1 /* 2 * Copyright (c) 1998-2010, 2012, 2020-2023 Proofpoint, Inc. and its suppliers. 3 * All rights reserved. 4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. 5 * Copyright (c) 1988, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * By using this file, you agree to the terms and conditions set 9 * forth in the LICENSE file which can be found at the top level of 10 * the sendmail distribution. 11 * 12 */ 13 14 #include <sendmail.h> 15 #include <sm/time.h> 16 17 SM_RCSID("@(#)$Id: deliver.c,v 8.1030 2013-11-22 20:51:55 ca Exp $") 18 19 #include <sm/sendmail.h> 20 21 #if HASSETUSERCONTEXT 22 # include <login_cap.h> 23 #endif 24 25 #if NETINET || NETINET6 26 # include <arpa/inet.h> 27 #endif 28 29 #if STARTTLS || SASL 30 # include "sfsasl.h" 31 # include "tls.h" 32 #endif 33 34 #if !_FFR_DMTRIGGER 35 static int deliver __P((ENVELOPE *, ADDRESS *)); 36 #endif 37 static void dup_queue_file __P((ENVELOPE *, ENVELOPE *, int)); 38 static void mailfiletimeout __P((int)); 39 static void endwaittimeout __P((int)); 40 static int parse_hostsignature __P((char *, char **, MAILER * 41 #if DANE 42 , BITMAP256 43 #endif 44 )); 45 static void sendenvelope __P((ENVELOPE *, int)); 46 static int coloncmp __P((const char *, const char *)); 47 48 49 #if STARTTLS 50 # include <openssl/err.h> 51 # if DANE 52 static int starttls __P((MAILER *, MCI *, ENVELOPE *, bool, dane_vrfy_ctx_P)); 53 54 # define MXADS_ISSET(mxads, i) (0 != bitnset(bitidx(i), mxads)) 55 # define MXADS_SET(mxads, i) setbitn(bitidx(i), mxads) 56 57 /* use "marks" in hostsignature for "had ad"? (WIP) */ 58 # ifndef HSMARKS 59 # define HSMARKS 1 60 # endif 61 # if HSMARKS 62 # define HSM_AD '+' /* mark for hostsignature: ad flag */ 63 # define DANE_SEC(dane) (DANE_SECURE == DANEMODE((dane))) 64 # endif 65 # else /* DANE */ 66 static int starttls __P((MAILER *, MCI *, ENVELOPE *, bool)); 67 # define MXADS_ISSET(mxads, i) 0 68 # endif /* DANE */ 69 static int endtlsclt __P((MCI *)); 70 #endif /* STARTTLS */ 71 #if STARTTLS || SASL 72 static bool iscltflgset __P((ENVELOPE *, int)); 73 #endif 74 75 #define SEP_MXHOSTS(endp, sep) \ 76 if (endp != NULL) \ 77 { \ 78 sep = *endp; \ 79 *endp = '\0'; \ 80 } 81 82 #if NETINET6 83 # define FIX_MXHOSTS(hp, endp, sep) \ 84 do { \ 85 if (*hp == '[') \ 86 { \ 87 endp = strchr(hp + 1, ']'); \ 88 if (endp != NULL) \ 89 endp = strpbrk(endp + 1, ":,"); \ 90 } \ 91 else \ 92 endp = strpbrk(hp, ":,"); \ 93 SEP_MXHOSTS(endp, sep); \ 94 } while (0) 95 #else /* NETINET6 */ 96 # define FIX_MXHOSTS(hp, endp, sep) \ 97 do { \ 98 endp = strpbrk(hp, ":,"); \ 99 SEP_MXHOSTS(endp, sep); \ 100 } while (0) 101 #endif /* NETINET6 */ 102 103 #if _FFR_OCC 104 # include <ratectrl.h> 105 #endif 106 107 #define ESCNULLMXRCPT "5.1.10" 108 #define ERRNULLMX "556 Host does not accept mail: MX 0 ." 109 110 #if _FFR_LOG_FAILOVER 111 /* 112 ** These are not very useful to show the protocol stage, 113 ** but it's better than nothing right now. 114 ** XXX the actual values must be 0..N, otherwise a lookup 115 ** table must be used! 116 */ 117 118 static char *mcis[] = 119 { 120 "CLOSED", 121 "GREET", 122 "OPEN", 123 "MAIL", 124 "RCPT", 125 "DATA", 126 "QUITING", 127 "SSD", 128 "ERROR", 129 NULL 130 }; 131 #endif /* _FFR_LOG_FAILOVER */ 132 133 #if _FFR_LOG_STAGE 134 static char *xs_states[] = 135 { 136 "none", 137 "STARTTLS", 138 "AUTH", 139 "GREET", 140 "EHLO", 141 "MAIL", 142 "RCPT", 143 "DATA", 144 "EOM", 145 "DATA2", 146 "QUIT", 147 NULL 148 }; 149 #endif /* _FFR_LOG_STAGE */ 150 151 /* 152 ** SENDALL -- actually send all the messages. 153 ** 154 ** Parameters: 155 ** e -- the envelope to send. 156 ** mode -- the delivery mode to use. If SM_DEFAULT, use 157 ** the current e->e_sendmode. 158 ** 159 ** Returns: 160 ** none. 161 ** 162 ** Side Effects: 163 ** Scans the send lists and sends everything it finds. 164 ** Delivers any appropriate error messages. 165 ** If we are running in a non-interactive mode, takes the 166 ** appropriate action. 167 */ 168 169 void 170 sendall(e, mode) 171 ENVELOPE *e; 172 int mode; 173 { 174 register ADDRESS *q; 175 char *owner; 176 int otherowners; 177 int save_errno; 178 register ENVELOPE *ee; 179 ENVELOPE *splitenv = NULL; 180 int oldverbose = Verbose; 181 bool somedeliveries = false, expensive = false; 182 pid_t pid; 183 184 /* 185 ** If this message is to be discarded, don't bother sending 186 ** the message at all. 187 */ 188 189 if (bitset(EF_DISCARD, e->e_flags)) 190 { 191 if (tTd(13, 1)) 192 sm_dprintf("sendall: discarding id %s\n", e->e_id); 193 e->e_flags |= EF_CLRQUEUE; 194 if (LogLevel > 9) 195 logundelrcpts(e, "discarded", 9, true); 196 else if (LogLevel > 4) 197 sm_syslog(LOG_INFO, e->e_id, "discarded"); 198 markstats(e, NULL, STATS_REJECT); 199 return; 200 } 201 202 /* 203 ** If we have had global, fatal errors, don't bother sending 204 ** the message at all if we are in SMTP mode. Local errors 205 ** (e.g., a single address failing) will still cause the other 206 ** addresses to be sent. 207 */ 208 209 if (bitset(EF_FATALERRS, e->e_flags) && 210 (OpMode == MD_SMTP || OpMode == MD_DAEMON)) 211 { 212 e->e_flags |= EF_CLRQUEUE; 213 return; 214 } 215 216 /* determine actual delivery mode */ 217 if (mode == SM_DEFAULT) 218 { 219 mode = e->e_sendmode; 220 if (mode != SM_VERIFY && mode != SM_DEFER && 221 shouldqueue(e->e_msgpriority, e->e_ctime)) 222 mode = SM_QUEUE; 223 } 224 225 if (tTd(13, 1)) 226 { 227 sm_dprintf("\n===== SENDALL: mode %c, id %s, e_from ", 228 mode, e->e_id); 229 printaddr(sm_debug_file(), &e->e_from, false); 230 sm_dprintf("\te_flags = "); 231 printenvflags(e); 232 sm_dprintf("sendqueue:\n"); 233 printaddr(sm_debug_file(), e->e_sendqueue, true); 234 } 235 236 /* 237 ** Do any preprocessing necessary for the mode we are running. 238 ** Check to make sure the hop count is reasonable. 239 ** Delete sends to the sender in mailing lists. 240 */ 241 242 CurEnv = e; 243 if (tTd(62, 1)) 244 checkfds(NULL); 245 246 if (e->e_hopcount > MaxHopCount) 247 { 248 char *recip; 249 250 if (e->e_sendqueue != NULL && 251 e->e_sendqueue->q_paddr != NULL) 252 recip = e->e_sendqueue->q_paddr; 253 else 254 recip = "(nobody)"; 255 256 errno = 0; 257 queueup(e, WILL_BE_QUEUED(mode) ? QUP_FL_ANNOUNCE : QUP_FL_NONE); 258 e->e_flags |= EF_FATALERRS|EF_PM_NOTIFY|EF_CLRQUEUE; 259 ExitStat = EX_UNAVAILABLE; 260 syserr("554 5.4.6 Too many hops %d (%d max): from %s via %s, to %s", 261 e->e_hopcount, MaxHopCount, e->e_from.q_paddr, 262 RealHostName == NULL ? "localhost" : RealHostName, 263 recip); 264 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 265 { 266 if (QS_IS_DEAD(q->q_state)) 267 continue; 268 q->q_state = QS_BADADDR; 269 q->q_status = "5.4.6"; 270 q->q_rstatus = "554 5.4.6 Too many hops"; 271 } 272 return; 273 } 274 275 /* 276 ** Do sender deletion. 277 ** 278 ** If the sender should be queued up, skip this. 279 ** This can happen if the name server is hosed when you 280 ** are trying to send mail. The result is that the sender 281 ** is instantiated in the queue as a recipient. 282 */ 283 284 if (!bitset(EF_METOO, e->e_flags) && 285 !QS_IS_QUEUEUP(e->e_from.q_state)) 286 { 287 if (tTd(13, 5)) 288 { 289 sm_dprintf("sendall: QS_SENDER "); 290 printaddr(sm_debug_file(), &e->e_from, false); 291 } 292 e->e_from.q_state = QS_SENDER; 293 (void) recipient(&e->e_from, &e->e_sendqueue, 0, e); 294 } 295 296 /* 297 ** Handle alias owners. 298 ** 299 ** We scan up the q_alias chain looking for owners. 300 ** We discard owners that are the same as the return path. 301 */ 302 303 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 304 { 305 register struct address *a; 306 307 for (a = q; a != NULL && a->q_owner == NULL; a = a->q_alias) 308 continue; 309 if (a != NULL) 310 q->q_owner = a->q_owner; 311 312 if (q->q_owner != NULL && 313 !QS_IS_DEAD(q->q_state) && 314 strcmp(q->q_owner, e->e_from.q_paddr) == 0) 315 q->q_owner = NULL; 316 } 317 318 if (tTd(13, 25)) 319 { 320 sm_dprintf("\nAfter first owner pass, sendq =\n"); 321 printaddr(sm_debug_file(), e->e_sendqueue, true); 322 } 323 324 owner = ""; 325 otherowners = 1; 326 while (owner != NULL && otherowners > 0) 327 { 328 if (tTd(13, 28)) 329 sm_dprintf("owner = \"%s\", otherowners = %d\n", 330 owner, otherowners); 331 owner = NULL; 332 otherowners = bitset(EF_SENDRECEIPT, e->e_flags) ? 1 : 0; 333 334 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 335 { 336 if (tTd(13, 30)) 337 { 338 sm_dprintf("Checking "); 339 printaddr(sm_debug_file(), q, false); 340 } 341 if (QS_IS_DEAD(q->q_state)) 342 { 343 if (tTd(13, 30)) 344 sm_dprintf(" ... QS_IS_DEAD\n"); 345 continue; 346 } 347 if (tTd(13, 29) && !tTd(13, 30)) 348 { 349 sm_dprintf("Checking "); 350 printaddr(sm_debug_file(), q, false); 351 } 352 353 if (q->q_owner != NULL) 354 { 355 if (owner == NULL) 356 { 357 if (tTd(13, 40)) 358 sm_dprintf(" ... First owner = \"%s\"\n", 359 q->q_owner); 360 owner = q->q_owner; 361 } 362 else if (owner != q->q_owner) 363 { 364 if (strcmp(owner, q->q_owner) == 0) 365 { 366 if (tTd(13, 40)) 367 sm_dprintf(" ... Same owner = \"%s\"\n", 368 owner); 369 370 /* make future comparisons cheap */ 371 q->q_owner = owner; 372 } 373 else 374 { 375 if (tTd(13, 40)) 376 sm_dprintf(" ... Another owner \"%s\"\n", 377 q->q_owner); 378 otherowners++; 379 } 380 owner = q->q_owner; 381 } 382 else if (tTd(13, 40)) 383 sm_dprintf(" ... Same owner = \"%s\"\n", 384 owner); 385 } 386 else 387 { 388 if (tTd(13, 40)) 389 sm_dprintf(" ... Null owner\n"); 390 otherowners++; 391 } 392 393 if (QS_IS_BADADDR(q->q_state)) 394 { 395 if (tTd(13, 30)) 396 sm_dprintf(" ... QS_IS_BADADDR\n"); 397 continue; 398 } 399 400 if (QS_IS_QUEUEUP(q->q_state)) 401 { 402 MAILER *m = q->q_mailer; 403 404 /* 405 ** If we have temporary address failures 406 ** (e.g., dns failure) and a fallback MX is 407 ** set, send directly to the fallback MX host. 408 */ 409 410 if (FallbackMX != NULL && 411 !wordinclass(FallbackMX, 'w') && 412 mode != SM_VERIFY && 413 !bitnset(M_NOMX, m->m_flags) && 414 strcmp(m->m_mailer, "[IPC]") == 0 && 415 m->m_argv[0] != NULL && 416 strcmp(m->m_argv[0], "TCP") == 0) 417 { 418 int len; 419 char *p; 420 421 if (tTd(13, 30)) 422 sm_dprintf(" ... FallbackMX\n"); 423 424 len = strlen(FallbackMX) + 1; 425 p = sm_rpool_malloc_x(e->e_rpool, len); 426 (void) sm_strlcpy(p, FallbackMX, len); 427 q->q_state = QS_OK; 428 q->q_host = p; 429 } 430 else 431 { 432 if (tTd(13, 30)) 433 sm_dprintf(" ... QS_IS_QUEUEUP\n"); 434 continue; 435 } 436 } 437 438 /* 439 ** If this mailer is expensive, and if we don't 440 ** want to make connections now, just mark these 441 ** addresses and return. This is useful if we 442 ** want to batch connections to reduce load. This 443 ** will cause the messages to be queued up, and a 444 ** daemon will come along to send the messages later. 445 */ 446 447 if (NoConnect && !Verbose && 448 bitnset(M_EXPENSIVE, q->q_mailer->m_flags)) 449 { 450 if (tTd(13, 30)) 451 sm_dprintf(" ... expensive\n"); 452 q->q_state = QS_QUEUEUP; 453 expensive = true; 454 } 455 else if (bitnset(M_HOLD, q->q_mailer->m_flags) && 456 QueueLimitId == NULL && 457 QueueLimitSender == NULL && 458 QueueLimitRecipient == NULL) 459 { 460 if (tTd(13, 30)) 461 sm_dprintf(" ... hold\n"); 462 q->q_state = QS_QUEUEUP; 463 expensive = true; 464 } 465 else if (QueueMode != QM_QUARANTINE && 466 e->e_quarmsg != NULL) 467 { 468 if (tTd(13, 30)) 469 sm_dprintf(" ... quarantine: %s\n", 470 e->e_quarmsg); 471 q->q_state = QS_QUEUEUP; 472 expensive = true; 473 } 474 else 475 { 476 if (tTd(13, 30)) 477 sm_dprintf(" ... deliverable\n"); 478 somedeliveries = true; 479 } 480 } 481 482 if (owner != NULL && otherowners > 0) 483 { 484 /* 485 ** Split this envelope into two. 486 */ 487 488 ee = (ENVELOPE *) sm_rpool_malloc_x(e->e_rpool, 489 sizeof(*ee)); 490 STRUCTCOPY(*e, *ee); 491 ee->e_message = NULL; 492 ee->e_id = NULL; 493 assign_queueid(ee); 494 495 if (tTd(13, 1)) 496 sm_dprintf("sendall: split %s into %s, owner = \"%s\", otherowners = %d\n", 497 e->e_id, ee->e_id, owner, 498 otherowners); 499 500 ee->e_header = copyheader(e->e_header, ee->e_rpool); 501 ee->e_sendqueue = copyqueue(e->e_sendqueue, 502 ee->e_rpool); 503 ee->e_errorqueue = copyqueue(e->e_errorqueue, 504 ee->e_rpool); 505 ee->e_flags = e->e_flags & ~(EF_INQUEUE|EF_CLRQUEUE|EF_FATALERRS|EF_SENDRECEIPT|EF_RET_PARAM); 506 ee->e_flags |= EF_NORECEIPT; 507 setsender(owner, ee, NULL, '\0', true); 508 if (tTd(13, 5)) 509 { 510 sm_dprintf("sendall(split): QS_SENDER "); 511 printaddr(sm_debug_file(), &ee->e_from, false); 512 } 513 ee->e_from.q_state = QS_SENDER; 514 ee->e_dfp = NULL; 515 ee->e_lockfp = NULL; 516 ee->e_xfp = NULL; 517 ee->e_qgrp = e->e_qgrp; 518 ee->e_qdir = e->e_qdir; 519 ee->e_errormode = EM_MAIL; 520 ee->e_sibling = splitenv; 521 ee->e_statmsg = NULL; 522 if (e->e_quarmsg != NULL) 523 ee->e_quarmsg = sm_rpool_strdup_x(ee->e_rpool, 524 e->e_quarmsg); 525 splitenv = ee; 526 527 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 528 { 529 if (q->q_owner == owner) 530 { 531 q->q_state = QS_CLONED; 532 if (tTd(13, 6)) 533 sm_dprintf("\t... stripping %s from original envelope\n", 534 q->q_paddr); 535 } 536 } 537 for (q = ee->e_sendqueue; q != NULL; q = q->q_next) 538 { 539 if (q->q_owner != owner) 540 { 541 q->q_state = QS_CLONED; 542 if (tTd(13, 6)) 543 sm_dprintf("\t... dropping %s from cloned envelope\n", 544 q->q_paddr); 545 } 546 else 547 { 548 /* clear DSN parameters */ 549 q->q_flags &= ~(QHASNOTIFY|Q_PINGFLAGS); 550 q->q_flags |= DefaultNotify & ~QPINGONSUCCESS; 551 if (tTd(13, 6)) 552 sm_dprintf("\t... moving %s to cloned envelope\n", 553 q->q_paddr); 554 } 555 } 556 557 if (mode != SM_VERIFY && bitset(EF_HAS_DF, e->e_flags)) 558 dup_queue_file(e, ee, DATAFL_LETTER); 559 560 /* 561 ** Give the split envelope access to the parent 562 ** transcript file for errors obtained while 563 ** processing the recipients (done before the 564 ** envelope splitting). 565 */ 566 567 if (e->e_xfp != NULL) 568 ee->e_xfp = sm_io_dup(e->e_xfp); 569 570 /* failed to dup e->e_xfp, start a new transcript */ 571 if (ee->e_xfp == NULL) 572 openxscript(ee); 573 574 if (mode != SM_VERIFY && LogLevel > 4) 575 sm_syslog(LOG_INFO, e->e_id, 576 "%s: clone: owner=%s", 577 ee->e_id, owner); 578 } 579 } 580 581 if (owner != NULL) 582 { 583 setsender(owner, e, NULL, '\0', true); 584 if (tTd(13, 5)) 585 { 586 sm_dprintf("sendall(owner): QS_SENDER "); 587 printaddr(sm_debug_file(), &e->e_from, false); 588 } 589 e->e_from.q_state = QS_SENDER; 590 e->e_errormode = EM_MAIL; 591 e->e_flags |= EF_NORECEIPT; 592 e->e_flags &= ~EF_FATALERRS; 593 } 594 595 /* if nothing to be delivered, just queue up everything */ 596 if (!somedeliveries && !WILL_BE_QUEUED(mode) && 597 mode != SM_VERIFY) 598 { 599 time_t now; 600 601 if (tTd(13, 29)) 602 sm_dprintf("No deliveries: auto-queueing\n"); 603 mode = SM_QUEUE; 604 now = curtime(); 605 606 /* treat this as a delivery in terms of counting tries */ 607 e->e_dtime = now; 608 if (!expensive) 609 e->e_ntries++; 610 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 611 { 612 ee->e_dtime = now; 613 if (!expensive) 614 ee->e_ntries++; 615 } 616 } 617 618 if ((WILL_BE_QUEUED(mode) || mode == SM_FORK || 619 (mode != SM_VERIFY && 620 (SuperSafe == SAFE_REALLY || 621 SuperSafe == SAFE_REALLY_POSTMILTER))) && 622 (!bitset(EF_INQUEUE, e->e_flags) || splitenv != NULL)) 623 { 624 unsigned int qup_flags; 625 626 /* 627 ** Be sure everything is instantiated in the queue. 628 ** Split envelopes first in case the machine crashes. 629 ** If the original were done first, we may lose 630 ** recipients. 631 */ 632 633 if (WILL_BE_QUEUED(mode)) 634 qup_flags = QUP_FL_ANNOUNCE; 635 else 636 qup_flags = QUP_FL_NONE; 637 #if HASFLOCK 638 if (mode == SM_FORK) 639 qup_flags |= QUP_FL_MSYNC; 640 #endif 641 642 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 643 queueup(ee, qup_flags); 644 queueup(e, qup_flags); 645 } 646 647 if (tTd(62, 10)) 648 checkfds("after envelope splitting"); 649 650 /* 651 ** If we belong in background, fork now. 652 */ 653 654 if (tTd(13, 20)) 655 { 656 sm_dprintf("sendall: final mode = %c\n", mode); 657 if (tTd(13, 21)) 658 { 659 sm_dprintf("\n================ Final Send Queue(s) =====================\n"); 660 sm_dprintf("\n *** Envelope %s, e_from=%s ***\n", 661 e->e_id, e->e_from.q_paddr); 662 printaddr(sm_debug_file(), e->e_sendqueue, true); 663 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 664 { 665 sm_dprintf("\n *** Envelope %s, e_from=%s ***\n", 666 ee->e_id, ee->e_from.q_paddr); 667 printaddr(sm_debug_file(), ee->e_sendqueue, true); 668 } 669 sm_dprintf("==========================================================\n\n"); 670 } 671 } 672 switch (mode) 673 { 674 case SM_VERIFY: 675 Verbose = 2; 676 break; 677 678 case SM_QUEUE: 679 case SM_DEFER: 680 #if HASFLOCK 681 queueonly: 682 #endif 683 if (e->e_nrcpts > 0) 684 e->e_flags |= EF_INQUEUE; 685 (void) dropenvelope(e, splitenv != NULL, true); 686 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 687 { 688 if (ee->e_nrcpts > 0) 689 ee->e_flags |= EF_INQUEUE; 690 (void) dropenvelope(ee, false, true); 691 } 692 return; 693 694 case SM_FORK: 695 if (e->e_xfp != NULL) 696 (void) sm_io_flush(e->e_xfp, SM_TIME_DEFAULT); 697 698 #if !HASFLOCK 699 /* 700 ** Since fcntl locking has the interesting semantic that 701 ** the lock is owned by a process, not by an open file 702 ** descriptor, we have to flush this to the queue, and 703 ** then restart from scratch in the child. 704 */ 705 706 { 707 /* save id for future use */ 708 char *qid = e->e_id; 709 710 /* now drop the envelope in the parent */ 711 e->e_flags |= EF_INQUEUE; 712 (void) dropenvelope(e, splitenv != NULL, false); 713 714 /* arrange to reacquire lock after fork */ 715 e->e_id = qid; 716 } 717 718 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 719 { 720 /* save id for future use */ 721 char *qid = ee->e_id; 722 723 /* drop envelope in parent */ 724 ee->e_flags |= EF_INQUEUE; 725 (void) dropenvelope(ee, false, false); 726 727 /* and save qid for reacquisition */ 728 ee->e_id = qid; 729 } 730 731 #endif /* !HASFLOCK */ 732 733 /* 734 ** Since the delivery may happen in a child and the parent 735 ** does not wait, the parent may close the maps thereby 736 ** removing any shared memory used by the map. Therefore, 737 ** close the maps now so the child will dynamically open 738 ** them if necessary. 739 */ 740 741 closemaps(false); 742 743 pid = fork(); 744 if (pid < 0) 745 { 746 syserr("deliver: fork 1"); 747 #if HASFLOCK 748 goto queueonly; 749 #else /* HASFLOCK */ 750 e->e_id = NULL; 751 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 752 ee->e_id = NULL; 753 return; 754 #endif /* HASFLOCK */ 755 } 756 else if (pid > 0) 757 { 758 #if HASFLOCK 759 /* be sure we leave the temp files to our child */ 760 /* close any random open files in the envelope */ 761 closexscript(e); 762 SM_CLOSE_FP(e->e_dfp); 763 e->e_flags &= ~EF_HAS_DF; 764 765 /* can't call unlockqueue to avoid unlink of xfp */ 766 if (e->e_lockfp != NULL) 767 (void) sm_io_close(e->e_lockfp, SM_TIME_DEFAULT); 768 else 769 syserr("%s: sendall: null lockfp", e->e_id); 770 e->e_lockfp = NULL; 771 #endif /* HASFLOCK */ 772 773 /* make sure the parent doesn't own the envelope */ 774 e->e_id = NULL; 775 776 #if USE_DOUBLE_FORK 777 /* catch intermediate zombie */ 778 (void) waitfor(pid); 779 #endif 780 return; 781 } 782 783 /* Reset global flags */ 784 RestartRequest = NULL; 785 RestartWorkGroup = false; 786 ShutdownRequest = NULL; 787 PendingSignal = 0; 788 789 /* 790 ** Initialize exception stack and default exception 791 ** handler for child process. 792 */ 793 794 sm_exc_newthread(fatal_error); 795 796 /* 797 ** Since we have accepted responsbility for the message, 798 ** change the SIGTERM handler. intsig() (the old handler) 799 ** would remove the envelope if this was a command line 800 ** message submission. 801 */ 802 803 (void) sm_signal(SIGTERM, SIG_DFL); 804 805 #if USE_DOUBLE_FORK 806 /* double fork to avoid zombies */ 807 pid = fork(); 808 if (pid > 0) 809 exit(EX_OK); 810 save_errno = errno; 811 #endif /* USE_DOUBLE_FORK */ 812 813 CurrentPid = getpid(); 814 815 /* be sure we are immune from the terminal */ 816 disconnect(2, e); 817 clearstats(); 818 819 /* prevent parent from waiting if there was an error */ 820 if (pid < 0) 821 { 822 errno = save_errno; 823 syserr("deliver: fork 2"); 824 #if HASFLOCK 825 e->e_flags |= EF_INQUEUE; 826 #else 827 e->e_id = NULL; 828 #endif 829 finis(true, true, ExitStat); 830 } 831 832 /* be sure to give error messages in child */ 833 QuickAbort = false; 834 835 /* 836 ** Close any cached connections. 837 ** 838 ** We don't send the QUIT protocol because the parent 839 ** still knows about the connection. 840 ** 841 ** This should only happen when delivering an error 842 ** message. 843 */ 844 845 mci_flush(false, NULL); 846 847 #if HASFLOCK 848 break; 849 #else /* HASFLOCK */ 850 851 /* 852 ** Now reacquire and run the various queue files. 853 */ 854 855 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 856 { 857 ENVELOPE *sibling = ee->e_sibling; 858 859 (void) dowork(ee->e_qgrp, ee->e_qdir, ee->e_id, 860 false, false, ee); 861 ee->e_sibling = sibling; 862 } 863 (void) dowork(e->e_qgrp, e->e_qdir, e->e_id, 864 false, false, e); 865 finis(true, true, ExitStat); 866 #endif /* HASFLOCK */ 867 } 868 869 sendenvelope(e, mode); 870 (void) dropenvelope(e, true, true); 871 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 872 { 873 CurEnv = ee; 874 if (mode != SM_VERIFY) 875 openxscript(ee); 876 sendenvelope(ee, mode); 877 (void) dropenvelope(ee, true, true); 878 } 879 CurEnv = e; 880 881 Verbose = oldverbose; 882 if (mode == SM_FORK) 883 finis(true, true, ExitStat); 884 } 885 886 static void 887 sendenvelope(e, mode) 888 register ENVELOPE *e; 889 int mode; 890 { 891 register ADDRESS *q; 892 bool didany; 893 894 if (tTd(13, 10)) 895 sm_dprintf("sendenvelope(%s) e_flags=0x%lx\n", 896 e->e_id == NULL ? "[NOQUEUE]" : e->e_id, 897 e->e_flags); 898 if (LogLevel > 80) 899 sm_syslog(LOG_DEBUG, e->e_id, 900 "sendenvelope, flags=0x%lx", 901 e->e_flags); 902 903 /* 904 ** If we have had global, fatal errors, don't bother sending 905 ** the message at all if we are in SMTP mode. Local errors 906 ** (e.g., a single address failing) will still cause the other 907 ** addresses to be sent. 908 */ 909 910 if (bitset(EF_FATALERRS, e->e_flags) && 911 (OpMode == MD_SMTP || OpMode == MD_DAEMON)) 912 { 913 e->e_flags |= EF_CLRQUEUE; 914 return; 915 } 916 917 /* 918 ** Don't attempt deliveries if we want to bounce now 919 ** or if deliver-by time is exceeded. 920 */ 921 922 if (!bitset(EF_RESPONSE, e->e_flags) && 923 (TimeOuts.to_q_return[e->e_timeoutclass] == NOW || 924 (IS_DLVR_RETURN(e) && e->e_deliver_by > 0 && 925 curtime() > e->e_ctime + e->e_deliver_by))) 926 return; 927 928 /* 929 ** Run through the list and send everything. 930 ** 931 ** Set EF_GLOBALERRS so that error messages during delivery 932 ** result in returned mail. 933 */ 934 935 e->e_nsent = 0; 936 e->e_flags |= EF_GLOBALERRS; 937 938 macdefine(&e->e_macro, A_PERM, macid("{envid}"), e->e_envid); 939 macdefine(&e->e_macro, A_PERM, macid("{bodytype}"), e->e_bodytype); 940 didany = false; 941 942 if (!bitset(EF_SPLIT, e->e_flags)) 943 { 944 ENVELOPE *oldsib; 945 ENVELOPE *ee; 946 947 /* 948 ** Save old sibling and set it to NULL to avoid 949 ** queueing up the same envelopes again. 950 ** This requires that envelopes in that list have 951 ** been take care of before (or at some other place). 952 */ 953 954 oldsib = e->e_sibling; 955 e->e_sibling = NULL; 956 if (!split_by_recipient(e) && 957 bitset(EF_FATALERRS, e->e_flags)) 958 { 959 if (OpMode == MD_SMTP || OpMode == MD_DAEMON) 960 e->e_flags |= EF_CLRQUEUE; 961 return; 962 } 963 for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling) 964 queueup(ee, QUP_FL_MSYNC); 965 966 /* clean up */ 967 for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling) 968 { 969 /* now unlock the job */ 970 closexscript(ee); 971 unlockqueue(ee); 972 973 /* this envelope is marked unused */ 974 SM_CLOSE_FP(ee->e_dfp); 975 ee->e_id = NULL; 976 ee->e_flags &= ~EF_HAS_DF; 977 } 978 e->e_sibling = oldsib; 979 } 980 981 /* now run through the queue */ 982 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 983 { 984 #if XDEBUG 985 char wbuf[MAXNAME + 20]; /* EAI: might be too short, but that's ok for debugging */ 986 987 (void) sm_snprintf(wbuf, sizeof(wbuf), "sendall(%.*s)", 988 MAXNAME, q->q_paddr); /* EAI: see above */ 989 checkfd012(wbuf); 990 #endif /* XDEBUG */ 991 if (mode == SM_VERIFY) 992 { 993 e->e_to = q->q_paddr; 994 if (QS_IS_SENDABLE(q->q_state)) 995 { 996 if (q->q_host != NULL && q->q_host[0] != '\0') 997 message("deliverable: mailer %s, host %s, user %s", 998 q->q_mailer->m_name, 999 q->q_host, 1000 q->q_user); 1001 else 1002 message("deliverable: mailer %s, user %s", 1003 q->q_mailer->m_name, 1004 q->q_user); 1005 } 1006 } 1007 else if (QS_IS_OK(q->q_state)) 1008 { 1009 /* 1010 ** Checkpoint the send list every few addresses 1011 */ 1012 1013 if (CheckpointInterval > 0 && 1014 e->e_nsent >= CheckpointInterval) 1015 { 1016 queueup(e, QUP_FL_NONE); 1017 e->e_nsent = 0; 1018 } 1019 (void) deliver(e, q); 1020 didany = true; 1021 } 1022 } 1023 if (didany) 1024 { 1025 e->e_dtime = curtime(); 1026 e->e_ntries++; 1027 } 1028 1029 #if XDEBUG 1030 checkfd012("end of sendenvelope"); 1031 #endif 1032 } 1033 1034 #if REQUIRES_DIR_FSYNC 1035 /* 1036 ** SYNC_DIR -- fsync a directory based on a filename 1037 ** 1038 ** Parameters: 1039 ** filename -- path of file 1040 ** panic -- panic? 