1 /* $NetBSD: bounce_notify_service.c,v 1.2 2017/02/14 01:16:44 christos Exp $ */
2
3 /*++
4 /* NAME
5 /* bounce_notify_service 3
6 /* SUMMARY
7 /* send non-delivery report to sender, server side
8 /* SYNOPSIS
9 /* #include "bounce_service.h"
10 /*
11 /* int bounce_notify_service(flags, service, queue_name, queue_id,
12 /* encoding, smtputf8, sender, dsn_envid,
13 /* dsn_ret, templates)
14 /* int flags;
15 /* char *service;
16 /* char *queue_name;
17 /* char *queue_id;
18 /* char *encoding;
19 /* int smtputf8;
20 /* char *sender;
21 /* char *dsn_envid;
22 /* int dsn_ret;
23 /* BOUNCE_TEMPLATES *templates;
24 /* DESCRIPTION
25 /* This module implements the server side of the bounce_flush()
26 /* (send bounce message) request.
27 /*
28 /* When a message bounces, a full copy is sent to the originator,
29 /* and an optional copy of the diagnostics with message headers is
30 /* sent to the postmaster. The result is non-zero when the operation
31 /* should be tried again. Otherwise, the logfile is removed.
32 /*
33 /* When a bounce is sent, the sender address is the empty
34 /* address. When a bounce bounces, an optional double bounce
35 /* with the entire undeliverable mail is sent to the postmaster,
36 /* with as sender address the double bounce address.
37 /* DIAGNOSTICS
38 /* Fatal error: error opening existing file.
39 /* BUGS
40 /* SEE ALSO
41 /* bounce(3) basic bounce service client interface
42 /* LICENSE
43 /* .ad
44 /* .fi
45 /* The Secure Mailer license must be distributed with this software.
46 /* AUTHOR(S)
47 /* Wietse Venema
48 /* IBM T.J. Watson Research
49 /* P.O. Box 704
50 /* Yorktown Heights, NY 10598, USA
51 /*--*/
52
53 /* System library. */
54
55 #include <sys_defs.h>
56 #include <fcntl.h>
57 #include <errno.h>
58 #include <string.h>
59 #include <ctype.h>
60
61 /* Utility library. */
62
63 #include <msg.h>
64 #include <vstream.h>
65 #include <name_mask.h>
66 #include <stringops.h>
67
68 /* Global library. */
69
70 #include <mail_params.h>
71 #include <mail_queue.h>
72 #include <post_mail.h>
73 #include <mail_addr.h>
74 #include <mail_error.h>
75 #include <bounce.h>
76 #include <dsn_mask.h>
77 #include <rec_type.h>
78
79 /* Application-specific. */
80
81 #include "bounce_service.h"
82
83 #define STR vstring_str
84
85 /* bounce_notify_service - send a bounce */
86
bounce_notify_service(int flags,char * service,char * queue_name,char * queue_id,char * encoding,int smtputf8,char * recipient,char * dsn_envid,int dsn_ret,BOUNCE_TEMPLATES * ts)87 int bounce_notify_service(int flags, char *service, char *queue_name,
88 char *queue_id, char *encoding,
89 int smtputf8, char *recipient,
90 char *dsn_envid, int dsn_ret,
91 BOUNCE_TEMPLATES *ts)
92 {
93 BOUNCE_INFO *bounce_info;
94 int bounce_status = 1;
95 int postmaster_status = 1;
96 VSTREAM *bounce;
97 int notify_mask = name_mask(VAR_NOTIFY_CLASSES, mail_error_masks,
98 var_notify_classes);
99 VSTRING *new_id = vstring_alloc(10);
100 char *postmaster;
101 int count;
102
103 /*
104 * Initialize. Open queue file, bounce log, etc.
105 *
106 * XXX DSN The bounce service produces RFC 3464-style "failed mail" reports
107 * from information in two following types of logfile:
108 *
109 * 1 - bounce: this file is used for RFC 3464-style reports of permanent
110 * delivery errors by the bounce(8) service. This reports to the sender
111 * all recipients that have no DSN NOTIFY information (compatibility) and
112 * all recipients that have DSN NOTIFY=FAILURE; this reports to
113 * postmaster all recipients, if postmaster notification is enabled.
114 *
115 * 2 - defer: this file is used for three types of report:
116 *
117 * 2a) RFC 3464-style "mail is too old" reports by the bounce(8) service.
