1 /*
2 * Copyright (c) 1983 Eric P. Allman
3 * Copyright (c) 1988, 1993
4 * The Regents of the University of California. All rights reserved.
5 *
6 * %sccs.include.redist.c%
7 */
8
9 #ifndef lint
10 static char sccsid[] = "@(#)savemail.c 8.21 (Berkeley) 12/10/93";
11 #endif /* not lint */
12
13 # include "sendmail.h"
14 # include <pwd.h>
15
16 /*
17 ** SAVEMAIL -- Save mail on error
18 **
19 ** If mailing back errors, mail it back to the originator
20 ** together with an error message; otherwise, just put it in
21 ** dead.letter in the user's home directory (if he exists on
22 ** this machine).
23 **
24 ** Parameters:
25 ** e -- the envelope containing the message in error.
26 **
27 ** Returns:
28 ** none
29 **
30 ** Side Effects:
31 ** Saves the letter, by writing or mailing it back to the
32 ** sender, or by putting it in dead.letter in her home
33 ** directory.
34 */
35
36 /* defines for state machine */
37 # define ESM_REPORT 0 /* report to sender's terminal */
38 # define ESM_MAIL 1 /* mail back to sender */
39 # define ESM_QUIET 2 /* messages have already been returned */
40 # define ESM_DEADLETTER 3 /* save in ~/dead.letter */
41 # define ESM_POSTMASTER 4 /* return to postmaster */
42 # define ESM_USRTMP 5 /* save in /usr/tmp/dead.letter */
43 # define ESM_PANIC 6 /* leave the locked queue/transcript files */
44 # define ESM_DONE 7 /* the message is successfully delivered */
45
46
47 savemail(e)
48 register ENVELOPE *e;
49 {
50 register struct passwd *pw;
51 register FILE *fp;
52 int state;
53 auto ADDRESS *q = NULL;
54 char buf[MAXLINE+1];
55 extern struct passwd *getpwnam();
56 register char *p;
57 extern char *ttypath();
58 typedef int (*fnptr)();
59 extern bool writable();
60
61 if (tTd(6, 1))
62 {
63 printf("\nsavemail, errormode = %c, id = %s\n e_from=",
64 e->e_errormode, e->e_id == NULL ? "NONE" : e->e_id);
65 printaddr(&e->e_from, FALSE);
66 }
67
68 if (e->e_id == NULL)
69 {
70 /* can't return a message with no id */
71 return;
72 }
73
74 /*
75 ** In the unhappy event we don't know who to return the mail
76 ** to, make someone up.
77 */
78
79 if (e->e_from.q_paddr == NULL)
80 {
81 e->e_sender = "Postmaster";
82 if (parseaddr(e->e_sender, &e->e_from,
83 RF_COPYPARSE|RF_SENDERADDR, '\0', NULL, e) == NULL)
84 {
85 syserr("553 Cannot parse Postmaster!");
86 ExitStat = EX_SOFTWARE;
87 finis();
88 }
89 }
90 e->e_to = NULL;
91
92 /*
93 ** Basic state machine.
94 **
95 ** This machine runs through the following states:
96 **
97 ** ESM_QUIET Errors have already been printed iff the
98 ** sender is local.
99 ** ESM_REPORT Report directly to the sender's terminal.
100 ** ESM_MAIL Mail response to the sender.
101 ** ESM_DEADLETTER Save response in ~/dead.letter.
102 ** ESM_POSTMASTER Mail response to the postmaster.
103 ** ESM_PANIC Save response anywhere possible.
