1 /*
2 * Copyright (c) 1983 Eric P. Allman
3 * Copyright (c) 1988 Regents of the University of California.
4 * All rights reserved.
5 *
6 * %sccs.include.redist.c%
7 */
8
9 #ifndef lint
10 static char sccsid[] = "@(#)deliver.c 5.49 (Berkeley) 12/14/91";
11 #endif /* not lint */
12
13 #include "sendmail.h"
14 #include <sys/signal.h>
15 #include <sys/stat.h>
16 #include <netdb.h>
17 #include <fcntl.h>
18 #include <errno.h>
19 #ifdef NAMED_BIND
20 #include <sys/param.h>
21 #include <arpa/nameser.h>
22 #include <resolv.h>
23 #endif
24 #ifdef LOCKF
25 #include <unistd.h>
26 #endif
27
28 /*
29 ** DELIVER -- Deliver a message to a list of addresses.
30 **
31 ** This routine delivers to everyone on the same host as the
32 ** user on the head of the list. It is clever about mailers
33 ** that don't handle multiple users. It is NOT guaranteed
34 ** that it will deliver to all these addresses however -- so
35 ** deliver should be called once for each address on the
36 ** list.
37 **
38 ** Parameters:
39 ** e -- the envelope to deliver.
40 ** firstto -- head of the address list to deliver to.
41 **
42 ** Returns:
43 ** zero -- successfully delivered.
44 ** else -- some failure, see ExitStat for more info.
45 **
46 ** Side Effects:
47 ** The standard input is passed off to someone.
48 */
49
50 deliver(e, firstto)
51 register ENVELOPE *e;
52 ADDRESS *firstto;
53 {
54 char *host; /* host being sent to */
55 char *user; /* user being sent to */
56 char **pvp;
57 register char **mvp;
58 register char *p;
59 register MAILER *m; /* mailer for this recipient */
60 ADDRESS *ctladdr;
61 register ADDRESS *to = firstto;
62 bool clever = FALSE; /* running user smtp to this mailer */
63 ADDRESS *tochain = NULL; /* chain of users in this mailer call */
64 int rcode; /* response code */
65 char *pv[MAXPV+1];
66 char tobuf[MAXLINE-50]; /* text line of to people */
67 char buf[MAXNAME];
68 char tfrombuf[MAXNAME]; /* translated from person */
69 extern bool checkcompat();
70 extern ADDRESS *getctladdr();
71 extern char *remotename();
72
73 errno = 0;
74 if (bitset(QDONTSEND, to->q_flags))
75 return (0);
76
77 #ifdef NAMED_BIND
78 /* unless interactive, try twice, over a minute */
79 if (OpMode == MD_DAEMON || OpMode == MD_SMTP) {
80 _res.retrans = 30;
81 _res.retry = 2;
82 }
83 #endif
84
85 m = to->q_mailer;
86 host = to->q_host;
87
88 if (tTd(10, 1))
89 printf("\n--deliver, mailer=%d, host=`%s', first user=`%s'\n",
90 m->m_mno, host, to->q_user);
91
92 /*
93 ** If this mailer is expensive, and if we don't want to make
94 ** connections now, just mark these addresses and return.
95 ** This is useful if we want to batch connections to
96 ** reduce load. This will cause the messages to be
97 ** queued up, and a daemon will come along to send the
98 ** messages later.
99 ** This should be on a per-mailer basis.
100 */
101
102 if (NoConnect && !QueueRun && bitnset(M_EXPENSIVE, m->m_flags) &&
103 !Verbose)
104 {
105 for (; to != NULL; to = to->q_next)
106 {
107 if (bitset(QDONTSEND, to->q_flags) || to->q_mailer != m)
108 continue;
109 to->q_flags |= QQUEUEUP|QDONTSEND;
110 e->e_to = to->q_paddr;
111 message(Arpa_Info, "queued");
112 if (LogLevel > 4)
113 logdelivery("queued");
114 }
115 e->e_to = NULL;
116 return (0);
117 }
118
119 /*
120 ** Do initial argv setup.
121 ** Insert the mailer name. Notice that $x expansion is
122 ** NOT done on the mailer name. Then, if the mailer has
123 ** a picky -f flag, we insert it as appropriate. This
124 ** code does not check for 'pv' overflow; this places a
125 ** manifest lower limit of 4 for MAXPV.
126 ** The from address rewrite is expected to make
127 ** the address relative to the other end.
128 */
129
130 /* rewrite from address, using rewriting rules */
131 expand("\001f", buf, &buf[sizeof buf - 1], e);
132 (void) strcpy(tfrombuf, remotename(buf, m, TRUE, TRUE));
133
134 define('g', tfrombuf, e); /* translated sender address */
135 define('h', host, e); /* to host */
136 Errors = 0;
137 pvp = pv;
138 *pvp++ = m->m_argv[0];
139
140 /* insert -f or -r flag as appropriate */
141 if (FromFlag && (bitnset(M_FOPT, m->m_flags) || bitnset(M_ROPT, m->m_flags)))
142 {
143 if (bitnset(M_FOPT, m->m_flags))
144 *pvp++ = "-f";
145 else
146 *pvp++ = "-r";
147 expand("\001g", buf, &buf[sizeof buf - 1], e);
148 *pvp++ = newstr(buf);
149 }
150
151 /*
152 ** Append the other fixed parts of the argv. These run
153 ** up to the first entry containing "$u". There can only
154 ** be one of these, and there are only a few more slots
155 ** in the pv after it.
156 */
157
158 for (mvp = m->m_argv; (p = *++mvp) != NULL; )
159 {
160 while ((p = index(p, '\001')) != NULL)
161 if (*++p == 'u')
162 break;
163 if (p != NULL)
164 break;
165
166 /* this entry is safe -- go ahead and process it */
167 expand(*mvp, buf, &buf[sizeof buf - 1], e);
168 *pvp++ = newstr(buf);
169 if (pvp >= &pv[MAXPV - 3])
170 {
171 syserr("Too many parameters to %s before $u", pv[0]);
172 return (-1);
173 }
174 }
175
176 /*
177 ** If we have no substitution for the user name in the argument
178 ** list, we know that we must supply the names otherwise -- and
179 ** SMTP is the answer!!
