xref: /freebsd/contrib/sendmail/src/collect.c (revision ec965063070e5753c166cf592c9336444b74720a)
1 /*
2  * Copyright (c) 1998-2006, 2008 Proofpoint, Inc. and its suppliers.
3  *	All rights reserved.
4  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
5  * Copyright (c) 1988, 1993
6  *	The Regents of the University of California.  All rights reserved.
7  *
8  * By using this file, you agree to the terms and conditions set
9  * forth in the LICENSE file which can be found at the top level of
10  * the sendmail distribution.
11  *
12  */
13 
14 #include <sendmail.h>
15 
16 SM_RCSID("@(#)$Id: collect.c,v 8.287 2013-11-22 20:51:55 ca Exp $")
17 
18 #include <sm/sendmail.h>
19 
20 static void	eatfrom __P((char *volatile, ENVELOPE *));
21 static void	collect_doheader __P((ENVELOPE *));
22 static SM_FILE_T *collect_dfopen __P((ENVELOPE *));
23 static SM_FILE_T *collect_eoh __P((ENVELOPE *, int, int));
24 
25 /*
26 **  COLLECT_EOH -- end-of-header processing in collect()
27 **
28 **	Called by collect() when it encounters the blank line
29 **	separating the header from the message body, or when it
30 **	encounters EOF in a message that contains only a header.
31 **
32 **	Parameters:
33 **		e -- envelope
34 **		numhdrs -- number of headers
35 **		hdrslen -- length of headers
36 **
37 **	Results:
38 **		NULL, or handle to open data file
39 **
40 **	Side Effects:
41 **		end-of-header check ruleset is invoked.
42 **		envelope state is updated.
43 **		headers may be added and deleted.
44 **		selects the queue.
45 **		opens the data file.
46 */
47 
48 static SM_FILE_T *
49 collect_eoh(e, numhdrs, hdrslen)
50 	ENVELOPE *e;
51 	int numhdrs;
52 	int hdrslen;
53 {
54 	char hnum[16];
55 	char hsize[16];
56 
57 	/* call the end-of-header check ruleset */
58 	(void) sm_snprintf(hnum, sizeof(hnum), "%d", numhdrs);
59 	(void) sm_snprintf(hsize, sizeof(hsize), "%d", hdrslen);
60 	if (tTd(30, 10))
61 		sm_dprintf("collect: rscheck(\"check_eoh\", \"%s $| %s\")\n",
62 			   hnum, hsize);
63 	(void) rscheck("check_eoh", hnum, hsize, e, RSF_UNSTRUCTURED|RSF_COUNT,
64 			3, NULL, e->e_id, NULL, NULL);
65 
66 	/*
67 	**  Process the header,
68 	**  select the queue, open the data file.
69 	*/
70 
71 	collect_doheader(e);
72 	return collect_dfopen(e);
73 }
74 
75 /*
76 **  COLLECT_DOHEADER -- process header in collect()
77 **
78 **	Called by collect() after it has finished parsing the header,
79 **	but before it selects the queue and creates the data file.
80 **	The results of processing the header will affect queue selection.
81 **
82 **	Parameters:
83 **		e -- envelope
84 **
85 **	Results:
86 **		none.
87 **
88 **	Side Effects:
89 **		envelope state is updated.
90 **		headers may be added and deleted.
91 */
92 
93 static void
94 collect_doheader(e)
95 	ENVELOPE *e;
96 {
97 	/*
98 	**  Find out some information from the headers.
99 	**	Examples are who is the from person & the date.
100 	*/
101 
102 	eatheader(e, true, false);
103 
104 	if (GrabTo && e->e_sendqueue == NULL)
105 		usrerr("No recipient addresses found in header");
106 
107 	/*
108 	**  If we have a Return-Receipt-To:, turn it into a DSN.
109 	*/
110 
111 	if (RrtImpliesDsn && hvalue("return-receipt-to", e->e_header) != NULL)
112 	{
113 		ADDRESS *q;
114 
115 		for (q = e->e_sendqueue; q != NULL; q = q->q_next)
116 			if (!bitset(QHASNOTIFY, q->q_flags))
117 				q->q_flags |= QHASNOTIFY|QPINGONSUCCESS;
118 	}
119 
120 	/*
121 	**  Add an appropriate recipient line if we have none.
