#ident	"@(#)smail:ToDo,v 1.49 1999/08/06 22:27:34 woods Exp"

Things that should be done before the next minor release (patches are,
of course, gratefully accepted!):

Important Bugs:
--------------------

- test that '%' and '@' routing does still work for allowed users...

- think about ways to avoid doing DNS lookups on all Xsucceed and Xfail
  addresses when a mailing list or other multiple-recipient message is
  retried from the queue.

- do strip quotes from quoted local parts....  maybe.

- change smtp_info to smtp_allow_expn/smtp_allow_vrfy.  Add warning
about RFC-1123 says "MUST implement VRFY" and "SHOULD implement EXPN"
both in the code and smailconf.5 and note VRFY is as safe as RCPT TO.

- fix bug where qualify_domain() isn't called for addresses specified on
the command line (i.e. it only seems to be called when '-t' is used)

- use ftruncate() to remove partially written messages in appendfile.c
if ERR_135 [if possible].

- investigate extra <>'s in received for bounces (and other places):

  Received: from most.weird.com (4544 bytes) by most.weird.com
	via sendmail with P:bsmtp/D:user/T:local
	(sender: <MAILER-DAEMON>) (ident <MAILER-DAEMON> using unix)
	id <m0x2LJo-00076wC@most.weird.com>
	for <<woods>>; Sat, 23 Aug 1997 14:53:52 -0400 (EDT)
	(Smail-3.2.0.98-Pre 1997-Aug-19 #7 built 1997-Aug-20)

- deal with un-qualified local hostnames when there's no qualify file in
some sane way....  (the qualify.c stuff is perhaps overloaded and
shouldn't be used to qualify both local names in outgoing headers at the
same time as being used to qualify destination hostnames).

- fix "from_field" to never allow "From:" to go missing and if it's nil
do something appropriate....

- fix db lookup parser to allow '#' in left-hand side (if quoted?) [aliasfile]

- investigate the Apparently-To: being set, while input_addr not being set:
(no To/Resent-To/Cc/Bcc, etc., header in data, just envelope "MAIL FROM:")
	
	Received: from [204.92.254.3] by most.weird.com
		via sendmail with smtp (ident woods using rfc1413)
		id <m0udnxb-00076qC@most.weird.com>
		for <unknown>; Tue, 9 Jul 1996 21:20:59 -0400 (EDT)
		(Smail-3.2 1996-Jul-4 #1 built 1996-Jul-4)
	Apparently-To: foo@anet

perhaps $input_addr should be set from envelope (always?).

- investigate smail vs. MH via SMTP and BCC.  Seems the BCC line can end
up in the initial Received header.  I'm not even sure why the first
received line is there.  This may have something to do with other
instances where multiple addresses per message give strange log entries
and bounce messages.

    Received: from woffi.planix.com([204.29.161.34]) (1436 bytes) by whome.planix.com
        via sendmail with P:esmtp/D:aliases/R:inet_hosts/T:smtp
        (sender: <andreas@planix.com>) 
        id <m0x3NUM-0008NDC@whome.planix.com>
        for <partners@planix.com>; Tue, 26 Aug 1997 11:25:02 -0400 (EDT)
        (Smail-3.2.0.97 1997-Aug-19 #2 built 1997-Aug-25)
    Received: from localhost.planix.com(localhost[127.0.0.1]) (1104 bytes) by woffi.planix.com
        via sendmail with P:esmtp/R:inet_hosts/T:smtp
        (sender: <andreas@planix.com>) 
        id <m0x3NUL-000EExC@woffi.planix.com>
        for <customers_aew@planix.com>; Tue, 26 Aug 1997 11:25:01 -0400 (EDT)
        (Smail-3.2.0.97 1997-Aug-19 #2 built 1997-Aug-19)
    To: customers@planix.com (to /dev/null), partners@planix.com (an alias)
 >> Dcc: customers_hidden@planix.com (an alias to everyone)

Note MH uses 'Dcc' instead of 'Bcc' for normal (direct) blind carbon.

