1 /*
2 * Copyright (c) 1983 Eric P. Allman
3 * Copyright (c) 1988, 1993
4 * The Regents of the University of California. All rights reserved.
5 *
6 * %sccs.include.redist.c%
7 */
8
9 #ifndef lint
10 static char sccsid[] = "@(#)deliver.c 8.25 (Berkeley) 09/21/93";
11 #endif /* not lint */
12
13 #include "sendmail.h"
14 #include <netdb.h>
15 #include <errno.h>
16 #ifdef NAMED_BIND
17 #include <arpa/nameser.h>
18 #include <resolv.h>
19
20 extern int h_errno;
21 #endif
22
23 /*
24 ** SENDALL -- actually send all the messages.
25 **
26 ** Parameters:
27 ** e -- the envelope to send.
28 ** mode -- the delivery mode to use. If SM_DEFAULT, use
29 ** the current e->e_sendmode.
30 **
31 ** Returns:
32 ** none.
33 **
34 ** Side Effects:
35 ** Scans the send lists and sends everything it finds.
36 ** Delivers any appropriate error messages.
37 ** If we are running in a non-interactive mode, takes the
38 ** appropriate action.
39 */
40
41 sendall(e, mode)
42 ENVELOPE *e;
43 char mode;
44 {
45 register ADDRESS *q;
46 char *owner;
47 int otherowners;
48 register ENVELOPE *ee;
49 ENVELOPE *splitenv = NULL;
50 bool announcequeueup;
51
52 /*
53 ** If we have had global, fatal errors, don't bother sending
54 ** the message at all if we are in SMTP mode. Local errors
55 ** (e.g., a single address failing) will still cause the other
56 ** addresses to be sent.
57 */
58
59 if (bitset(EF_FATALERRS, e->e_flags) && OpMode == MD_SMTP)
60 {
61 e->e_flags |= EF_CLRQUEUE;
62 return;
63 }
64
65 /* determine actual delivery mode */
66 if (mode == SM_DEFAULT)
67 {
68 mode = e->e_sendmode;
69 if (mode != SM_VERIFY &&
70 shouldqueue(e->e_msgpriority, e->e_ctime))
71 mode = SM_QUEUE;
72 announcequeueup = mode == SM_QUEUE;
73 }
74 else
75 announcequeueup = FALSE;
76
77 if (tTd(13, 1))
78 {
79 printf("\n===== SENDALL: mode %c, id %s, e_from ",
80 mode, e->e_id);
81 printaddr(&e->e_from, FALSE);
82 printf("sendqueue:\n");
83 printaddr(e->e_sendqueue, TRUE);
84 }
85
86 /*
87 ** Do any preprocessing necessary for the mode we are running.
88 ** Check to make sure the hop count is reasonable.
89 ** Delete sends to the sender in mailing lists.
90 */
91
92 CurEnv = e;
93
94 if (e->e_hopcount > MaxHopCount)
95 {
96 errno = 0;
97 syserr("554 too many hops %d (%d max): from %s via %s, to %s",
98 e->e_hopcount, MaxHopCount, e->e_from.q_paddr,
99 RealHostName, e->e_sendqueue->q_paddr);
100 return;
101 }
102
103 /*
104 ** Do sender deletion.
105 **
106 ** If the sender has the QQUEUEUP flag set, skip this.
107 ** This can happen if the name server is hosed when you
108 ** are trying to send mail. The result is that the sender
109 ** is instantiated in the queue as a recipient.
110 */
111
112 if (!bitset(EF_METOO, e->e_flags) &&
113 !bitset(QQUEUEUP, e->e_from.q_flags))
114 {
115 if (tTd(13, 5))
116 {
117 printf("sendall: QDONTSEND ");
118 printaddr(&e->e_from, FALSE);
119 }
120 e->e_from.q_flags |= QDONTSEND;
121 (void) recipient(&e->e_from, &e->e_sendqueue, e);
122 }
123
124 /*
125 ** Handle alias owners.
126 **
127 ** We scan up the q_alias chain looking for owners.
128 ** We discard owners that are the same as the return path.
129 */
130
131 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
132 {
133 register struct address *a;
134
135 for (a = q; a != NULL && a->q_owner == NULL; a = a->q_alias)
136 continue;
137 if (a != NULL)
138 q->q_owner = a->q_owner;
139
140 if (q->q_owner != NULL &&
141 !bitset(QDONTSEND, q->q_flags) &&
142 strcmp(q->q_owner, e->e_from.q_paddr) == 0)
143 q->q_owner = NULL;
144 }
145
146 owner = "";
147 otherowners = 1;
148 while (owner != NULL && otherowners > 0)
149 {
150 owner = NULL;
151 otherowners = 0;
152
153 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
154 {
155 if (bitset(QDONTSEND, q->q_flags))
156 continue;
157
158 if (q->q_owner != NULL)
159 {
160 if (owner == NULL)
161 owner = q->q_owner;
162 else if (owner != q->q_owner)
163 {
164 if (strcmp(owner, q->q_owner) == 0)
165 {
166 /* make future comparisons cheap */
167 q->q_owner = owner;
168 }
169 else
170 {
171 otherowners++;
172 }
173 owner = q->q_owner;
174 }
175 }
176 else
177 {
178 otherowners++;
179 }
180 }
181
182 if (owner != NULL && otherowners > 0)
183 {
184 extern HDR *copyheader();
185 extern ADDRESS *copyqueue();
186
187 /*
188 ** Split this envelope into two.
189 */
190
191 ee = (ENVELOPE *) xalloc(sizeof(ENVELOPE));
192 *ee = *e;
193 ee->e_id = NULL;
194 (void) queuename(ee, '\0');
195
196 if (tTd(13, 1))
197 printf("sendall: split %s into %s\n",
198 e->e_id, ee->e_id);
199
200 ee->e_header = copyheader(e->e_header);
201 ee->e_sendqueue = copyqueue(e->e_sendqueue);
202 ee->e_errorqueue = copyqueue(e->e_errorqueue);
203 ee->e_flags = e->e_flags & ~(EF_INQUEUE|EF_CLRQUEUE|EF_FATALERRS);
204 setsender(owner, ee, NULL, TRUE);
205 if (tTd(13, 5))
206 {
207 printf("sendall(split): QDONTSEND ");
208 printaddr(&ee->e_from, FALSE);
209 }
210 ee->e_from.q_flags |= QDONTSEND;
211 ee->e_dfp = NULL;
212 ee->e_xfp = NULL;
213 ee->e_lockfp = NULL;
214 ee->e_df = NULL;
215 ee->e_errormode = EM_MAIL;
216 ee->e_sibling = splitenv;
217 splitenv = ee;
218
219 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
220 if (q->q_owner == owner)
221 q->q_flags |= QDONTSEND;
222 for (q = ee->e_sendqueue; q != NULL; q = q->q_next)
223 if (q->q_owner != owner)
224 q->q_flags |= QDONTSEND;
225
226 if (e->e_df != NULL && mode != SM_VERIFY)
227 {
228 ee->e_dfp = NULL;
229 ee->e_df = queuename(ee, 'd');
230 ee->e_df = newstr(ee->e_df);
231 if (link(e->e_df, ee->e_df) < 0)
232 {
233 syserr("sendall: link(%s, %s)",
234 e->e_df, ee->e_df);
235 }
236 }
237
238 if (mode != SM_VERIFY)
239 openxscript(ee);
240 #ifdef LOG
241 if (LogLevel > 4)
242 syslog(LOG_INFO, "%s: clone %s",
243 ee->e_id, e->e_id);
244 #endif
245 }
246 }
247
248 if (owner != NULL)
249 {
250 setsender(owner, e, NULL, TRUE);
251 if (tTd(13, 5))
252 {
253 printf("sendall(owner): QDONTSEND ");
254 printaddr(&e->e_from, FALSE);
255 }
256 e->e_from.q_flags |= QDONTSEND;
257 e->e_errormode = EM_MAIL;
258 }
259
260 # ifdef QUEUE
261 if ((mode == SM_QUEUE || mode == SM_FORK ||
262 (mode != SM_VERIFY && SuperSafe)) &&
263 !bitset(EF_INQUEUE, e->e_flags))
264 {
265 /* be sure everything is instantiated in the queue */
266 queueup(e, TRUE, announcequeueup);
267 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
268 queueup(ee, TRUE, announcequeueup);
269 }
270 #endif /* QUEUE */
271
272 if (splitenv != NULL)
273 {
274 if (tTd(13, 1))
275 {
276 printf("\nsendall: Split queue; remaining queue:\n");
277 printaddr(e->e_sendqueue, TRUE);
278 }
279
280 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
281 {
282 CurEnv = ee;
283 sendenvelope(ee, mode);
284 }
285
286 CurEnv = e;
287 }
288 sendenvelope(e, mode);
289
290 for (; splitenv != NULL; splitenv = splitenv->e_sibling)
291 dropenvelope(splitenv);
292 }
293
294 sendenvelope(e, mode)
295 register ENVELOPE *e;
296 char mode;
297 {
298 bool oldverbose;
299 int pid;
300 register ADDRESS *q;
301 char *qf;
302 char *id;
303
304 /*
305 ** If we have had global, fatal errors, don't bother sending
306 ** the message at all if we are in SMTP mode. Local errors
307 ** (e.g., a single address failing) will still cause the other
308 ** addresses to be sent.
