xref: /illumos-gate/usr/src/cmd/sendmail/src/savemail.c (revision 1a220b56b93ff1dc80855691548503117af4cc10)
1 /*
2  * Copyright (c) 1998-2003, 2006 Sendmail, Inc. and its suppliers.
3  *	All rights reserved.
4  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
5  * Copyright (c) 1988, 1993
6  *	The Regents of the University of California.  All rights reserved.
7  *
8  * By using this file, you agree to the terms and conditions set
9  * forth in the LICENSE file which can be found at the top level of
10  * the sendmail distribution.
11  *
12  */
13 
14 #pragma ident	"%Z%%M%	%I%	%E% SMI"
15 
16 #include <sendmail.h>
17 
18 SM_RCSID("@(#)$Id: savemail.c,v 8.308 2006/04/18 01:31:33 ca Exp $")
19 
20 static bool	errbody __P((MCI *, ENVELOPE *, char *));
21 static bool	pruneroute __P((char *));
22 
23 /*
24 **  SAVEMAIL -- Save mail on error
25 **
26 **	If mailing back errors, mail it back to the originator
27 **	together with an error message; otherwise, just put it in
28 **	dead.letter in the user's home directory (if he exists on
29 **	this machine).
30 **
31 **	Parameters:
32 **		e -- the envelope containing the message in error.
33 **		sendbody -- if true, also send back the body of the
34 **			message; otherwise just send the header.
35 **
36 **	Returns:
37 **		true if savemail panic'ed, (i.e., the data file should
38 **		be preserved by dropenvelope())
39 **
40 **	Side Effects:
41 **		Saves the letter, by writing or mailing it back to the
42 **		sender, or by putting it in dead.letter in her home
43 **		directory.
44 */
45 
46 /* defines for state machine */
47 #define ESM_REPORT		0	/* report to sender's terminal */
48 #define ESM_MAIL		1	/* mail back to sender */
49 #define ESM_QUIET		2	/* mail has already been returned */
50 #define ESM_DEADLETTER		3	/* save in ~/dead.letter */
51 #define ESM_POSTMASTER		4	/* return to postmaster */
52 #define ESM_DEADLETTERDROP	5	/* save in DeadLetterDrop */
53 #define ESM_PANIC		6	/* call loseqfile() */
54 #define ESM_DONE		7	/* message is successfully delivered */
55 
56 bool
57 savemail(e, sendbody)
58 	register ENVELOPE *e;
59 	bool sendbody;
60 {
61 	register SM_FILE_T *fp;
62 	bool panic = false;
63 	int state;
64 	auto ADDRESS *q = NULL;
65 	register char *p;
66 	MCI mcibuf;
67 	int flags;
68 	long sff;
69 	char buf[MAXLINE + 1];
70 	char dlbuf[MAXPATHLEN];
71 	SM_MBDB_T user;
72 
73 
74 	if (tTd(6, 1))
75 	{
76 		sm_dprintf("\nsavemail, errormode = %c, id = %s, ExitStat = %d\n  e_from=",
77 			e->e_errormode, e->e_id == NULL ? "NONE" : e->e_id,
78 			ExitStat);
79 		printaddr(sm_debug_file(), &e->e_from, false);
80 	}
81 
82 	if (e->e_id == NULL)
83 	{
84 		/* can't return a message with no id */
85 		return panic;
86 	}
87 
88 	/*
89 	**  In the unhappy event we don't know who to return the mail
90 	**  to, make someone up.
91 	*/
92 
93 	if (e->e_from.q_paddr == NULL)
94 	{
95 		e->e_sender = "Postmaster";
96 		if (parseaddr(e->e_sender, &e->e_from,
97 			      RF_COPYPARSE|RF_SENDERADDR,
98 			      '\0', NULL, e, false) == NULL)
99 		{
100 			syserr("553 5.3.5 Cannot parse Postmaster!");
101 			finis(true, true, EX_SOFTWARE);
102 		}
103 	}
104 	e->e_to = NULL;
105 
106 	/*
107 	**  Basic state machine.
108 	**
109 	**	This machine runs through the following states:
110 	**
111 	**	ESM_QUIET	Errors have already been printed iff the
112 	**			sender is local.
113 	**	ESM_REPORT	Report directly to the sender's terminal.
114 	**	ESM_MAIL	Mail response to the sender.
115 	**	ESM_DEADLETTER	Save response in ~/dead.letter.
116 	**	ESM_POSTMASTER	Mail response to the postmaster.
117 	**	ESM_DEADLETTERDROP
118 	**			If DeadLetterDrop set, save it there.
119 	**	ESM_PANIC	Save response anywhere possible.
120 	*/
121 
122 	/* determine starting state */
123 	switch (e->e_errormode)
124 	{
125 	  case EM_WRITE:
126 		state = ESM_REPORT;
127 		break;
128 
129 	  case EM_BERKNET:
130 	  case EM_MAIL:
131 		state = ESM_MAIL;
132 		break;
133 
134 	  case EM_PRINT:
135 	  case '\0':
136 		state = ESM_QUIET;
137 		break;
138 
139 	  case EM_QUIET:
140 		/* no need to return anything at all */
141 		return panic;
142 
143 	  default:
144 		syserr("554 5.3.0 savemail: bogus errormode x%x",
145 		       e->e_errormode);
146 		state = ESM_MAIL;
147 		break;
148 	}
149 
150 	/* if this is already an error response, send to postmaster */
151 	if (bitset(EF_RESPONSE, e->e_flags))
152 	{
153 		if (e->e_parent != NULL &&
154 		    bitset(EF_RESPONSE, e->e_parent->e_flags))
155 		{
156 			/* got an error sending a response -- can it */
157 			return panic;
158 		}
159 		state = ESM_POSTMASTER;
160 	}
161 
162 	while (state != ESM_DONE)
163 	{
164 		if (tTd(6, 5))
165 			sm_dprintf("  state %d\n", state);
166 
167 		switch (state)
168 		{
169 		  case ESM_QUIET:
170 			if (bitnset(M_LOCALMAILER, e->e_from.q_mailer->m_flags))
171 				state = ESM_DEADLETTER;
172 			else
173 				state = ESM_MAIL;
174 			break;
175 
176 		  case ESM_REPORT:
177 
178 			/*
179 			**  If the user is still logged in on the same terminal,
180 			**  then write the error messages back to hir (sic).
181 			*/
182 
183 #if USE_TTYPATH
184 			p = ttypath();
185 #else /* USE_TTYPATH */
186 			p = NULL;
187 #endif /* USE_TTYPATH */
188 
189 			if (p == NULL || sm_io_reopen(SmFtStdio,
190 						      SM_TIME_DEFAULT,
191 						      p, SM_IO_WRONLY, NULL,
192 						      smioout) == NULL)
193 			{
194 				state = ESM_MAIL;
195 				break;
196 			}
197 
198 			expand("\201n", buf, sizeof buf, e);
199 			(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
200 					     "\r\nMessage from %s...\r\n", buf);
201 			(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
202 					     "Errors occurred while sending mail.\r\n");
203 			if (e->e_xfp != NULL)
204 			{
205 				(void) bfrewind(e->e_xfp);
206 				(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
207 						     "Transcript follows:\r\n");
208 				while (sm_io_fgets(e->e_xfp, SM_TIME_DEFAULT,
209 						   buf, sizeof buf) != NULL &&
210 				       !sm_io_error(smioout))
211 					(void) sm_io_fputs(smioout,
212 							   SM_TIME_DEFAULT,
213 							   buf);
214 			}
215 			else
216 			{
217 				syserr("Cannot open %s",
218 				       queuename(e, XSCRPT_LETTER));
219 				(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
220 						     "Transcript of session is unavailable.\r\n");
221 			}
222 			(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
223 					     "Original message will be saved in dead.letter.\r\n");
224 			state = ESM_DEADLETTER;
225 			break;
226 
227 		  case ESM_MAIL:
228 			/*
229 			**  If mailing back, do it.
