1 /*
2 * Copyright (c) 1983 Eric P. Allman
3 * Copyright (c) 1988 Regents of the University of California.
4 * All rights reserved.
5 *
6 * %sccs.include.redist.c%
7 */
8
9 #ifndef lint
10 static char sccsid[] = "@(#)deliver.c 5.54.1.2 (Berkeley) 05/29/92";
11 #endif /* not lint */
12
13 #include "sendmail.h"
14 #include <sys/signal.h>
15 #include <sys/stat.h>
16 #include <netdb.h>
17 #include <fcntl.h>
18 #include <errno.h>
19 #ifdef NAMED_BIND
20 #include <sys/param.h>
21 #include <arpa/nameser.h>
22 #include <resolv.h>
23 #endif
24
25 /*
26 ** DELIVER -- Deliver a message to a list of addresses.
27 **
28 ** This routine delivers to everyone on the same host as the
29 ** user on the head of the list. It is clever about mailers
30 ** that don't handle multiple users. It is NOT guaranteed
31 ** that it will deliver to all these addresses however -- so
32 ** deliver should be called once for each address on the
33 ** list.
34 **
35 ** Parameters:
36 ** e -- the envelope to deliver.
37 ** firstto -- head of the address list to deliver to.
38 **
39 ** Returns:
40 ** zero -- successfully delivered.
41 ** else -- some failure, see ExitStat for more info.
42 **
43 ** Side Effects:
44 ** The standard input is passed off to someone.
45 */
46
47 deliver(e, firstto)
48 register ENVELOPE *e;
49 ADDRESS *firstto;
50 {
51 char *host; /* host being sent to */
52 char *user; /* user being sent to */
53 char **pvp;
54 register char **mvp;
55 register char *p;
56 register MAILER *m; /* mailer for this recipient */
57 ADDRESS *ctladdr;
58 register ADDRESS *to = firstto;
59 bool clever = FALSE; /* running user smtp to this mailer */
60 ADDRESS *tochain = NULL; /* chain of users in this mailer call */
61 int rcode; /* response code */
62 char *from; /* pointer to from person */
63 char *pv[MAXPV+1];
64 char tobuf[MAXLINE-50]; /* text line of to people */
65 char buf[MAXNAME];
66 char tfrombuf[MAXNAME]; /* translated from person */
67 char rpathbuf[MAXNAME]; /* translated return path */
68 extern bool checkcompat();
69 extern ADDRESS *getctladdr();
70 extern char *remotename();
71
72 errno = 0;
73 if (bitset(QDONTSEND, to->q_flags))
74 return (0);
75
76 #ifdef NAMED_BIND
77 /* unless interactive, try twice, over a minute */
78 if (OpMode == MD_DAEMON || OpMode == MD_SMTP) {
79 _res.retrans = 30;
80 _res.retry = 2;
81 }
82 #endif
83
84 m = to->q_mailer;
85 host = to->q_host;
86
87 if (tTd(10, 1))
88 printf("\n--deliver, mailer=%d, host=`%s', first user=`%s'\n",
89 m->m_mno, host, to->q_user);
90
91 /*
92 ** If this mailer is expensive, and if we don't want to make
93 ** connections now, just mark these addresses and return.
94 ** This is useful if we want to batch connections to
95 ** reduce load. This will cause the messages to be
96 ** queued up, and a daemon will come along to send the
97 ** messages later.
98 ** This should be on a per-mailer basis.
99 */
100
101 if (NoConnect && !QueueRun && bitnset(M_EXPENSIVE, m->m_flags) &&
102 !Verbose)
103 {
104 for (; to != NULL; to = to->q_next)
105 {
106 if (bitset(QDONTSEND, to->q_flags) || to->q_mailer != m)
107 continue;
108 to->q_flags |= QQUEUEUP|QDONTSEND;
109 e->e_to = to->q_paddr;
110 message(Arpa_Info, "queued");
111 if (LogLevel > 4)
112 logdelivery("queued");
113 }
114 e->e_to = NULL;
115 return (0);
116 }
117
118 /*
119 ** Do initial argv setup.
120 ** Insert the mailer name. Notice that $x expansion is
121 ** NOT done on the mailer name. Then, if the mailer has
122 ** a picky -f flag, we insert it as appropriate. This
123 ** code does not check for 'pv' overflow; this places a
124 ** manifest lower limit of 4 for MAXPV.
125 ** The from address rewrite is expected to make
126 ** the address relative to the other end.
127 */
128
129 /* rewrite from address, using rewriting rules */
130 (void) strcpy(rpathbuf, remotename(e->e_returnpath, m, TRUE, TRUE));
131 if (e->e_returnpath == e->e_sender)
132 {
133 from = rpathbuf;
134 }
135 else
136 {
137 (void) strcpy(tfrombuf, remotename(e->e_sender, m, TRUE, TRUE));
138 from = tfrombuf;
139 }
140
141 define('f', e->e_returnpath, e); /* raw return path */
142 define('<', rpathbuf, e); /* translated return path */
143 define('g', from, e); /* translated sender */
144 define('h', host, e); /* to host */
145 Errors = 0;
146 pvp = pv;
147 *pvp++ = m->m_argv[0];
148
149 /* insert -f or -r flag as appropriate */
150 if (FromFlag && (bitnset(M_FOPT, m->m_flags) || bitnset(M_ROPT, m->m_flags)))
151 {
152 if (bitnset(M_FOPT, m->m_flags))
153 *pvp++ = "-f";
154 else
155 *pvp++ = "-r";
156 *pvp++ = newstr(rpathbuf);
157 }
158
159 /*
160 ** Append the other fixed parts of the argv. These run
161 ** up to the first entry containing "$u". There can only
162 ** be one of these, and there are only a few more slots
163 ** in the pv after it.
164 */
165
166 for (mvp = m->m_argv; (p = *++mvp) != NULL; )
167 {
168 while ((p = index(p, '\001')) != NULL)
169 if (*++p == 'u')
170 break;
171 if (p != NULL)
172 break;
173
174 /* this entry is safe -- go ahead and process it */
175 expand(*mvp, buf, &buf[sizeof buf - 1], e);
176 *pvp++ = newstr(buf);
177 if (pvp >= &pv[MAXPV - 3])
178 {
179 syserr("Too many parameters to %s before $u", pv[0]);
180 return (-1);
181 }
182 }
183
184 /*
185 ** If we have no substitution for the user name in the argument
186 ** list, we know that we must supply the names otherwise -- and
187 ** SMTP is the answer!!
