xref: /freebsd/contrib/sendmail/src/collect.c (revision 5ca34122ecdd5abc62bdae39663fec9ac8523d87)
1 /*
2  * Copyright (c) 1998-2006, 2008 Proofpoint, Inc. and its suppliers.
3  *	All rights reserved.
4  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
5  * Copyright (c) 1988, 1993
6  *	The Regents of the University of California.  All rights reserved.
7  *
8  * By using this file, you agree to the terms and conditions set
9  * forth in the LICENSE file which can be found at the top level of
10  * the sendmail distribution.
11  *
12  */
13 
14 #include <sendmail.h>
15 
16 SM_RCSID("@(#)$Id: collect.c,v 8.287 2013-11-22 20:51:55 ca Exp $")
17 
18 static void	eatfrom __P((char *volatile, ENVELOPE *));
19 static void	collect_doheader __P((ENVELOPE *));
20 static SM_FILE_T *collect_dfopen __P((ENVELOPE *));
21 static SM_FILE_T *collect_eoh __P((ENVELOPE *, int, int));
22 
23 /*
24 **  COLLECT_EOH -- end-of-header processing in collect()
25 **
26 **	Called by collect() when it encounters the blank line
27 **	separating the header from the message body, or when it
28 **	encounters EOF in a message that contains only a header.
29 **
30 **	Parameters:
31 **		e -- envelope
32 **		numhdrs -- number of headers
33 **		hdrslen -- length of headers
34 **
35 **	Results:
36 **		NULL, or handle to open data file
37 **
38 **	Side Effects:
39 **		end-of-header check ruleset is invoked.
40 **		envelope state is updated.
41 **		headers may be added and deleted.
42 **		selects the queue.
43 **		opens the data file.
44 */
45 
46 static SM_FILE_T *
47 collect_eoh(e, numhdrs, hdrslen)
48 	ENVELOPE *e;
49 	int numhdrs;
50 	int hdrslen;
51 {
52 	char hnum[16];
53 	char hsize[16];
54 
55 	/* call the end-of-header check ruleset */
56 	(void) sm_snprintf(hnum, sizeof(hnum), "%d", numhdrs);
57 	(void) sm_snprintf(hsize, sizeof(hsize), "%d", hdrslen);
58 	if (tTd(30, 10))
59 		sm_dprintf("collect: rscheck(\"check_eoh\", \"%s $| %s\")\n",
60 			   hnum, hsize);
61 	(void) rscheck("check_eoh", hnum, hsize, e, RSF_UNSTRUCTURED|RSF_COUNT,
62 			3, NULL, e->e_id, NULL, NULL);
63 
64 	/*
65 	**  Process the header,
66 	**  select the queue, open the data file.
67 	*/
68 
69 	collect_doheader(e);
70 	return collect_dfopen(e);
71 }
72 
73 /*
74 **  COLLECT_DOHEADER -- process header in collect()
75 **
76 **	Called by collect() after it has finished parsing the header,
77 **	but before it selects the queue and creates the data file.
78 **	The results of processing the header will affect queue selection.
79 **
80 **	Parameters:
81 **		e -- envelope
82 **
83 **	Results:
84 **		none.
85 **
86 **	Side Effects:
87 **		envelope state is updated.
88 **		headers may be added and deleted.
89 */
90 
91 static void
92 collect_doheader(e)
93 	ENVELOPE *e;
94 {
95 	/*
96 	**  Find out some information from the headers.
97 	**	Examples are who is the from person & the date.
98 	*/
99 
100 	eatheader(e, true, false);
101 
102 	if (GrabTo && e->e_sendqueue == NULL)
103 		usrerr("No recipient addresses found in header");
104 
105 	/*
106 	**  If we have a Return-Receipt-To:, turn it into a DSN.
107 	*/
108 
109 	if (RrtImpliesDsn && hvalue("return-receipt-to", e->e_header) != NULL)
110 	{
111 		ADDRESS *q;
112 
113 		for (q = e->e_sendqueue; q != NULL; q = q->q_next)
114 			if (!bitset(QHASNOTIFY, q->q_flags))
115 				q->q_flags |= QHASNOTIFY|QPINGONSUCCESS;
116 	}
117 
118 	/*
119 	**  Add an appropriate recipient line if we have none.
