1 /* $NetBSD: bounce_notify_service.c,v 1.2 2017/02/14 01:16:44 christos Exp $ */ 2 3 /*++ 4 /* NAME 5 /* bounce_notify_service 3 6 /* SUMMARY 7 /* send non-delivery report to sender, server side 8 /* SYNOPSIS 9 /* #include "bounce_service.h" 10 /* 11 /* int bounce_notify_service(flags, service, queue_name, queue_id, 12 /* encoding, smtputf8, sender, dsn_envid, 13 /* dsn_ret, templates) 14 /* int flags; 15 /* char *service; 16 /* char *queue_name; 17 /* char *queue_id; 18 /* char *encoding; 19 /* int smtputf8; 20 /* char *sender; 21 /* char *dsn_envid; 22 /* int dsn_ret; 23 /* BOUNCE_TEMPLATES *templates; 24 /* DESCRIPTION 25 /* This module implements the server side of the bounce_flush() 26 /* (send bounce message) request. 27 /* 28 /* When a message bounces, a full copy is sent to the originator, 29 /* and an optional copy of the diagnostics with message headers is 30 /* sent to the postmaster. The result is non-zero when the operation 31 /* should be tried again. Otherwise, the logfile is removed. 32 /* 33 /* When a bounce is sent, the sender address is the empty 34 /* address. When a bounce bounces, an optional double bounce 35 /* with the entire undeliverable mail is sent to the postmaster, 36 /* with as sender address the double bounce address. 37 /* DIAGNOSTICS 38 /* Fatal error: error opening existing file. 39 /* BUGS 40 /* SEE ALSO 41 /* bounce(3) basic bounce service client interface 42 /* LICENSE 43 /* .ad 44 /* .fi 45 /* The Secure Mailer license must be distributed with this software. 46 /* AUTHOR(S) 47 /* Wietse Venema 48 /* IBM T.J. Watson Research 49 /* P.O. Box 704 50 /* Yorktown Heights, NY 10598, USA 51 /*--*/ 52 53 /* System library. */ 54 55 #include <sys_defs.h> 56 #include <fcntl.h> 57 #include <errno.h> 58 #include <string.h> 59 #include <ctype.h> 60 61 /* Utility library. */ 62 63 #include <msg.h> 64 #include <vstream.h> 65 #include <name_mask.h> 66 #include <stringops.h> 67 68 /* Global library. */ 69 70 #include <mail_params.h> 71 #include <mail_queue.h> 72 #include <post_mail.h> 73 #include <mail_addr.h> 74 #include <mail_error.h> 75 #include <bounce.h> 76 #include <dsn_mask.h> 77 #include <rec_type.h> 78 79 /* Application-specific. */ 80 81 #include "bounce_service.h" 82 83 #define STR vstring_str 84 85 /* bounce_notify_service - send a bounce */ 86 87 int bounce_notify_service(int flags, char *service, char *queue_name, 88 char *queue_id, char *encoding, 89 int smtputf8, char *recipient, 90 char *dsn_envid, int dsn_ret, 91 BOUNCE_TEMPLATES *ts) 92 { 93 BOUNCE_INFO *bounce_info; 94 int bounce_status = 1; 95 int postmaster_status = 1; 96 VSTREAM *bounce; 97 int notify_mask = name_mask(VAR_NOTIFY_CLASSES, mail_error_masks, 98 var_notify_classes); 99 VSTRING *new_id = vstring_alloc(10); 100 char *postmaster; 101 int count; 102 103 /* 104 * Initialize. Open queue file, bounce log, etc. 105 * 106 * XXX DSN The bounce service produces RFC 3464-style "failed mail" reports 107 * from information in two following types of logfile: 108 * 109 * 1 - bounce: this file is used for RFC 3464-style reports of permanent 110 * delivery errors by the bounce(8) service. This reports to the sender 111 * all recipients that have no DSN NOTIFY information (compatibility) and 112 * all recipients that have DSN NOTIFY=FAILURE; this reports to 113 * postmaster all recipients, if postmaster notification is enabled. 114 * 115 * 2 - defer: this file is used for three types of report: 116 * 117 * 2a) RFC 3464-style "mail is too old" reports by the bounce(8) service. 118 * This reports to the sender all recipients that have no DSN NOTIFY 119 * information (compatibility) and all recipients that have DSN 120 * NOTIFY=FAILURE; this reports to postmaster all recipients, if 121 * postmaster notification is enabled. 