1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* Copyright (c) The Exim Maintainers 2020 */
7 /* See the file NOTICE for conditions of use and distribution. */
8
9
10 #include "../exim.h"
11 #include "autoreply.h"
12
13
14
15 /* Options specific to the autoreply transport. They must be in alphabetic
16 order (note that "_" comes before the lower case letters). Those starting
17 with "*" are not settable by the user but are used by the option-reading
18 software for alternative value types. Some options are publicly visible and so
19 are stored in the driver instance block. These are flagged with opt_public. */
20 #define LOFF(field) OPT_OFF(autoreply_transport_options_block, field)
21
22 optionlist autoreply_transport_options[] = {
23 { "bcc", opt_stringptr, LOFF(bcc) },
24 { "cc", opt_stringptr, LOFF(cc) },
25 { "file", opt_stringptr, LOFF(file) },
26 { "file_expand", opt_bool, LOFF(file_expand) },
27 { "file_optional", opt_bool, LOFF(file_optional) },
28 { "from", opt_stringptr, LOFF(from) },
29 { "headers", opt_stringptr, LOFF(headers) },
30 { "log", opt_stringptr, LOFF(logfile) },
31 { "mode", opt_octint, LOFF(mode) },
32 { "never_mail", opt_stringptr, LOFF(never_mail) },
33 { "once", opt_stringptr, LOFF(oncelog) },
34 { "once_file_size", opt_int, LOFF(once_file_size) },
35 { "once_repeat", opt_stringptr, LOFF(once_repeat) },
36 { "reply_to", opt_stringptr, LOFF(reply_to) },
37 { "return_message", opt_bool, LOFF(return_message) },
38 { "subject", opt_stringptr, LOFF(subject) },
39 { "text", opt_stringptr, LOFF(text) },
40 { "to", opt_stringptr, LOFF(to) },
41 };
42
43 /* Size of the options list. An extern variable has to be used so that its
44 address can appear in the tables drtables.c. */
45
46 int autoreply_transport_options_count =
47 sizeof(autoreply_transport_options)/sizeof(optionlist);
48
49
50 #ifdef MACRO_PREDEF
51
52 /* Dummy values */
53 autoreply_transport_options_block autoreply_transport_option_defaults = {0};
autoreply_transport_init(transport_instance * tblock)54 void autoreply_transport_init(transport_instance *tblock) {}
autoreply_transport_entry(transport_instance * tblock,address_item * addr)55 BOOL autoreply_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;}
56
57 #else /*!MACRO_PREDEF*/
58
59
60 /* Default private options block for the autoreply transport. */
61
62 autoreply_transport_options_block autoreply_transport_option_defaults = {
63 NULL, /* from */
64 NULL, /* reply_to */
65 NULL, /* to */
66 NULL, /* cc */
67 NULL, /* bcc */
68 NULL, /* subject */
69 NULL, /* headers */
70 NULL, /* text */
71 NULL, /* file */
72 NULL, /* logfile */
73 NULL, /* oncelog */
74 NULL, /* once_repeat */
75 NULL, /* never_mail */
76 0600, /* mode */
77 0, /* once_file_size */
78 FALSE, /* file_expand */
79 FALSE, /* file_optional */
80 FALSE /* return message */
81 };
82
83
84
85 /* Type of text for the checkexpand() function */
86
87 enum { cke_text, cke_hdr, cke_file };
88
89
90
91 /*************************************************
92 * Initialization entry point *
93 *************************************************/
94
95 /* Called for each instance, after its options have been read, to
96 enable consistency checks to be done, or anything else that needs
97 to be set up. */
98
99 void
autoreply_transport_init(transport_instance * tblock)100 autoreply_transport_init(transport_instance *tblock)
101 {
102 /*
103 autoreply_transport_options_block *ob =
104 (autoreply_transport_options_block *)(tblock->options_block);
105 */
106
107 /* If a fixed uid field is set, then a gid field must also be set. */
108
109 if (tblock->uid_set && !tblock->gid_set && tblock->expand_gid == NULL)
110 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
111 "user set without group for the %s transport", tblock->name);
112 }
113
114
115
116
117 /*************************************************
118 * Expand string and check *
119 *************************************************/
120
121 /* If the expansion fails, the error is set up in the address. Expanded
122 strings must be checked to ensure they contain only printing characters
123 and white space. If not, the function fails.