188 */
189
190 if (*mvp == NULL)
191 {
192 /* running SMTP */
193 # ifdef SMTP
194 clever = TRUE;
195 *pvp = NULL;
196 # else SMTP
197 /* oops! we don't implement SMTP */
198 syserr("SMTP style mailer");
199 return (EX_SOFTWARE);
200 # endif SMTP
201 }
202
203 /*
204 ** At this point *mvp points to the argument with $u. We
205 ** run through our address list and append all the addresses
206 ** we can. If we run out of space, do not fret! We can
207 ** always send another copy later.
208 */
209
210 tobuf[0] = '\0';
211 e->e_to = tobuf;
212 ctladdr = NULL;
213 for (; to != NULL; to = to->q_next)
214 {
215 /* avoid sending multiple recipients to dumb mailers */
216 if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags))
217 break;
218
219 /* if already sent or not for this host, don't send */
220 if (bitset(QDONTSEND, to->q_flags) ||
221 strcmp(to->q_host, host) != 0 ||
222 to->q_mailer != firstto->q_mailer)
223 continue;
224
225 /* avoid overflowing tobuf */
226 if (sizeof tobuf < (strlen(to->q_paddr) + strlen(tobuf) + 2))
227 break;
228
229 if (tTd(10, 1))
230 {
231 printf("\nsend to ");
232 printaddr(to, FALSE);
233 }
234
235 /* compute effective uid/gid when sending */
236 if (to->q_mailer == ProgMailer)
237 ctladdr = getctladdr(to);
238
239 user = to->q_user;
240 e->e_to = to->q_paddr;
241 to->q_flags |= QDONTSEND;
242
243 /*
244 ** Check to see that these people are allowed to
245 ** talk to each other.
246 */
247
248 if (m->m_maxsize != 0 && e->e_msgsize > m->m_maxsize)
249 {
250 NoReturn = TRUE;
251 usrerr("Message is too large; %ld bytes max", m->m_maxsize);
252 giveresponse(EX_UNAVAILABLE, m, e);
253 continue;
254 }
255 if (!checkcompat(to))
256 {
257 giveresponse(EX_UNAVAILABLE, m, e);
258 continue;
259 }
260
261 /*
262 ** Strip quote bits from names if the mailer is dumb
263 ** about them.
264 */
265
266 if (bitnset(M_STRIPQ, m->m_flags))
267 {
268 stripquotes(user, TRUE);
269 stripquotes(host, TRUE);
270 }
271 else
272 {
273 stripquotes(user, FALSE);
274 stripquotes(host, FALSE);
275 }
276
277 /* hack attack -- delivermail compatibility */
278 if (m == ProgMailer && *user == '|')
279 user++;
280
281 /*
282 ** If an error message has already been given, don't
283 ** bother to send to this address.
284 **
285 ** >>>>>>>>>> This clause assumes that the local mailer
286 ** >> NOTE >> cannot do any further aliasing; that
287 ** >>>>>>>>>> function is subsumed by sendmail.
288 */
289
290 if (bitset(QBADADDR|QQUEUEUP, to->q_flags))
291 continue;
292
293 /* save statistics.... */
294 markstats(e, to);
295
296 /*
297 ** See if this user name is "special".
298 ** If the user name has a slash in it, assume that this
299 ** is a file -- send it off without further ado. Note
300 ** that this type of addresses is not processed along
301 ** with the others, so we fudge on the To person.
302 */
303
304 if (m == LocalMailer)
305 {
306 if (user[0] == '/')
307 {
308 rcode = mailfile(user, getctladdr(to));
309 giveresponse(rcode, m, e);
310 if (rcode == EX_OK)
311 to->q_flags |= QSENT;
312 continue;
313 }
314 }
315
316 /*
317 ** Address is verified -- add this user to mailer
318 ** argv, and add it to the print list of recipients.
319 */
320
321 /* link together the chain of recipients */
322 to->q_tchain = tochain;
323 tochain = to;
324
325 /* create list of users for error messages */
326 (void) strcat(tobuf, ",");
327 (void) strcat(tobuf, to->q_paddr);
328 define('u', user, e); /* to user */
329 define('z', to->q_home, e); /* user's home */
330
331 /*
332 ** Expand out this user into argument list.
333 */
334
335 if (!clever)
336 {
337 expand(*mvp, buf, &buf[sizeof buf - 1], e);
338 *pvp++ = newstr(buf);
339 if (pvp >= &pv[MAXPV - 2])
340 {
341 /* allow some space for trailing parms */
342 break;
343 }
344 }
345 }
346
347 /* see if any addresses still exist */
348 if (tobuf[0] == '\0')
349 {
350 define('g', (char *) NULL, e);
351 define('<', (char *) NULL, e);
352 return (0);
353 }
354
355 /* print out messages as full list */
356 e->e_to = tobuf + 1;
357
358 /*
359 ** Fill out any parameters after the $u parameter.
360 */
361
362 while (!clever && *++mvp != NULL)
363 {
364 expand(*mvp, buf, &buf[sizeof buf - 1], e);
365 *pvp++ = newstr(buf);
366 if (pvp >= &pv[MAXPV])
367 syserr("deliver: pv overflow after $u for %s", pv[0]);
368 }
369 *pvp++ = NULL;
370
371 /*
372 ** Call the mailer.
373 ** The argument vector gets built, pipes
374 ** are created as necessary, and we fork & exec as
375 ** appropriate.
376 ** If we are running SMTP, we just need to clean up.