122 * 123 * Other reports that other servers produce from the defer logfile: 124 * 125 * 2b) On-demand reports of all delayed deliveries by the showq(8) service 126 * and mailq(1) command. This reports all recipients that have a 127 * transient delivery error. 128 * 129 * 2c) RFC 3464-style "delayed mail" notifications by the defer(8) service. 130 * This reports to the sender all recipients that have no DSN NOTIFY 131 * information (compatibility) and all recipients that have DSN 132 * NOTIFY=DELAY; this reports to postmaster all recipients, if postmaster 133 * notification is enabled. 134 */ 135 bounce_info = bounce_mail_init(service, queue_name, queue_id, 136 encoding, smtputf8, dsn_envid, 137 ts->failure); 138 139 #define NULL_SENDER MAIL_ADDR_EMPTY /* special address */ 140 #define NULL_TRACE_FLAGS 0 141 142 /* 143 * The choice of sender address depends on the recipient address. For a 144 * single bounce (a non-delivery notification to the message originator), 145 * the sender address is the empty string. For a double bounce (typically 146 * a failed single bounce, or a postmaster notification that was produced 147 * by any of the mail processes) the sender address is defined by the 148 * var_double_bounce_sender configuration variable. When a double bounce 149 * cannot be delivered, the queue manager blackholes the resulting triple 150 * bounce message. 151 */ 152 153 /* 154 * Double bounce failed. Never send a triple bounce. 155 * 156 * However, this does not prevent double bounces from bouncing on other 157 * systems. In order to cope with this, either the queue manager must 158 * recognize the double-bounce recipient address and discard mail, or 159 * every delivery agent must recognize the double-bounce sender address 160 * and substitute something else so mail does not come back at us. 161 */ 162 if (strcasecmp_utf8(recipient, mail_addr_double_bounce()) == 0) { 163 msg_warn("%s: undeliverable postmaster notification discarded", 164 queue_id); 165 bounce_status = 0; 166 } 167 168 /* 169 * Single bounce failed. Optionally send a double bounce to postmaster, 170 * subject to notify_classes restrictions. 171 */ 172 #define ANY_BOUNCE (MAIL_ERROR_2BOUNCE | MAIL_ERROR_BOUNCE) 173 #define SEND_POSTMASTER_ANY_BOUNCE_NOTICE (notify_mask & ANY_BOUNCE) 174 175 else if (*recipient == 0) { 176 if (!SEND_POSTMASTER_ANY_BOUNCE_NOTICE) { 177 bounce_status = 0; 178 } else { 179 postmaster = var_2bounce_rcpt; 180 if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(), 181 postmaster, 182 MAIL_SRC_MASK_BOUNCE, 183 NULL_TRACE_FLAGS, 184 smtputf8, 185 new_id)) != 0) { 186 187 /* 188 * Double bounce to Postmaster. This is the last opportunity 189 * for this message to be delivered. Send the text with 190 * reason for the bounce, and the headers of the original 191 * message. Don't bother sending the boiler-plate text. 192 */ 193 count = -1; 194 if (bounce_header(bounce, bounce_info, postmaster, 195 POSTMASTER_COPY) == 0 196 && (count = bounce_diagnostic_log(bounce, bounce_info, 197 DSN_NOTIFY_OVERRIDE)) > 0 198 && bounce_header_dsn(bounce, bounce_info) == 0 199 && bounce_diagnostic_dsn(bounce, bounce_info, 200 DSN_NOTIFY_OVERRIDE) > 0) { 201 bounce_original(bounce, bounce_info, DSN_RET_FULL); 202 bounce_status = post_mail_fclose(bounce); 203 if (bounce_status == 0) 204 msg_info("%s: postmaster non-delivery notification: %s", 205 queue_id, STR(new_id)); 206 } else { 207 /* No applicable recipients found - cancel this notice. */ 208 (void) vstream_fclose(bounce); 209 if (count == 0) 210 bounce_status = 0; 211 } 212 } 213 } 214 } 215 216 /* 217 * Non-bounce failed. Send a single bounce to the sender, subject to DSN 218 * NOTIFY restrictions. 