122 	*/
123 
124 	if (hvalue("to", e->e_header) != NULL ||
125 	    hvalue("cc", e->e_header) != NULL ||
126 	    hvalue("apparently-to", e->e_header) != NULL)
127 	{
128 		/* have a valid recipient header -- delete Bcc: headers */
129 		e->e_flags |= EF_DELETE_BCC;
130 	}
131 	else if (hvalue("bcc", e->e_header) == NULL)
132 	{
133 		/* no valid recipient headers */
134 		register ADDRESS *q;
135 		char *hdr = NULL;
136 
137 		/* create a recipient field */
138 		switch (NoRecipientAction)
139 		{
140 		  case NRA_ADD_APPARENTLY_TO:
141 			hdr = "Apparently-To";
142 			break;
143 
144 		  case NRA_ADD_TO:
145 			hdr = "To";
146 			break;
147 
148 		  case NRA_ADD_BCC:
149 			addheader("Bcc", " ", 0, e, true);
150 			break;
151 
152 		  case NRA_ADD_TO_UNDISCLOSED:
153 			addheader("To", "undisclosed-recipients:;", 0, e, true);
154 			break;
155 		}
156 
157 		if (hdr != NULL)
158 		{
159 			for (q = e->e_sendqueue; q != NULL; q = q->q_next)
160 			{
161 				if (q->q_alias != NULL)
162 					continue;
163 				if (tTd(30, 3))
164 					sm_dprintf("Adding %s: %s\n",
165 						hdr, q->q_paddr);
166 				addheader(hdr, q->q_paddr, 0, e, true);
167 			}
168 		}
169 	}
170 }
171 
172 /*
173 **  COLLECT_DFOPEN -- open the message data file
174 **
175 **	Called by collect() after it has finished processing the header.
176 **	Queue selection occurs at this point, possibly based on the
177 **	envelope's recipient list and on header information.
178 **
179 **	Parameters:
180 **		e -- envelope
181 **
182 **	Results:
183 **		NULL, or a pointer to an open data file,
184 **		into which the message body will be written by collect().
185 **
186 **	Side Effects:
187 **		Calls syserr, sets EF_FATALERRS and returns NULL
188 **		if there is insufficient disk space.
189 **		Aborts process if data file could not be opened.
190 **		Otherwise, the queue is selected,
191 **		e->e_{dfino,dfdev,msgsize,flags} are updated,
192 **		and a pointer to an open data file is returned.
193 */
194 
195 static SM_FILE_T *
196 collect_dfopen(e)
197 	ENVELOPE *e;
198 {
199 	MODE_T oldumask = 0;
200 	int dfd;
201 	struct stat stbuf;
202 	SM_FILE_T *df;
203 	char *dfname;
204 
205 	if (!setnewqueue(e))
206 		return NULL;
207 
208 	dfname = queuename(e, DATAFL_LETTER);
209 	if (bitset(S_IWGRP, QueueFileMode))
210 		oldumask = umask(002);
211 	df = bfopen(dfname, QueueFileMode, DataFileBufferSize,
212 		    SFF_OPENASROOT);
213 	if (bitset(S_IWGRP, QueueFileMode))
214 		(void) umask(oldumask);
215 	if (df == NULL)
216 	{
217 		syserr("@Cannot create %s", dfname);
218 		e->e_flags |= EF_NO_BODY_RETN;
219 		flush_errors(true);
220 		finis(false, true, ExitStat);
221 		/* NOTREACHED */
222 	}
223 	dfd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL);
224 	if (dfd < 0 || fstat(dfd, &stbuf) < 0)
225 		e->e_dfino = -1;
226 	else
227 	{
228 		e->e_dfdev = stbuf.st_dev;
229 		e->e_dfino = stbuf.st_ino;
230 	}
231 	e->e_flags |= EF_HAS_DF;
232 	return df;
233 }
234 
235 /*
236 **  COLLECT -- read & parse message header & make temp file.
237 **
238 **	Creates a temporary file name and copies the standard
239 **	input to that file.  Leading UNIX-style "From" lines are
240 **	stripped off (after important information is extracted).
241 **
242 **	Parameters:
243 **		fp -- file to read.
244 **		smtpmode -- if set, we are running SMTP: give an RFC821
245 **			style message to say we are ready to collect
246 **			input, and never ignore a single dot to mean
247 **			end of message.
248 **		hdrp -- the location to stash the header.
249 **		e -- the current envelope.
250 **		rsetsize -- reset e_msgsize?
251 **
252 **	Returns:
253 **		none.
254 **
255 **	Side Effects:
256 **		If successful,
257 **		- Data file is created and filled, and e->e_dfp is set.
258 **		- The from person may be set.
259 **		If the "enough disk space" check fails,
260 **		- syserr is called.
261 **		- e->e_dfp is NULL.
262 **		- e->e_flags & EF_FATALERRS is set.
263 **		- collect() returns.
264 **		If data file cannot be created, the process is terminated.
