1 /*
2 * Copyright (c) 1998-2006, 2008, 2023, 2024 Proofpoint, Inc. and its suppliers.
3 * All rights reserved.
4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 * Copyright (c) 1988, 1993
6 * The Regents of the University of California. All rights reserved.
7 *
8 * By using this file, you agree to the terms and conditions set
9 * forth in the LICENSE file which can be found at the top level of
10 * the sendmail distribution.
11 *
12 */
13
14 #include <sendmail.h>
15
16 SM_RCSID("@(#)$Id: collect.c,v 8.287 2013-11-22 20:51:55 ca Exp $")
17
18 #include <sm/sendmail.h>
19
20 static void eatfrom __P((char *volatile, ENVELOPE *));
21 static void collect_doheader __P((ENVELOPE *));
22 static SM_FILE_T *collect_dfopen __P((ENVELOPE *));
23 static SM_FILE_T *collect_eoh __P((ENVELOPE *, int, int));
24
25 /*
26 ** COLLECT_EOH -- end-of-header processing in collect()
27 **
28 ** Called by collect() when it encounters the blank line
29 ** separating the header from the message body, or when it
30 ** encounters EOF in a message that contains only a header.
31 **
32 ** Parameters:
33 ** e -- envelope
34 ** numhdrs -- number of headers
35 ** hdrslen -- length of headers
36 **
37 ** Returns:
38 ** NULL, or handle to open data file
39 **
40 ** Side Effects:
41 ** end-of-header check ruleset is invoked.
42 ** envelope state is updated.
43 ** headers may be added and deleted.
44 ** selects the queue.
45 ** opens the data file.
46 */
47
48 static SM_FILE_T *
collect_eoh(e,numhdrs,hdrslen)49 collect_eoh(e, numhdrs, hdrslen)
50 ENVELOPE *e;
51 int numhdrs;
52 int hdrslen;
53 {
54 char hnum[16];
55 char hsize[16];
56
57 /* call the end-of-header check ruleset */
58 (void) sm_snprintf(hnum, sizeof(hnum), "%d", numhdrs);
59 (void) sm_snprintf(hsize, sizeof(hsize), "%d", hdrslen);
60 if (tTd(30, 10))
61 sm_dprintf("collect: rscheck(\"check_eoh\", \"%s $| %s\")\n",
62 hnum, hsize);
63 (void) rscheck("check_eoh", hnum, hsize, e, RSF_UNSTRUCTURED|RSF_COUNT,
64 3, NULL, e->e_id, NULL, NULL);
65
66 /*
67 ** Process the header,
68 ** select the queue, open the data file.
69 */
70
71 collect_doheader(e);
72 return collect_dfopen(e);
73 }
74
75 /*
76 ** COLLECT_DOHEADER -- process header in collect()
77 **
78 ** Called by collect() after it has finished parsing the header,
79 ** but before it selects the queue and creates the data file.
80 ** The results of processing the header will affect queue selection.
81 **
82 ** Parameters:
83 ** e -- envelope
84 **
85 ** Returns:
86 ** none.
87 **
88 ** Side Effects:
89 ** envelope state is updated.
90 ** headers may be added and deleted.
91 */
92
93 static void
collect_doheader(e)94 collect_doheader(e)
95 ENVELOPE *e;
96 {
97 /*
98 ** Find out some information from the headers.
99 ** Examples are who is the from person & the date.
100 */
101
102 eatheader(e, true, false);
103
104 if (GrabTo && e->e_sendqueue == NULL)
105 usrerr("No recipient addresses found in header");
106
107 /*
108 ** If we have a Return-Receipt-To:, turn it into a DSN.
109 */
110
111 if (RrtImpliesDsn && hvalue("return-receipt-to", e->e_header) != NULL)
112 {
113 ADDRESS *q;
114
115 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
116 if (!bitset(QHASNOTIFY, q->q_flags))
117 q->q_flags |= QHASNOTIFY|QPINGONSUCCESS;
118 }
119
120 /*
121 ** Add an appropriate recipient line if we have none.
122 */
123
124 if (hvalue("to", e->e_header) != NULL ||
125 hvalue("cc", e->e_header) != NULL ||
126 hvalue("apparently-to", e->e_header) != NULL)
127 {
128 /* have a valid recipient header -- delete Bcc: headers */
129 e->e_flags |= EF_DELETE_BCC;
130 }
131 else if (hvalue("bcc", e->e_header) == NULL)
132 {
133 /* no valid recipient headers */
134 register ADDRESS *q;
135 char *hdr = NULL;
136
137 /* create a recipient field */
138 switch (NoRecipientAction)
139 {
140 case NRA_ADD_APPARENTLY_TO:
141 hdr = "Apparently-To";
142 break;
143
144 case NRA_ADD_TO:
145 hdr = "To";
146 break;
147
148 case NRA_ADD_BCC:
149 addheader("Bcc", " ", 0, e, true);
150 break;
151
152 case NRA_ADD_TO_UNDISCLOSED:
153 addheader("To", "undisclosed-recipients:;", 0, e, true);
154 break;
155 }
156
157 if (hdr != NULL)
158 {
159 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
160 {
161 if (q->q_alias != NULL)
162 continue;
163 if (tTd(30, 3))
164 sm_dprintf("Adding %s: %s\n",
165 hdr, q->q_paddr);
166 addheader(hdr, q->q_paddr, 0, e, true);
167 }
168 }
169 }
170 }
171
172 /*
173 ** COLLECT_DFOPEN -- open the message data file
174 **
175 ** Called by collect() after it has finished processing the header.
