xref: /netbsd-src/external/ibm-public/postfix/dist/src/error/error.c (revision bdc22b2e01993381dcefeff2bc9b56ca75a4235c) 
1 /*	$NetBSD: error.c,v 1.2 2017/02/14 01:16:45 christos Exp $	*/
2 
3 /*++
4 /* NAME
5 /*	error 8
6 /* SUMMARY
7 /*	Postfix error/retry mail delivery agent
8 /* SYNOPSIS
9 /*	\fBerror\fR [generic Postfix daemon options]
10 /* DESCRIPTION
11 /*	The Postfix \fBerror\fR(8) delivery agent processes delivery
12 /*	requests from
13 /*	the queue manager. Each request specifies a queue file, a sender
14 /*	address, the reason for non-delivery (specified as the
15 /*	next-hop destination), and recipient information.
16 /*	The reason may be prefixed with an RFC 3463-compatible detail code;
17 /*	if none is specified a default 4.0.0 or 5.0.0 code is used instead.
18 /*	This program expects to be run from the \fBmaster\fR(8) process
19 /*	manager.
20 /*
21 /*	Depending on the service name in master.cf, \fBerror\fR
22 /*	or \fBretry\fR, the server bounces or defers all recipients
23 /*	in the delivery request using the "next-hop" information
24 /*	as the reason for non-delivery. The \fBretry\fR service name is
25 /*	supported as of Postfix 2.4.
26 /*
27 /*	Delivery status reports are sent to the \fBbounce\fR(8),
28 /*	\fBdefer\fR(8) or \fBtrace\fR(8) daemon as appropriate.
29 /* SECURITY
30 /* .ad
31 /* .fi
32 /*	The \fBerror\fR(8) mailer is not security-sensitive. It does not talk
33 /*	to the network, and can be run chrooted at fixed low privilege.
34 /* STANDARDS
35 /*	RFC 3463 (Enhanced Status Codes)
36 /* DIAGNOSTICS
37 /*	Problems and transactions are logged to \fBsyslogd\fR(8).
38 /*
39 /*	Depending on the setting of the \fBnotify_classes\fR parameter,
40 /*	the postmaster is notified of bounces and of other trouble.
41 /* CONFIGURATION PARAMETERS
42 /* .ad
43 /* .fi
44 /*	Changes to \fBmain.cf\fR are picked up automatically as \fBerror\fR(8)
45 /*	processes run for only a limited amount of time. Use the command
46 /*	"\fBpostfix reload\fR" to speed up a change.
47 /*
48 /*	The text below provides only a parameter summary. See
49 /*	\fBpostconf\fR(5) for more details including examples.
50 /* .IP "\fB2bounce_notice_recipient (postmaster)\fR"
51 /*	The recipient of undeliverable mail that cannot be returned to
52 /*	the sender.
53 /* .IP "\fBbounce_notice_recipient (postmaster)\fR"
54 /*	The recipient of postmaster notifications with the message headers
55 /*	of mail that Postfix did not deliver and of SMTP conversation
56 /*	transcripts of mail that Postfix did not receive.
57 /* .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
58 /*	The default location of the Postfix main.cf and master.cf
59 /*	configuration files.
60 /* .IP "\fBdaemon_timeout (18000s)\fR"
61 /*	How much time a Postfix daemon process may take to handle a
62 /*	request before it is terminated by a built-in watchdog timer.
63 /* .IP "\fBdelay_logging_resolution_limit (2)\fR"
64 /*	The maximal number of digits after the decimal point when logging
65 /*	sub-second delay values.
66 /* .IP "\fBdouble_bounce_sender (double-bounce)\fR"
67 /*	The sender address of postmaster notifications that are generated
68 /*	by the mail system.
69 /* .IP "\fBipc_timeout (3600s)\fR"
70 /*	The time limit for sending or receiving information over an internal
71 /*	communication channel.
72 /* .IP "\fBmax_idle (100s)\fR"
73 /*	The maximum amount of time that an idle Postfix daemon process waits
74 /*	for an incoming connection before terminating voluntarily.
75 /* .IP "\fBmax_use (100)\fR"
76 /*	The maximal number of incoming connections that a Postfix daemon
77 /*	process will service before terminating voluntarily.
78 /* .IP "\fBnotify_classes (resource, software)\fR"
79 /*	The list of error classes that are reported to the postmaster.
80 /* .IP "\fBprocess_id (read-only)\fR"
81 /*	The process ID of a Postfix command or daemon process.
82 /* .IP "\fBprocess_name (read-only)\fR"
83 /*	The process name of a Postfix command or daemon process.
84 /* .IP "\fBqueue_directory (see 'postconf -d' output)\fR"
85 /*	The location of the Postfix top-level queue directory.
86 /* .IP "\fBsyslog_facility (mail)\fR"
87 /*	The syslog facility of Postfix logging.
88 /* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
89 /*	The mail system name that is prepended to the process name in syslog
90 /*	records, so that "smtpd" becomes, for example, "postfix/smtpd".
91 /* SEE ALSO
92 /*	qmgr(8), queue manager
93 /*	bounce(8), delivery status reports
94 /*	discard(8), Postfix discard delivery agent
95 /*	postconf(5), configuration parameters
96 /*	master(5), generic daemon options
97 /*	master(8), process manager
98 /*	syslogd(8), system logging
99 /* LICENSE
100 /* .ad
101 /* .fi
102 /*	The Secure Mailer license must be distributed with this software.