120 	*/
121 
122 	if (hvalue("to", e->e_header) != NULL ||
123 	    hvalue("cc", e->e_header) != NULL ||
124 	    hvalue("apparently-to", e->e_header) != NULL)
125 	{
126 		/* have a valid recipient header -- delete Bcc: headers */
127 		e->e_flags |= EF_DELETE_BCC;
128 	}
129 	else if (hvalue("bcc", e->e_header) == NULL)
130 	{
131 		/* no valid recipient headers */
132 		register ADDRESS *q;
133 		char *hdr = NULL;
134 
135 		/* create a recipient field */
136 		switch (NoRecipientAction)
137 		{
138 		  case NRA_ADD_APPARENTLY_TO:
139 			hdr = "Apparently-To";
140 			break;
141 
142 		  case NRA_ADD_TO:
143 			hdr = "To";
144 			break;
145 
146 		  case NRA_ADD_BCC:
147 			addheader("Bcc", " ", 0, e, true);
148 			break;
149 
150 		  case NRA_ADD_TO_UNDISCLOSED:
151 			addheader("To", "undisclosed-recipients:;", 0, e, true);
152 			break;
153 		}
154 
155 		if (hdr != NULL)
156 		{
157 			for (q = e->e_sendqueue; q != NULL; q = q->q_next)
158 			{
159 				if (q->q_alias != NULL)
160 					continue;
161 				if (tTd(30, 3))
162 					sm_dprintf("Adding %s: %s\n",
163 						hdr, q->q_paddr);
164 				addheader(hdr, q->q_paddr, 0, e, true);
165 			}
166 		}
167 	}
168 }
169 
170 /*
171 **  COLLECT_DFOPEN -- open the message data file
172 **
173 **	Called by collect() after it has finished processing the header.
174 **	Queue selection occurs at this point, possibly based on the
175 **	envelope's recipient list and on header information.
176 **
177 **	Parameters:
178 **		e -- envelope
179 **
180 **	Results:
181 **		NULL, or a pointer to an open data file,
182 **		into which the message body will be written by collect().
183 **
184 **	Side Effects:
185 **		Calls syserr, sets EF_FATALERRS and returns NULL
186 **		if there is insufficient disk space.
187 **		Aborts process if data file could not be opened.
188 **		Otherwise, the queue is selected,
189 **		e->e_{dfino,dfdev,msgsize,flags} are updated,
190 **		and a pointer to an open data file is returned.
191 */
192 
193 static SM_FILE_T *
194 collect_dfopen(e)
195 	ENVELOPE *e;
196 {
197 	MODE_T oldumask = 0;
198 	int dfd;
199 	struct stat stbuf;
200 	SM_FILE_T *df;
201 	char *dfname;
202 
203 	if (!setnewqueue(e))
204 		return NULL;
205 
206 	dfname = queuename(e, DATAFL_LETTER);
207 	if (bitset(S_IWGRP, QueueFileMode))
208 		oldumask = umask(002);
209 	df = bfopen(dfname, QueueFileMode, DataFileBufferSize,
210 		    SFF_OPENASROOT);
211 	if (bitset(S_IWGRP, QueueFileMode))
212 		(void) umask(oldumask);
213 	if (df == NULL)
214 	{
215 		syserr("@Cannot create %s", dfname);
216 		e->e_flags |= EF_NO_BODY_RETN;
217 		flush_errors(true);
218 		finis(false, true, ExitStat);
219 		/* NOTREACHED */
220 	}
221 	dfd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL);
222 	if (dfd < 0 || fstat(dfd, &stbuf) < 0)
223 		e->e_dfino = -1;
224 	else
225 	{
226 		e->e_dfdev = stbuf.st_dev;
227 		e->e_dfino = stbuf.st_ino;
228 	}
229 	e->e_flags |= EF_HAS_DF;
230 	return df;
231 }
232 
233 /*
234 **  COLLECT -- read & parse message header & make temp file.
235 **
236 **	Creates a temporary file name and copies the standard
237 **	input to that file.  Leading UNIX-style "From" lines are
238 **	stripped off (after important information is extracted).
239 **
240 **	Parameters:
241 **		fp -- file to read.
242 **		smtpmode -- if set, we are running SMTP: give an RFC821
243 **			style message to say we are ready to collect
244 **			input, and never ignore a single dot to mean
245 **			end of message.
246 **		hdrp -- the location to stash the header.
247 **		e -- the current envelope.
248 **		rsetsize -- reset e_msgsize?
249 **
250 **	Returns:
251 **		none.
252 **
253 **	Side Effects:
254 **		If successful,
255 **		- Data file is created and filled, and e->e_dfp is set.
256 **		- The from person may be set.
257 **		If the "enough disk space" check fails,
258 **		- syserr is called.
259 **		- e->e_dfp is NULL.
260 **		- e->e_flags & EF_FATALERRS is set.
261 **		- collect() returns.
262 **		If data file cannot be created, the process is terminated.
