1 /*
2 * Copyright (c) 1983 Eric P. Allman
3 * Copyright (c) 1988, 1993
4 * The Regents of the University of California. All rights reserved.
5 *
6 * %sccs.include.redist.c%
7 */
8
9 #ifndef lint
10 static char sccsid[] = "@(#)savemail.c 8.5 (Berkeley) 07/17/93";
11 #endif /* not lint */
12
13 # include <pwd.h>
14 # include "sendmail.h"
15
16 /*
17 ** SAVEMAIL -- Save mail on error
18 **
19 ** If mailing back errors, mail it back to the originator
20 ** together with an error message; otherwise, just put it in
21 ** dead.letter in the user's home directory (if he exists on
22 ** this machine).
23 **
24 ** Parameters:
25 ** e -- the envelope containing the message in error.
26 **
27 ** Returns:
28 ** none
29 **
30 ** Side Effects:
31 ** Saves the letter, by writing or mailing it back to the
32 ** sender, or by putting it in dead.letter in her home
33 ** directory.
34 */
35
36 /* defines for state machine */
37 # define ESM_REPORT 0 /* report to sender's terminal */
38 # define ESM_MAIL 1 /* mail back to sender */
39 # define ESM_QUIET 2 /* messages have already been returned */
40 # define ESM_DEADLETTER 3 /* save in ~/dead.letter */
41 # define ESM_POSTMASTER 4 /* return to postmaster */
42 # define ESM_USRTMP 5 /* save in /usr/tmp/dead.letter */
43 # define ESM_PANIC 6 /* leave the locked queue/transcript files */
44 # define ESM_DONE 7 /* the message is successfully delivered */
45
46
47 savemail(e)
48 register ENVELOPE *e;
49 {
50 register struct passwd *pw;
51 register FILE *fp;
52 int state;
53 auto ADDRESS *q = NULL;
54 char buf[MAXLINE+1];
55 extern struct passwd *getpwnam();
56 register char *p;
57 extern char *ttypath();
58 typedef int (*fnptr)();
59
60 if (tTd(6, 1))
61 {
62 printf("\nsavemail, errormode = %c, id = %s\n e_from=",
63 e->e_errormode, e->e_id == NULL ? "NONE" : e->e_id);
64 printaddr(&e->e_from, FALSE);
65 }
66
67 if (e->e_id == NULL)
68 {
69 /* can't return a message with no id */
70 return;
71 }
72
73 e->e_flags &= ~EF_FATALERRS;
74
75 /*
76 ** In the unhappy event we don't know who to return the mail
77 ** to, make someone up.
78 */
79
80 if (e->e_from.q_paddr == NULL)
81 {
82 e->e_sender = "Postmaster";
83 if (parseaddr(e->e_sender, &e->e_from, 0, '\0', NULL, e) == NULL)
84 {
85 syserr("553 Cannot parse Postmaster!");
86 ExitStat = EX_SOFTWARE;
87 finis();
88 }
89 }
90 e->e_to = NULL;
91
92 /*
93 ** Basic state machine.
94 **
95 ** This machine runs through the following states:
96 **
97 ** ESM_QUIET Errors have already been printed iff the
98 ** sender is local.
99 ** ESM_REPORT Report directly to the sender's terminal.
100 ** ESM_MAIL Mail response to the sender.
101 ** ESM_DEADLETTER Save response in ~/dead.letter.
102 ** ESM_POSTMASTER Mail response to the postmaster.
103 ** ESM_PANIC Save response anywhere possible.
