1 /*
2 * Copyright (c) 1983 Eric P. Allman
3 * Copyright (c) 1988, 1993
4 * The Regents of the University of California. All rights reserved.
5 *
6 * %sccs.include.redist.c%
7 */
8
9 #ifndef lint
10 static char sccsid[] = "@(#)deliver.c 8.12 (Berkeley) 08/19/93";
11 #endif /* not lint */
12
13 #include "sendmail.h"
14 #include <netdb.h>
15 #include <errno.h>
16 #ifdef NAMED_BIND
17 #include <arpa/nameser.h>
18 #include <resolv.h>
19
20 extern int h_errno;
21 #endif
22
23 /*
24 ** SENDALL -- actually send all the messages.
25 **
26 ** Parameters:
27 ** e -- the envelope to send.
28 ** mode -- the delivery mode to use. If SM_DEFAULT, use
29 ** the current e->e_sendmode.
30 **
31 ** Returns:
32 ** none.
33 **
34 ** Side Effects:
35 ** Scans the send lists and sends everything it finds.
36 ** Delivers any appropriate error messages.
37 ** If we are running in a non-interactive mode, takes the
38 ** appropriate action.
39 */
40
41 sendall(e, mode)
42 ENVELOPE *e;
43 char mode;
44 {
45 register ADDRESS *q;
46 char *owner;
47 int otherowners;
48 register ENVELOPE *ee;
49 ENVELOPE *splitenv = NULL;
50 bool announcequeueup;
51
52 /*
53 ** If we have had global, fatal errors, don't bother sending
54 ** the message at all if we are in SMTP mode. Local errors
55 ** (e.g., a single address failing) will still cause the other
56 ** addresses to be sent.
57 */
58
59 if (bitset(EF_FATALERRS, e->e_flags) && OpMode == MD_SMTP)
60 {
61 e->e_flags |= EF_CLRQUEUE;
62 return;
63 }
64
65 /* determine actual delivery mode */
66 if (mode == SM_DEFAULT)
67 {
68 mode = e->e_sendmode;
69 if (mode != SM_VERIFY &&
70 shouldqueue(e->e_msgpriority, e->e_ctime))
71 mode = SM_QUEUE;
72 announcequeueup = mode == SM_QUEUE;
73 }
74 else
75 announcequeueup = FALSE;
76
77 if (tTd(13, 1))
78 {
79 printf("\nSENDALL: mode %c, e_from ", mode);
80 printaddr(&e->e_from, FALSE);
81 printf("sendqueue:\n");
82 printaddr(e->e_sendqueue, TRUE);
83 }
84
85 /*
86 ** Do any preprocessing necessary for the mode we are running.
87 ** Check to make sure the hop count is reasonable.
88 ** Delete sends to the sender in mailing lists.
89 */
90
91 CurEnv = e;
92
93 if (e->e_hopcount > MaxHopCount)
94 {
95 errno = 0;
96 syserr("554 too many hops %d (%d max): from %s, to %s",
97 e->e_hopcount, MaxHopCount, e->e_from.q_paddr,
98 e->e_sendqueue->q_paddr);
99 return;
100 }
101
102 /*
103 ** Do sender deletion.
104 **
105 ** If the sender has the QQUEUEUP flag set, skip this.
106 ** This can happen if the name server is hosed when you
107 ** are trying to send mail. The result is that the sender
108 ** is instantiated in the queue as a recipient.
109 */
110
111 if (!bitset(EF_METOO, e->e_flags) &&
112 !bitset(QQUEUEUP, e->e_from.q_flags))
113 {
114 if (tTd(13, 5))
115 {
116 printf("sendall: QDONTSEND ");
117 printaddr(&e->e_from, FALSE);
118 }
119 e->e_from.q_flags |= QDONTSEND;
120 (void) recipient(&e->e_from, &e->e_sendqueue, e);
121 }
122
123 /*
124 ** Handle alias owners.
125 **
126 ** We scan up the q_alias chain looking for owners.
127 ** We discard owners that are the same as the return path.
128 */
129
130 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
131 {
132 register struct address *a;
133
134 for (a = q; a != NULL && a->q_owner == NULL; a = a->q_alias)
135 continue;
136 if (a != NULL)
137 q->q_owner = a->q_owner;
138
139 if (q->q_owner != NULL &&
140 !bitset(QDONTSEND, q->q_flags) &&
141 strcmp(q->q_owner, e->e_from.q_paddr) == 0)
142 q->q_owner = NULL;
143 }
144
145 owner = "";
146 otherowners = 1;
147 while (owner != NULL && otherowners > 0)
148 {
149 owner = NULL;
150 otherowners = 0;
151
152 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
153 {
154 if (bitset(QDONTSEND, q->q_flags))
155 continue;
156
157 if (q->q_owner != NULL)
158 {
159 if (owner == NULL)
160 owner = q->q_owner;
161 else if (owner != q->q_owner)
162 {
163 if (strcmp(owner, q->q_owner) == 0)
164 {
165 /* make future comparisons cheap */
166 q->q_owner = owner;
167 }
168 else
169 {
170 otherowners++;
171 }
172 owner = q->q_owner;
173 }
174 }
175 else
176 {
177 otherowners++;
178 }
179 }
180
181 if (owner != NULL && otherowners > 0)
182 {
183 extern HDR *copyheader();
184 extern ADDRESS *copyqueue();
185
186 /*
187 ** Split this envelope into two.
188 */
189
190 ee = (ENVELOPE *) xalloc(sizeof(ENVELOPE));
191 *ee = *e;
192 ee->e_id = NULL;
193 (void) queuename(ee, '\0');
194
195 if (tTd(13, 1))
196 printf("sendall: split %s into %s\n",
197 e->e_id, ee->e_id);
198
199 ee->e_header = copyheader(e->e_header);
200 ee->e_sendqueue = copyqueue(e->e_sendqueue);
201 ee->e_errorqueue = copyqueue(e->e_errorqueue);
202 ee->e_flags = e->e_flags & ~(EF_INQUEUE|EF_CLRQUEUE|EF_FATALERRS);
203 setsender(owner, ee, NULL, TRUE);
204 if (tTd(13, 5))
205 {
206 printf("sendall(split): QDONTSEND ");
207 printaddr(&ee->e_from, FALSE);
208 }
209 ee->e_from.q_flags |= QDONTSEND;
210 ee->e_dfp = NULL;
211 ee->e_xfp = NULL;
212 ee->e_lockfp = NULL;
213 ee->e_df = NULL;
214 ee->e_errormode = EM_MAIL;
215 ee->e_sibling = splitenv;
216 splitenv = ee;
217
218 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
219 if (q->q_owner == owner)
220 q->q_flags |= QDONTSEND;
221 for (q = ee->e_sendqueue; q != NULL; q = q->q_next)
222 if (q->q_owner != owner)
223 q->q_flags |= QDONTSEND;
224
225 if (e->e_df != NULL && mode != SM_VERIFY)
226 {
227 ee->e_dfp = NULL;
228 ee->e_df = queuename(ee, 'd');
229 ee->e_df = newstr(ee->e_df);
230 if (link(e->e_df, ee->e_df) < 0)
231 {
232 syserr("sendall: link(%s, %s)",
233 e->e_df, ee->e_df);
234 }
235 }
236
237 if (mode != SM_VERIFY)
238 openxscript(ee);
239 #ifdef LOG
240 if (LogLevel > 4)
241 syslog(LOG_INFO, "%s: clone %s",
242 ee->e_id, e->e_id);
243 #endif
244 }
245 }
246
247 if (owner != NULL)
248 {
249 setsender(owner, e, NULL, TRUE);
250 if (tTd(13, 5))
251 {
252 printf("sendall(owner): QDONTSEND ");
253 printaddr(&e->e_from, FALSE);
254 }
255 e->e_from.q_flags |= QDONTSEND;
256 e->e_errormode = EM_MAIL;
257 }
258
259 # ifdef QUEUE
260 if ((mode == SM_QUEUE || mode == SM_FORK ||
261 (mode != SM_VERIFY && SuperSafe)) &&
262 !bitset(EF_INQUEUE, e->e_flags))
263 {
264 /* be sure everything is instantiated in the queue */
265 queueup(e, TRUE, announcequeueup);
266 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
267 queueup(ee, TRUE, announcequeueup);
268 }
269 #endif /* QUEUE */
270
271 if (splitenv != NULL)
272 {
273 if (tTd(13, 1))
274 {
275 printf("\nsendall: Split queue; remaining queue:\n");
276 printaddr(e->e_sendqueue, TRUE);
277 }
278
279 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
280 {
281 CurEnv = ee;
282 sendenvelope(ee, mode);
283 }
284
285 CurEnv = e;
286 }
287 sendenvelope(e, mode);
288
289 for (; splitenv != NULL; splitenv = splitenv->e_sibling)
290 dropenvelope(splitenv);
291 }
292
293 sendenvelope(e, mode)
294 register ENVELOPE *e;
295 char mode;
296 {
297 bool oldverbose;
298 int pid;
299 register ADDRESS *q;
300 char *qf;
301 char *id;
302
303 /*
304 ** If we have had global, fatal errors, don't bother sending
305 ** the message at all if we are in SMTP mode. Local errors
306 ** (e.g., a single address failing) will still cause the other
307 ** addresses to be sent.