377 */
378
379 if (ctladdr == NULL)
380 ctladdr = &e->e_from;
381 #ifdef NAMED_BIND
382 if (ConfigLevel < 2)
383 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
384 #endif
385 #ifdef SMTP
386 if (clever)
387 {
388 rcode = EX_OK;
389 #ifdef NAMED_BIND
390 if (host[0] && host[0] != '[')
391 {
392 expand("\001j", buf, &buf[sizeof(buf) - 1], e);
393 Nmx = getmxrr(host, MxHosts, buf, &rcode);
394 }
395 else
396 #endif
397 {
398 Nmx = 1;
399 MxHosts[0] = host;
400 }
401 if (Nmx >= 0)
402 {
403 message(Arpa_Info, "Connecting to %s (%s)...",
404 MxHosts[0], m->m_name);
405 if ((rcode = smtpinit(m, mci, pv)) == EX_OK)
406 {
407 register char *t = tobuf;
408 register int i;
409
410 /* send the recipient list */
411 tobuf[0] = '\0';
412 for (to = tochain; to != NULL; to = to->q_tchain)
413 {
414 e->e_to = to->q_paddr;
415 if ((i = smtprcpt(to, m, mci)) != EX_OK)
416 {
417 markfailure(e, to, i);
418 giveresponse(i, m, e);
419 }
420 else
421 {
422 *t++ = ',';
423 for (p = to->q_paddr; *p; *t++ = *p++);
424 }
425 }
426
427 /* now send the data */
428 if (tobuf[0] == '\0')
429 e->e_to = NULL;
430 else
431 {
432 e->e_to = tobuf + 1;
433 rcode = smtpdata(m, mci, e);
434 }
435
436 /* now close the connection */
437 smtpquit(m);
438 }
439 }
440 }
441 else
442 #endif /* SMTP */
443 {
444 static int sendoff();
445
446 message(Arpa_Info, "Connecting to %s (%s)...", host, m->m_name);
447 rcode = sendoff(e, m, pv, ctladdr);
448 }
449 #ifdef NAMED_BIND
450 if (ConfigLevel < 2)
451 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */
452 #endif
453
454 /*
455 ** Do final status disposal.
456 ** We check for something in tobuf for the SMTP case.
457 ** If we got a temporary failure, arrange to queue the
458 ** addressees.
459 */
460
461 if (tobuf[0] != '\0')
462 giveresponse(rcode, m, e);
463 for (to = tochain; to != NULL; to = to->q_tchain)
464 if (rcode != EX_OK)
465 markfailure(e, to, rcode);
466 else
467 to->q_flags |= QSENT;
468
469 errno = 0;
470 define('g', (char *) NULL, e);
471 define('<', (char *) NULL, e);
472 return (rcode);
473 }
474 �/*
475 ** MARKFAILURE -- mark a failure on a specific address.
476 **
477 ** Parameters:
478 ** e -- the envelope we are sending.
479 ** q -- the address to mark.
480 ** rcode -- the code signifying the particular failure.
481 **
482 ** Returns:
483 ** none.
484 **
485 ** Side Effects:
486 ** marks the address (and possibly the envelope) with the
487 ** failure so that an error will be returned or
488 ** the message will be queued, as appropriate.
489 */
490
491 markfailure(e, q, rcode)
492 register ENVELOPE *e;
493 register ADDRESS *q;
494 int rcode;
495 {
496 if (rcode == EX_OK)
497 return;
498 else if (rcode != EX_TEMPFAIL && rcode != EX_IOERR && rcode != EX_OSERR)
499 q->q_flags |= QBADADDR;
500 else if (curtime() > e->e_ctime + TimeOut)
501 {
502 extern char *pintvl();
503 char buf[MAXLINE];
504
505 if (!bitset(EF_TIMEOUT, e->e_flags))
506 {
507 (void) sprintf(buf, "Cannot send message for %s",
508 pintvl(TimeOut, FALSE));
509 if (e->e_message != NULL)
510 free(e->e_message);
511 e->e_message = newstr(buf);
512 message(Arpa_Info, buf);
513 }
514 q->q_flags |= QBADADDR;
515 e->e_flags |= EF_TIMEOUT;
516 }
517 else
518 q->q_flags |= QQUEUEUP;
519 }
520 �/*
521 ** DOFORK -- do a fork, retrying a couple of times on failure.
522 **
523 ** This MUST be a macro, since after a vfork we are running
524 ** two processes on the same stack!!!
525 **
526 ** Parameters:
527 ** none.
528 **
529 ** Returns:
530 ** From a macro??? You've got to be kidding!
531 **
532 ** Side Effects:
533 ** Modifies the ==> LOCAL <== variable 'pid', leaving:
534 ** pid of child in parent, zero in child.
535 ** -1 on unrecoverable error.
536 **
537 ** Notes:
538 ** I'm awfully sorry this looks so awful. That's
539 ** vfork for you.....
540 */
541
542 # define NFORKTRIES 5
543
544 # ifndef FORK
545 # define FORK fork
546 # endif
547
548 # define DOFORK(fORKfN) \
549 {\
550 register int i;\
551 \
552 for (i = NFORKTRIES; --i >= 0; )\
553 {\
554 pid = fORKfN();\
555 if (pid >= 0)\
556 break;\
557 if (i > 0)\
558 sleep((unsigned) NFORKTRIES - i);\
559 }\
560 }
561 �/*
562 ** DOFORK -- simple fork interface to DOFORK.
563 **
564 ** Parameters:
565 ** none.
566 **
567 ** Returns:
568 ** pid of child in parent.
569 ** zero in child.
570 ** -1 on error.
571 **
572 ** Side Effects:
573 ** returns twice, once in parent and once in child.
574 */
575
576 dofork()
577 {
578 register int pid;
579
580 DOFORK(fork);
581 return (pid);
582 }
583 �/*
584 ** SENDOFF -- send off call to mailer & collect response.
585 **
586 ** Parameters:
587 ** e -- the envelope to mail.
588 ** m -- mailer descriptor.
589 ** pvp -- parameter vector to send to it.
590 ** ctladdr -- an address pointer controlling the
591 ** user/groupid etc. of the mailer.
592 **
593 ** Returns:
594 ** exit status of mailer.
595 **
596 ** Side Effects:
597 ** none.
598 */
599 static
600 sendoff(e, m, pvp, ctladdr)
601 register ENVELOPE *e;
602 MAILER *m;
603 char **pvp;
604 ADDRESS *ctladdr;
605 {
606 register int i;
607 register MCONINFO *mci;
608 extern MCONINFO *openmailer();
609
610 /*
611 ** Create connection to mailer.
