1 /* 2 * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers. 3 * All rights reserved. 4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. 5 * Copyright (c) 1988, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * By using this file, you agree to the terms and conditions set 9 * forth in the LICENSE file which can be found at the top level of 10 * the sendmail distribution. 11 * 12 */ 13 14 #include <sendmail.h> 15 #if MILTER 16 # include <libmilter/mfapi.h> 17 # include <libmilter/mfdef.h> 18 #endif /* MILTER */ 19 20 SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.989 2009/12/18 17:08:01 ca Exp $") 21 22 #include <sm/time.h> 23 #include <sm/fdset.h> 24 25 #if SASL || STARTTLS 26 # include "sfsasl.h" 27 #endif /* SASL || STARTTLS */ 28 #if SASL 29 # define ENC64LEN(l) (((l) + 2) * 4 / 3 + 1) 30 static int saslmechs __P((sasl_conn_t *, char **)); 31 #endif /* SASL */ 32 #if STARTTLS 33 # include <sysexits.h> 34 35 static SSL_CTX *srv_ctx = NULL; /* TLS server context */ 36 static SSL *srv_ssl = NULL; /* per connection context */ 37 38 static bool tls_ok_srv = false; 39 40 # define TLS_VERIFY_CLIENT() tls_set_verify(srv_ctx, srv_ssl, \ 41 bitset(SRV_VRFY_CLT, features)) 42 #endif /* STARTTLS */ 43 44 #if _FFR_DM_ONE 45 static bool NotFirstDelivery = false; 46 #endif /* _FFR_DM_ONE */ 47 48 /* server features */ 49 #define SRV_NONE 0x0000 /* none... */ 50 #define SRV_OFFER_TLS 0x0001 /* offer STARTTLS */ 51 #define SRV_VRFY_CLT 0x0002 /* request a cert */ 52 #define SRV_OFFER_AUTH 0x0004 /* offer AUTH */ 53 #define SRV_OFFER_ETRN 0x0008 /* offer ETRN */ 54 #define SRV_OFFER_VRFY 0x0010 /* offer VRFY (not yet used) */ 55 #define SRV_OFFER_EXPN 0x0020 /* offer EXPN */ 56 #define SRV_OFFER_VERB 0x0040 /* offer VERB */ 57 #define SRV_OFFER_DSN 0x0080 /* offer DSN */ 58 #if PIPELINING 59 # define SRV_OFFER_PIPE 0x0100 /* offer PIPELINING */ 60 # if _FFR_NO_PIPE 61 # define SRV_NO_PIPE 0x0200 /* disable PIPELINING, sleep if used */ 62 # endif /* _FFR_NO_PIPE */ 63 #endif /* PIPELINING */ 64 #define SRV_REQ_AUTH 0x0400 /* require AUTH */ 65 #define SRV_REQ_SEC 0x0800 /* require security - equiv to AuthOptions=p */ 66 #define SRV_TMP_FAIL 0x1000 /* ruleset caused a temporary failure */ 67 68 static unsigned int srvfeatures __P((ENVELOPE *, char *, unsigned int)); 69 70 #define STOP_ATTACK ((time_t) -1) 71 static time_t checksmtpattack __P((volatile unsigned int *, unsigned int, 72 bool, char *, ENVELOPE *)); 73 static void printvrfyaddr __P((ADDRESS *, bool, bool)); 74 static char *skipword __P((char *volatile, char *)); 75 static void setup_smtpd_io __P((void)); 76 77 #if SASL 78 # if SASL >= 20000 79 static int reset_saslconn __P((sasl_conn_t **_conn, char *_hostname, 80 char *_remoteip, char *_localip, 81 char *_auth_id, sasl_ssf_t *_ext_ssf)); 82 83 # define RESET_SASLCONN \ 84 do \ 85 { \ 86 result = reset_saslconn(&conn, AuthRealm, remoteip, \ 87 localip, auth_id, &ext_ssf); \ 88 if (result != SASL_OK) \ 89 sasl_ok = false; \ 90 } while (0) 91 92 # else /* SASL >= 20000 */ 93 static int reset_saslconn __P((sasl_conn_t **_conn, char *_hostname, 94 struct sockaddr_in *_saddr_r, 95 struct sockaddr_in *_saddr_l, 96 sasl_external_properties_t *_ext_ssf)); 97 # define RESET_SASLCONN \ 98 do \ 99 { \ 100 result = reset_saslconn(&conn, AuthRealm, &saddr_r, \ 101 &saddr_l, &ext_ssf); \ 102 if (result != SASL_OK) \ 103 sasl_ok = false; \ 104 } while (0) 105 106 # endif /* SASL >= 20000 */ 107 #endif /* SASL */ 108 109 extern ENVELOPE BlankEnvelope; 110 111 #define NBADRCPTS \ 112 do \ 113 { \ 114 char buf[16]; \ 115 (void) sm_snprintf(buf, sizeof(buf), "%d", \ 116 BadRcptThrottle > 0 && n_badrcpts > BadRcptThrottle \ 117 ? n_badrcpts - 1 : n_badrcpts); \ 118 macdefine(&e->e_macro, A_TEMP, macid("{nbadrcpts}"), buf); \ 119 } while (0) 120 121 #define SKIP_SPACE(s) while (isascii(*s) && isspace(*s)) \ 122 (s)++ 123 124 /* 125 ** PARSE_ESMTP_ARGS -- parse EMSTP arguments (for MAIL, RCPT) 126 ** 127 ** Parameters: 128 ** e -- the envelope 129 ** addr_st -- address (RCPT only) 130 ** p -- read buffer 131 ** delimptr -- current position in read buffer 132 ** which -- MAIL/RCPT 133 ** args -- arguments (output) 134 ** esmtp_args -- function to process a single ESMTP argument 135 ** 136 ** Returns: 137 ** none 138 */ 139 140 void 141 parse_esmtp_args(e, addr_st, p, delimptr, which, args, esmtp_args) 142 ENVELOPE *e; 143 ADDRESS *addr_st; 144 char *p; 145 char *delimptr; 146 char *which; 147 char *args[]; 148 esmtp_args_F esmtp_args; 149 { 150 int argno; 151 152 argno = 0; 153 if (args != NULL) 154 args[argno++] = p; 155 p = delimptr; 156 while (p != NULL && *p != '\0') 157 { 158 char *kp; 159 char *vp = NULL; 160 char *equal = NULL; 161 162 /* locate the beginning of the keyword */ 163 SKIP_SPACE(p); 164 if (*p == '\0') 165 break; 166 kp = p; 167 168 /* skip to the value portion */ 169 while ((isascii(*p) && isalnum(*p)) || *p == '-') 170 p++; 171 if (*p == '=') 172 { 173 equal = p; 174 *p++ = '\0'; 175 vp = p; 176 177 /* skip to the end of the value */ 178 while (*p != '\0' && *p != ' ' && 179 !(isascii(*p) && iscntrl(*p)) && 180 *p != '=') 181 p++; 182 } 183 184 if (*p != '\0') 185 *p++ = '\0'; 186 187 if (tTd(19, 1)) 188 sm_dprintf("%s: got arg %s=\"%s\"\n", which, kp, 189 vp == NULL ? "<null>" : vp); 190 191 esmtp_args(addr_st, kp, vp, e); 192 if (equal != NULL) 193 *equal = '='; 194 if (args != NULL) 195 args[argno] = kp; 196 argno++; 197 if (argno >= MAXSMTPARGS - 1) 198 usrerr("501 5.5.4 Too many parameters"); 199 if (Errors > 0) 200 break; 201 } 202 if (args != NULL) 203 args[argno] = NULL; 204 } 205 206 /* 207 ** SMTP -- run the SMTP protocol. 208 ** 209 ** Parameters: 210 ** nullserver -- if non-NULL, rejection message for 211 ** (almost) all SMTP commands. 212 ** d_flags -- daemon flags 213 ** e -- the envelope. 214 ** 215 ** Returns: 216 ** never. 217 ** 218 ** Side Effects: 219 ** Reads commands from the input channel and processes them. 220 */ 221 222 /* 223 ** Notice: The smtp server doesn't have a session context like the client 224 ** side has (mci). Therefore some data (session oriented) is allocated 225 ** or assigned to the "wrong" structure (esp. STARTTLS, AUTH). 226 ** This should be fixed in a successor version. 227 */ 228 229 struct cmd 230 { 231 char *cmd_name; /* command name */ 232 int cmd_code; /* internal code, see below */ 233 }; 234 235 /* values for cmd_code */ 236 #define CMDERROR 0 /* bad command */ 237 #define CMDMAIL 1 /* mail -- designate sender */ 238 #define CMDRCPT 2 /* rcpt -- designate recipient */ 239 #define CMDDATA 3 /* data -- send message text */ 240 #define CMDRSET 4 /* rset -- reset state */ 241 #define CMDVRFY 5 /* vrfy -- verify address */ 242 #define CMDEXPN 6 /* expn -- expand address */ 243 #define CMDNOOP 7 /* noop -- do nothing */ 244 #define CMDQUIT 8 /* quit -- close connection and die */ 245 #define CMDHELO 9 /* helo -- be polite */ 246 #define CMDHELP 10 /* help -- give usage info */ 247 #define CMDEHLO 11 /* ehlo -- extended helo (RFC 1425) */ 248 #define CMDETRN 12 /* etrn -- flush queue */ 249 #if SASL 250 # define CMDAUTH 13 /* auth -- SASL authenticate */ 251 #endif /* SASL */ 252 #if STARTTLS 253 # define CMDSTLS 14 /* STARTTLS -- start TLS session */ 254 #endif /* STARTTLS */ 255 /* non-standard commands */ 256 #define CMDVERB 17 /* verb -- go into verbose mode */ 257 /* unimplemented commands from RFC 821 */ 258 #define CMDUNIMPL 19 /* unimplemented rfc821 commands */ 259 /* use this to catch and log "door handle" attempts on your system */ 260 #define CMDLOGBOGUS 23 /* bogus command that should be logged */ 261 /* debugging-only commands, only enabled if SMTPDEBUG is defined */ 262 #define CMDDBGQSHOW 24 /* showq -- show send queue */ 263 #define CMDDBGDEBUG 25 /* debug -- set debug mode */ 264 265 /* 266 ** Note: If you change this list, remember to update 'helpfile' 267 */ 268 269 static struct cmd CmdTab[] = 270 { 271 { "mail", CMDMAIL }, 272 { "rcpt", CMDRCPT }, 273 { "data", CMDDATA }, 274 { "rset", CMDRSET }, 275 { "vrfy", CMDVRFY }, 276 { "expn", CMDEXPN }, 277 { "help", CMDHELP }, 278 { "noop", CMDNOOP }, 279 { "quit", CMDQUIT }, 280 { "helo", CMDHELO }, 281 { "ehlo", CMDEHLO }, 282 { "etrn", CMDETRN }, 283 { "verb", CMDVERB }, 284 { "send", CMDUNIMPL }, 285 { "saml", CMDUNIMPL }, 286 { "soml", CMDUNIMPL }, 287 { "turn", CMDUNIMPL }, 288 #if SASL 289 { "auth", CMDAUTH, }, 290 #endif /* SASL */ 291 #if STARTTLS 292 { "starttls", CMDSTLS, }, 293 #endif /* STARTTLS */ 294 /* remaining commands are here only to trap and log attempts to use them */ 295 { "showq", CMDDBGQSHOW }, 296 { "debug", CMDDBGDEBUG }, 297 { "wiz", CMDLOGBOGUS }, 298 299 { NULL, CMDERROR } 300 }; 301 302 static char *CurSmtpClient; /* who's at the other end of channel */ 303 304 #ifndef MAXBADCOMMANDS 305 # define MAXBADCOMMANDS 25 /* maximum number of bad commands */ 306 #endif /* ! MAXBADCOMMANDS */ 307 #ifndef MAXHELOCOMMANDS 308 # define MAXHELOCOMMANDS 3 /* max HELO/EHLO commands before slowdown */ 309 #endif /* ! MAXHELOCOMMANDS */ 310 #ifndef MAXVRFYCOMMANDS 311 # define MAXVRFYCOMMANDS 6 /* max VRFY/EXPN commands before slowdown */ 312 #endif /* ! MAXVRFYCOMMANDS */ 313 #ifndef MAXETRNCOMMANDS 314 # define MAXETRNCOMMANDS 8 /* max ETRN commands before slowdown */ 315 #endif /* ! MAXETRNCOMMANDS */ 316 #ifndef MAXTIMEOUT 317 # define MAXTIMEOUT (4 * 60) /* max timeout for bad commands */ 318 #endif /* ! MAXTIMEOUT */ 319 320 /* 321 ** Maximum shift value to compute timeout for bad commands. 322 ** This introduces an upper limit of 2^MAXSHIFT for the timeout. 323 */ 324 325 #ifndef MAXSHIFT 326 # define MAXSHIFT 8 327 #endif /* ! MAXSHIFT */ 328 #if MAXSHIFT > 31 329 ERROR _MAXSHIFT > 31 is invalid 330 #endif /* MAXSHIFT */ 331 332 333 #if MAXBADCOMMANDS > 0 334 # define STOP_IF_ATTACK(r) do \ 335 { \ 336 if ((r) == STOP_ATTACK) \ 337 goto stopattack; \ 338 } while (0) 339 340 #else /* MAXBADCOMMANDS > 0 */ 341 # define STOP_IF_ATTACK(r) r 342 #endif /* MAXBADCOMMANDS > 0 */ 343 344 345 #if SM_HEAP_CHECK 346 static SM_DEBUG_T DebugLeakSmtp = SM_DEBUG_INITIALIZER("leak_smtp", 347 "@(#)$Debug: leak_smtp - trace memory leaks during SMTP processing $"); 348 #endif /* SM_HEAP_CHECK */ 349 350 typedef struct 351 { 352 bool sm_gotmail; /* mail command received */ 353 unsigned int sm_nrcpts; /* number of successful RCPT commands */ 354 bool sm_discard; 355 #if MILTER 356 bool sm_milterize; 357 bool sm_milterlist; /* any filters in the list? */ 358 milters_T sm_milters; 359 360 /* e_nrcpts from envelope before recipient() call */ 361 unsigned int sm_e_nrcpts_orig; 362 #endif /* MILTER */ 363 char *sm_quarmsg; /* carry quarantining across messages */ 364 } SMTP_T; 365 366 static bool smtp_data __P((SMTP_T *, ENVELOPE *)); 367 368 #define MSG_TEMPFAIL "451 4.3.2 Please try again later" 369 370 #if MILTER 371 # define MILTER_ABORT(e) milter_abort((e)) 372 373 # define MILTER_REPLY(str) \ 374 { \ 375 int savelogusrerrs = LogUsrErrs; \ 376 \ 377 milter_cmd_fail = true; \ 378 switch (state) \ 379 { \ 380 case SMFIR_SHUTDOWN: \ 381 if (MilterLogLevel > 3) \ 382 { \ 383 sm_syslog(LOG_INFO, e->e_id, \ 384 "Milter: %s=%s, reject=421, errormode=4", \ 385 str, addr); \ 386 LogUsrErrs = false; \ 387 } \ 388 { \ 389 bool tsave = QuickAbort; \ 390 \ 391 QuickAbort = false; \ 392 usrerr("421 4.3.0 closing connection"); \ 393 QuickAbort = tsave; \ 394 e->e_sendqueue = NULL; \ 395 goto doquit; \ 396 } \ 397 break; \ 398 case SMFIR_REPLYCODE: \ 399 if (MilterLogLevel > 3) \ 400 { \ 401 sm_syslog(LOG_INFO, e->e_id, \ 402 "Milter: %s=%s, reject=%s", \ 403 str, addr, response); \ 404 LogUsrErrs = false; \ 405 } \ 406 if (strncmp(response, "421 ", 4) == 0 \ 407 || strncmp(response, "421-", 4) == 0) \ 408 { \ 409 bool tsave = QuickAbort; \ 410 \ 411 QuickAbort = false; \ 412 usrerr(response); \ 413 QuickAbort = tsave; \ 414 e->e_sendqueue = NULL; \ 415 goto doquit; \ 416 } \ 417 else \ 418 usrerr(response); \ 419 break; \ 420 \ 421 case SMFIR_REJECT: \ 422 if (MilterLogLevel > 3) \ 423 { \ 424 sm_syslog(LOG_INFO, e->e_id, \ 425 "Milter: %s=%s, reject=550 5.7.1 Command rejected", \ 426 str, addr); \ 427 LogUsrErrs = false; \ 428 } \ 429 usrerr("550 5.7.1 Command rejected"); \ 430 break; \ 431 \ 432 case SMFIR_DISCARD: \ 433 if (MilterLogLevel > 3) \ 434 sm_syslog(LOG_INFO, e->e_id, \ 435 "Milter: %s=%s, discard", \ 436 str, addr); \ 437 e->e_flags |= EF_DISCARD; \ 438 milter_cmd_fail = false; \ 439 break; \ 440 \ 441 case SMFIR_TEMPFAIL: \ 442 if (MilterLogLevel > 3) \ 443 { \ 444 sm_syslog(LOG_INFO, e->e_id, \ 445 "Milter: %s=%s, reject=%s", \ 446 str, addr, MSG_TEMPFAIL); \ 447 LogUsrErrs = false; \ 448 } \ 449 usrerr(MSG_TEMPFAIL); \ 450 break; \ 451 default: \ 452 milter_cmd_fail = false; \ 453 break; \ 454 } \ 455 LogUsrErrs = savelogusrerrs; \ 456 if (response != NULL) \ 457 sm_free(response); /* XXX */ \ 458 } 459 460 #else /* MILTER */ 461 # define MILTER_ABORT(e) 462 #endif /* MILTER */ 463 464 /* clear all SMTP state (for HELO/EHLO/RSET) */ 465 #define CLEAR_STATE(cmd) \ 466 do \ 467 { \ 468 /* abort milter filters */ \ 469 MILTER_ABORT(e); \ 470 \ 471 if (smtp.sm_nrcpts > 0) \ 472 { \ 473 logundelrcpts(e, cmd, 10, false); \ 474 smtp.sm_nrcpts = 0; \ 475 macdefine(&e->e_macro, A_PERM, \ 476 macid("{nrcpts}"), "0"); \ 477 } \ 478 \ 479 e->e_sendqueue = NULL; \ 480 e->e_flags |= EF_CLRQUEUE; \ 481 \ 482 if (tTd(92, 2)) \ 483 sm_dprintf("CLEAR_STATE: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n",\ 484 e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel);\ 485 if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) \ 486 logsender(e, NULL); \ 487 e->e_flags &= ~EF_LOGSENDER; \ 488 \ 489 /* clean up a bit */ \ 490 smtp.sm_gotmail = false; \ 491 SuprErrs = true; \ 492 (void) dropenvelope(e, true, false); \ 493 sm_rpool_free(e->e_rpool); \ 494 e = newenvelope(e, CurEnv, sm_rpool_new_x(NULL)); \ 495 CurEnv = e; \ 496 e->e_features = features; \ 497 \ 498 /* put back discard bit */ \ 499 if (smtp.sm_discard) \ 500 e->e_flags |= EF_DISCARD; \ 501 \ 502 /* restore connection quarantining */ \ 503 if (smtp.sm_quarmsg == NULL) \ 504 { \ 505 e->e_quarmsg = NULL; \ 506 macdefine(&e->e_macro, A_PERM, \ 507 macid("{quarantine}"), ""); \ 508 } \ 509 else \ 510 { \ 511 e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, \ 512 smtp.sm_quarmsg); \ 513 macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), \ 514 e->e_quarmsg); \ 515 } \ 516 } while (0) 517 518 /* sleep to flatten out connection load */ 519 #define MIN_DELAY_LOG 15 /* wait before logging this again */ 520 521 /* is it worth setting the process title for 1s? */ 522 #define DELAY_CONN(cmd) \ 523 if (DelayLA > 0 && (CurrentLA = getla()) >= DelayLA) \ 524 { \ 525 time_t dnow; \ 526 \ 527 sm_setproctitle(true, e, \ 528 "%s: %s: delaying %s: load average: %d", \ 529 qid_printname(e), CurSmtpClient, \ 530 cmd, DelayLA); \ 531 if (LogLevel > 8 && (dnow = curtime()) > log_delay) \ 532 { \ 533 sm_syslog(LOG_INFO, e->e_id, \ 534 "delaying=%s, load average=%d >= %d", \ 535 cmd, CurrentLA, DelayLA); \ 536 log_delay = dnow + MIN_DELAY_LOG; \ 537 } \ 538 (void) sleep(1); \ 539 sm_setproctitle(true, e, "%s %s: %.80s", \ 540 qid_printname(e), CurSmtpClient, inp); \ 541 } 542 543 static bool SevenBitInput_Saved; /* saved version of SevenBitInput */ 544 545 void 546 smtp(nullserver, d_flags, e) 547 char *volatile nullserver; 548 BITMAP256 d_flags; 549 register ENVELOPE *volatile e; 550 { 551 register char *volatile p; 552 register struct cmd *volatile c = NULL; 553 char *cmd; 554 auto ADDRESS *vrfyqueue; 555 ADDRESS *a; 556 volatile bool gothello; /* helo command received */ 557 bool vrfy; /* set if this is a vrfy command */ 558 char *volatile protocol; /* sending protocol */ 559 char *volatile sendinghost; /* sending hostname */ 560 char *volatile peerhostname; /* name of SMTP peer or "localhost" */ 561 auto char *delimptr; 562 char *id; 563 volatile unsigned int n_badcmds = 0; /* count of bad commands */ 564 volatile unsigned int n_badrcpts = 0; /* number of rejected RCPT */ 565 volatile unsigned int n_verifies = 0; /* count of VRFY/EXPN */ 566 volatile unsigned int n_etrn = 0; /* count of ETRN */ 567 volatile unsigned int n_noop = 0; /* count of NOOP/VERB/etc */ 568 volatile unsigned int n_helo = 0; /* count of HELO/EHLO */ 569 bool ok; 570 volatile bool first; 571 volatile bool tempfail = false; 572 volatile time_t wt; /* timeout after too many commands */ 573 volatile time_t previous; /* time after