309 */
310
311 if (bitset(EF_FATALERRS, e->e_flags) && OpMode == MD_SMTP)
312 {
313 e->e_flags |= EF_CLRQUEUE;
314 return;
315 }
316
317 oldverbose = Verbose;
318 switch (mode)
319 {
320 case SM_VERIFY:
321 Verbose = TRUE;
322 break;
323
324 case SM_QUEUE:
325 queueonly:
326 e->e_flags |= EF_INQUEUE|EF_KEEPQUEUE;
327 return;
328
329 case SM_FORK:
330 if (e->e_xfp != NULL)
331 (void) fflush(e->e_xfp);
332
333 # ifndef HASFLOCK
334 /*
335 ** Since fcntl locking has the interesting semantic that
336 ** the lock is owned by a process, not by an open file
337 ** descriptor, we have to flush this to the queue, and
338 ** then restart from scratch in the child.
339 */
340
341 /* save id for future use */
342 id = e->e_id;
343
344 /* now drop the envelope in the parent */
345 e->e_flags |= EF_INQUEUE|EF_KEEPQUEUE;
346 e->e_flags &= ~EF_FATALERRS;
347 dropenvelope(e);
348
349 /* and reacquire in the child */
350 (void) dowork(id, TRUE, FALSE, e);
351
352 return;
353
354 # else /* HASFLOCK */
355
356 pid = fork();
357 if (pid < 0)
358 {
359 goto queueonly;
360 }
361 else if (pid > 0)
362 {
363 /* be sure we leave the temp files to our child */
364 /* can't call unlockqueue to avoid unlink of xfp */
365 if (e->e_lockfp != NULL)
366 (void) xfclose(e->e_lockfp, "sendenvelope", "lockfp");
367 e->e_lockfp = NULL;
368
369 /* close any random open files in the envelope */
370 closexscript(e);
371 if (e->e_dfp != NULL)
372 (void) xfclose(e->e_dfp, "sendenvelope", e->e_df);
373 e->e_dfp = NULL;
374 e->e_id = e->e_df = NULL;
375 return;
376 }
377
378 /* double fork to avoid zombies */
379 if (fork() > 0)
380 exit(EX_OK);
381
382 /* be sure we are immune from the terminal */
383 disconnect(1, e);
384
385 /*
386 ** Close any cached connections.
387 **
388 ** We don't send the QUIT protocol because the parent
389 ** still knows about the connection.
390 **
391 ** This should only happen when delivering an error
392 ** message.
393 */
394
395 mci_flush(FALSE, NULL);
396
397 # endif /* HASFLOCK */
398
399 break;
400 }
401
402 /*
403 ** Run through the list and send everything.
404 **
405 ** Set EF_GLOBALERRS so that error messages during delivery
406 ** result in returned mail.
407 */
408
409 e->e_nsent = 0;
410 e->e_flags |= EF_GLOBALERRS;
411 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
412 {
413 #ifdef XDEBUG
414 char wbuf[MAXNAME + 20];
415
416 (void) sprintf(wbuf, "sendall(%s)", q->q_paddr);
417 checkfd012(wbuf);
418 #endif
419 if (mode == SM_VERIFY)
420 {
421 e->e_to = q->q_paddr;
422 if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
423 {
424 message("deliverable: mailer %s, host %s, user %s",
425 q->q_mailer->m_name,
426 q->q_host,
427 q->q_user);
428 }
429 }
430 else if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
431 {
432 # ifdef QUEUE
433 /*
434 ** Checkpoint the send list every few addresses
435 */
436
437 if (e->e_nsent >= CheckpointInterval)
438 {
439 queueup(e, TRUE, FALSE);
440 e->e_nsent = 0;
441 }
442 # endif /* QUEUE */
443 (void) deliver(e, q);
444 }
445 }
446 Verbose = oldverbose;
447
448 #ifdef XDEBUG
449 checkfd012("end of sendenvelope");
450 #endif
451
452 if (mode == SM_FORK)
453 finis();
454 }
455 �/*
456 ** DOFORK -- do a fork, retrying a couple of times on failure.
457 **
458 ** This MUST be a macro, since after a vfork we are running
459 ** two processes on the same stack!!!
460 **
461 ** Parameters:
462 ** none.
463 **
464 ** Returns:
465 ** From a macro??? You've got to be kidding!
466 **
467 ** Side Effects:
468 ** Modifies the ==> LOCAL <== variable 'pid', leaving:
469 ** pid of child in parent, zero in child.
470 ** -1 on unrecoverable error.
471 **
472 ** Notes:
473 ** I'm awfully sorry this looks so awful. That's
474 ** vfork for you.....
475 */
476
477 # define NFORKTRIES 5
478
479 # ifndef FORK
480 # define FORK fork
481 # endif
482
483 # define DOFORK(fORKfN) \
484 {\
485 register int i;\
486 \
487 for (i = NFORKTRIES; --i >= 0; )\
488 {\
489 pid = fORKfN();\
490 if (pid >= 0)\
491 break;\
492 if (i > 0)\
493 sleep((unsigned) NFORKTRIES - i);\
494 }\
495 }
496 �/*
497 ** DOFORK -- simple fork interface to DOFORK.
498 **
499 ** Parameters:
500 ** none.
501 **
502 ** Returns:
503 ** pid of child in parent.
504 ** zero in child.
505 ** -1 on error.
506 **
507 ** Side Effects:
508 ** returns twice, once in parent and once in child.
509 */
510
511 dofork()
512 {
513 register int pid;
514
515 DOFORK(fork);
516 return (pid);
517 }
518 �/*
519 ** DELIVER -- Deliver a message to a list of addresses.
520 **
521 ** This routine delivers to everyone on the same host as the
522 ** user on the head of the list. It is clever about mailers
523 ** that don't handle multiple users. It is NOT guaranteed
524 ** that it will deliver to all these addresses however -- so
525 ** deliver should be called once for each address on the
526 ** list.
527 **
528 ** Parameters:
529 ** e -- the envelope to deliver.
530 ** firstto -- head of the address list to deliver to.
531 **
532 ** Returns:
533 ** zero -- successfully delivered.
534 ** else -- some failure, see ExitStat for more info.
535 **
536 ** Side Effects:
537 ** The standard input is passed off to someone.
538 */
539
540 deliver(e, firstto)
541 register ENVELOPE *e;
542 ADDRESS *firstto;
543 {
544 char *host; /* host being sent to */
545 char *user; /* user being sent to */
546 char **pvp;
547 register char **mvp;
548 register char *p;
549 register MAILER *m; /* mailer for this recipient */
550 ADDRESS *ctladdr;
551 register MCI *mci;
552 register ADDRESS *to = firstto;
553 bool clever = FALSE; /* running user smtp to this mailer */
554 ADDRESS *tochain = NULL; /* chain of users in this mailer call */
555 int rcode; /* response code */
556 char *firstsig; /* signature of firstto */
557 int pid;
558 char *curhost;
559 int mpvect[2];
560 int rpvect[2];
561 char *pv[MAXPV+1];
562 char tobuf[TOBUFSIZE]; /* text line of to people */
563 char buf[MAXNAME];
564 char rpathbuf[MAXNAME]; /* translated return path */
565 extern int checkcompat();
566 extern FILE *fdopen();
567
568 errno = 0;
569 if (bitset(QDONTSEND|QBADADDR|QQUEUEUP, to->q_flags))
570 return (0);
571
572 #ifdef NAMED_BIND
573 /* unless interactive, try twice, over a minute */
574 if (OpMode == MD_DAEMON || OpMode == MD_SMTP) {
575 _res.retrans = 30;
576 _res.retry = 2;
577 }
578 #endif
579
580 m = to->q_mailer;
581 host = to->q_host;
582 CurEnv = e; /* just in case */
583 e->e_statmsg = NULL;
584
585 if (tTd(10, 1))
586 printf("\n--deliver, mailer=%d, host=`%s', first user=`%s'\n",
587 m->m_mno, host, to->q_user);
588
589 /*
590 ** If this mailer is expensive, and if we don't want to make
591 ** connections now, just mark these addresses and return.
