1 /* $NetBSD: cleanup.c,v 1.8 2022/10/08 16:12:45 christos Exp $ */
2
3 /*++
4 /* NAME
5 /* cleanup 8
6 /* SUMMARY
7 /* canonicalize and enqueue Postfix message
8 /* SYNOPSIS
9 /* \fBcleanup\fR [generic Postfix daemon options]
10 /* DESCRIPTION
11 /* The \fBcleanup\fR(8) daemon processes inbound mail, inserts it
12 /* into the \fBincoming\fR mail queue, and informs the queue
13 /* manager of its arrival.
14 /*
15 /* The \fBcleanup\fR(8) daemon performs the following transformations:
16 /* .IP \(bu
17 /* Insert missing message headers: (\fBResent-\fR) \fBFrom:\fR,
18 /* \fBTo:\fR, \fBMessage-Id:\fR, and \fBDate:\fR.
19 /* .br
20 /* This is enabled with the \fBlocal_header_rewrite_clients\fR and
21 /* \fBalways_add_missing_headers\fR parameter settings.
22 /* .IP \(bu
23 /* Transform envelope and header addresses to the standard
24 /* \fIuser@fully-qualified-domain\fR form that is expected by other
25 /* Postfix programs.
26 /* This task depends on the \fBtrivial-rewrite\fR(8) daemon.
27 /* .br
28 /* The header transformation is enabled with the
29 /* \fBlocal_header_rewrite_clients\fR parameter setting.
30 /* .IP \(bu
31 /* Eliminate duplicate envelope recipient addresses.
32 /* .br
33 /* This is enabled with the \fBduplicate_filter_limit\fR
34 /* parameter setting.
35 /* .IP \(bu
36 /* Remove message headers: \fBBcc\fR, \fBContent-Length\fR,
37 /* \fBResent-Bcc\fR, \fBReturn-Path\fR.
38 /* .br
39 /* This is enabled with the message_drop_headers parameter
40 /* setting.
41 /* .IP \(bu
42 /* Optionally, rewrite all envelope and header addresses according
43 /* to the mappings specified in the \fBcanonical\fR(5) lookup tables.
44 /* .br
45 /* The header transformation is enabled with the
46 /* \fBlocal_header_rewrite_clients\fR parameter setting.
47 /* .IP \(bu
48 /* Optionally, masquerade envelope sender addresses and message
49 /* header addresses (i.e. strip host or domain information below
50 /* all domains listed in the \fBmasquerade_domains\fR parameter,
51 /* except for user names listed in \fBmasquerade_exceptions\fR).
52 /* By default, address masquerading does not affect envelope recipients.
53 /* .br
54 /* The header transformation is enabled with the
55 /* \fBlocal_header_rewrite_clients\fR parameter setting.
56 /* .IP \(bu
57 /* Optionally, expand envelope recipients according to information
58 /* found in the \fBvirtual_alias_maps\fR lookup tables.
59 /* .PP
60 /* The \fBcleanup\fR(8) daemon performs sanity checks on the content of
61 /* each message. When it finds a problem, by default it returns a
62 /* diagnostic status to the cleanup service client, and leaves
63 /* it up to the client
64 /* to deal with the problem. Alternatively, the client can request
65 /* the \fBcleanup\fR(8) daemon to bounce the message back to the sender
66 /* in case of trouble.
67 /* STANDARDS
68 /* RFC 822 (ARPA Internet Text Messages)
69 /* RFC 2045 (MIME: Format of Internet Message Bodies)
70 /* RFC 2046 (MIME: Media Types)
71 /* RFC 2822 (Internet Message Format)
72 /* RFC 3463 (Enhanced Status Codes)
73 /* RFC 3464 (Delivery status notifications)
74 /* RFC 5322 (Internet Message Format)
75 /* DIAGNOSTICS
76 /* Problems and transactions are logged to \fBsyslogd\fR(8)
77 /* or \fBpostlogd\fR(8).
