xref: /netbsd-src/external/ibm-public/postfix/dist/src/bounce/bounce_notify_service.c (revision 212397c69a103ae7e5eafa8731ddfae671d2dee7) 
1 /*	$NetBSD: bounce_notify_service.c,v 1.1.1.1 2009/06/23 10:08:42 tron Exp $	*/
2 
3 /*++
4 /* NAME
5 /*	bounce_notify_service 3
6 /* SUMMARY
7 /*	send non-delivery report to sender, server side
8 /* SYNOPSIS
9 /*	#include "bounce_service.h"
10 /*
11 /*	int     bounce_notify_service(flags, queue_name, queue_id, encoding,
12 /*					sender, dsn_envid, dsn_ret, templates)
13 /*	int	flags;
14 /*	char	*queue_name;
15 /*	char	*queue_id;
16 /*	char	*encoding;
17 /*	char	*sender;
18 /*	char	*dsn_envid;
19 /*	int	dsn_ret;
20 /*	BOUNCE_TEMPLATES *templates;
21 /* DESCRIPTION
22 /*	This module implements the server side of the bounce_flush()
23 /*	(send bounce message) request.
24 /*
25 /*	When a message bounces, a full copy is sent to the originator,
26 /*	and an optional copy of the diagnostics with message headers is
27 /*	sent to the postmaster.  The result is non-zero when the operation
28 /*	should be tried again. Otherwise, the logfile is removed.
29 /*
30 /*	When a bounce is sent, the sender address is the empty
31 /*	address.  When a bounce bounces, an optional double bounce
32 /*	with the entire undeliverable mail is sent to the postmaster,
33 /*	with as sender address the double bounce address.
34 /* DIAGNOSTICS
35 /*	Fatal error: error opening existing file.
36 /* BUGS
37 /* SEE ALSO
38 /*	bounce(3) basic bounce service client interface
39 /* LICENSE
40 /* .ad
41 /* .fi
42 /*	The Secure Mailer license must be distributed with this software.
43 /* AUTHOR(S)
44 /*	Wietse Venema
45 /*	IBM T.J. Watson Research
46 /*	P.O. Box 704
47 /*	Yorktown Heights, NY 10598, USA
48 /*--*/
49 
50 /* System library. */
51 
52 #include <sys_defs.h>
53 #include <fcntl.h>
54 #include <errno.h>
55 #include <string.h>
56 #include <ctype.h>
57 
58 #ifdef STRCASECMP_IN_STRINGS_H
59 #include <strings.h>
60 #endif
61 
62 /* Utility library. */
63 
64 #include <msg.h>
65 #include <vstream.h>
66 #include <name_mask.h>
67 
68 /* Global library. */
69 
70 #include <mail_params.h>
71 #include <mail_queue.h>
72 #include <post_mail.h>
73 #include <mail_addr.h>
74 #include <mail_error.h>
75 #include <bounce.h>
76 #include <dsn_mask.h>
77 
78 /* Application-specific. */
79 
80 #include "bounce_service.h"
81 
82 #define STR vstring_str
83 
84 /* bounce_notify_service - send a bounce */
85 
86 int     bounce_notify_service(int flags, char *service, char *queue_name,
87 			              char *queue_id, char *encoding,
88 			              char *recipient, char *dsn_envid,
89 			              int dsn_ret, BOUNCE_TEMPLATES *ts)
90 {
91     BOUNCE_INFO *bounce_info;
92     int     bounce_status = 1;
93     int     postmaster_status = 1;
94     VSTREAM *bounce;
95     int     notify_mask = name_mask(VAR_NOTIFY_CLASSES, mail_error_masks,
96 				    var_notify_classes);
97     VSTRING *new_id = vstring_alloc(10);
98     char   *postmaster;
99     int     count;
100 
101     /*
102      * Initialize. Open queue file, bounce log, etc.
103      *
104      * XXX DSN The bounce service produces RFC 3464-style "failed mail" reports
105      * from information in two following types of logfile:
106      *
107      * 1 - bounce: this file is used for RFC 3464-style reports of permanent
108      * delivery errors by the bounce(8) service. This reports to the sender
109      * all recipients that have no DSN NOTIFY information (compatibility) and
110      * all recipients that have DSN NOTIFY=FAILURE; this reports to
111      * postmaster all recipients, if postmaster notification is enabled.
112      *
113      * 2 - defer: this file is used for three types of report:
114      *
115      * 2a) RFC 3464-style "mail is too old" reports by the bounce(8) service.