124
125 Arguments:
126 s string to expand
127 addr address that is being worked on
128 name transport name, for error text
129 type type, for checking content:
130 cke_text => no check
131 cke_hdr => header, allow \n + whitespace
132 cke_file => file name, no non-printers allowed
133
134 Returns: expanded string if expansion succeeds;
135 NULL otherwise
136 */
137
138 static uschar *
checkexpand(uschar * s,address_item * addr,uschar * name,int type)139 checkexpand(uschar *s, address_item *addr, uschar *name, int type)
140 {
141 uschar *ss = expand_string(s);
142
143 if (!ss)
144 {
145 addr->transport_return = FAIL;
146 addr->message = string_sprintf("Expansion of \"%s\" failed in %s transport: "
147 "%s", s, name, expand_string_message);
148 return NULL;
149 }
150
151 if (type != cke_text) for (uschar * t = ss; *t != 0; t++)
152 {
153 int c = *t;
154 const uschar * sp;
155 if (mac_isprint(c)) continue;
156 if (type == cke_hdr && c == '\n' && (t[1] == ' ' || t[1] == '\t')) continue;
157 sp = string_printing(s);
158 addr->transport_return = FAIL;
159 addr->message = string_sprintf("Expansion of \"%s\" in %s transport "
160 "contains non-printing character %d", sp, name, c);
161 return NULL;
162 }
163
164 return ss;
165 }
166
167
168
169
170 /*************************************************
171 * Check a header line for never_mail *
172 *************************************************/
173
174 /* This is called to check to, cc, and bcc for addresses in the never_mail
175 list. Any that are found are removed.
176
177 Arguments:
178 list list of addresses to be checked
179 never_mail an address list, already expanded
180
181 Returns: edited replacement address list, or NULL, or original
182 */
183
184 static uschar *
check_never_mail(uschar * list,const uschar * never_mail)185 check_never_mail(uschar * list, const uschar * never_mail)
186 {
187 rmark reset_point = store_mark();
188 uschar * newlist = string_copy(list);
189 uschar * s = newlist;
190 BOOL hit = FALSE;
191
192 while (*s)
193 {
194 uschar *error, *next;
195 uschar *e = parse_find_address_end(s, FALSE);
196 int terminator = *e;
197 int start, end, domain, rc;
198
199 /* Temporarily terminate the string at the address end while extracting
200 the operative address within. */
201
202 *e = 0;
203 next = parse_extract_address(s, &error, &start, &end, &domain, FALSE);
204 *e = terminator;
205
206 /* If there is some kind of syntax error, just give up on this header
207 line. */
208
209 if (!next) break;
210
211 /* See if the address is on the never_mail list */
212
213 rc = match_address_list(next, /* address to check */
214 TRUE, /* start caseless */
215 FALSE, /* don't expand the list */
216 &never_mail, /* the list */
217 NULL, /* no caching */
218 -1, /* no expand setup */
219 0, /* separator from list */
220 NULL); /* no lookup value return */
221
222 if (rc == OK) /* Remove this address */
223 {
224 DEBUG(D_transport)
225 debug_printf("discarding recipient %s (matched never_mail)\n", next);
226 hit = TRUE;
227 if (terminator == ',') e++;
228 memmove(s, e, Ustrlen(e) + 1);
229 }
230 else /* Skip over this address */
231 {
232 s = e;
233 if (terminator == ',') s++;
234 }
235 }
236
237 /* If no addresses were removed, retrieve the memory used and return
238 the original. */
239
240 if (!hit)
241 {
242 store_reset(reset_point);
243 return list;
244 }
245
246 /* Check to see if we removed the last address, leaving a terminating comma
247 that needs to be removed */
248