612 */
613
614 mci = openmailer(m, pvp, ctladdr, FALSE);
615 if (mci == NULL)
616 return (-1);
617
618 /*
619 ** Format and send message.
620 */
621
622 putfromline(mci->mci_out, m);
623 (*e->e_puthdr)(mci->mci_out, m, e);
624 putline("\n", mci->mci_out, m);
625 (*e->e_putbody)(mci->mci_out, m, e);
626
627 i = endmailer(mci, pvp[0]);
628
629 /* arrange a return receipt if requested */
630 if (e->e_receiptto != NULL && bitnset(M_LOCAL, m->m_flags))
631 {
632 e->e_flags |= EF_SENDRECEIPT;
633 /* do we want to send back more info? */
634 }
635
636 return (i);
637 }
638 �/*
639 ** ENDMAILER -- Wait for mailer to terminate.
640 **
641 ** We should never get fatal errors (e.g., segmentation
642 ** violation), so we report those specially. For other
643 ** errors, we choose a status message (into statmsg),
644 ** and if it represents an error, we print it.
645 **
646 ** Parameters:
647 ** pid -- pid of mailer.
648 ** name -- name of mailer (for error messages).
649 **
650 ** Returns:
651 ** exit code of mailer.
652 **
653 ** Side Effects:
654 ** none.
655 */
656
657 endmailer(mci, name)
658 register MCONINFO *mci;
659 char *name;
660 {
661 int st;
662
663 /* close any connections */
664 if (mci->mci_in != NULL)
665 (void) fclose(mci->mci_in);
666 if (mci->mci_out != NULL)
667 (void) fclose(mci->mci_out);
668 mci->mci_in = mci->mci_out = NULL;
669 mci->mci_state = MCIS_CLOSED;
670 if (bitset(MCIF_TEMP, mci->mci_flags))
671 xfree(mci);
672
673 /* in the IPC case there is nothing to wait for */
674 if (mci->mci_pid == 0)
675 return (EX_OK);
676
677 /* wait for the mailer process to die and collect status */
678 st = waitfor(mci->mci_pid);
679 if (st == -1)
680 {
681 syserr("endmailer %s: wait", name);
682 return (EX_SOFTWARE);
683 }
684
685 /* see if it died a horrid death */
686 if ((st & 0377) != 0)
687 {
688 syserr("mailer %s died with signal %o", name, st);
689 ExitStat = EX_TEMPFAIL;
690 return (EX_TEMPFAIL);
691 }
692
693 /* normal death -- return status */
694 st = (st >> 8) & 0377;
695 return (st);
696 }
697 �/*
698 ** OPENMAILER -- open connection to mailer.
699 **
700 ** Parameters:
701 ** m -- mailer descriptor.
702 ** pvp -- parameter vector to pass to mailer.
703 ** ctladdr -- controlling address for user.
704 ** clever -- create a full duplex connection.
705 **
706 ** Returns:
707 ** The mail connection info struct for this connection.
708 ** NULL on failure.
709 **
710 ** Side Effects:
711 ** creates a mailer in a subprocess.
712 */
713
714 MCONINFO *
715 openmailer(m, pvp, ctladdr, clever)
716 MAILER *m;
717 char **pvp;
718 ADDRESS *ctladdr;
719 bool clever;
720 {
721 int pid;
722 register MCONINFO *mci;
723 int mpvect[2];
724 int rpvect[2];
725 extern FILE *fdopen();
726
727 if (tTd(11, 1))
728 {
729 printf("openmailer:");
730 printav(pvp);
731 }
732 errno = 0;
733
734 CurHostName = m->m_mailer;
735
736 /*
737 ** Deal with the special case of mail handled through an IPC
738 ** connection.
739 ** In this case we don't actually fork. We must be
740 ** running SMTP for this to work. We will return a
741 ** zero pid to indicate that we are running IPC.
742 ** We also handle a debug version that just talks to stdin/out.
743 */
744
745 /* check for Local Person Communication -- not for mortals!!! */
746 if (strcmp(m->m_mailer, "[LPC]") == 0)
747 {
748 mci = (MCONINFO *) xalloc(sizeof *mci);
749 mci->mci_in = stdin;
750 mci->mci_out = stdout;
751 mci->mci_pid = 0;
752 mci->mci_state = MCIS_OPEN;
753 return mci;
754 }
755
756 if (strcmp(m->m_mailer, "[IPC]") == 0 ||
757 strcmp(m->m_mailer, "[TCP]") == 0)
758 {
759 #ifdef DAEMON
760 register STAB *st;
761 extern STAB *stab();
762 register int i, j;
763 register u_short port;
764
765 CurHostName = pvp[1];
766 if (!clever)
767 syserr("non-clever IPC");
768 if (pvp[2] != NULL)
769 port = atoi(pvp[2]);
770 else
771 port = 0;
772 for (j = 0; j < Nmx; j++)
773 {
774 /* see if we already know that this host is fried */
775 CurHostName = MxHosts[j];
776 st = stab(CurHostName,
777 ST_MCONINFO + m->m_mno,
778 ST_ENTER);
779 mci = &st->s_mci;
780 if (mci->mci_state != MCIS_CLOSED)
781 return mci;
782 if (mci->mci_exitstat == EX_OK)
783 {
784 /* try the connection */
785 message(Arpa_Info, "Connecting to %s (%s)...",
786 MxHosts[j], m->m_name);
787 i = makeconnection(MxHosts[j], port, mci,
788 bitnset(M_SECURE_PORT, m->m_flags));
789 mci->mci_exitstat = i;
790 mci->mci_errno = errno;
791 }
792 else
793 {
794 i = mci->mci_exitstat;
795 errno = mci->mci_errno;
796 }
797 if (i == EX_OK)
798 return mci;
799
800 /* enter status of this host */
801 setstat(i);
802 }
803 return NULL;
804 #else DAEMON
805 syserr("openmailer: no IPC");
806 return NULL;
807 #endif DAEMON
808 }
809
810 /* create a pipe to shove the mail through */
811 if (pipe(mpvect) < 0)
812 {
813 syserr("openmailer: pipe (to mailer)");
814 return NULL;
815 }
816
817 #ifdef SMTP
818 /* if this mailer speaks smtp, create a return pipe */
819 if (clever && pipe(rpvect) < 0)
820 {
821 syserr("openmailer: pipe (from mailer)");
822 (void) close(mpvect[0]);
823 (void) close(mpvect[1]);
824 return NULL;
825 }
826 #endif SMTP
827
828 /*
829 ** Actually fork the mailer process.