checksmtpattack() */ 574 volatile bool lognullconnection = true; 575 register char *q; 576 SMTP_T smtp; 577 char *addr; 578 char *greetcode = "220"; 579 char *hostname; /* my hostname ($j) */ 580 QUEUE_CHAR *new; 581 char *args[MAXSMTPARGS]; 582 char inp[MAXINPLINE]; 583 #if MAXINPLINE < MAXLINE 584 ERROR _MAXINPLINE must NOT be less than _MAXLINE: MAXINPLINE < MAXLINE 585 #endif /* MAXINPLINE < MAXLINE */ 586 char cmdbuf[MAXLINE]; 587 #if SASL 588 sasl_conn_t *conn; 589 volatile bool sasl_ok; 590 volatile unsigned int n_auth = 0; /* count of AUTH commands */ 591 bool ismore; 592 int result; 593 volatile int authenticating; 594 char *user; 595 char *in, *out2; 596 # if SASL >= 20000 597 char *auth_id = NULL; 598 const char *out; 599 sasl_ssf_t ext_ssf; 600 char localip[60], remoteip[60]; 601 # else /* SASL >= 20000 */ 602 char *out; 603 const char *errstr; 604 sasl_external_properties_t ext_ssf; 605 struct sockaddr_in saddr_l; 606 struct sockaddr_in saddr_r; 607 # endif /* SASL >= 20000 */ 608 sasl_security_properties_t ssp; 609 sasl_ssf_t *ssf; 610 unsigned int inlen, out2len; 611 unsigned int outlen; 612 char *volatile auth_type; 613 char *mechlist; 614 volatile unsigned int n_mechs; 615 unsigned int len; 616 #else /* SASL */ 617 #endif /* SASL */ 618 int r; 619 #if STARTTLS 620 int rfd, wfd; 621 volatile bool tls_active = false; 622 volatile bool smtps = bitnset(D_SMTPS, d_flags); 623 bool saveQuickAbort; 624 bool saveSuprErrs; 625 time_t tlsstart; 626 #endif /* STARTTLS */ 627 volatile unsigned int features; 628 #if PIPELINING 629 # if _FFR_NO_PIPE 630 int np_log = 0; 631 # endif /* _FFR_NO_PIPE */ 632 #endif /* PIPELINING */ 633 volatile time_t log_delay = (time_t) 0; 634 #if MILTER 635 volatile bool milter_cmd_done, milter_cmd_safe; 636 volatile bool milter_rcpt_added, milter_cmd_fail; 637 ADDRESS addr_st; 638 # define p_addr_st &addr_st 639 #else /* MILTER */ 640 # define p_addr_st NULL 641 #endif /* MILTER */ 642 size_t inplen; 643 #if _FFR_BADRCPT_SHUTDOWN 644 int n_badrcpts_adj; 645 #endif /* _FFR_BADRCPT_SHUTDOWN */ 646 647 SevenBitInput_Saved = SevenBitInput; 648 smtp.sm_nrcpts = 0; 649 #if MILTER 650 smtp.sm_milterize = (nullserver == NULL); 651 smtp.sm_milterlist = false; 652 addr = NULL; 653 #endif /* MILTER */ 654 655 /* setup I/O fd correctly for the SMTP server */ 656 setup_smtpd_io(); 657 658 #if SM_HEAP_CHECK 659 if (sm_debug_active(&DebugLeakSmtp, 1)) 660 { 661 sm_heap_newgroup(); 662 sm_dprintf("smtp() heap group #%d\n", sm_heap_group()); 663 } 664 #endif /* SM_HEAP_CHECK */ 665 666 /* XXX the rpool should be set when e is initialized in main() */ 667 e->e_rpool = sm_rpool_new_x(NULL); 668 e->e_macro.mac_rpool = e->e_rpool; 669 670 settime(e); 671 sm_getla(); 672 peerhostname = RealHostName; 673 if (peerhostname == NULL) 674 peerhostname = "localhost"; 675 CurHostName = peerhostname; 676 CurSmtpClient = macvalue('_', e); 677 if (CurSmtpClient == NULL) 678 CurSmtpClient = CurHostName; 679 680 /* check_relay may have set discard bit, save for later */ 681 smtp.sm_discard = bitset(EF_DISCARD, e->e_flags); 682 683 #if PIPELINING 684 /* auto-flush output when reading input */ 685 (void) sm_io_autoflush(InChannel, OutChannel); 686 #endif /* PIPELINING */ 687 688 sm_setproctitle(true, e, "server %s startup", CurSmtpClient); 689 690 /* Set default features for server. */ 691 features = ((bitset(PRIV_NOETRN, PrivacyFlags) || 692 bitnset(D_NOETRN, d_flags)) ? SRV_NONE : SRV_OFFER_ETRN) 693 | (bitnset(D_AUTHREQ, d_flags) ? SRV_REQ_AUTH : SRV_NONE) 694 | (bitset(PRIV_NOEXPN, PrivacyFlags) ? SRV_NONE 695 : (SRV_OFFER_EXPN 696 | (bitset(PRIV_NOVERB, PrivacyFlags) 697 ? SRV_NONE : SRV_OFFER_VERB))) 698 | ((bitset(PRIV_NORECEIPTS, PrivacyFlags) || !SendMIMEErrors) 699 ? SRV_NONE : SRV_OFFER_DSN) 700 #if SASL 701 | (bitnset(D_NOAUTH, d_flags) ? SRV_NONE : SRV_OFFER_AUTH) 702 | (bitset(SASL_SEC_NOPLAINTEXT, SASLOpts) ? SRV_REQ_SEC 703 : SRV_NONE) 704 #endif /* SASL */ 705 #if PIPELINING 706 | SRV_OFFER_PIPE 707 #endif /* PIPELINING */ 708 #if STARTTLS 709 | (bitnset(D_NOTLS, d_flags) ? SRV_NONE : SRV_OFFER_TLS) 710 | (bitset(TLS_I_NO_VRFY, TLS_Srv_Opts) ? SRV_NONE 711 : SRV_VRFY_CLT) 712 #endif /* STARTTLS */ 713 ; 714 if (nullserver == NULL) 715 { 716 features = srvfeatures(e, CurSmtpClient, features); 717 if (bitset(SRV_TMP_FAIL, features)) 718 { 719 if (LogLevel > 4) 720 sm_syslog(LOG_ERR, NOQID, 721 "ERROR: srv_features=tempfail, relay=%.100s, access temporarily disabled", 722 CurSmtpClient); 723 nullserver = "450 4.3.0 Please try again later."; 724 } 725 else 726 { 727 #if PIPELINING 728 # if _FFR_NO_PIPE 729 if (bitset(SRV_NO_PIPE, features)) 730 { 731 /* for consistency */ 732 features &= ~SRV_OFFER_PIPE; 733 } 734 # endif /* _FFR_NO_PIPE */ 735 #endif /* PIPELINING */ 736 #if SASL 737 if (bitset(SRV_REQ_SEC, features)) 738 SASLOpts |= SASL_SEC_NOPLAINTEXT; 739 else 740 SASLOpts &= ~SASL_SEC_NOPLAINTEXT; 741 #endif /* SASL */ 742 } 743 } 744 else if (strncmp(nullserver, "421 ", 4) == 0) 745 { 746 message(nullserver); 747 goto doquit; 748 } 749 750 e->e_features = features; 751 hostname = macvalue('j', e); 752 #if SASL 753 if (AuthRealm == NULL) 754 AuthRealm = hostname; 755 sasl_ok = bitset(SRV_OFFER_AUTH, features); 756 n_mechs = 0; 757 authenticating = SASL_NOT_AUTH; 758 759 /* SASL server new connection */ 760 if (sasl_ok) 761 { 762 # if SASL >= 20000 763 result = sasl_server_new("smtp", AuthRealm, NULL, NULL, NULL, 764 NULL, 0, &conn); 765 # elif SASL > 10505 766 /* use empty realm: only works in SASL > 1.5.5 */ 767 result = sasl_server_new("smtp", AuthRealm, "", NULL, 0, &conn); 768 # else /* SASL >= 20000 */ 769 /* use no realm -> realm is set to hostname by SASL lib */ 770 result = sasl_server_new("smtp", AuthRealm, NULL, NULL, 0, 771 &conn); 772 # endif /* SASL >= 20000 */ 773 sasl_ok = result == SASL_OK; 774 if (!sasl_ok) 775 { 776 if (LogLevel > 9) 777 sm_syslog(LOG_WARNING, NOQID, 778 "AUTH error: sasl_server_new failed=%d", 779 result); 780 } 781 } 782 if (sasl_ok) 783 { 784 /* 785 ** SASL set properties for sasl 786 ** set local/remote IP 787 ** XXX Cyrus SASL v1 only supports IPv4 788 ** 789 ** XXX where exactly are these used/required? 790 ** Kerberos_v4 791 */ 792 793 # if SASL >= 20000 794 localip[0] = remoteip[0] = '\0'; 795 # if NETINET || NETINET6 796 in = macvalue(macid("{daemon_family}"), e); 797 if (in != NULL && ( 798 # if NETINET6 799 strcmp(in, "inet6") == 0 || 800 # endif /* NETINET6 */ 801 strcmp(in, "inet") == 0)) 802 { 803 SOCKADDR_LEN_T addrsize; 804 SOCKADDR saddr_l; 805 SOCKADDR saddr_r; 806 807 addrsize = sizeof(saddr_r); 808 if (getpeername(sm_io_getinfo(InChannel, SM_IO_WHAT_FD, 809 NULL), 810 (struct sockaddr *) &saddr_r, 811 &addrsize) == 0) 812 { 813 if (iptostring(&saddr_r, addrsize, 814 remoteip, sizeof(remoteip))) 815 { 816 sasl_setprop(conn, SASL_IPREMOTEPORT, 817 remoteip); 818 } 819 addrsize = sizeof(saddr_l); 820 if (getsockname(sm_io_getinfo(InChannel, 821 SM_IO_WHAT_FD, 822 NULL), 823 (struct sockaddr *) &saddr_l, 824 &addrsize) == 0) 825 { 826 if (iptostring(&saddr_l, addrsize, 827 localip, 828 sizeof(localip))) 829 { 830 sasl_setprop(conn, 831 SASL_IPLOCALPORT, 832 localip); 833 } 834 } 835 } 836 } 837 # endif /* NETINET || NETINET6 */ 838 # else /* SASL >= 20000 */ 839 # if NETINET 840 in = macvalue(macid("{daemon_family}"), e); 841 if (in != NULL && strcmp(in, "inet") == 0) 842 { 843 SOCKADDR_LEN_T addrsize; 844 845 addrsize = sizeof(struct sockaddr_in); 846 if (getpeername(sm_io_getinfo(InChannel, SM_IO_WHAT_FD, 847 NULL), 848 (struct sockaddr *)&saddr_r, 849 &addrsize) == 0) 850 { 851 sasl_setprop(conn, SASL_IP_REMOTE, &saddr_r); 852 addrsize = sizeof(struct sockaddr_in); 853 if (getsockname(sm_io_getinfo(InChannel, 854 SM_IO_WHAT_FD, 855 NULL), 856 (struct sockaddr *)&saddr_l, 857 &addrsize) == 0) 858 sasl_setprop(conn, SASL_IP_LOCAL, 859 &saddr_l); 860 } 861 } 862 # endif /* NETINET */ 863 # endif /* SASL >= 20000 */ 864 865 auth_type = NULL; 866 mechlist = NULL; 867 user = NULL; 868 # if 0 869 macdefine(&BlankEnvelope.e_macro, A_PERM, 870 macid("{auth_author}"), NULL); 871 # endif /* 0 */ 872 873 /* set properties */ 874 (void) memset(&ssp, '\0', sizeof(ssp)); 875 876 /* XXX should these be options settable via .cf ? */ 877 /* ssp.min_ssf = 0; is default due to memset() */ 878 { 879 ssp.max_ssf = MaxSLBits; 880 ssp.maxbufsize = MAXOUTLEN; 881 } 882 ssp.security_flags = SASLOpts & SASL_SEC_MASK; 883 sasl_ok = sasl_setprop(conn, SASL_SEC_PROPS, &ssp) == SASL_OK; 884 885 if (sasl_ok) 886 { 887 /* 888 ** external security strength factor; 889 ** currently we have none so zero 890 */ 891 892 # if SASL >= 20000 893 ext_ssf = 0; 894 auth_id = NULL; 895 sasl_ok = ((sasl_setprop(conn, SASL_SSF_EXTERNAL, 896 &ext_ssf) == SASL_OK) && 897 (sasl_setprop(conn, SASL_AUTH_EXTERNAL, 898 auth_id) == SASL_OK)); 899 # else /* SASL >= 20000 */ 900 ext_ssf.ssf = 0; 901 ext_ssf.auth_id = NULL; 902 sasl_ok = sasl_setprop(conn, SASL_SSF_EXTERNAL, 903 &ext_ssf) == SASL_OK; 904 # endif /* SASL >= 20000 */ 905 } 906 if (sasl_ok) 907 n_mechs = saslmechs(conn, &mechlist); 908 } 909 #endif /* SASL */ 910 911 #if STARTTLS 912 # if USE_OPENSSL_ENGINE 913 if (tls_ok_srv && bitset(SRV_OFFER_TLS, features) && 914 !SSL_set_engine(NULL)) 915 { 916 sm_syslog(LOG_ERR, NOQID, 917 "STARTTLS=server, SSL_set_engine=failed"); 918 tls_ok_srv = false; 919 } 920 # endif /* USE_OPENSSL_ENGINE */ 921 922 923 set_tls_rd_tmo(TimeOuts.to_nextcommand); 924 #endif /* STARTTLS */ 925 926 #if MILTER 927 if (smtp.sm_milterize) 928 { 929 char state; 930 931 /* initialize mail filter connection */ 932 smtp.sm_milterlist = milter_init(e, &state, &smtp.sm_milters); 933 switch (state) 934 { 935 case SMFIR_REJECT: 936 if (MilterLogLevel > 3) 937 sm_syslog(LOG_INFO, e->e_id, 938 "Milter: initialization failed, rejecting commands"); 939 greetcode = "554"; 940 nullserver = "Command rejected"; 941 smtp.sm_milterize = false; 942 break; 943 944 case SMFIR_TEMPFAIL: 945 if (MilterLogLevel > 3) 946 sm_syslog(LOG_INFO, e->e_id, 947 "Milter: initialization failed, temp failing commands"); 948 tempfail = true; 949 smtp.sm_milterize = false; 950 break; 951 952 case SMFIR_SHUTDOWN: 953 if (MilterLogLevel > 3) 954 sm_syslog(LOG_INFO, e->e_id, 955 "Milter: initialization failed, closing connection"); 956 tempfail = true; 957 smtp.sm_milterize = false; 958 message("421 4.7.0 %s closing connection", 959 MyHostName); 960 961 /* arrange to ignore send list */ 962 e->e_sendqueue = NULL; 963 lognullconnection = false; 964 goto doquit; 965 } 966 } 967 968 if (smtp.sm_milterlist && smtp.sm_milterize && 969 !bitset(EF_DISCARD, e->e_flags)) 970 { 971 char state; 972 char *response; 973 974 q = macvalue(macid("{client_name}"), e); 975 SM_ASSERT(q != NULL || OpMode == MD_SMTP); 976 if (q == NULL) 977 q = "localhost"; 978 response = milter_connect(q, RealHostAddr, e, &state); 979 switch (state) 980 { 981 case SMFIR_REPLYCODE: /* REPLYCODE shouldn't happen */ 982 case SMFIR_REJECT: 983 if (MilterLogLevel > 3) 984 sm_syslog(LOG_INFO, e->e_id, 985 "Milter: connect: host=%s, addr=%s, rejecting commands", 986 peerhostname, 987 anynet_ntoa(&RealHostAddr)); 988 greetcode = "554"; 989 nullserver = "Command rejected"; 990 smtp.sm_milterize = false; 991 break; 992 993 case SMFIR_TEMPFAIL: 994 if (MilterLogLevel > 3) 995 sm_syslog(LOG_INFO, e->e_id, 996 "Milter: connect: host=%s, addr=%s, temp failing commands", 997 peerhostname, 998 anynet_ntoa(&RealHostAddr)); 999 tempfail = true; 1000 smtp.sm_milterize = false; 1001 break; 1002 1003 case SMFIR_SHUTDOWN: 1004 if (MilterLogLevel > 3) 1005 sm_syslog(LOG_INFO, e->e_id, 1006 "Milter: connect: host=%s, addr=%s, shutdown", 1007 peerhostname, 1008 anynet_ntoa(&RealHostAddr)); 1009 tempfail = true; 1010 smtp.sm_milterize = false; 1011 message("421 4.7.0 %s closing connection", 1012 MyHostName); 1013 1014 /* arrange to ignore send list */ 1015 e->e_sendqueue = NULL; 1016 goto doquit; 1017 } 1018 if (response != NULL) 1019 sm_free(response); /* XXX */ 1020 } 1021 #endif /* MILTER */ 1022 1023 /* 1024 ** Broken proxies and SMTP slammers 1025 ** push data without waiting, catch them 1026 */ 1027 1028 if ( 1029 #if STARTTLS 1030 !smtps && 1031 #endif /* STARTTLS */ 1032 *greetcode == '2' && nullserver == NULL) 1033 { 1034 time_t msecs = 0; 1035 char **pvp; 1036 char pvpbuf[PSBUFSIZE]; 1037 1038 /* Ask the rulesets how long to pause */ 1039 pvp = NULL; 1040 r = rscap("greet_pause", peerhostname, 1041 anynet_ntoa(&RealHostAddr), e, 1042 &pvp, pvpbuf, sizeof(pvpbuf)); 1043 if (r == EX_OK && pvp != NULL && pvp[0] != NULL && 1044 (pvp[0][0] & 0377) == CANONNET && pvp[1] != NULL) 1045 { 1046 msecs = strtol(pvp[1], NULL, 10); 1047 } 1048 1049 if (msecs > 0) 1050 { 1051 int fd; 1052 fd_set readfds; 1053 struct timeval timeout; 1054 struct timeval bp, ep, tp; /* {begin,end,total}pause */ 1055 int eoftest; 1056 1057 /* pause for a moment */ 1058 timeout.tv_sec = msecs / 1000; 1059 timeout.tv_usec = (msecs % 1000) * 1000; 1060 1061 /* Obey RFC 2821: 4.3.5.2: 220 timeout of 5 minutes */ 1062 if (timeout.tv_sec >= 300) 1063 { 1064 timeout.tv_sec = 300; 1065 timeout.tv_usec = 0; 1066 } 1067 1068 /* check if data is on the socket during the pause */ 1069 fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL); 1070 FD_ZERO(&readfds); 1071 SM_FD_SET(fd, &readfds); 1072 gettimeofday(&bp, NULL); 1073 if (select(fd + 1, FDSET_CAST &readfds, 1074 NULL, NULL, &timeout) > 0 && 1075 FD_ISSET(fd, &readfds) && 1076 (eoftest = sm_io_getc(InChannel, SM_TIME_DEFAULT)) 1077 != SM_IO_EOF) 1078 { 1079 sm_io_ungetc(InChannel, SM_TIME_DEFAULT, 1080 eoftest); 1081 gettimeofday(&ep, NULL); 1082 timersub(&ep, &bp, &tp); 1083 greetcode = "554"; 1084 nullserver = "Command rejected"; 1085 sm_syslog(LOG_INFO, e->e_id, 1086 "rejecting commands from %s [%s] due to pre-greeting traffic after %d seconds", 1087 peerhostname, 1088 anynet_ntoa(&RealHostAddr), 1089 (int) tp.tv_sec + 1090 (tp.tv_usec >= 500000 ? 1 : 0) 1091 ); 1092 } 1093 } 1094 } 1095 1096 #if STARTTLS 1097 /* If this an smtps connection, start TLS now */ 1098 if (smtps) 1099 { 1100 Errors = 0; 1101 goto starttls; 1102 } 1103 1104 greeting: 1105 1106 #endif /* STARTTLS */ 1107 1108 /* output the first line, inserting "ESMTP" as second word */ 1109 if (*greetcode == '5') 1110 (void) sm_snprintf(inp, sizeof(inp), 1111 "%s not accepting messages", hostname); 1112 else 1113 expand(SmtpGreeting, inp, sizeof(inp), e); 1114 1115 p = strchr(inp, '\n'); 1116 if (p != NULL) 1117 *p++ = '\0'; 1118 id = strchr(inp, ' '); 1119 if (id == NULL) 1120 id = &inp[strlen(inp)]; 1121 if (p == NULL) 1122 (void) sm_snprintf(cmdbuf, sizeof(cmdbuf), 1123 "%s %%.*s ESMTP%%s", greetcode); 1124 else 1125 (void) sm_snprintf(cmdbuf, sizeof(cmdbuf), 1126 "%s-%%.*s ESMTP%%s", greetcode); 1127 message(cmdbuf, (int) (id - inp), inp, id); 1128 1129 /* output remaining lines */ 1130 while ((id = p) != NULL && (p = strchr(id, '\n')) != NULL) 1131 { 1132 *p++ = '\0'; 1133 if (isascii(*id) && isspace(*id)) 1134 id++; 1135 (void) sm_strlcpyn(cmdbuf, sizeof(cmdbuf), 2, greetcode, "-%s"); 1136 message(cmdbuf, id); 1137 } 1138 if (id != NULL) 1139 { 1140 if (isascii(*id) && isspace(*id)) 1141 id++; 1142 (void) sm_strlcpyn(cmdbuf, sizeof(cmdbuf), 2, greetcode, " %s"); 1143 message(cmdbuf, id); 1144 } 1145 1146 protocol = NULL; 1147 sendinghost = macvalue('s', e); 1148 1149 /* If quarantining by a connect/ehlo action, save between messages */ 1150 if (e->e_quarmsg == NULL) 1151 smtp.sm_quarmsg = NULL; 1152 else 1153 smtp.sm_quarmsg = newstr(e->e_quarmsg); 1154 1155 /* sendinghost's storage must outlive the current envelope */ 1156 if (sendinghost != NULL) 1157 sendinghost = sm_strdup_x(sendinghost); 1158 first = true; 1159 gothello = false; 1160 smtp.sm_gotmail = false; 1161 for (;;) 1162 { 1163 SM_TRY 1164 { 1165 QuickAbort = false; 1166 HoldErrs = false; 1167 SuprErrs = false; 1168 LogUsrErrs = false; 1169 OnlyOneError = true; 1170 e->e_flags &= ~(EF_VRFYONLY|EF_GLOBALERRS); 1171 #if MILTER 1172 milter_cmd_fail = false; 1173 #endif /* MILTER */ 1174 1175 /* setup for the read */ 1176 e->e_to = NULL; 1177 Errors = 0; 1178 FileName = NULL; 1179 (void) sm_io_flush(smioout, SM_TIME_DEFAULT); 1180 1181 /* read the input line */ 1182 SmtpPhase = "server cmd read"; 1183 sm_setproctitle(true, e, "server %s cmd read", CurSmtpClient); 1184 1185 /* handle errors */ 1186 if (sm_io_error(OutChannel) || 1187 (p = sfgets(inp, sizeof(inp), InChannel, 1188 TimeOuts.to_nextcommand, SmtpPhase)) == NULL) 1189 { 1190 char *d; 1191 1192 d = macvalue(macid("{daemon_name}"), e); 1193 if (d == NULL) 1194 d = "stdin"; 1195 /* end of file, just die */ 1196 disconnect(1, e); 1197 1198 #if MILTER 1199 /* close out milter filters */ 1200 milter_quit(e); 1201 #endif /* MILTER */ 1202 1203 message("421 4.4.1 %s Lost input channel from %s", 1204 MyHostName, CurSmtpClient); 1205 if (LogLevel > (smtp.sm_gotmail ? 