180 */
181
182 if (*mvp == NULL)
183 {
184 /* running SMTP */
185 # ifdef SMTP
186 clever = TRUE;
187 *pvp = NULL;
188 # else SMTP
189 /* oops! we don't implement SMTP */
190 syserr("SMTP style mailer");
191 return (EX_SOFTWARE);
192 # endif SMTP
193 }
194
195 /*
196 ** At this point *mvp points to the argument with $u. We
197 ** run through our address list and append all the addresses
198 ** we can. If we run out of space, do not fret! We can
199 ** always send another copy later.
200 */
201
202 tobuf[0] = '\0';
203 e->e_to = tobuf;
204 ctladdr = NULL;
205 for (; to != NULL; to = to->q_next)
206 {
207 /* avoid sending multiple recipients to dumb mailers */
208 if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags))
209 break;
210
211 /* if already sent or not for this host, don't send */
212 if (bitset(QDONTSEND, to->q_flags) ||
213 strcmp(to->q_host, host) != 0 ||
214 to->q_mailer != firstto->q_mailer)
215 continue;
216
217 /* avoid overflowing tobuf */
218 if (sizeof tobuf < (strlen(to->q_paddr) + strlen(tobuf) + 2))
219 break;
220
221 if (tTd(10, 1))
222 {
223 printf("\nsend to ");
224 printaddr(to, FALSE);
225 }
226
227 /* compute effective uid/gid when sending */
228 if (to->q_mailer == ProgMailer)
229 ctladdr = getctladdr(to);
230
231 user = to->q_user;
232 e->e_to = to->q_paddr;
233 to->q_flags |= QDONTSEND;
234
235 /*
236 ** Check to see that these people are allowed to
237 ** talk to each other.
238 */
239
240 if (m->m_maxsize != 0 && e->e_msgsize > m->m_maxsize)
241 {
242 NoReturn = TRUE;
243 usrerr("Message is too large; %ld bytes max", m->m_maxsize);
244 giveresponse(EX_UNAVAILABLE, m, e);
245 continue;
246 }
247 if (!checkcompat(to))
248 {
249 giveresponse(EX_UNAVAILABLE, m, e);
250 continue;
251 }
252
253 /*
254 ** Strip quote bits from names if the mailer is dumb
255 ** about them.
256 */
257
258 if (bitnset(M_STRIPQ, m->m_flags))
259 {
260 stripquotes(user, TRUE);
261 stripquotes(host, TRUE);
262 }
263 else
264 {
265 stripquotes(user, FALSE);
266 stripquotes(host, FALSE);
267 }
268
269 /* hack attack -- delivermail compatibility */
270 if (m == ProgMailer && *user == '|')
271 user++;
272
273 /*
274 ** If an error message has already been given, don't
275 ** bother to send to this address.
276 **
277 ** >>>>>>>>>> This clause assumes that the local mailer
278 ** >> NOTE >> cannot do any further aliasing; that
279 ** >>>>>>>>>> function is subsumed by sendmail.
280 */
281
282 if (bitset(QBADADDR|QQUEUEUP, to->q_flags))
283 continue;
284
285 /* save statistics.... */
286 markstats(e, to);
287
288 /*
289 ** See if this user name is "special".
290 ** If the user name has a slash in it, assume that this
291 ** is a file -- send it off without further ado. Note
292 ** that this type of addresses is not processed along
293 ** with the others, so we fudge on the To person.
294 */
295
296 if (m == LocalMailer)
297 {
298 if (user[0] == '/')
299 {
300 rcode = mailfile(user, getctladdr(to));
301 giveresponse(rcode, m, e);
302 if (rcode == EX_OK)
303 to->q_flags |= QSENT;
304 continue;
305 }
306 }
307
308 /*
309 ** Address is verified -- add this user to mailer
310 ** argv, and add it to the print list of recipients.
311 */
312
313 /* link together the chain of recipients */
314 to->q_tchain = tochain;
315 tochain = to;
316
317 /* create list of users for error messages */
318 (void) strcat(tobuf, ",");
319 (void) strcat(tobuf, to->q_paddr);
320 define('u', user, e); /* to user */
321 define('z', to->q_home, e); /* user's home */
322
323 /*
324 ** Expand out this user into argument list.
325 */
326
327 if (!clever)
328 {
329 expand(*mvp, buf, &buf[sizeof buf - 1], e);
330 *pvp++ = newstr(buf);
331 if (pvp >= &pv[MAXPV - 2])
332 {
333 /* allow some space for trailing parms */
334 break;
335 }
336 }
337 }
338
339 /* see if any addresses still exist */
340 if (tobuf[0] == '\0')
341 {
342 define('g', (char *) NULL, e);
343 return (0);
344 }
345
346 /* print out messages as full list */
347 e->e_to = tobuf + 1;
348
349 /*
350 ** Fill out any parameters after the $u parameter.
351 */
352
353 while (!clever && *++mvp != NULL)
354 {
355 expand(*mvp, buf, &buf[sizeof buf - 1], e);
356 *pvp++ = newstr(buf);
357 if (pvp >= &pv[MAXPV])
358 syserr("deliver: pv overflow after $u for %s", pv[0]);
359 }
360 *pvp++ = NULL;
361
362 /*
363 ** Call the mailer.
364 ** The argument vector gets built, pipes
365 ** are created as necessary, and we fork & exec as
366 ** appropriate.
367 ** If we are running SMTP, we just need to clean up.
