1 /*
2 * Copyright (c) 1983 Eric P. Allman
3 * Copyright (c) 1988 Regents of the University of California.
4 * All rights reserved.
5 *
6 * %sccs.include.redist.c%
7 */
8
9 #ifndef lint
10 static char sccsid[] = "@(#)deliver.c 6.79 (Berkeley) 05/27/93";
11 #endif /* not lint */
12
13 #include "sendmail.h"
14 #include <signal.h>
15 #include <netdb.h>
16 #include <errno.h>
17 #ifdef NAMED_BIND
18 #include <arpa/nameser.h>
19 #include <resolv.h>
20 #endif
21
22 /*
23 ** SENDALL -- actually send all the messages.
24 **
25 ** Parameters:
26 ** e -- the envelope to send.
27 ** mode -- the delivery mode to use. If SM_DEFAULT, use
28 ** the current e->e_sendmode.
29 **
30 ** Returns:
31 ** none.
32 **
33 ** Side Effects:
34 ** Scans the send lists and sends everything it finds.
35 ** Delivers any appropriate error messages.
36 ** If we are running in a non-interactive mode, takes the
37 ** appropriate action.
38 */
39
40 sendall(e, mode)
41 ENVELOPE *e;
42 char mode;
43 {
44 register ADDRESS *q;
45 char *owner;
46 int otherowners;
47 register ENVELOPE *ee;
48 ENVELOPE *splitenv = NULL;
49 bool announcequeueup;
50
51 /* determine actual delivery mode */
52 if (mode == SM_DEFAULT)
53 {
54 mode = e->e_sendmode;
55 if (mode != SM_VERIFY &&
56 shouldqueue(e->e_msgpriority, e->e_ctime))
57 mode = SM_QUEUE;
58 announcequeueup = mode == SM_QUEUE;
59 }
60 else
61 announcequeueup = FALSE;
62
63 if (tTd(13, 1))
64 {
65 printf("\nSENDALL: mode %c, e_from ", mode);
66 printaddr(&e->e_from, FALSE);
67 printf("sendqueue:\n");
68 printaddr(e->e_sendqueue, TRUE);
69 }
70
71 /*
72 ** Do any preprocessing necessary for the mode we are running.
73 ** Check to make sure the hop count is reasonable.
74 ** Delete sends to the sender in mailing lists.
75 */
76
77 CurEnv = e;
78
79 if (e->e_hopcount > MaxHopCount)
80 {
81 errno = 0;
82 syserr("554 too many hops %d (%d max): from %s, to %s",
83 e->e_hopcount, MaxHopCount, e->e_from.q_paddr,
84 e->e_sendqueue->q_paddr);
85 return;
86 }
87
88 /*
89 ** Do sender deletion.
90 **
91 ** If the sender has the QQUEUEUP flag set, skip this.
92 ** This can happen if the name server is hosed when you
93 ** are trying to send mail. The result is that the sender
94 ** is instantiated in the queue as a recipient.
95 */
96
97 if (!MeToo && !bitset(QQUEUEUP, e->e_from.q_flags))
98 {
99 if (tTd(13, 5))
100 {
101 printf("sendall: QDONTSEND ");
102 printaddr(&e->e_from, FALSE);
103 }
104 e->e_from.q_flags |= QDONTSEND;
105 (void) recipient(&e->e_from, &e->e_sendqueue, e);
106 }
107
108 /*
109 ** Handle alias owners.
110 **
111 ** We scan up the q_alias chain looking for owners.
112 ** We discard owners that are the same as the return path.
113 */
114
115 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
116 {
117 register struct address *a;
118
119 for (a = q; a != NULL && a->q_owner == NULL; a = a->q_alias)
120 continue;
121 if (a != NULL)
122 q->q_owner = a->q_owner;
123
124 if (q->q_owner != NULL &&
125 !bitset(QDONTSEND, q->q_flags) &&
126 strcmp(q->q_owner, e->e_from.q_paddr) == 0)
127 q->q_owner = NULL;
128 }
129
130 owner = "";
131 otherowners = 1;
132 while (owner != NULL && otherowners > 0)
133 {
134 owner = NULL;
135 otherowners = 0;
136
137 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
138 {
139 if (bitset(QDONTSEND, q->q_flags))
140 continue;
141
142 if (q->q_owner != NULL)
143 {
144 if (owner == NULL)
145 owner = q->q_owner;
146 else if (owner != q->q_owner)
147 {
148 if (strcmp(owner, q->q_owner) == 0)
149 {
150 /* make future comparisons cheap */
151 q->q_owner = owner;
152 }
153 else
154 {
155 otherowners++;
156 }
157 owner = q->q_owner;
158 }
159 }
160 else
161 {
162 otherowners++;
163 }
164 }
165
166 if (owner != NULL && otherowners > 0)
167 {
168 extern HDR *copyheader();
169 extern ADDRESS *copyqueue();
170
171 /*
172 ** Split this envelope into two.
173 */
174
175 ee = (ENVELOPE *) xalloc(sizeof(ENVELOPE));
176 *ee = *e;
177 ee->e_id = NULL;
178 (void) queuename(ee, '\0');
179
180 if (tTd(13, 1))
181 printf("sendall: split %s into %s\n",
182 e->e_id, ee->e_id);
183
184 ee->e_header = copyheader(e->e_header);
185 ee->e_sendqueue = copyqueue(e->e_sendqueue);
186 ee->e_errorqueue = copyqueue(e->e_errorqueue);
187 ee->e_flags = e->e_flags & ~(EF_INQUEUE|EF_CLRQUEUE|EF_FATALERRS);
188 setsender(owner, ee, NULL, TRUE);
189 if (tTd(13, 5))
190 {
191 printf("sendall(split): QDONTSEND ");
192 printaddr(&ee->e_from, FALSE);
193 }
194 ee->e_from.q_flags |= QDONTSEND;
195 ee->e_dfp = NULL;
196 ee->e_xfp = NULL;
197 ee->e_lockfp = NULL;
198 ee->e_df = NULL;
199 ee->e_errormode = EM_MAIL;
200 ee->e_sibling = splitenv;
201 splitenv = ee;
202
203 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
204 if (q->q_owner == owner)
205 q->q_flags |= QDONTSEND;
206 for (q = ee->e_sendqueue; q != NULL; q = q->q_next)
207 if (q->q_owner != owner)
208 q->q_flags |= QDONTSEND;
209
210 if (e->e_df != NULL && mode != SM_VERIFY)
211 {
212 ee->e_dfp = NULL;
213 ee->e_df = newstr(queuename(ee, 'd'));
214 if (link(e->e_df, ee->e_df) < 0)
215 {
216 syserr("sendall: link(%s, %s)",
217 e->e_df, ee->e_df);
218 }
219 }
220
221 if (mode != SM_VERIFY)
222 openxscript(ee);
223 #ifdef LOG
224 if (LogLevel > 4)
225 syslog(LOG_INFO, "%s: clone %s",
226 ee->e_id, e->e_id);
227 #endif
228 }
229 }
230
231 if (owner != NULL)
232 {
233 setsender(owner, e, NULL, TRUE);
234 if (tTd(13, 5))
235 {
236 printf("sendall(owner): QDONTSEND ");
237 printaddr(&e->e_from, FALSE);
238 }
239 e->e_from.q_flags |= QDONTSEND;
240 e->e_errormode = EM_MAIL;
241 }
242
243 # ifdef QUEUE
244 if ((mode == SM_QUEUE || mode == SM_FORK ||
245 (mode != SM_VERIFY && SuperSafe)) &&
246 !bitset(EF_INQUEUE, e->e_flags))
247 {
248 /* be sure everything is instantiated in the queue */
249 queueup(e, TRUE, announcequeueup);
250 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
251 queueup(ee, TRUE, announcequeueup);
252 }
253 #endif /* QUEUE */
254
255 if (splitenv != NULL)
256 {
257 if (tTd(13, 1))
258 {
259 printf("\nsendall: Split queue; remaining queue:\n");
260 printaddr(e->e_sendqueue, TRUE);
261 }
262
263 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
264 {
265 CurEnv = ee;
266 sendenvelope(ee, mode);
267 }
268
269 CurEnv = e;
270 }
271 sendenvelope(e, mode);
272
273 for (; splitenv != NULL; splitenv = splitenv->e_sibling)
274 dropenvelope(splitenv);
275 }
276
277 sendenvelope(e, mode)
278 register ENVELOPE *e;
279 char mode;
280 {
281 bool oldverbose;
282 int pid;
283 register ADDRESS *q;
284 #ifdef LOCKF
285 struct flock lfd;
286 #endif
287
288 oldverbose = Verbose;
289 switch (mode)
290 {
291 case SM_VERIFY:
292 Verbose = TRUE;
293 break;
294
295 case SM_QUEUE:
296 queueonly:
297 e->e_flags |= EF_INQUEUE|EF_KEEPQUEUE;
298 return;
299
300 case SM_FORK:
301 if (e->e_xfp != NULL)
302 (void) fflush(e->e_xfp);
303
304 # ifdef LOCKF
305 /*
306 ** Since lockf has the interesting semantic that the
307 ** lock is lost when we fork, we have to risk losing
308 ** the lock here by closing before the fork, and then
309 ** trying to get it back in the child.