1 : 19)) 1206 sm_syslog(LOG_NOTICE, e->e_id, 1207 "lost input channel from %s to %s after %s", 1208 CurSmtpClient, d, 1209 (c == NULL || c->cmd_name == NULL) ? "startup" : c->cmd_name); 1210 /* 1211 ** If have not accepted mail (DATA), do not bounce 1212 ** bad addresses back to sender. 1213 */ 1214 1215 if (bitset(EF_CLRQUEUE, e->e_flags)) 1216 e->e_sendqueue = NULL; 1217 goto doquit; 1218 } 1219 1220 /* also used by "proxy" check below */ 1221 inplen = strlen(inp); 1222 #if SASL 1223 /* 1224 ** SMTP AUTH requires accepting any length, 1225 ** at least for challenge/response. However, not imposing 1226 ** a limit is a bad idea (denial of service). 1227 */ 1228 1229 if (authenticating != SASL_PROC_AUTH 1230 && sm_strncasecmp(inp, "AUTH ", 5) != 0 1231 && inplen > MAXLINE) 1232 { 1233 message("421 4.7.0 %s Command too long, possible attack %s", 1234 MyHostName, CurSmtpClient); 1235 sm_syslog(LOG_INFO, e->e_id, 1236 "%s: SMTP violation, input too long: %lu", 1237 CurSmtpClient, (unsigned long) inplen); 1238 goto doquit; 1239 } 1240 #endif /* SASL */ 1241 1242 if (first) 1243 { 1244 size_t cmdlen; 1245 int idx; 1246 char *http_cmd; 1247 static char *http_cmds[] = { "GET", "POST", 1248 "CONNECT", "USER", NULL }; 1249 1250 for (idx = 0; (http_cmd = http_cmds[idx]) != NULL; 1251 idx++) 1252 { 1253 cmdlen = strlen(http_cmd); 1254 if (cmdlen < inplen && 1255 sm_strncasecmp(inp, http_cmd, cmdlen) == 0 && 1256 isascii(inp[cmdlen]) && isspace(inp[cmdlen])) 1257 { 1258 /* Open proxy, drop it */ 1259 message("421 4.7.0 %s Rejecting open proxy %s", 1260 MyHostName, CurSmtpClient); 1261 sm_syslog(LOG_INFO, e->e_id, 1262 "%s: probable open proxy: command=%.40s", 1263 CurSmtpClient, inp); 1264 goto doquit; 1265 } 1266 } 1267 first = false; 1268 } 1269 1270 /* clean up end of line */ 1271 fixcrlf(inp, true); 1272 1273 #if PIPELINING 1274 # if _FFR_NO_PIPE 1275 /* 1276 ** if there is more input and pipelining is disabled: 1277 ** delay ... (and maybe discard the input?) 1278 ** XXX this doesn't really work, at least in tests using 1279 ** telnet SM_IO_IS_READABLE only returns 1 if there were 1280 ** more than 2 input lines available. 1281 */ 1282 1283 if (bitset(SRV_NO_PIPE, features) && 1284 sm_io_getinfo(InChannel, SM_IO_IS_READABLE, NULL) > 0) 1285 { 1286 if (++np_log < 3) 1287 sm_syslog(LOG_INFO, NOQID, 1288 "unauthorized PIPELINING, sleeping, relay=%.100s", 1289 CurSmtpClient); 1290 sleep(1); 1291 } 1292 1293 # endif /* _FFR_NO_PIPE */ 1294 #endif /* PIPELINING */ 1295 1296 #if SASL 1297 if (authenticating == SASL_PROC_AUTH) 1298 { 1299 # if 0 1300 if (*inp == '\0') 1301 { 1302 authenticating = SASL_NOT_AUTH; 1303 message("501 5.5.2 missing input"); 1304 RESET_SASLCONN; 1305 continue; 1306 } 1307 # endif /* 0 */ 1308 if (*inp == '*' && *(inp + 1) == '\0') 1309 { 1310 authenticating = SASL_NOT_AUTH; 1311 1312 /* RFC 2554 4. */ 1313 message("501 5.0.0 AUTH aborted"); 1314 RESET_SASLCONN; 1315 continue; 1316 } 1317 1318 /* could this be shorter? XXX */ 1319 # if SASL >= 20000 1320 in = xalloc(strlen(inp) + 1); 1321 result = sasl_decode64(inp, strlen(inp), in, 1322 strlen(inp), &inlen); 1323 # else /* SASL >= 20000 */ 1324 out = xalloc(strlen(inp)); 1325 result = sasl_decode64(inp, strlen(inp), out, &outlen); 1326 # endif /* SASL >= 20000 */ 1327 if (result != SASL_OK) 1328 { 1329 authenticating = SASL_NOT_AUTH; 1330 1331 /* RFC 2554 4. */ 1332 message("501 5.5.4 cannot decode AUTH parameter %s", 1333 inp); 1334 # if SASL >= 20000 1335 sm_free(in); 1336 # endif /* SASL >= 20000 */ 1337 RESET_SASLCONN; 1338 continue; 1339 } 1340 1341 # if SASL >= 20000 1342 result = sasl_server_step(conn, in, inlen, 1343 &out, &outlen); 1344 sm_free(in); 1345 # else /* SASL >= 20000 */ 1346 result = sasl_server_step(conn, out, outlen, 1347 &out, &outlen, &errstr); 1348 # endif /* SASL >= 20000 */ 1349 1350 /* get an OK if we're done */ 1351 if (result == SASL_OK) 1352 { 1353 authenticated: 1354 message("235 2.0.0 OK Authenticated"); 1355 authenticating = SASL_IS_AUTH; 1356 macdefine(&BlankEnvelope.e_macro, A_TEMP, 1357 macid("{auth_type}"), auth_type); 1358 1359 # if SASL >= 20000 1360 user = macvalue(macid("{auth_authen}"), e); 1361 1362 /* get security strength (features) */ 1363 result = sasl_getprop(conn, SASL_SSF, 1364 (const void **) &ssf); 1365 # else /* SASL >= 20000 */ 1366 result = sasl_getprop(conn, SASL_USERNAME, 1367 (void **)&user); 1368 if (result != SASL_OK) 1369 { 1370 user = ""; 1371 macdefine(&BlankEnvelope.e_macro, 1372 A_PERM, 1373 macid("{auth_authen}"), NULL); 1374 } 1375 else 1376 { 1377 macdefine(&BlankEnvelope.e_macro, 1378 A_TEMP, 1379 macid("{auth_authen}"), 1380 xtextify(user, "<>\")")); 1381 } 1382 1383 # if 0 1384 /* get realm? */ 1385 sasl_getprop(conn, SASL_REALM, (void **) &data); 1386 # endif /* 0 */ 1387 1388 /* get security strength (features) */ 1389 result = sasl_getprop(conn, SASL_SSF, 1390 (void **) &ssf); 1391 # endif /* SASL >= 20000 */ 1392 if (result != SASL_OK) 1393 { 1394 macdefine(&BlankEnvelope.e_macro, 1395 A_PERM, 1396 macid("{auth_ssf}"), "0"); 1397 ssf = NULL; 1398 } 1399 else 1400 { 1401 char pbuf[8]; 1402 1403 (void) sm_snprintf(pbuf, sizeof(pbuf), 1404 "%u", *ssf); 1405 macdefine(&BlankEnvelope.e_macro, 1406 A_TEMP, 1407 macid("{auth_ssf}"), pbuf); 1408 if (tTd(95, 8)) 1409 sm_dprintf("AUTH auth_ssf: %u\n", 1410 *ssf); 1411 } 1412 1413 /* 1414 ** Only switch to encrypted connection 1415 ** if a security layer has been negotiated 1416 */ 1417 1418 if (ssf != NULL && *ssf > 0) 1419 { 1420 int tmo; 1421 1422 /* 1423 ** Convert I/O layer to use SASL. 1424 ** If the call fails, the connection 1425 ** is aborted. 1426 */ 1427 1428 tmo = TimeOuts.to_datablock * 1000; 1429 if (sfdcsasl(&InChannel, &OutChannel, 1430 conn, tmo) == 0) 1431 { 1432 /* restart dialogue */ 1433 n_helo = 0; 1434 # if PIPELINING 1435 (void) sm_io_autoflush(InChannel, 1436 OutChannel); 1437 # endif /* PIPELINING */ 1438 } 1439 else 1440 syserr("503 5.3.3 SASL TLS failed"); 1441 } 1442 1443 /* NULL pointer ok since it's our function */ 1444 if (LogLevel > 8) 1445 sm_syslog(LOG_INFO, NOQID, 1446 "AUTH=server, relay=%s, authid=%.128s, mech=%.16s, bits=%d", 1447 CurSmtpClient, 1448 shortenstring(user, 128), 1449 auth_type, *ssf); 1450 } 1451 else if (result == SASL_CONTINUE) 1452 { 1453 len = ENC64LEN(outlen); 1454 out2 = xalloc(len); 1455 result = sasl_encode64(out, outlen, out2, len, 1456 &out2len); 1457 if (result != SASL_OK) 1458 { 1459 /* correct code? XXX */ 1460 /* 454 Temp. authentication failure */ 1461 message("454 4.5.4 Internal error: unable to encode64"); 1462 if (LogLevel > 5) 1463 sm_syslog(LOG_WARNING, e->e_id, 1464 "AUTH encode64 error [%d for \"%s\"], relay=%.100s", 1465 result, out, 1466 CurSmtpClient); 1467 /* start over? */ 1468 authenticating = SASL_NOT_AUTH; 1469 } 1470 else 1471 { 1472 message("334 %s", out2); 1473 if (tTd(95, 2)) 1474 sm_dprintf("AUTH continue: msg='%s' len=%u\n", 1475 out2, out2len); 1476 } 1477 # if SASL >= 20000 1478 sm_free(out2); 1479 # endif /* SASL >= 20000 */ 1480 } 1481 else 1482 { 1483 /* not SASL_OK or SASL_CONT */ 1484 message("535 5.7.0 authentication failed"); 1485 if (LogLevel > 9) 1486 sm_syslog(LOG_WARNING, e->e_id, 1487 "AUTH failure (%s): %s (%d) %s, relay=%.100s", 1488 auth_type, 1489 sasl_errstring(result, NULL, 1490 NULL), 1491 result, 1492 # if SASL >= 20000 1493 sasl_errdetail(conn), 1494 # else /* SASL >= 20000 */ 1495 errstr == NULL ? "" : errstr, 1496 # endif /* SASL >= 20000 */ 1497 CurSmtpClient); 1498 RESET_SASLCONN; 1499 authenticating = SASL_NOT_AUTH; 1500 } 1501 } 1502 else 1503 { 1504 /* don't want to do any of this if authenticating */ 1505 #endif /* SASL */ 1506 1507 /* echo command to transcript */ 1508 if (e->e_xfp != NULL) 1509 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 1510 "<<< %s\n", inp); 1511 1512 if (LogLevel > 14) 1513 sm_syslog(LOG_INFO, e->e_id, "<-- %s", inp); 1514 1515 /* break off command */ 1516 for (p = inp; isascii(*p) && isspace(*p); p++) 1517 continue; 1518 cmd = cmdbuf; 1519 while (*p != '\0' && 1520 !(isascii(*p) && isspace(*p)) && 1521 cmd < &cmdbuf[sizeof(cmdbuf) - 2]) 1522 *cmd++ = *p++; 1523 *cmd = '\0'; 1524 1525 /* throw away leading whitespace */ 1526 SKIP_SPACE(p); 1527 1528 /* decode command */ 1529 for (c = CmdTab; c->cmd_name != NULL; c++) 1530 { 1531 if (sm_strcasecmp(c->cmd_name, cmdbuf) == 0) 1532 break; 1533 } 1534 1535 /* reset errors */ 1536 errno = 0; 1537 1538 /* check whether a "non-null" command has been used */ 1539 switch (c->cmd_code) 1540 { 1541 #if SASL 1542 case CMDAUTH: 1543 /* avoid information leak; take first two words? */ 1544 q = "AUTH"; 1545 break; 1546 #endif /* SASL */ 1547 1548 case CMDMAIL: 1549 case CMDEXPN: 1550 case CMDVRFY: 1551 case CMDETRN: 1552 lognullconnection = false; 1553 /* FALLTHROUGH */ 1554 default: 1555 q = inp; 1556 break; 1557 } 1558 1559 if (e->e_id == NULL) 1560 sm_setproctitle(true, e, "%s: %.80s", 1561 CurSmtpClient, q); 1562 else 1563 sm_setproctitle(true, e, "%s %s: %.80s", 1564 qid_printname(e), 1565 CurSmtpClient, q); 1566 1567 /* 1568 ** Process command. 1569 ** 1570 ** If we are running as a null server, return 550 1571 ** to almost everything. 1572 */ 1573 1574 if (nullserver != NULL || bitnset(D_ETRNONLY, d_flags)) 1575 { 1576 switch (c->cmd_code) 1577 { 1578 case CMDQUIT: 1579 case CMDHELO: 1580 case CMDEHLO: 1581 case CMDNOOP: 1582 case CMDRSET: 1583 case CMDERROR: 1584 /* process normally */ 1585 break; 1586 1587 case CMDETRN: 1588 if (bitnset(D_ETRNONLY, d_flags) && 1589 nullserver == NULL) 1590 break; 1591 DELAY_CONN("ETRN"); 1592 /* FALLTHROUGH */ 1593 1594 default: 1595 #if MAXBADCOMMANDS > 0 1596 /* theoretically this could overflow */ 1597 if (nullserver != NULL && 1598 ++n_badcmds > MAXBADCOMMANDS) 1599 { 1600 message("421 4.7.0 %s Too many bad commands; closing connection", 1601 MyHostName); 1602 1603 /* arrange to ignore send list */ 1604 e->e_sendqueue = NULL; 1605 goto doquit; 1606 } 1607 #endif /* MAXBADCOMMANDS > 0 */ 1608 if (nullserver != NULL) 1609 { 1610 if (ISSMTPREPLY(nullserver)) 1611 usrerr(nullserver); 1612 else 1613 usrerr("550 5.0.0 %s", 1614 nullserver); 1615 } 1616 else 1617 usrerr("452 4.4.5 Insufficient disk space; try again later"); 1618 continue; 1619 } 1620 } 1621 1622 switch (c->cmd_code) 1623 { 1624 #if SASL 1625 case CMDAUTH: /* sasl */ 1626 DELAY_CONN("AUTH"); 1627 if (!sasl_ok || n_mechs <= 0) 1628 { 1629 message("503 5.3.3 AUTH not available"); 1630 break; 1631 } 1632 if (authenticating == SASL_IS_AUTH) 1633 { 1634 message("503 5.5.0 Already Authenticated"); 1635 break; 1636 } 1637 if (smtp.sm_gotmail) 1638 { 1639 message("503 5.5.0 AUTH not permitted during a mail transaction"); 1640 break; 1641 } 1642 if (tempfail) 1643 { 1644 if (LogLevel > 9) 1645 sm_syslog(LOG_INFO, e->e_id, 1646 "SMTP AUTH command (%.100s) from %s tempfailed (due to previous checks)", 1647 p, CurSmtpClient); 1648 usrerr("454 4.3.0 Please try again later"); 1649 break; 1650 } 1651 1652 ismore = false; 1653 1654 /* crude way to avoid crack attempts */ 1655 STOP_IF_ATTACK(checksmtpattack(&n_auth, n_mechs + 1, 1656 true, "AUTH", e)); 1657 1658 /* make sure mechanism (p) is a valid string */ 1659 for (q = p; *q != '\0' && isascii(*q); q++) 1660 { 1661 if (isspace(*q)) 1662 { 1663 *q = '\0'; 1664 while (*++q != '\0' && 1665 isascii(*q) && isspace(*q)) 1666 continue; 1667 *(q - 1) = '\0'; 1668 ismore = (*q != '\0'); 1669 break; 1670 } 1671 } 1672 1673 if (*p == '\0') 1674 { 1675 message("501 5.5.2 AUTH mechanism must be specified"); 1676 break; 1677 } 1678 1679 /* check whether mechanism is available */ 1680 if (iteminlist(p, mechlist, " ") == NULL) 1681 { 1682 message("504 5.3.3 AUTH mechanism %.32s not available", 1683 p); 1684 break; 1685 } 1686 1687 /* 1688 ** RFC 2554 4. 1689 ** Unlike a zero-length client answer to a 1690 ** 334 reply, a zero- length initial response 1691 ** is sent as a single equals sign ("="). 1692 */ 1693 1694 if (ismore && *q == '=' && *(q + 1) == '\0') 1695 { 1696 /* will be free()d, don't use in=""; */ 1697 in = xalloc(1); 1698 *in = '\0'; 1699 inlen = 0; 1700 } 1701 else if (ismore) 1702 { 1703 /* could this be shorter? XXX */ 1704 # if SASL >= 20000 1705 in = xalloc(strlen(q) + 1); 1706 result = sasl_decode64(q, strlen(q), in, 1707 strlen(q), &inlen); 1708 # else /* SASL >= 20000 */ 1709 in = sm_rpool_malloc(e->e_rpool, strlen(q)); 1710 result = sasl_decode64(q, strlen(q), in, 1711 &inlen); 1712 # endif /* SASL >= 20000 */ 1713 if (result != SASL_OK) 1714 { 1715 message("501 5.5.4 cannot BASE64 decode '%s'", 1716 q); 1717 if (LogLevel > 5) 1718 sm_syslog(LOG_WARNING, e->e_id, 1719 "AUTH decode64 error [%d for \"%s\"], relay=%.100s", 1720 result, q, 1721 CurSmtpClient); 1722 /* start over? */ 1723 authenticating = SASL_NOT_AUTH; 1724 # if SASL >= 20000 1725 sm_free(in); 1726 # endif /* SASL >= 20000 */ 1727 in = NULL; 1728 inlen = 0; 1729 break; 1730 } 1731 } 1732 else 1733 { 1734 in = NULL; 1735 inlen = 0; 1736 } 1737 1738 /* see if that auth type exists */ 1739 # if SASL >= 20000 1740 result = sasl_server_start(conn, p, in, inlen, 1741 &out, &outlen); 1742 if (in != NULL) 1743 sm_free(in); 1744 # else /* SASL >= 20000 */ 1745 result = sasl_server_start(conn, p, in, inlen, 1746 &out, &outlen, &errstr); 1747 # endif /* SASL >= 20000 */ 1748 1749 if (result != SASL_OK && result != SASL_CONTINUE) 1750 { 1751 message("535 5.7.0 authentication failed"); 1752 if (LogLevel > 9) 1753 sm_syslog(LOG_ERR, e->e_id, 1754 "AUTH failure (%s): %s (%d) %s, relay=%.100s", 1755 p, 1756 sasl_errstring(result, NULL, 1757 NULL), 1758 result, 1759 # if SASL >= 20000 1760 sasl_errdetail(conn), 1761 # else /* SASL >= 20000 */ 1762 errstr, 1763 # endif /* SASL >= 20000 */ 1764 CurSmtpClient); 1765 RESET_SASLCONN; 1766 break; 1767 } 1768 auth_type = newstr(p); 1769 1770 if (result == SASL_OK) 1771 { 1772 /* ugly, but same code */ 1773 goto authenticated; 1774 /* authenticated by the initial response */ 1775 } 1776 1777 /* len is at least 2 */ 1778 len = ENC64LEN(outlen); 1779 out2 = xalloc(len); 1780 result = sasl_encode64(out, outlen, out2, len, 1781 &out2len); 1782 1783 if (result != SASL_OK) 1784 { 1785 message("454 4.5.4 Temporary authentication failure"); 1786 if (LogLevel > 5) 1787 sm_syslog(LOG_WARNING, e->e_id, 1788 "AUTH encode64 error [%d for \"%s\"]", 1789 result, out); 1790 1791 /* start over? */ 1792 authenticating = SASL_NOT_AUTH; 1793 RESET_SASLCONN; 1794 } 1795 else 1796 { 1797 message("334 %s", out2); 1798 authenticating = SASL_PROC_AUTH; 1799 } 1800 # if SASL >= 20000 1801 sm_free(out2); 1802 # endif /* SASL >= 20000 */ 1803 break; 1804 #endif /* SASL */ 1805 1806 #if STARTTLS 1807 case CMDSTLS: /* starttls */ 1808 DELAY_CONN("STARTTLS"); 1809 if (*p != '\0') 1810 { 1811 message("501 5.5.2 Syntax error (no parameters allowed)"); 1812 break; 1813 } 1814 if (!bitset(SRV_OFFER_TLS, features)) 1815 { 1816 message("503 5.5.0 TLS not available"); 1817 break; 1818 } 1819 if (!tls_ok_srv) 1820 { 1821 message("454 4.3.3 TLS not available after start"); 1822 break; 1823 } 1824 if (smtp.sm_gotmail) 1825 { 1826 message("503 5.5.0 TLS not permitted during a mail transaction"); 1827 break; 1828 } 1829 if (tempfail) 1830 { 1831 if (LogLevel > 9) 1832 sm_syslog(LOG_INFO, e->e_id, 1833 "SMTP STARTTLS command (%.100s) from %s tempfailed (due to previous checks)", 1834 p, CurSmtpClient); 1835 usrerr("454 4.7.0 Please try again later"); 1836 break; 1837 } 1838 starttls: 1839 # if TLS_NO_RSA 1840 /* 1841 ** XXX do we need a temp key ? 