176 ** Queue selection occurs at this point, possibly based on the
177 ** envelope's recipient list and on header information.
178 **
179 ** Parameters:
180 ** e -- envelope
181 **
182 ** Returns:
183 ** NULL, or a pointer to an open data file,
184 ** into which the message body will be written by collect().
185 **
186 ** Side Effects:
187 ** Calls syserr, sets EF_FATALERRS and returns NULL
188 ** if there is insufficient disk space.
189 ** Aborts process if data file could not be opened.
190 ** Otherwise, the queue is selected,
191 ** e->e_{dfino,dfdev,msgsize,flags} are updated,
192 ** and a pointer to an open data file is returned.
193 */
194
195 static SM_FILE_T *
collect_dfopen(e)196 collect_dfopen(e)
197 ENVELOPE *e;
198 {
199 MODE_T oldumask = 0;
200 int dfd;
201 struct stat stbuf;
202 SM_FILE_T *df;
203 char *dfname;
204
205 if (!setnewqueue(e))
206 return NULL;
207
208 dfname = queuename(e, DATAFL_LETTER);
209 if (bitset(S_IWGRP, QueueFileMode))
210 oldumask = umask(002);
211 df = bfopen(dfname, QueueFileMode, DataFileBufferSize,
212 SFF_OPENASROOT);
213 if (bitset(S_IWGRP, QueueFileMode))
214 (void) umask(oldumask);
215 if (df == NULL)
216 {
217 syserr("@Cannot create %s", dfname);
218 e->e_flags |= EF_NO_BODY_RETN;
219 flush_errors(true);
220 finis(false, true, ExitStat);
221 /* NOTREACHED */
222 }
223 dfd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL);
224 if (dfd < 0 || fstat(dfd, &stbuf) < 0)
225 e->e_dfino = -1;
226 else
227 {
228 e->e_dfdev = stbuf.st_dev;
229 e->e_dfino = stbuf.st_ino;
230 }
231 e->e_flags |= EF_HAS_DF;
232 return df;
233 }
234
235 /*
236 ** INCBUFLEN -- increase buflen for the header buffer in collect()
237 **
238 ** Parameters:
239 ** buflen -- current size of buffer
240 **
241 ** Returns:
242 ** new buflen
243 */
244
245 static int incbuflen __P((int));
246 static int
incbuflen(buflen)247 incbuflen(buflen)
248 int buflen;
249 {
250 int newlen;
251
252 /* this also handles the case of MaxMessageSize == 0 */
253 if (MaxMessageSize <= MEMCHUNKSIZE)
254 {
255 if (buflen < MEMCHUNKSIZE)
256 return buflen * 2;
257 else
258 return buflen + MEMCHUNKSIZE;
259 }
260
261 /* MaxMessageSize > MEMCHUNKSIZE */
262 newlen = buflen * 2;
263 if (newlen > 0 && newlen < MaxMessageSize)
264 return newlen;
265 else
266 return MaxMessageSize;
267 }
268
269 #if _FFR_TESTS
270 /* just for testing/debug output */
271 static const char *
makeprint(c)272 makeprint(c)
273 char c;
274 {
275 static char prt[6];
276
277 prt[1] = '\0';
278 prt[2] = '\0';
279 if (isprint((unsigned char)c))
280 prt[0] = c;
281 else if ('\n' == c)
282 {
283 prt[0] = 'L';
284 prt[1] = 'F';
285 }
286 else if ('\r' == c)
287 {
288 prt[0] = 'C';
289 prt[1] = 'R';
290 }
291 else
292 snprintf(prt, sizeof(prt), "%o", c);
293 return prt;
294 }
295 #else /* _FFR_TESTS */
296 # define makeprint(c) "X"
297 #endif /* _FFR_TESTS */
298
299 /*
300 ** COLLECT -- read & parse message header & make temp file.
301 **
302 ** Creates a temporary file name and copies the standard
303 ** input to that file. Leading UNIX-style "From" lines are
304 ** stripped off (after important information is extracted).
305 **
306 ** Parameters:
307 ** fp -- file to read.
308 ** smtpmode -- if >= SMTPMODE_LAX we are running SMTP:
309 ** give an RFC821 style message to say we are
310 ** ready to collect input, and never ignore
311 ** a single dot to mean end of message.
312 ** hdrp -- the location to stash the header.
313 ** e -- the current envelope.
314 ** rsetsize -- reset e_msgsize?
315 **
316 ** Returns:
317 ** none.
318 **
319 ** Side Effects:
320 ** If successful,
321 ** - Data file is created and filled, and e->e_dfp is set.
322 ** - The from person may be set.
323 ** If the "enough disk space" check fails,
324 ** - syserr is called.
325 ** - e->e_dfp is NULL.
326 ** - e->e_flags & EF_FATALERRS is set.
327 ** - collect() returns.
328 ** If data file cannot be created, the process is terminated.