310 */
311
312 if (e->e_lockfp != NULL)
313 {
314 (void) xfclose(e->e_lockfp, "sendenvelope", "lockfp");
315 e->e_lockfp = NULL;
316 }
317 # endif /* LOCKF */
318
319 pid = fork();
320 if (pid < 0)
321 {
322 goto queueonly;
323 }
324 else if (pid > 0)
325 {
326 /* be sure we leave the temp files to our child */
327 e->e_id = e->e_df = NULL;
328 # ifndef LOCKF
329 if (e->e_lockfp != NULL)
330 {
331 (void) xfclose(e->e_lockfp, "sendenvelope", "lockfp");
332 e->e_lockfp = NULL;
333 }
334 # endif
335
336 /* close any random open files in the envelope */
337 if (e->e_dfp != NULL)
338 {
339 (void) xfclose(e->e_dfp, "sendenvelope", "dfp");
340 e->e_dfp = NULL;
341 }
342 if (e->e_xfp != NULL)
343 {
344 (void) xfclose(e->e_xfp, "sendenvelope", "xfp");
345 e->e_xfp = NULL;
346 }
347 return;
348 }
349
350 /* double fork to avoid zombies */
351 if (fork() > 0)
352 exit(EX_OK);
353
354 /* be sure we are immune from the terminal */
355 disconnect(FALSE, e);
356
357 # ifdef LOCKF
358 /*
359 ** Now try to get our lock back.
360 */
361
362 lfd.l_type = F_WRLCK;
363 lfd.l_whence = lfd.l_start = lfd.l_len = 0;
364 e->e_lockfp = fopen(queuename(e, 'q'), "r+");
365 if (e->e_lockfp == NULL ||
366 fcntl(fileno(e->e_lockfp), F_SETLK, &lfd) < 0)
367 {
368 /* oops.... lost it */
369 if (tTd(13, 1))
370 printf("sendenvelope: %s lost lock: lockfp=%x, %s\n",
371 e->e_id, e->e_lockfp, errstring(errno));
372
373 # ifdef LOG
374 if (LogLevel > 29)
375 syslog(LOG_NOTICE, "%s: lost lock: %m",
376 e->e_id);
377 # endif /* LOG */
378 exit(EX_OK);
379 }
380 # endif /* LOCKF */
381
382 /*
383 ** Close any cached connections.
384 **
385 ** We don't send the QUIT protocol because the parent
386 ** still knows about the connection.
387 **
388 ** This should only happen when delivering an error
389 ** message.
390 */
391
392 mci_flush(FALSE, NULL);
393
394 break;
395 }
396
397 /*
398 ** Run through the list and send everything.
399 */
400
401 e->e_nsent = 0;
402 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
403 {
404 if (mode == SM_VERIFY)
405 {
406 e->e_to = q->q_paddr;
407 if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
408 {
409 message("deliverable: mailer %s, host %s, user %s",
410 q->q_mailer->m_name,
411 q->q_host,
412 q->q_user);
413 }
414 }
415 else if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
416 {
417 # ifdef QUEUE
418 /*
419 ** Checkpoint the send list every few addresses
420 */
421
422 if (e->e_nsent >= CheckpointInterval)
423 {
424 queueup(e, TRUE, FALSE);
425 e->e_nsent = 0;
426 }
427 # endif /* QUEUE */
428 (void) deliver(e, q);
429 }
430 }
431 Verbose = oldverbose;
432
433 /*
434 ** Now run through and check for errors.
435 */
436
437 if (mode == SM_VERIFY)
438 {
439 return;
440 }
441
442 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
443 {
444 if (tTd(13, 3))
445 {
446 printf("Checking ");
447 printaddr(q, FALSE);
448 }
449
450 /* only send errors if the message failed */
451 if (!bitset(QBADADDR, q->q_flags) ||
452 bitset(QDONTSEND, q->q_flags))
453 continue;
454
455 e->e_flags |= EF_FATALERRS;
456
457 if (q->q_owner == NULL && strcmp(e->e_from.q_paddr, "<>") != 0)
458 (void) sendtolist(e->e_from.q_paddr, NULL,
459 &e->e_errorqueue, e);
460 }
461
462 if (mode == SM_FORK)
463 finis();
464 }
465 �/*
466 ** DOFORK -- do a fork, retrying a couple of times on failure.
467 **
468 ** This MUST be a macro, since after a vfork we are running
469 ** two processes on the same stack!!!
470 **
471 ** Parameters:
472 ** none.
473 **
474 ** Returns:
475 ** From a macro??? You've got to be kidding!
476 **
477 ** Side Effects:
478 ** Modifies the ==> LOCAL <== variable 'pid', leaving:
479 ** pid of child in parent, zero in child.
480 ** -1 on unrecoverable error.
481 **
482 ** Notes:
483 ** I'm awfully sorry this looks so awful. That's
484 ** vfork for you.....
485 */
486
487 # define NFORKTRIES 5
488
489 # ifndef FORK
490 # define FORK fork
491 # endif
492
493 # define DOFORK(fORKfN) \
494 {\
495 register int i;\
496 \
497 for (i = NFORKTRIES; --i >= 0; )\
498 {\
499 pid = fORKfN();\
500 if (pid >= 0)\
501 break;\
502 if (i > 0)\
503 sleep((unsigned) NFORKTRIES - i);\
504 }\
505 }
506 �/*
507 ** DOFORK -- simple fork interface to DOFORK.
508 **
509 ** Parameters:
510 ** none.
511 **
512 ** Returns:
513 ** pid of child in parent.
514 ** zero in child.
515 ** -1 on error.
516 **
517 ** Side Effects:
518 ** returns twice, once in parent and once in child.
519 */
520
521 dofork()
522 {
523 register int pid;
524
525 DOFORK(fork);
526 return (pid);
527 }
528 �/*
529 ** DELIVER -- Deliver a message to a list of addresses.
530 **
531 ** This routine delivers to everyone on the same host as the
532 ** user on the head of the list. It is clever about mailers
533 ** that don't handle multiple users. It is NOT guaranteed
534 ** that it will deliver to all these addresses however -- so
535 ** deliver should be called once for each address on the
536 ** list.
537 **
538 ** Parameters:
539 ** e -- the envelope to deliver.
540 ** firstto -- head of the address list to deliver to.
541 **
542 ** Returns:
543 ** zero -- successfully delivered.
544 ** else -- some failure, see ExitStat for more info.
545 **
546 ** Side Effects:
547 ** The standard input is passed off to someone.
548 */
549
550 deliver(e, firstto)
551 register ENVELOPE *e;
552 ADDRESS *firstto;
553 {
554 char *host; /* host being sent to */
555 char *user; /* user being sent to */
556 char **pvp;
557 register char **mvp;
558 register char *p;
559 register MAILER *m; /* mailer for this recipient */
560 ADDRESS *ctladdr;
561 register MCI *mci;
562 register ADDRESS *to = firstto;
563 bool clever = FALSE; /* running user smtp to this mailer */
564 ADDRESS *tochain = NULL; /* chain of users in this mailer call */
565 int rcode; /* response code */
566 char *firstsig; /* signature of firstto */
567 int pid;
568 char *curhost;
569 int mpvect[2];
570 int rpvect[2];
571 char *pv[MAXPV+1];
572 char tobuf[TOBUFSIZE]; /* text line of to people */
573 char buf[MAXNAME];
574 char rpathbuf[MAXNAME]; /* translated return path */
575 extern int checkcompat();
576 extern FILE *fdopen();
577
578 errno = 0;
579 if (bitset(QDONTSEND|QBADADDR|QQUEUEUP, to->q_flags))
580 return (0);
581
582 #ifdef NAMED_BIND
583 /* unless interactive, try twice, over a minute */
584 if (OpMode == MD_DAEMON || OpMode == MD_SMTP) {
585 _res.retrans = 30;
586 _res.retry = 2;
587 }
588 #endif
589
590 m = to->q_mailer;
591 host = to->q_host;
592 CurEnv = e; /* just in case */
593 e->e_statmsg = NULL;
594
595 if (tTd(10, 1))
596 printf("\n--deliver, mailer=%d, host=`%s', first user=`%s'\n",
597 m->m_mno, host, to->q_user);
598
599 /*
600 ** If this mailer is expensive, and if we don't want to make
601 ** connections now, just mark these addresses and return.