1842 */ 1843 # else /* TLS_NO_RSA */ 1844 # endif /* TLS_NO_RSA */ 1845 1846 # if TLS_VRFY_PER_CTX 1847 /* 1848 ** Note: this sets the verification globally 1849 ** (per SSL_CTX) 1850 ** it's ok since it applies only to one transaction 1851 */ 1852 1853 TLS_VERIFY_CLIENT(); 1854 # endif /* TLS_VRFY_PER_CTX */ 1855 1856 if (srv_ssl != NULL) 1857 SSL_clear(srv_ssl); 1858 else if ((srv_ssl = SSL_new(srv_ctx)) == NULL) 1859 { 1860 message("454 4.3.3 TLS not available: error generating SSL handle"); 1861 if (LogLevel > 8) 1862 tlslogerr("server"); 1863 goto tls_done; 1864 } 1865 1866 # if !TLS_VRFY_PER_CTX 1867 /* 1868 ** this could be used if it were possible to set 1869 ** verification per SSL (connection) 1870 ** not just per SSL_CTX (global) 1871 */ 1872 1873 TLS_VERIFY_CLIENT(); 1874 # endif /* !TLS_VRFY_PER_CTX */ 1875 1876 rfd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL); 1877 wfd = sm_io_getinfo(OutChannel, SM_IO_WHAT_FD, NULL); 1878 1879 if (rfd < 0 || wfd < 0 || 1880 SSL_set_rfd(srv_ssl, rfd) <= 0 || 1881 SSL_set_wfd(srv_ssl, wfd) <= 0) 1882 { 1883 message("454 4.3.3 TLS not available: error set fd"); 1884 SSL_free(srv_ssl); 1885 srv_ssl = NULL; 1886 goto tls_done; 1887 } 1888 if (!smtps) 1889 message("220 2.0.0 Ready to start TLS"); 1890 # if PIPELINING 1891 (void) sm_io_flush(OutChannel, SM_TIME_DEFAULT); 1892 # endif /* PIPELINING */ 1893 1894 SSL_set_accept_state(srv_ssl); 1895 1896 # define SSL_ACC(s) SSL_accept(s) 1897 1898 tlsstart = curtime(); 1899 ssl_retry: 1900 if ((r = SSL_ACC(srv_ssl)) <= 0) 1901 { 1902 int i, ssl_err; 1903 1904 ssl_err = SSL_get_error(srv_ssl, r); 1905 i = tls_retry(srv_ssl, rfd, wfd, tlsstart, 1906 TimeOuts.to_starttls, ssl_err, 1907 "server"); 1908 if (i > 0) 1909 goto ssl_retry; 1910 1911 if (LogLevel > 5) 1912 { 1913 sm_syslog(LOG_WARNING, NOQID, 1914 "STARTTLS=server, error: accept failed=%d, SSL_error=%d, errno=%d, retry=%d, relay=%.100s", 1915 r, ssl_err, errno, i, 1916 CurSmtpClient); 1917 if (LogLevel > 8) 1918 tlslogerr("server"); 1919 } 1920 tls_ok_srv = false; 1921 SSL_free(srv_ssl); 1922 srv_ssl = NULL; 1923 1924 /* 1925 ** according to the next draft of 1926 ** RFC 2487 the connection should be dropped 1927 */ 1928 1929 /* arrange to ignore any current send list */ 1930 e->e_sendqueue = NULL; 1931 goto doquit; 1932 } 1933 1934 /* ignore return code for now, it's in {verify} */ 1935 (void) tls_get_info(srv_ssl, true, 1936 CurSmtpClient, 1937 &BlankEnvelope.e_macro, 1938 bitset(SRV_VRFY_CLT, features)); 1939 1940 /* 1941 ** call Stls_client to find out whether 1942 ** to accept the connection from the client 1943 */ 1944 1945 saveQuickAbort = QuickAbort; 1946 saveSuprErrs = SuprErrs; 1947 SuprErrs = true; 1948 QuickAbort = false; 1949 if (rscheck("tls_client", 1950 macvalue(macid("{verify}"), e), 1951 "STARTTLS", e, 1952 RSF_RMCOMM|RSF_COUNT, 1953 5, NULL, NOQID, NULL) != EX_OK || 1954 Errors > 0) 1955 { 1956 extern char MsgBuf[]; 1957 1958 if (MsgBuf[0] != '\0' && ISSMTPREPLY(MsgBuf)) 1959 nullserver = newstr(MsgBuf); 1960 else 1961 nullserver = "503 5.7.0 Authentication required."; 1962 } 1963 QuickAbort = saveQuickAbort; 1964 SuprErrs = saveSuprErrs; 1965 1966 tls_ok_srv = false; /* don't offer STARTTLS again */ 1967 n_helo = 0; 1968 # if SASL 1969 if (sasl_ok) 1970 { 1971 int cipher_bits; 1972 bool verified; 1973 char *s, *v, *c; 1974 1975 s = macvalue(macid("{cipher_bits}"), e); 1976 v = macvalue(macid("{verify}"), e); 1977 c = macvalue(macid("{cert_subject}"), e); 1978 verified = (v != NULL && strcmp(v, "OK") == 0); 1979 if (s != NULL && (cipher_bits = atoi(s)) > 0) 1980 { 1981 # if SASL >= 20000 1982 ext_ssf = cipher_bits; 1983 auth_id = verified ? c : NULL; 1984 sasl_ok = ((sasl_setprop(conn, 1985 SASL_SSF_EXTERNAL, 1986 &ext_ssf) == SASL_OK) && 1987 (sasl_setprop(conn, 1988 SASL_AUTH_EXTERNAL, 1989 auth_id) == SASL_OK)); 1990 # else /* SASL >= 20000 */ 1991 ext_ssf.ssf = cipher_bits; 1992 ext_ssf.auth_id = verified ? c : NULL; 1993 sasl_ok = sasl_setprop(conn, 1994 SASL_SSF_EXTERNAL, 1995 &ext_ssf) == SASL_OK; 1996 # endif /* SASL >= 20000 */ 1997 mechlist = NULL; 1998 if (sasl_ok) 1999 n_mechs = saslmechs(conn, 2000 &mechlist); 2001 } 2002 } 2003 # endif /* SASL */ 2004 2005 /* switch to secure connection */ 2006 if (sfdctls(&InChannel, &OutChannel, srv_ssl) == 0) 2007 { 2008 tls_active = true; 2009 # if PIPELINING 2010 (void) sm_io_autoflush(InChannel, OutChannel); 2011 # endif /* PIPELINING */ 2012 } 2013 else 2014 { 2015 /* 2016 ** XXX this is an internal error 2017 ** how to deal with it? 2018 ** we can't generate an error message 2019 ** since the other side switched to an 2020 ** encrypted layer, but we could not... 2021 ** just "hang up"? 2022 */ 2023 2024 nullserver = "454 4.3.3 TLS not available: can't switch to encrypted layer"; 2025 syserr("STARTTLS: can't switch to encrypted layer"); 2026 } 2027 tls_done: 2028 if (smtps) 2029 { 2030 if (tls_active) 2031 goto greeting; 2032 else 2033 goto doquit; 2034 } 2035 break; 2036 #endif /* STARTTLS */ 2037 2038 case CMDHELO: /* hello -- introduce yourself */ 2039 case CMDEHLO: /* extended hello */ 2040 DELAY_CONN("EHLO"); 2041 if (c->cmd_code == CMDEHLO) 2042 { 2043 protocol = "ESMTP"; 2044 SmtpPhase = "server EHLO"; 2045 } 2046 else 2047 { 2048 protocol = "SMTP"; 2049 SmtpPhase = "server HELO"; 2050 } 2051 2052 /* avoid denial-of-service */ 2053 STOP_IF_ATTACK(checksmtpattack(&n_helo, MAXHELOCOMMANDS, 2054 true, "HELO/EHLO", e)); 2055 2056 #if 0 2057 /* RFC2821 4.1.4 allows duplicate HELO/EHLO */ 2058 /* check for duplicate HELO/EHLO per RFC 1651 4.2 */ 2059 if (gothello) 2060 { 2061 usrerr("503 %s Duplicate HELO/EHLO", 2062 MyHostName); 2063 break; 2064 } 2065 #endif /* 0 */ 2066 2067 /* check for valid domain name (re 1123 5.2.5) */ 2068 if (*p == '\0' && !AllowBogusHELO) 2069 { 2070 usrerr("501 %s requires domain address", 2071 cmdbuf); 2072 break; 2073 } 2074 2075 /* check for long domain name (hides Received: info) */ 2076 if (strlen(p) > MAXNAME) 2077 { 2078 usrerr("501 Invalid domain name"); 2079 if (LogLevel > 9) 2080 sm_syslog(LOG_INFO, CurEnv->e_id, 2081 "invalid domain name (too long) from %s", 2082 CurSmtpClient); 2083 break; 2084 } 2085 2086 ok = true; 2087 for (q = p; *q != '\0'; q++) 2088 { 2089 if (!isascii(*q)) 2090 break; 2091 if (isalnum(*q)) 2092 continue; 2093 if (isspace(*q)) 2094 { 2095 *q = '\0'; 2096 2097 /* only complain if strict check */ 2098 ok = AllowBogusHELO; 2099 2100 /* allow trailing whitespace */ 2101 while (!ok && *++q != '\0' && 2102 isspace(*q)) 2103 ; 2104 if (*q == '\0') 2105 ok = true; 2106 break; 2107 } 2108 if (strchr("[].-_#:", *q) == NULL) 2109 break; 2110 } 2111 2112 if (*q == '\0' && ok) 2113 { 2114 q = "pleased to meet you"; 2115 sendinghost = sm_strdup_x(p); 2116 } 2117 else if (!AllowBogusHELO) 2118 { 2119 usrerr("501 Invalid domain name"); 2120 if (LogLevel > 9) 2121 sm_syslog(LOG_INFO, CurEnv->e_id, 2122 "invalid domain name (%s) from %.100s", 2123 p, CurSmtpClient); 2124 break; 2125 } 2126 else 2127 { 2128 q = "accepting invalid domain name"; 2129 } 2130 2131 if (gothello || smtp.sm_gotmail) 2132 CLEAR_STATE(cmdbuf); 2133 2134 #if MILTER 2135 if (smtp.sm_milterlist && smtp.sm_milterize && 2136 !bitset(EF_DISCARD, e->e_flags)) 2137 { 2138 char state; 2139 char *response; 2140 2141 response = milter_helo(p, e, &state); 2142 switch (state) 2143 { 2144 case SMFIR_REJECT: 2145 if (MilterLogLevel > 3) 2146 sm_syslog(LOG_INFO, e->e_id, 2147 "Milter: helo=%s, reject=Command rejected", 2148 p); 2149 nullserver = "Command rejected"; 2150 smtp.sm_milterize = false; 2151 break; 2152 2153 case SMFIR_TEMPFAIL: 2154 if (MilterLogLevel > 3) 2155 sm_syslog(LOG_INFO, e->e_id, 2156 "Milter: helo=%s, reject=%s", 2157 p, MSG_TEMPFAIL); 2158 tempfail = true; 2159 smtp.sm_milterize = false; 2160 break; 2161 2162 case SMFIR_REPLYCODE: 2163 if (MilterLogLevel > 3) 2164 sm_syslog(LOG_INFO, e->e_id, 2165 "Milter: helo=%s, reject=%s", 2166 p, response); 2167 if (strncmp(response, "421 ", 4) != 0 2168 && strncmp(response, "421-", 4) != 0) 2169 { 2170 nullserver = newstr(response); 2171 smtp.sm_milterize = false; 2172 break; 2173 } 2174 /* FALLTHROUGH */ 2175 2176 case SMFIR_SHUTDOWN: 2177 if (MilterLogLevel > 3 && 2178 response == NULL) 2179 sm_syslog(LOG_INFO, e->e_id, 2180 "Milter: helo=%s, reject=421 4.7.0 %s closing connection", 2181 p, MyHostName); 2182 tempfail = true; 2183 smtp.sm_milterize = false; 2184 if (response != NULL) 2185 usrerr(response); 2186 else 2187 message("421 4.7.0 %s closing connection", 2188 MyHostName); 2189 /* arrange to ignore send list */ 2190 e->e_sendqueue = NULL; 2191 lognullconnection = false; 2192 goto doquit; 2193 } 2194 if (response != NULL) 2195 sm_free(response); 2196 2197 /* 2198 ** If quarantining by a connect/ehlo action, 2199 ** save between messages 2200 */ 2201 2202 if (smtp.sm_quarmsg == NULL && 2203 e->e_quarmsg != NULL) 2204 smtp.sm_quarmsg = newstr(e->e_quarmsg); 2205 } 2206 #endif /* MILTER */ 2207 gothello = true; 2208 2209 /* print HELO response message */ 2210 if (c->cmd_code != CMDEHLO) 2211 { 2212 message("250 %s Hello %s, %s", 2213 MyHostName, CurSmtpClient, q); 2214 break; 2215 } 2216 2217 message("250-%s Hello %s, %s", 2218 MyHostName, CurSmtpClient, q); 2219 2220 /* offer ENHSC even for nullserver */ 2221 if (nullserver != NULL) 2222 { 2223 message("250 ENHANCEDSTATUSCODES"); 2224 break; 2225 } 2226 2227 /* 2228 ** print EHLO features list 2229 ** 2230 ** Note: If you change this list, 2231 ** remember to update 'helpfile' 2232 */ 2233 2234 message("250-ENHANCEDSTATUSCODES"); 2235 #if PIPELINING 2236 if (bitset(SRV_OFFER_PIPE, features)) 2237 message("250-PIPELINING"); 2238 #endif /* PIPELINING */ 2239 if (bitset(SRV_OFFER_EXPN, features)) 2240 { 2241 message("250-EXPN"); 2242 if (bitset(SRV_OFFER_VERB, features)) 2243 message("250-VERB"); 2244 } 2245 #if MIME8TO7 2246 message("250-8BITMIME"); 2247 #endif /* MIME8TO7 */ 2248 if (MaxMessageSize > 0) 2249 message("250-SIZE %ld", MaxMessageSize); 2250 else 2251 message("250-SIZE"); 2252 #if DSN 2253 if (SendMIMEErrors && bitset(SRV_OFFER_DSN, features)) 2254 message("250-DSN"); 2255 #endif /* DSN */ 2256 if (bitset(SRV_OFFER_ETRN, features)) 2257 message("250-ETRN"); 2258 #if SASL 2259 if (sasl_ok && mechlist != NULL && *mechlist != '\0') 2260 message("250-AUTH %s", mechlist); 2261 #endif /* SASL */ 2262 #if STARTTLS 2263 if (tls_ok_srv && 2264 bitset(SRV_OFFER_TLS, features)) 2265 message("250-STARTTLS"); 2266 #endif /* STARTTLS */ 2267 if (DeliverByMin > 0) 2268 message("250-DELIVERBY %ld", 2269 (long) DeliverByMin); 2270 else if (DeliverByMin == 0) 2271 message("250-DELIVERBY"); 2272 2273 /* < 0: no deliver-by */ 2274 2275 message("250 HELP"); 2276 break; 2277 2278 case CMDMAIL: /* mail -- designate sender */ 2279 SmtpPhase = "server MAIL"; 2280 DELAY_CONN("MAIL"); 2281 2282 /* check for validity of this command */ 2283 if (!gothello && bitset(PRIV_NEEDMAILHELO, PrivacyFlags)) 2284 { 2285 usrerr("503 5.0.0 Polite people say HELO first"); 2286 break; 2287 } 2288 if (smtp.sm_gotmail) 2289 { 2290 usrerr("503 5.5.0 Sender already specified"); 2291 break; 2292 } 2293 #if SASL 2294 if (bitset(SRV_REQ_AUTH, features) && 2295 authenticating != SASL_IS_AUTH) 2296 { 2297 usrerr("530 5.7.0 Authentication required"); 2298 break; 2299 } 2300 #endif /* SASL */ 2301 2302 p = skipword(p, "from"); 2303 if (p == NULL) 2304 break; 2305 if (tempfail) 2306 { 2307 if (LogLevel > 9) 2308 sm_syslog(LOG_INFO, e->e_id, 2309 "SMTP MAIL command (%.100s) from %s tempfailed (due to previous checks)", 2310 p, CurSmtpClient); 2311 usrerr(MSG_TEMPFAIL); 2312 break; 2313 } 2314 2315 /* make sure we know who the sending host is */ 2316 if (sendinghost == NULL) 2317 sendinghost = peerhostname; 2318 2319 2320 #if SM_HEAP_CHECK 2321 if (sm_debug_active(&DebugLeakSmtp, 1)) 2322 { 2323 sm_heap_newgroup(); 2324 sm_dprintf("smtp() heap group #%d\n", 2325 sm_heap_group()); 2326 } 2327 #endif /* SM_HEAP_CHECK */ 2328 2329 if (Errors > 0) 2330 goto undo_no_pm; 2331 if (!gothello) 2332 { 2333 auth_warning(e, "%s didn't use HELO protocol", 2334 CurSmtpClient); 2335 } 2336 #ifdef PICKY_HELO_CHECK 2337 if (sm_strcasecmp(sendinghost, peerhostname) != 0 && 2338 (sm_strcasecmp(peerhostname, "localhost") != 0 || 2339 sm_strcasecmp(sendinghost, MyHostName) != 0)) 2340 { 2341 auth_warning(e, "Host %s claimed to be %s", 2342 CurSmtpClient, sendinghost); 2343 } 2344 #endif /* PICKY_HELO_CHECK */ 2345 2346 if (protocol == NULL) 2347 protocol = "SMTP"; 2348 macdefine(&e->e_macro, A_PERM, 'r', protocol); 2349 macdefine(&e->e_macro, A_PERM, 's', sendinghost); 2350 2351 if (Errors > 0) 2352 goto undo_no_pm; 2353 smtp.sm_nrcpts = 0; 2354 n_badrcpts = 0; 2355 macdefine(&e->e_macro, A_PERM, macid("{ntries}"), "0"); 2356 macdefine(&e->e_macro, A_PERM, macid("{nrcpts}"), "0"); 2357 macdefine(&e->e_macro, A_PERM, macid("{nbadrcpts}"), 2358 "0"); 2359 e->e_flags |= EF_CLRQUEUE; 2360 sm_setproctitle(true, e, "%s %s: %.80s", 2361 qid_printname(e), 2362 CurSmtpClient, inp); 2363 2364 /* do the processing */ 2365 SM_TRY 2366 { 2367 extern char *FullName; 2368 2369 QuickAbort = true; 2370 SM_FREE_CLR(FullName); 2371 2372 /* must parse sender first */ 2373 delimptr = NULL; 2374 setsender(p, e, &delimptr, ' ', false); 2375 if (delimptr != NULL && *delimptr != '\0') 2376 *delimptr++ = '\0'; 2377 if (Errors > 0) 2378 sm_exc_raisenew_x(&EtypeQuickAbort, 1); 2379 2380 /* Successfully set e_from, allow logging */ 2381 e->e_flags |= EF_LOGSENDER; 2382 2383 /* put resulting triple from parseaddr() into macros */ 2384 if (e->e_from.q_mailer != NULL) 2385 macdefine(&e->e_macro, A_PERM, 2386 macid("{mail_mailer}"), 2387 e->e_from.q_mailer->m_name); 2388 else 2389 macdefine(&e->e_macro, A_PERM, 2390 macid("{mail_mailer}"), NULL); 2391 if (e->e_from.q_host != NULL) 2392 macdefine(&e->e_macro, A_PERM, 2393 macid("{mail_host}"), 2394 e->e_from.q_host); 2395 else 2396 macdefine(&e->e_macro, A_PERM, 2397 macid("{mail_host}"), "localhost"); 2398 if (e->e_from.q_user != NULL) 2399 macdefine(&e->e_macro, A_PERM, 2400 macid("{mail_addr}"), 2401 e->e_from.q_user); 2402 else 2403 macdefine(&e->e_macro, A_PERM, 2404 macid("{mail_addr}"), NULL); 2405 if (Errors > 0) 2406 sm_exc_raisenew_x(&EtypeQuickAbort, 1); 2407 2408 /* check for possible spoofing */ 2409 if (RealUid != 0 && OpMode == MD_SMTP && 2410 !wordinclass(RealUserName, 't') && 2411 (!bitnset(M_LOCALMAILER, 2412 e->e_from.q_mailer->m_flags) || 2413 strcmp(e->e_from.q_user, RealUserName) != 0)) 2414 { 2415 auth_warning(e, "%s owned process doing -bs", 2416 RealUserName); 2417 } 2418 2419 /* reset to default value */ 2420 SevenBitInput = SevenBitInput_Saved; 2421 2422 /* now parse ESMTP arguments */ 2423 e->e_msgsize = 0; 2424 addr = p; 2425 parse_esmtp_args(e, NULL, p, delimptr, "MAIL", args, 2426 mail_esmtp_args); 2427 if (Errors > 0) 2428 sm_exc_raisenew_x(&EtypeQuickAbort, 1); 2429 2430 #if SASL 2431 # if _FFR_AUTH_PASSING 2432 /* set the default AUTH= if the sender didn't */ 2433 if (e->e_auth_param == NULL) 2434 { 2435 /* XXX only do this for an MSA? */ 2436 e->e_auth_param = macvalue(macid("{auth_authen}"), 2437 e); 2438 if (e->e_auth_param == NULL) 2439 e->e_auth_param = "<>"; 2440 2441 /* 2442 ** XXX should we invoke Strust_auth now? 2443 ** authorizing as the client that just 2444 ** authenticated, so we'll trust implicitly 2445 */ 2446 } 2447 # endif /* _FFR_AUTH_PASSING */ 2448 #endif /* SASL */ 2449 2450 /* do config file checking of the sender */ 2451 macdefine(&e->e_macro, A_PERM, 2452 macid("{addr_type}"), "e s"); 2453 #if _FFR_MAIL_MACRO 2454 /* make the "real" sender address available */ 2455 macdefine(&e->e_macro, A_TEMP, macid("{mail_from}"), 2456 e->e_from.q_paddr); 2457 #endif /* _FFR_MAIL_MACRO */ 2458 if (rscheck("check_mail", addr, 2459 NULL, e, RSF_RMCOMM|RSF_COUNT, 3, 2460 NULL, e->e_id, NULL) != EX_OK || 2461 Errors > 0) 2462 sm_exc_raisenew_x(&EtypeQuickAbort, 1); 2463 macdefine(&e->e_macro, A_PERM, 2464 macid("{addr_type}"), NULL); 2465 2466 if (MaxMessageSize > 0 && 2467 (e->e_msgsize > MaxMessageSize || 2468 e->e_msgsize < 0)) 2469 { 2470 usrerr("552 5.2.3 Message size exceeds fixed maximum message size (%ld)", 2471 MaxMessageSize); 2472 sm_exc_raisenew_x(&EtypeQuickAbort, 1); 2473 } 2474 2475 /* 2476 ** XXX always check whether there is at least one fs 2477 ** with enough space? 2478 ** However, this may not help much: the queue group 2479 ** selection may later on select a FS that hasn't 2480 ** enough space. 2481 */ 2482 2483 if ((NumFileSys == 1 || NumQueue == 1) && 2484 !enoughdiskspace(e->e_msgsize, e) 2485 #if _FFR_ANY_FREE_FS 2486 && !filesys_free(e->e_msgsize) 2487 #endif /* _FFR_ANY_FREE_FS */ 2488 ) 2489 { 2490 /* 2491 ** We perform this test again when the 2492 ** queue directory is selected, in collect. 