263 */
264 
265 /* values for input state machine */
266 #define IS_NORM		0	/* middle of line */
267 #define IS_BOL		1	/* beginning of line */
268 #define IS_DOT		2	/* read a dot at beginning of line */
269 #define IS_DOTCR	3	/* read ".\r" at beginning of line */
270 #define IS_CR		4	/* read a carriage return */
271 
272 /* values for message state machine */
273 #define MS_UFROM	0	/* reading Unix from line */
274 #define MS_HEADER	1	/* reading message header */
275 #define MS_BODY		2	/* reading message body */
276 #define MS_DISCARD	3	/* discarding rest of message */
277 
278 void
279 collect(fp, smtpmode, hdrp, e, rsetsize)
280 	SM_FILE_T *fp;
281 	bool smtpmode;
282 	HDR **hdrp;
283 	register ENVELOPE *e;
284 	bool rsetsize;
285 {
286 	register SM_FILE_T *df;
287 	bool ignrdot;
288 	int dbto;
289 	register char *bp;
290 	int c;
291 	bool inputerr;
292 	bool headeronly;
293 	char *buf;
294 	int buflen;
295 	int istate;
296 	int mstate;
297 	int hdrslen;
298 	int numhdrs;
299 	int afd;
300 	int old_rd_tmo;
301 	unsigned char *pbp;
302 	unsigned char peekbuf[8];
303 	char bufbuf[MAXLINE];
304 #if _FFR_REJECT_NUL_BYTE
305 	bool hasNUL;		/* has at least one NUL input byte */
306 #endif /* _FFR_REJECT_NUL_BYTE */
307 
308 	df = NULL;
309 	ignrdot = smtpmode ? false : IgnrDot;
310 
311 	/* timeout for I/O functions is in milliseconds */
312 	dbto = smtpmode ? ((int) TimeOuts.to_datablock * 1000)
313 			: SM_TIME_FOREVER;
314 	sm_io_setinfo(fp, SM_IO_WHAT_TIMEOUT, &dbto);
315 	old_rd_tmo = set_tls_rd_tmo(TimeOuts.to_datablock);
316 	c = SM_IO_EOF;
317 	inputerr = false;
318 	headeronly = hdrp != NULL;
319 	hdrslen = 0;
320 	numhdrs = 0;
321 	HasEightBits = false;
322 #if _FFR_REJECT_NUL_BYTE
323 	hasNUL = false;
324 #endif /* _FFR_REJECT_NUL_BYTE */
325 	buf = bp = bufbuf;
326 	buflen = sizeof(bufbuf);
327 	pbp = peekbuf;
328 	istate = IS_BOL;
329 	mstate = SaveFrom ? MS_HEADER : MS_UFROM;
330 
331 	/*
332 	**  Tell ARPANET to go ahead.
333 	*/
334 
335 	if (smtpmode)
336 		message("354 Enter mail, end with \".\" on a line by itself");
337 
338 	/* simulate an I/O timeout when used as sink */
339 	if (tTd(83, 101))
340 		sleep(319);
341 
342 	if (tTd(30, 2))
343 		sm_dprintf("collect\n");
344 
345 	/*
346 	**  Read the message.
347 	**
348 	**	This is done using two interleaved state machines.
349 	**	The input state machine is looking for things like
350 	**	hidden dots; the message state machine is handling
351 	**	the larger picture (e.g., header versus body).
352 	*/
353 
354 	if (rsetsize)
355 		e->e_msgsize = 0;
356 	for (;;)
357 	{
358 		if (tTd(30, 35))
359 			sm_dprintf("top, istate=%d, mstate=%d\n", istate,
360 				   mstate);
361 		for (;;)
362 		{
363 			if (pbp > peekbuf)
364 				c = *--pbp;
365 			else
366 			{
367 				while (!sm_io_eof(fp) && !sm_io_error(fp))
368 				{
369 					errno = 0;
370 					c = sm_io_getc(fp, SM_TIME_DEFAULT);
371 					if (c == SM_IO_EOF && errno == EINTR)
372 					{
373 						/* Interrupted, retry */
374 						sm_io_clearerr(fp);
375 						continue;
376 					}
377 
378 					/* timeout? */
379 					if (c == SM_IO_EOF && errno == EAGAIN
380 					    && smtpmode)
381 					{
382 						/*
383 						**  Override e_message in
384 						**  usrerr() as this is the
385 						**  reason for failure that
386 						**  should be logged for
387 						**  undelivered recipients.
388 						*/
389 
390 						e->e_message = NULL;
391 						errno = 0;
392 						inputerr = true;
393 						goto readabort;
394 					}
395 					break;
396 				}
397 				if (TrafficLogFile != NULL && !headeronly)
398 				{
399 					if (istate == IS_BOL)
400 						(void) sm_io_fprintf(TrafficLogFile,
401 							SM_TIME_DEFAULT,
402 							"%05d <<< ",
403 							(int) CurrentPid);
404 					if (c == SM_IO_EOF)
405 						(void) sm_io_fprintf(TrafficLogFile,
406 							SM_TIME_DEFAULT,
407 							"[EOF]\n");
408 					else
409 						(void) sm_io_putc(TrafficLogFile,
410 							SM_TIME_DEFAULT,
411 							c);
412 				}
413 #if _FFR_REJECT_NUL_BYTE
414 				if (c == '\0')
415 					hasNUL = true;
416 #endif /* _FFR_REJECT_NUL_BYTE */
417 				if (c == SM_IO_EOF)
418 					goto readerr;
419 				if (SevenBitInput)
420 					c &= 0x7f;
421 				else
422 					HasEightBits |= bitset(0x80, c);
423 			}
424 			if (tTd(30, 94))
425 				sm_dprintf("istate=%d, c=%c (0x%x)\n",
426 					istate, (char) c, c);
427 			switch (istate)
428 			{
429 			  case IS_BOL:
430 				if (c == '.')
