1 /* 2 * Copyright (c) 2008-2014, Simon Schubert <2@0x2c.org>. 3 * Copyright (c) 2008 The DragonFly Project. All rights reserved. 4 * 5 * This code is derived from software contributed to The DragonFly Project 6 * by Simon Schubert <2@0x2c.org>. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the 17 * distribution. 18 * 3. Neither the name of The DragonFly Project nor the names of its 19 * contributors may be used to endorse or promote products derived 20 * from this software without specific, prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 27 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 28 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 29 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 30 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 31 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 32 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include "dfcompat.h" 37 38 #include <sys/param.h> 39 #include <sys/types.h> 40 #include <sys/queue.h> 41 #include <sys/stat.h> 42 #include <sys/time.h> 43 #include <sys/wait.h> 44 45 #include <dirent.h> 46 #include <err.h> 47 #include <errno.h> 48 #include <fcntl.h> 49 #include <inttypes.h> 50 #include <libgen.h> 51 #include <paths.h> 52 #include <pwd.h> 53 #include <signal.h> 54 #include <stdarg.h> 55 #include <stdio.h> 56 #include <stdlib.h> 57 #include <string.h> 58 #include <syslog.h> 59 #include <unistd.h> 60 61 #include "dma.h" 62 63 64 static void deliver(struct qitem *); 65 66 struct aliases aliases = LIST_HEAD_INITIALIZER(aliases); 67 struct strlist tmpfs = SLIST_HEAD_INITIALIZER(tmpfs); 68 struct authusers authusers = LIST_HEAD_INITIALIZER(authusers); 69 char username[USERNAME_SIZE]; 70 uid_t useruid; 71 const char *logident_base; 72 char errmsg[ERRMSG_SIZE]; 73 74 static int daemonize = 1; 75 static int doqueue = 0; 76 77 struct config config = { 78 .smarthost = NULL, 79 .port = 25, 80 .aliases = "/etc/aliases", 81 .spooldir = "/var/spool/dma", 82 .authpath = NULL, 83 .certfile = NULL, 84 .features = 0, 85 .mailname = NULL, 86 .masquerade_host = NULL, 87 .masquerade_user = NULL, 88 .fingerprint = NULL, 89 }; 90 91 92 static void 93 sighup_handler(int signo) 94 { 95 (void)signo; /* so that gcc doesn't complain */ 96 } 97 98 static char * 99 set_from(struct queue *queue, const char *osender) 100 { 101 const char *addr; 102 char *sender; 103 104 if (config.masquerade_user) { 105 addr = config.masquerade_user; 106 } else if (osender) { 107 addr = osender; 108 } else if (getenv("EMAIL") != NULL) { 109 addr = getenv("EMAIL"); 110 } else { 111 addr = username; 112 } 113 114 if (!strchr(addr, '@')) { 115 const char *from_host = hostname(); 116 117 if (config.masquerade_host) 118 from_host = config.masquerade_host; 119 120 if (asprintf(&sender, "%s@%s", addr, from_host) <= 0) 121 return (NULL); 122 } else { 123 sender = strdup(addr); 124 if (sender == NULL) 125 return (NULL); 126 } 127 128 if (strchr(sender, '\n') != NULL) { 129 errno = EINVAL; 130 return (NULL); 131 } 132 133 queue->sender = sender; 134 return (sender); 135 } 136 137 static int 138 read_aliases(void) 139 { 140 yyin = fopen(config.aliases, "r"); 141 if (yyin == NULL) { 142 /* 143 * Non-existing aliases file is not a fatal error 144 */ 145 if (errno == ENOENT) 146 return (0); 147 /* Other problems are. */ 148 return (-1); 149 } 150 if (yyparse()) 151 return (-1); /* fatal error, probably malloc() */ 152 fclose(yyin); 153 return (0); 154 } 155 156 static int 157 