1 /*
2 * Copyright (c) 1983 Eric P. Allman
3 * Copyright (c) 1988 Regents of the University of California.
4 * All rights reserved.
5 *
6 * %sccs.include.redist.c%
7 */
8
9 #ifndef lint
10 static char sccsid[] = "@(#)deliver.c 5.46 (Berkeley) 12/05/91";
11 #endif /* not lint */
12
13 #include "sendmail.h"
14 #include <sys/signal.h>
15 #include <sys/stat.h>
16 #include <netdb.h>
17 #include <fcntl.h>
18 #include <errno.h>
19 #ifdef NAMED_BIND
20 #include <sys/param.h>
21 #include <arpa/nameser.h>
22 #include <resolv.h>
23 #endif
24
25 /*
26 ** DELIVER -- Deliver a message to a list of addresses.
27 **
28 ** This routine delivers to everyone on the same host as the
29 ** user on the head of the list. It is clever about mailers
30 ** that don't handle multiple users. It is NOT guaranteed
31 ** that it will deliver to all these addresses however -- so
32 ** deliver should be called once for each address on the
33 ** list.
34 **
35 ** Parameters:
36 ** e -- the envelope to deliver.
37 ** firstto -- head of the address list to deliver to.
38 **
39 ** Returns:
40 ** zero -- successfully delivered.
41 ** else -- some failure, see ExitStat for more info.
42 **
43 ** Side Effects:
44 ** The standard input is passed off to someone.
45 */
46
47 deliver(e, firstto)
48 register ENVELOPE *e;
49 ADDRESS *firstto;
50 {
51 char *host; /* host being sent to */
52 char *user; /* user being sent to */
53 char **pvp;
54 register char **mvp;
55 register char *p;
56 register MAILER *m; /* mailer for this recipient */
57 ADDRESS *ctladdr;
58 register ADDRESS *to = firstto;
59 bool clever = FALSE; /* running user smtp to this mailer */
60 ADDRESS *tochain = NULL; /* chain of users in this mailer call */
61 int rcode; /* response code */
62 char *pv[MAXPV+1];
63 char tobuf[MAXLINE-50]; /* text line of to people */
64 char buf[MAXNAME];
65 char tfrombuf[MAXNAME]; /* translated from person */
66 extern bool checkcompat();
67 extern ADDRESS *getctladdr();
68 extern char *remotename();
69
70 errno = 0;
71 if (bitset(QDONTSEND, to->q_flags))
72 return (0);
73
74 #ifdef NAMED_BIND
75 /* unless interactive, try twice, over a minute */
76 if (OpMode == MD_DAEMON || OpMode == MD_SMTP) {
77 _res.retrans = 30;
78 _res.retry = 2;
79 }
80 #endif
81
82 m = to->q_mailer;
83 host = to->q_host;
84
85 if (tTd(10, 1))
86 printf("\n--deliver, mailer=%d, host=`%s', first user=`%s'\n",
87 m->m_mno, host, to->q_user);
88
89 /*
90 ** If this mailer is expensive, and if we don't want to make
91 ** connections now, just mark these addresses and return.
92 ** This is useful if we want to batch connections to
93 ** reduce load. This will cause the messages to be
94 ** queued up, and a daemon will come along to send the
95 ** messages later.
96 ** This should be on a per-mailer basis.
97 */
98
99 if (NoConnect && !QueueRun && bitnset(M_EXPENSIVE, m->m_flags) &&
100 !Verbose)
101 {
102 for (; to != NULL; to = to->q_next)
103 {
104 if (bitset(QDONTSEND, to->q_flags) || to->q_mailer != m)
105 continue;
106 to->q_flags |= QQUEUEUP|QDONTSEND;
107 e->e_to = to->q_paddr;
108 message(Arpa_Info, "queued");
109 if (LogLevel > 4)
110 logdelivery("queued");
111 }
112 e->e_to = NULL;
113 return (0);
114 }
115
116 /*
117 ** Do initial argv setup.
118 ** Insert the mailer name. Notice that $x expansion is
119 ** NOT done on the mailer name. Then, if the mailer has
120 ** a picky -f flag, we insert it as appropriate. This
121 ** code does not check for 'pv' overflow; this places a
122 ** manifest lower limit of 4 for MAXPV.
123 ** The from address rewrite is expected to make
124 ** the address relative to the other end.
125 */
126
127 /* rewrite from address, using rewriting rules */
128 expand("\001f", buf, &buf[sizeof buf - 1], e);
129 (void) strcpy(tfrombuf, remotename(buf, m, TRUE, TRUE));
130
131 define('g', tfrombuf, e); /* translated sender address */
132 define('h', host, e); /* to host */
133 Errors = 0;
134 pvp = pv;
135 *pvp++ = m->m_argv[0];
136
137 /* insert -f or -r flag as appropriate */
138 if (FromFlag && (bitnset(M_FOPT, m->m_flags) || bitnset(M_ROPT, m->m_flags)))
139 {
140 if (bitnset(M_FOPT, m->m_flags))
141 *pvp++ = "-f";
142 else
143 *pvp++ = "-r";
144 expand("\001g", buf, &buf[sizeof buf - 1], e);
145 *pvp++ = newstr(buf);
146 }
147
148 /*
149 ** Append the other fixed parts of the argv. These run
150 ** up to the first entry containing "$u". There can only
151 ** be one of these, and there are only a few more slots
152 ** in the pv after it.
153 */
154
155 for (mvp = m->m_argv; (p = *++mvp) != NULL; )
156 {
157 while ((p = index(p, '\001')) != NULL)
158 if (*++p == 'u')
159 break;
160 if (p != NULL)
161 break;
162
163 /* this entry is safe -- go ahead and process it */
164 expand(*mvp, buf, &buf[sizeof buf - 1], e);
165 *pvp++ = newstr(buf);
166 if (pvp >= &pv[MAXPV - 3])
167 {
168 syserr("Too many parameters to %s before $u", pv[0]);
169 return (-1);
170 }
171 }
172
173 /*
174 ** If we have no substitution for the user name in the argument
175 ** list, we know that we must supply the names otherwise -- and
176 ** SMTP is the answer!!
