000 +0200
+@@ -6,7 +6,7 @@ Software Engineering Institute, Carnegie
+ intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability,
+ and to the software, smrsh.c, written by Eric Allman.
+ 
+-
++* Modified by Red Hat, Inc., to reflect different paths. *
+ 
+ The smrsh(8) program is intended as a replacement for /bin/sh in the
+ program mailer definition of sendmail(8).  This README file describes
+@@ -56,15 +56,15 @@ These can be added to the devtools/Site/
+ global M4 macro confENVDEF or the smrsh specific M4 macro
+ conf_smrsh_ENVDEF.
+ 
+-As root, install smrsh in /usr/libexec.  Using the Build script:
++As root, install smrsh in /usr/sbin.  Using the Build script:
+ 
+ 	host.domain# sh ./Build install
+ 
+-For manual installation: install smrsh in the /usr/libexec
++For manual installation: install smrsh in the /usr/sbin
+ directory, with mode 511.
+ 
+-	host.domain# mv smrsh /usr/libexec
+-	host.domain# chmod 511 /usr/libexec/smrsh
++	host.domain# mv smrsh /usr/sbin
++	host.domain# chmod 511 /usr/sbin/smrsh
+ 
+ 
+ 
+@@ -86,7 +86,7 @@ perl(1), uudecode(1) or the stream edito
+ acceptable commands.
+ 
+ If your platform doesn't have a default SMRSH_CMDDIR setting, you will
+-next need to create the directory /usr/adm/sm.bin and populate
++next need to create the directory /etc/smrsh and populate
+ it with the programs that your site feels are allowable for sendmail
+ to execute.   This directory is explicitly specified in the source
+ code for smrsh, so changing this directory must be accompanied with
+@@ -95,22 +95,22 @@ a change in smrsh.c.
+ 
+ You will have to be root to make these modifications.
+ 
+-After creating the /usr/adm/sm.bin directory, either copy the programs
++After creating the /etc/smrsh directory, either copy the programs
+ to the directory, or establish links to the allowable programs from
+-/usr/adm/sm.bin.  Change the file permissions, so that these programs
++/etc/smrsh.  Change the file permissions, so that these programs
+ can not be modified by non-root users.  If you use links, you should
+ ensure that the target programs are not modifiable.
+ 
+ To allow the popular vacation(1) program by creating a link in the
+-/usr/adm/sm.bin directory, you should:
++/etc/smrsh directory, you should:
+ 
+-	host.domain# cd /usr/adm/sm.bin
++	host.domain# cd /etc/smrsh
+ 	host.domain# ln -s /usr/ucb/vacation vacation
+ 
+ 
+ 
+ 
+-After populating the /usr/adm/sm.bin directory, you can now configure
++After populating the /etc/smrsh directory, you can now configure
+ sendmail to use the restricted shell.  Save the current sendmail.cf
+ file prior to modifying it, as a prudent precaution.
+ 
+@@ -125,7 +125,7 @@ help to locate it.
+ 
+ In order to configure sendmail to use smrsh, you must modify the Mprog
+ definition in the sendmail.cf file, by replacing the /bin/sh specification
+-with /usr/libexec/smrsh.
++with /usr/sbin/smrsh.
+ 
+ As an example:
+ 
+@@ -133,14 +133,14 @@ In most Sun Microsystems' sendmail.cf fi
+ Mprog,	P=/bin/sh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
+ 
+ which should be changed to:
+-Mprog,	P=/usr/libexec/smrsh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
+-          ^^^^^^^^^^^^^^^^^^
++Mprog,	P=/usr/sbin/smrsh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
++         ^^^^^^^^^^^^^^^^
+ 
+ A more generic line may be:
+ Mprog,		P=/bin/sh, F=lsDFM, A=sh -c $u
+ 
+ and should be changed to;
+-Mprog,		P=/usr/libexec/smrsh, F=lsDFM, A=sh -c $u
++Mprog,		P=/usr/sbin/smrsh, F=lsDFM, A=sh -c $u
+ 
+ 
+ After modifying the Mprog definition in the sendmail.cf file, if a frozen
+@@ -151,7 +151,7 @@ or /etc/mail directories.  The specific 
+ a search of the strings(1) output of the sendmail binary.
+ 
+ In order to create a new frozen configuration, if it is required:
+-	host.domain# /usr/lib/sendmail -bz
++	host.domain# /usr/sbin/sendmail -bz
+ 
+ Now re-start the sendmail process.  An example of how to do this on
+ a typical system follows:
+diff -up sendmail-8.14.3/smrsh/smrsh.8.smrsh_paths sendmail-8.14.3/smrsh/smrsh.8
+--- sendmail-8.14.3/smrsh/smrsh.8.smrsh_paths	2004-08-06 05:55:35.000000000 +0200
++++ sendmail-8.14.3/smrsh/smrsh.8	2008-07-15 14:38:07.000000000 +0200
+@@ -39,7 +39,7 @@ Briefly,
+ .I smrsh
+ limits programs to be in a single directory,
+ by default
+-/usr/adm/sm.bin,
++/etc/smrsh,
+ allowing the system administrator to choose the set of acceptable commands,
+ and to the shell builtin commands ``exec'', ``exit'', and ``echo''.
+ It also rejects any commands with the characters
+@@ -56,10 +56,10 @@ so forwarding to ``/usr/ucb/vacation'',
+ and
+ ``vacation''
+ all actually forward to
+-``/usr/adm/sm.bin/vacation''.
++``/etc/smrsh/vacation''.
+ .PP
+ System administrators should be conservative about populating
+-the sm.bin directory.
++the /etc/smrsh directory.
+ For example, a reasonable additions is
+ .IR vacation (1),
+ and the like.
+@@ -68,7 +68,7 @@ never include any shell or shell-like pr
+ (such as
+ .IR perl (1))
+ in the
+-sm.bin
++/etc/smrsh
+ directory.
+ Note that this does not restrict the use of shell or perl scripts
+ in the sm.bin directory (using the ``#!'' syntax);
+@@ -79,20 +79,7 @@ is a very bad idea.
+ .IR procmail (1)
+ allows users to run arbitrary programs in their
+ .IR procmailrc (5).
+-.SH COMPILATION
+-Compilation should be trivial on most systems.
+-You may need to use \-DSMRSH_PATH=\e"\fIpath\fP\e"
+-to adjust the default search path
+-(defaults to ``/bin:/usr/bin:/usr/ucb'')
+-and/or \-DSMRSH_CMDDIR=\e"\fIdir\fP\e"
+-to change the default program directory
+-(defaults to ``/usr/adm/sm.bin'').
+ .SH FILES
+-/usr/adm/sm.bin \- default directory for restricted programs on most OSs
+-.PP
+-/var/adm/sm.bin \- directory for restricted programs on HP UX and Solaris
+-.PP
+-/usr/libexec/sm.bin \- directory for restricted programs on FreeBSD (>= 3.3) and DragonFly BSD
+-
++/etc/smrsh \- directory for restricted programs
+ .SH SEE ALSO
+ sendmail(8)
+diff -up sendmail-8.14.3/smrsh/smrsh.c.smrsh_paths sendmail-8.14.3/smrsh/smrsh.c
+--- sendmail-8.14.3/smrsh/smrsh.c.smrsh_paths	2004-08-06 20:54:22.000000000 +0200
++++ sendmail-8.14.3/smrsh/smrsh.c	2008-07-15 14:38:07.000000000 +0200
+@@ -77,7 +77,7 @@ SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.65 20
+ # ifdef SMRSH_CMDDIR
+ #  define CMDDIR	SMRSH_CMDDIR
+ # else /* SMRSH_CMDDIR */
+-#  define CMDDIR	"/usr/adm/sm.bin"
++#  define CMDDIR	"/etc/smrsh"
+ # endif /* SMRSH_CMDDIR */
+ #endif /* ! CMDDIR */
+ 
+@@ -89,7 +89,7 @@ SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.65 20
+ # ifdef SMRSH_PATH
+ #  define PATH		SMRSH_PATH
+ # else /* SMRSH_PATH */
+-#  define PATH		"/bin:/usr/bin:/usr/ucb"
++#  define PATH		"/bin:/usr/bin"
+ # endif /* SMRSH_PATH */
+ #endif /* ! PATH */
+ 