do_alias(struct queue *queue, const char *addr) 158 { 159 struct alias *al; 160 struct stritem *sit; 161 int aliased = 0; 162 163 LIST_FOREACH(al, &aliases, next) { 164 if (strcmp(al->alias, addr) != 0) 165 continue; 166 SLIST_FOREACH(sit, &al->dests, next) { 167 if (add_recp(queue, sit->str, EXPAND_ADDR) != 0) 168 return (-1); 169 } 170 aliased = 1; 171 } 172 173 return (aliased); 174 } 175 176 int 177 add_recp(struct queue *queue, const char *str, int expand) 178 { 179 struct qitem *it, *tit; 180 struct passwd *pw; 181 char *host; 182 int aliased = 0; 183 184 it = calloc(1, sizeof(*it)); 185 if (it == NULL) 186 return (-1); 187 it->addr = strdup(str); 188 if (it->addr == NULL) 189 return (-1); 190 191 it->sender = queue->sender; 192 host = strrchr(it->addr, '@'); 193 if (host != NULL && 194 (strcmp(host + 1, hostname()) == 0 || 195 strcmp(host + 1, "localhost") == 0)) { 196 *host = 0; 197 } 198 LIST_FOREACH(tit, &queue->queue, next) { 199 /* weed out duplicate dests */ 200 if (strcmp(tit->addr, it->addr) == 0) { 201 free(it->addr); 202 free(it); 203 return (0); 204 } 205 } 206 LIST_INSERT_HEAD(&queue->queue, it, next); 207 208 /** 209 * Do local delivery if there is no @. 210 * Do not do local delivery when NULLCLIENT is set. 211 */ 212 if (strrchr(it->addr, '@') == NULL && (config.features & NULLCLIENT) == 0) { 213 it->remote = 0; 214 if (expand) { 215 aliased = do_alias(queue, it->addr); 216 if (!aliased && expand == EXPAND_WILDCARD) 217 aliased = do_alias(queue, "*"); 218 if (aliased < 0) 219 return (-1); 220 if (aliased) { 221 LIST_REMOVE(it, next); 222 } else { 223 /* Local destination, check */ 224 pw = getpwnam(it->addr); 225 if (pw == NULL) 226 goto out; 227 /* XXX read .forward */ 228 endpwent(); 229 } 230 } 231 } else { 232 it->remote = 1; 233 } 234 235 return (0); 236 237 out: 238 free(it->addr); 239 free(it); 240 return (-1); 241 } 242 243 static struct qitem * 244 go_background(struct queue *queue) 245 { 246 struct sigaction sa; 247 struct qitem *it; 248 pid_t pid; 249 250 if (daemonize && daemon(0, 0) != 0) { 251 syslog(LOG_ERR, "can not daemonize: %m"); 252 exit(EX_OSERR); 253 } 254 daemonize = 0; 255 256 bzero(&sa, sizeof(sa)); 257 sa.sa_handler = SIG_IGN; 258 sigaction(SIGCHLD, &sa, NULL); 259 260 LIST_FOREACH(it, &queue->queue, next) { 261 /* No need to fork for the last dest */ 262 if (LIST_NEXT(it, next) == NULL) 263 goto retit; 264 265 pid = fork(); 266 switch (pid) { 267 case -1: 268 syslog(LOG_ERR, "can not fork: %m"); 269 exit(EX_OSERR); 270 break; 271 272 case 0: 273 /* 274 * Child: 275 * 276 * return and deliver mail 277 */ 278 retit: 279 /* 280 * If necessary, acquire the queue and * mail files. 281 * If this fails, we probably were raced by another 282 * process. It is okay to be raced if we're supposed 283 * to flush the queue. 284 */ 285 setlogident("%s", it->queueid); 286 switch (acquirespool(it)) { 287 case 0: 288 break; 289 case 1: 290 if (doqueue) 291 exit(EX_OK); 292 syslog(LOG_WARNING, "could not lock queue file"); 293 exit(EX_SOFTWARE); 294 default: 295 exit(EX_SOFTWARE); 296 } 297 dropspool(queue, it); 298 return (it); 299 300 default: 301 /* 302 * Parent: 303 * 304 * fork next child 305 */ 306 break; 307 } 308 } 309 310 syslog(LOG_CRIT, "reached dead code"); 311 exit(EX_SOFTWARE); 312 } 313 314 static void 315 deliver(struct qitem *it) 316 { 317 int error; 318 unsigned int backoff = MIN_RETRY, slept; 319 struct timeval now; 320 struct stat st; 321 322 