368 */
369
370 if (ctladdr == NULL)
371 ctladdr = &e->e_from;
372 #ifdef NAMED_BIND
373 if (ConfigLevel < 2)
374 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
375 #endif
376 #ifdef SMTP
377 if (clever)
378 {
379 rcode = EX_OK;
380 #ifdef NAMED_BIND
381 if (host[0] && host[0] != '[')
382 {
383 expand("\001j", buf, &buf[sizeof(buf) - 1], e);
384 Nmx = getmxrr(host, MxHosts, buf, &rcode);
385 }
386 else
387 #endif
388 {
389 Nmx = 1;
390 MxHosts[0] = host;
391 }
392 if (Nmx >= 0)
393 {
394 message(Arpa_Info, "Connecting to %s (%s)...",
395 MxHosts[0], m->m_name);
396 if ((rcode = smtpinit(m, pv)) == EX_OK) {
397 register char *t = tobuf;
398 register int i;
399
400 /* send the recipient list */
401 tobuf[0] = '\0';
402 for (to = tochain; to; to = to->q_tchain) {
403 e->e_to = to->q_paddr;
404 if ((i = smtprcpt(to, m)) != EX_OK) {
405 markfailure(e, to, i);
406 giveresponse(i, m, e);
407 }
408 else {
409 *t++ = ',';
410 for (p = to->q_paddr; *p; *t++ = *p++);
411 }
412 }
413
414 /* now send the data */
415 if (tobuf[0] == '\0')
416 e->e_to = NULL;
417 else {
418 e->e_to = tobuf + 1;
419 rcode = smtpdata(m, e);
420 }
421
422 /* now close the connection */
423 smtpquit(m);
424 }
425 }
426 }
427 else
428 #endif /* SMTP */
429 {
430 static int sendoff();
431
432 message(Arpa_Info, "Connecting to %s (%s)...", host, m->m_name);
433 rcode = sendoff(e, m, pv, ctladdr);
434 }
435 #ifdef NAMED_BIND
436 if (ConfigLevel < 2)
437 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */
438 #endif
439
440 /*
441 ** Do final status disposal.
442 ** We check for something in tobuf for the SMTP case.
443 ** If we got a temporary failure, arrange to queue the
444 ** addressees.
445 */
446
447 if (tobuf[0] != '\0')
448 giveresponse(rcode, m, e);
449 for (to = tochain; to != NULL; to = to->q_tchain)
450 if (rcode != EX_OK)
451 markfailure(e, to, rcode);
452 else
453 to->q_flags |= QSENT;
454
455 errno = 0;
456 define('g', (char *) NULL, e);
457 return (rcode);
458 }
459 �/*
460 ** MARKFAILURE -- mark a failure on a specific address.
461 **
462 ** Parameters:
463 ** e -- the envelope we are sending.
464 ** q -- the address to mark.
465 ** rcode -- the code signifying the particular failure.
466 **
467 ** Returns:
468 ** none.
469 **
470 ** Side Effects:
471 ** marks the address (and possibly the envelope) with the
472 ** failure so that an error will be returned or
473 ** the message will be queued, as appropriate.
474 */
475
476 markfailure(e, q, rcode)
477 register ENVELOPE *e;
478 register ADDRESS *q;
479 int rcode;
480 {
481 if (rcode == EX_OK)
482 return;
483 else if (rcode != EX_TEMPFAIL && rcode != EX_IOERR && rcode != EX_OSERR)
484 q->q_flags |= QBADADDR;
485 else if (curtime() > e->e_ctime + TimeOut)
486 {
487 extern char *pintvl();
488 char buf[MAXLINE];
489
490 if (!bitset(EF_TIMEOUT, e->e_flags))
491 {
492 (void) sprintf(buf, "Cannot send message for %s",
493 pintvl(TimeOut, FALSE));
494 if (e->e_message != NULL)
495 free(e->e_message);
496 e->e_message = newstr(buf);
497 message(Arpa_Info, buf);
498 }
499 q->q_flags |= QBADADDR;
500 e->e_flags |= EF_TIMEOUT;
501 }
502 else
503 q->q_flags |= QQUEUEUP;
504 }
505 �/*
506 ** DOFORK -- do a fork, retrying a couple of times on failure.
507 **
508 ** This MUST be a macro, since after a vfork we are running
509 ** two processes on the same stack!!!
510 **
511 ** Parameters:
512 ** none.
513 **
514 ** Returns:
515 ** From a macro??? You've got to be kidding!
516 **
517 ** Side Effects:
518 ** Modifies the ==> LOCAL <== variable 'pid', leaving:
519 ** pid of child in parent, zero in child.
520 ** -1 on unrecoverable error.
521 **
522 ** Notes:
523 ** I'm awfully sorry this looks so awful. That's
524 ** vfork for you.....
525 */
526
527 # define NFORKTRIES 5
528 # ifdef VMUNIX
529 # define XFORK vfork
530 # else VMUNIX
531 # define XFORK fork
532 # endif VMUNIX
533
534 # define DOFORK(fORKfN) \
535 {\
536 register int i;\
537 \
538 for (i = NFORKTRIES; --i >= 0; )\
539 {\
540 pid = fORKfN();\
541 if (pid >= 0)\
542 break;\
543 if (i > 0)\
544 sleep((unsigned) NFORKTRIES - i);\
545 }\
546 }
547 �/*
548 ** DOFORK -- simple fork interface to DOFORK.
549 **
550 ** Parameters:
551 ** none.
552 **
553 ** Returns:
554 ** pid of child in parent.
555 ** zero in child.
556 ** -1 on error.
557 **
558 ** Side Effects:
559 ** returns twice, once in parent and once in child.
560 */
561
562 dofork()
563 {
564 register int pid;
565
566 DOFORK(fork);
567 return (pid);
568 }
569 �/*
570 ** SENDOFF -- send off call to mailer & collect response.
571 **
572 ** Parameters:
573 ** e -- the envelope to mail.
574 ** m -- mailer descriptor.
575 ** pvp -- parameter vector to send to it.
576 ** ctladdr -- an address pointer controlling the
577 ** user/groupid etc. of the mailer.
578 **
579 ** Returns:
580 ** exit status of mailer.
581 **
582 ** Side Effects:
583 ** none.
584 */
585 static
586 sendoff(e, m, pvp, ctladdr)
587 register ENVELOPE *e;
588 MAILER *m;
589 char **pvp;
590 ADDRESS *ctladdr;
591 {
592 auto FILE *mfile;
593 auto FILE *rfile;
594 register int i;
595 int pid;
596
597 /*
598 ** Create connection to mailer.
