1 /* $NetBSD: error.c,v 1.3 2020/03/18 19:05:16 christos Exp $ */
2
3 /*++
4 /* NAME
5 /* error 8
6 /* SUMMARY
7 /* Postfix error/retry mail delivery agent
8 /* SYNOPSIS
9 /* \fBerror\fR [generic Postfix daemon options]
10 /* DESCRIPTION
11 /* The Postfix \fBerror\fR(8) delivery agent processes delivery
12 /* requests from
13 /* the queue manager. Each request specifies a queue file, a sender
14 /* address, the reason for non-delivery (specified as the
15 /* next-hop destination), and recipient information.
16 /* The reason may be prefixed with an RFC 3463-compatible detail code;
17 /* if none is specified a default 4.0.0 or 5.0.0 code is used instead.
18 /* This program expects to be run from the \fBmaster\fR(8) process
19 /* manager.
20 /*
21 /* Depending on the service name in master.cf, \fBerror\fR
22 /* or \fBretry\fR, the server bounces or defers all recipients
23 /* in the delivery request using the "next-hop" information
24 /* as the reason for non-delivery. The \fBretry\fR service name is
25 /* supported as of Postfix 2.4.
26 /*
27 /* Delivery status reports are sent to the \fBbounce\fR(8),
28 /* \fBdefer\fR(8) or \fBtrace\fR(8) daemon as appropriate.
29 /* SECURITY
30 /* .ad
31 /* .fi
32 /* The \fBerror\fR(8) mailer is not security-sensitive. It does not talk
33 /* to the network, and can be run chrooted at fixed low privilege.
34 /* STANDARDS
35 /* RFC 3463 (Enhanced Status Codes)
36 /* DIAGNOSTICS
37 /* Problems and transactions are logged to \fBsyslogd\fR(8)
38 /* or \fBpostlogd\fR(8).
39 /*
40 /* Depending on the setting of the \fBnotify_classes\fR parameter,
41 /* the postmaster is notified of bounces and of other trouble.
42 /* CONFIGURATION PARAMETERS
43 /* .ad
44 /* .fi
45 /* Changes to \fBmain.cf\fR are picked up automatically as \fBerror\fR(8)
46 /* processes run for only a limited amount of time. Use the command
47 /* "\fBpostfix reload\fR" to speed up a change.
48 /*
49 /* The text below provides only a parameter summary. See
50 /* \fBpostconf\fR(5) for more details including examples.
51 /* .IP "\fB2bounce_notice_recipient (postmaster)\fR"
52 /* The recipient of undeliverable mail that cannot be returned to
53 /* the sender.
54 /* .IP "\fBbounce_notice_recipient (postmaster)\fR"
55 /* The recipient of postmaster notifications with the message headers
56 /* of mail that Postfix did not deliver and of SMTP conversation
57 /* transcripts of mail that Postfix did not receive.
58 /* .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
59 /* The default location of the Postfix main.cf and master.cf
60 /* configuration files.
61 /* .IP "\fBdaemon_timeout (18000s)\fR"
62 /* How much time a Postfix daemon process may take to handle a
63 /* request before it is terminated by a built-in watchdog timer.
64 /* .IP "\fBdelay_logging_resolution_limit (2)\fR"
65 /* The maximal number of digits after the decimal point when logging
66 /* sub-second delay values.
67 /* .IP "\fBdouble_bounce_sender (double-bounce)\fR"
68 /* The sender address of postmaster notifications that are generated
69 /* by the mail system.
70 /* .IP "\fBipc_timeout (3600s)\fR"
71 /* The time limit for sending or receiving information over an internal
72 /* communication channel.
73 /* .IP "\fBmax_idle (100s)\fR"
74 /* The maximum amount of time that an idle Postfix daemon process waits
75 /* for an incoming connection before terminating voluntarily.
76 /* .IP "\fBmax_use (100)\fR"
77 /* The maximal number of incoming connections that a Postfix daemon
78 /* process will service before terminating voluntarily.
79 /* .IP "\fBnotify_classes (resource, software)\fR"
80 /* The list of error classes that are reported to the postmaster.
81 /* .IP "\fBprocess_id (read-only)\fR"
82 /* The process ID of a Postfix command or daemon process.
83 /* .IP "\fBprocess_name (read-only)\fR"
84 /* The process name of a Postfix command or daemon process.
85 /* .IP "\fBqueue_directory (see 'postconf -d' output)\fR"
86 /* The location of the Postfix top-level queue directory.
87 /* .IP "\fBsyslog_facility (mail)\fR"
88 /* The syslog facility of Postfix logging.
89 /* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
90 /* A prefix that is prepended to the process name in syslog
91 /* records, so that, for example, "smtpd" becomes "prefix/smtpd".
92 /* .PP
93 /* Available in Postfix 3.3 and later:
94 /* .IP "\fBservice_name (read-only)\fR"
95 /* The master.cf service name of a Postfix daemon process.
96 /* SEE ALSO
97 /* qmgr(8), queue manager
98 /* bounce(8), delivery status reports
99 /* discard(8), Postfix discard delivery agent
100 /* postconf(5), configuration parameters
101 /* master(5), generic daemon options
102 /* master(8), process manager
103 /* postlogd(8), Postfix logging
104 /* syslogd(8), system logging
105 /* LICENSE
106 /* .ad
107 /* .fi
108 /* The Secure Mailer license must be distributed with this software.