249 s = newlist + Ustrlen(newlist);
250 while (s > newlist && (isspace(s[-1]) || s[-1] == ',')) s--;
251 *s = 0;
252
253 /* Check to see if there any addresses left; if not, return NULL */
254
255 s = newlist;
256 while (s && isspace(*s)) s++;
257 if (*s)
258 return newlist;
259
260 store_reset(reset_point);
261 return NULL;
262 }
263
264
265
266 /*************************************************
267 * Main entry point *
268 *************************************************/
269
270 /* See local README for interface details. This transport always returns
271 FALSE, indicating that the top address has the status for all - though in fact
272 this transport can handle only one address at at time anyway. */
273
274 BOOL
autoreply_transport_entry(transport_instance * tblock,address_item * addr)275 autoreply_transport_entry(
276 transport_instance *tblock, /* data for this instantiation */
277 address_item *addr) /* address we are working on */
278 {
279 int fd, pid, rc;
280 int cache_fd = -1;
281 int cache_size = 0;
282 int add_size = 0;
283 EXIM_DB *dbm_file = NULL;
284 BOOL file_expand, return_message;
285 uschar *from, *reply_to, *to, *cc, *bcc, *subject, *headers, *text, *file;
286 uschar *logfile, *oncelog;
287 uschar *cache_buff = NULL;
288 uschar *cache_time = NULL;
289 uschar *message_id = NULL;
290 header_line *h;
291 time_t now = time(NULL);
292 time_t once_repeat_sec = 0;
293 FILE *fp;
294 FILE *ff = NULL;
295
296 autoreply_transport_options_block *ob =
297 (autoreply_transport_options_block *)(tblock->options_block);
298
299 DEBUG(D_transport) debug_printf("%s transport entered\n", tblock->name);
300
301 /* Set up for the good case */
302
303 addr->transport_return = OK;
304 addr->basic_errno = 0;
305
306 /* If the address is pointing to a reply block, then take all the data
307 from that block. It has typically been set up by a mail filter processing
308 router. Otherwise, the data must be supplied by this transport, and
309 it has to be expanded here. */
310
311 if (addr->reply)
312 {
313 DEBUG(D_transport) debug_printf("taking data from address\n");
314 from = addr->reply->from;
315 reply_to = addr->reply->reply_to;
316 to = addr->reply->to;
317 cc = addr->reply->cc;
318 bcc = addr->reply->bcc;
319 subject = addr->reply->subject;
320 headers = addr->reply->headers;
321 text = addr->reply->text;
322 file = addr->reply->file;
323 logfile = addr->reply->logfile;
324 oncelog = addr->reply->oncelog;
325 once_repeat_sec = addr->reply->once_repeat;
326 file_expand = addr->reply->file_expand;
327 expand_forbid = addr->reply->expand_forbid;
328 return_message = addr->reply->return_message;
329 }
330 else
331 {
332 uschar *oncerepeat = ob->once_repeat;
333
334 DEBUG(D_transport) debug_printf("taking data from transport\n");
335 from = ob->from;
336 reply_to = ob->reply_to;
337 to = ob->to;
338 cc = ob->cc;
339 bcc = ob->bcc;
340 subject = ob->subject;
341 headers = ob->headers;
342 text = ob->text;
343 file = ob->file;
344 logfile = ob->logfile;
345 oncelog = ob->oncelog;
346 file_expand = ob->file_expand;
347 return_message = ob->return_message;
348
349 if ( from && !(from = checkexpand(from, addr, tblock->name, cke_hdr))
350 || reply_to && !(reply_to = checkexpand(reply_to, addr, tblock->name, cke_hdr))
351 || to && !(to = checkexpand(to, addr, tblock->name, cke_hdr))
352 || cc && !(cc = checkexpand(cc, addr, tblock->name, cke_hdr))
353 || bcc && !(bcc = checkexpand(bcc, addr, tblock->name, cke_hdr))
