1 /* 2 * Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. 3 * All rights reserved. 4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. 5 * Copyright (c) 1988, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * By using this file, you agree to the terms and conditions set 9 * forth in the LICENSE file which can be found at the top level of 10 * the sendmail distribution. 11 * 12 */ 13 14 #include <sendmail.h> 15 #include <sys/time.h> 16 17 SM_RCSID("@(#)$Id: deliver.c,v 8.928 2002/01/10 03:23:29 gshapiro Exp $") 18 19 #if HASSETUSERCONTEXT 20 # include <login_cap.h> 21 #endif /* HASSETUSERCONTEXT */ 22 23 #if STARTTLS || SASL 24 # include "sfsasl.h" 25 #endif /* STARTTLS || SASL */ 26 27 void markfailure __P((ENVELOPE *, ADDRESS *, MCI *, int, bool)); 28 static int deliver __P((ENVELOPE *, ADDRESS *)); 29 static void dup_queue_file __P((ENVELOPE *, ENVELOPE *, int)); 30 static void mailfiletimeout __P((void)); 31 static int parse_hostsignature __P((char *, char **, MAILER *)); 32 static void sendenvelope __P((ENVELOPE *, int)); 33 extern MCI *mci_new __P((SM_RPOOL_T *)); 34 static int coloncmp __P((const char *, const char *)); 35 36 #if STARTTLS 37 static int starttls __P((MAILER *, MCI *, ENVELOPE *)); 38 static int endtlsclt __P((MCI *)); 39 #endif /* STARTTLS */ 40 # if STARTTLS || SASL 41 static bool iscltflgset __P((ENVELOPE *, int)); 42 # endif /* STARTTLS || SASL */ 43 44 /* 45 ** SENDALL -- actually send all the messages. 46 ** 47 ** Parameters: 48 ** e -- the envelope to send. 49 ** mode -- the delivery mode to use. If SM_DEFAULT, use 50 ** the current e->e_sendmode. 51 ** 52 ** Returns: 53 ** none. 54 ** 55 ** Side Effects: 56 ** Scans the send lists and sends everything it finds. 57 ** Delivers any appropriate error messages. 58 ** If we are running in a non-interactive mode, takes the 59 ** appropriate action. 60 */ 61 62 void 63 sendall(e, mode) 64 ENVELOPE *e; 65 int mode; 66 { 67 register ADDRESS *q; 68 char *owner; 69 int otherowners; 70 int save_errno; 71 register ENVELOPE *ee; 72 ENVELOPE *splitenv = NULL; 73 int oldverbose = Verbose; 74 bool somedeliveries = false, expensive = false; 75 pid_t pid; 76 77 /* 78 ** If this message is to be discarded, don't bother sending 79 ** the message at all. 80 */ 81 82 if (bitset(EF_DISCARD, e->e_flags)) 83 { 84 if (tTd(13, 1)) 85 sm_dprintf("sendall: discarding id %s\n", e->e_id); 86 e->e_flags |= EF_CLRQUEUE; 87 if (LogLevel > 9) 88 logundelrcpts(e, "discarded", 9, true); 89 else if (LogLevel > 4) 90 sm_syslog(LOG_INFO, e->e_id, "discarded"); 91 markstats(e, NULL, STATS_REJECT); 92 return; 93 } 94 95 /* 96 ** If we have had global, fatal errors, don't bother sending 97 ** the message at all if we are in SMTP mode. Local errors 98 ** (e.g., a single address failing) will still cause the other 99 ** addresses to be sent. 100 */ 101 102 if (bitset(EF_FATALERRS, e->e_flags) && 103 (OpMode == MD_SMTP || OpMode == MD_DAEMON)) 104 { 105 e->e_flags |= EF_CLRQUEUE; 106 return; 107 } 108 109 /* determine actual delivery mode */ 110 if (mode == SM_DEFAULT) 111 { 112 mode = e->e_sendmode; 113 if (mode != SM_VERIFY && mode != SM_DEFER && 114 shouldqueue(e->e_msgpriority, e->e_ctime)) 115 mode = SM_QUEUE; 116 } 117 118 if (tTd(13, 1)) 119 { 120 sm_dprintf("\n===== SENDALL: mode %c, id %s, e_from ", 121 mode, e->e_id); 122 printaddr(&e->e_from, false); 123 sm_dprintf("\te_flags = "); 124 printenvflags(e); 125 sm_dprintf("sendqueue:\n"); 126 printaddr(e->e_sendqueue, true); 127 } 128 129 /* 130 ** Do any preprocessing necessary for the mode we are running. 131 ** Check to make sure the hop count is reasonable. 132 ** Delete sends to the sender in mailing lists. 133 */ 134 135 CurEnv = e; 136 if (tTd(62, 1)) 137 checkfds(NULL); 138 139 if (e->e_hopcount > MaxHopCount) 140 { 141 char *recip; 142 143 if (e->e_sendqueue != NULL && 144 e->e_sendqueue->q_paddr != NULL) 145 recip = e->e_sendqueue->q_paddr; 146 else 147 recip = "(nobody)"; 148 149 errno = 0; 150 queueup(e, WILL_BE_QUEUED(mode), false); 151 e->e_flags |= EF_FATALERRS|EF_PM_NOTIFY|EF_CLRQUEUE; 152 ExitStat = EX_UNAVAILABLE; 153 syserr("554 5.4.6 Too many hops %d (%d max): from %s via %s, to %s", 154 e->e_hopcount, MaxHopCount, e->e_from.q_paddr, 155 RealHostName == NULL ? "localhost" : RealHostName, 156 recip); 157 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 158 { 159 if (QS_IS_DEAD(q->q_state)) 160 continue; 161 q->q_state = QS_BADADDR; 162 q->q_status = "5.4.6"; 163 q->q_rstatus = "554 5.4.6 Too many hops"; 164 } 165 return; 166 } 167 168 /* 169 ** Do sender deletion. 170 ** 171 ** If the sender should be queued up, skip this. 172 ** This can happen if the name server is hosed when you 173 ** are trying to send mail. The result is that the sender 174 ** is instantiated in the queue as a recipient. 175 */ 176 177 if (!bitset(EF_METOO, e->e_flags) && 178 !QS_IS_QUEUEUP(e->e_from.q_state)) 179 { 180 if (tTd(13, 5)) 181 { 182 sm_dprintf("sendall: QS_SENDER "); 183 printaddr(&e->e_from, false); 184 } 185 e->e_from.q_state = QS_SENDER; 186 (void) recipient(&e->e_from, &e->e_sendqueue, 0, e); 187 } 188 189 /* 190 ** Handle alias owners. 191 ** 192 ** We scan up the q_alias chain looking for owners. 193 ** We discard owners that are the same as the return path. 194 */ 195 196 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 197 { 198 register struct address *a; 199 200 for (a = q; a != NULL && a->q_owner == NULL; a = a->q_alias) 201 continue; 202 if (a != NULL) 203 q->q_owner = a->q_owner; 204 205 if (q->q_owner != NULL && 206 !QS_IS_DEAD(q->q_state) && 207 strcmp(q->q_owner, e->e_from.q_paddr) == 0) 208 q->q_owner = NULL; 209 } 210 211 if (tTd(13, 25)) 212 { 213 sm_dprintf("\nAfter first owner pass, sendq =\n"); 214 printaddr(e->e_sendqueue, true); 215 } 216 217 owner = ""; 218 otherowners = 1; 219 while (owner != NULL && otherowners > 0) 220 { 221 if (tTd(13, 28)) 222 sm_dprintf("owner = \"%s\", otherowners = %d\n", 223 owner, otherowners); 224 owner = NULL; 225 otherowners = bitset(EF_SENDRECEIPT, e->e_flags) ? 1 : 0; 226 227 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 228 { 229 if (tTd(13, 30)) 230 { 231 sm_dprintf("Checking "); 232 printaddr(q, false); 233 } 234 if (QS_IS_DEAD(q->q_state)) 235 { 236 if (tTd(13, 30)) 237 sm_dprintf(" ... QS_IS_DEAD\n"); 238 continue; 239 } 240 if (tTd(13, 29) && !tTd(13, 30)) 241 { 242 sm_dprintf("Checking "); 243 printaddr(q, false); 244 } 245 246 if (q->q_owner != NULL) 247 { 248 if (owner == NULL) 249 { 250 if (tTd(13, 40)) 251 sm_dprintf(" ... First owner = \"%s\"\n", 252 q->q_owner); 253 owner = q->q_owner; 254 } 255 else if (owner != q->q_owner) 256 { 257 if (strcmp(owner, q->q_owner) == 0) 258 { 259 if (tTd(13, 40)) 260 sm_dprintf(" ... Same owner = \"%s\"\n", 261 owner); 262 263 /* make future comparisons cheap */ 264 q->q_owner = owner; 265 } 266 else 267 { 268 if (tTd(13, 40)) 269 sm_dprintf(" ... Another owner \"%s\"\n", 270 q->q_owner); 271 otherowners++; 272 } 273 owner = q->q_owner; 274 } 275 else if (tTd(13, 40)) 276 sm_dprintf(" ... Same owner = \"%s\"\n", 277 owner); 278 } 279 else 280 { 281 if (tTd(13, 40)) 282 sm_dprintf(" ... Null owner\n"); 283 otherowners++; 284 } 285 286 if (QS_IS_BADADDR(q->q_state)) 287 { 288 if (tTd(13, 30)) 289 sm_dprintf(" ... QS_IS_BADADDR\n"); 290 continue; 291 } 292 293 if (QS_IS_QUEUEUP(q->q_state)) 294 { 295 MAILER *m = q->q_mailer; 296 297 /* 298 ** If we have temporary address failures 299 ** (e.g., dns failure) and a fallback MX is 300 ** set, send directly to the fallback MX host. 301 */ 302 303 if (FallBackMX != NULL && 304 !wordinclass(FallBackMX, 'w') && 305 mode != SM_VERIFY && 306 !bitnset(M_NOMX, m->m_flags) && 307 strcmp(m->m_mailer, "[IPC]") == 0 && 308 m->m_argv[0] != NULL && 309 strcmp(m->m_argv[0], "TCP") == 0) 310 { 311 int len; 312 char *p; 313 314 if (tTd(13, 30)) 315 sm_dprintf(" ... FallBackMX\n"); 316 317 len = strlen(FallBackMX) + 1; 318 p = sm_rpool_malloc_x(e->e_rpool, len); 319 (void) sm_strlcpy(p, FallBackMX, len); 320 q->q_state = QS_OK; 321 q->q_host = p; 322 } 323 else 324 { 325 if (tTd(13, 30)) 326 sm_dprintf(" ... QS_IS_QUEUEUP\n"); 327 continue; 328 } 329 } 330 331 /* 332 ** If this mailer is expensive, and if we don't 333 ** want to make connections now, just mark these 334 ** addresses and return. This is useful if we 335 ** want to batch connections to reduce load. This 336 ** will cause the messages to be queued up, and a 337 ** daemon will come along to send the messages later. 338 */ 339 340 if (NoConnect && !Verbose && 341 bitnset(M_EXPENSIVE, q->q_mailer->m_flags)) 342 { 343 if (tTd(13, 30)) 344 sm_dprintf(" ... expensive\n"); 345 q->q_state = QS_QUEUEUP; 346 expensive = true; 347 } 348 else if (bitnset(M_HOLD, q->q_mailer->m_flags) && 349 QueueLimitId == NULL && 350 QueueLimitSender == NULL && 351 QueueLimitRecipient == NULL) 352 { 353 if (tTd(13, 30)) 354 sm_dprintf(" ... hold\n"); 355 q->q_state = QS_QUEUEUP; 356 expensive = true; 357 } 358 #if _FFR_QUARANTINE 359 else if (QueueMode != QM_QUARANTINE && 360 e->e_quarmsg != NULL) 361 { 362 if (tTd(13, 30)) 363 sm_dprintf(" ... quarantine: %s\n", 364 e->e_quarmsg); 365 q->q_state = QS_QUEUEUP; 366 expensive = true; 367 } 368 #endif /* _FFR_QUARANTINE */ 369 else 370 { 371 if (tTd(13, 30)) 372 sm_dprintf(" ... deliverable\n"); 373 somedeliveries = true; 374 } 375 } 376 377 if (owner != NULL && otherowners > 0) 378 { 379 /* 380 ** Split this envelope into two. 381 */ 382 383 ee = (ENVELOPE *) sm_rpool_malloc_x(e->e_rpool, 384 sizeof *ee); 385 STRUCTCOPY(*e, *ee); 386 ee->e_message = NULL; 387 ee->e_id = NULL; 388 assign_queueid(ee); 389 390 if (tTd(13, 1)) 391 sm_dprintf("sendall: split %s into %s, owner = \"%s\", otherowners = %d\n", 392 e->e_id, ee->e_id, owner, 393 otherowners); 394 395 ee->e_header = copyheader(e->e_header, ee->e_rpool); 396 ee->e_sendqueue = copyqueue(e->e_sendqueue, 397 ee->e_rpool); 398 ee->e_errorqueue = copyqueue(e->e_errorqueue, 399 ee->e_rpool); 400 ee->e_flags = e->e_flags & ~(EF_INQUEUE|EF_CLRQUEUE|EF_FATALERRS|EF_SENDRECEIPT|EF_RET_PARAM); 401 ee->e_flags |= EF_NORECEIPT; 402 setsender(owner, ee, NULL, '\0', true); 403 if (tTd(13, 5)) 404 { 405 sm_dprintf("sendall(split): QS_SENDER "); 406 printaddr(&ee->e_from, false); 407 } 408 ee->e_from.q_state = QS_SENDER; 409 ee->e_dfp = NULL; 410 ee->e_lockfp = NULL; 411 ee->e_xfp = NULL; 412 ee->e_qgrp = e->e_qgrp; 413 ee->e_qdir = e->e_qdir; 414 ee->e_errormode = EM_MAIL; 415 ee->e_sibling = splitenv; 416 ee->e_statmsg = NULL; 417 #if _FFR_QUARANTINE 418 if (e->e_quarmsg != NULL) 419 ee->e_quarmsg = sm_rpool_strdup_x(ee->e_rpool, 420 e->e_quarmsg); 421 #endif /* _FFR_QUARANTINE */ 422 splitenv = ee; 423 424 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 425 { 426 if (q->q_owner == owner) 427 { 428 q->q_state = QS_CLONED; 429 if (tTd(13, 6)) 430 sm_dprintf("\t... stripping %s from original envelope\n", 431 q->q_paddr); 432 } 433 } 434 for (q = ee->e_sendqueue; q != NULL; q = q->q_next) 435 { 436 if (q->q_owner != owner) 437 { 438 q->q_state = QS_CLONED; 439 if (tTd(13, 6)) 440 sm_dprintf("\t... dropping %s from cloned envelope\n", 441 q->q_paddr); 442 } 443 else 444 { 445 /* clear DSN parameters */ 446 q->q_flags &= ~(QHASNOTIFY|Q_PINGFLAGS); 447 q->q_flags |= DefaultNotify & ~QPINGONSUCCESS; 448 if (tTd(13, 6)) 449 sm_dprintf("\t... moving %s to cloned envelope\n", 450 q->q_paddr); 451 } 452 } 453 454 if (mode != SM_VERIFY && bitset(EF_HAS_DF, e->e_flags)) 455 dup_queue_file(e, ee, DATAFL_LETTER); 456 457 /* 458 ** Give the split envelope access to the parent 459 ** transcript file for errors obtained while 460 ** processing the recipients (done before the 461 ** envelope splitting). 462 */ 463 464 if (e->e_xfp != NULL) 465 ee->e_xfp = sm_io_dup(e->e_xfp); 466 467 /* failed to dup e->e_xfp, start a new transcript */ 468 if (ee->e_xfp == NULL) 469 openxscript(ee); 470 471 if (mode != SM_VERIFY && LogLevel > 4) 472 sm_syslog(LOG_INFO, e->e_id, 473 "%s: clone: owner=%s", 474 ee->e_id, owner); 475 } 476 } 477 478 if (owner != NULL) 479 { 480 setsender(owner, e, NULL, '\0', true); 481 if (tTd(13, 5)) 482 { 483 sm_dprintf("sendall(owner): QS_SENDER "); 484 printaddr(&e->e_from, false); 485 } 486 e->e_from.q_state = QS_SENDER; 487 e->e_errormode = EM_MAIL; 488 e->e_flags |= EF_NORECEIPT; 489 e->e_flags &= ~EF_FATALERRS; 490 } 491 492 /* if nothing to be delivered, just queue up everything */ 493 if (!somedeliveries && !WILL_BE_QUEUED(mode) && 494 mode != SM_VERIFY) 495 { 496 time_t now; 497 498 if (tTd(13, 29)) 499 sm_dprintf("No deliveries: auto-queuing\n"); 500 mode = SM_QUEUE; 501 now = curtime(); 502 503 /* treat this as a delivery in terms of counting tries */ 504 e->e_dtime = now; 505 if (!expensive) 506 e->e_ntries++; 507 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 508 { 509 ee->e_dtime = now; 510 if (!expensive) 511 ee->e_ntries++; 512 } 513 } 514 515 if ((WILL_BE_QUEUED(mode) || mode == SM_FORK || 516 (mode != SM_VERIFY && SuperSafe == SAFE_REALLY)) && 517 (!bitset(EF_INQUEUE, e->e_flags) || splitenv != NULL)) 518 { 519 bool msync; 520 521 /* 522 ** Be sure everything is instantiated in the queue. 523 ** Split envelopes first in case the machine crashes. 524 ** If the original were done first, we may lose 525 ** recipients. 526 */ 527 528 #if !HASFLOCK 529 msync = false; 530 #else /* !HASFLOCK */ 531 msync = mode == SM_FORK; 532 #endif /* !HASFLOCK */ 533 534 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 535 queueup(ee, WILL_BE_QUEUED(mode), msync); 536 queueup(e, WILL_BE_QUEUED(mode), msync); 537 } 538 539 if (tTd(62, 10)) 540 checkfds("after envelope splitting"); 541 542 /* 543 ** If we belong in background, fork now. 544 */ 545 546 if (tTd(13, 20)) 547 { 548 sm_dprintf("sendall: final mode = %c\n", mode); 549 if (tTd(13, 21)) 550 { 551 sm_dprintf("\n================ Final Send Queue(s) =====================\n"); 552 sm_dprintf("\n *** Envelope %s, e_from=%s ***\n", 553 e->e_id, e->e_from.q_paddr); 554 printaddr(e->e_sendqueue, true); 555 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 556 { 557 sm_dprintf("\n *** Envelope %s, e_from=%s ***\n", 558 ee->e_id, ee->e_from.q_paddr); 559 printaddr(ee->e_sendqueue, true); 560 } 561 sm_dprintf("==========================================================\n\n"); 562 } 563 } 564 switch (mode) 565 { 566 case SM_VERIFY: 567 Verbose = 2; 568 break; 569 570 case SM_QUEUE: 571 case SM_DEFER: 572 #if HASFLOCK 573 queueonly: 574 #endif /* HASFLOCK */ 575 if (e->e_nrcpts > 0) 576 e->e_flags |= EF_INQUEUE; 577 dropenvelope(e, splitenv != NULL, true); 578 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 579 { 580 if (ee->e_nrcpts > 0) 581 ee->e_flags |= EF_INQUEUE; 582 dropenvelope(ee, false, true); 583 } 584 return; 585 586 case SM_FORK: 587 if (e->e_xfp != NULL) 588 (void) sm_io_flush(e->e_xfp, SM_TIME_DEFAULT); 589 590 #if !HASFLOCK 591 /* 592 ** Since fcntl locking has the interesting semantic that 593 ** the lock is owned by a process, not by an open file 594 ** descriptor, we have to flush this to the queue, and 595 ** then restart from scratch in the child. 596 */ 597 598 { 599 /* save id for future use */ 600 char *qid = e->e_id; 601 602 /* now drop the envelope in the parent */ 603 e->e_flags |= EF_INQUEUE; 604 dropenvelope(e, splitenv != NULL, false); 605 606 /* arrange to reacquire lock after fork */ 607 e->e_id = qid; 608 } 609 610 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 611 { 612 /* save id for future use */ 613 char *qid = ee->e_id; 614 615 /* drop envelope in parent */ 616 ee->e_flags |= EF_INQUEUE; 617 dropenvelope(ee, false, false); 618 619 /* and save qid for reacquisition */ 620 ee->e_id = qid; 621 } 622 623 #endif /* !HASFLOCK */ 624 625 /* 626 ** Since the delivery may happen in a child and the parent 627 ** does not wait, the parent may close the maps thereby 628 ** removing any shared memory used by the map. Therefore, 629 ** close the maps now so the child will dynamically open 630 ** them if necessary. 631 */ 632 633 closemaps(false); 634 635 pid = fork(); 636 if (pid < 0) 637 { 638 syserr("deliver: fork 1"); 639 #if HASFLOCK 640 goto queueonly; 641 #else /* HASFLOCK */ 642 e->e_id = NULL; 643 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 644 ee->e_id = NULL; 645 return; 646 #endif /* HASFLOCK */ 647 } 648 else if (pid > 0) 649 { 650 #if HASFLOCK 651 /* be sure we leave the temp files to our child */ 652 /* close any random open files in the envelope */ 653 closexscript(e); 654 if (e->e_dfp != NULL) 655 (void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT); 656 e->e_dfp = NULL; 657 e->e_flags &= ~EF_HAS_DF; 658 659 /* can't call unlockqueue to avoid unlink of xfp */ 660 if (e->e_lockfp != NULL) 661 (void) sm_io_close(e->e_lockfp, SM_TIME_DEFAULT); 662 else 663 syserr("%s: sendall: null lockfp", e->e_id); 664 e->e_lockfp = NULL; 665 #endif /* HASFLOCK */ 666 667 /* make sure the parent doesn't own the envelope */ 668 e->e_id = NULL; 669 670 #if USE_DOUBLE_FORK 671 /* catch intermediate zombie */ 672 (void) waitfor(pid); 673 #endif /* USE_DOUBLE_FORK */ 674 return; 675 } 676 677 /* Reset global flags */ 678 RestartRequest = NULL; 679 RestartWorkGroup = false; 680 ShutdownRequest = NULL; 681 PendingSignal = 0; 682 683 /* 684 ** Initialize exception stack and default exception 685 ** handler for child process. 686 */ 687 688 sm_exc_newthread(fatal_error); 689 690 /* 691 ** Since we have accepted responsbility for the message, 692 ** change the SIGTERM handler. intsig() (the old handler) 693 ** would remove the envelope if this was a command line 694 ** message submission. 695 */ 696 697 (void) sm_signal(SIGTERM, SIG_DFL); 698 699 #if USE_DOUBLE_FORK 700 /* double fork to avoid zombies */ 701 pid = fork(); 702 if (pid > 0) 703 exit(EX_OK); 704 save_errno = errno; 705 #endif /* USE_DOUBLE_FORK */ 706 707 CurrentPid = getpid(); 708 709 /* be sure we are immune from the terminal */ 710 disconnect(2, e); 711 clearstats(); 712 713 /* prevent parent from waiting if there was an error */ 714 if (pid < 0) 715 { 716 errno = save_errno; 717 syserr("deliver: fork 2"); 718 #if HASFLOCK 719 e->e_flags |= EF_INQUEUE; 720 #else /* HASFLOCK */ 721 e->e_id = NULL; 722 #endif /* HASFLOCK */ 723 finis(true, true, ExitStat); 724 } 725 726 /* be sure to give error messages in child */ 727 QuickAbort = false; 728 729 /* 730 ** Close any cached connections. 731 ** 732 ** We don't send the QUIT protocol because the parent 733 ** still knows about the connection. 734 ** 735 ** This should only happen when delivering an error 736 ** message. 737 */ 738 739 mci_flush(false, NULL); 740 741 #if HASFLOCK 742 break; 743 #else /* HASFLOCK */ 744 745 /* 746 ** Now reacquire and run the various queue files. 