1 /* $NetBSD: sendmail.c,v 1.1.1.1 2009/06/23 10:08:53 tron Exp $ */ 2 3 /*++ 4 /* NAME 5 /* sendmail 1 6 /* SUMMARY 7 /* Postfix to Sendmail compatibility interface 8 /* SYNOPSIS 9 /* \fBsendmail\fR [\fIoption ...\fR] [\fIrecipient ...\fR] 10 /* 11 /* \fBmailq\fR 12 /* \fBsendmail -bp\fR 13 /* 14 /* \fBnewaliases\fR 15 /* \fBsendmail -I\fR 16 /* DESCRIPTION 17 /* The Postfix \fBsendmail\fR(1) command implements the Postfix 18 /* to Sendmail compatibility interface. 19 /* For the sake of compatibility with existing applications, some 20 /* Sendmail command-line options are recognized but silently ignored. 21 /* 22 /* By default, Postfix \fBsendmail\fR(1) reads a message from 23 /* standard input 24 /* until EOF or until it reads a line with only a \fB.\fR character, 25 /* and arranges for delivery. Postfix \fBsendmail\fR(1) relies on the 26 /* \fBpostdrop\fR(1) command to create a queue file in the \fBmaildrop\fR 27 /* directory. 28 /* 29 /* Specific command aliases are provided for other common modes of 30 /* operation: 31 /* .IP \fBmailq\fR 32 /* List the mail queue. Each entry shows the queue file ID, message 33 /* size, arrival time, sender, and the recipients that still need to 34 /* be delivered. If mail could not be delivered upon the last attempt, 35 /* the reason for failure is shown. The queue ID string is 36 /* followed by an optional status character: 37 /* .RS 38 /* .IP \fB*\fR 39 /* The message is in the \fBactive\fR queue, i.e. the message is 40 /* selected for delivery. 41 /* .IP \fB!\fR 42 /* The message is in the \fBhold\fR queue, i.e. no further delivery 43 /* attempt will be made until the mail is taken off hold. 44 /* .RE 45 /* .IP 46 /* This mode of operation is implemented by executing the 47 /* \fBpostqueue\fR(1) command. 48 /* .IP \fBnewaliases\fR 49 /* Initialize the alias database. If no input file is specified (with 50 /* the \fB-oA\fR option, see below), the program processes the file(s) 51 /* specified with the \fBalias_database\fR configuration parameter. 52 /* If no alias database type is specified, the program uses the type 53 /* specified with the \fBdefault_database_type\fR configuration parameter. 54 /* This mode of operation is implemented by running the \fBpostalias\fR(1) 55 /* command. 56 /* .sp 57 /* Note: it may take a minute or so before an alias database update 58 /* becomes visible. Use the "\fBpostfix reload\fR" command to eliminate 59 /* this delay. 60 /* .PP 61 /* These and other features can be selected by specifying the 62 /* appropriate combination of command-line options. Some features are 63 /* controlled by parameters in the \fBmain.cf\fR configuration file. 64 /* 65 /* The following options are recognized: 66 /* .IP "\fB-Am\fR (ignored)" 67 /* .IP "\fB-Ac\fR (ignored)" 68 /* Postfix sendmail uses the same configuration file regardless of 69 /* whether or not a message is an initial submission. 70 /* .IP "\fB-B \fIbody_type\fR" 71 /* The message body MIME type: \fB7BIT\fR or \fB8BITMIME\fR. 72 /* .IP \fB-bd\fR 73 /* Go into daemon mode. This mode of operation is implemented by 74 /* executing the "\fBpostfix start\fR" command. 75 /* .IP "\fB-bh\fR (ignored)" 76 /* .IP "\fB-bH\fR (ignored)" 77 /* Postfix has no persistent host status database. 78 /* .IP \fB-bi\fR 79 /* Initialize alias database. See the \fBnewaliases\fR 80 /* command above. 81 /* .IP \fB-bm\fR 82 /* Read mail from standard input and arrange for delivery. 83 /* This is the default mode of operation. 84 /* .IP \fB-bp\fR 85 /* List the mail queue. See the \fBmailq\fR command above. 86 /* .IP \fB-bs\fR 87 /* Stand-alone SMTP server mode. Read SMTP commands from 88 /* standard input, and write responses to standard output. 89 /* In stand-alone SMTP server mode, mail relaying and other 90 /* access controls are disabled by default. To enable them, 91 /* run the process as the \fBmail_owner\fR user. 92 /* .sp 93 /* This mode of operation is implemented by running the 94 /* \fBsmtpd\fR(8) daemon. 95 /* .IP \fB-bv\fR 96 /* Do not collect or deliver a message. Instead, send an email 97 /* report after verifying each recipient address. This is useful 98 /* for testing address rewriting and routing configurations. 99 /* .sp 100 /* This feature is available in Postfix version 2.1 and later. 101 /* .IP "\fB-C \fIconfig_file\fR" 102 /* .IP "\fB-C \fIconfig_dir\fR" 103 /* The path name of the Postfix \fBmain.cf\fR file, or of its 104 /* parent directory. This information is ignored with Postfix 105 /* versions before 2.3. 106 /* 107 /* With all Postfix versions, you can specify a directory pathname 108 /* with the MAIL_CONFIG environment variable to override the 109 /* location of configuration files. 110 /* .IP "\fB-F \fIfull_name\fR 111 /* Set the sender full name. This overrides the NAME environment 112 /* variable, and is used only with messages that 113 /* have no \fBFrom:\fR message header. 114 /* .IP "\fB-f \fIsender\fR" 115 /* Set the envelope sender address. This is the address where 116 /* delivery problems are sent to. With Postfix versions before 2.1, the 117 /* \fBErrors-To:\fR message header overrides the error return address. 118 /* .IP \fB-G\fR 119 /* Gateway (relay) submission, as opposed to initial user 120 /* submission. Either do not rewrite addresses at all, or 121 /* update incomplete addresses with the domain information 122 /* specified with \fBremote_header_rewrite_domain\fR. 123 /* 124 /* This option is ignored before Postfix version 2.3. 125 /* .IP "\fB-h \fIhop_count\fR (ignored)" 126 /* Hop count limit. Use the \fBhopcount_limit\fR configuration 127 /* parameter instead. 128 /* .IP \fB-I\fR 129 /* Initialize alias database. See the \fBnewaliases\fR 130 /* command above. 131 /* .IP "\fB-i\fR" 132 /* When reading a message from standard input, don\'t treat a line 133 /* with only a \fB.\fR character as the end of input. 134 /* .IP "\fB-L \fIlabel\fR (ignored)" 135 /* The logging label. Use the \fBsyslog_name\fR configuration 136 /* parameter instead. 137 /* .IP "\fB-m\fR (ignored)" 138 /* Backwards compatibility. 