1 /*
2 * Copyright (c) 1983 Eric P. Allman
3 * Copyright (c) 1988 Regents of the University of California.
4 * All rights reserved.
5 *
6 * %sccs.include.redist.c%
7 */
8
9 #ifndef lint
10 static char sccsid[] = "@(#)deliver.c 5.45 (Berkeley) 10/11/91";
11 #endif /* not lint */
12
13 #include "sendmail.h"
14 #include <sys/signal.h>
15 #include <sys/stat.h>
16 #include <netdb.h>
17 #include <fcntl.h>
18 #include <errno.h>
19 #ifdef NAMED_BIND
20 #include <sys/param.h>
21 #include <arpa/nameser.h>
22 #include <resolv.h>
23 #endif
24
25 /*
26 ** DELIVER -- Deliver a message to a list of addresses.
27 **
28 ** This routine delivers to everyone on the same host as the
29 ** user on the head of the list. It is clever about mailers
30 ** that don't handle multiple users. It is NOT guaranteed
31 ** that it will deliver to all these addresses however -- so
32 ** deliver should be called once for each address on the
33 ** list.
34 **
35 ** Parameters:
36 ** e -- the envelope to deliver.
37 ** firstto -- head of the address list to deliver to.
38 **
39 ** Returns:
40 ** zero -- successfully delivered.
41 ** else -- some failure, see ExitStat for more info.
42 **
43 ** Side Effects:
44 ** The standard input is passed off to someone.
45 */
46
47 deliver(e, firstto)
48 register ENVELOPE *e;
49 ADDRESS *firstto;
50 {
51 char *host; /* host being sent to */
52 char *user; /* user being sent to */
53 char **pvp;
54 register char **mvp;
55 register char *p;
56 register MAILER *m; /* mailer for this recipient */
57 ADDRESS *ctladdr;
58 register ADDRESS *to = firstto;
59 bool clever = FALSE; /* running user smtp to this mailer */
60 ADDRESS *tochain = NULL; /* chain of users in this mailer call */
61 int rcode; /* response code */
62 char *pv[MAXPV+1];
63 char tobuf[MAXLINE-50]; /* text line of to people */
64 char buf[MAXNAME];
65 char tfrombuf[MAXNAME]; /* translated from person */
66 extern bool checkcompat();
67 extern ADDRESS *getctladdr();
68 extern char *remotename();
69
70 errno = 0;
71 if (bitset(QDONTSEND, to->q_flags))
72 return (0);
73
74 #ifdef NAMED_BIND
75 /* unless interactive, try twice, over a minute */
76 if (OpMode == MD_DAEMON || OpMode == MD_SMTP) {
77 _res.retrans = 30;
78 _res.retry = 2;
79 }
80 #endif
81
82 m = to->q_mailer;
83 host = to->q_host;
84
85 if (tTd(10, 1))
86 printf("\n--deliver, mailer=%d, host=`%s', first user=`%s'\n",
87 m->m_mno, host, to->q_user);
88
89 /*
90 ** If this mailer is expensive, and if we don't want to make
91 ** connections now, just mark these addresses and return.
92 ** This is useful if we want to batch connections to
93 ** reduce load. This will cause the messages to be
94 ** queued up, and a daemon will come along to send the
95 ** messages later.
96 ** This should be on a per-mailer basis.
97 */
98
99 if (NoConnect && !QueueRun && bitnset(M_EXPENSIVE, m->m_flags) &&
100 !Verbose)
101 {
102 for (; to != NULL; to = to->q_next)
103 {
104 if (bitset(QDONTSEND, to->q_flags) || to->q_mailer != m)
105 continue;
106 to->q_flags |= QQUEUEUP|QDONTSEND;
107 e->e_to = to->q_paddr;
108 message(Arpa_Info, "queued");
109 if (LogLevel > 4)
110 logdelivery("queued");
111 }
112 e->e_to = NULL;
113 return (0);
114 }
115
116 /*
117 ** Do initial argv setup.
118 ** Insert the mailer name. Notice that $x expansion is
119 ** NOT done on the mailer name. Then, if the mailer has
120 ** a picky -f flag, we insert it as appropriate. This
121 ** code does not check for 'pv' overflow; this places a
122 ** manifest lower limit of 4 for MAXPV.
123 ** The from address rewrite is expected to make
124 ** the address relative to the other end.
125 */
126
127 /* rewrite from address, using rewriting rules */
128 expand("\001f", buf, &buf[sizeof buf - 1], e);
129 (void) strcpy(tfrombuf, remotename(buf, m, TRUE, TRUE));
130
131 define('g', tfrombuf, e); /* translated sender address */
132 define('h', host, e); /* to host */
133 Errors = 0;
134 pvp = pv;
135 *pvp++ = m->m_argv[0];
136
137 /* insert -f or -r flag as appropriate */
138 if (FromFlag && (bitnset(M_FOPT, m->m_flags) || bitnset(M_ROPT, m->m_flags)))
139 {
140 if (bitnset(M_FOPT, m->m_flags))
141 *pvp++ = "-f";
142 else
143 *pvp++ = "-r";
144 expand("\001g", buf, &buf[sizeof buf - 1], e);
145 *pvp++ = newstr(buf);
146 }
147
148 /*
149 ** Append the other fixed parts of the argv. These run
150 ** up to the first entry containing "$u". There can only
151 ** be one of these, and there are only a few more slots
152 ** in the pv after it.
153 */
154
155 for (mvp = m->m_argv; (p = *++mvp) != NULL; )
156 {
157 while ((p = index(p, '\001')) != NULL)
158 if (*++p == 'u')
159 break;
160 if (p != NULL)
161 break;
162
163 /* this entry is safe -- go ahead and process it */
164 expand(*mvp, buf, &buf[sizeof buf - 1], e);
165 *pvp++ = newstr(buf);
166 if (pvp >= &pv[MAXPV - 3])
167 {
168 syserr("Too many parameters to %s before $u", pv[0]);
169 return (-1);
170 }
171 }
172
173 /*
174 ** If we have no substitution for the user name in the argument
175 ** list, we know that we must supply the names otherwise -- and
176 ** SMTP is the answer!!