830 ** DOFORK is clever about retrying.
831 **
832 ** Dispose of SIGCHLD signal catchers that may be laying
833 ** around so that endmail will get it.
834 */
835
836 if (CurEnv->e_xfp != NULL)
837 (void) fflush(CurEnv->e_xfp); /* for debugging */
838 (void) fflush(stdout);
839 # ifdef SIGCHLD
840 (void) signal(SIGCHLD, SIG_DFL);
841 # endif SIGCHLD
842 DOFORK(FORK);
843 /* pid is set by DOFORK */
844 if (pid < 0)
845 {
846 /* failure */
847 syserr("openmailer: cannot fork");
848 (void) close(mpvect[0]);
849 (void) close(mpvect[1]);
850 #ifdef SMTP
851 if (clever)
852 {
853 (void) close(rpvect[0]);
854 (void) close(rpvect[1]);
855 }
856 #endif SMTP
857 return NULL;
858 }
859 else if (pid == 0)
860 {
861 int i;
862 extern int DtableSize;
863
864 /* child -- set up input & exec mailer */
865 /* make diagnostic output be standard output */
866 (void) signal(SIGINT, SIG_IGN);
867 (void) signal(SIGHUP, SIG_IGN);
868 (void) signal(SIGTERM, SIG_DFL);
869
870 /* arrange to filter standard & diag output of command */
871 if (clever)
872 {
873 (void) close(rpvect[0]);
874 (void) close(1);
875 (void) dup(rpvect[1]);
876 (void) close(rpvect[1]);
877 }
878 else if (OpMode == MD_SMTP || HoldErrs)
879 {
880 /* put mailer output in transcript */
881 (void) close(1);
882 (void) dup(fileno(CurEnv->e_xfp));
883 }
884 (void) close(2);
885 (void) dup(1);
886
887 /* arrange to get standard input */
888 (void) close(mpvect[1]);
889 (void) close(0);
890 if (dup(mpvect[0]) < 0)
891 {
892 syserr("Cannot dup to zero!");
893 _exit(EX_OSERR);
894 }
895 (void) close(mpvect[0]);
896 if (!bitnset(M_RESTR, m->m_flags))
897 {
898 if (ctladdr == NULL || ctladdr->q_uid == 0)
899 {
900 (void) setgid(DefGid);
901 (void) initgroups(DefUser, DefGid);
902 (void) setuid(DefUid);
903 }
904 else
905 {
906 (void) setgid(ctladdr->q_gid);
907 (void) initgroups(ctladdr->q_ruser?
908 ctladdr->q_ruser: ctladdr->q_user,
909 ctladdr->q_gid);
910 (void) setuid(ctladdr->q_uid);
911 }
912 }
913
914 /* arrange for all the files to be closed */
915 for (i = 3; i < DtableSize; i++) {
916 register int j;
917 if ((j = fcntl(i, F_GETFD, 0)) != -1)
918 (void)fcntl(i, F_SETFD, j|1);
919 }
920
921 /* try to execute the mailer */
922 execve(m->m_mailer, pvp, UserEnviron);
923 syserr("Cannot exec %s", m->m_mailer);
924 if (m == LocalMailer)
925 _exit(EX_TEMPFAIL);
926 switch (errno)
927 {
928 case EIO:
929 case EAGAIN:
930 case ENOMEM:
931 # ifdef EPROCLIM
932 case EPROCLIM:
933 # endif
934 _exit(EX_TEMPFAIL);
935 }
936 _exit(EX_UNAVAILABLE);
937 }
938
939 /*
940 ** Set up return value.
941 */
942
943 mci = (MCONINFO *) xalloc(sizeof *mci);
944 (void) close(mpvect[0]);
945 mci->mci_out = fdopen(mpvect[1], "w");
946 if (clever)
947 {
948 (void) close(rpvect[1]);
949 mci->mci_in = fdopen(rpvect[0], "r");
950 }
951 else
952 {
953 mci->mci_flags |= MCIF_TEMP;
954 mci->mci_in = NULL;
955 }
956
957 return mci;
958 }
959 �/*
960 ** GIVERESPONSE -- Interpret an error response from a mailer
961 **
962 ** Parameters:
963 ** stat -- the status code from the mailer (high byte
964 ** only; core dumps must have been taken care of
965 ** already).
966 ** m -- the mailer descriptor for this mailer.
967 **
968 ** Returns:
969 ** none.
970 **
971 ** Side Effects:
972 ** Errors may be incremented.
973 ** ExitStat may be set.
974 */
975
976 giveresponse(stat, m, e)
977 int stat;
978 register MAILER *m;
979 ENVELOPE *e;
980 {
981 register char *statmsg;
982 extern char *SysExMsg[];
983 register int i;
984 extern int N_SysEx;
985 #ifdef NAMED_BIND
986 extern int h_errno;
987 #endif
988 char buf[MAXLINE];
989
990 #ifdef lint
991 if (m == NULL)
992 return;
993 #endif lint
994
995 /*
996 ** Compute status message from code.