104 */
105
106 /* determine starting state */
107 switch (e->e_errormode)
108 {
109 case EM_WRITE:
110 state = ESM_REPORT;
111 break;
112
113 case EM_BERKNET:
114 /* mail back, but return o.k. exit status */
115 ExitStat = EX_OK;
116
117 /* fall through.... */
118
119 case EM_MAIL:
120 state = ESM_MAIL;
121 break;
122
123 case EM_PRINT:
124 case '\0':
125 state = ESM_QUIET;
126 break;
127
128 case EM_QUIET:
129 /* no need to return anything at all */
130 return;
131
132 default:
133 syserr("554 savemail: bogus errormode x%x\n", e->e_errormode);
134 state = ESM_MAIL;
135 break;
136 }
137
138 /* if this is already an error response, send to postmaster */
139 if (bitset(EF_RESPONSE, e->e_flags))
140 {
141 if (e->e_parent != NULL &&
142 bitset(EF_RESPONSE, e->e_parent->e_flags))
143 {
144 /* got an error sending a response -- can it */
145 return;
146 }
147 state = ESM_POSTMASTER;
148 }
149
150 while (state != ESM_DONE)
151 {
152 if (tTd(6, 5))
153 printf(" state %d\n", state);
154
155 switch (state)
156 {
157 case ESM_QUIET:
158 if (e->e_from.q_mailer == LocalMailer)
159 state = ESM_DEADLETTER;
160 else
161 state = ESM_MAIL;
162 break;
163
164 case ESM_REPORT:
165
166 /*
167 ** If the user is still logged in on the same terminal,
168 ** then write the error messages back to hir (sic).
169 */
170
171 p = ttypath();
172 if (p == NULL || freopen(p, "w", stdout) == NULL)
173 {
174 state = ESM_MAIL;
175 break;
176 }
177
178 expand("\201n", buf, &buf[sizeof buf - 1], e);
179 printf("\r\nMessage from %s...\r\n", buf);
180 printf("Errors occurred while sending mail.\r\n");
181 if (e->e_xfp != NULL)
182 {
183 (void) fflush(e->e_xfp);
184 fp = fopen(queuename(e, 'x'), "r");
185 }
186 else
187 fp = NULL;
188 if (fp == NULL)
189 {
190 syserr("Cannot open %s", queuename(e, 'x'));
191 printf("Transcript of session is unavailable.\r\n");
192 }
193 else
194 {
195 printf("Transcript follows:\r\n");
196 while (fgets(buf, sizeof buf, fp) != NULL &&
197 !ferror(stdout))
198 fputs(buf, stdout);
199 (void) xfclose(fp, "savemail transcript", e->e_id);
200 }
201 printf("Original message will be saved in dead.letter.\r\n");
202 state = ESM_DEADLETTER;
203 break;
204
205 case ESM_MAIL:
206 /*
207 ** If mailing back, do it.
208 ** Throw away all further output. Don't alias,
209 ** since this could cause loops, e.g., if joe
210 ** mails to joe@x, and for some reason the network
211 ** for @x is down, then the response gets sent to
212 ** joe@x, which gives a response, etc. Also force
213 ** the mail to be delivered even if a version of
214 ** it has already been sent to the sender.
215 **
216 ** If this is a configuration or local software
217 ** error, send to the local postmaster as well,
218 ** since the originator can't do anything
219 ** about it anyway. Note that this is a full
220 ** copy of the message (intentionally) so that
221 ** the Postmaster can forward things along.
222 */
223
224 if (ExitStat == EX_CONFIG || ExitStat == EX_SOFTWARE)
225 {
226 (void) sendtolist("postmaster",
227 NULLADDR, &e->e_errorqueue, e);
228 }
229 if (strcmp(e->e_from.q_paddr, "<>") != 0)
230 {
231 (void) sendtolist(e->e_from.q_paddr,
232 NULLADDR, &e->e_errorqueue, e);
233 }
234
235 /*
236 ** Deliver a non-delivery report to the
237 ** Postmaster-designate (not necessarily
238 ** Postmaster). This does not include the
239 ** body of the message, for privacy reasons.
240 ** You really shouldn't need this.
241 */
242
243 e->e_flags |= EF_PM_NOTIFY;
244
245 /* check to see if there are any good addresses */
246 for (q = e->e_errorqueue; q != NULL; q = q->q_next)
247 if (!bitset(QBADADDR|QDONTSEND, q->q_flags))
248 break;
249 if (q == NULL)
250 {
251 /* this is an error-error */
252 state = ESM_POSTMASTER;
253 break;
254 }
255 if (returntosender(e->e_message,
256 q, (e->e_class >= 0), e) == 0)
257 {
258 state = ESM_DONE;
259 break;
260 }
261
262 /* didn't work -- return to postmaster */
263 state = ESM_POSTMASTER;
264 break;
265
266 case ESM_POSTMASTER:
267 /*
268 ** Similar to previous case, but to system postmaster.
