1 /*
2 * Copyright (c) 1983 Eric P. Allman
3 * Copyright (c) 1988 Regents of the University of California.
4 * All rights reserved.
5 *
6 * %sccs.include.redist.c%
7 */
8
9 #ifndef lint
10 static char sccsid[] = "@(#)deliver.c 5.41 (Berkeley) 03/21/91";
11 #endif /* not lint */
12
13 #include "sendmail.h"
14 #include <sys/signal.h>
15 #include <sys/stat.h>
16 #include <netdb.h>
17 #include <fcntl.h>
18 #include <errno.h>
19 #ifdef NAMED_BIND
20 #include <sys/param.h>
21 #include <arpa/nameser.h>
22 #include <resolv.h>
23 #endif
24
25 /*
26 ** DELIVER -- Deliver a message to a list of addresses.
27 **
28 ** This routine delivers to everyone on the same host as the
29 ** user on the head of the list. It is clever about mailers
30 ** that don't handle multiple users. It is NOT guaranteed
31 ** that it will deliver to all these addresses however -- so
32 ** deliver should be called once for each address on the
33 ** list.
34 **
35 ** Parameters:
36 ** e -- the envelope to deliver.
37 ** firstto -- head of the address list to deliver to.
38 **
39 ** Returns:
40 ** zero -- successfully delivered.
41 ** else -- some failure, see ExitStat for more info.
42 **
43 ** Side Effects:
44 ** The standard input is passed off to someone.
45 */
46
47 deliver(e, firstto)
48 register ENVELOPE *e;
49 ADDRESS *firstto;
50 {
51 char *host; /* host being sent to */
52 char *user; /* user being sent to */
53 char **pvp;
54 register char **mvp;
55 register char *p;
56 register MAILER *m; /* mailer for this recipient */
57 ADDRESS *ctladdr;
58 register ADDRESS *to = firstto;
59 bool clever = FALSE; /* running user smtp to this mailer */
60 ADDRESS *tochain = NULL; /* chain of users in this mailer call */
61 int rcode; /* response code */
62 char *pv[MAXPV+1];
63 char tobuf[MAXLINE-50]; /* text line of to people */
64 char buf[MAXNAME];
65 char tfrombuf[MAXNAME]; /* translated from person */
66 extern bool checkcompat();
67 extern ADDRESS *getctladdr();
68 extern char *remotename();
69
70 errno = 0;
71 if (bitset(QDONTSEND, to->q_flags))
72 return (0);
73
74 #ifdef NAMED_BIND
75 /* unless interactive, try twice, over a minute */
76 if (OpMode == MD_DAEMON || OpMode == MD_SMTP) {
77 _res.retrans = 30;
78 _res.retry = 2;
79 }
80 #endif
81
82 m = to->q_mailer;
83 host = to->q_host;
84
85 if (tTd(10, 1))
86 printf("\n--deliver, mailer=%d, host=`%s', first user=`%s'\n",
87 m->m_mno, host, to->q_user);
88
89 /*
90 ** If this mailer is expensive, and if we don't want to make
91 ** connections now, just mark these addresses and return.
92 ** This is useful if we want to batch connections to
93 ** reduce load. This will cause the messages to be
94 ** queued up, and a daemon will come along to send the
95 ** messages later.
96 ** This should be on a per-mailer basis.
97 */
98
99 if (NoConnect && !QueueRun && bitnset(M_EXPENSIVE, m->m_flags) &&
100 !Verbose)
101 {
102 for (; to != NULL; to = to->q_next)
103 {
104 if (bitset(QDONTSEND, to->q_flags) || to->q_mailer != m)
105 continue;
106 to->q_flags |= QQUEUEUP|QDONTSEND;
107 e->e_to = to->q_paddr;
108 message(Arpa_Info, "queued");
109 if (LogLevel > 4)
110 logdelivery("queued");
111 }
112 e->e_to = NULL;
113 return (0);
114 }
115
116 /*
117 ** Do initial argv setup.
118 ** Insert the mailer name. Notice that $x expansion is
119 ** NOT done on the mailer name. Then, if the mailer has
120 ** a picky -f flag, we insert it as appropriate. This
121 ** code does not check for 'pv' overflow; this places a
122 ** manifest lower limit of 4 for MAXPV.
123 ** The from address rewrite is expected to make
124 ** the address relative to the other end.
125 */
126
127 /* rewrite from address, using rewriting rules */
128 expand("\001f", buf, &buf[sizeof buf - 1], e);
129 (void) strcpy(tfrombuf, remotename(buf, m, TRUE, TRUE));
130
131 define('g', tfrombuf, e); /* translated sender address */
132 define('h', host, e); /* to host */
133 Errors = 0;
134 pvp = pv;
135 *pvp++ = m->m_argv[0];
136
137 /* insert -f or -r flag as appropriate */
138 if (FromFlag && (bitnset(M_FOPT, m->m_flags) || bitnset(M_ROPT, m->m_flags)))
139 {
140 if (bitnset(M_FOPT, m->m_flags))
141 *pvp++ = "-f";
142 else
143 *pvp++ = "-r";
144 expand("\001g", buf, &buf[sizeof buf - 1], e);
145 *pvp++ = newstr(buf);
146 }
147
148 /*
149 ** Append the other fixed parts of the argv. These run
150 ** up to the first entry containing "$u". There can only
151 ** be one of these, and there are only a few more slots
152 ** in the pv after it.
153 */
154
155 for (mvp = m->m_argv; (p = *++mvp) != NULL; )
156 {
157 while ((p = index(p, '\001')) != NULL)
158 if (*++p == 'u')
159 break;
160 if (p != NULL)
161 break;
162
163 /* this entry is safe -- go ahead and process it */
164 expand(*mvp, buf, &buf[sizeof buf - 1], e);
165 *pvp++ = newstr(buf);
166 if (pvp >= &pv[MAXPV - 3])
167 {
168 syserr("Too many parameters to %s before $u", pv[0]);
169 return (-1);
170 }
171 }
172
173 /*
174 ** If we have no substitution for the user name in the argument
175 ** list, we know that we must supply the names otherwise -- and
176 ** SMTP is the answer!!