308 */
309
310 if (bitset(EF_FATALERRS, e->e_flags) && OpMode == MD_SMTP)
311 {
312 e->e_flags |= EF_CLRQUEUE;
313 return;
314 }
315
316 oldverbose = Verbose;
317 switch (mode)
318 {
319 case SM_VERIFY:
320 Verbose = TRUE;
321 break;
322
323 case SM_QUEUE:
324 queueonly:
325 e->e_flags |= EF_INQUEUE|EF_KEEPQUEUE;
326 return;
327
328 case SM_FORK:
329 if (e->e_xfp != NULL)
330 (void) fflush(e->e_xfp);
331
332 # ifndef HASFLOCK
333 /*
334 ** Since fcntl locking has the interesting semantic that
335 ** the lock is owned by a process, not by an open file
336 ** descriptor, we have to flush this to the queue, and
337 ** then restart from scratch in the child.
338 */
339
340 /* save id for future use */
341 id = e->e_id;
342
343 /* now drop the envelope in the parent */
344 e->e_flags |= EF_INQUEUE|EF_KEEPQUEUE;
345 dropenvelope(e);
346
347 /* and reacquire in the child */
348 (void) dowork(id, TRUE, FALSE, e);
349
350 return;
351
352 # else /* HASFLOCK */
353
354 pid = fork();
355 if (pid < 0)
356 {
357 goto queueonly;
358 }
359 else if (pid > 0)
360 {
361 if (e->e_lockfp != NULL)
362 {
363 (void) xfclose(e->e_lockfp, "sendenvelope", "lockfp");
364 e->e_lockfp = NULL;
365 }
366
367 /* close any random open files in the envelope */
368 if (e->e_dfp != NULL)
369 {
370 (void) xfclose(e->e_dfp, "sendenvelope", "dfp");
371 e->e_dfp = NULL;
372 }
373 if (e->e_xfp != NULL)
374 {
375 (void) xfclose(e->e_xfp, "sendenvelope", "xfp");
376 e->e_xfp = NULL;
377 }
378 return;
379 }
380
381 /* double fork to avoid zombies */
382 if (fork() > 0)
383 exit(EX_OK);
384
385 /* be sure we are immune from the terminal */
386 disconnect(1, e);
387
388 /*
389 ** Close any cached connections.
390 **
391 ** We don't send the QUIT protocol because the parent
392 ** still knows about the connection.
393 **
394 ** This should only happen when delivering an error
395 ** message.
396 */
397
398 mci_flush(FALSE, NULL);
399
400 # endif /* HASFLOCK */
401
402 break;
403 }
404
405 /*
406 ** Run through the list and send everything.
407 **
408 ** Set EF_GLOBALERRS so that error messages during delivery
409 ** result in returned mail.
410 */
411
412 e->e_nsent = 0;
413 e->e_flags |= EF_GLOBALERRS;
414 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
415 {
416 if (mode == SM_VERIFY)
417 {
418 e->e_to = q->q_paddr;
419 if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
420 {
421 message("deliverable: mailer %s, host %s, user %s",
422 q->q_mailer->m_name,
423 q->q_host,
424 q->q_user);
425 }
426 }
427 else if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
428 {
429 # ifdef QUEUE
430 /*
431 ** Checkpoint the send list every few addresses
432 */
433
434 if (e->e_nsent >= CheckpointInterval)
435 {
436 queueup(e, TRUE, FALSE);
437 e->e_nsent = 0;
438 }
439 # endif /* QUEUE */
440 (void) deliver(e, q);
441 }
442 }
443 Verbose = oldverbose;
444
445 if (mode == SM_FORK)
446 finis();
447 }
448 �/*
449 ** DOFORK -- do a fork, retrying a couple of times on failure.
450 **
451 ** This MUST be a macro, since after a vfork we are running
452 ** two processes on the same stack!!!
453 **
454 ** Parameters:
455 ** none.
456 **
457 ** Returns:
458 ** From a macro??? You've got to be kidding!
459 **
460 ** Side Effects:
461 ** Modifies the ==> LOCAL <== variable 'pid', leaving:
462 ** pid of child in parent, zero in child.
463 ** -1 on unrecoverable error.
464 **
465 ** Notes:
466 ** I'm awfully sorry this looks so awful. That's
467 ** vfork for you.....
468 */
469
470 # define NFORKTRIES 5
471
472 # ifndef FORK
473 # define FORK fork
474 # endif
475
476 # define DOFORK(fORKfN) \
477 {\
478 register int i;\
479 \
480 for (i = NFORKTRIES; --i >= 0; )\
481 {\
482 pid = fORKfN();\
483 if (pid >= 0)\
484 break;\
485 if (i > 0)\
486 sleep((unsigned) NFORKTRIES - i);\
487 }\
488 }
489 �/*
490 ** DOFORK -- simple fork interface to DOFORK.
491 **
492 ** Parameters:
493 ** none.
494 **
495 ** Returns:
496 ** pid of child in parent.
497 ** zero in child.
498 ** -1 on error.
499 **
500 ** Side Effects:
501 ** returns twice, once in parent and once in child.
502 */
503
504 dofork()
505 {
506 register int pid;
507
508 DOFORK(fork);
509 return (pid);
510 }
511 �/*
512 ** DELIVER -- Deliver a message to a list of addresses.
513 **
514 ** This routine delivers to everyone on the same host as the
515 ** user on the head of the list. It is clever about mailers
516 ** that don't handle multiple users. It is NOT guaranteed
517 ** that it will deliver to all these addresses however -- so
518 ** deliver should be called once for each address on the
519 ** list.
520 **
521 ** Parameters:
522 ** e -- the envelope to deliver.
523 ** firstto -- head of the address list to deliver to.
524 **
525 ** Returns:
526 ** zero -- successfully delivered.
527 ** else -- some failure, see ExitStat for more info.
528 **
529 ** Side Effects:
530 ** The standard input is passed off to someone.
531 */
532
533 deliver(e, firstto)
534 register ENVELOPE *e;
535 ADDRESS *firstto;
536 {
537 char *host; /* host being sent to */
538 char *user; /* user being sent to */
539 char **pvp;
540 register char **mvp;
541 register char *p;
542 register MAILER *m; /* mailer for this recipient */
543 ADDRESS *ctladdr;
544 register MCI *mci;
545 register ADDRESS *to = firstto;
546 bool clever = FALSE; /* running user smtp to this mailer */
547 ADDRESS *tochain = NULL; /* chain of users in this mailer call */
548 int rcode; /* response code */
549 char *firstsig; /* signature of firstto */
550 int pid;
551 char *curhost;
552 int mpvect[2];
553 int rpvect[2];
554 char *pv[MAXPV+1];
555 char tobuf[TOBUFSIZE]; /* text line of to people */
556 char buf[MAXNAME];
557 char rpathbuf[MAXNAME]; /* translated return path */
558 extern int checkcompat();
559 extern FILE *fdopen();
560
561 errno = 0;
562 if (bitset(QDONTSEND|QBADADDR|QQUEUEUP, to->q_flags))
563 return (0);
564
565 #ifdef NAMED_BIND
566 /* unless interactive, try twice, over a minute */
567 if (OpMode == MD_DAEMON || OpMode == MD_SMTP) {
568 _res.retrans = 30;
569 _res.retry = 2;
570 }
571 #endif
572
573 m = to->q_mailer;
574 host = to->q_host;
575 CurEnv = e; /* just in case */
576 e->e_statmsg = NULL;
577
578 if (tTd(10, 1))
579 printf("\n--deliver, mailer=%d, host=`%s', first user=`%s'\n",
580 m->m_mno, host, to->q_user);
581
582 /*
583 ** If this mailer is expensive, and if we don't want to make
584 ** connections now, just mark these addresses and return.
