Local delivery was moved to a separate process so
that chguid() can be called to drop privileges
during actual delivery. A new CHGUID
<string> option was added in the
configuration file so that the user to change to
can be specified ("%u" can be used for the user's
name). The "%" expansion code was moved to a
separate function to allow it to be used for this
purpose. Buffer overflow checking was added to
disable a potential exploit.
This release stops the virus checking code from running in a separate
process; this was causing early removal of the files (as the parent
process was completing before the child). The main server code has been
altered to fork() a new process for each SMTP connection, to prevent
virus scanning for one connection stalling another.