431 				{
432 					istate = IS_DOT;
433 					continue;
434 				}
435 				break;
436 
437 			  case IS_DOT:
438 				if (c == '\n' && !ignrdot &&
439 				    !bitset(EF_NL_NOT_EOL, e->e_flags))
440 					goto readerr;
441 				else if (c == '\r' &&
442 					 !bitset(EF_CRLF_NOT_EOL, e->e_flags))
443 				{
444 					istate = IS_DOTCR;
445 					continue;
446 				}
447 				else if (ignrdot ||
448 					 (c != '.' &&
449 					  OpMode != MD_SMTP &&
450 					  OpMode != MD_DAEMON &&
451 					  OpMode != MD_ARPAFTP))
452 
453 				{
454 					SM_ASSERT(pbp < peekbuf +
455 							sizeof(peekbuf));
456 					*pbp++ = c;
457 					c = '.';
458 				}
459 				break;
460 
461 			  case IS_DOTCR:
462 				if (c == '\n' && !ignrdot)
463 					goto readerr;
464 				else
465 				{
466 					/* push back the ".\rx" */
467 					SM_ASSERT(pbp < peekbuf +
468 							sizeof(peekbuf));
469 					*pbp++ = c;
470 					if (OpMode != MD_SMTP &&
471 					    OpMode != MD_DAEMON &&
472 					    OpMode != MD_ARPAFTP)
473 					{
474 						SM_ASSERT(pbp < peekbuf +
475 							 sizeof(peekbuf));
476 						*pbp++ = '\r';
477 						c = '.';
478 					}
479 					else
480 						c = '\r';
481 				}
482 				break;
483 
484 			  case IS_CR:
485 				if (c == '\n')
486 					istate = IS_BOL;
487 				else
488 				{
489 					(void) sm_io_ungetc(fp, SM_TIME_DEFAULT,
490 							    c);
491 					c = '\r';
492 					istate = IS_NORM;
493 				}
494 				goto bufferchar;
495 			}
496 
497 			if (c == '\r' && !bitset(EF_CRLF_NOT_EOL, e->e_flags))
498 			{
499 				istate = IS_CR;
500 				continue;
501 			}
502 			else if (c == '\n' && !bitset(EF_NL_NOT_EOL,
503 						      e->e_flags))
504 				istate = IS_BOL;
505 			else
506 				istate = IS_NORM;
507 
508 bufferchar:
509 			if (!headeronly)
510 			{
511 				/* no overflow? */
512 				if (e->e_msgsize >= 0)
513 				{
514 					e->e_msgsize++;
515 					if (MaxMessageSize > 0 &&
516 					    !bitset(EF_TOOBIG, e->e_flags) &&
517 					    e->e_msgsize > MaxMessageSize)
518 						 e->e_flags |= EF_TOOBIG;
519 				}
520 			}
521 			switch (mstate)
522 			{
523 			  case MS_BODY:
524 				/* just put the character out */
525 				if (!bitset(EF_TOOBIG, e->e_flags))
526 					(void) sm_io_putc(df, SM_TIME_DEFAULT,
527 							  c);
528 
529 				/* FALLTHROUGH */
530 
531 			  case MS_DISCARD:
532 				continue;
533 			}
534 
535 			SM_ASSERT(mstate == MS_UFROM || mstate == MS_HEADER);
536 
537 			/* header -- buffer up */
538 			if (bp >= &buf[buflen - 2])
539 			{
540 				char *obuf;
541 
542 				/* out of space for header */
543 				obuf = buf;
544 				if (buflen < MEMCHUNKSIZE)
545 					buflen *= 2;
546 				else
547 					buflen += MEMCHUNKSIZE;
548 				if (buflen <= 0)
549 				{
550 					sm_syslog(LOG_NOTICE, e->e_id,
551 						  "header overflow from %s during message collect",
552 						  CURHOSTNAME);
553 					errno = 0;
554 					e->e_flags |= EF_CLRQUEUE;
555 					e->e_status = "5.6.0";
556 					usrerrenh(e->e_status,
557 						  "552 Headers too large");
558 					goto discard;
559 				}
560 				buf = xalloc(buflen);
561 				memmove(buf, obuf, bp - obuf);
562 				bp = &buf[bp - obuf];
563 				if (obuf != bufbuf)
564 					sm_free(obuf);  /* XXX */
565 			}
566 
567 			if (c != '\0')
568 			{
569 				*bp++ = c;
570 				++hdrslen;
571 				if (!headeronly &&
572 				    MaxHeadersLength > 0 &&
573 				    hdrslen > MaxHeadersLength)
574 				{
575 					sm_syslog(LOG_NOTICE, e->e_id,
576 						  "headers too large (%d max) from %s during message collect",