329 */
330
331 /* values for input state machine */
332 #define IS_NORM 0 /* middle of line */
333 #define IS_BOL 1 /* beginning of line */
334 #define IS_DOT 2 /* read "." at beginning of line */
335 #define IS_DOTCR 3 /* read ".\r" at beginning of line */
336 #define IS_CR 4 /* read "\r" */
337
338 /* hack to enhance readability of debug output */
339 static const char *istates[] = { "NORM", "BOL", "DOT", "DOTCR", "CR" };
340 #define ISTATE istates[istate]
341
342 /* values for message state machine */
343 #define MS_UFROM 0 /* reading Unix from line */
344 #define MS_HEADER 1 /* reading message header */
345 #define MS_BODY 2 /* reading message body */
346 #define MS_DISCARD 3 /* discarding rest of message */
347 #define BARE_LF_MSG "Bare linefeed (LF) not allowed"
348 #define BARE_CR_MSG "Bare carriage return (CR) not allowed"
349
350 void
collect(fp,smtpmode,hdrp,e,rsetsize)351 collect(fp, smtpmode, hdrp, e, rsetsize)
352 SM_FILE_T *fp;
353 int smtpmode;
354 HDR **hdrp;
355 register ENVELOPE *e;
356 bool rsetsize;
357 {
358 register SM_FILE_T *df;
359 bool ignrdot;
360 int dbto;
361 register char *bp;
362 int c;
363 bool inputerr;
364 bool headeronly;
365 char *buf;
366 int buflen;
367 int istate;
368 int mstate;
369 int hdrslen;
370 int numhdrs;
371 int afd;
372 int old_rd_tmo;
373 unsigned char *pbp;
374 unsigned char peekbuf[8];
375 char bufbuf[MAXLINE];
376 #if _FFR_REJECT_NUL_BYTE
377 bool hasNUL; /* has at least one NUL input byte */
378 #endif
379 int bare_lf, bare_cr;
380
381 #define SMTPMODE (smtpmode >= SMTPMODE_LAX)
382 #define SMTPMODE_STRICT ((smtpmode & SMTPMODE_CRLF) != 0)
383 #define BARE_LF_421 ((smtpmode & SMTPMODE_LF_421) != 0)
384 #define BARE_CR_421 ((smtpmode & SMTPMODE_CR_421) != 0)
385 #define BARE_LF_SP ((smtpmode & SMTPMODE_LF_SP) != 0)
386 #define BARE_CR_SP ((smtpmode & SMTPMODE_CR_SP) != 0)
387
388 /* for bare_{lf,cr} */
389 #define BARE_IN_HDR 0x01
390 #define BARE_IN_BDY 0x02
391 #define BARE_WHERE ((MS_BODY == mstate) ? BARE_IN_BDY : BARE_IN_HDR)
392
393 df = NULL;
394 ignrdot = SMTPMODE ? false : IgnrDot;
395 bare_lf = bare_cr = 0;
396
397 /* timeout for I/O functions is in milliseconds */
398 dbto = SMTPMODE ? ((int) TimeOuts.to_datablock * 1000)
399 : SM_TIME_FOREVER;
400 sm_io_setinfo(fp, SM_IO_WHAT_TIMEOUT, &dbto);
401 old_rd_tmo = set_tls_rd_tmo(TimeOuts.to_datablock);
402 c = SM_IO_EOF;
403 inputerr = false;
404 headeronly = hdrp != NULL;
405 hdrslen = 0;
406 numhdrs = 0;
407 HasEightBits = false;
408 #if _FFR_REJECT_NUL_BYTE
409 hasNUL = false;
410 #endif
411 buf = bp = bufbuf;
412 buflen = sizeof(bufbuf);
413 pbp = peekbuf;
414 istate = IS_BOL;
415 mstate = SaveFrom ? MS_HEADER : MS_UFROM;
416
417 /*
418 ** Tell ARPANET to go ahead.
419 */
420
421 if (SMTPMODE)
422 message("354 End data with <CR><LF>.<CR><LF>");
423
424 /* simulate an I/O timeout when used as sink */
425 if (tTd(83, 101))
426 sleep(319);
427
428 if (tTd(30, 2))
429 sm_dprintf("collect, smtpmode=%#x\n", smtpmode);
430
431 /*
432 ** Read the message.
433 **
434 ** This is done using two interleaved state machines.
435 ** The input state machine is looking for things like
436 ** hidden dots; the message state machine is handling
437 ** the larger picture (e.g., header versus body).
438 */
439
440 if (rsetsize)
441 e->e_msgsize = 0;
442 for (;;)
443 {
444 if (tTd(30, 35))
445 sm_dprintf("top, istate=%s, mstate=%d\n", ISTATE,
446 mstate);
447 for (;;)
448 {
449 if (pbp > peekbuf)
450 c = *--pbp;
451 else
452 {
453 while (!sm_io_eof(fp) && !sm_io_error(fp))
454 {
455 errno = 0;
456 c = sm_io_getc(fp, SM_TIME_DEFAULT);
457 if (c == SM_IO_EOF && errno == EINTR)
458 {
459 /* Interrupted, retry */
460 sm_io_clearerr(fp);
461 continue;
462 }
463
464 /* timeout? */
465 if (c == SM_IO_EOF && errno == EAGAIN
466 && SMTPMODE)
467 {
468 /*
469 ** Override e_message in
470 ** usrerr() as this is the
471 ** reason for failure that
472 ** should be logged for
473 ** undelivered recipients.
