snapshot-20011125

postfix/HISTORY

@@ -5665,6 +5665,31 @@ Apologies for any names omitted.
 	Bugfix: missing long integer support in the new IPC protocols.
 	Files: util/attr_scan*.c, util/attr_print*.c.
 
+	Portability: AIX5 (Adrian P. van Bloois), MAC OS X 10.1.1
+	(Gerben Wierda).
+
+20011125
+
+	Bugfix: spurious postmaster notifications because some flag
+	was not reset.
+
+	Feature: new parameter smtpd_sender_login_maps that specifies
+	the (SASL) login name that owns a MAIL FROM address.
+	Specify a regexp table in order to require a simple one-to-one
+	mapping. This is used in the reject_sender_login_mismatch
+	sender anti-spoofing feature.
+
+	Feature: restriction reject_sender_login_mismatch refuses
+	a MAIL FROM address when $smtpd_sender_login_maps specifies
+	an owner but the client is not (SASL) logged in as the MAIL
+	FROM address owner, or when a client is (SASL) logged in
+	but the client login name does not own the MAIL FROM address
+	according to $smtpd_sender_login_maps.  File: smtpd/smpd_check.c.
+
+	Documentation: added some redundancy to the LMTP_README
+	file so people can keep track of the difference between
+	the Postfix LMTP client and the non-Postfix LMTP server.
+
 Open problems:
 
 	Medium: need in-process caching for map lookups. LDAP

postfix/LMTP_README

@@ -48,11 +48,17 @@ There are a variety of ways LMTP delivery can be configured in
 Postfix.  The two basic flavors are delivery over UNIX-domain
 sockets and delivery over TCP sockets.
 
-  o Connections over UNIX-domain sockets limit delivery to LMTP
-    servers running on the same machine.
+  o Connections from the Postfix LMTP client over UNIX-domain
+    sockets allow you to deliver to non-Postfix LMTP servers running
+    on the same machine.
 
-  o Connections over TCP sockets allow you to deliver to LMTP
-    servers across a local network.
+  o Connections from the Postfix LMTP client over TCP sockets allow
+    you to deliver to non-Postfix LMTP servers across a local
+    network.
+
+Note: the above is not to be confused with the UNIX-domain sockets
+that Postfix uses internally to speak its own protocols with the
+Postfix LMTP client.
 
 The precise syntax for UNIX-domain and TCP connection endpoints is
 given in the lmtp(8) manual page. Examples are also given in the
@@ -69,6 +75,9 @@ in convenience and in performance with these different approaches.
 3 - LMTP over UNIX-domain sockets
 =================================
 
+Use this to deliver mail from the Postfix LMTP client to an LMTP
+server that is running on the same system.
+
 A UNIX-domain socket is specified as the socket type ("unix") and
 a name in the local file system:
 
@@ -80,9 +89,9 @@ later in this document.
 
 NOTE:
 
-    If you run the lmtp client chrooted, the interpretation of the
-    /path/name is relative to the Postfix queue directory (typically,
-    /var/spool/postfix).
+    If you run the Postfix LMTP client chrooted, the interpretation
+    of the /path/name is relative to the Postfix queue directory
+    (typically, /var/spool/postfix).
 
     By default, the Postfix LMTP client does not run chrooted.
     With LMTP delivery to the local machine there is no good reason
@@ -91,6 +100,9 @@ NOTE:
 4 - LMTP over TCP sockets
 =========================
 
+Use this to deliver mail from the Postfix LMTP client to an LMTP
+server that is running on the same system or on a different system.
+
 A TCP destination is specified as the socket type ("inet"), the
 destination hostname and the TCP port:
 
@@ -125,9 +137,9 @@ This is the simplest LMTP configuration.
 5.1 - Delivery mechanisms
 -------------------------
 
-Postfix main.cf supports three mechanisms to deliver mail over
-LMTP.  Each method can use UNIX-domain or TCP sockets as described
-in a later section.
+Postfix main.cf supports three mechanisms to deliver mail to an
+LMTP server.  Each method can use UNIX-domain or TCP sockets as
+described in a later section.
 
 main.cf mechanism 1
 -------------------
@@ -138,7 +150,8 @@ mailbox_transport = lmtp:hostname:port   (TCP socket example)
 Mail that resolves as local (domain is listed in $mydestination)
 is given to the Postfix local delivery agent.  The Postfix local
 delivery agent expands aliases and .forward files, and delegates
-mailbox delivery to the LMTP server.
+mailbox delivery to the Postfix LMTP client which then sends it to
+the non-Postfix LMTP server.
 