1041 ** 1042 ** Returns: 1043 ** none 1044 */ 1045 1046 void 1047 sync_dir(filename, panic) 1048 char *filename; 1049 bool panic; 1050 { 1051 int dirfd; 1052 char *dirp; 1053 char dir[MAXPATHLEN]; 1054 1055 if (!RequiresDirfsync) 1056 return; 1057 1058 /* filesystems which require the directory be synced */ 1059 dirp = strrchr(filename, '/'); 1060 if (dirp != NULL) 1061 { 1062 if (sm_strlcpy(dir, filename, sizeof(dir)) >= sizeof(dir)) 1063 return; 1064 dir[dirp - filename] = '\0'; 1065 dirp = dir; 1066 } 1067 else 1068 dirp = "."; 1069 dirfd = open(dirp, O_RDONLY, 0700); 1070 if (tTd(40,32)) 1071 sm_syslog(LOG_INFO, NOQID, "sync_dir: %s: fsync(%d)", 1072 dirp, dirfd); 1073 if (dirfd >= 0) 1074 { 1075 if (fsync(dirfd) < 0) 1076 { 1077 if (panic) 1078 syserr("!sync_dir: cannot fsync directory %s", 1079 dirp); 1080 else if (LogLevel > 1) 1081 sm_syslog(LOG_ERR, NOQID, 1082 "sync_dir: cannot fsync directory %s: %s", 1083 dirp, sm_errstring(errno)); 1084 } 1085 (void) close(dirfd); 1086 } 1087 } 1088 #endif /* REQUIRES_DIR_FSYNC */ 1089 /* 1090 ** DUP_QUEUE_FILE -- duplicate a queue file into a split queue 1091 ** 1092 ** Parameters: 1093 ** e -- the existing envelope 1094 ** ee -- the new envelope 1095 ** type -- the queue file type (e.g., DATAFL_LETTER) 1096 ** 1097 ** Returns: 1098 ** none 1099 */ 1100 1101 static void 1102 dup_queue_file(e, ee, type) 1103 ENVELOPE *e, *ee; 1104 int type; 1105 { 1106 char f1buf[MAXPATHLEN], f2buf[MAXPATHLEN]; 1107 1108 ee->e_dfp = NULL; 1109 ee->e_xfp = NULL; 1110 1111 /* 1112 ** Make sure both are in the same directory. 1113 */ 1114 1115 (void) sm_strlcpy(f1buf, queuename(e, type), sizeof(f1buf)); 1116 (void) sm_strlcpy(f2buf, queuename(ee, type), sizeof(f2buf)); 1117 1118 /* Force the df to disk if it's not there yet */ 1119 if (type == DATAFL_LETTER && e->e_dfp != NULL && 1120 sm_io_setinfo(e->e_dfp, SM_BF_COMMIT, NULL) < 0 && 1121 errno != EINVAL) 1122 { 1123 syserr("!dup_queue_file: can't commit %s", f1buf); 1124 /* NOTREACHED */ 1125 } 1126 1127 if (link(f1buf, f2buf) < 0) 1128 { 1129 int save_errno = errno; 1130 1131 syserr("sendall: link(%s, %s)", f1buf, f2buf); 1132 if (save_errno == EEXIST) 1133 { 1134 if (unlink(f2buf) < 0) 1135 { 1136 syserr("!sendall: unlink(%s): permanent", 1137 f2buf); 1138 /* NOTREACHED */ 1139 } 1140 if (link(f1buf, f2buf) < 0) 1141 { 1142 syserr("!sendall: link(%s, %s): permanent", 1143 f1buf, f2buf); 1144 /* NOTREACHED */ 1145 } 1146 } 1147 } 1148 SYNC_DIR(f2buf, true); 1149 } 1150 /* 1151 ** DOFORK -- do a fork, retrying a couple of times on failure. 1152 ** 1153 ** This MUST be a macro, since after a vfork we are running 1154 ** two processes on the same stack!!! 1155 ** 1156 ** Parameters: 1157 ** none. 1158 ** 1159 ** Returns: 1160 ** From a macro??? You've got to be kidding! 1161 ** 1162 ** Side Effects: 1163 ** Modifies the ==> LOCAL <== variable 'pid', leaving: 1164 ** pid of child in parent, zero in child. 1165 ** -1 on unrecoverable error. 1166 ** 1167 ** Notes: 1168 ** I'm awfully sorry this looks so awful. That's 1169 ** vfork for you..... 1170 */ 1171 1172 #define NFORKTRIES 5 1173 1174 #ifndef FORK 1175 # define FORK fork 1176 #endif 1177 1178 #define DOFORK(fORKfN) \ 1179 {\ 1180 register int i;\ 1181 \ 1182 for (i = NFORKTRIES; --i >= 0; )\ 1183 {\ 1184 pid = fORKfN();\ 1185 if (pid >= 0)\ 1186 break;\ 1187 if (i > 0)\ 1188 (void) sleep((unsigned) NFORKTRIES - i);\ 1189 }\ 1190 } 1191 /* 1192 ** DOFORK -- simple fork interface to DOFORK. 1193 ** 1194 ** Parameters: 1195 ** none. 1196 ** 1197 ** Returns: 1198 ** pid of child in parent. 1199 ** zero in child. 1200 ** -1 on error. 1201 ** 1202 ** Side Effects: 1203 ** returns twice, once in parent and once in child. 1204 */ 1205 1206 pid_t 1207 dofork() 1208 { 1209 register pid_t pid = -1; 1210 1211 DOFORK(fork); 1212 return pid; 1213 } 1214 1215 /* 1216 ** COLONCMP -- compare host-signatures up to first ':' or EOS 1217 ** 1218 ** This takes two strings which happen to be host-signatures and 1219 ** compares them. If the lowest preference portions of the MX-RR's 1220 ** match (up to ':' or EOS, whichever is first), then we have 1221 ** match. This is used for coattail-piggybacking messages during 1222 ** message delivery. 1223 ** If the signatures are the same up to the first ':' the remainder of 1224 ** the signatures are then compared with a normal strcmp(). This saves 1225 ** re-examining the first part of the signatures. 1226 ** 1227 ** Parameters: 1228 ** a - first host-signature 1229 ** b - second host-signature 1230 ** 1231 ** Returns: 1232 ** HS_MATCH_NO -- no "match". 1233 ** HS_MATCH_FIRST -- "match" for the first MX preference 1234 ** (up to the first colon (':')). 1235 ** HS_MATCH_FULL -- match for the entire MX record. 1236 ** HS_MATCH_SKIP -- match but only one of the entries has a "mark" 1237 ** 1238 ** Side Effects: 1239 ** none. 1240 */ 1241 1242 #define HS_MATCH_NO 0 1243 #define HS_MATCH_FIRST 1 1244 #define HS_MATCH_FULL 2 1245 #define HS_MATCH_SKIP 4 1246 1247 static int 1248 coloncmp(a, b) 1249 register const char *a; 1250 register const char *b; 1251 { 1252 int ret = HS_MATCH_NO; 1253 int braclev = 0; 1254 # if HSMARKS 1255 bool a_hsmark = false; 1256 bool b_hsmark = false; 1257 1258 if (HSM_AD == *a) 1259 { 1260 a_hsmark = true; 1261 ++a; 1262 } 1263 if (HSM_AD == *b) 1264 { 1265 b_hsmark = true; 1266 ++b; 1267 } 1268 # endif 1269 while (*a == *b++) 1270 { 1271 /* Need to account for IPv6 bracketed addresses */ 1272 if (*a == '[') 1273 braclev++; 1274 else if (*a == ']' && braclev > 0) 1275 braclev--; 1276 else if (*a == ':' && braclev <= 0) 1277 { 1278 ret = HS_MATCH_FIRST; 1279 a++; 1280 break; 1281 } 1282 else if (*a == '\0') 1283 { 1284 # if HSMARKS 1285 /* exactly one mark */ 1286 if (a_hsmark != b_hsmark) 1287 return HS_MATCH_SKIP; 1288 # endif 1289 return HS_MATCH_FULL; /* a full match */ 1290 } 1291 a++; 1292 } 1293 if (ret == HS_MATCH_NO && 1294 braclev <= 0 && 1295 ((*a == '\0' && *(b - 1) == ':') || 1296 (*a == ':' && *(b - 1) == '\0'))) 1297 return HS_MATCH_FIRST; 1298 if (ret == HS_MATCH_FIRST && strcmp(a, b) == 0) 1299 { 1300 # if HSMARKS 1301 /* exactly one mark */ 1302 if (a_hsmark != b_hsmark) 1303 return HS_MATCH_SKIP; 1304 # endif 1305 return HS_MATCH_FULL; 1306 } 1307 1308 return ret; 1309 } 1310 1311 /* 1312 ** SHOULD_TRY_FBSH -- Should try FallbackSmartHost? 1313 ** 1314 ** Parameters: 1315 ** e -- envelope 1316 ** tried_fallbacksmarthost -- has been tried already? (in/out) 1317 ** hostbuf -- buffer for hostname (expand FallbackSmartHost) (out) 1318 ** hbsz -- size of hostbuf 1319 ** status -- current delivery status 1320 ** 1321 ** Returns: 1322 ** true iff FallbackSmartHost should be tried. 1323 */ 1324 1325 static bool should_try_fbsh __P((ENVELOPE *, bool *, char *, size_t, int)); 1326 1327 static bool 1328 should_try_fbsh(e, tried_fallbacksmarthost, hostbuf, hbsz, status) 1329 ENVELOPE *e; 1330 bool *tried_fallbacksmarthost; 1331 char *hostbuf; 1332 size_t hbsz; 1333 int status; 1334 { 1335 /* 1336 ** If the host was not found or a temporary failure occurred 1337 ** and a FallbackSmartHost is defined (and we have not yet 1338 ** tried it), then make one last try with it as the host. 1339 */ 1340 1341 if ((status == EX_NOHOST || status == EX_TEMPFAIL) && 1342 FallbackSmartHost != NULL && !*tried_fallbacksmarthost) 1343 { 1344 *tried_fallbacksmarthost = true; 1345 expand(FallbackSmartHost, hostbuf, hbsz, e); 1346 if (!wordinclass(hostbuf, 'w')) 1347 { 1348 if (tTd(11, 1)) 1349 sm_dprintf("one last try with FallbackSmartHost %s\n", 1350 hostbuf); 1351 return true; 1352 } 1353 } 1354 return false; 1355 } 1356 1357 #if STARTTLS || SASL 1358 /* 1359 ** CLTFEATURES -- Get features for SMTP client 1360 ** 1361 ** Parameters: 1362 ** e -- envelope 1363 ** servername -- name of server. 1364 ** 1365 ** Returns: 1366 ** EX_OK or EX_TEMPFAIL 1367 */ 1368 1369 static int cltfeatures __P((ENVELOPE *, char *)); 1370 static int 1371 cltfeatures(e, servername) 1372 ENVELOPE *e; 1373 char *servername; 1374 { 1375 int r, i, idx; 1376 char **pvp, c; 1377 char pvpbuf[PSBUFSIZE]; 1378 char flags[64]; /* XXX */ 1379 1380 SM_ASSERT(e != NULL); 1381 SM_ASSERT(e->e_mci != NULL); 1382 macdefine(&e->e_mci->mci_macro, A_PERM, macid("{client_flags}"), ""); 1383 pvp = NULL; 1384 r = rscap("clt_features", servername, NULL, e, &pvp, pvpbuf, 1385 sizeof(pvpbuf)); 1386 if (r != EX_OK) 1387 return EX_OK; 1388 if (pvp == NULL || pvp[0] == NULL || (pvp[0][0] & 0377) != CANONNET) 1389 return EX_OK; 1390 if (pvp[1] != NULL && sm_strncasecmp(pvp[1], "temp", 4) == 0) 1391 return EX_TEMPFAIL; 1392 1393 /* XXX Note: this does not inherit defaults! */ 1394 for (idx = 0, i = 1; pvp[i] != NULL; i++) 1395 { 1396 c = pvp[i][0]; 1397 if (!(isascii(c) && !isspace(c) && isprint(c))) 1398 continue; 1399 if (idx >= sizeof(flags) - 4) 1400 break; 1401 flags[idx++] = c; 1402 if (isupper(c)) 1403 flags[idx++] = c; 1404 flags[idx++] = ' '; 1405 } 1406 flags[idx] = '\0'; 1407 1408 macdefine(&e->e_mci->mci_macro, A_TEMP, macid("{client_flags}"), flags); 1409 if (tTd(10, 30)) 1410 sm_dprintf("cltfeatures: server=%s, mci=%p, flags=%s, {client_flags}=%s\n", 1411 servername, e->e_mci, flags, 1412 macvalue(macid("{client_flags}"), e)); 1413 return EX_OK; 1414 } 1415 #endif /* STARTTLS || SASL */ 1416 1417 #if _FFR_LOG_FAILOVER 1418 /* 1419 ** LOGFAILOVER -- log reason why trying another host 1420 ** 1421 ** Parameters: 1422 ** e -- envelope 1423 ** m -- the mailer info for this mailer 1424 ** mci -- mailer connection information 1425 ** rcode -- the code signifying the particular failure 1426 ** rcpt -- current RCPT 1427 ** 1428 ** Returns: 1429 ** none. 1430 */ 1431 1432 static void logfailover __P((ENVELOPE *, MAILER *, MCI *, int, ADDRESS *)); 1433 static void 1434 logfailover(e, m, mci, rcode, rcpt) 1435 ENVELOPE *e; 1436 MAILER *m; 1437 MCI *mci; 1438 int rcode; 1439 ADDRESS *rcpt; 1440 { 1441 char buf[MAXNAME]; 1442 char cbuf[SM_MAX(SYSLOG_BUFSIZE, MAXNAME)]; 1443 1444 buf[0] = '\0'; 1445 cbuf[0] = '\0'; 1446 sm_strlcat(cbuf, "deliver: ", sizeof(cbuf)); 1447 if (m != NULL && m->m_name != NULL) 1448 { 1449 sm_snprintf(buf, sizeof(buf), 1450 "mailer=%s, ", m->m_name); 1451 sm_strlcat(cbuf, buf, sizeof(cbuf)); 1452 } 1453 if (mci != NULL && mci->mci_host != NULL) 1454 { 1455 extern SOCKADDR CurHostAddr; 1456 1457 sm_snprintf(buf, sizeof(buf), 1458 "relay=%.100s", mci->mci_host); 1459 sm_strlcat(cbuf, buf, sizeof(cbuf)); 1460 if (CurHostAddr.sa.sa_family != 0) 1461 { 1462 sm_snprintf(buf, sizeof(buf), 1463 " [%.100s]", 1464 anynet_ntoa(&CurHostAddr)); 1465 sm_strlcat(cbuf, buf, sizeof(cbuf)); 1466 } 1467 sm_strlcat(cbuf, ", ", sizeof(cbuf)); 1468 } 1469 if (mci != NULL) 1470 { 1471 if (mci->mci_state >= 0 && mci->mci_state < SM_ARRAY_SIZE(mcis)) 1472 sm_snprintf(buf, sizeof(buf), 1473 "state=%s, ", mcis[mci->mci_state]); 1474 else 1475 sm_snprintf(buf, sizeof(buf), 1476 "state=%d, ", mci->mci_state); 1477 sm_strlcat(cbuf, buf, sizeof(cbuf)); 1478 } 1479 if (tTd(11, 64)) 1480 { 1481 sm_snprintf(buf, sizeof(buf), 1482 "rcode=%d, okrcpts=%d, retryrcpt=%d, e_rcode=%d, ", 1483 rcode, mci->mci_okrcpts, mci->mci_retryrcpt, 1484 e->e_rcode); 1485 sm_strlcat(cbuf, buf, sizeof(cbuf)); 1486 } 1487 if (rcode != EX_OK && rcpt != NULL 1488 && !SM_IS_EMPTY(rcpt->q_rstatus) 1489 && !bitset(QINTREPLY, rcpt->q_flags)) 1490 { 1491 sm_snprintf(buf, sizeof(buf), 1492 "q_rstatus=%s, ", rcpt->q_rstatus); 1493 sm_strlcat(cbuf, buf, sizeof(cbuf)); 1494 } 1495 else if (e->e_text != NULL) 1496 { 1497 sm_snprintf(buf, sizeof(buf), 1498 "reply=%d %s%s%s, ", 1499 e->e_rcode, 1500 e->e_renhsc, 1501 (e->e_renhsc[0] != '\0') ? " " : "", 1502 e->e_text); 1503 sm_strlcat(cbuf, buf, sizeof(cbuf)); 1504 } 1505 sm_strlcat(cbuf, 1506 "stat=tempfail: trying next host", 1507 sizeof(cbuf)); 1508 sm_syslog(LOG_INFO, e->e_id, "%s", cbuf); 1509 } 1510 #else /* _FFR_LOG_FAILOVER */ 1511 # define logfailover(e, m, mci, rcode, rcpt) ((void) 0) 1512 #endif /* _FFR_LOG_FAILOVER */ 1513 1514 #if STARTTLS || SASL 1515 # define RM_TRAIL_DOT(name) \ 1516 do { \ 1517 dotpos = strlen(name) - 1; \ 1518 if (dotpos >= 0) \ 1519 { \ 1520 if (name[dotpos] == '.') \ 1521 name[dotpos] = '\0'; \ 1522 else \ 1523 dotpos = -1; \ 1524 } \ 1525 } while (0) 1526 1527 # define FIX_TRAIL_DOT(name) \ 1528 do { \ 1529 if (dotpos >= 0) \ 1530 name[dotpos] = '.'; \ 1531 } while (0) 1532 1533 1534 /* 1535 ** SETSERVERMACROS -- set ${server_addr} and ${server_name} 1536 ** 1537 ** Parameters: 1538 ** mci -- mailer connection information 1539 ** pdotpos -- return pointer to former dot position in hostname 1540 ** 1541 ** Returns: 1542 ** server name 1543 */ 1544 1545 static char *setservermacros __P((MCI *, int *)); 1546 1547 static char * 1548 setservermacros(mci, pdotpos) 1549 MCI *mci; 1550 int *pdotpos; 1551 { 1552 char *srvname; 1553 int dotpos; 1554 extern SOCKADDR CurHostAddr; 1555 1556 /* don't use CurHostName, it is changed in many places */ 1557 if (mci->mci_host != NULL) 1558 { 1559 srvname = mci->mci_host; 1560 RM_TRAIL_DOT(srvname); 1561 } 1562 else if (mci->mci_mailer != NULL) 1563 { 1564 srvname = mci->mci_mailer->m_name; 1565 dotpos = -1; 1566 } 1567 else 1568 { 1569 srvname = "local"; 1570 dotpos = -1; 1571 } 1572 1573 /* don't set {server_name} to NULL or "": see getauth() */ 1574 macdefine(&mci->mci_macro, A_TEMP, macid("{server_name}"), 1575 srvname); 1576 1577 /* CurHostAddr is set by makeconnection() and mci_get() */ 1578 if (CurHostAddr.sa.sa_family != 0) 1579 { 1580 macdefine(&mci->mci_macro, A_TEMP, 1581 macid("{server_addr}"), 1582 anynet_ntoa(&CurHostAddr)); 1583 } 1584 else if (mci->mci_mailer != NULL) 1585 { 1586 /* mailer name is unique, use it as address */ 1587 macdefine(&mci->mci_macro, A_PERM, 1588 macid("{server_addr}"), 1589 mci->mci_mailer->m_name); 1590 } 1591 else 1592 { 1593 /* don't set it to NULL or "": see getauth() */ 1594 macdefine(&mci->mci_macro, A_PERM, 1595 macid("{server_addr}"), "0"); 1596 } 1597 1598 if (pdotpos != NULL) 1599 *pdotpos = dotpos; 1600 else 1601 FIX_TRAIL_DOT(srvname); 1602 return srvname; 1603 } 1604 #endif /* STARTTLS || SASL */ 1605 1606 /* 1607 ** DELIVER -- Deliver a message to a list of addresses. 1608 ** 1609 ** This routine delivers to everyone on the same host as the 1610 ** user on the head of the list. It is clever about mailers 1611 ** that don't handle multiple users. It is NOT guaranteed 1612 ** that it will deliver to all these addresses however -- so 1613 ** deliver should be called once for each address on the list. 1614 ** Deliver tries to be as opportunistic as possible about piggybacking 1615 ** messages. Some definitions to make understanding easier follow below. 1616 ** Piggybacking occurs when an existing connection to a mail host can 1617 ** be used to send the same message to more than one recipient at the 1618 ** same time. So "no piggybacking" means one message for one recipient 1619 ** per connection. "Intentional piggybacking" happens when the 1620 ** recipients' host address (not the mail host address) is used to 1621 ** attempt piggybacking. Recipients with the same host address 1622 ** have the same mail host. "Coincidental piggybacking" relies on 1623 ** piggybacking based on all the mail host addresses in the MX-RR. This 1624 ** is "coincidental" in the fact it could not be predicted until the 1625 ** MX Resource Records for the hosts were obtained and examined. For 1626 ** example (preference order and equivalence is important, not values): 1627 ** domain1 IN MX 10 mxhost-A 1628 ** IN MX 20 mxhost-B 1629 ** domain2 IN MX 4 mxhost-A 1630 ** IN MX 8 mxhost-B 1631 ** Domain1 and domain2 can piggyback the same message to mxhost-A or 1632 ** mxhost-B (if mxhost-A cannot be reached). 1633 ** "Coattail piggybacking" relaxes the strictness of "coincidental 1634 ** piggybacking" in the hope that most significant (lowest value) 1635 ** MX preference host(s) can create more piggybacking. For example 1636 ** (again, preference order and equivalence is important, not values): 1637 ** domain3 IN MX 100 mxhost-C 1638 ** IN MX 100 mxhost-D 1639 ** IN MX 200 mxhost-E 1640 ** domain4 IN MX 50 mxhost-C 1641 ** IN MX 50 mxhost-D 1642 ** IN MX 80 mxhost-F 1643 ** A message for domain3 and domain4 can piggyback to mxhost-C if mxhost-C 1644 ** is available. Same with mxhost-D because in both RR's the preference 1645 ** value is the same as mxhost-C, respectively. 1646 ** So deliver attempts coattail piggybacking when possible. If the 1647 ** first MX preference level hosts cannot be used then the piggybacking 1648 ** reverts to coincidental piggybacking. Using the above example you 1649 ** cannot deliver to mxhost-F for domain3 regardless of preference value. 1650 ** ("Coattail" from "riding on the coattails of your predecessor" meaning 1651 ** gaining benefit from a predecessor effort with no or little addition 1652 ** effort. The predecessor here being the preceding MX RR). 1653 ** 1654 ** Parameters: 1655 ** e -- the envelope to deliver. 1656 ** firstto -- head of the address list to deliver to. 1657 ** 1658 ** Returns: 1659 ** zero -- successfully delivered. 1660 ** else -- some failure, see ExitStat for more info. 1661 ** 1662 ** Side Effects: 1663 ** The standard input is passed off to someone. 1664 */ 1665 1666 #if !_FFR_DMTRIGGER 1667 static 1668 #endif 1669 int 1670 deliver(e, firstto) 1671 register ENVELOPE *e; 1672 ADDRESS *firstto; 1673 { 1674 char *host; /* host being sent to */ 1675 char *user; /* user being sent to */ 1676 char **pvp; 1677 register char **mvp; 1678 register char *p; 1679 register MAILER *m; /* mailer for this recipient */ 1680 ADDRESS *volatile ctladdr; 1681 #if HASSETUSERCONTEXT 1682 ADDRESS *volatile contextaddr = NULL; 1683 #endif 1684 register MCI *volatile mci; 1685 register ADDRESS *SM_NONVOLATILE to = firstto; 1686 volatile bool clever = false; /* running user smtp to this mailer */ 1687 ADDRESS *volatile tochain = NULL; /* users chain in this mailer call */ 1688 int rcode; /* response code */ 1689 SM_NONVOLATILE int lmtp_rcode = EX_OK; 1690 SM_NONVOLATILE int nummxhosts = 0; /* number of MX hosts available */ 1691 SM_NONVOLATILE int hostnum = 0; /* current MX host index */ 1692 char *firstsig; /* signature of firstto */ 1693 volatile pid_t pid = -1; 1694 char *volatile curhost; 1695 SM_NONVOLATILE unsigned short port = 0; 1696 SM_NONVOLATILE time_t enough = 0; 1697 #if NETUNIX 1698 char *SM_NONVOLATILE mux_path = NULL; /* path to UNIX domain socket */ 1699 #endif 1700 time_t xstart; 1701 bool suidwarn; 1702 bool anyok; /* at least one address was OK */ 1703 SM_NONVOLATILE bool goodmxfound = false; /* at least one MX was OK */ 1704 bool ovr; 1705 bool quarantine; 1706 #if STARTTLS 1707 bool implicittls = false; 1708 # if _FFR_SMTPS_CLIENT 1709 bool smtptls = false; 1710 # endif 1711 /* 0: try TLS, 1: try without TLS again, >1: don't try again */ 1712 int tlsstate; 1713 # if DANE 1714 dane_vrfy_ctx_T dane_vrfy_ctx; 1715 STAB *ste; 1716 char *vrfy; 1717 int dane_req; 1718 1719 /* should this allow DANE_ALWAYS == DANEMODE(dane)? */ 1720 # define RCPT_MXSECURE(rcpt) (0 != ((rcpt)->q_flags & QMXSECURE)) 1721 1722 # define STE_HAS_TLSA(ste) ((ste) != NULL && (ste)->s_tlsa != NULL) 1723 1724 /* NOTE: the following macros use some local variables directly! */ 1725 # define RCPT_HAS_DANE(rcpt) (RCPT_MXSECURE(rcpt) \ 1726 && !iscltflgset(e, D_NODANE) \ 1727 && STE_HAS_TLSA(ste) \ 1728 && (0 == (dane_vrfy_ctx.dane_vrfy_chk & TLSAFLTEMPVRFY)) \ 1729 && (0 != (dane_vrfy_ctx.dane_vrfy_chk & TLSAFLADIP)) \ 1730 && CHK_DANE(dane_vrfy_ctx.dane_vrfy_chk) \ 1731 ) 1732 1733 # define RCPT_REQ_DANE(rcpt) (RCPT_HAS_DANE(rcpt) \ 1734 && TLSA_IS_FL(ste->s_tlsa, TLSAFLSUP)) 1735 1736 # define RCPT_REQ_TLS(rcpt) (RCPT_HAS_DANE(rcpt) \ 1737 && TLSA_IS_FL(ste->s_tlsa, TLSAFLUNS)) 1738 1739 # define CHK_DANE_RCPT(dane, rcpt) (CHK_DANE(dane) && \ 1740 (RCPT_MXSECURE(rcpt) || DANE_ALWAYS == DANEMODE(dane))) 1741 1742 BITMAP256 mxads; 1743 # endif /* DANE */ 1744 #endif /* STARTTLS */ 1745 int strsize; 1746 int rcptcount; 1747 int ret; 1748 static int tobufsize = 0; 1749 static char *tobuf = NULL; 1750 char *rpath; /* translated return path */ 1751 int mpvect[2]; 1752 int rpvect[2]; 1753 char *mxhosts[MAXMXHOSTS + 1]; 1754 char *pv[MAXPV + 1]; 1755 char buf[MAXNAME + 1]; /* EAI:ok */ 1756 char cbuf[MAXPATHLEN]; 1757 #if _FFR_8BITENVADDR 1758 char xbuf[SM_MAX(SYSLOG_BUFSIZE, MAXNAME)]; 1759 #endif 1760 1761 errno = 0; 1762 SM_REQUIRE(firstto != NULL); /* same as to */ 1763 if (!QS_IS_OK(to->q_state)) 1764 return 0; 1765 1766 suidwarn = geteuid() == 0; 1767 1768 SM_REQUIRE(e != NULL); 1769 m = to->q_mailer; 1770 host = to->q_host; 1771 CurEnv = e; /* just in case */ 1772 e->e_statmsg = NULL; 1773 SmtpError[0] = '\0'; 1774 xstart = curtime(); 1775 #if STARTTLS 1776 tlsstate = 0; 1777 # if DANE 1778 memset(&dane_vrfy_ctx, '\0', sizeof(dane_vrfy_ctx)); 1779 ste = NULL; 1780 # endif 1781 #endif 1782 1783 if (tTd(10, 1)) 1784 sm_dprintf("\n--deliver, id=%s, mailer=%s, host=`%s', first user=`%s'\n", 1785 e->e_id, m->m_name, host, to->q_user); 1786 if (tTd(10, 100)) 1787 printopenfds(false); 1788 maps_reset_chged("deliver"); 1789 1790 /* 1791 ** Clear {client_*} macros if this is a bounce message to 1792 ** prevent rejection by check_compat ruleset. 1793 */ 1794 1795 if (bitset(EF_RESPONSE, e->e_flags)) 1796 { 1797 macdefine(&e->e_macro, A_PERM, macid("{client_name}"), ""); 1798 macdefine(&e->e_macro, A_PERM, macid("{client_ptr}"), ""); 1799 macdefine(&e->e_macro, A_PERM, macid("{client_addr}"), ""); 1800 macdefine(&e->e_macro, A_PERM, macid("{client_port}"), ""); 1801 macdefine(&e->e_macro, A_PERM, macid("{client_resolve}"), ""); 1802 } 1803 1804 SM_TRY 1805 { 1806 ADDRESS *skip_back = NULL; 1807 1808 /* 1809 ** Do initial argv setup. 1810 ** Insert the mailer name. Notice that $x expansion is 1811 ** NOT done on the mailer name. Then, if the mailer has 1812 ** a picky -f flag, we insert it as appropriate. This 1813 ** code does not check for 'pv' overflow; this places a 1814 ** manifest lower limit of 4 for MAXPV. 1815 ** The from address rewrite is expected to make 1816 ** the address relative to the other end. 1817 */ 1818 1819 /* rewrite from address, using rewriting rules */ 1820 rcode = EX_OK; 1821 SM_ASSERT(e->e_from.q_mailer != NULL); 1822 if (bitnset(M_UDBENVELOPE, e->e_from.q_mailer->m_flags)) 1823 p = e->e_sender; 1824 else 1825 p = e->e_from.q_paddr; 1826 rpath = remotename(p, m, RF_SENDERADDR|RF_CANONICAL, &rcode, e); 1827 if (rcode != EX_OK && bitnset(M_xSMTP, m->m_flags)) 1828 goto cleanup; 1829 1830 /* need to check external format, not internal! */ 1831 if (strlen(rpath) > MAXNAME_I) 1832 { 1833 rpath = shortenstring(rpath, MAXSHORTSTR); 1834 1835 /* avoid bogus errno */ 1836 errno = 0; 1837 syserr("remotename: huge return path %s", rpath); 1838 } 1839 rpath = sm_rpool_strdup_x(e->e_rpool, rpath); 1840 macdefine(&e->e_macro, A_PERM, 'g', rpath); 1841 #if _FFR_8BITENVADDR 1842 host = quote_internal_chars(host, NULL, &strsize, NULL); 1843 #endif 1844 macdefine(&e->e_macro, A_PERM, 'h', host); 1845 Errors = 0; 1846 pvp = pv; 1847 *pvp++ = m->m_argv[0]; 1848 1849 /* ignore long term host status information if mailer flag W is set */ 1850 if (bitnset(M_NOHOSTSTAT, m->m_flags)) 1851 IgnoreHostStatus = true; 1852 1853 /* insert -f or -r flag as appropriate */ 1854 if (FromFlag && 1855 (bitnset(M_FOPT, m->m_flags) || 1856 bitnset(M_ROPT, m->m_flags))) 1857 { 1858 if (bitnset(M_FOPT, m->m_flags)) 1859 *pvp++ = "-f"; 1860 else 1861 *pvp++ = "-r"; 1862 *pvp++ = rpath; 1863 } 1864 1865 /* 1866 ** Append the other fixed parts of the argv. These run 1867 ** up to the first entry containing "$u". There can only 1868 ** be one of these, and there are only a few more slots 1869 ** in the pv after it. 1870 */ 1871 1872 for (mvp = m->m_argv; (p = *++mvp) != NULL; ) 1873 { 1874 /* can't use strchr here because of sign extension problems */ 1875 while (*p != '\0') 1876 { 1877 if ((*p++ & 0377) == MACROEXPAND) 1878 { 1879 if (*p == 'u') 1880 break; 1881 } 1882 } 1883 1884 if (*p != '\0') 1885 break; 1886 1887 /* this entry is safe -- go ahead and process it */ 1888 expand(*mvp, buf, sizeof(buf), e); 1889 p = buf; 1890 #if _FFR_8BITENVADDR 1891 /* apply to all args? */ 1892 if (strcmp(m->m_mailer, "[IPC]") == 0 1893 && ((*mvp)[0] & 0377) == MACROEXPAND 1894 /* for now only apply [i] -> [x] conversion to $h by default */ 1895 # ifndef _FFR_H2X_ONLY 1896 # define _FFR_H2X_ONLY 1 1897 # endif 1898 # if _FFR_H2X_ONLY 1899 && 'h' == (*mvp)[1] && '\0' == (*mvp)[2] 1900 # endif 1901 ) 1902 { 1903 (void) dequote_internal_chars(buf, xbuf, sizeof(xbuf)); 1904 p = xbuf; 1905 if (tTd(10, 33)) 1906 sm_dprintf("expand(%s), dequoted=%s\n", *mvp, p); 1907 } 1908 #endif /* _FFR_8BITENVADDR */ 1909 *pvp++ = sm_rpool_strdup_x(e->e_rpool, p); 1910 if (pvp >= &pv[MAXPV - 3]) 1911 { 1912 syserr("554 5.3.5 Too many parameters to %s before $u", 1913 pv[0]); 1914 rcode = -1; 1915 goto cleanup; 1916 } 1917 } 1918 1919 /* 1920 ** If we have no substitution for the user name in the argument 1921 ** list, we know that we must supply the names otherwise -- and 1922 ** SMTP is the answer!! 