474 */
475
476 e->e_message = NULL;
477 errno = 0;
478 inputerr = true;
479 goto readabort;
480 }
481 break;
482 }
483 if (TrafficLogFile != NULL && !headeronly)
484 {
485 if (istate == IS_BOL)
486 (void) sm_io_fprintf(TrafficLogFile,
487 SM_TIME_DEFAULT,
488 "%05d <<< ",
489 (int) CurrentPid);
490 if (c == SM_IO_EOF)
491 (void) sm_io_fprintf(TrafficLogFile,
492 SM_TIME_DEFAULT,
493 "[EOF]\n");
494 else
495 (void) sm_io_putc(TrafficLogFile,
496 SM_TIME_DEFAULT,
497 c);
498 }
499 #if _FFR_REJECT_NUL_BYTE
500 if (c == '\0')
501 hasNUL = true;
502 #endif
503 if (c == SM_IO_EOF)
504 goto readdone;
505 if (SevenBitInput ||
506 bitset(EF_7BITBODY, e->e_flags))
507 c &= 0x7f;
508 else
509 HasEightBits |= bitset(0x80, c);
510 }
511 if (tTd(30, 94))
512 sm_dprintf("istate=%s, c=%s (0x%x)\n",
513 ISTATE, makeprint((char) c), c);
514 if ('\n' == c && SMTPMODE &&
515 !(IS_CR == istate || IS_DOTCR == istate))
516 {
517 bare_lf |= BARE_WHERE;
518 if (BARE_LF_421)
519 {
520 inputerr = true;
521 goto readabort;
522 }
523 if (BARE_LF_SP)
524 {
525 if (TTD(30, 64))
526 sm_dprintf("LF: c=%s %#x\n", makeprint((char) c), c);
527 c = ' ';
528 }
529 }
530 switch (istate)
531 {
532 case IS_BOL:
533 if (c == '.')
534 {
535 istate = IS_DOT;
536 continue;
537 }
538 break;
539
540 case IS_DOT:
541 if (c == '\n' && !ignrdot && !SMTPMODE_STRICT)
542 goto readdone;
543 else if (c == '\r')
544 {
545 istate = IS_DOTCR;
546 continue;
547 }
548 else if (ignrdot ||
549 (c != '.' &&
550 OpMode != MD_SMTP &&
551 OpMode != MD_DAEMON &&
552 OpMode != MD_ARPAFTP))
553
554 {
555 SM_ASSERT(pbp < peekbuf +
556 sizeof(peekbuf));
557 *pbp++ = c;
558 c = '.';
559 }
560 break;
561
562 case IS_DOTCR:
563 if (c == '\n' && !ignrdot)
564 goto readdone;
565 else
566 {
567 /* push back the ".\rx" */
568 SM_ASSERT(pbp < peekbuf +
569 sizeof(peekbuf));
570 *pbp++ = c;
571 if (OpMode != MD_SMTP &&
572 OpMode != MD_DAEMON &&
573 OpMode != MD_ARPAFTP)
574 {
575 SM_ASSERT(pbp < peekbuf +
576 sizeof(peekbuf));
577 *pbp++ = '\r';
578 c = '.';
579 }
580 else
581 c = '\r';
582 }
583 break;
584
585 case IS_CR:
586 if (c == '\n')
587 {
588 if (TTD(30, 64))
589 sm_dprintf("state=CR, c=%s %#x -> BOL\n", makeprint((char) c), c);
590 istate = IS_BOL;
591 }
592 else
593 {
594 if (TTD(30, 64))
595 sm_dprintf("state=CR, c=%s %#x -> NORM\n", makeprint((char) c), c);
596 if (SMTPMODE)
597 {
598 bare_cr |= BARE_WHERE;
599 if (BARE_CR_421)
600 {
601 inputerr = true;
602 goto readabort;
603 }
604 }
605 (void) sm_io_ungetc(fp, SM_TIME_DEFAULT,
606 c);
607 if (BARE_CR_SP)
608 c = ' ';
609 else
610 c = '\r';
611 istate = IS_NORM;
612 }
613 goto bufferchar;
614 }
615
616 if (c == '\r')
617 {
618 istate = IS_CR;
619 continue;
620 }
621 else if (c == '\n' && !SMTPMODE_STRICT)
622 istate = IS_BOL;
623 else
624 istate = IS_NORM;
625
626 bufferchar:
627 if (!headeronly)
628 {
629 /* no overflow? */
630 if (e->e_msgsize >= 0)
631 {
632 e->e_msgsize++;
633 if (MaxMessageSize > 0 &&
634 !bitset(EF_TOOBIG, e->e_flags) &&
635 e->e_msgsize > MaxMessageSize)
636 e->e_flags |= EF_TOOBIG;
637 }
638 }
639 switch (mstate)
640 {
641 case MS_BODY:
642 /* just put the character out */
643 if (!bitset(EF_TOOBIG, e->e_flags))
644 (void) sm_io_putc(df, SM_TIME_DEFAULT,
645 c);
646 if (TTD(30, 64))
647 sm_dprintf("state=%s, put=%s %#x\n", ISTATE, makeprint((char) c), c);
648 /* FALLTHROUGH */
649
650 case MS_DISCARD:
651 continue;
652 }
653
654 SM_ASSERT(mstate == MS_UFROM || mstate == MS_HEADER);
655
656 /* header -- buffer up */
657 if (bp >= &buf[buflen - 2])
658 {
659 char *obuf;
660
661 /* out of space for header */
662 obuf = buf;
663 buflen = incbuflen(buflen);
664 if (tTd(30, 32))
665 sm_dprintf("buflen=%d, hdrslen=%d\n", buflen, hdrslen);
666 if (buflen <= 0)
667 {