177 */
178
179 if (*mvp == NULL)
180 {
181 /* running SMTP */
182 # ifdef SMTP
183 clever = TRUE;
184 *pvp = NULL;
185 # else SMTP
186 /* oops! we don't implement SMTP */
187 syserr("SMTP style mailer");
188 return (EX_SOFTWARE);
189 # endif SMTP
190 }
191
192 /*
193 ** At this point *mvp points to the argument with $u. We
194 ** run through our address list and append all the addresses
195 ** we can. If we run out of space, do not fret! We can
196 ** always send another copy later.
197 */
198
199 tobuf[0] = '\0';
200 e->e_to = tobuf;
201 ctladdr = NULL;
202 for (; to != NULL; to = to->q_next)
203 {
204 /* avoid sending multiple recipients to dumb mailers */
205 if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags))
206 break;
207
208 /* if already sent or not for this host, don't send */
209 if (bitset(QDONTSEND, to->q_flags) ||
210 strcmp(to->q_host, host) != 0 ||
211 to->q_mailer != firstto->q_mailer)
212 continue;
213
214 /* avoid overflowing tobuf */
215 if (sizeof tobuf < (strlen(to->q_paddr) + strlen(tobuf) + 2))
216 break;
217
218 if (tTd(10, 1))
219 {
220 printf("\nsend to ");
221 printaddr(to, FALSE);
222 }
223
224 /* compute effective uid/gid when sending */
225 if (to->q_mailer == ProgMailer)
226 ctladdr = getctladdr(to);
227
228 user = to->q_user;
229 e->e_to = to->q_paddr;
230 to->q_flags |= QDONTSEND;
231
232 /*
233 ** Check to see that these people are allowed to
234 ** talk to each other.
235 */
236
237 if (m->m_maxsize != 0 && e->e_msgsize > m->m_maxsize)
238 {
239 NoReturn = TRUE;
240 usrerr("Message is too large; %ld bytes max", m->m_maxsize);
241 giveresponse(EX_UNAVAILABLE, m, e);
242 continue;
243 }
244 if (!checkcompat(to))
245 {
246 giveresponse(EX_UNAVAILABLE, m, e);
247 continue;
248 }
249
250 /*
251 ** Strip quote bits from names if the mailer is dumb
252 ** about them.
253 */
254
255 if (bitnset(M_STRIPQ, m->m_flags))
256 {
257 stripquotes(user, TRUE);
258 stripquotes(host, TRUE);
259 }
260 else
261 {
262 stripquotes(user, FALSE);
263 stripquotes(host, FALSE);
264 }
265
266 /* hack attack -- delivermail compatibility */
267 if (m == ProgMailer && *user == '|')
268 user++;
269
270 /*
271 ** If an error message has already been given, don't
272 ** bother to send to this address.
273 **
274 ** >>>>>>>>>> This clause assumes that the local mailer
275 ** >> NOTE >> cannot do any further aliasing; that
276 ** >>>>>>>>>> function is subsumed by sendmail.
277 */
278
279 if (bitset(QBADADDR|QQUEUEUP, to->q_flags))
280 continue;
281
282 /* save statistics.... */
283 markstats(e, to);
284
285 /*
286 ** See if this user name is "special".
287 ** If the user name has a slash in it, assume that this
288 ** is a file -- send it off without further ado. Note
289 ** that this type of addresses is not processed along
290 ** with the others, so we fudge on the To person.
291 */
292
293 if (m == LocalMailer)
294 {
295 if (user[0] == '/')
296 {
297 rcode = mailfile(user, getctladdr(to));
298 giveresponse(rcode, m, e);
299 if (rcode == EX_OK)
300 to->q_flags |= QSENT;
301 continue;
302 }
303 }
304
305 /*
306 ** Address is verified -- add this user to mailer
307 ** argv, and add it to the print list of recipients.
308 */
309
310 /* link together the chain of recipients */
311 to->q_tchain = tochain;
312 tochain = to;
313
314 /* create list of users for error messages */
315 (void) strcat(tobuf, ",");
316 (void) strcat(tobuf, to->q_paddr);
317 define('u', user, e); /* to user */
318 define('z', to->q_home, e); /* user's home */
319
320 /*
321 ** Expand out this user into argument list.
322 */
323
324 if (!clever)
325 {
326 expand(*mvp, buf, &buf[sizeof buf - 1], e);
327 *pvp++ = newstr(buf);
328 if (pvp >= &pv[MAXPV - 2])
329 {
330 /* allow some space for trailing parms */
331 break;
332 }
333 }
334 }
335
336 /* see if any addresses still exist */
337 if (tobuf[0] == '\0')
338 {
339 define('g', (char *) NULL, e);
340 return (0);
341 }
342
343 /* print out messages as full list */
344 e->e_to = tobuf + 1;
345
346 /*
347 ** Fill out any parameters after the $u parameter.
348 */
349
350 while (!clever && *++mvp != NULL)
351 {
352 expand(*mvp, buf, &buf[sizeof buf - 1], e);
353 *pvp++ = newstr(buf);
354 if (pvp >= &pv[MAXPV])
355 syserr("deliver: pv overflow after $u for %s", pv[0]);
356 }
357 *pvp++ = NULL;
358
359 /*
360 ** Call the mailer.
361 ** The argument vector gets built, pipes
362 ** are created as necessary, and we fork & exec as
363 ** appropriate.
364 ** If we are running SMTP, we just need to clean up.