139 /* .IP "\fB-N \fIdsn\fR (default: 'delay, failure')" 140 /* Delivery status notification control. Specify either a 141 /* comma-separated list with one or more of \fBfailure\fR (send 142 /* notification when delivery fails), \fBdelay\fR (send 143 /* notification when delivery is delayed), or \fBsuccess\fR 144 /* (send notification when the message is delivered); or specify 145 /* \fBnever\fR (don't send any notifications at all). 146 /* 147 /* This feature is available in Postfix 2.3 and later. 148 /* .IP "\fB-n\fR (ignored)" 149 /* Backwards compatibility. 150 /* .IP "\fB-oA\fIalias_database\fR" 151 /* Non-default alias database. Specify \fIpathname\fR or 152 /* \fItype\fR:\fIpathname\fR. See \fBpostalias\fR(1) for 153 /* details. 154 /* .IP "\fB-O \fIoption=value\fR (ignored)" 155 /* Backwards compatibility. 156 /* .IP "\fB-o7\fR (ignored)" 157 /* .IP "\fB-o8\fR (ignored)" 158 /* To send 8-bit or binary content, use an appropriate MIME encapsulation 159 /* and specify the appropriate \fB-B\fR command-line option. 160 /* .IP "\fB-oi\fR" 161 /* When reading a message from standard input, don\'t treat a line 162 /* with only a \fB.\fR character as the end of input. 163 /* .IP "\fB-om\fR (ignored)" 164 /* The sender is never eliminated from alias etc. expansions. 165 /* .IP "\fB-o \fIx value\fR (ignored)" 166 /* Set option \fIx\fR to \fIvalue\fR. Use the equivalent 167 /* configuration parameter in \fBmain.cf\fR instead. 168 /* .IP "\fB-r \fIsender\fR" 169 /* Set the envelope sender address. This is the address where 170 /* delivery problems are sent to. With Postfix versions before 2.1, the 171 /* \fBErrors-To:\fR message header overrides the error return address. 172 /* .IP "\fB-R \fIreturn_limit\fR (ignored)" 173 /* Limit the size of bounced mail. Use the \fBbounce_size_limit\fR 174 /* configuration parameter instead. 175 /* .IP \fB-q\fR 176 /* Attempt to deliver all queued mail. This is implemented by 177 /* executing the \fBpostqueue\fR(1) command. 178 /* 179 /* Warning: flushing undeliverable mail frequently will result in 180 /* poor delivery performance of all other mail. 181 /* .IP "\fB-q\fIinterval\fR (ignored)" 182 /* The interval between queue runs. Use the \fBqueue_run_delay\fR 183 /* configuration parameter instead. 184 /* .IP \fB-qI\fIqueueid\fR 185 /* Schedule immediate delivery of mail with the specified queue 186 /* ID. This option is implemented by executing the 187 /* \fBpostqueue\fR(1) command, and is available with Postfix 188 /* version 2.4 and later. 189 /* .IP \fB-qR\fIsite\fR 190 /* Schedule immediate delivery of all mail that is queued for the named 191 /* \fIsite\fR. This option accepts only \fIsite\fR names that are 192 /* eligible for the "fast flush" service, and is implemented by 193 /* executing the \fBpostqueue\fR(1) command. 194 /* See \fBflush\fR(8) for more information about the "fast flush" 195 /* service. 196 /* .IP \fB-qS\fIsite\fR 197 /* This command is not implemented. Use the slower "\fBsendmail -q\fR" 198 /* command instead. 199 /* .IP \fB-t\fR 200 /* Extract recipients from message headers. These are added to any 201 /* recipients specified on the command line. 202 /* 203 /* With Postfix versions prior to 2.1, this option requires that 204 /* no recipient addresses are specified on the command line. 205 /* .IP "\fB-U\fR (ignored)" 206 /* Initial user submission. 207 /* .IP "\fB-V \fIenvid\fR" 208 /* Specify the envelope ID for notification by servers that 209 /* support DSN. 210 /* 211 /* This feature is available in Postfix 2.3 and later. 212 /* .IP "\fB-XV\fR (Postfix 2.2 and earlier: \fB-V\fR)" 213 /* Variable Envelope Return Path. Given an envelope sender address 214 /* of the form \fIowner-listname\fR@\fIorigin\fR, each recipient 215 /* \fIuser\fR@\fIdomain\fR receives mail with a personalized envelope 216 /* sender address. 217 /* .sp 218 /* By default, the personalized envelope sender address is 219 /* \fIowner-listname\fB+\fIuser\fB=\fIdomain\fR@\fIorigin\fR. The default 220 /* \fB+\fR and \fB=\fR characters are configurable with the 221 /* \fBdefault_verp_delimiters\fR configuration parameter. 222 /* .IP "\fB-XV\fIxy\fR (Postfix 2.2 and earlier: \fB-V\fIxy\fR)" 223 /* As \fB-XV\fR, but uses \fIx\fR and \fIy\fR as the VERP delimiter 224 /* characters, instead of the characters specified with the 225 /* \fBdefault_verp_delimiters\fR configuration parameter. 226 /* .IP \fB-v\fR 227 /* Send an email report of the first delivery attempt (Postfix 228 /* versions 2.1 and later). Mail delivery 229 /* always happens in the background. When multiple \fB-v\fR 230 /* options are given, enable verbose logging for debugging purposes. 231 /* .IP "\fB-X \fIlog_file\fR (ignored)" 232 /* Log mailer traffic. Use the \fBdebug_peer_list\fR and 233 /* \fBdebug_peer_level\fR configuration parameters instead. 234 /* SECURITY 235 /* .ad 236 /* .fi 237 /* By design, this program is not set-user (or group) id. However, 238 /* it must handle data from untrusted, possibly remote, users. 239 /* Thus, the usual precautions need to be taken against malicious 240 /* inputs. 241 /* DIAGNOSTICS 242 /* Problems are logged to \fBsyslogd\fR(8) and to the standard error 243 /* stream. 244 /* ENVIRONMENT 245 /* .ad 246 /* .fi 247 /* .IP \fBMAIL_CONFIG\fR 248 /* Directory with Postfix configuration files. 249 /* .IP "\fBMAIL_VERBOSE\fR (value does not matter)" 250 /* Enable verbose logging for debugging purposes. 251 /* .IP "\fBMAIL_DEBUG\fR (value does not matter)" 252 /* Enable debugging with an external command, as specified with the 253 /* \fBdebugger_command\fR configuration parameter. 254 /* .IP \fBNAME\fR 255 /* The sender full name. This is used only with messages that 256 /* have no \fBFrom:\fR message header. See also the \fB-F\fR 257 /* option above. 258 /* CONFIGURATION PARAMETERS 259 /* .ad 260 /* .fi 261 /* The following \fBmain.cf\fR parameters are especially relevant to 262 /* this program. 263 /* The text below provides only a parameter summary. See 264 /* \fBpostconf\fR(5) for more details including examples. 265 /* TROUBLE SHOOTING CONTROLS 266 /* .ad 267 /* .fi 268 /* The DEBUG_README file gives examples of how to trouble shoot a 269 /* Postfix system. 