1 /*++
2 /* NAME
3 /* cleanup_init 3
4 /* SUMMARY
5 /* cleanup callable interface, initializations
6 /* SYNOPSIS
7 /* #include "cleanup.h"
8 /*
9 /* CONFIG_INT_TABLE cleanup_int_table[];
10 /*
11 /* CONFIG_BOOL_TABLE cleanup_bool_table[];
12 /*
13 /* CONFIG_STR_TABLE cleanup_str_table[];
14 /*
15 /* CONFIG_TIME_TABLE cleanup_time_table[];
16 /*
17 /* void cleanup_pre_jail(service_name, argv)
18 /* char *service_name;
19 /* char **argv;
20 /*
21 /* void cleanup_post_jail(service_name, argv)
22 /* char *service_name;
23 /* char **argv;
24 /*
25 /* char *cleanup_path;
26 /* VSTRING *cleanup_trace_path;
27 /*
28 /* void cleanup_all()
29 /*
30 /* void cleanup_sig(sigval)
31 /* int sigval;
32 /* DESCRIPTION
33 /* This module implements a callable interface to the cleanup service
34 /* for one-time initializations that must be done before any message
35 /* processing can take place.
36 /*
37 /* cleanup_{int,str,time}_table[] specify configuration
38 /* parameters that must be initialized before calling any functions
39 /* in this module. These tables satisfy the interface as specified in
40 /* single_service(3).
41 /*
42 /* cleanup_pre_jail() and cleanup_post_jail() perform mandatory
43 /* initializations before and after the process enters the optional
44 /* chroot jail. These functions satisfy the interface as specified
45 /* in single_service(3).
46 /*
47 /* cleanup_path is either a null pointer or it is the name of a queue
48 /* file that currently is being written. This information is used
49 /* by cleanup_all() to remove incomplete files after a fatal error,
50 /* or by cleanup_sig() after arrival of a SIGTERM signal.
51 /*
52 /* cleanup_trace_path is either a null pointer or the pathname of a
53 /* trace logfile with DSN SUCCESS notifications. This information is
54 /* used to remove a trace file when the mail transaction is canceled.
55 /*
56 /* cleanup_all() must be called in case of fatal error, in order
57 /* to remove an incomplete queue file.
58 /*
59 /* cleanup_sig() must be called in case of SIGTERM, in order
60 /* to remove an incomplete queue file.
61 /* DIAGNOSTICS
62 /* Problems and transactions are logged to \fBsyslogd\fR(8)
63 /* or \fBpostlogd\fR(8).
64 /* SEE ALSO
65 /* cleanup_api(3) cleanup callable interface, message processing
66 /* LICENSE
67 /* .ad
68 /* .fi
69 /* The Secure Mailer license must be distributed with this software.
70 /* AUTHOR(S)
71 /* Wietse Venema
72 /* IBM T.J. Watson Research
73 /* P.O. Box 704
74 /* Yorktown Heights, NY 10598, USA
75 /*
76 /* Wietse Venema
77 /* Google, Inc.
78 /* 111 8th Avenue
79 /* New York, NY 10011, USA
80 /*--*/
81
82 /* System library. */
83
84 #include <sys_defs.h>
85 #include <signal.h>
86 #include <string.h>
87
88 /* Utility library. */
89
90 #include <msg.h>
91 #include <iostuff.h>
92 #include <name_code.h>
93 #include <name_mask.h>
94 #include <stringops.h>
95
96 /* Global library. */
97
98 #include <mail_addr.h>
99 #include <mail_params.h>
100 #include <mail_version.h> /* milter_macro_v */
101 #include <ext_prop.h>
102 #include <flush_clnt.h>
103 #include <hfrom_format.h>
104
105 /* Application-specific. */
106
107 #include "cleanup.h"
108
109 /*
110 * Global state: any queue files that we have open, so that the error
111 * handler can clean up in case of trouble.
112 */
113 char *cleanup_path; /* queue file name */
114
115 /*
116 * Another piece of global state: pathnames of partial bounce or trace
117 * logfiles that need to be cleaned up when the cleanup request is aborted.