585 ** This is useful if we want to batch connections to
586 ** reduce load. This will cause the messages to be
587 ** queued up, and a daemon will come along to send the
588 ** messages later.
589 ** This should be on a per-mailer basis.
590 */
591
592 if (NoConnect && !bitset(EF_QUEUERUN, e->e_flags) &&
593 bitnset(M_EXPENSIVE, m->m_flags) && !Verbose)
594 {
595 for (; to != NULL; to = to->q_next)
596 {
597 if (bitset(QDONTSEND|QBADADDR|QQUEUEUP, to->q_flags) ||
598 to->q_mailer != m)
599 continue;
600 to->q_flags |= QQUEUEUP;
601 e->e_to = to->q_paddr;
602 message("queued");
603 if (LogLevel > 8)
604 logdelivery(m, NULL, "queued", e);
605 }
606 e->e_to = NULL;
607 return (0);
608 }
609
610 /*
611 ** Do initial argv setup.
612 ** Insert the mailer name. Notice that $x expansion is
613 ** NOT done on the mailer name. Then, if the mailer has
614 ** a picky -f flag, we insert it as appropriate. This
615 ** code does not check for 'pv' overflow; this places a
616 ** manifest lower limit of 4 for MAXPV.
617 ** The from address rewrite is expected to make
618 ** the address relative to the other end.
619 */
620
621 /* rewrite from address, using rewriting rules */
622 rcode = EX_OK;
623 (void) strcpy(rpathbuf, remotename(e->e_from.q_paddr, m,
624 RF_SENDERADDR|RF_CANONICAL,
625 &rcode, e));
626 define('g', rpathbuf, e); /* translated return path */
627 define('h', host, e); /* to host */
628 Errors = 0;
629 pvp = pv;
630 *pvp++ = m->m_argv[0];
631
632 /* insert -f or -r flag as appropriate */
633 if (FromFlag && (bitnset(M_FOPT, m->m_flags) || bitnset(M_ROPT, m->m_flags)))
634 {
635 if (bitnset(M_FOPT, m->m_flags))
636 *pvp++ = "-f";
637 else
638 *pvp++ = "-r";
639 *pvp++ = newstr(rpathbuf);
640 }
641
642 /*
643 ** Append the other fixed parts of the argv. These run
644 ** up to the first entry containing "$u". There can only
645 ** be one of these, and there are only a few more slots
646 ** in the pv after it.
647 */
648
649 for (mvp = m->m_argv; (p = *++mvp) != NULL; )
650 {
651 /* can't use strchr here because of sign extension problems */
652 while (*p != '\0')
653 {
654 if ((*p++ & 0377) == MACROEXPAND)
655 {
656 if (*p == 'u')
657 break;
658 }
659 }
660
661 if (*p != '\0')
662 break;
663
664 /* this entry is safe -- go ahead and process it */
665 expand(*mvp, buf, &buf[sizeof buf - 1], e);
666 *pvp++ = newstr(buf);
667 if (pvp >= &pv[MAXPV - 3])
668 {
669 syserr("554 Too many parameters to %s before $u", pv[0]);
670 return (-1);
671 }
672 }
673
674 /*
675 ** If we have no substitution for the user name in the argument
676 ** list, we know that we must supply the names otherwise -- and
677 ** SMTP is the answer!!
678 */
679
680 if (*mvp == NULL)
681 {
682 /* running SMTP */
683 # ifdef SMTP
684 clever = TRUE;
685 *pvp = NULL;
686 # else /* SMTP */
687 /* oops! we don't implement SMTP */
688 syserr("554 SMTP style mailer");
689 return (EX_SOFTWARE);
690 # endif /* SMTP */
691 }
692
693 /*
694 ** At this point *mvp points to the argument with $u. We
695 ** run through our address list and append all the addresses
696 ** we can. If we run out of space, do not fret! We can
697 ** always send another copy later.
698 */
699
700 tobuf[0] = '\0';
701 e->e_to = tobuf;
702 ctladdr = NULL;
703 firstsig = hostsignature(firstto->q_mailer, firstto->q_host, e);
704 for (; to != NULL; to = to->q_next)
705 {
706 /* avoid sending multiple recipients to dumb mailers */
707 if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags))
708 break;
709
710 /* if already sent or not for this host, don't send */
711 if (bitset(QDONTSEND|QBADADDR|QQUEUEUP, to->q_flags) ||
712 to->q_mailer != firstto->q_mailer ||
713 strcmp(hostsignature(to->q_mailer, to->q_host, e), firstsig) != 0)
714 continue;
715
716 /* avoid overflowing tobuf */
717 if (sizeof tobuf < (strlen(to->q_paddr) + strlen(tobuf) + 2))
718 break;
719
720 if (tTd(10, 1))
721 {
722 printf("\nsend to ");
723 printaddr(to, FALSE);
724 }
725
726 /* compute effective uid/gid when sending */
727 if (to->q_mailer == ProgMailer)
728 ctladdr = getctladdr(to);
729
730 user = to->q_user;
731 e->e_to = to->q_paddr;
732 if (tTd(10, 5))
733 {
734 printf("deliver: QDONTSEND ");
735 printaddr(to, FALSE);
736 }
737 to->q_flags |= QDONTSEND;
738
739 /*
740 ** Check to see that these people are allowed to
741 ** talk to each other.
742 */
743
744 if (m->m_maxsize != 0 && e->e_msgsize > m->m_maxsize)
745 {
746 NoReturn = TRUE;
747 usrerr("552 Message is too large; %ld bytes max", m->m_maxsize);
748 giveresponse(EX_UNAVAILABLE, m, NULL, e);
749 continue;
750 }
751 rcode = checkcompat(to, e);
752 if (rcode != EX_OK)
753 {
754 markfailure(e, to, rcode);
755 giveresponse(rcode, m, NULL, e);
756 continue;
757 }
758
759 /*
760 ** Strip quote bits from names if the mailer is dumb
761 ** about them.
762 */
763
764 if (bitnset(M_STRIPQ, m->m_flags))
765 {
766 stripquotes(user);
767 stripquotes(host);
768 }
769
770 /* hack attack -- delivermail compatibility */
771 if (m == ProgMailer && *user == '|')
772 user++;
773
774 /*
775 ** If an error message has already been given, don't
776 ** bother to send to this address.
777 **
778 ** >>>>>>>>>> This clause assumes that the local mailer
779 ** >> NOTE >> cannot do any further aliasing; that
780 ** >>>>>>>>>> function is subsumed by sendmail.
781 */
782
783 if (bitset(QBADADDR|QQUEUEUP, to->q_flags))
784 continue;
785
786 /* save statistics.... */
787 markstats(e, to);
788
789 /*
790 ** See if this user name is "special".
791 ** If the user name has a slash in it, assume that this
792 ** is a file -- send it off without further ado. Note
793 ** that this type of addresses is not processed along
794 ** with the others, so we fudge on the To person.
795 */
796
797 if (m == FileMailer)
798 {
799 rcode = mailfile(user, getctladdr(to), e);
800 giveresponse(rcode, m, NULL, e);
801 if (rcode == EX_OK)
802 to->q_flags |= QSENT;
803 continue;
804 }
805
806 /*
807 ** Address is verified -- add this user to mailer
808 ** argv, and add it to the print list of recipients.
809 */
810
811 /* link together the chain of recipients */
812 to->q_tchain = tochain;
813 tochain = to;
814
815 /* create list of users for error messages */
816 (void) strcat(tobuf, ",");
817 (void) strcat(tobuf, to->q_paddr);
818 define('u', user, e); /* to user */
819 define('z', to->q_home, e); /* user's home */
820
821 /*
822 ** Expand out this user into argument list.