78 /* BUGS
79 /* Table-driven rewriting rules make it hard to express \fBif then
80 /* else\fR and other logical relationships.
81 /* CONFIGURATION PARAMETERS
82 /* .ad
83 /* .fi
84 /* Changes to \fBmain.cf\fR are picked up automatically, as
85 /* \fBcleanup\fR(8)
86 /* processes run for only a limited amount of time. Use the command
87 /* "\fBpostfix reload\fR" to speed up a change.
88 /*
89 /* The text below provides only a parameter summary. See
90 /* \fBpostconf\fR(5) for more details including examples.
91 /* COMPATIBILITY CONTROLS
92 /* .ad
93 /* .fi
94 /* .IP "\fBundisclosed_recipients_header (see 'postconf -d' output)\fR"
95 /* Message header that the Postfix \fBcleanup\fR(8) server inserts when a
96 /* message contains no To: or Cc: message header.
97 /* .PP
98 /* Available in Postfix version 2.1 only:
99 /* .IP "\fBenable_errors_to (no)\fR"
100 /* Report mail delivery errors to the address specified with the
101 /* non-standard Errors-To: message header, instead of the envelope
102 /* sender address (this feature is removed with Postfix version 2.2, is
103 /* turned off by default with Postfix version 2.1, and is always turned on
104 /* with older Postfix versions).
105 /* .PP
106 /* Available in Postfix version 2.6 and later:
107 /* .IP "\fBalways_add_missing_headers (no)\fR"
108 /* Always add (Resent-) From:, To:, Date: or Message-ID: headers
109 /* when not present.
110 /* .PP
111 /* Available in Postfix version 2.9 and later:
112 /* .IP "\fBenable_long_queue_ids (no)\fR"
113 /* Enable long, non-repeating, queue IDs (queue file names).
114 /* .PP
115 /* Available in Postfix version 3.0 and later:
116 /* .IP "\fBmessage_drop_headers (bcc, content-length, resent-bcc, return-path)\fR"
117 /* Names of message headers that the \fBcleanup\fR(8) daemon will remove
118 /* after applying \fBheader_checks\fR(5) and before invoking Milter applications.
119 /* .IP "\fBheader_from_format (standard)\fR"
120 /* The format of the Postfix-generated \fBFrom:\fR header.
121 /* BUILT-IN CONTENT FILTERING CONTROLS
122 /* .ad
123 /* .fi
124 /* Postfix built-in content filtering is meant to stop a flood of
125 /* worms or viruses. It is not a general content filter.
126 /* .IP "\fBbody_checks (empty)\fR"
127 /* Optional lookup tables for content inspection as specified in
128 /* the \fBbody_checks\fR(5) manual page.
129 /* .IP "\fBheader_checks (empty)\fR"
130 /* Optional lookup tables for content inspection of primary non-MIME
131 /* message headers, as specified in the \fBheader_checks\fR(5) manual page.
132 /* .PP
133 /* Available in Postfix version 2.0 and later:
134 /* .IP "\fBbody_checks_size_limit (51200)\fR"
135 /* How much text in a message body segment (or attachment, if you
136 /* prefer to use that term) is subjected to body_checks inspection.
137 /* .IP "\fBmime_header_checks ($header_checks)\fR"
138 /* Optional lookup tables for content inspection of MIME related
139 /* message headers, as described in the \fBheader_checks\fR(5) manual page.
140 /* .IP "\fBnested_header_checks ($header_checks)\fR"
141 /* Optional lookup tables for content inspection of non-MIME message
142 /* headers in attached messages, as described in the \fBheader_checks\fR(5)
143 /* manual page.
144 /* .PP
145 /* Available in Postfix version 2.3 and later:
146 /* .IP "\fBmessage_reject_characters (empty)\fR"
147 /* The set of characters that Postfix will reject in message
148 /* content.
149 /* .IP "\fBmessage_strip_characters (empty)\fR"
150 /* The set of characters that Postfix will remove from message
151 /* content.