 main.cf mechanism 2
 -------------------
@@ -147,9 +160,10 @@ local_transport = lmtp:unix:/path/name (UNIX-domain socket example)
 local_transport = lmtp:hostname:port   (TCP socket example)
 
 Mail that resolves as local (domain is listed in $mydestination)
-is directly given to the LMTP server.  The mail is not processed
-by the Postfix local delivery agent; therefore aliases and .forward
-files are not processed.
+is directly given to the Postfix LMTP client which then sends it
+to the non-Postfix LMTP server.  The mail is not processed by the
+Postfix local delivery agent; therefore aliases and .forward files
+are not processed.
 
 main.cf mechanism 3
 -------------------
@@ -161,7 +175,8 @@ Mail that resolves as local (domain is listed in $mydestination)
 is given to the Postfix local delivery agent.  The Postfix local
 delivery agent processes aliases and .forward files, and delivers
 to /var[/spool]/mail/$user for users that have a UNIX account.
-Mail for other local users is delegated to the LMTP server.
+Mail for other local users is delegated to the Postfix LMTP client
+which then sends it to the non-Postfix LMTP server.
 
 5.2 - Examples
 --------------

postfix/RELEASE_NOTES

@@ -1,3 +1,16 @@
+Major changes with snapshot-20011125
+====================================
+
+New parameter smtpd_sender_login_maps that specifies the (SASL)
+login name that owns a MAIL FROM sender address. Specify a regexp
+table in order to require a simple one-to-one mapping.
+
+New sender anti-spoofing restriction reject_sender_login_mismatch
+that refuses a MAIL FROM address when $smtpd_sender_login_maps
+specifies an owner but the client is not (SASL) logged in as the
+MAIL FROM address owner, or when a client is (SASL) logged in but
+does not own the address according to $smtpd_sender_login_maps.
+
 Incompatible changes with snapshot-20011121
 ===========================================
 

postfix/conf/sample-smtpd.cf

@@ -4,6 +4,36 @@
 # This file contains example settings of Postfix configuration parameters
 # that control the SMTP server program.
 
+#
+# SENDER ANTI-SPOOFING
+#
+
+# The smtpd_sender_login_maps parameter specifies the (SASL) login
+# name that owns a sender (MAIL FROM) address. 
+# 
+# Specify zero or more maptype:mapname entries. Maps are created with
+# postmap(1) or with equivalent means. The maps are searched in the
+# specified order. Regexp tables are allowed.
+# 
+# Each map entry specifies a sender address and the login name that
+# owns the address. The search order is:
+# 
+# 1)  user@domain owner
+# 
+# This form has the highest precedence.
+# 
+# 2)  user        owner
+# 
+# This matches user@site when site is equal to $myorigin, when site
+# is listed in $mydestination, or when it is listed in $inet_interfaces.
+# 
+# 3)  @domain     owner
+# 
+# This matches every address in the specified domain, and has the
+# lowest precedence.
+# 
+#smtpd_sender_login_maps =
+
 #
 # MISCELLANEOUS
 #
@@ -26,9 +56,9 @@ smtpd_banner = $myhostname ESMTP $mail_name
 # The smtpd_etrn_restrictions parameter restricts what clients are
 # allowed to issue the ETRN command.
 #
-# The Postfix ETRN command is available only for destinations that
-# that are eligible for the Postfix "fast flush" service. See the
-# sample-flush.cf file for details.
+# The Postfix ETRN command accepts only destinations that are eligible
+# for the Postfix "fast flush" service. See the sample-flush.cf file
+# for details.
 #
 # The default is to allow ETRN from any host.  The following restrictions
 # are available:
@@ -226,6 +256,11 @@ smtpd_helo_restrictions =
 #	Permit if result is OK or all numerical.
 #   check_client_access maptype:mapname: see smtpd_client_restrictions.
 #   check_helo_access maptype:mapname: see smtpd_helo_restrictions.
+#   reject_sender_login_mismatch: reject if $smtpd_sender_login_maps specifies
+#	a MAIL FROM address owner, but the client is not (SASL) logged in as
+#	that MAIL FROM address owner; or if the client is (SASL) logged in, but
+#	the client login name doesn't own the MAIL FROM address according to
+#	$smtpd_sender_login_maps (see above).
 #   reject_non_fqdn_hostname: reject HELO hostname that is not in FQDN form
 #   reject_non_fqdn_sender: reject sender address that is not in FQDN form
 #   reject: reject the request. Place this at the end of a restriction.
@@ -296,6 +331,11 @@ smtpd_sender_restrictions =
 #   check_client_access maptype:mapname: see smtpd_client_restrictions.
 #   check_helo_access maptype:mapname: see smtpd_helo_restrictions.
 #   check_sender_access maptype:mapname: see smtpd_sender_restrictions.
+#   reject_sender_login_mismatch: reject if $smtpd_sender_login_maps specifies
+#	a MAIL FROM address owner, but the client is not (SASL) logged in as
+#	that MAIL FROM address owner; or if the client is (SASL) logged in, but
+#	the client login name doesn't own the MAIL FROM address according to
+#	$smtpd_sender_login_maps (see above).
 #   reject_non_fqdn_hostname: reject HELO hostname that is not in FQDN form
 #   reject_non_fqdn_sender: reject sender address that is not in FQDN form
 #   reject_non_fqdn_recipient: reject recipient address that is not in FQDN form