823 */
824
825 if (!clever)
826 {
827 expand(*mvp, buf, &buf[sizeof buf - 1], e);
828 *pvp++ = newstr(buf);
829 if (pvp >= &pv[MAXPV - 2])
830 {
831 /* allow some space for trailing parms */
832 break;
833 }
834 }
835 }
836
837 /* see if any addresses still exist */
838 if (tobuf[0] == '\0')
839 {
840 define('g', (char *) NULL, e);
841 return (0);
842 }
843
844 /* print out messages as full list */
845 e->e_to = tobuf + 1;
846
847 /*
848 ** Fill out any parameters after the $u parameter.
849 */
850
851 while (!clever && *++mvp != NULL)
852 {
853 expand(*mvp, buf, &buf[sizeof buf - 1], e);
854 *pvp++ = newstr(buf);
855 if (pvp >= &pv[MAXPV])
856 syserr("554 deliver: pv overflow after $u for %s", pv[0]);
857 }
858 *pvp++ = NULL;
859
860 /*
861 ** Call the mailer.
862 ** The argument vector gets built, pipes
863 ** are created as necessary, and we fork & exec as
864 ** appropriate.
865 ** If we are running SMTP, we just need to clean up.
866 */
867
868 if (ctladdr == NULL && m != ProgMailer)
869 ctladdr = &e->e_from;
870 #ifdef NAMED_BIND
871 if (ConfigLevel < 2)
872 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
873 #endif
874
875 if (tTd(11, 1))
876 {
877 printf("openmailer:");
878 printav(pv);
879 }
880 errno = 0;
881
882 CurHostName = m->m_mailer;
883
884 /*
885 ** Deal with the special case of mail handled through an IPC
886 ** connection.
887 ** In this case we don't actually fork. We must be
888 ** running SMTP for this to work. We will return a
889 ** zero pid to indicate that we are running IPC.
890 ** We also handle a debug version that just talks to stdin/out.
891 */
892
893 curhost = NULL;
894
895 /* check for Local Person Communication -- not for mortals!!! */
896 if (strcmp(m->m_mailer, "[LPC]") == 0)
897 {
898 mci = (MCI *) xalloc(sizeof *mci);
899 bzero((char *) mci, sizeof *mci);
900 mci->mci_in = stdin;
901 mci->mci_out = stdout;
902 mci->mci_state = clever ? MCIS_OPENING : MCIS_OPEN;
903 mci->mci_mailer = m;
904 }
905 else if (strcmp(m->m_mailer, "[IPC]") == 0 ||
906 strcmp(m->m_mailer, "[TCP]") == 0)
907 {
908 #ifdef DAEMON
909 register int i;
910 register u_short port;
911
912 CurHostName = pv[1];
913 curhost = hostsignature(m, pv[1], e);
914
915 if (curhost == NULL || curhost[0] == '\0')
916 {
917 syserr("null signature");
918 rcode = EX_OSERR;
919 goto give_up;
920 }
921
922 if (!clever)
923 {
924 syserr("554 non-clever IPC");
925 rcode = EX_OSERR;
926 goto give_up;
927 }
928 if (pv[2] != NULL)
929 port = atoi(pv[2]);
930 else
931 port = 0;
932 tryhost:
933 mci = NULL;
934 while (*curhost != '\0')
935 {
936 register char *p;
937 static char hostbuf[MAXNAME];
938
939 mci = NULL;
940
941 /* pull the next host from the signature */
942 p = strchr(curhost, ':');
943 if (p == NULL)
944 p = &curhost[strlen(curhost)];
945 strncpy(hostbuf, curhost, p - curhost);
946 hostbuf[p - curhost] = '\0';
947 if (*p != '\0')
948 p++;
949 curhost = p;
950
951 /* see if we already know that this host is fried */
952 CurHostName = hostbuf;
953 mci = mci_get(hostbuf, m);
954 if (mci->mci_state != MCIS_CLOSED)
955 {
956 if (tTd(11, 1))
957 {
958 printf("openmailer: ");
959 mci_dump(mci);
960 }
961 CurHostName = mci->mci_host;
962 break;
963 }
964 mci->mci_mailer = m;
965 if (mci->mci_exitstat != EX_OK)
966 continue;
967
968 /* try the connection */
969 setproctitle("%s %s: %s", e->e_id, hostbuf, "user open");
970 message("Connecting to %s (%s)...",
971 hostbuf, m->m_name);
972 i = makeconnection(hostbuf, port, mci,
973 bitnset(M_SECURE_PORT, m->m_flags));
974 mci->mci_exitstat = i;
975 mci->mci_errno = errno;
976 #ifdef NAMED_BIND
977 mci->mci_herrno = h_errno;
978 #endif
979 if (i == EX_OK)
980 {
981 mci->mci_state = MCIS_OPENING;
982 mci_cache(mci);
983 if (TrafficLogFile != NULL)
984 fprintf(TrafficLogFile, "%05d == CONNECT %s\n",
985 getpid(), hostbuf);
986 break;
987 }
988 else if (tTd(11, 1))
989 printf("openmailer: makeconnection => stat=%d, errno=%d\n",
990 i, errno);
991
992
993 /* enter status of this host */
994 setstat(i);
995 }
996 mci->mci_pid = 0;
997 #else /* no DAEMON */
998 syserr("554 openmailer: no IPC");
999 if (tTd(11, 1))
1000 printf("openmailer: NULL\n");
1001 return NULL;
1002 #endif /* DAEMON */
1003 }
1004 else
1005 {
1006 #ifdef XDEBUG
1007 char wbuf[MAXLINE];
1008
1009 /* make absolutely certain 0, 1, and 2 are in use */
1010 sprintf(wbuf, "%s... openmailer(%s)", e->e_to, m->m_name);
1011 checkfd012(wbuf);
1012 #endif
1013
1014 if (TrafficLogFile != NULL)
1015 {
1016 char **av;
1017
1018 fprintf(TrafficLogFile, "%05d === EXEC", getpid());
1019 for (av = pv; *av != NULL; av++)
1020 fprintf(TrafficLogFile, " %s", *av);
1021 fprintf(TrafficLogFile, "\n");
1022 }
1023
1024 /* create a pipe to shove the mail through */
1025 if (pipe(mpvect) < 0)
1026 {
1027 syserr("%s... openmailer(%s): pipe (to mailer)",
1028 e->e_to, m->m_name);
1029 if (tTd(11, 1))
1030 printf("openmailer: NULL\n");
1031 rcode = EX_OSERR;
1032 goto give_up;
1033 }
1034
1035 /* if this mailer speaks smtp, create a return pipe */
1036 if (clever && pipe(rpvect) < 0)
1037 {
1038 syserr("%s... openmailer(%s): pipe (from mailer)",
1039 e->e_to, m->m_name);
1040 (void) close(mpvect[0]);
1041 (void) close(mpvect[1]);
1042 if (tTd(11, 1))
1043 printf("openmailer: NULL\n");
1044 rcode = EX_OSERR;
1045 goto give_up;
1046 }
1047
1048 /*
1049 ** Actually fork the mailer process.
1050 ** DOFORK is clever about retrying.
1051 **
1052 ** Dispose of SIGCHLD signal catchers that may be laying
1053 ** around so that endmail will get it.
1054 */
1055
1056 if (e->e_xfp != NULL)
1057 (void) fflush(e->e_xfp); /* for debugging */
1058 (void) fflush(stdout);
1059 # ifdef SIGCHLD
1060 (void) setsignal(SIGCHLD, SIG_DFL);
1061 # endif /* SIGCHLD */
1062 DOFORK(FORK);
1063 /* pid is set by DOFORK */
1064 if (pid < 0)
1065 {
1066 /* failure */
1067 syserr("%s... openmailer(%s): cannot fork",
1068 e->e_to, m->m_name);
1069 (void) close(mpvect[0]);
1070 (void) close(mpvect[1]);
1071 if (clever)
1072 {
1073 (void) close(rpvect[0]);
1074 (void) close(rpvect[1]);
1075 }
1076 if (tTd(11, 1))
1077 printf("openmailer: NULL\n");
1078 rcode = EX_OSERR;
1079 goto give_up;
1080 }
1081 else if (pid == 0)
1082 {
1083 int i;
1084 int saveerrno;
1085 char **ep;
1086 char *env[MAXUSERENVIRON];
1087 extern char **environ;
1088 extern int DtableSize;
1089
1090 /* child -- set up input & exec mailer */
1091 (void) setsignal(SIGINT, SIG_IGN);
1092 (void) setsignal(SIGHUP, SIG_IGN);
1093 (void) setsignal(SIGTERM, SIG_DFL);
1094
1095 /* close any other cached connections */
1096 mci_flush(FALSE, mci);
1097
1098 /* reset user and group */
1099 if (!bitnset(M_RESTR, m->m_flags))
1100 {
1101 if (ctladdr == NULL || ctladdr->q_uid == 0)
1102 {
1103 (void) setgid(DefGid);
1104 (void) initgroups(DefUser, DefGid);
1105 (void) setuid(DefUid);
1106 }
1107 else
1108 {
1109 (void) setgid(ctladdr->q_gid);
1110 (void) initgroups(ctladdr->q_ruser?