354 || subject && !(subject = checkexpand(subject, addr, tblock->name, cke_hdr))
355 || headers && !(headers = checkexpand(headers, addr, tblock->name, cke_text))
356 || text && !(text = checkexpand(text, addr, tblock->name, cke_text))
357 || file && !(file = checkexpand(file, addr, tblock->name, cke_file))
358 || logfile && !(logfile = checkexpand(logfile, addr, tblock->name, cke_file))
359 || oncelog && !(oncelog = checkexpand(oncelog, addr, tblock->name, cke_file))
360 || oncerepeat && !(oncerepeat = checkexpand(oncerepeat, addr, tblock->name, cke_file))
361 )
362 return FALSE;
363
364 if (oncerepeat)
365 {
366 once_repeat_sec = readconf_readtime(oncerepeat, 0, FALSE);
367 if (once_repeat_sec < 0)
368 {
369 addr->transport_return = FAIL;
370 addr->message = string_sprintf("Invalid time value \"%s\" for "
371 "\"once_repeat\" in %s transport", oncerepeat, tblock->name);
372 return FALSE;
373 }
374 }
375 }
376
377 /* If the never_mail option is set, we have to scan all the recipients and
378 remove those that match. */
379
380 if (ob->never_mail)
381 {
382 const uschar *never_mail = expand_string(ob->never_mail);
383
384 if (!never_mail)
385 {
386 addr->transport_return = FAIL;
387 addr->message = string_sprintf("Failed to expand \"%s\" for "
388 "\"never_mail\" in %s transport", ob->never_mail, tblock->name);
389 return FALSE;
390 }
391
392 if (to) to = check_never_mail(to, never_mail);
393 if (cc) cc = check_never_mail(cc, never_mail);
394 if (bcc) bcc = check_never_mail(bcc, never_mail);
395
396 if (!to && !cc && !bcc)
397 {
398 DEBUG(D_transport)
399 debug_printf("*** all recipients removed by never_mail\n");
400 return OK;
401 }
402 }
403
404 /* If the -N option is set, can't do any more. */
405
406 if (f.dont_deliver)
407 {
408 DEBUG(D_transport)
409 debug_printf("*** delivery by %s transport bypassed by -N option\n",
410 tblock->name);
411 return FALSE;
412 }
413
414
415 /* If the oncelog field is set, we send want to send only one message to the
416 given recipient(s). This works only on the "To" field. If there is no "To"
417 field, the message is always sent. If the To: field contains more than one
418 recipient, the effect might not be quite as envisaged. If once_file_size is
419 set, instead of a dbm file, we use a regular file containing a circular buffer
420 recipient cache. */
421
422 if (oncelog && *oncelog && to)
423 {
424 uschar *m;
425 time_t then = 0;
426
427 if ((m = is_tainted2(oncelog, 0, "Tainted '%s' (once file for %s transport)"
428 " not permitted", oncelog, tblock->name)))
429 {
430 addr->transport_return = DEFER;
431 addr->basic_errno = EACCES;
432 addr->message = m;
433 goto END_OFF;
434 }
435
436 /* Handle fixed-size cache file. */
437
438 if (ob->once_file_size > 0)
439 {
440 uschar * nextp;
441 struct stat statbuf;
442
443 cache_fd = Uopen(oncelog, O_CREAT|O_RDWR, ob->mode);
444 if (cache_fd < 0 || fstat(cache_fd, &statbuf) != 0)
445 {
446 addr->transport_return = DEFER;
447 addr->basic_errno = errno;
448 addr->message = string_sprintf("Failed to %s \"once\" file %s when "
449 "sending message from %s transport: %s",
450 cache_fd < 0 ? "open" : "stat", oncelog, tblock->name, strerror(errno));
451 goto END_OFF;
452 }
453
454 /* Get store in the temporary pool and read the entire file into it. We get
455 an amount of store that is big enough to add the new entry on the end if we
456 need to do that. */
457
458 cache_size = statbuf.st_size;
459 add_size = sizeof(time_t) + Ustrlen(to) + 1;
460 cache_buff = store_get(cache_size + add_size, is_tainted(oncelog));