postfix/html/faq.html

@@ -1138,7 +1138,7 @@ run out of file handles; after that, it will run out of sockets.
 
 To set the following kernel parameters at boot time, add the
 following lines to the <b>/boot/loader.conf</b> file (this is
-specific to FreeBSD 4.x):
+verified with FreeBSD 4.4):
 
 <p>
 
@@ -1146,18 +1146,17 @@ specific to FreeBSD 4.x):
 <pre>
 kern.ipc.maxsockets="5000"
 kern.ipc.nmbclusters="65536"
+kern.maxproc="2048"
+kern.maxfiles="16384"
+kern.maxfilesperproc="16384"
 </pre>
 </blockquote>
 
 <p>
 
-These parameters cannot be set at run time (verified with FreeBSD
-4.2).
-
-<p>
-
-To set the following kernel parameters at run time execute the
-following commands as root (this is specific to FreeBSD 4.x):
+With FreeBSD 4.2, the last three parameters cannot be set from
+<b>/boot/loader.conf</b>. To set the open file limits, execute the
+following commands as root:
 
 <p>
 
@@ -1170,14 +1169,9 @@ following commands as root (this is specific to FreeBSD 4.x):
 
 <p>
 
-These parameters cannot be set from <b>/boot/loader.conf</b>
-(verified with FreeBSD 4.2).
-
-<p>
-
-Other kernel parameters such as <b>kern.maxproc</b> can be increased
-only by recompiling the kernel with a different <b>maxusers</b>
-setting in the kernel configuration file (verified with FreeBSD 4.2).
+With FreeBSD 4.2, <b>kern.maxproc</b> can be set only by recompiling
+the kernel with a different <b>maxusers</b> setting in the kernel
+configuration file.
 
 <hr>
 

postfix/html/sendmail.1.html

@@ -181,9 +181,10 @@ SENDMAIL(1)                                           SENDMAIL(1)
 
        <b>-qR</b><i>site</i>
               Schedule  immediate  delivery  of  all mail that is
-              queued for the named <i>site</i>. This uses  "fast  flush"
+              queued for the named <i>site</i>. This option accepts only
+              <i>site</i>  names  that are eligible for the "fast flush"
               service, and is implemented by  connecting  to  the
-              local SMTP server at <b>$myhostname</b>.  See <a href="smtpd.8.html"><b>smtpd</b>(8)</a> for
+              local SMTP server at <b>$myhostname</b>.  See <a href="flushd.8.html"><b>flush</b>(8)</a> for
               more information about the "fast flush" service.
 
        <b>-qS</b><i>site</i>

postfix/html/smtpd.8.html

@@ -103,6 +103,12 @@ SMTPD(8)                                                 SMTPD(8)
               <b>noanonymous</b>
                      Disallow anonymous logins.
 
+       <b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>login</b><i>_</i><b>maps</b>
+              Maps  that  specify the SASL login name that owns a
+              MAIL   FROM   sender   address.   Used    by    the
+              <b>reject</b><i>_</i><b>sender</b><i>_</i><b>login</b><i>_</i><b>mismatch</b>  sender  anti-spoofing
+              restriction.
+
 <b>Miscellaneous</b>
        <b>always</b><i>_</i><b>bcc</b>
               Address to send a copy of each message that  enters

postfix/html/uce.html

@@ -544,6 +544,18 @@ response code to rejected requests (default:  <b>504</b>).
 