104 */
105
106 /* determine starting state */
107 switch (e->e_errormode)
108 {
109 case EM_WRITE:
110 state = ESM_REPORT;
111 break;
112
113 case EM_BERKNET:
114 /* mail back, but return o.k. exit status */
115 ExitStat = EX_OK;
116
117 /* fall through.... */
118
119 case EM_MAIL:
120 state = ESM_MAIL;
121 break;
122
123 case EM_PRINT:
124 case '\0':
125 state = ESM_QUIET;
126 break;
127
128 case EM_QUIET:
129 /* no need to return anything at all */
130 return;
131
132 default:
133 syserr("554 savemail: bogus errormode x%x\n", e->e_errormode);
134 state = ESM_MAIL;
135 break;
136 }
137
138 /* if this is already an error response, send to postmaster */
139 if (bitset(EF_RESPONSE, e->e_flags))
140 {
141 if (e->e_parent != NULL &&
142 bitset(EF_RESPONSE, e->e_parent->e_flags))
143 {
144 /* got an error sending a response -- can it */
145 return;
146 }
147 state = ESM_POSTMASTER;
148 }
149
150 while (state != ESM_DONE)
151 {
152 if (tTd(6, 5))
153 printf(" state %d\n", state);
154
155 switch (state)
156 {
157 case ESM_QUIET:
158 if (e->e_from.q_mailer == LocalMailer)
159 state = ESM_DEADLETTER;
160 else
161 state = ESM_MAIL;
162 break;
163
164 case ESM_REPORT:
165
166 /*
167 ** If the user is still logged in on the same terminal,
168 ** then write the error messages back to hir (sic).
169 */
170
171 p = ttypath();
172 if (p == NULL || freopen(p, "w", stdout) == NULL)
173 {
174 state = ESM_MAIL;
175 break;
176 }
177
178 expand("\201n", buf, &buf[sizeof buf - 1], e);
179 printf("\r\nMessage from %s...\r\n", buf);
180 printf("Errors occurred while sending mail.\r\n");
181 if (e->e_xfp != NULL)
182 {
183 (void) fflush(e->e_xfp);
184 fp = fopen(queuename(e, 'x'), "r");
185 }
186 else
187 fp = NULL;
188 if (fp == NULL)
189 {
190 syserr("Cannot open %s", queuename(e, 'x'));
191 printf("Transcript of session is unavailable.\r\n");
192 }
193 else
194 {
195 printf("Transcript follows:\r\n");
196 while (fgets(buf, sizeof buf, fp) != NULL &&
197 !ferror(stdout))
198 fputs(buf, stdout);
199 (void) xfclose(fp, "savemail transcript", e->e_id);
200 }
201 printf("Original message will be saved in dead.letter.\r\n");
202 state = ESM_DEADLETTER;
203 break;
204
205 case ESM_MAIL:
206 /*
207 ** If mailing back, do it.
208 ** Throw away all further output. Don't alias,
209 ** since this could cause loops, e.g., if joe
210 ** mails to joe@x, and for some reason the network
211 ** for @x is down, then the response gets sent to
212 ** joe@x, which gives a response, etc. Also force
213 ** the mail to be delivered even if a version of
214 ** it has already been sent to the sender.
215 **
216 ** If this is a configuration or local software
217 ** error, send to the local postmaster as well,
218 ** since the originator can't do anything
219 ** about it anyway. Note that this is a full
220 ** copy of the message (intentionally) so that
221 ** the Postmaster can forward things along.
222 */
223
224 if (ExitStat == EX_CONFIG || ExitStat == EX_SOFTWARE)
225 {
226 (void) sendtolist("postmaster",
227 (ADDRESS *) NULL,
228 &e->e_errorqueue, e);
229 }
230 if (strcmp(e->e_from.q_paddr, "<>") != 0)
231 {
232 (void) sendtolist(e->e_from.q_paddr,
233 (ADDRESS *) NULL,
234 &e->e_errorqueue, e);
235 }
236
237 /*
238 ** Deliver a non-delivery report to the
239 ** Postmaster-designate (not necessarily
240 ** Postmaster). This does not include the
241 ** body of the message, for privacy reasons.
242 ** You really shouldn't need this.