997 */
998
999 i = stat - EX__BASE;
1000 if (stat == 0)
1001 statmsg = "250 Sent";
1002 else if (i < 0 || i > N_SysEx)
1003 {
1004 (void) sprintf(buf, "554 unknown mailer error %d", stat);
1005 stat = EX_UNAVAILABLE;
1006 statmsg = buf;
1007 }
1008 else if (stat == EX_TEMPFAIL)
1009 {
1010 (void) strcpy(buf, SysExMsg[i]);
1011 #ifdef NAMED_BIND
1012 if (h_errno == TRY_AGAIN)
1013 {
1014 extern char *errstring();
1015
1016 statmsg = errstring(h_errno+MAX_ERRNO);
1017 }
1018 else
1019 #endif
1020 {
1021 if (errno != 0)
1022 {
1023 extern char *errstring();
1024
1025 statmsg = errstring(errno);
1026 }
1027 else
1028 {
1029 #ifdef SMTP
1030 extern char SmtpError[];
1031
1032 statmsg = SmtpError;
1033 #else SMTP
1034 statmsg = NULL;
1035 #endif SMTP
1036 }
1037 }
1038 if (statmsg != NULL && statmsg[0] != '\0')
1039 {
1040 (void) strcat(buf, ": ");
1041 (void) strcat(buf, statmsg);
1042 }
1043 statmsg = buf;
1044 }
1045 else
1046 {
1047 statmsg = SysExMsg[i];
1048 }
1049
1050 /*
1051 ** Print the message as appropriate
1052 */
1053
1054 if (stat == EX_OK || stat == EX_TEMPFAIL)
1055 message(Arpa_Info, &statmsg[4]);
1056 else
1057 {
1058 Errors++;
1059 usrerr(statmsg);
1060 }
1061
1062 /*
1063 ** Final cleanup.
1064 ** Log a record of the transaction. Compute the new
1065 ** ExitStat -- if we already had an error, stick with
1066 ** that.
1067 */
1068
1069 if (LogLevel > ((stat == 0 || stat == EX_TEMPFAIL) ? 3 : 2))
1070 logdelivery(&statmsg[4]);
1071
1072 if (stat != EX_TEMPFAIL)
1073 setstat(stat);
1074 if (stat != EX_OK)
1075 {
1076 if (e->e_message != NULL)
1077 free(e->e_message);
1078 e->e_message = newstr(&statmsg[4]);
1079 }
1080 errno = 0;
1081 #ifdef NAMED_BIND
1082 h_errno = 0;
1083 #endif
1084 }
1085 �/*
1086 ** LOGDELIVERY -- log the delivery in the system log
1087 **
1088 ** Parameters:
1089 ** stat -- the message to print for the status
1090 **
1091 ** Returns:
1092 ** none
1093 **
1094 ** Side Effects:
1095 ** none
1096 */
1097
1098 logdelivery(stat)
1099 char *stat;
1100 {
1101 extern char *pintvl();
1102
1103 # ifdef LOG
1104 syslog(LOG_INFO, "%s: to=%s, delay=%s, stat=%s", CurEnv->e_id,
1105 CurEnv->e_to, pintvl(curtime() - CurEnv->e_ctime, TRUE), stat);
1106 # endif LOG
1107 }
1108 �/*
1109 ** PUTFROMLINE -- output a UNIX-style from line (or whatever)
1110 **
1111 ** This can be made an arbitrary message separator by changing $l
1112 **
1113 ** One of the ugliest hacks seen by human eyes is contained herein:
1114 ** UUCP wants those stupid "remote from <host>" lines. Why oh why
1115 ** does a well-meaning programmer such as myself have to deal with
1116 ** this kind of antique garbage????
1117 **
1118 ** Parameters:
1119 ** fp -- the file to output to.
1120 ** m -- the mailer describing this entry.
1121 **
1122 ** Returns:
1123 ** none
1124 **
1125 ** Side Effects:
1126 ** outputs some text to fp.
1127 */
1128
1129 putfromline(fp, m)
1130 register FILE *fp;
1131 register MAILER *m;
1132 {
1133 char *template = "\001l\n";
1134 char buf[MAXLINE];
1135
1136 if (bitnset(M_NHDR, m->m_flags))
1137 return;
1138
1139 # ifdef UGLYUUCP
1140 if (bitnset(M_UGLYUUCP, m->m_flags))
1141 {
1142 char *bang;
1143 char xbuf[MAXLINE];
1144
1145 expand("\001<", buf, &buf[sizeof buf - 1], CurEnv);
1146 bang = index(buf, '!');
1147 if (bang == NULL)
1148 syserr("No ! in UUCP! (%s)", buf);
1149 else
1150 {
1151 *bang++ = '\0';
1152 (void) sprintf(xbuf, "From %s \001d remote from %s\n", bang, buf);
1153 template = xbuf;
1154 }
1155 }
1156 # endif UGLYUUCP
1157 expand(template, buf, &buf[sizeof buf - 1], CurEnv);
1158 putline(buf, fp, m);
1159 }
1160 �/*
1161 ** PUTBODY -- put the body of a message.
1162 **
1163 ** Parameters:
1164 ** fp -- file to output onto.
1165 ** m -- a mailer descriptor to control output format.
1166 ** e -- the envelope to put out.
1167 **
1168 ** Returns:
1169 ** none.
1170 **
1171 ** Side Effects:
1172 ** The message is written onto fp.
1173 */
1174
1175 putbody(fp, m, e)
1176 FILE *fp;
1177 MAILER *m;
1178 register ENVELOPE *e;
1179 {
1180 char buf[MAXLINE];
1181
1182 /*
1183 ** Output the body of the message
1184 */
1185
1186 if (e->e_dfp == NULL)
1187 {
1188 if (e->e_df != NULL)
1189 {
1190 e->e_dfp = fopen(e->e_df, "r");
1191 if (e->e_dfp == NULL)
1192 syserr("putbody: Cannot open %s for %s from %s",
1193 e->e_df, e->e_to, e->e_from);
1194 }
1195 else
1196 putline("<<< No Message Collected >>>", fp, m);
1197 }
1198 if (e->e_dfp != NULL)
1199 {
1200 rewind(e->e_dfp);
1201 while (!ferror(fp) && fgets(buf, sizeof buf, e->e_dfp) != NULL)
1202 {
1203 if (buf[0] == 'F' && bitnset(M_ESCFROM, m->m_flags) &&
1204 strncmp(buf, "From ", 5) == 0)
1205 (void) putc('>', fp);
1206 putline(buf, fp, m);
1207 }
1208
1209 if (ferror(e->e_dfp))
1210 {
1211 syserr("putbody: read error");
1212 ExitStat = EX_IOERR;
1213 }
1214 }
1215
1216 (void) fflush(fp);
1217 if (ferror(fp) && errno != EPIPE)
1218 {
1219 syserr("putbody: write error");
1220 ExitStat = EX_IOERR;
1221 }
1222 errno = 0;
1223 }
1224 �/*
1225 ** MAILFILE -- Send a message to a file.