230 			**	Throw away all further output.  Don't alias,
231 			**	since this could cause loops, e.g., if joe
232 			**	mails to joe@x, and for some reason the network
233 			**	for @x is down, then the response gets sent to
234 			**	joe@x, which gives a response, etc.  Also force
235 			**	the mail to be delivered even if a version of
236 			**	it has already been sent to the sender.
237 			**
238 			**  If this is a configuration or local software
239 			**	error, send to the local postmaster as well,
240 			**	since the originator can't do anything
241 			**	about it anyway.  Note that this is a full
242 			**	copy of the message (intentionally) so that
243 			**	the Postmaster can forward things along.
244 			*/
245 
246 			if (ExitStat == EX_CONFIG || ExitStat == EX_SOFTWARE)
247 			{
248 				(void) sendtolist("postmaster", NULLADDR,
249 						  &e->e_errorqueue, 0, e);
250 			}
251 			if (!emptyaddr(&e->e_from))
252 			{
253 				char from[TOBUFSIZE];
254 
255 				if (sm_strlcpy(from, e->e_from.q_paddr,
256 						sizeof from) >= sizeof from)
257 				{
258 					state = ESM_POSTMASTER;
259 					break;
260 				}
261 
262 				if (!DontPruneRoutes)
263 					(void) pruneroute(from);
264 
265 				(void) sendtolist(from, NULLADDR,
266 						  &e->e_errorqueue, 0, e);
267 			}
268 
269 			/*
270 			**  Deliver a non-delivery report to the
271 			**  Postmaster-designate (not necessarily
272 			**  Postmaster).  This does not include the
273 			**  body of the message, for privacy reasons.
274 			**  You really shouldn't need this.
275 			*/
276 
277 			e->e_flags |= EF_PM_NOTIFY;
278 
279 			/* check to see if there are any good addresses */
280 			for (q = e->e_errorqueue; q != NULL; q = q->q_next)
281 			{
282 				if (QS_IS_SENDABLE(q->q_state))
283 					break;
284 			}
285 			if (q == NULL)
286 			{
287 				/* this is an error-error */
288 				state = ESM_POSTMASTER;
289 				break;
290 			}
291 			if (returntosender(e->e_message, e->e_errorqueue,
292 					   sendbody ? RTSF_SEND_BODY
293 						    : RTSF_NO_BODY,
294 					   e) == 0)
295 			{
296 				state = ESM_DONE;
297 				break;
298 			}
299 
300 			/* didn't work -- return to postmaster */
301 			state = ESM_POSTMASTER;
302 			break;
303 
304 		  case ESM_POSTMASTER:
305 			/*
306 			**  Similar to previous case, but to system postmaster.
307 			*/
308 
309 			q = NULL;
310 			expand(DoubleBounceAddr, buf, sizeof buf, e);
311 
312 			/*
313 			**  Just drop it on the floor if DoubleBounceAddr
314 			**  expands to an empty string.
315 			*/
316 
317 			if (*buf == '\0')
318 			{
319 				state = ESM_DONE;
320 				break;
321 			}
322 			if (sendtolist(buf, NULLADDR, &q, 0, e) <= 0)
323 			{
324 				syserr("553 5.3.0 cannot parse %s!", buf);
325 				ExitStat = EX_SOFTWARE;
326 				state = ESM_DEADLETTERDROP;
327 				break;
328 			}
329 			flags = RTSF_PM_BOUNCE;
330 			if (sendbody)
331 				flags |= RTSF_SEND_BODY;
332 			if (returntosender(e->e_message, q, flags, e) == 0)
333 			{
334 				state = ESM_DONE;
335 				break;
336 			}
337 
338 			/* didn't work -- last resort */
339 			state = ESM_DEADLETTERDROP;
340 			break;
341 
342 		  case ESM_DEADLETTER:
343 			/*
344 			**  Save the message in dead.letter.
345 			**	If we weren't mailing back, and the user is
346 			**	local, we should save the message in
347 			**	~/dead.letter so that the poor person doesn't
348 			**	have to type it over again -- and we all know
349 			**	what poor typists UNIX users are.
350 			*/
351 
352 			p = NULL;
353 			if (bitnset(M_HASPWENT, e->e_from.q_mailer->m_flags))
354 			{
355 				if (e->e_from.q_home != NULL)
356 					p = e->e_from.q_home;
357 				else if (sm_mbdb_lookup(e->e_from.q_user, &user)
358 					 == EX_OK &&
359 					 *user.mbdb_homedir != '\0')
360 					p = user.mbdb_homedir;
361 			}
362 			if (p == NULL || e->e_dfp == NULL)
363 			{
364 				/* no local directory or no data file */
365 				state = ESM_MAIL;
366 				break;
367 			}
368 
369 			/* we have a home directory; write dead.letter */
370 			macdefine(&e->e_macro, A_TEMP, 'z', p);
371 
372 			/* get the sender for the UnixFromLine */
373 			p = macvalue('g', e);
374 			macdefine(&e->e_macro, A_PERM, 'g', e->e_sender);
375 
376 			expand("\201z/dead.letter", dlbuf, sizeof dlbuf, e);
377 			sff = SFF_CREAT|SFF_REGONLY|SFF_RUNASREALUID;
378 			if (RealUid == 0)
379 				sff |= SFF_ROOTOK;
380 			e->e_to = dlbuf;
381 			if (writable(dlbuf, NULL, sff) &&
382 			    mailfile(dlbuf, FileMailer, NULL, sff, e) == EX_OK)
383 			{
384 				int oldverb = Verbose;
385 
386 				if (OpMode != MD_DAEMON && OpMode != MD_SMTP)
387 					Verbose = 1;
388 				if (Verbose > 0)
389 					message("Saved message in %s", dlbuf);
390 				Verbose = oldverb;
391 				macdefine(&e->e_macro, A_PERM, 'g', p);
392 				state = ESM_DONE;
393 				break;
394 			}
395 			macdefine(&e->e_macro, A_PERM, 'g', p);
396 			state = ESM_MAIL;
397 			break;
398 
399 		  case ESM_DEADLETTERDROP:
400 			/*
401 			**  Log the mail in DeadLetterDrop file.
402 			*/
403 
404 			if (e->e_class < 0)
405 			{
406 				state = ESM_DONE;
407 				break;
408 			}
409 
410 			if ((SafeFileEnv != NULL && SafeFileEnv[0] != '\0') ||
411 			    DeadLetterDrop == NULL ||
412 			    DeadLetterDrop[0] == '\0')
413 			{
414 				state = ESM_PANIC;
415 				break;
416 			}
417 
418 			sff = SFF_CREAT|SFF_REGONLY|SFF_ROOTOK|SFF_OPENASROOT|SFF_MUSTOWN;
419 			if (!writable(DeadLetterDrop, NULL, sff) ||
420 			    (fp = safefopen(DeadLetterDrop, O_WRONLY|O_APPEND,
421 					    FileMode, sff)) == NULL)
422 			{
423 				state = ESM_PANIC;
424 				break;
425 			}
426 
427 			memset(&mcibuf, '\0', sizeof mcibuf);
428 			mcibuf.mci_out = fp;
429 			mcibuf.mci_mailer = FileMailer;
430 			if (bitnset(M_7BITS, FileMailer->m_flags))
431 				mcibuf.mci_flags |= MCIF_7BIT;
432 
433 			/* get the sender for the UnixFromLine */
434 			p = macvalue('g', e);
435 			macdefine(&e->e_macro, A_PERM, 'g', e->e_sender);
436 
437 			if (!putfromline(&mcibuf, e) ||
438 			    !(*e->e_puthdr)(&mcibuf, e->e_header, e,
439 					M87F_OUTER) ||
440 			    !(*e->e_putbody)(&mcibuf, e, NULL) ||
441 			    !putline("\n", &mcibuf) ||
442 			    sm_io_flush(fp, SM_TIME_DEFAULT) == SM_IO_EOF ||
443 			    sm_io_error(fp) ||
444 			    sm_io_close(fp, SM_TIME_DEFAULT) < 0)
445 				state = ESM_PANIC;
446 			else
447 			{
448 				int oldverb = Verbose;
449 
450 				if (OpMode != MD_DAEMON && OpMode != MD_SMTP)
451 					Verbose = 1;
452 				if (Verbose > 0)
453 					message("Saved message in %s",
454 						DeadLetterDrop);
455 				Verbose = oldverb;
456 				if (LogLevel > 3)
457 					sm_syslog(LOG_NOTICE, e->e_id,
458 						  "Saved message in %s",
459 						  DeadLetterDrop);
460 				state = ESM_DONE;
461 			}
462 			macdefine(&e->e_macro, A_PERM, 'g', p);
463 			break;
464 
465 		  default:
466 			syserr("554 5.3.5 savemail: unknown state %d", state);
467 			/* FALLTHROUGH */
468 
469 		  case ESM_PANIC:
470 			/* leave the locked queue & transcript files around */
471 			loseqfile(e, "savemail panic");
472 			panic = true;
473 			errno = 0;
474 			syserr("554 savemail: cannot save rejected email anywhere");
475 			state = ESM_DONE;
476 			break;
477 		}
478 	}
479 	return panic;
480 }
481 /*
482 **  RETURNTOSENDER -- return a message to the sender with an error.