577 						  MaxHeadersLength,
578 						  CURHOSTNAME);
579 					errno = 0;
580 					e->e_flags |= EF_CLRQUEUE;
581 					e->e_status = "5.6.0";
582 					usrerrenh(e->e_status,
583 						  "552 Headers too large (%d max)",
584 						  MaxHeadersLength);
585   discard:
586 					mstate = MS_DISCARD;
587 				}
588 			}
589 			if (istate == IS_BOL)
590 				break;
591 		}
592 		*bp = '\0';
593 
594 nextstate:
595 		if (tTd(30, 35))
596 			sm_dprintf("nextstate, istate=%d, mstate=%d, line=\"%s\"\n",
597 				istate, mstate, buf);
598 		switch (mstate)
599 		{
600 		  case MS_UFROM:
601 			mstate = MS_HEADER;
602 #ifndef NOTUNIX
603 			if (strncmp(buf, "From ", 5) == 0)
604 			{
605 				bp = buf;
606 				eatfrom(buf, e);
607 				continue;
608 			}
609 #endif /* ! NOTUNIX */
610 			/* FALLTHROUGH */
611 
612 		  case MS_HEADER:
613 			if (!isheader(buf))
614 			{
615 				mstate = MS_BODY;
616 				goto nextstate;
617 			}
618 
619 			/* check for possible continuation line */
620 			do
621 			{
622 				sm_io_clearerr(fp);
623 				errno = 0;
624 				c = sm_io_getc(fp, SM_TIME_DEFAULT);
625 
626 				/* timeout? */
627 				if (c == SM_IO_EOF && errno == EAGAIN
628 				    && smtpmode)
629 				{
630 					/*
631 					**  Override e_message in
632 					**  usrerr() as this is the
633 					**  reason for failure that
634 					**  should be logged for
635 					**  undelivered recipients.
636 					*/
637 
638 					e->e_message = NULL;
639 					errno = 0;
640 					inputerr = true;
641 					goto readabort;
642 				}
643 			} while (c == SM_IO_EOF && errno == EINTR);
644 			if (c != SM_IO_EOF)
645 				(void) sm_io_ungetc(fp, SM_TIME_DEFAULT, c);
646 			if (c == ' ' || c == '\t')
647 			{
648 				/* yep -- defer this */
649 				continue;
650 			}
651 
652 			SM_ASSERT(bp > buf);
653 
654 			/* guaranteed by isheader(buf) */
655 			SM_ASSERT(*(bp - 1) != '\n' || bp > buf + 1);
656 
657 			/* trim off trailing CRLF or NL */
658 			if (*--bp != '\n' || *--bp != '\r')
659 				bp++;
660 			*bp = '\0';
661 
662 			if (bitset(H_EOH, chompheader(buf,
663 						      CHHDR_CHECK | CHHDR_USER,
664 						      hdrp, e)))
665 			{
666 				mstate = MS_BODY;
667 				goto nextstate;
668 			}
669 			numhdrs++;
670 			break;
671 
672 		  case MS_BODY:
673 			if (tTd(30, 1))
674 				sm_dprintf("EOH\n");
675 
676 			if (headeronly)
677 				goto readerr;
678 
679 			df = collect_eoh(e, numhdrs, hdrslen);
680 			if (df == NULL)
681 				e->e_flags |= EF_TOOBIG;
682 
683 			bp = buf;
684 
685 			/* toss blank line */
686 			if ((!bitset(EF_CRLF_NOT_EOL, e->e_flags) &&
687 				bp[0] == '\r' && bp[1] == '\n') ||
688 			    (!bitset(EF_NL_NOT_EOL, e->e_flags) &&
689 				bp[0] == '\n'))
690 			{
691 				break;
692 			}
693 
694 			/* if not a blank separator, write it out */
695 			if (!bitset(EF_TOOBIG, e->e_flags))
696 			{
697 				while (*bp != '\0')
698 					(void) sm_io_putc(df, SM_TIME_DEFAULT,
699 							  *bp++);
700 			}
701 			break;
702 		}
703 		bp = buf;
704 	}
705 
706 readerr:
707 	if ((sm_io_eof(fp) && smtpmode) || sm_io_error(fp))
708 	{
709 		const char *errmsg;
710 
711 		if (sm_io_eof(fp))
712 			errmsg = "unexpected close";
713 		else
714 			errmsg = sm_errstring(errno);
715 		if (tTd(30, 1))
716 			sm_dprintf("collect: premature EOM: %s\n", errmsg);
717 		if (LogLevel > 1)
718 			sm_syslog(LOG_WARNING, e->e_id,
719 				"collect: premature EOM: %s", errmsg);
720 		inputerr = true;
721 	}
722 
723 	if (headeronly)
724 		goto end;
725 
726 	if (mstate != MS_BODY)
727 	{