270 /* .IP "\fBdebugger_command (empty)\fR" 271 /* The external command to execute when a Postfix daemon program is 272 /* invoked with the -D option. 273 /* .IP "\fBdebug_peer_level (2)\fR" 274 /* The increment in verbose logging level when a remote client or 275 /* server matches a pattern in the debug_peer_list parameter. 276 /* .IP "\fBdebug_peer_list (empty)\fR" 277 /* Optional list of remote client or server hostname or network 278 /* address patterns that cause the verbose logging level to increase 279 /* by the amount specified in $debug_peer_level. 280 /* ACCESS CONTROLS 281 /* .ad 282 /* .fi 283 /* Available in Postfix version 2.2 and later: 284 /* .IP "\fBauthorized_flush_users (static:anyone)\fR" 285 /* List of users who are authorized to flush the queue. 286 /* .IP "\fBauthorized_mailq_users (static:anyone)\fR" 287 /* List of users who are authorized to view the queue. 288 /* .IP "\fBauthorized_submit_users (static:anyone)\fR" 289 /* List of users who are authorized to submit mail with the \fBsendmail\fR(1) 290 /* command (and with the privileged \fBpostdrop\fR(1) helper command). 291 /* RESOURCE AND RATE CONTROLS 292 /* .ad 293 /* .fi 294 /* .IP "\fBbounce_size_limit (50000)\fR" 295 /* The maximal amount of original message text that is sent in a 296 /* non-delivery notification. 297 /* .IP "\fBfork_attempts (5)\fR" 298 /* The maximal number of attempts to fork() a child process. 299 /* .IP "\fBfork_delay (1s)\fR" 300 /* The delay between attempts to fork() a child process. 301 /* .IP "\fBhopcount_limit (50)\fR" 302 /* The maximal number of Received: message headers that is allowed 303 /* in the primary message headers. 304 /* .IP "\fBqueue_run_delay (300s)\fR" 305 /* The time between deferred queue scans by the queue manager; 306 /* prior to Postfix 2.4 the default value was 1000s. 307 /* FAST FLUSH CONTROLS 308 /* .ad 309 /* .fi 310 /* The ETRN_README file describes configuration and operation 311 /* details for the Postfix "fast flush" service. 312 /* .IP "\fBfast_flush_domains ($relay_domains)\fR" 313 /* Optional list of destinations that are eligible for per-destination 314 /* logfiles with mail that is queued to those destinations. 315 /* VERP CONTROLS 316 /* .ad 317 /* .fi 318 /* The VERP_README file describes configuration and operation 319 /* details of Postfix support for variable envelope return 320 /* path addresses. 321 /* .IP "\fBdefault_verp_delimiters (+=)\fR" 322 /* The two default VERP delimiter characters. 323 /* .IP "\fBverp_delimiter_filter (-=+)\fR" 324 /* The characters Postfix accepts as VERP delimiter characters on the 325 /* Postfix \fBsendmail\fR(1) command line and in SMTP commands. 326 /* MISCELLANEOUS CONTROLS 327 /* .ad 328 /* .fi 329 /* .IP "\fBalias_database (see 'postconf -d' output)\fR" 330 /* The alias databases for \fBlocal\fR(8) delivery that are updated with 331 /* "\fBnewaliases\fR" or with "\fBsendmail -bi\fR". 332 /* .IP "\fBcommand_directory (see 'postconf -d' output)\fR" 333 /* The location of all postfix administrative commands. 334 /* .IP "\fBconfig_directory (see 'postconf -d' output)\fR" 335 /* The default location of the Postfix main.cf and master.cf 336 /* configuration files. 337 /* .IP "\fBdaemon_directory (see 'postconf -d' output)\fR" 338 /* The directory with Postfix support programs and daemon programs. 339 /* .IP "\fBdefault_database_type (see 'postconf -d' output)\fR" 340 /* The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1) 341 /* and \fBpostmap\fR(1) commands. 342 /* .IP "\fBdelay_warning_time (0h)\fR" 343 /* The time after which the sender receives the message headers of 344 /* mail that is still queued. 345 /* .IP "\fBenable_errors_to (no)\fR" 346 /* Report mail delivery errors to the address specified with the 347 /* non-standard Errors-To: message header, instead of the envelope 348 /* sender address (this feature is removed with Postfix version 2.2, is 349 /* turned off by default with Postfix version 2.1, and is always turned on 350 /* with older Postfix versions). 351 /* .IP "\fBmail_owner (postfix)\fR" 352 /* The UNIX system account that owns the Postfix queue and most Postfix 353 /* daemon processes. 354 /* .IP "\fBqueue_directory (see 'postconf -d' output)\fR" 355 /* The location of the Postfix top-level queue directory. 356 /* .IP "\fBremote_header_rewrite_domain (empty)\fR" 357 /* Don't rewrite message headers from remote clients at all when 358 /* this parameter is empty; otherwise, rewrite message headers and 359 /* append the specified domain name to incomplete addresses. 360 /* .IP "\fBsyslog_facility (mail)\fR" 361 /* The syslog facility of Postfix logging. 362 /* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" 363 /* The mail system name that is prepended to the process name in syslog 364 /* records, so that "smtpd" becomes, for example, "postfix/smtpd". 365 /* FILES 366 /* /var/spool/postfix, mail queue 367 /* /etc/postfix, configuration files 368 /* SEE ALSO 369 /* pickup(8), mail pickup daemon 370 /* qmgr(8), queue manager 371 /* smtpd(8), SMTP server 372 /* flush(8), fast flush service 373 /* postsuper(1), queue maintenance 374 /* postalias(1), create/update/query alias database 375 /* postdrop(1), mail posting utility 376 /* postfix(1), mail system control 377 /* postqueue(1), mail queue control 378 /* syslogd(8), system logging 379 /* README_FILES 380 /* .ad 381 /* .fi 382 /* Use "\fBpostconf readme_directory\fR" or 383 /* "\fBpostconf html_directory\fR" to locate this information. 384 /* .na 385 /* .nf 386 /* DEBUG_README, Postfix debugging howto 387 /* ETRN_README, Postfix ETRN howto 388 /* VERP_README, Postfix VERP howto 389 /* LICENSE 390 /* .ad 391 /* .fi 392 /* The Secure Mailer license must be distributed with this software. 