592 ** This is useful if we want to batch connections to
593 ** reduce load. This will cause the messages to be
594 ** queued up, and a daemon will come along to send the
595 ** messages later.
596 ** This should be on a per-mailer basis.
597 */
598
599 if (NoConnect && !bitset(EF_QUEUERUN, e->e_flags) &&
600 bitnset(M_EXPENSIVE, m->m_flags) && !Verbose)
601 {
602 for (; to != NULL; to = to->q_next)
603 {
604 if (bitset(QDONTSEND|QBADADDR|QQUEUEUP, to->q_flags) ||
605 to->q_mailer != m)
606 continue;
607 to->q_flags |= QQUEUEUP;
608 e->e_to = to->q_paddr;
609 message("queued");
610 if (LogLevel > 8)
611 logdelivery(m, NULL, "queued", e);
612 }
613 e->e_to = NULL;
614 return (0);
615 }
616
617 /*
618 ** Do initial argv setup.
619 ** Insert the mailer name. Notice that $x expansion is
620 ** NOT done on the mailer name. Then, if the mailer has
621 ** a picky -f flag, we insert it as appropriate. This
622 ** code does not check for 'pv' overflow; this places a
623 ** manifest lower limit of 4 for MAXPV.
624 ** The from address rewrite is expected to make
625 ** the address relative to the other end.
626 */
627
628 /* rewrite from address, using rewriting rules */
629 rcode = EX_OK;
630 (void) strcpy(rpathbuf, remotename(e->e_from.q_paddr, m,
631 RF_SENDERADDR|RF_CANONICAL,
632 &rcode, e));
633 define('g', rpathbuf, e); /* translated return path */
634 define('h', host, e); /* to host */
635 Errors = 0;
636 pvp = pv;
637 *pvp++ = m->m_argv[0];
638
639 /* insert -f or -r flag as appropriate */
640 if (FromFlag && (bitnset(M_FOPT, m->m_flags) || bitnset(M_ROPT, m->m_flags)))
641 {
642 if (bitnset(M_FOPT, m->m_flags))
643 *pvp++ = "-f";
644 else
645 *pvp++ = "-r";
646 *pvp++ = newstr(rpathbuf);
647 }
648
649 /*
650 ** Append the other fixed parts of the argv. These run
651 ** up to the first entry containing "$u". There can only
652 ** be one of these, and there are only a few more slots
653 ** in the pv after it.
654 */
655
656 for (mvp = m->m_argv; (p = *++mvp) != NULL; )
657 {
658 /* can't use strchr here because of sign extension problems */
659 while (*p != '\0')
660 {
661 if ((*p++ & 0377) == MACROEXPAND)
662 {
663 if (*p == 'u')
664 break;
665 }
666 }
667
668 if (*p != '\0')
669 break;
670
671 /* this entry is safe -- go ahead and process it */
672 expand(*mvp, buf, &buf[sizeof buf - 1], e);
673 *pvp++ = newstr(buf);
674 if (pvp >= &pv[MAXPV - 3])
675 {
676 syserr("554 Too many parameters to %s before $u", pv[0]);
677 return (-1);
678 }
679 }
680
681 /*
682 ** If we have no substitution for the user name in the argument
683 ** list, we know that we must supply the names otherwise -- and
684 ** SMTP is the answer!!
685 */
686
687 if (*mvp == NULL)
688 {
689 /* running SMTP */
690 # ifdef SMTP
691 clever = TRUE;
692 *pvp = NULL;
693 # else /* SMTP */
694 /* oops! we don't implement SMTP */
695 syserr("554 SMTP style mailer");
696 return (EX_SOFTWARE);
697 # endif /* SMTP */
698 }
699
700 /*
701 ** At this point *mvp points to the argument with $u. We
702 ** run through our address list and append all the addresses
703 ** we can. If we run out of space, do not fret! We can
704 ** always send another copy later.
705 */
706
707 tobuf[0] = '\0';
708 e->e_to = tobuf;
709 ctladdr = NULL;
710 firstsig = hostsignature(firstto->q_mailer, firstto->q_host, e);
711 for (; to != NULL; to = to->q_next)
712 {
713 /* avoid sending multiple recipients to dumb mailers */
714 if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags))
715 break;
716
717 /* if already sent or not for this host, don't send */
718 if (bitset(QDONTSEND|QBADADDR|QQUEUEUP, to->q_flags) ||
719 to->q_mailer != firstto->q_mailer ||
720 strcmp(hostsignature(to->q_mailer, to->q_host, e), firstsig) != 0)
721 continue;
722
723 /* avoid overflowing tobuf */
724 if (sizeof tobuf < (strlen(to->q_paddr) + strlen(tobuf) + 2))
725 break;
726
727 if (tTd(10, 1))
728 {
729 printf("\nsend to ");
730 printaddr(to, FALSE);
731 }
732
733 /* compute effective uid/gid when sending */
734 if (to->q_mailer == ProgMailer)
735 ctladdr = getctladdr(to);
736
737 user = to->q_user;
738 e->e_to = to->q_paddr;
739 if (tTd(10, 5))
740 {
741 printf("deliver: QDONTSEND ");
742 printaddr(to, FALSE);
743 }
744 to->q_flags |= QDONTSEND;
745
746 /*
747 ** Check to see that these people are allowed to
748 ** talk to each other.
749 */
750
751 if (m->m_maxsize != 0 && e->e_msgsize > m->m_maxsize)
752 {
753 NoReturn = TRUE;
754 usrerr("552 Message is too large; %ld bytes max", m->m_maxsize);
755 giveresponse(EX_UNAVAILABLE, m, NULL, e);
756 continue;
757 }
758 rcode = checkcompat(to, e);
759 if (rcode != EX_OK)
760 {
761 markfailure(e, to, rcode);
762 giveresponse(rcode, m, NULL, e);
763 continue;
764 }
765
766 /*
767 ** Strip quote bits from names if the mailer is dumb
768 ** about them.
769 */
770
771 if (bitnset(M_STRIPQ, m->m_flags))
772 {
773 stripquotes(user);
774 stripquotes(host);
775 }
776
777 /* hack attack -- delivermail compatibility */
778 if (m == ProgMailer && *user == '|')
779 user++;
780
781 /*
782 ** If an error message has already been given, don't
783 ** bother to send to this address.
784 **
785 ** >>>>>>>>>> This clause assumes that the local mailer
786 ** >> NOTE >> cannot do any further aliasing; that
787 ** >>>>>>>>>> function is subsumed by sendmail.
788 */
789
790 if (bitset(QBADADDR|QQUEUEUP, to->q_flags))
791 continue;
792
793 /* save statistics.... */
794 markstats(e, to);
795
796 /*
797 ** See if this user name is "special".
798 ** If the user name has a slash in it, assume that this
799 ** is a file -- send it off without further ado. Note
800 ** that this type of addresses is not processed along
801 ** with the others, so we fudge on the To person.
802 */
803
804 if (m == FileMailer)
805 {
806 rcode = mailfile(user, getctladdr(to), e);
807 giveresponse(rcode, m, NULL, e);
808 if (rcode == EX_OK)
809 to->q_flags |= QSENT;
810 continue;
811 }
812
813 /*
814 ** Address is verified -- add this user to mailer
815 ** argv, and add it to the print list of recipients.
816 */
817
818 /* link together the chain of recipients */
819 to->q_tchain = tochain;
820 tochain = to;
821
822 /* create list of users for error messages */
823 (void) strcat(tobuf, ",");
824 (void) strcat(tobuf, to->q_paddr);
825 define('u', user, e); /* to user */
826 define('z', to->q_home, e); /* user's home */
827
828 /*
829 ** Expand out this user into argument list.