SOURCES/sendmail-8.14.4-aliases_dir.patch

@@ -0,0 +1,119 @@
+diff -up sendmail-8.14.3/cf/m4/cfhead.m4.movefiles sendmail-8.14.3/cf/m4/cfhead.m4
+--- sendmail-8.14.3/cf/m4/cfhead.m4.movefiles	2004-01-28 23:02:22.000000000 +0100
++++ sendmail-8.14.3/cf/m4/cfhead.m4	2008-12-02 18:07:06.000000000 +0100
+@@ -259,7 +259,7 @@ ifdef(`MAIL_SETTINGS_DIR', , `define(`MA
+ define(`DATABASE_MAP_TYPE', `hash')
+ 
+ # set up default values for options
+-define(`ALIAS_FILE', `MAIL_SETTINGS_DIR`'aliases')
++define(`ALIAS_FILE', `/etc/aliases')
+ define(`confMAILER_NAME', ``MAILER-DAEMON'')
+ define(`confFROM_LINE', `From $g $d')
+ define(`confOPERATORS', `.:%@!^/[]+')
+diff -up ./sendmail/aliases.0.orig ./sendmail/aliases.0
+--- ./sendmail/aliases.0.orig	2009-12-23 05:48:32.000000000 +0100
++++ ./sendmail/aliases.0	2010-02-01 10:49:56.093920068 +0100
+@@ -63,7 +63,7 @@ DDEESSCCRRIIPPTTIIOONN
+        the list of users defined in that file.
+ 
+        This  is  only  the  raw  data file; the actual aliasing information is
+-       placed into a binary format in the file /etc/mail/aliases.db using  the
++       placed into a binary format in the file /etc/aliases.db using  the
+        program  newaliases(1).   A  newaliases command should be executed each
+        time the aliases file is changed for the change to take effect.
+ 
+diff -up ./sendmail/aliases.5.orig ./sendmail/aliases.5
+--- ./sendmail/aliases.5.orig	2004-07-12 07:39:21.000000000 +0200
++++ ./sendmail/aliases.5	2010-02-01 10:45:46.407921946 +0100
+@@ -23,7 +23,7 @@ ID 
+ aliases used by 
+ sendmail.
+ The file resides in 
+-/etc/mail 
++/etc
+ and 
+ is formatted as a series of lines of the form
+ .IP
+@@ -96,7 +96,7 @@ list of users defined in that file.
+ .PP
+ This is only the raw data file; the actual aliasing information is
+ placed into a binary format in the file 
+-/etc/mail/aliases.db
++/etc/aliases.db
+ using the program 
+ newaliases(1).  
+ A 
+diff -up ./sendmail/newaliases.0.orig ./sendmail/newaliases.0
+--- ./sendmail/newaliases.0.orig	2009-12-23 05:48:32.000000000 +0100
++++ ./sendmail/newaliases.0	2010-02-01 10:49:46.527918883 +0100
+@@ -10,7 +10,7 @@ SSYYNNOOPPSSIISS
+ 
+ DDEESSCCRRIIPPTTIIOONN
+        NNeewwaalliiaasseess  rebuilds  the  random access data base for the mail aliases
+-       file /etc/mail/aliases.  It must be run each time this file is  changed
++       file /etc/aliases.  It must be run each time this file is  changed
+        in order for the change to take effect.
+ 
+        NNeewwaalliiaasseess is identical to ``sendmail -bi''.
+@@ -22,7 +22,7 @@ DDEESSCCRRIIPPTTIIOONN
+        sseennddmmaaiill..
+ 
+ FFIILLEESS
+-       /etc/mail/aliases   The mail aliases file
++       /etc/aliases   The mail aliases file
+ 
+ SSEEEE AALLSSOO
+        aliases(5), sendmail(8)
+diff -up ./sendmail/newaliases.1.orig ./sendmail/newaliases.1
+--- ./sendmail/newaliases.1.orig	2001-10-10 05:23:17.000000000 +0200
++++ ./sendmail/newaliases.1	2010-02-01 10:49:36.194921433 +0100
+@@ -20,7 +20,7 @@ newaliases
+ .SH DESCRIPTION
+ .B Newaliases
+ rebuilds the random access data base for the mail aliases file
+-/etc/mail/aliases.  It must be run each time this file is changed
++/etc/aliases.  It must be run each time this file is changed
+ in order for the change to take effect.
+ .PP
+ .B Newaliases
+@@ -40,7 +40,7 @@ puts a special token into the data base 
+ .B sendmail.
+ .SH FILES
+ .TP 2i
+-/etc/mail/aliases
++/etc/aliases
+ The mail aliases file
+ .SH SEE ALSO
+ aliases(5), sendmail(8)
+diff -up ./sendmail/sendmail.0.orig ./sendmail/sendmail.0
+--- ./sendmail/sendmail.0.orig	2009-12-23 05:48:32.000000000 +0100
++++ ./sendmail/sendmail.0	2010-02-01 10:49:04.494920283 +0100
+@@ -430,10 +430,10 @@ FFIILLEESS
+        are only approximations.
+ 
+ 
+-        /etc/mail/aliases
++        /etc/aliases
+               raw data for alias names
+ 
+-        /etc/mail/aliases.db
++        /etc/aliases.db
+               data base of alias names
+ 
+         /etc/mail/sendmail.cf
+diff -up ./sendmail/sendmail.8.orig ./sendmail/sendmail.8
+--- ./sendmail/sendmail.8.orig	2009-04-10 19:49:19.000000000 +0200
++++ ./sendmail/sendmail.8	2010-02-01 10:50:04.993920355 +0100
+@@ -706,10 +706,10 @@ Thus, 
+ these values are only approximations.
+ .PP
+ .TP
+- /etc/mail/aliases
++ /etc/aliases
+ raw data for alias names
+ .TP
+- /etc/mail/aliases.db
++ /etc/aliases.db
+ data base of alias names
+ .TP
+  /etc/mail/sendmail.cf

SOURCES/sendmail-8.14.4-dynamic.patch

@@ -0,0 +1,46 @@
+--- sendmail-8.14.4/devtools/OS/Linux		2010-01-03 22:55:35.000000000 +0100
++++ sendmail-8.14.4/devtools/OS/Linux.dynamic	2010-01-03 22:59:03.000000000 +0100
+@@ -7,7 +7,7 @@
+ define(`confCCOPTS_SO', `-fPIC')
+ define(`confSM_OS_HEADER', `sm_os_linux')
+ define(`confMANROOT', `/usr/share/man/man')
+-define(`confLIBS', `-ldl')
++define(`confLIBS', `-pie -ldl')
+ define(`confEBINDIR', `/usr/sbin')
+ APPENDDEF(`confLIBSEARCH', `crypt nsl')
+ 
+@@ -22,19 +22,19 @@
+ ifelse(confBLDVARIANT, `DEBUG',
+ dnl Debug build
+ `
+-	define(`confOPTIMIZE',`-g -Wall')
++	define(`confOPTIMIZE',`-g -Wall -fpie')
+ ',
+ dnl Optimized build
+ confBLDVARIANT, `OPTIMIZED',
+ `
+-	define(`confOPTIMIZE',`-O2')
++	define(`confOPTIMIZE',`-O2 -fpie')
+ ',
+ dnl Purify build
+ confBLDVARIANT, `PURIFY',
+ `
+-	define(`confOPTIMIZE',`-g')
++	define(`confOPTIMIZE',`-g -fpie')
+ ',
+ dnl default
+ `
+-	define(`confOPTIMIZE',`-O2')
++	define(`confOPTIMIZE',`-O2 -fpie')
+ ')
+--- sendmail-8.14.4/libsm/Makefile.m4		2006-08-16 23:06:31.000000000 +0200
++++ sendmail-8.14.4/libsm/Makefile.m4.dynamic	2010-01-03 23:01:36.000000000 +0100
+@@ -6,7 +6,7 @@
+ define(`confREQUIRE_SM_OS_H', `true')
+ PREPENDDEF(`confENVDEF', `confMAPDEF')
+ bldPRODUCT_START(`library', `libsm')
+-define(`bldSOURCES', ` assert.c debug.c errstring.c exc.c heap.c match.c rpool.c strdup.c strerror.c strl.c clrerr.c fclose.c feof.c ferror.c fflush.c fget.c fpos.c findfp.c flags.c fopen.c fprintf.c fpurge.c fput.c fread.c fscanf.c fseek.c fvwrite.c fwalk.c fwrite.c get.c makebuf.c put.c refill.c rewind.c setvbuf.c smstdio.c snprintf.c sscanf.c stdio.c strio.c ungetc.c vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c wbuf.c wsetup.c string.c stringf.c xtrap.c strto.c test.c path.c strcasecmp.c strrevcmp.c signal.c clock.c config.c shm.c sem.c mbdb.c strexit.c cf.c ldap.c niprop.c mpeix.c memstat.c util.c ')
++define(`bldSOURCES', ` assert.c debug.c errstring.c exc.c heap.c match.c rpool.c strdup.c strl.c clrerr.c fclose.c feof.c ferror.c fflush.c fget.c fpos.c findfp.c flags.c fopen.c fprintf.c fpurge.c fput.c fread.c fscanf.c fseek.c fvwrite.c fwalk.c fwrite.c get.c makebuf.c put.c refill.c rewind.c setvbuf.c smstdio.c snprintf.c sscanf.c stdio.c strio.c ungetc.c vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c wbuf.c wsetup.c string.c stringf.c xtrap.c strto.c test.c path.c strcasecmp.c strrevcmp.c signal.c clock.c config.c shm.c sem.c mbdb.c strexit.c cf.c ldap.c niprop.c mpeix.c memstat.c util.c ')
+ bldPRODUCT_END
+ dnl msg.c
+ dnl syslogio.c