152 /* BEFORE QUEUE MILTER CONTROLS
153 /* .ad
154 /* .fi
155 /* As of version 2.3, Postfix supports the Sendmail version 8
156 /* Milter (mail filter) protocol. When mail is not received via
157 /* the smtpd(8) server, the cleanup(8) server will simulate
158 /* SMTP events to the extent that this is possible. For details
159 /* see the MILTER_README document.
160 /* .IP "\fBnon_smtpd_milters (empty)\fR"
161 /* A list of Milter (mail filter) applications for new mail that
162 /* does not arrive via the Postfix \fBsmtpd\fR(8) server.
163 /* .IP "\fBmilter_protocol (6)\fR"
164 /* The mail filter protocol version and optional protocol extensions
165 /* for communication with a Milter application; prior to Postfix 2.6
166 /* the default protocol is 2.
167 /* .IP "\fBmilter_default_action (tempfail)\fR"
168 /* The default action when a Milter (mail filter) response is
169 /* unavailable (for example, bad Postfix configuration or Milter
170 /* failure).
171 /* .IP "\fBmilter_macro_daemon_name ($myhostname)\fR"
172 /* The {daemon_name} macro value for Milter (mail filter) applications.
173 /* .IP "\fBmilter_macro_v ($mail_name $mail_version)\fR"
174 /* The {v} macro value for Milter (mail filter) applications.
175 /* .IP "\fBmilter_connect_timeout (30s)\fR"
176 /* The time limit for connecting to a Milter (mail filter)
177 /* application, and for negotiating protocol options.
178 /* .IP "\fBmilter_command_timeout (30s)\fR"
179 /* The time limit for sending an SMTP command to a Milter (mail
180 /* filter) application, and for receiving the response.
181 /* .IP "\fBmilter_content_timeout (300s)\fR"
182 /* The time limit for sending message content to a Milter (mail
183 /* filter) application, and for receiving the response.
184 /* .IP "\fBmilter_connect_macros (see 'postconf -d' output)\fR"
185 /* The macros that are sent to Milter (mail filter) applications
186 /* after completion of an SMTP connection.
187 /* .IP "\fBmilter_helo_macros (see 'postconf -d' output)\fR"
188 /* The macros that are sent to Milter (mail filter) applications
189 /* after the SMTP HELO or EHLO command.
190 /* .IP "\fBmilter_mail_macros (see 'postconf -d' output)\fR"
191 /* The macros that are sent to Milter (mail filter) applications
192 /* after the SMTP MAIL FROM command.
193 /* .IP "\fBmilter_rcpt_macros (see 'postconf -d' output)\fR"
194 /* The macros that are sent to Milter (mail filter) applications
195 /* after the SMTP RCPT TO command.
196 /* .IP "\fBmilter_data_macros (see 'postconf -d' output)\fR"
197 /* The macros that are sent to version 4 or higher Milter (mail
198 /* filter) applications after the SMTP DATA command.
199 /* .IP "\fBmilter_unknown_command_macros (see 'postconf -d' output)\fR"
200 /* The macros that are sent to version 3 or higher Milter (mail
201 /* filter) applications after an unknown SMTP command.
202 /* .IP "\fBmilter_end_of_data_macros (see 'postconf -d' output)\fR"
203 /* The macros that are sent to Milter (mail filter) applications
204 /* after the message end-of-data.
205 /* .PP
206 /* Available in Postfix version 2.5 and later:
207 /* .IP "\fBmilter_end_of_header_macros (see 'postconf -d' output)\fR"
208 /* The macros that are sent to Milter (mail filter) applications
209 /* after the end of the message header.
210 /* .PP
211 /* Available in Postfix version 2.7 and later:
212 /* .IP "\fBmilter_header_checks (empty)\fR"
213 /* Optional lookup tables for content inspection of message headers
214 /* that are produced by Milter applications.