365 */
366
367 if (ctladdr == NULL)
368 ctladdr = &e->e_from;
369 #ifdef NAMED_BIND
370 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
371 #endif
372 #ifdef SMTP
373 if (clever)
374 {
375 rcode = EX_OK;
376 #ifdef NAMED_BIND
377 if (host[0] && host[0] != '[')
378 {
379 expand("\001w", buf, &buf[sizeof(buf) - 1], e);
380 Nmx = getmxrr(host, MxHosts, buf, &rcode);
381 }
382 else
383 #endif
384 {
385 Nmx = 1;
386 MxHosts[0] = host;
387 }
388 if (Nmx >= 0)
389 {
390 message(Arpa_Info, "Connecting to %s (%s)...",
391 MxHosts[0], m->m_name);
392 if ((rcode = smtpinit(m, pv)) == EX_OK) {
393 register char *t = tobuf;
394 register int i;
395
396 /* send the recipient list */
397 tobuf[0] = '\0';
398 for (to = tochain; to; to = to->q_tchain) {
399 e->e_to = to->q_paddr;
400 if ((i = smtprcpt(to, m)) != EX_OK) {
401 markfailure(e, to, i);
402 giveresponse(i, m, e);
403 }
404 else {
405 *t++ = ',';
406 for (p = to->q_paddr; *p; *t++ = *p++);
407 }
408 }
409
410 /* now send the data */
411 if (tobuf[0] == '\0')
412 e->e_to = NULL;
413 else {
414 e->e_to = tobuf + 1;
415 rcode = smtpdata(m, e);
416 }
417
418 /* now close the connection */
419 smtpquit(m);
420 }
421 }
422 }
423 else
424 #endif /* SMTP */
425 {
426 static int sendoff();
427
428 message(Arpa_Info, "Connecting to %s (%s)...", host, m->m_name);
429 rcode = sendoff(e, m, pv, ctladdr);
430 }
431 #ifdef NAMED_BIND
432 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */
433 #endif
434
435 /*
436 ** Do final status disposal.
437 ** We check for something in tobuf for the SMTP case.
438 ** If we got a temporary failure, arrange to queue the
439 ** addressees.
440 */
441
442 if (tobuf[0] != '\0')
443 giveresponse(rcode, m, e);
444 for (to = tochain; to != NULL; to = to->q_tchain)
445 if (rcode != EX_OK)
446 markfailure(e, to, rcode);
447 else
448 to->q_flags |= QSENT;
449
450 errno = 0;
451 define('g', (char *) NULL, e);
452 return (rcode);
453 }
454 �/*
455 ** MARKFAILURE -- mark a failure on a specific address.
456 **
457 ** Parameters:
458 ** e -- the envelope we are sending.
459 ** q -- the address to mark.
460 ** rcode -- the code signifying the particular failure.
461 **
462 ** Returns:
463 ** none.
464 **
465 ** Side Effects:
466 ** marks the address (and possibly the envelope) with the
467 ** failure so that an error will be returned or
468 ** the message will be queued, as appropriate.
469 */
470
471 markfailure(e, q, rcode)
472 register ENVELOPE *e;
473 register ADDRESS *q;
474 int rcode;
475 {
476 if (rcode == EX_OK)
477 return;
478 else if (rcode != EX_TEMPFAIL && rcode != EX_IOERR && rcode != EX_OSERR)
479 q->q_flags |= QBADADDR;
480 else if (curtime() > e->e_ctime + TimeOut)
481 {
482 extern char *pintvl();
483 char buf[MAXLINE];
484
485 if (!bitset(EF_TIMEOUT, e->e_flags))
486 {
487 (void) sprintf(buf, "Cannot send message for %s",
488 pintvl(TimeOut, FALSE));
489 if (e->e_message != NULL)
490 free(e->e_message);
491 e->e_message = newstr(buf);
492 message(Arpa_Info, buf);
493 }
494 q->q_flags |= QBADADDR;
495 e->e_flags |= EF_TIMEOUT;
496 }
497 else
498 q->q_flags |= QQUEUEUP;
499 }
500 �/*
501 ** DOFORK -- do a fork, retrying a couple of times on failure.
502 **
503 ** This MUST be a macro, since after a vfork we are running
504 ** two processes on the same stack!!!
505 **
506 ** Parameters:
507 ** none.
508 **
509 ** Returns:
510 ** From a macro??? You've got to be kidding!
511 **
512 ** Side Effects:
513 ** Modifies the ==> LOCAL <== variable 'pid', leaving:
514 ** pid of child in parent, zero in child.
515 ** -1 on unrecoverable error.
516 **
517 ** Notes:
518 ** I'm awfully sorry this looks so awful. That's
519 ** vfork for you.....
520 */
521
522 # define NFORKTRIES 5
523 # ifdef VMUNIX
524 # define XFORK vfork
525 # else VMUNIX
526 # define XFORK fork
527 # endif VMUNIX
528
529 # define DOFORK(fORKfN) \
530 {\
531 register int i;\
532 \
533 for (i = NFORKTRIES; --i >= 0; )\
534 {\
535 pid = fORKfN();\
536 if (pid >= 0)\
537 break;\
538 if (i > 0)\
539 sleep((unsigned) NFORKTRIES - i);\
540 }\
541 }
542 �/*
543 ** DOFORK -- simple fork interface to DOFORK.
544 **
545 ** Parameters:
546 ** none.
547 **
548 ** Returns:
549 ** pid of child in parent.
550 ** zero in child.
551 ** -1 on error.
552 **
553 ** Side Effects:
554 ** returns twice, once in parent and once in child.
555 */
556
557 dofork()
558 {
559 register int pid;
560
561 DOFORK(fork);
562 return (pid);
563 }
564 �/*
565 ** SENDOFF -- send off call to mailer & collect response.
566 **
567 ** Parameters:
568 ** e -- the envelope to mail.
569 ** m -- mailer descriptor.
570 ** pvp -- parameter vector to send to it.
571 ** ctladdr -- an address pointer controlling the
572 ** user/groupid etc. of the mailer.
573 **
574 ** Returns:
575 ** exit status of mailer.