747 */ 748 749 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 750 { 751 ENVELOPE *sibling = ee->e_sibling; 752 753 (void) dowork(ee->e_qgrp, ee->e_qdir, ee->e_id, 754 false, false, ee); 755 ee->e_sibling = sibling; 756 } 757 (void) dowork(e->e_qgrp, e->e_qdir, e->e_id, 758 false, false, e); 759 finis(true, true, ExitStat); 760 #endif /* HASFLOCK */ 761 } 762 763 sendenvelope(e, mode); 764 dropenvelope(e, true, true); 765 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 766 { 767 CurEnv = ee; 768 if (mode != SM_VERIFY) 769 openxscript(ee); 770 sendenvelope(ee, mode); 771 dropenvelope(ee, true, true); 772 } 773 CurEnv = e; 774 775 Verbose = oldverbose; 776 if (mode == SM_FORK) 777 finis(true, true, ExitStat); 778 } 779 780 static void 781 sendenvelope(e, mode) 782 register ENVELOPE *e; 783 int mode; 784 { 785 register ADDRESS *q; 786 bool didany; 787 788 if (tTd(13, 10)) 789 sm_dprintf("sendenvelope(%s) e_flags=0x%lx\n", 790 e->e_id == NULL ? "[NOQUEUE]" : e->e_id, 791 e->e_flags); 792 if (LogLevel > 80) 793 sm_syslog(LOG_DEBUG, e->e_id, 794 "sendenvelope, flags=0x%lx", 795 e->e_flags); 796 797 /* 798 ** If we have had global, fatal errors, don't bother sending 799 ** the message at all if we are in SMTP mode. Local errors 800 ** (e.g., a single address failing) will still cause the other 801 ** addresses to be sent. 802 */ 803 804 if (bitset(EF_FATALERRS, e->e_flags) && 805 (OpMode == MD_SMTP || OpMode == MD_DAEMON)) 806 { 807 e->e_flags |= EF_CLRQUEUE; 808 return; 809 } 810 811 /* 812 ** Don't attempt deliveries if we want to bounce now 813 ** or if deliver-by time is exceeded. 814 */ 815 816 if (!bitset(EF_RESPONSE, e->e_flags) && 817 (TimeOuts.to_q_return[e->e_timeoutclass] == NOW || 818 (IS_DLVR_RETURN(e) && e->e_deliver_by > 0 && 819 curtime() > e->e_ctime + e->e_deliver_by))) 820 return; 821 822 /* 823 ** Run through the list and send everything. 824 ** 825 ** Set EF_GLOBALERRS so that error messages during delivery 826 ** result in returned mail. 827 */ 828 829 e->e_nsent = 0; 830 e->e_flags |= EF_GLOBALERRS; 831 832 macdefine(&e->e_macro, A_PERM, macid("{envid}"), e->e_envid); 833 macdefine(&e->e_macro, A_PERM, macid("{bodytype}"), e->e_bodytype); 834 didany = false; 835 836 if (!bitset(EF_SPLIT, e->e_flags)) 837 { 838 ENVELOPE *oldsib; 839 ENVELOPE *ee; 840 841 /* 842 ** Save old sibling and set it to NULL to avoid 843 ** queueing up the same envelopes again. 844 ** This requires that envelopes in that list have 845 ** been take care of before (or at some other place). 846 */ 847 848 oldsib = e->e_sibling; 849 e->e_sibling = NULL; 850 if (!split_by_recipient(e) && 851 bitset(EF_FATALERRS, e->e_flags)) 852 { 853 if (OpMode == MD_SMTP || OpMode == MD_DAEMON) 854 e->e_flags |= EF_CLRQUEUE; 855 return; 856 } 857 for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling) 858 queueup(ee, false, true); 859 860 /* clean up */ 861 for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling) 862 { 863 /* now unlock the job */ 864 closexscript(ee); 865 unlockqueue(ee); 866 867 /* this envelope is marked unused */ 868 if (ee->e_dfp != NULL) 869 { 870 (void) sm_io_close(ee->e_dfp, SM_TIME_DEFAULT); 871 ee->e_dfp = NULL; 872 } 873 ee->e_id = NULL; 874 ee->e_flags &= ~EF_HAS_DF; 875 } 876 e->e_sibling = oldsib; 877 } 878 879 /* now run through the queue */ 880 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 881 { 882 #if XDEBUG 883 char wbuf[MAXNAME + 20]; 884 885 (void) sm_snprintf(wbuf, sizeof wbuf, "sendall(%.*s)", 886 MAXNAME, q->q_paddr); 887 checkfd012(wbuf); 888 #endif /* XDEBUG */ 889 if (mode == SM_VERIFY) 890 { 891 e->e_to = q->q_paddr; 892 if (QS_IS_SENDABLE(q->q_state)) 893 { 894 if (q->q_host != NULL && q->q_host[0] != '\0') 895 message("deliverable: mailer %s, host %s, user %s", 896 q->q_mailer->m_name, 897 q->q_host, 898 q->q_user); 899 else 900 message("deliverable: mailer %s, user %s", 901 q->q_mailer->m_name, 902 q->q_user); 903 } 904 } 905 else if (QS_IS_OK(q->q_state)) 906 { 907 /* 908 ** Checkpoint the send list every few addresses 909 */ 910 911 if (CheckpointInterval > 0 && 912 e->e_nsent >= CheckpointInterval) 913 { 914 queueup(e, false, false); 915 e->e_nsent = 0; 916 } 917 (void) deliver(e, q); 918 didany = true; 919 } 920 } 921 if (didany) 922 { 923 e->e_dtime = curtime(); 924 e->e_ntries++; 925 } 926 927 #if XDEBUG 928 checkfd012("end of sendenvelope"); 929 #endif /* XDEBUG */ 930 } 931 932 #if REQUIRES_DIR_FSYNC 933 /* 934 ** SYNC_DIR -- fsync a directory based on a filename 935 ** 936 ** Parameters: 937 ** filename -- path of file 938 ** panic -- panic? 939 ** 940 ** Returns: 941 ** none 942 */ 943 944 void 945 sync_dir(filename, panic) 946 char *filename; 947 bool panic; 948 { 949 int dirfd; 950 char *dirp; 951 char dir[MAXPATHLEN]; 952 953 /* filesystems which require the directory be synced */ 954 dirp = strrchr(filename, '/'); 955 if (dirp != NULL) 956 { 957 if (sm_strlcpy(dir, filename, sizeof dir) >= sizeof dir) 958 return; 959 dir[dirp - filename] = '\0'; 960 dirp = dir; 961 } 962 else 963 dirp = "."; 964 dirfd = open(dirp, O_RDONLY, 0700); 965 if (tTd(40,32)) 966 sm_syslog(LOG_INFO, NOQID, "sync_dir: %s: fsync(%d)", 967 dirp, dirfd); 968 if (dirfd >= 0) 969 { 970 if (fsync(dirfd) < 0) 971 { 972 if (panic) 973 syserr("!sync_dir: cannot fsync directory %s", 974 dirp); 975 else if (LogLevel > 1) 976 sm_syslog(LOG_ERR, NOQID, 977 "sync_dir: cannot fsync directory %s: %s", 978 dirp, sm_errstring(errno)); 979 } 980 (void) close(dirfd); 981 } 982 } 983 #endif /* REQUIRES_DIR_FSYNC */ 984 /* 985 ** DUP_QUEUE_FILE -- duplicate a queue file into a split queue 986 ** 987 ** Parameters: 988 ** e -- the existing envelope 989 ** ee -- the new envelope 990 ** type -- the queue file type (e.g., DATAFL_LETTER) 991 ** 992 ** Returns: 993 ** none 994 */ 995 996 static void 997 dup_queue_file(e, ee, type) 998 ENVELOPE *e, *ee; 999 int type; 1000 { 1001 char f1buf[MAXPATHLEN], f2buf[MAXPATHLEN]; 1002 1003 ee->e_dfp = NULL; 1004 ee->e_xfp = NULL; 1005 1006 /* 1007 ** Make sure both are in the same directory. 1008 */ 1009 1010 (void) sm_strlcpy(f1buf, queuename(e, type), sizeof f1buf); 1011 (void) sm_strlcpy(f2buf, queuename(ee, type), sizeof f2buf); 1012 if (link(f1buf, f2buf) < 0) 1013 { 1014 int save_errno = errno; 1015 1016 syserr("sendall: link(%s, %s)", f1buf, f2buf); 1017 if (save_errno == EEXIST) 1018 { 1019 if (unlink(f2buf) < 0) 1020 { 1021 syserr("!sendall: unlink(%s): permanent", 1022 f2buf); 1023 /* NOTREACHED */ 1024 } 1025 if (link(f1buf, f2buf) < 0) 1026 { 1027 syserr("!sendall: link(%s, %s): permanent", 1028 f1buf, f2buf); 1029 /* NOTREACHED */ 1030 } 1031 } 1032 } 1033 SYNC_DIR(f2buf, true); 1034 } 1035 /* 1036 ** DOFORK -- do a fork, retrying a couple of times on failure. 1037 ** 1038 ** This MUST be a macro, since after a vfork we are running 1039 ** two processes on the same stack!!! 1040 ** 1041 ** Parameters: 1042 ** none. 1043 ** 1044 ** Returns: 1045 ** From a macro??? You've got to be kidding! 1046 ** 1047 ** Side Effects: 1048 ** Modifies the ==> LOCAL <== variable 'pid', leaving: 1049 ** pid of child in parent, zero in child. 1050 ** -1 on unrecoverable error. 1051 ** 1052 ** Notes: 1053 ** I'm awfully sorry this looks so awful. That's 1054 ** vfork for you..... 1055 */ 1056 1057 #define NFORKTRIES 5 1058 1059 #ifndef FORK 1060 # define FORK fork 1061 #endif /* ! FORK */ 1062 1063 #define DOFORK(fORKfN) \ 1064 {\ 1065 register int i;\ 1066 \ 1067 for (i = NFORKTRIES; --i >= 0; )\ 1068 {\ 1069 pid = fORKfN();\ 1070 if (pid >= 0)\ 1071 break;\ 1072 if (i > 0)\ 1073 (void) sleep((unsigned) NFORKTRIES - i);\ 1074 }\ 1075 } 1076 /* 1077 ** DOFORK -- simple fork interface to DOFORK. 1078 ** 1079 ** Parameters: 1080 ** none. 1081 ** 1082 ** Returns: 1083 ** pid of child in parent. 1084 ** zero in child. 1085 ** -1 on error. 1086 ** 1087 ** Side Effects: 1088 ** returns twice, once in parent and once in child. 1089 */ 1090 1091 pid_t 1092 dofork() 1093 { 1094 register pid_t pid = -1; 1095 1096 DOFORK(fork); 1097 return pid; 1098 } 1099 1100 /* 1101 ** COLONCMP -- compare host-signatures up to first ':' or EOS 1102 ** 1103 ** This takes two strings which happen to be host-signatures and 1104 ** compares them. If the lowest preference portions of the MX-RR's 1105 ** match (up to ':' or EOS, whichever is first), then we have 1106 ** match. This is used for coattail-piggybacking messages during 1107 ** message delivery. 1108 ** If the signatures are the same up to the first ':' the remainder of 1109 ** the signatures are then compared with a normal strcmp(). This saves 1110 ** re-examining the first part of the signatures. 1111 ** 1112 ** Parameters: 1113 ** a - first host-signature 1114 ** b - second host-signature 1115 ** 1116 ** Returns: 1117 ** HS_MATCH_NO -- no "match". 1118 ** HS_MATCH_FIRST -- "match" for the first MX preference 1119 ** (up to the first colon (':')). 1120 ** HS_MATCH_FULL -- match for the entire MX record. 1121 ** 1122 ** Side Effects: 1123 ** none. 1124 */ 1125 1126 #define HS_MATCH_NO 0 1127 #define HS_MATCH_FIRST 1 1128 #define HS_MATCH_FULL 2 1129 1130 static int 1131 coloncmp(a, b) 1132 register const char *a; 1133 register const char *b; 1134 { 1135 int ret = HS_MATCH_NO; 1136 int braclev = 0; 1137 1138 while (*a == *b++) 1139 { 1140 /* Need to account for IPv6 bracketed addresses */ 1141 if (*a == '[') 1142 braclev++; 1143 else if (*a == '[' && braclev > 0) 1144 braclev--; 1145 else if (*a == ':' && braclev <= 0) 1146 { 1147 ret = HS_MATCH_FIRST; 1148 a++; 1149 break; 1150 } 1151 else if (*a == '\0') 1152 return HS_MATCH_FULL; /* a full match */ 1153 a++; 1154 } 1155 if (ret == HS_MATCH_NO && 1156 braclev <= 0 && 1157 ((*a == '\0' && *(b - 1) == ':') || 1158 (*a == ':' && *(b - 1) == '\0'))) 1159 return HS_MATCH_FIRST; 1160 if (ret == HS_MATCH_FIRST && strcmp(a, b) == 0) 1161 return HS_MATCH_FULL; 1162 1163 return ret; 1164 } 1165 /* 1166 ** DELIVER -- Deliver a message to a list of addresses. 1167 ** 1168 ** This routine delivers to everyone on the same host as the 1169 ** user on the head of the list. It is clever about mailers 1170 ** that don't handle multiple users. It is NOT guaranteed 1171 ** that it will deliver to all these addresses however -- so 1172 ** deliver should be called once for each address on the 1173 ** list. 1174 ** Deliver tries to be as opportunistic as possible about piggybacking 1175 ** messages. Some definitions to make understanding easier follow below. 1176 ** Piggybacking occurs when an existing connection to a mail host can 1177 ** be used to send the same message to more than one recipient at the 1178 ** same time. So "no piggybacking" means one message for one recipient 1179 ** per connection. "Intentional piggybacking" happens when the 1180 ** recipients' host address (not the mail host address) is used to 1181 ** attempt piggybacking. Recipients with the same host address 1182 ** have the same mail host. "Coincidental piggybacking" relies on 1183 ** piggybacking based on all the mail host addresses in the MX-RR. This 1184 ** is "coincidental" in the fact it could not be predicted until the 1185 ** MX Resource Records for the hosts were obtained and examined. For 1186 ** example (preference order and equivalence is important, not values): 1187 ** domain1 IN MX 10 mxhost-A 1188 ** IN MX 20 mxhost-B 1189 ** domain2 IN MX 4 mxhost-A 1190 ** IN MX 8 mxhost-B 1191 ** Domain1 and domain2 can piggyback the same message to mxhost-A or 1192 ** mxhost-B (if mxhost-A cannot be reached). 1193 ** "Coattail piggybacking" relaxes the strictness of "coincidental 1194 ** piggybacking" in the hope that most significant (lowest value) 1195 ** MX preference host(s) can create more piggybacking. For example 1196 ** (again, preference order and equivalence is important, not values): 1197 ** domain3 IN MX 100 mxhost-C 1198 ** IN MX 100 mxhost-D 1199 ** IN MX 200 mxhost-E 1200 ** domain4 IN MX 50 mxhost-C 1201 ** IN MX 50 mxhost-D 1202 ** IN MX 80 mxhost-F 1203 ** A message for domain3 and domain4 can piggyback to mxhost-C if mxhost-C 1204 ** is available. Same with mxhost-D because in both RR's the preference 1205 ** value is the same as mxhost-C, respectively. 1206 ** So deliver attempts coattail piggybacking when possible. If the 1207 ** first MX preference level hosts cannot be used then the piggybacking 1208 ** reverts to coincidental piggybacking. Using the above example you 1209 ** cannot deliver to mxhost-F for domain3 regardless of preference value. 1210 ** ("Coattail" from "riding on the coattails of your predecessor" meaning 1211 ** gaining benefit from a predecessor effort with no or little addition 1212 ** effort. The predecessor here being the preceding MX RR). 1213 ** 1214 ** Parameters: 1215 ** e -- the envelope to deliver. 1216 ** firstto -- head of the address list to deliver to. 1217 ** 1218 ** Returns: 1219 ** zero -- successfully delivered. 1220 ** else -- some failure, see ExitStat for more info. 1221 ** 1222 ** Side Effects: 1223 ** The standard input is passed off to someone. 1224 */ 1225 1226 #ifndef NO_UID 1227 # define NO_UID -1 1228 #endif /* ! NO_UID */ 1229 #ifndef NO_GID 1230 # define NO_GID -1 1231 #endif /* ! NO_GID */ 1232 1233 static int 1234 deliver(e, firstto) 1235 register ENVELOPE *e; 1236 ADDRESS *firstto; 1237 { 1238 char *host; /* host being sent to */ 1239 char *user; /* user being sent to */ 1240 char **pvp; 1241 register char **mvp; 1242 register char *p; 1243 register MAILER *m; /* mailer for this recipient */ 1244 ADDRESS *volatile ctladdr; 1245 #if HASSETUSERCONTEXT 1246 ADDRESS *volatile contextaddr = NULL; 1247 #endif /* HASSETUSERCONTEXT */ 1248 register MCI *volatile mci; 1249 register ADDRESS *SM_NONVOLATILE to = firstto; 1250 volatile bool clever = false; /* running user smtp to this mailer */ 1251 ADDRESS *volatile tochain = NULL; /* users chain in this mailer call */ 1252 int rcode; /* response code */ 1253 SM_NONVOLATILE int lmtp_rcode = EX_OK; 1254 SM_NONVOLATILE int nummxhosts = 0; /* number of MX hosts available */ 1255 SM_NONVOLATILE int hostnum = 0; /* current MX host index */ 1256 char *firstsig; /* signature of firstto */ 1257 volatile pid_t pid = -1; 1258 char *volatile curhost; 1259 SM_NONVOLATILE unsigned short port = 0; 1260 SM_NONVOLATILE time_t enough = 0; 1261 #if NETUNIX 1262 char *SM_NONVOLATILE mux_path = NULL; /* path to UNIX domain socket */ 1263 #endif /* NETUNIX */ 1264 time_t xstart; 1265 bool suidwarn; 1266 bool anyok; /* at least one address was OK */ 1267 SM_NONVOLATILE bool goodmxfound = false; /* at least one MX was OK */ 1268 bool ovr; 1269 #if _FFR_QUARANTINE 1270 bool quarantine; 1271 #endif /* _FFR_QUARANTINE */ 1272 int strsize; 1273 int rcptcount; 1274 int ret; 1275 static int tobufsize = 0; 1276 static char *tobuf = NULL; 1277 char *rpath; /* translated return path */ 1278 int mpvect[2]; 1279 int rpvect[2]; 1280 char *mxhosts[MAXMXHOSTS + 1]; 1281 char *pv[MAXPV + 1]; 1282 char buf[MAXNAME + 1]; 1283 1284 errno = 0; 1285 if (!QS_IS_OK(to->q_state)) 1286 return 0; 1287 1288 suidwarn = geteuid() == 0; 1289 1290 m = to->q_mailer; 1291 host = to->q_host; 1292 CurEnv = e; /* just in case */ 1293 e->e_statmsg = NULL; 1294 SmtpError[0] = '\0'; 1295 xstart = curtime(); 1296 1297 if (tTd(10, 1)) 1298 sm_dprintf("\n--deliver, id=%s, mailer=%s, host=`%s', first user=`%s'\n", 1299 e->e_id, m->m_name, host, to->q_user); 1300 if (tTd(10, 100)) 1301 printopenfds(false); 1302 1303 /* 1304 ** Clear {client_*} macros if this is a bounce message to 1305 ** prevent rejection by check_compat ruleset. 1306 */ 1307 1308 if (bitset(EF_RESPONSE, e->e_flags)) 1309 { 1310 macdefine(&e->e_macro, A_PERM, macid("{client_name}"), ""); 1311 macdefine(&e->e_macro, A_PERM, macid("{client_addr}"), ""); 1312 macdefine(&e->e_macro, A_PERM, macid("{client_port}"), ""); 1313 macdefine(&e->e_macro, A_PERM, macid("{client_resolve}"), ""); 1314 } 1315 1316 SM_TRY 1317 { 1318 ADDRESS *skip_back = NULL; 1319 1320 /* 1321 ** Do initial argv setup. 1322 ** Insert the mailer name. Notice that $x expansion is 1323 ** NOT done on the mailer name. Then, if the mailer has 1324 ** a picky -f flag, we insert it as appropriate. This 1325 ** code does not check for 'pv' overflow; this places a 1326 ** manifest lower limit of 4 for MAXPV. 1327 ** The from address rewrite is expected to make 1328 ** the address relative to the other end. 1329 */ 1330 1331 /* rewrite from address, using rewriting rules */ 1332 rcode = EX_OK; 1333 if (bitnset(M_UDBENVELOPE, e->e_from.q_mailer->m_flags)) 1334 p = e->e_sender; 1335 else 1336 p = e->e_from.q_paddr; 1337 rpath = remotename(p, m, RF_SENDERADDR|RF_CANONICAL, &rcode, e); 1338 if (strlen(rpath) > MAXSHORTSTR) 1339 { 1340 rpath = shortenstring(rpath, MAXSHORTSTR); 1341 1342 /* avoid bogus errno */ 1343 errno = 0; 1344 syserr("remotename: huge return path %s", rpath); 1345 } 1346 rpath = sm_rpool_strdup_x(e->e_rpool, rpath); 1347 macdefine(&e->e_macro, A_PERM, 'g', rpath); 1348 macdefine(&e->e_macro, A_PERM, 'h', host); 1349 Errors = 0; 1350 pvp = pv; 1351 *pvp++ = m->m_argv[0]; 1352 1353 /* insert -f or -r flag as appropriate */ 1354 if (FromFlag && 1355 (bitnset(M_FOPT, m->m_flags) || 1356 bitnset(M_ROPT, m->m_flags))) 1357 { 1358 if (bitnset(M_FOPT, m->m_flags)) 1359 *pvp++ = "-f"; 1360 else 1361 *pvp++ = "-r"; 1362 *pvp++ = rpath; 1363 } 1364 1365 /* 1366 ** Append the other fixed parts of the argv. These run 1367 ** up to the first entry containing "$u". There can only 1368 ** be one of these, and there are only a few more slots 1369 ** in the pv after it. 1370 */ 1371 1372 for (mvp = m->m_argv; (p = *++mvp) != NULL; ) 1373 { 1374 /* can't use strchr here because of sign extension problems */ 1375 while (*p != '\0') 1376 { 1377 if ((*p++ & 0377) == MACROEXPAND) 1378 { 1379 if (*p == 'u') 1380 break; 1381 } 1382 } 1383 1384 if (*p != '\0') 1385 break; 1386 1387 /* this entry is safe -- go ahead and process it */ 1388 expand(*mvp, buf, sizeof buf, e); 1389 *pvp++ = sm_rpool_strdup_x(e->e_rpool, buf); 1390 if (pvp >= &pv[MAXPV - 3]) 1391 { 1392 syserr("554 5.3.5 Too many parameters to %s before $u", 1393 pv[0]); 1394 rcode = -1; 1395 goto cleanup; 1396 } 1397 } 1398 1399 /* 1400 ** If we have no substitution for the user name in the argument 1401 ** list, we know that we must supply the names otherwise -- and 1402 ** SMTP is the answer!! 1403 */ 1404 1405 if (*mvp == NULL) 1406 { 1407 /* running LMTP or SMTP */ 1408 clever = true; 1409 *pvp = NULL; 1410 } 1411 else if (bitnset(M_LMTP, m->m_flags)) 1412 { 1413 /* not running LMTP */ 1414 sm_syslog(LOG_ERR, NULL, 1415 "Warning: mailer %s: LMTP flag (F=z) turned off", 1416 m->m_name); 1417 clrbitn(M_LMTP, m->m_flags); 1418 } 1419 1420 /* 1421 ** At this point *mvp points to the argument with $u. We 1422 ** run through our address list and append all the addresses 1423 ** we can. If we run out of space, do not fret! We can 1424 ** always send another copy later. 1425 */ 1426 1427 e->e_to = NULL; 1428 strsize = 2; 1429 rcptcount = 0; 1430 ctladdr = NULL; 1431 if (firstto->q_signature == NULL) 1432 firstto->q_signature = hostsignature(firstto->q_mailer, 1433 firstto->q_host); 1434 firstsig = firstto->q_signature; 1435 1436 for (; to != NULL; to = to->q_next) 1437 { 1438 /* avoid sending multiple recipients to dumb mailers */ 1439 if (tochain != NULL && !bitnset(M_MUSER, m->m_flags)) 1440 break; 1441 1442 /* if already sent or not for this host, don't send */ 1443 if (!QS_IS_OK(to->q_state)) /* already sent; look at next */ 1444 continue; 1445 1446 /* 1447 ** Must be same mailer to keep grouping rcpts. 1448 ** If mailers don't match: continue; sendqueue is not 1449 ** sorted by mailers, so don't break; 1450 */ 1451 1452 if (to->q_mailer != firstto->q_mailer) 1453 continue; 1454 1455 if (to->q_signature == NULL) /* for safety */ 1456 to->q_signature = hostsignature(to->q_mailer, 1457 to->q_host); 1458 1459 /* 1460 ** This is for coincidental and tailcoat piggybacking messages 1461 ** to the same mail host. While the signatures are identical 1462 ** (that's the MX-RR's are identical) we can do coincidental 1463 ** piggybacking. We try hard for coattail piggybacking 1464 ** with the same mail host when the next recipient has the 1465 ** same host at lowest preference. It may be that this 1466 ** won't work out, so 'skip_back' is maintained if a backup 1467 ** to coincidental piggybacking or full signature must happen. 