SOURCES/sendmail-8.14.4-libdb5.patch

@@ -0,0 +1,12 @@
+--- sendmail-8.14.4/include/sm/bdb.h.old	2003-03-06 17:30:05.000000000 +0100
++++ sendmail-8.14.4/include/sm/bdb.h		2010-04-15 16:02:41.029169004 +0200
+@@ -19,7 +19,8 @@ 
+ #  define DB_VERSION_MAJOR 1
+ # endif /* ! DB_VERSION_MAJOR */
+ 
+-# if DB_VERSION_MAJOR >= 4 && DB_VERSION_MINOR >= 1
++# if (DB_VERSION_MAJOR >= 4 && DB_VERSION_MINOR >= 1) || \
++  (DB_VERSION_MAJOR >= 5)
+ 
+ #  define DBTXN	NULL ,
+ 

SOURCES/sendmail-8.14.4-makemapman.patch

@@ -0,0 +1,56 @@
+--- sendmail-8.14.4/cf/cf/Build				1999-03-02 03:37:12.000000000 +0100
++++ sendmail-8.14.4/cf/cf/Build.makemapman		2010-01-03 22:49:38.000000000 +0100
+@@ -18,7 +18,7 @@
+ SMROOT=${SMROOT-../..}
+ BUILDTOOLS=${BUILDTOOLS-$SMROOT/devtools}
+ 
+-M4=`sh $BUILDTOOLS/bin/find_m4.sh`
++M4=/usr/bin/m4
+ ret=$?
+ if [ $ret -ne 0 ]
+ then
+--- sendmail-8.14.4/devtools/OS/Linux			2009-01-22 03:15:42.000000000 +0100
++++ sendmail-8.14.4/devtools/OS/Linux.makemapman	2010-01-03 22:50:27.000000000 +0100
+@@ -6,7 +6,7 @@
+ define(`confDEPEND_TYPE', `CC-M')
+ define(`confCCOPTS_SO', `-fPIC')
+ define(`confSM_OS_HEADER', `sm_os_linux')
+-define(`confMANROOT', `/usr/man/man')
++define(`confMANROOT', `/usr/share/man/man')
+ define(`confLIBS', `-ldl')
+ define(`confEBINDIR', `/usr/sbin')
+ APPENDDEF(`confLIBSEARCH', `crypt nsl')
+@@ -16,6 +16,8 @@
+ define(`confMTLDOPTS', `-lpthread')
+ define(`confLDOPTS_SO', `-shared')
+ define(`confSONAME',`-soname')
++define('confSBINGRP', 'mail')
++define('confSBINMODE', '6755')
+ 
+ ifelse(confBLDVARIANT, `DEBUG',
+ dnl Debug build
+--- sendmail-8.14.4/makemap/makemap.8			2008-05-03 01:07:48.000000000 +0200
++++ sendmail-8.14.4/makemap/makemap.8.makemapman	2010-01-03 22:51:04.000000000 +0100
+@@ -52,12 +52,6 @@
+ parameter.  
+ They may be
+ .TP
+-dbm
+-DBM format maps.  
+-This requires the 
+-ndbm(3) 
+-library.
+-.TP
+ btree
+ B-Tree format maps.  
+ This requires the new Berkeley DB 
+--- sendmail-8.14.4/rmail/rmail.c			2001-09-18 23:45:29.000000000 +0200
++++ sendmail-8.14.4/rmail/rmail.c.makemapman		2010-01-03 22:51:36.000000000 +0100
+@@ -276,7 +276,6 @@
+ 	args[i++] = _PATH_SENDMAIL;	/* Build sendmail's argument list. */
+ 	args[i++] = "-G";		/* relay submission */
+ 	args[i++] = "-oee";		/* No errors, just status. */
+-	args[i++] = "-odq";		/* Queue it, don't try to deliver. */
+ 	args[i++] = "-oi";		/* Ignore '.' on a line by itself. */
+ 
+ 	/* set from system and protocol used */

SOURCES/sendmail-8.14.4-sasl2-in-etc.patch

@@ -0,0 +1,29 @@
+--- sendmail-8.14.4/sendmail/usersmtp.c	2009-06-17 18:26:51.000000000 +0100
++++ sendmail-8.14.4/sendmail/usersmtp.c	2010-06-11 13:13:52.150312505 +0100
+@@ -1323,9 +1323,7 @@
+ {
+ 	long sff;
+ 	int r;
+-#if SASL <= 10515
+ 	size_t len;
+-#endif /* SASL <= 10515 */
+ 	char *p;
+ 
+ 	if (file == NULL || *file == '\0')
+@@ -1361,9 +1359,16 @@
+ #endif /* SASL <= 10515 */
+ 
+ 	p = (char *) file;
++	len = strlen(p);
+ 	if ((r = safefile(p, RunAsUid, RunAsGid, RunAsUserName, sff,
+ 			  S_IRUSR, NULL)) == 0)
+ 		return SASL_OK;
++#if SASL > 10515
++	/* Expect /usr/lib/sasl2/Sendmail.conf to be missing - config now in /etc/sasl2 */
++	if (type == SASL_VRFY_CONF && r == ENOENT &&
++            len >= 8 && strncmp(p, "/usr/lib", 8) == 0)
++		return SASL_CONTINUE;
++#endif /* SASL > 10515 */
+ 	if (LogLevel > (r != ENOENT ? 8 : 10))
+ 		sm_syslog(LOG_WARNING, NOQID, "error: safesasl(%s) failed: %s",
+ 			  p, sm_errstring(r));

SOURCES/sendmail-8.14.4-switchfile.patch

@@ -0,0 +1,11 @@
+--- sendmail-8.14.4/sendmail/conf.c		2009-12-18 18:25:12.000000000 +0100
++++ sendmail-8.14.4/sendmail/conf.c.switchfile	2010-01-03 23:08:27.000000000 +0100
+@@ -972,7 +972,7 @@
+ 				if (p != NULL)
+ 					*p = '\0';
+ #ifndef SM_NSSWITCH_DELIMS
+-# define SM_NSSWITCH_DELIMS	" \t"
++# define SM_NSSWITCH_DELIMS	" \t:"
+ #endif /* SM_NSSWITCH_DELIMS */
+ 				p = strpbrk(buf, SM_NSSWITCH_DELIMS);
+ 				if (p != NULL)