118 */
119 VSTRING *cleanup_trace_path;
120
121 /*
122 * Tunable parameters.
123 */
124 int var_hopcount_limit; /* max mailer hop count */
125 char *var_canonical_maps; /* common canonical maps */
126 char *var_send_canon_maps; /* sender canonical maps */
127 char *var_rcpt_canon_maps; /* recipient canonical maps */
128 char *var_canon_classes; /* what to canonicalize */
129 char *var_send_canon_classes; /* what sender to canonicalize */
130 char *var_rcpt_canon_classes; /* what recipient to canonicalize */
131 char *var_virt_alias_maps; /* virtual alias maps */
132 char *var_masq_domains; /* masquerade domains */
133 char *var_masq_exceptions; /* users not masqueraded */
134 char *var_header_checks; /* primary header checks */
135 char *var_mimehdr_checks; /* mime header checks */
136 char *var_nesthdr_checks; /* nested header checks */
137 char *var_body_checks; /* any body checks */
138 int var_dup_filter_limit; /* recipient dup filter */
139 char *var_empty_addr; /* destination of bounced bounces */
140 int var_delay_warn_time; /* delay that triggers warning */
141 char *var_prop_extension; /* propagate unmatched extension */
142 char *var_always_bcc; /* big brother */
143 char *var_rcpt_witheld; /* recipients not disclosed */
144 char *var_masq_classes; /* what to masquerade */
145 int var_qattr_count_limit; /* named attribute limit */
146 int var_virt_recur_limit; /* maximum virtual alias recursion */
147 int var_virt_expan_limit; /* maximum virtual alias expansion */
148 int var_body_check_len; /* when to stop body scan */
149 char *var_send_bcc_maps; /* sender auto-bcc maps */
150 char *var_rcpt_bcc_maps; /* recipient auto-bcc maps */
151 char *var_remote_rwr_domain; /* header-only surrogate */
152 char *var_msg_reject_chars; /* reject these characters */
153 char *var_msg_strip_chars; /* strip these characters */
154 int var_verp_bounce_off; /* don't verp the bounces */
155 int var_milt_conn_time; /* milter connect/handshake timeout */
156 int var_milt_cmd_time; /* milter command timeout */
157 int var_milt_msg_time; /* milter content timeout */
158 char *var_milt_protocol; /* Sendmail 8 milter protocol */
159 char *var_milt_def_action; /* default milter action */
160 char *var_milt_daemon_name; /* {daemon_name} macro value */
161 char *var_milt_v; /* {v} macro value */
162 char *var_milt_conn_macros; /* connect macros */
163 char *var_milt_helo_macros; /* HELO macros */
164 char *var_milt_mail_macros; /* MAIL FROM macros */
165 char *var_milt_rcpt_macros; /* RCPT TO macros */
166 char *var_milt_data_macros; /* DATA macros */
167 char *var_milt_eoh_macros; /* end-of-header macros */
168 char *var_milt_eod_macros; /* end-of-data macros */
169 char *var_milt_unk_macros; /* unknown command macros */
170 char *var_cleanup_milters; /* non-SMTP mail */
171 char *var_milt_head_checks; /* post-Milter header checks */