269 */
270
271 q = NULL;
272 if (sendtolist("postmaster", NULL, &q, e) <= 0)
273 {
274 syserr("553 cannot parse postmaster!");
275 ExitStat = EX_SOFTWARE;
276 state = ESM_USRTMP;
277 break;
278 }
279 if (returntosender(e->e_message,
280 q, (e->e_class >= 0), e) == 0)
281 {
282 state = ESM_DONE;
283 break;
284 }
285
286 /* didn't work -- last resort */
287 state = ESM_USRTMP;
288 break;
289
290 case ESM_DEADLETTER:
291 /*
292 ** Save the message in dead.letter.
293 ** If we weren't mailing back, and the user is
294 ** local, we should save the message in
295 ** ~/dead.letter so that the poor person doesn't
296 ** have to type it over again -- and we all know
297 ** what poor typists UNIX users are.
298 */
299
300 p = NULL;
301 if (e->e_from.q_mailer == LocalMailer)
302 {
303 if (e->e_from.q_home != NULL)
304 p = e->e_from.q_home;
305 else if ((pw = getpwnam(e->e_from.q_user)) != NULL)
306 p = pw->pw_dir;
307 }
308 if (p == NULL)
309 {
310 /* no local directory */
311 state = ESM_MAIL;
312 break;
313 }
314 if (e->e_dfp != NULL)
315 {
316 bool oldverb = Verbose;
317
318 /* we have a home directory; open dead.letter */
319 define('z', p, e);
320 expand("\201z/dead.letter", buf, &buf[sizeof buf - 1], e);
321 Verbose = TRUE;
322 message("Saving message in %s", buf);
323 Verbose = oldverb;
324 e->e_to = buf;
325 q = NULL;
326 (void) sendtolist(buf, &e->e_from, &q, e);
327 if (q != NULL &&
328 !bitset(QBADADDR, q->q_flags) &&
329 deliver(e, q) == 0)
330 state = ESM_DONE;
331 else
332 state = ESM_MAIL;
333 }
334 else
335 {
336 /* no data file -- try mailing back */
337 state = ESM_MAIL;
338 }
339 break;
340
341 case ESM_USRTMP:
342 /*
343 ** Log the mail in /usr/tmp/dead.letter.
344 */
345
346 if (e->e_class < 0)
347 {
348 state = ESM_DONE;
349 break;
350 }
351
352 strcpy(buf, "/usr/tmp/dead.letter");
353 if (!writable(buf))
354 {
355 state = ESM_PANIC;
356 break;
357 }
358 fp = dfopen(buf, O_WRONLY|O_CREAT|O_APPEND, FileMode);
359 if (fp == NULL)
360 {
361 state = ESM_PANIC;
362 break;
363 }
364
365 putfromline(fp, FileMailer, e);
366 (*e->e_puthdr)(fp, FileMailer, e);
367 putline("\n", fp, FileMailer);
368 (*e->e_putbody)(fp, FileMailer, e, NULL);
369 putline("\n", fp, FileMailer);
370 (void) fflush(fp);
371 state = ferror(fp) ? ESM_PANIC : ESM_DONE;
372 (void) xfclose(fp, "savemail", "/usr/tmp/dead.letter");
373 break;
374
375 default:
376 syserr("554 savemail: unknown state %d", state);
377
378 /* fall through ... */
379
380 case ESM_PANIC:
381 /* leave the locked queue & transcript files around */
382 syserr("!554 savemail: cannot save rejected email anywhere");
383 }
384 }
385 }
386 �/*
387 ** RETURNTOSENDER -- return a message to the sender with an error.
388 **
389 ** Parameters:
390 ** msg -- the explanatory message.
391 ** returnq -- the queue of people to send the message to.
392 ** sendbody -- if TRUE, also send back the body of the
393 ** message; otherwise just send the header.
394 ** e -- the current envelope.
395 **
396 ** Returns:
397 ** zero -- if everything went ok.
398 ** else -- some error.