265 */
266 
267 /* values for input state machine */
268 #define IS_NORM		0	/* middle of line */
269 #define IS_BOL		1	/* beginning of line */
270 #define IS_DOT		2	/* read a dot at beginning of line */
271 #define IS_DOTCR	3	/* read ".\r" at beginning of line */
272 #define IS_CR		4	/* read a carriage return */
273 
274 /* values for message state machine */
275 #define MS_UFROM	0	/* reading Unix from line */
276 #define MS_HEADER	1	/* reading message header */
277 #define MS_BODY		2	/* reading message body */
278 #define MS_DISCARD	3	/* discarding rest of message */
279 
280 void
281 collect(fp, smtpmode, hdrp, e, rsetsize)
282 	SM_FILE_T *fp;
283 	bool smtpmode;
284 	HDR **hdrp;
285 	register ENVELOPE *e;
286 	bool rsetsize;
287 {
288 	register SM_FILE_T *df;
289 	bool ignrdot;
290 	int dbto;
291 	register char *bp;
292 	int c;
293 	bool inputerr;
294 	bool headeronly;
295 	char *buf;
296 	int buflen;
297 	int istate;
298 	int mstate;
299 	int hdrslen;
300 	int numhdrs;
301 	int afd;
302 	int old_rd_tmo;
303 	unsigned char *pbp;
304 	unsigned char peekbuf[8];
305 	char bufbuf[MAXLINE];
306 #if _FFR_REJECT_NUL_BYTE
307 	bool hasNUL;		/* has at least one NUL input byte */
308 #endif
309 
310 	df = NULL;
311 	ignrdot = smtpmode ? false : IgnrDot;
312 
313 	/* timeout for I/O functions is in milliseconds */
314 	dbto = smtpmode ? ((int) TimeOuts.to_datablock * 1000)
315 			: SM_TIME_FOREVER;
316 	sm_io_setinfo(fp, SM_IO_WHAT_TIMEOUT, &dbto);
317 	old_rd_tmo = set_tls_rd_tmo(TimeOuts.to_datablock);
318 	c = SM_IO_EOF;
319 	inputerr = false;
320 	headeronly = hdrp != NULL;
321 	hdrslen = 0;
322 	numhdrs = 0;
323 	HasEightBits = false;
324 #if _FFR_REJECT_NUL_BYTE
325 	hasNUL = false;
326 #endif
327 	buf = bp = bufbuf;
328 	buflen = sizeof(bufbuf);
329 	pbp = peekbuf;
330 	istate = IS_BOL;
331 	mstate = SaveFrom ? MS_HEADER : MS_UFROM;
332 
333 	/*
334 	**  Tell ARPANET to go ahead.
335 	*/
336 
337 	if (smtpmode)
338 		message("354 Enter mail, end with \".\" on a line by itself");
339 
340 	/* simulate an I/O timeout when used as sink */
341 	if (tTd(83, 101))
342 		sleep(319);
343 
344 	if (tTd(30, 2))
345 		sm_dprintf("collect\n");
346 
347 	/*
348 	**  Read the message.
349 	**
350 	**	This is done using two interleaved state machines.
351 	**	The input state machine is looking for things like
352 	**	hidden dots; the message state machine is handling
353 	**	the larger picture (e.g., header versus body).
354 	*/
355 
356 	if (rsetsize)
357 		e->e_msgsize = 0;
358 	for (;;)
359 	{
360 		if (tTd(30, 35))
361 			sm_dprintf("top, istate=%d, mstate=%d\n", istate,
362 				   mstate);
363 		for (;;)
364 		{
365 			if (pbp > peekbuf)
366 				c = *--pbp;
367 			else
368 			{
369 				while (!sm_io_eof(fp) && !sm_io_error(fp))
370 				{
371 					errno = 0;
372 					c = sm_io_getc(fp, SM_TIME_DEFAULT);
373 					if (c == SM_IO_EOF && errno == EINTR)
374 					{
375 						/* Interrupted, retry */
376 						sm_io_clearerr(fp);
377 						continue;
378 					}
379 
380 					/* timeout? */
381 					if (c == SM_IO_EOF && errno == EAGAIN
382 					    && smtpmode)
383 					{
384 						/*
385 						**  Override e_message in
386 						**  usrerr() as this is the
387 						**  reason for failure that
388 						**  should be logged for
389 						**  undelivered recipients.
390 						*/
391 
392 						e->e_message = NULL;
393 						errno = 0;
394 						inputerr = true;
395 						goto readabort;
396 					}
397 					break;
398 				}
399 				if (TrafficLogFile != NULL && !headeronly)
400 				{
401 					if (istate == IS_BOL)
402 						(void) sm_io_fprintf(TrafficLogFile,
403 							SM_TIME_DEFAULT,
404 							"%05d <<< ",
405 							(int) CurrentPid);
406 					if (c == SM_IO_EOF)
407 						(void) sm_io_fprintf(TrafficLogFile,
408 							SM_TIME_DEFAULT,
409 							"[EOF]\n");
410 					else
411 						(void) sm_io_putc(TrafficLogFile,
412 							SM_TIME_DEFAULT,
413 							c);
414 				}
415 #if _FFR_REJECT_NUL_BYTE
416 				if (c == '\0')
417 					hasNUL = true;
418 #endif
419 				if (c == SM_IO_EOF)
420 					goto readerr;
421 				if (SevenBitInput)
422 					c &= 0x7f;
423 				else
424 					HasEightBits |= bitset(0x80, c);
425 			}
426 			if (tTd(30, 94))
427 				sm_dprintf("istate=%d, c=%c (0x%x)\n",
428 					istate, (char) c, c);
429 			switch (istate)
430 			{
431 			  case IS_BOL:
432 				if (c == '.')