483 **
484 **	Parameters:
485 **		msg -- the explanatory message.
486 **		returnq -- the queue of people to send the message to.
487 **		flags -- flags tweaking the operation:
488 **			RTSF_SENDBODY -- include body of message (otherwise
489 **				just send the header).
490 **			RTSF_PMBOUNCE -- this is a postmaster bounce.
491 **		e -- the current envelope.
492 **
493 **	Returns:
494 **		zero -- if everything went ok.
495 **		else -- some error.
496 **
497 **	Side Effects:
498 **		Returns the current message to the sender via mail.
499 */
500 
501 #define MAXRETURNS	6	/* max depth of returning messages */
502 #define ERRORFUDGE	1024	/* nominal size of error message text */
503 
504 int
505 returntosender(msg, returnq, flags, e)
506 	char *msg;
507 	ADDRESS *returnq;
508 	int flags;
509 	register ENVELOPE *e;
510 {
511 	register ENVELOPE *ee;
512 	ENVELOPE *oldcur = CurEnv;
513 	ENVELOPE errenvelope;
514 	static int returndepth = 0;
515 	register ADDRESS *q;
516 	char *p;
517 	char buf[MAXNAME + 1];
518 
519 	if (returnq == NULL)
520 		return -1;
521 
522 	if (msg == NULL)
523 		msg = "Unable to deliver mail";
524 
525 	if (tTd(6, 1))
526 	{
527 		sm_dprintf("\n*** Return To Sender: msg=\"%s\", depth=%d, e=%p, returnq=",
528 			msg, returndepth, e);
529 		printaddr(sm_debug_file(), returnq, true);
530 		if (tTd(6, 20))
531 		{
532 			sm_dprintf("Sendq=");
533 			printaddr(sm_debug_file(), e->e_sendqueue, true);
534 		}
535 	}
536 
537 	if (++returndepth >= MAXRETURNS)
538 	{
539 		if (returndepth != MAXRETURNS)
540 			syserr("554 5.3.0 returntosender: infinite recursion on %s",
541 			       returnq->q_paddr);
542 		/* don't "unrecurse" and fake a clean exit */
543 		/* returndepth--; */
544 		return 0;
545 	}
546 
547 	macdefine(&e->e_macro, A_PERM, 'g', e->e_sender);
548 	macdefine(&e->e_macro, A_PERM, 'u', NULL);
549 
550 	/* initialize error envelope */
551 	ee = newenvelope(&errenvelope, e, sm_rpool_new_x(NULL));
552 	macdefine(&ee->e_macro, A_PERM, 'a', "\201b");
553 	macdefine(&ee->e_macro, A_PERM, 'r', "");
554 	macdefine(&ee->e_macro, A_PERM, 's', "localhost");
555 	macdefine(&ee->e_macro, A_PERM, '_', "localhost");
556 	clrsessenvelope(ee);
557 
558 	ee->e_puthdr = putheader;
559 	ee->e_putbody = errbody;
560 	ee->e_flags |= EF_RESPONSE|EF_METOO;
561 	if (!bitset(EF_OLDSTYLE, e->e_flags))
562 		ee->e_flags &= ~EF_OLDSTYLE;
563 	if (bitset(EF_DONT_MIME, e->e_flags))
564 	{
565 		ee->e_flags |= EF_DONT_MIME;
566 
567 		/*
568 		**  If we can't convert to MIME and we don't pass
569 		**  8-bit, we can't send the body.
570 		*/
571 
572 		if (bitset(EF_HAS8BIT, e->e_flags) &&
573 		    !bitset(MM_PASS8BIT, MimeMode))
574 			flags &= ~RTSF_SEND_BODY;
575 	}
576 
577 	ee->e_sendqueue = returnq;
578 	ee->e_msgsize = 0;
579 	if (bitset(RTSF_SEND_BODY, flags) &&
580 	    !bitset(PRIV_NOBODYRETN, PrivacyFlags))
581 		ee->e_msgsize = ERRORFUDGE + e->e_msgsize;
582 	else
583 		ee->e_flags |= EF_NO_BODY_RETN;
584 
585 	if (!setnewqueue(ee))
586 	{
587 		syserr("554 5.3.0 returntosender: cannot select queue for %s",
588 			       returnq->q_paddr);
589 		ExitStat = EX_UNAVAILABLE;
590 		returndepth--;
591 		return -1;
592 	}
593 	initsys(ee);
594 
595 #if NAMED_BIND
596 	_res.retry = TimeOuts.res_retry[RES_TO_FIRST];
597 	_res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
598 #endif /* NAMED_BIND */
599 	for (q = returnq; q != NULL; q = q->q_next)
600 	{
601 		if (QS_IS_BADADDR(q->q_state))
602 			continue;
603 
604 		q->q_flags &= ~(QHASNOTIFY|Q_PINGFLAGS);
605 		q->q_flags |= QPINGONFAILURE;
606 
607 		if (!QS_IS_DEAD(q->q_state))
608 			ee->e_nrcpts++;
609 
610 		if (q->q_alias == NULL)
611 			addheader("To", q->q_paddr, 0, ee);
612 	}
613 
614 	if (LogLevel > 5)
615 	{
616 		if (bitset(EF_RESPONSE, e->e_flags))
617 			p = "return to sender";
618 		else if (bitset(EF_WARNING, e->e_flags))
619 			p = "sender notify";
620 		else if (bitset(RTSF_PM_BOUNCE, flags))
621 			p = "postmaster notify";
622 		else
623 			p = "DSN";
624 		sm_syslog(LOG_INFO, e->e_id, "%s: %s: %s",
625 			  ee->e_id, p, shortenstring(msg, MAXSHORTSTR));
626 	}
627 
628 	if (SendMIMEErrors)
629 	{
630 		addheader("MIME-Version", "1.0", 0, ee);
631 		(void) sm_snprintf(buf, sizeof buf, "%s.%ld/%.100s",
632 				ee->e_id, (long)curtime(), MyHostName);
633 		ee->e_msgboundary = sm_rpool_strdup_x(ee->e_rpool, buf);
634 		(void) sm_snprintf(buf, sizeof buf,
635 #if DSN
636 				"multipart/report; report-type=delivery-status;\n\tboundary=\"%s\"",
637 #else /* DSN */
638 				"multipart/mixed; boundary=\"%s\"",
639 #endif /* DSN */
640 				ee->e_msgboundary);
641 		addheader("Content-Type", buf, 0, ee);
642 
643 		p = hvalue("Content-Transfer-Encoding", e->e_header);
644 		if (p != NULL && sm_strcasecmp(p, "binary") != 0)
645 			p = NULL;
646 		if (p == NULL && bitset(EF_HAS8BIT, e->e_flags))
647 			p = "8bit";
648 		if (p != NULL)
649 			addheader("Content-Transfer-Encoding", p, 0, ee);
650 	}
651 	if (strncmp(msg, "Warning:", 8) == 0)
652 	{
653 		addheader("Subject", msg, 0, ee);
654 		p = "warning-timeout";
655 	}
656 	else if (strncmp(msg, "Postmaster warning:", 19) == 0)
657 	{