1923 */ 1924 1925 if (*mvp == NULL) 1926 { 1927 /* running LMTP or SMTP */ 1928 clever = true; 1929 *pvp = NULL; 1930 setbitn(M_xSMTP, m->m_flags); 1931 } 1932 else if (bitnset(M_LMTP, m->m_flags)) 1933 { 1934 /* not running LMTP */ 1935 sm_syslog(LOG_ERR, NULL, 1936 "Warning: mailer %s: LMTP flag (F=z) turned off", 1937 m->m_name); 1938 clrbitn(M_LMTP, m->m_flags); 1939 } 1940 1941 /* 1942 ** At this point *mvp points to the argument with $u. We 1943 ** run through our address list and append all the addresses 1944 ** we can. If we run out of space, do not fret! We can 1945 ** always send another copy later. 1946 */ 1947 1948 e->e_to = NULL; 1949 strsize = 2; 1950 rcptcount = 0; 1951 ctladdr = NULL; 1952 if (firstto->q_signature == NULL) 1953 firstto->q_signature = hostsignature(firstto->q_mailer, 1954 firstto->q_host, 1955 QISSECURE(firstto), 1956 &firstto->q_flags); 1957 firstsig = firstto->q_signature; 1958 #if DANE 1959 # define NODANEREQYET (-1) 1960 dane_req = NODANEREQYET; 1961 #endif 1962 1963 for (; to != NULL; to = to->q_next) 1964 { 1965 /* avoid sending multiple recipients to dumb mailers */ 1966 if (tochain != NULL && !bitnset(M_MUSER, m->m_flags)) 1967 break; 1968 1969 /* if already sent or not for this host, don't send */ 1970 if (!QS_IS_OK(to->q_state)) /* already sent; look at next */ 1971 continue; 1972 1973 /* 1974 ** Must be same mailer to keep grouping rcpts. 1975 ** If mailers don't match: continue; sendqueue is not 1976 ** sorted by mailers, so don't break; 1977 */ 1978 1979 if (to->q_mailer != firstto->q_mailer) 1980 continue; 1981 1982 if (to->q_signature == NULL) /* for safety */ 1983 to->q_signature = hostsignature(to->q_mailer, 1984 to->q_host, 1985 QISSECURE(to), 1986 &to->q_flags); 1987 1988 /* 1989 ** This is for coincidental and tailcoat piggybacking messages 1990 ** to the same mail host. While the signatures are identical 1991 ** (that's the MX-RR's are identical) we can do coincidental 1992 ** piggybacking. We try hard for coattail piggybacking 1993 ** with the same mail host when the next recipient has the 1994 ** same host at lowest preference. It may be that this 1995 ** won't work out, so 'skip_back' is maintained if a backup 1996 ** to coincidental piggybacking or full signature must happen. 1997 */ 1998 1999 ret = firstto == to ? HS_MATCH_FULL : 2000 coloncmp(to->q_signature, firstsig); 2001 if (ret == HS_MATCH_FULL) 2002 skip_back = to; 2003 else if (ret == HS_MATCH_NO) 2004 break; 2005 # if HSMARKS 2006 else if (ret == HS_MATCH_SKIP) 2007 continue; 2008 # endif 2009 2010 if (!clever) 2011 { 2012 /* avoid overflowing tobuf */ 2013 strsize += strlen(to->q_paddr) + 1; 2014 if (strsize > TOBUFSIZE) 2015 break; 2016 } 2017 2018 if (++rcptcount > to->q_mailer->m_maxrcpt) 2019 break; 2020 2021 #if DANE 2022 if (TTD(10, 30)) 2023 { 2024 char sep = ':'; 2025 2026 parse_hostsignature(to->q_signature, mxhosts, m, mxads); 2027 FIX_MXHOSTS(mxhosts[0], p, sep); 2028 # if HSMARKS 2029 if (MXADS_ISSET(mxads, 0)) 2030 to->q_flags |= QMXSECURE; 2031 else 2032 to->q_flags &= ~QMXSECURE; 2033 # endif 2034 2035 gettlsa(mxhosts[0], NULL, &ste, RCPT_MXSECURE(to) ? TLSAFLADMX : 0, 0, m->m_port); 2036 sm_dprintf("tochain: to=%s, rcptcount=%d, QSECURE=%d, QMXSECURE=%d, MXADS[0]=%d, ste=%p\n", 2037 to->q_user, rcptcount, QISSECURE(to), 2038 RCPT_MXSECURE(to), MXADS_ISSET(mxads, 0), ste); 2039 sm_dprintf("tochain: hostsig=%s, mx=%s, tlsa_n=%d, tlsa_flags=%#lx, chk_dane=%d, dane_req=%d\n" 2040 , to->q_signature, mxhosts[0] 2041 , STE_HAS_TLSA(ste) ? ste->s_tlsa->dane_tlsa_n : -1 2042 , STE_HAS_TLSA(ste) ? ste->s_tlsa->dane_tlsa_flags : -1 2043 , CHK_DANE_RCPT(Dane, to) 2044 , dane_req 2045 ); 2046 if (p != NULL) 2047 *p = sep; 2048 } 2049 if (NODANEREQYET == dane_req) 2050 dane_req = CHK_DANE_RCPT(Dane, to); 2051 else if (dane_req != CHK_DANE_RCPT(Dane, to)) 2052 { 2053 if (tTd(10, 30)) 2054 sm_dprintf("tochain: to=%s, rcptcount=%d, status=skip\n", 2055 to->q_user, rcptcount); 2056 continue; 2057 } 2058 #endif /* DANE */ 2059 2060 /* 2061 ** prepare envelope for new session to avoid leakage 2062 ** between delivery attempts. 2063 */ 2064 2065 smtpclrse(e); 2066 2067 if (tTd(10, 1)) 2068 { 2069 sm_dprintf("\nsend to "); 2070 printaddr(sm_debug_file(), to, false); 2071 } 2072 2073 /* compute effective uid/gid when sending */ 2074 if (bitnset(M_RUNASRCPT, to->q_mailer->m_flags)) 2075 #if HASSETUSERCONTEXT 2076 contextaddr = ctladdr = getctladdr(to); 2077 #else 2078 ctladdr = getctladdr(to); 2079 #endif 2080 2081 if (tTd(10, 2)) 2082 { 2083 sm_dprintf("ctladdr="); 2084 printaddr(sm_debug_file(), ctladdr, false); 2085 } 2086 2087 user = to->q_user; 2088 e->e_to = to->q_paddr; 2089 2090 /* 2091 ** Check to see that these people are allowed to 2092 ** talk to each other. 2093 ** Check also for overflow of e_msgsize. 2094 */ 2095 2096 if (m->m_maxsize != 0 && 2097 (e->e_msgsize > m->m_maxsize || e->e_msgsize < 0)) 2098 { 2099 e->e_flags |= EF_NO_BODY_RETN; 2100 if (bitnset(M_LOCALMAILER, to->q_mailer->m_flags)) 2101 to->q_status = "5.2.3"; 2102 else 2103 to->q_status = "5.3.4"; 2104 2105 /* set to->q_rstatus = NULL; or to the following? */ 2106 usrerrenh(to->q_status, 2107 "552 Message is too large; %ld bytes max", 2108 m->m_maxsize); 2109 markfailure(e, to, NULL, EX_UNAVAILABLE, false); 2110 giveresponse(EX_UNAVAILABLE, to->q_status, m, 2111 NULL, ctladdr, xstart, e, to); 2112 continue; 2113 } 2114 SM_SET_H_ERRNO(0); 2115 ovr = true; 2116 2117 /* do config file checking of compatibility */ 2118 quarantine = (e->e_quarmsg != NULL); 2119 rcode = rscheck("check_compat", e->e_from.q_paddr, to->q_paddr, 2120 e, RSF_RMCOMM|RSF_COUNT, 3, NULL, 2121 e->e_id, NULL, NULL); 2122 if (rcode == EX_OK) 2123 { 2124 /* do in-code checking if not discarding */ 2125 if (!bitset(EF_DISCARD, e->e_flags)) 2126 { 2127 rcode = checkcompat(to, e); 2128 ovr = false; 2129 } 2130 } 2131 if (rcode != EX_OK) 2132 { 2133 markfailure(e, to, NULL, rcode, ovr); 2134 giveresponse(rcode, to->q_status, m, 2135 NULL, ctladdr, xstart, e, to); 2136 continue; 2137 } 2138 if (!quarantine && e->e_quarmsg != NULL) 2139 { 2140 /* 2141 ** check_compat or checkcompat() has tried 2142 ** to quarantine but that isn't supported. 2143 ** Revert the attempt. 2144 */ 2145 2146 e->e_quarmsg = NULL; 2147 macdefine(&e->e_macro, A_PERM, 2148 macid("{quarantine}"), ""); 2149 } 2150 if (bitset(EF_DISCARD, e->e_flags)) 2151 { 2152 if (tTd(10, 5)) 2153 { 2154 sm_dprintf("deliver: discarding recipient "); 2155 printaddr(sm_debug_file(), to, false); 2156 } 2157 2158 /* pretend the message was sent */ 2159 /* XXX should we log something here? */ 2160 to->q_state = QS_DISCARDED; 2161 2162 /* 2163 ** Remove discard bit to prevent discard of 2164 ** future recipients. This is safe because the 2165 ** true "global discard" has been handled before 2166 ** we get here. 2167 */ 2168 2169 e->e_flags &= ~EF_DISCARD; 2170 continue; 2171 } 2172 2173 /* 2174 ** Strip quote bits from names if the mailer is dumb 2175 ** about them. 2176 */ 2177 2178 if (bitnset(M_STRIPQ, m->m_flags)) 2179 { 2180 stripquotes(user); 2181 stripquotes(host); 2182 } 2183 2184 /* 2185 ** Strip all leading backslashes if requested and the 2186 ** next character is alphanumerical (the latter can 2187 ** probably relaxed a bit, see RFC2821). 2188 */ 2189 2190 if (bitnset(M_STRIPBACKSL, m->m_flags) && user[0] == '\\') 2191 stripbackslash(user); 2192 2193 /* hack attack -- delivermail compatibility */ 2194 if (m == ProgMailer && *user == '|') 2195 user++; 2196 2197 /* 2198 ** If an error message has already been given, don't 2199 ** bother to send to this address. 2200 ** 2201 ** >>>>>>>>>> This clause assumes that the local mailer 2202 ** >> NOTE >> cannot do any further aliasing; that 2203 ** >>>>>>>>>> function is subsumed by sendmail. 2204 */ 2205 2206 if (!QS_IS_OK(to->q_state)) 2207 continue; 2208 2209 /* 2210 ** See if this user name is "special". 2211 ** If the user name has a slash in it, assume that this 2212 ** is a file -- send it off without further ado. Note 2213 ** that this type of addresses is not processed along 2214 ** with the others, so we fudge on the To person. 2215 */ 2216 2217 if (strcmp(m->m_mailer, "[FILE]") == 0) 2218 { 2219 macdefine(&e->e_macro, A_PERM, 'u', user); 2220 p = to->q_home; 2221 if (p == NULL && ctladdr != NULL) 2222 p = ctladdr->q_home; 2223 macdefine(&e->e_macro, A_PERM, 'z', p); 2224 expand(m->m_argv[1], buf, sizeof(buf), e); 2225 if (strlen(buf) > 0) 2226 rcode = mailfile(buf, m, ctladdr, SFF_CREAT, e); 2227 else 2228 { 2229 syserr("empty filename specification for mailer %s", 2230 m->m_name); 2231 rcode = EX_CONFIG; 2232 } 2233 giveresponse(rcode, to->q_status, m, NULL, 2234 ctladdr, xstart, e, to); 2235 markfailure(e, to, NULL, rcode, true); 2236 e->e_nsent++; 2237 if (rcode == EX_OK) 2238 { 2239 to->q_state = QS_SENT; 2240 if (bitnset(M_LOCALMAILER, m->m_flags) && 2241 bitset(QPINGONSUCCESS, to->q_flags)) 2242 { 2243 to->q_flags |= QDELIVERED; 2244 to->q_status = "2.1.5"; 2245 (void) sm_io_fprintf(e->e_xfp, 2246 SM_TIME_DEFAULT, 2247 "%s... Successfully delivered\n", 2248 to->q_paddr); 2249 } 2250 } 2251 to->q_statdate = curtime(); 2252 markstats(e, to, STATS_NORMAL); 2253 continue; 2254 } 2255 2256 /* 2257 ** Address is verified -- add this user to mailer 2258 ** argv, and add it to the print list of recipients. 2259 */ 2260 2261 /* link together the chain of recipients */ 2262 to->q_tchain = tochain; 2263 tochain = to; 2264 e->e_to = "[CHAIN]"; 2265 2266 macdefine(&e->e_macro, A_PERM, 'u', user); /* to user */ 2267 p = to->q_home; 2268 if (p == NULL && ctladdr != NULL) 2269 p = ctladdr->q_home; 2270 macdefine(&e->e_macro, A_PERM, 'z', p); /* user's home */ 2271 2272 /* set the ${dsn_notify} macro if applicable */ 2273 if (bitset(QHASNOTIFY, to->q_flags)) 2274 { 2275 char notify[MAXLINE]; 2276 2277 notify[0] = '\0'; 2278 if (bitset(QPINGONSUCCESS, to->q_flags)) 2279 (void) sm_strlcat(notify, "SUCCESS,", 2280 sizeof(notify)); 2281 if (bitset(QPINGONFAILURE, to->q_flags)) 2282 (void) sm_strlcat(notify, "FAILURE,", 2283 sizeof(notify)); 2284 if (bitset(QPINGONDELAY, to->q_flags)) 2285 (void) sm_strlcat(notify, "DELAY,", 2286 sizeof(notify)); 2287 2288 /* Set to NEVER or drop trailing comma */ 2289 if (notify[0] == '\0') 2290 (void) sm_strlcat(notify, "NEVER", 2291 sizeof(notify)); 2292 else 2293 notify[strlen(notify) - 1] = '\0'; 2294 2295 macdefine(&e->e_macro, A_TEMP, 2296 macid("{dsn_notify}"), notify); 2297 } 2298 else 2299 macdefine(&e->e_macro, A_PERM, 2300 macid("{dsn_notify}"), NULL); 2301 2302 /* 2303 ** Expand out this user into argument list. 2304 */ 2305 2306 if (!clever) 2307 { 2308 expand(*mvp, buf, sizeof(buf), e); 2309 p = buf; 2310 #if _FFR_8BITENVADDR 2311 if (((*mvp)[0] & 0377) == MACROEXPAND) 2312 { 2313 (void) dequote_internal_chars(buf, xbuf, sizeof(xbuf)); 2314 p = xbuf; 2315 if (tTd(10, 33)) 2316 sm_dprintf("expand(%s), dequoted=%s\n", *mvp, p); 2317 } 2318 #endif 2319 *pvp++ = sm_rpool_strdup_x(e->e_rpool, p); 2320 if (pvp >= &pv[MAXPV - 2]) 2321 { 2322 /* allow some space for trailing parms */ 2323 break; 2324 } 2325 } 2326 } 2327 2328 /* see if any addresses still exist */ 2329 if (tochain == NULL) 2330 { 2331 rcode = 0; 2332 goto cleanup; 2333 } 2334 2335 /* print out messages as full list */ 2336 strsize = 1; 2337 for (to = tochain; to != NULL; to = to->q_tchain) 2338 strsize += strlen(to->q_paddr) + 1; 2339 if (strsize < TOBUFSIZE) 2340 strsize = TOBUFSIZE; 2341 if (strsize > tobufsize) 2342 { 2343 SM_FREE(tobuf); 2344 tobuf = sm_pmalloc_x(strsize); 2345 tobufsize = strsize; 2346 } 2347 p = tobuf; 2348 *p = '\0'; 2349 for (to = tochain; to != NULL; to = to->q_tchain) 2350 { 2351 (void) sm_strlcpyn(p, tobufsize - (p - tobuf), 2, 2352 ",", to->q_paddr); 2353 p += strlen(p); 2354 } 2355 e->e_to = tobuf + 1; 2356 2357 /* 2358 ** Fill out any parameters after the $u parameter. 2359 */ 2360 2361 if (!clever) 2362 { 2363 while (*++mvp != NULL) 2364 { 2365 expand(*mvp, buf, sizeof(buf), e); 2366 p = buf; 2367 #if _FFR_8BITENVADDR && 0 2368 /* disabled for now - is there a use case for this? */ 2369 if (((*mvp)[0] & 0377) == MACROEXPAND) 2370 { 2371 (void) dequote_internal_chars(buf, xbuf, sizeof(xbuf)); 2372 p = xbuf; 2373 if (tTd(10, 33)) 2374 sm_dprintf("expand(%s), dequoted=%s\n", *mvp, p); 2375 } 2376 #endif 2377 *pvp++ = sm_rpool_strdup_x(e->e_rpool, p); 2378 if (pvp >= &pv[MAXPV]) 2379 syserr("554 5.3.0 deliver: pv overflow after $u for %s", 2380 pv[0]); 2381 } 2382 } 2383 *pvp++ = NULL; 2384 2385 /* 2386 ** Call the mailer. 2387 ** The argument vector gets built, pipes 2388 ** are created as necessary, and we fork & exec as 2389 ** appropriate. 2390 ** If we are running SMTP, we just need to clean up. 2391 */ 2392 2393 /* XXX this seems a bit weird */ 2394 if (ctladdr == NULL && m != ProgMailer && m != FileMailer && 2395 bitset(QGOODUID, e->e_from.q_flags)) 2396 ctladdr = &e->e_from; 2397 2398 #if NAMED_BIND 2399 if (ConfigLevel < 2) 2400 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */ 2401 #endif 2402 2403 if (tTd(11, 1)) 2404 { 2405 sm_dprintf("openmailer:"); 2406 printav(sm_debug_file(), pv); 2407 } 2408 errno = 0; 2409 SM_SET_H_ERRNO(0); 2410 CurHostName = NULL; 2411 2412 /* 2413 ** Deal with the special case of mail handled through an IPC 2414 ** connection. 2415 ** In this case we don't actually fork. We must be 2416 ** running SMTP for this to work. We will return a 2417 ** zero pid to indicate that we are running IPC. 2418 ** We also handle a debug version that just talks to stdin/out. 2419 */ 2420 2421 curhost = NULL; 2422 SmtpPhase = NULL; 2423 mci = NULL; 2424 2425 #if XDEBUG 2426 { 2427 char wbuf[MAXLINE]; 2428 2429 /* make absolutely certain 0, 1, and 2 are in use */ 2430 (void) sm_snprintf(wbuf, sizeof(wbuf), "%s... openmailer(%s)", 2431 shortenstring(e->e_to, MAXSHORTSTR), 2432 m->m_name); 2433 checkfd012(wbuf); 2434 } 2435 #endif /* XDEBUG */ 2436 2437 /* check for 8-bit available */ 2438 if (bitset(EF_HAS8BIT, e->e_flags) && 2439 bitnset(M_7BITS, m->m_flags) && 2440 (bitset(EF_DONT_MIME, e->e_flags) || 2441 !(bitset(MM_MIME8BIT, MimeMode) || 2442 (bitset(EF_IS_MIME, e->e_flags) && 2443 bitset(MM_CVTMIME, MimeMode))))) 2444 { 2445 e->e_status = "5.6.3"; 2446 usrerrenh(e->e_status, 2447 "554 Cannot send 8-bit data to 7-bit destination"); 2448 rcode = EX_DATAERR; 2449 goto give_up; 2450 } 2451 2452 if (tTd(62, 8)) 2453 checkfds("before delivery"); 2454 2455 /* check for Local Person Communication -- not for mortals!!! */ 2456 if (strcmp(m->m_mailer, "[LPC]") == 0) 2457 { 2458 if (clever) 2459 { 2460 /* flush any expired connections */ 2461 (void) mci_scan(NULL); 2462 2463 /* try to get a cached connection or just a slot */ 2464 mci = mci_get(m->m_name, m); 2465 if (mci->mci_host == NULL) 2466 mci->mci_host = m->m_name; 2467 CurHostName = mci->mci_host; 2468 if (mci->mci_state != MCIS_CLOSED) 2469 { 2470 message("Using cached SMTP/LPC connection for %s...", 2471 m->m_name); 2472 mci->mci_deliveries++; 2473 goto do_transfer; 2474 } 2475 } 2476 else 2477 { 2478 mci = mci_new(e->e_rpool); 2479 } 2480 mci->mci_in = smioin; 2481 mci->mci_out = smioout; 2482 mci->mci_mailer = m; 2483 mci->mci_host = m->m_name; 2484 if (clever) 2485 { 2486 mci->mci_state = MCIS_OPENING; 2487 mci_cache(mci); 2488 } 2489 else 2490 mci->mci_state = MCIS_OPEN; 2491 } 2492 else if (strcmp(m->m_mailer, "[IPC]") == 0) 2493 { 2494 register int i; 2495 2496 if (pv[0] == NULL || pv[1] == NULL || pv[1][0] == '\0') 2497 { 2498 syserr("null destination for %s mailer", m->m_mailer); 2499 rcode = EX_CONFIG; 2500 goto give_up; 2501 } 2502 2503 #if NETUNIX 2504 if (strcmp(pv[0], "FILE") == 0) 2505 { 2506 curhost = CurHostName = "localhost"; 2507 mux_path = pv[1]; 2508 } 2509 else 2510 #endif /* NETUNIX */ 2511 /* "else" in #if code above */ 2512 { 2513 CurHostName = pv[1]; 2514 /* XXX ??? */ 2515 curhost = hostsignature(m, pv[1], 2516 QISSECURE(firstto), 2517 &firstto->q_flags); 2518 } 2519 2520 if (curhost == NULL || curhost[0] == '\0') 2521 { 2522 syserr("null host signature for %s", pv[1]); 2523 rcode = EX_CONFIG; 2524 goto give_up; 2525 } 2526 2527 if (!clever) 2528 { 2529 syserr("554 5.3.5 non-clever IPC"); 2530 rcode = EX_CONFIG; 2531 goto give_up; 2532 } 2533 if (pv[2] != NULL 2534 #if NETUNIX 2535 && mux_path == NULL 2536 #endif 2537 ) 2538 { 2539 port = htons((unsigned short) atoi(pv[2])); 2540 if (port == 0) 2541 { 2542 #ifdef NO_GETSERVBYNAME 2543 syserr("Invalid port number: %s", pv[2]); 2544 #else /* NO_GETSERVBYNAME */ 2545 struct servent *sp = getservbyname(pv[2], "tcp"); 2546 2547 if (sp == NULL) 2548 syserr("Service %s unknown", pv[2]); 2549 else 2550 port = sp->s_port; 2551 #endif /* NO_GETSERVBYNAME */ 2552 } 2553 } 2554 2555 nummxhosts = parse_hostsignature(curhost, mxhosts, m 2556 #if DANE 2557 , mxads 2558 #endif 2559 ); 2560 if (TimeOuts.to_aconnect > 0) 2561 enough = curtime() + TimeOuts.to_aconnect; 2562 tryhost: 2563 while (hostnum < nummxhosts) 2564 { 2565 char sep = ':'; 2566 char *endp; 2567 static char hostbuf[MAXNAME_I + 1]; 2568 bool tried_fallbacksmarthost = false; 2569 #if DANE 2570 unsigned long tlsa_flags; 2571 # if HSMARKS 2572 bool mxsecure; 2573 # endif 2574 2575 ste = NULL; 2576 tlsa_flags = 0; 2577 # if HSMARKS 2578 mxsecure = MXADS_ISSET(mxads, hostnum); 2579 # endif 2580 #endif /* DANE */ 2581 FIX_MXHOSTS(mxhosts[hostnum], endp, sep); 2582 2583 if (hostnum == 1 && skip_back != NULL) 2584 { 2585 /* 2586 ** Coattail piggybacking is no longer an 2587 ** option with the mail host next to be tried 2588 ** no longer the lowest MX preference 2589 ** (hostnum == 1 meaning we're on the second 2590 ** preference). We do not try to coattail 2591 ** piggyback more than the first MX preference. 2592 ** Revert 'tochain' to last location for 2593 ** coincidental piggybacking. This works this 2594 ** easily because the q_tchain kept getting 2595 ** added to the top of the linked list. 2596 */ 2597 2598 tochain = skip_back; 2599 } 2600 2601 if (*mxhosts[hostnum] == '\0') 2602 { 2603 syserr("deliver: null host name in signature"); 2604 hostnum++; 2605 if (endp != NULL) 2606 *endp = sep; 2607 continue; 2608 } 2609 (void) sm_strlcpy(hostbuf, mxhosts[hostnum], 2610 sizeof(hostbuf)); 2611 hostnum++; 2612 if (endp != NULL) 2613 *endp = sep; 2614 #if STARTTLS 2615 tlsstate = 0; 2616 #endif 2617 2618 one_last_try: 2619 /* see if we already know that this host is fried */ 2620 CurHostName = hostbuf; 2621 mci = mci_get(hostbuf, m); 2622 2623 #if DANE 2624 tlsa_flags = 0; 2625 # if HSMARKS 2626 if (mxsecure) 2627 firstto->q_flags |= QMXSECURE; 2628 else 2629 firstto->q_flags &= ~QMXSECURE; 2630 # endif 2631 if (TTD(90, 30)) 2632 sm_dprintf("deliver: mci_get: 1: mci=%p, host=%s, mx=%s, ste=%p, dane=%#x, mci_state=%d, QMXSECURE=%d, reqdane=%d, chk_dane_rcpt=%d, firstto=%s, to=%s\n", 2633 mci, host, hostbuf, ste, Dane, 2634 mci->mci_state, RCPT_MXSECURE(firstto), 2635 RCPT_REQ_DANE(firstto), 2636 CHK_DANE_RCPT(Dane, firstto), 2637 firstto->q_user, e->e_to); 2638 2639 if (CHK_DANE_RCPT(Dane, firstto)) 2640 { 2641 (void) gettlsa(hostbuf, NULL, &ste, 2642 RCPT_MXSECURE(firstto) ? TLSAFLADMX : 0, 2643 0, m->m_port); 2644 } 2645 if (TTD(90, 30)) 2646 sm_dprintf("deliver: host=%s, mx=%s, ste=%p, chk_dane=%d\n", 2647 host, hostbuf, ste, 2648 CHK_DANE_RCPT(Dane, firstto)); 2649 2650 /* XXX: check expiration! */ 2651 if (ste != NULL && TLSA_RR_TEMPFAIL(ste->s_tlsa)) 2652 { 2653 if (tTd(11, 1)) 2654 sm_dprintf("skip: host=%s, TLSA_RR_lookup=%d\n" 2655 , hostbuf 2656 , ste->s_tlsa->dane_tlsa_dnsrc); 2657 2658 tlsa_flags |= TLSAFLTEMP; 2659 } 2660 else if (ste != NULL && TTD(90, 30)) 2661 { 2662 if (ste->s_tlsa != NULL) 2663 sm_dprintf("deliver: host=%s, mx=%s, tlsa_n=%d, tlsa_flags=%#lx, ssl=%p, chk=%#x, res=%d\n" 2664 , host, hostbuf 2665 , ste->s_tlsa->dane_tlsa_n 2666 , ste->s_tlsa->dane_tlsa_flags 2667 , mci->mci_ssl 2668 , mci->mci_tlsi.tlsi_dvc.dane_vrfy_chk 2669 , mci->mci_tlsi.tlsi_dvc.dane_vrfy_res 2670 ); 2671 else 2672 sm_dprintf("deliver: host=%s, mx=%s, notlsa\n", host, hostbuf); 2673 } 2674 2675 if (mci->mci_state != MCIS_CLOSED) 2676 { 2677 bool dane_old, dane_new, new_session; 2678 2679 /* CHK_DANE(Dane): implicit via ste != NULL */ 2680 dane_new = !iscltflgset(e, D_NODANE) && 2681 ste != NULL && ste->s_tlsa != NULL && 2682 TLSA_IS_FL(ste->s_tlsa, TLSAFLSUP); 2683 dane_old = CHK_DANE(mci->mci_tlsi.tlsi_dvc.dane_vrfy_chk); 2684 new_session = (dane_old != dane_new); 2685 vrfy = ""; 2686 if (dane_old && new_session) 2687 { 2688 vrfy = macget(&mci->mci_macro, macid("{verify}")); 2689 new_session = NULL == vrfy || strcmp("TRUSTED", vrfy) != 0; 2690 } 2691 if (TTD(11, 32)) 2692 sm_dprintf("deliver: host=%s, mx=%s, dane_old=%d, dane_new=%d, new_session=%d, vrfy=%s\n", 2693 host, hostbuf, dane_old, 2694 dane_new, new_session, vrfy); 2695 if (new_session) 2696 { 2697 if (TTD(11, 34)) 2698 sm_dprintf("deliver: host=%s, mx=%s, old_mci=%p, state=%d\n", 2699 host, hostbuf, 2700 mci, mci->mci_state); 2701 smtpquit(mci->mci_mailer, mci, e); 2702 if (TTD(11, 34)) 2703 sm_dprintf("deliver: host=%s, mx=%s, new_mci=%p, state=%d\n", 2704 host, hostbuf, 2705 mci, mci->mci_state); 2706 } 2707 else 2708 { 2709 /* are tlsa_flags the same as dane_vrfy_chk? */ 2710 tlsa_flags = mci->mci_tlsi.tlsi_dvc.dane_vrfy_chk; 2711 memcpy(&dane_vrfy_ctx, 2712 &mci->mci_tlsi.tlsi_dvc.dane_vrfy_chk, 2713 sizeof(dane_vrfy_ctx)); 2714 dane_vrfy_ctx.dane_vrfy_host = NULL; 2715 dane_vrfy_ctx.dane_vrfy_sni = NULL; 2716 if (TTD(90, 40)) 2717 sm_dprintf("deliver: host=%s, mx=%s, state=reuse, chk=%#x\n", 2718 host, hostbuf, mci->mci_tlsi.tlsi_dvc.dane_vrfy_chk); 2719 } 2720 } 2721 #endif /* DANE */ 2722 if (mci->mci_state != MCIS_CLOSED) 2723 { 2724 char *type; 2725 2726 if (tTd(11, 1)) 2727 { 2728 sm_dprintf("openmailer: "); 2729 mci_dump(sm_debug_file(), mci, false); 2730 } 2731 CurHostName = mci->mci_host; 2732 if (bitnset(M_LMTP, m->m_flags)) 2733 type = "L"; 2734 else if (bitset(MCIF_ESMTP, mci->mci_flags)) 2735 type = "ES"; 2736 else 2737 type = "S"; 2738 message("Using cached %sMTP connection to %s via %s...", 2739 type, hostbuf, m->m_name); 2740 mci->mci_deliveries++; 2741 break; 2742 } 2743 mci->mci_mailer = m; 2744 2745 if (mci->mci_exitstat != EX_OK) 2746 { 2747 if (mci->mci_exitstat == EX_TEMPFAIL) 2748 goodmxfound = true; 2749 2750 /* Try FallbackSmartHost? */ 2751 if (should_try_fbsh(e, &tried_fallbacksmarthost, 2752 hostbuf, sizeof(hostbuf), 2753 mci->mci_exitstat)) 2754 goto one_last_try; 2755 2756 continue; 2757 } 2758 2759 if (mci_lock_host(mci) != EX_OK) 2760 { 2761 mci_setstat(mci, EX_TEMPFAIL, "4.4.5", NULL); 2762 goodmxfound = true; 2763 continue; 2764 } 2765 2766 /* try the connection */ 2767 sm_setproctitle(true, e, "%s %s: %s", 2768 qid_printname(e), 2769 hostbuf, "user open"); 2770 2771 i = EX_OK; 2772 e->e_mci = mci; 2773 #if STARTTLS || SASL 2774 if ((i = cltfeatures(e, hostbuf)) != EX_OK) 2775 { 2776 if (LogLevel > 8) 2777 sm_syslog(LOG_WARNING, e->e_id, 2778 "clt_features=TEMPFAIL, host=%s, status=skipped" 2779 , hostbuf); 2780 /* XXX handle error! */ 2781 (void) sm_strlcpy(SmtpError, 2782 "clt_features=TEMPFAIL", 2783 sizeof(SmtpError)); 2784 # if DANE 2785 tlsa_flags &= ~TLSAFLTEMP; 2786 # endif 2787 } 2788 # if DANE 2789 /* hack: disable DANE if requested */ 2790 if (iscltflgset(e, D_NODANE)) 2791 ste = NULL; 2792 tlsa_flags |= ste != NULL ? Dane : DANE_NEVER; 2793 dane_vrfy_ctx.dane_vrfy_chk = tlsa_flags; 2794 dane_vrfy_ctx.dane_vrfy_port = m->m_port; 2795 if (TTD(11, 11)) 2796 sm_dprintf("deliver: makeconnection=before, chk=%#x, tlsa_flags=%#lx, {client_flags}=%s, stat=%d, dane_enabled=%d\n", 2797 dane_vrfy_ctx.dane_vrfy_chk, 2798 tlsa_flags, 2799 macvalue(macid("{client_flags}"), e), 2800 i, dane_vrfy_ctx.dane_vrfy_dane_enabled); 2801 # endif /* DANE */ 2802 #endif /* STARTTLS || SASL */ 2803 #if NETUNIX 2804 if (mux_path != NULL) 2805 { 2806 message("Connecting to %s via %s...", 2807 mux_path, m->m_name); 2808 if (EX_OK == i) 2809 { 2810 i = makeconnection_ds((char *) mux_path, mci); 2811 #if DANE 2812 /* fake it: "IP is secure" */ 2813 tlsa_flags |= TLSAFLADIP; 2814 #endif 2815 } 2816 } 2817 else 2818 #endif /* NETUNIX */ 2819 /* "else" in #if code above */ 2820 { 2821 if (port == 0) 2822 message("Connecting to %s via %s...", 2823 hostbuf, m->m_name); 2824 else 2825 message("Connecting to %s port %d via %s...", 2826 hostbuf, ntohs(port), 2827 m->m_name); 2828 2829 /* 2830 ** set the current connection information, 2831 ** required to set {client_flags} in e->e_mci 2832 */ 2833 2834 if (EX_OK == i) 2835 i = makeconnection(hostbuf, port, mci, 2836 e, enough 2837 #if DANE 2838 , &tlsa_flags 2839 #endif 2840 ); 2841 } 2842 #if DANE 2843 if (TTD(11, 11)) 2844 sm_dprintf("deliver: makeconnection=after, chk=%#x, tlsa_flags=%#lx, stat=%d\n", 2845 dane_vrfy_ctx.dane_vrfy_chk, 2846 tlsa_flags, i); 2847 #if OLD_WAY_TLSA_FLAGS 2848 if (dane_vrfy_ctx.dane_vrfy_chk != DANE_ALWAYS) 2849 dane_vrfy_ctx.dane_vrfy_chk = DANEMODE(tlsa_flags); 2850 #else 2851 dane_vrfy_ctx.dane_vrfy_chk = tlsa_flags; 2852 #endif 2853 if (EX_TEMPFAIL == i && 2854 ((tlsa_flags & (TLSAFLTEMP|DANE_SECURE)) == 2855 (TLSAFLTEMP|DANE_SECURE))) 2856 { 2857 (void) sm_strlcpy(SmtpError, 2858 " for TLSA RR", 2859 sizeof(SmtpError)); 2860 # if NAMED_BIND 2861 SM_SET_H_ERRNO(TRY_AGAIN); 2862 # endif 2863 } 2864 #endif /* DANE */ 2865 mci->mci_errno = errno; 2866 mci->mci_lastuse = curtime(); 2867 mci->mci_deliveries = 0; 2868 mci->mci_exitstat = i; 2869 mci_clr_extensions(mci); 2870 #if NAMED_BIND 2871 mci->mci_herrno = h_errno; 2872 #endif 2873 2874 /* 2875 ** Have we tried long enough to get a connection? 