599 */
600
601 pid = openmailer(m, pvp, ctladdr, FALSE, &mfile, &rfile);
602 if (pid < 0)
603 return (-1);
604
605 /*
606 ** Format and send message.
607 */
608
609 putfromline(mfile, m);
610 (*e->e_puthdr)(mfile, m, e);
611 putline("\n", mfile, m);
612 (*e->e_putbody)(mfile, m, e);
613 (void) fclose(mfile);
614 if (rfile != NULL)
615 (void) fclose(rfile);
616
617 i = endmailer(pid, pvp[0]);
618
619 /* arrange a return receipt if requested */
620 if (e->e_receiptto != NULL && bitnset(M_LOCAL, m->m_flags))
621 {
622 e->e_flags |= EF_SENDRECEIPT;
623 /* do we want to send back more info? */
624 }
625
626 return (i);
627 }
628 �/*
629 ** ENDMAILER -- Wait for mailer to terminate.
630 **
631 ** We should never get fatal errors (e.g., segmentation
632 ** violation), so we report those specially. For other
633 ** errors, we choose a status message (into statmsg),
634 ** and if it represents an error, we print it.
635 **
636 ** Parameters:
637 ** pid -- pid of mailer.
638 ** name -- name of mailer (for error messages).
639 **
640 ** Returns:
641 ** exit code of mailer.
642 **
643 ** Side Effects:
644 ** none.
645 */
646
647 endmailer(pid, name)
648 int pid;
649 char *name;
650 {
651 int st;
652
653 /* in the IPC case there is nothing to wait for */
654 if (pid == 0)
655 return (EX_OK);
656
657 /* wait for the mailer process to die and collect status */
658 st = waitfor(pid);
659 if (st == -1)
660 {
661 syserr("endmailer %s: wait", name);
662 return (EX_SOFTWARE);
663 }
664
665 /* see if it died a horrid death */
666 if ((st & 0377) != 0)
667 {
668 syserr("mailer %s died with signal %o", name, st);
669 ExitStat = EX_TEMPFAIL;
670 return (EX_TEMPFAIL);
671 }
672
673 /* normal death -- return status */
674 st = (st >> 8) & 0377;
675 return (st);
676 }
677 �/*
678 ** OPENMAILER -- open connection to mailer.
679 **
680 ** Parameters:
681 ** m -- mailer descriptor.
682 ** pvp -- parameter vector to pass to mailer.
683 ** ctladdr -- controlling address for user.
684 ** clever -- create a full duplex connection.
685 ** pmfile -- pointer to mfile (to mailer) connection.
686 ** prfile -- pointer to rfile (from mailer) connection.
687 **
688 ** Returns:
689 ** pid of mailer ( > 0 ).
690 ** -1 on error.
691 ** zero on an IPC connection.
692 **
693 ** Side Effects:
694 ** creates a mailer in a subprocess.
695 */
696
697 openmailer(m, pvp, ctladdr, clever, pmfile, prfile)
698 MAILER *m;
699 char **pvp;
700 ADDRESS *ctladdr;
701 bool clever;
702 FILE **pmfile;
703 FILE **prfile;
704 {
705 int pid;
706 int mpvect[2];
707 int rpvect[2];
708 FILE *mfile = NULL;
709 FILE *rfile = NULL;
710 extern FILE *fdopen();
711
712 if (tTd(11, 1))
713 {
714 printf("openmailer:");
715 printav(pvp);
716 }
717 errno = 0;
718
719 CurHostName = m->m_mailer;
720
721 /*
722 ** Deal with the special case of mail handled through an IPC
723 ** connection.
724 ** In this case we don't actually fork. We must be
725 ** running SMTP for this to work. We will return a
726 ** zero pid to indicate that we are running IPC.
727 ** We also handle a debug version that just talks to stdin/out.
728 */
729
730 /* check for Local Person Communication -- not for mortals!!! */
731 if (strcmp(m->m_mailer, "[LPC]") == 0)
732 {
733 *pmfile = stdout;
734 *prfile = stdin;
735 return (0);
736 }
737
738 if (strcmp(m->m_mailer, "[IPC]") == 0)
739 {
740 #ifdef HOSTINFO
741 register STAB *st;
742 extern STAB *stab();
743 #endif HOSTINFO
744 #ifdef DAEMON
745 register int i, j;
746 register u_short port;
747
748 CurHostName = pvp[1];
749 if (!clever)
750 syserr("non-clever IPC");
751 if (pvp[2] != NULL)
752 port = atoi(pvp[2]);
753 else
754 port = 0;
755 for (j = 0; j < Nmx; j++)
756 {
757 CurHostName = MxHosts[j];
758 #ifdef HOSTINFO
759 /* see if we have already determined that this host is fried */
760 st = stab(MxHosts[j], ST_HOST, ST_FIND);
761 if (st == NULL || st->s_host.ho_exitstat == EX_OK) {
762 if (j > 1)
763 message(Arpa_Info,
764 "Connecting to %s (%s)...",
765 MxHosts[j], m->m_name);
766 i = makeconnection(MxHosts[j], port, pmfile, prfile);
767 }
768 else
769 {
770 i = st->s_host.ho_exitstat;
771 errno = st->s_host.ho_errno;
772 }
773 #else HOSTINFO
774 i = makeconnection(MxHosts[j], port, pmfile, prfile);
775 #endif HOSTINFO
776 if (i != EX_OK)
777 {
778 #ifdef HOSTINFO
779 /* enter status of this host */
780 if (st == NULL)
781 st = stab(MxHosts[j], ST_HOST, ST_ENTER);
782 st->s_host.ho_exitstat = i;
783 st->s_host.ho_errno = errno;
784 #endif HOSTINFO
785 ExitStat = i;
786 continue;
787 }
788 else
789 return (0);
790 }
791 return (-1);
792 #else DAEMON
793 syserr("openmailer: no IPC");
794 return (-1);
795 #endif DAEMON
796 }
797
798 /* create a pipe to shove the mail through */
799 if (pipe(mpvect) < 0)
800 {
801 syserr("openmailer: pipe (to mailer)");
802 return (-1);
803 }
804
805 #ifdef SMTP
806 /* if this mailer speaks smtp, create a return pipe */
807 if (clever && pipe(rpvect) < 0)
808 {
809 syserr("openmailer: pipe (from mailer)");
810 (void) close(mpvect[0]);
811 (void) close(mpvect[1]);
812 return (-1);
813 }
814 #endif SMTP
815
816 /*
817 ** Actually fork the mailer process.
