1 /* 2 * Copyright (c) 1983 Eric P. Allman 3 * Copyright (c) 1988 Regents of the University of California. 4 * All rights reserved. 5 * 6 * %sccs.include.redist.c% 7 */ 8 9 #ifndef lint 10 static char sccsid[] = "@(#)deliver.c 5.41 (Berkeley) 03/21/91"; 11 #endif /* not lint */ 12 13 #include "sendmail.h" 14 #include <sys/signal.h> 15 #include <sys/stat.h> 16 #include <netdb.h> 17 #include <fcntl.h> 18 #include <errno.h> 19 #ifdef NAMED_BIND 20 #include <sys/param.h> 21 #include <arpa/nameser.h> 22 #include <resolv.h> 23 #endif 24 25 /* 26 ** DELIVER -- Deliver a message to a list of addresses. 27 ** 28 ** This routine delivers to everyone on the same host as the 29 ** user on the head of the list. It is clever about mailers 30 ** that don't handle multiple users. It is NOT guaranteed 31 ** that it will deliver to all these addresses however -- so 32 ** deliver should be called once for each address on the 33 ** list. 34 ** 35 ** Parameters: 36 ** e -- the envelope to deliver. 37 ** firstto -- head of the address list to deliver to. 38 ** 39 ** Returns: 40 ** zero -- successfully delivered. 41 ** else -- some failure, see ExitStat for more info. 42 ** 43 ** Side Effects: 44 ** The standard input is passed off to someone. 45 */ 46 47 deliver(e, firstto) 48 register ENVELOPE *e; 49 ADDRESS *firstto; 50 { 51 char *host; /* host being sent to */ 52 char *user; /* user being sent to */ 53 char **pvp; 54 register char **mvp; 55 register char *p; 56 register MAILER *m; /* mailer for this recipient */ 57 ADDRESS *ctladdr; 58 register ADDRESS *to = firstto; 59 bool clever = FALSE; /* running user smtp to this mailer */ 60 ADDRESS *tochain = NULL; /* chain of users in this mailer call */ 61 int rcode; /* response code */ 62 char *pv[MAXPV+1]; 63 char tobuf[MAXLINE-50]; /* text line of to people */ 64 char buf[MAXNAME]; 65 char tfrombuf[MAXNAME]; /* translated from person */ 66 extern bool checkcompat(); 67 extern ADDRESS *getctladdr(); 68 extern char *remotename(); 69 70 errno = 0; 71 if (bitset(QDONTSEND, to->q_flags)) 72 return (0); 73 74 #ifdef NAMED_BIND 75 /* unless interactive, try twice, over a minute */ 76 if (OpMode == MD_DAEMON || OpMode == MD_SMTP) { 77 _res.retrans = 30; 78 _res.retry = 2; 79 } 80 #endif 81 82 m = to->q_mailer; 83 host = to->q_host; 84 85 if (tTd(10, 1)) 86 printf("\n--deliver, mailer=%d, host=`%s', first user=`%s'\n", 87 m->m_mno, host, to->q_user); 88 89 /* 90 ** If this mailer is expensive, and if we don't want to make 91 ** connections now, just mark these addresses and return. 92 ** This is useful if we want to batch connections to 93 ** reduce load. This will cause the messages to be 94 ** queued up, and a daemon will come along to send the 95 ** messages later. 96 ** This should be on a per-mailer basis. 97 */ 98 99 if (NoConnect && !QueueRun && bitnset(M_EXPENSIVE, m->m_flags) && 100 !Verbose) 101 { 102 for (; to != NULL; to = to->q_next) 103 { 104 if (bitset(QDONTSEND, to->q_flags) || to->q_mailer != m) 105 continue; 106 to->q_flags |= QQUEUEUP|QDONTSEND; 107 e->e_to = to->q_paddr; 108 message(Arpa_Info, "queued"); 109 if (LogLevel > 4) 110 logdelivery("queued"); 111 } 112 e->e_to = NULL; 113 return (0); 114 } 115 116 /* 117 ** Do initial argv setup. 118 ** Insert the mailer name. Notice that $x expansion is 119 ** NOT done on the mailer name. Then, if the mailer has 120 ** a picky -f flag, we insert it as appropriate. This 121 ** code does not check for 'pv' overflow; this places a 122 ** manifest lower limit of 4 for MAXPV. 123 ** The from address rewrite is expected to make 124 ** the address relative to the other end. 125 */ 126 127 /* rewrite from address, using rewriting rules */ 128 expand("\001f", buf, &buf[sizeof buf - 1], e); 129 (void) strcpy(tfrombuf, remotename(buf, m, TRUE, TRUE)); 130 131 define('g', tfrombuf, e); /* translated sender address */ 132 define('h', host, e); /* to host */ 133 Errors = 0; 134 pvp = pv; 135 *pvp++ = m->m_argv[0]; 136 137 /* insert -f or -r flag as appropriate */ 138 if (FromFlag && (bitnset(M_FOPT, m->m_flags) || bitnset(M_ROPT, m->m_flags))) 139 { 140 if (bitnset(M_FOPT, m->m_flags)) 141 *pvp++ = "-f"; 142 else 143 *pvp++ = "-r"; 144 expand("\001g", buf, &buf[sizeof buf - 1], e); 145 *pvp++ = newstr(buf); 146 } 147 148 /* 149 ** Append the other fixed parts of the argv. These run 150 ** up to the first entry containing "$u". There can only 151 ** be one of these, and there are only a few more slots 152 ** in the pv after it. 153 */ 154 155 for (mvp = m->m_argv; (p = *++mvp) != NULL; ) 156 { 157 while ((p = index(p, '\001')) != NULL) 158 if (*++p == 'u') 159 break; 160 if (p != NULL) 161 break; 162 163 /* this entry is safe -- go ahead and process it */ 164 expand(*mvp, buf, &buf[sizeof buf - 1], e); 165 *pvp++ = newstr(buf); 166 if (pvp >= &pv[MAXPV - 3]) 167 { 168 syserr("Too many parameters to %s before $u", pv[0]); 169 return (-1); 170 } 171 } 172 173 /* 174 ** If we have no substitution for the user name in the argument 175 ** list, we know that we must supply the names otherwise -- and 176 ** SMTP is the answer!! 