177 */
178
179 if (*mvp == NULL)
180 {
181 /* running SMTP */
182 # ifdef SMTP
183 clever = TRUE;
184 *pvp = NULL;
185 # else SMTP
186 /* oops! we don't implement SMTP */
187 syserr("SMTP style mailer");
188 return (EX_SOFTWARE);
189 # endif SMTP
190 }
191
192 /*
193 ** At this point *mvp points to the argument with $u. We
194 ** run through our address list and append all the addresses
195 ** we can. If we run out of space, do not fret! We can
196 ** always send another copy later.
197 */
198
199 tobuf[0] = '\0';
200 e->e_to = tobuf;
201 ctladdr = NULL;
202 for (; to != NULL; to = to->q_next)
203 {
204 /* avoid sending multiple recipients to dumb mailers */
205 if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags))
206 break;
207
208 /* if already sent or not for this host, don't send */
209 if (bitset(QDONTSEND, to->q_flags) ||
210 strcmp(to->q_host, host) != 0 ||
211 to->q_mailer != firstto->q_mailer)
212 continue;
213
214 /* avoid overflowing tobuf */
215 if (sizeof tobuf < (strlen(to->q_paddr) + strlen(tobuf) + 2))
216 break;
217
218 if (tTd(10, 1))
219 {
220 printf("\nsend to ");
221 printaddr(to, FALSE);
222 }
223
224 /* compute effective uid/gid when sending */
225 if (to->q_mailer == ProgMailer)
226 ctladdr = getctladdr(to);
227
228 user = to->q_user;
229 e->e_to = to->q_paddr;
230 to->q_flags |= QDONTSEND;
231
232 /*
233 ** Check to see that these people are allowed to
234 ** talk to each other.
235 */
236
237 if (m->m_maxsize != 0 && e->e_msgsize > m->m_maxsize)
238 {
239 NoReturn = TRUE;
240 usrerr("Message is too large; %ld bytes max", m->m_maxsize);
241 giveresponse(EX_UNAVAILABLE, m, e);
242 continue;
243 }
244 if (!checkcompat(to))
245 {
246 giveresponse(EX_UNAVAILABLE, m, e);
247 continue;
248 }
249
250 /*
251 ** Strip quote bits from names if the mailer is dumb
252 ** about them.
253 */
254
255 if (bitnset(M_STRIPQ, m->m_flags))
256 {
257 stripquotes(user, TRUE);
258 stripquotes(host, TRUE);
259 }
260 else
261 {
262 stripquotes(user, FALSE);
263 stripquotes(host, FALSE);
264 }
265
266 /* hack attack -- delivermail compatibility */
267 if (m == ProgMailer && *user == '|')
268 user++;
269
270 /*
271 ** If an error message has already been given, don't
272 ** bother to send to this address.
273 **
274 ** >>>>>>>>>> This clause assumes that the local mailer
275 ** >> NOTE >> cannot do any further aliasing; that
276 ** >>>>>>>>>> function is subsumed by sendmail.
277 */
278
279 if (bitset(QBADADDR|QQUEUEUP, to->q_flags))
280 continue;
281
282 /* save statistics.... */
283 markstats(e, to);
284
285 /*
286 ** See if this user name is "special".
287 ** If the user name has a slash in it, assume that this
288 ** is a file -- send it off without further ado. Note
289 ** that this type of addresses is not processed along
290 ** with the others, so we fudge on the To person.
291 */
292
293 if (m == LocalMailer)
294 {
295 if (user[0] == '/')
296 {
297 rcode = mailfile(user, getctladdr(to));
298 giveresponse(rcode, m, e);
299 if (rcode == EX_OK)
300 to->q_flags |= QSENT;
301 continue;
302 }
303 }
304
305 /*
306 ** Address is verified -- add this user to mailer
307 ** argv, and add it to the print list of recipients.
308 */
309
310 /* link together the chain of recipients */
311 to->q_tchain = tochain;
312 tochain = to;
313
314 /* create list of users for error messages */
315 (void) strcat(tobuf, ",");
316 (void) strcat(tobuf, to->q_paddr);
317 define('u', user, e); /* to user */
318 define('z', to->q_home, e); /* user's home */
319
320 /*
321 ** Expand out this user into argument list.
322 */
323
324 if (!clever)
325 {
326 expand(*mvp, buf, &buf[sizeof buf - 1], e);
327 *pvp++ = newstr(buf);
328 if (pvp >= &pv[MAXPV - 2])
329 {
330 /* allow some space for trailing parms */
331 break;
332 }
333 }
334 }
335
336 /* see if any addresses still exist */
337 if (tobuf[0] == '\0')
338 {
339 define('g', (char *) NULL, e);
340 return (0);
341 }
342
343 /* print out messages as full list */
344 e->e_to = tobuf + 1;
345
346 /*
347 ** Fill out any parameters after the $u parameter.
348 */
349
350 while (!clever && *++mvp != NULL)
351 {
352 expand(*mvp, buf, &buf[sizeof buf - 1], e);
353 *pvp++ = newstr(buf);
354 if (pvp >= &pv[MAXPV])
355 syserr("deliver: pv overflow after $u for %s", pv[0]);
356 }
357 *pvp++ = NULL;
358
359 /*
360 ** Call the mailer.
361 ** The argument vector gets built, pipes
362 ** are created as necessary, and we fork & exec as
363 ** appropriate.
364 ** If we are running SMTP, we just need to clean up.