433 				{
434 					istate = IS_DOT;
435 					continue;
436 				}
437 				break;
438 
439 			  case IS_DOT:
440 				if (c == '\n' && !ignrdot)
441 					goto readerr;
442 				else if (c == '\r')
443 				{
444 					istate = IS_DOTCR;
445 					continue;
446 				}
447 				else if (ignrdot ||
448 					 (c != '.' &&
449 					  OpMode != MD_SMTP &&
450 					  OpMode != MD_DAEMON &&
451 					  OpMode != MD_ARPAFTP))
452 
453 				{
454 					SM_ASSERT(pbp < peekbuf +
455 							sizeof(peekbuf));
456 					*pbp++ = c;
457 					c = '.';
458 				}
459 				break;
460 
461 			  case IS_DOTCR:
462 				if (c == '\n' && !ignrdot)
463 					goto readerr;
464 				else
465 				{
466 					/* push back the ".\rx" */
467 					SM_ASSERT(pbp < peekbuf +
468 							sizeof(peekbuf));
469 					*pbp++ = c;
470 					if (OpMode != MD_SMTP &&
471 					    OpMode != MD_DAEMON &&
472 					    OpMode != MD_ARPAFTP)
473 					{
474 						SM_ASSERT(pbp < peekbuf +
475 							 sizeof(peekbuf));
476 						*pbp++ = '\r';
477 						c = '.';
478 					}
479 					else
480 						c = '\r';
481 				}
482 				break;
483 
484 			  case IS_CR:
485 				if (c == '\n')
486 					istate = IS_BOL;
487 				else
488 				{
489 					(void) sm_io_ungetc(fp, SM_TIME_DEFAULT,
490 							    c);
491 					c = '\r';
492 					istate = IS_NORM;
493 				}
494 				goto bufferchar;
495 			}
496 
497 			if (c == '\r')
498 			{
499 				istate = IS_CR;
500 				continue;
501 			}
502 			else if (c == '\n')
503 				istate = IS_BOL;
504 			else
505 				istate = IS_NORM;
506 
507 bufferchar:
508 			if (!headeronly)
509 			{
510 				/* no overflow? */
511 				if (e->e_msgsize >= 0)
512 				{
513 					e->e_msgsize++;
514 					if (MaxMessageSize > 0 &&
515 					    !bitset(EF_TOOBIG, e->e_flags) &&
516 					    e->e_msgsize > MaxMessageSize)
517 						 e->e_flags |= EF_TOOBIG;
518 				}
519 			}
520 			switch (mstate)
521 			{
522 			  case MS_BODY:
523 				/* just put the character out */
524 				if (!bitset(EF_TOOBIG, e->e_flags))
525 					(void) sm_io_putc(df, SM_TIME_DEFAULT,
526 							  c);
527 
528 				/* FALLTHROUGH */
529 
530 			  case MS_DISCARD:
531 				continue;
532 			}
533 
534 			SM_ASSERT(mstate == MS_UFROM || mstate == MS_HEADER);
535 
536 			/* header -- buffer up */
537 			if (bp >= &buf[buflen - 2])
538 			{
539 				char *obuf;
540 
541 				/* out of space for header */
542 				obuf = buf;
543 				if (buflen < MEMCHUNKSIZE)
544 					buflen *= 2;
545 				else
546 					buflen += MEMCHUNKSIZE;
547 				if (buflen <= 0)
548 				{
549 					sm_syslog(LOG_NOTICE, e->e_id,
550 						  "header overflow from %s during message collect",
551 						  CURHOSTNAME);
552 					errno = 0;
553 					e->e_flags |= EF_CLRQUEUE;
554 					e->e_status = "5.6.0";
555 					usrerrenh(e->e_status,
556 						  "552 Headers too large");
557 					goto discard;
558 				}
559 				buf = xalloc(buflen);
560 				memmove(buf, obuf, bp - obuf);
561 				bp = &buf[bp - obuf];
562 				if (obuf != bufbuf)
563 					sm_free(obuf);  /* XXX */
564 			}
565 
566 			if (c != '\0')
567 			{
568 				*bp++ = c;
569 				++hdrslen;
570 				if (!headeronly &&
571 				    MaxHeadersLength > 0 &&
572 				    hdrslen > MaxHeadersLength)
573 				{
574 					sm_syslog(LOG_NOTICE, e->e_id,
575 						  "headers too large (%d max) from %s during message collect",
576 						  MaxHeadersLength,
577 						  CURHOSTNAME);
578 					errno = 0;
579 					e->e_flags |= EF_CLRQUEUE;