1111 ctladdr->q_ruser: ctladdr->q_user,
1112 ctladdr->q_gid);
1113 (void) setuid(ctladdr->q_uid);
1114 }
1115 }
1116
1117 if (tTd(11, 2))
1118 printf("openmailer: running as r/euid=%d/%d\n",
1119 getuid(), geteuid());
1120
1121 /* move into some "safe" directory */
1122 if (m->m_execdir != NULL)
1123 {
1124 char *p, *q;
1125 char buf[MAXLINE];
1126
1127 for (p = m->m_execdir; p != NULL; p = q)
1128 {
1129 q = strchr(p, ':');
1130 if (q != NULL)
1131 *q = '\0';
1132 expand(p, buf, &buf[sizeof buf] - 1, e);
1133 if (q != NULL)
1134 *q++ = ':';
1135 if (tTd(11, 20))
1136 printf("openmailer: trydir %s\n",
1137 buf);
1138 if (buf[0] != '\0' && chdir(buf) >= 0)
1139 break;
1140 }
1141 }
1142
1143 /* arrange to filter std & diag output of command */
1144 if (clever)
1145 {
1146 (void) close(rpvect[0]);
1147 if (dup2(rpvect[1], STDOUT_FILENO) < 0)
1148 {
1149 syserr("%s... openmailer(%s): cannot dup pipe %d for stdout",
1150 e->e_to, m->m_name, rpvect[1]);
1151 _exit(EX_OSERR);
1152 }
1153 (void) close(rpvect[1]);
1154 }
1155 else if (OpMode == MD_SMTP || HoldErrs)
1156 {
1157 /* put mailer output in transcript */
1158 if (dup2(fileno(e->e_xfp), STDOUT_FILENO) < 0)
1159 {
1160 syserr("%s... openmailer(%s): cannot dup xscript %d for stdout",
1161 e->e_to, m->m_name,
1162 fileno(e->e_xfp));
1163 _exit(EX_OSERR);
1164 }
1165 }
1166 if (dup2(STDOUT_FILENO, STDERR_FILENO) < 0)
1167 {
1168 syserr("%s... openmailer(%s): cannot dup stdout for stderr",
1169 e->e_to, m->m_name);
1170 _exit(EX_OSERR);
1171 }
1172
1173 /* arrange to get standard input */
1174 (void) close(mpvect[1]);
1175 if (dup2(mpvect[0], STDIN_FILENO) < 0)
1176 {
1177 syserr("%s... openmailer(%s): cannot dup pipe %d for stdin",
1178 e->e_to, m->m_name, mpvect[0]);
1179 _exit(EX_OSERR);
1180 }
1181 (void) close(mpvect[0]);
1182
1183 /* arrange for all the files to be closed */
1184 for (i = 3; i < DtableSize; i++)
1185 {
1186 register int j;
1187
1188 if ((j = fcntl(i, F_GETFD, 0)) != -1)
1189 (void) fcntl(i, F_SETFD, j | 1);
1190 }
1191
1192 /* set up the mailer environment */
1193 i = 0;
1194 env[i++] = "AGENT=sendmail";
1195 for (ep = environ; *ep != NULL; ep++)
1196 {
1197 if (strncmp(*ep, "TZ=", 3) == 0)
1198 env[i++] = *ep;
1199 }
1200 env[i++] = NULL;
1201
1202 /* try to execute the mailer */
1203 execve(m->m_mailer, pv, env);
1204 saveerrno = errno;
1205 syserr("Cannot exec %s", m->m_mailer);
1206 if (m == LocalMailer || transienterror(saveerrno))
1207 _exit(EX_OSERR);
1208 _exit(EX_UNAVAILABLE);
1209 }
1210
1211 /*
1212 ** Set up return value.
1213 */
1214
1215 mci = (MCI *) xalloc(sizeof *mci);
1216 bzero((char *) mci, sizeof *mci);
1217 mci->mci_mailer = m;
1218 mci->mci_state = clever ? MCIS_OPENING : MCIS_OPEN;
1219 mci->mci_pid = pid;
1220 (void) close(mpvect[0]);
1221 mci->mci_out = fdopen(mpvect[1], "w");
1222 if (clever)
1223 {
1224 (void) close(rpvect[1]);
1225 mci->mci_in = fdopen(rpvect[0], "r");
1226 }
1227 else
1228 {
1229 mci->mci_flags |= MCIF_TEMP;
1230 mci->mci_in = NULL;
1231 }
1232 }
1233
1234 /*
1235 ** If we are in SMTP opening state, send initial protocol.
1236 */
1237
1238 if (clever && mci->mci_state != MCIS_CLOSED)
1239 {
1240 smtpinit(m, mci, e);
1241 }
1242 if (tTd(11, 1))
1243 {
1244 printf("openmailer: ");
1245 mci_dump(mci);
1246 }
1247
1248 if (mci->mci_state != MCIS_OPEN)
1249 {
1250 /* couldn't open the mailer */
1251 rcode = mci->mci_exitstat;
1252 errno = mci->mci_errno;
1253 #ifdef NAMED_BIND
1254 h_errno = mci->mci_herrno;
1255 #endif
1256 if (rcode == EX_OK)
1257 {
1258 /* shouldn't happen */
1259 syserr("554 deliver: rcode=%d, mci_state=%d, sig=%s",
1260 rcode, mci->mci_state, firstsig);
1261 rcode = EX_SOFTWARE;
1262 }
1263 else if (rcode == EX_TEMPFAIL && *curhost != '\0')
1264 {
1265 /* try next MX site */
1266 goto tryhost;
1267 }
1268 }
1269 else if (!clever)
1270 {
1271 /*
1272 ** Format and send message.
1273 */
1274
1275 putfromline(mci->mci_out, m, e);
1276 (*e->e_puthdr)(mci->mci_out, m, e);
1277 putline("\n", mci->mci_out, m);
1278 (*e->e_putbody)(mci->mci_out, m, e, NULL);
1279
1280 /* get the exit status */
1281 rcode = endmailer(mci, e, pv);
1282 }
1283 else
1284 #ifdef SMTP
1285 {
1286 /*
1287 ** Send the MAIL FROM: protocol
1288 */
1289
1290 rcode = smtpmailfrom(m, mci, e);
1291 if (rcode == EX_OK)
1292 {
1293 register char *t = tobuf;
1294 register int i;
1295
1296 /* send the recipient list */
1297 tobuf[0] = '\0';
1298 for (to = tochain; to != NULL; to = to->q_tchain)
1299 {
1300 e->e_to = to->q_paddr;
1301 if ((i = smtprcpt(to, m, mci, e)) != EX_OK)
1302 {
1303 markfailure(e, to, i);
1304 giveresponse(i, m, mci, e);
1305 }
1306 else
1307 {
1308 *t++ = ',';
1309 for (p = to->q_paddr; *p; *t++ = *p++)
1310 continue;
1311 }
1312 }
1313
1314 /* now send the data */
1315 if (tobuf[0] == '\0')
1316 {
1317 rcode = EX_OK;
1318 e->e_to = NULL;
1319 if (bitset(MCIF_CACHED, mci->mci_flags))
1320 smtprset(m, mci, e);
1321 }
1322 else
1323 {
1324 e->e_to = tobuf + 1;
1325 rcode = smtpdata(m, mci, e);
1326 }
1327
1328 /* now close the connection */
1329 if (!bitset(MCIF_CACHED, mci->mci_flags))
1330 smtpquit(m, mci, e);
1331 }
1332 if (rcode != EX_OK && *curhost != '\0')
1333 {
1334 /* try next MX site */
1335 goto tryhost;
1336 }
1337 }
1338 #else /* not SMTP */
1339 {
1340 syserr("554 deliver: need SMTP compiled to use clever mailer");
1341 rcode = EX_CONFIG;
1342 goto give_up;
1343 }
1344 #endif /* SMTP */
1345 #ifdef NAMED_BIND
1346 if (ConfigLevel < 2)
1347 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */
1348 #endif
1349
1350 /* arrange a return receipt if requested */
1351 if (e->e_receiptto != NULL && bitnset(M_LOCALMAILER, m->m_flags))
1352 {
1353 e->e_flags |= EF_SENDRECEIPT;
1354 /* do we want to send back more info? */
1355 }
1356
1357 /*
1358 ** Do final status disposal.