658 		addheader("Subject", msg, 0, ee);
659 		p = "postmaster-warning";
660 	}
661 	else if (strcmp(msg, "Return receipt") == 0)
662 	{
663 		addheader("Subject", msg, 0, ee);
664 		p = "return-receipt";
665 	}
666 	else if (bitset(RTSF_PM_BOUNCE, flags))
667 	{
668 		(void) sm_snprintf(buf, sizeof buf,
669 			 "Postmaster notify: see transcript for details");
670 		addheader("Subject", buf, 0, ee);
671 		p = "postmaster-notification";
672 	}
673 	else
674 	{
675 		(void) sm_snprintf(buf, sizeof buf,
676 			 "Returned mail: see transcript for details");
677 		addheader("Subject", buf, 0, ee);
678 		p = "failure";
679 	}
680 	(void) sm_snprintf(buf, sizeof buf, "auto-generated (%s)", p);
681 	addheader("Auto-Submitted", buf, 0, ee);
682 
683 	/* fake up an address header for the from person */
684 	expand("\201n", buf, sizeof buf, e);
685 	if (parseaddr(buf, &ee->e_from,
686 		      RF_COPYALL|RF_SENDERADDR, '\0', NULL, e, false) == NULL)
687 	{
688 		syserr("553 5.3.5 Can't parse myself!");
689 		ExitStat = EX_SOFTWARE;
690 		returndepth--;
691 		return -1;
692 	}
693 	ee->e_from.q_flags &= ~(QHASNOTIFY|Q_PINGFLAGS);
694 	ee->e_from.q_flags |= QPINGONFAILURE;
695 	ee->e_sender = ee->e_from.q_paddr;
696 
697 	/* push state into submessage */
698 	CurEnv = ee;
699 	macdefine(&ee->e_macro, A_PERM, 'f', "\201n");
700 	macdefine(&ee->e_macro, A_PERM, 'x', "Mail Delivery Subsystem");
701 	eatheader(ee, true, true);
702 
703 	/* mark statistics */
704 	markstats(ee, NULLADDR, STATS_NORMAL);
705 
706 	/* actually deliver the error message */
707 	sendall(ee, SM_DELIVER);
708 
709 	/* restore state */
710 	dropenvelope(ee, true, false);
711 	sm_rpool_free(ee->e_rpool);
712 	CurEnv = oldcur;
713 	returndepth--;
714 
715 	/* check for delivery errors */
716 	if (ee->e_parent == NULL ||
717 	    !bitset(EF_RESPONSE, ee->e_parent->e_flags))
718 		return 0;
719 	for (q = ee->e_sendqueue; q != NULL; q = q->q_next)
720 	{
721 		if (QS_IS_ATTEMPTED(q->q_state))
722 			return 0;
723 	}
724 	return -1;
725 }
726 /*
727 **  ERRBODY -- output the body of an error message.
728 **
729 **	Typically this is a copy of the transcript plus a copy of the
730 **	original offending message.
731 **
732 **	Parameters:
733 **		mci -- the mailer connection information.
734 **		e -- the envelope we are working in.
735 **		separator -- any possible MIME separator (unused).
736 **
737 **	Returns:
738 **		true iff body was written successfully
739 **
740 **	Side Effects:
741 **		Outputs the body of an error message.
742 */
743 
744 /* ARGSUSED2 */
745 static bool
746 errbody(mci, e, separator)
747 	register MCI *mci;
748 	register ENVELOPE *e;
749 	char *separator;
750 {
751 	bool printheader;
752 	bool sendbody;
753 	bool pm_notify;
754 	int save_errno;
755 	register SM_FILE_T *xfile;
756 	char *p;
757 	register ADDRESS *q = NULL;
758 	char actual[MAXLINE];
759 	char buf[MAXLINE];
760 
761 	if (bitset(MCIF_INHEADER, mci->mci_flags))
762 	{
763 		if (!putline("", mci))
764 			goto writeerr;
765 		mci->mci_flags &= ~MCIF_INHEADER;
766 	}
767 	if (e->e_parent == NULL)
768 	{
769 		syserr("errbody: null parent");
770 		if (!putline("   ----- Original message lost -----\n", mci))
771 			goto writeerr;
772 		return true;
773 	}
774 
775 	/*
776 	**  Output MIME header.
777 	*/
778 
779 	if (e->e_msgboundary != NULL)
780 	{
781 		(void) sm_strlcpyn(buf, sizeof buf, 2, "--", e->e_msgboundary);
782 		if (!putline("This is a MIME-encapsulated message", mci) ||
783 		    !putline("", mci) ||
784 		    !putline(buf, mci) ||
785 		    !putline("", mci))
786 			goto writeerr;
787 	}
788 
789 	/*
790 	**  Output introductory information.
791 	*/
792 
793 	pm_notify = false;
794 	p = hvalue("subject", e->e_header);
795 	if (p != NULL && strncmp(p, "Postmaster ", 11) == 0)
796 		pm_notify = true;
797 	else
798 	{
799 		for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next)
800 		{
801 			if (QS_IS_BADADDR(q->q_state))
802 				break;
803 		}
804 	}
805 	if (!pm_notify && q == NULL &&
806 	    !bitset(EF_FATALERRS|EF_SENDRECEIPT, e->e_parent->e_flags))
807 	{
808 		if (!putline("    **********************************************",
809 			mci) ||
810 		    !putline("    **      THIS IS A WARNING MESSAGE ONLY      **",
811 			mci) ||
812 		    !putline("    **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **",
813 			mci) ||
814 		    !putline("    **********************************************",
815 			mci) ||
816 		    !putline("", mci))
817 			goto writeerr;
818 	}
819 	(void) sm_snprintf(buf, sizeof buf,
820 		"The original message was received at %s",
821 		arpadate(ctime(&e->e_parent->e_ctime)));
822 	if (!putline(buf, mci))
823 		goto writeerr;
824 	expand("from \201_", buf, sizeof buf, e->e_parent);
825 	if (!putline(buf, mci))
826 		goto writeerr;
827 
828 	/* include id in postmaster copies */
829 	if (pm_notify && e->e_parent->e_id != NULL)
830 	{
831 		(void) sm_strlcpyn(buf, sizeof buf, 2, "with id ",
832 			e->e_parent->e_id);
833 		if (!putline(buf, mci))
834 			goto writeerr;
835 	}
836 	if (!putline("", mci))
837 		goto writeerr;
838 
839 	/*
840 	**  Output error message header (if specified and available).