 <p>
 
+<a name="reject_sender_login_mismatch">
+
+<dt> <b>reject_sender_login_mismatch</b> <dd> Reject the request
+when <a href="#smtpd_sender_login_maps"> $smtpd_sender_owner_maps</a>
+specifies an owner for the MAIL FROM address, but the client is
+not (SASL) logged in as that MAIL FROM address owner; or when the
+client is (SASL) logged in, but the client login name doesn't own
+the MAIL FROM address according to <a href="#smtpd_sender_login_maps">
+$smtpd_sender_login_maps</a>.
+
+<p>
+
 <dt> <b><a href="#permit_naked_ip_address">permit_naked_ip_address</a></b>
 
 <dt> <b><a href="#reject_invalid_hostname">reject_invalid_hostname</a></b>
@@ -811,6 +823,9 @@ response code to rejected requests (default:  <b>504</b>).
 
 <dt> <b><a href="#check_sender_access">check_sender_access</a></b> <i>maptype</i>:<i>mapname</i>
 
+<dt> <b><a href="#reject_sender_login_mismatch">reject_sender_login_mismatch
+</a></b>
+
 <dd> See sender address restrictions.
 
 <p>
@@ -1158,6 +1173,68 @@ tables listed in <b>$relay_domains.</b>
 
 </dl>
 
+<dl>
+
+<a name="smtpd_sender_login_maps">
+
+<dt> <b>smtpd_sender_login_maps</b>
+
+<dd>This parameter specifies ownership of MAIL FROM addresses, as
+used by the <a href="#reject_sender_login_mismatch">
+reject_sender_login_mismatch</a> sender address restriction.
+
+<p>
+
+<dl>
+
+<dt>Default:
+
+<dd><b>smtpd_sender_login_maps = </b>
+
+<p>
+
+<dt>Syntax:
+
+<dd> Specify zero or more type:name lookup tables, separated by
+whitespace and/or commas.  The maps are searched in the
+specified order. Regexp tables are allowed.
+
+<p>
+
+Each map entry specifies a sender address and the login name that
+owns the address. The search order is:
+
+<p>
+
+<dl>
+
+<dt><i>user@domain owner</i>
+
+<dd>This form has the highest precedence.
+
+<p>
+
+<dt><i>user        owner</i>
+
+<dd>This matches <i>user@site</i> when <i>site</i> is equal to <a
+href="basic.html#myorigin"> $myorigin</a>, when <i>site</i> is
+listed in <a href="basic.html#mydestination"> $mydestination</a>,
+or when it is listed in <a href="basic.html#inet_interfaces">
+$inet_interfaces</a>.
+
+<p>
+
+<dt><i>@domain     owner</i>
+
+<dd>This matches every address in the specified domain, and has
+the lowest precedence.
+
+</dl>
+
+</dl>
+
+</dl>
+
 <hr>
 
 <a href="index.html">Up one level</a> | <a href="basic.html">Basic

postfix/makedefs

@@ -144,6 +144,12 @@ case "$SYSTEM.$RELEASE" in
 		done
 		;;
        AIX.*)	case "`uname -v`" in
+		5)	SYSTYPE=AIX4
+			case "$CC" in
+			cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
+			esac
+			CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
+			;;
 		4)	SYSTYPE=AIX4
 			# How embarrassing...
 			case "$CC" in

postfix/man/man1/sendmail.1

@@ -154,9 +154,10 @@ The interval between queue runs. Use the \fBqueue_run_delay\fR
 configuration parameter instead.
 .IP \fB-qR\fIsite\fR
 Schedule immediate delivery of all mail that is queued for the named
-\fIsite\fR. This uses "fast flush" service, and is implemented
-by connecting to the local SMTP server at \fB$myhostname\fR.
-See \fBsmtpd\fR(8) for more information about the "fast flush"
+\fIsite\fR. This option accepts only \fIsite\fR names that are
+eligible for the "fast flush" service, and is implemented by
+connecting to the local SMTP server at \fB$myhostname\fR.
+See \fBflush\fR(8) for more information about the "fast flush"
 service.
 .IP \fB-qS\fIsite\fR
 This command is not implemented. Use the slower \fBsendmail -q\fR

postfix/man/man8/smtpd.8

@@ -103,6 +103,10 @@ dictionary attack.
 .IP \fBnoanonymous\fR
 Disallow anonymous logins.
 .RE
+.IP \fBsmtpd_sender_login_maps\fR
+Maps that specify the SASL login name that owns a MAIL FROM sender
+address. Used by the \fBreject_sender_login_mismatch\fR sender
+anti-spoofing restriction.
 .SH Miscellaneous
 .ad
 .fi

postfix/src/global/mail_params.h

@@ -781,6 +781,12 @@ extern char *var_smtpd_sasl_opts;
 #define DEF_SMTPD_SASL_REALM	"$myhostname"
 extern char *var_smtpd_sasl_realm;
 