1359 ** We check for something in tobuf for the SMTP case.
1360 ** If we got a temporary failure, arrange to queue the
1361 ** addressees.
1362 */
1363
1364 give_up:
1365 if (tobuf[0] != '\0')
1366 giveresponse(rcode, m, mci, e);
1367 for (to = tochain; to != NULL; to = to->q_tchain)
1368 {
1369 if (rcode != EX_OK)
1370 markfailure(e, to, rcode);
1371 else
1372 {
1373 to->q_flags |= QSENT;
1374 e->e_nsent++;
1375 }
1376 }
1377
1378 /*
1379 ** Restore state and return.
1380 */
1381
1382 errno = 0;
1383 define('g', (char *) NULL, e);
1384 return (rcode);
1385 }
1386 �/*
1387 ** MARKFAILURE -- mark a failure on a specific address.
1388 **
1389 ** Parameters:
1390 ** e -- the envelope we are sending.
1391 ** q -- the address to mark.
1392 ** rcode -- the code signifying the particular failure.
1393 **
1394 ** Returns:
1395 ** none.
1396 **
1397 ** Side Effects:
1398 ** marks the address (and possibly the envelope) with the
1399 ** failure so that an error will be returned or
1400 ** the message will be queued, as appropriate.
1401 */
1402
1403 markfailure(e, q, rcode)
1404 register ENVELOPE *e;
1405 register ADDRESS *q;
1406 int rcode;
1407 {
1408 char buf[MAXLINE];
1409
1410 if (rcode == EX_OK)
1411 return;
1412 else if (rcode == EX_TEMPFAIL)
1413 q->q_flags |= QQUEUEUP;
1414 else if (rcode != EX_IOERR && rcode != EX_OSERR)
1415 q->q_flags |= QBADADDR;
1416 }
1417 �/*
1418 ** ENDMAILER -- Wait for mailer to terminate.
1419 **
1420 ** We should never get fatal errors (e.g., segmentation
1421 ** violation), so we report those specially. For other
1422 ** errors, we choose a status message (into statmsg),
1423 ** and if it represents an error, we print it.
1424 **
1425 ** Parameters:
1426 ** pid -- pid of mailer.
1427 ** e -- the current envelope.
1428 ** pv -- the parameter vector that invoked the mailer
1429 ** (for error messages).
1430 **
1431 ** Returns:
1432 ** exit code of mailer.
1433 **
1434 ** Side Effects:
1435 ** none.
1436 */
1437
1438 endmailer(mci, e, pv)
1439 register MCI *mci;
1440 register ENVELOPE *e;
1441 char **pv;
1442 {
1443 int st;
1444
1445 /* close any connections */
1446 if (mci->mci_in != NULL)
1447 (void) xfclose(mci->mci_in, pv[0], "mci_in");
1448 if (mci->mci_out != NULL)
1449 (void) xfclose(mci->mci_out, pv[0], "mci_out");
1450 mci->mci_in = mci->mci_out = NULL;
1451 mci->mci_state = MCIS_CLOSED;
1452
1453 /* in the IPC case there is nothing to wait for */
1454 if (mci->mci_pid == 0)
1455 return (EX_OK);
1456
1457 /* wait for the mailer process to die and collect status */
1458 st = waitfor(mci->mci_pid);
1459 if (st == -1)
1460 {
1461 syserr("endmailer %s: wait", pv[0]);
1462 return (EX_SOFTWARE);
1463 }
1464
1465 /* see if it died a horrid death */
1466 if ((st & 0377) != 0)
1467 {
1468 syserr("mailer %s died with signal %o", pv[0], st);
1469
1470 /* log the arguments */
1471 if (e->e_xfp != NULL)
1472 {
1473 register char **av;
1474
1475 fprintf(e->e_xfp, "Arguments:");
1476 for (av = pv; *av != NULL; av++)
1477 fprintf(e->e_xfp, " %s", *av);
1478 fprintf(e->e_xfp, "\n");
1479 }
1480
1481 ExitStat = EX_TEMPFAIL;
1482 return (EX_TEMPFAIL);
1483 }
1484
1485 /* normal death -- return status */
1486 st = (st >> 8) & 0377;
1487 return (st);
1488 }
1489 �/*
1490 ** GIVERESPONSE -- Interpret an error response from a mailer
1491 **
1492 ** Parameters:
1493 ** stat -- the status code from the mailer (high byte
1494 ** only; core dumps must have been taken care of
1495 ** already).
1496 ** m -- the mailer info for this mailer.
1497 ** mci -- the mailer connection info -- can be NULL if the
1498 ** response is given before the connection is made.
1499 ** e -- the current envelope.
1500 **
1501 ** Returns:
1502 ** none.
1503 **
1504 ** Side Effects:
1505 ** Errors may be incremented.
1506 ** ExitStat may be set.
1507 */
1508
1509 giveresponse(stat, m, mci, e)
1510 int stat;
1511 register MAILER *m;
1512 register MCI *mci;
1513 ENVELOPE *e;
1514 {
1515 register const char *statmsg;
1516 extern char *SysExMsg[];
1517 register int i;
1518 extern int N_SysEx;
1519 char buf[MAXLINE];
1520
1521 /*
1522 ** Compute status message from code.
1523 */
1524
1525 i = stat - EX__BASE;
1526 if (stat == 0)
1527 {
1528 statmsg = "250 Sent";
1529 if (e->e_statmsg != NULL)
1530 {
1531 (void) sprintf(buf, "%s (%s)", statmsg, e->e_statmsg);
1532 statmsg = buf;
1533 }
1534 }
1535 else if (i < 0 || i > N_SysEx)
1536 {
1537 (void) sprintf(buf, "554 unknown mailer error %d", stat);
1538 stat = EX_UNAVAILABLE;
1539 statmsg = buf;
1540 }
1541 else if (stat == EX_TEMPFAIL)
1542 {
1543 (void) strcpy(buf, SysExMsg[i] + 1);
1544 #ifdef NAMED_BIND
1545 if (h_errno == TRY_AGAIN)
1546 statmsg = errstring(h_errno+E_DNSBASE);
1547 else
1548 #endif
1549 {
1550 if (errno != 0)
1551 statmsg = errstring(errno);
1552 else
1553 {
1554 #ifdef SMTP
1555 extern char SmtpError[];
1556
1557 statmsg = SmtpError;
1558 #else /* SMTP */
1559 statmsg = NULL;
1560 #endif /* SMTP */
1561 }
1562 }
1563 if (statmsg != NULL && statmsg[0] != '\0')
1564 {
1565 (void) strcat(buf, ": ");
1566 (void) strcat(buf, statmsg);
1567 }
1568 statmsg = buf;
1569 }
1570 #ifdef NAMED_BIND
1571 else if (stat == EX_NOHOST && h_errno != 0)
1572 {
1573 statmsg = errstring(h_errno + E_DNSBASE);
1574 (void) sprintf(buf, "%s (%s)", SysExMsg[i], statmsg);
1575 statmsg = buf;
1576 }
1577 #endif
1578 else
1579 {
1580 statmsg = SysExMsg[i];
1581 if (*statmsg++ == ':')
1582 {
1583 (void) sprintf(buf, "%s: %s", statmsg, errstring(errno));
1584 statmsg = buf;
1585 }
1586 }
1587
1588 /*
1589 ** Print the message as appropriate
1590 */
1591
1592 if (stat == EX_OK || stat == EX_TEMPFAIL)
1593 message(&statmsg[4], errstring(errno));
1594 else
1595 {
1596 Errors++;
1597 usrerr(statmsg, errstring(errno));
1598 }
1599
1600 /*
1601 ** Final cleanup.