668 sm_syslog(LOG_NOTICE, e->e_id,
669 "header overflow from %s during message collect",
670 CURHOSTNAME);
671 errno = 0;
672 e->e_flags |= EF_CLRQUEUE;
673 e->e_status = "5.6.0";
674 usrerrenh(e->e_status,
675 "552 Headers too large");
676 goto discard;
677 }
678 buf = xalloc(buflen);
679 memmove(buf, obuf, bp - obuf);
680 bp = &buf[bp - obuf];
681 if (obuf != bufbuf)
682 sm_free(obuf); /* XXX */
683 }
684
685 if (c != '\0')
686 {
687 *bp++ = c;
688 ++hdrslen;
689 if (!headeronly &&
690 MaxHeadersLength > 0 &&
691 hdrslen > MaxHeadersLength)
692 {
693 sm_syslog(LOG_NOTICE, e->e_id,
694 "headers too large (%d max) from %s during message collect",
695 MaxHeadersLength,
696 CURHOSTNAME);
697 errno = 0;
698 e->e_flags |= EF_CLRQUEUE;
699 e->e_status = "5.6.0";
700 usrerrenh(e->e_status,
701 "552 Headers too large (%d max)",
702 MaxHeadersLength);
703 discard:
704 mstate = MS_DISCARD;
705 }
706 }
707 if (istate == IS_BOL)
708 break;
709 }
710 *bp = '\0';
711
712 nextstate:
713 if (tTd(30, 35))
714 sm_dprintf("nextstate, istate=%s, mstate=%d, line=\"%s\"\n",
715 ISTATE, mstate, buf);
716 switch (mstate)
717 {
718 case MS_UFROM:
719 mstate = MS_HEADER;
720 #ifndef NOTUNIX
721 if (strncmp(buf, "From ", 5) == 0)
722 {
723 bp = buf;
724 eatfrom(buf, e);
725 continue;
726 }
727 #endif /* ! NOTUNIX */
728 /* FALLTHROUGH */
729
730 case MS_HEADER:
731 if (!isheader(buf))
732 {
733 mstate = MS_BODY;
734 goto nextstate;
735 }
736
737 /* check for possible continuation line */
738 do
739 {
740 sm_io_clearerr(fp);
741 errno = 0;
742 c = sm_io_getc(fp, SM_TIME_DEFAULT);
743
744 /* timeout? */
745 if (c == SM_IO_EOF && errno == EAGAIN
746 && SMTPMODE)
747 {
748 /*
749 ** Override e_message in
750 ** usrerr() as this is the
751 ** reason for failure that
752 ** should be logged for
753 ** undelivered recipients.
754 */
755
756 e->e_message = NULL;
757 errno = 0;
758 inputerr = true;
759 goto readabort;
760 }
761 } while (c == SM_IO_EOF && errno == EINTR);
762 if (c != SM_IO_EOF)
763 (void) sm_io_ungetc(fp, SM_TIME_DEFAULT, c);
764 if (c == ' ' || c == '\t')
765 {
766 /* yep -- defer this */
767 continue;
768 }
769
770 SM_ASSERT(bp > buf);
771
772 /* guaranteed by isheader(buf) */
773 SM_ASSERT(*(bp - 1) != '\n' || bp > buf + 1);
774
775 /* trim off trailing CRLF or LF */
776 if (*--bp != '\n' || *--bp != '\r')
777 bp++;
778 *bp = '\0';
779
780 if (bitset(H_EOH, chompheader(buf,
781 CHHDR_CHECK | CHHDR_USER,
782 hdrp, e)))
783 {
784 mstate = MS_BODY;
785 goto nextstate;
786 }
787 numhdrs++;
788 break;
789
790 case MS_BODY:
791 if (tTd(30, 1))
792 sm_dprintf("EOH\n");
793
794 if (headeronly)
795 goto readdone;
796
797 df = collect_eoh(e, numhdrs, hdrslen);
798 if (df == NULL)
799 e->e_flags |= EF_TOOBIG;
800
801 bp = buf;
802
803 /* toss blank line */
804 if ((bp[0] == '\r' && bp[1] == '\n') ||
805 (bp[0] == '\n'))
806 {
807 break;
808 }
809
810 /* if not a blank separator, write it out */
811 if (!bitset(EF_TOOBIG, e->e_flags))
812 {
813 while (*bp != '\0')
814 (void) sm_io_putc(df, SM_TIME_DEFAULT,
815 *bp++);
816 }
817 break;
818 }
819 bp = buf;
820 }
821
822 readdone:
823 if ((sm_io_eof(fp) && SMTPMODE) || sm_io_error(fp))
824 {
825 const char *errmsg;
826
827 if (sm_io_eof(fp))
828 errmsg = "unexpected close";
829 else
830 errmsg = sm_errstring(errno);
831 if (tTd(30, 1))
832 sm_dprintf("collect: premature EOM: %s\n", errmsg);
833 if (LogLevel > 1)
834 sm_syslog(LOG_WARNING, e->e_id,
835 "collect: premature EOM: %s", errmsg);
836 inputerr = true;
837 }
838
839 if (headeronly)
840 goto end;
841
842 if (mstate != MS_BODY)
843 {
844 /* no body or discard, so we never opened the data file */
845 SM_ASSERT(df == NULL);
846 df = collect_eoh(e, numhdrs, hdrslen);
847 }
848
849 if (df == NULL)
850 {
851 /* skip next few clauses */