365 */
366
367 if (ctladdr == NULL)
368 ctladdr = &e->e_from;
369 #ifdef NAMED_BIND
370 if (ConfigLevel < 2)
371 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
372 #endif
373 #ifdef SMTP
374 if (clever)
375 {
376 rcode = EX_OK;
377 #ifdef NAMED_BIND
378 if (host[0] && host[0] != '[')
379 {
380 expand("\001j", buf, &buf[sizeof(buf) - 1], e);
381 Nmx = getmxrr(host, MxHosts, buf, &rcode);
382 }
383 else
384 #endif
385 {
386 Nmx = 1;
387 MxHosts[0] = host;
388 }
389 if (Nmx >= 0)
390 {
391 message(Arpa_Info, "Connecting to %s (%s)...",
392 MxHosts[0], m->m_name);
393 if ((rcode = smtpinit(m, pv)) == EX_OK) {
394 register char *t = tobuf;
395 register int i;
396
397 /* send the recipient list */
398 tobuf[0] = '\0';
399 for (to = tochain; to; to = to->q_tchain) {
400 e->e_to = to->q_paddr;
401 if ((i = smtprcpt(to, m)) != EX_OK) {
402 markfailure(e, to, i);
403 giveresponse(i, m, e);
404 }
405 else {
406 *t++ = ',';
407 for (p = to->q_paddr; *p; *t++ = *p++);
408 }
409 }
410
411 /* now send the data */
412 if (tobuf[0] == '\0')
413 e->e_to = NULL;
414 else {
415 e->e_to = tobuf + 1;
416 rcode = smtpdata(m, e);
417 }
418
419 /* now close the connection */
420 smtpquit(m);
421 }
422 }
423 }
424 else
425 #endif /* SMTP */
426 {
427 static int sendoff();
428
429 message(Arpa_Info, "Connecting to %s (%s)...", host, m->m_name);
430 rcode = sendoff(e, m, pv, ctladdr);
431 }
432 #ifdef NAMED_BIND
433 if (ConfigLevel < 2)
434 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */
435 #endif
436
437 /*
438 ** Do final status disposal.
439 ** We check for something in tobuf for the SMTP case.
440 ** If we got a temporary failure, arrange to queue the
441 ** addressees.
442 */
443
444 if (tobuf[0] != '\0')
445 giveresponse(rcode, m, e);
446 for (to = tochain; to != NULL; to = to->q_tchain)
447 if (rcode != EX_OK)
448 markfailure(e, to, rcode);
449 else
450 to->q_flags |= QSENT;
451
452 errno = 0;
453 define('g', (char *) NULL, e);
454 return (rcode);
455 }
456 �/*
457 ** MARKFAILURE -- mark a failure on a specific address.
458 **
459 ** Parameters:
460 ** e -- the envelope we are sending.
461 ** q -- the address to mark.
462 ** rcode -- the code signifying the particular failure.
463 **
464 ** Returns:
465 ** none.
466 **
467 ** Side Effects:
468 ** marks the address (and possibly the envelope) with the
469 ** failure so that an error will be returned or
470 ** the message will be queued, as appropriate.
471 */
472
473 markfailure(e, q, rcode)
474 register ENVELOPE *e;
475 register ADDRESS *q;
476 int rcode;
477 {
478 if (rcode == EX_OK)
479 return;
480 else if (rcode != EX_TEMPFAIL && rcode != EX_IOERR && rcode != EX_OSERR)
481 q->q_flags |= QBADADDR;
482 else if (curtime() > e->e_ctime + TimeOut)
483 {
484 extern char *pintvl();
485 char buf[MAXLINE];
486
487 if (!bitset(EF_TIMEOUT, e->e_flags))
488 {
489 (void) sprintf(buf, "Cannot send message for %s",
490 pintvl(TimeOut, FALSE));
491 if (e->e_message != NULL)
492 free(e->e_message);
493 e->e_message = newstr(buf);
494 message(Arpa_Info, buf);
495 }
496 q->q_flags |= QBADADDR;
497 e->e_flags |= EF_TIMEOUT;
498 }
499 else
500 q->q_flags |= QQUEUEUP;
501 }
502 �/*
503 ** DOFORK -- do a fork, retrying a couple of times on failure.
504 **
505 ** This MUST be a macro, since after a vfork we are running
506 ** two processes on the same stack!!!
507 **
508 ** Parameters:
509 ** none.
510 **
511 ** Returns:
512 ** From a macro??? You've got to be kidding!
513 **
514 ** Side Effects:
515 ** Modifies the ==> LOCAL <== variable 'pid', leaving:
516 ** pid of child in parent, zero in child.
517 ** -1 on unrecoverable error.
518 **
519 ** Notes:
520 ** I'm awfully sorry this looks so awful. That's
521 ** vfork for you.....
522 */
523
524 # define NFORKTRIES 5
525 # ifdef VMUNIX
526 # define XFORK vfork
527 # else VMUNIX
528 # define XFORK fork
529 # endif VMUNIX
530
531 # define DOFORK(fORKfN) \
532 {\
533 register int i;\
534 \
535 for (i = NFORKTRIES; --i >= 0; )\
536 {\
537 pid = fORKfN();\
538 if (pid >= 0)\
539 break;\
540 if (i > 0)\
541 sleep((unsigned) NFORKTRIES - i);\
542 }\
543 }
544 �/*
545 ** DOFORK -- simple fork interface to DOFORK.
546 **
547 ** Parameters:
548 ** none.
549 **
550 ** Returns:
551 ** pid of child in parent.
552 ** zero in child.
553 ** -1 on error.
554 **
555 ** Side Effects:
556 ** returns twice, once in parent and once in child.
557 */
558
559 dofork()
560 {
561 register int pid;
562
563 DOFORK(fork);
564 return (pid);
565 }
566 �/*
567 ** SENDOFF -- send off call to mailer & collect response.
568 **
569 ** Parameters:
570 ** e -- the envelope to mail.
571 ** m -- mailer descriptor.
572 ** pvp -- parameter vector to send to it.
573 ** ctladdr -- an address pointer controlling the
574 ** user/groupid etc. of the mailer.
575 **
576 ** Returns:
577 ** exit status of mailer.
578 **
579 ** Side Effects:
580 ** none.