177 */
178
179 if (*mvp == NULL)
180 {
181 /* running SMTP */
182 # ifdef SMTP
183 clever = TRUE;
184 *pvp = NULL;
185 # else SMTP
186 /* oops! we don't implement SMTP */
187 syserr("SMTP style mailer");
188 return (EX_SOFTWARE);
189 # endif SMTP
190 }
191
192 /*
193 ** At this point *mvp points to the argument with $u. We
194 ** run through our address list and append all the addresses
195 ** we can. If we run out of space, do not fret! We can
196 ** always send another copy later.
197 */
198
199 tobuf[0] = '\0';
200 e->e_to = tobuf;
201 ctladdr = NULL;
202 for (; to != NULL; to = to->q_next)
203 {
204 /* avoid sending multiple recipients to dumb mailers */
205 if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags))
206 break;
207
208 /* if already sent or not for this host, don't send */
209 if (bitset(QDONTSEND, to->q_flags) ||
210 strcmp(to->q_host, host) != 0 ||
211 to->q_mailer != firstto->q_mailer)
212 continue;
213
214 /* avoid overflowing tobuf */
215 if (sizeof tobuf < (strlen(to->q_paddr) + strlen(tobuf) + 2))
216 break;
217
218 if (tTd(10, 1))
219 {
220 printf("\nsend to ");
221 printaddr(to, FALSE);
222 }
223
224 /* compute effective uid/gid when sending */
225 if (to->q_mailer == ProgMailer)
226 ctladdr = getctladdr(to);
227
228 user = to->q_user;
229 e->e_to = to->q_paddr;
230 to->q_flags |= QDONTSEND;
231
232 /*
233 ** Check to see that these people are allowed to
234 ** talk to each other.
235 */
236
237 if (m->m_maxsize != 0 && e->e_msgsize > m->m_maxsize)
238 {
239 NoReturn = TRUE;
240 usrerr("Message is too large; %ld bytes max", m->m_maxsize);
241 giveresponse(EX_UNAVAILABLE, m, e);
242 continue;
243 }
244 if (!checkcompat(to))
245 {
246 giveresponse(EX_UNAVAILABLE, m, e);
247 continue;
248 }
249
250 /*
251 ** Strip quote bits from names if the mailer is dumb
252 ** about them.
253 */
254
255 if (bitnset(M_STRIPQ, m->m_flags))
256 {
257 stripquotes(user, TRUE);
258 stripquotes(host, TRUE);
259 }
260 else
261 {
262 stripquotes(user, FALSE);
263 stripquotes(host, FALSE);
264 }
265
266 /* hack attack -- delivermail compatibility */
267 if (m == ProgMailer && *user == '|')
268 user++;
269
270 /*
271 ** If an error message has already been given, don't
272 ** bother to send to this address.
273 **
274 ** >>>>>>>>>> This clause assumes that the local mailer
275 ** >> NOTE >> cannot do any further aliasing; that
276 ** >>>>>>>>>> function is subsumed by sendmail.
277 */
278
279 if (bitset(QBADADDR|QQUEUEUP, to->q_flags))
280 continue;
281
282 /* save statistics.... */
283 markstats(e, to);
284
285 /*
286 ** See if this user name is "special".
287 ** If the user name has a slash in it, assume that this
288 ** is a file -- send it off without further ado. Note
289 ** that this type of addresses is not processed along
290 ** with the others, so we fudge on the To person.
291 */
292
293 if (m == LocalMailer)
294 {
295 if (user[0] == '/')
296 {
297 rcode = mailfile(user, getctladdr(to));
298 giveresponse(rcode, m, e);
299 if (rcode == EX_OK)
300 to->q_flags |= QSENT;
301 continue;
302 }
303 }
304
305 /*
306 ** Address is verified -- add this user to mailer
307 ** argv, and add it to the print list of recipients.
308 */
309
310 /* link together the chain of recipients */
311 to->q_tchain = tochain;
312 tochain = to;
313
314 /* create list of users for error messages */
315 (void) strcat(tobuf, ",");
316 (void) strcat(tobuf, to->q_paddr);
317 define('u', user, e); /* to user */
318 define('z', to->q_home, e); /* user's home */
319
320 /*
321 ** Expand out this user into argument list.
322 */
323
324 if (!clever)
325 {
326 expand(*mvp, buf, &buf[sizeof buf - 1], e);
327 *pvp++ = newstr(buf);
328 if (pvp >= &pv[MAXPV - 2])
329 {
330 /* allow some space for trailing parms */
331 break;
332 }
333 }
334 }
335
336 /* see if any addresses still exist */
337 if (tobuf[0] == '\0')
338 {
339 define('g', (char *) NULL, e);
340 return (0);
341 }
342
343 /* print out messages as full list */
344 e->e_to = tobuf + 1;
345
346 /*
347 ** Fill out any parameters after the $u parameter.
348 */
349
350 while (!clever && *++mvp != NULL)
351 {
352 expand(*mvp, buf, &buf[sizeof buf - 1], e);
353 *pvp++ = newstr(buf);
354 if (pvp >= &pv[MAXPV])
355 syserr("deliver: pv overflow after $u for %s", pv[0]);
356 }
357 *pvp++ = NULL;
358
359 /*
360 ** Call the mailer.
361 ** The argument vector gets built, pipes
362 ** are created as necessary, and we fork & exec as
363 ** appropriate.
364 ** If we are running SMTP, we just need to clean up.