852 /* EMPTY */
853 }
854 else if (sm_io_flush(df, SM_TIME_DEFAULT) != 0 || sm_io_error(df))
855 {
856 dferror(df, "sm_io_flush||sm_io_error", e);
857 flush_errors(true);
858 finis(true, true, ExitStat);
859 /* NOTREACHED */
860 }
861 else if (SuperSafe == SAFE_NO ||
862 SuperSafe == SAFE_INTERACTIVE ||
863 (SuperSafe == SAFE_REALLY_POSTMILTER && SMTPMODE))
864 {
865 /* skip next few clauses */
866 /* EMPTY */
867 /* Note: updfs() is not called in this case! */
868 }
869 else if (sm_io_setinfo(df, SM_BF_COMMIT, NULL) < 0 && errno != EINVAL)
870 {
871 int save_errno = errno;
872
873 if (save_errno == EEXIST)
874 {
875 char *dfile;
876 struct stat st;
877 int dfd;
878
879 dfile = queuename(e, DATAFL_LETTER);
880 if (stat(dfile, &st) < 0)
881 st.st_size = -1;
882 errno = EEXIST;
883 syserr("@collect: bfcommit(%s): already on disk, size=%ld",
884 dfile, (long) st.st_size);
885 dfd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL);
886 if (dfd >= 0)
887 dumpfd(dfd, true, true);
888 }
889 errno = save_errno;
890 dferror(df, "bfcommit", e);
891 flush_errors(true);
892 finis(save_errno != EEXIST, true, ExitStat);
893 }
894 else if ((afd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL)) < 0)
895 {
896 dferror(df, "sm_io_getinfo", e);
897 flush_errors(true);
898 finis(true, true, ExitStat);
899 /* NOTREACHED */
900 }
901 else if (fsync(afd) < 0)
902 {
903 dferror(df, "fsync", e);
904 flush_errors(true);
905 finis(true, true, ExitStat);
906 /* NOTREACHED */
907 }
908 else if (sm_io_close(df, SM_TIME_DEFAULT) < 0)
909 {
910 dferror(df, "sm_io_close", e);
911 flush_errors(true);
912 finis(true, true, ExitStat);
913 /* NOTREACHED */
914 }
915 else
916 {
917 /* everything is happily flushed to disk */
918 df = NULL;
919
920 /* remove from available space in filesystem */
921 updfs(e, 0, 1, "collect");
922 }
923
924 /* An EOF when running SMTP is an error */
925 readabort:
926 if (inputerr && (OpMode == MD_SMTP || OpMode == MD_DAEMON))
927 {
928 char *problem;
929 ADDRESS *q;
930
931 if (sm_io_eof(fp))
932 problem = "unexpected close";
933 else if (sm_io_error(fp))
934 problem = "I/O error";
935 else if (0 != bare_lf)
936 problem = BARE_LF_MSG;
937 else if (0 != bare_cr)
938 problem = BARE_CR_MSG;
939 else
940 problem = "read timeout";
941
942 #define LOG_CLT ((NULL != RealHostName) ? RealHostName: "localhost")
943 #define CONN_ERR_TXT "collect: relay=%s, from=%s, info=%s%s%s%s"
944 #define CONN_ERR_CODE "421 4.4.1 "
945 #define CONN_LOG_FROM shortenstring(e->e_from.q_paddr, MAXSHORTSTR)
946 #define CONN_ERR_BARE (0 != bare_lf) ? BARE_LF_MSG : ((0 != bare_cr) ? BARE_CR_MSG : "")
947 #define CONN_ERR_WHERE(bare_xy) (BARE_IN_HDR==(bare_xy) ? "header" : \
948 (BARE_IN_BDY==(bare_xy) ? "body" : "header+body"))
949
950 #define HAS_BARE_XY (0 != (bare_lf | bare_cr))
951 #define CONN_ERR_ARGS LOG_CLT, CONN_LOG_FROM, problem, \
952 HAS_BARE_XY ? ", where=" : "", \
953 HAS_BARE_XY ? CONN_ERR_WHERE(bare_lf|bare_cr) : "", \
954 HAS_BARE_XY ? ", status=tempfail" : ""
955
956 if (LogLevel > 0 && (sm_io_eof(fp) || (0 != (bare_lf | bare_cr))))
957 sm_syslog(LOG_NOTICE, e->e_id,
958 CONN_ERR_TXT, CONN_ERR_ARGS);
959 if (0 != (bare_lf | bare_cr))
960 usrerr("421 4.5.0 %s", CONN_ERR_BARE);
961 else if (sm_io_eof(fp))
962 usrerr(CONN_ERR_CODE CONN_ERR_TXT, CONN_ERR_ARGS);
963 else
964 syserr(CONN_ERR_CODE CONN_ERR_TXT, CONN_ERR_ARGS);
965 flush_errors(true);
966
967 /* don't return an error indication */
968 e->e_to = NULL;
969 e->e_flags &= ~EF_FATALERRS;
970 e->e_flags |= EF_CLRQUEUE;
971
972 /* Don't send any message notification to sender */
973 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
974 {
975 if (QS_IS_DEAD(q->q_state))
976 continue;
977 q->q_state = QS_FATALERR;
978 }
979