602 ** This is useful if we want to batch connections to
603 ** reduce load. This will cause the messages to be
604 ** queued up, and a daemon will come along to send the
605 ** messages later.
606 ** This should be on a per-mailer basis.
607 */
608
609 if (NoConnect && !bitset(EF_QUEUERUN, e->e_flags) &&
610 bitnset(M_EXPENSIVE, m->m_flags) && !Verbose)
611 {
612 for (; to != NULL; to = to->q_next)
613 {
614 if (bitset(QDONTSEND|QBADADDR|QQUEUEUP, to->q_flags) ||
615 to->q_mailer != m)
616 continue;
617 to->q_flags |= QQUEUEUP|QDONTSEND;
618 e->e_to = to->q_paddr;
619 message("queued");
620 if (LogLevel > 8)
621 logdelivery(m, NULL, "queued", e);
622 }
623 e->e_to = NULL;
624 return (0);
625 }
626
627 /*
628 ** Do initial argv setup.
629 ** Insert the mailer name. Notice that $x expansion is
630 ** NOT done on the mailer name. Then, if the mailer has
631 ** a picky -f flag, we insert it as appropriate. This
632 ** code does not check for 'pv' overflow; this places a
633 ** manifest lower limit of 4 for MAXPV.
634 ** The from address rewrite is expected to make
635 ** the address relative to the other end.
636 */
637
638 /* rewrite from address, using rewriting rules */
639 rcode = EX_OK;
640 (void) strcpy(rpathbuf, remotename(e->e_from.q_paddr, m,
641 RF_SENDERADDR|RF_CANONICAL,
642 &rcode, e));
643 define('g', rpathbuf, e); /* translated return path */
644 define('h', host, e); /* to host */
645 Errors = 0;
646 pvp = pv;
647 *pvp++ = m->m_argv[0];
648
649 /* insert -f or -r flag as appropriate */
650 if (FromFlag && (bitnset(M_FOPT, m->m_flags) || bitnset(M_ROPT, m->m_flags)))
651 {
652 if (bitnset(M_FOPT, m->m_flags))
653 *pvp++ = "-f";
654 else
655 *pvp++ = "-r";
656 *pvp++ = newstr(rpathbuf);
657 }
658
659 /*
660 ** Append the other fixed parts of the argv. These run
661 ** up to the first entry containing "$u". There can only
662 ** be one of these, and there are only a few more slots
663 ** in the pv after it.
664 */
665
666 for (mvp = m->m_argv; (p = *++mvp) != NULL; )
667 {
668 /* can't use strchr here because of sign extension problems */
669 while (*p != '\0')
670 {
671 if ((*p++ & 0377) == MACROEXPAND)
672 {
673 if (*p == 'u')
674 break;
675 }
676 }
677
678 if (*p != '\0')
679 break;
680
681 /* this entry is safe -- go ahead and process it */
682 expand(*mvp, buf, &buf[sizeof buf - 1], e);
683 *pvp++ = newstr(buf);
684 if (pvp >= &pv[MAXPV - 3])
685 {
686 syserr("554 Too many parameters to %s before $u", pv[0]);
687 return (-1);
688 }
689 }
690
691 /*
692 ** If we have no substitution for the user name in the argument
693 ** list, we know that we must supply the names otherwise -- and
694 ** SMTP is the answer!!
695 */
696
697 if (*mvp == NULL)
698 {
699 /* running SMTP */
700 # ifdef SMTP
701 clever = TRUE;
702 *pvp = NULL;
703 # else /* SMTP */
704 /* oops! we don't implement SMTP */
705 syserr("554 SMTP style mailer");
706 return (EX_SOFTWARE);
707 # endif /* SMTP */
708 }
709
710 /*
711 ** At this point *mvp points to the argument with $u. We
712 ** run through our address list and append all the addresses
713 ** we can. If we run out of space, do not fret! We can
714 ** always send another copy later.
715 */
716
717 tobuf[0] = '\0';
718 e->e_to = tobuf;
719 ctladdr = NULL;
720 firstsig = hostsignature(firstto->q_mailer, firstto->q_host, e);
721 for (; to != NULL; to = to->q_next)
722 {
723 /* avoid sending multiple recipients to dumb mailers */
724 if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags))
725 break;
726
727 /* if already sent or not for this host, don't send */
728 if (bitset(QDONTSEND|QBADADDR|QQUEUEUP, to->q_flags) ||
729 to->q_mailer != firstto->q_mailer ||
730 strcmp(hostsignature(to->q_mailer, to->q_host, e), firstsig) != 0)
731 continue;
732
733 /* avoid overflowing tobuf */
734 if (sizeof tobuf < (strlen(to->q_paddr) + strlen(tobuf) + 2))
735 break;
736
737 if (tTd(10, 1))
738 {
739 printf("\nsend to ");
740 printaddr(to, FALSE);
741 }
742
743 /* compute effective uid/gid when sending */
744 if (to->q_mailer == ProgMailer)
745 ctladdr = getctladdr(to);
746
747 user = to->q_user;
748 e->e_to = to->q_paddr;
749 if (tTd(10, 5))
750 {
751 printf("deliver: QDONTSEND ");
752 printaddr(to, FALSE);
753 }
754 to->q_flags |= QDONTSEND;
755
756 /*
757 ** Check to see that these people are allowed to
758 ** talk to each other.
759 */
760
761 if (m->m_maxsize != 0 && e->e_msgsize > m->m_maxsize)
762 {
763 NoReturn = TRUE;
764 usrerr("552 Message is too large; %ld bytes max", m->m_maxsize);
765 giveresponse(EX_UNAVAILABLE, m, NULL, e);
766 continue;
767 }
768 rcode = checkcompat(to, e);
769 if (rcode != EX_OK)
770 {
771 giveresponse(rcode, m, NULL, e);
772 continue;
773 }
774
775 /*
776 ** Strip quote bits from names if the mailer is dumb
777 ** about them.
778 */
779
780 if (bitnset(M_STRIPQ, m->m_flags))
781 {
782 stripquotes(user);
783 stripquotes(host);
784 }
785
786 /* hack attack -- delivermail compatibility */
787 if (m == ProgMailer && *user == '|')
788 user++;
789
790 /*
791 ** If an error message has already been given, don't
792 ** bother to send to this address.
793 **
794 ** >>>>>>>>>> This clause assumes that the local mailer
795 ** >> NOTE >> cannot do any further aliasing; that
796 ** >>>>>>>>>> function is subsumed by sendmail.
797 */
798
799 if (bitset(QBADADDR|QQUEUEUP, to->q_flags))
800 continue;
801
802 /* save statistics.... */
803 markstats(e, to);
804
805 /*
806 ** See if this user name is "special".
807 ** If the user name has a slash in it, assume that this
808 ** is a file -- send it off without further ado. Note
809 ** that this type of addresses is not processed along
810 ** with the others, so we fudge on the To person.
811 */
812
813 if (m == FileMailer)
814 {
815 rcode = mailfile(user, getctladdr(to), e);
816 giveresponse(rcode, m, NULL, e);
817 if (rcode == EX_OK)
818 to->q_flags |= QSENT;
819 continue;
820 }
821
822 /*
823 ** Address is verified -- add this user to mailer
824 ** argv, and add it to the print list of recipients.
825 */
826
827 /* link together the chain of recipients */
828 to->q_tchain = tochain;
829 tochain = to;
830
831 /* create list of users for error messages */
832 (void) strcat(tobuf, ",");
833 (void) strcat(tobuf, to->q_paddr);
834 define('u', user, e); /* to user */
835 define('z', to->q_home, e); /* user's home */
836
837 /*
838 ** Expand out this user into argument list.