461
462 if (read(cache_fd, cache_buff, cache_size) != cache_size)
463 {
464 addr->transport_return = DEFER;
465 addr->basic_errno = errno;
466 addr->message = US"error while reading \"once\" file";
467 goto END_OFF;
468 }
469
470 DEBUG(D_transport) debug_printf("%d bytes read from %s\n", cache_size, oncelog);
471
472 /* Scan the data for this recipient. Each entry in the file starts with
473 a time_t sized time value, followed by the address, followed by a binary
474 zero. If we find a match, put the time into "then", and the place where it
475 was found into "cache_time". Otherwise, "then" is left at zero. */
476
477 for (uschar * p = cache_buff; p < cache_buff + cache_size; p = nextp)
478 {
479 uschar *s = p + sizeof(time_t);
480 nextp = s + Ustrlen(s) + 1;
481 if (Ustrcmp(to, s) == 0)
482 {
483 memcpy(&then, p, sizeof(time_t));
484 cache_time = p;
485 break;
486 }
487 }
488 }
489
490 /* Use a DBM file for the list of previous recipients. */
491
492 else
493 {
494 EXIM_DATUM key_datum, result_datum;
495 uschar * dirname, * s;
496
497 dirname = (s = Ustrrchr(oncelog, '/'))
498 ? string_copyn(oncelog, s - oncelog) : NULL;
499 EXIM_DBOPEN(oncelog, dirname, O_RDWR|O_CREAT, ob->mode, &dbm_file);
500 if (!dbm_file)
501 {
502 addr->transport_return = DEFER;
503 addr->basic_errno = errno;
504 addr->message = string_sprintf("Failed to open %s file %s when sending "
505 "message from %s transport: %s", EXIM_DBTYPE, oncelog, tblock->name,
506 strerror(errno));
507 goto END_OFF;
508 }
509
510 EXIM_DATUM_INIT(key_datum); /* Some DBM libraries need datums */
511 EXIM_DATUM_INIT(result_datum); /* to be cleared */
512 EXIM_DATUM_DATA(key_datum) = CS to;
513 EXIM_DATUM_SIZE(key_datum) = Ustrlen(to) + 1;
514
515 if (EXIM_DBGET(dbm_file, key_datum, result_datum))
516 {
517 /* If the datum size is that of a binary time, we are in the new world
518 where messages are sent periodically. Otherwise the file is an old one,
519 where the datum was filled with a tod_log time, which is assumed to be
520 different in size. For that, only one message is ever sent. This change
521 introduced at Exim 3.00. In a couple of years' time the test on the size
522 can be abolished. */
523
524 if (EXIM_DATUM_SIZE(result_datum) == sizeof(time_t))
525 memcpy(&then, EXIM_DATUM_DATA(result_datum), sizeof(time_t));
526 else
527 then = now;
528 }
529 }
530
531 /* Either "then" is set zero, if no message has yet been sent, or it
532 is set to the time of the last sending. */
533
534 if (then != 0 && (once_repeat_sec <= 0 || now - then < once_repeat_sec))
535 {
536 uschar *m;
537 int log_fd;
538 if ((m = is_tainted2(logfile, 0, "Tainted '%s' (logfile for %s transport)"
539 " not permitted", logfile, tblock->name)))
540 {
541 addr->transport_return = DEFER;
542 addr->basic_errno = EACCES;
543 addr->message = m;
544 goto END_OFF;
545 }
546
547 DEBUG(D_transport) debug_printf("message previously sent to %s%s\n", to,
548 (once_repeat_sec > 0)? " and repeat time not reached" : "");
549 log_fd = logfile ? Uopen(logfile, O_WRONLY|O_APPEND|O_CREAT, ob->mode) : -1;
550 if (log_fd >= 0)
551 {
552 uschar *ptr = log_buffer;
553 sprintf(CS ptr, "%s\n previously sent to %.200s\n", tod_stamp(tod_log), to);
554 while(*ptr) ptr++;
555 if(write(log_fd, log_buffer, ptr - log_buffer) != ptr-log_buffer
556 || close(log_fd))
557 DEBUG(D_transport) debug_printf("Problem writing log file %s for %s "
558 "transport\n", logfile, tblock->name);
559 }
560 goto END_OFF;