581 */
582 static
583 sendoff(e, m, pvp, ctladdr)
584 register ENVELOPE *e;
585 MAILER *m;
586 char **pvp;
587 ADDRESS *ctladdr;
588 {
589 auto FILE *mfile;
590 auto FILE *rfile;
591 register int i;
592 int pid;
593
594 /*
595 ** Create connection to mailer.
596 */
597
598 pid = openmailer(m, pvp, ctladdr, FALSE, &mfile, &rfile);
599 if (pid < 0)
600 return (-1);
601
602 /*
603 ** Format and send message.
604 */
605
606 putfromline(mfile, m);
607 (*e->e_puthdr)(mfile, m, e);
608 putline("\n", mfile, m);
609 (*e->e_putbody)(mfile, m, e);
610 (void) fclose(mfile);
611 if (rfile != NULL)
612 (void) fclose(rfile);
613
614 i = endmailer(pid, pvp[0]);
615
616 /* arrange a return receipt if requested */
617 if (e->e_receiptto != NULL && bitnset(M_LOCAL, m->m_flags))
618 {
619 e->e_flags |= EF_SENDRECEIPT;
620 /* do we want to send back more info? */
621 }
622
623 return (i);
624 }
625 �/*
626 ** ENDMAILER -- Wait for mailer to terminate.
627 **
628 ** We should never get fatal errors (e.g., segmentation
629 ** violation), so we report those specially. For other
630 ** errors, we choose a status message (into statmsg),
631 ** and if it represents an error, we print it.
632 **
633 ** Parameters:
634 ** pid -- pid of mailer.
635 ** name -- name of mailer (for error messages).
636 **
637 ** Returns:
638 ** exit code of mailer.
639 **
640 ** Side Effects:
641 ** none.
642 */
643
644 endmailer(pid, name)
645 int pid;
646 char *name;
647 {
648 int st;
649
650 /* in the IPC case there is nothing to wait for */
651 if (pid == 0)
652 return (EX_OK);
653
654 /* wait for the mailer process to die and collect status */
655 st = waitfor(pid);
656 if (st == -1)
657 {
658 syserr("endmailer %s: wait", name);
659 return (EX_SOFTWARE);
660 }
661
662 /* see if it died a horrid death */
663 if ((st & 0377) != 0)
664 {
665 syserr("mailer %s died with signal %o", name, st);
666 ExitStat = EX_TEMPFAIL;
667 return (EX_TEMPFAIL);
668 }
669
670 /* normal death -- return status */
671 st = (st >> 8) & 0377;
672 return (st);
673 }
674 �/*
675 ** OPENMAILER -- open connection to mailer.
676 **
677 ** Parameters:
678 ** m -- mailer descriptor.
679 ** pvp -- parameter vector to pass to mailer.
680 ** ctladdr -- controlling address for user.
681 ** clever -- create a full duplex connection.
682 ** pmfile -- pointer to mfile (to mailer) connection.
683 ** prfile -- pointer to rfile (from mailer) connection.
684 **
685 ** Returns:
686 ** pid of mailer ( > 0 ).
687 ** -1 on error.
688 ** zero on an IPC connection.
689 **
690 ** Side Effects:
691 ** creates a mailer in a subprocess.
692 */
693
694 openmailer(m, pvp, ctladdr, clever, pmfile, prfile)
695 MAILER *m;
696 char **pvp;
697 ADDRESS *ctladdr;
698 bool clever;
699 FILE **pmfile;
700 FILE **prfile;
701 {
702 int pid;
703 int mpvect[2];
704 int rpvect[2];
705 FILE *mfile = NULL;
706 FILE *rfile = NULL;
707 extern FILE *fdopen();
708
709 if (tTd(11, 1))
710 {
711 printf("openmailer:");
712 printav(pvp);
713 }
714 errno = 0;
715
716 CurHostName = m->m_mailer;
717
718 /*
719 ** Deal with the special case of mail handled through an IPC
720 ** connection.
721 ** In this case we don't actually fork. We must be
722 ** running SMTP for this to work. We will return a
723 ** zero pid to indicate that we are running IPC.
724 ** We also handle a debug version that just talks to stdin/out.
725 */
726
727 /* check for Local Person Communication -- not for mortals!!! */
728 if (strcmp(m->m_mailer, "[LPC]") == 0)
729 {
730 *pmfile = stdout;
731 *prfile = stdin;
732 return (0);
733 }
734
735 if (strcmp(m->m_mailer, "[IPC]") == 0)
736 {
737 #ifdef HOSTINFO
738 register STAB *st;
739 extern STAB *stab();
740 #endif HOSTINFO
741 #ifdef DAEMON
742 register int i, j;
743 register u_short port;
744
745 CurHostName = pvp[1];
746 if (!clever)
747 syserr("non-clever IPC");
748 if (pvp[2] != NULL)
749 port = atoi(pvp[2]);
750 else
751 port = 0;
752 for (j = 0; j < Nmx; j++)
753 {
754 CurHostName = MxHosts[j];
755 #ifdef HOSTINFO
756 /* see if we have already determined that this host is fried */
757 st = stab(MxHosts[j], ST_HOST, ST_FIND);
758 if (st == NULL || st->s_host.ho_exitstat == EX_OK) {
759 if (j > 1)
760 message(Arpa_Info,
761 "Connecting to %s (%s)...",
762 MxHosts[j], m->m_name);
763 i = makeconnection(MxHosts[j], port, pmfile, prfile);
764 }
765 else
766 {
767 i = st->s_host.ho_exitstat;
768 errno = st->s_host.ho_errno;
769 }
770 #else HOSTINFO
771 i = makeconnection(MxHosts[j], port, pmfile, prfile);
772 #endif HOSTINFO
773 if (i != EX_OK)
774 {
775 #ifdef HOSTINFO
776 /* enter status of this host */
777 if (st == NULL)
778 st = stab(MxHosts[j], ST_HOST, ST_ENTER);
779 st->s_host.ho_exitstat = i;
780 st->s_host.ho_errno = errno;
781 #endif HOSTINFO
782 ExitStat = i;
783 continue;
784 }
785 else
786 return (0);
787 }
788 return (-1);
789 #else DAEMON
790 syserr("openmailer: no IPC");
791 return (-1);
792 #endif DAEMON
793 }
794
795 /* create a pipe to shove the mail through */
796 if (pipe(mpvect) < 0)
797 {
798 syserr("openmailer: pipe (to mailer)");
799 return (-1);
800 }
801
802 #ifdef SMTP
803 /* if this mailer speaks smtp, create a return pipe */
804 if (clever && pipe(rpvect) < 0)
805 {
806 syserr("openmailer: pipe (from mailer)");
807 (void) close(mpvect[0]);
808 (void) close(mpvect[1]);
809 return (-1);
810 }
811 #endif SMTP
812
813 /*
814 ** Actually fork the mailer process.