830 */
831
832 if (!clever)
833 {
834 expand(*mvp, buf, &buf[sizeof buf - 1], e);
835 *pvp++ = newstr(buf);
836 if (pvp >= &pv[MAXPV - 2])
837 {
838 /* allow some space for trailing parms */
839 break;
840 }
841 }
842 }
843
844 /* see if any addresses still exist */
845 if (tobuf[0] == '\0')
846 {
847 define('g', (char *) NULL, e);
848 return (0);
849 }
850
851 /* print out messages as full list */
852 e->e_to = tobuf + 1;
853
854 /*
855 ** Fill out any parameters after the $u parameter.
856 */
857
858 while (!clever && *++mvp != NULL)
859 {
860 expand(*mvp, buf, &buf[sizeof buf - 1], e);
861 *pvp++ = newstr(buf);
862 if (pvp >= &pv[MAXPV])
863 syserr("554 deliver: pv overflow after $u for %s", pv[0]);
864 }
865 *pvp++ = NULL;
866
867 /*
868 ** Call the mailer.
869 ** The argument vector gets built, pipes
870 ** are created as necessary, and we fork & exec as
871 ** appropriate.
872 ** If we are running SMTP, we just need to clean up.
873 */
874
875 if (ctladdr == NULL && m != ProgMailer)
876 ctladdr = &e->e_from;
877 #ifdef NAMED_BIND
878 if (ConfigLevel < 2)
879 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
880 #endif
881
882 if (tTd(11, 1))
883 {
884 printf("openmailer:");
885 printav(pv);
886 }
887 errno = 0;
888
889 CurHostName = m->m_mailer;
890
891 /*
892 ** Deal with the special case of mail handled through an IPC
893 ** connection.
894 ** In this case we don't actually fork. We must be
895 ** running SMTP for this to work. We will return a
896 ** zero pid to indicate that we are running IPC.
897 ** We also handle a debug version that just talks to stdin/out.
898 */
899
900 curhost = NULL;
901 SmtpPhase = NULL;
902
903 #ifdef XDEBUG
904 {
905 char wbuf[MAXLINE];
906
907 /* make absolutely certain 0, 1, and 2 are in use */
908 sprintf(wbuf, "%s... openmailer(%s)", e->e_to, m->m_name);
909 checkfd012(wbuf);
910 }
911 #endif
912
913
914 /* check for Local Person Communication -- not for mortals!!! */
915 if (strcmp(m->m_mailer, "[LPC]") == 0)
916 {
917 mci = (MCI *) xalloc(sizeof *mci);
918 bzero((char *) mci, sizeof *mci);
919 mci->mci_in = stdin;
920 mci->mci_out = stdout;
921 mci->mci_state = clever ? MCIS_OPENING : MCIS_OPEN;
922 mci->mci_mailer = m;
923 }
924 else if (strcmp(m->m_mailer, "[IPC]") == 0 ||
925 strcmp(m->m_mailer, "[TCP]") == 0)
926 {
927 #ifdef DAEMON
928 register int i;
929 register u_short port;
930
931 CurHostName = pv[1];
932 curhost = hostsignature(m, pv[1], e);
933
934 if (curhost == NULL || curhost[0] == '\0')
935 {
936 syserr("null signature");
937 rcode = EX_OSERR;
938 goto give_up;
939 }
940
941 if (!clever)
942 {
943 syserr("554 non-clever IPC");
944 rcode = EX_OSERR;
945 goto give_up;
946 }
947 if (pv[2] != NULL)
948 port = atoi(pv[2]);
949 else
950 port = 0;
951 tryhost:
952 mci = NULL;
953 while (*curhost != '\0')
954 {
955 register char *p;
956 static char hostbuf[MAXNAME];
957
958 mci = NULL;
959
960 /* pull the next host from the signature */
961 p = strchr(curhost, ':');
962 if (p == NULL)
963 p = &curhost[strlen(curhost)];
964 strncpy(hostbuf, curhost, p - curhost);
965 hostbuf[p - curhost] = '\0';
966 if (*p != '\0')
967 p++;
968 curhost = p;
969
970 /* see if we already know that this host is fried */
971 CurHostName = hostbuf;
972 mci = mci_get(hostbuf, m);
973 if (mci->mci_state != MCIS_CLOSED)
974 {
975 if (tTd(11, 1))
976 {
977 printf("openmailer: ");
978 mci_dump(mci);
979 }
980 CurHostName = mci->mci_host;
981 break;
982 }
983 mci->mci_mailer = m;
984 if (mci->mci_exitstat != EX_OK)
985 continue;
986
987 /* try the connection */
988 setproctitle("%s %s: %s", e->e_id, hostbuf, "user open");
989 message("Connecting to %s (%s)...",
990 hostbuf, m->m_name);
991 i = makeconnection(hostbuf, port, mci,
992 bitnset(M_SECURE_PORT, m->m_flags));
993 mci->mci_exitstat = i;
994 mci->mci_errno = errno;
995 #ifdef NAMED_BIND
996 mci->mci_herrno = h_errno;
997 #endif
998 if (i == EX_OK)
999 {
1000 mci->mci_state = MCIS_OPENING;
1001 mci_cache(mci);
1002 if (TrafficLogFile != NULL)
1003 fprintf(TrafficLogFile, "%05d == CONNECT %s\n",
1004 getpid(), hostbuf);
1005 break;
1006 }
1007 else if (tTd(11, 1))
1008 printf("openmailer: makeconnection => stat=%d, errno=%d\n",
1009 i, errno);
1010
1011
1012 /* enter status of this host */
1013 setstat(i);
1014 }
1015 mci->mci_pid = 0;
1016 #else /* no DAEMON */
1017 syserr("554 openmailer: no IPC");
1018 if (tTd(11, 1))
1019 printf("openmailer: NULL\n");
1020 return NULL;
1021 #endif /* DAEMON */
1022 }
1023 else
1024 {
1025 if (TrafficLogFile != NULL)
1026 {
1027 char **av;
1028
1029 fprintf(TrafficLogFile, "%05d === EXEC", getpid());
1030 for (av = pv; *av != NULL; av++)
1031 fprintf(TrafficLogFile, " %s", *av);
1032 fprintf(TrafficLogFile, "\n");
1033 }
1034
1035 /* create a pipe to shove the mail through */
1036 if (pipe(mpvect) < 0)
1037 {
1038 syserr("%s... openmailer(%s): pipe (to mailer)",
1039 e->e_to, m->m_name);
1040 if (tTd(11, 1))
1041 printf("openmailer: NULL\n");
1042 rcode = EX_OSERR;
1043 goto give_up;
1044 }
1045
1046 /* if this mailer speaks smtp, create a return pipe */
1047 if (clever && pipe(rpvect) < 0)
1048 {
1049 syserr("%s... openmailer(%s): pipe (from mailer)",
1050 e->e_to, m->m_name);
1051 (void) close(mpvect[0]);
1052 (void) close(mpvect[1]);
1053 if (tTd(11, 1))
1054 printf("openmailer: NULL\n");
1055 rcode = EX_OSERR;
1056 goto give_up;
1057 }
1058
1059 /*
1060 ** Actually fork the mailer process.
1061 ** DOFORK is clever about retrying.
1062 **
1063 ** Dispose of SIGCHLD signal catchers that may be laying
1064 ** around so that endmail will get it.
1065 */
1066
1067 if (e->e_xfp != NULL)
1068 (void) fflush(e->e_xfp); /* for debugging */
1069 (void) fflush(stdout);
1070 # ifdef SIGCHLD
1071 (void) setsignal(SIGCHLD, SIG_DFL);
1072 # endif /* SIGCHLD */
1073 DOFORK(FORK);
1074 /* pid is set by DOFORK */
1075 if (pid < 0)
1076 {
1077 /* failure */
1078 syserr("%s... openmailer(%s): cannot fork",
1079 e->e_to, m->m_name);
1080 (void) close(mpvect[0]);
1081 (void) close(mpvect[1]);
1082 if (clever)
1083 {
1084 (void) close(rpvect[0]);
1085 (void) close(rpvect[1]);
1086 }
1087 if (tTd(11, 1))
1088 printf("openmailer: NULL\n");
1089 rcode = EX_OSERR;
1090 goto give_up;
1091 }
1092 else if (pid == 0)
1093 {
1094 int i;
1095 int saveerrno;
1096 char **ep;
1097 char *env[MAXUSERENVIRON];
1098 extern char **environ;
1099 extern int DtableSize;
1100
1101 /* child -- set up input & exec mailer */
1102 (void) setsignal(SIGINT, SIG_IGN);
1103 (void) setsignal(SIGHUP, SIG_IGN);
1104 (void) setsignal(SIGTERM, SIG_DFL);
1105
1106 /* close any other cached connections */
1107 mci_flush(FALSE, mci);
1108
1109 /* reset user and group */
1110 if (!bitnset(M_RESTR, m->m_flags))
1111 {
1112 if (ctladdr == NULL || ctladdr->q_uid == 0)
1113 {
1114 (void) initgroups(DefUser, DefGid);
1115 (void) setuid(DefUid);
1116 }
1117 else
1118 {
1119 (void) initgroups(ctladdr->q_ruser?