snprintf(errmsg, sizeof(errmsg), "unknown bounce reason"); 323 324 retry: 325 syslog(LOG_INFO, "<%s> trying delivery", it->addr); 326 327 if (it->remote) 328 error = deliver_remote(it); 329 else 330 error = deliver_local(it); 331 332 switch (error) { 333 case 0: 334 syslog(LOG_INFO, "<%s> delivery successful", it->addr); 335 delqueue(it); 336 exit(EX_OK); 337 338 case 1: 339 if (stat(it->queuefn, &st) != 0) { 340 syslog(LOG_ERR, "lost queue file `%s'", it->queuefn); 341 exit(EX_SOFTWARE); 342 } 343 if (gettimeofday(&now, NULL) == 0 && 344 (now.tv_sec - st.st_mtim.tv_sec > MAX_TIMEOUT)) { 345 snprintf(errmsg, sizeof(errmsg), 346 "Could not deliver for the last %d seconds. Giving up.", 347 MAX_TIMEOUT); 348 goto bounce; 349 } 350 for (slept = 0; slept < backoff;) { 351 slept += SLEEP_TIMEOUT - sleep(SLEEP_TIMEOUT); 352 if (flushqueue_since(slept)) { 353 backoff = MIN_RETRY; 354 goto retry; 355 } 356 } 357 if (slept >= backoff) { 358 /* pick the next backoff between [1.5, 2.5) times backoff */ 359 backoff = backoff + backoff / 2 + random() % backoff; 360 if (backoff > MAX_RETRY) 361 backoff = MAX_RETRY; 362 } 363 goto retry; 364 365 case -1: 366 default: 367 break; 368 } 369 370 bounce: 371 bounce(it, errmsg); 372 /* NOTREACHED */ 373 } 374 375 void 376 run_queue(struct queue *queue) 377 { 378 struct qitem *it; 379 380 if (LIST_EMPTY(&queue->queue)) 381 return; 382 383 it = go_background(queue); 384 deliver(it); 385 /* NOTREACHED */ 386 } 387 388 static void 389 show_queue(struct queue *queue) 390 { 391 struct qitem *it; 392 int locked = 0; /* XXX */ 393 394 if (LIST_EMPTY(&queue->queue)) { 395 printf("Mail queue is empty\n"); 396 return; 397 } 398 399 LIST_FOREACH(it, &queue->queue, next) { 400 printf("ID\t: %s%s\n" 401 "From\t: %s\n" 402 "To\t: %s\n", 403 it->queueid, 404 locked ? "*" : "", 405 it->sender, it->addr); 406 407 if (LIST_NEXT(it, next) != NULL) 408 printf("--\n"); 409 } 410 } 411 412 /* 413 * TODO: 414 * 415 * - alias processing 416 * - use group permissions 417 * - proper sysexit codes 418 */ 419 420 int 421 main(int argc, char **argv) 422 { 423 struct sigaction act; 424 char *sender = NULL; 425 char *own_name = NULL; 426 struct queue queue; 427 int i, ch; 428 int nodot = 0, showq = 0, queue_only = 0, newaliases = 0; 429 int recp_from_header = 0; 430 431 if (argc == 0) 432 errx(EX_OSERR, "invalid argc"); 433 434 set_username(); 435 436 /* 437 * We never run as root. If called by root, drop permissions 438 * to the mail user. 439 */ 440 if (geteuid() == 0 || getuid() == 0) { 441 struct passwd *pw; 442 443 errno = 0; 444 pw = getpwnam(DMA_ROOT_USER); 445 if (pw == NULL) { 446 if (errno == 0) 447 errx(EX_CONFIG, "user '%s' not found", DMA_ROOT_USER); 448 else 449 err(EX_OSERR, "cannot drop root privileges"); 450 } 451 452 if (setuid(pw->pw_uid) != 0) 453 err(EX_OSERR, "cannot drop root privileges"); 454 455 if (geteuid() == 0 || getuid() == 0) 456 errx(EX_OSERR, "cannot drop root privileges"); 457 } 458 459 atexit(deltmp); 460 init_random(); 461 462 bzero(&queue, sizeof(queue)); 463 LIST_INIT(&queue.queue); 464 465 own_name = basename(argv[0]); 466 467 if (strcmp(own_name, "mailq") == 0) { 468 argv++; argc--; 469 showq = 1; 470 if (argc != 0) 471 errx(EX_USAGE, "invalid arguments"); 472 goto skipopts; 473 } else if (strcmp(own_name, "newaliases") == 0) { 474 newaliases = 1; 475 goto skipopts; 476 } 477 478 opterr = 0; 479 while ((ch = getopt(argc, argv, ":A:b:B:C:d:Df:F:h:iL:N:no:O:q:r:R:tUV:vX:")) != -1) { 480 switch (ch) { 