576 **
577 ** Side Effects:
578 ** none.
579 */
580 static
581 sendoff(e, m, pvp, ctladdr)
582 register ENVELOPE *e;
583 MAILER *m;
584 char **pvp;
585 ADDRESS *ctladdr;
586 {
587 auto FILE *mfile;
588 auto FILE *rfile;
589 register int i;
590 int pid;
591
592 /*
593 ** Create connection to mailer.
594 */
595
596 pid = openmailer(m, pvp, ctladdr, FALSE, &mfile, &rfile);
597 if (pid < 0)
598 return (-1);
599
600 /*
601 ** Format and send message.
602 */
603
604 putfromline(mfile, m);
605 (*e->e_puthdr)(mfile, m, e);
606 putline("\n", mfile, m);
607 (*e->e_putbody)(mfile, m, e);
608 (void) fclose(mfile);
609 if (rfile != NULL)
610 (void) fclose(rfile);
611
612 i = endmailer(pid, pvp[0]);
613
614 /* arrange a return receipt if requested */
615 if (e->e_receiptto != NULL && bitnset(M_LOCAL, m->m_flags))
616 {
617 e->e_flags |= EF_SENDRECEIPT;
618 /* do we want to send back more info? */
619 }
620
621 return (i);
622 }
623 �/*
624 ** ENDMAILER -- Wait for mailer to terminate.
625 **
626 ** We should never get fatal errors (e.g., segmentation
627 ** violation), so we report those specially. For other
628 ** errors, we choose a status message (into statmsg),
629 ** and if it represents an error, we print it.
630 **
631 ** Parameters:
632 ** pid -- pid of mailer.
633 ** name -- name of mailer (for error messages).
634 **
635 ** Returns:
636 ** exit code of mailer.
637 **
638 ** Side Effects:
639 ** none.
640 */
641
642 endmailer(pid, name)
643 int pid;
644 char *name;
645 {
646 int st;
647
648 /* in the IPC case there is nothing to wait for */
649 if (pid == 0)
650 return (EX_OK);
651
652 /* wait for the mailer process to die and collect status */
653 st = waitfor(pid);
654 if (st == -1)
655 {
656 syserr("endmailer %s: wait", name);
657 return (EX_SOFTWARE);
658 }
659
660 /* see if it died a horrid death */
661 if ((st & 0377) != 0)
662 {
663 syserr("mailer %s died with signal %o", name, st);
664 ExitStat = EX_TEMPFAIL;
665 return (EX_TEMPFAIL);
666 }
667
668 /* normal death -- return status */
669 st = (st >> 8) & 0377;
670 return (st);
671 }
672 �/*
673 ** OPENMAILER -- open connection to mailer.
674 **
675 ** Parameters:
676 ** m -- mailer descriptor.
677 ** pvp -- parameter vector to pass to mailer.
678 ** ctladdr -- controlling address for user.
679 ** clever -- create a full duplex connection.
680 ** pmfile -- pointer to mfile (to mailer) connection.
681 ** prfile -- pointer to rfile (from mailer) connection.
682 **
683 ** Returns:
684 ** pid of mailer ( > 0 ).
685 ** -1 on error.
686 ** zero on an IPC connection.
687 **
688 ** Side Effects:
689 ** creates a mailer in a subprocess.
690 */
691
692 openmailer(m, pvp, ctladdr, clever, pmfile, prfile)
693 MAILER *m;
694 char **pvp;
695 ADDRESS *ctladdr;
696 bool clever;
697 FILE **pmfile;
698 FILE **prfile;
699 {
700 int pid;
701 int mpvect[2];
702 int rpvect[2];
703 FILE *mfile = NULL;
704 FILE *rfile = NULL;
705 extern FILE *fdopen();
706
707 if (tTd(11, 1))
708 {
709 printf("openmailer:");
710 printav(pvp);
711 }
712 errno = 0;
713
714 CurHostName = m->m_mailer;
715
716 /*
717 ** Deal with the special case of mail handled through an IPC
718 ** connection.
719 ** In this case we don't actually fork. We must be
720 ** running SMTP for this to work. We will return a
721 ** zero pid to indicate that we are running IPC.
722 ** We also handle a debug version that just talks to stdin/out.
723 */
724
725 /* check for Local Person Communication -- not for mortals!!! */
726 if (strcmp(m->m_mailer, "[LPC]") == 0)
727 {
728 *pmfile = stdout;
729 *prfile = stdin;
730 return (0);
731 }
732
733 if (strcmp(m->m_mailer, "[IPC]") == 0)
734 {
735 #ifdef HOSTINFO
736 register STAB *st;
737 extern STAB *stab();
738 #endif HOSTINFO
739 #ifdef DAEMON
740 register int i, j;
741 register u_short port;
742
743 CurHostName = pvp[1];
744 if (!clever)
745 syserr("non-clever IPC");
746 if (pvp[2] != NULL)
747 port = atoi(pvp[2]);
748 else
749 port = 0;
750 for (j = 0; j < Nmx; j++)
751 {
752 CurHostName = MxHosts[j];
753 #ifdef HOSTINFO
754 /* see if we have already determined that this host is fried */
755 st = stab(MxHosts[j], ST_HOST, ST_FIND);
756 if (st == NULL || st->s_host.ho_exitstat == EX_OK) {
757 if (j > 1)
758 message(Arpa_Info,
759 "Connecting to %s (%s)...",
760 MxHosts[j], m->m_name);
761 i = makeconnection(MxHosts[j], port, pmfile, prfile);
762 }
763 else
764 {
765 i = st->s_host.ho_exitstat;
766 errno = st->s_host.ho_errno;
767 }
768 #else HOSTINFO
769 i = makeconnection(MxHosts[j], port, pmfile, prfile);
770 #endif HOSTINFO
771 if (i != EX_OK)
772 {
773 #ifdef HOSTINFO
774 /* enter status of this host */
775 if (st == NULL)
776 st = stab(MxHosts[j], ST_HOST, ST_ENTER);
777 st->s_host.ho_exitstat = i;
778 st->s_host.ho_errno = errno;
779 #endif HOSTINFO
780 ExitStat = i;
781 continue;
782 }
783 else
784 return (0);
785 }
786 return (-1);
787 #else DAEMON
788 syserr("openmailer: no IPC");
789 return (-1);
790 #endif DAEMON
791 }
792
793 /* create a pipe to shove the mail through */
794 if (pipe(mpvect) < 0)
795 {
796 syserr("openmailer: pipe (to mailer)");
797 return (-1);
798 }
799
800 #ifdef SMTP
801 /* if this mailer speaks smtp, create a return pipe */
802 if (clever && pipe(rpvect) < 0)
803 {
804 syserr("openmailer: pipe (from mailer)");
805 (void) close(mpvect[0]);
806 (void) close(mpvect[1]);
807 return (-1);
808 }
809 #endif SMTP
810
811 /*
812 ** Actually fork the mailer process.