2493 */ 2494 2495 usrerr("452 4.4.5 Insufficient disk space; try again later"); 2496 sm_exc_raisenew_x(&EtypeQuickAbort, 1); 2497 } 2498 if (Errors > 0) 2499 sm_exc_raisenew_x(&EtypeQuickAbort, 1); 2500 2501 LogUsrErrs = true; 2502 #if MILTER 2503 if (smtp.sm_milterlist && smtp.sm_milterize && 2504 !bitset(EF_DISCARD, e->e_flags)) 2505 { 2506 char state; 2507 char *response; 2508 2509 response = milter_envfrom(args, e, &state); 2510 MILTER_REPLY("from"); 2511 } 2512 #endif /* MILTER */ 2513 if (Errors > 0) 2514 sm_exc_raisenew_x(&EtypeQuickAbort, 1); 2515 2516 message("250 2.1.0 Sender ok"); 2517 smtp.sm_gotmail = true; 2518 } 2519 SM_EXCEPT(exc, "[!F]*") 2520 { 2521 /* 2522 ** An error occurred while processing a MAIL command. 2523 ** Jump to the common error handling code. 2524 */ 2525 2526 sm_exc_free(exc); 2527 goto undo_no_pm; 2528 } 2529 SM_END_TRY 2530 break; 2531 2532 undo_no_pm: 2533 e->e_flags &= ~EF_PM_NOTIFY; 2534 undo: 2535 break; 2536 2537 case CMDRCPT: /* rcpt -- designate recipient */ 2538 DELAY_CONN("RCPT"); 2539 macdefine(&e->e_macro, A_PERM, 2540 macid("{rcpt_mailer}"), NULL); 2541 macdefine(&e->e_macro, A_PERM, 2542 macid("{rcpt_host}"), NULL); 2543 macdefine(&e->e_macro, A_PERM, 2544 macid("{rcpt_addr}"), NULL); 2545 #if MILTER 2546 (void) memset(&addr_st, '\0', sizeof(addr_st)); 2547 a = NULL; 2548 milter_rcpt_added = false; 2549 smtp.sm_e_nrcpts_orig = e->e_nrcpts; 2550 #endif 2551 #if _FFR_BADRCPT_SHUTDOWN 2552 /* 2553 ** hack to deal with hack, see below: 2554 ** n_badrcpts is increased if limit is reached. 2555 */ 2556 2557 n_badrcpts_adj = (BadRcptThrottle > 0 && 2558 n_badrcpts > BadRcptThrottle && 2559 LogLevel > 5) 2560 ? n_badrcpts - 1 : n_badrcpts; 2561 if (BadRcptShutdown > 0 && 2562 n_badrcpts_adj >= BadRcptShutdown && 2563 (BadRcptShutdownGood == 0 || 2564 smtp.sm_nrcpts == 0 || 2565 (n_badrcpts_adj * 100 / 2566 (smtp.sm_nrcpts + n_badrcpts) >= 2567 BadRcptShutdownGood))) 2568 { 2569 if (LogLevel > 5) 2570 sm_syslog(LOG_INFO, e->e_id, 2571 "%s: Possible SMTP RCPT flood, shutting down connection.", 2572 CurSmtpClient); 2573 message("421 4.7.0 %s Too many bad recipients; closing connection", 2574 MyHostName); 2575 2576 /* arrange to ignore any current send list */ 2577 e->e_sendqueue = NULL; 2578 goto doquit; 2579 } 2580 #endif /* _FFR_BADRCPT_SHUTDOWN */ 2581 if (BadRcptThrottle > 0 && 2582 n_badrcpts >= BadRcptThrottle) 2583 { 2584 if (LogLevel > 5 && 2585 n_badrcpts == BadRcptThrottle) 2586 { 2587 sm_syslog(LOG_INFO, e->e_id, 2588 "%s: Possible SMTP RCPT flood, throttling.", 2589 CurSmtpClient); 2590 2591 /* To avoid duplicated message */ 2592 n_badrcpts++; 2593 } 2594 NBADRCPTS; 2595 2596 /* 2597 ** Don't use exponential backoff for now. 2598 ** Some systems will open more connections 2599 ** and actually overload the receiver even 2600 ** more. 2601 */ 2602 2603 (void) sleep(BadRcptThrottleDelay); 2604 } 2605 if (!smtp.sm_gotmail) 2606 { 2607 usrerr("503 5.0.0 Need MAIL before RCPT"); 2608 break; 2609 } 2610 SmtpPhase = "server RCPT"; 2611 SM_TRY 2612 { 2613 QuickAbort = true; 2614 LogUsrErrs = true; 2615 2616 /* limit flooding of our machine */ 2617 if (MaxRcptPerMsg > 0 && 2618 smtp.sm_nrcpts >= MaxRcptPerMsg) 2619 { 2620 /* sleep(1); / * slow down? */ 2621 usrerr("452 4.5.3 Too many recipients"); 2622 goto rcpt_done; 2623 } 2624 2625 if (e->e_sendmode != SM_DELIVER 2626 #if _FFR_DM_ONE 2627 && (NotFirstDelivery || SM_DM_ONE != e->e_sendmode) 2628 #endif /* _FFR_DM_ONE */ 2629 ) 2630 e->e_flags |= EF_VRFYONLY; 2631 2632 #if MILTER 2633 /* 2634 ** Do not expand recipients at RCPT time (in the call 2635 ** to recipient()) if a milter can delete or reject 2636 ** a RCPT. If they are expanded, it is impossible 2637 ** for removefromlist() to figure out the expanded 2638 ** members of the original recipient and mark them 2639 ** as QS_DONTSEND. 2640 */ 2641 2642 if (!(smtp.sm_milterlist && smtp.sm_milterize && 2643 !bitset(EF_DISCARD, e->e_flags)) && 2644 (smtp.sm_milters.mis_flags & 2645 (MIS_FL_DEL_RCPT|MIS_FL_REJ_RCPT)) != 0) 2646 e->e_flags |= EF_VRFYONLY; 2647 milter_cmd_done = false; 2648 milter_cmd_safe = false; 2649 #endif /* MILTER */ 2650 2651 p = skipword(p, "to"); 2652 if (p == NULL) 2653 goto rcpt_done; 2654 macdefine(&e->e_macro, A_PERM, 2655 macid("{addr_type}"), "e r"); 2656 a = parseaddr(p, NULLADDR, RF_COPYALL, ' ', &delimptr, 2657 e, true); 2658 macdefine(&e->e_macro, A_PERM, 2659 macid("{addr_type}"), NULL); 2660 if (Errors > 0) 2661 goto rcpt_done; 2662 if (a == NULL) 2663 { 2664 usrerr("501 5.0.0 Missing recipient"); 2665 goto rcpt_done; 2666 } 2667 2668 if (delimptr != NULL && *delimptr != '\0') 2669 *delimptr++ = '\0'; 2670 2671 /* put resulting triple from parseaddr() into macros */ 2672 if (a->q_mailer != NULL) 2673 macdefine(&e->e_macro, A_PERM, 2674 macid("{rcpt_mailer}"), 2675 a->q_mailer->m_name); 2676 else 2677 macdefine(&e->e_macro, A_PERM, 2678 macid("{rcpt_mailer}"), NULL); 2679 if (a->q_host != NULL) 2680 macdefine(&e->e_macro, A_PERM, 2681 macid("{rcpt_host}"), a->q_host); 2682 else 2683 macdefine(&e->e_macro, A_PERM, 2684 macid("{rcpt_host}"), "localhost"); 2685 if (a->q_user != NULL) 2686 macdefine(&e->e_macro, A_PERM, 2687 macid("{rcpt_addr}"), a->q_user); 2688 else 2689 macdefine(&e->e_macro, A_PERM, 2690 macid("{rcpt_addr}"), NULL); 2691 if (Errors > 0) 2692 goto rcpt_done; 2693 2694 /* now parse ESMTP arguments */ 2695 addr = p; 2696 parse_esmtp_args(e, a, p, delimptr, "RCPT", args, 2697 rcpt_esmtp_args); 2698 if (Errors > 0) 2699 goto rcpt_done; 2700 2701 #if MILTER 2702 /* 2703 ** rscheck() can trigger an "exception" 2704 ** in which case the execution continues at 2705 ** SM_EXCEPT(exc, "[!F]*") 2706 ** This means milter_cmd_safe is not set 2707 ** and hence milter is not invoked. 2708 ** Would it be "safe" to change that, i.e., use 2709 ** milter_cmd_safe = true; 2710 ** here so a milter is informed (if requested) 2711 ** about RCPTs that are rejected by check_rcpt? 2712 */ 2713 # if _FFR_MILTER_CHECK_REJECTIONS_TOO 2714 milter_cmd_safe = true; 2715 # endif 2716 #endif 2717 2718 /* do config file checking of the recipient */ 2719 macdefine(&e->e_macro, A_PERM, 2720 macid("{addr_type}"), "e r"); 2721 if (rscheck("check_rcpt", addr, 2722 NULL, e, RSF_RMCOMM|RSF_COUNT, 3, 2723 NULL, e->e_id, p_addr_st) != EX_OK || 2724 Errors > 0) 2725 goto rcpt_done; 2726 macdefine(&e->e_macro, A_PERM, 2727 macid("{addr_type}"), NULL); 2728 2729 /* If discarding, don't bother to verify user */ 2730 if (bitset(EF_DISCARD, e->e_flags)) 2731 a->q_state = QS_VERIFIED; 2732 #if MILTER 2733 milter_cmd_safe = true; 2734 #endif 2735 2736 /* save in recipient list after ESMTP mods */ 2737 a = recipient(a, &e->e_sendqueue, 0, e); 2738 /* may trigger exception... */ 2739 2740 #if MILTER 2741 milter_rcpt_added = true; 2742 #endif 2743 2744 if(!(Errors > 0) && QS_IS_BADADDR(a->q_state)) 2745 { 2746 /* punt -- should keep message in ADDRESS.... */ 2747 usrerr("550 5.1.1 Addressee unknown"); 2748 } 2749 2750 #if MILTER 2751 rcpt_done: 2752 if (smtp.sm_milterlist && smtp.sm_milterize && 2753 !bitset(EF_DISCARD, e->e_flags)) 2754 { 2755 char state; 2756 char *response; 2757 2758 /* how to get the error codes? */ 2759 if (Errors > 0) 2760 { 2761 macdefine(&e->e_macro, A_PERM, 2762 macid("{rcpt_mailer}"), 2763 "error"); 2764 if (a != NULL && 2765 a->q_status != NULL && 2766 a->q_rstatus != NULL) 2767 { 2768 macdefine(&e->e_macro, A_PERM, 2769 macid("{rcpt_host}"), 2770 a->q_status); 2771 macdefine(&e->e_macro, A_PERM, 2772 macid("{rcpt_addr}"), 2773 a->q_rstatus); 2774 } 2775 else 2776 { 2777 if (addr_st.q_host != NULL) 2778 macdefine(&e->e_macro, 2779 A_PERM, 2780 macid("{rcpt_host}"), 2781 addr_st.q_host); 2782 if (addr_st.q_user != NULL) 2783 macdefine(&e->e_macro, 2784 A_PERM, 2785 macid("{rcpt_addr}"), 2786 addr_st.q_user); 2787 } 2788 } 2789 2790 response = milter_envrcpt(args, e, &state, 2791 Errors > 0); 2792 milter_cmd_done = true; 2793 MILTER_REPLY("to"); 2794 } 2795 #endif /* MILTER */ 2796 2797 /* no errors during parsing, but might be a duplicate */ 2798 e->e_to = a->q_paddr; 2799 if (!(Errors > 0) && !QS_IS_BADADDR(a->q_state)) 2800 { 2801 if (smtp.sm_nrcpts == 0) 2802 initsys(e); 2803 message("250 2.1.5 Recipient ok%s", 2804 QS_IS_QUEUEUP(a->q_state) ? 2805 " (will queue)" : ""); 2806 smtp.sm_nrcpts++; 2807 } 2808 2809 /* Is this needed? */ 2810 #if !MILTER 2811 rcpt_done: 2812 #endif /* !MILTER */ 2813 macdefine(&e->e_macro, A_PERM, 2814 macid("{rcpt_mailer}"), NULL); 2815 macdefine(&e->e_macro, A_PERM, 2816 macid("{rcpt_host}"), NULL); 2817 macdefine(&e->e_macro, A_PERM, 2818 macid("{rcpt_addr}"), NULL); 2819 macdefine(&e->e_macro, A_PERM, 2820 macid("{dsn_notify}"), NULL); 2821 2822 if (Errors > 0) 2823 { 2824 ++n_badrcpts; 2825 NBADRCPTS; 2826 } 2827 } 2828 SM_EXCEPT(exc, "[!F]*") 2829 { 2830 /* An exception occurred while processing RCPT */ 2831 e->e_flags &= ~(EF_FATALERRS|EF_PM_NOTIFY); 2832 ++n_badrcpts; 2833 NBADRCPTS; 2834 #if MILTER 2835 if (smtp.sm_milterlist && smtp.sm_milterize && 2836 !bitset(EF_DISCARD, e->e_flags) && 2837 !milter_cmd_done && milter_cmd_safe) 2838 { 2839 char state; 2840 char *response; 2841 2842 macdefine(&e->e_macro, A_PERM, 2843 macid("{rcpt_mailer}"), "error"); 2844 2845 /* how to get the error codes? */ 2846 if (addr_st.q_host != NULL) 2847 macdefine(&e->e_macro, A_PERM, 2848 macid("{rcpt_host}"), 2849 addr_st.q_host); 2850 else if (a != NULL && a->q_status != NULL) 2851 macdefine(&e->e_macro, A_PERM, 2852 macid("{rcpt_host}"), 2853 a->q_status); 2854 2855 if (addr_st.q_user != NULL) 2856 macdefine(&e->e_macro, A_PERM, 2857 macid("{rcpt_addr}"), 2858 addr_st.q_user); 2859 else if (a != NULL && a->q_rstatus != NULL) 2860 macdefine(&e->e_macro, A_PERM, 2861 macid("{rcpt_addr}"), 2862 a->q_rstatus); 2863 2864 response = milter_envrcpt(args, e, &state, 2865 true); 2866 milter_cmd_done = true; 2867 MILTER_REPLY("to"); 2868 macdefine(&e->e_macro, A_PERM, 2869 macid("{rcpt_mailer}"), NULL); 2870 macdefine(&e->e_macro, A_PERM, 2871 macid("{rcpt_host}"), NULL); 2872 macdefine(&e->e_macro, A_PERM, 2873 macid("{rcpt_addr}"), NULL); 2874 } 2875 if (smtp.sm_milterlist && smtp.sm_milterize && 2876 milter_rcpt_added && milter_cmd_done && 2877 milter_cmd_fail) 2878 { 2879 (void) removefromlist(addr, &e->e_sendqueue, e); 2880 milter_cmd_fail = false; 2881 if (smtp.sm_e_nrcpts_orig < e->e_nrcpts) 2882 e->e_nrcpts = smtp.sm_e_nrcpts_orig; 2883 } 2884 #endif /* MILTER */ 2885 } 2886 SM_END_TRY 2887 break; 2888 2889 case CMDDATA: /* data -- text of mail */ 2890 DELAY_CONN("DATA"); 2891 if (!smtp_data(&smtp, e)) 2892 goto doquit; 2893 break; 2894 2895 case CMDRSET: /* rset -- reset state */ 2896 if (tTd(94, 100)) 2897 message("451 4.0.0 Test failure"); 2898 else 2899 message("250 2.0.0 Reset state"); 2900 CLEAR_STATE(cmdbuf); 2901 break; 2902 2903 case CMDVRFY: /* vrfy -- verify address */ 2904 case CMDEXPN: /* expn -- expand address */ 2905 vrfy = c->cmd_code == CMDVRFY; 2906 DELAY_CONN(vrfy ? "VRFY" : "EXPN"); 2907 if (tempfail) 2908 { 2909 if (LogLevel > 9) 2910 sm_syslog(LOG_INFO, e->e_id, 2911 "SMTP %s command (%.100s) from %s tempfailed (due to previous checks)", 2912 vrfy ? "VRFY" : "EXPN", 2913 p, CurSmtpClient); 2914 2915 /* RFC 821 doesn't allow 4xy reply code */ 2916 usrerr("550 5.7.1 Please try again later"); 2917 break; 2918 } 2919 wt = checksmtpattack(&n_verifies, MAXVRFYCOMMANDS, 2920 false, vrfy ? "VRFY" : "EXPN", e); 2921 STOP_IF_ATTACK(wt); 2922 previous = curtime(); 2923 if ((vrfy && bitset(PRIV_NOVRFY, PrivacyFlags)) || 2924 (!vrfy && !bitset(SRV_OFFER_EXPN, features))) 2925 { 2926 if (vrfy) 2927 message("252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)"); 2928 else 2929 message("502 5.7.0 Sorry, we do not allow this operation"); 2930 if (LogLevel > 5) 2931 sm_syslog(LOG_INFO, e->e_id, 2932 "%s: %s [rejected]", 2933 CurSmtpClient, 2934 shortenstring(inp, MAXSHORTSTR)); 2935 break; 2936 } 2937 else if (!gothello && 2938 bitset(vrfy ? PRIV_NEEDVRFYHELO : PRIV_NEEDEXPNHELO, 2939 PrivacyFlags)) 2940 { 2941 usrerr("503 5.0.0 I demand that you introduce yourself first"); 2942 break; 2943 } 2944 if (Errors > 0) 2945 break; 2946 if (LogLevel > 5) 2947 sm_syslog(LOG_INFO, e->e_id, "%s: %s", 2948 CurSmtpClient, 2949 shortenstring(inp, MAXSHORTSTR)); 2950 SM_TRY 2951 { 2952 QuickAbort = true; 2953 vrfyqueue = NULL; 2954 if (vrfy) 2955 e->e_flags |= EF_VRFYONLY; 2956 while (*p != '\0' && isascii(*p) && isspace(*p)) 2957 p++; 2958 if (*p == '\0') 2959 { 2960 usrerr("501 5.5.2 Argument required"); 2961 } 2962 else 2963 { 2964 /* do config file checking of the address */ 2965 if (rscheck(vrfy ? "check_vrfy" : "check_expn", 2966 p, NULL, e, RSF_RMCOMM, 2967 3, NULL, NOQID, NULL) != EX_OK || 2968 Errors > 0) 2969 sm_exc_raisenew_x(&EtypeQuickAbort, 1); 2970 (void) sendtolist(p, NULLADDR, &vrfyqueue, 0, e); 2971 } 2972 if (wt > 0) 2973 { 2974 time_t t; 2975 2976 t = wt - (curtime() - previous); 2977 if (t > 0) 2978 (void) sleep(t); 2979 } 2980 if (Errors > 0) 2981 sm_exc_raisenew_x(&EtypeQuickAbort, 1); 2982 if (vrfyqueue == NULL) 2983 { 2984 usrerr("554 5.5.2 Nothing to %s", vrfy ? "VRFY" : "EXPN"); 2985 } 2986 while (vrfyqueue != NULL) 2987 { 2988 if (!QS_IS_UNDELIVERED(vrfyqueue->q_state)) 2989 { 2990 vrfyqueue = vrfyqueue->q_next; 2991 continue; 2992 } 2993 2994 /* see if there is more in the vrfy list */ 2995 a = vrfyqueue; 2996 while ((a = a->q_next) != NULL && 2997 (!QS_IS_UNDELIVERED(a->q_state))) 2998 continue; 2999 printvrfyaddr(vrfyqueue, a == NULL, vrfy); 3000 vrfyqueue = a; 3001 } 3002 } 3003 SM_EXCEPT(exc, "[!F]*") 3004 { 3005 /* 3006 ** An exception occurred while processing VRFY/EXPN 3007 */ 3008 3009 sm_exc_free(exc); 3010 goto undo; 3011 } 3012 SM_END_TRY 3013 break; 3014 3015 case CMDETRN: /* etrn -- force queue flush */ 3016 DELAY_CONN("ETRN"); 3017 3018 /* Don't leak queue information via debug flags */ 3019 if (!bitset(SRV_OFFER_ETRN, features) || UseMSP || 3020 (RealUid != 0 && RealUid != TrustedUid && 3021 OpMode == MD_SMTP)) 3022 { 3023 /* different message for MSA ? */ 3024 message("502 5.7.0 Sorry, we do not allow this operation"); 3025 if (LogLevel > 5) 3026 sm_syslog(LOG_INFO, e->e_id, 3027 "%s: %s [rejected]", 3028 CurSmtpClient, 3029 shortenstring(inp, MAXSHORTSTR)); 3030 break; 3031 } 3032 if (tempfail) 3033 { 3034 if (LogLevel > 9) 3035 sm_syslog(LOG_INFO, e->e_id, 3036 "SMTP ETRN command (%.100s) from %s tempfailed (due to previous checks)", 3037 p, CurSmtpClient); 3038 usrerr(MSG_TEMPFAIL); 3039 break; 3040 } 3041 3042 if (strlen(p) <= 0) 3043 { 3044 usrerr("500 5.5.2 Parameter required"); 3045 break; 3046 } 3047 3048 /* crude way to avoid denial-of-service attacks */ 3049 STOP_IF_ATTACK(checksmtpattack(&n_etrn, MAXETRNCOMMANDS, 3050 true, "ETRN", e)); 3051 3052 /* 3053 ** Do config file checking of the parameter. 3054 ** Even though we have srv_features now, we still 3055 ** need this ruleset because the former is called 3056 ** when the connection has been established, while 3057 ** this ruleset is called when the command is 3058 ** actually issued and therefore has all information 3059 ** available to make a decision. 3060 */ 3061 3062 if (rscheck("check_etrn", p, NULL, e, 3063 RSF_RMCOMM, 3, NULL, NOQID, NULL) 3064 != EX_OK || 3065 Errors > 0) 3066 break; 3067 3068 if (LogLevel > 5) 3069 sm_syslog(LOG_INFO, e->e_id, 3070 "%s: ETRN %s", CurSmtpClient, 3071 shortenstring(p, MAXSHORTSTR)); 3072 3073 id = p; 3074 if (*id == '#') 3075 { 3076 int i, qgrp; 3077 3078 id++; 3079 qgrp = name2qid(id); 3080 if (!ISVALIDQGRP(qgrp)) 3081 { 3082 usrerr("459 4.5.4 Queue %s unknown", 3083 id); 3084 break; 3085 } 3086 for (i = 0; i < NumQueue && Queue[i] != NULL; 3087 i++) 3088 Queue[i]->qg_nextrun = (time_t) -1; 3089 Queue[qgrp]->qg_nextrun = 0; 3090 ok = run_work_group(Queue[qgrp]->qg_wgrp, 3091 RWG_FORK|RWG_FORCE); 3092 if (ok && Errors == 0) 3093 message("250 2.0.0 Queuing for queue group %s started", id); 3094 break; 3095 } 3096 3097 if (*id == '@') 3098 id++; 3099 else 3100 *--id = '@'; 3101 3102 new = (QUEUE_CHAR *) sm_malloc(sizeof(QUEUE_CHAR)); 3103 if (new == NULL) 3104 { 3105 syserr("500 5.5.0 ETRN out of memory"); 3106 break; 3107 } 3108 new->queue_match = id; 3109 new->queue_negate = false; 3110 new->queue_next = NULL; 3111 QueueLimitRecipient = new; 3112 ok = runqueue(true, false, false, true); 3113 sm_free(QueueLimitRecipient); /* XXX */ 3114 QueueLimitRecipient = NULL; 3115 if (ok && Errors == 0) 3116 message("250 2.0.0 Queuing for node %s started", p); 3117 break; 3118 3119 case CMDHELP: /* help -- give user info */ 3120 DELAY_CONN("HELP"); 3121 help(p, e); 3122 break; 3123 3124 case CMDNOOP: /* noop -- do nothing */ 3125 DELAY_CONN("NOOP"); 3126 STOP_IF_ATTACK(checksmtpattack(&n_noop, MaxNOOPCommands, 3127 true, "NOOP", e)); 3128 message("250 2.0.0 OK"); 3129 break; 3130 3131 case CMDQUIT: /* quit -- leave mail */ 3132 message("221 2.0.0 %s closing connection", MyHostName); 3133 #if PIPELINING 3134 (void) sm_io_flush(OutChannel, SM_TIME_DEFAULT); 3135 #endif /* PIPELINING */ 3136 3137 if (smtp.sm_nrcpts > 0) 3138 logundelrcpts(e, "aborted by sender", 9, false); 3139 3140 /* arrange to ignore any current send list */ 3141 e->e_sendqueue = NULL; 3142 3143 #if STARTTLS 3144 /* shutdown TLS connection */ 3145 if (tls_active) 3146 { 3147 (void) endtls(srv_ssl, "server"); 3148 tls_active = false; 3149 } 3150 #endif /* STARTTLS */ 3151 #if SASL 3152 if (authenticating == SASL_IS_AUTH) 3153 { 3154 sasl_dispose(&conn); 3155 authenticating = SASL_NOT_AUTH; 3156 /* XXX sasl_done(); this is a child */ 3157 } 3158 #endif /* SASL */ 3159 3160 doquit: 3161 /* avoid future 050 messages */ 3162 disconnect(1, e); 3163 3164 #if MILTER 3165 /* close out milter filters */ 3166 milter_quit(e); 3167 #endif /* MILTER */ 3168 3169 if (tTd(92, 2)) 3170 sm_dprintf("QUIT: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n", 3171 e->e_id, 3172 bitset(EF_LOGSENDER, e->e_flags), 3173 LogLevel); 3174 if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) 3175 logsender(e, NULL); 3176 e->e_flags &= ~EF_LOGSENDER; 3177 3178 if (lognullconnection && LogLevel > 5 && 3179 nullserver == NULL) 3180 { 3181 char *d; 3182 3183 d = macvalue(macid("{daemon_name}"), e); 3184 if (d == NULL) 3185 d = "stdin"; 3186 3187 /* 3188 ** even though this id is "bogus", it makes 3189 ** it simpler to "grep" related events, e.g., 3190 ** timeouts for the same connection. 