118 * This reports to the sender all recipients that have no DSN NOTIFY
119 * information (compatibility) and all recipients that have DSN
120 * NOTIFY=FAILURE; this reports to postmaster all recipients, if
121 * postmaster notification is enabled.
122 *
123 * Other reports that other servers produce from the defer logfile:
124 *
125 * 2b) On-demand reports of all delayed deliveries by the showq(8) service
126 * and mailq(1) command. This reports all recipients that have a
127 * transient delivery error.
128 *
129 * 2c) RFC 3464-style "delayed mail" notifications by the defer(8) service.
130 * This reports to the sender all recipients that have no DSN NOTIFY
131 * information (compatibility) and all recipients that have DSN
132 * NOTIFY=DELAY; this reports to postmaster all recipients, if postmaster
133 * notification is enabled.
134 */
135 bounce_info = bounce_mail_init(service, queue_name, queue_id,
136 encoding, smtputf8, dsn_envid,
137 ts->failure);
138
139 #define NULL_SENDER MAIL_ADDR_EMPTY /* special address */
140 #define NULL_TRACE_FLAGS 0
141
142 /*
143 * The choice of sender address depends on the recipient address. For a
144 * single bounce (a non-delivery notification to the message originator),
145 * the sender address is the empty string. For a double bounce (typically
146 * a failed single bounce, or a postmaster notification that was produced
147 * by any of the mail processes) the sender address is defined by the
148 * var_double_bounce_sender configuration variable. When a double bounce
149 * cannot be delivered, the queue manager blackholes the resulting triple
150 * bounce message.
151 */
152
153 /*
154 * Double bounce failed. Never send a triple bounce.
155 *
156 * However, this does not prevent double bounces from bouncing on other
157 * systems. In order to cope with this, either the queue manager must
158 * recognize the double-bounce recipient address and discard mail, or
159 * every delivery agent must recognize the double-bounce sender address
160 * and substitute something else so mail does not come back at us.
161 */
162 if (strcasecmp_utf8(recipient, mail_addr_double_bounce()) == 0) {
163 msg_warn("%s: undeliverable postmaster notification discarded",
164 queue_id);
165 bounce_status = 0;
166 }
167
168 /*
169 * Single bounce failed. Optionally send a double bounce to postmaster,
170 * subject to notify_classes restrictions.
171 */
172 #define ANY_BOUNCE (MAIL_ERROR_2BOUNCE | MAIL_ERROR_BOUNCE)
173 #define SEND_POSTMASTER_ANY_BOUNCE_NOTICE (notify_mask & ANY_BOUNCE)
174
175 else if (*recipient == 0) {
176 if (!SEND_POSTMASTER_ANY_BOUNCE_NOTICE) {
177 bounce_status = 0;
178 } else {
179 postmaster = var_2bounce_rcpt;
180 if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
181 postmaster,
182 MAIL_SRC_MASK_BOUNCE,
183 NULL_TRACE_FLAGS,
184 smtputf8,
185 new_id)) != 0) {
186
187 /*
188 * Double bounce to Postmaster. This is the last opportunity
189 * for this message to be delivered. Send the text with
190 * reason for the bounce, and the headers of the original
191 * message. Don't bother sending the boiler-plate text.
192 */
193 count = -1;
194 if (bounce_header(bounce, bounce_info, postmaster,
195 POSTMASTER_COPY) == 0
196 && (count = bounce_diagnostic_log(bounce, bounce_info,
197 DSN_NOTIFY_OVERRIDE)) > 0
198 && bounce_header_dsn(bounce, bounce_info) == 0
199 && bounce_diagnostic_dsn(bounce, bounce_info,
200 DSN_NOTIFY_OVERRIDE) > 0) {
201 bounce_original(bounce, bounce_info, DSN_RET_FULL);
202 bounce_status = post_mail_fclose(bounce);
203 if (bounce_status == 0)
204 msg_info("%s: postmaster non-delivery notification: %s",
205 queue_id, STR(new_id));
206 } else {
207 /* No applicable recipients found - cancel this notice. */
208 (void) vstream_fclose(bounce);
209 if (count == 0)
210 bounce_status = 0;
211 }
212 }
213 }
214 }
215
216 /*
217 * Non-bounce failed. Send a single bounce to the sender, subject to DSN
218 * NOTIFY restrictions.