393 /* AUTHOR(S) 394 /* Wietse Venema 395 /* IBM T.J. Watson Research 396 /* P.O. Box 704 397 /* Yorktown Heights, NY 10598, USA 398 /*--*/ 399 400 /* System library. */ 401 402 #include <sys_defs.h> 403 #include <sys/stat.h> 404 #include <unistd.h> 405 #include <string.h> 406 #include <stdio.h> /* remove() */ 407 #include <stdlib.h> 408 #include <signal.h> 409 #include <fcntl.h> 410 #include <syslog.h> 411 #include <time.h> 412 #include <errno.h> 413 #include <ctype.h> 414 #include <stdarg.h> 415 #include <sysexits.h> 416 417 /* Utility library. */ 418 419 #include <msg.h> 420 #include <mymalloc.h> 421 #include <vstream.h> 422 #include <msg_vstream.h> 423 #include <msg_syslog.h> 424 #include <vstring_vstream.h> 425 #include <username.h> 426 #include <fullname.h> 427 #include <argv.h> 428 #include <safe.h> 429 #include <iostuff.h> 430 #include <stringops.h> 431 #include <set_ugid.h> 432 #include <connect.h> 433 #include <split_at.h> 434 435 /* Global library. */ 436 437 #include <mail_queue.h> 438 #include <mail_proto.h> 439 #include <mail_params.h> 440 #include <mail_version.h> 441 #include <record.h> 442 #include <rec_type.h> 443 #include <rec_streamlf.h> 444 #include <mail_conf.h> 445 #include <cleanup_user.h> 446 #include <mail_task.h> 447 #include <mail_run.h> 448 #include <debug_process.h> 449 #include <tok822.h> 450 #include <mail_flush.h> 451 #include <mail_stream.h> 452 #include <verp_sender.h> 453 #include <deliver_request.h> 454 #include <mime_state.h> 455 #include <header_opts.h> 456 #include <user_acl.h> 457 #include <dsn_mask.h> 458 459 /* Application-specific. */ 460 461 /* 462 * Modes of operation. 463 */ 464 #define SM_MODE_ENQUEUE 1 /* delivery mode */ 465 #define SM_MODE_NEWALIAS 2 /* initialize alias database */ 466 #define SM_MODE_MAILQ 3 /* list mail queue */ 467 #define SM_MODE_DAEMON 4 /* daemon mode */ 468 #define SM_MODE_USER 5 /* user (stand-alone) mode */ 469 #define SM_MODE_FLUSHQ 6 /* user (stand-alone) mode */ 470 #define SM_MODE_IGNORE 7 /* ignore this mode */ 471 472 /* 473 * Flag parade. Flags 8-15 are reserved for delivery request trace flags. 474 */ 475 #define SM_FLAG_AEOF (1<<0) /* archaic EOF */ 476 #define SM_FLAG_XRCPT (1<<1) /* extract recipients from headers */ 477 478 #define SM_FLAG_DEFAULT (SM_FLAG_AEOF) 479 480 /* 481 * VERP support. 482 */ 483 static char *verp_delims; 484 485 /* 486 * Callback context for extracting recipients. 487 */ 488 typedef struct SM_STATE { 489 VSTREAM *dst; /* output stream */ 490 ARGV *recipients; /* recipients from regular headers */ 491 ARGV *resent_recip; /* recipients from resent headers */ 492 int resent; /* resent flag */ 493 const char *saved_sender; /* for error messages */ 494 uid_t uid; /* for error messages */ 495 VSTRING *temp; /* scratch buffer */ 496 } SM_STATE; 497 498 /* 499 * Mail submission ACL 500 */ 501 char *var_submit_acl; 502 503 static const CONFIG_STR_TABLE str_table[] = { 504 VAR_SUBMIT_ACL, DEF_SUBMIT_ACL, &var_submit_acl, 0, 0, 505 0, 506 }; 507 508 /* 509 * Silly little macros (SLMs). 510 */ 511 #define STR vstring_str 512 513 /* output_text - output partial or complete text line */ 514 515 static void output_text(void *context, int rec_type, const char *buf, ssize_t len, 516 off_t unused_offset) 517 { 518 SM_STATE *state = (SM_STATE *) context; 519 520 if (rec_put(state->dst, rec_type, buf, len) < 0) 521 msg_fatal_status(EX_TEMPFAIL, 522 "%s(%ld): error writing queue file: %m", 523 state->saved_sender, (long) state->uid); 524 } 525 526 /* output_header - output one message header */ 527 528 static void output_header(void *context, int header_class, 529 const HEADER_OPTS *header_info, 530 VSTRING *buf, off_t offset) 531 { 532 SM_STATE *state = (SM_STATE *) context; 533 TOK822 *tree; 534 TOK822 **addr_list; 535 TOK822 **tpp; 536 ARGV *rcpt; 537 char *start; 538 char *line; 539 char *next_line; 540 ssize_t len; 541 542 /* 543 * Parse the header line, and save copies of recipient addresses in the 544 * appropriate place. 545 */ 546 if (header_class == MIME_HDR_PRIMARY 547 && header_info 548 && (header_info->flags & HDR_OPT_RECIP) 549 && (header_info->flags & HDR_OPT_EXTRACT) 550 && (state->resent == 0 || (header_info->flags & HDR_OPT_RR))) { 551 if (header_info->flags & HDR_OPT_RR) { 552 rcpt = state->resent_recip; 553 if (state->resent == 0) 554 state->resent = 1; 555 } else 556 rcpt = state->recipients; 557 tree = tok822_parse(STR(buf) + strlen(header_info->name) + 1); 558 addr_list = tok822_grep(tree, TOK822_ADDR); 559 for (tpp = addr_list; *tpp; tpp++) { 560 tok822_internalize(state->temp, tpp[0]->head, TOK822_STR_DEFL); 561 argv_add(rcpt, STR(state->temp), (char *) 0); 562 } 563 myfree((char *) addr_list); 564 tok822_free_tree(tree); 565 } 566 567 /* 568 * Pipe the unmodified message header through the header line folding 569 * routine, and ensure that long lines are chopped appropriately. 570 */ 571 for (line = start = STR(buf); line; line = next_line) { 572 next_line = split_at(line, '\n'); 573 len = next_line ? next_line - line - 1 : strlen(line); 574 do { 575 if (len > var_line_limit) { 576 output_text(context, REC_TYPE_CONT, line, var_line_limit, offset); 577 line += var_line_limit; 578 len -= var_line_limit; 579 offset += var_line_limit; 580 } else { 581 output_text(context, REC_TYPE_NORM, line, len, offset); 582 offset += len; 583 break; 584 } 585 } while (len > 0); 586 offset += 1; 587 } 588 } 589 590 /* enqueue - post one message */ 591 592 static void enqueue(const int flags, const char *encoding, 593 const char *dsn_envid, int dsn_notify, 594 const char *rewrite_context, const char *sender, 595 const char *full_name, char **recipients) 596 { 597 VSTRING *buf; 598 VSTREAM *dst; 599 char *saved_sender; 600 char **cpp; 601 int type; 602 char *start; 603 int skip_from_; 604 TOK822 *tree; 605 TOK822 *tp; 606 int rcpt_count = 0; 607 enum { 608 STRIP_CR_DUNNO, STRIP_CR_DO, STRIP_CR_DONT 609 } strip_cr; 610 MAIL_STREAM *handle; 611 VSTRING *postdrop_command; 612 uid_t uid = getuid(); 613 int status; 614 int naddr; 615 int prev_type; 616 MIME_STATE *mime_state = 0; 617 SM_STATE state; 618 int mime_errs; 619 const char *errstr; 620 int addr_count; 621 int level; 622 623 /* 624 * Access control is enforced in the postdrop command. The code here 625 * merely produces a more user-friendly interface. 626 */ 627 if ((errstr = check_user_acl_byuid(var_submit_acl, uid)) != 0) 628 msg_fatal_status(EX_NOPERM, 629 "User %s(%ld) is not allowed to submit mail", errstr, (long) uid); 630 631 /* 632 * Initialize. 