365 */
366
367 if (ctladdr == NULL)
368 ctladdr = &e->e_from;
369 #ifdef NAMED_BIND
370 if (ConfigLevel < 2)
371 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
372 #endif
373 #ifdef SMTP
374 if (clever)
375 {
376 rcode = EX_OK;
377 #ifdef NAMED_BIND
378 if (host[0] && host[0] != '[')
379 {
380 expand("\001j", buf, &buf[sizeof(buf) - 1], e);
381 Nmx = getmxrr(host, MxHosts, buf, &rcode);
382 }
383 else
384 #endif
385 {
386 Nmx = 1;
387 MxHosts[0] = host;
388 }
389 if (Nmx >= 0)
390 {
391 message(Arpa_Info, "Connecting to %s (%s)...",
392 MxHosts[0], m->m_name);
393 if ((rcode = smtpinit(m, pv)) == EX_OK) {
394 register char *t = tobuf;
395 register int i;
396
397 /* send the recipient list */
398 tobuf[0] = '\0';
399 for (to = tochain; to; to = to->q_tchain) {
400 e->e_to = to->q_paddr;
401 if ((i = smtprcpt(to, m)) != EX_OK) {
402 markfailure(e, to, i);
403 giveresponse(i, m, e);
404 }
405 else {
406 *t++ = ',';
407 for (p = to->q_paddr; *p; *t++ = *p++);
408 }
409 }
410
411 /* now send the data */
412 if (tobuf[0] == '\0')
413 e->e_to = NULL;
414 else {
415 e->e_to = tobuf + 1;
416 rcode = smtpdata(m, e);
417 }
418
419 /* now close the connection */
420 smtpquit(m);
421 }
422 }
423 }
424 else
425 #endif /* SMTP */
426 {
427 static int sendoff();
428
429 message(Arpa_Info, "Connecting to %s (%s)...", host, m->m_name);
430 rcode = sendoff(e, m, pv, ctladdr);
431 }
432 #ifdef NAMED_BIND
433 if (ConfigLevel < 2)
434 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */
435 #endif
436
437 /*
438 ** Do final status disposal.
439 ** We check for something in tobuf for the SMTP case.
440 ** If we got a temporary failure, arrange to queue the
441 ** addressees.
442 */
443
444 if (tobuf[0] != '\0')
445 giveresponse(rcode, m, e);
446 for (to = tochain; to != NULL; to = to->q_tchain)
447 if (rcode != EX_OK)
448 markfailure(e, to, rcode);
449 else
450 to->q_flags |= QSENT;
451
452 errno = 0;
453 define('g', (char *) NULL, e);
454 return (rcode);
455 }
456 �/*
457 ** MARKFAILURE -- mark a failure on a specific address.
458 **
459 ** Parameters:
460 ** e -- the envelope we are sending.
461 ** q -- the address to mark.
462 ** rcode -- the code signifying the particular failure.
463 **
464 ** Returns:
465 ** none.
466 **
467 ** Side Effects:
468 ** marks the address (and possibly the envelope) with the
469 ** failure so that an error will be returned or
470 ** the message will be queued, as appropriate.
471 */
472
473 markfailure(e, q, rcode)
474 register ENVELOPE *e;
475 register ADDRESS *q;
476 int rcode;
477 {
478 if (rcode == EX_OK)
479 return;
480 else if (rcode != EX_TEMPFAIL && rcode != EX_IOERR && rcode != EX_OSERR)
481 q->q_flags |= QBADADDR;
482 else if (curtime() > e->e_ctime + TimeOut)
483 {
484 extern char *pintvl();
485 char buf[MAXLINE];
486
487 if (!bitset(EF_TIMEOUT, e->e_flags))
488 {
489 (void) sprintf(buf, "Cannot send message for %s",
490 pintvl(TimeOut, FALSE));
491 if (e->e_message != NULL)
492 free(e->e_message);
493 e->e_message = newstr(buf);
494 message(Arpa_Info, buf);
495 }
496 q->q_flags |= QBADADDR;
497 e->e_flags |= EF_TIMEOUT;
498 }
499 else
500 q->q_flags |= QQUEUEUP;
501 }
502 �/*
503 ** DOFORK -- do a fork, retrying a couple of times on failure.
504 **
505 ** This MUST be a macro, since after a vfork we are running
506 ** two processes on the same stack!!!
507 **
508 ** Parameters:
509 ** none.
510 **
511 ** Returns:
512 ** From a macro??? You've got to be kidding!
513 **
514 ** Side Effects:
515 ** Modifies the ==> LOCAL <== variable 'pid', leaving:
516 ** pid of child in parent, zero in child.
517 ** -1 on unrecoverable error.
518 **
519 ** Notes:
520 ** I'm awfully sorry this looks so awful. That's
521 ** vfork for you.....
522 */
523
524 # define NFORKTRIES 5
525 # ifdef VMUNIX
526 # define XFORK vfork
527 # else VMUNIX
528 # define XFORK fork
529 # endif VMUNIX
530
531 # define DOFORK(fORKfN) \
532 {\
533 register int i;\
534 \
535 for (i = NFORKTRIES; --i >= 0; )\
536 {\
537 pid = fORKfN();\
538 if (pid >= 0)\
539 break;\
540 if (i > 0)\
541 sleep((unsigned) NFORKTRIES - i);\
542 }\
543 }
544 �/*
545 ** DOFORK -- simple fork interface to DOFORK.
546 **
547 ** Parameters:
548 ** none.
549 **
550 ** Returns:
551 ** pid of child in parent.
552 ** zero in child.
553 ** -1 on error.
554 **
555 ** Side Effects:
556 ** returns twice, once in parent and once in child.
557 */
558
559 dofork()
560 {
561 register int pid;
562
563 DOFORK(fork);
564 return (pid);
565 }
566 �/*
567 ** SENDOFF -- send off call to mailer & collect response.
568 **
569 ** Parameters:
570 ** e -- the envelope to mail.
571 ** m -- mailer descriptor.
572 ** pvp -- parameter vector to send to it.
573 ** ctladdr -- an address pointer controlling the
574 ** user/groupid etc. of the mailer.
575 **
576 ** Returns:
577 ** exit status of mailer.
578 **
579 ** Side Effects:
580 ** none.