980 SM_CLOSE_FP(df);
981 finis(true, true, ExitStat);
982 /* NOTREACHED */
983 }
984
985 /* Log collection information. */
986 if (tTd(92, 2))
987 sm_dprintf("collect: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n",
988 e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel);
989 if (bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4)
990 {
991 logsender(e, e->e_msgid);
992 e->e_flags &= ~EF_LOGSENDER;
993 }
994
995 #define LOG_BARE_XY(bare_xy, bare_xy_sp, bare_xy_msg) \
996 do \
997 { \
998 if ((0 != bare_xy) && LogLevel > 8) \
999 sm_syslog(LOG_NOTICE, e->e_id, \
1000 "collect: relay=%s, from=%s, info=%s, where=%s%s" \
1001 , LOG_CLT, CONN_LOG_FROM, bare_xy_msg \
1002 , CONN_ERR_WHERE(bare_xy) \
1003 , bare_xy_sp ? ", status=replaced" : "" \
1004 ); \
1005 } while (0)
1006
1007 LOG_BARE_XY(bare_lf, BARE_LF_SP, BARE_LF_MSG);
1008 LOG_BARE_XY(bare_cr, BARE_CR_SP, BARE_CR_MSG);
1009
1010 /* check for message too large */
1011 if (bitset(EF_TOOBIG, e->e_flags))
1012 {
1013 e->e_flags |= EF_NO_BODY_RETN|EF_CLRQUEUE;
1014 if (!bitset(EF_FATALERRS, e->e_flags))
1015 {
1016 e->e_status = "5.2.3";
1017 usrerrenh(e->e_status,
1018 "552 Message exceeds maximum fixed size (%ld)",
1019 MaxMessageSize);
1020 if (LogLevel > 6)
1021 sm_syslog(LOG_NOTICE, e->e_id,
1022 "message size (%ld) exceeds maximum (%ld)",
1023 PRT_NONNEGL(e->e_msgsize),
1024 MaxMessageSize);
1025 }
1026 }
1027
1028 /* check for illegal 8-bit data */
1029 if (HasEightBits)
1030 {
1031 e->e_flags |= EF_HAS8BIT;
1032 if (!bitset(MM_PASS8BIT|MM_MIME8BIT, MimeMode) &&
1033 !bitset(EF_IS_MIME, e->e_flags))
1034 {
1035 e->e_status = "5.6.1";
1036 usrerrenh(e->e_status, "554 Eight bit data not allowed");
1037 }
1038 }
1039 else
1040 {
1041 /* if it claimed to be 8 bits, well, it lied.... */
1042 if (e->e_bodytype != NULL &&
1043 SM_STRCASEEQ(e->e_bodytype, "8bitmime"))
1044 e->e_bodytype = "7BIT";
1045 }
1046
1047 #if _FFR_REJECT_NUL_BYTE
1048 if (hasNUL && RejectNUL)
1049 {
1050 e->e_status = "5.6.1";
1051 usrerrenh(e->e_status, "554 NUL byte not allowed");
1052 }
1053 #endif /* _FFR_REJECT_NUL_BYTE */
1054
1055 if (SuperSafe == SAFE_REALLY && !bitset(EF_FATALERRS, e->e_flags))
1056 {
1057 char *dfname = queuename(e, DATAFL_LETTER);
1058 if ((e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, dfname,
1059 SM_IO_RDONLY_B, NULL)) == NULL)
1060 {
1061 /* we haven't acked receipt yet, so just chuck this */
1062 syserr("@Cannot reopen %s", dfname);
1063 finis(true, true, ExitStat);
1064 /* NOTREACHED */
1065 }
1066 }
1067 else
1068 e->e_dfp = df;
1069
1070 /* collect statistics */
1071 if (OpMode != MD_VERIFY)
1072 {
1073 /*
1074 ** Recalculate e_msgpriority, it is done at in eatheader()
1075 ** which is called (in 8.12) after the header is collected,
1076 ** hence e_msgsize is (most likely) incorrect.
1077 */
1078
1079 e->e_msgpriority = e->e_msgsize
1080 - e->e_class * WkClassFact
1081 + e->e_nrcpts * WkRecipFact;
1082 markstats(e, (ADDRESS *) NULL, STATS_NORMAL);
1083 }
1084
1085 end:
1086 (void) set_tls_rd_tmo(old_rd_tmo);
1087 if (buf != bufbuf)
1088 SM_FREE(buf);
1089 }
1090
1091 /*
1092 ** DFERROR -- signal error on writing the data file.
1093 **
1094 ** Called by collect(). collect() always terminates the process
1095 ** immediately after calling dferror(), which means that the SMTP
1096 ** session will be terminated, which means that any error message
1097 ** issued by dferror must be a 421 error, as per RFC 821.
1098 **
1099 ** Parameters:
1100 ** df -- the file pointer for the data file.
1101 ** msg -- detailed message.
1102 ** e -- the current envelope.
1103 **
1104 ** Returns:
1105 ** none.
1106 **
1107 ** Side Effects:
1108 ** Gives an error message.
1109 ** Arranges for following output to go elsewhere.