177 */ 178 179 if (*mvp == NULL) 180 { 181 /* running SMTP */ 182 # ifdef SMTP 183 clever = TRUE; 184 *pvp = NULL; 185 # else SMTP 186 /* oops! we don't implement SMTP */ 187 syserr("SMTP style mailer"); 188 return (EX_SOFTWARE); 189 # endif SMTP 190 } 191 192 /* 193 ** At this point *mvp points to the argument with $u. We 194 ** run through our address list and append all the addresses 195 ** we can. If we run out of space, do not fret! We can 196 ** always send another copy later. 197 */ 198 199 tobuf[0] = '\0'; 200 e->e_to = tobuf; 201 ctladdr = NULL; 202 for (; to != NULL; to = to->q_next) 203 { 204 /* avoid sending multiple recipients to dumb mailers */ 205 if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags)) 206 break; 207 208 /* if already sent or not for this host, don't send */ 209 if (bitset(QDONTSEND, to->q_flags) || 210 strcmp(to->q_host, host) != 0 || 211 to->q_mailer != firstto->q_mailer) 212 continue; 213 214 /* avoid overflowing tobuf */ 215 if (sizeof tobuf < (strlen(to->q_paddr) + strlen(tobuf) + 2)) 216 break; 217 218 if (tTd(10, 1)) 219 { 220 printf("\nsend to "); 221 printaddr(to, FALSE); 222 } 223 224 /* compute effective uid/gid when sending */ 225 if (to->q_mailer == ProgMailer) 226 ctladdr = getctladdr(to); 227 228 user = to->q_user; 229 e->e_to = to->q_paddr; 230 to->q_flags |= QDONTSEND; 231 232 /* 233 ** Check to see that these people are allowed to 234 ** talk to each other. 235 */ 236 237 if (m->m_maxsize != 0 && e->e_msgsize > m->m_maxsize) 238 { 239 NoReturn = TRUE; 240 usrerr("Message is too large; %ld bytes max", m->m_maxsize); 241 giveresponse(EX_UNAVAILABLE, m, e); 242 continue; 243 } 244 if (!checkcompat(to)) 245 { 246 giveresponse(EX_UNAVAILABLE, m, e); 247 continue; 248 } 249 250 /* 251 ** Strip quote bits from names if the mailer is dumb 252 ** about them. 253 */ 254 255 if (bitnset(M_STRIPQ, m->m_flags)) 256 { 257 stripquotes(user, TRUE); 258 stripquotes(host, TRUE); 259 } 260 else 261 { 262 stripquotes(user, FALSE); 263 stripquotes(host, FALSE); 264 } 265 266 /* hack attack -- delivermail compatibility */ 267 if (m == ProgMailer && *user == '|') 268 user++; 269 270 /* 271 ** If an error message has already been given, don't 272 ** bother to send to this address. 273 ** 274 ** >>>>>>>>>> This clause assumes that the local mailer 275 ** >> NOTE >> cannot do any further aliasing; that 276 ** >>>>>>>>>> function is subsumed by sendmail. 277 */ 278 279 if (bitset(QBADADDR|QQUEUEUP, to->q_flags)) 280 continue; 281 282 /* save statistics.... */ 283 markstats(e, to); 284 285 /* 286 ** See if this user name is "special". 287 ** If the user name has a slash in it, assume that this 288 ** is a file -- send it off without further ado. Note 289 ** that this type of addresses is not processed along 290 ** with the others, so we fudge on the To person. 291 */ 292 293 if (m == LocalMailer) 294 { 295 if (user[0] == '/') 296 { 297 rcode = mailfile(user, getctladdr(to)); 298 giveresponse(rcode, m, e); 299 if (rcode == EX_OK) 300 to->q_flags |= QSENT; 301 continue; 302 } 303 } 304 305 /* 306 ** Address is verified -- add this user to mailer 307 ** argv, and add it to the print list of recipients. 308 */ 309 310 /* link together the chain of recipients */ 311 to->q_tchain = tochain; 312 tochain = to; 313 314 /* create list of users for error messages */ 315 (void) strcat(tobuf, ","); 316 (void) strcat(tobuf, to->q_paddr); 317 define('u', user, e); /* to user */ 318 define('z', to->q_home, e); /* user's home */ 319 320 /* 321 ** Expand out this user into argument list. 322 */ 323 324 if (!clever) 325 { 326 expand(*mvp, buf, &buf[sizeof buf - 1], e); 327 *pvp++ = newstr(buf); 328 if (pvp >= &pv[MAXPV - 2]) 329 { 330 /* allow some space for trailing parms */ 331 break; 332 } 333 } 334 } 335 336 /* see if any addresses still exist */ 337 if (tobuf[0] == '\0') 338 { 339 define('g', (char *) NULL, e); 340 return (0); 341 } 342 343 /* print out messages as full list */ 344 e->e_to = tobuf + 1; 345 346 /* 347 ** Fill out any parameters after the $u parameter. 