633 */ 634 buf = vstring_alloc(100); 635 636 /* 637 * Stop run-away process accidents by limiting the queue file size. This 638 * is not a defense against DOS attack. 639 */ 640 if (var_message_limit > 0 && get_file_limit() > var_message_limit) 641 set_file_limit((off_t) var_message_limit); 642 643 /* 644 * The sender name is provided by the user. In principle, the mail pickup 645 * service could deduce the sender name from queue file ownership, but: 646 * pickup would not be able to run chrooted, and it may not be desirable 647 * to use login names at all. 648 */ 649 if (sender != 0) { 650 VSTRING_RESET(buf); 651 VSTRING_TERMINATE(buf); 652 tree = tok822_parse(sender); 653 for (naddr = 0, tp = tree; tp != 0; tp = tp->next) 654 if (tp->type == TOK822_ADDR && naddr++ == 0) 655 tok822_internalize(buf, tp->head, TOK822_STR_DEFL); 656 tok822_free_tree(tree); 657 saved_sender = mystrdup(STR(buf)); 658 if (naddr > 1) 659 msg_warn("-f option specified malformed sender: %s", sender); 660 } else { 661 if ((sender = username()) == 0) 662 msg_fatal_status(EX_OSERR, "no login name found for user ID %lu", 663 (unsigned long) uid); 664 saved_sender = mystrdup(sender); 665 } 666 667 /* 668 * Let the postdrop command open the queue file for us, and sanity check 669 * the content. XXX Make postdrop a manifest constant. 670 */ 671 errno = 0; 672 postdrop_command = vstring_alloc(1000); 673 vstring_sprintf(postdrop_command, "%s/postdrop -r", var_command_dir); 674 for (level = 0; level < msg_verbose; level++) 675 vstring_strcat(postdrop_command, " -v"); 676 if ((handle = mail_stream_command(STR(postdrop_command))) == 0) 677 msg_fatal_status(EX_UNAVAILABLE, "%s(%ld): unable to execute %s: %m", 678 saved_sender, (long) uid, STR(postdrop_command)); 679 vstring_free(postdrop_command); 680 dst = handle->stream; 681 682 /* 683 * First, write envelope information to the output stream. 684 * 685 * For sendmail compatibility, parse each command-line recipient as if it 686 * were an RFC 822 message header; some MUAs specify comma-separated 687 * recipient lists; and some MUAs even specify "word word <address>". 688 * 689 * Sort-uniq-ing the recipient list is done after address canonicalization, 690 * before recipients are written to queue file. That's cleaner than 691 * having the queue manager nuke duplicate recipient status records. 692 * 693 * XXX Should limit the size of envelope records. 694 * 695 * With "sendmail -N", instead of a per-message NOTIFY record we store one 696 * per recipient so that we can simplify the implementation somewhat. 697 */ 698 if (dsn_envid) 699 rec_fprintf(dst, REC_TYPE_ATTR, "%s=%s", 700 MAIL_ATTR_DSN_ENVID, dsn_envid); 701 rec_fprintf(dst, REC_TYPE_ATTR, "%s=%s", 702 MAIL_ATTR_RWR_CONTEXT, rewrite_context); 703 if (full_name || (full_name = fullname()) != 0) 704 rec_fputs(dst, REC_TYPE_FULL, full_name); 705 rec_fputs(dst, REC_TYPE_FROM, saved_sender); 706 if (verp_delims && *saved_sender == 0) 707 msg_fatal_status(EX_USAGE, 708 "%s(%ld): -V option requires non-null sender address", 709 saved_sender, (long) uid); 710 if (encoding) 711 rec_fprintf(dst, REC_TYPE_ATTR, "%s=%s", MAIL_ATTR_ENCODING, encoding); 712 if (DEL_REQ_TRACE_FLAGS(flags)) 713 rec_fprintf(dst, REC_TYPE_ATTR, "%s=%d", MAIL_ATTR_TRACE_FLAGS, 714 DEL_REQ_TRACE_FLAGS(flags)); 715 if (verp_delims) 716 rec_fputs(dst, REC_TYPE_VERP, verp_delims); 717 if (recipients) { 718 for (cpp = recipients; *cpp != 0; cpp++) { 719 tree = tok822_parse(*cpp); 720 for (addr_count = 0, tp = tree; tp != 0; tp = tp->next) { 721 if (tp->type == TOK822_ADDR) { 722 tok822_internalize(buf, tp->head, TOK822_STR_DEFL); 723 if (dsn_notify) 724 rec_fprintf(dst, REC_TYPE_ATTR, "%s=%d", 725 MAIL_ATTR_DSN_NOTIFY, dsn_notify); 726 if (REC_PUT_BUF(dst, REC_TYPE_RCPT, buf) < 0) 727 msg_fatal_status(EX_TEMPFAIL, 728 "%s(%ld): error writing queue file: %m", 729 saved_sender, (long) uid); 730 ++rcpt_count; 731 ++addr_count; 732 } 733 } 734 tok822_free_tree(tree); 735 if (addr_count == 0) { 736 if (rec_put(dst, REC_TYPE_RCPT, "", 0) < 0) 737 msg_fatal_status(EX_TEMPFAIL, 738 "%s(%ld): error writing queue file: %m", 739 saved_sender, (long) uid); 740 ++rcpt_count; 741 } 742 } 743 } 744 745 /* 746 * Append the message contents to the queue file. Write chunks of at most 747 * 1kbyte. Internally, we use different record types for data ending in 748 * LF and for data that doesn't, so we can actually be binary transparent 749 * for local mail. Unfortunately, SMTP has no record continuation 750 * convention, so there is no guarantee that arbitrary data will be 751 * delivered intact via SMTP. Strip leading From_ lines. For the benefit 752 * of UUCP environments, also get rid of leading >>>From_ lines. 753 */ 754 rec_fputs(dst, REC_TYPE_MESG, ""); 755 if (DEL_REQ_TRACE_ONLY(flags) != 0) { 756 if (flags & SM_FLAG_XRCPT) 757 msg_fatal_status(EX_USAGE, "%s(%ld): -t option cannot be used with -bv", 758 saved_sender, (long) uid); 759 if (*saved_sender) 760 rec_fprintf(dst, REC_TYPE_NORM, "From: %s", saved_sender); 761 rec_fprintf(dst, REC_TYPE_NORM, "Subject: probe"); 762 if (recipients) { 763 rec_fprintf(dst, REC_TYPE_CONT, "To:"); 764 for (cpp = recipients; *cpp != 0; cpp++) { 765 rec_fprintf(dst, REC_TYPE_NORM, " %s%s", 766 *cpp, cpp[1] ? "," : ""); 767 } 768 } 769 } else { 770 771 /* 772 * Initialize the MIME processor and set up the callback context. 773 */ 774 if (flags & SM_FLAG_XRCPT) { 775 state.dst = dst; 776 state.recipients = argv_alloc(2); 777 state.resent_recip = argv_alloc(2); 778 state.resent = 0; 779 state.saved_sender = saved_sender; 780 state.uid = uid; 781 state.temp = vstring_alloc(10); 782 mime_state = mime_state_alloc(MIME_OPT_DISABLE_MIME 783 | MIME_OPT_REPORT_TRUNC_HEADER, 784 output_header, 785 (MIME_STATE_ANY_END) 0, 786 output_text, 787 (MIME_STATE_ANY_END) 0, 788 (MIME_STATE_ERR_PRINT) 0, 789 (void *) &state); 790 } 791 792 /* 793 * Process header/body lines. 