581 */
582 static
583 sendoff(e, m, pvp, ctladdr)
584 register ENVELOPE *e;
585 MAILER *m;
586 char **pvp;
587 ADDRESS *ctladdr;
588 {
589 auto FILE *mfile;
590 auto FILE *rfile;
591 register int i;
592 int pid;
593
594 /*
595 ** Create connection to mailer.
596 */
597
598 pid = openmailer(m, pvp, ctladdr, FALSE, &mfile, &rfile);
599 if (pid < 0)
600 return (-1);
601
602 /*
603 ** Format and send message.
604 */
605
606 putfromline(mfile, m);
607 (*e->e_puthdr)(mfile, m, e);
608 putline("\n", mfile, m);
609 (*e->e_putbody)(mfile, m, e);
610 (void) fclose(mfile);
611 if (rfile != NULL)
612 (void) fclose(rfile);
613
614 i = endmailer(pid, pvp[0]);
615
616 /* arrange a return receipt if requested */
617 if (e->e_receiptto != NULL && bitnset(M_LOCAL, m->m_flags))
618 {
619 e->e_flags |= EF_SENDRECEIPT;
620 /* do we want to send back more info? */
621 }
622
623 return (i);
624 }
625 �/*
626 ** ENDMAILER -- Wait for mailer to terminate.
627 **
628 ** We should never get fatal errors (e.g., segmentation
629 ** violation), so we report those specially. For other
630 ** errors, we choose a status message (into statmsg),
631 ** and if it represents an error, we print it.
632 **
633 ** Parameters:
634 ** pid -- pid of mailer.
635 ** name -- name of mailer (for error messages).
636 **
637 ** Returns:
638 ** exit code of mailer.
639 **
640 ** Side Effects:
641 ** none.
642 */
643
644 endmailer(pid, name)
645 int pid;
646 char *name;
647 {
648 int st;
649
650 /* in the IPC case there is nothing to wait for */
651 if (pid == 0)
652 return (EX_OK);
653
654 /* wait for the mailer process to die and collect status */
655 st = waitfor(pid);
656 if (st == -1)
657 {
658 syserr("endmailer %s: wait", name);
659 return (EX_SOFTWARE);
660 }
661
662 /* see if it died a horrid death */
663 if ((st & 0377) != 0)
664 {
665 syserr("mailer %s died with signal %o", name, st);
666 ExitStat = EX_TEMPFAIL;
667 return (EX_TEMPFAIL);
668 }
669
670 /* normal death -- return status */
671 st = (st >> 8) & 0377;
672 return (st);
673 }
674 �/*
675 ** OPENMAILER -- open connection to mailer.
676 **
677 ** Parameters:
678 ** m -- mailer descriptor.
679 ** pvp -- parameter vector to pass to mailer.
680 ** ctladdr -- controlling address for user.
681 ** clever -- create a full duplex connection.
682 ** pmfile -- pointer to mfile (to mailer) connection.
683 ** prfile -- pointer to rfile (from mailer) connection.
684 **
685 ** Returns:
686 ** pid of mailer ( > 0 ).
687 ** -1 on error.
688 ** zero on an IPC connection.
689 **
690 ** Side Effects:
691 ** creates a mailer in a subprocess.
692 */
693
694 openmailer(m, pvp, ctladdr, clever, pmfile, prfile)
695 MAILER *m;
696 char **pvp;
697 ADDRESS *ctladdr;
698 bool clever;
699 FILE **pmfile;
700 FILE **prfile;
701 {
702 int pid;
703 int mpvect[2];
704 int rpvect[2];
705 FILE *mfile = NULL;
706 FILE *rfile = NULL;
707 extern FILE *fdopen();
708
709 if (tTd(11, 1))
710 {
711 printf("openmailer:");
712 printav(pvp);
713 }
714 errno = 0;
715
716 CurHostName = m->m_mailer;
717
718 /*
719 ** Deal with the special case of mail handled through an IPC
720 ** connection.
721 ** In this case we don't actually fork. We must be
722 ** running SMTP for this to work. We will return a
723 ** zero pid to indicate that we are running IPC.
724 ** We also handle a debug version that just talks to stdin/out.
725 */
726
727 /* check for Local Person Communication -- not for mortals!!! */
728 if (strcmp(m->m_mailer, "[LPC]") == 0)
729 {
730 *pmfile = stdout;
731 *prfile = stdin;
732 return (0);
733 }
734
735 if (strcmp(m->m_mailer, "[IPC]") == 0)
736 {
737 #ifdef HOSTINFO
738 register STAB *st;
739 extern STAB *stab();
740 #endif HOSTINFO
741 #ifdef DAEMON
742 register int i, j;
743 register u_short port;
744
745 CurHostName = pvp[1];
746 if (!clever)
747 syserr("non-clever IPC");
748 if (pvp[2] != NULL)
749 port = atoi(pvp[2]);
750 else
751 port = 0;
752 for (j = 0; j < Nmx; j++)
753 {
754 CurHostName = MxHosts[j];
755 #ifdef HOSTINFO
756 /* see if we have already determined that this host is fried */
757 st = stab(MxHosts[j], ST_HOST, ST_FIND);
758 if (st == NULL || st->s_host.ho_exitstat == EX_OK) {
759 if (j > 1)
760 message(Arpa_Info,
761 "Connecting to %s (%s)...",
762 MxHosts[j], m->m_name);
763 i = makeconnection(MxHosts[j], port, pmfile, prfile);
764 }
765 else
766 {
767 i = st->s_host.ho_exitstat;
768 errno = st->s_host.ho_errno;
769 }
770 #else HOSTINFO
771 i = makeconnection(MxHosts[j], port, pmfile, prfile);
772 #endif HOSTINFO
773 if (i != EX_OK)
774 {
775 #ifdef HOSTINFO
776 /* enter status of this host */
777 if (st == NULL)
778 st = stab(MxHosts[j], ST_HOST, ST_ENTER);
779 st->s_host.ho_exitstat = i;
780 st->s_host.ho_errno = errno;
781 #endif HOSTINFO
782 ExitStat = i;
783 continue;
784 }
785 else
786 return (0);
787 }
788 return (-1);
789 #else DAEMON
790 syserr("openmailer: no IPC");
791 return (-1);
792 #endif DAEMON
793 }
794
795 /* create a pipe to shove the mail through */
796 if (pipe(mpvect) < 0)
797 {
798 syserr("openmailer: pipe (to mailer)");
799 return (-1);
800 }
801
802 #ifdef SMTP
803 /* if this mailer speaks smtp, create a return pipe */
804 if (clever && pipe(rpvect) < 0)
805 {
806 syserr("openmailer: pipe (from mailer)");
807 (void) close(mpvect[0]);
808 (void) close(mpvect[1]);
809 return (-1);
810 }
811 #endif SMTP
812
813 /*
814 ** Actually fork the mailer process.