- do something about the premature lower-casing of user names.  Users
with upper case characters may not be able to receive mail (or at least
read the stuff they've received....)  The correct solution is probably
to provide another field in struct addr in which the un-adulterated
user-id can be stored for use in the "local" transport's filename
expansion.  I.e. the "user" director, with the 'ignore-case' attribute
set, will do a caseless match of the user-id against the mailbox portion
of the address, and then the actual user-id with case preserved can be
used in generating the mailbox spool filename.  [PR#295 notes that
getpwbyname() in pwcache.c explicitly lowercases the user name passed to
it before a getpwnam() search is proposed and the PR actually suggests
removing this lowercasing (so that the case is preserved in the cache),
but still doing a case-insensitive search through the password file,
though it doesn't pay heed to the ignore-case attribute, nor does it
provide for storing the case-preserved user-id in struct addr.]

- fix aliasfile parser to allow case sensitive aliases (ala above?)
[keep in mind the lists director uses "lists/${lc:user}"]

- turn down the verbose logging of failed locks, if known other smail
process holds lock....  eg:

	02/28/96 12:07:36: open_spool: /local/var/spool/smail/input/0trpIB-00076nC: lock failed: Permission denied

Unfortunately this will probably require re-writing the spool locking
functions to use pid-in-a-lock-file mechanisms.  [effectively fixed in
3.2.1 for systems that return EAGAIN if lock_fd() meets another lock?]
[it has been noted that there may be real race conditions in here!]

- check out what's going on with Apparently-From being added multiple
times

- check out re-writing From: if from '-f'

- Make sure "From:" and "To:" are always generated correctly for all
locally originating mail and never for anything else.

- stop smail from generating those horrible Apparently-* headers now
that the envelope is completely available in the default received
header [Apparently-From should be gone from 3.2.1].


Incomplete Features:
--------------------

- this happens when multi-homed and connecting to a sibling in the same
  alternate network....

	07/07/1999 17:47:12: [4931] remote EHLO: questionable operand: 'becoming.weird.com': from root@becoming.weird.com source [204.29.161.180]: Remote address PTR lookup failed (Unknown host).

- fully support $max_message_size [include hints to user about resending
in bounce if not immeadiately rejected by ESMTP, and perhaps add a new
option $truncate_oversize_bounce or similar with default ON].

- enable and test HAVE_DF_SPOOL for all systems were possible [or wait
for autoconf?].

- think about allowing $listen_name to be set on command line too [if
this is used for more than one domain then you'll need separate config
files anyay, so just use -C; but if you are using this to avoid having
smtp some interfaces then this info may be easier to manage in one place
in the /etc/rc* files or whatever].

- do something to make aliasfile parsing identical across lookup protos.
(related to 'db lookup parser' bug above?)

- implement 'mailq' to follow through on '-t' option (i.e. read header)

- have 'mailq' print "Mail queue is empty' when it is (isatty()?) ala sendmail

- Put the following in default.c for SVR4's local, pipe, & file transports:

	remove_header="Content-Length",
	append_header="${if !header:Content-Type :Content-Type: text}",
	append_header="Content-Length: $body_size",

- think about how to integrate checkerr and savelog so that security
violations can be snarfed from logfile just after it is cycled.  Perhaps
a new over-all maintenance script (smailmaint?) could do the work and
there would only be one crontab entry necessary.  Note that there's no
need to use the antiquated savelog on systems that have a newsyslog(1)
capable of not compressing the .0 file (eg. my version!).  [syslog
logging would also change all of this since then security violations
will get more attention from syslog if the admin desires...]

- add an "always" attribute to the directors drivers, esp. aliasfile.

- add 'senders' and 'senders_except' attributes to directors and routers
to implement restricted aliases, transports, etc.

- change the syntax of smtp_remote_allow patterns (i.e. match_ip()) to
allow IP address specification with CIDR notation and/or maybe netmask
notation.  [steal netmask code from tcp_wrappers, or perhaps the
hostmask() routine from ip_filter, or even the new IP# type code from
postgres?]  Also allow hostnames by doing a reverse lookup on the
address and matching the PTR(s) with hostname patters [regex's too?].

- think about making smtp_remote_allow and other users of match_ip()
capable of specifying a file lookup mechanism:

       smtp_remote_allow="${lookup:sender_host_addr:ipsearch:{
				/etc/smail/remote.allow}:$value}"

where "ipsearch" iterates the [new] match_ip() function over all the
values in the file.  (does this mean keeping the double compare?)  (the
file should probably be cached in-core and treated as a list)

- Think about splitting lsearch and USE_LSEARCH_REGEXCMP into a plain
old lsearch and a new "research" (is this a bad name? ;-) [JPR suggests
"grep", so how about"grepsearch"?] for straight RE linear searches.
Think about not using double quotes to trigger the RE match, but rather
doing it for every key value.  Think about a combined lsearch+grepsearch
that would do what lsearch+REGEXCMP does now with the double-quote
trigger, but of course not need the double-quote trigger.