172 char *var_milt_macro_deflts; /* default macro settings */
173 int var_auto_8bit_enc_hdr; /* auto-detect 8bit encoding header */
174 int var_always_add_hdrs; /* always add missing headers */
175 int var_virt_addrlen_limit; /* stop exponential growth */
176 char *var_hfrom_format; /* header_from_format */
177
178 const CONFIG_INT_TABLE cleanup_int_table[] = {
179 VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0,
180 VAR_DUP_FILTER_LIMIT, DEF_DUP_FILTER_LIMIT, &var_dup_filter_limit, 0, 0,
181 VAR_QATTR_COUNT_LIMIT, DEF_QATTR_COUNT_LIMIT, &var_qattr_count_limit, 1, 0,
182 VAR_VIRT_RECUR_LIMIT, DEF_VIRT_RECUR_LIMIT, &var_virt_recur_limit, 1, 0,
183 VAR_VIRT_EXPAN_LIMIT, DEF_VIRT_EXPAN_LIMIT, &var_virt_expan_limit, 1, 0,
184 VAR_VIRT_ADDRLEN_LIMIT, DEF_VIRT_ADDRLEN_LIMIT, &var_virt_addrlen_limit, 1, 0,
185 VAR_BODY_CHECK_LEN, DEF_BODY_CHECK_LEN, &var_body_check_len, 0, 0,
186 0,
187 };
188
189 const CONFIG_BOOL_TABLE cleanup_bool_table[] = {
190 VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off,
191 VAR_AUTO_8BIT_ENC_HDR, DEF_AUTO_8BIT_ENC_HDR, &var_auto_8bit_enc_hdr,
192 VAR_ALWAYS_ADD_HDRS, DEF_ALWAYS_ADD_HDRS, &var_always_add_hdrs,
193 0,
194 };
195
196 const CONFIG_TIME_TABLE cleanup_time_table[] = {
197 VAR_DELAY_WARN_TIME, DEF_DELAY_WARN_TIME, &var_delay_warn_time, 0, 0,
198 VAR_MILT_CONN_TIME, DEF_MILT_CONN_TIME, &var_milt_conn_time, 1, 0,
199 VAR_MILT_CMD_TIME, DEF_MILT_CMD_TIME, &var_milt_cmd_time, 1, 0,
200 VAR_MILT_MSG_TIME, DEF_MILT_MSG_TIME, &var_milt_msg_time, 1, 0,
201 0,
202 };
203
204 const CONFIG_STR_TABLE cleanup_str_table[] = {
205 VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0,
206 VAR_SEND_CANON_MAPS, DEF_SEND_CANON_MAPS, &var_send_canon_maps, 0, 0,
207 VAR_RCPT_CANON_MAPS, DEF_RCPT_CANON_MAPS, &var_rcpt_canon_maps, 0, 0,
208 VAR_CANON_CLASSES, DEF_CANON_CLASSES, &var_canon_classes, 1, 0,
209 VAR_SEND_CANON_CLASSES, DEF_SEND_CANON_CLASSES, &var_send_canon_classes, 1, 0,
210 VAR_RCPT_CANON_CLASSES, DEF_RCPT_CANON_CLASSES, &var_rcpt_canon_classes, 1, 0,
211 VAR_VIRT_ALIAS_MAPS, DEF_VIRT_ALIAS_MAPS, &var_virt_alias_maps, 0, 0,
212 VAR_MASQ_DOMAINS, DEF_MASQ_DOMAINS, &var_masq_domains, 0, 0,
213 VAR_EMPTY_ADDR, DEF_EMPTY_ADDR, &var_empty_addr, 1, 0,
214 VAR_MASQ_EXCEPTIONS, DEF_MASQ_EXCEPTIONS, &var_masq_exceptions, 0, 0,
215 VAR_HEADER_CHECKS, DEF_HEADER_CHECKS, &var_header_checks, 0, 0,
216 VAR_MIMEHDR_CHECKS, DEF_MIMEHDR_CHECKS, &var_mimehdr_checks, 0, 0,
217 VAR_NESTHDR_CHECKS, DEF_NESTHDR_CHECKS, &var_nesthdr_checks, 0, 0,
218 VAR_BODY_CHECKS, DEF_BODY_CHECKS, &var_body_checks, 0, 0,
219 VAR_PROP_EXTENSION, DEF_PROP_EXTENSION, &var_prop_extension, 0, 0,
220 VAR_ALWAYS_BCC, DEF_ALWAYS_BCC, &var_always_bcc, 0, 0,
221 VAR_RCPT_WITHELD, DEF_RCPT_WITHELD, &var_rcpt_witheld, 0, 0,
222 VAR_MASQ_CLASSES, DEF_MASQ_CLASSES, &var_masq_classes, 0, 0,