815 ** DOFORK is clever about retrying.
816 **
817 ** Dispose of SIGCHLD signal catchers that may be laying
818 ** around so that endmail will get it.
819 */
820
821 if (CurEnv->e_xfp != NULL)
822 (void) fflush(CurEnv->e_xfp); /* for debugging */
823 (void) fflush(stdout);
824 # ifdef SIGCHLD
825 (void) signal(SIGCHLD, SIG_DFL);
826 # endif SIGCHLD
827 DOFORK(XFORK);
828 /* pid is set by DOFORK */
829 if (pid < 0)
830 {
831 /* failure */
832 syserr("openmailer: cannot fork");
833 (void) close(mpvect[0]);
834 (void) close(mpvect[1]);
835 #ifdef SMTP
836 if (clever)
837 {
838 (void) close(rpvect[0]);
839 (void) close(rpvect[1]);
840 }
841 #endif SMTP
842 return (-1);
843 }
844 else if (pid == 0)
845 {
846 int i;
847 extern int DtableSize;
848
849 /* child -- set up input & exec mailer */
850 /* make diagnostic output be standard output */
851 (void) signal(SIGINT, SIG_IGN);
852 (void) signal(SIGHUP, SIG_IGN);
853 (void) signal(SIGTERM, SIG_DFL);
854
855 /* arrange to filter standard & diag output of command */
856 if (clever)
857 {
858 (void) close(rpvect[0]);
859 (void) close(1);
860 (void) dup(rpvect[1]);
861 (void) close(rpvect[1]);
862 }
863 else if (OpMode == MD_SMTP || HoldErrs)
864 {
865 /* put mailer output in transcript */
866 (void) close(1);
867 (void) dup(fileno(CurEnv->e_xfp));
868 }
869 (void) close(2);
870 (void) dup(1);
871
872 /* arrange to get standard input */
873 (void) close(mpvect[1]);
874 (void) close(0);
875 if (dup(mpvect[0]) < 0)
876 {
877 syserr("Cannot dup to zero!");
878 _exit(EX_OSERR);
879 }
880 (void) close(mpvect[0]);
881 if (!bitnset(M_RESTR, m->m_flags))
882 {
883 if (ctladdr == NULL || ctladdr->q_uid == 0)
884 {
885 (void) setgid(DefGid);
886 (void) initgroups(DefUser, DefGid);
887 (void) setuid(DefUid);
888 }
889 else
890 {
891 (void) setgid(ctladdr->q_gid);
892 (void) initgroups(ctladdr->q_ruser?
893 ctladdr->q_ruser: ctladdr->q_user,
894 ctladdr->q_gid);
895 (void) setuid(ctladdr->q_uid);
896 }
897 }
898
899 /* arrange for all the files to be closed */
900 for (i = 3; i < DtableSize; i++) {
901 register int j;
902 if ((j = fcntl(i, F_GETFD, 0)) != -1)
903 (void)fcntl(i, F_SETFD, j|1);
904 }
905
906 /* try to execute the mailer */
907 execve(m->m_mailer, pvp, UserEnviron);
908 syserr("Cannot exec %s", m->m_mailer);
909 if (m == LocalMailer)
910 _exit(EX_TEMPFAIL);
911 switch (errno)
912 {
913 case EIO:
914 case EAGAIN:
915 case ENOMEM:
916 # ifdef EPROCLIM
917 case EPROCLIM:
918 # endif
919 _exit(EX_TEMPFAIL);
920 }
921 _exit(EX_UNAVAILABLE);
922 }
923
924 /*
925 ** Set up return value.
926 */
927
928 (void) close(mpvect[0]);
929 mfile = fdopen(mpvect[1], "w");
930 if (clever)
931 {
932 (void) close(rpvect[1]);
933 rfile = fdopen(rpvect[0], "r");
934 } else
935 rfile = NULL;
936
937 *pmfile = mfile;
938 *prfile = rfile;
939
940 return (pid);
941 }
942 �/*
943 ** GIVERESPONSE -- Interpret an error response from a mailer
944 **
945 ** Parameters:
946 ** stat -- the status code from the mailer (high byte
947 ** only; core dumps must have been taken care of
948 ** already).
949 ** m -- the mailer descriptor for this mailer.
950 **
951 ** Returns:
952 ** none.
953 **
954 ** Side Effects:
955 ** Errors may be incremented.
956 ** ExitStat may be set.
957 */
958
959 giveresponse(stat, m, e)
960 int stat;
961 register MAILER *m;
962 ENVELOPE *e;
963 {
964 register char *statmsg;
965 extern char *SysExMsg[];
966 register int i;
967 extern int N_SysEx;
968 #ifdef NAMED_BIND
969 extern int h_errno;
970 #endif
971 char buf[MAXLINE];
972
973 #ifdef lint
974 if (m == NULL)
975 return;
976 #endif lint
977
978 /*
979 ** Compute status message from code.