1468 */ 1469 1470 ret = firstto == to ? HS_MATCH_FULL : 1471 coloncmp(to->q_signature, firstsig); 1472 if (ret == HS_MATCH_FULL) 1473 skip_back = to; 1474 else if (ret == HS_MATCH_NO) 1475 break; 1476 1477 if (!clever) 1478 { 1479 /* avoid overflowing tobuf */ 1480 strsize += strlen(to->q_paddr) + 1; 1481 if (strsize > TOBUFSIZE) 1482 break; 1483 } 1484 1485 if (++rcptcount > to->q_mailer->m_maxrcpt) 1486 break; 1487 1488 if (tTd(10, 1)) 1489 { 1490 sm_dprintf("\nsend to "); 1491 printaddr(to, false); 1492 } 1493 1494 /* compute effective uid/gid when sending */ 1495 if (bitnset(M_RUNASRCPT, to->q_mailer->m_flags)) 1496 # if HASSETUSERCONTEXT 1497 contextaddr = ctladdr = getctladdr(to); 1498 # else /* HASSETUSERCONTEXT */ 1499 ctladdr = getctladdr(to); 1500 # endif /* HASSETUSERCONTEXT */ 1501 1502 if (tTd(10, 2)) 1503 { 1504 sm_dprintf("ctladdr="); 1505 printaddr(ctladdr, false); 1506 } 1507 1508 user = to->q_user; 1509 e->e_to = to->q_paddr; 1510 1511 /* 1512 ** Check to see that these people are allowed to 1513 ** talk to each other. 1514 ** Check also for overflow of e_msgsize. 1515 */ 1516 1517 if (m->m_maxsize != 0 && 1518 (e->e_msgsize > m->m_maxsize || e->e_msgsize < 0)) 1519 { 1520 e->e_flags |= EF_NO_BODY_RETN; 1521 if (bitnset(M_LOCALMAILER, to->q_mailer->m_flags)) 1522 to->q_status = "5.2.3"; 1523 else 1524 to->q_status = "5.3.4"; 1525 1526 /* set to->q_rstatus = NULL; or to the following? */ 1527 usrerrenh(to->q_status, 1528 "552 Message is too large; %ld bytes max", 1529 m->m_maxsize); 1530 markfailure(e, to, NULL, EX_UNAVAILABLE, false); 1531 giveresponse(EX_UNAVAILABLE, to->q_status, m, 1532 NULL, ctladdr, xstart, e, to); 1533 continue; 1534 } 1535 SM_SET_H_ERRNO(0); 1536 ovr = true; 1537 1538 /* do config file checking of compatibility */ 1539 #if _FFR_QUARANTINE 1540 quarantine = (e->e_quarmsg != NULL); 1541 #endif /* _FFR_QUARANTINE */ 1542 rcode = rscheck("check_compat", e->e_from.q_paddr, to->q_paddr, 1543 e, true, true, 3, NULL, e->e_id); 1544 if (rcode == EX_OK) 1545 { 1546 /* do in-code checking if not discarding */ 1547 if (!bitset(EF_DISCARD, e->e_flags)) 1548 { 1549 rcode = checkcompat(to, e); 1550 ovr = false; 1551 } 1552 } 1553 if (rcode != EX_OK) 1554 { 1555 markfailure(e, to, NULL, rcode, ovr); 1556 giveresponse(rcode, to->q_status, m, 1557 NULL, ctladdr, xstart, e, to); 1558 continue; 1559 } 1560 #if _FFR_QUARANTINE 1561 if (!quarantine && e->e_quarmsg != NULL) 1562 { 1563 /* 1564 ** check_compat or checkcompat() has tried 1565 ** to quarantine but that isn't supported. 1566 ** Revert the attempt. 1567 */ 1568 1569 e->e_quarmsg = NULL; 1570 macdefine(&e->e_macro, A_PERM, 1571 macid("{quarantine}"), ""); 1572 } 1573 #endif /* _FFR_QUARANTINE */ 1574 if (bitset(EF_DISCARD, e->e_flags)) 1575 { 1576 if (tTd(10, 5)) 1577 { 1578 sm_dprintf("deliver: discarding recipient "); 1579 printaddr(to, false); 1580 } 1581 1582 /* pretend the message was sent */ 1583 /* XXX should we log something here? */ 1584 to->q_state = QS_DISCARDED; 1585 1586 /* 1587 ** Remove discard bit to prevent discard of 1588 ** future recipients. This is safe because the 1589 ** true "global discard" has been handled before 1590 ** we get here. 1591 */ 1592 1593 e->e_flags &= ~EF_DISCARD; 1594 continue; 1595 } 1596 1597 /* 1598 ** Strip quote bits from names if the mailer is dumb 1599 ** about them. 1600 */ 1601 1602 if (bitnset(M_STRIPQ, m->m_flags)) 1603 { 1604 stripquotes(user); 1605 stripquotes(host); 1606 } 1607 1608 /* hack attack -- delivermail compatibility */ 1609 if (m == ProgMailer && *user == '|') 1610 user++; 1611 1612 /* 1613 ** If an error message has already been given, don't 1614 ** bother to send to this address. 1615 ** 1616 ** >>>>>>>>>> This clause assumes that the local mailer 1617 ** >> NOTE >> cannot do any further aliasing; that 1618 ** >>>>>>>>>> function is subsumed by sendmail. 1619 */ 1620 1621 if (!QS_IS_OK(to->q_state)) 1622 continue; 1623 1624 /* 1625 ** See if this user name is "special". 1626 ** If the user name has a slash in it, assume that this 1627 ** is a file -- send it off without further ado. Note 1628 ** that this type of addresses is not processed along 1629 ** with the others, so we fudge on the To person. 1630 */ 1631 1632 if (strcmp(m->m_mailer, "[FILE]") == 0) 1633 { 1634 macdefine(&e->e_macro, A_PERM, 'u', user); 1635 p = to->q_home; 1636 if (p == NULL && ctladdr != NULL) 1637 p = ctladdr->q_home; 1638 macdefine(&e->e_macro, A_PERM, 'z', p); 1639 expand(m->m_argv[1], buf, sizeof buf, e); 1640 if (strlen(buf) > 0) 1641 rcode = mailfile(buf, m, ctladdr, SFF_CREAT, e); 1642 else 1643 { 1644 syserr("empty filename specification for mailer %s", 1645 m->m_name); 1646 rcode = EX_CONFIG; 1647 } 1648 giveresponse(rcode, to->q_status, m, NULL, 1649 ctladdr, xstart, e, to); 1650 markfailure(e, to, NULL, rcode, true); 1651 e->e_nsent++; 1652 if (rcode == EX_OK) 1653 { 1654 to->q_state = QS_SENT; 1655 if (bitnset(M_LOCALMAILER, m->m_flags) && 1656 bitset(QPINGONSUCCESS, to->q_flags)) 1657 { 1658 to->q_flags |= QDELIVERED; 1659 to->q_status = "2.1.5"; 1660 (void) sm_io_fprintf(e->e_xfp, 1661 SM_TIME_DEFAULT, 1662 "%s... Successfully delivered\n", 1663 to->q_paddr); 1664 } 1665 } 1666 to->q_statdate = curtime(); 1667 markstats(e, to, STATS_NORMAL); 1668 continue; 1669 } 1670 1671 /* 1672 ** Address is verified -- add this user to mailer 1673 ** argv, and add it to the print list of recipients. 1674 */ 1675 1676 /* link together the chain of recipients */ 1677 to->q_tchain = tochain; 1678 tochain = to; 1679 e->e_to = "[CHAIN]"; 1680 1681 macdefine(&e->e_macro, A_PERM, 'u', user); /* to user */ 1682 p = to->q_home; 1683 if (p == NULL && ctladdr != NULL) 1684 p = ctladdr->q_home; 1685 macdefine(&e->e_macro, A_PERM, 'z', p); /* user's home */ 1686 1687 /* set the ${dsn_notify} macro if applicable */ 1688 if (bitset(QHASNOTIFY, to->q_flags)) 1689 { 1690 char notify[MAXLINE]; 1691 1692 notify[0] = '\0'; 1693 if (bitset(QPINGONSUCCESS, to->q_flags)) 1694 (void) sm_strlcat(notify, "SUCCESS,", 1695 sizeof notify); 1696 if (bitset(QPINGONFAILURE, to->q_flags)) 1697 (void) sm_strlcat(notify, "FAILURE,", 1698 sizeof notify); 1699 if (bitset(QPINGONDELAY, to->q_flags)) 1700 (void) sm_strlcat(notify, "DELAY,", 1701 sizeof notify); 1702 1703 /* Set to NEVER or drop trailing comma */ 1704 if (notify[0] == '\0') 1705 (void) sm_strlcat(notify, "NEVER", 1706 sizeof notify); 1707 else 1708 notify[strlen(notify) - 1] = '\0'; 1709 1710 macdefine(&e->e_macro, A_TEMP, 1711 macid("{dsn_notify}"), notify); 1712 } 1713 else 1714 macdefine(&e->e_macro, A_PERM, 1715 macid("{dsn_notify}"), NULL); 1716 1717 /* 1718 ** Expand out this user into argument list. 1719 */ 1720 1721 if (!clever) 1722 { 1723 expand(*mvp, buf, sizeof buf, e); 1724 *pvp++ = sm_rpool_strdup_x(e->e_rpool, buf); 1725 if (pvp >= &pv[MAXPV - 2]) 1726 { 1727 /* allow some space for trailing parms */ 1728 break; 1729 } 1730 } 1731 } 1732 1733 /* see if any addresses still exist */ 1734 if (tochain == NULL) 1735 { 1736 rcode = 0; 1737 goto cleanup; 1738 } 1739 1740 /* print out messages as full list */ 1741 strsize = 1; 1742 for (to = tochain; to != NULL; to = to->q_tchain) 1743 strsize += strlen(to->q_paddr) + 1; 1744 if (strsize < TOBUFSIZE) 1745 strsize = TOBUFSIZE; 1746 if (strsize > tobufsize) 1747 { 1748 SM_FREE_CLR(tobuf); 1749 tobuf = sm_pmalloc_x(strsize); 1750 tobufsize = strsize; 1751 } 1752 p = tobuf; 1753 *p = '\0'; 1754 for (to = tochain; to != NULL; to = to->q_tchain) 1755 { 1756 (void) sm_strlcpyn(p, tobufsize - (p - tobuf), 2, 1757 ",", to->q_paddr); 1758 p += strlen(p); 1759 } 1760 e->e_to = tobuf + 1; 1761 1762 /* 1763 ** Fill out any parameters after the $u parameter. 1764 */ 1765 1766 if (!clever) 1767 { 1768 while (*++mvp != NULL) 1769 { 1770 expand(*mvp, buf, sizeof buf, e); 1771 *pvp++ = sm_rpool_strdup_x(e->e_rpool, buf); 1772 if (pvp >= &pv[MAXPV]) 1773 syserr("554 5.3.0 deliver: pv overflow after $u for %s", 1774 pv[0]); 1775 } 1776 } 1777 *pvp++ = NULL; 1778 1779 /* 1780 ** Call the mailer. 1781 ** The argument vector gets built, pipes 1782 ** are created as necessary, and we fork & exec as 1783 ** appropriate. 1784 ** If we are running SMTP, we just need to clean up. 1785 */ 1786 1787 /* XXX this seems a bit wierd */ 1788 if (ctladdr == NULL && m != ProgMailer && m != FileMailer && 1789 bitset(QGOODUID, e->e_from.q_flags)) 1790 ctladdr = &e->e_from; 1791 1792 #if NAMED_BIND 1793 if (ConfigLevel < 2) 1794 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */ 1795 #endif /* NAMED_BIND */ 1796 1797 if (tTd(11, 1)) 1798 { 1799 sm_dprintf("openmailer:"); 1800 printav(pv); 1801 } 1802 errno = 0; 1803 SM_SET_H_ERRNO(0); 1804 CurHostName = NULL; 1805 1806 /* 1807 ** Deal with the special case of mail handled through an IPC 1808 ** connection. 1809 ** In this case we don't actually fork. We must be 1810 ** running SMTP for this to work. We will return a 1811 ** zero pid to indicate that we are running IPC. 1812 ** We also handle a debug version that just talks to stdin/out. 1813 */ 1814 1815 curhost = NULL; 1816 SmtpPhase = NULL; 1817 mci = NULL; 1818 1819 #if XDEBUG 1820 { 1821 char wbuf[MAXLINE]; 1822 1823 /* make absolutely certain 0, 1, and 2 are in use */ 1824 (void) sm_snprintf(wbuf, sizeof wbuf, "%s... openmailer(%s)", 1825 shortenstring(e->e_to, MAXSHORTSTR), 1826 m->m_name); 1827 checkfd012(wbuf); 1828 } 1829 #endif /* XDEBUG */ 1830 1831 /* check for 8-bit available */ 1832 if (bitset(EF_HAS8BIT, e->e_flags) && 1833 bitnset(M_7BITS, m->m_flags) && 1834 (bitset(EF_DONT_MIME, e->e_flags) || 1835 !(bitset(MM_MIME8BIT, MimeMode) || 1836 (bitset(EF_IS_MIME, e->e_flags) && 1837 bitset(MM_CVTMIME, MimeMode))))) 1838 { 1839 e->e_status = "5.6.3"; 1840 usrerrenh(e->e_status, 1841 "554 Cannot send 8-bit data to 7-bit destination"); 1842 rcode = EX_DATAERR; 1843 goto give_up; 1844 } 1845 1846 if (tTd(62, 8)) 1847 checkfds("before delivery"); 1848 1849 /* check for Local Person Communication -- not for mortals!!! */ 1850 if (strcmp(m->m_mailer, "[LPC]") == 0) 1851 { 1852 #if _FFR_CACHE_LPC 1853 if (clever) 1854 { 1855 /* flush any expired connections */ 1856 (void) mci_scan(NULL); 1857 1858 /* try to get a cached connection or just a slot */ 1859 mci = mci_get(m->m_name, m); 1860 if (mci->mci_host == NULL) 1861 mci->mci_host = m->m_name; 1862 CurHostName = mci->mci_host; 1863 if (mci->mci_state != MCIS_CLOSED) 1864 { 1865 message("Using cached SMTP/LPC connection for %s...", 1866 m->m_name); 1867 mci->mci_deliveries++; 1868 goto do_transfer; 1869 } 1870 } 1871 else 1872 { 1873 mci = mci_new(e->e_rpool); 1874 } 1875 mci->mci_in = smioin; 1876 mci->mci_out = smioout; 1877 mci->mci_mailer = m; 1878 mci->mci_host = m->m_name; 1879 if (clever) 1880 { 1881 mci->mci_state = MCIS_OPENING; 1882 mci_cache(mci); 1883 } 1884 else 1885 mci->mci_state = MCIS_OPEN; 1886 #else /* _FFR_CACHE_LPC */ 1887 mci = mci_new(e->e_rpool); 1888 mci->mci_in = smioin; 1889 mci->mci_out = smioout; 1890 mci->mci_state = clever ? MCIS_OPENING : MCIS_OPEN; 1891 mci->mci_mailer = m; 1892 #endif /* _FFR_CACHE_LPC */ 1893 } 1894 else if (strcmp(m->m_mailer, "[IPC]") == 0) 1895 { 1896 register int i; 1897 1898 if (pv[0] == NULL || pv[1] == NULL || pv[1][0] == '\0') 1899 { 1900 syserr("null destination for %s mailer", m->m_mailer); 1901 rcode = EX_CONFIG; 1902 goto give_up; 1903 } 1904 1905 # if NETUNIX 1906 if (strcmp(pv[0], "FILE") == 0) 1907 { 1908 curhost = CurHostName = "localhost"; 1909 mux_path = pv[1]; 1910 } 1911 else 1912 # endif /* NETUNIX */ 1913 { 1914 CurHostName = pv[1]; 1915 curhost = hostsignature(m, pv[1]); 1916 } 1917 1918 if (curhost == NULL || curhost[0] == '\0') 1919 { 1920 syserr("null host signature for %s", pv[1]); 1921 rcode = EX_CONFIG; 1922 goto give_up; 1923 } 1924 1925 if (!clever) 1926 { 1927 syserr("554 5.3.5 non-clever IPC"); 1928 rcode = EX_CONFIG; 1929 goto give_up; 1930 } 1931 if (pv[2] != NULL 1932 # if NETUNIX 1933 && mux_path == NULL 1934 # endif /* NETUNIX */ 1935 ) 1936 { 1937 port = htons((unsigned short) atoi(pv[2])); 1938 if (port == 0) 1939 { 1940 # ifdef NO_GETSERVBYNAME 1941 syserr("Invalid port number: %s", pv[2]); 1942 # else /* NO_GETSERVBYNAME */ 1943 struct servent *sp = getservbyname(pv[2], "tcp"); 1944 1945 if (sp == NULL) 1946 syserr("Service %s unknown", pv[2]); 1947 else 1948 port = sp->s_port; 1949 # endif /* NO_GETSERVBYNAME */ 1950 } 1951 } 1952 1953 nummxhosts = parse_hostsignature(curhost, mxhosts, m); 1954 if (TimeOuts.to_aconnect > 0) 1955 enough = curtime() + TimeOuts.to_aconnect; 1956 tryhost: 1957 while (hostnum < nummxhosts) 1958 { 1959 char sep = ':'; 1960 char *endp; 1961 static char hostbuf[MAXNAME + 1]; 1962 1963 # if NETINET6 1964 if (*mxhosts[hostnum] == '[') 1965 { 1966 endp = strchr(mxhosts[hostnum] + 1, ']'); 1967 if (endp != NULL) 1968 endp = strpbrk(endp + 1, ":,"); 1969 } 1970 else 1971 endp = strpbrk(mxhosts[hostnum], ":,"); 1972 # else /* NETINET6 */ 1973 endp = strpbrk(mxhosts[hostnum], ":,"); 1974 # endif /* NETINET6 */ 1975 if (endp != NULL) 1976 { 1977 sep = *endp; 1978 *endp = '\0'; 1979 } 1980 1981 if (hostnum == 1 && skip_back != NULL) 1982 { 1983 /* 1984 ** Coattail piggybacking is no longer an 1985 ** option with the mail host next to be tried 1986 ** no longer the lowest MX preference 1987 ** (hostnum == 1 meaning we're on the second 1988 ** preference). We do not try to coattail 1989 ** piggyback more than the first MX preference. 1990 ** Revert 'tochain' to last location for 1991 ** coincidental piggybacking. This works this 1992 ** easily because the q_tchain kept getting 1993 ** added to the top of the linked list. 1994 */ 1995 1996 tochain = skip_back; 1997 } 1998 1999 if (*mxhosts[hostnum] == '\0') 2000 { 2001 syserr("deliver: null host name in signature"); 2002 hostnum++; 2003 if (endp != NULL) 2004 *endp = sep; 2005 continue; 2006 } 2007 (void) sm_strlcpy(hostbuf, mxhosts[hostnum], 2008 sizeof hostbuf); 2009 hostnum++; 2010 if (endp != NULL) 2011 *endp = sep; 2012 2013 /* see if we already know that this host is fried */ 2014 CurHostName = hostbuf; 2015 mci = mci_get(hostbuf, m); 2016 if (mci->mci_state != MCIS_CLOSED) 2017 { 2018 char *type; 2019 2020 if (tTd(11, 1)) 2021 { 2022 sm_dprintf("openmailer: "); 2023 mci_dump(mci, false); 2024 } 2025 CurHostName = mci->mci_host; 2026 if (bitnset(M_LMTP, m->m_flags)) 2027 type = "L"; 2028 else if (bitset(MCIF_ESMTP, mci->mci_flags)) 2029 type = "ES"; 2030 else 2031 type = "S"; 2032 message("Using cached %sMTP connection to %s via %s...", 2033 type, hostbuf, m->m_name); 2034 mci->mci_deliveries++; 2035 break; 2036 } 2037 mci->mci_mailer = m; 2038 if (mci->mci_exitstat != EX_OK) 2039 { 2040 if (mci->mci_exitstat == EX_TEMPFAIL) 2041 goodmxfound = true; 2042 continue; 2043 } 2044 2045 if (mci_lock_host(mci) != EX_OK) 2046 { 2047 mci_setstat(mci, EX_TEMPFAIL, "4.4.5", NULL); 2048 goodmxfound = true; 2049 continue; 2050 } 2051 2052 /* try the connection */ 2053 sm_setproctitle(true, e, "%s %s: %s", 2054 qid_printname(e), 2055 hostbuf, "user open"); 2056 # if NETUNIX 2057 if (mux_path != NULL) 2058 { 2059 message("Connecting to %s via %s...", 2060 mux_path, m->m_name); 2061 i = makeconnection_ds((char *) mux_path, mci); 2062 } 2063 else 2064 # endif /* NETUNIX */ 2065 { 2066 if (port == 0) 2067 message("Connecting to %s via %s...", 2068 hostbuf, m->m_name); 2069 else 2070 message("Connecting to %s port %d via %s...", 2071 hostbuf, ntohs(port), 2072 m->m_name); 2073 i = makeconnection(hostbuf, port, mci, e, 2074 enough); 2075 } 2076 mci->mci_errno = errno; 2077 mci->mci_lastuse = curtime(); 2078 mci->mci_deliveries = 0; 2079 mci->mci_exitstat = i; 2080 # if NAMED_BIND 2081 mci->mci_herrno = h_errno; 2082 # endif /* NAMED_BIND */ 2083 2084 /* 2085 ** Have we tried long enough to get a connection? 2086 ** If yes, skip to the fallback MX hosts 2087 ** (if existent). 2088 */ 2089 2090 if (enough > 0 && mci->mci_lastuse >= enough) 2091 { 2092 int h; 2093 # if NAMED_BIND 2094 extern int NumFallBackMXHosts; 2095 # else /* NAMED_BIND */ 2096 const int NumFallBackMXHosts = 0; 2097 # endif /* NAMED_BIND */ 2098 2099 if (hostnum < nummxhosts && LogLevel > 9) 2100 sm_syslog(LOG_INFO, e->e_id, 2101 "Timeout.to_aconnect occurred before exhausting all addresses"); 2102 2103 /* turn off timeout if fallback available */ 2104 if (NumFallBackMXHosts > 0) 2105 enough = 0; 2106 2107 /* skip to a fallback MX host */ 2108 h = nummxhosts - NumFallBackMXHosts; 2109 if (hostnum < h) 2110 hostnum = h; 2111 } 2112 if (i == EX_OK) 2113 { 2114 goodmxfound = true; 2115 mci->mci_state = MCIS_OPENING; 2116 mci_cache(mci); 2117 if (TrafficLogFile != NULL) 2118 (void) sm_io_fprintf(TrafficLogFile, 2119 SM_TIME_DEFAULT, 2120 "%05d === CONNECT %s\n", 2121 (int) CurrentPid, 2122 hostbuf); 2123 break; 2124 } 2125 else 2126 { 2127 if (tTd(11, 1)) 2128 sm_dprintf("openmailer: makeconnection => stat=%d, errno=%d\n", 2129 i, errno); 2130 if (i == EX_TEMPFAIL) 2131 goodmxfound = true; 2132 mci_unlock_host(mci); 2133 } 2134 2135 /* enter status of this host */ 2136 setstat(i); 2137 2138 /* should print some message here for -v mode */ 2139 } 2140 if (mci == NULL) 2141 { 2142 syserr("deliver: no host name"); 2143 rcode = EX_SOFTWARE; 2144 goto give_up; 2145 } 2146 mci->mci_pid = 0; 2147 } 2148 else 2149 { 2150 /* flush any expired connections */ 2151 (void) mci_scan(NULL); 2152 mci = NULL; 2153 2154 if (bitnset(M_LMTP, m->m_flags)) 2155 { 2156 /* try to get a cached connection */ 2157 mci = mci_get(m->m_name, m); 2158 if (mci->mci_host == NULL) 2159 mci->mci_host = m->m_name; 2160 CurHostName = mci->mci_host; 2161 if (mci->mci_state != MCIS_CLOSED) 2162 { 2163 message("Using cached LMTP connection for %s...", 2164 m->m_name); 2165 mci->mci_deliveries++; 2166 goto do_transfer; 2167 } 2168 } 2169 2170 /* announce the connection to verbose listeners */ 2171 if (host == NULL || host[0] == '\0') 2172 message("Connecting to %s...", m->m_name); 2173 else 2174 message("Connecting to %s via %s...", host, m->m_name); 2175 if (TrafficLogFile != NULL) 2176 { 2177 char **av; 2178 2179 (void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT, 2180 "%05d === EXEC", (int) CurrentPid); 2181 for (av = pv; *av != NULL; av++) 2182 (void) sm_io_fprintf(TrafficLogFile, 2183 SM_TIME_DEFAULT, " %s", 2184 *av); 2185 (void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT, 2186 "\n"); 2187 } 2188 2189 #if XDEBUG 2190 checkfd012("before creating mail pipe"); 2191 #endif /* XDEBUG */ 2192 2193 /* create a pipe to shove the mail through */ 2194 if (pipe(mpvect) < 0) 2195 { 2196 syserr("%s... openmailer(%s): pipe (to mailer)", 2197 shortenstring(e->e_to, MAXSHORTSTR), m->m_name); 2198 if (tTd(11, 1)) 2199 sm_dprintf("openmailer: NULL\n"); 2200 rcode = EX_OSERR; 2201 goto give_up; 2202 } 2203 2204 #if XDEBUG 2205 /* make sure we didn't get one of the standard I/O files */ 2206 if (mpvect[0] < 3 || mpvect[1] < 3) 2207 { 2208 syserr("%s... openmailer(%s): bogus mpvect %d %d", 2209 shortenstring(e->e_to, MAXSHORTSTR), m->m_name, 2210 mpvect[0], mpvect[1]); 2211 printopenfds(true); 2212 if (tTd(11, 1)) 2213 sm_dprintf("openmailer: NULL\n"); 2214 rcode = EX_OSERR; 2215 goto give_up; 2216 } 2217 2218 /* make sure system call isn't dead meat */ 2219 checkfdopen(mpvect[0], "mpvect[0]"); 2220 checkfdopen(mpvect[1], "mpvect[1]"); 2221 if (mpvect[0] == mpvect[1] || 2222 (e->e_lockfp != NULL && 2223 (mpvect[0] == sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD, 2224 NULL) || 2225 mpvect[1] == sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD, 2226 NULL)))) 2227 { 2228 if (e->e_lockfp == NULL) 2229 syserr("%s... openmailer(%s): overlapping mpvect %d %d", 2230 shortenstring(e->e_to, MAXSHORTSTR), 2231 m->m_name, mpvect[0], mpvect[1]); 2232 else 2233 syserr("%s... openmailer(%s): overlapping mpvect %d %d, lockfp = %d", 2234 shortenstring(e->e_to, MAXSHORTSTR), 2235 m->m_name, mpvect[0], mpvect[1], 2236 sm_io_getinfo(e->e_lockfp, 2237 SM_IO_WHAT_FD, NULL)); 2238 } 2239 #endif /* XDEBUG */ 2240 2241 /* create a return pipe */ 2242 if (pipe(rpvect) < 0) 2243 { 2244 syserr("%s... openmailer(%s): pipe (from mailer)", 2245 shortenstring(e->e_to, MAXSHORTSTR), 2246 m->m_name); 2247 (void) close(mpvect[0]); 2248 (void) close(mpvect[1]); 2249 if (tTd(11, 1)) 2250 sm_dprintf("openmailer: NULL\n"); 2251 rcode = EX_OSERR; 2252 goto give_up; 2253 } 2254 #if XDEBUG 2255 checkfdopen(rpvect[0], "rpvect[0]"); 2256 checkfdopen(rpvect[1], "rpvect[1]"); 2257 #endif /* XDEBUG */ 2258 2259 /* 2260 ** Actually fork the mailer process. 