215 /* .PP
216 /* Available in Postfix version 3.1 and later:
217 /* .IP "\fBmilter_macro_defaults (empty)\fR"
218 /* Optional list of \fIname=value\fR pairs that specify default
219 /* values for arbitrary macros that Postfix may send to Milter
220 /* applications.
221 /* MIME PROCESSING CONTROLS
222 /* .ad
223 /* .fi
224 /* Available in Postfix version 2.0 and later:
225 /* .IP "\fBdisable_mime_input_processing (no)\fR"
226 /* Turn off MIME processing while receiving mail.
227 /* .IP "\fBmime_boundary_length_limit (2048)\fR"
228 /* The maximal length of MIME multipart boundary strings.
229 /* .IP "\fBmime_nesting_limit (100)\fR"
230 /* The maximal recursion level that the MIME processor will handle.
231 /* .IP "\fBstrict_8bitmime (no)\fR"
232 /* Enable both strict_7bit_headers and strict_8bitmime_body.
233 /* .IP "\fBstrict_7bit_headers (no)\fR"
234 /* Reject mail with 8-bit text in message headers.
235 /* .IP "\fBstrict_8bitmime_body (no)\fR"
236 /* Reject 8-bit message body text without 8-bit MIME content encoding
237 /* information.
238 /* .IP "\fBstrict_mime_encoding_domain (no)\fR"
239 /* Reject mail with invalid Content-Transfer-Encoding: information
240 /* for the message/* or multipart/* MIME content types.
241 /* .PP
242 /* Available in Postfix version 2.5 and later:
243 /* .IP "\fBdetect_8bit_encoding_header (yes)\fR"
244 /* Automatically detect 8BITMIME body content by looking at
245 /* Content-Transfer-Encoding: message headers; historically, this
246 /* behavior was hard-coded to be "always on".
247 /* AUTOMATIC BCC RECIPIENT CONTROLS
248 /* .ad
249 /* .fi
250 /* Postfix can automatically add BCC (blind carbon copy)
251 /* when mail enters the mail system:
252 /* .IP "\fBalways_bcc (empty)\fR"
253 /* Optional address that receives a "blind carbon copy" of each message
254 /* that is received by the Postfix mail system.
255 /* .PP
256 /* Available in Postfix version 2.1 and later:
257 /* .IP "\fBsender_bcc_maps (empty)\fR"
258 /* Optional BCC (blind carbon-copy) address lookup tables, indexed
259 /* by sender address.
260 /* .IP "\fBrecipient_bcc_maps (empty)\fR"
261 /* Optional BCC (blind carbon-copy) address lookup tables, indexed by
262 /* recipient address.
263 /* ADDRESS TRANSFORMATION CONTROLS
264 /* .ad
265 /* .fi
266 /* Address rewriting is delegated to the \fBtrivial-rewrite\fR(8) daemon.
267 /* The \fBcleanup\fR(8) server implements table driven address mapping.
268 /* .IP "\fBempty_address_recipient (MAILER-DAEMON)\fR"
269 /* The recipient of mail addressed to the null address.
270 /* .IP "\fBcanonical_maps (empty)\fR"
271 /* Optional address mapping lookup tables for message headers and
272 /* envelopes.
273 /* .IP "\fBrecipient_canonical_maps (empty)\fR"
274 /* Optional address mapping lookup tables for envelope and header
275 /* recipient addresses.
276 /* .IP "\fBsender_canonical_maps (empty)\fR"
277 /* Optional address mapping lookup tables for envelope and header
278 /* sender addresses.
279 /* .IP "\fBmasquerade_classes (envelope_sender, header_sender, header_recipient)\fR"
280 /* What addresses are subject to address masquerading.
281 /* .IP "\fBmasquerade_domains (empty)\fR"
282 /* Optional list of domains whose subdomain structure will be stripped
283 /* off in email addresses.
284 /* .IP "\fBmasquerade_exceptions (empty)\fR"
285 /* Optional list of user names that are not subjected to address
286 /* masquerading, even when their addresses match $masquerade_domains.