980 */
981
982 i = stat - EX__BASE;
983 if (stat == 0)
984 statmsg = "250 Sent";
985 else if (i < 0 || i > N_SysEx)
986 {
987 (void) sprintf(buf, "554 unknown mailer error %d", stat);
988 stat = EX_UNAVAILABLE;
989 statmsg = buf;
990 }
991 else if (stat == EX_TEMPFAIL)
992 {
993 (void) strcpy(buf, SysExMsg[i]);
994 #ifdef NAMED_BIND
995 if (h_errno == TRY_AGAIN)
996 {
997 extern char *errstring();
998
999 statmsg = errstring(h_errno+MAX_ERRNO);
1000 }
1001 else
1002 #endif
1003 {
1004 if (errno != 0)
1005 {
1006 extern char *errstring();
1007
1008 statmsg = errstring(errno);
1009 }
1010 else
1011 {
1012 #ifdef SMTP
1013 extern char SmtpError[];
1014
1015 statmsg = SmtpError;
1016 #else SMTP
1017 statmsg = NULL;
1018 #endif SMTP
1019 }
1020 }
1021 if (statmsg != NULL && statmsg[0] != '\0')
1022 {
1023 (void) strcat(buf, ": ");
1024 (void) strcat(buf, statmsg);
1025 }
1026 statmsg = buf;
1027 }
1028 else
1029 {
1030 statmsg = SysExMsg[i];
1031 }
1032
1033 /*
1034 ** Print the message as appropriate
1035 */
1036
1037 if (stat == EX_OK || stat == EX_TEMPFAIL)
1038 message(Arpa_Info, &statmsg[4]);
1039 else
1040 {
1041 Errors++;
1042 usrerr(statmsg);
1043 }
1044
1045 /*
1046 ** Final cleanup.
1047 ** Log a record of the transaction. Compute the new
1048 ** ExitStat -- if we already had an error, stick with
1049 ** that.
1050 */
1051
1052 if (LogLevel > ((stat == 0 || stat == EX_TEMPFAIL) ? 3 : 2))
1053 logdelivery(&statmsg[4]);
1054
1055 if (stat != EX_TEMPFAIL)
1056 setstat(stat);
1057 if (stat != EX_OK)
1058 {
1059 if (e->e_message != NULL)
1060 free(e->e_message);
1061 e->e_message = newstr(&statmsg[4]);
1062 }
1063 errno = 0;
1064 #ifdef NAMED_BIND
1065 h_errno = 0;
1066 #endif
1067 }
1068 �/*
1069 ** LOGDELIVERY -- log the delivery in the system log
1070 **
1071 ** Parameters:
1072 ** stat -- the message to print for the status
1073 **
1074 ** Returns:
1075 ** none
1076 **
1077 ** Side Effects:
1078 ** none
1079 */
1080
1081 logdelivery(stat)
1082 char *stat;
1083 {
1084 extern char *pintvl();
1085
1086 # ifdef LOG
1087 syslog(LOG_INFO, "%s: to=%s, delay=%s, stat=%s", CurEnv->e_id,
1088 CurEnv->e_to, pintvl(curtime() - CurEnv->e_ctime, TRUE), stat);
1089 # endif LOG
1090 }
1091 �/*
1092 ** PUTFROMLINE -- output a UNIX-style from line (or whatever)
1093 **
1094 ** This can be made an arbitrary message separator by changing $l
1095 **
1096 ** One of the ugliest hacks seen by human eyes is contained herein:
1097 ** UUCP wants those stupid "remote from <host>" lines. Why oh why
1098 ** does a well-meaning programmer such as myself have to deal with
1099 ** this kind of antique garbage????
1100 **
1101 ** Parameters:
1102 ** fp -- the file to output to.
1103 ** m -- the mailer describing this entry.
1104 **
1105 ** Returns:
1106 ** none
1107 **
1108 ** Side Effects:
1109 ** outputs some text to fp.
1110 */
1111
1112 putfromline(fp, m)
1113 register FILE *fp;
1114 register MAILER *m;
1115 {
1116 char *template = "\001l\n";
1117 char buf[MAXLINE];
1118
1119 if (bitnset(M_NHDR, m->m_flags))
1120 return;
1121
1122 # ifdef UGLYUUCP
1123 if (bitnset(M_UGLYUUCP, m->m_flags))
1124 {
1125 char *bang;
1126 char xbuf[MAXLINE];
1127
1128 expand("\001g", buf, &buf[sizeof buf - 1], CurEnv);
1129 bang = index(buf, '!');
1130 if (bang == NULL)
1131 syserr("No ! in UUCP! (%s)", buf);
1132 else
1133 {
1134 *bang++ = '\0';
1135 (void) sprintf(xbuf, "From %s \001d remote from %s\n", bang, buf);
1136 template = xbuf;
1137 }
1138 }
1139 # endif UGLYUUCP
1140 expand(template, buf, &buf[sizeof buf - 1], CurEnv);
1141 putline(buf, fp, m);
1142 }
1143 �/*
1144 ** PUTBODY -- put the body of a message.
1145 **
1146 ** Parameters:
1147 ** fp -- file to output onto.
1148 ** m -- a mailer descriptor to control output format.
1149 ** e -- the envelope to put out.
1150 **
1151 ** Returns:
1152 ** none.
1153 **
1154 ** Side Effects:
1155 ** The message is written onto fp.