841 	*/
842 
843 	if (ErrMsgFile != NULL &&
844 	    !bitset(EF_SENDRECEIPT, e->e_parent->e_flags))
845 	{
846 		if (*ErrMsgFile == '/')
847 		{
848 			long sff = SFF_ROOTOK|SFF_REGONLY;
849 
850 			if (DontLockReadFiles)
851 				sff |= SFF_NOLOCK;
852 			if (!bitnset(DBS_ERRORHEADERINUNSAFEDIRPATH,
853 				     DontBlameSendmail))
854 				sff |= SFF_SAFEDIRPATH;
855 			xfile = safefopen(ErrMsgFile, O_RDONLY, 0444, sff);
856 			if (xfile != NULL)
857 			{
858 				while (sm_io_fgets(xfile, SM_TIME_DEFAULT, buf,
859 						   sizeof buf) != NULL)
860 				{
861 					translate_dollars(buf);
862 					expand(buf, buf, sizeof buf, e);
863 					if (!putline(buf, mci))
864 						goto writeerr;
865 				}
866 				(void) sm_io_close(xfile, SM_TIME_DEFAULT);
867 				if (!putline("\n", mci))
868 					goto writeerr;
869 			}
870 		}
871 		else
872 		{
873 			expand(ErrMsgFile, buf, sizeof buf, e);
874 			if (!putline(buf, mci) || !putline("", mci))
875 				goto writeerr;
876 		}
877 	}
878 
879 	/*
880 	**  Output message introduction
881 	*/
882 
883 	/* permanent fatal errors */
884 	printheader = true;
885 	for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next)
886 	{
887 		if (!QS_IS_BADADDR(q->q_state) ||
888 		    !bitset(QPINGONFAILURE, q->q_flags))
889 			continue;
890 
891 		if (printheader)
892 		{
893 			if (!putline("   ----- The following addresses had permanent fatal errors -----",
894 					mci))
895 				goto writeerr;
896 			printheader = false;
897 		}
898 
899 		(void) sm_strlcpy(buf, shortenstring(q->q_paddr, MAXSHORTSTR),
900 				  sizeof buf);
901 		if (!putline(buf, mci))
902 			goto writeerr;
903 		if (q->q_rstatus != NULL)
904 		{
905 			(void) sm_snprintf(buf, sizeof buf,
906 				"    (reason: %s)",
907 				shortenstring(exitstat(q->q_rstatus),
908 					      MAXSHORTSTR));
909 			if (!putline(buf, mci))
910 				goto writeerr;
911 		}
912 		if (q->q_alias != NULL)
913 		{
914 			(void) sm_snprintf(buf, sizeof buf,
915 				"    (expanded from: %s)",
916 				shortenstring(q->q_alias->q_paddr,
917 					      MAXSHORTSTR));
918 			if (!putline(buf, mci))
919 				goto writeerr;
920 		}
921 	}
922 	if (!printheader && !putline("", mci))
923 		goto writeerr;
924 
925 	/* transient non-fatal errors */
926 	printheader = true;
927 	for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next)
928 	{
929 		if (QS_IS_BADADDR(q->q_state) ||
930 		    !bitset(QPRIMARY, q->q_flags) ||
931 		    !bitset(QBYNDELAY, q->q_flags) ||
932 		    !bitset(QDELAYED, q->q_flags))
933 			continue;
934 
935 		if (printheader)
936 		{
937 			if (!putline("   ----- The following addresses had transient non-fatal errors -----",
938 					mci))
939 				goto writeerr;
940 			printheader = false;
941 		}
942 
943 		(void) sm_strlcpy(buf, shortenstring(q->q_paddr, MAXSHORTSTR),
944 				  sizeof buf);
945 		if (!putline(buf, mci))
946 			goto writeerr;
947 		if (q->q_alias != NULL)
948 		{
949 			(void) sm_snprintf(buf, sizeof buf,
950 				"    (expanded from: %s)",
951 				shortenstring(q->q_alias->q_paddr,
952 					      MAXSHORTSTR));
953 			if (!putline(buf, mci))
954 				goto writeerr;
955 		}
956 	}
957 	if (!printheader && !putline("", mci))
958 		goto writeerr;
959 
960 	/* successful delivery notifications */
961 	printheader = true;
962 	for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next)
963 	{
964 		if (QS_IS_BADADDR(q->q_state) ||
965 		    !bitset(QPRIMARY, q->q_flags) ||
966 		    bitset(QBYNDELAY, q->q_flags) ||
967 		    bitset(QDELAYED, q->q_flags))
968 			continue;
969 		else if (bitset(QBYNRELAY, q->q_flags))
970 			p = "Deliver-By notify: relayed";
971 		else if (bitset(QBYTRACE, q->q_flags))
972 			p = "Deliver-By trace: relayed";
973 		else if (!bitset(QPINGONSUCCESS, q->q_flags))
974 			continue;
975 		else if (bitset(QRELAYED, q->q_flags))
976 			p = "relayed to non-DSN-aware mailer";
977 		else if (bitset(QDELIVERED, q->q_flags))
978 		{
979 			if (bitset(QEXPANDED, q->q_flags))
980 				p = "successfully delivered to mailing list";
981 			else
982 				p = "successfully delivered to mailbox";
983 		}
984 		else if (bitset(QEXPANDED, q->q_flags))
985 			p = "expanded by alias";
986 		else
987 			continue;
988 
989 		if (printheader)
990 		{
991 			if (!putline("   ----- The following addresses had successful delivery notifications -----",
992 					mci))
993 				goto writeerr;
994 			printheader = false;
995 		}
996 
997 		(void) sm_snprintf(buf, sizeof buf, "%s  (%s)",
998 			 shortenstring(q->q_paddr, MAXSHORTSTR), p);
999 		if (!putline(buf, mci))
1000 			goto writeerr;
1001 		if (q->q_alias != NULL)
1002 		{
1003 			(void) sm_snprintf(buf, sizeof buf,
1004 				"    (expanded from: %s)",
1005 				shortenstring(q->q_alias->q_paddr,
1006 					      MAXSHORTSTR));
1007 			if (!putline(buf, mci))
1008 				goto writeerr;
1009 		}
1010 	}
1011 	if (!printheader && !putline("", mci))
1012 		goto writeerr;
1013 
1014 	/*
1015 	**  Output transcript of errors
1016 	*/
1017 
1018 	(void) sm_io_flush(smioout, SM_TIME_DEFAULT);
1019 	if (e->e_parent->e_xfp == NULL)
1020 	{
1021 		if (!putline("   ----- Transcript of session is unavailable -----\n",
1022 				mci))
1023 			goto writeerr;
1024 	}
1025 	else
1026 	{
1027 		printheader = true;
1028 		(void) bfrewind(e->e_parent->e_xfp);
1029 		if (e->e_xfp != NULL)
1030 			(void) sm_io_flush(e->e_xfp, SM_TIME_DEFAULT);
1031 		while (sm_io_fgets(e->e_parent->e_xfp, SM_TIME_DEFAULT, buf,
1032 				   sizeof buf) != NULL)
1033 		{
1034 			if (printheader && !putline("   ----- Transcript of session follows -----\n",
1035 						mci))
1036 				goto writeerr;
1037 			printheader = false;
1038 			if (!putline(buf, mci))
1039 				goto writeerr;
1040 		}
1041 	}
1042 	errno = 0;
1043 
1044 #if DSN
1045 	/*
1046 	**  Output machine-readable version.
1047 	*/
1048 
1049 	if (e->e_msgboundary != NULL)
1050 	{
1051 		(void) sm_strlcpyn(buf, sizeof buf, 2, "--", e->e_msgboundary);
1052 		if (!putline("", mci) ||
1053 		    !putline(buf, mci) ||
1054 		    !putline("Content-Type: message/delivery-status", mci) ||
1055 		    !putline("", mci))
1056 			goto writeerr;
1057 
1058 		/*
1059 		**  Output per-message information.