SOURCES/sendmail-8.14.7-add-ec-support.patch

@@ -0,0 +1,32 @@
+diff --git a/sendmail/tls.c b/sendmail/tls.c
+index 60d408e..72da987 100644
+--- a/sendmail/tls.c
++++ b/sendmail/tls.c
+@@ -970,6 +970,9 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
+ 	/* Diffie-Hellman initialization */
+ 	if (bitset(TLS_I_TRY_DH, req))
+ 	{
++#if _FFR_TLS_EC
++		EC_KEY *ecdh;
++#endif /* _FFR_TLS_EC */
+ 		if (bitset(TLS_S_DHPAR_OK, status))
+ 		{
+ 			BIO *bio;
+@@ -1044,6 +1047,17 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
+ 					  who, 8 * DH_size(dh), *dhparam);
+ 			DH_free(dh);
+ 		}
++
++#if _FFR_TLS_EC
++		ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
++		if (ecdh != NULL)
++		{
++			SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE);
++			SSL_CTX_set_tmp_ecdh(*ctx, ecdh);
++			EC_KEY_free(ecdh);
++		}
++#endif /* _FFR_TLS_EC */
++
+ 	}
+ # endif /* !NO_DH */
+ 

SOURCES/sendmail-8.14.7-client-port.patch

@@ -0,0 +1,20 @@
+diff --git a/sendmail/main.c b/sendmail/main.c
+index 021262c..7769148 100644
+--- a/sendmail/main.c
++++ b/sendmail/main.c
+@@ -2620,13 +2620,13 @@ main(argc, argv, envp)
+ #if NETINET
+ 		  case AF_INET:
+ 			(void) sm_snprintf(pbuf, sizeof(pbuf), "%d",
+-					   RealHostAddr.sin.sin_port);
++					   ntohs(RealHostAddr.sin.sin_port));
+ 			break;
+ #endif /* NETINET */
+ #if NETINET6
+ 		  case AF_INET6:
+ 			(void) sm_snprintf(pbuf, sizeof(pbuf), "%d",
+-					   RealHostAddr.sin6.sin6_port);
++					   ntohs(RealHostAddr.sin6.sin6_port));
+ 			break;
+ #endif /* NETINET6 */
+ 		  default:

SOURCES/sendmail-8.14.7-ipv6-mx-cname-fix.patch

@@ -0,0 +1,88 @@
+--- sendmail-8.14.7/sendmail/conf.c.orig	2015-12-30 14:24:10.000000000 -0800
++++ sendmail-8.14.7/sendmail/conf.c	2015-12-30 14:30:32.000000000 -0800
+@@ -4234,7 +4234,18 @@ 
+ 	h = gethostbyname(name);
+ 	if (!resv6)
+ 		_res.options &= ~RES_USE_INET6;
+-	*err = h_errno;
++
++	/* the function is supposed to return only the requested family */
++	if (h != NULL && h->h_addrtype != family)
++	{
++#  if NETINET6
++		freehostent(h);
++#  endif /* NETINET6 */
++		h = NULL;
++		*err = NO_DATA;
++	}
++	else
++		*err = h_errno;
+ 	return h;
+ }
+ 
+@@ -4363,6 +4374,17 @@ 
+ 		}
+ 	}
+ #endif /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4)) */
++
++	/* the function is supposed to return only the requested family */
++	if (h != NULL && h->h_addrtype != family)
++	{
++# if NETINET6
++		freehostent(h);
++# endif /* NETINET6 */
++		h = NULL;
++		SM_SET_H_ERRNO(NO_DATA);
++	}
++
+ 	if (tTd(61, 10))
+ 	{
+ 		if (h == NULL)
+@@ -4372,13 +4394,12 @@ 
+ 			sm_dprintf("%s\n", h->h_name);
+ 			if (tTd(61, 11))
+ 			{
++				struct in_addr ia;
++				size_t i;
+ #if NETINET6
+ 				struct in6_addr ia6;
+ 				char buf6[INET6_ADDRSTRLEN];
+-#else /* NETINET6 */
+-				struct in_addr ia;
+ #endif /* NETINET6 */
+-				size_t i;
+ 
+ 				if (h->h_aliases != NULL)
+ 					for (i = 0; h->h_aliases[i] != NULL;
+@@ -4389,16 +4410,23 @@ 
+ 				{
+ 					char *addr;
+ 
++					addr = NULL;
+ #if NETINET6
+-					memmove(&ia6, h->h_addr_list[i],
+-						IN6ADDRSZ);
+-					addr = anynet_ntop(&ia6,
+-							   buf6, sizeof(buf6));
+-#else /* NETINET6 */
+-					memmove(&ia, h->h_addr_list[i],
+-						INADDRSZ);
+-					addr = (char *) inet_ntoa(ia);
++					if (h->h_addrtype == AF_INET6)
++					{
++						memmove(&ia6, h->h_addr_list[i],
++							IN6ADDRSZ);
++						addr = anynet_ntop(&ia6,
++							buf6, sizeof(buf6));
++					}
++					else
+ #endif /* NETINET6 */
++					/* "else" in #if code above */
++					{
++						memmove(&ia, h->h_addr_list[i],
++							INADDRSZ);
++						addr = (char *) inet_ntoa(ia);
++					}
+ 					if (addr != NULL)
+ 						sm_dprintf("\taddr: %s\n", addr);
+ 				}