3191 */ 3192 3193 sm_syslog(LOG_INFO, e->e_id, 3194 "%s did not issue MAIL/EXPN/VRFY/ETRN during connection to %s", 3195 CurSmtpClient, d); 3196 } 3197 if (tTd(93, 100)) 3198 { 3199 /* return to handle next connection */ 3200 return; 3201 } 3202 finis(true, true, ExitStat); 3203 /* NOTREACHED */ 3204 3205 /* just to avoid bogus warning from some compilers */ 3206 exit(EX_OSERR); 3207 3208 case CMDVERB: /* set verbose mode */ 3209 DELAY_CONN("VERB"); 3210 if (!bitset(SRV_OFFER_EXPN, features) || 3211 !bitset(SRV_OFFER_VERB, features)) 3212 { 3213 /* this would give out the same info */ 3214 message("502 5.7.0 Verbose unavailable"); 3215 break; 3216 } 3217 STOP_IF_ATTACK(checksmtpattack(&n_noop, MaxNOOPCommands, 3218 true, "VERB", e)); 3219 Verbose = 1; 3220 set_delivery_mode(SM_DELIVER, e); 3221 message("250 2.0.0 Verbose mode"); 3222 break; 3223 3224 #if SMTPDEBUG 3225 case CMDDBGQSHOW: /* show queues */ 3226 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 3227 "Send Queue="); 3228 printaddr(smioout, e->e_sendqueue, true); 3229 break; 3230 3231 case CMDDBGDEBUG: /* set debug mode */ 3232 tTsetup(tTdvect, sizeof(tTdvect), "0-99.1"); 3233 tTflag(p); 3234 message("200 2.0.0 Debug set"); 3235 break; 3236 3237 #else /* SMTPDEBUG */ 3238 case CMDDBGQSHOW: /* show queues */ 3239 case CMDDBGDEBUG: /* set debug mode */ 3240 #endif /* SMTPDEBUG */ 3241 case CMDLOGBOGUS: /* bogus command */ 3242 DELAY_CONN("Bogus"); 3243 if (LogLevel > 0) 3244 sm_syslog(LOG_CRIT, e->e_id, 3245 "\"%s\" command from %s (%.100s)", 3246 c->cmd_name, CurSmtpClient, 3247 anynet_ntoa(&RealHostAddr)); 3248 /* FALLTHROUGH */ 3249 3250 case CMDERROR: /* unknown command */ 3251 #if MAXBADCOMMANDS > 0 3252 if (++n_badcmds > MAXBADCOMMANDS) 3253 { 3254 stopattack: 3255 message("421 4.7.0 %s Too many bad commands; closing connection", 3256 MyHostName); 3257 3258 /* arrange to ignore any current send list */ 3259 e->e_sendqueue = NULL; 3260 goto doquit; 3261 } 3262 #endif /* MAXBADCOMMANDS > 0 */ 3263 3264 #if MILTER && SMFI_VERSION > 2 3265 if (smtp.sm_milterlist && smtp.sm_milterize && 3266 !bitset(EF_DISCARD, e->e_flags)) 3267 { 3268 char state; 3269 char *response; 3270 3271 if (MilterLogLevel > 9) 3272 sm_syslog(LOG_INFO, e->e_id, 3273 "Sending \"%s\" to Milter", inp); 3274 response = milter_unknown(inp, e, &state); 3275 MILTER_REPLY("unknown"); 3276 if (state == SMFIR_REPLYCODE || 3277 state == SMFIR_REJECT || 3278 state == SMFIR_TEMPFAIL || 3279 state == SMFIR_SHUTDOWN) 3280 { 3281 /* MILTER_REPLY already gave an error */ 3282 break; 3283 } 3284 } 3285 #endif /* MILTER && SMFI_VERSION > 2 */ 3286 3287 usrerr("500 5.5.1 Command unrecognized: \"%s\"", 3288 shortenstring(inp, MAXSHORTSTR)); 3289 break; 3290 3291 case CMDUNIMPL: 3292 DELAY_CONN("Unimpl"); 3293 usrerr("502 5.5.1 Command not implemented: \"%s\"", 3294 shortenstring(inp, MAXSHORTSTR)); 3295 break; 3296 3297 default: 3298 DELAY_CONN("default"); 3299 errno = 0; 3300 syserr("500 5.5.0 smtp: unknown code %d", c->cmd_code); 3301 break; 3302 } 3303 #if SASL 3304 } 3305 #endif /* SASL */ 3306 } 3307 SM_EXCEPT(exc, "[!F]*") 3308 { 3309 /* 3310 ** The only possible exception is "E:mta.quickabort". 3311 ** There is nothing to do except fall through and loop. 3312 */ 3313 } 3314 SM_END_TRY 3315 } 3316 } 3317 /* 3318 ** SMTP_DATA -- implement the SMTP DATA command. 3319 ** 3320 ** Parameters: 3321 ** smtp -- status of SMTP connection. 3322 ** e -- envelope. 3323 ** 3324 ** Returns: 3325 ** true iff SMTP session can continue. 3326 ** 3327 ** Side Effects: 3328 ** possibly sends message. 3329 */ 3330 3331 static bool 3332 smtp_data(smtp, e) 3333 SMTP_T *smtp; 3334 ENVELOPE *e; 3335 { 3336 #if MILTER 3337 bool milteraccept; 3338 #endif /* MILTER */ 3339 bool aborting; 3340 bool doublequeue; 3341 bool rv = true; 3342 ADDRESS *a; 3343 ENVELOPE *ee; 3344 char *id; 3345 char *oldid; 3346 unsigned int features; 3347 char buf[32]; 3348 3349 SmtpPhase = "server DATA"; 3350 if (!smtp->sm_gotmail) 3351 { 3352 usrerr("503 5.0.0 Need MAIL command"); 3353 return true; 3354 } 3355 else if (smtp->sm_nrcpts <= 0) 3356 { 3357 usrerr("503 5.0.0 Need RCPT (recipient)"); 3358 return true; 3359 } 3360 (void) sm_snprintf(buf, sizeof(buf), "%u", smtp->sm_nrcpts); 3361 if (rscheck("check_data", buf, NULL, e, 3362 RSF_RMCOMM|RSF_UNSTRUCTURED|RSF_COUNT, 3, NULL, 3363 e->e_id, NULL) != EX_OK) 3364 return true; 3365 3366 #if MILTER && SMFI_VERSION > 3 3367 if (smtp->sm_milterlist && smtp->sm_milterize && 3368 !bitset(EF_DISCARD, e->e_flags)) 3369 { 3370 char state; 3371 char *response; 3372 int savelogusrerrs = LogUsrErrs; 3373 3374 response = milter_data_cmd(e, &state); 3375 switch (state) 3376 { 3377 case SMFIR_REPLYCODE: 3378 if (MilterLogLevel > 3) 3379 { 3380 sm_syslog(LOG_INFO, e->e_id, 3381 "Milter: cmd=data, reject=%s", 3382 response); 3383 LogUsrErrs = false; 3384 } 3385 #if _FFR_MILTER_ENHSC 3386 if (ISSMTPCODE(response)) 3387 (void) extenhsc(response + 4, ' ', e->e_enhsc); 3388 #endif /* _FFR_MILTER_ENHSC */ 3389 3390 usrerr(response); 3391 if (strncmp(response, "421 ", 4) == 0 3392 || strncmp(response, "421-", 4) == 0) 3393 { 3394 e->e_sendqueue = NULL; 3395 return false; 3396 } 3397 return true; 3398 3399 case SMFIR_REJECT: 3400 if (MilterLogLevel > 3) 3401 { 3402 sm_syslog(LOG_INFO, e->e_id, 3403 "Milter: cmd=data, reject=550 5.7.1 Command rejected"); 3404 LogUsrErrs = false; 3405 } 3406 #if _FFR_MILTER_ENHSC 3407 (void) sm_strlcpy(e->e_enhsc, "5.7.1", 3408 sizeof(e->e_enhsc)); 3409 #endif /* _FFR_MILTER_ENHSC */ 3410 usrerr("550 5.7.1 Command rejected"); 3411 return true; 3412 3413 case SMFIR_DISCARD: 3414 if (MilterLogLevel > 3) 3415 sm_syslog(LOG_INFO, e->e_id, 3416 "Milter: cmd=data, discard"); 3417 e->e_flags |= EF_DISCARD; 3418 break; 3419 3420 case SMFIR_TEMPFAIL: 3421 if (MilterLogLevel > 3) 3422 { 3423 sm_syslog(LOG_INFO, e->e_id, 3424 "Milter: cmd=data, reject=%s", 3425 MSG_TEMPFAIL); 3426 LogUsrErrs = false; 3427 } 3428 #if _FFR_MILTER_ENHSC 3429 (void) extenhsc(MSG_TEMPFAIL + 4, ' ', e->e_enhsc); 3430 #endif /* _FFR_MILTER_ENHSC */ 3431 usrerr(MSG_TEMPFAIL); 3432 return true; 3433 3434 case SMFIR_SHUTDOWN: 3435 if (MilterLogLevel > 3) 3436 { 3437 sm_syslog(LOG_INFO, e->e_id, 3438 "Milter: cmd=data, reject=421 4.7.0 %s closing connection", 3439 MyHostName); 3440 LogUsrErrs = false; 3441 } 3442 usrerr("421 4.7.0 %s closing connection", MyHostName); 3443 e->e_sendqueue = NULL; 3444 return false; 3445 } 3446 LogUsrErrs = savelogusrerrs; 3447 if (response != NULL) 3448 sm_free(response); /* XXX */ 3449 } 3450 #endif /* MILTER && SMFI_VERSION > 3 */ 3451 3452 /* put back discard bit */ 3453 if (smtp->sm_discard) 3454 e->e_flags |= EF_DISCARD; 3455 3456 /* check to see if we need to re-expand aliases */ 3457 /* also reset QS_BADADDR on already-diagnosted addrs */ 3458 doublequeue = false; 3459 for (a = e->e_sendqueue; a != NULL; a = a->q_next) 3460 { 3461 if (QS_IS_VERIFIED(a->q_state) && 3462 !bitset(EF_DISCARD, e->e_flags)) 3463 { 3464 /* need to re-expand aliases */ 3465 doublequeue = true; 3466 } 3467 if (QS_IS_BADADDR(a->q_state)) 3468 { 3469 /* make this "go away" */ 3470 a->q_state = QS_DONTSEND; 3471 } 3472 } 3473 3474 /* collect the text of the message */ 3475 SmtpPhase = "collect"; 3476 buffer_errors(); 3477 3478 collect(InChannel, true, NULL, e, true); 3479 3480 /* redefine message size */ 3481 (void) sm_snprintf(buf, sizeof(buf), "%ld", e->e_msgsize); 3482 macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"), buf); 3483 3484 /* rscheck() will set Errors or EF_DISCARD if it trips */ 3485 (void) rscheck("check_eom", buf, NULL, e, RSF_UNSTRUCTURED|RSF_COUNT, 3486 3, NULL, e->e_id, NULL); 3487 3488 #if MILTER 3489 milteraccept = true; 3490 if (smtp->sm_milterlist && smtp->sm_milterize && 3491 Errors <= 0 && 3492 !bitset(EF_DISCARD, e->e_flags)) 3493 { 3494 char state; 3495 char *response; 3496 3497 response = milter_data(e, &state); 3498 switch (state) 3499 { 3500 case SMFIR_REPLYCODE: 3501 if (MilterLogLevel > 3) 3502 sm_syslog(LOG_INFO, e->e_id, 3503 "Milter: data, reject=%s", 3504 response); 3505 milteraccept = false; 3506 #if _FFR_MILTER_ENHSC 3507 if (ISSMTPCODE(response)) 3508 (void) extenhsc(response + 4, ' ', e->e_enhsc); 3509 #endif /* _FFR_MILTER_ENHSC */ 3510 usrerr(response); 3511 if (strncmp(response, "421 ", 4) == 0 3512 || strncmp(response, "421-", 4) == 0) 3513 rv = false; 3514 break; 3515 3516 case SMFIR_REJECT: 3517 milteraccept = false; 3518 if (MilterLogLevel > 3) 3519 sm_syslog(LOG_INFO, e->e_id, 3520 "Milter: data, reject=554 5.7.1 Command rejected"); 3521 usrerr("554 5.7.1 Command rejected"); 3522 break; 3523 3524 case SMFIR_DISCARD: 3525 if (MilterLogLevel > 3) 3526 sm_syslog(LOG_INFO, e->e_id, 3527 "Milter: data, discard"); 3528 milteraccept = false; 3529 e->e_flags |= EF_DISCARD; 3530 break; 3531 3532 case SMFIR_TEMPFAIL: 3533 if (MilterLogLevel > 3) 3534 sm_syslog(LOG_INFO, e->e_id, 3535 "Milter: data, reject=%s", 3536 MSG_TEMPFAIL); 3537 milteraccept = false; 3538 #if _FFR_MILTER_ENHSC 3539 (void) extenhsc(MSG_TEMPFAIL + 4, ' ', e->e_enhsc); 3540 #endif /* _FFR_MILTER_ENHSC */ 3541 usrerr(MSG_TEMPFAIL); 3542 break; 3543 3544 case SMFIR_SHUTDOWN: 3545 if (MilterLogLevel > 3) 3546 sm_syslog(LOG_INFO, e->e_id, 3547 "Milter: data, reject=421 4.7.0 %s closing connection", 3548 MyHostName); 3549 milteraccept = false; 3550 usrerr("421 4.7.0 %s closing connection", MyHostName); 3551 rv = false; 3552 break; 3553 } 3554 if (response != NULL) 3555 sm_free(response); 3556 } 3557 3558 /* Milter may have changed message size */ 3559 (void) sm_snprintf(buf, sizeof(buf), "%ld", e->e_msgsize); 3560 macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"), buf); 3561 3562 /* abort message filters that didn't get the body & log msg is OK */ 3563 if (smtp->sm_milterlist && smtp->sm_milterize) 3564 { 3565 milter_abort(e); 3566 if (milteraccept && MilterLogLevel > 9) 3567 sm_syslog(LOG_INFO, e->e_id, "Milter accept: message"); 3568 } 3569 3570 /* 3571 ** If SuperSafe is SAFE_REALLY_POSTMILTER, and we don't have milter or 3572 ** milter accepted message, sync it now 3573 ** 3574 ** XXX This is almost a copy of the code in collect(): put it into 3575 ** a function that is called from both places? 3576 */ 3577 3578 if (milteraccept && SuperSafe == SAFE_REALLY_POSTMILTER) 3579 { 3580 int afd; 3581 SM_FILE_T *volatile df; 3582 char *dfname; 3583 3584 df = e->e_dfp; 3585 dfname = queuename(e, DATAFL_LETTER); 3586 if (sm_io_setinfo(df, SM_BF_COMMIT, NULL) < 0 3587 && errno != EINVAL) 3588 { 3589 int save_errno; 3590 3591 save_errno = errno; 3592 if (save_errno == EEXIST) 3593 { 3594 struct stat st; 3595 int dfd; 3596 3597 if (stat(dfname, &st) < 0) 3598 st.st_size = -1; 3599 errno = EEXIST; 3600 syserr("@collect: bfcommit(%s): already on disk, size=%ld", 3601 dfname, (long) st.st_size); 3602 dfd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL); 3603 if (dfd >= 0) 3604 dumpfd(dfd, true, true); 3605 } 3606 errno = save_errno; 3607 dferror(df, "bfcommit", e); 3608 flush_errors(true); 3609 finis(save_errno != EEXIST, true, ExitStat); 3610 } 3611 else if ((afd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL)) < 0) 3612 { 3613 dferror(df, "sm_io_getinfo", e); 3614 flush_errors(true); 3615 finis(true, true, ExitStat); 3616 /* NOTREACHED */ 3617 } 3618 else if (fsync(afd) < 0) 3619 { 3620 dferror(df, "fsync", e); 3621 flush_errors(true); 3622 finis(true, true, ExitStat); 3623 /* NOTREACHED */ 3624 } 3625 else if (sm_io_close(df, SM_TIME_DEFAULT) < 0) 3626 { 3627 dferror(df, "sm_io_close", e); 3628 flush_errors(true); 3629 finis(true, true, ExitStat); 3630 /* NOTREACHED */ 3631 } 3632 3633 /* Now reopen the df file */ 3634 e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, dfname, 3635 SM_IO_RDONLY, NULL); 3636 if (e->e_dfp == NULL) 3637 { 3638 /* we haven't acked receipt yet, so just chuck this */ 3639 syserr("@Cannot reopen %s", dfname); 3640 finis(true, true, ExitStat); 3641 /* NOTREACHED */ 3642 } 3643 } 3644 #endif /* MILTER */ 3645 3646 /* Check if quarantining stats should be updated */ 3647 if (e->e_quarmsg != NULL) 3648 markstats(e, NULL, STATS_QUARANTINE); 3649 3650 /* 3651 ** If a header/body check (header checks or milter) 3652 ** set EF_DISCARD, don't queueup the message -- 3653 ** that would lose the EF_DISCARD bit and deliver 3654 ** the message. 3655 */ 3656 3657 if (bitset(EF_DISCARD, e->e_flags)) 3658 doublequeue = false; 3659 3660 aborting = Errors > 0; 3661 if (!(aborting || bitset(EF_DISCARD, e->e_flags)) && 3662 (QueueMode == QM_QUARANTINE || e->e_quarmsg == NULL) && 3663 !split_by_recipient(e)) 3664 aborting = bitset(EF_FATALERRS, e->e_flags); 3665 3666 if (aborting) 3667 { 3668 ADDRESS *q; 3669 3670 /* Log who the mail would have gone to */ 3671 logundelrcpts(e, e->e_message, 8, false); 3672 3673 /* 3674 ** If something above refused the message, we still haven't 3675 ** accepted responsibility for it. Don't send DSNs. 3676 */ 3677 3678 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 3679 q->q_flags &= ~Q_PINGFLAGS; 3680 3681 flush_errors(true); 3682 buffer_errors(); 3683 goto abortmessage; 3684 } 3685 3686 /* from now on, we have to operate silently */ 3687 buffer_errors(); 3688 3689 #if 0 3690 /* 3691 ** Clear message, it may contain an error from the SMTP dialogue. 3692 ** This error must not show up in the queue. 3693 ** Some error message should show up, e.g., alias database 3694 ** not available, but others shouldn't, e.g., from check_rcpt. 3695 */ 3696 3697 e->e_message = NULL; 3698 #endif /* 0 */ 3699 3700 /* 3701 ** Arrange to send to everyone. 3702 ** If sending to multiple people, mail back 3703 ** errors rather than reporting directly. 3704 ** In any case, don't mail back errors for 3705 ** anything that has happened up to 3706 ** now (the other end will do this). 3707 ** Truncate our transcript -- the mail has gotten 3708 ** to us successfully, and if we have 3709 ** to mail this back, it will be easier 3710 ** on the reader. 3711 ** Then send to everyone. 