1060 		*/
1061 
1062 		/* original envelope id from MAIL FROM: line */
1063 		if (e->e_parent->e_envid != NULL)
1064 		{
1065 			(void) sm_snprintf(buf, sizeof buf,
1066 					"Original-Envelope-Id: %.800s",
1067 					xuntextify(e->e_parent->e_envid));
1068 			if (!putline(buf, mci))
1069 				goto writeerr;
1070 		}
1071 
1072 		/* Reporting-MTA: is us (required) */
1073 		(void) sm_snprintf(buf, sizeof buf,
1074 				   "Reporting-MTA: dns; %.800s", MyHostName);
1075 		if (!putline(buf, mci))
1076 			goto writeerr;
1077 
1078 		/* DSN-Gateway: not relevant since we are not translating */
1079 
1080 		/* Received-From-MTA: shows where we got this message from */
1081 		if (RealHostName != NULL)
1082 		{
1083 			/* XXX use $s for type? */
1084 			if (e->e_parent->e_from.q_mailer == NULL ||
1085 			    (p = e->e_parent->e_from.q_mailer->m_mtatype) == NULL)
1086 				p = "dns";
1087 			(void) sm_snprintf(buf, sizeof buf,
1088 					"Received-From-MTA: %s; %.800s",
1089 					p, RealHostName);
1090 			if (!putline(buf, mci))
1091 				goto writeerr;
1092 		}
1093 
1094 		/* Arrival-Date: -- when it arrived here */
1095 		(void) sm_strlcpyn(buf, sizeof buf, 2, "Arrival-Date: ",
1096 				arpadate(ctime(&e->e_parent->e_ctime)));
1097 		if (!putline(buf, mci))
1098 			goto writeerr;
1099 
1100 		/* Deliver-By-Date: -- when it should have been delivered */
1101 		if (IS_DLVR_BY(e->e_parent))
1102 		{
1103 			time_t dbyd;
1104 
1105 			dbyd = e->e_parent->e_ctime + e->e_parent->e_deliver_by;
1106 			(void) sm_strlcpyn(buf, sizeof buf, 2,
1107 					"Deliver-By-Date: ",
1108 					arpadate(ctime(&dbyd)));
1109 			if (!putline(buf, mci))
1110 				goto writeerr;
1111 		}
1112 
1113 		/*
1114 		**  Output per-address information.
1115 		*/
1116 
1117 		for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next)
1118 		{
1119 			char *action;
1120 
1121 			if (QS_IS_BADADDR(q->q_state))
1122 			{
1123 				/* RFC 1891, 6.2.6 (b) */
1124 				if (bitset(QHASNOTIFY, q->q_flags) &&
1125 				    !bitset(QPINGONFAILURE, q->q_flags))
1126 					continue;
1127 				action = "failed";
1128 			}
1129 			else if (!bitset(QPRIMARY, q->q_flags))
1130 				continue;
1131 			else if (bitset(QDELIVERED, q->q_flags))
1132 			{
1133 				if (bitset(QEXPANDED, q->q_flags))
1134 					action = "delivered (to mailing list)";
1135 				else
1136 					action = "delivered (to mailbox)";
1137 			}
1138 			else if (bitset(QRELAYED, q->q_flags))
1139 				action = "relayed (to non-DSN-aware mailer)";
1140 			else if (bitset(QEXPANDED, q->q_flags))
1141 				action = "expanded (to multi-recipient alias)";
1142 			else if (bitset(QDELAYED, q->q_flags))
1143 				action = "delayed";
1144 			else if (bitset(QBYTRACE, q->q_flags))
1145 				action = "relayed (Deliver-By trace mode)";
1146 			else if (bitset(QBYNDELAY, q->q_flags))
1147 				action = "delayed (Deliver-By notify mode)";
1148 			else if (bitset(QBYNRELAY, q->q_flags))
1149 				action = "relayed (Deliver-By notify mode)";
1150 			else
1151 				continue;
1152 
1153 			if (!putline("", mci))
1154 				goto writeerr;
1155 
1156 			/* Original-Recipient: -- passed from on high */
1157 			if (q->q_orcpt != NULL)
1158 			{
1159 				(void) sm_snprintf(buf, sizeof buf,
1160 						"Original-Recipient: %.800s",
1161 						q->q_orcpt);
1162 				if (!putline(buf, mci))
1163 					goto writeerr;
1164 			}
1165 
1166 			/* Figure out actual recipient */
1167 			actual[0] = '\0';
1168 			if (q->q_user[0] != '\0')
1169 			{
1170 				if (q->q_mailer != NULL &&
1171 				    q->q_mailer->m_addrtype != NULL)
1172 					p = q->q_mailer->m_addrtype;
1173 				else
1174 					p = "rfc822";
1175 
1176 				if (sm_strcasecmp(p, "rfc822") == 0 &&
1177 				    strchr(q->q_user, '@') == NULL)
1178 				{
1179 					(void) sm_snprintf(actual,
1180 							   sizeof actual,
1181 							   "%s; %.700s@%.100s",
1182 							   p, q->q_user,
1183 							   MyHostName);
1184 				}
1185 				else
1186 				{
1187 					(void) sm_snprintf(actual,
1188 							   sizeof actual,
1189 							   "%s; %.800s",
1190 							   p, q->q_user);
1191 				}
1192 			}
1193 
1194 			/* Final-Recipient: -- the name from the RCPT command */
1195 			if (q->q_finalrcpt == NULL)
1196 			{
1197 				/* should never happen */
1198 				sm_syslog(LOG_ERR, e->e_id,
1199 					  "returntosender: q_finalrcpt is NULL");
1200 
1201 				/* try to fall back to the actual recipient */
1202 				if (actual[0] != '\0')
1203 					q->q_finalrcpt = sm_rpool_strdup_x(e->e_rpool,
1204 									   actual);
1205 			}
1206 
1207 			if (q->q_finalrcpt != NULL)
1208 			{
1209 				(void) sm_snprintf(buf, sizeof buf,
1210 						   "Final-Recipient: %s",
1211 						   q->q_finalrcpt);
1212 				if (!putline(buf, mci))
1213 					goto writeerr;
1214 			}
1215 
1216 			/* X-Actual-Recipient: -- the real problem address */
1217 			if (actual[0] != '\0' &&
1218 			    q->q_finalrcpt != NULL &&
1219 #if _FFR_PRIV_NOACTUALRECIPIENT
1220 			    !bitset(PRIV_NOACTUALRECIPIENT, PrivacyFlags) &&
1221 #endif /* _FFR_PRIV_NOACTUALRECIPIENT */
1222 			    strcmp(actual, q->q_finalrcpt) != 0)
1223 			{
1224 				(void) sm_snprintf(buf, sizeof buf,
1225 						   "X-Actual-Recipient: %s",
1226 						   actual);
1227 				if (!putline(buf, mci))
1228 					goto writeerr;
1229 			}
1230 
1231 			/* Action: -- what happened? */
1232 			(void) sm_strlcpyn(buf, sizeof buf, 2, "Action: ",
1233 				action);
1234 			if (!putline(buf, mci))
1235 				goto writeerr;
1236 
1237 			/* Status: -- what _really_ happened? */
1238 			if (q->q_status != NULL)
1239 				p = q->q_status;
1240 			else if (QS_IS_BADADDR(q->q_state))
1241 				p = "5.0.0";
1242 			else if (QS_IS_QUEUEUP(q->q_state))
1243 				p = "4.0.0";
1244 			else
1245 				p = "2.0.0";
1246 			(void) sm_strlcpyn(buf, sizeof buf, 2, "Status: ", p);
1247 			if (!putline(buf, mci))
1248 				goto writeerr;
1249 
1250 			/* Remote-MTA: -- who was I talking to? */
1251 			if (q->q_statmta != NULL)
1252 			{
1253 				if (q->q_mailer == NULL ||
1254 				    (p = q->q_mailer->m_mtatype) == NULL)
1255 					p = "dns";
1256 				(void) sm_snprintf(buf, sizeof buf,
1257 						"Remote-MTA: %s; %.800s",
1258 						p, q->q_statmta);
1259 				p = &buf[strlen(buf) - 1];
1260 				if (*p == '.')