818 ** DOFORK is clever about retrying.
819 **
820 ** Dispose of SIGCHLD signal catchers that may be laying
821 ** around so that endmail will get it.
822 */
823
824 if (CurEnv->e_xfp != NULL)
825 (void) fflush(CurEnv->e_xfp); /* for debugging */
826 (void) fflush(stdout);
827 # ifdef SIGCHLD
828 (void) signal(SIGCHLD, SIG_DFL);
829 # endif SIGCHLD
830 DOFORK(XFORK);
831 /* pid is set by DOFORK */
832 if (pid < 0)
833 {
834 /* failure */
835 syserr("openmailer: cannot fork");
836 (void) close(mpvect[0]);
837 (void) close(mpvect[1]);
838 #ifdef SMTP
839 if (clever)
840 {
841 (void) close(rpvect[0]);
842 (void) close(rpvect[1]);
843 }
844 #endif SMTP
845 return (-1);
846 }
847 else if (pid == 0)
848 {
849 int i;
850 extern int DtableSize;
851
852 /* child -- set up input & exec mailer */
853 /* make diagnostic output be standard output */
854 (void) signal(SIGINT, SIG_IGN);
855 (void) signal(SIGHUP, SIG_IGN);
856 (void) signal(SIGTERM, SIG_DFL);
857
858 /* arrange to filter standard & diag output of command */
859 if (clever)
860 {
861 (void) close(rpvect[0]);
862 (void) close(1);
863 (void) dup(rpvect[1]);
864 (void) close(rpvect[1]);
865 }
866 else if (OpMode == MD_SMTP || HoldErrs)
867 {
868 /* put mailer output in transcript */
869 (void) close(1);
870 (void) dup(fileno(CurEnv->e_xfp));
871 }
872 (void) close(2);
873 (void) dup(1);
874
875 /* arrange to get standard input */
876 (void) close(mpvect[1]);
877 (void) close(0);
878 if (dup(mpvect[0]) < 0)
879 {
880 syserr("Cannot dup to zero!");
881 _exit(EX_OSERR);
882 }
883 (void) close(mpvect[0]);
884 if (!bitnset(M_RESTR, m->m_flags))
885 {
886 if (ctladdr == NULL || ctladdr->q_uid == 0)
887 {
888 (void) setgid(DefGid);
889 (void) initgroups(DefUser, DefGid);
890 (void) setuid(DefUid);
891 }
892 else
893 {
894 (void) setgid(ctladdr->q_gid);
895 (void) initgroups(ctladdr->q_ruser?
896 ctladdr->q_ruser: ctladdr->q_user,
897 ctladdr->q_gid);
898 (void) setuid(ctladdr->q_uid);
899 }
900 }
901
902 /* arrange for all the files to be closed */
903 for (i = 3; i < DtableSize; i++) {
904 register int j;
905 if ((j = fcntl(i, F_GETFD, 0)) != -1)
906 (void)fcntl(i, F_SETFD, j|1);
907 }
908
909 /* try to execute the mailer */
910 execve(m->m_mailer, pvp, UserEnviron);
911 syserr("Cannot exec %s", m->m_mailer);
912 if (m == LocalMailer)
913 _exit(EX_TEMPFAIL);
914 switch (errno)
915 {
916 case EIO:
917 case EAGAIN:
918 case ENOMEM:
919 # ifdef EPROCLIM
920 case EPROCLIM:
921 # endif
922 _exit(EX_TEMPFAIL);
923 }
924 _exit(EX_UNAVAILABLE);
925 }
926
927 /*
928 ** Set up return value.
929 */
930
931 (void) close(mpvect[0]);
932 mfile = fdopen(mpvect[1], "w");
933 if (clever)
934 {
935 (void) close(rpvect[1]);
936 rfile = fdopen(rpvect[0], "r");
937 } else
938 rfile = NULL;
939
940 *pmfile = mfile;
941 *prfile = rfile;
942
943 return (pid);
944 }
945 �/*
946 ** GIVERESPONSE -- Interpret an error response from a mailer
947 **
948 ** Parameters:
949 ** stat -- the status code from the mailer (high byte
950 ** only; core dumps must have been taken care of
951 ** already).
952 ** m -- the mailer descriptor for this mailer.
953 **
954 ** Returns:
955 ** none.
956 **
957 ** Side Effects:
958 ** Errors may be incremented.
959 ** ExitStat may be set.
960 */
961
962 giveresponse(stat, m, e)
963 int stat;
964 register MAILER *m;
965 ENVELOPE *e;
966 {
967 register char *statmsg;
968 extern char *SysExMsg[];
969 register int i;
970 extern int N_SysEx;
971 #ifdef NAMED_BIND
972 extern int h_errno;
973 #endif
974 char buf[MAXLINE];
975
976 #ifdef lint
977 if (m == NULL)
978 return;
979 #endif lint
980
981 /*
982 ** Compute status message from code.