3712 ** Finally give a reply code. If an error has 3713 ** already been given, don't mail a 3714 ** message back. 3715 ** We goose error returns by clearing error bit. 3716 */ 3717 3718 SmtpPhase = "delivery"; 3719 (void) sm_io_setinfo(e->e_xfp, SM_BF_TRUNCATE, NULL); 3720 id = e->e_id; 3721 3722 #if NAMED_BIND 3723 _res.retry = TimeOuts.res_retry[RES_TO_FIRST]; 3724 _res.retrans = TimeOuts.res_retrans[RES_TO_FIRST]; 3725 #endif /* NAMED_BIND */ 3726 3727 for (ee = e; ee != NULL; ee = ee->e_sibling) 3728 { 3729 /* make sure we actually do delivery */ 3730 ee->e_flags &= ~EF_CLRQUEUE; 3731 3732 /* from now on, operate silently */ 3733 ee->e_errormode = EM_MAIL; 3734 3735 if (doublequeue) 3736 { 3737 /* make sure it is in the queue */ 3738 queueup(ee, false, true); 3739 } 3740 else 3741 { 3742 int mode; 3743 3744 /* send to all recipients */ 3745 mode = SM_DEFAULT; 3746 #if _FFR_DM_ONE 3747 if (SM_DM_ONE == e->e_sendmode) 3748 { 3749 if (NotFirstDelivery) 3750 { 3751 mode = SM_QUEUE; 3752 e->e_sendmode = SM_QUEUE; 3753 } 3754 else 3755 { 3756 mode = SM_FORK; 3757 NotFirstDelivery = true; 3758 } 3759 } 3760 #endif /* _FFR_DM_ONE */ 3761 sendall(ee, mode); 3762 } 3763 ee->e_to = NULL; 3764 } 3765 3766 /* put back id for SMTP logging in putoutmsg() */ 3767 oldid = CurEnv->e_id; 3768 CurEnv->e_id = id; 3769 3770 /* issue success message */ 3771 #if _FFR_MSG_ACCEPT 3772 if (MessageAccept != NULL && *MessageAccept != '\0') 3773 { 3774 char msg[MAXLINE]; 3775 3776 expand(MessageAccept, msg, sizeof(msg), e); 3777 message("250 2.0.0 %s", msg); 3778 } 3779 else 3780 #endif /* _FFR_MSG_ACCEPT */ 3781 message("250 2.0.0 %s Message accepted for delivery", id); 3782 CurEnv->e_id = oldid; 3783 3784 /* if we just queued, poke it */ 3785 if (doublequeue) 3786 { 3787 bool anything_to_send = false; 3788 3789 sm_getla(); 3790 for (ee = e; ee != NULL; ee = ee->e_sibling) 3791 { 3792 if (WILL_BE_QUEUED(ee->e_sendmode)) 3793 continue; 3794 if (shouldqueue(ee->e_msgpriority, ee->e_ctime)) 3795 { 3796 ee->e_sendmode = SM_QUEUE; 3797 continue; 3798 } 3799 else if (QueueMode != QM_QUARANTINE && 3800 ee->e_quarmsg != NULL) 3801 { 3802 ee->e_sendmode = SM_QUEUE; 3803 continue; 3804 } 3805 anything_to_send = true; 3806 3807 /* close all the queue files */ 3808 closexscript(ee); 3809 if (ee->e_dfp != NULL) 3810 { 3811 (void) sm_io_close(ee->e_dfp, SM_TIME_DEFAULT); 3812 ee->e_dfp = NULL; 3813 } 3814 unlockqueue(ee); 3815 } 3816 if (anything_to_send) 3817 { 3818 #if PIPELINING 3819 /* 3820 ** XXX if we don't do this, we get 250 twice 3821 ** because it is also flushed in the child. 3822 */ 3823 3824 (void) sm_io_flush(OutChannel, SM_TIME_DEFAULT); 3825 #endif /* PIPELINING */ 3826 (void) doworklist(e, true, true); 3827 } 3828 } 3829 3830 abortmessage: 3831 if (tTd(92, 2)) 3832 sm_dprintf("abortmessage: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n", 3833 e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel); 3834 if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) 3835 logsender(e, NULL); 3836 e->e_flags &= ~EF_LOGSENDER; 3837 3838 /* clean up a bit */ 3839 smtp->sm_gotmail = false; 3840 3841 /* 3842 ** Call dropenvelope if and only if the envelope is *not* 3843 ** being processed by the child process forked by doworklist(). 3844 */ 3845 3846 if (aborting || bitset(EF_DISCARD, e->e_flags)) 3847 (void) dropenvelope(e, true, false); 3848 else 3849 { 3850 for (ee = e; ee != NULL; ee = ee->e_sibling) 3851 { 3852 if (!doublequeue && 3853 QueueMode != QM_QUARANTINE && 3854 ee->e_quarmsg != NULL) 3855 { 3856 (void) dropenvelope(ee, true, false); 3857 continue; 3858 } 3859 if (WILL_BE_QUEUED(ee->e_sendmode)) 3860 (void) dropenvelope(ee, true, false); 3861 } 3862 } 3863 3864 CurEnv = e; 3865 features = e->e_features; 3866 sm_rpool_free(e->e_rpool); 3867 newenvelope(e, e, sm_rpool_new_x(NULL)); 3868 e->e_flags = BlankEnvelope.e_flags; 3869 e->e_features = features; 3870 3871 /* restore connection quarantining */ 3872 if (smtp->sm_quarmsg == NULL) 3873 { 3874 e->e_quarmsg = NULL; 3875 macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), ""); 3876 } 3877 else 3878 { 3879 e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, smtp->sm_quarmsg); 3880 macdefine(&e->e_macro, A_PERM, 3881 macid("{quarantine}"), e->e_quarmsg); 3882 } 3883 return rv; 3884 } 3885 /* 3886 ** LOGUNDELRCPTS -- log undelivered (or all) recipients. 3887 ** 3888 ** Parameters: 3889 ** e -- envelope. 3890 ** msg -- message for Stat= 3891 ** level -- log level. 3892 ** all -- log all recipients. 3893 ** 3894 ** Returns: 3895 ** none. 3896 ** 3897 ** Side Effects: 3898 ** logs undelivered (or all) recipients 3899 */ 3900 3901 void 3902 logundelrcpts(e, msg, level, all) 3903 ENVELOPE *e; 3904 char *msg; 3905 int level; 3906 bool all; 3907 { 3908 ADDRESS *a; 3909 3910 if (LogLevel <= level || msg == NULL || *msg == '\0') 3911 return; 3912 3913 /* Clear $h so relay= doesn't get mislogged by logdelivery() */ 3914 macdefine(&e->e_macro, A_PERM, 'h', NULL); 3915 3916 /* Log who the mail would have gone to */ 3917 for (a = e->e_sendqueue; a != NULL; a = a->q_next) 3918 { 3919 if (!QS_IS_UNDELIVERED(a->q_state) && !all) 3920 continue; 3921 e->e_to = a->q_paddr; 3922 logdelivery(NULL, NULL, 3923 #if _FFR_MILTER_ENHSC 3924 (a->q_status == NULL && e->e_enhsc[0] != '\0') 3925 ? e->e_enhsc : 3926 #endif /* _FFR_MILTER_ENHSC */ 3927 a->q_status, 3928 msg, NULL, (time_t) 0, e); 3929 } 3930 e->e_to = NULL; 3931 } 3932 /* 3933 ** CHECKSMTPATTACK -- check for denial-of-service attack by repetition 3934 ** 3935 ** Parameters: 3936 ** pcounter -- pointer to a counter for this command. 3937 ** maxcount -- maximum value for this counter before we 3938 ** slow down. 3939 ** waitnow -- sleep now (in this routine)? 3940 ** cname -- command name for logging. 3941 ** e -- the current envelope. 3942 ** 3943 ** Returns: 3944 ** time to wait, 3945 ** STOP_ATTACK if twice as many commands as allowed and 3946 ** MaxChildren > 0. 3947 ** 3948 ** Side Effects: 3949 ** Slows down if we seem to be under attack. 3950 */ 3951 3952 static time_t 3953 checksmtpattack(pcounter, maxcount, waitnow, cname, e) 3954 volatile unsigned int *pcounter; 3955 unsigned int maxcount; 3956 bool waitnow; 3957 char *cname; 3958 ENVELOPE *e; 3959 { 3960 if (maxcount <= 0) /* no limit */ 3961 return (time_t) 0; 3962 3963 if (++(*pcounter) >= maxcount) 3964 { 3965 unsigned int shift; 3966 time_t s; 3967 3968 if (*pcounter == maxcount && LogLevel > 5) 3969 { 3970 sm_syslog(LOG_INFO, e->e_id, 3971 "%s: possible SMTP attack: command=%.40s, count=%u", 3972 CurSmtpClient, cname, *pcounter); 3973 } 3974 shift = *pcounter - maxcount; 3975 s = 1 << shift; 3976 if (shift > MAXSHIFT || s >= MAXTIMEOUT || s <= 0) 3977 s = MAXTIMEOUT; 3978 3979 #define IS_ATTACK(s) ((MaxChildren > 0 && *pcounter >= maxcount * 2) \ 3980 ? STOP_ATTACK : (time_t) s) 3981 3982 /* sleep at least 1 second before returning */ 3983 (void) sleep(*pcounter / maxcount); 3984 s -= *pcounter / maxcount; 3985 if (s >= MAXTIMEOUT || s < 0) 3986 s = MAXTIMEOUT; 3987 if (waitnow && s > 0) 3988 { 3989 (void) sleep(s); 3990 return IS_ATTACK(0); 3991 } 3992 return IS_ATTACK(s); 3993 } 3994 return (time_t) 0; 3995 } 3996 /* 3997 ** SETUP_SMTPD_IO -- setup I/O fd correctly for the SMTP server 3998 ** 3999 ** Parameters: 4000 ** none. 4001 ** 4002 ** Returns: 4003 ** nothing. 4004 ** 4005 ** Side Effects: 4006 ** may change I/O fd. 4007 */ 4008 4009 static void 4010 setup_smtpd_io() 4011 { 4012 int inchfd, outchfd, outfd; 4013 4014 inchfd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL); 4015 outchfd = sm_io_getinfo(OutChannel, SM_IO_WHAT_FD, NULL); 4016 outfd = sm_io_getinfo(smioout, SM_IO_WHAT_FD, NULL); 4017 if (outchfd != outfd) 4018 { 4019 /* arrange for debugging output to go to remote host */ 4020 (void) dup2(outchfd, outfd); 4021 } 4022 4023 /* 4024 ** if InChannel and OutChannel are stdin/stdout 4025 ** and connected to ttys 4026 ** and fcntl(STDIN, F_SETFL, O_NONBLOCKING) also changes STDOUT, 4027 ** then "chain" them together. 4028 */ 4029 4030 if (inchfd == STDIN_FILENO && outchfd == STDOUT_FILENO && 4031 isatty(inchfd) && isatty(outchfd)) 4032 { 4033 int inmode, outmode; 4034 4035 inmode = fcntl(inchfd, F_GETFL, 0); 4036 if (inmode == -1) 4037 { 4038 if (LogLevel > 11) 4039 sm_syslog(LOG_INFO, NOQID, 4040 "fcntl(inchfd, F_GETFL) failed: %s", 4041 sm_errstring(errno)); 4042 return; 4043 } 4044 outmode = fcntl(outchfd, F_GETFL, 0); 4045 if (outmode == -1) 4046 { 4047 if (LogLevel > 11) 4048 sm_syslog(LOG_INFO, NOQID, 4049 "fcntl(outchfd, F_GETFL) failed: %s", 4050 sm_errstring(errno)); 4051 return; 4052 } 4053 if (bitset(O_NONBLOCK, inmode) || 4054 bitset(O_NONBLOCK, outmode) || 4055 fcntl(inchfd, F_SETFL, inmode | O_NONBLOCK) == -1) 4056 return; 4057 outmode = fcntl(outchfd, F_GETFL, 0); 4058 if (outmode != -1 && bitset(O_NONBLOCK, outmode)) 4059 { 4060 /* changing InChannel also changes OutChannel */ 4061 sm_io_automode(OutChannel, InChannel); 4062 if (tTd(97, 4) && LogLevel > 9) 4063 sm_syslog(LOG_INFO, NOQID, 4064 "set automode for I (%d)/O (%d) in SMTP server", 4065 inchfd, outchfd); 4066 } 4067 4068 /* undo change of inchfd */ 4069 (void) fcntl(inchfd, F_SETFL, inmode); 4070 } 4071 } 4072 /* 4073 ** SKIPWORD -- skip a fixed word. 4074 ** 4075 ** Parameters: 4076 ** p -- place to start looking. 4077 ** w -- word to skip. 4078 ** 4079 ** Returns: 4080 ** p following w. 4081 ** NULL on error. 4082 ** 4083 ** Side Effects: 4084 ** clobbers the p data area. 4085 */ 4086 4087 static char * 4088 skipword(p, w) 4089 register char *volatile p; 4090 char *w; 4091 { 4092 register char *q; 4093 char *firstp = p; 4094 4095 /* find beginning of word */ 4096 SKIP_SPACE(p); 4097 q = p; 4098 4099 /* find end of word */ 4100 while (*p != '\0' && *p != ':' && !(isascii(*p) && isspace(*p))) 4101 p++; 4102 while (isascii(*p) && isspace(*p)) 4103 *p++ = '\0'; 4104 if (*p != ':') 4105 { 4106 syntax: 4107 usrerr("501 5.5.2 Syntax error in parameters scanning \"%s\"", 4108 shortenstring(firstp, MAXSHORTSTR)); 4109 return NULL; 4110 } 4111 *p++ = '\0'; 4112 SKIP_SPACE(p); 4113 4114 if (*p == '\0') 4115 goto syntax; 4116 4117 /* see if the input word matches desired word */ 4118 if (sm_strcasecmp(q, w)) 4119 goto syntax; 4120 4121 return p; 4122 } 4123 4124 /* 4125 ** RESET_MAIL_ESMTP_ARGS -- process ESMTP arguments from MAIL line 4126 ** 4127 ** Parameters: 4128 ** e -- the envelope. 4129 ** 4130 ** Returns: 4131 ** none. 4132 */ 4133 4134 void 4135 reset_mail_esmtp_args(e) 4136 ENVELOPE *e; 4137 { 4138 /* "size": no reset */ 4139 4140 /* "body" */ 4141 SevenBitInput = SevenBitInput_Saved; 4142 e->e_bodytype = NULL; 4143 4144 /* "envid" */ 4145 e->e_envid = NULL; 4146 macdefine(&e->e_macro, A_PERM, macid("{dsn_envid}"), NULL); 4147 4148 /* "ret" */ 4149 e->e_flags &= ~(EF_RET_PARAM|EF_NO_BODY_RETN); 4150 macdefine(&e->e_macro, A_TEMP, macid("{dsn_ret}"), NULL); 4151 4152 #if SASL 4153 /* "auth" */ 4154 macdefine(&e->e_macro, A_TEMP, macid("{auth_author}"), NULL); 4155 e->e_auth_param = ""; 4156 # if _FFR_AUTH_PASSING 4157 macdefine(&BlankEnvelope.e_macro, A_PERM, 4158 macid("{auth_author}"), NULL); 4159 # endif /* _FFR_AUTH_PASSING */ 4160 #endif /* SASL */ 4161 4162 /* "by" */ 4163 e->e_deliver_by = 0; 4164 e->e_dlvr_flag = 0; 4165 } 4166 4167 /* 4168 ** MAIL_ESMTP_ARGS -- process ESMTP arguments from MAIL line 4169 ** 4170 ** Parameters: 4171 ** a -- address (unused, for compatibility with rcpt_esmtp_args) 4172 ** kp -- the parameter key. 4173 ** vp -- the value of that parameter. 4174 ** e -- the envelope. 4175 ** 4176 ** Returns: 4177 ** none. 4178 */ 4179 4180 void 4181 mail_esmtp_args(a, kp, vp, e) 4182 ADDRESS *a; 4183 char *kp; 4184 char *vp; 4185 ENVELOPE *e; 4186 { 4187 if (sm_strcasecmp(kp, "size") == 0) 4188 { 4189 if (vp == NULL) 4190 { 4191 usrerr("501 5.5.2 SIZE requires a value"); 4192 /* NOTREACHED */ 4193 } 4194 macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"), vp); 4195 errno = 0; 4196 e->e_msgsize = strtol(vp, (char **) NULL, 10); 4197 if (e->e_msgsize == LONG_MAX && errno == ERANGE) 4198 { 4199 usrerr("552 5.2.3 Message size exceeds maximum value"); 4200 /* NOTREACHED */ 4201 } 4202 if (e->e_msgsize < 0) 4203 { 4204 usrerr("552 5.2.3 Message size invalid"); 4205 /* NOTREACHED */ 4206 } 4207 } 4208 else if (sm_strcasecmp(kp, "body") == 0) 4209 { 4210 if (vp == NULL) 4211 { 4212 usrerr("501 5.5.2 BODY requires a value"); 4213 /* NOTREACHED */ 4214 } 4215 else if (sm_strcasecmp(vp, "8bitmime") == 0) 4216 { 4217 SevenBitInput = false; 4218 } 4219 else if (sm_strcasecmp(vp, "7bit") == 0) 4220 { 4221 SevenBitInput = true; 4222 } 4223 else 4224 { 4225 usrerr("501 5.5.4 Unknown BODY type %s", vp); 4226 /* NOTREACHED */ 4227 } 4228 e->e_bodytype = sm_rpool_strdup_x(e->e_rpool, vp); 4229 } 4230 else if (sm_strcasecmp(kp, "envid") == 0) 4231 { 4232 if (!bitset(SRV_OFFER_DSN, e->e_features)) 4233 { 4234 usrerr("504 5.7.0 Sorry, ENVID not supported, we do not allow DSN"); 4235 /* NOTREACHED */ 4236 } 4237 if (vp == NULL) 4238 { 4239 usrerr("501 5.5.2 ENVID requires a value"); 4240 /* NOTREACHED */ 4241 } 4242 if (!xtextok(vp)) 4243 { 4244 usrerr("501 5.5.4 Syntax error in ENVID parameter value"); 4245 /* NOTREACHED */ 4246 } 4247 if (e->e_envid != NULL) 4248 { 4249 usrerr("501 5.5.0 Duplicate ENVID parameter"); 4250 /* NOTREACHED */ 4251 } 4252 e->e_envid = sm_rpool_strdup_x(e->e_rpool, vp); 4253 macdefine(&e->e_macro, A_PERM, 4254 macid("{dsn_envid}"), e->e_envid); 4255 } 4256 else if (sm_strcasecmp(kp, "ret") == 0) 4257 { 4258 if (!bitset(SRV_OFFER_DSN, e->e_features)) 4259 { 4260 usrerr("504 5.7.0 Sorry, RET not supported, we do not allow DSN"); 4261 /* NOTREACHED */ 4262 } 4263 if (vp == NULL) 4264 { 4265 usrerr("501 5.5.2 RET requires a value"); 4266 /* NOTREACHED */ 4267 } 4268 if (bitset(EF_RET_PARAM, e->e_flags)) 4269 { 4270 usrerr("501 5.5.0 Duplicate RET parameter"); 4271 /* NOTREACHED */ 4272 } 4273 e->e_flags |= EF_RET_PARAM; 4274 if (sm_strcasecmp(vp, "hdrs") == 0) 4275 e->e_flags |= EF_NO_BODY_RETN; 4276 else if (sm_strcasecmp(vp, "full") != 0) 4277 { 4278 usrerr("501 5.5.2 Bad argument \"%s\" to RET", vp); 4279 /* NOTREACHED */ 4280 } 4281 macdefine(&e->e_macro, A_TEMP, macid("{dsn_ret}"), vp); 4282 } 4283 #if SASL 4284 else if (sm_strcasecmp(kp, "auth") == 0) 4285 { 4286 int len; 4287 char *q; 4288 char *auth_param; /* the value of the AUTH=x */ 4289 bool saveQuickAbort = QuickAbort; 4290 bool saveSuprErrs = SuprErrs; 4291 bool saveExitStat = ExitStat; 4292 4293 if (vp == NULL) 4294 { 4295 usrerr("501 5.5.2 AUTH= requires a value"); 4296 /* NOTREACHED */ 4297 } 4298 if (e->e_auth_param != NULL) 4299 { 4300 usrerr("501 5.5.0 Duplicate AUTH parameter"); 4301 /* NOTREACHED */ 4302 } 4303 if ((q = strchr(vp, ' ')) != NULL) 4304 len = q - vp + 1; 4305 else 4306 len = strlen(vp) + 1; 4307 auth_param = xalloc(len); 4308 (void) sm_strlcpy(auth_param, vp, len); 4309 if (!xtextok(auth_param)) 4310 { 4311 usrerr("501 5.5.4 Syntax error in AUTH parameter value"); 4312 /* just a warning? */ 4313 /* NOTREACHED */ 4314 } 4315 4316 /* XXX define this always or only if trusted? */ 4317 macdefine(&e->e_macro, A_TEMP, macid("{auth_author}"), 4318 auth_param); 4319 4320 /* 4321 ** call Strust_auth to find out whether 4322 ** auth_param is acceptable (trusted) 4323 ** we shouldn't trust it if not authenticated 4324 ** (required by RFC, leave it to ruleset?) 4325 */ 4326 4327 SuprErrs = true; 4328 QuickAbort = false; 4329 if (strcmp(auth_param, "<>") != 0 && 4330 (rscheck("trust_auth", auth_param, NULL, e, RSF_RMCOMM, 4331 9, NULL, NOQID, NULL) != EX_OK || Errors > 0)) 4332 { 4333 if (tTd(95, 8)) 4334 { 4335 q = e->e_auth_param; 4336 sm_dprintf("auth=\"%.100s\" not trusted user=\"%.100s\"\n", 4337 auth_param, (q == NULL) ? "" : q); 4338 } 4339 4340 /* not trusted */ 4341 e->e_auth_param = "<>"; 4342 # if _FFR_AUTH_PASSING 4343 macdefine(&BlankEnvelope.e_macro, A_PERM, 4344 macid("{auth_author}"), NULL); 4345 # endif /* _FFR_AUTH_PASSING */ 4346 } 4347 else 4348 { 4349 if (tTd(95, 8)) 4350 sm_dprintf("auth=\"%.100s\" trusted\n", auth_param); 4351 e->e_auth_param = sm_rpool_strdup_x(e->e_rpool, 4352 auth_param); 4353 } 4354 sm_free(auth_param); /* XXX */ 4355 4356 /* reset values */ 4357 Errors = 0; 4358 QuickAbort = saveQuickAbort; 4359 SuprErrs = saveSuprErrs; 4360 ExitStat = saveExitStat; 4361 } 4362 #endif /* SASL */ 4363 #define PRTCHAR(c) ((isascii(c) && isprint(c)) ? (c) : '?') 4364 4365 /* 4366 ** "by" is only accepted if DeliverByMin >= 0. 4367 ** We maybe could add this to the list of server_features. 