287 /* .IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR"
288 /* What address lookup tables copy an address extension from the lookup
289 /* key to the lookup result.
290 /* .PP
291 /* Available before Postfix version 2.0:
292 /* .IP "\fBvirtual_maps (empty)\fR"
293 /* Optional lookup tables with a) names of domains for which all
294 /* addresses are aliased to addresses in other local or remote domains,
295 /* and b) addresses that are aliased to addresses in other local or
296 /* remote domains.
297 /* .PP
298 /* Available in Postfix version 2.0 and later:
299 /* .IP "\fBvirtual_alias_maps ($virtual_maps)\fR"
300 /* Optional lookup tables that alias specific mail addresses or domains
301 /* to other local or remote address.
302 /* .PP
303 /* Available in Postfix version 2.2 and later:
304 /* .IP "\fBcanonical_classes (envelope_sender, envelope_recipient, header_sender, header_recipient)\fR"
305 /* What addresses are subject to canonical_maps address mapping.
306 /* .IP "\fBrecipient_canonical_classes (envelope_recipient, header_recipient)\fR"
307 /* What addresses are subject to recipient_canonical_maps address
308 /* mapping.
309 /* .IP "\fBsender_canonical_classes (envelope_sender, header_sender)\fR"
310 /* What addresses are subject to sender_canonical_maps address
311 /* mapping.
312 /* .IP "\fBremote_header_rewrite_domain (empty)\fR"
313 /* Don't rewrite message headers from remote clients at all when
314 /* this parameter is empty; otherwise, rewrite message headers and
315 /* append the specified domain name to incomplete addresses.
316 /* RESOURCE AND RATE CONTROLS
317 /* .ad
318 /* .fi
319 /* .IP "\fBduplicate_filter_limit (1000)\fR"
320 /* The maximal number of addresses remembered by the address
321 /* duplicate filter for \fBaliases\fR(5) or \fBvirtual\fR(5) alias expansion, or
322 /* for \fBshowq\fR(8) queue displays.
323 /* .IP "\fBheader_size_limit (102400)\fR"
324 /* The maximal amount of memory in bytes for storing a message header.
325 /* .IP "\fBhopcount_limit (50)\fR"
326 /* The maximal number of Received: message headers that is allowed
327 /* in the primary message headers.
328 /* .IP "\fBin_flow_delay (1s)\fR"
329 /* Time to pause before accepting a new message, when the message
330 /* arrival rate exceeds the message delivery rate.
331 /* .IP "\fBmessage_size_limit (10240000)\fR"
332 /* The maximal size in bytes of a message, including envelope information.
333 /* .PP
334 /* Available in Postfix version 2.0 and later:
335 /* .IP "\fBheader_address_token_limit (10240)\fR"
336 /* The maximal number of address tokens are allowed in an address
337 /* message header.
338 /* .IP "\fBmime_boundary_length_limit (2048)\fR"
339 /* The maximal length of MIME multipart boundary strings.
340 /* .IP "\fBmime_nesting_limit (100)\fR"
341 /* The maximal recursion level that the MIME processor will handle.
342 /* .IP "\fBqueue_file_attribute_count_limit (100)\fR"
343 /* The maximal number of (name=value) attributes that may be stored
344 /* in a Postfix queue file.
345 /* .PP
346 /* Available in Postfix version 2.1 and later:
347 /* .IP "\fBvirtual_alias_expansion_limit (1000)\fR"
348 /* The maximal number of addresses that virtual alias expansion produces
349 /* from each original recipient.
350 /* .IP "\fBvirtual_alias_recursion_limit (1000)\fR"
351 /* The maximal nesting depth of virtual alias expansion.
352 /* .PP
353 /* Available in Postfix version 3.0 and later:
354 /* .IP "\fBvirtual_alias_address_length_limit (1000)\fR"
355 /* The maximal length of an email address after virtual alias expansion.