815 ** DOFORK is clever about retrying.
816 **
817 ** Dispose of SIGCHLD signal catchers that may be laying
818 ** around so that endmail will get it.
819 */
820
821 if (CurEnv->e_xfp != NULL)
822 (void) fflush(CurEnv->e_xfp); /* for debugging */
823 (void) fflush(stdout);
824 # ifdef SIGCHLD
825 (void) signal(SIGCHLD, SIG_DFL);
826 # endif SIGCHLD
827 DOFORK(XFORK);
828 /* pid is set by DOFORK */
829 if (pid < 0)
830 {
831 /* failure */
832 syserr("openmailer: cannot fork");
833 (void) close(mpvect[0]);
834 (void) close(mpvect[1]);
835 #ifdef SMTP
836 if (clever)
837 {
838 (void) close(rpvect[0]);
839 (void) close(rpvect[1]);
840 }
841 #endif SMTP
842 return (-1);
843 }
844 else if (pid == 0)
845 {
846 int i;
847 extern int DtableSize;
848
849 /* child -- set up input & exec mailer */
850 /* make diagnostic output be standard output */
851 (void) signal(SIGINT, SIG_IGN);
852 (void) signal(SIGHUP, SIG_IGN);
853 (void) signal(SIGTERM, SIG_DFL);
854
855 /* arrange to filter standard & diag output of command */
856 if (clever)
857 {
858 (void) close(rpvect[0]);
859 (void) close(1);
860 (void) dup(rpvect[1]);
861 (void) close(rpvect[1]);
862 }
863 else if (OpMode == MD_SMTP || HoldErrs)
864 {
865 /* put mailer output in transcript */
866 (void) close(1);
867 (void) dup(fileno(CurEnv->e_xfp));
868 }
869 (void) close(2);
870 (void) dup(1);
871
872 /* arrange to get standard input */
873 (void) close(mpvect[1]);
874 (void) close(0);
875 if (dup(mpvect[0]) < 0)
876 {
877 syserr("Cannot dup to zero!");
878 _exit(EX_OSERR);
879 }
880 (void) close(mpvect[0]);
881 if (!bitnset(M_RESTR, m->m_flags))
882 {
883 if (ctladdr == NULL || ctladdr->q_uid == 0)
884 {
885 (void) setgid(DefGid);
886 (void) initgroups(DefUser, DefGid);
887 (void) setuid(DefUid);
888 }
889 else
890 {
891 (void) setgid(ctladdr->q_gid);
892 (void) initgroups(ctladdr->q_ruser?
893 ctladdr->q_ruser: ctladdr->q_user,
894 ctladdr->q_gid);
895 (void) setuid(ctladdr->q_uid);
896 }
897 }
898
899 /* arrange for all the files to be closed */
900 for (i = 3; i < DtableSize; i++) {
901 register int j;
902 if ((j = fcntl(i, F_GETFD, 0)) != -1)
903 (void)fcntl(i, F_SETFD, j|1);
904 }
905
906 /* try to execute the mailer */
907 execve(m->m_mailer, pvp, UserEnviron);
908 syserr("Cannot exec %s", m->m_mailer);
909 if (m == LocalMailer || errno == EIO || errno == EAGAIN ||
910 errno == ENOMEM || errno == EPROCLIM)
911 _exit(EX_TEMPFAIL);
912 else
913 _exit(EX_UNAVAILABLE);
914 }
915
916 /*
917 ** Set up return value.
918 */
919
920 (void) close(mpvect[0]);
921 mfile = fdopen(mpvect[1], "w");
922 if (clever)
923 {
924 (void) close(rpvect[1]);
925 rfile = fdopen(rpvect[0], "r");
926 } else
927 rfile = NULL;
928
929 *pmfile = mfile;
930 *prfile = rfile;
931
932 return (pid);
933 }
934 �/*
935 ** GIVERESPONSE -- Interpret an error response from a mailer
936 **
937 ** Parameters:
938 ** stat -- the status code from the mailer (high byte
939 ** only; core dumps must have been taken care of
940 ** already).
941 ** m -- the mailer descriptor for this mailer.
942 **
943 ** Returns:
944 ** none.
945 **
946 ** Side Effects:
947 ** Errors may be incremented.
948 ** ExitStat may be set.
949 */
950
951 giveresponse(stat, m, e)
952 int stat;
953 register MAILER *m;
954 ENVELOPE *e;
955 {
956 register char *statmsg;
957 extern char *SysExMsg[];
958 register int i;
959 extern int N_SysEx;
960 #ifdef NAMED_BIND
961 extern int h_errno;
962 #endif
963 char buf[MAXLINE];
964
965 #ifdef lint
966 if (m == NULL)
967 return;
968 #endif lint
969
970 /*
971 ** Compute status message from code.