813 ** DOFORK is clever about retrying.
814 **
815 ** Dispose of SIGCHLD signal catchers that may be laying
816 ** around so that endmail will get it.
817 */
818
819 if (CurEnv->e_xfp != NULL)
820 (void) fflush(CurEnv->e_xfp); /* for debugging */
821 (void) fflush(stdout);
822 # ifdef SIGCHLD
823 (void) signal(SIGCHLD, SIG_DFL);
824 # endif SIGCHLD
825 DOFORK(XFORK);
826 /* pid is set by DOFORK */
827 if (pid < 0)
828 {
829 /* failure */
830 syserr("openmailer: cannot fork");
831 (void) close(mpvect[0]);
832 (void) close(mpvect[1]);
833 #ifdef SMTP
834 if (clever)
835 {
836 (void) close(rpvect[0]);
837 (void) close(rpvect[1]);
838 }
839 #endif SMTP
840 return (-1);
841 }
842 else if (pid == 0)
843 {
844 int i;
845 extern int DtableSize;
846
847 /* child -- set up input & exec mailer */
848 /* make diagnostic output be standard output */
849 (void) signal(SIGINT, SIG_IGN);
850 (void) signal(SIGHUP, SIG_IGN);
851 (void) signal(SIGTERM, SIG_DFL);
852
853 /* arrange to filter standard & diag output of command */
854 if (clever)
855 {
856 (void) close(rpvect[0]);
857 (void) close(1);
858 (void) dup(rpvect[1]);
859 (void) close(rpvect[1]);
860 }
861 else if (OpMode == MD_SMTP || HoldErrs)
862 {
863 /* put mailer output in transcript */
864 (void) close(1);
865 (void) dup(fileno(CurEnv->e_xfp));
866 }
867 (void) close(2);
868 (void) dup(1);
869
870 /* arrange to get standard input */
871 (void) close(mpvect[1]);
872 (void) close(0);
873 if (dup(mpvect[0]) < 0)
874 {
875 syserr("Cannot dup to zero!");
876 _exit(EX_OSERR);
877 }
878 (void) close(mpvect[0]);
879 if (!bitnset(M_RESTR, m->m_flags))
880 {
881 if (ctladdr == NULL || ctladdr->q_uid == 0)
882 {
883 (void) setgid(DefGid);
884 (void) initgroups(DefUser, DefGid);
885 (void) setuid(DefUid);
886 }
887 else
888 {
889 (void) setgid(ctladdr->q_gid);
890 (void) initgroups(ctladdr->q_ruser?
891 ctladdr->q_ruser: ctladdr->q_user,
892 ctladdr->q_gid);
893 (void) setuid(ctladdr->q_uid);
894 }
895 }
896
897 /* arrange for all the files to be closed */
898 for (i = 3; i < DtableSize; i++) {
899 register int j;
900 if ((j = fcntl(i, F_GETFD, 0)) != -1)
901 (void)fcntl(i, F_SETFD, j|1);
902 }
903
904 /* try to execute the mailer */
905 execve(m->m_mailer, pvp, UserEnviron);
906 syserr("Cannot exec %s", m->m_mailer);
907 if (m == LocalMailer || errno == EIO || errno == EAGAIN ||
908 errno == ENOMEM || errno == EPROCLIM)
909 _exit(EX_TEMPFAIL);
910 else
911 _exit(EX_UNAVAILABLE);
912 }
913
914 /*
915 ** Set up return value.
916 */
917
918 (void) close(mpvect[0]);
919 mfile = fdopen(mpvect[1], "w");
920 if (clever)
921 {
922 (void) close(rpvect[1]);
923 rfile = fdopen(rpvect[0], "r");
924 } else
925 rfile = NULL;
926
927 *pmfile = mfile;
928 *prfile = rfile;
929
930 return (pid);
931 }
932 �/*
933 ** GIVERESPONSE -- Interpret an error response from a mailer
934 **
935 ** Parameters:
936 ** stat -- the status code from the mailer (high byte
937 ** only; core dumps must have been taken care of
938 ** already).
939 ** m -- the mailer descriptor for this mailer.
940 **
941 ** Returns:
942 ** none.
943 **
944 ** Side Effects:
945 ** Errors may be incremented.
946 ** ExitStat may be set.
947 */
948
949 giveresponse(stat, m, e)
950 int stat;
951 register MAILER *m;
952 ENVELOPE *e;
953 {
954 register char *statmsg;
955 extern char *SysExMsg[];
956 register int i;
957 extern int N_SysEx;
958 #ifdef NAMED_BIND
959 extern int h_errno;
960 #endif
961 char buf[MAXLINE];
962
963 #ifdef lint
964 if (m == NULL)
965 return;
966 #endif lint
967
968 /*
969 ** Compute status message from code.