SOURCES/sendmail-8.14.7-qos.patch

@@ -0,0 +1,234 @@
+--- sendmail-8.14.4/cf/m4/proto.m4.orig	2011-01-11 20:02:14.000000000 -0700
++++ sendmail-8.14.4/cf/m4/proto.m4	2011-01-11 20:02:14.000000000 -0700
+@@ -251,6 +251,9 @@ _OPTION(SevenBitInput, `confSEVEN_BIT_IN
+ # 8-bit data handling
+ _OPTION(EightBitMode, `confEIGHT_BIT_HANDLING', `pass8')
+ 
++# DSCP marking of traffic (IP_TOS)
++_OPTION(InetQoS, `confINET_QOS', `none')
++
+ # wait for alias file rebuild (default units: minutes)
+ _OPTION(AliasWait, `confALIAS_WAIT', `5m')
+ 
+--- sendmail-8.14.4/cf/cf/submit.mc.orig	2011-01-11 20:02:14.000000000 -0700
++++ sendmail-8.14.4/cf/cf/submit.mc	2011-01-11 20:02:14.000000000 -0700
+@@ -22,6 +22,8 @@ define(`__OSTYPE__',`')dnl dirty hack to
+ define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
+ define(`confTIME_ZONE', `USE_TZ')dnl
+ define(`confDONT_INIT_GROUPS', `True')dnl
++dnl # If you're operating in a DSCP/RFC-4594 environment with QoS
++dnl define(`confINET_QOS', `AF11')dnl
+ define(`confPID_FILE', `/run/sm-client.pid')dnl
+ dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl
+ FEATURE(`use_ct_file')dnl
+--- sendmail-8.14.4/sendmail/sendmail.h.orig	2009-12-18 10:08:01.000000000 -0700
++++ sendmail-8.14.4/sendmail/sendmail.h	2011-01-11 20:39:35.000000000 -0700
+@@ -2387,7 +2387,14 @@ EXTERN struct termescape	TermEscape;	/* 
+ EXTERN SOCKADDR	ConnectOnlyTo;	/* override connection address (for testing) */
+ EXTERN SOCKADDR RealHostAddr;	/* address of host we are talking to */
+ extern const SM_EXC_TYPE_T EtypeQuickAbort; /* type of a QuickAbort exception */
+-
++#if _FFR_QOS
++# if !defined(SOL_IP) && defined(IPPROTO_IP)
++#  define SOL_IP IPPROTO_IP
++# endif
++# if defined(SOL_IP) && defined(IP_TOS)
++EXTERN int	InetQoS;	/* QoS mapping */
++# endif
++#endif
+ 
+ EXTERN int ConnectionRateWindowSize;
+ #if STARTTLS && USE_OPENSSL_ENGINE
+--- sendmail-8.14.4/sendmail/conf.c.orig	2011-01-11 20:02:14.000000000 -0700
++++ sendmail-8.14.4/sendmail/conf.c	2011-01-11 20:24:29.000000000 -0700
+@@ -6298,6 +6298,10 @@ char	*FFRCompileOptions[] =
+ #if _FFR_QF_PARANOIA
+ 	"_FFR_QF_PARANOIA",
+ #endif /* _FFR_QF_PARANOIA */
++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
++	/* QoS */
++	"_FFR_QOS",
++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
+ #if _FFR_QUEUEDELAY
+ 	/* Exponential queue delay; disabled in 8.13 since it isn't used. */
+ 	"_FFR_QUEUEDELAY",
+--- sendmail-8.14.4/sendmail/daemon.c.orig	2009-12-17 18:12:40.000000000 -0700
++++ sendmail-8.14.4/sendmail/daemon.c	2011-01-11 20:46:37.000000000 -0700
+@@ -104,6 +104,10 @@ static int	NDaemons = 0;			/* actual num
+ 
+ static time_t	NextDiskSpaceCheck = 0;
+ 
++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
++int		InetQoS = 0;			/* none by default */
++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
++
+ /*
+ **  GETREQUESTS -- open mail IPC port and get requests.
+ **
+@@ -1131,6 +1135,16 @@ opendaemonsocket(d, firsttime)
+ 			(void) setsockopt(d->d_socket, SOL_SOCKET,
+ 					  SO_KEEPALIVE, (char *)&on, sizeof(on));
+ 
++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
++			if (InetQoS != 0x00
++			 && (d->d_addr.sa.sa_family == AF_INET
++			  || (d->d_addr.sin6.sin6_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(d->d_addr.sin6.sin6_addr.s6_addr32)))) {
++				if (setsockopt(d->d_socket, SOL_IP,
++						  IP_TOS, (char *)&InetQoS, sizeof(InetQoS)) < 0)
++					syserr("opendaemonsock: daemon %s: setsockopt(IP_TOS)", d->d_name);
++			}
++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
++
+ #ifdef SO_RCVBUF
+ 			if (d->d_tcprcvbufsize > 0)
+ 			{
+@@ -2565,6 +2579,16 @@ gothostent:
+ 			return EX_TEMPFAIL;
+ 		}
+ 
++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
++		if (InetQoS != 0x00
++		 && (family == AF_INET
++		  || (family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(addr.sin6.sin6_addr.s6_addr32))))
++		{
++			if (setsockopt(s, SOL_IP, IP_TOS,
++					  (char *)&InetQoS, sizeof(InetQoS)) < 0)
++				syserr("makeconnection: setsockopt(IP_TOS)");
++		}
++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
+ #ifdef SO_SNDBUF
+ 		if (ClientSettings[family].d_tcpsndbufsize > 0)
+ 		{
+--- sendmail-8.14.7/sendmail/readcf.c.orig	2013-03-15 18:54:12.000000000 +0100
++++ sendmail-8.14.7/sendmail/readcf.c	2013-04-21 17:58:19.000000000 +0200
+@@ -18,6 +18,7 @@
+ 
+ #if NETINET || NETINET6
+ # include <arpa/inet.h>
++# include <netinet/ip.h>
+ #endif /* NETINET || NETINET6 */
+ 
+ 
+@@ -2280,8 +2281,8 @@
+ # define O_RCPTTHROTDELAY	0xe6
+ 	{ "BadRcptThrottleDelay",	O_RCPTTHROTDELAY,	OI_SAFE	},
+ #endif /* _FFR_RCPTTHROTDELAY */
+-#if 0 && _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
+-# define O_INETQOS	0xe7	/* reserved for FFR_QOS */
++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
++# define O_INETQOS		0xe7
+ 	{ "InetQoS",			O_INETQOS,	OI_NONE },
+ #endif
+ #if STARTTLS && _FFR_FIPSMODE
+@@ -2389,6 +2390,77 @@
+ };
+ #endif /* STARTTLS && _FFR_TLS_1 */
+ 
++#ifdef O_INETQOS
++static struct qosmap
++{
++	char	*name;		/* name of the setting */
++	int	value;		/* corresponding setsockopt() value */
++} QoSMap[] = {
++#ifdef IPTOS_CLASS_CS0
++	{ "CS0",	IPTOS_CLASS_CS0 },
++#endif
++#ifdef IPTOS_CLASS_CS1
++	{ "CS1",	IPTOS_CLASS_CS1 },
++#endif
++#ifdef IPTOS_DSCP_AF11
++	{ "AF11",	IPTOS_DSCP_AF11 },
++#endif
++#ifdef IPTOS_DSCP_AF12
++	{ "AF12",	IPTOS_DSCP_AF12 },
++#endif
++#ifdef IPTOS_DSCP_AF13
++	{ "AF13",	IPTOS_DSCP_AF13 },
++#endif
++#ifdef IPTOS_CLASS_CS2
++	{ "CS2",	IPTOS_CLASS_CS2 },
++#endif
++#ifdef IPTOS_DSCP_AF21
++	{ "AF21",	IPTOS_DSCP_AF21 },
++#endif
++#ifdef IPTOS_DSCP_AF22
++	{ "AF22",	IPTOS_DSCP_AF22 },
++#endif
++#ifdef IPTOS_DSCP_AF23
++	{ "AF23",	IPTOS_DSCP_AF23 },
++#endif
++#ifdef IPTOS_CLASS_CS3
++	{ "CS3",	IPTOS_CLASS_CS3 },
++#endif
++#ifdef IPTOS_DSCP_AF31
++	{ "AF31",	IPTOS_DSCP_AF31 },
++#endif
++#ifdef IPTOS_DSCP_AF32
++	{ "AF32",	IPTOS_DSCP_AF32 },
++#endif
++#ifdef IPTOS_DSCP_AF33
++	{ "AF33",	IPTOS_DSCP_AF33 },
++#endif
++#ifdef IPTOS_CLASS_CS4
++	{ "CS4",	IPTOS_CLASS_CS4 },
++#endif
++#ifdef IPTOS_DSCP_AF41
++	{ "AF41",	IPTOS_DSCP_AF41 },
++#endif
++#ifdef IPTOS_DSCP_AF42
++	{ "AF42",	IPTOS_DSCP_AF42 },
++#endif
++#ifdef IPTOS_DSCP_AF43
++	{ "AF43",	IPTOS_DSCP_AF43 },
++#endif
++#ifdef IPTOS_CLASS_CS5
++	{ "CS5",	IPTOS_CLASS_CS5 },
++#endif
++#ifdef IPTOS_CLASS_CS6
++	{ "CS6",	IPTOS_CLASS_CS6 },
++#endif
++#ifdef IPTOS_CLASS_CS7
++	{ "CS7",	IPTOS_CLASS_CS7 },
++#endif
++	{ "none",	0x00 },
++	{ NULL,		0    }
++};
++#endif
++
+ 
+ # define CANONIFY(val)
+ 
+@@ -4035,6 +4107,33 @@
+ 		break;
+ #endif /* _FFR_REJECT_NUL_BYTE */
+ 
++#ifdef O_INETQOS
++	  case O_INETQOS:
++		{
++			struct qosmap *qmp;
++			InetQoS = -1;
++
++			for (qmp = QoSMap; qmp->name != NULL; ++qmp) {
++				if (!strcmp(val, qmp->name)) {
++					InetQoS = qmp->value;
++					break;
++				}
++			}
++
++			/*
++			** we could allow writing it as a hex value, but
++ 			** we don't at this time.
++ 			**/
++			if (qmp->name == NULL) {
++				(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
++						     "Warning: Option: %s unknown parameter '%s'\n",
++						     OPTNAME, val);
++				break;
++			}
++			break;
++		}
++#endif
++
+ 	  default:
+ 		if (tTd(37, 1))
+ 		{