348 */ 349 350 while (!clever && *++mvp != NULL) 351 { 352 expand(*mvp, buf, &buf[sizeof buf - 1], e); 353 *pvp++ = newstr(buf); 354 if (pvp >= &pv[MAXPV]) 355 syserr("deliver: pv overflow after $u for %s", pv[0]); 356 } 357 *pvp++ = NULL; 358 359 /* 360 ** Call the mailer. 361 ** The argument vector gets built, pipes 362 ** are created as necessary, and we fork & exec as 363 ** appropriate. 364 ** If we are running SMTP, we just need to clean up. 365 */ 366 367 if (ctladdr == NULL) 368 ctladdr = &e->e_from; 369 #ifdef NAMED_BIND 370 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */ 371 #endif 372 #ifdef SMTP 373 if (clever) 374 { 375 rcode = EX_OK; 376 #ifdef NAMED_BIND 377 if (host[0] && host[0] != '[') 378 { 379 expand("\001w", buf, &buf[sizeof(buf) - 1], e); 380 Nmx = getmxrr(host, MxHosts, buf, &rcode); 381 } 382 else 383 #endif 384 { 385 Nmx = 1; 386 MxHosts[0] = host; 387 } 388 if (Nmx >= 0) 389 { 390 message(Arpa_Info, "Connecting to %s (%s)...", 391 MxHosts[0], m->m_name); 392 if ((rcode = smtpinit(m, pv)) == EX_OK) { 393 register char *t = tobuf; 394 register int i; 395 396 /* send the recipient list */ 397 tobuf[0] = '\0'; 398 for (to = tochain; to; to = to->q_tchain) { 399 e->e_to = to->q_paddr; 400 if ((i = smtprcpt(to, m)) != EX_OK) { 401 markfailure(e, to, i); 402 giveresponse(i, m, e); 403 } 404 else { 405 *t++ = ','; 406 for (p = to->q_paddr; *p; *t++ = *p++); 407 } 408 } 409 410 /* now send the data */ 411 if (tobuf[0] == '\0') 412 e->e_to = NULL; 413 else { 414 e->e_to = tobuf + 1; 415 rcode = smtpdata(m, e); 416 } 417 418 /* now close the connection */ 419 smtpquit(m); 420 } 421 } 422 } 423 else 424 #endif /* SMTP */ 425 { 426 static int sendoff(); 427 428 message(Arpa_Info, "Connecting to %s (%s)...", host, m->m_name); 429 rcode = sendoff(e, m, pv, ctladdr); 430 } 431 #ifdef NAMED_BIND 432 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */ 433 #endif 434 435 /* 436 ** Do final status disposal. 437 ** We check for something in tobuf for the SMTP case. 438 ** If we got a temporary failure, arrange to queue the 439 ** addressees. 440 */ 441 442 if (tobuf[0] != '\0') 443 giveresponse(rcode, m, e); 444 for (to = tochain; to != NULL; to = to->q_tchain) 445 if (rcode != EX_OK) 446 markfailure(e, to, rcode); 447 else 448 to->q_flags |= QSENT; 449 450 errno = 0; 451 define('g', (char *) NULL, e); 452 return (rcode); 453 } 454 /* 455 ** MARKFAILURE -- mark a failure on a specific address. 456 ** 457 ** Parameters: 458 ** e -- the envelope we are sending. 459 ** q -- the address to mark. 460 ** rcode -- the code signifying the particular failure. 461 ** 462 ** Returns: 463 ** none. 464 ** 465 ** Side Effects: 466 ** marks the address (and possibly the envelope) with the 467 ** failure so that an error will be returned or 468 ** the message will be queued, as appropriate. 469 */ 470 471 markfailure(e, q, rcode) 472 register ENVELOPE *e; 473 register ADDRESS *q; 474 int rcode; 475 { 476 if (rcode == EX_OK) 477 return; 478 else if (rcode != EX_TEMPFAIL && rcode != EX_IOERR && rcode != EX_OSERR) 479 q->q_flags |= QBADADDR; 480 else if (curtime() > e->e_ctime + TimeOut) 481 { 482 extern char *pintvl(); 483 char buf[MAXLINE]; 484 485 if (!bitset(EF_TIMEOUT, e->e_flags)) 486 { 487 (void) sprintf(buf, "Cannot send message for %s", 488 pintvl(TimeOut, FALSE)); 489 if (e->e_message != NULL) 490 free(e->e_message); 491 e->e_message = newstr(buf); 492 message(Arpa_Info, buf); 493 } 494 q->q_flags |= QBADADDR; 495 e->e_flags |= EF_TIMEOUT; 496 } 497 else 498 q->q_flags |= QQUEUEUP; 499 } 500 /* 501 ** DOFORK -- do a fork, retrying a couple of times on failure. 502 ** 503 ** This MUST be a macro, since after a vfork we are running 504 ** two processes on the same stack!!! 505 ** 506 ** Parameters: 507 ** none. 508 ** 509 ** Returns: 510 ** From a macro??? You've got to be kidding! 511 ** 512 ** Side Effects: 513 ** Modifies the ==> LOCAL <== variable 'pid', leaving: 514 ** pid of child in parent, zero in child. 515 ** -1 on unrecoverable error. 516 ** 517 ** Notes: 518 ** I'm awfully sorry this looks so awful. That's 519 ** vfork for you..... 520 */ 521 522 # define NFORKTRIES 5 523 # ifdef VMUNIX 524 # define XFORK vfork 525 # else VMUNIX 526 # define XFORK fork 527 # endif VMUNIX 528 529 # define DOFORK(fORKfN) \ 530 {\ 531 register int i;\ 532 \ 533 for (i = NFORKTRIES; --i >= 0; )\ 534 {\ 535 pid = fORKfN();\ 536 if (pid >= 0)\ 537 break;\ 538 if (i > 0)\ 539 sleep((unsigned) NFORKTRIES - i);\ 540 }\ 541 } 542 /* 543 ** DOFORK -- simple fork interface to DOFORK. 