1110 */
1111
1112 void
dferror(df,msg,e)1113 dferror(df, msg, e)
1114 SM_FILE_T *volatile df;
1115 char *msg;
1116 register ENVELOPE *e;
1117 {
1118 char *dfname;
1119
1120 dfname = queuename(e, DATAFL_LETTER);
1121 setstat(EX_IOERR);
1122 if (errno == ENOSPC)
1123 {
1124 #if STAT64 > 0
1125 struct stat64 st;
1126 #else
1127 struct stat st;
1128 #endif
1129 long avail;
1130 long bsize;
1131
1132 e->e_flags |= EF_NO_BODY_RETN;
1133
1134 if (
1135 #if STAT64 > 0
1136 fstat64(sm_io_getinfo(df, SM_IO_WHAT_FD, NULL), &st)
1137 #else
1138 fstat(sm_io_getinfo(df, SM_IO_WHAT_FD, NULL), &st)
1139 #endif
1140 < 0)
1141 st.st_size = 0;
1142 (void) sm_io_reopen(SmFtStdio, SM_TIME_DEFAULT, dfname,
1143 SM_IO_WRONLY_B, NULL, df);
1144 if (st.st_size <= 0)
1145 (void) sm_io_fprintf(df, SM_TIME_DEFAULT,
1146 "\n*** Mail could not be accepted");
1147 else
1148 (void) sm_io_fprintf(df, SM_TIME_DEFAULT,
1149 "\n*** Mail of at least %llu bytes could not be accepted\n",
1150 (ULONGLONG_T) st.st_size);
1151 (void) sm_io_fprintf(df, SM_TIME_DEFAULT,
1152 "*** at %s due to lack of disk space for temp file.\n",
1153 MyHostName);
1154 avail = freediskspace(qid_printqueue(e->e_qgrp, e->e_qdir),
1155 &bsize);
1156 if (avail > 0)
1157 {
1158 if (bsize > 1024)
1159 avail *= bsize / 1024;
1160 else if (bsize < 1024)
1161 avail /= 1024 / bsize;
1162 (void) sm_io_fprintf(df, SM_TIME_DEFAULT,
1163 "*** Currently, %ld kilobytes are available for mail temp files.\n",
1164 avail);
1165 }
1166 #if 0
1167 /* Wrong response code; should be 421. */
1168 e->e_status = "4.3.1";
1169 usrerrenh(e->e_status, "452 Out of disk space for temp file");
1170 #else /* 0 */
1171 syserr("421 4.3.1 Out of disk space for temp file");
1172 #endif /* 0 */
1173 }
1174 else
1175 syserr("421 4.3.0 collect: Cannot write %s (%s, uid=%ld, gid=%ld)",
1176 dfname, msg, (long) geteuid(), (long) getegid());
1177 if (sm_io_reopen(SmFtStdio, SM_TIME_DEFAULT, SM_PATH_DEVNULL,
1178 SM_IO_WRONLY, NULL, df) == NULL)
1179 sm_syslog(LOG_ERR, e->e_id,
1180 "dferror: sm_io_reopen(\"/dev/null\") failed: %s",
1181 sm_errstring(errno));
1182 }
1183 /*
1184 ** EATFROM -- chew up a UNIX style from line and process
1185 **
1186 ** This does indeed make some assumptions about the format
1187 ** of UNIX messages.
1188 **
1189 ** Parameters:
1190 ** fm -- the from line.
1191 ** e -- envelope
1192 **
1193 ** Returns:
1194 ** none.
1195 **
1196 ** Side Effects:
1197 ** extracts what information it can from the header,
1198 ** such as the date.
1199 */
1200
1201 #ifndef NOTUNIX
1202
1203 static char *DowList[] =
1204 {
1205 "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", NULL
1206 };
1207
1208 static char *MonthList[] =
1209 {
1210 "Jan", "Feb", "Mar", "Apr", "May", "Jun",
1211 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec",
1212 NULL
1213 };
1214
1215 static void
eatfrom(fm,e)1216 eatfrom(fm, e)
1217 char *volatile fm;
1218 register ENVELOPE *e;
1219 {
1220 register char *p;
1221 register char **dt;
1222
1223 if (tTd(30, 2))
1224 sm_dprintf("eatfrom(%s)\n", fm);
1225
1226 /* find the date part */
1227 p = fm;
1228 while (*p != '\0')
1229 {
1230 /* skip a word */
1231 while (*p != '\0' && *p != ' ')
1232 p++;
1233 while (*p == ' ')
1234 p++;
1235 if (strlen(p) < 17)
1236 {
1237 /* no room for the date */
1238 return;
1239 }
1240 if (!(isascii(*p) && isupper(*p)) ||
1241 p[3] != ' ' || p[13] != ':' || p[16] != ':')
1242 continue;
1243
1244 /* we have a possible date */
1245 for (dt = DowList; *dt != NULL; dt++)
1246 if (strncmp(*dt, p, 3) == 0)
1247 break;
1248 if (*dt == NULL)
1249 continue;
1250
1251 for (dt = MonthList; *dt != NULL; dt++)
1252 {
1253 if (strncmp(*dt, &p[4], 3) == 0)
1254 break;
1255 }
1256 if (*dt != NULL)
1257 break;
1258 }
1259
1260 if (*p != '\0')
1261 {
1262 char *q, buf[25];
1263
1264 /* we have found a date */
1265 (void) sm_strlcpy(buf, p, sizeof(buf));
1266 q = arpadate(buf);
1267 macdefine(&e->e_macro, A_TEMP, 'a', q);
1268 }
1269 }
1270 #endif /* ! NOTUNIX */
1271