983 */
984
985 i = stat - EX__BASE;
986 if (stat == 0)
987 statmsg = "250 Sent";
988 else if (i < 0 || i > N_SysEx)
989 {
990 (void) sprintf(buf, "554 unknown mailer error %d", stat);
991 stat = EX_UNAVAILABLE;
992 statmsg = buf;
993 }
994 else if (stat == EX_TEMPFAIL)
995 {
996 (void) strcpy(buf, SysExMsg[i]);
997 #ifdef NAMED_BIND
998 if (h_errno == TRY_AGAIN)
999 {
1000 extern char *errstring();
1001
1002 statmsg = errstring(h_errno+MAX_ERRNO);
1003 }
1004 else
1005 #endif
1006 {
1007 if (errno != 0)
1008 {
1009 extern char *errstring();
1010
1011 statmsg = errstring(errno);
1012 }
1013 else
1014 {
1015 #ifdef SMTP
1016 extern char SmtpError[];
1017
1018 statmsg = SmtpError;
1019 #else SMTP
1020 statmsg = NULL;
1021 #endif SMTP
1022 }
1023 }
1024 if (statmsg != NULL && statmsg[0] != '\0')
1025 {
1026 (void) strcat(buf, ": ");
1027 (void) strcat(buf, statmsg);
1028 }
1029 statmsg = buf;
1030 }
1031 else
1032 {
1033 statmsg = SysExMsg[i];
1034 }
1035
1036 /*
1037 ** Print the message as appropriate
1038 */
1039
1040 if (stat == EX_OK || stat == EX_TEMPFAIL)
1041 message(Arpa_Info, &statmsg[4]);
1042 else
1043 {
1044 Errors++;
1045 usrerr(statmsg);
1046 }
1047
1048 /*
1049 ** Final cleanup.
1050 ** Log a record of the transaction. Compute the new
1051 ** ExitStat -- if we already had an error, stick with
1052 ** that.
1053 */
1054
1055 if (LogLevel > ((stat == 0 || stat == EX_TEMPFAIL) ? 3 : 2))
1056 logdelivery(&statmsg[4]);
1057
1058 if (stat != EX_TEMPFAIL)
1059 setstat(stat);
1060 if (stat != EX_OK)
1061 {
1062 if (e->e_message != NULL)
1063 free(e->e_message);
1064 e->e_message = newstr(&statmsg[4]);
1065 }
1066 errno = 0;
1067 #ifdef NAMED_BIND
1068 h_errno = 0;
1069 #endif
1070 }
1071 �/*
1072 ** LOGDELIVERY -- log the delivery in the system log
1073 **
1074 ** Parameters:
1075 ** stat -- the message to print for the status
1076 **
1077 ** Returns:
1078 ** none
1079 **
1080 ** Side Effects:
1081 ** none
1082 */
1083
1084 logdelivery(stat)
1085 char *stat;
1086 {
1087 extern char *pintvl();
1088
1089 # ifdef LOG
1090 syslog(LOG_INFO, "%s: to=%s, delay=%s, stat=%s", CurEnv->e_id,
1091 CurEnv->e_to, pintvl(curtime() - CurEnv->e_ctime, TRUE), stat);
1092 # endif LOG
1093 }
1094 �/*
1095 ** PUTFROMLINE -- output a UNIX-style from line (or whatever)
1096 **
1097 ** This can be made an arbitrary message separator by changing $l
1098 **
1099 ** One of the ugliest hacks seen by human eyes is contained herein:
1100 ** UUCP wants those stupid "remote from <host>" lines. Why oh why
1101 ** does a well-meaning programmer such as myself have to deal with
1102 ** this kind of antique garbage????
1103 **
1104 ** Parameters:
1105 ** fp -- the file to output to.
1106 ** m -- the mailer describing this entry.
1107 **
1108 ** Returns:
1109 ** none
1110 **
1111 ** Side Effects:
1112 ** outputs some text to fp.
1113 */
1114
1115 putfromline(fp, m)
1116 register FILE *fp;
1117 register MAILER *m;
1118 {
1119 char *template = "\001l\n";
1120 char buf[MAXLINE];
1121
1122 if (bitnset(M_NHDR, m->m_flags))
1123 return;
1124
1125 # ifdef UGLYUUCP
1126 if (bitnset(M_UGLYUUCP, m->m_flags))
1127 {
1128 char *bang;
1129 char xbuf[MAXLINE];
1130
1131 expand("\001g", buf, &buf[sizeof buf - 1], CurEnv);
1132 bang = index(buf, '!');
1133 if (bang == NULL)
1134 syserr("No ! in UUCP! (%s)", buf);
1135 else
1136 {
1137 *bang++ = '\0';
1138 (void) sprintf(xbuf, "From %s \001d remote from %s\n", bang, buf);
1139 template = xbuf;
1140 }
1141 }
1142 # endif UGLYUUCP
1143 expand(template, buf, &buf[sizeof buf - 1], CurEnv);
1144 putline(buf, fp, m);
1145 }
1146 �/*
1147 ** PUTBODY -- put the body of a message.
1148 **
1149 ** Parameters:
1150 ** fp -- file to output onto.
1151 ** m -- a mailer descriptor to control output format.
1152 ** e -- the envelope to put out.
1153 **
1154 ** Returns:
1155 ** none.
1156 **
1157 ** Side Effects:
1158 ** The message is written onto fp.
1159 */
1160
1161 putbody(fp, m, e)
1162 FILE *fp;
1163 MAILER *m;
1164 register ENVELOPE *e;
1165 {
1166 char buf[MAXLINE];
1167
1168 /*
1169 ** Output the body of the message
1170 */
1171
1172 if (e->e_dfp == NULL)
1173 {
1174 if (e->e_df != NULL)
1175 {
1176 e->e_dfp = fopen(e->e_df, "r");
1177 if (e->e_dfp == NULL)
1178 syserr("putbody: Cannot open %s for %s from %s",
1179 e->e_df, e->e_to, e->e_from);
1180 }
1181 else
1182 putline("<<< No Message Collected >>>", fp, m);
1183 }
1184 if (e->e_dfp != NULL)
1185 {
1186 rewind(e->e_dfp);
1187 while (!ferror(fp) && fgets(buf, sizeof buf, e->e_dfp) != NULL)
1188 {
1189 if (buf[0] == 'F' && bitnset(M_ESCFROM, m->m_flags) &&
1190 strncmp(buf, "From ", 5) == 0)
1191 (void) putc('>', fp);
1192 putline(buf, fp, m);
1193 }
1194
1195 if (ferror(e->e_dfp))
1196 {
1197 syserr("putbody: read error");
1198 ExitStat = EX_IOERR;
1199 }
1200 }
1201
1202 (void) fflush(fp);
1203 if (ferror(fp) && errno != EPIPE)
1204 {
1205 syserr("putbody: write error");
1206 ExitStat = EX_IOERR;
1207 }
1208 errno = 0;
1209 }
1210 �/*
1211 ** MAILFILE -- Send a message to a file.