1226 **
1227 ** If the file has the setuid/setgid bits set, but NO execute
1228 ** bits, sendmail will try to become the owner of that file
1229 ** rather than the real user. Obviously, this only works if
1230 ** sendmail runs as root.
1231 **
1232 ** This could be done as a subordinate mailer, except that it
1233 ** is used implicitly to save messages in ~/dead.letter. We
1234 ** view this as being sufficiently important as to include it
1235 ** here. For example, if the system is dying, we shouldn't have
1236 ** to create another process plus some pipes to save the message.
1237 **
1238 ** Parameters:
1239 ** filename -- the name of the file to send to.
1240 ** ctladdr -- the controlling address header -- includes
1241 ** the userid/groupid to be when sending.
1242 **
1243 ** Returns:
1244 ** The exit code associated with the operation.
1245 **
1246 ** Side Effects:
1247 ** none.
1248 */
1249
1250 mailfile(filename, ctladdr)
1251 char *filename;
1252 ADDRESS *ctladdr;
1253 {
1254 register FILE *f;
1255 register int pid;
1256 ENVELOPE *e = CurEnv;
1257
1258 /*
1259 ** Fork so we can change permissions here.
1260 ** Note that we MUST use fork, not vfork, because of
1261 ** the complications of calling subroutines, etc.
1262 */
1263
1264 DOFORK(fork);
1265
1266 if (pid < 0)
1267 return (EX_OSERR);
1268 else if (pid == 0)
1269 {
1270 /* child -- actually write to file */
1271 struct stat stb;
1272
1273 (void) signal(SIGINT, SIG_DFL);
1274 (void) signal(SIGHUP, SIG_DFL);
1275 (void) signal(SIGTERM, SIG_DFL);
1276 (void) umask(OldUmask);
1277
1278 if (stat(filename, &stb) < 0)
1279 stb.st_mode = 0666;
1280
1281 /* limit the errors to those actually caused in the child */
1282 errno = 0;
1283 ExitStat = EX_OK;
1284
1285 if (bitset(0111, stb.st_mode))
1286 exit(EX_CANTCREAT);
1287 if (ctladdr == NULL)
1288 ctladdr = &e->e_from;
1289 /* we have to open the dfile BEFORE setuid */
1290 if (e->e_dfp == NULL && e->e_df != NULL)
1291 {
1292 e->e_dfp = fopen(e->e_df, "r");
1293 if (e->e_dfp == NULL)
1294 {
1295 syserr("mailfile: Cannot open %s for %s from %s",
1296 e->e_df, e->e_to, e->e_from);
1297 }
1298 }
1299
1300 if (!bitset(S_ISGID, stb.st_mode) || setgid(stb.st_gid) < 0)
1301 {
1302 if (ctladdr->q_uid == 0)
1303 {
1304 (void) setgid(DefGid);
1305 (void) initgroups(DefUser, DefGid);
1306 }
1307 else
1308 {
1309 (void) setgid(ctladdr->q_gid);
1310 (void) initgroups(ctladdr->q_ruser?
1311 ctladdr->q_ruser: ctladdr->q_user,
1312 ctladdr->q_gid);
1313 }
1314 }
1315 if (!bitset(S_ISUID, stb.st_mode) || setuid(stb.st_uid) < 0)
1316 {
1317 if (ctladdr->q_uid == 0)
1318 (void) setuid(DefUid);
1319 else
1320 (void) setuid(ctladdr->q_uid);
1321 }
1322 FileName = filename;
1323 LineNumber = 0;
1324 f = dfopen(filename, "a");
1325 if (f == NULL)
1326 {
1327 message("cannot open");
1328 exit(EX_CANTCREAT);
1329 }
1330
1331 putfromline(f, ProgMailer);
1332 (*CurEnv->e_puthdr)(f, ProgMailer, CurEnv);
1333 putline("\n", f, ProgMailer);
1334 (*CurEnv->e_putbody)(f, ProgMailer, CurEnv);
1335 putline("\n", f, ProgMailer);
1336 if (ferror(f))
1337 {
1338 message("I/O error");
1339 setstat(EX_IOERR);
1340 }
1341 (void) fclose(f);
1342 (void) fflush(stdout);
1343
1344 /* reset ISUID & ISGID bits for paranoid systems */
1345 (void) chmod(filename, (int) stb.st_mode);
1346 exit(ExitStat);
1347 /*NOTREACHED*/
1348 }
1349 else
1350 {
1351 /* parent -- wait for exit status */
1352 int st;
1353
1354 st = waitfor(pid);
1355 if ((st & 0377) != 0)
1356 return (EX_UNAVAILABLE);
1357 else
1358 return ((st >> 8) & 0377);
1359 /*NOTREACHED*/
1360 }
1361 }
1362 �/*
1363 ** SENDALL -- actually send all the messages.
1364 **
1365 ** Parameters:
1366 ** e -- the envelope to send.
1367 ** mode -- the delivery mode to use. If SM_DEFAULT, use
1368 ** the current SendMode.
1369 **
1370 ** Returns:
1371 ** none.
1372 **
1373 ** Side Effects:
1374 ** Scans the send lists and sends everything it finds.
1375 ** Delivers any appropriate error messages.
1376 ** If we are running in a non-interactive mode, takes the
1377 ** appropriate action.
1378 */
1379
1380 sendall(e, mode)
1381 ENVELOPE *e;
1382 char mode;
1383 {
1384 register ADDRESS *q;
1385 bool oldverbose;
1386 int pid;
1387 int nsent;
1388 # ifdef LOCKF
1389 struct flock lfd;
1390 # endif
1391
1392 /* determine actual delivery mode */
1393 if (mode == SM_DEFAULT)
1394 {
1395 extern bool shouldqueue();
1396
1397 if (shouldqueue(e->e_msgpriority))
1398 mode = SM_QUEUE;
1399 else
1400 mode = SendMode;
1401 }
1402
1403 if (tTd(13, 1))
1404 {
1405 printf("\nSENDALL: mode %c, sendqueue:\n", mode);
1406 printaddr(e->e_sendqueue, TRUE);
1407 }
1408
1409 /*
1410 ** Do any preprocessing necessary for the mode we are running.