1120 ctladdr->q_ruser: ctladdr->q_user,
1121 ctladdr->q_gid);
1122 (void) setuid(ctladdr->q_uid);
1123 }
1124 }
1125
1126 if (tTd(11, 2))
1127 printf("openmailer: running as r/euid=%d/%d\n",
1128 getuid(), geteuid());
1129
1130 /* move into some "safe" directory */
1131 if (m->m_execdir != NULL)
1132 {
1133 char *p, *q;
1134 char buf[MAXLINE];
1135
1136 for (p = m->m_execdir; p != NULL; p = q)
1137 {
1138 q = strchr(p, ':');
1139 if (q != NULL)
1140 *q = '\0';
1141 expand(p, buf, &buf[sizeof buf] - 1, e);
1142 if (q != NULL)
1143 *q++ = ':';
1144 if (tTd(11, 20))
1145 printf("openmailer: trydir %s\n",
1146 buf);
1147 if (buf[0] != '\0' && chdir(buf) >= 0)
1148 break;
1149 }
1150 }
1151
1152 /* arrange to filter std & diag output of command */
1153 if (clever)
1154 {
1155 (void) close(rpvect[0]);
1156 if (dup2(rpvect[1], STDOUT_FILENO) < 0)
1157 {
1158 syserr("%s... openmailer(%s): cannot dup pipe %d for stdout",
1159 e->e_to, m->m_name, rpvect[1]);
1160 _exit(EX_OSERR);
1161 }
1162 (void) close(rpvect[1]);
1163 }
1164 else if (OpMode == MD_SMTP || HoldErrs)
1165 {
1166 /* put mailer output in transcript */
1167 if (dup2(fileno(e->e_xfp), STDOUT_FILENO) < 0)
1168 {
1169 syserr("%s... openmailer(%s): cannot dup xscript %d for stdout",
1170 e->e_to, m->m_name,
1171 fileno(e->e_xfp));
1172 _exit(EX_OSERR);
1173 }
1174 }
1175 if (dup2(STDOUT_FILENO, STDERR_FILENO) < 0)
1176 {
1177 syserr("%s... openmailer(%s): cannot dup stdout for stderr",
1178 e->e_to, m->m_name);
1179 _exit(EX_OSERR);
1180 }
1181
1182 /* arrange to get standard input */
1183 (void) close(mpvect[1]);
1184 if (dup2(mpvect[0], STDIN_FILENO) < 0)
1185 {
1186 syserr("%s... openmailer(%s): cannot dup pipe %d for stdin",
1187 e->e_to, m->m_name, mpvect[0]);
1188 _exit(EX_OSERR);
1189 }
1190 (void) close(mpvect[0]);
1191
1192 /* arrange for all the files to be closed */
1193 for (i = 3; i < DtableSize; i++)
1194 {
1195 register int j;
1196
1197 if ((j = fcntl(i, F_GETFD, 0)) != -1)
1198 (void) fcntl(i, F_SETFD, j | 1);
1199 }
1200
1201 /* set up the mailer environment */
1202 i = 0;
1203 env[i++] = "AGENT=sendmail";
1204 for (ep = environ; *ep != NULL; ep++)
1205 {
1206 if (strncmp(*ep, "TZ=", 3) == 0)
1207 env[i++] = *ep;
1208 }
1209 env[i++] = NULL;
1210
1211 /* try to execute the mailer */
1212 execve(m->m_mailer, pv, env);
1213 saveerrno = errno;
1214 syserr("Cannot exec %s", m->m_mailer);
1215 if (m == LocalMailer || transienterror(saveerrno))
1216 _exit(EX_OSERR);
1217 _exit(EX_UNAVAILABLE);
1218 }
1219
1220 /*
1221 ** Set up return value.
1222 */
1223
1224 mci = (MCI *) xalloc(sizeof *mci);
1225 bzero((char *) mci, sizeof *mci);
1226 mci->mci_mailer = m;
1227 mci->mci_state = clever ? MCIS_OPENING : MCIS_OPEN;
1228 mci->mci_pid = pid;
1229 (void) close(mpvect[0]);
1230 mci->mci_out = fdopen(mpvect[1], "w");
1231 if (clever)
1232 {
1233 (void) close(rpvect[1]);
1234 mci->mci_in = fdopen(rpvect[0], "r");
1235 }
1236 else
1237 {
1238 mci->mci_flags |= MCIF_TEMP;
1239 mci->mci_in = NULL;
1240 }
1241 }
1242
1243 /*
1244 ** If we are in SMTP opening state, send initial protocol.
1245 */
1246
1247 if (clever && mci->mci_state != MCIS_CLOSED)
1248 {
1249 smtpinit(m, mci, e);
1250 }
1251 if (tTd(11, 1))
1252 {
1253 printf("openmailer: ");
1254 mci_dump(mci);
1255 }
1256
1257 if (mci->mci_state != MCIS_OPEN)
1258 {
1259 /* couldn't open the mailer */
1260 rcode = mci->mci_exitstat;
1261 errno = mci->mci_errno;
1262 #ifdef NAMED_BIND
1263 h_errno = mci->mci_herrno;
1264 #endif
1265 if (rcode == EX_OK)
1266 {
1267 /* shouldn't happen */
1268 syserr("554 deliver: rcode=%d, mci_state=%d, sig=%s",
1269 rcode, mci->mci_state, firstsig);
1270 rcode = EX_SOFTWARE;
1271 }
1272 else if (rcode == EX_TEMPFAIL && *curhost != '\0')
1273 {
1274 /* try next MX site */
1275 goto tryhost;
1276 }
1277 }
1278 else if (!clever)
1279 {
1280 /*
1281 ** Format and send message.
1282 */
1283
1284 putfromline(mci->mci_out, m, e);
1285 (*e->e_puthdr)(mci->mci_out, m, e);
1286 putline("\n", mci->mci_out, m);
1287 (*e->e_putbody)(mci->mci_out, m, e, NULL);
1288
1289 /* get the exit status */
1290 rcode = endmailer(mci, e, pv);
1291 }
1292 else
1293 #ifdef SMTP
1294 {
1295 /*
1296 ** Send the MAIL FROM: protocol
1297 */
1298
1299 rcode = smtpmailfrom(m, mci, e);
1300 if (rcode == EX_OK)
1301 {
1302 register char *t = tobuf;
1303 register int i;
1304
1305 /* send the recipient list */
1306 tobuf[0] = '\0';
1307 for (to = tochain; to != NULL; to = to->q_tchain)
1308 {
1309 e->e_to = to->q_paddr;
1310 if ((i = smtprcpt(to, m, mci, e)) != EX_OK)
1311 {
1312 markfailure(e, to, i);
1313 giveresponse(i, m, mci, e);
1314 }
1315 else
1316 {
1317 *t++ = ',';
1318 for (p = to->q_paddr; *p; *t++ = *p++)
1319 continue;
1320 *t = '\0';
1321 }
1322 }
1323
1324 /* now send the data */
1325 if (tobuf[0] == '\0')
1326 {
1327 rcode = EX_OK;
1328 e->e_to = NULL;
1329 if (bitset(MCIF_CACHED, mci->mci_flags))
1330 smtprset(m, mci, e);
1331 }
1332 else
1333 {
1334 e->e_to = tobuf + 1;
1335 rcode = smtpdata(m, mci, e);
1336 }
1337
1338 /* now close the connection */
1339 if (!bitset(MCIF_CACHED, mci->mci_flags))
1340 smtpquit(m, mci, e);
1341 }
1342 if (rcode != EX_OK && *curhost != '\0')
1343 {
1344 /* try next MX site */
1345 goto tryhost;
1346 }
1347 }
1348 #else /* not SMTP */
1349 {
1350 syserr("554 deliver: need SMTP compiled to use clever mailer");
1351 rcode = EX_CONFIG;
1352 goto give_up;
1353 }
1354 #endif /* SMTP */
1355 #ifdef NAMED_BIND
1356 if (ConfigLevel < 2)
1357 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */
1358 #endif
1359
1360 /* arrange a return receipt if requested */
1361 if (e->e_receiptto != NULL && bitnset(M_LOCALMAILER, m->m_flags))
1362 {
1363 e->e_flags |= EF_SENDRECEIPT;
1364 /* do we want to send back more info? */
1365 }
1366
1367 /*
1368 ** Do final status disposal.