+#define VAR_SMTPD_SND_AUTH_MAPS	"smtpd_sender_login_maps"
+#define DEF_SMTPD_SND_AUTH_MAPS	""
+extern char *var_smtpd_snd_auth_maps;
+
+#define REJECT_SENDER_LOGIN_MISMATCH	"reject_sender_login_mismatch"
+
  /*
   * SASL authentication support, SMTP client side.
   */

postfix/src/global/mail_version.h

@@ -15,7 +15,7 @@
   * Version of this program.
   */
 #define VAR_MAIL_VERSION	"mail_version"
-#define DEF_MAIL_VERSION	"Snapshot-20011121"
+#define DEF_MAIL_VERSION	"Snapshot-20011125"
 extern char *var_mail_version;
 
 /* LICENSE

postfix/src/sendmail/sendmail.c

@@ -148,9 +148,10 @@
 /*	configuration parameter instead.
 /* .IP \fB-qR\fIsite\fR
 /*	Schedule immediate delivery of all mail that is queued for the named
-/*	\fIsite\fR. This uses "fast flush" service, and is implemented
-/*	by connecting to the local SMTP server at \fB$myhostname\fR.
-/*	See \fBsmtpd\fR(8) for more information about the "fast flush"
+/*	\fIsite\fR. This option accepts only \fIsite\fR names that are 
+/*	eligible for the "fast flush" service, and is implemented by
+/*	connecting to the local SMTP server at \fB$myhostname\fR.
+/*	See \fBflush\fR(8) for more information about the "fast flush"
 /*	service.
 /* .IP \fB-qS\fIsite\fR
 /*	This command is not implemented. Use the slower \fBsendmail -q\fR

postfix/src/smtpd/smtpd.c

@@ -89,6 +89,10 @@
 /* .IP \fBnoanonymous\fR
 /*	Disallow anonymous logins.
 /* .RE
+/* .IP \fBsmtpd_sender_login_maps\fR
+/*	Maps that specify the SASL login name that owns a MAIL FROM sender
+/*	address. Used by the \fBreject_sender_login_mismatch\fR sender
+/*	anti-spoofing restriction.
 /* .SH Miscellaneous
 /* .ad
 /* .fi
@@ -364,6 +368,7 @@ char   *var_smtpd_sasl_realm;
 char   *var_filter_xport;
 bool    var_broken_auth_clients;
 char   *var_perm_mx_networks;
+char   *var_smtpd_snd_auth_maps;
 
  /*
   * Global state, for stand-alone mode queue file cleanup. When this is
@@ -1288,6 +1293,7 @@ static void chat_reset(SMTPD_STATE *state)
     if (state->history != 0 && SMTPD_STAND_ALONE(state) == 0
 	&& (state->error_mask & state->notify_mask))
 	smtpd_chat_notify(state);
+    state->error_mask = 0;
     smtpd_chat_reset(state);
 }
 
@@ -1621,6 +1627,7 @@ int     main(int argc, char **argv)
 	VAR_SMTPD_SASL_REALM, DEF_SMTPD_SASL_REALM, &var_smtpd_sasl_realm, 1, 0,
 	VAR_FILTER_XPORT, DEF_FILTER_XPORT, &var_filter_xport, 0, 0,
 	VAR_PERM_MX_NETWORKS, DEF_PERM_MX_NETWORKS, &var_perm_mx_networks, 0, 0,
+	VAR_SMTPD_SND_AUTH_MAPS, DEF_SMTPD_SND_AUTH_MAPS, &var_smtpd_snd_auth_maps, 0, 0,
 	0,
     };
 

postfix/src/smtpd/smtpd_check.c

@@ -333,6 +333,11 @@ static MAPS *virtual_maps;
 static MAPS *virt_mailbox_maps;
 static MAPS *relocated_maps;
 