972 */
973
974 i = stat - EX__BASE;
975 if (stat == 0)
976 statmsg = "250 Sent";
977 else if (i < 0 || i > N_SysEx)
978 {
979 (void) sprintf(buf, "554 unknown mailer error %d", stat);
980 stat = EX_UNAVAILABLE;
981 statmsg = buf;
982 }
983 else if (stat == EX_TEMPFAIL)
984 {
985 (void) strcpy(buf, SysExMsg[i]);
986 #ifdef NAMED_BIND
987 if (h_errno == TRY_AGAIN)
988 {
989 extern char *errstring();
990
991 statmsg = errstring(h_errno+MAX_ERRNO);
992 }
993 else
994 #endif
995 {
996 if (errno != 0)
997 {
998 extern char *errstring();
999
1000 statmsg = errstring(errno);
1001 }
1002 else
1003 {
1004 #ifdef SMTP
1005 extern char SmtpError[];
1006
1007 statmsg = SmtpError;
1008 #else SMTP
1009 statmsg = NULL;
1010 #endif SMTP
1011 }
1012 }
1013 if (statmsg != NULL && statmsg[0] != '\0')
1014 {
1015 (void) strcat(buf, ": ");
1016 (void) strcat(buf, statmsg);
1017 }
1018 statmsg = buf;
1019 }
1020 else
1021 {
1022 statmsg = SysExMsg[i];
1023 }
1024
1025 /*
1026 ** Print the message as appropriate
1027 */
1028
1029 if (stat == EX_OK || stat == EX_TEMPFAIL)
1030 message(Arpa_Info, &statmsg[4]);
1031 else
1032 {
1033 Errors++;
1034 usrerr(statmsg);
1035 }
1036
1037 /*
1038 ** Final cleanup.
1039 ** Log a record of the transaction. Compute the new
1040 ** ExitStat -- if we already had an error, stick with
1041 ** that.
1042 */
1043
1044 if (LogLevel > ((stat == 0 || stat == EX_TEMPFAIL) ? 3 : 2))
1045 logdelivery(&statmsg[4]);
1046
1047 if (stat != EX_TEMPFAIL)
1048 setstat(stat);
1049 if (stat != EX_OK)
1050 {
1051 if (e->e_message != NULL)
1052 free(e->e_message);
1053 e->e_message = newstr(&statmsg[4]);
1054 }
1055 errno = 0;
1056 #ifdef NAMED_BIND
1057 h_errno = 0;
1058 #endif
1059 }
1060 �/*
1061 ** LOGDELIVERY -- log the delivery in the system log
1062 **
1063 ** Parameters:
1064 ** stat -- the message to print for the status
1065 **
1066 ** Returns:
1067 ** none
1068 **
1069 ** Side Effects:
1070 ** none
1071 */
1072
1073 logdelivery(stat)
1074 char *stat;
1075 {
1076 extern char *pintvl();
1077
1078 # ifdef LOG
1079 syslog(LOG_INFO, "%s: to=%s, delay=%s, stat=%s", CurEnv->e_id,
1080 CurEnv->e_to, pintvl(curtime() - CurEnv->e_ctime, TRUE), stat);
1081 # endif LOG
1082 }
1083 �/*
1084 ** PUTFROMLINE -- output a UNIX-style from line (or whatever)
1085 **
1086 ** This can be made an arbitrary message separator by changing $l
1087 **
1088 ** One of the ugliest hacks seen by human eyes is contained herein:
1089 ** UUCP wants those stupid "remote from <host>" lines. Why oh why
1090 ** does a well-meaning programmer such as myself have to deal with
1091 ** this kind of antique garbage????
1092 **
1093 ** Parameters:
1094 ** fp -- the file to output to.
1095 ** m -- the mailer describing this entry.
1096 **
1097 ** Returns:
1098 ** none
1099 **
1100 ** Side Effects:
1101 ** outputs some text to fp.
1102 */
1103
1104 putfromline(fp, m)
1105 register FILE *fp;
1106 register MAILER *m;
1107 {
1108 char *template = "\001l\n";
1109 char buf[MAXLINE];
1110
1111 if (bitnset(M_NHDR, m->m_flags))
1112 return;
1113
1114 # ifdef UGLYUUCP
1115 if (bitnset(M_UGLYUUCP, m->m_flags))
1116 {
1117 char *bang;
1118 char xbuf[MAXLINE];
1119
1120 expand("\001g", buf, &buf[sizeof buf - 1], CurEnv);
1121 bang = index(buf, '!');
1122 if (bang == NULL)
1123 syserr("No ! in UUCP! (%s)", buf);
1124 else
1125 {
1126 *bang++ = '\0';
1127 (void) sprintf(xbuf, "From %s \001d remote from %s\n", bang, buf);
1128 template = xbuf;
1129 }
1130 }
1131 # endif UGLYUUCP
1132 expand(template, buf, &buf[sizeof buf - 1], CurEnv);
1133 putline(buf, fp, m);
1134 }
1135 �/*
1136 ** PUTBODY -- put the body of a message.
1137 **
1138 ** Parameters:
1139 ** fp -- file to output onto.
1140 ** m -- a mailer descriptor to control output format.
1141 ** e -- the envelope to put out.
1142 **
1143 ** Returns:
1144 ** none.
1145 **
1146 ** Side Effects:
1147 ** The message is written onto fp.