2261 ** DOFORK is clever about retrying. 2262 ** 2263 ** Dispose of SIGCHLD signal catchers that may be laying 2264 ** around so that endmailer will get it. 2265 */ 2266 2267 if (e->e_xfp != NULL) /* for debugging */ 2268 (void) sm_io_flush(e->e_xfp, SM_TIME_DEFAULT); 2269 (void) sm_io_flush(smioout, SM_TIME_DEFAULT); 2270 (void) sm_signal(SIGCHLD, SIG_DFL); 2271 2272 2273 DOFORK(FORK); 2274 /* pid is set by DOFORK */ 2275 2276 if (pid < 0) 2277 { 2278 /* failure */ 2279 syserr("%s... openmailer(%s): cannot fork", 2280 shortenstring(e->e_to, MAXSHORTSTR), m->m_name); 2281 (void) close(mpvect[0]); 2282 (void) close(mpvect[1]); 2283 (void) close(rpvect[0]); 2284 (void) close(rpvect[1]); 2285 if (tTd(11, 1)) 2286 sm_dprintf("openmailer: NULL\n"); 2287 rcode = EX_OSERR; 2288 goto give_up; 2289 } 2290 else if (pid == 0) 2291 { 2292 int i; 2293 int save_errno; 2294 int sff; 2295 int new_euid = NO_UID; 2296 int new_ruid = NO_UID; 2297 int new_gid = NO_GID; 2298 char *user = NULL; 2299 struct stat stb; 2300 extern int DtableSize; 2301 2302 CurrentPid = getpid(); 2303 2304 /* clear the events to turn off SIGALRMs */ 2305 sm_clear_events(); 2306 2307 /* Reset global flags */ 2308 RestartRequest = NULL; 2309 RestartWorkGroup = false; 2310 ShutdownRequest = NULL; 2311 PendingSignal = 0; 2312 2313 if (e->e_lockfp != NULL) 2314 (void) close(sm_io_getinfo(e->e_lockfp, 2315 SM_IO_WHAT_FD, 2316 NULL)); 2317 2318 /* child -- set up input & exec mailer */ 2319 (void) sm_signal(SIGALRM, sm_signal_noop); 2320 (void) sm_signal(SIGCHLD, SIG_DFL); 2321 (void) sm_signal(SIGHUP, SIG_IGN); 2322 (void) sm_signal(SIGINT, SIG_IGN); 2323 (void) sm_signal(SIGTERM, SIG_DFL); 2324 # ifdef SIGUSR1 2325 (void) sm_signal(SIGUSR1, sm_signal_noop); 2326 # endif /* SIGUSR1 */ 2327 2328 if (m != FileMailer || stat(tochain->q_user, &stb) < 0) 2329 stb.st_mode = 0; 2330 2331 # if HASSETUSERCONTEXT 2332 /* 2333 ** Set user resources. 2334 */ 2335 2336 if (contextaddr != NULL) 2337 { 2338 struct passwd *pwd; 2339 2340 if (contextaddr->q_ruser != NULL) 2341 pwd = sm_getpwnam(contextaddr->q_ruser); 2342 else 2343 pwd = sm_getpwnam(contextaddr->q_user); 2344 if (pwd != NULL) 2345 (void) setusercontext(NULL, 2346 pwd, pwd->pw_uid, 2347 LOGIN_SETRESOURCES|LOGIN_SETPRIORITY); 2348 } 2349 # endif /* HASSETUSERCONTEXT */ 2350 2351 #if HASNICE 2352 /* tweak niceness */ 2353 if (m->m_nice != 0) 2354 (void) nice(m->m_nice); 2355 #endif /* HASNICE */ 2356 2357 /* reset group id */ 2358 if (bitnset(M_SPECIFIC_UID, m->m_flags)) 2359 new_gid = m->m_gid; 2360 else if (bitset(S_ISGID, stb.st_mode)) 2361 new_gid = stb.st_gid; 2362 else if (ctladdr != NULL && ctladdr->q_gid != 0) 2363 { 2364 if (!DontInitGroups) 2365 { 2366 user = ctladdr->q_ruser; 2367 if (user == NULL) 2368 user = ctladdr->q_user; 2369 2370 if (initgroups(user, 2371 ctladdr->q_gid) == -1 2372 && suidwarn) 2373 { 2374 syserr("openmailer: initgroups(%s, %d) failed", 2375 user, ctladdr->q_gid); 2376 exit(EX_TEMPFAIL); 2377 } 2378 } 2379 else 2380 { 2381 GIDSET_T gidset[1]; 2382 2383 gidset[0] = ctladdr->q_gid; 2384 if (setgroups(1, gidset) == -1 2385 && suidwarn) 2386 { 2387 syserr("openmailer: setgroups() failed"); 2388 exit(EX_TEMPFAIL); 2389 } 2390 } 2391 new_gid = ctladdr->q_gid; 2392 } 2393 else 2394 { 2395 if (!DontInitGroups) 2396 { 2397 user = DefUser; 2398 if (initgroups(DefUser, DefGid) == -1 && 2399 suidwarn) 2400 { 2401 syserr("openmailer: initgroups(%s, %d) failed", 2402 DefUser, DefGid); 2403 exit(EX_TEMPFAIL); 2404 } 2405 } 2406 else 2407 { 2408 GIDSET_T gidset[1]; 2409 2410 gidset[0] = DefGid; 2411 if (setgroups(1, gidset) == -1 2412 && suidwarn) 2413 { 2414 syserr("openmailer: setgroups() failed"); 2415 exit(EX_TEMPFAIL); 2416 } 2417 } 2418 if (m->m_gid == 0) 2419 new_gid = DefGid; 2420 else 2421 new_gid = m->m_gid; 2422 } 2423 if (new_gid != NO_GID) 2424 { 2425 if (RunAsUid != 0 && 2426 bitnset(M_SPECIFIC_UID, m->m_flags) && 2427 new_gid != getgid() && 2428 new_gid != getegid()) 2429 { 2430 /* Only root can change the gid */ 2431 syserr("openmailer: insufficient privileges to change gid, RunAsUid=%d, new_gid=%d, gid=%d, egid=%d", 2432 (int) RunAsUid, (int) new_gid, 2433 (int) getgid(), (int) getegid()); 2434 exit(EX_TEMPFAIL); 2435 } 2436 2437 if (setgid(new_gid) < 0 && suidwarn) 2438 { 2439 syserr("openmailer: setgid(%ld) failed", 2440 (long) new_gid); 2441 exit(EX_TEMPFAIL); 2442 } 2443 } 2444 2445 /* change root to some "safe" directory */ 2446 if (m->m_rootdir != NULL) 2447 { 2448 expand(m->m_rootdir, buf, sizeof buf, e); 2449 if (tTd(11, 20)) 2450 sm_dprintf("openmailer: chroot %s\n", 2451 buf); 2452 if (chroot(buf) < 0) 2453 { 2454 syserr("openmailer: Cannot chroot(%s)", 2455 buf); 2456 exit(EX_TEMPFAIL); 2457 } 2458 if (chdir("/") < 0) 2459 { 2460 syserr("openmailer: cannot chdir(/)"); 2461 exit(EX_TEMPFAIL); 2462 } 2463 } 2464 2465 /* reset user id */ 2466 endpwent(); 2467 sm_mbdb_terminate(); 2468 if (bitnset(M_SPECIFIC_UID, m->m_flags)) 2469 { 2470 new_euid = m->m_uid; 2471 2472 /* 2473 ** Undo the effects of the uid change in main 2474 ** for signal handling. The real uid may 2475 ** be used by mailer in adding a "From " 2476 ** line. 2477 */ 2478 2479 if (RealUid != 0 && RealUid != getuid()) 2480 { 2481 # if MAILER_SETUID_METHOD == USE_SETEUID 2482 # if HASSETREUID 2483 if (setreuid(RealUid, geteuid()) < 0) 2484 { 2485 syserr("openmailer: setreuid(%d, %d) failed", 2486 (int) RealUid, (int) geteuid()); 2487 exit(EX_OSERR); 2488 } 2489 # endif /* HASSETREUID */ 2490 # endif /* MAILER_SETUID_METHOD == USE_SETEUID */ 2491 # if MAILER_SETUID_METHOD == USE_SETREUID 2492 new_ruid = RealUid; 2493 # endif /* MAILER_SETUID_METHOD == USE_SETREUID */ 2494 } 2495 } 2496 else if (bitset(S_ISUID, stb.st_mode)) 2497 new_ruid = stb.st_uid; 2498 else if (ctladdr != NULL && ctladdr->q_uid != 0) 2499 new_ruid = ctladdr->q_uid; 2500 else if (m->m_uid != 0) 2501 new_ruid = m->m_uid; 2502 else 2503 new_ruid = DefUid; 2504 if (new_euid != NO_UID) 2505 { 2506 if (RunAsUid != 0 && new_euid != RunAsUid) 2507 { 2508 /* Only root can change the uid */ 2509 syserr("openmailer: insufficient privileges to change uid, new_euid=%d, RunAsUid=%d", 2510 (int) new_euid, (int) RunAsUid); 2511 exit(EX_TEMPFAIL); 2512 } 2513 2514 vendor_set_uid(new_euid); 2515 # if MAILER_SETUID_METHOD == USE_SETEUID 2516 if (seteuid(new_euid) < 0 && suidwarn) 2517 { 2518 syserr("openmailer: seteuid(%ld) failed", 2519 (long) new_euid); 2520 exit(EX_TEMPFAIL); 2521 } 2522 # endif /* MAILER_SETUID_METHOD == USE_SETEUID */ 2523 # if MAILER_SETUID_METHOD == USE_SETREUID 2524 if (setreuid(new_ruid, new_euid) < 0 && suidwarn) 2525 { 2526 syserr("openmailer: setreuid(%ld, %ld) failed", 2527 (long) new_ruid, (long) new_euid); 2528 exit(EX_TEMPFAIL); 2529 } 2530 # endif /* MAILER_SETUID_METHOD == USE_SETREUID */ 2531 # if MAILER_SETUID_METHOD == USE_SETUID 2532 if (new_euid != geteuid() && setuid(new_euid) < 0 && suidwarn) 2533 { 2534 syserr("openmailer: setuid(%ld) failed", 2535 (long) new_euid); 2536 exit(EX_TEMPFAIL); 2537 } 2538 # endif /* MAILER_SETUID_METHOD == USE_SETUID */ 2539 } 2540 else if (new_ruid != NO_UID) 2541 { 2542 vendor_set_uid(new_ruid); 2543 if (setuid(new_ruid) < 0 && suidwarn) 2544 { 2545 syserr("openmailer: setuid(%ld) failed", 2546 (long) new_ruid); 2547 exit(EX_TEMPFAIL); 2548 } 2549 } 2550 2551 if (tTd(11, 2)) 2552 sm_dprintf("openmailer: running as r/euid=%d/%d, r/egid=%d/%d\n", 2553 (int) getuid(), (int) geteuid(), 2554 (int) getgid(), (int) getegid()); 2555 2556 /* move into some "safe" directory */ 2557 if (m->m_execdir != NULL) 2558 { 2559 char *q; 2560 2561 for (p = m->m_execdir; p != NULL; p = q) 2562 { 2563 q = strchr(p, ':'); 2564 if (q != NULL) 2565 *q = '\0'; 2566 expand(p, buf, sizeof buf, e); 2567 if (q != NULL) 2568 *q++ = ':'; 2569 if (tTd(11, 20)) 2570 sm_dprintf("openmailer: trydir %s\n", 2571 buf); 2572 if (buf[0] != '\0' && chdir(buf) >= 0) 2573 break; 2574 } 2575 } 2576 2577 /* Check safety of program to be run */ 2578 sff = SFF_ROOTOK|SFF_EXECOK; 2579 if (!bitnset(DBS_RUNWRITABLEPROGRAM, 2580 DontBlameSendmail)) 2581 sff |= SFF_NOGWFILES|SFF_NOWWFILES; 2582 if (bitnset(DBS_RUNPROGRAMINUNSAFEDIRPATH, 2583 DontBlameSendmail)) 2584 sff |= SFF_NOPATHCHECK; 2585 else 2586 sff |= SFF_SAFEDIRPATH; 2587 ret = safefile(m->m_mailer, getuid(), getgid(), 2588 user, sff, 0, NULL); 2589 if (ret != 0) 2590 sm_syslog(LOG_INFO, e->e_id, 2591 "Warning: program %s unsafe: %s", 2592 m->m_mailer, sm_errstring(ret)); 2593 2594 /* arrange to filter std & diag output of command */ 2595 (void) close(rpvect[0]); 2596 if (dup2(rpvect[1], STDOUT_FILENO) < 0) 2597 { 2598 syserr("%s... openmailer(%s): cannot dup pipe %d for stdout", 2599 shortenstring(e->e_to, MAXSHORTSTR), 2600 m->m_name, rpvect[1]); 2601 _exit(EX_OSERR); 2602 } 2603 (void) close(rpvect[1]); 2604 2605 if (dup2(STDOUT_FILENO, STDERR_FILENO) < 0) 2606 { 2607 syserr("%s... openmailer(%s): cannot dup stdout for stderr", 2608 shortenstring(e->e_to, MAXSHORTSTR), 2609 m->m_name); 2610 _exit(EX_OSERR); 2611 } 2612 2613 /* arrange to get standard input */ 2614 (void) close(mpvect[1]); 2615 if (dup2(mpvect[0], STDIN_FILENO) < 0) 2616 { 2617 syserr("%s... openmailer(%s): cannot dup pipe %d for stdin", 2618 shortenstring(e->e_to, MAXSHORTSTR), 2619 m->m_name, mpvect[0]); 2620 _exit(EX_OSERR); 2621 } 2622 (void) close(mpvect[0]); 2623 2624 /* arrange for all the files to be closed */ 2625 for (i = 3; i < DtableSize; i++) 2626 { 2627 register int j; 2628 2629 if ((j = fcntl(i, F_GETFD, 0)) != -1) 2630 (void) fcntl(i, F_SETFD, 2631 j | FD_CLOEXEC); 2632 } 2633 2634 /* run disconnected from terminal */ 2635 (void) setsid(); 2636 2637 /* try to execute the mailer */ 2638 (void) execve(m->m_mailer, (ARGV_T) pv, 2639 (ARGV_T) UserEnviron); 2640 save_errno = errno; 2641 syserr("Cannot exec %s", m->m_mailer); 2642 if (bitnset(M_LOCALMAILER, m->m_flags) || 2643 transienterror(save_errno)) 2644 _exit(EX_OSERR); 2645 _exit(EX_UNAVAILABLE); 2646 } 2647 2648 /* 2649 ** Set up return value. 2650 */ 2651 2652 if (mci == NULL) 2653 { 2654 if (clever) 2655 { 2656 /* 2657 ** Allocate from general heap, not 2658 ** envelope rpool, because this mci 2659 ** is going to be cached. 2660 */ 2661 2662 mci = mci_new(NULL); 2663 } 2664 else 2665 { 2666 /* 2667 ** Prevent a storage leak by allocating 2668 ** this from the envelope rpool. 2669 */ 2670 2671 mci = mci_new(e->e_rpool); 2672 } 2673 } 2674 mci->mci_mailer = m; 2675 if (clever) 2676 { 2677 mci->mci_state = MCIS_OPENING; 2678 mci_cache(mci); 2679 } 2680 else 2681 { 2682 mci->mci_state = MCIS_OPEN; 2683 } 2684 mci->mci_pid = pid; 2685 (void) close(mpvect[0]); 2686 mci->mci_out = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT, 2687 (void *) &(mpvect[1]), SM_IO_WRONLY, 2688 NULL); 2689 if (mci->mci_out == NULL) 2690 { 2691 syserr("deliver: cannot create mailer output channel, fd=%d", 2692 mpvect[1]); 2693 (void) close(mpvect[1]); 2694 (void) close(rpvect[0]); 2695 (void) close(rpvect[1]); 2696 rcode = EX_OSERR; 2697 goto give_up; 2698 } 2699 2700 (void) close(rpvect[1]); 2701 mci->mci_in = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT, 2702 (void *) &(rpvect[0]), SM_IO_RDONLY, 2703 NULL); 2704 if (mci->mci_in == NULL) 2705 { 2706 syserr("deliver: cannot create mailer input channel, fd=%d", 2707 mpvect[1]); 2708 (void) close(rpvect[0]); 2709 (void) sm_io_close(mci->mci_out, SM_TIME_DEFAULT); 2710 mci->mci_out = NULL; 2711 rcode = EX_OSERR; 2712 goto give_up; 2713 } 2714 } 2715 2716 /* 2717 ** If we are in SMTP opening state, send initial protocol. 2718 */ 2719 2720 if (bitnset(M_7BITS, m->m_flags) && 2721 (!clever || mci->mci_state == MCIS_OPENING)) 2722 mci->mci_flags |= MCIF_7BIT; 2723 if (clever && mci->mci_state != MCIS_CLOSED) 2724 { 2725 # if STARTTLS || SASL 2726 int dotpos; 2727 char *srvname; 2728 extern SOCKADDR CurHostAddr; 2729 # endif /* STARTTLS || SASL */ 2730 2731 # if SASL 2732 # define DONE_AUTH(f) bitset(MCIF_AUTHACT, f) 2733 # endif /* SASL */ 2734 # if STARTTLS 2735 # define DONE_STARTTLS(f) bitset(MCIF_TLSACT, f) 2736 # endif /* STARTTLS */ 2737 # define ONLY_HELO(f) bitset(MCIF_ONLY_EHLO, f) 2738 # define SET_HELO(f) f |= MCIF_ONLY_EHLO 2739 # define CLR_HELO(f) f &= ~MCIF_ONLY_EHLO 2740 2741 # if STARTTLS || SASL 2742 /* don't use CurHostName, it is changed in many places */ 2743 if (mci->mci_host != NULL) 2744 { 2745 srvname = mci->mci_host; 2746 dotpos = strlen(srvname) - 1; 2747 if (dotpos >= 0) 2748 { 2749 if (srvname[dotpos] == '.') 2750 srvname[dotpos] = '\0'; 2751 else 2752 dotpos = -1; 2753 } 2754 } 2755 else if (mci->mci_mailer != NULL) 2756 { 2757 srvname = mci->mci_mailer->m_name; 2758 dotpos = -1; 2759 } 2760 else 2761 { 2762 srvname = "local"; 2763 dotpos = -1; 2764 } 2765 2766 /* don't set {server_name} to NULL or "": see getauth() */ 2767 macdefine(&mci->mci_macro, A_TEMP, macid("{server_name}"), 2768 srvname); 2769 2770 /* CurHostAddr is set by makeconnection() and mci_get() */ 2771 if (CurHostAddr.sa.sa_family != 0) 2772 { 2773 macdefine(&mci->mci_macro, A_TEMP, 2774 macid("{server_addr}"), 2775 anynet_ntoa(&CurHostAddr)); 2776 } 2777 else if (mci->mci_mailer != NULL) 2778 { 2779 /* mailer name is unique, use it as address */ 2780 macdefine(&mci->mci_macro, A_PERM, 2781 macid("{server_addr}"), 2782 mci->mci_mailer->m_name); 2783 } 2784 else 2785 { 2786 /* don't set it to NULL or "": see getauth() */ 2787 macdefine(&mci->mci_macro, A_PERM, 2788 macid("{server_addr}"), "0"); 2789 } 2790 2791 /* undo change of srvname (mci->mci_host) */ 2792 if (dotpos >= 0) 2793 srvname[dotpos] = '.'; 2794 2795 reconnect: /* after switching to an encrypted connection */ 2796 # endif /* STARTTLS || SASL */ 2797 2798 /* set the current connection information */ 2799 e->e_mci = mci; 2800 # if SASL 2801 mci->mci_saslcap = NULL; 2802 # endif /* SASL */ 2803 smtpinit(m, mci, e, ONLY_HELO(mci->mci_flags)); 2804 CLR_HELO(mci->mci_flags); 2805 2806 if (IS_DLVR_RETURN(e)) 2807 { 2808 /* 2809 ** Check whether other side can deliver e-mail 2810 ** fast enough 2811 */ 2812 2813 if (!bitset(MCIF_DLVR_BY, mci->mci_flags)) 2814 { 2815 e->e_status = "5.4.7"; 2816 usrerrenh(e->e_status, 2817 "554 Server does not support Deliver By"); 2818 rcode = EX_UNAVAILABLE; 2819 goto give_up; 2820 } 2821 if (e->e_deliver_by > 0 && 2822 e->e_deliver_by - (curtime() - e->e_ctime) < 2823 mci->mci_min_by) 2824 { 2825 e->e_status = "5.4.7"; 2826 usrerrenh(e->e_status, 2827 "554 Message can't be delivered in time; %ld < %ld", 2828 e->e_deliver_by - (curtime() - e->e_ctime), 2829 mci->mci_min_by); 2830 rcode = EX_UNAVAILABLE; 2831 goto give_up; 2832 } 2833 } 2834 2835 # if STARTTLS 2836 /* first TLS then AUTH to provide a security layer */ 2837 if (mci->mci_state != MCIS_CLOSED && 2838 !DONE_STARTTLS(mci->mci_flags)) 2839 { 2840 int olderrors; 2841 bool usetls; 2842 bool saveQuickAbort = QuickAbort; 2843 bool saveSuprErrs = SuprErrs; 2844 char *host = NULL; 2845 2846 rcode = EX_OK; 2847 usetls = bitset(MCIF_TLS, mci->mci_flags); 2848 if (usetls) 2849 usetls = !iscltflgset(e, D_NOTLS); 2850 2851 if (usetls) 2852 { 2853 host = macvalue(macid("{server_name}"), e); 2854 olderrors = Errors; 2855 QuickAbort = false; 2856 SuprErrs = true; 2857 if (rscheck("try_tls", host, NULL, e, true, 2858 false, 7, host, NOQID) != EX_OK 2859 || Errors > olderrors) 2860 usetls = false; 2861 SuprErrs = saveSuprErrs; 2862 QuickAbort = saveQuickAbort; 2863 } 2864 2865 if (usetls) 2866 { 2867 if ((rcode = starttls(m, mci, e)) == EX_OK) 2868 { 2869 /* start again without STARTTLS */ 2870 mci->mci_flags |= MCIF_TLSACT; 2871 } 2872 else 2873 { 2874 char *s; 2875 2876 /* 2877 ** TLS negotation failed, what to do? 2878 ** fall back to unencrypted connection 2879 ** or abort? How to decide? 2880 ** set a macro and call a ruleset. 2881 */ 2882 2883 mci->mci_flags &= ~MCIF_TLS; 2884 switch (rcode) 2885 { 2886 case EX_TEMPFAIL: 2887 s = "TEMP"; 2888 break; 2889 case EX_USAGE: 2890 s = "USAGE"; 2891 break; 2892 case EX_PROTOCOL: 2893 s = "PROTOCOL"; 2894 break; 2895 case EX_SOFTWARE: 2896 s = "SOFTWARE"; 2897 break; 2898 2899 /* everything else is a failure */ 2900 default: 2901 s = "FAILURE"; 2902 rcode = EX_TEMPFAIL; 2903 } 2904 macdefine(&e->e_macro, A_PERM, 2905 macid("{verify}"), s); 2906 } 2907 } 2908 else 2909 macdefine(&e->e_macro, A_PERM, 2910 macid("{verify}"), "NONE"); 2911 olderrors = Errors; 2912 QuickAbort = false; 2913 SuprErrs = true; 2914 2915 /* 2916 ** rcode == EX_SOFTWARE is special: 2917 ** the TLS negotation failed 2918 ** we have to drop the connection no matter what 2919 ** However, we call tls_server to give it the chance 2920 ** to log the problem and return an appropriate 2921 ** error code. 2922 */ 2923 2924 if (rscheck("tls_server", 2925 macvalue(macid("{verify}"), e), 2926 NULL, e, true, true, 5, host, 2927 NOQID) != EX_OK || 2928 Errors > olderrors || 2929 rcode == EX_SOFTWARE) 2930 { 2931 char enhsc[ENHSCLEN]; 2932 extern char MsgBuf[]; 2933 2934 if (ISSMTPCODE(MsgBuf) && 2935 extenhsc(MsgBuf + 4, ' ', enhsc) > 0) 2936 { 2937 p = sm_rpool_strdup_x(e->e_rpool, 2938 MsgBuf); 2939 } 2940 else 2941 { 2942 p = "403 4.7.0 server not authenticated."; 2943 (void) sm_strlcpy(enhsc, "4.7.0", 2944 sizeof enhsc); 2945 } 2946 SuprErrs = saveSuprErrs; 2947 QuickAbort = saveQuickAbort; 2948 2949 if (rcode == EX_SOFTWARE) 2950 { 2951 /* drop the connection */ 2952 mci->mci_state = MCIS_QUITING; 2953 if (mci->mci_in != NULL) 2954 { 2955 (void) sm_io_close(mci->mci_in, 2956 SM_TIME_DEFAULT); 2957 mci->mci_in = NULL; 2958 } 2959 mci->mci_flags &= ~MCIF_TLSACT; 2960 (void) endmailer(mci, e, pv); 2961 } 2962 else 2963 { 2964 /* abort transfer */ 2965 smtpquit(m, mci, e); 2966 } 2967 2968 /* avoid bogus error msg */ 2969 mci->mci_errno = 0; 2970 2971 /* temp or permanent failure? */ 2972 rcode = (*p == '4') ? EX_TEMPFAIL 2973 : EX_UNAVAILABLE; 2974 mci_setstat(mci, rcode, enhsc, p); 2975 2976 /* 2977 ** hack to get the error message into 2978 ** the envelope (done in giveresponse()) 2979 */ 2980 2981 (void) sm_strlcpy(SmtpError, p, 2982 sizeof SmtpError); 2983 } 2984 QuickAbort = saveQuickAbort; 2985 SuprErrs = saveSuprErrs; 2986 if (DONE_STARTTLS(mci->mci_flags) && 2987 mci->mci_state != MCIS_CLOSED) 2988 { 2989 SET_HELO(mci->mci_flags); 2990 mci->mci_flags &= ~MCIF_EXTENS; 2991 goto reconnect; 2992 } 2993 } 2994 # endif /* STARTTLS */ 2995 # if SASL 2996 /* if other server supports authentication let's authenticate */ 2997 if (mci->mci_state != MCIS_CLOSED && 2998 mci->mci_saslcap != NULL && 2999 !DONE_AUTH(mci->mci_flags) && !iscltflgset(e, D_NOAUTH)) 3000 { 3001 /* Should we require some minimum authentication? */ 3002 if ((ret = smtpauth(m, mci, e)) == EX_OK) 3003 { 3004 int result; 3005 sasl_ssf_t *ssf = NULL; 3006 3007 /* Get security strength (features) */ 3008 result = sasl_getprop(mci->mci_conn, SASL_SSF, 3009 (void **) &ssf); 3010 3011 /* XXX authid? */ 3012 if (LogLevel > 9) 3013 sm_syslog(LOG_INFO, NOQID, 3014 "AUTH=client, relay=%.100s, mech=%.16s, bits=%d", 3015 mci->mci_host, 3016 macvalue(macid("{auth_type}"), e), 3017 result == SASL_OK ? *ssf : 0); 3018 3019 /* 3020 ** Only switch to encrypted connection 3021 ** if a security layer has been negotiated 3022 */ 3023 3024 if (result == SASL_OK && *ssf > 0) 3025 { 3026 /* 3027 ** Convert I/O layer to use SASL. 3028 ** If the call fails, the connection 3029 ** is aborted. 