SOURCES/sendmail-8.14.7-tls-use-certificate-chain-file.patch

@@ -0,0 +1,70 @@
+diff --git a/sendmail/conf.c b/sendmail/conf.c
+index 777e05e..e693ed0 100644
+--- a/sendmail/conf.c
++++ b/sendmail/conf.c
+@@ -6504,6 +6504,14 @@ char	*FFRCompileOptions[] =
+ 	/* More STARTTLS options, e.g., secondary certs. */
+ 	"_FFR_TLS_1",
+ #endif /* _FFR_TLS_1 */
++#if _FFR_TLS_USE_CERTIFICATE_CHAIN_FILE
++	/*
++	**  Use SSL_CTX_use_certificate_chain_file()
++	**  instead of SSL_CTX_use_certificate_file()
++	*/
++
++	"_FFR_TLS_USE_CERTIFICATE_CHAIN_FILE",
++#endif /* _FFR_TLS_USE_CERTIFICATE_CHAIN_FILE */
+ #if _FFR_TRUSTED_QF
+ 	/*
+ 	**  If we don't own the file mark it as unsafe.
+diff --git a/sendmail/tls.c b/sendmail/tls.c
+index 72da987..6707a35 100644
+--- a/sendmail/tls.c
++++ b/sendmail/tls.c
+@@ -860,17 +860,25 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
+ 		if (bitset(TLS_I_USE_KEY, req))
+ 			return false;
+ 	}
++#if _FFR_TLS_USE_CERTIFICATE_CHAIN_FILE
++# define SSL_CTX_use_cert(ssl_ctx, certfile) \
++	SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile)
++# define SSL_CTX_USE_CERT "SSL_CTX_use_certificate_chain_file"
++#else
++# define SSL_CTX_use_cert(ssl_ctx, certfile) \
++	SSL_CTX_use_certificate_file(ssl_ctx, certfile, SSL_FILETYPE_PEM)
++# define SSL_CTX_USE_CERT "SSL_CTX_use_certificate_file"
++#endif
+ 
+ 	/* get the certificate file */
+ 	if (bitset(TLS_S_CERT_OK, status) &&
+-	    SSL_CTX_use_certificate_file(*ctx, certfile,
+-					 SSL_FILETYPE_PEM) <= 0)
++	    SSL_CTX_use_cert(*ctx, certfile) <= 0)
+ 	{
+ 		if (LogLevel > 7)
+ 		{
+ 			sm_syslog(LOG_WARNING, NOQID,
+-				  "STARTTLS=%s, error: SSL_CTX_use_certificate_file(%s) failed",
+-				  who, certfile);
++				  "STARTTLS=%s, error: %s(%s) failed",
++				  who, SSL_CTX_USE_CERT, certfile);
+ 			if (LogLevel > 9)
+ 				tlslogerr(LOG_WARNING, who);
+ 		}
+@@ -914,13 +922,13 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
+ 
+ 	/* get the certificate file */
+ 	if (bitset(TLS_S_CERT2_OK, status) &&
+-	    SSL_CTX_use_certificate_file(*ctx, cf2, SSL_FILETYPE_PEM) <= 0)
++	    SSL_CTX_use_cert(*ctx, cf2) <= 0)
+ 	{
+ 		if (LogLevel > 7)
+ 		{
+ 			sm_syslog(LOG_WARNING, NOQID,
+-				  "STARTTLS=%s, error: SSL_CTX_use_certificate_file(%s) failed",
+-				  who, cf2);
++				  "STARTTLS=%s, error: %s(%s) failed",
++				  who, SSL_CTX_USE_CERT, cf2);
+ 			if (LogLevel > 9)
+ 				tlslogerr(LOG_WARNING, who);
+ 		}

SOURCES/sendmail-8.14.7-tls11-12-config-options.patch

@@ -0,0 +1,17 @@
+diff --git a/sendmail/readcf.c b/sendmail/readcf.c
+index b749e1f..140f4b0 100644
+--- a/sendmail/readcf.c
++++ b/sendmail/readcf.c
+@@ -2374,6 +2374,12 @@ static struct ssl_options
+ #ifdef SSL_OP_NO_TLSv1
+ 	{ "SSL_OP_NO_TLSv1",	SSL_OP_NO_TLSv1	},
+ #endif
++#ifdef SSL_OP_NO_TLSv1_1
++        { "SSL_OP_NO_TLSv1_1",    SSL_OP_NO_TLSv1_1 },
++#endif /* SSL_OP_NO_TLSv1_1 */
++#ifdef SSL_OP_NO_TLSv1_2
++        { "SSL_OP_NO_TLSv1_2",    SSL_OP_NO_TLSv1_2 },
++#endif /* SSL_OP_NO_TLSv1_2 */
+ #ifdef SSL_OP_PKCS1_CHECK_1
+ 	{ "SSL_OP_PKCS1_CHECK_1",	SSL_OP_PKCS1_CHECK_1	},
+ #endif

SOURCES/sendmail-etc-mail-access

@@ -0,0 +1,12 @@
+# Check the /usr/share/doc/sendmail/README.cf file for a description
+# of the format of this file. (search for access_db in that file)
+# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
+# package.
+#
+# If you want to use AuthInfo with "M:PLAIN LOGIN", make sure to have the 
+# cyrus-sasl-plain package installed.
+#
+# By default we allow relaying from localhost...
+Connect:localhost.localdomain		RELAY
+Connect:localhost			RELAY
+Connect:127.0.0.1			RELAY

SOURCES/sendmail-etc-mail-domaintable

@@ -0,0 +1,4 @@
+# The "domain table" can be used to provide domain name mapping.
+# Use of this should really be limited to your own domains.
+# It may be useful if you change names (e.g., your company
+# changes names from oldname.com to newname.com)

SOURCES/sendmail-etc-mail-local-host-names

@@ -0,0 +1 @@
+# local-host-names - include all aliases for your machine here.

SOURCES/sendmail-etc-mail-mailertable

@@ -0,0 +1,30 @@
+# The "mailer table" can be used to override routing for particular domains
+# (which are not in class {w}, i.e. local host names).
+#
+# hash /etc/mail/mailertable
+#
+# Keys in this database are fully qualified domain names or partial domains
+# preceded by a dot -- for example, "vangogh.CS.Berkeley.EDU" or
+# ".CS.Berkeley.EDU". As a special case of the latter, "." matches any domain
+# not covered by other keys. Values must be of the form:
+#
+# mailer:domain
+#
+# where "mailer" is the internal mailer name, and "domain" is where to send
+# the message. These maps are not reflected into the message header. As a
+# special case, the forms:
+#
+# local:user
+#
+# will forward to the indicated user using the local mailer,
+#
+# local:
+#
+# will forward to the original user in the e-mail address using the local
+# mailer, and
+#
+# error:code message
+# error:D.S.N:code message
+#
+# will give an error message with the indicated SMTP reply code and message,
+# where D.S.N is an RFC 1893 compliant error code. 

SOURCES/sendmail-etc-mail-trusted-users

@@ -0,0 +1,2 @@
+# trusted-users - users that can send mail as others without a warning
+# apache, mailman, majordomo, uucp, are good candidates

SOURCES/sendmail-etc-mail-virtusertable

@@ -0,0 +1,41 @@
+# A domain-specific form of aliasing, allowing multiple virtual domains to be
+# hosted on one machine.
+#
+# info@foo.com	foo-info
+# info@bar.com	bar-info
+# joe@bar.com	error:nouser 550 No such user here
+# jax@bar.com	error:5.7.0:550 Address invalid
+# @baz.org	jane@example.net
+#
+# then mail addressed to info@foo.com will be sent to the address foo-info,
+# mail addressed to info@bar.com will be delivered to bar-info, and mail
+# addressed to anyone at baz.org  will be sent to jane@example.net, mail to
+# joe@bar.com will be rejected with the specified error message, and mail to
+# jax@bar.com will also have a RFC 1893  compliant error code 5.7.0.
+#
+# The username from the original address is passed as %1 allowing:
+#
+# @foo.org	%1@example.com
+#
+# Additionally, if the local part consists of "user+detail" then "detail" is
+# passed as %2 and "+detail" is passed as %3  when a match against user+* is
+# attempted, so entries like
+#
+# old+*@foo.org	new+%2@example.com
+# gen+*@foo.org	%2@example.com
+# +*@foo.org	%1%3@example.com
+# X++@foo.org	Z%3@example.com
+# @bar.org	%1%3
+#
+# Note: to preserve "+detail" for a default case (@domain) %1%3 must be used
+# as RHS. There are two wildcards after "+": "+" matches only a non-empty
+# detail, "*" matches also empty details, e.g., user+@foo.org  matches#
+# +*@foo.org but not ++@foo.org. This can be used to ensure that the
+# parameters %2 and %3 are not empty.
+#
+# All the host names on the left hand side (foo.com, bar.com, and baz.org)
+# must be in class {w} or class {VirtHost}. The latter can be defined by the
+# macros VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE (analogously to
+# MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE). If VIRTUSER_DOMAIN or
+# VIRTUSER_DOMAIN_FILE is used, then the entries of class {VirtHost} are
+# added to class {R}, i.e., relaying is allowed to (and from) those domains.