481 case 'A': 482 /* -AX is being ignored, except for -A{c,m} */ 483 if (optarg[0] == 'c' || optarg[0] == 'm') { 484 break; 485 } 486 /* Else FALLTHROUGH */ 487 case 'b': 488 /* -bX is being ignored, except for -bp */ 489 if (optarg[0] == 'p') { 490 showq = 1; 491 break; 492 } else if (optarg[0] == 'q') { 493 queue_only = 1; 494 break; 495 } 496 /* Else FALLTHROUGH */ 497 case 'D': 498 daemonize = 0; 499 break; 500 case 'L': 501 logident_base = optarg; 502 break; 503 case 'f': 504 case 'r': 505 sender = optarg; 506 break; 507 508 case 't': 509 recp_from_header = 1; 510 break; 511 512 case 'o': 513 /* -oX is being ignored, except for -oi */ 514 if (optarg[0] != 'i') 515 break; 516 /* Else FALLTHROUGH */ 517 case 'O': 518 break; 519 case 'i': 520 nodot = 1; 521 break; 522 523 case 'q': 524 /* Don't let getopt slup up other arguments */ 525 if (optarg && *optarg == '-') 526 optind--; 527 doqueue = 1; 528 break; 529 530 /* Ignored options */ 531 case 'B': 532 case 'C': 533 case 'd': 534 case 'F': 535 case 'h': 536 case 'N': 537 case 'n': 538 case 'R': 539 case 'U': 540 case 'V': 541 case 'v': 542 case 'X': 543 break; 544 545 case ':': 546 if (optopt == 'q') { 547 doqueue = 1; 548 break; 549 } 550 /* Else FALLTHROUGH */ 551 552 default: 553 fprintf(stderr, "invalid argument: `-%c'\n", optopt); 554 exit(EX_USAGE); 555 } 556 } 557 argc -= optind; 558 argv += optind; 559 opterr = 1; 560 561 if (argc != 0 && (showq || doqueue)) 562 errx(EX_USAGE, "sending mail and queue operations are mutually exclusive"); 563 564 if (showq + doqueue > 1) 565 errx(EX_USAGE, "conflicting queue operations"); 566 567 skipopts: 568 if (logident_base == NULL) 569 logident_base = "dma"; 570 setlogident("%s", logident_base); 571 572 act.sa_handler = sighup_handler; 573 act.sa_flags = 0; 574 sigemptyset(&act.sa_mask); 575 if (sigaction(SIGHUP, &act, NULL) != 0) 576 syslog(LOG_WARNING, "can not set signal handler: %m"); 577 578 parse_conf(CONF_PATH "/dma.conf"); 579 580 if (config.authpath != NULL) 581 parse_authfile(config.authpath); 582 583 if (showq) { 584 if (load_queue(&queue) < 0) 585 errlog(EX_NOINPUT, "can not load queue"); 586 show_queue(&queue); 587 return (0); 588 } 589 590 if (doqueue) { 591 flushqueue_signal(); 592 if (load_queue(&queue) < 0) 593 errlog(EX_NOINPUT, "can not load queue"); 594 run_queue(&queue); 595 return (0); 596 } 597 598 if (read_aliases() != 0) 599 errlog(EX_SOFTWARE, "could not parse aliases file `%s'", config.aliases); 600 601 if (newaliases) 602 return(0); 603 604 if ((sender = set_from(&queue, sender)) == NULL) 605 errlog(EX_SOFTWARE, "set_from()"); 606 607 if (newspoolf(&queue) != 0) 608 errlog(EX_CANTCREAT, "can not create temp file in `%s'", config.spooldir); 609 610 setlogident("%s", queue.id); 611 612 for (i = 0; i < argc; i++) { 613 if (add_recp(&queue, argv[i], EXPAND_WILDCARD) != 0) 614 errlogx(EX_DATAERR, "invalid recipient `%s'", argv[i]); 615 } 616 617 if (LIST_EMPTY(&queue.queue) && !recp_from_header) 618 errlogx(EX_NOINPUT, "no recipients"); 619 620 if (readmail(&queue, nodot, recp_from_header) != 0) 621 errlog(EX_NOINPUT, "can not read mail"); 622 623 if (LIST_EMPTY(&queue.queue)) 624 errlogx(EX_NOINPUT, "no recipients"); 625 626 if (linkspool(&queue) != 0) 627 errlog(EX_CANTCREAT, "can not create spools"); 628 629 /* From here on the mail is safe. */ 630 631 if (config.features & DEFER || queue_only) 632 return (0); 633 634 run_queue(&queue); 635 636 /* NOTREACHED */ 637 return (0); 638 } 639