2876 ** If yes, skip to the fallback MX hosts 2877 ** (if existent). 2878 */ 2879 2880 if (enough > 0 && mci->mci_lastuse >= enough) 2881 { 2882 int h; 2883 #if NAMED_BIND 2884 extern int NumFallbackMXHosts; 2885 #else 2886 const int NumFallbackMXHosts = 0; 2887 #endif 2888 2889 if (hostnum < nummxhosts && LogLevel > 9) 2890 sm_syslog(LOG_INFO, e->e_id, 2891 "Timeout.to_aconnect occurred before exhausting all addresses"); 2892 2893 /* turn off timeout if fallback available */ 2894 if (NumFallbackMXHosts > 0) 2895 enough = 0; 2896 2897 /* skip to a fallback MX host */ 2898 h = nummxhosts - NumFallbackMXHosts; 2899 if (hostnum < h) 2900 hostnum = h; 2901 } 2902 if (i == EX_OK) 2903 { 2904 goodmxfound = true; 2905 markstats(e, firstto, STATS_CONNECT); 2906 mci->mci_state = MCIS_OPENING; 2907 mci_cache(mci); 2908 if (TrafficLogFile != NULL) 2909 (void) sm_io_fprintf(TrafficLogFile, 2910 SM_TIME_DEFAULT, 2911 "%05d === CONNECT %s\n", 2912 (int) CurrentPid, 2913 hostbuf); 2914 break; 2915 } 2916 else 2917 { 2918 /* Try FallbackSmartHost? */ 2919 if (should_try_fbsh(e, &tried_fallbacksmarthost, 2920 hostbuf, sizeof(hostbuf), i)) 2921 goto one_last_try; 2922 2923 if (tTd(11, 1)) 2924 sm_dprintf("openmailer: makeconnection(%s) => stat=%d, errno=%d\n", 2925 hostbuf, i, errno); 2926 if (i == EX_TEMPFAIL) 2927 goodmxfound = true; 2928 mci_unlock_host(mci); 2929 } 2930 2931 /* enter status of this host */ 2932 setstat(i); 2933 2934 /* should print some message here for -v mode */ 2935 } 2936 if (mci == NULL) 2937 { 2938 syserr("deliver: no host name"); 2939 rcode = EX_SOFTWARE; 2940 goto give_up; 2941 } 2942 mci->mci_pid = 0; 2943 } 2944 else 2945 { 2946 /* flush any expired connections */ 2947 (void) mci_scan(NULL); 2948 mci = NULL; 2949 2950 if (bitnset(M_LMTP, m->m_flags)) 2951 { 2952 /* try to get a cached connection */ 2953 mci = mci_get(m->m_name, m); 2954 if (mci->mci_host == NULL) 2955 mci->mci_host = m->m_name; 2956 CurHostName = mci->mci_host; 2957 if (mci->mci_state != MCIS_CLOSED) 2958 { 2959 message("Using cached LMTP connection for %s...", 2960 m->m_name); 2961 mci->mci_deliveries++; 2962 goto do_transfer; 2963 } 2964 } 2965 2966 /* announce the connection to verbose listeners */ 2967 if (host == NULL || host[0] == '\0') 2968 message("Connecting to %s...", m->m_name); 2969 else 2970 message("Connecting to %s via %s...", host, m->m_name); 2971 if (TrafficLogFile != NULL) 2972 { 2973 char **av; 2974 2975 (void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT, 2976 "%05d === EXEC", (int) CurrentPid); 2977 for (av = pv; *av != NULL; av++) 2978 (void) sm_io_fprintf(TrafficLogFile, 2979 SM_TIME_DEFAULT, " %s", 2980 *av); 2981 (void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT, 2982 "\n"); 2983 } 2984 2985 checkfd012("before creating mail pipe"); 2986 2987 /* create a pipe to shove the mail through */ 2988 if (pipe(mpvect) < 0) 2989 { 2990 syserr("%s... openmailer(%s): pipe (to mailer)", 2991 shortenstring(e->e_to, MAXSHORTSTR), m->m_name); 2992 if (tTd(11, 1)) 2993 sm_dprintf("openmailer: NULL\n"); 2994 rcode = EX_OSERR; 2995 goto give_up; 2996 } 2997 2998 #if XDEBUG 2999 /* make sure we didn't get one of the standard I/O files */ 3000 if (mpvect[0] < 3 || mpvect[1] < 3) 3001 { 3002 syserr("%s... openmailer(%s): bogus mpvect %d %d", 3003 shortenstring(e->e_to, MAXSHORTSTR), m->m_name, 3004 mpvect[0], mpvect[1]); 3005 printopenfds(true); 3006 if (tTd(11, 1)) 3007 sm_dprintf("openmailer: NULL\n"); 3008 rcode = EX_OSERR; 3009 goto give_up; 3010 } 3011 3012 /* make sure system call isn't dead meat */ 3013 checkfdopen(mpvect[0], "mpvect[0]"); 3014 checkfdopen(mpvect[1], "mpvect[1]"); 3015 if (mpvect[0] == mpvect[1] || 3016 (e->e_lockfp != NULL && 3017 (mpvect[0] == sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD, 3018 NULL) || 3019 mpvect[1] == sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD, 3020 NULL)))) 3021 { 3022 if (e->e_lockfp == NULL) 3023 syserr("%s... openmailer(%s): overlapping mpvect %d %d", 3024 shortenstring(e->e_to, MAXSHORTSTR), 3025 m->m_name, mpvect[0], mpvect[1]); 3026 else 3027 syserr("%s... openmailer(%s): overlapping mpvect %d %d, lockfp = %d", 3028 shortenstring(e->e_to, MAXSHORTSTR), 3029 m->m_name, mpvect[0], mpvect[1], 3030 sm_io_getinfo(e->e_lockfp, 3031 SM_IO_WHAT_FD, NULL)); 3032 } 3033 #endif /* XDEBUG */ 3034 3035 /* create a return pipe */ 3036 if (pipe(rpvect) < 0) 3037 { 3038 syserr("%s... openmailer(%s): pipe (from mailer)", 3039 shortenstring(e->e_to, MAXSHORTSTR), 3040 m->m_name); 3041 (void) close(mpvect[0]); 3042 (void) close(mpvect[1]); 3043 if (tTd(11, 1)) 3044 sm_dprintf("openmailer: NULL\n"); 3045 rcode = EX_OSERR; 3046 goto give_up; 3047 } 3048 checkfdopen(rpvect[0], "rpvect[0]"); 3049 checkfdopen(rpvect[1], "rpvect[1]"); 3050 3051 /* 3052 ** Actually fork the mailer process. 3053 ** DOFORK is clever about retrying. 3054 ** 3055 ** Dispose of SIGCHLD signal catchers that may be laying 3056 ** around so that endmailer will get it. 3057 */ 3058 3059 if (e->e_xfp != NULL) /* for debugging */ 3060 (void) sm_io_flush(e->e_xfp, SM_TIME_DEFAULT); 3061 (void) sm_io_flush(smioout, SM_TIME_DEFAULT); 3062 (void) sm_signal(SIGCHLD, SIG_DFL); 3063 3064 3065 DOFORK(FORK); 3066 /* pid is set by DOFORK */ 3067 3068 if (pid < 0) 3069 { 3070 /* failure */ 3071 syserr("%s... openmailer(%s): cannot fork", 3072 shortenstring(e->e_to, MAXSHORTSTR), m->m_name); 3073 (void) close(mpvect[0]); 3074 (void) close(mpvect[1]); 3075 (void) close(rpvect[0]); 3076 (void) close(rpvect[1]); 3077 if (tTd(11, 1)) 3078 sm_dprintf("openmailer: NULL\n"); 3079 rcode = EX_OSERR; 3080 goto give_up; 3081 } 3082 else if (pid == 0) 3083 { 3084 int save_errno; 3085 int sff; 3086 int new_euid = NO_UID; 3087 int new_ruid = NO_UID; 3088 int new_gid = NO_GID; 3089 char *user = NULL; 3090 struct stat stb; 3091 extern int DtableSize; 3092 3093 CurrentPid = getpid(); 3094 3095 /* clear the events to turn off SIGALRMs */ 3096 sm_clear_events(); 3097 3098 /* Reset global flags */ 3099 RestartRequest = NULL; 3100 RestartWorkGroup = false; 3101 ShutdownRequest = NULL; 3102 PendingSignal = 0; 3103 3104 if (e->e_lockfp != NULL) 3105 (void) close(sm_io_getinfo(e->e_lockfp, 3106 SM_IO_WHAT_FD, 3107 NULL)); 3108 3109 /* child -- set up input & exec mailer */ 3110 (void) sm_signal(SIGALRM, sm_signal_noop); 3111 (void) sm_signal(SIGCHLD, SIG_DFL); 3112 (void) sm_signal(SIGHUP, SIG_IGN); 3113 (void) sm_signal(SIGINT, SIG_IGN); 3114 (void) sm_signal(SIGTERM, SIG_DFL); 3115 #ifdef SIGUSR1 3116 (void) sm_signal(SIGUSR1, sm_signal_noop); 3117 #endif 3118 3119 if (m != FileMailer || stat(tochain->q_user, &stb) < 0) 3120 stb.st_mode = 0; 3121 3122 #if HASSETUSERCONTEXT 3123 /* 3124 ** Set user resources. 3125 */ 3126 3127 if (contextaddr != NULL) 3128 { 3129 int sucflags; 3130 struct passwd *pwd; 3131 3132 if (contextaddr->q_ruser != NULL) 3133 pwd = sm_getpwnam(contextaddr->q_ruser); 3134 else 3135 pwd = sm_getpwnam(contextaddr->q_user); 3136 sucflags = LOGIN_SETRESOURCES|LOGIN_SETPRIORITY; 3137 # ifdef LOGIN_SETCPUMASK 3138 sucflags |= LOGIN_SETCPUMASK; 3139 # endif 3140 # ifdef LOGIN_SETLOGINCLASS 3141 sucflags |= LOGIN_SETLOGINCLASS; 3142 # endif 3143 # ifdef LOGIN_SETMAC 3144 sucflags |= LOGIN_SETMAC; 3145 # endif 3146 if (pwd != NULL && 3147 setusercontext(NULL, pwd, pwd->pw_uid, 3148 sucflags) == -1 && 3149 suidwarn) 3150 { 3151 syserr("openmailer: setusercontext() failed"); 3152 exit(EX_TEMPFAIL); 3153 } 3154 } 3155 #endif /* HASSETUSERCONTEXT */ 3156 3157 #if HASNICE 3158 /* tweak niceness */ 3159 if (m->m_nice != 0) 3160 (void) nice(m->m_nice); 3161 #endif 3162 3163 /* reset group id */ 3164 if (bitnset(M_SPECIFIC_UID, m->m_flags)) 3165 { 3166 if (m->m_gid == NO_GID) 3167 new_gid = RunAsGid; 3168 else 3169 new_gid = m->m_gid; 3170 } 3171 else if (bitset(S_ISGID, stb.st_mode)) 3172 new_gid = stb.st_gid; 3173 else if (ctladdr != NULL && ctladdr->q_gid != 0) 3174 { 3175 if (!DontInitGroups) 3176 { 3177 user = ctladdr->q_ruser; 3178 if (user == NULL) 3179 user = ctladdr->q_user; 3180 3181 if (initgroups(user, 3182 ctladdr->q_gid) == -1 3183 && suidwarn) 3184 { 3185 syserr("openmailer: initgroups(%s, %ld) failed", 3186 user, (long) ctladdr->q_gid); 3187 exit(EX_TEMPFAIL); 3188 } 3189 } 3190 else 3191 { 3192 GIDSET_T gidset[1]; 3193 3194 gidset[0] = ctladdr->q_gid; 3195 if (setgroups(1, gidset) == -1 3196 && suidwarn) 3197 { 3198 syserr("openmailer: setgroups() failed"); 3199 exit(EX_TEMPFAIL); 3200 } 3201 } 3202 new_gid = ctladdr->q_gid; 3203 } 3204 else 3205 { 3206 if (!DontInitGroups) 3207 { 3208 user = DefUser; 3209 if (initgroups(DefUser, DefGid) == -1 && 3210 suidwarn) 3211 { 3212 syserr("openmailer: initgroups(%s, %ld) failed", 3213 DefUser, (long) DefGid); 3214 exit(EX_TEMPFAIL); 3215 } 3216 } 3217 else 3218 { 3219 GIDSET_T gidset[1]; 3220 3221 gidset[0] = DefGid; 3222 if (setgroups(1, gidset) == -1 3223 && suidwarn) 3224 { 3225 syserr("openmailer: setgroups() failed"); 3226 exit(EX_TEMPFAIL); 3227 } 3228 } 3229 if (m->m_gid == NO_GID) 3230 new_gid = DefGid; 3231 else 3232 new_gid = m->m_gid; 3233 } 3234 if (new_gid != NO_GID) 3235 { 3236 if (RunAsUid != 0 && 3237 bitnset(M_SPECIFIC_UID, m->m_flags) && 3238 new_gid != getgid() && 3239 new_gid != getegid()) 3240 { 3241 /* Only root can change the gid */ 3242 syserr("openmailer: insufficient privileges to change gid, RunAsUid=%ld, new_gid=%ld, gid=%ld, egid=%ld", 3243 (long) RunAsUid, (long) new_gid, 3244 (long) getgid(), (long) getegid()); 3245 exit(EX_TEMPFAIL); 3246 } 3247 3248 if (setgid(new_gid) < 0 && suidwarn) 3249 { 3250 syserr("openmailer: setgid(%ld) failed", 3251 (long) new_gid); 3252 exit(EX_TEMPFAIL); 3253 } 3254 } 3255 3256 /* change root to some "safe" directory */ 3257 if (m->m_rootdir != NULL) 3258 { 3259 expand(m->m_rootdir, cbuf, sizeof(cbuf), e); 3260 if (tTd(11, 20)) 3261 sm_dprintf("openmailer: chroot %s\n", 3262 cbuf); 3263 if (chroot(cbuf) < 0) 3264 { 3265 syserr("openmailer: Cannot chroot(%s)", 3266 cbuf); 3267 exit(EX_TEMPFAIL); 3268 } 3269 if (chdir("/") < 0) 3270 { 3271 syserr("openmailer: cannot chdir(/)"); 3272 exit(EX_TEMPFAIL); 3273 } 3274 } 3275 3276 /* reset user id */ 3277 endpwent(); 3278 sm_mbdb_terminate(); 3279 if (bitnset(M_SPECIFIC_UID, m->m_flags)) 3280 { 3281 if (m->m_uid == NO_UID) 3282 new_euid = RunAsUid; 3283 else 3284 new_euid = m->m_uid; 3285 3286 /* 3287 ** Undo the effects of the uid change in main 3288 ** for signal handling. The real uid may 3289 ** be used by mailer in adding a "From " 3290 ** line. 3291 */ 3292 3293 if (RealUid != 0 && RealUid != getuid()) 3294 { 3295 #if MAILER_SETUID_METHOD == USE_SETEUID 3296 # if HASSETREUID 3297 if (setreuid(RealUid, geteuid()) < 0) 3298 { 3299 syserr("openmailer: setreuid(%d, %d) failed", 3300 (int) RealUid, (int) geteuid()); 3301 exit(EX_OSERR); 3302 } 3303 # endif /* HASSETREUID */ 3304 #endif /* MAILER_SETUID_METHOD == USE_SETEUID */ 3305 #if MAILER_SETUID_METHOD == USE_SETREUID 3306 new_ruid = RealUid; 3307 #endif 3308 } 3309 } 3310 else if (bitset(S_ISUID, stb.st_mode)) 3311 new_ruid = stb.st_uid; 3312 else if (ctladdr != NULL && ctladdr->q_uid != 0) 3313 new_ruid = ctladdr->q_uid; 3314 else if (m->m_uid != NO_UID) 3315 new_ruid = m->m_uid; 3316 else 3317 new_ruid = DefUid; 3318 3319 #if _FFR_USE_SETLOGIN 3320 /* run disconnected from terminal and set login name */ 3321 if (setsid() >= 0 && 3322 ctladdr != NULL && ctladdr->q_uid != 0 && 3323 new_euid == ctladdr->q_uid) 3324 { 3325 struct passwd *pwd; 3326 3327 pwd = sm_getpwuid(ctladdr->q_uid); 3328 if (pwd != NULL && suidwarn) 3329 (void) setlogin(pwd->pw_name); 3330 endpwent(); 3331 } 3332 #endif /* _FFR_USE_SETLOGIN */ 3333 3334 if (new_euid != NO_UID) 3335 { 3336 if (RunAsUid != 0 && new_euid != RunAsUid) 3337 { 3338 /* Only root can change the uid */ 3339 syserr("openmailer: insufficient privileges to change uid, new_euid=%ld, RunAsUid=%ld", 3340 (long) new_euid, (long) RunAsUid); 3341 exit(EX_TEMPFAIL); 3342 } 3343 3344 vendor_set_uid(new_euid); 3345 #if MAILER_SETUID_METHOD == USE_SETEUID 3346 if (seteuid(new_euid) < 0 && suidwarn) 3347 { 3348 syserr("openmailer: seteuid(%ld) failed", 3349 (long) new_euid); 3350 exit(EX_TEMPFAIL); 3351 } 3352 #endif /* MAILER_SETUID_METHOD == USE_SETEUID */ 3353 #if MAILER_SETUID_METHOD == USE_SETREUID 3354 if (setreuid(new_ruid, new_euid) < 0 && suidwarn) 3355 { 3356 syserr("openmailer: setreuid(%ld, %ld) failed", 3357 (long) new_ruid, (long) new_euid); 3358 exit(EX_TEMPFAIL); 3359 } 3360 #endif /* MAILER_SETUID_METHOD == USE_SETREUID */ 3361 #if MAILER_SETUID_METHOD == USE_SETUID 3362 if (new_euid != geteuid() && setuid(new_euid) < 0 && suidwarn) 3363 { 3364 syserr("openmailer: setuid(%ld) failed", 3365 (long) new_euid); 3366 exit(EX_TEMPFAIL); 3367 } 3368 #endif /* MAILER_SETUID_METHOD == USE_SETUID */ 3369 } 3370 else if (new_ruid != NO_UID) 3371 { 3372 vendor_set_uid(new_ruid); 3373 if (setuid(new_ruid) < 0 && suidwarn) 3374 { 3375 syserr("openmailer: setuid(%ld) failed", 3376 (long) new_ruid); 3377 exit(EX_TEMPFAIL); 3378 } 3379 } 3380 3381 if (tTd(11, 2)) 3382 sm_dprintf("openmailer: running as r/euid=%ld/%ld, r/egid=%ld/%ld\n", 3383 (long) getuid(), (long) geteuid(), 3384 (long) getgid(), (long) getegid()); 3385 3386 /* move into some "safe" directory */ 3387 if (m->m_execdir != NULL) 3388 { 3389 char *q; 3390 3391 for (p = m->m_execdir; p != NULL; p = q) 3392 { 3393 q = strchr(p, ':'); 3394 if (q != NULL) 3395 *q = '\0'; 3396 expand(p, cbuf, sizeof(cbuf), e); 3397 if (q != NULL) 3398 *q++ = ':'; 3399 if (tTd(11, 20)) 3400 sm_dprintf("openmailer: trydir %s\n", 3401 cbuf); 3402 if (cbuf[0] != '\0' && 3403 chdir(cbuf) >= 0) 3404 break; 3405 } 3406 } 3407 3408 /* Check safety of program to be run */ 3409 sff = SFF_ROOTOK|SFF_EXECOK; 3410 if (!bitnset(DBS_RUNWRITABLEPROGRAM, 3411 DontBlameSendmail)) 3412 sff |= SFF_NOGWFILES|SFF_NOWWFILES; 3413 if (bitnset(DBS_RUNPROGRAMINUNSAFEDIRPATH, 3414 DontBlameSendmail)) 3415 sff |= SFF_NOPATHCHECK; 3416 else 3417 sff |= SFF_SAFEDIRPATH; 3418 ret = safefile(m->m_mailer, getuid(), getgid(), 3419 user, sff, 0, NULL); 3420 if (ret != 0) 3421 sm_syslog(LOG_INFO, e->e_id, 3422 "Warning: program %s unsafe: %s", 3423 m->m_mailer, sm_errstring(ret)); 3424 3425 /* arrange to filter std & diag output of command */ 3426 (void) close(rpvect[0]); 3427 if (dup2(rpvect[1], STDOUT_FILENO) < 0) 3428 { 3429 syserr("%s... openmailer(%s): cannot dup pipe %d for stdout", 3430 shortenstring(e->e_to, MAXSHORTSTR), 3431 m->m_name, rpvect[1]); 3432 _exit(EX_OSERR); 3433 } 3434 (void) close(rpvect[1]); 3435 3436 if (dup2(STDOUT_FILENO, STDERR_FILENO) < 0) 3437 { 3438 syserr("%s... openmailer(%s): cannot dup stdout for stderr", 3439 shortenstring(e->e_to, MAXSHORTSTR), 3440 m->m_name); 3441 _exit(EX_OSERR); 3442 } 3443 3444 /* arrange to get standard input */ 3445 (void) close(mpvect[1]); 3446 if (dup2(mpvect[0], STDIN_FILENO) < 0) 3447 { 3448 syserr("%s... openmailer(%s): cannot dup pipe %d for stdin", 3449 shortenstring(e->e_to, MAXSHORTSTR), 3450 m->m_name, mpvect[0]); 3451 _exit(EX_OSERR); 3452 } 3453 (void) close(mpvect[0]); 3454 3455 /* arrange for all the files to be closed */ 3456 sm_close_on_exec(STDERR_FILENO + 1, DtableSize); 3457 3458 #if !_FFR_USE_SETLOGIN 3459 /* run disconnected from terminal */ 3460 (void) setsid(); 3461 #endif 3462 3463 /* try to execute the mailer */ 3464 (void) execve(m->m_mailer, (ARGV_T) pv, 3465 (ARGV_T) UserEnviron); 3466 save_errno = errno; 3467 syserr("Cannot exec %s", m->m_mailer); 3468 if (bitnset(M_LOCALMAILER, m->m_flags) || 3469 transienterror(save_errno)) 3470 _exit(EX_OSERR); 3471 _exit(EX_UNAVAILABLE); 3472 } 3473 3474 /* 3475 ** Set up return value. 3476 */ 3477 3478 if (mci == NULL) 3479 { 3480 if (clever) 3481 { 3482 /* 3483 ** Allocate from general heap, not 3484 ** envelope rpool, because this mci 3485 ** is going to be cached. 3486 */ 3487 3488 mci = mci_new(NULL); 3489 } 3490 else 3491 { 3492 /* 3493 ** Prevent a storage leak by allocating 3494 ** this from the envelope rpool. 3495 */ 3496 3497 mci = mci_new(e->e_rpool); 3498 } 3499 } 3500 mci->mci_mailer = m; 3501 if (clever) 3502 { 3503 mci->mci_state = MCIS_OPENING; 3504 mci_cache(mci); 3505 } 3506 else 3507 { 3508 mci->mci_state = MCIS_OPEN; 3509 } 3510 mci->mci_pid = pid; 3511 (void) close(mpvect[0]); 3512 mci->mci_out = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT, 3513 (void *) &(mpvect[1]), SM_IO_WRONLY_B, 3514 NULL); 3515 if (mci->mci_out == NULL) 3516 { 3517 syserr("deliver: cannot create mailer output channel, fd=%d", 3518 mpvect[1]); 3519 (void) close(mpvect[1]); 3520 (void) close(rpvect[0]); 3521 (void) close(rpvect[1]); 3522 rcode = EX_OSERR; 3523 goto give_up; 3524 } 3525 3526 (void) close(rpvect[1]); 3527 mci->mci_in = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT, 3528 (void *) &(rpvect[0]), SM_IO_RDONLY_B, 3529 NULL); 3530 if (mci->mci_in == NULL) 3531 { 3532 syserr("deliver: cannot create mailer input channel, fd=%d", 3533 mpvect[1]); 3534 (void) close(rpvect[0]); 3535 SM_CLOSE_FP(mci->mci_out); 3536 rcode = EX_OSERR; 3537 goto give_up; 3538 } 3539 } 3540 3541 /* 3542 ** If we are in SMTP opening state, send initial protocol. 3543 */ 3544 3545 if (bitnset(M_7BITS, m->m_flags) && 3546 (!clever || mci->mci_state == MCIS_OPENING)) 3547 mci->mci_flags |= MCIF_7BIT; 3548 if (clever && mci->mci_state != MCIS_CLOSED) 3549 { 3550 #if STARTTLS || SASL 3551 char *srvname; 3552 int dotpos; 3553 # if SASL 3554 # define DONE_AUTH(f) bitset(MCIF_AUTHACT, f) 3555 # endif 3556 # if STARTTLS 3557 # define DONE_STARTTLS(f) bitset(MCIF_TLSACT, f) 3558 # endif 3559 3560 srvname = setservermacros(mci, &dotpos); 3561 # if DANE 3562 SM_FREE(dane_vrfy_ctx.dane_vrfy_host); 3563 SM_FREE(dane_vrfy_ctx.dane_vrfy_sni); 3564 dane_vrfy_ctx.dane_vrfy_fp[0] = '\0'; 3565 if (STE_HAS_TLSA(ste) && ste->s_tlsa->dane_tlsa_sni != NULL) 3566 dane_vrfy_ctx.dane_vrfy_sni = sm_strdup(ste->s_tlsa->dane_tlsa_sni); 3567 dane_vrfy_ctx.dane_vrfy_host = sm_strdup(srvname); 3568 # endif /* DANE */ 3569 /* undo change of srvname (== mci->mci_host) */ 3570 FIX_TRAIL_DOT(srvname); 3571 3572 reconnect: /* after switching to an encrypted connection */ 3573 # if DANE 3574 if (DONE_STARTTLS(mci->mci_flags)) 3575 { 3576 /* use a "reset" function? */ 3577 /* when is it required to "reset" this data? */ 3578 SM_FREE(dane_vrfy_ctx.dane_vrfy_host); 3579 SM_FREE(dane_vrfy_ctx.dane_vrfy_sni); 3580 dane_vrfy_ctx.dane_vrfy_fp[0] = '\0'; 3581 dane_vrfy_ctx.dane_vrfy_res = DANE_VRFY_NONE; 3582 dane_vrfy_ctx.dane_vrfy_dane_enabled = false; 3583 if (TTD(90, 40)) 3584 sm_dprintf("deliver: reset: chk=%#x, dane_enabled=%d\n", 3585 dane_vrfy_ctx.dane_vrfy_chk, 3586 dane_vrfy_ctx.dane_vrfy_dane_enabled); 3587 } 3588 # endif /* DANE */ 3589 3590 #endif /* STARTTLS || SASL */ 3591 3592 /* set the current connection information */ 3593 e->e_mci = mci; 3594 #if SASL 3595 mci->mci_saslcap = NULL; 3596 #endif 3597 #if _FFR_MTA_STS 3598 # define USEMTASTS (MTASTS && !SM_TLSI_IS(&(mci->mci_tlsi), TLSI_FL_NOSTS) && !iscltflgset(e, D_NOSTS)) 3599 # if DANE 3600 # define CHKMTASTS (USEMTASTS && (ste == NULL || ste->s_tlsa == NULL || SM_TLSI_IS(&(mci->mci_tlsi), TLSI_FL_NODANE))) 3601 # else 3602 # define CHKMTASTS USEMTASTS 3603 # endif 3604 #endif /* _FFR_MTA_STS */ 3605 #if _FFR_MTA_STS 3606 if (!DONE_STARTTLS(mci->mci_flags)) 3607 { 3608 /* 3609 ** HACK: use the domain of the first valid RCPT for STS. 3610 ** It seems whoever wrote the specs did not consider 3611 ** SMTP sessions versus transactions. 3612 ** (but what would you expect from people who try 3613 ** to use https for "security" after relying on DNS?) 3614 */ 3615 3616 macdefine(&e->e_macro, A_PERM, macid("{rcpt_addr}"), ""); 3617 # if DANE 3618 if (MTASTS && STE_HAS_TLSA(ste)) 3619 macdefine(&e->e_macro, A_PERM, macid("{sts_sni}"), "DANE"); 3620 else 3621 # endif 3622 macdefine(&e->e_macro, A_PERM, macid("{sts_sni}"), ""); 3623 if (USEMTASTS && firstto->q_user != NULL) 3624 { 3625 if (tTd(10, 64)) 3626 { 3627 sm_dprintf("firstto "); 3628 printaddr(sm_debug_file(), firstto, false); 3629 } 3630 macdefine(&e->e_macro, A_TEMP, 3631 macid("{rcpt_addr}"), firstto->q_user); 3632 } 3633 else if (USEMTASTS) 3634 { 3635 if (tTd(10, 64)) 3636 { 3637 sm_dprintf("tochain "); 3638 printaddr(sm_debug_file(), tochain, false); 3639 } 3640 for (to = tochain; to != NULL; to = to->q_tchain) 3641 { 3642 if (!QS_IS_UNMARKED(to->q_state)) 3643 continue; 3644 if (to->q_user == NULL) 3645 continue; 3646 macdefine(&e->e_macro, A_TEMP, 3647 macid("{rcpt_addr}"), to->q_user); 3648 break; 3649 } 3650 } 3651 } 3652 #endif /* _FFR_MTA_STS */ 3653 #if USE_EAI 3654 if (!addr_is_ascii(e->e_from.q_paddr) && !e->e_smtputf8) 3655 e->e_smtputf8 = true; 3656 for (to = tochain; to != NULL && !e->e_smtputf8; to = to->q_tchain) 3657 { 3658 if (!QS_IS_UNMARKED(to->q_state)) 3659 continue; 3660 if (!addr_is_ascii(to->q_user)) 3661 e->e_smtputf8 = true; 3662 } 3663 /* XXX reset e_smtputf8 to original state at the end? */ 3664 #endif /* USE_EAI */ 3665 3666 #define ONLY_HELO(f) bitset(MCIF_ONLY_EHLO, f) 3667 #define SET_HELO(f) f |= MCIF_ONLY_EHLO 3668 #define CLR_HELO(f) f &= ~MCIF_ONLY_EHLO 3669 3670 #if _FFR_SMTPS_CLIENT && STARTTLS 3671 /* 3672 ** For M_SMTPS_CLIENT, we do the STARTTLS code first, 3673 ** then jump back and start the SMTP conversation. 3674 */ 3675 3676 implicittls = bitnset(M_SMTPS_CLIENT, mci->mci_mailer->m_flags); 3677 if (implicittls) 3678 goto dotls; 3679 backtosmtp: 3680 #endif /* _FFR_SMTPS_CLIENT && STARTTLS */ 3681 3682 smtpinit(m, mci, e, ONLY_HELO(mci->mci_flags)); 3683 CLR_HELO(mci->mci_flags); 3684 3685 if (IS_DLVR_RETURN(e)) 3686 { 3687 /* 3688 ** Check whether other side can deliver e-mail 3689 ** fast enough 3690 */ 3691 3692 if (!bitset(MCIF_DLVR_BY, mci->mci_flags)) 3693 { 3694 e->e_status = "5.4.7"; 3695 usrerrenh(e->e_status, 3696 "554 Server does not support Deliver By"); 3697 rcode = EX_UNAVAILABLE; 3698 goto give_up; 3699 } 3700 if (e->e_deliver_by > 0 && 3701 e->e_deliver_by - (curtime() - e->e_ctime) < 3702 mci->mci_min_by) 3703 { 3704 e->e_status = "5.4.7"; 3705 usrerrenh(e->e_status, 3706 "554 Message can't be delivered in time; %ld < %ld", 3707 e->e_deliver_by - (long) (curtime() - 3708 e->e_ctime), 3709 mci->mci_min_by); 3710 rcode = EX_UNAVAILABLE; 3711 goto give_up; 3712 } 3713 } 3714 3715 #if STARTTLS 3716 # if _FFR_SMTPS_CLIENT 3717 dotls: 3718 # endif 3719 /* first TLS then AUTH to provide a security layer */ 3720 if (mci->mci_state != MCIS_CLOSED && 3721 !DONE_STARTTLS(mci->mci_flags)) 3722 { 3723 int olderrors; 3724 bool usetls; 3725 bool saveQuickAbort = QuickAbort; 3726 bool saveSuprErrs = SuprErrs; 3727 char *srvname = NULL; 3728 3729 rcode = EX_OK; 3730 usetls = bitset(MCIF_TLS, mci->mci_flags) || implicittls; 3731 if (usetls) 3732 usetls = !iscltflgset(e, D_NOTLS); 3733 if (usetls) 3734 usetls = tlsstate == 0; 3735 3736 srvname = macvalue(macid("{server_name}"), e); 3737 if (usetls) 3738 { 3739 olderrors = Errors; 3740 QuickAbort = false; 3741 SuprErrs = true; 3742 if (rscheck("try_tls", srvname, NULL, e, 3743 RSF_RMCOMM|RSF_STATUS, 7, srvname, 3744 NOQID, NULL, NULL) != EX_OK 3745 || Errors > olderrors) 3746 { 3747 usetls = false; 3748 } 3749 SuprErrs = saveSuprErrs; 3750 QuickAbort = saveQuickAbort; 3751 } 3752 3753 if (usetls) 3754 { 3755 if ((rcode = starttls(m, mci, e, implicittls 3756 # if DANE 3757 , &dane_vrfy_ctx 3758 # endif 3759 )) == EX_OK) 3760 { 3761 /* start again without STARTTLS */ 3762 mci->mci_flags |= MCIF_TLSACT; 3763 # if DANE && _FFR_MTA_STS 3764 /* if DANE is used (and STS should be used): disable STS */ 3765 /* also check MTASTS and NOSTS flag? */ 3766 if (STE_HAS_TLSA(ste) && 3767 !SM_TLSI_IS(&(mci->mci_tlsi), TLSI_FL_NODANE)) 3768 macdefine(&e->e_macro, A_PERM, macid("{rcpt_addr}"), ""); 3769 # endif 3770 } 3771 else 3772 { 3773 char *s; 3774 3775 /* 3776 ** TLS negotiation failed, what to do? 3777 ** fall back to unencrypted connection 3778 ** or abort? How to decide? 3779 ** set a macro and call a ruleset. 3780 */ 3781 3782 mci->mci_flags &= ~MCIF_TLS; 3783 switch (rcode) 3784 { 3785 case EX_TEMPFAIL: 3786 s = "TEMP"; 3787 break; 3788 #if 0 3789 /* see starttls() */ 3790 case EX_USAGE: 3791 s = "USAGE"; 3792 break; 3793 #endif 3794 case EX_PROTOCOL: 3795 s = "PROTOCOL"; 3796 break; 3797 case EX_SOFTWARE: 3798 s = "SOFTWARE"; 3799 break; 3800 case EX_UNAVAILABLE: 3801 s = "NONE"; 3802 break; 3803 3804 /* 3805 ** Possible return from ruleset 3806 ** tls_clt_features via 3807 ** get_tls_se_features(). 3808 */ 3809 3810 case EX_CONFIG: 3811 s = "CONFIG"; 3812 break; 3813 3814 /* everything else is a failure */ 3815 default: 3816 s = "FAILURE"; 3817 rcode = EX_TEMPFAIL; 3818 } 3819 # if DANE 3820 /* 3821 ** TLSA found but STARTTLS "failed"? 3822 ** What is the best way to "fail"? 3823 ** XXX: check expiration! 3824 */ 3825 3826 if (!iscltflgset(e, D_NODANE) && 3827 STE_HAS_TLSA(ste) && 3828 TLSA_HAS_RRs(ste->s_tlsa)) 3829 { 3830 if (LogLevel > 8) 3831 sm_syslog(LOG_NOTICE, NOQID, 3832 "STARTTLS=client, relay=%.100s, warning=DANE configured in DNS but STARTTLS failed", 3833 srvname); 3834 /* XXX include TLSA RR from DNS? */ 3835 3836 /* 3837 ** Only override codes which 3838 ** do not cause a failure 3839 ** in the default rules. 