3030 */ 3031 3032 if (sfdcsasl(&mci->mci_in, 3033 &mci->mci_out, 3034 mci->mci_conn) == 0) 3035 { 3036 mci->mci_flags &= ~MCIF_EXTENS; 3037 mci->mci_flags |= MCIF_AUTHACT| 3038 MCIF_ONLY_EHLO; 3039 goto reconnect; 3040 } 3041 syserr("AUTH TLS switch failed in client"); 3042 } 3043 /* else? XXX */ 3044 mci->mci_flags |= MCIF_AUTHACT; 3045 3046 } 3047 else if (ret == EX_TEMPFAIL) 3048 { 3049 if (LogLevel > 8) 3050 sm_syslog(LOG_ERR, NOQID, 3051 "AUTH=client, relay=%.100s, temporary failure, connection abort", 3052 mci->mci_host); 3053 smtpquit(m, mci, e); 3054 3055 /* avoid bogus error msg */ 3056 mci->mci_errno = 0; 3057 rcode = EX_TEMPFAIL; 3058 mci_setstat(mci, rcode, "4.7.1", p); 3059 3060 /* 3061 ** hack to get the error message into 3062 ** the envelope (done in giveresponse()) 3063 */ 3064 3065 (void) sm_strlcpy(SmtpError, 3066 "Temporary AUTH failure", 3067 sizeof SmtpError); 3068 } 3069 } 3070 # endif /* SASL */ 3071 } 3072 3073 3074 do_transfer: 3075 /* clear out per-message flags from connection structure */ 3076 mci->mci_flags &= ~(MCIF_CVT7TO8|MCIF_CVT8TO7); 3077 3078 if (bitset(EF_HAS8BIT, e->e_flags) && 3079 !bitset(EF_DONT_MIME, e->e_flags) && 3080 bitnset(M_7BITS, m->m_flags)) 3081 mci->mci_flags |= MCIF_CVT8TO7; 3082 3083 #if MIME7TO8 3084 if (bitnset(M_MAKE8BIT, m->m_flags) && 3085 !bitset(MCIF_7BIT, mci->mci_flags) && 3086 (p = hvalue("Content-Transfer-Encoding", e->e_header)) != NULL && 3087 (sm_strcasecmp(p, "quoted-printable") == 0 || 3088 sm_strcasecmp(p, "base64") == 0) && 3089 (p = hvalue("Content-Type", e->e_header)) != NULL) 3090 { 3091 /* may want to convert 7 -> 8 */ 3092 /* XXX should really parse it here -- and use a class XXX */ 3093 if (sm_strncasecmp(p, "text/plain", 10) == 0 && 3094 (p[10] == '\0' || p[10] == ' ' || p[10] == ';')) 3095 mci->mci_flags |= MCIF_CVT7TO8; 3096 } 3097 #endif /* MIME7TO8 */ 3098 3099 if (tTd(11, 1)) 3100 { 3101 sm_dprintf("openmailer: "); 3102 mci_dump(mci, false); 3103 } 3104 3105 #if _FFR_CLIENT_SIZE 3106 /* 3107 ** See if we know the maximum size and 3108 ** abort if the message is too big. 3109 ** 3110 ** NOTE: _FFR_CLIENT_SIZE is untested. 3111 */ 3112 3113 if (bitset(MCIF_SIZE, mci->mci_flags) && 3114 mci->mci_maxsize > 0 && 3115 e->e_msgsize > mci->mci_maxsize) 3116 { 3117 e->e_flags |= EF_NO_BODY_RETN; 3118 if (bitnset(M_LOCALMAILER, m->m_flags)) 3119 e->e_status = "5.2.3"; 3120 else 3121 e->e_status = "5.3.4"; 3122 3123 usrerrenh(e->e_status, 3124 "552 Message is too large; %ld bytes max", 3125 mci->mci_maxsize); 3126 rcode = EX_DATAERR; 3127 3128 /* Need an e_message for error */ 3129 (void) sm_snprintf(SmtpError, sizeof SmtpError, 3130 "Message is too large; %ld bytes max", 3131 mci->mci_maxsize); 3132 goto give_up; 3133 } 3134 #endif /* _FFR_CLIENT_SIZE */ 3135 3136 if (mci->mci_state != MCIS_OPEN) 3137 { 3138 /* couldn't open the mailer */ 3139 rcode = mci->mci_exitstat; 3140 errno = mci->mci_errno; 3141 SM_SET_H_ERRNO(mci->mci_herrno); 3142 if (rcode == EX_OK) 3143 { 3144 /* shouldn't happen */ 3145 syserr("554 5.3.5 deliver: mci=%lx rcode=%d errno=%d state=%d sig=%s", 3146 (unsigned long) mci, rcode, errno, 3147 mci->mci_state, firstsig); 3148 mci_dump_all(true); 3149 rcode = EX_SOFTWARE; 3150 } 3151 else if (nummxhosts > hostnum) 3152 { 3153 /* try next MX site */ 3154 goto tryhost; 3155 } 3156 } 3157 else if (!clever) 3158 { 3159 /* 3160 ** Format and send message. 3161 */ 3162 3163 putfromline(mci, e); 3164 (*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER); 3165 (*e->e_putbody)(mci, e, NULL); 3166 3167 /* get the exit status */ 3168 rcode = endmailer(mci, e, pv); 3169 if (rcode == EX_TEMPFAIL && SmtpError[0] == '\0') 3170 { 3171 /* 3172 ** Need an e_message for mailq display. 3173 ** We set SmtpError as 3174 */ 3175 3176 (void) sm_snprintf(SmtpError, sizeof SmtpError, 3177 "%s mailer (%s) exited with EX_TEMPFAIL", 3178 m->m_name, m->m_mailer); 3179 } 3180 } 3181 else 3182 { 3183 /* 3184 ** Send the MAIL FROM: protocol 3185 */ 3186 3187 /* XXX this isn't pipelined... */ 3188 rcode = smtpmailfrom(m, mci, e); 3189 if (rcode == EX_OK) 3190 { 3191 register int i; 3192 # if PIPELINING 3193 ADDRESS *volatile pchain; 3194 # endif /* PIPELINING */ 3195 3196 /* send the recipient list */ 3197 tobuf[0] = '\0'; 3198 mci->mci_retryrcpt = false; 3199 mci->mci_tolist = tobuf; 3200 # if PIPELINING 3201 pchain = NULL; 3202 mci->mci_nextaddr = NULL; 3203 # endif /* PIPELINING */ 3204 3205 for (to = tochain; to != NULL; to = to->q_tchain) 3206 { 3207 if (!QS_IS_UNMARKED(to->q_state)) 3208 continue; 3209 3210 /* mark recipient state as "ok so far" */ 3211 to->q_state = QS_OK; 3212 e->e_to = to->q_paddr; 3213 # if STARTTLS 3214 i = rscheck("tls_rcpt", to->q_user, NULL, e, 3215 true, true, 3, mci->mci_host, 3216 e->e_id); 3217 if (i != EX_OK) 3218 { 3219 markfailure(e, to, mci, i, false); 3220 giveresponse(i, to->q_status, m, mci, 3221 ctladdr, xstart, e, to); 3222 if (i == EX_TEMPFAIL) 3223 { 3224 mci->mci_retryrcpt = true; 3225 to->q_state = QS_RETRY; 3226 } 3227 continue; 3228 } 3229 # endif /* STARTTLS */ 3230 3231 i = smtprcpt(to, m, mci, e, ctladdr, xstart); 3232 # if PIPELINING 3233 if (i == EX_OK && 3234 bitset(MCIF_PIPELINED, mci->mci_flags)) 3235 { 3236 /* 3237 ** Add new element to list of 3238 ** recipients for pipelining. 3239 */ 3240 3241 to->q_pchain = NULL; 3242 if (mci->mci_nextaddr == NULL) 3243 mci->mci_nextaddr = to; 3244 if (pchain == NULL) 3245 pchain = to; 3246 else 3247 { 3248 pchain->q_pchain = to; 3249 pchain = pchain->q_pchain; 3250 } 3251 } 3252 # endif /* PIPELINING */ 3253 if (i != EX_OK) 3254 { 3255 markfailure(e, to, mci, i, false); 3256 giveresponse(i, to->q_status, m, mci, 3257 ctladdr, xstart, e, to); 3258 if (i == EX_TEMPFAIL) 3259 to->q_state = QS_RETRY; 3260 } 3261 } 3262 3263 /* No recipients in list and no missing responses? */ 3264 if (tobuf[0] == '\0' 3265 # if PIPELINING 3266 && mci->mci_nextaddr == NULL 3267 # endif /* PIPELINING */ 3268 ) 3269 { 3270 rcode = EX_OK; 3271 e->e_to = NULL; 3272 if (bitset(MCIF_CACHED, mci->mci_flags)) 3273 smtprset(m, mci, e); 3274 } 3275 else 3276 { 3277 e->e_to = tobuf + 1; 3278 rcode = smtpdata(m, mci, e, ctladdr, xstart); 3279 } 3280 } 3281 if (rcode == EX_TEMPFAIL && nummxhosts > hostnum) 3282 { 3283 /* try next MX site */ 3284 goto tryhost; 3285 } 3286 } 3287 #if NAMED_BIND 3288 if (ConfigLevel < 2) 3289 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */ 3290 #endif /* NAMED_BIND */ 3291 3292 if (tTd(62, 1)) 3293 checkfds("after delivery"); 3294 3295 /* 3296 ** Do final status disposal. 3297 ** We check for something in tobuf for the SMTP case. 3298 ** If we got a temporary failure, arrange to queue the 3299 ** addressees. 3300 */ 3301 3302 give_up: 3303 if (bitnset(M_LMTP, m->m_flags)) 3304 { 3305 lmtp_rcode = rcode; 3306 tobuf[0] = '\0'; 3307 anyok = false; 3308 strsize = 0; 3309 } 3310 else 3311 anyok = rcode == EX_OK; 3312 3313 for (to = tochain; to != NULL; to = to->q_tchain) 3314 { 3315 /* see if address already marked */ 3316 if (!QS_IS_OK(to->q_state)) 3317 continue; 3318 3319 /* if running LMTP, get the status for each address */ 3320 if (bitnset(M_LMTP, m->m_flags)) 3321 { 3322 if (lmtp_rcode == EX_OK) 3323 rcode = smtpgetstat(m, mci, e); 3324 if (rcode == EX_OK) 3325 { 3326 strsize += sm_strlcat2(tobuf + strsize, ",", 3327 to->q_paddr, 3328 tobufsize - strsize); 3329 SM_ASSERT(strsize < tobufsize); 3330 anyok = true; 3331 } 3332 else 3333 { 3334 e->e_to = to->q_paddr; 3335 markfailure(e, to, mci, rcode, true); 3336 giveresponse(rcode, to->q_status, m, mci, 3337 ctladdr, xstart, e, to); 3338 e->e_to = tobuf + 1; 3339 continue; 3340 } 3341 } 3342 else 3343 { 3344 /* mark bad addresses */ 3345 if (rcode != EX_OK) 3346 { 3347 if (goodmxfound && rcode == EX_NOHOST) 3348 rcode = EX_TEMPFAIL; 3349 markfailure(e, to, mci, rcode, true); 3350 continue; 3351 } 3352 } 3353 3354 /* successful delivery */ 3355 to->q_state = QS_SENT; 3356 to->q_statdate = curtime(); 3357 e->e_nsent++; 3358 3359 /* 3360 ** Checkpoint the send list every few addresses 3361 */ 3362 3363 if (CheckpointInterval > 0 && e->e_nsent >= CheckpointInterval) 3364 { 3365 queueup(e, false, false); 3366 e->e_nsent = 0; 3367 } 3368 3369 if (bitnset(M_LOCALMAILER, m->m_flags) && 3370 bitset(QPINGONSUCCESS, to->q_flags)) 3371 { 3372 to->q_flags |= QDELIVERED; 3373 to->q_status = "2.1.5"; 3374 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 3375 "%s... Successfully delivered\n", 3376 to->q_paddr); 3377 } 3378 else if (bitset(QPINGONSUCCESS, to->q_flags) && 3379 bitset(QPRIMARY, to->q_flags) && 3380 !bitset(MCIF_DSN, mci->mci_flags)) 3381 { 3382 to->q_flags |= QRELAYED; 3383 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 3384 "%s... relayed; expect no further notifications\n", 3385 to->q_paddr); 3386 } 3387 else if (IS_DLVR_NOTIFY(e) && 3388 !bitset(MCIF_DLVR_BY, mci->mci_flags) && 3389 bitset(QPRIMARY, to->q_flags) && 3390 (!bitset(QHASNOTIFY, to->q_flags) || 3391 bitset(QPINGONSUCCESS, to->q_flags) || 3392 bitset(QPINGONFAILURE, to->q_flags) || 3393 bitset(QPINGONDELAY, to->q_flags))) 3394 { 3395 /* RFC 2852, 4.1.4.2: no NOTIFY, or not NEVER */ 3396 to->q_flags |= QBYNRELAY; 3397 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 3398 "%s... Deliver-by notify: relayed\n", 3399 to->q_paddr); 3400 } 3401 else if (IS_DLVR_TRACE(e) && 3402 (!bitset(QHASNOTIFY, to->q_flags) || 3403 bitset(QPINGONSUCCESS, to->q_flags) || 3404 bitset(QPINGONFAILURE, to->q_flags) || 3405 bitset(QPINGONDELAY, to->q_flags)) && 3406 bitset(QPRIMARY, to->q_flags)) 3407 { 3408 /* RFC 2852, 4.1.4: no NOTIFY, or not NEVER */ 3409 to->q_flags |= QBYTRACE; 3410 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 3411 "%s... Deliver-By trace: relayed\n", 3412 to->q_paddr); 3413 } 3414 } 3415 3416 if (bitnset(M_LMTP, m->m_flags)) 3417 { 3418 /* 3419 ** Global information applies to the last recipient only; 3420 ** clear it out to avoid bogus errors. 3421 */ 3422 3423 rcode = EX_OK; 3424 e->e_statmsg = NULL; 3425 3426 /* reset the mci state for the next transaction */ 3427 if (mci != NULL && 3428 (mci->mci_state == MCIS_MAIL || 3429 mci->mci_state == MCIS_RCPT || 3430 mci->mci_state == MCIS_DATA)) 3431 mci->mci_state = MCIS_OPEN; 3432 } 3433 3434 if (tobuf[0] != '\0') 3435 { 3436 giveresponse(rcode, NULL, m, mci, ctladdr, xstart, e, tochain); 3437 #if 0 3438 /* 3439 ** This code is disabled for now because I am not 3440 ** sure that copying status from the first recipient 3441 ** to all non-status'ed recipients is a good idea. 3442 */ 3443 3444 if (tochain->q_message != NULL && 3445 !bitnset(M_LMTP, m->m_flags) && rcode != EX_OK) 3446 { 3447 for (to = tochain->q_tchain; to != NULL; 3448 to = to->q_tchain) 3449 { 3450 /* see if address already marked */ 3451 if (QS_IS_QUEUEUP(to->q_state) && 3452 to->q_message == NULL) 3453 to->q_message = sm_rpool_strdup_x(e->e_rpool, 3454 tochain->q_message); 3455 } 3456 } 3457 #endif /* 0 */ 3458 } 3459 if (anyok) 3460 markstats(e, tochain, STATS_NORMAL); 3461 mci_store_persistent(mci); 3462 3463 /* Some recipients were tempfailed, try them on the next host */ 3464 if (mci != NULL && mci->mci_retryrcpt && nummxhosts > hostnum) 3465 { 3466 /* try next MX site */ 3467 goto tryhost; 3468 } 3469 3470 /* now close the connection */ 3471 if (clever && mci != NULL && mci->mci_state != MCIS_CLOSED && 3472 !bitset(MCIF_CACHED, mci->mci_flags)) 3473 smtpquit(m, mci, e); 3474 3475 cleanup: ; 3476 } 3477 SM_FINALLY 3478 { 3479 /* 3480 ** Restore state and return. 3481 */ 3482 #if XDEBUG 3483 char wbuf[MAXLINE]; 3484 3485 /* make absolutely certain 0, 1, and 2 are in use */ 3486 (void) sm_snprintf(wbuf, sizeof wbuf, 3487 "%s... end of deliver(%s)", 3488 e->e_to == NULL ? "NO-TO-LIST" 3489 : shortenstring(e->e_to, 3490 MAXSHORTSTR), 3491 m->m_name); 3492 checkfd012(wbuf); 3493 #endif /* XDEBUG */ 3494 3495 errno = 0; 3496 3497 /* 3498 ** It was originally necessary to set macro 'g' to NULL 3499 ** because it previously pointed to an auto buffer. 3500 ** We don't do this any more, so this may be unnecessary. 3501 */ 3502 3503 macdefine(&e->e_macro, A_PERM, 'g', (char *) NULL); 3504 e->e_to = NULL; 3505 } 3506 SM_END_TRY 3507 return rcode; 3508 } 3509 3510 /* 3511 ** MARKFAILURE -- mark a failure on a specific address. 3512 ** 3513 ** Parameters: 3514 ** e -- the envelope we are sending. 3515 ** q -- the address to mark. 3516 ** mci -- mailer connection information. 3517 ** rcode -- the code signifying the particular failure. 3518 ** ovr -- override an existing code? 3519 ** 3520 ** Returns: 3521 ** none. 3522 ** 3523 ** Side Effects: 3524 ** marks the address (and possibly the envelope) with the 3525 ** failure so that an error will be returned or 3526 ** the message will be queued, as appropriate. 3527 */ 3528 3529 void 3530 markfailure(e, q, mci, rcode, ovr) 3531 register ENVELOPE *e; 3532 register ADDRESS *q; 3533 register MCI *mci; 3534 int rcode; 3535 bool ovr; 3536 { 3537 int save_errno = errno; 3538 char *status = NULL; 3539 char *rstatus = NULL; 3540 3541 switch (rcode) 3542 { 3543 case EX_OK: 3544 break; 3545 3546 case EX_TEMPFAIL: 3547 case EX_IOERR: 3548 case EX_OSERR: 3549 q->q_state = QS_QUEUEUP; 3550 break; 3551 3552 default: 3553 q->q_state = QS_BADADDR; 3554 break; 3555 } 3556 3557 /* find most specific error code possible */ 3558 if (mci != NULL && mci->mci_status != NULL) 3559 { 3560 status = sm_rpool_strdup_x(e->e_rpool, mci->mci_status); 3561 if (mci->mci_rstatus != NULL) 3562 rstatus = sm_rpool_strdup_x(e->e_rpool, 3563 mci->mci_rstatus); 3564 else 3565 rstatus = NULL; 3566 } 3567 else if (e->e_status != NULL) 3568 { 3569 status = e->e_status; 3570 rstatus = NULL; 3571 } 3572 else 3573 { 3574 switch (rcode) 3575 { 3576 case EX_USAGE: 3577 status = "5.5.4"; 3578 break; 3579 3580 case EX_DATAERR: 3581 status = "5.5.2"; 3582 break; 3583 3584 case EX_NOUSER: 3585 status = "5.1.1"; 3586 break; 3587 3588 case EX_NOHOST: 3589 status = "5.1.2"; 3590 break; 3591 3592 case EX_NOINPUT: 3593 case EX_CANTCREAT: 3594 case EX_NOPERM: 3595 status = "5.3.0"; 3596 break; 3597 3598 case EX_UNAVAILABLE: 3599 case EX_SOFTWARE: 3600 case EX_OSFILE: 3601 case EX_PROTOCOL: 3602 case EX_CONFIG: 3603 status = "5.5.0"; 3604 break; 3605 3606 case EX_OSERR: 3607 case EX_IOERR: 3608 status = "4.5.0"; 3609 break; 3610 3611 case EX_TEMPFAIL: 3612 status = "4.2.0"; 3613 break; 3614 } 3615 } 3616 3617 /* new status? */ 3618 if (status != NULL && *status != '\0' && (ovr || q->q_status == NULL || 3619 *q->q_status == '\0' || *q->q_status < *status)) 3620 { 3621 q->q_status = status; 3622 q->q_rstatus = rstatus; 3623 } 3624 if (rcode != EX_OK && q->q_rstatus == NULL && 3625 q->q_mailer != NULL && q->q_mailer->m_diagtype != NULL && 3626 sm_strcasecmp(q->q_mailer->m_diagtype, "X-UNIX") == 0) 3627 { 3628 char buf[16]; 3629 3630 (void) sm_snprintf(buf, sizeof buf, "%d", rcode); 3631 q->q_rstatus = sm_rpool_strdup_x(e->e_rpool, buf); 3632 } 3633 3634 q->q_statdate = curtime(); 3635 if (CurHostName != NULL && CurHostName[0] != '\0' && 3636 mci != NULL && !bitset(M_LOCALMAILER, mci->mci_flags)) 3637 q->q_statmta = sm_rpool_strdup_x(e->e_rpool, CurHostName); 3638 3639 /* restore errno */ 3640 errno = save_errno; 3641 } 3642 /* 3643 ** ENDMAILER -- Wait for mailer to terminate. 3644 ** 3645 ** We should never get fatal errors (e.g., segmentation 3646 ** violation), so we report those specially. For other 3647 ** errors, we choose a status message (into statmsg), 3648 ** and if it represents an error, we print it. 3649 ** 3650 ** Parameters: 3651 ** mci -- the mailer connection info. 3652 ** e -- the current envelope. 3653 ** pv -- the parameter vector that invoked the mailer 3654 ** (for error messages). 3655 ** 3656 ** Returns: 3657 ** exit code of mailer. 3658 ** 3659 ** Side Effects: 3660 ** none. 3661 */ 3662 3663 static jmp_buf EndWaitTimeout; 3664 3665 static void 3666 endwaittimeout() 3667 { 3668 /* 3669 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD 3670 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE 3671 ** DOING. 3672 */ 3673 3674 errno = ETIMEDOUT; 3675 longjmp(EndWaitTimeout, 1); 3676 } 3677 3678 int 3679 endmailer(mci, e, pv) 3680 register MCI *mci; 3681 register ENVELOPE *e; 3682 char **pv; 3683 { 3684 int st; 3685 int save_errno = errno; 3686 char buf[MAXLINE]; 3687 SM_EVENT *ev = NULL; 3688 3689 3690 mci_unlock_host(mci); 3691 3692 /* close output to mailer */ 3693 if (mci->mci_out != NULL) 3694 (void) sm_io_close(mci->mci_out, SM_TIME_DEFAULT); 3695 3696 /* copy any remaining input to transcript */ 3697 if (mci->mci_in != NULL && mci->mci_state != MCIS_ERROR && 3698 e->e_xfp != NULL) 3699 { 3700 while (sfgets(buf, sizeof buf, mci->mci_in, 3701 TimeOuts.to_quit, "Draining Input") != NULL) 3702 (void) sm_io_fputs(e->e_xfp, SM_TIME_DEFAULT, buf); 3703 } 3704 3705 #if SASL 3706 /* close SASL connection */ 3707 if (bitset(MCIF_AUTHACT, mci->mci_flags)) 3708 { 3709 sasl_dispose(&mci->mci_conn); 3710 mci->mci_flags &= ~MCIF_AUTHACT; 3711 } 3712 #endif /* SASL */ 3713 3714 #if STARTTLS 3715 /* shutdown TLS */ 3716 (void) endtlsclt(mci); 3717 #endif /* STARTTLS */ 3718 3719 /* now close the input */ 3720 if (mci->mci_in != NULL) 3721 (void) sm_io_close(mci->mci_in, SM_TIME_DEFAULT); 3722 mci->mci_in = mci->mci_out = NULL; 3723 mci->mci_state = MCIS_CLOSED; 3724 3725 errno = save_errno; 3726 3727 /* in the IPC case there is nothing to wait for */ 3728 if (mci->mci_pid == 0) 3729 return EX_OK; 3730 3731 /* put a timeout around the wait */ 3732 if (mci->mci_mailer->m_wait > 0) 3733 { 3734 if (setjmp(EndWaitTimeout) == 0) 3735 ev = sm_setevent(mci->mci_mailer->m_wait, 3736 endwaittimeout, 0); 3737 else 3738 { 3739 syserr("endmailer %s: wait timeout (%ld)", 3740 mci->mci_mailer->m_name, 3741 (long) mci->mci_mailer->m_wait); 3742 return EX_TEMPFAIL; 3743 } 3744 } 3745 3746 /* wait for the mailer process, collect status */ 3747 st = waitfor(mci->mci_pid); 3748 save_errno = errno; 3749 if (ev != NULL) 3750 sm_clrevent(ev); 3751 errno = save_errno; 3752 3753 if (st == -1) 3754 { 3755 syserr("endmailer %s: wait", mci->mci_mailer->m_name); 3756 return EX_SOFTWARE; 3757 } 3758 3759 if (WIFEXITED(st)) 3760 { 3761 /* normal death -- return status */ 3762 return (WEXITSTATUS(st)); 3763 } 3764 3765 /* it died a horrid death */ 3766 syserr("451 4.3.0 mailer %s died with signal %d%s", 3767 mci->mci_mailer->m_name, WTERMSIG(st), 3768 WCOREDUMP(st) ? " (core dumped)" : 3769 (WIFSTOPPED(st) ? " (stopped)" : "")); 3770 3771 /* log the arguments */ 3772 if (pv != NULL && e->e_xfp != NULL) 3773 { 3774 register char **av; 3775 3776 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, "Arguments:"); 3777 for (av = pv; *av != NULL; av++) 3778 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, " %s", 3779 *av); 3780 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, "\n"); 3781 } 3782 3783 ExitStat = EX_TEMPFAIL; 3784 return EX_TEMPFAIL; 3785 } 3786 /* 3787 ** GIVERESPONSE -- Interpret an error response from a mailer 3788 ** 3789 ** Parameters: 3790 ** status -- the status code from the mailer (high byte 3791 ** only; core dumps must have been taken care of 3792 ** already). 