SOURCES/sendmail-redhat.mc

@@ -0,0 +1,178 @@
+divert(-1)dnl
+dnl #
+dnl # This is the sendmail macro config file for m4. If you make changes to
+dnl # /etc/mail/sendmail.mc, you will need to regenerate the
+dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
+dnl # installed and then performing a
+dnl #
+dnl #     /etc/mail/make
+dnl #
+include(`@@PATH@@/m4/cf.m4')dnl
+VERSIONID(`setup for linux')dnl
+OSTYPE(`linux')dnl
+dnl #
+dnl # Do not advertize sendmail version.
+dnl #
+dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl
+dnl #
+dnl # default logging level is 9, you might want to set it higher to
+dnl # debug the configuration
+dnl #
+dnl define(`confLOG_LEVEL', `9')dnl
+dnl #
+dnl # Uncomment and edit the following line if your outgoing mail needs to
+dnl # be sent out through an external mail server:
+dnl #
+dnl define(`SMART_HOST', `smtp.your.provider')dnl
+dnl #
+define(`confDEF_USER_ID', ``8:12'')dnl
+dnl define(`confAUTO_REBUILD')dnl
+define(`confTO_CONNECT', `1m')dnl
+define(`confTRY_NULL_MX_LIST', `True')dnl
+define(`confDONT_PROBE_INTERFACES', `True')dnl
+define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
+define(`ALIAS_FILE', `/etc/aliases')dnl
+define(`STATUS_FILE', `/var/log/mail/statistics')dnl
+define(`UUCP_MAILER_MAX', `2000000')dnl
+define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
+define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
+define(`confAUTH_OPTIONS', `A')dnl
+dnl #
+dnl # The following allows relaying if the user authenticates, and disallows
+dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
+dnl #
+dnl define(`confAUTH_OPTIONS', `A p')dnl
+dnl # 
+dnl # PLAIN is the preferred plaintext authentication method and used by
+dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
+dnl # use LOGIN. Other mechanisms should be used if the connection is not
+dnl # guaranteed secure.
+dnl # Please remember that saslauthd needs to be running for AUTH. 
+dnl #
+dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
+dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
+dnl #
+dnl # Rudimentary information on creating certificates for sendmail TLS:
+dnl #     cd /etc/pki/tls/certs; make sendmail.pem
+dnl # Complete usage:
+dnl #     make -C /etc/pki/tls/certs usage
+dnl #
+dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
+dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
+dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
+dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
+dnl #
+dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
+dnl # slapd, which requires the file to be readble by group ldap
+dnl #
+dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl
+dnl #
+dnl define(`confTO_QUEUEWARN', `4h')dnl
+dnl define(`confTO_QUEUERETURN', `5d')dnl
+dnl define(`confQUEUE_LA', `12')dnl
+dnl define(`confREFUSE_LA', `18')dnl
+define(`confTO_IDENT', `0')dnl
+dnl # If you're operating in a DSCP/RFC-4594 environment with QoS
+dnl define(`confINET_QOS', `AF11')dnl
+dnl FEATURE(delay_checks)dnl
+FEATURE(`no_default_msa', `dnl')dnl
+FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
+FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
+FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
+FEATURE(redirect)dnl
+FEATURE(always_add_domain)dnl
+FEATURE(use_cw_file)dnl
+FEATURE(use_ct_file)dnl
+dnl #
+dnl # The following limits the number of processes sendmail can fork to accept 
+dnl # incoming messages or process its message queues to 20.) sendmail refuses 
+dnl # to accept connections once it has reached its quota of child processes.
+dnl #
+dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl
+dnl #
+dnl # Limits the number of new connections per second. This caps the overhead 
+dnl # incurred due to forking new sendmail processes. May be useful against 
+dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address 
+dnl # limit would be useful but is not available as an option at this writing.)
+dnl #
+dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl
+dnl #
+dnl # The -t option will retry delivery if e.g. the user runs over his quota.
+dnl #
+FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
+FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
+FEATURE(`blacklist_recipients')dnl
+EXPOSED_USER(`root')dnl
+dnl #
+dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment
+dnl # the following 2 definitions and activate below in the MAILER section the
+dnl # cyrusv2 mailer.
+dnl #
+dnl define(`confLOCAL_MAILER', `cyrusv2')dnl
+dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
+dnl #
+dnl # The following causes sendmail to only listen on the IPv4 loopback address
+dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
+dnl # address restriction to accept email from the internet or intranet.
+dnl #
+DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
+dnl #
+dnl # The following causes sendmail to additionally listen to port 587 for
+dnl # mail from MUAs that authenticate. Roaming users who can't reach their
+dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
+dnl # this useful.
+dnl #
+dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
+dnl #
+dnl # The following causes sendmail to additionally listen to port 465, but
+dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
+dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
+dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
+dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
+dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
+dnl #
+dnl # For this to work your OpenSSL certificates must be configured.
+dnl #
+dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
+dnl #
+dnl # The following causes sendmail to additionally listen on the IPv6 loopback
+dnl # device. Remove the loopback address restriction listen to the network.
+dnl #
+dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
+dnl #
+dnl # enable both ipv6 and ipv4 in sendmail:
+dnl #
+dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')
+dnl #
+dnl # We strongly recommend not accepting unresolvable domains if you want to
+dnl # protect yourself from spam. However, the laptop and users on computers
+dnl # that do not have 24x7 DNS do need this.
+dnl #
+FEATURE(`accept_unresolvable_domains')dnl
+dnl #
+dnl FEATURE(`relay_based_on_MX')dnl
+dnl # 
+dnl # Also accept email sent to "localhost.localdomain" as local email.
+dnl # 
+LOCAL_DOMAIN(`localhost.localdomain')dnl
+dnl #
+dnl # The following example makes mail from this host and any additional
+dnl # specified domains appear to be sent from mydomain.com
+dnl #
+dnl MASQUERADE_AS(`mydomain.com')dnl
+dnl #
+dnl # masquerade not just the headers, but the envelope as well
+dnl #
+dnl FEATURE(masquerade_envelope)dnl
+dnl #
+dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
+dnl #
+dnl FEATURE(masquerade_entire_domain)dnl
+dnl #
+dnl MASQUERADE_DOMAIN(localhost)dnl
+dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
+dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
+dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
+MAILER(smtp)dnl
+MAILER(procmail)dnl
+dnl MAILER(cyrusv2)dnl

SOURCES/sendmail.etc-mail-Makefile

@@ -0,0 +1,8 @@
+# Pass everything to the make script
+
+all:
+%: force
+	@./make $@
+force:;
+
+$(MAKEFILE_LIST):;

SOURCES/sendmail.etc-mail-make

@@ -0,0 +1,129 @@
+#!/bin/sh
+# Generate db and cf files if necessary. This used to be handled by
+# /etc/mail/Makefile.
+
+teste() {
+  if ! test -e "$1"; then
+    echo "$1 doesn't exist"
+    exit 2
+  fi
+}
+
+makedb() {
+  teste "${1%.db}"
+
+  if [ -z "$SM_FORCE_DBREBUILD" ]; then
+    test "${1%.db}" -nt "$1" || return 0
+  fi
+
+  if [ "$1" = userdb.db ]; then
+    makemap btree "$1" < "${1%.db}"
+  else
+    makemap hash "$1" < "${1%.db}"
+  fi
+}
+
+makealiasesdb() {
+  uptodate=1
+
+  if [ -z "$SM_FORCE_DBREBUILD" ]; then
+    files=$(grep '^O AliasFile=' sendmail.cf |
+      while read a; do echo ${a#*=}; done)
+
+    for a in $files; do
+      if [ "$a" = /etc/aliases ]; then
+        # /etc/aliases.db may be used by other MTA, make sure nothing
+        # has touched it since our last newaliases call
+        test "$a" -nt "${a}.db" ||
+          test aliasesdb-stamp -nt "${a}.db" ||
+          test aliasesdb-stamp -ot "${a}.db" || continue
+      else
+        test "$a" -nt "${a}.db" || continue
+      fi
+
+      uptodate=0
+      break
+    done
+  else
+    uptodate=0
+  fi
+
+  [ $uptodate = 1 ] && return 0
+
+  # check if alternatives is configured to sendmail
+  if [ "$(readlink -e /usr/bin/newaliases)" = /usr/sbin/sendmail.sendmail ]
+  then
+    /usr/bin/newaliases > /dev/null
+    touch -r /etc/aliases.db aliasesdb-stamp 2> /dev/null
+  else
+    rm -f aliasesdb-stamp
+  fi
+}
+
+makecf() {
+  mc=${1%.cf}.mc
+
+  teste "$mc"
+
+  if [ -z "$SM_FORCE_CFREBUILD" ]; then
+    test "$mc" -nt "$1" || return 0
+  fi
+
+  if test -f /usr/share/sendmail-cf/m4/cf.m4; then
+    umask 022
+    [ -e "$1" ] && mv -f "$1" "$1".bak
+    m4 "$mc" > "$1"
+  else
+    echo "WARNING: '$mc' is modified. Please install package sendmail-cf to update your configuration."
+    exit 15
+  fi
+}
+
+makeall() {
+  # These could be used by sendmail, but are not part of the default install.
+  # To use them you will have to generate your own sendmail.cf with
+  # FEATURE('whatever')
+  test -f bitdomain && makedb bitdomain.db
+  test -f uudomain && makedb uudomain.db
+  test -f genericstable && makedb genericstable.db
+  test -f userdb && makedb userdb.db
+  test -f authinfo && makedb authinfo.db
+
+  makedb virtusertable.db
+  makedb access.db
+  makedb domaintable.db
+  makedb mailertable.db
+
+  makecf sendmail.cf
+  makecf submit.cf
+}
+
+cd /etc/mail || exit 1
+
+[ $# -eq 0 ] && makeall
+
+for target; do
+  case "$target" in
+    *.db)
+      makedb "$target"
+      ;;
+    *.cf)
+      makecf "$target"
+      ;;
+    all)
+      makeall
+      ;;
+    aliases)
+      makealiasesdb
+      ;;
+    clean)
+      rm -f *.db *~ aliasesdb-stamp
+      ;;
+    start|stop|restart)
+      service sendmail "$target"
+      ;;
+    *)
+      echo "Don't know how to make $target"
+      exit 2
+  esac
+done