116      * This reports to the sender all recipients that have no DSN NOTIFY
117      * information (compatibility) and all recipients that have DSN
118      * NOTIFY=FAILURE; this reports to postmaster all recipients, if
119      * postmaster notification is enabled.
120      *
121      * Other reports that other servers produce from the defer logfile:
122      *
123      * 2b) On-demand reports of all delayed deliveries by the showq(8) service
124      * and mailq(1) command. This reports all recipients that have a
125      * transient delivery error.
126      *
127      * 2c) RFC 3464-style "delayed mail" notifications by the defer(8) service.
128      * This reports to the sender all recipients that have no DSN NOTIFY
129      * information (compatibility) and all recipients that have DSN
130      * NOTIFY=DELAY; this reports to postmaster all recipients, if postmaster
131      * notification is enabled.
132      */
133     bounce_info = bounce_mail_init(service, queue_name, queue_id,
134 				   encoding, dsn_envid, ts->failure);
135 
136 #define NULL_SENDER		MAIL_ADDR_EMPTY	/* special address */
137 #define NULL_TRACE_FLAGS	0
138 
139     /*
140      * The choice of sender address depends on the recipient address. For a
141      * single bounce (a non-delivery notification to the message originator),
142      * the sender address is the empty string. For a double bounce (typically
143      * a failed single bounce, or a postmaster notification that was produced
144      * by any of the mail processes) the sender address is defined by the
145      * var_double_bounce_sender configuration variable. When a double bounce
146      * cannot be delivered, the queue manager blackholes the resulting triple
147      * bounce message.
148      */
149 
150     /*
151      * Double bounce failed. Never send a triple bounce.
152      *
153      * However, this does not prevent double bounces from bouncing on other
154      * systems. In order to cope with this, either the queue manager must
155      * recognize the double-bounce recipient address and discard mail, or
156      * every delivery agent must recognize the double-bounce sender address
157      * and substitute something else so mail does not come back at us.
158      */
159     if (strcasecmp(recipient, mail_addr_double_bounce()) == 0) {
160 	msg_warn("%s: undeliverable postmaster notification discarded",
161 		 queue_id);
162 	bounce_status = 0;
163     }
164 
165     /*
166      * Single bounce failed. Optionally send a double bounce to postmaster,
167      * subject to notify_classes restrictions.
168      */
169 #define ANY_BOUNCE (MAIL_ERROR_2BOUNCE | MAIL_ERROR_BOUNCE)
170 #define SEND_POSTMASTER_ANY_BOUNCE_NOTICE (notify_mask & ANY_BOUNCE)
171 
172     else if (*recipient == 0) {
173 	if (!SEND_POSTMASTER_ANY_BOUNCE_NOTICE) {
174 	    bounce_status = 0;
175 	} else {
176 	    postmaster = var_2bounce_rcpt;
177 	    if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
178 						 postmaster,
179 						 INT_FILT_MASK_BOUNCE,
180 						 NULL_TRACE_FLAGS,
181 						 new_id)) != 0) {
182 
183 		/*
184 		 * Double bounce to Postmaster. This is the last opportunity
185 		 * for this message to be delivered. Send the text with
186 		 * reason for the bounce, and the headers of the original
187 		 * message. Don't bother sending the boiler-plate text.
188 		 */
189 		count = -1;
190 		if (bounce_header(bounce, bounce_info, postmaster,
191 				  POSTMASTER_COPY) == 0
192 		    && (count = bounce_diagnostic_log(bounce, bounce_info,
193 						   DSN_NOTIFY_OVERRIDE)) > 0
194 		    && bounce_header_dsn(bounce, bounce_info) == 0
195 		    && bounce_diagnostic_dsn(bounce, bounce_info,
196 					     DSN_NOTIFY_OVERRIDE) > 0) {
197 		    bounce_original(bounce, bounce_info, DSN_RET_FULL);
198 		    bounce_status = post_mail_fclose(bounce);
199 		    if (bounce_status == 0)
200 			msg_info("%s: postmaster non-delivery notification: %s",
201 				 queue_id, STR(new_id));
202 		} else {
203 		    /* No applicable recipients found - cancel this notice. */
204 		    (void) vstream_fclose(bounce);
205 		    if (count == 0)
206 			bounce_status = 0;
207 		}
208 	    }
209 	}
210     }
211 
212     /*
213      * Non-bounce failed. Send a single bounce to the sender, subject to DSN
214      * NOTIFY restrictions.