- adjust the error messages in config file parsing to include at least
the line number, and anything else helpful, not just:

05/07/1997 15:40:59: /local/etc/smail/config: parse error: unexpected end of attribute

- make some of the SMTP error messages more explanitory and think about
using continuation lines, such as this:

      550-'<chris@cheddar.netmonger.net>SIZE=2088' sender address target
      550-domain 'cheddar.netmonger.net' is not a valid e-mail domain
      550 (there is no MX record in the DNS for it).

- think about adding eqic{, ltic{, gtic{ operators that unify the case
of their arguments before testing.

- think about changing the "var" portion of the eq{ et al operators to
be a fully expanded value, not just a variable name (which would make
the above mentioned eqic{ et al operators redundant).

- add support for Kiem-Phong Vo <kpv@research.att.com> Vmalloc library,
particularly debugging support.  Also add hooks to build with sfio.

- document ${eval: if it turns out to be useful.

- re-write aliasfile.c in the style of the fwdfile.c with a finish_*()
function, etc.

- add someone's regex library to pd/regex (Ozan's?) and use that if the
code's not ported to the current system's equivalent (or always use it?)

- figure out how to do the configuration for per-transport (or
even per-target?) relaying control.

- pass a flag to fill_attributes() so that it can print a more
meaningful error message that indicates if an unknown attribute is
expected to be either a generic attribute, or a driver-specific
attribute (possibly either the word "generic" or the driver name).


New Features:
--------------------

- implement optional $max_mailbox_size [optionally as a colon separated
list of "user=size" tokens with something like '*' as the default user
and "nolimit" to unset per user].

- never completely fill the spooldir if HAVE_DF_SPOOL (add optional
$min_spooldir_free?)

- be careful about never filling the logfile too (can we instantly defer
connections if we're out of resources like this?)

- Think about a config variable that could (maybe $log_events?) that
could control which items are logged and which are not [or wait for
syslog support?]

- make the startup log message more verbose (version, build, build date,
release date, etc.) [use $smtp_banner ???]

- write a minimal mailstats replacement (new log file format only)
[real stats, not just what logsumm does]

- implement 'mailq' option to read the "error" queue (mailq -e?)

- implement '-R'

     -Rstring       Go through the  queue  of  pending  mail  and
                    attempt  to  deliver any message with a reci-
                    pient containing the specified string.   This
                    is useful for clearing out mail directed to a
                    machine which has been down for awhile.

- implement ETRN from RFC 1985 ala the above.

- implement other standards-track SMTP extensions....

- when possible make the daemon childer change their ps command line
text to show what they are currently doing.

- teach substitute() to recognize the variable names listed in
  conf_attributes, etc.

- try to ensure all variables are run through expand_string().

- add a way to supress warnings for smtp_helo_broken_allow.


Miscellaneous:
--------------------

- add #ifdef HAVE_UNISTD_H #include <unistd.h> where appropriate [or
wait for autoconf?].

- remove nested includes from "jump.h" [and everywhere!].

- think about getting <string.h> out of defs.h [or wait for autoconf?]

- investigate: ORIG-ID:<199604230758.AA13625@post.tandem.com\POS,$ZNET^U5>
(possibly related: what'll happen if a message-ID header has other crap,
and even continued lines, in it too?)

- think about doing something to allow an alias to be used to force a
"no-such-user" bounce.

- install ".so" longname manual pages on systems with longnames [need to
fix up xrefs too?]

- should we add IsValid*() checking?  from:
<ftp://ftp.cert.org/pub/cert_advisories/CA-96.04.corrupt_info_from_servers>

- read draft-ietf-drums-smtpupd-04.txt [or newer] more carefully.

- think about not stripping comments from aliases, etc., and providing
GCOS info; esp. for EXPN and VRFY, perhaps re-using smtp_info to control.

- Should the "real_user" director set ignore_alias_match?

- consider allowing multiple whitespace characters to act as one when
speparating words in a string parsed by expand_string().

- think about the possible benefits of having separate DBG_DRIVER types
for each of the different kinds of drivers (router, director, transport).

- clean up the duplication between COPY_STRING() and copy().