243 */
244
245 e->e_flags |= EF_PM_NOTIFY;
246
247 q = e->e_errorqueue;
248 if (q == NULL)
249 {
250 /* this is an error-error */
251 state = ESM_POSTMASTER;
252 break;
253 }
254 if (returntosender(e->e_message,
255 q, (e->e_class >= 0), e) == 0)
256 {
257 state = ESM_DONE;
258 break;
259 }
260
261 /* didn't work -- return to postmaster */
262 state = ESM_POSTMASTER;
263 break;
264
265 case ESM_POSTMASTER:
266 /*
267 ** Similar to previous case, but to system postmaster.
268 */
269
270 q = NULL;
271 if (sendtolist("postmaster", NULL, &q, e) <= 0)
272 {
273 syserr("553 cannot parse postmaster!");
274 ExitStat = EX_SOFTWARE;
275 state = ESM_USRTMP;
276 break;
277 }
278 if (returntosender(e->e_message,
279 q, (e->e_class >= 0), e) == 0)
280 {
281 state = ESM_DONE;
282 break;
283 }
284
285 /* didn't work -- last resort */
286 state = ESM_USRTMP;
287 break;
288
289 case ESM_DEADLETTER:
290 /*
291 ** Save the message in dead.letter.
292 ** If we weren't mailing back, and the user is
293 ** local, we should save the message in
294 ** ~/dead.letter so that the poor person doesn't
295 ** have to type it over again -- and we all know
296 ** what poor typists UNIX users are.
297 */
298
299 p = NULL;
300 if (e->e_from.q_mailer == LocalMailer)
301 {
302 if (e->e_from.q_home != NULL)
303 p = e->e_from.q_home;
304 else if ((pw = getpwnam(e->e_from.q_user)) != NULL)
305 p = pw->pw_dir;
306 }
307 if (p == NULL)
308 {
309 /* no local directory */
310 state = ESM_MAIL;
311 break;
312 }
313 if (e->e_dfp != NULL)
314 {
315 bool oldverb = Verbose;
316
317 /* we have a home directory; open dead.letter */
318 define('z', p, e);
319 expand("\201z/dead.letter", buf, &buf[sizeof buf - 1], e);
320 Verbose = TRUE;
321 message("Saving message in %s", buf);
322 Verbose = oldverb;
323 e->e_to = buf;
324 q = NULL;
325 (void) sendtolist(buf, &e->e_from, &q, e);
326 if (deliver(e, q) == 0)
327 state = ESM_DONE;
328 else
329 state = ESM_MAIL;
330 }
331 else
332 {
333 /* no data file -- try mailing back */
334 state = ESM_MAIL;
335 }
336 break;
337
338 case ESM_USRTMP:
339 /*
340 ** Log the mail in /usr/tmp/dead.letter.
341 */
342
343 if (e->e_class < 0)
344 {
345 state = ESM_DONE;
346 break;
347 }
348
349 fp = dfopen("/usr/tmp/dead.letter",
350 O_WRONLY|O_CREAT|O_APPEND, FileMode);
351 if (fp == NULL)
352 {
353 state = ESM_PANIC;
354 break;
355 }
356
357 putfromline(fp, FileMailer, e);
358 (*e->e_puthdr)(fp, FileMailer, e);
359 putline("\n", fp, FileMailer);
360 (*e->e_putbody)(fp, FileMailer, e, NULL);
361 putline("\n", fp, FileMailer);
362 (void) fflush(fp);
363 state = ferror(fp) ? ESM_PANIC : ESM_DONE;
364 (void) xfclose(fp, "savemail", "/usr/tmp/dead.letter");
365 break;
366
367 default:
368 syserr("554 savemail: unknown state %d", state);
369
370 /* fall through ... */
371
372 case ESM_PANIC:
373 /* leave the locked queue & transcript files around */
374 syserr("554 savemail: cannot save rejected email anywhere");
375 exit(EX_SOFTWARE);
376 }
377 }
378 }
379 �/*
380 ** RETURNTOSENDER -- return a message to the sender with an error.