1602 ** Log a record of the transaction. Compute the new
1603 ** ExitStat -- if we already had an error, stick with
1604 ** that.
1605 */
1606
1607 if (LogLevel > ((stat == EX_TEMPFAIL) ? 8 : (stat == EX_OK) ? 7 : 6))
1608 logdelivery(m, mci, &statmsg[4], e);
1609
1610 if (stat != EX_TEMPFAIL)
1611 setstat(stat);
1612 if (stat != EX_OK)
1613 {
1614 if (e->e_message != NULL)
1615 free(e->e_message);
1616 e->e_message = newstr(&statmsg[4]);
1617 }
1618 errno = 0;
1619 #ifdef NAMED_BIND
1620 h_errno = 0;
1621 #endif
1622 }
1623 �/*
1624 ** LOGDELIVERY -- log the delivery in the system log
1625 **
1626 ** Parameters:
1627 ** m -- the mailer info. Can be NULL for initial queue.
1628 ** mci -- the mailer connection info -- can be NULL if the
1629 ** log is occuring when no connection is active.
1630 ** stat -- the message to print for the status.
1631 ** e -- the current envelope.
1632 **
1633 ** Returns:
1634 ** none
1635 **
1636 ** Side Effects:
1637 ** none
1638 */
1639
1640 logdelivery(m, mci, stat, e)
1641 MAILER *m;
1642 register MCI *mci;
1643 char *stat;
1644 register ENVELOPE *e;
1645 {
1646 # ifdef LOG
1647 char buf[512];
1648
1649 (void) sprintf(buf, "delay=%s", pintvl(curtime() - e->e_ctime, TRUE));
1650
1651 if (m != NULL)
1652 {
1653 (void) strcat(buf, ", mailer=");
1654 (void) strcat(buf, m->m_name);
1655 }
1656
1657 if (mci != NULL && mci->mci_host != NULL)
1658 {
1659 # ifdef DAEMON
1660 extern SOCKADDR CurHostAddr;
1661 # endif
1662
1663 (void) strcat(buf, ", relay=");
1664 (void) strcat(buf, mci->mci_host);
1665
1666 # ifdef DAEMON
1667 (void) strcat(buf, " (");
1668 (void) strcat(buf, anynet_ntoa(&CurHostAddr));
1669 (void) strcat(buf, ")");
1670 # endif
1671 }
1672 else
1673 {
1674 char *p = macvalue('h', e);
1675
1676 if (p != NULL && p[0] != '\0')
1677 {
1678 (void) strcat(buf, ", relay=");
1679 (void) strcat(buf, p);
1680 }
1681 }
1682
1683 syslog(LOG_INFO, "%s: to=%s, %s, stat=%s",
1684 e->e_id, e->e_to, buf, stat);
1685 # endif /* LOG */
1686 }
1687 �/*
1688 ** PUTFROMLINE -- output a UNIX-style from line (or whatever)
1689 **
1690 ** This can be made an arbitrary message separator by changing $l
1691 **
1692 ** One of the ugliest hacks seen by human eyes is contained herein:
1693 ** UUCP wants those stupid "remote from <host>" lines. Why oh why
1694 ** does a well-meaning programmer such as myself have to deal with
1695 ** this kind of antique garbage????
1696 **
1697 ** Parameters:
1698 ** fp -- the file to output to.
1699 ** m -- the mailer describing this entry.
1700 **
1701 ** Returns:
1702 ** none
1703 **
1704 ** Side Effects:
1705 ** outputs some text to fp.
1706 */
1707
1708 putfromline(fp, m, e)
1709 register FILE *fp;
1710 register MAILER *m;
1711 ENVELOPE *e;
1712 {
1713 char *template = "\201l\n";
1714 char buf[MAXLINE];
1715
1716 if (bitnset(M_NHDR, m->m_flags))
1717 return;
1718
1719 # ifdef UGLYUUCP
1720 if (bitnset(M_UGLYUUCP, m->m_flags))
1721 {
1722 char *bang;
1723 char xbuf[MAXLINE];
1724
1725 expand("\201g", buf, &buf[sizeof buf - 1], e);
1726 bang = strchr(buf, '!');
1727 if (bang == NULL)
1728 syserr("554 No ! in UUCP! (%s)", buf);
1729 else
1730 {
1731 *bang++ = '\0';
1732 (void) sprintf(xbuf, "From %s \201d remote from %s\n", bang, buf);
1733 template = xbuf;
1734 }
1735 }
1736 # endif /* UGLYUUCP */
1737 expand(template, buf, &buf[sizeof buf - 1], e);
1738 putline(buf, fp, m);
1739 }
1740 �/*
1741 ** PUTBODY -- put the body of a message.
1742 **
1743 ** Parameters:
1744 ** fp -- file to output onto.
1745 ** m -- a mailer descriptor to control output format.
1746 ** e -- the envelope to put out.
1747 ** separator -- if non-NULL, a message separator that must
1748 ** not be permitted in the resulting message.
1749 **
1750 ** Returns:
1751 ** none.
1752 **
1753 ** Side Effects:
1754 ** The message is written onto fp.
1755 */
1756
1757 putbody(fp, m, e, separator)
1758 FILE *fp;
1759 MAILER *m;
1760 register ENVELOPE *e;
1761 char *separator;
1762 {
1763 char buf[MAXLINE];
1764
1765 /*
1766 ** Output the body of the message
1767 */
1768
1769 if (e->e_dfp == NULL)
1770 {
1771 if (e->e_df != NULL)
1772 {
1773 e->e_dfp = fopen(e->e_df, "r");
1774 if (e->e_dfp == NULL)
1775 syserr("putbody: Cannot open %s for %s from %s",
1776 e->e_df, e->e_to, e->e_from.q_paddr);
1777 }
1778 else
1779 putline("<<< No Message Collected >>>", fp, m);
1780 }
1781 if (e->e_dfp != NULL)
1782 {
1783 rewind(e->e_dfp);
1784 while (!ferror(fp) && fgets(buf, sizeof buf, e->e_dfp) != NULL)
1785 {
1786 if (buf[0] == 'F' && bitnset(M_ESCFROM, m->m_flags) &&
1787 strncmp(buf, "From ", 5) == 0)
1788 (void) putc('>', fp);
1789 if (buf[0] == '-' && buf[1] == '-' && separator != NULL)
1790 {
1791 /* possible separator */
1792 int sl = strlen(separator);
1793
1794 if (strncmp(&buf[2], separator, sl) == 0)
1795 (void) putc(' ', fp);
1796 }
1797 putline(buf, fp, m);
1798 }
1799
1800 if (ferror(e->e_dfp))
1801 {
1802 syserr("putbody: read error");
1803 ExitStat = EX_IOERR;
1804 }
1805 }
1806
1807 /* some mailers want extra blank line at end of message */
1808 if (bitnset(M_BLANKEND, m->m_flags) && buf[0] != '\0' && buf[0] != '\n')
1809 putline("", fp, m);
1810
1811 (void) fflush(fp);
1812 if (ferror(fp) && errno != EPIPE)
1813 {
1814 syserr("putbody: write error");
1815 ExitStat = EX_IOERR;
1816 }
1817 errno = 0;
1818 }
1819 �/*
1820 ** MAILFILE -- Send a message to a file.
1821 **
1822 ** If the file has the setuid/setgid bits set, but NO execute
1823 ** bits, sendmail will try to become the owner of that file
1824 ** rather than the real user. Obviously, this only works if
1825 ** sendmail runs as root.
1826 **
1827 ** This could be done as a subordinate mailer, except that it
1828 ** is used implicitly to save messages in ~/dead.letter. We
1829 ** view this as being sufficiently important as to include it
1830 ** here. For example, if the system is dying, we shouldn't have
1831 ** to create another process plus some pipes to save the message.
1832 **
1833 ** Parameters:
1834 ** filename -- the name of the file to send to.
1835 ** ctladdr -- the controlling address header -- includes
1836 ** the userid/groupid to be when sending.
1837 **
1838 ** Returns:
1839 ** The exit code associated with the operation.
1840 **
1841 ** Side Effects:
1842 ** none.