561 }
562
563 DEBUG(D_transport) debug_printf("%s %s\n", (then <= 0)?
564 "no previous message sent to" : "repeat time reached for", to);
565 }
566
567 /* We are going to send a message. Ensure any requested file is available. */
568 if (file)
569 {
570 uschar *m;
571 if ((m = is_tainted2(file, 0, "Tainted '%s' (file for %s transport)"
572 " not permitted", file, tblock->name)))
573 {
574 addr->transport_return = DEFER;
575 addr->basic_errno = EACCES;
576 addr->message = m;
577 return FALSE;
578 }
579 if (!(ff = Ufopen(file, "rb")) && !ob->file_optional)
580 {
581 addr->transport_return = DEFER;
582 addr->basic_errno = errno;
583 addr->message = string_sprintf("Failed to open file %s when sending "
584 "message from %s transport: %s", file, tblock->name, strerror(errno));
585 return FALSE;
586 }
587 }
588
589 /* Make a subprocess to send the message */
590
591 if ((pid = child_open_exim(&fd, US"autoreply")) < 0)
592 {
593 /* Creation of child failed; defer this delivery. */
594
595 addr->transport_return = DEFER;
596 addr->basic_errno = errno;
597 addr->message = string_sprintf("Failed to create child process to send "
598 "message from %s transport: %s", tblock->name, strerror(errno));
599 DEBUG(D_transport) debug_printf("%s\n", addr->message);
600 if (dbm_file) EXIM_DBCLOSE(dbm_file);
601 return FALSE;
602 }
603
604 /* Create the message to be sent - recipients are taken from the headers,
605 as the -t option is used. The "headers" stuff *must* be last in case there
606 are newlines in it which might, if placed earlier, screw up other headers. */
607
608 fp = fdopen(fd, "wb");
609
610 if (from) fprintf(fp, "From: %s\n", from);
611 if (reply_to) fprintf(fp, "Reply-To: %s\n", reply_to);
612 if (to) fprintf(fp, "To: %s\n", to);
613 if (cc) fprintf(fp, "Cc: %s\n", cc);
614 if (bcc) fprintf(fp, "Bcc: %s\n", bcc);
615 if (subject) fprintf(fp, "Subject: %s\n", subject);
616
617 /* Generate In-Reply-To from the message_id header; there should
618 always be one, but code defensively. */
619
620 for (h = header_list; h; h = h->next)
621 if (h->type == htype_id) break;
622
623 if (h)
624 {
625 message_id = Ustrchr(h->text, ':') + 1;
626 while (isspace(*message_id)) message_id++;
627 fprintf(fp, "In-Reply-To: %s", message_id);
628 }
629
630 moan_write_references(fp, message_id);
631
632 /* Add an Auto-Submitted: header */
633
634 fprintf(fp, "Auto-Submitted: auto-replied\n");
635
636 /* Add any specially requested headers */
637
638 if (headers) fprintf(fp, "%s\n", headers);
639 fprintf(fp, "\n");
640
641 if (text)
642 {
643 fprintf(fp, "%s", CS text);
644 if (text[Ustrlen(text)-1] != '\n') fprintf(fp, "\n");
645 }
646
647 if (ff)
648 {
649 debug_printf("%s %d: ff\n", __FUNCTION__, __LINE__);