381 **
382 ** Parameters:
383 ** msg -- the explanatory message.
384 ** returnq -- the queue of people to send the message to.
385 ** sendbody -- if TRUE, also send back the body of the
386 ** message; otherwise just send the header.
387 ** e -- the current envelope.
388 **
389 ** Returns:
390 ** zero -- if everything went ok.
391 ** else -- some error.
392 **
393 ** Side Effects:
394 ** Returns the current message to the sender via
395 ** mail.
396 */
397
398 static bool SendBody;
399
400 #define MAXRETURNS 6 /* max depth of returning messages */
401 #define ERRORFUDGE 100 /* nominal size of error message text */
402
403 returntosender(msg, returnq, sendbody, e)
404 char *msg;
405 ADDRESS *returnq;
406 bool sendbody;
407 register ENVELOPE *e;
408 {
409 char buf[MAXNAME];
410 extern putheader(), errbody();
411 register ENVELOPE *ee;
412 ENVELOPE *oldcur = CurEnv;
413 ENVELOPE errenvelope;
414 static int returndepth;
415 register ADDRESS *q;
416
417 if (returnq == NULL)
418 return (-1);
419
420 if (msg == NULL)
421 msg = "Unable to deliver mail";
422
423 if (tTd(6, 1))
424 {
425 printf("Return To Sender: msg=\"%s\", depth=%d, e=%x, returnq=",
426 msg, returndepth, e);
427 printaddr(returnq, TRUE);
428 }
429
430 if (++returndepth >= MAXRETURNS)
431 {
432 if (returndepth != MAXRETURNS)
433 syserr("554 returntosender: infinite recursion on %s", returnq->q_paddr);
434 /* don't "unrecurse" and fake a clean exit */
435 /* returndepth--; */
436 return (0);
437 }
438
439 SendBody = sendbody;
440 define('g', e->e_from.q_paddr, e);
441 ee = newenvelope(&errenvelope, e);
442 define('a', "\201b", ee);
443 define('r', "internal", ee);
444 define('s', "localhost", ee);
445 define('_', "localhost", ee);
446 ee->e_puthdr = putheader;
447 ee->e_putbody = errbody;
448 ee->e_flags |= EF_RESPONSE;
449 if (!bitset(EF_OLDSTYLE, e->e_flags))
450 ee->e_flags &= ~EF_OLDSTYLE;
451 ee->e_sendqueue = returnq;
452 ee->e_msgsize = e->e_msgsize + ERRORFUDGE;
453 openxscript(ee);
454 for (q = returnq; q != NULL; q = q->q_next)
455 {
456 if (bitset(QBADADDR, q->q_flags))
457 continue;
458
459 if (!bitset(QDONTSEND, q->q_flags))
460 ee->e_nrcpts++;
461
462 if (!DontPruneRoutes && pruneroute(q->q_paddr))
463 parseaddr(q->q_paddr, q, 0, '\0', NULL, e);
464
465 if (q->q_alias == NULL)
466 addheader("To", q->q_paddr, ee);
467 }
468
469 # ifdef LOG
470 if (LogLevel > 5)
471 syslog(LOG_INFO, "%s: %s: return to sender: %s",
472 e->e_id, ee->e_id, msg);
473 # endif
474
475 (void) sprintf(buf, "Returned mail: %s", msg);
476 addheader("Subject", buf, ee);
477 if (SendMIMEErrors)
478 {
479 addheader("MIME-Version", "1.0", ee);
480 (void) sprintf(buf, "%s.%ld/%s",
481 ee->e_id, curtime(), MyHostName);
482 ee->e_msgboundary = newstr(buf);
483 (void) sprintf(buf, "multipart/mixed; boundary=\"%s\"",
484 ee->e_msgboundary);
485 addheader("Content-Type", buf, ee);
486 }
487
488 /* fake up an address header for the from person */
489 expand("\201n", buf, &buf[sizeof buf - 1], e);
490 if (parseaddr(buf, &ee->e_from, 1, '\0', NULL, e) == NULL)
491 {
492 syserr("553 Can't parse myself!");
493 ExitStat = EX_SOFTWARE;
494 returndepth--;
495 return (-1);
496 }
497 ee->e_sender = ee->e_from.q_paddr;
498
499 /* push state into submessage */
500 CurEnv = ee;
501 define('f', "\201n", ee);
502 define('x', "Mail Delivery Subsystem", ee);
503 eatheader(ee, TRUE);
504
505 /* mark statistics */
506 markstats(ee, (ADDRESS *) NULL);
507
508 /* actually deliver the error message */
509 sendall(ee, SM_DEFAULT);
510
511 /* restore state */
512 dropenvelope(ee);
513 CurEnv = oldcur;
514 returndepth--;
515
516 /* should check for delivery errors here */
517 return (0);
518 }
519 �/*
520 ** ERRBODY -- output the body of an error message.