356 /* SMTPUTF8 CONTROLS
357 /* .ad
358 /* .fi
359 /* Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
360 /* .IP "\fBsmtputf8_enable (yes)\fR"
361 /* Enable preliminary SMTPUTF8 support for the protocols described
362 /* in RFC 6531..6533.
363 /* .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR"
364 /* Detect that a message requires SMTPUTF8 support for the specified
365 /* mail origin classes.
366 /* .PP
367 /* Available in Postfix version 3.2 and later:
368 /* .IP "\fBenable_idna2003_compatibility (no)\fR"
369 /* Enable 'transitional' compatibility between IDNA2003 and IDNA2008,
370 /* when converting UTF-8 domain names to/from the ASCII form that is
371 /* used for DNS lookups.
372 /* MISCELLANEOUS CONTROLS
373 /* .ad
374 /* .fi
375 /* .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
376 /* The default location of the Postfix main.cf and master.cf
377 /* configuration files.
378 /* .IP "\fBdaemon_timeout (18000s)\fR"
379 /* How much time a Postfix daemon process may take to handle a
380 /* request before it is terminated by a built-in watchdog timer.
381 /* .IP "\fBdelay_logging_resolution_limit (2)\fR"
382 /* The maximal number of digits after the decimal point when logging
383 /* sub-second delay values.
384 /* .IP "\fBdelay_warning_time (0h)\fR"
385 /* The time after which the sender receives a copy of the message
386 /* headers of mail that is still queued.
387 /* .IP "\fBipc_timeout (3600s)\fR"
388 /* The time limit for sending or receiving information over an internal
389 /* communication channel.
390 /* .IP "\fBmax_idle (100s)\fR"
391 /* The maximum amount of time that an idle Postfix daemon process waits
392 /* for an incoming connection before terminating voluntarily.
393 /* .IP "\fBmax_use (100)\fR"
394 /* The maximal number of incoming connections that a Postfix daemon
395 /* process will service before terminating voluntarily.
396 /* .IP "\fBmyhostname (see 'postconf -d' output)\fR"
397 /* The internet hostname of this mail system.
398 /* .IP "\fBmyorigin ($myhostname)\fR"
399 /* The domain name that locally-posted mail appears to come
400 /* from, and that locally posted mail is delivered to.
401 /* .IP "\fBprocess_id (read-only)\fR"
402 /* The process ID of a Postfix command or daemon process.
403 /* .IP "\fBprocess_name (read-only)\fR"
404 /* The process name of a Postfix command or daemon process.
405 /* .IP "\fBqueue_directory (see 'postconf -d' output)\fR"
406 /* The location of the Postfix top-level queue directory.
407 /* .IP "\fBsoft_bounce (no)\fR"
408 /* Safety net to keep mail queued that would otherwise be returned to
409 /* the sender.
410 /* .IP "\fBsyslog_facility (mail)\fR"
411 /* The syslog facility of Postfix logging.
412 /* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
413 /* A prefix that is prepended to the process name in syslog
414 /* records, so that, for example, "smtpd" becomes "prefix/smtpd".
415 /* .PP
416 /* Available in Postfix version 2.1 and later:
417 /* .IP "\fBenable_original_recipient (yes)\fR"
418 /* Enable support for the original recipient address after an
419 /* address is rewritten to a different address (for example with
420 /* aliasing or with canonical mapping).
421 /* .PP
422 /* Available in Postfix 3.3 and later:
423 /* .IP "\fBservice_name (read-only)\fR"
424 /* The master.cf service name of a Postfix daemon process.
425 /* .PP
426 /* Available in Postfix 3.5 and later:
427 /* .IP "\fBinfo_log_address_format (external)\fR"
428 /* The email address form that will be used in non-debug logging
429 /* (info, warning, etc.).