794 */ 795 skip_from_ = 1; 796 strip_cr = STRIP_CR_DUNNO; 797 for (prev_type = 0; (type = rec_streamlf_get(VSTREAM_IN, buf, var_line_limit)) 798 != REC_TYPE_EOF; prev_type = type) { 799 if (strip_cr == STRIP_CR_DUNNO && type == REC_TYPE_NORM) { 800 if (VSTRING_LEN(buf) > 0 && vstring_end(buf)[-1] == '\r') 801 strip_cr = STRIP_CR_DO; 802 else 803 strip_cr = STRIP_CR_DONT; 804 } 805 if (skip_from_) { 806 if (type == REC_TYPE_NORM) { 807 start = STR(buf); 808 if (strncmp(start + strspn(start, ">"), "From ", 5) == 0) 809 continue; 810 } 811 skip_from_ = 0; 812 } 813 if (strip_cr == STRIP_CR_DO && type == REC_TYPE_NORM) 814 if (VSTRING_LEN(buf) > 0 && vstring_end(buf)[-1] == '\r') 815 vstring_truncate(buf, VSTRING_LEN(buf) - 1); 816 if ((flags & SM_FLAG_AEOF) && prev_type != REC_TYPE_CONT 817 && VSTRING_LEN(buf) == 1 && *STR(buf) == '.') 818 break; 819 if (mime_state) { 820 mime_errs = mime_state_update(mime_state, type, STR(buf), 821 VSTRING_LEN(buf)); 822 if (mime_errs) 823 msg_fatal_status(EX_DATAERR, 824 "%s(%ld): unable to extract recipients: %s", 825 saved_sender, (long) uid, 826 mime_state_error(mime_errs)); 827 } else { 828 if (REC_PUT_BUF(dst, type, buf) < 0) 829 msg_fatal_status(EX_TEMPFAIL, 830 "%s(%ld): error writing queue file: %m", 831 saved_sender, (long) uid); 832 } 833 } 834 } 835 836 /* 837 * Finish MIME processing. We need a final mime_state_update() call in 838 * order to flush text that is still buffered. That can happen when the 839 * last line did not end in newline. 840 */ 841 if (mime_state) { 842 mime_errs = mime_state_update(mime_state, REC_TYPE_EOF, "", 0); 843 if (mime_errs) 844 msg_fatal_status(EX_DATAERR, 845 "%s(%ld): unable to extract recipients: %s", 846 saved_sender, (long) uid, 847 mime_state_error(mime_errs)); 848 mime_state = mime_state_free(mime_state); 849 } 850 851 /* 852 * Append recipient addresses that were extracted from message headers. 853 */ 854 rec_fputs(dst, REC_TYPE_XTRA, ""); 855 if (flags & SM_FLAG_XRCPT) { 856 for (cpp = state.resent ? state.resent_recip->argv : 857 state.recipients->argv; *cpp; cpp++) { 858 if (dsn_notify) 859 rec_fprintf(dst, REC_TYPE_ATTR, "%s=%d", 860 MAIL_ATTR_DSN_NOTIFY, dsn_notify); 861 if (rec_put(dst, REC_TYPE_RCPT, *cpp, strlen(*cpp)) < 0) 862 msg_fatal_status(EX_TEMPFAIL, 863 "%s(%ld): error writing queue file: %m", 864 saved_sender, (long) uid); 865 ++rcpt_count; 866 } 867 argv_free(state.recipients); 868 argv_free(state.resent_recip); 869 vstring_free(state.temp); 870 } 871 if (rcpt_count == 0) 872 msg_fatal_status(EX_USAGE, (flags & SM_FLAG_XRCPT) ? 873 "%s(%ld): No recipient addresses found in message header" : 874 "Recipient addresses must be specified on" 875 " the command line or via the -t option", 876 saved_sender, (long) uid); 877 878 /* 879 * Identify the end of the queue file. 880 */ 881 rec_fputs(dst, REC_TYPE_END, ""); 882 883 /* 884 * Make sure that the message makes it to the file system. Once we have 885 * terminated with successful exit status we cannot lose the message due 886 * to "frivolous reasons". If all goes well, prevent the run-time error 887 * handler from removing the file. 888 */ 889 if (vstream_ferror(VSTREAM_IN)) 890 msg_fatal_status(EX_DATAERR, "%s(%ld): error reading input: %m", 891 saved_sender, (long) uid); 892 if ((status = mail_stream_finish(handle, (VSTRING *) 0)) != 0) 893 msg_fatal_status((status & CLEANUP_STAT_BAD) ? EX_SOFTWARE : 894 (status & CLEANUP_STAT_WRITE) ? EX_TEMPFAIL : 895 EX_UNAVAILABLE, "%s(%ld): %s", saved_sender, 896 (long) uid, cleanup_strerror(status)); 897 898 /* 899 * Don't leave them in the dark. 900 */ 901 if (DEL_REQ_TRACE_FLAGS(flags)) { 902 vstream_printf("Mail Delivery Status Report will be mailed to <%s>.\n", 903 saved_sender); 904 vstream_fflush(VSTREAM_OUT); 905 } 906 907 /* 908 * Cleanup. Not really necessary as we're about to exit, but good for 909 * debugging purposes. 910 */ 911 vstring_free(buf); 912 myfree(saved_sender); 913 } 914 915 /* tempfail - sanitize exit status after library run-time error */ 916 917 static void tempfail(void) 918 { 919 exit(EX_TEMPFAIL); 920 } 921 922 MAIL_VERSION_STAMP_DECLARE; 923 924 /* main - the main program */ 925 926 int main(int argc, char **argv) 927 { 928 static char *full_name = 0; /* sendmail -F */ 929 struct stat st; 930 char *slash; 931 char *sender = 0; /* sendmail -f */ 932 int c; 933 int fd; 934 int mode; 935 ARGV *ext_argv; 936 int debug_me = 0; 937 int err; 938 int n; 939 int flags = SM_FLAG_DEFAULT; 940 char *site_to_flush = 0; 941 char *id_to_flush = 0; 942 char *encoding = 0; 943 char *qtime = 0; 944 const char *errstr; 945 uid_t uid; 946 const char *rewrite_context = MAIL_ATTR_RWR_LOCAL; 947 int dsn_notify = 0; 948 const char *dsn_envid = 0; 949 int saved_optind; 950 951 /* 952 * Fingerprint executables and core dumps. 953 */ 954 MAIL_VERSION_STAMP_ALLOCATE; 955 956 /* 957 * Be consistent with file permissions. 958 */ 959 umask(022); 960 961 /* 962 * To minimize confusion, make sure that the standard file descriptors 963 * are open before opening anything else. XXX Work around for 44BSD where 964 * fstat can return EBADF on an open file descriptor. 965 */ 966 for (fd = 0; fd < 3; fd++) 967 if (fstat(fd, &st) == -1 968 && (close(fd), open("/dev/null", O_RDWR, 0)) != fd) 969 msg_fatal_status(EX_OSERR, "open /dev/null: %m"); 970 971 /* 972 * The CDE desktop calendar manager leaks a parent file descriptor into 973 * the child process. For the sake of sendmail compatibility we have to 974 * close the file descriptor otherwise mail notification will hang. 975 */ 976 for ( /* void */ ; fd < 100; fd++) 977 (void) close(fd); 978 979 /* 980 * Process environment options as early as we can. We might be called 981 * from a set-uid (set-gid) program, so be careful with importing 982 * environment variables. 983 */ 984 if (safe_getenv(CONF_ENV_VERB)) 985 msg_verbose = 1; 986 if (safe_getenv(CONF_ENV_DEBUG)) 987 debug_me = 1; 988 989 /* 990 * Initialize. Set up logging, read the global configuration file and 991 * extract configuration information. Set up signal handlers so that we 992 * can clean up incomplete output. 