839 */
840
841 if (!clever)
842 {
843 expand(*mvp, buf, &buf[sizeof buf - 1], e);
844 *pvp++ = newstr(buf);
845 if (pvp >= &pv[MAXPV - 2])
846 {
847 /* allow some space for trailing parms */
848 break;
849 }
850 }
851 }
852
853 /* see if any addresses still exist */
854 if (tobuf[0] == '\0')
855 {
856 define('g', (char *) NULL, e);
857 return (0);
858 }
859
860 /* print out messages as full list */
861 e->e_to = tobuf + 1;
862
863 /*
864 ** Fill out any parameters after the $u parameter.
865 */
866
867 while (!clever && *++mvp != NULL)
868 {
869 expand(*mvp, buf, &buf[sizeof buf - 1], e);
870 *pvp++ = newstr(buf);
871 if (pvp >= &pv[MAXPV])
872 syserr("554 deliver: pv overflow after $u for %s", pv[0]);
873 }
874 *pvp++ = NULL;
875
876 /*
877 ** Call the mailer.
878 ** The argument vector gets built, pipes
879 ** are created as necessary, and we fork & exec as
880 ** appropriate.
881 ** If we are running SMTP, we just need to clean up.
882 */
883
884 if (ctladdr == NULL && m != ProgMailer)
885 ctladdr = &e->e_from;
886 #ifdef NAMED_BIND
887 if (ConfigLevel < 2)
888 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
889 #endif
890
891 if (tTd(11, 1))
892 {
893 printf("openmailer:");
894 printav(pv);
895 }
896 errno = 0;
897
898 CurHostName = m->m_mailer;
899
900 /*
901 ** Deal with the special case of mail handled through an IPC
902 ** connection.
903 ** In this case we don't actually fork. We must be
904 ** running SMTP for this to work. We will return a
905 ** zero pid to indicate that we are running IPC.
906 ** We also handle a debug version that just talks to stdin/out.
907 */
908
909 curhost = NULL;
910
911 /* check for Local Person Communication -- not for mortals!!! */
912 if (strcmp(m->m_mailer, "[LPC]") == 0)
913 {
914 mci = (MCI *) xalloc(sizeof *mci);
915 bzero((char *) mci, sizeof *mci);
916 mci->mci_in = stdin;
917 mci->mci_out = stdout;
918 mci->mci_state = clever ? MCIS_OPENING : MCIS_OPEN;
919 mci->mci_mailer = m;
920 }
921 else if (strcmp(m->m_mailer, "[IPC]") == 0 ||
922 strcmp(m->m_mailer, "[TCP]") == 0)
923 {
924 #ifdef DAEMON
925 register int i;
926 register u_short port;
927
928 CurHostName = pv[1];
929 curhost = hostsignature(m, pv[1], e);
930
931 if (curhost == NULL || curhost[0] == '\0')
932 {
933 syserr("null signature");
934 rcode = EX_OSERR;
935 goto give_up;
936 }
937
938 if (!clever)
939 {
940 syserr("554 non-clever IPC");
941 rcode = EX_OSERR;
942 goto give_up;
943 }
944 if (pv[2] != NULL)
945 port = atoi(pv[2]);
946 else
947 port = 0;
948 tryhost:
949 mci = NULL;
950 while (*curhost != '\0')
951 {
952 register char *p;
953 static char hostbuf[MAXNAME];
954
955 mci = NULL;
956
957 /* pull the next host from the signature */
958 p = strchr(curhost, ':');
959 if (p == NULL)
960 p = &curhost[strlen(curhost)];
961 strncpy(hostbuf, curhost, p - curhost);
962 hostbuf[p - curhost] = '\0';
963 if (*p != '\0')
964 p++;
965 curhost = p;
966
967 /* see if we already know that this host is fried */
968 CurHostName = hostbuf;
969 mci = mci_get(hostbuf, m);
970 if (mci->mci_state != MCIS_CLOSED)
971 {
972 if (tTd(11, 1))
973 {
974 printf("openmailer: ");
975 mci_dump(mci);
976 }
977 CurHostName = mci->mci_host;
978 break;
979 }
980 mci->mci_mailer = m;
981 if (mci->mci_exitstat != EX_OK)
982 continue;
983
984 /* try the connection */
985 setproctitle("%s %s: %s", e->e_id, hostbuf, "user open");
986 message("Connecting to %s (%s)...",
987 hostbuf, m->m_name);
988 i = makeconnection(hostbuf, port, mci,
989 bitnset(M_SECURE_PORT, m->m_flags));
990 mci->mci_exitstat = i;
991 mci->mci_errno = errno;
992 if (i == EX_OK)
993 {
994 mci->mci_state = MCIS_OPENING;
995 mci_cache(mci);
996 break;
997 }
998 else if (tTd(11, 1))
999 printf("openmailer: makeconnection => stat=%d, errno=%d\n",
1000 i, errno);
1001
1002
1003 /* enter status of this host */
1004 setstat(i);
1005 }
1006 mci->mci_pid = 0;
1007 #else /* no DAEMON */
1008 syserr("554 openmailer: no IPC");
1009 if (tTd(11, 1))
1010 printf("openmailer: NULL\n");
1011 return NULL;
1012 #endif /* DAEMON */
1013 }
1014 else
1015 {
1016 int i;
1017 struct stat stbuf;
1018
1019 /* make absolutely certain 0, 1, and 2 are in use */
1020 for (i = 0; i < 3; i++)
1021 {
1022 if (fstat(i, &stbuf) < 0)
1023 {
1024 /* oops.... */
1025 int fd;
1026
1027 syserr("%s... openmailer(%s): fd %d not open",
1028 e->e_to, m->m_name, i);
1029 fd = open("/dev/null", O_RDONLY, 0666);
1030 if (fd != i)
1031 {
1032 (void) dup2(fd, i);
1033 (void) close(fd);
1034 }
1035 }
1036 }
1037
1038 /* create a pipe to shove the mail through */
1039 if (pipe(mpvect) < 0)
1040 {
1041 syserr("%s... openmailer(%s): pipe (to mailer)",
1042 e->e_to, m->m_name);
1043 if (tTd(11, 1))
1044 printf("openmailer: NULL\n");
1045 rcode = EX_OSERR;
1046 goto give_up;
1047 }
1048
1049 /* if this mailer speaks smtp, create a return pipe */
1050 if (clever && pipe(rpvect) < 0)
1051 {
1052 syserr("%s... openmailer(%s): pipe (from mailer)",
1053 e->e_to, m->m_name);
1054 (void) close(mpvect[0]);
1055 (void) close(mpvect[1]);
1056 if (tTd(11, 1))
1057 printf("openmailer: NULL\n");
1058 rcode = EX_OSERR;
1059 goto give_up;
1060 }
1061
1062 /*
1063 ** Actually fork the mailer process.
1064 ** DOFORK is clever about retrying.
1065 **
1066 ** Dispose of SIGCHLD signal catchers that may be laying
1067 ** around so that endmail will get it.