544 ** 545 ** Parameters: 546 ** none. 547 ** 548 ** Returns: 549 ** pid of child in parent. 550 ** zero in child. 551 ** -1 on error. 552 ** 553 ** Side Effects: 554 ** returns twice, once in parent and once in child. 555 */ 556 557 dofork() 558 { 559 register int pid; 560 561 DOFORK(fork); 562 return (pid); 563 } 564 /* 565 ** SENDOFF -- send off call to mailer & collect response. 566 ** 567 ** Parameters: 568 ** e -- the envelope to mail. 569 ** m -- mailer descriptor. 570 ** pvp -- parameter vector to send to it. 571 ** ctladdr -- an address pointer controlling the 572 ** user/groupid etc. of the mailer. 573 ** 574 ** Returns: 575 ** exit status of mailer. 576 ** 577 ** Side Effects: 578 ** none. 579 */ 580 static 581 sendoff(e, m, pvp, ctladdr) 582 register ENVELOPE *e; 583 MAILER *m; 584 char **pvp; 585 ADDRESS *ctladdr; 586 { 587 auto FILE *mfile; 588 auto FILE *rfile; 589 register int i; 590 int pid; 591 592 /* 593 ** Create connection to mailer. 594 */ 595 596 pid = openmailer(m, pvp, ctladdr, FALSE, &mfile, &rfile); 597 if (pid < 0) 598 return (-1); 599 600 /* 601 ** Format and send message. 602 */ 603 604 putfromline(mfile, m); 605 (*e->e_puthdr)(mfile, m, e); 606 putline("\n", mfile, m); 607 (*e->e_putbody)(mfile, m, e); 608 (void) fclose(mfile); 609 if (rfile != NULL) 610 (void) fclose(rfile); 611 612 i = endmailer(pid, pvp[0]); 613 614 /* arrange a return receipt if requested */ 615 if (e->e_receiptto != NULL && bitnset(M_LOCAL, m->m_flags)) 616 { 617 e->e_flags |= EF_SENDRECEIPT; 618 /* do we want to send back more info? */ 619 } 620 621 return (i); 622 } 623 /* 624 ** ENDMAILER -- Wait for mailer to terminate. 625 ** 626 ** We should never get fatal errors (e.g., segmentation 627 ** violation), so we report those specially. For other 628 ** errors, we choose a status message (into statmsg), 629 ** and if it represents an error, we print it. 630 ** 631 ** Parameters: 632 ** pid -- pid of mailer. 633 ** name -- name of mailer (for error messages). 634 ** 635 ** Returns: 636 ** exit code of mailer. 637 ** 638 ** Side Effects: 639 ** none. 640 */ 641 642 endmailer(pid, name) 643 int pid; 644 char *name; 645 { 646 int st; 647 648 /* in the IPC case there is nothing to wait for */ 649 if (pid == 0) 650 return (EX_OK); 651 652 /* wait for the mailer process to die and collect status */ 653 st = waitfor(pid); 654 if (st == -1) 655 { 656 syserr("endmailer %s: wait", name); 657 return (EX_SOFTWARE); 658 } 659 660 /* see if it died a horrid death */ 661 if ((st & 0377) != 0) 662 { 663 syserr("mailer %s died with signal %o", name, st); 664 ExitStat = EX_TEMPFAIL; 665 return (EX_TEMPFAIL); 666 } 667 668 /* normal death -- return status */ 669 st = (st >> 8) & 0377; 670 return (st); 671 } 672 /* 673 ** OPENMAILER -- open connection to mailer. 674 ** 675 ** Parameters: 676 ** m -- mailer descriptor. 677 ** pvp -- parameter vector to pass to mailer. 678 ** ctladdr -- controlling address for user. 679 ** clever -- create a full duplex connection. 680 ** pmfile -- pointer to mfile (to mailer) connection. 681 ** prfile -- pointer to rfile (from mailer) connection. 682 ** 683 ** Returns: 684 ** pid of mailer ( > 0 ). 685 ** -1 on error. 686 ** zero on an IPC connection. 687 ** 688 ** Side Effects: 689 ** creates a mailer in a subprocess. 690 */ 691 692 openmailer(m, pvp, ctladdr, clever, pmfile, prfile) 693 MAILER *m; 694 char **pvp; 695 ADDRESS *ctladdr; 696 bool clever; 697 FILE **pmfile; 698 FILE **prfile; 699 { 700 int pid; 701 int mpvect[2]; 702 int rpvect[2]; 703 FILE *mfile = NULL; 704 FILE *rfile = NULL; 705 extern FILE *fdopen(); 706 707 if (tTd(11, 1)) 708 { 709 printf("openmailer:"); 710 printav(pvp); 711 } 712 errno = 0; 713 714 CurHostName = m->m_mailer; 715 716 /* 717 ** Deal with the special case of mail handled through an IPC 718 ** connection. 719 ** In this case we don't actually fork. We must be 720 ** running SMTP for this to work. We will return a 721 ** zero pid to indicate that we are running IPC. 722 ** We also handle a debug version that just talks to stdin/out. 723 */ 724 725 /* check for Local Person Communication -- not for mortals!!! */ 726 if (strcmp(m->m_mailer, "[LPC]") == 0) 727 { 728 *pmfile = stdout; 729 *prfile = stdin; 730 return (0); 731 } 732 733 if (strcmp(m->m_mailer, "[IPC]") == 0) 734 { 735 #ifdef HOSTINFO 736 register STAB *st; 737 extern STAB *stab(); 738 #endif HOSTINFO 739 #ifdef DAEMON 740 register int i, j; 741 register u_short port; 742 743 CurHostName = pvp[1]; 744 if (!clever) 745 syserr("non-clever IPC"); 746 if (pvp[2] != NULL) 747 port = atoi(pvp[2]); 748 else 749 port = 0; 750 for (j = 0; j < Nmx; j++) 751 { 752 CurHostName = MxHosts[j]; 753 #ifdef HOSTINFO 754 /* see if we have already determined that this host is fried */ 755 st = stab(MxHosts[j], ST_HOST, ST_FIND); 756 if (st == NULL || st->s_host.ho_exitstat == EX_OK) { 757 if (j > 1) 758 message(Arpa_Info, 759 "Connecting to %s (%s)...", 760 MxHosts[j], m->m_name); 761 i = makeconnection(MxHosts[j], port, pmfile, prfile); 762 } 763 else 764 { 765 i = st->s_host.ho_exitstat; 766 errno = st->s_host.ho_errno; 767 } 768 #else HOSTINFO 769 i = makeconnection(MxHosts[j], port, pmfile, prfile); 770 #endif HOSTINFO 771 if (i != EX_OK) 772 { 773 #ifdef HOSTINFO 774 /* enter status of this host */ 775 if (st == NULL) 776 st = stab(MxHosts[j], ST_HOST, ST_ENTER); 777 st->s_host.ho_exitstat = i; 778 st->s_host.ho_errno = errno; 779 #endif HOSTINFO 780 ExitStat = i; 781 continue; 782 } 783 else 784 return (0); 785 } 786 return (-1); 787 #else DAEMON 788 syserr("openmailer: no IPC"); 789 return (-1); 790 #endif DAEMON 791 } 792 793 /* create a pipe to shove the mail through */ 794 if (pipe(mpvect) < 0) 795 { 796 syserr("openmailer: pipe (to mailer)"); 797 return (-1); 798 } 799 800 #ifdef SMTP 801 /* if this mailer speaks smtp, create a return pipe */ 802 if (clever && pipe(rpvect) < 0) 803 { 804 syserr("openmailer: pipe (from mailer)"); 805 (void) close(mpvect[0]); 806 (void) close(mpvect[1]); 807 return (-1); 808 } 809 #endif SMTP 810 811 /* 812 ** Actually fork the mailer process. 813 ** DOFORK is clever about retrying. 814 ** 815 ** Dispose of SIGCHLD signal catchers that may be laying 816 ** around so that endmail will get it. 817 */ 818 819 if (CurEnv->e_xfp != NULL) 820 (void) fflush(CurEnv->e_xfp); /* for debugging */ 821 (void) fflush(stdout); 822 # ifdef SIGCHLD 823 (void) signal(SIGCHLD, SIG_DFL); 824 # endif SIGCHLD 825 DOFORK(XFORK); 826 /* pid is set by DOFORK */ 827 if (pid < 0) 828 { 829 /* failure */ 830 syserr("openmailer: cannot fork"); 831 (void) close(mpvect[0]); 832 (void) close(mpvect[1]); 833 #ifdef SMTP 834 if (clever) 835 { 836 (void) close(rpvect[0]); 837 (void) close(rpvect[1]); 838 } 839 #endif SMTP 840 return (-1); 841 } 842 else if (pid == 0) 843 { 844 int i; 845 extern int DtableSize; 846 847 /* child -- set up input & exec mailer */ 848 /* make diagnostic output be standard output */ 849 (void) signal(SIGINT, SIG_IGN); 850 (void) signal(SIGHUP, SIG_IGN); 851 (void) signal(SIGTERM, SIG_DFL); 852 853 /* arrange to filter standard & diag output of command */ 854 if (clever) 855 { 856 (void) close(rpvect[0]); 857 (void) close(1); 858 (void) dup(rpvect[1]); 859 (void) close(rpvect[1]); 860 } 861 else if (OpMode == MD_SMTP || HoldErrs) 862 { 863 /* put mailer output in transcript */ 864 (void) close(1); 865 (void) dup(fileno(CurEnv->e_xfp)); 866 } 867 (void) close(2); 868 (void) dup(1); 869 870 /* arrange to get standard input */ 871 (void) close(mpvect[1]); 872 (void) close(0); 873 if (dup(mpvect[0]) < 0) 874 { 875 syserr("Cannot dup to zero!"); 876 _exit(EX_OSERR); 877 } 878 (void) close(mpvect[0]); 879 if (!bitnset(M_RESTR, m->m_flags)) 880 { 881 if (ctladdr == NULL || ctladdr->q_uid == 0) 882 { 883 (void) setgid(DefGid); 884 (void) initgroups(DefUser, DefGid); 885 (void) setuid(DefUid); 886 } 887 else 888 { 889 (void) setgid(ctladdr->q_gid); 890 (void) initgroups(ctladdr->q_ruser? 891 ctladdr->q_ruser: ctladdr->q_user, 892 ctladdr->q_gid); 893 (void) setuid(ctladdr->q_uid); 894 } 895 } 896 897 /* arrange for all the files to be closed */ 898 for (i = 3; i < DtableSize; i++) { 899 register int j; 900 if ((j = fcntl(i, F_GETFD, 0)) != -1) 901 (void)fcntl(i, F_SETFD, j|1); 902 } 903 904 /* try to execute the mailer */ 905 execve(m->m_mailer, pvp, UserEnviron); 906 syserr("Cannot exec %s", m->m_mailer); 907 if (m == LocalMailer || errno == EIO || errno == EAGAIN || 908 errno == ENOMEM || errno == EPROCLIM) 909 _exit(EX_TEMPFAIL); 910 else 911 _exit(EX_UNAVAILABLE); 912 } 913 914 /* 915 ** Set up return value. 916 */ 917 918 (void) close(mpvect[0]); 919 mfile = fdopen(mpvect[1], "w"); 920 if (clever) 921 { 922 (void) close(rpvect[1]); 923 rfile = fdopen(rpvect[0], "r"); 924 } else 925 rfile = NULL; 926 927 *pmfile = mfile; 928 *prfile = rfile; 929 930 return (pid); 931 } 932 /* 933 ** GIVERESPONSE -- Interpret an error response from a mailer 934 ** 935 ** Parameters: 936 ** stat -- the status code from the mailer (high byte 937 ** only; core dumps must have been taken care of 938 ** already). 939 ** m -- the mailer descriptor for this mailer. 