580 					e->e_status = "5.6.0";
581 					usrerrenh(e->e_status,
582 						  "552 Headers too large (%d max)",
583 						  MaxHeadersLength);
584   discard:
585 					mstate = MS_DISCARD;
586 				}
587 			}
588 			if (istate == IS_BOL)
589 				break;
590 		}
591 		*bp = '\0';
592 
593 nextstate:
594 		if (tTd(30, 35))
595 			sm_dprintf("nextstate, istate=%d, mstate=%d, line=\"%s\"\n",
596 				istate, mstate, buf);
597 		switch (mstate)
598 		{
599 		  case MS_UFROM:
600 			mstate = MS_HEADER;
601 #ifndef NOTUNIX
602 			if (strncmp(buf, "From ", 5) == 0)
603 			{
604 				bp = buf;
605 				eatfrom(buf, e);
606 				continue;
607 			}
608 #endif /* ! NOTUNIX */
609 			/* FALLTHROUGH */
610 
611 		  case MS_HEADER:
612 			if (!isheader(buf))
613 			{
614 				mstate = MS_BODY;
615 				goto nextstate;
616 			}
617 
618 			/* check for possible continuation line */
619 			do
620 			{
621 				sm_io_clearerr(fp);
622 				errno = 0;
623 				c = sm_io_getc(fp, SM_TIME_DEFAULT);
624 
625 				/* timeout? */
626 				if (c == SM_IO_EOF && errno == EAGAIN
627 				    && smtpmode)
628 				{
629 					/*
630 					**  Override e_message in
631 					**  usrerr() as this is the
632 					**  reason for failure that
633 					**  should be logged for
634 					**  undelivered recipients.
635 					*/
636 
637 					e->e_message = NULL;
638 					errno = 0;
639 					inputerr = true;
640 					goto readabort;
641 				}
642 			} while (c == SM_IO_EOF && errno == EINTR);
643 			if (c != SM_IO_EOF)
644 				(void) sm_io_ungetc(fp, SM_TIME_DEFAULT, c);
645 			if (c == ' ' || c == '\t')
646 			{
647 				/* yep -- defer this */
648 				continue;
649 			}
650 
651 			SM_ASSERT(bp > buf);
652 
653 			/* guaranteed by isheader(buf) */
654 			SM_ASSERT(*(bp - 1) != '\n' || bp > buf + 1);
655 
656 			/* trim off trailing CRLF or NL */
657 			if (*--bp != '\n' || *--bp != '\r')
658 				bp++;
659 			*bp = '\0';
660 
661 			if (bitset(H_EOH, chompheader(buf,
662 						      CHHDR_CHECK | CHHDR_USER,
663 						      hdrp, e)))
664 			{
665 				mstate = MS_BODY;
666 				goto nextstate;
667 			}
668 			numhdrs++;
669 			break;
670 
671 		  case MS_BODY:
672 			if (tTd(30, 1))
673 				sm_dprintf("EOH\n");
674 
675 			if (headeronly)
676 				goto readerr;
677 
678 			df = collect_eoh(e, numhdrs, hdrslen);
679 			if (df == NULL)
680 				e->e_flags |= EF_TOOBIG;
681 
682 			bp = buf;
683 
684 			/* toss blank line */
685 			if ((bp[0] == '\r' && bp[1] == '\n') ||
686 			    (bp[0] == '\n'))
687 			{
688 				break;
689 			}
690 
691 			/* if not a blank separator, write it out */
692 			if (!bitset(EF_TOOBIG, e->e_flags))
693 			{
694 				while (*bp != '\0')
695 					(void) sm_io_putc(df, SM_TIME_DEFAULT,
696 							  *bp++);
697 			}
698 			break;
699 		}
700 		bp = buf;
701 	}
702 
703 readerr:
704 	if ((sm_io_eof(fp) && smtpmode) || sm_io_error(fp))
705 	{
706 		const char *errmsg;
707 
708 		if (sm_io_eof(fp))
709 			errmsg = "unexpected close";
710 		else
711 			errmsg = sm_errstring(errno);
712 		if (tTd(30, 1))
713 			sm_dprintf("collect: premature EOM: %s\n", errmsg);
714 		if (LogLevel > 1)
715 			sm_syslog(LOG_WARNING, e->e_id,
716 				"collect: premature EOM: %s", errmsg);
717 		inputerr = true;
718 	}
719 
720 	if (headeronly)
721 		goto end;
722 
723 	if (mstate != MS_BODY)
724 	{
725 		/* no body or discard, so we never opened the data file */
726 		SM_ASSERT(df == NULL);
727 		df = collect_eoh(e, numhdrs, hdrslen);
728 	}