1068 */
1069
1070 if (e->e_xfp != NULL)
1071 (void) fflush(e->e_xfp); /* for debugging */
1072 (void) fflush(stdout);
1073 # ifdef SIGCHLD
1074 (void) signal(SIGCHLD, SIG_DFL);
1075 # endif /* SIGCHLD */
1076 DOFORK(FORK);
1077 /* pid is set by DOFORK */
1078 if (pid < 0)
1079 {
1080 /* failure */
1081 syserr("%s... openmailer(%s): cannot fork",
1082 e->e_to, m->m_name);
1083 (void) close(mpvect[0]);
1084 (void) close(mpvect[1]);
1085 if (clever)
1086 {
1087 (void) close(rpvect[0]);
1088 (void) close(rpvect[1]);
1089 }
1090 if (tTd(11, 1))
1091 printf("openmailer: NULL\n");
1092 rcode = EX_OSERR;
1093 goto give_up;
1094 }
1095 else if (pid == 0)
1096 {
1097 int i;
1098 int saveerrno;
1099 char **ep;
1100 char *env[MAXUSERENVIRON];
1101 extern char **environ;
1102 extern int DtableSize;
1103
1104 /* child -- set up input & exec mailer */
1105 /* make diagnostic output be standard output */
1106 (void) signal(SIGINT, SIG_IGN);
1107 (void) signal(SIGHUP, SIG_IGN);
1108 (void) signal(SIGTERM, SIG_DFL);
1109
1110 /* close any other cached connections */
1111 mci_flush(FALSE, mci);
1112
1113 /* move into some "safe" directory */
1114 if (m->m_execdir != NULL)
1115 {
1116 char *p, *q;
1117 char buf[MAXLINE];
1118
1119 for (p = m->m_execdir; p != NULL; p = q)
1120 {
1121 q = strchr(p, ':');
1122 if (q != NULL)
1123 *q = '\0';
1124 expand(p, buf, &buf[sizeof buf] - 1, e);
1125 if (q != NULL)
1126 *q++ = ':';
1127 if (tTd(11, 20))
1128 printf("openmailer: trydir %s\n",
1129 buf);
1130 if (buf[0] != '\0' && chdir(buf) >= 0)
1131 break;
1132 }
1133 }
1134
1135 /* arrange to filter std & diag output of command */
1136 if (clever)
1137 {
1138 (void) close(rpvect[0]);
1139 if (dup2(rpvect[1], STDOUT_FILENO) < 0)
1140 {
1141 syserr("%s... openmailer(%s): cannot dup pipe %d for stdout",
1142 e->e_to, m->m_name, rpvect[1]);
1143 _exit(EX_OSERR);
1144 }
1145 (void) close(rpvect[1]);
1146 }
1147 else if (OpMode == MD_SMTP || HoldErrs)
1148 {
1149 /* put mailer output in transcript */
1150 if (dup2(fileno(e->e_xfp), STDOUT_FILENO) < 0)
1151 {
1152 syserr("%s... openmailer(%s): cannot dup xscript %d for stdout",
1153 e->e_to, m->m_name,
1154 fileno(e->e_xfp));
1155 _exit(EX_OSERR);
1156 }
1157 }
1158 if (dup2(STDOUT_FILENO, STDERR_FILENO) < 0)
1159 {
1160 syserr("%s... openmailer(%s): cannot dup stdout for stderr",
1161 e->e_to, m->m_name);
1162 _exit(EX_OSERR);
1163 }
1164
1165 /* arrange to get standard input */
1166 (void) close(mpvect[1]);
1167 if (dup2(mpvect[0], STDIN_FILENO) < 0)
1168 {
1169 syserr("%s... openmailer(%s): cannot dup pipe %d for stdin",
1170 e->e_to, m->m_name, mpvect[0]);
1171 _exit(EX_OSERR);
1172 }
1173 (void) close(mpvect[0]);
1174 if (!bitnset(M_RESTR, m->m_flags))
1175 {
1176 if (ctladdr == NULL || ctladdr->q_uid == 0)
1177 {
1178 (void) setgid(DefGid);
1179 (void) initgroups(DefUser, DefGid);
1180 (void) setuid(DefUid);
1181 }
1182 else
1183 {
1184 (void) setgid(ctladdr->q_gid);
1185 (void) initgroups(ctladdr->q_ruser?
1186 ctladdr->q_ruser: ctladdr->q_user,
1187 ctladdr->q_gid);
1188 (void) setuid(ctladdr->q_uid);
1189 }
1190 }
1191
1192 /* arrange for all the files to be closed */
1193 for (i = 3; i < DtableSize; i++)
1194 {
1195 register int j;
1196 if ((j = fcntl(i, F_GETFD, 0)) != -1)
1197 (void)fcntl(i, F_SETFD, j|1);
1198 }
1199
1200 /* set up the mailer environment */
1201 i = 0;
1202 env[i++] = "AGENT=sendmail";
1203 for (ep = environ; *ep != NULL; ep++)
1204 {
1205 if (strncmp(*ep, "TZ=", 3) == 0)
1206 env[i++] = *ep;
1207 }
1208 env[i++] = NULL;
1209
1210 /* try to execute the mailer */
1211 execve(m->m_mailer, pv, env);
1212 saveerrno = errno;
1213 syserr("Cannot exec %s", m->m_mailer);
1214 if (m == LocalMailer || transienterror(saveerrno))
1215 _exit(EX_OSERR);
1216 _exit(EX_UNAVAILABLE);
1217 }
1218
1219 /*
1220 ** Set up return value.
1221 */
1222
1223 mci = (MCI *) xalloc(sizeof *mci);
1224 bzero((char *) mci, sizeof *mci);
1225 mci->mci_mailer = m;
1226 mci->mci_state = clever ? MCIS_OPENING : MCIS_OPEN;
1227 mci->mci_pid = pid;
1228 (void) close(mpvect[0]);
1229 mci->mci_out = fdopen(mpvect[1], "w");
1230 if (clever)
1231 {
1232 (void) close(rpvect[1]);
1233 mci->mci_in = fdopen(rpvect[0], "r");
1234 }
1235 else
1236 {
1237 mci->mci_flags |= MCIF_TEMP;
1238 mci->mci_in = NULL;
1239 }
1240 }
1241
1242 /*
1243 ** If we are in SMTP opening state, send initial protocol.
1244 */
1245
1246 if (clever && mci->mci_state != MCIS_CLOSED)
1247 {
1248 smtpinit(m, mci, e);
1249 }
1250 if (tTd(11, 1))
1251 {
1252 printf("openmailer: ");
1253 mci_dump(mci);
1254 }
1255
1256 if (mci->mci_state != MCIS_OPEN)
1257 {
1258 /* couldn't open the mailer */
1259 rcode = mci->mci_exitstat;
1260 errno = mci->mci_errno;
1261 if (rcode == EX_OK)
1262 {
1263 /* shouldn't happen */
1264 syserr("554 deliver: rcode=%d, mci_state=%d, sig=%s",
1265 rcode, mci->mci_state, firstsig);
1266 rcode = EX_SOFTWARE;
1267 }
1268 else if (rcode == EX_TEMPFAIL && *curhost != '\0')
1269 {
1270 /* try next MX site */
1271 goto tryhost;
1272 }
1273 }
1274 else if (!clever)
1275 {
1276 /*
1277 ** Format and send message.
1278 */
1279
1280 putfromline(mci->mci_out, m, e);
1281 (*e->e_puthdr)(mci->mci_out, m, e);
1282 putline("\n", mci->mci_out, m);
1283 (*e->e_putbody)(mci->mci_out, m, e, NULL);
1284
1285 /* get the exit status */
1286 rcode = endmailer(mci, e, pv);
1287 }
1288 else
1289 #ifdef SMTP
1290 {
1291 /*
1292 ** Send the MAIL FROM: protocol
1293 */
1294
1295 rcode = smtpmailfrom(m, mci, e);
1296 if (rcode == EX_OK)
1297 {
1298 register char *t = tobuf;
1299 register int i;
1300
1301 /* send the recipient list */
1302 tobuf[0] = '\0';
1303 for (to = tochain; to != NULL; to = to->q_tchain)
1304 {
1305 e->e_to = to->q_paddr;
1306 if ((i = smtprcpt(to, m, mci, e)) != EX_OK)
1307 {
1308 markfailure(e, to, i);
1309 giveresponse(i, m, mci, e);
1310 }
1311 else
1312 {
1313 *t++ = ',';
1314 for (p = to->q_paddr; *p; *t++ = *p++)
1315 continue;
1316 }
1317 }
1318
1319 /* now send the data */
1320 if (tobuf[0] == '\0')
1321 {
1322 rcode = EX_OK;
1323 e->e_to = NULL;
1324 if (bitset(MCIF_CACHED, mci->mci_flags))
1325 smtprset(m, mci, e);
1326 }
1327 else
1328 {
1329 e->e_to = tobuf + 1;
1330 rcode = smtpdata(m, mci, e);
1331 }
1332
1333 /* now close the connection */
1334 if (!bitset(MCIF_CACHED, mci->mci_flags))
1335 smtpquit(m, mci, e);
1336 }
1337 if (rcode != EX_OK && *curhost != '\0')
1338 {
1339 /* try next MX site */
1340 goto tryhost;
1341 }
1342 }
1343 #else /* not SMTP */
1344 {
1345 syserr("554 deliver: need SMTP compiled to use clever mailer");
1346 rcode = EX_CONFIG;
1347 goto give_up;
1348 }
1349 #endif /* SMTP */
1350 #ifdef NAMED_BIND
1351 if (ConfigLevel < 2)
1352 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */
1353 #endif
1354
1355 /* arrange a return receipt if requested */
1356 if (e->e_receiptto != NULL && bitnset(M_LOCALMAILER, m->m_flags))
1357 {
1358 e->e_flags |= EF_SENDRECEIPT;
1359 /* do we want to send back more info? */
1360 }
1361
1362 /*
1363 ** Do final status disposal.
1364 ** We check for something in tobuf for the SMTP case.