1212 **
1213 ** If the file has the setuid/setgid bits set, but NO execute
1214 ** bits, sendmail will try to become the owner of that file
1215 ** rather than the real user. Obviously, this only works if
1216 ** sendmail runs as root.
1217 **
1218 ** This could be done as a subordinate mailer, except that it
1219 ** is used implicitly to save messages in ~/dead.letter. We
1220 ** view this as being sufficiently important as to include it
1221 ** here. For example, if the system is dying, we shouldn't have
1222 ** to create another process plus some pipes to save the message.
1223 **
1224 ** Parameters:
1225 ** filename -- the name of the file to send to.
1226 ** ctladdr -- the controlling address header -- includes
1227 ** the userid/groupid to be when sending.
1228 **
1229 ** Returns:
1230 ** The exit code associated with the operation.
1231 **
1232 ** Side Effects:
1233 ** none.
1234 */
1235
1236 mailfile(filename, ctladdr)
1237 char *filename;
1238 ADDRESS *ctladdr;
1239 {
1240 register FILE *f;
1241 register int pid;
1242 ENVELOPE *e = CurEnv;
1243
1244 /*
1245 ** Fork so we can change permissions here.
1246 ** Note that we MUST use fork, not vfork, because of
1247 ** the complications of calling subroutines, etc.
1248 */
1249
1250 DOFORK(fork);
1251
1252 if (pid < 0)
1253 return (EX_OSERR);
1254 else if (pid == 0)
1255 {
1256 /* child -- actually write to file */
1257 struct stat stb;
1258
1259 (void) signal(SIGINT, SIG_DFL);
1260 (void) signal(SIGHUP, SIG_DFL);
1261 (void) signal(SIGTERM, SIG_DFL);
1262 (void) umask(OldUmask);
1263 if (stat(filename, &stb) < 0)
1264 {
1265 errno = 0;
1266 stb.st_mode = 0666;
1267 }
1268 if (bitset(0111, stb.st_mode))
1269 exit(EX_CANTCREAT);
1270 if (ctladdr == NULL)
1271 ctladdr = &e->e_from;
1272 /* we have to open the dfile BEFORE setuid */
1273 if (e->e_dfp == NULL && e->e_df != NULL)
1274 {
1275 e->e_dfp = fopen(e->e_df, "r");
1276 if (e->e_dfp == NULL) {
1277 syserr("mailfile: Cannot open %s for %s from %s",
1278 e->e_df, e->e_to, e->e_from);
1279 }
1280 }
1281
1282 if (!bitset(S_ISGID, stb.st_mode) || setgid(stb.st_gid) < 0)
1283 {
1284 if (ctladdr->q_uid == 0) {
1285 (void) setgid(DefGid);
1286 (void) initgroups(DefUser, DefGid);
1287 } else {
1288 (void) setgid(ctladdr->q_gid);
1289 (void) initgroups(ctladdr->q_ruser?
1290 ctladdr->q_ruser: ctladdr->q_user,
1291 ctladdr->q_gid);
1292 }
1293 }
1294 if (!bitset(S_ISUID, stb.st_mode) || setuid(stb.st_uid) < 0)
1295 {
1296 if (ctladdr->q_uid == 0)
1297 (void) setuid(DefUid);
1298 else
1299 (void) setuid(ctladdr->q_uid);
1300 }
1301 f = dfopen(filename, "a");
1302 if (f == NULL)
1303 exit(EX_CANTCREAT);
1304
1305 putfromline(f, ProgMailer);
1306 (*CurEnv->e_puthdr)(f, ProgMailer, CurEnv);
1307 putline("\n", f, ProgMailer);
1308 (*CurEnv->e_putbody)(f, ProgMailer, CurEnv);
1309 putline("\n", f, ProgMailer);
1310 (void) fclose(f);
1311 (void) fflush(stdout);
1312
1313 /* reset ISUID & ISGID bits for paranoid systems */
1314 (void) chmod(filename, (int) stb.st_mode);
1315 exit(EX_OK);
1316 /*NOTREACHED*/
1317 }
1318 else
1319 {
1320 /* parent -- wait for exit status */
1321 int st;
1322
1323 st = waitfor(pid);
1324 if ((st & 0377) != 0)
1325 return (EX_UNAVAILABLE);
1326 else
1327 return ((st >> 8) & 0377);
1328 /*NOTREACHED*/
1329 }
1330 }
1331 �/*
1332 ** SENDALL -- actually send all the messages.
1333 **
1334 ** Parameters:
1335 ** e -- the envelope to send.
1336 ** mode -- the delivery mode to use. If SM_DEFAULT, use
1337 ** the current SendMode.
1338 **
1339 ** Returns:
1340 ** none.
1341 **
1342 ** Side Effects:
1343 ** Scans the send lists and sends everything it finds.
1344 ** Delivers any appropriate error messages.
1345 ** If we are running in a non-interactive mode, takes the
1346 ** appropriate action.
1347 */
1348
1349 sendall(e, mode)
1350 ENVELOPE *e;
1351 char mode;
1352 {
1353 register ADDRESS *q;
1354 bool oldverbose;
1355 int pid;
1356 int nsent;
1357
1358 /* determine actual delivery mode */
1359 if (mode == SM_DEFAULT)
1360 {
1361 extern bool shouldqueue();
1362
1363 if (shouldqueue(e->e_msgpriority))
1364 mode = SM_QUEUE;
1365 else
1366 mode = SendMode;
1367 }
1368
1369 if (tTd(13, 1))
1370 {
1371 printf("\nSENDALL: mode %c, sendqueue:\n", mode);
1372 printaddr(e->e_sendqueue, TRUE);
1373 }
1374
1375 /*
1376 ** Do any preprocessing necessary for the mode we are running.
1377 ** Check to make sure the hop count is reasonable.