3840 */ 3841 3842 if (EX_PROTOCOL != rcode && 3843 EX_SOFTWARE != rcode && 3844 EX_CONFIG != rcode) 3845 { 3846 /* s = "DANE_TEMP"; */ 3847 dane_vrfy_ctx.dane_vrfy_chk |= TLSAFLNOTLS; 3848 } 3849 } 3850 # endif /* DANE */ 3851 macdefine(&e->e_macro, A_PERM, 3852 macid("{verify}"), s); 3853 } 3854 } 3855 else 3856 { 3857 p = tlsstate == 0 ? "NONE": "CLEAR"; 3858 # if DANE 3859 /* 3860 ** TLSA found but STARTTLS not offered? 3861 ** What is the best way to "fail"? 3862 ** XXX: check expiration! 3863 */ 3864 3865 if (!bitset(MCIF_TLS, mci->mci_flags) && 3866 !iscltflgset(e, D_NODANE) && 3867 STE_HAS_TLSA(ste) && 3868 TLSA_HAS_RRs(ste->s_tlsa)) 3869 { 3870 if (LogLevel > 8) 3871 sm_syslog(LOG_NOTICE, NOQID, 3872 "STARTTLS=client, relay=%.100s, warning=DANE configured in DNS but STARTTLS not offered", 3873 srvname); 3874 /* XXX include TLSA RR from DNS? */ 3875 } 3876 # endif /* DANE */ 3877 macdefine(&e->e_macro, A_PERM, 3878 macid("{verify}"), p); 3879 } 3880 olderrors = Errors; 3881 QuickAbort = false; 3882 SuprErrs = true; 3883 3884 /* 3885 ** rcode == EX_SOFTWARE is special: 3886 ** the TLS negotiation failed 3887 ** we have to drop the connection no matter what. 3888 ** However, we call tls_server to give it the chance 3889 ** to log the problem and return an appropriate 3890 ** error code. 3891 */ 3892 3893 if (rscheck("tls_server", 3894 macvalue(macid("{verify}"), e), 3895 NULL, e, RSF_RMCOMM|RSF_COUNT, 5, 3896 srvname, NOQID, NULL, NULL) != EX_OK || 3897 Errors > olderrors || 3898 rcode == EX_SOFTWARE) 3899 { 3900 char enhsc[ENHSCLEN]; 3901 extern char MsgBuf[]; 3902 3903 if (ISSMTPCODE(MsgBuf) && 3904 extenhsc(MsgBuf + 4, ' ', enhsc) > 0) 3905 { 3906 p = sm_rpool_strdup_x(e->e_rpool, 3907 MsgBuf); 3908 } 3909 else 3910 { 3911 p = "403 4.7.0 server not authenticated."; 3912 (void) sm_strlcpy(enhsc, "4.7.0", 3913 sizeof(enhsc)); 3914 } 3915 SuprErrs = saveSuprErrs; 3916 QuickAbort = saveQuickAbort; 3917 3918 if (rcode == EX_SOFTWARE) 3919 { 3920 /* drop the connection */ 3921 mci->mci_state = MCIS_ERROR; 3922 SM_CLOSE_FP(mci->mci_out); 3923 mci->mci_flags &= ~MCIF_TLSACT; 3924 (void) endmailer(mci, e, pv); 3925 3926 if ((TLSFallbacktoClear || 3927 SM_TLSI_IS(&(mci->mci_tlsi), 3928 TLSI_FL_FB2CLR)) && 3929 !SM_TLSI_IS(&(mci->mci_tlsi), 3930 TLSI_FL_NOFB2CLR) 3931 # if DANE 3932 && dane_vrfy_ctx.dane_vrfy_chk != 3933 DANE_SECURE 3934 # endif 3935 # if _FFR_MTA_STS 3936 && !SM_TLSI_IS(&(mci->mci_tlsi), 3937 TLSI_FL_STS_NOFB2CLR) 3938 # endif 3939 ) 3940 { 3941 ++tlsstate; 3942 } 3943 } 3944 else 3945 { 3946 /* abort transfer */ 3947 smtpquit(m, mci, e); 3948 } 3949 3950 /* avoid bogus error msg */ 3951 mci->mci_errno = 0; 3952 3953 /* temp or permanent failure? */ 3954 rcode = (*p == '4') ? EX_TEMPFAIL 3955 : EX_UNAVAILABLE; 3956 mci_setstat(mci, rcode, enhsc, p); 3957 3958 /* 3959 ** hack to get the error message into 3960 ** the envelope (done in giveresponse()) 3961 */ 3962 3963 (void) sm_strlcpy(SmtpError, p, 3964 sizeof(SmtpError)); 3965 } 3966 else if (mci->mci_state == MCIS_CLOSED) 3967 { 3968 /* connection close caused by 421 */ 3969 mci->mci_errno = 0; 3970 rcode = EX_TEMPFAIL; 3971 mci_setstat(mci, rcode, NULL, "421"); 3972 } 3973 else 3974 rcode = 0; 3975 3976 QuickAbort = saveQuickAbort; 3977 SuprErrs = saveSuprErrs; 3978 if (DONE_STARTTLS(mci->mci_flags) && 3979 mci->mci_state != MCIS_CLOSED 3980 # if _FFR_SMTPS_CLIENT 3981 && !implicittls && !smtptls 3982 # endif 3983 ) 3984 { 3985 SET_HELO(mci->mci_flags); 3986 mci_clr_extensions(mci); 3987 goto reconnect; 3988 } 3989 if (tlsstate == 1) 3990 { 3991 if (tTd(11, 1)) 3992 { 3993 sm_syslog(LOG_DEBUG, NOQID, 3994 "STARTTLS=client, relay=%.100s, tlsstate=%d, status=trying_again", 3995 mci->mci_host, tlsstate); 3996 mci_dump(NULL, mci, true); 3997 } 3998 ++tlsstate; 3999 4000 /* 4001 ** Fake the status so a new connection is 4002 ** tried, otherwise the TLS error will 4003 ** "persist" during this delivery attempt. 4004 */ 4005 4006 mci->mci_errno = 0; 4007 rcode = EX_OK; 4008 mci_setstat(mci, rcode, NULL, NULL); 4009 goto one_last_try; 4010 } 4011 } 4012 4013 # if _FFR_SMTPS_CLIENT 4014 /* 4015 ** For M_SMTPS_CLIENT, we do the STARTTLS code first, 4016 ** then jump back and start the SMTP conversation. 4017 */ 4018 4019 if (implicittls && !smtptls) 4020 { 4021 smtptls = true; 4022 if (!DONE_STARTTLS(mci->mci_flags)) 4023 { 4024 if (rcode == EX_TEMPFAIL) 4025 { 4026 e->e_status = "4.3.3"; 4027 usrerrenh(e->e_status, "454 TLS session initiation failed"); 4028 } 4029 else 4030 { 4031 e->e_status = "5.3.3"; 4032 usrerrenh(e->e_status, "554 TLS session initiation failed"); 4033 } 4034 goto give_up; 4035 } 4036 goto backtosmtp; 4037 } 4038 # endif /* _FFR_SMTPS_CLIENT */ 4039 #endif /* STARTTLS */ 4040 #if SASL 4041 /* if other server supports authentication let's authenticate */ 4042 if (mci->mci_state != MCIS_CLOSED && 4043 mci->mci_saslcap != NULL && 4044 !DONE_AUTH(mci->mci_flags) && !iscltflgset(e, D_NOAUTH)) 4045 { 4046 /* Should we require some minimum authentication? */ 4047 if ((ret = smtpauth(m, mci, e)) == EX_OK) 4048 { 4049 int result; 4050 sasl_ssf_t *ssf = NULL; 4051 4052 /* Get security strength (features) */ 4053 result = sasl_getprop(mci->mci_conn, SASL_SSF, 4054 # if SASL >= 20000 4055 (const void **) &ssf); 4056 # else 4057 (void **) &ssf); 4058 # endif 4059 4060 /* XXX authid? */ 4061 if (LogLevel > 9) 4062 sm_syslog(LOG_INFO, NOQID, 4063 "AUTH=client, relay=%.100s, mech=%.16s, bits=%d", 4064 mci->mci_host, 4065 macvalue(macid("{auth_type}"), e), 4066 result == SASL_OK ? *ssf : 0); 4067 4068 /* 4069 ** Only switch to encrypted connection 4070 ** if a security layer has been negotiated 4071 */ 4072 4073 if (result == SASL_OK && *ssf > 0) 4074 { 4075 int tmo; 4076 4077 /* 4078 ** Convert I/O layer to use SASL. 4079 ** If the call fails, the connection 4080 ** is aborted. 4081 */ 4082 4083 tmo = DATA_PROGRESS_TIMEOUT * 1000; 4084 if (sfdcsasl(&mci->mci_in, 4085 &mci->mci_out, 4086 mci->mci_conn, tmo) == 0) 4087 { 4088 mci_clr_extensions(mci); 4089 mci->mci_flags |= MCIF_AUTHACT| 4090 MCIF_ONLY_EHLO; 4091 goto reconnect; 4092 } 4093 syserr("AUTH TLS switch failed in client"); 4094 } 4095 /* else? XXX */ 4096 mci->mci_flags |= MCIF_AUTHACT; 4097 4098 } 4099 else if (ret == EX_TEMPFAIL) 4100 { 4101 if (LogLevel > 8) 4102 sm_syslog(LOG_ERR, NOQID, 4103 "AUTH=client, relay=%.100s, temporary failure, connection abort", 4104 mci->mci_host); 4105 smtpquit(m, mci, e); 4106 4107 /* avoid bogus error msg */ 4108 mci->mci_errno = 0; 4109 rcode = EX_TEMPFAIL; 4110 mci_setstat(mci, rcode, "4.3.0", p); 4111 4112 /* 4113 ** hack to get the error message into 4114 ** the envelope (done in giveresponse()) 4115 */ 4116 4117 (void) sm_strlcpy(SmtpError, 4118 "Temporary AUTH failure", 4119 sizeof(SmtpError)); 4120 } 4121 } 4122 #endif /* SASL */ 4123 } 4124 4125 do_transfer: 4126 /* clear out per-message flags from connection structure */ 4127 mci->mci_flags &= ~(MCIF_CVT7TO8|MCIF_CVT8TO7); 4128 4129 if (bitset(EF_HAS8BIT, e->e_flags) && 4130 !bitset(EF_DONT_MIME, e->e_flags) && 4131 bitnset(M_7BITS, m->m_flags)) 4132 mci->mci_flags |= MCIF_CVT8TO7; 4133 4134 #if MIME7TO8 4135 if (bitnset(M_MAKE8BIT, m->m_flags) && 4136 !bitset(MCIF_7BIT, mci->mci_flags) && 4137 (p = hvalue("Content-Transfer-Encoding", e->e_header)) != NULL && 4138 (SM_STRCASEEQ(p, "quoted-printable") || 4139 SM_STRCASEEQ(p, "base64")) && 4140 (p = hvalue("Content-Type", e->e_header)) != NULL) 4141 { 4142 /* may want to convert 7 -> 8 */ 4143 /* XXX should really parse it here -- and use a class XXX */ 4144 if (sm_strncasecmp(p, "text/plain", 10) == 0 && 4145 (p[10] == '\0' || p[10] == ' ' || p[10] == ';')) 4146 mci->mci_flags |= MCIF_CVT7TO8; 4147 } 4148 #endif /* MIME7TO8 */ 4149 4150 if (tTd(11, 1)) 4151 { 4152 sm_dprintf("openmailer: "); 4153 mci_dump(sm_debug_file(), mci, false); 4154 } 4155 4156 #if _FFR_CLIENT_SIZE 4157 /* 4158 ** See if we know the maximum size and 4159 ** abort if the message is too big. 4160 ** 4161 ** NOTE: _FFR_CLIENT_SIZE is untested. 4162 */ 4163 4164 if (bitset(MCIF_SIZE, mci->mci_flags) && 4165 mci->mci_maxsize > 0 && 4166 e->e_msgsize > mci->mci_maxsize) 4167 { 4168 e->e_flags |= EF_NO_BODY_RETN; 4169 if (bitnset(M_LOCALMAILER, m->m_flags)) 4170 e->e_status = "5.2.3"; 4171 else 4172 e->e_status = "5.3.4"; 4173 4174 usrerrenh(e->e_status, 4175 "552 Message is too large; %ld bytes max", 4176 mci->mci_maxsize); 4177 rcode = EX_DATAERR; 4178 4179 /* Need an e_message for error */ 4180 (void) sm_snprintf(SmtpError, sizeof(SmtpError), 4181 "Message is too large; %ld bytes max", 4182 mci->mci_maxsize); 4183 goto give_up; 4184 } 4185 #endif /* _FFR_CLIENT_SIZE */ 4186 4187 if (mci->mci_state != MCIS_OPEN) 4188 { 4189 /* couldn't open the mailer */ 4190 rcode = mci->mci_exitstat; 4191 errno = mci->mci_errno; 4192 SM_SET_H_ERRNO(mci->mci_herrno); 4193 if (rcode == EX_OK) 4194 { 4195 /* shouldn't happen */ 4196 syserr("554 5.3.5 deliver: mci=%lx rcode=%d errno=%d state=%d sig=%s", 4197 (unsigned long) mci, rcode, errno, 4198 mci->mci_state, firstsig); 4199 mci_dump_all(smioout, true); 4200 rcode = EX_SOFTWARE; 4201 } 4202 else if (nummxhosts > hostnum) 4203 { 4204 logfailover(e, m, mci, rcode, NULL); 4205 /* try next MX site */ 4206 goto tryhost; 4207 } 4208 } 4209 else if (!clever) 4210 { 4211 bool ok; 4212 4213 /* 4214 ** Format and send message. 4215 */ 4216 4217 rcode = EX_OK; 4218 errno = 0; 4219 ok = putfromline(mci, e); 4220 if (ok) 4221 ok = (*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER); 4222 if (ok) 4223 ok = (*e->e_putbody)(mci, e, NULL); 4224 if (ok && bitset(MCIF_INLONGLINE, mci->mci_flags)) 4225 ok = putline("", mci); 4226 4227 /* 4228 ** Ignore an I/O error that was caused by EPIPE. 4229 ** Some broken mailers don't read the entire body 4230 ** but just exit() thus causing an I/O error. 4231 */ 4232 4233 if (!ok && (sm_io_error(mci->mci_out) && errno == EPIPE)) 4234 ok = true; 4235 4236 /* (always) get the exit status */ 4237 rcode = endmailer(mci, e, pv); 4238 if (!ok) 4239 rcode = EX_TEMPFAIL; 4240 if (rcode == EX_TEMPFAIL && SmtpError[0] == '\0') 4241 { 4242 /* 4243 ** Need an e_message for mailq display. 4244 ** We set SmtpError as 4245 */ 4246 4247 (void) sm_snprintf(SmtpError, sizeof(SmtpError), 4248 "%s mailer (%s) exited with EX_TEMPFAIL", 4249 m->m_name, m->m_mailer); 4250 } 4251 } 4252 else 4253 { 4254 /* 4255 ** Send the MAIL FROM: protocol 4256 */ 4257 4258 /* XXX this isn't pipelined... */ 4259 rcode = smtpmailfrom(m, mci, e); 4260 mci->mci_okrcpts = 0; 4261 mci->mci_retryrcpt = rcode == EX_TEMPFAIL; 4262 if (rcode == EX_OK) 4263 { 4264 register int rc; 4265 #if PIPELINING 4266 ADDRESS *volatile pchain; 4267 #endif 4268 #if STARTTLS 4269 ADDRESS addr; 4270 #endif 4271 4272 /* send the recipient list */ 4273 rc = EX_OK; 4274 tobuf[0] = '\0'; 4275 mci->mci_retryrcpt = false; 4276 mci->mci_tolist = tobuf; 4277 #if PIPELINING 4278 pchain = NULL; 4279 mci->mci_nextaddr = NULL; 4280 #endif 4281 4282 for (to = tochain; to != NULL; to = to->q_tchain) 4283 { 4284 if (!QS_IS_UNMARKED(to->q_state)) 4285 continue; 4286 4287 /* mark recipient state as "ok so far" */ 4288 to->q_state = QS_OK; 4289 e->e_to = to->q_paddr; 4290 #if _FFR_MTA_STS 4291 if (CHKMTASTS && to->q_user != NULL) 4292 macdefine(&e->e_macro, A_TEMP, 4293 macid("{rcpt_addr}"), to->q_user); 4294 else 4295 macdefine(&e->e_macro, A_PERM, 4296 macid("{rcpt_addr}"), ""); 4297 #endif /* _FFR_MTA_STS */ 4298 #if STARTTLS 4299 # if DANE 4300 vrfy = macvalue(macid("{verify}"), e); 4301 if (NULL == vrfy) 4302 vrfy = "NONE"; 4303 vrfy = sm_strdup(vrfy); 4304 if (TTD(10, 32)) 4305 sm_dprintf("deliver: 0: vrfy=%s, to=%s, mx=%s, QMXSECURE=%d, secure=%d, ste=%p, dane=%#x\n", 4306 vrfy, to->q_user, CurHostName, RCPT_MXSECURE(to), 4307 RCPT_REQ_DANE(to), ste, Dane); 4308 if (NULL == ste && CHK_DANE_RCPT(Dane, to)) 4309 { 4310 (void) gettlsa(CurHostName, NULL, &ste, 4311 RCPT_MXSECURE(to) ? TLSAFLADMX : 0, 4312 0, m->m_port); 4313 } 4314 if (TTD(10, 32)) 4315 sm_dprintf("deliver: 2: vrfy=%s, to=%s, QMXSECURE=%d, secure=%d, ste=%p, dane=%#x, SUP=%#x, !TEMP=%d, ADIP=%d, chk_dane=%d, vrfy_chk=%#x, mcif=%#lx\n", 4316 vrfy, to->q_user, 4317 RCPT_MXSECURE(to), RCPT_REQ_DANE(to), ste, Dane, 4318 STE_HAS_TLSA(ste) ? TLSA_IS_FL(ste->s_tlsa, TLSAFLSUP) : -1, 4319 (0 == (dane_vrfy_ctx.dane_vrfy_chk & TLSAFLTEMPVRFY)), 4320 (0 != (dane_vrfy_ctx.dane_vrfy_chk & TLSAFLADIP)), 4321 CHK_DANE(dane_vrfy_ctx.dane_vrfy_chk), 4322 dane_vrfy_ctx.dane_vrfy_chk, 4323 mci->mci_flags 4324 ); 4325 4326 if (strcmp("DANE_FAIL", vrfy) == 0) 4327 { 4328 if (!RCPT_REQ_DANE(to)) 4329 macdefine(&mci->mci_macro, A_PERM, macid("{verify}"), "FAIL"); 4330 else 4331 SM_FREE(vrfy); 4332 } 4333 4334 /* 4335 ** Note: MCIF_TLS should be reset when 4336 ** when starttls was successful because 4337 ** the server should not offer it anymore. 4338 */ 4339 4340 else if (strcmp("TRUSTED", vrfy) != 0 && 4341 RCPT_REQ_DANE(to)) 4342 { 4343 macdefine(&mci->mci_macro, A_PERM, macid("{verify}"), 4344 (0 != (dane_vrfy_ctx.dane_vrfy_chk & TLSAFLNOTLS)) ? 4345 "DANE_TEMP" : 4346 (bitset(MCIF_TLS|MCIF_TLSACT, mci->mci_flags) ? 4347 "DANE_FAIL" : "DANE_NOTLS")); 4348 } 4349 /* DANE: unsupported types: require TLS but not available? */ 4350 else if (strcmp("TRUSTED", vrfy) != 0 && 4351 RCPT_REQ_TLS(to) 4352 && (!bitset(MCIF_TLS|MCIF_TLSACT, mci->mci_flags) 4353 || (0 != (dane_vrfy_ctx.dane_vrfy_chk & TLSAFLNOTLS)))) 4354 { 4355 macdefine(&mci->mci_macro, A_PERM, macid("{verify}"), 4356 (0 != (dane_vrfy_ctx.dane_vrfy_chk & TLSAFLNOTLS)) ? 4357 "DANE_TEMP" : "DANE_NOTLS"); 4358 } 4359 else 4360 SM_FREE(vrfy); 4361 if (TTD(10, 32)) 4362 sm_dprintf("deliver: 7: verify=%s, secure=%d\n", 4363 macvalue(macid("{verify}"), e), 4364 RCPT_REQ_DANE(to)); 4365 # endif /* DANE */ 4366 4367 rc = rscheck("tls_rcpt", to->q_user, NULL, e, 4368 RSF_RMCOMM|RSF_COUNT, 3, 4369 mci->mci_host, e->e_id, &addr, NULL); 4370 4371 # if DANE 4372 if (vrfy != NULL) 4373 { 4374 macdefine(&mci->mci_macro, A_PERM, macid("{verify}"), vrfy); 4375 SM_FREE(vrfy); 4376 } 4377 # endif 4378 4379 if (TTD(10, 32)) 4380 sm_dprintf("deliver: 9: verify=%s, to=%s, tls_rcpt=%d\n", 4381 macvalue(macid("{verify}"), e), 4382 to->q_user, rc); 4383 4384 if (rc != EX_OK) 4385 { 4386 char *dsn; 4387 4388 to->q_flags |= QINTREPLY; 4389 markfailure(e, to, mci, rc, false); 4390 if (addr.q_host != NULL && 4391 isenhsc(addr.q_host, ' ') > 0) 4392 dsn = addr.q_host; 4393 else 4394 dsn = NULL; 4395 giveresponse(rc, dsn, m, mci, 4396 ctladdr, xstart, e, to); 4397 if (rc == EX_TEMPFAIL) 4398 { 4399 mci->mci_retryrcpt = true; 4400 to->q_state = QS_RETRY; 4401 } 4402 continue; 4403 } 4404 #endif /* STARTTLS */ 4405 4406 rc = smtprcpt(to, m, mci, e, ctladdr, xstart); 4407 #if PIPELINING 4408 if (rc == EX_OK && 4409 bitset(MCIF_PIPELINED, mci->mci_flags)) 4410 { 4411 /* 4412 ** Add new element to list of 4413 ** recipients for pipelining. 4414 */ 4415 4416 to->q_pchain = NULL; 4417 if (mci->mci_nextaddr == NULL) 4418 mci->mci_nextaddr = to; 4419 if (pchain == NULL) 4420 pchain = to; 4421 else 4422 { 4423 pchain->q_pchain = to; 4424 pchain = pchain->q_pchain; 4425 } 4426 } 4427 #endif /* PIPELINING */ 4428 if (rc != EX_OK) 4429 { 4430 markfailure(e, to, mci, rc, false); 4431 giveresponse(rc, to->q_status, m, mci, 4432 ctladdr, xstart, e, to); 4433 if (rc == EX_TEMPFAIL) 4434 to->q_state = QS_RETRY; 4435 } 4436 } 4437 4438 /* No recipients in list and no missing responses? */ 4439 if (tobuf[0] == '\0' 4440 #if PIPELINING 4441 /* && bitset(MCIF_PIPELINED, mci->mci_flags) */ 4442 && mci->mci_nextaddr == NULL 4443 #endif 4444 ) 4445 { 4446 rcode = rc; 4447 e->e_to = NULL; 4448 if (bitset(MCIF_CACHED, mci->mci_flags)) 4449 smtprset(m, mci, e); 4450 } 4451 else 4452 { 4453 e->e_to = tobuf + 1; 4454 rcode = smtpdata(m, mci, e, ctladdr, xstart); 4455 } 4456 } 4457 4458 if (rcode == EX_TEMPFAIL && nummxhosts > hostnum 4459 && (mci->mci_retryrcpt || mci->mci_okrcpts > 0) 4460 ) 4461 { 4462 logfailover(e, m, mci, rcode, to); 4463 /* try next MX site */ 4464 goto tryhost; 4465 } 4466 } 4467 #if NAMED_BIND 4468 if (ConfigLevel < 2) 4469 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */ 4470 #endif 4471 4472 if (tTd(62, 1)) 4473 checkfds("after delivery"); 4474 4475 /* 4476 ** Do final status disposal. 4477 ** We check for something in tobuf for the SMTP case. 4478 ** If we got a temporary failure, arrange to queue the 4479 ** addressees. 4480 */ 4481 4482 give_up: 4483 if (bitnset(M_LMTP, m->m_flags)) 4484 { 4485 lmtp_rcode = rcode; 4486 tobuf[0] = '\0'; 4487 anyok = false; 4488 strsize = 0; 4489 } 4490 else 4491 anyok = rcode == EX_OK; 4492 4493 for (to = tochain; to != NULL; to = to->q_tchain) 4494 { 4495 /* see if address already marked */ 4496 if (!QS_IS_OK(to->q_state)) 4497 continue; 4498 4499 /* if running LMTP, get the status for each address */ 4500 if (bitnset(M_LMTP, m->m_flags)) 4501 { 4502 if (lmtp_rcode == EX_OK) 4503 rcode = smtpgetstat(m, mci, e); 4504 if (rcode == EX_OK) 4505 { 4506 strsize += sm_strlcat2(tobuf + strsize, ",", 4507 to->q_paddr, 4508 tobufsize - strsize); 4509 SM_ASSERT(strsize < tobufsize); 4510 anyok = true; 4511 } 4512 else 4513 { 4514 e->e_to = to->q_paddr; 4515 markfailure(e, to, mci, rcode, true); 4516 giveresponse(rcode, to->q_status, m, mci, 4517 ctladdr, xstart, e, to); 4518 e->e_to = tobuf + 1; 4519 continue; 4520 } 4521 } 4522 else 4523 { 4524 /* mark bad addresses */ 4525 if (rcode != EX_OK) 4526 { 4527 if (goodmxfound && rcode == EX_NOHOST) 4528 rcode = EX_TEMPFAIL; 4529 markfailure(e, to, mci, rcode, true); 4530 continue; 4531 } 4532 } 4533 4534 /* successful delivery */ 4535 to->q_state = QS_SENT; 4536 to->q_statdate = curtime(); 4537 e->e_nsent++; 4538 4539 /* 4540 ** Checkpoint the send list every few addresses 4541 */ 4542 4543 if (CheckpointInterval > 0 && e->e_nsent >= CheckpointInterval) 4544 { 4545 queueup(e, QUP_FL_NONE); 4546 e->e_nsent = 0; 4547 } 4548 4549 if (bitnset(M_LOCALMAILER, m->m_flags) && 4550 bitset(QPINGONSUCCESS, to->q_flags)) 4551 { 4552 to->q_flags |= QDELIVERED; 4553 to->q_status = "2.1.5"; 4554 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 4555 "%s... Successfully delivered\n", 4556 to->q_paddr); 4557 } 4558 else if (bitset(QPINGONSUCCESS, to->q_flags) && 4559 bitset(QPRIMARY, to->q_flags) && 4560 !bitset(MCIF_DSN, mci->mci_flags)) 4561 { 4562 to->q_flags |= QRELAYED; 4563 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 4564 "%s... relayed; expect no further notifications\n", 4565 to->q_paddr); 4566 } 4567 else if (IS_DLVR_NOTIFY(e) && 4568 !bitset(MCIF_DLVR_BY, mci->mci_flags) && 4569 bitset(QPRIMARY, to->q_flags) && 4570 (!bitset(QHASNOTIFY, to->q_flags) || 4571 bitset(QPINGONSUCCESS, to->q_flags) || 4572 bitset(QPINGONFAILURE, to->q_flags) || 4573 bitset(QPINGONDELAY, to->q_flags))) 4574 { 4575 /* RFC 2852, 4.1.4.2: no NOTIFY, or not NEVER */ 4576 to->q_flags |= QBYNRELAY; 4577 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 4578 "%s... Deliver-by notify: relayed\n", 4579 to->q_paddr); 4580 } 4581 else if (IS_DLVR_TRACE(e) && 4582 (!bitset(QHASNOTIFY, to->q_flags) || 4583 bitset(QPINGONSUCCESS, to->q_flags) || 4584 bitset(QPINGONFAILURE, to->q_flags) || 4585 bitset(QPINGONDELAY, to->q_flags)) && 4586 bitset(QPRIMARY, to->q_flags)) 4587 { 4588 /* RFC 2852, 4.1.4: no NOTIFY, or not NEVER */ 4589 to->q_flags |= QBYTRACE; 4590 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 4591 "%s... Deliver-By trace: relayed\n", 4592 to->q_paddr); 4593 } 4594 } 4595 4596 if (bitnset(M_LMTP, m->m_flags)) 4597 { 4598 /* 4599 ** Global information applies to the last recipient only; 4600 ** clear it out to avoid bogus errors. 4601 */ 4602 4603 rcode = EX_OK; 4604 e->e_statmsg = NULL; 4605 4606 /* reset the mci state for the next transaction */ 4607 if (mci != NULL && 4608 (mci->mci_state == MCIS_MAIL || 4609 mci->mci_state == MCIS_RCPT || 4610 mci->mci_state == MCIS_DATA)) 4611 { 4612 mci->mci_state = MCIS_OPEN; 4613 SmtpPhase = mci->mci_phase = "idle"; 4614 sm_setproctitle(true, e, "%s: %s", CurHostName, 4615 mci->mci_phase); 4616 } 4617 } 4618 4619 if (tobuf[0] != '\0') 4620 { 4621 giveresponse(rcode, 4622 #if _FFR_NULLMX_STATUS 4623 (NULL == mci || SM_IS_EMPTY(mci->mci_status)) 4624 ? NULL : 4625 #endif 4626 mci->mci_status, 4627 m, mci, ctladdr, xstart, e, NULL); 4628 #if 0 4629 /* 4630 ** This code is disabled for now because I am not 4631 ** sure that copying status from the first recipient 4632 ** to all non-status'ed recipients is a good idea. 4633 */ 4634 4635 if (tochain->q_message != NULL && 4636 !bitnset(M_LMTP, m->m_flags) && rcode != EX_OK) 4637 { 4638 for (to = tochain->q_tchain; to != NULL; 4639 to = to->q_tchain) 4640 { 4641 /* see if address already marked */ 4642 if (QS_IS_QUEUEUP(to->q_state) && 4643 to->q_message == NULL) 4644 to->q_message = sm_rpool_strdup_x(e->e_rpool, 4645 tochain->q_message); 4646 } 4647 } 4648 #endif /* 0 */ 4649 } 4650 if (anyok) 4651 markstats(e, tochain, STATS_NORMAL); 4652 mci_store_persistent(mci); 4653 4654 #if _FFR_OCC 4655 /* 4656 ** HACK: this is NOT the right place to "close" a connection! 4657 ** use smtpquit? 4658 ** add a flag to mci to indicate that rate/conc. was increased? 4659 */ 4660 4661 if (clever) 4662 { 4663 extern SOCKADDR CurHostAddr; 4664 4665 /* check family... {} */ 4666 /* r = anynet_pton(AF_INET, p, dst); */ 4667 occ_close(e, mci, host, &CurHostAddr); 4668 } 4669 #endif /* _FFR_OCC */ 4670 4671 /* Some recipients were tempfailed, try them on the next host */ 4672 if (mci != NULL && mci->mci_retryrcpt && nummxhosts > hostnum) 4673 { 4674 logfailover(e, m, mci, rcode, to); 4675 /* try next MX site */ 4676 goto tryhost; 4677 } 4678 4679 /* now close the connection */ 4680 if (clever && mci != NULL && mci->mci_state != MCIS_CLOSED && 4681 !bitset(MCIF_CACHED, mci->mci_flags)) 4682 smtpquit(m, mci, e); 4683 4684 cleanup: ; 4685 } 4686 SM_FINALLY 4687 { 4688 /* 4689 ** Restore state and return. 4690 */ 4691 #if XDEBUG 4692 char wbuf[MAXLINE]; 4693 4694 /* make absolutely certain 0, 1, and 2 are in use */ 4695 (void) sm_snprintf(wbuf, sizeof(wbuf), 4696 "%s... end of deliver(%s)", 4697 e->e_to == NULL ? "NO-TO-LIST" 4698 : shortenstring(e->e_to, 4699 MAXSHORTSTR), 4700 m->m_name); 4701 checkfd012(wbuf); 4702 #endif /* XDEBUG */ 4703 4704 errno = 0; 4705 4706 /* 4707 ** It was originally necessary to set macro 'g' to NULL 4708 ** because it previously pointed to an auto buffer. 4709 ** We don't do this any more, so this may be unnecessary. 4710 */ 4711 4712 macdefine(&e->e_macro, A_PERM, 'g', (char *) NULL); 4713 e->e_to = NULL; 4714 } 4715 SM_END_TRY 4716 return rcode; 4717 } 4718 4719 /* 4720 ** EX2ENHSC -- return proper enhanced status code for an EX_ code 4721 ** 4722 ** Parameters: 4723 ** xcode -- EX_* code 4724 ** 4725 ** Returns: 4726 ** enhanced status code if appropriate 4727 ** NULL otherwise 4728 */ 4729 4730 static char *ex2enhsc __P((int)); 4731 4732 static char * 4733 ex2enhsc(xcode) 4734 int xcode; 4735 { 4736 switch (xcode) 4737 { 4738 case EX_USAGE: 4739 return "5.5.4"; 4740 break; 4741 4742 case EX_DATAERR: 4743 return "5.5.2"; 4744 break; 4745 4746 case EX_NOUSER: 4747 return "5.1.1"; 4748 break; 4749 4750 case EX_NOHOST: 4751 return "5.1.2"; 4752 break; 4753 4754 case EX_NOINPUT: 4755 case EX_CANTCREAT: 4756 case EX_NOPERM: 4757 return "5.3.0"; 4758 break; 4759 4760 case EX_UNAVAILABLE: 4761 case EX_SOFTWARE: 4762 case EX_OSFILE: 4763 case EX_PROTOCOL: 4764 case EX_CONFIG: 4765 return "5.5.0"; 4766 break; 4767 4768 case EX_OSERR: 4769 case EX_IOERR: 4770 return "4.5.0"; 4771 break; 4772 4773 case EX_TEMPFAIL: 4774 return "4.2.0"; 4775 break; 4776 } 4777 return NULL; 4778 } 4779 4780 /* 4781 ** MARKFAILURE -- mark a failure on a specific address. 4782 ** 4783 ** Parameters: 4784 ** e -- the envelope we are sending. 4785 ** q -- the address to mark. 4786 ** mci -- mailer connection information. 4787 ** rcode -- the code signifying the particular failure. 4788 ** ovr -- override an existing code? 4789 ** 4790 ** Returns: 4791 ** none. 4792 ** 4793 ** Side Effects: 4794 ** marks the address (and possibly the envelope) with the 4795 ** failure so that an error will be returned or 4796 ** the message will be queued, as appropriate. 4797 */ 4798 4799 void 4800 markfailure(e, q, mci, rcode, ovr) 4801 register ENVELOPE *e; 4802 register ADDRESS *q; 4803 register MCI *mci; 4804 int rcode; 4805 bool ovr; 4806 { 4807 int save_errno = errno; 4808 char *status = NULL; 4809 char *rstatus = NULL; 4810 4811 switch (rcode) 4812 { 4813 case EX_OK: 4814 break; 4815 4816 case EX_TEMPFAIL: 4817 case EX_IOERR: 4818 case EX_OSERR: 4819 q->q_state = QS_QUEUEUP; 4820 break; 4821 4822 default: 4823 q->q_state = QS_BADADDR; 4824 break; 4825 } 4826 4827 /* find most specific error code possible */ 4828 if (mci != NULL && mci->mci_status != NULL) 4829 { 4830 status = sm_rpool_strdup_x(e->e_rpool, mci->mci_status); 4831 if (mci->mci_rstatus != NULL) 4832 rstatus = sm_rpool_strdup_x(e->e_rpool, 4833 mci->mci_rstatus); 4834 } 4835 else if (e->e_status != NULL) 4836 status = e->e_status; 4837 else 4838 status = ex2enhsc(rcode); 4839 4840 /* new status? */ 4841 if (status != NULL && *status != '\0' && (ovr || q->q_status == NULL || 4842 *q->q_status == '\0' || *q->q_status < *status)) 4843 { 4844 q->q_status = status; 4845 q->q_rstatus = rstatus; 4846 } 4847 if (rcode != EX_OK && q->q_rstatus == NULL && 4848 q->q_mailer != NULL && q->q_mailer->m_diagtype != NULL && 4849 SM_STRCASEEQ(q->q_mailer->m_diagtype, "X-UNIX")) 4850 { 4851 char buf[16]; 4852 4853 (void) sm_snprintf(buf, sizeof(buf), "%d", rcode); 4854 q->q_rstatus = sm_rpool_strdup_x(e->e_rpool, buf); 4855 } 4856 4857 q->q_statdate = curtime(); 4858 if (CurHostName != NULL && CurHostName[0] != '\0' && 4859 mci != NULL && !bitset(M_LOCALMAILER, mci->mci_flags)) 4860 q->q_statmta = sm_rpool_strdup_x(e->e_rpool, CurHostName); 4861 4862 /* restore errno */ 4863 errno = save_errno; 4864 } 4865 /* 4866 ** ENDMAILER -- Wait for mailer to terminate. 