970 */
971
972 i = stat - EX__BASE;
973 if (stat == 0)
974 statmsg = "250 Sent";
975 else if (i < 0 || i > N_SysEx)
976 {
977 (void) sprintf(buf, "554 unknown mailer error %d", stat);
978 stat = EX_UNAVAILABLE;
979 statmsg = buf;
980 }
981 else if (stat == EX_TEMPFAIL)
982 {
983 (void) strcpy(buf, SysExMsg[i]);
984 #ifdef NAMED_BIND
985 if (h_errno == TRY_AGAIN)
986 {
987 extern char *errstring();
988
989 statmsg = errstring(h_errno+MAX_ERRNO);
990 }
991 else
992 #endif
993 {
994 if (errno != 0)
995 {
996 extern char *errstring();
997
998 statmsg = errstring(errno);
999 }
1000 else
1001 {
1002 #ifdef SMTP
1003 extern char SmtpError[];
1004
1005 statmsg = SmtpError;
1006 #else SMTP
1007 statmsg = NULL;
1008 #endif SMTP
1009 }
1010 }
1011 if (statmsg != NULL && statmsg[0] != '\0')
1012 {
1013 (void) strcat(buf, ": ");
1014 (void) strcat(buf, statmsg);
1015 }
1016 statmsg = buf;
1017 }
1018 else
1019 {
1020 statmsg = SysExMsg[i];
1021 }
1022
1023 /*
1024 ** Print the message as appropriate
1025 */
1026
1027 if (stat == EX_OK || stat == EX_TEMPFAIL)
1028 message(Arpa_Info, &statmsg[4]);
1029 else
1030 {
1031 Errors++;
1032 usrerr(statmsg);
1033 }
1034
1035 /*
1036 ** Final cleanup.
1037 ** Log a record of the transaction. Compute the new
1038 ** ExitStat -- if we already had an error, stick with
1039 ** that.
1040 */
1041
1042 if (LogLevel > ((stat == 0 || stat == EX_TEMPFAIL) ? 3 : 2))
1043 logdelivery(&statmsg[4]);
1044
1045 if (stat != EX_TEMPFAIL)
1046 setstat(stat);
1047 if (stat != EX_OK)
1048 {
1049 if (e->e_message != NULL)
1050 free(e->e_message);
1051 e->e_message = newstr(&statmsg[4]);
1052 }
1053 errno = 0;
1054 #ifdef NAMED_BIND
1055 h_errno = 0;
1056 #endif
1057 }
1058 �/*
1059 ** LOGDELIVERY -- log the delivery in the system log
1060 **
1061 ** Parameters:
1062 ** stat -- the message to print for the status
1063 **
1064 ** Returns:
1065 ** none
1066 **
1067 ** Side Effects:
1068 ** none
1069 */
1070
1071 logdelivery(stat)
1072 char *stat;
1073 {
1074 extern char *pintvl();
1075
1076 # ifdef LOG
1077 syslog(LOG_INFO, "%s: to=%s, delay=%s, stat=%s", CurEnv->e_id,
1078 CurEnv->e_to, pintvl(curtime() - CurEnv->e_ctime, TRUE), stat);
1079 # endif LOG
1080 }
1081 �/*
1082 ** PUTFROMLINE -- output a UNIX-style from line (or whatever)
1083 **
1084 ** This can be made an arbitrary message separator by changing $l
1085 **
1086 ** One of the ugliest hacks seen by human eyes is contained herein:
1087 ** UUCP wants those stupid "remote from <host>" lines. Why oh why
1088 ** does a well-meaning programmer such as myself have to deal with
1089 ** this kind of antique garbage????
1090 **
1091 ** Parameters:
1092 ** fp -- the file to output to.
1093 ** m -- the mailer describing this entry.
1094 **
1095 ** Returns:
1096 ** none
1097 **
1098 ** Side Effects:
1099 ** outputs some text to fp.
1100 */
1101
1102 putfromline(fp, m)
1103 register FILE *fp;
1104 register MAILER *m;
1105 {
1106 char *template = "\001l\n";
1107 char buf[MAXLINE];
1108
1109 if (bitnset(M_NHDR, m->m_flags))
1110 return;
1111
1112 # ifdef UGLYUUCP
1113 if (bitnset(M_UGLYUUCP, m->m_flags))
1114 {
1115 char *bang;
1116 char xbuf[MAXLINE];
1117
1118 expand("\001g", buf, &buf[sizeof buf - 1], CurEnv);
1119 bang = index(buf, '!');
1120 if (bang == NULL)
1121 syserr("No ! in UUCP! (%s)", buf);
1122 else
1123 {
1124 *bang++ = '\0';
1125 (void) sprintf(xbuf, "From %s \001d remote from %s\n", bang, buf);
1126 template = xbuf;
1127 }
1128 }
1129 # endif UGLYUUCP
1130 expand(template, buf, &buf[sizeof buf - 1], CurEnv);
1131 putline(buf, fp, m);
1132 }
1133 �/*
1134 ** PUTBODY -- put the body of a message.
1135 **
1136 ** Parameters:
1137 ** fp -- file to output onto.
1138 ** m -- a mailer descriptor to control output format.
1139 ** e -- the envelope to put out.
1140 **
1141 ** Returns:
1142 ** none.
1143 **
1144 ** Side Effects:
1145 ** The message is written onto fp.