103 /* AUTHOR(S)
104 /*	Wietse Venema
105 /*	IBM T.J. Watson Research
106 /*	P.O. Box 704
107 /*	Yorktown Heights, NY 10598, USA
108 /*
109 /*	Wietse Venema
110 /*	Google, Inc.
111 /*	111 8th Avenue
112 /*	New York, NY 10011, USA
113 /*--*/
114 
115 /* System library. */
116 
117 #include <sys_defs.h>
118 #include <unistd.h>
119 #include <stdlib.h>
120 
121 /* Utility library. */
122 
123 #include <msg.h>
124 #include <vstream.h>
125 
126 /* Global library. */
127 
128 #include <deliver_request.h>
129 #include <mail_queue.h>
130 #include <bounce.h>
131 #include <defer.h>
132 #include <deliver_completed.h>
133 #include <flush_clnt.h>
134 #include <dsn_util.h>
135 #include <sys_exits.h>
136 #include <mail_proto.h>
137 #include <mail_version.h>
138 
139 /* Single server skeleton. */
140 
141 #include <mail_server.h>
142 
143 /* deliver_message - deliver message with extreme prejudice */
144 
145 static int deliver_message(DELIVER_REQUEST *request, const char *def_dsn,
146 	         int (*append) (int, const char *, MSG_STATS *, RECIPIENT *,
147 				        const char *, DSN *))
148 {
149     const char *myname = "deliver_message";
150     VSTREAM *src;
151     int     result = 0;
152     int     status;
153     RECIPIENT *rcpt;
154     int     nrcpt;
155     DSN_SPLIT dp;
156     DSN     dsn;
157 
158     if (msg_verbose)
159 	msg_info("deliver_message: from %s", request->sender);
160 
161     /*
162      * Sanity checks.
163      */
164     if (request->nexthop[0] == 0)
165 	msg_fatal("empty nexthop hostname");
166     if (request->rcpt_list.len <= 0)
167 	msg_fatal("recipient count: %d", request->rcpt_list.len);
168 
169     /*
170      * Open the queue file. Opening the file can fail for a variety of
171      * reasons, such as the system running out of resources. Instead of
172      * throwing away mail, we're raising a fatal error which forces the mail
173      * system to back off, and retry later.
174      */
175     src = mail_queue_open(request->queue_name, request->queue_id,
176 			  O_RDWR, 0);
177     if (src == 0)
178 	msg_fatal("%s: open %s %s: %m", myname,
179 		  request->queue_name, request->queue_id);
180     if (msg_verbose)
181 	msg_info("%s: file %s", myname, VSTREAM_PATH(src));
182 
183     /*
184      * Bounce/defer/whatever all recipients.
185      */
186 #define BOUNCE_FLAGS(request) DEL_REQ_TRACE_FLAGS(request->flags)
187 
188     dsn_split(&dp, def_dsn, request->nexthop);
189     (void) DSN_SIMPLE(&dsn, DSN_STATUS(dp.dsn), dp.text);
190     for (nrcpt = 0; nrcpt < request->rcpt_list.len; nrcpt++) {
191 	rcpt = request->rcpt_list.info + nrcpt;
192 	status = append(BOUNCE_FLAGS(request), request->queue_id,
193 			&request->msg_stats, rcpt, "none", &dsn);
194 	if (status == 0)
195 	    deliver_completed(src, rcpt->offset);
196 	result |= status;
197     }
198 
199     /*
200      * Clean up.
201      */
202     if (vstream_fclose(src))
203 	msg_warn("close %s %s: %m", request->queue_name, request->queue_id);
204 
205     return (result);
206 }
207 
208 /* error_service - perform service for client */
209 
210 static void error_service(VSTREAM *client_stream, char *service, char **argv)
211 {
212     DELIVER_REQUEST *request;
213     int     status;
214 
215     /*
216      * Sanity check. This service takes no command-line arguments.
217      */
218     if (argv[0])
219 	msg_fatal("unexpected command-line argument: %s", argv[0]);
220 
221     /*
222      * This routine runs whenever a client connects to the UNIX-domain socket
223      * dedicated to the error mailer. What we see below is a little protocol
224      * to (1) tell the queue manager that we are ready, (2) read a request
225      * from the queue manager, and (3) report the completion status of that
226      * request. All connection-management stuff is handled by the common code
227      * in single_server.c.
228      */
229     if ((request = deliver_request_read(client_stream)) != 0) {
230 	if (strcmp(service, MAIL_SERVICE_ERROR) == 0)
231 	    status = deliver_message(request, "5.0.0", bounce_append);
232 	else if (strcmp(service, MAIL_SERVICE_RETRY) == 0)
233 	    status = deliver_message(request, "4.0.0", defer_append);
234 	else
235 	    msg_fatal("bad error service name: %s", service);
236 	deliver_request_done(client_stream, request, status);
237     }
238 }
239 
240 /* pre_init - pre-jail initialization */
241 
242 static void pre_init(char *unused_name, char **unused_argv)
243 {
244     flush_init();
245 }
246 
247 MAIL_VERSION_STAMP_DECLARE;
248 
249 /* main - pass control to the single-threaded skeleton */
250 
251 int     main(int argc, char **argv)
252 {
253 
254     /*
255      * Fingerprint executables and core dumps.
256      */
257     MAIL_VERSION_STAMP_ALLOCATE;
258 
259     single_server_main(argc, argv, error_service,
260 		       CA_MAIL_SERVER_PRE_INIT(pre_init),
261 		       0);
262 }
263