729 
730 	if (df == NULL)
731 	{
732 		/* skip next few clauses */
733 		/* EMPTY */
734 	}
735 	else if (sm_io_flush(df, SM_TIME_DEFAULT) != 0 || sm_io_error(df))
736 	{
737 		dferror(df, "sm_io_flush||sm_io_error", e);
738 		flush_errors(true);
739 		finis(true, true, ExitStat);
740 		/* NOTREACHED */
741 	}
742 	else if (SuperSafe == SAFE_NO ||
743 		 SuperSafe == SAFE_INTERACTIVE ||
744 		 (SuperSafe == SAFE_REALLY_POSTMILTER && smtpmode))
745 	{
746 		/* skip next few clauses */
747 		/* EMPTY */
748 		/* Note: updfs() is not called in this case! */
749 	}
750 	else if (sm_io_setinfo(df, SM_BF_COMMIT, NULL) < 0 && errno != EINVAL)
751 	{
752 		int save_errno = errno;
753 
754 		if (save_errno == EEXIST)
755 		{
756 			char *dfile;
757 			struct stat st;
758 			int dfd;
759 
760 			dfile = queuename(e, DATAFL_LETTER);
761 			if (stat(dfile, &st) < 0)
762 				st.st_size = -1;
763 			errno = EEXIST;
764 			syserr("@collect: bfcommit(%s): already on disk, size=%ld",
765 			       dfile, (long) st.st_size);
766 			dfd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL);
767 			if (dfd >= 0)
768 				dumpfd(dfd, true, true);
769 		}
770 		errno = save_errno;
771 		dferror(df, "bfcommit", e);
772 		flush_errors(true);
773 		finis(save_errno != EEXIST, true, ExitStat);
774 	}
775 	else if ((afd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL)) < 0)
776 	{
777 		dferror(df, "sm_io_getinfo", e);
778 		flush_errors(true);
779 		finis(true, true, ExitStat);
780 		/* NOTREACHED */
781 	}
782 	else if (fsync(afd) < 0)
783 	{
784 		dferror(df, "fsync", e);
785 		flush_errors(true);
786 		finis(true, true, ExitStat);
787 		/* NOTREACHED */
788 	}
789 	else if (sm_io_close(df, SM_TIME_DEFAULT) < 0)
790 	{
791 		dferror(df, "sm_io_close", e);
792 		flush_errors(true);
793 		finis(true, true, ExitStat);
794 		/* NOTREACHED */
795 	}
796 	else
797 	{
798 		/* everything is happily flushed to disk */
799 		df = NULL;
800 
801 		/* remove from available space in filesystem */
802 		updfs(e, 0, 1, "collect");
803 	}
804 
805 	/* An EOF when running SMTP is an error */
806   readabort:
807 	if (inputerr && (OpMode == MD_SMTP || OpMode == MD_DAEMON))
808 	{
809 		char *host;
810 		char *problem;
811 		ADDRESS *q;
812 
813 		host = RealHostName;
814 		if (host == NULL)
815 			host = "localhost";
816 
817 		if (sm_io_eof(fp))
818 			problem = "unexpected close";
819 		else if (sm_io_error(fp))
820 			problem = "I/O error";
821 		else
822 			problem = "read timeout";
823 		if (LogLevel > 0 && sm_io_eof(fp))
824 			sm_syslog(LOG_NOTICE, e->e_id,
825 				"collect: %s on connection from %.100s, sender=%s",
826 				problem, host,
827 				shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
828 		if (sm_io_eof(fp))
829 			usrerr("421 4.4.1 collect: %s on connection from %s, from=%s",
830 				problem, host,
831 				shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
832 		else
833 			syserr("421 4.4.1 collect: %s on connection from %s, from=%s",
834 				problem, host,
835 				shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
836 		flush_errors(true);
837 
838 		/* don't return an error indication */
839 		e->e_to = NULL;
840 		e->e_flags &= ~EF_FATALERRS;
841 		e->e_flags |= EF_CLRQUEUE;
842 
843 		/* Don't send any message notification to sender */
844 		for (q = e->e_sendqueue; q != NULL; q = q->q_next)
845 		{
846 			if (QS_IS_DEAD(q->q_state))
847 				continue;
