-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

sendmail snapshot 8.17.0.3 is available for testing. It fixes a
performance problem when USE_EAI is enabled and reduces the
requirements when -U needs to be specified during mail submission.

8.17.1/8.17.1 202X/XX/XX
Deprecation notice: due to compatibility problems with some
third party code, we plan to finally switch from K&R
to ANSI C. If you are using sendmail on a system
which does not have a compiler for ANSI C contact us
with details as soon as possible so we can determine
how to proceed.
Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533)
is available when using the compile time option USE_EAI
(see also devtools/Site/site.config.m4.sample for other
required settings) and the cf option SMTPUTF8.
If a mail submission via the command line requires
the use of SMTPUTF8, e.g., because a header uses UTF-8
encoding, but the addresses on the command line are all
ASCII, then the new option -U must be used, and
the cf option SMTPUTF8 must be set in submit.cf.
Please test and provide feedback.
Experimental support for SMTP MTA Strict Transport Security
(MTA-STS, see RFC 8461) is available when using
- the compile time option _FFR_MTA_STS (which requires
STARTTLS, MAP_REGEX, SOCKETMAP, and _FFR_TLS_ALTNAMES),
- FEATURE(sts), which implicitly sets the cf option
StrictTransportSecurity,
- postfix-mta-sts-resolver, see
https://github.com/Snawoot/postfix-mta-sts-resolver.git
New ruleset check_other which is called for all unknown SMTP
commands in the server and for commands which do not
have specific rulesets, e.g., NOOP and VERB.
New ruleset clt_features which can be used to select features
in the SMTP client per server. Currently only two
flags are available: D/M to disable DANE/MTA-STS,
respectively.
Avoid leaking session macros for an envelope between
delivery attempts to different servers. This problem
could have affected check_compat.
Avoid leaking actual SMTP replies between delivery attempts
to different servers which could cause bogus logging
of reply= entries.
Change default SMTP reply code for STARTTLS related problems
from 403 to 454 to better match the RFCs.
Fix a theoretical buffer overflow when encountering an
unknown/unsupported socket address family on an
operating system where sa_data is larger than 30
(the standard is 14). Based on patch by Toomas Soome.
Previously the commands GET, POST, CONNECT, or USER terminate
a connection immediately only if sent as first command.
Now this is also done if any of these is sent directly
after STARTTLS or if the 'h' option is set via
srv_features.
CDB map locking has been changed so a sendmail process which
does have a CDB map open does not block an in-place
update of the map by makemap. The simple workaround
for that problem in earlier versions is to create
the map under a different name and then move it
into place.
CONFIG: New FEATURE(`check_other') to provide a default
check_other ruleset.
CONFIG: FEATURE(`tls_failures') is deprecated and will be
removed in future versions because it has a fundamental
problem: it is message oriented but STARTTLS is
session oriented. For example, having multiple
RCPTs in one envelope for different destinations,
with different temporary errors, does not work
properly, as the persistent macro applies to all
RCPTs and hence implicitly to all destinations (servers).
The option TLSFallbacktoClear should be used if needed.
MAIL.LOCAL: Enhance some error messages to simplify
troubleshooting.
Portability:
Add support for Darwin 19 & 20.
NOTE: File locking using fcntl() does not interoperate
with Berkeley DB 5.x (and probably later). Use
CDB, flock() (-DHASFLOCK), or an earlier Berkeley
DB version. Problem noted by Harald Hannelius.
New Files:
cf/feature/check_other.m4
cf/feature/sts.m4
devtools/OS/Darwin.19.x
devtools/OS/Darwin.20.x
include/sm/ixlen.h
libsm/ilenx.c
libsm/lowercase.c
libsm/strcaseeq.c
libsm/t-ixlen.c
libsm/t-ixlen.sh
libsm/t-streq.c
libsm/t-streq.sh
libsm/utf8_valid.c
libsm/uxtext_unquote.c
libsm/xleni.c
libsmutil/t-lockfile.c
libsmutil/t-lockfile-0.sh
libsmutil/t-maplock-0.sh

Available at:
https://ftp.sendmail.org/snapshots/sendmail.8.17.0.3.tar.gz
https://ftp.sendmail.org/snapshots/sendmail.8.17.0.3.tar.gz.sig