1843 */
1844
1845 mailfile(filename, ctladdr, e)
1846 char *filename;
1847 ADDRESS *ctladdr;
1848 register ENVELOPE *e;
1849 {
1850 register FILE *f;
1851 register int pid;
1852 int mode;
1853
1854 if (tTd(11, 1))
1855 {
1856 printf("mailfile %s\n ctladdr=", filename);
1857 printaddr(ctladdr, FALSE);
1858 }
1859
1860 if (e->e_xfp != NULL)
1861 fflush(e->e_xfp);
1862
1863 /*
1864 ** Fork so we can change permissions here.
1865 ** Note that we MUST use fork, not vfork, because of
1866 ** the complications of calling subroutines, etc.
1867 */
1868
1869 DOFORK(fork);
1870
1871 if (pid < 0)
1872 return (EX_OSERR);
1873 else if (pid == 0)
1874 {
1875 /* child -- actually write to file */
1876 struct stat stb;
1877
1878 (void) setsignal(SIGINT, SIG_DFL);
1879 (void) setsignal(SIGHUP, SIG_DFL);
1880 (void) setsignal(SIGTERM, SIG_DFL);
1881 (void) umask(OldUmask);
1882
1883 if (stat(filename, &stb) < 0)
1884 stb.st_mode = FileMode;
1885 mode = stb.st_mode;
1886
1887 /* limit the errors to those actually caused in the child */
1888 errno = 0;
1889 ExitStat = EX_OK;
1890
1891 if (bitset(0111, stb.st_mode))
1892 exit(EX_CANTCREAT);
1893 if (ctladdr == NULL)
1894 ctladdr = &e->e_from;
1895 else
1896 {
1897 /* ignore setuid and setgid bits */
1898 mode &= ~(S_ISGID|S_ISUID);
1899 }
1900
1901 /* we have to open the dfile BEFORE setuid */
1902 if (e->e_dfp == NULL && e->e_df != NULL)
1903 {
1904 e->e_dfp = fopen(e->e_df, "r");
1905 if (e->e_dfp == NULL)
1906 {
1907 syserr("mailfile: Cannot open %s for %s from %s",
1908 e->e_df, e->e_to, e->e_from.q_paddr);
1909 }
1910 }
1911
1912 if (!bitset(S_ISGID, mode) || setgid(stb.st_gid) < 0)
1913 {
1914 if (ctladdr->q_uid == 0)
1915 {
1916 (void) setgid(DefGid);
1917 (void) initgroups(DefUser, DefGid);
1918 }
1919 else
1920 {
1921 (void) setgid(ctladdr->q_gid);
1922 (void) initgroups(ctladdr->q_ruser ?
1923 ctladdr->q_ruser : ctladdr->q_user,
1924 ctladdr->q_gid);
1925 }
1926 }
1927 if (!bitset(S_ISUID, mode) || setuid(stb.st_uid) < 0)
1928 {
1929 if (ctladdr->q_uid == 0)
1930 (void) setuid(DefUid);
1931 else
1932 (void) setuid(ctladdr->q_uid);
1933 }
1934 FileName = filename;
1935 LineNumber = 0;
1936 f = dfopen(filename, O_WRONLY|O_CREAT|O_APPEND, FileMode);
1937 if (f == NULL)
1938 {
1939 message("554 cannot open");
1940 exit(EX_CANTCREAT);
1941 }
1942
1943 putfromline(f, FileMailer, e);
1944 (*e->e_puthdr)(f, FileMailer, e);
1945 putline("\n", f, FileMailer);
1946 (*e->e_putbody)(f, FileMailer, e, NULL);
1947 putline("\n", f, FileMailer);
1948 if (ferror(f))
1949 {
1950 message("451 I/O error");
1951 setstat(EX_IOERR);
1952 }
1953 (void) xfclose(f, "mailfile", filename);
1954 (void) fflush(stdout);
1955
1956 /* reset ISUID & ISGID bits for paranoid systems */
1957 (void) chmod(filename, (int) stb.st_mode);
1958 exit(ExitStat);
1959 /*NOTREACHED*/
1960 }
1961 else
1962 {
1963 /* parent -- wait for exit status */
1964 int st;
1965
1966 st = waitfor(pid);
1967 if ((st & 0377) != 0)
1968 return (EX_UNAVAILABLE);
1969 else
1970 return ((st >> 8) & 0377);
1971 /*NOTREACHED*/
1972 }
1973 }
1974 �/*
1975 ** HOSTSIGNATURE -- return the "signature" for a host.
1976 **
1977 ** The signature describes how we are going to send this -- it
1978 ** can be just the hostname (for non-Internet hosts) or can be
1979 ** an ordered list of MX hosts.
1980 **
1981 ** Parameters:
1982 ** m -- the mailer describing this host.
1983 ** host -- the host name.
1984 ** e -- the current envelope.
1985 **
1986 ** Returns:
1987 ** The signature for this host.
1988 **
1989 ** Side Effects:
1990 ** Can tweak the symbol table.
1991 */
1992
1993 char *
1994 hostsignature(m, host, e)
1995 register MAILER *m;
1996 char *host;
1997 ENVELOPE *e;
1998 {
1999 register char *p;
2000 register STAB *s;
2001 int i;
2002 int len;
2003 #ifdef NAMED_BIND
2004 int nmx;
2005 auto int rcode;
2006 char *hp;
2007 char *endp;
2008 int oldoptions;
2009 char *mxhosts[MAXMXHOSTS + 1];
2010 #endif
2011
2012 /*
2013 ** Check to see if this uses IPC -- if not, it can't have MX records.
2014 */
2015
2016 p = m->m_mailer;
2017 if (strcmp(p, "[IPC]") != 0 && strcmp(p, "[TCP]") != 0)
2018 {
2019 /* just an ordinary mailer */
2020 return host;
2021 }
2022
2023 /*
2024 ** If it is a numeric address, just return it.
2025 */
2026
2027 if (host[0] == '[')
2028 return host;
2029
2030 /*
2031 ** Look it up in the symbol table.
2032 */
2033
2034 s = stab(host, ST_HOSTSIG, ST_ENTER);
2035 if (s->s_hostsig != NULL)
2036 return s->s_hostsig;
2037
2038 /*
2039 ** Not already there -- create a signature.
2040 */
2041
2042 #ifdef NAMED_BIND
2043 if (ConfigLevel < 2)
2044 {
2045 oldoptions = _res.options;
2046 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
2047 }
2048
2049 for (hp = host; hp != NULL; hp = endp)
2050 {
2051 endp = strchr(hp, ':');
2052 if (endp != NULL)
2053 *endp = '\0';
2054
2055 nmx = getmxrr(hp, mxhosts, TRUE, &rcode);
2056
2057 if (nmx <= 0)
2058 {
2059 register MCI *mci;
2060 extern int errno;
2061
2062 /* update the connection info for this host */
2063 mci = mci_get(hp, m);
2064 mci->mci_exitstat = rcode;
2065 mci->mci_errno = errno;
2066 #ifdef NAMED_BIND
2067 mci->mci_herrno = h_errno;
2068 #endif
2069
2070 /* and return the original host name as the signature */
2071 nmx = 1;
2072 mxhosts[0] = hp;
2073 }
2074
2075 len = 0;
2076 for (i = 0; i < nmx; i++)
2077 {
2078 len += strlen(mxhosts[i]) + 1;
2079 }
2080 if (s->s_hostsig != NULL)
2081 len += strlen(s->s_hostsig) + 1;
2082 p = xalloc(len);
2083 if (s->s_hostsig != NULL)
2084 {
2085 (void) strcpy(p, s->s_hostsig);
2086 free(s->s_hostsig);
2087 s->s_hostsig = p;
2088 p += strlen(p);
2089 *p++ = ':';
2090 }
2091 else
2092 s->s_hostsig = p;
2093 for (i = 0; i < nmx; i++)
2094 {
2095 if (i != 0)
2096 *p++ = ':';
2097 strcpy(p, mxhosts[i]);
2098 p += strlen(p);
2099 }
2100 if (endp != NULL)
2101 *endp++ = ':';
2102 }
2103 makelower(s->s_hostsig);
2104 if (ConfigLevel < 2)
2105 _res.options = oldoptions;
2106 #else
2107 /* not using BIND -- the signature is just the host name */
2108 s->s_hostsig = host;
2109 #endif
2110 if (tTd(17, 1))
2111 printf("hostsignature(%s) = %s\n", host, s->s_hostsig);
2112 return s->s_hostsig;
2113 }
2114