399 **
400 ** Side Effects:
401 ** Returns the current message to the sender via
402 ** mail.
403 */
404
405 static bool SendBody;
406
407 #define MAXRETURNS 6 /* max depth of returning messages */
408 #define ERRORFUDGE 100 /* nominal size of error message text */
409
410 returntosender(msg, returnq, sendbody, e)
411 char *msg;
412 ADDRESS *returnq;
413 bool sendbody;
414 register ENVELOPE *e;
415 {
416 char buf[MAXNAME];
417 extern putheader(), errbody();
418 register ENVELOPE *ee;
419 ENVELOPE *oldcur = CurEnv;
420 ENVELOPE errenvelope;
421 static int returndepth;
422 register ADDRESS *q;
423
424 if (returnq == NULL)
425 return (-1);
426
427 if (msg == NULL)
428 msg = "Unable to deliver mail";
429
430 if (tTd(6, 1))
431 {
432 printf("Return To Sender: msg=\"%s\", depth=%d, e=%x, returnq=",
433 msg, returndepth, e);
434 printaddr(returnq, TRUE);
435 }
436
437 if (++returndepth >= MAXRETURNS)
438 {
439 if (returndepth != MAXRETURNS)
440 syserr("554 returntosender: infinite recursion on %s", returnq->q_paddr);
441 /* don't "unrecurse" and fake a clean exit */
442 /* returndepth--; */
443 return (0);
444 }
445
446 SendBody = sendbody;
447 define('g', e->e_from.q_paddr, e);
448 define('u', NULL, e);
449 ee = newenvelope(&errenvelope, e);
450 define('a', "\201b", ee);
451 define('r', "internal", ee);
452 define('s', "localhost", ee);
453 define('_', "localhost", ee);
454 ee->e_puthdr = putheader;
455 ee->e_putbody = errbody;
456 ee->e_flags |= EF_RESPONSE|EF_METOO;
457 if (!bitset(EF_OLDSTYLE, e->e_flags))
458 ee->e_flags &= ~EF_OLDSTYLE;
459 ee->e_sendqueue = returnq;
460 ee->e_msgsize = ERRORFUDGE;
461 if (!NoReturn)
462 ee->e_msgsize += e->e_msgsize;
463 initsys(ee);
464 for (q = returnq; q != NULL; q = q->q_next)
465 {
466 if (bitset(QBADADDR, q->q_flags))
467 continue;
468
469 if (!bitset(QDONTSEND, q->q_flags))
470 ee->e_nrcpts++;
471
472 if (!DontPruneRoutes && pruneroute(q->q_paddr))
473 parseaddr(q->q_paddr, q, RF_COPYPARSE, '\0', NULL, e);
474
475 if (q->q_alias == NULL)
476 addheader("To", q->q_paddr, ee);
477 }
478
479 # ifdef LOG
480 if (LogLevel > 5)
481 syslog(LOG_INFO, "%s: %s: return to sender: %s",
482 e->e_id, ee->e_id, msg);
483 # endif
484
485 (void) sprintf(buf, "Returned mail: %s", msg);
486 addheader("Subject", buf, ee);
487 if (SendMIMEErrors)
488 {
489 addheader("MIME-Version", "1.0", ee);
490 (void) sprintf(buf, "%s.%ld/%s",
491 ee->e_id, curtime(), MyHostName);
492 ee->e_msgboundary = newstr(buf);
493 (void) sprintf(buf, "multipart/mixed; boundary=\"%s\"",
494 ee->e_msgboundary);
495 addheader("Content-Type", buf, ee);
496 }
497
498 /* fake up an address header for the from person */
499 expand("\201n", buf, &buf[sizeof buf - 1], e);
500 if (parseaddr(buf, &ee->e_from, RF_COPYALL|RF_SENDERADDR, '\0', NULL, e) == NULL)
501 {
502 syserr("553 Can't parse myself!");
503 ExitStat = EX_SOFTWARE;
504 returndepth--;
505 return (-1);
506 }
507 ee->e_sender = ee->e_from.q_paddr;
508
509 /* push state into submessage */
510 CurEnv = ee;
511 define('f', "\201n", ee);
512 define('x', "Mail Delivery Subsystem", ee);
513 eatheader(ee, TRUE);
514
515 /* mark statistics */
516 markstats(ee, NULLADDR);
517
518 /* actually deliver the error message */
519 sendall(ee, SM_DEFAULT);
520
521 /* restore state */
522 dropenvelope(ee);
523 CurEnv = oldcur;
524 returndepth--;
525
526 /* should check for delivery errors here */
527 return (0);
528 }
529 �/*
530 ** ERRBODY -- output the body of an error message.