4368 */ 4369 4370 else if (sm_strcasecmp(kp, "by") == 0 && DeliverByMin >= 0) 4371 { 4372 char *s; 4373 4374 if (vp == NULL) 4375 { 4376 usrerr("501 5.5.2 BY= requires a value"); 4377 /* NOTREACHED */ 4378 } 4379 errno = 0; 4380 e->e_deliver_by = strtol(vp, &s, 10); 4381 if (e->e_deliver_by == LONG_MIN || 4382 e->e_deliver_by == LONG_MAX || 4383 e->e_deliver_by > 999999999l || 4384 e->e_deliver_by < -999999999l) 4385 { 4386 usrerr("501 5.5.2 BY=%s out of range", vp); 4387 /* NOTREACHED */ 4388 } 4389 if (s == NULL || *s != ';') 4390 { 4391 usrerr("501 5.5.2 BY= missing ';'"); 4392 /* NOTREACHED */ 4393 } 4394 e->e_dlvr_flag = 0; 4395 ++s; /* XXX: spaces allowed? */ 4396 SKIP_SPACE(s); 4397 switch (tolower(*s)) 4398 { 4399 case 'n': 4400 e->e_dlvr_flag = DLVR_NOTIFY; 4401 break; 4402 case 'r': 4403 e->e_dlvr_flag = DLVR_RETURN; 4404 if (e->e_deliver_by <= 0) 4405 { 4406 usrerr("501 5.5.4 mode R requires BY time > 0"); 4407 /* NOTREACHED */ 4408 } 4409 if (DeliverByMin > 0 && e->e_deliver_by > 0 && 4410 e->e_deliver_by < DeliverByMin) 4411 { 4412 usrerr("555 5.5.2 time %ld less than %ld", 4413 e->e_deliver_by, (long) DeliverByMin); 4414 /* NOTREACHED */ 4415 } 4416 break; 4417 default: 4418 usrerr("501 5.5.2 illegal by-mode '%c'", PRTCHAR(*s)); 4419 /* NOTREACHED */ 4420 } 4421 ++s; /* XXX: spaces allowed? */ 4422 SKIP_SPACE(s); 4423 switch (tolower(*s)) 4424 { 4425 case 't': 4426 e->e_dlvr_flag |= DLVR_TRACE; 4427 break; 4428 case '\0': 4429 break; 4430 default: 4431 usrerr("501 5.5.2 illegal by-trace '%c'", PRTCHAR(*s)); 4432 /* NOTREACHED */ 4433 } 4434 4435 /* XXX: check whether more characters follow? */ 4436 } 4437 else 4438 { 4439 usrerr("555 5.5.4 %s parameter unrecognized", kp); 4440 /* NOTREACHED */ 4441 } 4442 } 4443 4444 /* 4445 ** RCPT_ESMTP_ARGS -- process ESMTP arguments from RCPT line 4446 ** 4447 ** Parameters: 4448 ** a -- the address corresponding to the To: parameter. 4449 ** kp -- the parameter key. 4450 ** vp -- the value of that parameter. 4451 ** e -- the envelope. 4452 ** 4453 ** Returns: 4454 ** none. 4455 */ 4456 4457 void 4458 rcpt_esmtp_args(a, kp, vp, e) 4459 ADDRESS *a; 4460 char *kp; 4461 char *vp; 4462 ENVELOPE *e; 4463 { 4464 if (sm_strcasecmp(kp, "notify") == 0) 4465 { 4466 char *p; 4467 4468 if (!bitset(SRV_OFFER_DSN, e->e_features)) 4469 { 4470 usrerr("504 5.7.0 Sorry, NOTIFY not supported, we do not allow DSN"); 4471 /* NOTREACHED */ 4472 } 4473 if (vp == NULL) 4474 { 4475 usrerr("501 5.5.2 NOTIFY requires a value"); 4476 /* NOTREACHED */ 4477 } 4478 a->q_flags &= ~(QPINGONSUCCESS|QPINGONFAILURE|QPINGONDELAY); 4479 a->q_flags |= QHASNOTIFY; 4480 macdefine(&e->e_macro, A_TEMP, macid("{dsn_notify}"), vp); 4481 4482 if (sm_strcasecmp(vp, "never") == 0) 4483 return; 4484 for (p = vp; p != NULL; vp = p) 4485 { 4486 char *s; 4487 4488 s = p = strchr(p, ','); 4489 if (p != NULL) 4490 *p++ = '\0'; 4491 if (sm_strcasecmp(vp, "success") == 0) 4492 a->q_flags |= QPINGONSUCCESS; 4493 else if (sm_strcasecmp(vp, "failure") == 0) 4494 a->q_flags |= QPINGONFAILURE; 4495 else if (sm_strcasecmp(vp, "delay") == 0) 4496 a->q_flags |= QPINGONDELAY; 4497 else 4498 { 4499 usrerr("501 5.5.4 Bad argument \"%s\" to NOTIFY", 4500 vp); 4501 /* NOTREACHED */ 4502 } 4503 if (s != NULL) 4504 *s = ','; 4505 } 4506 } 4507 else if (sm_strcasecmp(kp, "orcpt") == 0) 4508 { 4509 if (!bitset(SRV_OFFER_DSN, e->e_features)) 4510 { 4511 usrerr("504 5.7.0 Sorry, ORCPT not supported, we do not allow DSN"); 4512 /* NOTREACHED */ 4513 } 4514 if (vp == NULL) 4515 { 4516 usrerr("501 5.5.2 ORCPT requires a value"); 4517 /* NOTREACHED */ 4518 } 4519 if (strchr(vp, ';') == NULL || !xtextok(vp)) 4520 { 4521 usrerr("501 5.5.4 Syntax error in ORCPT parameter value"); 4522 /* NOTREACHED */ 4523 } 4524 if (a->q_orcpt != NULL) 4525 { 4526 usrerr("501 5.5.0 Duplicate ORCPT parameter"); 4527 /* NOTREACHED */ 4528 } 4529 a->q_orcpt = sm_rpool_strdup_x(e->e_rpool, vp); 4530 } 4531 else 4532 { 4533 usrerr("555 5.5.4 %s parameter unrecognized", kp); 4534 /* NOTREACHED */ 4535 } 4536 } 4537 /* 4538 ** PRINTVRFYADDR -- print an entry in the verify queue 4539 ** 4540 ** Parameters: 4541 ** a -- the address to print. 4542 ** last -- set if this is the last one. 4543 ** vrfy -- set if this is a VRFY command. 4544 ** 4545 ** Returns: 4546 ** none. 4547 ** 4548 ** Side Effects: 4549 ** Prints the appropriate 250 codes. 4550 */ 4551 #define OFFF (3 + 1 + 5 + 1) /* offset in fmt: SMTP reply + enh. code */ 4552 4553 static void 4554 printvrfyaddr(a, last, vrfy) 4555 register ADDRESS *a; 4556 bool last; 4557 bool vrfy; 4558 { 4559 char fmtbuf[30]; 4560 4561 if (vrfy && a->q_mailer != NULL && 4562 !bitnset(M_VRFY250, a->q_mailer->m_flags)) 4563 (void) sm_strlcpy(fmtbuf, "252", sizeof(fmtbuf)); 4564 else 4565 (void) sm_strlcpy(fmtbuf, "250", sizeof(fmtbuf)); 4566 fmtbuf[3] = last ? ' ' : '-'; 4567 (void) sm_strlcpy(&fmtbuf[4], "2.1.5 ", sizeof(fmtbuf) - 4); 4568 if (a->q_fullname == NULL) 4569 { 4570 if ((a->q_mailer == NULL || 4571 a->q_mailer->m_addrtype == NULL || 4572 sm_strcasecmp(a->q_mailer->m_addrtype, "rfc822") == 0) && 4573 strchr(a->q_user, '@') == NULL) 4574 (void) sm_strlcpy(&fmtbuf[OFFF], "<%s@%s>", 4575 sizeof(fmtbuf) - OFFF); 4576 else 4577 (void) sm_strlcpy(&fmtbuf[OFFF], "<%s>", 4578 sizeof(fmtbuf) - OFFF); 4579 message(fmtbuf, a->q_user, MyHostName); 4580 } 4581 else 4582 { 4583 if ((a->q_mailer == NULL || 4584 a->q_mailer->m_addrtype == NULL || 4585 sm_strcasecmp(a->q_mailer->m_addrtype, "rfc822") == 0) && 4586 strchr(a->q_user, '@') == NULL) 4587 (void) sm_strlcpy(&fmtbuf[OFFF], "%s <%s@%s>", 4588 sizeof(fmtbuf) - OFFF); 4589 else 4590 (void) sm_strlcpy(&fmtbuf[OFFF], "%s <%s>", 4591 sizeof(fmtbuf) - OFFF); 4592 message(fmtbuf, a->q_fullname, a->q_user, MyHostName); 4593 } 4594 } 4595 4596 #if SASL 4597 /* 4598 ** SASLMECHS -- get list of possible AUTH mechanisms 4599 ** 4600 ** Parameters: 4601 ** conn -- SASL connection info. 4602 ** mechlist -- output parameter for list of mechanisms. 4603 ** 4604 ** Returns: 4605 ** number of mechs. 4606 */ 4607 4608 static int 4609 saslmechs(conn, mechlist) 4610 sasl_conn_t *conn; 4611 char **mechlist; 4612 { 4613 int len, num, result; 4614 4615 /* "user" is currently unused */ 4616 # if SASL >= 20000 4617 result = sasl_listmech(conn, NULL, 4618 "", " ", "", (const char **) mechlist, 4619 (unsigned int *)&len, &num); 4620 # else /* SASL >= 20000 */ 4621 result = sasl_listmech(conn, "user", /* XXX */ 4622 "", " ", "", mechlist, 4623 (unsigned int *)&len, (unsigned int *)&num); 4624 # endif /* SASL >= 20000 */ 4625 if (result != SASL_OK) 4626 { 4627 if (LogLevel > 9) 4628 sm_syslog(LOG_WARNING, NOQID, 4629 "AUTH error: listmech=%d, num=%d", 4630 result, num); 4631 num = 0; 4632 } 4633 if (num > 0) 4634 { 4635 if (LogLevel > 11) 4636 sm_syslog(LOG_INFO, NOQID, 4637 "AUTH: available mech=%s, allowed mech=%s", 4638 *mechlist, AuthMechanisms); 4639 *mechlist = intersect(AuthMechanisms, *mechlist, NULL); 4640 } 4641 else 4642 { 4643 *mechlist = NULL; /* be paranoid... */ 4644 if (result == SASL_OK && LogLevel > 9) 4645 sm_syslog(LOG_WARNING, NOQID, 4646 "AUTH warning: no mechanisms"); 4647 } 4648 return num; 4649 } 4650 4651 # if SASL >= 20000 4652 /* 4653 ** PROXY_POLICY -- define proxy policy for AUTH 4654 ** 4655 ** Parameters: 4656 ** conn -- unused. 4657 ** context -- unused. 4658 ** requested_user -- authorization identity. 4659 ** rlen -- authorization identity length. 4660 ** auth_identity -- authentication identity. 4661 ** alen -- authentication identity length. 4662 ** def_realm -- default user realm. 4663 ** urlen -- user realm length. 4664 ** propctx -- unused. 4665 ** 4666 ** Returns: 4667 ** ok? 4668 ** 4669 ** Side Effects: 4670 ** sets {auth_authen} macro. 4671 */ 4672 4673 int 4674 proxy_policy(conn, context, requested_user, rlen, auth_identity, alen, 4675 def_realm, urlen, propctx) 4676 sasl_conn_t *conn; 4677 void *context; 4678 const char *requested_user; 4679 unsigned rlen; 4680 const char *auth_identity; 4681 unsigned alen; 4682 const char *def_realm; 4683 unsigned urlen; 4684 struct propctx *propctx; 4685 { 4686 if (auth_identity == NULL) 4687 return SASL_FAIL; 4688 4689 macdefine(&BlankEnvelope.e_macro, A_TEMP, 4690 macid("{auth_authen}"), (char *) auth_identity); 4691 4692 return SASL_OK; 4693 } 4694 # else /* SASL >= 20000 */ 4695 4696 /* 4697 ** PROXY_POLICY -- define proxy policy for AUTH 4698 ** 4699 ** Parameters: 4700 ** context -- unused. 4701 ** auth_identity -- authentication identity. 4702 ** requested_user -- authorization identity. 4703 ** user -- allowed user (output). 4704 ** errstr -- possible error string (output). 4705 ** 4706 ** Returns: 4707 ** ok? 4708 */ 4709 4710 int 4711 proxy_policy(context, auth_identity, requested_user, user, errstr) 4712 void *context; 4713 const char *auth_identity; 4714 const char *requested_user; 4715 const char **user; 4716 const char **errstr; 4717 { 4718 if (user == NULL || auth_identity == NULL) 4719 return SASL_FAIL; 4720 *user = newstr(auth_identity); 4721 return SASL_OK; 4722 } 4723 # endif /* SASL >= 20000 */ 4724 #endif /* SASL */ 4725 4726 #if STARTTLS 4727 /* 4728 ** INITSRVTLS -- initialize server side TLS 4729 ** 4730 ** Parameters: 4731 ** tls_ok -- should tls initialization be done? 4732 ** 4733 ** Returns: 4734 ** succeeded? 4735 ** 4736 ** Side Effects: 4737 ** sets tls_ok_srv which is a static variable in this module. 4738 ** Do NOT remove assignments to it! 4739 */ 4740 4741 bool 4742 initsrvtls(tls_ok) 4743 bool tls_ok; 4744 { 4745 if (!tls_ok) 4746 return false; 4747 4748 /* do NOT remove assignment */ 4749 tls_ok_srv = inittls(&srv_ctx, TLS_Srv_Opts, Srv_SSL_Options, true, 4750 SrvCertFile, SrvKeyFile, 4751 CACertPath, CACertFile, DHParams); 4752 return tls_ok_srv; 4753 } 4754 #endif /* STARTTLS */ 4755 /* 4756 ** SRVFEATURES -- get features for SMTP server 4757 ** 4758 ** Parameters: 4759 ** e -- envelope (should be session context). 4760 ** clientname -- name of client. 4761 ** features -- default features for this invocation. 4762 ** 4763 ** Returns: 4764 ** server features. 4765 */ 4766 4767 /* table with options: it uses just one character, how about strings? */ 4768 static struct 4769 { 4770 char srvf_opt; 4771 unsigned int srvf_flag; 4772 } srv_feat_table[] = 4773 { 4774 { 'A', SRV_OFFER_AUTH }, 4775 { 'B', SRV_OFFER_VERB }, 4776 { 'C', SRV_REQ_SEC }, 4777 { 'D', SRV_OFFER_DSN }, 4778 { 'E', SRV_OFFER_ETRN }, 4779 { 'L', SRV_REQ_AUTH }, 4780 #if PIPELINING 4781 # if _FFR_NO_PIPE 4782 { 'N', SRV_NO_PIPE }, 4783 # endif /* _FFR_NO_PIPE */ 4784 { 'P', SRV_OFFER_PIPE }, 4785 #endif /* PIPELINING */ 4786 { 'R', SRV_VRFY_CLT }, /* same as V; not documented */ 4787 { 'S', SRV_OFFER_TLS }, 4788 /* { 'T', SRV_TMP_FAIL }, */ 4789 { 'V', SRV_VRFY_CLT }, 4790 { 'X', SRV_OFFER_EXPN }, 4791 /* { 'Y', SRV_OFFER_VRFY }, */ 4792 { '\0', SRV_NONE } 4793 }; 4794 4795 static unsigned int 4796 srvfeatures(e, clientname, features) 4797 ENVELOPE *e; 4798 char *clientname; 4799 unsigned int features; 4800 { 4801 int r, i, j; 4802 char **pvp, c, opt; 4803 char pvpbuf[PSBUFSIZE]; 4804 4805 pvp = NULL; 4806 r = rscap("srv_features", clientname, "", e, &pvp, pvpbuf, 4807 sizeof(pvpbuf)); 4808 if (r != EX_OK) 4809 return features; 4810 if (pvp == NULL || pvp[0] == NULL || (pvp[0][0] & 0377) != CANONNET) 4811 return features; 4812 if (pvp[1] != NULL && sm_strncasecmp(pvp[1], "temp", 4) == 0) 4813 return SRV_TMP_FAIL; 4814 4815 /* 4816 ** General rule (see sendmail.h, d_flags): 4817 ** lower case: required/offered, upper case: Not required/available 4818 ** 4819 ** Since we can change some features per daemon, we have both 4820 ** cases here: turn on/off a feature. 4821 */ 4822 4823 for (i = 1; pvp[i] != NULL; i++) 4824 { 4825 c = pvp[i][0]; 4826 j = 0; 4827 for (;;) 4828 { 4829 if ((opt = srv_feat_table[j].srvf_opt) == '\0') 4830 { 4831 if (LogLevel > 9) 4832 sm_syslog(LOG_WARNING, e->e_id, 4833 "srvfeatures: unknown feature %s", 4834 pvp[i]); 4835 break; 4836 } 4837 if (c == opt) 4838 { 4839 features &= ~(srv_feat_table[j].srvf_flag); 4840 break; 4841 } 4842 if (c == tolower(opt)) 4843 { 4844 features |= srv_feat_table[j].srvf_flag; 4845 break; 4846 } 4847 ++j; 4848 } 4849 } 4850 return features; 4851 } 4852 4853 /* 4854 ** HELP -- implement the HELP command. 4855 ** 4856 ** Parameters: 4857 ** topic -- the topic we want help for. 4858 ** e -- envelope. 4859 ** 4860 ** Returns: 4861 ** none. 4862 ** 4863 ** Side Effects: 4864 ** outputs the help file to message output. 4865 */ 4866 #define HELPVSTR "#vers " 4867 #define HELPVERSION 2 4868 4869 void 4870 help(topic, e) 4871 char *topic; 4872 ENVELOPE *e; 4873 { 4874 register SM_FILE_T *hf; 4875 register char *p; 4876 int len; 4877 bool noinfo; 4878 bool first = true; 4879 long sff = SFF_OPENASROOT|SFF_REGONLY; 4880 char buf[MAXLINE]; 4881 char inp[MAXLINE]; 4882 static int foundvers = -1; 4883 extern char Version[]; 4884 4885 if (DontLockReadFiles) 4886 sff |= SFF_NOLOCK; 4887 if (!bitnset(DBS_HELPFILEINUNSAFEDIRPATH, DontBlameSendmail)) 4888 sff |= SFF_SAFEDIRPATH; 4889 4890 if (HelpFile == NULL || 4891 (hf = safefopen(HelpFile, O_RDONLY, 0444, sff)) == NULL) 4892 { 4893 /* no help */ 4894 errno = 0; 4895 message("502 5.3.0 Sendmail %s -- HELP not implemented", 4896 Version); 4897 return; 4898 } 4899 4900 if (topic == NULL || *topic == '\0') 4901 { 4902 topic = "smtp"; 4903 noinfo = false; 4904 } 4905 else 4906 { 4907 makelower(topic); 4908 noinfo = true; 4909 } 4910 4911 len = strlen(topic); 4912 4913 while (sm_io_fgets(hf, SM_TIME_DEFAULT, buf, sizeof(buf)) != NULL) 4914 { 4915 if (buf[0] == '#') 4916 { 4917 if (foundvers < 0 && 4918 strncmp(buf, HELPVSTR, strlen(HELPVSTR)) == 0) 4919 { 4920 int h; 4921 4922 if (sm_io_sscanf(buf + strlen(HELPVSTR), "%d", 4923 &h) == 1) 4924 foundvers = h; 4925 } 4926 continue; 4927 } 4928 if (strncmp(buf, topic, len) == 0) 4929 { 4930 if (first) 4931 { 4932 first = false; 4933 4934 /* print version if no/old vers# in file */ 4935 if (foundvers < 2 && !noinfo) 4936 message("214-2.0.0 This is Sendmail version %s", Version); 4937 } 4938 p = strpbrk(buf, " \t"); 4939 if (p == NULL) 4940 p = buf + strlen(buf) - 1; 4941 else 4942 p++; 4943 fixcrlf(p, true); 4944 if (foundvers >= 2) 4945 { 4946 char *lbp; 4947 int lbs = sizeof(buf) - (p - buf); 4948 4949 lbp = translate_dollars(p, p, &lbs); 4950 expand(lbp, inp, sizeof(inp), e); 4951 if (p != lbp) 4952 sm_free(lbp); 4953 p = inp; 4954 } 4955 message("214-2.0.0 %s", p); 4956 noinfo = false; 4957 } 4958 } 4959 4960 if (noinfo) 4961 message("504 5.3.0 HELP topic \"%.10s\" unknown", topic); 4962 else 4963 message("214 2.0.0 End of HELP info"); 4964 4965 if (foundvers != 0 && foundvers < HELPVERSION) 4966 { 4967 if (LogLevel > 1) 4968 sm_syslog(LOG_WARNING, e->e_id, 4969 "%s too old (require version %d)", 4970 HelpFile, HELPVERSION); 4971 4972 /* avoid log next time */ 4973 foundvers = 0; 4974 } 4975 4976 (void) sm_io_close(hf, SM_TIME_DEFAULT); 4977 } 4978 4979 #if SASL 4980 /* 4981 ** RESET_SASLCONN -- reset SASL connection data 4982 ** 4983 ** Parameters: 4984 ** conn -- SASL connection context 4985 ** hostname -- host name 4986 ** various connection data 4987 ** 4988 ** Returns: 4989 ** SASL result 4990 */ 4991 4992 static int 4993 reset_saslconn(sasl_conn_t **conn, char *hostname, 4994 # if SASL >= 20000 4995 char *remoteip, char *localip, 4996 char *auth_id, sasl_ssf_t * ext_ssf) 4997 # else /* SASL >= 20000 */ 4998 struct sockaddr_in *saddr_r, struct sockaddr_in *saddr_l, 4999 sasl_external_properties_t * ext_ssf) 5000 # endif /* SASL >= 20000 */ 5001 { 5002 int result; 5003 5004 sasl_dispose(conn); 5005 # if SASL >= 20000 5006 result = sasl_server_new("smtp", hostname, NULL, NULL, NULL, 5007 NULL, 0, conn); 5008 # elif SASL > 10505 5009 /* use empty realm: only works in SASL > 1.5.5 */ 5010 result = sasl_server_new("smtp", hostname, "", NULL, 0, conn); 5011 # else /* SASL >= 20000 */ 5012 /* use no realm -> realm is set to hostname by SASL lib */ 5013 result = sasl_server_new("smtp", hostname, NULL, NULL, 0, 5014 conn); 5015 # endif /* SASL >= 20000 */ 5016 if (result != SASL_OK) 5017 return result; 5018 5019 # if SASL >= 20000 5020 # if NETINET || NETINET6 5021 if (remoteip != NULL && *remoteip != '\0') 5022 result = sasl_setprop(*conn, SASL_IPREMOTEPORT, remoteip); 5023 if (result != SASL_OK) 5024 return result; 5025 5026 if (localip != NULL && *localip != '\0') 5027 result = sasl_setprop(*conn, SASL_IPLOCALPORT, localip); 5028 if (result != SASL_OK) 5029 return result; 5030 # endif /* NETINET || NETINET6 */ 5031 5032 result = sasl_setprop(*conn, SASL_SSF_EXTERNAL, ext_ssf); 5033 if (result != SASL_OK) 5034 return result; 5035 5036 result = sasl_setprop(*conn, SASL_AUTH_EXTERNAL, auth_id); 5037 if (result != SASL_OK) 5038 return result; 5039 # else /* SASL >= 20000 */ 5040 # if NETINET 5041 if (saddr_r != NULL) 5042 result = sasl_setprop(*conn, SASL_IP_REMOTE, saddr_r); 5043 if (result != SASL_OK) 5044 return result; 5045 5046 if (saddr_l != NULL) 5047 result = sasl_setprop(*conn, SASL_IP_LOCAL, saddr_l); 5048 if (result != SASL_OK) 5049 return result; 5050 # endif /* NETINET */ 5051 5052 result = sasl_setprop(*conn, SASL_SSF_EXTERNAL, ext_ssf); 5053 if (result != SASL_OK) 5054 return result; 5055 # endif /* SASL >= 20000 */ 5056 return SASL_OK; 5057 } 5058 #endif /* SASL */ 5059