1156 */
1157
1158 putbody(fp, m, e)
1159 FILE *fp;
1160 MAILER *m;
1161 register ENVELOPE *e;
1162 {
1163 char buf[MAXLINE];
1164
1165 /*
1166 ** Output the body of the message
1167 */
1168
1169 if (e->e_dfp == NULL)
1170 {
1171 if (e->e_df != NULL)
1172 {
1173 e->e_dfp = fopen(e->e_df, "r");
1174 if (e->e_dfp == NULL)
1175 syserr("putbody: Cannot open %s for %s from %s",
1176 e->e_df, e->e_to, e->e_from);
1177 }
1178 else
1179 putline("<<< No Message Collected >>>", fp, m);
1180 }
1181 if (e->e_dfp != NULL)
1182 {
1183 rewind(e->e_dfp);
1184 while (!ferror(fp) && fgets(buf, sizeof buf, e->e_dfp) != NULL)
1185 {
1186 if (buf[0] == 'F' && bitnset(M_ESCFROM, m->m_flags) &&
1187 strncmp(buf, "From ", 5) == 0)
1188 (void) putc('>', fp);
1189 putline(buf, fp, m);
1190 }
1191
1192 if (ferror(e->e_dfp))
1193 {
1194 syserr("putbody: read error");
1195 ExitStat = EX_IOERR;
1196 }
1197 }
1198
1199 (void) fflush(fp);
1200 if (ferror(fp) && errno != EPIPE)
1201 {
1202 syserr("putbody: write error");
1203 ExitStat = EX_IOERR;
1204 }
1205 errno = 0;
1206 }
1207 �/*
1208 ** MAILFILE -- Send a message to a file.
1209 **
1210 ** If the file has the setuid/setgid bits set, but NO execute
1211 ** bits, sendmail will try to become the owner of that file
1212 ** rather than the real user. Obviously, this only works if
1213 ** sendmail runs as root.
1214 **
1215 ** This could be done as a subordinate mailer, except that it
1216 ** is used implicitly to save messages in ~/dead.letter. We
1217 ** view this as being sufficiently important as to include it
1218 ** here. For example, if the system is dying, we shouldn't have
1219 ** to create another process plus some pipes to save the message.
1220 **
1221 ** Parameters:
1222 ** filename -- the name of the file to send to.
1223 ** ctladdr -- the controlling address header -- includes
1224 ** the userid/groupid to be when sending.
1225 **
1226 ** Returns:
1227 ** The exit code associated with the operation.
1228 **
1229 ** Side Effects:
1230 ** none.
1231 */
1232
1233 mailfile(filename, ctladdr)
1234 char *filename;
1235 ADDRESS *ctladdr;
1236 {
1237 register FILE *f;
1238 register int pid;
1239 ENVELOPE *e = CurEnv;
1240
1241 /*
1242 ** Fork so we can change permissions here.
1243 ** Note that we MUST use fork, not vfork, because of
1244 ** the complications of calling subroutines, etc.
1245 */
1246
1247 DOFORK(fork);
1248
1249 if (pid < 0)
1250 return (EX_OSERR);
1251 else if (pid == 0)
1252 {
1253 /* child -- actually write to file */
1254 struct stat stb;
1255
1256 (void) signal(SIGINT, SIG_DFL);
1257 (void) signal(SIGHUP, SIG_DFL);
1258 (void) signal(SIGTERM, SIG_DFL);
1259 (void) umask(OldUmask);
1260 if (stat(filename, &stb) < 0)
1261 {
1262 errno = 0;
1263 stb.st_mode = 0666;
1264 }
1265 if (bitset(0111, stb.st_mode))
1266 exit(EX_CANTCREAT);
1267 if (ctladdr == NULL)
1268 ctladdr = &e->e_from;
1269 /* we have to open the dfile BEFORE setuid */
1270 if (e->e_dfp == NULL && e->e_df != NULL)
1271 {
1272 e->e_dfp = fopen(e->e_df, "r");
1273 if (e->e_dfp == NULL) {
1274 syserr("mailfile: Cannot open %s for %s from %s",
1275 e->e_df, e->e_to, e->e_from);
1276 }
1277 }
1278
1279 if (!bitset(S_ISGID, stb.st_mode) || setgid(stb.st_gid) < 0)
1280 {
1281 if (ctladdr->q_uid == 0) {
1282 (void) setgid(DefGid);
1283 (void) initgroups(DefUser, DefGid);
1284 } else {
1285 (void) setgid(ctladdr->q_gid);
1286 (void) initgroups(ctladdr->q_ruser?
1287 ctladdr->q_ruser: ctladdr->q_user,
1288 ctladdr->q_gid);
1289 }
1290 }
1291 if (!bitset(S_ISUID, stb.st_mode) || setuid(stb.st_uid) < 0)
1292 {
1293 if (ctladdr->q_uid == 0)
1294 (void) setuid(DefUid);
1295 else
1296 (void) setuid(ctladdr->q_uid);
1297 }
1298 f = dfopen(filename, "a");
1299 if (f == NULL)
1300 exit(EX_CANTCREAT);
1301
1302 putfromline(f, ProgMailer);
1303 (*CurEnv->e_puthdr)(f, ProgMailer, CurEnv);
1304 putline("\n", f, ProgMailer);
1305 (*CurEnv->e_putbody)(f, ProgMailer, CurEnv);
1306 putline("\n", f, ProgMailer);
1307 (void) fclose(f);
1308 (void) fflush(stdout);
1309
1310 /* reset ISUID & ISGID bits for paranoid systems */
1311 (void) chmod(filename, (int) stb.st_mode);
1312 exit(EX_OK);
1313 /*NOTREACHED*/
1314 }
1315 else
1316 {
1317 /* parent -- wait for exit status */
1318 int st;
1319
1320 st = waitfor(pid);
1321 if ((st & 0377) != 0)
1322 return (EX_UNAVAILABLE);
1323 else
1324 return ((st >> 8) & 0377);
1325 /*NOTREACHED*/
1326 }
1327 }
1328 �/*
1329 ** SENDALL -- actually send all the messages.
1330 **
1331 ** Parameters:
1332 ** e -- the envelope to send.
1333 ** mode -- the delivery mode to use. If SM_DEFAULT, use
1334 ** the current SendMode.
1335 **
1336 ** Returns:
1337 ** none.
1338 **
1339 ** Side Effects:
1340 ** Scans the send lists and sends everything it finds.
1341 ** Delivers any appropriate error messages.
1342 ** If we are running in a non-interactive mode, takes the
1343 ** appropriate action.