531 **
532 ** Typically this is a copy of the transcript plus a copy of the
533 ** original offending message.
534 **
535 ** Parameters:
536 ** fp -- the output file.
537 ** m -- the mailer to output to.
538 ** e -- the envelope we are working in.
539 **
540 ** Returns:
541 ** none
542 **
543 ** Side Effects:
544 ** Outputs the body of an error message.
545 */
546
547 errbody(fp, m, e)
548 register FILE *fp;
549 register struct mailer *m;
550 register ENVELOPE *e;
551 {
552 register FILE *xfile;
553 char *p;
554 register ADDRESS *q;
555 bool printheader;
556 char buf[MAXLINE];
557
558 if (e->e_parent == NULL)
559 {
560 syserr("errbody: null parent");
561 putline(" ----- Original message lost -----\n", fp, m);
562 return;
563 }
564
565 /*
566 ** Output MIME header.
567 */
568
569 if (e->e_msgboundary != NULL)
570 {
571 putline("This is a MIME-encapsulated message", fp, m);
572 putline("", fp, m);
573 (void) sprintf(buf, "--%s", e->e_msgboundary);
574 putline(buf, fp, m);
575 putline("", fp, m);
576 }
577
578 /*
579 ** Output introductory information.
580 */
581
582 for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next)
583 if (bitset(QBADADDR, q->q_flags))
584 break;
585 if (q == NULL &&
586 !bitset(EF_FATALERRS|EF_SENDRECEIPT, e->e_parent->e_flags))
587 {
588 putline(" **********************************************",
589 fp, m);
590 putline(" ** THIS IS A WARNING MESSAGE ONLY **",
591 fp, m);
592 putline(" ** YOU DO NOT NEED TO RESEND YOUR MESSAGE **",
593 fp, m);
594 putline(" **********************************************",
595 fp, m);
596 putline("", fp, m);
597 }
598 sprintf(buf, "The original message was received at %s",
599 arpadate(ctime(&e->e_parent->e_ctime)));
600 putline(buf, fp, m);
601 expand("from \201_", buf, &buf[sizeof buf - 1], e->e_parent);
602 putline(buf, fp, m);
603 putline("", fp, m);
604
605 /*
606 ** Output error message header (if specified and available).
607 */
608
609 if (ErrMsgFile != NULL)
610 {
611 if (*ErrMsgFile == '/')
612 {
613 xfile = fopen(ErrMsgFile, "r");
614 if (xfile != NULL)
615 {
616 while (fgets(buf, sizeof buf, xfile) != NULL)
617 {
618 expand(buf, buf, &buf[sizeof buf - 1], e);
619 putline(buf, fp, m);
620 }
621 (void) fclose(xfile);
622 putline("\n", fp, m);
623 }
624 }
625 else
626 {
627 expand(ErrMsgFile, buf, &buf[sizeof buf - 1], e);
628 putline(buf, fp, m);
629 putline("", fp, m);
630 }
631 }
632
633 /*
634 ** Output message introduction
635 */
636
637 printheader = TRUE;
638 for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next)
639 {
640 if (bitset(QBADADDR|QREPORT, q->q_flags))
641 {
642 if (printheader)
643 {
644 putline(" ----- The following addresses had delivery problems -----",
645 fp, m);
646 printheader = FALSE;
647 }
648 strcpy(buf, q->q_paddr);
649 if (bitset(QBADADDR, q->q_flags))
650 strcat(buf, " (unrecoverable error)");
651 else
652 strcat(buf, " (transient failure)");
653 putline(buf, fp, m);
654 if (q->q_alias != NULL)
655 {
656 strcpy(buf, " (expanded from: ");
657 strcat(buf, q->q_alias->q_paddr);
658 strcat(buf, ")");
659 putline(buf, fp, m);
660 }
661 }
662 }