940 ** 941 ** Returns: 942 ** none. 943 ** 944 ** Side Effects: 945 ** Errors may be incremented. 946 ** ExitStat may be set. 947 */ 948 949 giveresponse(stat, m, e) 950 int stat; 951 register MAILER *m; 952 ENVELOPE *e; 953 { 954 register char *statmsg; 955 extern char *SysExMsg[]; 956 register int i; 957 extern int N_SysEx; 958 #ifdef NAMED_BIND 959 extern int h_errno; 960 #endif 961 char buf[MAXLINE]; 962 963 #ifdef lint 964 if (m == NULL) 965 return; 966 #endif lint 967 968 /* 969 ** Compute status message from code. 970 */ 971 972 i = stat - EX__BASE; 973 if (stat == 0) 974 statmsg = "250 Sent"; 975 else if (i < 0 || i > N_SysEx) 976 { 977 (void) sprintf(buf, "554 unknown mailer error %d", stat); 978 stat = EX_UNAVAILABLE; 979 statmsg = buf; 980 } 981 else if (stat == EX_TEMPFAIL) 982 { 983 (void) strcpy(buf, SysExMsg[i]); 984 #ifdef NAMED_BIND 985 if (h_errno == TRY_AGAIN) 986 { 987 extern char *errstring(); 988 989 statmsg = errstring(h_errno+MAX_ERRNO); 990 } 991 else 992 #endif 993 { 994 if (errno != 0) 995 { 996 extern char *errstring(); 997 998 statmsg = errstring(errno); 999 } 1000 else 1001 { 1002 #ifdef SMTP 1003 extern char SmtpError[]; 1004 1005 statmsg = SmtpError; 1006 #else SMTP 1007 statmsg = NULL; 1008 #endif SMTP 1009 } 1010 } 1011 if (statmsg != NULL && statmsg[0] != '\0') 1012 { 1013 (void) strcat(buf, ": "); 1014 (void) strcat(buf, statmsg); 1015 } 1016 statmsg = buf; 1017 } 1018 else 1019 { 1020 statmsg = SysExMsg[i]; 1021 } 1022 1023 /* 1024 ** Print the message as appropriate 1025 */ 1026 1027 if (stat == EX_OK || stat == EX_TEMPFAIL) 1028 message(Arpa_Info, &statmsg[4]); 1029 else 1030 { 1031 Errors++; 1032 usrerr(statmsg); 1033 } 1034 1035 /* 1036 ** Final cleanup. 1037 ** Log a record of the transaction. Compute the new 1038 ** ExitStat -- if we already had an error, stick with 1039 ** that. 1040 */ 1041 1042 if (LogLevel > ((stat == 0 || stat == EX_TEMPFAIL) ? 3 : 2)) 1043 logdelivery(&statmsg[4]); 1044 1045 if (stat != EX_TEMPFAIL) 1046 setstat(stat); 1047 if (stat != EX_OK) 1048 { 1049 if (e->e_message != NULL) 1050 free(e->e_message); 1051 e->e_message = newstr(&statmsg[4]); 1052 } 1053 errno = 0; 1054 #ifdef NAMED_BIND 1055 h_errno = 0; 1056 #endif 1057 } 1058 /* 1059 ** LOGDELIVERY -- log the delivery in the system log 1060 ** 1061 ** Parameters: 1062 ** stat -- the message to print for the status 1063 ** 1064 ** Returns: 1065 ** none 1066 ** 1067 ** Side Effects: 1068 ** none 1069 */ 1070 1071 logdelivery(stat) 1072 char *stat; 1073 { 1074 extern char *pintvl(); 1075 1076 # ifdef LOG 1077 syslog(LOG_INFO, "%s: to=%s, delay=%s, stat=%s", CurEnv->e_id, 1078 CurEnv->e_to, pintvl(curtime() - CurEnv->e_ctime, TRUE), stat); 1079 # endif LOG 1080 } 1081 /* 1082 ** PUTFROMLINE -- output a UNIX-style from line (or whatever) 1083 ** 1084 ** This can be made an arbitrary message separator by changing $l 1085 ** 1086 ** One of the ugliest hacks seen by human eyes is contained herein: 1087 ** UUCP wants those stupid "remote from <host>" lines. Why oh why 1088 ** does a well-meaning programmer such as myself have to deal with 1089 ** this kind of antique garbage???? 1090 ** 1091 ** Parameters: 1092 ** fp -- the file to output to. 1093 ** m -- the mailer describing this entry. 1094 ** 1095 ** Returns: 1096 ** none 1097 ** 1098 ** Side Effects: 1099 ** outputs some text to fp. 1100 */ 1101 1102 putfromline(fp, m) 1103 register FILE *fp; 1104 register MAILER *m; 1105 { 1106 char *template = "\001l\n"; 1107 char buf[MAXLINE]; 1108 1109 if (bitnset(M_NHDR, m->m_flags)) 1110 return; 1111 1112 # ifdef UGLYUUCP 1113 if (bitnset(M_UGLYUUCP, m->m_flags)) 1114 { 1115 char *bang; 1116 char xbuf[MAXLINE]; 1117 1118 expand("\001g", buf, &buf[sizeof buf - 1], CurEnv); 1119 bang = index(buf, '!'); 1120 if (bang == NULL) 1121 syserr("No ! in UUCP! (%s)", buf); 1122 else 1123 { 1124 *bang++ = '\0'; 1125 (void) sprintf(xbuf, "From %s \001d remote from %s\n", bang, buf); 1126 template = xbuf; 1127 } 1128 } 1129 # endif UGLYUUCP 1130 expand(template, buf, &buf[sizeof buf - 1], CurEnv); 1131 putline(buf, fp, m); 1132 } 1133 /* 1134 ** PUTBODY -- put the body of a message. 1135 ** 1136 ** Parameters: 1137 ** fp -- file to output onto. 1138 ** m -- a mailer descriptor to control output format. 