109 /* AUTHOR(S)
110 /* Wietse Venema
111 /* IBM T.J. Watson Research
112 /* P.O. Box 704
113 /* Yorktown Heights, NY 10598, USA
114 /*
115 /* Wietse Venema
116 /* Google, Inc.
117 /* 111 8th Avenue
118 /* New York, NY 10011, USA
119 /*--*/
120
121 /* System library. */
122
123 #include <sys_defs.h>
124 #include <unistd.h>
125 #include <stdlib.h>
126
127 /* Utility library. */
128
129 #include <msg.h>
130 #include <vstream.h>
131
132 /* Global library. */
133
134 #include <deliver_request.h>
135 #include <mail_queue.h>
136 #include <bounce.h>
137 #include <defer.h>
138 #include <deliver_completed.h>
139 #include <flush_clnt.h>
140 #include <dsn_util.h>
141 #include <sys_exits.h>
142 #include <mail_proto.h>
143 #include <mail_version.h>
144
145 /* Single server skeleton. */
146
147 #include <mail_server.h>
148
149 /* deliver_message - deliver message with extreme prejudice */
150
deliver_message(DELIVER_REQUEST * request,const char * def_dsn,int (* append)(int,const char *,MSG_STATS *,RECIPIENT *,const char *,DSN *))151 static int deliver_message(DELIVER_REQUEST *request, const char *def_dsn,
152 int (*append) (int, const char *, MSG_STATS *, RECIPIENT *,
153 const char *, DSN *))
154 {
155 const char *myname = "deliver_message";
156 VSTREAM *src;
157 int result = 0;
158 int status;
159 RECIPIENT *rcpt;
160 int nrcpt;
161 DSN_SPLIT dp;
162 DSN dsn;
163
164 if (msg_verbose)
165 msg_info("deliver_message: from %s", request->sender);
166
167 /*
168 * Sanity checks.
169 */
170 if (request->nexthop[0] == 0)
171 msg_fatal("empty nexthop hostname");
172 if (request->rcpt_list.len <= 0)
173 msg_fatal("recipient count: %d", request->rcpt_list.len);
174
175 /*
176 * Open the queue file. Opening the file can fail for a variety of
177 * reasons, such as the system running out of resources. Instead of
178 * throwing away mail, we're raising a fatal error which forces the mail
179 * system to back off, and retry later.
180 */
181 src = mail_queue_open(request->queue_name, request->queue_id,
182 O_RDWR, 0);
183 if (src == 0)
184 msg_fatal("%s: open %s %s: %m", myname,
185 request->queue_name, request->queue_id);
186 if (msg_verbose)
187 msg_info("%s: file %s", myname, VSTREAM_PATH(src));
188
189 /*
190 * Bounce/defer/whatever all recipients.
191 */
192 #define BOUNCE_FLAGS(request) DEL_REQ_TRACE_FLAGS(request->flags)
193
194 dsn_split(&dp, def_dsn, request->nexthop);
195 (void) DSN_SIMPLE(&dsn, DSN_STATUS(dp.dsn), dp.text);
196 for (nrcpt = 0; nrcpt < request->rcpt_list.len; nrcpt++) {
197 rcpt = request->rcpt_list.info + nrcpt;
198 status = append(BOUNCE_FLAGS(request), request->queue_id,
199 &request->msg_stats, rcpt, "none", &dsn);
200 if (status == 0)
201 deliver_completed(src, rcpt->offset);
202 result |= status;
203 }
204
205 /*
206 * Clean up.
207 */
208 if (vstream_fclose(src))
209 msg_warn("close %s %s: %m", request->queue_name, request->queue_id);
210
211 return (result);
212 }
213
214 /* error_service - perform service for client */
215
error_service(VSTREAM * client_stream,char * service,char ** argv)216 static void error_service(VSTREAM *client_stream, char *service, char **argv)
217 {
218 DELIVER_REQUEST *request;
219 int status;
220
221 /*
222 * Sanity check. This service takes no command-line arguments.
223 */
224 if (argv[0])
225 msg_fatal("unexpected command-line argument: %s", argv[0]);
226
227 /*
228 * This routine runs whenever a client connects to the UNIX-domain socket
229 * dedicated to the error mailer. What we see below is a little protocol
230 * to (1) tell the queue manager that we are ready, (2) read a request
231 * from the queue manager, and (3) report the completion status of that
232 * request. All connection-management stuff is handled by the common code
233 * in single_server.c.
234 */
235 if ((request = deliver_request_read(client_stream)) != 0) {
236 if (strcmp(service, MAIL_SERVICE_ERROR) == 0)
237 status = deliver_message(request, "5.0.0", bounce_append);
238 else if (strcmp(service, MAIL_SERVICE_RETRY) == 0)
239 status = deliver_message(request, "4.0.0", defer_append);
240 else
241 msg_fatal("bad error service name: %s", service);
242 deliver_request_done(client_stream, request, status);
243 }
244 }
245
246 /* pre_init - pre-jail initialization */
247
pre_init(char * unused_name,char ** unused_argv)248 static void pre_init(char *unused_name, char **unused_argv)
249 {
250 flush_init();
251 }
252
253 MAIL_VERSION_STAMP_DECLARE;
254
255 /* main - pass control to the single-threaded skeleton */
256
main(int argc,char ** argv)257 int main(int argc, char **argv)
258 {
259
260 /*
261 * Fingerprint executables and core dumps.
262 */
263 MAIL_VERSION_STAMP_ALLOCATE;
264
265 single_server_main(argc, argv, error_service,
266 CA_MAIL_SERVER_PRE_INIT(pre_init),
267 0);
268 }
269