663 if (!printheader)
664 putline("\n", fp, m);
665
666 /*
667 ** Output transcript of errors
668 */
669
670 (void) fflush(stdout);
671 p = queuename(e->e_parent, 'x');
672 if ((xfile = fopen(p, "r")) == NULL)
673 {
674 syserr("Cannot open %s", p);
675 putline(" ----- Transcript of session is unavailable -----\n", fp, m);
676 }
677 else
678 {
679 putline(" ----- Transcript of session follows -----\n", fp, m);
680 if (e->e_xfp != NULL)
681 (void) fflush(e->e_xfp);
682 while (fgets(buf, sizeof buf, xfile) != NULL)
683 putline(buf, fp, m);
684 (void) xfclose(xfile, "errbody xscript", p);
685 }
686 errno = 0;
687
688 /*
689 ** Output text of original message
690 */
691
692 if (NoReturn)
693 SendBody = FALSE;
694 putline("", fp, m);
695 if (e->e_parent->e_df != NULL)
696 {
697 if (SendBody)
698 putline(" ----- Original message follows -----\n", fp, m);
699 else
700 putline(" ----- Message header follows -----\n", fp, m);
701 (void) fflush(fp);
702
703 if (e->e_msgboundary != NULL)
704 {
705 putline("", fp, m);
706 (void) sprintf(buf, "--%s", e->e_msgboundary);
707 putline(buf, fp, m);
708 putline("Content-Type: message/rfc822", fp, m);
709 putline("", fp, m);
710 }
711 putheader(fp, m, e->e_parent);
712 putline("", fp, m);
713 if (SendBody)
714 putbody(fp, m, e->e_parent, e->e_msgboundary);
715 else
716 putline(" ----- Message body suppressed -----", fp, m);
717 }
718 else
719 {
720 putline(" ----- No message was collected -----\n", fp, m);
721 }
722
723 if (e->e_msgboundary != NULL)
724 {
725 putline("", fp, m);
726 (void) sprintf(buf, "--%s--", e->e_msgboundary);
727 putline(buf, fp, m);
728 }
729 putline("", fp, m);
730
731 /*
732 ** Cleanup and exit
733 */
734
735 if (errno != 0)
736 syserr("errbody: I/O error");
737 }
738 �/*
739 ** PRUNEROUTE -- prune an RFC-822 source route
740 **
741 ** Trims down a source route to the last internet-registered hop.
742 ** This is encouraged by RFC 1123 section 5.3.3.
743 **
744 ** Parameters:
745 ** addr -- the address
746 **
747 ** Returns:
748 ** TRUE -- address was modified
749 ** FALSE -- address could not be pruned
750 **
751 ** Side Effects:
752 ** modifies addr in-place
753 */
754
755 pruneroute(addr)
756 char *addr;
757 {
758 #ifdef NAMED_BIND
759 char *start, *at, *comma;
760 char c;
761 int rcode;
762 char hostbuf[BUFSIZ];
763 char *mxhosts[MAXMXHOSTS + 1];
764
765 /* check to see if this is really a route-addr */
766 if (*addr != '<' || addr[1] != '@' || addr[strlen(addr) - 1] != '>')
767 return FALSE;
768 start = strchr(addr, ':');
769 at = strrchr(addr, '@');
770 if (start == NULL || at == NULL || at < start)
771 return FALSE;
772
773 /* slice off the angle brackets */
774 strcpy(hostbuf, at + 1);
775 hostbuf[strlen(hostbuf) - 1] = '\0';
776
777 while (start)
778 {
779 if (getmxrr(hostbuf, mxhosts, FALSE, &rcode) > 0)
780 {
781 strcpy(addr + 1, start + 1);
782 return TRUE;
783 }
784 c = *start;
785 *start = '\0';
786 comma = strrchr(addr, ',');
787 if (comma && comma[1] == '@')
788 strcpy(hostbuf, comma + 2);
789 else
790 comma = 0;
791 *start = c;
792 start = comma;
793 }
794 #endif
795 return FALSE;
796 }
797