1261 					*p = '\0';
1262 				if (!putline(buf, mci))
1263 					goto writeerr;
1264 			}
1265 
1266 			/* Diagnostic-Code: -- actual result from other end */
1267 			if (q->q_rstatus != NULL)
1268 			{
1269 				if (q->q_mailer == NULL ||
1270 				    (p = q->q_mailer->m_diagtype) == NULL)
1271 					p = "smtp";
1272 				(void) sm_snprintf(buf, sizeof buf,
1273 						"Diagnostic-Code: %s; %.800s",
1274 						p, q->q_rstatus);
1275 				if (!putline(buf, mci))
1276 					goto writeerr;
1277 			}
1278 
1279 			/* Last-Attempt-Date: -- fine granularity */
1280 			if (q->q_statdate == (time_t) 0L)
1281 				q->q_statdate = curtime();
1282 			(void) sm_strlcpyn(buf, sizeof buf, 2,
1283 					"Last-Attempt-Date: ",
1284 					arpadate(ctime(&q->q_statdate)));
1285 			if (!putline(buf, mci))
1286 				goto writeerr;
1287 
1288 			/* Will-Retry-Until: -- for delayed messages only */
1289 			if (QS_IS_QUEUEUP(q->q_state))
1290 			{
1291 				time_t xdate;
1292 
1293 				xdate = e->e_parent->e_ctime +
1294 					TimeOuts.to_q_return[e->e_parent->e_timeoutclass];
1295 				(void) sm_strlcpyn(buf, sizeof buf, 2,
1296 					 "Will-Retry-Until: ",
1297 					 arpadate(ctime(&xdate)));
1298 				if (!putline(buf, mci))
1299 					goto writeerr;
1300 			}
1301 		}
1302 	}
1303 #endif /* DSN */
1304 
1305 	/*
1306 	**  Output text of original message
1307 	*/
1308 
1309 	if (!putline("", mci))
1310 		goto writeerr;
1311 	if (bitset(EF_HAS_DF, e->e_parent->e_flags))
1312 	{
1313 		sendbody = !bitset(EF_NO_BODY_RETN, e->e_parent->e_flags) &&
1314 			   !bitset(EF_NO_BODY_RETN, e->e_flags);
1315 
1316 		if (e->e_msgboundary == NULL)
1317 		{
1318 			if (!putline(
1319 				sendbody
1320 				? "   ----- Original message follows -----\n"
1321 				: "   ----- Message header follows -----\n",
1322 				mci))
1323 			{
1324 				goto writeerr;
1325 			}
1326 		}
1327 		else
1328 		{
1329 			(void) sm_strlcpyn(buf, sizeof buf, 2, "--",
1330 					e->e_msgboundary);
1331 
1332 			if (!putline(buf, mci))
1333 				goto writeerr;
1334 			(void) sm_strlcpyn(buf, sizeof buf, 2, "Content-Type: ",
1335 					sendbody ? "message/rfc822"
1336 						 : "text/rfc822-headers");
1337 			if (!putline(buf, mci))
1338 				goto writeerr;
1339 
1340 			p = hvalue("Content-Transfer-Encoding",
1341 				   e->e_parent->e_header);
1342 			if (p != NULL && sm_strcasecmp(p, "binary") != 0)
1343 				p = NULL;
1344 			if (p == NULL &&
1345 			    bitset(EF_HAS8BIT, e->e_parent->e_flags))
1346 				p = "8bit";
1347 			if (p != NULL)
1348 			{
1349 				(void) sm_snprintf(buf, sizeof buf,
1350 						"Content-Transfer-Encoding: %s",
1351 						p);
1352 				if (!putline(buf, mci))
1353 					goto writeerr;
1354 			}
1355 		}
1356 		if (!putline("", mci))
1357 			goto writeerr;
1358 		save_errno = errno;
1359 		if (!putheader(mci, e->e_parent->e_header, e->e_parent,
1360 				M87F_OUTER))
1361 			goto writeerr;
1362 		errno = save_errno;
1363 		if (sendbody)
1364 		{
1365 			if (!putbody(mci, e->e_parent, e->e_msgboundary))
1366 				goto writeerr;
1367 		}
1368 		else if (e->e_msgboundary == NULL)
1369 		{
1370 			if (!putline("", mci) ||
1371 			    !putline("   ----- Message body suppressed -----",
1372 					mci))
1373 			{
1374 				goto writeerr;
1375 			}
1376 		}
1377 	}
1378 	else if (e->e_msgboundary == NULL)
1379 	{
1380 		if (!putline("  ----- No message was collected -----\n", mci))
1381 			goto writeerr;
1382 	}
1383 
1384 	if (e->e_msgboundary != NULL)
1385 	{
1386 		(void) sm_strlcpyn(buf, sizeof buf, 3, "--", e->e_msgboundary,
1387 				   "--");
1388 		if (!putline("", mci) || !putline(buf, mci))
1389 			goto writeerr;
1390 	}
1391 	if (!putline("", mci) ||
1392 	    sm_io_flush(mci->mci_out, SM_TIME_DEFAULT) == SM_IO_EOF)
1393 			goto writeerr;
1394 
1395 	/*
1396 	**  Cleanup and exit
1397 	*/
1398 
1399 	if (errno != 0)
1400 	{
1401   writeerr:
1402 		syserr("errbody: I/O error");
1403 		return false;
1404 	}
1405 	return true;
1406 }
1407 
1408 /*
1409 **  SMTPTODSN -- convert SMTP to DSN status code
1410 **
1411 **	Parameters:
1412 **		smtpstat -- the smtp status code (e.g., 550).
1413 **
1414 **	Returns:
1415 **		The DSN version of the status code.
1416 **
1417 **	Storage Management:
1418 **		smtptodsn() returns a pointer to a character string literal,
1419 **		which will remain valid forever, and thus does not need to
1420 **		be copied.  Current code relies on this property.
1421 */
1422 
1423 char *
1424 smtptodsn(smtpstat)
1425 	int smtpstat;
1426 {
1427 	if (smtpstat < 0)
1428 		return "4.4.2";
1429 
1430 	switch (smtpstat)
1431 	{
1432 	  case 450:	/* Req mail action not taken: mailbox unavailable */
1433 		return "4.2.0";
1434 
1435 	  case 451:	/* Req action aborted: local error in processing */
1436 		return "4.3.0";
1437 
1438 	  case 452:	/* Req action not taken: insufficient sys storage */
1439 		return "4.3.1";
1440 
1441 	  case 500:	/* Syntax error, command unrecognized */
1442 		return "5.5.2";
1443 
1444 	  case 501:	/* Syntax error in parameters or arguments */
1445 		return "5.5.4";
1446 
1447 	  case 502:	/* Command not implemented */
1448 		return "5.5.1";
1449 
1450 	  case 503:	/* Bad sequence of commands */
1451 		return "5.5.1";
1452 
1453 	  case 504:	/* Command parameter not implemented */
1454 		return "5.5.4";
1455 
1456 	  case 550:	/* Req mail action not taken: mailbox unavailable */
1457 		return "5.2.0";
1458 
1459 	  case 551:	/* User not local; please try <...> */
1460 		return "5.1.6";
1461 
1462 	  case 552:	/* Req mail action aborted: exceeded storage alloc */
1463 		return "5.2.2";
1464 
1465 	  case 553:	/* Req action not taken: mailbox name not allowed */
1466 		return "5.1.0";
1467 
1468 	  case 554:	/* Transaction failed */
1469 		return "5.0.0";
1470 	}
1471 
1472 	if (REPLYTYPE(smtpstat) == 2)
1473 		return "2.0.0";
1474 	if (REPLYTYPE(smtpstat) == 4)
1475 		return "4.0.0";
1476 	return "5.0.0";
1477 }
1478 /*
1479 **  XTEXTIFY -- take regular text and turn it into DSN-style xtext
1480 **
1481 **	Parameters:
1482 **		t -- the text to convert.
1483 **		taboo -- additional characters that must be encoded.
1484 **
1485 **	Returns:
1486 **		The xtext-ified version of the same string.