1369 ** We check for something in tobuf for the SMTP case.
1370 ** If we got a temporary failure, arrange to queue the
1371 ** addressees.
1372 */
1373
1374 give_up:
1375 if (tobuf[0] != '\0')
1376 giveresponse(rcode, m, mci, e);
1377 for (to = tochain; to != NULL; to = to->q_tchain)
1378 {
1379 if (rcode != EX_OK)
1380 markfailure(e, to, rcode);
1381 else
1382 {
1383 to->q_flags |= QSENT;
1384 e->e_nsent++;
1385 }
1386 }
1387
1388 /*
1389 ** Restore state and return.
1390 */
1391
1392 #ifdef XDEBUG
1393 {
1394 char wbuf[MAXLINE];
1395
1396 /* make absolutely certain 0, 1, and 2 are in use */
1397 sprintf(wbuf, "%s... end of deliver(%s)",
1398 e->e_to == NULL ? "NO-TO-LIST" : e->e_to,
1399 m->m_name);
1400 checkfd012(wbuf);
1401 }
1402 #endif
1403
1404 errno = 0;
1405 define('g', (char *) NULL, e);
1406 return (rcode);
1407 }
1408 �/*
1409 ** MARKFAILURE -- mark a failure on a specific address.
1410 **
1411 ** Parameters:
1412 ** e -- the envelope we are sending.
1413 ** q -- the address to mark.
1414 ** rcode -- the code signifying the particular failure.
1415 **
1416 ** Returns:
1417 ** none.
1418 **
1419 ** Side Effects:
1420 ** marks the address (and possibly the envelope) with the
1421 ** failure so that an error will be returned or
1422 ** the message will be queued, as appropriate.
1423 */
1424
1425 markfailure(e, q, rcode)
1426 register ENVELOPE *e;
1427 register ADDRESS *q;
1428 int rcode;
1429 {
1430 char buf[MAXLINE];
1431
1432 if (rcode == EX_OK)
1433 return;
1434 else if (rcode == EX_TEMPFAIL)
1435 q->q_flags |= QQUEUEUP;
1436 else if (rcode != EX_IOERR && rcode != EX_OSERR)
1437 q->q_flags |= QBADADDR;
1438 }
1439 �/*
1440 ** ENDMAILER -- Wait for mailer to terminate.
1441 **
1442 ** We should never get fatal errors (e.g., segmentation
1443 ** violation), so we report those specially. For other
1444 ** errors, we choose a status message (into statmsg),
1445 ** and if it represents an error, we print it.
1446 **
1447 ** Parameters:
1448 ** pid -- pid of mailer.
1449 ** e -- the current envelope.
1450 ** pv -- the parameter vector that invoked the mailer
1451 ** (for error messages).
1452 **
1453 ** Returns:
1454 ** exit code of mailer.
1455 **
1456 ** Side Effects:
1457 ** none.
1458 */
1459
1460 endmailer(mci, e, pv)
1461 register MCI *mci;
1462 register ENVELOPE *e;
1463 char **pv;
1464 {
1465 int st;
1466
1467 /* close any connections */
1468 if (mci->mci_in != NULL)
1469 (void) xfclose(mci->mci_in, pv[0], "mci_in");
1470 if (mci->mci_out != NULL)
1471 (void) xfclose(mci->mci_out, pv[0], "mci_out");
1472 mci->mci_in = mci->mci_out = NULL;
1473 mci->mci_state = MCIS_CLOSED;
1474
1475 /* in the IPC case there is nothing to wait for */
1476 if (mci->mci_pid == 0)
1477 return (EX_OK);
1478
1479 /* wait for the mailer process to die and collect status */
1480 st = waitfor(mci->mci_pid);
1481 if (st == -1)
1482 {
1483 syserr("endmailer %s: wait", pv[0]);
1484 return (EX_SOFTWARE);
1485 }
1486
1487 if (WIFEXITED(st))
1488 {
1489 /* normal death -- return status */
1490 return (WEXITSTATUS(st));
1491 }
1492
1493 /* it died a horrid death */
1494 syserr("mailer %s died with signal %o", pv[0], st);
1495
1496 /* log the arguments */
1497 if (e->e_xfp != NULL)
1498 {
1499 register char **av;
1500
1501 fprintf(e->e_xfp, "Arguments:");
1502 for (av = pv; *av != NULL; av++)
1503 fprintf(e->e_xfp, " %s", *av);
1504 fprintf(e->e_xfp, "\n");
1505 }
1506
1507 ExitStat = EX_TEMPFAIL;
1508 return (EX_TEMPFAIL);
1509 }
1510 �/*
1511 ** GIVERESPONSE -- Interpret an error response from a mailer
1512 **
1513 ** Parameters:
1514 ** stat -- the status code from the mailer (high byte
1515 ** only; core dumps must have been taken care of
1516 ** already).
1517 ** m -- the mailer info for this mailer.
1518 ** mci -- the mailer connection info -- can be NULL if the
1519 ** response is given before the connection is made.
1520 ** e -- the current envelope.
1521 **
1522 ** Returns:
1523 ** none.
1524 **
1525 ** Side Effects:
1526 ** Errors may be incremented.
1527 ** ExitStat may be set.
1528 */
1529
1530 giveresponse(stat, m, mci, e)
1531 int stat;
1532 register MAILER *m;
1533 register MCI *mci;
1534 ENVELOPE *e;
1535 {
1536 register const char *statmsg;
1537 extern char *SysExMsg[];
1538 register int i;
1539 extern int N_SysEx;
1540 char buf[MAXLINE];
1541
1542 /*
1543 ** Compute status message from code.
1544 */
1545
1546 i = stat - EX__BASE;
1547 if (stat == 0)
1548 {
1549 statmsg = "250 Sent";
1550 if (e->e_statmsg != NULL)
1551 {
1552 (void) sprintf(buf, "%s (%s)", statmsg, e->e_statmsg);
1553 statmsg = buf;
1554 }
1555 }
1556 else if (i < 0 || i > N_SysEx)
1557 {
1558 (void) sprintf(buf, "554 unknown mailer error %d", stat);
1559 stat = EX_UNAVAILABLE;
1560 statmsg = buf;
1561 }
1562 else if (stat == EX_TEMPFAIL)
1563 {
1564 (void) strcpy(buf, SysExMsg[i] + 1);
1565 #ifdef NAMED_BIND
1566 if (h_errno == TRY_AGAIN)
1567 statmsg = errstring(h_errno+E_DNSBASE);
1568 else
1569 #endif
1570 {
1571 if (errno != 0)
1572 statmsg = errstring(errno);
1573 else
1574 {
1575 #ifdef SMTP
1576 extern char SmtpError[];
1577
1578 statmsg = SmtpError;
1579 #else /* SMTP */
1580 statmsg = NULL;
1581 #endif /* SMTP */
1582 }
1583 }
1584 if (statmsg != NULL && statmsg[0] != '\0')
1585 {
1586 (void) strcat(buf, ": ");
1587 (void) strcat(buf, statmsg);
1588 }
1589 statmsg = buf;
1590 }
1591 #ifdef NAMED_BIND
1592 else if (stat == EX_NOHOST && h_errno != 0)
1593 {
1594 statmsg = errstring(h_errno + E_DNSBASE);
1595 (void) sprintf(buf, "%s (%s)", SysExMsg[i], statmsg);
1596 statmsg = buf;
1597 }
1598 #endif
1599 else
1600 {
1601 statmsg = SysExMsg[i];
1602 if (*statmsg++ == ':')
1603 {
1604 (void) sprintf(buf, "%s: %s", statmsg, errstring(errno));
1605 statmsg = buf;
1606 }
1607 }
1608
1609 /*
1610 ** Print the message as appropriate
1611 */
1612
1613 if (stat == EX_OK || stat == EX_TEMPFAIL)
1614 message(&statmsg[4], errstring(errno));
1615 else
1616 {
1617 Errors++;
1618 usrerr(statmsg, errstring(errno));
1619 }
1620
1621 /*
1622 ** Final cleanup.