728 		/* no body or discard, so we never opened the data file */
729 		SM_ASSERT(df == NULL);
730 		df = collect_eoh(e, numhdrs, hdrslen);
731 	}
732 
733 	if (df == NULL)
734 	{
735 		/* skip next few clauses */
736 		/* EMPTY */
737 	}
738 	else if (sm_io_flush(df, SM_TIME_DEFAULT) != 0 || sm_io_error(df))
739 	{
740 		dferror(df, "sm_io_flush||sm_io_error", e);
741 		flush_errors(true);
742 		finis(true, true, ExitStat);
743 		/* NOTREACHED */
744 	}
745 	else if (SuperSafe == SAFE_NO ||
746 		 SuperSafe == SAFE_INTERACTIVE ||
747 		 (SuperSafe == SAFE_REALLY_POSTMILTER && smtpmode))
748 	{
749 		/* skip next few clauses */
750 		/* EMPTY */
751 		/* Note: updfs() is not called in this case! */
752 	}
753 	else if (sm_io_setinfo(df, SM_BF_COMMIT, NULL) < 0 && errno != EINVAL)
754 	{
755 		int save_errno = errno;
756 
757 		if (save_errno == EEXIST)
758 		{
759 			char *dfile;
760 			struct stat st;
761 			int dfd;
762 
763 			dfile = queuename(e, DATAFL_LETTER);
764 			if (stat(dfile, &st) < 0)
765 				st.st_size = -1;
766 			errno = EEXIST;
767 			syserr("@collect: bfcommit(%s): already on disk, size=%ld",
768 			       dfile, (long) st.st_size);
769 			dfd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL);
770 			if (dfd >= 0)
771 				dumpfd(dfd, true, true);
772 		}
773 		errno = save_errno;
774 		dferror(df, "bfcommit", e);
775 		flush_errors(true);
776 		finis(save_errno != EEXIST, true, ExitStat);
777 	}
778 	else if ((afd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL)) < 0)
779 	{
780 		dferror(df, "sm_io_getinfo", e);
781 		flush_errors(true);
782 		finis(true, true, ExitStat);
783 		/* NOTREACHED */
784 	}
785 	else if (fsync(afd) < 0)
786 	{
787 		dferror(df, "fsync", e);
788 		flush_errors(true);
789 		finis(true, true, ExitStat);
790 		/* NOTREACHED */
791 	}
792 	else if (sm_io_close(df, SM_TIME_DEFAULT) < 0)
793 	{
794 		dferror(df, "sm_io_close", e);
795 		flush_errors(true);
796 		finis(true, true, ExitStat);
797 		/* NOTREACHED */
798 	}
799 	else
800 	{
801 		/* everything is happily flushed to disk */
802 		df = NULL;
803 
804 		/* remove from available space in filesystem */
805 		updfs(e, 0, 1, "collect");
806 	}
807 
808 	/* An EOF when running SMTP is an error */
809   readabort:
810 	if (inputerr && (OpMode == MD_SMTP || OpMode == MD_DAEMON))
811 	{
812 		char *host;
813 		char *problem;
814 		ADDRESS *q;
815 
816 		host = RealHostName;
817 		if (host == NULL)
818 			host = "localhost";
819 
820 		if (sm_io_eof(fp))
821 			problem = "unexpected close";
822 		else if (sm_io_error(fp))
823 			problem = "I/O error";
824 		else
825 			problem = "read timeout";
826 		if (LogLevel > 0 && sm_io_eof(fp))
827 			sm_syslog(LOG_NOTICE, e->e_id,
828 				"collect: %s on connection from %.100s, sender=%s",
829 				problem, host,
830 				shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
831 		if (sm_io_eof(fp))
832 			usrerr("421 4.4.1 collect: %s on connection from %s, from=%s",
833 				problem, host,
834 				shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
835 		else
836 			syserr("421 4.4.1 collect: %s on connection from %s, from=%s",
837 				problem, host,
838 				shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
839 		flush_errors(true);
840 
841 		/* don't return an error indication */
842 		e->e_to = NULL;
843 		e->e_flags &= ~EF_FATALERRS;
844 		e->e_flags |= EF_CLRQUEUE;
845 
846 		/* Don't send any message notification to sender */
847 		for (q = e->e_sendqueue; q != NULL; q = q->q_next)