521 **
522 ** Typically this is a copy of the transcript plus a copy of the
523 ** original offending message.
524 **
525 ** Parameters:
526 ** fp -- the output file.
527 ** m -- the mailer to output to.
528 ** e -- the envelope we are working in.
529 **
530 ** Returns:
531 ** none
532 **
533 ** Side Effects:
534 ** Outputs the body of an error message.
535 */
536
537 errbody(fp, m, e)
538 register FILE *fp;
539 register struct mailer *m;
540 register ENVELOPE *e;
541 {
542 register FILE *xfile;
543 char *p;
544 register ADDRESS *q;
545 bool printheader;
546 char buf[MAXLINE];
547
548 if (e->e_parent == NULL)
549 {
550 syserr("errbody: null parent");
551 putline(" ----- Original message lost -----\n", fp, m);
552 return;
553 }
554
555 /*
556 ** Output MIME header.
557 */
558
559 if (e->e_msgboundary != NULL)
560 {
561 putline("This is a MIME-encapsulated message", fp, m);
562 putline("", fp, m);
563 (void) sprintf(buf, "--%s", e->e_msgboundary);
564 putline(buf, fp, m);
565 putline("", fp, m);
566 }
567
568 /*
569 ** Output error message header (if specified and available).
570 */
571
572 if (ErrMsgFile != NULL)
573 {
574 if (*ErrMsgFile == '/')
575 {
576 xfile = fopen(ErrMsgFile, "r");
577 if (xfile != NULL)
578 {
579 while (fgets(buf, sizeof buf, xfile) != NULL)
580 {
581 expand(buf, buf, &buf[sizeof buf - 1], e);
582 putline(buf, fp, m);
583 }
584 (void) fclose(xfile);
585 putline("\n", fp, m);
586 }
587 }
588 else
589 {
590 expand(ErrMsgFile, buf, &buf[sizeof buf - 1], e);
591 putline(buf, fp, m);
592 putline("", fp, m);
593 }
594 }
595
596 /*
597 ** Output message introduction
598 */
599
600 printheader = TRUE;
601 for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next)
602 {
603 if (bitset(QBADADDR|QREPORT, q->q_flags))
604 {
605 if (printheader)
606 {
607 putline(" ----- The following addresses had delivery problems -----",
608 fp, m);
609 printheader = FALSE;
610 }
611 strcpy(buf, q->q_paddr);
612 if (bitset(QBADADDR, q->q_flags))
613 strcat(buf, " (unrecoverable error)");
614 else
615 strcat(buf, " (transient failure)");
616 putline(buf, fp, m);
617 if (q->q_alias != NULL)
618 {
619 strcpy(buf, " (expanded from: ");
620 strcat(buf, q->q_alias->q_paddr);
621 strcat(buf, ")");
622 putline(buf, fp, m);
623 }
624 }
625 }
626 if (!printheader)
627 putline("\n", fp, m);
628
629 /*
630 ** Output transcript of errors
631 */
632
633 (void) fflush(stdout);
634 p = queuename(e->e_parent, 'x');
635 if ((xfile = fopen(p, "r")) == NULL)
636 {
637 syserr("Cannot open %s", p);
638 putline(" ----- Transcript of session is unavailable -----\n", fp, m);
639 }
640 else
641 {
642 putline(" ----- Transcript of session follows -----\n", fp, m);