1365 ** If we got a temporary failure, arrange to queue the
1366 ** addressees.
1367 */
1368
1369 give_up:
1370 if (tobuf[0] != '\0')
1371 giveresponse(rcode, m, mci, e);
1372 for (to = tochain; to != NULL; to = to->q_tchain)
1373 {
1374 if (rcode != EX_OK)
1375 markfailure(e, to, rcode);
1376 else
1377 {
1378 to->q_flags |= QSENT;
1379 e->e_nsent++;
1380 }
1381 }
1382
1383 /*
1384 ** Restore state and return.
1385 */
1386
1387 errno = 0;
1388 define('g', (char *) NULL, e);
1389 return (rcode);
1390 }
1391 �/*
1392 ** MARKFAILURE -- mark a failure on a specific address.
1393 **
1394 ** Parameters:
1395 ** e -- the envelope we are sending.
1396 ** q -- the address to mark.
1397 ** rcode -- the code signifying the particular failure.
1398 **
1399 ** Returns:
1400 ** none.
1401 **
1402 ** Side Effects:
1403 ** marks the address (and possibly the envelope) with the
1404 ** failure so that an error will be returned or
1405 ** the message will be queued, as appropriate.
1406 */
1407
1408 markfailure(e, q, rcode)
1409 register ENVELOPE *e;
1410 register ADDRESS *q;
1411 int rcode;
1412 {
1413 char buf[MAXLINE];
1414
1415 if (rcode == EX_OK)
1416 return;
1417 else if (rcode != EX_TEMPFAIL && rcode != EX_IOERR && rcode != EX_OSERR)
1418 q->q_flags |= QBADADDR;
1419 else if (curtime() > e->e_ctime + TimeOuts.to_q_return)
1420 {
1421 if (!bitset(EF_TIMEOUT, e->e_flags))
1422 {
1423 (void) sprintf(buf, "Cannot send message for %s",
1424 pintvl(TimeOuts.to_q_return, FALSE));
1425 if (e->e_message != NULL)
1426 free(e->e_message);
1427 e->e_message = newstr(buf);
1428 message(buf);
1429 }
1430 q->q_flags |= QBADADDR;
1431 e->e_flags |= EF_TIMEOUT;
1432 fprintf(e->e_xfp, "421 %s... Message timed out\n", q->q_paddr);
1433 }
1434 else
1435 {
1436 q->q_flags |= QQUEUEUP;
1437 if (TimeOuts.to_q_warning > 0 &&
1438 curtime() > e->e_ctime + TimeOuts.to_q_warning)
1439 {
1440 if (!bitset(EF_WARNING, e->e_flags) &&
1441 e->e_class >= 0)
1442 {
1443 (void) sprintf(buf,
1444 "warning: cannot send message for %s",
1445 pintvl(TimeOuts.to_q_warning, FALSE));
1446 if (e->e_message != NULL)
1447 free(e->e_message);
1448 e->e_message = newstr(buf);
1449 message(buf);
1450 e->e_flags |= EF_WARNING|EF_TIMEOUT;
1451 }
1452 fprintf(e->e_xfp,
1453 "%s... Warning: message still undelivered after %s\n",
1454 q->q_paddr, pintvl(TimeOuts.to_q_warning, FALSE));
1455 fprintf(e->e_xfp, "Will keep trying until message is %s old\n",
1456 pintvl(TimeOuts.to_q_return, FALSE));
1457 }
1458 }
1459 }
1460 �/*
1461 ** ENDMAILER -- Wait for mailer to terminate.
1462 **
1463 ** We should never get fatal errors (e.g., segmentation
1464 ** violation), so we report those specially. For other
1465 ** errors, we choose a status message (into statmsg),
1466 ** and if it represents an error, we print it.
1467 **
1468 ** Parameters:
1469 ** pid -- pid of mailer.
1470 ** e -- the current envelope.
1471 ** pv -- the parameter vector that invoked the mailer
1472 ** (for error messages).
1473 **
1474 ** Returns:
1475 ** exit code of mailer.
1476 **
1477 ** Side Effects:
1478 ** none.
1479 */
1480
1481 endmailer(mci, e, pv)
1482 register MCI *mci;
1483 register ENVELOPE *e;
1484 char **pv;
1485 {
1486 int st;
1487
1488 /* close any connections */
1489 if (mci->mci_in != NULL)
1490 (void) xfclose(mci->mci_in, pv[0], "mci_in");
1491 if (mci->mci_out != NULL)
1492 (void) xfclose(mci->mci_out, pv[0], "mci_out");
1493 mci->mci_in = mci->mci_out = NULL;
1494 mci->mci_state = MCIS_CLOSED;
1495
1496 /* in the IPC case there is nothing to wait for */
1497 if (mci->mci_pid == 0)
1498 return (EX_OK);
1499
1500 /* wait for the mailer process to die and collect status */
1501 st = waitfor(mci->mci_pid);
1502 if (st == -1)
1503 {
1504 syserr("endmailer %s: wait", pv[0]);
1505 return (EX_SOFTWARE);
1506 }
1507
1508 /* see if it died a horrid death */
1509 if ((st & 0377) != 0)
1510 {
1511 syserr("mailer %s died with signal %o", pv[0], st);
1512
1513 /* log the arguments */
1514 if (e->e_xfp != NULL)
1515 {
1516 register char **av;
1517
1518 fprintf(e->e_xfp, "Arguments:");
1519 for (av = pv; *av != NULL; av++)
1520 fprintf(e->e_xfp, " %s", *av);
1521 fprintf(e->e_xfp, "\n");
1522 }
1523
1524 ExitStat = EX_TEMPFAIL;
1525 return (EX_TEMPFAIL);
1526 }
1527
1528 /* normal death -- return status */
1529 st = (st >> 8) & 0377;
1530 return (st);
1531 }
1532 �/*
1533 ** GIVERESPONSE -- Interpret an error response from a mailer
1534 **
1535 ** Parameters:
1536 ** stat -- the status code from the mailer (high byte
1537 ** only; core dumps must have been taken care of
1538 ** already).
1539 ** m -- the mailer info for this mailer.
1540 ** mci -- the mailer connection info -- can be NULL if the
1541 ** response is given before the connection is made.
1542 ** e -- the current envelope.
1543 **
1544 ** Returns:
1545 ** none.
1546 **
1547 ** Side Effects:
1548 ** Errors may be incremented.
1549 ** ExitStat may be set.
1550 */
1551
1552 giveresponse(stat, m, mci, e)
1553 int stat;
1554 register MAILER *m;
1555 register MCI *mci;
1556 ENVELOPE *e;
1557 {
1558 register const char *statmsg;
1559 extern char *SysExMsg[];
1560 register int i;
1561 extern int N_SysEx;
1562 #ifdef NAMED_BIND
1563 extern int h_errno;
1564 #endif
1565 char buf[MAXLINE];
1566
1567 /*
1568 ** Compute status message from code.
1569 */
1570
1571 i = stat - EX__BASE;
1572 if (stat == 0)
1573 {
1574 statmsg = "250 Sent";
1575 if (e->e_statmsg != NULL)
1576 {
1577 (void) sprintf(buf, "%s (%s)", statmsg, e->e_statmsg);
1578 statmsg = buf;
1579 }
1580 }
1581 else if (i < 0 || i > N_SysEx)
1582 {
1583 (void) sprintf(buf, "554 unknown mailer error %d", stat);
1584 stat = EX_UNAVAILABLE;
1585 statmsg = buf;
1586 }
1587 else if (stat == EX_TEMPFAIL)
1588 {
1589 (void) strcpy(buf, SysExMsg[i] + 1);
1590 #ifdef NAMED_BIND
1591 if (h_errno == TRY_AGAIN)
1592 statmsg = errstring(h_errno+MAX_ERRNO);
1593 else
1594 #endif
1595 {
1596 if (errno != 0)
1597 statmsg = errstring(errno);
1598 else
1599 {
1600 #ifdef SMTP
1601 extern char SmtpError[];
1602
1603 statmsg = SmtpError;
1604 #else /* SMTP */
1605 statmsg = NULL;
1606 #endif /* SMTP */
1607 }
1608 }
1609 if (statmsg != NULL && statmsg[0] != '\0')
1610 {
1611 (void) strcat(buf, ": ");
1612 (void) strcat(buf, statmsg);
1613 }
1614 statmsg = buf;
1615 }
1616 else
1617 {
1618 statmsg = SysExMsg[i];
1619 if (*statmsg++ == ':')
1620 {
1621 (void) sprintf(buf, "%s: %s", statmsg, errstring(errno));
1622 statmsg = buf;
1623 }
1624 }
1625
1626 /*
1627 ** Print the message as appropriate
1628 */
1629
1630 if (stat == EX_OK || stat == EX_TEMPFAIL)
1631 message(&statmsg[4], errstring(errno));
1632 else
1633 {
1634 Errors++;
1635 usrerr(statmsg, errstring(errno));
1636 }
1637
1638 /*
1639 ** Final cleanup.