1146 */
1147
1148 putbody(fp, m, e)
1149 FILE *fp;
1150 MAILER *m;
1151 register ENVELOPE *e;
1152 {
1153 char buf[MAXLINE];
1154
1155 /*
1156 ** Output the body of the message
1157 */
1158
1159 if (e->e_dfp == NULL)
1160 {
1161 if (e->e_df != NULL)
1162 {
1163 e->e_dfp = fopen(e->e_df, "r");
1164 if (e->e_dfp == NULL)
1165 syserr("putbody: Cannot open %s for %s from %s",
1166 e->e_df, e->e_to, e->e_from);
1167 }
1168 else
1169 putline("<<< No Message Collected >>>", fp, m);
1170 }
1171 if (e->e_dfp != NULL)
1172 {
1173 rewind(e->e_dfp);
1174 while (!ferror(fp) && fgets(buf, sizeof buf, e->e_dfp) != NULL)
1175 {
1176 if (buf[0] == 'F' && bitnset(M_ESCFROM, m->m_flags) &&
1177 strncmp(buf, "From ", 5) == 0)
1178 (void) putc('>', fp);
1179 putline(buf, fp, m);
1180 }
1181
1182 if (ferror(e->e_dfp))
1183 {
1184 syserr("putbody: read error");
1185 ExitStat = EX_IOERR;
1186 }
1187 }
1188
1189 (void) fflush(fp);
1190 if (ferror(fp) && errno != EPIPE)
1191 {
1192 syserr("putbody: write error");
1193 ExitStat = EX_IOERR;
1194 }
1195 errno = 0;
1196 }
1197 �/*
1198 ** MAILFILE -- Send a message to a file.
1199 **
1200 ** If the file has the setuid/setgid bits set, but NO execute
1201 ** bits, sendmail will try to become the owner of that file
1202 ** rather than the real user. Obviously, this only works if
1203 ** sendmail runs as root.
1204 **
1205 ** This could be done as a subordinate mailer, except that it
1206 ** is used implicitly to save messages in ~/dead.letter. We
1207 ** view this as being sufficiently important as to include it
1208 ** here. For example, if the system is dying, we shouldn't have
1209 ** to create another process plus some pipes to save the message.
1210 **
1211 ** Parameters:
1212 ** filename -- the name of the file to send to.
1213 ** ctladdr -- the controlling address header -- includes
1214 ** the userid/groupid to be when sending.
1215 **
1216 ** Returns:
1217 ** The exit code associated with the operation.
1218 **
1219 ** Side Effects:
1220 ** none.
1221 */
1222
1223 mailfile(filename, ctladdr)
1224 char *filename;
1225 ADDRESS *ctladdr;
1226 {
1227 register FILE *f;
1228 register int pid;
1229 ENVELOPE *e = CurEnv;
1230
1231 /*
1232 ** Fork so we can change permissions here.
1233 ** Note that we MUST use fork, not vfork, because of
1234 ** the complications of calling subroutines, etc.
1235 */
1236
1237 DOFORK(fork);
1238
1239 if (pid < 0)
1240 return (EX_OSERR);
1241 else if (pid == 0)
1242 {
1243 /* child -- actually write to file */
1244 struct stat stb;
1245
1246 (void) signal(SIGINT, SIG_DFL);
1247 (void) signal(SIGHUP, SIG_DFL);
1248 (void) signal(SIGTERM, SIG_DFL);
1249 (void) umask(OldUmask);
1250 if (stat(filename, &stb) < 0)
1251 {
1252 errno = 0;
1253 stb.st_mode = 0666;
1254 }
1255 if (bitset(0111, stb.st_mode))
1256 exit(EX_CANTCREAT);
1257 if (ctladdr == NULL)
1258 ctladdr = &e->e_from;
1259 /* we have to open the dfile BEFORE setuid */
1260 if (e->e_dfp == NULL && e->e_df != NULL)
1261 {
1262 e->e_dfp = fopen(e->e_df, "r");
1263 if (e->e_dfp == NULL) {
1264 syserr("mailfile: Cannot open %s for %s from %s",
1265 e->e_df, e->e_to, e->e_from);
1266 }
1267 }
1268
1269 if (!bitset(S_ISGID, stb.st_mode) || setgid(stb.st_gid) < 0)
1270 {
1271 if (ctladdr->q_uid == 0) {
1272 (void) setgid(DefGid);
1273 (void) initgroups(DefUser, DefGid);
1274 } else {
1275 (void) setgid(ctladdr->q_gid);
1276 (void) initgroups(ctladdr->q_ruser?
1277 ctladdr->q_ruser: ctladdr->q_user,
1278 ctladdr->q_gid);
1279 }
1280 }
1281 if (!bitset(S_ISUID, stb.st_mode) || setuid(stb.st_uid) < 0)
1282 {
1283 if (ctladdr->q_uid == 0)
1284 (void) setuid(DefUid);
1285 else
1286 (void) setuid(ctladdr->q_uid);
1287 }
1288 f = dfopen(filename, "a");
1289 if (f == NULL)
1290 exit(EX_CANTCREAT);
1291
1292 putfromline(f, ProgMailer);
1293 (*CurEnv->e_puthdr)(f, ProgMailer, CurEnv);
1294 putline("\n", f, ProgMailer);
1295 (*CurEnv->e_putbody)(f, ProgMailer, CurEnv);
1296 putline("\n", f, ProgMailer);
1297 (void) fclose(f);
1298 (void) fflush(stdout);
1299
1300 /* reset ISUID & ISGID bits for paranoid systems */
1301 (void) chmod(filename, (int) stb.st_mode);
1302 exit(EX_OK);
1303 /*NOTREACHED*/
1304 }
1305 else
1306 {
1307 /* parent -- wait for exit status */
1308 int st;
1309
1310 st = waitfor(pid);
1311 if ((st & 0377) != 0)
1312 return (EX_UNAVAILABLE);
1313 else
1314 return ((st >> 8) & 0377);
1315 /*NOTREACHED*/
1316 }
1317 }
1318 �/*
1319 ** SENDALL -- actually send all the messages.
1320 **
1321 ** Parameters:
1322 ** e -- the envelope to send.
1323 ** mode -- the delivery mode to use. If SM_DEFAULT, use
1324 ** the current SendMode.
1325 **
1326 ** Returns:
1327 ** none.
1328 **
1329 ** Side Effects:
1330 ** Scans the send lists and sends everything it finds.
1331 ** Delivers any appropriate error messages.
1332 ** If we are running in a non-interactive mode, takes the
1333 ** appropriate action.