430 /* FILES
431 /* /etc/postfix/canonical*, canonical mapping table
432 /* /etc/postfix/virtual*, virtual mapping table
433 /* SEE ALSO
434 /* trivial-rewrite(8), address rewriting
435 /* qmgr(8), queue manager
436 /* header_checks(5), message header content inspection
437 /* body_checks(5), body parts content inspection
438 /* canonical(5), canonical address lookup table format
439 /* virtual(5), virtual alias lookup table format
440 /* postconf(5), configuration parameters
441 /* master(5), generic daemon options
442 /* master(8), process manager
443 /* postlogd(8), Postfix logging
444 /* syslogd(8), system logging
445 /* README FILES
446 /* .ad
447 /* .fi
448 /* Use "\fBpostconf readme_directory\fR" or
449 /* "\fBpostconf html_directory\fR" to locate this information.
450 /* .na
451 /* .nf
452 /* ADDRESS_REWRITING_README Postfix address manipulation
453 /* CONTENT_INSPECTION_README content inspection
454 /* LICENSE
455 /* .ad
456 /* .fi
457 /* The Secure Mailer license must be distributed with this software.
458 /* AUTHOR(S)
459 /* Wietse Venema
460 /* IBM T.J. Watson Research
461 /* P.O. Box 704
462 /* Yorktown Heights, NY 10598, USA
463 /*
464 /* Wietse Venema
465 /* Google, Inc.
466 /* 111 8th Avenue
467 /* New York, NY 10011, USA
468 /*--*/
469
470 /* System library. */
471
472 #include <sys_defs.h>
473 #include <signal.h>
474 #include <unistd.h>
475 #include <stdlib.h>
476
477 /* Utility library. */
478
479 #include <msg.h>
480 #include <vstring.h>
481 #include <dict.h>
482
483 /* Global library. */
484
485 #include <mail_conf.h>
486 #include <cleanup_user.h>
487 #include <mail_proto.h>
488 #include <mail_params.h>
489 #include <record.h>
490 #include <rec_type.h>
491 #include <mail_version.h>
492
493 /* Single-threaded server skeleton. */
494
495 #include <mail_server.h>
496
497 /* Application-specific. */
498
499 #include "cleanup.h"
500
501 /* cleanup_service - process one request to inject a message into the queue */
502
cleanup_service(VSTREAM * src,char * unused_service,char ** argv)503 static void cleanup_service(VSTREAM *src, char *unused_service, char **argv)
504 {
505 VSTRING *buf = vstring_alloc(100);
506 CLEANUP_STATE *state;
507 int flags;
508 int type = 0;
509 int status;
510
511 /*
512 * Sanity check. This service takes no command-line arguments.
513 */
514 if (argv[0])
515 msg_fatal("unexpected command-line argument: %s", argv[0]);
516
517 /*
518 * Open a queue file and initialize state.
519 */
520 state = cleanup_open(src);
521
522 /*
523 * Send the queue id to the client. Read client processing options. If we
524 * can't read the client processing options we can pretty much forget
525 * about the whole operation.
526 */
527 attr_print(src, ATTR_FLAG_NONE,
528 SEND_ATTR_STR(MAIL_ATTR_PROTO, MAIL_ATTR_PROTO_CLEANUP),
529 SEND_ATTR_STR(MAIL_ATTR_QUEUEID, state->queue_id),
530 ATTR_TYPE_END);
531 if (attr_scan(src, ATTR_FLAG_STRICT,
532 RECV_ATTR_INT(MAIL_ATTR_FLAGS, &flags),
533 ATTR_TYPE_END) != 1) {
534 state->errs |= CLEANUP_STAT_BAD;
535 flags = 0;
536 }
537 cleanup_control(state, flags);
538
539 /*
540 * XXX Rely on the front-end programs to enforce record size limits.
541 *
542 * First, copy the envelope records to the queue file. Then, copy the
543 * message content (headers and body). Finally, attach any information
544 * extracted from message headers.