1487 */
1488 
1489 char *
1490 xtextify(t, taboo)
1491 	register char *t;
1492 	char *taboo;
1493 {
1494 	register char *p;
1495 	int l;
1496 	int nbogus;
1497 	static char *bp = NULL;
1498 	static int bplen = 0;
1499 
1500 	if (taboo == NULL)
1501 		taboo = "";
1502 
1503 	/* figure out how long this xtext will have to be */
1504 	nbogus = l = 0;
1505 	for (p = t; *p != '\0'; p++)
1506 	{
1507 		register int c = (*p & 0xff);
1508 
1509 		/* ASCII dependence here -- this is the way the spec words it */
1510 		if (c < '!' || c > '~' || c == '+' || c == '\\' || c == '(' ||
1511 		    strchr(taboo, c) != NULL)
1512 			nbogus++;
1513 		l++;
1514 	}
1515 	if (nbogus < 0)
1516 	{
1517 		/* since nbogus is ssize_t and wrapped, 2 * size_t would wrap */
1518 		syserr("!xtextify string too long");
1519 	}
1520 	if (nbogus == 0)
1521 		return t;
1522 	l += nbogus * 2 + 1;
1523 
1524 	/* now allocate space if necessary for the new string */
1525 	if (l > bplen)
1526 	{
1527 		if (bp != NULL)
1528 			sm_free(bp); /* XXX */
1529 		bp = sm_pmalloc_x(l);
1530 		bplen = l;
1531 	}
1532 
1533 	/* ok, copy the text with byte expansion */
1534 	for (p = bp; *t != '\0'; )
1535 	{
1536 		register int c = (*t++ & 0xff);
1537 
1538 		/* ASCII dependence here -- this is the way the spec words it */
1539 		if (c < '!' || c > '~' || c == '+' || c == '\\' || c == '(' ||
1540 		    strchr(taboo, c) != NULL)
1541 		{
1542 			*p++ = '+';
1543 			*p++ = "0123456789ABCDEF"[c >> 4];
1544 			*p++ = "0123456789ABCDEF"[c & 0xf];
1545 		}
1546 		else
1547 			*p++ = c;
1548 	}
1549 	*p = '\0';
1550 	return bp;
1551 }
1552 /*
1553 **  XUNTEXTIFY -- take xtext and turn it into plain text
1554 **
1555 **	Parameters:
1556 **		t -- the xtextified text.
1557 **
1558 **	Returns:
1559 **		The decoded text.  No attempt is made to deal with
1560 **		null strings in the resulting text.
1561 */
1562 
1563 char *
1564 xuntextify(t)
1565 	register char *t;
1566 {
1567 	register char *p;
1568 	int l;
1569 	static char *bp = NULL;
1570 	static int bplen = 0;
1571 
1572 	/* heuristic -- if no plus sign, just return the input */
1573 	if (strchr(t, '+') == NULL)
1574 		return t;
1575 
1576 	/* xtext is always longer than decoded text */
1577 	l = strlen(t);
1578 	if (l > bplen)
1579 	{
1580 		if (bp != NULL)
1581 			sm_free(bp); /* XXX */
1582 		bp = xalloc(l);
1583 		bplen = l;
1584 	}
1585 
1586 	/* ok, copy the text with byte compression */
1587 	for (p = bp; *t != '\0'; t++)
1588 	{
1589 		register int c = *t & 0xff;
1590 
1591 		if (c != '+')
1592 		{
1593 			*p++ = c;
1594 			continue;
1595 		}
1596 
1597 		c = *++t & 0xff;
1598 		if (!isascii(c) || !isxdigit(c))
1599 		{
1600 			/* error -- first digit is not hex */
1601 			usrerr("bogus xtext: +%c", c);
1602 			t--;
1603 			continue;
1604 		}
1605 		if (isdigit(c))
1606 			c -= '0';
1607 		else if (isupper(c))
1608 			c -= 'A' - 10;
1609 		else
1610 			c -= 'a' - 10;
1611 		*p = c << 4;
1612 
1613 		c = *++t & 0xff;
1614 		if (!isascii(c) || !isxdigit(c))
1615 		{
1616 			/* error -- second digit is not hex */
1617 			usrerr("bogus xtext: +%x%c", *p >> 4, c);
1618 			t--;
1619 			continue;
1620 		}
1621 		if (isdigit(c))
1622 			c -= '0';
1623 		else if (isupper(c))
1624 			c -= 'A' - 10;
1625 		else
1626 			c -= 'a' - 10;
1627 		*p++ |= c;
1628 	}
1629 	*p = '\0';
1630 	return bp;
1631 }
1632 /*
1633 **  XTEXTOK -- check if a string is legal xtext
1634 **
1635 **	Xtext is used in Delivery Status Notifications.  The spec was
1636 **	taken from RFC 1891, ``SMTP Service Extension for Delivery
1637 **	Status Notifications''.
1638 **
1639 **	Parameters:
1640 **		s -- the string to check.
1641 **
1642 **	Returns:
1643 **		true -- if 's' is legal xtext.
1644 **		false -- if it has any illegal characters in it.
1645 */
1646 
1647 bool
1648 xtextok(s)
1649 	char *s;
1650 {
1651 	int c;
1652 
1653 	while ((c = *s++) != '\0')
1654 	{
1655 		if (c == '+')
1656 		{
1657 			c = *s++;
1658 			if (!isascii(c) || !isxdigit(c))
1659 				return false;
1660 			c = *s++;
1661 			if (!isascii(c) || !isxdigit(c))
1662 				return false;
1663 		}
1664 		else if (c < '!' || c > '~' || c == '=')
1665 			return false;
1666 	}
1667 	return true;
1668 }
1669 /*
1670 **  PRUNEROUTE -- prune an RFC-822 source route
1671 **
1672 **	Trims down a source route to the last internet-registered hop.
1673 **	This is encouraged by RFC 1123 section 5.3.3.
1674 **
1675 **	Parameters:
1676 **		addr -- the address
1677 **
1678 **	Returns:
1679 **		true -- address was modified
1680 **		false -- address could not be pruned
1681 **
1682 **	Side Effects:
1683 **		modifies addr in-place
1684 */
1685 
1686 static bool
1687 pruneroute(addr)
1688 	char *addr;
1689 {
1690 #if NAMED_BIND
1691 	char *start, *at, *comma;
1692 	char c;
1693 	int braclev;
1694 	int rcode;
1695 	int i;
1696 	char hostbuf[BUFSIZ];
1697 	char *mxhosts[MAXMXHOSTS + 1];
1698 
1699 	/* check to see if this is really a route-addr */
1700 	if (*addr != '<' || addr[1] != '@' || addr[strlen(addr) - 1] != '>')
1701 		return false;
1702 
1703 	/*
1704 	**  Can't simply find the first ':' is the address might be in the
1705 	**  form:  "<@[IPv6:::1]:user@host>" and the first ':' in inside
1706 	**  the IPv6 address.
1707 	*/
1708 
1709 	start = addr;
1710 	braclev = 0;
1711 	while (*start != '\0')
1712 	{
1713 		if (*start == ':' && braclev <= 0)
1714 			break;
1715 		else if (*start == '[')
1716 			braclev++;
1717 		else if (*start == ']' && braclev > 0)
1718 			braclev--;
1719 		start++;
1720 	}
1721 	if (braclev > 0 || *start != ':')
1722 		return false;
1723 
1724 	at = strrchr(addr, '@');
1725 	if (at == NULL || at < start)
1726 		return false;
1727 
1728 	/* slice off the angle brackets */
1729 	i = strlen(at + 1);
1730 	if (i >= sizeof hostbuf)
1731 		return false;
1732 	(void) sm_strlcpy(hostbuf, at + 1, sizeof hostbuf);
1733 	hostbuf[i - 1] = '\0';
1734 
1735 	while (start != NULL)
1736 	{
1737 		if (getmxrr(hostbuf, mxhosts, NULL, false,
1738 			    &rcode, true, NULL) > 0)
1739 		{
1740 			(void) sm_strlcpy(addr + 1, start + 1,
1741 					  strlen(addr) - 1);
1742 			return true;
1743 		}
1744 		c = *start;
1745 		*start = '\0';
1746 		comma = strrchr(addr, ',');
1747 		if (comma != NULL && comma[1] == '@' &&
1748 		    strlen(comma + 2) < sizeof hostbuf)
1749 			(void) sm_strlcpy(hostbuf, comma + 2, sizeof hostbuf);
1750 		else
1751 			comma = NULL;
1752 		*start = c;
1753 		start = comma;
1754 	}
1755 #endif /* NAMED_BIND */
1756 	return false;
1757 }
1758