223 VAR_SEND_BCC_MAPS, DEF_SEND_BCC_MAPS, &var_send_bcc_maps, 0, 0,
224 VAR_RCPT_BCC_MAPS, DEF_RCPT_BCC_MAPS, &var_rcpt_bcc_maps, 0, 0,
225 VAR_REM_RWR_DOMAIN, DEF_REM_RWR_DOMAIN, &var_remote_rwr_domain, 0, 0,
226 VAR_MSG_REJECT_CHARS, DEF_MSG_REJECT_CHARS, &var_msg_reject_chars, 0, 0,
227 VAR_MSG_STRIP_CHARS, DEF_MSG_STRIP_CHARS, &var_msg_strip_chars, 0, 0,
228 VAR_MILT_PROTOCOL, DEF_MILT_PROTOCOL, &var_milt_protocol, 1, 0,
229 VAR_MILT_DEF_ACTION, DEF_MILT_DEF_ACTION, &var_milt_def_action, 1, 0,
230 VAR_MILT_DAEMON_NAME, DEF_MILT_DAEMON_NAME, &var_milt_daemon_name, 1, 0,
231 VAR_MILT_V, DEF_MILT_V, &var_milt_v, 1, 0,
232 VAR_MILT_CONN_MACROS, DEF_MILT_CONN_MACROS, &var_milt_conn_macros, 0, 0,
233 VAR_MILT_HELO_MACROS, DEF_MILT_HELO_MACROS, &var_milt_helo_macros, 0, 0,
234 VAR_MILT_MAIL_MACROS, DEF_MILT_MAIL_MACROS, &var_milt_mail_macros, 0, 0,
235 VAR_MILT_RCPT_MACROS, DEF_MILT_RCPT_MACROS, &var_milt_rcpt_macros, 0, 0,
236 VAR_MILT_DATA_MACROS, DEF_MILT_DATA_MACROS, &var_milt_data_macros, 0, 0,
237 VAR_MILT_EOH_MACROS, DEF_MILT_EOH_MACROS, &var_milt_eoh_macros, 0, 0,
238 VAR_MILT_EOD_MACROS, DEF_MILT_EOD_MACROS, &var_milt_eod_macros, 0, 0,
239 VAR_MILT_UNK_MACROS, DEF_MILT_UNK_MACROS, &var_milt_unk_macros, 0, 0,
240 VAR_CLEANUP_MILTERS, DEF_CLEANUP_MILTERS, &var_cleanup_milters, 0, 0,
241 VAR_MILT_HEAD_CHECKS, DEF_MILT_HEAD_CHECKS, &var_milt_head_checks, 0, 0,
242 VAR_MILT_MACRO_DEFLTS, DEF_MILT_MACRO_DEFLTS, &var_milt_macro_deflts, 0, 0,
243 VAR_HFROM_FORMAT, DEF_HFROM_FORMAT, &var_hfrom_format, 1, 0,
244 0,
245 };
246
247 /*
248 * Mappings.
249 */
250 MAPS *cleanup_comm_canon_maps;
251 MAPS *cleanup_send_canon_maps;
252 MAPS *cleanup_rcpt_canon_maps;
253 int cleanup_comm_canon_flags;
254 int cleanup_send_canon_flags;
255 int cleanup_rcpt_canon_flags;
256 MAPS *cleanup_header_checks;
257 MAPS *cleanup_mimehdr_checks;
258 MAPS *cleanup_nesthdr_checks;
259 MAPS *cleanup_body_checks;
260 MAPS *cleanup_virt_alias_maps;
261 ARGV *cleanup_masq_domains;
262 STRING_LIST *cleanup_masq_exceptions;
263 int cleanup_masq_flags;
264 MAPS *cleanup_send_bcc_maps;
265 MAPS *cleanup_rcpt_bcc_maps;
266
267 /*
268 * Character filters.
269 */
270 VSTRING *cleanup_reject_chars;
271 VSTRING *cleanup_strip_chars;
272
273 /*
274 * Address extension propagation restrictions.
275 */
276 int cleanup_ext_prop_mask;
277
278 /*
279 * Milter support.
280 */
281 MILTERS *cleanup_milters;
282
283 /*
284 * From: header format.
285 */
286 int cleanup_hfrom_format;
287
288 /* cleanup_all - callback for the runtime error handler */
289
cleanup_all(void)290 void cleanup_all(void)
291 {
292 cleanup_sig(0);
293 }
294
295 /* cleanup_sig - callback for the SIGTERM handler */
296
cleanup_sig(int sig)297 void cleanup_sig(int sig)
298 {
299
300 /*
301 * msg_fatal() is safe against calling itself recursively, but signals
302 * need extra safety.