SOURCES/sendmail.init

@@ -0,0 +1,144 @@
+#!/bin/bash
+#
+# sendmail      This shell script takes care of starting and stopping
+#               sendmail.
+#
+# chkconfig: 2345 80 30
+# description: Sendmail is a Mail Transport Agent, which is the program \
+#              that moves mail from one machine to another.
+# processname: sendmail
+# config: /etc/mail/sendmail.cf
+# pidfile: /var/run/sendmail.pid
+
+### BEGIN INIT INFO
+# Provides: sendmail smtpdaemon $mail-transfer-agent
+# Required-Start: $local_fs $network
+# Required-Stop: $local_fs $network
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: start and stop sendmail
+# Description: sendmail is a Mail Transport Agent (MTA)
+### END INIT INFO
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Source networking configuration.
+[ -f /etc/sysconfig/network ] && . /etc/sysconfig/network
+
+# Source sendmail configureation.
+if [ -f /etc/sysconfig/sendmail ]; then
+    . /etc/sysconfig/sendmail
+else
+    DAEMON=no
+    QUEUE=1h
+fi
+[ -z "$SMQUEUE" ] && SMQUEUE="$QUEUE"
+[ -z "$SMQUEUE" ] && SMQUEUE=1h
+
+# Check that we're a privileged user
+[ `id -u` = 0 ] || exit 4
+
+# Check that networking is up.
+[ "${NETWORKING}" = "no" ] && exit 1
+
+[ -x /usr/sbin/sendmail ] || exit 5
+
+prog="sendmail"
+
+updateconf() {
+    /etc/mail/make > /dev/null 2>&1
+    if [ $? -eq 15 ]; then
+	echo -n $"Package sendmail-cf is required to update configuration."
+	warning
+	echo
+    fi
+    /etc/mail/make aliases > /dev/null 2>&1
+}
+
+start() {
+    # Start daemons.
+    ret=0
+    updateconf
+    echo -n $"Starting $prog: "
+    daemon /usr/sbin/sendmail $([ "x$DAEMON" = xyes ] && echo -bd) \
+	$([ -n "$QUEUE" ] && echo -q$QUEUE) $SENDMAIL_OPTARG
+    RETVAL=$?
+    echo
+    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sendmail
+    let ret+=$RETVAL
+
+    if [ ! -f /var/run/sm-client.pid ]; then
+	echo -n $"Starting sm-client: "
+	touch /var/run/sm-client.pid
+	chown smmsp:smmsp /var/run/sm-client.pid
+	if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
+	    /sbin/restorecon /var/run/sm-client.pid
+	fi
+	daemon --check sm-client /usr/sbin/sendmail -L sm-msp-queue -Ac \
+	    -q$SMQUEUE $SENDMAIL_OPTARG
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sm-client
+	let ret+=$RETVAL
+    fi
+
+    [ $ret -eq 0 ] && return 0 || return 1
+}
+
+stop() {
+    # Stop daemons.
+    if [ -f /var/run/sm-client.pid ]; then
+	echo -n $"Shutting down sm-client: "
+	killproc sm-client
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && rm -f /var/run/sm-client.pid
+	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sm-client
+    fi
+    echo -n $"Shutting down $prog: "
+    killproc sendmail
+    RETVAL=$?
+    echo
+    [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sendmail
+    return $RETVAL
+}
+
+status -p /var/run/sendmail.pid >/dev/null || status -p /var/run/sm-client.pid >/dev/null
+running=$?
+
+# See how we were called.
+case "$1" in
+    start)
+	[ $running -eq 0 ] && exit 0
+	start
+	RETVAL=$?
+	;;
+    stop)
+	[ $running -eq 0 ] || exit 0
+	stop
+	RETVAL=$?
+	;;
+    restart|force-reload)
+	stop
+	start
+	RETVAL=$?
+	;;
+    condrestart|try-restart)
+	[ $running -eq 0 ] || exit 0
+	stop
+	start
+	RETVAL=$?
+	;;
+    status)
+	echo -n sendmail; status -p /var/run/sendmail.pid -l sendmail
+	RETVAL=$?
+	echo -n sm-client; status -p /var/run/sm-client.pid -l sm-client
+	[ $RETVAL -eq 0 ] && RETVAL=$?
+	;;
+    *)
+	echo $"Usage: $0 {start|stop|restart|condrestart|status}"
+	RETVAL=2
+esac
+
+exit $RETVAL

SOURCES/sendmail.nm-dispatcher

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+case "$2" in
+	up|down|vpn-up|vpn-down)
+		/bin/systemctl --no-block try-restart sendmail.service || :
+		;;
+esac

SOURCES/sendmail.pam

@@ -0,0 +1,3 @@
+#%PAM-1.0
+auth       include	password-auth
+account    include	password-auth

SOURCES/sendmail.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=Sendmail Mail Transport Agent
+After=syslog.target network.target
+Conflicts=postfix.service exim.service
+Wants=sm-client.service
+
+[Service]
+Type=forking
+StartLimitInterval=0
+PIDFile=/run/sendmail.pid
+Environment=SENDMAIL_OPTS=-q1h
+EnvironmentFile=-/etc/sysconfig/sendmail
+ExecStartPre=-/etc/mail/make
+ExecStartPre=-/etc/mail/make aliases
+ExecStart=/usr/sbin/sendmail -bd $SENDMAIL_OPTS $SENDMAIL_OPTARG
+
+[Install]
+WantedBy=multi-user.target
+Also=sm-client.service

SOURCES/sendmail.sysconfig

@@ -0,0 +1 @@
+SENDMAIL_OPTS="-q1h"

SOURCES/sm-client.service

@@ -0,0 +1,20 @@
+[Unit]
+Description=Sendmail Mail Transport Client
+After=syslog.target network.target sendmail.service
+Conflicts=postfix.service exim.service
+BindTo=sendmail.service
+
+[Service]
+Type=forking
+StartLimitInterval=0
+PIDFile=/run/sm-client.pid
+Environment=SENDMAIL_OPTS=-q1h
+EnvironmentFile=-/etc/sysconfig/sendmail
+ExecStartPre=/bin/touch /run/sm-client.pid
+ExecStartPre=/bin/chown smmsp:smmsp /run/sm-client.pid
+ExecStartPre=-/sbin/restorecon /run/sm-client.pid
+ExecStartPre=-/etc/mail/make
+ExecStart=/usr/sbin/sendmail -L sm-msp-queue -Ac $SENDMAIL_OPTS $SENDMAIL_OPTARG
+
+[Install]
+WantedBy=multi-user.target