650 while (Ufgets(big_buffer, big_buffer_size, ff) != NULL)
651 {
652 if (file_expand)
653 {
654 uschar *s = expand_string(big_buffer);
655 DEBUG(D_transport)
656 {
657 if (!s)
658 debug_printf("error while expanding line from file:\n %s\n %s\n",
659 big_buffer, expand_string_message);
660 }
661 fprintf(fp, "%s", s ? CS s : CS big_buffer);
662 }
663 else fprintf(fp, "%s", CS big_buffer);
664 }
665 (void) fclose(ff);
666 }
667
668 /* Copy the original message if required, observing the return size
669 limit if we are returning the body. */
670
671 if (return_message)
672 {
673 debug_printf("%s %d: ret msg\n", __FUNCTION__, __LINE__);
674 uschar *rubric = tblock->headers_only
675 ? US"------ This is a copy of the message's header lines.\n"
676 : tblock->body_only
677 ? US"------ This is a copy of the body of the message, without the headers.\n"
678 : US"------ This is a copy of the message, including all the headers.\n";
679 transport_ctx tctx = {
680 .u = {.fd = fileno(fp)},
681 .tblock = tblock,
682 .addr = addr,
683 .check_string = NULL,
684 .escape_string = NULL,
685 .options = (tblock->body_only ? topt_no_headers : 0)
686 | (tblock->headers_only ? topt_no_body : 0)
687 | (tblock->return_path_add ? topt_add_return_path : 0)
688 | (tblock->delivery_date_add ? topt_add_delivery_date : 0)
689 | (tblock->envelope_to_add ? topt_add_envelope_to : 0)
690 | topt_not_socket
691 };
692
693 if (bounce_return_size_limit > 0 && !tblock->headers_only)
694 {
695 struct stat statbuf;
696 int max = (bounce_return_size_limit/DELIVER_IN_BUFFER_SIZE + 1) *
697 DELIVER_IN_BUFFER_SIZE;
698 if (fstat(deliver_datafile, &statbuf) == 0 && statbuf.st_size > max)
699 {
700 fprintf(fp, "\n%s"
701 "------ The body of the message is " OFF_T_FMT " characters long; only the first\n"
702 "------ %d or so are included here.\n\n", rubric, statbuf.st_size,
703 (max/1000)*1000);
704 }
705 else fprintf(fp, "\n%s\n", rubric);
706 }
707 else fprintf(fp, "\n%s\n", rubric);
708
709 fflush(fp);
710 transport_count = 0;
711 transport_write_message(&tctx, bounce_return_size_limit);
712 }
713
714 /* End the message and wait for the child process to end; no timeout. */
715
716 (void)fclose(fp);
717 rc = child_close(pid, 0);
718
719 /* Update the "sent to" log whatever the yield. This errs on the side of
720 missing out a message rather than risking sending more than one. We either have
721 cache_fd set to a fixed size, circular buffer file, or dbm_file set to an open
722 DBM file (or neither, if "once" is not set). */
723
724 /* Update fixed-size cache file. If cache_time is set, we found a previous
725 entry; that is the spot into which to put the current time. Otherwise we have
726 to add a new record; remove the first one in the file if the file is too big.