1148 */
1149
1150 putbody(fp, m, e)
1151 FILE *fp;
1152 MAILER *m;
1153 register ENVELOPE *e;
1154 {
1155 char buf[MAXLINE];
1156
1157 /*
1158 ** Output the body of the message
1159 */
1160
1161 if (e->e_dfp == NULL)
1162 {
1163 if (e->e_df != NULL)
1164 {
1165 e->e_dfp = fopen(e->e_df, "r");
1166 if (e->e_dfp == NULL)
1167 syserr("putbody: Cannot open %s for %s from %s",
1168 e->e_df, e->e_to, e->e_from);
1169 }
1170 else
1171 putline("<<< No Message Collected >>>", fp, m);
1172 }
1173 if (e->e_dfp != NULL)
1174 {
1175 rewind(e->e_dfp);
1176 while (!ferror(fp) && fgets(buf, sizeof buf, e->e_dfp) != NULL)
1177 {
1178 if (buf[0] == 'F' && bitnset(M_ESCFROM, m->m_flags) &&
1179 strncmp(buf, "From ", 5) == 0)
1180 (void) putc('>', fp);
1181 putline(buf, fp, m);
1182 }
1183
1184 if (ferror(e->e_dfp))
1185 {
1186 syserr("putbody: read error");
1187 ExitStat = EX_IOERR;
1188 }
1189 }
1190
1191 (void) fflush(fp);
1192 if (ferror(fp) && errno != EPIPE)
1193 {
1194 syserr("putbody: write error");
1195 ExitStat = EX_IOERR;
1196 }
1197 errno = 0;
1198 }
1199 �/*
1200 ** MAILFILE -- Send a message to a file.
1201 **
1202 ** If the file has the setuid/setgid bits set, but NO execute
1203 ** bits, sendmail will try to become the owner of that file
1204 ** rather than the real user. Obviously, this only works if
1205 ** sendmail runs as root.
1206 **
1207 ** This could be done as a subordinate mailer, except that it
1208 ** is used implicitly to save messages in ~/dead.letter. We
1209 ** view this as being sufficiently important as to include it
1210 ** here. For example, if the system is dying, we shouldn't have
1211 ** to create another process plus some pipes to save the message.
1212 **
1213 ** Parameters:
1214 ** filename -- the name of the file to send to.
1215 ** ctladdr -- the controlling address header -- includes
1216 ** the userid/groupid to be when sending.
1217 **
1218 ** Returns:
1219 ** The exit code associated with the operation.
1220 **
1221 ** Side Effects:
1222 ** none.
1223 */
1224
1225 mailfile(filename, ctladdr)
1226 char *filename;
1227 ADDRESS *ctladdr;
1228 {
1229 register FILE *f;
1230 register int pid;
1231 ENVELOPE *e = CurEnv;
1232
1233 /*
1234 ** Fork so we can change permissions here.
1235 ** Note that we MUST use fork, not vfork, because of
1236 ** the complications of calling subroutines, etc.
1237 */
1238
1239 DOFORK(fork);
1240
1241 if (pid < 0)
1242 return (EX_OSERR);
1243 else if (pid == 0)
1244 {
1245 /* child -- actually write to file */
1246 struct stat stb;
1247
1248 (void) signal(SIGINT, SIG_DFL);
1249 (void) signal(SIGHUP, SIG_DFL);
1250 (void) signal(SIGTERM, SIG_DFL);
1251 (void) umask(OldUmask);
1252 if (stat(filename, &stb) < 0)
1253 {
1254 errno = 0;
1255 stb.st_mode = 0666;
1256 }
1257 if (bitset(0111, stb.st_mode))
1258 exit(EX_CANTCREAT);
1259 if (ctladdr == NULL)
1260 ctladdr = &e->e_from;
1261 /* we have to open the dfile BEFORE setuid */
1262 if (e->e_dfp == NULL && e->e_df != NULL)
1263 {
1264 e->e_dfp = fopen(e->e_df, "r");
1265 if (e->e_dfp == NULL) {
1266 syserr("mailfile: Cannot open %s for %s from %s",
1267 e->e_df, e->e_to, e->e_from);
1268 }
1269 }
1270
1271 if (!bitset(S_ISGID, stb.st_mode) || setgid(stb.st_gid) < 0)
1272 {
1273 if (ctladdr->q_uid == 0) {
1274 (void) setgid(DefGid);
1275 (void) initgroups(DefUser, DefGid);
1276 } else {
1277 (void) setgid(ctladdr->q_gid);
1278 (void) initgroups(ctladdr->q_ruser?
1279 ctladdr->q_ruser: ctladdr->q_user,
1280 ctladdr->q_gid);
1281 }
1282 }
1283 if (!bitset(S_ISUID, stb.st_mode) || setuid(stb.st_uid) < 0)
1284 {
1285 if (ctladdr->q_uid == 0)
1286 (void) setuid(DefUid);
1287 else
1288 (void) setuid(ctladdr->q_uid);
1289 }
1290 f = dfopen(filename, "a");
1291 if (f == NULL)
1292 exit(EX_CANTCREAT);
1293
1294 putfromline(f, ProgMailer);
1295 (*CurEnv->e_puthdr)(f, ProgMailer, CurEnv);
1296 putline("\n", f, ProgMailer);
1297 (*CurEnv->e_putbody)(f, ProgMailer, CurEnv);
1298 putline("\n", f, ProgMailer);
1299 (void) fclose(f);
1300 (void) fflush(stdout);
1301
1302 /* reset ISUID & ISGID bits for paranoid systems */
1303 (void) chmod(filename, (int) stb.st_mode);
1304 exit(EX_OK);
1305 /*NOTREACHED*/
1306 }
1307 else
1308 {
1309 /* parent -- wait for exit status */
1310 int st;
1311
1312 st = waitfor(pid);
1313 if ((st & 0377) != 0)
1314 return (EX_UNAVAILABLE);
1315 else
1316 return ((st >> 8) & 0377);
1317 /*NOTREACHED*/
1318 }
1319 }
1320 �/*
1321 ** SENDALL -- actually send all the messages.
1322 **
1323 ** Parameters:
1324 ** e -- the envelope to send.
1325 ** mode -- the delivery mode to use. If SM_DEFAULT, use
1326 ** the current SendMode.
1327 **
1328 ** Returns:
1329 ** none.
1330 **
1331 ** Side Effects:
1332 ** Scans the send lists and sends everything it finds.
1333 ** Delivers any appropriate error messages.
1334 ** If we are running in a non-interactive mode, takes the
1335 ** appropriate action.