848 			q->q_state = QS_FATALERR;
849 		}
850 
851 		SM_CLOSE_FP(df);
852 		finis(true, true, ExitStat);
853 		/* NOTREACHED */
854 	}
855 
856 	/* Log collection information. */
857 	if (tTd(92, 2))
858 		sm_dprintf("collect: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n",
859 			e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel);
860 	if (bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4)
861 	{
862 		logsender(e, e->e_msgid);
863 		e->e_flags &= ~EF_LOGSENDER;
864 	}
865 
866 	/* check for message too large */
867 	if (bitset(EF_TOOBIG, e->e_flags))
868 	{
869 		e->e_flags |= EF_NO_BODY_RETN|EF_CLRQUEUE;
870 		if (!bitset(EF_FATALERRS, e->e_flags))
871 		{
872 			e->e_status = "5.2.3";
873 			usrerrenh(e->e_status,
874 				"552 Message exceeds maximum fixed size (%ld)",
875 				MaxMessageSize);
876 			if (LogLevel > 6)
877 				sm_syslog(LOG_NOTICE, e->e_id,
878 					"message size (%ld) exceeds maximum (%ld)",
879 					PRT_NONNEGL(e->e_msgsize),
880 					MaxMessageSize);
881 		}
882 	}
883 
884 	/* check for illegal 8-bit data */
885 	if (HasEightBits)
886 	{
887 		e->e_flags |= EF_HAS8BIT;
888 		if (!bitset(MM_PASS8BIT|MM_MIME8BIT, MimeMode) &&
889 		    !bitset(EF_IS_MIME, e->e_flags))
890 		{
891 			e->e_status = "5.6.1";
892 			usrerrenh(e->e_status, "554 Eight bit data not allowed");
893 		}
894 	}
895 	else
896 	{
897 		/* if it claimed to be 8 bits, well, it lied.... */
898 		if (e->e_bodytype != NULL &&
899 		    SM_STRCASEEQ(e->e_bodytype, "8bitmime"))
900 			e->e_bodytype = "7BIT";
901 	}
902 
903 #if _FFR_REJECT_NUL_BYTE
904 	if (hasNUL && RejectNUL)
905 	{
906 		e->e_status = "5.6.1";
907 		usrerrenh(e->e_status, "554 NUL byte not allowed");
908 	}
909 #endif /* _FFR_REJECT_NUL_BYTE */
910 
911 	if (SuperSafe == SAFE_REALLY && !bitset(EF_FATALERRS, e->e_flags))
912 	{
913 		char *dfname = queuename(e, DATAFL_LETTER);
914 		if ((e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, dfname,
915 					   SM_IO_RDONLY_B, NULL)) == NULL)
916 		{
917 			/* we haven't acked receipt yet, so just chuck this */
918 			syserr("@Cannot reopen %s", dfname);
919 			finis(true, true, ExitStat);
920 			/* NOTREACHED */
921 		}
922 	}
923 	else
924 		e->e_dfp = df;
925 
926 	/* collect statistics */
927 	if (OpMode != MD_VERIFY)
928 	{
929 		/*
930 		**  Recalculate e_msgpriority, it is done at in eatheader()
931 		**  which is called (in 8.12) after the header is collected,
932 		**  hence e_msgsize is (most likely) incorrect.
933 		*/
934 
935 		e->e_msgpriority = e->e_msgsize
936 				 - e->e_class * WkClassFact
937 				 + e->e_nrcpts * WkRecipFact;
938 		markstats(e, (ADDRESS *) NULL, STATS_NORMAL);
939 	}
940 
941   end:
942 	(void) set_tls_rd_tmo(old_rd_tmo);
943 	if (buf != bufbuf)
944 		SM_FREE(buf);
945 }
946 
947 /*
948 **  DFERROR -- signal error on writing the data file.
949 **
950 **	Called by collect().  Collect() always terminates the process
951 **	immediately after calling dferror(), which means that the SMTP
952 **	session will be terminated, which means that any error message
953 **	issued by dferror must be a 421 error, as per RFC 821.
954 **
955 **	Parameters:
956 **		df -- the file pointer for the data file.
957 **		msg -- detailed message.
958 **		e -- the current envelope.
959 **
960 **	Returns:
961 **		none.
962 **
963 **	Side Effects:
964 **		Gives an error message.
965 **		Arranges for following output to go elsewhere.