1411 ** Check to make sure the hop count is reasonable.
1412 ** Delete sends to the sender in mailing lists.
1413 */
1414
1415 CurEnv = e;
1416
1417 if (e->e_hopcount > MaxHopCount)
1418 {
1419 errno = 0;
1420 syserr("sendall: too many hops %d (%d max): from %s, to %s",
1421 e->e_hopcount, MaxHopCount, e->e_from, e->e_to);
1422 return;
1423 }
1424
1425 if (!MeToo)
1426 {
1427 extern ADDRESS *recipient();
1428
1429 e->e_from.q_flags |= QDONTSEND;
1430 (void) recipient(&e->e_from, &e->e_sendqueue);
1431 }
1432
1433 # ifdef QUEUE
1434 if ((mode == SM_QUEUE || mode == SM_FORK ||
1435 (mode != SM_VERIFY && SuperSafe)) &&
1436 !bitset(EF_INQUEUE, e->e_flags))
1437 queueup(e, TRUE, mode == SM_QUEUE);
1438 #endif QUEUE
1439
1440 oldverbose = Verbose;
1441 switch (mode)
1442 {
1443 case SM_VERIFY:
1444 Verbose = TRUE;
1445 break;
1446
1447 case SM_QUEUE:
1448 queueonly:
1449 e->e_flags |= EF_INQUEUE|EF_KEEPQUEUE;
1450 return;
1451
1452 case SM_FORK:
1453 if (e->e_xfp != NULL)
1454 (void) fflush(e->e_xfp);
1455
1456 # ifdef LOCKF
1457 /*
1458 ** Since lockf has the interesting semantic that the
1459 ** lock is lost when we fork, we have to risk losing
1460 ** the lock here by closing before the fork, and then
1461 ** trying to get it back in the child.
1462 */
1463
1464 if (e->e_lockfp != NULL)
1465 {
1466 (void) fclose(e->e_lockfp);
1467 e->e_lockfp = NULL;
1468 }
1469 # endif /* LOCKF */
1470
1471 pid = fork();
1472 if (pid < 0)
1473 {
1474 goto queueonly;
1475 }
1476 else if (pid > 0)
1477 {
1478 /* be sure we leave the temp files to our child */
1479 e->e_id = e->e_df = NULL;
1480 # ifndef LOCKF
1481 if (e->e_lockfp != NULL)
1482 (void) fclose(e->e_lockfp);
1483 # endif
1484 return;
1485 }
1486
1487 /* double fork to avoid zombies */
1488 if (fork() > 0)
1489 exit(EX_OK);
1490
1491 /* be sure we are immune from the terminal */
1492 disconnect(FALSE);
1493
1494 # ifdef LOCKF
1495 /*
1496 ** Now try to get our lock back.
1497 */
1498
1499 lfd.l_type = F_WRLCK;
1500 lfd.l_whence = lfd.l_start = lfd.l_len = 0;
1501 e->e_lockfp = fopen(queuename(e, 'q'), "r+");
1502 if (e->e_lockfp == NULL ||
1503 fcntl(fileno(e->e_lockfp), F_SETLK, &lfd) < 0)
1504 {
1505 /* oops.... lost it */
1506 # ifdef LOG
1507 if (LogLevel > 5)
1508 syslog(LOG_NOTICE, "%s: lost lock: %m",
1509 CurEnv->e_id);
1510 # endif /* LOG */
1511 exit(EX_OK);
1512 }
1513 # endif /* LOCKF */
1514
1515 break;
1516 }
1517
1518 /*
1519 ** Run through the list and send everything.
1520 */
1521
1522 nsent = 0;
1523 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1524 {
1525 if (mode == SM_VERIFY)
1526 {
1527 e->e_to = q->q_paddr;
1528 if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
1529 message(Arpa_Info, "deliverable");
1530 }
1531 else if (!bitset(QDONTSEND, q->q_flags))
1532 {
1533 # ifdef QUEUE
1534 /*
1535 ** Checkpoint the send list every few addresses
1536 */
1537
1538 if (nsent >= CheckpointInterval)
1539 {
1540 queueup(e, TRUE, FALSE);
1541 nsent = 0;
1542 }
1543 # endif /* QUEUE */
1544 if (deliver(e, q) == EX_OK)
1545 nsent++;
1546 }
1547 }
1548 Verbose = oldverbose;
1549
1550 /*
1551 ** Now run through and check for errors.
1552 */
1553
1554 if (mode == SM_VERIFY)
1555 return;
1556
1557 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1558 {
1559 register ADDRESS *qq;
1560
1561 if (tTd(13, 3))
1562 {
1563 printf("Checking ");
1564 printaddr(q, FALSE);
1565 }
1566
1567 /* only send errors if the message failed */
1568 if (!bitset(QBADADDR, q->q_flags))
1569 continue;
1570
1571 /* we have an address that failed -- find the parent */
1572 for (qq = q; qq != NULL; qq = qq->q_alias)
1573 {
1574 char obuf[MAXNAME + 6];
1575 extern char *aliaslookup();
1576
1577 /* we can only have owners for local addresses */
1578 if (!bitnset(M_LOCAL, qq->q_mailer->m_flags))
1579 continue;
1580
1581 /* see if the owner list exists */
1582 (void) strcpy(obuf, "owner-");
1583 if (strncmp(qq->q_user, "owner-", 6) == 0)
1584 (void) strcat(obuf, "owner");
1585 else
1586 (void) strcat(obuf, qq->q_user);
1587 makelower(obuf);
1588 if (aliaslookup(obuf) == NULL)
1589 continue;
1590
1591 if (tTd(13, 4))
1592 printf("Errors to %s\n", obuf);
1593
1594 /* owner list exists -- add it to the error queue */
1595 sendtolist(obuf, (ADDRESS *) NULL, &e->e_errorqueue);
1596 ErrorMode = EM_MAIL;
1597 break;
1598 }
1599
1600 /* if we did not find an owner, send to the sender */
1601 if (qq == NULL && bitset(QBADADDR, q->q_flags))
1602 sendtolist(e->e_from.q_paddr, qq, &e->e_errorqueue);
1603 }
1604
1605 if (mode == SM_FORK)
1606 finis();
1607 }
1608