+ /*
+  * Pre-opened sender to login name mapping.
+  */
+static MAPS *smtpd_sender_login_maps;
+
  /*
   * Pre-opened access control lists.
   */
@@ -543,6 +548,13 @@ void    smtpd_check_init(void)
 
     access_parent_style = match_parent_style(SMTPD_ACCESS_MAPS);
 
+    /*
+     * Sender to login name mapping.
+     */
+    smtpd_sender_login_maps = maps_create(VAR_SMTPD_SND_AUTH_MAPS,
+					       var_smtpd_snd_auth_maps,
+					       DICT_FLAG_LOCK);
+
     /*
      * error_text is used for returning error responses.
      */
@@ -1822,6 +1834,40 @@ static int reject_maps_rbl(SMTPD_STATE *state)
     return (result);
 }
 
+/* reject_sender_login_mismatch - reject login/sender ownership mismatch */
+
+static int reject_sender_login_mismatch(SMTPD_STATE *state, const char *sender)
+{
+    const RESOLVE_REPLY *reply;
+    const char *login = 0;
+    const char *owner = 0;
+
+    /*
+     * If the sender address is owned by a login name, or if the client has
+     * logged in, then require that the client is logged in as the owner of
+     * the sender address.
+     */
+    reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, sender);
+    owner = check_maps_find(state, sender, smtpd_sender_login_maps,
+			    STR(reply->recipient), 0);
+#ifdef USE_SASL_AUTH
+    if (var_smtpd_sasl_enable && state->sasl_username != 0)
+	login = state->sasl_username;
+#endif
+    if (login) {
+	if (owner == 0 || strcasecmp(login, owner) != 0)
+	    return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
+	      "553 <%s>: Sender address rejected: not owned by username %s",
+				       sender, login));
+    } else {
+	if (owner)
+	    return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
+		"553 <%s>: Sender address rejected: not logged in as owner",
+				       sender));
+    }
+    return (SMTPD_CHECK_DUNNO);
+}
+
 /* is_map_command - restriction has form: check_xxx_access type:name */
 
 static int is_map_command(SMTPD_STATE *state, const char *name,
@@ -1985,6 +2031,9 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
 	    if (state->sender && *state->sender)
 		status = reject_non_fqdn_address(state, state->sender,
 					  state->sender, SMTPD_NAME_SENDER);
+	} else if (strcasecmp(name, REJECT_SENDER_LOGIN_MISMATCH) == 0) {
+	    if (state->sender && *state->sender)
+		status = reject_sender_login_mismatch(state, state->sender);
 	}
 
 	/*

postfix/src/util/sys_defs.h

@@ -304,6 +304,34 @@ extern int opterr;
   * AIX: a SYSV-flavored hybrid. NB: fcntl() and flock() access the same
   * underlying locking primitives.
   */
+#ifdef AIX5
+#define SUPPORTED
+#include <sys/types.h>
+#define MISSING_SETENV
+#define _PATH_BSHELL	"/bin/sh"
+#define _PATH_MAILDIR   "/var/spool/mail"	/* paths.h lies */
+#define _PATH_DEFPATH	"/usr/bin:/usr/ucb"
+#define _PATH_STDPATH	"/usr/bin:/usr/sbin:/usr/ucb"
+#define HAS_FCNTL_LOCK
+#define INTERNAL_LOCK	MYFLOCK_STYLE_FCNTL
+#define DEF_MAILBOX_LOCK "fcntl, dotlock"
+#define USE_SYS_SELECT_H
+#define HAS_FSYNC
+#define HAS_DBM
+#define DEF_DB_TYPE	"dbm"
+#define ALIAS_DB_MAP	"dbm:/etc/aliases"
+#define HAS_NIS
+#define HAS_SA_LEN
+#define GETTIMEOFDAY(t)	gettimeofday(t,(struct timezone *) 0)
+#define RESOLVE_H_NEEDS_STDIO_H
+#define ROOT_PATH	"/bin:/usr/bin:/sbin:/usr/sbin:/usr/ucb"
+#define SOCKADDR_SIZE	size_t
+#define SOCKOPT_SIZE	size_t
+#define USE_STATVFS
+#define STATVFS_IN_SYS_STATVFS_H
+#define STRCASECMP_IN_STRINGS_H
+#endif
+
 #ifdef AIX4
 #define SUPPORTED
 #include <sys/types.h>