3793 ** dsn -- the DSN associated with the address, if any. 3794 ** m -- the mailer info for this mailer. 3795 ** mci -- the mailer connection info -- can be NULL if the 3796 ** response is given before the connection is made. 3797 ** ctladdr -- the controlling address for the recipient 3798 ** address(es). 3799 ** xstart -- the transaction start time, for computing 3800 ** transaction delays. 3801 ** e -- the current envelope. 3802 ** to -- the current recipient (NULL if none). 3803 ** 3804 ** Returns: 3805 ** none. 3806 ** 3807 ** Side Effects: 3808 ** Errors may be incremented. 3809 ** ExitStat may be set. 3810 */ 3811 3812 void 3813 giveresponse(status, dsn, m, mci, ctladdr, xstart, e, to) 3814 int status; 3815 char *dsn; 3816 register MAILER *m; 3817 register MCI *mci; 3818 ADDRESS *ctladdr; 3819 time_t xstart; 3820 ENVELOPE *e; 3821 ADDRESS *to; 3822 { 3823 register const char *statmsg; 3824 int errnum = errno; 3825 int off = 4; 3826 bool usestat = false; 3827 char dsnbuf[ENHSCLEN]; 3828 char buf[MAXLINE]; 3829 char *exmsg; 3830 3831 if (e == NULL) 3832 syserr("giveresponse: null envelope"); 3833 3834 /* 3835 ** Compute status message from code. 3836 */ 3837 3838 exmsg = sm_sysexmsg(status); 3839 if (status == 0) 3840 { 3841 statmsg = "250 2.0.0 Sent"; 3842 if (e->e_statmsg != NULL) 3843 { 3844 (void) sm_snprintf(buf, sizeof buf, "%s (%s)", 3845 statmsg, 3846 shortenstring(e->e_statmsg, 403)); 3847 statmsg = buf; 3848 } 3849 } 3850 else if (exmsg == NULL) 3851 { 3852 (void) sm_snprintf(buf, sizeof buf, 3853 "554 5.3.0 unknown mailer error %d", 3854 status); 3855 status = EX_UNAVAILABLE; 3856 statmsg = buf; 3857 usestat = true; 3858 } 3859 else if (status == EX_TEMPFAIL) 3860 { 3861 char *bp = buf; 3862 3863 (void) sm_strlcpy(bp, exmsg + 1, SPACELEFT(buf, bp)); 3864 bp += strlen(bp); 3865 #if NAMED_BIND 3866 if (h_errno == TRY_AGAIN) 3867 statmsg = sm_errstring(h_errno + E_DNSBASE); 3868 else 3869 #endif /* NAMED_BIND */ 3870 { 3871 if (errnum != 0) 3872 statmsg = sm_errstring(errnum); 3873 else 3874 statmsg = SmtpError; 3875 } 3876 if (statmsg != NULL && statmsg[0] != '\0') 3877 { 3878 switch (errnum) 3879 { 3880 #ifdef ENETDOWN 3881 case ENETDOWN: /* Network is down */ 3882 #endif /* ENETDOWN */ 3883 #ifdef ENETUNREACH 3884 case ENETUNREACH: /* Network is unreachable */ 3885 #endif /* ENETUNREACH */ 3886 #ifdef ENETRESET 3887 case ENETRESET: /* Network dropped connection on reset */ 3888 #endif /* ENETRESET */ 3889 #ifdef ECONNABORTED 3890 case ECONNABORTED: /* Software caused connection abort */ 3891 #endif /* ECONNABORTED */ 3892 #ifdef EHOSTDOWN 3893 case EHOSTDOWN: /* Host is down */ 3894 #endif /* EHOSTDOWN */ 3895 #ifdef EHOSTUNREACH 3896 case EHOSTUNREACH: /* No route to host */ 3897 #endif /* EHOSTUNREACH */ 3898 if (mci->mci_host != NULL) 3899 { 3900 (void) sm_strlcpyn(bp, 3901 SPACELEFT(buf, bp), 3902 2, ": ", 3903 mci->mci_host); 3904 bp += strlen(bp); 3905 } 3906 break; 3907 } 3908 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ": ", 3909 statmsg); 3910 usestat = true; 3911 } 3912 statmsg = buf; 3913 } 3914 #if NAMED_BIND 3915 else if (status == EX_NOHOST && h_errno != 0) 3916 { 3917 statmsg = sm_errstring(h_errno + E_DNSBASE); 3918 (void) sm_snprintf(buf, sizeof buf, "%s (%s)", exmsg + 1, 3919 statmsg); 3920 statmsg = buf; 3921 usestat = true; 3922 } 3923 #endif /* NAMED_BIND */ 3924 else 3925 { 3926 statmsg = exmsg; 3927 if (*statmsg++ == ':' && errnum != 0) 3928 { 3929 (void) sm_snprintf(buf, sizeof buf, "%s: %s", statmsg, 3930 sm_errstring(errnum)); 3931 statmsg = buf; 3932 usestat = true; 3933 } 3934 } 3935 3936 /* 3937 ** Print the message as appropriate 3938 */ 3939 3940 if (status == EX_OK || status == EX_TEMPFAIL) 3941 { 3942 extern char MsgBuf[]; 3943 3944 if ((off = isenhsc(statmsg + 4, ' ')) > 0) 3945 { 3946 if (dsn == NULL) 3947 { 3948 (void) sm_snprintf(dsnbuf, sizeof dsnbuf, 3949 "%.*s", off, statmsg + 4); 3950 dsn = dsnbuf; 3951 } 3952 off += 5; 3953 } 3954 else 3955 { 3956 off = 4; 3957 } 3958 message("%s", statmsg + off); 3959 if (status == EX_TEMPFAIL && e->e_xfp != NULL) 3960 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, "%s\n", 3961 &MsgBuf[4]); 3962 } 3963 else 3964 { 3965 char mbuf[ENHSCLEN + 4]; 3966 3967 Errors++; 3968 if ((off = isenhsc(statmsg + 4, ' ')) > 0 && 3969 off < sizeof mbuf - 4) 3970 { 3971 if (dsn == NULL) 3972 { 3973 (void) sm_snprintf(dsnbuf, sizeof dsnbuf, 3974 "%.*s", off, statmsg + 4); 3975 dsn = dsnbuf; 3976 } 3977 off += 5; 3978 3979 /* copy only part of statmsg to mbuf */ 3980 (void) sm_strlcpy(mbuf, statmsg, off); 3981 (void) sm_strlcat(mbuf, " %s", sizeof mbuf); 3982 } 3983 else 3984 { 3985 dsnbuf[0] = '\0'; 3986 (void) sm_snprintf(mbuf, sizeof mbuf, "%.3s %%s", 3987 statmsg); 3988 off = 4; 3989 } 3990 usrerr(mbuf, &statmsg[off]); 3991 } 3992 3993 /* 3994 ** Final cleanup. 3995 ** Log a record of the transaction. Compute the new 3996 ** ExitStat -- if we already had an error, stick with 3997 ** that. 3998 */ 3999 4000 if (OpMode != MD_VERIFY && !bitset(EF_VRFYONLY, e->e_flags) && 4001 LogLevel > ((status == EX_TEMPFAIL) ? 8 : (status == EX_OK) ? 7 : 6)) 4002 logdelivery(m, mci, dsn, statmsg + off, ctladdr, xstart, e); 4003 4004 if (tTd(11, 2)) 4005 sm_dprintf("giveresponse: status=%d, dsn=%s, e->e_message=%s, errnum=%d\n", 4006 status, 4007 dsn == NULL ? "<NULL>" : dsn, 4008 e->e_message == NULL ? "<NULL>" : e->e_message, 4009 errnum); 4010 4011 if (status != EX_TEMPFAIL) 4012 setstat(status); 4013 if (status != EX_OK && (status != EX_TEMPFAIL || e->e_message == NULL)) 4014 e->e_message = sm_rpool_strdup_x(e->e_rpool, statmsg + off); 4015 if (status != EX_OK && to != NULL && to->q_message == NULL) 4016 { 4017 if (!usestat && e->e_message != NULL) 4018 to->q_message = sm_rpool_strdup_x(e->e_rpool, 4019 e->e_message); 4020 else 4021 to->q_message = sm_rpool_strdup_x(e->e_rpool, 4022 statmsg + off); 4023 } 4024 errno = 0; 4025 SM_SET_H_ERRNO(0); 4026 } 4027 /* 4028 ** LOGDELIVERY -- log the delivery in the system log 4029 ** 4030 ** Care is taken to avoid logging lines that are too long, because 4031 ** some versions of syslog have an unfortunate proclivity for core 4032 ** dumping. This is a hack, to be sure, that is at best empirical. 4033 ** 4034 ** Parameters: 4035 ** m -- the mailer info. Can be NULL for initial queue. 4036 ** mci -- the mailer connection info -- can be NULL if the 4037 ** log is occurring when no connection is active. 4038 ** dsn -- the DSN attached to the status. 4039 ** status -- the message to print for the status. 4040 ** ctladdr -- the controlling address for the to list. 4041 ** xstart -- the transaction start time, used for 4042 ** computing transaction delay. 4043 ** e -- the current envelope. 4044 ** 4045 ** Returns: 4046 ** none 4047 ** 4048 ** Side Effects: 4049 ** none 4050 */ 4051 4052 void 4053 logdelivery(m, mci, dsn, status, ctladdr, xstart, e) 4054 MAILER *m; 4055 register MCI *mci; 4056 char *dsn; 4057 const char *status; 4058 ADDRESS *ctladdr; 4059 time_t xstart; 4060 register ENVELOPE *e; 4061 { 4062 register char *bp; 4063 register char *p; 4064 int l; 4065 time_t now = curtime(); 4066 char buf[1024]; 4067 4068 #if (SYSLOG_BUFSIZE) >= 256 4069 /* ctladdr: max 106 bytes */ 4070 bp = buf; 4071 if (ctladdr != NULL) 4072 { 4073 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", ctladdr=", 4074 shortenstring(ctladdr->q_paddr, 83)); 4075 bp += strlen(bp); 4076 if (bitset(QGOODUID, ctladdr->q_flags)) 4077 { 4078 (void) sm_snprintf(bp, SPACELEFT(buf, bp), " (%d/%d)", 4079 (int) ctladdr->q_uid, 4080 (int) ctladdr->q_gid); 4081 bp += strlen(bp); 4082 } 4083 } 4084 4085 /* delay & xdelay: max 41 bytes */ 4086 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", delay=", 4087 pintvl(now - e->e_ctime, true)); 4088 bp += strlen(bp); 4089 4090 if (xstart != (time_t) 0) 4091 { 4092 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", xdelay=", 4093 pintvl(now - xstart, true)); 4094 bp += strlen(bp); 4095 } 4096 4097 /* mailer: assume about 19 bytes (max 10 byte mailer name) */ 4098 if (m != NULL) 4099 { 4100 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", mailer=", 4101 m->m_name); 4102 bp += strlen(bp); 4103 } 4104 4105 /* pri: changes with each delivery attempt */ 4106 (void) sm_snprintf(bp, SPACELEFT(buf, bp), ", pri=%ld", 4107 e->e_msgpriority); 4108 bp += strlen(bp); 4109 4110 /* relay: max 66 bytes for IPv4 addresses */ 4111 if (mci != NULL && mci->mci_host != NULL) 4112 { 4113 extern SOCKADDR CurHostAddr; 4114 4115 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", relay=", 4116 shortenstring(mci->mci_host, 40)); 4117 bp += strlen(bp); 4118 4119 if (CurHostAddr.sa.sa_family != 0) 4120 { 4121 (void) sm_snprintf(bp, SPACELEFT(buf, bp), " [%s]", 4122 anynet_ntoa(&CurHostAddr)); 4123 } 4124 } 4125 #if _FFR_QUARANTINE 4126 else if (strcmp(status, "quarantined") == 0) 4127 { 4128 if (e->e_quarmsg != NULL) 4129 (void) sm_snprintf(bp, SPACELEFT(buf, bp), 4130 ", quarantine=%s", 4131 shortenstring(e->e_quarmsg, 40)); 4132 } 4133 #endif /* _FFR_QUARANTINE */ 4134 else if (strcmp(status, "queued") != 0) 4135 { 4136 p = macvalue('h', e); 4137 if (p != NULL && p[0] != '\0') 4138 { 4139 (void) sm_snprintf(bp, SPACELEFT(buf, bp), 4140 ", relay=%s", shortenstring(p, 40)); 4141 } 4142 } 4143 bp += strlen(bp); 4144 4145 /* dsn */ 4146 if (dsn != NULL && *dsn != '\0') 4147 { 4148 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", dsn=", 4149 shortenstring(dsn, ENHSCLEN)); 4150 bp += strlen(bp); 4151 } 4152 4153 # define STATLEN (((SYSLOG_BUFSIZE) - 100) / 4) 4154 # if (STATLEN) < 63 4155 # undef STATLEN 4156 # define STATLEN 63 4157 # endif /* (STATLEN) < 63 */ 4158 # if (STATLEN) > 203 4159 # undef STATLEN 4160 # define STATLEN 203 4161 # endif /* (STATLEN) > 203 */ 4162 4163 /* stat: max 210 bytes */ 4164 if ((bp - buf) > (sizeof buf - ((STATLEN) + 20))) 4165 { 4166 /* desperation move -- truncate data */ 4167 bp = buf + sizeof buf - ((STATLEN) + 17); 4168 (void) sm_strlcpy(bp, "...", SPACELEFT(buf, bp)); 4169 bp += 3; 4170 } 4171 4172 (void) sm_strlcpy(bp, ", stat=", SPACELEFT(buf, bp)); 4173 bp += strlen(bp); 4174 4175 (void) sm_strlcpy(bp, shortenstring(status, STATLEN), 4176 SPACELEFT(buf, bp)); 4177 4178 /* id, to: max 13 + TOBUFSIZE bytes */ 4179 l = SYSLOG_BUFSIZE - 100 - strlen(buf); 4180 if (l < 0) 4181 l = 0; 4182 p = e->e_to == NULL ? "NO-TO-LIST" : e->e_to; 4183 while (strlen(p) >= l) 4184 { 4185 register char *q; 4186 4187 for (q = p + l; q > p; q--) 4188 { 4189 if (*q == ',') 4190 break; 4191 } 4192 if (p == q) 4193 break; 4194 sm_syslog(LOG_INFO, e->e_id, "to=%.*s [more]%s", 4195 (int) (++q - p), p, buf); 4196 p = q; 4197 } 4198 sm_syslog(LOG_INFO, e->e_id, "to=%.*s%s", l, p, buf); 4199 4200 #else /* (SYSLOG_BUFSIZE) >= 256 */ 4201 4202 l = SYSLOG_BUFSIZE - 85; 4203 if (l < 0) 4204 l = 0; 4205 p = e->e_to == NULL ? "NO-TO-LIST" : e->e_to; 4206 while (strlen(p) >= l) 4207 { 4208 register char *q; 4209 4210 for (q = p + l; q > p; q--) 4211 { 4212 if (*q == ',') 4213 break; 4214 } 4215 if (p == q) 4216 break; 4217 4218 sm_syslog(LOG_INFO, e->e_id, "to=%.*s [more]", 4219 (int) (++q - p), p); 4220 p = q; 4221 } 4222 sm_syslog(LOG_INFO, e->e_id, "to=%.*s", l, p); 4223 4224 if (ctladdr != NULL) 4225 { 4226 bp = buf; 4227 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, "ctladdr=", 4228 shortenstring(ctladdr->q_paddr, 83)); 4229 bp += strlen(bp); 4230 if (bitset(QGOODUID, ctladdr->q_flags)) 4231 { 4232 (void) sm_snprintf(bp, SPACELEFT(buf, bp), " (%d/%d)", 4233 ctladdr->q_uid, ctladdr->q_gid); 4234 bp += strlen(bp); 4235 } 4236 sm_syslog(LOG_INFO, e->e_id, "%s", buf); 4237 } 4238 bp = buf; 4239 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, "delay=", 4240 pintvl(now - e->e_ctime, true)); 4241 bp += strlen(bp); 4242 if (xstart != (time_t) 0) 4243 { 4244 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", xdelay=", 4245 pintvl(now - xstart, true)); 4246 bp += strlen(bp); 4247 } 4248 4249 if (m != NULL) 4250 { 4251 (void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", mailer=", 4252 m->m_name); 4253 bp += strlen(bp); 4254 } 4255 sm_syslog(LOG_INFO, e->e_id, "%.1000s", buf); 4256 4257 buf[0] = '\0'; 4258 bp = buf; 4259 if (mci != NULL && mci->mci_host != NULL) 4260 { 4261 extern SOCKADDR CurHostAddr; 4262 4263 (void) sm_snprintf(bp, SPACELEFT(buf, bp), "relay=%.100s", 4264 mci->mci_host); 4265 bp += strlen(bp); 4266 4267 if (CurHostAddr.sa.sa_family != 0) 4268 (void) sm_snprintf(bp, SPACELEFT(buf, bp), 4269 " [%.100s]", 4270 anynet_ntoa(&CurHostAddr)); 4271 } 4272 #if _FFR_QUARANTINE 4273 else if (strcmp(status, "quarantined") == 0) 4274 { 4275 if (e->e_quarmsg != NULL) 4276 (void) sm_snprintf(bp, SPACELEFT(buf, bp), 4277 ", quarantine=%.100s", 4278 e->e_quarmsg); 4279 } 4280 #endif /* _FFR_QUARANTINE */ 4281 else if (strcmp(status, "queued") != 0) 4282 { 4283 p = macvalue('h', e); 4284 if (p != NULL && p[0] != '\0') 4285 (void) sm_snprintf(buf, sizeof buf, "relay=%.100s", p); 4286 } 4287 if (buf[0] != '\0') 4288 sm_syslog(LOG_INFO, e->e_id, "%.1000s", buf); 4289 4290 sm_syslog(LOG_INFO, e->e_id, "stat=%s", shortenstring(status, 63)); 4291 #endif /* (SYSLOG_BUFSIZE) >= 256 */ 4292 } 4293 /* 4294 ** PUTFROMLINE -- output a UNIX-style from line (or whatever) 4295 ** 4296 ** This can be made an arbitrary message separator by changing $l 4297 ** 4298 ** One of the ugliest hacks seen by human eyes is contained herein: 4299 ** UUCP wants those stupid "remote from <host>" lines. Why oh why 4300 ** does a well-meaning programmer such as myself have to deal with 4301 ** this kind of antique garbage???? 4302 ** 4303 ** Parameters: 4304 ** mci -- the connection information. 4305 ** e -- the envelope. 4306 ** 4307 ** Returns: 4308 ** none 4309 ** 4310 ** Side Effects: 4311 ** outputs some text to fp. 4312 */ 4313 4314 void 4315 putfromline(mci, e) 4316 register MCI *mci; 4317 ENVELOPE *e; 4318 { 4319 char *template = UnixFromLine; 4320 char buf[MAXLINE]; 4321 char xbuf[MAXLINE]; 4322 4323 if (bitnset(M_NHDR, mci->mci_mailer->m_flags)) 4324 return; 4325 4326 mci->mci_flags |= MCIF_INHEADER; 4327 4328 if (bitnset(M_UGLYUUCP, mci->mci_mailer->m_flags)) 4329 { 4330 char *bang; 4331 4332 expand("\201g", buf, sizeof buf, e); 4333 bang = strchr(buf, '!'); 4334 if (bang == NULL) 4335 { 4336 char *at; 4337 char hname[MAXNAME]; 4338 4339 /* 4340 ** If we can construct a UUCP path, do so 4341 */ 4342 4343 at = strrchr(buf, '@'); 4344 if (at == NULL) 4345 { 4346 expand("\201k", hname, sizeof hname, e); 4347 at = hname; 4348 } 4349 else 4350 *at++ = '\0'; 4351 (void) sm_snprintf(xbuf, sizeof xbuf, 4352 "From %.800s \201d remote from %.100s\n", 4353 buf, at); 4354 } 4355 else 4356 { 4357 *bang++ = '\0'; 4358 (void) sm_snprintf(xbuf, sizeof xbuf, 4359 "From %.800s \201d remote from %.100s\n", 4360 bang, buf); 4361 template = xbuf; 4362 } 4363 } 4364 expand(template, buf, sizeof buf, e); 4365 putxline(buf, strlen(buf), mci, PXLF_HEADER); 4366 } 4367 /* 4368 ** PUTBODY -- put the body of a message. 4369 ** 4370 ** Parameters: 4371 ** mci -- the connection information. 4372 ** e -- the envelope to put out. 4373 ** separator -- if non-NULL, a message separator that must 4374 ** not be permitted in the resulting message. 4375 ** 4376 ** Returns: 4377 ** none. 4378 ** 4379 ** Side Effects: 4380 ** The message is written onto fp. 4381 */ 4382 4383 /* values for output state variable */ 4384 #define OS_HEAD 0 /* at beginning of line */ 4385 #define OS_CR 1 /* read a carriage return */ 4386 #define OS_INLINE 2 /* putting rest of line */ 4387 4388 void 4389 putbody(mci, e, separator) 4390 register MCI *mci; 4391 register ENVELOPE *e; 4392 char *separator; 4393 { 4394 bool dead = false; 4395 char buf[MAXLINE]; 4396 #if MIME8TO7 4397 char *boundaries[MAXMIMENESTING + 1]; 4398 #endif /* MIME8TO7 */ 4399 4400 /* 4401 ** Output the body of the message 4402 */ 4403 4404 if (e->e_dfp == NULL && bitset(EF_HAS_DF, e->e_flags)) 4405 { 4406 char *df = queuename(e, DATAFL_LETTER); 4407 4408 e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, df, 4409 SM_IO_RDONLY, NULL); 4410 if (e->e_dfp == NULL) 4411 { 4412 char *msg = "!putbody: Cannot open %s for %s from %s"; 4413 4414 if (errno == ENOENT) 4415 msg++; 4416 syserr(msg, df, e->e_to, e->e_from.q_paddr); 4417 } 4418 4419 } 4420 if (e->e_dfp == NULL) 4421 { 4422 if (bitset(MCIF_INHEADER, mci->mci_flags)) 4423 { 4424 putline("", mci); 4425 mci->mci_flags &= ~MCIF_INHEADER; 4426 } 4427 putline("<<< No Message Collected >>>", mci); 4428 goto endofmessage; 4429 } 4430 4431 if (e->e_dfino == (ino_t) 0) 4432 { 4433 struct stat stbuf; 4434 4435 if (fstat(sm_io_getinfo(e->e_dfp, SM_IO_WHAT_FD, NULL), &stbuf) 4436 < 0) 4437 e->e_dfino = -1; 4438 else 4439 { 4440 e->e_dfdev = stbuf.st_dev; 4441 e->e_dfino = stbuf.st_ino; 4442 } 4443 } 4444 4445 /* paranoia: the data file should always be in a rewound state */ 4446 (void) bfrewind(e->e_dfp); 4447 4448 #if MIME8TO7 4449 if (bitset(MCIF_CVT8TO7, mci->mci_flags)) 4450 { 4451 /* 4452 ** Do 8 to 7 bit MIME conversion. 4453 */ 4454 4455 /* make sure it looks like a MIME message */ 4456 if (hvalue("MIME-Version", e->e_header) == NULL) 4457 putline("MIME-Version: 1.0", mci); 4458 4459 if (hvalue("Content-Type", e->e_header) == NULL) 4460 { 4461 (void) sm_snprintf(buf, sizeof buf, 4462 "Content-Type: text/plain; charset=%s", 4463 defcharset(e)); 4464 putline(buf, mci); 4465 } 4466 4467 /* now do the hard work */ 4468 boundaries[0] = NULL; 4469 mci->mci_flags |= MCIF_INHEADER; 4470 (void) mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER); 4471 } 4472 # if MIME7TO8 4473 else if (bitset(MCIF_CVT7TO8, mci->mci_flags)) 4474 { 4475 (void) mime7to8(mci, e->e_header, e); 4476 } 4477 # endif /* MIME7TO8 */ 4478 else if (MaxMimeHeaderLength > 0 || MaxMimeFieldLength > 0) 4479 { 4480 bool oldsuprerrs = SuprErrs; 4481 4482 /* Use mime8to7 to check multipart for MIME header overflows */ 4483 boundaries[0] = NULL; 4484 mci->mci_flags |= MCIF_INHEADER; 4485 4486 /* 4487 ** If EF_DONT_MIME is set, we have a broken MIME message 4488 ** and don't want to generate a new bounce message whose 4489 ** body propagates the broken MIME. We can't just not call 4490 ** mime8to7() as is done above since we need the security 4491 ** checks. The best we can do is suppress the errors. 