848 		{
849 			if (QS_IS_DEAD(q->q_state))
850 				continue;
851 			q->q_state = QS_FATALERR;
852 		}
853 
854 		(void) sm_io_close(df, SM_TIME_DEFAULT);
855 		df = NULL;
856 		finis(true, true, ExitStat);
857 		/* NOTREACHED */
858 	}
859 
860 	/* Log collection information. */
861 	if (tTd(92, 2))
862 		sm_dprintf("collect: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n",
863 			e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel);
864 	if (bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4)
865 	{
866 		logsender(e, e->e_msgid);
867 		e->e_flags &= ~EF_LOGSENDER;
868 	}
869 
870 	/* check for message too large */
871 	if (bitset(EF_TOOBIG, e->e_flags))
872 	{
873 		e->e_flags |= EF_NO_BODY_RETN|EF_CLRQUEUE;
874 		if (!bitset(EF_FATALERRS, e->e_flags))
875 		{
876 			e->e_status = "5.2.3";
877 			usrerrenh(e->e_status,
878 				"552 Message exceeds maximum fixed size (%ld)",
879 				MaxMessageSize);
880 			if (LogLevel > 6)
881 				sm_syslog(LOG_NOTICE, e->e_id,
882 					"message size (%ld) exceeds maximum (%ld)",
883 					PRT_NONNEGL(e->e_msgsize),
884 					MaxMessageSize);
885 		}
886 	}
887 
888 	/* check for illegal 8-bit data */
889 	if (HasEightBits)
890 	{
891 		e->e_flags |= EF_HAS8BIT;
892 		if (!bitset(MM_PASS8BIT|MM_MIME8BIT, MimeMode) &&
893 		    !bitset(EF_IS_MIME, e->e_flags))
894 		{
895 			e->e_status = "5.6.1";
896 			usrerrenh(e->e_status, "554 Eight bit data not allowed");
897 		}
898 	}
899 	else
900 	{
901 		/* if it claimed to be 8 bits, well, it lied.... */
902 		if (e->e_bodytype != NULL &&
903 		    sm_strcasecmp(e->e_bodytype, "8BITMIME") == 0)
904 			e->e_bodytype = "7BIT";
905 	}
906 
907 #if _FFR_REJECT_NUL_BYTE
908 	if (hasNUL && RejectNUL)
909 	{
910 		e->e_status = "5.6.1";
911 		usrerrenh(e->e_status, "554 NUL byte not allowed");
912 	}
913 #endif /* _FFR_REJECT_NUL_BYTE */
914 
915 	if (SuperSafe == SAFE_REALLY && !bitset(EF_FATALERRS, e->e_flags))
916 	{
917 		char *dfname = queuename(e, DATAFL_LETTER);
918 		if ((e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, dfname,
919 					   SM_IO_RDONLY_B, NULL)) == NULL)
920 		{
921 			/* we haven't acked receipt yet, so just chuck this */
922 			syserr("@Cannot reopen %s", dfname);
923 			finis(true, true, ExitStat);
924 			/* NOTREACHED */
925 		}
926 	}
927 	else
928 		e->e_dfp = df;
929 
930 	/* collect statistics */
931 	if (OpMode != MD_VERIFY)
932 	{
933 		/*
934 		**  Recalculate e_msgpriority, it is done at in eatheader()
935 		**  which is called (in 8.12) after the header is collected,
936 		**  hence e_msgsize is (most likely) incorrect.
937 		*/
938 
939 		e->e_msgpriority = e->e_msgsize
940 				 - e->e_class * WkClassFact
941 				 + e->e_nrcpts * WkRecipFact;
942 		markstats(e, (ADDRESS *) NULL, STATS_NORMAL);
943 	}
944 
945   end:
946 	(void) set_tls_rd_tmo(old_rd_tmo);
947 }
948 
949 /*
950 **  DFERROR -- signal error on writing the data file.
951 **
952 **	Called by collect().  Collect() always terminates the process
953 **	immediately after calling dferror(), which means that the SMTP
954 **	session will be terminated, which means that any error message
955 **	issued by dferror must be a 421 error, as per RFC 821.
956 **
957 **	Parameters:
958 **		df -- the file pointer for the data file.
959 **		msg -- detailed message.
960 **		e -- the current envelope.
961 **
962 **	Returns:
963 **		none.
964 **
965 **	Side Effects:
966 **		Gives an error message.
967 **		Arranges for following output to go elsewhere.