1139 ** e -- the envelope to put out. 1140 ** 1141 ** Returns: 1142 ** none. 1143 ** 1144 ** Side Effects: 1145 ** The message is written onto fp. 1146 */ 1147 1148 putbody(fp, m, e) 1149 FILE *fp; 1150 MAILER *m; 1151 register ENVELOPE *e; 1152 { 1153 char buf[MAXLINE]; 1154 1155 /* 1156 ** Output the body of the message 1157 */ 1158 1159 if (e->e_dfp == NULL) 1160 { 1161 if (e->e_df != NULL) 1162 { 1163 e->e_dfp = fopen(e->e_df, "r"); 1164 if (e->e_dfp == NULL) 1165 syserr("putbody: Cannot open %s for %s from %s", 1166 e->e_df, e->e_to, e->e_from); 1167 } 1168 else 1169 putline("<<< No Message Collected >>>", fp, m); 1170 } 1171 if (e->e_dfp != NULL) 1172 { 1173 rewind(e->e_dfp); 1174 while (!ferror(fp) && fgets(buf, sizeof buf, e->e_dfp) != NULL) 1175 { 1176 if (buf[0] == 'F' && bitnset(M_ESCFROM, m->m_flags) && 1177 strncmp(buf, "From ", 5) == 0) 1178 (void) putc('>', fp); 1179 putline(buf, fp, m); 1180 } 1181 1182 if (ferror(e->e_dfp)) 1183 { 1184 syserr("putbody: read error"); 1185 ExitStat = EX_IOERR; 1186 } 1187 } 1188 1189 (void) fflush(fp); 1190 if (ferror(fp) && errno != EPIPE) 1191 { 1192 syserr("putbody: write error"); 1193 ExitStat = EX_IOERR; 1194 } 1195 errno = 0; 1196 } 1197 /* 1198 ** MAILFILE -- Send a message to a file. 1199 ** 1200 ** If the file has the setuid/setgid bits set, but NO execute 1201 ** bits, sendmail will try to become the owner of that file 1202 ** rather than the real user. Obviously, this only works if 1203 ** sendmail runs as root. 1204 ** 1205 ** This could be done as a subordinate mailer, except that it 1206 ** is used implicitly to save messages in ~/dead.letter. We 1207 ** view this as being sufficiently important as to include it 1208 ** here. For example, if the system is dying, we shouldn't have 1209 ** to create another process plus some pipes to save the message. 1210 ** 1211 ** Parameters: 1212 ** filename -- the name of the file to send to. 1213 ** ctladdr -- the controlling address header -- includes 1214 ** the userid/groupid to be when sending. 1215 ** 1216 ** Returns: 1217 ** The exit code associated with the operation. 1218 ** 1219 ** Side Effects: 1220 ** none. 1221 */ 1222 1223 mailfile(filename, ctladdr) 1224 char *filename; 1225 ADDRESS *ctladdr; 1226 { 1227 register FILE *f; 1228 register int pid; 1229 ENVELOPE *e = CurEnv; 1230 1231 /* 1232 ** Fork so we can change permissions here. 1233 ** Note that we MUST use fork, not vfork, because of 1234 ** the complications of calling subroutines, etc. 1235 */ 1236 1237 DOFORK(fork); 1238 1239 if (pid < 0) 1240 return (EX_OSERR); 1241 else if (pid == 0) 1242 { 1243 /* child -- actually write to file */ 1244 struct stat stb; 1245 1246 (void) signal(SIGINT, SIG_DFL); 1247 (void) signal(SIGHUP, SIG_DFL); 1248 (void) signal(SIGTERM, SIG_DFL); 1249 (void) umask(OldUmask); 1250 if (stat(filename, &stb) < 0) 1251 { 1252 errno = 0; 1253 stb.st_mode = 0666; 1254 } 1255 if (bitset(0111, stb.st_mode)) 1256 exit(EX_CANTCREAT); 1257 if (ctladdr == NULL) 1258 ctladdr = &e->e_from; 1259 /* we have to open the dfile BEFORE setuid */ 1260 if (e->e_dfp == NULL && e->e_df != NULL) 1261 { 1262 e->e_dfp = fopen(e->e_df, "r"); 1263 if (e->e_dfp == NULL) { 1264 syserr("mailfile: Cannot open %s for %s from %s", 1265 e->e_df, e->e_to, e->e_from); 1266 } 1267 } 1268 1269 if (!bitset(S_ISGID, stb.st_mode) || setgid(stb.st_gid) < 0) 1270 { 1271 if (ctladdr->q_uid == 0) { 1272 (void) setgid(DefGid); 1273 (void) initgroups(DefUser, DefGid); 1274 } else { 1275 (void) setgid(ctladdr->q_gid); 1276 (void) initgroups(ctladdr->q_ruser? 1277 ctladdr->q_ruser: ctladdr->q_user, 1278 ctladdr->q_gid); 1279 } 1280 } 1281 if (!bitset(S_ISUID, stb.st_mode) || setuid(stb.st_uid) < 0) 1282 { 1283 if (ctladdr->q_uid == 0) 1284 (void) setuid(DefUid); 1285 else 1286 (void) setuid(ctladdr->q_uid); 1287 } 1288 f = dfopen(filename, "a"); 1289 if (f == NULL) 1290 exit(EX_CANTCREAT); 1291 1292 putfromline(f, ProgMailer); 1293 (*CurEnv->e_puthdr)(f, ProgMailer, CurEnv); 1294 putline("\n", f, ProgMailer); 1295 (*CurEnv->e_putbody)(f, ProgMailer, CurEnv); 1296 putline("\n", f, ProgMailer); 1297 (void) fclose(f); 1298 (void) fflush(stdout); 1299 1300 /* reset ISUID & ISGID bits for paranoid systems */ 1301 (void) chmod(filename, (int) stb.st_mode); 1302 exit(EX_OK); 1303 /*NOTREACHED*/ 1304 } 1305 else 1306 { 1307 /* parent -- wait for exit status */ 1308 int st; 1309 1310 st = waitfor(pid); 1311 if ((st & 0377) != 0) 1312 return (EX_UNAVAILABLE); 1313 else 1314 return ((st >> 8) & 0377); 1315 /*NOTREACHED*/ 1316 } 1317 } 1318 /* 1319 ** SENDALL -- actually send all the messages. 1320 ** 1321 ** Parameters: 1322 ** e -- the envelope to send. 1323 ** mode -- the delivery mode to use. If SM_DEFAULT, use 1324 ** the current SendMode. 