219 */ 220 else { 221 if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient, 222 MAIL_SRC_MASK_BOUNCE, 223 NULL_TRACE_FLAGS, 224 smtputf8, 225 new_id)) != 0) { 226 227 /* 228 * Send the bounce message header, some boilerplate text that 229 * pretends that we are a polite mail system, the text with 230 * reason for the bounce, and a copy of the original message. 231 */ 232 count = -1; 233 if (bounce_header(bounce, bounce_info, recipient, 234 NO_POSTMASTER_COPY) == 0 235 && bounce_boilerplate(bounce, bounce_info) == 0 236 && (count = bounce_diagnostic_log(bounce, bounce_info, 237 DSN_NOTIFY_FAILURE)) > 0 238 && bounce_header_dsn(bounce, bounce_info) == 0 239 && bounce_diagnostic_dsn(bounce, bounce_info, 240 DSN_NOTIFY_FAILURE) > 0) { 241 bounce_original(bounce, bounce_info, dsn_ret ? 242 dsn_ret : DSN_RET_FULL); 243 bounce_status = post_mail_fclose(bounce); 244 if (bounce_status == 0) 245 msg_info("%s: sender non-delivery notification: %s", 246 queue_id, STR(new_id)); 247 } else { 248 /* No applicable recipients found - cancel this notice. */ 249 (void) vstream_fclose(bounce); 250 if (count == 0) 251 bounce_status = 0; 252 } 253 } 254 255 /* 256 * Optionally, send a postmaster notice, subject to notify_classes 257 * restrictions. 258 * 259 * This postmaster notice is not critical, so if it fails don't 260 * retransmit the bounce that we just generated, just log a warning. 261 */ 262 #define SEND_POSTMASTER_SINGLE_BOUNCE_NOTICE (notify_mask & MAIL_ERROR_BOUNCE) 263 264 if (bounce_status == 0 && SEND_POSTMASTER_SINGLE_BOUNCE_NOTICE 265 && strcasecmp_utf8(recipient, mail_addr_double_bounce()) != 0) { 266 267 /* 268 * Send the text with reason for the bounce, and the headers of 269 * the original message. Don't bother sending the boiler-plate 270 * text. This postmaster notice is not critical, so if it fails 271 * don't retransmit the bounce that we just generated, just log a 272 * warning. 273 */ 274 postmaster = var_bounce_rcpt; 275 if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(), 276 postmaster, 277 MAIL_SRC_MASK_BOUNCE, 278 NULL_TRACE_FLAGS, 279 smtputf8, 280 new_id)) != 0) { 281 count = -1; 282 if (bounce_header(bounce, bounce_info, postmaster, 283 POSTMASTER_COPY) == 0 284 && (count = bounce_diagnostic_log(bounce, bounce_info, 285 DSN_NOTIFY_OVERRIDE)) > 0 286 && bounce_header_dsn(bounce, bounce_info) == 0 287 && bounce_diagnostic_dsn(bounce, bounce_info, 288 DSN_NOTIFY_OVERRIDE) > 0) { 289 bounce_original(bounce, bounce_info, DSN_RET_HDRS); 290 postmaster_status = post_mail_fclose(bounce); 291 if (postmaster_status == 0) 292 msg_info("%s: postmaster non-delivery notification: %s", 293 queue_id, STR(new_id)); 294 } else { 295 /* No applicable recipients found - cancel this notice. */ 296 (void) vstream_fclose(bounce); 297 if (count == 0) 298 postmaster_status = 0; 299 } 300 } 301 if (postmaster_status) 302 msg_warn("%s: postmaster notice failed while bouncing to %s", 303 queue_id, recipient); 304 } 305 } 306 307 /* 308 * Optionally, delete the recipients from the queue file. 309 */ 310 if (bounce_status == 0 && (flags & BOUNCE_FLAG_DELRCPT)) 311 bounce_delrcpt(bounce_info); 312 313 /* 314 * Examine the completion status. Delete the bounce log file only when 315 * the bounce was posted successfully, and only if we are bouncing for 316 * real, not just warning. 317 */ 318 if (bounce_status == 0 && mail_queue_remove(service, queue_id) 319 && errno != ENOENT) 320 msg_fatal("remove %s %s: %m", service, queue_id); 321 322 /* 323 * Cleanup. 324 */ 325 bounce_mail_free(bounce_info); 326 vstring_free(new_id); 327 328 return (bounce_status); 329 } 330