SHA256 (sendmail.8.17.0.3.tar.gz) = 0b8cf894784fad367babca47a99e3a490882d4241258500bb827f0439e49749e
SHA256 (sendmail.8.17.0.3.tar.gz.sig) = 64e4e7f5031c7806465db914de45d028363a321e595cc0ed7c574c637aa3622f
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJg0j3kAAoJEExm6o1L7hvudd4P/jHGeShR6MTp9ZyD7uQUraVt
XA6z2XrZ7XAXCTyz3RNBOno4Fr+sm36C6awYYOgLjkNl7tjvSYnLCE9+OOSilXvp
+u/7lHk3CwKwqCxsWpmA8SAVIQ0lwCohAPm7ZgB9NOZwjSTrkWt9aBst+WeH7bI5
Pkw3FtB+5uaAel2fWP3M6Lxz75+OSIRAOMYE+8Dp76c9Z62JBNbu1/Gr8NJgaanL
/7b0I+rZsUmXIDdzqPZ117J999PZh9r920A8+s65blTNGbPD7NMBeo0EKQQ+Oaws
eDZnLzeZK0z3PPV0KCae5jVhlMG9euueML+MU4a+mVYoBeDkR21K+nU1w9dVPEzo
jOzwpjAS8hmjoQ2YtyDKZhUuZUiZciTX/YWHYOx2Zn0fGZl6mUVxUtkJXR00Vr/b
cWCBCSJINcpF9yMnhg8cXDUJiFJlqZEViE/8MAO4q/EoAv6YU355BjnnZFE7cKTn
9hAKn/l/o9D1l2NB0Xwhny3qAaQ6br4jfYd/oD4z7cqQfeZp7MQSjSpkMw6zMTgI
gWZH3foo3iw+IWhaGJG4S92NUCr8kcZgGpPJUI86DejiZVAb+eBd8qD5qkLx6woV
afVRbptULrGF29Lek/tNS5Tf+9dAjTmKjrEa0s0oruWkavDs6flLGH/7b0VHNPtB
0dDPHFI+AEfMb+fnhu8D
=rbNT
-----END PGP SIGNATURE-----

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

On Wednesday, June 23, 2021 at 1:55:02 AM UTC-4, Claus Aßmann wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> sendmail snapshot 8.17.0.3 is available for testing. It fixes a
> performance problem when USE_EAI is enabled and reduces the
> requirements when -U needs to be specified during mail submission.
>

My small personal email server was downgraded last night back to 8.16, under suspicions of odd behavior. I noticed quite a few sessions being recorded as "remote server did not issue MAIL/EXPN/VRFY/ETRN during connection". True enough, I got external email messages from multiple days ago delivered in a matter of a few hours afterwards.

The OS is a Slackware -current.

# ./sendmail -bt -d0.15
Version 8.17.0.3
Compiled with: ALLOW_255 DANE DNSMAP IPV6_FULL LOG MAP_REGEX MATCHGECOS
MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX
NEWDB=4.8 NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS
TCPWRAPPERS TLS_EC TLS_VRFY_PER_CTX USERDB USE_EAI XDEBUG
OS Defines: ADDRCONFIG_IS_BROKEN DNSSEC_TEST HASFCHOWN HASFCHMOD
HASGETDTABLESIZE HASINITGROUPS HASLSTAT HASNICE HASRANDOM
HASRRESVPORT HASSETREGID HASSETREUID HASSETRLIMIT HASSETSID
HASSETVBUF HASURANDOMDEV HASSTRERROR HASUNAME HASUNSETENV
HASWAITPID IDENTPROTO NEEDSGETIPNODE REQUIRES_DIR_FSYNC SFS_VFS
USE_DOUBLE_FORK USE_SIGLONGJMP
Kernel symbols: /boot/vmlinux
Conf file: /etc/mail/submit.cf (default for MSP)
Conf file: /etc/mail/sendmail.cf (default for MTA)
Pid file: /var/run/sendmail.pid (default)
libsm Defines: SM_CONF_LONGLONG SM_CONF_MEMCHR SM_CONF_MSG SM_CONF_SEM
SM_CONF_SIGSETJMP SM_CONF_SHM SM_CONF_SSIZE_T SM_CONF_STDBOOL_H
SM_CONF_STDDEF_H SM_CONF_SYS_CDEFS_H SM_CONF_UID_GID
DO_NOT_USE_STRCPY SM_HEAP_CHECK SM_OS=sm_os_linux SM_VA_STD
FFR Defines: _FFR_MTA_STS _FFR_TLS_ALTNAMES _FFR_LOGASIS=1
OpenSSL: compiled 0x101010bf
OpenSSL: linked 0x101010bf
Canonical name: server.domain
UUCP nodename: server.domain
a.k.a.: server
a.k.a.: [xxx.xxx.xxx.xxx]
a.k.a.: [127.0.0.1]
Conf file: /etc/mail/sendmail.cf (selected)
Pid file: /var/run/sendmail.pid (selected)

On my .mc file, since 8.16 does not support the below 8.17 settings:
dnl#FEATURE(`sts')dnl
LOCAL_CONFIG
dnl#O SmtpUTF8=True

And I start sendmail with /usr/sbin/sendmail -L sm-mta -bd -q25m.

Interesting enough, emails from Google's GMail were coming flawlessly, but not from many other places.

Any hints where to start looking at?