1640 ** Log a record of the transaction. Compute the new
1641 ** ExitStat -- if we already had an error, stick with
1642 ** that.
1643 */
1644
1645 if (LogLevel > ((stat == EX_TEMPFAIL) ? 8 : (stat == EX_OK) ? 7 : 6))
1646 logdelivery(m, mci, &statmsg[4], e);
1647
1648 if (stat != EX_TEMPFAIL)
1649 setstat(stat);
1650 if (stat != EX_OK)
1651 {
1652 if (e->e_message != NULL)
1653 free(e->e_message);
1654 e->e_message = newstr(&statmsg[4]);
1655 }
1656 errno = 0;
1657 #ifdef NAMED_BIND
1658 h_errno = 0;
1659 #endif
1660 }
1661 �/*
1662 ** LOGDELIVERY -- log the delivery in the system log
1663 **
1664 ** Parameters:
1665 ** m -- the mailer info. Can be NULL for initial queue.
1666 ** mci -- the mailer connection info -- can be NULL if the
1667 ** log is occuring when no connection is active.
1668 ** stat -- the message to print for the status.
1669 ** e -- the current envelope.
1670 **
1671 ** Returns:
1672 ** none
1673 **
1674 ** Side Effects:
1675 ** none
1676 */
1677
1678 logdelivery(m, mci, stat, e)
1679 MAILER *m;
1680 register MCI *mci;
1681 char *stat;
1682 register ENVELOPE *e;
1683 {
1684 # ifdef LOG
1685 char *curhost;
1686 char buf[512];
1687
1688 (void) sprintf(buf, "delay=%s", pintvl(curtime() - e->e_ctime, TRUE));
1689
1690 if (m != NULL)
1691 {
1692 (void) strcat(buf, ", mailer=");
1693 (void) strcat(buf, m->m_name);
1694 }
1695
1696 if (mci != NULL && mci->mci_host != NULL)
1697 {
1698 # ifdef DAEMON
1699 extern SOCKADDR CurHostAddr;
1700 # endif
1701
1702 (void) strcat(buf, ", relay=");
1703 (void) strcat(buf, mci->mci_host);
1704
1705 # ifdef DAEMON
1706 (void) strcat(buf, " (");
1707 (void) strcat(buf, anynet_ntoa(&CurHostAddr));
1708 (void) strcat(buf, ")");
1709 # endif
1710 }
1711 else
1712 {
1713 char *p = macvalue('h', e);
1714
1715 if (p != NULL && p[0] != '\0')
1716 {
1717 (void) strcat(buf, ", relay=");
1718 (void) strcat(buf, p);
1719 }
1720 }
1721
1722 syslog(LOG_INFO, "%s: to=%s, %s, stat=%s",
1723 e->e_id, e->e_to, buf, stat);
1724 # endif /* LOG */
1725 }
1726 �/*
1727 ** PUTFROMLINE -- output a UNIX-style from line (or whatever)
1728 **
1729 ** This can be made an arbitrary message separator by changing $l
1730 **
1731 ** One of the ugliest hacks seen by human eyes is contained herein:
1732 ** UUCP wants those stupid "remote from <host>" lines. Why oh why
1733 ** does a well-meaning programmer such as myself have to deal with
1734 ** this kind of antique garbage????
1735 **
1736 ** Parameters:
1737 ** fp -- the file to output to.
1738 ** m -- the mailer describing this entry.
1739 **
1740 ** Returns:
1741 ** none
1742 **
1743 ** Side Effects:
1744 ** outputs some text to fp.
1745 */
1746
1747 putfromline(fp, m, e)
1748 register FILE *fp;
1749 register MAILER *m;
1750 ENVELOPE *e;
1751 {
1752 char *template = "\201l\n";
1753 char buf[MAXLINE];
1754
1755 if (bitnset(M_NHDR, m->m_flags))
1756 return;
1757
1758 # ifdef UGLYUUCP
1759 if (bitnset(M_UGLYUUCP, m->m_flags))
1760 {
1761 char *bang;
1762 char xbuf[MAXLINE];
1763
1764 expand("\201g", buf, &buf[sizeof buf - 1], e);
1765 bang = strchr(buf, '!');
1766 if (bang == NULL)
1767 syserr("554 No ! in UUCP! (%s)", buf);
1768 else
1769 {
1770 *bang++ = '\0';
1771 (void) sprintf(xbuf, "From %s \201d remote from %s\n", bang, buf);
1772 template = xbuf;
1773 }
1774 }
1775 # endif /* UGLYUUCP */
1776 expand(template, buf, &buf[sizeof buf - 1], e);
1777 putline(buf, fp, m);
1778 }
1779 �/*
1780 ** PUTBODY -- put the body of a message.
1781 **
1782 ** Parameters:
1783 ** fp -- file to output onto.
1784 ** m -- a mailer descriptor to control output format.
1785 ** e -- the envelope to put out.
1786 ** separator -- if non-NULL, a message separator that must
1787 ** not be permitted in the resulting message.
1788 **
1789 ** Returns:
1790 ** none.
1791 **
1792 ** Side Effects:
1793 ** The message is written onto fp.
1794 */
1795
1796 putbody(fp, m, e, separator)
1797 FILE *fp;
1798 MAILER *m;
1799 register ENVELOPE *e;
1800 char *separator;
1801 {
1802 char buf[MAXLINE];
1803
1804 /*
1805 ** Output the body of the message
1806 */
1807
1808 if (e->e_dfp == NULL)
1809 {
1810 if (e->e_df != NULL)
1811 {
1812 e->e_dfp = fopen(e->e_df, "r");
1813 if (e->e_dfp == NULL)
1814 syserr("putbody: Cannot open %s for %s from %s",
1815 e->e_df, e->e_to, e->e_from);
1816 }
1817 else
1818 putline("<<< No Message Collected >>>", fp, m);
1819 }
1820 if (e->e_dfp != NULL)
1821 {
1822 rewind(e->e_dfp);
1823 while (!ferror(fp) && fgets(buf, sizeof buf, e->e_dfp) != NULL)
1824 {
1825 if (buf[0] == 'F' && bitnset(M_ESCFROM, m->m_flags) &&
1826 strncmp(buf, "From ", 5) == 0)
1827 (void) putc('>', fp);
1828 if (buf[0] == '-' && buf[1] == '-' && separator != NULL)
1829 {
1830 /* possible separator */
1831 int sl = strlen(separator);
1832
1833 if (strncmp(&buf[2], separator, sl) == 0)
1834 (void) putc(' ', fp);
1835 }
1836 putline(buf, fp, m);
1837 }
1838
1839 if (ferror(e->e_dfp))
1840 {
1841 syserr("putbody: read error");
1842 ExitStat = EX_IOERR;
1843 }
1844 }
1845
1846 /* some mailers want extra blank line at end of message */
1847 if (bitnset(M_BLANKEND, m->m_flags) && buf[0] != '\0' && buf[0] != '\n')
1848 putline("", fp, m);
1849
1850 (void) fflush(fp);
1851 if (ferror(fp) && errno != EPIPE)
1852 {
1853 syserr("putbody: write error");
1854 ExitStat = EX_IOERR;
1855 }
1856 errno = 0;
1857 }
1858 �/*
1859 ** MAILFILE -- Send a message to a file.
1860 **
1861 ** If the file has the setuid/setgid bits set, but NO execute
1862 ** bits, sendmail will try to become the owner of that file
1863 ** rather than the real user. Obviously, this only works if
1864 ** sendmail runs as root.
1865 **
1866 ** This could be done as a subordinate mailer, except that it
1867 ** is used implicitly to save messages in ~/dead.letter. We
1868 ** view this as being sufficiently important as to include it
1869 ** here. For example, if the system is dying, we shouldn't have
1870 ** to create another process plus some pipes to save the message.
1871 **
1872 ** Parameters:
1873 ** filename -- the name of the file to send to.
1874 ** ctladdr -- the controlling address header -- includes
1875 ** the userid/groupid to be when sending.