545 */
546 while (CLEANUP_OUT_OK(state)) {
547 if ((type = rec_get_raw(src, buf, 0, REC_FLAG_NONE)) < 0) {
548 state->errs |= CLEANUP_STAT_BAD;
549 break;
550 }
551 if (REC_GET_HIDDEN_TYPE(type)) {
552 msg_warn("%s: record type %d not allowed - discarding this message",
553 state->queue_id, type);
554 state->errs |= CLEANUP_STAT_BAD;
555 break;
556 }
557 CLEANUP_RECORD(state, type, vstring_str(buf), VSTRING_LEN(buf));
558 if (type == REC_TYPE_END)
559 break;
560 }
561
562 /*
563 * Keep reading in case of problems, until the sender is ready to receive
564 * our status report.
565 */
566 if (CLEANUP_OUT_OK(state) == 0 && type > 0) {
567 while (type != REC_TYPE_END
568 && (type = rec_get_raw(src, buf, 0, REC_FLAG_NONE)) > 0) {
569 if (type == REC_TYPE_MILT_COUNT) {
570 int milter_count = atoi(vstring_str(buf));
571
572 /* Avoid deadlock. */
573 if (milter_count >= 0)
574 cleanup_milter_receive(state, milter_count);
575 }
576 }
577 }
578
579 /*
580 * Log something to make timeout errors easier to debug.
581 */
582 if (vstream_ftimeout(src))
583 msg_warn("%s: read timeout on %s",
584 state->queue_id, VSTREAM_PATH(src));
585
586 /*
587 * Finish this message, and report the result status to the client.
588 */
589 status = cleanup_flush(state); /* in case state is modified */
590 attr_print(src, ATTR_FLAG_NONE,
591 SEND_ATTR_INT(MAIL_ATTR_STATUS, status),
592 SEND_ATTR_STR(MAIL_ATTR_WHY,
593 (state->flags & CLEANUP_FLAG_SMTP_REPLY)
594 && state->smtp_reply ? state->smtp_reply :
595 state->reason ? state->reason : ""),
596 ATTR_TYPE_END);
597 cleanup_free(state);
598
599 /*
600 * Cleanup.
601 */
602 vstring_free(buf);
603 }
604
605 /* pre_accept - see if tables have changed */
606
pre_accept(char * unused_name,char ** unused_argv)607 static void pre_accept(char *unused_name, char **unused_argv)
608 {
609 const char *table;
610
611 if ((table = dict_changed_name()) != 0) {
612 msg_info("table %s has changed -- restarting", table);
613 exit(0);
614 }
615 }
616
617 MAIL_VERSION_STAMP_DECLARE;
618
619 /* main - the main program */
620
main(int argc,char ** argv)621 int main(int argc, char **argv)
622 {
623
624 /*
625 * Fingerprint executables and core dumps.
626 */
627 MAIL_VERSION_STAMP_ALLOCATE;
628
629 /*
630 * Clean up an incomplete queue file in case of a fatal run-time error,
631 * or after receiving SIGTERM from the master at shutdown time.
632 */
633 signal(SIGTERM, cleanup_sig);
634 msg_cleanup(cleanup_all);
635
636 /*
637 * Pass control to the single-threaded service skeleton.
638 */
639 single_server_main(argc, argv, cleanup_service,
640 CA_MAIL_SERVER_INT_TABLE(cleanup_int_table),
641 CA_MAIL_SERVER_BOOL_TABLE(cleanup_bool_table),
642 CA_MAIL_SERVER_STR_TABLE(cleanup_str_table),
643 CA_MAIL_SERVER_TIME_TABLE(cleanup_time_table),
644 CA_MAIL_SERVER_PRE_INIT(cleanup_pre_jail),
645 CA_MAIL_SERVER_POST_INIT(cleanup_post_jail),
646 CA_MAIL_SERVER_PRE_ACCEPT(pre_accept),
647 CA_MAIL_SERVER_IN_FLOW_DELAY,
648 CA_MAIL_SERVER_UNLIMITED,
649 0);
650 }
651