993 */ 994 if ((slash = strrchr(argv[0], '/')) != 0 && slash[1]) 995 argv[0] = slash + 1; 996 msg_vstream_init(argv[0], VSTREAM_ERR); 997 msg_cleanup(tempfail); 998 msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY); 999 set_mail_conf_str(VAR_PROCNAME, var_procname = mystrdup(argv[0])); 1000 1001 /* 1002 * Some sites mistakenly install Postfix sendmail as set-uid root. Drop 1003 * set-uid privileges only when root, otherwise some systems will not 1004 * reset the saved set-userid, which would be a security vulnerability. 1005 */ 1006 if (geteuid() == 0 && getuid() != 0) { 1007 msg_warn("the Postfix sendmail command has set-uid root file permissions"); 1008 msg_warn("or the command is run from a set-uid root process"); 1009 msg_warn("the Postfix sendmail command must be installed without set-uid root file permissions"); 1010 set_ugid(getuid(), getgid()); 1011 } 1012 1013 /* 1014 * Further initialization. Load main.cf first, so that command-line 1015 * options can override main.cf settings. Pre-scan the argument list so 1016 * that we load the right main.cf file. 1017 */ 1018 #define GETOPT_LIST "A:B:C:F:GIL:N:O:R:UV:X:b:ce:f:h:imno:p:r:q:tvx" 1019 1020 saved_optind = optind; 1021 while (argv[OPTIND] != 0) { 1022 if (strcmp(argv[OPTIND], "-q") == 0) { /* not getopt compatible */ 1023 optind++; 1024 continue; 1025 } 1026 if ((c = GETOPT(argc, argv, GETOPT_LIST)) <= 0) 1027 break; 1028 if (c == 'C') { 1029 VSTRING *buf = vstring_alloc(1); 1030 1031 if (setenv(CONF_ENV_PATH, 1032 strcmp(sane_basename(buf, optarg), MAIN_CONF_FILE) == 0 ? 1033 sane_dirname(buf, optarg) : optarg, 1) < 0) 1034 msg_fatal_status(EX_UNAVAILABLE, "out of memory"); 1035 vstring_free(buf); 1036 } 1037 } 1038 optind = saved_optind; 1039 mail_conf_read(); 1040 if (strcmp(var_syslog_name, DEF_SYSLOG_NAME) != 0) 1041 msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY); 1042 get_mail_conf_str_table(str_table); 1043 1044 if (chdir(var_queue_dir)) 1045 msg_fatal_status(EX_UNAVAILABLE, "chdir %s: %m", var_queue_dir); 1046 1047 signal(SIGPIPE, SIG_IGN); 1048 1049 /* 1050 * Optionally start the debugger on ourself. This must be done after 1051 * reading the global configuration file, because that file specifies 1052 * what debugger command to execute. 1053 */ 1054 if (debug_me) 1055 debug_process(); 1056 1057 /* 1058 * The default mode of operation is determined by the process name. It 1059 * can, however, be changed via command-line options (for example, 1060 * "newaliases -bp" will show the mail queue). 1061 */ 1062 if (strcmp(argv[0], "mailq") == 0) { 1063 mode = SM_MODE_MAILQ; 1064 } else if (strcmp(argv[0], "newaliases") == 0) { 1065 mode = SM_MODE_NEWALIAS; 1066 } else if (strcmp(argv[0], "smtpd") == 0) { 1067 mode = SM_MODE_DAEMON; 1068 } else { 1069 mode = SM_MODE_ENQUEUE; 1070 } 1071 1072 /* 1073 * Parse JCL. Sendmail has been around for a long time, and has acquired 1074 * a large number of options in the course of time. Some options such as 1075 * -q are not parsable with GETOPT() and get special treatment. 1076 */ 1077 #define OPTIND (optind > 0 ? optind : 1) 1078 1079 while (argv[OPTIND] != 0) { 1080 if (strcmp(argv[OPTIND], "-q") == 0) { 1081 if (mode == SM_MODE_DAEMON) 1082 msg_warn("ignoring -q option in daemon mode"); 1083 else 1084 mode = SM_MODE_FLUSHQ; 1085 optind++; 1086 continue; 1087 } 1088 if (strcmp(argv[OPTIND], "-V") == 0) { 1089 msg_warn("option -V is deprecated with Postfix 2.3; " 1090 "specify -XV instead"); 1091 argv[OPTIND] = "-XV"; 1092 } 1093 if (strncmp(argv[OPTIND], "-V", 2) == 0 && strlen(argv[OPTIND]) == 4) { 1094 msg_warn("option %s is deprecated with Postfix 2.3; " 1095 "specify -X%s instead", 1096 argv[OPTIND], argv[OPTIND] + 1); 1097 argv[OPTIND] = concatenate("-X", argv[OPTIND] + 1, (char *) 0); 1098 } 1099 if (strcmp(argv[OPTIND], "-XV") == 0) { 1100 verp_delims = var_verp_delims; 1101 optind++; 1102 continue; 1103 } 1104 if ((c = GETOPT(argc, argv, GETOPT_LIST)) <= 0) 1105 break; 1106 switch (c) { 1107 default: 1108 if (msg_verbose) 1109 msg_info("-%c option ignored", c); 1110 break; 1111 case 'n': 1112 msg_fatal_status(EX_USAGE, "-%c option not supported", c); 1113 case 'B': 1114 if (strcmp(optarg, "8BITMIME") == 0)/* RFC 1652 */ 1115 encoding = MAIL_ATTR_ENC_8BIT; 1116 else if (strcmp(optarg, "7BIT") == 0) /* RFC 1652 */ 1117 encoding = MAIL_ATTR_ENC_7BIT; 1118 else 1119 msg_fatal_status(EX_USAGE, "-B option needs 8BITMIME or 7BIT"); 1120 break; 1121 case 'F': /* full name */ 1122 full_name = optarg; 1123 break; 1124 case 'G': /* gateway submission */ 1125 rewrite_context = MAIL_ATTR_RWR_REMOTE; 1126 break; 1127 case 'I': /* newaliases */ 1128 mode = SM_MODE_NEWALIAS; 1129 break; 1130 case 'N': 1131 if ((dsn_notify = dsn_notify_mask(optarg)) == 0) 1132 msg_warn("bad -N option value -- ignored"); 1133 break; 1134 case 'V': /* DSN, was: VERP */ 1135 if (strlen(optarg) > 100) 1136 msg_warn("too long -V option value -- ignored"); 1137 else if (!allprint(optarg)) 1138 msg_warn("bad syntax in -V option value -- ignored"); 1139 else 1140 dsn_envid = optarg; 1141 break; 1142 case 'X': 1143 switch (*optarg) { 1144 default: 1145 msg_fatal_status(EX_USAGE, "unsupported: -%c%c", c, *optarg); 1146 case 'V': /* VERP */ 1147 if (verp_delims_verify(optarg + 1) != 0) 1148 msg_fatal_status(EX_USAGE, "-V requires two characters from %s", 1149 var_verp_filter); 1150 verp_delims = optarg + 1; 1151 break; 1152 } 1153 break; 1154 case 'b': 1155 switch (*optarg) { 1156 default: 1157 msg_fatal_status(EX_USAGE, "unsupported: -%c%c", c, *optarg); 1158 case 'd': /* daemon mode */ 1159 if (mode == SM_MODE_FLUSHQ) 1160 msg_warn("ignoring -q option in daemon mode"); 1161 mode = SM_MODE_DAEMON; 1162 break; 1163 case 'h': /* print host status */ 1164 case 'H': /* flush host status */ 1165 mode = SM_MODE_IGNORE; 1166 break; 1167 case 'i': /* newaliases */ 1168 mode = SM_MODE_NEWALIAS; 1169 break; 1170 case 'm': /* deliver mail */ 1171 mode = SM_MODE_ENQUEUE; 1172 break; 1173 case 'p': /* mailq */ 1174 mode = SM_MODE_MAILQ; 1175 break; 1176 case 's': /* stand-alone mode */ 1177 mode = SM_MODE_USER; 1178 break; 1179 case 'v': /* expand recipients */ 1180 flags |= DEL_REQ_FLAG_USR_VRFY; 1181 break; 1182 } 1183 break; 1184 case 'f': 1185 sender = optarg; 1186 break; 1187 case 'i': 1188 flags &= ~SM_FLAG_AEOF; 1189 break; 1190 case 'o': 1191 switch (*optarg) { 1192 default: 1193 if (msg_verbose) 1194 msg_info("-%c%c option ignored", c, *optarg); 1195 break; 1196 case 'A': 1197 if (optarg[1] == 0) 1198 msg_fatal_status(EX_USAGE, "-oA requires pathname"); 1199 myfree(var_alias_db_map); 1200 var_alias_db_map = mystrdup(optarg + 1); 1201 set_mail_conf_str(VAR_ALIAS_DB_MAP, var_alias_db_map); 1202 break; 1203 case '7': 1204 case '8': 1205 break; 1206 case 'i': 1207 flags &= ~SM_FLAG_AEOF; 1208 break; 1209 case 'm': 1210 break; 1211 } 1212 break; 1213 case 'r': /* obsoleted by -f */ 1214 sender = optarg; 1215 break; 1216 case 'q': 1217 if (ISDIGIT(optarg[0])) { 1218 qtime = optarg; 1219 } else if (optarg[0] == 'R') { 1220 site_to_flush = optarg + 1; 1221 if (*site_to_flush == 0) 1222 msg_fatal_status(EX_USAGE, "specify: -qRsitename"); 1223 } else if (optarg[0] == 'I') { 1224 id_to_flush = optarg + 1; 1225 if (*id_to_flush == 0) 1226 msg_fatal_status(EX_USAGE, "specify: -qIqueueid"); 1227 } else { 1228 msg_fatal_status(EX_USAGE, "-q%c is not implemented", 1229 optarg[0]); 1230 } 1231 break; 1232 case 't': 1233 flags |= SM_FLAG_XRCPT; 1234 break; 1235 case 'v': 1236 msg_verbose++; 1237 break; 1238 case '?': 1239 msg_fatal_status(EX_USAGE, "usage: %s [options]", argv[0]); 1240 } 1241 } 1242 1243 /* 1244 * Look for conflicting options and arguments. 1245 */ 1246 if ((flags & SM_FLAG_XRCPT) && mode != SM_MODE_ENQUEUE) 1247 msg_fatal_status(EX_USAGE, "-t can be used only in delivery mode"); 1248 1249 if (site_to_flush && mode != SM_MODE_ENQUEUE) 1250 msg_fatal_status(EX_USAGE, "-qR can be used only in delivery mode"); 1251 1252 if (id_to_flush && mode != SM_MODE_ENQUEUE) 1253 msg_fatal_status(EX_USAGE, "-qI can be used only in delivery mode"); 1254 1255 if (flags & DEL_REQ_FLAG_USR_VRFY) { 1256 if (flags & SM_FLAG_XRCPT) 1257 msg_fatal_status(EX_USAGE, "-t option cannot be used with -bv"); 1258 if (dsn_notify) 1259 msg_fatal_status(EX_USAGE, "-N option cannot be used with -bv"); 1260 if (msg_verbose == 1) 1261 msg_fatal_status(EX_USAGE, "-v option cannot be used with -bv"); 1262 } 1263 1264 /* 1265 * The -v option plays double duty. One requests verbose delivery, more 1266 * than one requests verbose logging. 1267 */ 1268 if (msg_verbose == 1 && mode == SM_MODE_ENQUEUE) { 1269 msg_verbose = 0; 1270 flags |= DEL_REQ_FLAG_RECORD; 1271 } 1272 1273 /* 1274 * Start processing. Everything is delegated to external commands. 1275 */ 1276 if (qtime && mode != SM_MODE_DAEMON) 1277 exit(0); 1278 switch (mode) { 1279 default: 1280 msg_panic("unknown operation mode: %d", mode); 1281 /* NOTREACHED */ 1282 case SM_MODE_ENQUEUE: 1283 if (site_to_flush) { 1284 if (argv[OPTIND]) 1285 msg_fatal_status(EX_USAGE, "flush site requires no recipient"); 1286 ext_argv = argv_alloc(2); 1287 argv_add(ext_argv, "postqueue", "-s", site_to_flush, (char *) 0); 1288 for (n = 0; n < msg_verbose; n++) 1289 argv_add(ext_argv, "-v", (char *) 0); 1290 argv_terminate(ext_argv); 1291 mail_run_replace(var_command_dir, ext_argv->argv); 1292 /* NOTREACHED */ 1293 } else if (id_to_flush) { 1294 if (argv[OPTIND]) 1295 msg_fatal_status(EX_USAGE, "flush queue_id requires no recipient"); 1296 ext_argv = argv_alloc(2); 1297 argv_add(ext_argv, "postqueue", "-i", id_to_flush, (char *) 0); 1298 for (n = 0; n < msg_verbose; n++) 1299 argv_add(ext_argv, "-v", (char *) 0); 1300 argv_terminate(ext_argv); 1301 mail_run_replace(var_command_dir, ext_argv->argv); 1302 /* NOTREACHED */ 1303 } else { 1304 enqueue(flags, encoding, dsn_envid, dsn_notify, 1305 rewrite_context, sender, full_name, argv + OPTIND); 1306 exit(0); 1307 /* NOTREACHED */ 1308 } 1309 break; 1310 case SM_MODE_MAILQ: 1311 if (argv[OPTIND]) 1312 msg_fatal_status(EX_USAGE, 1313 "display queue mode requires no recipient"); 1314 ext_argv = argv_alloc(2); 1315 argv_add(ext_argv, "postqueue", "-p", (char *) 0); 1316 for (n = 0; n < msg_verbose; n++) 1317 argv_add(ext_argv, "-v", (char *) 0); 1318 argv_terminate(ext_argv); 1319 mail_run_replace(var_command_dir, ext_argv->argv); 1320 /* NOTREACHED */ 1321 case SM_MODE_FLUSHQ: 1322 if (argv[OPTIND]) 1323 msg_fatal_status(EX_USAGE, 1324 "flush queue mode requires no recipient"); 1325 ext_argv = argv_alloc(2); 1326 argv_add(ext_argv, "postqueue", "-f", (char *) 0); 1327 for (n = 0; n < msg_verbose; n++) 1328 argv_add(ext_argv, "-v", (char *) 0); 1329 argv_terminate(ext_argv); 1330 mail_run_replace(var_command_dir, ext_argv->argv); 1331 /* NOTREACHED */ 1332 case SM_MODE_DAEMON: 1333 if (argv[OPTIND]) 1334 msg_fatal_status(EX_USAGE, "daemon mode requires no recipient"); 1335 ext_argv = argv_alloc(2); 1336 argv_add(ext_argv, "postfix", (char *) 0); 1337 for (n = 0; n < msg_verbose; n++) 1338 argv_add(ext_argv, "-v", (char *) 0); 1339 argv_add(ext_argv, "start", (char *) 0); 1340 argv_terminate(ext_argv); 1341 err = (mail_run_background(var_command_dir, ext_argv->argv) < 0); 1342 argv_free(ext_argv); 1343 exit(err); 1344 break; 1345 case SM_MODE_NEWALIAS: 1346 if (argv[OPTIND]) 1347 msg_fatal_status(EX_USAGE, 1348 "alias initialization mode requires no recipient"); 1349 if (*var_alias_db_map == 0) 1350 return (0); 1351 ext_argv = argv_alloc(2); 1352 argv_add(ext_argv, "postalias", (char *) 0); 1353 for (n = 0; n < msg_verbose; n++) 1354 argv_add(ext_argv, "-v", (char *) 0); 1355 argv_split_append(ext_argv, var_alias_db_map, ", \t\r\n"); 1356 argv_terminate(ext_argv); 1357 mail_run_replace(var_command_dir, ext_argv->argv); 1358 /* NOTREACHED */ 1359 case SM_MODE_USER: 1360 if (argv[OPTIND]) 1361 msg_fatal_status(EX_USAGE, 1362 "stand-alone mode requires no recipient"); 1363 /* The actual enforcement happens in the postdrop command. */ 1364 if ((errstr = check_user_acl_byuid(var_submit_acl, uid = getuid())) != 0) 1365 msg_fatal_status(EX_NOPERM, 1366 "User %s(%ld) is not allowed to submit mail", 1367 errstr, (long) uid); 1368 ext_argv = argv_alloc(2); 1369 argv_add(ext_argv, "smtpd", "-S", (char *) 0); 1370 for (n = 0; n < msg_verbose; n++) 1371 argv_add(ext_argv, "-v", (char *) 0); 1372 argv_terminate(ext_argv); 1373 mail_run_replace(var_daemon_dir, ext_argv->argv); 1374 /* NOTREACHED */ 1375 case SM_MODE_IGNORE: 1376 exit(0); 1377 /* NOTREACHED */ 1378 } 1379 } 1380