727 We always rewrite the entire file in a single write operation. This is
728 (hopefully) going to be the safest thing because there is no interlocking
729 between multiple simultaneous deliveries. */
730
731 if (cache_fd >= 0)
732 {
733 uschar *from = cache_buff;
734 int size = cache_size;
735
736 if (lseek(cache_fd, 0, SEEK_SET) == 0)
737 {
738 if (!cache_time)
739 {
740 cache_time = from + size;
741 memcpy(cache_time + sizeof(time_t), to, add_size - sizeof(time_t));
742 size += add_size;
743
744 if (cache_size > 0 && size > ob->once_file_size)
745 {
746 from += sizeof(time_t) + Ustrlen(from + sizeof(time_t)) + 1;
747 size -= (from - cache_buff);
748 }
749 }
750
751 memcpy(cache_time, &now, sizeof(time_t));
752 if(write(cache_fd, from, size) != size)
753 DEBUG(D_transport) debug_printf("Problem writing cache file %s for %s "
754 "transport\n", oncelog, tblock->name);
755 }
756 }
757
758 /* Update DBM file */
759
760 else if (dbm_file)
761 {
762 EXIM_DATUM key_datum, value_datum;
763 EXIM_DATUM_INIT(key_datum); /* Some DBM libraries need to have */
764 EXIM_DATUM_INIT(value_datum); /* cleared datums. */
765 EXIM_DATUM_DATA(key_datum) = CS to;
766 EXIM_DATUM_SIZE(key_datum) = Ustrlen(to) + 1;
767
768 /* Many OS define the datum value, sensibly, as a void *. However, there
769 are some which still have char *. By casting this address to a char * we
770 can avoid warning messages from the char * systems. */
771
772 EXIM_DATUM_DATA(value_datum) = CS (&now);
773 EXIM_DATUM_SIZE(value_datum) = (int)sizeof(time_t);
774 EXIM_DBPUT(dbm_file, key_datum, value_datum);
775 }
776
777 /* If sending failed, defer to try again - but if once is set the next
778 try will skip, of course. However, if there were no recipients in the
779 message, we do not fail. */
780
781 if (rc != 0)
782 if (rc == EXIT_NORECIPIENTS)
783 {
784 DEBUG(D_any) debug_printf("%s transport: message contained no recipients\n",
785 tblock->name);
786 }
787 else
788 {
789 addr->transport_return = DEFER;
790 addr->message = string_sprintf("Failed to send message from %s "
791 "transport (%d)", tblock->name, rc);
792 goto END_OFF;
793 }
794
795 /* Log the sending of the message if successful and required. If the file
796 fails to open, it's hard to know what to do. We cannot write to the Exim
797 log from here, since we may be running under an unprivileged uid. We don't
798 want to fail the delivery, since the message has been successfully sent. For
799 the moment, ignore open failures. Write the log entry as a single write() to a
800 file opened for appending, in order to avoid interleaving of output from
801 different processes. The log_buffer can be used exactly as for main log
802 writing. */
803
804 if (logfile)
805 {
806 int log_fd = Uopen(logfile, O_WRONLY|O_APPEND|O_CREAT, ob->mode);
807 if (log_fd >= 0)
808 {
809 gstring gs = { .size = LOG_BUFFER_SIZE, .ptr = 0, .s = log_buffer }, *g = &gs;
810
811 /* Use taint-unchecked routines for writing into log_buffer, trusting
812 that we'll never expand it. */
813
814 DEBUG(D_transport) debug_printf("logging message details\n");
815 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, "%s\n", tod_stamp(tod_log));
816 if (from)
817 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " From: %s\n", from);
818 if (to)
819 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " To: %s\n", to);
820 if (cc)
821 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Cc: %s\n", cc);
822 if (bcc)
823 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Bcc: %s\n", bcc);
824 if (subject)
825 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Subject: %s\n", subject);
826 if (headers)
827 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " %s\n", headers);
828 if(write(log_fd, g->s, g->ptr) != g->ptr || close(log_fd))
829 DEBUG(D_transport) debug_printf("Problem writing log file %s for %s "
830 "transport\n", logfile, tblock->name);
831 }
832 else DEBUG(D_transport) debug_printf("Failed to open log file %s for %s "
833 "transport: %s\n", logfile, tblock->name, strerror(errno));
834 }
835
836 END_OFF:
837 if (dbm_file) EXIM_DBCLOSE(dbm_file);
838 if (cache_fd > 0) (void)close(cache_fd);
839
840 DEBUG(D_transport) debug_printf("%s transport succeeded\n", tblock->name);
841
842 return FALSE;
843 }
844
845 #endif /*!MACRO_PREDEF*/
846 /* End of transport/autoreply.c */
847