4867 ** 4868 ** We should never get fatal errors (e.g., segmentation 4869 ** violation), so we report those specially. For other 4870 ** errors, we choose a status message (into statmsg), 4871 ** and if it represents an error, we print it. 4872 ** 4873 ** Parameters: 4874 ** mci -- the mailer connection info. 4875 ** e -- the current envelope. 4876 ** pv -- the parameter vector that invoked the mailer 4877 ** (for error messages). 4878 ** 4879 ** Returns: 4880 ** exit code of mailer. 4881 ** 4882 ** Side Effects: 4883 ** none. 4884 */ 4885 4886 static jmp_buf EndWaitTimeout; 4887 4888 static void 4889 endwaittimeout(ignore) 4890 int ignore; 4891 { 4892 /* 4893 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD 4894 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE 4895 ** DOING. 4896 */ 4897 4898 errno = ETIMEDOUT; 4899 longjmp(EndWaitTimeout, 1); 4900 } 4901 4902 int 4903 endmailer(mci, e, pv) 4904 register MCI *mci; 4905 register ENVELOPE *e; 4906 char **pv; 4907 { 4908 int st; 4909 int save_errno = errno; 4910 char buf[MAXLINE]; 4911 SM_EVENT *ev = NULL; 4912 4913 4914 mci_unlock_host(mci); 4915 4916 /* close output to mailer */ 4917 SM_CLOSE_FP(mci->mci_out); 4918 4919 /* copy any remaining input to transcript */ 4920 if (mci->mci_in != NULL && mci->mci_state != MCIS_ERROR && 4921 e->e_xfp != NULL) 4922 { 4923 while (sfgets(buf, sizeof(buf), mci->mci_in, 4924 TimeOuts.to_quit, "Draining Input") != NULL) 4925 (void) sm_io_fputs(e->e_xfp, SM_TIME_DEFAULT, buf); 4926 } 4927 4928 #if SASL 4929 /* close SASL connection */ 4930 if (bitset(MCIF_AUTHACT, mci->mci_flags)) 4931 { 4932 sasl_dispose(&mci->mci_conn); 4933 mci->mci_flags &= ~MCIF_AUTHACT; 4934 } 4935 #endif /* SASL */ 4936 4937 #if STARTTLS 4938 /* shutdown TLS */ 4939 (void) endtlsclt(mci); 4940 #endif 4941 4942 /* now close the input */ 4943 SM_CLOSE_FP(mci->mci_in); 4944 mci->mci_state = MCIS_CLOSED; 4945 4946 errno = save_errno; 4947 4948 /* in the IPC case there is nothing to wait for */ 4949 if (mci->mci_pid == 0) 4950 return EX_OK; 4951 4952 /* put a timeout around the wait */ 4953 if (mci->mci_mailer->m_wait > 0) 4954 { 4955 if (setjmp(EndWaitTimeout) == 0) 4956 ev = sm_setevent(mci->mci_mailer->m_wait, 4957 endwaittimeout, 0); 4958 else 4959 { 4960 syserr("endmailer %s: wait timeout (%ld)", 4961 mci->mci_mailer->m_name, 4962 (long) mci->mci_mailer->m_wait); 4963 return EX_TEMPFAIL; 4964 } 4965 } 4966 4967 /* wait for the mailer process, collect status */ 4968 st = waitfor(mci->mci_pid); 4969 save_errno = errno; 4970 if (ev != NULL) 4971 sm_clrevent(ev); 4972 errno = save_errno; 4973 4974 if (st == -1) 4975 { 4976 syserr("endmailer %s: wait", mci->mci_mailer->m_name); 4977 return EX_SOFTWARE; 4978 } 4979 4980 if (WIFEXITED(st)) 4981 { 4982 /* normal death -- return status */ 4983 return (WEXITSTATUS(st)); 4984 } 4985 4986 /* it died a horrid death */ 4987 syserr("451 4.3.0 mailer %s died with signal %d%s", 4988 mci->mci_mailer->m_name, WTERMSIG(st), 4989 WCOREDUMP(st) ? " (core dumped)" : 4990 (WIFSTOPPED(st) ? " (stopped)" : "")); 4991 4992 /* log the arguments */ 4993 if (pv != NULL && e->e_xfp != NULL) 4994 { 4995 register char **av; 4996 4997 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, "Arguments:"); 4998 for (av = pv; *av != NULL; av++) 4999 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, " %s", 5000 *av); 5001 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, "\n"); 5002 } 5003 5004 ExitStat = EX_TEMPFAIL; 5005 return EX_TEMPFAIL; 5006 } 5007 /* 5008 ** GIVERESPONSE -- Interpret an error response from a mailer 5009 ** 5010 ** Parameters: 5011 ** status -- the status code from the mailer (high byte 5012 ** only; core dumps must have been taken care of 5013 ** already). 5014 ** dsn -- the DSN associated with the address, if any. 5015 ** m -- the mailer info for this mailer. 5016 ** mci -- the mailer connection info -- can be NULL if the 5017 ** response is given before the connection is made. 5018 ** ctladdr -- the controlling address for the recipient 5019 ** address(es). 5020 ** xstart -- the transaction start time, for computing 5021 ** transaction delays. 5022 ** e -- the current envelope. 5023 ** to -- the current recipient (NULL if none). 5024 ** 5025 ** Returns: 5026 ** none. 5027 ** 5028 ** Side Effects: 5029 ** Errors may be incremented. 5030 ** ExitStat may be set. 5031 */ 5032 5033 void 5034 giveresponse(status, dsn, m, mci, ctladdr, xstart, e, to) 5035 int status; 5036 char *dsn; 5037 register MAILER *m; 5038 register MCI *mci; 5039 ADDRESS *ctladdr; 5040 time_t xstart; 5041 ENVELOPE *e; 5042 ADDRESS *to; 5043 { 5044 register const char *statmsg; 5045 int errnum = errno; 5046 int off = 4; 5047 bool usestat = false; 5048 char dsnbuf[ENHSCLEN]; 5049 char buf[MAXLINE]; 5050 char *exmsg; 5051 5052 if (e == NULL) 5053 { 5054 syserr("giveresponse: null envelope"); 5055 /* NOTREACHED */ 5056 SM_ASSERT(0); 5057 } 5058 5059 if (tTd(11, 4)) 5060 sm_dprintf("giveresponse: status=%d, e->e_message=%s, dsn=%s, SmtpError=%s\n", 5061 status, e->e_message, dsn, SmtpError); 5062 5063 /* 5064 ** Compute status message from code. 5065 */ 5066 5067 exmsg = sm_sysexmsg(status); 5068 if (status == 0) 5069 { 5070 statmsg = "250 2.0.0 Sent"; 5071 if (e->e_statmsg != NULL) 5072 { 5073 (void) sm_snprintf(buf, sizeof(buf), "%s (%s)", 5074 statmsg, 5075 shortenstring(e->e_statmsg, 403)); 5076 statmsg = buf; 5077 } 5078 } 5079 else if (exmsg == NULL) 5080 { 5081 (void) sm_snprintf(buf, sizeof(buf), 5082 "554 5.3.0 unknown mailer error %d", 5083 status); 5084 status = EX_UNAVAILABLE; 5085 statmsg = buf; 5086 usestat = true; 5087 } 5088 else if (status == EX_TEMPFAIL) 5089 { 5090 char *bp = buf; 5091 5092 (void) sm_strlcpy(bp, exmsg + 1, SPACELEFT(buf, bp)); 5093 bp += strlen(bp); 5094 #if NAMED_BIND 5095 if (h_errno == TRY_AGAIN) 5096 statmsg = sm_errstring(h_errno + E_DNSBASE); 5097 else 5098 #endif 5099 { 5100 if (errnum != 0) 5101 statmsg = sm_errstring(errnum); 5102 else 5103 statmsg = SmtpError; 5104 } 5105 if (statmsg != NULL && statmsg[0] != '\0') 5106 { 5107 switch (errnum) 5108 { 5109 #ifdef ENETDOWN 5110 case ENETDOWN: /* Network is down */ 5111 #endif 5112 #ifdef ENETUNREACH 5113 case ENETUNREACH: /* Network is unreachable */ 5114 #endif 5115 #ifdef ENETRESET 5116 case ENETRESET: /* Network dropped connection on reset */ 5117 #endif 5118 #ifdef ECONNABORTED 5119 case ECONNABORTED: /* Software caused connection abort */ 5120 #endif 5121 #ifdef EHOSTDOWN 5122 case EHOSTDOWN: /* Host is down */ 5123 #endif 5124 #ifdef EHOSTUNREACH 5125 case EHOSTUNREACH: /* No route to host */ 5126 #endif 5127 if (mci != NULL && mci->mci_host != NULL) 5128 { 5129 (void) sm_strlcpyn(bp, 5130 SPACELEFT(buf, bp), 5131 2, ": ", 5132 mci->mci_host); 5133 bp += strlen(bp); 5134 } 5135 break; 5136 } 5137 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ": ", 5138 statmsg); 5139 #if DANE 5140 if (errnum == 0 && SmtpError[0] != '\0' && 5141 h_errno == TRY_AGAIN && 5142 mci->mci_exitstat == EX_TEMPFAIL) 5143 { 5144 (void) sm_strlcat(bp, SmtpError, 5145 SPACELEFT(buf, bp)); 5146 bp += strlen(bp); 5147 } 5148 #endif /* DANE */ 5149 usestat = true; 5150 } 5151 statmsg = buf; 5152 } 5153 #if NAMED_BIND 5154 else if (status == EX_NOHOST && h_errno != 0) 5155 { 5156 statmsg = sm_errstring(h_errno + E_DNSBASE); 5157 (void) sm_snprintf(buf, sizeof(buf), "%s (%s)", exmsg + 1, 5158 statmsg); 5159 statmsg = buf; 5160 usestat = true; 5161 } 5162 #endif /* NAMED_BIND */ 5163 #if USE_EAI 5164 else if (errnum == 0 && status == EX_DATAERR 5165 && e->e_message != NULL && e->e_message[0] != '\0') 5166 { 5167 int m; 5168 5169 /* XREF: 2nd arg must be coordinated with smtpmailfrom() */ 5170 m = skipaddrhost(e->e_message, false); 5171 5172 /* 5173 ** XXX Why is the SMTP reply code needed here? 5174 ** How to avoid a hard-coded value? 5175 */ 5176 5177 (void) sm_snprintf(buf, sizeof(buf), "550 %s", e->e_message + m); 5178 statmsg = buf; 5179 usestat = true; 5180 } 5181 #endif /* USE_EAI */ 5182 else 5183 { 5184 statmsg = exmsg; 5185 if (*statmsg++ == ':' && errnum != 0) 5186 { 5187 (void) sm_snprintf(buf, sizeof(buf), "%s: %s", statmsg, 5188 sm_errstring(errnum)); 5189 statmsg = buf; 5190 usestat = true; 5191 } 5192 else if (bitnset(M_LMTP, m->m_flags) && e->e_statmsg != NULL) 5193 { 5194 (void) sm_snprintf(buf, sizeof(buf), "%s (%s)", statmsg, 5195 shortenstring(e->e_statmsg, 403)); 5196 statmsg = buf; 5197 usestat = true; 5198 } 5199 } 5200 5201 /* 5202 ** Print the message as appropriate 5203 */ 5204 5205 if (status == EX_OK || status == EX_TEMPFAIL) 5206 { 5207 extern char MsgBuf[]; 5208 5209 if ((off = isenhsc(statmsg + 4, ' ')) > 0) 5210 { 5211 if (dsn == NULL) 5212 { 5213 (void) sm_snprintf(dsnbuf, sizeof(dsnbuf), 5214 "%.*s", off, statmsg + 4); 5215 dsn = dsnbuf; 5216 } 5217 off += 5; 5218 } 5219 else 5220 { 5221 off = 4; 5222 } 5223 message("%s", statmsg + off); 5224 if (status == EX_TEMPFAIL && e->e_xfp != NULL) 5225 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, "%s\n", 5226 &MsgBuf[4]); 5227 } 5228 else 5229 { 5230 char mbuf[ENHSCLEN + 4]; 5231 5232 Errors++; 5233 if ((off = isenhsc(statmsg + 4, ' ')) > 0 && 5234 off < sizeof(mbuf) - 4) 5235 { 5236 if (dsn == NULL) 5237 { 5238 (void) sm_snprintf(dsnbuf, sizeof(dsnbuf), 5239 "%.*s", off, statmsg + 4); 5240 dsn = dsnbuf; 5241 } 5242 off += 5; 5243 5244 /* copy only part of statmsg to mbuf */ 5245 (void) sm_strlcpy(mbuf, statmsg, off); 5246 (void) sm_strlcat(mbuf, " %s", sizeof(mbuf)); 5247 } 5248 else 5249 { 5250 dsnbuf[0] = '\0'; 5251 (void) sm_snprintf(mbuf, sizeof(mbuf), "%.3s %%s", 5252 statmsg); 5253 off = 4; 5254 } 5255 usrerr(mbuf, &statmsg[off]); 5256 } 5257 5258 /* 5259 ** Final cleanup. 5260 ** Log a record of the transaction. Compute the new ExitStat 5261 ** -- if we already had an error, stick with that. 5262 */ 5263 5264 if (OpMode != MD_VERIFY && !bitset(EF_VRFYONLY, e->e_flags) && 5265 LogLevel > ((status == EX_TEMPFAIL) ? 8 : (status == EX_OK) ? 7 : 6)) 5266 logdelivery(m, mci, dsn, statmsg + off, ctladdr, xstart, e, to, status); 5267 5268 if (tTd(11, 2)) 5269 sm_dprintf("giveresponse: status=%d, dsn=%s, e->e_message=%s, errnum=%d, statmsg=%s\n", 5270 status, 5271 dsn == NULL ? "<NULL>" : dsn, 5272 e->e_message == NULL ? "<NULL>" : e->e_message, 5273 errnum, statmsg); 5274 5275 if (status != EX_TEMPFAIL) 5276 setstat(status); 5277 if (status != EX_OK && (status != EX_TEMPFAIL || e->e_message == NULL)) 5278 e->e_message = sm_rpool_strdup_x(e->e_rpool, statmsg + off); 5279 if (status != EX_OK && to != NULL && to->q_message == NULL) 5280 { 5281 if (!usestat && e->e_message != NULL) 5282 to->q_message = sm_rpool_strdup_x(e->e_rpool, 5283 e->e_message); 5284 else 5285 to->q_message = sm_rpool_strdup_x(e->e_rpool, 5286 statmsg + off); 5287 } 5288 errno = 0; 5289 SM_SET_H_ERRNO(0); 5290 } 5291 5292 #if _FFR_8BITENVADDR 5293 # define GET_HOST_VALUE \ 5294 (void) dequote_internal_chars(p, xbuf, sizeof(xbuf)); \ 5295 p = xbuf; 5296 #else 5297 # define GET_HOST_VALUE 5298 #endif 5299 5300 /* 5301 ** LOGDELIVERY -- log the delivery in the system log 5302 ** 5303 ** Care is taken to avoid logging lines that are too long, because 5304 ** some versions of syslog have an unfortunate proclivity for core 5305 ** dumping. This is a hack, to be sure, that is at best empirical. 5306 ** 5307 ** Parameters: 5308 ** m -- the mailer info. Can be NULL for initial queue. 5309 ** mci -- the mailer connection info -- can be NULL if the 5310 ** log is occurring when no connection is active. 5311 ** dsn -- the DSN attached to the status. 5312 ** status -- the message to print for the status. 5313 ** ctladdr -- the controlling address for the to list. 5314 ** xstart -- the transaction start time, used for 5315 ** computing transaction delay. 5316 ** e -- the current envelope. 5317 ** to -- the current recipient (NULL if none). 5318 ** rcode -- status code. 5319 ** 5320 ** Returns: 5321 ** none 5322 ** 5323 ** Side Effects: 5324 ** none 5325 */ 5326 5327 void 5328 logdelivery(m, mci, dsn, status, ctladdr, xstart, e, to, rcode) 5329 MAILER *m; 5330 register MCI *mci; 5331 char *dsn; 5332 const char *status; 5333 ADDRESS *ctladdr; 5334 time_t xstart; 5335 register ENVELOPE *e; 5336 ADDRESS *to; 5337 int rcode; 5338 { 5339 register char *bp; 5340 register char *p; 5341 int l; 5342 time_t now = curtime(); 5343 char buf[1024]; 5344 #if _FFR_8BITENVADDR 5345 char xbuf[SM_MAX(SYSLOG_BUFSIZE, MAXNAME)]; /* EAI:ok */ 5346 #endif 5347 char *xstr; 5348 5349 #if (SYSLOG_BUFSIZE) >= 256 5350 int xtype, rtype; 5351 5352 /* ctladdr: max 106 bytes */ 5353 bp = buf; 5354 if (ctladdr != NULL) 5355 { 5356 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", ctladdr=", 5357 shortenstring(ctladdr->q_paddr, 83)); 5358 bp += strlen(bp); 5359 if (bitset(QGOODUID, ctladdr->q_flags)) 5360 { 5361 (void) sm_snprintf(bp, SPACELEFT(buf, bp), " (%d/%d)", 5362 (int) ctladdr->q_uid, 5363 (int) ctladdr->q_gid); 5364 bp += strlen(bp); 5365 } 5366 } 5367 5368 /* delay & xdelay: max 41 bytes */ 5369 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", delay=", 5370 pintvl(now - e->e_ctime, true)); 5371 bp += strlen(bp); 5372 5373 if (xstart != (time_t) 0) 5374 { 5375 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", xdelay=", 5376 pintvl(now - xstart, true)); 5377 bp += strlen(bp); 5378 } 5379 5380 /* mailer: assume about 19 bytes (max 10 byte mailer name) */ 5381 if (m != NULL) 5382 { 5383 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", mailer=", 5384 m->m_name); 5385 bp += strlen(bp); 5386 } 5387 5388 # if _FFR_LOG_MORE2 5389 LOG_MORE(buf, bp); 5390 # endif 5391 5392 /* pri: changes with each delivery attempt */ 5393 (void) sm_snprintf(bp, SPACELEFT(buf, bp), ", pri=%ld", 5394 PRT_NONNEGL(e->e_msgpriority)); 5395 bp += strlen(bp); 5396 5397 /* relay: max 66 bytes for IPv4 addresses */ 5398 if (mci != NULL && mci->mci_host != NULL) 5399 { 5400 extern SOCKADDR CurHostAddr; 5401 5402 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", relay=", 5403 shortenstring(mci->mci_host, 40)); 5404 bp += strlen(bp); 5405 5406 if (CurHostAddr.sa.sa_family != 0) 5407 { 5408 (void) sm_snprintf(bp, SPACELEFT(buf, bp), " [%s]", 5409 anynet_ntoa(&CurHostAddr)); 5410 } 5411 } 5412 else if (strcmp(status, "quarantined") == 0) 5413 { 5414 if (e->e_quarmsg != NULL) 5415 (void) sm_snprintf(bp, SPACELEFT(buf, bp), 5416 ", quarantine=%s", 5417 shortenstring(e->e_quarmsg, 40)); 5418 } 5419 else if (strcmp(status, "queued") != 0) 5420 { 5421 p = macvalue('h', e); 5422 if (p != NULL && p[0] != '\0') 5423 { 5424 GET_HOST_VALUE; 5425 (void) sm_snprintf(bp, SPACELEFT(buf, bp), 5426 ", relay=%s", shortenstring(p, 40)); 5427 } 5428 } 5429 bp += strlen(bp); 5430 5431 p = ex2enhsc(rcode); 5432 if (p != NULL) 5433 xtype = p[0] - '0'; 5434 else 5435 xtype = 0; 5436 5437 #ifndef WHERE2REPORT 5438 # define WHERE2REPORT "please see <https://sendmail.org/Report>, " 5439 #endif 5440 5441 /* dsn */ 5442 if (dsn != NULL && *dsn != '\0') 5443 { 5444 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", dsn=", 5445 shortenstring(dsn, ENHSCLEN)); 5446 bp += strlen(bp); 5447 if (xtype > 0 && ISSMTPCODE(dsn) && 5448 (rtype = dsn[0] - '0') > 0 && rtype != xtype) 5449 sm_syslog(LOG_ERR, e->e_id, 5450 "ERROR: inconsistent dsn, %srcode=%d, dsn=%s", 5451 WHERE2REPORT, rcode, dsn); 5452 } 5453 5454 # if _FFR_LOG_NTRIES 5455 /* ntries */ 5456 if (e->e_ntries >= 0) 5457 { 5458 (void) sm_snprintf(bp, SPACELEFT(buf, bp), 5459 ", ntries=%d", e->e_ntries + 1); 5460 bp += strlen(bp); 5461 } 5462 # endif /* _FFR_LOG_NTRIES */ 5463 5464 # define STATLEN (((SYSLOG_BUFSIZE) - 100) / 4) 5465 # if (STATLEN) < 63 5466 # undef STATLEN 5467 # define STATLEN 63 5468 # endif 5469 # if (STATLEN) > 203 5470 # undef STATLEN 5471 # define STATLEN 203 5472 # endif 5473 5474 # if _FFR_LOG_STAGE 5475 /* only do this when reply= is logged? */ 5476 if (rcode != EX_OK && e->e_estate >= 0) 5477 { 5478 if (e->e_estate >= 0 && e->e_estate < SM_ARRAY_SIZE(xs_states)) 5479 (void) sm_snprintf(bp, SPACELEFT(buf, bp), 5480 ", stage=%s", xs_states[e->e_estate]); 5481 else 5482 (void) sm_snprintf(bp, SPACELEFT(buf, bp), 5483 ", stage=%d", e->e_estate); 5484 bp += strlen(bp); 5485 } 5486 # endif /* _FFR_LOG_STAGE */ 5487 5488 /* 5489 ** Notes: 5490 ** per-rcpt status: to->q_rstatus 5491 ** global status: e->e_text 5492 ** 5493 ** We (re)use STATLEN here, is that a good choice? 5494 ** 5495 ** stat=Deferred: ... 5496 ** has sometimes the same text? 5497 ** 5498 ** Note: in some case the normal logging might show the same server 5499 ** reply - how to avoid that? 5500 */ 5501 5502 /* only show errors from server */ 5503 if (rcode != EX_OK && (NULL == to || !bitset(QINTREPLY, to->q_flags))) 5504 { 5505 if (to != NULL && !SM_IS_EMPTY(to->q_rstatus)) 5506 { 5507 (void) sm_snprintf(bp, SPACELEFT(buf, bp), 5508 ", reply=%s", 5509 shortenstring(to->q_rstatus, STATLEN)); 5510 bp += strlen(bp); 5511 if (ISSMTPCODE(to->q_rstatus) && 5512 (rtype = to->q_rstatus[0] - '0') > 0 && 5513 ((xtype > 0 && rtype != xtype) || rtype < 4)) 5514 sm_syslog(LOG_ERR, e->e_id, 5515 "ERROR: inconsistent reply, %srcode=%d, q_rstatus=%s", 5516 WHERE2REPORT, rcode, to->q_rstatus); 5517 } 5518 else if (e->e_text != NULL) 5519 { 5520 (void) sm_snprintf(bp, SPACELEFT(buf, bp), 5521 ", reply=%d %s%s%s", 5522 e->e_rcode, 5523 e->e_renhsc, 5524 (e->e_renhsc[0] != '\0') ? " " : "", 5525 shortenstring(e->e_text, STATLEN)); 5526 bp += strlen(bp); 5527 rtype = REPLYTYPE(e->e_rcode); 5528 if (rtype > 0 && 5529 ((xtype > 0 && rtype != xtype) || rtype < 4)) 5530 sm_syslog(LOG_ERR, e->e_id, 5531 "ERROR: inconsistent reply, %srcode=%d, e_rcode=%d, e_text=%s", 5532 WHERE2REPORT, rcode, e->e_rcode, e->e_text); 5533 } 5534 #if _FFR_NULLMX_STATUS 5535 /* Hack for MX 0 . : how to make this general? */ 5536 else if (NULL == to && dsn != NULL && 5537 strcmp(dsn, ESCNULLMXRCPT) == 0) 5538 { 5539 (void) sm_snprintf(bp, SPACELEFT(buf, bp), 5540 ", status=%s", ERRNULLMX); 5541 bp += strlen(bp); 5542 } 5543 #endif 5544 } 5545 5546 /* stat: max 210 bytes */ 5547 if ((bp - buf) > (sizeof(buf) - ((STATLEN) + 20))) 5548 { 5549 /* desperation move -- truncate data */ 5550 bp = buf + sizeof(buf) - ((STATLEN) + 17); 5551 (void) sm_strlcpy(bp, "...", SPACELEFT(buf, bp)); 5552 bp += 3; 5553 } 5554 5555 (void) sm_strlcpy(bp, ", stat=", SPACELEFT(buf, bp)); 5556 bp += strlen(bp); 5557 5558 (void) sm_strlcpy(bp, shortenstring(status, STATLEN), 5559 SPACELEFT(buf, bp)); 5560 5561 /* id, to: max 13 + TOBUFSIZE bytes */ 5562 l = SYSLOG_BUFSIZE - 100 - strlen(buf); 5563 if (l < 0) 5564 l = 0; 5565 p = e->e_to == NULL ? "NO-TO-LIST" : e->e_to; 5566 while (strlen(p) >= l) 5567 { 5568 register char *q; 5569 5570 for (q = p + l; q > p; q--) 5571 { 5572 /* XXX a comma in an address will break this! */ 5573 if (*q == ',') 5574 break; 5575 } 5576 if (p == q) 5577 break; 5578 # if _FFR_8BITENVADDR 5579 /* XXX is this correct? dequote all of p? */ 5580 (void) dequote_internal_chars(p, xbuf, sizeof(xbuf)); 5581 xstr = xbuf; 5582 # else 5583 xstr = p; 5584 # endif 5585 sm_syslog(LOG_INFO, e->e_id, "to=%.*s [more]%s", 5586 (int) (++q - p), xstr, buf); 5587 p = q; 5588 } 5589 # if _FFR_8BITENVADDR 5590 (void) dequote_internal_chars(p, xbuf, sizeof(xbuf)); 5591 xstr = xbuf; 5592 # else 5593 xstr = p; 5594 # endif 5595 sm_syslog(LOG_INFO, e->e_id, "to=%.*s%s", l, xstr, buf); 5596 5597 #else /* (SYSLOG_BUFSIZE) >= 256 */ 5598 5599 l = SYSLOG_BUFSIZE - 85; 5600 if (l < 0) 5601 l = 0; 5602 p = e->e_to == NULL ? "NO-TO-LIST" : e->e_to; 5603 while (strlen(p) >= l) 5604 { 5605 register char *q; 5606 5607 for (q = p + l; q > p; q--) 5608 { 5609 if (*q == ',') 5610 break; 5611 } 5612 if (p == q) 5613 break; 5614 5615 sm_syslog(LOG_INFO, e->e_id, "to=%.*s [more]", 5616 (int) (++q - p), p); 5617 p = q; 5618 } 5619 sm_syslog(LOG_INFO, e->e_id, "to=%.*s", l, p); 5620 5621 if (ctladdr != NULL) 5622 { 5623 bp = buf; 5624 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, "ctladdr=", 5625 shortenstring(ctladdr->q_paddr, 83)); 5626 bp += strlen(bp); 5627 if (bitset(QGOODUID, ctladdr->q_flags)) 5628 { 5629 (void) sm_snprintf(bp, SPACELEFT(buf, bp), " (%d/%d)", 5630 ctladdr->q_uid, ctladdr->q_gid); 5631 bp += strlen(bp); 5632 } 5633 sm_syslog(LOG_INFO, e->e_id, "%s", buf); 5634 } 5635 bp = buf; 5636 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, "delay=", 5637 pintvl(now - e->e_ctime, true)); 5638 bp += strlen(bp); 5639 if (xstart != (time_t) 0) 5640 { 5641 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", xdelay=", 5642 pintvl(now - xstart, true)); 5643 bp += strlen(bp); 5644 } 5645 5646 if (m != NULL) 5647 { 5648 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", mailer=", 5649 m->m_name); 5650 bp += strlen(bp); 5651 } 5652 sm_syslog(LOG_INFO, e->e_id, "%.1000s", buf); 5653 5654 buf[0] = '\0'; 5655 bp = buf; 5656 if (mci != NULL && mci->mci_host != NULL) 5657 { 5658 extern SOCKADDR CurHostAddr; 5659 5660 (void) sm_snprintf(bp, SPACELEFT(buf, bp), "relay=%.100s", 5661 mci->mci_host); 5662 bp += strlen(bp); 5663 5664 if (CurHostAddr.sa.sa_family != 0) 5665 (void) sm_snprintf(bp, SPACELEFT(buf, bp), 5666 " [%.100s]", 5667 anynet_ntoa(&CurHostAddr)); 5668 } 5669 else if (strcmp(status, "quarantined") == 0) 5670 { 5671 if (e->e_quarmsg != NULL) 5672 (void) sm_snprintf(bp, SPACELEFT(buf, bp), 5673 ", quarantine=%.100s", 5674 e->e_quarmsg); 5675 } 5676 else if (strcmp(status, "queued") != 0) 5677 { 5678 p = macvalue('h', e); 5679 if (p != NULL && p[0] != '\0') 5680 { 5681 GET_HOST_VALUE; 5682 (void) sm_snprintf(buf, sizeof(buf), "relay=%.100s", p); 5683 } 5684 } 5685 if (buf[0] != '\0') 5686 sm_syslog(LOG_INFO, e->e_id, "%.1000s", buf); 5687 5688 sm_syslog(LOG_INFO, e->e_id, "stat=%s", shortenstring(status, 63)); 5689 #endif /* (SYSLOG_BUFSIZE) >= 256 */ 5690 } 5691 /* 5692 ** PUTFROMLINE -- output a UNIX-style from line (or whatever) 5693 ** 5694 ** This can be made an arbitrary message separator by changing $l 5695 ** 5696 ** One of the ugliest hacks seen by human eyes is contained herein: 5697 ** UUCP wants those stupid "remote from <host>" lines. Why oh why 5698 ** does a well-meaning programmer such as myself have to deal with 5699 ** this kind of antique garbage???? 5700 ** 5701 ** Parameters: 5702 ** mci -- the connection information. 5703 ** e -- the envelope. 5704 ** 5705 ** Returns: 5706 ** true iff line was written successfully 5707 ** 5708 ** Side Effects: 5709 ** outputs some text to fp. 5710 */ 5711 5712 bool 5713 putfromline(mci, e) 5714 register MCI *mci; 5715 ENVELOPE *e; 5716 { 5717 char *template = UnixFromLine; 5718 char buf[MAXLINE]; 5719 char xbuf[MAXLINE]; 5720 5721 if (bitnset(M_NHDR, mci->mci_mailer->m_flags)) 5722 return true; 5723 5724 mci->mci_flags |= MCIF_INHEADER; 5725 5726 if (bitnset(M_UGLYUUCP, mci->mci_mailer->m_flags)) 5727 { 5728 char *bang; 5729 5730 expand("\201g", buf, sizeof(buf), e); 5731 bang = strchr(buf, '!'); 5732 if (bang == NULL) 5733 { 5734 char *at; 5735 char hname[MAXNAME]; /* EAI:ok */ 5736 5737 /* 5738 ** If we can construct a UUCP path, do so 5739 */ 5740 5741 at = strrchr(buf, '@'); 5742 if (at == NULL) 5743 { 5744 expand("\201k", hname, sizeof(hname), e); 5745 at = hname; 5746 } 5747 else 5748 *at++ = '\0'; 5749 (void) sm_snprintf(xbuf, sizeof(xbuf), 5750 "From %.800s \201d remote from %.100s\n", 5751 buf, at); 5752 } 5753 else 5754 { 5755 *bang++ = '\0'; 5756 (void) sm_snprintf(xbuf, sizeof(xbuf), 5757 "From %.800s \201d remote from %.100s\n", 5758 bang, buf); 5759 template = xbuf; 5760 } 5761 } 5762 expand(template, buf, sizeof(buf), e); 5763 return putxline(buf, strlen(buf), mci, PXLF_HEADER); 5764 } 5765 5766 /* 5767 ** PUTBODY -- put the body of a message. 5768 ** 5769 ** Parameters: 5770 ** mci -- the connection information. 5771 ** e -- the envelope to put out. 5772 ** separator -- if non-NULL, a message separator that must 5773 ** not be permitted in the resulting message. 