1623 ** Log a record of the transaction. Compute the new
1624 ** ExitStat -- if we already had an error, stick with
1625 ** that.
1626 */
1627
1628 if (LogLevel > ((stat == EX_TEMPFAIL) ? 8 : (stat == EX_OK) ? 7 : 6))
1629 logdelivery(m, mci, &statmsg[4], e);
1630
1631 if (stat != EX_TEMPFAIL)
1632 setstat(stat);
1633 if (stat != EX_OK)
1634 {
1635 if (e->e_message != NULL)
1636 free(e->e_message);
1637 e->e_message = newstr(&statmsg[4]);
1638 }
1639 errno = 0;
1640 #ifdef NAMED_BIND
1641 h_errno = 0;
1642 #endif
1643 }
1644 �/*
1645 ** LOGDELIVERY -- log the delivery in the system log
1646 **
1647 ** Parameters:
1648 ** m -- the mailer info. Can be NULL for initial queue.
1649 ** mci -- the mailer connection info -- can be NULL if the
1650 ** log is occuring when no connection is active.
1651 ** stat -- the message to print for the status.
1652 ** e -- the current envelope.
1653 **
1654 ** Returns:
1655 ** none
1656 **
1657 ** Side Effects:
1658 ** none
1659 */
1660
1661 logdelivery(m, mci, stat, e)
1662 MAILER *m;
1663 register MCI *mci;
1664 char *stat;
1665 register ENVELOPE *e;
1666 {
1667 # ifdef LOG
1668 char buf[512];
1669
1670 (void) sprintf(buf, "delay=%s", pintvl(curtime() - e->e_ctime, TRUE));
1671
1672 if (m != NULL)
1673 {
1674 (void) strcat(buf, ", mailer=");
1675 (void) strcat(buf, m->m_name);
1676 }
1677
1678 if (mci != NULL && mci->mci_host != NULL)
1679 {
1680 # ifdef DAEMON
1681 extern SOCKADDR CurHostAddr;
1682 # endif
1683
1684 (void) strcat(buf, ", relay=");
1685 (void) strcat(buf, mci->mci_host);
1686
1687 # ifdef DAEMON
1688 (void) strcat(buf, " (");
1689 (void) strcat(buf, anynet_ntoa(&CurHostAddr));
1690 (void) strcat(buf, ")");
1691 # endif
1692 }
1693 else
1694 {
1695 char *p = macvalue('h', e);
1696
1697 if (p != NULL && p[0] != '\0')
1698 {
1699 (void) strcat(buf, ", relay=");
1700 (void) strcat(buf, p);
1701 }
1702 }
1703
1704 syslog(LOG_INFO, "%s: to=%s, %s, stat=%s",
1705 e->e_id, e->e_to, buf, stat);
1706 # endif /* LOG */
1707 }
1708 �/*
1709 ** PUTFROMLINE -- output a UNIX-style from line (or whatever)
1710 **
1711 ** This can be made an arbitrary message separator by changing $l
1712 **
1713 ** One of the ugliest hacks seen by human eyes is contained herein:
1714 ** UUCP wants those stupid "remote from <host>" lines. Why oh why
1715 ** does a well-meaning programmer such as myself have to deal with
1716 ** this kind of antique garbage????
1717 **
1718 ** Parameters:
1719 ** fp -- the file to output to.
1720 ** m -- the mailer describing this entry.
1721 **
1722 ** Returns:
1723 ** none
1724 **
1725 ** Side Effects:
1726 ** outputs some text to fp.
1727 */
1728
1729 putfromline(fp, m, e)
1730 register FILE *fp;
1731 register MAILER *m;
1732 ENVELOPE *e;
1733 {
1734 char *template = "\201l\n";
1735 char buf[MAXLINE];
1736
1737 if (bitnset(M_NHDR, m->m_flags))
1738 return;
1739
1740 # ifdef UGLYUUCP
1741 if (bitnset(M_UGLYUUCP, m->m_flags))
1742 {
1743 char *bang;
1744 char xbuf[MAXLINE];
1745
1746 expand("\201g", buf, &buf[sizeof buf - 1], e);
1747 bang = strchr(buf, '!');
1748 if (bang == NULL)
1749 {
1750 errno = 0;
1751 syserr("554 No ! in UUCP From address! (%s given)", buf);
1752 }
1753 else
1754 {
1755 *bang++ = '\0';
1756 (void) sprintf(xbuf, "From %s \201d remote from %s\n", bang, buf);
1757 template = xbuf;
1758 }
1759 }
1760 # endif /* UGLYUUCP */
1761 expand(template, buf, &buf[sizeof buf - 1], e);
1762 putline(buf, fp, m);
1763 }
1764 �/*
1765 ** PUTBODY -- put the body of a message.
1766 **
1767 ** Parameters:
1768 ** fp -- file to output onto.
1769 ** m -- a mailer descriptor to control output format.
1770 ** e -- the envelope to put out.
1771 ** separator -- if non-NULL, a message separator that must
1772 ** not be permitted in the resulting message.
1773 **
1774 ** Returns:
1775 ** none.
1776 **
1777 ** Side Effects:
1778 ** The message is written onto fp.
1779 */
1780
1781 putbody(fp, m, e, separator)
1782 FILE *fp;
1783 MAILER *m;
1784 register ENVELOPE *e;
1785 char *separator;
1786 {
1787 char buf[MAXLINE];
1788
1789 /*
1790 ** Output the body of the message
1791 */
1792
1793 if (e->e_dfp == NULL)
1794 {
1795 if (e->e_df != NULL)
1796 {
1797 e->e_dfp = fopen(e->e_df, "r");
1798 if (e->e_dfp == NULL)
1799 syserr("putbody: Cannot open %s for %s from %s",
1800 e->e_df, e->e_to, e->e_from.q_paddr);
1801 }
1802 else
1803 putline("<<< No Message Collected >>>", fp, m);
1804 }
1805 if (e->e_dfp != NULL)
1806 {
1807 rewind(e->e_dfp);
1808 while (!ferror(fp) && fgets(buf, sizeof buf, e->e_dfp) != NULL)
1809 {
1810 if (buf[0] == 'F' && bitnset(M_ESCFROM, m->m_flags) &&
1811 strncmp(buf, "From ", 5) == 0)
1812 (void) putc('>', fp);
1813 if (buf[0] == '-' && buf[1] == '-' && separator != NULL)
1814 {
1815 /* possible separator */
1816 int sl = strlen(separator);
1817
1818 if (strncmp(&buf[2], separator, sl) == 0)
1819 (void) putc(' ', fp);
1820 }
1821 putline(buf, fp, m);
1822 }
1823
1824 if (ferror(e->e_dfp))
1825 {
1826 syserr("putbody: read error");
1827 ExitStat = EX_IOERR;
1828 }
1829 }
1830
1831 /* some mailers want extra blank line at end of message */
1832 if (bitnset(M_BLANKEND, m->m_flags) && buf[0] != '\0' && buf[0] != '\n')
1833 putline("", fp, m);
1834
1835 (void) fflush(fp);
1836 if (ferror(fp) && errno != EPIPE)
1837 {
1838 syserr("putbody: write error");
1839 ExitStat = EX_IOERR;
1840 }
1841 errno = 0;
1842 }
1843 �/*
1844 ** MAILFILE -- Send a message to a file.
1845 **
1846 ** If the file has the setuid/setgid bits set, but NO execute
1847 ** bits, sendmail will try to become the owner of that file
1848 ** rather than the real user. Obviously, this only works if
1849 ** sendmail runs as root.
1850 **
1851 ** This could be done as a subordinate mailer, except that it
1852 ** is used implicitly to save messages in ~/dead.letter. We
1853 ** view this as being sufficiently important as to include it
1854 ** here. For example, if the system is dying, we shouldn't have
1855 ** to create another process plus some pipes to save the message.
1856 **
1857 ** Parameters:
1858 ** filename -- the name of the file to send to.
1859 ** ctladdr -- the controlling address header -- includes
1860 ** the userid/groupid to be when sending.
1861 **
1862 ** Returns:
1863 ** The exit code associated with the operation.
1864 **
1865 ** Side Effects:
1866 ** none.