4492 */ 4493 4494 if (bitset(EF_DONT_MIME, e->e_flags)) 4495 SuprErrs = true; 4496 4497 (void) mime8to7(mci, e->e_header, e, boundaries, 4498 M87F_OUTER|M87F_NO8TO7); 4499 4500 /* restore SuprErrs */ 4501 SuprErrs = oldsuprerrs; 4502 } 4503 else 4504 #endif /* MIME8TO7 */ 4505 { 4506 int ostate; 4507 register char *bp; 4508 register char *pbp; 4509 register int c; 4510 register char *xp; 4511 int padc; 4512 char *buflim; 4513 int pos = 0; 4514 char peekbuf[12]; 4515 4516 if (bitset(MCIF_INHEADER, mci->mci_flags)) 4517 { 4518 putline("", mci); 4519 mci->mci_flags &= ~MCIF_INHEADER; 4520 } 4521 4522 /* determine end of buffer; allow for short mailer lines */ 4523 buflim = &buf[sizeof buf - 1]; 4524 if (mci->mci_mailer->m_linelimit > 0 && 4525 mci->mci_mailer->m_linelimit < sizeof buf - 1) 4526 buflim = &buf[mci->mci_mailer->m_linelimit - 1]; 4527 4528 /* copy temp file to output with mapping */ 4529 ostate = OS_HEAD; 4530 bp = buf; 4531 pbp = peekbuf; 4532 while (!sm_io_error(mci->mci_out) && !dead) 4533 { 4534 if (pbp > peekbuf) 4535 c = *--pbp; 4536 else if ((c = sm_io_getc(e->e_dfp, SM_TIME_DEFAULT)) 4537 == SM_IO_EOF) 4538 break; 4539 if (bitset(MCIF_7BIT, mci->mci_flags)) 4540 c &= 0x7f; 4541 switch (ostate) 4542 { 4543 case OS_HEAD: 4544 if (c == '\0' && 4545 bitnset(M_NONULLS, 4546 mci->mci_mailer->m_flags)) 4547 break; 4548 if (c != '\r' && c != '\n' && bp < buflim) 4549 { 4550 *bp++ = c; 4551 break; 4552 } 4553 4554 /* check beginning of line for special cases */ 4555 *bp = '\0'; 4556 pos = 0; 4557 padc = SM_IO_EOF; 4558 if (buf[0] == 'F' && 4559 bitnset(M_ESCFROM, mci->mci_mailer->m_flags) 4560 && strncmp(buf, "From ", 5) == 0) 4561 { 4562 padc = '>'; 4563 } 4564 if (buf[0] == '-' && buf[1] == '-' && 4565 separator != NULL) 4566 { 4567 /* possible separator */ 4568 int sl = strlen(separator); 4569 4570 if (strncmp(&buf[2], separator, sl) 4571 == 0) 4572 padc = ' '; 4573 } 4574 if (buf[0] == '.' && 4575 bitnset(M_XDOT, mci->mci_mailer->m_flags)) 4576 { 4577 padc = '.'; 4578 } 4579 4580 /* now copy out saved line */ 4581 if (TrafficLogFile != NULL) 4582 { 4583 (void) sm_io_fprintf(TrafficLogFile, 4584 SM_TIME_DEFAULT, 4585 "%05d >>> ", 4586 (int) CurrentPid); 4587 if (padc != SM_IO_EOF) 4588 (void) sm_io_putc(TrafficLogFile, 4589 SM_TIME_DEFAULT, 4590 padc); 4591 for (xp = buf; xp < bp; xp++) 4592 (void) sm_io_putc(TrafficLogFile, 4593 SM_TIME_DEFAULT, 4594 (unsigned char) *xp); 4595 if (c == '\n') 4596 (void) sm_io_fputs(TrafficLogFile, 4597 SM_TIME_DEFAULT, 4598 mci->mci_mailer->m_eol); 4599 } 4600 if (padc != SM_IO_EOF) 4601 { 4602 if (sm_io_putc(mci->mci_out, 4603 SM_TIME_DEFAULT, padc) 4604 == SM_IO_EOF) 4605 { 4606 dead = true; 4607 continue; 4608 } 4609 else 4610 { 4611 /* record progress for DATA timeout */ 4612 DataProgress = true; 4613 } 4614 pos++; 4615 } 4616 for (xp = buf; xp < bp; xp++) 4617 { 4618 if (sm_io_putc(mci->mci_out, 4619 SM_TIME_DEFAULT, 4620 (unsigned char) *xp) 4621 == SM_IO_EOF) 4622 { 4623 dead = true; 4624 break; 4625 } 4626 else 4627 { 4628 /* record progress for DATA timeout */ 4629 DataProgress = true; 4630 } 4631 } 4632 if (dead) 4633 continue; 4634 if (c == '\n') 4635 { 4636 if (sm_io_fputs(mci->mci_out, 4637 SM_TIME_DEFAULT, 4638 mci->mci_mailer->m_eol) 4639 == SM_IO_EOF) 4640 break; 4641 else 4642 { 4643 /* record progress for DATA timeout */ 4644 DataProgress = true; 4645 } 4646 pos = 0; 4647 } 4648 else 4649 { 4650 pos += bp - buf; 4651 if (c != '\r') 4652 *pbp++ = c; 4653 } 4654 4655 bp = buf; 4656 4657 /* determine next state */ 4658 if (c == '\n') 4659 ostate = OS_HEAD; 4660 else if (c == '\r') 4661 ostate = OS_CR; 4662 else 4663 ostate = OS_INLINE; 4664 continue; 4665 4666 case OS_CR: 4667 if (c == '\n') 4668 { 4669 /* got CRLF */ 4670 if (sm_io_fputs(mci->mci_out, 4671 SM_TIME_DEFAULT, 4672 mci->mci_mailer->m_eol) 4673 == SM_IO_EOF) 4674 continue; 4675 else 4676 { 4677 /* record progress for DATA timeout */ 4678 DataProgress = true; 4679 } 4680 4681 if (TrafficLogFile != NULL) 4682 { 4683 (void) sm_io_fputs(TrafficLogFile, 4684 SM_TIME_DEFAULT, 4685 mci->mci_mailer->m_eol); 4686 } 4687 ostate = OS_HEAD; 4688 continue; 4689 } 4690 4691 /* had a naked carriage return */ 4692 *pbp++ = c; 4693 c = '\r'; 4694 ostate = OS_INLINE; 4695 goto putch; 4696 4697 case OS_INLINE: 4698 if (c == '\r') 4699 { 4700 ostate = OS_CR; 4701 continue; 4702 } 4703 if (c == '\0' && 4704 bitnset(M_NONULLS, 4705 mci->mci_mailer->m_flags)) 4706 break; 4707 putch: 4708 if (mci->mci_mailer->m_linelimit > 0 && 4709 pos >= mci->mci_mailer->m_linelimit - 1 && 4710 c != '\n') 4711 { 4712 int d; 4713 4714 /* check next character for EOL */ 4715 if (pbp > peekbuf) 4716 d = *(pbp - 1); 4717 else if ((d = sm_io_getc(e->e_dfp, 4718 SM_TIME_DEFAULT)) 4719 != SM_IO_EOF) 4720 *pbp++ = d; 4721 4722 if (d == '\n' || d == SM_IO_EOF) 4723 { 4724 if (TrafficLogFile != NULL) 4725 (void) sm_io_putc(TrafficLogFile, 4726 SM_TIME_DEFAULT, 4727 (unsigned char) c); 4728 if (sm_io_putc(mci->mci_out, 4729 SM_TIME_DEFAULT, 4730 (unsigned char) c) 4731 == SM_IO_EOF) 4732 { 4733 dead = true; 4734 continue; 4735 } 4736 else 4737 { 4738 /* record progress for DATA timeout */ 4739 DataProgress = true; 4740 } 4741 pos++; 4742 continue; 4743 } 4744 4745 if (sm_io_putc(mci->mci_out, 4746 SM_TIME_DEFAULT, '!') 4747 == SM_IO_EOF || 4748 sm_io_fputs(mci->mci_out, 4749 SM_TIME_DEFAULT, 4750 mci->mci_mailer->m_eol) 4751 == SM_IO_EOF) 4752 { 4753 dead = true; 4754 continue; 4755 } 4756 else 4757 { 4758 /* record progress for DATA timeout */ 4759 DataProgress = true; 4760 } 4761 4762 if (TrafficLogFile != NULL) 4763 { 4764 (void) sm_io_fprintf(TrafficLogFile, 4765 SM_TIME_DEFAULT, 4766 "!%s", 4767 mci->mci_mailer->m_eol); 4768 } 4769 ostate = OS_HEAD; 4770 *pbp++ = c; 4771 continue; 4772 } 4773 if (c == '\n') 4774 { 4775 if (TrafficLogFile != NULL) 4776 (void) sm_io_fputs(TrafficLogFile, 4777 SM_TIME_DEFAULT, 4778 mci->mci_mailer->m_eol); 4779 if (sm_io_fputs(mci->mci_out, 4780 SM_TIME_DEFAULT, 4781 mci->mci_mailer->m_eol) 4782 == SM_IO_EOF) 4783 continue; 4784 else 4785 { 4786 /* record progress for DATA timeout */ 4787 DataProgress = true; 4788 } 4789 pos = 0; 4790 ostate = OS_HEAD; 4791 } 4792 else 4793 { 4794 if (TrafficLogFile != NULL) 4795 (void) sm_io_putc(TrafficLogFile, 4796 SM_TIME_DEFAULT, 4797 (unsigned char) c); 4798 if (sm_io_putc(mci->mci_out, 4799 SM_TIME_DEFAULT, 4800 (unsigned char) c) 4801 == SM_IO_EOF) 4802 { 4803 dead = true; 4804 continue; 4805 } 4806 else 4807 { 4808 /* record progress for DATA timeout */ 4809 DataProgress = true; 4810 } 4811 pos++; 4812 ostate = OS_INLINE; 4813 } 4814 break; 4815 } 4816 } 4817 4818 /* make sure we are at the beginning of a line */ 4819 if (bp > buf) 4820 { 4821 if (TrafficLogFile != NULL) 4822 { 4823 for (xp = buf; xp < bp; xp++) 4824 (void) sm_io_putc(TrafficLogFile, 4825 SM_TIME_DEFAULT, 4826 (unsigned char) *xp); 4827 } 4828 for (xp = buf; xp < bp; xp++) 4829 { 4830 if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT, 4831 (unsigned char) *xp) 4832 == SM_IO_EOF) 4833 { 4834 dead = true; 4835 break; 4836 } 4837 else 4838 { 4839 /* record progress for DATA timeout */ 4840 DataProgress = true; 4841 } 4842 } 4843 pos += bp - buf; 4844 } 4845 if (!dead && pos > 0) 4846 { 4847 if (TrafficLogFile != NULL) 4848 (void) sm_io_fputs(TrafficLogFile, 4849 SM_TIME_DEFAULT, 4850 mci->mci_mailer->m_eol); 4851 (void) sm_io_fputs(mci->mci_out, SM_TIME_DEFAULT, 4852 mci->mci_mailer->m_eol); 4853 4854 /* record progress for DATA timeout */ 4855 DataProgress = true; 4856 } 4857 } 4858 4859 if (sm_io_error(e->e_dfp)) 4860 { 4861 syserr("putbody: %s/%cf%s: read error", 4862 qid_printqueue(e->e_dfqgrp, e->e_dfqdir), 4863 DATAFL_LETTER, e->e_id); 4864 ExitStat = EX_IOERR; 4865 } 4866 4867 endofmessage: 4868 /* 4869 ** Since mailfile() uses e_dfp in a child process, 4870 ** the file offset in the stdio library for the 4871 ** parent process will not agree with the in-kernel 4872 ** file offset since the file descriptor is shared 4873 ** between the processes. Therefore, it is vital 4874 ** that the file always be rewound. This forces the 4875 ** kernel offset (lseek) and stdio library (ftell) 4876 ** offset to match. 4877 */ 4878 4879 if (e->e_dfp != NULL) 4880 (void) bfrewind(e->e_dfp); 4881 4882 /* some mailers want extra blank line at end of message */ 4883 if (!dead && bitnset(M_BLANKEND, mci->mci_mailer->m_flags) && 4884 buf[0] != '\0' && buf[0] != '\n') 4885 putline("", mci); 4886 4887 (void) sm_io_flush(mci->mci_out, SM_TIME_DEFAULT); 4888 if (sm_io_error(mci->mci_out) && errno != EPIPE) 4889 { 4890 syserr("putbody: write error"); 4891 ExitStat = EX_IOERR; 4892 } 4893 4894 errno = 0; 4895 } 4896 /* 4897 ** MAILFILE -- Send a message to a file. 4898 ** 4899 ** If the file has the set-user-ID/set-group-ID bits set, but NO 4900 ** execute bits, sendmail will try to become the owner of that file 4901 ** rather than the real user. Obviously, this only works if 4902 ** sendmail runs as root. 4903 ** 4904 ** This could be done as a subordinate mailer, except that it 4905 ** is used implicitly to save messages in ~/dead.letter. We 4906 ** view this as being sufficiently important as to include it 4907 ** here. For example, if the system is dying, we shouldn't have 4908 ** to create another process plus some pipes to save the message. 4909 ** 4910 ** Parameters: 4911 ** filename -- the name of the file to send to. 4912 ** mailer -- mailer definition for recipient -- if NULL, 4913 ** use FileMailer. 4914 ** ctladdr -- the controlling address header -- includes 4915 ** the userid/groupid to be when sending. 4916 ** sfflags -- flags for opening. 4917 ** e -- the current envelope. 4918 ** 4919 ** Returns: 4920 ** The exit code associated with the operation. 4921 ** 4922 ** Side Effects: 4923 ** none. 4924 */ 4925 4926 # define RETURN(st) exit(st); 4927 4928 static jmp_buf CtxMailfileTimeout; 4929 4930 int 4931 mailfile(filename, mailer, ctladdr, sfflags, e) 4932 char *volatile filename; 4933 MAILER *volatile mailer; 4934 ADDRESS *ctladdr; 4935 volatile long sfflags; 4936 register ENVELOPE *e; 4937 { 4938 register SM_FILE_T *f; 4939 register pid_t pid = -1; 4940 volatile int mode; 4941 int len; 4942 off_t curoff; 4943 bool suidwarn = geteuid() == 0; 4944 char *p; 4945 char *volatile realfile; 4946 SM_EVENT *ev; 4947 char buf[MAXLINE + 1]; 4948 char targetfile[MAXPATHLEN + 1]; 4949 4950 if (tTd(11, 1)) 4951 { 4952 sm_dprintf("mailfile %s\n ctladdr=", filename); 4953 printaddr(ctladdr, false); 4954 } 4955 4956 if (mailer == NULL) 4957 mailer = FileMailer; 4958 4959 if (e->e_xfp != NULL) 4960 (void) sm_io_flush(e->e_xfp, SM_TIME_DEFAULT); 4961 4962 /* 4963 ** Special case /dev/null. This allows us to restrict file 4964 ** delivery to regular files only. 4965 */ 4966 4967 if (sm_path_isdevnull(filename)) 4968 return EX_OK; 4969 4970 /* check for 8-bit available */ 4971 if (bitset(EF_HAS8BIT, e->e_flags) && 4972 bitnset(M_7BITS, mailer->m_flags) && 4973 (bitset(EF_DONT_MIME, e->e_flags) || 4974 !(bitset(MM_MIME8BIT, MimeMode) || 4975 (bitset(EF_IS_MIME, e->e_flags) && 4976 bitset(MM_CVTMIME, MimeMode))))) 4977 { 4978 e->e_status = "5.6.3"; 4979 usrerrenh(e->e_status, 4980 "554 Cannot send 8-bit data to 7-bit destination"); 4981 errno = 0; 4982 return EX_DATAERR; 4983 } 4984 4985 /* Find the actual file */ 4986 if (SafeFileEnv != NULL && SafeFileEnv[0] != '\0') 4987 { 4988 len = strlen(SafeFileEnv); 4989 4990 if (strncmp(SafeFileEnv, filename, len) == 0) 4991 filename += len; 4992 4993 if (len + strlen(filename) + 1 >= sizeof targetfile) 4994 { 4995 syserr("mailfile: filename too long (%s/%s)", 4996 SafeFileEnv, filename); 4997 return EX_CANTCREAT; 4998 } 4999 (void) sm_strlcpy(targetfile, SafeFileEnv, sizeof targetfile); 5000 realfile = targetfile + len; 5001 if (targetfile[len - 1] != '/') 5002 (void) sm_strlcat(targetfile, "/", sizeof targetfile); 5003 if (*filename == '/') 5004 filename++; 5005 (void) sm_strlcat(targetfile, filename, sizeof targetfile); 5006 } 5007 else if (mailer->m_rootdir != NULL) 5008 { 5009 expand(mailer->m_rootdir, targetfile, sizeof targetfile, e); 5010 len = strlen(targetfile); 5011 5012 if (strncmp(targetfile, filename, len) == 0) 5013 filename += len; 5014 5015 if (len + strlen(filename) + 1 >= sizeof targetfile) 5016 { 5017 syserr("mailfile: filename too long (%s/%s)", 5018 targetfile, filename); 5019 return EX_CANTCREAT; 5020 } 5021 realfile = targetfile + len; 5022 if (targetfile[len - 1] != '/') 5023 (void) sm_strlcat(targetfile, "/", sizeof targetfile); 5024 if (*filename == '/') 5025 (void) sm_strlcat(targetfile, filename + 1, 5026 sizeof targetfile); 5027 else 5028 (void) sm_strlcat(targetfile, filename, 5029 sizeof targetfile); 5030 } 5031 else 5032 { 5033 if (sm_strlcpy(targetfile, filename, sizeof targetfile) >= 5034 sizeof targetfile) 5035 { 5036 syserr("mailfile: filename too long (%s)", filename); 5037 return EX_CANTCREAT; 5038 } 5039 realfile = targetfile; 5040 } 5041 5042 /* 5043 ** Fork so we can change permissions here. 5044 ** Note that we MUST use fork, not vfork, because of 5045 ** the complications of calling subroutines, etc. 5046 */ 5047 5048 DOFORK(fork); 5049 5050 if (pid < 0) 5051 return EX_OSERR; 5052 else if (pid == 0) 5053 { 5054 /* child -- actually write to file */ 5055 struct stat stb; 5056 MCI mcibuf; 5057 int err; 5058 volatile int oflags = O_WRONLY|O_APPEND; 5059 5060 /* Reset global flags */ 5061 RestartRequest = NULL; 5062 RestartWorkGroup = false; 5063 ShutdownRequest = NULL; 5064 PendingSignal = 0; 5065 CurrentPid = getpid(); 5066 5067 if (e->e_lockfp != NULL) 5068 (void) close(sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD, 5069 NULL)); 5070 5071 (void) sm_signal(SIGINT, SIG_DFL); 5072 (void) sm_signal(SIGHUP, SIG_DFL); 5073 (void) sm_signal(SIGTERM, SIG_DFL); 5074 (void) umask(OldUmask); 5075 e->e_to = filename; 5076 ExitStat = EX_OK; 5077 5078 if (setjmp(CtxMailfileTimeout) != 0) 5079 { 5080 RETURN(EX_TEMPFAIL); 5081 } 5082 5083 if (TimeOuts.to_fileopen > 0) 5084 ev = sm_setevent(TimeOuts.to_fileopen, mailfiletimeout, 5085 0); 5086 else 5087 ev = NULL; 5088 5089 /* check file mode to see if set-user-ID */ 5090 if (stat(targetfile, &stb) < 0) 5091 mode = FileMode; 5092 else 5093 mode = stb.st_mode; 5094 5095 /* limit the errors to those actually caused in the child */ 5096 errno = 0; 5097 ExitStat = EX_OK; 5098 5099 /* Allow alias expansions to use the S_IS{U,G}ID bits */ 5100 if ((ctladdr != NULL && !bitset(QALIAS, ctladdr->q_flags)) || 5101 bitset(SFF_RUNASREALUID, sfflags)) 5102 { 5103 /* ignore set-user-ID and set-group-ID bits */ 5104 mode &= ~(S_ISGID|S_ISUID); 5105 if (tTd(11, 20)) 5106 sm_dprintf("mailfile: ignoring set-user-ID/set-group-ID bits\n"); 5107 } 5108 5109 /* we have to open the data file BEFORE setuid() */ 5110 if (e->e_dfp == NULL && bitset(EF_HAS_DF, e->e_flags)) 5111 { 5112 char *df = queuename(e, DATAFL_LETTER); 5113 5114 e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, df, 5115 SM_IO_RDONLY, NULL); 5116 if (e->e_dfp == NULL) 5117 { 5118 syserr("mailfile: Cannot open %s for %s from %s", 5119 df, e->e_to, e->e_from.q_paddr); 5120 } 5121 } 5122 5123 /* select a new user to run as */ 5124 if (!bitset(SFF_RUNASREALUID, sfflags)) 5125 { 5126 if (bitnset(M_SPECIFIC_UID, mailer->m_flags)) 5127 { 5128 RealUserName = NULL; 5129 RealUid = mailer->m_uid; 5130 if (RunAsUid != 0 && RealUid != RunAsUid) 5131 { 5132 /* Only root can change the uid */ 5133 syserr("mailfile: insufficient privileges to change uid, RunAsUid=%d, RealUid=%d", 5134 (int) RunAsUid, (int) RealUid); 5135 RETURN(EX_TEMPFAIL); 5136 } 5137 } 5138 else if (bitset(S_ISUID, mode)) 5139 { 5140 RealUserName = NULL; 5141 RealUid = stb.st_uid; 5142 } 5143 else if (ctladdr != NULL && ctladdr->q_uid != 0) 5144 { 5145 if (ctladdr->q_ruser != NULL) 5146 RealUserName = ctladdr->q_ruser; 5147 else 5148 RealUserName = ctladdr->q_user; 5149 RealUid = ctladdr->q_uid; 5150 } 5151 else if (mailer != NULL && mailer->m_uid != 0) 5152 { 5153 RealUserName = DefUser; 5154 RealUid = mailer->m_uid; 5155 } 5156 else 5157 { 5158 RealUserName = DefUser; 5159 RealUid = DefUid; 5160 } 5161 5162 /* select a new group to run as */ 5163 if (bitnset(M_SPECIFIC_UID, mailer->m_flags)) 5164 { 5165 RealGid = mailer->m_gid; 5166 if (RunAsUid != 0 && 5167 (RealGid != getgid() || 5168 RealGid != getegid())) 5169 { 5170 /* Only root can change the gid */ 5171 syserr("mailfile: insufficient privileges to change gid, RealGid=%d, RunAsUid=%d, gid=%d, egid=%d", 5172 (int) RealGid, (int) RunAsUid, 5173 (int) getgid(), (int) getegid()); 5174 RETURN(EX_TEMPFAIL); 5175 } 5176 } 5177 else if (bitset(S_ISGID, mode)) 5178 RealGid = stb.st_gid; 5179 else if (ctladdr != NULL && 5180 ctladdr->q_uid == DefUid && 5181 ctladdr->q_gid == 0) 5182 { 5183 /* 5184 ** Special case: This means it is an 5185 ** alias and we should act as DefaultUser. 5186 ** See alias()'s comments. 5187 */ 5188 5189 RealGid = DefGid; 5190 RealUserName = DefUser; 5191 } 5192 else if (ctladdr != NULL && ctladdr->q_uid != 0) 5193 RealGid = ctladdr->q_gid; 5194 else if (mailer != NULL && mailer->m_gid != 0) 5195 RealGid = mailer->m_gid; 5196 else 5197 RealGid = DefGid; 5198 } 5199 5200 /* last ditch */ 5201 if (!bitset(SFF_ROOTOK, sfflags)) 5202 { 5203 if (RealUid == 0) 5204 RealUid = DefUid; 5205 if (RealGid == 0) 5206 RealGid = DefGid; 5207 } 5208 5209 /* set group id list (needs /etc/group access) */ 5210 if (RealUserName != NULL && !DontInitGroups) 5211 { 5212 if (initgroups(RealUserName, RealGid) == -1 && suidwarn) 5213 { 5214 syserr("mailfile: initgroups(%s, %d) failed", 5215 RealUserName, RealGid); 5216 RETURN(EX_TEMPFAIL); 5217 } 5218 } 5219 else 5220 { 5221 GIDSET_T gidset[1]; 5222 5223 gidset[0] = RealGid; 5224 if (setgroups(1, gidset) == -1 && suidwarn) 5225 { 5226 syserr("mailfile: setgroups() failed"); 5227 RETURN(EX_TEMPFAIL); 5228 } 5229 } 5230 5231 /* 5232 ** If you have a safe environment, go into it. 5233 */ 5234 5235 if (realfile != targetfile) 5236 { 5237 *realfile = '\0'; 5238 if (tTd(11, 20)) 5239 sm_dprintf("mailfile: chroot %s\n", targetfile); 5240 if (chroot(targetfile) < 0) 5241 { 5242 syserr("mailfile: Cannot chroot(%s)", 5243 targetfile); 5244 RETURN(EX_CANTCREAT); 5245 } 5246 *realfile = '/'; 5247 } 5248 5249 if (tTd(11, 40)) 5250 sm_dprintf("mailfile: deliver to %s\n", realfile); 5251 5252 if (chdir("/") < 0) 5253 { 5254 syserr("mailfile: cannot chdir(/)"); 5255 RETURN(EX_CANTCREAT); 5256 } 5257 5258 /* now reset the group and user ids */ 5259 endpwent(); 5260 sm_mbdb_terminate(); 5261 if (setgid(RealGid) < 0 && suidwarn) 5262 { 5263 syserr("mailfile: setgid(%ld) failed", (long) RealGid); 5264 RETURN(EX_TEMPFAIL); 5265 } 5266 vendor_set_uid(RealUid); 5267 if (setuid(RealUid) < 0 && suidwarn) 5268 { 5269 syserr("mailfile: setuid(%ld) failed", (long) RealUid); 5270 RETURN(EX_TEMPFAIL); 5271 } 5272 5273 if (tTd(11, 2)) 5274 sm_dprintf("mailfile: running as r/euid=%d/%d, r/egid=%d/%d\n", 5275 (int) getuid(), (int) geteuid(), 5276 (int) getgid(), (int) getegid()); 5277 5278 5279 /* move into some "safe" directory */ 5280 if (mailer->m_execdir != NULL) 5281 { 5282 char *q; 5283 5284 for (p = mailer->m_execdir; p != NULL; p = q) 5285 { 5286 q = strchr(p, ':'); 5287 if (q != NULL) 5288 *q = '\0'; 5289 expand(p, buf, sizeof buf, e); 5290 if (q != NULL) 5291 *q++ = ':'; 5292 if (tTd(11, 20)) 5293 sm_dprintf("mailfile: trydir %s\n", 5294 buf); 5295 if (buf[0] != '\0' && chdir(buf) >= 0) 5296 break; 5297 } 5298 } 5299 5300 /* 5301 ** Recheck the file after we have assumed the ID of the 5302 ** delivery user to make sure we can deliver to it as 5303 ** that user. This is necessary if sendmail is running 5304 ** as root and the file is on an NFS mount which treats 5305 ** root as nobody. 