968 */
969 
970 void
971 dferror(df, msg, e)
972 	SM_FILE_T *volatile df;
973 	char *msg;
974 	register ENVELOPE *e;
975 {
976 	char *dfname;
977 
978 	dfname = queuename(e, DATAFL_LETTER);
979 	setstat(EX_IOERR);
980 	if (errno == ENOSPC)
981 	{
982 #if STAT64 > 0
983 		struct stat64 st;
984 #else /* STAT64 > 0 */
985 		struct stat st;
986 #endif /* STAT64 > 0 */
987 		long avail;
988 		long bsize;
989 
990 		e->e_flags |= EF_NO_BODY_RETN;
991 
992 		if (
993 #if STAT64 > 0
994 		    fstat64(sm_io_getinfo(df, SM_IO_WHAT_FD, NULL), &st)
995 #else /* STAT64 > 0 */
996 		    fstat(sm_io_getinfo(df, SM_IO_WHAT_FD, NULL), &st)
997 #endif /* STAT64 > 0 */
998 		    < 0)
999 		  st.st_size = 0;
1000 		(void) sm_io_reopen(SmFtStdio, SM_TIME_DEFAULT, dfname,
1001 				    SM_IO_WRONLY_B, NULL, df);
1002 		if (st.st_size <= 0)
1003 			(void) sm_io_fprintf(df, SM_TIME_DEFAULT,
1004 				"\n*** Mail could not be accepted");
1005 		else
1006 			(void) sm_io_fprintf(df, SM_TIME_DEFAULT,
1007 				"\n*** Mail of at least %llu bytes could not be accepted\n",
1008 				(ULONGLONG_T) st.st_size);
1009 		(void) sm_io_fprintf(df, SM_TIME_DEFAULT,
1010 			"*** at %s due to lack of disk space for temp file.\n",
1011 			MyHostName);
1012 		avail = freediskspace(qid_printqueue(e->e_qgrp, e->e_qdir),
1013 				      &bsize);
1014 		if (avail > 0)
1015 		{
1016 			if (bsize > 1024)
1017 				avail *= bsize / 1024;
1018 			else if (bsize < 1024)
1019 				avail /= 1024 / bsize;
1020 			(void) sm_io_fprintf(df, SM_TIME_DEFAULT,
1021 				"*** Currently, %ld kilobytes are available for mail temp files.\n",
1022 				avail);
1023 		}
1024 #if 0
1025 		/* Wrong response code; should be 421. */
1026 		e->e_status = "4.3.1";
1027 		usrerrenh(e->e_status, "452 Out of disk space for temp file");
1028 #else /* 0 */
1029 		syserr("421 4.3.1 Out of disk space for temp file");
1030 #endif /* 0 */
1031 	}
1032 	else
1033 		syserr("421 4.3.0 collect: Cannot write %s (%s, uid=%ld, gid=%ld)",
1034 			dfname, msg, (long) geteuid(), (long) getegid());
1035 	if (sm_io_reopen(SmFtStdio, SM_TIME_DEFAULT, SM_PATH_DEVNULL,
1036 			 SM_IO_WRONLY, NULL, df) == NULL)
1037 		sm_syslog(LOG_ERR, e->e_id,
1038 			  "dferror: sm_io_reopen(\"/dev/null\") failed: %s",
1039 			  sm_errstring(errno));
1040 }
1041 /*
1042 **  EATFROM -- chew up a UNIX style from line and process
1043 **
1044 **	This does indeed make some assumptions about the format
1045 **	of UNIX messages.
1046 **
1047 **	Parameters:
1048 **		fm -- the from line.
1049 **		e -- envelope
1050 **
1051 **	Returns:
1052 **		none.
1053 **
1054 **	Side Effects:
1055 **		extracts what information it can from the header,
1056 **		such as the date.
1057 */
1058 
1059 #ifndef NOTUNIX
1060 
1061 static char	*DowList[] =
1062 {
1063 	"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", NULL
1064 };
1065 
1066 static char	*MonthList[] =
1067 {
1068 	"Jan", "Feb", "Mar", "Apr", "May", "Jun",
1069 	"Jul", "Aug", "Sep", "Oct", "Nov", "Dec",
1070 	NULL
1071 };
1072 
1073 static void
1074 eatfrom(fm, e)
1075 	char *volatile fm;
1076 	register ENVELOPE *e;
1077 {
1078 	register char *p;
1079 	register char **dt;
1080 
1081 	if (tTd(30, 2))
1082 		sm_dprintf("eatfrom(%s)\n", fm);
1083 
1084 	/* find the date part */
1085 	p = fm;
1086 	while (*p != '\0')
1087 	{
1088 		/* skip a word */
1089 		while (*p != '\0' && *p != ' ')
1090 			p++;
1091 		while (*p == ' ')
1092 			p++;
1093 		if (strlen(p) < 17)
1094 		{
1095 			/* no room for the date */
1096 			return;
1097 		}
1098 		if (!(isascii(*p) && isupper(*p)) ||
1099 		    p[3] != ' ' || p[13] != ':' || p[16] != ':')
1100 			continue;
1101 
1102 		/* we have a possible date */
1103 		for (dt = DowList; *dt != NULL; dt++)
1104 			if (strncmp(*dt, p, 3) == 0)
1105 				break;
1106 		if (*dt == NULL)
1107 			continue;
1108 
1109 		for (dt = MonthList; *dt != NULL; dt++)
1110 		{
1111 			if (strncmp(*dt, &p[4], 3) == 0)
1112 				break;
1113 		}
1114 		if (*dt != NULL)
1115 			break;
1116 	}
1117 
1118 	if (*p != '\0')
1119 	{
1120 		char *q, buf[25];
1121 
1122 		/* we have found a date */
1123 		(void) sm_strlcpy(buf, p, sizeof(buf));
1124 		q = arpadate(buf);
1125 		macdefine(&e->e_macro, A_TEMP, 'a', q);
1126 	}
1127 }
1128 #endif /* ! NOTUNIX */
1129