1867 */
1868
1869 mailfile(filename, ctladdr, e)
1870 char *filename;
1871 ADDRESS *ctladdr;
1872 register ENVELOPE *e;
1873 {
1874 register FILE *f;
1875 register int pid;
1876 int mode;
1877
1878 if (tTd(11, 1))
1879 {
1880 printf("mailfile %s\n ctladdr=", filename);
1881 printaddr(ctladdr, FALSE);
1882 }
1883
1884 if (e->e_xfp != NULL)
1885 fflush(e->e_xfp);
1886
1887 /*
1888 ** Fork so we can change permissions here.
1889 ** Note that we MUST use fork, not vfork, because of
1890 ** the complications of calling subroutines, etc.
1891 */
1892
1893 DOFORK(fork);
1894
1895 if (pid < 0)
1896 return (EX_OSERR);
1897 else if (pid == 0)
1898 {
1899 /* child -- actually write to file */
1900 struct stat stb;
1901
1902 (void) setsignal(SIGINT, SIG_DFL);
1903 (void) setsignal(SIGHUP, SIG_DFL);
1904 (void) setsignal(SIGTERM, SIG_DFL);
1905 (void) umask(OldUmask);
1906
1907 if (stat(filename, &stb) < 0)
1908 stb.st_mode = FileMode;
1909 mode = stb.st_mode;
1910
1911 /* limit the errors to those actually caused in the child */
1912 errno = 0;
1913 ExitStat = EX_OK;
1914
1915 if (bitset(0111, stb.st_mode))
1916 exit(EX_CANTCREAT);
1917 if (ctladdr == NULL)
1918 ctladdr = &e->e_from;
1919 else
1920 {
1921 /* ignore setuid and setgid bits */
1922 mode &= ~(S_ISGID|S_ISUID);
1923 }
1924
1925 /* we have to open the dfile BEFORE setuid */
1926 if (e->e_dfp == NULL && e->e_df != NULL)
1927 {
1928 e->e_dfp = fopen(e->e_df, "r");
1929 if (e->e_dfp == NULL)
1930 {
1931 syserr("mailfile: Cannot open %s for %s from %s",
1932 e->e_df, e->e_to, e->e_from.q_paddr);
1933 }
1934 }
1935
1936 if (!bitset(S_ISGID, mode) || setgid(stb.st_gid) < 0)
1937 {
1938 if (ctladdr->q_uid == 0)
1939 {
1940 (void) initgroups(DefUser, DefGid);
1941 }
1942 else
1943 {
1944 (void) initgroups(ctladdr->q_ruser ?
1945 ctladdr->q_ruser : ctladdr->q_user,
1946 ctladdr->q_gid);
1947 }
1948 }
1949 if (!bitset(S_ISUID, mode) || setuid(stb.st_uid) < 0)
1950 {
1951 if (ctladdr->q_uid == 0)
1952 (void) setuid(DefUid);
1953 else
1954 (void) setuid(ctladdr->q_uid);
1955 }
1956 FileName = filename;
1957 LineNumber = 0;
1958 f = dfopen(filename, O_WRONLY|O_CREAT|O_APPEND, FileMode);
1959 if (f == NULL)
1960 {
1961 message("554 cannot open: %s", errstring(errno));
1962 exit(EX_CANTCREAT);
1963 }
1964
1965 putfromline(f, FileMailer, e);
1966 (*e->e_puthdr)(f, FileMailer, e);
1967 putline("\n", f, FileMailer);
1968 (*e->e_putbody)(f, FileMailer, e, NULL);
1969 putline("\n", f, FileMailer);
1970 if (ferror(f))
1971 {
1972 message("451 I/O error: %s", errstring(errno));
1973 setstat(EX_IOERR);
1974 }
1975 (void) xfclose(f, "mailfile", filename);
1976 (void) fflush(stdout);
1977
1978 /* reset ISUID & ISGID bits for paranoid systems */
1979 (void) chmod(filename, (int) stb.st_mode);
1980 exit(ExitStat);
1981 /*NOTREACHED*/
1982 }
1983 else
1984 {
1985 /* parent -- wait for exit status */
1986 int st;
1987
1988 st = waitfor(pid);
1989 if (WIFEXITED(st))
1990 return (WEXITSTATUS(st));
1991 else
1992 {
1993 syserr("child died on signal %d", st);
1994 return (EX_UNAVAILABLE);
1995 }
1996 /*NOTREACHED*/
1997 }
1998 }
1999 �/*
2000 ** HOSTSIGNATURE -- return the "signature" for a host.
2001 **
2002 ** The signature describes how we are going to send this -- it
2003 ** can be just the hostname (for non-Internet hosts) or can be
2004 ** an ordered list of MX hosts.
2005 **
2006 ** Parameters:
2007 ** m -- the mailer describing this host.
2008 ** host -- the host name.
2009 ** e -- the current envelope.
2010 **
2011 ** Returns:
2012 ** The signature for this host.
2013 **
2014 ** Side Effects:
2015 ** Can tweak the symbol table.
2016 */
2017
2018 char *
2019 hostsignature(m, host, e)
2020 register MAILER *m;
2021 char *host;
2022 ENVELOPE *e;
2023 {
2024 register char *p;
2025 register STAB *s;
2026 int i;
2027 int len;
2028 #ifdef NAMED_BIND
2029 int nmx;
2030 auto int rcode;
2031 char *hp;
2032 char *endp;
2033 int oldoptions;
2034 char *mxhosts[MAXMXHOSTS + 1];
2035 #endif
2036
2037 /*
2038 ** Check to see if this uses IPC -- if not, it can't have MX records.
2039 */
2040
2041 p = m->m_mailer;
2042 if (strcmp(p, "[IPC]") != 0 && strcmp(p, "[TCP]") != 0)
2043 {
2044 /* just an ordinary mailer */
2045 return host;
2046 }
2047
2048 /*
2049 ** If it is a numeric address, just return it.
2050 */
2051
2052 if (host[0] == '[')
2053 return host;
2054
2055 /*
2056 ** Look it up in the symbol table.
2057 */
2058
2059 s = stab(host, ST_HOSTSIG, ST_ENTER);
2060 if (s->s_hostsig != NULL)
2061 return s->s_hostsig;
2062
2063 /*
2064 ** Not already there -- create a signature.
2065 */
2066
2067 #ifdef NAMED_BIND
2068 if (ConfigLevel < 2)
2069 {
2070 oldoptions = _res.options;
2071 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
2072 }
2073
2074 for (hp = host; hp != NULL; hp = endp)
2075 {
2076 endp = strchr(hp, ':');
2077 if (endp != NULL)
2078 *endp = '\0';
2079
2080 nmx = getmxrr(hp, mxhosts, TRUE, &rcode);
2081
2082 if (nmx <= 0)
2083 {
2084 register MCI *mci;
2085 extern int errno;
2086
2087 /* update the connection info for this host */
2088 mci = mci_get(hp, m);
2089 mci->mci_exitstat = rcode;
2090 mci->mci_errno = errno;
2091 #ifdef NAMED_BIND
2092 mci->mci_herrno = h_errno;
2093 #endif
2094
2095 /* and return the original host name as the signature */
2096 nmx = 1;
2097 mxhosts[0] = hp;
2098 }
2099
2100 len = 0;
2101 for (i = 0; i < nmx; i++)
2102 {
2103 len += strlen(mxhosts[i]) + 1;
2104 }
2105 if (s->s_hostsig != NULL)
2106 len += strlen(s->s_hostsig) + 1;
2107 p = xalloc(len);
2108 if (s->s_hostsig != NULL)
2109 {
2110 (void) strcpy(p, s->s_hostsig);
2111 free(s->s_hostsig);
2112 s->s_hostsig = p;
2113 p += strlen(p);
2114 *p++ = ':';
2115 }
2116 else
2117 s->s_hostsig = p;
2118 for (i = 0; i < nmx; i++)
2119 {
2120 if (i != 0)
2121 *p++ = ':';
2122 strcpy(p, mxhosts[i]);
2123 p += strlen(p);
2124 }
2125 if (endp != NULL)
2126 *endp++ = ':';
2127 }
2128 makelower(s->s_hostsig);
2129 if (ConfigLevel < 2)
2130 _res.options = oldoptions;
2131 #else
2132 /* not using BIND -- the signature is just the host name */
2133 s->s_hostsig = host;
2134 #endif
2135 if (tTd(17, 1))
2136 printf("hostsignature(%s) = %s\n", host, s->s_hostsig);
2137 return s->s_hostsig;
2138 }
2139