219 */
220 else {
221 if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient,
222 MAIL_SRC_MASK_BOUNCE,
223 NULL_TRACE_FLAGS,
224 smtputf8,
225 new_id)) != 0) {
226
227 /*
228 * Send the bounce message header, some boilerplate text that
229 * pretends that we are a polite mail system, the text with
230 * reason for the bounce, and a copy of the original message.
231 */
232 count = -1;
233 if (bounce_header(bounce, bounce_info, recipient,
234 NO_POSTMASTER_COPY) == 0
235 && bounce_boilerplate(bounce, bounce_info) == 0
236 && (count = bounce_diagnostic_log(bounce, bounce_info,
237 DSN_NOTIFY_FAILURE)) > 0
238 && bounce_header_dsn(bounce, bounce_info) == 0
239 && bounce_diagnostic_dsn(bounce, bounce_info,
240 DSN_NOTIFY_FAILURE) > 0) {
241 bounce_original(bounce, bounce_info, dsn_ret ?
242 dsn_ret : DSN_RET_FULL);
243 bounce_status = post_mail_fclose(bounce);
244 if (bounce_status == 0)
245 msg_info("%s: sender non-delivery notification: %s",
246 queue_id, STR(new_id));
247 } else {
248 /* No applicable recipients found - cancel this notice. */
249 (void) vstream_fclose(bounce);
250 if (count == 0)
251 bounce_status = 0;
252 }
253 }
254
255 /*
256 * Optionally, send a postmaster notice, subject to notify_classes
257 * restrictions.
258 *
259 * This postmaster notice is not critical, so if it fails don't
260 * retransmit the bounce that we just generated, just log a warning.
261 */
262 #define SEND_POSTMASTER_SINGLE_BOUNCE_NOTICE (notify_mask & MAIL_ERROR_BOUNCE)
263
264 if (bounce_status == 0 && SEND_POSTMASTER_SINGLE_BOUNCE_NOTICE
265 && strcasecmp_utf8(recipient, mail_addr_double_bounce()) != 0) {
266
267 /*
268 * Send the text with reason for the bounce, and the headers of
269 * the original message. Don't bother sending the boiler-plate
270 * text. This postmaster notice is not critical, so if it fails
271 * don't retransmit the bounce that we just generated, just log a
272 * warning.
273 */
274 postmaster = var_bounce_rcpt;
275 if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
276 postmaster,
277 MAIL_SRC_MASK_BOUNCE,
278 NULL_TRACE_FLAGS,
279 smtputf8,
280 new_id)) != 0) {
281 count = -1;
282 if (bounce_header(bounce, bounce_info, postmaster,
283 POSTMASTER_COPY) == 0
284 && (count = bounce_diagnostic_log(bounce, bounce_info,
285 DSN_NOTIFY_OVERRIDE)) > 0
286 && bounce_header_dsn(bounce, bounce_info) == 0
287 && bounce_diagnostic_dsn(bounce, bounce_info,
288 DSN_NOTIFY_OVERRIDE) > 0) {
289 bounce_original(bounce, bounce_info, DSN_RET_HDRS);
290 postmaster_status = post_mail_fclose(bounce);
291 if (postmaster_status == 0)
292 msg_info("%s: postmaster non-delivery notification: %s",
293 queue_id, STR(new_id));
294 } else {
295 /* No applicable recipients found - cancel this notice. */
296 (void) vstream_fclose(bounce);
297 if (count == 0)
298 postmaster_status = 0;
299 }
300 }
301 if (postmaster_status)
302 msg_warn("%s: postmaster notice failed while bouncing to %s",
303 queue_id, recipient);
304 }
305 }
306
307 /*
308 * Optionally, delete the recipients from the queue file.
309 */
310 if (bounce_status == 0 && (flags & BOUNCE_FLAG_DELRCPT))
311 bounce_delrcpt(bounce_info);
312
313 /*
314 * Examine the completion status. Delete the bounce log file only when
315 * the bounce was posted successfully, and only if we are bouncing for
316 * real, not just warning.
317 */
318 if (bounce_status == 0 && mail_queue_remove(service, queue_id)
319 && errno != ENOENT)
320 msg_fatal("remove %s %s: %m", service, queue_id);
321
322 /*
323 * Cleanup.
324 */
325 bounce_mail_free(bounce_info);
326 vstring_free(new_id);
327
328 return (bounce_status);
329 }
330