303 *
304 * XXX While running as a signal handler, can't ask the memory manager to
305 * release VSTRING storage.
306 */
307 if (signal(SIGTERM, SIG_IGN) != SIG_IGN) {
308 if (cleanup_trace_path) {
309 (void) REMOVE(vstring_str(cleanup_trace_path));
310 cleanup_trace_path = 0;
311 }
312 if (cleanup_path) {
313 (void) REMOVE(cleanup_path);
314 cleanup_path = 0;
315 }
316 if (sig)
317 _exit(sig);
318 }
319 }
320
321 /* cleanup_pre_jail - initialize before entering the chroot jail */
322
cleanup_pre_jail(char * unused_name,char ** unused_argv)323 void cleanup_pre_jail(char *unused_name, char **unused_argv)
324 {
325 static const NAME_MASK send_canon_class_table[] = {
326 CANON_CLASS_ENV_FROM, CLEANUP_CANON_FLAG_ENV_FROM,
327 CANON_CLASS_HDR_FROM, CLEANUP_CANON_FLAG_HDR_FROM,
328 0,
329 };
330 static const NAME_MASK rcpt_canon_class_table[] = {
331 CANON_CLASS_ENV_RCPT, CLEANUP_CANON_FLAG_ENV_RCPT,
332 CANON_CLASS_HDR_RCPT, CLEANUP_CANON_FLAG_HDR_RCPT,
333 0,
334 };
335 static const NAME_MASK canon_class_table[] = {
336 CANON_CLASS_ENV_FROM, CLEANUP_CANON_FLAG_ENV_FROM,
337 CANON_CLASS_ENV_RCPT, CLEANUP_CANON_FLAG_ENV_RCPT,
338 CANON_CLASS_HDR_FROM, CLEANUP_CANON_FLAG_HDR_FROM,
339 CANON_CLASS_HDR_RCPT, CLEANUP_CANON_FLAG_HDR_RCPT,
340 0,
341 };
342 static const NAME_MASK masq_class_table[] = {
343 MASQ_CLASS_ENV_FROM, CLEANUP_MASQ_FLAG_ENV_FROM,
344 MASQ_CLASS_ENV_RCPT, CLEANUP_MASQ_FLAG_ENV_RCPT,
345 MASQ_CLASS_HDR_FROM, CLEANUP_MASQ_FLAG_HDR_FROM,
346 MASQ_CLASS_HDR_RCPT, CLEANUP_MASQ_FLAG_HDR_RCPT,
347 0,
348 };
349
350 if (*var_canonical_maps)
351 cleanup_comm_canon_maps =
352 maps_create(VAR_CANONICAL_MAPS, var_canonical_maps,
353 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX
354 | DICT_FLAG_UTF8_REQUEST);
355 if (*var_send_canon_maps)
356 cleanup_send_canon_maps =
357 maps_create(VAR_SEND_CANON_MAPS, var_send_canon_maps,
358 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX
359 | DICT_FLAG_UTF8_REQUEST);
360 if (*var_rcpt_canon_maps)
361 cleanup_rcpt_canon_maps =
362 maps_create(VAR_RCPT_CANON_MAPS, var_rcpt_canon_maps,
363 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX
364 | DICT_FLAG_UTF8_REQUEST);
365 if (*var_virt_alias_maps)
366 cleanup_virt_alias_maps = maps_create(VAR_VIRT_ALIAS_MAPS,
367 var_virt_alias_maps,
368 DICT_FLAG_LOCK
369 | DICT_FLAG_FOLD_FIX
370 | DICT_FLAG_UTF8_REQUEST);
371 if (*var_canon_classes)
372 cleanup_comm_canon_flags =
373 name_mask(VAR_CANON_CLASSES, canon_class_table,
374 var_canon_classes);
375 if (*var_send_canon_classes)
376 cleanup_send_canon_flags =
377 name_mask(VAR_CANON_CLASSES, send_canon_class_table,
378 var_send_canon_classes);
379 if (*var_rcpt_canon_classes)
380 cleanup_rcpt_canon_flags =
381 name_mask(VAR_CANON_CLASSES, rcpt_canon_class_table,
382 var_rcpt_canon_classes);
383 if (*var_masq_domains)
384 cleanup_masq_domains = argv_split(var_masq_domains, CHARS_COMMA_SP);
385 if (*var_header_checks)
386 cleanup_header_checks =