1334 */
1335
1336 sendall(e, mode)
1337 ENVELOPE *e;
1338 char mode;
1339 {
1340 register ADDRESS *q;
1341 bool oldverbose;
1342 int pid;
1343 int nsent;
1344 FILE *lockfp = NULL, *queueup();
1345
1346 /* determine actual delivery mode */
1347 if (mode == SM_DEFAULT)
1348 {
1349 extern bool shouldqueue();
1350
1351 if (shouldqueue(e->e_msgpriority))
1352 mode = SM_QUEUE;
1353 else
1354 mode = SendMode;
1355 }
1356
1357 if (tTd(13, 1))
1358 {
1359 printf("\nSENDALL: mode %c, sendqueue:\n", mode);
1360 printaddr(e->e_sendqueue, TRUE);
1361 }
1362
1363 /*
1364 ** Do any preprocessing necessary for the mode we are running.
1365 ** Check to make sure the hop count is reasonable.
1366 ** Delete sends to the sender in mailing lists.
1367 */
1368
1369 CurEnv = e;
1370
1371 if (e->e_hopcount > MAXHOP)
1372 {
1373 errno = 0;
1374 syserr("sendall: too many hops %d (%d max): from %s, to %s",
1375 e->e_hopcount, MAXHOP, e->e_from, e->e_to);
1376 return;
1377 }
1378
1379 if (!MeToo)
1380 {
1381 extern ADDRESS *recipient();
1382
1383 e->e_from.q_flags |= QDONTSEND;
1384 (void) recipient(&e->e_from, &e->e_sendqueue);
1385 }
1386
1387 # ifdef QUEUE
1388 if ((mode == SM_QUEUE || mode == SM_FORK ||
1389 (mode != SM_VERIFY && SuperSafe)) &&
1390 !bitset(EF_INQUEUE, e->e_flags))
1391 lockfp = queueup(e, TRUE, mode == SM_QUEUE);
1392 #endif QUEUE
1393
1394 oldverbose = Verbose;
1395 switch (mode)
1396 {
1397 case SM_VERIFY:
1398 Verbose = TRUE;
1399 break;
1400
1401 case SM_QUEUE:
1402 e->e_flags |= EF_INQUEUE|EF_KEEPQUEUE;
1403 return;
1404
1405 case SM_FORK:
1406 if (e->e_xfp != NULL)
1407 (void) fflush(e->e_xfp);
1408 pid = fork();
1409 if (pid < 0)
1410 {
1411 mode = SM_DELIVER;
1412 break;
1413 }
1414 else if (pid > 0)
1415 {
1416 /* be sure we leave the temp files to our child */
1417 e->e_id = e->e_df = NULL;
1418 if (lockfp != NULL)
1419 (void) fclose(lockfp);
1420 return;
1421 }
1422
1423 /* double fork to avoid zombies */
1424 if (fork() > 0)
1425 exit(EX_OK);
1426
1427 /* be sure we are immune from the terminal */
1428 disconnect(FALSE);
1429
1430 break;
1431 }
1432
1433 /*
1434 ** Run through the list and send everything.
1435 */
1436
1437 nsent = 0;
1438 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1439 {
1440 if (mode == SM_VERIFY)
1441 {
1442 e->e_to = q->q_paddr;
1443 if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
1444 message(Arpa_Info, "deliverable");
1445 }
1446 else if (!bitset(QDONTSEND, q->q_flags))
1447 {
1448 /*
1449 ** Checkpoint the send list every few addresses
1450 */
1451
1452 if (nsent >= CheckpointInterval)
1453 {
1454 queueup(e, TRUE, FALSE);
1455 nsent = 0;
1456 }
1457 if (deliver(e, q) == EX_OK)
1458 nsent++;
1459 }
1460 }
1461 Verbose = oldverbose;
1462
1463 /*
1464 ** Now run through and check for errors.
1465 */
1466
1467 if (mode == SM_VERIFY) {
1468 if (lockfp != NULL)
1469 (void) fclose(lockfp);
1470 return;
1471 }
1472
1473 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1474 {
1475 register ADDRESS *qq;
1476
1477 if (tTd(13, 3))
1478 {
1479 printf("Checking ");
1480 printaddr(q, FALSE);
1481 }
1482
1483 /* only send errors if the message failed */
1484 if (!bitset(QBADADDR, q->q_flags))
1485 continue;
1486
1487 /* we have an address that failed -- find the parent */
1488 for (qq = q; qq != NULL; qq = qq->q_alias)
1489 {
1490 char obuf[MAXNAME + 6];
1491 extern char *aliaslookup();
1492
1493 /* we can only have owners for local addresses */
1494 if (!bitnset(M_LOCAL, qq->q_mailer->m_flags))
1495 continue;
1496
1497 /* see if the owner list exists */
1498 (void) strcpy(obuf, "owner-");
1499 if (strncmp(qq->q_user, "owner-", 6) == 0)
1500 (void) strcat(obuf, "owner");
1501 else
1502 (void) strcat(obuf, qq->q_user);
1503 makelower(obuf);
1504 if (aliaslookup(obuf) == NULL)
1505 continue;
1506
1507 if (tTd(13, 4))
1508 printf("Errors to %s\n", obuf);
1509
1510 /* owner list exists -- add it to the error queue */
1511 sendtolist(obuf, (ADDRESS *) NULL, &e->e_errorqueue);
1512 ErrorMode = EM_MAIL;
1513 break;
1514 }
1515
1516 /* if we did not find an owner, send to the sender */
1517 if (qq == NULL && bitset(QBADADDR, q->q_flags))
1518 sendtolist(e->e_from.q_paddr, qq, &e->e_errorqueue);
1519 }
1520
1521 /* this removes the lock on the file */
1522 if (lockfp != NULL)
1523 (void) fclose(lockfp);
1524
1525 if (mode == SM_FORK)
1526 finis();
1527 }
1528