643 if (e->e_xfp != NULL)
644 (void) fflush(e->e_xfp);
645 while (fgets(buf, sizeof buf, xfile) != NULL)
646 putline(buf, fp, m);
647 (void) xfclose(xfile, "errbody xscript", p);
648 }
649 errno = 0;
650
651 /*
652 ** Output text of original message
653 */
654
655 if (NoReturn)
656 SendBody = FALSE;
657 putline("", fp, m);
658 if (e->e_parent->e_df != NULL)
659 {
660 if (SendBody)
661 putline(" ----- Unsent message follows -----\n", fp, m);
662 else
663 putline(" ----- Message header follows -----\n", fp, m);
664 (void) fflush(fp);
665
666 if (e->e_msgboundary != NULL)
667 {
668 putline("", fp, m);
669 (void) sprintf(buf, "--%s", e->e_msgboundary);
670 putline(buf, fp, m);
671 putline("Content-Type: message/rfc822", fp, m);
672 putline("", fp, m);
673 }
674 putheader(fp, m, e->e_parent);
675 putline("", fp, m);
676 if (SendBody)
677 putbody(fp, m, e->e_parent, e->e_msgboundary);
678 else
679 putline(" ----- Message body suppressed -----", fp, m);
680 }
681 else
682 {
683 putline(" ----- No message was collected -----\n", fp, m);
684 }
685
686 if (e->e_msgboundary != NULL)
687 {
688 putline("", fp, m);
689 (void) sprintf(buf, "--%s--", e->e_msgboundary);
690 putline(buf, fp, m);
691 }
692 putline("", fp, m);
693
694 /*
695 ** Cleanup and exit
696 */
697
698 if (errno != 0)
699 syserr("errbody: I/O error");
700 }
701 �/*
702 ** PRUNEROUTE -- prune an RFC-822 source route
703 **
704 ** Trims down a source route to the last internet-registered hop.
705 ** This is encouraged by RFC 1123 section 5.3.3.
706 **
707 ** Parameters:
708 ** addr -- the address
709 **
710 ** Returns:
711 ** TRUE -- address was modified
712 ** FALSE -- address could not be pruned
713 **
714 ** Side Effects:
715 ** modifies addr in-place
716 */
717
718 pruneroute(addr)
719 char *addr;
720 {
721 #ifdef NAMED_BIND
722 char *start, *at, *comma;
723 char c;
724 int rcode;
725 char hostbuf[BUFSIZ];
726 char *mxhosts[MAXMXHOSTS + 1];
727
728 /* check to see if this is really a route-addr */
729 if (*addr != '<' || addr[1] != '@' || addr[strlen(addr) - 1] != '>')
730 return FALSE;
731 start = strchr(addr, ':');
732 at = strrchr(addr, '@');
733 if (start == NULL || at == NULL || at < start)
734 return FALSE;
735
736 /* slice off the angle brackets */
737 strcpy(hostbuf, at + 1);
738 hostbuf[strlen(hostbuf) - 1] = '\0';
739
740 while (start)
741 {
742 if (getmxrr(hostbuf, mxhosts, FALSE, &rcode) > 0)
743 {
744 strcpy(addr + 1, start + 1);
745 return TRUE;
746 }
747 c = *start;
748 *start = '\0';
749 comma = strrchr(addr, ',');
750 if (comma && comma[1] == '@')
751 strcpy(hostbuf, comma + 2);
752 else
753 comma = 0;
754 *start = c;
755 start = comma;
756 }
757 #endif
758 return FALSE;
759 }
760