1378 ** Delete sends to the sender in mailing lists.
1379 */
1380
1381 CurEnv = e;
1382
1383 if (e->e_hopcount > MaxHopCount)
1384 {
1385 errno = 0;
1386 syserr("sendall: too many hops %d (%d max): from %s, to %s",
1387 e->e_hopcount, MaxHopCount, e->e_from, e->e_to);
1388 return;
1389 }
1390
1391 if (!MeToo)
1392 {
1393 extern ADDRESS *recipient();
1394
1395 e->e_from.q_flags |= QDONTSEND;
1396 (void) recipient(&e->e_from, &e->e_sendqueue);
1397 }
1398
1399 # ifdef QUEUE
1400 if ((mode == SM_QUEUE || mode == SM_FORK ||
1401 (mode != SM_VERIFY && SuperSafe)) &&
1402 !bitset(EF_INQUEUE, e->e_flags))
1403 queueup(e, TRUE, mode == SM_QUEUE);
1404 #endif QUEUE
1405
1406 oldverbose = Verbose;
1407 switch (mode)
1408 {
1409 case SM_VERIFY:
1410 Verbose = TRUE;
1411 break;
1412
1413 case SM_QUEUE:
1414 queueonly:
1415 e->e_flags |= EF_INQUEUE|EF_KEEPQUEUE;
1416 return;
1417
1418 case SM_FORK:
1419 if (e->e_xfp != NULL)
1420 (void) fflush(e->e_xfp);
1421
1422 # ifdef LOCKF
1423 /*
1424 ** Since lockf has the interesting semantic that the
1425 ** lock is lost when we close the file in the parent,
1426 ** we'll risk losing the lock here by closing before
1427 ** the fork, and then trying to get it back in the
1428 ** child.
1429 */
1430
1431 if (e->e_lockfp != NULL)
1432 {
1433 (void) fclose(e->e_lockfp);
1434 e->e_lockfp = NULL;
1435 }
1436 # endif /* LOCKF */
1437
1438 pid = fork();
1439 if (pid < 0)
1440 {
1441 goto queueonly;
1442 }
1443 else if (pid > 0)
1444 {
1445 /* be sure we leave the temp files to our child */
1446 e->e_id = e->e_df = NULL;
1447 # ifndef LOCKF
1448 if (e->e_lockfp != NULL)
1449 (void) fclose(e->e_lockfp);
1450 # endif
1451 return;
1452 }
1453
1454 /* double fork to avoid zombies */
1455 if (fork() > 0)
1456 exit(EX_OK);
1457
1458 /* be sure we are immune from the terminal */
1459 disconnect(FALSE);
1460
1461 # ifdef LOCKF
1462 /*
1463 ** Now try to get our lock back.
1464 */
1465
1466 e->e_lockfp = fopen(queuename(e, 'q'), "r+");
1467 if (e->e_lockfp == NULL ||
1468 lockf(fileno(e->e_lockfp), F_TLOCK, 0) < 0)
1469 {
1470 /* oops.... lost it */
1471 # ifdef LOG
1472 if (LogLevel > 5)
1473 syslog(LOG_NOTICE, "%s: lost lock: %m",
1474 CurEnv->e_id);
1475 # endif /* LOG */
1476 exit(EX_OK);
1477 }
1478 # endif /* LOCKF */
1479
1480 break;
1481 }
1482
1483 /*
1484 ** Run through the list and send everything.
1485 */
1486
1487 nsent = 0;
1488 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1489 {
1490 if (mode == SM_VERIFY)
1491 {
1492 e->e_to = q->q_paddr;
1493 if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
1494 message(Arpa_Info, "deliverable");
1495 }
1496 else if (!bitset(QDONTSEND, q->q_flags))
1497 {
1498 # ifdef QUEUE
1499 /*
1500 ** Checkpoint the send list every few addresses
1501 */
1502
1503 if (nsent >= CheckpointInterval)
1504 {
1505 queueup(e, TRUE, FALSE);
1506 nsent = 0;
1507 }
1508 # endif /* QUEUE */
1509 if (deliver(e, q) == EX_OK)
1510 nsent++;
1511 }
1512 }
1513 Verbose = oldverbose;
1514
1515 /*
1516 ** Now run through and check for errors.
1517 */
1518
1519 if (mode == SM_VERIFY)
1520 return;
1521
1522 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1523 {
1524 register ADDRESS *qq;
1525
1526 if (tTd(13, 3))
1527 {
1528 printf("Checking ");
1529 printaddr(q, FALSE);
1530 }
1531
1532 /* only send errors if the message failed */
1533 if (!bitset(QBADADDR, q->q_flags))
1534 continue;
1535
1536 /* we have an address that failed -- find the parent */
1537 for (qq = q; qq != NULL; qq = qq->q_alias)
1538 {
1539 char obuf[MAXNAME + 6];
1540 extern char *aliaslookup();
1541
1542 /* we can only have owners for local addresses */
1543 if (!bitnset(M_LOCAL, qq->q_mailer->m_flags))
1544 continue;
1545
1546 /* see if the owner list exists */
1547 (void) strcpy(obuf, "owner-");
1548 if (strncmp(qq->q_user, "owner-", 6) == 0)
1549 (void) strcat(obuf, "owner");
1550 else
1551 (void) strcat(obuf, qq->q_user);
1552 makelower(obuf);
1553 if (aliaslookup(obuf) == NULL)
1554 continue;
1555
1556 if (tTd(13, 4))
1557 printf("Errors to %s\n", obuf);
1558
1559 /* owner list exists -- add it to the error queue */
1560 sendtolist(obuf, (ADDRESS *) NULL, &e->e_errorqueue);
1561 ErrorMode = EM_MAIL;
1562 break;
1563 }
1564
1565 /* if we did not find an owner, send to the sender */
1566 if (qq == NULL && bitset(QBADADDR, q->q_flags))
1567 sendtolist(e->e_from.q_paddr, qq, &e->e_errorqueue);
1568 }
1569
1570 if (mode == SM_FORK)
1571 finis();
1572 }
1573