1344 */
1345
1346 sendall(e, mode)
1347 ENVELOPE *e;
1348 char mode;
1349 {
1350 register ADDRESS *q;
1351 bool oldverbose;
1352 int pid;
1353 int nsent;
1354 FILE *lockfp = NULL, *queueup();
1355
1356 /* determine actual delivery mode */
1357 if (mode == SM_DEFAULT)
1358 {
1359 extern bool shouldqueue();
1360
1361 if (shouldqueue(e->e_msgpriority))
1362 mode = SM_QUEUE;
1363 else
1364 mode = SendMode;
1365 }
1366
1367 if (tTd(13, 1))
1368 {
1369 printf("\nSENDALL: mode %c, sendqueue:\n", mode);
1370 printaddr(e->e_sendqueue, TRUE);
1371 }
1372
1373 /*
1374 ** Do any preprocessing necessary for the mode we are running.
1375 ** Check to make sure the hop count is reasonable.
1376 ** Delete sends to the sender in mailing lists.
1377 */
1378
1379 CurEnv = e;
1380
1381 if (e->e_hopcount > MaxHopCount)
1382 {
1383 errno = 0;
1384 syserr("sendall: too many hops %d (%d max): from %s, to %s",
1385 e->e_hopcount, MaxHopCount, e->e_from, e->e_to);
1386 return;
1387 }
1388
1389 if (!MeToo)
1390 {
1391 extern ADDRESS *recipient();
1392
1393 e->e_from.q_flags |= QDONTSEND;
1394 (void) recipient(&e->e_from, &e->e_sendqueue);
1395 }
1396
1397 # ifdef QUEUE
1398 if ((mode == SM_QUEUE || mode == SM_FORK ||
1399 (mode != SM_VERIFY && SuperSafe)) &&
1400 !bitset(EF_INQUEUE, e->e_flags))
1401 lockfp = queueup(e, TRUE, mode == SM_QUEUE);
1402 #endif QUEUE
1403
1404 oldverbose = Verbose;
1405 switch (mode)
1406 {
1407 case SM_VERIFY:
1408 Verbose = TRUE;
1409 break;
1410
1411 case SM_QUEUE:
1412 e->e_flags |= EF_INQUEUE|EF_KEEPQUEUE;
1413 return;
1414
1415 case SM_FORK:
1416 if (e->e_xfp != NULL)
1417 (void) fflush(e->e_xfp);
1418 pid = fork();
1419 if (pid < 0)
1420 {
1421 mode = SM_DELIVER;
1422 break;
1423 }
1424 else if (pid > 0)
1425 {
1426 /* be sure we leave the temp files to our child */
1427 e->e_id = e->e_df = NULL;
1428 if (lockfp != NULL)
1429 (void) fclose(lockfp);
1430 return;
1431 }
1432
1433 /* double fork to avoid zombies */
1434 if (fork() > 0)
1435 exit(EX_OK);
1436
1437 /* be sure we are immune from the terminal */
1438 disconnect(FALSE);
1439
1440 break;
1441 }
1442
1443 /*
1444 ** Run through the list and send everything.
1445 */
1446
1447 nsent = 0;
1448 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1449 {
1450 if (mode == SM_VERIFY)
1451 {
1452 e->e_to = q->q_paddr;
1453 if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
1454 message(Arpa_Info, "deliverable");
1455 }
1456 else if (!bitset(QDONTSEND, q->q_flags))
1457 {
1458 # ifdef QUEUE
1459 /*
1460 ** Checkpoint the send list every few addresses
1461 */
1462
1463 if (nsent >= CheckpointInterval)
1464 {
1465 FILE *nlockfp;
1466
1467 nlockfp = queueup(e, TRUE, FALSE);
1468 if (lockfp != NULL)
1469 fclose(lockfp);
1470 lockfp = nlockfp;
1471 nsent = 0;
1472 }
1473 # endif /* QUEUE */
1474 if (deliver(e, q) == EX_OK)
1475 nsent++;
1476 }
1477 }
1478 Verbose = oldverbose;
1479
1480 /*
1481 ** Now run through and check for errors.
1482 */
1483
1484 if (mode == SM_VERIFY) {
1485 if (lockfp != NULL)
1486 (void) fclose(lockfp);
1487 return;
1488 }
1489
1490 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1491 {
1492 register ADDRESS *qq;
1493
1494 if (tTd(13, 3))
1495 {
1496 printf("Checking ");
1497 printaddr(q, FALSE);
1498 }
1499
1500 /* only send errors if the message failed */
1501 if (!bitset(QBADADDR, q->q_flags))
1502 continue;
1503
1504 /* we have an address that failed -- find the parent */
1505 for (qq = q; qq != NULL; qq = qq->q_alias)
1506 {
1507 char obuf[MAXNAME + 6];
1508 extern char *aliaslookup();
1509
1510 /* we can only have owners for local addresses */
1511 if (!bitnset(M_LOCAL, qq->q_mailer->m_flags))
1512 continue;
1513
1514 /* see if the owner list exists */
1515 (void) strcpy(obuf, "owner-");
1516 if (strncmp(qq->q_user, "owner-", 6) == 0)
1517 (void) strcat(obuf, "owner");
1518 else
1519 (void) strcat(obuf, qq->q_user);
1520 makelower(obuf);
1521 if (aliaslookup(obuf) == NULL)
1522 continue;
1523
1524 if (tTd(13, 4))
1525 printf("Errors to %s\n", obuf);
1526
1527 /* owner list exists -- add it to the error queue */
1528 sendtolist(obuf, (ADDRESS *) NULL, &e->e_errorqueue);
1529 ErrorMode = EM_MAIL;
1530 break;
1531 }
1532
1533 /* if we did not find an owner, send to the sender */
1534 if (qq == NULL && bitset(QBADADDR, q->q_flags))
1535 sendtolist(e->e_from.q_paddr, qq, &e->e_errorqueue);
1536 }
1537
1538 /* this removes the lock on the file */
1539 if (lockfp != NULL)
1540 (void) fclose(lockfp);
1541
1542 if (mode == SM_FORK)
1543 finis();
1544 }
1545