5774 ** 5775 ** Returns: 5776 ** true iff message was written successfully 5777 ** 5778 ** Side Effects: 5779 ** The message is written onto fp. 5780 */ 5781 5782 /* values for output state variable */ 5783 #define OSTATE_HEAD 0 /* at beginning of line */ 5784 #define OSTATE_CR 1 /* read a carriage return */ 5785 #define OSTATE_INLINE 2 /* putting rest of line */ 5786 5787 bool 5788 putbody(mci, e, separator) 5789 register MCI *mci; 5790 register ENVELOPE *e; 5791 char *separator; 5792 { 5793 bool dead = false; 5794 bool ioerr = false; 5795 int save_errno; 5796 char buf[MAXLINE]; 5797 #if MIME8TO7 5798 char *boundaries[MAXMIMENESTING + 1]; 5799 #endif 5800 5801 /* 5802 ** Output the body of the message 5803 */ 5804 5805 if (e->e_dfp == NULL && bitset(EF_HAS_DF, e->e_flags)) 5806 { 5807 char *df = queuename(e, DATAFL_LETTER); 5808 5809 e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, df, 5810 SM_IO_RDONLY_B, NULL); 5811 if (e->e_dfp == NULL) 5812 { 5813 char *msg = "!putbody: Cannot open %s for %s from %s"; 5814 5815 if (errno == ENOENT) 5816 msg++; 5817 syserr(msg, df, e->e_to, e->e_from.q_paddr); 5818 } 5819 5820 } 5821 if (e->e_dfp == NULL) 5822 { 5823 if (bitset(MCIF_INHEADER, mci->mci_flags)) 5824 { 5825 if (!putline("", mci)) 5826 goto writeerr; 5827 mci->mci_flags &= ~MCIF_INHEADER; 5828 } 5829 if (!putline("<<< No Message Collected >>>", mci)) 5830 goto writeerr; 5831 goto endofmessage; 5832 } 5833 5834 if (e->e_dfino == (ino_t) 0) 5835 { 5836 struct stat stbuf; 5837 5838 if (fstat(sm_io_getinfo(e->e_dfp, SM_IO_WHAT_FD, NULL), &stbuf) 5839 < 0) 5840 e->e_dfino = -1; 5841 else 5842 { 5843 e->e_dfdev = stbuf.st_dev; 5844 e->e_dfino = stbuf.st_ino; 5845 } 5846 } 5847 5848 /* paranoia: the data file should always be in a rewound state */ 5849 (void) bfrewind(e->e_dfp); 5850 5851 /* simulate an I/O timeout when used as source */ 5852 if (tTd(84, 101)) 5853 sleep(319); 5854 5855 #if MIME8TO7 5856 if (bitset(MCIF_CVT8TO7, mci->mci_flags)) 5857 { 5858 /* 5859 ** Do 8 to 7 bit MIME conversion. 5860 */ 5861 5862 /* make sure it looks like a MIME message */ 5863 if (hvalue("MIME-Version", e->e_header) == NULL && 5864 !putline("MIME-Version: 1.0", mci)) 5865 goto writeerr; 5866 5867 if (hvalue("Content-Type", e->e_header) == NULL) 5868 { 5869 (void) sm_snprintf(buf, sizeof(buf), 5870 "Content-Type: text/plain; charset=%s", 5871 defcharset(e)); 5872 if (!putline(buf, mci)) 5873 goto writeerr; 5874 } 5875 5876 /* now do the hard work */ 5877 boundaries[0] = NULL; 5878 mci->mci_flags |= MCIF_INHEADER; 5879 if (mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER, 0) == 5880 SM_IO_EOF) 5881 goto writeerr; 5882 } 5883 # if MIME7TO8 5884 else if (bitset(MCIF_CVT7TO8, mci->mci_flags)) 5885 { 5886 if (!mime7to8(mci, e->e_header, e)) 5887 goto writeerr; 5888 } 5889 # endif /* MIME7TO8 */ 5890 else if (MaxMimeHeaderLength > 0 || MaxMimeFieldLength > 0) 5891 { 5892 bool oldsuprerrs = SuprErrs; 5893 5894 /* Use mime8to7 to check multipart for MIME header overflows */ 5895 boundaries[0] = NULL; 5896 mci->mci_flags |= MCIF_INHEADER; 5897 5898 /* 5899 ** If EF_DONT_MIME is set, we have a broken MIME message 5900 ** and don't want to generate a new bounce message whose 5901 ** body propagates the broken MIME. We can't just not call 5902 ** mime8to7() as is done above since we need the security 5903 ** checks. The best we can do is suppress the errors. 5904 */ 5905 5906 if (bitset(EF_DONT_MIME, e->e_flags)) 5907 SuprErrs = true; 5908 5909 if (mime8to7(mci, e->e_header, e, boundaries, 5910 M87F_OUTER|M87F_NO8TO7, 0) == SM_IO_EOF) 5911 goto writeerr; 5912 5913 /* restore SuprErrs */ 5914 SuprErrs = oldsuprerrs; 5915 } 5916 else 5917 #endif /* MIME8TO7 */ 5918 { 5919 int ostate; 5920 register char *bp; 5921 register char *pbp; 5922 register int c; 5923 register char *xp; 5924 int padc; 5925 char *buflim; 5926 int pos = 0; 5927 char peekbuf[12]; 5928 5929 if (bitset(MCIF_INHEADER, mci->mci_flags)) 5930 { 5931 if (!putline("", mci)) 5932 goto writeerr; 5933 mci->mci_flags &= ~MCIF_INHEADER; 5934 } 5935 5936 /* determine end of buffer; allow for short mailer lines */ 5937 buflim = &buf[sizeof(buf) - 1]; 5938 if (mci->mci_mailer->m_linelimit > 0 && 5939 mci->mci_mailer->m_linelimit < sizeof(buf) - 1) 5940 buflim = &buf[mci->mci_mailer->m_linelimit - 1]; 5941 5942 /* copy temp file to output with mapping */ 5943 ostate = OSTATE_HEAD; 5944 bp = buf; 5945 pbp = peekbuf; 5946 while (!sm_io_error(mci->mci_out) && !dead) 5947 { 5948 if (pbp > peekbuf) 5949 c = *--pbp; 5950 else if ((c = sm_io_getc(e->e_dfp, SM_TIME_DEFAULT)) 5951 == SM_IO_EOF) 5952 break; 5953 if (bitset(MCIF_7BIT, mci->mci_flags)) 5954 c &= 0x7f; 5955 switch (ostate) 5956 { 5957 case OSTATE_HEAD: 5958 if (c == '\0' && 5959 bitnset(M_NONULLS, 5960 mci->mci_mailer->m_flags)) 5961 break; 5962 if (c != '\r' && c != '\n' && bp < buflim) 5963 { 5964 *bp++ = c; 5965 break; 5966 } 5967 5968 /* check beginning of line for special cases */ 5969 *bp = '\0'; 5970 pos = 0; 5971 padc = SM_IO_EOF; 5972 if (buf[0] == 'F' && 5973 bitnset(M_ESCFROM, mci->mci_mailer->m_flags) 5974 && strncmp(buf, "From ", 5) == 0) 5975 { 5976 padc = '>'; 5977 } 5978 if (buf[0] == '-' && buf[1] == '-' && 5979 separator != NULL) 5980 { 5981 /* possible separator */ 5982 int sl = strlen(separator); 5983 5984 if (strncmp(&buf[2], separator, sl) 5985 == 0) 5986 padc = ' '; 5987 } 5988 if (buf[0] == '.' && 5989 bitnset(M_XDOT, mci->mci_mailer->m_flags)) 5990 { 5991 padc = '.'; 5992 } 5993 5994 /* now copy out saved line */ 5995 if (TrafficLogFile != NULL) 5996 { 5997 (void) sm_io_fprintf(TrafficLogFile, 5998 SM_TIME_DEFAULT, 5999 "%05d >>> ", 6000 (int) CurrentPid); 6001 if (padc != SM_IO_EOF) 6002 (void) sm_io_putc(TrafficLogFile, 6003 SM_TIME_DEFAULT, 6004 padc); 6005 for (xp = buf; xp < bp; xp++) 6006 (void) sm_io_putc(TrafficLogFile, 6007 SM_TIME_DEFAULT, 6008 (unsigned char) *xp); 6009 if (c == '\n') 6010 (void) sm_io_fputs(TrafficLogFile, 6011 SM_TIME_DEFAULT, 6012 mci->mci_mailer->m_eol); 6013 } 6014 if (padc != SM_IO_EOF) 6015 { 6016 if (sm_io_putc(mci->mci_out, 6017 SM_TIME_DEFAULT, padc) 6018 == SM_IO_EOF) 6019 { 6020 dead = true; 6021 continue; 6022 } 6023 pos++; 6024 } 6025 for (xp = buf; xp < bp; xp++) 6026 { 6027 if (sm_io_putc(mci->mci_out, 6028 SM_TIME_DEFAULT, 6029 (unsigned char) *xp) 6030 == SM_IO_EOF) 6031 { 6032 dead = true; 6033 break; 6034 } 6035 } 6036 if (dead) 6037 continue; 6038 if (c == '\n') 6039 { 6040 if (sm_io_fputs(mci->mci_out, 6041 SM_TIME_DEFAULT, 6042 mci->mci_mailer->m_eol) 6043 == SM_IO_EOF) 6044 break; 6045 pos = 0; 6046 } 6047 else 6048 { 6049 pos += bp - buf; 6050 if (c != '\r') 6051 { 6052 SM_ASSERT(pbp < peekbuf + 6053 sizeof(peekbuf)); 6054 *pbp++ = c; 6055 } 6056 } 6057 6058 bp = buf; 6059 6060 /* determine next state */ 6061 if (c == '\n') 6062 ostate = OSTATE_HEAD; 6063 else if (c == '\r') 6064 ostate = OSTATE_CR; 6065 else 6066 ostate = OSTATE_INLINE; 6067 continue; 6068 6069 case OSTATE_CR: 6070 if (c == '\n') 6071 { 6072 /* got CRLF */ 6073 if (sm_io_fputs(mci->mci_out, 6074 SM_TIME_DEFAULT, 6075 mci->mci_mailer->m_eol) 6076 == SM_IO_EOF) 6077 continue; 6078 6079 if (TrafficLogFile != NULL) 6080 { 6081 (void) sm_io_fputs(TrafficLogFile, 6082 SM_TIME_DEFAULT, 6083 mci->mci_mailer->m_eol); 6084 } 6085 pos = 0; 6086 ostate = OSTATE_HEAD; 6087 continue; 6088 } 6089 6090 /* had a naked carriage return */ 6091 SM_ASSERT(pbp < peekbuf + sizeof(peekbuf)); 6092 *pbp++ = c; 6093 c = '\r'; 6094 ostate = OSTATE_INLINE; 6095 goto putch; 6096 6097 case OSTATE_INLINE: 6098 if (c == '\r') 6099 { 6100 ostate = OSTATE_CR; 6101 continue; 6102 } 6103 if (c == '\0' && 6104 bitnset(M_NONULLS, 6105 mci->mci_mailer->m_flags)) 6106 break; 6107 putch: 6108 if (mci->mci_mailer->m_linelimit > 0 && 6109 pos >= mci->mci_mailer->m_linelimit - 1 && 6110 c != '\n') 6111 { 6112 int d; 6113 6114 /* check next character for EOL */ 6115 if (pbp > peekbuf) 6116 d = *(pbp - 1); 6117 else if ((d = sm_io_getc(e->e_dfp, 6118 SM_TIME_DEFAULT)) 6119 != SM_IO_EOF) 6120 { 6121 SM_ASSERT(pbp < peekbuf + 6122 sizeof(peekbuf)); 6123 *pbp++ = d; 6124 } 6125 6126 if (d == '\n' || d == SM_IO_EOF) 6127 { 6128 if (TrafficLogFile != NULL) 6129 (void) sm_io_putc(TrafficLogFile, 6130 SM_TIME_DEFAULT, 6131 (unsigned char) c); 6132 if (sm_io_putc(mci->mci_out, 6133 SM_TIME_DEFAULT, 6134 (unsigned char) c) 6135 == SM_IO_EOF) 6136 { 6137 dead = true; 6138 continue; 6139 } 6140 pos++; 6141 continue; 6142 } 6143 6144 if (sm_io_putc(mci->mci_out, 6145 SM_TIME_DEFAULT, '!') 6146 == SM_IO_EOF || 6147 sm_io_fputs(mci->mci_out, 6148 SM_TIME_DEFAULT, 6149 mci->mci_mailer->m_eol) 6150 == SM_IO_EOF) 6151 { 6152 dead = true; 6153 continue; 6154 } 6155 6156 if (TrafficLogFile != NULL) 6157 { 6158 (void) sm_io_fprintf(TrafficLogFile, 6159 SM_TIME_DEFAULT, 6160 "!%s", 6161 mci->mci_mailer->m_eol); 6162 } 6163 ostate = OSTATE_HEAD; 6164 SM_ASSERT(pbp < peekbuf + 6165 sizeof(peekbuf)); 6166 *pbp++ = c; 6167 continue; 6168 } 6169 if (c == '\n') 6170 { 6171 if (TrafficLogFile != NULL) 6172 (void) sm_io_fputs(TrafficLogFile, 6173 SM_TIME_DEFAULT, 6174 mci->mci_mailer->m_eol); 6175 if (sm_io_fputs(mci->mci_out, 6176 SM_TIME_DEFAULT, 6177 mci->mci_mailer->m_eol) 6178 == SM_IO_EOF) 6179 continue; 6180 pos = 0; 6181 ostate = OSTATE_HEAD; 6182 } 6183 else 6184 { 6185 if (TrafficLogFile != NULL) 6186 (void) sm_io_putc(TrafficLogFile, 6187 SM_TIME_DEFAULT, 6188 (unsigned char) c); 6189 if (sm_io_putc(mci->mci_out, 6190 SM_TIME_DEFAULT, 6191 (unsigned char) c) 6192 == SM_IO_EOF) 6193 { 6194 dead = true; 6195 continue; 6196 } 6197 pos++; 6198 ostate = OSTATE_INLINE; 6199 } 6200 break; 6201 } 6202 } 6203 6204 /* make sure we are at the beginning of a line */ 6205 if (bp > buf) 6206 { 6207 if (TrafficLogFile != NULL) 6208 { 6209 for (xp = buf; xp < bp; xp++) 6210 (void) sm_io_putc(TrafficLogFile, 6211 SM_TIME_DEFAULT, 6212 (unsigned char) *xp); 6213 } 6214 for (xp = buf; xp < bp; xp++) 6215 { 6216 if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT, 6217 (unsigned char) *xp) 6218 == SM_IO_EOF) 6219 { 6220 dead = true; 6221 break; 6222 } 6223 } 6224 pos += bp - buf; 6225 } 6226 if (!dead && pos > 0) 6227 { 6228 if (TrafficLogFile != NULL) 6229 (void) sm_io_fputs(TrafficLogFile, 6230 SM_TIME_DEFAULT, 6231 mci->mci_mailer->m_eol); 6232 if (sm_io_fputs(mci->mci_out, SM_TIME_DEFAULT, 6233 mci->mci_mailer->m_eol) == SM_IO_EOF) 6234 goto writeerr; 6235 } 6236 } 6237 6238 if (sm_io_error(e->e_dfp)) 6239 { 6240 syserr("putbody: %s/%cf%s: read error", 6241 qid_printqueue(e->e_dfqgrp, e->e_dfqdir), 6242 DATAFL_LETTER, e->e_id); 6243 ExitStat = EX_IOERR; 6244 ioerr = true; 6245 } 6246 6247 endofmessage: 6248 /* 6249 ** Since mailfile() uses e_dfp in a child process, 6250 ** the file offset in the stdio library for the 6251 ** parent process will not agree with the in-kernel 6252 ** file offset since the file descriptor is shared 6253 ** between the processes. Therefore, it is vital 6254 ** that the file always be rewound. This forces the 6255 ** kernel offset (lseek) and stdio library (ftell) 6256 ** offset to match. 6257 */ 6258 6259 save_errno = errno; 6260 if (e->e_dfp != NULL) 6261 (void) bfrewind(e->e_dfp); 6262 6263 /* some mailers want extra blank line at end of message */ 6264 if (!dead && bitnset(M_BLANKEND, mci->mci_mailer->m_flags) && 6265 buf[0] != '\0' && buf[0] != '\n') 6266 { 6267 if (!putline("", mci)) 6268 goto writeerr; 6269 } 6270 6271 if (!dead && 6272 (sm_io_flush(mci->mci_out, SM_TIME_DEFAULT) == SM_IO_EOF || 6273 (sm_io_error(mci->mci_out) && errno != EPIPE))) 6274 { 6275 save_errno = errno; 6276 syserr("putbody: write error"); 6277 ExitStat = EX_IOERR; 6278 ioerr = true; 6279 } 6280 6281 errno = save_errno; 6282 return !dead && !ioerr; 6283 6284 writeerr: 6285 return false; 6286 } 6287 6288 /* 6289 ** MAILFILE -- Send a message to a file. 6290 ** 6291 ** If the file has the set-user-ID/set-group-ID bits set, but NO 6292 ** execute bits, sendmail will try to become the owner of that file 6293 ** rather than the real user. Obviously, this only works if 6294 ** sendmail runs as root. 6295 ** 6296 ** This could be done as a subordinate mailer, except that it 6297 ** is used implicitly to save messages in ~/dead.letter. We 6298 ** view this as being sufficiently important as to include it 6299 ** here. For example, if the system is dying, we shouldn't have 6300 ** to create another process plus some pipes to save the message. 6301 ** 6302 ** Parameters: 6303 ** filename -- the name of the file to send to. 6304 ** mailer -- mailer definition for recipient -- if NULL, 6305 ** use FileMailer. 6306 ** ctladdr -- the controlling address header -- includes 6307 ** the userid/groupid to be when sending. 6308 ** sfflags -- flags for opening. 6309 ** e -- the current envelope. 6310 ** 6311 ** Returns: 6312 ** The exit code associated with the operation. 6313 ** 6314 ** Side Effects: 6315 ** none. 6316 */ 6317 6318 # define RETURN(st) exit(st); 6319 6320 static jmp_buf CtxMailfileTimeout; 6321 6322 int 6323 mailfile(filename, mailer, ctladdr, sfflags, e) 6324 char *volatile filename; 6325 MAILER *volatile mailer; 6326 ADDRESS *ctladdr; 6327 volatile long sfflags; 6328 register ENVELOPE *e; 6329 { 6330 register SM_FILE_T *f; 6331 register pid_t pid = -1; 6332 volatile int mode; 6333 int len; 6334 off_t curoff; 6335 bool suidwarn = geteuid() == 0; 6336 char *p; 6337 char *volatile realfile; 6338 SM_EVENT *ev; 6339 char buf[MAXPATHLEN]; 6340 char targetfile[MAXPATHLEN]; 6341 6342 if (tTd(11, 1)) 6343 { 6344 sm_dprintf("mailfile %s\n ctladdr=", filename); 6345 printaddr(sm_debug_file(), ctladdr, false); 6346 } 6347 6348 if (mailer == NULL) 6349 mailer = FileMailer; 6350 6351 if (e->e_xfp != NULL) 6352 (void) sm_io_flush(e->e_xfp, SM_TIME_DEFAULT); 6353 6354 /* 6355 ** Special case /dev/null. This allows us to restrict file 6356 ** delivery to regular files only. 6357 */ 6358 6359 if (sm_path_isdevnull(filename)) 6360 return EX_OK; 6361 6362 /* check for 8-bit available */ 6363 if (bitset(EF_HAS8BIT, e->e_flags) && 6364 bitnset(M_7BITS, mailer->m_flags) && 6365 (bitset(EF_DONT_MIME, e->e_flags) || 6366 !(bitset(MM_MIME8BIT, MimeMode) || 6367 (bitset(EF_IS_MIME, e->e_flags) && 6368 bitset(MM_CVTMIME, MimeMode))))) 6369 { 6370 e->e_status = "5.6.3"; 6371 usrerrenh(e->e_status, 6372 "554 Cannot send 8-bit data to 7-bit destination"); 6373 errno = 0; 6374 return EX_DATAERR; 6375 } 6376 6377 /* Find the actual file */ 6378 if (SafeFileEnv != NULL && SafeFileEnv[0] != '\0') 6379 { 6380 len = strlen(SafeFileEnv); 6381 6382 if (strncmp(SafeFileEnv, filename, len) == 0) 6383 filename += len; 6384 6385 if (len + strlen(filename) + 1 >= sizeof(targetfile)) 6386 { 6387 syserr("mailfile: filename too long (%s/%s)", 6388 SafeFileEnv, filename); 6389 return EX_CANTCREAT; 6390 } 6391 (void) sm_strlcpy(targetfile, SafeFileEnv, sizeof(targetfile)); 6392 realfile = targetfile + len; 6393 if (*filename == '/') 6394 filename++; 6395 if (*filename != '\0') 6396 { 6397 /* paranoia: trailing / should be removed in readcf */ 6398 if (targetfile[len - 1] != '/') 6399 (void) sm_strlcat(targetfile, 6400 "/", sizeof(targetfile)); 6401 (void) sm_strlcat(targetfile, filename, 6402 sizeof(targetfile)); 6403 } 6404 } 6405 else if (mailer->m_rootdir != NULL) 6406 { 6407 expand(mailer->m_rootdir, targetfile, sizeof(targetfile), e); 6408 len = strlen(targetfile); 6409 6410 if (strncmp(targetfile, filename, len) == 0) 6411 filename += len; 6412 6413 if (len + strlen(filename) + 1 >= sizeof(targetfile)) 6414 { 6415 syserr("mailfile: filename too long (%s/%s)", 6416 targetfile, filename); 6417 return EX_CANTCREAT; 6418 } 6419 realfile = targetfile + len; 6420 if (targetfile[len - 1] != '/') 6421 (void) sm_strlcat(targetfile, "/", sizeof(targetfile)); 6422 if (*filename == '/') 6423 (void) sm_strlcat(targetfile, filename + 1, 6424 sizeof(targetfile)); 6425 else 6426 (void) sm_strlcat(targetfile, filename, 6427 sizeof(targetfile)); 6428 } 6429 else 6430 { 6431 if (sm_strlcpy(targetfile, filename, sizeof(targetfile)) >= 6432 sizeof(targetfile)) 6433 { 6434 syserr("mailfile: filename too long (%s)", filename); 6435 return EX_CANTCREAT; 6436 } 6437 realfile = targetfile; 6438 } 6439 6440 /* 6441 ** Fork so we can change permissions here. 6442 ** Note that we MUST use fork, not vfork, because of 6443 ** the complications of calling subroutines, etc. 6444 */ 6445 6446 6447 /* 6448 ** Dispose of SIGCHLD signal catchers that may be laying 6449 ** around so that the waitfor() below will get it. 6450 */ 6451 6452 (void) sm_signal(SIGCHLD, SIG_DFL); 6453 6454 DOFORK(fork); 6455 6456 if (pid < 0) 6457 return EX_OSERR; 6458 else if (pid == 0) 6459 { 6460 /* child -- actually write to file */ 6461 struct stat stb; 6462 MCI mcibuf; 6463 int err; 6464 volatile int oflags = O_WRONLY|O_APPEND; 6465 6466 /* Reset global flags */ 6467 RestartRequest = NULL; 6468 RestartWorkGroup = false; 6469 ShutdownRequest = NULL; 6470 PendingSignal = 0; 6471 CurrentPid = getpid(); 6472 6473 if (e->e_lockfp != NULL) 6474 { 6475 int fd; 6476 6477 fd = sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD, NULL); 6478 /* SM_ASSERT(fd >= 0); */ 6479 if (fd >= 0) 6480 (void) close(fd); 6481 } 6482 6483 (void) sm_signal(SIGINT, SIG_DFL); 6484 (void) sm_signal(SIGHUP, SIG_DFL); 6485 (void) sm_signal(SIGTERM, SIG_DFL); 6486 (void) umask(OldUmask); 6487 e->e_to = filename; 6488 ExitStat = EX_OK; 6489 6490 if (setjmp(CtxMailfileTimeout) != 0) 6491 { 6492 RETURN(EX_TEMPFAIL); 6493 } 6494 6495 if (TimeOuts.to_fileopen > 0) 6496 ev = sm_setevent(TimeOuts.to_fileopen, mailfiletimeout, 6497 0); 6498 else 6499 ev = NULL; 6500 6501 /* check file mode to see if set-user-ID */ 6502 if (stat(targetfile, &stb) < 0) 6503 mode = FileMode; 6504 else 6505 mode = stb.st_mode; 6506 6507 /* limit the errors to those actually caused in the child */ 6508 errno = 0; 6509 ExitStat = EX_OK; 6510 6511 /* Allow alias expansions to use the S_IS{U,G}ID bits */ 6512 if ((ctladdr != NULL && !bitset(QALIAS, ctladdr->q_flags)) || 6513 bitset(SFF_RUNASREALUID, sfflags)) 6514 { 6515 /* ignore set-user-ID and set-group-ID bits */ 6516 mode &= ~(S_ISGID|S_ISUID); 6517 if (tTd(11, 20)) 6518 sm_dprintf("mailfile: ignoring set-user-ID/set-group-ID bits\n"); 6519 } 6520 6521 /* we have to open the data file BEFORE setuid() */ 6522 if (e->e_dfp == NULL && bitset(EF_HAS_DF, e->e_flags)) 6523 { 6524 char *df = queuename(e, DATAFL_LETTER); 6525 6526 e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, df, 6527 SM_IO_RDONLY_B, NULL); 6528 if (e->e_dfp == NULL) 6529 { 6530 syserr("mailfile: Cannot open %s for %s from %s", 6531 df, e->e_to, e->e_from.q_paddr); 6532 } 6533 } 6534 6535 /* select a new user to run as */ 6536 if (!bitset(SFF_RUNASREALUID, sfflags)) 6537 { 6538 if (bitnset(M_SPECIFIC_UID, mailer->m_flags)) 6539 { 6540 RealUserName = NULL; 6541 if (mailer->m_uid == NO_UID) 6542 RealUid = RunAsUid; 6543 else 6544 RealUid = mailer->m_uid; 6545 if (RunAsUid != 0 && RealUid != RunAsUid) 6546 { 6547 /* Only root can change the uid */ 6548 syserr("mailfile: insufficient privileges to change uid, RunAsUid=%ld, RealUid=%ld", 6549 (long) RunAsUid, (long) RealUid); 6550 RETURN(EX_TEMPFAIL); 6551 } 6552 } 6553 else if (bitset(S_ISUID, mode)) 6554 { 6555 RealUserName = NULL; 6556 RealUid = stb.st_uid; 6557 } 6558 else if (ctladdr != NULL && ctladdr->q_uid != 0) 6559 { 6560 if (ctladdr->q_ruser != NULL) 6561 RealUserName = ctladdr->q_ruser; 6562 else 6563 RealUserName = ctladdr->q_user; 6564 RealUid = ctladdr->q_uid; 6565 } 6566 else if (mailer != NULL && mailer->m_uid != NO_UID) 6567 { 6568 RealUserName = DefUser; 6569 RealUid = mailer->m_uid; 6570 } 6571 else 6572 { 6573 RealUserName = DefUser; 6574 RealUid = DefUid; 6575 } 6576 6577 /* select a new group to run as */ 6578 if (bitnset(M_SPECIFIC_UID, mailer->m_flags)) 6579 { 6580 if (mailer->m_gid == NO_GID) 6581 RealGid = RunAsGid; 6582 else 6583 RealGid = mailer->m_gid; 6584 if (RunAsUid != 0 && 6585 (RealGid != getgid() || 6586 RealGid != getegid())) 6587 { 6588 /* Only root can change the gid */ 6589 syserr("mailfile: insufficient privileges to change gid, RealGid=%ld, RunAsUid=%ld, gid=%ld, egid=%ld", 6590 (long) RealGid, (long) RunAsUid, 6591 (long) getgid(), (long) getegid()); 6592 RETURN(EX_TEMPFAIL); 6593 } 6594 } 6595 else if (bitset(S_ISGID, mode)) 6596 RealGid = stb.st_gid; 6597 else if (ctladdr != NULL && 6598 ctladdr->q_uid == DefUid && 6599 ctladdr->q_gid == 0) 6600 { 6601 /* 6602 ** Special case: This means it is an 6603 ** alias and we should act as DefaultUser. 6604 ** See alias()'s comments. 6605 */ 6606 6607 RealGid = DefGid; 6608 RealUserName = DefUser; 6609 } 6610 else if (ctladdr != NULL && ctladdr->q_uid != 0) 6611 RealGid = ctladdr->q_gid; 6612 else if (mailer != NULL && mailer->m_gid != NO_GID) 6613 RealGid = mailer->m_gid; 6614 else 6615 RealGid = DefGid; 6616 } 6617 6618 /* last ditch */ 6619 if (!bitset(SFF_ROOTOK, sfflags)) 6620 { 6621 if (RealUid == 0) 6622 RealUid = DefUid; 6623 if (RealGid == 0) 6624 RealGid = DefGid; 6625 } 6626 6627 /* set group id list (needs /etc/group access) */ 6628 if (RealUserName != NULL && !DontInitGroups) 6629 { 6630 if (initgroups(RealUserName, RealGid) == -1 && suidwarn) 6631 { 6632 syserr("mailfile: initgroups(%s, %ld) failed", 6633 RealUserName, (long) RealGid); 6634 RETURN(EX_TEMPFAIL); 6635 } 6636 } 6637 else 6638 { 6639 GIDSET_T gidset[1]; 6640 6641 gidset[0] = RealGid; 6642 if (setgroups(1, gidset) == -1 && suidwarn) 6643 { 6644 syserr("mailfile: setgroups() failed"); 6645 RETURN(EX_TEMPFAIL); 6646 } 6647 } 6648 6649 /* 6650 ** If you have a safe environment, go into it. 6651 */ 6652 6653 if (realfile != targetfile) 6654 { 6655 char save; 6656 6657 save = *realfile; 6658 *realfile = '\0'; 6659 if (tTd(11, 20)) 6660 sm_dprintf("mailfile: chroot %s\n", targetfile); 6661 if (chroot(targetfile) < 0) 6662 { 6663 syserr("mailfile: Cannot chroot(%s)", 6664 targetfile); 6665 RETURN(EX_CANTCREAT); 6666 } 6667 *realfile = save; 6668 } 6669 6670 if (tTd(11, 40)) 6671 sm_dprintf("mailfile: deliver to %s\n", realfile); 6672 6673 if (chdir("/") < 0) 6674 { 6675 syserr("mailfile: cannot chdir(/)"); 6676 RETURN(EX_CANTCREAT); 6677 } 6678 6679 /* now reset the group and user ids */ 6680 endpwent(); 6681 sm_mbdb_terminate(); 6682 if (setgid(RealGid) < 0 && suidwarn) 6683 { 6684 syserr("mailfile: setgid(%ld) failed", (long) RealGid); 6685 RETURN(EX_TEMPFAIL); 6686 } 6687 vendor_set_uid(RealUid); 6688 if (setuid(RealUid) < 0 && suidwarn) 6689 { 6690 syserr("mailfile: setuid(%ld) failed", (long) RealUid); 6691 RETURN(EX_TEMPFAIL); 6692 } 6693 6694 if (tTd(11, 2)) 6695 sm_dprintf("mailfile: running as r/euid=%ld/%ld, r/egid=%ld/%ld\n", 6696 (long) getuid(), (long) geteuid(), 6697 (long) getgid(), (long) getegid()); 6698 6699 6700 /* move into some "safe" directory */ 6701 if (mailer->m_execdir != NULL) 6702 { 6703 char *q; 6704 6705 for (p = mailer->m_execdir; p != NULL; p = q) 6706 { 6707 q = strchr(p, ':'); 6708 if (q != NULL) 6709 *q = '\0'; 6710 expand(p, buf, sizeof(buf), e); 6711 if (q != NULL) 6712 *q++ = ':'; 6713 if (tTd(11, 20)) 6714 sm_dprintf("mailfile: trydir %s\n", 6715 buf); 6716 if (buf[0] != '\0' && chdir(buf) >= 0) 6717 break; 6718 } 6719 } 6720 6721 /* 6722 ** Recheck the file after we have assumed the ID of the 6723 ** delivery user to make sure we can deliver to it as 6724 ** that user. This is necessary if sendmail is running 6725 ** as root and the file is on an NFS mount which treats 6726 ** root as nobody. 6727 */ 6728 6729 #if HASLSTAT 6730 if (bitnset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail)) 6731 err = stat(realfile, &stb); 6732 else 6733 err = lstat(realfile, &stb); 6734 #else /* HASLSTAT */ 6735 err = stat(realfile, &stb); 6736 #endif /* HASLSTAT */ 6737 6738 if (err < 0) 6739 { 6740 stb.st_mode = ST_MODE_NOFILE; 6741 mode = FileMode; 6742 oflags |= O_CREAT|O_EXCL; 6743 } 6744 else if (bitset(S_IXUSR|S_IXGRP|S_IXOTH, mode) || 6745 (!bitnset(DBS_FILEDELIVERYTOHARDLINK, 6746 DontBlameSendmail) && 6747 stb.st_nlink != 1) || 6748 (realfile != targetfile && !S_ISREG(mode))) 6749 exit(EX_CANTCREAT); 6750 else 6751 mode = stb.st_mode; 6752 6753 if (!bitnset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail)) 6754 sfflags |= SFF_NOSLINK; 6755 if (!bitnset(DBS_FILEDELIVERYTOHARDLINK, DontBlameSendmail)) 6756 sfflags |= SFF_NOHLINK; 6757 sfflags &= ~SFF_OPENASROOT; 6758 f = safefopen(realfile, oflags, mode, sfflags); 6759 if (f == NULL) 6760 { 6761 if (transienterror(errno)) 6762 { 6763 usrerr("454 4.3.0 cannot open %s: %s", 6764 shortenstring(realfile, MAXSHORTSTR), 6765 sm_errstring(errno)); 6766 RETURN(EX_TEMPFAIL); 6767 } 6768 else 6769 { 6770 usrerr("554 5.3.0 cannot open %s: %s", 6771 shortenstring(realfile, MAXSHORTSTR), 6772 sm_errstring(errno)); 6773 RETURN(EX_CANTCREAT); 6774 } 6775 } 6776 if (filechanged(realfile, sm_io_getinfo(f, SM_IO_WHAT_FD, NULL), 6777 &stb)) 6778 { 6779 syserr("554 5.3.0 file changed after open"); 6780 RETURN(EX_CANTCREAT); 6781 } 6782 if (fstat(sm_io_getinfo(f, SM_IO_WHAT_FD, NULL), &stb) < 0) 6783 { 6784 syserr("554 5.3.0 cannot fstat %s", 6785 sm_errstring(errno)); 6786 RETURN(EX_CANTCREAT); 6787 } 6788 6789 curoff = stb.st_size; 6790 6791 if (ev != NULL) 6792 sm_clrevent(ev); 6793 6794 memset(&mcibuf, '\0', sizeof(mcibuf)); 6795 mcibuf.mci_mailer = mailer; 6796 mcibuf.mci_out = f; 6797 if (bitnset(M_7BITS, mailer->m_flags)) 6798 mcibuf.mci_flags |= MCIF_7BIT; 6799 6800 /* clear out per-message flags from connection structure */ 6801 mcibuf.mci_flags &= ~(MCIF_CVT7TO8|MCIF_CVT8TO7); 6802 6803 if (bitset(EF_HAS8BIT, e->e_flags) && 6804 !bitset(EF_DONT_MIME, e->e_flags) && 6805 bitnset(M_7BITS, mailer->m_flags)) 6806 mcibuf.mci_flags |= MCIF_CVT8TO7; 6807 6808 #if MIME7TO8 6809 if (bitnset(M_MAKE8BIT, mailer->m_flags) && 6810 !bitset(MCIF_7BIT, mcibuf.mci_flags) && 6811 (p = hvalue("Content-Transfer-Encoding", e->e_header)) != NULL && 6812 (SM_STRCASEEQ(p, "quoted-printable") || 6813 SM_STRCASEEQ(p, "base64")) && 6814 (p = hvalue("Content-Type", e->e_header)) != NULL) 6815 { 6816 /* may want to convert 7 -> 8 */ 6817 /* XXX should really parse it here -- and use a class XXX */ 6818 if (sm_strncasecmp(p, "text/plain", 10) == 0 && 6819 (p[10] == '\0' || p[10] == ' ' || p[10] == ';')) 6820 mcibuf.mci_flags |= MCIF_CVT7TO8; 6821 } 6822 #endif /* MIME7TO8 */ 6823 6824 if (!putfromline(&mcibuf, e) || 6825 !