1336 */
1337
1338 sendall(e, mode)
1339 ENVELOPE *e;
1340 char mode;
1341 {
1342 register ADDRESS *q;
1343 bool oldverbose;
1344 int pid;
1345 int nsent;
1346 FILE *lockfp = NULL, *queueup();
1347
1348 /* determine actual delivery mode */
1349 if (mode == SM_DEFAULT)
1350 {
1351 extern bool shouldqueue();
1352
1353 if (shouldqueue(e->e_msgpriority))
1354 mode = SM_QUEUE;
1355 else
1356 mode = SendMode;
1357 }
1358
1359 if (tTd(13, 1))
1360 {
1361 printf("\nSENDALL: mode %c, sendqueue:\n", mode);
1362 printaddr(e->e_sendqueue, TRUE);
1363 }
1364
1365 /*
1366 ** Do any preprocessing necessary for the mode we are running.
1367 ** Check to make sure the hop count is reasonable.
1368 ** Delete sends to the sender in mailing lists.
1369 */
1370
1371 CurEnv = e;
1372
1373 if (e->e_hopcount > MaxHopCount)
1374 {
1375 errno = 0;
1376 syserr("sendall: too many hops %d (%d max): from %s, to %s",
1377 e->e_hopcount, MaxHopCount, e->e_from, e->e_to);
1378 return;
1379 }
1380
1381 if (!MeToo)
1382 {
1383 extern ADDRESS *recipient();
1384
1385 e->e_from.q_flags |= QDONTSEND;
1386 (void) recipient(&e->e_from, &e->e_sendqueue);
1387 }
1388
1389 # ifdef QUEUE
1390 if ((mode == SM_QUEUE || mode == SM_FORK ||
1391 (mode != SM_VERIFY && SuperSafe)) &&
1392 !bitset(EF_INQUEUE, e->e_flags))
1393 lockfp = queueup(e, TRUE, mode == SM_QUEUE);
1394 #endif QUEUE
1395
1396 oldverbose = Verbose;
1397 switch (mode)
1398 {
1399 case SM_VERIFY:
1400 Verbose = TRUE;
1401 break;
1402
1403 case SM_QUEUE:
1404 e->e_flags |= EF_INQUEUE|EF_KEEPQUEUE;
1405 return;
1406
1407 case SM_FORK:
1408 if (e->e_xfp != NULL)
1409 (void) fflush(e->e_xfp);
1410 pid = fork();
1411 if (pid < 0)
1412 {
1413 mode = SM_DELIVER;
1414 break;
1415 }
1416 else if (pid > 0)
1417 {
1418 /* be sure we leave the temp files to our child */
1419 e->e_id = e->e_df = NULL;
1420 if (lockfp != NULL)
1421 (void) fclose(lockfp);
1422 return;
1423 }
1424
1425 /* double fork to avoid zombies */
1426 if (fork() > 0)
1427 exit(EX_OK);
1428
1429 /* be sure we are immune from the terminal */
1430 disconnect(FALSE);
1431
1432 break;
1433 }
1434
1435 /*
1436 ** Run through the list and send everything.
1437 */
1438
1439 nsent = 0;
1440 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1441 {
1442 if (mode == SM_VERIFY)
1443 {
1444 e->e_to = q->q_paddr;
1445 if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
1446 message(Arpa_Info, "deliverable");
1447 }
1448 else if (!bitset(QDONTSEND, q->q_flags))
1449 {
1450 # ifdef QUEUE
1451 /*
1452 ** Checkpoint the send list every few addresses
1453 */
1454
1455 if (nsent >= CheckpointInterval)
1456 {
1457 FILE *nlockfp;
1458
1459 nlockfp = queueup(e, TRUE, FALSE);
1460 if (lockfp != NULL)
1461 fclose(lockfp);
1462 lockfp = nlockfp;
1463 nsent = 0;
1464 }
1465 # endif /* QUEUE */
1466 if (deliver(e, q) == EX_OK)
1467 nsent++;
1468 }
1469 }
1470 Verbose = oldverbose;
1471
1472 /*
1473 ** Now run through and check for errors.
1474 */
1475
1476 if (mode == SM_VERIFY) {
1477 if (lockfp != NULL)
1478 (void) fclose(lockfp);
1479 return;
1480 }
1481
1482 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1483 {
1484 register ADDRESS *qq;
1485
1486 if (tTd(13, 3))
1487 {
1488 printf("Checking ");
1489 printaddr(q, FALSE);
1490 }
1491
1492 /* only send errors if the message failed */
1493 if (!bitset(QBADADDR, q->q_flags))
1494 continue;
1495
1496 /* we have an address that failed -- find the parent */
1497 for (qq = q; qq != NULL; qq = qq->q_alias)
1498 {
1499 char obuf[MAXNAME + 6];
1500 extern char *aliaslookup();
1501
1502 /* we can only have owners for local addresses */
1503 if (!bitnset(M_LOCAL, qq->q_mailer->m_flags))
1504 continue;
1505
1506 /* see if the owner list exists */
1507 (void) strcpy(obuf, "owner-");
1508 if (strncmp(qq->q_user, "owner-", 6) == 0)
1509 (void) strcat(obuf, "owner");
1510 else
1511 (void) strcat(obuf, qq->q_user);
1512 makelower(obuf);
1513 if (aliaslookup(obuf) == NULL)
1514 continue;
1515
1516 if (tTd(13, 4))
1517 printf("Errors to %s\n", obuf);
1518
1519 /* owner list exists -- add it to the error queue */
1520 sendtolist(obuf, (ADDRESS *) NULL, &e->e_errorqueue);
1521 ErrorMode = EM_MAIL;
1522 break;
1523 }
1524
1525 /* if we did not find an owner, send to the sender */
1526 if (qq == NULL && bitset(QBADADDR, q->q_flags))
1527 sendtolist(e->e_from.q_paddr, qq, &e->e_errorqueue);
1528 }
1529
1530 /* this removes the lock on the file */
1531 if (lockfp != NULL)
1532 (void) fclose(lockfp);
1533
1534 if (mode == SM_FORK)
1535 finis();
1536 }
1537