1325 ** 1326 ** Returns: 1327 ** none. 1328 ** 1329 ** Side Effects: 1330 ** Scans the send lists and sends everything it finds. 1331 ** Delivers any appropriate error messages. 1332 ** If we are running in a non-interactive mode, takes the 1333 ** appropriate action. 1334 */ 1335 1336 sendall(e, mode) 1337 ENVELOPE *e; 1338 char mode; 1339 { 1340 register ADDRESS *q; 1341 bool oldverbose; 1342 int pid; 1343 int nsent; 1344 FILE *lockfp = NULL, *queueup(); 1345 1346 /* determine actual delivery mode */ 1347 if (mode == SM_DEFAULT) 1348 { 1349 extern bool shouldqueue(); 1350 1351 if (shouldqueue(e->e_msgpriority)) 1352 mode = SM_QUEUE; 1353 else 1354 mode = SendMode; 1355 } 1356 1357 if (tTd(13, 1)) 1358 { 1359 printf("\nSENDALL: mode %c, sendqueue:\n", mode); 1360 printaddr(e->e_sendqueue, TRUE); 1361 } 1362 1363 /* 1364 ** Do any preprocessing necessary for the mode we are running. 1365 ** Check to make sure the hop count is reasonable. 1366 ** Delete sends to the sender in mailing lists. 1367 */ 1368 1369 CurEnv = e; 1370 1371 if (e->e_hopcount > MAXHOP) 1372 { 1373 errno = 0; 1374 syserr("sendall: too many hops %d (%d max): from %s, to %s", 1375 e->e_hopcount, MAXHOP, e->e_from, e->e_to); 1376 return; 1377 } 1378 1379 if (!MeToo) 1380 { 1381 extern ADDRESS *recipient(); 1382 1383 e->e_from.q_flags |= QDONTSEND; 1384 (void) recipient(&e->e_from, &e->e_sendqueue); 1385 } 1386 1387 # ifdef QUEUE 1388 if ((mode == SM_QUEUE || mode == SM_FORK || 1389 (mode != SM_VERIFY && SuperSafe)) && 1390 !bitset(EF_INQUEUE, e->e_flags)) 1391 lockfp = queueup(e, TRUE, mode == SM_QUEUE); 1392 #endif QUEUE 1393 1394 oldverbose = Verbose; 1395 switch (mode) 1396 { 1397 case SM_VERIFY: 1398 Verbose = TRUE; 1399 break; 1400 1401 case SM_QUEUE: 1402 e->e_flags |= EF_INQUEUE|EF_KEEPQUEUE; 1403 return; 1404 1405 case SM_FORK: 1406 if (e->e_xfp != NULL) 1407 (void) fflush(e->e_xfp); 1408 pid = fork(); 1409 if (pid < 0) 1410 { 1411 mode = SM_DELIVER; 1412 break; 1413 } 1414 else if (pid > 0) 1415 { 1416 /* be sure we leave the temp files to our child */ 1417 e->e_id = e->e_df = NULL; 1418 if (lockfp != NULL) 1419 (void) fclose(lockfp); 1420 return; 1421 } 1422 1423 /* double fork to avoid zombies */ 1424 if (fork() > 0) 1425 exit(EX_OK); 1426 1427 /* be sure we are immune from the terminal */ 1428 disconnect(FALSE); 1429 1430 break; 1431 } 1432 1433 /* 1434 ** Run through the list and send everything. 1435 */ 1436 1437 nsent = 0; 1438 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 1439 { 1440 if (mode == SM_VERIFY) 1441 { 1442 e->e_to = q->q_paddr; 1443 if (!bitset(QDONTSEND|QBADADDR, q->q_flags)) 1444 message(Arpa_Info, "deliverable"); 1445 } 1446 else if (!bitset(QDONTSEND, q->q_flags)) 1447 { 1448 /* 1449 ** Checkpoint the send list every few addresses 1450 */ 1451 1452 if (nsent >= CheckpointInterval) 1453 { 1454 queueup(e, TRUE, FALSE); 1455 nsent = 0; 1456 } 1457 if (deliver(e, q) == EX_OK) 1458 nsent++; 1459 } 1460 } 1461 Verbose = oldverbose; 1462 1463 /* 1464 ** Now run through and check for errors. 1465 */ 1466 1467 if (mode == SM_VERIFY) { 1468 if (lockfp != NULL) 1469 (void) fclose(lockfp); 1470 return; 1471 } 1472 1473 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 1474 { 1475 register ADDRESS *qq; 1476 1477 if (tTd(13, 3)) 1478 { 1479 printf("Checking "); 1480 printaddr(q, FALSE); 1481 } 1482 1483 /* only send errors if the message failed */ 1484 if (!bitset(QBADADDR, q->q_flags)) 1485 continue; 1486 1487 /* we have an address that failed -- find the parent */ 1488 for (qq = q; qq != NULL; qq = qq->q_alias) 1489 { 1490 char obuf[MAXNAME + 6]; 1491 extern char *aliaslookup(); 1492 1493 /* we can only have owners for local addresses */ 1494 if (!bitnset(M_LOCAL, qq->q_mailer->m_flags)) 1495 continue; 1496 1497 /* see if the owner list exists */ 1498 (void) strcpy(obuf, "owner-"); 1499 if (strncmp(qq->q_user, "owner-", 6) == 0) 1500 (void) strcat(obuf, "owner"); 1501 else 1502 (void) strcat(obuf, qq->q_user); 1503 makelower(obuf); 1504 if (aliaslookup(obuf) == NULL) 1505 continue; 1506 1507 if (tTd(13, 4)) 1508 printf("Errors to %s\n", obuf); 1509 1510 /* owner list exists -- add it to the error queue */ 1511 sendtolist(obuf, (ADDRESS *) NULL, &e->e_errorqueue); 1512 ErrorMode = EM_MAIL; 1513 break; 1514 } 1515 1516 /* if we did not find an owner, send to the sender */ 1517 if (qq == NULL && bitset(QBADADDR, q->q_flags)) 1518 sendtolist(e->e_from.q_paddr, qq, &e->e_errorqueue); 1519 } 1520 1521 /* this removes the lock on the file */ 1522 if (lockfp != NULL) 1523 (void) fclose(lockfp); 1524 1525 if (mode == SM_FORK) 1526 finis(); 1527 } 1528