(*e->e_puthdr)(&mcibuf, e->e_header, e, M87F_OUTER) || 6826 !(*e->e_putbody)(&mcibuf, e, NULL) || 6827 !putline("\n", &mcibuf) || 6828 (sm_io_flush(f, SM_TIME_DEFAULT) != 0 || 6829 (SuperSafe != SAFE_NO && 6830 fsync(sm_io_getinfo(f, SM_IO_WHAT_FD, NULL)) < 0) || 6831 sm_io_error(f))) 6832 { 6833 setstat(EX_IOERR); 6834 #if !NOFTRUNCATE 6835 (void) ftruncate(sm_io_getinfo(f, SM_IO_WHAT_FD, NULL), 6836 curoff); 6837 #endif 6838 } 6839 6840 /* reset ISUID & ISGID bits for paranoid systems */ 6841 #if HASFCHMOD 6842 (void) fchmod(sm_io_getinfo(f, SM_IO_WHAT_FD, NULL), 6843 (MODE_T) mode); 6844 #else 6845 (void) chmod(filename, (MODE_T) mode); 6846 #endif 6847 if (sm_io_close(f, SM_TIME_DEFAULT) < 0) 6848 setstat(EX_IOERR); 6849 (void) sm_io_flush(smioout, SM_TIME_DEFAULT); 6850 (void) setuid(RealUid); 6851 exit(ExitStat); 6852 /* NOTREACHED */ 6853 } 6854 else 6855 { 6856 /* parent -- wait for exit status */ 6857 int st; 6858 6859 st = waitfor(pid); 6860 if (st == -1) 6861 { 6862 syserr("mailfile: %s: wait", mailer->m_name); 6863 return EX_SOFTWARE; 6864 } 6865 if (WIFEXITED(st)) 6866 { 6867 errno = 0; 6868 return (WEXITSTATUS(st)); 6869 } 6870 else 6871 { 6872 syserr("mailfile: %s: child died on signal %d", 6873 mailer->m_name, st); 6874 return EX_UNAVAILABLE; 6875 } 6876 /* NOTREACHED */ 6877 } 6878 return EX_UNAVAILABLE; /* avoid compiler warning on IRIX */ 6879 } 6880 6881 static void 6882 mailfiletimeout(ignore) 6883 int ignore; 6884 { 6885 /* 6886 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD 6887 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE 6888 ** DOING. 6889 */ 6890 6891 errno = ETIMEDOUT; 6892 longjmp(CtxMailfileTimeout, 1); 6893 } 6894 6895 #if DANE 6896 6897 /* 6898 ** GETMPORT -- return the port of a mailer 6899 ** 6900 ** Parameters: 6901 ** m -- the mailer describing this host. 6902 ** 6903 ** Returns: 6904 ** the port of the mailer if defined. 6905 ** 0 otherwise 6906 ** <0 error 6907 */ 6908 6909 static int getmport __P((MAILER *)); 6910 6911 static int 6912 getmport(m) 6913 MAILER *m; 6914 { 6915 unsigned long ulval; 6916 char *buf, *ep; 6917 6918 if (m->m_port > 0) 6919 return m->m_port; 6920 6921 if (NULL == m->m_argv[0] ||NULL == m->m_argv[1]) 6922 return -1; 6923 buf = m->m_argv[2]; 6924 if (NULL == buf) 6925 return 0; 6926 6927 errno = 0; 6928 ulval = strtoul(buf, &ep, 0); 6929 if (buf[0] == '\0' || *ep != '\0') 6930 return -1; 6931 if (errno == ERANGE && ulval == ULONG_MAX) 6932 return -1; 6933 if (ulval > USHRT_MAX) 6934 return -1; 6935 m->m_port = (unsigned short) ulval; 6936 if (tTd(17, 30)) 6937 sm_dprintf("getmport: mailer=%s, port=%d\n", m->m_name, 6938 m->m_port); 6939 return m->m_port; 6940 } 6941 # define GETMPORT(m) getmport(m) 6942 #else /* DANE */ 6943 # define GETMPORT(m) 25 6944 #endif /* DANE */ 6945 6946 /* 6947 ** HOSTSIGNATURE -- return the "signature" for a host (list). 6948 ** 6949 ** The signature describes how we are going to send this -- it 6950 ** can be just the hostname (for non-Internet hosts) or can be 6951 ** an ordered list of MX hosts. 6952 ** 6953 ** Parameters: 6954 ** m -- the mailer describing this host. 6955 ** host -- the host name (can be a list). 6956 ** ad -- DNSSEC: ad flag for lookup of host. 6957 ** pqflags -- (pointer to) q_flags (can be NULL) 6958 ** 6959 ** Returns: 6960 ** The signature for this host. 6961 ** 6962 ** Side Effects: 6963 ** Can tweak the symbol table. 6964 */ 6965 6966 #define MAXHOSTSIGNATURE 8192 /* max len of hostsignature */ 6967 6968 char * 6969 hostsignature(m, host, ad, pqflags) 6970 register MAILER *m; 6971 char *host; 6972 bool ad; 6973 unsigned long *pqflags; 6974 { 6975 register char *p; 6976 register STAB *s; 6977 time_t now; 6978 #if NAMED_BIND 6979 char sep = ':'; 6980 char prevsep = ':'; 6981 int i; 6982 int len; 6983 int nmx; 6984 int hl; 6985 char *hp; 6986 char *endp; 6987 char *lstr; 6988 int oldoptions = _res.options; 6989 char *mxhosts[MAXMXHOSTS + 1]; 6990 unsigned short mxprefs[MAXMXHOSTS + 1]; 6991 #endif /* NAMED_BIND */ 6992 int admx; 6993 6994 if (tTd(17, 3)) 6995 sm_dprintf("hostsignature: host=%s, ad=%d\n", host, ad); 6996 if (pqflags != NULL && !ad) 6997 *pqflags &= ~QMXSECURE; 6998 6999 /* 7000 ** If local delivery (and not remote), just return a constant. 7001 */ 7002 7003 if (bitnset(M_LOCALMAILER, m->m_flags) && 7004 strcmp(m->m_mailer, "[IPC]") != 0 && 7005 !(m->m_argv[0] != NULL && strcmp(m->m_argv[0], "TCP") == 0)) 7006 return "localhost"; 7007 7008 /* an empty host does not have MX records */ 7009 if (*host == '\0') 7010 return "_empty_"; 7011 7012 /* 7013 ** Check to see if this uses IPC -- if not, it can't have MX records. 7014 */ 7015 7016 if (strcmp(m->m_mailer, "[IPC]") != 0 || 7017 CurEnv->e_sendmode == SM_DEFER) 7018 { 7019 /* just an ordinary mailer or deferred mode */ 7020 return host; 7021 } 7022 #if NETUNIX 7023 else if (m->m_argv[0] != NULL && 7024 strcmp(m->m_argv[0], "FILE") == 0) 7025 { 7026 /* rendezvous in the file system, no MX records */ 7027 return host; 7028 } 7029 #endif /* NETUNIX */ 7030 7031 /* 7032 ** Look it up in the symbol table. 7033 */ 7034 7035 now = curtime(); 7036 s = stab(host, ST_HOSTSIG, ST_ENTER); 7037 if (s->s_hostsig.hs_sig != NULL) 7038 { 7039 if (s->s_hostsig.hs_exp >= now) 7040 { 7041 if (tTd(17, 3)) 7042 sm_dprintf("hostsignature: stab(%s) found %s\n", host, 7043 s->s_hostsig.hs_sig); 7044 return s->s_hostsig.hs_sig; 7045 } 7046 7047 /* signature is expired: clear it */ 7048 sm_free(s->s_hostsig.hs_sig); 7049 s->s_hostsig.hs_sig = NULL; 7050 } 7051 7052 /* set default TTL */ 7053 s->s_hostsig.hs_exp = now + SM_DEFAULT_TTL; 7054 7055 /* 7056 ** Not already there or expired -- create a signature. 7057 */ 7058 7059 #if NAMED_BIND 7060 if (ConfigLevel < 2) 7061 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */ 7062 7063 for (hp = host; hp != NULL; hp = endp) 7064 { 7065 # if NETINET6 7066 if (*hp == '[') 7067 { 7068 endp = strchr(hp + 1, ']'); 7069 if (endp != NULL) 7070 endp = strpbrk(endp + 1, ":,"); 7071 } 7072 else 7073 endp = strpbrk(hp, ":,"); 7074 # else /* NETINET6 */ 7075 endp = strpbrk(hp, ":,"); 7076 # endif /* NETINET6 */ 7077 if (endp != NULL) 7078 { 7079 sep = *endp; 7080 *endp = '\0'; 7081 } 7082 7083 if (bitnset(M_NOMX, m->m_flags)) 7084 { 7085 /* skip MX lookups */ 7086 nmx = 1; 7087 mxhosts[0] = hp; 7088 } 7089 else 7090 { 7091 auto int rcode; 7092 int ttl; 7093 7094 admx = 0; 7095 nmx = getmxrr(hp, mxhosts, mxprefs, 7096 DROPLOCALHOST|(ad ? ISAD :0)| 7097 ((NULL == endp) ? TRYFALLBACK : 0), 7098 &rcode, &ttl, GETMPORT(m), &admx); 7099 if (nmx <= 0) 7100 { 7101 int save_errno; 7102 register MCI *mci; 7103 7104 /* update the connection info for this host */ 7105 save_errno = errno; 7106 mci = mci_get(hp, m); 7107 mci->mci_errno = save_errno; 7108 mci->mci_herrno = h_errno; 7109 mci->mci_lastuse = now; 7110 if (nmx == NULLMX) 7111 mci_setstat(mci, rcode, ESCNULLMXRCPT, 7112 ERRNULLMX); 7113 else if (rcode == EX_NOHOST) 7114 mci_setstat(mci, rcode, "5.1.2", 7115 "550 Host unknown"); 7116 else 7117 mci_setstat(mci, rcode, NULL, NULL); 7118 7119 /* use the original host name as signature */ 7120 nmx = 1; 7121 mxhosts[0] = hp; 7122 } 7123 7124 /* 7125 ** NOTE: this sets QMXSECURE if the ad flags is set 7126 ** for at least one host in the host list. XXX 7127 */ 7128 7129 if (pqflags != NULL && admx) 7130 *pqflags |= QMXSECURE; 7131 if (tTd(17, 3)) 7132 sm_dprintf("hostsignature: host=%s, getmxrr=%d, mxhosts[0]=%s, admx=%d\n", 7133 hp, nmx, mxhosts[0], admx); 7134 7135 /* 7136 ** Set new TTL: we use only one! 7137 ** We could try to use the minimum instead. 7138 */ 7139 7140 s->s_hostsig.hs_exp = now + SM_MIN(ttl, SM_DEFAULT_TTL); 7141 } 7142 7143 len = 0; 7144 for (i = 0; i < nmx; i++) 7145 len += strlen(mxhosts[i]) + 1; 7146 if (s->s_hostsig.hs_sig != NULL) 7147 len += strlen(s->s_hostsig.hs_sig) + 1; 7148 # if DANE && HSMARKS 7149 if (admx && DANE_SEC(Dane)) 7150 len += nmx; 7151 # endif 7152 if (len < 0 || len >= MAXHOSTSIGNATURE) 7153 { 7154 sm_syslog(LOG_WARNING, NOQID, "hostsignature for host '%s' exceeds maxlen (%d): %d", 7155 host, MAXHOSTSIGNATURE, len); 7156 len = MAXHOSTSIGNATURE; 7157 } 7158 p = sm_pmalloc_x(len); 7159 if (s->s_hostsig.hs_sig != NULL) 7160 { 7161 (void) sm_strlcpy(p, s->s_hostsig.hs_sig, len); 7162 sm_free(s->s_hostsig.hs_sig); /* XXX */ 7163 s->s_hostsig.hs_sig = p; 7164 hl = strlen(p); 7165 p += hl; 7166 *p++ = prevsep; 7167 len -= hl + 1; 7168 } 7169 else 7170 s->s_hostsig.hs_sig = p; 7171 for (i = 0; i < nmx; i++) 7172 { 7173 hl = strlen(mxhosts[i]); 7174 if (len <= 1 || 7175 # if DANE && HSMARKS 7176 len - 1 < (hl + ((admx && DANE_SEC(Dane)) ? 1 : 0)) 7177 # else 7178 len - 1 < hl 7179 # endif 7180 ) 7181 { 7182 /* force to drop out of outer loop */ 7183 len = -1; 7184 break; 7185 } 7186 if (i != 0) 7187 { 7188 if (mxprefs[i] == mxprefs[i - 1]) 7189 *p++ = ','; 7190 else 7191 *p++ = ':'; 7192 len--; 7193 } 7194 # if DANE && HSMARKS 7195 if (admx && DANE_SEC(Dane)) 7196 { 7197 *p++ = HSM_AD; 7198 len--; 7199 } 7200 # endif 7201 (void) sm_strlcpy(p, mxhosts[i], len); 7202 p += hl; 7203 len -= hl; 7204 } 7205 7206 /* 7207 ** break out of loop if len exceeded MAXHOSTSIGNATURE 7208 ** because we won't have more space for further hosts 7209 ** anyway (separated by : in the .cf file). 7210 */ 7211 7212 if (len < 0) 7213 break; 7214 if (endp != NULL) 7215 *endp++ = sep; 7216 prevsep = sep; 7217 } 7218 lstr = makelower_a(&s->s_hostsig.hs_sig, NULL); 7219 ASSIGN_IFDIFF(s->s_hostsig.hs_sig, lstr); 7220 if (ConfigLevel < 2) 7221 _res.options = oldoptions; 7222 #else /* NAMED_BIND */ 7223 /* not using BIND -- the signature is just the host name */ 7224 /* 7225 ** 'host' points to storage that will be freed after we are 7226 ** done processing the current envelope, so we copy it. 7227 */ 7228 s->s_hostsig.hs_sig = sm_pstrdup_x(host); 7229 #endif /* NAMED_BIND */ 7230 if (tTd(17, 1)) 7231 sm_dprintf("hostsignature: host=%s, result=%s\n", host, s->s_hostsig.hs_sig); 7232 return s->s_hostsig.hs_sig; 7233 } 7234 7235 /* 7236 ** PARSE_HOSTSIGNATURE -- parse the "signature" and return MX host array. 7237 ** 7238 ** The signature describes how we are going to send this -- it 7239 ** can be just the hostname (for non-Internet hosts) or can be 7240 ** an ordered list of MX hosts which must be randomized for equal 7241 ** MX preference values. 7242 ** 7243 ** Parameters: 7244 ** sig -- the host signature. 7245 ** mxhosts -- array to populate. 7246 ** mailer -- mailer. 7247 ** 7248 ** Returns: 7249 ** The number of hosts inserted into mxhosts array. 7250 ** 7251 ** NOTES: 7252 ** mxhosts must have at least MAXMXHOSTS entries 7253 ** mxhosts[] will point to elements in sig -- 7254 ** hence any changes to mxhosts[] will modify sig! 7255 ** 7256 ** Side Effects: 7257 ** Randomizes equal MX preference hosts in mxhosts. 7258 */ 7259 7260 static int 7261 parse_hostsignature(sig, mxhosts, mailer 7262 #if DANE 7263 , mxads 7264 #endif 7265 ) 7266 char *sig; 7267 char **mxhosts; 7268 MAILER *mailer; 7269 #if DANE 7270 BITMAP256 mxads; 7271 #endif 7272 { 7273 unsigned short curpref = 0; 7274 int nmx = 0, i, j; /* NOTE: i, j, and nmx must have same type */ 7275 char *hp, *endp; 7276 unsigned short prefer[MAXMXHOSTS]; 7277 long rndm[MAXMXHOSTS]; 7278 7279 #if DANE 7280 clrbitmap(mxads); 7281 #endif 7282 for (hp = sig; hp != NULL; hp = endp) 7283 { 7284 char sep = ':'; 7285 7286 FIX_MXHOSTS(hp, endp, sep); 7287 #if HSMARKS 7288 if (HSM_AD == *hp) 7289 { 7290 MXADS_SET(mxads, nmx); 7291 mxhosts[nmx] = hp + 1; 7292 } 7293 else 7294 #endif 7295 mxhosts[nmx] = hp; 7296 prefer[nmx] = curpref; 7297 if (mci_match(hp, mailer)) 7298 rndm[nmx] = 0; 7299 else 7300 rndm[nmx] = get_random(); 7301 7302 if (endp != NULL) 7303 { 7304 /* 7305 ** Since we don't have the original MX prefs, 7306 ** make our own. If the separator is a ':', that 7307 ** means the preference for the next host will be 7308 ** higher than this one, so simply increment curpref. 7309 */ 7310 7311 if (sep == ':') 7312 curpref++; 7313 7314 *endp++ = sep; 7315 } 7316 if (++nmx >= MAXMXHOSTS) 7317 break; 7318 } 7319 7320 /* sort the records using the random factor for equal preferences */ 7321 for (i = 0; i < nmx; i++) 7322 { 7323 for (j = i + 1; j < nmx; j++) 7324 { 7325 /* 7326 ** List is already sorted by MX preference, only 7327 ** need to look for equal preference MX records 7328 */ 7329 7330 if (prefer[i] < prefer[j]) 7331 break; 7332 7333 if (prefer[i] > prefer[j] || 7334 (prefer[i] == prefer[j] && rndm[i] > rndm[j])) 7335 { 7336 register unsigned short tempp; 7337 register long tempr; 7338 register char *temp1; 7339 7340 tempp = prefer[i]; 7341 prefer[i] = prefer[j]; 7342 prefer[j] = tempp; 7343 temp1 = mxhosts[i]; 7344 mxhosts[i] = mxhosts[j]; 7345 mxhosts[j] = temp1; 7346 tempr = rndm[i]; 7347 rndm[i] = rndm[j]; 7348 rndm[j] = tempr; 7349 } 7350 } 7351 } 7352 return nmx; 7353 } 7354 7355 #if STARTTLS 7356 static SSL_CTX *clt_ctx = NULL; 7357 static bool tls_ok_clt = true; 7358 # if DANE 7359 static bool ctx_dane_enabled = false; 7360 # endif 7361 7362 /* 7363 ** SETCLTTLS -- client side TLS: allow/disallow. 7364 ** 7365 ** Parameters: 7366 ** tls_ok -- should tls be done? 7367 ** 7368 ** Returns: 7369 ** none. 7370 ** 7371 ** Side Effects: 7372 ** sets tls_ok_clt (static variable in this module) 7373 */ 7374 7375 void 7376 setclttls(tls_ok) 7377 bool tls_ok; 7378 { 7379 tls_ok_clt = tls_ok; 7380 return; 7381 } 7382 7383 /* 7384 ** INITCLTTLS -- initialize client side TLS 7385 ** 7386 ** Parameters: 7387 ** tls_ok -- should TLS initialization be done? 7388 ** 7389 ** Returns: 7390 ** succeeded? 7391 ** 7392 ** Side Effects: 7393 ** sets tls_ok_clt, ctx_dane_enabled (static variables 7394 ** in this module) 7395 */ 7396 7397 bool 7398 initclttls(tls_ok) 7399 bool tls_ok; 7400 { 7401 if (!tls_ok_clt) 7402 return false; 7403 tls_ok_clt = tls_ok; 7404 if (!tls_ok_clt) 7405 return false; 7406 if (clt_ctx != NULL) 7407 return true; /* already done */ 7408 tls_ok_clt = inittls(&clt_ctx, TLS_I_CLT, Clt_SSL_Options, false, 7409 CltCertFile, CltKeyFile, 7410 # if _FFR_CLIENTCA 7411 (CltCACertPath != NULL) ? CltCACertPath : 7412 # endif 7413 CACertPath, 7414 # if _FFR_CLIENTCA 7415 (CltCACertFile != NULL) ? CltCACertFile : 7416 # endif 7417 CACertFile, 7418 DHParams); 7419 # if _FFR_TESTS 7420 if (tls_ok_clt && tTd(90, 104)) 7421 { 7422 sm_dprintf("test=simulate initclttls error\n"); 7423 tls_ok_clt = false; 7424 } 7425 # endif /* _FFR_TESTS */ 7426 # if DANE 7427 if (tls_ok_clt && CHK_DANE(Dane)) 7428 { 7429 # if HAVE_SSL_CTX_dane_enable 7430 int r; 7431 7432 r = SSL_CTX_dane_enable(clt_ctx); 7433 # if _FFR_TESTS 7434 if (tTd(90, 103)) 7435 { 7436 sm_dprintf("test=simulate SSL_CTX_dane_enable error\n"); 7437 # if defined(SSL_F_DANE_CTX_ENABLE) 7438 SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE); 7439 # endif 7440 r = -1; 7441 } 7442 # endif /* _FFR_TESTS */ 7443 ctx_dane_enabled = (r > 0); 7444 if (r <= 0) 7445 { 7446 if (LogLevel > 1) 7447 sm_syslog(LOG_ERR, NOQID, 7448 "SSL_CTX_dane_enable=%d", r); 7449 tlslogerr(LOG_ERR, 7, "init_client"); 7450 } 7451 else if (LogLevel > 13) 7452 sm_syslog(LOG_DEBUG, NOQID, 7453 "SSL_CTX_dane_enable=%d", r); 7454 # else 7455 ctx_dane_enabled = false; 7456 # endif /* HAVE_SSL_CTX_dane_enable */ 7457 } 7458 if (tTd(90, 90)) 7459 sm_dprintf("func=initclttls, ctx_dane_enabled=%d\n", ctx_dane_enabled); 7460 # endif /* DANE */ 7461 7462 return tls_ok_clt; 7463 } 7464 7465 /* 7466 ** STARTTLS -- try to start secure connection (client side) 7467 ** 7468 ** Parameters: 7469 ** m -- the mailer. 7470 ** mci -- the mailer connection info. 7471 ** e -- the envelope. 7472 ** implicit -- implicit TLS (SMTP over TLS, no STARTTLS command) 7473 ** 7474 ** Returns: 7475 ** success? 7476 ** (maybe this should be some other code than EX_ 7477 ** that denotes which stage failed.) 7478 */ 7479 7480 static int 7481 starttls(m, mci, e, implicit 7482 # if DANE 7483 , dane_vrfy_ctx 7484 # endif 7485 ) 7486 MAILER *m; 7487 MCI *mci; 7488 ENVELOPE *e; 7489 bool implicit; 7490 # if DANE 7491 dane_vrfy_ctx_P dane_vrfy_ctx; 7492 # endif 7493 { 7494 int smtpresult; 7495 int result = 0; 7496 int ret = EX_OK; 7497 int rfd, wfd; 7498 SSL *clt_ssl = NULL; 7499 time_t tlsstart; 7500 extern int TLSsslidx; 7501 7502 # if DANE 7503 if (TTD(90, 60)) 7504 sm_dprintf("starttls=client: Dane=%d, dane_vrfy_chk=%#x\n", 7505 Dane,dane_vrfy_ctx->dane_vrfy_chk); 7506 # endif 7507 if (clt_ctx == NULL && !initclttls(true)) 7508 return EX_TEMPFAIL; 7509 7510 if (!TLS_set_engine(SSLEngine, false)) 7511 { 7512 sm_syslog(LOG_ERR, NOQID, 7513 "STARTTLS=client, engine=%s, TLS_set_engine=failed", 7514 SSLEngine); 7515 return EX_TEMPFAIL; 7516 } 7517 7518 /* clt_ssl needed for get_tls_se_features() hence create here */ 7519 if ((clt_ssl = SSL_new(clt_ctx)) == NULL) 7520 { 7521 if (LogLevel > 5) 7522 { 7523 sm_syslog(LOG_ERR, NOQID, 7524 "STARTTLS=client, error: SSL_new failed"); 7525 tlslogerr(LOG_WARNING, 9, "client"); 7526 } 7527 return EX_TEMPFAIL; 7528 } 7529 7530 ret = get_tls_se_features(e, clt_ssl, &mci->mci_tlsi, false); 7531 if (EX_OK != ret) 7532 { 7533 sm_syslog(LOG_ERR, NOQID, 7534 "STARTTLS=client, get_tls_se_features=failed, ret=%d", 7535 ret); 7536 goto fail; 7537 } 7538 7539 if (!implicit) 7540 { 7541 smtpmessage("STARTTLS", m, mci); 7542 7543 /* get the reply */ 7544 smtpresult = reply(m, mci, e, TimeOuts.to_starttls, NULL, NULL, 7545 XS_STARTTLS, NULL); 7546 7547 /* check return code from server */ 7548 if (REPLYTYPE(smtpresult) == 4) 7549 { 7550 ret = EX_TEMPFAIL; 7551 goto fail; 7552 } 7553 #if 0 7554 /* 7555 ** RFC 3207 says 7556 ** 501 Syntax error (no parameters allowed) 7557 ** since sendmail does not use arguments, that's basically 7558 ** a "cannot happen", hence treat it as any other 5xy, 7559 ** which means it is also properly handled by the rules. 7560 */ 7561 7562 if (smtpresult == 501) 7563 { 7564 ret = EX_USAGE; 7565 goto fail; 7566 } 7567 #endif /* 0 */ 7568 if (smtpresult == -1) 7569 { 7570 ret = smtpresult; 7571 goto fail; 7572 } 7573 7574 /* not an expected reply but we have to deal with it */ 7575 if (REPLYTYPE(smtpresult) == 5) 7576 { 7577 ret = EX_UNAVAILABLE; 7578 goto fail; 7579 } 7580 if (smtpresult != 220) 7581 { 7582 ret = EX_PROTOCOL; 7583 goto fail; 7584 } 7585 } 7586 7587 if (LogLevel > 13) 7588 sm_syslog(LOG_INFO, NOQID, "STARTTLS=client, start=ok"); 7589 7590 /* SSL_clear(clt_ssl); ? */ 7591 result = SSL_set_ex_data(clt_ssl, TLSsslidx, &mci->mci_tlsi); 7592 if (0 == result) 7593 { 7594 if (LogLevel > 5) 7595 { 7596 sm_syslog(LOG_ERR, NOQID, 7597 "STARTTLS=client, error: SSL_set_ex_data failed=%d, idx=%d", 7598 result, TLSsslidx); 7599 tlslogerr(LOG_WARNING, 9, "client"); 7600 } 7601 goto fail; 7602 } 7603 # if DANE 7604 if (SM_TLSI_IS(&(mci->mci_tlsi), TLSI_FL_NODANE)) 7605 dane_vrfy_ctx->dane_vrfy_chk = DANE_NEVER; 7606 if (TTD(90, 60)) 7607 sm_dprintf("starttls=client: 2: dane_vrfy_chk=%#x CHK_DANE=%d\n", 7608 dane_vrfy_ctx->dane_vrfy_chk, 7609 CHK_DANE(dane_vrfy_ctx->dane_vrfy_chk)); 7610 if (CHK_DANE(dane_vrfy_ctx->dane_vrfy_chk)) 7611 { 7612 int r; 7613 7614 /* set SNI only if there is a TLSA RR */ 7615 if (tTd(90, 40)) 7616 sm_dprintf("dane_get_tlsa=%p, dane_vrfy_host=%s, dane_vrfy_sni=%s, ctx_dane_enabled=%d, dane_enabled=%d\n", 7617 dane_get_tlsa(dane_vrfy_ctx), 7618 dane_vrfy_ctx->dane_vrfy_host, 7619 dane_vrfy_ctx->dane_vrfy_sni, 7620 ctx_dane_enabled, 7621 dane_vrfy_ctx->dane_vrfy_dane_enabled); 7622 if (dane_get_tlsa(dane_vrfy_ctx) != NULL && 7623 !(SM_IS_EMPTY(dane_vrfy_ctx->dane_vrfy_host) && 7624 SM_IS_EMPTY(dane_vrfy_ctx->dane_vrfy_sni))) 7625 { 7626 # if _FFR_MTA_STS 7627 SM_FREE(STS_SNI); 7628 # endif 7629 dane_vrfy_ctx->dane_vrfy_dane_enabled = ctx_dane_enabled; 7630 if ((r = ssl_dane_enable(dane_vrfy_ctx, clt_ssl)) < 0) 7631 { 7632 dane_vrfy_ctx->dane_vrfy_dane_enabled = false; 7633 if (LogLevel > 5) 7634 { 7635 sm_syslog(LOG_ERR, NOQID, 7636 "STARTTLS=client, host=%s, ssl_dane_enable=%d", 7637 dane_vrfy_ctx->dane_vrfy_host, r); 7638 } 7639 } 7640 if (SM_NOTDONE == r) 7641 dane_vrfy_ctx->dane_vrfy_dane_enabled = false; 7642 if (tTd(90, 40)) 7643 sm_dprintf("ssl_dane_enable=%d, chk=%#x, dane_enabled=%d\n", 7644 r, dane_vrfy_ctx->dane_vrfy_chk, 7645 dane_vrfy_ctx->dane_vrfy_dane_enabled); 7646 if ((r = SSL_set_tlsext_host_name(clt_ssl, 7647 (!SM_IS_EMPTY(dane_vrfy_ctx->dane_vrfy_sni) 7648 ? dane_vrfy_ctx->dane_vrfy_sni 7649 : dane_vrfy_ctx->dane_vrfy_host))) <= 0) 7650 { 7651 if (LogLevel > 5) 7652 { 7653 sm_syslog(LOG_ERR, NOQID, 7654 "STARTTLS=client, host=%s, SSL_set_tlsext_host_name=%d", 7655 dane_vrfy_ctx->dane_vrfy_host, r); 7656 } 7657 tlslogerr(LOG_ERR, 5, "client"); 7658 /* return EX_SOFTWARE; */ 7659 } 7660 } 7661 } 7662 memcpy(&mci->mci_tlsi.tlsi_dvc, dane_vrfy_ctx, sizeof(*dane_vrfy_ctx)); 7663 # endif /* DANE */ 7664 # if _FFR_MTA_STS 7665 if (STS_SNI != NULL) 7666 { 7667 int r; 7668 7669 if ((r = SSL_set_tlsext_host_name(clt_ssl, STS_SNI)) <= 0) 7670 { 7671 if (LogLevel > 5) 7672 { 7673 sm_syslog(LOG_ERR, NOQID, 7674 "STARTTLS=client, host=%s, SSL_set_tlsext_host_name=%d", 7675 STS_SNI, r); 7676 } 7677 tlslogerr(LOG_ERR, 5, "client"); 7678 /* return EX_SOFTWARE; */ 7679 } 7680 } 7681 # endif /* _FFR_MTA_STS */ 7682 7683 rfd = sm_io_getinfo(mci->mci_in, SM_IO_WHAT_FD, NULL); 7684 wfd = sm_io_getinfo(mci->mci_out, SM_IO_WHAT_FD, NULL); 7685 7686 if (rfd < 0 || wfd < 0 || 7687 (result = SSL_set_rfd(clt_ssl, rfd)) != 1 || 7688 (result = SSL_set_wfd(clt_ssl, wfd)) != 1) 7689 { 7690 if (LogLevel > 5) 7691 { 7692 sm_syslog(LOG_ERR, NOQID, 7693 "STARTTLS=client, error: SSL_set_xfd failed=%d", 7694 result); 7695 tlslogerr(LOG_WARNING, 9, "client"); 7696 } 7697 goto fail; 7698 } 7699 SSL_set_connect_state(clt_ssl); 7700 tlsstart = curtime(); 7701 7702 ssl_retry: 7703 if ((result = SSL_connect(clt_ssl)) <= 0) 7704 { 7705 int i, ssl_err; 7706 int save_errno = errno; 7707 7708 ssl_err = SSL_get_error(clt_ssl, result); 7709 i = tls_retry(clt_ssl, rfd, wfd, tlsstart, 7710 TimeOuts.to_starttls, ssl_err, "client"); 7711 if (i > 0) 7712 goto ssl_retry; 7713 7714 if (LogLevel > 5) 7715 { 7716 unsigned long l; 7717 const char *sr; 7718 7719 l = ERR_peek_error(); 7720 sr = ERR_reason_error_string(l); 7721 sm_syslog(LOG_WARNING, NOQID, 7722 "STARTTLS=client, error: connect failed=%d, reason=%s, SSL_error=%d, errno=%d, retry=%d", 7723 result, sr == NULL ? "unknown" : sr, ssl_err, 7724 save_errno, i); 7725 tlslogerr(LOG_WARNING, 9, "client"); 7726 } 7727 7728 goto fail; 7729 } 7730 mci->mci_ssl = clt_ssl; 7731 result = tls_get_info(mci->mci_ssl, false, mci->mci_host, 7732 &mci->mci_macro, true); 7733 7734 /* switch to use TLS... */ 7735 if (sfdctls(&mci->mci_in, &mci->mci_out, mci->mci_ssl) == 0) 7736 return EX_OK; 7737 7738 fail: 7739 /* failure */ 7740 SM_SSL_FREE(clt_ssl); 7741 return (EX_OK == ret) ? EX_SOFTWARE : ret; 7742 } 7743 7744 /* 7745 ** ENDTLSCLT -- shutdown secure connection (client side) 7746 ** 7747 ** Parameters: 7748 ** mci -- the mailer connection info. 7749 ** 7750 ** Returns: 7751 ** success? 7752 */ 7753 7754 static int 7755 endtlsclt(mci) 7756 MCI *mci; 7757 { 7758 int r; 7759 7760 if (!bitset(MCIF_TLSACT, mci->mci_flags)) 7761 return EX_OK; 7762 r = endtls(&mci->mci_ssl, "client"); 7763 mci->mci_flags &= ~MCIF_TLSACT; 7764 return r; 7765 } 7766 #endif /* STARTTLS */ 7767 #if STARTTLS || SASL 7768 /* 7769 ** ISCLTFLGSET -- check whether client flag is set. 7770 ** 7771 ** Parameters: 7772 ** e -- envelope. 7773 ** flag -- flag to check in {client_flags} 7774 ** 7775 ** Returns: 7776 ** true iff flag is set. 7777 */ 7778 7779 static bool 7780 iscltflgset(e, flag) 7781 ENVELOPE *e; 7782 int flag; 7783 { 7784 char *p; 7785 7786 p = macvalue(macid("{client_flags}"), e); 7787 if (p == NULL) 7788 return false; 7789 for (; *p != '\0'; p++) 7790 { 7791 /* look for just this one flag */ 7792 if (*p == (char) flag) 7793 return true; 7794 } 7795 return false; 7796 } 7797 #endif /* STARTTLS || SASL */ 7798 7799 #if _FFR_TESTS 7800 void 7801 t_parsehostsig(hs, mailer) 7802 char *hs; 7803 MAILER *mailer; 7804 { 7805 int nummxhosts, i; 7806 char *mxhosts[MAXMXHOSTS + 1]; 7807 #if DANE 7808 BITMAP256 mxads; 7809 #endif 7810 7811 if (NULL == mailer) 7812 mailer = LocalMailer; 7813 nummxhosts = parse_hostsignature(hs, mxhosts, mailer 7814 #if DANE 7815 , mxads 7816 #endif 7817 ); 7818 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 7819 "nummxhosts=%d\n", nummxhosts); 7820 for (i = 0; i < nummxhosts; i++) 7821 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 7822 "mx[%d]=%s, ad=%d\n", i, mxhosts[i], MXADS_ISSET(mxads, 0)); 7823 } 7824 7825 void 7826 t_hostsig(a, hs, mailer) 7827 ADDRESS *a; 7828 char *hs; 7829 MAILER *mailer; 7830 { 7831 char *q; 7832 7833 if (NULL != a) 7834 q = hostsignature(a->q_mailer, a->q_host, true, &a->q_flags); 7835 else if (NULL != hs) 7836 { 7837 SM_REQUIRE(NULL != mailer); 7838 q = hostsignature(mailer, hs, true, NULL); 7839 } 7840 else 7841 SM_REQUIRE(NULL != hs); 7842 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "hostsig %s\n", q); 7843 t_parsehostsig(q, (NULL != a) ? a->q_mailer : mailer); 7844 } 7845 #endif /* _FFR_TESTS */ 7846