966 */
967 
968 void
969 dferror(df, msg, e)
970 	SM_FILE_T *volatile df;
971 	char *msg;
972 	register ENVELOPE *e;
973 {
974 	char *dfname;
975 
976 	dfname = queuename(e, DATAFL_LETTER);
977 	setstat(EX_IOERR);
978 	if (errno == ENOSPC)
979 	{
980 #if STAT64 > 0
981 		struct stat64 st;
982 #else
983 		struct stat st;
984 #endif
985 		long avail;
986 		long bsize;
987 
988 		e->e_flags |= EF_NO_BODY_RETN;
989 
990 		if (
991 #if STAT64 > 0
992 		    fstat64(sm_io_getinfo(df, SM_IO_WHAT_FD, NULL), &st)
993 #else
994 		    fstat(sm_io_getinfo(df, SM_IO_WHAT_FD, NULL), &st)
995 #endif
996 		    < 0)
997 		  st.st_size = 0;
998 		(void) sm_io_reopen(SmFtStdio, SM_TIME_DEFAULT, dfname,
999 				    SM_IO_WRONLY_B, NULL, df);
1000 		if (st.st_size <= 0)
1001 			(void) sm_io_fprintf(df, SM_TIME_DEFAULT,
1002 				"\n*** Mail could not be accepted");
1003 		else
1004 			(void) sm_io_fprintf(df, SM_TIME_DEFAULT,
1005 				"\n*** Mail of at least %llu bytes could not be accepted\n",
1006 				(ULONGLONG_T) st.st_size);
1007 		(void) sm_io_fprintf(df, SM_TIME_DEFAULT,
1008 			"*** at %s due to lack of disk space for temp file.\n",
1009 			MyHostName);
1010 		avail = freediskspace(qid_printqueue(e->e_qgrp, e->e_qdir),
1011 				      &bsize);
1012 		if (avail > 0)
1013 		{
1014 			if (bsize > 1024)
1015 				avail *= bsize / 1024;
1016 			else if (bsize < 1024)
1017 				avail /= 1024 / bsize;
1018 			(void) sm_io_fprintf(df, SM_TIME_DEFAULT,
1019 				"*** Currently, %ld kilobytes are available for mail temp files.\n",
1020 				avail);
1021 		}
1022 #if 0
1023 		/* Wrong response code; should be 421. */
1024 		e->e_status = "4.3.1";
1025 		usrerrenh(e->e_status, "452 Out of disk space for temp file");
1026 #else /* 0 */
1027 		syserr("421 4.3.1 Out of disk space for temp file");
1028 #endif /* 0 */
1029 	}
1030 	else
1031 		syserr("421 4.3.0 collect: Cannot write %s (%s, uid=%ld, gid=%ld)",
1032 			dfname, msg, (long) geteuid(), (long) getegid());
1033 	if (sm_io_reopen(SmFtStdio, SM_TIME_DEFAULT, SM_PATH_DEVNULL,
1034 			 SM_IO_WRONLY, NULL, df) == NULL)
1035 		sm_syslog(LOG_ERR, e->e_id,
1036 			  "dferror: sm_io_reopen(\"/dev/null\") failed: %s",
1037 			  sm_errstring(errno));
1038 }
1039 /*
1040 **  EATFROM -- chew up a UNIX style from line and process
1041 **
1042 **	This does indeed make some assumptions about the format
1043 **	of UNIX messages.
1044 **
1045 **	Parameters:
1046 **		fm -- the from line.
1047 **		e -- envelope
1048 **
1049 **	Returns:
1050 **		none.
1051 **
1052 **	Side Effects:
1053 **		extracts what information it can from the header,
1054 **		such as the date.
1055 */
1056 
1057 #ifndef NOTUNIX
1058 
1059 static char	*DowList[] =
1060 {
1061 	"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", NULL
1062 };
1063 
1064 static char	*MonthList[] =
1065 {
1066 	"Jan", "Feb", "Mar", "Apr", "May", "Jun",
1067 	"Jul", "Aug", "Sep", "Oct", "Nov", "Dec",
1068 	NULL
1069 };
1070 
1071 static void
1072 eatfrom(fm, e)
1073 	char *volatile fm;
1074 	register ENVELOPE *e;
1075 {
1076 	register char *p;
1077 	register char **dt;
1078 
1079 	if (tTd(30, 2))
1080 		sm_dprintf("eatfrom(%s)\n", fm);
1081 
1082 	/* find the date part */
1083 	p = fm;
1084 	while (*p != '\0')
1085 	{
1086 		/* skip a word */
1087 		while (*p != '\0' && *p != ' ')
1088 			p++;
1089 		while (*p == ' ')
1090 			p++;
1091 		if (strlen(p) < 17)
1092 		{
1093 			/* no room for the date */
1094 			return;
1095 		}
1096 		if (!(isascii(*p) && isupper(*p)) ||
1097 		    p[3] != ' ' || p[13] != ':' || p[16] != ':')
1098 			continue;
1099 
1100 		/* we have a possible date */
1101 		for (dt = DowList; *dt != NULL; dt++)
1102 			if (strncmp(*dt, p, 3) == 0)
1103 				break;
1104 		if (*dt == NULL)
1105 			continue;
1106 
1107 		for (dt = MonthList; *dt != NULL; dt++)
1108 		{
1109 			if (strncmp(*dt, &p[4], 3) == 0)
1110 				break;
1111 		}
1112 		if (*dt != NULL)
1113 			break;
1114 	}
1115 
1116 	if (*p != '\0')
1117 	{
1118 		char *q, buf[25];
1119 
1120 		/* we have found a date */
1121 		(void) sm_strlcpy(buf, p, sizeof(buf));
1122 		q = arpadate(buf);
1123 		macdefine(&e->e_macro, A_TEMP, 'a', q);
1124 	}
1125 }
1126 #endif /* ! NOTUNIX */
1127