387 maps_create(VAR_HEADER_CHECKS, var_header_checks, DICT_FLAG_LOCK);
388 if (*var_mimehdr_checks)
389 cleanup_mimehdr_checks =
390 maps_create(VAR_MIMEHDR_CHECKS, var_mimehdr_checks, DICT_FLAG_LOCK);
391 if (*var_nesthdr_checks)
392 cleanup_nesthdr_checks =
393 maps_create(VAR_NESTHDR_CHECKS, var_nesthdr_checks, DICT_FLAG_LOCK);
394 if (*var_body_checks)
395 cleanup_body_checks =
396 maps_create(VAR_BODY_CHECKS, var_body_checks, DICT_FLAG_LOCK);
397 if (*var_masq_exceptions)
398 cleanup_masq_exceptions =
399 string_list_init(VAR_MASQ_EXCEPTIONS, MATCH_FLAG_RETURN,
400 var_masq_exceptions);
401 if (*var_masq_classes)
402 cleanup_masq_flags = name_mask(VAR_MASQ_CLASSES, masq_class_table,
403 var_masq_classes);
404 if (*var_send_bcc_maps)
405 cleanup_send_bcc_maps =
406 maps_create(VAR_SEND_BCC_MAPS, var_send_bcc_maps,
407 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX
408 | DICT_FLAG_UTF8_REQUEST);
409 if (*var_rcpt_bcc_maps)
410 cleanup_rcpt_bcc_maps =
411 maps_create(VAR_RCPT_BCC_MAPS, var_rcpt_bcc_maps,
412 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX
413 | DICT_FLAG_UTF8_REQUEST);
414 if (*var_cleanup_milters)
415 cleanup_milters = milter_create(var_cleanup_milters,
416 var_milt_conn_time,
417 var_milt_cmd_time,
418 var_milt_msg_time,
419 var_milt_protocol,
420 var_milt_def_action,
421 var_milt_conn_macros,
422 var_milt_helo_macros,
423 var_milt_mail_macros,
424 var_milt_rcpt_macros,
425 var_milt_data_macros,
426 var_milt_eoh_macros,
427 var_milt_eod_macros,
428 var_milt_unk_macros,
429 var_milt_macro_deflts);
430
431 flush_init();
432 }
433
434 /* cleanup_post_jail - initialize after entering the chroot jail */
435
cleanup_post_jail(char * unused_name,char ** unused_argv)436 void cleanup_post_jail(char *unused_name, char **unused_argv)
437 {
438
439 /*
440 * Optionally set the file size resource limit. XXX This limits the
441 * message content to somewhat less than requested, because the total
442 * queue file size also includes envelope information. Unless people set
443 * really low limit, the difference is going to matter only when a queue
444 * file has lots of recipients.
445 */
446 if (ENFORCING_SIZE_LIMIT(var_message_limit))
447 set_file_limit((off_t) var_message_limit);
448
449 /*
450 * Control how unmatched extensions are propagated.
451 */
452 cleanup_ext_prop_mask =
453 ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension);
454
455 /*
456 * Setup the filters for characters that should be rejected, and for
457 * characters that should be removed.
458 */
459 if (*var_msg_reject_chars) {
460 cleanup_reject_chars = vstring_alloc(strlen(var_msg_reject_chars));
461 unescape(cleanup_reject_chars, var_msg_reject_chars);
462 }
463 if (*var_msg_strip_chars) {
464 cleanup_strip_chars = vstring_alloc(strlen(var_msg_strip_chars));
465 unescape(cleanup_strip_chars, var_msg_strip_chars);
466 }
467
468 /*
469 * From: header formatting.
470 */
471 cleanup_hfrom_format = hfrom_format_parse(VAR_HFROM_FORMAT, var_hfrom_format);
472 }
473