215      */
216     else {
217 	if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient,
218 					     INT_FILT_MASK_BOUNCE,
219 					     NULL_TRACE_FLAGS,
220 					     new_id)) != 0) {
221 
222 	    /*
223 	     * Send the bounce message header, some boilerplate text that
224 	     * pretends that we are a polite mail system, the text with
225 	     * reason for the bounce, and a copy of the original message.
226 	     */
227 	    count = -1;
228 	    if (bounce_header(bounce, bounce_info, recipient,
229 			      NO_POSTMASTER_COPY) == 0
230 		&& bounce_boilerplate(bounce, bounce_info) == 0
231 		&& (count = bounce_diagnostic_log(bounce, bounce_info,
232 						  DSN_NOTIFY_FAILURE)) > 0
233 		&& bounce_header_dsn(bounce, bounce_info) == 0
234 		&& bounce_diagnostic_dsn(bounce, bounce_info,
235 					 DSN_NOTIFY_FAILURE) > 0) {
236 		bounce_original(bounce, bounce_info, dsn_ret ?
237 				dsn_ret : DSN_RET_FULL);
238 		bounce_status = post_mail_fclose(bounce);
239 		if (bounce_status == 0)
240 		    msg_info("%s: sender non-delivery notification: %s",
241 			     queue_id, STR(new_id));
242 	    } else {
243 		/* No applicable recipients found - cancel this notice. */
244 		(void) vstream_fclose(bounce);
245 		if (count == 0)
246 		    bounce_status = 0;
247 	    }
248 	}
249 
250 	/*
251 	 * Optionally, send a postmaster notice, subject to notify_classes
252 	 * restrictions.
253 	 *
254 	 * This postmaster notice is not critical, so if it fails don't
255 	 * retransmit the bounce that we just generated, just log a warning.
256 	 */
257 #define SEND_POSTMASTER_SINGLE_BOUNCE_NOTICE (notify_mask & MAIL_ERROR_BOUNCE)
258 
259 	if (bounce_status == 0 && SEND_POSTMASTER_SINGLE_BOUNCE_NOTICE
260 	    && strcasecmp(recipient, mail_addr_double_bounce()) != 0) {
261 
262 	    /*
263 	     * Send the text with reason for the bounce, and the headers of
264 	     * the original message. Don't bother sending the boiler-plate
265 	     * text. This postmaster notice is not critical, so if it fails
266 	     * don't retransmit the bounce that we just generated, just log a
267 	     * warning.
268 	     */
269 	    postmaster = var_bounce_rcpt;
270 	    if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
271 						 postmaster,
272 						 INT_FILT_MASK_BOUNCE,
273 						 NULL_TRACE_FLAGS,
274 						 new_id)) != 0) {
275 		count = -1;
276 		if (bounce_header(bounce, bounce_info, postmaster,
277 				  POSTMASTER_COPY) == 0
278 		    && (count = bounce_diagnostic_log(bounce, bounce_info,
279 						   DSN_NOTIFY_OVERRIDE)) > 0
280 		    && bounce_header_dsn(bounce, bounce_info) == 0
281 		    && bounce_diagnostic_dsn(bounce, bounce_info,
282 					     DSN_NOTIFY_OVERRIDE) > 0) {
283 		    bounce_original(bounce, bounce_info, DSN_RET_HDRS);
284 		    postmaster_status = post_mail_fclose(bounce);
285 		    if (postmaster_status == 0)
286 			msg_info("%s: postmaster non-delivery notification: %s",
287 				 queue_id, STR(new_id));
288 		} else {
289 		    /* No applicable recipients found - cancel this notice. */
290 		    (void) vstream_fclose(bounce);
291 		    if (count == 0)
292 			postmaster_status = 0;
293 		}
294 	    }
295 	    if (postmaster_status)
296 		msg_warn("%s: postmaster notice failed while bouncing to %s",
297 			 queue_id, recipient);
298 	}
299     }
300 
301     /*
302      * Optionally, delete the recipients from the queue file.
303      */
304     if (bounce_status == 0 && (flags & BOUNCE_FLAG_DELRCPT))
305 	bounce_delrcpt(bounce_info);
306 
307     /*
308      * Examine the completion status. Delete the bounce log file only when
309      * the bounce was posted successfully, and only if we are bouncing for
310      * real, not just warning.
311      */
312     if (bounce_status == 0 && mail_queue_remove(service, queue_id)
313 	&& errno != ENOENT)
314 	msg_fatal("remove %s %s: %m", service, queue_id);
315 
316     /*
317      * Cleanup.
318      */
319     bounce_mail_free(bounce_info);
320     vstring_free(new_id);
321 
322     return (bounce_status);
323 }
324