5306 */ 5307 5308 #if HASLSTAT 5309 if (bitnset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail)) 5310 err = stat(realfile, &stb); 5311 else 5312 err = lstat(realfile, &stb); 5313 #else /* HASLSTAT */ 5314 err = stat(realfile, &stb); 5315 #endif /* HASLSTAT */ 5316 5317 if (err < 0) 5318 { 5319 stb.st_mode = ST_MODE_NOFILE; 5320 mode = FileMode; 5321 oflags |= O_CREAT|O_EXCL; 5322 } 5323 else if (bitset(S_IXUSR|S_IXGRP|S_IXOTH, mode) || 5324 (!bitnset(DBS_FILEDELIVERYTOHARDLINK, 5325 DontBlameSendmail) && 5326 stb.st_nlink != 1) || 5327 (realfile != targetfile && !S_ISREG(mode))) 5328 exit(EX_CANTCREAT); 5329 else 5330 mode = stb.st_mode; 5331 5332 if (!bitnset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail)) 5333 sfflags |= SFF_NOSLINK; 5334 if (!bitnset(DBS_FILEDELIVERYTOHARDLINK, DontBlameSendmail)) 5335 sfflags |= SFF_NOHLINK; 5336 sfflags &= ~SFF_OPENASROOT; 5337 f = safefopen(realfile, oflags, mode, sfflags); 5338 if (f == NULL) 5339 { 5340 if (transienterror(errno)) 5341 { 5342 usrerr("454 4.3.0 cannot open %s: %s", 5343 shortenstring(realfile, MAXSHORTSTR), 5344 sm_errstring(errno)); 5345 RETURN(EX_TEMPFAIL); 5346 } 5347 else 5348 { 5349 usrerr("554 5.3.0 cannot open %s: %s", 5350 shortenstring(realfile, MAXSHORTSTR), 5351 sm_errstring(errno)); 5352 RETURN(EX_CANTCREAT); 5353 } 5354 } 5355 if (filechanged(realfile, sm_io_getinfo(f, SM_IO_WHAT_FD, NULL), 5356 &stb)) 5357 { 5358 syserr("554 5.3.0 file changed after open"); 5359 RETURN(EX_CANTCREAT); 5360 } 5361 if (fstat(sm_io_getinfo(f, SM_IO_WHAT_FD, NULL), &stb) < 0) 5362 { 5363 syserr("554 5.3.0 cannot fstat %s", 5364 sm_errstring(errno)); 5365 RETURN(EX_CANTCREAT); 5366 } 5367 5368 curoff = stb.st_size; 5369 5370 if (ev != NULL) 5371 sm_clrevent(ev); 5372 5373 memset(&mcibuf, '\0', sizeof mcibuf); 5374 mcibuf.mci_mailer = mailer; 5375 mcibuf.mci_out = f; 5376 if (bitnset(M_7BITS, mailer->m_flags)) 5377 mcibuf.mci_flags |= MCIF_7BIT; 5378 5379 /* clear out per-message flags from connection structure */ 5380 mcibuf.mci_flags &= ~(MCIF_CVT7TO8|MCIF_CVT8TO7); 5381 5382 if (bitset(EF_HAS8BIT, e->e_flags) && 5383 !bitset(EF_DONT_MIME, e->e_flags) && 5384 bitnset(M_7BITS, mailer->m_flags)) 5385 mcibuf.mci_flags |= MCIF_CVT8TO7; 5386 5387 #if MIME7TO8 5388 if (bitnset(M_MAKE8BIT, mailer->m_flags) && 5389 !bitset(MCIF_7BIT, mcibuf.mci_flags) && 5390 (p = hvalue("Content-Transfer-Encoding", e->e_header)) != NULL && 5391 (sm_strcasecmp(p, "quoted-printable") == 0 || 5392 sm_strcasecmp(p, "base64") == 0) && 5393 (p = hvalue("Content-Type", e->e_header)) != NULL) 5394 { 5395 /* may want to convert 7 -> 8 */ 5396 /* XXX should really parse it here -- and use a class XXX */ 5397 if (sm_strncasecmp(p, "text/plain", 10) == 0 && 5398 (p[10] == '\0' || p[10] == ' ' || p[10] == ';')) 5399 mcibuf.mci_flags |= MCIF_CVT7TO8; 5400 } 5401 #endif /* MIME7TO8 */ 5402 5403 putfromline(&mcibuf, e); 5404 (*e->e_puthdr)(&mcibuf, e->e_header, e, M87F_OUTER); 5405 (*e->e_putbody)(&mcibuf, e, NULL); 5406 putline("\n", &mcibuf); 5407 if (sm_io_flush(f, SM_TIME_DEFAULT) != 0 || 5408 (SuperSafe != SAFE_NO && 5409 fsync(sm_io_getinfo(f, SM_IO_WHAT_FD, NULL)) < 0) || 5410 sm_io_error(f)) 5411 { 5412 setstat(EX_IOERR); 5413 #if !NOFTRUNCATE 5414 (void) ftruncate(sm_io_getinfo(f, SM_IO_WHAT_FD, NULL), 5415 curoff); 5416 #endif /* !NOFTRUNCATE */ 5417 } 5418 5419 /* reset ISUID & ISGID bits for paranoid systems */ 5420 #if HASFCHMOD 5421 (void) fchmod(sm_io_getinfo(f, SM_IO_WHAT_FD, NULL), 5422 (MODE_T) mode); 5423 #else /* HASFCHMOD */ 5424 (void) chmod(filename, (MODE_T) mode); 5425 #endif /* HASFCHMOD */ 5426 if (sm_io_close(f, SM_TIME_DEFAULT) < 0) 5427 setstat(EX_IOERR); 5428 (void) sm_io_flush(smioout, SM_TIME_DEFAULT); 5429 (void) setuid(RealUid); 5430 exit(ExitStat); 5431 /* NOTREACHED */ 5432 } 5433 else 5434 { 5435 /* parent -- wait for exit status */ 5436 int st; 5437 5438 st = waitfor(pid); 5439 if (st == -1) 5440 { 5441 syserr("mailfile: %s: wait", mailer->m_name); 5442 return EX_SOFTWARE; 5443 } 5444 if (WIFEXITED(st)) 5445 { 5446 errno = 0; 5447 return (WEXITSTATUS(st)); 5448 } 5449 else 5450 { 5451 syserr("mailfile: %s: child died on signal %d", 5452 mailer->m_name, st); 5453 return EX_UNAVAILABLE; 5454 } 5455 /* NOTREACHED */ 5456 } 5457 return EX_UNAVAILABLE; /* avoid compiler warning on IRIX */ 5458 } 5459 5460 static void 5461 mailfiletimeout() 5462 { 5463 /* 5464 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD 5465 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE 5466 ** DOING. 5467 */ 5468 5469 errno = ETIMEDOUT; 5470 longjmp(CtxMailfileTimeout, 1); 5471 } 5472 /* 5473 ** HOSTSIGNATURE -- return the "signature" for a host. 5474 ** 5475 ** The signature describes how we are going to send this -- it 5476 ** can be just the hostname (for non-Internet hosts) or can be 5477 ** an ordered list of MX hosts. 5478 ** 5479 ** Parameters: 5480 ** m -- the mailer describing this host. 5481 ** host -- the host name. 5482 ** 5483 ** Returns: 5484 ** The signature for this host. 5485 ** 5486 ** Side Effects: 5487 ** Can tweak the symbol table. 5488 */ 5489 5490 #define MAXHOSTSIGNATURE 8192 /* max len of hostsignature */ 5491 5492 char * 5493 hostsignature(m, host) 5494 register MAILER *m; 5495 char *host; 5496 { 5497 register char *p; 5498 register STAB *s; 5499 time_t now; 5500 #if NAMED_BIND 5501 char sep = ':'; 5502 char prevsep = ':'; 5503 int i; 5504 int len; 5505 int nmx; 5506 int hl; 5507 char *hp; 5508 char *endp; 5509 int oldoptions = _res.options; 5510 char *mxhosts[MAXMXHOSTS + 1]; 5511 unsigned short mxprefs[MAXMXHOSTS + 1]; 5512 #endif /* NAMED_BIND */ 5513 5514 if (tTd(17, 3)) 5515 sm_dprintf("hostsignature(%s)\n", host); 5516 5517 /* 5518 ** If local delivery (and not remote), just return a constant. 5519 */ 5520 5521 if (bitnset(M_LOCALMAILER, m->m_flags) && 5522 strcmp(m->m_mailer, "[IPC]") != 0 && 5523 !(m->m_argv[0] != NULL && strcmp(m->m_argv[0], "TCP") == 0)) 5524 return "localhost"; 5525 5526 /* 5527 ** Check to see if this uses IPC -- if not, it can't have MX records. 5528 */ 5529 5530 if (strcmp(m->m_mailer, "[IPC]") != 0 || 5531 CurEnv->e_sendmode == SM_DEFER) 5532 { 5533 /* just an ordinary mailer or deferred mode */ 5534 return host; 5535 } 5536 #if NETUNIX 5537 else if (m->m_argv[0] != NULL && 5538 strcmp(m->m_argv[0], "FILE") == 0) 5539 { 5540 /* rendezvous in the file system, no MX records */ 5541 return host; 5542 } 5543 #endif /* NETUNIX */ 5544 5545 /* 5546 ** Look it up in the symbol table. 5547 */ 5548 5549 now = curtime(); 5550 s = stab(host, ST_HOSTSIG, ST_ENTER); 5551 if (s->s_hostsig.hs_sig != NULL) 5552 { 5553 if (s->s_hostsig.hs_exp >= now) 5554 { 5555 if (tTd(17, 3)) 5556 sm_dprintf("hostsignature(): stab(%s) found %s\n", host, 5557 s->s_hostsig.hs_sig); 5558 return s->s_hostsig.hs_sig; 5559 } 5560 5561 /* signature is expired: clear it */ 5562 sm_free(s->s_hostsig.hs_sig); 5563 s->s_hostsig.hs_sig = NULL; 5564 } 5565 5566 /* set default TTL */ 5567 s->s_hostsig.hs_exp = now + SM_DEFAULT_TTL; 5568 5569 /* 5570 ** Not already there or expired -- create a signature. 5571 */ 5572 5573 #if NAMED_BIND 5574 if (ConfigLevel < 2) 5575 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */ 5576 5577 for (hp = host; hp != NULL; hp = endp) 5578 { 5579 #if NETINET6 5580 if (*hp == '[') 5581 { 5582 endp = strchr(hp + 1, ']'); 5583 if (endp != NULL) 5584 endp = strpbrk(endp + 1, ":,"); 5585 } 5586 else 5587 endp = strpbrk(hp, ":,"); 5588 #else /* NETINET6 */ 5589 endp = strpbrk(hp, ":,"); 5590 #endif /* NETINET6 */ 5591 if (endp != NULL) 5592 { 5593 sep = *endp; 5594 *endp = '\0'; 5595 } 5596 5597 if (bitnset(M_NOMX, m->m_flags)) 5598 { 5599 /* skip MX lookups */ 5600 nmx = 1; 5601 mxhosts[0] = hp; 5602 } 5603 else 5604 { 5605 auto int rcode; 5606 int ttl; 5607 5608 nmx = getmxrr(hp, mxhosts, mxprefs, true, &rcode, true, 5609 &ttl); 5610 if (nmx <= 0) 5611 { 5612 int save_errno; 5613 register MCI *mci; 5614 5615 /* update the connection info for this host */ 5616 save_errno = errno; 5617 mci = mci_get(hp, m); 5618 mci->mci_errno = save_errno; 5619 mci->mci_herrno = h_errno; 5620 mci->mci_lastuse = now; 5621 if (rcode == EX_NOHOST) 5622 mci_setstat(mci, rcode, "5.1.2", 5623 "550 Host unknown"); 5624 else 5625 mci_setstat(mci, rcode, NULL, NULL); 5626 5627 /* use the original host name as signature */ 5628 nmx = 1; 5629 mxhosts[0] = hp; 5630 } 5631 if (tTd(17, 3)) 5632 sm_dprintf("hostsignature(): getmxrr() returned %d, mxhosts[0]=%s\n", 5633 nmx, mxhosts[0]); 5634 5635 /* 5636 ** Set new TTL: we use only one! 5637 ** We could try to use the minimum instead. 5638 */ 5639 5640 s->s_hostsig.hs_exp = now + SM_MIN(ttl, SM_DEFAULT_TTL); 5641 } 5642 5643 len = 0; 5644 for (i = 0; i < nmx; i++) 5645 len += strlen(mxhosts[i]) + 1; 5646 if (s->s_hostsig.hs_sig != NULL) 5647 len += strlen(s->s_hostsig.hs_sig) + 1; 5648 if (len < 0 || len >= MAXHOSTSIGNATURE) 5649 { 5650 sm_syslog(LOG_WARNING, NOQID, "hostsignature for host '%s' exceeds maxlen (%d): %d", 5651 host, MAXHOSTSIGNATURE, len); 5652 len = MAXHOSTSIGNATURE; 5653 } 5654 p = sm_pmalloc_x(len); 5655 if (s->s_hostsig.hs_sig != NULL) 5656 { 5657 (void) sm_strlcpy(p, s->s_hostsig.hs_sig, len); 5658 sm_free(s->s_hostsig.hs_sig); /* XXX */ 5659 s->s_hostsig.hs_sig = p; 5660 hl = strlen(p); 5661 p += hl; 5662 *p++ = prevsep; 5663 len -= hl + 1; 5664 } 5665 else 5666 s->s_hostsig.hs_sig = p; 5667 for (i = 0; i < nmx; i++) 5668 { 5669 hl = strlen(mxhosts[i]); 5670 if (len - 1 < hl || len <= 1) 5671 { 5672 /* force to drop out of outer loop */ 5673 len = -1; 5674 break; 5675 } 5676 if (i != 0) 5677 { 5678 if (mxprefs[i] == mxprefs[i - 1]) 5679 *p++ = ','; 5680 else 5681 *p++ = ':'; 5682 len--; 5683 } 5684 (void) sm_strlcpy(p, mxhosts[i], len); 5685 p += hl; 5686 len -= hl; 5687 } 5688 5689 /* 5690 ** break out of loop if len exceeded MAXHOSTSIGNATURE 5691 ** because we won't have more space for further hosts 5692 ** anyway (separated by : in the .cf file). 5693 */ 5694 5695 if (len < 0) 5696 break; 5697 if (endp != NULL) 5698 *endp++ = sep; 5699 prevsep = sep; 5700 } 5701 makelower(s->s_hostsig.hs_sig); 5702 if (ConfigLevel < 2) 5703 _res.options = oldoptions; 5704 #else /* NAMED_BIND */ 5705 /* not using BIND -- the signature is just the host name */ 5706 /* 5707 ** 'host' points to storage that will be freed after we are 5708 ** done processing the current envelope, so we copy it. 5709 */ 5710 s->s_hostsig.hs_sig = sm_pstrdup_x(host); 5711 #endif /* NAMED_BIND */ 5712 if (tTd(17, 1)) 5713 sm_dprintf("hostsignature(%s) = %s\n", host, s->s_hostsig.hs_sig); 5714 return s->s_hostsig.hs_sig; 5715 } 5716 /* 5717 ** PARSE_HOSTSIGNATURE -- parse the "signature" and return MX host array. 5718 ** 5719 ** The signature describes how we are going to send this -- it 5720 ** can be just the hostname (for non-Internet hosts) or can be 5721 ** an ordered list of MX hosts which must be randomized for equal 5722 ** MX preference values. 5723 ** 5724 ** Parameters: 5725 ** sig -- the host signature. 5726 ** mxhosts -- array to populate. 5727 ** mailer -- mailer. 5728 ** 5729 ** Returns: 5730 ** The number of hosts inserted into mxhosts array. 5731 ** 5732 ** Side Effects: 5733 ** Randomizes equal MX preference hosts in mxhosts. 5734 */ 5735 5736 static int 5737 parse_hostsignature(sig, mxhosts, mailer) 5738 char *sig; 5739 char **mxhosts; 5740 MAILER *mailer; 5741 { 5742 unsigned short curpref = 0; 5743 int nmx = 0, i, j; /* NOTE: i, j, and nmx must have same type */ 5744 char *hp, *endp; 5745 unsigned short prefer[MAXMXHOSTS]; 5746 long rndm[MAXMXHOSTS]; 5747 5748 for (hp = sig; hp != NULL; hp = endp) 5749 { 5750 char sep = ':'; 5751 5752 #if NETINET6 5753 if (*hp == '[') 5754 { 5755 endp = strchr(hp + 1, ']'); 5756 if (endp != NULL) 5757 endp = strpbrk(endp + 1, ":,"); 5758 } 5759 else 5760 endp = strpbrk(hp, ":,"); 5761 #else /* NETINET6 */ 5762 endp = strpbrk(hp, ":,"); 5763 #endif /* NETINET6 */ 5764 if (endp != NULL) 5765 { 5766 sep = *endp; 5767 *endp = '\0'; 5768 } 5769 5770 mxhosts[nmx] = hp; 5771 prefer[nmx] = curpref; 5772 if (mci_match(hp, mailer)) 5773 rndm[nmx] = 0; 5774 else 5775 rndm[nmx] = get_random(); 5776 5777 if (endp != NULL) 5778 { 5779 /* 5780 ** Since we don't have the original MX prefs, 5781 ** make our own. If the separator is a ':', that 5782 ** means the preference for the next host will be 5783 ** higher than this one, so simply increment curpref. 5784 */ 5785 5786 if (sep == ':') 5787 curpref++; 5788 5789 *endp++ = sep; 5790 } 5791 if (++nmx >= MAXMXHOSTS) 5792 break; 5793 } 5794 5795 /* sort the records using the random factor for equal preferences */ 5796 for (i = 0; i < nmx; i++) 5797 { 5798 for (j = i + 1; j < nmx; j++) 5799 { 5800 /* 5801 ** List is already sorted by MX preference, only 5802 ** need to look for equal preference MX records 5803 */ 5804 5805 if (prefer[i] < prefer[j]) 5806 break; 5807 5808 if (prefer[i] > prefer[j] || 5809 (prefer[i] == prefer[j] && rndm[i] > rndm[j])) 5810 { 5811 register unsigned short tempp; 5812 register long tempr; 5813 register char *temp1; 5814 5815 tempp = prefer[i]; 5816 prefer[i] = prefer[j]; 5817 prefer[j] = tempp; 5818 temp1 = mxhosts[i]; 5819 mxhosts[i] = mxhosts[j]; 5820 mxhosts[j] = temp1; 5821 tempr = rndm[i]; 5822 rndm[i] = rndm[j]; 5823 rndm[j] = tempr; 5824 } 5825 } 5826 } 5827 return nmx; 5828 } 5829 5830 # if STARTTLS 5831 static SSL_CTX *clt_ctx = NULL; 5832 static bool tls_ok_clt = true; 5833 5834 /* 5835 ** SETCLTTLS -- client side TLS: allow/disallow. 5836 ** 5837 ** Parameters: 5838 ** tls_ok -- should tls be done? 5839 ** 5840 ** Returns: 5841 ** none. 5842 ** 5843 ** Side Effects: 5844 ** sets tls_ok_clt (static variable in this module) 5845 */ 5846 5847 void 5848 setclttls(tls_ok) 5849 bool tls_ok; 5850 { 5851 tls_ok_clt = tls_ok; 5852 return; 5853 } 5854 /* 5855 ** INITCLTTLS -- initialize client side TLS 5856 ** 5857 ** Parameters: 5858 ** tls_ok -- should tls initialization be done? 5859 ** 5860 ** Returns: 5861 ** succeeded? 5862 ** 5863 ** Side Effects: 5864 ** sets tls_ok_clt (static variable in this module) 5865 */ 5866 5867 bool 5868 initclttls(tls_ok) 5869 bool tls_ok; 5870 { 5871 if (!tls_ok_clt) 5872 return false; 5873 tls_ok_clt = tls_ok; 5874 if (!tls_ok_clt) 5875 return false; 5876 if (clt_ctx != NULL) 5877 return true; /* already done */ 5878 tls_ok_clt = inittls(&clt_ctx, TLS_I_CLT, false, CltCERTfile, 5879 Cltkeyfile, CACERTpath, CACERTfile, DHParams); 5880 return tls_ok_clt; 5881 } 5882 5883 /* 5884 ** STARTTLS -- try to start secure connection (client side) 5885 ** 5886 ** Parameters: 5887 ** m -- the mailer. 5888 ** mci -- the mailer connection info. 5889 ** e -- the envelope. 5890 ** 5891 ** Returns: 5892 ** success? 5893 ** (maybe this should be some other code than EX_ 5894 ** that denotes which stage failed.) 5895 */ 5896 5897 static int 5898 starttls(m, mci, e) 5899 MAILER *m; 5900 MCI *mci; 5901 ENVELOPE *e; 5902 { 5903 int smtpresult; 5904 int result = 0; 5905 int rfd, wfd; 5906 SSL *clt_ssl = NULL; 5907 time_t tlsstart; 5908 5909 if (clt_ctx == NULL && !initclttls(true)) 5910 return EX_TEMPFAIL; 5911 smtpmessage("STARTTLS", m, mci); 5912 5913 /* get the reply */ 5914 smtpresult = reply(m, mci, e, TimeOuts.to_starttls, NULL, NULL); 5915 5916 /* check return code from server */ 5917 if (smtpresult == 454) 5918 return EX_TEMPFAIL; 5919 if (smtpresult == 501) 5920 return EX_USAGE; 5921 if (smtpresult == -1) 5922 return smtpresult; 5923 if (smtpresult != 220) 5924 return EX_PROTOCOL; 5925 5926 if (LogLevel > 13) 5927 sm_syslog(LOG_INFO, NOQID, "STARTTLS=client, start=ok"); 5928 5929 /* start connection */ 5930 if ((clt_ssl = SSL_new(clt_ctx)) == NULL) 5931 { 5932 if (LogLevel > 5) 5933 { 5934 sm_syslog(LOG_ERR, NOQID, 5935 "STARTTLS=client, error: SSL_new failed"); 5936 if (LogLevel > 9) 5937 tlslogerr("client"); 5938 } 5939 return EX_SOFTWARE; 5940 } 5941 5942 rfd = sm_io_getinfo(mci->mci_in, SM_IO_WHAT_FD, NULL); 5943 wfd = sm_io_getinfo(mci->mci_out, SM_IO_WHAT_FD, NULL); 5944 5945 /* SSL_clear(clt_ssl); ? */ 5946 if (rfd < 0 || wfd < 0 || 5947 (result = SSL_set_rfd(clt_ssl, rfd)) != 1 || 5948 (result = SSL_set_wfd(clt_ssl, wfd)) != 1) 5949 { 5950 if (LogLevel > 5) 5951 { 5952 sm_syslog(LOG_ERR, NOQID, 5953 "STARTTLS=client, error: SSL_set_xfd failed=%d", 5954 result); 5955 if (LogLevel > 9) 5956 tlslogerr("client"); 5957 } 5958 return EX_SOFTWARE; 5959 } 5960 SSL_set_connect_state(clt_ssl); 5961 tlsstart = curtime(); 5962 5963 ssl_retry: 5964 if ((result = SSL_connect(clt_ssl)) <= 0) 5965 { 5966 int i; 5967 bool timedout; 5968 time_t left; 5969 time_t now = curtime(); 5970 struct timeval tv; 5971 5972 /* what to do in this case? */ 5973 i = SSL_get_error(clt_ssl, result); 5974 5975 /* 5976 ** For SSL_ERROR_WANT_{READ,WRITE}: 5977 ** There is not a complete SSL record available yet 5978 ** or there is only a partial SSL record removed from 5979 ** the network (socket) buffer into the SSL buffer. 5980 ** The SSL_connect will only succeed when a full 5981 ** SSL record is available (assuming a "real" error 5982 ** doesn't happen). To handle when a "real" error 5983 ** does happen the select is set for exceptions too. 5984 ** The connection may be re-negotiated during this time 5985 ** so both read and write "want errors" need to be handled. 5986 ** A select() exception loops back so that a proper SSL 5987 ** error message can be gotten. 5988 */ 5989 5990 left = TimeOuts.to_starttls - (now - tlsstart); 5991 timedout = left <= 0; 5992 if (!timedout) 5993 { 5994 tv.tv_sec = left; 5995 tv.tv_usec = 0; 5996 } 5997 5998 if (!timedout && i == SSL_ERROR_WANT_READ) 5999 { 6000 fd_set ssl_maskr, ssl_maskx; 6001 6002 FD_ZERO(&ssl_maskr); 6003 FD_SET(rfd, &ssl_maskr); 6004 FD_ZERO(&ssl_maskx); 6005 FD_SET(rfd, &ssl_maskx); 6006 if (select(rfd + 1, &ssl_maskr, NULL, &ssl_maskx, &tv) 6007 > 0) 6008 goto ssl_retry; 6009 } 6010 if (!timedout && i == SSL_ERROR_WANT_WRITE) 6011 { 6012 fd_set ssl_maskw, ssl_maskx; 6013 6014 FD_ZERO(&ssl_maskw); 6015 FD_SET(wfd, &ssl_maskw); 6016 FD_ZERO(&ssl_maskx); 6017 FD_SET(rfd, &ssl_maskx); 6018 if (select(wfd + 1, NULL, &ssl_maskw, &ssl_maskx, &tv) 6019 > 0) 6020 goto ssl_retry; 6021 } 6022 if (LogLevel > 5) 6023 { 6024 sm_syslog(LOG_ERR, e->e_id, 6025 "STARTTLS=client, error: connect failed=%d, SSL_error=%d, timedout=%d", 6026 result, i, (int) timedout); 6027 if (LogLevel > 8) 6028 tlslogerr("client"); 6029 } 6030 SSL_free(clt_ssl); 6031 clt_ssl = NULL; 6032 return EX_SOFTWARE; 6033 } 6034 mci->mci_ssl = clt_ssl; 6035 result = tls_get_info(mci->mci_ssl, false, mci->mci_host, 6036 &mci->mci_macro, true); 6037 6038 /* switch to use TLS... */ 6039 if (sfdctls(&mci->mci_in, &mci->mci_out, mci->mci_ssl) == 0) 6040 return EX_OK; 6041 6042 /* failure */ 6043 SSL_free(clt_ssl); 6044 clt_ssl = NULL; 6045 return EX_SOFTWARE; 6046 } 6047 /* 6048 ** ENDTLSCLT -- shutdown secure connection (client side) 6049 ** 6050 ** Parameters: 6051 ** mci -- the mailer connection info. 6052 ** 6053 ** Returns: 6054 ** success? 6055 */ 6056 6057 static int 6058 endtlsclt(mci) 6059 MCI *mci; 6060 { 6061 int r; 6062 6063 if (!bitset(MCIF_TLSACT, mci->mci_flags)) 6064 return EX_OK; 6065 r = endtls(mci->mci_ssl, "client"); 6066 mci->mci_flags &= ~MCIF_TLSACT; 6067 return r; 6068 } 6069 # endif /* STARTTLS */ 6070 # if STARTTLS || SASL 6071 /* 6072 ** ISCLTFLGSET -- check whether client flag is set. 6073 ** 6074 ** Parameters: 6075 ** e -- envelope. 6076 ** flag -- flag to check in {client_flags} 6077 ** 6078 ** Returns: 6079 ** true iff flag is set. 6080 */ 6081 6082 static bool 6083 iscltflgset(e, flag) 6084 ENVELOPE *e; 6085 int flag; 6086 { 6087 char *p; 6088 6089 p = macvalue(macid("{client_flags}"), e); 6090 if (p == NULL) 6091 return false; 6092 for (; *p != '\0'; p++) 6093 { 6094 /* look for just this one flag */ 6095 if (*p == (char) flag) 6096 return true; 6097 } 6098 return false; 6099 } 6100 # endif /* STARTTLS || SASL */ 6101