1876 **
1877 ** Returns:
1878 ** The exit code associated with the operation.
1879 **
1880 ** Side Effects:
1881 ** none.
1882 */
1883
1884 mailfile(filename, ctladdr, e)
1885 char *filename;
1886 ADDRESS *ctladdr;
1887 register ENVELOPE *e;
1888 {
1889 register FILE *f;
1890 register int pid;
1891 int mode;
1892
1893 if (tTd(11, 1))
1894 {
1895 printf("mailfile %s\n ctladdr=", filename);
1896 printaddr(ctladdr, FALSE);
1897 }
1898
1899 /*
1900 ** Fork so we can change permissions here.
1901 ** Note that we MUST use fork, not vfork, because of
1902 ** the complications of calling subroutines, etc.
1903 */
1904
1905 DOFORK(fork);
1906
1907 if (pid < 0)
1908 return (EX_OSERR);
1909 else if (pid == 0)
1910 {
1911 /* child -- actually write to file */
1912 struct stat stb;
1913
1914 (void) signal(SIGINT, SIG_DFL);
1915 (void) signal(SIGHUP, SIG_DFL);
1916 (void) signal(SIGTERM, SIG_DFL);
1917 (void) umask(OldUmask);
1918
1919 if (stat(filename, &stb) < 0)
1920 stb.st_mode = FileMode;
1921 mode = stb.st_mode;
1922
1923 /* limit the errors to those actually caused in the child */
1924 errno = 0;
1925 ExitStat = EX_OK;
1926
1927 if (bitset(0111, stb.st_mode))
1928 exit(EX_CANTCREAT);
1929 if (ctladdr == NULL)
1930 ctladdr = &e->e_from;
1931 else
1932 {
1933 /* ignore setuid and setgid bits */
1934 mode &= ~(S_ISGID|S_ISUID);
1935 }
1936
1937 /* we have to open the dfile BEFORE setuid */
1938 if (e->e_dfp == NULL && e->e_df != NULL)
1939 {
1940 e->e_dfp = fopen(e->e_df, "r");
1941 if (e->e_dfp == NULL)
1942 {
1943 syserr("mailfile: Cannot open %s for %s from %s",
1944 e->e_df, e->e_to, e->e_from);
1945 }
1946 }
1947
1948 if (!bitset(S_ISGID, mode) || setgid(stb.st_gid) < 0)
1949 {
1950 if (ctladdr->q_uid == 0)
1951 {
1952 (void) setgid(DefGid);
1953 (void) initgroups(DefUser, DefGid);
1954 }
1955 else
1956 {
1957 (void) setgid(ctladdr->q_gid);
1958 (void) initgroups(ctladdr->q_ruser ?
1959 ctladdr->q_ruser : ctladdr->q_user,
1960 ctladdr->q_gid);
1961 }
1962 }
1963 if (!bitset(S_ISUID, mode) || setuid(stb.st_uid) < 0)
1964 {
1965 if (ctladdr->q_uid == 0)
1966 (void) setuid(DefUid);
1967 else
1968 (void) setuid(ctladdr->q_uid);
1969 }
1970 FileName = filename;
1971 LineNumber = 0;
1972 f = dfopen(filename, O_WRONLY|O_CREAT|O_APPEND, FileMode);
1973 if (f == NULL)
1974 {
1975 message("554 cannot open");
1976 exit(EX_CANTCREAT);
1977 }
1978
1979 putfromline(f, FileMailer, e);
1980 (*e->e_puthdr)(f, FileMailer, e);
1981 putline("\n", f, FileMailer);
1982 (*e->e_putbody)(f, FileMailer, e, NULL);
1983 putline("\n", f, FileMailer);
1984 if (ferror(f))
1985 {
1986 message("451 I/O error");
1987 setstat(EX_IOERR);
1988 }
1989 (void) xfclose(f, "mailfile", filename);
1990 (void) fflush(stdout);
1991
1992 /* reset ISUID & ISGID bits for paranoid systems */
1993 (void) chmod(filename, (int) stb.st_mode);
1994 exit(ExitStat);
1995 /*NOTREACHED*/
1996 }
1997 else
1998 {
1999 /* parent -- wait for exit status */
2000 int st;
2001
2002 st = waitfor(pid);
2003 if ((st & 0377) != 0)
2004 return (EX_UNAVAILABLE);
2005 else
2006 return ((st >> 8) & 0377);
2007 /*NOTREACHED*/
2008 }
2009 }
2010 �/*
2011 ** HOSTSIGNATURE -- return the "signature" for a host.
2012 **
2013 ** The signature describes how we are going to send this -- it
2014 ** can be just the hostname (for non-Internet hosts) or can be
2015 ** an ordered list of MX hosts.
2016 **
2017 ** Parameters:
2018 ** m -- the mailer describing this host.
2019 ** host -- the host name.
2020 ** e -- the current envelope.
2021 **
2022 ** Returns:
2023 ** The signature for this host.
2024 **
2025 ** Side Effects:
2026 ** Can tweak the symbol table.
2027 */
2028
2029 char *
2030 hostsignature(m, host, e)
2031 register MAILER *m;
2032 char *host;
2033 ENVELOPE *e;
2034 {
2035 register char *p;
2036 register STAB *s;
2037 int i;
2038 int len;
2039 #ifdef NAMED_BIND
2040 int nmx;
2041 auto int rcode;
2042 char *hp;
2043 char *endp;
2044 int oldoptions;
2045 char *mxhosts[MAXMXHOSTS + 1];
2046 #endif
2047
2048 /*
2049 ** Check to see if this uses IPC -- if not, it can't have MX records.
2050 */
2051
2052 p = m->m_mailer;
2053 if (strcmp(p, "[IPC]") != 0 && strcmp(p, "[TCP]") != 0)
2054 {
2055 /* just an ordinary mailer */
2056 return host;
2057 }
2058
2059 /*
2060 ** If it is a numeric address, just return it.
2061 */
2062
2063 if (host[0] == '[')
2064 return host;
2065
2066 /*
2067 ** Look it up in the symbol table.
2068 */
2069
2070 s = stab(host, ST_HOSTSIG, ST_ENTER);
2071 if (s->s_hostsig != NULL)
2072 return s->s_hostsig;
2073
2074 /*
2075 ** Not already there -- create a signature.
2076 */
2077
2078 #ifdef NAMED_BIND
2079 if (ConfigLevel < 2)
2080 {
2081 oldoptions = _res.options;
2082 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
2083 }
2084
2085 for (hp = host; hp != NULL; hp = endp)
2086 {
2087 endp = strchr(hp, ':');
2088 if (endp != NULL)
2089 *endp = '\0';
2090
2091 nmx = getmxrr(hp, mxhosts, TRUE, &rcode);
2092
2093 if (nmx <= 0)
2094 {
2095 register MCI *mci;
2096 extern int errno;
2097
2098 /* update the connection info for this host */
2099 mci = mci_get(hp, m);
2100 mci->mci_exitstat = rcode;
2101 mci->mci_errno = errno;
2102
2103 /* and return the original host name as the signature */
2104 nmx = 1;
2105 mxhosts[0] = hp;
2106 }
2107
2108 len = 0;
2109 for (i = 0; i < nmx; i++)
2110 {
2111 len += strlen(mxhosts[i]) + 1;
2112 }
2113 if (s->s_hostsig != NULL)
2114 len += strlen(s->s_hostsig) + 1;
2115 p = xalloc(len);
2116 if (s->s_hostsig != NULL)
2117 {
2118 (void) strcpy(p, s->s_hostsig);
2119 free(s->s_hostsig);
2120 s->s_hostsig = p;
2121 p += strlen(p);
2122 *p++ = ':';
2123 }
2124 else
2125 s->s_hostsig = p;
2126 for (i = 0; i < nmx; i++)
2127 {
2128 if (i != 0)
2129 *p++ = ':';
2130 strcpy(p, mxhosts[i]);
2131 p += strlen(p);
2132 }
2133 if (endp != NULL)
2134 *endp++ = ':';
2135 }
2136 makelower(s->s_hostsig);
2137 if (ConfigLevel < 2)
2138 _res.options = oldoptions;
2139 #else
2140 /* not using BIND -- the signature is just the host name */
2141 s->s_hostsig = host;
2142 #endif
2143 if (tTd(17, 1))
2144 printf("hostsignature(%s) = %s\n", host, s->s_hostsig);
2145 return s->s_hostsig;
2146 }
2147